Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
为 GitLab 提交贡献
登录/注册
切换导航
H
h2database
项目
项目
详情
活动
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分枝图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
折叠边栏
关闭边栏
活动
分枝图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
Administrator
h2database
Commits
84745974
提交
84745974
authored
1月 26, 2016
作者:
Tomas Pospichal
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Test SSL sockets with anonymous TLS enabled and disabled
上级
fe722349
隐藏空白字符变更
内嵌
并排
正在显示
1 个修改的文件
包含
133 行增加
和
2 行删除
+133
-2
TestNetUtils.java
h2/src/test/org/h2/test/unit/TestNetUtils.java
+133
-2
没有找到文件。
h2/src/test/org/h2/test/unit/TestNetUtils.java
浏览文件 @
84745974
...
...
@@ -11,19 +11,30 @@ import java.net.Socket;
import
java.util.HashSet
;
import
java.util.Set
;
import
java.util.concurrent.atomic.AtomicInteger
;
import
javax.net.ssl.SSLContext
;
import
javax.net.ssl.SSLServerSocket
;
import
javax.net.ssl.SSLSession
;
import
javax.net.ssl.SSLSocket
;
import
org.h2.engine.SysProperties
;
import
org.h2.test.TestBase
;
import
org.h2.util.NetUtils
;
import
org.h2.util.Task
;
/**
* Test the network utilities.
* Test the network utilities
from {@link NetUtils}
.
*
* @author Sergi Vladykin
* @author Tomas Pospichal
*/
public
class
TestNetUtils
extends
TestBase
{
private
static
final
int
WORKER_COUNT
=
10
;
private
static
final
int
PORT
=
9111
;
private
static
final
int
WAIT_MILLIS
=
100
;
private
static
final
int
WAIT_LONGER_MILLIS
=
2
*
WAIT_MILLIS
;
private
static
final
String
TASK_PREFIX
=
"ServerSocketThread-"
;
/**
* Run just this test.
...
...
@@ -36,10 +47,130 @@ public class TestNetUtils extends TestBase {
@Override
public
void
test
()
throws
Exception
{
testAnonymousTlsSession
();
testTlsSessionWithServerSideAnonymousDisabled
();
testFrequentConnections
(
true
,
100
);
testFrequentConnections
(
false
,
1000
);
}
/**
* With default settings, H2 client SSL socket should be able to connect
* to an H2 server SSL socket using an anonymous cipher suite
* (no SSL certificate is needed).
* @throws Exception
*/
private
void
testAnonymousTlsSession
()
throws
Exception
{
assertTrue
(
"Failed assumption: the default value of ENABLE_ANONYMOUS_TLS"
+
" property should be true"
,
SysProperties
.
ENABLE_ANONYMOUS_TLS
);
boolean
ssl
=
true
;
Task
task
=
null
;
ServerSocket
serverSocket
=
null
;
Socket
socket
=
null
;
try
{
serverSocket
=
NetUtils
.
createServerSocket
(
PORT
,
ssl
);
serverSocket
.
setSoTimeout
(
WAIT_LONGER_MILLIS
);
task
=
createServerSocketTask
(
serverSocket
);
task
.
execute
(
TASK_PREFIX
+
"AnonEnabled"
);
Thread
.
sleep
(
WAIT_MILLIS
);
socket
=
NetUtils
.
createLoopbackSocket
(
PORT
,
ssl
);
assertTrue
(
"loopback anon socket should be connected"
,
socket
.
isConnected
());
SSLSession
session
=
((
SSLSocket
)
socket
).
getSession
();
assertTrue
(
"TLS session should be valid when anonymous TLS is enabled"
,
session
.
isValid
());
// in case of handshake failure:
// the cipher suite is the pre-handshake SSL_NULL_WITH_NULL_NULL
assertContains
(
session
.
getCipherSuite
(),
"_anon_"
);
}
finally
{
closeSilently
(
socket
);
closeSilently
(
serverSocket
);
if
(
task
!=
null
)
{
// SSL server socket should succeed using an anonymous cipher
// suite, and not throw javax.net.ssl.SSLHandshakeException
assertNull
(
task
.
getException
());
task
.
join
();
}
}
}
/**
* TLS connections (without trusted certificates) should fail if the server
* does not allow anonymous TLS.
