Skip to content

Commit

Permalink
Cleanup of SslContextFactoryTest
Browse files Browse the repository at this point in the history
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
joakime committed Oct 29, 2020

Verified

This commit was signed with the committer’s verified signature.
joakime Joakim Erdfelt
1 parent 1c3c3ca commit dadd299
Showing 1 changed file with 40 additions and 39 deletions.
Original file line number Diff line number Diff line change
@@ -30,6 +30,7 @@
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
@@ -46,7 +47,6 @@
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.log.StacklessLogging;
import org.eclipse.jetty.util.resource.Resource;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

import static org.hamcrest.MatcherAssert.assertThat;
@@ -69,25 +69,10 @@

public class SslContextFactoryTest
{
private SslContextFactory cf;

@BeforeEach
public void setUp() throws Exception
{
cf = new SslContextFactory.Server();

java.security.cert.CertPathBuilder certPathBuilder = java.security.cert.CertPathBuilder.getInstance("PKIX");
java.security.cert.PKIXRevocationChecker revocationChecker = (java.security.cert.PKIXRevocationChecker)certPathBuilder.getRevocationChecker();
revocationChecker.setOptions(java.util.EnumSet.of(
java.security.cert.PKIXRevocationChecker.Option.valueOf("PREFER_CRLS"),
java.security.cert.PKIXRevocationChecker.Option.valueOf("SOFT_FAIL"),
java.security.cert.PKIXRevocationChecker.Option.valueOf("NO_FALLBACK")));
cf.setPkixCertPathChecker(revocationChecker);
}

@Test
public void testSLOTH() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");

@@ -96,9 +81,13 @@ public void testSLOTH() throws Exception
// cf.dump(System.out, "");
List<SslSelectionDump> dumps = cf.selectionDump();

SslSelectionDump cipherDump = dumps.stream()
Optional<SslSelectionDump> cipherSuiteDumpOpt = dumps.stream()
.filter((dump) -> dump.type.contains("Cipher Suite"))
.findFirst().get();
.findFirst();

assertTrue(cipherSuiteDumpOpt.isPresent(), "Cipher Suite dump section should exist");

SslSelectionDump cipherDump = cipherSuiteDumpOpt.get();

for (String enabledCipher : cipherDump.enabled)
{
@@ -109,6 +98,7 @@ public void testSLOTH() throws Exception
@Test
public void testDumpIncludeTlsRsa() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
cf.setIncludeCipherSuites("TLS_RSA_.*");
@@ -126,9 +116,15 @@ public void testDumpIncludeTlsRsa() throws Exception
.collect(Collectors.toList());

List<String> selectedSuites = Arrays.asList(cf.getSelectedCipherSuites());
SslSelectionDump cipherDump = dumps.stream()

Optional<SslSelectionDump> cipherSuiteDumpOpt = dumps.stream()
.filter((dump) -> dump.type.contains("Cipher Suite"))
.findFirst().get();
.findFirst();

assertTrue(cipherSuiteDumpOpt.isPresent(), "Cipher Suite dump section should exist");

SslSelectionDump cipherDump = cipherSuiteDumpOpt.get();

assertThat("Dump Enabled List size is equal to selected list size", cipherDump.enabled.size(), is(selectedSuites.size()));

for (String expectedCipherSuite : tlsRsaSuites)
@@ -141,17 +137,19 @@ public void testDumpIncludeTlsRsa() throws Exception
@Test
public void testNoTsFileKs() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");

cf.start();

assertTrue(cf.getSslContext() != null);
assertNotNull(cf.getSslContext());
}

@Test
public void testNoTsSetKs() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
KeyStore ks = KeyStore.getInstance("JKS");
try (InputStream keystoreInputStream = this.getClass().getResourceAsStream("keystore"))
{
@@ -162,26 +160,21 @@ public void testNoTsSetKs() throws Exception

cf.start();

assertTrue(cf.getSslContext() != null);
assertNotNull(cf.getSslContext());
}

@Test
public void testNoTsNoKs() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.start();
assertTrue(cf.getSslContext() != null);
}

@Test
public void testTrustAll() throws Exception
{
cf.start();
assertTrue(cf.getSslContext() != null);
assertNotNull(cf.getSslContext());
}

