stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8211227: Inconsistent TLS protocol version in debug output

Browse Source 
Reviewed-by: xuelei, rhalade
This commit is contained in:
Evan Whelan 2021-02-22 21:12:04 +00:00 committed by Rajan Halade
parent 7b924d8a28
commit a86728850e
6 changed files with 162 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java
View File

@ -271,7 +271,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
if (SSLLogger.isOn && SSLLogger.isOn("record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion + " " +
"WRITE: " + protocolVersion.name + " " +
ContentType.APPLICATION_DATA.name +
", length = " + destination.remaining());
}
@ -499,7 +499,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
if (SSLLogger.isOn && SSLLogger.isOn("record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion + " " +
"WRITE: " + protocolVersion.name + " " +
ContentType.nameOf(memo.contentType) +
", length = " + dstBuf.remaining());
}

4
src/java.base/share/classes/sun/security/ssl/HandshakeContext.java
View File

@ -297,13 +297,13 @@ abstract class HandshakeContext implements ConnectionContext {
} else if (SSLLogger.isOn && SSLLogger.isOn("verbose")) {
SSLLogger.fine(
"Ignore unsupported cipher suite: " + suite +
" for " + protocol);
" for " + protocol.name);
}
}
if (!found && (SSLLogger.isOn) && SSLLogger.isOn("handshake")) {
SSLLogger.fine(
"No available cipher suite for " + protocol);
"No available cipher suite for " + protocol.name);
}
}

4
src/java.base/share/classes/sun/security/ssl/SSLEngineOutputRecord.java
View File

@ -269,7 +269,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
if (SSLLogger.isOn && SSLLogger.isOn("record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion + " " +
"WRITE: " + protocolVersion.name + " " +
ContentType.APPLICATION_DATA.name +
", length = " + destination.remaining());
}
@ -509,7 +509,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
if (SSLLogger.isOn && SSLLogger.isOn("record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion + " " +
"WRITE: " + protocolVersion.name + " " +
ContentType.nameOf(memo.contentType) +
", length = " + dstBuf.remaining());
}

8
src/java.base/share/classes/sun/security/ssl/SSLSocketOutputRecord.java
View File

@ -68,7 +68,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
write(level);
write(description);
if (SSLLogger.isOn && SSLLogger.isOn("record")) {
SSLLogger.fine("WRITE: " + protocolVersion +
SSLLogger.fine("WRITE: " + protocolVersion.name +
" " + ContentType.ALERT.name +
"(" + Alert.nameOf(description) + ")" +
", length = " + (count - headerSize));
@ -179,7 +179,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
if (SSLLogger.isOn && SSLLogger.isOn("record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion +
"WRITE: " + protocolVersion.name +
" " + ContentType.HANDSHAKE.name +
", length = " + (count - headerSize));
}
@ -254,7 +254,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
if (SSLLogger.isOn && SSLLogger.isOn("record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion +
"WRITE: " + protocolVersion.name +
" " + ContentType.HANDSHAKE.name +
", length = " + (count - headerSize));
}
@ -327,7 +327,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
if (SSLLogger.isOn && SSLLogger.isOn("record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion +
"WRITE: " + protocolVersion.name +
" " + ContentType.APPLICATION_DATA.name +
", length = " + (count - position));
}

2
test/jdk/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java
View File

@ -131,7 +131,7 @@ public class DebugReportsOneExtraByte {
OutputAnalyzer output = ProcessTools.executeTestJvm(
"-Dtest.src=" + System.getProperty("test.src"),
"-Djavax.net.debug=all", "DebugReportsOneExtraByte", "p");
output.shouldContain("WRITE: TLS10 application_data, length = 8");
output.shouldContain("WRITE: TLSv1 application_data, length = 8");
System.out.println("Test Passed.");
} else {

151
test/jdk/sun/security/ssl/SSLLogger/LoggingFormatConsistency.java Normal file
View File

