1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.jrt;
import static org.junit.Assert.assertEquals;
public class TlsDetectionTest {
static private String message(byte[] data) {
String msg = "isTls([";
String delimiter = "";
for (byte b: data) {
msg += delimiter + (b & 0xff);
delimiter = ", ";
}
msg += "])";
return msg;
}
static private void checkTls(boolean expect, int ... values) {
byte[] data = new byte[values.length];
for (int i = 0; i < data.length; i++) {
data[i] = (byte) values[i];
}
assertEquals(message(data), expect, MaybeTlsCryptoSocket.looksLikeTlsToMe(data));
}
@org.junit.Test public void testValidHandshake() {
checkTls(true, 22, 3, 1, 10, 255, 1, 0, 10, 251);
checkTls(true, 22, 3, 3, 10, 255, 1, 0, 10, 251);
}
@org.junit.Test public void testDataOfWrongSize() {
checkTls(false, 22, 3, 1, 10, 255, 1, 0, 10);
checkTls(false, 22, 3, 1, 10, 255, 1, 0, 10, 251, 0);
}
@org.junit.Test public void testDataNotTaggedAsHandshake() {
checkTls(false, 23, 3, 1, 10, 255, 1, 0, 10, 251);
}
@org.junit.Test public void testDataWithBadMajorVersion() {
checkTls(false, 22, 0, 1, 10, 255, 1, 0, 10, 251);
checkTls(false, 22, 1, 1, 10, 255, 1, 0, 10, 251);
checkTls(false, 22, 2, 1, 10, 255, 1, 0, 10, 251);
checkTls(false, 22, 4, 1, 10, 255, 1, 0, 10, 251);
checkTls(false, 22, 5, 1, 10, 255, 1, 0, 10, 251);
}
@org.junit.Test public void testDataWithBadMinorVersion() {
checkTls(false, 22, 3, 0, 10, 255, 1, 0, 10, 251);
checkTls(false, 22, 3, 2, 10, 255, 1, 0, 10, 251);
checkTls(false, 22, 3, 4, 10, 255, 1, 0, 10, 251);
checkTls(false, 22, 3, 5, 10, 255, 1, 0, 10, 251);
}
@org.junit.Test public void testDataNotTaggedAsClientHello() {
checkTls(false, 22, 3, 1, 10, 255, 0, 0, 10, 251);
checkTls(false, 22, 3, 1, 10, 255, 2, 0, 10, 251);
}
@org.junit.Test public void testFrameSizeLimits() {
checkTls(false, 22, 3, 1, 255, 255, 1, 0, 255, 251); // max
checkTls(false, 22, 3, 1, 72, 1, 1, 0, 71, 253); // 18k + 1
checkTls(true, 22, 3, 1, 72, 0, 1, 0, 71, 252); // 18k
checkTls(true, 22, 3, 1, 0, 4, 1, 0, 0, 0); // 4
checkTls(false, 22, 3, 1, 0, 3, 1, 0, 0, 0); // 3 - capped
checkTls(false, 22, 3, 1, 0, 3, 1, 255, 255, 255); // 3 - wrapped
}
@org.junit.Test public void testFrameAndClientHelloSizeRelationship() {
checkTls(true, 22, 3, 1, 10, 255, 1, 0, 10, 251);
checkTls(false, 22, 3, 1, 10, 255, 1, 1, 10, 251);
checkTls(false, 22, 3, 1, 10, 255, 1, 2, 10, 251);
checkTls(false, 22, 3, 1, 10, 5, 1, 0, 10, 0);
checkTls(true, 22, 3, 1, 10, 5, 1, 0, 10, 1);
checkTls(false, 22, 3, 1, 10, 5, 1, 0, 10, 2);
checkTls(false, 22, 3, 1, 10, 5, 1, 0, 9, 1);
checkTls(true, 22, 3, 1, 10, 5, 1, 0, 10, 1);
checkTls(false, 22, 3, 1, 10, 5, 1, 0, 11, 1);
checkTls(true, 22, 3, 1, 10, 5, 1, 0, 10, 1);
checkTls(true, 22, 3, 1, 10, 4, 1, 0, 10, 0);
checkTls(true, 22, 3, 1, 10, 3, 1, 0, 9, 255);
checkTls(true, 22, 3, 1, 10, 2, 1, 0, 9, 254);
checkTls(true, 22, 3, 1, 10, 1, 1, 0, 9, 253);
checkTls(true, 22, 3, 1, 10, 0, 1, 0, 9, 252);
}
}
|
