1 /*
2 * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 package jdk.incubator.http;
25
26 import jdk.incubator.http.internal.common.Demand;
27 import jdk.incubator.http.internal.common.FlowTube;
28 import jdk.incubator.http.internal.common.SSLFlowDelegate;
29 import jdk.incubator.http.internal.common.SSLTube;
30 import jdk.incubator.http.internal.common.SequentialScheduler;
31 import jdk.incubator.http.internal.common.Utils;
32 import org.testng.annotations.Test;
33
34 import javax.net.ssl.KeyManagerFactory;
35 import javax.net.ssl.SSLContext;
36 import javax.net.ssl.SSLEngine;
37 import javax.net.ssl.SSLParameters;
38 import javax.net.ssl.SSLServerSocket;
39 import javax.net.ssl.SSLServerSocketFactory;
40 import javax.net.ssl.SSLSocket;
41 import javax.net.ssl.TrustManagerFactory;
42 import java.io.BufferedOutputStream;
43 import java.io.File;
44 import java.io.FileInputStream;
45 import java.io.IOException;
46 import java.io.InputStream;
47 import java.io.OutputStream;
48 import java.net.Socket;
49 import java.nio.ByteBuffer;
50 import java.security.KeyManagementException;
51 import java.security.KeyStore;
52 import java.security.KeyStoreException;
53 import java.security.NoSuchAlgorithmException;
54 import java.security.UnrecoverableKeyException;
55 import java.security.cert.CertificateException;
56 import java.util.List;
57 import java.util.Queue;
58 import java.util.StringTokenizer;
59 import java.util.concurrent.BlockingQueue;
60 import java.util.concurrent.CompletableFuture;
61 import java.util.concurrent.ConcurrentLinkedQueue;
62 import java.util.concurrent.Executor;
63 import java.util.concurrent.ExecutorService;
64 import java.util.concurrent.Executors;
65 import java.util.concurrent.Flow;
66 import java.util.concurrent.ForkJoinPool;
67 import java.util.concurrent.LinkedBlockingQueue;
68 import java.util.concurrent.SubmissionPublisher;
69 import java.util.concurrent.atomic.AtomicBoolean;
70 import java.util.concurrent.atomic.AtomicInteger;
71 import java.util.concurrent.atomic.AtomicLong;
72
73 @Test
74 public class SSLTubeTest {
75
76 private static final long COUNTER = 600;
77 private static final int LONGS_PER_BUF = 800;
78 private static final long TOTAL_LONGS = COUNTER * LONGS_PER_BUF;
79
80 private static ByteBuffer getBuffer(long startingAt) {
81 ByteBuffer buf = ByteBuffer.allocate(LONGS_PER_BUF * 8);
82 for (int j = 0; j < LONGS_PER_BUF; j++) {
83 buf.putLong(startingAt++);
84 }
85 buf.flip();
86 return buf;
87 }
88
89 @Test(timeOut = 30000)
90 public void run() throws IOException {
91 /* Start of wiring */
92 ExecutorService sslExecutor = Executors.newCachedThreadPool();
93 /* Emulates an echo server */
94 // FlowTube server = new SSLTube(createSSLEngine(false),
95 // sslExecutor,
96 // new EchoTube(16));
97 SSLLoopbackSubscriber server =
98 new SSLLoopbackSubscriber((new SimpleSSLContext()).get(), sslExecutor);
99 server.start();
100
101 FlowTube client = new SSLTube(createSSLEngine(true),
102 sslExecutor,
103 server);
104 SubmissionPublisher<List<ByteBuffer>> p =
105 new SubmissionPublisher<>(ForkJoinPool.commonPool(),
106 Integer.MAX_VALUE);
107 FlowTube.TubePublisher begin = p::subscribe;
108 CompletableFuture<Void> completion = new CompletableFuture<>();
109 EndSubscriber end = new EndSubscriber(TOTAL_LONGS, completion);
110 client.connectFlows(begin, end);
111 /* End of wiring */
112
113 long count = 0;
114 System.out.printf("Submitting %d buffer arrays\n", COUNTER);
115 System.out.printf("LoopCount should be %d\n", TOTAL_LONGS);
116 for (long i = 0; i < COUNTER; i++) {
117 ByteBuffer b = getBuffer(count);
118 count += LONGS_PER_BUF;
119 p.submit(List.of(b));
120 }
121 System.out.println("Finished submission. Waiting for loopback");
122 p.close();
123 try {
124 completion.join();
125 System.out.println("OK");
126 } finally {
127 sslExecutor.shutdownNow();
128 }
129 }
130
131 static class SSLLoopbackSubscriber implements FlowTube {
132 private final BlockingQueue<ByteBuffer> buffer;
133 private final Socket clientSock;
134 private final SSLSocket serverSock;
135 private final Thread thread1, thread2, thread3;
136 private volatile Flow.Subscription clientSubscription;
137 private final SubmissionPublisher<List<ByteBuffer>> publisher;
