Java Code Examples for io.netty.handler.ssl.util.SelfSignedCertificate#delete()
The following examples show how to use
io.netty.handler.ssl.util.SelfSignedCertificate#delete() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 6 votes |
@Test public void testCloseInboundAfterBeginHandshake() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); clientSslCtx = SslContextBuilder .forClient() .sslProvider(sslClientProvider()) .build(); SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); serverSslCtx = SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .build(); SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); try { testCloseInboundAfterBeginHandshake(client); testCloseInboundAfterBeginHandshake(server); } finally { cleanupClientSslEngine(client); cleanupServerSslEngine(server); cert.delete(); } }
Example 2
Source File: OpenSslEngineTest.java From netty-4.1.22 with Apache License 2.0 | 6 votes |
@Test public void testSNIMatchersDoesNotThrow() throws Exception { assumeTrue(PlatformDependent.javaVersion() >= 8); SelfSignedCertificate ssc = new SelfSignedCertificate(); serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .build(); SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); try { SSLParameters parameters = new SSLParameters(); Java8SslTestUtils.setSNIMatcher(parameters); engine.setSSLParameters(parameters); } finally { cleanupServerSslEngine(engine); ssc.delete(); } }
Example 3
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 6 votes |
@Test public void testBeginHandshakeCloseOutbound() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); clientSslCtx = SslContextBuilder .forClient() .sslProvider(sslClientProvider()) .build(); SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); serverSslCtx = SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .build(); SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); try { testBeginHandshakeCloseOutbound(client); testBeginHandshakeCloseOutbound(server); } finally { cleanupClientSslEngine(client); cleanupServerSslEngine(server); cert.delete(); } }
Example 4
Source File: PemEncodedTest.java From netty-4.1.22 with Apache License 2.0 | 6 votes |
private static void testPemEncoded(SslProvider provider) throws Exception { assumeTrue(OpenSsl.isAvailable()); assumeFalse(OpenSsl.useKeyManagerFactory()); PemPrivateKey pemKey; PemX509Certificate pemCert; SelfSignedCertificate ssc = new SelfSignedCertificate(); try { pemKey = PemPrivateKey.valueOf(toByteArray(ssc.privateKey())); pemCert = PemX509Certificate.valueOf(toByteArray(ssc.certificate())); } finally { ssc.delete(); } SslContext context = SslContextBuilder.forServer(pemKey, pemCert) .sslProvider(provider) .build(); assertEquals(1, pemKey.refCnt()); assertEquals(1, pemCert.refCnt()); try { assertTrue(context instanceof ReferenceCountedOpenSslContext); } finally { ReferenceCountUtil.release(context); assertRelease(pemKey); assertRelease(pemCert); } }
Example 5
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
@Test public void testHandshakeCompletesWithNonContiguousProtocolsTLSv1_2CipherOnly() throws Exception { SelfSignedCertificate ssc = new SelfSignedCertificate(); // Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail // due to no shared/supported cipher. final String sharedCipher = "TLS_RSA_WITH_AES_128_CBC_SHA"; clientSslCtx = SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .ciphers(Arrays.asList(sharedCipher)) .protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1) .sslProvider(sslClientProvider()) .build(); serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .ciphers(Arrays.asList(sharedCipher)) .protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1) .sslProvider(sslServerProvider()) .build(); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); handshake(clientEngine, serverEngine); } finally { cleanupClientSslEngine(clientEngine); cleanupServerSslEngine(serverEngine); ssc.delete(); } }
Example 6
Source File: SslHandlerTest.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
@Test public void testReleaseSslEngine() throws Exception { assumeTrue(OpenSsl.isAvailable()); SelfSignedCertificate cert = new SelfSignedCertificate(); try { SslContext sslContext = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()) .sslProvider(SslProvider.OPENSSL) .build(); try { SSLEngine sslEngine = sslContext.newEngine(ByteBufAllocator.DEFAULT); EmbeddedChannel ch = new EmbeddedChannel(new SslHandler(sslEngine)); assertEquals(1, ((ReferenceCounted) sslContext).refCnt()); assertEquals(1, ((ReferenceCounted) sslEngine).refCnt()); assertTrue(ch.finishAndReleaseAll()); ch.close().syncUninterruptibly(); assertEquals(1, ((ReferenceCounted) sslContext).refCnt()); assertEquals(0, ((ReferenceCounted) sslEngine).refCnt()); } finally { ReferenceCountUtil.release(sslContext); } } finally { cert.delete(); } }
