TLSRestrictions.java

/*
 * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.SocketTimeoutException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManagerFactory;

import jdk.testlibrary.OutputAnalyzer;
import jdk.testlibrary.ProcessTools;

/*
 * @test
 * @bug 8165367
 * @summary Verify the restrictions for certificate path on JSSE with custom trust store.
 * @library /lib/testlibrary
 * @compile JSSEClient.java
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions DEFAULT
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions C1
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions S1
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions C2
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions S2
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions C3
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions S3
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions C4
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions S4
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions C5
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions S5
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions C6
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions S6
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions C7
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions S7
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions C8
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions S8
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions C9
 * @run main/othervm -Djava.security.debug=certpath TLSRestrictions S9
 */
public class TLSRestrictions {

    private static final String TEST_CLASSES = System.getProperty("test.classes");
    private static final char[] PASSWORD = "".toCharArray();
    private static final String CERT_DIR = System.getProperty("cert.dir",
            System.getProperty("test.src") + "/certs");

    static final String PROP = "jdk.certpath.disabledAlgorithms";
    static final String NOSHA1 = "MD2, MD5";
    private static final String TLSSERVER = "SHA1 usage TLSServer";
    private static final String TLSCLIENT = "SHA1 usage TLSClient";
    static final String JDKCATLSSERVER = "SHA1 jdkCA & usage TLSServer";
    static final String JDKCATLSCLIENT = "SHA1 jdkCA & usage TLSClient";

    // This is a space holder in command arguments, and stands for none certificate.
    static final String NONE_CERT = "NONE_CERT";

    static final String DELIMITER = ",";
    static final int TIMEOUT = 30000;

    // It checks if java.security contains constraint "SHA1 jdkCA & usage TLSServer"
    // for jdk.certpath.disabledAlgorithms by default.
    private static void checkDefaultConstraint() {
        System.out.println(
                "Case: Checks the default value of jdk.certpath.disabledAlgorithms");
        if (!Security.getProperty(PROP).contains(JDKCATLSSERVER)) {
            throw new RuntimeException(String.format(
                    "%s doesn't contain constraint \"%s\", the real value is \"%s\".",
                    PROP, JDKCATLSSERVER, Security.getProperty(PROP)));
        }
    }

    /*
     * This method creates trust store and key store with specified certificates
     * respectively. And then it creates SSL context with the stores.
     * If trustNames contains NONE_CERT only, it does not create a custom trust
     * store, but the default one in JDK.
     *
     * @param trustNames Trust anchors, which are used to create custom trust store.
     *                   If null, no custom trust store is created and the default
     *                   trust store in JDK is used.
     * @param certNames Certificate chain, which is used to create key store.
     *                  It cannot be null.
     */
    static SSLContext createSSLContext(String[] trustNames,
            String[] certNames) throws Exception {
        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");

        TrustManagerFactory tmf = null;
        if (trustNames != null && trustNames.length > 0
                && !trustNames[0].equals(NONE_CERT)) {
            KeyStore trustStore = KeyStore.getInstance("JKS");
            trustStore.load(null, null);
            for (int i = 0; i < trustNames.length; i++) {
                try (InputStream is = new ByteArrayInputStream(
                        loadCert(trustNames[i]).getBytes())) {
                    Certificate trustCert = certFactory.generateCertificate(is);
                    trustStore.setCertificateEntry("trustCert-" + i, trustCert);
                }
            }

            tmf = TrustManagerFactory.getInstance("PKIX");
            tmf.init(trustStore);
        }

        Certificate[] certChain = new Certificate[certNames.length];
        for (int i = 0; i < certNames.length; i++) {
            try (InputStream is = new ByteArrayInputStream(
                    loadCert(certNames[i]).getBytes())) {
                Certificate cert = certFactory.generateCertificate(is);
                certChain[i] = cert;
            }
        }

        PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(
                Base64.getMimeDecoder().decode(loadPrivKey(certNames[0])));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PrivateKey privKey = keyFactory.generatePrivate(privKeySpec);

        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        keyStore.setKeyEntry("keyCert", privKey, PASSWORD, certChain);

        KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
        kmf.init(keyStore, PASSWORD);

        SSLContext context = SSLContext.getInstance("TLS");
        context.init(kmf.getKeyManagers(),
                tmf == null ? null : tmf.getTrustManagers(), null);
        return context;
    }

