diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesServerTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesServerTest.java index 0e0f48b714b..9c10f7bc1ac 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesServerTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesServerTest.java @@ -18,8 +18,6 @@ package org.eclipse.jetty.client.ssl; -import static org.hamcrest.Matchers.nullValue; - import java.io.BufferedReader; import java.io.EOFException; import java.io.File; @@ -368,7 +366,7 @@ public class SslBytesServerTest extends SslBytesTest System.arraycopy(doneBytes, 0, chunk, recordBytes.length, doneBytes.length); System.arraycopy(closeRecordBytes, 0, chunk, recordBytes.length + doneBytes.length, closeRecordBytes.length); proxy.flushToServer(0, chunk); - + // Close the raw socket proxy.flushToServer(null); @@ -380,7 +378,7 @@ public class SslBytesServerTest extends SslBytesTest Assert.assertEquals(Type.ALERT,record.getType()); record = proxy.readFromServer(); } - + Assert.assertNull(record); // Check that we did not spin @@ -488,7 +486,7 @@ public class SslBytesServerTest extends SslBytesTest if (record!=null) { Assert.assertEquals(record.getType(),Type.ALERT); - + // Now should be a raw close record = proxy.readFromServer(); Assert.assertNull(String.valueOf(record), record); @@ -784,7 +782,7 @@ public class SslBytesServerTest extends SslBytesTest if (record!=null) { Assert.assertEquals(record.getType(),Type.ALERT); - + // Now should be a raw close record = proxy.readFromServer(); Assert.assertNull(String.valueOf(record), record); @@ -846,7 +844,7 @@ public class SslBytesServerTest extends SslBytesTest if (record!=null) { Assert.assertEquals(record.getType(),Type.ALERT); - + // Now should be a raw close record = proxy.readFromServer(); Assert.assertNull(String.valueOf(record), record); @@ -921,7 +919,7 @@ public class SslBytesServerTest extends SslBytesTest if (record!=null) { Assert.assertEquals(record.getType(),Type.ALERT); - + // Now should be a raw close record = proxy.readFromServer(); Assert.assertNull(String.valueOf(record), record); @@ -983,7 +981,7 @@ public class SslBytesServerTest extends SslBytesTest if (record!=null) { Assert.assertEquals(record.getType(),Type.ALERT); - + // Now should be a raw close record = proxy.readFromServer(); Assert.assertNull(String.valueOf(record), record); @@ -1040,7 +1038,7 @@ public class SslBytesServerTest extends SslBytesTest if (record!=null) { Assert.assertEquals(record.getType(),Type.ALERT); - + // Now should be a raw close record = proxy.readFromServer(); Assert.assertNull(String.valueOf(record), record); @@ -1060,7 +1058,7 @@ public class SslBytesServerTest extends SslBytesTest { // Don't run on Windows (buggy JVM) Assume.assumeTrue(!OS.IS_WINDOWS); - + final SSLSocket client = newClient(); SimpleProxy.AutomaticFlow automaticProxyFlow = proxy.startAutomaticFlow(); @@ -1121,7 +1119,7 @@ public class SslBytesServerTest extends SslBytesTest { // Don't run on Windows (buggy JVM) Assume.assumeTrue(!OS.IS_WINDOWS); - + final SSLSocket client = newClient(); SimpleProxy.AutomaticFlow automaticProxyFlow = proxy.startAutomaticFlow(); @@ -1247,7 +1245,7 @@ public class SslBytesServerTest extends SslBytesTest if (record!=null) { Assert.assertEquals(record.getType(),Type.ALERT); - + // Now should be a raw close record = proxy.readFromServer(); Assert.assertNull(String.valueOf(record), record); @@ -1862,8 +1860,11 @@ public class SslBytesServerTest extends SslBytesTest // Instead of passing the Client Hello, we simulate plain text was passed in proxy.flushToServer(0, "GET / HTTP/1.1\r\n".getBytes(StandardCharsets.UTF_8)); - // We expect that the server closes the connection immediately + // We expect that the server sends an alert message and closes. TLSRecord record = proxy.readFromServer(); + Assert.assertNotNull(record); + Assert.assertEquals(TLSRecord.Type.ALERT, record.getType()); + record = proxy.readFromServer(); Assert.assertNull(String.valueOf(record), record); // Check that we did not spin @@ -1982,6 +1983,6 @@ public class SslBytesServerTest extends SslBytesTest Assert.assertEquals(record.getType(),Type.ALERT); record = proxy.readFromServer(); } - Assert.assertThat(record,nullValue()); + Assert.assertThat(record, Matchers.nullValue()); } } diff --git a/jetty-http2/http2-alpn-tests/src/test/java/org/eclipse/jetty/http2/alpn/tests/ALPNNegotiationTest.java b/jetty-http2/http2-alpn-tests/src/test/java/org/eclipse/jetty/http2/alpn/tests/ALPNNegotiationTest.java index baac1bf3ebf..752471a2559 100644 --- a/jetty-http2/http2-alpn-tests/src/test/java/org/eclipse/jetty/http2/alpn/tests/ALPNNegotiationTest.java +++ b/jetty-http2/http2-alpn-tests/src/test/java/org/eclipse/jetty/http2/alpn/tests/ALPNNegotiationTest.java @@ -91,12 +91,17 @@ public class ALPNNegotiationTest extends AbstractALPNTest Assert.assertTrue(read > 0); // Cannot decrypt, as the SSLEngine has been already closed - // Now if we read more, we should either read the TLS Close Alert, or directly -1 + // Now if we read more, we should read a TLS Alert. encrypted.clear(); read = channel.read(encrypted); - // Sending a TLS Close Alert during handshake results in an exception when - // unwrapping that the server react to by closing the connection