From 9bf5a1cd42bc189c35d59cf504da896d218aef0c Mon Sep 17 00:00:00 2001 From: Aleksandr Kolosov Date: Wed, 21 Aug 2024 16:02:24 +0300 Subject: [PATCH] Remove hacky ways of setrting context --- .../opencoap/ssl/netty/DtlsChannelHandler.kt | 12 ------- .../ssl/netty/SessionAuthenticationContext.kt | 22 ------------- .../org/opencoap/ssl/netty/NettyTest.kt | 27 ---------------- .../org/opencoap/ssl/transport/DtlsServer.kt | 24 ++++++-------- .../ssl/transport/DtlsServerTransport.kt | 7 ---- .../ssl/transport/DtlsServerTransportTest.kt | 32 ++----------------- 6 files changed, 12 insertions(+), 112 deletions(-) delete mode 100644 kotlin-mbedtls-netty/src/main/kotlin/org/opencoap/ssl/netty/SessionAuthenticationContext.kt diff --git a/kotlin-mbedtls-netty/src/main/kotlin/org/opencoap/ssl/netty/DtlsChannelHandler.kt b/kotlin-mbedtls-netty/src/main/kotlin/org/opencoap/ssl/netty/DtlsChannelHandler.kt index ca8b521..8afb963 100644 --- a/kotlin-mbedtls-netty/src/main/kotlin/org/opencoap/ssl/netty/DtlsChannelHandler.kt +++ b/kotlin-mbedtls-netty/src/main/kotlin/org/opencoap/ssl/netty/DtlsChannelHandler.kt @@ -21,7 +21,6 @@ import io.netty.channel.ChannelHandlerContext import io.netty.channel.ChannelPromise import io.netty.channel.socket.DatagramPacket import org.opencoap.ssl.SslConfig -import org.opencoap.ssl.SslException import org.opencoap.ssl.transport.ByteBufferPacket import org.opencoap.ssl.transport.DtlsServer import org.opencoap.ssl.transport.DtlsSessionLifecycleCallbacks @@ -32,7 +31,6 @@ import java.time.Duration import java.util.concurrent.CompletableFuture import java.util.concurrent.CompletableFuture.completedFuture -@Suppress("DEPRECATION") class DtlsChannelHandler @JvmOverloads constructor( private val sslConfig: SslConfig, private val expireAfter: Duration = Duration.ofSeconds(60), @@ -96,16 +94,6 @@ class DtlsChannelHandler @JvmOverloads constructor( dtlsServer.handleOutboundDtlsSessionContext(msg.recipient(), msg.sessionContext, promise.toCompletableFuture()) } is DatagramPacket -> write(msg, promise, ctx) - is SessionAuthenticationContext -> { - msg.map.forEach { (key, value) -> - if (!dtlsServer.putSessionAuthenticationContext(msg.adr, key, value)) { - promise.setFailure(SslException("Session does not exists")) - } - } - if (!promise.isDone) { - promise.setSuccess() - } - } else -> ctx.write(msg, promise) } diff --git a/kotlin-mbedtls-netty/src/main/kotlin/org/opencoap/ssl/netty/SessionAuthenticationContext.kt b/kotlin-mbedtls-netty/src/main/kotlin/org/opencoap/ssl/netty/SessionAuthenticationContext.kt deleted file mode 100644 index 4d9bd67..0000000 --- a/kotlin-mbedtls-netty/src/main/kotlin/org/opencoap/ssl/netty/SessionAuthenticationContext.kt +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright (c) 2022-2023 kotlin-mbedtls contributors (https://github.com/open-coap/kotlin-mbedtls) - * SPDX-License-Identifier: Apache-2.0 - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.opencoap.ssl.netty - -import java.net.InetSocketAddress - -@Deprecated("Pass authentication context in the DtlSContext of the outbound datagram instead") -data class SessionAuthenticationContext(val adr: InetSocketAddress, val map: Map) diff --git a/kotlin-mbedtls-netty/src/test/kotlin/org/opencoap/ssl/netty/NettyTest.kt b/kotlin-mbedtls-netty/src/test/kotlin/org/opencoap/ssl/netty/NettyTest.kt index 5ca594a..765a42e 100644 --- a/kotlin-mbedtls-netty/src/test/kotlin/org/opencoap/ssl/netty/NettyTest.kt +++ b/kotlin-mbedtls-netty/src/test/kotlin/org/opencoap/ssl/netty/NettyTest.kt @@ -36,7 +36,6 @@ import org.opencoap.ssl.EmptyCidSupplier import org.opencoap.ssl.PskAuth import org.opencoap.ssl.RandomCidSupplier import org.opencoap.ssl.SslConfig -import org.opencoap.ssl.SslException