1 /*
2 * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test 1.3 01/03/08
26 * @bug 4330535
27 * @summary Client should follow suite order in
28 * SSLSocket.setEnabledCipherSuites()
29 * @run main/othervm CipherSuiteOrder
30 *
31 * SunJSSE does not support dynamic system properties, no way to re-use
32 * system properties in samevm/agentvm mode.
33 * @author Jaya Hangal
34 */
35
36 import java.io.*;
37 import java.net.*;
38 import javax.net.ssl.*;
39
40 public class CipherSuiteOrder {
41
42 /*
43 * =============================================================
44 * Set the various variables needed for the tests, then
45 * specify what tests to run on each side.
46 */
47
48 /*
49 * Should we run the client or server in a separate thread?
50 * Both sides can throw exceptions, but do you have a preference
51 * as to which side should be the main thread.
52 */
53 static boolean separateServerThread = true;
54
55 /*
56 * Where do we find the keystores?
57 */
58 static String pathToStores = "/../../../../../../../etc";
59 static String keyStoreFile = "keystore";
60 static String trustStoreFile = "truststore";
61 static String passwd = "passphrase";
62
63 /*
64 * Is the server ready to serve?
65 */
66 volatile static boolean serverReady = false;
67
68 /*
69 * Turn on SSL debugging?
70 */
71 static boolean debug = false;
72
73 /*
74 * If the client or server is doing some kind of object creation
75 * that the other side depends on, and that thread prematurely
76 * exits, you may experience a hang. The test harness will
77 * terminate all hung threads after its timeout has expired,
78 * currently 3 minutes by default, but you might try to be
79 * smart about it....
80 */
81
82 /*
83 * Define the server side of the test.
84 *
85 * If the server prematurely exits, serverReady will be set to true
86 * to avoid infinite hangs.
87 */
88 void doServerSide() throws Exception {
89 SSLServerSocketFactory sslssf =
90 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
91 SSLServerSocket sslServerSocket =
92 (SSLServerSocket) sslssf.createServerSocket(serverPort);
93
94 serverPort = sslServerSocket.getLocalPort();
95
96 /*
97 * Signal Client, we're ready for this connect.
98 */
99 serverReady = true;
100 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
101
102 /**
103 * The suite "SSL_RSA_WITH_RC4_128_MD5" is first in the
104 * client ordered cipher suite list. Place it last in this
105 * list to make sure that the server conforms to the client set
106 * ordering in choosing the cipher suite to use.
107 */
108 String enabledSuites[] = {
109 "SSL_RSA_WITH_DES_CBC_SHA",
110 "SSL_DHE_DSS_WITH_DES_CBC_SHA",
111 "SSL_RSA_WITH_RC4_128_MD5"
112 };
113 sslSocket.setEnabledCipherSuites(enabledSuites);
114 System.out.println("");
115 System.out.println("server enabled suites: ");
116 System.out.println("=====================");
117 String suites[] = sslSocket.getEnabledCipherSuites();
118 for (int i = 0; i < suites.length; i++)
119 System.out.println(suites[i]);
120 System.out.println("");
121
122 InputStream sslIS = sslSocket.getInputStream();
123 OutputStream sslOS = sslSocket.getOutputStream();
124
125 int read = sslIS.read();
126 System.out.println("Server read: " + read);
127 sslOS.write(85);
128 sslOS.flush();
129 String cipherSuiteChosen = sslSocket.getSession().getCipherSuite();
130 System.out.println("Cipher suite in use: " +
131 cipherSuiteChosen);
132 sslSocket.close();
133 if (!cipherSuiteChosen.equals("SSL_RSA_WITH_RC4_128_MD5"))
134 throw new Exception("Test failed: Wrong cipher suite is chosen");
135 }
136
137 /*
138 * Define the client side of the test.
139 *
140 * If the server prematurely exits, serverReady will be set to true
141 * to avoid infinite hangs.
142 */
143 void doClientSide() throws Exception {
144
145 /*
146 * Wait for server to get started.
