Migrate the rest of the ssl package to junit5 (#11483)

Motivation:

We should use junit5 everywhere.

Modifications:

- Refactor rest of tests to use junit5

Result:

Part of https://github.com/netty/netty/issues/10757
This commit is contained in:
Norman Maurer 2021-07-15 08:50:24 +02:00
parent d5ddd8b680
commit 23bf55206c
22 changed files with 1584 additions and 1508 deletions

View File

@ -17,48 +17,28 @@ package io.netty.handler.ssl;
import com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider; import com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider;
import com.amazon.corretto.crypto.provider.SelfTestStatus; import com.amazon.corretto.crypto.provider.SelfTestStatus;
import org.junit.After; import org.junit.jupiter.api.AfterEach;
import org.junit.Assert; import org.junit.jupiter.api.BeforeEach;
import org.junit.Before; import org.junit.jupiter.api.Disabled;
import org.junit.BeforeClass; import org.junit.jupiter.api.condition.DisabledIf;
import org.junit.Ignore;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import javax.crypto.Cipher; import javax.crypto.Cipher;
import java.security.Security; import java.security.Security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static org.junit.Assume.assumeTrue; import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
@RunWith(Parameterized.class)
@DisabledIf("checkIfAccpIsDisabled")
public class AmazonCorrettoSslEngineTest extends SSLEngineTest { public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") static boolean checkIfAccpIsDisabled() {
public static Collection<Object[]> data() { return AmazonCorrettoCryptoProvider.INSTANCE.getLoadingError() != null ||
List<Object[]> params = new ArrayList<Object[]>(); !AmazonCorrettoCryptoProvider.INSTANCE.runSelfTests().equals(SelfTestStatus.PASSED);
for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
if (SslProvider.isTlsv13Supported(SslProvider.JDK)) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false });
}
}
return params;
} }
public AmazonCorrettoSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) { public AmazonCorrettoSslEngineTest() {
super(type, combo, delegate); super(SslProvider.isTlsv13Supported(SslProvider.JDK));
}
@BeforeClass
public static void checkAccp() {
assumeTrue(AmazonCorrettoCryptoProvider.INSTANCE.getLoadingError() == null &&
AmazonCorrettoCryptoProvider.INSTANCE.runSelfTests().equals(SelfTestStatus.PASSED));
} }
@Override @Override
@ -71,7 +51,7 @@ public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
return SslProvider.JDK; return SslProvider.JDK;
} }
@Before @BeforeEach
@Override @Override
public void setup() { public void setup() {
// See https://github.com/corretto/amazon-corretto-crypto-provider/blob/develop/README.md#code // See https://github.com/corretto/amazon-corretto-crypto-provider/blob/develop/README.md#code
@ -81,7 +61,7 @@ public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
try { try {
AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy(); AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy();
String providerName = Cipher.getInstance("AES/GCM/NoPadding").getProvider().getName(); String providerName = Cipher.getInstance("AES/GCM/NoPadding").getProvider().getName();
Assert.assertEquals(AmazonCorrettoCryptoProvider.PROVIDER_NAME, providerName); assertEquals(AmazonCorrettoCryptoProvider.PROVIDER_NAME, providerName);
} catch (Throwable e) { } catch (Throwable e) {
Security.removeProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME); Security.removeProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME);
throw new AssertionError(e); throw new AssertionError(e);
@ -89,24 +69,24 @@ public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
super.setup(); super.setup();
} }
@After @AfterEach
@Override @Override
public void tearDown() throws InterruptedException { public void tearDown() throws InterruptedException {
super.tearDown(); super.tearDown();
// Remove the provider again and verify that it was removed // Remove the provider again and verify that it was removed
Security.removeProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME); Security.removeProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME);
Assert.assertNull(Security.getProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME)); assertNull(Security.getProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME));
} }
@Ignore /* Does the JDK support a "max certificate chain length"? */ @Disabled /* Does the JDK support a "max certificate chain length"? */
@Override @Override
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() { public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) {
} }
@Ignore /* Does the JDK support a "max certificate chain length"? */ @Disabled /* Does the JDK support a "max certificate chain length"? */
@Override @Override
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() { public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) {
} }
@Override @Override

View File

@ -16,39 +16,22 @@
package io.netty.handler.ssl; package io.netty.handler.ssl;
import java.security.Provider; import java.security.Provider;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.runner.RunWith; import org.junit.jupiter.api.Disabled;
import org.junit.runners.Parameterized; import org.junit.jupiter.api.condition.DisabledIf;
import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSessionContext;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static org.junit.Assume.assumeTrue;
@RunWith(Parameterized.class) @DisabledIf("checkConscryptDisabled")
public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest { public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") public ConscryptJdkSslEngineInteropTest() {
public static Collection<Object[]> data() { super(false);
List<Object[]> params = new ArrayList<>();
for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
}
return params;
} }
public ConscryptJdkSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) { static boolean checkConscryptDisabled() {
super(type, combo, delegate); return !Conscrypt.isAvailable();
}
@BeforeClass
public static void checkConscrypt() {
assumeTrue(Conscrypt.isAvailable());
} }
@Override @Override
@ -66,14 +49,16 @@ public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest {
return Java8SslTestUtils.conscryptProvider(); return Java8SslTestUtils.conscryptProvider();
} }
@Ignore /* Does the JDK support a "max certificate chain length"? */ @Disabled /* Does the JDK support a "max certificate chain length"? */
@Override @Override
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception { public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
} }
@Ignore /* Does the JDK support a "max certificate chain length"? */ @Disabled /* Does the JDK support a "max certificate chain length"? */
@Override @Override
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception { public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
throws Exception {
} }
@Override @Override

