This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch 2.7.2_ds_rootless
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 8c3787fadc7813c6e2875b20c2b9793315bf8186
Author: Lari Hotari <lhot...@users.noreply.github.com>
AuthorDate: Mon Apr 26 00:57:41 2021 +0300
Fix KeyStoreTlsTest on JDK11 (#10345)
---
.../apache/pulsar/client/impl/KeyStoreTlsTest.java | 8 ++--
.../util/keystoretls/KeyStoreSSLContext.java | 12 ++++--
.../keystoretls/SSLContextValidatorEngine.java | 46 +++++++---------------
3 files changed, 26 insertions(+), 40 deletions(-)
diff --git
a/pulsar-broker/src/test/java/org/apache/pulsar/client/impl/KeyStoreTlsTest.java
b/pulsar-broker/src/test/java/org/apache/pulsar/client/impl/KeyStoreTlsTest.java
index 0f9993d..2746c8e 100644
---
a/pulsar-broker/src/test/java/org/apache/pulsar/client/impl/KeyStoreTlsTest.java
+++
b/pulsar-broker/src/test/java/org/apache/pulsar/client/impl/KeyStoreTlsTest.java
@@ -19,9 +19,7 @@
package org.apache.pulsar.client.impl;
import static org.apache.pulsar.common.util.SecurityUtility.getProvider;
-
import java.security.Provider;
-import javax.net.ssl.SSLContext;
import org.apache.pulsar.common.util.keystoretls.KeyStoreSSLContext;
import org.apache.pulsar.common.util.keystoretls.SSLContextValidatorEngine;
import org.testng.annotations.Test;
@@ -59,7 +57,7 @@ public class KeyStoreTlsTest {
true,
null,
null);
- SSLContext serverCnx = serverSSLContext.createSSLContext();
+ serverSSLContext.createSSLContext();
KeyStoreSSLContext clientSSLContext = new
KeyStoreSSLContext(KeyStoreSSLContext.Mode.CLIENT,
null,
@@ -73,8 +71,8 @@ public class KeyStoreTlsTest {
false,
null,
null);
- SSLContext clientCnx = clientSSLContext.createSSLContext();
+ clientSSLContext.createSSLContext();
- SSLContextValidatorEngine.validate(clientCnx, serverCnx);
+ SSLContextValidatorEngine.validate(clientSSLContext::createSSLEngine,
serverSSLContext::createSSLEngine);
}
}
diff --git
a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
index c7b4cfe..e3cb6e2 100644
---
a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
+++
b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
@@ -78,7 +78,6 @@ public class KeyStoreSSLContext {
private boolean needClientAuth;
private Set<String> ciphers;
private Set<String> protocols;
- @Getter
private SSLContext sslContext;
private String protocol = DEFAULT_SSL_PROTOCOL;
@@ -170,12 +169,19 @@ public class KeyStoreSSLContext {
return sslContext;
}
+ public SSLContext getSslContext() {
+ if (sslContext == null) {
+ throw new IllegalStateException("createSSLContext hasn't been
called.");
+ }
+ return sslContext;
+ }
+
public SSLEngine createSSLEngine() {
- return configureSSLEngine(sslContext.createSSLEngine());
+ return configureSSLEngine(getSslContext().createSSLEngine());
}
public SSLEngine createSSLEngine(String peerHost, int peerPort) {
- return configureSSLEngine(sslContext.createSSLEngine(peerHost,
peerPort));
+ return configureSSLEngine(getSslContext().createSSLEngine(peerHost,
peerPort));
}
private SSLEngine configureSSLEngine(SSLEngine sslEngine) {
diff --git
a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/SSLContextValidatorEngine.java
b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/SSLContextValidatorEngine.java
index 555d96e..7c2f518 100644
---
a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/SSLContextValidatorEngine.java
+++
b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/SSLContextValidatorEngine.java
@@ -18,12 +18,11 @@
*/
package org.apache.pulsar.common.util.keystoretls;
+import static javax.net.ssl.SSLEngineResult.HandshakeStatus.FINISHED;
import java.nio.ByteBuffer;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLParameters;
import lombok.extern.slf4j.Slf4j;
/**
@@ -31,12 +30,9 @@ import lombok.extern.slf4j.Slf4j;
*/
@Slf4j
public class SSLContextValidatorEngine {
- /**
- * Mode of peer.
