use of zmq.io.mechanism.curve.Curve in project jeromq by zeromq.
the class SecurityCurveTest method testPlainCurveKeys.
@Test
public void testPlainCurveKeys() throws Exception {
byte[][] serverKeyPair = new Curve().keypair();
byte[] serverPublicKey = serverKeyPair[0];
byte[] serverSecretKey = serverKeyPair[1];
byte[][] clientKeyPair = new Curve().keypair();
byte[] clientPublicKey = clientKeyPair[0];
byte[] clientSecretKey = clientKeyPair[1];
Ctx context = ZMQ.createContext();
SocketBase server = context.createSocket(ZMQ.ZMQ_DEALER);
ZMQ.setSocketOption(server, ZMQ.ZMQ_CURVE_SERVER, true);
ZMQ.setSocketOption(server, ZMQ.ZMQ_CURVE_SECRETKEY, serverSecretKey);
server.bind(connectionString);
SocketBase client = context.createSocket(ZMQ.ZMQ_DEALER);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SERVERKEY, serverPublicKey);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_PUBLICKEY, clientPublicKey);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SECRETKEY, clientSecretKey);
client.connect(connectionString);
byte[] testBytes = "hello-world".getBytes();
ZMQ.send(client, testBytes, 0);
byte[] recv = ZMQ.recv(server, 0).data();
assertThat(recv, is(equalTo(testBytes)));
server.close();
client.close();
context.terminate();
}
use of zmq.io.mechanism.curve.Curve in project jeromq by zeromq.
the class SecurityCurveTest method testCurveMechanismSecurity.
@Test
public void testCurveMechanismSecurity() throws IOException, InterruptedException {
Curve cryptoBox = new Curve();
// Generate new keypairs for this test
// We'll generate random test keys at startup
String[] clientKeys = cryptoBox.keypairZ85();
String clientPublic = clientKeys[0];
String clientSecret = clientKeys[1];
String[] serverKeys = cryptoBox.keypairZ85();
String serverPublic = serverKeys[0];
String serverSecret = serverKeys[1];
String host = "tcp://127.0.0.1:*";
Ctx ctx = ZMQ.createContext();
// Spawn ZAP handler
// We create and bind ZAP socket in main thread to avoid case
// where child thread does not start up fast enough.
SocketBase handler = ZMQ.socket(ctx, ZMQ.ZMQ_REP);
assertThat(handler, notNullValue());
boolean rc = ZMQ.bind(handler, "inproc://zeromq.zap.01");
assertThat(rc, is(true));
Thread thread = new Thread(new ZapHandler(handler, clientPublic));
thread.start();
// Server socket will accept connections
SocketBase server = ZMQ.socket(ctx, ZMQ.ZMQ_DEALER);
assertThat(server, notNullValue());
ZMQ.setSocketOption(server, ZMQ.ZMQ_CURVE_SERVER, true);
ZMQ.setSocketOption(server, ZMQ.ZMQ_CURVE_SECRETKEY, serverSecret);
ZMQ.setSocketOption(server, ZMQ.ZMQ_IDENTITY, "IDENT");
rc = ZMQ.bind(server, host);
assertThat(rc, is(true));
host = (String) ZMQ.getSocketOptionExt(server, ZMQ.ZMQ_LAST_ENDPOINT);
int port = TestUtils.port(host);
// Check CURVE security with valid credentials
System.out.println("Test Correct CURVE security");
SocketBase client = ZMQ.socket(ctx, ZMQ.ZMQ_DEALER);
assertThat(client, notNullValue());
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SERVERKEY, serverPublic);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_PUBLICKEY, clientPublic);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SECRETKEY, clientSecret);
rc = ZMQ.connect(client, host);
assertThat(rc, is(true));
Helper.bounce(server, client);
ZMQ.close(client);
// Check CURVE security with a garbage server key
// This will be caught by the curve_server class, not passed to ZAP
System.out.println("Test bad server key CURVE security");
String garbageKey = "0000000000000000000000000000000000000000";
client = ZMQ.socket(ctx, ZMQ.ZMQ_DEALER);
assertThat(client, notNullValue());
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SERVERKEY, garbageKey);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_PUBLICKEY, clientPublic);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SECRETKEY, clientSecret);
rc = ZMQ.connect(client, host);
assertThat(rc, is(true));
Helper.expectBounceFail(server, client);
ZMQ.closeZeroLinger(client);
// Check CURVE security with a garbage client public key
// This will be caught by the curve_server class, not passed to ZAP
System.out.println("Test bad client public key CURVE security");
client = ZMQ.socket(ctx, ZMQ.ZMQ_DEALER);
assertThat(client, notNullValue());