138
139 SSLLoopbackSubscriber(SSLContext ctx, ExecutorService exec) throws IOException {
140 SSLServerSocketFactory fac = ctx.getServerSocketFactory();
141 SSLServerSocket serv = (SSLServerSocket) fac.createServerSocket(0);
142 SSLParameters params = serv.getSSLParameters();
143 params.setApplicationProtocols(new String[]{"proto2"});
144 serv.setSSLParameters(params);
145
146
147 int serverPort = serv.getLocalPort();
148 clientSock = new Socket("127.0.0.1", serverPort);
149 serverSock = (SSLSocket) serv.accept();
150 this.buffer = new LinkedBlockingQueue<>();
151 thread1 = new Thread(this::clientWriter, "clientWriter");
152 thread2 = new Thread(this::serverLoopback, "serverLoopback");
153 thread3 = new Thread(this::clientReader, "clientReader");
154 publisher = new SubmissionPublisher<>(exec, Flow.defaultBufferSize(),
155 this::handlePublisherException);
156 SSLFlowDelegate.Monitor.add(this::monitor);
157 }
158
159 public void start() {
160 thread1.start();
161 thread2.start();
162 thread3.start();
163 }
164
165 private void handlePublisherException(Object o, Throwable t) {
166 System.out.println("Loopback Publisher exception");
167 t.printStackTrace(System.out);
168 }
169
170 private final AtomicInteger readCount = new AtomicInteger();
171
172 // reads off the SSLSocket the data from the "server"
173 private void clientReader() {
174 try {
175 InputStream is = clientSock.getInputStream();
176 final int bufsize = FlowTest.randomRange(512, 16 * 1024);
177 System.out.println("clientReader: bufsize = " + bufsize);
178 while (true) {
179 byte[] buf = new byte[bufsize];
180 int n = is.read(buf);
181 if (n == -1) {
182 System.out.println("clientReader close: read "
183 + readCount.get() + " bytes");
184 publisher.close();
185 sleep(2000);
186 Utils.close(is, clientSock);
187 return;
188 }
189 ByteBuffer bb = ByteBuffer.wrap(buf, 0, n);
190 readCount.addAndGet(n);
191 publisher.submit(List.of(bb));
192 }
193 } catch (Throwable e) {
194 e.printStackTrace();
195 Utils.close(clientSock);
196 }
197 }
198
199 // writes the encrypted data from SSLFLowDelegate to the j.n.Socket
200 // which is connected to the SSLSocket emulating a server.
201 private void clientWriter() {
202 long nbytes = 0;
203 try {
204 OutputStream os =
205 new BufferedOutputStream(clientSock.getOutputStream());
206
207 while (true) {
208 ByteBuffer buf = buffer.take();
209 if (buf == FlowTest.SENTINEL) {
210 // finished
211 //Utils.sleep(2000);
212 System.out.println("clientWriter close: " + nbytes + " written");
213 clientSock.shutdownOutput();
214 System.out.println("clientWriter close return");
215 return;
216 }
217 int len = buf.remaining();
218 int written = writeToStream(os, buf);
219 assert len == written;
220 nbytes += len;
221 assert !buf.hasRemaining()
222 : "buffer has " + buf.remaining() + " bytes left";
223 clientSubscription.request(1);
224 }
225 } catch (Throwable e) {
226 e.printStackTrace();
227 }
228 }
229
230 private int writeToStream(OutputStream os, ByteBuffer buf) throws IOException {
231 byte[] b = buf.array();
232 int offset = buf.arrayOffset() + buf.position();
233 int n = buf.limit() - buf.position();
234 os.write(b, offset, n);
235 buf.position(buf.limit());
236 os.flush();
237 return n;
238 }
239
240 private final AtomicInteger loopCount = new AtomicInteger();
241
242 public String monitor() {
243 return "serverLoopback: loopcount = " + loopCount.toString()
244 + " clientRead: count = " + readCount.toString();
245 }
246
247 // thread2
248 private void serverLoopback() {
249 try {
250 InputStream is = serverSock.getInputStream();
251 OutputStream os = serverSock.getOutputStream();
252 final int bufsize = FlowTest.randomRange(512, 16 * 1024);
253 System.out.println("serverLoopback: bufsize = " + bufsize);
254 byte[] bb = new byte[bufsize];
255 while (true) {
256 int n = is.read(bb);
257 if (n == -1) {
258 sleep(2000);
259 is.close();
260 os.close();
261 serverSock.close();
262 return;
263 }
264 os.write(bb, 0, n);
265 os.flush();
266 loopCount.addAndGet(n);
267 }
268 } catch (Throwable e) {
269 e.printStackTrace();
270 }
271 }
272
273
274 /**
275 * This needs to be called before the chain is subscribed. It can't be
276 * supplied in the constructor.
