Correctly handle task offloading when using BoringSSL / OpenSSL (#9575)
Motivation: We did not correctly handle taskoffloading when using BoringSSL / OpenSSL. This could lead to the situation that we did not write the SSL alert out for the remote peer before closing the connection. Modifications: - Correctly handle exceptions when we resume processing on the EventLoop after the task was offloadded - Ensure we call SSL.doHandshake(...) to flush the alert out to the outboundbuffer when an handshake exception was detected - Correctly signal back the need to call WRAP again when a handshake exception is pending. This will ensure we flush out the alert in all cases. Result: No more failures when task offloading is used.
This commit is contained in:
parent
cda8ee95b3
commit
2ba99b4996
@ -532,6 +532,17 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Exposed for testing only
|
||||||
|
final void setUseTasks(boolean useTasks) {
|
||||||
|
Lock writerLock = ctxLock.writeLock();
|
||||||
|
writerLock.lock();
|
||||||
|
try {
|
||||||
|
SSLContext.setUseTasks(ctx, useTasks);
|
||||||
|
} finally {
|
||||||
|
writerLock.unlock();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// IMPORTANT: This method must only be called from either the constructor or the finalizer as a user MUST never
|
// IMPORTANT: This method must only be called from either the constructor or the finalizer as a user MUST never
|
||||||
// get access to an OpenSslSessionContext after this method was called to prevent the user from
|
// get access to an OpenSslSessionContext after this method was called to prevent the user from
|
||||||
// producing a segfault.
|
// producing a segfault.
|
||||||
|
@ -755,8 +755,15 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
|||||||
// If there is a handshake exception and we have produced data, we should send the data before
|
// If there is a handshake exception and we have produced data, we should send the data before
|
||||||
// we allow handshake() to throw the handshake exception.
|
// we allow handshake() to throw the handshake exception.
|
||||||
//
|
//
|
||||||
// unwrap(...) will then ensure we propagate the handshake error back to the user.
|
// When the user calls wrap() again we will propagate the handshake error back to the user as
|
||||||
return newResult(NEED_UNWRAP, 0, bytesProduced);
|
// soon as there is no more data to was produced (as part of an alert etc).
|
||||||
|
if (bytesProduced > 0) {
|
||||||
|
return newResult(NEED_WRAP, 0, bytesProduced);
|
||||||
|
}
|
||||||
|
// Nothing was produced see if there is a handshakeException that needs to be propagated
|
||||||
|
// to the caller by calling handshakeException() which will return the right HandshakeStatus
|
||||||
|
// if it can "recover" from the exception for now.
|
||||||
|
return newResult(handshakeException(), 0, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
status = handshake();
|
status = handshake();
|
||||||
@ -1744,6 +1751,12 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
|
|||||||
checkEngineClosed();
|
checkEngineClosed();
|
||||||
|
|
||||||
if (handshakeException != null) {
|
if (handshakeException != null) {
|
||||||
|
// Let's call SSL.doHandshake(...) again in case there is some async operation pending that would fill the
|
||||||
|
// outbound buffer.
|
||||||
|
if (SSL.doHandshake(ssl) <= 0) {
|
||||||
|
// Clear any error that was put on the stack by the handshake
|
||||||
|
SSL.clearError();
|
||||||
|
}
|
||||||
return handshakeException();
|
return handshakeException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1633,7 +1633,12 @@ public class SslHandler extends ByteToMessageDecoder {
|
|||||||
// We need more data so lets try to unwrap first and then call decode again which will feed us
|
// We need more data so lets try to unwrap first and then call decode again which will feed us
|
||||||
// with buffered data (if there is any).
|
// with buffered data (if there is any).
|
||||||
case NEED_UNWRAP:
|
case NEED_UNWRAP:
|
||||||
unwrapNonAppData(ctx);
|
try {
|
||||||
|
unwrapNonAppData(ctx);
|
||||||
|
} catch (SSLException e) {
|
||||||
|
handleUnwrapThrowable(ctx, e);
|
||||||
|
return;
|
||||||
|
}
|
||||||
tryDecodeAgain();
|
tryDecodeAgain();
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -34,18 +34,25 @@ import static org.junit.Assume.assumeTrue;
|
|||||||
@RunWith(Parameterized.class)
|
@RunWith(Parameterized.class)
|
||||||
public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
|
public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
|
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
|
||||||
public static Collection<Object[]> data() {
|
public static Collection<Object[]> data() {
|
||||||
List<Object[]> params = new ArrayList<Object[]>();
|
List<Object[]> params = new ArrayList<Object[]>();
|
||||||
for (BufferType type: BufferType.values()) {
|
for (BufferType type: BufferType.values()) {
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
|
||||||
|
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
|
||||||
}
|
}
|
||||||
return params;
|
return params;
|
||||||
}
|
}
|
||||||
|
|
||||||
public ConscryptOpenSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) {
|
private final boolean useTasks;
|
||||||
|
|
||||||
|
public ConscryptOpenSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo,
|
||||||
|
boolean delegate, boolean useTasks) {
|
||||||
super(type, combo, delegate);
|
super(type, combo, delegate);
|
||||||
|
this.useTasks = useTasks;
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
@ -140,4 +147,12 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
|
|||||||
protected SSLEngine wrapEngine(SSLEngine engine) {
|
protected SSLEngine wrapEngine(SSLEngine engine) {
|
||||||
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
|
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected SslContext wrapContext(SslContext context) {
|
||||||
|
if (context instanceof OpenSslContext) {
|
||||||
|
((OpenSslContext) context).setUseTasks(useTasks);
|
||||||
|
}
|
||||||
|
return context;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -33,23 +33,33 @@ import static org.junit.Assume.assumeTrue;
|
|||||||
@RunWith(Parameterized.class)
