Migrate the rest of the ssl package to junit5 (#11483)
Motivation: We should use junit5 everywhere. Modifications: - Refactor rest of tests to use junit5 Result: Part of https://github.com/netty/netty/issues/10757
This commit is contained in:
parent
2914134522
commit
e236e99006
@ -17,48 +17,28 @@ package io.netty.handler.ssl;
|
|||||||
|
|
||||||
import com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider;
|
import com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider;
|
||||||
import com.amazon.corretto.crypto.provider.SelfTestStatus;
|
import com.amazon.corretto.crypto.provider.SelfTestStatus;
|
||||||
import org.junit.After;
|
import org.junit.jupiter.api.AfterEach;
|
||||||
import org.junit.Assert;
|
import org.junit.jupiter.api.BeforeEach;
|
||||||
import org.junit.Before;
|
import org.junit.jupiter.api.Disabled;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.jupiter.api.condition.DisabledIf;
|
||||||
import org.junit.Ignore;
|
|
||||||
import org.junit.runner.RunWith;
|
|
||||||
import org.junit.runners.Parameterized;
|
|
||||||
|
|
||||||
import javax.crypto.Cipher;
|
import javax.crypto.Cipher;
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import static org.junit.Assume.assumeTrue;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||||
|
|
||||||
@RunWith(Parameterized.class)
|
|
||||||
|
@DisabledIf("checkIfAccpIsDisabled")
|
||||||
public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
|
public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
|
static boolean checkIfAccpIsDisabled() {
|
||||||
public static Collection<Object[]> data() {
|
return AmazonCorrettoCryptoProvider.INSTANCE.getLoadingError() != null ||
|
||||||
List<Object[]> params = new ArrayList<Object[]>();
|
!AmazonCorrettoCryptoProvider.INSTANCE.runSelfTests().equals(SelfTestStatus.PASSED);
|
||||||
for (BufferType type: BufferType.values()) {
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
|
|
||||||
|
|
||||||
if (SslProvider.isTlsv13Supported(SslProvider.JDK)) {
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true });
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false });
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return params;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public AmazonCorrettoSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) {
|
public AmazonCorrettoSslEngineTest() {
|
||||||
super(type, combo, delegate);
|
super(SslProvider.isTlsv13Supported(SslProvider.JDK));
|
||||||
}
|
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void checkAccp() {
|
|
||||||
assumeTrue(AmazonCorrettoCryptoProvider.INSTANCE.getLoadingError() == null &&
|
|
||||||
AmazonCorrettoCryptoProvider.INSTANCE.runSelfTests().equals(SelfTestStatus.PASSED));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -71,7 +51,7 @@ public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
|
|||||||
return SslProvider.JDK;
|
return SslProvider.JDK;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Before
|
@BeforeEach
|
||||||
@Override
|
@Override
|
||||||
public void setup() {
|
public void setup() {
|
||||||
// See https://github.com/corretto/amazon-corretto-crypto-provider/blob/develop/README.md#code
|
// See https://github.com/corretto/amazon-corretto-crypto-provider/blob/develop/README.md#code
|
||||||
@ -81,7 +61,7 @@ public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
|
|||||||
try {
|
try {
|
||||||
AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy();
|
AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy();
|
||||||
String providerName = Cipher.getInstance("AES/GCM/NoPadding").getProvider().getName();
|
String providerName = Cipher.getInstance("AES/GCM/NoPadding").getProvider().getName();
|
||||||
Assert.assertEquals(AmazonCorrettoCryptoProvider.PROVIDER_NAME, providerName);
|
assertEquals(AmazonCorrettoCryptoProvider.PROVIDER_NAME, providerName);
|
||||||
} catch (Throwable e) {
|
} catch (Throwable e) {
|
||||||
Security.removeProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME);
|
Security.removeProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME);
|
||||||
throw new AssertionError(e);
|
throw new AssertionError(e);
|
||||||
@ -89,24 +69,24 @@ public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
|
|||||||
super.setup();
|
super.setup();
|
||||||
}
|
}
|
||||||
|
|
||||||
@After
|
@AfterEach
|
||||||
@Override
|
@Override
|
||||||
public void tearDown() throws InterruptedException {
|
public void tearDown() throws InterruptedException {
|
||||||
super.tearDown();
|
super.tearDown();
|
||||||
|
|
||||||
// Remove the provider again and verify that it was removed
|
// Remove the provider again and verify that it was removed
|
||||||
Security.removeProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME);
|
Security.removeProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME);
|
||||||
Assert.assertNull(Security.getProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME));
|
assertNull(Security.getProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
@Disabled /* Does the JDK support a "max certificate chain length"? */
|
||||||
@Override
|
@Override
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() {
|
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
@Disabled /* Does the JDK support a "max certificate chain length"? */
|
||||||
@Override
|
@Override
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() {
|
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -16,39 +16,22 @@
|
|||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
import org.junit.BeforeClass;
|
|
||||||
import org.junit.Ignore;
|
|
||||||
|
|
||||||
import org.junit.runner.RunWith;
|
import org.junit.jupiter.api.Disabled;
|
||||||
import org.junit.runners.Parameterized;
|
import org.junit.jupiter.api.condition.DisabledIf;
|
||||||
|
|
||||||
import javax.net.ssl.SSLSessionContext;
|
import javax.net.ssl.SSLSessionContext;
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import static org.junit.Assume.assumeTrue;
|
|
||||||
|
|
||||||
@RunWith(Parameterized.class)
|
@DisabledIf("checkConscryptDisabled")
|
||||||
public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest {
|
public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest {
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
|
public ConscryptJdkSslEngineInteropTest() {
|
||||||
public static Collection<Object[]> data() {
|
super(false);
|
||||||
List<Object[]> params = new ArrayList<Object[]>();
|
|
||||||
for (BufferType type: BufferType.values()) {
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
|
|
||||||
}
|
|
||||||
return params;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public ConscryptJdkSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) {
|
static boolean checkConscryptDisabled() {
|
||||||
super(type, combo, delegate);
|
return !Conscrypt.isAvailable();
|
||||||
}
|
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void checkConscrypt() {
|
|
||||||
assumeTrue(Conscrypt.isAvailable());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -66,14 +49,16 @@ public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest {
|
|||||||
return Java8SslTestUtils.conscryptProvider();
|
return Java8SslTestUtils.conscryptProvider();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
@Disabled /* Does the JDK support a "max certificate chain length"? */
|
||||||
@Override
|
@Override
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
|
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
|
||||||
|
throws Exception {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
@Disabled /* Does the JDK support a "max certificate chain length"? */
|
||||||
@Override
|
@Override
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
|
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
|
||||||
|
throws Exception {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -15,48 +15,35 @@
|
|||||||
*/
|
*/
|
||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
import org.junit.BeforeClass;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
import org.junit.Ignore;
|
import org.junit.jupiter.api.Disabled;
|
||||||
import org.junit.Test;
|
import org.junit.jupiter.api.condition.DisabledIf;
|
||||||
import org.junit.runner.RunWith;
|
|
||||||
import org.junit.runners.Parameterized;
|
|
||||||
|
|
||||||
import javax.net.ssl.SSLEngine;
|
import javax.net.ssl.SSLEngine;
|
||||||
import javax.net.ssl.SSLSessionContext;
|
import javax.net.ssl.SSLSessionContext;
|
||||||
|
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
|
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
|
||||||
import static org.junit.Assume.assumeTrue;
|
import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
||||||
|
|
||||||
@RunWith(Parameterized.class)
|
@DisabledIf("checkConscryptDisabled")
|
||||||
public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
|
public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
|
@Override
|
||||||
public static Collection<Object[]> data() {
|
protected List<SSLEngineTestParam> newTestParams() {
|
||||||
List<Object[]> params = new ArrayList<Object[]>();
|
List<SSLEngineTestParam> params = super.newTestParams();
|
||||||
for (BufferType type: BufferType.values()) {
|
List<SSLEngineTestParam> testParams = new ArrayList<SSLEngineTestParam>();
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
|
for (SSLEngineTestParam param: params) {
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
|
testParams.add(new OpenSslEngineTestParam(true, param));
|
||||||
|
testParams.add(new OpenSslEngineTestParam(false, param));
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
|
|
||||||
}
|
}
|
||||||
return params;
|
return testParams;
|
||||||
}
|
}
|
||||||
|
|
||||||
private final boolean useTasks;
|
@BeforeAll
|
||||||
|
|
||||||
public ConscryptOpenSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo,
|
|
||||||
boolean delegate, boolean useTasks) {
|
|
||||||
super(type, combo, delegate);
|
|
||||||
this.useTasks = useTasks;
|
|
||||||
}
|
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void checkOpenssl() {
|
public static void checkOpenssl() {
|
||||||
OpenSsl.ensureAvailability();
|
OpenSsl.ensureAvailability();
|
||||||
}
|
}
|
||||||
@ -77,17 +64,15 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
@Disabled("TODO: Make this work with Conscrypt")
|
||||||
@Ignore("TODO: Make this work with Conscrypt")
|
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) {
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() {
|
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param);
|
||||||
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
@Disabled("TODO: Make this work with Conscrypt")
|
||||||
@Ignore("TODO: Make this work with Conscrypt")
|
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) {
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() {
|
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param);
|
||||||
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -97,45 +82,42 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
|
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
|
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
|
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionAfterHandshakeKeyManagerFactory(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionAfterHandshakeKeyManagerFactory() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSessionAfterHandshakeKeyManagerFactory();
|
super.testSessionAfterHandshakeKeyManagerFactory(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth();
|
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSupportedSignatureAlgorithms() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSupportedSignatureAlgorithms();
|
super.testSupportedSignatureAlgorithms(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -145,18 +127,17 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSessionLocalWhenNonMutualWithKeyManager();
|
super.testSessionLocalWhenNonMutualWithKeyManager(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
|
public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception {
|
||||||
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
|
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
|
||||||
// we need to provide a cert.