import org.opencoap.ssl.netty.NettyHelpers.createBootstrap import org.opencoap.ssl.transport.DtlsServer import org.opencoap.ssl.transport.HashMapSessionStore @@ -55,7 +54,6 @@ import java.time.Instant import java.util.concurrent.ExecutionException import kotlin.random.Random -@Suppress("DEPRECATION") @TestInstance(TestInstance.Lifecycle.PER_CLASS) class NettyTest { @@ -173,24 +171,6 @@ class NettyTest { clients.forEach(Transport::close) } - @Test - fun `should forward authentication context`() { - // connect and handshake - val client = NettyTransportAdapter.connect(clientConf, srvAddress).mapToString() - - assertTrue(client.send("hi").await()) - assertEquals("ECHO:hi", client.receive(5.seconds).await()) - - // when - srvChannel.writeAndFlush(SessionAuthenticationContext(client.localAddress(), mapOf("AUTH" to "007:"))).get() - - // then - assertTrue(client.send("hi").await()) - assertEquals("ECHO:007:hi", client.receive(5.seconds).await()) - - client.close() - } - @Test fun `should forward authentication context passed inside outbound datagram`() { // connect and handshake @@ -210,13 +190,6 @@ class NettyTest { client.close() } - @Test - fun `should fail to forward authentication context for non existing client`() { - assertThatThrownBy { - srvChannel.writeAndFlush(SessionAuthenticationContext(localAddress(1), mapOf("AUTH" to "007:"))).get() - }.hasRootCause(SslException("Session does not exists")) - } - @Test fun `server should load session from store`() { sessionStore.write(StoredSessionPair.cid, SessionWithContext(StoredSessionPair.srvSession, mapOf(), Instant.ofEpochSecond(123456789))) diff --git a/kotlin-mbedtls/src/main/kotlin/org/opencoap/ssl/transport/DtlsServer.kt b/kotlin-mbedtls/src/main/kotlin/org/opencoap/ssl/transport/DtlsServer.kt index 224699b..c8f2802 100644 --- a/kotlin-mbedtls/src/main/kotlin/org/opencoap/ssl/transport/DtlsServer.kt +++ b/kotlin-mbedtls/src/main/kotlin/org/opencoap/ssl/transport/DtlsServer.kt @@ -94,10 +94,6 @@ class DtlsServer( return (sessions[peerAddress] as? DtlsSession)?.encrypt(plainPacket) } - @Deprecated("Pass authentication context in the DtlSContext of the outbound datagram instead") - fun putSessionAuthenticationContext(adr: InetSocketAddress, key: String, value: String?): Boolean = - updateSessionAuthenticationContext(adr, mapOf(key to value)) - private fun updateSessionAuthenticationContext(adr: InetSocketAddress, authCtxUpdate: Map): Boolean { if (authCtxUpdate.isEmpty()) return true @@ -126,13 +122,22 @@ class DtlsServer( } } - fun closeSession(addr: InetSocketAddress) { + private fun closeSession(addr: InetSocketAddress) { sessions.remove(addr)?.apply { storeAndClose() logger.info("[{}] [CID:{}] DTLS session was stored", peerAddress, (this as? DtlsSession)?.sessionContext?.cid?.toHex() ?: "na") } } + fun handleOutboundDtlsSessionContext(adr: InetSocketAddress, ctx: DtlsSessionContext, writeFuture: CompletableFuture) { + if (ctx.sessionSuspensionHint) { + writeFuture.thenAccept { + closeSession(adr) + } + } + updateSessionAuthenticationContext(adr, ctx.authenticationContext) + } + fun loadSession(sessBuf: SessionWithContext?, adr: InetSocketAddress, cid: ByteArray): Boolean { return try { if (sessBuf == null) { @@ -404,15 +409,6 @@ class DtlsServer( return false } - - fun handleOutboundDtlsSessionContext(adr: InetSocketAddress, ctx: DtlsSessionContext, writeFuture: CompletableFuture) { - if (ctx.sessionSuspensionHint) { - writeFuture.thenAccept { - closeSession(adr) - } - } - updateSessionAuthenticationContext(adr, ctx.authenticationContext) - } } fun ByteBuffer.seek(offset: Int): ByteBuffer = this.position(this.position() + offset) as ByteBuffer diff --git