|
@RunWith(Parameterized.class)
|
||||||
public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
|
public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
|
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
|
||||||
public static Collection<Object[]> data() {
|
public static Collection<Object[]> data() {
|
||||||
List<Object[]> params = new ArrayList<>();
|
List<Object[]> params = new ArrayList<>();
|
||||||
for (BufferType type: BufferType.values()) {
|
for (BufferType type: BufferType.values()) {
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
|
||||||
|
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
|
||||||
|
|
||||||
if (PlatformDependent.javaVersion() >= 11 && OpenSsl.isTlsv13Supported()) {
|
if (PlatformDependent.javaVersion() >= 11 && OpenSsl.isTlsv13Supported()) {
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false });
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true });
|
||||||
|
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false });
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true });
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return params;
|
return params;
|
||||||
}
|
}
|
||||||
|
|
||||||
public JdkOpenSslEngineInteroptTest(BufferType type, ProtocolCipherCombo protocolCipherCombo, boolean delegate) {
|
private final boolean useTasks;
|
||||||
|
|
||||||
|
public JdkOpenSslEngineInteroptTest(BufferType type, ProtocolCipherCombo protocolCipherCombo,
|
||||||
|
boolean delegate, boolean useTasks) {
|
||||||
super(type, protocolCipherCombo, delegate);
|
super(type, protocolCipherCombo, delegate);
|
||||||
|
this.useTasks = useTasks;
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
@ -145,4 +155,12 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
|
|||||||
protected SSLEngine wrapEngine(SSLEngine engine) {
|
protected SSLEngine wrapEngine(SSLEngine engine) {
|
||||||
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
|
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected SslContext wrapContext(SslContext context) {
|
||||||
|
if (context instanceof OpenSslContext) {
|
||||||
|
((OpenSslContext) context).setUseTasks(useTasks);
|
||||||
|
}
|
||||||
|
return context;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -33,18 +33,25 @@ import static org.junit.Assume.assumeTrue;
|
|||||||
@RunWith(Parameterized.class)
|
@RunWith(Parameterized.class)
|
||||||
public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest {
|
public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest {
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
|
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
|
||||||
public static Collection<Object[]> data() {
|
public static Collection<Object[]> data() {
|
||||||
List<Object[]> params = new ArrayList<Object[]>();
|
List<Object[]> params = new ArrayList<Object[]>();
|
||||||
for (BufferType type: BufferType.values()) {
|
for (BufferType type: BufferType.values()) {
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
|
||||||
|
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
|
||||||
}
|
}
|
||||||
return params;
|
return params;
|
||||||
}
|
}
|
||||||
|
|
||||||
public OpenSslConscryptSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) {
|
private final boolean useTasks;
|
||||||
|
|
||||||
|
public OpenSslConscryptSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo,
|
||||||
|
boolean delegate, boolean useTasks) {
|
||||||
super(type, combo, delegate);
|
super(type, combo, delegate);
|
||||||
|
this.useTasks = useTasks;
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
@ -132,4 +139,12 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
|
|||||||
protected SSLEngine wrapEngine(SSLEngine engine) {
|
protected SSLEngine wrapEngine(SSLEngine engine) {
|
||||||
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
|
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected SslContext wrapContext(SslContext context) {
|
||||||
|
if (context instanceof OpenSslContext) {
|
||||||
|
((OpenSslContext) context).setUseTasks(useTasks);
|
||||||
|
}
|
||||||
|
return context;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -67,29 +67,37 @@ import static org.junit.Assert.assertSame;
|
|||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
import static org.junit.Assume.assumeTrue;
|
import static org.junit.Assume.assumeTrue;
|
||||||
|
|
||||||
|
|
||||||
@RunWith(Parameterized.class)
|
@RunWith(Parameterized.class)
|
||||||
public class OpenSslEngineTest extends SSLEngineTest {
|
public class OpenSslEngineTest extends SSLEngineTest {
|
||||||
private static final String PREFERRED_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http2";
|
private static final String PREFERRED_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http2";
|
||||||
private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
|
private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
|
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
|
||||||
public static Collection<Object[]> data() {
|
public static Collection<Object[]> data() {
|
||||||
List<Object[]> params = new ArrayList<>();
|
List<Object[]> params = new ArrayList<>();
|
||||||
for (BufferType type: BufferType.values()) {
|
for (BufferType type: BufferType.values()) {
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
|
||||||
|
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
|
||||||
|
|
||||||
if (OpenSsl.isTlsv13Supported()) {
|
if (OpenSsl.isTlsv13Supported()) {
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false });
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true });
|
||||||
|
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false });
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true });
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return params;
|
return params;
|
||||||
}
|
}
|
||||||
|
|
||||||
public OpenSslEngineTest(BufferType type, ProtocolCipherCombo cipherCombo, boolean delegate) {
|
protected final boolean useTasks;
|
||||||
|
|
||||||
|
public OpenSslEngineTest(BufferType type, ProtocolCipherCombo cipherCombo, boolean delegate, boolean useTasks) {
|
||||||
super(type, cipherCombo, delegate);
|
super(type, cipherCombo, delegate);
|
||||||
|
this.useTasks = useTasks;
