Java Code Examples for javax.net.ssl.SSLEngineResult#sequenceNumber()

The following examples show how to use javax.net.ssl.SSLEngineResult#sequenceNumber() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RehandshakeWithDataExTest.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up 
@Override
protected void testOneCipher(String cipher) throws SSLException {
    SSLContext context = getContext();
    int maxPacketSize = getMaxPacketSize();
    boolean useSNI = !TEST_MODE.equals("norm");
    SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
    SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
    clientEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setNeedClientAuth(!cipher.contains("anon"));
    long initialEpoch = 0;
    long secondEpoch = 0;
    long thirdEpoch = 0;
    SSLEngineResult r;
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.INITIAL_HANDSHAKE);
    sendApplicationData(clientEngine, serverEngine);
    r = sendApplicationData(serverEngine, clientEngine);
    if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
        initialEpoch = r.sequenceNumber() >> 48;
    }
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.REHANDSHAKE_BEGIN_CLIENT);
    sendApplicationData(clientEngine, serverEngine);
    r = sendApplicationData(serverEngine, clientEngine);
    AssertionError epochError = new AssertionError("Epoch number"
            + " did not grow after re-handshake! "
            + " Was " + initialEpoch + ", now " + secondEpoch + ".");
    if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
        secondEpoch = r.sequenceNumber() >> 48;
        if (Long.compareUnsigned(secondEpoch, initialEpoch) <= 0) {
            throw epochError;
        }
    }
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.REHANDSHAKE_BEGIN_SERVER);
    sendApplicationData(clientEngine, serverEngine);
    r = sendApplicationData(serverEngine, clientEngine);
    if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
    thirdEpoch = r.sequenceNumber() >> 48;
        if (Long.compareUnsigned(thirdEpoch, secondEpoch) <= 0) {
            throw epochError;
        }
    }
    closeEngines(clientEngine, serverEngine);
}
Example 2
Source File: RehandshakeWithCipherChangeTest.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up 
@Override
protected void testOneCipher(String cipher) throws SSLException {
    SSLContext context = getContext();
    int maxPacketSize = getMaxPacketSize();
    SSLEngine clientEngine = context.createSSLEngine();
    clientEngine.setUseClientMode(true);
    SSLEngine serverEngine = context.createSSLEngine();
    serverEngine.setUseClientMode(false);
    clientEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setEnabledCipherSuites(
            Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers);
    String randomCipher;
    serverEngine.setNeedClientAuth(true);
    long initialEpoch = 0;
    long secondEpoch = 0;
    SSLEngineResult r;
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.INITIAL_HANDSHAKE);
    sendApplicationData(clientEngine, serverEngine);
    r = sendApplicationData(serverEngine, clientEngine);
    if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
        initialEpoch = r.sequenceNumber() >> 48;
    }
    final Random RNG = RandomFactory.getRandom();
    randomCipher = Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers[RNG
            .nextInt(Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers.length)];
    clientEngine.setEnabledCipherSuites(new String[]{randomCipher});
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.REHANDSHAKE_BEGIN_CLIENT);
    sendApplicationData(clientEngine, serverEngine);
    r = sendApplicationData(serverEngine, clientEngine);
    if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
        secondEpoch = r.sequenceNumber() >> 48;
        AssertionError epochError = new AssertionError("Epoch number"
                + " did not grow after re-handshake! "
                + " Was " + initialEpoch + ", now " + secondEpoch + ".");
        if (Long.compareUnsigned(secondEpoch, initialEpoch) <= 0) {
            throw epochError;
        }
    }
    closeEngines(clientEngine, serverEngine);
}