1
/*
2
 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
//
25
// SunJSSE does not support dynamic system properties, no way to re-use
26
// system properties in samevm/agentvm mode.
27
//
28

29
/*
30
 * @test
31
 * @bug 7068321
32
 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
33
 * @library ../SSLEngine ../templates
34
 * @build SSLEngineService SSLCapabilities SSLExplorer
35
 * @run main/othervm SSLEngineExplorerWithSrv
36
 */
37

38
import javax.net.ssl.*;
39
import java.nio.*;
40
import java.net.*;
41
import java.util.*;
42
import java.nio.channels.*;
43

44
public class SSLEngineExplorerWithSrv extends SSLEngineService {
45

46
    /*
47
     * =============================================================
48
     * Set the various variables needed for the tests, then
49
     * specify what tests to run on each side.
50
     */
51

52
    /*
53
     * Should we run the client or server in a separate thread?
54
     * Both sides can throw exceptions, but do you have a preference
55
     * as to which side should be the main thread.
56
     */
57
    static boolean separateServerThread = true;
58

59
    // Is the server ready to serve?
60
    volatile static boolean serverReady = false;
61

62
    /*
63
     * Turn on SSL debugging?
64
     */
65
    static boolean debug = false;
66

67
    /*
68
     * Define the server side of the test.
69
     *
70
     * If the server prematurely exits, serverReady will be set to true
71
     * to avoid infinite hangs.
72
     */
73
    void doServerSide() throws Exception {
74

75
        // create SSLEngine.
76
        SSLEngine ssle = createSSLEngine(false);
77

78
        // Create a server socket channel.
79
        InetSocketAddress isa =
80
                new InetSocketAddress(InetAddress.getLocalHost(), serverPort);
81
        ServerSocketChannel ssc = ServerSocketChannel.open();
82
        ssc.socket().bind(isa);
83
        serverPort = ssc.socket().getLocalPort();
84

85
        // Signal Client, we're ready for his connect.
86
        serverReady = true;
87

88
        // Accept a socket channel.
89
        SocketChannel sc = ssc.accept();
90

91
        // Complete connection.
92
        while (!sc.finishConnect()) {
93
            Thread.sleep(50);
94
            // waiting for the connection completed.
95
        }
96

97
        ByteBuffer buffer = ByteBuffer.allocate(0xFF);
98
        int position = 0;
99
        SSLCapabilities capabilities = null;
100

101
        // Read the header of TLS record
102
        buffer.limit(SSLExplorer.RECORD_HEADER_SIZE);
103
        while (position < SSLExplorer.RECORD_HEADER_SIZE) {
104
            int n = sc.read(buffer);
105
            if (n < 0) {
106
                throw new Exception("unexpected end of stream!");
107
            }
108
            position += n;
109
        }
110
        buffer.flip();
111

112
        int recordLength = SSLExplorer.getRequiredSize(buffer);
113
        if (buffer.capacity() < recordLength) {
114
            ByteBuffer oldBuffer = buffer;
115
            buffer = ByteBuffer.allocate(recordLength);
116
            buffer.put(oldBuffer);
117
        }
118

119
        buffer.position(SSLExplorer.RECORD_HEADER_SIZE);
120
        buffer.limit(buffer.capacity());
121
        while (position < recordLength) {
122
            int n = sc.read(buffer);
123
            if (n < 0) {
124
                throw new Exception("unexpected end of stream!");
125
            }
126
            position += n;
127
        }
128
        buffer.flip();
129

130
        capabilities = SSLExplorer.explore(buffer);
131
        if (capabilities != null) {
132
            System.out.println("Record version: " +
133
                    capabilities.getRecordVersion());
134
            System.out.println("Hello version: " +
135
                    capabilities.getHelloVersion());
136
        }
137

138
        // enable server name indication checking
139
        SNIMatcher matcher = SNIHostName.createSNIMatcher(
140
                                                serverAcceptableHostname);
141
        Collection<SNIMatcher> matchers = new ArrayList<>(1);
142
        matchers.add(matcher);
143
        SSLParameters params = ssle.getSSLParameters();
144
        params.setSNIMatchers(matchers);
145
        ssle.setSSLParameters(params);
146

147
        // handshaking
148
        handshaking(ssle, sc, buffer);
149

150
        // receive application data
151
        receive(ssle, sc);
152

153
        // send out application data
154
        deliver(ssle, sc);
155

156
        // check server name indication
157
        ExtendedSSLSession session = (ExtendedSSLSession)ssle.getSession();
158
        checkCapabilities(capabilities, session);
159

160
        // close the socket channel.
161
        sc.close();
162
        ssc.close();
163
    }
164

165
    /*
166
     * Define the client side of the test.
167
     *
168
     * If the server prematurely exits, serverReady will be set to true
169
     * to avoid infinite hangs.
170
     */
171
    void doClientSide() throws Exception {
172
        // create SSLEngine.
173
        SSLEngine ssle = createSSLEngine(true);
174

