unit tests

JeremiahM37 · JeremiahM37 · commit a0d318913e1b · 2026-01-29T12:52:10.000-07:00
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java
@@ -580,8 +580,10 @@ private synchronized int DoHandshake(boolean fromWrap) throws SSLException {
             }
 
         } catch (SocketTimeoutException | SocketException e) {
-            throw new SSLHandshakeException(
+            SSLHandshakeException hsException = new SSLHandshakeException(
                 "Socket error during SSL/TLS handshake: " + e.getMessage());
+            hsException.initCause(e);
+            throw hsException;
         }
 
         return ret;
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java
@@ -34,9 +34,17 @@
 import java.security.cert.CertificateException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
+import javax.net.ssl.CertPathTrustManagerParameters;
+import javax.net.ssl.KeyStoreBuilderParameters;
 import javax.net.ssl.ManagerFactoryParameters;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactorySpi;
+import java.security.cert.CertPathParameters;
+import java.security.cert.PKIXParameters;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.Set;
 import com.wolfssl.WolfSSL;
 import com.wolfssl.WolfSSLDebug;
 import com.wolfssl.WolfSSLCertificate;
@@ -761,29 +769,25 @@ protected void engineInit(ManagerFactoryParameters arg0)
         WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
             () -> "entered engineInit(ManagerFactoryParameters arg0)");
 
-        /* Handle CertPathTrustManagerParameters (used by Tomcat, etc) */
-        if (arg0 instanceof javax.net.ssl.CertPathTrustManagerParameters) {
-            javax.net.ssl.CertPathTrustManagerParameters certPathParams =
-                (javax.net.ssl.CertPathTrustManagerParameters) arg0;
-            java.security.cert.CertPathParameters certPathParameters =
+        /* Handle CertPathTrustManagerParameters */
+        if (arg0 instanceof CertPathTrustManagerParameters) {
+            CertPathTrustManagerParameters certPathParams =
+                (CertPathTrustManagerParameters) arg0;
+            CertPathParameters certPathParameters =
                 certPathParams.getParameters();
 
-            if (certPathParameters instanceof
-                    java.security.cert.PKIXParameters) {
-                java.security.cert.PKIXParameters pkixParams =
-                    (java.security.cert.PKIXParameters) certPathParameters;
-                java.util.Set<java.security.cert.TrustAnchor> anchors =
-                    pkixParams.getTrustAnchors();
+            if (certPathParameters instanceof PKIXParameters) {
+                PKIXParameters pkixParams =
+                    (PKIXParameters) certPathParameters;
+                Set<TrustAnchor> anchors = pkixParams.getTrustAnchors();
 
                 try {
-                    java.security.KeyStore ks =
-                        java.security.KeyStore.getInstance(
-                            java.security.KeyStore.getDefaultType());
+                    KeyStore ks =
+                        KeyStore.getInstance(KeyStore.getDefaultType());
                     ks.load(null, null);
                     int count = 0;
-                    for (java.security.cert.TrustAnchor anchor : anchors) {
-                        java.security.cert.X509Certificate cert =
-                            anchor.getTrustedCert();
+                    for (TrustAnchor anchor : anchors) {
+                        X509Certificate cert = anchor.getTrustedCert();
                         if (cert != null) {
                             ks.setCertificateEntry(
                                 "trustanchor-" + count, cert);
@@ -806,17 +810,15 @@ protected void engineInit(ManagerFactoryParameters arg0)
         }
 
         /* Handle KeyStoreBuilderParameters */
-        if (arg0 instanceof javax.net.ssl.KeyStoreBuilderParameters) {
-            javax.net.ssl.KeyStoreBuilderParameters ksParams =
-                (javax.net.ssl.KeyStoreBuilderParameters) arg0;
-            java.util.List<java.security.KeyStore.Builder> builders =
-                ksParams.getParameters();
+        if (arg0 instanceof KeyStoreBuilderParameters) {
+            KeyStoreBuilderParameters ksParams =
+                (KeyStoreBuilderParameters) arg0;
+            List<KeyStore.Builder> builders = ksParams.getParameters();
 
             if (builders != null && !builders.isEmpty()) {
                 try {
                     /* Use the first KeyStore builder */
-                    java.security.KeyStore ks =
-                        builders.get(0).getKeyStore();
+                    KeyStore ks = builders.get(0).getKeyStore();
                     WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
                         () -> "Initialized TrustManager from " +
                             "KeyStoreBuilderParameters");
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLContextTest.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLContextTest.java
@@ -56,6 +56,8 @@
 import com.wolfssl.WolfSSL;
 import com.wolfssl.provider.jsse.WolfSSLProvider;
 
