1 /*
2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 7188657
32 * @summary There should be a way to reorder the JSSE ciphers
33 * @run main/othervm UseCipherSuitesOrder
34 * TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
35 */
36
37 import java.io.*;
38 import java.net.*;
39 import javax.net.ssl.*;
40 import java.util.Arrays;
41
42 public class UseCipherSuitesOrder {
43
44 /*
45 * =============================================================
46 * Set the various variables needed for the tests, then
47 * specify what tests to run on each side.
48 */
49
50 /*
51 * Should we run the client or server in a separate thread?
52 * Both sides can throw exceptions, but do you have a preference
53 * as to which side should be the main thread.
54 */
55 static boolean separateServerThread = false;
56
57 /*
58 * Where do we find the keystores?
59 */
60 static String pathToStores = "../../../../etc";
61 static String keyStoreFile = "keystore";
62 static String trustStoreFile = "truststore";
63 static String passwd = "passphrase";
64
65 /*
66 * Is the server ready to serve?
67 */
68 volatile static boolean serverReady = false;
69
70 /*
71 * Turn on SSL debugging?
72 */
73 static boolean debug = false;
74
75 /*
76 * If the client or server is doing some kind of object creation
77 * that the other side depends on, and that thread prematurely
78 * exits, you may experience a hang. The test harness will
79 * terminate all hung threads after its timeout has expired,
80 * currently 3 minutes by default, but you might try to be
81 * smart about it....
82 */
83
84 /*
85 * Define the server side of the test.
86 *
87 * If the server prematurely exits, serverReady will be set to true
88 * to avoid infinite hangs.
89 */
90 void doServerSide() throws Exception {
91 SSLServerSocketFactory sslssf =
92 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
93 SSLServerSocket sslServerSocket =
94 (SSLServerSocket) sslssf.createServerSocket(serverPort);
95 serverPort = sslServerSocket.getLocalPort();
96
97 // use local cipher suites preference
98 SSLParameters params = sslServerSocket.getSSLParameters();
99 params.setUseCipherSuitesOrder(true);
100 params.setCipherSuites(srvEnabledCipherSuites);
101 sslServerSocket.setSSLParameters(params);
102
103 /*
104 * Signal Client, we're ready for his connect.
105 */
106 serverReady = true;
107
108 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
109 InputStream sslIS = sslSocket.getInputStream();
110 OutputStream sslOS = sslSocket.getOutputStream();
111
112 sslIS.read();
113 sslOS.write(85);
114 sslOS.flush();
115
116 SSLSession session = sslSocket.getSession();
117 if (!srvEnabledCipherSuites[0].equals(session.getCipherSuite())) {
118 throw new Exception(
119 "Expected to negotiate " + srvEnabledCipherSuites[0] +
120 " , but not " + session.getCipherSuite());
121 }
122
123 sslSocket.close();
124 }
125
126 /*
127 * Define the client side of the test.
128 *
129 * If the server prematurely exits, serverReady will be set to true
130 * to avoid infinite hangs.
131 */
132 void doClientSide() throws Exception {
133
134 /*
135 * Wait for server to get started.
136 */
137 while (!serverReady) {
138 Thread.sleep(50);
139 }
140
141 SSLSocketFactory sslsf =
142 (SSLSocketFactory) SSLSocketFactory.getDefault();
143 SSLSocket sslSocket = (SSLSocket)
144 sslsf.createSocket("localhost", serverPort);
145 sslSocket.setEnabledCipherSuites(cliEnabledCipherSuites);
146
147 InputStream sslIS = sslSocket.getInputStream();
148 OutputStream sslOS = sslSocket.getOutputStream();
149
150 sslOS.write(280);
151 sslOS.flush();
152 sslIS.read();
153
154 sslSocket.close();
155 }
156
157 // client enabled cipher suites
158 private static String[] cliEnabledCipherSuites;
159
160 // server enabled cipher suites
161 private static String[] srvEnabledCipherSuites;
162
163 private static void parseArguments(String[] args) throws Exception {
164 if (args.length != 1) {
165 System.out.println("Usage: java UseCipherSuitesOrder ciphersuites");
166 System.out.println("\tciphersuites: " +
167 "a list of enabled cipher suites, separated with comma");
168 throw new Exception("Incorrect usage");
169 }
170
171 cliEnabledCipherSuites = args[0].split(",");
172
173 if (cliEnabledCipherSuites.length < 2) {
174 throw new Exception("Need to enable at least two cipher suites");
175 }
176
177 // Only need to use 2 cipher suites in server side.
