1 /*
2 * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 8058865
27 * @summary Checks various secure ways of connecting from remote jmx client
28 * @author Olivier Lagneau
29 *
30 * @library /lib/testlibrary
31 * @modules java.management.rmi
32 *
33 * @compile MBS_Light.java ServerDelegate.java TestSampleLoginModule.java
34 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dusername=SQE_username -Dpassword=SQE_password SecurityTest -server -mapType x.password.file -client -mapType credentials
35 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dusername=UNKNOWN_username -Dpassword=SQE_password SecurityTest -server -mapType x.password.file -client -mapType credentials -expectedThrowable java.lang.SecurityException
36 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dusername=SQE_username -Dpassword=WRONG_password SecurityTest -server -mapType x.password.file -client -mapType credentials -expectedThrowable java.lang.SecurityException
37 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dsusername=TestJMXAuthenticatorUsername -Dspassword=TestJMXAuthenticatorPassword -Dusername=TestJMXAuthenticatorUsername -Dpassword=TestJMXAuthenticatorPassword SecurityTest -server -mapType x.authenticator -client -mapType credentials
38 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dsusername=TestJMXAuthenticatorUsername -Dspassword=TestJMXAuthenticatorPassword -Dusername=AnotherTestJMXAuthenticatorUsername -Dpassword=TestJMXAuthenticatorPassword SecurityTest -server -mapType x.authenticator -client -mapType credentials -expectedThrowable java.lang.SecurityException
39 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dlogin.config.file=${test.src}/login.config -Dpassword.file=password.properties -Dusername=usernameFileLoginModule -Dpassword=passwordFileLoginModule SecurityTest -server -mapType x.login.config.PasswordFileAuthentication -client -mapType credentials
40 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dlogin.config.file=${test.src}/login.config.UNKNOWN -Dpassword.file=password.properties -Dusername=usernameFileLoginModule -Dpassword=passwordFileLoginModule SecurityTest -server -mapType x.login.config.PasswordFileAuthentication -client -mapType credentialss -expectedThrowable java.lang.SecurityException
41 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dlogin.config.file=${test.src}/login.config -Dpassword.file=password.properties -Dusername=usernameFileLoginModule -Dpassword=passwordFileLoginModule SecurityTest -server -mapType x.login.config.UnknownAuthentication -client -mapType credentials -expectedThrowable java.lang.SecurityException
42 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dlogin.config.file=${test.src}/login.config -Dsusername=usernameSampleLoginModule -Dspassword=passwordSampleLoginModule -Dpassword.file=password.properties -Dusername=usernameSampleLoginModule -Dpassword=passwordSampleLoginModule SecurityTest -server -mapType x.login.config.SampleLoginModule -client -mapType credentials
43 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Dlogin.config.file=${test.src}/login.config -Dsusername=usernameSampleLoginModule -Dspassword=passwordSampleLoginModule -Dpassword.file=password.properties -Dusername=AnotherUsernameSampleLoginModule -Dpassword=passwordSampleLoginModule SecurityTest -server -mapType x.login.config.SampleLoginModule -client -mapType credentials -expectedThrowable java.lang.SecurityException
44 * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop
45 * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword WRONG_password -expectedThrowable java.io.IOException
46 * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.server.socket.factory.ssl -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException
47 * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException
48 * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl -keystore keystoreAgent -keystorepassword glopglop -client -expectedThrowable java.io.IOException
49 * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.need.client.authentication -keystore keystoreAgent -keystorepassword glopglop -truststore truststoreAgent -truststorepassword glopglop -client -keystore keystoreClient -keystorepassword glopglop -truststore truststoreClient -truststorepassword glopglop
50 * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.need.client.authentication -keystore keystoreAgent -keystorepassword glopglop -truststore truststoreAgent -truststorepassword glopglop -client -keystore keystoreClient -keystorepassword WRONG_password -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException
51 * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.need.client.authentication -keystore keystoreAgent -keystorepassword glopglop -truststore truststoreAgent -truststorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException
52 * @run main/othervm/timeout=300 -DDEBUG_STANDARD SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.need.client.authentication -keystore keystoreAgent -keystorepassword glopglop -client -keystore keystoreClient -keystorepassword glopglop -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException
53 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Djavax.rmi.ssl.client.enabledCipherSuites=SSL_RSA_WITH_RC4_128_MD5 SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.enabled.cipher.suites.md5 -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop
54 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Djavax.rmi.ssl.client.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.enabled.cipher.suites.md5 -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException
55 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Djavax.rmi.ssl.client.enabledCipherSuites=SSL_RSA_WITH_RC4_128_MD5 SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.enabled.cipher.suites.sha -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException
56 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Djavax.rmi.ssl.client.enabledProtocols=SSLv3 SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.enabled.protocols.sslv3 -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop
57 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Djavax.rmi.ssl.client.enabledProtocols=TLSv1 SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.enabled.protocols.sslv3 -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException
58 * @run main/othervm/timeout=300 -DDEBUG_STANDARD -Djavax.rmi.ssl.client.enabledProtocols=SSLv3 SecurityTest -server -mapType rmi.client.socket.factory.ssl;rmi.server.socket.factory.ssl.enabled.protocols.tlsv1 -keystore keystoreAgent -keystorepassword glopglop -client -truststore truststoreClient -truststorepassword glopglop -expectedThrowable java.io.IOException
59 */
60
61 import java.io.File;
62 import java.util.Map ;
63 import java.util.HashMap ;
64 import java.util.List;
65 import java.util.ArrayList;
66 import java.util.Arrays;
67
68 import javax.management.MBeanServer;
69 import javax.management.MBeanServerFactory ;
70 import javax.management.MBeanServerConnection;
71 import javax.management.remote.JMXConnector;
72 import javax.management.remote.JMXConnectorFactory;
73 import javax.management.remote.JMXConnectorServer;
74 import javax.management.remote.JMXConnectorServerFactory;
75 import javax.management.remote.JMXServiceURL;
76
77 import javax.management.Attribute ;
78 import javax.management.ObjectName ;
79
80 import javax.rmi.ssl.SslRMIClientSocketFactory;
81 import javax.rmi.ssl.SslRMIServerSocketFactory;
82
83 import java.security.Security;
84
85 import jdk.testlibrary.ProcessTools;
86 import jdk.testlibrary.JDKToolFinder;
87
88 public class SecurityTest {
89
90 static final String SERVER_CLASS_NAME = "SecurityTest";
91 static final String CLIENT_CLASS_NAME = "SecurityTest$ClientSide";
92 static final String CLIENT_CLASS_MAIN = CLIENT_CLASS_NAME;
93
94 static final String USERNAME_PROPERTY = "username";
95 static final String PASSWORD_PROPERTY = "password";
96
97 static final String SERVER_DELEGATE_MBEAN_NAME =
98 "defaultDomain:class=ServerDelegate";
99
100 static final String RMI_SERVER_SOCKET_FACTORY_SSL = "rmi.server.socket.factory.ssl";
101 static final String RMI_CLIENT_SOCKET_FACTORY_SSL = "rmi.client.socket.factory.ssl";
102 static final String KEYSTORE_PROPNAME = "javax.net.ssl.keyStore";
103 static final String KEYSTORE_PWD_PROPNAME = "javax.net.ssl.keyStorePassword";
104 static final String TRUSTSTORE_PROPNAME = "javax.net.ssl.trustStore";
105 static final String TRUSTSTORE_PWD_PROPNAME = "javax.net.ssl.trustStorePassword";
106
107 static final String RMI_SSL_CLIENT_ENABLEDCIPHERSUITES =
108 "javax.rmi.ssl.client.enabledCipherSuites";
109 static final String RMI_SSL_CLIENT_ENABLEDPROTOCOLS =
110 "javax.rmi.ssl.client.enabledProtocols";
111
112 private JMXConnectorServer cs;
113
114 // Construct and set keyStore properties from given map
115 static void setKeyStoreProperties(Map<String, Object> map) {
116
117 String keyStore = (String) map.get("-keystore");
118 keyStore = buildSourcePath(keyStore);
119 System.setProperty(KEYSTORE_PROPNAME, keyStore);
120 System.out.println("keyStore location = \"" + keyStore + "\"");
121
122 String password = (String) map.get("-keystorepassword");
123 System.setProperty(KEYSTORE_PWD_PROPNAME, password);
124 System.out.println("keyStore password = " + password);
125
126 }
127
128 // Construct and set trustStore properties from given map
129 static void setTrustStoreProperties(Map<String, Object> map) {
130
131 String trustStore = (String) map.get("-truststore");
132 trustStore = buildSourcePath(trustStore);
133 System.setProperty(TRUSTSTORE_PROPNAME, trustStore);
134 System.out.println("trustStore location = \"" + trustStore + "\"");
135
136 String password = (String) map.get("-truststorepassword");
137 System.setProperty(TRUSTSTORE_PWD_PROPNAME, password);
138 System.out.println("trustStore password = " + password);
139
140 }
141
142 /*
143 * First Debug properties and arguments are collect in expected
144 * map (argName, value) format, then calls original test's run method.
