1 /*
2 * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 4392475
32 * @library /javax/net/ssl/templates
33 * @summary Calling setWantClientAuth(true) disables anonymous suites
34 * @run main/othervm/timeout=180 AnonCipherWithWantClientAuth
35 */
36
37 import java.io.InputStream;
38 import java.io.OutputStream;
39 import java.security.Security;
40
41 import javax.net.ssl.SSLServerSocket;
42 import javax.net.ssl.SSLServerSocketFactory;
43 import javax.net.ssl.SSLSocket;
44
45 public class AnonCipherWithWantClientAuth {
46
47 /*
48 * Where do we find the keystores?
49 */
50 static String pathToStores = "../../../../javax/net/ssl/etc";
51 static String keyStoreFile = "keystore";
52 static String trustStoreFile = "truststore";
53 static String passwd = "passphrase";
54
55 public static void main(String[] args) throws Exception {
56 Security.setProperty("jdk.tls.disabledAlgorithms", "");
57 Security.setProperty("jdk.certpath.disabledAlgorithms", "");
58
59 String keyFilename =
60 System.getProperty("test.src", "./") + "/" + pathToStores +
61 "/" + keyStoreFile;
62 String trustFilename =
63 System.getProperty("test.src", "./") + "/" + pathToStores +
64 "/" + trustStoreFile;
65 SSLTest.setup(keyFilename, trustFilename, passwd);
66
67 new SSLTest()
68 .setServerPeer(test -> {
69 SSLServerSocketFactory sslssf =
70 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
71 SSLServerSocket sslServerSocket =
72 (SSLServerSocket) sslssf.createServerSocket(SSLTest.FREE_PORT);
73 test.setServerPort(sslServerSocket.getLocalPort());
74 SSLTest.print("Server is listening on port "
75 + test.getServerPort());
76
77 String ciphers[] = {
78 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
79 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
80 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" };
81 sslServerSocket.setEnabledCipherSuites(ciphers);
82 sslServerSocket.setWantClientAuth(true);
83
84 // Signal the client, the server is ready to accept connection.
85 test.signalServerReady();
86
87 // Try to accept a connection in 30 seconds.
88 SSLSocket sslSocket = SSLTest.accept(sslServerSocket);
89 if (sslSocket == null) {
90 // Ignore the test case if no connection within 30 seconds.
91 SSLTest.print("No incoming client connection in 30 seconds."
92 + " Ignore in server side.");
93 return;
94 }
95 SSLTest.print("Server accepted connection");
96
97 // handle the connection
98 try {
99 // Is it the expected client connection?
100 //
101 // Naughty test cases or third party routines may try to
102 // connection to this server port unintentionally. In
103 // order to mitigate the impact of unexpected client
104 // connections and avoid intermittent failure, it should
105 // be checked that the accepted connection is really linked
106 // to the expected client.
107 boolean clientIsReady = test.waitForClientSignal();
108
109 if (clientIsReady) {
110 // Run the application in server side.
111 SSLTest.print("Run server application");
112
113 InputStream sslIS = sslSocket.getInputStream();
114 OutputStream sslOS = sslSocket.getOutputStream();
115
116 sslIS.read();
117 sslOS.write(85);
118 sslOS.flush();
119 } else {
120 System.out.println(
121 "The client is not the expected one or timeout. "
122 + "Ignore in server side.");
123 }
124 } finally {
125 sslSocket.close();
126 sslServerSocket.close();
127 }
128 })
129 .setClientApplication((socket, test) -> {
130 String ciphers[] = {
131 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
132 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5" };
133 socket.setEnabledCipherSuites(ciphers);
134 socket.setUseClientMode(true);
135
136 InputStream sslIS = socket.getInputStream();
137 OutputStream sslOS = socket.getOutputStream();
138
139 sslOS.write(280);
140 sslOS.flush();
141 sslIS.read();
142 })
143 .runTest();
144 }
145 }