View File

@ -15,48 +15,35 @@
*/ */
package io.netty.handler.ssl; package io.netty.handler.ssl;
import org.junit.BeforeClass; import org.junit.jupiter.api.BeforeAll;
import org.junit.Ignore; import org.junit.jupiter.api.Disabled;
import org.junit.Test; import org.junit.jupiter.api.condition.DisabledIf;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSessionContext;
import java.security.Provider; import java.security.Provider;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection;
import java.util.List; import java.util.List;
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory; import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
import static org.junit.Assume.assumeTrue; import static org.junit.jupiter.api.Assumptions.assumeTrue;
@RunWith(Parameterized.class) @DisabledIf("checkConscryptDisabled")
public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest { public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}") @Override
public static Collection<Object[]> data() { protected List<SSLEngineTestParam> newTestParams() {
List<Object[]> params = new ArrayList<Object[]>(); List<SSLEngineTestParam> params = super.newTestParams();
for (BufferType type: BufferType.values()) { List<SSLEngineTestParam> testParams = new ArrayList<SSLEngineTestParam>();
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false }); for (SSLEngineTestParam param: params) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true }); testParams.add(new OpenSslEngineTestParam(true, param));
testParams.add(new OpenSslEngineTestParam(false, param));
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
} }
return params; return testParams;
} }
private final boolean useTasks; @BeforeAll
public ConscryptOpenSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo,
boolean delegate, boolean useTasks) {
super(type, combo, delegate);
this.useTasks = useTasks;
}
@BeforeClass
public static void checkOpenssl() { public static void checkOpenssl() {
OpenSsl.ensureAvailability(); OpenSsl.ensureAvailability();
} }
@ -77,17 +64,15 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
} }
@Override @Override
@Test @Disabled("TODO: Make this work with Conscrypt")
@Ignore("TODO: Make this work with Conscrypt") public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) {
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() { super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param);
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
} }
@Override @Override
@Test @Disabled("TODO: Make this work with Conscrypt")
@Ignore("TODO: Make this work with Conscrypt") public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) {
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() { super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param);
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
} }
@Override @Override
@ -97,45 +82,42 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
} }
@Override @Override
@Test public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param)
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(); super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param);
} }
@Override @Override
@Test public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param)
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(); super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param);
} }
@Override @Override
@Test public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param)
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(); super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param);
} }
@Override @Override
@Test public void testSessionAfterHandshakeKeyManagerFactory(SSLEngineTestParam param) throws Exception {
public void testSessionAfterHandshakeKeyManagerFactory() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactory(); super.testSessionAfterHandshakeKeyManagerFactory(param);
} }
@Override @Override
@Test public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception {
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(); super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param);
} }
@Override @Override
@Test public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
public void testSupportedSignatureAlgorithms() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSupportedSignatureAlgorithms(); super.testSupportedSignatureAlgorithms(param);
} }
@Override @Override
@ -145,18 +127,17 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
} }
@Override @Override
@Test public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception {
public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSessionLocalWhenNonMutualWithKeyManager(); super.testSessionLocalWhenNonMutualWithKeyManager(param);
} }
@Override @Override
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception { public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception {
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when // This only really works when the KeyManagerFactory is supported as otherwise we not really know when
// we need to provide a cert. // we need to provide a cert.
assumeTrue(OpenSsl.supportsKeyManagerFactory()); assumeTrue(OpenSsl.supportsKeyManagerFactory());
super.testSessionLocalWhenNonMutualWithoutKeyManager(); super.testSessionLocalWhenNonMutualWithoutKeyManager(param);
} }
@Override @Override
@ -165,24 +146,21 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
} }
@Override @Override
@Test public void testSessionCache(SSLEngineTestParam param) throws Exception {
public void testSessionCache() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported()); assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache(); super.testSessionCache(param);
} }
@Override @Override
@Test public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
public void testSessionCacheTimeout() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported()); assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout(); super.testSessionCacheTimeout(param);
} }
@Override @Override
@Test public void testSessionCacheSize(SSLEngineTestParam param) throws Exception {
public void testSessionCacheSize() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported()); assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize(); super.testSessionCacheSize(param);
} }
@Override @Override
@ -192,9 +170,11 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
@Override @Override
protected SslContext wrapContext(SslContext context) { protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
if (context instanceof OpenSslContext) { if (context instanceof OpenSslContext) {
((OpenSslContext) context).setUseTasks(useTasks); if (param instanceof OpenSslEngineTestParam) {
((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
}
// Explicit enable the session cache as its disabled by default on the client side. // Explicit enable the session cache as its disabled by default on the client side.
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true); ((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
} }

View File

@ -15,39 +15,22 @@
*/ */
package io.netty.handler.ssl; package io.netty.handler.ssl;
import org.junit.BeforeClass;
import org.junit.Ignore; import org.junit.jupiter.api.Disabled;
import org.junit.runner.RunWith; import org.junit.jupiter.api.condition.DisabledIf;
import org.junit.runners.Parameterized;
import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSessionContext;
import java.security.Provider; import java.security.Provider;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static org.junit.Assume.assumeTrue; @DisabledIf("checkConscryptDisabled")
@RunWith(Parameterized.class)
public class ConscryptSslEngineTest extends SSLEngineTest { public class ConscryptSslEngineTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") static boolean checkConscryptDisabled() {
public static Collection<Object[]> data() { return !Conscrypt.isAvailable();
List<Object[]> params = new ArrayList<>();
for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
}
return params;
} }
public ConscryptSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) { public ConscryptSslEngineTest() {
super(type, combo, delegate); super(false);
}
@BeforeClass
public static void checkConscrypt() {
assumeTrue(Conscrypt.isAvailable());
} }
@Override @Override
@ -70,14 +53,14 @@ public class ConscryptSslEngineTest extends SSLEngineTest {
return Java8SslTestUtils.conscryptProvider(); return Java8SslTestUtils.conscryptProvider();
} }
@Ignore /* Does the JDK support a "max certificate chain length"? */ @Disabled /* Does the JDK support a "max certificate chain length"? */
@Override @Override
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() { public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) {
} }
@Ignore /* Does the JDK support a "max certificate chain length"? */ @Disabled /* Does the JDK support a "max certificate chain length"? */
@Override @Override
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() { public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) {
} }
@Override @Override
@ -85,8 +68,8 @@ public class ConscryptSslEngineTest extends SSLEngineTest {
// Not supported by conscrypt // Not supported by conscrypt
} }
@Ignore("Possible Conscrypt bug") @Disabled("Possible Conscrypt bug")
public void testSessionCacheTimeout() throws Exception { public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
// Skip // Skip
// https://github.com/google/conscrypt/issues/851 // https://github.com/google/conscrypt/issues/851
} }

View File

@ -29,7 +29,7 @@ import java.security.cert.X509Certificate;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import static org.junit.Assert.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNotNull;
public final class Java8SslTestUtils { public final class Java8SslTestUtils {
@ -70,7 +70,7 @@ public final class Java8SslTestUtils {
InputStream is = null; InputStream is = null;
try { try {
is = SslContextTest.class.getResourceAsStream(resourceName); is = SslContextTest.class.getResourceAsStream(resourceName);
assertNotNull("Cannot find " + resourceName, is); assertNotNull(is, "Cannot find " + resourceName);
certCollection[i] = (X509Certificate) certFactory certCollection[i] = (X509Certificate) certFactory
.generateCertificate(is); .generateCertificate(is);
} finally { } finally {

