Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update JDK SSL Tests to use SSL Context Builder. #4520

Closed
wants to merge 1 commit into from
Closed

Update JDK SSL Tests to use SSL Context Builder. #4520

wants to merge 1 commit into from

Conversation

ifesdjeen
Copy link
Contributor

This is the first patch to get closer to #4293. I'm cleaning up all the plances and am trying to bring test cases as close together as possible to reuse the code for both JDK and OpenSSL.

So far, the following things have been updated:

  • Update JDK SSL Tests to use SSL Context Builder.
  • Switch test skipping to custom exception to avoid unintentional catch / skip.
  • Switch from explicit Protocol Negotiator to ApplicationProtocolConfig where possible.

However, I still have a question about testAlpnNoCompatibleProtocolsClientHandshakeFailure. I couldn't find a way to reproduce same behaviour with SslContextBuilder, since in this case we're limited to ApplicationProtocolConfig and how it maps to Negotiator. Closest way would be to check for the SslHandshakeException on the server side.

normanmaurer
normanmaurer reviewed Nov 27, 2015
View reviewed changes
handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java

return new JdkSslServerContext(crtFile, keyFile, "12345");
String keyPassword = "12345";
return SslContextBuilder.forServer(crtFile, keyFile, keyPassword).build();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just inline the password as before ?

@ifesdjeen ifesdjeen force-pushed the ssl-tests branch 3 times, most recently from 6e30c36 to 51e0336 Compare November 27, 2015 09:32
@Scottmitch
Copy link
Member

@ifesdjeen

However, I still have a question about testAlpnNoCompatibleProtocolsClientHandshakeFailure

Last I checked OpenSSL did not support failing the handshake due to no compatible protocols. See openssl/openssl#188.

Scottmitch
Scottmitch reviewed Dec 3, 2015
View reviewed changes
handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
@@ -59,13 +62,15 @@ public void testNpn() throws Exception {
// Check in this test just in case we have multiple tests that just the class and we already ignored the
// initialization error.
if (!JdkNpnSslEngine.isAvailable()) {
throw new RuntimeException("NPN not on classpath");
throw new SkipTestException("NPN not on classpath");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider moving this to a method to ensure consistency:

// Maybe use Protocol instead of String....
private SkipTestException tlsExtensionNotFound(String extensionName) {
  throw new SkipTestException(extensionName + " not on classpath");
}

private SkipTestException npnExtensionNotFound() {
  return tlsExtensionNotFound("NPN");
}

// also one for ALPN
...

@ifesdjeen
Copy link
Contributor Author

Last I checked OpenSSL did not support failing the handshake due to no compatible protocols. See openssl/openssl#188.

Ah, I'm was talking about JdkSsl... I've only ported the tests for now. This test (testAlpnNoCompatibleProtocolsClientHandshakeFailure) can only be implemented in terms of the deprecated API, since new version converts to ApplicationConfig to Negotiator internally and all APIs with Negotiator are now deprecated.

@Scottmitch
Copy link
Member

@ifesdjeen - I see what you are saying now. This is a pretty specific test that we wouldn't necessarily expect a user to replicate this use case. I'm OK with ignoring the deprecation here. I think the path forward when we re-analyze the deprecated constructor is to make it package private (as opposed to completely removing it) for testing purposes.

@Scottmitch
Copy link
Member

@ifesdjeen - Can you just update the commit message to follow the format defined in http://netty.io/wiki/writing-a-commit-message.html and then I can pull this in?

@ifesdjeen
Update JDK SSL Tests to use SSL Context Builder.
7e101e1 
Motivation: 

Use new / non-deprecated APIs for creating SSL Context
in tests, in order to be able to implement OpenSsl
tests with maximum code reuse.

Modifications: 

Use `SslContextBuilder.(forServer|forClient)` instead
of deprecated `JdkSslServerContext` constructor. 
Use `ApplicationProtocolConfig` instead of Protocol
Negotiator. 
Use custom exception type for skipping tests to avoid
swallowing exceptions arising from tests.

Result:
 
Exceptions from tests aren't swallowed.
Using new APIs allows reusing same test code for 
OpenSsl tests.
@ifesdjeen
Copy link
Contributor Author

Oh sure absolutely. Somehow I missed the commit message part completely, sorry about that.

@Scottmitch Scottmitch self-assigned this Dec 4, 2015
@Scottmitch Scottmitch added this to the 4.0.34.Final milestone Dec 4, 2015
@Scottmitch
Copy link
Member

Cherry-picked 4.0 (38838b8) 4.1 (43ebbc3) master (613c8b2)

Thanks @ifesdjeen !

@Scottmitch Scottmitch closed this Dec 4, 2015
@ifesdjeen
Copy link
Contributor Author

<3 thank you @Scottmitch, I hope more PRs to come!

@Scottmitch
Copy link
Member

+1 @ifesdjeen - keem em' coming!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Scottmitch Scottmitch

Labels
cleanup
Projects
None yet
Milestone
4.0.34.Final
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ifesdjeen @Scottmitch @normanmaurer @netkins