Add tests with kqueue and native TLS

Author: acogoluegnes

pom.xml

@@ -71,6 +71,7 @@
     <paho.version>1.2.5</paho.version>
     <micrometer-tracing-test.version>1.5.2</micrometer-tracing-test.version>
     <micrometer-docs-generator.version>1.0.4</micrometer-docs-generator.version>
+    <netty-tcnative.version>2.0.72.Final</netty-tcnative.version>
     <maven.compiler.plugin.version>3.14.0</maven.compiler.plugin.version>
     <maven-surefire-plugin.version>3.5.3</maven-surefire-plugin.version>
     <maven-dependency-plugin.version>3.8.1</maven-dependency-plugin.version>
@@ -217,6 +218,30 @@
       <scope>test</scope>
     </dependency>
 
+    <dependency>
+      <groupId>io.netty</groupId>
+      <artifactId>netty-transport-native-kqueue</artifactId>
+      <version>${netty.version}</version>
+      <classifier>osx-aarch_64</classifier>
+      <scope>test</scope>
+    </dependency>
+
+    <dependency>
+      <groupId>io.netty</groupId>
+      <artifactId>netty-tcnative-boringssl-static</artifactId>
+      <version>${netty-tcnative.version}</version>
+      <classifier>linux-x86_64</classifier>
+      <scope>test</scope>
+    </dependency>
+
+    <dependency>
+      <groupId>io.netty</groupId>
+      <artifactId>netty-tcnative-boringssl-static</artifactId>
+      <version>${netty-tcnative.version}</version>
+      <classifier>osx-aarch_64</classifier>
+      <scope>test</scope>
+    </dependency>
+
     <dependency>
       <groupId>org.assertj</groupId>
       <artifactId>assertj-core</artifactId>

src/test/java/com/rabbitmq/stream/impl/StreamEnvironmentTest.java

@@ -52,9 +52,12 @@
 import com.rabbitmq.stream.impl.TestUtils.DisabledIfTlsNotEnabled;
 import io.netty.channel.Channel;
 import io.netty.channel.EventLoopGroup;
+import io.netty.channel.IoHandlerFactory;
 import io.netty.channel.MultiThreadIoEventLoopGroup;
 import io.netty.channel.epoll.EpollIoHandler;
 import io.netty.channel.epoll.EpollSocketChannel;
+import io.netty.channel.kqueue.KQueueIoHandler;
+import io.netty.channel.kqueue.KQueueSocketChannel;
 import io.netty.handler.ssl.SslHandler;
 import java.net.ConnectException;
 import java.nio.charset.StandardCharsets;
@@ -743,41 +746,14 @@ void nettyInitializersAreCalled() {
   @EnabledOnOs(OS.LINUX)
   @EnabledIfSystemProperty(named = "os.arch", matches = "amd64")
   void nativeEpollWorksOnLinux() {
-    int messageCount = 10_000;
-    EventLoopGroup epollEventLoopGroup =
-        new MultiThreadIoEventLoopGroup(EpollIoHandler.newFactory());
-    try {
-      Set<Channel> channels = ConcurrentHashMap.newKeySet();
-      try (Environment env =
-          environmentBuilder
-              .netty()
-              .eventLoopGroup(epollEventLoopGroup)
-              .bootstrapCustomizer(b -> b.channel(EpollSocketChannel.class))
-              .channelCustomizer(ch -> channels.add(ch))
-              .environmentBuilder()
-              .build()) {
-        Producer producer = env.producerBuilder().stream(this.stream).build();
-        ConfirmationHandler handler = confirmationStatus -> {};
-        IntStream.range(0, messageCount)
-            .forEach(
-                i ->
-                    producer.send(
-                        producer
-                            .messageBuilder()
-                            .addData("hello".getBytes(StandardCharsets.UTF_8))
-                            .build(),
-                        handler));
-        CountDownLatch latch = new CountDownLatch(messageCount);
-        env.consumerBuilder().stream(this.stream)
-            .offset(OffsetSpecification.first())
-            .messageHandler((context, message) -> latch.countDown())
-            .build();
-        assertThat(latchAssert(latch)).completes();
-      }
-      assertThat(channels).isNotEmpty().allMatch(ch -> ch instanceof EpollSocketChannel);
-    } finally {
-      epollEventLoopGroup.shutdownGracefully(0, 0, SECONDS);
-    }
+    nativeIo(EpollIoHandler.newFactory(), EpollSocketChannel.class);
+  }
+
+  @Test
+  @EnabledOnOs(OS.MAC)
+  @EnabledIfSystemProperty(named = "os.arch", matches = "aarch64")
+  void nativeKqueueWorksOnMac() {
+    nativeIo(KQueueIoHandler.newFactory(), KQueueSocketChannel.class);
   }
 
