1 /*
2 * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 4392475
32 * @summary Calling setWantClientAuth(true) disables anonymous suites
33 * @run main/othervm/timeout=180 AnonCipherWithWantClientAuth
34 */
35
36 import java.io.*;
37 import java.net.*;
38 import javax.net.ssl.*;
39 import java.security.Security;
40
41 public class AnonCipherWithWantClientAuth {
42
43 /*
44 * =============================================================
45 * Set the various variables needed for the tests, then
46 * specify what tests to run on each side.
47 */
48
49 /*
50 * Should we run the client or server in a separate thread?
51 * Both sides can throw exceptions, but do you have a preference
52 * as to which side should be the main thread.
53 */
54 static boolean separateServerThread = false;
55
56 /*
57 * Where do we find the keystores?
58 */
59 static String pathToStores = "../../../../javax/net/ssl/etc";
60 static String keyStoreFile = "keystore";
61 static String trustStoreFile = "truststore";
62 static String passwd = "passphrase";
63
64 /*
65 * Is the server ready to serve?
66 */
67 volatile static boolean serverReady = false;
68
69 /*
70 * Turn on SSL debugging?
71 */
72 static boolean debug = false;
73
74 /*
75 * If the client or server is doing some kind of object creation
76 * that the other side depends on, and that thread prematurely
77 * exits, you may experience a hang. The test harness will
78 * terminate all hung threads after its timeout has expired,
79 * currently 3 minutes by default, but you might try to be
80 * smart about it....
81 */
82
83 /*
84 * Define the server side of the test.
85 *
86 * If the server prematurely exits, serverReady will be set to true
87 * to avoid infinite hangs.
88 */
89 void doServerSide() throws Exception {
90 SSLServerSocketFactory sslssf =
91 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
92 SSLServerSocket sslServerSocket =
93 (SSLServerSocket) sslssf.createServerSocket(serverPort);
94 serverPort = sslServerSocket.getLocalPort();
95 String ciphers[]={"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
96 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
97 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"};
98 sslServerSocket.setEnabledCipherSuites(ciphers);
99 sslServerSocket.setWantClientAuth(true);
100 /*
101 * Signal Client, we're ready for his connect.
102 */
103 serverReady = true;
104
105 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
106 InputStream sslIS = sslSocket.getInputStream();
107 OutputStream sslOS = sslSocket.getOutputStream();
108
109 sslIS.read();
110 sslOS.write(85);
111 sslOS.flush();
112
113 sslSocket.close();
114 }
115
116 /*
117 * Define the client side of the test.
118 *
119 * If the server prematurely exits, serverReady will be set to true
120 * to avoid infinite hangs.
121 */
122 void doClientSide() throws Exception {
123
124 /*
125 * Wait for server to get started.
126 */
127 while (!serverReady) {
128 Thread.sleep(50);
129 }
130
131 SSLSocketFactory sslsf =
132 (SSLSocketFactory) SSLSocketFactory.getDefault();
133 SSLSocket sslSocket = (SSLSocket)
134 sslsf.createSocket("localhost", serverPort);
135 String ciphers[] = {"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
136 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"};
137 sslSocket.setEnabledCipherSuites(ciphers);
138 sslSocket.setUseClientMode(true);
139
140 InputStream sslIS = sslSocket.getInputStream();
141 OutputStream sslOS = sslSocket.getOutputStream();
142
143 sslOS.write(280);
144 sslOS.flush();
145 sslIS.read();
146
147 sslSocket.close();
148 }
149
150 /*
151 * =============================================================
152 * The remainder is just support stuff
153 */
154
155 // use any free port by default
156 volatile int serverPort = 0;
157
158 volatile Exception serverException = null;
159 volatile Exception clientException = null;
160
161 public static void main(String[] args) throws Exception {
162 // reset security properties to make sure that the algorithms
163 // and keys used in this test are not disabled.
164 Security.setProperty("jdk.tls.disabledAlgorithms", "");
165 Security.setProperty("jdk.certpath.disabledAlgorithms", "");
166
167 String keyFilename =
168 System.getProperty("test.src", "./") + "/" + pathToStores +
169 "/" + keyStoreFile;
170 String trustFilename =
171 System.getProperty("test.src", "./") + "/" + pathToStores +
172 "/" + trustStoreFile;
173
174 System.setProperty("javax.net.ssl.keyStore", keyFilename);
175 System.setProperty("javax.net.ssl.keyStorePassword", passwd);
176 System.setProperty("javax.net.ssl.trustStore", trustFilename);
177 System.setProperty("javax.net.ssl.trustStorePassword", passwd);
178
179 if (debug)
180 System.setProperty("javax.net.debug", "all");
181
182 /*
183 * Start the tests.
184 */
185 new AnonCipherWithWantClientAuth();
186 }
187
188 Thread clientThread = null;
189 Thread serverThread = null;
190
191 /*
192 * Primary constructor, used to drive remainder of the test.
193 *
194 * Fork off the other side, then do your work.
195 */
196 AnonCipherWithWantClientAuth () throws Exception {
197 if (separateServerThread) {
198 startServer(true);
199 startClient(false);
200 } else {
201 startClient(true);
202 startServer(false);
203 }
204
205 /*
206 * Wait for other side to close down.
207 */
208 if (separateServerThread) {
209 serverThread.join();
210 } else {
211 clientThread.join();
212 }
213
214 /*
215 * When we get here, the test is pretty much over.
216 *
217 * If the main thread excepted, that propagates back
218 * immediately. If the other thread threw an exception, we
219 * should report back.
220 */
221 if (serverException != null)
222 throw serverException;
223 if (clientException != null)
224 throw clientException;
225 }
226
227 void startServer(boolean newThread) throws Exception {
228 if (newThread) {
229 serverThread = new Thread() {
230 public void run() {
231 try {
232 doServerSide();
233 } catch (Exception e) {
234 /*
235 * Our server thread just died.
236 */
237 System.err.println("Server died...");
238 serverReady = true;
239 serverException = e;
240 }
241 }
242 };
243 serverThread.start();
244 } else {
245 doServerSide();
246 }
247 }
248
249 void startClient(boolean newThread) throws Exception {
250 if (newThread) {
251 clientThread = new Thread() {
252 public void run() {
253 try {
254 doClientSide();
255 } catch (Exception e) {
256 /*
257 * Our client thread just died.
258 */
259 System.err.println("Client died...");
260 clientException = e;
261 }
262 }
263 };
264 clientThread.start();
265 } else {
266 doClientSide();
267 }
268 }
269 }