/* * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @bug 8058865 * @summary Checks various secure ways of connecting from remote jmx client * @author Olivier Lagneau * @modules java.management.rmi * @library /lib/testlibrary * @compile MBS_Light.java ServerDelegate.java TestSampleLoginModule.java * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dusername=SQE_username -Dpassword=SQE_password SecurityTest -server -mapType x.password.file -client -mapType credentials * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dusername=UNKNOWN_username -Dpassword=SQE_password SecurityTest -server -mapType x.password.file -client -mapType credentials -expectedThrowable java.lang.SecurityException * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dusername=SQE_username -Dpassword=WRONG_password SecurityTest -server -mapType x.password.file -client -mapType credentials -expectedThrowable java.lang.SecurityException * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dsusername=TestJMXAuthenticatorUsername -Dspassword=TestJMXAuthenticatorPassword -Dusername=TestJMXAuthenticatorUsername -Dpassword=TestJMXAuthenticatorPassword SecurityTest -server -mapType x.authenticator -client -mapType credentials * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dsusername=TestJMXAuthenticatorUsername -Dspassword=TestJMXAuthenticatorPassword -Dusername=AnotherTestJMXAuthenticatorUsername -Dpassword=TestJMXAuthenticatorPassword SecurityTest -server -mapType x.authenticator -client -mapType credentials -expectedThrowable java.lang.SecurityException * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dlogin.config.file=${test.src}/login.config -Dpassword.file=password.properties -Dusername=usernameFileLoginModule -Dpassword=passwordFileLoginModule SecurityTest -server -mapType x.login.config.PasswordFileAuthentication -client -mapType credentials * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dlogin.config.file=${test.src}/login.config.UNKNOWN -Dpassword.file=password.properties -Dusername=usernameFileLoginModule -Dpassword=passwordFileLoginModule SecurityTest -server -mapType x.login.config.PasswordFileAuthentication -client -mapType credentialss -expectedThrowable java.lang.SecurityException * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dlogin.config.file=${test.src}/login.config -Dpassword.file=password.properties -Dusername=usernameFileLoginModule -Dpassword=passwordFileLoginModule SecurityTest -server -mapType x.login.config.UnknownAuthentication -client -mapType credentials -expectedThrowable java.lang.SecurityException * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dlogin.config.file=${test.src}/login.config -Dsusername=usernameSampleLoginModule -Dspassword=passwordSampleLoginModule -Dpassword.file=password.properties -Dusername=usernameSampleLoginModule -Dpassword=passwordSampleLoginModule SecurityTest -server -mapType x.login.config.SampleLoginModule -client -mapType credentials * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dlogin.config.file=${test.src}/login.config -Dsusername=usernameSampleLoginModule -Dspassword=passwordSampleLoginModule -Dpassword.file=password.properties -Dusername=AnotherUsernameSampleLoginModule -Dpassword=passwordSampleLoginModule SecurityTest -server -mapType x.login.config.SampleLoginModule -client -mapType credentials -expectedThrowable java.lang.SecurityException * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword WRONG_password -expectedThrowable java.io.IOException * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.server.socket.factory.ssl -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl -keystore keystoreAgent -keystorepassword glopglop -client -expectedThrowable java.io.IOException * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.need.client.authentication -keystore keystoreAgent -keystorepassword glopglop -truststore truststoreAgent -truststorepassword glopglop -client -keystore keystoreClient -keystorepassword glopglop -truststore truststoreClient -truststorepassword glopglop * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.need.client.authentication -keystore keystoreAgent -keystorepassword glopglop -truststore truststoreAgent -truststorepassword glopglop -client -keystore keystoreClient -keystorepassword WRONG_password -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.need.client.authentication -keystore keystoreAgent -keystorepassword glopglop -truststore truststoreAgent -truststorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.need.client.authentication -keystore keystoreAgent -keystorepassword glopglop -client -keystore keystoreClient -keystorepassword glopglop -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Djavax.rmi.ssl.client.enabledCipherSuites=SSL_RSA_WITH_RC4_128_MD5 SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.enabled.cipher.suites.md5 -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Djavax.rmi.ssl.client.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.enabled.cipher.suites.md5 -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Djavax.rmi.ssl.client.enabledCipherSuites=SSL_RSA_WITH_RC4_128_MD5 SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.enabled.cipher.suites.sha -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Djavax.rmi.ssl.client.enabledProtocols=SSLv3 SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.enabled.protocols.sslv3 -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Djavax.rmi.ssl.client.enabledProtocols=TLSv1 SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.enabled.protocols.sslv3 -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Djavax.rmi.ssl.client.enabledProtocols=SSLv3 SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.enabled.protocols.tlsv1 -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException */ import java.io.File; import java.util.Map ; import java.util.HashMap ; import java.util.List; import java.util.ArrayList; import java.util.Arrays; import javax.management.MBeanServer; import javax.management.MBeanServerFactory ; import javax.management.MBeanServerConnection; import javax.management.remote.JMXConnector; import javax.management.remote.JMXConnectorFactory; import javax.management.remote.JMXConnectorServer; import javax.management.remote.JMXConnectorServerFactory; import javax.management.remote.JMXServiceURL; import javax.management.Attribute ; import javax.management.ObjectName ; import javax.rmi.ssl.SslRMIClientSocketFactory; import javax.rmi.ssl.SslRMIServerSocketFactory; import java.security.Security; import jdk.testlibrary.ProcessTools; import jdk.testlibrary.JDKToolFinder; public class SecurityTest { static final String SERVER_CLASS_NAME = "SecurityTest"; static final String CLIENT_CLASS_NAME = "SecurityTest$ClientSide"; static final String CLIENT_CLASS_MAIN = CLIENT_CLASS_NAME; static final String USERNAME_PROPERTY = "username"; static final String PASSWORD_PROPERTY = "password"; static final String SERVER_DELEGATE_MBEAN_NAME = "defaultDomain:class=ServerDelegate"; static final String RMI_SERVER_SOCKET_FACTORY_SSL = "rmi.server.socket.factory.ssl"; static final String RMI_CLIENT_SOCKET_FACTORY_SSL = "rmi.client.socket.factory.ssl"; static final String KEYSTORE_PROPNAME = "javax.net.ssl.keyStore"; static final String KEYSTORE_PWD_PROPNAME = "javax.net.ssl.keyStorePassword"; static final String TRUSTSTORE_PROPNAME = "javax.net.ssl.trustStore"; static final String TRUSTSTORE_PWD_PROPNAME = "javax.net.ssl.trustStorePassword"; static final String RMI_SSL_CLIENT_ENABLEDCIPHERSUITES = "javax.rmi.ssl.client.enabledCipherSuites"; static final String RMI_SSL_CLIENT_ENABLEDPROTOCOLS = "javax.rmi.ssl.client.enabledProtocols"; private JMXConnectorServer cs; // Construct and set keyStore properties from given map static void setKeyStoreProperties(Map map) { String keyStore = (String) map.get("-keystore"); keyStore = buildSourcePath(keyStore); System.setProperty(KEYSTORE_PROPNAME, keyStore); System.out.println("keyStore location = \"" + keyStore + "\""); String password = (String) map.get("-keystorepassword"); System.setProperty(KEYSTORE_PWD_PROPNAME, password); System.out.println("keyStore password = " + password); } // Construct and set trustStore properties from given