View File

@ -17,39 +17,20 @@ package io.netty.handler.ssl;
import java.security.Provider; import java.security.Provider;
import org.junit.BeforeClass; import org.junit.jupiter.api.Disabled;
import org.junit.Ignore; import org.junit.jupiter.api.condition.DisabledIf;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSessionContext;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static org.junit.Assume.assumeTrue; @DisabledIf("checkConscryptDisabled")
@RunWith(Parameterized.class)
public class JdkConscryptSslEngineInteropTest extends SSLEngineTest { public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") static boolean checkConscryptDisabled() {
public static Collection<Object[]> data() { return !Conscrypt.isAvailable();
List<Object[]> params = new ArrayList<>();
for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
}
return params;
} }
public JdkConscryptSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) { public JdkConscryptSslEngineInteropTest() {
super(type, combo, delegate); super(false);
}
@BeforeClass
public static void checkConscrypt() {
assumeTrue(Conscrypt.isAvailable());
} }
@Override @Override
@ -68,17 +49,17 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
} }
@Override @Override
@Test @Disabled("TODO: Make this work with Conscrypt")
@Ignore("TODO: Make this work with Conscrypt") public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception { throws Exception {
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(); super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param);
} }
@Override @Override
@Test @Disabled("TODO: Make this work with Conscrypt")
@Ignore("TODO: Make this work with Conscrypt") public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception { throws Exception {
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(); super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param);
} }
@Override @Override
@ -87,9 +68,9 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
return super.mySetupMutualAuthServerIsValidClientException(cause) || causedBySSLException(cause); return super.mySetupMutualAuthServerIsValidClientException(cause) || causedBySSLException(cause);
} }
@Ignore("Ignore due bug in Conscrypt") @Disabled("Ignore due bug in Conscrypt")
@Override @Override
public void testHandshakeSession() throws Exception { public void testHandshakeSession(SSLEngineTestParam param) throws Exception {
// Ignore as Conscrypt does not correctly return the local certificates while the TrustManager is invoked. // Ignore as Conscrypt does not correctly return the local certificates while the TrustManager is invoked.
// See https://github.com/google/conscrypt/issues/634 // See https://github.com/google/conscrypt/issues/634
} }
@ -99,8 +80,8 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
// Not supported by conscrypt // Not supported by conscrypt
} }
@Ignore("Possible Conscrypt bug") @Disabled("Possible Conscrypt bug")
public void testSessionCacheTimeout() { public void testSessionCacheTimeout(SSLEngineTestParam param) {
// Skip // Skip
// https://github.com/google/conscrypt/issues/851 // https://github.com/google/conscrypt/issues/851
} }

View File

@ -15,54 +15,36 @@
*/ */
package io.netty.handler.ssl; package io.netty.handler.ssl;
import org.junit.BeforeClass; import org.junit.jupiter.api.BeforeAll;
import org.junit.Ignore; import org.junit.jupiter.api.Disabled;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection;
import java.util.List; import java.util.List;
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory; import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED; import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
import static org.junit.Assume.assumeTrue; import static org.junit.jupiter.api.Assumptions.assumeTrue;
@RunWith(Parameterized.class)
public class JdkOpenSslEngineInteroptTest extends SSLEngineTest { public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}") public JdkOpenSslEngineInteroptTest() {
public static Collection<Object[]> data() { super(SslProvider.isTlsv13Supported(SslProvider.JDK) &&
List<Object[]> params = new ArrayList<>(); SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
for (BufferType type: BufferType.values()) { }
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false }); @Override
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true }); protected List<SSLEngineTestParam> newTestParams() {
List<SSLEngineTestParam> params = super.newTestParams();
if (SslProvider.isTlsv13Supported(SslProvider.JDK) && SslProvider.isTlsv13Supported(SslProvider.OPENSSL)) { List<SSLEngineTestParam> testParams = new ArrayList<SSLEngineTestParam>();
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false }); for (SSLEngineTestParam param: params) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true }); testParams.add(new OpenSslEngineTestParam(true, param));
testParams.add(new OpenSslEngineTestParam(false, param));
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true });
}
} }
return params; return testParams;
} }
private final boolean useTasks; @BeforeAll
public JdkOpenSslEngineInteroptTest(BufferType type, ProtocolCipherCombo protocolCipherCombo,
boolean delegate, boolean useTasks) {
super(type, protocolCipherCombo, delegate);
this.useTasks = useTasks;
}
@BeforeClass
public static void checkOpenSsl() { public static void checkOpenSsl() {
OpenSsl.ensureAvailability(); OpenSsl.ensureAvailability();
} }
@ -78,59 +60,55 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
} }
@Override @Override
@Test @Disabled("Disable until figured out why this sometimes fail on the CI")
@Ignore("Disable until figured out why this sometimes fail on the CI") public void testMutualAuthSameCerts(SSLEngineTestParam param) throws Throwable {
public void testMutualAuthSameCerts() throws Throwable { super.testMutualAuthSameCerts(param);
super.testMutualAuthSameCerts(); }
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param);
} }
@Override @Override
@Test public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param)
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(); super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param);
} }
@Override @Override
@Test public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param)
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(); super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param);
} }
@Override @Override
@Test public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(); super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param);
} }
@Override @Override
@Test public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(); super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param);
} }
@Override @Override
@Test public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception {
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(); super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param);
} }
@Override @Override
@Test public void testSessionAfterHandshakeKeyManagerFactory(SSLEngineTestParam param) throws Exception {
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(); super.testSessionAfterHandshakeKeyManagerFactory(param);
}
@Override
@Test
public void testSessionAfterHandshakeKeyManagerFactory() throws Exception {
checkShouldUseKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactory();
} }
@Override @Override
@ -146,52 +124,47 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
} }
@Override @Override
public void testHandshakeSession() throws Exception { public void testHandshakeSession(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testHandshakeSession(); super.testHandshakeSession(param);
} }
@Override @Override
@Test public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
public void testSupportedSignatureAlgorithms() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSupportedSignatureAlgorithms(); super.testSupportedSignatureAlgorithms(param);
} }
@Override @Override
@Test public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception {
public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSessionLocalWhenNonMutualWithKeyManager(); super.testSessionLocalWhenNonMutualWithKeyManager(param);
} }
@Override @Override
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception { public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception {
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when // This only really works when the KeyManagerFactory is supported as otherwise we not really know when
// we need to provide a cert. // we need to provide a cert.
assumeTrue(OpenSsl.supportsKeyManagerFactory()); assumeTrue(OpenSsl.supportsKeyManagerFactory());
super.testSessionLocalWhenNonMutualWithoutKeyManager(); super.testSessionLocalWhenNonMutualWithoutKeyManager(param);
} }
@Override @Override
@Test public void testSessionCache(SSLEngineTestParam param) throws Exception {
public void testSessionCache() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported()); assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache(); super.testSessionCache(param);
} }
@Override @Override
@Test public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
public void testSessionCacheTimeout() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported()); assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout(); super.testSessionCacheTimeout(param);
} }
@Override @Override
@Test public void testSessionCacheSize(SSLEngineTestParam param) throws Exception {
public void testSessionCacheSize() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported()); assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize(); super.testSessionCacheSize(param);
} }
@Override @Override
@ -201,9 +174,9 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
@Override @Override
protected SslContext wrapContext(SslContext context) { protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
if (context instanceof OpenSslContext) { if (context instanceof OpenSslContext && param instanceof OpenSslEngineTestParam) {
((OpenSslContext) context).setUseTasks(useTasks); ((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
// Explicit enable the session cache as its disabled by default on the client side. // Explicit enable the session cache as its disabled by default on the client side.
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true); ((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
} }

