Correctly handle task offloading when using BoringSSL / OpenSSL (#9575)

Motivation:

We did not correctly handle taskoffloading when using BoringSSL / OpenSSL. This could lead to the situation that we did not write the SSL alert out for the remote peer before closing the connection.

Modifications:

- Correctly handle exceptions when we resume processing on the EventLoop after the task was offloadded
- Ensure we call SSL.doHandshake(...) to flush the alert out to the outboundbuffer when an handshake exception was detected
- Correctly signal back the need to call WRAP again when a handshake exception is pending. This will ensure we flush out the alert in all cases.

Result:

No more failures when task offloading is used.
This commit is contained in:
Norman Maurer 2019-09-19 08:17:16 +02:00
parent cda8ee95b3
commit 2ba99b4996
10 changed files with 343 additions and 221 deletions

View File

@ -532,6 +532,17 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
} }
} }
// Exposed for testing only
final void setUseTasks(boolean useTasks) {
Lock writerLock = ctxLock.writeLock();
writerLock.lock();
try {
SSLContext.setUseTasks(ctx, useTasks);
} finally {
writerLock.unlock();
}
}
// IMPORTANT: This method must only be called from either the constructor or the finalizer as a user MUST never // IMPORTANT: This method must only be called from either the constructor or the finalizer as a user MUST never
// get access to an OpenSslSessionContext after this method was called to prevent the user from // get access to an OpenSslSessionContext after this method was called to prevent the user from
// producing a segfault. // producing a segfault.

View File

@ -755,8 +755,15 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
// If there is a handshake exception and we have produced data, we should send the data before // If there is a handshake exception and we have produced data, we should send the data before
// we allow handshake() to throw the handshake exception. // we allow handshake() to throw the handshake exception.
// //
// unwrap(...) will then ensure we propagate the handshake error back to the user. // When the user calls wrap() again we will propagate the handshake error back to the user as
return newResult(NEED_UNWRAP, 0, bytesProduced); // soon as there is no more data to was produced (as part of an alert etc).
if (bytesProduced > 0) {
return newResult(NEED_WRAP, 0, bytesProduced);
}
// Nothing was produced see if there is a handshakeException that needs to be propagated
// to the caller by calling handshakeException() which will return the right HandshakeStatus
// if it can "recover" from the exception for now.
return newResult(handshakeException(), 0, 0);
} }
status = handshake(); status = handshake();
@ -1744,6 +1751,12 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
checkEngineClosed(); checkEngineClosed();
if (handshakeException != null) { if (handshakeException != null) {
// Let's call SSL.doHandshake(...) again in case there is some async operation pending that would fill the
// outbound buffer.
if (SSL.doHandshake(ssl) <= 0) {
// Clear any error that was put on the stack by the handshake
SSL.clearError();
}
return handshakeException(); return handshakeException();
} }

View File

@ -1633,7 +1633,12 @@ public class SslHandler extends ByteToMessageDecoder {
// We need more data so lets try to unwrap first and then call decode again which will feed us // We need more data so lets try to unwrap first and then call decode again which will feed us
// with buffered data (if there is any). // with buffered data (if there is any).
case NEED_UNWRAP: case NEED_UNWRAP:
unwrapNonAppData(ctx); try {
unwrapNonAppData(ctx);
} catch (SSLException e) {
handleUnwrapThrowable(ctx, e);
return;
}
tryDecodeAgain(); tryDecodeAgain();
break; break;

View File

@ -34,18 +34,25 @@ import static org.junit.Assume.assumeTrue;
@RunWith(Parameterized.class) @RunWith(Parameterized.class)
public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest { public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
public static Collection<Object[]> data() { public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<Object[]>(); List<Object[]> params = new ArrayList<Object[]>();
for (BufferType type: BufferType.values()) { for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
} }
return params; return params;
} }
public ConscryptOpenSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) { private final boolean useTasks;
public ConscryptOpenSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo,
boolean delegate, boolean useTasks) {
super(type, combo, delegate); super(type, combo, delegate);
this.useTasks = useTasks;
} }
@BeforeClass @BeforeClass
@ -140,4 +147,12 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
protected SSLEngine wrapEngine(SSLEngine engine) { protected SSLEngine wrapEngine(SSLEngine engine) {
return Java8SslTestUtils.wrapSSLEngineForTesting(engine); return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
} }
@Override
protected SslContext wrapContext(SslContext context) {
if (context instanceof OpenSslContext) {
((OpenSslContext) context).setUseTasks(useTasks);
}
return context;
}
} }

