1 /*
   2  * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 //
  25 // SunJSSE does not support dynamic system properties, no way to re-use
  26 // system properties in samevm/agentvm mode.
  27 //
  28 
  29 /*
  30  * @test
  31  * @bug 7188657
  32  * @summary There should be a way to reorder the JSSE ciphers
  33  * @run main/othervm UseCipherSuitesOrder
  34  *     TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
  35  */
  36 
  37 import java.io.*;
  38 import java.security.Security;
  39 import javax.net.ssl.*;
  40 import java.util.Arrays;
  41 
  42 public class UseCipherSuitesOrder {
  43 
  44     /*
  45      * =============================================================
  46      * Set the various variables needed for the tests, then
  47      * specify what tests to run on each side.
  48      */
  49 
  50     /*
  51      * Should we run the client or server in a separate thread?
  52      * Both sides can throw exceptions, but do you have a preference
  53      * as to which side should be the main thread.
  54      */
  55     static boolean separateServerThread = false;
  56 
  57     /*
  58      * Where do we find the keystores?
  59      */
  60     static String pathToStores = "../../../../etc";
  61     static String keyStoreFile = "keystore";
  62     static String trustStoreFile = "truststore";
  63     static String passwd = "passphrase";
  64 
  65     /*
  66      * Is the server ready to serve?
  67      */
  68     volatile static boolean serverReady = false;
  69 
  70     /*
  71      * Turn on SSL debugging?
  72      */
  73     static boolean debug = false;
  74 
  75     /*
  76      * If the client or server is doing some kind of object creation
  77      * that the other side depends on, and that thread prematurely
  78      * exits, you may experience a hang.  The test harness will
  79      * terminate all hung threads after its timeout has expired,
  80      * currently 3 minutes by default, but you might try to be
  81      * smart about it....
  82      */
  83 
  84     /*
  85      * Define the server side of the test.
  86      *
  87      * If the server prematurely exits, serverReady will be set to true
  88      * to avoid infinite hangs.
  89      */
  90     void doServerSide() throws Exception {
  91         SSLServerSocketFactory sslssf =
  92             (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
  93         SSLServerSocket sslServerSocket =
  94             (SSLServerSocket) sslssf.createServerSocket(serverPort);
  95         serverPort = sslServerSocket.getLocalPort();
  96 
  97         // use local cipher suites preference
  98         SSLParameters params = sslServerSocket.getSSLParameters();
  99         params.setUseCipherSuitesOrder(true);
 100         params.setCipherSuites(srvEnabledCipherSuites);
 101         sslServerSocket.setSSLParameters(params);
 102 
 103         /*
 104          * Signal Client, we're ready for his connect.
 105          */
 106         serverReady = true;
 107 
 108         SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
 109         InputStream sslIS = sslSocket.getInputStream();
 110         OutputStream sslOS = sslSocket.getOutputStream();
 111 
 112         sslIS.read();
 113         sslOS.write(85);
 114         sslOS.flush();
 115 
 116         SSLSession session = sslSocket.getSession();
 117         if (!srvEnabledCipherSuites[0].equals(session.getCipherSuite())) {
 118             throw new Exception(
 119                 "Expected to negotiate " + srvEnabledCipherSuites[0] +
 120                 " , but not " + session.getCipherSuite());
 121         }
 122 
 123         sslSocket.close();
 124     }
 125 
 126     /*
 127      * Define the client side of the test.
 128      *
 129      * If the server prematurely exits, serverReady will be set to true
 130      * to avoid infinite hangs.
 131      */
 132     void doClientSide() throws Exception {
 133 
 134         /*
 135          * Wait for server to get started.
 136          */
 137         while (!serverReady) {
 138             Thread.sleep(50);
 139         }
 140 
 141         SSLSocketFactory sslsf =
 142             (SSLSocketFactory) SSLSocketFactory.getDefault();
 143         SSLSocket sslSocket = (SSLSocket)
 144             sslsf.createSocket("localhost", serverPort);
 145         sslSocket.setEnabledCipherSuites(cliEnabledCipherSuites);
 146 
 147         InputStream sslIS = sslSocket.getInputStream();
 148         OutputStream sslOS = sslSocket.getOutputStream();
 149 
 150         sslOS.write(280);
 151         sslOS.flush();
 152         sslIS.read();
 153 
 154         sslSocket.close();
 155     }
 156 
 157     // client enabled cipher suites
 158     private static String[] cliEnabledCipherSuites;
 159 
 160     // server enabled cipher suites
 161     private static String[] srvEnabledCipherSuites;
 162 
 163     private static void parseArguments(String[] args) throws Exception {
 164         if (args.length != 1) {
 165             System.out.println("Usage: java UseCipherSuitesOrder ciphersuites");
 166             System.out.println("\tciphersuites: " +
 167                     "a list of enabled cipher suites, separated with comma");
 168             throw new Exception("Incorrect usage");
 169         }
 170 
 171         cliEnabledCipherSuites = args[0].split(",");
 172 
 173         if (cliEnabledCipherSuites.length < 2) {
 174             throw new Exception("Need to enable at least two cipher suites");
 175         }
 176 
 177         // Only need to use 2 cipher suites in server side.
