Examples with SSLEngineResult javax.net.ssl.SSLEngineResult used on opensource projects

Search in sources :

Example 96 with SSLEngineResult

use of javax.net.ssl.SSLEngineResult in project netty by netty.

the class OpenSslEngineTest method testOnlySmallBufferNeededForWrap.

@Test
public void testOnlySmallBufferNeededForWrap() throws Exception {
    clientSslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build();
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine clientEngine = null;
    SSLEngine serverEngine = null;
    try {
        clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
        serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
        handshake(clientEngine, serverEngine);
        // Allocate a buffer which is small enough and set the limit to the capacity to mark its whole content
        // as readable.
        int srcLen = 1024;
        ByteBuffer src = allocateBuffer(srcLen);
        ByteBuffer dstTooSmall = allocateBuffer(src.capacity() + MAX_TLS_RECORD_OVERHEAD_LENGTH - 1);
        ByteBuffer dst = allocateBuffer(src.capacity() + MAX_TLS_RECORD_OVERHEAD_LENGTH);
        // Check that we fail to wrap if the dst buffers capacity is not at least
        // src.capacity() + ReferenceCountedOpenSslEngine.MAX_TLS_RECORD_OVERHEAD_LENGTH
        SSLEngineResult result = clientEngine.wrap(src, dstTooSmall);
        assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
        assertEquals(0, result.bytesConsumed());
        assertEquals(0, result.bytesProduced());
        assertEquals(src.remaining(), src.capacity());
        assertEquals(dst.remaining(), dst.capacity());
        // Check that we can wrap with a dst buffer that has the capacity of
        // src.capacity() + ReferenceCountedOpenSslEngine.MAX_TLS_RECORD_OVERHEAD_LENGTH
        result = clientEngine.wrap(src, dst);
        assertEquals(SSLEngineResult.Status.OK, result.getStatus());
        assertEquals(srcLen, result.bytesConsumed());
        assertEquals(0, src.remaining());
        assertTrue(result.bytesProduced() > srcLen);
        assertEquals(src.capacity() - result.bytesConsumed(), src.remaining());
        assertEquals(dst.capacity() - result.bytesProduced(), dst.remaining());
    } finally {
        cleanupClientSslEngine(clientEngine);
        cleanupServerSslEngine(serverEngine);
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) SSLEngineResult(javax.net.ssl.SSLEngineResult) SSLEngine(javax.net.ssl.SSLEngine) ByteBuffer(java.nio.ByteBuffer) Test(org.junit.Test)

Example 97 with SSLEngineResult

use of javax.net.ssl.SSLEngineResult in project netty by netty.

the class OpenSslEngineTest method testSrcsLenOverFlowCorrectlyHandled.

@Test
public void testSrcsLenOverFlowCorrectlyHandled() throws Exception {
    clientSslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build();
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine clientEngine = null;
    SSLEngine serverEngine = null;
    try {
        clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
        serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
        handshake(clientEngine, serverEngine);
        ByteBuffer src = allocateBuffer(1024);
        List<ByteBuffer> srcList = new ArrayList<ByteBuffer>();
        long srcsLen = 0;
        long maxLen = ((long) MAX_VALUE) * 2;
        while (srcsLen < maxLen) {
            ByteBuffer dup = src.duplicate();
            srcList.add(dup);
            srcsLen += dup.capacity();
        }
        ByteBuffer[] srcs = srcList.toArray(new ByteBuffer[srcList.size()]);
        ByteBuffer dst = allocateBuffer(MAX_ENCRYPTED_PACKET_LENGTH - 1);
        SSLEngineResult result = clientEngine.wrap(srcs, dst);
        assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
        for (ByteBuffer buffer : srcs) {
            assertEquals(0, buffer.position());
        }
        assertEquals(0, dst.position());
        assertEquals(0, result.bytesConsumed());
        assertEquals(0, result.bytesProduced());
    } finally {
        cleanupClientSslEngine(clientEngine);
        cleanupServerSslEngine(serverEngine);
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) SSLEngineResult(javax.net.ssl.SSLEngineResult) SSLEngine(javax.net.ssl.SSLEngine) ArrayList(java.util.ArrayList) ByteBuffer(java.nio.ByteBuffer) Test(org.junit.Test)

Example 98 with SSLEngineResult

use of javax.net.ssl.SSLEngineResult in project netty by netty.

the class SSLEngineTest method testWrapAfterCloseOutbound.

