private CorrelationContext getSecureCorrelationContext() { return new DtlsCorrelationContext("12345", "2", "PSK"); }
private RawData createApplicationMessage(ApplicationMessage message, DTLSSession session) { DtlsCorrelationContext context = new DtlsCorrelationContext(session.getSessionIdentifier().toString(), String.valueOf(session.getReadEpoch()), session.getReadStateCipher()); return RawData.inbound(message.getData(), message.getPeer(), session.getPeerIdentity(), context, false); }
@Test public void testReceiveResponseRejectsResponseFromDifferentSessionUsingStrictMatching() { // GIVEN a request sent via a DTLS transport using a matcher set to strict matching UdpMatcher matcher = newMatcher(true); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID, epoch and cipher but a different session ID Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(OTHER_SESSION_ID, EPOCH, CIPHER)); // THEN assert that the response is not matched assertThat(matchedExchange, is(nullValue())); }
@Test public void testReceiveResponseRejectsResponseFromDifferentEpochUsingStrictMatching() { // GIVEN a request sent via a DTLS transport using a matcher set to strict matching UdpMatcher matcher = newMatcher(true); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID, session ID and cipher but from a different epoch Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(SESSION_ID, OTHER_EPOCH, CIPHER)); // THEN assert that the response is not matched assertThat(matchedExchange, is(nullValue())); }
@Test public void testReceiveResponseRejectsResponseUsingDifferentCipherUsingLaxMatching() { // GIVEN a request sent via a DTLS transport using a matcher set to lax matching UdpMatcher matcher = newMatcher(false); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID within the same DTLS session but using another cipher Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(SESSION_ID, EPOCH, OTHER_CIPHER)); // THEN assert that the response is not matched assertThat(matchedExchange, is(nullValue())); }
@Test public void testReceiveResponseRejectsResponseUsingDifferentCipherUsingStrictMatching() { // GIVEN a request sent via a DTLS transport using a matcher set to strict matching UdpMatcher matcher = newMatcher(true); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID, session ID and epoch but using a different cipher Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(SESSION_ID, EPOCH, OTHER_CIPHER)); // THEN assert that the response is not matched assertThat(matchedExchange, is(nullValue())); }
@Test public void testReceiveResponseRejectsResponseFromDifferentSessionUsingLaxMatching() { // GIVEN a request sent via a DTLS transport using a matcher set to lax matching UdpMatcher matcher = newMatcher(false); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID but a different DTLS session Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(OTHER_SESSION_ID, EPOCH, CIPHER)); // THEN assert that the response is not matched assertThat(matchedExchange, is(nullValue())); }
@Test public void testSecureSchemeIsSetOnIncomingRequest() throws Exception { latch = new CountDownLatch(1); CorrelationContext secureCtx = new DtlsCorrelationContext("session", "1", "CIPHER"); RawData inboundRequest = RawData.inbound(getSerializedRequest(), SOURCE_ADDRESS, null, secureCtx, false); connector.receiveMessage(inboundRequest); assertTrue(latch.await(2, TimeUnit.SECONDS)); assertThat(receivedRequests.get(0).getScheme(), is(CoAP.COAP_SECURE_URI_SCHEME)); }
@Test public void testReceiveResponseAcceptsResponseFromSameSessionEpochAndCipherUsingStrictMatching() { // GIVEN a request sent via a DTLS transport UdpMatcher matcher = newMatcher(true); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID, session ID, epoch and cipher Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // THEN assert that the response is matched successfully assertThat(matchedExchange, is(exchange)); }
@Test public void testReceiveResponseAcceptsResponseFromDifferentEpochUsingLaxMatching() { // GIVEN a request sent via a DTLS transport using a matcher set to lax matching UdpMatcher matcher = newMatcher(false); Exchange exchange = sendRequest(matcher, new DtlsCorrelationContext(SESSION_ID, EPOCH, CIPHER)); // WHEN a response arrives with the same message ID within the same DTLS session, using // the same cipher but from a different epoch Exchange matchedExchange = matcher.receiveResponse( responseFor(exchange.getCurrentRequest()), new DtlsCorrelationContext(SESSION_ID, OTHER_EPOCH, CIPHER)); // THEN assert that the response is matched successfully assertThat(matchedExchange, is(exchange)); }
private void sendMessage(final RawData message, final DTLSSession session) { try { Record record = new Record( ContentType.APPLICATION_DATA, session.getWriteEpoch(), session.getSequenceNumber(), new ApplicationMessage(message.getBytes(), message.getInetSocketAddress()), session); if (message.getMessageCallback() != null) { CorrelationContext ctx = new DtlsCorrelationContext( session.getSessionIdentifier().toString(), String.valueOf(session.getWriteEpoch()), session.getWriteStateCipher()); message.getMessageCallback().onContextEstablished(ctx); } sendRecord(record); } catch (GeneralSecurityException e) { LOGGER.log(Level.FINE, String.format("Cannot send APPLICATION record to peer [%s]", message.getInetSocketAddress()), e); } }