View File

@ -33,23 +33,33 @@ import static org.junit.Assume.assumeTrue;
@RunWith(Parameterized.class) @RunWith(Parameterized.class)
public class JdkOpenSslEngineInteroptTest extends SSLEngineTest { public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
public static Collection<Object[]> data() { public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<>(); List<Object[]> params = new ArrayList<>();
for (BufferType type: BufferType.values()) { for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
if (PlatformDependent.javaVersion() >= 11 && OpenSsl.isTlsv13Supported()) { if (PlatformDependent.javaVersion() >= 11 && OpenSsl.isTlsv13Supported()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true });
} }
} }
return params; return params;
} }
public JdkOpenSslEngineInteroptTest(BufferType type, ProtocolCipherCombo protocolCipherCombo, boolean delegate) { private final boolean useTasks;
public JdkOpenSslEngineInteroptTest(BufferType type, ProtocolCipherCombo protocolCipherCombo,
boolean delegate, boolean useTasks) {
super(type, protocolCipherCombo, delegate); super(type, protocolCipherCombo, delegate);
this.useTasks = useTasks;
} }
@BeforeClass @BeforeClass
@ -145,4 +155,12 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
protected SSLEngine wrapEngine(SSLEngine engine) { protected SSLEngine wrapEngine(SSLEngine engine) {
return Java8SslTestUtils.wrapSSLEngineForTesting(engine); return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
} }
@Override
protected SslContext wrapContext(SslContext context) {
if (context instanceof OpenSslContext) {
((OpenSslContext) context).setUseTasks(useTasks);
}
return context;
}
} }

View File

@ -33,18 +33,25 @@ import static org.junit.Assume.assumeTrue;
@RunWith(Parameterized.class) @RunWith(Parameterized.class)
public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest { public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
public static Collection<Object[]> data() { public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<Object[]>(); List<Object[]> params = new ArrayList<Object[]>();
for (BufferType type: BufferType.values()) { for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
} }
return params; return params;
} }
public OpenSslConscryptSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) { private final boolean useTasks;
public OpenSslConscryptSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo,
boolean delegate, boolean useTasks) {
super(type, combo, delegate); super(type, combo, delegate);
this.useTasks = useTasks;
} }
@BeforeClass @BeforeClass
@ -132,4 +139,12 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
protected SSLEngine wrapEngine(SSLEngine engine) { protected SSLEngine wrapEngine(SSLEngine engine) {
return Java8SslTestUtils.wrapSSLEngineForTesting(engine); return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
} }
@Override
protected SslContext wrapContext(SslContext context) {
if (context instanceof OpenSslContext) {
((OpenSslContext) context).setUseTasks(useTasks);
}
return context;
}
} }

