Add unit test that shows we correctly return BUFFER_UNDERFLOW
Motivation: We should test that we correctly return BUFFER_UNDERFLOW if the src buffer not contains enough data to unwrap it. Modification: Add unit test to verify behaviour. Result: Better test coverrage of SSLEngine implementations.
This commit is contained in:
parent
b69c7723f2
commit
5cd8133477
@ -1694,4 +1694,76 @@ public abstract class SSLEngineTest {
|
||||
cleanupServerSslEngine(server);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testBufferUnderFlow() throws Exception {
|
||||
SelfSignedCertificate cert = new SelfSignedCertificate();
|
||||
|
||||
clientSslCtx = SslContextBuilder
|
||||
.forClient()
|
||||
.trustManager(cert.cert())
|
||||
.sslProvider(sslClientProvider())
|
||||
.build();
|
||||
SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
|
||||
|
||||
serverSslCtx = SslContextBuilder
|
||||
.forServer(cert.certificate(), cert.privateKey())
|
||||
.sslProvider(sslServerProvider())
|
||||
.build();
|
||||
SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
|
||||
|
||||
try {
|
||||
ByteBuffer plainClient = allocateBuffer(1024);
|
||||
plainClient.limit(plainClient.capacity());
|
||||
|
||||
ByteBuffer encClientToServer = allocateBuffer(client.getSession().getPacketBufferSize());
|
||||
ByteBuffer plainServer = allocateBuffer(server.getSession().getApplicationBufferSize());
|
||||
|
||||
handshake(client, server);
|
||||
|
||||
SSLEngineResult result = client.wrap(plainClient, encClientToServer);
|
||||
assertEquals(SSLEngineResult.Status.OK, result.getStatus());
|
||||
assertEquals(result.bytesConsumed(), plainClient.capacity());
|
||||
|
||||
// Flip so we can read it.
|
||||
encClientToServer.flip();
|
||||
int remaining = encClientToServer.remaining();
|
||||
|
||||
// We limit the buffer so we have less then the header to read, this should result in an BUFFER_UNDERFLOW.
|
||||
encClientToServer.limit(SslUtils.SSL_RECORD_HEADER_LENGTH - 1);
|
||||
result = server.unwrap(encClientToServer, plainServer);
|
||||
assertResultIsBufferUnderflow(result);
|
||||
|
||||
// We limit the buffer so we can read the header but not the rest, this should result in an
|
||||
// BUFFER_UNDERFLOW.
|
||||
encClientToServer.limit(SslUtils.SSL_RECORD_HEADER_LENGTH);
|
||||
result = server.unwrap(encClientToServer, plainServer);
|
||||
assertResultIsBufferUnderflow(result);
|
||||
|
||||
// We limit the buffer so we can read the header and partly the rest, this should result in an
|
||||
// BUFFER_UNDERFLOW.
|
||||
encClientToServer.limit(
|
||||
SslUtils.SSL_RECORD_HEADER_LENGTH + remaining - 1 - SslUtils.SSL_RECORD_HEADER_LENGTH);
|
||||
result = server.unwrap(encClientToServer, plainServer);
|
||||
assertResultIsBufferUnderflow(result);
|
||||
|
||||
// Reset limit so we can read the full record.
|
||||
encClientToServer.limit(remaining);
|
||||
|
||||
result = server.unwrap(encClientToServer, plainServer);
|
||||
assertEquals(SSLEngineResult.Status.OK, result.getStatus());
|
||||
assertEquals(result.bytesConsumed(), remaining);
|
||||
assertTrue(result.bytesProduced() > 0);
|
||||
} finally {
|
||||
cert.delete();
|
||||
cleanupClientSslEngine(client);
|
||||
cleanupServerSslEngine(server);
|
||||
}
|
||||
}
|
||||
|
||||
private static void assertResultIsBufferUnderflow(SSLEngineResult result) {
|
||||
assertEquals(SSLEngineResult.Status.BUFFER_UNDERFLOW, result.getStatus());
|
||||
assertEquals(0, result.bytesConsumed());
|
||||
assertEquals(0, result.bytesProduced());
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user