CoCalc -- SSLSocketKeyLimit.java

GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/ssl/SSLSocketImpl/SSLSocketKeyLimit.java
³⁸⁸⁵³ views
1
/*
2
 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/*
25
 * @test
26
 * @bug 8164879
27
 * @library /lib/testlibrary ../../
28
 * @summary Verify AES/GCM's limits set in the jdk.tls.keyLimits property
29
 * @run main SSLSocketKeyLimit 0 server AES/GCM/NoPadding keyupdate 1000000
30
 * @run main SSLSocketKeyLimit 0 client AES/GCM/NoPadding keyupdate 1000000
31
 * @run main SSLSocketKeyLimit 1 client AES/GCM/NoPadding keyupdate 2^22
32
 */
33

34
 /**
35
  * Verify AES/GCM's limits set in the jdk.tls.keyLimits property
36
  * start a new handshake sequence to renegotiate the symmetric key with an
37
  * SSLSocket connection.  This test verifies the handshake method was called
38
  * via debugging info.  It does not verify the renegotiation was successful
39
  * as that is very hard.
40
  */
41

42
import javax.net.ssl.KeyManagerFactory;
43
import javax.net.ssl.SSLContext;
44
import javax.net.ssl.SSLServerSocket;
45
import javax.net.ssl.SSLServerSocketFactory;
46
import javax.net.ssl.SSLSocket;
47
import javax.net.ssl.SSLSocketFactory;
48
import javax.net.ssl.TrustManagerFactory;
49
import java.io.ByteArrayInputStream;
50
import java.io.ByteArrayOutputStream;
51
import java.io.File;
52
import java.io.FileInputStream;
53
import java.io.InputStream;
54
import java.io.OutputStream;
55
import java.io.PrintWriter;
56
import java.security.KeyStore;
57
import java.security.SecureRandom;
58
import java.util.Arrays;
59

60
import jdk.testlibrary.ProcessTools;
61
import jdk.testlibrary.Utils;
62
import jdk.testlibrary.OutputAnalyzer;
63
import sun.misc.HexDumpEncoder;
64
import sun.misc.IOUtils;
65

66
public class SSLSocketKeyLimit {
67
    SSLSocket socket;
68
    private InputStream in;
69
    private OutputStream out;
70

71
    static boolean serverReady = false;
72
    static int serverPort = 0;
73

74
    static String pathToStores = "../../../../javax/net/ssl/etc/";
75
    static String keyStoreFile = "keystore";
76
    static String passwd = "passphrase";
77
    static int dataLen = 10240;
78
    static byte[] data  = new byte[dataLen];
79
    static boolean serverwrite = true;
80
    int totalDataLen = 0;
81
    static boolean done = false;
82

83
    SSLSocketKeyLimit() {
84
    }
85

86
    SSLContext initContext() throws Exception {
87
        SSLContext sc = SSLContext.getInstance("TLSv1.3");
88
        KeyStore ks = KeyStore.getInstance("JKS");
89
        ks.load(new FileInputStream(new File(System.getProperty("javax.net.ssl.keyStore"))),
90
                passwd.toCharArray());
91
        KeyManagerFactory kmf =
92
                KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
93
        kmf.init(ks, passwd.toCharArray());
94
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
95
        tmf.init(ks);
96
        sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
97
        return sc;
98
    }
99

100
    /**
101
     * args should have two values:  server|client, <limit size>
102
     * Prepending 'p' is for internal use only.
103
     */
104
    public static void main(String args[]) throws Throwable {
105
        if (args[0].compareTo("p") != 0) {
106

107
            boolean expectedFail = (Integer.parseInt(args[0]) == 1);
108
            if (expectedFail) {
109
                System.out.println("Test expected to not find updated msg");
110
            }
111
            //Write security property file to overwrite default
112
            File f = new File("keyusage."+ System.nanoTime());
113
            PrintWriter p = new PrintWriter(f);
114
            p.write("jdk.tls.keyLimits=");
115
            for (int i = 2; i < args.length; i++) {
116
                p.write(" "+ args[i]);
117
            }
118
            p.close();
119
            System.out.println("Keyusage path = " + f.getAbsolutePath());
120
            System.setProperty("test.java.opts",
121
                    "-Dtest.src=" + System.getProperty("test.src") +
122
                            " -Dtest.jdk=" + System.getProperty("test.jdk") +
123
                            " -Djavax.net.debug=ssl,handshake" +
124
                            " -Djava.security.properties=" + f.getName());
125

126
            System.out.println("test.java.opts: " +
127
                    System.getProperty("test.java.opts"));
128

129
            ProcessBuilder pb = ProcessTools.createJavaProcessBuilder(true,
130
                    Utils.addTestJavaOpts("SSLSocketKeyLimit", "p", args[1]));
131

