1
/*
2
 * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/*
25
 * @test
26
 * @bug 4280338
27
 * @summary "Unsupported SSL message version" SSLProtocolException
28
 *      w/SSL_RSA_WITH_NULL_MD5
29
 * @run main/othervm JSSERenegotiate
30
 *
31
 *     SunJSSE does not support dynamic system properties, no way to re-use
32
 *     system properties in samevm/agentvm mode.
33
 *
34
 * @author Ram Marti
35
 * @author Brad Wetmore
36
 */
37

38
import java.io.*;
39
import java.net.*;
40
import java.security.Security;
41
import javax.net.ssl.*;
42

43
public class JSSERenegotiate {
44

45
    static final String suite1 = "SSL_RSA_WITH_NULL_MD5";
46
    static final String suite2 = "SSL_RSA_WITH_NULL_SHA";
47

48
    static final String dataString = "This is a test";
49

50

51
    /*
52
     * =============================================================
53
     * Set the various variables needed for the tests, then
54
     * specify what tests to run on each side.
55
     */
56

57
    /*
58
     * Should we run the client or server in a separate thread?
59
     * Both sides can throw exceptions, but do you have a preference
60
     * as to which side should be the main thread.
61
     */
62
    static boolean separateServerThread = false;
63

64
    /*
65
     * Where do we find the keystores?
66
     */
67
    static String pathToStores = "../etc";
68
    static String keyStoreFile = "keystore";
69
    static String trustStoreFile = "truststore";
70
    static String passwd = "passphrase";
71

72
    /*
73
     * Is the server ready to serve?
74
     */
75
    volatile static boolean serverReady = false;
76

77
    /*
78
     * Turn on SSL debugging?
79
     */
80
    static boolean debug = false;
81

82
    /*
83
     * If the client or server is doing some kind of object creation
84
     * that the other side depends on, and that thread prematurely
85
     * exits, you may experience a hang.  The test harness will
86
     * terminate all hung threads after its timeout has expired,
87
     * currently 3 minutes by default, but you might try to be
88
     * smart about it....
89
     */
90

91
    /*
92
     * Define the server side of the test.
93
     *
94
     * If the server prematurely exits, serverReady will be set to true
95
     * to avoid infinite hangs.
96
     */
97
    void doServerSide() throws Exception {
98
        SSLServerSocketFactory sslssf =
99
            (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
100
        SSLServerSocket sslServerSocket =
101
            (SSLServerSocket) sslssf.createServerSocket(serverPort, 3);
102

103
        sslServerSocket.setNeedClientAuth(true);
104
        sslServerSocket.setEnabledCipherSuites(new String[] {suite1, suite2 });
105

106
        serverPort = sslServerSocket.getLocalPort();
107

108
        /*
109
         * Signal Client, we're ready for his connect.
110
         */
111
        serverReady = true;
112

113
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
114

115
        DataInputStream sslIS =
116
            new DataInputStream(sslSocket.getInputStream());
117
        DataOutputStream sslOS =
118
            new DataOutputStream(sslSocket.getOutputStream());
119
        while (true) {
120
            try {
121
                System.out.println("Received: " + sslIS.readUTF());
122
            } catch (SSLException e) {
123
                System.out.println ("Received wrong exception");
124
                break;
125
            } catch (IOException e) {
126
                System.out.println ("Received right exception");
127
                break;
128
            }
129
        }
130
        sslSocket.close();
131
    }
132

133
    /*
134
     * Define the client side of the test.
135
     *
136
     * If the server prematurely exits, serverReady will be set to true
137
     * to avoid infinite hangs.
138
     */
139
    void doClientSide() throws Exception {
140

141
        /*
142
         * Wait for server to get started.
143
         */
144
        while (!serverReady) {
145
            Thread.sleep(50);
146
        }
147

148
        SSLSocketFactory sslsf =
149
            (SSLSocketFactory) SSLSocketFactory.getDefault();
150
        SSLSocket sslSocket = (SSLSocket)
151
            sslsf.createSocket("localhost", serverPort);
152

153
        sslSocket.setEnabledCipherSuites(new String[] { suite1 });
154
        System.out.println("Enabled " + suite1);
155

156
        DataInputStream sslIS =
157
            new DataInputStream(sslSocket.getInputStream());
158
        DataOutputStream sslOS =
159
            new DataOutputStream(sslSocket.getOutputStream());
160
        BufferedReader in = new BufferedReader(
161
            new InputStreamReader(sslSocket.getInputStream()));
162
        sslOS.writeUTF("With " + suite1);
163

164
        sslSocket.setEnabledCipherSuites(new String[] { suite2 });
165
        sslSocket.startHandshake();
166

