Skip to content

Commit 2a75f6f

Browse files
the-thingthe-thing
committed
fixing SSL test assertions for TLS 1.3
1 parent f4113ec commit 2a75f6f

File tree

1 file changed

+48
-32
lines changed

1 file changed

+48
-32
lines changed

quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java

Lines changed: 48 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,9 @@
2222
import org.apache.mina.core.filterchain.IoFilterAdapter;
2323
import org.apache.mina.core.session.IoSession;
2424
import org.junit.Test;
25+
import org.junit.runner.RunWith;
26+
import org.junit.runners.Parameterized;
27+
import org.junit.runners.Parameterized.Parameters;
2528
import org.slf4j.Logger;
2629
import org.slf4j.LoggerFactory;
2730
import quickfix.Acceptor;
@@ -51,6 +54,7 @@
5154
import java.security.Principal;
5255
import java.security.cert.Certificate;
5356
import java.security.cert.X509Certificate;
57+
import java.util.Arrays;
5458
import java.util.HashMap;
5559
import java.util.List;
5660
import java.util.Properties;
@@ -66,10 +70,22 @@
6670
import static org.junit.Assert.assertSame;
6771
import static org.junit.Assert.assertTrue;
6872

73+
@RunWith(Parameterized.class)
6974
public class SSLCertificateTest {
7075

76+
@Parameters
77+
public static List<Object[]> parameters() {
78+
return Arrays.asList(new String[][] {{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLSv1.2"}, {"TLS_AES_256_GCM_SHA384", "TLSv1.3"}});
79+
}
80+
7181
// Note: To diagnose cipher suite errors, run with -Djavax.net.debug=ssl:handshake
72-
private static final String CIPHER_SUITES_TLS = "TLS_AES_256_GCM_SHA384";
82+
private final String enabledCipherSuites;
83+
private final String enabledProtocols;
84+
85+
public SSLCertificateTest(String enabledCipherSuites, String enabledProtocols) {
86+
this.enabledCipherSuites = enabledCipherSuites;
87+
this.enabledProtocols = enabledProtocols;
88+
}
7389

7490
@After
7591
public void cleanup() {
@@ -85,14 +101,14 @@ public void cleanup() {
85101
public void shouldAuthenticateServerCertificate() throws Exception {
86102
int freePort = AvailablePortFinder.getNextAvailable();
87103
TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", false,
88-
"single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
104+
"single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
89105

90106
try {
91107
acceptor.start();
92108

93109
TestInitiator initiator = new TestInitiator(
94110
createInitiatorSettings("single-session/empty.keystore", "single-session/client.truststore",
95-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
111+
enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
96112

97113
try {
98114
initiator.start();
@@ -137,13 +153,13 @@ public void shouldAuthenticateServerCertificateViaSocksProxy(String proxyVersion
137153
try {
138154
int port = AvailablePortFinder.getNextAvailable();
139155
TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", false,
140-
"single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", port));
156+
"single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", port));
141157

142158
try {
143159
acceptor.start();
144160

145161
SessionSettings initiatorSettings = createInitiatorSettings("single-session/empty.keystore", "single-session/client.truststore",
146-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(port), "JKS", "JKS");
162+
enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(port), "JKS", "JKS");
147163

148164
Properties defaults = initiatorSettings.getDefaultProperties();
149165

@@ -184,14 +200,14 @@ public void shouldAuthenticateServerCertificateViaSocksProxy(String proxyVersion
184200
public void shouldAuthenticateServerNameUsingServerCommonName() throws Exception {
185201
int freePort = AvailablePortFinder.getNextAvailable();
186202
TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server-cn.keystore", false,
187-
"single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
203+
"single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
188204

189205
try {
190206
acceptor.start();
191207

192208
TestInitiator initiator = new TestInitiator(
193209
createInitiatorSettings("single-session/empty.keystore", "single-session/client-cn.truststore",
194-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS"));
210+
enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS"));
195211

196212
try {
197213
initiator.start();
@@ -219,14 +235,14 @@ public void shouldAuthenticateServerNameUsingServerCommonName() throws Exception
219235
public void shouldAuthenticateServerNameUsingSNIExtension() throws Exception {
220236
int freePort = AvailablePortFinder.getNextAvailable();
221237
TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server-sni.keystore", false,
222-
"single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
238+
"single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
223239

224240
try {
225241
acceptor.start();
226242

227243
TestInitiator initiator = new TestInitiator(
228244
createInitiatorSettings("single-session/empty.keystore", "single-session/client-sni.truststore",
229-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS"));
245+
enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS"));
230246

