1 /* 2 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // SunJSSE does not support dynamic system properties, no way to re-use 26 // system properties in samevm/agentvm mode. 27 // 28 29 /** 30 * @test 31 * @bug 7068321 32 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server 33 * @library ../templates 34 * @build SSLCapabilities SSLExplorer 35 * @run main/othervm SSLSocketExplorerFailure SSLv2Hello,SSLv3 36 * @run main/othervm SSLSocketExplorerFailure SSLv3 37 * @run main/othervm SSLSocketExplorerFailure TLSv1 38 * @run main/othervm SSLSocketExplorerFailure TLSv1.1 39 * @run main/othervm SSLSocketExplorerFailure TLSv1.2 40 */ 41 42 import java.io.*; 43 import java.nio.*; 44 import java.nio.channels.*; 45 import java.util.*; 46 import java.net.*; 47 import javax.net.ssl.*; 48 import java.security.Security; 49 50 public class SSLSocketExplorerFailure { 51 52 /* 53 * ============================================================= 54 * Set the various variables needed for the tests, then 55 * specify what tests to run on each side. 56 */ 57 58 /* 59 * Should we run the client or server in a separate thread? 60 * Both sides can throw exceptions, but do you have a preference 61 * as to which side should be the main thread. 62 */ 63 static boolean separateServerThread = true; 64 65 /* 66 * Where do we find the keystores? 67 */ 68 static String pathToStores = "../etc"; 69 static String keyStoreFile = "keystore"; 70 static String trustStoreFile = "truststore"; 71 static String passwd = "passphrase"; 72 73 /* 74 * Is the server ready to serve? 75 */ 76 volatile static boolean serverReady = false; 77 78 /* 79 * Turn on SSL debugging? 80 */ 81 static boolean debug = false; 82 83 /* 84 * If the client or server is doing some kind of object creation 85 * that the other side depends on, and that thread prematurely 86 * exits, you may experience a hang. The test harness will 87 * terminate all hung threads after its timeout has expired, 88 * currently 3 minutes by default, but you might try to be 89 * smart about it.... 90 */ 91 92 /* 93 * Define the server side of the test. 94 * 95 * If the server prematurely exits, serverReady will be set to true 96 * to avoid infinite hangs. 97 */ 98 void doServerSide() throws Exception { 99 100 ServerSocket serverSocket = new ServerSocket(serverPort); 101 102 // Signal Client, we're ready for his connect. 103 serverPort = serverSocket.getLocalPort(); 104 serverReady = true; 105 106 Socket socket = serverSocket.accept(); 107 InputStream ins = socket.getInputStream(); 108 109 byte[] buffer = new byte[0xFF]; 110 int position = 0; 111 SSLCapabilities capabilities = null; 112 boolean failed = false; 113 try { 114 // Read the header of TLS record 115 while (position < SSLExplorer.RECORD_HEADER_SIZE) { 116 int count = SSLExplorer.RECORD_HEADER_SIZE - position; 117 int n = ins.read(buffer, position, count); 118 if (n < 0) { 119 throw new Exception("unexpected end of stream!"); 120 } 121 position += n; 122 } 123 124 int recordLength = SSLExplorer.getRequiredSize(buffer, 0, position); 125 if (buffer.length < recordLength) { 126 buffer = Arrays.copyOf(buffer, recordLength); 127 } 128 129 while (position < recordLength) { 130 int count = recordLength - position; 131 int n = ins.read(buffer, position, count); 132 if (n < 0) { 133 throw new Exception("unexpected end of stream!"); 134 } 135 position += n; 136 } 137 138 capabilities = SSLExplorer.explore(buffer, 0, recordLength);; 139 if (capabilities != null) { 140 System.out.println("Record version: " + 141 capabilities.getRecordVersion()); 142 System.out.println("Hello version: " + 143 capabilities.getHelloVersion()); 144 } 145 146 // want an I/O exception 147 throw new IOException("We just want a I/O exception"); 148 } catch (Exception e) { 149 failed = true; 150 } 151 152 // off course, the above explore failed. Faile to failure handler 153 SSLContext context = SSLContext.getInstance("TLS"); 154 context.init(null, null, null); 155 SSLSocketFactory sslsf = context.getSocketFactory(); 156 ByteArrayInputStream bais = 157 new ByteArrayInputStream(buffer, 0, position); 158 SSLSocket sslSocket = (SSLSocket)sslsf.createSocket(socket, bais, true); 159 160 try { 161 InputStream sslIS = sslSocket.getInputStream(); 162 OutputStream sslOS = sslSocket.getOutputStream(); 163 164 sslIS.read(); 165 if (!failed) { 166 sslOS.write(85); 167 sslOS.flush(); 168 } else { 169 sslSocket.close(); 170 } 171 } catch (Exception e) { 172 System.out.println("server exception " + e); 173 } finally { 174 sslSocket.close(); 175 serverSocket.close(); 176 } 177 } 178 179 180 /* 181 * Define the client side of the test. 182 * 183 * If the server prematurely exits, serverReady will be set to true 184 * to avoid infinite hangs. 