Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
 Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/javax/net/ssl/SSLEngine/NoAuthClientAuth.java
38853 views
1
/*

2
 * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
//

25
// SunJSSE does not support dynamic system properties, no way to re-use

26
// system properties in samevm/agentvm mode.

27
//

28


29
/*

30
 * @test

31
 * @bug 4495742

32
 * @summary Demonstrate SSLEngine switch from no client auth to client auth.

33
 * @run main/othervm NoAuthClientAuth SSLv3

34
 * @run main/othervm NoAuthClientAuth TLSv1

35
 * @run main/othervm NoAuthClientAuth TLSv1.1

36
 * @run main/othervm NoAuthClientAuth TLSv1.2

37
 * @author Brad R. Wetmore

38
 */

39


40
/**

41
 * A SSLEngine usage example which simplifies the presentation

42
 * by removing the I/O and multi-threading concerns.

43
 *

44
 * The test creates two SSLEngines, simulating a client and server.

45
 * The "transport" layer consists two byte buffers:  think of them

46
 * as directly connected pipes.

47
 *

48
 * Note, this is a *very* simple example: real code will be much more

49
 * involved.  For example, different threading and I/O models could be

50
 * used, transport mechanisms could close unexpectedly, and so on.

51
 *

52
 * When this application runs, notice that several messages

53
 * (wrap/unwrap) pass before any application data is consumed or

54
 * produced.  (For more information, please see the SSL/TLS

55
 * specifications.)  There may several steps for a successful handshake,

56
 * so it's typical to see the following series of operations:

57
 *

58
 *      client          server          message

59
 *      ======          ======          =======

60
 *      wrap()          ...             ClientHello

61
 *      ...             unwrap()        ClientHello

62
 *      ...             wrap()          ServerHello/Certificate

63
 *      unwrap()        ...             ServerHello/Certificate

64
 *      wrap()          ...             ClientKeyExchange

65
 *      wrap()          ...             ChangeCipherSpec

66
 *      wrap()          ...             Finished

67
 *      ...             unwrap()        ClientKeyExchange

68
 *      ...             unwrap()        ChangeCipherSpec

69
 *      ...             unwrap()        Finished

70
 *      ...             wrap()          ChangeCipherSpec

71
 *      ...             wrap()          Finished

72
 *      unwrap()        ...             ChangeCipherSpec

73
 *      unwrap()        ...             Finished

74
 *

75
 * In this example, we do a rehandshake and make sure that completes

76
 * correctly.

77
 */

78


79
import javax.net.ssl.*;

80
import javax.net.ssl.SSLEngineResult.*;

81
import java.io.*;

82
import java.security.*;

83
import java.nio.*;

84


85
// Note that this test case depends on JSSE provider implementation details.

86
public class NoAuthClientAuth {

87


88
    /*

89
     * Enables logging of the SSLEngine operations.

90
     */

91
    private static boolean logging = true;

92


93
    /*

94
     * Enables the JSSE system debugging system property:

95
     *

96
     *     -Djavax.net.debug=all

97
     *

98
     * This gives a lot of low-level information about operations underway,

99
     * including specific handshake messages, and might be best examined

100
     * after gaining some familiarity with this application.

101
     */

102
    private static boolean debug = true;

103


104
    private SSLContext sslc;

105


106
    private SSLEngine clientEngine;     // client Engine

107
    private ByteBuffer clientOut;       // write side of clientEngine

108
    private ByteBuffer clientIn;        // read side of clientEngine

109


110
    private SSLEngine serverEngine;     // server Engine

111
    private ByteBuffer serverOut;       // write side of serverEngine

112
    private ByteBuffer serverIn;        // read side of serverEngine

113


114
    /*

115
     * For data transport, this example uses local ByteBuffers.  This

116
     * isn't really useful, but the purpose of this example is to show

117
     * SSLEngine concepts, not how to do network transport.

118
     */

119
    private ByteBuffer cTOs;            // "reliable" transport client->server

120
    private ByteBuffer sTOc;            // "reliable" transport server->client

121


122
    /*

123
     * The following is to set up the keystores.

124
     */

125
    private static String pathToStores = "../etc";

126
    private static String keyStoreFile = "keystore";

127
    private static String trustStoreFile = "truststore";

128
    private static String passwd = "passphrase";

129


130
    private static String keyFilename =

131
            System.getProperty("test.src", ".") + "/" + pathToStores +

132
                "/" + keyStoreFile;

133
    private static String trustFilename =

134
            System.getProperty("test.src", ".") + "/" + pathToStores +

135
                "/" + trustStoreFile;

136
    // the specified protocol

137
    private static String tlsProtocol;

138


139
    /*

140
     * Main entry point for this test.