167
        System.out.println("Enabled " + suite2);
168
         // write the message a few times - see bug 4462616 why we do this
169
        sslOS.writeUTF("With " + suite2);
170
        sslOS.writeUTF("With " + suite2);
171
        sslOS.writeUTF("With " + suite2);
172

173
        sslSocket.setEnabledCipherSuites(new String[] { suite1 });
174
        sslSocket.startHandshake();
175
        System.out.println("Re-enabled " + suite1);
176
        sslOS.writeUTF("With " + suite1);
177
        sslOS.writeUTF("With " + suite1);
178
        sslOS.writeUTF("With " + suite1);
179
        sslSocket.close();
180
    }
181

182
    /*
183
     * =============================================================
184
     * The remainder is just support stuff
185
     */
186

187
    // use any free port by default
188
    volatile int serverPort = 0;
189

190
    volatile Exception serverException = null;
191
    volatile Exception clientException = null;
192

193
    public static void main(String[] args) throws Exception {
194
        // reset the security property to make sure that the cipher suites
195
        // used in this test are not disabled
196
        Security.setProperty("jdk.tls.disabledAlgorithms", "");
197

198
        String keyFilename =
199
            System.getProperty("test.src", "./") + "/" + pathToStores +
200
                "/" + keyStoreFile;
201
        String trustFilename =
202
            System.getProperty("test.src", "./") + "/" + pathToStores +
203
                "/" + trustStoreFile;
204

205
        System.setProperty("javax.net.ssl.keyStore", keyFilename);
206
        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
207
        System.setProperty("javax.net.ssl.trustStore", trustFilename);
208
        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
209

210
        if (debug)
211
            System.setProperty("javax.net.debug", "all");
212

213
        /*
214
         * Start the tests.
215
         */
216
        new JSSERenegotiate();
217
    }
218

219
    Thread clientThread = null;
220
    Thread serverThread = null;
221

222
    /*
223
     * Primary constructor, used to drive remainder of the test.
224
     *
225
     * Fork off the other side, then do your work.
226
     */
227
    JSSERenegotiate() throws Exception {
228
        try {
229
            if (separateServerThread) {
230
                startServer(true);
231
                startClient(false);
232
            } else {
233
                startClient(true);
234
                startServer(false);
235
            }
236
        } catch (Exception e) {
237
            // swallow for now.  Show later
238
        }
239

240
        /*
241
         * Wait for other side to close down.
242
         */
243
        if (separateServerThread) {
244
            serverThread.join();
245
        } else {
246
            clientThread.join();
247
        }
248

249
        /*
250
         * When we get here, the test is pretty much over.
251
         * Which side threw the error?
252
         */
253
        Exception local;
254
        Exception remote;
255
        String whichRemote;
256

257
        if (separateServerThread) {
258
            remote = serverException;
259
            local = clientException;
260
            whichRemote = "server";
261
        } else {
262
            remote = clientException;
263
            local = serverException;
264
            whichRemote = "client";
265
        }
266

267
        /*
268
         * If both failed, return the curthread's exception, but also
269
         * print the remote side Exception
270
         */
271
        if ((local != null) && (remote != null)) {
272
            System.out.println(whichRemote + " also threw:");
273
            remote.printStackTrace();
274
            System.out.println();
275
            throw local;
276
        }
277

278
        if (remote != null) {
279
            throw remote;
280
        }
281

282
        if (local != null) {
283
            throw local;
284
        }
285
    }
286

287
    void startServer(boolean newThread) throws Exception {
288
        if (newThread) {
289
            serverThread = new Thread() {
290
                public void run() {
291
                    try {
292
                        doServerSide();
293
                    } catch (Exception e) {
294
                        /*
295
                         * Our server thread just died.
296
                         *
297
                         * Release the client, if not active already...
298
                         */
299
                        System.err.println("Server died...");
300
                        serverReady = true;
301
                        serverException = e;
302
                    }
303
                }
304
            };
305
            serverThread.start();
306
        } else {
307
            try {
308
                doServerSide();
309
            } catch (Exception e) {
310
                serverException = e;
311
            } finally {
312
                serverReady = true;
313
            }
314
        }
315
    }
316

317
    void startClient(boolean newThread) throws Exception {
318
        if (newThread) {
319
            clientThread = new Thread() {
320
                public void run() {
321
                    try {
322
                        doClientSide();
323
                    } catch (Exception e) {
324
                        /*
325
                         * Our client thread just died.
326
                         */
327
                        System.err.println("Client died...");
328
                        clientException = e;
329
                    }
330
                }
331
            };
332
            clientThread.start();
333
        } else {
334
            try {
335
                doClientSide();
336
            } catch (Exception e) {
337
                clientException = e;
338
            }
339
        }
340
    }
341
}
342

343