Example 7
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
@Test public void testWrapAfterCloseOutbound() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); clientSslCtx = SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) .build(); SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); serverSslCtx = SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .build(); SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); try { ByteBuffer dst = allocateBuffer(client.getSession().getPacketBufferSize()); ByteBuffer src = allocateBuffer(1024); handshake(client, server); // This will produce a close_notify client.closeOutbound(); SSLEngineResult result = client.wrap(src, dst); assertEquals(SSLEngineResult.Status.CLOSED, result.getStatus()); assertEquals(0, result.bytesConsumed()); assertTrue(result.bytesProduced() > 0); assertTrue(client.isOutboundDone()); assertFalse(client.isInboundDone()); } finally { cert.delete(); cleanupClientSslEngine(client); cleanupServerSslEngine(server); } }
Example 8
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
@Test public void testHandshakeCompletesWithoutFilteringSupportedCipher() throws Exception { SelfSignedCertificate ssc = new SelfSignedCertificate(); // Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail // due to no shared/supported cipher. final String sharedCipher = "TLS_RSA_WITH_AES_128_CBC_SHA"; clientSslCtx = SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .ciphers(Arrays.asList(sharedCipher), SupportedCipherSuiteFilter.INSTANCE) .protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1) .sslProvider(sslClientProvider()) .build(); serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .ciphers(Arrays.asList(sharedCipher), SupportedCipherSuiteFilter.INSTANCE) .protocols(PROTOCOL_TLS_V1_2, PROTOCOL_TLS_V1) .sslProvider(sslServerProvider()) .build(); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); handshake(clientEngine, serverEngine); } finally { cleanupClientSslEngine(clientEngine); cleanupServerSslEngine(serverEngine); ssc.delete(); } }
Example 9
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
protected void setupHandlers(ApplicationProtocolConfig serverApn, ApplicationProtocolConfig clientApn) throws InterruptedException, SSLException, CertificateException { SelfSignedCertificate ssc = new SelfSignedCertificate(); try { setupHandlers(SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey(), null) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(serverApn) .sessionCacheSize(0) .sessionTimeout(0) .build(), SslContextBuilder.forClient() .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) .applicationProtocolConfig(clientApn) .trustManager(InsecureTrustManagerFactory.INSTANCE) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE) .sessionCacheSize(0) .sessionTimeout(0) .build()); } finally { ssc.delete(); } }
Example 10
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
@Test public void testSSLSessionId() throws Exception { clientSslCtx = SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) .build(); SelfSignedCertificate ssc = new SelfSignedCertificate(); serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) .build(); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); // Before the handshake the id should have length == 0 assertEquals(0, clientEngine.getSession().getId().length); assertEquals(0, serverEngine.getSession().getId().length); handshake(clientEngine, serverEngine); // After the handshake the id should have length > 0 assertNotEquals(0, clientEngine.getSession().getId().length); assertNotEquals(0, serverEngine.getSession().getId().length); assertArrayEquals(clientEngine.getSession().getId(), serverEngine.getSession().getId()); } finally { cleanupClientSslEngine(clientEngine); cleanupServerSslEngine(serverEngine); ssc.delete(); } }
Example 11
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
@Test public void testSessionInvalidate() throws Exception { clientSslCtx = SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .sslProvider(sslClientProvider()) .sslContextProvider(clientSslContextProvider()) .build(); SelfSignedCertificate ssc = new SelfSignedCertificate(); serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslServerProvider()) .sslContextProvider(serverSslContextProvider()) .build(); SSLEngine clientEngine = null; SSLEngine serverEngine = null; try { clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); handshake(clientEngine, serverEngine); SSLSession session = serverEngine.getSession(); assertTrue(session.isValid()); session.invalidate(); assertFalse(session.isValid()); } finally { cleanupClientSslEngine(clientEngine); cleanupServerSslEngine(serverEngine); ssc.delete(); } }