145 */
146 public static void main(String args[]) throws Exception {
147
148 System.out.println("=================================================");
149
150 // Parses parameters
151 Utils.parseDebugProperties();
152
153 // Supported parameters list format is :
154 // "MainClass [-server <param-spec> ...] [-client <param-spec> ...]
155 // with <param-spec> either "-parami valuei" or "-parami"
156 HashMap<String, Object> serverMap = new HashMap<>() ;
157 int clientArgsIndex =
158 Utils.parseServerParameters(args, SERVER_CLASS_NAME, serverMap);
159
160 // Extract and records client params
161 String[] clientParams = null;
162 if (clientArgsIndex < args.length) {
163 int clientParamsSize = args.length - clientArgsIndex;
164 clientParams = new String[clientParamsSize];
165 System.arraycopy(args, clientArgsIndex, clientParams, 0, clientParamsSize);
166 } else {
167 clientParams = new String[0];
168 }
169
170 // Run test
171 SecurityTest test = new SecurityTest();
172 test.run(serverMap, clientParams);
173
174 }
175
176 // Return full path of filename in the test sopurce directory
177 private static String buildSourcePath(String filename) {
178 return System.getProperty("test.src") + File.separator + filename;
179 }
180
181 /*
182 * Collects security run params for server side.
183 */
184 private HashMap<String, Object> setServerSecurityEnv(Map<String, Object> map)
185 throws Exception {
186
187 // Creates Authentication environment from server side params
188 HashMap<String, Object> env = new HashMap<>();
189
190 // Retrieve and set keystore and truststore config if any
191 if (map.containsKey("-keystore") &&
192 map.get("-keystore") != null) {
193 setKeyStoreProperties(map);
194 }
195 System.out.println("Done keystore properties");
196
197 if (map.containsKey("-truststore") &&
198 map.get("-truststore") != null) {
199 setTrustStoreProperties(map);
200 }
201 System.out.println("Done truststore properties");
202
203 String value = null;
204 if ((value = (String)map.get("-mapType")) != null) {
205
206 // Case of remote password file with all authorized credentials
207 if (value.contains("x.password.file")) {
208 String passwordFileStr = buildSourcePath("password.properties");
209 env.put("jmx.remote.x.password.file", passwordFileStr);
210 System.out.println("Added " + passwordFileStr +
211 " file as jmx.remote.x.password.file");
212 }
213
214 // Case of dedicated authenticator class : TestJMXAuthenticator
215 if (value.contains("x.authenticator")) {
216 env.put("jmx.remote.authenticator", new TestJMXAuthenticator()) ;
217 System.out.println(
218 "Added \"jmx.remote.authenticator\" = TestJMXAuthenticator");
219 }
220
221 // Case of security config file with standard Authentication
222 if (value.contains("x.login.config.PasswordFileAuthentication")) {
223 String loginConfig = System.getProperty("login.config.file");
224
225 // Override the default JAAS configuration
226 System.setProperty("java.security.auth.login.config",
227 "file:" + loginConfig);
228 System.out.println("Overrided default JAAS configuration with " +
229 "\"java.security.auth.login.config\" = \"" + loginConfig + "\"") ;
230
231 env.put("jmx.remote.x.login.config", "PasswordFileAuthentication") ;
232 System.out.println(
233 "Added \"jmx.remote.x.login.config\" = " +
234 "\"PasswordFileAuthentication\"") ;
235
236 // redirects "password.file" property to file in ${test.src}
237 String passwordFileStr =
238 buildSourcePath(System.getProperty("password.file"));
239 System.setProperty("password.file", passwordFileStr);
240 System.out.println(
241 "Redirected \"password.file\" property value to = " +
242 passwordFileStr) ;
243 }
244
245 // Case of security config file with unexisting athentication config
246 if (value.contains("x.login.config.UnknownAuthentication")) {
247 String loginConfig = System.getProperty("login.config.file");
248
249 // Override the default JAAS configuration
