Merge pull request #1726 from parsharma/ELY-2335

ELY-2335 Add a test case for one-way TLS to TLS13AuthenticationTestCase
wildfly-security · Jul 14, 2022 · 21bb95c · 21bb95c
2 parents 4381567 + 1451502
commit 21bb95c
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java
@@ -19,6 +19,7 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
 
 import java.io.Closeable;
 import java.io.IOException;
@@ -178,6 +179,19 @@ public void testServerTLS12Only() throws Exception {
         assertEquals("Principal Name", "ladybird", identity.getPrincipal().getName());
     }
 
+    @Test
+    public void testOneWayTLS13() throws Exception {
+        final String CIPHER_SUITE = "TLS_AES_128_GCM_SHA256";
+
+        SSLContext serverContext = new SSLContextBuilder()
+                .setCipherSuiteSelector(CipherSuiteSelector.fromNamesString(CIPHER_SUITE))
+                .setKeyManager(getKeyManager("/jks/scarab.keystore"))
+                .build().create();
+
+        SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-one-way-tls13.org", "wildfly-ssl-test-config-v1_5.xml", CIPHER_SUITE, true);
+        assertNull(identity);
+    }
+
     private SecurityIdentity performConnectionTest(SSLContext serverContext, String clientUri, String clientConfigFileName, String expectedCipherSuite, boolean expectTLS13) throws Exception {
         System.setProperty("wildfly.config.url", SSLAuthenticationTest.class.getResource(clientConfigFileName).toExternalForm());
         AccessController.doPrivileged((PrivilegedAction<Integer>) () -> Security.insertProviderAt(new WildFlyElytronProvider(), 1));

diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml
@@ -57,6 +57,10 @@
                 <trust-store key-store-name="scarab"/>
                 <cipher-suite names="TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"/>
             </ssl-context>
+            <ssl-context name="one-way-ssl-tls13">
+                <trust-store key-store-name="scarab"/>
+                <cipher-suite names="TLS_AES_128_GCM_SHA256"/>
+            </ssl-context>
         </ssl-contexts>
         <ssl-context-rules>
             <rule use-ssl-context="two-way-ssl-tls13">
@@ -71,6 +75,9 @@
             <rule use-ssl-context="different-preferred-tls13-suites">
                 <match-host name="test-different-preferred-tls13-suites.org"/>
             </rule>
+            <rule use-ssl-context="one-way-ssl-tls13">
+                <match-host name="test-one-way-tls13.org"/>
+            </rule>
         </ssl-context-rules>
     </authentication-client>
 </configuration>