Example 12
Source File: OcspTest.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
@Test(expected = IllegalArgumentException.class) public void testJdkServerEnableOcsp() throws Exception { SelfSignedCertificate ssc = new SelfSignedCertificate(); try { SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(SslProvider.JDK) .enableOcsp(true) .build(); } finally { ssc.delete(); } }
Example 13
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
@Test public void testUnwrapBehavior() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); clientSslCtx = SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) .build(); SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); serverSslCtx = SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .build(); SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); byte[] bytes = "Hello World".getBytes(CharsetUtil.US_ASCII); try { ByteBuffer plainClientOut = allocateBuffer(client.getSession().getApplicationBufferSize()); ByteBuffer encryptedClientToServer = allocateBuffer(server.getSession().getPacketBufferSize() * 2); ByteBuffer plainServerIn = allocateBuffer(server.getSession().getApplicationBufferSize()); handshake(client, server); // create two TLS frames // first frame plainClientOut.put(bytes, 0, 5); plainClientOut.flip(); SSLEngineResult result = client.wrap(plainClientOut, encryptedClientToServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(5, result.bytesConsumed()); assertTrue(result.bytesProduced() > 0); assertFalse(plainClientOut.hasRemaining()); // second frame plainClientOut.clear(); plainClientOut.put(bytes, 5, 6); plainClientOut.flip(); result = client.wrap(plainClientOut, encryptedClientToServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(6, result.bytesConsumed()); assertTrue(result.bytesProduced() > 0); // send over to server encryptedClientToServer.flip(); // try with too small output buffer first (to check BUFFER_OVERFLOW case) int remaining = encryptedClientToServer.remaining(); ByteBuffer small = allocateBuffer(3); result = server.unwrap(encryptedClientToServer, small); assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus()); assertEquals(remaining, encryptedClientToServer.remaining()); // now with big enough buffer result = server.unwrap(encryptedClientToServer, plainServerIn); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(5, result.bytesProduced()); assertTrue(encryptedClientToServer.hasRemaining()); result = server.unwrap(encryptedClientToServer, plainServerIn); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(6, result.bytesProduced()); assertFalse(encryptedClientToServer.hasRemaining()); plainServerIn.flip(); assertEquals(ByteBuffer.wrap(bytes), plainServerIn); } finally { cleanupClientSslEngine(client); cleanupServerSslEngine(server); cert.delete(); } }
Example 14
Source File: OpenSslEngineTest.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
@Test public void testMultipleRecordsInOneBufferWithNonZeroPositionJDKCompatabilityModeOff() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); clientSslCtx = SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) .build(); SSLEngine client = clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine(); serverSslCtx = SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .build(); SSLEngine server = serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine(); try { // Choose buffer size small enough that we can put multiple buffers into one buffer and pass it into the // unwrap call without exceed MAX_ENCRYPTED_PACKET_LENGTH. final int plainClientOutLen = 1024; ByteBuffer plainClientOut = allocateBuffer(plainClientOutLen); ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize()); ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize()); int positionOffset = 1; // We need to be able to hold 2 records + positionOffset ByteBuffer combinedEncClientToServer = allocateBuffer( encClientToServer.capacity() * 2 + positionOffset); combinedEncClientToServer.position(positionOffset); handshake(client, server); plainClientOut.limit(plainClientOut.capacity()); SSLEngineResult result = client.wrap(plainClientOut, encClientToServer); assertEquals(plainClientOut.capacity(), result.bytesConsumed()); assertTrue(result.bytesProduced() > 0); encClientToServer.flip(); // Copy the first record into the combined buffer combinedEncClientToServer.put(encClientToServer); plainClientOut.clear(); encClientToServer.clear(); result = client.wrap(plainClientOut, encClientToServer); assertEquals(plainClientOut.capacity(), result.bytesConsumed()); assertTrue(result.bytesProduced() > 