1
/*
2
 * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
//
27
// SunJSSE does not support dynamic system properties, no way to re-use
28
// system properties in samevm/agentvm mode.
29
//
30

31
/*
32
 * @test
33
 * @bug 4873188
34
 * @summary Support TLS 1.1
35
 * @modules java.security.jgss
36
 *          java.security.jgss/sun.security.jgss.krb5
37
 *          java.security.jgss/sun.security.krb5:+open
38
 *          java.security.jgss/sun.security.krb5.internal:+open
39
 *          java.security.jgss/sun.security.krb5.internal.ccache
40
 *          java.security.jgss/sun.security.krb5.internal.crypto
41
 *          java.security.jgss/sun.security.krb5.internal.ktab
42
 *          java.base/sun.security.util
43
 * @run main/othervm ExportableStreamCipher
44
 * @author Xuelei Fan
45
 */
46

47
import java.io.IOException;
48
import java.io.InputStream;
49
import java.io.OutputStream;
50
import javax.net.ssl.SSLException;
51
import javax.net.ssl.SSLHandshakeException;
52
import javax.net.ssl.SSLServerSocket;
53
import javax.net.ssl.SSLServerSocketFactory;
54
import javax.net.ssl.SSLSocket;
55
import javax.net.ssl.SSLSocketFactory;
56

57
public class ExportableStreamCipher {
58

59
    /*
60
     * =============================================================
61
     * Set the various variables needed for the tests, then
62
     * specify what tests to run on each side.
63
     */
64

65
    /*
66
     * Should we run the client or server in a separate thread?
67
     * Both sides can throw exceptions, but do you have a preference
68
     * as to which side should be the main thread.
69
     */
70
    static boolean separateServerThread = false;
71

72
    /*
73
     * Where do we find the keystores?
74
     */
75
    static String pathToStores = "../etc";
76
    static String keyStoreFile = "keystore";
77
    static String trustStoreFile = "truststore";
78
    static String passwd = "passphrase";
79

80
    /*
81
     * Is the server ready to serve?
82
     */
83
    volatile static boolean serverReady = false;
84

85
    /*
86
     * Turn on SSL debugging?
87
     */
88
    static boolean debug = false;
89

90
    /*
91
     * If the client or server is doing some kind of object creation
92
     * that the other side depends on, and that thread prematurely
93
     * exits, you may experience a hang.  The test harness will
94
     * terminate all hung threads after its timeout has expired,
95
     * currently 3 minutes by default, but you might try to be
96
     * smart about it....
97
     */
98

99
    /*
100
     * Define the server side of the test.
101
     *
102
     * If the server prematurely exits, serverReady will be set to true
103
     * to avoid infinite hangs.
104
     */
105
    void doServerSide() throws Exception {
106
        SSLServerSocketFactory sslssf =
107
            (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
108
        SSLServerSocket sslServerSocket =
109
            (SSLServerSocket) sslssf.createServerSocket(serverPort);
110

111
        serverPort = sslServerSocket.getLocalPort();
112

113
        /*
114
         * Signal Client, we're ready for his connect.
115
         */
116
        serverReady = true;
117

118
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
119
        InputStream sslIS = sslSocket.getInputStream();
120
        OutputStream sslOS = sslSocket.getOutputStream();
121

122
        boolean interrupted = false;
123
        try {
124
            sslIS.read();
125
            sslOS.write('A');
126
            sslOS.flush();
127
        } catch (IOException ioe) {
128
            // get the expected exception
129
            interrupted = true;
130
        } finally {
131
            sslSocket.close();
132
        }
133

134
        if (!interrupted) {
135
            throw new SSLHandshakeException(
136
                "A weak cipher suite is negotiated, " +
137
                "TLSv1.1 must not negotiate the exportable cipher suites.");
138
        }
139
    }
140

141
    /*
142
     * Define the client side of the test.
143
     *
144
     * If the server prematurely exits, serverReady will be set to true
145
     * to avoid infinite hangs.
146
     */
147
    void doClientSide() throws Exception {
148

149
        /*
150
         * Wait for server to get started.
151
         */
152
        while (!serverReady) {
153
            Thread.sleep(50);
154
        }
155

156
        SSLSocketFactory sslsf =
157
            (SSLSocketFactory) SSLSocketFactory.getDefault();
158
        SSLSocket sslSocket = (SSLSocket)
159
            sslsf.createSocket("localhost", serverPort);
160

161
        // enable TLSv1.1 only
162
        sslSocket.setEnabledProtocols(new String[] {"TLSv1.1"});
163

164
        // enable a exportable stream cipher
165
        sslSocket.setEnabledCipherSuites(
166
            new String[] {"SSL_RSA_EXPORT_WITH_RC4_40_MD5"});
167

168
        InputStream sslIS = sslSocket.getInputStream();
169
        OutputStream sslOS = sslSocket.getOutputStream();
170

171
        boolean interrupted = false;
172
        try {
173
            sslOS.write('B');
174
            sslOS.flush();
175
            sslIS.read();
176
        } catch (SSLException ssle) {
177
            // get the expected exception
178
            interrupted = true;
179
        } finally {
180
            sslSocket.close();
181
        }
182

183
        if (!interrupted) {
184
            throw new SSLHandshakeException(
185
                "A weak cipher suite is negotiated, " +
186
                "TLSv1.1 must not negotiate the exportable cipher suites.");
187
        }
188
    }
189

190
    /*
191
     * =============================================================
192
     * The remainder is just support stuff
193
     */
194

195
    // use any free port by default
196
    volatile int serverPort = 0;
197

198
    volatile Exception serverException = null;
199
    volatile Exception clientException = null;
200

201
    public static void main(String[] args) throws Exception {
202
        String keyFilename =
203
            System.getProperty("test.src", ".") + "/" + pathToStores +
204
                "/" + keyStoreFile;
205
        String trustFilename =
206
            System.getProperty("test.src", ".") + "/" + pathToStores +
207
                "/" + trustStoreFile;
208

209
        System.setProperty("javax.net.ssl.keyStore", keyFilename);
210
        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
211
        System.setProperty("javax.net.ssl.trustStore", trustFilename);
212
        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
213

214
        if (debug)
215
            System.setProperty("javax.net.debug", "all");
216

217
        /*
218
         * Start the tests.
219
         */
220
        new ExportableStreamCipher();
221
    }
222

223
    Thread clientThread = null;
224
    Thread serverThread = null;
225

226
    /*
227
     * Primary constructor, used to drive remainder of the test.
228
     *
229
     * Fork off the other side, then do your work.
230
     */
231
    ExportableStreamCipher() throws Exception {
232
        try {
233
            if (separateServerThread) {
234
                startServer(true);
235
                startClient(false);
236
            } else {
237
                startClient(true);
238
                startServer(false);
239
            }
240
        } catch (Exception e) {
241
            // swallow for now.  Show later
242
        }
243

244
        /*
245
         * Wait for other side to close down.
246
         */
247
        if (separateServerThread) {
248
            serverThread.join();
249
        } else {
250
            clientThread.join();
251
        }
252

253
        /*
254
         * When we get here, the test is pretty much over.
255
         * Which side threw the error?
256
         */
257
        Exception local;
258
        Exception remote;
259
        String whichRemote;
260

261
        if (separateServerThread) {
262
            remote = serverException;
263
            local = clientException;
264
            whichRemote = "server";
265
        } else {
266
            remote = clientException;
267
            local = serverException;
268
            whichRemote = "client";
269
        }
270

271
        /*
272
         * If both failed, return the curthread's exception, but also
273
         * print the remote side Exception
274
         */
275
        if ((local != null) && (remote != null)) {
276
            System.out.println(whichRemote + " also threw:");
277
            remote.printStackTrace();
278
            System.out.println();
279
            throw local;
280
        }
281

282
        if (remote != null) {
283
            throw remote;
284
        }
285

286
        if (local != null) {
287
            throw local;
288
        }
289
    }
290

291
    void startServer(boolean newThread) throws Exception {
292
        if (newThread) {
293
            serverThread = new Thread() {
294
                public void run() {
295
                    try {
296
                        doServerSide();
297
                    } catch (Exception e) {
298
                        /*
299
                         * Our server thread just died.
300
                         *
301
                         * Release the client, if not active already...
302
                         */
303
                        System.err.println("Server died...");
304
                        serverReady = true;
305
                        serverException = e;
306
                    }
307
                }
308
            };
309
            serverThread.start();
310
        } else {
311
            try {
312
                doServerSide();
313
            } catch (Exception e) {
314
                serverException = e;
315
            } finally {
316
                serverReady = true;
317
            }
318
        }
319
    }
320

321
    void startClient(boolean newThread) throws Exception {
322
        if (newThread) {
323
            clientThread = new Thread() {
324
                public void run() {
325
                    try {
326
                        doClientSide();
327
                    } catch (Exception e) {
328
                        /*
329
                         * Our client thread just died.
330
                         */
331
                        System.err.println("Client died...");
332
                        clientException = e;
333
                    }
334
                }
335
            };
336
            clientThread.start();
337
        } else {
338
            try {
339
                doClientSide();
340
            } catch (Exception e) {
341
                clientException = e;
342
            }
343
        }
344
    }
345
}
346

347