+import java.lang.reflect.Method;
+
 public class WolfSSLContextTest {
 
     private static WolfSSLTestFactory tf;
@@ -965,5 +967,36 @@ public void testWolfJSSEEnabledCipherSuites()
 
         System.out.println("\t... passed");
     }
+
+    @Test
+    public void testSanitizeProtocolsNullInput() {
+
+        System.out.print("\tTesting sanitizeProtocols(null)");
+
+        try {
+            Class<?> utilClass = Class.forName(
+                "com.wolfssl.provider.jsse.WolfSSLUtil");
+            Method sanitizeMethod = utilClass.getDeclaredMethod(
+                "sanitizeProtocols",
+                String[].class,
+                WolfSSL.TLS_VERSION.class);
+            sanitizeMethod.setAccessible(true);
+
+            String[] result = (String[]) sanitizeMethod.invoke(
+                null, (String[]) null, WolfSSL.TLS_VERSION.TLSv1_2);
+
+            if (result != null) {
+                System.out.println("\t... failed");
+                fail("sanitizeProtocols(null) should return null");
+                return;
+            }
+
+            System.out.println("\t\t... passed");
+
+        } catch (Exception e) {
+            System.out.println("\t... failed");
+            fail("Exception during sanitizeProtocols test: " + e.getMessage());
+        }
+    }
 }
 
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLKeyX509Test.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLKeyX509Test.java
@@ -1111,11 +1111,38 @@ public void testNullKeyStoreWithCachingDisabled()
         pass("\t... passed");
     }
 
+    /* Test that chooseAlias methods return aliases with private keys */
+    @Test
+    public void testChooseAliasSkipsCertOnlyEntries()
+        throws NoSuchAlgorithmException, KeyStoreException,
+               KeyManagementException, CertificateException, IOException,
+               NoSuchProviderException, UnrecoverableKeyException {
+
+        System.out.print("\tTesting chooseAlias skips cert-only");
+
+        KeyManager[] km = tf.createKeyManager("SunX509", tf.allJKS, provider);
+        X509ExtendedKeyManager x509km = (X509ExtendedKeyManager) km[0];
+        String alias;
+
+        alias = x509km.chooseClientAlias(new String[] { "RSA" }, null, null);
+        if (alias != null && x509km.getPrivateKey(alias) == null) {
+            fail("chooseClientAlias returned alias without private key");
+        }
+
+        alias = x509km.chooseEngineClientAlias(
+            new String[] { "RSA" }, null, null);
+        if (alias != null && x509km.getPrivateKey(alias) == null) {
+            fail("chooseEngineClientAlias returned alias without private key");
+        }
+
+        pass("\t... passed");
+    }
+
     private void pass(String msg) {
         WolfSSLTestFactory.pass(msg);
     }
 
     private void error(String msg) {
         WolfSSLTestFactory.fail(msg);
     }
- }
+}
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLTrustX509Test.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLTrustX509Test.java
@@ -49,7 +49,13 @@
 import java.security.cert.CertificateFactory;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateParsingException;
+import java.security.cert.PKIXParameters;
+import java.security.cert.TrustAnchor;
 import java.security.cert.X509Certificate;
+import java.security.InvalidAlgorithmParameterException;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
 import java.net.Socket;
 import java.net.InetSocketAddress;
 import javax.net.ssl.TrustManager;
@@ -67,6 +73,8 @@
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.X509KeyManager;
+import javax.net.ssl.CertPathTrustManagerParameters;
+import javax.net.ssl.KeyStoreBuilderParameters;
 
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.fail;
@@ -3342,6 +3350,95 @@ private void testX509ExtTrustMgrSSLSocketExtNoServerStartHandshakeSuccess()
         }
     }
 
