Example 1 with DomainNameMappingBuilder
use of io.netty.util.DomainNameMappingBuilder in project netty by netty.
the class SniHandlerTest method testFallbackToDefaultContext.
@Test
public void testFallbackToDefaultContext() throws Exception {
SslContext nettyContext = makeSslContext(provider, false);
SslContext leanContext = makeSslContext(provider, false);
SslContext leanContext2 = makeSslContext(provider, false);
try {
DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext).add("*.netty.io", nettyContext).add("*.LEANCLOUD.CN", leanContext).add("chat4.leancloud.cn", leanContext2).build();
SniHandler handler = new SniHandler(mapping);
EmbeddedChannel ch = new EmbeddedChannel(handler);
// invalid
byte[] message = { 22, 3, 1, 0, 0 };
try {
// Push the handshake message.
ch.writeInbound(Unpooled.wrappedBuffer(message));
} catch (Exception e) {
// expected
}
assertThat(ch.finish(), is(false));
assertThat(handler.hostname(), nullValue());
assertThat(handler.sslContext(), is(nettyContext));
} finally {
releaseAll(leanContext, leanContext2, nettyContext);
}
}
Also used :
EmbeddedChannel(io.netty.channel.embedded.EmbeddedChannel)
DomainNameMappingBuilder(io.netty.util.DomainNameMappingBuilder)
DecoderException(io.netty.handler.codec.DecoderException)
Test(org.junit.Test)
Example 2 with DomainNameMappingBuilder
use of io.netty.util.DomainNameMappingBuilder in project netty by netty.
the class SniHandlerTest method testServerNameParsing.
@Test
public void testServerNameParsing() throws Exception {
SslContext nettyContext = makeSslContext(provider, false);
SslContext leanContext = makeSslContext(provider, false);
SslContext leanContext2 = makeSslContext(provider, false);
try {
DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext).add("*.netty.io", nettyContext).add("*.LEANCLOUD.CN", leanContext).add("chat4.leancloud.cn", leanContext2).build();
SniHandler handler = new SniHandler(mapping);
EmbeddedChannel ch = new EmbeddedChannel(handler);
// hex dump of a client hello packet, which contains hostname "CHAT4。LEANCLOUD。CN"
String tlsHandshakeMessageHex1 = "16030100";
// part 2
String tlsHandshakeMessageHex = "bd010000b90303a74225676d1814ba57faff3b366" + "3656ed05ee9dbb2a4dbb1bb1c32d2ea5fc39e0000000100008c0000001700150000164348" + "415434E380824C45414E434C4F5544E38082434E000b000403000102000a00340032000e0" + "00d0019000b000c00180009000a0016001700080006000700140015000400050012001300" + "0100020003000f0010001100230000000d0020001e0601060206030501050205030401040" + "20403030103020303020102020203000f00010133740000";
try {
// Push the handshake message.
// Decode should fail because SNI error
ch.writeInbound(Unpooled.wrappedBuffer(DatatypeConverter.parseHexBinary(tlsHandshakeMessageHex1)));
ch.writeInbound(Unpooled.wrappedBuffer(DatatypeConverter.parseHexBinary(tlsHandshakeMessageHex)));
fail();
} catch (DecoderException e) {
// expected
}
// This should produce an alert
assertTrue(ch.finish());
assertThat(handler.hostname(), is("chat4.leancloud.cn"));
assertThat(handler.sslContext(), is(leanContext));
for (; ; ) {
Object msg = ch.readOutbound();
if (msg == null) {
break;
}
ReferenceCountUtil.release(msg);
}
} finally {
releaseAll(leanContext, leanContext2, nettyContext);
}
}
Also used :
DecoderException(io.netty.handler.codec.DecoderException)
EmbeddedChannel(io.netty.channel.embedded.EmbeddedChannel)
DomainNameMappingBuilder(io.netty.util.DomainNameMappingBuilder)
Test(org.junit.Test)
Example 3 with DomainNameMappingBuilder
use of io.netty.util.DomainNameMappingBuilder in project netty by netty.
the class SniHandlerTest method testNonAsciiServerNameParsing.
