Add SSL context tests and stress test categorization

csutherl · claude · csutherl · commit 2da582b40cd2 · 2026-01-07T14:32:45.000-05:00
Added TestSSLContext with 15 tests for context creation in different
modes, protocol-specific contexts, options management, verification
levels, session cache configuration, and cipher suites.

Added StressTest marker interface for categorizing performance tests
separately from regular CI runs.

Co-Authored-By: Claude Sonnet 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/test/org/apache/tomcat/jni/StressTest.java b/test/org/apache/tomcat/jni/StressTest.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.jni;
+
+/**
+ * Marker interface for stress tests.
+ *
+ * Tests annotated with @Category(StressTest.class) are stress/performance
+ * tests that create many objects in loops to verify memory management and
+ * detect leaks. These tests:
+ *
+ * - May run slower than regular unit tests
+ * - Are useful for detecting memory leaks
+ * - Should not run in standard CI builds by default
+ *
+ * To run only stress tests:
+ *   ant test -Dtest.categories=StressTest
+ *
+ * To exclude stress tests:
+ *   ant test -Dtest.exclude.categories=StressTest
+ */
+public interface StressTest {
+    // Marker interface - no methods
+}
diff --git a/test/org/apache/tomcat/jni/TestSSLContext.java b/test/org/apache/tomcat/jni/TestSSLContext.java
@@ -0,0 +1,286 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.jni;
+
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+/**
+ * Tests for SSLContext creation and configuration.
+ */
+public class TestSSLContext extends BaseTest {
+
+    private long pool;
+
+    @Before
+    public void setup() {
+        requireLibrary();
+        pool = Pool.create(0);
+    }
+
+    @After
+    public void destroyPool() {
+        if (pool != 0) {
+            Pool.destroy(pool);
+        }
+    }
+
+    @Test
+    public void testCreateServerContext() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+        Assert.assertNotEquals("Server context should be created", 0, ctx);
+
+        int result = SSLContext.free(ctx);
+        Assert.assertEquals("Context should be freed successfully", 0, result);
+    }
+
+    @Test
+    public void testCreateClientContext() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_CLIENT);
+        Assert.assertNotEquals("Client context should be created", 0, ctx);
+
+        int result = SSLContext.free(ctx);
+        Assert.assertEquals("Context should be freed successfully", 0, result);
+    }
+
+    @Test
+    public void testCreateCombinedContext() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_COMBINED);
+        Assert.assertNotEquals("Combined context should be created", 0, ctx);
+
+        int result = SSLContext.free(ctx);
+        Assert.assertEquals("Context should be freed successfully", 0, result);
+    }
+
+    @Test
+    public void testCreateContextTLSv13Only() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_TLSV1_3, SSL.SSL_MODE_SERVER);
+        Assert.assertNotEquals("TLSv1.3-only context should be created", 0, ctx);
+
+        SSLContext.free(ctx);
+    }
+
+    @Test
+    public void testCreateContextTLSv12Only() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_TLSV1_2, SSL.SSL_MODE_SERVER);
+        Assert.assertNotEquals("TLSv1.2-only context should be created", 0, ctx);
+
+        SSLContext.free(ctx);
+    }
+
+    @Test
+    public void testCreateMultipleContexts() throws Exception {
+        // Create multiple contexts from same pool
+        long ctx1 = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+        long ctx2 = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_CLIENT);
+
+        Assert.assertNotEquals("Context 1 should be created", 0, ctx1);
+        Assert.assertNotEquals("Context 2 should be created", 0, ctx2);
+        Assert.assertNotEquals("Contexts should be different", ctx1, ctx2);
+
+        SSLContext.free(ctx1);
+        SSLContext.free(ctx2);
+    }
+
+    @Test
+    public void testSetAndGetOptions() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+
+        // Set some options
+        SSLContext.setOptions(ctx, SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3);
+
+        // Get options back
+        int options = SSLContext.getOptions(ctx);
+
+        // Verify the options we set are present
+        Assert.assertTrue("SSL_OP_NO_SSLv2 should be set",
+            (options & SSL.SSL_OP_NO_SSLv2) != 0);
+        Assert.assertTrue("SSL_OP_NO_SSLv3 should be set",
+            (options & SSL.SSL_OP_NO_SSLv3) != 0);
+
+        SSLContext.free(ctx);
+    }
+
+    @Test
+    public void testClearOptions() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+
+        // Set an option
+        SSLContext.setOptions(ctx, SSL.SSL_OP_NO_COMPRESSION);
+
+        // Verify it's set
+        int options = SSLContext.getOptions(ctx);
+        Assert.assertTrue("Option should be set",
+            (options & SSL.SSL_OP_NO_COMPRESSION) != 0);
+
+        // Clear it
+        SSLContext.clearOptions(ctx, SSL.SSL_OP_NO_COMPRESSION);
+
+        // Verify it's cleared
+        options = SSLContext.getOptions(ctx);
+        Assert.assertTrue("Option should be cleared",
+            (options & SSL.SSL_OP_NO_COMPRESSION) == 0);
+
+        SSLContext.free(ctx);
+    }
+
+    @Test
+    public void testSetVerifyLevel() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+
