From 04cb4a371ac5b63bce6daa593d9e416da2ea19c8 Mon Sep 17 00:00:00 2001 From: Patrick Kuo Date: Wed, 3 Oct 2018 14:07:55 +0100 Subject: [PATCH] CORDA-2016 - Add unit tests to ensure SNI header generation will not be changed by accident (#4018) * CORDA-2016 Add unit tests to ensure SNI header generation will not be changed by accident (#4014) * Add test for SNI header to prevent changing it accidentally. * added hardcoded values test to ensure hashing function and corda x500 name format can't be changed (cherry picked from commit 149b6034e1b1bf5c71abd2f4910c0e14c6276efe) * fix test after cherrypick --- .../internal/protonwrapper/netty/SSLHelper.kt | 2 +- .../protonwrapper/netty/SSLHelperTest.kt | 34 +++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt index df8b03744b..978952c5f7 100644 --- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt +++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt @@ -53,5 +53,5 @@ internal fun x500toHostName(x500Name: CordaX500Name): String { val secureHash = SecureHash.sha256(x500Name.toString()) // RFC 1035 specifies a limit 255 bytes for hostnames with each label being 63 bytes or less. Due to this, the string // representation of the SHA256 hash is truncated to 32 characters. - return String.format(HOSTNAME_FORMAT, secureHash.toString().substring(0..32).toLowerCase()) + return String.format(HOSTNAME_FORMAT, secureHash.toString().take(32).toLowerCase()) } \ No newline at end of file diff --git a/node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt b/node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt new file mode 100644 index 0000000000..2950e58d81 --- /dev/null +++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt @@ -0,0 +1,34 @@ +package net.corda.nodeapi.internal.protonwrapper.netty + +import net.corda.core.crypto.SecureHash +import net.corda.core.identity.CordaX500Name +import net.corda.core.utilities.NetworkHostAndPort +import net.corda.testing.internal.configureTestSSL +import org.junit.Test +import javax.net.ssl.KeyManagerFactory +import javax.net.ssl.SNIHostName +import javax.net.ssl.TrustManagerFactory +import kotlin.test.assertEquals + +class SSLHelperTest { + @Test + fun `ensure SNI header in correct format`() { + val legalName = CordaX500Name("Test", "London", "GB") + val sslConfig = configureTestSSL(legalName) + + val keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) + val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) + + keyManagerFactory.init(sslConfig.loadSslKeyStore().internal, sslConfig.keyStorePassword.toCharArray()) + trustManagerFactory.init(sslConfig.loadTrustStore().internal) + + val sslHandler = createClientSslHelper(NetworkHostAndPort("localhost", 1234), setOf(legalName), keyManagerFactory, trustManagerFactory) + val legalNameHash = SecureHash.sha256(legalName.toString()).toString().take(32).toLowerCase() + + // These hardcoded values must not be changed, something is broken if you have to change these hardcoded values. + assertEquals("O=Test, L=London, C=GB", legalName.toString()) + assertEquals("f3df3c01a5f5aa5b9d394680cde3a414", legalNameHash) + assertEquals(1, sslHandler.engine().sslParameters.serverNames.size) + assertEquals("$legalNameHash.corda.net", (sslHandler.engine().sslParameters.serverNames.first() as SNIHostName).asciiName) + } +} \ No newline at end of file