1 /* 2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // SunJSSE does not support dynamic system properties, no way to re-use 25 // system properties in samevm/agentvm mode. 26 27 /* 28 * @test 29 * @bug 7188658 30 * @summary Add possibility to disable client initiated renegotiation 31 * @run main/othervm RejectClientRenego true 32 * @run main/othervm RejectClientRenego false 33 */ 34 35 import java.io.*; 36 import java.net.*; 37 import javax.net.ssl.*; 38 39 public class RejectClientRenego implements 40 HandshakeCompletedListener { 41 42 static byte handshakesCompleted = 0; 43 44 /* 45 * Define what happens when handshaking is completed 46 */ 47 public void handshakeCompleted(HandshakeCompletedEvent event) { 48 synchronized (this) { 49 handshakesCompleted++; 50 System.out.println("Session: " + event.getSession().toString()); 51 System.out.println("Seen handshake completed #" + 52 handshakesCompleted); 53 } 54 } 55 56 /* 57 * ============================================================= 58 * Set the various variables needed for the tests, then 59 * specify what tests to run on each side. 60 */ 61 62 /* 63 * Should we run the client or server in a separate thread? 64 * Both sides can throw exceptions, but do you have a preference 65 * as to which side should be the main thread. 66 */ 67 static boolean separateServerThread = false; 68 69 /* 70 * Where do we find the keystores? 71 */ 72 static String pathToStores = "../../../../../../../etc"; 73 static String keyStoreFile = "keystore"; 74 static String trustStoreFile = "truststore"; 75 static String passwd = "passphrase"; 76 77 /* 78 * Is the server ready to serve? 79 */ 80 volatile static boolean serverReady = false; 81 82 /* 83 * Turn on SSL debugging? 84 */ 85 static boolean debug = false; 86 87 /* 88 * If the client or server is doing some kind of object creation 89 * that the other side depends on, and that thread prematurely 90 * exits, you may experience a hang. The test harness will 91 * terminate all hung threads after its timeout has expired, 92 * currently 3 minutes by default, but you might try to be 93 * smart about it.... 94 */ 95 96 /* 97 * Define the server side of the test. 98 * 99 * If the server prematurely exits, serverReady will be set to true 100 * to avoid infinite hangs. 101 */ 102 void doServerSide() throws Exception { 103 SSLServerSocketFactory sslssf = 104 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); 105 SSLServerSocket sslServerSocket = 106 (SSLServerSocket) sslssf.createServerSocket(serverPort); 107 108 serverPort = sslServerSocket.getLocalPort(); 109 110 /* 111 * Signal Client, we're ready for his connect. 112 */ 113 serverReady = true; 114 115 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); 116 sslSocket.addHandshakeCompletedListener(this); 117 InputStream sslIS = sslSocket.getInputStream(); 118 OutputStream sslOS = sslSocket.getOutputStream(); 119 120 for (int i = 0; i < 10; i++) { 121 sslIS.read(); 122 sslOS.write(85); 123 sslOS.flush(); 124 } 125 126 try { 127 for (int i = 0; i < 10; i++) { 128 System.out.println("sending/receiving data, iteration: " + i); 129 sslIS.read(); 130 sslOS.write(85); 131 sslOS.flush(); 132 } 133 throw new Exception("Not reject client initialized renegotiation"); 134 } catch (SSLHandshakeException she) { 135 System.out.println("Got the expected exception"); 136 } finally { 137 sslSocket.close(); 138 } 139 } 140 141 /* 142 * Define the client side of the test. 143 * 144 * If the server prematurely exits, serverReady will be set to true 145 * to avoid infinite hangs. 146 */ 147 void doClientSide() throws Exception { 148 149 /* 150 * Wait for server to get started. 