fixing SSL test assertions for TLS 1.3

the-thing · the-thing · commit 2a75f6f48721 · 2025-01-28T13:13:56.000+01:00
diff --git a/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java b/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java
@@ -22,6 +22,9 @@
 import org.apache.mina.core.filterchain.IoFilterAdapter;
 import org.apache.mina.core.session.IoSession;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import quickfix.Acceptor;
@@ -51,6 +54,7 @@
 import java.security.Principal;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Properties;
@@ -66,10 +70,22 @@
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 
+@RunWith(Parameterized.class)
 public class SSLCertificateTest {
 
+    @Parameters
+    public static List<Object[]> parameters() {
+        return Arrays.asList(new String[][] {{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLSv1.2"}, {"TLS_AES_256_GCM_SHA384", "TLSv1.3"}});
+    }
+
     // Note: To diagnose cipher suite errors, run with -Djavax.net.debug=ssl:handshake
-    private static final String CIPHER_SUITES_TLS = "TLS_AES_256_GCM_SHA384";
+    private final String enabledCipherSuites;
+    private final String enabledProtocols;
+
+    public SSLCertificateTest(String enabledCipherSuites, String enabledProtocols) {
+        this.enabledCipherSuites = enabledCipherSuites;
+        this.enabledProtocols = enabledProtocols;
+    }
 
     @After
     public void cleanup() {
@@ -85,14 +101,14 @@ public void cleanup() {
     public void shouldAuthenticateServerCertificate() throws Exception {
         int freePort = AvailablePortFinder.getNextAvailable();
         TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", false,
-                "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
+                "single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
 
         try {
             acceptor.start();
 
             TestInitiator initiator = new TestInitiator(
                     createInitiatorSettings("single-session/empty.keystore", "single-session/client.truststore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
 
             try {
                 initiator.start();
@@ -137,13 +153,13 @@ public void shouldAuthenticateServerCertificateViaSocksProxy(String proxyVersion
         try {
             int port = AvailablePortFinder.getNextAvailable();
             TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", false,
-                    "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", port));
+                    "single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", port));
 
             try {
                 acceptor.start();
 
                 SessionSettings initiatorSettings = createInitiatorSettings("single-session/empty.keystore", "single-session/client.truststore",
-                        CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(port), "JKS", "JKS");
+                    enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(port), "JKS", "JKS");
 
                 Properties defaults = initiatorSettings.getDefaultProperties();
 
@@ -184,14 +200,14 @@ public void shouldAuthenticateServerCertificateViaSocksProxy(String proxyVersion
     public void shouldAuthenticateServerNameUsingServerCommonName() throws Exception {
         int freePort = AvailablePortFinder.getNextAvailable();
         TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server-cn.keystore", false,
-                "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
+                "single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
 
         try {
             acceptor.start();
 
             TestInitiator initiator = new TestInitiator(
                     createInitiatorSettings("single-session/empty.keystore", "single-session/client-cn.truststore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS"));
 
             try {
                 initiator.start();
@@ -219,14 +235,14 @@ public void shouldAuthenticateServerNameUsingServerCommonName() throws Exception
     public void shouldAuthenticateServerNameUsingSNIExtension() throws Exception {
         int freePort = AvailablePortFinder.getNextAvailable();
         TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server-sni.keystore", false,
-                "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
+                "single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
 
         try {
             acceptor.start();
 
             TestInitiator initiator = new TestInitiator(
                     createInitiatorSettings("single-session/empty.keystore", "single-session/client-sni.truststore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS"));
 
             try {
                 initiator.start();
@@ -255,14 +271,14 @@ public void shouldFailWhenHostnameDoesNotMatchServerName() throws Exception {
         int freePort = AvailablePortFinder.getNextAvailable();
 
         TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server-bad-cn.keystore", false,
-                "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
+                "single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
 
         try {
             acceptor.start();
 
             TestInitiator initiator = new TestInitiator(
                     createInitiatorSettings("single-session/empty.keystore", "single-session/client-bad-cn.truststore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS"));
 
             try {
                 initiator.start();
@@ -286,14 +302,14 @@ public void shouldFailWhenHostnameDoesNotMatchServerName() throws Exception {
     public void shouldAuthenticateServerAndClientCertificates() throws Exception {
         int freePort = AvailablePortFinder.getNextAvailable();
         TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", true,
-                "single-session/server.truststore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
+                "single-session/server.truststore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
 
         try {
             acceptor.start();
 
             TestInitiator initiator = new TestInitiator(
                     createInitiatorSettings("single-session/client.keystore", "single-session/client.truststore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
 
             try {
                 initiator.start();
@@ -319,14 +335,14 @@ public void shouldAuthenticateServerAndClientCertificates() throws Exception {
     public void shouldAuthenticateServerAndClientCertificatesWhenUsingDifferentKeystoreFormats() throws Exception {
         int freePort = AvailablePortFinder.getNextAvailable();
         TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server-pkcs12.keystore", true,
-                "single-session/server-jceks.truststore", CIPHER_SUITES_TLS, "TLSv1.3", "PKCS12",
+                "single-session/server-jceks.truststore", enabledCipherSuites, enabledProtocols, "PKCS12",
                 "JCEKS", freePort));
 
         try {
             acceptor.start();
 
