1 /* 2 * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import javax.net.ssl.KeyManagerFactory; 25 import javax.net.ssl.SSLContext; 26 import javax.net.ssl.SSLEngine; 27 import javax.net.ssl.SSLEngineResult; 28 import javax.net.ssl.SSLException; 29 import javax.net.ssl.SSLHandshakeException; 30 import javax.net.ssl.SSLParameters; 31 import javax.net.ssl.TrustManager; 32 import javax.net.ssl.X509TrustManager; 33 import java.io.ByteArrayInputStream; 34 import java.nio.ByteBuffer; 35 import java.security.KeyStore; 36 import java.security.cert.CertificateException; 37 import java.security.cert.X509Certificate; 38 import java.util.Base64; 39 40 /* 41 * @test 42 * @bug 8211339 8234728 43 * @summary Verify hostname returns an exception instead of null pointer when 44 * creating a new engine 45 * @library /lib/security 46 * @run main/othervm NullHostnameCheck TLSv1 47 * @run main/othervm NullHostnameCheck TLSv1.1 48 * @run main/othervm NullHostnameCheck TLSv1.2 49 * @run main/othervm NullHostnameCheck TLSv1.3 50 */ 51 52 53 public final class NullHostnameCheck { 54 main(String[] args)55 public static void main(String[] args) throws Exception { 56 String protocol = args[0]; 57 58 // Re-enable TLSv1 or TLSv1.1 when test depends on it. 59 if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) { 60 SecurityUtils.removeFromDisabledTlsAlgs(protocol); 61 } 62 63 KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 64 keyStore.load( 65 new ByteArrayInputStream(Base64.getDecoder(). 66 decode(keystoreB64)), 67 "123456".toCharArray()); 68 KeyManagerFactory kmf = KeyManagerFactory.getInstance( 69 KeyManagerFactory.getDefaultAlgorithm()); 70 kmf.init(keyStore, "123456".toCharArray()); 71 SSLContext serverCtx = SSLContext.getInstance(protocol); 72 serverCtx.init(kmf.getKeyManagers(), null, null); 73 SSLEngine serverEngine = serverCtx.createSSLEngine("localhost", -1); 74 serverEngine.setUseClientMode(false); 75 76 SSLContext clientCtx = SSLContext.getInstance(protocol); 77 clientCtx.init(null, new TrustManager[] { 78 new X509TrustManager() { 79 @Override 80 public void checkClientTrusted( 81 X509Certificate[] x509Certificates, String s) { 82 } 83 84 @Override 85 public void checkServerTrusted( 86 X509Certificate[] x509Certificates, String s) { 87 } 88 89 @Override 90 public X509Certificate[] getAcceptedIssuers() { 91 return new X509Certificate[0]; 92 } 93 } 94 }, null); 95 96 SSLEngine clientEngine = clientCtx.createSSLEngine(); 97 clientEngine.setUseClientMode(true); 98 