+    /* Test TrustManagerFactory.init(CertPathTrustManagerParameters) */
+    @Test
+    public void testInitWithCertPathTrustManagerParameters()
+        throws NoSuchProviderException, NoSuchAlgorithmException,
+               KeyStoreException, IOException, CertificateException,
+               InvalidAlgorithmParameterException {
+
+        System.out.print("\tTesting init(CertPathTrustManagerParameters)");
+
+        /* Load CA certs and create TrustAnchors manually */
+        KeyStore caStore = KeyStore.getInstance(
+            WolfSSLTestFactory.isAndroid() ? "BKS" : "JKS");
+        InputStream stream = new FileInputStream(tf.caJKS);
+        caStore.load(stream, WolfSSLTestFactory.jksPass);
+        stream.close();
+
+        Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();
+        Enumeration<String> aliases = caStore.aliases();
+        while (aliases.hasMoreElements()) {
+            String alias = aliases.nextElement();
+            Certificate cert = caStore.getCertificate(alias);
+            if (cert instanceof X509Certificate) {
+                anchors.add(new TrustAnchor((X509Certificate) cert, null));
+            }
+        }
+
+        if (anchors.isEmpty()) {
+            pass("\t... skipped (no certs)");
+            return;
+        }
+
+        PKIXParameters pkixParams = new PKIXParameters(anchors);
+        CertPathTrustManagerParameters certPathParams =
+            new CertPathTrustManagerParameters(pkixParams);
+
+        TrustManagerFactory tmf =
+            TrustManagerFactory.getInstance("SunX509", provider);
+        tmf.init(certPathParams);
+
+        TrustManager[] tms = tmf.getTrustManagers();
+        if (tms == null || tms.length == 0) {
+            fail("TrustManagers null/empty after CertPathParams init");
+        }
+
+        X509TrustManager x509tm = (X509TrustManager) tms[0];
+        if (x509tm.getAcceptedIssuers() == null ||
+            x509tm.getAcceptedIssuers().length == 0) {
+            fail("No accepted issuers after CertPathParams init");
+        }
+
+        pass("\t... passed");
+    }
+
+    /* Test TrustManagerFactory.init(KeyStoreBuilderParameters) */
+    @Test
+    public void testInitWithKeyStoreBuilderParameters()
+        throws NoSuchProviderException, NoSuchAlgorithmException,
+               KeyStoreException, IOException, CertificateException,
+               InvalidAlgorithmParameterException {
+
+        System.out.print("\tTesting init(KeyStoreBuilderParameters)");
+
+        KeyStore.Builder ksBuilder = KeyStore.Builder.newInstance(
+            WolfSSLTestFactory.isAndroid() ? "BKS" : "JKS",
+            null,
+            new File(tf.caJKS),
+            new KeyStore.PasswordProtection(WolfSSLTestFactory.jksPass));
+
+        KeyStoreBuilderParameters ksParams =
+            new KeyStoreBuilderParameters(ksBuilder);
+
+        TrustManagerFactory tmf =
+            TrustManagerFactory.getInstance("SunX509", provider);
+        tmf.init(ksParams);
+
+        TrustManager[] tms = tmf.getTrustManagers();
+        if (tms == null || tms.length == 0) {
+            fail("TrustManagers null/empty after KeyStoreBuilder init");
+        }
+
+        X509TrustManager x509tm = (X509TrustManager) tms[0];
+        if (x509tm.getAcceptedIssuers() == null ||
+            x509tm.getAcceptedIssuers().length == 0) {
+            fail("No accepted issuers after KeyStoreBuilder init");
+        }
+
+        pass("\t... passed");
+    }
+
     private void pass(String msg) {
         WolfSSLTestFactory.pass(msg);
     }

Original file line number	Diff line number	Diff line change
`@@ -580,8 +580,10 @@ private synchronized int DoHandshake(boolean fromWrap) throws SSLException {`
`580`	`580`	`}`
`581`	`581`
`582`	`582`	`} catch (SocketTimeoutException \| SocketException e) {`
`583`		`- throw new SSLHandshakeException(`
	`583`	`+ SSLHandshakeException hsException = new SSLHandshakeException(`
`584`	`584`	`"Socket error during SSL/TLS handshake: " + e.getMessage());`
	`585`	`+ hsException.initCause(e);`
	`586`	`+ throw hsException;`
`585`	`587`	`}`
`586`	`588`
`587`	`589`	`return ret;`