1
/*
2
 * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
// SunJSSE does not support dynamic system properties, no way to re-use
25
// system properties in samevm/agentvm mode.
26

27
/*
28
 * @test
29
 * @bug 7188658
30
 * @summary Add possibility to disable client initiated renegotiation
31
 * @run main/othervm RejectClientRenego true SSLv3
32
 * @run main/othervm RejectClientRenego false SSLv3
33
 * @run main/othervm RejectClientRenego true TLSv1
34
 * @run main/othervm RejectClientRenego false TLSv1
35
 * @run main/othervm RejectClientRenego true TLSv1.1
36
 * @run main/othervm RejectClientRenego false TLSv1.1
37
 * @run main/othervm RejectClientRenego true TLSv1.2
38
 * @run main/othervm RejectClientRenego false TLSv1.2
39
 */
40

41
import java.io.*;
42
import java.net.*;
43
import java.security.Security;
44
import javax.net.ssl.*;
45

46
public class RejectClientRenego implements
47
        HandshakeCompletedListener {
48

49
    static byte handshakesCompleted = 0;
50

51
    /*
52
     * Define what happens when handshaking is completed
53
     */
54
    public void handshakeCompleted(HandshakeCompletedEvent event) {
55
        synchronized (this) {
56
            handshakesCompleted++;
57
            System.out.println("Session: " + event.getSession().toString());
58
            System.out.println("Seen handshake completed #" +
59
                handshakesCompleted);
60
        }
61
    }
62

63
    /*
64
     * =============================================================
65
     * Set the various variables needed for the tests, then
66
     * specify what tests to run on each side.
67
     */
68

69
    /*
70
     * Should we run the client or server in a separate thread?
71
     * Both sides can throw exceptions, but do you have a preference
72
     * as to which side should be the main thread.
73
     */
74
    static boolean separateServerThread = false;
75

76
    /*
77
     * Where do we find the keystores?
78
     */
79
    static String pathToStores = "../../../../javax/net/ssl/etc";
80
    static String keyStoreFile = "keystore";
81
    static String trustStoreFile = "truststore";
82
    static String passwd = "passphrase";
83

84
    /*
85
     * Is the server ready to serve?
86
     */
87
    volatile static boolean serverReady = false;
88

89
    /*
90
     * Turn on SSL debugging?
91
     */
92
    static boolean debug = false;
93

94
    /*
95
     * If the client or server is doing some kind of object creation
96
     * that the other side depends on, and that thread prematurely
97
     * exits, you may experience a hang.  The test harness will
98
     * terminate all hung threads after its timeout has expired,
99
     * currently 3 minutes by default, but you might try to be
100
     * smart about it....
101
     */
102

103
    /*
104
     * Define the server side of the test.
105
     *
106
     * If the server prematurely exits, serverReady will be set to true
107
     * to avoid infinite hangs.
108
     */
109
    void doServerSide() throws Exception {
110
        SSLServerSocketFactory sslssf =
111
            (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
112
        SSLServerSocket sslServerSocket =
113
            (SSLServerSocket) sslssf.createServerSocket(serverPort);
114

115
        serverPort = sslServerSocket.getLocalPort();
116

117
        /*
118
         * Signal Client, we're ready for his connect.
119
         */
120
        serverReady = true;
121

122
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
123
        sslSocket.setEnabledProtocols(new String[] { tlsProtocol });
124
        sslSocket.addHandshakeCompletedListener(this);
125
        InputStream sslIS = sslSocket.getInputStream();
126
        OutputStream sslOS = sslSocket.getOutputStream();
127

128
        for (int i = 0; i < 10; i++) {
129
            sslIS.read();
130
            sslOS.write(85);
131
            sslOS.flush();
132
        }
133

134
        try {
135
            for (int i = 0; i < 10; i++) {
136
                System.out.println("sending/receiving data, iteration: " + i);
137
                sslIS.read();
138
                sslOS.write(85);
139
                sslOS.flush();
140
            }
141
            throw new Exception("Not reject client initialized renegotiation");
142
        } catch (IOException ioe) {
143
            System.out.println("Got the expected exception");
144
        } finally {
145
            sslSocket.close();
146
        }
147
    }
148

149
    /*
150
     * Define the client side of the test.
151
     *
152
     * If the server prematurely exits, serverReady will be set to true
153
     * to avoid infinite hangs.
154
     */
155
    void doClientSide() throws Exception {
156

157
        /*
158
         * Wait for server to get started.
159
         */
160
        while (!serverReady) {
161
            Thread.sleep(50);
162
        }
163

164
        SSLSocketFactory sslsf =
165
            (SSLSocketFactory) SSLSocketFactory.getDefault();
166
        SSLSocket sslSocket = (SSLSocket)
167
            sslsf.createSocket("localhost", serverPort);
168
        sslSocket.setEnabledProtocols(new String[] { tlsProtocol });
169

