1 /* 2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // SunJSSE does not support dynamic system properties, no way to re-use 26 // system properties in samevm/agentvm mode. 27 // 28 29 /* 30 * @test 31 * @bug 7188657 32 * @summary There should be a way to reorder the JSSE ciphers 33 * @run main/othervm UseCipherSuitesOrder 34 * TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA 35 */ 36 37 import java.io.*; 38 import java.net.*; 39 import javax.net.ssl.*; 40 import java.util.Arrays; 41 42 public class UseCipherSuitesOrder { 43 44 /* 45 * ============================================================= 46 * Set the various variables needed for the tests, then 47 * specify what tests to run on each side. 48 */ 49 50 /* 51 * Should we run the client or server in a separate thread? 52 * Both sides can throw exceptions, but do you have a preference 53 * as to which side should be the main thread. 54 */ 55 static boolean separateServerThread = false; 56 57 /* 58 * Where do we find the keystores? 59 */ 60 static String pathToStores = "../../../../etc"; 61 static String keyStoreFile = "keystore"; 62 static String trustStoreFile = "truststore"; 63 static String passwd = "passphrase"; 64 65 /* 66 * Is the server ready to serve? 67 */ 68 volatile static boolean serverReady = false; 69 70 /* 71 * Turn on SSL debugging? 72 */ 73 static boolean debug = false; 74 75 /* 76 * If the client or server is doing some kind of object creation 77 * that the other side depends on, and that thread prematurely 78 * exits, you may experience a hang. The test harness will 79 * terminate all hung threads after its timeout has expired, 80 * currently 3 minutes by default, but you might try to be 81 * smart about it.... 82 */ 83 84 /* 85 * Define the server side of the test. 86 * 87 * If the server prematurely exits, serverReady will be set to true 88 * to avoid infinite hangs. 89 */ 90 void doServerSide() throws Exception { 91 SSLServerSocketFactory sslssf = 92 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); 93 SSLServerSocket sslServerSocket = 94 (SSLServerSocket) sslssf.createServerSocket(serverPort); 95 serverPort = sslServerSocket.getLocalPort(); 96 97 // use local cipher suites preference 98 SSLParameters params = sslServerSocket.getSSLParameters(); 99 params.setUseCipherSuitesOrder(true); 100 params.setCipherSuites(srvEnabledCipherSuites); 101 sslServerSocket.setSSLParameters(params); 102 103 /* 104 * Signal Client, we're ready for his connect. 105 */ 106 serverReady = true; 107 108 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); 109 InputStream sslIS = sslSocket.getInputStream(); 110 OutputStream sslOS = sslSocket.getOutputStream(); 111 112 sslIS.read(); 113 sslOS.write(85); 114 sslOS.flush(); 115 116 SSLSession session = sslSocket.getSession(); 117 if (!srvEnabledCipherSuites[0].equals(session.getCipherSuite())) { 118 throw new Exception( 119 "Expected to negotiate " + srvEnabledCipherSuites[0] + 120 " , but not " + session.getCipherSuite()); 121 } 122 123 sslSocket.close(); 124 } 125 126 /* 127 * Define the client side of the test. 128 * 129 * If the server prematurely exits, serverReady will be set to true 130 * to avoid infinite hangs. 131 */ 132 void doClientSide() throws Exception { 133 134 /* 135 * Wait for server to get started. 136 */ 137 while (!serverReady) { 138 Thread.sleep(50); 139 } 140 141 SSLSocketFactory sslsf = 142 (SSLSocketFactory) SSLSocketFactory.getDefault(); 143 SSLSocket sslSocket = (SSLSocket) 144 sslsf.createSocket("localhost", serverPort); 145 sslSocket.setEnabledCipherSuites(cliEnabledCipherSuites); 146 147 InputStream sslIS = sslSocket.getInputStream(); 148 OutputStream sslOS = sslSocket.getOutputStream(); 149 150 sslOS.write(280); 151 sslOS.flush(); 152 sslIS.read(); 153 154 sslSocket.close(); 155 } 156 157 // client enabled cipher suites 158 private static String[] cliEnabledCipherSuites; 159 160 // server enabled cipher suites 161 private static String[] srvEnabledCipherSuites; 162 163 private static void parseArguments(String[] args) throws Exception { 164 if (args.length != 1) { 165 System.out.println("Usage: java UseCipherSuitesOrder ciphersuites"); 166 System.out.println("\tciphersuites: " + 167 "a list of enabled cipher suites, separated with comma"); 168 throw new Exception("Incorrect usage"); 169 } 170 171 cliEnabledCipherSuites = args[0].split(","); 172 173 if (cliEnabledCipherSuites.length < 2) { 174 throw new Exception("Need to enable at least two cipher suites"); 175 } 176 177 // Only need to use 2 cipher suites in server side. 178 srvEnabledCipherSuites = Arrays.