1 /*
   2  * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 4323990 4413069
  27  * @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT
  28  *     Incorrect checking of proxy server response
  29  * @modules java.base/sun.net.www
  30  * @library /javax/net/ssl/templates
  31  * @run main/othervm ProxyAuthTest
  32  *
  33  *     No way to reserve and restore java.lang.Authenticator, need to run this
  34  *     test in othervm mode.
  35  */
  36 
  37 import java.io.*;
  38 import java.net.*;


  39 import javax.net.ssl.*;

  40 
  41 /*
  42  * ProxyAuthTest.java -- includes a simple server that can serve
  43  * Http get request in both clear and secure channel, and a client
  44  * that makes https requests behind the firewall through an
  45  * authentication proxy
  46  */
  47 
  48 public class ProxyAuthTest {
  49     /*
  50      * Where do we find the keystores?
  51      */
  52     static String pathToStores = "../../../../../../javax/net/ssl/etc";
  53     static String keyStoreFile = "keystore";
  54     static String trustStoreFile = "truststore";
  55     static String passwd = "passphrase";
  56 
  57     /**
  58      * read the response, don't care for the syntax of the request-line
  59      * for this testing
  60      */
  61     private static void readRequest(BufferedReader in) throws IOException {
  62         String line = null;
  63         System.out.println("Server received: ");
  64         do {
  65             if (line != null) {
  66                 System.out.println(line);
  67             }
  68             line = in.readLine();
  69         } while ((line.length() != 0) &&
  70                 (line.charAt(0) != '\r') && (line.charAt(0) != '\n'));
  71     }
  72 











  73 
  74     /*
  75      * Main method to create the server and the client
  76      */
  77     public static void main(String args[]) throws Exception {
  78         String keyFilename =
  79             SSLTest.TEST_SRC + "/" + pathToStores + "/" + keyStoreFile;

  80         String trustFilename =
  81             SSLTest.TEST_SRC + "/" + pathToStores + "/" + trustStoreFile;

  82 
  83         SSLTest.setup(keyFilename, trustFilename, passwd);



  84 
  85         new SSLTest()
  86             .setServerApplication((socket, test) -> {
  87                 DataOutputStream out = new DataOutputStream(
  88                         socket.getOutputStream());
  89                 try {
  90                     BufferedReader in = new BufferedReader(
  91                             new InputStreamReader(socket.getInputStream()));






























  92 
  93                     // read the request
  94                     readRequest(in);


  95 
  96                     // retrieve bytecodes
  97                     byte[] bytecodes =
  98                             "Proxy authentication for tunneling succeeded .."
  99                                     .getBytes();
 100 
 101                     // send bytecodes in response (assumes HTTP/1.0 or later)
 102                     out.writeBytes("HTTP/1.0 200 OK\r\n");
 103                     out.writeBytes("Content-Length: " + bytecodes.length +
 104                                    "\r\n");
 105                     out.writeBytes("Content-Type: text/html\r\n\r\n");
 106                     out.write(bytecodes);
 107                     out.flush();
 108                 } catch (Exception e) {
 109                     // write out error response
 110                     out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n");
 111                     out.writeBytes("Content-Type: text/html\r\n\r\n");
 112                     out.flush();
 113                 }
 114             })
 115             .setClientPeer(test -> {
 116                 doClientSide(test);
 117             })
 118             .runTest();
 119     }
 120 
 121     private static void doClientSide(SSLTest test) throws Exception {
 122 
 123         // Wait for server to get started.
 124         //
 125         // The server side takes care of the issue if the server cannot
 126         // get started in 90 seconds.  The client side would just ignore
 127         // the test case if the serer is not ready.
 128         if (!test.waitForServerSignal()) {
 129             System.out.print("The server is not ready yet in 90 seconds. "
 130                     + "Ignore in client side.");
 131             return;
 132         }
 133 

 134         /*
 135          * setup up a proxy with authentication information
 136          */
 137         setupProxy();
 138 
 139         /*
 140          * we want to avoid URLspoofCheck failures in cases where the cert
 141          * DN name does not match the hostname in the URL.
 142          */
 143         HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
 144 
 145         URL url = new URL("https://" + "localhost:" + test.getServerPort()
 146                 + "/index.html");
 147 
 148         // Signal the server, the client is ready to communicate.
 149         test.signalClientReady();
 150 
 151         try (BufferedReader in = new BufferedReader(
 152                 new InputStreamReader(url.openStream()))) {
 153 
 154             String inputLine;
 155             System.out.print("Client recieved from the server: ");
 156             while ((inputLine = in.readLine()) != null) {
 157                 System.out.println(inputLine);
 158             }




 159         }
 160     }
 161 
 162     static class NameVerifier implements HostnameVerifier {
 163 
 164         @Override
 165         public boolean verify(String hostname, SSLSession session) {
 166             return true;
 167         }
 168     }
 169 
 170     static void setupProxy() throws IOException {
 171         ProxyTunnelServer pserver = new ProxyTunnelServer();
 172         /*
 173          * register a system wide authenticator and setup the proxy for
 174          * authentication
 175          */
 176         Authenticator.setDefault(new TestAuthenticator());
 177 
 178         // register with the username and password
 179         pserver.needUserAuth(true);
 180         pserver.setUserAuth("Test", "test123");
 181 
 182         pserver.start();
 183         System.setProperty("https.proxyHost", "localhost");
 184         System.setProperty("https.proxyPort",
 185                 String.valueOf(pserver.getPort()));
 186     }
 187 
 188     public static class TestAuthenticator extends Authenticator {
 189 
 190         @Override
 191         public PasswordAuthentication getPasswordAuthentication() {
 192             return new PasswordAuthentication("Test", "test123".toCharArray());

 193         }
 194     }
 195 }
--- EOF ---