175
        /*
176
         * Wait for server to get started.
177
         */
178
        while (!serverReady) {
179
            Thread.sleep(50);
180
        }
181

182
        // Create a non-blocking socket channel.
183
        SocketChannel sc = SocketChannel.open();
184
        sc.configureBlocking(false);
185
        InetSocketAddress isa =
186
                new InetSocketAddress(InetAddress.getLocalHost(), serverPort);
187
        sc.connect(isa);
188

189
        // Complete connection.
190
        while (!sc.finishConnect() ) {
191
            Thread.sleep(50);
192
            // waiting for the connection completed.
193
        }
194

195
        // handshaking
196
        handshaking(ssle, sc, null);
197

198
        // send out application data
199
        deliver(ssle, sc);
200

201
        // receive application data
202
        receive(ssle, sc);
203

204
        // check server name indication
205
        ExtendedSSLSession session = (ExtendedSSLSession)ssle.getSession();
206
        checkSNIInSession(session);
207

208
        // close the socket channel.
209
        sc.close();
210
    }
211

212
    private static String clientRequestedHostname = "www.example.com";
213
    private static String serverAcceptableHostname =
214
                                                "www\\.example\\.(com|org)";
215

216
    void checkCapabilities(SSLCapabilities capabilities,
217
            ExtendedSSLSession session) throws Exception {
218
        List<SNIServerName> sessionSNI = session.getRequestedServerNames();
219
        if (!sessionSNI.equals(capabilities.getServerNames())) {
220
            for (SNIServerName sni : sessionSNI) {
221
                System.out.println("SNI in session is " + sni);
222
            }
223

224
            List<SNIServerName> capaSNI = capabilities.getServerNames();
225
            for (SNIServerName sni : capaSNI) {
226
                System.out.println("SNI in session is " + sni);
227
            }
228

229
            throw new Exception(
230
                    "server name indication does not match capabilities");
231
        }
232

233
        checkSNIInSession(session);
234
    }
235

236
    void checkSNIInSession(ExtendedSSLSession session) throws Exception {
237
        List<SNIServerName> sessionSNI = session.getRequestedServerNames();
238
        if (!sessionSNI.isEmpty()) {
239
            throw new Exception(
240
                    "should be empty request server name indication");
241
        }
242
    }
243

244
    /*
245
     * =============================================================
246
     * The remainder is just support stuff
247
     */
248
    volatile Exception serverException = null;
249
    volatile Exception clientException = null;
250

251
    // use any free port by default
252
    volatile int serverPort = 0;
253

254
    public static void main(String args[]) throws Exception {
255
        if (debug)
256
            System.setProperty("javax.net.debug", "all");
257

258
        new SSLEngineExplorerWithSrv();
259
    }
260

261
    Thread clientThread = null;
262
    Thread serverThread = null;
263

264
    /*
265
     * Primary constructor, used to drive remainder of the test.
266
     *
267
     * Fork off the other side, then do your work.
268
     */
269
    SSLEngineExplorerWithSrv() throws Exception {
270
        super("../etc");
271

272
        if (separateServerThread) {
273
            startServer(true);
274
            startClient(false);
275
        } else {
276
            startClient(true);
277
            startServer(false);
278
        }
279

280
        /*
281
         * Wait for other side to close down.
282
         */
283
        if (separateServerThread) {
284
            serverThread.join();
285
        } else {
286
            clientThread.join();
287
        }
288

289
        /*
290
         * When we get here, the test is pretty much over.
291
         *
292
         * If the main thread excepted, that propagates back
293
         * immediately.  If the other thread threw an exception, we
294
         * should report back.
295
         */
296
        if (serverException != null) {
297
            System.out.print("Server Exception:");
298
            throw serverException;
299
        }
300
        if (clientException != null) {
301
            System.out.print("Client Exception:");
302
            throw clientException;
303
        }
304
    }
305

306
    void startServer(boolean newThread) throws Exception {
307
        if (newThread) {
308
            serverThread = new Thread() {
309
                public void run() {
310
                    try {
311
                        doServerSide();
312
                    } catch (Exception e) {
313
                        /*
314
                         * Our server thread just died.
315
                         *
316
                         * Release the client, if not active already...
317
                         */
318
                        System.err.println("Server died...");
319
                        System.err.println(e);
320
                        serverReady = true;
321
                        serverException = e;
322
                    }
323
                }
324
            };
325
            serverThread.start();
326
        } else {
327
            doServerSide();
328
        }
329
    }
330

331
    void startClient(boolean newThread) throws Exception {
332
        if (newThread) {
333
            clientThread = new Thread() {
334
                public void run() {
335
                    try {
336
                        doClientSide();
337
                    } catch (Exception e) {
338
                        /*
339
                         * Our client thread just died.
340
                         */
341
                        System.err.println("Client died...");
342
                        clientException = e;
343
                    }
344
                }
345
            };
346
            clientThread.start();
347
        } else {
348
            doClientSide();
349
        }
350
    }
351
}
352

353