View File

@ -67,29 +67,37 @@ import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.junit.Assume.assumeTrue; import static org.junit.Assume.assumeTrue;
@RunWith(Parameterized.class) @RunWith(Parameterized.class)
public class OpenSslEngineTest extends SSLEngineTest { public class OpenSslEngineTest extends SSLEngineTest {
private static final String PREFERRED_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http2"; private static final String PREFERRED_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http2";
private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1"; private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
public static Collection<Object[]> data() { public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<>(); List<Object[]> params = new ArrayList<>();
for (BufferType type: BufferType.values()) { for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
if (OpenSsl.isTlsv13Supported()) { if (OpenSsl.isTlsv13Supported()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true });
} }
} }
return params; return params;
} }
public OpenSslEngineTest(BufferType type, ProtocolCipherCombo cipherCombo, boolean delegate) { protected final boolean useTasks;
public OpenSslEngineTest(BufferType type, ProtocolCipherCombo cipherCombo, boolean delegate, boolean useTasks) {
super(type, cipherCombo, delegate); super(type, cipherCombo, delegate);
this.useTasks = useTasks;
} }
@BeforeClass @BeforeClass
@ -230,18 +238,18 @@ public class OpenSslEngineTest extends SSLEngineTest {
} }
@Test @Test
public void testWrapBuffersNoWritePendingError() throws Exception { public void testWrapBuffersNoWritePendingError() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -268,18 +276,18 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testOnlySmallBufferNeededForWrap() throws Exception { public void testOnlySmallBufferNeededForWrap() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -323,18 +331,18 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testNeededDstCapacityIsCorrectlyCalculated() throws Exception { public void testNeededDstCapacityIsCorrectlyCalculated() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -363,18 +371,18 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testSrcsLenOverFlowCorrectlyHandled() throws Exception { public void testSrcsLenOverFlowCorrectlyHandled() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -414,12 +422,12 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testCalculateOutNetBufSizeOverflow() throws SSLException { public void testCalculateOutNetBufSizeOverflow() throws SSLException {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
try { try {
clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
@ -432,12 +440,12 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testCalculateOutNetBufSize0() throws SSLException { public void testCalculateOutNetBufSize0() throws SSLException {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
try { try {
clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
@ -459,18 +467,18 @@ public class OpenSslEngineTest extends SSLEngineTest {
private void testCorrectlyCalculateSpaceForAlert(boolean jdkCompatabilityMode) throws Exception { private void testCorrectlyCalculateSpaceForAlert(boolean jdkCompatabilityMode) throws Exception {
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -521,14 +529,14 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testWrapWithDifferentSizesTLSv1() throws Exception { public void testWrapWithDifferentSizesTLSv1() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.build(); .build());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.build(); .build());
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES128-SHA"); testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES128-SHA"); testWrapWithDifferentSizes(PROTOCOL_TLS_V1, "ECDHE-RSA-AES128-SHA");
@ -552,14 +560,14 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testWrapWithDifferentSizesTLSv1_1() throws Exception { public void testWrapWithDifferentSizesTLSv1_1() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.build(); .build());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.build(); .build());
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA"); testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "ECDHE-RSA-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AES256-SHA"); testWrapWithDifferentSizes(PROTOCOL_TLS_V1_1, "AES256-SHA");
@ -580,14 +588,14 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testWrapWithDifferentSizesTLSv1_2() throws Exception { public void testWrapWithDifferentSizesTLSv1_2() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.build(); .build());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.build(); .build());
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA"); testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA"); testWrapWithDifferentSizes(PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA");
@ -618,14 +626,14 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testWrapWithDifferentSizesSSLv3() throws Exception { public void testWrapWithDifferentSizesSSLv3() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.build(); .build());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.build(); .build());
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA"); testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA"); testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
@ -658,21 +666,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
public void testMultipleRecordsInOneBufferWithNonZeroPositionJDKCompatabilityModeOff() throws Exception { public void testMultipleRecordsInOneBufferWithNonZeroPositionJDKCompatabilityModeOff() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
try { try {
@ -739,21 +747,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
public void testInputTooBigAndFillsUpBuffersJDKCompatabilityModeOff() throws Exception { public void testInputTooBigAndFillsUpBuffersJDKCompatabilityModeOff() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
try { try {
@ -827,21 +835,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
public void testPartialPacketUnwrapJDKCompatabilityModeOff() throws Exception { public void testPartialPacketUnwrapJDKCompatabilityModeOff() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
try { try {
@ -906,21 +914,21 @@ public class OpenSslEngineTest extends SSLEngineTest {
public void testBufferUnderFlowAvoidedIfJDKCompatabilityModeOff() throws Exception { public void testBufferUnderFlowAvoidedIfJDKCompatabilityModeOff() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
try { try {
@ -1045,11 +1053,11 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testSNIMatchersDoesNotThrow() throws Exception { public void testSNIMatchersDoesNotThrow() throws Exception {
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -1066,11 +1074,11 @@ public class OpenSslEngineTest extends SSLEngineTest {
public void testSNIMatchersWithSNINameWithUnderscore() throws Exception { public void testSNIMatchersWithSNINameWithUnderscore() throws Exception {
byte[] name = "rb8hx3pww30y3tvw0mwy.v1_1".getBytes(CharsetUtil.UTF_8); byte[] name = "rb8hx3pww30y3tvw0mwy.v1_1".getBytes(CharsetUtil.UTF_8);
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -1088,11 +1096,11 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test(expected = IllegalArgumentException.class) @Test(expected = IllegalArgumentException.class)
public void testAlgorithmConstraintsThrows() throws Exception { public void testAlgorithmConstraintsThrows() throws Exception {
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -1125,15 +1133,15 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test @Test
public void testExtractMasterkeyWorksCorrectly() throws Exception { public void testExtractMasterkeyWorksCorrectly() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(cert.key(), cert.cert()) serverSslCtx = wrapContext(SslContextBuilder.forServer(cert.key(), cert.cert())
.sslProvider(SslProvider.OPENSSL).build(); .sslProvider(SslProvider.OPENSSL).build());
final SSLEngine serverEngine = final SSLEngine serverEngine =
serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(cert.certificate()) .trustManager(cert.certificate())
.sslProvider(SslProvider.OPENSSL).build(); .sslProvider(SslProvider.OPENSSL).build());
final SSLEngine clientEngine = final SSLEngine clientEngine =
clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
//lets set the cipher suite to a specific one with DHE //lets set the cipher suite to a specific one with DHE
@ -1303,4 +1311,10 @@ public class OpenSslEngineTest extends SSLEngineTest {
} }
return (ReferenceCountedOpenSslEngine) engine; return (ReferenceCountedOpenSslEngine) engine;
} }
@Override
protected SslContext wrapContext(SslContext context) {
((OpenSslContext) context).setUseTasks(useTasks);
return context;
}
} }

