2021-03-29 05:53:05 +00:00
|
|
|
/*
|
2024-02-26 16:49:01 +00:00
|
|
|
* Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
|
|
|
|
* Copyright (C) 2021, 2024 THL A29 Limited, a Tencent company. All rights reserved.
|
2021-03-29 05:53:05 +00:00
|
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
|
*
|
|
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
|
|
* accompanied this code).
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License version
|
|
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
*
|
|
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
|
|
* questions.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @test 8263188
|
|
|
|
* @summary If TLS the server and client has no common signature algorithms,
|
|
|
|
* the connection should fail fast with "No supported signature algorithm".
|
|
|
|
* This test only covers TLS 1.2.
|
|
|
|
*
|
|
|
|
* @library /test/lib
|
|
|
|
* /javax/net/ssl/templates
|
|
|
|
*
|
|
|
|
* @run main/othervm
|
|
|
|
* -Djdk.tls.server.SignatureSchemes=ecdsa_secp384r1_sha384
|
|
|
|
* -Djdk.tls.client.SignatureSchemes=ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384
|
|
|
|
* -Dtest.clientAuth=false
|
|
|
|
* -Dtest.expectFail=false
|
|
|
|
* SigAlgosExtTestWithTLS12
|
|
|
|
* @run main/othervm
|
|
|
|
* -Djdk.tls.server.SignatureSchemes=ecdsa_secp384r1_sha384
|
|
|
|
* -Djdk.tls.client.SignatureSchemes=ecdsa_secp256r1_sha256
|
|
|
|
* -Dtest.clientAuth=false
|
|
|
|
* -Dtest.expectFail=true
|
|
|
|
* SigAlgosExtTestWithTLS12
|
|
|
|
* @run main/othervm
|
|
|
|
* -Djdk.tls.server.SignatureSchemes=ecdsa_secp256r1_sha256
|
|
|
|
* -Djdk.tls.client.SignatureSchemes=ecdsa_secp256r1_sha256
|
|
|
|
* -Dtest.clientAuth=true
|
|
|
|
* -Dtest.expectFail=true
|
|
|
|
* SigAlgosExtTestWithTLS12
|
|
|
|
*/
|
|
|
|
|
|
|
|
import javax.net.ssl.*;
|
|
|
|
import java.nio.ByteBuffer;
|
|
|
|
import java.util.*;
|
|
|
|
|
|
|
|
public class SigAlgosExtTestWithTLS12 extends SSLEngineTemplate {
|
|
|
|
|
|
|
|
private static final boolean CLIENT_AUTH
|
|
|
|
= Boolean.getBoolean("test.clientAuth");
|
|
|
|
private static final boolean EXPECT_FAIL
|
|
|
|
= Boolean.getBoolean("test.expectFail");
|
|
|
|
|
|
|
|
private static final int TLS_HS_CERT_REQ = 13;
|
|
|
|
|
|
|
|
public SigAlgosExtTestWithTLS12() throws Exception {
|
|
|
|
super();
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Create an instance of KeyManager for client use.
