1 /*
2 * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 4323990 4413069
27 * @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT
28 * Incorrect checking of proxy server response
29 * @modules java.base/sun.net.www
30 * @run main/othervm ProxyAuthTest
31 *
32 * No way to reserve and restore java.lang.Authenticator, need to run this
33 * test in othervm mode.
34 */
35
36 import java.io.*;
37 import java.net.*;
38 import java.security.KeyStore;
39 import javax.net.*;
40 import javax.net.ssl.*;
41 import java.security.cert.*;
42
43 /*
44 * ProxyAuthTest.java -- includes a simple server that can serve
45 * Http get request in both clear and secure channel, and a client
46 * that makes https requests behind the firewall through an
47 * authentication proxy
48 */
49
50 public class ProxyAuthTest {
51 /*
52 * Where do we find the keystores?
53 */
54 static String pathToStores = "../../../../../../javax/net/ssl/etc";
55 static String keyStoreFile = "keystore";
56 static String trustStoreFile = "truststore";
57 static String passwd = "passphrase";
58
59 volatile private static int serverPort = 0;
60
61 /*
62 * The TestServer implements a OriginServer that
63 * processes HTTP requests and responses.
64 */
65 static class TestServer extends OriginServer {
66 public TestServer(ServerSocket ss) throws Exception {
67 super(ss);
68 }
69
70 /*
71 * Returns an array of bytes containing the bytes for
72 * the data sent in the response.
73 *
74 * @return bytes for the data in the response
75 */
76 public byte[] getBytes() {
77 return "Proxy authentication for tunneling succeeded ..".
78 getBytes();
79 }
80 }
81
82 /*
83 * Main method to create the server and the client
84 */
85 public static void main(String args[]) throws Exception {
86 String keyFilename =
87 System.getProperty("test.src", "./") + "/" + pathToStores +
88 "/" + keyStoreFile;
89 String trustFilename =
90 System.getProperty("test.src", "./") + "/" + pathToStores +
91 "/" + trustStoreFile;
92
93 System.setProperty("javax.net.ssl.keyStore", keyFilename);
94 System.setProperty("javax.net.ssl.keyStorePassword", passwd);
95 System.setProperty("javax.net.ssl.trustStore", trustFilename);
96 System.setProperty("javax.net.ssl.trustStorePassword", passwd);
97
98 boolean useSSL = true;
99 /*
100 * setup the server
101 */
102 try {
103 ServerSocketFactory ssf =
104 ProxyAuthTest.getServerSocketFactory(useSSL);
105 ServerSocket ss = ssf.createServerSocket(serverPort);
106 serverPort = ss.getLocalPort();
107 new TestServer(ss);
108 } catch (Exception e) {
109 System.out.println("Server side failed:" +
110 e.getMessage());
111 throw e;
112 }
113 // trigger the client
114 try {
115 doClientSide();
116 } catch (Exception e) {
117 System.out.println("Client side failed: " + e.getMessage());
118 throw e;
119 }
120 }
121
122 private static ServerSocketFactory getServerSocketFactory
123 (boolean useSSL) throws Exception {
124 if (useSSL) {
125 SSLServerSocketFactory ssf = null;
126 // set up key manager to do server authentication
127 SSLContext ctx;
128 KeyManagerFactory kmf;
129 KeyStore ks;
130 char[] passphrase = passwd.toCharArray();
131
132 ctx = SSLContext.getInstance("TLS");
133 kmf = KeyManagerFactory.getInstance("SunX509");
134 ks = KeyStore.getInstance("JKS");
135
136 ks.load(new FileInputStream(System.getProperty(
137 "javax.net.ssl.keyStore")), passphrase);
138 kmf.init(ks, passphrase);
139 ctx.init(kmf.getKeyManagers(), null, null);
140
141 ssf = ctx.getServerSocketFactory();
142 return ssf;
143 } else {
144 return ServerSocketFactory.getDefault();
145 }
146 }
147
148 static void doClientSide() throws Exception {
149 /*
150 * setup up a proxy with authentication information
151 */
152 setupProxy();
153
154 /*
155 * we want to avoid URLspoofCheck failures in cases where the cert
156 * DN name does not match the hostname in the URL.
157 */
158 HttpsURLConnection.setDefaultHostnameVerifier(
159 new NameVerifier());
160 URL url = new URL("https://" + "localhost:" + serverPort
161 + "/index.html");
162 BufferedReader in = null;
163 try {
164 in = new BufferedReader(new InputStreamReader(
165 url.openStream()));
166 String inputLine;
167 System.out.print("Client recieved from the server: ");
168 while ((inputLine = in.readLine()) != null)
169 System.out.println(inputLine);
170 in.close();
171 } catch (SSLException e) {
172 if (in != null)
173 in.close();
174 throw e;
175 }
176 }
177
178 static class NameVerifier implements HostnameVerifier {
179 public boolean verify(String hostname, SSLSession session) {
180 return true;
181 }
182 }
183
184 static void setupProxy() throws IOException {
185 ProxyTunnelServer pserver = new ProxyTunnelServer();
186 /*
187 * register a system wide authenticator and setup the proxy for
188 * authentication
189 */
190 Authenticator.setDefault(new TestAuthenticator());
191
192 // register with the username and password
193 pserver.needUserAuth(true);
194 pserver.setUserAuth("Test", "test123");
195
196 pserver.start();
197 System.setProperty("https.proxyHost", "localhost");
198 System.setProperty("https.proxyPort", String.valueOf(
199 pserver.getPort()));
200 }
201
202 public static class TestAuthenticator extends Authenticator {
203
204 public PasswordAuthentication getPasswordAuthentication() {
205 return new PasswordAuthentication("Test",
206 "test123".toCharArray());
207 }
208 }
209 }