Example 21 with SSLEngineResult
use of javax.net.ssl.SSLEngineResult in project netty by netty.
the class SSLEngineTest method testUnwrapBehavior.
@Test
public void testUnwrapBehavior() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder.forClient().trustManager(cert.cert()).sslProvider(sslClientProvider()).build();
SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
serverSslCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()).sslProvider(sslServerProvider()).build();
SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
byte[] bytes = "Hello World".getBytes(CharsetUtil.US_ASCII);
try {
ByteBuffer plainClientOut = allocateBuffer(client.getSession().getApplicationBufferSize());
ByteBuffer encryptedClientToServer = allocateBuffer(server.getSession().getPacketBufferSize() * 2);
ByteBuffer plainServerIn = allocateBuffer(server.getSession().getApplicationBufferSize());
handshake(client, server);
// create two TLS frames
// first frame
plainClientOut.put(bytes, 0, 5);
plainClientOut.flip();
SSLEngineResult result = client.wrap(plainClientOut, encryptedClientToServer);
assertEquals(SSLEngineResult.Status.OK, result.getStatus());
assertEquals(5, result.bytesConsumed());
assertTrue(result.bytesProduced() > 0);
assertFalse(plainClientOut.hasRemaining());
// second frame
plainClientOut.clear();
plainClientOut.put(bytes, 5, 6);
plainClientOut.flip();
result = client.wrap(plainClientOut, encryptedClientToServer);
assertEquals(SSLEngineResult.Status.OK, result.getStatus());
assertEquals(6, result.bytesConsumed());
assertTrue(result.bytesProduced() > 0);
// send over to server
encryptedClientToServer.flip();
// try with too small output buffer first (to check BUFFER_OVERFLOW case)
int remaining = encryptedClientToServer.remaining();
ByteBuffer small = allocateBuffer(3);
result = server.unwrap(encryptedClientToServer, small);
assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
assertEquals(remaining, encryptedClientToServer.remaining());
// now with big enough buffer
result = server.unwrap(encryptedClientToServer, plainServerIn);
assertEquals(SSLEngineResult.Status.OK, result.getStatus());
assertEquals(5, result.bytesProduced());
assertTrue(encryptedClientToServer.hasRemaining());
result = server.unwrap(encryptedClientToServer, plainServerIn);
assertEquals(SSLEngineResult.Status.OK, result.getStatus());
assertEquals(6, result.bytesProduced());
assertFalse(encryptedClientToServer.hasRemaining());
plainServerIn.flip();
assertEquals(ByteBuffer.wrap(bytes), plainServerIn);
} finally {
cleanupClientSslEngine(client);
cleanupServerSslEngine(server);
}
}
Also used :
SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate)
SSLEngineResult(javax.net.ssl.SSLEngineResult)
SSLEngine(javax.net.ssl.SSLEngine)
ByteBuffer(java.nio.ByteBuffer)
Test(org.junit.Test)
Example 22 with SSLEngineResult
use of javax.net.ssl.SSLEngineResult in project netty by netty.
the class SSLEngineTest method testBeginHandshakeCloseOutbound.
private void testBeginHandshakeCloseOutbound(SSLEngine engine) throws SSLException {
ByteBuffer dst = allocateBuffer(engine.getSession().getPacketBufferSize());
ByteBuffer empty = allocateBuffer(0);
engine.beginHandshake();
engine.closeOutbound();
SSLEngineResult result;
for (; ; ) {
result = engine.wrap(empty, dst);
dst.flip();
assertEquals(0, result.bytesConsumed());
assertEquals(dst.remaining(), result.bytesProduced());
if (result.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_WRAP) {
break;
}
dst.clear();
}
assertEquals(SSLEngineResult.Status.CLOSED, result.getStatus());
}
Also used :
SSLEngineResult(javax.net.ssl.SSLEngineResult)
ByteBuffer(java.nio.ByteBuffer)
Example 23 with SSLEngineResult
use of javax.net.ssl.SSLEngineResult in project netty by netty.
the class SSLEngineTest method testCloseNotifySequence.
@Test
public void testCloseNotifySequence() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder.forClient().trustManager(cert.cert()).sslProvider(sslClientProvider()).build();
SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
serverSslCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()).sslProvider(sslServerProvider()).build();
SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
try {
ByteBuffer plainClientOut = allocateBuffer(client.getSession().getApplicationBufferSize());
ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize());
ByteBuffer encryptedClientToServer = allocateBuffer(client.getSession().getPacketBufferSize());
ByteBuffer encryptedServerToClient = allocateBuffer(server.getSession().getPacketBufferSize());
ByteBuffer empty = allocateBuffer(0);
handshake(client, server);
// This will produce a close_notify
client.closeOutbound();
// Something still pending in the outbound buffer.
assertFalse(client.isOutboundDone());
assertFalse(client.isInboundDone());
// Now wrap and so drain the outbound buffer.
SSLEngineResult result = client.wrap(empty, encryptedClientToServer);
encryptedClientToServer.flip();
assertEquals(SSLEngineResult.Status.CLOSED, result.getStatus());
// Need an UNWRAP to read the response of the close_notify
assertEquals(SSLEngineResult.HandshakeStatus.NEED_UNWRAP, result.getHandshakeStatus());
int produced = result.bytesProduced();
int consumed = result.bytesConsumed();
int closeNotifyLen = produced;
assertTrue(produced > 0);
assertEquals(0, consumed);
assertEquals(produced, encryptedClientToServer.remaining());
// Outbound buffer should be drained now.
assertTrue(client.isOutboundDone());
assertFalse(client.isInboundDone());
assertFalse(server.isOutboundDone());
assertFalse(server.isInboundDone());
result = server.unwrap(encryptedClientToServer, plainServerOut);
plainServerOut.flip();
assertEquals(SSLEngineResult.Status.CLOSED, result.getStatus());
// Need a WRAP to respond to the close_notify
assertEquals(SSLEngineResult.HandshakeStatus.NEED_WRAP, result.getHandshakeStatus());
produced = result.bytesProduced();
consumed = result.bytesConsumed();
assertEquals(closeNotifyLen, consumed);
assertEquals(0, produced);
// Should have consumed the complete close_notify
assertEquals(0, encryptedClientToServer.remaining());
assertEquals(0, plainServerOut.remaining());
assertFalse(server.isOutboundDone());
assertTrue(server.isInboundDone());
result = server.wrap(empty, encryptedServerToClient);
encryptedServerToClient.flip();
assertEquals(SSLEngineResult.Status.CLOSED, result.getStatus());
// UNWRAP/WRAP are not expected after this point
assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, result.getHandshakeStatus());
produced = result.bytesProduced();
consumed = result.bytesConsumed();
assertEquals(closeNotifyLen, produced);
assertEquals(0, consumed);
assertEquals(produced, encryptedServerToClient.remaining());
assertTrue(server.isOutboundDone());
assertTrue(server.isInboundDone());
result = client.unwrap(encryptedServerToClient, plainClientOut);
plainClientOut.flip();
assertEquals(SSLEngineResult.Status.CLOSED, result.getStatus());
// UNWRAP/WRAP are not expected after this point
assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, result.getHandshakeStatus());
produced = result.bytesProduced();
consumed = result.bytesConsumed();
assertEquals(closeNotifyLen, consumed);
assertEquals(0, produced);
assertEquals(0, encryptedServerToClient.remaining());
assertTrue(client.isOutboundDone());
assertTrue(client.isInboundDone());
// Ensure that calling wrap or unwrap again will not produce a SSLException
encryptedServerToClient.clear();
plainServerOut.clear();
result = server.wrap(plainServerOut, encryptedServerToClient);
assertEngineRemainsClosed(result);
encryptedClientToServer.clear();
plainServerOut.clear();
result = server.unwrap(encryptedClientToServer, plainServerOut);
assertEngineRemainsClosed(result);
encryptedClientToServer.clear();
plainClientOut.clear();
result = client.wrap(plainClientOut, encryptedClientToServer);
assertEngineRemainsClosed(result);
encryptedServerToClient.clear();
plainClientOut.clear();
result = client.unwrap(encryptedServerToClient, plainClientOut);
assertEngineRemainsClosed(result);
} finally {
cert.delete();
cleanupClientSslEngine(client);
cleanupServerSslEngine(server);
}
}
Also used :
SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate)
SSLEngineResult(javax.net.ssl.SSLEngineResult)
SSLEngine(javax.net.ssl.SSLEngine)
ByteBuffer(java.nio.ByteBuffer)
Test(org.junit.Test)
Example 24 with SSLEngineResult
use of javax.net.ssl.SSLEngineResult in project netty by netty.
the class SSLEngineTest method testSSLEngineUnwrapNoSslRecord.
@Test
public void testSSLEngineUnwrapNoSslRecord() throws Exception {
clientSslCtx = SslContextBuilder.forClient().sslProvider(sslClientProvider()).build();
SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
try {
ByteBuffer src = allocateBuffer(client.getSession().getApplicationBufferSize());
ByteBuffer dst = allocateBuffer(client.getSession().getPacketBufferSize());
ByteBuffer empty = allocateBuffer(0);
SSLEngineResult clientResult = client.wrap(empty, dst);
assertEquals(SSLEngineResult.Status.OK, clientResult.getStatus());
assertEquals(SSLEngineResult.HandshakeStatus.NEED_UNWRAP, clientResult.getHandshakeStatus());
try {
client.unwrap(src, dst);
fail();
} catch (SSLException expected) {
// expected
}
} finally {
cleanupClientSslEngine(client);
}
}
Also used :
SSLEngineResult(javax.net.ssl.SSLEngineResult)
SSLEngine(javax.net.ssl.SSLEngine)
ByteBuffer(java.nio.ByteBuffer)
SSLException(javax.net.ssl.SSLException)
Test(org.junit.Test)
Example 25 with SSLEngineResult
use of javax.net.ssl.SSLEngineResult in project netty by netty.
the class SSLEngineTest method testBufferUnderFlow.
@Test
public void testBufferUnderFlow() throws Exception {
SelfSignedCertificate cert = new SelfSignedCertificate();
clientSslCtx = SslContextBuilder.forClient().trustManager(cert.cert()).sslProvider(sslClientProvider()).build();
SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
serverSslCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()).sslProvider(sslServerProvider()).build();
SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
try {
ByteBuffer plainClient = allocateBuffer(1024);
plainClient.limit(plainClient.capacity());
ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize());
ByteBuffer plainServer = allocateBuffer(server.getSession().getApplicationBufferSize());
handshake(client, server);
SSLEngineResult result = client.wrap(plainClient, encClientToServer);
assertEquals(SSLEngineResult.Status.OK, result.getStatus());
assertEquals(result.bytesConsumed(), plainClient.capacity());
// Flip so we can read it.
encClientToServer.flip();
int remaining = encClientToServer.remaining();
// We limit the buffer so we have less then the header to read, this should result in an BUFFER_UNDERFLOW.
encClientToServer.limit(SslUtils.SSL_RECORD_HEADER_LENGTH - 1);
result = server.unwrap(encClientToServer, plainServer);
assertResultIsBufferUnderflow(result);
// We limit the buffer so we can read the header but not the rest, this should result in an
// BUFFER_UNDERFLOW.
encClientToServer.limit(SslUtils.SSL_RECORD_HEADER_LENGTH);
result = server.unwrap(encClientToServer, plainServer);
assertResultIsBufferUnderflow(result);
// We limit the buffer so we can read the header and partly the rest, this should result in an
// BUFFER_UNDERFLOW.
encClientToServer.limit(SslUtils.SSL_RECORD_HEADER_LENGTH + remaining - 1 - SslUtils.SSL_RECORD_HEADER_LENGTH);
result = server.unwrap(encClientToServer, plainServer);
assertResultIsBufferUnderflow(result);
// Reset limit so we can read the full record.
encClientToServer.limit(remaining);
result = server.unwrap(encClientToServer, plainServer);
assertEquals(SSLEngineResult.Status.OK, result.getStatus());
assertEquals(result.bytesConsumed(), remaining);
assertTrue(result.bytesProduced() > 0);
} finally {
cert.delete();
cleanupClientSslEngine(client);
cleanupServerSslEngine(server);
}
}
Also used :
SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate)
SSLEngineResult(javax.net.ssl.SSLEngineResult)
SSLEngine(javax.net.ssl.SSLEngine)
ByteBuffer(java.nio.ByteBuffer)
Test(org.junit.Test)
Aggregations
SSLEngineResult (javax.net.ssl.SSLEngineResult)131
ByteBuffer (java.nio.ByteBuffer)53
IOException (java.io.IOException)31
SSLException (javax.net.ssl.SSLException)29
SSLEngine (javax.net.ssl.SSLEngine)23
Test (org.junit.Test)13
ReadOnlyBufferException (java.nio.ReadOnlyBufferException)12
SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)10
EOFException (java.io.EOFException)7
HandshakeStatus (javax.net.ssl.SSLEngineResult.HandshakeStatus)7
ByteBuf (io.netty.buffer.ByteBuf)6
SSLSession (javax.net.ssl.SSLSession)6
WritePendingException (java.nio.channels.WritePendingException)5
KeyManagementException (java.security.KeyManagementException)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5
ExecutionException (java.util.concurrent.ExecutionException)5
TimeoutException (java.util.concurrent.TimeoutException)5
CompositeByteBuf (io.netty.buffer.CompositeByteBuf)4
Status (javax.net.ssl.SSLEngineResult.Status)4
BufferUnderflowException (java.nio.BufferUnderflowException)3
