Add some TLS tests, fix a leaky buffer

src/main/kotlin/com/dmdirc/ktirc/io/Sockets.kt

@@ -54,22 +54,25 @@ internal class PlainTextSocket(private val scope: CoroutineScope) : Socket {
         client.close()
     }
 
-    override suspend fun read() = try {
+    override suspend fun read(): ByteBuffer? {
         val buffer = byteBufferPool.borrow()
-        val bytes = suspendCancellableCoroutine<Int> { continuation ->
-            client.closeOnCancel(continuation)
-            client.read(buffer, continuation, asyncIOHandler())
-        }
+        try {
+            val bytes = suspendCancellableCoroutine<Int> { continuation ->
+                client.closeOnCancel(continuation)
+                client.read(buffer, continuation, asyncIOHandler())
+            }
 
-        if (bytes == -1) {
-            close()
-        }
+            if (bytes == -1) {
+                close()
+            }
 
-        buffer.flip()
-        buffer
-    } catch (_: ClosedChannelException) {
-        // Ignore
-        null
+            buffer.flip()
+            return buffer
+        } catch (_: ClosedChannelException) {
+            // Ignore
+            byteBufferPool.recycle(buffer)
+            return null
+        }
     }
 
     private suspend fun writeLoop() {

src/test/kotlin/com/dmdirc/ktirc/io/LineBufferedSocketImplTest.kt

@@ -7,18 +7,14 @@ import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.parallel.Execution
 import org.junit.jupiter.api.parallel.ExecutionMode
 import java.net.ServerSocket
-import java.security.KeyStore
-import java.security.cert.X509Certificate
-import javax.net.ssl.KeyManagerFactory
-import javax.net.ssl.SSLContext
-import javax.net.ssl.X509TrustManager
 
+@Suppress("BlockingMethodInNonBlockingContext")
 @ExperimentalCoroutinesApi
 @Execution(ExecutionMode.SAME_THREAD)
 internal class LineBufferedSocketImplTest {
 
     @Test
-    fun `KtorLineBufferedSocket can connect to a server`() = runBlocking {
+    fun `can connect to a server`() = runBlocking {
         ServerSocket(12321).use { serverSocket ->
             val socket = LineBufferedSocketImpl(GlobalScope, "localhost", "localhost", 12321)
             val clientSocketAsync = GlobalScope.async { serverSocket.accept() }
@@ -30,7 +26,7 @@ internal class LineBufferedSocketImplTest {
     }
 
     @Test
-    fun `KtorLineBufferedSocket can send a byte array to a server`() = runBlocking {
+    fun `can send a byte array to a server`() = runBlocking {
         ServerSocket(12321).use { serverSocket ->
             val socket = LineBufferedSocketImpl(GlobalScope, "localhost", "localhost", 12321)
             val clientBytesAsync = GlobalScope.async {
@@ -49,7 +45,7 @@ internal class LineBufferedSocketImplTest {
     }
 
     @Test
-    fun `KtorLineBufferedSocket can send a string to a server over TLS`() = runBlocking {
+    fun `can send a string to a server over TLS`() = runBlocking {
         tlsServerSocket(12321).use { serverSocket ->
             val socket = LineBufferedSocketImpl(GlobalScope, "localhost", "localhost", 12321, true)
             socket.tlsTrustManager = getTrustingManager()
@@ -69,7 +65,7 @@ internal class LineBufferedSocketImplTest {
     }
 
     @Test
-    fun `KtorLineBufferedSocket can receive a line of CRLF delimited text`() = runBlocking {
+    fun `can receive a line of CRLF delimited text`() = runBlocking {
         ServerSocket(12321).use { serverSocket ->
             val socket = LineBufferedSocketImpl(GlobalScope, "localhost", "localhost", 12321)
             GlobalScope.launch {
@@ -82,7 +78,7 @@ internal class LineBufferedSocketImplTest {
     }
 