|
// we need to provide a cert.
|
||||||
assumeTrue(OpenSsl.supportsKeyManagerFactory());
|
assumeTrue(OpenSsl.supportsKeyManagerFactory());
|
||||||
super.testSessionLocalWhenNonMutualWithoutKeyManager();
|
super.testSessionLocalWhenNonMutualWithoutKeyManager(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -165,24 +146,21 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionCache(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionCache() throws Exception {
|
|
||||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||||
super.testSessionCache();
|
super.testSessionCache(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionCacheTimeout() throws Exception {
|
|
||||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||||
super.testSessionCacheTimeout();
|
super.testSessionCacheTimeout(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionCacheSize(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionCacheSize() throws Exception {
|
|
||||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||||
super.testSessionCacheSize();
|
super.testSessionCacheSize(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -192,9 +170,11 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
|
|||||||
|
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
@Override
|
@Override
|
||||||
protected SslContext wrapContext(SslContext context) {
|
protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
|
||||||
if (context instanceof OpenSslContext) {
|
if (context instanceof OpenSslContext) {
|
||||||
((OpenSslContext) context).setUseTasks(useTasks);
|
if (param instanceof OpenSslEngineTestParam) {
|
||||||
|
((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
|
||||||
|
}
|
||||||
// Explicit enable the session cache as its disabled by default on the client side.
|
// Explicit enable the session cache as its disabled by default on the client side.
|
||||||
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
|
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
|
||||||
}
|
}
|
||||||
|
@ -15,39 +15,22 @@
|
|||||||
*/
|
*/
|
||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
import org.junit.BeforeClass;
|
|
||||||
import org.junit.Ignore;
|
import org.junit.jupiter.api.Disabled;
|
||||||
import org.junit.runner.RunWith;
|
import org.junit.jupiter.api.condition.DisabledIf;
|
||||||
import org.junit.runners.Parameterized;
|
|
||||||
|
|
||||||
import javax.net.ssl.SSLSessionContext;
|
import javax.net.ssl.SSLSessionContext;
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import static org.junit.Assume.assumeTrue;
|
@DisabledIf("checkConscryptDisabled")
|
||||||
|
|
||||||
@RunWith(Parameterized.class)
|
|
||||||
public class ConscryptSslEngineTest extends SSLEngineTest {
|
public class ConscryptSslEngineTest extends SSLEngineTest {
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
|
static boolean checkConscryptDisabled() {
|
||||||
public static Collection<Object[]> data() {
|
return !Conscrypt.isAvailable();
|
||||||
List<Object[]> params = new ArrayList<Object[]>();
|
|
||||||
for (BufferType type: BufferType.values()) {
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
|
|
||||||
}
|
|
||||||
return params;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public ConscryptSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) {
|
public ConscryptSslEngineTest() {
|
||||||
super(type, combo, delegate);
|
super(false);
|
||||||
}
|
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void checkConscrypt() {
|
|
||||||
assumeTrue(Conscrypt.isAvailable());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -70,14 +53,14 @@ public class ConscryptSslEngineTest extends SSLEngineTest {
|
|||||||
return Java8SslTestUtils.conscryptProvider();
|
return Java8SslTestUtils.conscryptProvider();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
@Disabled /* Does the JDK support a "max certificate chain length"? */
|
||||||
@Override
|
@Override
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() {
|
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
@Disabled /* Does the JDK support a "max certificate chain length"? */
|
||||||
@Override
|
@Override
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() {
|
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -85,8 +68,8 @@ public class ConscryptSslEngineTest extends SSLEngineTest {
|
|||||||
// Not supported by conscrypt
|
// Not supported by conscrypt
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore("Possible Conscrypt bug")
|
@Disabled("Possible Conscrypt bug")
|
||||||
public void testSessionCacheTimeout() throws Exception {
|
public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
|
||||||
// Skip
|
// Skip
|
||||||
// https://github.com/google/conscrypt/issues/851
|
// https://github.com/google/conscrypt/issues/851
|
||||||
}
|
}
|
||||||
|
@ -29,7 +29,7 @@ import java.security.cert.X509Certificate;
|
|||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
|
||||||
import static org.junit.Assert.assertNotNull;
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
|
|
||||||
public final class Java8SslTestUtils {
|
public final class Java8SslTestUtils {
|
||||||
|
|
||||||
@ -70,7 +70,7 @@ public final class Java8SslTestUtils {
|
|||||||
InputStream is = null;
|
InputStream is = null;
|
||||||
try {
|
try {
|
||||||
is = SslContextTest.class.getResourceAsStream(resourceName);
|
is = SslContextTest.class.getResourceAsStream(resourceName);
|
||||||
assertNotNull("Cannot find " + resourceName, is);
|
assertNotNull(is, "Cannot find " + resourceName);
|
||||||
certCollection[i] = (X509Certificate) certFactory
|
certCollection[i] = (X509Certificate) certFactory
|
||||||
.generateCertificate(is);
|
.generateCertificate(is);
|
||||||
} finally {
|
} finally {
|
||||||
|
@ -17,39 +17,20 @@ package io.netty.handler.ssl;
|
|||||||
|
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
|
|
||||||
import org.junit.BeforeClass;
|
import org.junit.jupiter.api.Disabled;
|
||||||
import org.junit.Ignore;
|
import org.junit.jupiter.api.condition.DisabledIf;
|
||||||
import org.junit.Test;
|
|
||||||
import org.junit.runner.RunWith;
|
|
||||||
import org.junit.runners.Parameterized;
|
|
||||||
|
|
||||||
import javax.net.ssl.SSLSessionContext;
|
import javax.net.ssl.SSLSessionContext;
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import static org.junit.Assume.assumeTrue;
|
@DisabledIf("checkConscryptDisabled")
|
||||||
|
|
||||||
@RunWith(Parameterized.class)
|
|
||||||
public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
|
public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
|
static boolean checkConscryptDisabled() {
|
||||||
public static Collection<Object[]> data() {
|
return !Conscrypt.isAvailable();
|
||||||
List<Object[]> params = new ArrayList<Object[]>();
|
|
||||||
for (BufferType type: BufferType.values()) {
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
|
|
||||||
}
|
|
||||||
return params;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public JdkConscryptSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) {
|
public JdkConscryptSslEngineInteropTest() {
|
||||||
super(type, combo, delegate);
|
super(false);
|
||||||
}
|
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void checkConscrypt() {
|
|
||||||
assumeTrue(Conscrypt.isAvailable());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -68,17 +49,17 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
@Disabled("TODO: Make this work with Conscrypt")
|
||||||
@Ignore("TODO: Make this work with Conscrypt")
|
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
|
throws Exception {
|
||||||
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
|
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
@Disabled("TODO: Make this work with Conscrypt")
|
||||||
@Ignore("TODO: Make this work with Conscrypt")
|
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
|
throws Exception {
|
||||||
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
|
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -87,9 +68,9 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
|
|||||||
return super.mySetupMutualAuthServerIsValidClientException(cause) || causedBySSLException(cause);
|
return super.mySetupMutualAuthServerIsValidClientException(cause) || causedBySSLException(cause);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore("Ignore due bug in Conscrypt")
|
@Disabled("Ignore due bug in Conscrypt")
|
||||||
@Override
|
@Override
|
||||||
public void testHandshakeSession() throws Exception {
|
public void testHandshakeSession(SSLEngineTestParam param) throws Exception {
|
||||||
// Ignore as Conscrypt does not correctly return the local certificates while the TrustManager is invoked.
