diff options
author | Håvard Pettersen <havardpe@oath.com> | 2018-09-25 11:29:20 +0000 |
---|---|---|
committer | Håvard Pettersen <havardpe@oath.com> | 2018-09-25 12:15:04 +0000 |
commit | eaf61679b8989895eb183332f92b430fab9d3dfd (patch) | |
tree | f332cd545c70635c148b260c17b523aa104a67ce /jrt/tests/com/yahoo/jrt/TlsDetectionTest.java | |
parent | 1f6c71298d0f7655d266627ca49f554019e5bd13 (diff) |
added support for auto-detecting tls for incoming connections
Diffstat (limited to 'jrt/tests/com/yahoo/jrt/TlsDetectionTest.java')
-rw-r--r-- | jrt/tests/com/yahoo/jrt/TlsDetectionTest.java | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/jrt/tests/com/yahoo/jrt/TlsDetectionTest.java b/jrt/tests/com/yahoo/jrt/TlsDetectionTest.java new file mode 100644 index 00000000000..9bd37e25772 --- /dev/null +++ b/jrt/tests/com/yahoo/jrt/TlsDetectionTest.java @@ -0,0 +1,95 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jrt; + +public class TlsDetectionTest { + + static private String message(byte[] data, boolean actual) { + String msg = "["; + String delimiter = ""; + for (byte b: data) { + msg += delimiter + (b & 0xff); + delimiter = ", "; + } + if (actual) { + msg += "] wrongfully detected as tls"; + } else { + msg += "] wrongfully rejected as not tls"; + } + return msg; + } + + static private void checkTls(boolean expect, int ... values) { + byte[] data = new byte[values.length]; + for (int i = 0; i < data.length; i++) { + data[i] = (byte) values[i]; + } + boolean actual = MaybeTlsCryptoSocket.looksLikeTlsToMe(data); + if(actual != expect) { + throw new AssertionError(message(data, actual)); + } + } + + @org.junit.Test public void testValidHandshake() { + checkTls(true, 22, 3, 1, 10, 255, 1, 0, 10, 251); + checkTls(true, 22, 3, 3, 10, 255, 1, 0, 10, 251); + } + + @org.junit.Test public void testDataOfWrongSize() { + checkTls(false, 22, 3, 1, 10, 255, 1, 0, 10); + checkTls(false, 22, 3, 1, 10, 255, 1, 0, 10, 251, 0); + } + + @org.junit.Test public void testDataNotTaggedAsHandshake() { + checkTls(false, 23, 3, 1, 10, 255, 1, 0, 10, 251); + } + + @org.junit.Test public void testDataWithBadMajorVersion() { + checkTls(false, 22, 0, 1, 10, 255, 1, 0, 10, 251); + checkTls(false, 22, 1, 1, 10, 255, 1, 0, 10, 251); + checkTls(false, 22, 2, 1, 10, 255, 1, 0, 10, 251); + checkTls(false, 22, 4, 1, 10, 255, 1, 0, 10, 251); + checkTls(false, 22, 5, 1, 10, 255, 1, 0, 10, 251); + } + + @org.junit.Test public void testDataWithBadMinorVersion() { + checkTls(false, 22, 3, 0, 10, 255, 1, 0, 10, 251); + checkTls(false, 22, 3, 2, 10, 255, 1, 0, 10, 251); + checkTls(false, 22, 3, 4, 10, 255, 1, 0, 10, 251); + checkTls(false, 22, 3, 5, 10, 255, 1, 0, 10, 251); + } + + @org.junit.Test public void testDataNotTaggedAsClientHello() { + checkTls(false, 22, 3, 1, 10, 255, 0, 0, 10, 251); + checkTls(false, 22, 3, 1, 10, 255, 2, 0, 10, 251); + } + + @org.junit.Test public void testFrameSizeLimits() { + checkTls(false, 22, 3, 1, 255, 255, 1, 0, 255, 251); // max + checkTls(false, 22, 3, 1, 72, 1, 1, 0, 71, 253); // 18k + 1 + checkTls(true, 22, 3, 1, 72, 0, 1, 0, 71, 252); // 18k + checkTls(true, 22, 3, 1, 0, 4, 1, 0, 0, 0); // 4 + checkTls(false, 22, 3, 1, 0, 3, 1, 0, 0, 0); // 3 - capped + checkTls(false, 22, 3, 1, 0, 3, 1, 255, 255, 255); // 3 - wrapped + } + + @org.junit.Test public void testFrameAndClientHelloSizeRelationship() { + checkTls(true, 22, 3, 1, 10, 255, 1, 0, 10, 251); + checkTls(false, 22, 3, 1, 10, 255, 1, 1, 10, 251); + checkTls(false, 22, 3, 1, 10, 255, 1, 2, 10, 251); + + checkTls(false, 22, 3, 1, 10, 5, 1, 0, 10, 0); + checkTls(true, 22, 3, 1, 10, 5, 1, 0, 10, 1); + checkTls(false, 22, 3, 1, 10, 5, 1, 0, 10, 2); + + checkTls(false, 22, 3, 1, 10, 5, 1, 0, 9, 1); + checkTls(true, 22, 3, 1, 10, 5, 1, 0, 10, 1); + checkTls(false, 22, 3, 1, 10, 5, 1, 0, 11, 1); + + checkTls(true, 22, 3, 1, 10, 5, 1, 0, 10, 1); + checkTls(true, 22, 3, 1, 10, 4, 1, 0, 10, 0); + checkTls(true, 22, 3, 1, 10, 3, 1, 0, 9, 255); + checkTls(true, 22, 3, 1, 10, 2, 1, 0, 9, 254); + checkTls(true, 22, 3, 1, 10, 1, 1, 0, 9, 253); + checkTls(true, 22, 3, 1, 10, 0, 1, 0, 9, 252); + } +} |