View File

@ -22,25 +22,22 @@ import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory; import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate; import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.security.Provider; import java.security.Provider;
import java.util.ArrayList;
import java.util.Collection;
import io.netty.util.internal.EmptyArrays; import io.netty.util.internal.EmptyArrays;
import org.junit.Ignore; import org.junit.AssumptionViolatedException;
import org.junit.Test; import org.junit.jupiter.api.Disabled;
import org.junit.runner.RunWith; import org.junit.jupiter.params.ParameterizedTest;
import org.junit.runners.Parameterized; import org.junit.jupiter.params.provider.MethodSource;
import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLHandshakeException;
import static org.junit.Assert.assertNull; import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.Assert.assertTrue; import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.Assume.assumeNoException;
@RunWith(Parameterized.class)
public class JdkSslEngineTest extends SSLEngineTest { public class JdkSslEngineTest extends SSLEngineTest {
public enum ProviderType { public enum ProviderType {
NPN_JETTY { NPN_JETTY {
@ -139,75 +136,88 @@ public class JdkSslEngineTest extends SSLEngineTest {
private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1"; private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
private static final String APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE = "my-protocol-FOO"; private static final String APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE = "my-protocol-FOO";
@Parameterized.Parameters(name = "{index}: providerType = {0}, bufferType = {1}, combo = {2}, delegate = {3}")
public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<>();
for (ProviderType providerType : ProviderType.values()) {
for (BufferType bufferType : BufferType.values()) {
params.add(new Object[]{ providerType, bufferType, ProtocolCipherCombo.tlsv12(), true });
params.add(new Object[]{ providerType, bufferType, ProtocolCipherCombo.tlsv12(), false });
if (SslProvider.isTlsv13Supported(SslProvider.JDK)) {
params.add(new Object[] { providerType, bufferType, ProtocolCipherCombo.tlsv13(), true });
params.add(new Object[] { providerType, bufferType, ProtocolCipherCombo.tlsv13(), false });
}
}
}
return params;
}
private final ProviderType providerType;
private Provider provider; private Provider provider;
public JdkSslEngineTest(ProviderType providerType, BufferType bufferType, public JdkSslEngineTest() {
ProtocolCipherCombo protocolCipherCombo, boolean delegate) { super(SslProvider.isTlsv13Supported(SslProvider.JDK));
super(bufferType, protocolCipherCombo, delegate);
this.providerType = providerType;
} }
@Test List<JdkSSLEngineTestParam> newJdkParams() {
public void testTlsExtension() throws Exception { List<SSLEngineTestParam> params = newTestParams();
List<JdkSSLEngineTestParam> jdkParams = new ArrayList<JdkSSLEngineTestParam>();
for (ProviderType providerType: ProviderType.values()) {
for (SSLEngineTestParam param: params) {
jdkParams.add(new JdkSSLEngineTestParam(providerType, param));
}
}
return jdkParams;
}
private static final class JdkSSLEngineTestParam extends SSLEngineTestParam {
final ProviderType providerType;
JdkSSLEngineTestParam(ProviderType providerType, SSLEngineTestParam param) {
super(param.type(), param.combo(), param.delegate());
this.providerType = providerType;
}
@Override
public String toString() {
return "JdkSSLEngineTestParam{" +
"type=" + type() +
", protocolCipherCombo=" + combo() +
", delegate=" + delegate() +
", providerType=" + providerType +
'}';
}
}
@MethodSource("newJdkParams")
@ParameterizedTest
public void testTlsExtension(JdkSSLEngineTestParam param) throws Exception {
try { try {
providerType.activate(this); param.providerType.activate(this);
ApplicationProtocolConfig apn = failingNegotiator(providerType.protocol(), ApplicationProtocolConfig apn = failingNegotiator(param.providerType.protocol(),
PREFERRED_APPLICATION_LEVEL_PROTOCOL); PREFERRED_APPLICATION_LEVEL_PROTOCOL);
setupHandlers(apn); setupHandlers(param, apn);
runTest(); runTest();
} catch (SkipTestException e) { } catch (SkipTestException e) {
// ALPN availability is dependent on the java version. If ALPN is not available because of // ALPN availability is dependent on the java version. If ALPN is not available because of
// java version incompatibility don't fail the test, but instead just skip the test // java version incompatibility don't fail the test, but instead just skip the test
assumeNoException(e); throw new AssumptionViolatedException("Not expected", e);
} }
} }
@Test @MethodSource("newJdkParams")
public void testTlsExtensionNoCompatibleProtocolsNoHandshakeFailure() throws Exception { @ParameterizedTest
public void testTlsExtensionNoCompatibleProtocolsNoHandshakeFailure(JdkSSLEngineTestParam param) throws Exception {
try { try {
providerType.activate(this); param.providerType.activate(this);
ApplicationProtocolConfig clientApn = acceptingNegotiator(providerType.protocol(), ApplicationProtocolConfig clientApn = acceptingNegotiator(param.providerType.protocol(),
PREFERRED_APPLICATION_LEVEL_PROTOCOL); PREFERRED_APPLICATION_LEVEL_PROTOCOL);
ApplicationProtocolConfig serverApn = acceptingNegotiator(providerType.protocol(), ApplicationProtocolConfig serverApn = acceptingNegotiator(param.providerType.protocol(),
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE); APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
setupHandlers(serverApn, clientApn); setupHandlers(param, serverApn, clientApn);
runTest(null); runTest(null);
} catch (SkipTestException e) { } catch (SkipTestException e) {
// ALPN availability is dependent on the java version. If ALPN is not available because of // ALPN availability is dependent on the java version. If ALPN is not available because of
// java version incompatibility don't fail the test, but instead just skip the test // java version incompatibility don't fail the test, but instead just skip the test
assumeNoException(e); throw new AssumptionViolatedException("Not expected", e);
} }
} }
@Test @MethodSource("newJdkParams")
public void testTlsExtensionNoCompatibleProtocolsClientHandshakeFailure() throws Exception { @ParameterizedTest
public void testTlsExtensionNoCompatibleProtocolsClientHandshakeFailure(JdkSSLEngineTestParam param)
throws Exception {
try { try {
providerType.activate(this); param.providerType.activate(this);
if (providerType == ProviderType.NPN_JETTY) { if (param.providerType == ProviderType.NPN_JETTY) {
ApplicationProtocolConfig clientApn = failingNegotiator(providerType.protocol(), ApplicationProtocolConfig clientApn = failingNegotiator(param.providerType.protocol(),
PREFERRED_APPLICATION_LEVEL_PROTOCOL); PREFERRED_APPLICATION_LEVEL_PROTOCOL);
ApplicationProtocolConfig serverApn = acceptingNegotiator(providerType.protocol(), ApplicationProtocolConfig serverApn = acceptingNegotiator(param.providerType.protocol(),
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE); APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
setupHandlers(serverApn, clientApn); setupHandlers(param, serverApn, clientApn);
assertTrue(clientLatch.await(2, TimeUnit.SECONDS)); assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
assertTrue(clientException instanceof SSLHandshakeException); assertTrue(clientException instanceof SSLHandshakeException);
} else { } else {
@ -228,14 +238,15 @@ public class JdkSslEngineTest extends SSLEngineTest {
}, JdkBaseApplicationProtocolNegotiator.FAIL_SELECTION_LISTENER_FACTORY, }, JdkBaseApplicationProtocolNegotiator.FAIL_SELECTION_LISTENER_FACTORY,
