From e236e99006bbe26a8dcae81c10f4aa151ed58468 Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Thu, 15 Jul 2021 08:50:24 +0200 Subject: [PATCH] Migrate the rest of the ssl package to junit5 (#11483) Motivation: We should use junit5 everywhere. Modifications: - Refactor rest of tests to use junit5 Result: Part of https://github.com/netty/netty/issues/10757 --- .../ssl/AmazonCorrettoSslEngineTest.java | 62 +- .../ssl/ConscryptJdkSslEngineInteropTest.java | 41 +- .../ConscryptOpenSslEngineInteropTest.java | 118 +- .../handler/ssl/ConscryptSslEngineTest.java | 45 +- .../netty/handler/ssl/Java8SslTestUtils.java | 4 +- .../ssl/JdkConscryptSslEngineInteropTest.java | 57 +- .../ssl/JdkOpenSslEngineInteroptTest.java | 143 +- .../netty/handler/ssl/JdkSslEngineTest.java | 184 +-- .../handler/ssl/OpenSslClientContextTest.java | 4 +- .../OpenSslConscryptSslEngineInteropTest.java | 110 +- .../netty/handler/ssl/OpenSslEngineTest.java | 850 ++++++------ .../handler/ssl/OpenSslEngineTestParam.java | 34 + .../ssl/OpenSslErrorStackAssertSSLEngine.java | 5 +- .../ssl/OpenSslJdkSslEngineInteroptTest.java | 125 +- .../handler/ssl/OpenSslRenegotiateTest.java | 5 +- .../handler/ssl/OpenSslServerContextTest.java | 4 +- .../ReferenceCountedOpenSslEngineTest.java | 49 +- .../io/netty/handler/ssl/SSLEngineTest.java | 1212 +++++++++-------- .../handler/ssl/SniClientJava8TestUtil.java | 28 +- .../io/netty/handler/ssl/SniHandlerTest.java | 2 +- .../io/netty/handler/ssl/SslContextTest.java | 4 +- .../io/netty/handler/ssl/SslHandlerTest.java | 1 - 22 files changed, 1579 insertions(+), 1508 deletions(-) create mode 100644 handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTestParam.java diff --git a/handler/src/test/java/io/netty/handler/ssl/AmazonCorrettoSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/AmazonCorrettoSslEngineTest.java index 71bc9472a8..09b3d9d6a1 100644 --- a/handler/src/test/java/io/netty/handler/ssl/AmazonCorrettoSslEngineTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/AmazonCorrettoSslEngineTest.java @@ -17,48 +17,28 @@ package io.netty.handler.ssl; import com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider; import com.amazon.corretto.crypto.provider.SelfTestStatus; -import org.junit.After; -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.condition.DisabledIf; import javax.crypto.Cipher; import java.security.Security; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; -import static org.junit.Assume.assumeTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; -@RunWith(Parameterized.class) + +@DisabledIf("checkIfAccpIsDisabled") public class AmazonCorrettoSslEngineTest extends SSLEngineTest { - @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") - public static Collection data() { - List params = new ArrayList(); - for (BufferType type: BufferType.values()) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true }); - - if (SslProvider.isTlsv13Supported(SslProvider.JDK)) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false }); - } - } - return params; + static boolean checkIfAccpIsDisabled() { + return AmazonCorrettoCryptoProvider.INSTANCE.getLoadingError() != null || + !AmazonCorrettoCryptoProvider.INSTANCE.runSelfTests().equals(SelfTestStatus.PASSED); } - public AmazonCorrettoSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) { - super(type, combo, delegate); - } - - @BeforeClass - public static void checkAccp() { - assumeTrue(AmazonCorrettoCryptoProvider.INSTANCE.getLoadingError() == null && - AmazonCorrettoCryptoProvider.INSTANCE.runSelfTests().equals(SelfTestStatus.PASSED)); + public AmazonCorrettoSslEngineTest() { + super(SslProvider.isTlsv13Supported(SslProvider.JDK)); } @Override @@ -71,7 +51,7 @@ public class AmazonCorrettoSslEngineTest extends SSLEngineTest { return SslProvider.JDK; } - @Before + @BeforeEach @Override public void setup() { // See https://github.com/corretto/amazon-corretto-crypto-provider/blob/develop/README.md#code @@ -81,7 +61,7 @@ public class AmazonCorrettoSslEngineTest extends SSLEngineTest { try { AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy(); String providerName = Cipher.getInstance("AES/GCM/NoPadding").getProvider().getName(); - Assert.assertEquals(AmazonCorrettoCryptoProvider.PROVIDER_NAME, providerName); + assertEquals(AmazonCorrettoCryptoProvider.PROVIDER_NAME, providerName); } catch (Throwable e) { Security.removeProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME); throw new AssertionError(e); @@ -89,24 +69,24 @@ public class AmazonCorrettoSslEngineTest extends SSLEngineTest { super.setup(); } - @After + @AfterEach @Override public void tearDown() throws InterruptedException { super.tearDown(); // Remove the provider again and verify that it was removed Security.removeProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME); - Assert.assertNull(Security.getProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME)); + assertNull(Security.getProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME)); } - @Ignore /* Does the JDK support a "max certificate chain length"? */ + @Disabled /* Does the JDK support a "max certificate chain length"? */ @Override - public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() { + public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) { } - @Ignore /* Does the JDK support a "max certificate chain length"? */ + @Disabled /* Does the JDK support a "max certificate chain length"? */ @Override - public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() { + public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) { } @Override diff --git a/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java b/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java index b151ab4003..fd8db16fd2 100644 --- a/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java @@ -16,39 +16,22 @@ package io.netty.handler.ssl; import java.security.Provider; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.condition.DisabledIf; import javax.net.ssl.SSLSessionContext; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; -import static org.junit.Assume.assumeTrue; -@RunWith(Parameterized.class) +@DisabledIf("checkConscryptDisabled") public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest { - @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") - public static Collection data() { - List params = new ArrayList(); - for (BufferType type: BufferType.values()) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true }); - } - return params; + public ConscryptJdkSslEngineInteropTest() { + super(false); } - public ConscryptJdkSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) { - super(type, combo, delegate); - } - - @BeforeClass - public static void checkConscrypt() { - assumeTrue(Conscrypt.isAvailable()); + static boolean checkConscryptDisabled() { + return !Conscrypt.isAvailable(); } @Override @@ -66,14 +49,16 @@ public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest { return Java8SslTestUtils.conscryptProvider(); } - @Ignore /* Does the JDK support a "max certificate chain length"? */ + @Disabled /* Does the JDK support a "max certificate chain length"? */ @Override - public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception { + public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) + throws Exception { } - @Ignore /* Does the JDK support a "max certificate chain length"? */ + @Disabled /* Does the JDK support a "max certificate chain length"? */ @Override - public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception { + public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) + throws Exception { } @Override diff --git a/handler/src/test/java/io/netty/handler/ssl/ConscryptOpenSslEngineInteropTest.java b/handler/src/test/java/io/netty/handler/ssl/ConscryptOpenSslEngineInteropTest.java index bbf4c37c25..8084220ca3 100644 --- a/handler/src/test/java/io/netty/handler/ssl/ConscryptOpenSslEngineInteropTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/ConscryptOpenSslEngineInteropTest.java @@ -15,48 +15,35 @@ */ package io.netty.handler.ssl; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.condition.DisabledIf; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLSessionContext; import java.security.Provider; import java.util.ArrayList; -import java.util.Collection; import java.util.List; import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory; -import static org.junit.Assume.assumeTrue; +import static org.junit.jupiter.api.Assumptions.assumeTrue; -@RunWith(Parameterized.class) +@DisabledIf("checkConscryptDisabled") public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest { - @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}") - public static Collection data() { - List params = new ArrayList(); - for (BufferType type: BufferType.values()) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true }); - - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true }); + @Override + protected List newTestParams() { + List params = super.newTestParams(); + List testParams = new ArrayList(); + for (SSLEngineTestParam param: params) { + testParams.add(new OpenSslEngineTestParam(true, param)); + testParams.add(new OpenSslEngineTestParam(false, param)); } - return params; + return testParams; } - private final boolean useTasks; - - public ConscryptOpenSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, - boolean delegate, boolean useTasks) { - super(type, combo, delegate); - this.useTasks = useTasks; - } - - @BeforeClass + @BeforeAll public static void checkOpenssl() { OpenSsl.ensureAvailability(); } @@ -77,17 +64,15 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest { } @Override - @Test - @Ignore("TODO: Make this work with Conscrypt") - public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() { - super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(); + @Disabled("TODO: Make this work with Conscrypt") + public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) { + super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param); } @Override - @Test - @Ignore("TODO: Make this work with Conscrypt") - public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() { - super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(); + @Disabled("TODO: Make this work with Conscrypt") + public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) { + super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param); } @Override @@ -97,45 +82,42 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest { } @Override - @Test - public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(); + super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param); } @Override - @Test - public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(); + super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param); } @Override - @Test - public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(); + super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param); } @Override - @Test - public void testSessionAfterHandshakeKeyManagerFactory() throws Exception { + public void testSessionAfterHandshakeKeyManagerFactory(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSessionAfterHandshakeKeyManagerFactory(); + super.testSessionAfterHandshakeKeyManagerFactory(param); } @Override - @Test - public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception { + public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(); + super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param); } @Override - @Test - public void testSupportedSignatureAlgorithms() throws Exception { + public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSupportedSignatureAlgorithms(); + super.testSupportedSignatureAlgorithms(param); } @Override @@ -145,18 +127,17 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest { } @Override - @Test - public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception { + public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSessionLocalWhenNonMutualWithKeyManager(); + super.testSessionLocalWhenNonMutualWithKeyManager(param); } @Override - public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception { + public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception { // This only really works when the KeyManagerFactory is supported as otherwise we not really know when // we need to provide a cert. assumeTrue(OpenSsl.supportsKeyManagerFactory()); - super.testSessionLocalWhenNonMutualWithoutKeyManager(); + super.testSessionLocalWhenNonMutualWithoutKeyManager(param); } @Override @@ -165,24 +146,21 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest { } @Override - @Test - public void testSessionCache() throws Exception { + public void testSessionCache(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCache(); + super.testSessionCache(param); } @Override - @Test - public void testSessionCacheTimeout() throws Exception { + public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCacheTimeout(); + super.testSessionCacheTimeout(param); } @Override - @Test - public void testSessionCacheSize() throws Exception { + public void testSessionCacheSize(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCacheSize(); + super.testSessionCacheSize(param); } @Override @@ -192,9 +170,11 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest { @SuppressWarnings("deprecation") @Override - protected SslContext wrapContext(SslContext context) { + protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) { if (context instanceof OpenSslContext) { - ((OpenSslContext) context).setUseTasks(useTasks); + if (param instanceof OpenSslEngineTestParam) { + ((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks); + } // Explicit enable the session cache as its disabled by default on the client side. ((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true); } diff --git a/handler/src/test/java/io/netty/handler/ssl/ConscryptSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/ConscryptSslEngineTest.java index 66726af6ab..6e825f6c7e 100644 --- a/handler/src/test/java/io/netty/handler/ssl/ConscryptSslEngineTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/ConscryptSslEngineTest.java @@ -15,39 +15,22 @@ */ package io.netty.handler.ssl; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; + +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.condition.DisabledIf; import javax.net.ssl.SSLSessionContext; import java.security.Provider; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; -import static org.junit.Assume.assumeTrue; - -@RunWith(Parameterized.class) +@DisabledIf("checkConscryptDisabled") public class ConscryptSslEngineTest extends SSLEngineTest { - @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") - public static Collection data() { - List params = new ArrayList(); - for (BufferType type: BufferType.values()) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true }); - } - return params; + static boolean checkConscryptDisabled() { + return !Conscrypt.isAvailable(); } - public ConscryptSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) { - super(type, combo, delegate); - } - - @BeforeClass - public static void checkConscrypt() { - assumeTrue(Conscrypt.isAvailable()); + public ConscryptSslEngineTest() { + super(false); } @Override @@ -70,14 +53,14 @@ public class ConscryptSslEngineTest extends SSLEngineTest { return Java8SslTestUtils.conscryptProvider(); } - @Ignore /* Does the JDK support a "max certificate chain length"? */ + @Disabled /* Does the JDK support a "max certificate chain length"? */ @Override - public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() { + public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) { } - @Ignore /* Does the JDK support a "max certificate chain length"? */ + @Disabled /* Does the JDK support a "max certificate chain length"? */ @Override - public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() { + public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) { } @Override @@ -85,8 +68,8 @@ public class ConscryptSslEngineTest extends SSLEngineTest { // Not supported by conscrypt } - @Ignore("Possible Conscrypt bug") - public void testSessionCacheTimeout() throws Exception { + @Disabled("Possible Conscrypt bug") + public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception { // Skip // https://github.com/google/conscrypt/issues/851 } diff --git a/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java b/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java index 862824f9b3..1021619695 100644 --- a/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java +++ b/handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java @@ -29,7 +29,7 @@ import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Collections; -import static org.junit.Assert.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNotNull; public final class Java8SslTestUtils { @@ -70,7 +70,7 @@ public final class Java8SslTestUtils { InputStream is = null; try { is = SslContextTest.class.getResourceAsStream(resourceName); - assertNotNull("Cannot find " + resourceName, is); + assertNotNull(is, "Cannot find " + resourceName); certCollection[i] = (X509Certificate) certFactory .generateCertificate(is); } finally { diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java index fb6c877693..5a2f91c86c 100644 --- a/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java @@ -17,39 +17,20 @@ package io.netty.handler.ssl; import java.security.Provider; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.condition.DisabledIf; import javax.net.ssl.SSLSessionContext; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; -import static org.junit.Assume.assumeTrue; - -@RunWith(Parameterized.class) +@DisabledIf("checkConscryptDisabled") public class JdkConscryptSslEngineInteropTest extends SSLEngineTest { - @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}") - public static Collection data() { - List params = new ArrayList(); - for (BufferType type: BufferType.values()) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true }); - } - return params; + static boolean checkConscryptDisabled() { + return !Conscrypt.isAvailable(); } - public JdkConscryptSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) { - super(type, combo, delegate); - } - - @BeforeClass - public static void checkConscrypt() { - assumeTrue(Conscrypt.isAvailable()); + public JdkConscryptSslEngineInteropTest() { + super(false); } @Override @@ -68,17 +49,17 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest { } @Override - @Test - @Ignore("TODO: Make this work with Conscrypt") - public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception { - super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(); + @Disabled("TODO: Make this work with Conscrypt") + public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) + throws Exception { + super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param); } @Override - @Test - @Ignore("TODO: Make this work with Conscrypt") - public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception { - super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(); + @Disabled("TODO: Make this work with Conscrypt") + public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) + throws Exception { + super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param); } @Override @@ -87,9 +68,9 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest { return super.mySetupMutualAuthServerIsValidClientException(cause) || causedBySSLException(cause); } - @Ignore("Ignore due bug in Conscrypt") + @Disabled("Ignore due bug in Conscrypt") @Override - public void testHandshakeSession() throws Exception { + public void testHandshakeSession(SSLEngineTestParam param) throws Exception { // Ignore as Conscrypt does not correctly return the local certificates while the TrustManager is invoked. // See https://github.com/google/conscrypt/issues/634 } @@ -99,8 +80,8 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest { // Not supported by conscrypt } - @Ignore("Possible Conscrypt bug") - public void testSessionCacheTimeout() { + @Disabled("Possible Conscrypt bug") + public void testSessionCacheTimeout(SSLEngineTestParam param) { // Skip // https://github.com/google/conscrypt/issues/851 } diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java index 17cc09183d..f978cbee3a 100644 --- a/handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java @@ -15,54 +15,36 @@ */ package io.netty.handler.ssl; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Disabled; import javax.net.ssl.SSLEngine; import java.util.ArrayList; -import java.util.Collection; import java.util.List; import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory; import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED; -import static org.junit.Assume.assumeTrue; +import static org.junit.jupiter.api.Assumptions.assumeTrue; -@RunWith(Parameterized.class) public class JdkOpenSslEngineInteroptTest extends SSLEngineTest { - @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}") - public static Collection data() { - List params = new ArrayList(); - for (BufferType type: BufferType.values()) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true }); + public JdkOpenSslEngineInteroptTest() { + super(SslProvider.isTlsv13Supported(SslProvider.JDK) && + SslProvider.isTlsv13Supported(SslProvider.OPENSSL)); + } - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true }); - - if (SslProvider.isTlsv13Supported(SslProvider.JDK) && SslProvider.isTlsv13Supported(SslProvider.OPENSSL)) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true }); - - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true }); - } + @Override + protected List newTestParams() { + List params = super.newTestParams(); + List testParams = new ArrayList(); + for (SSLEngineTestParam param: params) { + testParams.add(new OpenSslEngineTestParam(true, param)); + testParams.add(new OpenSslEngineTestParam(false, param)); } - return params; + return testParams; } - private final boolean useTasks; - - public JdkOpenSslEngineInteroptTest(BufferType type, ProtocolCipherCombo protocolCipherCombo, - boolean delegate, boolean useTasks) { - super(type, protocolCipherCombo, delegate); - this.useTasks = useTasks; - } - - @BeforeClass + @BeforeAll public static void checkOpenSsl() { OpenSsl.ensureAvailability(); } @@ -78,59 +60,55 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest { } @Override - @Test - @Ignore("Disable until figured out why this sometimes fail on the CI") - public void testMutualAuthSameCerts() throws Throwable { - super.testMutualAuthSameCerts(); + @Disabled("Disable until figured out why this sometimes fail on the CI") + public void testMutualAuthSameCerts(SSLEngineTestParam param) throws Throwable { + super.testMutualAuthSameCerts(param); + } + + public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param) + throws Exception { + checkShouldUseKeyManagerFactory(); + super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param); } @Override - @Test - public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(); + super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param); } @Override - @Test - public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(); + super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param); } @Override - @Test - public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception { + public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(); + super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param); } @Override - @Test - public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception { + public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(); + super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param); } @Override - @Test - public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception { + public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(); + super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param); } @Override - @Test - public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception { + public void testSessionAfterHandshakeKeyManagerFactory(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(); - } - - @Override - @Test - public void testSessionAfterHandshakeKeyManagerFactory() throws Exception { - checkShouldUseKeyManagerFactory(); - super.testSessionAfterHandshakeKeyManagerFactory(); + super.testSessionAfterHandshakeKeyManagerFactory(param); } @Override @@ -146,52 +124,47 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest { } @Override - public void testHandshakeSession() throws Exception { + public void testHandshakeSession(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testHandshakeSession(); + super.testHandshakeSession(param); } @Override - @Test - public void testSupportedSignatureAlgorithms() throws Exception { + public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSupportedSignatureAlgorithms(); + super.testSupportedSignatureAlgorithms(param); } @Override - @Test - public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception { + public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSessionLocalWhenNonMutualWithKeyManager(); + super.testSessionLocalWhenNonMutualWithKeyManager(param); } @Override - public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception { + public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception { // This only really works when the KeyManagerFactory is supported as otherwise we not really know when // we need to provide a cert. assumeTrue(OpenSsl.supportsKeyManagerFactory()); - super.testSessionLocalWhenNonMutualWithoutKeyManager(); + super.testSessionLocalWhenNonMutualWithoutKeyManager(param); } @Override - @Test - public void testSessionCache() throws Exception { + public void testSessionCache(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCache(); + super.testSessionCache(param); } @Override - @Test - public void testSessionCacheTimeout() throws Exception { + public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCacheTimeout(); + super.testSessionCacheTimeout(param); } @Override - @Test - public void testSessionCacheSize() throws Exception { + public void testSessionCacheSize(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCacheSize(); + super.testSessionCacheSize(param); } @Override @@ -201,9 +174,9 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest { @SuppressWarnings("deprecation") @Override - protected SslContext wrapContext(SslContext context) { - if (context instanceof OpenSslContext) { - ((OpenSslContext) context).setUseTasks(useTasks); + protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) { + if (context instanceof OpenSslContext && param instanceof OpenSslEngineTestParam) { + ((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks); // Explicit enable the session cache as its disabled by default on the client side. ((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true); } diff --git a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java index f91dc148ad..c9e02075a8 100644 --- a/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java @@ -23,26 +23,23 @@ import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectorFac import io.netty.handler.ssl.util.InsecureTrustManagerFactory; import io.netty.handler.ssl.util.SelfSignedCertificate; import java.security.Provider; -import java.util.ArrayList; -import java.util.Collection; import io.netty.util.internal.EmptyArrays; -import org.junit.Ignore; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; +import org.junit.AssumptionViolatedException; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; +import java.util.ArrayList; import java.util.List; import java.util.Set; import java.util.concurrent.TimeUnit; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLHandshakeException; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; -import static org.junit.Assume.assumeNoException; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; -@RunWith(Parameterized.class) public class JdkSslEngineTest extends SSLEngineTest { public enum ProviderType { NPN_JETTY { @@ -141,75 +138,88 @@ public class JdkSslEngineTest extends SSLEngineTest { private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1"; private static final String APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE = "my-protocol-FOO"; - @Parameterized.Parameters(name = "{index}: providerType = {0}, bufferType = {1}, combo = {2}, delegate = {3}") - public static Collection data() { - List params = new ArrayList(); - for (ProviderType providerType : ProviderType.values()) { - for (BufferType bufferType : BufferType.values()) { - params.add(new Object[]{ providerType, bufferType, ProtocolCipherCombo.tlsv12(), true }); - params.add(new Object[]{ providerType, bufferType, ProtocolCipherCombo.tlsv12(), false }); - - if (SslProvider.isTlsv13Supported(SslProvider.JDK)) { - params.add(new Object[] { providerType, bufferType, ProtocolCipherCombo.tlsv13(), true }); - params.add(new Object[] { providerType, bufferType, ProtocolCipherCombo.tlsv13(), false }); - } - } - } - return params; - } - - private final ProviderType providerType; - private Provider provider; - public JdkSslEngineTest(ProviderType providerType, BufferType bufferType, - ProtocolCipherCombo protocolCipherCombo, boolean delegate) { - super(bufferType, protocolCipherCombo, delegate); - this.providerType = providerType; + public JdkSslEngineTest() { + super(SslProvider.isTlsv13Supported(SslProvider.JDK)); } - @Test - public void testTlsExtension() throws Exception { + List newJdkParams() { + List params = newTestParams(); + + List jdkParams = new ArrayList(); + for (ProviderType providerType: ProviderType.values()) { + for (SSLEngineTestParam param: params) { + jdkParams.add(new JdkSSLEngineTestParam(providerType, param)); + } + } + return jdkParams; + } + + private static final class JdkSSLEngineTestParam extends SSLEngineTestParam { + final ProviderType providerType; + JdkSSLEngineTestParam(ProviderType providerType, SSLEngineTestParam param) { + super(param.type(), param.combo(), param.delegate()); + this.providerType = providerType; + } + + @Override + public String toString() { + return "JdkSSLEngineTestParam{" + + "type=" + type() + + ", protocolCipherCombo=" + combo() + + ", delegate=" + delegate() + + ", providerType=" + providerType + + '}'; + } + } + + @MethodSource("newJdkParams") + @ParameterizedTest + public void testTlsExtension(JdkSSLEngineTestParam param) throws Exception { try { - providerType.activate(this); - ApplicationProtocolConfig apn = failingNegotiator(providerType.protocol(), + param.providerType.activate(this); + ApplicationProtocolConfig apn = failingNegotiator(param.providerType.protocol(), PREFERRED_APPLICATION_LEVEL_PROTOCOL); - setupHandlers(apn); + setupHandlers(param, apn); runTest(); } catch (SkipTestException e) { // ALPN availability is dependent on the java version. If ALPN is not available because of // java version incompatibility don't fail the test, but instead just skip the test - assumeNoException(e); + throw new AssumptionViolatedException("Not expected", e); } } - @Test - public void testTlsExtensionNoCompatibleProtocolsNoHandshakeFailure() throws Exception { + @MethodSource("newJdkParams") + @ParameterizedTest + public void testTlsExtensionNoCompatibleProtocolsNoHandshakeFailure(JdkSSLEngineTestParam param) throws Exception { try { - providerType.activate(this); - ApplicationProtocolConfig clientApn = acceptingNegotiator(providerType.protocol(), + param.providerType.activate(this); + ApplicationProtocolConfig clientApn = acceptingNegotiator(param.providerType.protocol(), PREFERRED_APPLICATION_LEVEL_PROTOCOL); - ApplicationProtocolConfig serverApn = acceptingNegotiator(providerType.protocol(), + ApplicationProtocolConfig serverApn = acceptingNegotiator(param.providerType.protocol(), APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE); - setupHandlers(serverApn, clientApn); + setupHandlers(param, serverApn, clientApn); runTest(null); } catch (SkipTestException e) { // ALPN availability is dependent on the java version. If ALPN is not available because of // java version incompatibility don't fail the test, but instead just skip the test - assumeNoException(e); + throw new AssumptionViolatedException("Not expected", e); } } - @Test - public void testTlsExtensionNoCompatibleProtocolsClientHandshakeFailure() throws Exception { + @MethodSource("newJdkParams") + @ParameterizedTest + public void testTlsExtensionNoCompatibleProtocolsClientHandshakeFailure(JdkSSLEngineTestParam param) + throws Exception { try { - providerType.activate(this); - if (providerType == ProviderType.NPN_JETTY) { - ApplicationProtocolConfig clientApn = failingNegotiator(providerType.protocol(), + param.providerType.activate(this); + if (param.providerType == ProviderType.NPN_JETTY) { + ApplicationProtocolConfig clientApn = failingNegotiator(param.providerType.protocol(), PREFERRED_APPLICATION_LEVEL_PROTOCOL); - ApplicationProtocolConfig serverApn = acceptingNegotiator(providerType.protocol(), + ApplicationProtocolConfig serverApn = acceptingNegotiator(param.providerType.protocol(), APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE); - setupHandlers(serverApn, clientApn); + setupHandlers(param, serverApn, clientApn); assertTrue(clientLatch.await(2, TimeUnit.SECONDS)); assertTrue(clientException instanceof SSLHandshakeException); } else { @@ -235,14 +245,15 @@ public class JdkSslEngineTest extends SSLEngineTest { }, JdkBaseApplicationProtocolNegotiator.FAIL_SELECTION_LISTENER_FACTORY, APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE); - SslContext serverSslCtx = new JdkSslServerContext(providerType.provider(), + SslContext serverSslCtx = new JdkSslServerContext(param.providerType.provider(), ssc.certificate(), ssc.privateKey(), null, null, IdentityCipherSuiteFilter.INSTANCE, serverApn, 0, 0, null); - SslContext clientSslCtx = new JdkSslClientContext(providerType.provider(), null, + SslContext clientSslCtx = new JdkSslClientContext(param.providerType.provider(), null, InsecureTrustManagerFactory.INSTANCE, null, IdentityCipherSuiteFilter.INSTANCE, clientApn, 0, 0); - setupHandlers(new TestDelegatingSslContext(serverSslCtx), new TestDelegatingSslContext(clientSslCtx)); + setupHandlers(param.type(), param.delegate(), new TestDelegatingSslContext(param, serverSslCtx), + new TestDelegatingSslContext(param, clientSslCtx)); assertTrue(clientLatch.await(2, TimeUnit.SECONDS)); // When using TLSv1.3 the handshake is NOT sent in an extra round trip which means there will be // no exception reported in this case but just the channel will be closed. @@ -251,35 +262,38 @@ public class JdkSslEngineTest extends SSLEngineTest { } catch (SkipTestException e) { // ALPN availability is dependent on the java version. If ALPN is not available because of // java version incompatibility don't fail the test, but instead just skip the test - assumeNoException(e); + throw new AssumptionViolatedException("Not expected", e); } } - @Test - public void testTlsExtensionNoCompatibleProtocolsServerHandshakeFailure() throws Exception { + @MethodSource("newJdkParams") + @ParameterizedTest + public void testTlsExtensionNoCompatibleProtocolsServerHandshakeFailure(JdkSSLEngineTestParam param) + throws Exception { try { - providerType.activate(this); - ApplicationProtocolConfig clientApn = acceptingNegotiator(providerType.protocol(), + param.providerType.activate(this); + ApplicationProtocolConfig clientApn = acceptingNegotiator(param.providerType.protocol(), PREFERRED_APPLICATION_LEVEL_PROTOCOL); - ApplicationProtocolConfig serverApn = failingNegotiator(providerType.protocol(), + ApplicationProtocolConfig serverApn = failingNegotiator(param.providerType.protocol(), APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE); - setupHandlers(serverApn, clientApn); + setupHandlers(param, serverApn, clientApn); assertTrue(serverLatch.await(2, TimeUnit.SECONDS)); assertTrue(serverException instanceof SSLHandshakeException); } catch (SkipTestException e) { // ALPN availability is dependent on the java version. If ALPN is not available because of // java version incompatibility don't fail the test, but instead just skip the test - assumeNoException(e); + throw new AssumptionViolatedException("Not expected", e); } } - @Test - public void testAlpnCompatibleProtocolsDifferentClientOrder() throws Exception { + @MethodSource("newJdkParams") + @ParameterizedTest + public void testAlpnCompatibleProtocolsDifferentClientOrder(JdkSSLEngineTestParam param) throws Exception { try { - providerType.activate(this); - if (providerType == ProviderType.NPN_JETTY) { + param.providerType.activate(this); + if (param.providerType == ProviderType.NPN_JETTY) { // This test only applies to ALPN. - throw tlsExtensionNotFound(providerType.protocol()); + throw tlsExtensionNotFound(param.providerType.protocol()); } // Even the preferred application protocol appears second in the client's list, it will be picked // because it's the first one on server's list. @@ -287,29 +301,32 @@ public class JdkSslEngineTest extends SSLEngineTest { FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL); ApplicationProtocolConfig serverApn = failingNegotiator(Protocol.ALPN, PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL); - setupHandlers(serverApn, clientApn); + setupHandlers(param, serverApn, clientApn); assertNull(serverException); runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL); } catch (SkipTestException e) { // ALPN availability is dependent on the java version. If ALPN is not available because of // java version incompatibility don't fail the test, but instead just skip the test - assumeNoException(e); + throw new AssumptionViolatedException("Not expected", e); } } - @Test - public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception { - testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslProtocols.TLS_v1_2 }); + @MethodSource("newTestParams") + @ParameterizedTest + public void testEnablingAnAlreadyDisabledSslProtocol(SSLEngineTestParam param) throws Exception { + testEnablingAnAlreadyDisabledSslProtocol(param, new String[]{}, new String[]{ SslProtocols.TLS_v1_2 }); } - @Ignore /* Does the JDK support a "max certificate chain length"? */ + @Disabled /* Does the JDK support a "max certificate chain length"? */ @Override - public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception { + public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) + throws Exception { } - @Ignore /* Does the JDK support a "max certificate chain length"? */ + @Disabled /* Does the JDK support a "max certificate chain length"? */ @Override - public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception { + public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) + throws Exception { } @Override @@ -368,15 +385,18 @@ public class JdkSslEngineTest extends SSLEngineTest { } } - private final class TestDelegatingSslContext extends DelegatingSslContext { - TestDelegatingSslContext(SslContext ctx) { + private static final class TestDelegatingSslContext extends DelegatingSslContext { + private final SSLEngineTestParam param; + + TestDelegatingSslContext(SSLEngineTestParam param, SslContext ctx) { super(ctx); + this.param = param; } @Override protected void initEngine(SSLEngine engine) { - engine.setEnabledProtocols(protocols()); - engine.setEnabledCipherSuites(ciphers().toArray(EmptyArrays.EMPTY_STRINGS)); + engine.setEnabledProtocols(param.protocols().toArray(EmptyArrays.EMPTY_STRINGS)); + engine.setEnabledCipherSuites(param.ciphers().toArray(EmptyArrays.EMPTY_STRINGS)); } } } diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java index 7586d24f18..7c0e3674f7 100644 --- a/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java @@ -16,14 +16,14 @@ package io.netty.handler.ssl; import io.netty.handler.ssl.util.InsecureTrustManagerFactory; -import org.junit.BeforeClass; +import org.junit.jupiter.api.BeforeAll; import javax.net.ssl.SSLException; import java.io.File; public class OpenSslClientContextTest extends SslContextTest { - @BeforeClass + @BeforeAll public static void checkOpenSsl() { OpenSsl.ensureAvailability(); } diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslConscryptSslEngineInteropTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslConscryptSslEngineInteropTest.java index b1e67bded9..3c9dd65d3f 100644 --- a/handler/src/test/java/io/netty/handler/ssl/OpenSslConscryptSslEngineInteropTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslConscryptSslEngineInteropTest.java @@ -15,47 +15,33 @@ */ package io.netty.handler.ssl; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.condition.DisabledIf; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLSessionContext; import java.security.Provider; import java.util.ArrayList; -import java.util.Collection; import java.util.List; import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory; -import static org.junit.Assume.assumeTrue; +import static org.junit.jupiter.api.Assumptions.assumeTrue; -@RunWith(Parameterized.class) +@DisabledIf("checkConscryptDisabled") public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest { - - @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}") - public static Collection data() { - List params = new ArrayList(); - for (BufferType type: BufferType.values()) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true }); - - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true }); + @Override + protected List newTestParams() { + List params = super.newTestParams(); + List testParams = new ArrayList(); + for (SSLEngineTestParam param: params) { + testParams.add(new OpenSslEngineTestParam(true, param)); + testParams.add(new OpenSslEngineTestParam(false, param)); } - return params; + return testParams; } - private final boolean useTasks; - - public OpenSslConscryptSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, - boolean delegate, boolean useTasks) { - super(type, combo, delegate); - this.useTasks = useTasks; - } - - @BeforeClass + @BeforeAll public static void checkOpenssl() { OpenSsl.ensureAvailability(); } @@ -76,17 +62,15 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest } @Override - @Test - @Ignore("TODO: Make this work with Conscrypt") - public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() { - super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(); + @Disabled("TODO: Make this work with Conscrypt") + public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) { + super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param); } @Override - @Test - @Ignore("TODO: Make this work with Conscrypt") - public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() { - super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(); + @Disabled("TODO: Make this work with Conscrypt") + public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) { + super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param); } @Override @@ -96,38 +80,36 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest } @Override - @Test - public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(); + super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param); } @Override - @Test - public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(); + super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param); } @Override - @Test - public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(); + super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param); } @Override - @Test - public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception { + public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(); + super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param); } @Override - @Test - public void testSupportedSignatureAlgorithms() throws Exception { + public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSupportedSignatureAlgorithms(); + super.testSupportedSignatureAlgorithms(param); } @Override @@ -137,31 +119,27 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest } @Override - @Test - public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception { + public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSessionLocalWhenNonMutualWithKeyManager(); + super.testSessionLocalWhenNonMutualWithKeyManager(param); } @Override - @Test - public void testSessionCache() throws Exception { + public void testSessionCache(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCache(); + super.testSessionCache(param); } @Override - @Test - public void testSessionCacheTimeout() throws Exception { + public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCacheTimeout(); + super.testSessionCacheTimeout(param); } @Override - @Test - public void testSessionCacheSize() throws Exception { + public void testSessionCacheSize(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCacheSize(); + super.testSessionCacheSize(param); } @Override @@ -176,9 +154,11 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest @SuppressWarnings("deprecation") @Override - protected SslContext wrapContext(SslContext context) { + protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) { if (context instanceof OpenSslContext) { - ((OpenSslContext) context).setUseTasks(useTasks); + if (param instanceof OpenSslEngineTestParam) { + ((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks); + } // Explicit enable the session cache as its disabled by default on the client side. ((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true); } diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java index fdabd3a850..2d854d7773 100644 --- a/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java @@ -25,11 +25,12 @@ import io.netty.internal.tcnative.SSL; import io.netty.util.CharsetUtil; import io.netty.util.internal.EmptyArrays; import io.netty.util.internal.PlatformDependent; -import org.junit.Assume; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; +import org.junit.AssumptionViolatedException; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.function.Executable; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; @@ -52,7 +53,6 @@ import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collection; import java.util.List; import java.util.Set; @@ -60,120 +60,104 @@ import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFact import static io.netty.handler.ssl.ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH; import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED; import static java.lang.Integer.MAX_VALUE; -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotEquals; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertSame; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; -import static org.junit.Assume.assumeTrue; +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotEquals; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertSame; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assumptions.assumeTrue; -@RunWith(Parameterized.class) public class OpenSslEngineTest extends SSLEngineTest { private static final String PREFERRED_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http2"; private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1"; - @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}") - public static Collection data() { - List params = new ArrayList(); - for (BufferType type: BufferType.values()) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true }); + public OpenSslEngineTest() { + super(SslProvider.isTlsv13Supported(SslProvider.OPENSSL)); + } - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true }); - - if (SslProvider.isTlsv13Supported(SslProvider.OPENSSL)) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true }); - - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true }); - } + @Override + protected List newTestParams() { + List params = super.newTestParams(); + List testParams = new ArrayList(); + for (SSLEngineTestParam param: params) { + testParams.add(new OpenSslEngineTestParam(true, param)); + testParams.add(new OpenSslEngineTestParam(false, param)); } - return params; + return testParams; } - protected final boolean useTasks; - - public OpenSslEngineTest(BufferType type, ProtocolCipherCombo cipherCombo, boolean delegate, boolean useTasks) { - super(type, cipherCombo, delegate); - this.useTasks = useTasks; - } - - @BeforeClass + @BeforeAll public static void checkOpenSsl() { - OpenSsl.ensureAvailability(); + OpenSsl.ensureAvailability(); } + @AfterEach @Override public void tearDown() throws InterruptedException { super.tearDown(); - assertEquals("SSL error stack not correctly consumed", 0, SSL.getLastErrorNumber()); + assertEquals(0, SSL.getLastErrorNumber(), "SSL error stack not correctly consumed"); } @Override - @Test - public void testSessionAfterHandshakeKeyManagerFactory() throws Exception { + public void testSessionAfterHandshakeKeyManagerFactory(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSessionAfterHandshakeKeyManagerFactory(); + super.testSessionAfterHandshakeKeyManagerFactory(param); } @Override - @Test - public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception { + public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(); + super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param); } @Override - @Test - public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(); + super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param); } @Override - @Test - public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(); + super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param); } @Override - @Test - public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(); + super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param); } @Override - @Test - public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception { + public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(); + super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param); } @Override - @Test - public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception { + public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(); + super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param); } @Override - public void testHandshakeSession() throws Exception { + public void testHandshakeSession(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testHandshakeSession(); + super.testHandshakeSession(param); } @Override - @Test - public void testSupportedSignatureAlgorithms() throws Exception { + public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSupportedSignatureAlgorithms(); + super.testSupportedSignatureAlgorithms(param); } private static boolean isNpnSupported(String versionString) { @@ -203,68 +187,75 @@ public class OpenSslEngineTest extends SSLEngineTest { } return true; } - @Test - public void testNpn() throws Exception { + + @MethodSource("newTestParams") + @ParameterizedTest + public void testNpn(SSLEngineTestParam param) throws Exception { String versionString = OpenSsl.versionString(); - assumeTrue("LibreSSL 2.6.1 removed NPN support, detected " + versionString, isNpnSupported(versionString)); + assumeTrue(isNpnSupported(versionString), "LibreSSL 2.6.1 removed NPN support, detected " + versionString); ApplicationProtocolConfig apn = acceptingNegotiator(Protocol.NPN, PREFERRED_APPLICATION_LEVEL_PROTOCOL); - setupHandlers(apn); + setupHandlers(param, apn); runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL); } - @Test - public void testAlpn() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testAlpn(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isAlpnSupported()); ApplicationProtocolConfig apn = acceptingNegotiator(Protocol.ALPN, PREFERRED_APPLICATION_LEVEL_PROTOCOL); - setupHandlers(apn); + setupHandlers(param, apn); runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL); } - @Test - public void testAlpnCompatibleProtocolsDifferentClientOrder() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testAlpnCompatibleProtocolsDifferentClientOrder(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isAlpnSupported()); ApplicationProtocolConfig clientApn = acceptingNegotiator(Protocol.ALPN, FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL); ApplicationProtocolConfig serverApn = acceptingNegotiator(Protocol.ALPN, PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL); - setupHandlers(serverApn, clientApn); + setupHandlers(param, serverApn, clientApn); assertNull(serverException); runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL); } - @Test - public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception { - testEnablingAnAlreadyDisabledSslProtocol(new String[]{SslProtocols.SSL_v2_HELLO}, + @MethodSource("newTestParams") + @ParameterizedTest + public void testEnablingAnAlreadyDisabledSslProtocol(SSLEngineTestParam param) throws Exception { + testEnablingAnAlreadyDisabledSslProtocol(param, new String[]{SslProtocols.SSL_v2_HELLO}, new String[]{SslProtocols.SSL_v2_HELLO, SslProtocols.TLS_v1_2}); } - @Test - public void testWrapBuffersNoWritePendingError() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + + @MethodSource("newTestParams") + @ParameterizedTest + public void testWrapBuffersNoWritePendingError(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); - ByteBuffer src = allocateBuffer(1024 * 10); + ByteBuffer src = allocateBuffer(param.type(), 1024 * 10); byte[] data = new byte[src.capacity()]; PlatformDependent.threadLocalRandom().nextBytes(data); src.put(data).flip(); - ByteBuffer dst = allocateBuffer(1); + ByteBuffer dst = allocateBuffer(param.type(), 1); // Try to wrap multiple times so we are more likely to hit the issue. for (int i = 0; i < 100; i++) { src.position(0); @@ -277,36 +268,37 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - @Test - public void testOnlySmallBufferNeededForWrap() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testOnlySmallBufferNeededForWrap(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); // Allocate a buffer which is small enough and set the limit to the capacity to mark its whole content // as readable. int srcLen = 1024; - ByteBuffer src = allocateBuffer(srcLen); + ByteBuffer src = allocateBuffer(param.type(), srcLen); ByteBuffer dstTooSmall = allocateBuffer( - src.capacity() + unwrapEngine(clientEngine).maxWrapOverhead() - 1); + param.type(), src.capacity() + unwrapEngine(clientEngine).maxWrapOverhead() - 1); ByteBuffer dst = allocateBuffer( - src.capacity() + unwrapEngine(clientEngine).maxWrapOverhead()); + param.type(), src.capacity() + unwrapEngine(clientEngine).maxWrapOverhead()); // Check that we fail to wrap if the dst buffers capacity is not at least // src.capacity() + ReferenceCountedOpenSslEngine.MAX_TLS_RECORD_OVERHEAD_LENGTH @@ -332,31 +324,32 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - @Test - public void testNeededDstCapacityIsCorrectlyCalculated() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testNeededDstCapacityIsCorrectlyCalculated(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); - ByteBuffer src = allocateBuffer(1024); + ByteBuffer src = allocateBuffer(param.type(), 1024); ByteBuffer src2 = src.duplicate(); - ByteBuffer dst = allocateBuffer(src.capacity() + ByteBuffer dst = allocateBuffer(param.type(), src.capacity() + unwrapEngine(clientEngine).maxWrapOverhead()); SSLEngineResult result = clientEngine.wrap(new ByteBuffer[] { src, src2 }, dst); @@ -372,28 +365,29 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - @Test - public void testSrcsLenOverFlowCorrectlyHandled() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testSrcsLenOverFlowCorrectlyHandled(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); - ByteBuffer src = allocateBuffer(1024); + ByteBuffer src = allocateBuffer(param.type(), 1024); List srcList = new ArrayList(); long srcsLen = 0; long maxLen = ((long) MAX_VALUE) * 2; @@ -406,7 +400,7 @@ public class OpenSslEngineTest extends SSLEngineTest { ByteBuffer[] srcs = srcList.toArray(new ByteBuffer[0]); ByteBuffer dst = allocateBuffer( - unwrapEngine(clientEngine).maxEncryptedPacketLength() - 1); + param.type(), unwrapEngine(clientEngine).maxEncryptedPacketLength() - 1); SSLEngineResult result = clientEngine.wrap(srcs, dst); assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus()); @@ -423,31 +417,33 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - @Test - public void testCalculateOutNetBufSizeOverflow() throws SSLException { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testCalculateOutNetBufSizeOverflow(SSLEngineTestParam param) throws SSLException { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; try { clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); int value = ((ReferenceCountedOpenSslEngine) clientEngine).calculateMaxLengthForWrap(MAX_VALUE, 1); - assertTrue("unexpected value: " + value, value > 0); + assertTrue(value > 0); } finally { cleanupClientSslEngine(clientEngine); } } - @Test - public void testCalculateOutNetBufSize0() throws SSLException { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testCalculateOutNetBufSize0(SSLEngineTestParam param) throws SSLException { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; try { @@ -458,29 +454,32 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - @Test - public void testCorrectlyCalculateSpaceForAlert() throws Exception { - testCorrectlyCalculateSpaceForAlert(true); + @MethodSource("newTestParams") + @ParameterizedTest + public void testCorrectlyCalculateSpaceForAlert(SSLEngineTestParam param) throws Exception { + testCorrectlyCalculateSpaceForAlert(param, true); } - @Test - public void testCorrectlyCalculateSpaceForAlertJDKCompatabilityModeOff() throws Exception { - testCorrectlyCalculateSpaceForAlert(false); + @MethodSource("newTestParams") + @ParameterizedTest + public void testCorrectlyCalculateSpaceForAlertJDKCompatabilityModeOff(SSLEngineTestParam param) throws Exception { + testCorrectlyCalculateSpaceForAlert(param, false); } - private void testCorrectlyCalculateSpaceForAlert(boolean jdkCompatabilityMode) throws Exception { + private void testCorrectlyCalculateSpaceForAlert(SSLEngineTestParam param, boolean jdkCompatabilityMode) + throws Exception { SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); - clientSslCtx = wrapContext(SslContextBuilder.forClient() + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; SSLEngine serverEngine = null; @@ -492,13 +491,13 @@ public class OpenSslEngineTest extends SSLEngineTest { clientEngine = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); serverEngine = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); } - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); // This should produce an alert clientEngine.closeOutbound(); - ByteBuffer empty = allocateBuffer(0); - ByteBuffer dst = allocateBuffer(clientEngine.getSession().getPacketBufferSize()); + ByteBuffer empty = allocateBuffer(param.type(), 0); + ByteBuffer dst = allocateBuffer(param.type(), clientEngine.getSession().getPacketBufferSize()); // Limit to something that is guaranteed to be too small to hold an SSL Record. dst.limit(1); @@ -530,159 +529,165 @@ public class OpenSslEngineTest extends SSLEngineTest { engine.setVerify(SSL_CVERIFY_IGNORED, 1); } - @Test - public void testWrapWithDifferentSizesTLSv1() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testWrapWithDifferentSizesTLSv1(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .build()); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES128-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES128-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA128-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "SEED-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-MD5"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AES256-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "EDH-RSA-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ADH-RC4-MD5"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "IDEA-CBC-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "RC4-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "CAMELLIA256-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "AECDH-RC4-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-AES256-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1, "ECDHE-RSA-RC4-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "AES128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "ECDHE-RSA-AES128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "AECDH-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "CAMELLIA128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "SEED-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "RC4-MD5"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "AES256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "ADH-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "EDH-RSA-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "ADH-RC4-MD5"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "IDEA-CBC-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "RC4-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "CAMELLIA256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "AECDH-RC4-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "ECDHE-RSA-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "ECDHE-RSA-AES256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1, "ECDHE-RSA-RC4-SHA"); } - @Test - public void testWrapWithDifferentSizesTLSv1_1() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testWrapWithDifferentSizesTLSv1_1(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .build()); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AES256-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA256-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "SEED-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "CAMELLIA128-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "IDEA-CBC-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-RC4-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-RC4-MD5"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "RC4-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ECDHE-RSA-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "EDH-RSA-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "AECDH-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "ADH-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_1, "DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "AES256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "CAMELLIA256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "ECDHE-RSA-AES256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "SEED-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "CAMELLIA128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "IDEA-CBC-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "AECDH-RC4-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "ADH-RC4-MD5"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "RC4-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "ECDHE-RSA-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "EDH-RSA-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "AECDH-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "ADH-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_1, "DES-CBC3-SHA"); } - @Test - public void testWrapWithDifferentSizesTLSv1_2() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testWrapWithDifferentSizesTLSv1_2(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .build()); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-GCM-SHA256"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA384"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-GCM-SHA384"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA256"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-GCM-SHA256"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA256"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA128-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "SEED-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-MD5"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES256-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "EDH-RSA-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ADH-RC4-MD5"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "RC4-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "CAMELLIA256-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AES128-SHA256"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "AECDH-RC4-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-GCM-SHA384"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA"); - testWrapWithDifferentSizes(SslProtocols.TLS_v1_2, "ECDHE-RSA-RC4-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "AES128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "AES128-GCM-SHA256"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA384"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "AECDH-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "AES256-GCM-SHA384"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "AES256-SHA256"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-GCM-SHA256"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "ECDHE-RSA-AES128-SHA256"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "CAMELLIA128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "SEED-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "RC4-MD5"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "AES256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "ADH-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "EDH-RSA-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "ADH-RC4-MD5"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "RC4-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "CAMELLIA256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "AES128-SHA256"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "AECDH-RC4-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "ECDHE-RSA-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-GCM-SHA384"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "ECDHE-RSA-AES256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.TLS_v1_2, "ECDHE-RSA-RC4-SHA"); } - @Test - public void testWrapWithDifferentSizesSSLv3() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testWrapWithDifferentSizesSSLv3(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .build()); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES128-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA128-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES128-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA128-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES256-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "SEED-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-MD5"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-AES256-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-SEED-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "EDH-RSA-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-RC4-MD5"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "IDEA-CBC-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-AES128-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "RC4-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "CAMELLIA256-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-RC4-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-SEED-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "AECDH-AES256-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-DES-CBC3-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ADH-CAMELLIA256-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA256-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA128-SHA"); - testWrapWithDifferentSizes(SslProtocols.SSL_v3, "ECDHE-RSA-RC4-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "ADH-AES128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "ADH-CAMELLIA128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "AECDH-AES128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "AECDH-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "CAMELLIA128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "DHE-RSA-AES256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "SEED-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "RC4-MD5"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "ADH-AES256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "ADH-SEED-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "ADH-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "EDH-RSA-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "ADH-RC4-MD5"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "IDEA-CBC-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "DHE-RSA-AES128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "RC4-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "CAMELLIA256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "AECDH-RC4-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "DHE-RSA-SEED-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "AECDH-AES256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "ECDHE-RSA-DES-CBC3-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "ADH-CAMELLIA256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA256-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "DHE-RSA-CAMELLIA128-SHA"); + testWrapWithDifferentSizes(param, SslProtocols.SSL_v3, "ECDHE-RSA-RC4-SHA"); } - @Test - public void