New test/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java

   1 /*
   2  * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 8043758
  27  * @summary Testing DTLS incorrect app data packages unwrapping.
  28  * @key randomness
  29  * @library /sun/security/krb5/auto /test/lib /javax/net/ssl/TLSCommon
  30  * @modules java.security.jgss
  31  *          jdk.security.auth
  32  *          java.security.jgss/sun.security.krb5:+open
  33  *          java.security.jgss/sun.security.krb5.internal:+open
  34  *          java.security.jgss/sun.security.krb5.internal.ccache
  35  *          java.security.jgss/sun.security.krb5.internal.crypto
  36  *          java.security.jgss/sun.security.krb5.internal.ktab
  37  *          java.base/sun.security.util
  38  * @build jdk.test.lib.RandomFactory
  39  * @run main/othervm -Dtest.security.protocol=DTLS
  40  *      -Dtest.mode=norm DTLSIncorrectAppDataTest
  41  * @run main/othervm -Dtest.security.protocol=DTLS
  42  *      -Dtest.mode=norm_sni DTLSIncorrectAppDataTest
  43  * @run main/othervm -Dtest.security.protocol=DTLS
  44  *      -Dtest.mode=krb DTLSIncorrectAppDataTest
  45  */
  46 
  47 import java.nio.ByteBuffer;
  48 import javax.net.ssl.SSLContext;
  49 import javax.net.ssl.SSLEngine;
  50 import javax.net.ssl.SSLEngineResult;
  51 import javax.net.ssl.SSLException;
  52 import java.util.Random;
  53 import jdk.test.lib.RandomFactory;
  54 
  55 /**
  56  * Testing DTLS incorrect app data packages unwrapping. Incorrect application
  57  * data packages should be ignored by DTLS SSLEngine.
  58  */
  59 public class DTLSIncorrectAppDataTest extends SSLEngineTestCase {
  60 
  61     private final String MESSAGE = "Hello peer!";
  62 
  63     public static void main(String[] s) {
  64         DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest();
  65         setUpAndStartKDCIfNeeded();
  66         test.runTests();
  67     }
  68 
  69     @Override
  70     protected void testOneCipher(String cipher) {
  71         SSLContext context = getContext();
  72         int maxPacketSize = getMaxPacketSize();
  73         boolean useSNI = !TEST_MODE.equals("norm");
  74         SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
  75         SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
  76         clientEngine.setEnabledCipherSuites(new String[]{cipher});
  77         serverEngine.setEnabledCipherSuites(new String[]{cipher});
  78         serverEngine.setNeedClientAuth(!cipher.contains("anon"));
  79         try {
  80             doHandshake(clientEngine, serverEngine, maxPacketSize,
  81                     HandshakeMode.INITIAL_HANDSHAKE);
  82             checkIncorrectAppDataUnwrap(clientEngine, serverEngine);
  83             checkIncorrectAppDataUnwrap(serverEngine, clientEngine);
  84         } catch (SSLException ssle) {
  85             throw new AssertionError("Error during handshake or sending app data",
  86                     ssle);
  87         }
  88     }
  89 
  90     private void checkIncorrectAppDataUnwrap(SSLEngine sendEngine,
  91             SSLEngine recvEngine) throws SSLException {
  92         String direction = sendEngine.getUseClientMode() ? "client"
  93                 : "server";
  94         System.out.println("================================================="
  95                 + "===========");
  96         System.out.println("Testing DTLS incorrect app data packages unwrapping"
  97                 + " by sending data from " + direction);
  98         ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes());
  99         ByteBuffer net = doWrap(sendEngine, direction, 0, app);
 100         final Random RNG = RandomFactory.getRandom();
 101         int randomPlace = RNG.nextInt(net.remaining());
 102         net.array()[randomPlace] += 1;
 103         app = ByteBuffer.allocate(recvEngine.getSession()
 104                 .getApplicationBufferSize());
 105         recvEngine.unwrap(net, app);
 106         app.flip();
 107         int length = app.remaining();
 108         System.out.println("Unwrapped " + length + " bytes.");
 109     }
 110 }