1 /* 2 * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.nio.ByteBuffer; 25 import java.security.cert.CertificateException; 26 import java.security.cert.X509Certificate; 27 28 import javax.net.ssl.SSLContext; 29 import javax.net.ssl.SSLEngine; 30 import javax.net.ssl.SSLEngineResult; 31 import javax.net.ssl.SSLException; 32 import javax.net.ssl.SSLHandshakeException; 33 import javax.net.ssl.SSLParameters; 34 import javax.net.ssl.TrustManager; 35 import javax.net.ssl.X509TrustManager; 36 37 import jdk.test.lib.security.KeyStoreUtils; 38 import jdk.test.lib.security.SecurityUtils; 39 import jdk.test.lib.security.SSLContextBuilder; 40 41 /* 42 * @test 43 * @bug 8211339 8234728 44 * @summary Verify hostname returns an exception instead of null pointer when 45 * creating a new engine 46 * @library /test/lib 47 * @run main/othervm NullHostnameCheck TLSv1 48 * @run main/othervm NullHostnameCheck TLSv1.1 49 * @run main/othervm NullHostnameCheck TLSv1.2 50 * @run main/othervm NullHostnameCheck TLSv1.3 51 */ 52 53 54 public final class NullHostnameCheck { 55 main(String[] args)56 public static void main(String[] args) throws Exception { 57 String protocol = args[0]; 58 String password = "123456"; 59 60 // Re-enable TLSv1 or TLSv1.1 when test depends on it. 61 if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) { 62 SecurityUtils.removeFromDisabledTlsAlgs(protocol); 63 } 64 65 SSLContext serverCtx = SSLContextBuilder.builder() 66 .keyStore(KeyStoreUtils.loadKeyStoreBase64( 67 keystoreB64, password)) 68 .kmfPassphrase(password) 69 .protocol(protocol) 70 .build(); 71 SSLEngine serverEngine = serverCtx.createSSLEngine("localhost", -1); 72 serverEngine.setUseClientMode(false); 73 74 SSLContext clientCtx = SSLContext.getInstance(protocol); 75 clientCtx.init(null, new TrustManager[] { 76 new X509TrustManager() { 77 @Override 78 public void checkClientTrusted( 79 X509Certificate[] x509Certificates, String s) { 80 } 81 82 @Override 83 public void checkServerTrusted( 84 X509Certificate[] x509Certificates, String s) { 85 } 86 87 @Override 88 public X509Certificate[] getAcceptedIssuers() { 89 return new X509Certificate[0]; 90 } 91 } 92 }, null); 93 94 SSLEngine clientEngine = clientCtx.createSSLEngine(); 95 clientEngine.setUseClientMode(true); 96 97 SSLParameters sslParameters = clientEngine.getSSLParameters(); 98 sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); 99 clientEngine.setSSLParameters(sslParameters); 100 