1 /*
2 * @test
3 * @build TestThread Traffic Handler ServerHandler ServerThread ClientThread
4 * @run main/othervm/timeout=140 -Djsse.enableCBCProtection=false main
5 * @summary Make sure that different configurations of SSL sockets work
6 */
7
8 /*
9 * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
10 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
11 *
12 * This code is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License version 2 only, as
14 * published by the Free Software Foundation.
15 *
16 * This code is distributed in the hope that it will be useful, but WITHOUT
17 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
18 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 * version 2 for more details (a copy is included in the LICENSE file that
20 * accompanied this code).
21 *
22 * You should have received a copy of the GNU General Public License version
23 * 2 along with this work; if not, write to the Free Software Foundation,
24 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
25 *
26 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
27 * or visit www.oracle.com if you need additional information or have any
28 * questions.
29 */
30
31 import java.io.*;
32 import java.security.SecureRandom;
33 import java.security.KeyStore;
34 import javax.security.cert.*;
35 import java.util.Date;
36 import java.util.Vector;
37 import java.util.ArrayList;
38
39 import javax.net.ssl.*;
40
41 public class main
42 {
43 // NOTE: "prng" doesn't need to be a SecureRandom
44
45 private static final SecureRandom prng
46 = new SecureRandom ();
47 private static SSLContext sslContext;
48
49 private static void usage() {
50 System.err.println (
51 "usage: tests.ssl.main default|random|cipher_suite [nthreads]");
52 }
53
54 /**
55 * Runs a test ... there are a variety of configurations, and the way
56 * they're invoked is subject to change. This program can support
57 * single and multiple process tests, but by default it's set up for
58 * single process testing.
59 *
60 * <P> The first commandline argument identifies a test configuration.
61 * Currently identified configurations include "default", "random".
62 *
63 * <P> The second commandline argument identifies the number of
64 * client threads to use.
65 */
66 public static void main (String argv [])
67 {
68 String config;
69 int NTHREADS;
70
71 initContext();
72 String supported [] = sslContext.getSocketFactory()
73 .getSupportedCipherSuites();
74
75 // Strip out any Kerberos Suites for now.
76 ArrayList list = new ArrayList(supported.length);
77 for (int i = 0; i < supported.length; i++) {
78 if (!supported[i].startsWith("TLS_KRB5")) {
79 list.add(supported[i]);
80 }
81 }
82 supported = (String [])list.toArray(new String [0]);
83
84 if (argv.length == 2) {
85 config = argv [0];
86 NTHREADS = Integer.parseInt (argv [1]);
87 } else if (argv.length == 1) {
88 config = argv [0];
89 NTHREADS = 15;
90 } else {
91 /* temporaraly changed to make it run under jtreg with
92 * default configuration, when no input parameters are
93 * given
94 */
95 //usage();
96 //return;
97 config = "default";
98 NTHREADS = supported.length;
99 }
100
101 // More options ... port #. different clnt/svr configs,
102 // cipher suites, etc.
103
104 ServerThread server = new ServerThread (0, NTHREADS, sslContext);
105 Vector clients = new Vector (NTHREADS);
106
107 if (!(config.equals("default") || config.equals("random")))
108 supported = new String[] {config};
109
110 System.out.println("Supported cipher suites are:");
111 for(int i=0; i < supported.length; i++) {
112 System.out.println(supported[i]);
113 }
114
115 setConfig (server, config, supported);
116
117 // if (OS != Win95)
118 server.setUseMT (true);
119
120 server.start ();
121 server.waitTillReady ();
122
123 //
124 // iterate over all cipher suites
125 //
126 int next = 0;
127 int passes = 0;
128
129 if (usesRandom (config))
130 next = nextUnsignedRandom ();
131
132 for (int i = 0; i < NTHREADS; i++, next++) {
133 ClientThread client = new ClientThread (server.getServerPort(), sslContext);
134 String cipher [] = new String [1];
135
136 setConfig (client, config, supported);
137 next = next % supported.length;
138 cipher [0] = supported [next];
139 client.setBasicCipherSuites (cipher);
140
141 //
142 // Win95 has been observed to choke if you throw many
143 // connections at it. So we make it easy to unthread
144 // everything; it can be handy outside Win95 too.
