1 /* 2 * Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 /* 27 * @test 28 * @bug 4873188 29 * @summary Support TLS 1.1 30 * @library /lib/security 31 * @run main/othervm GenericBlockCipher 32 * 33 * SunJSSE does not support dynamic system properties, no way to re-use 34 * system properties in samevm/agentvm mode. 35 * 36 * @author Xuelei Fan 37 */ 38 39 import java.io.*; 40 import java.net.*; 41 import javax.net.ssl.*; 42 43 public class GenericBlockCipher { 44 45 /* 46 * ============================================================= 47 * Set the various variables needed for the tests, then 48 * specify what tests to run on each side. 49 */ 50 51 /* 52 * Should we run the client or server in a separate thread? 53 * Both sides can throw exceptions, but do you have a preference 54 * as to which side should be the main thread. 55 */ 56 static boolean separateServerThread = false; 57 58 /* 59 * Where do we find the keystores? 60 */ 61 static String pathToStores = "../etc"; 62 static String keyStoreFile = "keystore"; 63 static String trustStoreFile = "truststore"; 64 static String passwd = "passphrase"; 65 66 /* 67 * Is the server ready to serve? 68 */ 69 volatile static boolean serverReady = false; 70 71 /* 72 * Turn on SSL debugging? 73 */ 74 static boolean debug = false; 75 76 /* 77 * If the client or server is doing some kind of object creation 78 * that the other side depends on, and that thread prematurely 79 * exits, you may experience a hang. The test harness will 80 * terminate all hung threads after its timeout has expired, 81 * currently 3 minutes by default, but you might try to be 82 * smart about it.... 83 */ 84 85 /* 86 * Define the server side of the test. 87 * 88 * If the server prematurely exits, serverReady will be set to true 89 * to avoid infinite hangs. 90 */ doServerSide()91 void doServerSide() throws Exception { 92 SSLServerSocketFactory sslssf = 93 (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); 94 SSLServerSocket sslServerSocket = 95 (SSLServerSocket) sslssf.createServerSocket(serverPort); 96 97 serverPort = sslServerSocket.getLocalPort(); 98 99 /* 100 * Signal Client, we're ready for his connect. 101 */ 102 serverReady = true; 103 104 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); 105 InputStream sslIS = sslSocket.getInputStream(); 106 OutputStream sslOS = sslSocket.getOutputStream(); 107 108 sslIS.read(); 109 sslOS.write('A'); 110 sslOS.flush(); 111 112 sslSocket.close(); 113 } 114 115 /* 116 * Define the client side of the test. 117 * 118 * If the server prematurely exits, serverReady will be set to true 119 * to avoid infinite hangs. 120 */ doClientSide()121 void doClientSide() throws Exception { 122 123 /* 124 * Wait for server to get started. 125 */ 126 while (!serverReady) { 127 Thread.sleep(50); 128 } 129 130 SSLSocketFactory sslsf = 131 (SSLSocketFactory) SSLSocketFactory.getDefault(); 132 SSLSocket sslSocket = (SSLSocket) 133 sslsf.createSocket("localhost", serverPort); 134 135 // enable TLSv1.1 only 136 sslSocket.setEnabledProtocols(new String[] {"TLSv1.1"}); 137 138 // enable a block cipher 139 sslSocket.setEnabledCipherSuites( 140 new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"}); 141 142 InputStream sslIS = sslSocket.getInputStream(); 143 OutputStream sslOS = sslSocket.getOutputStream(); 144 145 sslOS.write('B'); 146 sslOS.flush(); 147 sslIS.read(); 148 149 sslSocket.close(); 150 } 151 152 /* 153 * ============================================================= 154 * The remainder is just support stuff 155 */ 156 157 // use any free port by default 158 volatile int serverPort = 0; 159 160 volatile Exception serverException = null; 161 volatile Exception clientException = null; 162 main(String[] args)163 public static void main(String[] args) throws Exception { 164 // Re-enable TLSv1.1 since test depends on it. 165 SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); 166 167 String keyFilename = 168 System.getProperty("test.src", ".") + "/" + pathToStores + 169 "/" + keyStoreFile; 170 String trustFilename = 171 System.getProperty("test.src", ".") + "/" + pathToStores + 172 "/" + trustStoreFile; 173 174 System.setProperty("javax.net.ssl.keyStore", keyFilename); 175 System.setProperty("javax.net.ssl.keyStorePassword", passwd); 176 System.setProperty("javax.net.ssl.trustStore", trustFilename); 177 System.setProperty("javax.net.ssl.trustStorePassword", passwd); 178 179 if (debug) 180 System.setProperty("javax.net.debug", "all"); 181 182 /* 183 * Start the tests. 184 */ 185 new GenericBlockCipher(); 186 } 187 188 Thread clientThread = null; 189 Thread serverThread = null; 190 191 /* 192 * Primary constructor, used to drive remainder of the test. 193 * 194 * Fork off the other side, then do your work. 195 */ GenericBlockCipher()196 GenericBlockCipher() throws Exception { 197 try { 198 if (separateServerThread) { 199 startServer(true); 200 startClient(false); 201 } else { 202 startClient(true); 203 startServer(false); 204 } 205 } catch (Exception e) { 206 // swallow for now. Show later 207 } 208 209 /* 210 * Wait for other side to close down. 211 */ 212 if (separateServerThread) { 213 serverThread.join(); 214 } else { 215 clientThread.join(); 216 } 217 218 /* 219 * When we get here, the test is pretty much over. 220 * Which side threw the error? 221 */ 222 Exception local; 223 Exception remote; 224 String whichRemote; 225 226 if (separateServerThread) { 227 remote = serverException; 228 local = clientException; 229 whichRemote = "server"; 230 } else { 231 remote = clientException; 232 local = serverException; 233 whichRemote = "client"; 234 } 235 236 /* 237 * If both failed, return the curthread's exception, but also 238 * print the remote side Exception 239 */ 240 if ((local != null) && (remote != null)) { 241 System.out.println(whichRemote + " also threw:"); 242 remote.printStackTrace(); 243 System.out.println(); 244 throw local; 245 } 246 247 if (remote != null) { 248 throw remote; 249 } 250 251 if (local != null) { 252 throw local; 253 } 254 } 255 startServer(boolean newThread)256 void startServer(boolean newThread) throws Exception { 257 if (newThread) { 258 serverThread = new Thread() { 259 public void run() { 260 try { 261 doServerSide(); 262 } catch (Exception e) { 263 /* 264 * Our server thread just died. 265 * 266 * Release the client, if not active already... 267 */ 268 System.err.println("Server died..."); 269 serverReady = true; 270 serverException = e; 271 } 272 } 273 }; 274 serverThread.start(); 275 } else { 276 try { 277 doServerSide(); 278 } catch (Exception e) { 279 serverException = e; 280 } finally { 281 serverReady = true; 282 } 283 } 284 } 285 startClient(boolean newThread)286 void startClient(boolean newThread) throws Exception { 287 if (newThread) { 288 clientThread = new Thread() { 289 public void run() { 290 try { 291 doClientSide(); 292 } catch (Exception e) { 293 /* 294 * Our client thread just died. 295 */ 296 System.err.println("Client died..."); 297 clientException = e; 298 } 299 } 300 }; 301 clientThread.start(); 302 } else { 303 try { 304 doClientSide(); 305 } catch (Exception e) { 306 clientException = e; 307 } 308 } 309 } 310 } 311