147 */
148 while (!serverReady) {
149 Thread.sleep(50);
150 }
151
152 SSLSocketFactory sslsf =
153 (SSLSocketFactory) SSLSocketFactory.getDefault();
154 SSLSocket sslSocket = (SSLSocket)
155 sslsf.createSocket("localhost", serverPort);
156
157 /*
158 * Pick a random order for the suites that is different from the
159 * default ordering.
160 */
161 String enabledSuites[] = {
162 "SSL_RSA_WITH_RC4_128_MD5",
163 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
164 "SSL_RSA_WITH_RC4_128_SHA",
165 "SSL_DHE_DSS_WITH_DES_CBC_SHA"
166 };
167 sslSocket.setEnabledCipherSuites(enabledSuites);
168 System.out.println("");
169 System.out.println("client enabled suites: ");
170 System.out.println("======================");
171 String[] suites = sslSocket.getEnabledCipherSuites();
172 for (int i = 0; i < suites.length; i++)
173 System.out.println(suites[i]);
174 System.out.println("");
175
176 InputStream sslIS = sslSocket.getInputStream();
177 OutputStream sslOS = sslSocket.getOutputStream();
178
179 sslOS.write(80);
180 sslOS.flush();
181 int read = sslIS.read();
182 System.out.println("client read: " + read);
183
184 sslSocket.close();
185 }
186
187 /*
188 * =============================================================
189 * The remainder is just support stuff
190 */
191
192 // use any free port by default
193 volatile int serverPort = 0;
194
195 volatile Exception serverException = null;
196 volatile Exception clientException = null;
197
198 public static void main(String[] args) throws Exception {
199 String keyFilename =
200 System.getProperty("test.src", "./") + "/" + pathToStores +
201 "/" + keyStoreFile;
202 String trustFilename =
203 System.getProperty("test.src", "./") + "/" + pathToStores +
204 "/" + trustStoreFile;
205
206 System.setProperty("javax.net.ssl.keyStore", keyFilename);
207 System.setProperty("javax.net.ssl.keyStorePassword", passwd);
208 System.setProperty("javax.net.ssl.trustStore", trustFilename);
209 System.setProperty("javax.net.ssl.trustStorePassword", passwd);
210
211 if (debug)
212 System.setProperty("javax.net.debug", "all");
213
214 /*
215 * Start the tests.
216 */
217 new CipherSuiteOrder();
218 }
219
220 Thread clientThread = null;
221 Thread serverThread = null;
222
223 /*
224 * Primary constructor, used to drive remainder of the test.
225 *
226 * Fork off the other side, then do your work.
227 */
228 CipherSuiteOrder() throws Exception {
229 if (separateServerThread) {
230 startServer(true);
231 startClient(false);
232 } else {
233 startClient(true);
234 startServer(false);
235 }
236
237 /*
238 * Wait for other side to close down.
239 */
240 if (separateServerThread) {
241 serverThread.join();
242 } else {
243 clientThread.join();
244 }
245
246 /*
247 * When we get here, the test is pretty much over.
248 *
249 * If the main thread excepted, that propagates back
250 * immediately. If the other thread threw an exception, we
251 * should report back.
252 */
253 if (serverException != null)
254 throw serverException;
255 if (clientException != null)
256 throw clientException;
257 }
258
259 void startServer(boolean newThread) throws Exception {
260 if (newThread) {
261 serverThread = new Thread() {
262 public void run() {
263 try {
264 doServerSide();
265 } catch (Exception e) {
266 /*
267 * Our server thread just died.
268 *
269 * Release the client, if not active already...
270 */
271 System.err.println("Server died..." + e);
272 serverReady = true;
273 serverException = e;
274 }
275 }
276 };
277 serverThread.start();
278 } else {
279 doServerSide();
280 }
281 }
282
283 void startClient(boolean newThread) throws Exception {
284 if (newThread) {
285 clientThread = new Thread() {
286 public void run() {
287 try {
288 doClientSide();
289 } catch (Exception e) {
290 /*
291 * Our client thread just died.
292 */
293 System.err.println("Client died...");
294 clientException = e;
295 }
296 }
297 };
298 clientThread.start();
299 } else {
300 doClientSide();
301 }
302 }
303 }