tests/org/cacert/gigi/TestSSL.java

   1 package org.cacert.gigi;
   2
   3 import java.io.EOFException;
   4 import java.io.IOException;
   5 import java.net.InetSocketAddress;
   6 import java.nio.ByteBuffer;
   7 import java.nio.channels.SocketChannel;
   8 import java.security.NoSuchAlgorithmException;
   9 import javax.net.ssl.SSLContext;
  10 import javax.net.ssl.SSLEngine;
  11 import javax.net.ssl.SSLEngineResult;
  12 import javax.net.ssl.SSLException;
  13 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
  14
  15 import org.junit.Test;
  16
  17 public class TestSSL {
  18         private ByteBuffer in;
  19         private ByteBuffer inC;
  20         private ByteBuffer outC;
  21         private ByteBuffer out;
  22         static {
  23                 InitTruststore.run();
  24         }
  25         @Test
  26         public void testClientIntitiatedRenegotiation()
  27                         throws NoSuchAlgorithmException, IOException {
  28                 SSLContext sc = SSLContext.getDefault();
  29                 SSLEngine se = sc.createSSLEngine();
  30                 SocketChannel s = SocketChannel.open(new InetSocketAddress("localhost",
  31                                 443));
  32
  33                 in = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  34                 inC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  35                 inC.limit(0);
  36                 out = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  37                 outC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  38                 outC.limit(0);
  39                 se.setUseClientMode(true);
  40                 se.beginHandshake();
  41
  42                 work(se, s);
  43                 se.beginHandshake();
  44                 try {
  45                         work(se, s);
  46                         throw new Error(
  47                                         "Client re-negotiation failed (possible DoS vurnability");
  48                 } catch (EOFException e) {
  49                         // Cool, server closed connection
  50                 }
  51
  52         }
  53         private void work(SSLEngine se, SocketChannel s) throws SSLException,
  54                         IOException {
  55                 while (se.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING
  56                                 && se.getHandshakeStatus() != HandshakeStatus.FINISHED) {
  57                         switch (se.getHandshakeStatus()) {
  58                                 case NEED_WRAP :
  59                                         wrap(se, s);
  60                                         break;
  61                                 case NEED_UNWRAP :
  62                                         unwrap(se, s);
  63                                         break;
  64                                 case NEED_TASK :
  65                                         se.getDelegatedTask().run();
  66                                         break;
  67                                 default :
  68                                         System.out.println(se.getHandshakeStatus());
  69                         }
  70                 }
  71         }
  72         private SSLEngineResult unwrap(SSLEngine se, SocketChannel s)
  73                         throws IOException, SSLException {
  74                 if (inC.remaining() == 0) {
  75                         inC.clear();
  76                         s.read(inC);
  77                         inC.flip();
  78                 }
  79                 SSLEngineResult result = se.unwrap(inC, in);
  80                 if (result.getStatus() == javax.net.ssl.SSLEngineResult.Status.BUFFER_UNDERFLOW) {
  81                         int pos = inC.position();
  82                         int limit = inC.limit();
  83                         inC.limit(inC.capacity());
  84                         inC.position(limit);
  85                         int read = s.read(inC);
  86                         if (read <= 0) {
  87                                 throw new EOFException();
  88                         }
  89                         inC.limit(inC.position());
  90                         inC.position(pos);
  91                 }
  92                 return result;
  93         }
  94         private SSLEngineResult wrap(SSLEngine se, SocketChannel s)
  95                         throws SSLException, IOException {
  96                 outC.clear();
  97                 SSLEngineResult result = se.wrap(out, outC);
  98                 outC.flip();
  99                 s.write(outC);
 100
 101                 return result;
 102         }
 103 }