|
// Ignore as Conscrypt does not correctly return the local certificates while the TrustManager is invoked.
|
||||||
// See https://github.com/google/conscrypt/issues/634
|
// See https://github.com/google/conscrypt/issues/634
|
||||||
}
|
}
|
||||||
@ -99,8 +80,8 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
|
|||||||
// Not supported by conscrypt
|
// Not supported by conscrypt
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore("Possible Conscrypt bug")
|
@Disabled("Possible Conscrypt bug")
|
||||||
public void testSessionCacheTimeout() {
|
public void testSessionCacheTimeout(SSLEngineTestParam param) {
|
||||||
// Skip
|
// Skip
|
||||||
// https://github.com/google/conscrypt/issues/851
|
// https://github.com/google/conscrypt/issues/851
|
||||||
}
|
}
|
||||||
|
@ -15,54 +15,36 @@
|
|||||||
*/
|
*/
|
||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
import org.junit.BeforeClass;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
import org.junit.Ignore;
|
import org.junit.jupiter.api.Disabled;
|
||||||
import org.junit.Test;
|
|
||||||
import org.junit.runner.RunWith;
|
|
||||||
import org.junit.runners.Parameterized;
|
|
||||||
|
|
||||||
import javax.net.ssl.SSLEngine;
|
import javax.net.ssl.SSLEngine;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
|
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
|
||||||
import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
|
import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
|
||||||
import static org.junit.Assume.assumeTrue;
|
import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
||||||
|
|
||||||
@RunWith(Parameterized.class)
|
|
||||||
public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
|
public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
|
public JdkOpenSslEngineInteroptTest() {
|
||||||
public static Collection<Object[]> data() {
|
super(SslProvider.isTlsv13Supported(SslProvider.JDK) &&
|
||||||
List<Object[]> params = new ArrayList<Object[]>();
|
SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
|
||||||
for (BufferType type: BufferType.values()) {
|
}
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
|
|
||||||
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
|
@Override
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
|
protected List<SSLEngineTestParam> newTestParams() {
|
||||||
|
List<SSLEngineTestParam> params = super.newTestParams();
|
||||||
if (SslProvider.isTlsv13Supported(SslProvider.JDK) && SslProvider.isTlsv13Supported(SslProvider.OPENSSL)) {
|
List<SSLEngineTestParam> testParams = new ArrayList<SSLEngineTestParam>();
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false });
|
for (SSLEngineTestParam param: params) {
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true });
|
testParams.add(new OpenSslEngineTestParam(true, param));
|
||||||
|
testParams.add(new OpenSslEngineTestParam(false, param));
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false });
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true });
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return params;
|
return testParams;
|
||||||
}
|
}
|
||||||
|
|
||||||
private final boolean useTasks;
|
@BeforeAll
|
||||||
|
|
||||||
public JdkOpenSslEngineInteroptTest(BufferType type, ProtocolCipherCombo protocolCipherCombo,
|
|
||||||
boolean delegate, boolean useTasks) {
|
|
||||||
super(type, protocolCipherCombo, delegate);
|
|
||||||
this.useTasks = useTasks;
|
|
||||||
}
|
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void checkOpenSsl() {
|
public static void checkOpenSsl() {
|
||||||
OpenSsl.ensureAvailability();
|
OpenSsl.ensureAvailability();
|
||||||
}
|
}
|
||||||
@ -78,59 +60,55 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
@Disabled("Disable until figured out why this sometimes fail on the CI")
|
||||||
@Ignore("Disable until figured out why this sometimes fail on the CI")
|
public void testMutualAuthSameCerts(SSLEngineTestParam param) throws Throwable {
|
||||||
public void testMutualAuthSameCerts() throws Throwable {
|
super.testMutualAuthSameCerts(param);
|
||||||
super.testMutualAuthSameCerts();
|
}
|
||||||
|
|
||||||
|
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param)
|
||||||
|
throws Exception {
|
||||||
|
checkShouldUseKeyManagerFactory();
|
||||||
|
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
|
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
|
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
|
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
|
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception {
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
|
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionAfterHandshakeKeyManagerFactory(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth();
|
super.testSessionAfterHandshakeKeyManagerFactory(param);
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
@Test
|
|
||||||
public void testSessionAfterHandshakeKeyManagerFactory() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
|
||||||
super.testSessionAfterHandshakeKeyManagerFactory();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -146,52 +124,47 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void testHandshakeSession() throws Exception {
|
public void testHandshakeSession(SSLEngineTestParam param) throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testHandshakeSession();
|
super.testHandshakeSession(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSupportedSignatureAlgorithms() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSupportedSignatureAlgorithms();
|
super.testSupportedSignatureAlgorithms(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSessionLocalWhenNonMutualWithKeyManager();
|
super.testSessionLocalWhenNonMutualWithKeyManager(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
|
public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception {
|
||||||
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
|
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
|
||||||
// we need to provide a cert.
|
// we need to provide a cert.
|
||||||
assumeTrue(OpenSsl.supportsKeyManagerFactory());
|
assumeTrue(OpenSsl.supportsKeyManagerFactory());
|
||||||
super.testSessionLocalWhenNonMutualWithoutKeyManager();
|
super.testSessionLocalWhenNonMutualWithoutKeyManager(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionCache(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionCache() throws Exception {
|
|
||||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||||
super.testSessionCache();
|
super.testSessionCache(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionCacheTimeout() throws Exception {
|
|
||||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||||
super.testSessionCacheTimeout();
|
super.testSessionCacheTimeout(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionCacheSize(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionCacheSize() throws Exception {
|
|
||||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||||
super.testSessionCacheSize();
|
super.testSessionCacheSize(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -201,9 +174,9 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
@Override
|
@Override
|
||||||
protected SslContext wrapContext(SslContext context) {
|
protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
|
||||||
if (context instanceof OpenSslContext) {
|
if (context instanceof OpenSslContext && param instanceof OpenSslEngineTestParam) {
|
||||||
((OpenSslContext) context).setUseTasks(useTasks);
|
((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
|
||||||
// Explicit enable the session cache as its disabled by default on the client side.
|
// Explicit enable the session cache as its disabled by default on the client side.