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
@ -230,18 +238,18 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
}
|
}
|
||||||
@Test
|
@Test
|
||||||
public void testWrapBuffersNoWritePendingError() throws Exception {
|
public void testWrapBuffersNoWritePendingError() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -268,18 +276,18 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testOnlySmallBufferNeededForWrap() throws Exception {
|
public void testOnlySmallBufferNeededForWrap() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -323,18 +331,18 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testNeededDstCapacityIsCorrectlyCalculated() throws Exception {
|
public void testNeededDstCapacityIsCorrectlyCalculated() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -363,18 +371,18 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testSrcsLenOverFlowCorrectlyHandled() throws Exception {
|
public void testSrcsLenOverFlowCorrectlyHandled() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -414,12 +422,12 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testCalculateOutNetBufSizeOverflow() throws SSLException {
|
public void testCalculateOutNetBufSizeOverflow() throws SSLException {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
try {
|
try {
|
||||||
clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
|
clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
|
||||||
@ -432,12 +440,12 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testCalculateOutNetBufSize0() throws SSLException {
|
public void testCalculateOutNetBufSize0() throws SSLException {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
try {
|
try {
|
||||||
clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
|
clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
|
||||||
@ -459,18 +467,18 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
private void testCorrectlyCalculateSpaceForAlert(boolean jdkCompatabilityMode) throws Exception {
|
private void testCorrectlyCalculateSpaceForAlert(boolean jdkCompatabilityMode) throws Exception {
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -521,14 +529,14 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testWrapWithDifferentSizesTLSv1() throws Exception {
|
public void testWrapWithDifferentSizesTLSv1() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.build();
|
.build());
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES128-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES128-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES128-SHA");
|
||||||
@ -552,14 +560,14 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testWrapWithDifferentSizesTLSv1_1() throws Exception {
|
public void testWrapWithDifferentSizesTLSv1_1() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.build();
|
.build());
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AES256-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AES256-SHA");
|
||||||
@ -580,14 +588,14 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testWrapWithDifferentSizesTLSv1_2() throws Exception {
|
public void testWrapWithDifferentSizesTLSv1_2() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.build();
|
.build());
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA");
|
||||||
@ -618,14 +626,14 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testWrapWithDifferentSizesSSLv3() throws Exception {
|
public void testWrapWithDifferentSizesSSLv3() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.build();
|
.build());
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
|
||||||
@ -658,21 +666,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
public void testMultipleRecordsInOneBufferWithNonZeroPositionJDKCompatabilityModeOff() throws Exception {
|
public void testMultipleRecordsInOneBufferWithNonZeroPositionJDKCompatabilityModeOff() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -739,21 +747,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
public void testInputTooBigAndFillsUpBuffersJDKCompatabilityModeOff() throws Exception {
|
public void testInputTooBigAndFillsUpBuffersJDKCompatabilityModeOff() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -827,21 +835,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
public void testPartialPacketUnwrapJDKCompatabilityModeOff() throws Exception {
|
public void testPartialPacketUnwrapJDKCompatabilityModeOff() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -906,21 +914,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
public void testBufferUnderFlowAvoidedIfJDKCompatabilityModeOff() throws Exception {
|
public void testBufferUnderFlowAvoidedIfJDKCompatabilityModeOff() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -1045,11 +1053,11 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testSNIMatchersDoesNotThrow() throws Exception {
|
public void testSNIMatchersDoesNotThrow() throws Exception {
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
try {
|
try {
|
||||||
@ -1066,11 +1074,11 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
public void testSNIMatchersWithSNINameWithUnderscore() throws Exception {
|
public void testSNIMatchersWithSNINameWithUnderscore() throws Exception {
|
||||||
byte[] name = "rb8hx3pww30y3tvw0mwy.v1_1".getBytes(CharsetUtil.UTF_8);
|
byte[] name = "rb8hx3pww30y3tvw0mwy.v1_1".getBytes(CharsetUtil.UTF_8);
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
try {
|
try {
|
||||||
@ -1088,11 +1096,11 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
@Test(expected = IllegalArgumentException.class)
|
@Test(expected = IllegalArgumentException.class)
|
||||||
public void testAlgorithmConstraintsThrows() throws Exception {
|
public void testAlgorithmConstraintsThrows() throws Exception {
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
try {
|
try {
|
||||||
@ -1125,15 +1133,15 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testExtractMasterkeyWorksCorrectly() throws Exception {
|
public void testExtractMasterkeyWorksCorrectly() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(cert.key(), cert.cert())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(cert.key(), cert.cert())
|
||||||
.sslProvider(SslProvider.OPENSSL).build();
|
