342 lines
10 KiB
Java
342 lines
10 KiB
Java
/*
|
|
* Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/*
|
|
* @test
|
|
* @bug 4280338
|
|
* @summary "Unsupported SSL message version" SSLProtocolException
|
|
* w/SSL_RSA_WITH_NULL_MD5
|
|
* @run main/othervm JSSERenegotiate
|
|
*
|
|
* SunJSSE does not support dynamic system properties, no way to re-use
|
|
* system properties in samevm/agentvm mode.
|
|
*
|
|
* @author Ram Marti
|
|
* @author Brad Wetmore
|
|
*/
|
|
|
|
import java.io.*;
|
|
import java.net.*;
|
|
import java.security.Security;
|
|
import javax.net.ssl.*;
|
|
|
|
public class JSSERenegotiate {
|
|
|
|
static final String suite1 = "SSL_RSA_WITH_NULL_MD5";
|
|
static final String suite2 = "SSL_RSA_WITH_NULL_SHA";
|
|
|
|
static final String dataString = "This is a test";
|
|
|
|
|
|
/*
|
|
* =============================================================
|
|
* Set the various variables needed for the tests, then
|
|
* specify what tests to run on each side.
|
|
*/
|
|
|
|
/*
|
|
* Should we run the client or server in a separate thread?
|
|
* Both sides can throw exceptions, but do you have a preference
|
|
* as to which side should be the main thread.
|
|
*/
|
|
static boolean separateServerThread = false;
|
|
|
|
/*
|
|
* Where do we find the keystores?
|
|
*/
|
|
static String pathToStores = "../etc";
|
|
static String keyStoreFile = "keystore";
|
|
static String trustStoreFile = "truststore";
|
|
static String passwd = "passphrase";
|
|
|
|
/*
|
|
* Is the server ready to serve?
|
|
*/
|
|
volatile static boolean serverReady = false;
|
|
|
|
/*
|
|
* Turn on SSL debugging?
|
|
*/
|
|
static boolean debug = false;
|
|
|
|
/*
|
|
* If the client or server is doing some kind of object creation
|
|
* that the other side depends on, and that thread prematurely
|
|
* exits, you may experience a hang. The test harness will
|
|
* terminate all hung threads after its timeout has expired,
|
|
* currently 3 minutes by default, but you might try to be
|
|
* smart about it....
|
|
*/
|
|
|
|
/*
|
|
* Define the server side of the test.
|
|
*
|
|
* If the server prematurely exits, serverReady will be set to true
|
|
* to avoid infinite hangs.
|
|
*/
|
|
void doServerSide() throws Exception {
|
|
SSLServerSocketFactory sslssf =
|
|
(SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
|
|
SSLServerSocket sslServerSocket =
|
|
(SSLServerSocket) sslssf.createServerSocket(serverPort, 3);
|
|
|
|
sslServerSocket.setNeedClientAuth(true);
|
|
sslServerSocket.setEnabledCipherSuites(new String[] {suite1, suite2 });
|
|
|
|
serverPort = sslServerSocket.getLocalPort();
|
|
|
|
/*
|
|
* Signal Client, we're ready for his connect.
|
|
*/
|
|
serverReady = true;
|
|
|
|
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
|
|
|
|
DataInputStream sslIS =
|
|
new DataInputStream(sslSocket.getInputStream());
|
|
DataOutputStream sslOS =
|
|
new DataOutputStream(sslSocket.getOutputStream());
|
|
while (true) {
|
|
try {
|
|
System.out.println("Received: " + sslIS.readUTF());
|
|
} catch (SSLException e) {
|
|
System.out.println ("Received wrong exception");
|
|
break;
|
|
} catch (IOException e) {
|
|
System.out.println ("Received right exception");
|
|
break;
|
|
}
|
|
}
|
|
sslSocket.close();
|
|
}
|
|
|
|
/*
|
|
* Define the client side of the test.
|
|
*
|
|
* If the server prematurely exits, serverReady will be set to true
|
|
* to avoid infinite hangs.
|
|
*/
|
|
void doClientSide() throws Exception {
|
|
|
|
/*
|
|
* Wait for server to get started.