231247
try {
232248
initiator.start();
@@ -255,14 +271,14 @@ public void shouldFailWhenHostnameDoesNotMatchServerName() throws Exception {
255271
int freePort = AvailablePortFinder.getNextAvailable();
256272

257273
TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server-bad-cn.keystore", false,
258-
"single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
274+
"single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
259275

260276
try {
261277
acceptor.start();
262278

263279
TestInitiator initiator = new TestInitiator(
264280
createInitiatorSettings("single-session/empty.keystore", "single-session/client-bad-cn.truststore",
265-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS"));
281+
enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS"));
266282

267283
try {
268284
initiator.start();
@@ -286,14 +302,14 @@ public void shouldFailWhenHostnameDoesNotMatchServerName() throws Exception {
286302
public void shouldAuthenticateServerAndClientCertificates() throws Exception {
287303
int freePort = AvailablePortFinder.getNextAvailable();
288304
TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", true,
289-
"single-session/server.truststore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
305+
"single-session/server.truststore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
290306

291307
try {
292308
acceptor.start();
293309

294310
TestInitiator initiator = new TestInitiator(
295311
createInitiatorSettings("single-session/client.keystore", "single-session/client.truststore",
296-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
312+
enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
297313

298314
try {
299315
initiator.start();
@@ -319,14 +335,14 @@ public void shouldAuthenticateServerAndClientCertificates() throws Exception {
319335
public void shouldAuthenticateServerAndClientCertificatesWhenUsingDifferentKeystoreFormats() throws Exception {
320336
int freePort = AvailablePortFinder.getNextAvailable();
321337
TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server-pkcs12.keystore", true,
322-
"single-session/server-jceks.truststore", CIPHER_SUITES_TLS, "TLSv1.3", "PKCS12",
338+
"single-session/server-jceks.truststore", enabledCipherSuites, enabledProtocols, "PKCS12",
323339
"JCEKS", freePort));
324340

325341
try {
326342
acceptor.start();
327343

328344
TestInitiator initiator = new TestInitiator(createInitiatorSettings("single-session/client-jceks.keystore",
329-
"single-session/client-jceks.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA",
345+
"single-session/client-jceks.keystore", enabledCipherSuites, enabledProtocols, "ZULU", "ALFA",
330346
Integer.toString(freePort), "JCEKS", "JCEKS"));
331347

332348
try {
@@ -354,20 +370,20 @@ public void shouldAuthenticateServerAndClientCertificatesForIndividualSessions()
354370
TestAcceptor acceptor = new TestAcceptor(createMultiSessionAcceptorSettings(
355371
"multi-session/server.keystore", true, new String[] { "multi-session/server1.truststore",
356372
"multi-session/server2.truststore", "multi-session/server3.truststore" },
357-
CIPHER_SUITES_TLS, "TLSv1.3"));
373+
enabledCipherSuites, enabledProtocols));
358374

359375
try {
360376
acceptor.start();
361377

362378
TestInitiator initiator1 = new TestInitiator(
363379
createInitiatorSettings("multi-session/client1.keystore", "multi-session/client1.keystore",
364-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU0", "ALFA0", "12340", "JKS", "JKS"));
380+
enabledCipherSuites, enabledProtocols, "ZULU0", "ALFA0", "12340", "JKS", "JKS"));
365381
TestInitiator initiator2 = new TestInitiator(
366382
createInitiatorSettings("multi-session/client2.keystore", "multi-session/client2.keystore",
367-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU1", "ALFA1", "12341", "JKS", "JKS"));
383+
enabledCipherSuites, enabledProtocols, "ZULU1", "ALFA1", "12341", "JKS", "JKS"));
368384
TestInitiator initiator3 = new TestInitiator(
369385
createInitiatorSettings("multi-session/client3.keystore", "multi-session/client3.keystore",
370-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU2", "ALFA2", "12342", "JKS", "JKS"));
386+
enabledCipherSuites, enabledProtocols, "ZULU2", "ALFA2", "12342", "JKS", "JKS"));
371387

372388
try {
373389
initiator1.start();
@@ -415,20 +431,20 @@ public void shouldFailIndividualSessionsWhenInvalidCertificatesUsed() throws Exc
415431
TestAcceptor acceptor = new TestAcceptor(createMultiSessionAcceptorSettings(
416432
"multi-session/server.keystore", true, new String[] { "multi-session/server1.truststore",
417433
"multi-session/server2.truststore", "multi-session/server3.truststore" },
418-
CIPHER_SUITES_TLS, "TLSv1.3"));
434+
enabledCipherSuites, enabledProtocols));
419435

