1 /* 2 * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // SunJSSE does not support dynamic system properties, no way to re-use 26 // system properties in samevm/agentvm mode. 27 // 28 29 /* 30 * @test 31 * @bug 4392475 32 * @summary Calling setWantClientAuth(true) disables anonymous suites 33 * @run main/othervm/timeout=180 AnonCipherWithWantClientAuth 34 */ 35 36 import java.io.*; 37 import java.net.*; 38 import javax.net.ssl.*; 39 import java.security.Security; 40 41 public class AnonCipherWithWantClientAuth { 42 43 /* 44 * ============================================================= 45 * Set the various variables needed for the tests, then 46 * specify what tests to run on each side. 47 */ 48 49 /* 50 * Should we run the client or server in a separate thread? 51 * Both sides can throw exceptions, but do you have a preference 52 * as to which side should be the main thread. 53 */ 54 static boolean separateServerThread = false; 55 56 /* 57 * Where do we find the keystores? 58 */ 59 static String pathToStores = "../../../../javax/net/ssl/etc"; 60 static String keyStoreFile = "keystore"; 61 static String trustStoreFile = "truststore"; 62 static String passwd = "passphrase"; 63 64 /* 65 * Is the server ready to serve? 66 */ 67 volatile static boolean serverReady = false; 68 69 /* 70 * Turn on SSL debugging? 71 */ 72 static boolean debug = false; 73 74 /* 75 * If the client or server is doing some kind of object creation 76 * that the other side depends on, and that thread prematurely 77 * exits, you may experience a hang. The test harness will 78 * terminate all hung threads after its timeout has expired, 79 * currently 3 minutes by default, but you might try to be 80 * smart about it.... 81 */ 82 83 /* 84 * Define the server side of the test. 85 * 86 * If the server prematurely exits, serverReady will be set to true 87 * to avoid infinite hangs. 88 */ 89 void doServerSide() throws Exception { 90 SSLServerSocketFactory sslssf = 91 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); 92 SSLServerSocket sslServerSocket = 93 (SSLServerSocket) sslssf.createServerSocket(serverPort); 94 serverPort = sslServerSocket.getLocalPort(); 95 String ciphers[]={"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 96 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 97 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}; 98 sslServerSocket.setEnabledCipherSuites(ciphers); 99 sslServerSocket.setWantClientAuth(true); 100 /* 101 * Signal Client, we're ready for his connect. 102 */ 103 serverReady = true; 104 105 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); 106 InputStream sslIS = sslSocket.getInputStream(); 107 OutputStream sslOS = sslSocket.getOutputStream(); 108 109 sslIS.read(); 110 sslOS.write(85); 111 sslOS.flush(); 112 113 sslSocket.close(); 114 } 115 116 /* 117 * Define the client side of the test. 118 * 119 * If the server prematurely exits, serverReady will be set to true 120 * to avoid infinite hangs. 121 */ 122 void doClientSide() throws Exception { 123 124 /* 125 * Wait for server to get started. 126 */ 127 while (!serverReady) { 128 Thread.sleep(50); 129 } 130 131 SSLSocketFactory sslsf = 132 (SSLSocketFactory) SSLSocketFactory.getDefault(); 133 SSLSocket sslSocket = (SSLSocket) 134 sslsf.createSocket("localhost", serverPort); 135 String ciphers[] = {"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 136 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"}; 137 sslSocket.setEnabledCipherSuites(ciphers); 138 sslSocket.setUseClientMode(true); 139 140 InputStream sslIS = sslSocket.getInputStream(); 141 OutputStream sslOS = sslSocket.getOutputStream(); 142 143 sslOS.write(280); 144 sslOS.flush(); 145 sslIS.read(); 146 147 sslSocket.close(); 148 } 149 150 /* 151 * ============================================================= 152 * The remainder is just support stuff 153 */ 154 155 // use any free port by default 156 volatile int serverPort = 0; 157 158 volatile Exception serverException = null; 159 volatile Exception clientException = null; 160 161 public static void main(String[] args) throws Exception { 162 // reset security properties to make sure that the algorithms 163 // and keys used in this test are not disabled. 164 Security.setProperty("jdk.tls.disabledAlgorithms", ""); 165 Security.setProperty("jdk.certpath.disabledAlgorithms", ""); 166 167 String keyFilename = 168 System.getProperty("test.src", "./") + "/" + pathToStores + 169 "/" + keyStoreFile; 170 String trustFilename = 171 System.getProperty("test.src", "./") + "/" + pathToStores + 172 "/" + trustStoreFile; 173 174 System.setProperty("javax.net.ssl.keyStore", keyFilename); 175 System.setProperty("javax.net.ssl.keyStorePassword", passwd); 176 System.setProperty("javax.net.ssl.trustStore", trustFilename); 177 System.setProperty("javax.net.ssl.trustStorePassword", passwd); 178 179 if (debug) 180 System.setProperty("javax.net.debug", "all"); 181 182 /* 183 * Start the tests. 184 */ 185 new AnonCipherWithWantClientAuth(); 186 } 187 188 Thread clientThread = null; 189 Thread serverThread = null; 190 191 /* 192 * Primary constructor, used to drive remainder of the test. 193 * 194 * Fork off the other side, then do your work. 195 */ 196 AnonCipherWithWantClientAuth () throws Exception { 197 if (separateServerThread) { 198 startServer(true); 199 startClient(false); 200 } else { 201 startClient(true); 202 startServer(false); 203 } 204 205 /* 206 * Wait for other side to close down. 207 */ 208 if (separateServerThread) { 209 serverThread.join(); 210 } else { 211 clientThread.join(); 212 } 213 214 /* 215 * When we get here, the test is pretty much over. 216 * 217 * If the main thread excepted, that propagates back 218 * immediately. If the other thread threw an exception, we 219 * should report back. 220 */ 221 if (serverException != null) 222 throw serverException; 223 if (clientException != null) 224 throw clientException; 225 } 226 227 void startServer(boolean newThread) throws Exception { 228 if (newThread) { 229 serverThread = new Thread() { 230 public void run() { 231 try { 232 doServerSide(); 233 } catch (Exception e) { 234 /* 235 * Our server thread just died. 236 */ 237 System.err.println("Server died..."); 238 serverReady = true; 239 serverException = e; 240 } 241 } 242 }; 243 serverThread.start(); 244 } else { 245 doServerSide(); 246 } 247 } 248 249 void startClient(boolean newThread) throws Exception { 250 if (newThread) { 251 clientThread = new Thread() { 252 public void run() { 253 try { 254 doClientSide(); 255 } catch (Exception e) { 256 /* 257 * Our client thread just died. 258 */ 259 System.err.println("Client died..."); 260 clientException = e; 261 } 262 } 263 }; 264 clientThread.start(); 265 } else { 266 doClientSide(); 267 } 268 } 269 }