Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/ssl/GenSSLConfigs/main.java
38853 views
/*1* @test2* @build TestThread Traffic Handler ServerHandler ServerThread ClientThread3* @run main/othervm/timeout=140 -Djsse.enableCBCProtection=false main4* @summary Make sure that different configurations of SSL sockets work5* @key randomness6*/78/*9* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.10* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.11*12* This code is free software; you can redistribute it and/or modify it13* under the terms of the GNU General Public License version 2 only, as14* published by the Free Software Foundation.15*16* This code is distributed in the hope that it will be useful, but WITHOUT17* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or18* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License19* version 2 for more details (a copy is included in the LICENSE file that20* accompanied this code).21*22* You should have received a copy of the GNU General Public License version23* 2 along with this work; if not, write to the Free Software Foundation,24* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.25*26* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA27* or visit www.oracle.com if you need additional information or have any28* questions.29*/3031import java.io.*;32import java.security.SecureRandom;33import java.security.KeyStore;34import javax.security.cert.*;35import java.util.Date;36import java.util.Vector;37import java.util.ArrayList;3839import javax.net.ssl.*;4041public class main42{43// NOTE: "prng" doesn't need to be a SecureRandom4445private static final SecureRandom prng46= new SecureRandom ();47private static SSLContext sslContext;4849private static void usage() {50System.err.println (51"usage: tests.ssl.main default|random|cipher_suite [nthreads]");52}5354/**55* Runs a test ... there are a variety of configurations, and the way56* they're invoked is subject to change. This program can support57* single and multiple process tests, but by default it's set up for58* single process testing.59*60* <P> The first commandline argument identifies a test configuration.61* Currently identified configurations include "default", "random".62*63* <P> The second commandline argument identifies the number of64* client threads to use.65*/66public static void main (String argv [])67{68String config;69int NTHREADS;7071initContext();72String supported [] = sslContext.getSocketFactory()73.getSupportedCipherSuites();7475// Strip out any Kerberos Suites for now.76ArrayList list = new ArrayList(supported.length);77for (int i = 0; i < supported.length; i++) {78if (!supported[i].startsWith("TLS_KRB5")) {79list.add(supported[i]);80}81}82supported = (String [])list.toArray(new String [0]);8384if (argv.length == 2) {85config = argv [0];86NTHREADS = Integer.parseInt (argv [1]);87} else if (argv.length == 1) {88config = argv [0];89NTHREADS = 15;90} else {91/* temporaraly changed to make it run under jtreg with92* default configuration, when no input parameters are93* given94*/95//usage();96//return;97config = "default";98NTHREADS = supported.length;99}100101// More options ... port #. different clnt/svr configs,102// cipher suites, etc.103104ServerThread server = new ServerThread (0, NTHREADS, sslContext);105Vector clients = new Vector (NTHREADS);106107if (!(config.equals("default") || config.equals("random")))108supported = new String[] {config};109110System.out.println("Supported cipher suites are:");111for(int i=0; i < supported.length; i++) {112System.out.println(supported[i]);113}114115setConfig (server, config, supported);116117// if (OS != Win95)118server.setUseMT (true);119120server.start ();121server.waitTillReady ();122123//124// iterate over all cipher suites125//126int next = 0;127int passes = 0;128129if (usesRandom (config))130next = nextUnsignedRandom ();131132for (int i = 0; i < NTHREADS; i++, next++) {133ClientThread client = new ClientThread (server.getServerPort(), sslContext);134String cipher [] = new String [1];135136setConfig (client, config, supported);137next = next % supported.length;138cipher [0] = supported [next];139client.setBasicCipherSuites (cipher);140141//142// Win95 has been observed to choke if you throw many143// connections at it. So we make it easy to unthread144// everything; it can be handy outside Win95 too.145//146client.start ();147if (!server.getUseMT ()) {148waitForClient (client);149if (client.passed ())150passes++;151} else152clients.addElement (client);153}154155while (!clients.isEmpty ()) {156ClientThread client;157158client = (ClientThread) clients.elementAt (0);159clients.removeElement (client);160waitForClient (client);161if (client.passed ())162passes++;163}164165System.out.println ("SUMMARY: threads = " + NTHREADS166+ ", passes = " + passes);167}168169170//171// Rather than replicating code, a helper function!172//173private static void waitForClient (Thread client)174{175while (true)176try {177client.join ();178179// System.out.println ("Joined: " + client.getName ());180break;181} catch (InterruptedException e) {182continue;183}184}185186private static void initContext()187{188try {189String testRoot = System.getProperty("test.src", ".");190System.setProperty("javax.net.ssl.trustStore", testRoot191+ "/../../../../javax/net/ssl/etc/truststore");192193KeyStore ks = KeyStore.getInstance("JKS");194ks.load(new FileInputStream(testRoot195+ "/../../../../javax/net/ssl/etc/truststore"),196"passphrase".toCharArray());197KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");198kmf.init(ks, "passphrase".toCharArray());199TrustManagerFactory tmf =200TrustManagerFactory.getInstance("SunX509");201tmf.init(ks);202sslContext = SSLContext.getInstance("SSL");203sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);204} catch (Throwable t) {205// oh well; ignore it, the tester presumably intends this206System.out.println("Failed to read keystore/truststore file... Continuing");207t.printStackTrace();208}209}210211private static int nextUnsignedRandom ()212{213int retval = prng.nextInt ();214215if (retval < 0)216return -retval;217else218return retval;219}220221222//223// Randomness in testing can be good and bad ... covers more224// territory, but not reproducibly.225//226private static boolean usesRandom (String config)227{228return config.equalsIgnoreCase ("random");229}230231232private static void setConfig (233TestThread test,234String config,235String supported []236)237{238test.setBasicCipherSuites (supported);239test.setOutput (System.out);240test.setVerbosity (3);241242if (test instanceof ClientThread) {243test.setListenHandshake (true);244test.setIterations (20);245}246247// XXX role reversals !!!248249//250// We can establish a reasonable degree of variability251// on the test data and configs ... expecting that the252// diagnostics will identify any problems that exist.253// Client and server must agree on these things.254//255// Unless we do this, only the SSL nonces and ephemeral256// keys will be unpredictable in a given test run. Those257// affect only the utmost innards of SSL, details which258// are not visible to applications.259//260if (usesRandom (config)) {261int rand = nextUnsignedRandom ();262263if (test instanceof ClientThread)264test.setIterations (rand % 35);265266if ((rand & 0x080) == 0)267test.setInitiateHandshake (true);268// if ((rand & 0x040) == 0)269// test.setDoRenegotiate (true);270271test.setPRNG (new SecureRandom ());272}273}274}275276277