1
/*
2
 * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/*
25
 * @test
26
 * @bug 8164879
27
 * @library ../../
28
 * @library /test/lib
29
 * @modules java.base/sun.security.util
30
 * @summary Verify AES/GCM's limits set in the jdk.tls.keyLimits property
31
 * @run main SSLSocketKeyLimit 0 server AES/GCM/NoPadding keyupdate 1000000
32
 * @run main SSLSocketKeyLimit 0 client AES/GCM/NoPadding keyupdate 1000000
33
 * @run main SSLSocketKeyLimit 1 client AES/GCM/NoPadding keyupdate 2^22
34
 */
35

36
 /**
37
  * Verify AES/GCM's limits set in the jdk.tls.keyLimits property
38
  * start a new handshake sequence to renegotiate the symmetric key with an
39
  * SSLSocket connection.  This test verifies the handshake method was called
40
  * via debugging info.  It does not verify the renegotiation was successful
41
  * as that is very hard.
42
  */
43

44
import javax.net.ssl.KeyManagerFactory;
45
import javax.net.ssl.SSLContext;
46
import javax.net.ssl.SSLServerSocket;
47
import javax.net.ssl.SSLServerSocketFactory;
48
import javax.net.ssl.SSLSocket;
49
import javax.net.ssl.SSLSocketFactory;
50
import javax.net.ssl.TrustManagerFactory;
51
import java.io.File;
52
import java.io.InputStream;
53
import java.io.OutputStream;
54
import java.io.PrintWriter;
55
import java.security.KeyStore;
56
import java.security.SecureRandom;
57
import java.util.Arrays;
58

59
import jdk.test.lib.process.OutputAnalyzer;
60
import jdk.test.lib.process.ProcessTools;
61
import jdk.test.lib.Utils;
62
import jdk.test.lib.hexdump.HexPrinter;
63

64
public class SSLSocketKeyLimit {
65
    SSLSocket socket;
66
    private InputStream in;
67
    private OutputStream out;
68

69
    static boolean serverReady = false;
70
    static int serverPort = 0;
71

72
    static String pathToStores = "../../../../javax/net/ssl/etc/";
73
    static String keyStoreFile = "keystore";
74
    static String passwd = "passphrase";
75
    static int dataLen = 10240;
76
    static byte[] data  = new byte[dataLen];
77
    static boolean serverwrite = true;
78
    int totalDataLen = 0;
79
    static boolean done = false;
80

81
    SSLSocketKeyLimit() {
82
    }
83

84
    SSLContext initContext() throws Exception {
85
        SSLContext sc = SSLContext.getInstance("TLSv1.3");
86
        KeyStore ks = KeyStore.getInstance(
87
                new File(System.getProperty("javax.net.ssl.keyStore")),
88
                passwd.toCharArray());
89
        KeyManagerFactory kmf =
90
                KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
91
        kmf.init(ks, passwd.toCharArray());
92
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
93
        tmf.init(ks);
94
        sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
95
        return sc;
96
    }
97

98
    /**
99
     * args should have two values:  server|client, <limit size>
100
     * Prepending 'p' is for internal use only.
101
     */
102
    public static void main(String args[]) throws Exception {
103
        if (args[0].compareTo("p") != 0) {
104

105
            boolean expectedFail = (Integer.parseInt(args[0]) == 1);
106
            if (expectedFail) {
107
                System.out.println("Test expected to not find updated msg");
108
            }
109
            //Write security property file to overwrite default
110
            File f = new File("keyusage."+ System.nanoTime());
111
            PrintWriter p = new PrintWriter(f);
112
            p.write("jdk.tls.keyLimits=");
113
            for (int i = 2; i < args.length; i++) {
114
                p.write(" "+ args[i]);
115
            }
116
            p.close();
117
            System.out.println("Keyusage path = " + f.getAbsolutePath());
118
            System.setProperty("test.java.opts",
119
                    "-Dtest.src=" + System.getProperty("test.src") +
120
                            " -Dtest.jdk=" + System.getProperty("test.jdk") +
121
                            " -Djavax.net.debug=ssl,handshake" +
122
                            " -Djava.security.properties=" + f.getName());
123

124
            System.out.println("test.java.opts: " +
125
                    System.getProperty("test.java.opts"));
126

127
            ProcessBuilder pb = ProcessTools.createTestJvm(
128
                    Utils.addTestJavaOpts("SSLSocketKeyLimit", "p", args[1]));
129

130
            OutputAnalyzer output = ProcessTools.executeProcess(pb);
131
            try {
132
                if (expectedFail) {
133
                    output.shouldNotContain("KeyUpdate: write key updated");
134
                    output.shouldNotContain("KeyUpdate: read key updated");
135
                } else {
136
                    output.shouldContain("trigger key update");
137
                    output.shouldContain("KeyUpdate: write key updated");
138
                    output.shouldContain("KeyUpdate: read key updated");
139
                }
140
            } catch (Exception e) {
141
                throw e;
142
            } finally {
143
                System.out.println("-- BEGIN Stdout:");
144
                System.out.println(output.getStdout());
145
                System.out.println("-- END Stdout");
146
                System.out.println("-- BEGIN Stderr:");
147
                System.out.println(output.getStderr());
148
                System.out.println("-- END Stderr");
149
            }
150
            return;
151
        }
152

