| /* |
| * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| /* |
| * @test |
| * @bug 8043758 |
| * @summary Testing DTLS incorrect app data packages unwrapping. |
| * @key randomness |
| * @library /sun/security/krb5/auto /test/lib /javax/net/ssl/TLSCommon |
| * @modules java.security.jgss |
| * jdk.security.auth |
| * java.security.jgss/sun.security.krb5:+open |
| * java.security.jgss/sun.security.krb5.internal:+open |
| * java.security.jgss/sun.security.krb5.internal.ccache |
| * java.security.jgss/sun.security.krb5.internal.crypto |
| * java.security.jgss/sun.security.krb5.internal.ktab |
| * java.base/sun.security.util |
| * @build jdk.test.lib.RandomFactory |
| * @run main/othervm -Dtest.security.protocol=DTLS |
| * -Dtest.mode=norm DTLSIncorrectAppDataTest |
| * @run main/othervm -Dtest.security.protocol=DTLS |
| * -Dtest.mode=norm_sni DTLSIncorrectAppDataTest |
| * @run main/othervm -Dtest.security.protocol=DTLS |
| * -Dtest.mode=krb DTLSIncorrectAppDataTest |
| */ |
| |
| import java.nio.ByteBuffer; |
| import javax.net.ssl.SSLContext; |
| import javax.net.ssl.SSLEngine; |
| import javax.net.ssl.SSLEngineResult; |
| import javax.net.ssl.SSLException; |
| import java.util.Random; |
| import jdk.test.lib.RandomFactory; |
| |
| /** |
| * Testing DTLS incorrect app data packages unwrapping. Incorrect application |
| * data packages should be ignored by DTLS SSLEngine. |
| */ |
| public class DTLSIncorrectAppDataTest extends SSLEngineTestCase { |
| |
| private final String MESSAGE = "Hello peer!"; |
| |
| public static void main(String[] s) { |
| DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest(); |
| setUpAndStartKDCIfNeeded(); |
| test.runTests(); |
| } |
| |
| @Override |
| protected void testOneCipher(String cipher) { |
| SSLContext context = getContext(); |
| int maxPacketSize = getMaxPacketSize(); |
| boolean useSNI = !TEST_MODE.equals("norm"); |
| SSLEngine clientEngine = getClientSSLEngine(context, useSNI); |
| SSLEngine serverEngine = getServerSSLEngine(context, useSNI); |
| clientEngine.setEnabledCipherSuites(new String[]{cipher}); |
| serverEngine.setEnabledCipherSuites(new String[]{cipher}); |
| serverEngine.setNeedClientAuth(!cipher.contains("anon")); |
| try { |
| doHandshake(clientEngine, serverEngine, maxPacketSize, |
| HandshakeMode.INITIAL_HANDSHAKE); |
| checkIncorrectAppDataUnwrap(clientEngine, serverEngine); |
| checkIncorrectAppDataUnwrap(serverEngine, clientEngine); |
| } catch (SSLException ssle) { |
| throw new AssertionError("Error during handshake or sending app data", |
| ssle); |
| } |
| } |
| |
| private void checkIncorrectAppDataUnwrap(SSLEngine sendEngine, |
| SSLEngine recvEngine) throws SSLException { |
| String direction = sendEngine.getUseClientMode() ? "client" |
| : "server"; |
| System.out.println("=================================================" |
| + "==========="); |
| System.out.println("Testing DTLS incorrect app data packages unwrapping" |
| + " by sending data from " + direction); |
| ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes()); |
| ByteBuffer net = doWrap(sendEngine, direction, 0, app); |
| final Random RNG = RandomFactory.getRandom(); |
| int randomPlace = RNG.nextInt(net.remaining()); |
| net.array()[randomPlace] += 1; |
| app = ByteBuffer.allocate(recvEngine.getSession() |
| .getApplicationBufferSize()); |
| recvEngine.unwrap(net, app); |
| app.flip(); |
| int length = app.remaining(); |
| System.out.println("Unwrapped " + length + " bytes."); |
| } |
| } |