132
            OutputAnalyzer output = ProcessTools.executeProcess(pb);
133
            try {
134
                if (expectedFail) {
135
                    output.shouldNotContain("KeyUpdate: write key updated");
136
                    output.shouldNotContain("KeyUpdate: read key updated");
137
                } else {
138
                    output.shouldContain("trigger key update");
139
                    output.shouldContain("KeyUpdate: write key updated");
140
                    output.shouldContain("KeyUpdate: read key updated");
141
                }
142
            } catch (Exception e) {
143
                throw e;
144
            } finally {
145
                System.out.println("-- BEGIN Stdout:");
146
                System.out.println(output.getStdout());
147
                System.out.println("-- END Stdout");
148
                System.out.println("-- BEGIN Stderr:");
149
                System.out.println(output.getStderr());
150
                System.out.println("-- END Stderr");
151
            }
152
            return;
153
        }
154

155
        if (args.length > 0 && args[0].compareToIgnoreCase("client") == 0) {
156
            serverwrite = false;
157
        }
158

159
        String keyFilename =
160
            System.getProperty("test.src", "./") + "/" + pathToStores +
161
                "/" + keyStoreFile;
162

163
        System.setProperty("javax.net.ssl.keyStore", keyFilename);
164
        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
165

166
        Arrays.fill(data, (byte)0x0A);
167
        Thread ts = new Thread(new Server());
168

169
        ts.start();
170
        while (!serverReady) {
171
            Thread.sleep(100);
172
        }
173
        new Client().run();
174
        ts.join(10000);  // 10sec
175
        System.exit(0);
176
    }
177

178
    void write(SSLSocket s) throws Exception {
179
        int i = 0;
180
        in = s.getInputStream();
181
        out = s.getOutputStream();
182
        while (i++ < 150) {
183
            out.write(data, 0, dataLen);
184
            System.out.print("W");
185
            IOUtils.readNBytes(in,1);
186
            System.out.print("R");
187
        }
188
        out.write(0x0D);
189
        out.flush();
190

191
        // Let read side all the data
192
        while (!done) {
193
            Thread.sleep(100);
194
        }
195
        out.close();
196
        in.close();
197
    }
198

199

200
    void read(SSLSocket s) throws Exception {
201
        byte[] buf = new byte[dataLen];
202
        int len;
203
        byte i = 0;
204
        try {
205
            System.out.println("Server: connected " + s.getSession().getCipherSuite());
206
            in = s.getInputStream();
207
            out = s.getOutputStream();
208
            while (true) {
209
                len = in.read(buf, 0, dataLen);
210
                System.out.print("r");
211
                out.write(i++);
212
                System.out.print("w");
213
                for (byte b: buf) {
214
                    if (b == 0x0A || b == 0x0D) {
215
                        continue;
216
                    }
217
                    System.out.println("\nData invalid: " + new HexDumpEncoder().encode(buf));
218
                    break;
219
                }
220

221
                if (len > 0 && buf[len-1] == 0x0D) {
222
                    System.out.println("got end byte");
223
                    break;
224
                }
225
                totalDataLen += len;
226
            }
227
        } catch (Exception e) {
228
            System.out.println("\n"  + e.getMessage());
229
            e.printStackTrace();
230
        } finally {
231
            // Tell write side that we are done reading
232
            out.close();
233
            in.close();
234
            done = true;
235
        }
236
        System.out.println("\nTotalDataLen = " + totalDataLen);
237
    }
238

239
    static class Server extends SSLSocketKeyLimit implements Runnable {
240
        private SSLServerSocketFactory ssf;
241
        private SSLServerSocket ss;
242
        Server() {
243
            super();
244
            try {
245
                ssf = initContext().getServerSocketFactory();
246
                ss = (SSLServerSocket) ssf.createServerSocket(serverPort);
247
                serverPort = ss.getLocalPort();
248
            } catch (Exception e) {
249
                System.out.println("server: " + e.getMessage());
250
                e.printStackTrace();
251
            }
252
        }
253

254
        public void run() {
255
            try {
256
                serverReady = true;
257
                System.out.println("Server waiting... port: " + serverPort);
258
                socket = (SSLSocket) ss.accept();
259
                if (serverwrite) {
260
                    write(socket);
261
                } else {
262
                    read(socket);
263
                }
264

265
                socket.close();
266
            } catch (Exception e) {
267
                System.out.println("server: " + e.getMessage());
268
                e.printStackTrace();
269
            }
270
            System.out.println("Server closed");
271
        }
272
    }
273

274

275
    static class Client extends SSLSocketKeyLimit implements Runnable {
276
        private SSLSocketFactory sf;
277

278
        Client() {
279
            super();
280
        }
281

282
        public void run() {
283
            try {
284
                sf = initContext().getSocketFactory();
285
                System.out.println("Client: connecting... port: " + serverPort);
286
                socket = (SSLSocket)sf.createSocket("localhost", serverPort);
287
                System.out.println("Client: connected." + socket.getSession().getCipherSuite());
288

289
                // Opposite of what the server does
290
                if (!serverwrite) {
291
                    write(socket);
292
                } else {
293
                    read(socket);
294
                }
295

296
            } catch (Exception e) {
297
                System.err.println("client: " + e.getMessage());
298
                e.printStackTrace();
299
            }
300
        }
301
    }
302
}
303

304
Product

Resources

Company
