Java 类io.netty.handler.ssl.JdkSslClientContext 实例源码

@Test
public void initChannel_adds_debugLoggingHandler_first_if_debugChannelLifecycleLoggingEnabled_is_true() throws SSLException {
    // given
    HttpChannelInitializer
        hci = basicHttpChannelInitializer(new JdkSslClientContext(), 42, 100, true, mock(RequestValidator.class),
                                          createRequestAndResponseFilterMock());

    // when
    hci.initChannel(socketChannelMock);

    // then
    ArgumentCaptor<ChannelHandler> channelHandlerArgumentCaptor = ArgumentCaptor.forClass(ChannelHandler.class);
    verify(channelPipelineMock, atLeastOnce()).addLast(anyString(), channelHandlerArgumentCaptor.capture());
    List<ChannelHandler> handlers = channelHandlerArgumentCaptor.getAllValues();
    assertThat(handlers.get(0), instanceOf(LoggingHandler.class));
}

@Test
public void initChannel_does_not_add_debugLoggingHandler_if_debugChannelLifecycleLoggingEnabled_is_false() throws SSLException {
    // given
    HttpChannelInitializer
        hci = basicHttpChannelInitializer(new JdkSslClientContext(), 42, 100, false, mock(RequestValidator.class),
                                            createRequestAndResponseFilterMock());

    // when
    hci.initChannel(socketChannelMock);

    // then
    ArgumentCaptor<ChannelHandler> channelHandlerArgumentCaptor = ArgumentCaptor.forClass(ChannelHandler.class);
    verify(channelPipelineMock, atLeastOnce()).addLast(anyString(), channelHandlerArgumentCaptor.capture());
    List<ChannelHandler> handlers = channelHandlerArgumentCaptor.getAllValues();
    assertThat(findChannelHandler(handlers, LoggingHandler.class), nullValue());
}

@Test
public void initChannel_adds_sslCtx_handler_first_if_available_and_no_utility_handlers() throws SSLException {
    // given
    SslContext sslCtx = new JdkSslClientContext();
    HttpChannelInitializer hci = basicHttpChannelInitializer(sslCtx, 0, 100, false, mock(RequestValidator.class),
                                                             createRequestAndResponseFilterMock());

    // when
    hci.initChannel(socketChannelMock);

    // then
    ArgumentCaptor<ChannelHandler> channelHandlerArgumentCaptor = ArgumentCaptor.forClass(ChannelHandler.class);
    verify(channelPipelineMock, atLeastOnce()).addLast(anyString(), channelHandlerArgumentCaptor.capture());
    List<ChannelHandler> handlers = channelHandlerArgumentCaptor.getAllValues();
    assertThat(handlers.get(0), instanceOf(SslHandler.class));
}

@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}")
public static Collection<Object[]> data() throws Exception {
    List<SslContext> serverContexts = new ArrayList<SslContext>();
    serverContexts.add(new JdkSslServerContext(CERT_FILE, KEY_FILE));

    List<SslContext> clientContexts = new ArrayList<SslContext>();
    clientContexts.add(new JdkSslClientContext(CERT_FILE));

    boolean hasOpenSsl = OpenSsl.isAvailable();
    if (hasOpenSsl) {
        serverContexts.add(new OpenSslServerContext(CERT_FILE, KEY_FILE));
        clientContexts.add(new OpenSslClientContext(CERT_FILE));
    } else {
        logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause());
    }

    List<Object[]> params = new ArrayList<Object[]>();
    for (SslContext sc: serverContexts) {
        for (SslContext cc: clientContexts) {
            params.add(new Object[] { sc, cc });
        }
    }
    return params;
}

@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}")
public static Collection<Object[]> data() throws Exception {
    List<SslContext> serverContexts = new ArrayList<SslContext>();
    serverContexts.add(new JdkSslServerContext(CERT_FILE, KEY_FILE));

    List<SslContext> clientContexts = new ArrayList<SslContext>();
    clientContexts.add(new JdkSslClientContext(CERT_FILE));

    boolean hasOpenSsl = OpenSsl.isAvailable();
    if (hasOpenSsl) {
        serverContexts.add(new OpenSslServerContext(CERT_FILE, KEY_FILE));
        clientContexts.add(new OpenSslClientContext(CERT_FILE));
    } else {
        logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause());
    }

    List<Object[]> params = new ArrayList<Object[]>();
    for (SslContext sc: serverContexts) {
        for (SslContext cc: clientContexts) {
            params.add(new Object[] { sc, cc });
        }
    }
    return params;
}

protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}

protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side.
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}

private void setupSslCtx() throws Exception {
    Assert.assertNotNull(clientTrustStoreFile);
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    sslCtx = jdk.context();
}

protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side.
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}

protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}

protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side.
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}

private void setupSslCtx() throws Exception {
    Assert.assertNotNull(clientTrustStoreFile);
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    sslCtx = jdk.context();
}

@Test
public void initChannel_adds_all_handlers_with_correct_names() throws SSLException {
    RequestAndResponseFilter beforeSecurityRequestFilter = mock(RequestAndResponseFilter.class);
    doReturn(true).when(beforeSecurityRequestFilter).shouldExecuteBeforeSecurityValidation();

    RequestAndResponseFilter afterSecurityRequestFilter = mock(RequestAndResponseFilter.class);
    doReturn(false).when(afterSecurityRequestFilter).shouldExecuteBeforeSecurityValidation();

    List<RequestAndResponseFilter> reqResFilters = Arrays.asList(beforeSecurityRequestFilter, afterSecurityRequestFilter);