|
||||||
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
|
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
|
||||||
}
|
}
|
||||||
|
@ -23,26 +23,23 @@ import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelectorFac
|
|||||||
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
|
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
|
||||||
import io.netty.handler.ssl.util.SelfSignedCertificate;
|
import io.netty.handler.ssl.util.SelfSignedCertificate;
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Collection;
|
|
||||||
|
|
||||||
import io.netty.util.internal.EmptyArrays;
|
import io.netty.util.internal.EmptyArrays;
|
||||||
import org.junit.Ignore;
|
import org.junit.AssumptionViolatedException;
|
||||||
import org.junit.Test;
|
import org.junit.jupiter.api.Disabled;
|
||||||
import org.junit.runner.RunWith;
|
import org.junit.jupiter.params.ParameterizedTest;
|
||||||
import org.junit.runners.Parameterized;
|
import org.junit.jupiter.params.provider.MethodSource;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
import javax.net.ssl.SSLEngine;
|
import javax.net.ssl.SSLEngine;
|
||||||
import javax.net.ssl.SSLHandshakeException;
|
import javax.net.ssl.SSLHandshakeException;
|
||||||
|
|
||||||
import static org.junit.Assert.assertNull;
|
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
import static org.junit.Assume.assumeNoException;
|
|
||||||
|
|
||||||
@RunWith(Parameterized.class)
|
|
||||||
public class JdkSslEngineTest extends SSLEngineTest {
|
public class JdkSslEngineTest extends SSLEngineTest {
|
||||||
public enum ProviderType {
|
public enum ProviderType {
|
||||||
NPN_JETTY {
|
NPN_JETTY {
|
||||||
@ -141,75 +138,88 @@ public class JdkSslEngineTest extends SSLEngineTest {
|
|||||||
private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
|
private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
|
||||||
private static final String APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE = "my-protocol-FOO";
|
private static final String APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE = "my-protocol-FOO";
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: providerType = {0}, bufferType = {1}, combo = {2}, delegate = {3}")
|
|
||||||
public static Collection<Object[]> data() {
|
|
||||||
List<Object[]> params = new ArrayList<Object[]>();
|
|
||||||
for (ProviderType providerType : ProviderType.values()) {
|
|
||||||
for (BufferType bufferType : BufferType.values()) {
|
|
||||||
params.add(new Object[]{ providerType, bufferType, ProtocolCipherCombo.tlsv12(), true });
|
|
||||||
params.add(new Object[]{ providerType, bufferType, ProtocolCipherCombo.tlsv12(), false });
|
|
||||||
|
|
||||||
if (SslProvider.isTlsv13Supported(SslProvider.JDK)) {
|
|
||||||
params.add(new Object[] { providerType, bufferType, ProtocolCipherCombo.tlsv13(), true });
|
|
||||||
params.add(new Object[] { providerType, bufferType, ProtocolCipherCombo.tlsv13(), false });
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return params;
|
|
||||||
}
|
|
||||||
|
|
||||||
private final ProviderType providerType;
|
|
||||||
|
|
||||||
private Provider provider;
|
private Provider provider;
|
||||||
|
|
||||||
public JdkSslEngineTest(ProviderType providerType, BufferType bufferType,
|
public JdkSslEngineTest() {
|
||||||
ProtocolCipherCombo protocolCipherCombo, boolean delegate) {
|
super(SslProvider.isTlsv13Supported(SslProvider.JDK));
|
||||||
super(bufferType, protocolCipherCombo, delegate);
|
|
||||||
this.providerType = providerType;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
List<JdkSSLEngineTestParam> newJdkParams() {
|
||||||
public void testTlsExtension() throws Exception {
|
List<SSLEngineTestParam> params = newTestParams();
|
||||||
|
|
||||||
|
List<JdkSSLEngineTestParam> jdkParams = new ArrayList<JdkSSLEngineTestParam>();
|
||||||
|
for (ProviderType providerType: ProviderType.values()) {
|
||||||
|
for (SSLEngineTestParam param: params) {
|
||||||
|
jdkParams.add(new JdkSSLEngineTestParam(providerType, param));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return jdkParams;
|
||||||
|
}
|
||||||
|
|
||||||
|
private static final class JdkSSLEngineTestParam extends SSLEngineTestParam {
|
||||||
|
final ProviderType providerType;
|
||||||
|
JdkSSLEngineTestParam(ProviderType providerType, SSLEngineTestParam param) {
|
||||||
|
super(param.type(), param.combo(), param.delegate());
|
||||||
|
this.providerType = providerType;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString() {
|
||||||
|
return "JdkSSLEngineTestParam{" +
|
||||||
|
"type=" + type() +
|
||||||
|
", protocolCipherCombo=" + combo() +
|
||||||
|
", delegate=" + delegate() +
|
||||||
|
", providerType=" + providerType +
|
||||||
|
'}';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@MethodSource("newJdkParams")
|
||||||
|
@ParameterizedTest
|
||||||
|
public void testTlsExtension(JdkSSLEngineTestParam param) throws Exception {
|
||||||
try {
|
try {
|
||||||
providerType.activate(this);
|
param.providerType.activate(this);
|
||||||
ApplicationProtocolConfig apn = failingNegotiator(providerType.protocol(),
|
ApplicationProtocolConfig apn = failingNegotiator(param.providerType.protocol(),
|
||||||
PREFERRED_APPLICATION_LEVEL_PROTOCOL);
|
PREFERRED_APPLICATION_LEVEL_PROTOCOL);
|
||||||
setupHandlers(apn);
|
setupHandlers(param, apn);
|
||||||
runTest();
|
runTest();
|
||||||
} catch (SkipTestException e) {
|
} catch (SkipTestException e) {
|
||||||
// ALPN availability is dependent on the java version. If ALPN is not available because of
|
// ALPN availability is dependent on the java version. If ALPN is not available because of
|
||||||
// java version incompatibility don't fail the test, but instead just skip the test
|
// java version incompatibility don't fail the test, but instead just skip the test
|
||||||
assumeNoException(e);
|
throw new AssumptionViolatedException("Not expected", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@MethodSource("newJdkParams")
|
||||||
public void testTlsExtensionNoCompatibleProtocolsNoHandshakeFailure() throws Exception {
|
@ParameterizedTest
|
||||||
|
public void testTlsExtensionNoCompatibleProtocolsNoHandshakeFailure(JdkSSLEngineTestParam param) throws Exception {
|
||||||
try {
|
try {
|
||||||
providerType.activate(this);
|
param.providerType.activate(this);
|
||||||
ApplicationProtocolConfig clientApn = acceptingNegotiator(providerType.protocol(),
|
ApplicationProtocolConfig clientApn = acceptingNegotiator(param.providerType.protocol(),
|
||||||
PREFERRED_APPLICATION_LEVEL_PROTOCOL);
|
PREFERRED_APPLICATION_LEVEL_PROTOCOL);
|
||||||
ApplicationProtocolConfig serverApn = acceptingNegotiator(providerType.protocol(),
|
ApplicationProtocolConfig serverApn = acceptingNegotiator(param.providerType.protocol(),
|
||||||
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
|
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
|
||||||
setupHandlers(serverApn, clientApn);
|
setupHandlers(param, serverApn, clientApn);
|
||||||
runTest(null);
|
runTest(null);
|
||||||
} catch (SkipTestException e) {
|
} catch (SkipTestException e) {
|
||||||
// ALPN availability is dependent on the java version. If ALPN is not available because of
|
// ALPN availability is dependent on the java version. If ALPN is not available because of
|
||||||
// java version incompatibility don't fail the test, but instead just skip the test
|
// java version incompatibility don't fail the test, but instead just skip the test
|
||||||
assumeNoException(e);
|
throw new AssumptionViolatedException("Not expected", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@MethodSource("newJdkParams")
|
||||||
public void testTlsExtensionNoCompatibleProtocolsClientHandshakeFailure() throws Exception {
|
@ParameterizedTest
|
||||||
|
public void testTlsExtensionNoCompatibleProtocolsClientHandshakeFailure(JdkSSLEngineTestParam param)
|
||||||
|
throws Exception {
|
||||||
try {
|
try {
|
||||||
providerType.activate(this);
|
param.providerType.activate(this);
|
||||||
if (providerType == ProviderType.NPN_JETTY) {
|
if (param.providerType == ProviderType.NPN_JETTY) {
|
||||||
ApplicationProtocolConfig clientApn = failingNegotiator(providerType.protocol(),
|
ApplicationProtocolConfig clientApn = failingNegotiator(param.providerType.protocol(),
|
||||||
PREFERRED_APPLICATION_LEVEL_PROTOCOL);
|
PREFERRED_APPLICATION_LEVEL_PROTOCOL);
|
||||||
ApplicationProtocolConfig serverApn = acceptingNegotiator(providerType.protocol(),
|
ApplicationProtocolConfig serverApn = acceptingNegotiator(param.providerType.protocol(),
|
||||||
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
|
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
|
||||||
setupHandlers(serverApn, clientApn);
|
setupHandlers(param, serverApn, clientApn);
|
||||||
assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
|
assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
|
||||||
assertTrue(clientException instanceof SSLHandshakeException);
|
assertTrue(clientException instanceof SSLHandshakeException);
|
||||||
} else {
|
} else {
|
||||||
@ -235,14 +245,15 @@ public class JdkSslEngineTest extends SSLEngineTest {
|
|||||||
}, JdkBaseApplicationProtocolNegotiator.FAIL_SELECTION_LISTENER_FACTORY,
|
}, JdkBaseApplicationProtocolNegotiator.FAIL_SELECTION_LISTENER_FACTORY,
|
||||||
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
|
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
|
||||||
|
|
||||||
SslContext serverSslCtx = new JdkSslServerContext(providerType.provider(),
|
SslContext serverSslCtx = new JdkSslServerContext(param.providerType.provider(),
|
||||||
ssc.certificate(), ssc.privateKey(), null, null,
|
ssc.certificate(), ssc.privateKey(), null, null,
|
||||||
IdentityCipherSuiteFilter.INSTANCE, serverApn, 0, 0, null);
|
IdentityCipherSuiteFilter.INSTANCE, serverApn, 0, 0, null);
|
||||||
SslContext clientSslCtx = new JdkSslClientContext(providerType.provider(), null,
|
SslContext clientSslCtx = new JdkSslClientContext(param.providerType.provider(), null,
|
||||||
InsecureTrustManagerFactory.INSTANCE, null,
|
InsecureTrustManagerFactory.INSTANCE, null,
|
||||||
IdentityCipherSuiteFilter.INSTANCE, clientApn, 0, 0);
|
IdentityCipherSuiteFilter.INSTANCE, clientApn, 0, 0);
|
||||||
|
|
||||||
setupHandlers(new TestDelegatingSslContext(serverSslCtx), new TestDelegatingSslContext(clientSslCtx));
|
setupHandlers(param.type(), param.delegate(), new TestDelegatingSslContext(param, serverSslCtx),
|
||||||
|
new TestDelegatingSslContext(param, clientSslCtx));
|
||||||
assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
|
assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
|
||||||
// When using TLSv1.3 the handshake is NOT sent in an extra round trip which means there will be
|
// When using TLSv1.3 the handshake is NOT sent in an extra round trip which means there will be
|
||||||
// no exception reported in this case but just the channel will be closed.
