private CorrelationContext getSecureCorrelationContext() { return new DtlsCorrelationContext("12345", "2", "PSK"); }
public String getCipher() { return get(KEY_CIPHER); } }
/** * Creates a new correlation context from DTLS session parameters. * * @param sessionId the session's ID. * @param epoch the session's current read/write epoch. * @param cipher the cipher suite of the session's current read/write state. * @throws NullPointerException if any of the params is <code>null</code>. */ public DtlsCorrelationContext(String sessionId, String epoch, String cipher) { if (sessionId == null) { throw new NullPointerException("Session ID must not be null"); } else if (epoch == null) { throw new NullPointerException("Epoch must not be null"); } else if (cipher == null) { throw new NullPointerException("Cipher must not be null"); } else { put(KEY_SESSION_ID, sessionId); put(KEY_EPOCH, epoch); put(KEY_CIPHER, cipher); } }
private RawData createApplicationMessage(ApplicationMessage message, DTLSSession session) { DtlsCorrelationContext context = new DtlsCorrelationContext(session.getSessionIdentifier().toString(), String.valueOf(session.getReadEpoch()), session.getReadStateCipher()); return RawData.inbound(message.getData(), message.getPeer(), session.getPeerIdentity(), context, false); }
public String getEpoch() { return get(KEY_EPOCH); }
@Test public void testReceiveResponseRejectsResponseFromDifferentEpochUsingStrictMatching() { // GIVEN a request sent via a DTLS transport using a matcher set to strict matching UdpMatcher matcher = newMatcher(true); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID, session ID and cipher but from a different epoch Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(SESSION_ID, OTHER_EPOCH, CIPHER)); // THEN assert that the response is not matched assertThat(matchedExchange, is(nullValue())); }
public String getSessionId() { return get(KEY_SESSION_ID); }
@Test public void testReceiveResponseRejectsResponseFromDifferentSessionUsingStrictMatching() { // GIVEN a request sent via a DTLS transport using a matcher set to strict matching UdpMatcher matcher = newMatcher(true); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID, epoch and cipher but a different session ID Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(OTHER_SESSION_ID, EPOCH, CIPHER)); // THEN assert that the response is not matched assertThat(matchedExchange, is(nullValue())); }
@Test public void testReceiveResponseRejectsResponseFromDifferentSessionUsingLaxMatching() { // GIVEN a request sent via a DTLS transport using a matcher set to lax matching UdpMatcher matcher = newMatcher(false); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID but a different DTLS session Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(OTHER_SESSION_ID, EPOCH, CIPHER)); // THEN assert that the response is not matched assertThat(matchedExchange, is(nullValue())); }
@Test public void testReceiveResponseRejectsResponseUsingDifferentCipherUsingLaxMatching() { // GIVEN a request sent via a DTLS transport using a matcher set to lax matching UdpMatcher matcher = newMatcher(false); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID within the same DTLS session but using another cipher Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(SESSION_ID, EPOCH, OTHER_CIPHER)); // THEN assert that the response is not matched assertThat(matchedExchange, is(nullValue())); }
@Test public void testReceiveResponseRejectsResponseUsingDifferentCipherUsingStrictMatching() { // GIVEN a request sent via a DTLS transport using a matcher set to strict matching UdpMatcher matcher = newMatcher(true); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID, session ID and epoch but using a different cipher Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(SESSION_ID, EPOCH, OTHER_CIPHER)); // THEN assert that the response is not matched assertThat(matchedExchange, is(nullValue())); }
@Test public void testSecureSchemeIsSetOnIncomingRequest() throws Exception { latch = new CountDownLatch(1); CorrelationContext secureCtx = new DtlsCorrelationContext("session", "1", "CIPHER"); RawData inboundRequest = RawData.inbound(getSerializedRequest(), SOURCE_ADDRESS, null, secureCtx, false); connector.receiveMessage(inboundRequest); assertTrue(latch.await(2, TimeUnit.SECONDS)); assertThat(receivedRequests.get(0).getScheme(), is(CoAP.COAP_SECURE_URI_SCHEME)); }
@Test public void testReceiveResponseAcceptsResponseFromSameSessionEpochAndCipherUsingStrictMatching() { // GIVEN a request sent via a DTLS transport UdpMatcher matcher = newMatcher(true); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID, session ID, epoch and cipher Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // THEN assert that the response is matched successfully assertThat(matchedExchange, is(exchange)); }
@Test public void testReceiveResponseAcceptsResponseFromDifferentEpochUsingLaxMatching() { // GIVEN a request sent via a DTLS transport using a matcher set to lax matching UdpMatcher matcher = newMatcher(false); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID within the same DTLS session, using // the same cipher but from a different epoch Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(SESSION_ID, OTHER_EPOCH, CIPHER)); // THEN assert that the response is matched successfully assertThat(matchedExchange, is(exchange)); }
private void sendMessage(final RawData message, final DTLSSession session) { try { Record record = new Record( ContentType.APPLICATION_DATA, session.getWriteEpoch(), session.getSequenceNumber(), new ApplicationMessage(message.getBytes(), message.getInetSocketAddress()), session); if (message.getMessageCallback() != null) { CorrelationContext ctx = new DtlsCorrelationContext( session.getSessionIdentifier().toString(), String.valueOf(session.getWriteEpoch()), session.getWriteStateCipher()); message.getMessageCallback().onContextEstablished(ctx); } sendRecord(record); } catch (GeneralSecurityException e) { LOGGER.log(Level.FINE, String.format("Cannot send APPLICATION record to peer [%s]", message.getInetSocketAddress()), e); } }