try { 101 handshake(clientEngine, serverEngine); 102 throw new Exception("Value was not null. Unexpected."); 103 } catch (SSLHandshakeException e) { 104 if (e.getCause() instanceof CertificateException) { 105 System.out.println("Correct Exception class thrown:\n\t" + 106 e.getMessage()); 107 return; 108 } 109 throw e; 110 } 111 } 112 handshake(SSLEngine clientEngine, SSLEngine serverEngine)113 private static void handshake(SSLEngine clientEngine, 114 SSLEngine serverEngine) throws SSLException{ 115 ByteBuffer cTOs = ByteBuffer.allocate( 116 clientEngine.getSession().getPacketBufferSize()); 117 ByteBuffer sTOc = ByteBuffer.allocate( 118 serverEngine.getSession().getPacketBufferSize()); 119 120 ByteBuffer serverAppReadBuffer = ByteBuffer.allocate( 121 serverEngine.getSession().getApplicationBufferSize()); 122 ByteBuffer clientAppReadBuffer = ByteBuffer.allocate( 123 clientEngine.getSession().getApplicationBufferSize()); 124 125 clientEngine.beginHandshake(); 126 serverEngine.beginHandshake(); 127 128 ByteBuffer empty = ByteBuffer.allocate(0); 129 130 SSLEngineResult clientResult; 131 SSLEngineResult serverResult; 132 133 boolean clientHandshakeFinished = false; 134 boolean serverHandshakeFinished = false; 135 136 do { 137 if (!clientHandshakeFinished) { 138 clientResult = clientEngine.wrap(empty, cTOs); 139 runDelegatedTasks(clientResult, clientEngine); 140 141 if (isHandshakeFinished(clientResult)) { 142 clientHandshakeFinished = true; 143 } 144 } 145 146 if (!serverHandshakeFinished) { 147 serverResult = serverEngine.wrap(empty, sTOc); 148 runDelegatedTasks(serverResult, serverEngine); 149 150 if (isHandshakeFinished(serverResult)) { 151 serverHandshakeFinished = true; 152 } 153 } 154 155 cTOs.flip(); 156 sTOc.flip(); 157 158 if (!clientHandshakeFinished) { 159 clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer); 160 161 runDelegatedTasks(clientResult, clientEngine); 162 163 if (isHandshakeFinished(clientResult)) { 164 clientHandshakeFinished = true; 165 } 166 } 167 168 if (!serverHandshakeFinished) { 169 serverResult = serverEngine.unwrap(cTOs, serverAppReadBuffer); 170 runDelegatedTasks(serverResult, serverEngine); 171 172 if (isHandshakeFinished(serverResult)) { 173 serverHandshakeFinished = true; 174 } 175 } 176 177 sTOc.compact(); 178 cTOs.compact(); 179 } while (!clientHandshakeFinished || !serverHandshakeFinished); 180 } 181 isHandshakeFinished(SSLEngineResult result)182 private static boolean