@Test
public void testWrapAfterCloseOutbound() throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();
    clientSslCtx = SslContextBuilder.forClient().trustManager(cert.cert()).sslProvider(sslClientProvider()).build();
    SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    serverSslCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    try {
        ByteBuffer dst = allocateBuffer(client.getSession().getPacketBufferSize());
        ByteBuffer src = allocateBuffer(1024);
        handshake(client, server);
        // This will produce a close_notify
        client.closeOutbound();
        SSLEngineResult result = client.wrap(src, dst);
        assertEquals(SSLEngineResult.Status.CLOSED, result.getStatus());
        assertEquals(0, result.bytesConsumed());
        assertTrue(result.bytesProduced() > 0);
        assertTrue(client.isOutboundDone());
        assertFalse(client.isInboundDone());
    } finally {
        cert.delete();
        cleanupClientSslEngine(client);
        cleanupServerSslEngine(server);
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) SSLEngineResult(javax.net.ssl.SSLEngineResult) SSLEngine(javax.net.ssl.SSLEngine) ByteBuffer(java.nio.ByteBuffer) Test(org.junit.Test)

Example 99 with SSLEngineResult

use of javax.net.ssl.SSLEngineResult in project netty by netty.

the class SSLEngineTest method testMultipleRecordsInOneBufferBiggerThenPacketBufferSize.

@Test
public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize() throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();
    clientSslCtx = SslContextBuilder.forClient().trustManager(cert.cert()).sslProvider(sslClientProvider()).build();
    SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    serverSslCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    try {
        ByteBuffer plainClientOut = allocateBuffer(4096);
        ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize());
        ByteBuffer encClientToServer = allocateBuffer(server.getSession().getPacketBufferSize() * 2);
        handshake(client, server);
        int srcLen = plainClientOut.remaining();
        SSLEngineResult result;
        while (encClientToServer.position() <= server.getSession().getPacketBufferSize()) {
            result = client.wrap(plainClientOut, encClientToServer);
            assertEquals(SSLEngineResult.Status.OK, result.getStatus());
            assertEquals(srcLen, result.bytesConsumed());
            assertTrue(result.bytesProduced() > 0);
            plainClientOut.clear();
        }
        encClientToServer.flip();
        result = server.unwrap(encClientToServer, plainServerOut);
        assertEquals(SSLEngineResult.Status.OK, result.getStatus());
        assertTrue(result.bytesConsumed() > 0);
        assertTrue(result.bytesProduced() > 0);
    } finally {
        cert.delete();
        cleanupClientSslEngine(client);
        cleanupServerSslEngine(server);
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) SSLEngineResult(javax.net.ssl.SSLEngineResult) SSLEngine(javax.net.ssl.SSLEngine) ByteBuffer(java.nio.ByteBuffer) Test(org.junit.Test)

Example 100 with SSLEngineResult

use of javax.net.ssl.SSLEngineResult in project netty by netty.

the class SSLEngineTest method handshake.

