From 7d4ff59cf53b0d7ea20478c473a690925ab5ca53 Mon Sep 17 00:00:00 2001 From: Christoph John Date: Wed, 16 Oct 2024 10:14:43 +0200 Subject: [PATCH 1/4] Update SSLCertificateTest.java --- .../quickfix/mina/ssl/SSLCertificateTest.java | 62 +++++++++---------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java b/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java index 354bf2b0a..25f7cd2d8 100644 --- a/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java +++ b/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java @@ -85,14 +85,14 @@ public void cleanup() { public void shouldAuthenticateServerCertificate() throws Exception { int freePort = AvailablePortFinder.getNextAvailable(); TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", false, - "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.2", "JKS", "JKS", freePort)); + "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort)); try { acceptor.start(); TestInitiator initiator = new TestInitiator( createInitiatorSettings("single-session/empty.keystore", "single-session/client.truststore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); try { initiator.start(); @@ -137,13 +137,13 @@ public void shouldAuthenticateServerCertificateViaSocksProxy(String proxyVersion try { int port = AvailablePortFinder.getNextAvailable(); TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", false, - "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.2", "JKS", "JKS", port)); + "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", port)); try { acceptor.start(); SessionSettings initiatorSettings = createInitiatorSettings("single-session/empty.keystore", "single-session/client.truststore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU", "ALFA", Integer.toString(port), "JKS", "JKS"); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(port), "JKS", "JKS"); Properties defaults = initiatorSettings.getDefaultProperties(); @@ -184,14 +184,14 @@ public void shouldAuthenticateServerCertificateViaSocksProxy(String proxyVersion public void shouldAuthenticateServerNameUsingServerCommonName() throws Exception { int freePort = AvailablePortFinder.getNextAvailable(); TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server-cn.keystore", false, - "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.2", "JKS", "JKS", freePort)); + "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort)); try { acceptor.start(); TestInitiator initiator = new TestInitiator( createInitiatorSettings("single-session/empty.keystore", "single-session/client-cn.truststore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); try { initiator.start(); @@ -219,14 +219,14 @@ public void shouldAuthenticateServerNameUsingServerCommonName() throws Exception public void shouldAuthenticateServerNameUsingSNIExtension() throws Exception { int freePort = AvailablePortFinder.getNextAvailable(); TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server-sni.keystore", false, - "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.2", "JKS", "JKS", freePort)); + "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort)); try { acceptor.start(); TestInitiator initiator = new TestInitiator( createInitiatorSettings("single-session/empty.keystore", "single-session/client-sni.truststore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); try { initiator.start(); @@ -255,14 +255,14 @@ public void shouldFailWhenHostnameDoesNotMatchServerName() throws Exception { int freePort = AvailablePortFinder.getNextAvailable(); TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server-bad-cn.keystore", false, - "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.2", "JKS", "JKS", freePort)); + "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort)); try { acceptor.start(); TestInitiator initiator = new TestInitiator( createInitiatorSettings("single-session/empty.keystore", "single-session/client-bad-cn.truststore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS", "HTTPS")); try { initiator.start(); @@ -286,14 +286,14 @@ public void shouldFailWhenHostnameDoesNotMatchServerName() throws Exception { public void shouldAuthenticateServerAndClientCertificates() throws Exception { int freePort = AvailablePortFinder.getNextAvailable(); TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", true, - "single-session/server.truststore", CIPHER_SUITES_TLS, "TLSv1.2", "JKS", "JKS", freePort)); + "single-session/server.truststore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort)); try { acceptor.start(); TestInitiator initiator = new TestInitiator( createInitiatorSettings("single-session/client.keystore", "single-session/client.truststore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); try { initiator.start(); @@ -319,14 +319,14 @@ public void shouldAuthenticateServerAndClientCertificates() throws Exception { public void shouldAuthenticateServerAndClientCertificatesWhenUsingDifferentKeystoreFormats() throws Exception { int freePort = AvailablePortFinder.getNextAvailable(); TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server-pkcs12.keystore", true, - "single-session/server-jceks.truststore", CIPHER_SUITES_TLS, "TLSv1.2", "PKCS12", + "single-session/server-jceks.truststore", CIPHER_SUITES_TLS, "TLSv1.3", "PKCS12", "JCEKS", freePort)); try { acceptor.start(); TestInitiator initiator = new TestInitiator(createInitiatorSettings("single-session/client-jceks.keystore", - "single-session/client-jceks.keystore", CIPHER_SUITES_TLS, "TLSv1.2", "ZULU", "ALFA", + "single-session/client-jceks.