1
/*
2
 * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
//
25
// SunJSSE does not support dynamic system properties, no way to re-use
26
// system properties in samevm/agentvm mode.
27
//
28

29
/*
30
 * @test
31
 * @bug 4323990 4413069 8160838
32
 * @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT
33
 *     Incorrect checking of proxy server response
34
 * @modules jdk.crypto.ec
35
 *          java.base/sun.net.www
36
 * @library /javax/net/ssl/templates
37
 * @run main/othervm ProxyAuthTest fail
38
 * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Basic
39
 *      ProxyAuthTest fail
40
 * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Basic,
41
 *      ProxyAuthTest fail
42
 * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=BAsIc
43
 *      ProxyAuthTest fail
44
 * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Basic,Digest
45
 *      ProxyAuthTest fail
46
 * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Unknown,bAsIc
47
 *      ProxyAuthTest fail
48
 * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=
49
 *      ProxyAuthTest succeed
50
 * @run main/othervm
51
 *      -Djdk.http.auth.tunneling.disabledSchemes=Digest,NTLM,Negotiate
52
 *      ProxyAuthTest succeed
53
 * @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=UNKNOWN,notKnown
54
 *      ProxyAuthTest succeed
55
 */
56

57
import java.io.BufferedReader;
58
import java.io.DataOutputStream;
59
import java.io.IOException;
60
import java.io.InputStreamReader;
61
import java.net.Authenticator;
62
import java.net.InetAddress;
63
import java.net.InetSocketAddress;
64
import java.net.PasswordAuthentication;
65
import java.net.Proxy;
66
import java.net.URL;
67
import javax.net.ssl.HostnameVerifier;
68
import javax.net.ssl.HttpsURLConnection;
69
import javax.net.ssl.SSLSession;
70
import javax.net.ssl.SSLSocket;
71
import javax.net.ssl.SSLContext;
72
import static java.nio.charset.StandardCharsets.US_ASCII;
73

74
/*
75
 * ProxyAuthTest.java -- includes a simple server that can serve
76
 * Http get request in both clear and secure channel, and a client
77
 * that makes https requests behind the firewall through an
78
 * authentication proxy
79
 */
80

81
public class ProxyAuthTest extends SSLSocketTemplate {
82
    private static boolean expectSuccess;
83

84
    ProxyAuthTest() {
85
        serverAddress = InetAddress.getLoopbackAddress();
86
    }
87

88
    /*
89
     * Run the test case.
90
     */
91
    public static void main(String[] args) throws Exception {
92
        // Get the customized arguments.
93
        parseArguments(args);
94

95
        (new ProxyAuthTest()).run();
96
    }
97

98
    @Override
99
    protected boolean isCustomizedClientConnection() {
100
        return true;
101
    }
102

103
    @Override
104
    protected void runServerApplication(SSLSocket socket) throws Exception {
105
        String response = "Proxy authentication for tunneling succeeded ..";
106
        DataOutputStream out = new DataOutputStream(socket.getOutputStream());
107
        try {
108
            BufferedReader in = new BufferedReader(
109
                    new InputStreamReader(socket.getInputStream()));
110

111
            // read the request
112
            readRequest(in);
113

114
            // retrieve bytecodes
115
            byte[] bytecodes = response.getBytes(US_ASCII);
116

117
            // send bytecodes in response (assumes HTTP/1.0 or later)
118
            out.writeBytes("HTTP/1.0 200 OK\r\n");
119
            out.writeBytes("Content-Length: " + bytecodes.length + "\r\n");
120
            out.writeBytes("Content-Type: text/html\r\n\r\n");
121
            out.write(bytecodes);
122
            out.flush();
123
        } catch (IOException e) {
124
            // write out error response
125
            out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n");
126
            out.writeBytes("Content-Type: text/html\r\n\r\n");
127
            out.flush();
128
        }
129
    }
130

131
    @Override
132
    protected void runClientApplication(int serverPort) throws Exception {
133
        /*
134
         * Set the default SSLSocketFactory.
135
         */
136
        SSLContext context = createClientSSLContext();
137
        HttpsURLConnection.setDefaultSSLSocketFactory(
138
                context.getSocketFactory());
139

140
        /*
141
         * setup up a proxy with authentication information
142
         */
143
        ProxyTunnelServer ps = setupProxy();
144

145
        /*
146
         * we want to avoid URLspoofCheck failures in cases where the cert
147
         * DN name does not match the hostname in the URL.
148
         */
149
        HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
150

151
        InetSocketAddress paddr = InetSocketAddress
152
            .createUnresolved(ps.getInetAddress().getHostAddress(),
153
                              ps.getPort());
154
        Proxy proxy = new Proxy(Proxy.Type.HTTP, paddr);
155

156
        InetAddress serverAddress = this.serverAddress;
157
        String host = serverAddress == null
158
                ? "localhost"
159
                : serverAddress.getHostAddress();
160
        if (host.indexOf(':') > -1) host = "[" + host + "]";
161
        URL url = new URL(
162
                "https://" + host + ":" + serverPort + "/index.html");
163
        System.out.println("URL: " + url);
164
        BufferedReader in = null;
165
        HttpsURLConnection uc = (HttpsURLConnection) url.openConnection(proxy);
166
        try {
167
            in = new BufferedReader(new InputStreamReader(uc.getInputStream()));
168
            String inputLine;
169
            System.out.print("Client received from the server: ");
170
            while ((inputLine = in.readLine()) != null) {
171
                System.out.println(inputLine);
172
            }
173
            if (!expectSuccess) {
174
                throw new RuntimeException(
175
                    "Expected exception/failure to connect, but succeeded.");
176
            }
177
        } catch (IOException e) {
178
            if (expectSuccess) {
179
                System.out.println("Client side failed: " + e.getMessage());
180
                throw e;
181
            }
182

183
            // Assert that the error stream is not accessible from the failed
184
            // tunnel setup.
185
            if (uc.getErrorStream() != null) {
186
                throw new RuntimeException("Unexpected error stream.");
187
            }
188

189
            if (!e.getMessage().contains("Unable to tunnel through proxy") ||
190
                !e.getMessage().contains("407")) {
191

192
                throw new RuntimeException(
193
                        "Expected exception about cannot tunnel, " +
194
                        "407, etc, but got", e);
195
            } else {
196
                // Informative
197
                System.out.println(
198
                        "Caught expected exception: " + e.getMessage());
199
            }
200
        } finally {
201
            if (in != null) {
202
                in.close();
203
            }
204
        }
205
    }
206

207

208
    private static void parseArguments(String[] args) {
209
        if (args[0].equals("succeed")) {
210
            expectSuccess = true;
211
        } else {
212
            expectSuccess = false;
213
        }
214
    }
215

216
    /**
217
     * read the response, don't care for the syntax of the request-line
218
     * for this testing
219
     */
220
    private static void readRequest(BufferedReader in) throws IOException {
221
        String line = null;
222
        System.out.println("Server received: ");
223
        do {
224
            if (line != null) {
225
                System.out.println(line);
226
            }
227
            line = in.readLine();
228
        } while ((line.length() != 0) &&
229
                (line.charAt(0) != '\r') && (line.charAt(0) != '\n'));
230
    }
231

232
    private static class NameVerifier implements HostnameVerifier {
233

234
        @Override
235
        public boolean verify(String hostname, SSLSession session) {
236
            return true;
237
        }
238
    }
239

240
    private static ProxyTunnelServer setupProxy() throws IOException {
241
        InetAddress loopback = InetAddress.getLoopbackAddress();
242
        ProxyTunnelServer pserver = new ProxyTunnelServer(loopback);
243

244
        /*
245
         * register a system wide authenticator and setup the proxy for
246
         * authentication
247
         */
248
        Authenticator.setDefault(new TestAuthenticator());
249

250
        // register with the username and password
251
        pserver.needUserAuth(true);
252
        pserver.setUserAuth("Test", "test123");
253

254
        pserver.start();
255
        return pserver;
256
    }
257

258
    private static class TestAuthenticator extends Authenticator {
259

260
        @Override
261
        public PasswordAuthentication getPasswordAuthentication() {
262
            return new PasswordAuthentication("Test", "test123".toCharArray());
263
        }
264
    }
265
}
266

267