1 /* 2 * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 8043758 27 * @summary Testing DTLS incorrect app data packages unwrapping. 28 * @key randomness 29 * @library /sun/security/krb5/auto /test/lib /javax/net/ssl/TLSCommon 30 * @modules java.security.jgss 31 * jdk.security.auth 32 * java.security.jgss/sun.security.krb5:+open 33 * java.security.jgss/sun.security.krb5.internal:+open 34 * java.security.jgss/sun.security.krb5.internal.ccache 35 * java.security.jgss/sun.security.krb5.internal.crypto 36 * java.security.jgss/sun.security.krb5.internal.ktab 37 * java.base/sun.security.util 38 * @run main/othervm -Dtest.security.protocol=DTLS 39 * -Dtest.mode=norm DTLSIncorrectAppDataTest 40 * @run main/othervm -Dtest.security.protocol=DTLS 41 * -Dtest.mode=norm_sni DTLSIncorrectAppDataTest 42 * @run main/othervm -Dtest.security.protocol=DTLS 43 * -Dtest.mode=krb DTLSIncorrectAppDataTest 44 */ 45 46 import java.nio.ByteBuffer; 47 import javax.net.ssl.SSLContext; 48 import javax.net.ssl.SSLEngine; 49 import javax.net.ssl.SSLEngineResult; 50 import javax.net.ssl.SSLException; 51 import java.util.Random; 52 import jdk.test.lib.RandomFactory; 53 54 /** 55 * Testing DTLS incorrect app data packages unwrapping. Incorrect application 56 * data packages should be ignored by DTLS SSLEngine. 57 */ 58 public class DTLSIncorrectAppDataTest extends SSLEngineTestCase { 59 60 private final String MESSAGE = "Hello peer!"; 61 62 public static void main(String[] s) { 63 DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest(); 64 setUpAndStartKDCIfNeeded(); 65 test.runTests(); 66 } 67 68 @Override 69 protected void testOneCipher(String cipher) { 70 SSLContext context = getContext(); 71 int maxPacketSize = getMaxPacketSize(); 72 boolean useSNI = !TEST_MODE.equals("norm"); 73 SSLEngine clientEngine = getClientSSLEngine(context, useSNI); 74 SSLEngine serverEngine = getServerSSLEngine(context, useSNI); 75 clientEngine.setEnabledCipherSuites(new String[]{cipher}); 76 serverEngine.setEnabledCipherSuites(new String[]{cipher}); 77 serverEngine.setNeedClientAuth(!cipher.contains("anon")); 78 try { 79 doHandshake(clientEngine, serverEngine, maxPacketSize, 80 HandshakeMode.INITIAL_HANDSHAKE); 81 checkIncorrectAppDataUnwrap(clientEngine, serverEngine); 82 checkIncorrectAppDataUnwrap(serverEngine, clientEngine); 83 } catch (SSLException ssle) { 84 throw new AssertionError("Error during handshake or sending app data", 85 ssle); 86 } 87 } 88 89 private void checkIncorrectAppDataUnwrap(SSLEngine sendEngine, 90 SSLEngine recvEngine) throws SSLException { 91 String direction = sendEngine.getUseClientMode() ? "client" 92 : "server"; 93 System.out.println("=================================================" 94 + "==========="); 95 System.out.println("Testing DTLS incorrect app data packages unwrapping" 96 + " by sending data from " + direction); 97 ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes()); 98 ByteBuffer net = doWrap(sendEngine, direction, 0, app); 99 final Random RNG = RandomFactory.getRandom(); 100 int randomPlace = RNG.nextInt(net.remaining()); 101 net.array()[randomPlace] += 1; 102 app = ByteBuffer.allocate(recvEngine.getSession() 103 .getApplicationBufferSize()); 104 recvEngine.unwrap(net, app); 105 app.flip(); 106 int length = app.remaining(); 107 System.out.println("Unwrapped " + length + " bytes."); 108 } 109 }