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SERVERKEY, serverPublic);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_PUBLICKEY, garbageKey);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SECRETKEY, clientSecret);
rc = ZMQ.connect(client, host);
assertThat(rc, is(true));
Helper.expectBounceFail(server, client);
ZMQ.closeZeroLinger(client);
// Check CURVE security with a garbage client secret key
// This will be caught by the curve_server class, not passed to ZAP
System.out.println("Test bad client public key CURVE security");
client = ZMQ.socket(ctx, ZMQ.ZMQ_DEALER);
assertThat(client, notNullValue());
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SERVERKEY, serverPublic);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_PUBLICKEY, clientPublic);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SECRETKEY, garbageKey);
rc = ZMQ.connect(client, host);
assertThat(rc, is(true));
Helper.expectBounceFail(server, client);
ZMQ.closeZeroLinger(client);
// Check CURVE security with bogus client credentials
// This must be caught by the ZAP handler
String[] bogus = cryptoBox.keypairZ85();
String bogusPublic = bogus[0];
String bogusSecret = bogus[1];
System.out.println("Test bad client credentials CURVE security");
client = ZMQ.socket(ctx, ZMQ.ZMQ_DEALER);
assertThat(client, notNullValue());
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SERVERKEY, serverPublic);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_PUBLICKEY, bogusPublic);
ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SECRETKEY, bogusSecret);
rc = ZMQ.connect(client, host);
assertThat(rc, is(true));
Helper.expectBounceFail(server, client);
ZMQ.closeZeroLinger(client);
// Check CURVE security with NULL client credentials
// This must be caught by the curve_server class, not passed to ZAP
System.out.println("Test NULL client with CURVE security");
client = ZMQ.socket(ctx, ZMQ.ZMQ_DEALER);
assertThat(client, notNullValue());
rc = ZMQ.connect(client, host);
assertThat(rc, is(true));
Helper.expectBounceFail(server, client);
ZMQ.closeZeroLinger(client);
// Check CURVE security with PLAIN client credentials
// This must be caught by the curve_server class, not passed to ZAP
System.out.println("Test PLAIN client with CURVE security");
client = ZMQ.socket(ctx, ZMQ.ZMQ_DEALER);
assertThat(client, notNullValue());
ZMQ.setSocketOption(client, ZMQ.ZMQ_PLAIN_USERNAME, "user");
ZMQ.setSocketOption(client, ZMQ.ZMQ_PLAIN_PASSWORD, "pass");
rc = ZMQ.connect(client, host);
assertThat(rc, is(true));
Helper.expectBounceFail(server, client);
ZMQ.closeZeroLinger(client);
// Unauthenticated messages from a vanilla socket shouldn't be received
System.out.println("Test unauthenticated from vanilla socket CURVE security");
Socket sock = new Socket("127.0.0.1", port);
// send anonymous ZMTP/1.0 greeting
OutputStream out = sock.getOutputStream();
out.write(new StringBuilder().append(0x01).append(0x00).toString().getBytes(ZMQ.CHARSET));
// send sneaky message that shouldn't be received
out.write(new StringBuilder().append(0x08).append(0x00).append("sneaky").append(0x00).toString().getBytes(ZMQ.CHARSET));
int timeout = 250;
ZMQ.setSocketOption(server, ZMQ.ZMQ_RCVTIMEO, timeout);
Msg msg = ZMQ.recv(server, 0);
assertThat(msg, nullValue());
sock.close();
// Check return codes for invalid buffer sizes
// TODO
System.out.println("Test return codes for invalid buffer sizes with CURVE security");
client = ZMQ.socket(ctx, ZMQ.ZMQ_DEALER);
assertThat(client, notNullValue());
rc = ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SERVERKEY, new byte[123]);
assertThat(rc, is(false));
assertThat(client.errno.get(), is(ZError.EINVAL));
rc = ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_PUBLICKEY, new byte[123]);
assertThat(rc, is(false));
assertThat(client.errno.get(), is(ZError.EINVAL));
rc = ZMQ.setSocketOption(client, ZMQ.ZMQ_CURVE_SECRETKEY, new byte[123]);
assertThat(rc, is(false));
assertThat(client.errno.get(), is(ZError.EINVAL));
ZMQ.closeZeroLinger(client);
ZMQ.closeZeroLinger(server);
// Shutdown
ZMQ.term(ctx);
// Wait until ZAP handler terminates
thread.join();
}
use of zmq.io.mechanism.curve.Curve in project jeromq by zeromq.
the class ZMonitorTest method testZMonitorCurveKo.