277 */
278 public void setReturnSubscriber(Flow.Subscriber<List<ByteBuffer>> returnSubscriber) {
279 publisher.subscribe(returnSubscriber);
280 }
281
282 @Override
283 public void onSubscribe(Flow.Subscription subscription) {
284 clientSubscription = subscription;
285 clientSubscription.request(5);
286 }
287
288 @Override
289 public void onNext(List<ByteBuffer> item) {
290 try {
291 for (ByteBuffer b : item)
292 buffer.put(b);
293 } catch (InterruptedException e) {
294 e.printStackTrace();
295 Utils.close(clientSock);
296 }
297 }
298
299 @Override
300 public void onError(Throwable throwable) {
301 throwable.printStackTrace();
302 Utils.close(clientSock);
303 }
304
305 @Override
306 public void onComplete() {
307 try {
308 buffer.put(FlowTest.SENTINEL);
309 } catch (InterruptedException e) {
310 e.printStackTrace();
311 Utils.close(clientSock);
312 }
313 }
314
315 @Override
316 public boolean isFinished() {
317 return false;
318 }
319
320 @Override
321 public void subscribe(Flow.Subscriber<? super List<ByteBuffer>> subscriber) {
322 publisher.subscribe(subscriber);
323 }
324 }
325
326 private static void sleep(long millis) {
327 try {
328 Thread.sleep(millis);
329 } catch (InterruptedException e) {
330
331 }
332 }
333 // private static final class EchoTube implements FlowTube {
334 //
335 // private final static Object EOF = new Object();
336 // private final Executor executor = Executors.newSingleThreadExecutor();
337 //
338 // private final Queue<Object> queue = new ConcurrentLinkedQueue<>();
339 // private final int maxQueueSize;
340 // private final SequentialScheduler processingScheduler =
341 // new SequentialScheduler(createProcessingTask());
342 //
343 // /* Writing into this tube */
344 // private long unfulfilled;
345 // private Flow.Subscription subscription;
346 //
347 // /* Reading from this tube */
348 // private final Demand demand = new Demand();
349 // private final AtomicBoolean cancelled = new AtomicBoolean();
350 // private Flow.Subscriber<? super List<ByteBuffer>> subscriber;
351 //
352 // private EchoTube(int maxBufferSize) {
353 // if (maxBufferSize < 1)
354 // throw new IllegalArgumentException();
355 // this.maxQueueSize = maxBufferSize;
356 // }
357 //
358 // @Override
359 // public void subscribe(Flow.Subscriber<? super List<ByteBuffer>> subscriber) {
360 // this.subscriber = subscriber;
361 // System.out.println("EchoTube got subscriber: " + subscriber);
362 // this.subscriber.onSubscribe(new InternalSubscription());
363 // }
364 //
365 // @Override
366 // public void onSubscribe(Flow.Subscription subscription) {
367 // unfulfilled = maxQueueSize;
368 // System.out.println("EchoTube request: " + maxQueueSize);
369 // (this.subscription = subscription).request(maxQueueSize);
370 // }
371 //
372 // @Override
373 // public void onNext(List<ByteBuffer> item) {
374 // if (--unfulfilled == (maxQueueSize / 2)) {
375 // long req = maxQueueSize - unfulfilled;
376 // subscription.request(req);
377 // System.out.println("EchoTube request: " + req);
378 // unfulfilled = maxQueueSize;
379 // }
380 // System.out.println("EchoTube add " + Utils.remaining(item));
381 // queue.add(item);
382 // processingScheduler.deferOrSchedule(executor);
383 // }
384 //
385 // @Override
386 // public void onError(Throwable throwable) {
387 // System.out.println("EchoTube add " + throwable);
388 // queue.add(throwable);
389 // processingScheduler.deferOrSchedule(executor);
390 // }
391 //
392 // @Override
393 // public void onComplete() {
394 // System.out.println("EchoTube add EOF");
395 // queue.add(EOF);
396 // processingScheduler.deferOrSchedule(executor);
397 // }
398 //
399 // @Override
400 // public boolean isFinished() {
401 // return false;
402 // }
403 //
404 // private class InternalSubscription implements Flow.Subscription {
405 //
406 // @Override
407 // public void request(long n) {
