Path: blob/master/test/jdk/sun/security/ssl/ServerHandshaker/HelloExtensionsTest.java
41152 views
/*1* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 817378326* @summary 6u141 IllegalArgumentException: jdk.tls.namedGroups27* run main/othervm HelloExtensionsTest28* run main/othervm HelloExtensionsTest -Djdk.tls.namedGroups="bug, bug"29* run main/othervm HelloExtensionsTest -Djdk.tls.namedGroups="secp521r1"30*31*/32import javax.crypto.*;33import javax.net.ssl.*;34import javax.net.ssl.SSLEngineResult.*;35import java.io.*;36import java.nio.*;37import java.security.*;3839public class HelloExtensionsTest {4041private static boolean debug = false;42private static boolean proceed = true;43private static boolean EcAvailable = isEcAvailable();4445static String pathToStores = "../../../../javax/net/ssl/etc";46private static String keyStoreFile = "keystore";47private static String trustStoreFile = "truststore";48private static String passwd = "passphrase";4950private static String keyFilename =51System.getProperty("test.src", "./") + "/" + pathToStores +52"/" + keyStoreFile;53private static String trustFilename =54System.getProperty("test.src", "./") + "/" + pathToStores +55"/" + trustStoreFile;5657private static void checkDone(SSLEngine ssle) throws Exception {58if (!ssle.isInboundDone()) {59throw new Exception("isInboundDone isn't done");60}61if (!ssle.isOutboundDone()) {62throw new Exception("isOutboundDone isn't done");63}64}6566private static void runTest(SSLEngine ssle) throws Exception {6768/*6970A client hello message captured via wireshark by selecting71a TLSv1.2 Client Hello record and clicking through to the72TLSv1.2 Record Layer line and then selecting the hex stream73via "copy -> bytes -> hex stream".7475For Record purposes, here's the ClientHello :7677*** ClientHello, TLSv1.278RandomCookie: GMT: 1469560450 bytes = { 108, 140, 12, 202,792, 213, 10, 236, 143, 223, 58, 162, 228, 155, 239, 3, 98,80232, 89, 41, 116, 120, 13, 37, 105, 153, 97, 241 }81Session ID: {}82Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,83TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,84TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,85TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,86TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,87TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,88TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,89TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,90TLS_RSA_WITH_AES_128_CBC_SHA,91TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,92TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,93TLS_DHE_RSA_WITH_AES_128_CBC_SHA,94TLS_DHE_DSS_WITH_AES_128_CBC_SHA,95TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,96TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,97TLS_RSA_WITH_AES_128_GCM_SHA256,98TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,99TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,100TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,101TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,102TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,103TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,104SSL_RSA_WITH_3DES_EDE_CBC_SHA,105TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,106TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,107SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,108SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,109TLS_EMPTY_RENEGOTIATION_INFO_SCSV]110Compression Methods: { 0 }111Extension elliptic_curves, curve names: {secp256r1,112sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1,113sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1,114sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1,115secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}116Extension ec_point_formats, formats: [uncompressed]117Extension signature_algorithms, signature_algorithms:118SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA,119SHA256withECDSA, SHA256withRSA, Unknown (hash:0x3, signature:0x3),120Unknown (hash:0x3, signature:0x1), SHA1withECDSA,121SHA1withRSA, SHA1withDSA122Extension server_name, server_name:123[host_name: bugs.openjdk.java.net]124*/125126String hello = "16030300df010000db03035898b7826c8c0cc" +127"a02d50aec8fdf3aa2e49bef0362e8592974780d25699961f" +128"100003ac023c027003cc025c02900670040c009c013002fc" +129"004c00e00330032c02bc02f009cc02dc031009e00a2c008c" +130"012000ac003c00d0016001300ff01000078000a003400320" +131"0170001000300130015000600070009000a0018000b000c0" +132"019000d000e000f001000110002001200040005001400080" +133"016000b00020100000d00180016060306010503050104030" +134"401030303010203020102020000001a00180000156275677" +135"32e6f70656e6a646b2e6a6176612e6e6574";136137byte[] msg_clihello = hexStringToByteArray(hello);138ByteBuffer bf_clihello = ByteBuffer.wrap(msg_clihello);139140SSLSession session = ssle.getSession();141int appBufferMax = session.getApplicationBufferSize();142int netBufferMax = session.getPacketBufferSize();143144ByteBuffer serverIn = ByteBuffer.allocate(appBufferMax + 50);145ByteBuffer serverOut = ByteBuffer.wrap("I'm Server".getBytes());146ByteBuffer sTOc = ByteBuffer.allocate(netBufferMax);147148ssle.beginHandshake();149150// unwrap the clientHello message.151SSLEngineResult result = ssle.unwrap(bf_clihello, serverIn);152System.out.println("server unwrap " + result);153runDelegatedTasks(result, ssle);154155if (!proceed) {156//expected exception occurred. Don't process anymore157return;158}159160// one more step, ensure the clientHello message is parsed.161SSLEngineResult.HandshakeStatus status = ssle.getHandshakeStatus();162if ( status == HandshakeStatus.NEED_UNWRAP) {163result = ssle.unwrap(bf_clihello, serverIn);164System.out.println("server unwrap " + result);165runDelegatedTasks(result, ssle);166} else if ( status == HandshakeStatus.NEED_WRAP) {167result = ssle.wrap(serverOut, sTOc);168System.out.println("server wrap " + result);169runDelegatedTasks(result, ssle);170} else {171throw new Exception("unexpected handshake status " + status);172}173174// enough, stop175}176177/*178* If the result indicates that we have outstanding tasks to do,179* go ahead and run them in this thread.180*/181private static void runDelegatedTasks(SSLEngineResult result,182SSLEngine engine) throws Exception {183184if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {185Runnable runnable;186try {187while ((runnable = engine.getDelegatedTask()) != null) {188log("\trunning delegated task...");189runnable.run();190}191} catch (ExceptionInInitializerError e) {192String v = System.getProperty("jdk.tls.namedGroups");193if (!EcAvailable || v == null) {194// we weren't expecting this if no EC providers195throw new RuntimeException("Unexpected Error :" + e);196}197if (v != null && v.contains("bug")) {198// OK - we were expecting this Error199log("got expected error for bad jdk.tls.namedGroups");200proceed = false;201return;202} else {203System.out.println("Unexpected error. " +204"jdk.tls.namedGroups value: " + v);205throw e;206}207}208HandshakeStatus hsStatus = engine.getHandshakeStatus();209if (hsStatus == HandshakeStatus.NEED_TASK) {210throw new Exception(211"handshake shouldn't need additional tasks");212}213log("\tnew HandshakeStatus: " + hsStatus);214}215}216217private static byte[] hexStringToByteArray(String s) {218int len = s.length();219byte[] data = new byte[len / 2];220for (int i = 0; i < len; i += 2) {221data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)222+ Character.digit(s.charAt(i+1), 16));223}224return data;225}226227private static boolean isEcAvailable() {228try {229Signature.getInstance("SHA1withECDSA");230Signature.getInstance("NONEwithECDSA");231KeyAgreement.getInstance("ECDH");232KeyFactory.getInstance("EC");233KeyPairGenerator.getInstance("EC");234AlgorithmParameters.getInstance("EC");235} catch (Exception e) {236log("EC not available. Received: " + e);237return false;238}239return true;240}241242public static void main(String args[]) throws Exception {243SSLEngine ssle = createSSLEngine(keyFilename, trustFilename);244runTest(ssle);245System.out.println("Test Passed.");246}247248/*249* Create an initialized SSLContext to use for this test.250*/251static private SSLEngine createSSLEngine(String keyFile, String trustFile)252throws Exception {253254SSLEngine ssle;255256KeyStore ks = KeyStore.getInstance("JKS");257KeyStore ts = KeyStore.getInstance("JKS");258259char[] passphrase = "passphrase".toCharArray();260261ks.load(new FileInputStream(keyFile), passphrase);262ts.load(new FileInputStream(trustFile), passphrase);263264KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");265kmf.init(ks, passphrase);266267TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");268tmf.init(ts);269270SSLContext sslCtx = SSLContext.getInstance("TLS");271272sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);273274ssle = sslCtx.createSSLEngine();275ssle.setUseClientMode(false);276277return ssle;278}279280281private static void log(String str) {282if (debug) {283System.out.println(str);284}285}286}287288289