170
        InputStream sslIS = sslSocket.getInputStream();
171
        OutputStream sslOS = sslSocket.getOutputStream();
172

173
        for (int i = 0; i < 10; i++) {
174
            sslOS.write(280);
175
            sslOS.flush();
176
            sslIS.read();
177
        }
178

179
        if (!isAbbreviated) {
180
            System.out.println("invalidating");
181
            sslSocket.getSession().invalidate();
182
        }
183
        System.out.println("starting new handshake");
184
        sslSocket.startHandshake();
185

186
        try {
187
            for (int i = 0; i < 10; i++) {
188
                sslOS.write(280);
189
                sslOS.flush();
190
                sslIS.read();
191
            }
192
            throw new Exception("Not reject client initialized renegotiation");
193
        } catch (IOException ioe) {
194
            System.out.println("Got the expected exception");
195
        } finally {
196
            sslSocket.close();
197
        }
198
    }
199

200
    /*
201
     * =============================================================
202
     * The remainder is just support stuff
203
     */
204

205
    // use any free port by default
206
    volatile int serverPort = 0;
207

208
    volatile Exception serverException = null;
209
    volatile Exception clientException = null;
210

211
    // Is it abbreviated handshake?
212
    private static boolean isAbbreviated = false;
213

214
    // the specified protocol
215
    private static String tlsProtocol;
216

217
    public static void main(String[] args) throws Exception {
218
        String keyFilename =
219
            System.getProperty("test.src", "./") + "/" + pathToStores +
220
                "/" + keyStoreFile;
221
        String trustFilename =
222
            System.getProperty("test.src", "./") + "/" + pathToStores +
223
                "/" + trustStoreFile;
224

225
        System.setProperty("javax.net.ssl.keyStore", keyFilename);
226
        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
227
        System.setProperty("javax.net.ssl.trustStore", trustFilename);
228
        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
229

230
        // reject client initialized SSL renegotiation.
231
        System.setProperty(
232
            "jdk.tls.rejectClientInitiatedRenegotiation", "true");
233

234
        if (debug) {
235
            System.setProperty("javax.net.debug", "all");
236
        }
237

238
        Security.setProperty("jdk.tls.disabledAlgorithms", "");
239

240
        // Is it abbreviated handshake?
241
        if ("true".equals(args[0])) {
242
            isAbbreviated = true;
243
        }
244

245
        tlsProtocol = args[1];
246

247
        /*
248
         * Start the tests.
249
         */
250
        new RejectClientRenego();
251
    }
252

253
    Thread clientThread = null;
254
    Thread serverThread = null;
255

256
    /*
257
     * Primary constructor, used to drive remainder of the test.
258
     *
259
     * Fork off the other side, then do your work.
260
     */
261
    RejectClientRenego() throws Exception {
262
        if (separateServerThread) {
263
            startServer(true);
264
            startClient(false);
265
        } else {
266
            startClient(true);
267
            startServer(false);
268
        }
269

270
        /*
271
         * Wait for other side to close down.
272
         */
273
        if (separateServerThread) {
274
            serverThread.join();
275
        } else {
276
            clientThread.join();
277
        }
278

279
        /*
280
         * When we get here, the test is pretty much over.
281
         *
282
         * If the main thread excepted, that propagates back
283
         * immediately.  If the other thread threw an exception, we
284
         * should report back.
285
         */
286
        if (serverException != null) {
287
            System.out.print("Server Exception:");
288
            throw serverException;
289
        }
290
        if (clientException != null) {
291
            System.out.print("Client Exception:");
292
            throw clientException;
293
        }
294
    }
295

296
    void startServer(boolean newThread) throws Exception {
297
        if (newThread) {
298
            serverThread = new Thread() {
299
                public void run() {
300
                    try {
301
                        doServerSide();
302
                    } catch (Exception e) {
303
                        /*
304
                         * Our server thread just died.
305
                         *
306
                         * Release the client, if not active already...
307
                         */
308
                        System.err.println("Server died...");
309
                        serverReady = true;
310
                        serverException = e;
311
                    }
312
                }
313
            };
314
            serverThread.start();
315
        } else {
316
            doServerSide();
317
        }
318
    }
319

320
    void startClient(boolean newThread) throws Exception {
321
        if (newThread) {
322
            clientThread = new Thread() {
323
                public void run() {
324
                    try {
325
                        doClientSide();
326
                    } catch (Exception e) {
327
                        /*
328
                         * Our client thread just died.
329
                         */
330
                        System.err.println("Client died...");
331
                        clientException = e;
332
                    }
333
                }
334
            };
335
            clientThread.start();
336
        } else {
337
            doClientSide();
338
        }
339
    }
340
}
341

342