1 /*
   2  * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 // SunJSSE does not support dynamic system properties, no way to re-use
  25 // system properties in samevm/agentvm mode.
  26 
  27 /*
  28  * @test
  29  * @bug 7188658 8190492
  30  * @summary Add possibility to disable client initiated renegotiation
  31  * @run main/othervm  -Djdk.tls.rejectClientInitiatedRenegotiation=true
  32  *      NoImpactServerRenego SSLv3
  33  * @run main/othervm  -Djdk.tls.rejectClientInitiatedRenegotiation=true
  34  *      NoImpactServerRenego TLSv1
  35  * @run main/othervm  -Djdk.tls.rejectClientInitiatedRenegotiation=true
  36  *      NoImpactServerRenego TLSv1.1
  37  * @run main/othervm  -Djdk.tls.rejectClientInitiatedRenegotiation=true
  38  *      NoImpactServerRenego TLSv1.2
  39  */
  40 
  41 import java.io.*;
  42 import java.net.*;
  43 import java.security.Security;
  44 import javax.net.ssl.*;
  45 
  46 public class NoImpactServerRenego implements
  47         HandshakeCompletedListener {
  48 
  49     static byte handshakesCompleted = 0;
  50 
  51     /*
  52      * Define what happens when handshaking is completed
  53      */
  54     public void handshakeCompleted(HandshakeCompletedEvent event) {
  55         synchronized (this) {
  56             handshakesCompleted++;
  57             System.out.println("Session: " + event.getSession().toString());
  58             System.out.println("Seen handshake completed #" +
  59                 handshakesCompleted);
  60         }
  61     }
  62 
  63     /*
  64      * =============================================================
  65      * Set the various variables needed for the tests, then
  66      * specify what tests to run on each side.
  67      */
  68 
  69     /*
  70      * Should we run the client or server in a separate thread?
  71      * Both sides can throw exceptions, but do you have a preference
  72      * as to which side should be the main thread.
  73      */
  74     static boolean separateServerThread = false;
  75 
  76     /*
  77      * Where do we find the keystores?
  78      */
  79     static String pathToStores = "../../../../javax/net/ssl/etc";
  80     static String keyStoreFile = "keystore";
  81     static String trustStoreFile = "truststore";
  82     static String passwd = "passphrase";
  83 
  84     /*
  85      * Is the server ready to serve?
  86      */
  87     volatile static boolean serverReady = false;
  88 
  89     /*
  90      * Turn on SSL debugging?
  91      */
  92     static boolean debug = false;
  93 
  94     /*
  95      * If the client or server is doing some kind of object creation
  96      * that the other side depends on, and that thread prematurely
  97      * exits, you may experience a hang.  The test harness will
  98      * terminate all hung threads after its timeout has expired,
  99      * currently 3 minutes by default, but you might try to be
 100      * smart about it....
 101      */
 102 
 103     /*
 104      * Define the server side of the test.
 105      *
 106      * If the server prematurely exits, serverReady will be set to true
 107      * to avoid infinite hangs.
 108      */
 109     void doServerSide() throws Exception {
 110         SSLServerSocketFactory sslssf =
 111             (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
 112         SSLServerSocket sslServerSocket =
 113             (SSLServerSocket) sslssf.createServerSocket(serverPort);
 114 
 115         serverPort = sslServerSocket.getLocalPort();
 116 
 117         /*
 118          * Signal Client, we're ready for his connect.
 119          */
 120         serverReady = true;
 121 
 122         SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
 123         sslSocket.addHandshakeCompletedListener(this);
 124 
 125         // Enable all supported protocols on server side to test SSLv3
 126         if ("SSLv3".equals(tlsProtocol)) {
 127             sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
 128         }
 129 
 130         InputStream sslIS = sslSocket.getInputStream();
 131         OutputStream sslOS = sslSocket.getOutputStream();
 132 
 133         for (int i = 0; i < 10; i++) {
 134             sslIS.read();
 135             sslOS.write(85);
 136             sslOS.flush();
 137         }
 138 
 139         System.out.println("invalidating");
 140         sslSocket.getSession().invalidate();
 141         System.out.println("starting new handshake");
 142         sslSocket.startHandshake();
 143 
 144         for (int i = 0; i < 10; i++) {
 145             System.out.println("sending/receiving data, iteration: " + i);
 146             sslIS.read();
 147             sslOS.write(85);
 148             sslOS.flush();
 149         }
 150 
 151         sslSocket.close();
 152     }
 153 
 154     /*
 155      * Define the client side of the test.
 156      *
 157      * If the server prematurely exits, serverReady will be set to true
 158      * to avoid infinite hangs.
 159      */
 160     void doClientSide() throws Exception {
 161 
 162         /*
 163          * Wait for server to get started.
