1 /*
2 * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /**
30 * @test
31 * @bug 7068321 8190492
32 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
33 * @library ../templates
34 * @build SSLCapabilities SSLExplorer
35 * @run main/othervm SSLSocketExplorer SSLv2Hello,SSLv3
36 * @run main/othervm SSLSocketExplorer SSLv3
37 * @run main/othervm SSLSocketExplorer TLSv1
38 * @run main/othervm SSLSocketExplorer TLSv1.1
39 * @run main/othervm SSLSocketExplorer TLSv1.2
40 */
41
42 import java.io.*;
43 import java.nio.*;
44 import java.nio.channels.*;
45 import java.util.*;
46 import java.net.*;
47 import javax.net.ssl.*;
48 import java.security.Security;
49
50 public class SSLSocketExplorer {
51
52 /*
53 * =============================================================
54 * Set the various variables needed for the tests, then
55 * specify what tests to run on each side.
56 */
57
58 /*
59 * Should we run the client or server in a separate thread?
60 * Both sides can throw exceptions, but do you have a preference
61 * as to which side should be the main thread.
62 */
63 static boolean separateServerThread = true;
64
65 /*
66 * Where do we find the keystores?
67 */
68 static String pathToStores = "../etc";
69 static String keyStoreFile = "keystore";
70 static String trustStoreFile = "truststore";
71 static String passwd = "passphrase";
72
73 /*
74 * Is the server ready to serve?
75 */
76 volatile static boolean serverReady = false;
77
78 /*
79 * Turn on SSL debugging?
80 */
81 static boolean debug = false;
82
83 /*
84 * If the client or server is doing some kind of object creation
85 * that the other side depends on, and that thread prematurely
86 * exits, you may experience a hang. The test harness will
87 * terminate all hung threads after its timeout has expired,
88 * currently 3 minutes by default, but you might try to be
89 * smart about it....
90 */
91
92 /*
93 * Define the server side of the test.
94 *
95 * If the server prematurely exits, serverReady will be set to true
96 * to avoid infinite hangs.
97 */
98 void doServerSide() throws Exception {
99
100 ServerSocket serverSocket = new ServerSocket(serverPort);
101
102 // Signal Client, we're ready for his connect.
103 serverPort = serverSocket.getLocalPort();
104 serverReady = true;
105
106 Socket socket = serverSocket.accept();
107 InputStream ins = socket.getInputStream();
108
109 byte[] buffer = new byte[0xFF];
110 int position = 0;
111 SSLCapabilities capabilities = null;
112
113 // Read the header of TLS record
114 while (position < SSLExplorer.RECORD_HEADER_SIZE) {
115 int count = SSLExplorer.RECORD_HEADER_SIZE - position;
116 int n = ins.read(buffer, position, count);
117 if (n < 0) {
118 throw new Exception("unexpected end of stream!");
119 }
120 position += n;
121 }
122
123 int recordLength = SSLExplorer.getRequiredSize(buffer, 0, position);
124 if (buffer.length < recordLength) {
125 buffer = Arrays.copyOf(buffer, recordLength);
126 }
127
128 while (position < recordLength) {
129 int count = recordLength - position;
130 int n = ins.read(buffer, position, count);
131 if (n < 0) {
132 throw new Exception("unexpected end of stream!");
133 }
134 position += n;
135 }
136
137 capabilities = SSLExplorer.explore(buffer, 0, recordLength);;
138 if (capabilities != null) {
139 System.out.println("Record version: " +
140 capabilities.getRecordVersion());
141 System.out.println("Hello version: " +
142 capabilities.getHelloVersion());
143 }
144
145 SSLSocketFactory sslsf =
146 (SSLSocketFactory) SSLSocketFactory.getDefault();
147 ByteArrayInputStream bais =
148 new ByteArrayInputStream(buffer, 0, position);
149 SSLSocket sslSocket = (SSLSocket)sslsf.createSocket(socket, bais, true);
150
151 // Enable all supported protocols on server side to test SSLv3
152 sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
153
154 InputStream sslIS = sslSocket.getInputStream();
155 OutputStream sslOS = sslSocket.getOutputStream();
156
157 sslIS.read();
158 sslOS.write(85);
159 sslOS.flush();
160
161 ExtendedSSLSession session = (ExtendedSSLSession)sslSocket.getSession();
162 checkCapabilities(capabilities, session);
163
164 sslSocket.close();
165 serverSocket.close();
166 }
167
168
169 /*
170 * Define the client side of the test.
171 *
172 * If the server prematurely exits, serverReady will be set to true
173 * to avoid infinite hangs.
174 */
175 void doClientSide() throws Exception {
176
177 /*
178 * Wait for server to get started.
