1 /* 2 * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 4323990 4413069 27 * @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT 28 * Incorrect checking of proxy server response 29 * @modules java.base/sun.net.www 30 * @run main/othervm ProxyAuthTest 31 * 32 * No way to reserve and restore java.lang.Authenticator, need to run this 33 * test in othervm mode. 34 */ 35 36 import java.io.*; 37 import java.net.*; 38 import java.security.KeyStore; 39 import javax.net.*; 40 import javax.net.ssl.*; 41 import java.security.cert.*; 42 43 /* 44 * ProxyAuthTest.java -- includes a simple server that can serve 45 * Http get request in both clear and secure channel, and a client 46 * that makes https requests behind the firewall through an 47 * authentication proxy 48 */ 49 50 public class ProxyAuthTest { 51 /* 52 * Where do we find the keystores? 53 */ 54 static String pathToStores = "../../../../../../javax/net/ssl/etc"; 55 static String keyStoreFile = "keystore"; 56 static String trustStoreFile = "truststore"; 57 static String passwd = "passphrase"; 58 59 volatile private static int serverPort = 0; 60 61 /* 62 * The TestServer implements a OriginServer that 63 * processes HTTP requests and responses. 64 */ 65 static class TestServer extends OriginServer { 66 public TestServer(ServerSocket ss) throws Exception { 67 super(ss); 68 } 69 70 /* 71 * Returns an array of bytes containing the bytes for 72 * the data sent in the response. 73 * 74 * @return bytes for the data in the response 75 */ 76 public byte[] getBytes() { 77 return "Proxy authentication for tunneling succeeded ..". 78 getBytes(); 79 } 80 } 81 82 /* 83 * Main method to create the server and the client 84 */ 85 public static void main(String args[]) throws Exception { 86 String keyFilename = 87 System.getProperty("test.src", "./") + "/" + pathToStores + 88 "/" + keyStoreFile; 89 String trustFilename = 90 System.getProperty("test.src", "./") + "/" + pathToStores + 91 "/" + trustStoreFile; 92 93 System.setProperty("javax.net.ssl.keyStore", keyFilename); 94 System.setProperty("javax.net.ssl.keyStorePassword", passwd); 95 System.setProperty("javax.net.ssl.trustStore", trustFilename); 96 System.setProperty("javax.net.ssl.trustStorePassword", passwd); 97 98 boolean useSSL = true; 99 /* 100 * setup the server 101 */ 102 try { 103 ServerSocketFactory ssf = 104 ProxyAuthTest.getServerSocketFactory(useSSL); 105 ServerSocket ss = ssf.createServerSocket(serverPort); 106 serverPort = ss.getLocalPort(); 107 new TestServer(ss); 108 } catch (Exception e) { 109 System.out.println("Server side failed:" + 110 e.getMessage()); 111 throw e; 112 } 113 // trigger the client 114 try { 115 doClientSide(); 116 } catch (Exception e) { 117 System.out.println("Client side failed: " + e.getMessage()); 118 throw e; 119 } 120 } 121 122 private static ServerSocketFactory getServerSocketFactory 123 (boolean useSSL) throws Exception { 124 if (useSSL) { 125 SSLServerSocketFactory ssf = null; 126 // set up key manager to do server authentication 127 SSLContext ctx; 128 KeyManagerFactory kmf; 129 KeyStore ks; 130 char[] passphrase = passwd.toCharArray(); 131 132 ctx = SSLContext.getInstance("TLS"); 133 kmf = KeyManagerFactory.getInstance("SunX509"); 134 ks = KeyStore.getInstance("JKS"); 135 136 ks.load(new FileInputStream(System.getProperty( 137 "javax.net.ssl.keyStore")), passphrase); 138 kmf.init(ks, passphrase); 139 ctx.init(kmf.getKeyManagers(), null, null); 140 141 ssf = ctx.getServerSocketFactory(); 142 return ssf; 143 } else { 144 return ServerSocketFactory.getDefault(); 145 } 146 } 147 148 static void doClientSide() throws Exception { 149 /* 150 * setup up a proxy with authentication information 151 */ 152 setupProxy(); 153 154 /* 155 * we want to avoid URLspoofCheck failures in cases where the cert 156 * DN name does not match the hostname in the URL. 157 */ 158 HttpsURLConnection.setDefaultHostnameVerifier( 159 new NameVerifier()); 160 URL url = new URL("https://" + "localhost:" + serverPort 161 + "/index.html"); 162 BufferedReader in = null; 163 try { 164 in = new BufferedReader(new InputStreamReader( 165 url.openStream())); 166 String inputLine; 167 System.out.print("Client recieved from the server: "); 168 while ((inputLine = in.readLine()) != null) 169 System.out.println(inputLine); 170 in.close(); 171 } catch (SSLException e) { 172 if (in != null) 173 in.close(); 174 throw e; 175 } 176 } 177 178 static class NameVerifier implements HostnameVerifier { 179 public boolean verify(String hostname, SSLSession session) { 180 return true; 181 } 182 } 183 184 static void setupProxy() throws IOException { 185 ProxyTunnelServer pserver = new ProxyTunnelServer(); 186 /* 187 * register a system wide authenticator and setup the proxy for 188 * authentication 189 */ 190 Authenticator.setDefault(new TestAuthenticator()); 191 192 // register with the username and password 193 pserver.needUserAuth(true); 194 pserver.setUserAuth("Test", "test123"); 195 196 pserver.start(); 197 System.setProperty("https.proxyHost", "localhost"); 198 System.setProperty("https.proxyPort", String.valueOf( 199 pserver.getPort())); 200 } 201 202 public static class TestAuthenticator extends Authenticator { 203 204 public PasswordAuthentication getPasswordAuthentication() { 205 return new PasswordAuthentication("Test", 206 "test123".toCharArray()); 207 } 208 } 209 } | 1 /* 2 * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 4323990 4413069 27 * @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT 28 * Incorrect checking of proxy server response 29 * @modules java.base/sun.net.www 30 * @library /javax/net/ssl/templates 31 * @run main/othervm ProxyAuthTest 32 * 33 * No way to reserve and restore java.lang.Authenticator, need to run this 34 * test in othervm mode. 35 */ 36 37 import java.io.