tests/org/cacert/gigi/TestSSL.java

   1 package org.cacert.gigi;
   2
   3 import java.io.EOFException;
   4 import java.io.IOException;
   5 import java.net.InetSocketAddress;
   6 import java.nio.ByteBuffer;
   7 import java.nio.channels.SocketChannel;
   8 import java.security.NoSuchAlgorithmException;
   9
  10 import javax.net.ssl.SSLContext;
  11 import javax.net.ssl.SSLEngine;
  12 import javax.net.ssl.SSLEngineResult;
  13 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
  14 import javax.net.ssl.SSLException;
  15
  16 import org.cacert.gigi.testUtils.InitTruststore;
  17 import org.cacert.gigi.testUtils.ManagedTest;
  18 import org.junit.Test;
  19
  20 public class TestSSL extends ManagedTest {
  21         private ByteBuffer in;
  22         private ByteBuffer inC;
  23         private ByteBuffer outC;
  24         private ByteBuffer out;
  25         static {
  26                 InitTruststore.run();
  27         }
  28
  29         @Test
  30         public void testClientIntitiatedRenegotiation() throws NoSuchAlgorithmException, IOException {
  31                 SSLContext sc = SSLContext.getDefault();
  32                 SSLEngine se = sc.createSSLEngine();
  33                 String[] serverParts = getServerName().split(":", 2);
  34                 SocketChannel s = SocketChannel.open(new InetSocketAddress(serverParts[0], Integer.parseInt(serverParts[1])));
  35
  36                 in = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  37                 inC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  38                 inC.limit(0);
  39                 out = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  40                 outC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  41                 outC.limit(0);
  42                 se.setUseClientMode(true);
  43                 se.beginHandshake();
  44
  45                 work(se, s);
  46                 se.beginHandshake();
  47                 try {
  48                         work(se, s);
  49                         throw new Error("Client re-negotiation succeded (possible DoS vulnerability");
  50                 } catch (EOFException e) {
  51                         // Cool, server closed connection
  52                 }
  53
  54         }
  55
  56         private void work(SSLEngine se, SocketChannel s) throws SSLException, IOException {
  57                 while (se.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING
  58                         && se.getHandshakeStatus() != HandshakeStatus.FINISHED) {
  59                         switch (se.getHandshakeStatus()) {
  60                         case NEED_WRAP:
  61                                 wrap(se, s);
  62                                 break;
  63                         case NEED_UNWRAP:
  64                                 unwrap(se, s);
  65                                 break;
  66                         case NEED_TASK:
  67                                 se.getDelegatedTask().run();
  68                                 break;
  69                         default:
  70                                 System.out.println(se.getHandshakeStatus());
  71                         }
  72                 }
  73         }
  74
  75         private SSLEngineResult unwrap(SSLEngine se, SocketChannel s) throws IOException, SSLException {
  76                 if (inC.remaining() == 0) {
  77                         inC.clear();
  78                         s.read(inC);
  79                         inC.flip();
  80                 }
  81                 SSLEngineResult result = se.unwrap(inC, in);
  82                 if (result.getStatus() == javax.net.ssl.SSLEngineResult.Status.BUFFER_UNDERFLOW) {
  83                         int pos = inC.position();
  84                         int limit = inC.limit();
  85                         inC.limit(inC.capacity());
  86                         inC.position(limit);
  87                         int read = s.read(inC);
  88                         if (read <= 0) {
  89                                 throw new EOFException();
  90                         }
  91                         inC.limit(inC.position());
  92                         inC.position(pos);
  93                 }
  94                 return result;
  95         }
  96
  97         private SSLEngineResult wrap(SSLEngine se, SocketChannel s) throws SSLException, IOException {
  98                 outC.clear();
  99                 SSLEngineResult result = se.wrap(out, outC);
 100                 outC.flip();
 101                 s.write(outC);
 102
 103                 return result;
 104         }
 105 }