1
/*
2
 * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/*
25
 * @test
26
 * @bug 4981697
27
 * @summary Rework the X509KeyManager to avoid incompatibility issues
28
 * @run main/othervm ExtendedKeySocket
29
 *
30
 *     SunJSSE does not support dynamic system properties, no way to re-use
31
 *     system properties in samevm/agentvm mode.
32
 * @author Brad R. Wetmore
33
 */
34

35
import java.io.*;
36
import java.net.*;
37
import javax.net.ssl.*;
38
import java.security.*;
39

40
public class ExtendedKeySocket {
41

42
    /*
43
     * =============================================================
44
     * Set the various variables needed for the tests, then
45
     * specify what tests to run on each side.
46
     */
47

48
    /*
49
     * Should we run the client or server in a separate thread?
50
     * Both sides can throw exceptions, but do you have a preference
51
     * as to which side should be the main thread.
52
     */
53
    static boolean separateServerThread = false;
54

55
    /*
56
     * Where do we find the keystores?
57
     */
58
    static String pathToStores = "../etc";
59
    static String keyStoreFile = "keystore";
60
    static String trustStoreFile = "truststore";
61
    static char [] passwd = "passphrase".toCharArray();
62

63
    /*
64
     * Is the server ready to serve?
65
     */
66
    volatile static boolean serverReady = false;
67

68
    /*
69
     * Turn on SSL debugging?
70
     */
71
    static boolean debug = false;
72

73
    /*
74
     * If the client or server is doing some kind of object creation
75
     * that the other side depends on, and that thread prematurely
76
     * exits, you may experience a hang.  The test harness will
77
     * terminate all hung threads after its timeout has expired,
78
     * currently 3 minutes by default, but you might try to be
79
     * smart about it....
80
     */
81

82
    private String keyFilename =
83
            System.getProperty("test.src", "./") + "/" + pathToStores +
84
                "/" + keyStoreFile;
85
    private String trustFilename =
86
            System.getProperty("test.src", "./") + "/" + pathToStores +
87
                "/" + trustStoreFile;
88

89
    SSLContext getSSLContext(boolean abs) throws Exception {
90
        SSLContext ctx = SSLContext.getInstance("TLS");
91

92
        KeyStore keyKS = KeyStore.getInstance("JKS");
93
        keyKS.load(new FileInputStream(keyFilename), passwd);
94

95
        KeyStore trustKS = KeyStore.getInstance("JKS");
96
        trustKS.load(new FileInputStream(trustFilename), passwd);
97

98
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
99
        kmf.init(keyKS, passwd);
100

101
        KeyManager [] kms = kmf.getKeyManagers();
102
        if (!(kms[0] instanceof X509ExtendedKeyManager)) {
103
            throw new Exception("kms[0] not X509ExtendedKeyManager");
104
        }
105

106
        if (abs) {
107
            kms = new KeyManager [] {
108
                new MyX509ExtendedKeyManager((X509ExtendedKeyManager)kms[0])
109
            };
110
        } else {
111
            kms = new KeyManager [] {
112
                new MyX509KeyManager((X509KeyManager)kms[0])
113
            };
114
        }
115

116
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
117
        tmf.init(trustKS);
118
        TrustManager [] tms = tmf.getTrustManagers();
119

120
        ctx.init(kms, tms, null);
121

122
        return ctx;
123
    }
124

125
    /*
126
     * Define the server side of the test.
127
     *
128
     * If the server prematurely exits, serverReady will be set to true
129
     * to avoid infinite hangs.
130
     */
131
    void doServerSide() throws Exception {
132
        System.out.println("Starting Server1");
133
        doServerTest(getSSLContext(true));
134

135
        System.out.println("Starting Server2");
136
        doServerTest(getSSLContext(false));
137

138
        System.out.println("Finishing Server");
139
    }
140

141
    void doServerTest(SSLContext ctx) throws Exception {
142
        serverPort = 0;
143
        SSLServerSocketFactory sslssf = ctx.getServerSocketFactory();
144
        SSLServerSocket sslServerSocket =
145
            (SSLServerSocket) sslssf.createServerSocket(serverPort);
146
        sslServerSocket.setNeedClientAuth(true);
147

148
        serverPort = sslServerSocket.getLocalPort();
149

150
        /*
151
         * Signal Client, we're ready for his connect.
152
         */
153
        serverReady = true;
154

155
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
156
        InputStream sslIS = sslSocket.getInputStream();
157
        OutputStream sslOS = sslSocket.getOutputStream();
158

159
        sslIS.read();
160
        sslOS.write(85);
161
        sslOS.flush();
162