141
     */

142
    public static void main(String args[]) throws Exception {

143
        Security.setProperty("jdk.tls.disabledAlgorithms", "");

144


145
        if (debug) {

146
            System.setProperty("javax.net.debug", "all");

147
        }

148


149
        tlsProtocol = args[0];

150


151
        NoAuthClientAuth test = new NoAuthClientAuth();

152
        test.runTest();

153


154
        System.out.println("Test Passed.");

155
    }

156


157
    /*

158
     * Create an initialized SSLContext to use for these tests.

159
     */

160
    public NoAuthClientAuth() throws Exception {

161


162
        KeyStore ks = KeyStore.getInstance("JKS");

163
        KeyStore ts = KeyStore.getInstance("JKS");

164


165
        char[] passphrase = "passphrase".toCharArray();

166


167
        ks.load(new FileInputStream(keyFilename), passphrase);

168
        ts.load(new FileInputStream(trustFilename), passphrase);

169


170
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

171
        kmf.init(ks, passphrase);

172


173
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");

174
        tmf.init(ts);

175


176
        SSLContext sslCtx = SSLContext.getInstance("TLS");

177


178
        sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

179


180
        sslc = sslCtx;

181
    }

182


183
    /*

184
     * Run the test.

185
     *

186
     * Sit in a tight loop, both engines calling wrap/unwrap regardless

187
     * of whether data is available or not.  We do this until both engines

188
     * report back they are closed.

189
     *

190
     * The main loop handles all of the I/O phases of the SSLEngine's

191
     * lifetime:

192
     *

193
     *     initial handshaking

194
     *     application data transfer

195
     *     engine closing

196
     *

197
     * One could easily separate these phases into separate

198
     * sections of code.

199
     */

200
    private void runTest() throws Exception {

201


202
        createSSLEngines();

203
        createBuffers();

204


205
        SSLEngineResult clientResult;   // results from client's last operation

206
        SSLEngineResult serverResult;   // results from server's last operation

207


208
        /*

209
         * Examining the SSLEngineResults could be much more involved,

210
         * and may alter the overall flow of the application.

211
         *

212
         * For example, if we received a BUFFER_OVERFLOW when trying

213
         * to write to the output pipe, we could reallocate a larger

214
         * pipe, but instead we wait for the peer to drain it.

215
         */

216
        int hsCompleted = 0;

217
        while (!isEngineClosed(clientEngine) ||

218
                !isEngineClosed(serverEngine)) {

219


220
            log("================");

221


222
            clientResult = clientEngine.wrap(clientOut, cTOs);

223
            log("client wrap: ", clientResult);

224
            runDelegatedTasks(clientResult, clientEngine);

225
            clientOut.rewind();

226


227
            serverResult = serverEngine.wrap(serverOut, sTOc);

228
            log("server wrap: ", serverResult);

229
            runDelegatedTasks(serverResult, serverEngine);

230
            serverOut.rewind();

231


232
            // Jeanfrancois:

233
            // Here is the main rehandshaking step.

234
            if (serverResult.getHandshakeStatus() ==

235
                    HandshakeStatus.FINISHED) {

236
                hsCompleted++;

237
                log("\t" + hsCompleted + " handshake completed");

238
                if (hsCompleted == 1) {

239
                    try {

240
                        serverEngine.getSession().getPeerCertificates();

241
                        throw new Exception("Should have got exception");

242
                    } catch (SSLPeerUnverifiedException e) {

243
                        System.out.println("Caught proper exception." + e);

244
                    }

245
                    log("\tInvalidating session, setting client auth, " +

246
                        " starting rehandshake");

247
                    serverEngine.getSession().invalidate();

248
                    serverEngine.setNeedClientAuth(true);

249
                    serverEngine.beginHandshake();

250
                } else if (hsCompleted == 2) {

251
                    java.security.cert.Certificate [] certs =

252
                        serverEngine.getSession().getPeerCertificates();

253
                    System.out.println("Client Certificate(s) received");

254
                    for (java.security.cert.Certificate c : certs) {

255
                        System.out.println(c);

256
                    }

257
//                    log("Closing server.");

258
//                    serverEngine.closeOutbound();

259
                } // nothing.

260
            }

261


262
            cTOs.flip();

263
            sTOc.flip();

264


265
            log("----");

266


267
            if (!clientEngine.isInboundDone()) {

268
                clientResult = clientEngine.unwrap(sTOc, clientIn);

269
                log("client unwrap: ", clientResult);

270
                runDelegatedTasks(clientResult, clientEngine);

271
                clientIn.clear();

272
                sTOc.compact();

273
            } else {

274
                sTOc.clear();

275
            }

276


277
            if (!serverEngine.isInboundDone()) {

278
                serverResult = serverEngine.unwrap(cTOs, serverIn);

279
                log("server unwrap: ", serverResult);

280
                runDelegatedTasks(serverResult, serverEngine);

281
                serverIn.clear();

282
                cTOs.compact();

283
            } else {

284
                cTOs.clear();

285
            }

286


287
            if (hsCompleted == 2) {

288
                  log("Closing server.");

289
                  serverEngine.closeOutbound();

290
            }

291
        }

292
    }

293


294
    /*

295
     * Using the SSLContext created during object creation,

296
     * create/configure the SSLEngines we'll use for this test.

