Add test for ALPN negotiation during handshake

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
dogtagpki · Sep 23, 2020 · b159a1d · b159a1d
1 parent f4e5e6c
commit b159a1d
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java b/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java
@@ -349,10 +349,13 @@ private void createBufferFD() throws SSLException {
 
         if (alpn_protocols != null) {
             byte[] wire_data = getALPNWireData();
+            if (wire_data == null) {
+                throw new RuntimeException("JSSEngine.init(): ALPN wire data is NULL but alpn_protocols is non-NULL.");
+            }
 
             ret = SSL.SetNextProtoNeg(ssl_fd, wire_data);
-            if (ret == SSL.SECFailure) {
-                throw new RuntimeException("JSSEngine.init(): Unable to set ALPN protocol list.");
+            if (ret != SSL.SECSuccess) {
+                throw new RuntimeException("JSSEngine.init(): Unable to set ALPN protocol list: " + errorText(PR.GetError()) + " " + ret);
             }
         }
     }

diff --git a/org/mozilla/jss/tests/TestSSLEngine.java b/org/mozilla/jss/tests/TestSSLEngine.java
@@ -978,6 +978,38 @@ public static void testPostHandshakeAuth(SSLContext ctx, String client_alias, St
         }
     }
 
+    public static void testALPNHandshake(SSLContext ctx, String server_alias) throws Exception {
+        JSSEngine client_eng = (JSSEngine) ctx.createSSLEngine();
+        JSSParameters client_params = createParameters();
+        client_params.setApplicationProtocols(new String[] { "http/1.1", "h2", "spdy/2" });
+        client_eng.setSSLParameters(client_params);
+        client_eng.setUseClientMode(true);
+
+        if (client_eng instanceof JSSEngineReferenceImpl) {
+            ((JSSEngineReferenceImpl) client_eng).setName("JSS Client for ALPN");
+        }
+
+        JSSEngine server_eng = (JSSEngine) ctx.createSSLEngine();
+        JSSParameters server_params = createParameters(server_alias);
+        server_params.setApplicationProtocols(new String[] { "h2" });
+        server_eng.setSSLParameters(server_params);
+        server_eng.setUseClientMode(false);
+
+        if (server_eng instanceof JSSEngineReferenceImpl) {
+            ((JSSEngineReferenceImpl) server_eng).setName("JSS Server for ALPN");
+            ((JSSEngineReferenceImpl) server_eng).enableSafeDebugLogging(7377);
+        }
+
+        try {
+            testBasicHandshake(client_eng, server_eng, false);
+            assert(server_eng.getApplicationProtocol().equals("h2"));
+        } catch (Exception e) {
+            client_eng.cleanup();
+            server_eng.cleanup();
+            throw e;
+        }
+    }
+
     public static void testBasicClientServer(String[] args) throws Exception {
         SSLContext ctx = SSLContext.getInstance("TLS", "Mozilla-JSS");
         ctx.init(getKMs(), getTMs(), null);
@@ -1001,6 +1033,7 @@ public static void testNativeClientServer(String[] args) throws Exception {
         testAllHandshakes(ctx, client_alias, server_alias, true);
         testPostHandshakeAuth(ctx, client_alias, server_alias);
         testJSSEToJSSHandshakes(ctx, server_alias);
+        testALPNHandshake(ctx, server_alias);
     }
 
     public static void testALPNEncoding() throws Exception {