+        // Set different verification levels - these should not throw
+        SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, 0);
+        SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_OPTIONAL, 10);
+        SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_REQUIRE, 10);
+
+        SSLContext.free(ctx);
+    }
+
+    @Test
+    public void testSessionCacheSize() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+
+        // Set cache size
+        long newSize = SSLContext.setSessionCacheSize(ctx, 1024);
+        Assert.assertTrue("Session cache size should be set", newSize > 0);
+
+        // Get cache size
+        long size = SSLContext.getSessionCacheSize(ctx);
+        Assert.assertTrue("Session cache size should be retrievable", size > 0);
+
+        SSLContext.free(ctx);
+    }
+
+    @Test
+    public void testSessionCacheTimeout() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+
+        // Set cache timeout (in seconds)
+        long newTimeout = SSLContext.setSessionCacheTimeout(ctx, 300);
+        Assert.assertTrue("Session cache timeout should be set", newTimeout > 0);
+
+        // Get cache timeout
+        long timeout = SSLContext.getSessionCacheTimeout(ctx);
+        Assert.assertTrue("Session cache timeout should be retrievable", timeout > 0);
+
+        SSLContext.free(ctx);
+    }
+
+    @Test
+    public void testSessionCacheMode() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+
+        // Set cache mode
+        long prevMode = SSLContext.setSessionCacheMode(ctx, SSL.SSL_SESS_CACHE_SERVER);
+        Assert.assertTrue("Previous mode should be returned", prevMode >= 0);
+
+        // Get cache mode
+        long mode = SSLContext.getSessionCacheMode(ctx);
+        Assert.assertEquals("Cache mode should be SERVER", SSL.SSL_SESS_CACHE_SERVER, mode);
+
+        // Turn off caching
+        SSLContext.setSessionCacheMode(ctx, SSL.SSL_SESS_CACHE_OFF);
+        mode = SSLContext.getSessionCacheMode(ctx);
+        Assert.assertEquals("Cache mode should be OFF", SSL.SSL_SESS_CACHE_OFF, mode);
+
+        SSLContext.free(ctx);
+    }
+
+    @Test
+    public void testSessionStatistics() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+
+        // Get session statistics - these should all return without error
+        // Initial values should be 0
+        long accepts = SSLContext.sessionAccept(ctx);
+        Assert.assertTrue("Session accepts should be non-negative", accepts >= 0);
+
+        long acceptsGood = SSLContext.sessionAcceptGood(ctx);
+        Assert.assertTrue("Session accepts good should be non-negative", acceptsGood >= 0);
+
+        long hits = SSLContext.sessionHits(ctx);
+        Assert.assertTrue("Session hits should be non-negative", hits >= 0);
+
+        long misses = SSLContext.sessionMisses(ctx);
+        Assert.assertTrue("Session misses should be non-negative", misses >= 0);
+
+        long timeouts = SSLContext.sessionTimeouts(ctx);
+        Assert.assertTrue("Session timeouts should be non-negative", timeouts >= 0);
+
+        long number = SSLContext.sessionNumber(ctx);
+        Assert.assertTrue("Session number should be non-negative", number >= 0);
+
+        SSLContext.free(ctx);
+    }
+
+    @Test
+    public void testSetSessionIdContext() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+
+        // Set session ID context
+        byte[] sidCtx = "test-server".getBytes();
+        boolean result = SSLContext.setSessionIdContext(ctx, sidCtx);
+        Assert.assertTrue("Session ID context should be set successfully", result);
+
+        // Test with default context
+        result = SSLContext.setSessionIdContext(ctx, SSLContext.DEFAULT_SESSION_ID_CONTEXT);
+        Assert.assertTrue("Default session ID context should be set successfully", result);
+
+        SSLContext.free(ctx);
+    }
+
+    @Test
+    public void testMultipleCipherOperations() throws Exception {
+        long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+
+        // Get default ciphers
+        String[] ciphers = SSLContext.getCiphers(ctx);
+        Assert.assertNotNull("Ciphers should not be null", ciphers);
+        Assert.assertTrue("Should have at least one cipher", ciphers.length > 0);
+
+        // Set a specific cipher suite
+        boolean result = SSLContext.setCipherSuite(ctx, "HIGH:!aNULL:!MD5");
+        Assert.assertTrue("Cipher suite should be set successfully", result);
+
+        // Get ciphers again
+        ciphers = SSLContext.getCiphers(ctx);
+        Assert.assertNotNull("Ciphers should not be null after setting", ciphers);
+        Assert.assertTrue("Should still have ciphers", ciphers.length > 0);
+
+        SSLContext.free(ctx);
+    }
+
+    @Test
+    @Category(StressTest.class)
+    public void testLifecycleUnderLoad() throws Exception {
+        // Stress test: create and destroy many contexts
+        for (int i = 0; i < 100; i++) {
+            long ctx = SSLContext.make(pool, SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
+            Assert.assertNotEquals("Context " + i + " should be created", 0, ctx);
+
+            // Perform some operations
+            SSLContext.setOptions(ctx, SSL.SSL_OP_NO_SSLv2);
+            SSLContext.setSessionCacheSize(ctx, 1024);
+
+            int result = SSLContext.free(ctx);
+            Assert.assertEquals("Context " + i + " should be freed", 0, result);
+        }
+    }
+}