.sslProvider(SslProvider.OPENSSL).build());
|
||||||
final SSLEngine serverEngine =
|
final SSLEngine serverEngine =
|
||||||
serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
|
wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(cert.certificate())
|
.trustManager(cert.certificate())
|
||||||
.sslProvider(SslProvider.OPENSSL).build();
|
.sslProvider(SslProvider.OPENSSL).build());
|
||||||
final SSLEngine clientEngine =
|
final SSLEngine clientEngine =
|
||||||
clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
|
wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
//lets set the cipher suite to a specific one with DHE
|
//lets set the cipher suite to a specific one with DHE
|
||||||
@ -1303,4 +1311,10 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
}
|
}
|
||||||
return (ReferenceCountedOpenSslEngine) engine;
|
return (ReferenceCountedOpenSslEngine) engine;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected SslContext wrapContext(SslContext context) {
|
||||||
|
((OpenSslContext) context).setUseTasks(useTasks);
|
||||||
|
return context;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -35,23 +35,33 @@ import static org.junit.Assume.assumeTrue;
|
|||||||
@RunWith(Parameterized.class)
|
@RunWith(Parameterized.class)
|
||||||
public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
|
public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
|
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
|
||||||
public static Collection<Object[]> data() {
|
public static Collection<Object[]> data() {
|
||||||
List<Object[]> params = new ArrayList<>();
|
List<Object[]> params = new ArrayList<>();
|
||||||
for (BufferType type: BufferType.values()) {
|
for (BufferType type: BufferType.values()) {
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
|
||||||
|
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false});
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
|
||||||
|
|
||||||
if (PlatformDependent.javaVersion() >= 11 && OpenSsl.isTlsv13Supported()) {
|
if (PlatformDependent.javaVersion() >= 11 && OpenSsl.isTlsv13Supported()) {
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false });
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true });
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true });
|
||||||
|
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false });
|
||||||
|
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true });
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return params;
|
return params;
|
||||||
}
|
}
|
||||||
|
|
||||||
public OpenSslJdkSslEngineInteroptTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) {
|
private final boolean useTasks;
|
||||||
|
|
||||||
|
public OpenSslJdkSslEngineInteroptTest(BufferType type, ProtocolCipherCombo combo,
|
||||||
|
boolean delegate, boolean useTasks) {
|
||||||
super(type, combo, delegate);
|
super(type, combo, delegate);
|
||||||
|
this.useTasks = useTasks;
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
@ -130,4 +140,12 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
|
|||||||
protected SSLEngine wrapEngine(SSLEngine engine) {
|
protected SSLEngine wrapEngine(SSLEngine engine) {
|
||||||
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
|
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected SslContext wrapContext(SslContext context) {
|
||||||
|
if (context instanceof OpenSslContext) {
|
||||||
|
((OpenSslContext) context).setUseTasks(useTasks);
|
||||||
|
}
|
||||||
|
return context;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -23,8 +23,9 @@ import javax.net.ssl.SSLEngine;
|
|||||||
|
|
||||||
public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
|
public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
|
||||||
|
|
||||||
public ReferenceCountedOpenSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) {
|
public ReferenceCountedOpenSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate,
|
||||||
super(type, combo, delegate);
|
boolean useTasks) {
|
||||||
|
super(type, combo, delegate, useTasks);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -59,13 +60,19 @@ public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
|
|||||||
|
|
||||||
@Test(expected = NullPointerException.class)
|
@Test(expected = NullPointerException.class)
|
||||||
public void testNotLeakOnException() throws Exception {
|
public void testNotLeakOnException() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
clientSslCtx.newEngine(null);
|
clientSslCtx.newEngine(null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected SslContext wrapContext(SslContext context) {
|
||||||
|
((ReferenceCountedOpenSslContext) context).setUseTasks(useTasks);
|
||||||
|
return context;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -708,7 +708,7 @@ public abstract class SSLEngineTest {
|
|||||||
final boolean serverInitEngine)
|
final boolean serverInitEngine)
|
||||||
throws SSLException, InterruptedException {
|
throws SSLException, InterruptedException {
|
||||||
serverSslCtx =
|
serverSslCtx =
|
||||||
SslContextBuilder.forServer(serverKMF)
|
wrapContext(SslContextBuilder.forServer(serverKMF)
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
@ -717,10 +717,10 @@ public abstract class SSLEngineTest {
|
|||||||
.clientAuth(clientAuth)
|
.clientAuth(clientAuth)
|
||||||
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
|
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
|
||||||
.sessionCacheSize(0)
|
.sessionCacheSize(0)
|
||||||
.sessionTimeout(0).build();
|
.sessionTimeout(0).build());
|
||||||
|
|
||||||
clientSslCtx =
|
clientSslCtx =
|
||||||
SslContextBuilder.forClient()
|
wrapContext(SslContextBuilder.forClient()
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
@ -729,7 +729,7 @@ public abstract class SSLEngineTest {
|
|||||||
.keyManager(clientKMF)
|
.keyManager(clientKMF)
|
||||||
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
|
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
|
||||||
.sessionCacheSize(0)
|
.sessionCacheSize(0)
|
||||||
.sessionTimeout(0).build();
|
.sessionTimeout(0).build());
|
||||||
|
|
||||||
serverConnectedChannel = null;
|
serverConnectedChannel = null;
|
||||||
sb = new ServerBootstrap();
|
sb = new ServerBootstrap();
