Examples with SelfSignedCertificate io.netty.handler.ssl.util.SelfSignedCertificate used on opensource projects

Example 51 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class JdkSslEngineTest method testAlpnNoCompatibleProtocolsClientHandshakeFailure.

@Test
public void testAlpnNoCompatibleProtocolsClientHandshakeFailure() throws Exception {
    try {
        // initialization error.
        if (!JdkAlpnSslEngine.isAvailable()) {
            throw tlsExtensionNotFound(Protocol.ALPN);
        }
        SelfSignedCertificate ssc = new SelfSignedCertificate();
        JdkApplicationProtocolNegotiator clientApn = new JdkAlpnApplicationProtocolNegotiator(true, true, PREFERRED_APPLICATION_LEVEL_PROTOCOL);
        JdkApplicationProtocolNegotiator serverApn = new JdkAlpnApplicationProtocolNegotiator(new ProtocolSelectorFactory() {

            @Override
            public ProtocolSelector newSelector(SSLEngine engine, Set<String> supportedProtocols) {
                return new ProtocolSelector() {

                    @Override
                    public void unsupported() {
                    }

                    @Override
                    public String select(List<String> protocols) {
                        return APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE;
                    }
                };
            }
        }, JdkBaseApplicationProtocolNegotiator.FAIL_SELECTION_LISTENER_FACTORY, APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
        SslContext serverSslCtx = new JdkSslServerContext(ssc.certificate(), ssc.privateKey(), null, null, IdentityCipherSuiteFilter.INSTANCE, serverApn, 0, 0);
        SslContext clientSslCtx = new JdkSslClientContext(null, InsecureTrustManagerFactory.INSTANCE, null, IdentityCipherSuiteFilter.INSTANCE, clientApn, 0, 0);
        setupHandlers(serverSslCtx, clientSslCtx);
        assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
        assertTrue(clientException instanceof SSLHandshakeException);
    } catch (SkipTestException e) {
        // ALPN availability is dependent on the java version. If ALPN is not available because of
        // java version incompatibility don't fail the test, but instead just skip the test
        assumeNoException(e);
    }
}

Example 52 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class OpenSslEngineTest method testAlgorithmConstraintsThrows.

@Test(expected = IllegalArgumentException.class)
public void testAlgorithmConstraintsThrows() throws Exception {
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    try {
        SSLParameters parameters = new SSLParameters();
        parameters.setAlgorithmConstraints(new AlgorithmConstraints() {

            @Override
            public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters) {
                return false;
            }

            @Override
            public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
                return false;
            }

            @Override
            public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) {
                return false;
            }
        });
        engine.setSSLParameters(parameters);
    } finally {
        cleanupServerSslEngine(engine);
        ssc.delete();
    }
}

Example 53 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class OpenSslEngineTest method testWrapWithDifferentSizesSSLv3.

@Test
public void testWrapWithDifferentSizesSSLv3() throws Exception {
    clientSslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build();
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-AES128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AES128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DES-CBC3-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AECDH-AES128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "CAMELLIA128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-AES256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "SEED-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "RC4-MD5");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-AES256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AES256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-SEED-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-RC4-MD5");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "IDEA-CBC-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-AES128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "RC4-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "CAMELLIA256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AECDH-RC4-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-SEED-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "AECDH-AES256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ECDHE-RSA-DES-CBC3-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ADH-CAMELLIA256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA256-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "DHE-RSA-CAMELLIA128-SHA");
    testWrapWithDifferentSizes(OpenSsl.PROTOCOL_SSL_V3, "ECDHE-RSA-RC4-SHA");
}

Example 54 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class SSLEngineTest method testWrapAfterCloseOutbound.

@Test
public void testWrapAfterCloseOutbound() throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();
    clientSslCtx = SslContextBuilder.forClient().trustManager(cert.cert()).sslProvider(sslClientProvider()).build();
    SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    serverSslCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    try {
        ByteBuffer dst = allocateBuffer(client.getSession().getPacketBufferSize());
        ByteBuffer src = allocateBuffer(1024);
        handshake(client, server);
        // This will produce a close_notify
        client.closeOutbound();
        SSLEngineResult result = client.wrap(src, dst);
        assertEquals(SSLEngineResult.Status.CLOSED, result.getStatus());
        assertEquals(0, result.bytesConsumed());
        assertTrue(result.bytesProduced() > 0);
        assertTrue(client.isOutboundDone());
        assertFalse(client.isInboundDone());
    } finally {
        cert.delete();
        cleanupClientSslEngine(client);
        cleanupServerSslEngine(server);
    }
}

Example 55 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class SSLEngineTest method testMultipleRecordsInOneBufferBiggerThenPacketBufferSize.

@Test
public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize() throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();
    clientSslCtx = SslContextBuilder.forClient().trustManager(cert.cert()).sslProvider(sslClientProvider()).build();
    SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    serverSslCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    try {
        ByteBuffer plainClientOut = allocateBuffer(4096);
        ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize());
        ByteBuffer encClientToServer = allocateBuffer(server.getSession().getPacketBufferSize() * 2);
        handshake(client, server);
        int srcLen = plainClientOut.remaining();
        SSLEngineResult result;
        while (encClientToServer.position() <= server.getSession().getPacketBufferSize()) {
            result = client.wrap(plainClientOut, encClientToServer);
            assertEquals(SSLEngineResult.Status.OK, result.getStatus());
            assertEquals(srcLen, result.bytesConsumed());
            assertTrue(result.bytesProduced() > 0);
            plainClientOut.clear();
        }
        encClientToServer.flip();
        result = server.unwrap(encClientToServer, plainServerOut);
        assertEquals(SSLEngineResult.Status.OK, result.getStatus());
        assertTrue(result.bytesConsumed() > 0);
        assertTrue(result.bytesProduced() > 0);
    } finally {
        cert.delete();
        cleanupClientSslEngine(client);
        cleanupServerSslEngine(server);
    }
}