|
// no exception reported in this case but just the channel will be closed.
|
||||||
@ -251,35 +262,38 @@ public class JdkSslEngineTest extends SSLEngineTest {
|
|||||||
} catch (SkipTestException e) {
|
} catch (SkipTestException e) {
|
||||||
// ALPN availability is dependent on the java version. If ALPN is not available because of
|
// ALPN availability is dependent on the java version. If ALPN is not available because of
|
||||||
// java version incompatibility don't fail the test, but instead just skip the test
|
// java version incompatibility don't fail the test, but instead just skip the test
|
||||||
assumeNoException(e);
|
throw new AssumptionViolatedException("Not expected", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@MethodSource("newJdkParams")
|
||||||
public void testTlsExtensionNoCompatibleProtocolsServerHandshakeFailure() throws Exception {
|
@ParameterizedTest
|
||||||
|
public void testTlsExtensionNoCompatibleProtocolsServerHandshakeFailure(JdkSSLEngineTestParam param)
|
||||||
|
throws Exception {
|
||||||
try {
|
try {
|
||||||
providerType.activate(this);
|
param.providerType.activate(this);
|
||||||
ApplicationProtocolConfig clientApn = acceptingNegotiator(providerType.protocol(),
|
ApplicationProtocolConfig clientApn = acceptingNegotiator(param.providerType.protocol(),
|
||||||
PREFERRED_APPLICATION_LEVEL_PROTOCOL);
|
PREFERRED_APPLICATION_LEVEL_PROTOCOL);
|
||||||
ApplicationProtocolConfig serverApn = failingNegotiator(providerType.protocol(),
|
ApplicationProtocolConfig serverApn = failingNegotiator(param.providerType.protocol(),
|
||||||
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
|
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
|
||||||
setupHandlers(serverApn, clientApn);
|
setupHandlers(param, serverApn, clientApn);
|
||||||
assertTrue(serverLatch.await(2, TimeUnit.SECONDS));
|
assertTrue(serverLatch.await(2, TimeUnit.SECONDS));
|
||||||
assertTrue(serverException instanceof SSLHandshakeException);
|
assertTrue(serverException instanceof SSLHandshakeException);
|
||||||
} catch (SkipTestException e) {
|
} catch (SkipTestException e) {
|
||||||
// ALPN availability is dependent on the java version. If ALPN is not available because of
|
// ALPN availability is dependent on the java version. If ALPN is not available because of
|
||||||
// java version incompatibility don't fail the test, but instead just skip the test
|
// java version incompatibility don't fail the test, but instead just skip the test
|
||||||
assumeNoException(e);
|
throw new AssumptionViolatedException("Not expected", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@MethodSource("newJdkParams")
|
||||||
public void testAlpnCompatibleProtocolsDifferentClientOrder() throws Exception {
|
@ParameterizedTest
|
||||||
|
public void testAlpnCompatibleProtocolsDifferentClientOrder(JdkSSLEngineTestParam param) throws Exception {
|
||||||
try {
|
try {
|
||||||
providerType.activate(this);
|
param.providerType.activate(this);
|
||||||
if (providerType == ProviderType.NPN_JETTY) {
|
if (param.providerType == ProviderType.NPN_JETTY) {
|
||||||
// This test only applies to ALPN.
|
// This test only applies to ALPN.
|
||||||
throw tlsExtensionNotFound(providerType.protocol());
|
throw tlsExtensionNotFound(param.providerType.protocol());
|
||||||
}
|
}
|
||||||
// Even the preferred application protocol appears second in the client's list, it will be picked
|
// Even the preferred application protocol appears second in the client's list, it will be picked
|
||||||
// because it's the first one on server's list.
|
// because it's the first one on server's list.
|
||||||
@ -287,29 +301,32 @@ public class JdkSslEngineTest extends SSLEngineTest {
|
|||||||
FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL);
|
FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL);
|
||||||
ApplicationProtocolConfig serverApn = failingNegotiator(Protocol.ALPN,
|
ApplicationProtocolConfig serverApn = failingNegotiator(Protocol.ALPN,
|
||||||
PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL);
|
PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL);
|
||||||
setupHandlers(serverApn, clientApn);
|
setupHandlers(param, serverApn, clientApn);
|
||||||
assertNull(serverException);
|
assertNull(serverException);
|
||||||
runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
|
runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
|
||||||
} catch (SkipTestException e) {
|
} catch (SkipTestException e) {
|
||||||
// ALPN availability is dependent on the java version. If ALPN is not available because of
|
// ALPN availability is dependent on the java version. If ALPN is not available because of
|
||||||
// java version incompatibility don't fail the test, but instead just skip the test
|
// java version incompatibility don't fail the test, but instead just skip the test
|
||||||
assumeNoException(e);
|
throw new AssumptionViolatedException("Not expected", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@MethodSource("newTestParams")
|
||||||
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
|
@ParameterizedTest
|
||||||
testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslProtocols.TLS_v1_2 });
|
public void testEnablingAnAlreadyDisabledSslProtocol(SSLEngineTestParam param) throws Exception {
|
||||||
|
testEnablingAnAlreadyDisabledSslProtocol(param, new String[]{}, new String[]{ SslProtocols.TLS_v1_2 });
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
@Disabled /* Does the JDK support a "max certificate chain length"? */
|
||||||
@Override
|
@Override
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
|
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
|
||||||
|
throws Exception {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
@Disabled /* Does the JDK support a "max certificate chain length"? */
|
||||||
@Override
|
@Override
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
|
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
|
||||||
|
throws Exception {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -368,15 +385,18 @@ public class JdkSslEngineTest extends SSLEngineTest {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private final class TestDelegatingSslContext extends DelegatingSslContext {
|
private static final class TestDelegatingSslContext extends DelegatingSslContext {
|
||||||
TestDelegatingSslContext(SslContext ctx) {
|
private final SSLEngineTestParam param;
|
||||||
|
|
||||||
|
TestDelegatingSslContext(SSLEngineTestParam param, SslContext ctx) {
|
||||||
super(ctx);
|
super(ctx);
|
||||||
|
this.param = param;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void initEngine(SSLEngine engine) {
|
protected void initEngine(SSLEngine engine) {
|
||||||
engine.setEnabledProtocols(protocols());
|
engine.setEnabledProtocols(param.protocols().toArray(EmptyArrays.EMPTY_STRINGS));
|
||||||
engine.setEnabledCipherSuites(ciphers().toArray(EmptyArrays.EMPTY_STRINGS));
|
engine.setEnabledCipherSuites(param.ciphers().toArray(EmptyArrays.EMPTY_STRINGS));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -16,14 +16,14 @@
|
|||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
|
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
|
|
||||||
import javax.net.ssl.SSLException;
|
import javax.net.ssl.SSLException;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
|
|
||||||
public class OpenSslClientContextTest extends SslContextTest {
|
public class OpenSslClientContextTest extends SslContextTest {
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeAll
|
||||||
public static void checkOpenSsl() {
|
public static void checkOpenSsl() {
|
||||||
OpenSsl.ensureAvailability();
|