View File

@ -35,23 +35,33 @@ import static org.junit.Assume.assumeTrue;
@RunWith(Parameterized.class) @RunWith(Parameterized.class)
public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest { public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
public static Collection<Object[]> data() { public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<>(); List<Object[]> params = new ArrayList<>();
for (BufferType type: BufferType.values()) { for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false});
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
if (PlatformDependent.javaVersion() >= 11 && OpenSsl.isTlsv13Supported()) { if (PlatformDependent.javaVersion() >= 11 && OpenSsl.isTlsv13Supported()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true }); params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true });
} }
} }
return params; return params;
} }
public OpenSslJdkSslEngineInteroptTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) { private final boolean useTasks;
public OpenSslJdkSslEngineInteroptTest(BufferType type, ProtocolCipherCombo combo,
boolean delegate, boolean useTasks) {
super(type, combo, delegate); super(type, combo, delegate);
this.useTasks = useTasks;
} }
@BeforeClass @BeforeClass
@ -130,4 +140,12 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
protected SSLEngine wrapEngine(SSLEngine engine) { protected SSLEngine wrapEngine(SSLEngine engine) {
return Java8SslTestUtils.wrapSSLEngineForTesting(engine); return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
} }
@Override
protected SslContext wrapContext(SslContext context) {
if (context instanceof OpenSslContext) {
((OpenSslContext) context).setUseTasks(useTasks);
}
return context;
}
} }

View File

@ -23,8 +23,9 @@ import javax.net.ssl.SSLEngine;
public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest { public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
public ReferenceCountedOpenSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) { public ReferenceCountedOpenSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate,
super(type, combo, delegate); boolean useTasks) {
super(type, combo, delegate, useTasks);
} }
@Override @Override
@ -59,13 +60,19 @@ public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
@Test(expected = NullPointerException.class) @Test(expected = NullPointerException.class)
public void testNotLeakOnException() throws Exception { public void testNotLeakOnException() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
clientSslCtx.newEngine(null); clientSslCtx.newEngine(null);
} }
@Override
protected SslContext wrapContext(SslContext context) {
((ReferenceCountedOpenSslContext) context).setUseTasks(useTasks);
return context;
}
} }

