tests/org/cacert/gigi/TestSSL.java

   1 package org.cacert.gigi;
   2
   3 import java.io.EOFException;
   4 import java.io.IOException;
   5 import java.net.InetSocketAddress;
   6 import java.nio.ByteBuffer;
   7 import java.nio.channels.SocketChannel;
   8 import java.security.NoSuchAlgorithmException;
   9
  10 import javax.net.ssl.SSLContext;
  11 import javax.net.ssl.SSLEngine;
  12 import javax.net.ssl.SSLEngineResult;
  13 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
  14 import javax.net.ssl.SSLException;
  15
  16 import org.cacert.gigi.testUtils.ManagedTest;
  17 import org.junit.Test;
  18
  19 public class TestSSL extends ManagedTest {
  20         private ByteBuffer in;
  21         private ByteBuffer inC;
  22         private ByteBuffer outC;
  23         private ByteBuffer out;
  24         static {
  25                 InitTruststore.run();
  26         }
  27         @Test
  28         public void testClientIntitiatedRenegotiation()
  29                         throws NoSuchAlgorithmException, IOException {
  30                 SSLContext sc = SSLContext.getDefault();
  31                 SSLEngine se = sc.createSSLEngine();
  32                 String[] serverParts = getServerName().split(":", 2);
  33                 SocketChannel s = SocketChannel.open(new InetSocketAddress(
  34                                 serverParts[0], Integer.parseInt(serverParts[1])));
  35
  36                 in = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  37                 inC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  38                 inC.limit(0);
  39                 out = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  40                 outC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  41                 outC.limit(0);
  42                 se.setUseClientMode(true);
  43                 se.beginHandshake();
  44
  45                 work(se, s);
  46                 se.beginHandshake();
  47                 try {
  48                         work(se, s);
  49                         throw new Error(
  50                                         "Client re-negotiation succeded (possible DoS vulnerability");
  51                 } catch (EOFException e) {
  52                         // Cool, server closed connection
  53                 }
  54
  55         }
  56         private void work(SSLEngine se, SocketChannel s) throws SSLException,
  57                         IOException {
  58                 while (se.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING
  59                                 && se.getHandshakeStatus() != HandshakeStatus.FINISHED) {
  60                         switch (se.getHandshakeStatus()) {
  61                                 case NEED_WRAP :
  62                                         wrap(se, s);
  63                                         break;
  64                                 case NEED_UNWRAP :
  65                                         unwrap(se, s);
  66                                         break;
  67                                 case NEED_TASK :
  68                                         se.getDelegatedTask().run();
  69                                         break;
  70                                 default :
  71                                         System.out.println(se.getHandshakeStatus());
  72                         }
  73                 }
  74         }
  75         private SSLEngineResult unwrap(SSLEngine se, SocketChannel s)
  76                         throws IOException, SSLException {
  77                 if (inC.remaining() == 0) {
  78                         inC.clear();
  79                         s.read(inC);
  80                         inC.flip();
  81                 }
  82                 SSLEngineResult result = se.unwrap(inC, in);
  83                 if (result.getStatus() == javax.net.ssl.SSLEngineResult.Status.BUFFER_UNDERFLOW) {
  84                         int pos = inC.position();
  85                         int limit = inC.limit();
  86                         inC.limit(inC.capacity());
  87                         inC.position(limit);
  88                         int read = s.read(inC);
  89                         if (read <= 0) {
  90                                 throw new EOFException();
  91                         }
  92                         inC.limit(inC.position());
  93                         inC.position(pos);
  94                 }
  95                 return result;
  96         }
  97         private SSLEngineResult wrap(SSLEngine se, SocketChannel s)
  98                         throws SSLException, IOException {
  99                 outC.clear();
 100                 SSLEngineResult result = se.wrap(out, outC);
 101                 outC.flip();
 102                 s.write(outC);
 103
 104                 return result;
 105         }
 106 }