1 /* 2 * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 1.3 01/03/08 26 * @bug 4330535 27 * @summary Client should follow suite order in 28 * SSLSocket.setEnabledCipherSuites() 29 * @run main/othervm CipherSuiteOrder 30 * 31 * SunJSSE does not support dynamic system properties, no way to re-use 32 * system properties in samevm/agentvm mode. 33 * @author Jaya Hangal 34 */ 35 36 import java.io.*; 37 import java.net.*; 38 import javax.net.ssl.*; 39 40 public class CipherSuiteOrder { 41 42 /* 43 * ============================================================= 44 * Set the various variables needed for the tests, then 45 * specify what tests to run on each side. 46 */ 47 48 /* 49 * Should we run the client or server in a separate thread? 50 * Both sides can throw exceptions, but do you have a preference 51 * as to which side should be the main thread. 52 */ 53 static boolean separateServerThread = true; 54 55 /* 56 * Where do we find the keystores? 57 */ 58 static String pathToStores = "/../../../../../../../etc"; 59 static String keyStoreFile = "keystore"; 60 static String trustStoreFile = "truststore"; 61 static String passwd = "passphrase"; 62 63 /* 64 * Is the server ready to serve? 65 */ 66 volatile static boolean serverReady = false; 67 68 /* 69 * Turn on SSL debugging? 70 */ 71 static boolean debug = false; 72 73 /* 74 * If the client or server is doing some kind of object creation 75 * that the other side depends on, and that thread prematurely 76 * exits, you may experience a hang. The test harness will 77 * terminate all hung threads after its timeout has expired, 78 * currently 3 minutes by default, but you might try to be 79 * smart about it.... 80 */ 81 82 /* 83 * Define the server side of the test. 84 * 85 * If the server prematurely exits, serverReady will be set to true 86 * to avoid infinite hangs. 87 */ 88 void doServerSide() throws Exception { 89 SSLServerSocketFactory sslssf = 90 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); 91 SSLServerSocket sslServerSocket = 92 (SSLServerSocket) sslssf.createServerSocket(serverPort); 93 94 serverPort = sslServerSocket.getLocalPort(); 95 96 /* 97 * Signal Client, we're ready for this connect. 98 */ 99 serverReady = true; 100 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); 101 102 /** 103 * The suite "SSL_RSA_WITH_RC4_128_MD5" is first in the 104 * client ordered cipher suite list. Place it last in this 105 * list to make sure that the server conforms to the client set 106 * ordering in choosing the cipher suite to use. 107 */ 108 String enabledSuites[] = { 109 "SSL_RSA_WITH_DES_CBC_SHA", 110 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 111 "SSL_RSA_WITH_RC4_128_MD5" 112 }; 113 sslSocket.setEnabledCipherSuites(enabledSuites); 114 System.out.println(""); 115 System.out.println("server enabled suites: "); 116 System.out.println("====================="); 117 String suites[] = sslSocket.getEnabledCipherSuites(); 118 for (int i = 0; i < suites.length; i++) 119 System.out.println(suites[i]); 120 System.out.println(""); 121 122 InputStream sslIS = sslSocket.getInputStream(); 123 OutputStream sslOS = sslSocket.getOutputStream(); 124 125 int read = sslIS.read(); 126 System.out.println("Server read: " + read); 127 sslOS.write(85); 128 sslOS.flush(); 129 String cipherSuiteChosen = sslSocket.getSession().getCipherSuite(); 130 System.out.println("Cipher suite in use: " + 131 cipherSuiteChosen); 132 sslSocket.close(); 133 if (!cipherSuiteChosen.equals("SSL_RSA_WITH_RC4_128_MD5")) 134 throw new Exception("Test failed: Wrong cipher suite is chosen"); 135 } 136 137 /* 138 * Define the client side of the test. 139 * 140 * If the server prematurely exits, serverReady will be set to true 141 * to avoid infinite hangs. 142 */ 143 void doClientSide() throws Exception { 144 145 /* 146 * Wait for server to get started. 