|
|
|
|
*/
|
2023-03-15 17:39:11 +00:00
|
|
|
@Override
|
|
|
|
protected KeyManager createClientKeyManager() throws Exception {
|
|
|
|
return createKeyManager(
|
|
|
|
new Cert[]{Cert.EE_ECDSA_SECP256R1, Cert.EE_ECDSA_SECP384R1},
|
|
|
|
getClientContextParameters());
|
2021-03-29 05:53:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public TrustManager createClientTrustManager() throws Exception {
|
2023-03-15 17:39:11 +00:00
|
|
|
return createTrustManager(
|
|
|
|
new Cert[]{Cert.CA_ECDSA_SECP256R1, Cert.CA_ECDSA_SECP384R1},
|
2021-03-29 05:53:05 +00:00
|
|
|
getServerContextParameters());
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public KeyManager createServerKeyManager() throws Exception {
|
2023-03-15 17:39:11 +00:00
|
|
|
return createKeyManager(
|
|
|
|
new Cert[]{Cert.EE_ECDSA_SECP256R1, Cert.EE_ECDSA_SECP384R1},
|
2021-03-29 05:53:05 +00:00
|
|
|
getServerContextParameters());
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public TrustManager createServerTrustManager() throws Exception {
|
2023-03-15 17:39:11 +00:00
|
|
|
return createTrustManager(
|
|
|
|
new Cert[]{Cert.CA_ECDSA_SECP256R1, Cert.CA_ECDSA_SECP384R1},
|
2021-03-29 05:53:05 +00:00
|
|
|
getServerContextParameters());
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
protected SSLEngine configureServerEngine(SSLEngine serverEngine) {
|
|
|
|
serverEngine.setUseClientMode(false);
|
|
|
|
serverEngine.setNeedClientAuth(CLIENT_AUTH);
|
|
|
|
return serverEngine;
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
protected SSLEngine configureClientEngine(SSLEngine clientEngine) {
|
|
|
|
clientEngine.setUseClientMode(true);
|
|
|
|
clientEngine.setEnabledProtocols(new String[] { "TLSv1.2" });
|
|
|
|
return clientEngine;
|
|
|
|
}
|
|
|
|
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
|
|
System.setProperty("javax.net.debug", "ssl:handshake");
|
|
|
|
|
|
|
|
try {
|
|
|
|
new SigAlgosExtTestWithTLS12().run();
|
|
|
|
if (EXPECT_FAIL) {
|
|
|
|
throw new RuntimeException(
|
|
|
|
"Expected SSLHandshakeException wasn't thrown");
|
|
|
|
}
|
|
|
|
} catch (SSLHandshakeException e) {
|
2024-02-26 16:49:01 +00:00
|
|
|
if (EXPECT_FAIL && e.getMessage().endsWith(
|
2021-03-29 05:53:05 +00:00
|
|
|
"No supported signature algorithm")) {
|
|
|
|
System.out.println("Expected SSLHandshakeException");
|
|
|
|
} else {
|
|
|
|
throw e;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
private void run() throws Exception {
|
|
|
|
boolean dataDone = false;
|
|
|
|
while (isOpen(clientEngine) || isOpen(serverEngine)) {
|
|
|
|
clientEngine.wrap(clientOut, cTOs);
|
|
|
|
cTOs.flip();
|
|
|
|
|
|
|
|
// Consume the ClientHello and get the server flight of handshake
|
|
|
|
// messages. We expect that it will be one TLS record containing
|
|
|
|
// multiple handshake messages, one of which is a CertificateRequest
|
|
|
|
// when the client authentication is required.
|
|
|
|
serverEngine.unwrap(cTOs, serverIn);
|
|
|
|
runDelegatedTasks(serverEngine);
|
|
|
|
|
|
|
|
// Wrap the server flight
|
|
|
|
serverEngine.wrap(serverOut, sTOc);
|
|
|
|
sTOc.flip();
|
|
|
|
|
|
|
|
if (CLIENT_AUTH && EXPECT_FAIL) {
|
|
|
|
twistCertReqMsg(sTOc);
|
|
|
|
}
|
|
|
|
|
|
|
|
clientEngine.unwrap(sTOc, clientIn);
|
|
|
|
runDelegatedTasks(clientEngine);
|
|
|
|
|
|
|
|
serverEngine.unwrap(cTOs, serverIn);
|
|
|
|
runDelegatedTasks(serverEngine);
|
|
|
|
|
|
|
|
cTOs.compact();
|
|
|
|
sTOc.compact();
|
|
|
|
|
|
|
|
if (!dataDone && (clientOut.limit() == serverIn.position()) &&
|
|
|
|
(serverOut.limit() == clientIn.position())) {
|
|
|
|
checkTransfer(serverOut, clientIn);
|
|
|
|
checkTransfer(clientOut, serverIn);
|
|
|
|
|
|
|
|
clientEngine.closeOutbound();
|
|
|
|
dataDone = true;
|
|
|
|
serverEngine.closeOutbound();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Twists signature schemes in CertificateRequest message for negative
|
|
|
|
* client authentication cases.
|
|
|
|
*
|
|
|
|
* @param tlsRecord a ByteBuffer containing a TLS record. It is assumed
|
|
|
|
* that the position of the ByteBuffer is on the first byte of the TLS
|
|
|
|
* record header.
|
|
|
|
*
|
|
|
|
* @throws SSLException if the incoming ByteBuffer does not contain a
|
|
|
|
* well-formed TLS message.
