1 /*
2 * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 // SunJSSE does not support dynamic system properties, no way to re-use
25 // system properties in samevm/agentvm mode.
26
27 /*
28 * @test
29 * @bug 7188658 8190492
30 * @summary Add possibility to disable client initiated renegotiation
31 * @run main/othervm -Djdk.tls.rejectClientInitiatedRenegotiation=true
32 * NoImpactServerRenego SSLv3
33 * @run main/othervm -Djdk.tls.rejectClientInitiatedRenegotiation=true
34 * NoImpactServerRenego TLSv1
35 * @run main/othervm -Djdk.tls.rejectClientInitiatedRenegotiation=true
36 * NoImpactServerRenego TLSv1.1
37 * @run main/othervm -Djdk.tls.rejectClientInitiatedRenegotiation=true
38 * NoImpactServerRenego TLSv1.2
39 */
40
41 import java.io.*;
42 import java.net.*;
43 import java.security.Security;
44 import javax.net.ssl.*;
45
46 public class NoImpactServerRenego implements
47 HandshakeCompletedListener {
48
49 static byte handshakesCompleted = 0;
50
51 /*
52 * Define what happens when handshaking is completed
53 */
54 public void handshakeCompleted(HandshakeCompletedEvent event) {
55 synchronized (this) {
56 handshakesCompleted++;
57 System.out.println("Session: " + event.getSession().toString());
58 System.out.println("Seen handshake completed #" +
59 handshakesCompleted);
60 }
61 }
62
63 /*
64 * =============================================================
65 * Set the various variables needed for the tests, then
66 * specify what tests to run on each side.
67 */
68
69 /*
70 * Should we run the client or server in a separate thread?
71 * Both sides can throw exceptions, but do you have a preference
72 * as to which side should be the main thread.
73 */
74 static boolean separateServerThread = false;
75
76 /*
77 * Where do we find the keystores?
78 */
79 static String pathToStores = "../../../../javax/net/ssl/etc";
80 static String keyStoreFile = "keystore";
81 static String trustStoreFile = "truststore";
82 static String passwd = "passphrase";
83
84 /*
85 * Is the server ready to serve?
86 */
87 volatile static boolean serverReady = false;
88
89 /*
90 * Turn on SSL debugging?
91 */
92 static boolean debug = false;
93
94 /*
95 * If the client or server is doing some kind of object creation
96 * that the other side depends on, and that thread prematurely
97 * exits, you may experience a hang. The test harness will
98 * terminate all hung threads after its timeout has expired,
99 * currently 3 minutes by default, but you might try to be
100 * smart about it....
101 */
102
103 /*
104 * Define the server side of the test.
105 *
106 * If the server prematurely exits, serverReady will be set to true
107 * to avoid infinite hangs.
108 */
109 void doServerSide() throws Exception {
110 SSLServerSocketFactory sslssf =
111 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
112 SSLServerSocket sslServerSocket =
113 (SSLServerSocket) sslssf.createServerSocket(serverPort);
114
115 serverPort = sslServerSocket.getLocalPort();
116
117 /*
118 * Signal Client, we're ready for his connect.
119 */
120 serverReady = true;
121
122 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
123 sslSocket.addHandshakeCompletedListener(this);
124
125 // Enable all supported protocols on server side to test SSLv3
126 if ("SSLv3".equals(tlsProtocol)) {
127 sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
128 }
129
130 InputStream sslIS = sslSocket.getInputStream();
131 OutputStream sslOS = sslSocket.getOutputStream();
132
133 for (int i = 0; i < 10; i++) {
134 sslIS.read();
135 sslOS.write(85);
136 sslOS.flush();
137 }
138
139 System.out.println("invalidating");
140 sslSocket.getSession().invalidate();
141 System.out.println("starting new handshake");
142 sslSocket.startHandshake();
143
144 for (int i = 0; i < 10; i++) {
145 System.out.println("sending/receiving data, iteration: " + i);
146 sslIS.read();
147 sslOS.write(85);
148 sslOS.flush();
149 }
150
151 sslSocket.close();
152 }
153
154 /*
155 * Define the client side of the test.
156 *
157 * If the server prematurely exits, serverReady will be set to true
158 * to avoid infinite hangs.
159 */
160 void doClientSide() throws Exception {
161
162 /*
163 * Wait for server to get started.