297
     */

298
    private void createSSLEngines() throws Exception {

299
        /*

300
         * Configure the serverEngine to act as a server in the SSL/TLS

301
         * handshake.  Also, require SSL client authentication.

302
         */

303
        serverEngine = sslc.createSSLEngine();

304
        serverEngine.setUseClientMode(false);

305
        serverEngine.setNeedClientAuth(false);

306


307
        /*

308
         * Similar to above, but using client mode instead.

309
         */

310
        clientEngine = sslc.createSSLEngine("client", 80);

311
        clientEngine.setUseClientMode(true);

312
        clientEngine.setEnabledProtocols(new String[] { tlsProtocol });

313
    }

314


315
    /*

316
     * Create and size the buffers appropriately.

317
     */

318
    private void createBuffers() {

319


320
        /*

321
         * We'll assume the buffer sizes are the same

322
         * between client and server.

323
         */

324
        SSLSession session = clientEngine.getSession();

325
        int appBufferMax = session.getApplicationBufferSize();

326
        int netBufferMax = session.getPacketBufferSize();

327


328
        /*

329
         * We'll make the input buffers a bit bigger than the max needed

330
         * size, so that unwrap()s following a successful data transfer

331
         * won't generate BUFFER_OVERFLOWS.

332
         *

333
         * We'll use a mix of direct and indirect ByteBuffers for

334
         * tutorial purposes only.  In reality, only use direct

335
         * ByteBuffers when they give a clear performance enhancement.

336
         */

337
        clientIn = ByteBuffer.allocate(appBufferMax + 50);

338
        serverIn = ByteBuffer.allocate(appBufferMax + 50);

339


340
        cTOs = ByteBuffer.allocateDirect(netBufferMax);

341
        sTOc = ByteBuffer.allocateDirect(netBufferMax);

342


343
        clientOut = ByteBuffer.wrap("Hi Server, I'm Client".getBytes());

344
        serverOut = ByteBuffer.wrap("Hello Client, I'm Server".getBytes());

345
    }

346


347
    /*

348
     * If the result indicates that we have outstanding tasks to do,

349
     * go ahead and run them in this thread.

350
     */

351
    private static void runDelegatedTasks(SSLEngineResult result,

352
            SSLEngine engine) throws Exception {

353


354
        if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {

355
            Runnable runnable;

356
            while ((runnable = engine.getDelegatedTask()) != null) {

357
                log("\trunning delegated task...");

358
                runnable.run();

359
            }

360
            HandshakeStatus hsStatus = engine.getHandshakeStatus();

361
            if (hsStatus == HandshakeStatus.NEED_TASK) {

362
                throw new Exception(

363
                    "handshake shouldn't need additional tasks");

364
            }

365
            log("\tnew HandshakeStatus: " + hsStatus);

366
        }

367
    }

368


369
    private static boolean isEngineClosed(SSLEngine engine) {

370
        return (engine.isOutboundDone() && engine.isInboundDone());

371
    }

372


373
    /*

374
     * Simple check to make sure everything came across as expected.

375
     */

376
    private static void checkTransfer(ByteBuffer a, ByteBuffer b)

377
            throws Exception {

378
        a.flip();

379
        b.flip();

380


381
        if (!a.equals(b)) {

382
            throw new Exception("Data didn't transfer cleanly");

383
        } else {

384
            log("\tData transferred cleanly");

385
        }

386


387
        a.position(a.limit());

388
        b.position(b.limit());

389
        a.limit(a.capacity());

390
        b.limit(b.capacity());

391
    }

392


393
    /*

394
     * Logging code

395
     */

396
    private static boolean resultOnce = true;

397


398
    private static void log(String str, SSLEngineResult result) {

399
        if (!logging) {

400
            return;

401
        }

402
        if (resultOnce) {

403
            resultOnce = false;

404
            System.out.println("The format of the SSLEngineResult is: \n" +

405
                "\t\"getStatus() / getHandshakeStatus()\" +\n" +

406
                "\t\"bytesConsumed() / bytesProduced()\"\n");

407
        }

408
        HandshakeStatus hsStatus = result.getHandshakeStatus();

409
        log(str +

410
            result.getStatus() + "/" + hsStatus + ", " +

411
            result.bytesConsumed() + "/" + result.bytesProduced() +

412
            " bytes");

413
        if (hsStatus == HandshakeStatus.FINISHED) {

414
            log("\t...ready for application data");

415
        }

416
    }

417


418
    private static void log(String str) {

419
        if (logging) {

420
            System.out.println(str);

421
        }

422
    }

423
}

424


425