@Test
public void testNoTsResourceKs() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
Resource keystoreResource = Resource.newSystemResource("keystore");

cf.setKeyStoreResource(keystoreResource);
@@ -192,12 +185,13 @@ public void testNoTsResourceKs() throws Exception

cf.start();

assertTrue(cf.getSslContext() != null);
assertNotNull(cf.getSslContext());
}

@Test
public void testResourceTsResourceKs() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
Resource keystoreResource = Resource.newSystemResource("keystore");
Resource truststoreResource = Resource.newSystemResource("keystore");

@@ -209,12 +203,13 @@ public void testResourceTsResourceKs() throws Exception

cf.start();

assertTrue(cf.getSslContext() != null);
assertNotNull(cf.getSslContext());
}

@Test
public void testResourceTsResourceKsWrongPW() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
Resource keystoreResource = Resource.newSystemResource("keystore");
Resource truststoreResource = Resource.newSystemResource("keystore");

@@ -227,14 +222,15 @@ public void testResourceTsResourceKsWrongPW() throws Exception
try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
{
java.security.UnrecoverableKeyException x = assertThrows(
java.security.UnrecoverableKeyException.class, () -> cf.start());
java.security.UnrecoverableKeyException.class, cf::start);
assertThat(x.getMessage(), containsString("Cannot recover key"));
}
}

@Test
public void testResourceTsWrongPWResourceKs() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
Resource keystoreResource = Resource.newSystemResource("keystore");
Resource truststoreResource = Resource.newSystemResource("keystore");

@@ -246,14 +242,15 @@ public void testResourceTsWrongPWResourceKs() throws Exception

try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
{
IOException x = assertThrows(IOException.class, () -> cf.start());
IOException x = assertThrows(IOException.class, cf::start);
assertThat(x.getMessage(), containsString("Keystore was tampered with, or password was incorrect"));
}
}

@Test
public void testNoKeyConfig() throws Exception
public void testNoKeyConfig()
{
SslContextFactory.Server cf = new SslContextFactory.Server();
try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
{
IllegalStateException x = assertThrows(IllegalStateException.class, () ->
@@ -268,6 +265,7 @@ public void testNoKeyConfig() throws Exception
@Test
public void testSetExcludeCipherSuitesRegex() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.setExcludeCipherSuites(".*RC4.*");
cf.start();
SSLEngine sslEngine = cf.newSSLEngine();
@@ -282,6 +280,7 @@ public void testSetExcludeCipherSuitesRegex() throws Exception
@Test
public void testSetIncludeCipherSuitesRegex() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.setIncludeCipherSuites(".*ECDHE.*", ".*WIBBLE.*");

cf.start();
@@ -297,6 +296,7 @@ public void testSetIncludeCipherSuitesRegex() throws Exception
@Test
public void testProtocolAndCipherSettingsAreNPESafe()
{
SslContextFactory.Server cf = new SslContextFactory.Server();
assertNotNull(cf.getExcludeProtocols());
assertNotNull(cf.getIncludeProtocols());
assertNotNull(cf.getExcludeCipherSuites());
@@ -306,6 +306,7 @@ public void testProtocolAndCipherSettingsAreNPESafe()
@Test
public void testSNICertificates() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
Resource keystoreResource = Resource.newSystemResource("snikeystore");

cf.setKeyStoreResource(keystoreResource);
@@ -347,7 +348,7 @@ public void testSNICertificates() throws Exception
@Test
public void testNonDefaultKeyStoreTypeUsedForTrustStore() throws Exception
{
cf = new SslContextFactory.Server();
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.setKeyStoreResource(Resource.newSystemResource("keystore.p12"));
cf.setKeyStoreType("pkcs12");
cf.setKeyStorePassword("storepwd");
@@ -365,7 +366,7 @@ public void testNonDefaultKeyStoreTypeUsedForTrustStore() throws Exception
@Test
public void testClientSslContextFactory() throws Exception
{
cf = new SslContextFactory.Client();
SslContextFactory.Client cf = new SslContextFactory.Client();
cf.start();

assertEquals("HTTPS", cf.getEndpointIdentificationAlgorithm());
@@ -374,7 +375,7 @@ public void testClientSslContextFactory() throws Exception
@Test
public void testServerSslContextFactory() throws Exception
{
cf = new SslContextFactory.Server();
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.start();

assertNull(cf.getEndpointIdentificationAlgorithm());

0 comments on commit dadd299

Please sign in to comment.