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE); APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
SslContext serverSslCtx = new JdkSslServerContext(providerType.provider(), SslContext serverSslCtx = new JdkSslServerContext(param.providerType.provider(),
ssc.certificate(), ssc.privateKey(), null, null, ssc.certificate(), ssc.privateKey(), null, null,
IdentityCipherSuiteFilter.INSTANCE, serverApn, 0, 0); IdentityCipherSuiteFilter.INSTANCE, serverApn, 0, 0);
SslContext clientSslCtx = new JdkSslClientContext(providerType.provider(), null, SslContext clientSslCtx = new JdkSslClientContext(param.providerType.provider(), null,
InsecureTrustManagerFactory.INSTANCE, null, InsecureTrustManagerFactory.INSTANCE, null,
IdentityCipherSuiteFilter.INSTANCE, clientApn, 0, 0); IdentityCipherSuiteFilter.INSTANCE, clientApn, 0, 0);
setupHandlers(new TestDelegatingSslContext(serverSslCtx), new TestDelegatingSslContext(clientSslCtx)); setupHandlers(param.type(), param.delegate(), new TestDelegatingSslContext(param, serverSslCtx),
new TestDelegatingSslContext(param, clientSslCtx));
assertTrue(clientLatch.await(2, TimeUnit.SECONDS)); assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
// When using TLSv1.3 the handshake is NOT sent in an extra round trip which means there will be // When using TLSv1.3 the handshake is NOT sent in an extra round trip which means there will be
// no exception reported in this case but just the channel will be closed. // no exception reported in this case but just the channel will be closed.
@ -244,35 +255,38 @@ public class JdkSslEngineTest extends SSLEngineTest {
} catch (SkipTestException e) { } catch (SkipTestException e) {
// ALPN availability is dependent on the java version. If ALPN is not available because of // ALPN availability is dependent on the java version. If ALPN is not available because of
// java version incompatibility don't fail the test, but instead just skip the test // java version incompatibility don't fail the test, but instead just skip the test
assumeNoException(e); throw new AssumptionViolatedException("Not expected", e);
} }
} }
@Test @MethodSource("newJdkParams")
public void testTlsExtensionNoCompatibleProtocolsServerHandshakeFailure() throws Exception { @ParameterizedTest
public void testTlsExtensionNoCompatibleProtocolsServerHandshakeFailure(JdkSSLEngineTestParam param)
throws Exception {
try { try {
providerType.activate(this); param.providerType.activate(this);
ApplicationProtocolConfig clientApn = acceptingNegotiator(providerType.protocol(), ApplicationProtocolConfig clientApn = acceptingNegotiator(param.providerType.protocol(),
PREFERRED_APPLICATION_LEVEL_PROTOCOL); PREFERRED_APPLICATION_LEVEL_PROTOCOL);
ApplicationProtocolConfig serverApn = failingNegotiator(providerType.protocol(), ApplicationProtocolConfig serverApn = failingNegotiator(param.providerType.protocol(),
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE); APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
setupHandlers(serverApn, clientApn); setupHandlers(param, serverApn, clientApn);
assertTrue(serverLatch.await(2, TimeUnit.SECONDS)); assertTrue(serverLatch.await(2, TimeUnit.SECONDS));
assertTrue(serverException instanceof SSLHandshakeException); assertTrue(serverException instanceof SSLHandshakeException);
} catch (SkipTestException e) { } catch (SkipTestException e) {
// ALPN availability is dependent on the java version. If ALPN is not available because of // ALPN availability is dependent on the java version. If ALPN is not available because of
// java version incompatibility don't fail the test, but instead just skip the test // java version incompatibility don't fail the test, but instead just skip the test
assumeNoException(e); throw new AssumptionViolatedException("Not expected", e);
} }
} }
@Test @MethodSource("newJdkParams")
public void testAlpnCompatibleProtocolsDifferentClientOrder() throws Exception { @ParameterizedTest
public void testAlpnCompatibleProtocolsDifferentClientOrder(JdkSSLEngineTestParam param) throws Exception {
try { try {
providerType.activate(this); param.providerType.activate(this);
if (providerType == ProviderType.NPN_JETTY) { if (param.providerType == ProviderType.NPN_JETTY) {
// This test only applies to ALPN. // This test only applies to ALPN.
throw tlsExtensionNotFound(providerType.protocol()); throw tlsExtensionNotFound(param.providerType.protocol());
} }
// Even the preferred application protocol appears second in the client's list, it will be picked // Even the preferred application protocol appears second in the client's list, it will be picked
// because it's the first one on server's list. // because it's the first one on server's list.
@ -280,29 +294,32 @@ public class JdkSslEngineTest extends SSLEngineTest {
FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL); FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL);
ApplicationProtocolConfig serverApn = failingNegotiator(Protocol.ALPN, ApplicationProtocolConfig serverApn = failingNegotiator(Protocol.ALPN,
PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL); PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL);
setupHandlers(serverApn, clientApn); setupHandlers(param, serverApn, clientApn);
assertNull(serverException); assertNull(serverException);
runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL); runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
} catch (SkipTestException e) { } catch (SkipTestException e) {
// ALPN availability is dependent on the java version. If ALPN is not available because of // ALPN availability is dependent on the java version. If ALPN is not available because of
// java version incompatibility don't fail the test, but instead just skip the test // java version incompatibility don't fail the test, but instead just skip the test
assumeNoException(e); throw new AssumptionViolatedException("Not expected", e);
} }
} }
@Test @MethodSource("newTestParams")
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception { @ParameterizedTest
testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslProtocols.TLS_v1_2 }); public void testEnablingAnAlreadyDisabledSslProtocol(SSLEngineTestParam param) throws Exception {
testEnablingAnAlreadyDisabledSslProtocol(param, new String[]{}, new String[]{ SslProtocols.TLS_v1_2 });
} }
@Ignore /* Does the JDK support a "max certificate chain length"? */ @Disabled /* Does the JDK support a "max certificate chain length"? */
@Override @Override
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception { public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
} }
@Ignore /* Does the JDK support a "max certificate chain length"? */ @Disabled /* Does the JDK support a "max certificate chain length"? */
@Override @Override
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception { public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
throws Exception {
} }
@Override @Override
@ -361,15 +378,18 @@ public class JdkSslEngineTest extends SSLEngineTest {
} }
} }
private final class TestDelegatingSslContext extends DelegatingSslContext { private static final class TestDelegatingSslContext extends DelegatingSslContext {
TestDelegatingSslContext(SslContext ctx) { private final SSLEngineTestParam param;
TestDelegatingSslContext(SSLEngineTestParam param, SslContext ctx) {
super(ctx); super(ctx);
this.param = param;
} }
@Override @Override
protected void initEngine(SSLEngine engine) { protected void initEngine(SSLEngine engine) {
engine.setEnabledProtocols(protocols()); engine.setEnabledProtocols(param.protocols().toArray(EmptyArrays.EMPTY_STRINGS));
engine.setEnabledCipherSuites(ciphers().toArray(EmptyArrays.EMPTY_STRINGS)); engine.setEnabledCipherSuites(param.ciphers().toArray(EmptyArrays.EMPTY_STRINGS));
} }
} }
} }

