下面列出了javax.net.ssl.SSLEngineResult#sequenceNumber ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
protected void testOneCipher(String cipher) throws SSLException {
SSLContext context = getContext();
int maxPacketSize = getMaxPacketSize();
boolean useSNI = !TEST_MODE.equals("norm");
SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
clientEngine.setEnabledCipherSuites(new String[]{cipher});
serverEngine.setEnabledCipherSuites(new String[]{cipher});
serverEngine.setNeedClientAuth(!cipher.contains("anon"));
long initialEpoch = 0;
long secondEpoch = 0;
long thirdEpoch = 0;
SSLEngineResult r;
doHandshake(clientEngine, serverEngine, maxPacketSize,
HandshakeMode.INITIAL_HANDSHAKE);
sendApplicationData(clientEngine, serverEngine);
r = sendApplicationData(serverEngine, clientEngine);
if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
initialEpoch = r.sequenceNumber() >> 48;
}
doHandshake(clientEngine, serverEngine, maxPacketSize,
HandshakeMode.REHANDSHAKE_BEGIN_CLIENT);
sendApplicationData(clientEngine, serverEngine);
r = sendApplicationData(serverEngine, clientEngine);
AssertionError epochError = new AssertionError("Epoch number"
+ " did not grow after re-handshake! "
+ " Was " + initialEpoch + ", now " + secondEpoch + ".");
if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
secondEpoch = r.sequenceNumber() >> 48;
if (Long.compareUnsigned(secondEpoch, initialEpoch) <= 0) {
throw epochError;
}
}
doHandshake(clientEngine, serverEngine, maxPacketSize,
HandshakeMode.REHANDSHAKE_BEGIN_SERVER);
sendApplicationData(clientEngine, serverEngine);
r = sendApplicationData(serverEngine, clientEngine);
if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
thirdEpoch = r.sequenceNumber() >> 48;
if (Long.compareUnsigned(thirdEpoch, secondEpoch) <= 0) {
throw epochError;
}
}
closeEngines(clientEngine, serverEngine);
}
@Override
protected void testOneCipher(String cipher) throws SSLException {
SSLContext context = getContext();
int maxPacketSize = getMaxPacketSize();
SSLEngine clientEngine = context.createSSLEngine();
clientEngine.setUseClientMode(true);
SSLEngine serverEngine = context.createSSLEngine();
serverEngine.setUseClientMode(false);
clientEngine.setEnabledCipherSuites(new String[]{cipher});
serverEngine.setEnabledCipherSuites(
Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers);
String randomCipher;
serverEngine.setNeedClientAuth(true);
long initialEpoch = 0;
long secondEpoch = 0;
SSLEngineResult r;
doHandshake(clientEngine, serverEngine, maxPacketSize,
HandshakeMode.INITIAL_HANDSHAKE);
sendApplicationData(clientEngine, serverEngine);
r = sendApplicationData(serverEngine, clientEngine);
if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
initialEpoch = r.sequenceNumber() >> 48;
}
final Random RNG = RandomFactory.getRandom();
randomCipher = Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers[RNG
.nextInt(Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers.length)];
clientEngine.setEnabledCipherSuites(new String[]{randomCipher});
doHandshake(clientEngine, serverEngine, maxPacketSize,
HandshakeMode.REHANDSHAKE_BEGIN_CLIENT);
sendApplicationData(clientEngine, serverEngine);
r = sendApplicationData(serverEngine, clientEngine);
if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) {
secondEpoch = r.sequenceNumber() >> 48;
AssertionError epochError = new AssertionError("Epoch number"
+ " did not grow after re-handshake! "
+ " Was " + initialEpoch + ", now " + secondEpoch + ".");
if (Long.compareUnsigned(secondEpoch, initialEpoch) <= 0) {
throw epochError;
}
}
closeEngines(clientEngine, serverEngine);
}