map static void setTrustStoreProperties(Map map) { String trustStore = (String) map.get("-truststore"); trustStore = buildSourcePath(trustStore); System.setProperty(TRUSTSTORE_PROPNAME, trustStore); System.out.println("trustStore location = \"" + trustStore + "\""); String password = (String) map.get("-truststorepassword"); System.setProperty(TRUSTSTORE_PWD_PROPNAME, password); System.out.println("trustStore password = " + password); } /* * First Debug properties and arguments are collect in expected * map (argName, value) format, then calls original test's run method. */ public static void main(String args[]) throws Exception { System.out.println("================================================="); // Parses parameters Utils.parseDebugProperties(); // Supported parameters list format is : // "MainClass [-server ...] [-client ...] // with either "-parami valuei" or "-parami" HashMap serverMap = new HashMap<>() ; int clientArgsIndex = Utils.parseServerParameters(args, SERVER_CLASS_NAME, serverMap); // Extract and records client params String[] clientParams = null; if (clientArgsIndex < args.length) { int clientParamsSize = args.length - clientArgsIndex; clientParams = new String[clientParamsSize]; System.arraycopy(args, clientArgsIndex, clientParams, 0, clientParamsSize); } else { clientParams = new String[0]; } // Run test SecurityTest test = new SecurityTest(); test.run(serverMap, clientParams); } // Return full path of filename in the test sopurce directory private static String buildSourcePath(String filename) { return System.getProperty("test.src") + File.separator + filename; } /* * Collects security run params for server side. */ private HashMap setServerSecurityEnv(Map map) throws Exception { // Creates Authentication environment from server side params HashMap env = new HashMap<>(); // Retrieve and set keystore and truststore config if any if (map.containsKey("-keystore") && map.get("-keystore") != null) { setKeyStoreProperties(map); } System.out.println("Done keystore properties"); if (map.containsKey("-truststore") && map.get("-truststore") != null) { setTrustStoreProperties(map); } System.out.println("Done truststore properties"); String value = null; if ((value = (String)map.get("-mapType")) != null) { // Case of remote password file with all authorized credentials if (value.contains("x.password.file")) { String passwordFileStr = buildSourcePath("password.properties"); env.put("jmx.remote.x.password.file", passwordFileStr); System.out.println("Added " + passwordFileStr + " file as jmx.remote.x.password.file"); } // Case of dedicated authenticator class : TestJMXAuthenticator if (value.contains("x.authenticator")) { env.put("jmx.remote.authenticator", new TestJMXAuthenticator()) ; System.out.println( "Added \"jmx.remote.authenticator\" = TestJMXAuthenticator"); } // Case of security config file with standard Authentication if (value.contains("x.login.config.PasswordFileAuthentication")) { String loginConfig = System.getProperty("login.config.file"); // Override the default JAAS configuration System.setProperty("java.security.auth.login.config", "file:" + loginConfig); System.out.println("Overrided default JAAS configuration with " + "\"java.security.auth.login.config\" = \"" + loginConfig + "\"") ; env.put("jmx.remote.x.login.config", "PasswordFileAuthentication") ; System.out.println( "Added \"jmx.remote.x.login.config\" = " + "\"PasswordFileAuthentication\"") ; // redirects "password.file" property to file in ${test.src} String passwordFileStr = buildSourcePath(System.getProperty("password.file")); System.setProperty("password.file", passwordFileStr); System.out.println( "Redirected \"password.file\" property value to = " + passwordFileStr) ; } // Case of security config file with unexisting athentication config if (value.contains("x.login.config.UnknownAuthentication")) { String loginConfig = System.getProperty("login.config.file"); // Override the default JAAS configuration System.setProperty("java.security.auth.login.config", "file:" + loginConfig); System.out.println("Overrided default JAAS configuration with " + "\"java.security.auth.login.config\" = \"" + loginConfig + "\"") ; env.put("jmx.remote.x.login.config", "UnknownAuthentication") ; System.out.println( "Added \"jmx.remote.x.login.config\" = " + "\"UnknownAuthentication\"") ; // redirects "password.file" property to file in ${test.src} String passwordFileStr = buildSourcePath(System.getProperty("password.file")); System.setProperty("password.file", passwordFileStr); System.out.println( "Redirected \"password.file\" property value to = " + passwordFileStr) ; } // Case of security config file with dedicated login module if (value.contains("x.login.config.SampleLoginModule")) { String loginConfig = System.getProperty("login.config.file"); // Override the default JAAS configuration System.setProperty("java.security.auth.login.config", "file:" + loginConfig); System.out.println("Overrided default JAAS configuration with " + "\"java.security.auth.login.config\" = \"" + loginConfig + "\"") ; env.put("jmx.remote.x.login.config", "SampleLoginModule") ; System.out.println( "Added \"jmx.remote.x.login.config\" = " + "\"SampleLoginModule\"") ; } // Simple rmi ssl authentication if (value.contains(RMI_CLIENT_SOCKET_FACTORY_SSL)) { env.put("jmx.remote.rmi.client.socket.factory", new SslRMIClientSocketFactory()) ; System.out.println( "Added \"jmx.remote.rmi.client.socket.factory\"" + " = SslRMIClientSocketFactory") ; } if (value.contains(RMI_SERVER_SOCKET_FACTORY_SSL)) { if (value.contains( "rmi.server.socket.factory.ssl.need.client.authentication")) { // rmi ssl authentication with client authentication env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(null, null, true)) ; System.out.println( "Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with client authentication") ; } else if (value.contains("rmi.server.socket.factory.ssl.enabled.cipher.suites.md5")) { // Allows all ciphering and protocols for testing purpose Security.setProperty("jdk.tls.disabledAlgorithms", ""); env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory( new String[] {"SSL_RSA_WITH_RC4_128_MD5"}, null, false)); System.out.println( "Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with SSL_RSA_WITH_RC4_128_MD5 cipher suite"); } else if (value.contains("rmi.server.socket.factory.ssl.enabled.cipher.suites.sha")) { // Allows all ciphering and protocols for testing purpose Security.setProperty("jdk.tls.disabledAlgorithms", ""); env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory( new String[] { "SSL_RSA_WITH_RC4_128_SHA" }, null, false)) ; System.out.println( "Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with SSL_RSA_WITH_RC4_128_SHA cipher suite") ; } else if (value.contains("rmi.server.socket.factory.ssl.enabled.protocols.sslv3")) { // Allows all ciphering and protocols for testing purpose Security.setProperty("jdk.tls.disabledAlgorithms", ""); env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(null, new String[] {"SSLv3"}, false)) ; System.out.println( "Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with SSLv3 protocol") ; } else if (value.contains("rmi.server.socket.factory.ssl.enabled.protocols.tlsv1")) { // Allows all ciphering and protocols for testing purpose Security.setProperty("jdk.tls.disabledAlgorithms", ""); env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(null, new String[] {"TLSv1"}, false)) ; System.out.println( "Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with TLSv1 protocol") ; } else { env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory()); System.out.println( "Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory"); } } } return env; } /* * Create the MBeansServer side of the test and returns its address */ private JMXServiceURL createServerSide(Map serverMap) throws Exception { final int NINETY_SECONDS = 90; System.out.println("SecurityTest::createServerSide: Start") ; // Prepare server side security env HashMap env = setServerSecurityEnv(serverMap); // Create and start mbean server and connector server MBeanServer mbs = MBeanServerFactory.newMBeanServer(); JMXServiceURL url = new JMXServiceURL("rmi", null, 0); cs = JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs); cs.start(); // Waits