WFSSL-111 Add the ability to use a custom OpenSSL engine

wildfly-security · Jan 19, 2023 · 5adf8a0 · 5adf8a0
1 parent 31d55d0
commit 5adf8a0
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 5 deletions.
diff --git a/java/src/main/java/org/wildfly/openssl/SSL.java b/java/src/main/java/org/wildfly/openssl/SSL.java
@@ -41,6 +41,7 @@ public abstract class SSL {
     public static final String MAC_HOMEBREW_OPENSSL_PATH = "/usr/local/opt/openssl/lib/";
     private static SSL instance;
 
+    public static final String ORG_WILDFLY_OPENSSL_ENGINE = "org.wildfly.openssl.engine";
     public static final String ORG_WILDFLY_OPENSSL_PATH = "org.wildfly.openssl.path";
     public static final String ORG_WILDFLY_OPENSSL_PATH_LIBSSL = "org.wildfly.openssl.path.ssl";
     public static final String ORG_WILDFLY_OPENSSL_PATH_LIBCRYPTO = "org.wildfly.openssl.path.crypto";
@@ -191,7 +192,8 @@ static void init() {
                     if (cryptoPath == null) {
                         throw new RuntimeException(Messages.MESSAGES.couldNotFindLibCrypto(ORG_WILDFLY_OPENSSL_PATH, attemptedCrypto.toString()));
                     }
-                    instance.initialize(cryptoPath, sslPath);
+                    String sslEngine = System.getProperty(ORG_WILDFLY_OPENSSL_ENGINE);
+                    instance.initialize(cryptoPath, sslPath, sslEngine);
                     String version = instance.version();
                     logger.info(Messages.MESSAGES.openSSLVersion(version));
 
@@ -289,7 +291,7 @@ public void load() {
         }
     }
 
-    protected abstract void initialize(String libCryptoPath, String libSslPath);
+    protected abstract void initialize(String libCryptoPath, String libSslPath, String customEngine);
 
     /**
      * JSSE and OpenSSL protocol names

diff --git a/java/src/main/java/org/wildfly/openssl/SSLImpl.java b/java/src/main/java/org/wildfly/openssl/SSLImpl.java
@@ -27,10 +27,10 @@ public class SSLImpl extends SSL {
     public SSLImpl() {
     }
 
-    static native void initialize0(String libCryptoPath, String libSslPath);
+    static native void initialize0(String libCryptoPath, String libSslPath, String customEngine);
 
-    protected void initialize(String libCryptoPath, String libSslPath) {
-        SSLImpl.initialize0(libCryptoPath, libSslPath);
+    protected void initialize(String libCryptoPath, String libSslPath, String customEngine) {
+        SSLImpl.initialize0(libCryptoPath, libSslPath, customEngine);
     }
 
     /* Return OpenSSL version number as a string */

diff --git a/java/src/test/java/org/wildfly/openssl/BasicOpenSSLCustomEngineTest.java b/java/src/test/java/org/wildfly/openssl/BasicOpenSSLCustomEngineTest.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.wildfly.openssl;
+
+import org.junit.Assert;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
+
+/**
+ * @author Heyuan Liu
+ */
+
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class BasicOpenSSLCustomEngineTest {
+
+    @Test
+    public void firstTestUnknownEngine() {
+        String engine = System.setProperty(SSL.ORG_WILDFLY_OPENSSL_ENGINE, "unknown");
+        try {
+            AbstractOpenSSLTest.setup();
+            Assert.fail("Expected ExceptionInInitializerError not thrown");
+        } catch (ExceptionInInitializerError expected) {
+            Assert.assertNotNull(expected);
+        } finally {
+            if (engine != null) {
+                System.setProperty(SSL.ORG_WILDFLY_OPENSSL_ENGINE, engine);
+            } else {
+                System.clearProperty(SSL.ORG_WILDFLY_OPENSSL_ENGINE);
+            }
+        }
+    }
+
+    @Test
+    public void secondTestRDRANDEngine() {
+        String engine = System.setProperty(SSL.ORG_WILDFLY_OPENSSL_ENGINE, "rdrand");
+        try {
+            AbstractOpenSSLTest.setup();
+            SSL ssl = SSL.getInstance();
+            Assert.assertNotNull(ssl.version());
+        } finally {
+            if (engine != null) {
+                System.setProperty(SSL.ORG_WILDFLY_OPENSSL_ENGINE, engine);
+            } else {
+                System.clearProperty(SSL.ORG_WILDFLY_OPENSSL_ENGINE);
+            }
+        }
+    }
+}