Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java
38853 views
/*1* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223// SunJSSE does not support dynamic system properties, no way to re-use24// system properties in samevm/agentvm mode.2526/*27* @test28* @bug 814810829* @summary Disable Diffie-Hellman keys less than 1024 bits30* @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy LegacyDHEKeyExchange31*/3233import java.io.*;34import javax.net.ssl.*;3536public class LegacyDHEKeyExchange {3738/*39* =============================================================40* Set the various variables needed for the tests, then41* specify what tests to run on each side.42*/4344/*45* Should we run the client or server in a separate thread?46* Both sides can throw exceptions, but do you have a preference47* as to which side should be the main thread.48*/49static boolean separateServerThread = false;5051/*52* Where do we find the keystores?53*/54static String pathToStores = "../../../../javax/net/ssl/etc";55static String keyStoreFile = "keystore";56static String trustStoreFile = "truststore";57static String passwd = "passphrase";5859/*60* Is the server ready to serve?61*/62volatile static boolean serverReady = false;6364/*65* Turn on SSL debugging?66*/67static boolean debug = false;6869/*70* If the client or server is doing some kind of object creation71* that the other side depends on, and that thread prematurely72* exits, you may experience a hang. The test harness will73* terminate all hung threads after its timeout has expired,74* currently 3 minutes by default, but you might try to be75* smart about it....76*/7778/*79* Define the server side of the test.80*81* If the server prematurely exits, serverReady will be set to true82* to avoid infinite hangs.83*/84void doServerSide() throws Exception {85SSLServerSocketFactory sslssf =86(SSLServerSocketFactory) SSLServerSocketFactory.getDefault();87SSLServerSocket sslServerSocket =88(SSLServerSocket) sslssf.createServerSocket(serverPort);8990serverPort = sslServerSocket.getLocalPort();9192/*93* Signal Client, we're ready for his connect.94*/95serverReady = true;9697try (SSLSocket sslSocket = (SSLSocket)sslServerSocket.accept()) {98InputStream sslIS = sslSocket.getInputStream();99OutputStream sslOS = sslSocket.getOutputStream();100101sslIS.read();102sslOS.write(85);103sslOS.flush();104105throw new Exception(106"Leagcy DH keys (< 1024) should be restricted");107} catch (SSLHandshakeException she) {108// ignore, client should terminate the connection109} finally {110sslServerSocket.close();111}112}113114/*115* Define the client side of the test.116*117* If the server prematurely exits, serverReady will be set to true118* to avoid infinite hangs.119*/120void doClientSide() throws Exception {121122/*123* Wait for server to get started.124*/125while (!serverReady) {126Thread.sleep(50);127}128129SSLSocketFactory sslsf =130(SSLSocketFactory) SSLSocketFactory.getDefault();131SSLSocket sslSocket = (SSLSocket)132sslsf.createSocket("localhost", serverPort);133134String[] suites = new String [] {"TLS_DHE_RSA_WITH_AES_128_CBC_SHA"};135sslSocket.setEnabledCipherSuites(suites);136137try {138InputStream sslIS = sslSocket.getInputStream();139OutputStream sslOS = sslSocket.getOutputStream();140141sslOS.write(280);142sslOS.flush();143sslIS.read();144145throw new Exception("Leagcy DH keys (< 1024) should be restricted");146} catch (SSLHandshakeException she) {147// ignore, should be caused by algorithm constraints148} finally {149sslSocket.close();150}151}152153/*154* =============================================================155* The remainder is just support stuff156*/157158// use any free port by default159volatile int serverPort = 0;160161volatile Exception serverException = null;162volatile Exception clientException = null;163164public static void main(String[] args) throws Exception {165String keyFilename =166System.getProperty("test.src", ".") + "/" + pathToStores +167"/" + keyStoreFile;168String trustFilename =169System.getProperty("test.src", ".") + "/" + pathToStores +170"/" + trustStoreFile;171172System.setProperty("javax.net.ssl.keyStore", keyFilename);173System.setProperty("javax.net.ssl.keyStorePassword", passwd);174System.setProperty("javax.net.ssl.trustStore", trustFilename);175System.setProperty("javax.net.ssl.trustStorePassword", passwd);176177if (debug) {178System.setProperty("javax.net.debug", "all");179}180181/*182* Start the tests.183*/184new LegacyDHEKeyExchange();185}186187Thread clientThread = null;188Thread serverThread = null;189190/*191* Primary constructor, used to drive remainder of the test.192*193* Fork off the other side, then do your work.194*/195LegacyDHEKeyExchange() throws Exception {196Exception startException = null;197try {198if (separateServerThread) {199startServer(true);200startClient(false);201} else {202startClient(true);203startServer(false);204}205} catch (Exception e) {206startException = e;207}208209/*210* Wait for other side to close down.211*/212if (separateServerThread) {213if (serverThread != null) {214serverThread.join();215}216} else {217if (clientThread != null) {218clientThread.join();219}220}221222/*223* When we get here, the test is pretty much over.224* Which side threw the error?225*/226Exception local;227Exception remote;228229if (separateServerThread) {230remote = serverException;231local = clientException;232} else {233remote = clientException;234local = serverException;235}236237Exception exception = null;238239/*240* Check various exception conditions.241*/242if ((local != null) && (remote != null)) {243// If both failed, return the curthread's exception.244local.initCause(remote);245exception = local;246} else if (local != null) {247exception = local;248} else if (remote != null) {249exception = remote;250} else if (startException != null) {251exception = startException;252}253254/*255* If there was an exception *AND* a startException,256* output it.257*/258if (exception != null) {259if (exception != startException && startException != null) {260exception.addSuppressed(startException);261}262throw exception;263}264265// Fall-through: no exception to throw!266}267268void startServer(boolean newThread) throws Exception {269if (newThread) {270serverThread = new Thread() {271@Override272public void run() {273try {274doServerSide();275} catch (Exception e) {276/*277* Our server thread just died.278*279* Release the client, if not active already...280*/281System.err.println("Server died...");282serverReady = true;283serverException = e;284}285}286};287serverThread.start();288} else {289try {290doServerSide();291} catch (Exception e) {292serverException = e;293} finally {294serverReady = true;295}296}297}298299void startClient(boolean newThread) throws Exception {300if (newThread) {301clientThread = new Thread() {302@Override303public void run() {304try {305doClientSide();306} catch (Exception e) {307/*308* Our client thread just died.309*/310System.err.println("Client died...");311clientException = e;312}313}314};315clientThread.start();316} else {317try {318doClientSide();319} catch (Exception e) {320clientException = e;321}322}323}324}325326327