|
|
|
|
*/
|
|
|
|
private static void twistCertReqMsg(
|
|
|
|
ByteBuffer tlsRecord) throws SSLException {
|
|
|
|
Objects.requireNonNull(tlsRecord);
|
|
|
|
tlsRecord.mark();
|
|
|
|
|
|
|
|
// Process the TLS record header
|
|
|
|
int type = Byte.toUnsignedInt(tlsRecord.get());
|
|
|
|
int ver_major = Byte.toUnsignedInt(tlsRecord.get());
|
|
|
|
int ver_minor = Byte.toUnsignedInt(tlsRecord.get());
|
|
|
|
int recLen = Short.toUnsignedInt(tlsRecord.getShort());
|
|
|
|
|
|
|
|
// Simple sanity checks
|
|
|
|
if (type != 22) {
|
|
|
|
throw new SSLException("Not a handshake: Type = " + type);
|
|
|
|
} else if (recLen > tlsRecord.remaining()) {
|
|
|
|
throw new SSLException("Incomplete record in buffer: " +
|
|
|
|
"Record length = " + recLen + ", Remaining = " +
|
|
|
|
tlsRecord.remaining());
|
|
|
|
}
|
|
|
|
|
|
|
|
while (tlsRecord.hasRemaining()) {
|
|
|
|
// Grab the handshake message header.
|
|
|
|
int msgHdr = tlsRecord.getInt();
|
|
|
|
int msgType = (msgHdr >> 24) & 0x000000FF;
|
|
|
|
int msgLen = msgHdr & 0x00FFFFFF;
|
|
|
|
|
|
|
|
if (msgType == TLS_HS_CERT_REQ) {
|
|
|
|
// Slice the buffer such that it contains the entire
|
|
|
|
// handshake message (less the handshake header).
|
|
|
|
int bufPos = tlsRecord.position();
|
|
|
|
ByteBuffer buf = tlsRecord.slice(bufPos, msgLen);
|
|
|
|
|
|
|
|
// Replace the signature scheme with an unknown value
|
|
|
|
twistSigSchemesCertReq(buf, (short) 0x0000);
|
|
|
|
byte[] bufBytes = new byte[buf.limit()];
|
|
|
|
buf.get(bufBytes);
|
|
|
|
tlsRecord.put(bufPos, bufBytes);
|
|
|
|
|
|
|
|
break;
|
|
|
|
} else {
|
|
|
|
// Skip to the next handshake message, if there is one
|
|
|
|
tlsRecord.position(tlsRecord.position() + msgLen);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
tlsRecord.reset();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Replace the signature schemes in CertificateRequest message with an
|
|
|
|
* alternative value. It is assumed that the provided ByteBuffer has its
|
|
|
|
* position set at the first byte of the CertificateRequest message body
|
|
|
|
* (AFTER the handshake header) and contains the entire CR message. Upon
|
|
|
|
* successful completion of this method the ByteBuffer will have its
|
|
|
|
* position reset to the initial offset in the buffer.
|
|
|
|
* If an exception is thrown the position at the time of the exception
|
|
|
|
* will be preserved.
|
|
|
|
*
|
|
|
|
* @param data the ByteBuffer containing the CertificateRequest bytes
|
|
|
|
* @param altSigScheme an alternative signature scheme
|
|
|
|
*/
|
|
|
|
private static void twistSigSchemesCertReq(ByteBuffer data,
|
|
|
|
Short altSigScheme) {
|
|
|
|
Objects.requireNonNull(data);
|
|
|
|
data.mark();
|
|
|
|
|
|
|
|
// Jump past the certificate types
|
|
|
|
int certTypeLen = Byte.toUnsignedInt(data.get());
|
|
|
|
if (certTypeLen != 0) {
|
|
|
|
data.position(data.position() + certTypeLen);
|
|
|
|
}
|
|
|
|
|
|
|
|
int sigSchemeLen = Short.toUnsignedInt(data.getShort());
|
|
|
|
for (int ssOff = 0; ssOff < sigSchemeLen; ssOff += 2) {
|
|
|
|
System.err.println(
|
|
|
|
"Use alternative signature scheme: " + altSigScheme);
|
|
|
|
data.putShort(data.position(), altSigScheme);
|
|
|
|
}
|
|
|
|
|
|
|
|
data.reset();
|
|
|
|
}
|
|
|
|
}
|