1 /* 2 * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 4323990 4413069 27 * @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT 28 * Incorrect checking of proxy server response 29 * @modules java.base/sun.net.www 30 * @library /javax/net/ssl/templates 31 * @run main/othervm ProxyAuthTest 32 * 33 * No way to reserve and restore java.lang.Authenticator, need to run this 34 * test in othervm mode. 35 */ 36 37 import java.io.*; 38 import java.net.*; 39 import javax.net.ssl.*; 40 41 /* 42 * ProxyAuthTest.java -- includes a simple server that can serve 43 * Http get request in both clear and secure channel, and a client 44 * that makes https requests behind the firewall through an 45 * authentication proxy 46 */ 47 48 public class ProxyAuthTest { 49 /* 50 * Where do we find the keystores? 51 */ 52 static String pathToStores = "../../../../../../javax/net/ssl/etc"; 53 static String keyStoreFile = "keystore"; 54 static String trustStoreFile = "truststore"; 55 static String passwd = "passphrase"; 56 57 /** 58 * read the response, don't care for the syntax of the request-line 59 * for this testing 60 */ 61 private static void readRequest(BufferedReader in) throws IOException { 62 String line = null; 63 System.out.println("Server received: "); 64 do { 65 if (line != null) { 66 System.out.println(line); 67 } 68 line = in.readLine(); 69 } while ((line.length() != 0) && 70 (line.charAt(0) != '\r') && (line.charAt(0) != '\n')); 71 } 72 73 74 /* 75 * Main method to create the server and the client 76 */ 77 public static void main(String args[]) throws Exception { 78 String keyFilename = 79 SSLTest.TEST_SRC + "/" + pathToStores + "/" + keyStoreFile; 80 String trustFilename = 81 SSLTest.TEST_SRC + "/" + pathToStores + "/" + trustStoreFile; 82 83 SSLTest.setup(keyFilename, trustFilename, passwd); 84 85 new SSLTest() 86 .setServerApplication((socket, test) -> { 87 DataOutputStream out = new DataOutputStream( 88 socket.getOutputStream()); 89 try { 90 BufferedReader in = new BufferedReader( 91 new InputStreamReader(socket.getInputStream())); 92 93 // read the request 94 readRequest(in); 95 96 // retrieve bytecodes 97 byte[] bytecodes = 98 "Proxy authentication for tunneling succeeded .." 99 .getBytes(); 100 101 // send bytecodes in response (assumes HTTP/1.0 or later) 102 out.writeBytes("HTTP/1.0 200 OK\r\n"); 103 out.writeBytes("Content-Length: " + bytecodes.length + 104 "\r\n"); 105 out.writeBytes("Content-Type: text/html\r\n\r\n"); 106 out.write(bytecodes); 107 out.flush(); 108 } catch (Exception e) { 109 // write out error response 110 out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n"); 111 out.writeBytes("Content-Type: text/html\r\n\r\n"); 112 out.flush(); 113 } 114 }) 115 .setClientPeer(test -> { 116 doClientSide(test); 117 }) 118 .runTest(); 119 } 120 121 private static void doClientSide(SSLTest test) throws Exception { 122 123 // Wait for server to get started. 124 // 125 // The server side takes care of the issue if the server cannot 126 // get started in 90 seconds. The client side would just ignore 127 // the test case if the serer is not ready. 128 if (!test.waitForServerSignal()) { 129 System.out.print("The server is not ready yet in 90 seconds. " 130 + "Ignore in client side."); 131 return; 132 } 133 134 /* 135 * setup up a proxy with authentication information 136 */ 137 setupProxy(); 138 139 /* 140 * we want to avoid URLspoofCheck failures in cases where the cert 141 * DN name does not match the hostname in the URL. 142 */ 143 HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier()); 144 145 URL url = new URL("https://" + "localhost:" + test.getServerPort() 146 + "/index.html"); 147 148 // Signal the server, the client is ready to communicate. 149 test.signalClientReady(); 150 151 try (BufferedReader in = new BufferedReader( 152 new InputStreamReader(url.openStream()))) { 153 154 String inputLine; 155 System.out.print("Client recieved from the server: "); 156 while ((inputLine = in.readLine()) != null) { 157 System.out.println(inputLine); 158 } 159 } 160 } 161 162 static class NameVerifier implements HostnameVerifier { 163 164 @Override 165 public boolean verify(String hostname, SSLSession session) { 166 return true; 167 } 168 } 169 170 static void setupProxy() throws IOException { 171 ProxyTunnelServer pserver = new ProxyTunnelServer(); 172 /* 173 * register a system wide authenticator and setup the proxy for 174 * authentication 175 */ 176 Authenticator.setDefault(new TestAuthenticator()); 177 178 // register with the username and password 179 pserver.needUserAuth(true); 180 pserver.setUserAuth("Test", "test123"); 181 182 pserver.start(); 183 System.setProperty("https.proxyHost", "localhost"); 184 System.setProperty("https.proxyPort", 185 String.valueOf(pserver.getPort())); 186 } 187 188 public static class TestAuthenticator extends Authenticator { 189 190 @Override 191 public PasswordAuthentication getPasswordAuthentication() { 192 return new PasswordAuthentication("Test", "test123".toCharArray()); 193 } 194 } 195 }