164 */
165 while (!serverReady) {
166 Thread.sleep(50);
167 }
168
169 SSLSocketFactory sslsf =
170 (SSLSocketFactory) SSLSocketFactory.getDefault();
171 SSLSocket sslSocket = (SSLSocket)
172 sslsf.createSocket("localhost", serverPort);
173 sslSocket.setEnabledProtocols(new String[] { tlsProtocol });
174
175 InputStream sslIS = sslSocket.getInputStream();
176 OutputStream sslOS = sslSocket.getOutputStream();
177
178 for (int i = 0; i < 10; i++) {
179 sslOS.write(280);
180 sslOS.flush();
181 sslIS.read();
182 }
183
184 for (int i = 0; i < 10; i++) {
185 sslOS.write(280);
186 sslOS.flush();
187 sslIS.read();
188 }
189
190 sslSocket.close();
191 }
192
193 /*
194 * =============================================================
195 * The remainder is just support stuff
196 */
197
198 // use any free port by default
199 volatile int serverPort = 0;
200
201 volatile Exception serverException = null;
202 volatile Exception clientException = null;
203
204 // the specified protocol
205 private static String tlsProtocol;
206
207 public static void main(String[] args) throws Exception {
208 String keyFilename =
209 System.getProperty("test.src", "./") + "/" + pathToStores +
210 "/" + keyStoreFile;
211 String trustFilename =
212 System.getProperty("test.src", "./") + "/" + pathToStores +
213 "/" + trustStoreFile;
214
215 System.setProperty("javax.net.ssl.keyStore", keyFilename);
216 System.setProperty("javax.net.ssl.keyStorePassword", passwd);
217 System.setProperty("javax.net.ssl.trustStore", trustFilename);
218 System.setProperty("javax.net.ssl.trustStorePassword", passwd);
219
220 if (debug) {
221 System.setProperty("javax.net.debug", "all");
222 }
223
224 Security.setProperty("jdk.tls.disabledAlgorithms", "");
225
226 tlsProtocol = args[0];
227
228 /*
229 * Start the tests.
230 */
231 new NoImpactServerRenego();
232 }
233
234 Thread clientThread = null;
235 Thread serverThread = null;
236
237 /*
238 * Primary constructor, used to drive remainder of the test.
239 *
240 * Fork off the other side, then do your work.
241 */
242 NoImpactServerRenego() throws Exception {
243 if (separateServerThread) {
244 startServer(true);
245 startClient(false);
246 } else {
247 startClient(true);
248 startServer(false);
249 }
250
251 /*
252 * Wait for other side to close down.
253 */
254 if (separateServerThread) {
255 serverThread.join();
256 } else {
257 clientThread.join();
258 }
259
260 /*
261 * When we get here, the test is pretty much over.
262 *
263 * If the main thread excepted, that propagates back
264 * immediately. If the other thread threw an exception, we
265 * should report back.
266 */
267 if (serverException != null) {
268 System.out.print("Server Exception:");
269 throw serverException;
270 }
271 if (clientException != null) {
272 System.out.print("Client Exception:");
273 throw clientException;
274 }
275
276 /*
277 * Give the Handshaker Thread a chance to run
278 */
279 Thread.sleep(1000);
280
281 synchronized (this) {
282 if (handshakesCompleted != 2) {
283 throw new Exception("Didn't see 2 handshake completed events.");
284 }
285 }
286 }
287
288 void startServer(boolean newThread) throws Exception {
289 if (newThread) {
290 serverThread = new Thread() {
291 public void run() {
292 try {
293 doServerSide();
294 } catch (Exception e) {
295 /*
296 * Our server thread just died.
297 *
298 * Release the client, if not active already...
299 */
300 System.err.println("Server died...");
301 serverReady = true;
302 serverException = e;
303 }
304 }
305 };
306 serverThread.start();
307 } else {
308 doServerSide();
309 }
310 }
311
312 void startClient(boolean newThread) throws Exception {
313 if (newThread) {
314 clientThread = new Thread() {
315 public void run() {
316 try {
317 doClientSide();
318 } catch (Exception e) {
319 /*
320 * Our client thread just died.
321 */
322 System.err.println("Client died...");
323 clientException = e;
324 }
325 }
326 };
327 clientThread.start();
328 } else {
329 doClientSide();
330 }
331 }
332 }