145 //
146 client.start ();
147 if (!server.getUseMT ()) {
148 waitForClient (client);
149 if (client.passed ())
150 passes++;
151 } else
152 clients.addElement (client);
153 }
154
155 while (!clients.isEmpty ()) {
156 ClientThread client;
157
158 client = (ClientThread) clients.elementAt (0);
159 clients.removeElement (client);
160 waitForClient (client);
161 if (client.passed ())
162 passes++;
163 }
164
165 System.out.println ("SUMMARY: threads = " + NTHREADS
166 + ", passes = " + passes);
167 }
168
169
170 //
171 // Rather than replicating code, a helper function!
172 //
173 private static void waitForClient (Thread client)
174 {
175 while (true)
176 try {
177 client.join ();
178
179 // System.out.println ("Joined: " + client.getName ());
180 break;
181 } catch (InterruptedException e) {
182 continue;
183 }
184 }
185
186 private static void initContext()
187 {
188 try {
189 String testRoot = System.getProperty("test.src", ".");
190 System.setProperty("javax.net.ssl.trustStore", testRoot
191 + "/../../../../javax/net/ssl/etc/truststore");
192
193 KeyStore ks = KeyStore.getInstance("JKS");
194 ks.load(new FileInputStream(testRoot
195 + "/../../../../javax/net/ssl/etc/truststore"),
196 "passphrase".toCharArray());
197 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
198 kmf.init(ks, "passphrase".toCharArray());
199 TrustManagerFactory tmf =
200 TrustManagerFactory.getInstance("SunX509");
201 tmf.init(ks);
202 sslContext = SSLContext.getInstance("SSL");
203 sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
204 } catch (Throwable t) {
205 // oh well; ignore it, the tester presumably intends this
206 System.out.println("Failed to read keystore/truststore file... Continuing");
207 t.printStackTrace();
208 }
209 }
210
211 private static int nextUnsignedRandom ()
212 {
213 int retval = prng.nextInt ();
214
215 if (retval < 0)
216 return -retval;
217 else
218 return retval;
219 }
220
221
222 //
223 // Randomness in testing can be good and bad ... covers more
224 // territory, but not reproducibly.
225 //
226 private static boolean usesRandom (String config)
227 {
228 return config.equalsIgnoreCase ("random");
229 }
230
231
232 private static void setConfig (
233 TestThread test,
234 String config,
235 String supported []
236 )
237 {
238 test.setBasicCipherSuites (supported);
239 test.setOutput (System.out);
240 test.setVerbosity (3);
241
242 if (test instanceof ClientThread) {
243 test.setListenHandshake (true);
244 test.setIterations (20);
245 }
246
247 // XXX role reversals !!!
248
249 //
250 // We can establish a reasonable degree of variability
251 // on the test data and configs ... expecting that the
252 // diagnostics will identify any problems that exist.
253 // Client and server must agree on these things.
254 //
255 // Unless we do this, only the SSL nonces and ephemeral
256 // keys will be unpredictable in a given test run. Those
257 // affect only the utmost innards of SSL, details which
258 // are not visible to applications.
259 //
260 if (usesRandom (config)) {
261 int rand = nextUnsignedRandom ();
262
263 if (test instanceof ClientThread)
264 test.setIterations (rand % 35);
265
266 if ((rand & 0x080) == 0)
267 test.setInitiateHandshake (true);
268 // if ((rand & 0x040) == 0)
269 // test.setDoRenegotiate (true);
270
271 test.setPRNG (new SecureRandom ());
272 }
273 }
274 }