abruptly. - Assert.assertTrue(read < 0); + if (read > 0) + { + encrypted.flip(); + // TLS Alert message type == 21. + Assert.assertEquals(21, encrypted.get() & 0xFF); + encrypted.clear(); + Assert.assertEquals(-1, channel.read(encrypted)); + } } } diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslConnectionFactoryTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslConnectionFactoryTest.java index 9f0e43358fd..d88076645d0 100644 --- a/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslConnectionFactoryTest.java +++ b/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslConnectionFactoryTest.java @@ -21,6 +21,7 @@ package org.eclipse.jetty.server.ssl; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; +import java.io.InputStream; import java.io.OutputStream; import java.net.Socket; import java.nio.charset.StandardCharsets; @@ -59,11 +60,11 @@ import org.junit.Before; import org.junit.Test; public class SslConnectionFactoryTest -{ +{ Server _server; ServerConnector _connector; int _port; - + @Before public void before() throws Exception { @@ -83,7 +84,7 @@ public class SslConnectionFactoryTest HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); - + SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath()); sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); @@ -96,7 +97,7 @@ public class SslConnectionFactoryTest https.setIdleTimeout(30000); _server.addConnector(https); - + _server.setHandler(new AbstractHandler() { @Override @@ -107,30 +108,30 @@ public class SslConnectionFactoryTest response.flushBuffer(); } }); - + _server.start(); - _port=https.getLocalPort(); + _port=https.getLocalPort(); } - + @After public void after() throws Exception { _server.stop(); _server=null; } - + @Test public void testConnect() throws Exception { - String response= getResponse("127.0.0.1",null); + String response= getResponse("127.0.0.1",null); Assert.assertThat(response,Matchers.containsString("host=127.0.0.1")); } - + @Test public void testSNIConnect() throws Exception { String response; - + response= getResponse("localhost","localhost","jetty.eclipse.org"); Assert.assertThat(response,Matchers.containsString("host=localhost")); } @@ -151,22 +152,32 @@ public class SslConnectionFactoryTest { out.write("Rubbish".getBytes()); out.flush(); - - Assert.assertThat(socket.getInputStream().read(),Matchers.equalTo(-1)); + + socket.setSoTimeout(1000); + InputStream input = socket.getInputStream(); + int read = input.read(); + // TLS Alert message type == 21. + Assert.assertThat(read, Matchers.equalTo(21)); + int reads = 0; + while (read >= 0) + { + read = input.read(); + ++reads; + } + Assert.assertThat(reads, Matchers.lessThan(32)); } - } - + private String getResponse(String sniHost,String reqHost, String cn) throws Exception { SslContextFactory clientContextFactory = new SslContextFactory(true); clientContextFactory.start(); SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory(); - + SSLSocket sslSocket = (SSLSocket)factory.createSocket("127.0.0.1", _port); if (cn!=null) - { + { SNIHostName serverName = new SNIHostName(sniHost); List serverNames = new ArrayList<>(); serverNames.add(serverName); @@ -177,35 +188,35 @@ public class SslConnectionFactoryTest } sslSocket.startHandshake(); - + if (cn!=null) - { + { X509Certificate cert = ((X509Certificate)sslSocket.getSession().getPeerCertificates()[0]); - + Assert.assertThat(cert.getSubjectX500Principal().getName("CANONICAL"), Matchers.startsWith("cn="+cn)); } sslSocket.getOutputStream().write(("GET /ctx/path HTTP/1.0\r\nHost: "+reqHost+":"+_port+"\r\n\r\n").getBytes(StandardCharsets.ISO_8859_1)); String response = IO.toString(sslSocket.getInputStream()); - + sslSocket.close(); clientContextFactory.stop(); return response; } - + @Test public void testSocketCustomization() throws Exception { final Queue history = new ConcurrentArrayQueue<>(); - + _connector.addBean(new SocketCustomizationListener() { @Override protected void customize(Socket socket, Class connection, boolean ssl) { history.add("customize connector "+connection+","+ssl); - } + } }); _connector.getBean(SslConnectionFactory.class).addBean(new SocketCustomizationListener() @@ -214,26 +225,26 @@ public class SslConnectionFactoryTest protected void customize(Socket socket, Class connection, boolean ssl) { history.add("customize ssl "+connection+","+ssl); - } + } }); - + _connector.getBean(HttpConnectionFactory.class).addBean(new SocketCustomizationListener() { @Override protected void customize(Socket socket, Class connection, boolean ssl) { history.add("customize http "+connection+","+ssl); - } + } }); - String response= getResponse("127.0.0.1",null); + String response= getResponse("127.0.0.1",null); Assert.assertThat(response,Matchers.containsString("host=127.0.0.1")); - + Assert.assertEquals("customize connector class org.eclipse.jetty.io.ssl.SslConnection,false",history.poll()); Assert.assertEquals("customize ssl class org.eclipse.jetty.io.ssl.SslConnection,false",history.poll()); Assert.assertEquals("customize connector class org.eclipse.jetty.server.HttpConnection,true",history.poll()); Assert.assertEquals("customize http class org.eclipse.jetty.server.HttpConnection,true",history.poll()); Assert.assertEquals(0,history.size()); } - + }