0); encClientToServer.flip(); // Copy the first record into the combined buffer combinedEncClientToServer.put(encClientToServer); encClientToServer.clear(); combinedEncClientToServer.flip(); combinedEncClientToServer.position(positionOffset); // Make sure the limit takes positionOffset into account to the content we are looking at is correct. combinedEncClientToServer.limit( combinedEncClientToServer.limit() - positionOffset); final int combinedEncClientToServerLen = combinedEncClientToServer.remaining(); result = server.unwrap(combinedEncClientToServer, plainServerOut); assertEquals(0, combinedEncClientToServer.remaining()); assertEquals(combinedEncClientToServerLen, result.bytesConsumed()); assertEquals(plainClientOutLen, result.bytesProduced()); } finally { cert.delete(); cleanupClientSslEngine(client); cleanupServerSslEngine(server); } }
Example 15
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
@Test public void testPacketBufferSizeLimit() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); clientSslCtx = SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) .build(); SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); serverSslCtx = SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .build(); SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); try { // Allocate an buffer that is bigger then the max plain record size. ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize() * 2); handshake(client, server); // Fill the whole buffer and flip it. plainServerOut.position(plainServerOut.capacity()); plainServerOut.flip(); ByteBuffer encryptedServerToClient = allocateBuffer(server.getSession().getPacketBufferSize()); int encryptedServerToClientPos = encryptedServerToClient.position(); int plainServerOutPos = plainServerOut.position(); SSLEngineResult result = server.wrap(plainServerOut, encryptedServerToClient); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(plainServerOut.position() - plainServerOutPos, result.bytesConsumed()); assertEquals(encryptedServerToClient.position() - encryptedServerToClientPos, result.bytesProduced()); } finally { cleanupClientSslEngine(client); cleanupServerSslEngine(server); cert.delete(); } }
Example 16
Source File: OpenSslEngineTest.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
@Test public void testBufferUnderFlowAvoidedIfJDKCompatabilityModeOff() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); clientSslCtx = SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) .build(); SSLEngine client = clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine(); serverSslCtx = SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .build(); SSLEngine server = serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine(); try { ByteBuffer plainClient = allocateBuffer(1024); plainClient.limit(plainClient.capacity()); ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize()); ByteBuffer plainServer = allocateBuffer(server.getSession().getApplicationBufferSize()); handshake(client, server); SSLEngineResult result = client.wrap(plainClient, encClientToServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(result.bytesConsumed(), plainClient.capacity()); // Flip so we can read it. encClientToServer.flip(); int remaining = encClientToServer.remaining(); // We limit the buffer so we have less then the header to read, this should result in an BUFFER_UNDERFLOW. encClientToServer.limit(SslUtils.SSL_RECORD_HEADER_LENGTH - 1); result = server.unwrap(encClientToServer, plainServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(SslUtils.SSL_RECORD_HEADER_LENGTH - 1, result.bytesConsumed()); assertEquals(0, result.bytesProduced()); remaining -= result.bytesConsumed(); // We limit the buffer so we can read the header but not the rest, this should result in an // BUFFER_UNDERFLOW. encClientToServer.limit(SslUtils.SSL_RECORD_HEADER_LENGTH); result = server.unwrap(encClientToServer, plainServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(1, result.bytesConsumed()); assertEquals(0, result.bytesProduced()); remaining -= result.bytesConsumed(); // We limit the buffer so we can read the header and partly the rest, this should result in an // BUFFER_UNDERFLOW. encClientToServer.limit( SslUtils.SSL_RECORD_HEADER_LENGTH + remaining - 1 - SslUtils.SSL_RECORD_HEADER_LENGTH); result = server.unwrap(encClientToServer, plainServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(encClientToServer.limit() - SslUtils.SSL_RECORD_HEADER_LENGTH, result.bytesConsumed()); assertEquals(0, result.bytesProduced()); remaining -= result.bytesConsumed(); // Reset limit so we can read the full record. encClientToServer.limit(remaining); assertEquals(0, encClientToServer.remaining()); result = server.unwrap(encClientToServer, plainServer); assertEquals(SSLEngineResult.Status.BUFFER_UNDERFLOW, result.getStatus()); assertEquals(0, result.bytesConsumed()); assertEquals(0, result.bytesProduced()); encClientToServer.position(0); result = server.unwrap(encClientToServer, plainServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(remaining, result.bytesConsumed()); assertEquals(0, result.bytesProduced()); } finally { cert.delete(); cleanupClientSslEngine(client); cleanupServerSslEngine(server); } }
