1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
package org.bouncycastle.crypto.tls.test;
import junit.framework.Test;
import junit.framework.TestSuite;
import org.bouncycastle.crypto.tls.AlertDescription;
import org.bouncycastle.crypto.tls.ProtocolVersion;
public class DTLSTestSuite extends TestSuite
{
// Make the access to constants less verbose
static abstract class C extends TlsTestConfig {}
public static Test suite()
{
DTLSTestSuite testSuite = new DTLSTestSuite();
addFallbackTests(testSuite);
addVersionTests(testSuite, ProtocolVersion.DTLSv10);
addVersionTests(testSuite, ProtocolVersion.DTLSv12);
return testSuite;
}
private static void addFallbackTests(TestSuite testSuite)
{
{
TlsTestConfig c = createDTLSTestConfig(ProtocolVersion.DTLSv12);
c.clientFallback = true;
testSuite.addTest(new DTLSTestCase(c, "FallbackGood"));
}
/*
* NOTE: Temporarily disabled automatic test runs because of problems getting a clean exit
* of the DTLS server after a fatal alert. As of writing, manual runs show the correct
* alerts being raised
*/
// {
// TlsTestConfig c = createDTLSTestConfig(ProtocolVersion.DTLSv12);
// c.clientOfferVersion = ProtocolVersion.DTLSv10;
// c.clientFallback = true;
// c.expectServerFatalAlert(AlertDescription.inappropriate_fallback);
//
// testSuite.addTest(new DTLSTestCase(c, "FallbackBad"));
// }
{
TlsTestConfig c = createDTLSTestConfig(ProtocolVersion.DTLSv12);
c.clientOfferVersion = ProtocolVersion.DTLSv10;
testSuite.addTest(new DTLSTestCase(c, "FallbackNone"));
}
}
private static void addVersionTests(TestSuite testSuite, ProtocolVersion version)
{
String prefix = version.toString().replaceAll("[ \\.]", "") + "_";
/*
* NOTE: Temporarily disabled automatic test runs because of problems getting a clean exit
* of the DTLS server after a fatal alert. As of writing, manual runs show the correct
* alerts being raised
*/
// {
// TlsTestConfig c = createDTLSTestConfig(version);
// c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
// c.expectServerFatalAlert(AlertDescription.decrypt_error);
//
// testSuite.addTest(new DTLSTestCase(c, prefix + "BadCertificateVerify"));
// }
//
// {
// TlsTestConfig c = createDTLSTestConfig(version);
// c.clientAuth = C.CLIENT_AUTH_INVALID_CERT;
// c.expectServerFatalAlert(AlertDescription.bad_certificate);
//
// testSuite.addTest(new DTLSTestCase(c, prefix + "BadClientCertificate"));
// }
//
// {
// TlsTestConfig c = createDTLSTestConfig(version);
// c.clientAuth = C.CLIENT_AUTH_NONE;
// c.serverCertReq = C.SERVER_CERT_REQ_MANDATORY;
// c.expectServerFatalAlert(AlertDescription.handshake_failure);
//
// testSuite.addTest(new DTLSTestCase(c, prefix + "BadMandatoryCertReqDeclined"));
// }
{
TlsTestConfig c = createDTLSTestConfig(version);
testSuite.addTest(new DTLSTestCase(c, prefix + "GoodDefault"));
}
{
TlsTestConfig c = createDTLSTestConfig(version);
c.serverCertReq = C.SERVER_CERT_REQ_NONE;
testSuite.addTest(new DTLSTestCase(c, prefix + "GoodNoCertReq"));
}
{
TlsTestConfig c = createDTLSTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_NONE;
testSuite.addTest(new DTLSTestCase(c, prefix + "GoodOptionalCertReqDeclined"));
}
}
private static TlsTestConfig createDTLSTestConfig(ProtocolVersion version)
{
TlsTestConfig c = new TlsTestConfig();
c.clientMinimumVersion = ProtocolVersion.DTLSv10;
/*
* TODO We'd like to just set the offer version to DTLSv12, but there is a known issue with
* overly-restrictive version checks b/w BC DTLS 1.2 client, BC DTLS 1.0 server
*/
c.clientOfferVersion = version;
c.serverMaximumVersion = version;
c.serverMinimumVersion = ProtocolVersion.DTLSv10;
return c;
}
}
|