@ParameterizedTest(name = "{index}: sslProvider={0}")
@MethodSource("data")
public void testNonAsciiServerNameParsing(SslProvider provider) throws Exception {
SslContext nettyContext = makeSslContext(provider, false);
SslContext leanContext = makeSslContext(provider, false);
SslContext leanContext2 = makeSslContext(provider, false);
try {
DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext).add("*.netty.io", nettyContext).add("*.LEANCLOUD.CN", leanContext).add("chat4.leancloud.cn", leanContext2).build();
SniHandler handler = new SniHandler(mapping);
final EmbeddedChannel ch = new EmbeddedChannel(handler);
try {
// hex dump of a client hello packet, which contains an invalid hostname "CHAT4。LEANCLOUD。CN"
String tlsHandshakeMessageHex1 = "16030100";
// part 2
final String tlsHandshakeMessageHex = "bd010000b90303a74225676d1814ba57faff3b366" + "3656ed05ee9dbb2a4dbb1bb1c32d2ea5fc39e0000000100008c0000001700150000164348" + "415434E380824C45414E434C4F5544E38082434E000b000403000102000a00340032000e0" + "00d0019000b000c00180009000a0016001700080006000700140015000400050012001300" + "0100020003000f0010001100230000000d0020001e0601060206030501050205030401040" + "20403030103020303020102020203000f00010133740000";
// Push the handshake message.
// Decode should fail because of the badly encoded "HostName" string in the SNI extension
// that isn't ASCII as per RFC 6066 - https://tools.ietf.org/html/rfc6066#page-6
ch.writeInbound(Unpooled.wrappedBuffer(StringUtil.decodeHexDump(tlsHandshakeMessageHex1)));
assertThrows(DecoderException.class, new Executable() {
@Override
public void execute() throws Throwable {
ch.writeInbound(Unpooled.wrappedBuffer(StringUtil.decodeHexDump(tlsHandshakeMessageHex)));
}
});
} finally {
ch.finishAndReleaseAll();
}
} finally {
releaseAll(leanContext, leanContext2, nettyContext);
}
}
Also used :
EmbeddedChannel(io.netty.channel.embedded.EmbeddedChannel)
Executable(org.junit.jupiter.api.function.Executable)
DomainNameMappingBuilder(io.netty.util.DomainNameMappingBuilder)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
MethodSource(org.junit.jupiter.params.provider.MethodSource)
Example 4 with DomainNameMappingBuilder
use of io.netty.util.DomainNameMappingBuilder in project netty by netty.
the class SniHandlerTest method testServerNameParsing.
@ParameterizedTest(name = "{index}: sslProvider={0}")
@MethodSource("data")
public void testServerNameParsing(SslProvider provider) throws Exception {
SslContext nettyContext = makeSslContext(provider, false);
SslContext leanContext = makeSslContext(provider, false);
SslContext leanContext2 = makeSslContext(provider, false);
try {
DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext).add("*.netty.io", nettyContext).add("*.LEANCLOUD.CN", leanContext).add("chat4.leancloud.cn", leanContext2).build();
final AtomicReference<SniCompletionEvent> evtRef = new AtomicReference<SniCompletionEvent>();
SniHandler handler = new SniHandler(mapping);
EmbeddedChannel ch = new EmbeddedChannel(handler, new ChannelInboundHandlerAdapter() {
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
if (evt instanceof SniCompletionEvent) {
assertTrue(evtRef.compareAndSet(null, (SniCompletionEvent) evt));
} else {
ctx.fireUserEventTriggered(evt);
}
}
});
try {
// hex dump of a client hello packet, which contains hostname "CHAT4.LEANCLOUD.CN"
String tlsHandshakeMessageHex1 = "16030100";
// part 2
String tlsHandshakeMessageHex = "c6010000c20303bb0855d66532c05a0ef784f7c384feeafa68b3" + "b655ac7288650d5eed4aa3fb52000038c02cc030009fcca9cca8ccaac02b" + "c02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d" + "009c003d003c0035002f00ff010000610000001700150000124348415434" + "2e4c45414e434c4f55442e434e000b000403000102000a000a0008001d00" + "170019001800230000000d0020001e060106020603050105020503040104" + "0204030301030203030201020202030016000000170000";
