Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
38853 views
/*1* Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425//26// SunJSSE does not support dynamic system properties, no way to re-use27// system properties in samevm/agentvm mode.28//2930/*31* @test32* @bug 487318833* @summary Support TLS 1.134* @run main/othervm EmptyCertificateAuthorities35* @author Xuelei Fan36*/3738import java.io.*;39import java.net.*;40import java.security.*;41import java.security.cert.*;42import javax.net.ssl.*;4344public class EmptyCertificateAuthorities {4546/*47* =============================================================48* Set the various variables needed for the tests, then49* specify what tests to run on each side.50*/5152/*53* Should we run the client or server in a separate thread?54* Both sides can throw exceptions, but do you have a preference55* as to which side should be the main thread.56*/57static boolean separateServerThread = false;5859/*60* Where do we find the keystores?61*/62static String pathToStores = "../etc";63static String keyStoreFile = "keystore";64static String trustStoreFile = "truststore";65static String passwd = "passphrase";6667/*68* Is the server ready to serve?69*/70volatile static boolean serverReady = false;7172/*73* Turn on SSL debugging?74*/75static boolean debug = false;7677/*78* If the client or server is doing some kind of object creation79* that the other side depends on, and that thread prematurely80* exits, you may experience a hang. The test harness will81* terminate all hung threads after its timeout has expired,82* currently 3 minutes by default, but you might try to be83* smart about it....84*/8586/*87* Define the server side of the test.88*89* If the server prematurely exits, serverReady will be set to true90* to avoid infinite hangs.91*/92void doServerSide() throws Exception {93SSLServerSocketFactory sslssf = getSSLServerSF();94SSLServerSocket sslServerSocket =95(SSLServerSocket) sslssf.createServerSocket(serverPort);9697// require client authentication.98sslServerSocket.setNeedClientAuth(true);99100serverPort = sslServerSocket.getLocalPort();101102/*103* Signal Client, we're ready for his connect.104*/105serverReady = true;106107SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();108InputStream sslIS = sslSocket.getInputStream();109OutputStream sslOS = sslSocket.getOutputStream();110111sslIS.read();112sslOS.write('A');113sslOS.flush();114115sslSocket.close();116}117118/*119* Define the client side of the test.120*121* If the server prematurely exits, serverReady will be set to true122* to avoid infinite hangs.123*/124void doClientSide() throws Exception {125126/*127* Wait for server to get started.128*/129while (!serverReady) {130Thread.sleep(50);131}132133SSLSocketFactory sslsf =134(SSLSocketFactory) SSLSocketFactory.getDefault();135SSLSocket sslSocket = (SSLSocket)136sslsf.createSocket("localhost", serverPort);137138// enable TLSv1.1 only139sslSocket.setEnabledProtocols(new String[] {"TLSv1.1"});140141InputStream sslIS = sslSocket.getInputStream();142OutputStream sslOS = sslSocket.getOutputStream();143144sslOS.write('B');145sslOS.flush();146sslIS.read();147148sslSocket.close();149}150151private SSLServerSocketFactory getSSLServerSF() throws Exception {152153char [] password =154System.getProperty("javax.net.ssl.keyStorePassword").toCharArray();155String keyFilename = System.getProperty("javax.net.ssl.keyStore");156157KeyStore ks = KeyStore.getInstance("JKS");158ks.load(new FileInputStream(keyFilename), password);159160KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");161kmf.init(ks, password);162163KeyManager[] kms = kmf.getKeyManagers();164TrustManager[] tms = new MyX509TM[] {new MyX509TM()};165166SSLContext ctx = SSLContext.getInstance("TLS");167ctx.init(kms, tms, null);168169return ctx.getServerSocketFactory();170}171172173static class MyX509TM implements X509TrustManager {174X509TrustManager tm;175176public void checkClientTrusted(X509Certificate[] chain,177String authType) throws CertificateException {178if (tm == null) {179initialize();180}181tm.checkClientTrusted(chain, authType);182}183184public void checkServerTrusted(X509Certificate[] chain,185String authType) throws CertificateException {186if (tm == null) {187initialize();188}189tm.checkServerTrusted(chain, authType);190}191192public X509Certificate[] getAcceptedIssuers() {193// always return empty array194return new X509Certificate[0];195}196197private void initialize() throws CertificateException {198String passwd =199System.getProperty("javax.net.ssl.trustStorePassword");200char [] password = passwd.toCharArray();201String trustFilename =202System.getProperty("javax.net.ssl.trustStore");203204try {205KeyStore ks = KeyStore.getInstance("JKS");206ks.load(new FileInputStream(trustFilename), password);207208TrustManagerFactory tmf =209TrustManagerFactory.getInstance("PKIX");210tmf.init(ks);211tm = (X509TrustManager)tmf.getTrustManagers()[0];212} catch (Exception e) {213throw new CertificateException("Unable to initialize TM");214}215216}217}218219/*220* =============================================================221* The remainder is just support stuff222*/223224// use any free port by default225volatile int serverPort = 0;226227volatile Exception serverException = null;228volatile Exception clientException = null;229230public static void main(String[] args) throws Exception {231// MD5 is used in this test case, don't disable MD5 algorithm.232Security.setProperty("jdk.certpath.disabledAlgorithms",233"MD2, RSA keySize < 1024");234Security.setProperty("jdk.tls.disabledAlgorithms",235"SSLv3, RC4, DH keySize < 768");236237String keyFilename =238System.getProperty("test.src", ".") + "/" + pathToStores +239"/" + keyStoreFile;240String trustFilename =241System.getProperty("test.src", ".") + "/" + pathToStores +242"/" + trustStoreFile;243244System.setProperty("javax.net.ssl.keyStore", keyFilename);245System.setProperty("javax.net.ssl.keyStorePassword", passwd);246System.setProperty("javax.net.ssl.trustStore", trustFilename);247System.setProperty("javax.net.ssl.trustStorePassword", passwd);248249if (debug)250System.setProperty("javax.net.debug", "all");251252/*253* Start the tests.254*/255new EmptyCertificateAuthorities();256}257258Thread clientThread = null;259Thread serverThread = null;260261/*262* Primary constructor, used to drive remainder of the test.263*264* Fork off the other side, then do your work.265*/266EmptyCertificateAuthorities() throws Exception {267try {268if (separateServerThread) {269startServer(true);270startClient(false);271} else {272startClient(true);273startServer(false);274}275} catch (Exception e) {276// swallow for now. Show later277}278279/*280* Wait for other side to close down.281*/282if (separateServerThread) {283serverThread.join();284} else {285clientThread.join();286}287288/*289* When we get here, the test is pretty much over.290* Which side threw the error?291*/292Exception local;293Exception remote;294String whichRemote;295296if (separateServerThread) {297remote = serverException;298local = clientException;299whichRemote = "server";300} else {301remote = clientException;302local = serverException;303whichRemote = "client";304}305306/*307* If both failed, return the curthread's exception, but also308* print the remote side Exception309*/310if ((local != null) && (remote != null)) {311System.out.println(whichRemote + " also threw:");312remote.printStackTrace();313System.out.println();314throw local;315}316317if (remote != null) {318throw remote;319}320321if (local != null) {322throw local;323}324}325326void startServer(boolean newThread) throws Exception {327if (newThread) {328serverThread = new Thread() {329public void run() {330try {331doServerSide();332} catch (Exception e) {333/*334* Our server thread just died.335*336* Release the client, if not active already...337*/338System.err.println("Server died...");339serverReady = true;340serverException = e;341}342}343};344serverThread.start();345} else {346try {347doServerSide();348} catch (Exception e) {349serverException = e;350} finally {351serverReady = true;352}353}354}355356void startClient(boolean newThread) throws Exception {357if (newThread) {358clientThread = new Thread() {359public void run() {360try {361doClientSide();362} catch (Exception e) {363/*364* Our client thread just died.365*/366System.err.println("Client died...");367clientException = e;368}369}370};371clientThread.start();372} else {373try {374doClientSide();375} catch (Exception e) {376clientException = e;377}378}379}380}381382383