/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8270344
* @library /test/lib /javax/net/ssl/templates
* @summary Session resumption errors
* @run main/othervm InvalidateSession
*/
import javax.net.*;
import javax.net.ssl.*;
import java.io.*;
import java.net.*;
import java.util.*;
import jdk.test.lib.security.SecurityUtils;
public class InvalidateSession extends SSLContextTemplate {
static ServerSocketFactory serverSsf = null;
static SSLSocketFactory clientSsf = null;
static Server server;
static SSLSession cacheSession;
static final String[] CLIENT_VERSIONS = {"TLSv1", "TLSv1.1", "TLSv1.2"};
public static void main(String args[]) throws Exception {
// drop the supported_versions extension to force test to use the legacy
// TLS protocol version field during handshakes
System.setProperty("jdk.tls.client.disableExtensions", "supported_versions");
SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1");
InvalidateSession test = new InvalidateSession();
test.sessionTest();
server.go = false;
}
/**
* 3 test iterations
* 1) Server configured with TLSv1, client with TLSv1, v1.1, v1.2
* - Handshake should succeed
* - Session "A" established
* 2) 2nd iteration, server configured with TLSv1.2 only
* - Connection should succeed but with a new session due to TLS protocol version change
* - Session "A" should be invalidated
* - Session "B" is created
* 3) 3rd iteration, same server/client config
* - Session "B" should continue to be in use
*/
private void sessionTest() throws Exception {
serverSsf = createServerSSLContext().getServerSocketFactory();
clientSsf = createClientSSLContext().getSocketFactory();
server = startServer();
while (!server.started) {
Thread.yield();
}
for (int i = 1; i <= 3; i++) {
clientConnect(i);
Thread.sleep(1000);
}
}
public void clientConnect(int testIterationCount) throws Exception {
System.out.printf("Connecting to: localhost: %s, iteration count %d%n",
"localhost:" + server.port, testIterationCount);
SSLSocket sslSocket = (SSLSocket) clientSsf.createSocket("localhost", server.port);
sslSocket.setEnabledProtocols(CLIENT_VERSIONS);
sslSocket.startHandshake();
System.out.println("Got session: " + sslSocket.getSession());
if (testIterationCount == 2 && Objects.equals(cacheSession, sslSocket.getSession())) {
throw new RuntimeException("Same session should not have resumed");
}
if (testIterationCount == 3 && !Objects.equals(cacheSession, sslSocket.getSession())) {
throw new RuntimeException("Same session should have resumed");
}
cacheSession = sslSocket.getSession();
try (
ObjectOutputStream oos = new ObjectOutputStream(sslSocket.getOutputStream());
ObjectInputStream ois = new ObjectInputStream(sslSocket.getInputStream())) {
oos.writeObject("Hello");
String serverMsg = (String) ois.readObject();
System.out.println("Server message : " + serverMsg);
} catch (Exception ex) {
throw new RuntimeException(ex);
} finally {
sslSocket.close();
}
}
private static Server startServer() {
Server server = new Server();
new Thread(server).start();
return server;
}
private static class Server implements Runnable {
public volatile boolean go = true;
public volatile int port = 0;
public volatile boolean started = false;
@Override
public void run() {
try {
SSLServerSocket ssock = (SSLServerSocket)
serverSsf.createServerSocket(0);
this.port = ssock.getLocalPort();
ssock.setEnabledProtocols(new String[]{"TLSv1"});
started = true;
while (go) {
try {
System.out.println("Waiting for connection");
Socket sock = ssock.accept();
// now flip server to TLSv1.2 mode for successive connections
ssock.setEnabledProtocols(new String[]{"TLSv1.2"});
try (
ObjectInputStream ois = new ObjectInputStream(sock.getInputStream());
ObjectOutputStream oos = new ObjectOutputStream(sock.getOutputStream())) {
String recv = (String) ois.readObject();
oos.writeObject("Received: " + recv);
} catch (SSLHandshakeException she) {
System.out.println("Server caught :" + she);
} finally {
sock.close();
}
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
}
}