 164          */
 165         while (!serverReady) {
 166             Thread.sleep(50);
 167         }
 168 
 169         SSLSocketFactory sslsf =
 170             (SSLSocketFactory) SSLSocketFactory.getDefault();
 171         SSLSocket sslSocket = (SSLSocket)
 172             sslsf.createSocket("localhost", serverPort);
 173         sslSocket.setEnabledProtocols(new String[] { tlsProtocol });
 174 
 175         InputStream sslIS = sslSocket.getInputStream();
 176         OutputStream sslOS = sslSocket.getOutputStream();
 177 
 178         for (int i = 0; i < 10; i++) {
 179             sslOS.write(280);
 180             sslOS.flush();
 181             sslIS.read();
 182         }
 183 
 184         for (int i = 0; i < 10; i++) {
 185             sslOS.write(280);
 186             sslOS.flush();
 187             sslIS.read();
 188         }
 189 
 190         sslSocket.close();
 191     }
 192 
 193     /*
 194      * =============================================================
 195      * The remainder is just support stuff
 196      */
 197 
 198     // use any free port by default
 199     volatile int serverPort = 0;
 200 
 201     volatile Exception serverException = null;
 202     volatile Exception clientException = null;
 203 
 204     // the specified protocol
 205     private static String tlsProtocol;
 206 
 207     public static void main(String[] args) throws Exception {
 208         String keyFilename =
 209             System.getProperty("test.src", "./") + "/" + pathToStores +
 210                 "/" + keyStoreFile;
 211         String trustFilename =
 212             System.getProperty("test.src", "./") + "/" + pathToStores +
 213                 "/" + trustStoreFile;
 214 
 215         System.setProperty("javax.net.ssl.keyStore", keyFilename);
 216         System.setProperty("javax.net.ssl.keyStorePassword", passwd);
 217         System.setProperty("javax.net.ssl.trustStore", trustFilename);
 218         System.setProperty("javax.net.ssl.trustStorePassword", passwd);
 219 
 220         if (debug) {
 221             System.setProperty("javax.net.debug", "all");
 222         }
 223 
 224         Security.setProperty("jdk.tls.disabledAlgorithms", "");
 225 
 226         tlsProtocol = args[0];
 227 
 228         /*
 229          * Start the tests.
 230          */
 231         new NoImpactServerRenego();
 232     }
 233 
 234     Thread clientThread = null;
 235     Thread serverThread = null;
 236 
 237     /*
 238      * Primary constructor, used to drive remainder of the test.
 239      *
 240      * Fork off the other side, then do your work.
 241      */
 242     NoImpactServerRenego() throws Exception {
 243         if (separateServerThread) {
 244             startServer(true);
 245             startClient(false);
 246         } else {
 247             startClient(true);
 248             startServer(false);
 249         }
 250 
 251         /*
 252          * Wait for other side to close down.
 253          */
 254         if (separateServerThread) {
 255             serverThread.join();
 256         } else {
 257             clientThread.join();
 258         }
 259 
 260         /*
 261          * When we get here, the test is pretty much over.
 262          *
 263          * If the main thread excepted, that propagates back
 264          * immediately.  If the other thread threw an exception, we
 265          * should report back.
 266          */
 267         if (serverException != null) {
 268             System.out.print("Server Exception:");
 269             throw serverException;
 270         }
 271         if (clientException != null) {
 272             System.out.print("Client Exception:");
 273             throw clientException;
 274         }
 275 
 276         /*
 277          * Give the Handshaker Thread a chance to run
 278          */
 279         Thread.sleep(1000);
 280 
 281         synchronized (this) {
 282             if (handshakesCompleted != 2) {
 283                 throw new Exception("Didn't see 2 handshake completed events.");
 284             }
 285         }
 286     }
 287 
 288     void startServer(boolean newThread) throws Exception {
 289         if (newThread) {
 290             serverThread = new Thread() {
 291                 public void run() {
 292                     try {
 293                         doServerSide();
 294                     } catch (Exception e) {
 295                         /*
 296                          * Our server thread just died.
 297                          *
 298                          * Release the client, if not active already...
 299                          */
 300                         System.err.println("Server died...");
 301                         serverReady = true;
 302                         serverException = e;
 303                     }
 304                 }
 305             };
 306             serverThread.start();
 307         } else {
 308             doServerSide();
 309         }
 310     }
 311 
 312     void startClient(boolean newThread) throws Exception {
 313         if (newThread) {
 314             clientThread = new Thread() {
 315                 public void run() {
 316                     try {
 317                         doClientSide();
 318                     } catch (Exception e) {
 319                         /*
 320                          * Our client thread just died.
 321                          */
 322                         System.err.println("Client died...");
 323                         clientException = e;
 324                     }
 325                 }
 326             };
 327             clientThread.start();
 328         } else {
 329             doClientSide();
 330         }
 331     }
 332 }