    /*
     * This method sets jdk.certpath.disabledAlgorithms, and then retrieves
     * and prints its value.
     */
    static void setConstraint(String side, String constraint) {
        System.out.printf("%s: Old %s=%s%n", side, PROP,
                Security.getProperty(PROP));
        Security.setProperty(PROP, constraint);
        System.out.printf("%s: New %s=%s%n", side, PROP,
                Security.getProperty(PROP));
    }

    /*
     * This method is used to run a variety of cases.
     * It launches a server, and then takes a client to connect the server.
     * Both of server and client use the same certificates.
     *
     * @param trustNames Trust anchors, which are used to create custom trust store.
     *                   If null, the default trust store in JDK is used.
     * @param certNames Certificate chain, which is used to create key store.
     *                  It cannot be null. The first certificate is regarded as
     *                  the end entity.
     * @param serverConstraint jdk.certpath.disabledAlgorithms value on server side.
     * @param clientConstraint jdk.certpath.disabledAlgorithms value on client side.
     * @param needClientAuth If true, server side acquires client authentication;
     *                       otherwise, false.
     * @param pass If true, the connection should be blocked; otherwise, false.
     */
    static void testConstraint(String[] trustNames, String[] certNames,
            String serverConstraint, String clientConstraint,
            boolean needClientAuth, boolean pass) throws Throwable {
        String trustNameStr = trustNames == null ? ""
                : String.join(DELIMITER, trustNames);
        String certNameStr = certNames == null ? ""
                : String.join(DELIMITER, certNames);

        System.out.printf("Case:%n"
                + "  trustNames=%s; certNames=%s%n"
                + "  serverConstraint=%s; clientConstraint=%s%n"
                + "  needClientAuth=%s%n"
                + "  pass=%s%n%n",
                trustNameStr, certNameStr,
                serverConstraint, clientConstraint,
                needClientAuth,
                pass);
        setConstraint("Server", serverConstraint);
        ExecutorService executor = Executors.newFixedThreadPool(1);
        try {
            JSSEServer server = new JSSEServer(
                    createSSLContext(trustNames, certNames),
                    needClientAuth);
            int port = server.getPort();
            Future<Exception> serverFuture = executor.submit(() -> server.start());

            // Run client on another JVM so that its properties cannot be in conflict
            // with server's.
            OutputAnalyzer outputAnalyzer = ProcessTools.executeTestJvm(
                    "-Dcert.dir=" + CERT_DIR,
                    "-Djava.security.debug=certpath",
                    "-classpath",
                    TEST_CLASSES,
                    "JSSEClient",
                    port + "",
                    trustNameStr,
                    certNameStr,
                    clientConstraint);
            int clientExitValue = outputAnalyzer.getExitValue();
            String clientOut = outputAnalyzer.getOutput();
            System.out.println("---------- Client output start ----------");
            System.out.println(clientOut);
            System.out.println("---------- Client output end ----------");

            Exception serverException = serverFuture.get(TIMEOUT, TimeUnit.MILLISECONDS);
            if (serverException instanceof SocketTimeoutException
                    || clientOut.contains("SocketTimeoutException")) {
                System.out.println("The communication gets timeout and skips the test.");
                return;
            }

            if (pass) {
                if (serverException != null || clientExitValue != 0) {
                    throw new RuntimeException(
                            "Unexpected failure. Operation was blocked.");
                }
            } else {
                if (serverException == null && clientExitValue == 0) {
                    throw new RuntimeException(
                            "Unexpected pass. Operation was allowed.");
                }

                // The test may encounter non-SSL issues, like network problem.
                if (!(serverException instanceof SSLHandshakeException
                        || clientOut.contains("SSLHandshakeException"))) {
                    throw new RuntimeException("Failure with unexpected exception.");
                }
            }
        } finally {
            executor.shutdown();
        }
    }

    /*
     * This method is used to run a variety of cases, which don't require client
     * authentication by default.
     */
    static void testConstraint(String[] trustNames, String[] certNames,
            String serverConstraint, String clientConstraint, boolean pass)
            throws Throwable {
        testConstraint(trustNames, certNames, serverConstraint, clientConstraint,
                false, pass);
    }

    public static void main(String[] args) throws Throwable {
        switch (args[0]) {
        // Case DEFAULT only checks one of default settings for
        // jdk.certpath.disabledAlgorithms in JDK/conf/security/java.security.
        case "DEFAULT":
            checkDefaultConstraint();
            break;

