1ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom/* 2ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * Copyright (C) 2010 The Android Open Source Project 3ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * 4ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * Licensed under the Apache License, Version 2.0 (the "License"); 5ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * you may not use this file except in compliance with the License. 6ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * You may obtain a copy of the License at 7ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * 8ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * http://www.apache.org/licenses/LICENSE-2.0 9ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * 10ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * Unless required by applicable law or agreed to in writing, software 11ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * distributed under the License is distributed on an "AS IS" BASIS, 12ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * See the License for the specific language governing permissions and 14ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom * limitations under the License. 15ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom */ 16ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 17ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrompackage org.apache.harmony.xnet.provider.jsse; 18ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 19df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstromimport java.io.FileDescriptor; 20df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstromimport java.io.IOException; 21ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.net.ServerSocket; 22ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.net.Socket; 23ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.net.SocketTimeoutException; 24c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Rootimport java.security.KeyPair; 25c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Rootimport java.security.KeyPairGenerator; 26ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.security.KeyStore; 2725977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilsonimport java.security.KeyStore.PrivateKeyEntry; 28ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.security.cert.CertificateException; 29ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.security.cert.X509Certificate; 30c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Rootimport java.security.interfaces.RSAPrivateCrtKey; 31c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Rootimport java.security.interfaces.RSAPrivateKey; 32ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.util.ArrayList; 33ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.util.Arrays; 34ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.util.List; 35ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.util.concurrent.Callable; 36ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.util.concurrent.ExecutionException; 37ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.util.concurrent.ExecutorService; 38ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.util.concurrent.Executors; 39ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport java.util.concurrent.Future; 40df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstromimport java.util.concurrent.TimeUnit; 41ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport javax.net.ssl.SSLException; 42ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport javax.net.ssl.SSLProtocolException; 43ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport javax.security.auth.x500.X500Principal; 44ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport junit.framework.TestCase; 4551de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstromimport libcore.io.IoUtils; 461b3c5388d0fffde4392007eb1b0be011a5dfae82Brian Carlstromimport libcore.java.security.StandardNames; 471b3c5388d0fffde4392007eb1b0be011a5dfae82Brian Carlstromimport libcore.java.security.TestKeyStore; 48ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstromimport org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSLHandshakeCallbacks; 49679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilsonimport static org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_MODE_HANDSHAKE_CUTTHROUGH; 50ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 51ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrompublic class NativeCryptoTest extends TestCase { 52ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 53ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom private static final int NULL = 0; 54df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom private static final FileDescriptor INVALID_FD = new FileDescriptor(); 5551de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom private static final SSLHandshakeCallbacks DUMMY_CB 5651de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom = new TestSSLHandshakeCallbacks(null, 0, null); 57df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom 58df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom private static final long TIMEOUT_SECONDS = 5; 59ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 60003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom private static byte[] SERVER_PRIVATE_KEY; 61003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom private static byte[][] SERVER_CERTIFICATES; 62003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom private static byte[] CLIENT_PRIVATE_KEY; 63003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom private static byte[][] CLIENT_CERTIFICATES; 64003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom private static byte[][] CA_PRINCIPALS; 65003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom 66003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom private static byte[] getServerPrivateKey() { 67003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom initCerts(); 68003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom return SERVER_PRIVATE_KEY; 69003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom } 70003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom 71003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom private static byte[][] getServerCertificates() { 72003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom initCerts(); 73003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom return SERVER_CERTIFICATES; 74003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom } 75003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom 76003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom private static byte[] getClientPrivateKey() { 77003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom initCerts(); 78003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom return CLIENT_PRIVATE_KEY; 79003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom } 80003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom 81003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom private static byte[][] getClientCertificates() { 82003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom initCerts(); 83003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom return CLIENT_CERTIFICATES; 84003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom } 85003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom 86003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom private static byte[][] getCaPrincipals() { 87003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom initCerts(); 88003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom return CA_PRINCIPALS; 89003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom } 90003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom 91003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom /** 92003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom * Lazily create shared test certificates. 93003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom */ 94003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom private static synchronized void initCerts() { 95003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom if (SERVER_PRIVATE_KEY != null) { 96003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom return; 97003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom } 98003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom 99003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom try { 100003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom PrivateKeyEntry serverPrivateKeyEntry 101003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom = TestKeyStore.getServer().getPrivateKey("RSA", "RSA"); 102003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom SERVER_PRIVATE_KEY = serverPrivateKeyEntry.getPrivateKey().getEncoded(); 103003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom SERVER_CERTIFICATES = NativeCrypto.encodeCertificates( 104003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom serverPrivateKeyEntry.getCertificateChain()); 105003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom 106003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom PrivateKeyEntry clientPrivateKeyEntry 107003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom = TestKeyStore.getClientCertificate().getPrivateKey("RSA", "RSA"); 108003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom CLIENT_PRIVATE_KEY = clientPrivateKeyEntry.getPrivateKey().getEncoded(); 109003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom CLIENT_CERTIFICATES = NativeCrypto.encodeCertificates( 110003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom clientPrivateKeyEntry.getCertificateChain()); 111003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom 112003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom KeyStore ks = TestKeyStore.getClient().keyStore; 113003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom String caCertAlias = ks.aliases().nextElement(); 114003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom X509Certificate certificate = (X509Certificate) ks.getCertificate(caCertAlias); 115003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom X500Principal principal = certificate.getIssuerX500Principal(); 116003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom CA_PRINCIPALS = new byte[][] { principal.getEncoded() }; 117003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom } catch (Exception e) { 118003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom throw new RuntimeException(e); 119003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom } 120003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom } 121003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom 122ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public static void assertEqualSessions(int expected, int actual) { 123ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEqualByteArrays(NativeCrypto.SSL_SESSION_session_id(expected), 124ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_SESSION_session_id(actual)); 125ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 126ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public static void assertEqualByteArrays(byte[] expected, byte[] actual) { 127ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals(Arrays.toString(expected), Arrays.toString(actual)); 128ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 129ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 130ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public static void assertEqualPrincipals(byte[][] expected, byte[][] actual) { 131ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEqualByteArrays(expected, actual); 132ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 133ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public static void assertEqualCertificateChains(byte[][] expected, byte[][] actual) { 134ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEqualByteArrays(expected, actual); 135ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 136ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public static void assertEqualByteArrays(byte[][] expected, byte[][] actual) { 137ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals(Arrays.deepToString(expected), Arrays.deepToString(actual)); 138ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 139ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 140c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root public void test_EVP_PKEY_cmp() throws Exception { 141c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root try { 142c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root NativeCrypto.EVP_PKEY_cmp(NULL, NULL); 143c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root fail("Should throw NullPointerException when arguments are NULL"); 144c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root } catch (NullPointerException expected) { 145c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root } 146c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root 147c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); 148c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root kpg.initialize(512); 149c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root 15051de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom KeyPair kp1 = kpg.generateKeyPair(); 15151de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom RSAPrivateCrtKey privKey1 = (RSAPrivateCrtKey) kp1.getPrivate(); 152c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root 15351de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom KeyPair kp2 = kpg.generateKeyPair(); 15451de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom RSAPrivateCrtKey privKey2 = (RSAPrivateCrtKey) kp2.getPrivate(); 155c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root 156c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root int pkey1 = 0, pkey1_copy = 0, pkey2 = 0; 157c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root try { 158c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root pkey1 = NativeCrypto.EVP_PKEY_new_RSA(privKey1.getModulus().toByteArray(), 159c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getPublicExponent().toByteArray(), 160c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getPrivateExponent().toByteArray(), 161c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getPrimeP().toByteArray(), 162c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getPrimeQ().toByteArray(), 163c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getPrimeExponentP().toByteArray(), 164c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getPrimeExponentQ().toByteArray(), 165c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getCrtCoefficient().toByteArray()); 166c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root assertNotSame(NULL, pkey1); 167c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root 168c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root pkey1_copy = NativeCrypto.EVP_PKEY_new_RSA(privKey1.getModulus().toByteArray(), 169c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getPublicExponent().toByteArray(), 170c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getPrivateExponent().toByteArray(), 171c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getPrimeP().toByteArray(), 172c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getPrimeQ().toByteArray(), 173c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getPrimeExponentP().toByteArray(), 174c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getPrimeExponentQ().toByteArray(), 175c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey1.getCrtCoefficient().toByteArray()); 176c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root assertNotSame(NULL, pkey1_copy); 177c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root 178c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root pkey2 = NativeCrypto.EVP_PKEY_new_RSA(privKey2.getModulus().toByteArray(), 179c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey2.getPublicExponent().toByteArray(), 180c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey2.getPrivateExponent().toByteArray(), 181c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey2.getPrimeP().toByteArray(), 182c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey2.getPrimeQ().toByteArray(), 183c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey2.getPrimeExponentP().toByteArray(), 184c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey2.getPrimeExponentQ().toByteArray(), 185c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root privKey2.getCrtCoefficient().toByteArray()); 186c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root assertNotSame(NULL, pkey2); 187c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root 188c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root try { 189c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root NativeCrypto.EVP_PKEY_cmp(pkey1, NULL); 190c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root fail("Should throw NullPointerException when arguments are NULL"); 191c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root } catch (NullPointerException expected) { 192c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root } 193c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root 194c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root try { 195c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root NativeCrypto.EVP_PKEY_cmp(NULL, pkey1); 196c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root fail("Should throw NullPointerException when arguments are NULL"); 197c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root } catch (NullPointerException expected) { 198c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root } 199c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root 200c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root assertEquals("Same keys should be