1
/*
2
 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
//
25
// SunJSSE does not support dynamic system properties, no way to re-use
26
// system properties in samevm/agentvm mode.
27
//
28

29
/**
30
 * @test
31
 * @bug 7068321
32
 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
33
 * @run main/othervm SSLSocketInconsistentSNI
34
 */
35

36
import java.io.*;
37
import java.nio.*;
38
import java.nio.channels.*;
39
import java.util.*;
40
import java.net.*;
41
import javax.net.ssl.*;
42

43
public class SSLSocketInconsistentSNI {
44

45
    /*
46
     * =============================================================
47
     * Set the various variables needed for the tests, then
48
     * specify what tests to run on each side.
49
     */
50

51
    /*
52
     * Should we run the client or server in a separate thread?
53
     * Both sides can throw exceptions, but do you have a preference
54
     * as to which side should be the main thread.
55
     */
56
    static boolean separateServerThread = true;
57

58
    /*
59
     * Where do we find the keystores?
60
     */
61
    static String pathToStores = "../etc";
62
    static String keyStoreFile = "keystore";
63
    static String trustStoreFile = "truststore";
64
    static String passwd = "passphrase";
65

66
    /*
67
     * Is the server ready to serve?
68
     */
69
    volatile static boolean serverReady = false;
70

71
    /*
72
     * Turn on SSL debugging?
73
     */
74
    static boolean debug = false;
75

76
    /*
77
     * If the client or server is doing some kind of object creation
78
     * that the other side depends on, and that thread prematurely
79
     * exits, you may experience a hang.  The test harness will
80
     * terminate all hung threads after its timeout has expired,
81
     * currently 3 minutes by default, but you might try to be
82
     * smart about it....
83
     */
84

85
    /*
86
     * Define the server side of the test.
87
     *
88
     * If the server prematurely exits, serverReady will be set to true
89
     * to avoid infinite hangs.
90
     */
91
    void doServerSide() throws Exception {
92
        SSLServerSocketFactory sslssf =
93
            (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
94
        SSLServerSocket sslServerSocket =
95
            (SSLServerSocket) sslssf.createServerSocket(serverPort);
96

97
        SNIMatcher matcher = SNIHostName.createSNIMatcher(
98
                                                serverAcceptableHostname);
99
        Collection<SNIMatcher> matchers = new ArrayList<>(1);
100
        matchers.add(matcher);
101
        SSLParameters params = sslServerSocket.getSSLParameters();
102
        params.setSNIMatchers(matchers);
103
        sslServerSocket.setSSLParameters(params);
104

105
        serverPort = sslServerSocket.getLocalPort();
106

107
        /*
108
         * Signal Client, we're ready for his connect.
109
         */
110
        serverReady = true;
111

112
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
113
        try {
114
            InputStream sslIS = sslSocket.getInputStream();
115
            OutputStream sslOS = sslSocket.getOutputStream();
116

117
            sslIS.read();
118
            sslOS.write(85);
119
            sslOS.flush();
120

121
            throw new Exception(
122
                "Mismatched server name indication was accepted");
123
        } catch (SSLHandshakeException sslhe) {
124
            // the expected unrecognized server name indication exception
125
        } catch (IOException ioe) {
126
            // the peer may have closed the socket because of the unmatched
127
            // server name indication.
128
        } finally {
129
            sslSocket.close();
130
            sslServerSocket.close();
131
        }
132
    }
133

134

135
    /*
136
     * Define the client side of the test.
137
     *
138
     * If the server prematurely exits, serverReady will be set to true
139
     * to avoid infinite hangs.
140
     */
141
    void doClientSide() throws Exception {
142

143
        /*
144
         * Wait for server to get started.
145
         */
146
        while (!serverReady) {
147
            Thread.sleep(50);
148
        }
149

150
        SSLSocketFactory sslsf =
151
            (SSLSocketFactory) SSLSocketFactory.getDefault();
152
        SSLSocket sslSocket = (SSLSocket)
153
            sslsf.createSocket("localhost", serverPort);
154

155
        SNIHostName serverName = new SNIHostName(clientRequestedHostname);
156
        List<SNIServerName> serverNames = new ArrayList<>(1);
157
        serverNames.add(serverName);
158
        SSLParameters params = sslSocket.getSSLParameters();
159
        params.setServerNames(serverNames);
160
        sslSocket.setSSLParameters(params);
161

162
        try {
163
            InputStream sslIS = sslSocket.getInputStream();
164
            OutputStream sslOS = sslSocket.getOutputStream();
165