408 // System.out.println("EchoTube got request: " + n);
409 // if (n <= 0) {
410 // throw new InternalError();
411 // }
412 // demand.increase(n);
413 // processingScheduler.runOrSchedule();
414 // }
415 //
416 // @Override
417 // public void cancel() {
418 // cancelled.set(true);
419 // }
420 // }
421 //
422 // @Override
423 // public String toString() {
424 // return "EchoTube";
425 // }
426 //
427 // private SequentialScheduler.RestartableTask createProcessingTask() {
428 // return new SequentialScheduler.CompleteRestartableTask() {
429 //
430 // @Override
431 // protected void run() {
432 // try {
433 // while (!cancelled.get()) {
434 // Object item = queue.peek();
435 // if (item == null)
436 // return;
437 // try {
438 // System.out.println("EchoTube processing item");
439 // if (item instanceof List) {
440 // if (!demand.tryDecrement()) {
441 // System.out.println("EchoTube no demand");
442 // return;
443 // }
444 // @SuppressWarnings("unchecked")
445 // List<ByteBuffer> bytes = (List<ByteBuffer>) item;
446 // Object removed = queue.remove();
447 // assert removed == item;
448 // System.out.println("EchoTube processing "
449 // + Utils.remaining(bytes));
450 // subscriber.onNext(bytes);
451 // } else if (item instanceof Throwable) {
452 // cancelled.set(true);
453 // Object removed = queue.remove();
454 // assert removed == item;
455 // System.out.println("EchoTube processing " + item);
456 // subscriber.onError((Throwable) item);
457 // } else if (item == EOF) {
458 // cancelled.set(true);
459 // Object removed = queue.remove();
460 // assert removed == item;
461 // System.out.println("EchoTube processing EOF");
462 // subscriber.onComplete();
463 // } else {
464 // throw new InternalError(String.valueOf(item));
465 // }
466 // } finally {
467 // }
468 // }
469 // } catch(Throwable t) {
470 // t.printStackTrace();
471 // throw t;
472 // }
473 // }
474 // };
475 // }
476 // }
477
478 /**
479 * The final subscriber which receives the decrypted looped-back data. Just
480 * needs to compare the data with what was sent. The given CF is either
481 * completed exceptionally with an error or normally on success.
482 */
483 private static class EndSubscriber implements FlowTube.TubeSubscriber {
484
485 private static final int REQUEST_WINDOW = 13;
486
487 private final long nbytes;
488 private final AtomicLong counter = new AtomicLong();
489 private final CompletableFuture<?> completion;
490 private volatile Flow.Subscription subscription;
491 private long unfulfilled;
492
493 EndSubscriber(long nbytes, CompletableFuture<?> completion) {
494 this.nbytes = nbytes;
495 this.completion = completion;
496 }
497
498 @Override
499 public void onSubscribe(Flow.Subscription subscription) {
500 this.subscription = subscription;
501 unfulfilled = REQUEST_WINDOW;
502 System.out.println("EndSubscriber request " + REQUEST_WINDOW);
503 subscription.request(REQUEST_WINDOW);
504 }
505
506 public static String info(List<ByteBuffer> i) {
507 StringBuilder sb = new StringBuilder();
508 sb.append("size: ").append(Integer.toString(i.size()));
509 int x = 0;
510 for (ByteBuffer b : i)
511 x += b.remaining();
512 sb.append(" bytes: ").append(x);
513 return sb.toString();
514 }
515
516 @Override
517 public void onNext(List<ByteBuffer> buffers) {
518 if (--unfulfilled == (REQUEST_WINDOW / 2)) {
519 long req = REQUEST_WINDOW - unfulfilled;
520 System.out.println("EndSubscriber request " + req);
521 subscription.request(req);
522 unfulfilled = REQUEST_WINDOW;
523 }
524
525 long currval = counter.get();
526 if (currval % 500 == 0) {
527 System.out.println("End: " + currval);
528 }
529 System.out.println("EndSubscriber onNext " + Utils.remaining(buffers));
530
531 for (ByteBuffer buf : buffers) {
532 while (buf.hasRemaining()) {
533 long n = buf.getLong();
534 if (currval > (SSLTubeTest.TOTAL_LONGS - 50)) {
535 System.out.println("End: " + currval);
536 }
