1 /* 2 * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // SunJSSE does not support dynamic system properties, no way to re-use 26 // system properties in samevm/agentvm mode. 27 // 28 29 /** 30 * @test 31 * @bug 7068321 8190492 32 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server 33 * @library ../templates 34 * @build SSLCapabilities SSLExplorer 35 * @run main/othervm SSLSocketExplorer SSLv2Hello,SSLv3 36 * @run main/othervm SSLSocketExplorer SSLv3 37 * @run main/othervm SSLSocketExplorer TLSv1 38 * @run main/othervm SSLSocketExplorer TLSv1.1 39 * @run main/othervm SSLSocketExplorer TLSv1.2 40 */ 41 42 import java.io.*; 43 import java.nio.*; 44 import java.nio.channels.*; 45 import java.util.*; 46 import java.net.*; 47 import javax.net.ssl.*; 48 import java.security.Security; 49 50 public class SSLSocketExplorer { 51 52 /* 53 * ============================================================= 54 * Set the various variables needed for the tests, then 55 * specify what tests to run on each side. 56 */ 57 58 /* 59 * Should we run the client or server in a separate thread? 60 * Both sides can throw exceptions, but do you have a preference 61 * as to which side should be the main thread. 62 */ 63 static boolean separateServerThread = true; 64 65 /* 66 * Where do we find the keystores? 67 */ 68 static String pathToStores = "../etc"; 69 static String keyStoreFile = "keystore"; 70 static String trustStoreFile = "truststore"; 71 static String passwd = "passphrase"; 72 73 /* 74 * Is the server ready to serve? 75 */ 76 volatile static boolean serverReady = false; 77 78 /* 79 * Turn on SSL debugging? 80 */ 81 static boolean debug = false; 82 83 /* 84 * If the client or server is doing some kind of object creation 85 * that the other side depends on, and that thread prematurely 86 * exits, you may experience a hang. The test harness will 87 * terminate all hung threads after its timeout has expired, 88 * currently 3 minutes by default, but you might try to be 89 * smart about it.... 90 */ 91 92 /* 93 * Define the server side of the test. 94 * 95 * If the server prematurely exits, serverReady will be set to true 96 * to avoid infinite hangs. 97 */ 98 void doServerSide() throws Exception { 99 100 ServerSocket serverSocket = new ServerSocket(serverPort); 101 102 // Signal Client, we're ready for his connect. 103 serverPort = serverSocket.getLocalPort(); 104 serverReady = true; 105 106 Socket socket = serverSocket.accept(); 107 InputStream ins = socket.getInputStream(); 108 109 byte[] buffer = new byte[0xFF]; 110 int position = 0; 111 SSLCapabilities capabilities = null; 112 113 // Read the header of TLS record 114 while (position < SSLExplorer.RECORD_HEADER_SIZE) { 115 int count = SSLExplorer.RECORD_HEADER_SIZE - position; 116 int n = ins.read(buffer, position, count); 117 if (n < 0) { 118 throw new Exception("unexpected end of stream!"); 119 } 120 position += n; 121 } 122 123 int recordLength = SSLExplorer.getRequiredSize(buffer, 0, position); 124 if (buffer.length < recordLength) { 125 buffer = Arrays.copyOf(buffer, recordLength); 126 } 127 128 while (position < recordLength) { 129 int count = recordLength - position; 130 int n = ins.read(buffer, position, count); 131 if (n < 0) { 132 throw new Exception("unexpected end of stream!"); 133 } 134 position += n; 135 } 136 137 capabilities = SSLExplorer.explore(buffer, 0, recordLength);; 138 if (capabilities != null) { 139 System.out.println("Record version: " + 140 capabilities.getRecordVersion()); 141 System.out.println("Hello version: " + 142 capabilities.getHelloVersion()); 143 } 144 145 SSLSocketFactory sslsf = 146 (SSLSocketFactory) SSLSocketFactory.getDefault(); 147 ByteArrayInputStream bais = 148 new ByteArrayInputStream(buffer, 0, position); 149 SSLSocket sslSocket = (SSLSocket)sslsf.createSocket(socket, bais, true); 150 151 // Enable all supported protocols on server side to test SSLv3 152 sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols()); 153 154 InputStream sslIS = sslSocket.getInputStream(); 155 OutputStream sslOS = sslSocket.getOutputStream(); 156 157 sslIS.read(); 158 sslOS.write(85); 159 sslOS.flush(); 160 161 ExtendedSSLSession session = (ExtendedSSLSession)sslSocket.getSession(); 162 checkCapabilities(capabilities, session); 163 164 sslSocket.close(); 165 serverSocket.close(); 166 } 167 168 169 /* 170 * Define the client side of the test. 171 * 172 * If the server prematurely exits, serverReady will be set to true 173 * to avoid infinite hangs. 174 */ 175 void doClientSide() throws Exception { 176 177 /* 178 * Wait for server to get started. 