Skip to content

Commit e88b5c9

Browse files
committed
remove redundant methods and postpone retry flow testing
1 parent 0b033db commit e88b5c9

File tree

1 file changed

+13
-160
lines changed

1 file changed

+13
-160
lines changed

openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java

Lines changed: 13 additions & 160 deletions
Original file line numberDiff line numberDiff line change
@@ -122,37 +122,8 @@ public class NativeCryptoTest {
122122
private static OpenSSLKey CHANNEL_ID_PRIVATE_KEY;
123123
private static byte[] CHANNEL_ID;
124124
private static Method m_Platform_getFileDescriptor;
125-
126125
private static RSAPrivateCrtKey TEST_RSA_KEY;
127126

128-
private static OpenSSLKey getServerPrivateKey() throws Exception {
129-
return SERVER_PRIVATE_KEY;
130-
}
131-
132-
private static long[] getServerCertificateRefs() throws Exception {
133-
return SERVER_CERTIFICATE_REFS;
134-
}
135-
136-
private static byte[][] getEncodedServerCertificates() throws Exception {
137-
return ENCODED_SERVER_CERTIFICATES;
138-
}
139-
140-
private static OpenSSLKey getClientPrivateKey() throws Exception {
141-
return CLIENT_PRIVATE_KEY;
142-
}
143-
144-
private static long[] getClientCertificateRefs() throws Exception {
145-
return CLIENT_CERTIFICATE_REFS;
146-
}
147-
148-
private static byte[][] getEncodedClientCertificates() throws Exception {
149-
return ENCODED_CLIENT_CERTIFICATES;
150-
}
151-
152-
private static byte[][] getCaPrincipals() throws Exception {
153-
return CA_PRINCIPALS;
154-
}
155-
156127
@BeforeClass
157128
@SuppressWarnings("JdkObsolete") // Public API KeyStore.aliases() uses Enumeration
158129
public static void initStatics() throws Exception {
@@ -529,7 +500,7 @@ public void afterHandshake(long session, long ssl, long context, Socket socket,
529500
super.afterHandshake(session, ssl, context, socket, fd, callback);
530501
}
531502
};
532-
Hooks sHooks = new ServerHooks(getServerPrivateKey(), getEncodedServerCertificates()) {
503+
Hooks sHooks = new ServerHooks(SERVER_PRIVATE_KEY, ENCODED_SERVER_CERTIFICATES) {
533504
@Override
534505
public long beforeHandshake(long c) throws SSLException {
535506
long ssl = super.beforeHandshake(c);
@@ -547,7 +518,7 @@ public long beforeHandshake(long c) throws SSLException {
547518
server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
548519
assertTrue(clientCallback.verifyCertificateChainCalled);
549520
assertEqualCertificateChains(
550-
getServerCertificateRefs(), clientCallback.certificateChainRefs);
521+
SERVER_CERTIFICATE_REFS, clientCallback.certificateChainRefs);
551522
assertFalse(serverCallback.verifyCertificateChainCalled);
552523
assertFalse(clientCallback.clientCertificateRequestedCalled);
553524
assertFalse(serverCallback.clientCertificateRequestedCalled);
@@ -597,7 +568,7 @@ public void afterHandshake(long session, long ssl, long context, Socket socket,
597568
super.afterHandshake(session, ssl, context, socket, fd, callback);
598569
}
599570
};
600-
Hooks sHooks = new ServerHooks(getServerPrivateKey(), getEncodedServerCertificates()) {
571+
Hooks sHooks = new ServerHooks(SERVER_PRIVATE_KEY, ENCODED_SERVER_CERTIFICATES) {
601572
@Override
602573
public long beforeHandshake(long c) throws SSLException {
603574
long ssl = super.beforeHandshake(c);
@@ -622,104 +593,7 @@ public void afterHandshake(long session, long ssl, long context, Socket socket,
622593
server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
623594
assertTrue(clientCallback.verifyCertificateChainCalled);
624595
assertEqualCertificateChains(
625-
getServerCertificateRefs(), clientCallback.certificateChainRefs);
626-
assertFalse(serverCallback.verifyCertificateChainCalled);
627-
assertFalse(clientCallback.clientCertificateRequestedCalled);
628-
assertFalse(serverCallback.clientCertificateRequestedCalled);
629-
assertFalse(clientCallback.clientPSKKeyRequestedInvoked);
630-
assertFalse(serverCallback.clientPSKKeyRequestedInvoked);
631-
assertFalse(clientCallback.serverPSKKeyRequestedInvoked);
632-
assertFalse(serverCallback.serverPSKKeyRequestedInvoked);
633-
assertTrue(clientCallback.handshakeCompletedCalled);
634-
assertTrue(serverCallback.handshakeCompletedCalled);
635-
assertFalse(clientCallback.serverCertificateRequestedInvoked);
636-
assertTrue(serverCallback.serverCertificateRequestedInvoked);
637-
}
638-
639-
@Test
640-
