1 /* 2 * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 4323990 4413069 27 * @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT 28 * Incorrect checking of proxy server response 29 * @run main/othervm ProxyAuthTest 30 * 31 * No way to reserve and restore java.lang.Authenticator, need to run this 32 * test in othervm mode. 33 */ 34 35 import java.io.*; 36 import java.net.*; 37 import java.security.KeyStore; 38 import javax.net.*; 39 import javax.net.ssl.*; 40 import java.security.cert.*; 41 42 /* 43 * ProxyAuthTest.java -- includes a simple server that can serve 44 * Http get request in both clear and secure channel, and a client 45 * that makes https requests behind the firewall through an 46 * authentication proxy 47 */ 48 49 public class ProxyAuthTest { 50 /* 51 * Where do we find the keystores? 52 */ 53 static String pathToStores = "../../../../../../javax/net/ssl/etc"; 54 static String keyStoreFile = "keystore"; 55 static String trustStoreFile = "truststore"; 56 static String passwd = "passphrase"; 57 58 volatile private static int serverPort = 0; 59 60 /* 61 * The TestServer implements a OriginServer that 62 * processes HTTP requests and responses. 63 */ 64 static class TestServer extends OriginServer { 65 public TestServer(ServerSocket ss) throws Exception { 66 super(ss); 67 } 68 69 /* 70 * Returns an array of bytes containing the bytes for 71 * the data sent in the response. 72 * 73 * @return bytes for the data in the response 74 */ 75 public byte[] getBytes() { 76 return "Proxy authentication for tunneling succeeded ..". 77 getBytes(); 78 } 79 } 80 81 /* 82 * Main method to create the server and the client 83 */ 84 public static void main(String args[]) throws Exception { 85 String keyFilename = 86 System.getProperty("test.src", "./") + "/" + pathToStores + 87 "/" + keyStoreFile; 88 String trustFilename = 89 System.getProperty("test.src", "./") + "/" + pathToStores + 90 "/" + trustStoreFile; 91 92 System.setProperty("javax.net.ssl.keyStore", keyFilename); 93 System.setProperty("javax.net.ssl.keyStorePassword", passwd); 94 System.setProperty("javax.net.ssl.trustStore", trustFilename); 95 System.setProperty("javax.net.ssl.trustStorePassword", passwd); 96 97 boolean useSSL = true; 98 /* 99 * setup the server 100 */ 101 try { 102 ServerSocketFactory ssf = 103 ProxyAuthTest.getServerSocketFactory(useSSL); 104 ServerSocket ss = ssf.createServerSocket(serverPort); 105 serverPort = ss.getLocalPort(); 106 new TestServer(ss); 107 } catch (Exception e) { 108 System.out.println("Server side failed:" + 109 e.getMessage()); 110 throw e; 111 } 112 // trigger the client 113 try { 114 doClientSide(); 115 } catch (Exception e) { 116 System.out.println("Client side failed: " + e.getMessage()); 117 throw e; 118 } 119 } 120 121 private static ServerSocketFactory getServerSocketFactory 122 (boolean useSSL) throws Exception { 123 if (useSSL) { 124 SSLServerSocketFactory ssf = null; 125 // set up key manager to do server authentication 126 SSLContext ctx; 127 KeyManagerFactory kmf; 128 KeyStore ks; 129 char[] passphrase = passwd.toCharArray(); 130 131 ctx = SSLContext.getInstance("TLS"); 132 kmf = KeyManagerFactory.getInstance("SunX509"); 133 ks = KeyStore.getInstance("JKS"); 134 135 ks.load(new FileInputStream(System.getProperty( 136 "javax.net.ssl.keyStore")), passphrase); 137 kmf.init(ks, passphrase); 138 ctx.init(kmf.getKeyManagers(), null, null); 139 140 ssf = ctx.getServerSocketFactory(); 141 return ssf; 142 } else { 143 return ServerSocketFactory.getDefault(); 144 } 145 } 146 147 static void doClientSide() throws Exception { 148 /* 149 * setup up a proxy with authentication information 150 */ 151 setupProxy(); 152 153 /* 154 * we want to avoid URLspoofCheck failures in cases where the cert 155 * DN name does not match the hostname in the URL. 156 */ 157 HttpsURLConnection.setDefaultHostnameVerifier( 158 new NameVerifier()); 159 URL url = new URL("https://" + "localhost:" + serverPort 160 + "/index.html"); 161 BufferedReader in = null; 162 try { 163 in = new BufferedReader(new InputStreamReader( 164 url.openStream())); 165 String inputLine; 166 System.out.print("Client recieved from the server: "); 167 while ((inputLine = in.readLine()) != null) 168 System.out.println(inputLine); 169 in.close(); 170 } catch (SSLException e) { 171 if (in != null) 172 in.close(); 173 throw e; 174 } 175 } 176 177 static class NameVerifier implements HostnameVerifier { 178 public boolean verify(String hostname, SSLSession session) { 179 return true; 180 } 181 } 182 183 static void setupProxy() throws IOException { 184 ProxyTunnelServer pserver = new ProxyTunnelServer(); 185 /* 186 * register a system wide authenticator and setup the proxy for 187 * authentication 188 */ 189 Authenticator.setDefault(new TestAuthenticator()); 190 191 // register with the username and password 192 pserver.needUserAuth(true); 193 pserver.setUserAuth("Test", "test123"); 194 195 pserver.start(); 196 System.setProperty("https.proxyHost", "localhost"); 197 System.setProperty("https.proxyPort", String.valueOf( 198 pserver.getPort())); 199 } 200 201 public static class TestAuthenticator extends Authenticator { 202 203 public PasswordAuthentication getPasswordAuthentication() { 204 return new PasswordAuthentication("Test", 205 "test123".toCharArray()); 206 } 207 } 208 }