View File

@ -708,7 +708,7 @@ public abstract class SSLEngineTest {
final boolean serverInitEngine) final boolean serverInitEngine)
throws SSLException, InterruptedException { throws SSLException, InterruptedException {
serverSslCtx = serverSslCtx =
SslContextBuilder.forServer(serverKMF) wrapContext(SslContextBuilder.forServer(serverKMF)
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
@ -717,10 +717,10 @@ public abstract class SSLEngineTest {
.clientAuth(clientAuth) .clientAuth(clientAuth)
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
.sessionCacheSize(0) .sessionCacheSize(0)
.sessionTimeout(0).build(); .sessionTimeout(0).build());
clientSslCtx = clientSslCtx =
SslContextBuilder.forClient() wrapContext(SslContextBuilder.forClient()
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
@ -729,7 +729,7 @@ public abstract class SSLEngineTest {
.keyManager(clientKMF) .keyManager(clientKMF)
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
.sessionCacheSize(0) .sessionCacheSize(0)
.sessionTimeout(0).build(); .sessionTimeout(0).build());
serverConnectedChannel = null; serverConnectedChannel = null;
sb = new ServerBootstrap(); sb = new ServerBootstrap();
@ -861,7 +861,7 @@ public abstract class SSLEngineTest {
final boolean failureExpected) final boolean failureExpected)
throws SSLException, InterruptedException { throws SSLException, InterruptedException {
final String expectedHost = "localhost"; final String expectedHost = "localhost";
serverSslCtx = SslContextBuilder.forServer(serverCrtFile, serverKeyFile, null) serverSslCtx = wrapContext(SslContextBuilder.forServer(serverCrtFile, serverKeyFile, null)
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
@ -870,9 +870,9 @@ public abstract class SSLEngineTest {
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
.sessionCacheSize(0) .sessionCacheSize(0)
.sessionTimeout(0) .sessionTimeout(0)
.build(); .build());
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
@ -881,7 +881,7 @@ public abstract class SSLEngineTest {
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
.sessionCacheSize(0) .sessionCacheSize(0)
.sessionTimeout(0) .sessionTimeout(0)
.build(); .build());
serverConnectedChannel = null; serverConnectedChannel = null;
sb = new ServerBootstrap(); sb = new ServerBootstrap();
@ -1032,7 +1032,7 @@ public abstract class SSLEngineTest {
File clientTrustCrtFile, File clientKeyFile, final File clientCrtFile, String clientKeyPassword) File clientTrustCrtFile, File clientKeyFile, final File clientCrtFile, String clientKeyPassword)
throws InterruptedException, SSLException { throws InterruptedException, SSLException {
serverSslCtx = serverSslCtx =
SslContextBuilder.forServer(serverCrtFile, serverKeyFile, serverKeyPassword) wrapContext(SslContextBuilder.forServer(serverCrtFile, serverKeyFile, serverKeyPassword)
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.protocols(protocols()) .protocols(protocols())
@ -1040,9 +1040,9 @@ public abstract class SSLEngineTest {
.trustManager(servertTrustCrtFile) .trustManager(servertTrustCrtFile)
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
.sessionCacheSize(0) .sessionCacheSize(0)
.sessionTimeout(0).build(); .sessionTimeout(0).build());
clientSslCtx = clientSslCtx =
SslContextBuilder.forClient() wrapContext(SslContextBuilder.forClient()
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.sslContextProvider(clientSslContextProvider()) .sslContextProvider(clientSslContextProvider())
.protocols(protocols()) .protocols(protocols())
@ -1051,7 +1051,7 @@ public abstract class SSLEngineTest {
.keyManager(clientCrtFile, clientKeyFile, clientKeyPassword) .keyManager(clientCrtFile, clientKeyFile, clientKeyPassword)
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
.sessionCacheSize(0) .sessionCacheSize(0)
.sessionTimeout(0).build(); .sessionTimeout(0).build());
serverConnectedChannel = null; serverConnectedChannel = null;
sb = new ServerBootstrap(); sb = new ServerBootstrap();
@ -1200,9 +1200,9 @@ public abstract class SSLEngineTest {
@Test @Test
public void testGetCreationTime() throws Exception { public void testGetCreationTime() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.sslContextProvider(clientSslContextProvider()).build(); .sslContextProvider(clientSslContextProvider()).build());
SSLEngine engine = null; SSLEngine engine = null;
try { try {
engine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); engine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
@ -1214,20 +1214,20 @@ public abstract class SSLEngineTest {
@Test @Test
public void testSessionInvalidate() throws Exception { public void testSessionInvalidate() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.sslContextProvider(clientSslContextProvider()) .sslContextProvider(clientSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -1248,20 +1248,20 @@ public abstract class SSLEngineTest {
@Test @Test
public void testSSLSessionId() throws Exception { public void testSSLSessionId() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
// This test only works for non TLSv1.3 for now // This test only works for non TLSv1.3 for now
.protocols(PROTOCOL_TLS_V1_2) .protocols(PROTOCOL_TLS_V1_2)
.sslContextProvider(clientSslContextProvider()) .sslContextProvider(clientSslContextProvider())
.build(); .build());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
// This test only works for non TLSv1.3 for now // This test only works for non TLSv1.3 for now
.protocols(PROTOCOL_TLS_V1_2) .protocols(PROTOCOL_TLS_V1_2)
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -1290,12 +1290,12 @@ public abstract class SSLEngineTest {
throws CertificateException, SSLException, InterruptedException, ExecutionException { throws CertificateException, SSLException, InterruptedException, ExecutionException {
Assume.assumeTrue(PlatformDependent.javaVersion() >= 11); Assume.assumeTrue(PlatformDependent.javaVersion() >= 11);
final SelfSignedCertificate ssc = new SelfSignedCertificate(); final SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
