jdk-24/test/jdk/java/net/httpclient/http2/TLSConnection.java
Ivan Gerasimov 97c8fdb2dd 8175075: Add 3DES to the default disabled algorithm security property
Reviewed-by: xuelei, mullan, rhalade
2018-01-19 11:24:39 -08:00

257 lines
9.7 KiB
Java

/*
* Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.Security;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpRequest.BodyPublishers;
import java.net.http.HttpResponse.BodyHandlers;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
/*
* @test
* @bug 8150769 8157107
* @library server
* @summary Checks that SSL parameters can be set for HTTP/2 connection
* @modules java.base/sun.net.www.http
* java.net.http/jdk.internal.net.http.common
* java.net.http/jdk.internal.net.http.frame
* java.net.http/jdk.internal.net.http.hpack
* @run main/othervm
* -Djdk.internal.httpclient.debug=true
* -Djdk.httpclient.HttpClient.log=all
* TLSConnection
*/
public class TLSConnection {
private static final String KEYSTORE = System.getProperty("test.src")
+ File.separator + "keystore.p12";
private static final String PASSWORD = "password";
private static final SSLParameters USE_DEFAULT_SSL_PARAMETERS = new SSLParameters();
public static void main(String[] args) throws Exception {
// re-enable 3DES
Security.setProperty("jdk.tls.disabledAlgorithms", "");
// enable all logging
System.setProperty("jdk.httpclient.HttpClient.log", "all,frames:all");
// initialize JSSE
System.setProperty("javax.net.ssl.keyStore", KEYSTORE);
System.setProperty("javax.net.ssl.keyStorePassword", PASSWORD);
System.setProperty("javax.net.ssl.trustStore", KEYSTORE);
System.setProperty("javax.net.ssl.trustStorePassword", PASSWORD);
Handler handler = new Handler();
try (Http2TestServer server = new Http2TestServer("localhost", true, 0)) {
server.addHandler(handler, "/");
server.start();
int port = server.getAddress().getPort();
String uriString = "https://localhost:" + Integer.toString(port);
// run test cases
boolean success = true;
SSLParameters parameters = null;
success &= expectFailure(
"---\nTest #1: SSL parameters is null, expect NPE",
() -> connect(uriString, parameters),
NullPointerException.class);
success &= expectSuccess(
"---\nTest #2: default SSL parameters, "
+ "expect successful connection",
() -> connect(uriString, USE_DEFAULT_SSL_PARAMETERS));
success &= checkProtocol(handler.getSSLSession(), "TLSv1.2");
// set SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA cipher suite
// which has less priority in default cipher suite list
success &= expectSuccess(
"---\nTest #3: SSL parameters with "
+ "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA cipher suite, "
+ "expect successful connection",
() -> connect(uriString, new SSLParameters(
new String[] { "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
new String[] { "TLSv1.2" })));
success &= checkProtocol(handler.getSSLSession(), "TLSv1.2");
success &= checkCipherSuite(handler.getSSLSession(),
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA");
// set TLS_RSA_WITH_AES_128_CBC_SHA cipher suite
// which has less priority in default cipher suite list
// also set TLSv1.2 protocol
success &= expectSuccess(
"---\nTest #4: SSL parameters with "
+ "TLS_RSA_WITH_AES_128_CBC_SHA cipher suite,"
+ " expect successful connection",
() -> connect(uriString, new SSLParameters(
new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA" },
new String[] { "TLSv1.2" })));
success &= checkProtocol(handler.getSSLSession(), "TLSv1.2");
success &= checkCipherSuite(handler.getSSLSession(),
"TLS_RSA_WITH_AES_128_CBC_SHA");
if (success) {
System.out.println("Test passed");
} else {
throw new RuntimeException("At least one test case failed");
}
}
}
private static interface Test {
public void run() throws Exception;
}
private static class Handler implements Http2Handler {
private static final byte[] BODY = "Test response".getBytes();
private volatile SSLSession sslSession;
@Override
public void handle(Http2TestExchange t) throws IOException {
System.out.println("Handler: received request to "
+ t.getRequestURI());
try (InputStream is = t.getRequestBody()) {
byte[] body = is.readAllBytes();
System.out.println("Handler: read " + body.length
+ " bytes of body: ");
System.out.println(new String(body));
}
try (OutputStream os = t.getResponseBody()) {
t.sendResponseHeaders(200, BODY.length);
os.write(BODY);
}
sslSession = t.getSSLSession();
}
SSLSession getSSLSession() {
return sslSession;
}
}
private static void connect(String uriString, SSLParameters sslParameters)
throws URISyntaxException, IOException, InterruptedException
{
HttpClient.Builder builder = HttpClient.newBuilder()
.version(HttpClient.Version.HTTP_2);
if (sslParameters != USE_DEFAULT_SSL_PARAMETERS)
builder.sslParameters(sslParameters);
HttpClient client = builder.build();
HttpRequest request = HttpRequest.newBuilder(new URI(uriString))
.POST(BodyPublishers.ofString("body"))
.build();
String body = client.send(request, BodyHandlers.ofString()).body();
System.out.println("Response: " + body);
}
private static boolean checkProtocol(SSLSession session, String protocol) {
if (session == null) {
System.out.println("Check protocol: no session provided");
return false;
}
System.out.println("Check protocol: negotiated protocol: "
+ session.getProtocol());
System.out.println("Check protocol: expected protocol: "
+ protocol);
if (!protocol.equals(session.getProtocol())) {
System.out.println("Check protocol: unexpected negotiated protocol");
return false;
}
return true;
}
private static boolean checkCipherSuite(SSLSession session, String ciphersuite) {
if (session == null) {
System.out.println("Check protocol: no session provided");
return false;
}
System.out.println("Check protocol: negotiated ciphersuite: "
+ session.getCipherSuite());
System.out.println("Check protocol: expected ciphersuite: "
+ ciphersuite);
if (!ciphersuite.equals(session.getCipherSuite())) {
System.out.println("Check protocol: unexpected negotiated ciphersuite");
return false;
}
return true;
}
private static boolean expectSuccess(String message, Test test) {
System.out.println(message);
try {
test.run();
System.out.println("Passed");
return true;
} catch (Exception e) {
System.out.println("Failed: unexpected exception:");
e.printStackTrace(System.out);
return false;
}
}
private static boolean expectFailure(String message, Test test,
Class<? extends Throwable> expectedException) {
System.out.println(message);
try {
test.run();
System.out.println("Failed: unexpected successful connection");
return false;
} catch (Exception e) {
System.out.println("Got an exception:");
e.printStackTrace(System.out);
if (expectedException != null
&& !expectedException.isAssignableFrom(e.getClass())) {
System.out.printf("Failed: expected %s, but got %s%n",
expectedException.getName(),
e.getClass().getName());
return false;
}
System.out.println("Passed: expected exception");
return true;
}
}
}