99 SSLParameters sslParameters = clientEngine.getSSLParameters(); 100 sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); 101 clientEngine.setSSLParameters(sslParameters); 102 try { 103 handshake(clientEngine, serverEngine); 104 throw new Exception("Value was not null. Unexpected."); 105 } catch (SSLHandshakeException e) { 106 if (e.getCause() instanceof CertificateException) { 107 System.out.println("Correct Exception class thrown:\n\t" + 108 e.getMessage()); 109 return; 110 } 111 throw e; 112 } 113 } 114 handshake(SSLEngine clientEngine, SSLEngine serverEngine)115 private static void handshake(SSLEngine clientEngine, 116 SSLEngine serverEngine) throws SSLException{ 117 ByteBuffer cTOs = ByteBuffer.allocate( 118 clientEngine.getSession().getPacketBufferSize()); 119 ByteBuffer sTOc = ByteBuffer.allocate( 120 serverEngine.getSession().getPacketBufferSize()); 121 122 ByteBuffer serverAppReadBuffer = ByteBuffer.allocate( 123 serverEngine.getSession().getApplicationBufferSize()); 124 ByteBuffer clientAppReadBuffer = ByteBuffer.allocate( 125 clientEngine.getSession().getApplicationBufferSize()); 126 127 clientEngine.beginHandshake(); 128 serverEngine.beginHandshake(); 129 130 ByteBuffer empty = ByteBuffer.allocate(0); 131 132 SSLEngineResult clientResult; 133 SSLEngineResult serverResult; 134 135 boolean clientHandshakeFinished = false; 136 boolean serverHandshakeFinished = false; 137 138 do { 139 if (!clientHandshakeFinished) { 140 clientResult = clientEngine.wrap(empty, cTOs); 141 runDelegatedTasks(clientResult, clientEngine); 142 143 if (isHandshakeFinished(clientResult)) { 144 clientHandshakeFinished = true; 145 } 146 } 147 148 if (!serverHandshakeFinished) { 149 serverResult = serverEngine.wrap(empty, sTOc); 150 runDelegatedTasks(serverResult, serverEngine); 151 152 if (isHandshakeFinished(serverResult)) { 153 serverHandshakeFinished = true; 154 } 155 } 156 157 cTOs.flip(); 158 sTOc.flip(); 159 160 if (!clientHandshakeFinished) { 161 clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer); 162 163 runDelegatedTasks(clientResult, clientEngine); 164 165 if (isHandshakeFinished(clientResult)) { 166 clientHandshakeFinished = true; 167 } 168 } 169 170 if (!serverHandshakeFinished) { 171 serverResult = serverEngine.unwrap(cTOs, serverAppReadBuffer); 172 runDelegatedTasks(serverResult, serverEngine); 173 174 if (isHandshakeFinished(serverResult)) { 175 serverHandshakeFinished = true; 176 } 177 } 178 179 sTOc.compact(); 180 cTOs.compact(); 181 } while (!clientHandshakeFinished || !serverHandshakeFinished); 182 } 183 isHandshakeFinished(SSLEngineResult result)184 private static boolean isHandshakeFinished(SSLEngineResult result) { 185 return result.getHandshakeStatus() == 186 SSLEngineResult.HandshakeStatus.FINISHED; 187 } 188 runDelegatedTasks(SSLEngineResult result, SSLEngine engine)189 private static void runDelegatedTasks(SSLEngineResult result, 190 SSLEngine engine) { 191 if (result.getHandshakeStatus() == 192 SSLEngineResult.HandshakeStatus.NEED_TASK) { 193 for (;;) { 194 Runnable task = engine.getDelegatedTask(); 195 if (task == null) { 196 break; 197 } 198 task.run(); 199 } 200 } 201 } 202 203 // Base64 of PKCS12 Keystore 204 /* 205 * Certificate 206 * "signature algorithm": "SHA384withRSA", 207 * "issuer" : "CN=test, OU=test, O=test, L=test, ST=test, C=test", 208 * "not before" : "2019-12-05 12:43:23.000 IST", 209 * "not after" : "2049-11-27 12:43:23.000 IST", 210 * "subject" : "CN=test, OU=test, O=test, L=test, ST=test, C=test", 211 * "subject public key" : "RSA", 212 */ 213 static final String keystoreB64 = 214 "MIIQZwIBAzCCECAGCSqGSIb3DQEHAaCCEBEEghANMIIQCTCCCeUGCSqGSIb3DQEHA" 215 + "aCCCdYEggnSMIIJzjCCCcoGCyqGSIb3DQEMCgECoIIJezCCCXcwKQYKKoZIhvcNAQ" 216 + "wBAzAbBBSaZBiYmowTxFT4KJxZhMHTVOC9OQIDAMNQBIIJSBnoVGtJKPsoiSU095y" 217 + "50x27NJQd727oJwMXqA8kdxCcE1tBowtO8P44ctSEvwJQlB7dR9PxHB6LcfCdMfpa" 218 + "GObVCH1/6jHzhRolI9JMAfXlvliAHKZSjuQd2USw1Y65/+0VYvKslXGU4hWhGQWh2" 219 + "ksUCBIIcC2A3sA3afF/JPrlfLCEbzYpcfAsv+Z7wEEr6YD11HIHfbOgu2/HU6phL2" 220 + "RMJDK9iLgP9mu6FzRFk+93BSguWXfbeJyPlzA8dcTzkXDyfVDx4Wd+UExWq0fx179" 221 + "b74MWkwEk76TowEkcGkrnugwOKnqBmyvmBkbl1827+ChZprZ3zGw69IkuRsdDSYGb" 222 + "IWVAB/psB0zX3TvsKHcraZm34oNJdSNpYrS0OWA8lSm5NdcfTzi6WLxWwxz55PvZg" 223 + "OP3pVyXmtAalyBujs6AOsLkJIMLGvWAYeD+72ook8fqpW7s5e/HA7MshXrlMMflpD" 224 + "m708kK5VnfdgzQsAGr6YfOYOKnyhoqskmzDYccuSz59owKiuGMgHpum0zVE8yyVwb" 225 + "esXfP3v7eiPuGvsxzq5DE6jaY4F+GoxdLbL4jDWocnWiZewnuYxQwd1vKIKTww/TG" 226 + "8RObPUEB38+/LNpgb7+5Oap45rujygiPFWD9+mTzKkLGkM6ItRo4qOwtKAqbjPIVk" 227 + "MDCovcr2TCrZfE8ZbQnU/q2LR5eC6ZpOMFNRZggm92n0+FmDuEKjR7lu2mQF4IDan" 228 + "SiYgS1+nBhfG9pcNP3yCpwoBHIImtZX5GObKqgvMqQ746KXhv40xwnNqXGypBNKYN" 229 + "jRJQmG2/m++2A6DUo+xCTNbD7g0pQbNOjKsGVMXUBTyDiyGqSUHH2EDxe37wcPVih" 230 + "ezcv5L1X48y3tSVD9czhjCDJ54sd0B3+LoEXs5/0xYmMvQ74zUx6iwE87FZ/duMbs" 231 + "N3dDWvIgqgjaoGnfRLy4lRRxYhn2/r1lesQtzNlZ3YkHZKmpgQkLm+yChFqxi7qm+" 232 + "ec/y+GSTm+ascK1ju1NG3f/SUdl7KqZ/J7DnDfQwyg7jiY+QOcr7UNRSeddQozxu7" 233 + "j07y/wiGX4z3+JSGBlnlWtOyLo5YERbheVHh1LfCSM4KQDcjxUnIlmsCqILwDYbVm" 234 + "aNJ3crkU22I5IVFcoF30v7gvMj4VFXcBYPCSJrkqNIIgZs6YPYwht3akquIz2ovXV" 235 + "CqD3TH527dBRAgpeZNs3/L8xCaYiHNUKXv9CRaHVQMTKk9zi3CTJoKo5TCsWR8l9h" 236 + "cJpcQnmNs5Jv9Jnq/zoet230r3iHkiGNAoXTlekqSER7vBVLHwPY7rogXP6WyAi67" 237 + "AYK/B5iVQcplEHs3n+MeZJgj9C7S0Zslxmym0mWw7l+4YjvyX+RGJVUvk+3TkWO8E" 238 + "WHKOX1+hQH9RBbcNqH4FeRZrh3P8wZQDMFfcr3vD0tLAnuqdMy+qAPA+kKWpu5K0D" 239 + "0W/ifEizq4Zf8VyzYU6UZaAQbloJadSkruXIwvUpHBZ+M8MHQ2AmRNd0vwyTBlhOI" 240 + "CzWU5E5OXtW/f5jA/ugl7PSqjwe5IYTsZaYstKqqZJMIPTzB/IxPtzVyoN15fG9GR" 241 + "kk43U6HPS9SdeVTGVmNLn6SM8keLo1yUh5BZ0J0b+K/7C1GfJeNxcv0lGpkrh5wWc" 242 + "ABzJ86+3daky6+aR6ldY2CF7mr/dcc3MnjgDNnx86wYIysC3HOkhgyIXD28+O1aTY" 243 + "oAvlmidNC9wb2/JJk7cHQatL02LG4/ql5GQ+dS1wOU7S1MVVGYDlZ7uiFmKPqC1Tv" 244 + "qVxQnBqPnggKSLWucVKFcjsvXKasMvRl99f4Y7qRAjgM6EHa7rNyWIflRe6ZLNBlj" 245 + "16mW293a4FL1jTosNlZoCN8xb1zDdb/NCISqkX6/sq7wDOn4t+m+78ckof4GNmTOM" 246 + "WSaRDJIuLM9c1stLHpcyif37oZum86FnB9Zw9qlQGdgLYnRPeZXV1rZuC1L9fugCN" 247 + "M4WcUQ20fmPOgyO4RGLsxCbZZJBJj0y7CAMthepMnzaEO9Z2O9BFaM4zpL2ng7GvO" 248 + "a26DQiHO5RFVjUpslUdmPuX7U5xkRfjJ025pqTvHVLfzWmsU53ZbkgiJ/0xxa1Emd" 249 + "5y0X2keTVfm7q5duNVVN1A6r50++RANI7NJaSLFTMm8Y5P79g4o7UmtCLSesUdTsF" 250 + "8swVR5slE3O7ErNr3drLfYVEF9FaB7vcuMDqxCNuahX8TCMJg0vqpO8+EXRNkieb9" 251 + "KSgcLD5WRjzGm7e/B5uACxWc50iY6lYvIVW5Itot95OHWZ5xdq3a3fIIb4MDQ2/nx" 252 + "lozhRHaHTBI9GAwy1/XcDJWMr+tI9rLGCB7hX8dVqNtYO93/oF3gvBiiNSw5qmUQ2" 253 + "qxepZEih5KfhHAVq44RbQMiBA5E2bVBisuNTPUAaA/Fzzsvky8vBq/M5usy8+RXj6" 254 + "m+mSZCUPpSTTunIUnu0bRLb2inccthEielCThk1FLKQCLSpsAo1h7kzuNJIeeJSCM" 255 + "cWXpZEURziXwE5KCl3jcY+dOLLMEI05F/UyRwZ/k1a2qW78Bc3DivIh2w/4ZBAS9q" 256 + "hERIY52y8VcnJ/+/7u45bnpIjkJShZTM1qmzgDCHQa/G5OpnqtI2nDPSNzOpTWA47" 257 + "6+AH0ZQoUKxHt6MJP3QLpnrw6xPSE2gR19KRvFZr0NtGJ+SPy418eFYMtJgPvOyI4" 258 + "XwYYCLrmMCkSGrqfbhwKK6rgYMVDg0fsBT1OAZGKD8QM51hXFt8p0HQS0UuddwCTA" 259 + "/KwyIt6Iw7Leb70yoTEJz3CVU4X4faohXV48gNtZhquawRDvqyBSFS5F8M4s/pJZK" 260 + "C5UY3MXifF1+LhSXjdQK7RwNs9XcCbIy+6Fi2wAKDX9MasXnzfzFVuQq1XtMoPVVS" 261 + "9gSqWXGbYuadDIto3gGIKUt3BT9nj/B0J/ENqlSsGsT0+fiya+p5thXOkI8r7X82P" 262 + "SxV0048QnP7cbuDG97AjOOAcEMsBdCrF3jWGYNd1nK7eKQ8DCrXEKoQhY0IY2sHpU" 263 + "5Cu24KW9M1RwIb/XtOEBun89edaKhfk1uDLlvgQ4huYDmfcu4Ebh6DRbHzwSNMK17" 264 + "qDgp8/mbAui0ATZBW7bTQNw3WMS0ltbdCj0ki28Udg1udYY6r6wwWkXE/mccgbXz0" 265 + "L3g72JfEIO/A56+rFubofZCHuf5AVkDE8MBcGCSqGSIb3DQEJFDEKHggAdABlAHMA" 266 + "dDAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNTc1NTMwMDAzMjk3MIIGHAYJKoZIhvcNA" 