sb = new ServerBootstrap() sb = new ServerBootstrap()
.group(new MultithreadEventLoopGroup(1, NioHandler.newFactory())) .group(new MultithreadEventLoopGroup(1, NioHandler.newFactory()))
.channel(NioServerSocketChannel.class) .channel(NioServerSocketChannel.class)
@ -1346,13 +1346,13 @@ public abstract class SSLEngineTest {
serverChannel = sb.bind(new InetSocketAddress(0)).syncUninterruptibly().channel(); serverChannel = sb.bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
// OpenSslEngine doesn't support renegotiation on client side // OpenSslEngine doesn't support renegotiation on client side
.sslProvider(SslProvider.JDK) .sslProvider(SslProvider.JDK)
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
cb = new Bootstrap(); cb = new Bootstrap();
cb.group(new MultithreadEventLoopGroup(1, NioHandler.newFactory())) cb.group(new MultithreadEventLoopGroup(1, NioHandler.newFactory()))
@ -1415,12 +1415,12 @@ public abstract class SSLEngineTest {
try { try {
File serverKeyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem"); File serverKeyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem");
File serverCrtFile = ResourcesUtil.getFile(getClass(), "test.crt"); File serverCrtFile = ResourcesUtil.getFile(getClass(), "test.crt");
serverSslCtx = SslContextBuilder.forServer(serverCrtFile, serverKeyFile) serverSslCtx = wrapContext(SslContextBuilder.forServer(serverCrtFile, serverKeyFile)
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
sslEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); sslEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
@ -1629,7 +1629,7 @@ public abstract class SSLEngineTest {
clientCtxBuilder.protocols(PROTOCOL_TLS_V1_2); clientCtxBuilder.protocols(PROTOCOL_TLS_V1_2);
} }
setupHandlers(serverCtxBuilder.build(), clientCtxBuilder.build()); setupHandlers(wrapContext(serverCtxBuilder.build()), wrapContext(clientCtxBuilder.build()));
} finally { } finally {
ssc.delete(); ssc.delete();
} }
@ -1720,14 +1720,14 @@ public abstract class SSLEngineTest {
@Test(timeout = 30000) @Test(timeout = 30000)
public void testMutualAuthSameCertChain() throws Exception { public void testMutualAuthSameCertChain() throws Exception {
serverSslCtx = serverSslCtx =
SslContextBuilder.forServer( wrapContext(SslContextBuilder.forServer(
new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8)), new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8)),
new ByteArrayInputStream(PRIVATE_KEY_PEM.getBytes(CharsetUtil.UTF_8))) new ByteArrayInputStream(PRIVATE_KEY_PEM.getBytes(CharsetUtil.UTF_8)))
.trustManager(new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8))) .trustManager(new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8)))
.clientAuth(ClientAuth.REQUIRE).sslProvider(sslServerProvider()) .clientAuth(ClientAuth.REQUIRE).sslProvider(sslServerProvider())
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()).build(); .ciphers(ciphers()).build());
sb = new ServerBootstrap(); sb = new ServerBootstrap();
sb.group(new MultithreadEventLoopGroup(NioHandler.newFactory()), sb.group(new MultithreadEventLoopGroup(NioHandler.newFactory()),
@ -1784,13 +1784,13 @@ public abstract class SSLEngineTest {
}).bind(new InetSocketAddress(0)).syncUninterruptibly().channel(); }).bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
clientSslCtx = clientSslCtx =
SslContextBuilder.forClient().keyManager( wrapContext(SslContextBuilder.forClient().keyManager(
new ByteArrayInputStream(CLIENT_X509_CERT_CHAIN_PEM.getBytes(CharsetUtil.UTF_8)), new ByteArrayInputStream(CLIENT_X509_CERT_CHAIN_PEM.getBytes(CharsetUtil.UTF_8)),
new ByteArrayInputStream(CLIENT_PRIVATE_KEY_PEM.getBytes(CharsetUtil.UTF_8))) new ByteArrayInputStream(CLIENT_PRIVATE_KEY_PEM.getBytes(CharsetUtil.UTF_8)))
.trustManager(new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8))) .trustManager(new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8)))
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.sslContextProvider(clientSslContextProvider()) .sslContextProvider(clientSslContextProvider())
.protocols(protocols()).ciphers(ciphers()).build(); .protocols(protocols()).ciphers(ciphers()).build());
cb = new Bootstrap(); cb = new Bootstrap();
cb.group(new MultithreadEventLoopGroup(NioHandler.newFactory())); cb.group(new MultithreadEventLoopGroup(NioHandler.newFactory()));
cb.channel(NioSocketChannel.class); cb.channel(NioSocketChannel.class);
@ -1810,21 +1810,21 @@ public abstract class SSLEngineTest {
public void testUnwrapBehavior() throws Exception { public void testUnwrapBehavior() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
byte[] bytes = "Hello World".getBytes(CharsetUtil.US_ASCII); byte[] bytes = "Hello World".getBytes(CharsetUtil.US_ASCII);
@ -1904,19 +1904,19 @@ public abstract class SSLEngineTest {
private void testProtocol(String[] clientProtocols, String[] serverProtocols) throws Exception { private void testProtocol(String[] clientProtocols, String[] serverProtocols) throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(clientProtocols) .protocols(clientProtocols)
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(serverProtocols) .protocols(serverProtocols)
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -1934,18 +1934,18 @@ public abstract class SSLEngineTest {
// Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail // Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail
// due to no shared/supported cipher. // due to no shared/supported cipher.
final String sharedCipher = "TLS_RSA_WITH_AES_128_CBC_SHA"; final String sharedCipher = "TLS_RSA_WITH_AES_128_CBC_SHA";
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.ciphers(Collections.singletonList(sharedCipher)) .ciphers(Collections.singletonList(sharedCipher))
.protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1) .protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.build(); .build());