420436
try {
421437
acceptor.start();
422438

423439
TestInitiator initiator1 = new TestInitiator(
424440
createInitiatorSettings("multi-session/client2.keystore", "multi-session/client2.keystore",
425-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU0", "ALFA0", "12340", "JKS", "JKS"));
441+
enabledCipherSuites, enabledProtocols, "ZULU0", "ALFA0", "12340", "JKS", "JKS"));
426442
TestInitiator initiator2 = new TestInitiator(
427443
createInitiatorSettings("multi-session/client1.keystore", "multi-session/client1.keystore",
428-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU1", "ALFA1", "12341", "JKS", "JKS"));
444+
enabledCipherSuites, enabledProtocols, "ZULU1", "ALFA1", "12341", "JKS", "JKS"));
429445
TestInitiator initiator3 = new TestInitiator(
430446
createInitiatorSettings("multi-session/client3.keystore", "multi-session/client3.keystore",
431-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU2", "ALFA2", "12342", "JKS", "JKS"));
447+
enabledCipherSuites, enabledProtocols, "ZULU2", "ALFA2", "12342", "JKS", "JKS"));
432448

433449
try {
434450
initiator1.start();
@@ -500,14 +516,14 @@ public void shouldFailWhenUsingEmptyServerKeyStore() throws Exception {
500516
public void shouldFailWhenUsingEmptyClientTruststore() throws Exception {
501517
int freePort = AvailablePortFinder.getNextAvailable();
502518
TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", false,
503-
"single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
519+
"single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
504520

505521
try {
506522
acceptor.start();
507523

508524
TestInitiator initiator = new TestInitiator(
509525
createInitiatorSettings("single-session/empty.keystore", "single-session/empty.keystore",
510-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
526+
enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
511527

512528
try {
513529
initiator.start();
@@ -531,14 +547,14 @@ public void shouldFailWhenUsingEmptyClientTruststore() throws Exception {
531547
public void shouldFailWhenUsingEmptyServerTrustore() throws Exception {
532548
int freePort = AvailablePortFinder.getNextAvailable();
533549
TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", true,
534-
"single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
550+
"single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
535551

536552
try {
537553
acceptor.start();
538554

539555
TestInitiator initiator = new TestInitiator(
540556
createInitiatorSettings("single-session/client.keystore", "single-session/client.truststore",
541-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
557+
enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
542558

543559
try {
544560
initiator.start();
@@ -562,14 +578,14 @@ public void shouldFailWhenUsingEmptyServerTrustore() throws Exception {
562578
public void shouldFailWhenUsingBadClientCertificate() throws Exception {
563579
int freePort = AvailablePortFinder.getNextAvailable();
564580
TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", true,
565-
"single-session/server.truststore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
581+
"single-session/server.truststore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
566582

567583
try {
568584
acceptor.start();
569585

570586
TestInitiator initiator = new TestInitiator(
571587
createInitiatorSettings("single-session/server.keystore", "single-session/client.truststore",
572-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
588+
enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
573589

574590
try {
575591
initiator.start();
@@ -593,14 +609,14 @@ public void shouldFailWhenUsingBadClientCertificate() throws Exception {
593609
public void shouldFailWhenUsingBadServerCertificate() throws Exception {
594610
int freePort = AvailablePortFinder.getNextAvailable();
595611
TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/client.keystore", false,
596-
"single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
612+
"single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
597613

598614
try {
599615
acceptor.start();
600616

601617
TestInitiator initiator = new TestInitiator(
602618
createInitiatorSettings("single-session/empty.keystore", "single-session/client.truststore",
603-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
619+
enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
604620

605621
try {
606622
initiator.start();
@@ -631,7 +647,7 @@ public void shouldConnectDifferentTypesOfSessions() throws Exception {
631647

632648
TestInitiator sslInitiator = new TestInitiator(
633649
createInitiatorSettings("single-session/client.keystore", "single-session/client.truststore",
634-
CIPHER_SUITES_TLS, "TLSv1.3", "ZULU_SSL", "ALFA_SSL", Integer.toString(sslPort), "JKS", "JKS"));
650+
enabledCipherSuites, enabledProtocols, "ZULU_SSL", "ALFA_SSL", Integer.toString(sslPort), "JKS", "JKS"));
635651

636652
TestInitiator nonSslInitiator = new TestInitiator(createInitiatorSettings("ZULU_NON_SSL", "ALFA_NON_SSL", nonSslPort));
637653

0 commit comments

Comments
 (0)