isHandshakeFinished(SSLEngineResult result) { 183 return result.getHandshakeStatus() == 184 SSLEngineResult.HandshakeStatus.FINISHED; 185 } 186 runDelegatedTasks(SSLEngineResult result, SSLEngine engine)187 private static void runDelegatedTasks(SSLEngineResult result, 188 SSLEngine engine) { 189 if (result.getHandshakeStatus() == 190 SSLEngineResult.HandshakeStatus.NEED_TASK) { 191 for (;;) { 192 Runnable task = engine.getDelegatedTask(); 193 if (task == null) { 194 break; 195 } 196 task.run(); 197 } 198 } 199 } 200 201 // Base64 of PKCS12 Keystore 202 /* 203 * Certificate 204 * "signature algorithm": "SHA384withRSA", 205 * "issuer" : "CN=test, OU=test, O=test, L=test, ST=test, C=test", 206 * "not before" : "2019-12-05 12:43:23.000 IST", 207 * "not after" : "2049-11-27 12:43:23.000 IST", 208 * "subject" : "CN=test, OU=test, O=test, L=test, ST=test, C=test", 209 * "subject public key" : "RSA", 210 */ 211 static final String keystoreB64 = 212 "MIIQZwIBAzCCECAGCSqGSIb3DQEHAaCCEBEEghANMIIQCTCCCeUGCSqGSIb3DQEHA" 213 + "aCCCdYEggnSMIIJzjCCCcoGCyqGSIb3DQEMCgECoIIJezCCCXcwKQYKKoZIhvcNAQ" 214 + "wBAzAbBBSaZBiYmowTxFT4KJxZhMHTVOC9OQIDAMNQBIIJSBnoVGtJKPsoiSU095y" 215 + "50x27NJQd727oJwMXqA8kdxCcE1tBowtO8P44ctSEvwJQlB7dR9PxHB6LcfCdMfpa" 216 + "GObVCH1/6jHzhRolI9JMAfXlvliAHKZSjuQd2USw1Y65/+0VYvKslXGU4hWhGQWh2" 217 + "ksUCBIIcC2A3sA3afF/JPrlfLCEbzYpcfAsv+Z7wEEr6YD11HIHfbOgu2/HU6phL2" 218 + "RMJDK9iLgP9mu6FzRFk+93BSguWXfbeJyPlzA8dcTzkXDyfVDx4Wd+UExWq0fx179" 219 + "b74MWkwEk76TowEkcGkrnugwOKnqBmyvmBkbl1827+ChZprZ3zGw69IkuRsdDSYGb" 220 + "IWVAB/psB0zX3TvsKHcraZm34oNJdSNpYrS0OWA8lSm5NdcfTzi6WLxWwxz55PvZg" 221 + "OP3pVyXmtAalyBujs6AOsLkJIMLGvWAYeD+72ook8fqpW7s5e/HA7MshXrlMMflpD" 222 + "m708kK5VnfdgzQsAGr6YfOYOKnyhoqskmzDYccuSz59owKiuGMgHpum0zVE8yyVwb" 223 + "esXfP3v7eiPuGvsxzq5DE6jaY4F+GoxdLbL4jDWocnWiZewnuYxQwd1vKIKTww/TG" 224 + "8RObPUEB38+/LNpgb7+5Oap45rujygiPFWD9+mTzKkLGkM6ItRo4qOwtKAqbjPIVk" 225 + "MDCovcr2TCrZfE8ZbQnU/q2LR5eC6ZpOMFNRZggm92n0+FmDuEKjR7lu2mQF4IDan" 226 + "SiYgS1+nBhfG9pcNP3yCpwoBHIImtZX5GObKqgvMqQ746KXhv40xwnNqXGypBNKYN" 227 + "jRJQmG2/m++2A6DUo+xCTNbD7g0pQbNOjKsGVMXUBTyDiyGqSUHH2EDxe37wcPVih" 228 + "ezcv5L1X48y3tSVD9czhjCDJ54sd0B3+LoEXs5/0xYmMvQ74zUx6iwE87FZ/duMbs" 229 + "N3dDWvIgqgjaoGnfRLy4lRRxYhn2/r1lesQtzNlZ3YkHZKmpgQkLm+yChFqxi7qm+" 230 + "ec/y+GSTm+ascK1ju1NG3f/SUdl7KqZ/J7DnDfQwyg7jiY+QOcr7UNRSeddQozxu7" 231 + "j07y/wiGX4z3+JSGBlnlWtOyLo5YERbheVHh1LfCSM4KQDcjxUnIlmsCqILwDYbVm" 232 + "aNJ3crkU22I5IVFcoF30v7gvMj4VFXcBYPCSJrkqNIIgZs6YPYwht3akquIz2ovXV" 233 + "CqD3TH527dBRAgpeZNs3/L8xCaYiHNUKXv9CRaHVQMTKk9zi3CTJoKo5TCsWR8l9h" 234 + "cJpcQnmNs5Jv9Jnq/zoet230r3iHkiGNAoXTlekqSER7vBVLHwPY7rogXP6WyAi67" 235 + "AYK/B5iVQcplEHs3n+MeZJgj9C7S0Zslxmym0mWw7l+4YjvyX+RGJVUvk+3TkWO8E" 236 + "WHKOX1+hQH9RBbcNqH4FeRZrh3P8wZQDMFfcr3vD0tLAnuqdMy+qAPA+kKWpu5K0D" 237 + "0W/ifEizq4Zf8VyzYU6UZaAQbloJadSkruXIwvUpHBZ+M8MHQ2AmRNd0vwyTBlhOI" 238 + "CzWU5E5OXtW/f5jA/ugl7PSqjwe5IYTsZaYstKqqZJMIPTzB/IxPtzVyoN15fG9GR" 239 + "kk43U6HPS9SdeVTGVmNLn6SM8keLo1yUh5BZ0J0b+K/7C1GfJeNxcv0lGpkrh5wWc" 240 + "ABzJ86+3daky6+aR6ldY2CF7mr/dcc3MnjgDNnx86wYIysC3HOkhgyIXD28+O1aTY" 241 + "oAvlmidNC9wb2/JJk7cHQatL02LG4/ql5GQ+dS1wOU7S1MVVGYDlZ7uiFmKPqC1Tv" 242 + "qVxQnBqPnggKSLWucVKFcjsvXKasMvRl99f4Y7qRAjgM6EHa7rNyWIflRe6ZLNBlj" 243 + "16mW293a4FL1jTosNlZoCN8xb1zDdb/NCISqkX6/sq7wDOn4t+m+78ckof4GNmTOM" 244 + "WSaRDJIuLM9c1stLHpcyif37oZum86FnB9Zw9qlQGdgLYnRPeZXV1rZuC1L9fugCN" 245 + "M4WcUQ20fmPOgyO4RGLsxCbZZJBJj0y7CAMthepMnzaEO9Z2O9BFaM4zpL2ng7GvO" 246 + "a26DQiHO5RFVjUpslUdmPuX7U5xkRfjJ025pqTvHVLfzWmsU53ZbkgiJ/0xxa1Emd" 247 + "5y0X2keTVfm7q5duNVVN1A6r50++RANI7NJaSLFTMm8Y5P79g4o7UmtCLSesUdTsF" 248 + "8swVR5slE3O7ErNr3drLfYVEF9FaB7vcuMDqxCNuahX8TCMJg0vqpO8+EXRNkieb9" 249 + "KSgcLD5WRjzGm7e/B5uACxWc50iY6lYvIVW5Itot95OHWZ5xdq3a3fIIb4MDQ2/nx" 250 + "lozhRHaHTBI9GAwy1/XcDJWMr+tI9rLGCB7hX8dVqNtYO93/oF3gvBiiNSw5qmUQ2" 251 + "qxepZEih5KfhHAVq44RbQMiBA5E2bVBisuNTPUAaA/Fzzsvky8vBq/M5usy8+RXj6" 252 + "m+mSZCUPpSTTunIUnu0bRLb2inccthEielCThk1FLKQCLSpsAo1h7kzuNJIeeJSCM" 253 + "cWXpZEURziXwE5KCl3jcY+dOLLMEI05F/UyRwZ/k1a2qW78Bc3DivIh2w/4ZBAS9q" 254 + "hERIY52y8VcnJ/+/7u45bnpIjkJShZTM1qmzgDCHQa/G5OpnqtI2nDPSNzOpTWA47" 255 + "6+AH0ZQoUKxHt6MJP3QLpnrw6xPSE2gR19KRvFZr0NtGJ+SPy418eFYMtJgPvOyI4" 256 + "XwYYCLrmMCkSGrqfbhwKK6rgYMVDg0fsBT1OAZGKD8QM51hXFt8p0HQS0UuddwCTA" 257 + "/KwyIt6Iw7Leb70yoTEJz3CVU4X4faohXV48gNtZhquawRDvqyBSFS5F8M4s/pJZK" 258 + "C5UY3MXifF1+LhSXjdQK7RwNs9XcCbIy+6Fi2wAKDX9MasXnzfzFVuQq1XtMoPVVS" 259 + "9gSqWXGbYuadDIto3gGIKUt3BT9nj/B0J/ENqlSsGsT0+fiya+p5thXOkI8r7X82P" 260 + "SxV0048QnP7cbuDG97AjOOAcEMsBdCrF3jWGYNd1nK7eKQ8DCrXEKoQhY0IY2sHpU" 261 + "5Cu24KW9M1RwIb/XtOEBun89edaKhfk1uDLlvgQ4huYDmfcu4Ebh6DRbHzwSNMK17" 262 + "qDgp8/mbAui0ATZBW7bTQNw3WMS0ltbdCj0ki28Udg1udYY6r6wwWkXE/mccgbXz0" 263 + "L3g72JfEIO/A56+rFubofZCHuf5AVkDE8MBcGCSqGSIb3DQEJFDEKHggAdABlAHMA" 264 + "dDAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNTc1NTMwMDAzMjk3MIIGHAYJKoZIhvcNA" 265 + "QcGoIIGDTCCBgkCAQAwggYCBgkqhkiG9w0BBwEwKQYKKoZIhvcNAQwBBjAbBBRZLo" 266 + "kYmrJuiANzYxRFL9HmSVKYhQIDAMNQgIIFyPEfYqIJqAd13B5D4EFLs7VrUNaWoeO" 267 + "XNRVl5da6N7gMlG5gVpPRjRUCHyaBB066ZdGEquwkidgCdIAfIolcnyGv7a7PZvZM" 268 + "bJ8AUXjkf9q7zp0Uwc0k4zQ3Nmev5QxSx+f33J+AOQT4T1CRMxwpNOwrtzRoNVZFD" 269 + "oTCnxHBdTvmbCcuMsHYZQk+vLQpud4dI1AKccExjOc86ZAne2Df37LHB/2gxElSOn" 270 + "G9VkdIlKHLPbrk4JNcNSZs3VOOi3tEwAlBx9Xllg95aH3ziBPYKgk/u6M567tEnoH" 271 + "PDiss9+WeNJP9Tgsc6WPu33GTNxtxSLx4mffR3x0upSbFvhIP4t07aCtOZVwD/Hdw" 272 + "VmptatFvVSMiQSM1vf89zjAvdK3UFXTr/jDze4tF35y/UTlor8sbINQy3dZCEpCim" 273 + "G1MfDdSG+K5BZoHTny5bG2YM8a9EHtmZfq4i3GJE85M652UVlVDgDnk+PhgyIFWuJ" 274 + "6KFgWjUWio6RRhRvcTCJbk5soV+IFa4BppNMako9W8B2UvqIIV2XrxvFEh4QFkpsW" 275 + "13qEUGp33qUkAPhuz/NJ4InVh29CGSBnoWprIL/dKwdbTGudlrjnMs6pwURmlWVcJ" 276 + "FuPJFsBpyCQEeAtKS7TXaVJOTkfHdX4tYgN5SxEA0EGoddrKgWu48Dj1u2oC7ruZ9" 277 + "6J0zznFIr4FzBobv/woWx66EnCWyQLqjSCxipYeer+7ARDmHwgyj+CvgMsfkLa1VL" 278 + "LhFDDj0Efdt9IdKj4Nnhh+r9WkNsr+HGiwSgCDn/Hk1AWSvlxxsqFrUBCi6NMSG2l" 279 + "sM4MzCTrT47dJDPS0go0jIS5E4o3Hc/GMUlhaQaQX8iYaZQk4k1/OsRDoui+FuViU" 280 + "wIVuAne6AQhgy+9KMzmcgByFxAAoo5b0fDy/PgSG+C3wSs6brFmJIOw1exUIf2E/m" 281 + "9ATce4vT3CYKLvhk6dmHDK5jSvTrBU4njGVEW8DlW+GSf8jqABDW/PcAf0Y6T0hqv" 282 + "zTuWlpxv2O3QLeVbDTrIEe1bgRz8HaaiHznXe8oUbCC1xw5FaSAjXJLX0mlKtQ48z" 283 + "xdimSM7B4Pa6iz2q0m8PRzPaad+VyqD3xp53FaR3K9vNT0PXQwJIDZzxl3gYFisbN" 284 + "1KxUDtppnkrBwQx9iPH7zQvbNTQiyoUYnF4sAkECIduh/K+ZIAM8zGJH7NTNIrkK/" 285 + "piehq5/fVAXCr/tdSWeg88gsn0HjNRChuqYz1yFBaQvgMLQ7h/C7k0GP/l2pcUxr8" 286 + "/zDkFr1FFiUN9e2E0nlCO/FUxFZ3PO25D0ZrjAN7h4WLCybClC+Fdy+RhLAtK7Vuz" 287 + "zHwBMPNMMvlreXrSv/EE/37oN5OqA8YrDlPpiDuETS6xPkwkJti/ifrwzvakhBUbB" 288 + "dVd0De2QNctDQBnCFVb1lybbUtSF1Ol5Klcjt7UhFyq0ZkoVXhP2YqEJ7yLOaIKCk" 289 + "AdjOwCtb01L83/LhounfQLxIG8S2SQwMyxYua6k9BpQLJA36y2uu4+3OZIO4JRura" 290 + "drfjN6hGkGam8EvxM8UwrC//TDOHJUEy3IgNV4B4EJWs9lFTL9PO+kBlRFSeL5Son" 291 + "jLB/qZC+i8ssJ8oFkIrl+X7rRcooosbVaNvFIR2FpGCdx8bGoFV6pkfwpJ0hO4dOP" 292 + "nzFm24vBa6UrftojK/z234/h3W0yZScR5CvoSoU+tn1+3G3Q6a4+hdMwF6WjyO3Ne" 293 + "xfMRSvMkAqOqHiptdnz7QDQ7LgGIF6igtGEIpKo4urPAg+RnwqKG6NIYOA32QmU35" 294 + "B4+EJhhYZNINZm0NR5ZM0t9BpUiv6DGl8yZiRX1x4Nu35CLlAT8hWSqgMpb8mw5SQ" 295 + "rQ4dNggVaJ9lO1j1G4hV6umuyX6L1wtOyeQ9aNg3hIZGLPe4pkzahqI2KKlPWpksm" 296 + "MJVIi5WmlvEmFC/UkkUUICjo3KzKPHq7bYmdmDDNLwf9jOeAfq/UNxu4nO8wPjAhM" 297 + "AkGBSsOAwIaBQAEFJrJtKCo0WZ7ewFOiudk30HHA6e0BBRXe6IQoFcDFIzKAyXokh" 298 + "y3daZV4AIDAYag"; 299 } 300