             TestInitiator initiator = new TestInitiator(createInitiatorSettings("single-session/client-jceks.keystore",
-                    "single-session/client-jceks.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA",
+                    "single-session/client-jceks.keystore", enabledCipherSuites, enabledProtocols, "ZULU", "ALFA",
                     Integer.toString(freePort), "JCEKS", "JCEKS"));
 
             try {
@@ -354,20 +370,20 @@ public void shouldAuthenticateServerAndClientCertificatesForIndividualSessions()
         TestAcceptor acceptor = new TestAcceptor(createMultiSessionAcceptorSettings(
                 "multi-session/server.keystore", true, new String[] { "multi-session/server1.truststore",
                         "multi-session/server2.truststore", "multi-session/server3.truststore" },
-                CIPHER_SUITES_TLS, "TLSv1.3"));
+            enabledCipherSuites, enabledProtocols));
 
         try {
             acceptor.start();
 
             TestInitiator initiator1 = new TestInitiator(
                     createInitiatorSettings("multi-session/client1.keystore", "multi-session/client1.keystore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU0", "ALFA0", "12340", "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU0", "ALFA0", "12340", "JKS", "JKS"));
             TestInitiator initiator2 = new TestInitiator(
                     createInitiatorSettings("multi-session/client2.keystore", "multi-session/client2.keystore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU1", "ALFA1", "12341", "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU1", "ALFA1", "12341", "JKS", "JKS"));
             TestInitiator initiator3 = new TestInitiator(
                     createInitiatorSettings("multi-session/client3.keystore", "multi-session/client3.keystore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU2", "ALFA2", "12342", "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU2", "ALFA2", "12342", "JKS", "JKS"));
 
             try {
                 initiator1.start();
@@ -415,20 +431,20 @@ public void shouldFailIndividualSessionsWhenInvalidCertificatesUsed() throws Exc
         TestAcceptor acceptor = new TestAcceptor(createMultiSessionAcceptorSettings(
                 "multi-session/server.keystore", true, new String[] { "multi-session/server1.truststore",
                         "multi-session/server2.truststore", "multi-session/server3.truststore" },
-                CIPHER_SUITES_TLS, "TLSv1.3"));
+            enabledCipherSuites, enabledProtocols));
 
         try {
             acceptor.start();
 
             TestInitiator initiator1 = new TestInitiator(
                     createInitiatorSettings("multi-session/client2.keystore", "multi-session/client2.keystore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU0", "ALFA0", "12340", "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU0", "ALFA0", "12340", "JKS", "JKS"));
             TestInitiator initiator2 = new TestInitiator(
                     createInitiatorSettings("multi-session/client1.keystore", "multi-session/client1.keystore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU1", "ALFA1", "12341", "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU1", "ALFA1", "12341", "JKS", "JKS"));
             TestInitiator initiator3 = new TestInitiator(
                     createInitiatorSettings("multi-session/client3.keystore", "multi-session/client3.keystore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU2", "ALFA2", "12342", "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU2", "ALFA2", "12342", "JKS", "JKS"));
 
             try {
                 initiator1.start();
@@ -500,14 +516,14 @@ public void shouldFailWhenUsingEmptyServerKeyStore() throws Exception {
     public void shouldFailWhenUsingEmptyClientTruststore() throws Exception {
         int freePort = AvailablePortFinder.getNextAvailable();
         TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", false,
-                "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
+                "single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
 
         try {
             acceptor.start();
 
             TestInitiator initiator = new TestInitiator(
                     createInitiatorSettings("single-session/empty.keystore", "single-session/empty.keystore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
 
             try {
                 initiator.start();
@@ -531,14 +547,14 @@ public void shouldFailWhenUsingEmptyClientTruststore() throws Exception {
     public void shouldFailWhenUsingEmptyServerTrustore() throws Exception {
         int freePort = AvailablePortFinder.getNextAvailable();
         TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", true,
-                "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
+                "single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
 
         try {
             acceptor.start();
 
             TestInitiator initiator = new TestInitiator(
                     createInitiatorSettings("single-session/client.keystore", "single-session/client.truststore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
 
             try {
                 initiator.start();
@@ -562,14 +578,14 @@ public void shouldFailWhenUsingEmptyServerTrustore() throws Exception {
     public void shouldFailWhenUsingBadClientCertificate() throws Exception {
         int freePort = AvailablePortFinder.getNextAvailable();
         TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", true,
-                "single-session/server.truststore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
+                "single-session/server.truststore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
 
         try {
             acceptor.start();
 
             TestInitiator initiator = new TestInitiator(
                     createInitiatorSettings("single-session/server.keystore", "single-session/client.truststore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
 
             try {
                 initiator.start();
@@ -593,14 +609,14 @@ public void shouldFailWhenUsingBadClientCertificate() throws Exception {
     public void shouldFailWhenUsingBadServerCertificate() throws Exception {
         int freePort = AvailablePortFinder.getNextAvailable();
         TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/client.keystore", false,
-                "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort));
+                "single-session/empty.keystore", enabledCipherSuites, enabledProtocols, "JKS", "JKS", freePort));
 
         try {
             acceptor.start();
 
             TestInitiator initiator = new TestInitiator(
                     createInitiatorSettings("single-session/empty.keystore", "single-session/client.truststore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS"));
 
             try {
                 initiator.start();
@@ -631,7 +647,7 @@ public void shouldConnectDifferentTypesOfSessions() throws Exception {
 
             TestInitiator sslInitiator = new TestInitiator(
                     createInitiatorSettings("single-session/client.keystore", "single-session/client.truststore",
-                            CIPHER_SUITES_TLS, "TLSv1.3", "ZULU_SSL", "ALFA_SSL", Integer.toString(sslPort), "JKS", "JKS"));
+                        enabledCipherSuites, enabledProtocols, "ZULU_SSL", "ALFA_SSL", Integer.toString(sslPort), "JKS", "JKS"));
 
             TestInitiator nonSslInitiator = new TestInitiator(createInitiatorSettings("ZULU_NON_SSL", "ALFA_NON_SSL", nonSslPort));
 