the equal", 1, 201c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root NativeCrypto.EVP_PKEY_cmp(pkey1, pkey1)); 202c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root 203c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root assertEquals("Same keys should be the equal", 1, 204c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root NativeCrypto.EVP_PKEY_cmp(pkey1, pkey1_copy)); 205c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root 206c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root assertEquals("Different keys should not be equal", 0, 207c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root NativeCrypto.EVP_PKEY_cmp(pkey1, pkey2)); 208c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root } finally { 209c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root if (pkey1 != 0) { 210c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root NativeCrypto.EVP_PKEY_free(pkey1); 211c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root } 212c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root if (pkey1_copy != 0) { 213c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root NativeCrypto.EVP_PKEY_free(pkey1_copy); 214c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root } 215c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root if (pkey2 != 0) { 216c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root NativeCrypto.EVP_PKEY_free(pkey2); 217c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root } 218c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root } 219c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root } 220c44b3f5d857d0d3f4d3668de905cdac5080ede3bKenny Root 221ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_CTX_new() throws Exception { 222ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 223ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(c != NULL); 224ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c2 = NativeCrypto.SSL_CTX_new(); 225ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(c != c2); 226ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 227ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c2); 228ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 229ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 230ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_CTX_free() throws Exception { 231ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 232ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(NULL); 233ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 234ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 235ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 236ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 237ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(NativeCrypto.SSL_CTX_new()); 238ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 239ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 240ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom public void test_SSL_CTX_set_session_id_context() throws Exception { 241ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom byte[] empty = new byte[0]; 242ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom try { 243ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom NativeCrypto.SSL_CTX_set_session_id_context(NULL, empty); 244ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom fail(); 245ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom } catch (NullPointerException expected) { 246ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom } 247ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 248ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom try { 249ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom NativeCrypto.SSL_CTX_set_session_id_context(c, null); 250ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom fail(); 251ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom } catch (NullPointerException expected) { 252ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom } 253ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom NativeCrypto.SSL_CTX_set_session_id_context(c, empty); 254ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom NativeCrypto.SSL_CTX_set_session_id_context(c, new byte[32]); 255ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom try { 256ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom NativeCrypto.SSL_CTX_set_session_id_context(c, new byte[33]); 257ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom } catch (IllegalArgumentException expected) { 258ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom } 259ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom NativeCrypto.SSL_CTX_free(c); 260ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom } 261ebe87d125b8cc83238914f84f5f7aa799c0d83bdBrian Carlstrom 262ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_new() throws Exception { 263ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 264ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 265ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 266ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(s != NULL); 267ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue((NativeCrypto.SSL_get_options(s) & 0x01000000L) != 0); // SSL_OP_NO_SSLv2 268ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue((NativeCrypto.SSL_get_options(s) & NativeCrypto.SSL_OP_NO_SSLv3) == 0); 269ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue((NativeCrypto.SSL_get_options(s) & NativeCrypto.SSL_OP_NO_TLSv1) == 0); 2703e6dd45baa0d7f9b4fa06f4ade76e088b59cc7bfBrian Carlstrom assertTrue((NativeCrypto.SSL_get_options(s) & NativeCrypto.SSL_OP_NO_TLSv1_1) == 0); 2713e6dd45baa0d7f9b4fa06f4ade76e088b59cc7bfBrian Carlstrom assertTrue((NativeCrypto.SSL_get_options(s) & NativeCrypto.SSL_OP_NO_TLSv1_2) == 0); 272ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 273ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s2 = NativeCrypto.SSL_new(c); 274ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(s != s2); 275ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s2); 276ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 277ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 278ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 279ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 280ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 281ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_use_certificate() throws Exception { 282ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 283ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_use_certificate(NULL, null); 284ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 285ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 286ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 287ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 288ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 289ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 290ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 291ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 292ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_use_certificate(s, null); 293ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 294ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 295ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 296ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 297003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom NativeCrypto.SSL_use_certificate(s, getServerCertificates()); 298ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 299ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 300ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 301ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 302ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 303ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_use_PrivateKey() throws Exception { 304ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 305ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_use_PrivateKey(NULL, null); 306ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 307ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 308ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 309ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 310ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 311ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 312ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 313ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 314ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_use_PrivateKey(s, null); 315ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 316ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 317ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 318ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 319003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom NativeCrypto.SSL_use_PrivateKey(s, getServerPrivateKey()); 320ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 321ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 322ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 323ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 324ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 325ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_check_private_key_null() throws Exception { 326ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 327ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_check_private_key(NULL); 328ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 329ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 330ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 331ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 332ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 333ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_check_private_key_no_key_no_cert() throws Exception { 334ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 335ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 336ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 337ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // neither private or certificate set 338ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 339ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_check_private_key(s); 340ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 341ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (SSLException expected) { 342ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 343ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 344ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 345ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 346ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 347ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 348ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_check_private_key_cert_then_key() throws Exception { 349ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 350ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 351ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 352ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // first certificate, then private 353003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom NativeCrypto.SSL_use_certificate(s, getServerCertificates()); 354ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 355ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 356ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_check_private_key(s); 357ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 358ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (SSLException expected) { 359ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 360ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 361003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom NativeCrypto.SSL_use_PrivateKey(s, getServerPrivateKey()); 362ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_check_private_key(s); 363ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 364ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 365ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 366ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 367ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_check_private_key_key_then_cert() throws Exception { 368ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 369ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 370ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 371ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // first private, then certificate 372003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom NativeCrypto.SSL_use_PrivateKey(s, getServerPrivateKey()); 373ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 374ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 375ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_check_private_key(s); 376ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 377ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (SSLException expected) { 378ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 379ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 380003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom NativeCrypto.SSL_use_certificate(s, getServerCertificates()); 381ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_check_private_key(s); 382ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 383ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 384ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 385ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 386ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 387ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_get_mode() throws Exception { 388ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 389ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_get_mode(NULL); 390ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 391ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 392ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 393ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 394ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 395ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 396ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(NativeCrypto.SSL_get_mode(s) != 0); 397ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 398ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 399ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 400ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 401679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson public void test_SSL_set_mode_and_clear_mode() throws Exception { 402ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 403ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_mode(NULL, 0); 404ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 405ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 406ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 407ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 408ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 409ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 410679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson // check SSL_MODE_HANDSHAKE_CUTTHROUGH off by default 411679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson assertEquals(0, NativeCrypto.SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH); 412ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // set SSL_MODE_HANDSHAKE_CUTTHROUGH on 413679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson NativeCrypto.SSL_set_mode(s, SSL_MODE_HANDSHAKE_CUTTHROUGH); 414ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue((NativeCrypto.SSL_get_mode(s) 415679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson & SSL_MODE_HANDSHAKE_CUTTHROUGH) != 0); 416ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // clear SSL_MODE_HANDSHAKE_CUTTHROUGH off 417679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson NativeCrypto.SSL_clear_mode(s, SSL_MODE_HANDSHAKE_CUTTHROUGH); 418ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue((NativeCrypto.SSL_get_mode(s) 419679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson & SSL_MODE_HANDSHAKE_CUTTHROUGH) == 0); 420679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson 421ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 422ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 423ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 424ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 425ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_get_options() throws Exception { 426ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 427ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_get_options(NULL); 428ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 429ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 430ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 431ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 432ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 433ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 434ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(NativeCrypto.SSL_get_options(s) != 0); 435ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 436ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 437ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 438ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 439ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_set_options() throws Exception { 440ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 441ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_options(NULL, 0); 442ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 443ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 444ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 445ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 446ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 447ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 448ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue((NativeCrypto.SSL_get_options(s) & NativeCrypto.SSL_OP_NO_SSLv3) == 0); 449ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_options(s, NativeCrypto.SSL_OP_NO_SSLv3); 450ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue((NativeCrypto.SSL_get_options(s) & NativeCrypto.SSL_OP_NO_SSLv3) != 0); 451ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 452ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 453ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 454ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 455ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_clear_options() throws Exception { 456ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 457ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_clear_options(NULL, 0); 458ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 459ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 460ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 461ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 462ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 463ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 464ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue((NativeCrypto.SSL_get_options(s) & NativeCrypto.SSL_OP_NO_SSLv3) == 0); 465ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_options(s, NativeCrypto.SSL_OP_NO_SSLv3); 466ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue((NativeCrypto.SSL_get_options(s) & NativeCrypto.SSL_OP_NO_SSLv3) != 0); 467ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_clear_options(s, NativeCrypto.SSL_OP_NO_SSLv3); 468ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue((NativeCrypto.SSL_get_options(s) & NativeCrypto.SSL_OP_NO_SSLv3) == 0); 469ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 470ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 471ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 472ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 473ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_set_cipher_lists() throws Exception { 474ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 475ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_cipher_lists(NULL, null); 476ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 477ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 478ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 479ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 480ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 481ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 482ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 483ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 484ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_cipher_lists(s, null); 485ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 486ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 487ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 488ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 489ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_cipher_lists(s, new String[] {}); 490ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 491ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 492ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_cipher_lists(s, new String[] { null }); 4934559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom fail(); 494ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 495ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 496ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 497ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // see OpenSSL ciphers man page 498ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom String[] illegals = new String[] { 499ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // empty 500ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom "", 501ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // never standardized 502ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom "EXP1024-DES-CBC-SHA", "EXP1024-RC4-SHA", "DHE-DSS-RC4-SHA", 503ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // IDEA 504ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom "IDEA-CBC-SHA", "IDEA-CBC-MD5" 505ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom }; 506ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 507ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom for (String illegal : illegals) { 508ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 5094559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_set_cipher_lists(s, new String[] { illegal }); 5104559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom fail(illegal); 511ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (IllegalArgumentException expected) { 512ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 513ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 514ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 5154559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom List<String> ciphers 5164559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom = new ArrayList<String>(NativeCrypto.OPENSSL_TO_STANDARD_CIPHER_SUITES.keySet()); 517ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_cipher_lists(s, ciphers.toArray(new String[ciphers.size()])); 518ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 519ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 520ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 521ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 522ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 523ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_set_verify() throws Exception { 524ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 525ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_verify(NULL, 0); 526ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 527ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 528ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 529ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 530ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 531ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 532ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_verify(s, NativeCrypto.SSL_VERIFY_NONE); 533ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_verify(s, NativeCrypto.SSL_VERIFY_PEER); 534ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_verify(s, NativeCrypto.SSL_VERIFY_FAIL_IF_NO_PEER_CERT); 535ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_verify(s, (NativeCrypto.SSL_VERIFY_PEER 536ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom | NativeCrypto.SSL_VERIFY_FAIL_IF_NO_PEER_CERT)); 537ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 538ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 539ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 540ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 541ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom private static final boolean DEBUG = false; 542ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 543ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public static class Hooks { 544ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public int getContext() throws SSLException { 545ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom return NativeCrypto.SSL_CTX_new(); 546ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 547ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public int beforeHandshake(int context) throws SSLException { 548ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(context); 549ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // without this SSL_set_cipher_lists call the tests were 550ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // negotiating DHE-RSA-AES256-SHA by default which had 551ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // very slow ephemeral RSA key generation 552ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_cipher_lists(s, new String[] { "RC4-MD5" }); 553ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom return s; 554ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 555ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void clientCertificateRequested(int s) {} 556df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int ssl, int context, 557df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket socket, FileDescriptor fd, 558df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 5594559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 560ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom if (session != NULL) { 561ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_SESSION_free(session); 562ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 563ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom if (ssl != NULL) { 564df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom try { 565df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_shutdown(ssl, fd, callback); 566df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom } catch (IOException e) { 567df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom } 568ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(ssl); 569ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 570ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom if (context != NULL) { 571ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(context); 572ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 573ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom if (socket != null) { 574ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom socket.close(); 575ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 576ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 577ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 578ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 579ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public static class TestSSLHandshakeCallbacks implements SSLHandshakeCallbacks { 58051de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom private final Socket socket; 581ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom private final int sslNativePointer; 582ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom private final Hooks hooks; 583ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 58451de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom public TestSSLHandshakeCallbacks(Socket socket, 58551de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom int sslNativePointer, 586ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom Hooks hooks) { 58751de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom this.socket = socket; 588ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom this.sslNativePointer = sslNativePointer; 589ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom this.hooks = hooks; 590ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 591ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 592ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public byte[][] asn1DerEncodedCertificateChain; 593ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public String authMethod; 594ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public boolean verifyCertificateChainCalled; 595ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 596ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void verifyCertificateChain(byte[][] asn1DerEncodedCertificateChain, 597ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom String authMethod) 598ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom throws CertificateException { 599ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom if (DEBUG) { 600ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom System.out.println("ssl=0x" + Integer.toString(sslNativePointer, 16) 601ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + " verifyCertificateChain" 602ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + " asn1DerEncodedCertificateChain=" 603ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + asn1DerEncodedCertificateChain 604ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + " authMethod=" + authMethod); 605ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 606ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom this.asn1DerEncodedCertificateChain = asn1DerEncodedCertificateChain; 607ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom this.authMethod = authMethod; 608ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom this.verifyCertificateChainCalled = true; 609ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 610ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 611ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public byte[] keyTypes; 612ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public byte[][] asn1DerEncodedX500Principals; 613ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public boolean clientCertificateRequestedCalled; 614ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void clientCertificateRequested(byte[] keyTypes, 615ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom byte[][] asn1DerEncodedX500Principals) { 616ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom if (DEBUG) { 617ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom System.out.println("ssl=0x" + Integer.toString(sslNativePointer, 16) 618ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + " clientCertificateRequested" 619ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + " keyTypes=" + keyTypes 620ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + " asn1DerEncodedX500Principals=" 621ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + asn1DerEncodedX500Principals); 622ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 623ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom this.keyTypes = keyTypes; 624ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom this.asn1DerEncodedX500Principals = asn1DerEncodedX500Principals; 625ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom this.clientCertificateRequestedCalled = true; 626ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom if (hooks != null ) { 627ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom hooks.clientCertificateRequested(sslNativePointer); 628ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 629ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 630ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 631ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public boolean handshakeCompletedCalled; 632ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void handshakeCompleted() { 633ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom if (DEBUG) { 634ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom System.out.println("ssl=0x" + Integer.toString(sslNativePointer, 16) 635ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + " handshakeCompleted"); 636ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 637ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom this.handshakeCompletedCalled = true; 638ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 63951de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom 64051de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom public Socket getSocket() { 64151de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom return socket; 64251de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom } 643ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 644ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 645ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public static class ServerHooks extends Hooks { 646ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom private final byte[] privateKey; 647ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom private final byte[][] certificates; 648ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public ServerHooks(byte[] privateKey, byte[][] certificates) { 649ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom this.privateKey = privateKey; 650ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom this.certificates = certificates; 651ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 652ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 653ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom @Override 654ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public int beforeHandshake(int c) throws SSLException { 655ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = super.beforeHandshake(c); 656ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom if (privateKey != null) { 657ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_use_PrivateKey(s, privateKey); 658ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 659ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom if (certificates != null) { 660ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_use_certificate(s, certificates); 661ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 662ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom return s; 663ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 664ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void clientCertificateRequested(int s) { 665ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail("Server asked for client certificates"); 666ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 667ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 668ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 6694559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public static Future<TestSSLHandshakeCallbacks> handshake(final ServerSocket listener, 67025977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson final int timeout, final boolean client, final Hooks hooks, final byte[] npnProtocols) { 671ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom ExecutorService executor = Executors.newSingleThreadExecutor(); 67225977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> future = executor.submit( 67325977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson new Callable<TestSSLHandshakeCallbacks>() { 674783004cceef470884b3ee6946cbbfc4af0f28ae7Brian Carlstrom @Override public TestSSLHandshakeCallbacks call() throws Exception { 675ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom Socket socket = (client 6764559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom ? new Socket(listener.getInetAddress(), 