        // Cases C1 and S1 use SHA256 root CA in trust store,
        // and use SHA256 end entity in key store.
        // C1 only sets constraint "SHA1 usage TLSServer" on client side;
        // S1 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
        // The connection of the both cases should not be blocked.
        case "C1":
            testConstraint(
                    new String[] { "ROOT_CA_SHA256" },
                    new String[] { "INTER_CA_SHA256-ROOT_CA_SHA256" },
                    NOSHA1,
                    TLSSERVER,
                    true);
            break;
        case "S1":
            testConstraint(
                    new String[] { "ROOT_CA_SHA256" },
                    new String[] { "INTER_CA_SHA256-ROOT_CA_SHA256" },
                    TLSCLIENT,
                    NOSHA1,
                    true,
                    true);
            break;

        // Cases C2 and S2 use SHA256 root CA in trust store,
        // and use SHA1 end entity in key store.
        // C2 only sets constraint "SHA1 usage TLSServer" on client side;
        // S2 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
        // The connection of the both cases should be blocked.
        case "C2":
            testConstraint(
                    new String[] { "ROOT_CA_SHA256" },
                    new String[] { "INTER_CA_SHA1-ROOT_CA_SHA256" },
                    NOSHA1,
                    TLSSERVER,
                    false);
            break;
        case "S2":
            testConstraint(
                    new String[] { "ROOT_CA_SHA256" },
                    new String[] { "INTER_CA_SHA1-ROOT_CA_SHA256" },
                    TLSCLIENT,
                    NOSHA1,
                    true,
                    false);
            break;

        // Cases C3 and S3 use SHA1 root CA in trust store,
        // and use SHA1 end entity in key store.
        // C3 only sets constraint "SHA1 usage TLSServer" on client side;
        // S3 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
        // The connection of the both cases should be blocked.
        case "C3":
            testConstraint(
                    new String[] { "ROOT_CA_SHA1" },
                    new String[] { "INTER_CA_SHA1-ROOT_CA_SHA1" },
                    NOSHA1,
                    TLSSERVER,
                    false);
            break;
        case "S3":
            testConstraint(
                    new String[] { "ROOT_CA_SHA1" },
                    new String[] { "INTER_CA_SHA1-ROOT_CA_SHA1" },
                    TLSCLIENT,
                    NOSHA1,
                    true,
                    false);
            break;

        // Cases C4 and S4 use SHA1 root CA as trust store,
        // and use SHA256 end entity in key store.
        // C4 only sets constraint "SHA1 usage TLSServer" on client side;
        // S4 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
        // The connection of the both cases should not be blocked.
        case "C4":
            testConstraint(
                    new String[] { "ROOT_CA_SHA1" },
                    new String[] { "INTER_CA_SHA256-ROOT_CA_SHA1" },
                    NOSHA1,
                    TLSSERVER,
                    true);
            break;
        case "S4":
            testConstraint(
                    new String[] { "ROOT_CA_SHA1" },
                    new String[] { "INTER_CA_SHA256-ROOT_CA_SHA1" },
                    TLSCLIENT,
                    NOSHA1,
                    true,
                    true);
            break;

        // Cases C5 and S5 use SHA1 root CA in trust store,
        // and use SHA256 intermediate CA and SHA256 end entity in key store.
        // C5 only sets constraint "SHA1 usage TLSServer" on client side;
        // S5 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
        // The connection of the both cases should not be blocked.
        case "C5":
            testConstraint(
                    new String[] { "ROOT_CA_SHA1" },
                    new String[] {
                            "END_ENTITY_SHA256-INTER_CA_SHA256-ROOT_CA_SHA1",
                            "INTER_CA_SHA256-ROOT_CA_SHA1" },
                    NOSHA1,
                    TLSSERVER,
                    true);
            break;
        case "S5":
            testConstraint(
                    new String[] { "ROOT_CA_SHA1" },
                    new String[] {
                            "END_ENTITY_SHA256-INTER_CA_SHA256-ROOT_CA_SHA1",
                            "INTER_CA_SHA256-ROOT_CA_SHA1" },
                    TLSCLIENT,
                    NOSHA1,
                    true,
                    true);
            break;