protected void handshake(SSLEngine clientEngine, SSLEngine serverEngine) throws SSLException {
    ByteBuffer cTOs = allocateBuffer(clientEngine.getSession().getPacketBufferSize());
    ByteBuffer sTOc = allocateBuffer(serverEngine.getSession().getPacketBufferSize());
    ByteBuffer serverAppReadBuffer = allocateBuffer(serverEngine.getSession().getApplicationBufferSize());
    ByteBuffer clientAppReadBuffer = allocateBuffer(clientEngine.getSession().getApplicationBufferSize());
    clientEngine.beginHandshake();
    serverEngine.beginHandshake();
    ByteBuffer empty = allocateBuffer(0);
    SSLEngineResult clientResult;
    SSLEngineResult serverResult;
    boolean clientHandshakeFinished = false;
    boolean serverHandshakeFinished = false;
    do {
        int cTOsPos = cTOs.position();
        int sTOcPos = sTOc.position();
        if (!clientHandshakeFinished) {
            clientResult = clientEngine.wrap(empty, cTOs);
            runDelegatedTasks(clientResult, clientEngine);
            assertEquals(empty.remaining(), clientResult.bytesConsumed());
            assertEquals(cTOs.position() - cTOsPos, clientResult.bytesProduced());
            if (isHandshakeFinished(clientResult)) {
                clientHandshakeFinished = true;
            }
        }
        if (!serverHandshakeFinished) {
            serverResult = serverEngine.wrap(empty, sTOc);
            runDelegatedTasks(serverResult, serverEngine);
            assertEquals(empty.remaining(), serverResult.bytesConsumed());
            assertEquals(sTOc.position() - sTOcPos, serverResult.bytesProduced());
            if (isHandshakeFinished(serverResult)) {
                serverHandshakeFinished = true;
            }
        }
        cTOs.flip();
        sTOc.flip();
        cTOsPos = cTOs.position();
        sTOcPos = sTOc.position();
        if (!clientHandshakeFinished) {
            int clientAppReadBufferPos = clientAppReadBuffer.position();
            clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer);
            runDelegatedTasks(clientResult, clientEngine);
            assertEquals(sTOc.position() - sTOcPos, clientResult.bytesConsumed());
            assertEquals(clientAppReadBuffer.position() - clientAppReadBufferPos, clientResult.bytesProduced());
            if (isHandshakeFinished(clientResult)) {
                clientHandshakeFinished = true;
            }
        } else {
            assertFalse(sTOc.hasRemaining());
        }
        if (!serverHandshakeFinished) {
            int serverAppReadBufferPos = serverAppReadBuffer.position();
            serverResult = serverEngine.unwrap(cTOs, serverAppReadBuffer);
            runDelegatedTasks(serverResult, serverEngine);
            assertEquals(cTOs.position() - cTOsPos, serverResult.bytesConsumed());
            assertEquals(serverAppReadBuffer.position() - serverAppReadBufferPos, serverResult.bytesProduced());
            if (isHandshakeFinished(serverResult)) {
                serverHandshakeFinished = true;
            }
        } else {
            assertFalse(cTOs.hasRemaining());
        }
        sTOc.compact();
        cTOs.compact();
    } while (!clientHandshakeFinished || !serverHandshakeFinished);
}
Also used : SSLEngineResult(javax.net.ssl.SSLEngineResult) ByteBuffer(java.nio.ByteBuffer)

Aggregations

SSLEngineResult (javax.net.ssl.SSLEngineResult)131 ByteBuffer (java.nio.ByteBuffer)53 IOException (java.io.IOException)31 SSLException (javax.net.ssl.SSLException)29 SSLEngine (javax.net.ssl.SSLEngine)23 Test (org.junit.Test)13 ReadOnlyBufferException (java.nio.ReadOnlyBufferException)12 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)10 EOFException (java.io.EOFException)7 HandshakeStatus (javax.net.ssl.SSLEngineResult.HandshakeStatus)7 ByteBuf (io.netty.buffer.ByteBuf)6 SSLSession (javax.net.ssl.SSLSession)6 WritePendingException (java.nio.channels.WritePendingException)5 KeyManagementException (java.security.KeyManagementException)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 ExecutionException (java.util.concurrent.ExecutionException)5 TimeoutException (java.util.concurrent.TimeoutException)5 CompositeByteBuf (io.netty.buffer.CompositeByteBuf)4 Status (javax.net.ssl.SSLEngineResult.Status)4 BufferUnderflowException (java.nio.BufferUnderflowException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial