Example 41 with SSLEngineResult
use of javax.net.ssl.SSLEngineResult in project jdk8u_jdk by JetBrains.
the class LargeBufs method runTest.
private void runTest(String cipher) throws Exception {
boolean dataDone = false;
createSSLEngines();
System.out.println("Using " + cipher);
ssle1.setEnabledCipherSuites(new String[] { cipher });
ssle2.setEnabledCipherSuites(new String[] { cipher });
createBuffers();
// ssle1's results from last operation
SSLEngineResult result1;
// ssle2's results from last operation
SSLEngineResult result2;
while (!isEngineClosed(ssle1) || !isEngineClosed(ssle2)) {
log("================");
result1 = ssle1.wrap(appOut1, oneToTwo);
result2 = ssle2.wrap(appOut2, twoToOne);
if ((result1.bytesConsumed() != 0) && (result1.bytesConsumed() != appBufferMax) && (result1.bytesConsumed() != OFFSET)) {
throw new Exception("result1: " + result1);
}
if ((result2.bytesConsumed() != 0) && (result2.bytesConsumed() != appBufferMax) && (result2.bytesConsumed() != 2 * OFFSET)) {
throw new Exception("result1: " + result1);
}
log("wrap1: " + result1);
log("oneToTwo = " + oneToTwo);
log("");
log("wrap2: " + result2);
log("twoToOne = " + twoToOne);
runDelegatedTasks(result1, ssle1);
runDelegatedTasks(result2, ssle2);
oneToTwo.flip();
twoToOne.flip();
log("----");
result1 = ssle1.unwrap(twoToOne, appIn1);
result2 = ssle2.unwrap(oneToTwo, appIn2);
if ((result1.bytesProduced() != 0) && (result1.bytesProduced() != appBufferMax) && (result1.bytesProduced() != 2 * OFFSET)) {
throw new Exception("result1: " + result1);
}
if ((result2.bytesProduced() != 0) && (result2.bytesProduced() != appBufferMax) && (result2.bytesProduced() != OFFSET)) {
throw new Exception("result1: " + result1);
}
log("unwrap1: " + result1);
log("twoToOne = " + twoToOne);
log("");
log("unwrap2: " + result2);
log("oneToTwo = " + oneToTwo);
runDelegatedTasks(result1, ssle1);
runDelegatedTasks(result2, ssle2);
oneToTwo.compact();
twoToOne.compact();
/*
* If we've transfered all the data between app1 and app2,
* we try to close and see what that gets us.
*/
if (!dataDone && (appOut1.limit() == appIn2.position()) && (appOut2.limit() == appIn1.position())) {
checkTransfer(appOut1, appIn2);
checkTransfer(appOut2, appIn1);
log("Closing ssle1's *OUTBOUND*...");
ssle1.closeOutbound();
dataDone = true;
}
}
}
Also used :
SSLEngineResult(javax.net.ssl.SSLEngineResult)
Example 42 with SSLEngineResult
use of javax.net.ssl.SSLEngineResult in project jdk8u_jdk by JetBrains.
the class IllegalRecordVersion method main.
public static void main(String[] args) throws Exception {
SSLContext context = SSLContext.getDefault();
SSLEngine cliEngine = context.createSSLEngine();
cliEngine.setUseClientMode(true);
SSLEngine srvEngine = context.createSSLEngine();
srvEngine.setUseClientMode(false);
SSLSession session = cliEngine.getSession();
int netBufferMax = session.getPacketBufferSize();
int appBufferMax = session.getApplicationBufferSize();
ByteBuffer cliToSrv = ByteBuffer.allocateDirect(netBufferMax);
ByteBuffer srvIBuff = ByteBuffer.allocateDirect(appBufferMax + 50);
ByteBuffer cliOBuff = ByteBuffer.wrap("I'm client".getBytes());
System.out.println("client hello (record version(0xa9, 0xa2))");
SSLEngineResult cliRes = cliEngine.wrap(cliOBuff, cliToSrv);
System.out.println("Client wrap result: " + cliRes);
cliToSrv.flip();
if (cliToSrv.limit() > 5) {
cliToSrv.put(1, (byte) 0xa9);
cliToSrv.put(2, (byte) 0xa2);
}
try {
srvEngine.unwrap(cliToSrv, srvIBuff);
throw new Exception("Cannot catch the unsupported record version issue");
} catch (SSLException e) {
// get the expected exception
}
}
Also used :
SSLEngineResult(javax.net.ssl.SSLEngineResult)
Example 43 with SSLEngineResult
use of javax.net.ssl.SSLEngineResult in project jdk8u_jdk by JetBrains.
the class HelloExtensionsTest method runTest.
private static void runTest(SSLEngine ssle) throws Exception {
/*
A client hello message captured via wireshark by selecting
a TLSv1.2 Client Hello record and clicking through to the
TLSv1.2 Record Layer line and then selecting the hex stream
via "copy -> bytes -> hex stream".
For Record purposes, here's the ClientHello :
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1469560450 bytes = { 108, 140, 12, 202,
2, 213, 10, 236, 143, 223, 58, 162, 228, 155, 239, 3, 98,
232, 89, 41, 116, 120, 13, 37, 105, 153, 97, 241 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1,
sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1,
sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1,
sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1,
secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms:
SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA,
SHA256withECDSA, SHA256withRSA, Unknown (hash:0x3, signature:0x3),
Unknown (hash:0x3, signature:0x1), SHA1withECDSA,
SHA1withRSA, SHA1withDSA
Extension server_name, server_name:
[host_name: bugs.openjdk.java.net]
*/
String hello = "16030300df010000db03035898b7826c8c0cc" + "a02d50aec8fdf3aa2e49bef0362e8592974780d25699961f" + "100003ac023c027003cc025c02900670040c009c013002fc" + "004c00e00330032c02bc02f009cc02dc031009e00a2c008c" + "012000ac003c00d0016001300ff01000078000a003400320" + "0170001000300130015000600070009000a0018000b000c0" + "019000d000e000f001000110002001200040005001400080" + "016000b00020100000d00180016060306010503050104030" + "401030303010203020102020000001a00180000156275677" + "32e6f70656e6a646b2e6a6176612e6e6574";
byte[] msg_clihello = hexStringToByteArray(hello);
ByteBuffer bf_clihello = ByteBuffer.wrap(msg_clihello);
SSLSession session = ssle.getSession();
int appBufferMax = session.getApplicationBufferSize();
int netBufferMax = session.getPacketBufferSize();
ByteBuffer serverIn = ByteBuffer.allocate(appBufferMax + 50);
ByteBuffer serverOut = ByteBuffer.wrap("I'm Server".getBytes());
ByteBuffer sTOc = ByteBuffer.allocate(netBufferMax);
ssle.beginHandshake();
// unwrap the clientHello message.
SSLEngineResult result = ssle.unwrap(bf_clihello, serverIn);
System.out.println("server unwrap " + result);
runDelegatedTasks(result, ssle);
if (!proceed) {
//expected exception occurred. Don't process anymore
return;
}
// one more step, ensure the clientHello message is parsed.
SSLEngineResult.HandshakeStatus status = ssle.getHandshakeStatus();
if (status == HandshakeStatus.NEED_UNWRAP) {
result = ssle.unwrap(bf_clihello, serverIn);
System.out.println("server unwrap " + result);
runDelegatedTasks(result, ssle);
} else if (status == HandshakeStatus.NEED_WRAP) {
result = ssle.wrap(serverOut, sTOc);
System.out.println("server wrap " + result);
runDelegatedTasks(result, ssle);
} else {
throw new Exception("unexpected handshake status " + status);
}
// enough, stop
}
Also used :
SSLEngineResult(javax.net.ssl.SSLEngineResult)
Example 44 with SSLEngineResult
use of javax.net.ssl.SSLEngineResult in project jdk8u_jdk by JetBrains.
the class DHEKeySizing method test.
private void test(String cipherSuite, boolean exportable, int lenServerKeyEx, int lenClientKeyEx) throws Exception {
createSSLEngines();
createBuffers();
// ssle1's results from last operation
SSLEngineResult result1;
// ssle2's results from last operation
SSLEngineResult result2;
String[] suites = new String[] { cipherSuite };
ssle1.setEnabledCipherSuites(suites);
ssle2.setEnabledCipherSuites(suites);
log("======================================");
log("===================");
log("client hello");
result1 = ssle1.wrap(appOut1, oneToTwo);
checkResult(appOut1, oneToTwo, result1, Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1);
oneToTwo.flip();
result2 = ssle2.unwrap(oneToTwo, appIn2);
checkResult(oneToTwo, appIn2, result2, Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0);
runDelegatedTasks(ssle2);
oneToTwo.compact();
log("===================");
log("ServerHello");
result2 = ssle2.wrap(appOut2, twoToOne);
checkResult(appOut2, twoToOne, result2, Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1);
twoToOne.flip();
log("Message length of ServerHello series: " + twoToOne.remaining());
if (twoToOne.remaining() < (lenServerKeyEx - KEY_LEN_BIAS) || twoToOne.remaining() > lenServerKeyEx) {
throw new Exception("Expected to generate ServerHello series messages of " + lenServerKeyEx + " bytes, but not " + twoToOne.remaining());
}
result1 = ssle1.unwrap(twoToOne, appIn1);
checkResult(twoToOne, appIn1, result1, Status.OK, HandshakeStatus.NEED_TASK, result2.bytesProduced(), 0);
runDelegatedTasks(ssle1);
twoToOne.compact();
log("===================");
log("Key Exchange");
result1 = ssle1.wrap(appOut1, oneToTwo);
checkResult(appOut1, oneToTwo, result1, Status.OK, HandshakeStatus.NEED_WRAP, 0, -1);
oneToTwo.flip();
log("Message length of ClientKeyExchange: " + oneToTwo.remaining());
if (oneToTwo.remaining() < (lenClientKeyEx - KEY_LEN_BIAS) || oneToTwo.remaining() > lenClientKeyEx) {
throw new Exception("Expected to generate ClientKeyExchange message of " + lenClientKeyEx + " bytes, but not " + oneToTwo.remaining());
}
result2 = ssle2.unwrap(oneToTwo, appIn2);
checkResult(oneToTwo, appIn2, result2, Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0);
runDelegatedTasks(ssle2);
oneToTwo.compact();
log("===================");
log("Client CCS");
result1 = ssle1.wrap(appOut1, oneToTwo);
checkResult(appOut1, oneToTwo, result1, Status.OK, HandshakeStatus.NEED_WRAP, 0, -1);
oneToTwo.flip();
result2 = ssle2.unwrap(oneToTwo, appIn2);
checkResult(oneToTwo, appIn2, result2, Status.OK, HandshakeStatus.NEED_UNWRAP, result1.bytesProduced(), 0);
oneToTwo.compact();
log("===================");
log("Client Finished");
result1 = ssle1.wrap(appOut1, oneToTwo);
checkResult(appOut1, oneToTwo, result1, Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1);
oneToTwo.flip();
result2 = ssle2.unwrap(oneToTwo, appIn2);
checkResult(oneToTwo, appIn2, result2, Status.OK, HandshakeStatus.NEED_WRAP, result1.bytesProduced(), 0);
oneToTwo.compact();
log("===================");
log("Server CCS");
result2 = ssle2.wrap(appOut2, twoToOne);
checkResult(appOut2, twoToOne, result2, Status.OK, HandshakeStatus.NEED_WRAP, 0, -1);
twoToOne.flip();
result1 = ssle1.unwrap(twoToOne, appIn1);
checkResult(twoToOne, appIn1, result1, Status.OK, HandshakeStatus.NEED_UNWRAP, result2.bytesProduced(), 0);
twoToOne.compact();
log("===================");
log("Server Finished");
result2 = ssle2.wrap(appOut2, twoToOne);
checkResult(appOut2, twoToOne, result2, Status.OK, HandshakeStatus.FINISHED, 0, -1);
twoToOne.flip();
result1 = ssle1.unwrap(twoToOne, appIn1);
checkResult(twoToOne, appIn1, result1, Status.OK, HandshakeStatus.FINISHED, result2.bytesProduced(), 0);
twoToOne.compact();
log("===================");
log("Check Session/Ciphers");
String cs = ssle1.getSession().getCipherSuite();
if (!cs.equals(suites[0])) {
throw new Exception("suites not equal: " + cs + "/" + suites[0]);
}
cs = ssle2.getSession().getCipherSuite();
if (!cs.equals(suites[0])) {
throw new Exception("suites not equal: " + cs + "/" + suites[0]);
}
log("===================");
log("Done with SSL/TLS handshaking");
}
Also used :
SSLEngineResult(javax.net.ssl.SSLEngineResult)
Example 45 with SSLEngineResult
use of javax.net.ssl.SSLEngineResult in project jdk8u_jdk by JetBrains.
the class DelegatedTaskWrongException method runTest.
private void runTest() throws Exception {
boolean dataDone = false;
createSSLEngines();
createBuffers();
// ssle1's results from last operation
SSLEngineResult result1;
// ssle2's results from last operation
SSLEngineResult result2;
result1 = ssle1.wrap(appOut1, oneToTwo);
oneToTwo.flip();
result2 = ssle2.unwrap(oneToTwo, appIn2);
runDelegatedTasks(result2, ssle2);
try {
/*
* We should be getting a SSLHandshakeException.
* If this changes, we'll need to update this test.
* Anything else and we fail.
*/
result2 = ssle2.unwrap(oneToTwo, appIn2);
throw new Exception("TEST FAILED: Didn't generate any exception");
} catch (SSLHandshakeException e) {
System.out.println("TEST PASSED: Caught right exception");
} catch (SSLException e) {
System.out.println("TEST FAILED: Generated wrong exception");
throw e;
}
}
Also used :
SSLEngineResult(javax.net.ssl.SSLEngineResult)
Aggregations
SSLEngineResult (javax.net.ssl.SSLEngineResult)131
ByteBuffer (java.nio.ByteBuffer)53
IOException (java.io.IOException)31
SSLException (javax.net.ssl.SSLException)29
SSLEngine (javax.net.ssl.SSLEngine)23
Test (org.junit.Test)13
ReadOnlyBufferException (java.nio.ReadOnlyBufferException)12
SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)10
EOFException (java.io.EOFException)7
HandshakeStatus (javax.net.ssl.SSLEngineResult.HandshakeStatus)7
ByteBuf (io.netty.buffer.ByteBuf)6
SSLSession (javax.net.ssl.SSLSession)6
WritePendingException (java.nio.channels.WritePendingException)5
KeyManagementException (java.security.KeyManagementException)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5
ExecutionException (java.util.concurrent.ExecutionException)5
TimeoutException (java.util.concurrent.TimeoutException)5
CompositeByteBuf (io.netty.buffer.CompositeByteBuf)4
Status (javax.net.ssl.SSLEngineResult.Status)4
BufferUnderflowException (java.nio.BufferUnderflowException)3
