fixing SSL test assertions for TLS 1.3

the-thing · the-thing · commit aee23c7adbe0 · 2025-01-28T09:36:09.000+01:00
diff --git a/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java b/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java
@@ -43,6 +43,8 @@
 import quickfix.mina.ProtocolFactory;
 import quickfix.mina.SessionConnector;
 
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
 import javax.net.ssl.SSLHandshakeException;
 import javax.net.ssl.SSLSession;
 import java.math.BigInteger;
@@ -757,8 +759,9 @@ public void assertNotAuthenticated(SessionID sessionID, boolean authOn) {
             Session session = findSession(sessionID);
             SSLSession sslSession = SSLUtil.findSSLSession(session);
 
-            if (sslSession == null)
+            if (sslSession == null) {
                 return;
+            }
 
             if (authOn) {
                 // when authentication is on, the SSL session maybe still be alive (invalid) for some time
@@ -880,9 +883,11 @@ private void logSSLInfo() {
                 Class<?> exceptionType = exception != null ? exception.getClass() : null;
                 Certificate[] peerCertificates = SSLUtil.getPeerCertificates(sslSession);
                 Principal peerPrincipal = SSLUtil.getPeerPrincipal(sslSession);
+                SSLEngine sslEngine = SSLUtil.getSSLEngine(session);
+                SSLEngineResult.HandshakeStatus handshakeStatus = sslEngine != null ? sslEngine.getHandshakeStatus() : null;
 
-                LOGGER.info("SSL session info [sessionID={},isLoggedOn={},sslSession={},sslSession.valid={},peerCertificates={},peerPrincipal={},exceptionMessage={},exceptionType={}]",
-                    sessionID, session.isLoggedOn(), sslSession, sslSession.isValid(), peerCertificates, peerPrincipal, exceptionMessage, exceptionType);
+                LOGGER.info("SSL session info [sessionID={},isLoggedOn={},sslSession={},sslSession.valid={},peerCertificates={},peerPrincipal={},exceptionMessage={},exceptionType={},handshakeStatus={}]",
+                    sessionID, session.isLoggedOn(), sslSession, sslSession.isValid(), peerCertificates, peerPrincipal, exceptionMessage, exceptionType, handshakeStatus);
             }
         }
     }
diff --git a/quickfixj-core/src/test/java/quickfix/test/util/SSLUtil.java b/quickfixj-core/src/test/java/quickfix/test/util/SSLUtil.java
@@ -1,34 +1,46 @@
 package quickfix.test.util;
 
 import org.apache.mina.core.filterchain.IoFilterChain;
+import org.apache.mina.core.session.AttributeKey;
 import org.apache.mina.core.session.IoSession;
 import org.apache.mina.filter.ssl.SslFilter;
+import org.apache.mina.filter.ssl.SslHandler;
 import quickfix.Session;
 import quickfix.mina.IoSessionResponder;
 import quickfix.mina.ssl.SSLSupport;
 
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import java.lang.reflect.Field;
 import java.security.Principal;
 import java.security.cert.Certificate;
 
 /**
- * A utility class for working with SSL/TLS sessions and retrieving SSL-related information
- * from a {@link Session}. This class provides methods to find the underlying {@link SSLSession},
- * retrieve peer certificates, and get the peer principal.
+ * A utility class for working with SSL/TLS sessions and retrieving SSL-related information from a {@link Session}. This class provides methods to find the underlying {@link SSLSession}, retrieve peer
+ * certificates, and get the peer principal.
  */
 public final class SSLUtil {
 
     private static final String IO_SESSION_FIELD_NAME = "ioSession";
+    private static final String SSL_ENGINE_FIELD_NAME = "mEngine";
+    private static final AttributeKey SSL_HANDLER_ATTRIBUTE_KEY = new AttributeKey(SslHandler.class, "handler");
     private static final Field IO_SESSION_FIELD;
+    private static final Field SSL_ENGINE_FIELD;
 
     static {
         try {
             IO_SESSION_FIELD = IoSessionResponder.class.getDeclaredField(IO_SESSION_FIELD_NAME);
             IO_SESSION_FIELD.setAccessible(true);
         } catch (NoSuchFieldException e) {
-            throw new RuntimeException("Unable to get ioSession field", e);
+            throw new RuntimeException("Unable to get field: " + IO_SESSION_FIELD_NAME, e);
+        }
+
+        try {
+            SSL_ENGINE_FIELD = SslHandler.class.getDeclaredField(SSL_ENGINE_FIELD_NAME);
+            SSL_ENGINE_FIELD.setAccessible(true);
+        } catch (NoSuchFieldException e) {
+            throw new RuntimeException("Unable to get field: " + SSL_ENGINE_FIELD_NAME, e);
         }
     }
 
@@ -41,7 +53,7 @@ private SSLUtil() {
      * @param session the session from which to retrieve the {@link SSLSession}.
      * @return the {@link SSLSession} if found, or {@code null} if no SSL session is available.
      */
-    public static SSLSession findSSLSession(Session session)  {
+    public static SSLSession findSSLSession(Session session) {
         IoSession ioSession = findIoSession(session);
 
         if (ioSession == null) {
@@ -58,7 +70,6 @@ public static SSLSession findSSLSession(Session session)  {
         return (SSLSession) ioSession.getAttribute(SslFilter.SSL_SECURED);
     }
 
-
     /**
      * Retrieves the {@link IoSession} associated with the given {@link Session}.
      *
@@ -75,16 +86,46 @@ public static IoSession findIoSession(Session session) {
         try {
             return (IoSession) IO_SESSION_FIELD.get(ioSessionResponder);
         } catch (IllegalAccessException e) {
-            throw new RuntimeException("Failed to get IO session field",e);
+            throw new RuntimeException("Failed to get IO session field", e);
+        }
+    }
+
+    public static SslHandler getSSLHandler(Session session) {
+        IoSession ioSession = findIoSession(session);
+
+        if (ioSession == null) {
+            return null;
+        }
+
+        IoFilterChain filterChain = ioSession.getFilterChain();
+        SslFilter sslFilter = (SslFilter) filterChain.get(SSLSupport.FILTER_NAME);
+
+        if (sslFilter == null) {
+            return null;
+        }
+
+        return (SslHandler) ioSession.getAttribute(SSL_HANDLER_ATTRIBUTE_KEY);
+    }
+
+    public static SSLEngine getSSLEngine(Session session) {
+        SslHandler sslHandler = getSSLHandler(session);
+
+        if (sslHandler == null) {
+            return null;
+        }
+
+        try {
+            return (SSLEngine) SSL_ENGINE_FIELD.get(sslHandler);
+        } catch (IllegalAccessException e) {
+            throw new RuntimeException("Failed to get SSL engine field", e);
         }
     }
 
     /**
      * Retrieves the peer certificates from the given {@link SSLSession}.
      *
      * @param sslSession the SSL session from which to retrieve the peer certificates.
-     * @return an array of {@link Certificate} objects representing the peer certificates,
-     *         or {@code null} if the peer is unverified.
+     * @return an array of {@link Certificate} objects representing the peer certificates, or {@code null} if the peer is unverified.
      */
     public static Certificate[] getPeerCertificates(SSLSession sslSession) {
         try {