public void test_SSL_do_handshake_ech_retry_configs() throws Exception {
641-
final ServerSocket listener = newServerSocket();
642-
643-
final byte[] key = readTestFile("boringssl-ech-private-key.bin");
644-
final byte[] serverConfig = readTestFile("boringssl-server-ech-config.bin");
645-
final byte[] originalClientConfigList = readTestFile("boringssl-ech-config-list.bin");
646-
final byte[] clientConfigList = originalClientConfigList.clone();
647-
clientConfigList[20] = (byte) (clientConfigList[20] % 255 + 1); // corrupt it
648-
649-
Hooks cHooks = new ClientHooks() {
650-
@Override
651-
public long beforeHandshake(long c) throws SSLException {
652-
long ssl = super.beforeHandshake(c);
653-
assertEquals(1, NativeCrypto.SSL_set_protocol_versions(ssl, null, TLS1_VERSION, TLS1_3_VERSION));
654-
assertTrue(NativeCrypto.SSL_set1_ech_config_list(ssl, null, clientConfigList));
655-
return ssl;
656-
}
657-
658-
@Override
659-
public void afterHandshake(long session, long ssl, long context, Socket socket,
660-
FileDescriptor fd, SSLHandshakeCallbacks callback) {
661-
fail();
662-
}
663-
};
664-
Hooks sHooks = new ServerHooks(getServerPrivateKey(), getEncodedServerCertificates()) {
665-
@Override
666-
public long beforeHandshake(long c) throws SSLException {
667-
long ssl = super.beforeHandshake(c);
668-
assertEquals(1, NativeCrypto.SSL_set_protocol_versions(ssl, null, TLS1_VERSION, TLS1_3_VERSION));
669-
assertTrue(NativeCrypto.SSL_CTX_ech_enable_server(c, null, key, serverConfig));
670-
return ssl;
671-
}
672-
673-
@Override
674-
public void afterHandshake(long session, long ssl, long context, Socket socket,
675-
FileDescriptor fd, SSLHandshakeCallbacks callback) throws Exception {
676-
assertTrue(NativeCrypto.SSL_ech_accepted(ssl, null));
677-
super.afterHandshake(session, ssl, context, socket, fd, callback);
678-
}
679-
};
680-
Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null, null, true);
681-
Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null, null, true);
682-
TestSSLHandshakeCallbacks clientCallback = null;
683-
TestSSLHandshakeCallbacks serverCallback = null;
684-
try {
685-
clientCallback = client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
686-
serverCallback = server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
687-
} catch (ExecutionException e) {
688-
// caused by SSLProtocolException
689-
}
690-
assertNull(clientCallback);
691-
assertNull(serverCallback);
692-
assertArrayEquals(originalClientConfigList, cHooks.echRetryConfigs);
693-
assertEquals("example.com", cHooks.echNameOverride);
694-
assertNotNull(cHooks.echRetryConfigs);
695-
assertNull(sHooks.echNameOverride);
696-
assertNull(sHooks.echRetryConfigs);
697-
698-
final byte[] echRetryConfigsFromPrevious = cHooks.echRetryConfigs;
699-
cHooks = new ClientHooks() {
700-
@Override
701-
public long beforeHandshake(long c) throws SSLException {
702-
long ssl = super.beforeHandshake(c);
703-
assertEquals(1, NativeCrypto.SSL_set_protocol_versions(ssl, null, TLS1_VERSION, TLS1_3_VERSION));
704-
assertTrue(NativeCrypto.SSL_set1_ech_config_list(ssl, null, echRetryConfigsFromPrevious));
705-
return ssl;
706-
}
707-
708-
@Override
709-
public void afterHandshake(long session, long ssl, long context, Socket socket,
710-
FileDescriptor fd, SSLHandshakeCallbacks callback) throws Exception {
711-
assertTrue(NativeCrypto.SSL_ech_accepted(ssl, null));
712-
super.afterHandshake(session, ssl, context, socket, fd, callback);
713-
}
714-
};
715-
716-
client = handshake(listener, 0, true, cHooks, null, null);
717-
server = handshake(listener, 0, false, sHooks, null, null);
718-
clientCallback = client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
719-
serverCallback = server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
720-
assertTrue(clientCallback.verifyCertificateChainCalled);
721-
assertEqualCertificateChains(
722-
getServerCertificateRefs(), clientCallback.certificateChainRefs);
596+
SERVER_CERTIFICATE_REFS, clientCallback.certificateChainRefs);
723597
assertFalse(serverCallback.verifyCertificateChainCalled);
724598
assertFalse(clientCallback.clientCertificateRequestedCalled);
725599
assertFalse(serverCallback.clientCertificateRequestedCalled);
@@ -773,11 +647,11 @@ public void test_SSL_set1_ech_invalid_config_list() throws Exception {
773647
assertFalse(set);
774648
}
775649