View File

@ -16,14 +16,14 @@
package io.netty.handler.ssl; package io.netty.handler.ssl;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory; import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import org.junit.BeforeClass; import org.junit.jupiter.api.BeforeAll;
import javax.net.ssl.SSLException; import javax.net.ssl.SSLException;
import java.io.File; import java.io.File;
public class OpenSslClientContextTest extends SslContextTest { public class OpenSslClientContextTest extends SslContextTest {
@BeforeClass @BeforeAll
public static void checkOpenSsl() { public static void checkOpenSsl() {
OpenSsl.ensureAvailability(); OpenSsl.ensureAvailability();
} }

View File

@ -15,47 +15,33 @@
*/ */
package io.netty.handler.ssl; package io.netty.handler.ssl;
import org.junit.BeforeClass; import org.junit.jupiter.api.BeforeAll;
import org.junit.Ignore; import org.junit.jupiter.api.Disabled;
import org.junit.Test; import org.junit.jupiter.api.condition.DisabledIf;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSessionContext;
import java.security.Provider; import java.security.Provider;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection;
import java.util.List; import java.util.List;
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory; import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
import static org.junit.Assume.assumeTrue; import static org.junit.jupiter.api.Assumptions.assumeTrue;
@RunWith(Parameterized.class) @DisabledIf("checkConscryptDisabled")
public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest { public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest {
@Override
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}") protected List<SSLEngineTestParam> newTestParams() {
public static Collection<Object[]> data() { List<SSLEngineTestParam> params = super.newTestParams();
List<Object[]> params = new ArrayList<Object[]>(); List<SSLEngineTestParam> testParams = new ArrayList<SSLEngineTestParam>();
for (BufferType type: BufferType.values()) { for (SSLEngineTestParam param: params) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false }); testParams.add(new OpenSslEngineTestParam(true, param));
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true }); testParams.add(new OpenSslEngineTestParam(false, param));
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
} }
return params; return testParams;
} }
private final boolean useTasks; @BeforeAll
public OpenSslConscryptSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo,
boolean delegate, boolean useTasks) {
super(type, combo, delegate);
this.useTasks = useTasks;
}
@BeforeClass
public static void checkOpenssl() { public static void checkOpenssl() {
OpenSsl.ensureAvailability(); OpenSsl.ensureAvailability();
} }
@ -76,17 +62,15 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
} }
@Override @Override
@Test @Disabled("TODO: Make this work with Conscrypt")
@Ignore("TODO: Make this work with Conscrypt") public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) {
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() { super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param);
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
} }
@Override @Override
@Test @Disabled("TODO: Make this work with Conscrypt")
@Ignore("TODO: Make this work with Conscrypt") public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) {
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() { super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param);
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
} }
@Override @Override
@ -96,38 +80,36 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
} }
@Override @Override
@Test public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param)
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(); super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param);
} }
@Override @Override
@Test public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param)
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(); super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param);
} }
@Override @Override
@Test public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param)
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(); super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param);
} }
@Override @Override
@Test public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception {
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(); super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param);
} }
@Override @Override
@Test public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
public void testSupportedSignatureAlgorithms() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSupportedSignatureAlgorithms(); super.testSupportedSignatureAlgorithms(param);
} }
@Override @Override
@ -137,31 +119,27 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
} }
@Override @Override
@Test public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception {
public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSessionLocalWhenNonMutualWithKeyManager(); super.testSessionLocalWhenNonMutualWithKeyManager(param);
} }
@Override @Override
@Test public void testSessionCache(SSLEngineTestParam param) throws Exception {
public void testSessionCache() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported()); assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache(); super.testSessionCache(param);
} }
@Override @Override
@Test public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
public void testSessionCacheTimeout() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported()); assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout(); super.testSessionCacheTimeout(param);
} }
@Override @Override
@Test public void testSessionCacheSize(SSLEngineTestParam param) throws Exception {
public void testSessionCacheSize() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported()); assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize(); super.testSessionCacheSize(param);
} }
@Override @Override
@ -176,9 +154,11 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
@Override @Override
protected SslContext wrapContext(SslContext context) { protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
if (context instanceof OpenSslContext) { if (context instanceof OpenSslContext) {
((OpenSslContext) context).setUseTasks(useTasks); if (param instanceof OpenSslEngineTestParam) {
((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
}
// Explicit enable the session cache as its disabled by default on the client side. // Explicit enable the session cache as its disabled by default on the client side.
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true); ((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
} }

View File

@ -0,0 +1,34 @@
/*
* Copyright 2021 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.ssl;
final class OpenSslEngineTestParam extends SSLEngineTest.SSLEngineTestParam {
final boolean useTasks;
OpenSslEngineTestParam(boolean useTasks, SSLEngineTest.SSLEngineTestParam param) {
super(param.type(), param.combo(), param.delegate());
this.useTasks = useTasks;
}
@Override
public String toString() {
return "OpenSslEngineTestParam{" +
"type=" + type() +
", protocolCipherCombo=" + combo() +
", delegate=" + delegate() +
", useTasks=" + useTasks +
'}';
}
}

View File

@ -18,7 +18,6 @@ package io.netty.handler.ssl;
import io.netty.internal.tcnative.SSL; import io.netty.internal.tcnative.SSL;
import io.netty.util.ReferenceCounted; import io.netty.util.ReferenceCounted;
import io.netty.util.internal.PlatformDependent; import io.netty.util.internal.PlatformDependent;
import org.junit.Assert;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLEngineResult;
@ -29,6 +28,8 @@ import java.nio.ByteBuffer;
import java.util.List; import java.util.List;
import java.util.function.BiFunction; import java.util.function.BiFunction;
import static org.junit.jupiter.api.Assertions.assertEquals;
/** /**
* Special {@link SSLEngine} which allows to wrap a {@link ReferenceCountedOpenSslEngine} and verify that that * Special {@link SSLEngine} which allows to wrap a {@link ReferenceCountedOpenSslEngine} and verify that that
* Error stack is empty after each method call. * Error stack is empty after each method call.
@ -436,6 +437,6 @@ final class OpenSslErrorStackAssertSSLEngine extends JdkSslEngine implements Ref
private static void assertErrorStackEmpty() { private static void assertErrorStackEmpty() {
long error = SSL.getLastErrorNumber(); long error = SSL.getLastErrorNumber();
Assert.assertEquals("SSL error stack non-empty: " + SSL.getErrorString(error), 0, error); assertEquals(0, error, "SSL error stack non-empty: " + SSL.getErrorString(error));
} }
} }