250 System.setProperty("java.security.auth.login.config",
251 "file:" + loginConfig);
252 System.out.println("Overrided default JAAS configuration with " +
253 "\"java.security.auth.login.config\" = \"" + loginConfig + "\"") ;
254
255 env.put("jmx.remote.x.login.config", "UnknownAuthentication") ;
256 System.out.println(
257 "Added \"jmx.remote.x.login.config\" = " +
258 "\"UnknownAuthentication\"") ;
259
260 // redirects "password.file" property to file in ${test.src}
261 String passwordFileStr =
262 buildSourcePath(System.getProperty("password.file"));
263 System.setProperty("password.file", passwordFileStr);
264 System.out.println(
265 "Redirected \"password.file\" property value to = " +
266 passwordFileStr) ;
267 }
268
269 // Case of security config file with dedicated login module
270 if (value.contains("x.login.config.SampleLoginModule")) {
271 String loginConfig = System.getProperty("login.config.file");
272
273 // Override the default JAAS configuration
274 System.setProperty("java.security.auth.login.config",
275 "file:" + loginConfig);
276 System.out.println("Overrided default JAAS configuration with " +
277 "\"java.security.auth.login.config\" = \"" + loginConfig + "\"") ;
278
279 env.put("jmx.remote.x.login.config", "SampleLoginModule") ;
280 System.out.println(
281 "Added \"jmx.remote.x.login.config\" = " +
282 "\"SampleLoginModule\"") ;
283 }
284
285 // Simple rmi ssl authentication
286 if (value.contains(RMI_CLIENT_SOCKET_FACTORY_SSL)) {
287 env.put("jmx.remote.rmi.client.socket.factory",
288 new SslRMIClientSocketFactory()) ;
289 System.out.println(
290 "Added \"jmx.remote.rmi.client.socket.factory\"" +
291 " = SslRMIClientSocketFactory") ;
292 }
293
294 if (value.contains(RMI_SERVER_SOCKET_FACTORY_SSL)) {
295 if (value.contains(
296 "rmi.server.socket.factory.ssl.need.client.authentication")) {
297 // rmi ssl authentication with client authentication
298 env.put("jmx.remote.rmi.server.socket.factory",
299 new SslRMIServerSocketFactory(null, null, true)) ;
300 System.out.println(
301 "Added \"jmx.remote.rmi.server.socket.factory\"" +
302 " = SslRMIServerSocketFactory with client authentication") ;
303
304 } else if (value.contains("rmi.server.socket.factory.ssl.enabled.cipher.suites.md5")) {
305 // Allows all ciphering and protocols for testing purpose
306 Security.setProperty("jdk.tls.disabledAlgorithms", "");
307
308 env.put("jmx.remote.rmi.server.socket.factory",
309 new SslRMIServerSocketFactory(
310 new String[] {"SSL_RSA_WITH_RC4_128_MD5"}, null, false));
311 System.out.println(
312 "Added \"jmx.remote.rmi.server.socket.factory\"" +
313 " = SslRMIServerSocketFactory with SSL_RSA_WITH_RC4_128_MD5 cipher suite");
314
315 } else if (value.contains("rmi.server.socket.factory.ssl.enabled.cipher.suites.sha")) {
316 // Allows all ciphering and protocols for testing purpose
317 Security.setProperty("jdk.tls.disabledAlgorithms", "");
318
319 env.put("jmx.remote.rmi.server.socket.factory",
320 new SslRMIServerSocketFactory(
321 new String[] { "SSL_RSA_WITH_RC4_128_SHA" }, null, false)) ;
322 System.out.println(
323 "Added \"jmx.remote.rmi.server.socket.factory\"" +
324 " = SslRMIServerSocketFactory with SSL_RSA_WITH_RC4_128_SHA cipher suite") ;
325
326 } else if (value.contains("rmi.server.socket.factory.ssl.enabled.protocols.sslv3")) {
327 // Allows all ciphering and protocols for testing purpose
328 Security.setProperty("jdk.tls.disabledAlgorithms", "");
329
330 env.put("jmx.remote.rmi.server.socket.factory",
331 new SslRMIServerSocketFactory(null, new String[] {"SSLv3"}, false)) ;
332 System.out.println(
333 "Added \"jmx.remote.rmi.server.socket.factory\"" +
334 " = SslRMIServerSocketFactory with SSLv3 protocol") ;
335
336 } else if (value.contains("rmi.server.socket.factory.ssl.enabled.protocols.tlsv1")) {
337 // Allows all ciphering and protocols for testing purpose
338 Security.setProperty("jdk.tls.disabledAlgorithms", "");
