From 29ebcb1f15c3d4e2b5189c0fa33a5561ae31712c Mon Sep 17 00:00:00 2001 From: Julien Viet Date: Mon, 13 Nov 2023 10:34:04 +0100 Subject: [PATCH] Improve a few things in the HTTP tls tests - creation of base options should be achieved in create base options methods for each protocol - SSL options update tests are actually not configured for HTTP/2 --- .../io/vertx/core/http/Http1xTLSTest.java | 20 ++-- .../java/io/vertx/core/http/Http2TLSTest.java | 14 ++- .../java/io/vertx/core/http/HttpTLSTest.java | 95 ++++++++++--------- 3 files changed, 72 insertions(+), 57 deletions(-) diff --git a/src/test/java/io/vertx/core/http/Http1xTLSTest.java b/src/test/java/io/vertx/core/http/Http1xTLSTest.java index fd2656d5ac5..54cb9c9588f 100644 --- a/src/test/java/io/vertx/core/http/Http1xTLSTest.java +++ b/src/test/java/io/vertx/core/http/Http1xTLSTest.java @@ -13,9 +13,7 @@ import io.netty.buffer.ByteBufUtil; import io.vertx.core.AbstractVerticle; -import io.vertx.core.CompositeFuture; import io.vertx.core.DeploymentOptions; -import io.vertx.core.Future; import io.vertx.core.Promise; import io.vertx.core.VertxOptions; import io.vertx.test.tls.Cert; @@ -29,7 +27,6 @@ import java.util.HashSet; import java.util.List; import java.util.concurrent.CountDownLatch; -import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicInteger; import java.util.stream.Collectors; @@ -39,17 +36,20 @@ public class Http1xTLSTest extends HttpTLSTest { @Override - HttpServer createHttpServer(HttpServerOptions options) { - return vertx.createHttpServer(options); - } + protected HttpServerOptions createBaseServerOptions() { + return new HttpServerOptions() + .setPort(HttpTestBase.DEFAULT_HTTPS_PORT) + .setSsl(true); + }; @Override - HttpClient createHttpClient(HttpClientOptions options) { - return vertx.createHttpClient(options); + protected HttpClientOptions createBaseClientOptions() { + return new HttpClientOptions() + .setSsl(true) + .setProtocolVersion(HttpVersion.HTTP_1_1); } - - // ALPN tests +// ALPN tests @Test // Client and server uses ALPN diff --git a/src/test/java/io/vertx/core/http/Http2TLSTest.java b/src/test/java/io/vertx/core/http/Http2TLSTest.java index 00908c2f075..8f5a65f73c7 100644 --- a/src/test/java/io/vertx/core/http/Http2TLSTest.java +++ b/src/test/java/io/vertx/core/http/Http2TLSTest.java @@ -20,13 +20,19 @@ public class Http2TLSTest extends HttpTLSTest { @Override - HttpServer createHttpServer(HttpServerOptions options) { - return vertx.createHttpServer(options.setUseAlpn(true)); + protected HttpServerOptions createBaseServerOptions() { + return new HttpServerOptions() + .setPort(HttpTestBase.DEFAULT_HTTPS_PORT) + .setUseAlpn(true) + .setSsl(true); } @Override - HttpClient createHttpClient(HttpClientOptions options) { - return vertx.createHttpClient(options.setUseAlpn(true)); + protected HttpClientOptions createBaseClientOptions() { + return new HttpClientOptions() + .setUseAlpn(true) + .setSsl(true) + .setProtocolVersion(HttpVersion.HTTP_2); } @Override diff --git a/src/test/java/io/vertx/core/http/HttpTLSTest.java b/src/test/java/io/vertx/core/http/HttpTLSTest.java index 63189633c9b..0b1b2946426 100755 --- a/src/test/java/io/vertx/core/http/HttpTLSTest.java +++ b/src/test/java/io/vertx/core/http/HttpTLSTest.java @@ -978,7 +978,7 @@ class TLSTest { TrustOptions serverTrust; boolean serverUsesCrl; boolean serverOpenSSL; - boolean serverUsesAlpn; + Boolean serverUsesAlpn; boolean serverSSL = true; boolean serverUsesProxyProtocol = false; ProxyType proxyType; @@ -1175,8 +1175,7 @@ TLSTest run(boolean shouldPass) { // The test with proxy that