View File

@ -15,57 +15,38 @@
*/ */
package io.netty.handler.ssl; package io.netty.handler.ssl;
import org.junit.BeforeClass; import org.junit.jupiter.api.BeforeAll;
import org.junit.Ignore; import org.junit.jupiter.api.Disabled;
import org.junit.Test;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection;
import java.util.List; import java.util.List;
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory; import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
import static org.junit.Assume.assumeTrue; import static org.junit.jupiter.api.Assumptions.assumeTrue;
@RunWith(Parameterized.class)
public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest { public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}") public OpenSslJdkSslEngineInteroptTest() {
public static Collection<Object[]> data() { super(SslProvider.isTlsv13Supported(SslProvider.JDK) &&
List<Object[]> params = new ArrayList<>(); SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
for (BufferType type: BufferType.values()) { }
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false}); @Override
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true }); protected List<SSLEngineTestParam> newTestParams() {
List<SSLEngineTestParam> params = super.newTestParams();
if (SslProvider.isTlsv13Supported(SslProvider.JDK) && SslProvider.isTlsv13Supported(SslProvider.OPENSSL)) { List<SSLEngineTestParam> testParams = new ArrayList<SSLEngineTestParam>();
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false }); for (SSLEngineTestParam param: params) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true }); testParams.add(new OpenSslEngineTestParam(true, param));
testParams.add(new OpenSslEngineTestParam(false, param));
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true });
}
} }
return params; return testParams;
} }
private final boolean useTasks; @BeforeAll
public OpenSslJdkSslEngineInteroptTest(BufferType type, ProtocolCipherCombo combo,
boolean delegate, boolean useTasks) {
super(type, combo, delegate);
this.useTasks = useTasks;
}
@BeforeClass
public static void checkOpenSsl() { public static void checkOpenSsl() {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
} }
@Override @Override
@ -78,42 +59,43 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
return SslProvider.JDK; return SslProvider.JDK;
} }
@Ignore /* Does the JDK support a "max certificate chain length"? */ @Disabled /* Does the JDK support a "max certificate chain length"? */
@Override @Override
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception { public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
} }
@Ignore /* Does the JDK support a "max certificate chain length"? */ @Disabled /* Does the JDK support a "max certificate chain length"? */
@Override @Override
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception { public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
throws Exception {
} }
@Override @Override
@Test public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param)
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(); super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param);
} }
@Override @Override
@Test public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param)
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(); super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param);
} }
@Override @Override
@Test public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param)
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception { throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(); super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param);
} }
@Override @Override
@Test public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception {
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(); super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param);
} }
@Override @Override
@ -123,52 +105,47 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
} }
@Override @Override
public void testHandshakeSession() throws Exception { public void testHandshakeSession(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testHandshakeSession(); super.testHandshakeSession(param);
} }
@Override @Override
@Test public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
public void testSupportedSignatureAlgorithms() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSupportedSignatureAlgorithms(); super.testSupportedSignatureAlgorithms(param);
} }
@Override @Override
@Test public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception {
public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
checkShouldUseKeyManagerFactory(); checkShouldUseKeyManagerFactory();
super.testSessionLocalWhenNonMutualWithKeyManager(); super.testSessionLocalWhenNonMutualWithKeyManager(param);
} }
@Override @Override
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception { public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception {
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when // This only really works when the KeyManagerFactory is supported as otherwise we not really know when
// we need to provide a cert. // we need to provide a cert.
assumeTrue(OpenSsl.supportsKeyManagerFactory()); assumeTrue(OpenSsl.supportsKeyManagerFactory());
super.testSessionLocalWhenNonMutualWithoutKeyManager(); super.testSessionLocalWhenNonMutualWithoutKeyManager(param);
} }
@Override @Override
@Test public void testSessionCache(SSLEngineTestParam param) throws Exception {
public void testSessionCache() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported()); assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache(); super.testSessionCache(param);
} }
@Override @Override
@Test public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
public void testSessionCacheTimeout() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported()); assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout(); super.testSessionCacheTimeout(param);
} }
@Override @Override
@Test public void testSessionCacheSize(SSLEngineTestParam param) throws Exception {
public void testSessionCacheSize() throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported()); assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize(); super.testSessionCacheSize(param);
} }
@Override @Override
@ -178,9 +155,9 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
@Override @Override
protected SslContext wrapContext(SslContext context) { protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
if (context instanceof OpenSslContext) { if (context instanceof OpenSslContext && param instanceof OpenSslEngineTestParam) {
((OpenSslContext) context).setUseTasks(useTasks); ((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
// Explicit enable the session cache as its disabled by default on the client side. // Explicit enable the session cache as its disabled by default on the client side.
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true); ((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
} }

View File

@ -15,7 +15,7 @@
*/ */
package io.netty.handler.ssl; package io.netty.handler.ssl;
import org.junit.BeforeClass; import org.junit.jupiter.api.BeforeAll;
import java.util.concurrent.atomic.AtomicReference; import java.util.concurrent.atomic.AtomicReference;
@ -24,11 +24,10 @@ import javax.net.ssl.SSLException;
import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.instanceOf; import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.is;
import static org.junit.Assume.assumeTrue;
public class OpenSslRenegotiateTest extends RenegotiateTest { public class OpenSslRenegotiateTest extends RenegotiateTest {
@BeforeClass @BeforeAll
public static void checkOpenSsl() { public static void checkOpenSsl() {
OpenSsl.ensureAvailability(); OpenSsl.ensureAvailability();
} }

View File

@ -15,14 +15,14 @@
*/ */
package io.netty.handler.ssl; package io.netty.handler.ssl;
import org.junit.BeforeClass; import org.junit.jupiter.api.BeforeAll;
import javax.net.ssl.SSLException; import javax.net.ssl.SSLException;
import java.io.File; import java.io.File;
public class OpenSslServerContextTest extends SslContextTest { public class OpenSslServerContextTest extends SslContextTest {
@BeforeClass @BeforeAll
public static void checkOpenSsl() { public static void checkOpenSsl() {
OpenSsl.ensureAvailability(); OpenSsl.ensureAvailability();
} }