|
||||||
@ -861,7 +861,7 @@ public abstract class SSLEngineTest {
|
|||||||
final boolean failureExpected)
|
final boolean failureExpected)
|
||||||
throws SSLException, InterruptedException {
|
throws SSLException, InterruptedException {
|
||||||
final String expectedHost = "localhost";
|
final String expectedHost = "localhost";
|
||||||
serverSslCtx = SslContextBuilder.forServer(serverCrtFile, serverKeyFile, null)
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(serverCrtFile, serverKeyFile, null)
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
@ -870,9 +870,9 @@ public abstract class SSLEngineTest {
|
|||||||
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
|
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
|
||||||
.sessionCacheSize(0)
|
.sessionCacheSize(0)
|
||||||
.sessionTimeout(0)
|
.sessionTimeout(0)
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
@ -881,7 +881,7 @@ public abstract class SSLEngineTest {
|
|||||||
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
|
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
|
||||||
.sessionCacheSize(0)
|
.sessionCacheSize(0)
|
||||||
.sessionTimeout(0)
|
.sessionTimeout(0)
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
serverConnectedChannel = null;
|
serverConnectedChannel = null;
|
||||||
sb = new ServerBootstrap();
|
sb = new ServerBootstrap();
|
||||||
@ -1032,7 +1032,7 @@ public abstract class SSLEngineTest {
|
|||||||
File clientTrustCrtFile, File clientKeyFile, final File clientCrtFile, String clientKeyPassword)
|
File clientTrustCrtFile, File clientKeyFile, final File clientCrtFile, String clientKeyPassword)
|
||||||
throws InterruptedException, SSLException {
|
throws InterruptedException, SSLException {
|
||||||
serverSslCtx =
|
serverSslCtx =
|
||||||
SslContextBuilder.forServer(serverCrtFile, serverKeyFile, serverKeyPassword)
|
wrapContext(SslContextBuilder.forServer(serverCrtFile, serverKeyFile, serverKeyPassword)
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
@ -1040,9 +1040,9 @@ public abstract class SSLEngineTest {
|
|||||||
.trustManager(servertTrustCrtFile)
|
.trustManager(servertTrustCrtFile)
|
||||||
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
|
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
|
||||||
.sessionCacheSize(0)
|
.sessionCacheSize(0)
|
||||||
.sessionTimeout(0).build();
|
.sessionTimeout(0).build());
|
||||||
clientSslCtx =
|
clientSslCtx =
|
||||||
SslContextBuilder.forClient()
|
wrapContext(SslContextBuilder.forClient()
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.sslContextProvider(clientSslContextProvider())
|
.sslContextProvider(clientSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
@ -1051,7 +1051,7 @@ public abstract class SSLEngineTest {
|
|||||||
.keyManager(clientCrtFile, clientKeyFile, clientKeyPassword)
|
.keyManager(clientCrtFile, clientKeyFile, clientKeyPassword)
|
||||||
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
|
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
|
||||||
.sessionCacheSize(0)
|
.sessionCacheSize(0)
|
||||||
.sessionTimeout(0).build();
|
.sessionTimeout(0).build());
|
||||||
|
|
||||||
serverConnectedChannel = null;
|
serverConnectedChannel = null;
|
||||||
sb = new ServerBootstrap();
|
sb = new ServerBootstrap();
|
||||||
@ -1200,9 +1200,9 @@ public abstract class SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testGetCreationTime() throws Exception {
|
public void testGetCreationTime() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.sslContextProvider(clientSslContextProvider()).build();
|
.sslContextProvider(clientSslContextProvider()).build());
|
||||||
SSLEngine engine = null;
|
SSLEngine engine = null;
|
||||||
try {
|
try {
|
||||||
engine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
engine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
@ -1214,20 +1214,20 @@ public abstract class SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testSessionInvalidate() throws Exception {
|
public void testSessionInvalidate() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.sslContextProvider(clientSslContextProvider())
|
.sslContextProvider(clientSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -1248,20 +1248,20 @@ public abstract class SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testSSLSessionId() throws Exception {
|
public void testSSLSessionId() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
// This test only works for non TLSv1.3 for now
|
// This test only works for non TLSv1.3 for now
|
||||||
.protocols(PROTOCOL_TLS_V1_2)
|
.protocols(PROTOCOL_TLS_V1_2)
|
||||||
.sslContextProvider(clientSslContextProvider())
|
.sslContextProvider(clientSslContextProvider())
|
||||||
.build();
|
.build());
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
// This test only works for non TLSv1.3 for now
|
// This test only works for non TLSv1.3 for now
|
||||||
.protocols(PROTOCOL_TLS_V1_2)
|
.protocols(PROTOCOL_TLS_V1_2)
|
||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -1290,12 +1290,12 @@ public abstract class SSLEngineTest {
|
|||||||
throws CertificateException, SSLException, InterruptedException, ExecutionException {
|
throws CertificateException, SSLException, InterruptedException, ExecutionException {
|
||||||
Assume.assumeTrue(PlatformDependent.javaVersion() >= 11);
|
Assume.assumeTrue(PlatformDependent.javaVersion() >= 11);
|
||||||
final SelfSignedCertificate ssc = new SelfSignedCertificate();
|
final SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
sb = new ServerBootstrap()
|
sb = new ServerBootstrap()
|
||||||
.group(new MultithreadEventLoopGroup(1, NioHandler.newFactory()))
|
.group(new MultithreadEventLoopGroup(1, NioHandler.newFactory()))
|
||||||
.channel(NioServerSocketChannel.class)
|
.channel(NioServerSocketChannel.class)
|
||||||
@ -1346,13 +1346,13 @@ public abstract class SSLEngineTest {
|
|||||||
|
|
||||||
serverChannel = sb.bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
|
serverChannel = sb.bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
// OpenSslEngine doesn't support renegotiation on client side
|
// OpenSslEngine doesn't support renegotiation on client side
|
||||||
.sslProvider(SslProvider.JDK)
|