*; 38 import java.net.*; 39 import javax.net.ssl.*; 40 41 /* 42 * ProxyAuthTest.java -- includes a simple server that can serve 43 * Http get request in both clear and secure channel, and a client 44 * that makes https requests behind the firewall through an 45 * authentication proxy 46 */ 47 48 public class ProxyAuthTest { 49 /* 50 * Where do we find the keystores? 51 */ 52 static String pathToStores = "../../../../../../javax/net/ssl/etc"; 53 static String keyStoreFile = "keystore"; 54 static String trustStoreFile = "truststore"; 55 static String passwd = "passphrase"; 56 57 /** 58 * read the response, don't care for the syntax of the request-line 59 * for this testing 60 */ 61 private static void readRequest(BufferedReader in) throws IOException { 62 String line = null; 63 System.out.println("Server received: "); 64 do { 65 if (line != null) { 66 System.out.println(line); 67 } 68 line = in.readLine(); 69 } while ((line.length() != 0) && 70 (line.charAt(0) != '\r') && (line.charAt(0) != '\n')); 71 } 72 73 74 /* 75 * Main method to create the server and the client 76 */ 77 public static void main(String args[]) throws Exception { 78 String keyFilename = 79 SSLTest.TEST_SRC + "/" + pathToStores + "/" + keyStoreFile; 80 String trustFilename = 81 SSLTest.TEST_SRC + "/" + pathToStores + "/" + trustStoreFile; 82 83 SSLTest.setup(keyFilename, trustFilename, passwd); 84 85 new SSLTest() 86 .setServerApplication((socket, test) -> { 87 DataOutputStream out = new DataOutputStream( 88 socket.getOutputStream()); 89 try { 90 BufferedReader in = new BufferedReader( 91 new InputStreamReader(socket.getInputStream())); 92 93 // read the request 94 readRequest(in); 95 96 // retrieve bytecodes 97 byte[] bytecodes = 98 "Proxy authentication for tunneling succeeded .." 99 .getBytes(); 100 101 // send bytecodes in response (assumes HTTP/1.0 or later) 102 out.writeBytes("HTTP/1.0 200 OK\r\n"); 103 out.writeBytes("Content-Length: " + bytecodes.length + 104 "\r\n"); 105 out.writeBytes("Content-Type: text/html\r\n\r\n"); 106 out.write(bytecodes); 107 out.flush(); 108 } catch (Exception e) { 109 // write out error response 110 out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n"); 111 out.writeBytes("Content-Type: text/html\r\n\r\n"); 112 out.flush(); 113 } 114 }) 115 .setClientPeer(test -> { 116 doClientSide(test); 117 }) 118 .runTest(); 119 } 120 121 private static void doClientSide(SSLTest test) throws Exception { 122 123 // Wait for server to get started. 124 // 125 // The server side takes care of the issue if the server cannot 126 // get started in 90 seconds. The client side would just ignore 127 // the test case if the serer is not ready. 128 if (!test.waitForServerSignal()) { 129 System.out.print("The server is not ready yet in 90 seconds. " 130 + "Ignore in client side."); 131 return; 132 } 133 134 /* 135 * setup up a proxy with authentication information 136 */ 137 setupProxy(); 138 139 /* 140 * we want to avoid URLspoofCheck failures in cases where the cert 141 * DN name does not match the hostname in the URL. 142 */ 143 HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier()); 144 145 URL url = new URL("https://" + "localhost:" + test.getServerPort() 146 + "/index.html"); 147 148 // Signal the server, the client is ready to communicate. 149 test.signalClientReady(); 150 151 try (BufferedReader in = new BufferedReader( 152 new InputStreamReader(url.openStream()))) { 153 154 String inputLine; 155 System.out.print("Client recieved from the server: "); 156 while ((inputLine = in.readLine()) != null) { 157 System.out.println(inputLine); 158 } 159 } 160 } 161 162 static class NameVerifier implements HostnameVerifier { 163 164 @Override 165 public boolean verify(String hostname, SSLSession session) { 166 return true; 167 } 168 } 169 170 static void setupProxy() throws IOException { 171 ProxyTunnelServer pserver = new ProxyTunnelServer(); 172 /* 173 * register a system wide authenticator and setup the proxy for 174 * authentication 175 */ 176 Authenticator.setDefault(new TestAuthenticator()); 177 178 // register with the username and password 179 pserver.needUserAuth(true); 180 pserver.setUserAuth("Test", "test123"); 181 182 pserver.start(); 183 System.setProperty("https.proxyHost", "localhost"); 184 System.setProperty("https.proxyPort", 185 String.valueOf(pserver.getPort())); 186 } 187 188 public static class TestAuthenticator extends Authenticator { 189 190 @Override 191 public PasswordAuthentication getPasswordAuthentication() { 192 return new PasswordAuthentication("Test", "test123".toCharArray()); 193 } 194 } 195 } |