   @Test
@@ -847,4 +823,41 @@ void storeOffset() {
       assertThat(client.queryOffset(ref, stream).getOffset()).isEqualTo(0);
     }
   }
+
+  private void nativeIo(IoHandlerFactory ioHandlerFactory, Class<? extends Channel> chClass) {
+    int messageCount = 10_000;
+    EventLoopGroup epollEventLoopGroup = new MultiThreadIoEventLoopGroup(ioHandlerFactory);
+    try {
+      Set<Channel> channels = ConcurrentHashMap.newKeySet();
+      try (Environment env =
+          environmentBuilder
+              .netty()
+              .eventLoopGroup(epollEventLoopGroup)
+              .bootstrapCustomizer(b -> b.channel(chClass))
+              .channelCustomizer(channels::add)
+              .environmentBuilder()
+              .build()) {
+        Producer producer = env.producerBuilder().stream(this.stream).build();
+        ConfirmationHandler handler = confirmationStatus -> {};
+        IntStream.range(0, messageCount)
+            .forEach(
+                i ->
+                    producer.send(
+                        producer
+                            .messageBuilder()
+                            .addData("hello".getBytes(StandardCharsets.UTF_8))
+                            .build(),
+                        handler));
+        CountDownLatch latch = new CountDownLatch(messageCount);
+        env.consumerBuilder().stream(this.stream)
+            .offset(OffsetSpecification.first())
+            .messageHandler((context, message) -> latch.countDown())
+            .build();
+        assertThat(latchAssert(latch)).completes();
+      }
+      assertThat(channels).isNotEmpty().allMatch(ch -> ch.getClass().isAssignableFrom(chClass));
+    } finally {
+      epollEventLoopGroup.shutdownGracefully(0, 0, SECONDS);
+    }
+  }
 }

src/test/java/com/rabbitmq/stream/impl/TlsTest.java

@@ -32,6 +32,7 @@
 import com.rabbitmq.stream.sasl.DefaultSaslConfiguration;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
 import java.io.File;
 import java.io.FileInputStream;
 import java.net.InetAddress;
@@ -54,19 +55,26 @@
 import javax.net.ssl.SSLHandshakeException;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.params.Parameter;
+import org.junit.jupiter.params.ParameterizedClass;
+import org.junit.jupiter.params.provider.EnumSource;
 
 @DisabledIfTlsNotEnabled
 @ExtendWith(TestUtils.StreamTestInfrastructureExtension.class)
+@ParameterizedClass
+@EnumSource(names = {"JDK", "OPENSSL"})
 public class TlsTest {
 
+  @Parameter SslProvider sslProvider;
+
   String stream;
 
   TestUtils.ClientFactory cf;
   int credit = 10;
 
-  static SslContext alwaysTrustSslContext() {
+  SslContext alwaysTrustSslContext() {
     try {
-      return SslContextBuilder.forClient().trustManager(TRUST_EVERYTHING_TRUST_MANAGER).build();
+      return builder().trustManager(TRUST_EVERYTHING_TRUST_MANAGER).build();
     } catch (SSLException e) {
       throw new RuntimeException(e);
     }
@@ -191,7 +199,7 @@ void unverifiedConnection() {
   void verifiedConnectionWithCorrectServerCertificate() throws Exception {
     // in server certificate SAN
     String hostname = "localhost";
-    SslContext context = SslContextBuilder.forClient().trustManager(caCertificate()).build();
+    SslContext context = builder().trustManager(caCertificate()).build();
     cf.get(new ClientParameters().host(hostname).sslContext(context));
   }
 
@@ -200,25 +208,22 @@ void verifiedConnectionWithCorrectServerCertificateWithSni() throws Exception {
     // not in server certificate SAN, but setting SNI makes it work
     String hostname = "127.0.0.1";
     SslContext context =
-        SslContextBuilder.forClient()
-            .trustManager(caCertificate())
-            .serverName(new SNIHostName("localhost"))
-            .build();
+        builder().trustManager(caCertificate()).serverName(new SNIHostName("localhost")).build();
     cf.get(new ClientParameters().host(hostname).sslContext(context));
   }
 