.sslProvider(SslProvider.JDK)
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
cb = new Bootstrap();
|
cb = new Bootstrap();
|
||||||
cb.group(new MultithreadEventLoopGroup(1, NioHandler.newFactory()))
|
cb.group(new MultithreadEventLoopGroup(1, NioHandler.newFactory()))
|
||||||
@ -1415,12 +1415,12 @@ public abstract class SSLEngineTest {
|
|||||||
try {
|
try {
|
||||||
File serverKeyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem");
|
File serverKeyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem");
|
||||||
File serverCrtFile = ResourcesUtil.getFile(getClass(), "test.crt");
|
File serverCrtFile = ResourcesUtil.getFile(getClass(), "test.crt");
|
||||||
serverSslCtx = SslContextBuilder.forServer(serverCrtFile, serverKeyFile)
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(serverCrtFile, serverKeyFile)
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
sslEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
sslEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
@ -1629,7 +1629,7 @@ public abstract class SSLEngineTest {
|
|||||||
clientCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
|
clientCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
|
||||||
}
|
}
|
||||||
|
|
||||||
setupHandlers(serverCtxBuilder.build(), clientCtxBuilder.build());
|
setupHandlers(wrapContext(serverCtxBuilder.build()), wrapContext(clientCtxBuilder.build()));
|
||||||
} finally {
|
} finally {
|
||||||
ssc.delete();
|
ssc.delete();
|
||||||
}
|
}
|
||||||
@ -1720,14 +1720,14 @@ public abstract class SSLEngineTest {
|
|||||||
@Test(timeout = 30000)
|
@Test(timeout = 30000)
|
||||||
public void testMutualAuthSameCertChain() throws Exception {
|
public void testMutualAuthSameCertChain() throws Exception {
|
||||||
serverSslCtx =
|
serverSslCtx =
|
||||||
SslContextBuilder.forServer(
|
wrapContext(SslContextBuilder.forServer(
|
||||||
new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8)),
|
new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8)),
|
||||||
new ByteArrayInputStream(PRIVATE_KEY_PEM.getBytes(CharsetUtil.UTF_8)))
|
new ByteArrayInputStream(PRIVATE_KEY_PEM.getBytes(CharsetUtil.UTF_8)))
|
||||||
.trustManager(new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8)))
|
.trustManager(new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8)))
|
||||||
.clientAuth(ClientAuth.REQUIRE).sslProvider(sslServerProvider())
|
.clientAuth(ClientAuth.REQUIRE).sslProvider(sslServerProvider())
|
||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers()).build();
|
.ciphers(ciphers()).build());
|
||||||
|
|
||||||
sb = new ServerBootstrap();
|
sb = new ServerBootstrap();
|
||||||
sb.group(new MultithreadEventLoopGroup(NioHandler.newFactory()),
|
sb.group(new MultithreadEventLoopGroup(NioHandler.newFactory()),
|
||||||
@ -1784,13 +1784,13 @@ public abstract class SSLEngineTest {
|
|||||||
}).bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
|
}).bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
|
||||||
|
|
||||||
clientSslCtx =
|
clientSslCtx =
|
||||||
SslContextBuilder.forClient().keyManager(
|
wrapContext(SslContextBuilder.forClient().keyManager(
|
||||||
new ByteArrayInputStream(CLIENT_X509_CERT_CHAIN_PEM.getBytes(CharsetUtil.UTF_8)),
|
new ByteArrayInputStream(CLIENT_X509_CERT_CHAIN_PEM.getBytes(CharsetUtil.UTF_8)),
|
||||||
new ByteArrayInputStream(CLIENT_PRIVATE_KEY_PEM.getBytes(CharsetUtil.UTF_8)))
|
new ByteArrayInputStream(CLIENT_PRIVATE_KEY_PEM.getBytes(CharsetUtil.UTF_8)))
|
||||||
.trustManager(new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8)))
|
.trustManager(new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8)))
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.sslContextProvider(clientSslContextProvider())
|
.sslContextProvider(clientSslContextProvider())
|
||||||
.protocols(protocols()).ciphers(ciphers()).build();
|
.protocols(protocols()).ciphers(ciphers()).build());
|
||||||
cb = new Bootstrap();
|
cb = new Bootstrap();
|
||||||
cb.group(new MultithreadEventLoopGroup(NioHandler.newFactory()));
|
cb.group(new MultithreadEventLoopGroup(NioHandler.newFactory()));
|
||||||
cb.channel(NioSocketChannel.class);
|
cb.channel(NioSocketChannel.class);
|
||||||
@ -1810,21 +1810,21 @@ public abstract class SSLEngineTest {
|
|||||||
public void testUnwrapBehavior() throws Exception {
|
public void testUnwrapBehavior() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
byte[] bytes = "Hello World".getBytes(CharsetUtil.US_ASCII);
|
byte[] bytes = "Hello World".getBytes(CharsetUtil.US_ASCII);
|
||||||
@ -1904,19 +1904,19 @@ public abstract class SSLEngineTest {
|
|||||||
private void testProtocol(String[] clientProtocols, String[] serverProtocols) throws Exception {
|
private void testProtocol(String[] clientProtocols, String[] serverProtocols) throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(clientProtocols)
|
.protocols(clientProtocols)
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(serverProtocols)
|
.protocols(serverProtocols)
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -1934,18 +1934,18 @@ public abstract class SSLEngineTest {
|
|||||||
// Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail
|
// Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail
|
||||||
// due to no shared/supported cipher.
|
// due to no shared/supported cipher.
|
||||||
final String sharedCipher = "TLS_RSA_WITH_AES_128_CBC_SHA";
|
final String sharedCipher = "TLS_RSA_WITH_AES_128_CBC_SHA";
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.ciphers(Collections.singletonList(sharedCipher))
|
.ciphers(Collections.singletonList(sharedCipher))
|
||||||
.protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
|
.protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.ciphers(Collections.singletonList(sharedCipher))
|
.ciphers(Collections.singletonList(sharedCipher))
|
||||||
.protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
|
.protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -1965,18 +1965,18 @@ public abstract class SSLEngineTest {
|
|||||||
// Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail
|
// Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail
|
||||||
// due to no shared/supported cipher.
|
// due to no shared/supported cipher.