147 */ 148 while (!serverReady) { 149 Thread.sleep(50); 150 } 151 152 SSLSocketFactory sslsf = 153 (SSLSocketFactory) SSLSocketFactory.getDefault(); 154 SSLSocket sslSocket = (SSLSocket) 155 sslsf.createSocket("localhost", serverPort); 156 157 /* 158 * Pick a random order for the suites that is different from the 159 * default ordering. 160 */ 161 String enabledSuites[] = { 162 "SSL_RSA_WITH_RC4_128_MD5", 163 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 164 "SSL_RSA_WITH_RC4_128_SHA", 165 "SSL_DHE_DSS_WITH_DES_CBC_SHA" 166 }; 167 sslSocket.setEnabledCipherSuites(enabledSuites); 168 System.out.println(""); 169 System.out.println("client enabled suites: "); 170 System.out.println("======================"); 171 String[] suites = sslSocket.getEnabledCipherSuites(); 172 for (int i = 0; i < suites.length; i++) 173 System.out.println(suites[i]); 174 System.out.println(""); 175 176 InputStream sslIS = sslSocket.getInputStream(); 177 OutputStream sslOS = sslSocket.getOutputStream(); 178 179 sslOS.write(80); 180 sslOS.flush(); 181 int read = sslIS.read(); 182 System.out.println("client read: " + read); 183 184 sslSocket.close(); 185 } 186 187 /* 188 * ============================================================= 189 * The remainder is just support stuff 190 */ 191 192 // use any free port by default 193 volatile int serverPort = 0; 194 195 volatile Exception serverException = null; 196 volatile Exception clientException = null; 197 198 public static void main(String[] args) throws Exception { 199 String keyFilename = 200 System.getProperty("test.src", "./") + "/" + pathToStores + 201 "/" + keyStoreFile; 202 String trustFilename = 203 System.getProperty("test.src", "./") + "/" + pathToStores + 204 "/" + trustStoreFile; 205 206 System.setProperty("javax.net.ssl.keyStore", keyFilename); 207 System.setProperty("javax.net.ssl.keyStorePassword", passwd); 208 System.setProperty("javax.net.ssl.trustStore", trustFilename); 209 System.setProperty("javax.net.ssl.trustStorePassword", passwd); 210 211 if (debug) 212 System.setProperty("javax.net.debug", "all"); 213 214 /* 215 * Start the tests. 216 */ 217 new CipherSuiteOrder(); 218 } 219 220 Thread clientThread = null; 221 Thread serverThread = null; 222 223 /* 224 * Primary constructor, used to drive remainder of the test. 225 * 226 * Fork off the other side, then do your work. 227 */ 228 CipherSuiteOrder() throws Exception { 229 if (separateServerThread) { 230 startServer(true); 231 startClient(false); 232 } else { 233 startClient(true); 234 startServer(false); 235 } 236 237 /* 238 * Wait for other side to close down. 239 */ 240 if (separateServerThread) { 241 serverThread.join(); 242 } else { 243 clientThread.join(); 244 } 245 246 /* 247 * When we get here, the test is pretty much over. 248 * 249 * If the main thread excepted, that propagates back 250 * immediately. If the other thread threw an exception, we 251 * should report back. 252 */ 253 if (serverException != null) 254 throw serverException; 255 if (clientException != null) 256 throw clientException; 257 } 258 259 void startServer(boolean newThread) throws Exception { 260 if (newThread) { 261 serverThread = new Thread() { 262 public void run() { 263 try { 264 doServerSide(); 265 } catch (Exception e) { 266 /* 267 * Our server thread just died. 268 * 269 * Release the client, if not active already... 270 */ 271 System.err.println("Server died..." + e); 272 serverReady = true; 273 serverException = e; 274 } 275 } 276 }; 277 serverThread.start(); 278 } else { 279 doServerSide(); 280 } 281 } 282 283 void startClient(boolean newThread) throws Exception { 284 if (newThread) { 285 clientThread = new Thread() { 286 public void run() { 287 try { 288 doClientSide(); 289 } catch (Exception e) { 290 /* 291 * Our client thread just died. 292 */ 293 System.err.println("Client died..."); 294 clientException = e; 295 } 296 } 297 }; 298 clientThread.start(); 299 } else { 300 doClientSide(); 301 } 302 } 303 }