11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 7200295
32 * @summary CertificateRequest message is wrapping when using large
33 * numbers of Certs
34 * @run main/othervm CertRequestOverflow
35 */
36
37 import java.io.*;
38 import java.net.*;
39 import java.util.*;
40 import javax.net.ssl.*;
41 import java.security.cert.*;
42 import java.security.*;
43
44 public class CertRequestOverflow {
45
46 /*
47 * =============================================================
48 * Set the various variables needed for the tests, then
49 * specify what tests to run on each side.
50 */
51
52 /*
53 * Should we run the client or server in a separate thread?
54 * Both sides can throw exceptions, but do you have a preference
59 /*
60 * Where do we find the keystores?
61 */
62 static String pathToStores = "../../../../javax/net/ssl/etc";
63 static String keyStoreFile = "keystore";
64 static String trustStoreFile = "truststore";
65 static String passwd = "passphrase";
66 private final static char[] cpasswd = "passphrase".toCharArray();
67
68 /*
69 * Is the server ready to serve?
70 */
71 volatile static boolean serverReady = false;
72
73 /*
74 * Turn on SSL debugging?
75 */
76 static boolean debug = false;
77
78 /*
79 * If the client or server is doing some kind of object creation
80 * that the other side depends on, and that thread prematurely
81 * exits, you may experience a hang. The test harness will
82 * terminate all hung threads after its timeout has expired,
83 * currently 3 minutes by default, but you might try to be
84 * smart about it....
85 */
86
87 /*
88 * Define the server side of the test.
89 *
90 * If the server prematurely exits, serverReady will be set to true
91 * to avoid infinite hangs.
92 */
93 void doServerSide() throws Exception {
94 SSLServerSocketFactory sslssf =
95 getContext(true).getServerSocketFactory();
96 SSLServerSocket sslServerSocket =
97 (SSLServerSocket) sslssf.createServerSocket(serverPort);
98 serverPort = sslServerSocket.getLocalPort();
101 // ignore, we may test the feature when known how to parse client
102 // hostname
103 //SSLParameters params = sslServerSocket.getSSLParameters();
104 //params.setEndpointIdentificationAlgorithm("HTTPS");
105 //sslServerSocket.setSSLParameters(params);
106
107 /*
108 * Signal Client, we're ready for his connect.
109 */
110 serverReady = true;
111
112 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
113 sslSocket.setNeedClientAuth(true);
114 InputStream sslIS = sslSocket.getInputStream();
115 OutputStream sslOS = sslSocket.getOutputStream();
116
117 try {
118 sslIS.read();
119 sslOS.write(85);
120 sslOS.flush();
121
122 throw new Exception("SERVER TEST FAILED! " +
123 "It is expected to fail with field length overflow");
124 } catch (SSLException ssle) {
125 Throwable cause = ssle.getCause();
126 if (!(cause instanceof RuntimeException)) {
127 System.out.println("We are expecting a RuntimeException!");
128 throw ssle;
129 }
130 System.out.println("The expected exception! " + ssle);
131 } finally {
132 sslSocket.close();
133 }
134
135 System.out.println("SERVER TEST PASSED!");
136 }
137
138 /*
139 * Define the client side of the test.
140 *
141 * If the server prematurely exits, serverReady will be set to true
142 * to avoid infinite hangs.
143 */
144 void doClientSide() throws Exception {
145
146 /*
147 * Wait for server to get started.
148 */
149 while (!serverReady) {
150 Thread.sleep(50);
151 }
152
153 SSLSocketFactory sslsf = getContext(false).getSocketFactory();
154 SSLSocket sslSocket = (SSLSocket)
155 sslsf.createSocket("localhost", serverPort);
156
157 // enable endpoint identification
158 SSLParameters params = sslSocket.getSSLParameters();
159 params.setEndpointIdentificationAlgorithm("HTTPS");
160 sslSocket.setSSLParameters(params);
161
162 InputStream sslIS = sslSocket.getInputStream();
163 OutputStream sslOS = sslSocket.getOutputStream();
164
165 try {
166 sslOS.write(280);
167 sslOS.flush();
168 sslIS.read();
169 } catch (SSLException ssle) {
170 System.out.println("An expected exception!");
171 } finally {
172 sslSocket.close();
173 }
174 }
175
176 MyExtendedX509TM serverTM;
177 MyExtendedX509TM clientTM;
178
179 private SSLContext getContext(boolean server) throws Exception {
180 String keyFilename =
181 System.getProperty("test.src", "./") + "/" + pathToStores +
182 "/" + keyStoreFile;
183 String trustFilename =
184 System.getProperty("test.src", "./") + "/" + pathToStores +
185 "/" + trustStoreFile;
186
187 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
188 KeyStore ks = KeyStore.getInstance("JKS");
189 ks.load(new FileInputStream(keyFilename), cpasswd);
190 kmf.init(ks, cpasswd);
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 7200295 8154947
32 * @summary CertificateRequest message is wrapping when using large
33 * numbers of Certs
34 * @run main/othervm -Djdk.tls.allowDropCertReqAuthorites=true CertRequestOverflow
35 * @run main/othervm -Djdk.tls.allowDropCertReqAuthorites=false CertRequestOverflow
36 */
37
38 import java.io.*;
39 import java.net.*;
40 import java.util.*;
41 import javax.net.ssl.*;
42 import java.security.cert.*;
43 import java.security.*;
44
45 public class CertRequestOverflow {
46
47 /*
48 * =============================================================
49 * Set the various variables needed for the tests, then
50 * specify what tests to run on each side.