OpenSsl.ensureAvailability();
|
||||||
}
|
}
|
||||||
|
@ -15,47 +15,33 @@
|
|||||||
*/
|
*/
|
||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
import org.junit.BeforeClass;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
import org.junit.Ignore;
|
import org.junit.jupiter.api.Disabled;
|
||||||
import org.junit.Test;
|
import org.junit.jupiter.api.condition.DisabledIf;
|
||||||
import org.junit.runner.RunWith;
|
|
||||||
import org.junit.runners.Parameterized;
|
|
||||||
|
|
||||||
import javax.net.ssl.SSLEngine;
|
import javax.net.ssl.SSLEngine;
|
||||||
import javax.net.ssl.SSLSessionContext;
|
import javax.net.ssl.SSLSessionContext;
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
|
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
|
||||||
import static org.junit.Assume.assumeTrue;
|
import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
||||||
|
|
||||||
@RunWith(Parameterized.class)
|
@DisabledIf("checkConscryptDisabled")
|
||||||
public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest {
|
public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest {
|
||||||
|
@Override
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
|
protected List<SSLEngineTestParam> newTestParams() {
|
||||||
public static Collection<Object[]> data() {
|
List<SSLEngineTestParam> params = super.newTestParams();
|
||||||
List<Object[]> params = new ArrayList<Object[]>();
|
List<SSLEngineTestParam> testParams = new ArrayList<SSLEngineTestParam>();
|
||||||
for (BufferType type: BufferType.values()) {
|
for (SSLEngineTestParam param: params) {
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
|
testParams.add(new OpenSslEngineTestParam(true, param));
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
|
testParams.add(new OpenSslEngineTestParam(false, param));
|
||||||
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
|
|
||||||
}
|
}
|
||||||
return params;
|
return testParams;
|
||||||
}
|
}
|
||||||
|
|
||||||
private final boolean useTasks;
|
@BeforeAll
|
||||||
|
|
||||||
public OpenSslConscryptSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo,
|
|
||||||
boolean delegate, boolean useTasks) {
|
|
||||||
super(type, combo, delegate);
|
|
||||||
this.useTasks = useTasks;
|
|
||||||
}
|
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void checkOpenssl() {
|
public static void checkOpenssl() {
|
||||||
OpenSsl.ensureAvailability();
|
OpenSsl.ensureAvailability();
|
||||||
}
|
}
|
||||||
@ -76,17 +62,15 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
@Disabled("TODO: Make this work with Conscrypt")
|
||||||
@Ignore("TODO: Make this work with Conscrypt")
|
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) {
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() {
|
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param);
|
||||||
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
@Disabled("TODO: Make this work with Conscrypt")
|
||||||
@Ignore("TODO: Make this work with Conscrypt")
|
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) {
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() {
|
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param);
|
||||||
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -96,38 +80,36 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
|
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
|
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
|
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth();
|
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSupportedSignatureAlgorithms() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSupportedSignatureAlgorithms();
|
super.testSupportedSignatureAlgorithms(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -137,31 +119,27 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSessionLocalWhenNonMutualWithKeyManager();
|
super.testSessionLocalWhenNonMutualWithKeyManager(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionCache(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionCache() throws Exception {
|
|
||||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||||
super.testSessionCache();
|
super.testSessionCache(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionCacheTimeout() throws Exception {
|
|
||||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||||
super.testSessionCacheTimeout();
|
super.testSessionCacheTimeout(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionCacheSize(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionCacheSize() throws Exception {
|
|
||||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||||
super.testSessionCacheSize();
|
super.testSessionCacheSize(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -176,9 +154,11 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
|
|||||||
|
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
@Override
|
@Override
|
||||||
protected SslContext wrapContext(SslContext context) {
|
protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
|
||||||
if (context instanceof OpenSslContext) {
|
if (context instanceof OpenSslContext) {
|
||||||
((OpenSslContext) context).setUseTasks(useTasks);
|
if (param instanceof OpenSslEngineTestParam) {
|
||||||
|
((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
|
||||||
|
}
|
||||||
// Explicit enable the session cache as its disabled by default on the client side.
|
// Explicit enable the session cache as its disabled by default on the client side.
|
||||||
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
|
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
|
||||||
}
|
}
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,34 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2021 The Netty Project
|
||||||
|
*
|
||||||
|
* The Netty Project licenses this file to you under the Apache License,
|
||||||
|
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at:
|
||||||
|
*
|
||||||
|
* https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
|
final class OpenSslEngineTestParam extends SSLEngineTest.SSLEngineTestParam {
|
||||||
|
final boolean useTasks;
|
||||||
|
OpenSslEngineTestParam(boolean useTasks, SSLEngineTest.SSLEngineTestParam param) {
|
||||||
|
super(param.type(), param.combo(), param.delegate());
|
||||||
|
this.useTasks = useTasks;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString() {
|
||||||
|
return "OpenSslEngineTestParam{" +
|
||||||
|
"type=" + type() +
|
||||||
|
", protocolCipherCombo=" + combo() +
|
||||||
|
", delegate=" + delegate() +
|
||||||
|
", useTasks=" + useTasks +
|
||||||
|
'}';
|
||||||
|
}
|
||||||
|
}
|
@ -18,7 +18,6 @@ package io.netty.handler.ssl;
|
|||||||
import io.netty.internal.tcnative.SSL;
|
import io.netty.internal.tcnative.SSL;
|
||||||
import io.netty.util.ReferenceCounted;
|
import io.netty.util.ReferenceCounted;
|
||||||
import io.netty.util.internal.PlatformDependent;
|
import io.netty.util.internal.PlatformDependent;
|
||||||
import org.junit.Assert;
|
|
||||||
|
|
||||||
import javax.net.ssl.SSLEngine;
|
import javax.net.ssl.SSLEngine;
|
||||||
import javax.net.ssl.SSLEngineResult;
|
import javax.net.ssl.SSLEngineResult;
|
||||||
@ -29,6 +28,8 @@ import java.nio.ByteBuffer;
|
|||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.function.BiFunction;
|
import java.util.function.BiFunction;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Special {@link SSLEngine} which allows to wrap a {@link ReferenceCountedOpenSslEngine} and verify that that
|
* Special {@link SSLEngine} which allows to wrap a {@link ReferenceCountedOpenSslEngine} and verify that that
|
||||||
* Error stack is empty after each method call.
|
* Error stack is empty after each method call.