     @Test
-    fun `KtorLineBufferedSocket can receive a line of LF delimited text`() = runBlocking {
+    fun `can receive a line of LF delimited text`() = runBlocking {
         ServerSocket(12321).use { serverSocket ->
             val socket = LineBufferedSocketImpl(GlobalScope, "localhost", "localhost", 12321)
             GlobalScope.launch {
@@ -95,7 +91,7 @@ internal class LineBufferedSocketImplTest {
     }
 
     @Test
-    fun `KtorLineBufferedSocket can receive multiple lines of text in one packet`() = runBlocking {
+    fun `can receive multiple lines of text in one packet`() = runBlocking {
         ServerSocket(12321).use { serverSocket ->
             val socket = LineBufferedSocketImpl(GlobalScope, "localhost", "localhost", 12321)
             GlobalScope.launch {
@@ -110,7 +106,7 @@ internal class LineBufferedSocketImplTest {
     }
 
     @Test
-    fun `KtorLineBufferedSocket can receive multiple long lines of text`() = runBlocking {
+    fun `can receive multiple long lines of text`() = runBlocking {
         ServerSocket(12321).use { serverSocket ->
             val socket = LineBufferedSocketImpl(GlobalScope, "localhost", "localhost", 12321)
             val line1 = "abcdefghijklmnopqrstuvwxyz".repeat(500)
@@ -129,7 +125,7 @@ internal class LineBufferedSocketImplTest {
     }
 
     @Test
-    fun `KtorLineBufferedSocket can receive one line of text over multiple packets`() = runBlocking {
+    fun `can receive one line of text over multiple packets`() = runBlocking {
         ServerSocket(12321).use { serverSocket ->
             val socket = LineBufferedSocketImpl(GlobalScope, "localhost", "localhost", 12321)
             GlobalScope.launch {
@@ -150,7 +146,7 @@ internal class LineBufferedSocketImplTest {
     }
 
     @Test
-    fun `KtorLineBufferedSocket returns from readLines when socket is closed`() = runBlocking {
+    fun `returns from readLines when socket is closed`() = runBlocking {
         ServerSocket(12321).use { serverSocket ->
             val socket = LineBufferedSocketImpl(GlobalScope, "localhost", "localhost", 12321)
             GlobalScope.launch {
@@ -167,7 +163,7 @@ internal class LineBufferedSocketImplTest {
     }
 
     @Test
-    fun `KtorLineBufferedSocket disconnects from server`() = runBlocking {
+    fun `disconnects from server`() = runBlocking {
         ServerSocket(12321).use { serverSocket ->
             val socket = LineBufferedSocketImpl(GlobalScope, "localhost", "localhost", 12321)
             val clientSocketAsync = GlobalScope.async { serverSocket.accept() }
@@ -179,25 +175,4 @@ internal class LineBufferedSocketImplTest {
         }
     }
 
-    private fun tlsServerSocket(port: Int): ServerSocket {
-        val keyStore = KeyStore.getInstance("PKCS12")
-        keyStore.load(LineBufferedSocketImplTest::class.java.getResourceAsStream("localhost.p12"), CharArray(0))
-
-        val keyManagerFactory = KeyManagerFactory.getInstance("PKIX")
-        keyManagerFactory.init(keyStore, CharArray(0))
-
-        val sslContext = SSLContext.getInstance("TLSv1.2")
-        sslContext.init(keyManagerFactory.keyManagers, null, null)
-        return sslContext.serverSocketFactory.createServerSocket(port)
-    }
-
-    private fun getTrustingManager() = object : X509TrustManager {
-        override fun getAcceptedIssuers(): Array<X509Certificate>  = emptyArray()
-
-        override fun checkClientTrusted(certs: Array<X509Certificate>, authType: String) {}
-
-        override fun checkServerTrusted(certs: Array<X509Certificate>, authType: String) {}
-    }
-
-
 }