51 */
52
53 /*
54 * Should we run the client or server in a separate thread?
55 * Both sides can throw exceptions, but do you have a preference
60 /*
61 * Where do we find the keystores?
62 */
63 static String pathToStores = "../../../../javax/net/ssl/etc";
64 static String keyStoreFile = "keystore";
65 static String trustStoreFile = "truststore";
66 static String passwd = "passphrase";
67 private final static char[] cpasswd = "passphrase".toCharArray();
68
69 /*
70 * Is the server ready to serve?
71 */
72 volatile static boolean serverReady = false;
73
74 /*
75 * Turn on SSL debugging?
76 */
77 static boolean debug = false;
78
79 /*
80 * Is server allowed to send empty list of authorities in
81 * CertificateRequest message?
82 */
83 static boolean allowDropAuthorities =
84 System.getProperty("jdk.tls.allowDropCertReqAuthorites", "")
85 .equalsIgnoreCase("true");
86
87 /*
88 * If the client or server is doing some kind of object creation
89 * that the other side depends on, and that thread prematurely
90 * exits, you may experience a hang. The test harness will
91 * terminate all hung threads after its timeout has expired,
92 * currently 3 minutes by default, but you might try to be
93 * smart about it....
94 */
95
96 /*
97 * Define the server side of the test.
98 *
99 * If the server prematurely exits, serverReady will be set to true
100 * to avoid infinite hangs.
101 */
102 void doServerSide() throws Exception {
103 SSLServerSocketFactory sslssf =
104 getContext(true).getServerSocketFactory();
105 SSLServerSocket sslServerSocket =
106 (SSLServerSocket) sslssf.createServerSocket(serverPort);
107 serverPort = sslServerSocket.getLocalPort();
110 // ignore, we may test the feature when known how to parse client
111 // hostname
112 //SSLParameters params = sslServerSocket.getSSLParameters();
113 //params.setEndpointIdentificationAlgorithm("HTTPS");
114 //sslServerSocket.setSSLParameters(params);
115
116 /*
117 * Signal Client, we're ready for his connect.
118 */
119 serverReady = true;
120
121 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
122 sslSocket.setNeedClientAuth(true);
123 InputStream sslIS = sslSocket.getInputStream();
124 OutputStream sslOS = sslSocket.getOutputStream();
125
126 try {
127 sslIS.read();
128 sslOS.write(85);
129 sslOS.flush();
130 if (!allowDropAuthorities) {
131 throw new Exception("SERVER TEST FAILED! " +
132 "It is expected to fail with field length overflow");
133 }
134 } catch (SSLException ssle) {
135 if (allowDropAuthorities) {
136 throw new RuntimeException("Unexpected exception at server side",
137 ssle);
138 } else {
139 Throwable cause = ssle.getCause();
140 if (!(cause instanceof RuntimeException)) {
141 System.out.println("We are expecting a RuntimeException!");
142 throw ssle;
143 }
144 System.out.println("The expected exception! " + ssle);
145 }
146 } finally {
147 sslSocket.close();
148 }
149
150 System.out.println("SERVER TEST PASSED!");
151 }
152
153 /*
154 * Define the client side of the test.
155 *
156 * If the server prematurely exits, serverReady will be set to true
157 * to avoid infinite hangs.
158 */
159 void doClientSide() throws Exception {
160
161 /*
162 * Wait for server to get started.
163 */
164 while (!serverReady) {
165 Thread.sleep(50);
166 }
167
168 SSLSocketFactory sslsf = getContext(false).getSocketFactory();
169 SSLSocket sslSocket = (SSLSocket)
170 sslsf.createSocket("localhost", serverPort);
171
172 // enable endpoint identification
173 SSLParameters params = sslSocket.getSSLParameters();
174 params.setEndpointIdentificationAlgorithm("HTTPS");
175 sslSocket.setSSLParameters(params);
176
177 InputStream sslIS = sslSocket.getInputStream();
178 OutputStream sslOS = sslSocket.getOutputStream();
179
180 try {
181 sslOS.write(280);
182 sslOS.flush();
183 sslIS.read();
184 } catch (SSLException ssle) {
185 if (allowDropAuthorities) {
186 throw new RuntimeException("Unexpected exception at client side",
187 ssle);
188 } else {
189 System.out.println("An expected exception!");
190 }
191 } finally {
192 sslSocket.close();
193 }
194 }
195
196 MyExtendedX509TM serverTM;
197 MyExtendedX509TM clientTM;
198
199 private SSLContext getContext(boolean server) throws Exception {
200 String keyFilename =
201 System.getProperty("test.src", "./") + "/" + pathToStores +
202 "/" + keyStoreFile;
203 String trustFilename =
204 System.getProperty("test.src", "./") + "/" + pathToStores +
205 "/" + trustStoreFile;
206
207 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
208 KeyStore ks = KeyStore.getInstance("JKS");
209 ks.load(new FileInputStream(keyFilename), cpasswd);
210 kmf.init(ks, cpasswd);
|