tests/org/cacert/gigi/TestSSL.java

   1 package org.cacert.gigi;
   2
   3 import java.io.EOFException;
   4 import java.io.IOException;
   5 import java.net.InetSocketAddress;
   6 import java.nio.ByteBuffer;
   7 import java.nio.channels.SocketChannel;
   8 import java.security.NoSuchAlgorithmException;
   9
  10 import javax.net.ssl.SSLContext;
  11 import javax.net.ssl.SSLEngine;
  12 import javax.net.ssl.SSLEngineResult;
  13 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
  14 import javax.net.ssl.SSLException;
  15
  16 import org.cacert.gigi.testUtils.InitTruststore;
  17 import org.cacert.gigi.testUtils.ManagedTest;
  18 import org.junit.Test;
  19
  20 public class TestSSL extends ManagedTest {
  21
  22     private ByteBuffer in;
  23
  24     private ByteBuffer inC;
  25
  26     private ByteBuffer outC;
  27
  28     private ByteBuffer out;
  29     static {
  30         InitTruststore.run();
  31     }
  32
  33     @Test
  34     public void testClientIntitiatedRenegotiation() throws NoSuchAlgorithmException, IOException {
  35         SSLContext sc = SSLContext.getDefault();
  36         SSLEngine se = sc.createSSLEngine();
  37         String[] serverParts = getServerName().split(":", 2);
  38         try (SocketChannel s = SocketChannel.open(new InetSocketAddress(serverParts[0], Integer.parseInt(serverParts[1])))) {
  39
  40             in = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  41             inC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  42             inC.limit(0);
  43             out = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  44             outC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  45             outC.limit(0);
  46             se.setUseClientMode(true);
  47             se.beginHandshake();
  48
  49             work(se, s);
  50             se.beginHandshake();
  51             try {
  52                 work(se, s);
  53                 throw new Error("Client re-negotiation succeded (possible DoS vulnerability");
  54             } catch (EOFException e) {
  55                 // Cool, server closed connection
  56             }
  57         }
  58
  59     }
  60
  61     private void work(SSLEngine se, SocketChannel s) throws SSLException, IOException {
  62         while (se.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING && se.getHandshakeStatus() != HandshakeStatus.FINISHED) {
  63             switch (se.getHandshakeStatus()) {
  64             case NEED_WRAP:
  65                 wrap(se, s);
  66                 break;
  67             case NEED_UNWRAP:
  68                 unwrap(se, s);
  69                 break;
  70             case NEED_TASK:
  71                 se.getDelegatedTask().run();
  72                 break;
  73             default:
  74                 System.out.println(se.getHandshakeStatus());
  75             }
  76         }
  77     }
  78
  79     private SSLEngineResult unwrap(SSLEngine se, SocketChannel s) throws IOException, SSLException {
  80         if (inC.remaining() == 0) {
  81             inC.clear();
  82             s.read(inC);
  83             inC.flip();
  84         }
  85         SSLEngineResult result = se.unwrap(inC, in);
  86         if (result.getStatus() == javax.net.ssl.SSLEngineResult.Status.BUFFER_UNDERFLOW) {
  87             int pos = inC.position();
  88             int limit = inC.limit();
  89             inC.limit(inC.capacity());
  90             inC.position(limit);
  91             int read = s.read(inC);
  92             if (read <= 0) {
  93                 throw new EOFException();
  94             }
  95             inC.limit(inC.position());
  96             inC.position(pos);
  97         }
  98         return result;
  99     }
 100
 101     private SSLEngineResult wrap(SSLEngine se, SocketChannel s) throws SSLException, IOException {
 102         outC.clear();
 103         SSLEngineResult result = se.wrap(out, outC);
 104         outC.flip();
 105         s.write(outC);
 106
 107         return result;
 108     }
 109 }