179 */ 180 while (!serverReady) { 181 Thread.sleep(50); 182 } 183 184 SSLSocketFactory sslsf = 185 (SSLSocketFactory) SSLSocketFactory.getDefault(); 186 SSLSocket sslSocket = (SSLSocket) 187 sslsf.createSocket("localhost", serverPort); 188 189 // enable the specified TLS protocol 190 sslSocket.setEnabledProtocols(supportedProtocols); 191 192 InputStream sslIS = sslSocket.getInputStream(); 193 OutputStream sslOS = sslSocket.getOutputStream(); 194 195 sslOS.write(280); 196 sslOS.flush(); 197 sslIS.read(); 198 199 sslSocket.close(); 200 } 201 202 void checkCapabilities(SSLCapabilities capabilities, 203 ExtendedSSLSession session) throws Exception { 204 205 List<SNIServerName> sessionSNI = session.getRequestedServerNames(); 206 if (!sessionSNI.equals(capabilities.getServerNames())) { 207 throw new Exception( 208 "server name indication does not match capabilities"); 209 } 210 } 211 212 private static String[] supportedProtocols; // supported protocols 213 214 private static void parseArguments(String[] args) { 215 supportedProtocols = args[0].split(","); 216 } 217 218 219 /* 220 * ============================================================= 221 * The remainder is just support stuff 222 */ 223 224 // use any free port by default 225 volatile int serverPort = 0; 226 227 volatile Exception serverException = null; 228 volatile Exception clientException = null; 229 230 public static void main(String[] args) throws Exception { 231 // reset the security property to make sure that the algorithms 232 // and keys used in this test are not disabled. 233 Security.setProperty("jdk.tls.disabledAlgorithms", ""); 234 235 String keyFilename = 236 System.getProperty("test.src", ".") + "/" + pathToStores + 237 "/" + keyStoreFile; 238 String trustFilename = 239 System.getProperty("test.src", ".") + "/" + pathToStores + 240 "/" + trustStoreFile; 241 242 System.setProperty("javax.net.ssl.keyStore", keyFilename); 243 System.setProperty("javax.net.ssl.keyStorePassword", passwd); 244 System.setProperty("javax.net.ssl.trustStore", trustFilename); 245 System.setProperty("javax.net.ssl.trustStorePassword", passwd); 246 247 if (debug) 248 System.setProperty("javax.net.debug", "all"); 249 250 /* 251 * Get the customized arguments. 252 */ 253 parseArguments(args); 254 255 /* 256 * Start the tests. 257 */ 258 new SSLSocketExplorer(); 259 } 260 261 Thread clientThread = null; 262 Thread serverThread = null; 263 264 /* 265 * Primary constructor, used to drive remainder of the test. 266 * 267 * Fork off the other side, then do your work. 268 */ 269 SSLSocketExplorer() throws Exception { 270 try { 271 if (separateServerThread) { 272 startServer(true); 273 startClient(false); 274 } else { 275 startClient(true); 276 startServer(false); 277 } 278 } catch (Exception e) { 279 // swallow for now. Show later 280 } 281 282 /* 283 * Wait for other side to close down. 284 */ 285 if (separateServerThread) { 286 serverThread.join(); 287 } else { 288 clientThread.join(); 289 } 290 291 /* 292 * When we get here, the test is pretty much over. 293 * Which side threw the error? 294 */ 295 Exception local; 296 Exception remote; 297 String whichRemote; 298 299 if (separateServerThread) { 300 remote = serverException; 301 local = clientException; 302 whichRemote = "server"; 303 } else { 304 remote = clientException; 305 local = serverException; 306 whichRemote = "client"; 307 } 308 309 /* 310 * If both failed, return the curthread's exception, but also 311 * print the remote side Exception 312 */ 313 if ((local != null) && (remote != null)) { 314 System.out.println(whichRemote + " also threw:"); 315 remote.printStackTrace(); 316 System.out.println(); 317 throw local; 318 } 319 320 if (remote != null) { 321 throw remote; 322 } 323 324 if (local != null) { 325 throw local; 326 } 327 } 328 329 void startServer(boolean newThread) throws Exception { 330 if (newThread) { 331 serverThread = new Thread() { 332 public void run() { 333 try { 334 doServerSide(); 335 } catch (Exception e) { 336 /* 337 * Our server thread just died. 338 * 339 * Release the client, if not active already... 340 */ 341 System.err.println("Server died..."); 342 serverReady = true; 343 serverException = e; 344 } 345 } 346 }; 347 serverThread.start(); 348 } else { 349 try { 350 doServerSide(); 351 } catch (Exception e) { 352 serverException = e; 353 } finally { 354 serverReady = true; 355 } 356 } 357 } 358 359 void startClient(boolean newThread) throws Exception { 360 if (newThread) { 361 clientThread = new Thread() { 362 public void run() { 363 try { 364 doClientSide(); 365 } catch (Exception e) { 366 /* 367 * Our client thread just died. 368 */ 369 System.err.println("Client died..."); 370 clientException = e; 371 } 372 } 373 }; 374 clientThread.start(); 375 } else { 376 try { 377 doClientSide(); 378 } catch (Exception e) { 379 clientException = e; 380 } 381 } 382 } 383 }