1 /* 2 * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 /* 27 * @test 28 * @bug 4873188 29 * @summary Support TLS 1.1 30 * @run main/othervm ExportableBlockCipher 31 * 32 * SunJSSE does not support dynamic system properties, no way to re-use 33 * system properties in samevm/agentvm mode. 34 * 35 * @author Xuelei Fan 36 */ 37 38 import java.io.*; 39 import java.net.*; 40 import javax.net.ssl.*; 41 42 public class ExportableBlockCipher { 43 44 /* 45 * ============================================================= 46 * Set the various variables needed for the tests, then 47 * specify what tests to run on each side. 48 */ 49 50 /* 51 * Should we run the client or server in a separate thread? 52 * Both sides can throw exceptions, but do you have a preference 53 * as to which side should be the main thread. 54 */ 55 static boolean separateServerThread = false; 56 57 /* 58 * Where do we find the keystores? 59 */ 60 static String pathToStores = "../etc"; 61 static String keyStoreFile = "keystore"; 62 static String trustStoreFile = "truststore"; 63 static String passwd = "passphrase"; 64 65 /* 66 * Is the server ready to serve? 67 */ 68 volatile static boolean serverReady = false; 69 70 /* 71 * Turn on SSL debugging? 72 */ 73 static boolean debug = false; 74 75 /* 76 * If the client or server is doing some kind of object creation 77 * that the other side depends on, and that thread prematurely 78 * exits, you may experience a hang. The test harness will 79 * terminate all hung threads after its timeout has expired, 80 * currently 3 minutes by default, but you might try to be 81 * smart about it.... 82 */ 83 84 /* 85 * Define the server side of the test. 86 * 87 * If the server prematurely exits, serverReady will be set to true 88 * to avoid infinite hangs. 89 */ 90 void doServerSide() throws Exception { 91 SSLServerSocketFactory sslssf = 92 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); 93 SSLServerSocket sslServerSocket = 94 (SSLServerSocket) sslssf.createServerSocket(serverPort); 95 96 serverPort = sslServerSocket.getLocalPort(); 97 98 /* 99 * Signal Client, we're ready for his connect. 100 */ 101 serverReady = true; 102 103 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); 104 InputStream sslIS = sslSocket.getInputStream(); 105 OutputStream sslOS = sslSocket.getOutputStream(); 106 107 boolean interrupted = false; 108 try { 109 sslIS.read(); 110 sslOS.write('A'); 111 sslOS.flush(); 112 } catch (SSLException ssle) { 113 // get the expected exception 114 interrupted = true; 115 } finally { 116 sslSocket.close(); 117 } 118 119 if (!interrupted) { 120 throw new SSLHandshakeException( 121 "A weak cipher suite is negotiated, " + 122 "TLSv1.1 must not negotiate the exportable cipher suites."); 123 } 124 } 125 126 /* 127 * Define the client side of the test. 128 * 129 * If the server prematurely exits, serverReady will be set to true 130 * to avoid infinite hangs. 131 */ 132 void doClientSide() throws Exception { 133 134 /* 135 * Wait for server to get started. 136 */ 137 while (!serverReady) { 138 Thread.sleep(50); 139 } 140 141 SSLSocketFactory sslsf = 142 (SSLSocketFactory) SSLSocketFactory.getDefault(); 143 SSLSocket sslSocket = (SSLSocket) 144 sslsf.createSocket("localhost", serverPort); 145 146 // enable TLSv1.1 only 147 sslSocket.setEnabledProtocols(new String[] {"TLSv1.1"}); 148 149 // enable a exportable block cipher 150 sslSocket.setEnabledCipherSuites( 151 new String[] {"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"}); 152 153 InputStream sslIS = sslSocket.getInputStream(); 154 OutputStream sslOS = sslSocket.getOutputStream(); 155 156 boolean interrupted = false; 157 try { 158 sslOS.write('B'); 159 sslOS.flush(); 160 sslIS.read(); 161 } catch (SSLException ssle) { 162 // get the expected exception 