Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cleanup of SslContextFactoryTest 

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
This commit is contained in:
Joakim Erdfelt 2020-10-29 13:44:21 -05:00
parent 1c3c3ca092
commit dadd299e47
No known key found for this signature in database
GPG Key ID: 2D0E1FB8FE4B68B4
1 changed files with 40 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
View File

@ -30,6 +30,7 @@ import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
@ -46,7 +47,6 @@ import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.log.StacklessLogging;
import org.eclipse.jetty.util.resource.Resource;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
@ -69,25 +69,10 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
public class SslContextFactoryTest
{
private SslContextFactory cf;
@BeforeEach
public void setUp() throws Exception
{
cf = new SslContextFactory.Server();
java.security.cert.CertPathBuilder certPathBuilder = java.security.cert.CertPathBuilder.getInstance("PKIX");
java.security.cert.PKIXRevocationChecker revocationChecker = (java.security.cert.PKIXRevocationChecker)certPathBuilder.getRevocationChecker();
revocationChecker.setOptions(java.util.EnumSet.of(
java.security.cert.PKIXRevocationChecker.Option.valueOf("PREFER_CRLS"),
java.security.cert.PKIXRevocationChecker.Option.valueOf("SOFT_FAIL"),
java.security.cert.PKIXRevocationChecker.Option.valueOf("NO_FALLBACK")));
cf.setPkixCertPathChecker(revocationChecker);
}
@Test
public void testSLOTH() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
@ -96,9 +81,13 @@ public class SslContextFactoryTest
// cf.dump(System.out, "");
List<SslSelectionDump> dumps = cf.selectionDump();
SslSelectionDump cipherDump = dumps.stream()
Optional<SslSelectionDump> cipherSuiteDumpOpt = dumps.stream()
.filter((dump) -> dump.type.contains("Cipher Suite"))
.findFirst().get();
.findFirst();
assertTrue(cipherSuiteDumpOpt.isPresent(), "Cipher Suite dump section should exist");
SslSelectionDump cipherDump = cipherSuiteDumpOpt.get();
for (String enabledCipher : cipherDump.enabled)
{
@ -109,6 +98,7 @@ public class SslContextFactoryTest
@Test
public void testDumpIncludeTlsRsa() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
cf.setIncludeCipherSuites("TLS_RSA_.*");
@ -126,9 +116,15 @@ public class SslContextFactoryTest
.collect(Collectors.toList());
List<String> selectedSuites = Arrays.asList(cf.getSelectedCipherSuites());
SslSelectionDump cipherDump = dumps.stream()
Optional<SslSelectionDump> cipherSuiteDumpOpt = dumps.stream()
.filter((dump) -> dump.type.contains("Cipher Suite"))
.findFirst().get();
.findFirst();
assertTrue(cipherSuiteDumpOpt.isPresent(), "Cipher Suite dump section should exist");
SslSelectionDump cipherDump = cipherSuiteDumpOpt.get();
assertThat("Dump Enabled List size is equal to selected list size", cipherDump.enabled.size(), is(selectedSuites.size()));
for (String expectedCipherSuite : tlsRsaSuites)
@ -141,17 +137,19 @@ public class SslContextFactoryTest
@Test
public void testNoTsFileKs() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
cf.start();
assertTrue(cf.getSslContext() != null);
assertNotNull(cf.getSslContext());
}
@Test
public void testNoTsSetKs() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
KeyStore ks = KeyStore.getInstance("JKS");
try (InputStream keystoreInputStream = this.getClass().getResourceAsStream("keystore"))
{
@ -162,26 +160,21 @@ public class SslContextFactoryTest
cf.start();
assertTrue(cf.getSslContext() != null);
assertNotNull(cf.getSslContext());
}
@Test
public void testNoTsNoKs() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.start();
assertTrue(cf.getSslContext() != null);
}
@Test
public void testTrustAll() throws Exception
{
cf.start();
assertTrue(cf.getSslContext() != null);
assertNotNull(cf.getSslContext());
}
@Test
public void testNoTsResourceKs() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
Resource keystoreResource = Resource.newSystemResource("keystore");
cf.setKeyStoreResource(keystoreResource);