776-
@Test(expected = NullPointerException.class)
650+
@Test
777651
public void test_SSL_set1_ech_config_list_withNull() throws Exception {
778652
long c = NativeCrypto.SSL_CTX_new();
779653
long s = NativeCrypto.SSL_new(c, null);
780-
NativeCrypto.SSL_set1_ech_config_list(s, null, null);
654+
assertThrows(NullPointerException.class, () -> NativeCrypto.SSL_set1_ech_config_list(s, null, null));
781655
}
782656

783657
@Test
@@ -814,14 +688,14 @@ public void test_SSL_CTX_ech_enable_server() throws Exception {
814688
NativeCrypto.SSL_CTX_free(c, null);
815689
}
816690

817-
@Test(expected = NullPointerException.class)
691+
@Test
818692
public void test_SSL_get0_ech_retry_configs_withNullShouldThrow() throws Exception {
819-
NativeCrypto.SSL_get0_ech_retry_configs(NULL, null);
693+
assertThrows(NullPointerException.class, () -> NativeCrypto.SSL_get0_ech_retry_configs(NULL, null));
820694
}
821695

822-
@Test(expected = NullPointerException.class)
696+
@Test
823697
public void test_SSL_CTX_ech_enable_server_NULL_SSL_CTX() throws Exception {
824-
NativeCrypto.SSL_CTX_ech_enable_server(NULL, null, null, null);
698+
assertThrows(NullPointerException.class, () -> NativeCrypto.SSL_CTX_ech_enable_server(NULL, null, null, null));
825699
}
826700

827701
@Test
@@ -1406,14 +1280,6 @@ public static Future<TestSSLHandshakeCallbacks> handshake(final ServerSocket lis
14061280
final int timeout, final boolean client,
14071281
final Hooks hooks, final byte[] alpnProtocols,
14081282
final ApplicationProtocolSelectorAdapter alpnSelector) {
1409-
return handshake(listener, timeout, client, hooks, alpnProtocols, alpnSelector, false);
1410-
}
1411-
1412-
public static Future<TestSSLHandshakeCallbacks> handshake(final ServerSocket listener,
1413-
final int timeout, final boolean client,
1414-
final Hooks hooks, final byte[] alpnProtocols,
1415-
final ApplicationProtocolSelectorAdapter alpnSelector,
1416-
final boolean useEchRetryConfig) {
14171283
// TODO(prb) rewrite for engine socket. FD socket calls infeasible to test on Java 17+
14181284
assumeFalse(TestUtils.isJavaVersion(17));
14191285
ExecutorService executor = Executors.newSingleThreadExecutor();
@@ -1456,20 +1322,7 @@ public TestSSLHandshakeCallbacks call() throws Exception {
14561322
NativeCrypto.setHasApplicationProtocolSelector(s, null, true);
14571323
}
14581324

1459-
// "if" added for ECH testing
1460-
if (useEchRetryConfig) {
1461-
try {
1462-
NativeCrypto.SSL_do_handshake(s, null, fd, callback, timeout);
1463-
} catch (SSLProtocolException e) {
1464-
hooks.echRetryConfigs =
1465-
NativeCrypto.SSL_get0_ech_retry_configs(s, null);
1466-
hooks.echNameOverride =
1467-
NativeCrypto.SSL_get0_ech_name_override(s, null);
1468-
throw e;
1469-
}
1470-
} else {
1471-
NativeCrypto.SSL_do_handshake(s, null, fd, callback, timeout);
1472-
}
1325+
NativeCrypto.SSL_do_handshake(s, null, fd, callback, timeout);
14731326

14741327
session = NativeCrypto.SSL_get1_session(s, null);
14751328
if (DEBUG) {
@@ -3500,10 +3353,10 @@ public void test_ECDH_compute_key_null_key_Failure() throws Exception {
35003353
}
35013354
}
35023355

3503-
@Test(expected = NullPointerException.class)
3356+
@Test
35043357
public void EVP_CipherInit_ex_withNullCtxShouldThrow() throws Exception {
35053358
final long evpCipher = NativeCrypto.EVP_get_cipherbyname("aes-128-ecb");
3506-
NativeCrypto.EVP_CipherInit_ex(null, evpCipher, null, null, true);
3359+
assertThrows(NullPointerException.class, () -> NativeCrypto.EVP_CipherInit_ex(null, evpCipher, null, null, true));
35073360
}
35083361

35093362
@Test

0 commit comments

Comments
 (0)