        // Cases C6 and S6 use SHA1 root CA as trust store,
        // and use SHA1 intermediate CA and SHA256 end entity in key store.
        // C6 only sets constraint "SHA1 usage TLSServer" on client side;
        // S6 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
        // The connection of the both cases should be blocked.
        case "C6":
            testConstraint(
                    new String[] { "ROOT_CA_SHA1" },
                    new String[] {
                            "END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA1",
                            "INTER_CA_SHA1-ROOT_CA_SHA1" },
                    NOSHA1,
                    TLSSERVER,
                    false);
            break;
        case "S6":
            testConstraint(
                    new String[] { "ROOT_CA_SHA1" },
                    new String[] {
                            "END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA1",
                            "INTER_CA_SHA1-ROOT_CA_SHA1" },
                    TLSCLIENT,
                    NOSHA1,
                    true,
                    false);
            break;

        // Cases C7 and S7 use SHA256 root CA in trust store,
        // and use SHA256 intermediate CA and SHA1 end entity in key store.
        // C7 only sets constraint "SHA1 usage TLSServer" on client side;
        // S7 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
        // The connection of the both cases should be blocked.
        case "C7":
            testConstraint(
                    new String[] { "ROOT_CA_SHA256" },
                    new String[] {
                            "END_ENTITY_SHA1-INTER_CA_SHA256-ROOT_CA_SHA256",
                            "INTER_CA_SHA256-ROOT_CA_SHA256" },
                    NOSHA1,
                    TLSSERVER,
                    false);
            break;
        case "S7":
            testConstraint(
                    new String[] { "ROOT_CA_SHA256" },
                    new String[] {
                            "END_ENTITY_SHA1-INTER_CA_SHA256-ROOT_CA_SHA256",
                            "INTER_CA_SHA256-ROOT_CA_SHA256" },
                    TLSCLIENT,
                    NOSHA1,
                    true,
                    false);
            break;

        // Cases C8 and S8 use SHA256 root CA in trust store,
        // and use SHA1 intermediate CA and SHA256 end entity in key store.
        // C8 only sets constraint "SHA1 usage TLSServer" on client side;
        // S8 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
        // The connection of the both cases should be blocked.
        case "C8":
            testConstraint(
                    new String[] { "ROOT_CA_SHA256" },
                    new String[] {
                            "END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA256",
                            "INTER_CA_SHA1-ROOT_CA_SHA256" },
                    NOSHA1,
                    TLSSERVER,
                    false);
            break;
        case "S8":
            testConstraint(
                    new String[] { "ROOT_CA_SHA256" },
                    new String[] {
                            "END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA256",
                            "INTER_CA_SHA1-ROOT_CA_SHA256" },
                    TLSCLIENT,
                    NOSHA1,
                    true,
                    false);
            break;

        // Cases C9 and S9 use SHA256 root CA and SHA1 intermediate CA in trust store,
        // and use SHA256 end entity in key store.
        // C9 only sets constraint "SHA1 usage TLSServer" on client side;
        // S9 only sets constraint "SHA1 usage TLSClient" on server side with client auth.
        // The connection of the both cases should not be blocked.
        case "C9":
            testConstraint(
                    new String[] {
                            "ROOT_CA_SHA256",
                            "INTER_CA_SHA1-ROOT_CA_SHA256" },
                    new String[] {
                            "END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA256" },
                    NOSHA1,
                    TLSSERVER,
                    true);
            break;
        case "S9":
            testConstraint(
                    new String[] {
                            "ROOT_CA_SHA256",
                            "INTER_CA_SHA1-ROOT_CA_SHA256" },
                    new String[] {
                            "END_ENTITY_SHA256-INTER_CA_SHA1-ROOT_CA_SHA256" },
                    TLSCLIENT,
                    NOSHA1,
                    true,
                    true);
            break;
        }
        System.out.println("Case passed");
        System.out.println("========================================");
    }

    private static String loadCert(String certName) {
        try {
            Path certFilePath = Paths.get(CERT_DIR, certName + ".cer");
            return String.join("\n",
                    Files.lines(certFilePath).filter((String line) -> {
                        return !line.startsWith("Certificate")
                                && !line.startsWith(" ");
                    }).collect(Collectors.toList()));
        } catch (IOException e) {
            throw new RuntimeException("Load certificate failed", e);
        }
    }

    private static String loadPrivKey(String certName) {
        Path priveKeyFilePath = Paths.get(CERT_DIR, certName + "-PRIV.key");
        try {
            return new String(Files.readAllBytes(priveKeyFilePath));
        } catch (IOException e) {
            throw new RuntimeException("Load private key failed", e);
        }
    }
}