- */
- public enum Mode {
- CLIENT,
- SERVER
+ @FunctionalInterface
+ public interface SSLEngineProvider {
+ SSLEngine createSSLEngine(String peerHost, int peerPort);
}
private static final ByteBuffer EMPTY_BUF = ByteBuffer.allocate(0);
@@ -44,11 +40,12 @@ public class SSLContextValidatorEngine {
private SSLEngineResult handshakeResult;
private ByteBuffer appBuffer;
private ByteBuffer netBuffer;
- private Mode mode;
+ private boolean finished = false;
- public static void validate(SSLContext clientSslContext, SSLContext
serverSslContext) throws SSLException {
- SSLContextValidatorEngine clientEngine = new
SSLContextValidatorEngine(clientSslContext, Mode.CLIENT);
- SSLContextValidatorEngine serverEngine = new
SSLContextValidatorEngine(serverSslContext, Mode.SERVER);
+ public static void validate(SSLEngineProvider clientSslEngineSupplier,
SSLEngineProvider serverSslEngineSupplier)
+ throws SSLException {
+ SSLContextValidatorEngine clientEngine = new
SSLContextValidatorEngine(clientSslEngineSupplier);
+ SSLContextValidatorEngine serverEngine = new
SSLContextValidatorEngine(serverSslEngineSupplier);
try {
clientEngine.beginHandshake();
serverEngine.beginHandshake();
@@ -62,27 +59,12 @@ public class SSLContextValidatorEngine {
}
}
- private SSLContextValidatorEngine(SSLContext sslContext, Mode mode) {
- this.mode = mode;
- this.sslEngine = createSslEngine(sslContext, "localhost", 0); // these
hints are not used for validation
- sslEngine.setUseClientMode(mode == Mode.CLIENT);
+ private SSLContextValidatorEngine(SSLEngineProvider sslEngineSupplier) {
+ this.sslEngine = sslEngineSupplier.createSSLEngine("localhost", 0);
appBuffer =
ByteBuffer.allocate(sslEngine.getSession().getApplicationBufferSize());
netBuffer =
ByteBuffer.allocate(sslEngine.getSession().getPacketBufferSize());
}
- private SSLEngine createSslEngine(SSLContext sslContext, String peerHost,
int peerPort) {
- SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort);
-
- if (mode == Mode.SERVER) {
- sslEngine.setNeedClientAuth(true);
- } else {
- sslEngine.setUseClientMode(true);
- SSLParameters sslParams = sslEngine.getSSLParameters();
- sslEngine.setSSLParameters(sslParams);
- }
- return sslEngine;
- }
-
void beginHandshake() throws SSLException {
sslEngine.beginHandshake();
}
@@ -134,9 +116,10 @@ public class SSLContextValidatorEngine {
case FINISHED:
return;
case NOT_HANDSHAKING:
- if (handshakeResult.getHandshakeStatus() !=
SSLEngineResult.HandshakeStatus.FINISHED) {
+ if (handshakeResult.getHandshakeStatus() != FINISHED) {
throw new SSLException("Did not finish handshake");
}
+ finished = true;
return;
default:
throw new IllegalStateException("Unexpected handshake
status " + handshakeStatus);
@@ -145,8 +128,7 @@ public class SSLContextValidatorEngine {
}
boolean complete() {
- return sslEngine.getHandshakeStatus() ==
SSLEngineResult.HandshakeStatus.FINISHED
- || sslEngine.getHandshakeStatus() ==
SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
+ return finished;
}
void close() {
