Examples with SelfSignedCertificate io.netty.handler.ssl.util.SelfSignedCertificate used on opensource projects

Search in sources :

Example 46 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class OpenSslEngineTest method testWrapWithDifferentSizesTLSv1_2.

@Test
public void testWrapWithDifferentSizesTLSv1_2() throws Exception {
    clientSslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build();
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-CAMELLIA128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES256-GCM-SHA384");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DES-CBC3-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AECDH-AES128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES128-GCM-SHA256");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES128-GCM-SHA256");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA384");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AECDH-DES-CBC3-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES256-GCM-SHA384");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES256-SHA256");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-GCM-SHA256");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES128-SHA256");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "CAMELLIA128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "SEED-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "RC4-MD5");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-SEED-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES128-SHA256");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-DES-CBC3-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "EDH-RSA-DES-CBC3-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-RC4-MD5");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "IDEA-CBC-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "RC4-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "CAMELLIA256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES128-GCM-SHA256");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AES128-SHA256");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AECDH-RC4-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES256-GCM-SHA384");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-SEED-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-AES256-SHA256");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "AECDH-AES256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-DES-CBC3-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-CAMELLIA256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-GCM-SHA384");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-CAMELLIA256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES256-SHA256");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ADH-AES128-SHA256");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-AES256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "DHE-RSA-CAMELLIA128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_TLS_V1_2, "ECDHE-RSA-RC4-SHA");
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) Test(org.junit.Test)

Example 47 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class OpenSslEngineTest method testOnlySmallBufferNeededForWrap.

@Test
public void testOnlySmallBufferNeededForWrap() throws Exception {
    clientSslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build();
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine clientEngine = null;
    SSLEngine serverEngine = null;
    try {
        clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
        serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
        handshake(clientEngine, serverEngine);
        // Allocate a buffer which is small enough and set the limit to the capacity to mark its whole content
        // as readable.
        int srcLen = 1024;
        ByteBuffer src = allocateBuffer(srcLen);
        ByteBuffer dstTooSmall = allocateBuffer(src.capacity() + MAX_TLS_RECORD_OVERHEAD_LENGTH - 1);
        ByteBuffer dst = allocateBuffer(src.capacity() + MAX_TLS_RECORD_OVERHEAD_LENGTH);
        // Check that we fail to wrap if the dst buffers capacity is not at least
        // src.capacity() + ReferenceCountedOpenSslEngine.MAX_TLS_RECORD_OVERHEAD_LENGTH
        SSLEngineResult result = clientEngine.wrap(src, dstTooSmall);
        assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
        assertEquals(0, result.bytesConsumed());
        assertEquals(0, result.bytesProduced());
        assertEquals(src.remaining(), src.capacity());
        assertEquals(dst.remaining(), dst.capacity());
        // Check that we can wrap with a dst buffer that has the capacity of
        // src.capacity() + ReferenceCountedOpenSslEngine.MAX_TLS_RECORD_OVERHEAD_LENGTH
        result = clientEngine.wrap(src, dst);
        assertEquals(SSLEngineResult.Status.OK, result.getStatus());
        assertEquals(srcLen, result.bytesConsumed());
        assertEquals(0, src.remaining());
        assertTrue(result.bytesProduced() > srcLen);
        assertEquals(src.capacity() - result.bytesConsumed(), src.remaining());
        assertEquals(dst.capacity() - result.bytesProduced(), dst.remaining());
    } finally {
        cleanupClientSslEngine(clientEngine);
        cleanupServerSslEngine(serverEngine);
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) SSLEngineResult(javax.net.ssl.SSLEngineResult) SSLEngine(javax.net.ssl.SSLEngine) ByteBuffer(java.nio.ByteBuffer) Test(org.junit.Test)

Example 48 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class OpenSslEngineTest method testSrcsLenOverFlowCorrectlyHandled.

@Test
public void testSrcsLenOverFlowCorrectlyHandled() throws Exception {
    clientSslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build();
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine clientEngine = null;
    SSLEngine serverEngine = null;
    try {
        clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
        serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
        handshake(clientEngine, serverEngine);
        ByteBuffer src = allocateBuffer(1024);
        List<ByteBuffer> srcList = new ArrayList<ByteBuffer>();
        long srcsLen = 0;
        long maxLen = ((long) MAX_VALUE) * 2;
        while (srcsLen < maxLen) {
            ByteBuffer dup = src.duplicate();
            srcList.add(dup);
            srcsLen += dup.capacity();
        }
        ByteBuffer[] srcs = srcList.toArray(new ByteBuffer[srcList.size()]);
        ByteBuffer dst = allocateBuffer(MAX_ENCRYPTED_PACKET_LENGTH - 1);
        SSLEngineResult result = clientEngine.wrap(srcs, dst);
        assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
        for (ByteBuffer buffer : srcs) {
            assertEquals(0, buffer.position());
        }
        assertEquals(0, dst.position());
        assertEquals(0, result.bytesConsumed());
        assertEquals(0, result.bytesProduced());
    } finally {
        cleanupClientSslEngine(clientEngine);
        cleanupServerSslEngine(serverEngine);
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) SSLEngineResult(javax.net.ssl.SSLEngineResult) SSLEngine(javax.net.ssl.SSLEngine) ArrayList(java.util.ArrayList) ByteBuffer(java.nio.ByteBuffer) Test(org.junit.Test)

Example 49 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class OpenSslEngineTest method testWrapBuffersNoWritePendingError.

