From dadd299e473610bc9c322112fa4d0a1b61ea28c8 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Thu, 29 Oct 2020 13:44:21 -0500 Subject: [PATCH] Cleanup of SslContextFactoryTest Signed-off-by: Joakim Erdfelt --- .../jetty/util/ssl/SslContextFactoryTest.java | 79 ++++++++++--------- 1 file changed, 40 insertions(+), 39 deletions(-) diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java index 0ce32702e067..ee7da6f82506 100644 --- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java +++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java @@ -30,6 +30,7 @@ import java.util.Arrays; import java.util.Collections; import java.util.List; +import java.util.Optional; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.stream.Collectors; @@ -46,7 +47,6 @@ import org.eclipse.jetty.util.component.AbstractLifeCycle; import org.eclipse.jetty.util.log.StacklessLogging; import org.eclipse.jetty.util.resource.Resource; -import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import static org.hamcrest.MatcherAssert.assertThat; @@ -69,25 +69,10 @@ public class SslContextFactoryTest { - private SslContextFactory cf; - - @BeforeEach - public void setUp() throws Exception - { - cf = new SslContextFactory.Server(); - - java.security.cert.CertPathBuilder certPathBuilder = java.security.cert.CertPathBuilder.getInstance("PKIX"); - java.security.cert.PKIXRevocationChecker revocationChecker = (java.security.cert.PKIXRevocationChecker)certPathBuilder.getRevocationChecker(); - revocationChecker.setOptions(java.util.EnumSet.of( - java.security.cert.PKIXRevocationChecker.Option.valueOf("PREFER_CRLS"), - java.security.cert.PKIXRevocationChecker.Option.valueOf("SOFT_FAIL"), - java.security.cert.PKIXRevocationChecker.Option.valueOf("NO_FALLBACK"))); - cf.setPkixCertPathChecker(revocationChecker); - } - @Test public void testSLOTH() throws Exception { + SslContextFactory.Server cf = new SslContextFactory.Server(); cf.setKeyStorePassword("storepwd"); cf.setKeyManagerPassword("keypwd"); @@ -96,9 +81,13 @@ public void testSLOTH() throws Exception // cf.dump(System.out, ""); List dumps = cf.selectionDump(); - SslSelectionDump cipherDump = dumps.stream() + Optional cipherSuiteDumpOpt = dumps.stream() .filter((dump) -> dump.type.contains("Cipher Suite")) - .findFirst().get(); + .findFirst(); + + assertTrue(cipherSuiteDumpOpt.isPresent(), "Cipher Suite dump section should exist"); + + SslSelectionDump cipherDump = cipherSuiteDumpOpt.get(); for (String enabledCipher : cipherDump.enabled) { @@ -109,6 +98,7 @@ public void testSLOTH() throws Exception @Test public void testDumpIncludeTlsRsa() throws Exception { + SslContextFactory.Server cf = new SslContextFactory.Server(); cf.setKeyStorePassword("storepwd"); cf.setKeyManagerPassword("keypwd"); cf.setIncludeCipherSuites("TLS_RSA_.*"); @@ -126,9 +116,15 @@ public void testDumpIncludeTlsRsa() throws Exception .collect(Collectors.toList()); List selectedSuites = Arrays.asList(cf.getSelectedCipherSuites()); - SslSelectionDump cipherDump = dumps.stream() + + Optional cipherSuiteDumpOpt = dumps.stream() .filter((dump) -> dump.type.contains("Cipher Suite")) - .findFirst().get(); + .findFirst(); + + assertTrue(cipherSuiteDumpOpt.isPresent(), "Cipher Suite dump section should exist"); + + SslSelectionDump cipherDump = cipherSuiteDumpOpt.get(); + assertThat("Dump Enabled List size is equal to selected list size", cipherDump.enabled.size(), is(selectedSuites.size())); for (String expectedCipherSuite : tlsRsaSuites) @@ -141,17 +137,19 @@ public void testDumpIncludeTlsRsa() throws Exception @Test public void testNoTsFileKs() throws Exception { + SslContextFactory.Server cf = new SslContextFactory.Server(); cf.setKeyStorePassword("storepwd"); cf.setKeyManagerPassword("keypwd"); cf.start(); - assertTrue(cf.getSslContext() != null); + assertNotNull(cf.getSslContext()); } @Test public void testNoTsSetKs() throws Exception { + SslContextFactory.Server cf = new SslContextFactory.Server(); KeyStore ks = KeyStore.getInstance("JKS"); try (InputStream keystoreInputStream = this.getClass().getResourceAsStream("keystore")) { @@ -162,26 +160,21 @@ public void testNoTsSetKs() throws Exception cf.start(); - assertTrue(cf.getSslContext() != null); + assertNotNull(cf.getSslContext()); } @Test public void testNoTsNoKs() throws Exception { + SslContextFactory.Server cf = new SslContextFactory.Server(); cf.start(); - assertTrue(cf.getSslContext() != null); - } - - @Test - public void testTrustAll() throws Exception - { - cf.start(); - assertTrue(cf.getSslContext() != null); + assertNotNull(cf.getSslContext()); } @Test public void testNoTsResourceKs() throws Exception { + SslContextFactory.Server cf = new SslContextFactory.Server(); Resource keystoreResource = Resource.newSystemResource("keystore"); cf.setKeyStoreResource(keystoreResource); @@ -192,12 +185,13 @@ public void testNoTsResourceKs() throws Exception cf.start(); - assertTrue(cf.getSslContext() != null); + assertNotNull(cf.getSslContext()); } @Test public void testResourceTsResourceKs() throws Exception { + SslContextFactory.Server cf = new SslContextFactory.Server(); Resource keystoreResource = Resource.newSystemResource("keystore"); Resource truststoreResource = Resource.newSystemResource("keystore"); @@ -209,12 +203,13 @@ public void testResourceTsResourceKs() throws Exception cf.start(); - assertTrue(cf.getSslContext() != null); + assertNotNull(cf.getSslContext()); } @Test public void testResourceTsResourceKsWrongPW() throws Exception { + SslContextFactory.Server cf = new SslContextFactory.Server(); Resource keystoreResource = Resource.newSystemResource("keystore"); Resource truststoreResource = Resource.newSystemResource("keystore"); @@ -227,7 +222,7 @@ public void testResourceTsResourceKsWrongPW() throws Exception try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class)) { java.security.UnrecoverableKeyException x = assertThrows( - java.security.UnrecoverableKeyException.class, () -> cf.start()); + java.security.UnrecoverableKeyException.class, cf::start); assertThat(x.getMessage(), containsString("Cannot recover key")); } } @@ -235,6 +230,7 @@ public void testResourceTsResourceKsWrongPW() throws Exception @Test public void testResourceTsWrongPWResourceKs() throws Exception { + SslContextFactory.Server cf = new SslContextFactory.Server(); Resource keystoreResource = Resource.newSystemResource("keystore"); Resource truststoreResource = Resource.newSystemResource("keystore"); @@ -246,14 +242,15 @@ public void testResourceTsWrongPWResourceKs() throws Exception try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class)) { - IOException x = assertThrows(IOException.class, () -> cf.start()); + IOException x = assertThrows(IOException.class, cf::start); assertThat(x.getMessage(), containsString("Keystore was tampered with, or password was incorrect")); } } @Test - public void testNoKeyConfig() throws Exception + public void testNoKeyConfig() { + SslContextFactory.Server cf = new SslContextFactory.Server(); try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class)) { IllegalStateException x = assertThrows(IllegalStateException.class, () -> @@ -268,6 +265,7 @@ public void testNoKeyConfig() throws Exception @Test public void testSetExcludeCipherSuitesRegex() throws Exception { + SslContextFactory.Server cf = new SslContextFactory.Server(); cf.setExcludeCipherSuites(".*RC4.*"); cf.start(); SSLEngine sslEngine = cf.newSSLEngine(); @@ -282,6 +280,7 @@ public void testSetExcludeCipherSuitesRegex() throws Exception @Test public void testSetIncludeCipherSuitesRegex() throws Exception { + SslContextFactory.Server cf = new SslContextFactory.Server(); cf.setIncludeCipherSuites(".*ECDHE.*", ".*WIBBLE.*"); cf.start(); @@ -297,6 +296,7 @@ public void testSetIncludeCipherSuitesRegex() throws Exception @Test public void testProtocolAndCipherSettingsAreNPESafe() { + SslContextFactory.Server cf = new SslContextFactory.Server(); assertNotNull(cf.getExcludeProtocols()); assertNotNull(cf.getIncludeProtocols()); assertNotNull(cf.getExcludeCipherSuites()); @@ -306,6 +306,7 @@ public void testProtocolAndCipherSettingsAreNPESafe() @Test public void testSNICertificates() throws Exception { + SslContextFactory.Server cf = new SslContextFactory.Server(); Resource keystoreResource = Resource.newSystemResource("snikeystore"); cf.setKeyStoreResource(keystoreResource); @@ -347,7 +348,7 @@ public void testSNICertificates() throws Exception @Test public void testNonDefaultKeyStoreTypeUsedForTrustStore() throws Exception { - cf = new SslContextFactory.Server(); + SslContextFactory.Server cf = new SslContextFactory.Server(); cf.setKeyStoreResource(Resource.newSystemResource("keystore.p12")); cf.setKeyStoreType("pkcs12"); cf.setKeyStorePassword("storepwd"); @@ -365,7 +366,7 @@ public void testNonDefaultKeyStoreTypeUsedForTrustStore() throws Exception @Test public void testClientSslContextFactory() throws Exception { - cf = new SslContextFactory.Client(); + SslContextFactory.Client cf = new SslContextFactory.Client(); cf.start(); assertEquals("HTTPS", cf.getEndpointIdentificationAlgorithm()); @@ -374,7 +375,7 @@ public void testClientSslContextFactory() throws Exception @Test public void testServerSslContextFactory() throws Exception { - cf = new SslContextFactory.Server(); + SslContextFactory.Server cf = new SslContextFactory.Server(); cf.start(); assertNull(cf.getEndpointIdentificationAlgorithm());