163
        sslSocket.close();
164
    }
165

166
    /*
167
     * Define the client side of the test.
168
     *
169
     * If the server prematurely exits, serverReady will be set to true
170
     * to avoid infinite hangs.
171
     */
172
    void doClientSide() throws Exception {
173
        System.out.println("Starting Client1");
174
        doClientTest(getSSLContext(true));
175
        System.out.println("Starting Client2");
176
        doClientTest(getSSLContext(false));
177
        System.out.println("Finishing Client");
178
    }
179

180
    void doClientTest(SSLContext ctx) throws Exception {
181
        /*
182
         * Wait for server to get started.
183
         */
184
        while (!serverReady) {
185
            Thread.sleep(50);
186
        }
187

188
        /*
189
         * Reset for next time through.
190
         */
191
        serverReady = false;
192

193
        SSLSocketFactory sslsf = ctx.getSocketFactory();
194
        SSLSocket sslSocket = (SSLSocket)
195
            sslsf.createSocket("localhost", serverPort);
196

197
        InputStream sslIS = sslSocket.getInputStream();
198
        OutputStream sslOS = sslSocket.getOutputStream();
199

200
        sslOS.write(280);
201
        sslOS.flush();
202
        sslIS.read();
203

204
        sslSocket.close();
205
    }
206

207
    /*
208
     * =============================================================
209
     * The remainder is just support stuff
210
     */
211

212
    // use any free port by default
213
    volatile int serverPort = 0;
214

215
    volatile Exception serverException = null;
216
    volatile Exception clientException = null;
217

218
    public static void main(String[] args) throws Exception {
219
        if (debug)
220
            System.setProperty("javax.net.debug", "all");
221

222
        /*
223
         * Start the tests.
224
         */
225
        new ExtendedKeySocket();
226
    }
227

228
    Thread clientThread = null;
229
    Thread serverThread = null;
230

231
    /*
232
     * Primary constructor, used to drive remainder of the test.
233
     *
234
     * Fork off the other side, then do your work.
235
     */
236
    ExtendedKeySocket() throws Exception {
237
        try {
238
            if (separateServerThread) {
239
                startServer(true);
240
                startClient(false);
241
            } else {
242
                startClient(true);
243
                startServer(false);
244
            }
245
        } catch (Exception e) {
246
            // swallow for now.  Show later
247
        }
248

249
        /*
250
         * Wait for other side to close down.
251
         */
252
        if (separateServerThread) {
253
            serverThread.join();
254
        } else {
255
            clientThread.join();
256
        }
257

258
        /*
259
         * When we get here, the test is pretty much over.
260
         * Which side threw the error?
261
         */
262
        Exception local;
263
        Exception remote;
264
        String whichRemote;
265

266
        if (separateServerThread) {
267
            remote = serverException;
268
            local = clientException;
269
            whichRemote = "server";
270
        } else {
271
            remote = clientException;
272
            local = serverException;
273
            whichRemote = "client";
274
        }
275

276
        /*
277
         * If both failed, return the curthread's exception, but also
278
         * print the remote side Exception
279
         */
280
        if ((local != null) && (remote != null)) {
281
            System.out.println(whichRemote + " also threw:");
282
            remote.printStackTrace();
283
            System.out.println();
284
            throw local;
285
        }
286

287
        if (remote != null) {
288
            throw remote;
289
        }
290

291
        if (local != null) {
292
            throw local;
293
        }
294
    }
295

296
    void startServer(boolean newThread) throws Exception {
297
        if (newThread) {
298
            serverThread = new Thread() {
299
                public void run() {
300
                    try {
301
                        doServerSide();
302
                    } catch (Exception e) {
303
                        /*
304
                         * Our server thread just died.
305
                         *
306
                         * Release the client, if not active already...
307
                         */
308
                        System.err.println("Server died...");
309
                        serverReady = true;
310
                        serverException = e;
311
                    }
312
                }
313
            };
314
            serverThread.start();
315
        } else {
316
            try {
317
                doServerSide();
318
            } catch (Exception e) {
319
                serverException = e;
320
            } finally {
321
                serverReady = true;
322
            }
323
        }
324
    }
325

326
    void startClient(boolean newThread) throws Exception {
327
        if (newThread) {
328
            clientThread = new Thread() {
329
                public void run() {
330
                    try {
331
                        doClientSide();
332
                    } catch (Exception e) {
333
                        /*
334
                         * Our client thread just died.
335
                         */
336
                        System.err.println("Client died...");
337
                        clientException = e;
338
                    }
339
                }
340
            };
341
            clientThread.start();
342
        } else {
343
            try {
344
                doClientSide();
345
            } catch (Exception e) {
346
                clientException = e;
347
            }
348
        }
349
    }
350
}
351

352