Example 17
Source File: OpenSslEngineTest.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
@Test public void testPartialPacketUnwrapJDKCompatabilityModeOff() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); clientSslCtx = SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) .build(); SSLEngine client = clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine(); serverSslCtx = SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .build(); SSLEngine server = serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine(); try { ByteBuffer plainClient = allocateBuffer(1024); ByteBuffer plainClient2 = allocateBuffer(512); ByteBuffer plainClientTotal = allocateBuffer(plainClient.capacity() + plainClient2.capacity()); plainClientTotal.put(plainClient); plainClientTotal.put(plainClient2); plainClient.clear(); plainClient2.clear(); plainClientTotal.flip(); ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize()); ByteBuffer plainServer = allocateBuffer(server.getSession().getApplicationBufferSize()); handshake(client, server); SSLEngineResult result = client.wrap(plainClient, encClientToServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(result.bytesConsumed(), plainClient.capacity()); final int encClientLen = result.bytesProduced(); result = client.wrap(plainClient2, encClientToServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(result.bytesConsumed(), plainClient2.capacity()); final int encClientLen2 = result.bytesProduced(); // Flip so we can read it. encClientToServer.flip(); // Consume a partial TLS packet. ByteBuffer encClientFirstHalf = encClientToServer.duplicate(); encClientFirstHalf.limit(encClientLen / 2); result = server.unwrap(encClientFirstHalf, plainServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(result.bytesConsumed(), encClientLen / 2); encClientToServer.position(result.bytesConsumed()); // We now have half of the first packet and the whole second packet, so lets decode all but the last byte. ByteBuffer encClientAllButLastByte = encClientToServer.duplicate(); final int encClientAllButLastByteLen = encClientAllButLastByte.remaining() - 1; encClientAllButLastByte.limit(encClientAllButLastByte.limit() - 1); result = server.unwrap(encClientAllButLastByte, plainServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(result.bytesConsumed(), encClientAllButLastByteLen); encClientToServer.position(encClientToServer.position() + result.bytesConsumed()); // Read the last byte and verify the original content has been decrypted. result = server.unwrap(encClientToServer, plainServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(result.bytesConsumed(), 1); plainServer.flip(); assertEquals(plainClientTotal, plainServer); } finally { cert.delete(); cleanupClientSslEngine(client); cleanupServerSslEngine(server); } }
Example 18
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
@Test public void testMultipleRecordsInOneBufferWithNonZeroPosition() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); clientSslCtx = SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) .build(); SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); serverSslCtx = SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .build(); SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); try { // Choose buffer size small enough that we can put multiple buffers into one buffer and pass it into the // unwrap call without exceed MAX_ENCRYPTED_PACKET_LENGTH. ByteBuffer plainClientOut = allocateBuffer(1024); ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize()); ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize()); int positionOffset = 1; // We need to be able to hold 2 records + positionOffset ByteBuffer combinedEncClientToServer = allocateBuffer( encClientToServer.capacity() * 2 + positionOffset); combinedEncClientToServer.position(positionOffset); handshake(client, server); plainClientOut.limit(plainClientOut.capacity()); SSLEngineResult result = client.wrap(plainClientOut, encClientToServer); assertEquals(plainClientOut.capacity(), result.bytesConsumed()); assertTrue(result.bytesProduced() > 0); encClientToServer.flip(); // Copy the first record into the combined buffer combinedEncClientToServer.put(encClientToServer); plainClientOut.clear(); encClientToServer.clear(); result = client.wrap(plainClientOut, encClientToServer); assertEquals(plainClientOut.capacity(), result.bytesConsumed()); assertTrue(result.bytesProduced() > 0); encClientToServer.flip(); int encClientToServerLen = encClientToServer.remaining(); // Copy the first record into the combined buffer combinedEncClientToServer.put(encClientToServer); encClientToServer.clear(); combinedEncClientToServer.flip(); combinedEncClientToServer.position(positionOffset); // Ensure we have the first record and a tiny amount of the second record in the buffer combinedEncClientToServer.limit( combinedEncClientToServer.limit() - (encClientToServerLen - positionOffset)); result = server.unwrap(combinedEncClientToServer, plainServerOut); assertEquals(encClientToServerLen, result.bytesConsumed()); assertTrue(result.bytesProduced() > 0); } finally { cert.delete(); cleanupClientSslEngine(client); cleanupServerSslEngine(server); } }
Example 19
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
@Test public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); clientSslCtx = SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) .build(); SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); serverSslCtx = SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .build(); SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); try { ByteBuffer plainClientOut = allocateBuffer(4096); ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize()); ByteBuffer encClientToServer = allocateBuffer(server.getSession().getPacketBufferSize() * 2); handshake(client, server); int srcLen = plainClientOut.remaining(); SSLEngineResult result; while (encClientToServer.position() <= server.getSession().getPacketBufferSize()) { result = client.wrap(plainClientOut, encClientToServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(srcLen, result.bytesConsumed()); assertTrue(result.bytesProduced() > 0); plainClientOut.clear(); } encClientToServer.flip(); result = server.unwrap(encClientToServer, plainServerOut); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertTrue(result.bytesConsumed() > 0); assertTrue(result.bytesProduced() > 0); } finally { cert.delete(); cleanupClientSslEngine(client); cleanupServerSslEngine(server); } }
Example 20
Source File: SSLEngineTest.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
@Test public void testBufferUnderFlow() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); clientSslCtx = SslContextBuilder .forClient() .trustManager(cert.cert()) .sslProvider(sslClientProvider()) .build(); SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); serverSslCtx = SslContextBuilder .forServer(cert.certificate(), cert.privateKey()) .sslProvider(sslServerProvider()) .build(); SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); try { ByteBuffer plainClient = allocateBuffer(1024); plainClient.limit(plainClient.capacity()); ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize()); ByteBuffer plainServer = allocateBuffer(server.getSession().getApplicationBufferSize()); handshake(client, server); SSLEngineResult result = client.wrap(plainClient, encClientToServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(result.bytesConsumed(), plainClient.capacity()); // Flip so we can read it. encClientToServer.flip(); int remaining = encClientToServer.remaining(); // We limit the buffer so we have less then the header to read, this should result in an BUFFER_UNDERFLOW. encClientToServer.limit(SSL_RECORD_HEADER_LENGTH - 1); result = server.unwrap(encClientToServer, plainServer); assertResultIsBufferUnderflow(result); // We limit the buffer so we can read the header but not the rest, this should result in an // BUFFER_UNDERFLOW. encClientToServer.limit(SSL_RECORD_HEADER_LENGTH); result = server.unwrap(encClientToServer, plainServer); assertResultIsBufferUnderflow(result); // We limit the buffer so we can read the header and partly the rest, this should result in an // BUFFER_UNDERFLOW. encClientToServer.limit(SSL_RECORD_HEADER_LENGTH + remaining - 1 - SSL_RECORD_HEADER_LENGTH); result = server.unwrap(encClientToServer, plainServer); assertResultIsBufferUnderflow(result); // Reset limit so we can read the full record. encClientToServer.limit(remaining); result = server.unwrap(encClientToServer, plainServer); assertEquals(SSLEngineResult.Status.OK, result.getStatus()); assertEquals(result.bytesConsumed(), remaining); assertTrue(result.bytesProduced() > 0); } finally { cert.delete(); cleanupClientSslEngine(client); cleanupServerSslEngine(server); } }