@Test(timeout = 5000)
public void testZMonitorCurveKo() throws IOException, InterruptedException {
final List<ZEvent> receivedEventsClient = new ArrayList<>();
final List<ZEvent> receivedEventsServer = new ArrayList<>();
final byte[][] serverKeyPair = new Curve().keypair();
final byte[] serverPublicKey = serverKeyPair[0];
final byte[] serverSecretKey = serverKeyPair[1];
final byte[][] clientKeyPair = new Curve().keypair();
final byte[] clientPublicKey = clientKeyPair[0];
final byte[] clientSecretKey = clientKeyPair[1];
final ZContext ctx = new ZContext();
final Socket client = ctx.createSocket(SocketType.PUSH);
client.setCurveServerKey(serverPublicKey);
client.setCurvePublicKey(clientPublicKey);
client.setCurveSecretKey(serverSecretKey);
final Socket server = ctx.createSocket(SocketType.PULL);
server.setCurveServer(true);
server.setCurveSecretKey(clientSecretKey);
final ZMonitor clientMonitor = new ZMonitor(ctx, client);
clientMonitor.verbose(true);
clientMonitor.add(Event.ALL);
clientMonitor.start();
final ZMonitor serverMonitor = new ZMonitor(ctx, server);
serverMonitor.verbose(true);
serverMonitor.add(Event.ALL);
serverMonitor.start();
// Check server is now listening
server.bind("tcp://127.0.0.1:34782");
// Check server connected to client
boolean rc = client.connect("tcp://127.0.0.1:" + 34782);
Assert.assertTrue(rc);
Thread.sleep(100);
client.send("hello");
Thread.sleep(100);
client.close();
ZEvent received;
while ((received = clientMonitor.nextEvent(100)) != null) {
receivedEventsClient.add(received);
}
clientMonitor.close();
server.close();
while ((received = serverMonitor.nextEvent(100)) != null) {
receivedEventsServer.add(received);
}
serverMonitor.close();
ctx.close();
final Event[] expectedEventsClient = new Event[] { Event.CONNECT_DELAYED, Event.CONNECTED, Event.HANDSHAKE_PROTOCOL, Event.DISCONNECTED, Event.MONITOR_STOPPED };
check(receivedEventsClient, expectedEventsClient);
final Event[] expectedEventsServer = new Event[] { Event.LISTENING, Event.ACCEPTED, Event.HANDSHAKE_PROTOCOL, Event.HANDSHAKE_FAILED_PROTOCOL, Event.DISCONNECTED, Event.CLOSED, Event.MONITOR_STOPPED };
check(receivedEventsServer, expectedEventsServer);
}
use of zmq.io.mechanism.curve.Curve in project jeromq by zeromq.
the class ZMonitorTest method testZMonitorCurveOK.
@Test(timeout = 5000)
public void testZMonitorCurveOK() throws IOException {
final List<ZEvent> receivedEventsClient = new ArrayList<>();
final List<ZEvent> receivedEventsServer = new ArrayList<>();
final byte[][] serverKeyPair = new Curve().keypair();
final byte[] serverPublicKey = serverKeyPair[0];
final byte[] serverSecretKey = serverKeyPair[1];
final byte[][] clientKeyPair = new Curve().keypair();
final byte[] clientPublicKey = clientKeyPair[0];
final byte[] clientSecretKey = clientKeyPair[1];
final ZContext ctx = new ZContext();
final Socket client = ctx.createSocket(SocketType.PUSH);
client.setCurveServerKey(serverPublicKey);
client.setCurvePublicKey(clientPublicKey);
client.setCurveSecretKey(clientSecretKey);
final Socket server = ctx.createSocket(SocketType.PULL);
server.setCurveServer(true);
server.setCurveSecretKey(serverSecretKey);
final ZMonitor clientMonitor = new ZMonitor(ctx, client);
clientMonitor.verbose(true);
clientMonitor.add(Event.ALL);
clientMonitor.start();
final ZMonitor serverMonitor = new ZMonitor(ctx, server);
serverMonitor.verbose(true);
serverMonitor.add(Event.ALL);
serverMonitor.start();
// Check server is now listening
int port = server.bindToRandomPort("tcp://127.0.0.1");
// Check server connected to client
boolean rc = client.connect("tcp://127.0.0.1:" + port);
client.send("hello");
server.recvStr();
Assert.assertTrue(rc);
client.close();
ZEvent received;
while ((received = clientMonitor.nextEvent(100)) != null) {
receivedEventsClient.add(received);
}
clientMonitor.close();
server.close();
while ((received = serverMonitor.nextEvent(100)) != null) {
receivedEventsServer.add(received);
}
serverMonitor.close();
ctx.close();
// [ZEvent [_PROTOCOL, code=32768, address=tcp://127.0.0.1:53682, value=3], ZEvent [type=DISCONNECTED, code=512, address=tcp://127.0.0.1:53682, value=null]]
final Event[] expectedEventsClient = new Event[] { Event.CONNECT_DELAYED, Event.CONNECTED, Event.HANDSHAKE_PROTOCOL, Event.MONITOR_STOPPED };
check(receivedEventsClient, expectedEventsClient);
final Event[] expectedEventsServer = new Event[] { Event.LISTENING, Event.ACCEPTED, Event.HANDSHAKE_PROTOCOL, Event.DISCONNECTED, Event.CLOSED, Event.MONITOR_STOPPED };
check(receivedEventsServer, expectedEventsServer);
}
Aggregations