Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/ssl/X509TrustManagerImpl/ClientServer.java
38853 views
/*1* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 471776626* @author Brad Wetmore27* @summary 1.0.3 JsseX509TrustManager erroneously calls isClientTrusted()28* @run main/manual ClientServer29*/3031/*32* SunJSSE does not support dynamic system properties, no way to re-use33* system properties in samevm/agentvm mode.34*35* JSSE supports algorithm constraints with CR 6916074, need to update36* this test case in JDK 7 soon.37*38* This problem didn't exist in JSSE 1.4, only JSSE 1.0.3. However,39* this is a useful test, so I decided to include it in 1.4.2.40*/4142import java.io.*;43import java.net.*;44import javax.net.ssl.*;45import java.security.cert.*;46import java.security.*;47import com.sun.net.ssl.*;4849public class ClientServer {5051/*52* =============================================================53* Set the various variables needed for the tests, then54* specify what tests to run on each side.55*/5657/*58* Should we run the client or server in a separate thread?59* Both sides can throw exceptions, but do you have a preference60* as to which side should be the main thread.61*/62static boolean separateServerThread = true;6364/*65* Where do we find the keystores?66*/67static String pathToStores = "../../../../javax/net/ssl/etc";68static String keyStoreFile = "keystore";69static String trustStoreFile = "truststore";70static String passwd = "passphrase";7172/*73* Is the server ready to serve?74*/75volatile static boolean serverReady = false;7677/*78* Turn on SSL debugging?79*/80static boolean debug = false;8182/*83* If the client or server is doing some kind of object creation84* that the other side depends on, and that thread prematurely85* exits, you may experience a hang. The test harness will86* terminate all hung threads after its timeout has expired,87* currently 3 minutes by default, but you might try to be88* smart about it....89*/9091/*92* Define the server side of the test.93*94* If the server prematurely exits, serverReady will be set to true95* to avoid infinite hangs.96*/97void doServerSide() throws Exception {98SSLServerSocketFactory sslssf = getDefaultServer();99SSLServerSocket sslServerSocket =100(SSLServerSocket) sslssf.createServerSocket(serverPort);101serverPort = sslServerSocket.getLocalPort();102103/*104* Signal Client, we're ready for his connect.105*/106serverReady = true;107108SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();109sslSocket.setNeedClientAuth(true);110InputStream sslIS = sslSocket.getInputStream();111OutputStream sslOS = sslSocket.getOutputStream();112113sslIS.read();114sslOS.write(85);115sslOS.flush();116117sslSocket.close();118119if (!serverTM.wasServerChecked() && serverTM.wasClientChecked()) {120System.out.println("SERVER TEST PASSED!");121} else {122throw new Exception("SERVER TEST FAILED! " +123!serverTM.wasServerChecked() + " " +124serverTM.wasClientChecked());125}126}127128/*129* Define the client side of the test.130*131* If the server prematurely exits, serverReady will be set to true132* to avoid infinite hangs.133*/134void doClientSide() throws Exception {135136/*137* Wait for server to get started.138*/139while (!serverReady) {140Thread.sleep(50);141}142143SSLSocketFactory sslsf = getDefaultClient();144SSLSocket sslSocket = (SSLSocket)145sslsf.createSocket("localhost", serverPort);146147InputStream sslIS = sslSocket.getInputStream();148OutputStream sslOS = sslSocket.getOutputStream();149150sslOS.write(280);151sslOS.flush();152sslIS.read();153154sslSocket.close();155156if (clientTM.wasServerChecked() && !clientTM.wasClientChecked()) {157System.out.println("CLIENT TEST PASSED!");158} else {159throw new Exception("CLIENT TEST FAILED! " +160clientTM.wasServerChecked() + " " +161!clientTM.wasClientChecked());162}163}164165private com.sun.net.ssl.SSLContext getDefault(MyX509TM tm)166throws Exception {167168String keyFilename =169System.getProperty("test.src", "./") + "/" + pathToStores +170"/" + keyStoreFile;171String trustFilename =172System.getProperty("test.src", "./") + "/" + pathToStores +173"/" + trustStoreFile;174175char[] passphrase = "passphrase".toCharArray();176KeyStore ks = KeyStore.getInstance("JKS");177ks.load(new FileInputStream(keyFilename), passphrase);178179com.sun.net.ssl.KeyManagerFactory kmf =180com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");181kmf.init(ks, passphrase);182183ks = KeyStore.getInstance("JKS");184ks.load(new FileInputStream(trustFilename), passphrase);185186com.sun.net.ssl.TrustManagerFactory tmf =187com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");188tmf.init(ks);189190com.sun.net.ssl.TrustManager [] tms = tmf.getTrustManagers();191192int i;193for (i = 0; i < tms.length; i++) {194if (tms[i] instanceof com.sun.net.ssl.X509TrustManager) {195break;196}197}198199if (i >= tms.length) {200throw new Exception("Couldn't find X509TM");201}202203tm.init((com.sun.net.ssl.X509TrustManager)tms[i]);204tms = new MyX509TM [] { tm };205206com.sun.net.ssl.SSLContext ctx =207com.sun.net.ssl.SSLContext.getInstance("TLS");208ctx.init(kmf.getKeyManagers(), tms, null);209return ctx;210}211212MyX509TM serverTM;213MyX509TM clientTM;214215private SSLServerSocketFactory getDefaultServer() throws Exception {216serverTM = new MyX509TM();217return getDefault(serverTM).getServerSocketFactory();218}219220private SSLSocketFactory getDefaultClient() throws Exception {221clientTM = new MyX509TM();222return getDefault(clientTM).getSocketFactory();223}224225static class MyX509TM implements com.sun.net.ssl.X509TrustManager {226227com.sun.net.ssl.X509TrustManager tm;228boolean clientChecked;229boolean serverChecked;230231void init(com.sun.net.ssl.X509TrustManager x509TM) {232tm = x509TM;233}234235public boolean wasClientChecked() {236return clientChecked;237}238239public boolean wasServerChecked() {240return serverChecked;241}242243public boolean isClientTrusted(X509Certificate[] chain) {244clientChecked = true;245return true;246}247248public boolean isServerTrusted(X509Certificate[] chain) {249serverChecked = true;250return true;251}252253public X509Certificate[] getAcceptedIssuers() {254return tm.getAcceptedIssuers();255}256}257258/*259* =============================================================260* The remainder is just support stuff261*/262263// use any free port by default264volatile int serverPort = 0;265266volatile Exception serverException = null;267volatile Exception clientException = null;268269public static void main(String[] args) throws Exception {270271if (debug)272System.setProperty("javax.net.debug", "all");273274/*275* Start the tests.276*/277new ClientServer();278}279280Thread clientThread = null;281Thread serverThread = null;282283/*284* Primary constructor, used to drive remainder of the test.285*286* Fork off the other side, then do your work.287*/288ClientServer() throws Exception {289if (separateServerThread) {290startServer(true);291startClient(false);292} else {293startClient(true);294startServer(false);295}296297/*298* Wait for other side to close down.299*/300if (separateServerThread) {301serverThread.join();302} else {303clientThread.join();304}305306/*307* When we get here, the test is pretty much over.308*309* If the main thread excepted, that propagates back310* immediately. If the other thread threw an exception, we311* should report back.312*/313if (serverException != null)314throw serverException;315if (clientException != null)316throw clientException;317}318319void startServer(boolean newThread) throws Exception {320if (newThread) {321serverThread = new Thread() {322public void run() {323try {324doServerSide();325} catch (Exception e) {326/*327* Our server thread just died.328*329* Release the client, if not active already...330*/331System.err.println("Server died...");332serverReady = true;333serverException = e;334}335}336};337serverThread.start();338} else {339doServerSide();340}341}342343void startClient(boolean newThread) throws Exception {344if (newThread) {345clientThread = new Thread() {346public void run() {347try {348doClientSide();349} catch (Exception e) {350/*351* Our client thread just died.352*/353System.err.println("Client died...");354clientException = e;355}356}357};358clientThread.start();359} else {360doClientSide();361}362}363}364365366