185 */ 186 void doClientSide() throws Exception { 187 188 /* 189 * Wait for server to get started. 190 */ 191 while (!serverReady) { 192 Thread.sleep(50); 193 } 194 195 SSLSocketFactory sslsf = 196 (SSLSocketFactory) SSLSocketFactory.getDefault(); 197 SSLSocket sslSocket = (SSLSocket) 198 sslsf.createSocket("localhost", serverPort); 199 200 // enable the specified TLS protocol 201 sslSocket.setEnabledProtocols(supportedProtocols); 202 203 try { 204 InputStream sslIS = sslSocket.getInputStream(); 205 OutputStream sslOS = sslSocket.getOutputStream(); 206 207 sslOS.write(280); 208 sslOS.flush(); 209 sslIS.read(); 210 } catch (Exception e) { 211 System.out.println("client exception " + e); 212 } finally { 213 sslSocket.close(); 214 } 215 } 216 217 private static String[] supportedProtocols; // supported protocols 218 219 private static void parseArguments(String[] args) { 220 supportedProtocols = args[0].split(","); 221 } 222 223 224 /* 225 * ============================================================= 226 * The remainder is just support stuff 227 */ 228 229 // use any free port by default 230 volatile int serverPort = 0; 231 232 volatile Exception serverException = null; 233 volatile Exception clientException = null; 234 235 public static void main(String[] args) throws Exception { 236 Security.setProperty("jdk.tls.disabledAlgorithms", ""); 237 Security.setProperty("jdk.certpath.disabledAlgorithms", ""); 238 239 String keyFilename = 240 System.getProperty("test.src", ".") + "/" + pathToStores + 241 "/" + keyStoreFile; 242 String trustFilename = 243 System.getProperty("test.src", ".") + "/" + pathToStores + 244 "/" + trustStoreFile; 245 246 System.setProperty("javax.net.ssl.keyStore", keyFilename); 247 System.setProperty("javax.net.ssl.keyStorePassword", passwd); 248 System.setProperty("javax.net.ssl.trustStore", trustFilename); 249 System.setProperty("javax.net.ssl.trustStorePassword", passwd); 250 251 if (debug) 252 System.setProperty("javax.net.debug", "all"); 253 254 /* 255 * Get the customized arguments. 256 */ 257 parseArguments(args); 258 259 /* 260 * Start the tests. 261 */ 262 new SSLSocketExplorerFailure(); 263 } 264 265 Thread clientThread = null; 266 Thread serverThread = null; 267 268 /* 269 * Primary constructor, used to drive remainder of the test. 270 * 271 * Fork off the other side, then do your work. 272 */ 273 SSLSocketExplorerFailure() throws Exception { 274 try { 275 if (separateServerThread) { 276 startServer(true); 277 startClient(false); 278 } else { 279 startClient(true); 280 startServer(false); 281 } 282 } catch (Exception e) { 283 // swallow for now. Show later 284 } 285 286 /* 287 * Wait for other side to close down. 288 */ 289 if (separateServerThread) { 290 serverThread.join(); 291 } else { 292 clientThread.join(); 293 } 294 295 /* 296 * When we get here, the test is pretty much over. 297 * Which side threw the error? 298 */ 299 Exception local; 300 Exception remote; 301 String whichRemote; 302 303 if (separateServerThread) { 304 remote = serverException; 305 local = clientException; 306 whichRemote = "server"; 307 } else { 308 remote = clientException; 309 local = serverException; 310 whichRemote = "client"; 311 } 312 313 /* 314 * If both failed, return the curthread's exception, but also 315 * print the remote side Exception 316 */ 317 if ((local != null) && (remote != null)) { 318 System.out.println(whichRemote + " also threw:"); 319 remote.printStackTrace(); 320 System.out.println(); 321 throw local; 322 } 323 324 if (remote != null) { 325 throw remote; 326 } 327 328 if (local != null) { 329 throw local; 330 } 331 } 332 333 void startServer(boolean newThread) throws Exception { 334 if (newThread) { 335 serverThread = new Thread() { 336 public void run() { 337 try { 338 doServerSide(); 339 } catch (Exception e) { 340 /* 341 * Our server thread just died. 342 * 343 * Release the client, if not active already... 344 */ 345 System.err.println("Server died..."); 346 serverReady = true; 347 serverException = e; 348 } 349 } 350 }; 351 serverThread.start(); 352 } else { 353 try { 354 doServerSide(); 355 } catch (Exception e) { 356 serverException = e; 357 } finally { 358 serverReady = true; 359 } 360 } 361 } 362 363 void startClient(boolean newThread) throws Exception { 364 if (newThread) { 365 clientThread = new Thread() { 366 public void run() { 367 try { 368 doClientSide(); 369 } catch (Exception e) { 370 /* 371 * Our client thread just died. 372 */ 373 System.err.println("Client died..."); 374 clientException = e; 375 } 376 } 377 }; 378 clientThread.start(); 379 } else { 380 try { 381 doClientSide(); 382 } catch (Exception e) { 383 clientException = e; 384 } 385 } 386 } 387 }