537 if (n != currval++) {
538 System.out.println("ERROR at " + n + " != " + (currval - 1));
539 completion.completeExceptionally(new RuntimeException("ERROR"));
540 subscription.cancel();
541 return;
542 }
543 }
544 }
545
546 counter.set(currval);
547 }
548
549 @Override
550 public void onError(Throwable throwable) {
551 System.out.println("EndSubscriber onError " + throwable);
552 completion.completeExceptionally(throwable);
553 }
554
555 @Override
556 public void onComplete() {
557 long n = counter.get();
558 if (n != nbytes) {
559 System.out.printf("nbytes=%d n=%d\n", nbytes, n);
560 completion.completeExceptionally(new RuntimeException("ERROR AT END"));
561 } else {
562 System.out.println("DONE OK");
563 completion.complete(null);
564 }
565 }
566 @Override
567 public String toString() {
568 return "EndSubscriber";
569 }
570 }
571
572 private static SSLEngine createSSLEngine(boolean client) throws IOException {
573 SSLContext context = (new SimpleSSLContext()).get();
574 SSLEngine engine = context.createSSLEngine();
575 SSLParameters params = context.getSupportedSSLParameters();
576 params.setProtocols(new String[]{"TLSv1.2"}); // TODO: This is essential. Needs to be protocol impl
577 if (client) {
578 params.setApplicationProtocols(new String[]{"proto1", "proto2"}); // server will choose proto2
579 } else {
580 params.setApplicationProtocols(new String[]{"proto2"}); // server will choose proto2
581 }
582 engine.setSSLParameters(params);
583 engine.setUseClientMode(client);
584 return engine;
585 }
586
587 /**
588 * Creates a simple usable SSLContext for SSLSocketFactory or a HttpsServer
589 * using either a given keystore or a default one in the test tree.
590 *
591 * Using this class with a security manager requires the following
592 * permissions to be granted:
593 *
594 * permission "java.util.PropertyPermission" "test.src.path", "read";
595 * permission java.io.FilePermission "${test.src}/../../../../lib/testlibrary/jdk/testlibrary/testkeys",
596 * "read"; The exact path above depends on the location of the test.
597 */
598 private static class SimpleSSLContext {
599
600 private final SSLContext ssl;
601
602 /**
603 * Loads default keystore from SimpleSSLContext source directory
604 */
605 public SimpleSSLContext() throws IOException {
606 String paths = System.getProperty("test.src.path");
607 StringTokenizer st = new StringTokenizer(paths, File.pathSeparator);
608 boolean securityExceptions = false;
609 SSLContext sslContext = null;
610 while (st.hasMoreTokens()) {
611 String path = st.nextToken();
612 try {
613 File f = new File(path, "../../../../lib/testlibrary/jdk/testlibrary/testkeys");
614 if (f.exists()) {
615 try (FileInputStream fis = new FileInputStream(f)) {
616 sslContext = init(fis);
617 break;
618 }
619 }
620 } catch (SecurityException e) {
621 // catch and ignore because permission only required
622 // for one entry on path (at most)
623 securityExceptions = true;
624 }
625 }
626 if (securityExceptions) {
627 System.err.println("SecurityExceptions thrown on loading testkeys");
628 }
629 ssl = sslContext;
630 }
631
632 private SSLContext init(InputStream i) throws IOException {
633 try {
634 char[] passphrase = "passphrase".toCharArray();
635 KeyStore ks = KeyStore.getInstance("JKS");
636 ks.load(i, passphrase);
637
638 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
639 kmf.init(ks, passphrase);
640
641 TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
642 tmf.init(ks);
643
644 SSLContext ssl = SSLContext.getInstance("TLS");
645 ssl.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
646 return ssl;
647 } catch (KeyManagementException | KeyStoreException |
648 UnrecoverableKeyException | CertificateException |
649 NoSuchAlgorithmException e) {
650 throw new RuntimeException(e.getMessage());
651 }
652 }
653
654 public SSLContext get() {
655 return ssl;
656 }
657 }
658 }