   @Test
   void verifiedConnectionWithCorrectServerCertificateFailsIfHostnameNotInSan() throws Exception {
     // not in server certificate SAN
     String hostname = "127.0.0.1";
-    SslContext context = SslContextBuilder.forClient().trustManager(caCertificate()).build();
+    SslContext context = builder().trustManager(caCertificate()).build();
     assertThatThrownBy(() -> cf.get(new ClientParameters().host(hostname).sslContext(context)))
         .hasCauseInstanceOf(SSLHandshakeException.class);
   }
 
   @Test
   void verifiedConnectionWithWrongServerCertificate() throws Exception {
-    SslContext context = SslContextBuilder.forClient().trustManager(clientCertificate()).build();
+    SslContext context = builder().trustManager(clientCertificate()).build();
     assertThatThrownBy(() -> cf.get(new ClientParameters().sslContext(context)))
         .isInstanceOf(StreamException.class)
         .hasCauseInstanceOf(SSLHandshakeException.class);
@@ -227,7 +232,7 @@ void verifiedConnectionWithWrongServerCertificate() throws Exception {
   @Test
   void verifiedConnectionWithCorrectClientPrivateKey() throws Exception {
     SslContext context =
-        SslContextBuilder.forClient()
+        builder()
             .trustManager(caCertificate())
             .keyManager(clientKey(), clientCertificate())
             .build();
@@ -241,10 +246,7 @@ void verifiedConnectionWithCorrectClientPrivateKey() throws Exception {
   void saslExternalShouldSucceedWithUserForClientCertificate() throws Exception {
     X509Certificate clientCertificate = clientCertificate();
     SslContext context =
-        SslContextBuilder.forClient()
-            .trustManager(caCertificate())
-            .keyManager(clientKey(), clientCertificate)
-            .build();
+        builder().trustManager(caCertificate()).keyManager(clientKey(), clientCertificate).build();
 
     String username = clientCertificate.getSubjectX500Principal().getName();
     Cli.rabbitmqctlIgnoreError(format("delete_user %s", username));
@@ -268,10 +270,7 @@ void saslExternalShouldSucceedWithUserForClientCertificate() throws Exception {
   void saslExternalShouldFailIfNoUserForClientCertificate() throws Exception {
     X509Certificate clientCertificate = clientCertificate();
     SslContext context =
-        SslContextBuilder.forClient()
-            .trustManager(caCertificate())
-            .keyManager(clientKey(), clientCertificate)
-            .build();
+        builder().trustManager(caCertificate()).keyManager(clientKey(), clientCertificate).build();
 
     String username = clientCertificate.getSubjectX500Principal().getName();
     Cli.rabbitmqctlIgnoreError(format("delete_user %s", username));
@@ -288,7 +287,7 @@ void saslExternalShouldFailIfNoUserForClientCertificate() throws Exception {
 
   @Test
   void hostnameVerificationShouldFailWhenSettingHostToLoopbackInterface() throws Exception {
-    SslContext context = SslContextBuilder.forClient().trustManager(caCertificate()).build();
+    SslContext context = builder().trustManager(caCertificate()).build();
     assertThatThrownBy(() -> cf.get(new ClientParameters().sslContext(context).host("127.0.0.1")))
         .isInstanceOf(StreamException.class)
         .hasCauseInstanceOf(SSLHandshakeException.class);
@@ -298,10 +297,7 @@ void hostnameVerificationShouldFailWhenSettingHostToLoopbackInterface() throws E
   void shouldConnectWhenSettingHostToLoopbackInterfaceAndDisablingHostnameVerification()
       throws Exception {
     SslContext context =
-        SslContextBuilder.forClient()
-            .endpointIdentificationAlgorithm(null)
-            .trustManager(caCertificate())
-            .build();
+        builder().endpointIdentificationAlgorithm(null).trustManager(caCertificate()).build();
     cf.get(new ClientParameters().sslContext(context).host("127.0.0.1"));
   }
 
@@ -325,7 +321,7 @@ void environmentPublisherConsumer() throws Exception {
             .uri("rabbitmq-stream+tls://localhost")
             .addressResolver(addr -> new Address("localhost", Client.DEFAULT_TLS_PORT))
             .tls()
-            .sslContext(SslContextBuilder.forClient().trustManager(caCertificate()).build())
+            .sslContext(builder().trustManager(caCertificate()).build())
             .environmentBuilder()
             .build()) {
 
@@ -371,4 +367,8 @@ private static String hostname() {
   private static String tlsArtefactPath(String in) {
     return in.replace("$(hostname)", hostname()).replace("$(hostname -s)", hostname());
   }
+
+  private SslContextBuilder builder() {
+    return SslContextBuilder.forClient().sslProvider(sslProvider);
+  }
 }