178 srvEnabledCipherSuites = Arrays.<String>copyOf(
179 cliEnabledCipherSuites, 2);
180
181 // Reverse the cipher suite preference in server side.
182 srvEnabledCipherSuites[0] = cliEnabledCipherSuites[1];
183 srvEnabledCipherSuites[1] = cliEnabledCipherSuites[0];
184 }
185
186 /*
187 * =============================================================
188 * The remainder is just support stuff
189 */
190
191 // use any free port by default
192 volatile int serverPort = 0;
193
194 volatile Exception serverException = null;
195 volatile Exception clientException = null;
196
197 public static void main(String[] args) throws Exception {
198 // parse the arguments
199 parseArguments(args);
200
201 String keyFilename =
202 System.getProperty("test.src", ".") + "/" + pathToStores +
203 "/" + keyStoreFile;
204 String trustFilename =
205 System.getProperty("test.src", ".") + "/" + pathToStores +
206 "/" + trustStoreFile;
207
208 System.setProperty("javax.net.ssl.keyStore", keyFilename);
209 System.setProperty("javax.net.ssl.keyStorePassword", passwd);
210 System.setProperty("javax.net.ssl.trustStore", trustFilename);
211 System.setProperty("javax.net.ssl.trustStorePassword", passwd);
212
213 if (debug)
214 System.setProperty("javax.net.debug", "all");
215
216 /*
217 * Start the tests.
218 */
219 new UseCipherSuitesOrder();
220 }
221
222 Thread clientThread = null;
223 Thread serverThread = null;
224
225 /*
226 * Primary constructor, used to drive remainder of the test.
227 *
228 * Fork off the other side, then do your work.
229 */
230 UseCipherSuitesOrder() throws Exception {
231 Exception startException = null;
232 try {
233 if (separateServerThread) {
234 startServer(true);
235 startClient(false);
236 } else {
237 startClient(true);
238 startServer(false);
239 }
240 } catch (Exception e) {
241 startException = e;
242 }
243
244 /*
245 * Wait for other side to close down.
246 */
247 if (separateServerThread) {
248 if (serverThread != null) {
249 serverThread.join();
250 }
251 } else {
252 if (clientThread != null) {
253 clientThread.join();
254 }
255 }
256
257 /*
258 * When we get here, the test is pretty much over.
259 * Which side threw the error?
260 */
261 Exception local;
262 Exception remote;
263
264 if (separateServerThread) {
265 remote = serverException;
266 local = clientException;
267 } else {
268 remote = clientException;
269 local = serverException;
270 }
271
272 Exception exception = null;
273
274 /*
275 * Check various exception conditions.
276 */
277 if ((local != null) && (remote != null)) {
278 // If both failed, return the curthread's exception.
279 local.initCause(remote);
280 exception = local;
281 } else if (local != null) {
282 exception = local;
283 } else if (remote != null) {
284 exception = remote;
285 } else if (startException != null) {
286 exception = startException;
287 }
288
289 /*
290 * If there was an exception *AND* a startException,
291 * output it.
292 */
293 if (exception != null) {
294 if (exception != startException && startException != null) {
295 exception.addSuppressed(startException);
296 }
297 throw exception;
298 }
299
300 // Fall-through: no exception to throw!
301 }
302
303 void startServer(boolean newThread) throws Exception {
304 if (newThread) {
305 serverThread = new Thread() {
306 public void run() {
307 try {
308 doServerSide();
309 } catch (Exception e) {
310 /*
311 * Our server thread just died.
312 *
313 * Release the client, if not active already...
314 */
315 System.err.println("Server died...");
316 serverReady = true;
317 serverException = e;
318 }
319 }
320 };
321 serverThread.start();
322 } else {
323 try {
324 doServerSide();
325 } catch (Exception e) {
326 serverException = e;
327 } finally {
328 serverReady = true;
329 }
330 }
331 }
332
333 void startClient(boolean newThread) throws Exception {
334 if (newThread) {
335 clientThread = new Thread() {
336 public void run() {
337 try {
338 doClientSide();
339 } catch (Exception e) {
340 /*
341 * Our client thread just died.
342 */
343 System.err.println("Client died...");
344 clientException = e;
345 }
346 }
347 };
348 clientThread.start();
349 } else {
350 try {
351 doClientSide();
352 } catch (Exception e) {
353 clientException = e;
354 }
355 }
356 }
357 }