|
| 1 | +/* |
| 2 | + * Licensed to the Apache Software Foundation (ASF) under one or more |
| 3 | + * contributor license agreements. See the NOTICE file distributed with |
| 4 | + * this work for additional information regarding copyright ownership. |
| 5 | + * The ASF licenses this file to You under the Apache License, Version 2.0 |
| 6 | + * (the "License"); you may not use this file except in compliance with |
| 7 | + * the License. You may obtain a copy of the License at |
| 8 | + * |
| 9 | + * http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | + * |
| 11 | + * Unless required by applicable law or agreed to in writing, software |
| 12 | + * distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | + * See the License for the specific language governing permissions and |
| 15 | + * limitations under the License. |
| 16 | + */ |
| 17 | +package org.apache.tomcat.jni; |
| 18 | + |
| 19 | +import org.junit.Assert; |
| 20 | +import org.junit.Before; |
| 21 | +import org.junit.Test; |
| 22 | + |
| 23 | +/** |
| 24 | + * Tests for SSL initialization and basic operations. |
| 25 | + */ |
| 26 | +public class TestSSL extends BaseTest { |
| 27 | + |
| 28 | + @Before |
| 29 | + public void checkLibrary() { |
| 30 | + requireLibrary(); |
| 31 | + } |
| 32 | + |
| 33 | + @Test |
| 34 | + public void testSSLInitialization() throws Exception { |
| 35 | + // SSL.initialize should be safe to call multiple times |
| 36 | + int result = SSL.initialize(null); |
| 37 | + Assert.assertEquals("SSL initialization should succeed", 0, result); |
| 38 | + } |
| 39 | + |
| 40 | + @Test |
| 41 | + public void testSSLVersion() { |
| 42 | + int version = SSL.version(); |
| 43 | + Assert.assertTrue("OpenSSL version should be positive", version > 0); |
| 44 | + |
| 45 | + // OpenSSL 3.x should have version >= 0x30000000 |
| 46 | + // But we'll just check it's reasonable |
| 47 | + Assert.assertTrue("OpenSSL version should be reasonable", version > 0x10000000); |
| 48 | + } |
| 49 | + |
| 50 | + @Test |
| 51 | + public void testSSLVersionString() { |
| 52 | + String versionString = SSL.versionString(); |
| 53 | + Assert.assertNotNull("Version string should not be null", versionString); |
| 54 | + Assert.assertTrue("Version string should not be empty", versionString.length() > 0); |
| 55 | + |
| 56 | + // Should contain "OpenSSL" |
| 57 | + Assert.assertTrue("Version string should contain OpenSSL", |
| 58 | + versionString.toUpperCase().contains("OPENSSL")); |
| 59 | + } |
| 60 | + |
| 61 | + @Test |
| 62 | + public void testFIPSModeGet() throws Exception { |
| 63 | + // Just verify we can call this without crashing |
| 64 | + // It may throw if FIPS is not available, which is fine |
| 65 | + try { |
| 66 | + int fipsMode = SSL.fipsModeGet(); |
| 67 | + Assert.assertTrue("FIPS mode should be 0 or 1", fipsMode == 0 || fipsMode == 1); |
| 68 | + } catch (Exception e) { |
| 69 | + // FIPS may not be available - that's acceptable |
| 70 | + Assert.assertTrue("FIPS not available is acceptable", true); |
| 71 | + } |
| 72 | + } |
| 73 | + |
| 74 | + @Test |
| 75 | + public void testErrorStringHandling() { |
| 76 | + // Get an error string for error code 0 (no error) |
| 77 | + String errorString = SSL.getErrorString(0); |