|
||||||
final String sharedCipher = "TLS_RSA_WITH_AES_128_CBC_SHA";
|
final String sharedCipher = "TLS_RSA_WITH_AES_128_CBC_SHA";
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.ciphers(Collections.singletonList(sharedCipher), SupportedCipherSuiteFilter.INSTANCE)
|
.ciphers(Collections.singletonList(sharedCipher), SupportedCipherSuiteFilter.INSTANCE)
|
||||||
.protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
|
.protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.ciphers(Collections.singletonList(sharedCipher), SupportedCipherSuiteFilter.INSTANCE)
|
.ciphers(Collections.singletonList(sharedCipher), SupportedCipherSuiteFilter.INSTANCE)
|
||||||
.protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
|
.protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -1994,21 +1994,21 @@ public abstract class SSLEngineTest {
|
|||||||
public void testPacketBufferSizeLimit() throws Exception {
|
public void testPacketBufferSizeLimit() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -2038,12 +2038,12 @@ public abstract class SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testSSLEngineUnwrapNoSslRecord() throws Exception {
|
public void testSSLEngineUnwrapNoSslRecord() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -2068,12 +2068,12 @@ public abstract class SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testBeginHandshakeAfterEngineClosed() throws SSLException {
|
public void testBeginHandshakeAfterEngineClosed() throws SSLException {
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -2094,20 +2094,20 @@ public abstract class SSLEngineTest {
|
|||||||
public void testBeginHandshakeCloseOutbound() throws Exception {
|
public void testBeginHandshakeCloseOutbound() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -2145,20 +2145,20 @@ public abstract class SSLEngineTest {
|
|||||||
public void testCloseInboundAfterBeginHandshake() throws Exception {
|
public void testCloseInboundAfterBeginHandshake() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -2185,21 +2185,21 @@ public abstract class SSLEngineTest {
|
|||||||
public void testCloseNotifySequence() throws Exception {
|
public void testCloseNotifySequence() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
// This test only works for non TLSv1.3 for now
|
// This test only works for non TLSv1.3 for now
|
||||||
.protocols(PROTOCOL_TLS_V1_2)
|
.protocols(PROTOCOL_TLS_V1_2)
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
// This test only works for non TLSv1.3 for now
|
// This test only works for non TLSv1.3 for now
|
||||||
.protocols(PROTOCOL_TLS_V1_2)
|
.protocols(PROTOCOL_TLS_V1_2)
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -2339,21 +2339,21 @@ public abstract class SSLEngineTest {
|
|||||||
public void testWrapAfterCloseOutbound() throws Exception {
|
public void testWrapAfterCloseOutbound() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -2382,21 +2382,21 @@ public abstract class SSLEngineTest {
|
|||||||
public void testMultipleRecordsInOneBufferWithNonZeroPosition() throws Exception {
|
public void testMultipleRecordsInOneBufferWithNonZeroPosition() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -2461,21 +2461,21 @@ public abstract class SSLEngineTest {
|
|||||||
public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize() throws Exception {
|
public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -2529,21 +2529,21 @@ public abstract class SSLEngineTest {
|
|||||||
public void testBufferUnderFlow() throws Exception {
|
public void testBufferUnderFlow() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -2604,21 +2604,21 @@ public abstract class SSLEngineTest {
|
|||||||
public void testWrapDoesNotZeroOutSrc() throws Exception {
|
public void testWrapDoesNotZeroOutSrc() throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(cert.cert())
|
.trustManager(cert.cert())
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -2661,12 +2661,12 @@ public abstract class SSLEngineTest {
|
|||||||
private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception {
|
private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception {
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
|
|
||||||
SslContext ctx = SslContextBuilder
|
SslContext ctx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine server = wrapEngine(ctx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(ctx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -2697,7 +2697,7 @@ public abstract class SSLEngineTest {
|
|||||||
public void testUsingX509TrustManagerVerifiesHostname() throws Exception {
|
public void testUsingX509TrustManagerVerifiesHostname() throws Exception {
|
||||||
SslProvider clientProvider = sslClientProvider();
|
SslProvider clientProvider = sslClientProvider();
|
||||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||||
clientSslCtx = SslContextBuilder
|
clientSslCtx = wrapContext(SslContextBuilder
|
||||||
.forClient()
|
.forClient()
|
||||||
.trustManager(new TrustManagerFactory(new TrustManagerFactorySpi() {
|
.trustManager(new TrustManagerFactory(new TrustManagerFactorySpi() {
|
||||||
@Override
|
@Override
|
||||||
@ -2735,17 +2735,17 @@ public abstract class SSLEngineTest {
|
|||||||
}, null, TrustManagerFactory.getDefaultAlgorithm()) {
|
}, null, TrustManagerFactory.getDefaultAlgorithm()) {
|
||||||
})
|
})
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT, "netty.io", 1234));
|
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT, "netty.io", 1234));
|
||||||
SSLParameters sslParameters = client.getSSLParameters();
|
SSLParameters sslParameters = client.getSSLParameters();
|
||||||
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
|
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
|
||||||
client.setSSLParameters(sslParameters);
|
client.setSSLParameters(sslParameters);
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder
|
serverSslCtx = wrapContext(SslContextBuilder
|
||||||
.forServer(cert.certificate(), cert.privateKey())
|
.forServer(cert.certificate(), cert.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
try {
|
try {
|
||||||
@ -2768,8 +2768,9 @@ public abstract class SSLEngineTest {
|
|||||||
cipherList.add("InvalidCipher");
|
cipherList.add("InvalidCipher");
|
||||||
SSLEngine server = null;
|
SSLEngine server = null;
|
||||||
try {
|
try {
|
||||||
serverSslCtx = SslContextBuilder.forServer(cert.key(), cert.cert()).sslProvider(sslClientProvider())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(cert.key(), cert.cert())
|
||||||
.ciphers(cipherList).build();
|
.sslProvider(sslClientProvider())
|
||||||
|
.ciphers(cipherList).build());
|
||||||
server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
|
||||||
fail();
|
fail();
|
||||||
} catch (IllegalArgumentException expected) {
|
} catch (IllegalArgumentException expected) {
|
||||||
@ -2784,20 +2785,20 @@ public abstract class SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testGetCiphersuite() throws Exception {
|
public void testGetCiphersuite() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.sslContextProvider(clientSslContextProvider())
|
.sslContextProvider(clientSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -2819,20 +2820,20 @@ public abstract class SSLEngineTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testSessionBindingEvent() throws Exception {
|
public void testSessionBindingEvent() throws Exception {
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.sslContextProvider(clientSslContextProvider())
|
.sslContextProvider(clientSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -2931,13 +2932,13 @@ public abstract class SSLEngineTest {
|
|||||||
clientContextBuilder.keyManager(ssc.key(), ssc.cert());
|
clientContextBuilder.keyManager(ssc.key(), ssc.cert());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
clientSslCtx = clientContextBuilder
|
clientSslCtx = wrapContext(clientContextBuilder
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.sslContextProvider(clientSslContextProvider())
|
.sslContextProvider(clientSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
SslContextBuilder serverContextBuilder = kmf != null ?