|
||||||
@ -436,6 +437,6 @@ final class OpenSslErrorStackAssertSSLEngine extends JdkSslEngine implements Ref
|
|||||||
|
|
||||||
private static void assertErrorStackEmpty() {
|
private static void assertErrorStackEmpty() {
|
||||||
long error = SSL.getLastErrorNumber();
|
long error = SSL.getLastErrorNumber();
|
||||||
Assert.assertEquals("SSL error stack non-empty: " + SSL.getErrorString(error), 0, error);
|
assertEquals(0, error, "SSL error stack non-empty: " + SSL.getErrorString(error));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -15,57 +15,38 @@
|
|||||||
*/
|
*/
|
||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
import org.junit.BeforeClass;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
import org.junit.Ignore;
|
import org.junit.jupiter.api.Disabled;
|
||||||
import org.junit.Test;
|
|
||||||
|
|
||||||
import javax.net.ssl.SSLEngine;
|
import javax.net.ssl.SSLEngine;
|
||||||
|
|
||||||
import org.junit.runner.RunWith;
|
|
||||||
import org.junit.runners.Parameterized;
|
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
|
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
|
||||||
import static org.junit.Assume.assumeTrue;
|
import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
||||||
|
|
||||||
@RunWith(Parameterized.class)
|
|
||||||
public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
|
public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
|
||||||
|
|
||||||
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
|
public OpenSslJdkSslEngineInteroptTest() {
|
||||||
public static Collection<Object[]> data() {
|
super(SslProvider.isTlsv13Supported(SslProvider.JDK) &&
|
||||||
List<Object[]> params = new ArrayList<Object[]>();
|
SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
|
||||||
for (BufferType type: BufferType.values()) {
|
}
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
|
|
||||||
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false});
|
@Override
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
|
protected List<SSLEngineTestParam> newTestParams() {
|
||||||
|
List<SSLEngineTestParam> params = super.newTestParams();
|
||||||
if (SslProvider.isTlsv13Supported(SslProvider.JDK) && SslProvider.isTlsv13Supported(SslProvider.OPENSSL)) {
|
List<SSLEngineTestParam> testParams = new ArrayList<SSLEngineTestParam>();
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false });
|
for (SSLEngineTestParam param: params) {
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true });
|
testParams.add(new OpenSslEngineTestParam(true, param));
|
||||||
|
testParams.add(new OpenSslEngineTestParam(false, param));
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false });
|
|
||||||
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true });
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return params;
|
return testParams;
|
||||||
}
|
}
|
||||||
|
|
||||||
private final boolean useTasks;
|
@BeforeAll
|
||||||
|
|
||||||
public OpenSslJdkSslEngineInteroptTest(BufferType type, ProtocolCipherCombo combo,
|
|
||||||
boolean delegate, boolean useTasks) {
|
|
||||||
super(type, combo, delegate);
|
|
||||||
this.useTasks = useTasks;
|
|
||||||
}
|
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void checkOpenSsl() {
|
public static void checkOpenSsl() {
|
||||||
assumeTrue(OpenSsl.isAvailable());
|
OpenSsl.ensureAvailability();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -78,42 +59,43 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
|
|||||||
return SslProvider.JDK;
|
return SslProvider.JDK;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
@Disabled /* Does the JDK support a "max certificate chain length"? */
|
||||||
@Override
|
@Override
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
|
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
|
||||||
|
throws Exception {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore /* Does the JDK support a "max certificate chain length"? */
|
@Disabled /* Does the JDK support a "max certificate chain length"? */
|
||||||
@Override
|
@Override
|
||||||
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
|
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
|
||||||
|
throws Exception {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
|
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
|
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param)
|
||||||
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
|
throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
|
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth();
|
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -123,52 +105,47 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void testHandshakeSession() throws Exception {
|
public void testHandshakeSession(SSLEngineTestParam param) throws Exception {
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testHandshakeSession();
|
super.testHandshakeSession(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSupportedSignatureAlgorithms() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSupportedSignatureAlgorithms();
|
super.testSupportedSignatureAlgorithms(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
|
|
||||||
checkShouldUseKeyManagerFactory();
|
checkShouldUseKeyManagerFactory();
|
||||||
super.testSessionLocalWhenNonMutualWithKeyManager();
|
super.testSessionLocalWhenNonMutualWithKeyManager(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
|
public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception {
|
||||||
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
|
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
|
||||||
// we need to provide a cert.
|
// we need to provide a cert.
|
||||||
assumeTrue(OpenSsl.supportsKeyManagerFactory());
|
assumeTrue(OpenSsl.supportsKeyManagerFactory());
|
||||||
super.testSessionLocalWhenNonMutualWithoutKeyManager();
|
super.testSessionLocalWhenNonMutualWithoutKeyManager(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionCache(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionCache() throws Exception {
|
|
||||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||||
super.testSessionCache();
|
super.testSessionCache(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionCacheTimeout() throws Exception {
|
|
||||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||||
super.testSessionCacheTimeout();
|
super.testSessionCacheTimeout(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Test
|
public void testSessionCacheSize(SSLEngineTestParam param) throws Exception {
|
||||||
public void testSessionCacheSize() throws Exception {
|
|
||||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||||
super.testSessionCacheSize();
|
super.testSessionCacheSize(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -178,9 +155,9 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
|
|||||||
|
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
@Override
|
@Override
|
||||||
protected SslContext wrapContext(SslContext context) {
|
protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
|
||||||
if (context instanceof OpenSslContext) {
|
if (context instanceof OpenSslContext && param instanceof OpenSslEngineTestParam) {
|
||||||
((OpenSslContext) context).setUseTasks(useTasks);
|
((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
|
||||||
// Explicit enable the session cache as its disabled by default on the client side.
|
// Explicit enable the session cache as its disabled by default on the client side.
|
||||||
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
|
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
|
||||||
}
|
}
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
*/
|
*/
|
||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
import org.junit.BeforeClass;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
|
|
||||||
import java.util.concurrent.atomic.AtomicReference;
|
import java.util.concurrent.atomic.AtomicReference;
|
||||||
|
|
||||||
@ -24,11 +24,10 @@ import javax.net.ssl.SSLException;
|
|||||||
import static org.hamcrest.MatcherAssert.assertThat;
|
import static org.hamcrest.MatcherAssert.assertThat;
|
||||||
import static org.hamcrest.Matchers.instanceOf;
|
import static org.hamcrest.Matchers.instanceOf;
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
import static org.junit.Assume.assumeTrue;
|
|
||||||
|
|
||||||
public class OpenSslRenegotiateTest extends RenegotiateTest {
|
public class OpenSslRenegotiateTest extends RenegotiateTest {
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeAll
|
||||||
public static void checkOpenSsl() {
|
public static void checkOpenSsl() {
|
||||||
OpenSsl.ensureAvailability();
|
OpenSsl.ensureAvailability();
|
||||||
}
|
}
|
||||||
|
@ -15,14 +15,14 @@
|
|||||||
*/
|
*/
|
||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
import org.junit.BeforeClass;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
|
|
||||||
import javax.net.ssl.SSLException;
|
import javax.net.ssl.SSLException;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
|
|
||||||
public class OpenSslServerContextTest extends SslContextTest {
|
public class OpenSslServerContextTest extends SslContextTest {
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeAll
|
||||||
public static void checkOpenSsl() {
|
public static void checkOpenSsl() {
|
||||||
OpenSsl.ensureAvailability();
|
OpenSsl.ensureAvailability();
|
||||||
}
|
}
|
||||||
|
@ -18,19 +18,17 @@ package io.netty.handler.ssl;
|
|||||||
import io.netty.buffer.UnpooledByteBufAllocator;
|
import io.netty.buffer.UnpooledByteBufAllocator;
|
||||||
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
|
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
|
||||||
import io.netty.util.ReferenceCountUtil;
|
import io.netty.util.ReferenceCountUtil;
|
||||||
import org.junit.Test;
|
import org.junit.jupiter.api.function.Executable;
|
||||||
|
import org.junit.jupiter.params.ParameterizedTest;
|
||||||
|
import org.junit.jupiter.params.provider.MethodSource;
|
||||||
|
|
||||||
import javax.net.ssl.SSLEngine;
|
import javax.net.ssl.SSLEngine;
|
||||||
|
|
||||||
import static junit.framework.TestCase.*;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
|
||||||
public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
|
public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
|
||||||
|
|
||||||
public ReferenceCountedOpenSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate,
|
|
||||||
boolean useTasks) {
|
|
||||||
super(type, combo, delegate, useTasks);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected SslProvider sslClientProvider() {
|
protected SslProvider sslClientProvider() {
|
||||||
return SslProvider.OPENSSL_REFCNT;
|
return SslProvider.OPENSSL_REFCNT;
|
||||||
@ -61,37 +59,46 @@ public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
|
|||||||
ReferenceCountUtil.release(unwrapEngine(engine));
|
ReferenceCountUtil.release(unwrapEngine(engine));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test(expected = NullPointerException.class)
|
@MethodSource("newTestParams")
|
||||||
public void testNotLeakOnException() throws Exception {
|
@ParameterizedTest
|
||||||
clientSslCtx = wrapContext(SslContextBuilder.forClient()
|
public void testNotLeakOnException(SSLEngineTestParam param) throws Exception {
|
||||||
|
clientSslCtx = wrapContext(param, SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(param.protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(param.ciphers())
|
||||||
.build());
|
.build());
|
||||||
|
|
||||||
clientSslCtx.newEngine(null);
|
assertThrows(NullPointerException.class, new Executable() {
|
||||||
|
@Override
|
||||||
|
public void execute() throws Throwable {
|
||||||
|
clientSslCtx.newEngine(null);
|
||||||
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
@Override
|
@Override
|
||||||
protected SslContext wrapContext(SslContext context) {
|
protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
|
||||||
if (context instanceof ReferenceCountedOpenSslContext) {
|
if (context instanceof ReferenceCountedOpenSslContext) {
|
||||||
((ReferenceCountedOpenSslContext) context).setUseTasks(useTasks);
|
if (param instanceof OpenSslEngineTestParam) {
|
||||||
|
((ReferenceCountedOpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
|
||||||
|
}
|
||||||
// Explicit enable the session cache as its disabled by default on the client side.