166
            sslOS.write(280);
167
            sslOS.flush();
168
            sslIS.read();
169

170
            throw new Exception(
171
                "Mismatched server name indication was accepted");
172
        } catch (SSLHandshakeException sslhe) {
173
            // the expected unrecognized server name indication exception
174
        } catch (IOException ioe) {
175
            // the peer may have closed the socket because of the unmatched
176
            // server name indication.
177
        } finally {
178
            sslSocket.close();
179
        }
180
    }
181

182
    private static String clientRequestedHostname = "www.example.com";
183
    private static String serverAcceptableHostname = "www\\.example\\.org";
184

185
    /*
186
     * =============================================================
187
     * The remainder is just support stuff
188
     */
189

190
    // use any free port by default
191
    volatile int serverPort = 0;
192

193
    volatile Exception serverException = null;
194
    volatile Exception clientException = null;
195

196
    public static void main(String[] args) throws Exception {
197
        String keyFilename =
198
            System.getProperty("test.src", ".") + "/" + pathToStores +
199
                "/" + keyStoreFile;
200
        String trustFilename =
201
            System.getProperty("test.src", ".") + "/" + pathToStores +
202
                "/" + trustStoreFile;
203

204
        System.setProperty("javax.net.ssl.keyStore", keyFilename);
205
        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
206
        System.setProperty("javax.net.ssl.trustStore", trustFilename);
207
        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
208

209
        if (debug)
210
            System.setProperty("javax.net.debug", "all");
211

212
        /*
213
         * Start the tests.
214
         */
215
        new SSLSocketInconsistentSNI();
216
    }
217

218
    Thread clientThread = null;
219
    Thread serverThread = null;
220

221
    /*
222
     * Primary constructor, used to drive remainder of the test.
223
     *
224
     * Fork off the other side, then do your work.
225
     */
226
    SSLSocketInconsistentSNI() throws Exception {
227
        try {
228
            if (separateServerThread) {
229
                startServer(true);
230
                startClient(false);
231
            } else {
232
                startClient(true);
233
                startServer(false);
234
            }
235
        } catch (Exception e) {
236
            // swallow for now.  Show later
237
        }
238

239
        /*
240
         * Wait for other side to close down.
241
         */
242
        if (separateServerThread) {
243
            serverThread.join();
244
        } else {
245
            clientThread.join();
246
        }
247

248
        /*
249
         * When we get here, the test is pretty much over.
250
         * Which side threw the error?
251
         */
252
        Exception local;
253
        Exception remote;
254
        String whichRemote;
255

256
        if (separateServerThread) {
257
            remote = serverException;
258
            local = clientException;
259
            whichRemote = "server";
260
        } else {
261
            remote = clientException;
262
            local = serverException;
263
            whichRemote = "client";
264
        }
265

266
        /*
267
         * If both failed, return the curthread's exception, but also
268
         * print the remote side Exception
269
         */
270
        if ((local != null) && (remote != null)) {
271
            System.out.println(whichRemote + " also threw:");
272
            remote.printStackTrace();
273
            System.out.println();
274
            throw local;
275
        }
276

277
        if (remote != null) {
278
            throw remote;
279
        }
280

281
        if (local != null) {
282
            throw local;
283
        }
284
    }
285

286
    void startServer(boolean newThread) throws Exception {
287
        if (newThread) {
288
            serverThread = new Thread() {
289
                public void run() {
290
                    try {
291
                        doServerSide();
292
                    } catch (Exception e) {
293
                        /*
294
                         * Our server thread just died.
295
                         *
296
                         * Release the client, if not active already...
297
                         */
298
                        System.err.println("Server died...");
299
                        serverReady = true;
300
                        serverException = e;
301
                    }
302
                }
303
            };
304
            serverThread.start();
305
        } else {
306
            try {
307
                doServerSide();
308
            } catch (Exception e) {
309
                serverException = e;
310
            } finally {
311
                serverReady = true;
312
            }
313
        }
314
    }
315

316
    void startClient(boolean newThread) throws Exception {
317
        if (newThread) {
318
            clientThread = new Thread() {
319
                public void run() {
320
                    try {
321
                        doClientSide();
322
                    } catch (Exception e) {
323
                        /*
324
                         * Our client thread just died.
325
                         */
326
                        System.err.println("Client died...");
327
                        clientException = e;
328
                    }
329
                }
330
            };
331
            clientThread.start();
332
        } else {
333
            try {
334
                doClientSide();
335
            } catch (Exception e) {
336
                clientException = e;
337
            }
338
        }
339
    }
340
}
341

342