tests/org/cacert/gigi/TestSSL.java

   1 package org.cacert.gigi;
   2
   3 import java.io.EOFException;
   4 import java.io.IOException;
   5 import java.net.InetSocketAddress;
   6 import java.nio.ByteBuffer;
   7 import java.nio.channels.SocketChannel;
   8 import java.security.NoSuchAlgorithmException;
   9
  10 import javax.net.ssl.SSLContext;
  11 import javax.net.ssl.SSLEngine;
  12 import javax.net.ssl.SSLEngineResult;
  13 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
  14 import javax.net.ssl.SSLException;
  15
  16 import org.cacert.gigi.testUtils.InitTruststore;
  17 import org.cacert.gigi.testUtils.ManagedTest;
  18 import org.junit.Test;
  19
  20 public class TestSSL extends ManagedTest {
  21         private ByteBuffer in;
  22         private ByteBuffer inC;
  23         private ByteBuffer outC;
  24         private ByteBuffer out;
  25         static {
  26                 InitTruststore.run();
  27         }
  28         @Test
  29         public void testClientIntitiatedRenegotiation()
  30                         throws NoSuchAlgorithmException, IOException {
  31                 SSLContext sc = SSLContext.getDefault();
  32                 SSLEngine se = sc.createSSLEngine();
  33                 String[] serverParts = getServerName().split(":", 2);
  34                 SocketChannel s = SocketChannel.open(new InetSocketAddress(
  35                                 serverParts[0], Integer.parseInt(serverParts[1])));
  36
  37                 in = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  38                 inC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  39                 inC.limit(0);
  40                 out = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  41                 outC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  42                 outC.limit(0);
  43                 se.setUseClientMode(true);
  44                 se.beginHandshake();
  45
  46                 work(se, s);
  47                 se.beginHandshake();
  48                 try {
  49                         work(se, s);
  50                         throw new Error(
  51                                         "Client re-negotiation succeded (possible DoS vulnerability");
  52                 } catch (EOFException e) {
  53                         // Cool, server closed connection
  54                 }
  55
  56         }
  57         private void work(SSLEngine se, SocketChannel s) throws SSLException,
  58                         IOException {
  59                 while (se.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING
  60                                 && se.getHandshakeStatus() != HandshakeStatus.FINISHED) {
  61                         switch (se.getHandshakeStatus()) {
  62                                 case NEED_WRAP :
  63                                         wrap(se, s);
  64                                         break;
  65                                 case NEED_UNWRAP :
  66                                         unwrap(se, s);
  67                                         break;
  68                                 case NEED_TASK :
  69                                         se.getDelegatedTask().run();
  70                                         break;
  71                                 default :
  72                                         System.out.println(se.getHandshakeStatus());
  73                         }
  74                 }
  75         }
  76         private SSLEngineResult unwrap(SSLEngine se, SocketChannel s)
  77                         throws IOException, SSLException {
  78                 if (inC.remaining() == 0) {
  79                         inC.clear();
  80                         s.read(inC);
  81                         inC.flip();
  82                 }
  83                 SSLEngineResult result = se.unwrap(inC, in);
  84                 if (result.getStatus() == javax.net.ssl.SSLEngineResult.Status.BUFFER_UNDERFLOW) {
  85                         int pos = inC.position();
  86                         int limit = inC.limit();
  87                         inC.limit(inC.capacity());
  88                         inC.position(limit);
  89                         int read = s.read(inC);
  90                         if (read <= 0) {
  91                                 throw new EOFException();
  92                         }
  93                         inC.limit(inC.position());
  94                         inC.position(pos);
  95                 }
  96                 return result;
  97         }
  98         private SSLEngineResult wrap(SSLEngine se, SocketChannel s)
  99                         throws SSLException, IOException {
 100                 outC.clear();
 101                 SSLEngineResult result = se.wrap(out, outC);
 102                 outC.flip();
 103                 s.write(outC);
 104
 105                 return result;
 106         }
 107 }