Test TLS renegotiation with explicit cipher suite change

Motivation:

So far, our TLS renegotiation test did not test changing cipher suite
during renegotiation explicitly.

Modifications:

- Switch the cipher suite during renegotiation

Result:

We are now sure the cipher suite change works.
This commit is contained in:
Trustin Lee 2014-12-12 17:43:23 +09:00
parent 61eddd5b74
commit d838b19b6f
2 changed files with 42 additions and 11 deletions

View File

@ -81,12 +81,33 @@ public class SocketSslEchoTest extends AbstractSocketTest {
KEY_FILE = ssc.privateKey(); KEY_FILE = ssc.privateKey();
} }
public enum RenegotiationType { protected enum RenegotiationType {
NONE, // no renegotiation NONE, // no renegotiation
CLIENT_INITIATED, // renegotiation from client CLIENT_INITIATED, // renegotiation from client
SERVER_INITIATED, // renegotiation from server SERVER_INITIATED, // renegotiation from server
} }
protected static class Renegotiation {
static final Renegotiation NONE = new Renegotiation(RenegotiationType.NONE, null);
final RenegotiationType type;
final String cipherSuite;
Renegotiation(RenegotiationType type, String cipherSuite) {
this.type = type;
this.cipherSuite = cipherSuite;
}
@Override
public String toString() {
if (type == RenegotiationType.NONE) {
return "NONE";
}
return type + "(" + cipherSuite + ')';
}
}
@Parameters(name = @Parameters(name =
"{index}: serverEngine = {0}, clientEngine = {1}, " + "{index}: serverEngine = {0}, clientEngine = {1}, " +
"renegotiation = {2}, autoRead = {3}, useChunkedWriteHandler = {4}, useCompositeByteBuf = {5}") "renegotiation = {2}, autoRead = {3}, useChunkedWriteHandler = {4}, useCompositeByteBuf = {5}")
@ -117,8 +138,15 @@ public class SocketSslEchoTest extends AbstractSocketTest {
continue; continue;
} }
Renegotiation r;
if (rt == RenegotiationType.NONE) {
r = Renegotiation.NONE;
} else {
r = new Renegotiation(rt, "SSL_RSA_WITH_RC4_128_SHA");
}
for (int i = 0; i < 8; i++) { for (int i = 0; i < 8; i++) {
params.add(new Object[] { sc, cc, rt, (i & 4) != 0, (i & 2) != 0, (i & 1) != 0 }); params.add(new Object[] { sc, cc, r, (i & 4) != 0, (i & 2) != 0, (i & 1) != 0 });
} }
} }
} }
@ -129,17 +157,17 @@ public class SocketSslEchoTest extends AbstractSocketTest {
private final SslContext serverCtx; private final SslContext serverCtx;
private final SslContext clientCtx; private final SslContext clientCtx;
private final RenegotiationType renegotiationType; private final Renegotiation renegotiation;
private final boolean autoRead; private final boolean autoRead;
private final boolean useChunkedWriteHandler; private final boolean useChunkedWriteHandler;
private final boolean useCompositeByteBuf; private final boolean useCompositeByteBuf;
public SocketSslEchoTest( public SocketSslEchoTest(
SslContext serverCtx, SslContext clientCtx, RenegotiationType renegotiationType, SslContext serverCtx, SslContext clientCtx, Renegotiation renegotiation,
boolean autoRead, boolean useChunkedWriteHandler, boolean useCompositeByteBuf) { boolean autoRead, boolean useChunkedWriteHandler, boolean useCompositeByteBuf) {
this.serverCtx = serverCtx; this.serverCtx = serverCtx;
this.clientCtx = clientCtx; this.clientCtx = clientCtx;
this.renegotiationType = renegotiationType; this.renegotiation = renegotiation;
this.autoRead = autoRead; this.autoRead = autoRead;
this.useChunkedWriteHandler = useChunkedWriteHandler; this.useChunkedWriteHandler = useChunkedWriteHandler;
this.useCompositeByteBuf = useCompositeByteBuf; this.useCompositeByteBuf = useCompositeByteBuf;
@ -186,7 +214,7 @@ public class SocketSslEchoTest extends AbstractSocketTest {
assertFalse(firstByteWriteFutureDone.get()); assertFalse(firstByteWriteFutureDone.get());