267 + "QcGoIIGDTCCBgkCAQAwggYCBgkqhkiG9w0BBwEwKQYKKoZIhvcNAQwBBjAbBBRZLo" 268 + "kYmrJuiANzYxRFL9HmSVKYhQIDAMNQgIIFyPEfYqIJqAd13B5D4EFLs7VrUNaWoeO" 269 + "XNRVl5da6N7gMlG5gVpPRjRUCHyaBB066ZdGEquwkidgCdIAfIolcnyGv7a7PZvZM" 270 + "bJ8AUXjkf9q7zp0Uwc0k4zQ3Nmev5QxSx+f33J+AOQT4T1CRMxwpNOwrtzRoNVZFD" 271 + "oTCnxHBdTvmbCcuMsHYZQk+vLQpud4dI1AKccExjOc86ZAne2Df37LHB/2gxElSOn" 272 + "G9VkdIlKHLPbrk4JNcNSZs3VOOi3tEwAlBx9Xllg95aH3ziBPYKgk/u6M567tEnoH" 273 + "PDiss9+WeNJP9Tgsc6WPu33GTNxtxSLx4mffR3x0upSbFvhIP4t07aCtOZVwD/Hdw" 274 + "VmptatFvVSMiQSM1vf89zjAvdK3UFXTr/jDze4tF35y/UTlor8sbINQy3dZCEpCim" 275 + "G1MfDdSG+K5BZoHTny5bG2YM8a9EHtmZfq4i3GJE85M652UVlVDgDnk+PhgyIFWuJ" 276 + "6KFgWjUWio6RRhRvcTCJbk5soV+IFa4BppNMako9W8B2UvqIIV2XrxvFEh4QFkpsW" 277 + "13qEUGp33qUkAPhuz/NJ4InVh29CGSBnoWprIL/dKwdbTGudlrjnMs6pwURmlWVcJ" 278 + "FuPJFsBpyCQEeAtKS7TXaVJOTkfHdX4tYgN5SxEA0EGoddrKgWu48Dj1u2oC7ruZ9" 279 + "6J0zznFIr4FzBobv/woWx66EnCWyQLqjSCxipYeer+7ARDmHwgyj+CvgMsfkLa1VL" 280 + "LhFDDj0Efdt9IdKj4Nnhh+r9WkNsr+HGiwSgCDn/Hk1AWSvlxxsqFrUBCi6NMSG2l" 281 + "sM4MzCTrT47dJDPS0go0jIS5E4o3Hc/GMUlhaQaQX8iYaZQk4k1/OsRDoui+FuViU" 282 + "wIVuAne6AQhgy+9KMzmcgByFxAAoo5b0fDy/PgSG+C3wSs6brFmJIOw1exUIf2E/m" 283 + "9ATce4vT3CYKLvhk6dmHDK5jSvTrBU4njGVEW8DlW+GSf8jqABDW/PcAf0Y6T0hqv" 284 + "zTuWlpxv2O3QLeVbDTrIEe1bgRz8HaaiHznXe8oUbCC1xw5FaSAjXJLX0mlKtQ48z" 285 + "xdimSM7B4Pa6iz2q0m8PRzPaad+VyqD3xp53FaR3K9vNT0PXQwJIDZzxl3gYFisbN" 286 + "1KxUDtppnkrBwQx9iPH7zQvbNTQiyoUYnF4sAkECIduh/K+ZIAM8zGJH7NTNIrkK/" 287 + "piehq5/fVAXCr/tdSWeg88gsn0HjNRChuqYz1yFBaQvgMLQ7h/C7k0GP/l2pcUxr8" 288 + "/zDkFr1FFiUN9e2E0nlCO/FUxFZ3PO25D0ZrjAN7h4WLCybClC+Fdy+RhLAtK7Vuz" 289 + "zHwBMPNMMvlreXrSv/EE/37oN5OqA8YrDlPpiDuETS6xPkwkJti/ifrwzvakhBUbB" 290 + "dVd0De2QNctDQBnCFVb1lybbUtSF1Ol5Klcjt7UhFyq0ZkoVXhP2YqEJ7yLOaIKCk" 291 + "AdjOwCtb01L83/LhounfQLxIG8S2SQwMyxYua6k9BpQLJA36y2uu4+3OZIO4JRura" 292 + "drfjN6hGkGam8EvxM8UwrC//TDOHJUEy3IgNV4B4EJWs9lFTL9PO+kBlRFSeL5Son" 293 + "jLB/qZC+i8ssJ8oFkIrl+X7rRcooosbVaNvFIR2FpGCdx8bGoFV6pkfwpJ0hO4dOP" 294 + "nzFm24vBa6UrftojK/z234/h3W0yZScR5CvoSoU+tn1+3G3Q6a4+hdMwF6WjyO3Ne" 295 + "xfMRSvMkAqOqHiptdnz7QDQ7LgGIF6igtGEIpKo4urPAg+RnwqKG6NIYOA32QmU35" 296 + "B4+EJhhYZNINZm0NR5ZM0t9BpUiv6DGl8yZiRX1x4Nu35CLlAT8hWSqgMpb8mw5SQ" 297 + "rQ4dNggVaJ9lO1j1G4hV6umuyX6L1wtOyeQ9aNg3hIZGLPe4pkzahqI2KKlPWpksm" 298 + "MJVIi5WmlvEmFC/UkkUUICjo3KzKPHq7bYmdmDDNLwf9jOeAfq/UNxu4nO8wPjAhM" 299 + "AkGBSsOAwIaBQAEFJrJtKCo0WZ7ewFOiudk30HHA6e0BBRXe6IQoFcDFIzKAyXokh" 300 + "y3daZV4AIDAYag"; 301 } 302