339
340 env.put("jmx.remote.rmi.server.socket.factory",
341 new SslRMIServerSocketFactory(null, new String[] {"TLSv1"}, false)) ;
342 System.out.println(
343 "Added \"jmx.remote.rmi.server.socket.factory\"" +
344 " = SslRMIServerSocketFactory with TLSv1 protocol") ;
345
346 } else {
347 env.put("jmx.remote.rmi.server.socket.factory",
348 new SslRMIServerSocketFactory());
349 System.out.println(
350 "Added \"jmx.remote.rmi.server.socket.factory\"" +
351 " = SslRMIServerSocketFactory");
352 }
353 }
354 }
355
356 return env;
357 }
358
359 /*
360 * Create the MBeansServer side of the test and returns its address
361 */
362 private JMXServiceURL createServerSide(Map<String, Object> serverMap)
363 throws Exception {
364 final int NINETY_SECONDS = 90;
365
366 System.out.println("SecurityTest::createServerSide: Start") ;
367
368 // Prepare server side security env
369 HashMap<String, Object> env = setServerSecurityEnv(serverMap);
370
371 // Create and start mbean server and connector server
372 MBeanServer mbs = MBeanServerFactory.newMBeanServer();
373 JMXServiceURL url = new JMXServiceURL("rmi", null, 0);
374 cs = JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
375 cs.start();
376
377 // Waits availibility of connector server
378 Utils.waitReady(cs, NINETY_SECONDS);
379
380 JMXServiceURL addr = cs.getAddress();
381
382 System.out.println("SecurityTest::createServerSide: Done.") ;
383
384 return addr;
385 }
386
387 /*
388 * Creating command-line for running subprocess JVM:
389 *
390 * JVM command line is like:
391 * {test_jdk}/bin/java {defaultopts} -cp {test.class.path} {testopts} main
392 *
393 * {defaultopts} are the default java options set by the framework.
394 *
395 */
396 private List<String> buildCommandLine(String args[]) {
397
398 System.out.println("SecurityTest::buildCommandLine: Start") ;
399
400 List<String> opts = new ArrayList<>();
401 opts.add(JDKToolFinder.getJDKTool("java"));
402 opts.addAll(Arrays.asList(jdk.testlibrary.Utils.getTestJavaOpts()));
403
404 // We need to forward some properties to the client side
405 opts.add("-Dtest.src=" + System.getProperty("test.src"));
406
407 String usernameValue = System.getProperty(USERNAME_PROPERTY);
408 if (usernameValue != null) {
409 System.out.println("SecurityTest::buildCommandLine: "+
410 " forward username property to client side");
411 opts.add("-D" + USERNAME_PROPERTY + "=" + usernameValue);
412 }
413 String passwordValue = System.getProperty(PASSWORD_PROPERTY);
414 if (passwordValue != null) {
415 System.out.println("SecurityTest::buildCommandLine: "+
416 " forward password property to client side");
417 opts.add("-D" + PASSWORD_PROPERTY + "=" + passwordValue);
418 }
419
420 String enabledCipherSuites =
421 System.getProperty(RMI_SSL_CLIENT_ENABLEDCIPHERSUITES);
422 if (enabledCipherSuites != null) {
423 System.out.println("SecurityTest::buildCommandLine: "+
424 " forward enabledCipherSuites property to client side");
425 opts.add("-D" + RMI_SSL_CLIENT_ENABLEDCIPHERSUITES +
426 "=" + enabledCipherSuites);
427 }
428
429 String enabledProtocols =
430 System.getProperty(RMI_SSL_CLIENT_ENABLEDPROTOCOLS);
431 if (enabledProtocols != null) {
432 System.out.println("SecurityTest::buildCommandLine: "+
433 " forward enabledProtocols property to client side");
434 opts.add("-D" + RMI_SSL_CLIENT_ENABLEDPROTOCOLS +
435 "=" + enabledProtocols);
436 }
437
438 opts.add("-cp");
439 opts.add(System.getProperty("test.class.path", "test.class.path"));
440 opts.add(CLIENT_CLASS_MAIN);
441 opts.addAll(Arrays.asList(args));
442
443 System.out.println("SecurityTest::buildCommandLine: Done.") ;
444
445 return opts;
446 }
447
448 /**
449 * Runs SecurityTest$ClientSide with the passed options and redirects
450 * subprocess standard I/O to the current (parent) process. This provides a
451 * trace of what happens in the subprocess while it is runnning (and before
452 * it terminates).