|
|
*/
|
|
while (!serverReady) {
|
|
Thread.sleep(50);
|
|
}
|
|
|
|
SSLSocketFactory sslsf =
|
|
(SSLSocketFactory) SSLSocketFactory.getDefault();
|
|
SSLSocket sslSocket = (SSLSocket)
|
|
sslsf.createSocket("localhost", serverPort);
|
|
|
|
sslSocket.setEnabledCipherSuites(new String[] { suite1 });
|
|
System.out.println("Enabled " + suite1);
|
|
|
|
DataInputStream sslIS =
|
|
new DataInputStream(sslSocket.getInputStream());
|
|
DataOutputStream sslOS =
|
|
new DataOutputStream(sslSocket.getOutputStream());
|
|
BufferedReader in = new BufferedReader(
|
|
new InputStreamReader(sslSocket.getInputStream()));
|
|
sslOS.writeUTF("With " + suite1);
|
|
|
|
sslSocket.setEnabledCipherSuites(new String[] { suite2 });
|
|
sslSocket.startHandshake();
|
|
|
|
System.out.println("Enabled " + suite2);
|
|
// write the message a few times - see bug 4462616 why we do this
|
|
sslOS.writeUTF("With " + suite2);
|
|
sslOS.writeUTF("With " + suite2);
|
|
sslOS.writeUTF("With " + suite2);
|
|
|
|
sslSocket.setEnabledCipherSuites(new String[] { suite1 });
|
|
sslSocket.startHandshake();
|
|
System.out.println("Re-enabled " + suite1);
|
|
sslOS.writeUTF("With " + suite1);
|
|
sslOS.writeUTF("With " + suite1);
|
|
sslOS.writeUTF("With " + suite1);
|
|
sslSocket.close();
|
|
}
|
|
|
|
/*
|
|
* =============================================================
|
|
* The remainder is just support stuff
|
|
*/
|
|
|
|
// use any free port by default
|
|
volatile int serverPort = 0;
|
|
|
|
volatile Exception serverException = null;
|
|
volatile Exception clientException = null;
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
// reset the security property to make sure that the cipher suites
|
|
// used in this test are not disabled
|
|
Security.setProperty("jdk.tls.disabledAlgorithms", "");
|
|
|
|
String keyFilename =
|
|
System.getProperty("test.src", "./") + "/" + pathToStores +
|
|
"/" + keyStoreFile;
|
|
String trustFilename =
|
|
System.getProperty("test.src", "./") + "/" + pathToStores +
|
|
"/" + trustStoreFile;
|
|
|
|
System.setProperty("javax.net.ssl.keyStore", keyFilename);
|
|
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
|
|
System.setProperty("javax.net.ssl.trustStore", trustFilename);
|
|
System.setProperty("javax.net.ssl.trustStorePassword", passwd);
|
|
|
|
if (debug)
|
|
System.setProperty("javax.net.debug", "all");
|
|
|
|
/*
|
|
* Start the tests.
|
|
*/
|
|
new JSSERenegotiate();
|
|
}
|
|
|
|
Thread clientThread = null;
|
|
Thread serverThread = null;
|
|
|
|
/*
|
|
* Primary constructor, used to drive remainder of the test.
|
|
*
|
|
* Fork off the other side, then do your work.
|
|
*/
|
|
JSSERenegotiate() throws Exception {
|
|
try {
|
|
if (separateServerThread) {
|
|
startServer(true);
|
|
startClient(false);
|
|
} else {
|
|
startClient(true);
|
|
startServer(false);
|
|
}
|
|
} catch (Exception e) {
|
|
// swallow for now. Show later
|
|
}
|
|
|
|
/*
|
|
* Wait for other side to close down.
|
|
*/
|
|
if (separateServerThread) {
|
|
serverThread.join();
|
|
} else {
|
|
clientThread.join();
|
|
}
|
|
|
|
/*
|
|
* When we get here, the test is pretty much over.
|
|
* Which side threw the error?
|
|
*/
|
|
Exception local;
|
|
Exception remote;
|
|
String whichRemote;
|
|
|
|
if (separateServerThread) {
|
|
remote = serverException;
|
|
local = clientException;
|
|
whichRemote = "server";
|
|
} else {
|
|
remote = clientException;
|
|
local = serverException;
|
|
whichRemote = "client";
|
|
}
|
|
|
|
/*
|
|
* If both failed, return the curthread's exception, but also
|
|
* print the remote side Exception
|
|
*/
|
|
if ((local != null) && (remote != null)) {
|
|
System.out.println(whichRemote + " also threw:");
|
|
remote.printStackTrace();
|
|
System.out.println();
|
|
throw local;
|
|
}
|
|
|
|
if (remote != null) {
|
|
throw remote;
|
|
}
|
|
|
|
if (local != null) {
|
|
throw local;
|
|
}
|
|
}
|
|
|
|
void startServer(boolean newThread) throws Exception {
|
|
if (newThread) {
|
|
serverThread = new Thread() {
|
|
public void run() {
|
|
try {
|
|
doServerSide();
|
|
} catch (Exception e) {
|
|
/*
|
|
* Our server thread just died.
|
|
*
|
|
* Release the client, if not active already...
|
|
*/
|
|
System.err.println("Server died...");
|
|
serverReady = true;
|
|
serverException = e;
|
|
}
|
|
}
|
|
};
|
|
serverThread.start();
|
|
} else {
|
|
try {
|
|
doServerSide();
|
|
} catch (Exception e) {
|
|
serverException = e;
|
|
} finally {
|
|
serverReady = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
void startClient(boolean newThread) throws Exception {
|
|
if (newThread) {
|
|
clientThread = new Thread() {
|
|
public void run() {
|
|
try {
|
|
doClientSide();
|
|
} catch (Exception e) {
|
|
/*
|
|
* Our client thread just died.
|
|
*/
|
|
System.err.println("Client died...");
|
|
clientException = e;
|
|
}
|
|
}
|
|
};
|
|
clientThread.start();
|
|
} else {
|
|
try {
|
|
doClientSide();
|
|
} catch (Exception e) {
|
|
clientException = e;
|
|
}
|
|
}
|
|
}
|
|
}
|