testMultipleRecordsInOneBufferWithNonZeroPositionJDKCompatabilityModeOff() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testMultipleRecordsInOneBufferWithNonZeroPositionJDKCompatabilityModeOff(SSLEngineTestParam param) + throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); @@ -690,18 +695,18 @@ public class OpenSslEngineTest extends SSLEngineTest { // Choose buffer size small enough that we can put multiple buffers into one buffer and pass it into the // unwrap call without exceed MAX_ENCRYPTED_PACKET_LENGTH. final int plainClientOutLen = 1024; - ByteBuffer plainClientOut = allocateBuffer(plainClientOutLen); - ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize()); + ByteBuffer plainClientOut = allocateBuffer(param.type(), plainClientOutLen); + ByteBuffer plainServerOut = allocateBuffer(param.type(), server.getSession().getApplicationBufferSize()); - ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize()); + ByteBuffer encClientToServer = allocateBuffer(param.type(), client.getSession().getPacketBufferSize()); int positionOffset = 1; // We need to be able to hold 2 records + positionOffset ByteBuffer combinedEncClientToServer = allocateBuffer( - encClientToServer.capacity() * 2 + positionOffset); + param.type(), encClientToServer.capacity() * 2 + positionOffset); combinedEncClientToServer.position(positionOffset); - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); plainClientOut.limit(plainClientOut.capacity()); SSLEngineResult result = client.wrap(plainClientOut, encClientToServer); @@ -746,31 +751,33 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - @Test - public void testInputTooBigAndFillsUpBuffersJDKCompatabilityModeOff() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testInputTooBigAndFillsUpBuffersJDKCompatabilityModeOff(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); try { - ByteBuffer plainClient = allocateBuffer(MAX_PLAINTEXT_LENGTH + 100); - ByteBuffer plainClient2 = allocateBuffer(512); - ByteBuffer plainClientTotal = allocateBuffer(plainClient.capacity() + plainClient2.capacity()); + ByteBuffer plainClient = allocateBuffer(param.type(), MAX_PLAINTEXT_LENGTH + 100); + ByteBuffer plainClient2 = allocateBuffer(param.type(), 512); + ByteBuffer plainClientTotal = + allocateBuffer(param.type(), plainClient.capacity() + plainClient2.capacity()); plainClientTotal.put(plainClient); plainClientTotal.put(plainClient2); plainClient.clear(); @@ -778,12 +785,13 @@ public class OpenSslEngineTest extends SSLEngineTest { plainClientTotal.flip(); // The capacity is designed to trigger an overflow condition. - ByteBuffer encClientToServerTooSmall = allocateBuffer(MAX_PLAINTEXT_LENGTH + 28); - ByteBuffer encClientToServer = allocateBuffer(client.getSession().getApplicationBufferSize()); - ByteBuffer encClientToServerTotal = allocateBuffer(client.getSession().getApplicationBufferSize() << 1); - ByteBuffer plainServer = allocateBuffer(server.getSession().getApplicationBufferSize() << 1); + ByteBuffer encClientToServerTooSmall = allocateBuffer(param.type(), MAX_PLAINTEXT_LENGTH + 28); + ByteBuffer encClientToServer = allocateBuffer(param.type(), client.getSession().getApplicationBufferSize()); + ByteBuffer encClientToServerTotal = + allocateBuffer(param.type(), client.getSession().getApplicationBufferSize() << 1); + ByteBuffer plainServer = allocateBuffer(param.type(), server.getSession().getApplicationBufferSize() << 1); - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); int plainClientRemaining = plainClient.remaining(); int encClientToServerTooSmallRemaining = encClientToServerTooSmall.remaining(); @@ -834,41 +842,43 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - @Test - public void testPartialPacketUnwrapJDKCompatabilityModeOff() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testPartialPacketUnwrapJDKCompatabilityModeOff(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); try { - ByteBuffer plainClient = allocateBuffer(1024); - ByteBuffer plainClient2 = allocateBuffer(512); - ByteBuffer plainClientTotal = allocateBuffer(plainClient.capacity() + plainClient2.capacity()); + ByteBuffer plainClient = allocateBuffer(param.type(), 1024); + ByteBuffer plainClient2 = allocateBuffer(param.type(), 512); + ByteBuffer plainClientTotal = + allocateBuffer(param.type(), plainClient.capacity() + plainClient2.capacity()); plainClientTotal.put(plainClient); plainClientTotal.put(plainClient2); plainClient.clear(); plainClient2.clear(); plainClientTotal.flip(); - ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize()); - ByteBuffer plainServer = allocateBuffer(server.getSession().getApplicationBufferSize()); + ByteBuffer encClientToServer = allocateBuffer(param.type(), client.getSession().getPacketBufferSize()); + ByteBuffer plainServer = allocateBuffer(param.type(), server.getSession().getApplicationBufferSize()); - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); SSLEngineResult result = client.wrap(plainClient, encClientToServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); @@ -913,35 +923,36 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - @Test - public void testBufferUnderFlowAvoidedIfJDKCompatabilityModeOff() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testBufferUnderFlowAvoidedIfJDKCompatabilityModeOff(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()); try { - ByteBuffer plainClient = allocateBuffer(1024); + ByteBuffer plainClient = allocateBuffer(param.type(), 1024); plainClient.limit(plainClient.capacity()); - ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize()); - ByteBuffer plainServer = allocateBuffer(server.getSession().getApplicationBufferSize()); + ByteBuffer encClientToServer = allocateBuffer(param.type(), client.getSession().getPacketBufferSize()); + ByteBuffer plainServer = allocateBuffer(param.type(), server.getSession().getApplicationBufferSize()); - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); SSLEngineResult result = client.wrap(plainClient, encClientToServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); @@ -998,7 +1009,7 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - private void testWrapWithDifferentSizes(String protocol, String cipher) throws Exception { + private void testWrapWithDifferentSizes(SSLEngineTestParam param, String protocol, String cipher) throws Exception { assumeTrue(OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(protocol)); if (!OpenSsl.isCipherSuiteAvailable(cipher)) { return; @@ -1015,31 +1026,31 @@ public class OpenSslEngineTest extends SSLEngineTest { serverEngine.setEnabledProtocols(new String[] { protocol }); try { - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); } catch (SSLException e) { if (e.getMessage().contains("unsupported protocol") || e.getMessage().contains("no protocols available")) { - Assume.assumeNoException(protocol + " not supported with cipher " + cipher, e); + throw new AssumptionViolatedException(protocol + " not supported with cipher " + cipher, e); } throw e; } int srcLen = 64; do { - testWrapDstBigEnough(clientEngine, srcLen); + testWrapDstBigEnough(param.type(), clientEngine, srcLen); srcLen += 64; } while (srcLen < MAX_PLAINTEXT_LENGTH); - testWrapDstBigEnough(clientEngine, MAX_PLAINTEXT_LENGTH); + testWrapDstBigEnough(param.type(), clientEngine, MAX_PLAINTEXT_LENGTH); } finally { cleanupClientSslEngine(clientEngine); cleanupServerSslEngine(serverEngine); } } - private void testWrapDstBigEnough(SSLEngine engine, int srcLen) throws SSLException { - ByteBuffer src = allocateBuffer(srcLen); - ByteBuffer dst = allocateBuffer(srcLen + unwrapEngine(engine).maxWrapOverhead()); + private void testWrapDstBigEnough(BufferType type, SSLEngine engine, int srcLen) throws SSLException { + ByteBuffer src = allocateBuffer(type, srcLen); + ByteBuffer dst = allocateBuffer(type, srcLen + unwrapEngine(engine).maxWrapOverhead()); SSLEngineResult result = engine.wrap(src, dst); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); @@ -1053,14 +1064,15 @@ public class OpenSslEngineTest extends SSLEngineTest { assertFalse(src.hasRemaining()); } - @Test - public void testSNIMatchersDoesNotThrow() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testSNIMatchersDoesNotThrow(SSLEngineTestParam param) throws Exception { assumeTrue(PlatformDependent.javaVersion() >= 8); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); @@ -1074,15 +1086,16 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - @Test - public void testSNIMatchersWithSNINameWithUnderscore() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testSNIMatchersWithSNINameWithUnderscore(SSLEngineTestParam param) throws Exception { assumeTrue(PlatformDependent.javaVersion() >= 8); byte[] name = "rb8hx3pww30y3tvw0mwy.v1_1".getBytes(CharsetUtil.UTF_8); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); @@ -1098,37 +1111,43 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - @Test(expected = IllegalArgumentException.class) - public void testAlgorithmConstraintsThrows() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testAlgorithmConstraintsThrows(SSLEngineTestParam param) throws Exception { SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); - SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); + final SSLEngine engine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); + final SSLParameters parameters = new SSLParameters(); + parameters.setAlgorithmConstraints(new AlgorithmConstraints() { + @Override + public boolean permits( + Set primitives, String algorithm, AlgorithmParameters parameters) { + return false; + } + + @Override + public boolean permits(Set primitives, Key key) { + return false; + } + + @Override + public boolean permits( + Set primitives, String algorithm, Key key, AlgorithmParameters parameters) { + return false; + } + }); try { - SSLParameters parameters = new SSLParameters(); - parameters.setAlgorithmConstraints(new AlgorithmConstraints() { + assertThrows(IllegalArgumentException.class, new Executable() { @Override - public boolean permits( - Set primitives, String algorithm, AlgorithmParameters parameters) { - return false; - } - - @Override - public boolean permits(Set primitives, Key key) { - return false; - } - - @Override - public boolean permits( - Set primitives, String algorithm, Key key, AlgorithmParameters parameters) { - return false; + public void execute() throws Throwable { + engine.setSSLParameters(parameters); } }); - engine.setSSLParameters(parameters); } finally { cleanupServerSslEngine(engine); ssc.delete(); @@ -1148,22 +1167,23 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - @Test - public void testExtractMasterkeyWorksCorrectly() throws Exception { - if (protocolCipherCombo != ProtocolCipherCombo.tlsv12()) { + @MethodSource("newTestParams") + @ParameterizedTest + public void testExtractMasterkeyWorksCorrectly(SSLEngineTestParam param) throws Exception { + if (param.combo() != ProtocolCipherCombo.tlsv12()) { return; } SelfSignedCertificate cert = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(cert.key(), cert.cert()) - .protocols(protocols()) - .ciphers(ciphers()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(cert.key(), cert.cert()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .sslProvider(SslProvider.OPENSSL).build()); final SSLEngine serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - clientSslCtx = wrapContext(SslContextBuilder.forClient() + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(cert.certificate()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .sslProvider(SslProvider.OPENSSL).build()); final SSLEngine clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); @@ -1171,9 +1191,8 @@ public class OpenSslEngineTest extends SSLEngineTest { final String enabledCipher = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; try { //lets set the cipher suite to a specific one with DHE - assumeTrue("The diffie hellman cipher is not supported on your runtime.", - Arrays.asList(clientEngine.getSupportedCipherSuites()) - .contains(enabledCipher)); + assumeTrue(Arrays.asList(clientEngine.getSupportedCipherSuites()).contains(enabledCipher), + "The diffie hellman cipher is not supported on your runtime."); //https://www.ietf.org/rfc/rfc5289.txt //For cipher suites ending with _SHA256, the PRF is the TLS PRF @@ -1306,7 +1325,7 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - assertTrue("The assertions were never executed.", asserted); + assertTrue(asserted, "The assertions were never executed."); } finally { cleanupClientSslEngine(clientEngine); cleanupServerSslEngine(serverEngine); @@ -1314,19 +1333,20 @@ public class OpenSslEngineTest extends SSLEngineTest { } } - @Test(expected = SSLException.class) - public void testNoKeyFound() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testNoKeyFound(final SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); - SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); + final SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(new X509ExtendedKeyManager() { @Override public String[] getClientAliases(String keyType, Principal[] issuers) { @@ -1359,13 +1379,18 @@ public class OpenSslEngineTest extends SSLEngineTest { } }) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); - SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); + final SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { - handshake(client, server); + assertThrows(SSLException.class, new Executable() { + @Override + public void execute() throws Throwable { + handshake(param.type(), param.delegate(), client, server); + } + }); } finally { cleanupClientSslEngine(client); cleanupServerSslEngine(server); @@ -1373,41 +1398,45 @@ public class OpenSslEngineTest extends SSLEngineTest { } @Override - @Test - public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception { + public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSessionLocalWhenNonMutualWithKeyManager(); + super.testSessionLocalWhenNonMutualWithKeyManager(param); } @Override - public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception { + public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception { // This only really works when the KeyManagerFactory is supported as otherwise we not really know when // we need to provide a cert. assumeTrue(OpenSsl.supportsKeyManagerFactory()); - super.testSessionLocalWhenNonMutualWithoutKeyManager(); + super.testSessionLocalWhenNonMutualWithoutKeyManager(param); } - @Test - public void testDefaultTLS1NotAcceptedByDefaultServer() throws Exception { - testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1); + @MethodSource("newTestParams") + @ParameterizedTest + public void testDefaultTLS1NotAcceptedByDefaultServer(SSLEngineTestParam param) throws Exception { + testDefaultTLS1NotAcceptedByDefault(param, null, SslProtocols.TLS_v1); } - @Test - public void testDefaultTLS11NotAcceptedByDefaultServer() throws Exception { - testDefaultTLS1NotAcceptedByDefault(null, SslProtocols.TLS_v1_1); + @MethodSource("newTestParams") + @ParameterizedTest + public void testDefaultTLS11NotAcceptedByDefaultServer(SSLEngineTestParam param) throws Exception { + testDefaultTLS1NotAcceptedByDefault(param, null, SslProtocols.TLS_v1_1); } - @Test - public void testDefaultTLS1NotAcceptedByDefaultClient() throws Exception { - testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1, null); + @MethodSource("newTestParams") + @ParameterizedTest + public void testDefaultTLS1NotAcceptedByDefaultClient(SSLEngineTestParam param) throws Exception { + testDefaultTLS1NotAcceptedByDefault(param, SslProtocols.TLS_v1, null); } - @Test - public void testDefaultTLS11NotAcceptedByDefaultClient() throws Exception { - testDefaultTLS1NotAcceptedByDefault(SslProtocols.TLS_v1_1, null); + @MethodSource("newTestParams") + @ParameterizedTest + public void testDefaultTLS11NotAcceptedByDefaultClient(SSLEngineTestParam param) throws Exception { + testDefaultTLS1NotAcceptedByDefault(param, SslProtocols.TLS_v1_1, null); } - private void testDefaultTLS1NotAcceptedByDefault(String clientProtocol, String serverProtocol) throws Exception { + private void testDefaultTLS1NotAcceptedByDefault(final SSLEngineTestParam param, + String clientProtocol, String serverProtocol) throws Exception { SslContextBuilder clientCtxBuilder = SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) @@ -1415,7 +1444,7 @@ public class OpenSslEngineTest extends SSLEngineTest { if (clientProtocol != null) { clientCtxBuilder.protocols(clientProtocol); } - clientSslCtx = wrapContext(clientCtxBuilder.build()); + clientSslCtx = wrapContext(param, clientCtxBuilder.build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); SslContextBuilder serverCtxBuilder = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) @@ -1424,15 +1453,17 @@ public class OpenSslEngineTest extends SSLEngineTest { if (serverProtocol != null) { serverCtxBuilder.protocols(serverProtocol); } - serverSslCtx = wrapContext(serverCtxBuilder.build()); - SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); + serverSslCtx = wrapContext(param, serverCtxBuilder.build()); + final SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); + final SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { - handshake(client, server); - fail(); - } catch (SSLHandshakeException expected) { - // expected + assertThrows(SSLHandshakeException.class, new Executable() { + @Override + public void execute() throws Throwable { + handshake(param.type(), param.delegate(), client, server); + } + }); } finally { cleanupClientSslEngine(client); cleanupServerSslEngine(server); @@ -1475,9 +1506,11 @@ public class OpenSslEngineTest extends SSLEngineTest { @SuppressWarnings("deprecation") @Override - protected SslContext wrapContext(SslContext context) { + protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) { if (context instanceof OpenSslContext) { - ((OpenSslContext) context).setUseTasks(useTasks); + if (param instanceof OpenSslEngineTestParam) { + ((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks); + } // Explicit enable the session cache as its disabled by default on the client side. ((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true); } @@ -1485,26 +1518,23 @@ public class OpenSslEngineTest extends SSLEngineTest { } @Override - @Test - public void testSessionCache() throws Exception { + public void testSessionCache(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCache(); + super.testSessionCache(param); assertSessionContext(clientSslCtx); assertSessionContext(serverSslCtx); } @Override - @Test - public void testSessionCacheTimeout() throws Exception { + public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCacheTimeout(); + super.testSessionCacheTimeout(param); } @Override - @Test - public void testSessionCacheSize() throws Exception { + public void testSessionCacheSize(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCacheSize(); + super.testSessionCacheSize(param); } private static void assertSessionContext(SslContext context) { diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTestParam.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTestParam.java new file mode 100644 index 0000000000..a8f725fce5 --- /dev/null +++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTestParam.java @@ -0,0 +1,34 @@ +/* + * Copyright 2021 The Netty Project + * + * The Netty Project licenses this file to you under the Apache License, + * version 2.0 (the "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at: + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + */ +package io.netty.handler.ssl; + +final class OpenSslEngineTestParam extends SSLEngineTest.SSLEngineTestParam { + final boolean useTasks; + OpenSslEngineTestParam(boolean useTasks, SSLEngineTest.SSLEngineTestParam param) { + super(param.type(), param.combo(), param.delegate()); + this.useTasks = useTasks; + } + + @Override + public String toString() { + return "OpenSslEngineTestParam{" + + "type=" + type() + + ", protocolCipherCombo=" + combo() + + ", delegate=" + delegate() + + ", useTasks=" + useTasks + + '}'; + } +} diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslErrorStackAssertSSLEngine.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslErrorStackAssertSSLEngine.java index 1a7a57f967..916395086b 100644 --- a/handler/src/test/java/io/netty/handler/ssl/OpenSslErrorStackAssertSSLEngine.java +++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslErrorStackAssertSSLEngine.java @@ -18,7 +18,6 @@ package io.netty.handler.ssl; import io.netty.internal.tcnative.SSL; import io.netty.util.ReferenceCounted; import io.netty.util.internal.PlatformDependent; -import org.junit.Assert; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; @@ -29,6 +28,8 @@ import java.nio.ByteBuffer; import java.util.List; import java.util.function.BiFunction; +import static org.junit.jupiter.api.Assertions.assertEquals; + /** * Special {@link SSLEngine} which allows to wrap a {@link ReferenceCountedOpenSslEngine} and verify that that * Error stack is empty after each method call. @@ -436,6 +437,6 @@ final class OpenSslErrorStackAssertSSLEngine extends JdkSslEngine implements Ref private static void assertErrorStackEmpty() { long error = SSL.getLastErrorNumber(); - Assert.assertEquals("SSL error stack non-empty: " + SSL.getErrorString(error), 0, error); + assertEquals(0, error, "SSL error stack non-empty: " + SSL.getErrorString(error)); } } diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java index 5884198c15..f4d43e4b4c 100644 --- a/handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java @@ -15,57 +15,38 @@ */ package io.netty.handler.ssl; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.Test; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Disabled; import javax.net.ssl.SSLEngine; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; - import java.util.ArrayList; -import java.util.Collection; import java.util.List; import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory; -import static org.junit.Assume.assumeTrue; +import static org.junit.jupiter.api.Assumptions.assumeTrue; -@RunWith(Parameterized.class) public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest { - @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}") - public static Collection data() { - List params = new ArrayList(); - for (BufferType type: BufferType.values()) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true }); + public OpenSslJdkSslEngineInteroptTest() { + super(SslProvider.isTlsv13Supported(SslProvider.JDK) && + SslProvider.isTlsv13Supported(SslProvider.OPENSSL)); + } - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false}); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true }); - - if (SslProvider.isTlsv13Supported(SslProvider.JDK) && SslProvider.isTlsv13Supported(SslProvider.OPENSSL)) { - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true }); - - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false }); - params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true }); - } + @Override + protected List newTestParams() { + List params = super.newTestParams(); + List testParams = new ArrayList(); + for (SSLEngineTestParam param: params) { + testParams.add(new OpenSslEngineTestParam(true, param)); + testParams.add(new OpenSslEngineTestParam(false, param)); } - return params; + return testParams; } - private final boolean useTasks; - - public OpenSslJdkSslEngineInteroptTest(BufferType type, ProtocolCipherCombo combo, - boolean delegate, boolean useTasks) { - super(type, combo, delegate); - this.useTasks = useTasks; - } - - @BeforeClass + @BeforeAll public static void checkOpenSsl() { - assumeTrue(OpenSsl.isAvailable()); + OpenSsl.ensureAvailability(); } @Override @@ -78,42 +59,43 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest { return SslProvider.JDK; } - @Ignore /* Does the JDK support a "max certificate chain length"? */ + @Disabled /* Does the JDK support a "max certificate chain length"? */ @Override - public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception { + public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) + throws Exception { } - @Ignore /* Does the JDK support a "max certificate chain length"? */ + @Disabled /* Does the JDK support a "max certificate chain length"? */ @Override - public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception { + public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) + throws Exception { } @Override - @Test - public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(); + super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param); } @Override - @Test - public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(); + super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param); } @Override - @Test - public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception { + public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param) + throws Exception { checkShouldUseKeyManagerFactory(); - super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(); + super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param); } @Override - @Test - public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception { + public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(); + super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param); } @Override @@ -123,52 +105,47 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest { } @Override - public void testHandshakeSession() throws Exception { + public void testHandshakeSession(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testHandshakeSession(); + super.testHandshakeSession(param); } @Override - @Test - public void testSupportedSignatureAlgorithms() throws Exception { + public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSupportedSignatureAlgorithms(); + super.testSupportedSignatureAlgorithms(param); } @Override - @Test - public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception { + public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception { checkShouldUseKeyManagerFactory(); - super.testSessionLocalWhenNonMutualWithKeyManager(); + super.testSessionLocalWhenNonMutualWithKeyManager(param); } @Override - public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception { + public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception { // This only really works when the KeyManagerFactory is supported as otherwise we not really know when // we need to provide a cert. assumeTrue(OpenSsl.supportsKeyManagerFactory()); - super.testSessionLocalWhenNonMutualWithoutKeyManager(); + super.testSessionLocalWhenNonMutualWithoutKeyManager(param); } @Override - @Test - public void testSessionCache() throws Exception { + public void testSessionCache(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCache(); + super.testSessionCache(param); } @Override - @Test - public void testSessionCacheTimeout() throws Exception { + public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCacheTimeout(); + super.testSessionCacheTimeout(param); } @Override - @Test - public void testSessionCacheSize() throws Exception { + public void testSessionCacheSize(SSLEngineTestParam param) throws Exception { assumeTrue(OpenSsl.isSessionCacheSupported()); - super.testSessionCacheSize(); + super.testSessionCacheSize(param); } @Override @@ -178,9 +155,9 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest { @SuppressWarnings("deprecation") @Override - protected SslContext wrapContext(SslContext context) { - if (context instanceof OpenSslContext) { - ((OpenSslContext) context).setUseTasks(useTasks); + protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) { + if (context instanceof OpenSslContext && param instanceof OpenSslEngineTestParam) { + ((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks); // Explicit enable the session cache as its disabled by default on the client side. ((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true); } diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java index 26fef9847e..f77cc6fd28 100644 --- a/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java @@ -15,7 +15,7 @@ */ package io.netty.handler.ssl; -import org.junit.BeforeClass; +import org.junit.jupiter.api.BeforeAll; import java.util.concurrent.atomic.AtomicReference; @@ -24,11 +24,10 @@ import javax.net.ssl.SSLException; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.instanceOf; import static org.hamcrest.Matchers.is; -import static org.junit.Assume.assumeTrue; public class OpenSslRenegotiateTest extends RenegotiateTest { - @BeforeClass + @BeforeAll public static void checkOpenSsl() { OpenSsl.ensureAvailability(); } diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java index 17c0921f50..099e85d80c 100644 --- a/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java @@ -15,14 +15,14 @@ */ package io.netty.handler.ssl; -import org.junit.BeforeClass; +import org.junit.jupiter.api.BeforeAll; import javax.net.ssl.SSLException; import java.io.File; public class OpenSslServerContextTest extends SslContextTest { - @BeforeClass + @BeforeAll public static void checkOpenSsl() { OpenSsl.ensureAvailability(); } diff --git a/handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java index 666420ec60..aa32b7de2f 100644 --- a/handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java @@ -18,19 +18,17 @@ package io.netty.handler.ssl; import io.netty.buffer.UnpooledByteBufAllocator; import io.netty.handler.ssl.util.InsecureTrustManagerFactory; import io.netty.util.ReferenceCountUtil; -import org.junit.Test; +import org.junit.jupiter.api.function.Executable; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; import javax.net.ssl.SSLEngine; -import static junit.framework.TestCase.*; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest { - public ReferenceCountedOpenSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate, - boolean useTasks) { - super(type, combo, delegate, useTasks); - } - @Override protected SslProvider sslClientProvider() { return SslProvider.OPENSSL_REFCNT; @@ -61,37 +59,46 @@ public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest { ReferenceCountUtil.release(unwrapEngine(engine)); } - @Test(expected = NullPointerException.class) - public void testNotLeakOnException() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testNotLeakOnException(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); - clientSslCtx.newEngine(null); + assertThrows(NullPointerException.class, new Executable() { + @Override + public void execute() throws Throwable { + clientSslCtx.newEngine(null); + } + }); } @SuppressWarnings("deprecation") @Override - protected SslContext wrapContext(SslContext context) { + protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) { if (context instanceof ReferenceCountedOpenSslContext) { - ((ReferenceCountedOpenSslContext) context).setUseTasks(useTasks); + if (param instanceof OpenSslEngineTestParam) { + ((ReferenceCountedOpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks); + } // Explicit enable the session cache as its disabled by default on the client side. ((ReferenceCountedOpenSslContext) context).sessionContext().setSessionCacheEnabled(true); } return context; } - @Test - public void parentContextIsRetainedByChildEngines() throws Exception { - SslContext clientSslCtx = SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void parentContextIsRetainedByChildEngines(SSLEngineTestParam param) throws Exception { + SslContext clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) - .build(); + .protocols(param.protocols()) + .ciphers(param.ciphers()) + .build()); SSLEngine engine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); assertEquals(ReferenceCountUtil.refCnt(clientSslCtx), 2); diff --git a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java index 07fa482ab3..c2995b7fd1 100644 --- a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java @@ -50,13 +50,18 @@ import io.netty.util.internal.PlatformDependent; import io.netty.util.internal.StringUtil; import io.netty.util.internal.SystemPropertyUtil; import org.conscrypt.OpenSSLProvider; -import org.junit.After; -import org.junit.Assume; -import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestInstance; +import org.junit.jupiter.api.Timeout; +import org.junit.jupiter.api.function.Executable; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; import org.mockito.ArgumentCaptor; import org.mockito.Mock; import org.mockito.MockitoAnnotations; +import org.opentest4j.AssertionFailedError; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; @@ -88,7 +93,6 @@ import java.util.HashSet; import java.util.List; import java.util.Set; import java.util.concurrent.CountDownLatch; -import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.TimeUnit; @@ -122,21 +126,25 @@ import javax.net.ssl.X509TrustManager; import javax.security.cert.X509Certificate; import static io.netty.handler.ssl.SslUtils.*; -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertSame; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; -import static org.junit.Assume.assumeTrue; +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertSame; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; +import static org.junit.jupiter.api.Assumptions.assumeFalse; +import static org.junit.jupiter.api.Assumptions.assumeTrue; import static org.mockito.Mockito.verify; +@TestInstance(TestInstance.Lifecycle.PER_CLASS) public abstract class SSLEngineTest { private static final String PRINCIPAL_NAME = "CN=e8ac02fa0d65a84219016045db8b05c485b4ecdf.netty.test"; + private final boolean tlsv13Supported; @Mock protected MessageReceiver serverReceiver; @@ -212,18 +220,59 @@ public abstract class SSLEngineTest { } } - private final BufferType type; - protected final ProtocolCipherCombo protocolCipherCombo; - private final boolean delegate; - private ExecutorService delegatingExecutor; - - protected SSLEngineTest(BufferType type, ProtocolCipherCombo protocolCipherCombo, boolean delegate) { - this.type = type; - this.protocolCipherCombo = protocolCipherCombo; - this.delegate = delegate; + protected SSLEngineTest(boolean tlsv13Supported) { + this.tlsv13Supported = tlsv13Supported; } - protected ByteBuffer allocateBuffer(int len) { + protected static class SSLEngineTestParam { + private final BufferType type; + private final ProtocolCipherCombo protocolCipherCombo; + private final boolean delegate; + + SSLEngineTestParam(BufferType type, ProtocolCipherCombo protocolCipherCombo, boolean delegate) { + this.type = type; + this.protocolCipherCombo = protocolCipherCombo; + this.delegate = delegate; + } + + final BufferType type() { + return type; + } + + final ProtocolCipherCombo combo() { + return protocolCipherCombo; + } + + final boolean delegate() { + return delegate; + } + + final List protocols() { + return Collections.singletonList(protocolCipherCombo.protocol); + } + + final List ciphers() { + return Collections.singletonList(protocolCipherCombo.cipher); + } + } + + protected List newTestParams() { + List params = new ArrayList(); + for (BufferType type: BufferType.values()) { + params.add(new SSLEngineTestParam(type, ProtocolCipherCombo.tlsv12(), false)); + params.add(new SSLEngineTestParam(type, ProtocolCipherCombo.tlsv12(), true)); + + if (tlsv13Supported) { + params.add(new SSLEngineTestParam(type, ProtocolCipherCombo.tlsv13(), false)); + params.add(new SSLEngineTestParam(type, ProtocolCipherCombo.tlsv13(), true)); + } + } + return params; + } + + private ExecutorService delegatingExecutor; + + protected ByteBuffer allocateBuffer(BufferType type, int len) { switch (type) { case Direct: return ByteBuffer.allocateDirect(len); @@ -401,17 +450,15 @@ public abstract class SSLEngineTest { } } - @Before + @BeforeEach public void setup() { MockitoAnnotations.initMocks(this); serverLatch = new CountDownLatch(1); clientLatch = new CountDownLatch(1); - if (delegate) { - delegatingExecutor = Executors.newCachedThreadPool(); - } + delegatingExecutor = Executors.newCachedThreadPool(); } - @After + @AfterEach public void tearDown() throws InterruptedException { ChannelFuture clientCloseFuture = null; ChannelFuture serverConnectedCloseFuture = null; @@ -467,16 +514,15 @@ public abstract class SSLEngineTest { if (clientGroupShutdownFuture != null) { clientGroupShutdownFuture.sync(); } + delegatingExecutor.shutdown(); serverException = null; - - if (delegatingExecutor != null) { - delegatingExecutor.shutdown(); - } + clientException = null; } - @Test - public void testMutualAuthSameCerts() throws Throwable { - mySetupMutualAuth(ResourcesUtil.getFile(getClass(), "test_unencrypted.pem"), + @MethodSource("newTestParams") + @ParameterizedTest + public void testMutualAuthSameCerts(SSLEngineTestParam param) throws Throwable { + mySetupMutualAuth(param, ResourcesUtil.getFile(getClass(), "test_unencrypted.pem"), ResourcesUtil.getFile(getClass(), "test.crt"), null); runTest(null); @@ -487,27 +533,28 @@ public abstract class SSLEngineTest { } } - @Test - public void testSetSupportedCiphers() throws Exception { - if (protocolCipherCombo != ProtocolCipherCombo.tlsv12()) { + @MethodSource("newTestParams") + @ParameterizedTest + public void testSetSupportedCiphers(SSLEngineTestParam param) throws Exception { + if (param.protocolCipherCombo != ProtocolCipherCombo.tlsv12()) { return; } SelfSignedCertificate cert = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(cert.key(), cert.cert()) - .protocols(protocols()) - .ciphers(ciphers()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(cert.key(), cert.cert()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .sslProvider(sslServerProvider()).build()); final SSLEngine serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - clientSslCtx = wrapContext(SslContextBuilder.forClient() + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(cert.certificate()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .sslProvider(sslClientProvider()).build()); final SSLEngine clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - final String[] enabledCiphers = new String[]{ ciphers().get(0) }; + final String[] enabledCiphers = new String[]{ param.ciphers().get(0) }; try { clientEngine.setEnabledCipherSuites(enabledCiphers); @@ -522,22 +569,23 @@ public abstract class SSLEngineTest { } } - @Test(expected = SSLHandshakeException.class) - public void testIncompatibleCiphers() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testIncompatibleCiphers(final SSLEngineTestParam param) throws Exception { assumeTrue(SslProvider.isTlsv13Supported(sslClientProvider())); assumeTrue(SslProvider.isTlsv13Supported(sslServerProvider())); SelfSignedCertificate ssc = new SelfSignedCertificate(); // Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail // due to no shared/supported cipher. - clientSslCtx = wrapContext(SslContextBuilder.forClient() + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1) .sslContextProvider(clientSslContextProvider()) .sslProvider(sslClientProvider()) .build()); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .protocols(SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2, SslProtocols.TLS_v1) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) @@ -555,13 +603,15 @@ public abstract class SSLEngineTest { // Set the client to only support a single TLSv1.3 cipher final String clientCipher = "TLS_AES_256_GCM_SHA384"; clientEngine.setEnabledCipherSuites(new String[] { clientCipher }); - handshake(clientEngine, serverEngine); - // We shouldn't get here as the handshake should throw a SSLHandshakeException. If - // we do, throw our own exception that is more informative as to what has happened. - fail("Unexpected handshake success. Negotiated TLS version: " + - clientEngine.getSession().getProtocol() + - ", cipher suite negotiated: " + clientEngine.getSession().getCipherSuite()); + final SSLEngine client = clientEngine; + final SSLEngine server = serverEngine; + assertThrows(SSLHandshakeException.class, new Executable() { + @Override + public void execute() throws Throwable { + handshake(param.type(), param.delegate(), client, server); + } + }); } finally { cleanupClientSslEngine(clientEngine); cleanupServerSslEngine(serverEngine); @@ -569,22 +619,24 @@ public abstract class SSLEngineTest { } } - @Test - public void testMutualAuthDiffCerts() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testMutualAuthDiffCerts(SSLEngineTestParam param) throws Exception { File serverKeyFile = ResourcesUtil.getFile(getClass(), "test_encrypted.pem"); File serverCrtFile = ResourcesUtil.getFile(getClass(), "test.crt"); String serverKeyPassword = "12345"; File clientKeyFile = ResourcesUtil.getFile(getClass(), "test2_encrypted.pem"); File clientCrtFile = ResourcesUtil.getFile(getClass(), "test2.crt"); String clientKeyPassword = "12345"; - mySetupMutualAuth(clientCrtFile, serverKeyFile, serverCrtFile, serverKeyPassword, + mySetupMutualAuth(param, clientCrtFile, serverKeyFile, serverCrtFile, serverKeyPassword, serverCrtFile, clientKeyFile, clientCrtFile, clientKeyPassword); runTest(null); assertTrue(serverLatch.await(2, TimeUnit.SECONDS)); } - @Test - public void testMutualAuthDiffCertsServerFailure() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testMutualAuthDiffCertsServerFailure(SSLEngineTestParam param) throws Exception { File serverKeyFile = ResourcesUtil.getFile(getClass(), "test_encrypted.pem"); File serverCrtFile = ResourcesUtil.getFile(getClass(), "test.crt"); String serverKeyPassword = "12345"; @@ -592,14 +644,15 @@ public abstract class SSLEngineTest { File clientCrtFile = ResourcesUtil.getFile(getClass(), "test2.crt"); String clientKeyPassword = "12345"; // Client trusts server but server only trusts itself - mySetupMutualAuth(serverCrtFile, serverKeyFile, serverCrtFile, serverKeyPassword, + mySetupMutualAuth(param, serverCrtFile, serverKeyFile, serverCrtFile, serverKeyPassword, serverCrtFile, clientKeyFile, clientCrtFile, clientKeyPassword); assertTrue(serverLatch.await(10, TimeUnit.SECONDS)); assertTrue(serverException instanceof SSLHandshakeException); } - @Test - public void testMutualAuthDiffCertsClientFailure() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testMutualAuthDiffCertsClientFailure(SSLEngineTestParam param) throws Exception { File serverKeyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem"); File serverCrtFile = ResourcesUtil.getFile(getClass(), "test.crt"); String serverKeyPassword = null; @@ -607,38 +660,48 @@ public abstract class SSLEngineTest { File clientCrtFile = ResourcesUtil.getFile(getClass(), "test2.crt"); String clientKeyPassword = null; // Server trusts client but client only trusts itself - mySetupMutualAuth(clientCrtFile, serverKeyFile, serverCrtFile, serverKeyPassword, + mySetupMutualAuth(param, clientCrtFile, serverKeyFile, serverCrtFile, serverKeyPassword, clientCrtFile, clientKeyFile, clientCrtFile, clientKeyPassword); assertTrue(clientLatch.await(10, TimeUnit.SECONDS)); assertTrue(clientException instanceof SSLHandshakeException); } - @Test - public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception { - testMutualAuthInvalidClientCertSucceed(ClientAuth.NONE); + @MethodSource("newTestParams") + @ParameterizedTest + public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param) + throws Exception { + testMutualAuthInvalidClientCertSucceed(param, ClientAuth.NONE); } - @Test - public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception { - testMutualAuthClientCertFail(ClientAuth.OPTIONAL); + @MethodSource("newTestParams") + @ParameterizedTest + public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param) + throws Exception { + testMutualAuthClientCertFail(param, ClientAuth.OPTIONAL); } - @Test - public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception { - testMutualAuthClientCertFail(ClientAuth.REQUIRE); + @MethodSource("newTestParams") + @ParameterizedTest + public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param) + throws Exception { + testMutualAuthClientCertFail(param, ClientAuth.REQUIRE); } - @Test - public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception { - testMutualAuthClientCertFail(ClientAuth.OPTIONAL, "mutual_auth_client.p12", true); + @MethodSource("newTestParams") + @ParameterizedTest + public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) + throws Exception { + testMutualAuthClientCertFail(param, ClientAuth.OPTIONAL, "mutual_auth_client.p12", true); } - @Test - public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception { - testMutualAuthClientCertFail(ClientAuth.REQUIRE, "mutual_auth_client.p12", true); + @MethodSource("newTestParams") + @ParameterizedTest + public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) + throws Exception { + testMutualAuthClientCertFail(param, ClientAuth.REQUIRE, "mutual_auth_client.p12", true); } - private void testMutualAuthInvalidClientCertSucceed(ClientAuth auth) throws Exception { + private void testMutualAuthInvalidClientCertSucceed(SSLEngineTestParam param, ClientAuth auth) throws Exception { char[] password = "example".toCharArray(); final KeyStore serverKeyStore = KeyStore.getInstance("PKCS12"); serverKeyStore.load(getClass().getResourceAsStream("mutual_auth_server.p12"), password); @@ -652,19 +715,20 @@ public abstract class SSLEngineTest { clientKeyManagerFactory.init(clientKeyStore, password); File commonCertChain = ResourcesUtil.getFile(getClass(), "mutual_auth_ca.pem"); - mySetupMutualAuth(serverKeyManagerFactory, commonCertChain, clientKeyManagerFactory, commonCertChain, + mySetupMutualAuth(param, serverKeyManagerFactory, commonCertChain, clientKeyManagerFactory, commonCertChain, auth, false, false); assertTrue(clientLatch.await(10, TimeUnit.SECONDS)); - assertNull(clientException); + rethrowIfNotNull(clientException); assertTrue(serverLatch.await(5, TimeUnit.SECONDS)); - assertNull(serverException); + rethrowIfNotNull(serverException); } - private void testMutualAuthClientCertFail(ClientAuth auth) throws Exception { - testMutualAuthClientCertFail(auth, "mutual_auth_invalid_client.p12", false); + private void testMutualAuthClientCertFail(SSLEngineTestParam param, ClientAuth auth) throws Exception { + testMutualAuthClientCertFail(param, auth, "mutual_auth_invalid_client.p12", false); } - private void testMutualAuthClientCertFail(ClientAuth auth, String clientCert, boolean serverInitEngine) + private void testMutualAuthClientCertFail(SSLEngineTestParam param, ClientAuth auth, String clientCert, + boolean serverInitEngine) throws Exception { char[] password = "example".toCharArray(); final KeyStore serverKeyStore = KeyStore.getInstance("PKCS12"); @@ -679,14 +743,14 @@ public abstract class SSLEngineTest { clientKeyManagerFactory.init(clientKeyStore, password); File commonCertChain = ResourcesUtil.getFile(getClass(), "mutual_auth_ca.pem"); - mySetupMutualAuth(serverKeyManagerFactory, commonCertChain, clientKeyManagerFactory, commonCertChain, + mySetupMutualAuth(param, serverKeyManagerFactory, commonCertChain, clientKeyManagerFactory, commonCertChain, auth, true, serverInitEngine); assertTrue(clientLatch.await(10, TimeUnit.SECONDS)); - assertTrue("unexpected exception: " + clientException, - mySetupMutualAuthServerIsValidClientException(clientException)); + assertTrue(mySetupMutualAuthServerIsValidClientException(clientException), + "unexpected exception: " + clientException); assertTrue(serverLatch.await(5, TimeUnit.SECONDS)); - assertTrue("unexpected exception: " + serverException, - mySetupMutualAuthServerIsValidServerException(serverException)); + assertTrue(mySetupMutualAuthServerIsValidServerException(serverException), + "unexpected exception: " + serverException); } protected static boolean causedBySSLException(Throwable cause) { @@ -716,15 +780,16 @@ public abstract class SSLEngineTest { protected void mySetupMutualAuthServerInitSslHandler(SslHandler handler) { } - private void mySetupMutualAuth(KeyManagerFactory serverKMF, final File serverTrustManager, + private void mySetupMutualAuth(final SSLEngineTestParam param, KeyManagerFactory serverKMF, + final File serverTrustManager, KeyManagerFactory clientKMF, File clientTrustManager, ClientAuth clientAuth, final boolean failureExpected, final boolean serverInitEngine) throws SSLException, InterruptedException { serverSslCtx = - wrapContext(SslContextBuilder.forServer(serverKMF) - .protocols(protocols()) - .ciphers(ciphers()) + wrapContext(param, SslContextBuilder.forServer(serverKMF) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) .trustManager(serverTrustManager) @@ -734,9 +799,9 @@ public abstract class SSLEngineTest { .sessionTimeout(0).build()); clientSslCtx = - wrapContext(SslContextBuilder.forClient() - .protocols(protocols()) - .ciphers(ciphers()) + wrapContext(param, SslContextBuilder.forClient() + .protocols(param.protocols()) + .ciphers(param.ciphers()) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) .trustManager(clientTrustManager) @@ -754,10 +819,10 @@ public abstract class SSLEngineTest { sb.childHandler(new ChannelInitializer() { @Override protected void initChannel(Channel ch) throws Exception { - ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type)); + ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type())); ChannelPipeline p = ch.pipeline(); - SslHandler handler = delegatingExecutor == null ? serverSslCtx.newHandler(ch.alloc()) : + SslHandler handler = !param.delegate ? serverSslCtx.newHandler(ch.alloc()) : serverSslCtx.newHandler(ch.alloc(), delegatingExecutor); if (serverInitEngine) { mySetupMutualAuthServerInitSslHandler(handler); @@ -799,10 +864,10 @@ public abstract class SSLEngineTest { cb.handler(new ChannelInitializer() { @Override protected void initChannel(Channel ch) throws Exception { - ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type)); + ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type)); ChannelPipeline p = ch.pipeline(); - SslHandler handler = delegatingExecutor == null ? clientSslCtx.newHandler(ch.alloc()) : + SslHandler handler = !param.delegate ? clientSslCtx.newHandler(ch.alloc()) : clientSslCtx.newHandler(ch.alloc(), delegatingExecutor); p.addLast(handler); p.addLast(new MessageDelegatorChannelHandler(clientReceiver, clientLatch)); @@ -843,31 +908,40 @@ public abstract class SSLEngineTest { clientChannel = ccf.channel(); } - @Test - public void testClientHostnameValidationSuccess() throws Exception { - mySetupClientHostnameValidation(ResourcesUtil.getFile(getClass(), "localhost_server.pem"), + private static void rethrowIfNotNull(Throwable error) { + if (error != null) { + throw new AssertionFailedError("Expected no error", error); + } + } + + @MethodSource("newTestParams") + @ParameterizedTest + public void testClientHostnameValidationSuccess(SSLEngineTestParam param) throws Exception { + mySetupClientHostnameValidation(param, ResourcesUtil.getFile(getClass(), "localhost_server.pem"), ResourcesUtil.getFile(getClass(), "localhost_server.key"), ResourcesUtil.getFile(getClass(), "mutual_auth_ca.pem"), false); assertTrue(clientLatch.await(10, TimeUnit.SECONDS)); - assertNull(clientException); + + rethrowIfNotNull(clientException); assertTrue(serverLatch.await(5, TimeUnit.SECONDS)); - assertNull(serverException); + rethrowIfNotNull(serverException); } - @Test - public void testClientHostnameValidationFail() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testClientHostnameValidationFail(SSLEngineTestParam param) throws Exception { Future clientWriteFuture = - mySetupClientHostnameValidation(ResourcesUtil.getFile(getClass(), "notlocalhost_server.pem"), + mySetupClientHostnameValidation(param, ResourcesUtil.getFile(getClass(), "notlocalhost_server.pem"), ResourcesUtil.getFile(getClass(), "notlocalhost_server.key"), ResourcesUtil.getFile(getClass(), "mutual_auth_ca.pem"), true); assertTrue(clientLatch.await(10, TimeUnit.SECONDS)); - assertTrue("unexpected exception: " + clientException, - mySetupMutualAuthServerIsValidClientException(clientException)); + assertTrue(mySetupMutualAuthServerIsValidClientException(clientException), + "unexpected exception: " + clientException); assertTrue(serverLatch.await(5, TimeUnit.SECONDS)); - assertTrue("unexpected exception: " + serverException, - mySetupMutualAuthServerIsValidServerException(serverException)); + assertTrue(mySetupMutualAuthServerIsValidServerException(serverException), + "unexpected exception: " + serverException); // Verify that any pending writes are failed with the cached handshake exception and not a general SSLException. clientWriteFuture.awaitUninterruptibly(); @@ -875,15 +949,16 @@ public abstract class SSLEngineTest { assertSame(clientException, actualCause); } - private Future mySetupClientHostnameValidation(File serverCrtFile, File serverKeyFile, + private Future mySetupClientHostnameValidation(final SSLEngineTestParam param, File serverCrtFile, + File serverKeyFile, File clientTrustCrtFile, final boolean failureExpected) throws SSLException, InterruptedException { final String expectedHost = "localhost"; - serverSslCtx = wrapContext(SslContextBuilder.forServer(serverCrtFile, serverKeyFile, null) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(serverCrtFile, serverKeyFile, null) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .sslContextProvider(serverSslContextProvider()) .trustManager(InsecureTrustManagerFactory.INSTANCE) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE) @@ -891,10 +966,10 @@ public abstract class SSLEngineTest { .sessionTimeout(0) .build()); - clientSslCtx = wrapContext(SslContextBuilder.forClient() + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .sslContextProvider(clientSslContextProvider()) .trustManager(clientTrustCrtFile) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE) @@ -911,10 +986,10 @@ public abstract class SSLEngineTest { sb.childHandler(new ChannelInitializer() { @Override protected void initChannel(Channel ch) throws Exception { - ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type)); + ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type)); ChannelPipeline p = ch.pipeline(); - SslHandler handler = delegatingExecutor == null ? serverSslCtx.newHandler(ch.alloc()) : + SslHandler handler = !param.delegate ? serverSslCtx.newHandler(ch.alloc()) : serverSslCtx.newHandler(ch.alloc(), delegatingExecutor); p.addLast(handler); p.addLast(new MessageDelegatorChannelHandler(serverReceiver, serverLatch)); @@ -954,11 +1029,11 @@ public abstract class SSLEngineTest { cb.handler(new ChannelInitializer() { @Override protected void initChannel(Channel ch) throws Exception { - ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type)); + ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type)); ChannelPipeline p = ch.pipeline(); InetSocketAddress remoteAddress = (InetSocketAddress) serverChannel.localAddress(); - SslHandler sslHandler = delegatingExecutor == null ? + SslHandler sslHandler = !param.delegate ? clientSslCtx.newHandler(ch.alloc(), expectedHost, 0) : clientSslCtx.newHandler(ch.alloc(), expectedHost, 0, delegatingExecutor); @@ -1019,20 +1094,21 @@ public abstract class SSLEngineTest { return clientWritePromise; } - private void mySetupMutualAuth(File keyFile, File crtFile, String keyPassword) + private void mySetupMutualAuth(SSLEngineTestParam param, File keyFile, File crtFile, String keyPassword) throws SSLException, InterruptedException { - mySetupMutualAuth(crtFile, keyFile, crtFile, keyPassword, crtFile, keyFile, crtFile, keyPassword); + mySetupMutualAuth(param, crtFile, keyFile, crtFile, keyPassword, crtFile, keyFile, crtFile, keyPassword); } - private void verifySSLSessionForMutualAuth(SSLSession session, File certFile, String principalName) + private void verifySSLSessionForMutualAuth( + SSLEngineTestParam param, SSLSession session, File certFile, String principalName) throws Exception { InputStream in = null; try { assertEquals(principalName, session.getLocalPrincipal().getName()); assertEquals(principalName, session.getPeerPrincipal().getName()); assertNotNull(session.getId()); - assertEquals(protocolCipherCombo.cipher, session.getCipherSuite()); - assertEquals(protocolCipherCombo.protocol, session.getProtocol()); + assertEquals(param.combo().cipher, session.getCipherSuite()); + assertEquals(param.combo().protocol, session.getProtocol()); assertTrue(session.getApplicationBufferSize() > 0); assertTrue(session.getCreationTime() > 0); assertTrue(session.isValid()); @@ -1063,26 +1139,26 @@ public abstract class SSLEngineTest { } } - private void mySetupMutualAuth( + private void mySetupMutualAuth(final SSLEngineTestParam param, File servertTrustCrtFile, File serverKeyFile, final File serverCrtFile, String serverKeyPassword, File clientTrustCrtFile, File clientKeyFile, final File clientCrtFile, String clientKeyPassword) throws InterruptedException, SSLException { serverSslCtx = - wrapContext(SslContextBuilder.forServer(serverCrtFile, serverKeyFile, serverKeyPassword) + wrapContext(param, SslContextBuilder.forServer(serverCrtFile, serverKeyFile, serverKeyPassword) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .trustManager(servertTrustCrtFile) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE) .sessionCacheSize(0) .sessionTimeout(0).build()); clientSslCtx = - wrapContext(SslContextBuilder.forClient() + wrapContext(param, SslContextBuilder.forClient() .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .trustManager(clientTrustCrtFile) .keyManager(clientCrtFile, clientKeyFile, clientKeyPassword) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE) @@ -1098,7 +1174,7 @@ public abstract class SSLEngineTest { sb.childHandler(new ChannelInitializer() { @Override protected void initChannel(Channel ch) { - ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type)); + ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type)); ChannelPipeline p = ch.pipeline(); final SSLEngine engine = wrapEngine(serverSslCtx.newEngine(ch.alloc())); @@ -1124,7 +1200,7 @@ public abstract class SSLEngineTest { if (evt == SslHandshakeCompletionEvent.SUCCESS) { try { verifySSLSessionForMutualAuth( - engine.getSession(), serverCrtFile, PRINCIPAL_NAME); + param, engine.getSession(), serverCrtFile, PRINCIPAL_NAME); } catch (Throwable cause) { serverException = cause; } @@ -1140,9 +1216,9 @@ public abstract class SSLEngineTest { cb.handler(new ChannelInitializer() { @Override protected void initChannel(Channel ch) throws Exception { - ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type)); + ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type)); - final SslHandler handler = delegatingExecutor == null ? + final SslHandler handler = !param.delegate ? clientSslCtx.newHandler(ch.alloc()) : clientSslCtx.newHandler(ch.alloc(), delegatingExecutor); @@ -1156,7 +1232,7 @@ public abstract class SSLEngineTest { if (evt == SslHandshakeCompletionEvent.SUCCESS) { try { verifySSLSessionForMutualAuth( - handler.engine().getSession(), clientCrtFile, PRINCIPAL_NAME); + param, handler.engine().getSession(), clientCrtFile, PRINCIPAL_NAME); } catch (Throwable cause) { clientException = cause; } @@ -1235,7 +1311,7 @@ public abstract class SSLEngineTest { @Test public void testGetCreationTime() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + clientSslCtx = wrapContext(null, SslContextBuilder.forClient() .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()).build()); SSLEngine engine = null; @@ -1247,28 +1323,29 @@ public abstract class SSLEngineTest { } } - @Test - public void testSessionInvalidate() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testSessionInvalidate(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); SSLSession session = serverEngine.getSession(); assertTrue(session.isValid()); @@ -1281,20 +1358,21 @@ public abstract class SSLEngineTest { } } - @Test - public void testSSLSessionId() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testSSLSessionId(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) // This test only works for non TLSv1.3 for now - .protocols(protocols()) + .protocols(param.protocols()) .sslContextProvider(clientSslContextProvider()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) // This test only works for non TLSv1.3 for now - .protocols(protocols()) + .protocols(param.protocols()) .sslContextProvider(serverSslContextProvider()) .build()); SSLEngine clientEngine = null; @@ -1307,12 +1385,12 @@ public abstract class SSLEngineTest { assertEquals(0, clientEngine.getSession().getId().length); assertEquals(0, serverEngine.getSession().getId().length); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); - if (protocolCipherCombo == ProtocolCipherCombo.TLSV13) { + if (param.protocolCipherCombo == ProtocolCipherCombo.TLSV13) { // Allocate something which is big enough for sure - ByteBuffer packetBuffer = allocateBuffer(32 * 1024); - ByteBuffer appBuffer = allocateBuffer(32 * 1024); + ByteBuffer packetBuffer = allocateBuffer(param.type(), 32 * 1024); + ByteBuffer appBuffer = allocateBuffer(param.type(), 32 * 1024); appBuffer.clear().position(4).flip(); packetBuffer.clear(); @@ -1364,15 +1442,18 @@ public abstract class SSLEngineTest { } } - @Test(timeout = 30000) - public void clientInitiatedRenegotiationWithFatalAlertDoesNotInfiniteLoopServer() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + @Timeout(30) + public void clientInitiatedRenegotiationWithFatalAlertDoesNotInfiniteLoopServer(final SSLEngineTestParam param) + throws Exception { assumeTrue(PlatformDependent.javaVersion() >= 11); final SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); sb = new ServerBootstrap() .group(new NioEventLoopGroup(1)) @@ -1380,11 +1461,11 @@ public abstract class SSLEngineTest { .childHandler(new ChannelInitializer() { @Override public void initChannel(SocketChannel ch) { - ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type)); + ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type)); ChannelPipeline p = ch.pipeline(); - SslHandler handler = delegatingExecutor == null ? + SslHandler handler = !param.delegate ? serverSslCtx.newHandler(ch.alloc()) : serverSslCtx.newHandler(ch.alloc(), delegatingExecutor); @@ -1427,12 +1508,12 @@ public abstract class SSLEngineTest { serverChannel = sb.bind(new InetSocketAddress(0)).syncUninterruptibly().channel(); - clientSslCtx = wrapContext(SslContextBuilder.forClient() + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() // OpenSslEngine doesn't support renegotiation on client side .sslProvider(SslProvider.JDK) .trustManager(InsecureTrustManagerFactory.INSTANCE) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); cb = new Bootstrap(); @@ -1441,11 +1522,11 @@ public abstract class SSLEngineTest { .handler(new ChannelInitializer() { @Override public void initChannel(SocketChannel ch) { - ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type)); + ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type())); ChannelPipeline p = ch.pipeline(); - SslHandler sslHandler = delegatingExecutor == null ? + SslHandler sslHandler = !param.delegate ? clientSslCtx.newHandler(ch.alloc()) : clientSslCtx.newHandler(ch.alloc(), delegatingExecutor); @@ -1491,16 +1572,17 @@ public abstract class SSLEngineTest { ssc.delete(); } - protected void testEnablingAnAlreadyDisabledSslProtocol(String[] protocols1, String[] protocols2) throws Exception { + protected void testEnablingAnAlreadyDisabledSslProtocol(SSLEngineTestParam param, + String[] protocols1, String[] protocols2) throws Exception { SSLEngine sslEngine = null; try { File serverKeyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem"); File serverCrtFile = ResourcesUtil.getFile(getClass(), "test.crt"); - serverSslCtx = wrapContext(SslContextBuilder.forServer(serverCrtFile, serverKeyFile) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(serverCrtFile, serverKeyFile) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); sslEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); @@ -1528,18 +1610,18 @@ public abstract class SSLEngineTest { } } - protected void handshake(SSLEngine clientEngine, SSLEngine serverEngine) throws Exception { - ByteBuffer cTOs = allocateBuffer(clientEngine.getSession().getPacketBufferSize()); - ByteBuffer sTOc = allocateBuffer(serverEngine.getSession().getPacketBufferSize()); + protected void handshake(BufferType type, boolean delegate, SSLEngine clientEngine, SSLEngine serverEngine) + throws Exception { + ByteBuffer cTOs = allocateBuffer(type, clientEngine.getSession().getPacketBufferSize()); + ByteBuffer sTOc = allocateBuffer(type, serverEngine.getSession().getPacketBufferSize()); - ByteBuffer serverAppReadBuffer = allocateBuffer(serverEngine.getSession().getApplicationBufferSize()); - ByteBuffer clientAppReadBuffer = allocateBuffer( - clientEngine.getSession().getApplicationBufferSize()); + ByteBuffer serverAppReadBuffer = allocateBuffer(type, serverEngine.getSession().getApplicationBufferSize()); + ByteBuffer clientAppReadBuffer = allocateBuffer(type, clientEngine.getSession().getApplicationBufferSize()); clientEngine.beginHandshake(); serverEngine.beginHandshake(); - ByteBuffer empty = allocateBuffer(0); + ByteBuffer empty = allocateBuffer(type, 0); SSLEngineResult clientResult; SSLEngineResult serverResult; @@ -1555,7 +1637,7 @@ public abstract class SSLEngineTest { if (!clientHandshakeFinished) { clientResult = clientEngine.wrap(empty, cTOs); - runDelegatedTasks(clientResult, clientEngine); + runDelegatedTasks(delegate, clientResult, clientEngine); assertEquals(empty.remaining(), clientResult.bytesConsumed()); assertEquals(cTOs.position() - cTOsPos, clientResult.bytesProduced()); @@ -1566,7 +1648,7 @@ public abstract class SSLEngineTest { if (!serverHandshakeFinished) { serverResult = serverEngine.wrap(empty, sTOc); - runDelegatedTasks(serverResult, serverEngine); + runDelegatedTasks(delegate, serverResult, serverEngine); assertEquals(empty.remaining(), serverResult.bytesConsumed()); assertEquals(sTOc.position() - sTOcPos, serverResult.bytesProduced()); @@ -1588,7 +1670,7 @@ public abstract class SSLEngineTest { int clientAppReadBufferPos = clientAppReadBuffer.position(); clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer); - runDelegatedTasks(clientResult, clientEngine); + runDelegatedTasks(delegate, clientResult, clientEngine); assertEquals(sTOc.position() - sTOcPos, clientResult.bytesConsumed()); assertEquals(clientAppReadBuffer.position() - clientAppReadBufferPos, clientResult.bytesProduced()); @@ -1602,7 +1684,7 @@ public abstract class SSLEngineTest { if (!serverHandshakeFinished) { int serverAppReadBufferPos = serverAppReadBuffer.position(); serverResult = serverEngine.unwrap(cTOs, serverAppReadBuffer); - runDelegatedTasks(serverResult, serverEngine); + runDelegatedTasks(delegate, serverResult, serverEngine); assertEquals(cTOs.position() - cTOsPos, serverResult.bytesConsumed()); assertEquals(serverAppReadBuffer.position() - serverAppReadBufferPos, serverResult.bytesProduced()); @@ -1629,14 +1711,14 @@ public abstract class SSLEngineTest { return result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED; } - private void runDelegatedTasks(SSLEngineResult result, SSLEngine engine) throws Exception { + private void runDelegatedTasks(boolean delegate, SSLEngineResult result, SSLEngine engine) throws Exception { if (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) { for (;;) { Runnable task = engine.getDelegatedTask(); if (task == null) { break; } - if (delegatingExecutor == null) { + if (!delegate) { task.run(); } else { delegatingExecutor.submit(task).get(); @@ -1680,12 +1762,13 @@ public abstract class SSLEngineTest { protected void cleanupServerSslEngine(SSLEngine engine) { } - protected void setupHandlers(ApplicationProtocolConfig apn) throws InterruptedException, SSLException, - CertificateException { - setupHandlers(apn, apn); + protected void setupHandlers(SSLEngineTestParam param, ApplicationProtocolConfig apn) + throws InterruptedException, SSLException, CertificateException { + setupHandlers(param, apn, apn); } - protected void setupHandlers(ApplicationProtocolConfig serverApn, ApplicationProtocolConfig clientApn) + protected void setupHandlers(SSLEngineTestParam param, + ApplicationProtocolConfig serverApn, ApplicationProtocolConfig clientApn) throws InterruptedException, SSLException, CertificateException { SelfSignedCertificate ssc = new SelfSignedCertificate(); @@ -1718,15 +1801,16 @@ public abstract class SSLEngineTest { clientCtxBuilder.protocols(SslProtocols.TLS_v1_2); } - setupHandlers(wrapContext(serverCtxBuilder.build()), wrapContext(clientCtxBuilder.build())); + setupHandlers(param.type(), param.delegate(), + wrapContext(param, serverCtxBuilder.build()), wrapContext(param, clientCtxBuilder.build())); } finally { ssc.delete(); } } - protected void setupHandlers(SslContext serverCtx, SslContext clientCtx) + protected void setupHandlers(final BufferType type, final boolean delegate, + SslContext serverCtx, SslContext clientCtx) throws InterruptedException, SSLException, CertificateException { - serverSslCtx = serverCtx; clientSslCtx = clientCtx; @@ -1743,7 +1827,7 @@ public abstract class SSLEngineTest { ChannelPipeline p = ch.pipeline(); - SslHandler sslHandler = delegatingExecutor == null ? + SslHandler sslHandler = !delegate ? serverSslCtx.newHandler(ch.alloc()) : serverSslCtx.newHandler(ch.alloc(), delegatingExecutor); @@ -1773,7 +1857,7 @@ public abstract class SSLEngineTest { ChannelPipeline p = ch.pipeline(); - SslHandler sslHandler = delegatingExecutor == null ? + SslHandler sslHandler = !delegate ? clientSslCtx.newHandler(ch.alloc()) : clientSslCtx.newHandler(ch.alloc(), delegatingExecutor); @@ -1805,17 +1889,19 @@ public abstract class SSLEngineTest { clientChannel = ccf.channel(); } - @Test(timeout = 30000) - public void testMutualAuthSameCertChain() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + @Timeout(30) + public void testMutualAuthSameCertChain(final SSLEngineTestParam param) throws Exception { SelfSignedCertificate serverCert = new SelfSignedCertificate(); SelfSignedCertificate clientCert = new SelfSignedCertificate(); serverSslCtx = - wrapContext(SslContextBuilder.forServer(serverCert.certificate(), serverCert.privateKey()) + wrapContext(param, SslContextBuilder.forServer(serverCert.certificate(), serverCert.privateKey()) .trustManager(clientCert.cert()) .clientAuth(ClientAuth.REQUIRE).sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()).build()); + .protocols(param.protocols()) + .ciphers(param.ciphers()).build()); sb = new ServerBootstrap(); sb.group(new NioEventLoopGroup(), new NioEventLoopGroup()); @@ -1825,9 +1911,9 @@ public abstract class SSLEngineTest { serverChannel = sb.childHandler(new ChannelInitializer() { @Override protected void initChannel(Channel ch) throws Exception { - ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type)); + ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type())); - SslHandler sslHandler = delegatingExecutor == null ? + SslHandler sslHandler = !param.delegate ? serverSslCtx.newHandler(ch.alloc()) : serverSslCtx.newHandler(ch.alloc(), delegatingExecutor); @@ -1892,20 +1978,20 @@ public abstract class SSLEngineTest { chainStream.write(Files.readAllBytes(serverCert.certificate().toPath())); clientSslCtx = - wrapContext(SslContextBuilder.forClient().keyManager( + wrapContext(param, SslContextBuilder.forClient().keyManager( new ByteArrayInputStream(chainStream.toByteArray()), new FileInputStream(clientCert.privateKey())) .trustManager(new FileInputStream(serverCert.certificate())) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()).ciphers(ciphers()).build()); + .protocols(param.protocols()).ciphers(param.ciphers()).build()); cb = new Bootstrap(); cb.group(new NioEventLoopGroup()); cb.channel(NioSocketChannel.class); clientChannel = cb.handler(new ChannelInitializer() { @Override protected void initChannel(Channel ch) throws Exception { - ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type)); + ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type())); ch.pipeline().addLast(new SslHandler(wrapEngine(clientSslCtx.newEngine(ch.alloc())))); } @@ -1917,35 +2003,37 @@ public abstract class SSLEngineTest { clientCert.delete(); } - @Test - public void testUnwrapBehavior() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testUnwrapBehavior(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); byte[] bytes = "Hello World".getBytes(CharsetUtil.US_ASCII); try { - ByteBuffer plainClientOut = allocateBuffer(client.getSession().getApplicationBufferSize()); - ByteBuffer encryptedClientToServer = allocateBuffer(server.getSession().getPacketBufferSize() * 2); - ByteBuffer plainServerIn = allocateBuffer(server.getSession().getApplicationBufferSize()); + ByteBuffer plainClientOut = allocateBuffer(param.type, client.getSession().getApplicationBufferSize()); + ByteBuffer encryptedClientToServer = allocateBuffer( + param.type, server.getSession().getPacketBufferSize() * 2); + ByteBuffer plainServerIn = allocateBuffer(param.type, server.getSession().getApplicationBufferSize()); - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); // create two TLS frames @@ -1975,7 +2063,7 @@ public abstract class SSLEngineTest { // try with too small output buffer first (to check BUFFER_OVERFLOW case) int remaining = encryptedClientToServer.remaining(); - ByteBuffer small = allocateBuffer(3); + ByteBuffer small = allocateBuffer(param.type, 3); result = server.unwrap(encryptedClientToServer, small); assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus()); assertEquals(remaining, encryptedClientToServer.remaining()); @@ -2002,20 +2090,24 @@ public abstract class SSLEngineTest { } } - @Test - public void testProtocolMatch() throws Exception { - testProtocol(new String[] {"TLSv1.2"}, new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}); + @MethodSource("newTestParams") + @ParameterizedTest + public void testProtocolMatch(SSLEngineTestParam param) throws Exception { + testProtocol(param, false, new String[] {"TLSv1.2"}, new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}); } - @Test(expected = SSLHandshakeException.class) - public void testProtocolNoMatch() throws Exception { - testProtocol(new String[] {"TLSv1.2"}, new String[] {"TLSv1", "TLSv1.1"}); + @MethodSource("newTestParams") + @ParameterizedTest + public void testProtocolNoMatch(SSLEngineTestParam param) throws Exception { + testProtocol(param, true, new String[] {"TLSv1.2"}, new String[] {"TLSv1", "TLSv1.1"}); } - private void testProtocol(String[] clientProtocols, String[] serverProtocols) throws Exception { + private void testProtocol(final SSLEngineTestParam param, boolean handshakeFails, + String[] clientProtocols, String[] serverProtocols) + throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) @@ -2023,7 +2115,7 @@ public abstract class SSLEngineTest { .build()); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .protocols(serverProtocols) @@ -2031,7 +2123,18 @@ public abstract class SSLEngineTest { SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { - handshake(client, server); + if (handshakeFails) { + final SSLEngine clientEngine = client; + final SSLEngine serverEngine = server; + assertThrows(SSLHandshakeException.class, new Executable() { + @Override + public void execute() throws Throwable { + handshake(param.type(), param.delegate(), clientEngine, serverEngine); + } + }); + } else { + handshake(param.type(), param.delegate(), client, server); + } } finally { cleanupClientSslEngine(client); cleanupServerSslEngine(server); @@ -2048,13 +2151,15 @@ public abstract class SSLEngineTest { return new String[] {SslProtocols.TLS_v1_2, SslProtocols.TLS_v1}; } - @Test - public void testHandshakeCompletesWithNonContiguousProtocolsTLSv1_2CipherOnly() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testHandshakeCompletesWithNonContiguousProtocolsTLSv1_2CipherOnly(SSLEngineTestParam param) + throws Exception { SelfSignedCertificate ssc = new SelfSignedCertificate(); // Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail // due to no shared/supported cipher. final String sharedCipher = "TLS_RSA_WITH_AES_128_CBC_SHA"; - clientSslCtx = wrapContext(SslContextBuilder.forClient() + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .ciphers(Collections.singletonList(sharedCipher)) .protocols(nonContiguousProtocols(sslClientProvider())) @@ -2062,7 +2167,7 @@ public abstract class SSLEngineTest { .sslProvider(sslClientProvider()) .build()); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .ciphers(Collections.singletonList(sharedCipher)) .protocols(nonContiguousProtocols(sslServerProvider())) .sslContextProvider(serverSslContextProvider()) @@ -2073,7 +2178,7 @@ public abstract class SSLEngineTest { try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); } finally { cleanupClientSslEngine(clientEngine); cleanupServerSslEngine(serverEngine); @@ -2081,13 +2186,14 @@ public abstract class SSLEngineTest { } } - @Test - public void testHandshakeCompletesWithoutFilteringSupportedCipher() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testHandshakeCompletesWithoutFilteringSupportedCipher(SSLEngineTestParam param) throws Exception { SelfSignedCertificate ssc = new SelfSignedCertificate(); // Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail // due to no shared/supported cipher. final String sharedCipher = "TLS_RSA_WITH_AES_128_CBC_SHA"; - clientSslCtx = wrapContext(SslContextBuilder.forClient() + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .ciphers(Collections.singletonList(sharedCipher), SupportedCipherSuiteFilter.INSTANCE) .protocols(nonContiguousProtocols(sslClientProvider())) @@ -2095,7 +2201,7 @@ public abstract class SSLEngineTest { .sslProvider(sslClientProvider()) .build()); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .ciphers(Collections.singletonList(sharedCipher), SupportedCipherSuiteFilter.INSTANCE) .protocols(nonContiguousProtocols(sslServerProvider())) .sslContextProvider(serverSslContextProvider()) @@ -2106,7 +2212,7 @@ public abstract class SSLEngineTest { try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); } finally { cleanupClientSslEngine(clientEngine); cleanupServerSslEngine(serverEngine); @@ -2114,40 +2220,43 @@ public abstract class SSLEngineTest { } } - @Test - public void testPacketBufferSizeLimit() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testPacketBufferSizeLimit(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslContextProvider(clientSslContextProvider()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { // Allocate an buffer that is bigger then the max plain record size. - ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize() * 2); + ByteBuffer plainServerOut = allocateBuffer( + param.type(), server.getSession().getApplicationBufferSize() * 2); - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); // Fill the whole buffer and flip it. plainServerOut.position(plainServerOut.capacity()); plainServerOut.flip(); - ByteBuffer encryptedServerToClient = allocateBuffer(server.getSession().getPacketBufferSize()); + ByteBuffer encryptedServerToClient = allocateBuffer( + param.type(), server.getSession().getPacketBufferSize()); int encryptedServerToClientPos = encryptedServerToClient.position(); int plainServerOutPos = plainServerOut.position(); @@ -2162,45 +2271,47 @@ public abstract class SSLEngineTest { } } - @Test - public void testSSLEngineUnwrapNoSslRecord() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder + @MethodSource("newTestParams") + @ParameterizedTest + public void testSSLEngineUnwrapNoSslRecord(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .sslContextProvider(clientSslContextProvider()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); - SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); + final SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { - ByteBuffer src = allocateBuffer(client.getSession().getApplicationBufferSize()); - ByteBuffer dst = allocateBuffer(client.getSession().getPacketBufferSize()); - ByteBuffer empty = allocateBuffer(0); + final ByteBuffer src = allocateBuffer(param.type(), client.getSession().getApplicationBufferSize()); + final ByteBuffer dst = allocateBuffer(param.type(), client.getSession().getPacketBufferSize()); + ByteBuffer empty = allocateBuffer(param.type(), 0); SSLEngineResult clientResult = client.wrap(empty, dst); assertEquals(SSLEngineResult.Status.OK, clientResult.getStatus()); assertEquals(SSLEngineResult.HandshakeStatus.NEED_UNWRAP, clientResult.getHandshakeStatus()); - try { - client.unwrap(src, dst); - fail(); - } catch (SSLException expected) { - // expected - } + assertThrows(SSLException.class, new Executable() { + @Override + public void execute() throws Throwable { + client.unwrap(src, dst); + } + }); } finally { cleanupClientSslEngine(client); } } - @Test - public void testBeginHandshakeAfterEngineClosed() throws SSLException { - clientSslCtx = wrapContext(SslContextBuilder + @MethodSource("newTestParams") + @ParameterizedTest + public void testBeginHandshakeAfterEngineClosed(SSLEngineTestParam param) throws SSLException { + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .sslContextProvider(clientSslContextProvider()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); @@ -2224,31 +2335,32 @@ public abstract class SSLEngineTest { } } - @Test - public void testBeginHandshakeCloseOutbound() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testBeginHandshakeCloseOutbound(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .sslContextProvider(clientSslContextProvider()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { - testBeginHandshakeCloseOutbound(client); - testBeginHandshakeCloseOutbound(server); + testBeginHandshakeCloseOutbound(param, client); + testBeginHandshakeCloseOutbound(param, server); } finally { cleanupClientSslEngine(client); cleanupServerSslEngine(server); @@ -2256,9 +2368,9 @@ public abstract class SSLEngineTest { } } - private void testBeginHandshakeCloseOutbound(SSLEngine engine) throws SSLException { - ByteBuffer dst = allocateBuffer(engine.getSession().getPacketBufferSize()); - ByteBuffer empty = allocateBuffer(0); + private void testBeginHandshakeCloseOutbound(SSLEngineTestParam param, SSLEngine engine) throws SSLException { + ByteBuffer dst = allocateBuffer(param.type(), engine.getSession().getPacketBufferSize()); + ByteBuffer empty = allocateBuffer(param.type(), 0); engine.beginHandshake(); engine.closeOutbound(); @@ -2277,25 +2389,26 @@ public abstract class SSLEngineTest { assertEquals(SSLEngineResult.Status.CLOSED, result.getStatus()); } - @Test - public void testCloseInboundAfterBeginHandshake() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testCloseInboundAfterBeginHandshake(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .sslContextProvider(clientSslContextProvider()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); @@ -2323,11 +2436,12 @@ public abstract class SSLEngineTest { } } - @Test - public void testCloseNotifySequence() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testCloseNotifySequence(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslContextProvider(clientSslContextProvider()) @@ -2337,7 +2451,7 @@ public abstract class SSLEngineTest { .build()); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) @@ -2347,14 +2461,16 @@ public abstract class SSLEngineTest { SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { - ByteBuffer plainClientOut = allocateBuffer(client.getSession().getApplicationBufferSize()); - ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize()); + ByteBuffer plainClientOut = allocateBuffer(param.type(), client.getSession().getApplicationBufferSize()); + ByteBuffer plainServerOut = allocateBuffer(param.type(), server.getSession().getApplicationBufferSize()); - ByteBuffer encryptedClientToServer = allocateBuffer(client.getSession().getPacketBufferSize()); - ByteBuffer encryptedServerToClient = allocateBuffer(server.getSession().getPacketBufferSize()); - ByteBuffer empty = allocateBuffer(0); + ByteBuffer encryptedClientToServer = + allocateBuffer(param.type(), client.getSession().getPacketBufferSize()); + ByteBuffer encryptedServerToClient = + allocateBuffer(param.type(), server.getSession().getPacketBufferSize()); + ByteBuffer empty = allocateBuffer(param.type(), 0); - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); // This will produce a close_notify client.closeOutbound(); @@ -2478,34 +2594,35 @@ public abstract class SSLEngineTest { assertEquals(0, result.bytesProduced()); } - @Test - public void testWrapAfterCloseOutbound() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testWrapAfterCloseOutbound(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { - ByteBuffer dst = allocateBuffer(client.getSession().getPacketBufferSize()); - ByteBuffer src = allocateBuffer(1024); + ByteBuffer dst = allocateBuffer(param.type(), client.getSession().getPacketBufferSize()); + ByteBuffer src = allocateBuffer(param.type(), 1024); - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); // This will produce a close_notify client.closeOutbound(); @@ -2523,44 +2640,45 @@ public abstract class SSLEngineTest { } } - @Test - public void testMultipleRecordsInOneBufferWithNonZeroPosition() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testMultipleRecordsInOneBufferWithNonZeroPosition(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslContextProvider(clientSslContextProvider()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { // Choose buffer size small enough that we can put multiple buffers into one buffer and pass it into the // unwrap call without exceed MAX_ENCRYPTED_PACKET_LENGTH. - ByteBuffer plainClientOut = allocateBuffer(1024); - ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize()); + ByteBuffer plainClientOut = allocateBuffer(param.type(), 1024); + ByteBuffer plainServerOut = allocateBuffer(param.type(), server.getSession().getApplicationBufferSize()); - ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize()); + ByteBuffer encClientToServer = allocateBuffer(param.type(), client.getSession().getPacketBufferSize()); int positionOffset = 1; // We need to be able to hold 2 records + positionOffset ByteBuffer combinedEncClientToServer = allocateBuffer( - encClientToServer.capacity() * 2 + positionOffset); + param.type(), encClientToServer.capacity() * 2 + positionOffset); combinedEncClientToServer.position(positionOffset); - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); plainClientOut.limit(plainClientOut.capacity()); SSLEngineResult result = client.wrap(plainClientOut, encClientToServer); @@ -2604,36 +2722,37 @@ public abstract class SSLEngineTest { } } - @Test - public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslContextProvider(clientSslContextProvider()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { - ByteBuffer plainClientOut = allocateBuffer(4096); - ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize()); + ByteBuffer plainClientOut = allocateBuffer(param.type(), 4096); + ByteBuffer plainServerOut = allocateBuffer(param.type(), server.getSession().getApplicationBufferSize()); - ByteBuffer encClientToServer = allocateBuffer(server.getSession().getPacketBufferSize() * 2); + ByteBuffer encClientToServer = allocateBuffer(param.type(), server.getSession().getPacketBufferSize() * 2); - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); int srcLen = plainClientOut.remaining(); SSLEngineResult result; @@ -2674,37 +2793,38 @@ public abstract class SSLEngineTest { } } - @Test - public void testBufferUnderFlow() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testBufferUnderFlow(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslContextProvider(clientSslContextProvider()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { - ByteBuffer plainClient = allocateBuffer(1024); + ByteBuffer plainClient = allocateBuffer(param.type(), 1024); plainClient.limit(plainClient.capacity()); - ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize()); - ByteBuffer plainServer = allocateBuffer(server.getSession().getApplicationBufferSize()); + ByteBuffer encClientToServer = allocateBuffer(param.type(), client.getSession().getPacketBufferSize()); + ByteBuffer plainServer = allocateBuffer(param.type(), server.getSession().getApplicationBufferSize()); - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); SSLEngineResult result = client.wrap(plainClient, encClientToServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); @@ -2751,33 +2871,35 @@ public abstract class SSLEngineTest { assertEquals(0, result.bytesProduced()); } - @Test - public void testWrapDoesNotZeroOutSrc() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testWrapDoesNotZeroOutSrc(SSLEngineTestParam param) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(cert.cert()) .sslContextProvider(clientSslContextProvider()) .sslProvider(sslClientProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { - ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize() / 2); + ByteBuffer plainServerOut = + allocateBuffer(param.type(), server.getSession().getApplicationBufferSize() / 2); - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); // Fill the whole buffer and flip it. for (int i = 0; i < plainServerOut.capacity(); i++) { @@ -2786,7 +2908,8 @@ public abstract class SSLEngineTest { plainServerOut.position(plainServerOut.capacity()); plainServerOut.flip(); - ByteBuffer encryptedServerToClient = allocateBuffer(server.getSession().getPacketBufferSize()); + ByteBuffer encryptedServerToClient = + allocateBuffer(param.type(), server.getSession().getPacketBufferSize()); SSLEngineResult result = server.wrap(plainServerOut, encryptedServerToClient); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertTrue(result.bytesConsumed() > 0); @@ -2801,26 +2924,29 @@ public abstract class SSLEngineTest { } } - @Test - public void testDisableProtocols() throws Exception { - testDisableProtocols(SslProtocols.SSL_v2, SslProtocols.SSL_v2); - testDisableProtocols(SslProtocols.SSL_v3, SslProtocols.SSL_v2, SslProtocols.SSL_v3); - testDisableProtocols(SslProtocols.TLS_v1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1); - testDisableProtocols(SslProtocols.TLS_v1_1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1, - SslProtocols.TLS_v1_1); - testDisableProtocols(SslProtocols.TLS_v1_2, SslProtocols.SSL_v2, + @MethodSource("newTestParams") + @ParameterizedTest + public void testDisableProtocols(SSLEngineTestParam param) throws Exception { + testDisableProtocols(param, SslProtocols.SSL_v2, SslProtocols.SSL_v2); + testDisableProtocols(param, SslProtocols.SSL_v3, SslProtocols.SSL_v2, SslProtocols.SSL_v3); + testDisableProtocols(param, SslProtocols.TLS_v1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1); + testDisableProtocols(param, + SslProtocols.TLS_v1_1, SslProtocols.SSL_v2, SslProtocols.SSL_v3, + SslProtocols.TLS_v1, SslProtocols.TLS_v1_1); + testDisableProtocols(param, SslProtocols.TLS_v1_2, SslProtocols.SSL_v2, SslProtocols.SSL_v3, SslProtocols.TLS_v1, SslProtocols.TLS_v1_1, SslProtocols.TLS_v1_2); } - private void testDisableProtocols(String protocol, String... disabledProtocols) throws Exception { + private void testDisableProtocols(SSLEngineTestParam param, + String protocol, String... disabledProtocols) throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); - SslContext ctx = wrapContext(SslContextBuilder + SslContext ctx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine server = wrapEngine(ctx.newEngine(UnpooledByteBufAllocator.DEFAULT)); @@ -2848,14 +2974,15 @@ public abstract class SSLEngineTest { } } - @Test - public void testUsingX509TrustManagerVerifiesHostname() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testUsingX509TrustManagerVerifiesHostname(SSLEngineTestParam param) throws Exception { if (clientSslContextProvider() != null) { // Not supported when using conscrypt return; } SelfSignedCertificate cert = new SelfSignedCertificate(); - clientSslCtx = wrapContext(SslContextBuilder + clientSslCtx = wrapContext(param, SslContextBuilder .forClient() .trustManager(new TrustManagerFactory(new TrustManagerFactorySpi() { @Override @@ -2901,7 +3028,7 @@ public abstract class SSLEngineTest { sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); client.setSSLParameters(sslParameters); - serverSslCtx = wrapContext(SslContextBuilder + serverSslCtx = wrapContext(param, SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) @@ -2909,7 +3036,7 @@ public abstract class SSLEngineTest { SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); try { - handshake(client, server); + handshake(param.type(), param.delegate(), client, server); fail(); } catch (SSLException expected) { // expected as the hostname not matches. @@ -2928,7 +3055,7 @@ public abstract class SSLEngineTest { cipherList.add("InvalidCipher"); SSLEngine server = null; try { - serverSslCtx = wrapContext(SslContextBuilder.forServer(cert.key(), cert.cert()) + serverSslCtx = wrapContext(null, SslContextBuilder.forServer(cert.key(), cert.cert()) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) .ciphers(cipherList).build()); @@ -2944,34 +3071,35 @@ public abstract class SSLEngineTest { } } - @Test - public void testGetCiphersuite() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testGetCiphersuite(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); String clientCipher = clientEngine.getSession().getCipherSuite(); String serverCipher = serverEngine.getSession().getCipherSuite(); assertEquals(clientCipher, serverCipher); - assertEquals(protocolCipherCombo.cipher, clientCipher); + assertEquals(param.protocolCipherCombo.cipher, clientCipher); } finally { cleanupClientSslEngine(clientEngine); cleanupServerSslEngine(serverEngine); @@ -2979,27 +3107,28 @@ public abstract class SSLEngineTest { } } - @Test - public void testSessionCache() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testSessionCache(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); try { - doHandshakeVerifyReusedAndClose("a.netty.io", 9999, false); - doHandshakeVerifyReusedAndClose("a.netty.io", 9999, true); - doHandshakeVerifyReusedAndClose("b.netty.io", 9999, false); + doHandshakeVerifyReusedAndClose(param, "a.netty.io", 9999, false); + doHandshakeVerifyReusedAndClose(param, "a.netty.io", 9999, true); + doHandshakeVerifyReusedAndClose(param, "b.netty.io", 9999, false); invalidateSessionsAndAssert(serverSslCtx.sessionContext()); invalidateSessionsAndAssert(clientSslCtx.sessionContext()); } finally { @@ -3033,24 +3162,24 @@ public abstract class SSLEngineTest { assertEquals(numSessions, numIds); } - private void doHandshakeVerifyReusedAndClose(String host, int port, boolean reuse) + private void doHandshakeVerifyReusedAndClose(SSLEngineTestParam param, String host, int port, boolean reuse) throws Exception { SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT, host, port)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); int clientSessions = currentSessionCacheSize(clientSslCtx.sessionContext()); int serverSessions = currentSessionCacheSize(serverSslCtx.sessionContext()); int nCSessions = clientSessions; int nSSessions = serverSessions; boolean clientSessionReused = false; boolean serverSessionReused = false; - if (protocolCipherCombo == ProtocolCipherCombo.TLSV13) { + if (param.protocolCipherCombo == ProtocolCipherCombo.TLSV13) { // Allocate something which is big enough for sure - ByteBuffer packetBuffer = allocateBuffer(32 * 1024); - ByteBuffer appBuffer = allocateBuffer(32 * 1024); + ByteBuffer packetBuffer = allocateBuffer(param.type(), 32 * 1024); + ByteBuffer appBuffer = allocateBuffer(param.type(), 32 * 1024); appBuffer.clear().position(4).flip(); packetBuffer.clear(); @@ -3096,7 +3225,7 @@ public abstract class SSLEngineTest { assertSessionReusedForEngine(clientEngine, serverEngine, reuse); - closeOutboundAndInbound(clientEngine, serverEngine); + closeOutboundAndInbound(param.type(), clientEngine, serverEngine); } finally { cleanupClientSslEngine(clientEngine); cleanupServerSslEngine(serverEngine); @@ -3117,20 +3246,21 @@ public abstract class SSLEngineTest { return i; } - private void closeOutboundAndInbound(SSLEngine clientEngine, SSLEngine serverEngine) throws SSLException { + private void closeOutboundAndInbound( + BufferType type, SSLEngine clientEngine, SSLEngine serverEngine) throws SSLException { assertFalse(clientEngine.isInboundDone()); assertFalse(clientEngine.isOutboundDone()); assertFalse(serverEngine.isInboundDone()); assertFalse(serverEngine.isOutboundDone()); - ByteBuffer empty = allocateBuffer(0); + ByteBuffer empty = allocateBuffer(type, 0); // Ensure we allocate a bit more so we can fit in multiple packets. This is needed as we may call multiple // time wrap / unwrap in a for loop before we drain the buffer we are writing in. - ByteBuffer cTOs = allocateBuffer(clientEngine.getSession().getPacketBufferSize() * 4); - ByteBuffer sTOs = allocateBuffer(serverEngine.getSession().getPacketBufferSize() * 4); - ByteBuffer cApps = allocateBuffer(clientEngine.getSession().getApplicationBufferSize() * 4); - ByteBuffer sApps = allocateBuffer(serverEngine.getSession().getApplicationBufferSize() * 4); + ByteBuffer cTOs = allocateBuffer(type, clientEngine.getSession().getPacketBufferSize() * 4); + ByteBuffer sTOs = allocateBuffer(type, serverEngine.getSession().getPacketBufferSize() * 4); + ByteBuffer cApps = allocateBuffer(type, clientEngine.getSession().getApplicationBufferSize() * 4); + ByteBuffer sApps = allocateBuffer(type, serverEngine.getSession().getApplicationBufferSize() * 4); clientEngine.closeOutbound(); for (;;) { @@ -3181,27 +3311,28 @@ public abstract class SSLEngineTest { // NOOP } - @Test - public void testSessionCacheTimeout() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .sessionTimeout(1) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .sessionTimeout(1) .build()); try { - doHandshakeVerifyReusedAndClose("a.netty.io", 9999, false); + doHandshakeVerifyReusedAndClose(param, "a.netty.io", 9999, false); // Let's sleep for a bit more then 1 second so the cache should timeout the sessions. Thread.sleep(1500); @@ -3213,58 +3344,60 @@ public abstract class SSLEngineTest { } } - @Test - public void testSessionCacheSize() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testSessionCacheSize(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .sessionCacheSize(1) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); try { - doHandshakeVerifyReusedAndClose("a.netty.io", 9999, false); + doHandshakeVerifyReusedAndClose(param, "a.netty.io", 9999, false); // As we have a cache size of 1 we should never have more then one session in the cache - doHandshakeVerifyReusedAndClose("b.netty.io", 9999, false); + doHandshakeVerifyReusedAndClose(param, "b.netty.io", 9999, false); // We should at least reuse b.netty.io - doHandshakeVerifyReusedAndClose("b.netty.io", 9999, true); + doHandshakeVerifyReusedAndClose(param, "b.netty.io", 9999, true); } finally { ssc.delete(); } } - @Test - public void testSessionBindingEvent() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testSessionBindingEvent(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); SSLSession session = clientEngine.getSession(); assertEquals(0, session.getValueNames().length); @@ -3323,27 +3456,32 @@ public abstract class SSLEngineTest { assertEquals(session, event.getSource()); } - @Test - public void testSessionAfterHandshake() throws Exception { - testSessionAfterHandshake0(false, false); + @MethodSource("newTestParams") + @ParameterizedTest + public void testSessionAfterHandshake(SSLEngineTestParam param) throws Exception { + testSessionAfterHandshake0(param, false, false); } - @Test - public void testSessionAfterHandshakeMutualAuth() throws Exception { - testSessionAfterHandshake0(false, true); + @MethodSource("newTestParams") + @ParameterizedTest + public void testSessionAfterHandshakeMutualAuth(SSLEngineTestParam param) throws Exception { + testSessionAfterHandshake0(param, false, true); } - @Test - public void testSessionAfterHandshakeKeyManagerFactory() throws Exception { - testSessionAfterHandshake0(true, false); + @MethodSource("newTestParams") + @ParameterizedTest + public void testSessionAfterHandshakeKeyManagerFactory(SSLEngineTestParam param) throws Exception { + testSessionAfterHandshake0(param, true, false); } - @Test - public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception { - testSessionAfterHandshake0(true, true); + @MethodSource("newTestParams") + @ParameterizedTest + public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception { + testSessionAfterHandshake0(param, true, true); } - private void testSessionAfterHandshake0(boolean useKeyManagerFactory, boolean mutualAuth) throws Exception { + private void testSessionAfterHandshake0( + SSLEngineTestParam param, boolean useKeyManagerFactory, boolean mutualAuth) throws Exception { SelfSignedCertificate ssc = new SelfSignedCertificate(); KeyManagerFactory kmf = useKeyManagerFactory ? SslContext.buildKeyManagerFactory( @@ -3358,12 +3496,12 @@ public abstract class SSLEngineTest { clientContextBuilder.keyManager(ssc.key(), ssc.cert()); } } - clientSslCtx = wrapContext(clientContextBuilder + clientSslCtx = wrapContext(param, clientContextBuilder .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SslContextBuilder serverContextBuilder = kmf != null ? @@ -3372,11 +3510,11 @@ public abstract class SSLEngineTest { if (mutualAuth) { serverContextBuilder.clientAuth(ClientAuth.REQUIRE); } - serverSslCtx = wrapContext(serverContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE) + serverSslCtx = wrapContext(param, serverContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; SSLEngine serverEngine = null; @@ -3384,7 +3522,7 @@ public abstract class SSLEngineTest { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); SSLSession clientSession = clientEngine.getSession(); SSLSession serverSession = serverEngine.getSession(); @@ -3400,11 +3538,11 @@ public abstract class SSLEngineTest { assertTrue(clientSession.getLastAccessedTime() > 0); assertTrue(serverSession.getLastAccessedTime() > 0); - assertEquals(protocolCipherCombo.protocol, clientSession.getProtocol()); - assertEquals(protocolCipherCombo.protocol, serverSession.getProtocol()); + assertEquals(param.combo().protocol, clientSession.getProtocol()); + assertEquals(param.combo().protocol, serverSession.getProtocol()); - assertEquals(protocolCipherCombo.cipher, clientSession.getCipherSuite()); - assertEquals(protocolCipherCombo.cipher, serverSession.getCipherSuite()); + assertEquals(param.combo().cipher, clientSession.getCipherSuite()); + assertEquals(param.combo().cipher, serverSession.getCipherSuite()); assertNotNull(clientSession.getId()); assertNotNull(serverSession.getId()); @@ -3519,8 +3657,9 @@ public abstract class SSLEngineTest { } } - @Test - public void testSupportedSignatureAlgorithms() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception { final SelfSignedCertificate ssc = new SelfSignedCertificate(); final class TestKeyManagerFactory extends KeyManagerFactory { @@ -3610,21 +3749,22 @@ public abstract class SSLEngineTest { } } - clientSslCtx = wrapContext(SslContextBuilder.forClient() + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .keyManager(new TestKeyManagerFactory(newKeyManagerFactory(ssc))) .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); - serverSslCtx = wrapContext(SslContextBuilder.forServer(new TestKeyManagerFactory(newKeyManagerFactory(ssc))) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer( + new TestKeyManagerFactory(newKeyManagerFactory(ssc))) .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslContextProvider(serverSslContextProvider()) .sslProvider(sslServerProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .clientAuth(ClientAuth.REQUIRE) .build()); SSLEngine clientEngine = null; @@ -3632,7 +3772,7 @@ public abstract class SSLEngineTest { try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); } finally { cleanupClientSslEngine(clientEngine); cleanupServerSslEngine(serverEngine); @@ -3640,14 +3780,15 @@ public abstract class SSLEngineTest { } } - @Test - public void testHandshakeSession() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testHandshakeSession(SSLEngineTestParam param) throws Exception { final SelfSignedCertificate ssc = new SelfSignedCertificate(); final TestTrustManagerFactory clientTmf = new TestTrustManagerFactory(ssc.cert()); final TestTrustManagerFactory serverTmf = new TestTrustManagerFactory(ssc.cert()); - clientSslCtx = wrapContext(SslContextBuilder.forClient() + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(new SimpleTrustManagerFactory() { @Override protected void engineInit(KeyStore keyStore) { @@ -3667,10 +3808,10 @@ public abstract class SSLEngineTest { .keyManager(newKeyManagerFactory(ssc)) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); - serverSslCtx = wrapContext(SslContextBuilder.forServer(newKeyManagerFactory(ssc)) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(newKeyManagerFactory(ssc)) .trustManager(new SimpleTrustManagerFactory() { @Override protected void engineInit(KeyStore keyStore) { @@ -3689,8 +3830,8 @@ public abstract class SSLEngineTest { }) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .clientAuth(ClientAuth.REQUIRE) .build()); SSLEngine clientEngine = null; @@ -3698,7 +3839,7 @@ public abstract class SSLEngineTest { try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); assertTrue(clientTmf.isVerified()); assertTrue(serverTmf.isVerified()); @@ -3709,32 +3850,34 @@ public abstract class SSLEngineTest { } } - @Test - public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception { - testSessionLocalWhenNonMutual(true); + @MethodSource("newTestParams") + @ParameterizedTest + public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception { + testSessionLocalWhenNonMutual(param, true); } - @Test - public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception { - testSessionLocalWhenNonMutual(false); + @MethodSource("newTestParams") + @ParameterizedTest + public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception { + testSessionLocalWhenNonMutual(param, false); } - private void testSessionLocalWhenNonMutual(boolean useKeyManager) throws Exception { + private void testSessionLocalWhenNonMutual(SSLEngineTestParam param, boolean useKeyManager) throws Exception { final SelfSignedCertificate ssc = new SelfSignedCertificate(); SslContextBuilder clientSslCtxBuilder = SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()); + .protocols(param.protocols()) + .ciphers(param.ciphers()); if (useKeyManager) { clientSslCtxBuilder.keyManager(newKeyManagerFactory(ssc)); } else { clientSslCtxBuilder.keyManager(ssc.certificate(), ssc.privateKey()); } - clientSslCtx = wrapContext(clientSslCtxBuilder.build()); + clientSslCtx = wrapContext(param, clientSslCtxBuilder.build()); final SslContextBuilder serverSslCtxBuilder; if (useKeyManager) { @@ -3745,17 +3888,17 @@ public abstract class SSLEngineTest { serverSslCtxBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .clientAuth(ClientAuth.NONE); - serverSslCtx = wrapContext(serverSslCtxBuilder.build()); + serverSslCtx = wrapContext(param, serverSslCtxBuilder.build()); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); SSLSession clientSession = clientEngine.getSession(); assertNull(clientSession.getLocalCertificates()); @@ -3771,28 +3914,29 @@ public abstract class SSLEngineTest { } } - @Test - public void testEnabledProtocolsAndCiphers() throws Exception { - clientSslCtx = wrapContext(SslContextBuilder.forClient() + @MethodSource("newTestParams") + @ParameterizedTest + public void testEnabledProtocolsAndCiphers(SSLEngineTestParam param) throws Exception { + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)); - handshake(clientEngine, serverEngine); + handshake(param.type(), param.delegate(), clientEngine, serverEngine); assertEnabledProtocolsAndCipherSuites(clientEngine); assertEnabledProtocolsAndCipherSuites(serverEngine); } finally { @@ -3819,31 +3963,32 @@ public abstract class SSLEngineTest { fail("Array did not contain '" + expected + "':" + Arrays.toString(array)); } - @Test - public void testMasterKeyLogging() throws Exception { - if (protocolCipherCombo != ProtocolCipherCombo.tlsv12()) { + @MethodSource("newTestParams") + @ParameterizedTest + public void testMasterKeyLogging(final SSLEngineTestParam param) throws Exception { + if (param.combo() != ProtocolCipherCombo.tlsv12()) { return; } /* * At the moment master key logging is not supported for conscrypt */ - Assume.assumeFalse(serverSslContextProvider() instanceof OpenSSLProvider); + assumeFalse(serverSslContextProvider() instanceof OpenSSLProvider); /* * The JDK SSL engine master key retrieval relies on being able to set field access to true. * That is not available in JDK9+ */ - Assume.assumeFalse(sslServerProvider() == SslProvider.JDK && PlatformDependent.javaVersion() > 8); + assumeFalse(sslServerProvider() == SslProvider.JDK && PlatformDependent.javaVersion() > 8); String originalSystemPropertyValue = SystemPropertyUtil.get(SslMasterKeyHandler.SYSTEM_PROP_KEY); System.setProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY, Boolean.TRUE.toString()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .protocols(protocols()) - .ciphers(ciphers()) + .protocols(param.protocols()) + .ciphers(param.ciphers()) .build()); Socket socket = null; @@ -3856,9 +4001,9 @@ public abstract class SSLEngineTest { serverChannel = sb.childHandler(new ChannelInitializer() { @Override protected void initChannel(Channel ch) { - ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type)); + ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type())); - SslHandler sslHandler = delegatingExecutor == null ? + SslHandler sslHandler = !param.delegate() ? serverSslCtx.newHandler(ch.alloc()) : serverSslCtx.newHandler(ch.alloc(), delegatingExecutor); @@ -3884,7 +4029,7 @@ public abstract class SSLEngineTest { assertTrue(promise.await(10, TimeUnit.SECONDS)); SecretKey key = promise.get(); - assertEquals("AES secret key must be 48 bytes", 48, key.getEncoded().length); + assertEquals(48, key.getEncoded().length, "AES secret key must be 48 bytes"); } finally { closeQuietly(socket); if (originalSystemPropertyValue != null) { @@ -3980,20 +4125,21 @@ public abstract class SSLEngineTest { } } - @Test - public void testDefaultProtocolsIncludeTLSv13() throws Exception { + @MethodSource("newTestParams") + @ParameterizedTest + public void testDefaultProtocolsIncludeTLSv13(SSLEngineTestParam param) throws Exception { // Don't specify the protocols as we want to test the default selection - clientSslCtx = wrapContext(SslContextBuilder.forClient() + clientSslCtx = wrapContext(param, SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) - .ciphers(ciphers()) + .ciphers(param.ciphers()) .build()); SelfSignedCertificate ssc = new SelfSignedCertificate(); - serverSslCtx = wrapContext(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) + serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) - .ciphers(ciphers()) + .ciphers(param.ciphers()) .build()); SSLEngine clientEngine = null; SSLEngine serverEngine = null; @@ -4020,15 +4166,7 @@ public abstract class SSLEngineTest { return engine; } - protected SslContext wrapContext(SslContext context) { + protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) { return context; } - - protected List ciphers() { - return Collections.singletonList(protocolCipherCombo.cipher); - } - - protected String[] protocols() { - return new String[] { protocolCipherCombo.protocol }; - } } diff --git a/handler/src/test/java/io/netty/handler/ssl/SniClientJava8TestUtil.java b/handler/src/test/java/io/netty/handler/ssl/SniClientJava8TestUtil.java index f809b116be..fc1b1342f7 100644 --- a/handler/src/test/java/io/netty/handler/ssl/SniClientJava8TestUtil.java +++ b/handler/src/test/java/io/netty/handler/ssl/SniClientJava8TestUtil.java @@ -34,7 +34,6 @@ import io.netty.util.ReferenceCountUtil; import io.netty.util.concurrent.Promise; import io.netty.util.internal.EmptyArrays; import io.netty.util.internal.ThrowableUtil; -import org.junit.Assert; import javax.net.ssl.ExtendedSSLSession; import javax.net.ssl.KeyManager; @@ -67,6 +66,11 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; + /** * In extra class to be able to run tests with java7 without trying to load classes that not exists in java7. */ @@ -171,17 +175,17 @@ final class SniClientJava8TestUtil { } private static void assertSSLSession(boolean clientSide, SSLSession session, SNIServerName name) { - Assert.assertNotNull(session); + assertNotNull(session); if (session instanceof ExtendedSSLSession) { ExtendedSSLSession extendedSSLSession = (ExtendedSSLSession) session; List names = extendedSSLSession.getRequestedServerNames(); - Assert.assertEquals(1, names.size()); - Assert.assertEquals(name, names.get(0)); - Assert.assertTrue(extendedSSLSession.getLocalSupportedSignatureAlgorithms().length > 0); + assertEquals(1, names.size()); + assertEquals(name, names.get(0)); + assertTrue(extendedSSLSession.getLocalSupportedSignatureAlgorithms().length > 0); if (clientSide) { - Assert.assertEquals(0, extendedSSLSession.getPeerSupportedSignatureAlgorithms().length); + assertEquals(0, extendedSSLSession.getPeerSupportedSignatureAlgorithms().length); } else { - Assert.assertTrue(extendedSSLSession.getPeerSupportedSignatureAlgorithms().length >= 0); + assertTrue(extendedSSLSession.getPeerSupportedSignatureAlgorithms().length >= 0); } } } @@ -214,19 +218,19 @@ final class SniClientJava8TestUtil { @Override public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException { - Assert.fail(); + fail(); } @Override public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException { - Assert.fail(); + fail(); } @Override public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException { - Assert.fail(); + fail(); } @Override @@ -238,13 +242,13 @@ final class SniClientJava8TestUtil { @Override public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { - Assert.fail(); + fail(); } @Override public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { - Assert.fail(); + fail(); } @Override diff --git a/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java b/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java index d640eadf6c..f13ed61141 100644 --- a/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java @@ -72,7 +72,7 @@ import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.nullValue; import static org.hamcrest.MatcherAssert.assertThat; -import static org.junit.Assume.assumeTrue; +import static org.junit.jupiter.api.Assumptions.assumeTrue; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotNull; diff --git a/handler/src/test/java/io/netty/handler/ssl/SslContextTest.java b/handler/src/test/java/io/netty/handler/ssl/SslContextTest.java index cc7b4f0a8a..884f2a8d2c 100644 --- a/handler/src/test/java/io/netty/handler/ssl/SslContextTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/SslContextTest.java @@ -31,7 +31,7 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLException; -import static org.junit.Assume.assumeNotNull; +import static org.junit.jupiter.api.Assumptions.assumeTrue; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; @@ -124,7 +124,7 @@ public abstract class SslContextTest { } catch (IllegalArgumentException e) { exception = e; } - assumeNotNull(exception); + assumeTrue(exception != null); File keyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem"); File crtFile = ResourcesUtil.getFile(getClass(), "test.crt"); diff --git a/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java b/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java index efe401d516..ad15c8a3ed 100644 --- a/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java @@ -103,7 +103,6 @@ import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertSame; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import static org.junit.jupiter.api.Assumptions.assumeFalse; import static org.junit.jupiter.api.Assumptions.assumeTrue;