@ -0,0 +1,151 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @test
* @bug 8211227
* @library /test/lib /javax/net/ssl/templates ../../
* @summary Tests for consistency in logging format of TLS Versions
* @run main/othervm LoggingFormatConsistency
*/
/*
* This test runs in another process so we can monitor the debug
* results. The OutputAnalyzer must see correct debug output to return a
* success.
*/
import jdk.test.lib.process.ProcessTools;
import jdk.test.lib.security.SecurityUtils;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.InetAddress;
import java.net.URL;
import static java.nio.charset.StandardCharsets.UTF_8;
public class LoggingFormatConsistency extends SSLSocketTemplate {
LoggingFormatConsistency () {
serverAddress = InetAddress.getLoopbackAddress();
SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1");
}
public static void main(String[] args) throws Exception {
if (args.length != 0) {
// A non-empty set of arguments occurs when the "runTest" argument
// is passed to the test via ProcessTools::executeTestJvm.
//
// This is done because an OutputAnalyzer is unable to read
// the output of the current running JVM, and must therefore create
// a test JVM. When this case occurs, it will inherit all specified
// properties passed to the test JVM - debug flags, tls version, etc.
new LoggingFormatConsistency().run();
} else {
// We are in the test JVM that the test is being ran in.
var testSrc = "-Dtest.src=" + System.getProperty("test.src");
var javaxNetDebug = "-Djavax.net.debug=all";
var correctTlsVersionsFormat = new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
var incorrectTLSVersionsFormat = new String[]{"TLS10", "TLS11", "TLS12", "TLS13"};
for (var i = 0; i < correctTlsVersionsFormat.length; i++) {
var expectedTLSVersion = correctTlsVersionsFormat[i];
var incorrectTLSVersion = incorrectTLSVersionsFormat[i];
System.out.println("TESTING " + expectedTLSVersion);
var activeTLSProtocol = "-Djdk.tls.client.protocols=" + expectedTLSVersion;
var output = ProcessTools.executeTestJvm(
testSrc,
activeTLSProtocol,
javaxNetDebug,
"LoggingFormatConsistency",
"runTest"); // Ensuring args.length is greater than 0 when test JVM starts
if (output.getExitValue() != 0) {
throw new RuntimeException("Test JVM process failed. JVM stderr= " + output.getStderr());
}
output.shouldContain(expectedTLSVersion);
output.shouldNotContain(incorrectTLSVersion);
}
}
}
@Override
protected boolean isCustomizedClientConnection() { return true; }
@Override
protected void runServerApplication(SSLSocket socket) throws Exception {
var response = "Hello World!";
var out = new DataOutputStream(socket.getOutputStream());
try {
// We don't need to process the data from the socket
// Simply sending a response right away is sufficient
// to generate the desired debug output
var responseBytes = response.getBytes(UTF_8);
out.writeBytes("HTTP/1.0 200 OK\r\n");
out.writeBytes("Content-Length: " + responseBytes.length + "\r\n");
out.writeBytes("Content-Type: text/html\r\n\r\n");
out.write(responseBytes);
out.flush();
} catch (IOException e) {
out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n");
out.writeBytes("Content-Type: text/html\r\n\r\n");
out.flush();
}
}
@Override
protected void runClientApplication(int serverPort) throws Exception {
var context = createClientSSLContext();
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
var host = serverAddress == null ? "localhost" : serverAddress.getHostAddress();
var url = new URL("https://" + host + ":" + serverPort + "/");
var httpsConnection = (HttpsURLConnection) url.openConnection();
httpsConnection.disconnect();
try (var in = new BufferedReader(new InputStreamReader(httpsConnection.getInputStream()))) {
// Getting the input stream from the BufferedReader is sufficient to generate the desired debug output
// We don't need to process the data
} catch (IOException e) {
throw new RuntimeException(e);
}
}
private static class NameVerifier implements HostnameVerifier {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
}
}