src/test/kotlin/com/dmdirc/ktirc/io/TlsTest.kt

@@ -2,11 +2,25 @@ package com.dmdirc.ktirc.io
 
 import io.mockk.every
 import io.mockk.mockk
-import org.junit.jupiter.api.Assertions.assertFalse
-import org.junit.jupiter.api.Assertions.assertTrue
+import kotlinx.coroutines.GlobalScope
+import kotlinx.coroutines.async
+import kotlinx.coroutines.io.writeFully
+import kotlinx.coroutines.launch
+import kotlinx.coroutines.runBlocking
+import kotlinx.io.core.String
+import org.junit.jupiter.api.Assertions
+import org.junit.jupiter.api.Assertions.*
 import org.junit.jupiter.api.Test
+import org.junit.jupiter.api.parallel.Execution
+import org.junit.jupiter.api.parallel.ExecutionMode
+import java.net.InetSocketAddress
+import java.net.ServerSocket
+import java.security.KeyStore
 import java.security.cert.CertificateException
 import java.security.cert.X509Certificate
+import javax.net.ssl.KeyManagerFactory
+import javax.net.ssl.SSLContext
+import javax.net.ssl.X509TrustManager
 
 internal class CertificateValidationTest {
 
@@ -149,4 +163,74 @@ internal class CertificateValidationTest {
         assertFalse(cert.validFor("directory.test.ktirc"))
     }
 
+}
+
+@Suppress("BlockingMethodInNonBlockingContext")
+@Execution(ExecutionMode.SAME_THREAD)
+internal class TlsSocketTest {
+
+    @Test
+    fun `can send a string to a server over TLS`() = runBlocking {
+        tlsServerSocket(12321).use { serverSocket ->
+            val plainSocket = PlainTextSocket(GlobalScope)
+            val tlsSocket = TlsSocket(GlobalScope, plainSocket, getTrustingContext(), "localhost")
+            val clientBytesAsync = GlobalScope.async {
+                ByteArray(13).apply {
+                    serverSocket.accept().getInputStream().read(this)
+                }
+            }
+
+            tlsSocket.connect(InetSocketAddress("localhost", 12321))
+            tlsSocket.write.writeFully("Hello World\r\n".toByteArray())
+
+            val bytes = clientBytesAsync.await()
+            Assertions.assertNotNull(bytes)
+            Assertions.assertEquals("Hello World\r\n", String(bytes))
+        }
+    }
+
+    @Test
+    fun `throws if the hostname mismatches`() {
+        tlsServerSocket(12321).use { serverSocket ->
+            val plainSocket = PlainTextSocket(GlobalScope)
+            val tlsSocket = TlsSocket(GlobalScope, plainSocket, getTrustingContext(), "127.0.0.1")
+            GlobalScope.launch {
+                serverSocket.accept().getInputStream().read()
+            }
+
+            runBlocking {
+                try {
+                    tlsSocket.connect(InetSocketAddress("localhost", 12321))
+                    fail<Unit>("Expected an exception")
+                } catch (ex: Exception) {
+                    assertTrue(ex is CertificateException)
+                }
+            }
+        }
+    }
+
+
+}
+
+internal fun tlsServerSocket(port: Int): ServerSocket {
+    val keyStore = KeyStore.getInstance("PKCS12")
+    keyStore.load(CertificateValidationTest::class.java.getResourceAsStream("localhost.p12"), CharArray(0))
+
+    val keyManagerFactory = KeyManagerFactory.getInstance("PKIX")
+    keyManagerFactory.init(keyStore, CharArray(0))
+
+    val sslContext = SSLContext.getInstance("TLSv1.2")
+    sslContext.init(keyManagerFactory.keyManagers, null, null)
+    return sslContext.serverSocketFactory.createServerSocket(port)
+}
+
+internal fun getTrustingContext() =
+        SSLContext.getInstance("TLSv1.2").apply { init(null, arrayOf(getTrustingManager()), null) }
+
+internal fun getTrustingManager() = object : X509TrustManager {
+    override fun getAcceptedIssuers(): Array<X509Certificate> = emptyArray()
+
+    override fun checkClientTrusted(certs: Array<X509Certificate>, authType: String) {}
+
+    override fun checkServerTrusted(certs: Array<X509Certificate>, authType: String) {}
 }