boolean needsRenegotiation = renegotiationType == RenegotiationType.CLIENT_INITIATED; boolean needsRenegotiation = renegotiation.type == RenegotiationType.CLIENT_INITIATED;
Future<Channel> renegoFuture = null; Future<Channel> renegoFuture = null;
for (int i = FIRST_MESSAGE_SIZE; i < data.length;) { for (int i = FIRST_MESSAGE_SIZE; i < data.length;) {
int length = Math.min(random.nextInt(1024 * 64), data.length - i); int length = Math.min(random.nextInt(1024 * 64), data.length - i);
@ -200,7 +228,9 @@ public class SocketSslEchoTest extends AbstractSocketTest {
if (needsRenegotiation && i >= data.length / 2) { if (needsRenegotiation && i >= data.length / 2) {
needsRenegotiation = false; needsRenegotiation = false;
renegoFuture = cc.pipeline().get(SslHandler.class).renegotiate(); SslHandler sslHandler = cc.pipeline().get(SslHandler.class);
sslHandler.engine().setEnabledCipherSuites(new String[] { renegotiation.cipherSuite });
renegoFuture = sslHandler.renegotiate();
assertThat(renegoFuture, is(not(sameInstance(hf)))); assertThat(renegoFuture, is(not(sameInstance(hf))));
} }
} }
@ -263,7 +293,7 @@ public class SocketSslEchoTest extends AbstractSocketTest {
// When renegotiation is done, both the client and server side should be notified. // When renegotiation is done, both the client and server side should be notified.
try { try {
if (renegotiationType != RenegotiationType.NONE) { if (renegotiation.type != RenegotiationType.NONE) {
assertThat(sh.negoCounter, is(2)); assertThat(sh.negoCounter, is(2));
assertThat(ch.negoCounter, is(2)); assertThat(ch.negoCounter, is(2));
} else { } else {
@ -315,7 +345,7 @@ public class SocketSslEchoTest extends AbstractSocketTest {
counter += actual.length; counter += actual.length;
// Perform server-initiated renegotiation if necessary. // Perform server-initiated renegotiation if necessary.
if (server && renegotiationType == RenegotiationType.SERVER_INITIATED && if (server && renegotiation.type == RenegotiationType.SERVER_INITIATED &&
counter > data.length / 2 && renegoFuture == null) { counter > data.length / 2 && renegoFuture == null) {
SslHandler sslHandler = ctx.pipeline().get(SslHandler.class); SslHandler sslHandler = ctx.pipeline().get(SslHandler.class);
@ -323,6 +353,7 @@ public class SocketSslEchoTest extends AbstractSocketTest {
Future<Channel> hf = sslHandler.handshakeFuture(); Future<Channel> hf = sslHandler.handshakeFuture();
assertThat(hf.isDone(), is(true)); assertThat(hf.isDone(), is(true));
sslHandler.engine().setEnabledCipherSuites(new String[] { renegotiation.cipherSuite });
renegoFuture = sslHandler.renegotiate(); renegoFuture = sslHandler.renegotiate();
assertThat(renegoFuture, is(not(sameInstance(hf)))); assertThat(renegoFuture, is(not(sameInstance(hf))));
assertThat(renegoFuture, is(sameInstance(sslHandler.handshakeFuture()))); assertThat(renegoFuture, is(sameInstance(sslHandler.handshakeFuture())));

View File

@ -25,9 +25,9 @@ import java.util.List;
public class EpollSocketSslEchoTest extends SocketSslEchoTest { public class EpollSocketSslEchoTest extends SocketSslEchoTest {
public EpollSocketSslEchoTest( public EpollSocketSslEchoTest(
SslContext serverCtx, SslContext clientCtx, RenegotiationType renegotiationType, SslContext serverCtx, SslContext clientCtx, Renegotiation renegotiation,
boolean autoRead, boolean useChunkedWriteHandler, boolean useCompositeByteBuf) { boolean autoRead, boolean useChunkedWriteHandler, boolean useCompositeByteBuf) {
super(serverCtx, clientCtx, renegotiationType, autoRead, useChunkedWriteHandler, useCompositeByteBuf); super(serverCtx, clientCtx, renegotiation, autoRead, useChunkedWriteHandler, useCompositeByteBuf);
} }
@Override @Override