6774559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom listener.getLocalPort()) 6784559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom : listener.accept()); 679ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom if (timeout == -1) { 68051de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom return new TestSSLHandshakeCallbacks(socket, 0, null); 681ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 6825d3f5200f3511c9a7107bcc0a996c7afa1b39aafElliott Hughes FileDescriptor fd = socket.getFileDescriptor$(); 683ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = hooks.getContext(); 684ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = hooks.beforeHandshake(c); 68551de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom TestSSLHandshakeCallbacks callback 68651de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom = new TestSSLHandshakeCallbacks(socket, s, hooks); 687ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom if (DEBUG) { 688ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom System.out.println("ssl=0x" + Integer.toString(s, 16) 689ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + " handshake" 690ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + " context=0x" + Integer.toString(c, 16) 691ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + " socket=" + socket 692df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom + " fd=" + fd 693ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + " timeout=" + timeout 694ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom + " client=" + client); 695ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 69651de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom int session = NULL; 69751de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom try { 69851de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom session = NativeCrypto.SSL_do_handshake(s, fd, callback, timeout, client, 69951de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom npnProtocols); 70051de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom if (DEBUG) { 70151de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom System.out.println("ssl=0x" + Integer.toString(s, 16) 70251de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom + " handshake" 70351de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom + " session=0x" + Integer.toString(session, 16)); 70451de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom } 70551de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom } finally { 70651de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom // Ensure afterHandshake is called to free resources 70751de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom hooks.afterHandshake(session, s, c, socket, fd, callback); 708ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 709ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom return callback; 710ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 711ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom }); 712ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom executor.shutdown(); 713ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom return future; 714ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 715ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 716ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_do_handshake_NULL_SSL() throws Exception { 717ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 71825977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson NativeCrypto.SSL_do_handshake(NULL, null, null, 0, false, null); 719ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 720ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 721ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 722ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 723ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 724ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_do_handshake_null_args() throws Exception { 725ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 726ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 727ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 728ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 72925977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson NativeCrypto.SSL_do_handshake(s, null, null, 0, true, null); 730ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 73125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson } catch (NullPointerException expected) { 732ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 733ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 734ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 73525977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson NativeCrypto.SSL_do_handshake(s, INVALID_FD, null, 0, true, null); 736ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 73725977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson } catch (NullPointerException expected) { 738ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 739ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 740ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 741ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 742ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 743ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 744ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_do_handshake_normal() throws Exception { 745ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // normal client and server case 7464559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 747679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson Hooks cHooks = new Hooks(); 748003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()); 74925977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 75025977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 751df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom TestSSLHandshakeCallbacks clientCallback = client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 752df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom TestSSLHandshakeCallbacks serverCallback = server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 753ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(clientCallback.verifyCertificateChainCalled); 754003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom assertEqualCertificateChains(getServerCertificates(), 755ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom clientCallback.asn1DerEncodedCertificateChain); 756ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals("RSA", clientCallback.authMethod); 757ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertFalse(serverCallback.verifyCertificateChainCalled); 758ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertFalse(clientCallback.clientCertificateRequestedCalled); 759ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertFalse(serverCallback.clientCertificateRequestedCalled); 760ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(clientCallback.handshakeCompletedCalled); 761ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(serverCallback.handshakeCompletedCalled); 762ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 763ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 764ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_do_handshake_optional_client_certificate() throws Exception { 765ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // optional client certificate case 7664559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 7674559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 7684559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 7694559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 7704559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public void clientCertificateRequested(int s) { 7714559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom super.clientCertificateRequested(s); 772003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom NativeCrypto.SSL_use_PrivateKey(s, getClientPrivateKey()); 773003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom NativeCrypto.SSL_use_certificate(s, getClientCertificates()); 7744559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 7754559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 776003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 7774559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 7784559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public int beforeHandshake(int c) throws SSLException { 7794559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int s = super.beforeHandshake(c); 780003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom NativeCrypto.SSL_set_client_CA_list(s, getCaPrincipals()); 7814559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_set_verify(s, NativeCrypto.SSL_VERIFY_PEER); 7824559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom return s; 7834559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 7844559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 78525977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 78625977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 787df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom TestSSLHandshakeCallbacks clientCallback = client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 788df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom TestSSLHandshakeCallbacks serverCallback = server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 789ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(clientCallback.verifyCertificateChainCalled); 790003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom assertEqualCertificateChains(getServerCertificates(), 791ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom clientCallback.asn1DerEncodedCertificateChain); 792ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals("RSA", clientCallback.authMethod); 793ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(serverCallback.verifyCertificateChainCalled); 794003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom assertEqualCertificateChains(getClientCertificates(), 79525977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson serverCallback.asn1DerEncodedCertificateChain); 796ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals("RSA", serverCallback.authMethod); 797ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 798ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(clientCallback.clientCertificateRequestedCalled); 799ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertNotNull(clientCallback.keyTypes); 800ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // this depends on the SSL_set_cipher_lists call in beforeHandshake 801ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // the three returned are the non-ephemeral cases. 802ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals(3, clientCallback.keyTypes.length); 8034ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom assertEquals("RSA", CipherSuite.getClientKeyType(clientCallback.keyTypes[0])); 8044ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom assertEquals("DSA", CipherSuite.getClientKeyType(clientCallback.keyTypes[1])); 8054ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom assertEquals("EC", CipherSuite.getClientKeyType(clientCallback.keyTypes[2])); 806003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom assertEqualPrincipals(getCaPrincipals(), 807ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom clientCallback.asn1DerEncodedX500Principals); 808ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertFalse(serverCallback.clientCertificateRequestedCalled); 809ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 810ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(clientCallback.handshakeCompletedCalled); 811ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertTrue(serverCallback.handshakeCompletedCalled); 812ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 813ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 814ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_do_handshake_missing_required_certificate() throws Exception { 815ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // required client certificate negative case 8164559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 817ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 8184559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks(); 819003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 8204559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 8214559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public int beforeHandshake(int c) throws SSLException { 8224559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int s = super.beforeHandshake(c); 823003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom NativeCrypto.SSL_set_client_CA_list(s, getCaPrincipals()); 8244559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_set_verify(s, 825ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_VERIFY_PEER 826ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom | NativeCrypto.SSL_VERIFY_FAIL_IF_NO_PEER_CERT); 8274559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom return s; 8284559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 8294559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 83025977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 83125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 832df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 833ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 834ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (ExecutionException expected) { 835ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals(SSLProtocolException.class, expected.getCause().getClass()); 836ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 837ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 838ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 839638000042da777f6d628d88dadde957c52597710Brian Carlstrom /** 840638000042da777f6d628d88dadde957c52597710Brian Carlstrom * Usually if a RuntimeException is thrown by the 841638000042da777f6d628d88dadde957c52597710Brian Carlstrom * clientCertificateRequestedCalled callback, the caller sees it 842638000042da777f6d628d88dadde957c52597710Brian Carlstrom * during the call to NativeCrypto_SSL_do_handshake. However, IIS 843638000042da777f6d628d88dadde957c52597710Brian Carlstrom * does not request client certs until after the initial 844638000042da777f6d628d88dadde957c52597710Brian Carlstrom * handshake. It does an SSL renegotiation, which means we need to 845638000042da777f6d628d88dadde957c52597710Brian Carlstrom * be able to deliver the callback's exception in cases like 846638000042da777f6d628d88dadde957c52597710Brian Carlstrom * SSL_read, SSL_write, and SSL_shutdown. 847638000042da777f6d628d88dadde957c52597710Brian Carlstrom */ 848638000042da777f6d628d88dadde957c52597710Brian Carlstrom public void test_SSL_do_handshake_clientCertificateRequested_throws_after_renegotiate() 849638000042da777f6d628d88dadde957c52597710Brian Carlstrom throws Exception { 850638000042da777f6d628d88dadde957c52597710Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 851638000042da777f6d628d88dadde957c52597710Brian Carlstrom 852638000042da777f6d628d88dadde957c52597710Brian Carlstrom Hooks cHooks = new Hooks() { 853638000042da777f6d628d88dadde957c52597710Brian Carlstrom @Override 854638000042da777f6d628d88dadde957c52597710Brian Carlstrom public int beforeHandshake(int context) throws SSLException { 855638000042da777f6d628d88dadde957c52597710Brian Carlstrom int s = super.beforeHandshake(context); 856679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson NativeCrypto.SSL_clear_mode(s, SSL_MODE_HANDSHAKE_CUTTHROUGH); 857638000042da777f6d628d88dadde957c52597710Brian Carlstrom return s; 858638000042da777f6d628d88dadde957c52597710Brian Carlstrom } 859638000042da777f6d628d88dadde957c52597710Brian Carlstrom @Override 860638000042da777f6d628d88dadde957c52597710Brian Carlstrom public void afterHandshake(int session, int s, int c, 861638000042da777f6d628d88dadde957c52597710Brian Carlstrom Socket sock, FileDescriptor fd, 862638000042da777f6d628d88dadde957c52597710Brian Carlstrom SSLHandshakeCallbacks callback) 863638000042da777f6d628d88dadde957c52597710Brian Carlstrom throws Exception { 864638000042da777f6d628d88dadde957c52597710Brian Carlstrom NativeCrypto.SSL_read(s, fd, callback, new byte[1], 0, 1, 0); 865638000042da777f6d628d88dadde957c52597710Brian Carlstrom fail(); 866638000042da777f6d628d88dadde957c52597710Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 867638000042da777f6d628d88dadde957c52597710Brian Carlstrom } 868638000042da777f6d628d88dadde957c52597710Brian Carlstrom @Override 869638000042da777f6d628d88dadde957c52597710Brian Carlstrom public void clientCertificateRequested(int s) { 870638000042da777f6d628d88dadde957c52597710Brian Carlstrom super.clientCertificateRequested(s); 871638000042da777f6d628d88dadde957c52597710Brian Carlstrom throw new RuntimeException("expected"); 872638000042da777f6d628d88dadde957c52597710Brian Carlstrom } 873638000042da777f6d628d88dadde957c52597710Brian Carlstrom }; 874638000042da777f6d628d88dadde957c52597710Brian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 875638000042da777f6d628d88dadde957c52597710Brian Carlstrom @Override 876638000042da777f6d628d88dadde957c52597710Brian Carlstrom public void afterHandshake(int session, int s, int c, 877638000042da777f6d628d88dadde957c52597710Brian Carlstrom Socket sock, FileDescriptor fd, 878638000042da777f6d628d88dadde957c52597710Brian Carlstrom SSLHandshakeCallbacks callback) 879638000042da777f6d628d88dadde957c52597710Brian Carlstrom throws Exception { 880db611c5813f623ee0403aedd156bb15780ed6e69Brian Carlstrom try { 881db611c5813f623ee0403aedd156bb15780ed6e69Brian Carlstrom NativeCrypto.SSL_set_verify(s, NativeCrypto.SSL_VERIFY_PEER); 882db611c5813f623ee0403aedd156bb15780ed6e69Brian Carlstrom NativeCrypto.SSL_set_options( 883db611c5813f623ee0403aedd156bb15780ed6e69Brian Carlstrom