fails will not connect waitFor(2); } - server.close(); - HttpClientOptions options = new HttpClientOptions(); + HttpClientOptions options = createBaseClientOptions(); options.setProtocolVersion(version); options.setSsl(clientSSL); options.setForceSni(clientForceSNI); @@ -1218,8 +1217,8 @@ TLSTest run(boolean shouldPass) { } options.setProxyOptions(proxyOptions); } - client = createHttpClient(options); - HttpServerOptions serverOptions = new HttpServerOptions(); + client = vertx.createHttpClient(options); + HttpServerOptions serverOptions = createBaseServerOptions(); serverOptions.setTrustOptions(serverTrust); serverOptions.setKeyCertOptions(serverCert); if (requiresClientAuth) { @@ -1231,7 +1230,9 @@ TLSTest run(boolean shouldPass) { if (serverOpenSSL) { serverOptions.setOpenSslEngineOptions(new OpenSSLEngineOptions()); } - serverOptions.setUseAlpn(serverUsesAlpn); + if (serverUsesAlpn == Boolean.TRUE) { + serverOptions.setUseAlpn(serverUsesAlpn); + } serverOptions.setSsl(serverSSL); serverOptions.setSni(serverSNI); serverOptions.setUseProxyProtocol(serverUsesProxyProtocol); @@ -1244,7 +1245,8 @@ TLSTest run(boolean shouldPass) { for (String protocol : serverEnabledSecureTransportProtocol) { serverOptions.addEnabledSecureTransportProtocol(protocol); } - server = createHttpServer(serverOptions.setPort(4043)); + server.close(); + server = vertx.createHttpServer(serverOptions.setPort(4043)); server.connectionHandler(conn -> complete()); AtomicInteger count = new AtomicInteger(); server.exceptionHandler(err -> { @@ -1318,10 +1320,6 @@ TLSTest run(boolean shouldPass) { } } - abstract HttpServer createHttpServer(HttpServerOptions options); - - abstract HttpClient createHttpClient(HttpClientOptions options); - protected TLSTest testTLS(Cert clientCert, Trust clientTrust, Cert serverCert, Trust serverTrust) throws Exception { return new TLSTest(clientCert, clientTrust, serverCert, serverTrust); @@ -1502,7 +1500,7 @@ private void testStore(HttpServerOptions serverOptions, List expectedPos @Test public void testCrlInvalidPath() { - HttpClientOptions clientOptions = new HttpClientOptions(); + HttpClientOptions clientOptions = createBaseClientOptions(); clientOptions.setTrustOptions(Trust.SERVER_PEM_ROOT_CA.get()); clientOptions.setSsl(true); clientOptions.addCrlPath("/invalid.pem"); @@ -1648,7 +1646,7 @@ public void testUpdateSSLOptionsWithScaledServer() throws Exception { } private void testUpdateSSLOptions(boolean scaled) throws Exception { - server = createHttpServer(createBaseServerOptions().setSsl(true).setKeyCertOptions(Cert.SERVER_JKS.get())) + server = vertx.createHttpServer(createBaseServerOptions().setSsl(true).setKeyCertOptions(Cert.SERVER_JKS.get())) .requestHandler(req -> { req.response().end("Hello World"); }); @@ -1659,7 +1657,7 @@ private void testUpdateSSLOptions(boolean scaled) throws Exception { private HttpServer server; @Override public void start(Promise startPromise) { - server = createHttpServer(createBaseServerOptions().setSsl(true).setKeyCertOptions(Cert.SERVER_JKS.get())) + server = vertx.createHttpServer(createBaseServerOptions().setKeyCertOptions(Cert.SERVER_JKS.get())) .requestHandler(req -> { req.response().end("Hello World"); }); @@ -1671,14 +1669,15 @@ public void start(Promise startPromise) { }).onComplete(onSuccess(v -> latch.countDown())); awaitLatch(latch); } - Supplier> request = () -> client.request(requestOptions).compose(req -> req.send().compose(HttpClientResponse::body)); - client = createHttpClient(new HttpClientOptions().setKeepAlive(false).setSsl(true).setTrustOptions(Trust.SERVER_JKS.get())); - request.get().onComplete(onSuccess(body1 -> { + Function> request = client -> client.request(requestOptions).compose(req -> req.send().compose(HttpClientResponse::body)); + HttpClient client1 = vertx.createHttpClient(createBaseClientOptions().setVerifyHost(false).setTrustOptions(Trust.SERVER_JKS.get())); + HttpClient client2 = vertx.createHttpClient(createBaseClientOptions().setVerifyHost(false).setTrustOptions(Trust.SERVER_JKS.get())); + request.apply(client1).onComplete(onSuccess(body1 -> { assertEquals("Hello World", body1.toString()); - server.updateSSLOptions(new SSLOptions().setKeyCertOptions(Cert.SERVER_JKS_ROOT_CA.get()), onSuccess(v -> { - request.get().onComplete(onFailure(err -> { - client.updateSSLOptions(new SSLOptions().setTrustOptions(Trust.SERVER_JKS_ROOT_CA.get()), onSuccess(v2 -> { - request.get().onComplete(onSuccess(body2 -> { + server.updateSSLOptions(createBaseServerOptions().setKeyCertOptions(Cert.SERVER_JKS_ROOT_CA.get()).getSslOptions()).onComplete(onSuccess(v -> { + request.apply(client2).onComplete(onFailure(err -> { + client2.updateSSLOptions(createBaseClientOptions().setTrustOptions(Trust.SERVER_JKS_ROOT_CA.get()).getSslOptions()).onComplete(onSuccess(v2 -> { + request.apply(client2).onComplete(onSuccess(body2 -> { assertEquals("Hello World", body2.toString()); testComplete(); })); @@ -1691,13 +1690,15 @@ public void start(Promise startPromise) { @Test public void testUpdateWithInvalidSSLOptions() throws Exception { - server = createHttpServer(createBaseServerOptions().setSsl(true).setKeyCertOptions(Cert.SERVER_JKS.get())) + server = vertx.createHttpServer(createBaseServerOptions().setKeyCertOptions(Cert.SERVER_JKS.get())) .requestHandler(req -> { req.response().end("Hello World"); }); startServer(testAddress); - client = createHttpClient(new HttpClientOptions().setKeepAlive(false).setSsl(true).setTrustOptions(Trust.SERVER_JKS.get())); - Future last = server.updateSSLOptions(new SSLOptions().setKeyCertOptions(new JksOptions().setValue(TestUtils.randomBuffer(20)).setPassword("invalid"))); + client = vertx.createHttpClient(createBaseClientOptions().setVerifyHost(false).setTrustOptions(Trust.SERVER_JKS.get())); + Future last = server.updateSSLOptions(createBaseServerOptions() + .setKeyCertOptions(new JksOptions().setValue(TestUtils.randomBuffer(20)).setPassword("invalid")) + .getSslOptions()); last.onComplete(onFailure(err -> { client .request(requestOptions) @@ -1712,12 +1713,12 @@ public void testUpdateWithInvalidSSLOptions() throws Exception { @Test public void testConcurrentUpdateSSLOptions() throws Exception { - server = createHttpServer(createBaseServerOptions().setSsl(true).setKeyCertOptions(Cert.SERVER_JKS.get())) + server = vertx.createHttpServer(createBaseServerOptions().setKeyCertOptions(Cert.SERVER_JKS.get())) .requestHandler(req -> { req.response().end("Hello World"); }); startServer(testAddress); - client = createHttpClient(new HttpClientOptions().setKeepAlive(false).setSsl(true).setTrustOptions(Trust.SERVER_JKS_ROOT_CA.get())); + client = vertx.createHttpClient(createBaseClientOptions().setKeepAlive(false).setVerifyHost(false).setTrustOptions(Trust.SERVER_JKS_ROOT_CA.get())); List list = Arrays.asList( Cert.SERVER_PKCS12.get(), Cert.SERVER_PEM.get(), @@ -1727,7 +1728,7 @@ public void testConcurrentUpdateSSLOptions() throws Exception { Future last = null; for (int i = 0;i < list.size();i++) { int val = i; - last = server.updateSSLOptions(new SSLOptions().setKeyCertOptions(list.get(i))); + last = server.updateSSLOptions(createBaseServerOptions().setKeyCertOptions(list.get(i)).getSslOptions()); last.onComplete(onSuccess(v -> { assertEquals(val, seq.getAndIncrement()); })); @@ -1746,28 +1747,33 @@ public void testConcurrentUpdateSSLOptions() throws Exception { @Test public void testServerSharingUpdateSSLOptions() throws Exception { - int numServers = 4; - HttpServer[] servers = new HttpServer[numServers]; - for (int i = 0;i < numServers;i++) { + int num = 4; + HttpServer[] servers = new HttpServer[num]; + for (int i = 0;i < num;i++) { String msg = "Hello World " + i; - servers[i] = createHttpServer(createBaseServerOptions().setSsl(true).setKeyCertOptions(Cert.SERVER_JKS.get())) + servers[i] = vertx.createHttpServer(createBaseServerOptions().setKeyCertOptions(Cert.SERVER_JKS.get())) .requestHandler(req -> { req.response().end(msg); }); servers[i].listen(testAddress).toCompletionStage().toCompletableFuture().get(); } - client = createHttpClient(new HttpClientOptions().setKeepAlive(false).setSsl(true).setTrustOptions(Trust.SERVER_JKS.get())); - for (int i = 0;i < numServers;i++) { - Buffer body = client.request(requestOptions).compose(req -> req.send().compose(HttpClientResponse::body)).toCompletionStage().toCompletableFuture().get(); + HttpClient[] clients = new HttpClient[num]; + for (int i = 0;i < num;i++) { + clients[i] = vertx.createHttpClient(createBaseClientOptions().setVerifyHost(false).setTrustOptions(Trust.SERVER_JKS.get())); + } + for (int i = 0;i < num;i++) { + Buffer body = clients[i].request(requestOptions).compose(req -> req.send().compose(HttpClientResponse::body)).toCompletionStage().toCompletableFuture().get(); assertEquals("Hello World " + i, body.toString()); } - client.close(); - for (int i = 0;i < numServers;i++) { - servers[i].updateSSLOptions(new SSLOptions().setKeyCertOptions(Cert.SERVER_PKCS12.get())).toCompletionStage().toCompletableFuture().get(); + for (int i = 0;i < num;i++) { + servers[i].updateSSLOptions(createBaseServerOptions().setKeyCertOptions(Cert.SERVER_PKCS12.get()).getSslOptions()).toCompletionStage().toCompletableFuture().get(); + } + for (int i = 0;i < num;i++) { + clients[i].close(); + clients[i] = vertx.createHttpClient(createBaseClientOptions().setVerifyHost(false).setTrustOptions(Trust.SERVER_JKS.get())); } - client = createHttpClient(new HttpClientOptions().setKeepAlive(false).setSsl(true).setTrustOptions(Trust.SERVER_PKCS12.get())); - for (int i = 0;i < numServers;i++) { - Buffer body = client.request(requestOptions).compose(req -> req.send().compose(HttpClientResponse::body)).toCompletionStage().toCompletableFuture().get(); + for (int i = 0;i < num;i++) { + Buffer body = clients[i].request(requestOptions).compose(req -> req.send().compose(HttpClientResponse::body)).toCompletionStage().toCompletableFuture().get(); assertEquals("Hello World " + i, body.toString()); } } @@ -1977,9 +1983,8 @@ public PrivateKey getPrivateKey(String alias) { } }; - server = createHttpServer(createBaseServerOptions() + server = vertx.createHttpServer(createBaseServerOptions() .setJdkSslEngineOptions(new JdkSSLEngineOptions().setUseWorkerThread(useWorkerThreads)) - .setSsl(true) .setSni(useSni) .setKeyCertOptions(testOptions) ) @@ -1998,7 +2003,11 @@ public PrivateKey getPrivateKey(String alias) { ); }; CountDownLatch latch = new CountDownLatch(1); - client = createHttpClient(new HttpClientOptions().setKeepAlive(false).setSsl(true).setTrustAll(true)); + client = vertx.createHttpClient(createBaseClientOptions() + .setKeepAlive(false) + .setVerifyHost(false) + .setTrustAll(true) + ); request.get().onComplete(onSuccess(body1 -> { assertEquals("Hello World", body1.toString()); latch.countDown();