availibility of connector server Utils.waitReady(cs, NINETY_SECONDS); JMXServiceURL addr = cs.getAddress(); System.out.println("SecurityTest::createServerSide: Done.") ; return addr; } /* * Creating command-line for running subprocess JVM: * * JVM command line is like: * {test_jdk}/bin/java {defaultopts} -cp {test.class.path} {testopts} main * * {defaultopts} are the default java options set by the framework. * */ private List buildCommandLine(String args[]) { System.out.println("SecurityTest::buildCommandLine: Start") ; List opts = new ArrayList<>(); opts.add(JDKToolFinder.getJDKTool("java")); opts.addAll(Arrays.asList(jdk.testlibrary.Utils.getTestJavaOpts())); // We need to forward some properties to the client side opts.add("-Dtest.src=" + System.getProperty("test.src")); String usernameValue = System.getProperty(USERNAME_PROPERTY); if (usernameValue != null) { System.out.println("SecurityTest::buildCommandLine: "+ " forward username property to client side"); opts.add("-D" + USERNAME_PROPERTY + "=" + usernameValue); } String passwordValue = System.getProperty(PASSWORD_PROPERTY); if (passwordValue != null) { System.out.println("SecurityTest::buildCommandLine: "+ " forward password property to client side"); opts.add("-D" + PASSWORD_PROPERTY + "=" + passwordValue); } String enabledCipherSuites = System.getProperty(RMI_SSL_CLIENT_ENABLEDCIPHERSUITES); if (enabledCipherSuites != null) { System.out.println("SecurityTest::buildCommandLine: "+ " forward enabledCipherSuites property to client side"); opts.add("-D" + RMI_SSL_CLIENT_ENABLEDCIPHERSUITES + "=" + enabledCipherSuites); } String enabledProtocols = System.getProperty(RMI_SSL_CLIENT_ENABLEDPROTOCOLS); if (enabledProtocols != null) { System.out.println("SecurityTest::buildCommandLine: "+ " forward enabledProtocols property to client side"); opts.add("-D" + RMI_SSL_CLIENT_ENABLEDPROTOCOLS + "=" + enabledProtocols); } opts.add("-cp"); opts.add(System.getProperty("test.class.path", "test.class.path")); opts.add(CLIENT_CLASS_MAIN); opts.addAll(Arrays.asList(args)); System.out.println("SecurityTest::buildCommandLine: Done.") ; return opts; } /** * Runs SecurityTest$ClientSide with the passed options and redirects * subprocess standard I/O to the current (parent) process. This provides a * trace of what happens in the subprocess while it is runnning (and before * it terminates). * * @param serviceUrlStr string representing the JMX service Url to connect to. */ private int runClientSide(String args[], String serviceUrlStr) throws Exception { System.out.println("SecurityTest::runClientSide: Start") ; // Building command-line List opts = buildCommandLine(args); opts.add("-serviceUrl"); opts.add(serviceUrlStr); // Launch separate JVM subprocess int exitCode = 0; String[] optsArray = opts.toArray(new String[0]); ProcessBuilder pb = new ProcessBuilder(optsArray); Process p = ProcessTools.startProcess("SecurityTest$ClientSide", pb); // Handling end of subprocess try { exitCode = p.waitFor(); if (exitCode != 0) { System.out.println( "Subprocess unexpected exit value of [" + exitCode + "]. Expected 0.\n"); } } catch (InterruptedException e) { System.out.println("Parent process interrupted with exception : \n " + e + " :" ); // Parent thread unknown state, killing subprocess. p.destroyForcibly(); throw new RuntimeException( "Parent process interrupted with exception : \n " + e + " :" ); } finally { if (p.isAlive()) { p.destroyForcibly(); } System.out.println("SecurityTest::runClientSide: Done") ; return exitCode; } } public void run(Map serverArgs, String clientArgs[]) { System.out.println("SecurityTest::run: Start") ; int errorCount = 0; try { // Initialise the server side JMXServiceURL urlToUse = createServerSide(serverArgs); // Run client side errorCount = runClientSide(clientArgs, urlToUse.toString()); if ( errorCount == 0 ) { System.out.println("SecurityTest::run: Done without any error") ; } else { System.out.println( "SecurityTest::run: Done with " + errorCount + " error(s)"); throw new RuntimeException("errorCount = " + errorCount); } cs.stop(); } catch(Exception