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.ciphers(Collections.singletonList(sharedCipher)) .ciphers(Collections.singletonList(sharedCipher))
.protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1) .protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -1965,18 +1965,18 @@ public abstract class SSLEngineTest {
// Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail // Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail
// due to no shared/supported cipher. // due to no shared/supported cipher.
final String sharedCipher = "TLS_RSA_WITH_AES_128_CBC_SHA"; final String sharedCipher = "TLS_RSA_WITH_AES_128_CBC_SHA";
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.ciphers(Collections.singletonList(sharedCipher), SupportedCipherSuiteFilter.INSTANCE) .ciphers(Collections.singletonList(sharedCipher), SupportedCipherSuiteFilter.INSTANCE)
.protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1) .protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.build(); .build());
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.ciphers(Collections.singletonList(sharedCipher), SupportedCipherSuiteFilter.INSTANCE) .ciphers(Collections.singletonList(sharedCipher), SupportedCipherSuiteFilter.INSTANCE)
.protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1) .protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1)
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -1994,21 +1994,21 @@ public abstract class SSLEngineTest {
public void testPacketBufferSizeLimit() throws Exception { public void testPacketBufferSizeLimit() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2038,12 +2038,12 @@ public abstract class SSLEngineTest {
@Test @Test
public void testSSLEngineUnwrapNoSslRecord() throws Exception { public void testSSLEngineUnwrapNoSslRecord() throws Exception {
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2068,12 +2068,12 @@ public abstract class SSLEngineTest {
@Test @Test
public void testBeginHandshakeAfterEngineClosed() throws SSLException { public void testBeginHandshakeAfterEngineClosed() throws SSLException {
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2094,20 +2094,20 @@ public abstract class SSLEngineTest {
public void testBeginHandshakeCloseOutbound() throws Exception { public void testBeginHandshakeCloseOutbound() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2145,20 +2145,20 @@ public abstract class SSLEngineTest {
public void testCloseInboundAfterBeginHandshake() throws Exception { public void testCloseInboundAfterBeginHandshake() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2185,21 +2185,21 @@ public abstract class SSLEngineTest {
public void testCloseNotifySequence() throws Exception { public void testCloseNotifySequence() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
// This test only works for non TLSv1.3 for now // This test only works for non TLSv1.3 for now
.protocols(PROTOCOL_TLS_V1_2) .protocols(PROTOCOL_TLS_V1_2)
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
// This test only works for non TLSv1.3 for now // This test only works for non TLSv1.3 for now
.protocols(PROTOCOL_TLS_V1_2) .protocols(PROTOCOL_TLS_V1_2)
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2339,21 +2339,21 @@ public abstract class SSLEngineTest {
public void testWrapAfterCloseOutbound() throws Exception { public void testWrapAfterCloseOutbound() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2382,21 +2382,21 @@ public abstract class SSLEngineTest {
public void testMultipleRecordsInOneBufferWithNonZeroPosition() throws Exception { public void testMultipleRecordsInOneBufferWithNonZeroPosition() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2461,21 +2461,21 @@ public abstract class SSLEngineTest {
public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize() throws Exception { public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2529,21 +2529,21 @@ public abstract class SSLEngineTest {
public void testBufferUnderFlow() throws Exception { public void testBufferUnderFlow() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2604,21 +2604,21 @@ public abstract class SSLEngineTest {
public void testWrapDoesNotZeroOutSrc() throws Exception { public void testWrapDoesNotZeroOutSrc() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(cert.cert()) .trustManager(cert.cert())
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2661,12 +2661,12 @@ public abstract class SSLEngineTest {
private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception { private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
SslContext ctx = SslContextBuilder SslContext ctx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine server = wrapEngine(ctx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(ctx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2697,7 +2697,7 @@ public abstract class SSLEngineTest {
public void testUsingX509TrustManagerVerifiesHostname() throws Exception { public void testUsingX509TrustManagerVerifiesHostname() throws Exception {
SslProvider clientProvider = sslClientProvider(); SslProvider clientProvider = sslClientProvider();
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(new TrustManagerFactory(new TrustManagerFactorySpi() { .trustManager(new TrustManagerFactory(new TrustManagerFactorySpi() {
@Override @Override
@ -2735,17 +2735,17 @@ public abstract class SSLEngineTest {
}, null, TrustManagerFactory.getDefaultAlgorithm()) { }, null, TrustManagerFactory.getDefaultAlgorithm()) {
}) })
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.build(); .build());
SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT, "netty.io", 1234)); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT, "netty.io", 1234));
SSLParameters sslParameters = client.getSSLParameters(); SSLParameters sslParameters = client.getSSLParameters();
sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
client.setSSLParameters(sslParameters); client.setSSLParameters(sslParameters);
serverSslCtx = SslContextBuilder serverSslCtx = wrapContext(SslContextBuilder