453 *
454 * @param serviceUrlStr string representing the JMX service Url to connect to.
455 */
456 private int runClientSide(String args[], String serviceUrlStr) throws Exception {
457
458 System.out.println("SecurityTest::runClientSide: Start") ;
459
460 // Building command-line
461 List<String> opts = buildCommandLine(args);
462 opts.add("-serviceUrl");
463 opts.add(serviceUrlStr);
464
465 // Launch separate JVM subprocess
466 int exitCode = 0;
467 String[] optsArray = opts.toArray(new String[0]);
468 ProcessBuilder pb = new ProcessBuilder(optsArray);
469 Process p = ProcessTools.startProcess("SecurityTest$ClientSide", pb);
470
471 // Handling end of subprocess
472 try {
473 exitCode = p.waitFor();
474 if (exitCode != 0) {
475 System.out.println(
476 "Subprocess unexpected exit value of [" + exitCode +
477 "]. Expected 0.\n");
478 }
479 } catch (InterruptedException e) {
480 System.out.println("Parent process interrupted with exception : \n " + e + " :" );
481
482 // Parent thread unknown state, killing subprocess.
483 p.destroyForcibly();
484
485 throw new RuntimeException(
486 "Parent process interrupted with exception : \n " + e + " :" );
487
488 } finally {
489 if (p.isAlive()) {
490 p.destroyForcibly();
491 }
492
493 System.out.println("SecurityTest::runClientSide: Done") ;
494
495 return exitCode;
496 }
497
498 }
499
500 public void run(Map<String, Object> serverArgs, String clientArgs[]) {
501
502 System.out.println("SecurityTest::run: Start") ;
503 int errorCount = 0;
504
505 try {
506 // Initialise the server side
507 JMXServiceURL urlToUse = createServerSide(serverArgs);
508
509 // Run client side
510 errorCount = runClientSide(clientArgs, urlToUse.toString());
511
512 if ( errorCount == 0 ) {
513 System.out.println("SecurityTest::run: Done without any error") ;
514 } else {
515 System.out.println(
516 "SecurityTest::run: Done with " + errorCount + " error(s)");
517 throw new RuntimeException("errorCount = " + errorCount);
518 }
519
520 cs.stop();
521
522 } catch(Exception e) {
523 throw new RuntimeException(e);
524 }
525
526 }
527
528 private static class ClientSide {
529
530 private JMXConnector cc = null;
531 private MBeanServerConnection mbsc = null;
532
533 public static void main(String args[]) throws Exception {
534
535 // Parses parameters
536 Utils.parseDebugProperties();
537
538 // Supported parameters list format is : "MainClass [-client <param-spec> ...]
