From d838b19b6f66c41bf2bcb8b7cc45d34d2a2b24d9 Mon Sep 17 00:00:00 2001 From: Trustin Lee Date: Fri, 12 Dec 2014 17:43:23 +0900 Subject: [PATCH] Test TLS renegotiation with explicit cipher suite change Motivation: So far, our TLS renegotiation test did not test changing cipher suite during renegotiation explicitly. Modifications: - Switch the cipher suite during renegotiation Result: We are now sure the cipher suite change works. --- .../transport/socket/SocketSslEchoTest.java | 49 +++++++++++++++---- .../channel/epoll/EpollSocketSslEchoTest.java | 4 +- 2 files changed, 42 insertions(+), 11 deletions(-) diff --git a/testsuite/src/test/java/io/netty/testsuite/transport/socket/SocketSslEchoTest.java b/testsuite/src/test/java/io/netty/testsuite/transport/socket/SocketSslEchoTest.java index b3a1d18eb5..64142f3337 100644 --- a/testsuite/src/test/java/io/netty/testsuite/transport/socket/SocketSslEchoTest.java +++ b/testsuite/src/test/java/io/netty/testsuite/transport/socket/SocketSslEchoTest.java @@ -81,12 +81,33 @@ public class SocketSslEchoTest extends AbstractSocketTest { KEY_FILE = ssc.privateKey(); } - public enum RenegotiationType { + protected enum RenegotiationType { NONE, // no renegotiation CLIENT_INITIATED, // renegotiation from client SERVER_INITIATED, // renegotiation from server } + protected static class Renegotiation { + static final Renegotiation NONE = new Renegotiation(RenegotiationType.NONE, null); + + final RenegotiationType type; + final String cipherSuite; + + Renegotiation(RenegotiationType type, String cipherSuite) { + this.type = type; + this.cipherSuite = cipherSuite; + } + + @Override + public String toString() { + if (type == RenegotiationType.NONE) { + return "NONE"; + } + + return type + "(" + cipherSuite + ')'; + } + } + @Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}, " + "renegotiation = {2}, autoRead = {3}, useChunkedWriteHandler = {4}, useCompositeByteBuf = {5}") @@ -117,8 +138,15 @@ public class SocketSslEchoTest extends AbstractSocketTest { continue; } + Renegotiation r; + if (rt == RenegotiationType.NONE) { + r = Renegotiation.NONE; + } else { + r = new Renegotiation(rt, "SSL_RSA_WITH_RC4_128_SHA"); + } + for (int i = 0; i < 8; i++) { - params.add(new Object[] { sc, cc, rt, (i & 4) != 0, (i & 2) != 0, (i & 1) != 0 }); + params.add(new Object[] { sc, cc, r, (i & 4) != 0, (i & 2) != 0, (i & 1) != 0 }); } } } @@ -129,17 +157,17 @@ public class SocketSslEchoTest extends AbstractSocketTest { private final SslContext serverCtx; private final SslContext clientCtx; - private final RenegotiationType renegotiationType; + private final Renegotiation renegotiation; private final boolean autoRead; private final boolean useChunkedWriteHandler; private final boolean useCompositeByteBuf; public SocketSslEchoTest( - SslContext serverCtx, SslContext clientCtx, RenegotiationType renegotiationType, + SslContext serverCtx, SslContext clientCtx, Renegotiation renegotiation, boolean autoRead, boolean useChunkedWriteHandler, boolean useCompositeByteBuf) { this.serverCtx = serverCtx; this.clientCtx = clientCtx; - this.renegotiationType = renegotiationType; + this.renegotiation = renegotiation; this.autoRead = autoRead; this.useChunkedWriteHandler = useChunkedWriteHandler; this.useCompositeByteBuf = useCompositeByteBuf; @@ -186,7 +214,7 @@ public class SocketSslEchoTest extends AbstractSocketTest { assertFalse(firstByteWriteFutureDone.get()); - boolean needsRenegotiation = renegotiationType == RenegotiationType.CLIENT_INITIATED; + boolean needsRenegotiation = renegotiation.type == RenegotiationType.CLIENT_INITIATED; Future renegoFuture = null; for (int i = FIRST_MESSAGE_SIZE; i < data.length;) { int length = Math.min(random.nextInt(1024 * 64), data.length - i); @@ -200,7 +228,9 @@ public class SocketSslEchoTest extends AbstractSocketTest { if (needsRenegotiation && i >= data.length / 2) { needsRenegotiation = false; - renegoFuture = cc.pipeline().get(SslHandler.class).renegotiate(); + SslHandler sslHandler = cc.pipeline().get(SslHandler.class); + sslHandler.engine().setEnabledCipherSuites(new String[] { renegotiation.cipherSuite }); + renegoFuture = sslHandler.renegotiate(); assertThat(renegoFuture, is(not(sameInstance(hf)))); } } @@ -263,7 +293,7 @@ public class SocketSslEchoTest extends AbstractSocketTest { // When renegotiation is done, both the client and server side should be notified. try { - if (renegotiationType != RenegotiationType.NONE) { + if (renegotiation.type != RenegotiationType.NONE) { assertThat(sh.negoCounter, is(2)); assertThat(ch.negoCounter, is(2)); } else { @@ -315,7 +345,7 @@ public class SocketSslEchoTest extends AbstractSocketTest { counter += actual.length; // Perform server-initiated renegotiation if necessary. - if (server && renegotiationType == RenegotiationType.SERVER_INITIATED && + if (server && renegotiation.type == RenegotiationType.SERVER_INITIATED && counter > data.length / 2 && renegoFuture == null) { SslHandler sslHandler = ctx.pipeline().get(SslHandler.class); @@ -323,6 +353,7 @@ public class SocketSslEchoTest extends AbstractSocketTest { Future hf = sslHandler.handshakeFuture(); assertThat(hf.isDone(), is(true)); + sslHandler.engine().setEnabledCipherSuites(new String[] { renegotiation.cipherSuite }); renegoFuture = sslHandler.renegotiate(); assertThat(renegoFuture, is(not(sameInstance(hf)))); assertThat(renegoFuture, is(sameInstance(sslHandler.handshakeFuture()))); diff --git a/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSocketSslEchoTest.java b/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSocketSslEchoTest.java index a9a1d15776..598af409a9 100644 --- a/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSocketSslEchoTest.java +++ b/transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSocketSslEchoTest.java @@ -25,9 +25,9 @@ import java.util.List; public class EpollSocketSslEchoTest extends SocketSslEchoTest { public EpollSocketSslEchoTest( - SslContext serverCtx, SslContext clientCtx, RenegotiationType renegotiationType, + SslContext serverCtx, SslContext clientCtx, Renegotiation renegotiation, boolean autoRead, boolean useChunkedWriteHandler, boolean useCompositeByteBuf) { - super(serverCtx, clientCtx, renegotiationType, autoRead, useChunkedWriteHandler, useCompositeByteBuf); + super(serverCtx, clientCtx, renegotiation, autoRead, useChunkedWriteHandler, useCompositeByteBuf); } @Override