CORDA-2016 - Add unit tests to ensure SNI header generation will not be changed by accident (#4018)

* CORDA-2016 Add unit tests to ensure SNI header generation will not be changed by accident (#4014) * Add test for SNI header to prevent changing it accidentally. * added hardcoded values test to ensure hashing function and corda x500 name format can't be changed (cherry picked from commit 149b6034e1b1bf5c71abd2f4910c0e14c6276efe) * fix test after cherrypick
2025-03-23 12:35:23 +00:00 · 2018-10-03 14:07:55 +01:00 · 2018-10-03 14:07:55 +01:00 · 04cb4a371a
commit 04cb4a371a
parent 861a76e380
2 changed files with 35 additions and 1 deletions
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt
@ -53,5 +53,5 @@ internal fun x500toHostName(x500Name: CordaX500Name): String {
    val secureHash = SecureHash.sha256(x500Name.toString())
    // RFC 1035 specifies a limit 255 bytes for hostnames with each label being 63 bytes or less. Due to this, the string
    // representation of the SHA256 hash is truncated to 32 characters.
-    return String.format(HOSTNAME_FORMAT, secureHash.toString().substring(0..32).toLowerCase())
+    return String.format(HOSTNAME_FORMAT, secureHash.toString().take(32).toLowerCase())
 }
--- a/node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt
+++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt
@ -0,0 +1,34 @@
+package net.corda.nodeapi.internal.protonwrapper.netty
+
+import net.corda.core.crypto.SecureHash
+import net.corda.core.identity.CordaX500Name
+import net.corda.core.utilities.NetworkHostAndPort
+import net.corda.testing.internal.configureTestSSL
+import org.junit.Test
+import javax.net.ssl.KeyManagerFactory
+import javax.net.ssl.SNIHostName
+import javax.net.ssl.TrustManagerFactory
+import kotlin.test.assertEquals
+
+class SSLHelperTest {
+    @Test
+    fun `ensure SNI header in correct format`() {
+        val legalName = CordaX500Name("Test", "London", "GB")
+        val sslConfig = configureTestSSL(legalName)
+
+        val keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
+        val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
+
+        keyManagerFactory.init(sslConfig.loadSslKeyStore().internal, sslConfig.keyStorePassword.toCharArray())
+        trustManagerFactory.init(sslConfig.loadTrustStore().internal)
+
+        val sslHandler = createClientSslHelper(NetworkHostAndPort("localhost", 1234), setOf(legalName), keyManagerFactory, trustManagerFactory)
+        val legalNameHash = SecureHash.sha256(legalName.toString()).toString().take(32).toLowerCase()
+
+        // These hardcoded values must not be changed, something is broken if you have to change these hardcoded values.
+        assertEquals("O=Test, L=London, C=GB", legalName.toString())
+        assertEquals("f3df3c01a5f5aa5b9d394680cde3a414", legalNameHash)
+        assertEquals(1, sslHandler.engine().sslParameters.serverNames.size)
+        assertEquals("$legalNameHash.corda.net", (sslHandler.engine().sslParameters.serverNames.first() as SNIHostName).asciiName)
+    }
+}