tests/club/wpia/gigi/TestSSL.java

   1 package club.wpia.gigi;
   2
   3 import java.io.EOFException;
   4 import java.io.IOException;
   5 import java.net.InetSocketAddress;
   6 import java.nio.ByteBuffer;
   7 import java.nio.channels.SocketChannel;
   8 import java.security.NoSuchAlgorithmException;
   9
  10 import javax.net.ssl.SSLContext;
  11 import javax.net.ssl.SSLEngine;
  12 import javax.net.ssl.SSLEngineResult;
  13 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
  14 import javax.net.ssl.SSLException;
  15
  16 import org.junit.Test;
  17
  18 import club.wpia.gigi.testUtils.InitTruststore;
  19 import club.wpia.gigi.testUtils.ManagedTest;
  20
  21 public class TestSSL extends ManagedTest {
  22
  23     private ByteBuffer in;
  24
  25     private ByteBuffer inC;
  26
  27     private ByteBuffer outC;
  28
  29     private ByteBuffer out;
  30     static {
  31         InitTruststore.run();
  32     }
  33
  34     @Test
  35     public void testClientIntitiatedRenegotiation() throws NoSuchAlgorithmException, IOException {
  36         SSLContext sc = SSLContext.getDefault();
  37         SSLEngine se = sc.createSSLEngine();
  38         String[] serverParts = getServerName().split(":", 2);
  39         try (SocketChannel s = SocketChannel.open(new InetSocketAddress(serverParts[0], Integer.parseInt(serverParts[1])))) {
  40
  41             in = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  42             inC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  43             inC.limit(0);
  44             out = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  45             outC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  46             outC.limit(0);
  47             se.setUseClientMode(true);
  48             se.beginHandshake();
  49
  50             work(se, s);
  51             se.beginHandshake();
  52             try {
  53                 work(se, s);
  54                 throw new Error("Client re-negotiation succeded (possible DoS vulnerability");
  55             } catch (EOFException e) {
  56                 // Cool, server closed connection
  57             }
  58         }
  59
  60     }
  61
  62     private void work(SSLEngine se, SocketChannel s) throws SSLException, IOException {
  63         while (se.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING && se.getHandshakeStatus() != HandshakeStatus.FINISHED) {
  64             switch (se.getHandshakeStatus()) {
  65             case NEED_WRAP:
  66                 wrap(se, s);
  67                 break;
  68             case NEED_UNWRAP:
  69                 unwrap(se, s);
  70                 break;
  71             case NEED_TASK:
  72                 se.getDelegatedTask().run();
  73                 break;
  74             default:
  75                 System.out.println(se.getHandshakeStatus());
  76             }
  77         }
  78     }
  79
  80     private SSLEngineResult unwrap(SSLEngine se, SocketChannel s) throws IOException, SSLException {
  81         if (inC.remaining() == 0) {
  82             inC.clear();
  83             s.read(inC);
  84             inC.flip();
  85         }
  86         SSLEngineResult result = se.unwrap(inC, in);
  87         if (result.getStatus() == javax.net.ssl.SSLEngineResult.Status.BUFFER_UNDERFLOW) {
  88             int pos = inC.position();
  89             int limit = inC.limit();
  90             inC.limit(inC.capacity());
  91             inC.position(limit);
  92             int read = s.read(inC);
  93             if (read <= 0) {
  94                 throw new EOFException();
  95             }
  96             inC.limit(inC.position());
  97             inC.position(pos);
  98         }
  99         return result;
 100     }
 101
 102     private SSLEngineResult wrap(SSLEngine se, SocketChannel s) throws SSLException, IOException {
 103         outC.clear();
 104         SSLEngineResult result = se.wrap(out, outC);
 105         outC.flip();
 106         s.write(outC);
 107
 108         return result;
 109     }
 110 }