539 // with <param-spec> either "-parami valuei" or "-parami"
540 HashMap<String, Object> clientMap = new HashMap<>() ;
541 Utils.parseClientParameters(args, CLIENT_CLASS_NAME, clientMap);
542
543 // Run test
544 ClientSide test = new ClientSide();
545 test.run(clientMap);
546 }
547
548 public void run(Map<String, Object> args) {
549
550 System.out.println("ClientSide::run: Start");
551 int errorCount = 0;
552
553 try {
554 // Setup client side parameters
555 HashMap<String, Object> env = new HashMap<>();
556
557 // If needed allows all ciphering and protocols for testing purpose
558 if (System.getProperty(RMI_SSL_CLIENT_ENABLEDCIPHERSUITES) != null) {
559 Security.setProperty("jdk.tls.disabledAlgorithms", "");
560 }
561
562 // If needed allows all ciphering and protocols for testing purpose
563 if (System.getProperty(RMI_SSL_CLIENT_ENABLEDPROTOCOLS) != null) {
564 Security.setProperty("jdk.tls.disabledAlgorithms", "");
565 }
566
567 // Retrieve and set keystore and truststore config if any
568 if (args.containsKey("-keystore") &&
569 args.get("-keystore") != null) {
570 SecurityTest.setKeyStoreProperties(args);
571 }
572 if (args.containsKey("-truststore") &&
573 args.get("-truststore") != null) {
574 SecurityTest.setTrustStoreProperties(args);
575 }
576
577 Object value = args.get("-mapType");
578 if ((value != null) &&
579 value.equals("credentials")) {
580 String username = System.getProperty("username");
581 String password = System.getProperty("password");
582 Utils.debug(Utils.DEBUG_STANDARD,
583 "add \"jmx.remote.credentials\" = \"" +
584 username + "\", \"" + password + "\"");
585 env.put("jmx.remote.credentials",
586 new String[] { username , password });
587 }
588
589 String expectedThrowable = (String) args.get("-expectedThrowable");
590
591 String authCallCountName = "-expectedAuthenticatorCallCount";
592 int authCallCountValue = 0;
593 if (args.containsKey(authCallCountName)) {
594 authCallCountValue =
595 (new Integer((String) args.get(authCallCountName))).intValue();
596 }
597
598 try {
599 // Get a connection to remote mbean server
600 JMXServiceURL addr = new JMXServiceURL((String)args.get("-serviceUrl"));
601 cc = JMXConnectorFactory.connect(addr,env);
602 mbsc = cc.getMBeanServerConnection();
603
604 // In case we should have got an exception
605 if (expectedThrowable != null) {
606 System.out.println("ClientSide::run: (ERROR) " +
607 " Connect did not fail with expected " + expectedThrowable);
608 errorCount++;
609 } else {
610 System.out.println("ClientSide::run: (OK) Connect succeed");
611 }
612 } catch (Throwable e) {
613 Utils.printThrowable(e, true);
614 if (expectedThrowable != null) {
615 if (Utils.compareThrowable(e, expectedThrowable)) {
616 System.out.println("ClientSide::run: (OK) " +
617 "Connect failed with expected " + expectedThrowable);
618 } else {
619 System.out.println("ClientSide::run: (ERROR) Connect failed with " +
620 e.getClass() + " instead of expected " +
621 expectedThrowable);
622 errorCount++;
623 }
624 } else {
625 System.out.println("ClientSide::run: (ERROR) " +
626 "Connect failed with exception");
627 errorCount++;
628 }
629 }
630
631 // Depending on the client state,
632 // perform some requests
633 if (mbsc != null && errorCount == 0) {
634 // Perform some little JMX requests
635 System.out.println("ClientSide::run: Start sending requests");
636
637 doRequests();
638
639 // In case authentication has been used we check how it did.
640 if (authCallCountValue != 0) {
641 errorCount += checkAuthenticator(mbsc, authCallCountValue);
642 }
643 }
644 } catch (Exception e) {
645 Utils.printThrowable(e, true);
646 errorCount++;
647 } finally {
648 // Terminate the JMX Client if any
649 if (cc != null) {
650 try {
651 cc.close();
652 } catch (Exception e) {
653 Utils.printThrowable(e, true) ;
654 errorCount++;
655 }
656 }
657 }
658
659 System.out.println("ClientSide::run: Done");
660
661 // Handle result
662 if (errorCount != 0) {
663 throw new RuntimeException();
664 }
665 }
666
667 private void doRequests() throws Exception {
668
669 // Send some requests to the remote JMX server
670 ObjectName objName1 =
671 new ObjectName("TestDomain:class=MBS_Light,rank=1");
672 String mbeanClass = "MBS_Light";
673 Exception exception = new Exception("MY TEST EXCEPTION");
674 Attribute attException = new Attribute("AnException", exception);
675 Error error = new Error("MY TEST ERROR");
676 Attribute attError = new Attribute("AnError", error);
677 String opParamString = "TOTORO";
