X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=tests%2Forg%2Fcacert%2Fgigi%2FTestSSL.java;fp=tests%2Forg%2Fcacert%2Fgigi%2FTestSSL.java;h=83bc7f69b51214e5ab63675a3668c8288ac2a68e;hp=c39b20f5b07505cb9219c1ed22f6317616e96c38;hb=943d8e7ed0ea5a9d56e7e694a3cbd849c52bad16;hpb=05e8bb67c3407cbecbb528db16b1608d8534907e diff --git a/tests/org/cacert/gigi/TestSSL.java b/tests/org/cacert/gigi/TestSSL.java index c39b20f5..83bc7f69 100644 --- a/tests/org/cacert/gigi/TestSSL.java +++ b/tests/org/cacert/gigi/TestSSL.java @@ -18,88 +18,91 @@ import org.cacert.gigi.testUtils.ManagedTest; import org.junit.Test; public class TestSSL extends ManagedTest { - private ByteBuffer in; - private ByteBuffer inC; - private ByteBuffer outC; - private ByteBuffer out; - static { - InitTruststore.run(); - } - - @Test - public void testClientIntitiatedRenegotiation() throws NoSuchAlgorithmException, IOException { - SSLContext sc = SSLContext.getDefault(); - SSLEngine se = sc.createSSLEngine(); - String[] serverParts = getServerName().split(":", 2); - SocketChannel s = SocketChannel.open(new InetSocketAddress(serverParts[0], Integer.parseInt(serverParts[1]))); - - in = ByteBuffer.allocate(se.getSession().getApplicationBufferSize()); - inC = ByteBuffer.allocate(se.getSession().getPacketBufferSize()); - inC.limit(0); - out = ByteBuffer.allocate(se.getSession().getApplicationBufferSize()); - outC = ByteBuffer.allocate(se.getSession().getPacketBufferSize()); - outC.limit(0); - se.setUseClientMode(true); - se.beginHandshake(); - - work(se, s); - se.beginHandshake(); - try { - work(se, s); - throw new Error("Client re-negotiation succeded (possible DoS vulnerability"); - } catch (EOFException e) { - // Cool, server closed connection - } - - } - - private void work(SSLEngine se, SocketChannel s) throws SSLException, IOException { - while (se.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING - && se.getHandshakeStatus() != HandshakeStatus.FINISHED) { - switch (se.getHandshakeStatus()) { - case NEED_WRAP: - wrap(se, s); - break; - case NEED_UNWRAP: - unwrap(se, s); - break; - case NEED_TASK: - se.getDelegatedTask().run(); - break; - default: - System.out.println(se.getHandshakeStatus()); - } - } - } - - private SSLEngineResult unwrap(SSLEngine se, SocketChannel s) throws IOException, SSLException { - if (inC.remaining() == 0) { - inC.clear(); - s.read(inC); - inC.flip(); - } - SSLEngineResult result = se.unwrap(inC, in); - if (result.getStatus() == javax.net.ssl.SSLEngineResult.Status.BUFFER_UNDERFLOW) { - int pos = inC.position(); - int limit = inC.limit(); - inC.limit(inC.capacity()); - inC.position(limit); - int read = s.read(inC); - if (read <= 0) { - throw new EOFException(); - } - inC.limit(inC.position()); - inC.position(pos); - } - return result; - } - - private SSLEngineResult wrap(SSLEngine se, SocketChannel s) throws SSLException, IOException { - outC.clear(); - SSLEngineResult result = se.wrap(out, outC); - outC.flip(); - s.write(outC); - - return result; - } + + private ByteBuffer in; + + private ByteBuffer inC; + + private ByteBuffer outC; + + private ByteBuffer out; + static { + InitTruststore.run(); + } + + @Test + public void testClientIntitiatedRenegotiation() throws NoSuchAlgorithmException, IOException { + SSLContext sc = SSLContext.getDefault(); + SSLEngine se = sc.createSSLEngine(); + String[] serverParts = getServerName().split(":", 2); + SocketChannel s = SocketChannel.open(new InetSocketAddress(serverParts[0], Integer.parseInt(serverParts[1]))); + + in = ByteBuffer.allocate(se.getSession().getApplicationBufferSize()); + inC = ByteBuffer.allocate(se.getSession().getPacketBufferSize()); + inC.limit(0); + out = ByteBuffer.allocate(se.getSession().getApplicationBufferSize()); + outC = ByteBuffer.allocate(se.getSession().getPacketBufferSize()); + outC.limit(0); + se.setUseClientMode(true); + se.beginHandshake(); + + work(se, s); + se.beginHandshake(); + try { + work(se, s); + throw new Error("Client re-negotiation succeded (possible DoS vulnerability"); + } catch (EOFException e) { + // Cool, server closed connection + } + + } + + private void work(SSLEngine se, SocketChannel s) throws SSLException, IOException { + while (se.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING && se.getHandshakeStatus() != HandshakeStatus.FINISHED) { + switch (se.getHandshakeStatus()) { + case NEED_WRAP: + wrap(se, s); + break; + case NEED_UNWRAP: + unwrap(se, s); + break; + case NEED_TASK: + se.getDelegatedTask().run(); + break; + default: + System.out.println(se.getHandshakeStatus()); + } + } + } + + private SSLEngineResult unwrap(SSLEngine se, SocketChannel s) throws IOException, SSLException { + if (inC.remaining() == 0) { + inC.clear(); + s.read(inC); + inC.flip(); + } + SSLEngineResult result = se.unwrap(inC, in); + if (result.getStatus() == javax.net.ssl.SSLEngineResult.Status.BUFFER_UNDERFLOW) { + int pos = inC.position(); + int limit = inC.limit(); + inC.limit(inC.capacity()); + inC.position(limit); + int read = s.read(inC); + if (read <= 0) { + throw new EOFException(); + } + inC.limit(inC.position()); + inC.position(pos); + } + return result; + } + + private SSLEngineResult wrap(SSLEngine se, SocketChannel s) throws SSLException, IOException { + outC.clear(); + SSLEngineResult result = se.wrap(out, outC); + outC.flip(); + s.write(outC); + + return result; + } }