Fix selection of security Provider to conscruct SSLContext

Cleanup redundant API un TestUtils Fix TlsTest to be ignored on JKD7 correctly
2016-07-15 12:02:53 -07:00 · 2016-07-15 12:02:53 -07:00 · c1ef8061d1
parent 0099657b5e
commit c1ef8061d1
6 changed files with 22 additions and 31 deletions
--- a/benchmarks/src/main/java/io/grpc/benchmarks/Utils.java
+++ b/benchmarks/src/main/java/io/grpc/benchmarks/Utils.java
@ -45,6 +45,7 @@ import io.grpc.netty.GrpcSslContexts;
 import io.grpc.netty.NegotiationType;
 import io.grpc.netty.NettyChannelBuilder;
 import io.grpc.okhttp.OkHttpChannelBuilder;
+import io.grpc.okhttp.internal.Platform;
 import io.grpc.testing.TestUtils;
 import io.netty.channel.EventLoopGroup;
 import io.netty.channel.epoll.EpollDomainSocketChannel;
@ -148,7 +149,9 @@ public final class Utils {
          builder.overrideAuthority(
              GrpcUtil.authorityFromHostAndPort(authorityOverride, addr.getPort()));
          try {
-            factory = TestUtils.newSslSocketFactoryForCa(TestUtils.loadCert("ca.pem"));
+            factory = TestUtils.newSslSocketFactoryForCa(
+                Platform.get().getProvider(),
+                TestUtils.loadCert("ca.pem"));
          } catch (Exception e) {
            throw new RuntimeException(e);
          }
--- a/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java
+++ b/interop-testing/src/main/java/io/grpc/testing/integration/TestServiceClient.java
@ -39,6 +39,7 @@ import io.grpc.netty.GrpcSslContexts;
 import io.grpc.netty.NegotiationType;
 import io.grpc.netty.NettyChannelBuilder;
 import io.grpc.okhttp.OkHttpChannelBuilder;
+import io.grpc.okhttp.internal.Platform;
 import io.grpc.testing.TestUtils;
 import io.netty.handler.ssl.SslContext;

@ -324,7 +325,8 @@ public class TestServiceClient {
        if (useTls) {
          try {
            SSLSocketFactory factory = useTestCa
-                ? TestUtils.newSslSocketFactoryForCa(TestUtils.loadCert("ca.pem"))
+                ? TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
+                    TestUtils.loadCert("ca.pem"))
                : (SSLSocketFactory) SSLSocketFactory.getDefault();
            builder.sslSocketFactory(factory);
          } catch (Exception e) {
--- a/interop-testing/src/test/java/io/grpc/testing/integration/Http2OkHttpTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/Http2OkHttpTest.java
@ -61,7 +61,6 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;

-import java.io.FileInputStream;
 import java.io.IOException;

 import javax.net.ssl.SSLPeerUnverifiedException;
@ -112,7 +111,7 @@ public class Http2OkHttpTest extends AbstractInteropTest {
            TestUtils.TEST_SERVER_HOST, getPort()));
    try {
      builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
-              new FileInputStream(TestUtils.loadCert("ca.pem"))));
+              TestUtils.loadCert("ca.pem")));
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
@ -153,7 +152,7 @@ public class Http2OkHttpTest extends AbstractInteropTest {
            "I.am.a.bad.hostname", getPort()));
    ManagedChannel channel = builder.sslSocketFactory(
        TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
-            new FileInputStream(TestUtils.loadCert("ca.pem")))).build();
+            TestUtils.loadCert("ca.pem"))).build();
    TestServiceGrpc.TestServiceBlockingStub blockingStub =
        TestServiceGrpc.newBlockingStub(channel);

--- a/interop-testing/src/test/java/io/grpc/testing/integration/TlsTest.java
+++ b/interop-testing/src/test/java/io/grpc/testing/integration/TlsTest.java
@ -65,12 +65,15 @@ import org.junit.runners.Parameterized.Parameters;

 import java.io.File;
 import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;

+import javax.net.ssl.SSLContext;
+

 /**
 * Integration tests for GRPC's TLS support.
@ -97,11 +100,17 @@ public class TlsTest {
  private SslContextBuilder clientContextBuilder;

  @Before
-  public void setUp() {
+  public void setUp() throws NoSuchAlgorithmException {
    executor = Executors.newSingleThreadScheduledExecutor();
    if (sslProvider == SslProvider.OPENSSL) {
      Assume.assumeTrue(OpenSsl.isAvailable());
    }
+    if (sslProvider == SslProvider.JDK) {
+      Assume.assumeTrue(Arrays.asList(
+          SSLContext.getDefault().getSupportedSSLParameters().getCipherSuites())
+          .contains("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"));
+
+    }
    clientContextBuilder = GrpcSslContexts.configure(SslContextBuilder.forClient(), sslProvider);
  }

--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
@ -271,8 +271,7 @@ public class OkHttpChannelBuilder extends
      case TLS:
        try {
          if (sslSocketFactory == null) {
-            SSLContext sslContext = SSLContext.getInstance("TLS", Platform.get().getProvider());
-            sslContext.init(null, null, null);
+            SSLContext sslContext = SSLContext.getInstance("Default", Platform.get().getProvider());
            sslSocketFactory = sslContext.getSocketFactory();
          }
          return sslSocketFactory;
--- a/testing/src/main/java/io/grpc/testing/TestUtils.java
+++ b/testing/src/main/java/io/grpc/testing/TestUtils.java
@ -52,7 +52,6 @@ import java.net.UnknownHostException;
 import java.security.KeyStore;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
-import java.security.Security;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@ -233,36 +232,16 @@ public class TestUtils {
    }
  }

-  /**
-   * Creates an SSLSocketFactory which contains {@code certChainFile} as its only root certificate.
-   */
-  public static SSLSocketFactory newSslSocketFactoryForCa(File certChainFile) throws Exception {
-    InputStream is = new FileInputStream(certChainFile);
-    try {
-      return newSslSocketFactoryForCa(is);
-    } finally {
-      is.close();
-    }
-  }
-
-  /**
-   * Creates an SSLSocketFactory which contains {@code certChainFile} as its only root certificate.
-   */
-  public static SSLSocketFactory newSslSocketFactoryForCa(
-      InputStream certChain) throws Exception {
-    return newSslSocketFactoryForCa(Security.getProviders()[0], certChain);
-  }
-
  /**
   * Creates an SSLSocketFactory which contains {@code certChainFile} as its only root certificate.
   */
  public static SSLSocketFactory newSslSocketFactoryForCa(Provider provider,
-      InputStream certChain) throws Exception {
+      File certChainFile) throws Exception {
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    ks.load(null, null);
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert = (X509Certificate) cf.generateCertificate(
-        new BufferedInputStream(certChain));
+        new BufferedInputStream(new FileInputStream(certChainFile)));
    X500Principal principal = cert.getSubjectX500Principal();
    ks.setCertificateEntry(principal.getName("RFC2253"), cert);