|
SslContextBuilder serverContextBuilder = kmf != null ?
|
||||||
SslContextBuilder.forServer(kmf) :
|
SslContextBuilder.forServer(kmf) :
|
||||||
@ -2945,12 +2946,12 @@ public abstract class SSLEngineTest {
|
|||||||
if (mutualAuth) {
|
if (mutualAuth) {
|
||||||
serverContextBuilder.clientAuth(ClientAuth.REQUIRE);
|
serverContextBuilder.clientAuth(ClientAuth.REQUIRE);
|
||||||
}
|
}
|
||||||
serverSslCtx = serverContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
serverSslCtx = wrapContext(serverContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -3165,22 +3166,23 @@ public abstract class SSLEngineTest {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder.forClient().keyManager(new TestKeyManagerFactory(newKeyManagerFactory(ssc)))
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
|
.keyManager(new TestKeyManagerFactory(newKeyManagerFactory(ssc)))
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.sslContextProvider(clientSslContextProvider())
|
.sslContextProvider(clientSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
serverSslCtx = SslContextBuilder.forServer(new TestKeyManagerFactory(newKeyManagerFactory(ssc)))
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(new TestKeyManagerFactory(newKeyManagerFactory(ssc)))
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.clientAuth(ClientAuth.REQUIRE)
|
.clientAuth(ClientAuth.REQUIRE)
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -3201,7 +3203,7 @@ public abstract class SSLEngineTest {
|
|||||||
final TestTrustManagerFactory clientTmf = new TestTrustManagerFactory(ssc.cert());
|
final TestTrustManagerFactory clientTmf = new TestTrustManagerFactory(ssc.cert());
|
||||||
final TestTrustManagerFactory serverTmf = new TestTrustManagerFactory(ssc.cert());
|
final TestTrustManagerFactory serverTmf = new TestTrustManagerFactory(ssc.cert());
|
||||||
|
|
||||||
clientSslCtx = SslContextBuilder.forClient()
|
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
||||||
.trustManager(new SimpleTrustManagerFactory() {
|
.trustManager(new SimpleTrustManagerFactory() {
|
||||||
@Override
|
@Override
|
||||||
protected void engineInit(KeyStore keyStore) {
|
protected void engineInit(KeyStore keyStore) {
|
||||||
@ -3223,8 +3225,8 @@ public abstract class SSLEngineTest {
|
|||||||
.sslContextProvider(clientSslContextProvider())
|
.sslContextProvider(clientSslContextProvider())
|
||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.build();
|
.build());
|
||||||
serverSslCtx = SslContextBuilder.forServer(newKeyManagerFactory(ssc))
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(newKeyManagerFactory(ssc))
|
||||||
.trustManager(new SimpleTrustManagerFactory() {
|
.trustManager(new SimpleTrustManagerFactory() {
|
||||||
@Override
|
@Override
|
||||||
protected void engineInit(KeyStore keyStore) {
|
protected void engineInit(KeyStore keyStore) {
|
||||||
@ -3246,7 +3248,7 @@ public abstract class SSLEngineTest {
|
|||||||
.protocols(protocols())
|
.protocols(protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(ciphers())
|
||||||
.clientAuth(ClientAuth.REQUIRE)
|
.clientAuth(ClientAuth.REQUIRE)
|
||||||
.build();
|
.build());
|
||||||
SSLEngine clientEngine = null;
|
SSLEngine clientEngine = null;
|
||||||
SSLEngine serverEngine = null;
|
SSLEngine serverEngine = null;
|
||||||
try {
|
try {
|
||||||
@ -3281,10 +3283,10 @@ public abstract class SSLEngineTest {
|
|||||||
System.setProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY, Boolean.TRUE.toString());
|
System.setProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY, Boolean.TRUE.toString());
|
||||||
|
|
||||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||||
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
|
||||||
.sslProvider(sslServerProvider())
|
.sslProvider(sslServerProvider())
|
||||||
.sslContextProvider(serverSslContextProvider())
|
.sslContextProvider(serverSslContextProvider())
|
||||||
.build();
|
.build());
|
||||||
Socket socket = null;
|
Socket socket = null;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -3425,6 +3427,10 @@ public abstract class SSLEngineTest {
|
|||||||
return engine;
|
return engine;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected SslContext wrapContext(SslContext context) {
|
||||||
|
return context;
|
||||||
|
}
|
||||||
|
|
||||||
protected List<String> ciphers() {
|
protected List<String> ciphers() {
|
||||||
return Collections.singletonList(protocolCipherCombo.cipher);
|
return Collections.singletonList(protocolCipherCombo.cipher);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user