151 */ 152 while (!serverReady) { 153 Thread.sleep(50); 154 } 155 156 SSLSocketFactory sslsf = 157 (SSLSocketFactory) SSLSocketFactory.getDefault(); 158 SSLSocket sslSocket = (SSLSocket) 159 sslsf.createSocket("localhost", serverPort); 160 161 InputStream sslIS = sslSocket.getInputStream(); 162 OutputStream sslOS = sslSocket.getOutputStream(); 163 164 for (int i = 0; i < 10; i++) { 165 sslOS.write(280); 166 sslOS.flush(); 167 sslIS.read(); 168 } 169 170 if (!isAbbreviated) { 171 System.out.println("invalidating"); 172 sslSocket.getSession().invalidate(); 173 } 174 System.out.println("starting new handshake"); 175 sslSocket.startHandshake(); 176 177 try { 178 for (int i = 0; i < 10; i++) { 179 sslOS.write(280); 180 sslOS.flush(); 181 sslIS.read(); 182 } 183 throw new Exception("Not reject client initialized renegotiation"); 184 } catch (SSLHandshakeException she) { 185 System.out.println("Got the expected exception"); 186 } finally { 187 sslSocket.close(); 188 } 189 } 190 191 /* 192 * ============================================================= 193 * The remainder is just support stuff 194 */ 195 196 // use any free port by default 197 volatile int serverPort = 0; 198 199 volatile Exception serverException = null; 200 volatile Exception clientException = null; 201 202 // Is it abbreviated handshake? 203 private static boolean isAbbreviated = false; 204 205 public static void main(String[] args) throws Exception { 206 String keyFilename = 207 System.getProperty("test.src", "./") + "/" + pathToStores + 208 "/" + keyStoreFile; 209 String trustFilename = 210 System.getProperty("test.src", "./") + "/" + pathToStores + 211 "/" + trustStoreFile; 212 213 System.setProperty("javax.net.ssl.keyStore", keyFilename); 214 System.setProperty("javax.net.ssl.keyStorePassword", passwd); 215 System.setProperty("javax.net.ssl.trustStore", trustFilename); 216 System.setProperty("javax.net.ssl.trustStorePassword", passwd); 217 218 // reject client initialized SSL renegotiation. 219 System.setProperty("jdk.tls.rejectClientInitializedRenego", "true"); 220 221 if (debug) 222 System.setProperty("javax.net.debug", "all"); 223 224 // Is it abbreviated handshake? 225 if ("true".equals(args[0])) { 226 isAbbreviated = true; 227 } 228 229 /* 230 * Start the tests. 231 */ 232 new RejectClientRenego(); 233 } 234 235 Thread clientThread = null; 236 Thread serverThread = null; 237 238 /* 239 * Primary constructor, used to drive remainder of the test. 240 * 241 * Fork off the other side, then do your work. 242 */ 243 RejectClientRenego() throws Exception { 244 if (separateServerThread) { 245 startServer(true); 246 startClient(false); 247 } else { 248 startClient(true); 249 startServer(false); 250 } 251 252 /* 253 * Wait for other side to close down. 254 */ 255 if (separateServerThread) { 256 serverThread.join(); 257 } else { 258 clientThread.join(); 259 } 260 261 /* 262 * When we get here, the test is pretty much over. 263 * 264 * If the main thread excepted, that propagates back 265 * immediately. If the other thread threw an exception, we 266 * should report back. 267 */ 268 if (serverException != null) { 269 System.out.print("Server Exception:"); 270 throw serverException; 271 } 272 if (clientException != null) { 273 System.out.print("Client Exception:"); 274 throw clientException; 275 } 276 } 277 278 void startServer(boolean newThread) throws Exception { 279 if (newThread) { 280 serverThread = new Thread() { 281 public void run() { 282 try { 283 doServerSide(); 284 } catch (Exception e) { 285 /* 286 * Our server thread just died. 287 * 288 * Release the client, if not active already... 289 */ 290 System.err.println("Server died..."); 291 serverReady = true; 292 serverException = e; 293 } 294 } 295 }; 296 serverThread.start(); 297 } else { 298 doServerSide(); 299 } 300 } 301 302 void startClient(boolean newThread) throws Exception { 303 if (newThread) { 304 clientThread = new Thread() { 305 public void run() { 306 try { 307 doClientSide(); 308 } catch (Exception e) { 309 /* 310 * Our client thread just died. 311 */ 312 System.err.println("Client died..."); 313 clientException = e; 314 } 315 } 316 }; 317 clientThread.start(); 318 } else { 319 doClientSide(); 320 } 321 } 322 }