@ -192,12 +185,13 @@ public class SslContextFactoryTest
cf.start();
assertTrue(cf.getSslContext() != null);
assertNotNull(cf.getSslContext());
}
@Test
public void testResourceTsResourceKs() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
Resource keystoreResource = Resource.newSystemResource("keystore");
Resource truststoreResource = Resource.newSystemResource("keystore");
@ -209,12 +203,13 @@ public class SslContextFactoryTest
cf.start();
assertTrue(cf.getSslContext() != null);
assertNotNull(cf.getSslContext());
}
@Test
public void testResourceTsResourceKsWrongPW() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
Resource keystoreResource = Resource.newSystemResource("keystore");
Resource truststoreResource = Resource.newSystemResource("keystore");
@ -227,7 +222,7 @@ public class SslContextFactoryTest
try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
{
java.security.UnrecoverableKeyException x = assertThrows(
java.security.UnrecoverableKeyException.class, () -> cf.start());
java.security.UnrecoverableKeyException.class, cf::start);
assertThat(x.getMessage(), containsString("Cannot recover key"));
}
}
@ -235,6 +230,7 @@ public class SslContextFactoryTest
@Test
public void testResourceTsWrongPWResourceKs() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
Resource keystoreResource = Resource.newSystemResource("keystore");
Resource truststoreResource = Resource.newSystemResource("keystore");
@ -246,14 +242,15 @@ public class SslContextFactoryTest
try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
{
IOException x = assertThrows(IOException.class, () -> cf.start());
IOException x = assertThrows(IOException.class, cf::start);
assertThat(x.getMessage(), containsString("Keystore was tampered with, or password was incorrect"));
}
}
@Test
public void testNoKeyConfig() throws Exception
public void testNoKeyConfig()
{
SslContextFactory.Server cf = new SslContextFactory.Server();
try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
{
IllegalStateException x = assertThrows(IllegalStateException.class, () ->
@ -268,6 +265,7 @@ public class SslContextFactoryTest
@Test
public void testSetExcludeCipherSuitesRegex() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.setExcludeCipherSuites(".*RC4.*");
cf.start();
SSLEngine sslEngine = cf.newSSLEngine();
@ -282,6 +280,7 @@ public class SslContextFactoryTest
@Test
public void testSetIncludeCipherSuitesRegex() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.setIncludeCipherSuites(".*ECDHE.*", ".*WIBBLE.*");
cf.start();
@ -297,6 +296,7 @@ public class SslContextFactoryTest
@Test
public void testProtocolAndCipherSettingsAreNPESafe()
{
SslContextFactory.Server cf = new SslContextFactory.Server();
assertNotNull(cf.getExcludeProtocols());
assertNotNull(cf.getIncludeProtocols());
assertNotNull(cf.getExcludeCipherSuites());
@ -306,6 +306,7 @@ public class SslContextFactoryTest
@Test
public void testSNICertificates() throws Exception
{
SslContextFactory.Server cf = new SslContextFactory.Server();
Resource keystoreResource = Resource.newSystemResource("snikeystore");
cf.setKeyStoreResource(keystoreResource);
@ -347,7 +348,7 @@ public class SslContextFactoryTest
@Test
public void testNonDefaultKeyStoreTypeUsedForTrustStore() throws Exception
{
cf = new SslContextFactory.Server();
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.setKeyStoreResource(Resource.newSystemResource("keystore.p12"));
cf.setKeyStoreType("pkcs12");
cf.setKeyStorePassword("storepwd");
@ -365,7 +366,7 @@ public class SslContextFactoryTest
@Test
public void testClientSslContextFactory() throws Exception
{
cf = new SslContextFactory.Client();
SslContextFactory.Client cf = new SslContextFactory.Client();
cf.start();
assertEquals("HTTPS", cf.getEndpointIdentificationAlgorithm());
@ -374,7 +375,7 @@ public class SslContextFactoryTest
@Test
public void testServerSslContextFactory() throws Exception
{
cf = new SslContextFactory.Server();
SslContextFactory.Server cf = new SslContextFactory.Server();
cf.start();
assertNull(cf.getEndpointIdentificationAlgorithm());