e) { throw new RuntimeException(e); } } private static class ClientSide { private JMXConnector cc = null; private MBeanServerConnection mbsc = null; public static void main(String args[]) throws Exception { // Parses parameters Utils.parseDebugProperties(); // Supported parameters list format is : "MainClass [-client ...] // with either "-parami valuei" or "-parami" HashMap clientMap = new HashMap<>() ; Utils.parseClientParameters(args, CLIENT_CLASS_NAME, clientMap); // Run test ClientSide test = new ClientSide(); test.run(clientMap); } public void run(Map args) { System.out.println("ClientSide::run: Start"); int errorCount = 0; try { // Setup client side parameters HashMap env = new HashMap<>(); // If needed allows all ciphering and protocols for testing purpose if (System.getProperty(RMI_SSL_CLIENT_ENABLEDCIPHERSUITES) != null) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); } // If needed allows all ciphering and protocols for testing purpose if (System.getProperty(RMI_SSL_CLIENT_ENABLEDPROTOCOLS) != null) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); } // Retrieve and set keystore and truststore config if any if (args.containsKey("-keystore") && args.get("-keystore") != null) { SecurityTest.setKeyStoreProperties(args); } if (args.containsKey("-truststore") && args.get("-truststore") != null) { SecurityTest.setTrustStoreProperties(args); } Object value = args.get("-mapType"); if ((value != null) && value.equals("credentials")) { String username = System.getProperty("username"); String password = System.getProperty("password"); Utils.debug(Utils.DEBUG_STANDARD, "add \"jmx.remote.credentials\" = \"" + username + "\", \"" + password + "\""); env.put("jmx.remote.credentials", new String[] { username , password }); } String expectedThrowable = (String) args.get("-expectedThrowable"); String authCallCountName = "-expectedAuthenticatorCallCount"; int authCallCountValue = 0; if (args.containsKey(authCallCountName)) { authCallCountValue = (new Integer((String) args.get(authCallCountName))).intValue(); } try { // Get a connection to remote mbean server JMXServiceURL addr = new JMXServiceURL((String)args.get("-serviceUrl")); cc = JMXConnectorFactory.connect(addr,env); mbsc = cc.getMBeanServerConnection(); // In case we should have got an exception if (expectedThrowable != null) { System.out.println("ClientSide::run: (ERROR) " + " Connect did not fail with expected " + expectedThrowable); errorCount++; } else { System.out.println("ClientSide::run: (OK) Connect succeed"); } } catch (Throwable e) { Utils.printThrowable(e, true); if (expectedThrowable != null) { if (Utils.compareThrowable(e, expectedThrowable)) { System.out.println("ClientSide::run: (OK) " + "Connect failed with expected " + expectedThrowable); } else { System.out.println("ClientSide::run: (ERROR) Connect failed with " + e.getClass() + " instead of expected " + expectedThrowable); errorCount++; } } else { System.out.println("ClientSide::run: (ERROR) " + "Connect failed with exception"); errorCount++; } } // Depending on the client state, // perform some requests if (mbsc != null && errorCount == 0) { // Perform some little JMX requests System.out.println("ClientSide::run: Start sending requests"); doRequests(); // In case authentication has been used we check how it did. if (authCallCountValue != 0) { errorCount += checkAuthenticator(mbsc, authCallCountValue); } } } catch (Exception e) { Utils.printThrowable(e, true); errorCount++; } finally { // Terminate the JMX Client if any if (cc != null) { try { cc.close(); } catch (Exception e) { Utils.printThrowable(e, true) ; errorCount++; } } } System.out.println("ClientSide::run: Done"); // Handle result if (errorCount != 0) { throw new RuntimeException(); } } private void doRequests() throws Exception { // Send some requests to the remote JMX server ObjectName objName1 = new ObjectName("TestDomain:class=MBS_Light,rank=1"); String mbeanClass = "MBS_Light"; Exception exception = new Exception("MY TEST EXCEPTION"); Attribute attException = new Attribute("AnException", exception); Error error = new Error("MY TEST ERROR"); Attribute