* The global property ENABLE_ANONYMOUS_TLS cannot be modified for the test;
* instead, the server socket is altered.
* @throws Exception
*/
private
void
testTlsSessionWithServerSideAnonymousDisabled
()
throws
Exception
{
boolean
ssl
=
true
;
Task
task
=
null
;
ServerSocket
serverSocket
=
null
;
Socket
socket
=
null
;
try
{
serverSocket
=
NetUtils
.
createServerSocket
(
PORT
,
ssl
);
serverSocket
.
setSoTimeout
(
WAIT_LONGER_MILLIS
);
// emulate the situation ENABLE_ANONYMOUS_TLS=false on server side
String
[]
defaultCipherSuites
=
SSLContext
.
getDefault
().
getServerSocketFactory
()
.
getDefaultCipherSuites
();
((
SSLServerSocket
)
serverSocket
).
setEnabledCipherSuites
(
defaultCipherSuites
);
task
=
createServerSocketTask
(
serverSocket
);
task
.
execute
(
TASK_PREFIX
+
"AnonDisabled"
);
Thread
.
sleep
(
WAIT_MILLIS
);
socket
=
NetUtils
.
createLoopbackSocket
(
PORT
,
ssl
);
assertTrue
(
"loopback socket should be connected"
,
socket
.
isConnected
());
// Java 6 API does not have getHandshakeSession() which could
// reveal the actual cipher selected in the attempted handshake
SSLSession
session
=
((
SSLSocket
)
socket
).
getSession
();
assertFalse
(
"TLS session should be invalid when the server"
+
"disables anonymous TLS"
,
session
.
isValid
());
// the SSL handshake should fail, because non-anon ciphers require
// a trusted certificate
assertEquals
(
"SSL_NULL_WITH_NULL_NULL"
,
session
.
getCipherSuite
());
}
finally
{
closeSilently
(
socket
);
closeSilently
(
serverSocket
);
if
(
task
!=
null
)
{
assertTrue
(
task
.
getException
()
!=
null
);
assertEquals
(
javax
.
net
.
ssl
.
SSLHandshakeException
.
class
.
getName
(),
task
.
getException
().
getClass
().
getName
());
assertContains
(
task
.
getException
().
getMessage
(),
"certificate_unknown"
);
task
.
join
();
}
}
}
private
Task
createServerSocketTask
(
final
ServerSocket
serverSocket
)
{
Task
task
=
new
Task
()
{
@Override
public
void
call
()
throws
Exception
{
Socket
ss
=
null
;
try
{
ss
=
serverSocket
.
accept
();
ss
.
getOutputStream
().
write
(
123
);
}
finally
{
closeSilently
(
ss
);
}
}
};
return
task
;
}
private
void
closeSilently
(
Socket
socket
)
{
try
{
socket
.
close
();
}
catch
(
Exception
e
)
{
// ignore
}
}
private
void
closeSilently
(
ServerSocket
socket
)
{
try
{
socket
.
close
();
}
catch
(
Exception
e
)
{
// ignore
}
}
private
void
testFrequentConnections
(
boolean
ssl
,
int
count
)
throws
Exception
{
final
ServerSocket
serverSocket
=
NetUtils
.
createServerSocket
(
PORT
,
ssl
);
final
AtomicInteger
counter
=
new
AtomicInteger
(
count
);
...
...
@@ -96,7 +227,7 @@ public class TestNetUtils extends TestBase {
private
final
AtomicInteger
counter
;
private
Exception
exception
;
public
ConnectWorker
(
boolean
ssl
,
AtomicInteger
counter
)
{
ConnectWorker
(
boolean
ssl
,
AtomicInteger
counter
)
{
this
.
ssl
=
ssl
;
this
.
counter
=
counter
;
}
...
...
编写
预览
Markdown
格式
0%
重试
或
添加新文件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
请先完成此评论的编辑!
取消
请
注册
或者
登录
后发表评论