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JCEKS", "JCEKS")); try { @@ -354,20 +354,20 @@ public void shouldAuthenticateServerAndClientCertificatesForIndividualSessions() TestAcceptor acceptor = new TestAcceptor(createMultiSessionAcceptorSettings( "multi-session/server.keystore", true, new String[] { "multi-session/server1.truststore", "multi-session/server2.truststore", "multi-session/server3.truststore" }, - CIPHER_SUITES_TLS, "TLSv1.2")); + CIPHER_SUITES_TLS, "TLSv1.3")); try { acceptor.start(); TestInitiator initiator1 = new TestInitiator( createInitiatorSettings("multi-session/client1.keystore", "multi-session/client1.keystore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU0", "ALFA0", "12340", "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU0", "ALFA0", "12340", "JKS", "JKS")); TestInitiator initiator2 = new TestInitiator( createInitiatorSettings("multi-session/client2.keystore", "multi-session/client2.keystore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU1", "ALFA1", "12341", "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU1", "ALFA1", "12341", "JKS", "JKS")); TestInitiator initiator3 = new TestInitiator( createInitiatorSettings("multi-session/client3.keystore", "multi-session/client3.keystore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU2", "ALFA2", "12342", "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU2", "ALFA2", "12342", "JKS", "JKS")); try { initiator1.start(); @@ -415,20 +415,20 @@ public void shouldFailIndividualSessionsWhenInvalidCertificatesUsed() throws Exc TestAcceptor acceptor = new TestAcceptor(createMultiSessionAcceptorSettings( "multi-session/server.keystore", true, new String[] { "multi-session/server1.truststore", "multi-session/server2.truststore", "multi-session/server3.truststore" }, - CIPHER_SUITES_TLS, "TLSv1.2")); + CIPHER_SUITES_TLS, "TLSv1.3")); try { acceptor.start(); TestInitiator initiator1 = new TestInitiator( createInitiatorSettings("multi-session/client2.keystore", "multi-session/client2.keystore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU0", "ALFA0", "12340", "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU0", "ALFA0", "12340", "JKS", "JKS")); TestInitiator initiator2 = new TestInitiator( createInitiatorSettings("multi-session/client1.keystore", "multi-session/client1.keystore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU1", "ALFA1", "12341", "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU1", "ALFA1", "12341", "JKS", "JKS")); TestInitiator initiator3 = new TestInitiator( createInitiatorSettings("multi-session/client3.keystore", "multi-session/client3.keystore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU2", "ALFA2", "12342", "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU2", "ALFA2", "12342", "JKS", "JKS")); try { initiator1.start(); @@ -500,14 +500,14 @@ public void shouldFailWhenUsingEmptyServerKeyStore() throws Exception { public void shouldFailWhenUsingEmptyClientTruststore() throws Exception { int freePort = AvailablePortFinder.getNextAvailable(); TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", false, - "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.2", "JKS", "JKS", freePort)); + "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort)); try { acceptor.start(); TestInitiator initiator = new TestInitiator( createInitiatorSettings("single-session/empty.keystore", "single-session/empty.keystore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); try { initiator.start(); @@ -531,14 +531,14 @@ public void shouldFailWhenUsingEmptyClientTruststore() throws Exception { public void shouldFailWhenUsingEmptyServerTrustore() throws Exception { int freePort = AvailablePortFinder.getNextAvailable(); TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", true, - "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.2", "JKS", "JKS", freePort)); + "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort)); try { acceptor.start(); TestInitiator initiator = new TestInitiator( createInitiatorSettings("single-session/client.keystore", "single-session/client.truststore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); try { initiator.start(); @@ -562,14 +562,14 @@ public void shouldFailWhenUsingEmptyServerTrustore() throws Exception { public void shouldFailWhenUsingBadClientCertificate() throws Exception { int freePort = AvailablePortFinder.getNextAvailable(); TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/server.keystore", true, - "single-session/server.truststore", CIPHER_SUITES_TLS, "TLSv1.2", "JKS", "JKS", freePort)); + "single-session/server.truststore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort)); try { acceptor.start(); TestInitiator initiator = new TestInitiator( createInitiatorSettings("single-session/server.keystore", "single-session/client.truststore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); try { initiator.start(); @@ -593,14 +593,14 @@ public void shouldFailWhenUsingBadClientCertificate() throws Exception { public void shouldFailWhenUsingBadServerCertificate() throws Exception { int freePort = AvailablePortFinder.getNextAvailable(); TestAcceptor acceptor = new TestAcceptor(createAcceptorSettings("single-session/client.keystore", false, - "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.2", "JKS", "JKS", freePort)); + "single-session/empty.keystore", CIPHER_SUITES_TLS, "TLSv1.3", "JKS", "JKS", freePort)); try { acceptor.start(); TestInitiator initiator = new TestInitiator( createInitiatorSettings("single-session/empty.keystore", "single-session/client.truststore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU", "ALFA", Integer.toString(freePort), "JKS", "JKS")); try { initiator.start(); @@ -631,7 +631,7 @@ public void shouldConnectDifferentTypesOfSessions() throws Exception { TestInitiator sslInitiator = new TestInitiator( createInitiatorSettings("single-session/client.keystore", "single-session/client.truststore", - CIPHER_SUITES_TLS, "TLSv1.2", "ZULU_SSL", "ALFA_SSL", Integer.toString(sslPort), "JKS", "JKS")); + CIPHER_SUITES_TLS, "TLSv1.3", "ZULU_SSL", "ALFA_SSL", Integer.toString(sslPort), "JKS", "JKS")); TestInitiator nonSslInitiator = new TestInitiator(createInitiatorSettings("ZULU_NON_SSL", "ALFA_NON_SSL", nonSslPort)); From 4257f2c0422425fac0419f6b376433931598fa9d Mon Sep 17 00:00:00 2001 From: Christoph John Date: Wed, 16 Oct 2024 11:46:50 +0200 Subject: [PATCH 2/4] Updated cipher suites --- .../src/test/java/quickfix/mina/ssl/SSLCertificateTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java b/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java index 25f7cd2d8..adffc73ef 100644 --- a/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java +++ b/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java @@ -69,7 +69,7 @@ public class SSLCertificateTest { // Note: To diagnose cipher suite errors, run with -Djavax.net.debug=ssl:handshake - private static final String CIPHER_SUITES_TLS = "TLS_RSA_WITH_AES_128_CBC_SHA"; + private static final String CIPHER_SUITES_TLS = "TLS_AES_256_GCM_SHA384"; @After public void cleanup() { From e70eaa2b205be827c14efe1322311152955e85d8 Mon Sep 17 00:00:00 2001 From: Christoph John Date: Mon, 27 Jan 2025 10:42:35 +0100 Subject: [PATCH 3/4] added some debug logging for unwritten requests --- .../src/main/java/quickfix/mina/AbstractIoHandler.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/quickfixj-core/src/main/java/quickfix/mina/AbstractIoHandler.java b/quickfixj-core/src/main/java/quickfix/mina/AbstractIoHandler.java index 79203dccc..c0e052ed4 100644 --- a/quickfixj-core/src/main/java/quickfix/mina/AbstractIoHandler.java +++ b/quickfixj-core/src/main/java/quickfix/mina/AbstractIoHandler.java @@ -86,6 +86,11 @@ public void exceptionCaught(IoSession ioSession, Throwable cause) throws Excepti reason = "Socket exception (" + ioSession.getRemoteAddress() + "): " + cause; } else { reason = "Socket (" + ioSession.getRemoteAddress() + "): " + cause; + if (realCause instanceof org.apache.mina.core.write.WriteException) { + org.apache.mina.core.write.WriteRequest writeRequest = (org.apache.mina.core.write.WriteException)realCause.getRequest(); + Object message = writeRequest.getMessage(); + log.error("First unwritten message = " + message); + } } disconnectNeeded = true; } else if (realCause instanceof CriticalProtocolCodecException) { From 2155a9f9420aa551a128ef13d63e4df1e5ea1080 Mon Sep 17 00:00:00 2001 From: Christoph John Date: Mon, 27 Jan 2025 10:49:51 +0100 Subject: [PATCH 4/4] typo --- .../src/main/java/quickfix/mina/AbstractIoHandler.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickfixj-core/src/main/java/quickfix/mina/AbstractIoHandler.java b/quickfixj-core/src/main/java/quickfix/mina/AbstractIoHandler.java index c0e052ed4..8ea671fd5 100644 --- a/quickfixj-core/src/main/java/quickfix/mina/AbstractIoHandler.java +++ b/quickfixj-core/src/main/java/quickfix/mina/AbstractIoHandler.java @@ -87,7 +87,7 @@ public void exceptionCaught(IoSession ioSession, Throwable cause) throws Excepti } else { reason = "Socket (" + ioSession.getRemoteAddress() + "): " + cause; if (realCause instanceof org.apache.mina.core.write.WriteException) { - org.apache.mina.core.write.WriteRequest writeRequest = (org.apache.mina.core.write.WriteException)realCause.getRequest(); + org.apache.mina.core.write.WriteRequest writeRequest = ((org.apache.mina.core.write.WriteException)realCause).getRequest(); Object message = writeRequest.getMessage(); log.error("First unwritten message = " + message); }