s, NativeCrypto.SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); 884db611c5813f623ee0403aedd156bb15780ed6e69Brian Carlstrom NativeCrypto.SSL_renegotiate(s); 885db611c5813f623ee0403aedd156bb15780ed6e69Brian Carlstrom NativeCrypto.SSL_write(s, fd, callback, new byte[] { 42 }, 0, 1, 886db611c5813f623ee0403aedd156bb15780ed6e69Brian Carlstrom (int) ((TIMEOUT_SECONDS * 1000) / 2)); 88729e51335337132ebe338b61c7ff16ec4005285c9Brian Carlstrom } catch (IOException expected) { 888db611c5813f623ee0403aedd156bb15780ed6e69Brian Carlstrom } finally { 889db611c5813f623ee0403aedd156bb15780ed6e69Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 890db611c5813f623ee0403aedd156bb15780ed6e69Brian Carlstrom } 891638000042da777f6d628d88dadde957c52597710Brian Carlstrom } 892638000042da777f6d628d88dadde957c52597710Brian Carlstrom }; 89325977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 89425977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 895638000042da777f6d628d88dadde957c52597710Brian Carlstrom try { 896638000042da777f6d628d88dadde957c52597710Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 897638000042da777f6d628d88dadde957c52597710Brian Carlstrom } catch (ExecutionException e) { 898638000042da777f6d628d88dadde957c52597710Brian Carlstrom if (!"expected".equals(e.getCause().getMessage())) { 899638000042da777f6d628d88dadde957c52597710Brian Carlstrom throw e; 900638000042da777f6d628d88dadde957c52597710Brian Carlstrom } 901638000042da777f6d628d88dadde957c52597710Brian Carlstrom } 902db611c5813f623ee0403aedd156bb15780ed6e69Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 903638000042da777f6d628d88dadde957c52597710Brian Carlstrom } 904638000042da777f6d628d88dadde957c52597710Brian Carlstrom 905ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_do_handshake_client_timeout() throws Exception { 906ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // client timeout 9074559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 90851de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom Socket serverSocket = null; 909ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 9104559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks(); 911003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()); 91225977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 1, true, cHooks, null); 91325977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, -1, false, sHooks, null); 91451de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom serverSocket = server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS).getSocket(); 915df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 916ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 917ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (ExecutionException expected) { 91851de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom if (SocketTimeoutException.class != expected.getCause().getClass()) { 91951de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom expected.printStackTrace(); 92051de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom } 921ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals(SocketTimeoutException.class, expected.getCause().getClass()); 92251de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom } finally { 92351de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom // Manually close peer socket when testing timeout 92451de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom IoUtils.closeQuietly(serverSocket); 925ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 926ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 927ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 928ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_do_handshake_server_timeout() throws Exception { 929ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // server timeout 9304559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 93151de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom Socket clientSocket = null; 932ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 9334559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks(); 934003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()); 93525977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, -1, true, cHooks, null); 93625977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 1, false, sHooks, null); 93751de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom clientSocket = client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS).getSocket(); 938df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 939ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 940ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (ExecutionException expected) { 941ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals(SocketTimeoutException.class, expected.getCause().getClass()); 94251de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom } finally { 94351de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom // Manually close peer socket when testing timeout 94451de62cf77a070e2a45ae397c391832b9a781d91Brian Carlstrom IoUtils.closeQuietly(clientSocket); 945ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 946ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 947ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 948ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_set_session() throws Exception { 949ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 950ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_session(NULL, NULL); 951ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 952ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 953ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 954ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 955ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom { 956ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 957ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 958ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_session(s, NULL); 959ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 960ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 961ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 962ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 963ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom { 964ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom final int clientContext = NativeCrypto.SSL_CTX_new(); 965ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom final int serverContext = NativeCrypto.SSL_CTX_new(); 9664559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 967ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom final int[] clientSession = new int[] { NULL }; 968ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom final int[] serverSession = new int[] { NULL }; 969ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom { 9704559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 9714559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 9724559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public int getContext() throws SSLException { 9734559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom return clientContext; 9744559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 9754559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 976df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 977df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 978df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 9794559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 980df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(NULL, s, NULL, sock, fd, callback); 9814559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom clientSession[0] = session; 9824559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 9834559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 984003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 9854559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 9864559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public int getContext() throws SSLException { 9874559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom return serverContext; 9884559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 9894559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 990df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 991df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 992df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 9934559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 994df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(NULL, s, NULL, sock, fd, callback); 9954559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom serverSession[0] = session; 9964559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 9974559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 99825977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client 99925977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson = handshake(listener, 0, true, cHooks, null); 100025977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server 100125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson = handshake(listener, 0, false, sHooks, null); 1002df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1003df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1004ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1005ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEqualSessions(clientSession[0], serverSession[0]); 1006ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom { 10074559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 10084559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 10094559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public int getContext() throws SSLException { 10104559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom return clientContext; 10114559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 10124559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 10134559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public int beforeHandshake(int c) throws SSLException { 10144559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int s = NativeCrypto.SSL_new(clientContext); 10154559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_set_session(s, clientSession[0]); 10164559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom return s; 10174559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 10184559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1019df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1020df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1021df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 10224559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 10234559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertEqualSessions(clientSession[0], session); 1024df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(NULL, s, NULL, sock, fd, callback); 10254559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 10264559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1027003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 10284559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 10294559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public int getContext() throws SSLException { 10304559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom return serverContext; 10314559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 10324559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1033df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1034df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1035df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 10364559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 10374559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertEqualSessions(serverSession[0], session); 1038df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(NULL, s, NULL, sock, fd, callback); 10394559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 10404559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 104125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client 104225977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson = handshake(listener, 0, true, cHooks, null); 104325977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server 104425977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson = handshake(listener, 0, false, sHooks, null); 1045df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1046df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1047ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1048ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_SESSION_free(clientSession[0]); 1049ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_SESSION_free(serverSession[0]); 1050ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(serverContext); 1051ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(clientContext); 1052ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1053ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1054ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1055ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_set_session_creation_enabled() throws Exception { 1056ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1057ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_session_creation_enabled(NULL, false); 1058ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1059ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1060ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1061ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1062ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom { 1063ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 1064ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 1065ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_session_creation_enabled(s, false); 1066ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_set_session_creation_enabled(s, true); 1067ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 1068ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1069ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1070ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 10714559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 1072ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1073ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // negative test case for SSL_set_session_creation_enabled(false) on client 1074ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 10754559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 10764559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 10774559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public int beforeHandshake(int c) throws SSLException { 10784559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int s = super.beforeHandshake(c); 10794559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_set_session_creation_enabled(s, false); 10804559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom return s; 10814559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 10824559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1083003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()); 108425977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 108525977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1086df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1087ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1088ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (ExecutionException expected) { 1089ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals(SSLProtocolException.class, expected.getCause().getClass()); 1090ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1091ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1092ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // negative test case for SSL_set_session_creation_enabled(false) on server 1093ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 10944559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks(); 1095003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 10964559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 10974559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public int beforeHandshake(int c) throws SSLException { 10984559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int s = super.beforeHandshake(c); 10994559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_set_session_creation_enabled(s, false); 11004559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom return s; 11014559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 11024559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 110325977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 110425977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1105df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1106ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1107ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (ExecutionException expected) { 1108ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals(SSLProtocolException.class, expected.getCause().getClass()); 1109ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1110ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1111ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 11124559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public void test_SSL_set_tlsext_host_name() throws Exception { 11134559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom // NULL SSL 1114ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 11154559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_set_tlsext_host_name(NULL, null); 1116ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1117ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1118ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1119ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 11204559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final String hostname = "www.android.com"; 11214559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 1122ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom { 11234559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 11244559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int s = NativeCrypto.SSL_new(c); 11254559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 11264559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom // null hostname 11274559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom try { 11284559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_set_tlsext_host_name(s, null); 11294559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom fail(); 11304559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } catch (NullPointerException expected) { 11314559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 11324559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 11334559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom // too long hostname 11344559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom try { 11354559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom char[] longHostname = new char[256]; 11364559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Arrays.fill(longHostname, 'w'); 11374559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_set_tlsext_host_name(s, new String(longHostname)); 11384559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom fail(); 11394559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } catch (SSLException expected) { 11404559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 11414559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 11424559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertNull(NativeCrypto.SSL_get_servername(s)); 11434559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_set_tlsext_host_name(s, new String(hostname)); 11444559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertEquals(hostname, NativeCrypto.SSL_get_servername(s)); 11454559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 11464559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_free(s); 11474559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1148ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 11494559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 11504559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 11514559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 11524559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom // normal 11534559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 11544559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 11554559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public int beforeHandshake(int c) throws SSLException { 11564559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int s = super.beforeHandshake(c); 11574559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_set_tlsext_host_name(s, hostname); 11584559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom return s; 11594559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 11604559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1161003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 11624559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1163df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1164df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1165df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 11664559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 11674559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertEquals(hostname, NativeCrypto.SSL_get_servername(s)); 1168df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 11694559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 11704559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 117125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 117225977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 117325977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 117425977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 117525977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson } 117625977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson 117725977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson public void test_SSL_NpnNegotiateSuccess() throws Exception { 117825977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson final byte[] clientNpnProtocols = new byte[] { 117925977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson 8, 'h', 't', 't', 'p', '/', '1', '.', '1', 118025977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson 3, 'f', 'o', 'o', 118125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson 6, 's', 'p', 'd', 'y', '/', '2', 118225977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson }; 118325977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson final byte[] serverNpnProtocols = new byte[] { 118425977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson 6, 's', 'p', 'd', 'y', '/', '2', 118525977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson 3, 'f', 'o', 'o', 118625977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson 3, 'b', 'a', 'r', 118725977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson }; 118825977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson 118925977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Hooks cHooks = new Hooks() { 119025977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson @Override public int beforeHandshake(int context) throws SSLException { 119125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson NativeCrypto.SSL_CTX_enable_npn(context); 119225977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson return super.beforeHandshake(context); 119325977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson } 119425977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson @Override public void afterHandshake(int session, int ssl, int context, Socket socket, 119525977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson FileDescriptor fd, SSLHandshakeCallbacks callback) throws Exception { 1196600dc4949de6bf5608e5f5a5214cde59299b683aJesse Wilson byte[] negotiated = NativeCrypto.SSL_get_npn_negotiated_protocol(ssl); 119725977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson assertEquals("spdy/2", new String(negotiated)); 1198679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson assertTrue("NPN should enable cutthrough on the client", 1199679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson 0 != (NativeCrypto.SSL_get_mode(ssl) & SSL_MODE_HANDSHAKE_CUTTHROUGH)); 120025977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson super.afterHandshake(session, ssl, context, socket, fd, callback); 120125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson } 120225977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson }; 120325977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 120425977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson @Override public int beforeHandshake(int context) throws SSLException { 120525977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson NativeCrypto.SSL_CTX_enable_npn(context); 120625977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson return super.beforeHandshake(context); 120725977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson } 120825977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson @Override public void afterHandshake(int session, int ssl, int c, Socket sock, 120925977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson FileDescriptor fd, SSLHandshakeCallbacks callback) throws Exception { 1210600dc4949de6bf5608e5f5a5214cde59299b683aJesse Wilson byte[] negotiated = NativeCrypto.SSL_get_npn_negotiated_protocol(ssl); 121125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson assertEquals("spdy/2", new String(negotiated)); 1212679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson assertEquals("NPN should not enable cutthrough on the server", 1213679ac55c3c037887edfc6ce6f42a23cd7c11cd12Jesse Wilson 0, NativeCrypto.SSL_get_mode(ssl) & SSL_MODE_HANDSHAKE_CUTTHROUGH); 121425977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson super.afterHandshake(session, ssl, c, sock, fd, callback); 121525977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson } 121625977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson }; 121725977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson 121825977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson ServerSocket listener = new ServerSocket(0); 121925977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client 122025977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson = handshake(listener, 0, true, cHooks, clientNpnProtocols); 122125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server 122225977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson = handshake(listener, 0, false, sHooks, serverNpnProtocols); 1223df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1224df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 12254559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 12264559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 12274559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public void test_SSL_get_servername_null() throws Exception { 12284559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom // NULL SSL 12294559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom try { 12304559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_get_servername(NULL); 12314559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom fail(); 12324559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } catch (NullPointerException expected) { 12334559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 12344559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 12354559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 12364559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int s = NativeCrypto.SSL_new(c); 12374559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertNull(NativeCrypto.SSL_get_servername(s)); 12384559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_free(s); 12394559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 12404559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 12414559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom // additional positive testing by test_SSL_set_tlsext_host_name 12424559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 12434559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 12444559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public void test_SSL_renegotiate() throws Exception { 12454559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom try { 12464559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_renegotiate(NULL); 12474559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom fail(); 12484559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } catch (NullPointerException expected) { 12494559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 12504559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 12514559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 12524559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 12534559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1254df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1255df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1256df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 12574559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 1258638000042da777f6d628d88dadde957c52597710Brian Carlstrom byte[] buffer = new byte[1]; 1259638000042da777f6d628d88dadde957c52597710Brian Carlstrom NativeCrypto.SSL_read(s, fd, callback, buffer, 0, 1, 0); 1260638000042da777f6d628d88dadde957c52597710Brian Carlstrom assertEquals(42, buffer[0]); 1261df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 12624559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 12634559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1264003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 12654559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1266df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1267df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1268df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 12694559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 12704559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_renegotiate(s); 12718205bc491d7e9167aa190fca584b30cb1599ab51Brian Carlstrom NativeCrypto.SSL_write(s, fd, callback, new byte[] { 42 }, 0, 1, 0); 1272df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 12734559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 12744559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 127525977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 127625977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1277df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1278df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1279ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1280ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1281ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_get_certificate() throws Exception { 1282ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1283ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_get_certificate(NULL); 1284ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1285ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1286ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1287ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 12884559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 12894559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 12904559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1291df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1292df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1293df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 12944559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 12954559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertNull(NativeCrypto.SSL_get_certificate(s)); 1296df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 12974559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 12984559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1299003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 13004559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1301df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1302df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1303df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 13044559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 13054559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertEqualCertificateChains( 1306003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom getServerCertificates(), 13074559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_get_certificate(s)); 1308df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 13094559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 13104559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 131125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 131225977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1313df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1314df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1315ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1316ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1317df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom public void test_SSL_get_peer_cert_chain() throws Exception { 1318df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom try { 1319df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom NativeCrypto.SSL_get_peer_cert_chain(NULL); 1320df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom fail(); 1321df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom } catch (NullPointerException expected) { 1322df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom } 1323df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom 1324df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 1325df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom 1326df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom Hooks cHooks = new Hooks() { 1327df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom @Override 1328df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1329df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1330df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 1331df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom throws Exception { 1332df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom byte[][] cc = NativeCrypto.SSL_get_peer_cert_chain(s); 1333003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom assertEqualCertificateChains(getServerCertificates(), cc); 1334df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 1335df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom } 1336df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom }; 1337003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()); 133825977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 133925977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1340df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1341df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1342df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom } 1343df349b3eaf4d1fa0643ab722173bc3bf20a266f5Brian Carlstrom 1344ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom final byte[] BYTES = new byte[] { 2, -3, 5, 127, 0, -128 }; 1345ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1346ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_read() throws Exception { 1347df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom 1348df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom // NULL ssl 1349ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1350df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_read(NULL, null, null, null, 0, 0, 0); 1351ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1352ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1353ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1354ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1355df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom // null FileDescriptor 1356ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom { 1357ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 1358ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 1359ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1360df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_read(s, null, DUMMY_CB, null, 0, 0, 0); 1361ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1362ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1363ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1364df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_free(s); 1365df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1366df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } 1367ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1368df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom // null SSLHandshakeCallbacks 1369df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom { 1370df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 1371df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom int s = NativeCrypto.SSL_new(c); 1372df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom try { 1373df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_read(s, INVALID_FD, null, null, 0, 0, 0); 1374df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom fail(); 1375df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } catch (NullPointerException expected) { 1376df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } 1377df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_free(s); 1378df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1379df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } 1380df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom 1381df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom // null byte array 1382df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom { 1383df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 1384df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom int s = NativeCrypto.SSL_new(c); 1385df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom try { 1386df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_read(s, INVALID_FD, DUMMY_CB, null, 0, 0, 0); 1387df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom fail(); 1388df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } catch (NullPointerException expected) { 1389df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } 1390ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 1391ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1392ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1393ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1394ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // handshaking not yet performed 1395ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom { 1396ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 1397ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 1398ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1399df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_read(s, INVALID_FD, DUMMY_CB, new byte[1], 0, 1, 0); 1400ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1401ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (SSLException expected) { 1402ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1403ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 1404ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1405ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1406ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 14074559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 1408ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1409ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // normal case 1410ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom { 14114559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 14124559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1413df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1414df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1415df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 14164559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 14174559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom byte[] in = new byte[256]; 14184559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertEquals(BYTES.length, 14194559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_read(s, 1420df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom fd, 1421df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom callback, 14224559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom in, 14234559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 0, 14244559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom BYTES.length, 14254559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 0)); 14264559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom for (int i = 0; i < BYTES.length; i++) { 14274559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertEquals(BYTES[i], in[i]); 14284559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 1429df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 14304559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 14314559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1432003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 14334559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1434df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1435df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1436df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 14374559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 14388205bc491d7e9167aa190fca584b30cb1599ab51Brian Carlstrom NativeCrypto.SSL_write(s, fd, callback, BYTES, 0, BYTES.length, 0); 1439df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 14404559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 14414559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 144225977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 144325977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1444df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1445df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1446ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1447ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1448ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // timeout case 1449ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 14504559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 14514559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1452df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1453df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1454df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 14554559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 1456df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_read(s, fd, callback, new byte[1], 0, 1, 1); 14574559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom fail(); 14584559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 14594559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1460003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 14614559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1462df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1463df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1464df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 14654559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 1466638000042da777f6d628d88dadde957c52597710Brian Carlstrom NativeCrypto.SSL_read(s, fd, callback, new byte[1], 0, 1, 0); 1467df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 14684559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 14694559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 147025977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 147125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1472df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 14734559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom fail(); 1474ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (ExecutionException expected) { 1475ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals(SocketTimeoutException.class, expected.getCause().getClass()); 1476ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1477ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1478ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1479ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_write() throws Exception { 1480ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 14818205bc491d7e9167aa190fca584b30cb1599ab51Brian Carlstrom NativeCrypto.SSL_write(NULL, null, null, null, 0, 0, 0); 1482ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1483ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1484ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1485ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1486df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom // null FileDescriptor 1487df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom { 1488df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 1489df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom int s = NativeCrypto.SSL_new(c); 1490df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom try { 14918205bc491d7e9167aa190fca584b30cb1599ab51Brian Carlstrom NativeCrypto.SSL_write(s, null, DUMMY_CB, null, 0, 1, 0); 1492df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom fail(); 1493df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } catch (NullPointerException expected) { 1494df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } 1495df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_free(s); 1496df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1497df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } 1498df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom 1499df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom // null SSLHandshakeCallbacks 1500df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom { 1501df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 1502df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom int s = NativeCrypto.SSL_new(c); 1503df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom try { 15048205bc491d7e9167aa190fca584b30cb1599ab51Brian Carlstrom NativeCrypto.SSL_write(s, INVALID_FD, null, null, 0, 1, 0); 1505df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom fail(); 1506df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } catch (NullPointerException expected) { 1507df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } 1508df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_free(s); 1509df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1510df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } 1511df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom 1512ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // null byte array 15134559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom { 1514ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 1515ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 15164559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom try { 15178205bc491d7e9167aa190fca584b30cb1599ab51Brian Carlstrom NativeCrypto.SSL_write(s, INVALID_FD, DUMMY_CB, null, 0, 1, 0); 1518ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 15194559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } catch (NullPointerException expected) { 1520ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1521ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 1522ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1523ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1524ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1525ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // handshaking not yet performed 1526ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom { 1527ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 1528ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 1529ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 15308205bc491d7e9167aa190fca584b30cb1599ab51Brian Carlstrom NativeCrypto.SSL_write(s, INVALID_FD, DUMMY_CB, new byte[1], 0, 1, 0); 1531ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1532ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (SSLException expected) { 1533ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1534ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 1535ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1536ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1537ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1538ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // positively tested by test_SSL_read 1539ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1540ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1541ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_interrupt() throws Exception { 1542ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // SSL_interrupt is a rare case that tolerates a null SSL argument 1543ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_interrupt(NULL); 1544ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1545ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // also works without handshaking 1546ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom { 1547ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 1548ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int s = NativeCrypto.SSL_new(c); 1549ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_interrupt(s); 1550ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(s); 1551ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1552ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1553ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 15544559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 1555ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 15564559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 15574559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1558df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1559df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1560df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 15614559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 1562638000042da777f6d628d88dadde957c52597710Brian Carlstrom NativeCrypto.SSL_read(s, fd, callback, new byte[1], 0, 1, 0); 1563df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 15644559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 15654559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1566003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) { 15674559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1568df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, final int s, int c, 1569df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1570df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 15714559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 15724559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom new Thread() { 15734559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom public void run() { 15744559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom try { 15754559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Thread.sleep(1*1000); 15764559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_interrupt(s); 15774559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } catch (Exception e) { 15784559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 15794559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 15804559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }.start(); 1581638000042da777f6d628d88dadde957c52597710Brian Carlstrom assertEquals(-1, NativeCrypto.SSL_read(s, fd, callback, new byte[1], 0, 1, 0)); 1582df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 15834559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 15844559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 158525977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 158625977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1587df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1588df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1589ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1590ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1591ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_shutdown() throws Exception { 1592ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1593df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom // null FileDescriptor 1594df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom try { 1595df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_shutdown(NULL, null, DUMMY_CB); 1596df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } catch (NullPointerException expected) { 1597df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } 1598df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom 1599df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom // null SSLHandshakeCallbacks 1600df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom try { 1601df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_shutdown(NULL, INVALID_FD, null); 1602df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } catch (NullPointerException expected) { 1603df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom } 1604df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom 1605ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // SSL_shutdown is a rare case that tolerates a null SSL argument 1606df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_shutdown(NULL, INVALID_FD, DUMMY_CB); 1607ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1608ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // handshaking not yet performed 16094559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 16104559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int s = NativeCrypto.SSL_new(c); 1611ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1612df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom NativeCrypto.SSL_shutdown(s, INVALID_FD, DUMMY_CB); 1613ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (SSLProtocolException expected) { 1614ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 16154559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_free(s); 16164559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1617ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1618ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // positively tested elsewhere because handshake uses use 1619ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // SSL_shutdown to ensure SSL_SESSIONs are reused. 