a/kotlin-mbedtls/src/main/kotlin/org/opencoap/ssl/transport/DtlsServerTransport.kt b/kotlin-mbedtls/src/main/kotlin/org/opencoap/ssl/transport/DtlsServerTransport.kt index 7a14ba2..78eb06d 100644 --- a/kotlin-mbedtls/src/main/kotlin/org/opencoap/ssl/transport/DtlsServerTransport.kt +++ b/kotlin-mbedtls/src/main/kotlin/org/opencoap/ssl/transport/DtlsServerTransport.kt @@ -29,7 +29,6 @@ import java.util.function.Function /* Single threaded dtls server on top of DatagramChannel. */ -@Suppress("DEPRECATION") class DtlsServerTransport private constructor( private val transport: Transport, private val dtlsServer: DtlsServer, @@ -115,10 +114,4 @@ class DtlsServerTransport private constructor( }.get(30, TimeUnit.SECONDS) executor.shutdown() } - - @Deprecated("Pass authentication context in the DtlSContext of the outbound datagram instead") - fun putSessionAuthenticationContext(adr: InetSocketAddress, key: String, value: String?): CompletableFuture = - executor.supply { - dtlsServer.putSessionAuthenticationContext(adr, key, value) - } } diff --git a/kotlin-mbedtls/src/test/kotlin/org/opencoap/ssl/transport/DtlsServerTransportTest.kt b/kotlin-mbedtls/src/test/kotlin/org/opencoap/ssl/transport/DtlsServerTransportTest.kt index c59c102..8470f42 100644 --- a/kotlin-mbedtls/src/test/kotlin/org/opencoap/ssl/transport/DtlsServerTransportTest.kt +++ b/kotlin-mbedtls/src/test/kotlin/org/opencoap/ssl/transport/DtlsServerTransportTest.kt @@ -51,7 +51,6 @@ import java.util.concurrent.TimeUnit import java.util.function.Consumer import kotlin.random.Random -@Suppress("DEPRECATION") class DtlsServerTransportTest { private val psk = PskAuth("dupa", byteArrayOf(1)) @@ -71,14 +70,11 @@ class DtlsServerTransportTest { if (msg == "error") { throw Exception("error") } else if (msg.startsWith("Authenticate:")) { - server.putSessionAuthenticationContext(packet.peerAddress, "auth", msg.substring(12)) - server.send(Packet("OK".toByteBuffer(), packet.peerAddress)) - } else if (msg.startsWith("AuthenticateWithContext:")) { server.send( Packet( "OK".toByteBuffer(), packet.peerAddress, - DtlsSessionContext(authenticationContext = mapOf("auth" to msg.substring(23))) + DtlsSessionContext(authenticationContext = mapOf("auth" to msg.substring(12))) ) ) } else { @@ -464,36 +460,12 @@ class DtlsServerTransportTest { client.close() } - @Test - fun `should set and use session context`() { - // given - server = DtlsServerTransport.create(conf, sessionStore = sessionStore) - val serverReceived = server.receive(1.seconds) - // and, client connected - val client = DtlsTransmitter.connect(server, clientConfig).await() - client.send("hello!") - assertEquals("hello!", serverReceived.await().buffer.decodeToString()) - - // when, session context is set - assertTrue(server.putSessionAuthenticationContext(serverReceived.await().peerAddress, "auth", "id:dev-007").await()) - - // and, client sends messages - client.send("msg1") - client.send("msg2") - - // then - assertEquals(mapOf("auth" to "id:dev-007"), server.receive(1.seconds).await().sessionContext.authenticationContext) - assertEquals(mapOf("auth" to "id:dev-007"), server.receive(1.seconds).await().sessionContext.authenticationContext) - - client.close() - } - @Test fun `should set and use session context passed inside outbound datagram`() { server = DtlsServerTransport.create(conf, expireAfter = 100.millis, sessionStore = sessionStore, lifecycleCallbacks = sslLifecycleCallbacks).listen(echoHandler) // client connected val client = DtlsTransmitter.connect(server, clientConfig).await() - client.send("AuthenticateWithContext:dev-007") + client.send("Authenticate:dev-007") assertEquals("OK", client.receiveString()) client.send("hi") assertEquals("hi:resp:dev-007", client.receiveString())