179 */
180 while (!serverReady) {
181 Thread.sleep(50);
182 }
183
184 SSLSocketFactory sslsf =
185 (SSLSocketFactory) SSLSocketFactory.getDefault();
186 SSLSocket sslSocket = (SSLSocket)
187 sslsf.createSocket("localhost", serverPort);
188
189 // enable the specified TLS protocol
190 sslSocket.setEnabledProtocols(supportedProtocols);
191
192 InputStream sslIS = sslSocket.getInputStream();
193 OutputStream sslOS = sslSocket.getOutputStream();
194
195 sslOS.write(280);
196 sslOS.flush();
197 sslIS.read();
198
199 sslSocket.close();
200 }
201
202 void checkCapabilities(SSLCapabilities capabilities,
203 ExtendedSSLSession session) throws Exception {
204
205 List<SNIServerName> sessionSNI = session.getRequestedServerNames();
206 if (!sessionSNI.equals(capabilities.getServerNames())) {
207 throw new Exception(
208 "server name indication does not match capabilities");
209 }
210 }
211
212 private static String[] supportedProtocols; // supported protocols
213
214 private static void parseArguments(String[] args) {
215 supportedProtocols = args[0].split(",");
216 }
217
218
219 /*
220 * =============================================================
221 * The remainder is just support stuff
222 */
223
224 // use any free port by default
225 volatile int serverPort = 0;
226
227 volatile Exception serverException = null;
228 volatile Exception clientException = null;
229
230 public static void main(String[] args) throws Exception {
231 // reset the security property to make sure that the algorithms
232 // and keys used in this test are not disabled.
233 Security.setProperty("jdk.tls.disabledAlgorithms", "");
234
235 String keyFilename =
236 System.getProperty("test.src", ".") + "/" + pathToStores +
237 "/" + keyStoreFile;
238 String trustFilename =
239 System.getProperty("test.src", ".") + "/" + pathToStores +
240 "/" + trustStoreFile;
241
242 System.setProperty("javax.net.ssl.keyStore", keyFilename);
243 System.setProperty("javax.net.ssl.keyStorePassword", passwd);
244 System.setProperty("javax.net.ssl.trustStore", trustFilename);
245 System.setProperty("javax.net.ssl.trustStorePassword", passwd);
246
247 if (debug)
248 System.setProperty("javax.net.debug", "all");
249
250 /*
251 * Get the customized arguments.
252 */
253 parseArguments(args);
254
255 /*
256 * Start the tests.
257 */
258 new SSLSocketExplorer();
259 }
260
261 Thread clientThread = null;
262 Thread serverThread = null;
263
264 /*
265 * Primary constructor, used to drive remainder of the test.
266 *
267 * Fork off the other side, then do your work.
268 */
269 SSLSocketExplorer() throws Exception {
270 try {
271 if (separateServerThread) {
272 startServer(true);
273 startClient(false);
274 } else {
275 startClient(true);
276 startServer(false);
277 }
278 } catch (Exception e) {
279 // swallow for now. Show later
280 }
281
282 /*
283 * Wait for other side to close down.
284 */
285 if (separateServerThread) {
286 serverThread.join();
287 } else {
288 clientThread.join();
289 }
290
291 /*
292 * When we get here, the test is pretty much over.
293 * Which side threw the error?
294 */
295 Exception local;
296 Exception remote;
297 String whichRemote;
298
299 if (separateServerThread) {
300 remote = serverException;
301 local = clientException;
302 whichRemote = "server";
303 } else {
304 remote = clientException;
305 local = serverException;
306 whichRemote = "client";
307 }
308
309 /*
310 * If both failed, return the curthread's exception, but also
311 * print the remote side Exception
312 */
313 if ((local != null) && (remote != null)) {
314 System.out.println(whichRemote + " also threw:");
315 remote.printStackTrace();
316 System.out.println();
317 throw local;
318 }
319
320 if (remote != null) {
321 throw remote;
322 }
323
324 if (local != null) {
325 throw local;
326 }
327 }
328
329 void startServer(boolean newThread) throws Exception {
330 if (newThread) {
331 serverThread = new Thread() {
332 public void run() {
333 try {
334 doServerSide();
335 } catch (Exception e) {
336 /*
337 * Our server thread just died.
338 *
339 * Release the client, if not active already...
340 */
341 System.err.println("Server died...");
342 serverReady = true;
343 serverException = e;
344 }
345 }
346 };
347 serverThread.start();
348 } else {
349 try {
350 doServerSide();
351 } catch (Exception e) {
352 serverException = e;
353 } finally {
354 serverReady = true;
355 }
356 }
357 }
358
359 void startClient(boolean newThread) throws Exception {
360 if (newThread) {
361 clientThread = new Thread() {
362 public void run() {
363 try {
364 doClientSide();
365 } catch (Exception e) {
366 /*
367 * Our client thread just died.
368 */
369 System.err.println("Client died...");
370 clientException = e;
371 }
372 }
373 };
374 clientThread.start();
375 } else {
376 try {
377 doClientSide();
378 } catch (Exception e) {
379 clientException = e;
380 }
381 }
382 }
383 }