View File

@ -18,19 +18,17 @@ package io.netty.handler.ssl;
import io.netty.buffer.UnpooledByteBufAllocator; import io.netty.buffer.UnpooledByteBufAllocator;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory; import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.util.ReferenceCountUtil; import io.netty.util.ReferenceCountUtil;
import org.junit.Test; import org.junit.jupiter.api.function.Executable;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import static junit.framework.TestCase.*; import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest { public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
public ReferenceCountedOpenSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate,
boolean useTasks) {
super(type, combo, delegate, useTasks);
}
@Override @Override
protected SslProvider sslClientProvider() { protected SslProvider sslClientProvider() {
return SslProvider.OPENSSL_REFCNT; return SslProvider.OPENSSL_REFCNT;
@ -61,37 +59,46 @@ public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
ReferenceCountUtil.release(unwrapEngine(engine)); ReferenceCountUtil.release(unwrapEngine(engine));
} }
@Test(expected = NullPointerException.class) @MethodSource("newTestParams")
public void testNotLeakOnException() throws Exception { @ParameterizedTest
clientSslCtx = wrapContext(SslContextBuilder.forClient() public void testNotLeakOnException(SSLEngineTestParam param) throws Exception {
clientSslCtx = wrapContext(param, SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(param.protocols())
.ciphers(ciphers()) .ciphers(param.ciphers())
.build()); .build());
clientSslCtx.newEngine(null); assertThrows(NullPointerException.class, new Executable() {
@Override
public void execute() throws Throwable {
clientSslCtx.newEngine(null);
}
});
} }
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
@Override @Override
protected SslContext wrapContext(SslContext context) { protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
if (context instanceof ReferenceCountedOpenSslContext) { if (context instanceof ReferenceCountedOpenSslContext) {
((ReferenceCountedOpenSslContext) context).setUseTasks(useTasks); if (param instanceof OpenSslEngineTestParam) {
((ReferenceCountedOpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
}
// Explicit enable the session cache as its disabled by default on the client side. // Explicit enable the session cache as its disabled by default on the client side.
((ReferenceCountedOpenSslContext) context).sessionContext().setSessionCacheEnabled(true); ((ReferenceCountedOpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
} }
return context; return context;
} }
@Test @MethodSource("newTestParams")
public void parentContextIsRetainedByChildEngines() throws Exception { @ParameterizedTest
SslContext clientSslCtx = SslContextBuilder.forClient() public void parentContextIsRetainedByChildEngines(SSLEngineTestParam param) throws Exception {
SslContext clientSslCtx = wrapContext(param, SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(param.protocols())
.ciphers(ciphers()) .ciphers(param.ciphers())
.build(); .build());
SSLEngine engine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); SSLEngine engine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
assertEquals(ReferenceCountUtil.refCnt(clientSslCtx), 2); assertEquals(ReferenceCountUtil.refCnt(clientSslCtx), 2);

File diff suppressed because it is too large Load Diff

View File

@ -35,7 +35,6 @@ import io.netty.util.ReferenceCountUtil;
import io.netty.util.concurrent.Promise; import io.netty.util.concurrent.Promise;
import io.netty.util.internal.EmptyArrays; import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.ThrowableUtil; import io.netty.util.internal.ThrowableUtil;
import org.junit.Assert;
import javax.net.ssl.ExtendedSSLSession; import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManager;
@ -69,6 +68,11 @@ import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.concurrent.CompletionException; import java.util.concurrent.CompletionException;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
/** /**
* In extra class to be able to run tests with java7 without trying to load classes that not exists in java7. * In extra class to be able to run tests with java7 without trying to load classes that not exists in java7.
*/ */
@ -175,17 +179,17 @@ final class SniClientJava8TestUtil {
} }
private static void assertSSLSession(boolean clientSide, SSLSession session, SNIServerName name) { private static void assertSSLSession(boolean clientSide, SSLSession session, SNIServerName name) {
Assert.assertNotNull(session); assertNotNull(session);
if (session instanceof ExtendedSSLSession) { if (session instanceof ExtendedSSLSession) {
ExtendedSSLSession extendedSSLSession = (ExtendedSSLSession) session; ExtendedSSLSession extendedSSLSession = (ExtendedSSLSession) session;
List<SNIServerName> names = extendedSSLSession.getRequestedServerNames(); List<SNIServerName> names = extendedSSLSession.getRequestedServerNames();
Assert.assertEquals(1, names.size()); assertEquals(1, names.size());
Assert.assertEquals(name, names.get(0)); assertEquals(name, names.get(0));
Assert.assertTrue(extendedSSLSession.getLocalSupportedSignatureAlgorithms().length > 0); assertTrue(extendedSSLSession.getLocalSupportedSignatureAlgorithms().length > 0);
if (clientSide) { if (clientSide) {
Assert.assertEquals(0, extendedSSLSession.getPeerSupportedSignatureAlgorithms().length); assertEquals(0, extendedSSLSession.getPeerSupportedSignatureAlgorithms().length);
} else { } else {
Assert.assertTrue(extendedSSLSession.getPeerSupportedSignatureAlgorithms().length >= 0); assertTrue(extendedSSLSession.getPeerSupportedSignatureAlgorithms().length >= 0);
} }
} }
} }
@ -218,19 +222,19 @@ final class SniClientJava8TestUtil {
@Override @Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket)
throws CertificateException { throws CertificateException {
Assert.fail(); fail();
} }
@Override @Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket)
throws CertificateException { throws CertificateException {
Assert.fail(); fail();
} }
@Override @Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine)
throws CertificateException { throws CertificateException {
Assert.fail(); fail();
} }
@Override @Override
@ -242,13 +246,13 @@ final class SniClientJava8TestUtil {
@Override @Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
throws CertificateException { throws CertificateException {
Assert.fail(); fail();
} }
@Override @Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
throws CertificateException { throws CertificateException {
Assert.fail(); fail();
} }
@Override @Override

View File

@ -74,7 +74,7 @@ import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.nullValue; import static org.hamcrest.CoreMatchers.nullValue;
import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assume.assumeTrue; import static org.junit.jupiter.api.Assumptions.assumeTrue;
import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNotNull;

View File

@ -31,7 +31,7 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException; import javax.net.ssl.SSLException;
import static org.junit.Assume.assumeNotNull; import static org.junit.jupiter.api.Assumptions.assumeTrue;
import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertThrows;
@ -124,7 +124,7 @@ public abstract class SslContextTest {
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
exception = e; exception = e;
} }
assumeNotNull(exception); assumeTrue(exception != null);
File keyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem"); File keyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem");
File crtFile = ResourcesUtil.getFile(getClass(), "test.crt"); File crtFile = ResourcesUtil.getFile(getClass(), "test.crt");

View File

@ -104,7 +104,6 @@ import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertSame; import static org.junit.jupiter.api.Assertions.assertSame;
import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
import static org.junit.jupiter.api.Assumptions.assumeFalse; import static org.junit.jupiter.api.Assumptions.assumeFalse;
import static org.junit.jupiter.api.Assumptions.assumeTrue; import static org.junit.jupiter.api.Assumptions.assumeTrue;