1 /* 2 * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 8043758 27 * @summary Testing DTLS incorrect app data packages unwrapping. 28 * @key randomness 29 * @library /sun/security/krb5/auto /test/lib /javax/net/ssl/TLSCommon 30 * @modules java.security.jgss 31 * jdk.security.auth 32 * java.security.jgss/sun.security.krb5:+open 33 * java.security.jgss/sun.security.krb5.internal:+open 34 * java.security.jgss/sun.security.krb5.internal.ccache 35 * java.security.jgss/sun.security.krb5.internal.crypto 36 * java.security.jgss/sun.security.krb5.internal.ktab 37 * java.base/sun.security.util 38 * @build jdk.test.lib.RandomFactory 39 * @run main/othervm -Dtest.security.protocol=DTLS 40 * -Dtest.mode=norm DTLSIncorrectAppDataTest 41 * @run main/othervm -Dtest.security.protocol=DTLS 42 * -Dtest.mode=norm_sni DTLSIncorrectAppDataTest 43 * @run main/othervm -Dtest.security.protocol=DTLS 44 * -Dtest.mode=krb DTLSIncorrectAppDataTest 45 */ 46 47 import java.nio.ByteBuffer; 48 import javax.net.ssl.SSLContext; 49 import javax.net.ssl.SSLEngine; 50 import javax.net.ssl.SSLEngineResult; 51 import javax.net.ssl.SSLException; 52 import java.util.Random; 53 import jdk.test.lib.RandomFactory; 54 55 /** 56 * Testing DTLS incorrect app data packages unwrapping. Incorrect application 57 * data packages should be ignored by DTLS SSLEngine. 58 */ 59 public class DTLSIncorrectAppDataTest extends SSLEngineTestCase { 60 61 private final String MESSAGE = "Hello peer!"; 62 63 public static void main(String[] s) { 64 DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest(); 65 setUpAndStartKDCIfNeeded(); 66 test.runTests(); 67 } 68 69 @Override 70 protected void testOneCipher(String cipher) { 71 SSLContext context = getContext(); 72 int maxPacketSize = getMaxPacketSize(); 73 boolean useSNI = !TEST_MODE.equals("norm"); 74 SSLEngine clientEngine = getClientSSLEngine(context, useSNI); 75 SSLEngine serverEngine = getServerSSLEngine(context, useSNI); 76 clientEngine.setEnabledCipherSuites(new String[]{cipher}); 77 serverEngine.setEnabledCipherSuites(new String[]{cipher}); 78 serverEngine.setNeedClientAuth(!cipher.contains("anon")); 79 try { 80 doHandshake(clientEngine, serverEngine, maxPacketSize, 81 HandshakeMode.INITIAL_HANDSHAKE); 82 checkIncorrectAppDataUnwrap(clientEngine, serverEngine); 83 checkIncorrectAppDataUnwrap(serverEngine, clientEngine); 84 } catch (SSLException ssle) { 85 throw new AssertionError("Error during handshake or sending app data", 86 ssle); 87 } 88 } 89 90 private void checkIncorrectAppDataUnwrap(SSLEngine sendEngine, 91 SSLEngine recvEngine) throws SSLException { 92 String direction = sendEngine.getUseClientMode() ? "client" 93 : "server"; 94 System.out.println("=================================================" 95 + "==========="); 96 System.out.println("Testing DTLS incorrect app data packages unwrapping" 97 + " by sending data from " + direction); 98 ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes()); 99 ByteBuffer net = doWrap(sendEngine, direction, 0, app); 100 final Random RNG = RandomFactory.getRandom(); 101 int randomPlace = RNG.nextInt(net.remaining()); 102 net.array()[randomPlace] += 1; 103 app = ByteBuffer.allocate(recvEngine.getSession() 104 .getApplicationBufferSize()); 105 recvEngine.unwrap(net, app); 106 app.flip(); 107 int length = app.remaining(); 108 System.out.println("Unwrapped " + length + " bytes."); 109 } 110 }