 178         srvEnabledCipherSuites = Arrays.<String>copyOf(
 179                                             cliEnabledCipherSuites, 2);
 180 
 181         // Reverse the cipher suite preference in server side.
 182         srvEnabledCipherSuites[0] = cliEnabledCipherSuites[1];
 183         srvEnabledCipherSuites[1] = cliEnabledCipherSuites[0];
 184     }
 185 
 186     /*
 187      * =============================================================
 188      * The remainder is just support stuff
 189      */
 190 
 191     // use any free port by default
 192     volatile int serverPort = 0;
 193 
 194     volatile Exception serverException = null;
 195     volatile Exception clientException = null;
 196 
 197     public static void main(String[] args) throws Exception {
 198         // reset the security property to make sure that the algorithms
 199         // and keys used in this test are not disabled.
 200         Security.setProperty("jdk.tls.disabledAlgorithms", "");
 201 
 202         // parse the arguments
 203         parseArguments(args);
 204 
 205         String keyFilename =
 206             System.getProperty("test.src", ".") + "/" + pathToStores +
 207                 "/" + keyStoreFile;
 208         String trustFilename =
 209             System.getProperty("test.src", ".") + "/" + pathToStores +
 210                 "/" + trustStoreFile;
 211 
 212         System.setProperty("javax.net.ssl.keyStore", keyFilename);
 213         System.setProperty("javax.net.ssl.keyStorePassword", passwd);
 214         System.setProperty("javax.net.ssl.trustStore", trustFilename);
 215         System.setProperty("javax.net.ssl.trustStorePassword", passwd);
 216 
 217         if (debug)
 218             System.setProperty("javax.net.debug", "all");
 219 
 220         /*
 221          * Start the tests.
 222          */
 223         new UseCipherSuitesOrder();
 224     }
 225 
 226     Thread clientThread = null;
 227     Thread serverThread = null;
 228 
 229     /*
 230      * Primary constructor, used to drive remainder of the test.
 231      *
 232      * Fork off the other side, then do your work.
 233      */
 234     UseCipherSuitesOrder() throws Exception {
 235         Exception startException = null;
 236         try {
 237             if (separateServerThread) {
 238                 startServer(true);
 239                 startClient(false);
 240             } else {
 241                 startClient(true);
 242                 startServer(false);
 243             }
 244         } catch (Exception e) {
 245             startException = e;
 246         }
 247 
 248         /*
 249          * Wait for other side to close down.
 250          */
 251         if (separateServerThread) {
 252             if (serverThread != null) {
 253                 serverThread.join();
 254             }
 255         } else {
 256             if (clientThread != null) {
 257                 clientThread.join();
 258             }
 259         }
 260 
 261         /*
 262          * When we get here, the test is pretty much over.
 263          * Which side threw the error?
 264          */
 265         Exception local;
 266         Exception remote;
 267 
 268         if (separateServerThread) {
 269             remote = serverException;
 270             local = clientException;
 271         } else {
 272             remote = clientException;
 273             local = serverException;
 274         }
 275 
 276         Exception exception = null;
 277 
 278         /*
 279          * Check various exception conditions.
 280          */
 281         if ((local != null) && (remote != null)) {
 282             // If both failed, return the curthread's exception.
 283             local.initCause(remote);
 284             exception = local;
 285         } else if (local != null) {
 286             exception = local;
 287         } else if (remote != null) {
 288             exception = remote;
 289         } else if (startException != null) {
 290             exception = startException;
 291         }
 292 
 293         /*
 294          * If there was an exception *AND* a startException,
 295          * output it.
 296          */
 297         if (exception != null) {
 298             if (exception != startException && startException != null) {
 299                 exception.addSuppressed(startException);
 300             }
 301             throw exception;
 302         }
 303 
 304         // Fall-through: no exception to throw!
 305     }
 306 
 307     void startServer(boolean newThread) throws Exception {
 308         if (newThread) {
 309             serverThread = new Thread() {
 310                 public void run() {
 311                     try {
 312                         doServerSide();
 313                     } catch (Exception e) {
 314                         /*
 315                          * Our server thread just died.
 316                          *
 317                          * Release the client, if not active already...
 318                          */
 319                         System.err.println("Server died...");
 320                         serverReady = true;
 321                         serverException = e;
 322                     }
 323                 }
 324             };
 325             serverThread.start();
 326         } else {
 327             try {
 328                 doServerSide();
 329             } catch (Exception e) {
 330                 serverException = e;
 331             } finally {
 332                 serverReady = true;
 333             }
 334         }
 335     }
 336 
 337     void startClient(boolean newThread) throws Exception {
 338         if (newThread) {
 339             clientThread = new Thread() {
 340                 public void run() {
 341                     try {
 342                         doClientSide();
 343                     } catch (Exception e) {
 344                         /*
 345                          * Our client thread just died.
 346                          */
 347                         System.err.println("Client died...");
 348                         clientException = e;
 349                     }
 350                 }
 351             };
 352             clientThread.start();
 353         } else {
 354             try {
 355                 doClientSide();
 356             } catch (Exception e) {
 357                 clientException = e;
 358             }
 359         }
 360     }
 361 }