1 package org.bouncycastle.asn1.test; 2 3 import java.io.IOException; 4 5 import org.bouncycastle.asn1.ASN1InputStream; 6 import org.bouncycastle.asn1.ASN1Primitive; 7 import org.bouncycastle.asn1.ASN1Sequence; 8 import org.bouncycastle.util.encoders.Base64; 9 import org.bouncycastle.util.test.SimpleTest; 10 11 public class InputStreamTest 12 extends SimpleTest 13 { 14 private static final byte[] outOfBoundsLength = new byte[]{(byte)0x30, (byte)0xff, (byte)0xff, (byte)0xff, (byte)0xff, (byte)0xff}; 15 private static final byte[] negativeLength = new byte[]{(byte)0x30, (byte)0x84, (byte)0xff, (byte)0xff, (byte)0xff, (byte)0xff}; 16 private static final byte[] outsideLimitLength = new byte[]{(byte)0x30, (byte)0x83, (byte)0x0f, (byte)0xff, (byte)0xff}; 17 18 private static final byte[] classCast1 = Base64.decode("p1AkHmYAvfOEIrL4ESfrNg=="); 19 private static final byte[] classCast2 = Base64.decode("JICNbaBUTTq7uxj5mg=="); 20 private static final byte[] classCast3 = Base64.decode("JAKzADNCxhrrBSVS"); 21 private static final byte[] memoryError1 = Base64.decode("vm66gOiEe+FV/NvujMwSkUp5Lffw5caQlaRU5sdMPC70IGWmyK2/"); 22 private static final byte[] memoryError2 = Base64.decode("vm4ogOSEfVGsS3w+KTzb2A0ALYR8VBOQqQeuRwnsPC4AAGWEDLjd"); 23 getName()24 public String getName() 25 { 26 return "InputStream"; 27 } 28 performTest()29 public void performTest() 30 throws Exception 31 { 32 ASN1InputStream aIn = new ASN1InputStream(outOfBoundsLength); 33 34 try 35 { 36 aIn.readObject(); 37 fail("out of bounds length not detected."); 38 } 39 catch (IOException e) 40 { 41 if (!e.getMessage().startsWith("DER length more than 4 bytes")) 42 { 43 fail("wrong exception: " + e.getMessage()); 44 } 45 } 46 47 aIn = new ASN1InputStream(negativeLength); 48 49 try 50 { 51 aIn.readObject(); 52 fail("negative length not detected."); 53 } 54 catch (IOException e) 55 { 56 if (!e.getMessage().equals("corrupted stream - negative length found")) 57 { 58 fail("wrong exception: " + e.getMessage()); 59 } 60 } 61 62 aIn = new ASN1InputStream(outsideLimitLength); 63 64 try 65 { 66 aIn.readObject(); 67 fail("outside limit length not detected."); 68 } 69 catch (IOException e) 70 { 71 if (!e.getMessage().equals("corrupted stream - out of bounds length found: 1048575 >= 5")) 72 { 73 fail("wrong exception: " + e.getMessage()); 74 } 75 } 76 77 testWithByteArray(classCast1, "unknown object encountered: class org.bouncycastle.asn1.DLApplicationSpecific"); 78 testWithByteArray(classCast2, "unknown object encountered: class org.bouncycastle.asn1.BERTaggedObjectParser"); 79 testWithByteArray(classCast3, "unknown object encountered in constructed OCTET STRING: class org.bouncycastle.asn1.DLTaggedObject"); 80 81 testWithByteArray(memoryError1, "corrupted stream - out of bounds length found: 2078365180 >= 39"); 82 testWithByteArray(memoryError2, "corrupted stream - out of bounds length found: 2102504523 >= 39"); 83 } 84 testWithByteArray(byte[] data, String message)85 private void testWithByteArray(byte[] data, String message) 86 { 87 try 88 { 89 ASN1InputStream input = new ASN1InputStream(data); 90 91 ASN1Primitive p; 92 while ((p = input.readObject()) != null) 93 { 94 ASN1Sequence asn1 = ASN1Sequence.getInstance(p); 95 for (int i = 0; i < asn1.size(); i++) 96 { 97 asn1.getObjectAt(i); 98 } 99 } 100 } 101 catch (java.io.IOException e) 102 { 103 isEquals(e.getMessage(), message, e.getMessage()); 104 } 105 } 106 main( String[] args)107 public static void main( 108 String[] args) 109 { 110 runTest(new InputStreamTest()); 111 } 112 } 113