ch.writeInbound(Unpooled.wrappedBuffer(StringUtil.decodeHexDump(tlsHandshakeMessageHex1)));
ch.writeInbound(Unpooled.wrappedBuffer(StringUtil.decodeHexDump(tlsHandshakeMessageHex)));
// This should produce an alert
assertTrue(ch.finish());
assertThat(handler.hostname(), is("chat4.leancloud.cn"));
assertThat(handler.sslContext(), is(leanContext));
SniCompletionEvent evt = evtRef.get();
assertNotNull(evt);
assertEquals("chat4.leancloud.cn", evt.hostname());
assertTrue(evt.isSuccess());
assertNull(evt.cause());
} finally {
ch.finishAndReleaseAll();
}
} finally {
releaseAll(leanContext, leanContext2, nettyContext);
}
}
Also used :
EmbeddedChannel(io.netty.channel.embedded.EmbeddedChannel)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
ChannelHandlerContext(io.netty.channel.ChannelHandlerContext)
DecoderException(io.netty.handler.codec.DecoderException)
SSLException(javax.net.ssl.SSLException)
DomainNameMappingBuilder(io.netty.util.DomainNameMappingBuilder)
ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
MethodSource(org.junit.jupiter.params.provider.MethodSource)
Example 5 with DomainNameMappingBuilder
use of io.netty.util.DomainNameMappingBuilder in project netty by netty.
the class SniHandlerTest method testNonSslRecord.
@ParameterizedTest(name = "{index}: sslProvider={0}")
@MethodSource("data")
public void testNonSslRecord(SslProvider provider) throws Exception {
SslContext nettyContext = makeSslContext(provider, false);
try {
final AtomicReference<SslHandshakeCompletionEvent> evtRef = new AtomicReference<SslHandshakeCompletionEvent>();
SniHandler handler = new SniHandler(new DomainNameMappingBuilder<SslContext>(nettyContext).build());
final EmbeddedChannel ch = new EmbeddedChannel(handler, new ChannelInboundHandlerAdapter() {
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
if (evt instanceof SslHandshakeCompletionEvent) {
assertTrue(evtRef.compareAndSet(null, (SslHandshakeCompletionEvent) evt));
}
}
});
try {
final byte[] bytes = new byte[1024];
bytes[0] = SslUtils.SSL_CONTENT_TYPE_ALERT;
DecoderException e = assertThrows(DecoderException.class, new Executable() {
@Override
public void execute() throws Throwable {
ch.writeInbound(Unpooled.wrappedBuffer(bytes));
}
});
assertThat(e.getCause(), CoreMatchers.instanceOf(NotSslRecordException.class));
assertFalse(ch.finish());
} finally {
ch.finishAndReleaseAll();
}
assertThat(evtRef.get().cause(), CoreMatchers.instanceOf(NotSslRecordException.class));
} finally {
releaseAll(nettyContext);
}
}
Also used :
EmbeddedChannel(io.netty.channel.embedded.EmbeddedChannel)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
ChannelHandlerContext(io.netty.channel.ChannelHandlerContext)
DecoderException(io.netty.handler.codec.DecoderException)
SSLException(javax.net.ssl.SSLException)
DecoderException(io.netty.handler.codec.DecoderException)
Executable(org.junit.jupiter.api.function.Executable)
DomainNameMappingBuilder(io.netty.util.DomainNameMappingBuilder)
ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
MethodSource(org.junit.jupiter.params.provider.MethodSource)
Aggregations
EmbeddedChannel (io.netty.channel.embedded.EmbeddedChannel)6
DomainNameMappingBuilder (io.netty.util.DomainNameMappingBuilder)6
DecoderException (io.netty.handler.codec.DecoderException)5
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)4
MethodSource (org.junit.jupiter.params.provider.MethodSource)4
SSLException (javax.net.ssl.SSLException)3
ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)2
ChannelInboundHandlerAdapter (io.netty.channel.ChannelInboundHandlerAdapter)2
AtomicReference (java.util.concurrent.atomic.AtomicReference)2
Test (org.junit.Test)2
Executable (org.junit.jupiter.api.function.Executable)2
ByteBuf (io.netty.buffer.ByteBuf)1
