/* * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.URI; import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpResponse; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import javax.net.ssl.SSLContext; import jdk.test.lib.net.SimpleSSLContext; import org.testng.annotations.AfterTest; import org.testng.annotations.BeforeTest; import org.testng.annotations.DataProvider; import org.testng.annotations.Test; import static java.lang.System.out; import static java.net.http.HttpClient.Version; import static java.net.http.HttpClient.Version.HTTP_1_1; import static java.net.http.HttpClient.Version.HTTP_2; import static java.net.http.HttpResponse.BodyHandlers.ofString; import static org.testng.Assert.assertEquals; import jdk.test.lib.security.SecurityUtils; /* * @test * @bug 8239594 * @summary This test verifies that the TLS version handshake respects ssl context * @library /test/lib http2/server * @build jdk.test.lib.net.SimpleSSLContext HttpServerAdapters TlsContextTest * @modules java.net.http/jdk.internal.net.http.common * java.net.http/jdk.internal.net.http.frame * java.net.http/jdk.internal.net.http.hpack * java.logging * java.base/sun.net.www.http * java.base/sun.net.www * java.base/sun.net * @run testng/othervm -Dtest.requiresHost=true * -Djdk.httpclient.HttpClient.log=headers * -Djdk.internal.httpclient.disableHostnameVerification * -Djdk.internal.httpclient.debug=false * TlsContextTest */ public class TlsContextTest implements HttpServerAdapters { static HttpTestServer https2Server; static String https2URI; SSLContext server; final static Integer ITERATIONS = 3; @BeforeTest public void setUp() throws Exception { // Re-enable TLSv1 and TLSv1.1 since test depends on them SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1"); server = SimpleSSLContext.getContext("TLS"); final ExecutorService executor = Executors.newCachedThreadPool(); https2Server = HttpTestServer.of( new Http2TestServer("localhost", true, 0, executor, 50, null, server, true)); https2Server.addHandler(new TlsVersionTestHandler("https", https2Server), "/server/"); https2Server.start(); https2URI = "https://" + https2Server.serverAuthority() + "/server/"; } @DataProvider(name = "scenarios") public Object[][] scenarios() throws Exception { return new Object[][]{ { SimpleSSLContext.getContext("TLS"), HTTP_2, "TLSv1.3" }, { SimpleSSLContext.getContext("TLSv1.2"), HTTP_2, "TLSv1.2" }, { SimpleSSLContext.getContext("TLSv1.1"), HTTP_1_1, "TLSv1.1" }, { SimpleSSLContext.getContext("TLSv1.1"), HTTP_2, "TLSv1.1" }, }; } /** * Tests various scenarios between client and server tls handshake with valid http */ @Test(dataProvider = "scenarios") public void testVersionProtocols(SSLContext context, Version version, String expectedProtocol) throws Exception { HttpClient client = HttpClient.newBuilder() .sslContext(context) .version(version) .build(); HttpRequest request = HttpRequest.newBuilder(new URI(https2URI)) .GET() .build(); for (int i = 0; i < ITERATIONS; i++) { HttpResponse response = client.send(request, ofString()); testAllProtocols(response, expectedProtocol); } } private void testAllProtocols(HttpResponse response, String expectedProtocol) throws Exception { String protocol = response.sslSession().get().getProtocol(); int statusCode = response.statusCode(); Version version = response.version(); out.println("Got Body " + response.body()); out.println("The protocol negotiated is :" + protocol); assertEquals(statusCode, 200); assertEquals(protocol, expectedProtocol); assertEquals(version, expectedProtocol.equals("TLSv1.1") ? HTTP_1_1 : HTTP_2); } @AfterTest public void teardown() throws Exception { https2Server.stop(); } static class TlsVersionTestHandler implements HttpTestHandler { final String scheme; final HttpTestServer server; TlsVersionTestHandler(String scheme, HttpTestServer server) { this.scheme = scheme; this.server = server; } @Override public void handle(HttpTestExchange t) throws IOException { try (InputStream is = t.getRequestBody(); OutputStream os = t.getResponseBody()) { byte[] bytes = is.readAllBytes(); t.sendResponseHeaders(200, 10); os.write(bytes); } } } }