You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2014/10/19 19:35:00 UTC
svn commit: r1632957 -
/httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/ssl/TestSSLContextBuilder.java
Author: olegk
Date: Sun Oct 19 17:35:00 2014
New Revision: 1632957
URL: http://svn.apache.org/r1632957
Log:
Only use TLS protocol by default when building SSLContext instances
Modified:
httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/ssl/TestSSLContextBuilder.java
Modified: httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/ssl/TestSSLContextBuilder.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/ssl/TestSSLContextBuilder.java?rev=1632957&r1=1632956&r2=1632957&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/ssl/TestSSLContextBuilder.java (original)
+++ httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/ssl/TestSSLContextBuilder.java Sun Oct 19 17:35:00 2014
@@ -38,7 +38,10 @@ import java.security.Principal;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.LinkedHashSet;
import java.util.Map;
+import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
@@ -507,4 +510,103 @@ public class TestSSLContextBuilder {
"L=Unknown,ST=Unknown,C=Unknown", clientPrincipal.getName());
}
+
+ @Test(expected = SSLHandshakeException.class)
+ public void testSSLHanskshakeProtocolMismatch1() throws Exception {
+ final URL resource1 = getClass().getResource("/test-server.keystore");
+ final String storePassword = "nopassword";
+ final String keyPassword = "nopassword";
+ final SSLContext serverSslContext = SSLContextBuilder.create()
+ .loadKeyMaterial(resource1, storePassword.toCharArray(), keyPassword.toCharArray())
+ .build();
+ Assert.assertNotNull(serverSslContext);
+ final URL resource2 = getClass().getResource("/test-client.keystore");
+ final SSLContext clientSslContext = SSLContextBuilder.create()
+ .loadTrustMaterial(resource2, storePassword.toCharArray())
+ .build();
+ Assert.assertNotNull(clientSslContext);
+ final SSLServerSocket serverSocket = (SSLServerSocket) serverSslContext.getServerSocketFactory().createServerSocket();
+ final Set<String> supportedServerProtocols = new LinkedHashSet<String>(Arrays.asList(serverSocket.getSupportedProtocols()));
+ Assert.assertTrue(supportedServerProtocols.contains("TLSv1"));
+ Assert.assertTrue(supportedServerProtocols.contains("TLSv1.1"));
+ Assert.assertTrue(supportedServerProtocols.contains("TLSv1.2"));
+ serverSocket.setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"});
+ serverSocket.bind(new InetSocketAddress(0));
+
+ this.executorService = Executors.newSingleThreadExecutor();
+ this.executorService.submit(new Callable<Boolean>() {
+ @Override
+ public Boolean call() throws Exception {
+ final SSLSocket socket = (SSLSocket) serverSocket.accept();
+ try {
+ socket.getSession();
+ } finally {
+ socket.close();
+ }
+ return Boolean.FALSE;
+ }
+ });
+
+ final int localPort = serverSocket.getLocalPort();
+ final SSLSocket clientSocket = (SSLSocket) clientSslContext.getSocketFactory().createSocket();
+ try {
+ final Set<String> supportedClientProtocols = new LinkedHashSet<String>(Arrays.asList(clientSocket.getSupportedProtocols()));
+ Assert.assertTrue(supportedClientProtocols.contains("SSLv3"));
+ clientSocket.setEnabledProtocols(new String[] {"SSLv3"} );
+ clientSocket.connect(new InetSocketAddress("localhost", localPort), 5000);
+ clientSocket.startHandshake();
+ } finally {
+ clientSocket.close();
+ }
+ }
+
+ @Test(expected = SSLHandshakeException.class)
+ public void testSSLHanskshakeProtocolMismatch2() throws Exception {
+ final URL resource1 = getClass().getResource("/test-server.keystore");
+ final String storePassword = "nopassword";
+ final String keyPassword = "nopassword";
+ final SSLContext serverSslContext = SSLContextBuilder.create()
+ .loadKeyMaterial(resource1, storePassword.toCharArray(), keyPassword.toCharArray())
+ .build();
+ Assert.assertNotNull(serverSslContext);
+ final URL resource2 = getClass().getResource("/test-client.keystore");
+ final SSLContext clientSslContext = SSLContextBuilder.create()
+ .loadTrustMaterial(resource2, storePassword.toCharArray())
+ .build();
+ Assert.assertNotNull(clientSslContext);
+ final SSLServerSocket serverSocket = (SSLServerSocket) serverSslContext.getServerSocketFactory().createServerSocket();
+ final Set<String> supportedServerProtocols = new LinkedHashSet<String>(Arrays.asList(serverSocket.getSupportedProtocols()));
+ Assert.assertTrue(supportedServerProtocols.contains("SSLv3"));
+ serverSocket.setEnabledProtocols(new String[] {"SSLv3"});
+ serverSocket.bind(new InetSocketAddress(0));
+
+ this.executorService = Executors.newSingleThreadExecutor();
+ this.executorService.submit(new Callable<Boolean>() {
+ @Override
+ public Boolean call() throws Exception {
+ final SSLSocket socket = (SSLSocket) serverSocket.accept();
+ try {
+ socket.getSession();
+ } finally {
+ socket.close();
+ }
+ return Boolean.FALSE;
+ }
+ });
+
+ final int localPort = serverSocket.getLocalPort();
+ final SSLSocket clientSocket = (SSLSocket) clientSslContext.getSocketFactory().createSocket();
+ try {
+ final Set<String> supportedClientProtocols = new LinkedHashSet<String>(Arrays.asList(clientSocket.getSupportedProtocols()));
+ Assert.assertTrue(supportedClientProtocols.contains("TLSv1"));
+ Assert.assertTrue(supportedClientProtocols.contains("TLSv1.1"));
+ Assert.assertTrue(supportedClientProtocols.contains("TLSv1.2"));
+ clientSocket.setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"});
+ clientSocket.connect(new InetSocketAddress("localhost", localPort), 5000);
+ clientSocket.startHandshake();
+ } finally {
+ clientSocket.close();
+ }
+ }
+
}