1
/*
2
 * Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
//
25
// SunJSSE does not support dynamic system properties, no way to re-use
26
// system properties in samevm/agentvm mode.
27
//
28

29
/*
30
 * @test
31
 * @bug 4980882 8207250 8237474
32
 * @summary SSLEngine should enforce setUseClientMode
33
 * @run main/othervm EngineEnforceUseClientMode
34
 * @author Brad R. Wetmore
35
 */
36

37
import javax.net.ssl.*;
38
import javax.net.ssl.SSLEngineResult.*;
39
import java.io.*;
40
import java.security.*;
41
import java.nio.*;
42

43
public class EngineEnforceUseClientMode {
44

45
    private static boolean debug = false;
46

47
    private SSLContext sslc;
48
    private SSLEngine ssle1;    // client
49
    private SSLEngine ssle2;    // server
50

51
    private SSLEngine ssle3;    // server
52
    private SSLEngine ssle4;    // server
53
    private SSLEngine ssle5;    // server
54

55
    private static String pathToStores = "../../../../javax/net/ssl/etc";
56
    private static String keyStoreFile = "keystore";
57
    private static String trustStoreFile = "truststore";
58
    private static String passwd = "passphrase";
59

60
    private static String keyFilename =
61
            System.getProperty("test.src", "./") + "/" + pathToStores +
62
                "/" + keyStoreFile;
63
    private static String trustFilename =
64
            System.getProperty("test.src", "./") + "/" + pathToStores +
65
                "/" + trustStoreFile;
66

67
    private ByteBuffer appOut1;         // write side of ssle1
68
    private ByteBuffer appIn1;          // read side of ssle1
69
    private ByteBuffer appOut2;         // write side of ssle2
70
    private ByteBuffer appIn2;          // read side of ssle2
71

72
    private ByteBuffer oneToTwo;        // "reliable" transport ssle1->ssle2
73
    private ByteBuffer twoToOne;        // "reliable" transport ssle2->ssle1
74

75
    /*
76
     * Majority of the test case is here, setup is done below.
77
     */
78
    private void createSSLEngines() throws Exception {
79
        ssle1 = sslc.createSSLEngine("client", 1);
80
        ssle1.setUseClientMode(true);
81

82
        ssle2 = sslc.createSSLEngine();
83
        ssle2.setUseClientMode(false);
84
        ssle2.setNeedClientAuth(true);
85

86
        /*
87
         * Note, these are not initialized to client/server
88
         */
89
        ssle3 = sslc.createSSLEngine();
90
        ssle4 = sslc.createSSLEngine();
91
        ssle5 = sslc.createSSLEngine();
92
        //Check default SSLEngine role.
93
        if (ssle5.getUseClientMode()) {
94
            throw new RuntimeException("Expected default role to be server");
95
        }
96

97
    }
98

99
    private void runTest() throws Exception {
100

101
        createSSLEngines();
102
        createBuffers();
103

104
        /*
105
         * First try the engines with no client/server initialization
106
         * All should fail.
107
         */
108
        try {
109
            System.out.println("Testing wrap()");
110
            ssle3.wrap(appOut1, oneToTwo);
111
            throw new RuntimeException(
112
                "wrap():  Didn't catch the exception properly");
113
        } catch (IllegalStateException e) {
114
            System.out.println("Caught the correct exception.");
115
            oneToTwo.flip();
116
            if (oneToTwo.hasRemaining()) {
117
                throw new Exception("wrap generated data");
118
            }
119
            oneToTwo.clear();
120
        }
121

122
        try {
123
            System.out.println("Testing unwrap()");
124
            ssle4.unwrap(oneToTwo, appIn1);
125
            throw new RuntimeException(
126
                "unwrap():  Didn't catch the exception properly");
127
        } catch (IllegalStateException e) {
128
            System.out.println("Caught the correct exception.");
129
            appIn1.flip();
130
            if (appIn1.hasRemaining()) {
131
                throw new Exception("unwrap generated data");
132
            }
133
            appIn1.clear();
134
        }
135

136
        try {
137
            System.out.println("Testing beginHandshake()");
138
            ssle5.beginHandshake();
139
            throw new RuntimeException(
140
                "unwrap():  Didn't catch the exception properly");
141
        } catch (IllegalStateException e) {
142
            System.out.println("Caught the correct exception.");
143
        }
144

145
        boolean dataDone = false;
146

147
        SSLEngineResult result1;        // ssle1's results from last operation
148
        SSLEngineResult result2;        // ssle2's results from last operation
149

150
        while (!isEngineClosed(ssle1) || !isEngineClosed(ssle2)) {
151

152
            log("================");
153

154
            result1 = ssle1.wrap(appOut1, oneToTwo);
155
            result2 = ssle2.wrap(appOut2, twoToOne);
156

157
            log("wrap1:  " + result1);
158
            log("oneToTwo  = " + oneToTwo);
159
            log("");
160

161
            log("wrap2:  " + result2);
162
            log("twoToOne  = " + twoToOne);
163

164
            runDelegatedTasks(result1, ssle1);
165
            runDelegatedTasks(result2, ssle2);
166

167
            oneToTwo.flip();
168
            twoToOne.flip();
169

170
            log("----");
171

172
            result1 = ssle1.unwrap(twoToOne, appIn1);
173
            result2 = ssle2.unwrap(oneToTwo, appIn2);
174

175
            log("unwrap1: " + result1);
176
            log("twoToOne  = " + twoToOne);
177
            log("");
178

179
            log("unwrap2: " + result2);
180
            log("oneToTwo  = " + oneToTwo);
181

182
            runDelegatedTasks(result1, ssle1);
183
            runDelegatedTasks(result2, ssle2);
184

185
            oneToTwo.compact();
186
            twoToOne.compact();
187

188
            /*
189
             * If we've transfered all the data between app1 and app2,
190
             * we try to close and see what that gets us.
191
             */
192
            if (!dataDone && (appOut1.limit() == appIn2.position()) &&
193
                    (appOut2.limit() == appIn1.position())) {
194

195
                checkTransfer(appOut1, appIn2);
196
                checkTransfer(appOut2, appIn1);
197

198
                // Should not be able to set mode now, no matter if
199
                // it is the same of different.
200
                System.out.println("Try changing modes...");
201
                for (boolean b : new Boolean[] {true, false}) {
202
                    try {
203
                        ssle2.setUseClientMode(b);
204
                        throw new RuntimeException(
205
                                "setUseClientMode(" + b + "):  " +
206
                                        "Didn't catch the exception properly");
207
                    } catch (IllegalArgumentException e) {
208
                        System.out.println("Caught the correct exception.");
209
                    }
210
                }
211

212
                return;
213
            }
214
        }
215
    }
216

217
    public static void main(String args[]) throws Exception {
218

219
        EngineEnforceUseClientMode test;
220

221
        test = new EngineEnforceUseClientMode();
222

223
        test.createSSLEngines();
224

225
        test.runTest();
226

227
        System.out.println("Test Passed.");
228
    }
229

230
    /*
231
     * **********************************************************
232
     * Majority of the test case is above, below is just setup stuff
233
     * **********************************************************
234
     */
235

236
    public EngineEnforceUseClientMode() throws Exception {
237
        sslc = getSSLContext(keyFilename, trustFilename);
238
    }
239

240
    /*
241
     * Create an initialized SSLContext to use for this test.
242
     */
243
    private SSLContext getSSLContext(String keyFile, String trustFile)
244
            throws Exception {
245

246
        KeyStore ks = KeyStore.getInstance("JKS");
247
        KeyStore ts = KeyStore.getInstance("JKS");
248

249
        char[] passphrase = "passphrase".toCharArray();
250

251
        ks.load(new FileInputStream(keyFile), passphrase);
252
        ts.load(new FileInputStream(trustFile), passphrase);
253

254
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
255
        kmf.init(ks, passphrase);
256

257
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
258
        tmf.init(ts);
259

260
        SSLContext sslCtx = SSLContext.getInstance("TLS");
261

262
        sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
263

264
        return sslCtx;
265
    }
266

267
    private void createBuffers() {
268
        // Size the buffers as appropriate.
269

270
        SSLSession session = ssle1.getSession();
271
        int appBufferMax = session.getApplicationBufferSize();
272
        int netBufferMax = session.getPacketBufferSize();
273

274
        appIn1 = ByteBuffer.allocateDirect(appBufferMax + 50);
275
        appIn2 = ByteBuffer.allocateDirect(appBufferMax + 50);
276

277
        oneToTwo = ByteBuffer.allocateDirect(netBufferMax);
278
        twoToOne = ByteBuffer.allocateDirect(netBufferMax);
279

280
        appOut1 = ByteBuffer.wrap("Hi Engine2, I'm SSLEngine1".getBytes());
281
        appOut2 = ByteBuffer.wrap("Hello Engine1, I'm SSLEngine2".getBytes());
282

283
        log("AppOut1 = " + appOut1);
284
        log("AppOut2 = " + appOut2);
285
        log("");
286
    }
287

288
    private static void runDelegatedTasks(SSLEngineResult result,
289
            SSLEngine engine) throws Exception {
290

291
        if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
292
            Runnable runnable;
293
            while ((runnable = engine.getDelegatedTask()) != null) {
294
                log("running delegated task...");
295
                runnable.run();
296
            }
297
        }
298
    }
299

300
    private static boolean isEngineClosed(SSLEngine engine) {
301
        return (engine.isOutboundDone() && engine.isInboundDone());
302
    }
303

304
    private static void checkTransfer(ByteBuffer a, ByteBuffer b)
305
            throws Exception {
306
        a.flip();
307
        b.flip();
308

309
        if (!a.equals(b)) {
310
            throw new Exception("Data didn't transfer cleanly");
311
        } else {
312
            log("Data transferred cleanly");
313
        }
314

315
        a.position(a.limit());
316
        b.position(b.limit());
317
        a.limit(a.capacity());
318
        b.limit(b.capacity());
319
    }
320

321
    private static void log(String str) {
322
        if (debug) {
323
            System.out.println(str);
324
        }
325
    }
326
}
327

328