.forServer(cert.certificate(), cert.privateKey()) .forServer(cert.certificate(), cert.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.build(); .build());
SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
try { try {
@ -2768,8 +2768,9 @@ public abstract class SSLEngineTest {
cipherList.add("InvalidCipher"); cipherList.add("InvalidCipher");
SSLEngine server = null; SSLEngine server = null;
try { try {
serverSslCtx = SslContextBuilder.forServer(cert.key(), cert.cert()).sslProvider(sslClientProvider()) serverSslCtx = wrapContext(SslContextBuilder.forServer(cert.key(), cert.cert())
.ciphers(cipherList).build(); .sslProvider(sslClientProvider())
.ciphers(cipherList).build());
server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
fail(); fail();
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
@ -2784,20 +2785,20 @@ public abstract class SSLEngineTest {
@Test @Test
public void testGetCiphersuite() throws Exception { public void testGetCiphersuite() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.sslContextProvider(clientSslContextProvider()) .sslContextProvider(clientSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -2819,20 +2820,20 @@ public abstract class SSLEngineTest {
@Test @Test
public void testSessionBindingEvent() throws Exception { public void testSessionBindingEvent() throws Exception {
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.sslContextProvider(clientSslContextProvider()) .sslContextProvider(clientSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -2931,13 +2932,13 @@ public abstract class SSLEngineTest {
clientContextBuilder.keyManager(ssc.key(), ssc.cert()); clientContextBuilder.keyManager(ssc.key(), ssc.cert());
} }
} }
clientSslCtx = clientContextBuilder clientSslCtx = wrapContext(clientContextBuilder
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.sslContextProvider(clientSslContextProvider()) .sslContextProvider(clientSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SslContextBuilder serverContextBuilder = kmf != null ? SslContextBuilder serverContextBuilder = kmf != null ?
SslContextBuilder.forServer(kmf) : SslContextBuilder.forServer(kmf) :
@ -2945,12 +2946,12 @@ public abstract class SSLEngineTest {
if (mutualAuth) { if (mutualAuth) {
serverContextBuilder.clientAuth(ClientAuth.REQUIRE); serverContextBuilder.clientAuth(ClientAuth.REQUIRE);
} }
serverSslCtx = serverContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE) serverSslCtx = wrapContext(serverContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -3165,22 +3166,23 @@ public abstract class SSLEngineTest {
} }
} }
clientSslCtx = SslContextBuilder.forClient().keyManager(new TestKeyManagerFactory(newKeyManagerFactory(ssc))) clientSslCtx = wrapContext(SslContextBuilder.forClient()
.keyManager(new TestKeyManagerFactory(newKeyManagerFactory(ssc)))
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider()) .sslProvider(sslClientProvider())
.sslContextProvider(clientSslContextProvider()) .sslContextProvider(clientSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
serverSslCtx = SslContextBuilder.forServer(new TestKeyManagerFactory(newKeyManagerFactory(ssc))) serverSslCtx = wrapContext(SslContextBuilder.forServer(new TestKeyManagerFactory(newKeyManagerFactory(ssc)))
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.clientAuth(ClientAuth.REQUIRE) .clientAuth(ClientAuth.REQUIRE)
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -3201,7 +3203,7 @@ public abstract class SSLEngineTest {
final TestTrustManagerFactory clientTmf = new TestTrustManagerFactory(ssc.cert()); final TestTrustManagerFactory clientTmf = new TestTrustManagerFactory(ssc.cert());
final TestTrustManagerFactory serverTmf = new TestTrustManagerFactory(ssc.cert()); final TestTrustManagerFactory serverTmf = new TestTrustManagerFactory(ssc.cert());
clientSslCtx = SslContextBuilder.forClient() clientSslCtx = wrapContext(SslContextBuilder.forClient()
.trustManager(new SimpleTrustManagerFactory() { .trustManager(new SimpleTrustManagerFactory() {
@Override @Override
protected void engineInit(KeyStore keyStore) { protected void engineInit(KeyStore keyStore) {
@ -3223,8 +3225,8 @@ public abstract class SSLEngineTest {
.sslContextProvider(clientSslContextProvider()) .sslContextProvider(clientSslContextProvider())
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.build(); .build());
serverSslCtx = SslContextBuilder.forServer(newKeyManagerFactory(ssc)) serverSslCtx = wrapContext(SslContextBuilder.forServer(newKeyManagerFactory(ssc))
.trustManager(new SimpleTrustManagerFactory() { .trustManager(new SimpleTrustManagerFactory() {
@Override @Override
protected void engineInit(KeyStore keyStore) { protected void engineInit(KeyStore keyStore) {
@ -3246,7 +3248,7 @@ public abstract class SSLEngineTest {
.protocols(protocols()) .protocols(protocols())
.ciphers(ciphers()) .ciphers(ciphers())
.clientAuth(ClientAuth.REQUIRE) .clientAuth(ClientAuth.REQUIRE)
.build(); .build());
SSLEngine clientEngine = null; SSLEngine clientEngine = null;
SSLEngine serverEngine = null; SSLEngine serverEngine = null;
try { try {
@ -3281,10 +3283,10 @@ public abstract class SSLEngineTest {
System.setProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY, Boolean.TRUE.toString()); System.setProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY, Boolean.TRUE.toString());
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslServerProvider()) .sslProvider(sslServerProvider())
.sslContextProvider(serverSslContextProvider()) .sslContextProvider(serverSslContextProvider())
.build(); .build());
Socket socket = null; Socket socket = null;
try { try {
@ -3425,6 +3427,10 @@ public abstract class SSLEngineTest {
return engine; return engine;
} }
protected SslContext wrapContext(SslContext context) {
return context;
}
protected List<String> ciphers() { protected List<String> ciphers() {
return Collections.singletonList(protocolCipherCombo.cipher); return Collections.singletonList(protocolCipherCombo.cipher);
} }