678 RjmxMBeanParameter opParam = new RjmxMBeanParameter(opParamString);
679 Object[] params1 = {opParamString};
680 String[] sig1 = {"java.lang.String"};
681 Object[] params2 = {opParam};
682 String[] sig2 = {"RjmxMBeanParameter"};
683
684 // Create and register the MBean
685 Utils.debug(Utils.DEBUG_STANDARD,
686 "ClientSide::doRequests: Create and register the MBean");
687 mbsc.createMBean(mbeanClass, objName1);
688 if (!mbsc.isRegistered(objName1)) {
689 throw new Exception("Unable to register an MBean");
690 }
691
692 // Set attributes of the MBean
693 Utils.debug(Utils.DEBUG_STANDARD,
694 "ClientSide::doRequests: Set attributes of the MBean");
695 mbsc.setAttribute(objName1, attException);
696 mbsc.setAttribute(objName1, attError);
697
698 // Get attributes of the MBean
699 Utils.debug(Utils.DEBUG_STANDARD,
700 "ClientSide::doRequests: Get attributes of the MBean");
701 Exception retException =
702 (Exception) mbsc.getAttribute(objName1,"AnException");
703 if (!retException.getMessage().equals(exception.getMessage())) {
704 System.out.println("Expected = " + exception);
705 System.out.println("Got = " + retException);
706 throw new Exception("Attribute AnException not as expected");
707 }
708 Error retError = (Error) mbsc.getAttribute(objName1, "AnError");
709 if (!retError.getMessage().equals(error.getMessage())) {
710 System.out.println("Expected = " + error);
711 System.out.println("Got = " + retError);
712 throw new Exception("Attribute AnError not as expected");
713 }
714
715 // Invoke operations on the MBean
716 Utils.debug(Utils.DEBUG_STANDARD,
717 "ClientSide::doRequests: Invoke operations on the MBean");
718 RjmxMBeanParameter res1 =
719 (RjmxMBeanParameter) mbsc.invoke(objName1, "operate1", params1, sig1);
720 if (!res1.equals(opParam)) {
721 System.out.println("Expected = " + opParam);
722 System.out.println("Got = " + res1);
723 throw new Exception("Operation operate1 behaved badly");
724 }
725 String res2 =
726 (String) mbsc.invoke(objName1, "operate2", params2, sig2);
727 if (!res2.equals(opParamString)) {
728 System.out.println("Expected = " + opParamString);
729 System.out.println("Got = " + res2);
730 throw new Exception("Operation operate2 behaved badly");
731 }
732
733 // Unregister the MBean
734 Utils.debug(Utils.DEBUG_STANDARD,
735 "ClientSide::doRequests: Unregister the MBean");
736 mbsc.unregisterMBean(objName1);
737 if (mbsc.isRegistered(objName1)) {
738 throw new Exception("Unable to unregister an MBean");
739 }
740 }
741
742 /**
743 * Make some check about the instance of TestJMXAuthenticator.
744 * The authenticator is supposed to have set some properties on
745 * a ServerDelegate MBean.
746 * We compare the number of times it has been called with the expected value.
747 * We also check the Principal that has been given to the authenticator
748 * was not null.
749 * That method is of use to authentication with the JSR 262.
750 * @param mbs
751 * @param expectedAuthenticatorCallCount
752 * @return The number of errors encountered.
753 * @throws java.lang.Exception
754 */
755 protected int checkAuthenticator(MBeanServerConnection mbs,
756 int expectedAuthenticatorCallCount) throws Exception {
757 int errorCount = 0;
758
759 // Ensure the authenticator has been called the right number
760 // of times.
761 int callCount =
762 ((Integer) mbs.getAttribute(
763 new ObjectName(SERVER_DELEGATE_MBEAN_NAME),
764 "TestJMXAuthenticatorCallCount")).intValue();
765
766 if (callCount == expectedAuthenticatorCallCount) {
767 System.out.println("---- OK Authenticator has been called "
768 + expectedAuthenticatorCallCount + " time");
769 } else {
770 errorCount++;
771 System.out.println("---- ERROR Authenticator has been called " + callCount
772 + " times in place of " + expectedAuthenticatorCallCount);
773 }
774
775 // Ensure the provider has been called with
776 // a non null Principal.
777 String principalString =
778 (String) mbs.getAttribute(
779 new ObjectName(SERVER_DELEGATE_MBEAN_NAME),
780 "TestJMXAuthenticatorPrincipalString");
781
782 if (principalString == null) {
783 errorCount++;
784 System.out.println("---- ERROR Authenticator has been called"
785 + " with a null Principal");
786 } else {
787 if (principalString.length() > 0) {
788 System.out.println("---- OK Authenticator has been called"
789 + " with the Principal " + principalString);
790 } else {
791 errorCount++;
792 System.out.println("---- ERROR Authenticator has been called"
793 + " with an empty Principal");
794 }
795 }
796
797 return errorCount;
798 }
799
800 }
801
802 }