1620ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1621ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1622ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_free() throws Exception { 1623ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1624ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(NULL); 1625ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1626ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1627ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1628ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1629ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom int c = NativeCrypto.SSL_CTX_new(); 1630ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_free(NativeCrypto.SSL_new(c)); 1631ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_CTX_free(c); 1632ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1633ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // additional positive testing elsewhere because handshake 1634ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // uses use SSL_free to cleanup in afterHandshake. 1635ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1636ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1637ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_SESSION_session_id() throws Exception { 1638ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1639ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_SESSION_session_id(NULL); 1640ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1641ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1642ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1643ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 16444559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 1645ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 16464559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 16474559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1648df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1649df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1650df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 16514559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 16524559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom byte[] id = NativeCrypto.SSL_SESSION_session_id(session); 16534559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertNotNull(id); 16544559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertEquals(32, id.length); 1655df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 16564559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 16574559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1658003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()); 165925977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 166025977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1661df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1662df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1663ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1664ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1665ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_SESSION_get_time() throws Exception { 1666ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1667ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_SESSION_get_time(NULL); 1668ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1669ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1670ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1671ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 16724559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 1673ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1674ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom { 16754559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 16764559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1677df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1678df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1679df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 16804559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 16814559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom long time = NativeCrypto.SSL_SESSION_get_time(session); 16824559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertTrue(time != 0); 16834559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertTrue(time < System.currentTimeMillis()); 1684df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 16854559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 16864559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1687003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()); 168825977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 168925977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1690df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1691df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1692ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1693ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1694ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1695ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_SESSION_get_version() throws Exception { 1696ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1697ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_SESSION_get_version(NULL); 1698ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1699ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1700ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1701ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 17024559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 1703ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 17044559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 17054559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1706df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1707df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1708df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 17094559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 17104559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom String v = NativeCrypto.SSL_SESSION_get_version(session); 17114559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertTrue(StandardNames.SSL_SOCKET_PROTOCOLS.contains(v)); 1712df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 17134559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 17144559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1715003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()); 171625977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 171725977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1718df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1719df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1720ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1721ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1722ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_SESSION_cipher() throws Exception { 1723ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1724ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_SESSION_cipher(NULL); 1725ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1726ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1727ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1728ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 17294559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 17304559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 17314559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 17324559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1733df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1734df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1735df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 17364559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 17374559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom String a = NativeCrypto.SSL_SESSION_cipher(session); 17384559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertTrue(NativeCrypto.OPENSSL_TO_STANDARD_CIPHER_SUITES.containsKey(a)); 1739df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 17404559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 17414559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1742003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()); 174325977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 174425977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1745df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1746df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 17474559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 17484559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom 1749ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_SSL_SESSION_free() throws Exception { 1750ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1751ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.SSL_SESSION_free(NULL); 1752ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1753ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1754ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1755ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1756ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // additional positive testing elsewhere because handshake 1757ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom // uses use SSL_SESSION_free to cleanup in afterHandshake. 1758ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1759ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1760ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_i2d_SSL_SESSION() throws Exception { 1761ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1762ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.i2d_SSL_SESSION(NULL); 1763ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1764ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1765ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1766ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 17674559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom final ServerSocket listener = new ServerSocket(0); 1768ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 17694559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom Hooks cHooks = new Hooks() { 17704559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom @Override 1771df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom public void afterHandshake(int session, int s, int c, 1772df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom Socket sock, FileDescriptor fd, 1773df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom SSLHandshakeCallbacks callback) 17744559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom throws Exception { 17754559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom byte[] b = NativeCrypto.i2d_SSL_SESSION(session); 17764559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertNotNull(b); 17774559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom int session2 = NativeCrypto.d2i_SSL_SESSION(b); 17784559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom assertTrue(session2 != NULL); 17798b43d6de8df989711dd0779d689e1a1c1f9df68eBrian Carlstrom 17808b43d6de8df989711dd0779d689e1a1c1f9df68eBrian Carlstrom // Make sure d2i_SSL_SESSION retores SSL_SESSION_cipher value http://b/7091840 17818b43d6de8df989711dd0779d689e1a1c1f9df68eBrian Carlstrom assertTrue(NativeCrypto.SSL_SESSION_cipher(session2) != null); 17828b43d6de8df989711dd0779d689e1a1c1f9df68eBrian Carlstrom assertEquals(NativeCrypto.SSL_SESSION_cipher(session), 17838b43d6de8df989711dd0779d689e1a1c1f9df68eBrian Carlstrom NativeCrypto.SSL_SESSION_cipher(session2)); 17848b43d6de8df989711dd0779d689e1a1c1f9df68eBrian Carlstrom 17854559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom NativeCrypto.SSL_SESSION_free(session2); 1786df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom super.afterHandshake(session, s, c, sock, fd, callback); 17874559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom } 17884559b1d37edcb5d7f1da086cf2e3290388d74f46Brian Carlstrom }; 1789003f7a4d100cd1527d94bac81a4a3c5a8216c6eeBrian Carlstrom Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()); 179025977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null); 179125977e422febea04dac9fb9c35d7271d55d3b6b8Jesse Wilson Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null); 1792df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1793df9c090e85c4d052cdd17b5f981819be86a56737Brian Carlstrom server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS); 1794ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1795ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1796ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom public void test_d2i_SSL_SESSION() throws Exception { 1797ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom try { 1798ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom NativeCrypto.d2i_SSL_SESSION(null); 1799ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom fail(); 1800ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } catch (NullPointerException expected) { 1801ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 1802ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 1803ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals(NULL, NativeCrypto.d2i_SSL_SESSION(new byte[0])); 1804ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom assertEquals(NULL, NativeCrypto.d2i_SSL_SESSION(new byte[1])); 1805ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom 18068b43d6de8df989711dd0779d689e1a1c1f9df68eBrian Carlstrom // positive testing by test_i2d_SSL_SESSION 1807ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom } 18081b3c5388d0fffde4392007eb1b0be011a5dfae82Brian Carlstrom 18091b3c5388d0fffde4392007eb1b0be011a5dfae82Brian Carlstrom public void test_X509_NAME_hashes() { 18101b3c5388d0fffde4392007eb1b0be011a5dfae82Brian Carlstrom // ensure these hash functions are stable over time since the 18111b3c5388d0fffde4392007eb1b0be011a5dfae82Brian Carlstrom // /system/etc/security/cacerts CA filenames have to be 18121b3c5388d0fffde4392007eb1b0be011a5dfae82Brian Carlstrom // consistent with the output. 18131b3c5388d0fffde4392007eb1b0be011a5dfae82Brian Carlstrom X500Principal name = new X500Principal("CN=localhost"); 18141b3c5388d0fffde4392007eb1b0be011a5dfae82Brian Carlstrom assertEquals(-1372642656, NativeCrypto.X509_NAME_hash(name)); // SHA1 18151b3c5388d0fffde4392007eb1b0be011a5dfae82Brian Carlstrom assertEquals(-1626170662, NativeCrypto.X509_NAME_hash_old(name)); // MD5 18161b3c5388d0fffde4392007eb1b0be011a5dfae82Brian Carlstrom } 181741e34229c07e8d05090560ff80558fa222623769Kenny Root 181841e34229c07e8d05090560ff80558fa222623769Kenny Root public void test_ENGINE_by_id_Failure() throws Exception { 181941e34229c07e8d05090560ff80558fa222623769Kenny Root NativeCrypto.ENGINE_load_dynamic(); 182041e34229c07e8d05090560ff80558fa222623769Kenny Root 182141e34229c07e8d05090560ff80558fa222623769Kenny Root try { 182241e34229c07e8d05090560ff80558fa222623769Kenny Root int engine = NativeCrypto.ENGINE_by_id("non-existent"); 182341e34229c07e8d05090560ff80558fa222623769Kenny Root fail("Shouldn't load non-existent engine"); 182441e34229c07e8d05090560ff80558fa222623769Kenny Root } catch (RuntimeException e) { 182541e34229c07e8d05090560ff80558fa222623769Kenny Root // Success 182641e34229c07e8d05090560ff80558fa222623769Kenny Root } 182741e34229c07e8d05090560ff80558fa222623769Kenny Root } 182846aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root 182946aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root public void test_RAND_bytes_Success() throws Exception { 183046aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root byte[] output = new byte[32]; 183146aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root NativeCrypto.RAND_bytes(output); 183246aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root 183346aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root boolean isZero = true; 183446aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root for (int i = 0; i < output.length; i++) { 183546aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root isZero &= (output[i] == 0); 183646aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root } 183746aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root 183846aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root assertFalse("Random output was zero. This is a very low probability event " 183946aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root + "and probably indicates an error.", isZero); 184046aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root } 184146aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root 184246aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root public void test_RAND_bytes_Null_Failure() throws Exception { 184346aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root byte[] output = null; 184446aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root try { 184546aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root NativeCrypto.RAND_bytes(output); 184646aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root fail("Should be an error on null buffer input"); 184746aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root } catch (RuntimeException success) { } 184846aabcb28b0e3b807f6db8c33173962d6f2cb71fKenny Root } 1849ef628d1464e57552403ad43366e153c1ef50b926Brian Carlstrom} 1850