153
        if (args.length > 0 && args[0].compareToIgnoreCase("client") == 0) {
154
            serverwrite = false;
155
        }
156

157
        String keyFilename =
158
            System.getProperty("test.src", "./") + "/" + pathToStores +
159
                "/" + keyStoreFile;
160

161
        System.setProperty("javax.net.ssl.keyStore", keyFilename);
162
        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
163

164
        Arrays.fill(data, (byte)0x0A);
165
        Thread ts = new Thread(new Server());
166

167
        ts.start();
168
        while (!serverReady) {
169
            Thread.sleep(100);
170
        }
171
        new Client().run();
172
        ts.join(10000);  // 10sec
173
        System.exit(0);
174
    }
175

176
    void write(SSLSocket s) throws Exception {
177
        int i = 0;
178
        in = s.getInputStream();
179
        out = s.getOutputStream();
180
        while (i++ < 150) {
181
            out.write(data, 0, dataLen);
182
            System.out.print("W");
183
            in.readNBytes(1);
184
            System.out.print("R");
185
        }
186
        out.write(0x0D);
187
        out.flush();
188

189
        // Let read side all the data
190
        while (!done) {
191
            Thread.sleep(100);
192
        }
193
        out.close();
194
        in.close();
195
    }
196

197

198
    void read(SSLSocket s) throws Exception {
199
        byte[] buf = new byte[dataLen];
200
        int len;
201
        byte i = 0;
202
        try {
203
            System.out.println("Server: connected " + s.getSession().getCipherSuite());
204
            in = s.getInputStream();
205
            out = s.getOutputStream();
206
            while (true) {
207
                len = in.read(buf, 0, dataLen);
208
                System.out.print("r");
209
                out.write(i++);
210
                System.out.print("w");
211
                for (byte b: buf) {
212
                    if (b == 0x0A || b == 0x0D) {
213
                        continue;
214
                    }
215
                    System.out.println("\nData invalid: " + HexPrinter.minimal().toString(buf));
216
                    break;
217
                }
218

219
                if (len > 0 && buf[len-1] == 0x0D) {
220
                    System.out.println("got end byte");
221
                    break;
222
                }
223
                totalDataLen += len;
224
            }
225
        } catch (Exception e) {
226
            System.out.println("\n"  + e.getMessage());
227
            e.printStackTrace();
228
        } finally {
229
            // Tell write side that we are done reading
230
            out.close();
231
            in.close();
232
            done = true;
233
        }
234
        System.out.println("\nTotalDataLen = " + totalDataLen);
235
    }
236

237
    static class Server extends SSLSocketKeyLimit implements Runnable {
238
        private SSLServerSocketFactory ssf;
239
        private SSLServerSocket ss;
240
        Server() {
241
            super();
242
            try {
243
                ssf = initContext().getServerSocketFactory();
244
                ss = (SSLServerSocket) ssf.createServerSocket(serverPort);
245
                serverPort = ss.getLocalPort();
246
            } catch (Exception e) {
247
                System.out.println("server: " + e.getMessage());
248
                e.printStackTrace();
249
            }
250
        }
251

252
        public void run() {
253
            try {
254
                serverReady = true;
255
                System.out.println("Server waiting... port: " + serverPort);
256
                socket = (SSLSocket) ss.accept();
257
                if (serverwrite) {
258
                    write(socket);
259
                } else {
260
                    read(socket);
261
                }
262

263
                socket.close();
264
            } catch (Exception e) {
265
                System.out.println("server: " + e.getMessage());
266
                e.printStackTrace();
267
            }
268
            System.out.println("Server closed");
269
        }
270
    }
271

272

273
    static class Client extends SSLSocketKeyLimit implements Runnable {
274
        private SSLSocketFactory sf;
275

276
        Client() {
277
            super();
278
        }
279

280
        public void run() {
281
            try {
282
                sf = initContext().getSocketFactory();
283
                System.out.println("Client: connecting... port: " + serverPort);
284
                socket = (SSLSocket)sf.createSocket("localhost", serverPort);
285
                System.out.println("Client: connected." + socket.getSession().getCipherSuite());
286

287
                // Opposite of what the server does
288
                if (!serverwrite) {
289
                    write(socket);
290
                } else {
291
                    read(socket);
292
                }
293

294
            } catch (Exception e) {
295
                System.err.println("client: " + e.getMessage());
296
                e.printStackTrace();
297
            }
298
        }
299
    }
300
}
301

302