@Test
public void testWrapBuffersNoWritePendingError() throws Exception {
    clientSslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build();
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine clientEngine = null;
    SSLEngine serverEngine = null;
    try {
        clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
        serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
        handshake(clientEngine, serverEngine);
        ByteBuffer src = allocateBuffer(1024 * 10);
        byte[] data = new byte[src.capacity()];
        PlatformDependent.threadLocalRandom().nextBytes(data);
        src.put(data).flip();
        ByteBuffer dst = allocateBuffer(1);
        // Try to wrap multiple times so we are more likely to hit the issue.
        for (int i = 0; i < 100; i++) {
            src.position(0);
            dst.position(0);
            assertSame(SSLEngineResult.Status.BUFFER_OVERFLOW, clientEngine.wrap(src, dst).getStatus());
        }
    } finally {
        cleanupClientSslEngine(clientEngine);
        cleanupServerSslEngine(serverEngine);
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) SSLEngine(javax.net.ssl.SSLEngine) ByteBuffer(java.nio.ByteBuffer) Test(org.junit.Test)

Example 50 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class RenegotiateTest method testRenegotiateServer.

@Test(timeout = 30000)
public void testRenegotiateServer() throws Throwable {
    final AtomicReference<Throwable> error = new AtomicReference<Throwable>();
    final CountDownLatch latch = new CountDownLatch(2);
    SelfSignedCertificate cert = new SelfSignedCertificate();
    EventLoopGroup group = new LocalEventLoopGroup();
    try {
        final SslContext context = SslContextBuilder.forServer(cert.key(), cert.cert()).sslProvider(serverSslProvider()).build();
        initSslServerContext(context);
        ServerBootstrap sb = new ServerBootstrap();
        sb.group(group).channel(LocalServerChannel.class).childHandler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) throws Exception {
                ch.pipeline().addLast(context.newHandler(ch.alloc()));
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    private boolean renegotiate;

                    @Override
                    public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
                        ReferenceCountUtil.release(msg);
                    }

                    @Override
                    public void userEventTriggered(final ChannelHandlerContext ctx, Object evt) throws Exception {
                        if (!renegotiate && evt instanceof SslHandshakeCompletionEvent) {
                            SslHandshakeCompletionEvent event = (SslHandshakeCompletionEvent) evt;
                            if (event.isSuccess()) {
                                final SslHandler handler = ctx.pipeline().get(SslHandler.class);
                                renegotiate = true;
                                handler.renegotiate().addListener(new FutureListener<Channel>() {

                                    @Override
                                    public void operationComplete(Future<Channel> future) throws Exception {
                                        if (!future.isSuccess()) {
                                            error.compareAndSet(null, future.cause());
                                            latch.countDown();
                                            ctx.close();
                                        }
                                    }
                                });
                            } else {
                                error.compareAndSet(null, event.cause());
                                latch.countDown();
                                ctx.close();
                            }
                        }
                    }
                });
            }
        });
        Channel channel = sb.bind(new LocalAddress("test")).syncUninterruptibly().channel();
        final SslContext clientContext = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(SslProvider.JDK).build();
        Bootstrap bootstrap = new Bootstrap();
        bootstrap.group(group).channel(LocalChannel.class).handler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) throws Exception {
                ch.pipeline().addLast(clientContext.newHandler(ch.alloc()));
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    @Override
                    public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
                        if (evt instanceof SslHandshakeCompletionEvent) {
                            SslHandshakeCompletionEvent event = (SslHandshakeCompletionEvent) evt;
                            if (!event.isSuccess()) {
                                error.compareAndSet(null, event.cause());
                                ctx.close();
                            }
                            latch.countDown();
                        }
                    }
                });
            }
        });
        Channel clientChannel = bootstrap.connect(channel.localAddress()).syncUninterruptibly().channel();
        latch.await();
        clientChannel.close().syncUninterruptibly();
        channel.close().syncUninterruptibly();
        Throwable cause = error.get();
        if (cause != null) {
            throw cause;
        }
    } finally {
        group.shutdownGracefully();
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) LocalEventLoopGroup(io.netty.channel.local.LocalEventLoopGroup) LocalAddress(io.netty.channel.local.LocalAddress) LocalChannel(io.netty.channel.local.LocalChannel) LocalServerChannel(io.netty.channel.local.LocalServerChannel) Channel(io.netty.channel.Channel) LocalChannel(io.netty.channel.local.LocalChannel) AtomicReference(java.util.concurrent.atomic.AtomicReference) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) CountDownLatch(java.util.concurrent.CountDownLatch) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) EventLoopGroup(io.netty.channel.EventLoopGroup) LocalEventLoopGroup(io.netty.channel.local.LocalEventLoopGroup) LocalServerChannel(io.netty.channel.local.LocalServerChannel) Bootstrap(io.netty.bootstrap.Bootstrap) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter) Test(org.junit.Test)

Aggregations

SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)63 Test (org.junit.Test)32 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)28 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)26 EventLoopGroup (io.netty.channel.EventLoopGroup)25 SSLEngine (javax.net.ssl.SSLEngine)25 NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)21 LoggingHandler (io.netty.handler.logging.LoggingHandler)19 SslContext (io.netty.handler.ssl.SslContext)19 Channel (io.netty.channel.Channel)17 ByteBuffer (java.nio.ByteBuffer)11 SSLEngineResult (javax.net.ssl.SSLEngineResult)10 Bootstrap (io.netty.bootstrap.Bootstrap)9 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)7 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)7 ChannelFuture (io.netty.channel.ChannelFuture)6 ChannelInboundHandlerAdapter (io.netty.channel.ChannelInboundHandlerAdapter)6 EmbeddedChannel (io.netty.channel.embedded.EmbeddedChannel)6 SocketChannel (io.netty.channel.socket.SocketChannel)6 File (java.io.File)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial