Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/sun/security/ssl/SSLSessionImpl/ResumeChecksClient.java
41152 views
1
/*

2
 * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
/*

25
 * @test

26
 * @bug 8206929 8212885

27
 * @summary ensure that client only resumes a session if certain properties

28
 *    of the session are compatible with the new connection

29
 * @run main/othervm -Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.server.enableSessionTicketExtension=false -Djdk.tls.client.enableSessionTicketExtension=false ResumeChecksClient BASIC

30
 * @run main/othervm -Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.server.enableSessionTicketExtension=true -Djdk.tls.client.enableSessionTicketExtension=false ResumeChecksClient BASIC

31
 * @run main/othervm -Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.server.enableSessionTicketExtension=true -Djdk.tls.client.enableSessionTicketExtension=true ResumeChecksClient BASIC

32
 * @run main/othervm -Djdk.tls.client.protocols=TLSv1.3 -Djdk.tls.server.enableSessionTicketExtension=true -Djdk.tls.client.enableSessionTicketExtension=true ResumeChecksClient BASIC

33
 * @run main/othervm -Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.server.enableSessionTicketExtension=false -Djdk.tls.client.enableSessionTicketExtension=true ResumeChecksClient BASIC

34
 * @run main/othervm -Djdk.tls.client.protocols=TLSv1.3 -Djdk.tls.server.enableSessionTicketExtension=false -Djdk.tls.client.enableSessionTicketExtension=true ResumeChecksClient BASIC

35
 * @run main/othervm -Djdk.tls.server.enableSessionTicketExtension=false -Djdk.tls.client.enableSessionTicketExtension=true ResumeChecksClient BASIC

36
 * @run main/othervm -Djdk.tls.server.enableSessionTicketExtension=true -Djdk.tls.client.enableSessionTicketExtension=true ResumeChecksClient VERSION_2_TO_3

37
 * @run main/othervm -Djdk.tls.server.enableSessionTicketExtension=true -Djdk.tls.client.enableSessionTicketExtension=true ResumeChecksClient VERSION_3_TO_2

38
 * @run main/othervm -Djdk.tls.client.protocols=TLSv1.3 -Djdk.tls.server.enableSessionTicketExtension=true -Djdk.tls.client.enableSessionTicketExtension=true ResumeChecksClient CIPHER_SUITE

39
 * @run main/othervm -Djdk.tls.client.protocols=TLSv1.3 -Djdk.tls.server.enableSessionTicketExtension=true -Djdk.tls.client.enableSessionTicketExtension=true ResumeChecksClient SIGNATURE_SCHEME

40
 *

41
 */

42


43
import javax.net.*;

44
import javax.net.ssl.*;

45
import java.io.*;

46
import java.security.*;

47
import java.net.*;

48
import java.util.*;

49


50
public class ResumeChecksClient {

51


52
    static String pathToStores = "../../../../javax/net/ssl/etc";

53
    static String keyStoreFile = "keystore";

54
    static String trustStoreFile = "truststore";

55
    static String passwd = "passphrase";

56


57
    enum TestMode {

58
        BASIC,

59
        VERSION_2_TO_3,

60
        VERSION_3_TO_2,

61
        CIPHER_SUITE,

62
        SIGNATURE_SCHEME

63
    }

64


65
    public static void main(String[] args) throws Exception {

66


67
        TestMode mode = TestMode.valueOf(args[0]);

68


69
        String keyFilename =

70
            System.getProperty("test.src", "./") + "/" + pathToStores +

71
                "/" + keyStoreFile;

72
        String trustFilename =

73
            System.getProperty("test.src", "./") + "/" + pathToStores +

74
                "/" + trustStoreFile;

75


76
        System.setProperty("javax.net.ssl.keyStore", keyFilename);

77
        System.setProperty("javax.net.ssl.keyStorePassword", passwd);

78
        System.setProperty("javax.net.ssl.trustStore", trustFilename);

79
        System.setProperty("javax.net.ssl.trustStorePassword", passwd);

80


81
        Server server = startServer();

82
        server.signal();

83
        SSLContext sslContext = SSLContext.getDefault();

84
        while (!server.started) {

85
            Thread.yield();

86
        }

87
        SSLSession firstSession = connect(sslContext, server.port, mode, false);

88


89
        server.signal();

90
        long secondStartTime = System.currentTimeMillis();

91
        Thread.sleep(10);

92
        SSLSession secondSession = connect(sslContext, server.port, mode, true);

93


94
        server.go = false;

95
        server.signal();

96


97
        switch (mode) {

98
        case BASIC:

99
            // fail if session is not resumed

100
            checkResumedSession(firstSession, secondSession);

101
            break;

102
        case VERSION_2_TO_3:

103
        case VERSION_3_TO_2:

104
        case CIPHER_SUITE:

105
        case SIGNATURE_SCHEME:

106
            // fail if a new session is not created

107
            if (secondSession.getCreationTime() <= secondStartTime) {

108
                throw new RuntimeException("Existing session was used");

109
            }

110
            break;

111
        default:

112
            throw new RuntimeException("unknown mode: " + mode);

113
        }

114
    }

115


116
    private static class NoSig implements AlgorithmConstraints {

117


118
        private final String alg;

119


120
        NoSig(String alg) {

121
            this.alg = alg;

122
        }

123


124


125
        private boolean test(String a) {

126
            return !a.toLowerCase().contains(alg.toLowerCase());

127
        }

128


129
        @Override

130
        public boolean permits(Set<CryptoPrimitive> primitives, Key key) {

131
            return true;

132
        }

133
        @Override

134
        public boolean permits(Set<CryptoPrimitive> primitives,

135
            String algorithm, AlgorithmParameters parameters) {

136


137
            return test(algorithm);

138
        }

139
        @Override

140
        public boolean permits(Set<CryptoPrimitive> primitives,

141
            String algorithm, Key key, AlgorithmParameters parameters) {

142


143
            return test(algorithm);

144
        }

145
    }

146


147
    private static SSLSession connect(SSLContext sslContext, int port,

148
        TestMode mode, boolean second) {

149


150
        try {

151
            SSLSocket sock = (SSLSocket)

152
                sslContext.getSocketFactory().createSocket();

153
            SSLParameters params = sock.getSSLParameters();

154


155
            switch (mode) {

156
            case BASIC:

157
                // do nothing to ensure resumption works

158
                break;

159
            case VERSION_2_TO_3:

160
                if (second) {

161
                    params.setProtocols(new String[] {"TLSv1.3"});

162
                } else {

163
                    params.setProtocols(new String[] {"TLSv1.2"});

164
                }

165
                break;

166
            case VERSION_3_TO_2:

167
                if (second) {

168
                    params.setProtocols(new String[] {"TLSv1.2"});

169
                } else {

170
                    params.setProtocols(new String[] {"TLSv1.3"});

171
                }

172
                break;

173
            case CIPHER_SUITE:

174
                if (second) {

175
                    params.setCipherSuites(

176
                        new String[] {"TLS_AES_256_GCM_SHA384"});

177
                } else {

178
                    params.setCipherSuites(

179
                        new String[] {"TLS_AES_128_GCM_SHA256"});

180
                }

181
                break;

182
            case SIGNATURE_SCHEME:

183
                AlgorithmConstraints constraints =

184
                    params.getAlgorithmConstraints();

185
                if (second) {

186
                    params.setAlgorithmConstraints(new NoSig("ecdsa"));

187
                } else {

188
                    params.setAlgorithmConstraints(new NoSig("rsa"));

189
                }

190
                break;

191
            default:

192
                throw new RuntimeException("unknown mode: " + mode);

193
            }

194
            sock.setSSLParameters(params);

195
            sock.connect(new InetSocketAddress("localhost", port));

196
            PrintWriter out = new PrintWriter(

197
                new OutputStreamWriter(sock.getOutputStream()));

198
            out.println("message");

199
            out.flush();

200
            BufferedReader reader = new BufferedReader(

201
                new InputStreamReader(sock.getInputStream()));

202
            String inMsg = reader.readLine();

203
            System.out.println("Client received: " + inMsg);

204
            SSLSession result = sock.getSession();

205
            sock.close();

206
            return result;

207
        } catch (Exception ex) {

208
            // unexpected exception

209
            throw new RuntimeException(ex);

210
        }

211
    }

212


213
    private static void checkResumedSession(SSLSession initSession,

214
            SSLSession resSession) throws Exception {

215
        StringBuilder diffLog = new StringBuilder();

216


217
        // Initial and resumed SSLSessions should have the same creation

218
        // times so they get invalidated together.

219
        long initCt = initSession.getCreationTime();

220
        long resumeCt = resSession.getCreationTime();

221
        if (initCt != resumeCt) {

222
            diffLog.append("Session creation time is different. Initial: ").

223
                    append(initCt).append(", Resumed: ").append(resumeCt).

224
                    append("\n");

225
        }

226


227
        // Ensure that peer and local certificate lists are preserved

228
        if (!Arrays.equals(initSession.getLocalCertificates(),

229
                resSession.getLocalCertificates())) {

230
            diffLog.append("Local certificate mismatch between initial " +

231
                    "and resumed sessions\n");

232
        }

233


234
        if (!Arrays.equals(initSession.getPeerCertificates(),

235
                resSession.getPeerCertificates())) {

236
            diffLog.append("Peer certificate mismatch between initial " +

237
                    "and resumed sessions\n");

238
        }

239


240
        // Buffer sizes should also be the same

241
        if (initSession.getApplicationBufferSize() !=

242
                resSession.getApplicationBufferSize()) {

243
            diffLog.append(String.format(

244
                    "App Buffer sizes differ: Init: %d, Res: %d\n",

245
                    initSession.getApplicationBufferSize(),

246
                    resSession.getApplicationBufferSize()));

247
        }

248


249
        if (initSession.getPacketBufferSize() !=

250
                resSession.getPacketBufferSize()) {

251
            diffLog.append(String.format(

252
                    "Packet Buffer sizes differ: Init: %d, Res: %d\n",

253
                    initSession.getPacketBufferSize(),

254
                    resSession.getPacketBufferSize()));

255
        }

256


257
        // Cipher suite should match

258
        if (!initSession.getCipherSuite().equals(

259
                resSession.getCipherSuite())) {

260
            diffLog.append(String.format(

261
                    "CipherSuite does not match - Init: %s, Res: %s\n",

262
                    initSession.getCipherSuite(), resSession.getCipherSuite()));

263
        }

264


265
        // Peer host/port should match

266
        if (!initSession.getPeerHost().equals(resSession.getPeerHost()) ||

267
                initSession.getPeerPort() != resSession.getPeerPort()) {

268
            diffLog.append(String.format(

269
                    "Host/Port mismatch - Init: %s/%d, Res: %s/%d\n",

270
                    initSession.getPeerHost(), initSession.getPeerPort(),

271
                    resSession.getPeerHost(), resSession.getPeerPort()));

272
        }

273


274
        // Check protocol

275
        if (!initSession.getProtocol().equals(resSession.getProtocol())) {

276
            diffLog.append(String.format(

277
                    "Protocol mismatch - Init: %s, Res: %s\n",

278
                    initSession.getProtocol(), resSession.getProtocol()));

279
        }

280


281
        // If the StringBuilder has any data in it then one of the checks

282
        // above failed and we should throw an exception.

283
        if (diffLog.length() > 0) {

284
            throw new RuntimeException(diffLog.toString());

285
        }

286
    }

287


288
    private static Server startServer() {

289
        Server server = new Server();

290
        new Thread(server).start();

291
        return server;

292
    }

293


294
    private static class Server implements Runnable {

295


296
        public volatile boolean go = true;

297
        private boolean signal = false;

298
        public volatile int port = 0;

299
        public volatile boolean started = false;

300


301
        private synchronized void waitForSignal() {

302
            while (!signal) {

303
                try {

304
                    wait();

305
                } catch (InterruptedException ex) {

306
                    // do nothing

307
                }

308
            }

309
            signal = false;

310
        }

311
        public synchronized void signal() {

312
            signal = true;

313
            notify();

314
        }

315


316
        @Override

317
        public void run() {

318
            try {

319


320
                SSLContext sc = SSLContext.getDefault();

321
                ServerSocketFactory fac = sc.getServerSocketFactory();

322
                SSLServerSocket ssock = (SSLServerSocket)

323
                    fac.createServerSocket(0);

324
                this.port = ssock.getLocalPort();

325


326
                waitForSignal();

327
                started = true;

328
                while (go) {

329
                    try {

330
                        System.out.println("Waiting for connection");

331
                        Socket sock = ssock.accept();

332
                        BufferedReader reader = new BufferedReader(

333
                            new InputStreamReader(sock.getInputStream()));

334
                        String line = reader.readLine();

335
                        System.out.println("server read: " + line);

336
                        PrintWriter out = new PrintWriter(

337
                            new OutputStreamWriter(sock.getOutputStream()));

338
                        out.println(line);

339
                        out.flush();

340
                        waitForSignal();

341
                    } catch (Exception ex) {

342
                        ex.printStackTrace();

343
                    }

344
                }

345
            } catch (Exception ex) {

346
                throw new RuntimeException(ex);

347
            }

348
        }

349
    }

350
}

351


352