diff --git a/src/test/scala/tlschannel/NettySslEngineTest.java b/src/test/scala/tlschannel/NettySslEngineTest.java new file mode 100644 index 00000000..8c742311 --- /dev/null +++ b/src/test/scala/tlschannel/NettySslEngineTest.java @@ -0,0 +1,99 @@ +package tlschannel; + +import static org.junit.jupiter.api.Assertions.assertThrows; + +import io.netty.buffer.ByteBufAllocator; +import io.netty.handler.ssl.SslContextBuilder; +import io.netty.handler.ssl.SslProvider; +import io.netty.handler.ssl.util.SimpleTrustManagerFactory; +import java.net.Socket; +import java.nio.ByteBuffer; +import java.nio.channels.ByteChannel; +import java.security.KeyStore; +import java.security.cert.X509Certificate; +import javax.net.ssl.*; +import javax.net.ssl.ManagerFactoryParameters; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.TrustManager; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestInstance; +import org.junit.jupiter.api.TestInstance.Lifecycle; + +@TestInstance(Lifecycle.PER_CLASS) +public class NettySslEngineTest { + + // dummy handshake as minimal sanity test + @Test + void testDummyHandshake() throws SSLException { + io.netty.handler.ssl.SslContext ctx = SslContextBuilder.forClient() + .sslProvider(SslProvider.OPENSSL) + .trustManager(dummyTrustManagerFactory) + .protocols("TLSv1.3") + .build(); + SSLEngine sslEngine = ctx.newEngine(ByteBufAllocator.DEFAULT, "test", 0); + + ClientTlsChannel channel = ClientTlsChannel.newBuilder(new DummyByteChannel(), sslEngine) + .withEncryptedBufferAllocator(new HeapBufferAllocator()) + .build(); + + assertThrows(NeedsWriteException.class, () -> channel.handshake()); + } + + private final TrustManagerFactory dummyTrustManagerFactory = new SimpleTrustManagerFactory() { + @Override + public void engineInit(KeyStore keyStore) {} + + @Override + public void engineInit(ManagerFactoryParameters params) {} + + @Override + public TrustManager[] engineGetTrustManagers() { + return new TrustManager[] {new DummyTrustManager()}; + } + }; + + private static class DummyByteChannel implements ByteChannel { + @Override + public boolean isOpen() { + return false; + } + + @Override + public void close() {} + + @Override + public int write(ByteBuffer src) { + return 0; + } + + @Override + public int read(ByteBuffer dst) { + return 0; + } + } + + private static class DummyTrustManager extends X509ExtendedTrustManager { + @Override + public void checkClientTrusted(X509Certificate[] certs, String s) {} + + @Override + public void checkServerTrusted(X509Certificate[] certs, String s) {} + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + + @Override + public void checkClientTrusted(X509Certificate[] certs, String s, Socket socket) {} + + @Override + public void checkServerTrusted(X509Certificate[] certs, String s, Socket socket) {} + + @Override + public void checkClientTrusted(X509Certificate[] certs, String s, SSLEngine sslEngine) {} + + @Override + public void checkServerTrusted(X509Certificate[] certs, String s, SSLEngine sslEngine) {} + } +} diff --git a/src/test/scala/tlschannel/NettySslEngineTest.scala b/src/test/scala/tlschannel/NettySslEngineTest.scala deleted file mode 100644 index e73a509a..00000000 --- a/src/test/scala/tlschannel/NettySslEngineTest.scala +++ /dev/null @@ -1,69 +0,0 @@ -package tlschannel - -import io.netty.buffer.ByteBufAllocator -import io.netty.handler.ssl.SslContextBuilder -import io.netty.handler.ssl.SslProvider -import io.netty.handler.ssl.util.SimpleTrustManagerFactory -import org.junit.jupiter.api.{Test, TestInstance} -import org.junit.jupiter.api.TestInstance.Lifecycle -import org.junit.jupiter.api.Assertions.assertThrows - -import javax.net.ssl.{ManagerFactoryParameters, SSLEngine, TrustManager, TrustManagerFactory, X509ExtendedTrustManager} -import java.net.Socket -import java.nio.ByteBuffer -import java.nio.channels.ByteChannel -import java.security.KeyStore -import java.security.cert.X509Certificate - -@TestInstance(Lifecycle.PER_CLASS) -class NettySslEngineTest { - - import NettySslEngineTest._ - - // dummy handshake as minimal sanity test - @Test - def testDummyHandshake(): Unit = { - val ctx = SslContextBuilder - .forClient() - .sslProvider(SslProvider.OPENSSL) - .trustManager(dummyTrustManagerFactory) - .protocols("TLSv1.3") - .build() - val sslEngine = ctx.newEngine(ByteBufAllocator.DEFAULT, "test", 0) - - val channel = ClientTlsChannel - .newBuilder(new DummyByteChannel(), sslEngine) - .withEncryptedBufferAllocator(new HeapBufferAllocator()) - .build() - - assertThrows(classOf[NeedsWriteException], () => channel.handshake()) - } - -} - -object NettySslEngineTest { - - private val dummyTrustManagerFactory: TrustManagerFactory = new SimpleTrustManagerFactory() { - private val trustManagers = Array[TrustManager](new DummyTrustManager()) - override def engineInit(keyStore: KeyStore): Unit = {} - override def engineInit(params: ManagerFactoryParameters): Unit = {} - override def engineGetTrustManagers(): Array[TrustManager] = trustManagers - } - - private class DummyByteChannel extends ByteChannel { - override def isOpen = false - override def close(): Unit = {} - override def write(src: ByteBuffer) = 0 - override def read(dst: ByteBuffer) = 0 - } - - private class DummyTrustManager extends X509ExtendedTrustManager { - override def checkClientTrusted(certs: Array[X509Certificate], s: String): Unit = {} - override def checkServerTrusted(certs: Array[X509Certificate], s: String): Unit = {} - override def getAcceptedIssuers: Array[X509Certificate] = Array[X509Certificate]() - override def checkClientTrusted(certs: Array[X509Certificate], s: String, socket: Socket): Unit = {} - override def checkServerTrusted(certs: Array[X509Certificate], s: String, socket: Socket): Unit = {} - override def checkClientTrusted(certs: Array[X509Certificate], s: String, sslEngine: SSLEngine): Unit = {} - override def checkServerTrusted(certs: Array[X509Certificate], s: String, sslEngine: SSLEngine): Unit = {} - } -}