This is an automated email from the ASF dual-hosted git repository. eolivelli pushed a commit to branch 2.7.2_ds_rootless in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 8c3787fadc7813c6e2875b20c2b9793315bf8186 Author: Lari Hotari <lhot...@users.noreply.github.com> AuthorDate: Mon Apr 26 00:57:41 2021 +0300 Fix KeyStoreTlsTest on JDK11 (#10345) --- .../apache/pulsar/client/impl/KeyStoreTlsTest.java | 8 ++-- .../util/keystoretls/KeyStoreSSLContext.java | 12 ++++-- .../keystoretls/SSLContextValidatorEngine.java | 46 +++++++--------------- 3 files changed, 26 insertions(+), 40 deletions(-) diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/impl/KeyStoreTlsTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/impl/KeyStoreTlsTest.java index 0f9993d..2746c8e 100644 --- a/pulsar-broker/src/test/java/org/apache/pulsar/client/impl/KeyStoreTlsTest.java +++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/impl/KeyStoreTlsTest.java @@ -19,9 +19,7 @@ package org.apache.pulsar.client.impl; import static org.apache.pulsar.common.util.SecurityUtility.getProvider; - import java.security.Provider; -import javax.net.ssl.SSLContext; import org.apache.pulsar.common.util.keystoretls.KeyStoreSSLContext; import org.apache.pulsar.common.util.keystoretls.SSLContextValidatorEngine; import org.testng.annotations.Test; @@ -59,7 +57,7 @@ public class KeyStoreTlsTest { true, null, null); - SSLContext serverCnx = serverSSLContext.createSSLContext(); + serverSSLContext.createSSLContext(); KeyStoreSSLContext clientSSLContext = new KeyStoreSSLContext(KeyStoreSSLContext.Mode.CLIENT, null, @@ -73,8 +71,8 @@ public class KeyStoreTlsTest { false, null, null); - SSLContext clientCnx = clientSSLContext.createSSLContext(); + clientSSLContext.createSSLContext(); - SSLContextValidatorEngine.validate(clientCnx, serverCnx); + SSLContextValidatorEngine.validate(clientSSLContext::createSSLEngine, serverSSLContext::createSSLEngine); } } diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java index c7b4cfe..e3cb6e2 100644 --- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java +++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java @@ -78,7 +78,6 @@ public class KeyStoreSSLContext { private boolean needClientAuth; private Set<String> ciphers; private Set<String> protocols; - @Getter private SSLContext sslContext; private String protocol = DEFAULT_SSL_PROTOCOL; @@ -170,12 +169,19 @@ public class KeyStoreSSLContext { return sslContext; } + public SSLContext getSslContext() { + if (sslContext == null) { + throw new IllegalStateException("createSSLContext hasn't been called."); + } + return sslContext; + } + public SSLEngine createSSLEngine() { - return configureSSLEngine(sslContext.createSSLEngine()); + return configureSSLEngine(getSslContext().createSSLEngine()); } public SSLEngine createSSLEngine(String peerHost, int peerPort) { - return configureSSLEngine(sslContext.createSSLEngine(peerHost, peerPort)); + return configureSSLEngine(getSslContext().createSSLEngine(peerHost, peerPort)); } private SSLEngine configureSSLEngine(SSLEngine sslEngine) { diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/SSLContextValidatorEngine.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/SSLContextValidatorEngine.java index 555d96e..7c2f518 100644 --- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/SSLContextValidatorEngine.java +++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/SSLContextValidatorEngine.java @@ -18,12 +18,11 @@ */ package org.apache.pulsar.common.util.keystoretls; +import static javax.net.ssl.SSLEngineResult.HandshakeStatus.FINISHED; import java.nio.ByteBuffer; -import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; -import javax.net.ssl.SSLParameters; import lombok.extern.slf4j.Slf4j; /** @@ -31,12 +30,9 @@ import lombok.extern.slf4j.Slf4j; */ @Slf4j public class SSLContextValidatorEngine { - /** - * Mode of peer. - */ - public enum Mode { - CLIENT, - SERVER + @FunctionalInterface + public interface SSLEngineProvider { + SSLEngine createSSLEngine(String peerHost, int peerPort); } private static final ByteBuffer EMPTY_BUF = ByteBuffer.allocate(0); @@ -44,11 +40,12 @@ public class SSLContextValidatorEngine { private SSLEngineResult handshakeResult; private ByteBuffer appBuffer; private ByteBuffer netBuffer; - private Mode mode; + private boolean finished = false; - public static void validate(SSLContext clientSslContext, SSLContext serverSslContext) throws SSLException { - SSLContextValidatorEngine clientEngine = new SSLContextValidatorEngine(clientSslContext, Mode.CLIENT); - SSLContextValidatorEngine serverEngine = new SSLContextValidatorEngine(serverSslContext, Mode.SERVER); + public static void validate(SSLEngineProvider clientSslEngineSupplier, SSLEngineProvider serverSslEngineSupplier) + throws SSLException { + SSLContextValidatorEngine clientEngine = new SSLContextValidatorEngine(clientSslEngineSupplier); + SSLContextValidatorEngine serverEngine = new SSLContextValidatorEngine(serverSslEngineSupplier); try { clientEngine.beginHandshake(); serverEngine.beginHandshake(); @@ -62,27 +59,12 @@ public class SSLContextValidatorEngine { } } - private SSLContextValidatorEngine(SSLContext sslContext, Mode mode) { - this.mode = mode; - this.sslEngine = createSslEngine(sslContext, "localhost", 0); // these hints are not used for validation - sslEngine.setUseClientMode(mode == Mode.CLIENT); + private SSLContextValidatorEngine(SSLEngineProvider sslEngineSupplier) { + this.sslEngine = sslEngineSupplier.createSSLEngine("localhost", 0); appBuffer = ByteBuffer.allocate(sslEngine.getSession().getApplicationBufferSize()); netBuffer = ByteBuffer.allocate(sslEngine.getSession().getPacketBufferSize()); } - private SSLEngine createSslEngine(SSLContext sslContext, String peerHost, int peerPort) { - SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort); - - if (mode == Mode.SERVER) { - sslEngine.setNeedClientAuth(true); - } else { - sslEngine.setUseClientMode(true); - SSLParameters sslParams = sslEngine.getSSLParameters(); - sslEngine.setSSLParameters(sslParams); - } - return sslEngine; - } - void beginHandshake() throws SSLException { sslEngine.beginHandshake(); } @@ -134,9 +116,10 @@ public class SSLContextValidatorEngine { case FINISHED: return; case NOT_HANDSHAKING: - if (handshakeResult.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.FINISHED) { + if (handshakeResult.getHandshakeStatus() != FINISHED) { throw new SSLException("Did not finish handshake"); } + finished = true; return; default: throw new IllegalStateException("Unexpected handshake status " + handshakeStatus); @@ -145,8 +128,7 @@ public class SSLContextValidatorEngine { } boolean complete() { - return sslEngine.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED - || sslEngine.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING; + return finished; } void close() {