|
// Explicit enable the session cache as its disabled by default on the client side.
|
||||||
((ReferenceCountedOpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
|
((ReferenceCountedOpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
|
||||||
}
|
}
|
||||||
return context;
|
return context;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@MethodSource("newTestParams")
|
||||||
public void parentContextIsRetainedByChildEngines() throws Exception {
|
@ParameterizedTest
|
||||||
SslContext clientSslCtx = SslContextBuilder.forClient()
|
public void parentContextIsRetainedByChildEngines(SSLEngineTestParam param) throws Exception {
|
||||||
|
SslContext clientSslCtx = wrapContext(param, SslContextBuilder.forClient()
|
||||||
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
.trustManager(InsecureTrustManagerFactory.INSTANCE)
|
||||||
.sslProvider(sslClientProvider())
|
.sslProvider(sslClientProvider())
|
||||||
.protocols(protocols())
|
.protocols(param.protocols())
|
||||||
.ciphers(ciphers())
|
.ciphers(param.ciphers())
|
||||||
.build();
|
.build());
|
||||||
|
|
||||||
SSLEngine engine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
|
SSLEngine engine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
|
||||||
assertEquals(ReferenceCountUtil.refCnt(clientSslCtx), 2);
|
assertEquals(ReferenceCountUtil.refCnt(clientSslCtx), 2);
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -34,7 +34,6 @@ import io.netty.util.ReferenceCountUtil;
|
|||||||
import io.netty.util.concurrent.Promise;
|
import io.netty.util.concurrent.Promise;
|
||||||
import io.netty.util.internal.EmptyArrays;
|
import io.netty.util.internal.EmptyArrays;
|
||||||
import io.netty.util.internal.ThrowableUtil;
|
import io.netty.util.internal.ThrowableUtil;
|
||||||
import org.junit.Assert;
|
|
||||||
|
|
||||||
import javax.net.ssl.ExtendedSSLSession;
|
import javax.net.ssl.ExtendedSSLSession;
|
||||||
import javax.net.ssl.KeyManager;
|
import javax.net.ssl.KeyManager;
|
||||||
@ -67,6 +66,11 @@ import java.util.ArrayList;
|
|||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
|
import static org.junit.jupiter.api.Assertions.fail;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* In extra class to be able to run tests with java7 without trying to load classes that not exists in java7.
|
* In extra class to be able to run tests with java7 without trying to load classes that not exists in java7.
|
||||||
*/
|
*/
|
||||||
@ -171,17 +175,17 @@ final class SniClientJava8TestUtil {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static void assertSSLSession(boolean clientSide, SSLSession session, SNIServerName name) {
|
private static void assertSSLSession(boolean clientSide, SSLSession session, SNIServerName name) {
|
||||||
Assert.assertNotNull(session);
|
assertNotNull(session);
|
||||||
if (session instanceof ExtendedSSLSession) {
|
if (session instanceof ExtendedSSLSession) {
|
||||||
ExtendedSSLSession extendedSSLSession = (ExtendedSSLSession) session;
|
ExtendedSSLSession extendedSSLSession = (ExtendedSSLSession) session;
|
||||||
List<SNIServerName> names = extendedSSLSession.getRequestedServerNames();
|
List<SNIServerName> names = extendedSSLSession.getRequestedServerNames();
|
||||||
Assert.assertEquals(1, names.size());
|
assertEquals(1, names.size());
|
||||||
Assert.assertEquals(name, names.get(0));
|
assertEquals(name, names.get(0));
|
||||||
Assert.assertTrue(extendedSSLSession.getLocalSupportedSignatureAlgorithms().length > 0);
|
assertTrue(extendedSSLSession.getLocalSupportedSignatureAlgorithms().length > 0);
|
||||||
if (clientSide) {
|
if (clientSide) {
|
||||||
Assert.assertEquals(0, extendedSSLSession.getPeerSupportedSignatureAlgorithms().length);
|
assertEquals(0, extendedSSLSession.getPeerSupportedSignatureAlgorithms().length);
|
||||||
} else {
|
} else {
|
||||||
Assert.assertTrue(extendedSSLSession.getPeerSupportedSignatureAlgorithms().length >= 0);
|
assertTrue(extendedSSLSession.getPeerSupportedSignatureAlgorithms().length >= 0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -214,19 +218,19 @@ final class SniClientJava8TestUtil {
|
|||||||
@Override
|
@Override
|
||||||
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket)
|
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket)
|
||||||
throws CertificateException {
|
throws CertificateException {
|
||||||
Assert.fail();
|
fail();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket)
|
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket)
|
||||||
throws CertificateException {
|
throws CertificateException {
|
||||||
Assert.fail();
|
fail();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine)
|
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine)
|
||||||
throws CertificateException {
|
throws CertificateException {
|
||||||
Assert.fail();
|
fail();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -238,13 +242,13 @@ final class SniClientJava8TestUtil {
|
|||||||
@Override
|
@Override
|
||||||
public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
|
public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
|
||||||
throws CertificateException {
|
throws CertificateException {
|
||||||
Assert.fail();
|
fail();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
|
public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
|
||||||
throws CertificateException {
|
throws CertificateException {
|
||||||
Assert.fail();
|
fail();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -72,7 +72,7 @@ import static org.hamcrest.CoreMatchers.is;
|
|||||||
import static org.hamcrest.CoreMatchers.nullValue;
|
import static org.hamcrest.CoreMatchers.nullValue;
|
||||||
import static org.hamcrest.MatcherAssert.assertThat;
|
import static org.hamcrest.MatcherAssert.assertThat;
|
||||||
|
|
||||||
import static org.junit.Assume.assumeTrue;
|
import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
|
@ -31,7 +31,7 @@ import javax.net.ssl.SSLContext;
|
|||||||
import javax.net.ssl.SSLEngine;
|
import javax.net.ssl.SSLEngine;
|
||||||
import javax.net.ssl.SSLException;
|
import javax.net.ssl.SSLException;
|
||||||
|
|
||||||
import static org.junit.Assume.assumeNotNull;
|
import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
||||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
@ -124,7 +124,7 @@ public abstract class SslContextTest {
|
|||||||
} catch (IllegalArgumentException e) {
|
} catch (IllegalArgumentException e) {
|
||||||
exception = e;
|
exception = e;
|
||||||
}
|
}
|
||||||
assumeNotNull(exception);
|
assumeTrue(exception != null);
|
||||||
File keyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem");
|
File keyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem");
|
||||||
File crtFile = ResourcesUtil.getFile(getClass(), "test.crt");
|
File crtFile = ResourcesUtil.getFile(getClass(), "test.crt");
|
||||||
|
|
||||||
|
@ -103,7 +103,6 @@ import static org.junit.jupiter.api.Assertions.assertNull;
|
|||||||
import static org.junit.jupiter.api.Assertions.assertSame;
|
import static org.junit.jupiter.api.Assertions.assertSame;
|
||||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
import static org.junit.jupiter.api.Assertions.fail;
|
|
||||||
import static org.junit.jupiter.api.Assumptions.assumeFalse;
|
import static org.junit.jupiter.api.Assumptions.assumeFalse;
|
||||||
import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user