| 78 | + Assert.assertNotNull("Error string should not be null even for code 0", errorString); |
| 79 | + } |
| 80 | + |
| 81 | + @Test |
| 82 | + public void testLastErrorNumber() { |
| 83 | + // Should be able to get last error number without crashing |
| 84 | + int lastError = SSL.getLastErrorNumber(); |
| 85 | + // Error number 0 means no error |
| 86 | + Assert.assertTrue("Last error number should be non-negative", lastError >= 0); |
| 87 | + } |
| 88 | + |
| 89 | + @Test |
| 90 | + public void testSSLConstants() { |
| 91 | + // Verify important constants are defined correctly |
| 92 | + Assert.assertEquals("SSL_PROTOCOL_NONE should be 0", 0, SSL.SSL_PROTOCOL_NONE); |
| 93 | + Assert.assertEquals("SSL_MODE_CLIENT should be 0", 0, SSL.SSL_MODE_CLIENT); |
| 94 | + Assert.assertEquals("SSL_MODE_SERVER should be 1", 1, SSL.SSL_MODE_SERVER); |
| 95 | + Assert.assertEquals("SSL_MODE_COMBINED should be 2", 2, SSL.SSL_MODE_COMBINED); |
| 96 | + |
| 97 | + // Verify protocol flags are powers of 2 (bitfields) |
| 98 | + Assert.assertEquals("SSL_PROTOCOL_TLSV1 should be 0x04", 0x04, SSL.SSL_PROTOCOL_TLSV1); |
| 99 | + Assert.assertEquals("SSL_PROTOCOL_TLSV1_1 should be 0x08", 0x08, SSL.SSL_PROTOCOL_TLSV1_1); |
| 100 | + Assert.assertEquals("SSL_PROTOCOL_TLSV1_2 should be 0x10", 0x10, SSL.SSL_PROTOCOL_TLSV1_2); |
| 101 | + Assert.assertEquals("SSL_PROTOCOL_TLSV1_3 should be 0x20", 0x20, SSL.SSL_PROTOCOL_TLSV1_3); |
| 102 | + |
| 103 | + // Verify SSL_PROTOCOL_ALL includes modern TLS versions |
| 104 | + int allProtocols = SSL.SSL_PROTOCOL_ALL; |
| 105 | + Assert.assertTrue("SSL_PROTOCOL_ALL should include TLSv1", |
| 106 | + (allProtocols & SSL.SSL_PROTOCOL_TLSV1) != 0); |
| 107 | + Assert.assertTrue("SSL_PROTOCOL_ALL should include TLSv1.3", |
| 108 | + (allProtocols & SSL.SSL_PROTOCOL_TLSV1_3) != 0); |
| 109 | + } |
| 110 | + |
| 111 | + @Test |
| 112 | + public void testSSLVerifyConstants() { |
| 113 | + // Test verification level constants |
| 114 | + Assert.assertEquals("SSL_CVERIFY_NONE should be 0", 0, SSL.SSL_CVERIFY_NONE); |
| 115 | + Assert.assertEquals("SSL_CVERIFY_OPTIONAL should be 1", 1, SSL.SSL_CVERIFY_OPTIONAL); |
| 116 | + Assert.assertEquals("SSL_CVERIFY_REQUIRE should be 2", 2, SSL.SSL_CVERIFY_REQUIRE); |
| 117 | + Assert.assertEquals("SSL_CVERIFY_OPTIONAL_NO_CA should be 3", 3, SSL.SSL_CVERIFY_OPTIONAL_NO_CA); |
| 118 | + } |
| 119 | + |
| 120 | + @Test |
| 121 | + public void testSSLErrorConstants() { |
| 122 | + // Verify error code constants |
| 123 | + Assert.assertEquals("SSL_ERROR_NONE should be 0", 0, SSL.SSL_ERROR_NONE); |
| 124 | + Assert.assertEquals("SSL_ERROR_SSL should be 1", 1, SSL.SSL_ERROR_SSL); |
| 125 | + Assert.assertEquals("SSL_ERROR_WANT_READ should be 2", 2, SSL.SSL_ERROR_WANT_READ); |
| 126 | + Assert.assertEquals("SSL_ERROR_WANT_WRITE should be 3", 3, SSL.SSL_ERROR_WANT_WRITE); |
| 127 | + } |
| 128 | + |
| 129 | + @Test |
| 130 | + public void testSSLSessionCacheConstants() { |
| 131 | + // Verify session cache mode constants |
| 132 | + Assert.assertEquals("SSL_SESS_CACHE_OFF should be 0", 0, SSL.SSL_SESS_CACHE_OFF); |
| 133 | + Assert.assertEquals("SSL_SESS_CACHE_SERVER should be 2", 2, SSL.SSL_SESS_CACHE_SERVER); |
| 134 | + } |
| 135 | +} |
0 commit comments