attError = new Attribute("AnError", error); String opParamString = "TOTORO"; RjmxMBeanParameter opParam = new RjmxMBeanParameter(opParamString); Object[] params1 = {opParamString}; String[] sig1 = {"java.lang.String"}; Object[] params2 = {opParam}; String[] sig2 = {"RjmxMBeanParameter"}; // Create and register the MBean Utils.debug(Utils.DEBUG_STANDARD, "ClientSide::doRequests: Create and register the MBean"); mbsc.createMBean(mbeanClass, objName1); if (!mbsc.isRegistered(objName1)) { throw new Exception("Unable to register an MBean"); } // Set attributes of the MBean Utils.debug(Utils.DEBUG_STANDARD, "ClientSide::doRequests: Set attributes of the MBean"); mbsc.setAttribute(objName1, attException); mbsc.setAttribute(objName1, attError); // Get attributes of the MBean Utils.debug(Utils.DEBUG_STANDARD, "ClientSide::doRequests: Get attributes of the MBean"); Exception retException = (Exception) mbsc.getAttribute(objName1,"AnException"); if (!retException.getMessage().equals(exception.getMessage())) { System.out.println("Expected = " + exception); System.out.println("Got = " + retException); throw new Exception("Attribute AnException not as expected"); } Error retError = (Error) mbsc.getAttribute(objName1, "AnError"); if (!retError.getMessage().equals(error.getMessage())) { System.out.println("Expected = " + error); System.out.println("Got = " + retError); throw new Exception("Attribute AnError not as expected"); } // Invoke operations on the MBean Utils.debug(Utils.DEBUG_STANDARD, "ClientSide::doRequests: Invoke operations on the MBean"); RjmxMBeanParameter res1 = (RjmxMBeanParameter) mbsc.invoke(objName1, "operate1", params1, sig1); if (!res1.equals(opParam)) { System.out.println("Expected = " + opParam); System.out.println("Got = " + res1); throw new Exception("Operation operate1 behaved badly"); } String res2 = (String) mbsc.invoke(objName1, "operate2", params2, sig2); if (!res2.equals(opParamString)) { System.out.println("Expected = " + opParamString); System.out.println("Got = " + res2); throw new Exception("Operation operate2 behaved badly"); } // Unregister the MBean Utils.debug(Utils.DEBUG_STANDARD, "ClientSide::doRequests: Unregister the MBean"); mbsc.unregisterMBean(objName1); if (mbsc.isRegistered(objName1)) { throw new Exception("Unable to unregister an MBean"); } } /** * Make some check about the instance of TestJMXAuthenticator. * The authenticator is supposed to have set some properties on * a ServerDelegate MBean. * We compare the number of times it has been called with the expected value. * We also check the Principal that has been given to the authenticator * was not null. * That method is of use to authentication with the JSR 262. * @param mbs * @param expectedAuthenticatorCallCount * @return The number of errors encountered. * @throws java.lang.Exception */ protected int checkAuthenticator(MBeanServerConnection mbs, int expectedAuthenticatorCallCount) throws Exception { int errorCount = 0; // Ensure the authenticator has been called the right number // of times. int callCount = ((Integer) mbs.getAttribute( new ObjectName(SERVER_DELEGATE_MBEAN_NAME), "TestJMXAuthenticatorCallCount")).intValue(); if (callCount == expectedAuthenticatorCallCount) { System.out.println("---- OK Authenticator has been called " + expectedAuthenticatorCallCount + " time"); } else { errorCount++; System.out.println("---- ERROR Authenticator has been called " + callCount + " times in place of " + expectedAuthenticatorCallCount); } // Ensure the provider has been called with // a non null Principal. String principalString = (String) mbs.getAttribute( new ObjectName(SERVER_DELEGATE_MBEAN_NAME), "TestJMXAuthenticatorPrincipalString"); if (principalString == null) { errorCount++; System.out.println("---- ERROR Authenticator has been called" + " with a null Principal"); } else { if (principalString.length() > 0) { System.out.println("---- OK Authenticator has been called" + " with the Principal " + principalString); } else { errorCount++; System.out.println("---- ERROR Authenticator has been called" + " with an empty Principal"); } } return errorCount; } } }