    // given
    HttpChannelInitializer
        hci = basicHttpChannelInitializer(new JdkSslClientContext(), 42, 100, true, mock(RequestValidator.class), reqResFilters);

    // when
    hci.initChannel(socketChannelMock);

    // then
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.SERVER_WORKER_CHANNEL_DEBUG_LOGGING_HANDLER_NAME), any(LoggingHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.SSL_HANDLER_NAME), any(SslHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.HTTP_RESPONSE_ENCODER_HANDLER_NAME), any(HttpResponseEncoder.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.PROCESS_FINAL_RESPONSE_OUTPUT_HANDLER_NAME), any(ProcessFinalResponseOutputHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.HTTP_REQUEST_DECODER_HANDLER_NAME), any(HttpRequestDecoder.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.REQUEST_STATE_CLEANER_HANDLER_NAME), any(RequestStateCleanerHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.DTRACE_START_HANDLER_NAME), any(DTraceStartHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.ACCESS_LOG_START_HANDLER_NAME), any(AccessLogStartHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.SMART_HTTP_CONTENT_COMPRESSOR_HANDLER_NAME), any(SmartHttpContentCompressor.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.REQUEST_INFO_SETTER_HANDLER_NAME), any(RequestInfoSetterHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.OPEN_CHANNEL_LIMIT_HANDLER_NAME), any(OpenChannelLimitHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.REQUEST_FILTER_BEFORE_SECURITY_HANDLER_NAME), any(RequestFilterHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.ROUTING_HANDLER_NAME), any(RoutingHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.SECURITY_VALIDATION_HANDLER_NAME), any(SecurityValidationHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.REQUEST_FILTER_AFTER_SECURITY_HANDLER_NAME), any(RequestFilterHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.REQUEST_CONTENT_DESERIALIZER_HANDLER_NAME), any(RequestContentDeserializerHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.REQUEST_CONTENT_VALIDATION_HANDLER_NAME), any(RequestContentValidationHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.NONBLOCKING_ENDPOINT_EXECUTION_HANDLER_NAME), any(NonblockingEndpointExecutionHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.PROXY_ROUTER_ENDPOINT_EXECUTION_HANDLER_NAME), any(ProxyRouterEndpointExecutionHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.REQUEST_HAS_BEEN_HANDLED_VERIFICATION_HANDLER_NAME), any(RequestHasBeenHandledVerificationHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.EXCEPTION_HANDLING_HANDLER_NAME), any(ExceptionHandlingHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.RESPONSE_FILTER_HANDLER_NAME), any(ResponseFilterHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.RESPONSE_SENDER_HANDLER_NAME), any(ResponseSenderHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.ACCESS_LOG_END_HANDLER_NAME), any(AccessLogEndHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.DTRACE_END_HANDLER_NAME), any(DTraceEndHandler.class));
    verify(channelPipelineMock).addLast(eq(HttpChannelInitializer.CHANNEL_PIPELINE_FINALIZER_HANDLER_NAME), any(ChannelPipelineFinalizerHandler.class));
    verifyNoMoreInteractions(channelPipelineMock);

    RequestFilterHandler beforeSecReqFH = extractField(hci, "beforeSecurityRequestFilterHandler");
    assertThat(extractField(beforeSecReqFH, "filters"), is(Collections.singletonList(beforeSecurityRequestFilter)));

    RequestFilterHandler afterSecReqFH = extractField(hci, "afterSecurityRequestFilterHandler");
    assertThat(extractField(afterSecReqFH, "filters"), is(Collections.singletonList(afterSecurityRequestFilter)));
}

@Parameters(name =
        "{index}: serverEngine = {0}, clientEngine = {1}, renegotiation = {2}, " +
        "serverUsesDelegatedTaskExecutor = {3}, clientUsesDelegatedTaskExecutor = {4}, " +
        "autoRead = {5}, useChunkedWriteHandler = {6}, useCompositeByteBuf = {7}")
public static Collection<Object[]> data() throws Exception {
    List<SslContext> serverContexts = new ArrayList<SslContext>();
    serverContexts.add(new JdkSslServerContext(CERT_FILE, KEY_FILE));

    List<SslContext> clientContexts = new ArrayList<SslContext>();
    clientContexts.add(new JdkSslClientContext(CERT_FILE));

    boolean hasOpenSsl = OpenSsl.isAvailable();
    if (hasOpenSsl) {
        serverContexts.add(new OpenSslServerContext(CERT_FILE, KEY_FILE));
        clientContexts.add(new OpenSslClientContext(CERT_FILE));
    } else {
        logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause());
    }

    List<Object[]> params = new ArrayList<Object[]>();
    for (SslContext sc: serverContexts) {
        for (SslContext cc: clientContexts) {
            for (RenegotiationType rt: RenegotiationType.values()) {
                if (rt != RenegotiationType.NONE &&
                    (sc instanceof OpenSslContext || cc instanceof OpenSslContext)) {
                    // TODO: OpenSslEngine does not support renegotiation yet.
                    continue;
                }

                Renegotiation r;
                if (rt == RenegotiationType.NONE) {
                    r = Renegotiation.NONE;
                } else {
                    r = new Renegotiation(rt, "SSL_RSA_WITH_RC4_128_SHA");
                }

                for (int i = 0; i < 32; i++) {
                    params.add(new Object[] {
                            sc, cc, r,
                            (i & 16) != 0, (i & 8) != 0, (i & 4) != 0, (i & 2) != 0, (i & 1) != 0 });
                }
            }
        }
    }

    return params;
}