<String>copyOf( 179 cliEnabledCipherSuites, 2); 180 181 // Reverse the cipher suite preference in server side. 182 srvEnabledCipherSuites[0] = cliEnabledCipherSuites[1]; 183 srvEnabledCipherSuites[1] = cliEnabledCipherSuites[0]; 184 } 185 186 /* 187 * ============================================================= 188 * The remainder is just support stuff 189 */ 190 191 // use any free port by default 192 volatile int serverPort = 0; 193 194 volatile Exception serverException = null; 195 volatile Exception clientException = null; 196 197 public static void main(String[] args) throws Exception { 198 // parse the arguments 199 parseArguments(args); 200 201 String keyFilename = 202 System.getProperty("test.src", ".") + "/" + pathToStores + 203 "/" + keyStoreFile; 204 String trustFilename = 205 System.getProperty("test.src", ".") + "/" + pathToStores + 206 "/" + trustStoreFile; 207 208 System.setProperty("javax.net.ssl.keyStore", keyFilename); 209 System.setProperty("javax.net.ssl.keyStorePassword", passwd); 210 System.setProperty("javax.net.ssl.trustStore", trustFilename); 211 System.setProperty("javax.net.ssl.trustStorePassword", passwd); 212 213 if (debug) 214 System.setProperty("javax.net.debug", "all"); 215 216 /* 217 * Start the tests. 218 */ 219 new UseCipherSuitesOrder(); 220 } 221 222 Thread clientThread = null; 223 Thread serverThread = null; 224 225 /* 226 * Primary constructor, used to drive remainder of the test. 227 * 228 * Fork off the other side, then do your work. 229 */ 230 UseCipherSuitesOrder() throws Exception { 231 Exception startException = null; 232 try { 233 if (separateServerThread) { 234 startServer(true); 235 startClient(false); 236 } else { 237 startClient(true); 238 startServer(false); 239 } 240 } catch (Exception e) { 241 startException = e; 242 } 243 244 /* 245 * Wait for other side to close down. 246 */ 247 if (separateServerThread) { 248 if (serverThread != null) { 249 serverThread.join(); 250 } 251 } else { 252 if (clientThread != null) { 253 clientThread.join(); 254 } 255 } 256 257 /* 258 * When we get here, the test is pretty much over. 259 * Which side threw the error? 260 */ 261 Exception local; 262 Exception remote; 263 264 if (separateServerThread) { 265 remote = serverException; 266 local = clientException; 267 } else { 268 remote = clientException; 269 local = serverException; 270 } 271 272 Exception exception = null; 273 274 /* 275 * Check various exception conditions. 276 */ 277 if ((local != null) && (remote != null)) { 278 // If both failed, return the curthread's exception. 279 local.initCause(remote); 280 exception = local; 281 } else if (local != null) { 282 exception = local; 283 } else if (remote != null) { 284 exception = remote; 285 } else if (startException != null) { 286 exception = startException; 287 } 288 289 /* 290 * If there was an exception *AND* a startException, 291 * output it. 292 */ 293 if (exception != null) { 294 if (exception != startException && startException != null) { 295 exception.addSuppressed(startException); 296 } 297 throw exception; 298 } 299 300 // Fall-through: no exception to throw! 301 } 302 303 void startServer(boolean newThread) throws Exception { 304 if (newThread) { 305 serverThread = new Thread() { 306 public void run() { 307 try { 308 doServerSide(); 309 } catch (Exception e) { 310 /* 311 * Our server thread just died. 312 * 313 * Release the client, if not active already... 314 */ 315 System.err.println("Server died..."); 316 serverReady = true; 317 serverException = e; 318 } 319 } 320 }; 321 serverThread.start(); 322 } else { 323 try { 324 doServerSide(); 325 } catch (Exception e) { 326 serverException = e; 327 } finally { 328 serverReady = true; 329 } 330 } 331 } 332 333 void startClient(boolean newThread) throws Exception { 334 if (newThread) { 335 clientThread = new Thread() { 336 public void run() { 337 try { 338 doClientSide(); 339 } catch (Exception e) { 340 /* 341 * Our client thread just died. 342 */ 343 System.err.println("Client died..."); 344 clientException = e; 345 } 346 } 347 }; 348 clientThread.start(); 349 } else { 350 try { 351 doClientSide(); 352 } catch (Exception e) { 353 clientException = e; 354 } 355 } 356 } 357 }