163 interrupted = true; 164 } finally { 165 sslSocket.close(); 166 } 167 168 if (!interrupted) { 169 throw new SSLHandshakeException( 170 "A weak cipher suite is negotiated, " + 171 "TLSv1.1 must not negotiate the exportable cipher suites."); 172 } 173 } 174 175 /* 176 * ============================================================= 177 * The remainder is just support stuff 178 */ 179 180 // use any free port by default 181 volatile int serverPort = 0; 182 183 volatile Exception serverException = null; 184 volatile Exception clientException = null; 185 186 public static void main(String[] args) throws Exception { 187 String keyFilename = 188 System.getProperty("test.src", ".") + "/" + pathToStores + 189 "/" + keyStoreFile; 190 String trustFilename = 191 System.getProperty("test.src", ".") + "/" + pathToStores + 192 "/" + trustStoreFile; 193 194 System.setProperty("javax.net.ssl.keyStore", keyFilename); 195 System.setProperty("javax.net.ssl.keyStorePassword", passwd); 196 System.setProperty("javax.net.ssl.trustStore", trustFilename); 197 System.setProperty("javax.net.ssl.trustStorePassword", passwd); 198 199 if (debug) 200 System.setProperty("javax.net.debug", "all"); 201 202 /* 203 * Start the tests. 204 */ 205 new ExportableBlockCipher(); 206 } 207 208 Thread clientThread = null; 209 Thread serverThread = null; 210 211 /* 212 * Primary constructor, used to drive remainder of the test. 213 * 214 * Fork off the other side, then do your work. 215 */ 216 ExportableBlockCipher() throws Exception { 217 try { 218 if (separateServerThread) { 219 startServer(true); 220 startClient(false); 221 } else { 222 startClient(true); 223 startServer(false); 224 } 225 } catch (Exception e) { 226 // swallow for now. Show later 227 } 228 229 /* 230 * Wait for other side to close down. 231 */ 232 if (separateServerThread) { 233 serverThread.join(); 234 } else { 235 clientThread.join(); 236 } 237 238 /* 239 * When we get here, the test is pretty much over. 240 * Which side threw the error? 241 */ 242 Exception local; 243 Exception remote; 244 String whichRemote; 245 246 if (separateServerThread) { 247 remote = serverException; 248 local = clientException; 249 whichRemote = "server"; 250 } else { 251 remote = clientException; 252 local = serverException; 253 whichRemote = "client"; 254 } 255 256 /* 257 * If both failed, return the curthread's exception, but also 258 * print the remote side Exception 259 */ 260 if ((local != null) && (remote != null)) { 261 System.out.println(whichRemote + " also threw:"); 262 remote.printStackTrace(); 263 System.out.println(); 264 throw local; 265 } 266 267 if (remote != null) { 268 throw remote; 269 } 270 271 if (local != null) { 272 throw local; 273 } 274 } 275 276 void startServer(boolean newThread) throws Exception { 277 if (newThread) { 278 serverThread = new Thread() { 279 public void run() { 280 try { 281 doServerSide(); 282 } catch (Exception e) { 283 /* 284 * Our server thread just died. 285 * 286 * Release the client, if not active already... 287 */ 288 System.err.println("Server died..."); 289 serverReady = true; 290 serverException = e; 291 } 292 } 293 }; 294 serverThread.start(); 295 } else { 296 try { 297 doServerSide(); 298 } catch (Exception e) { 299 serverException = e; 300 } finally { 301 serverReady = true; 302 } 303 } 304 } 305 306 void startClient(boolean newThread) throws Exception { 307 if (newThread) { 308 clientThread = new Thread() { 309 public void run() { 310 try { 311 doClientSide(); 312 } catch (Exception e) { 313 /* 314 * Our client thread just died. 315 */ 316 System.err.println("Client died..."); 317 clientException = e; 318 } 319 } 320 }; 321 clientThread.start(); 322 } else { 323 try { 324 doClientSide(); 325 } catch (Exception e) { 326 clientException = e; 327 } 328 } 329 } 330 }