提交 283de757 编写于 作者: X xuelei

8049429: Tests for java client server communications with various TLS/SSL combinations.

Reviewed-by: xuelei
Contributed-by: NRaghu Nair <raghu.k.nair@oracle.com>
上级 60f3aa95
此差异已折叠。
/**
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 2 only, as published by
* the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
* A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more
* details (a copy is included in the LICENSE file that accompanied this code).
*
* You should have received a copy of the GNU General Public License version 2
* along with this work; if not, write to the Free Software Foundation, Inc., 51
* Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA or
* visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.InputStream;
import java.io.OutputStream;
import java.security.cert.Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
class JSSEClient extends CipherTestUtils.Client {
private static final String DEFAULT = "DEFAULT";
private static final String TLS = "TLS";
private final SSLContext sslContext;
private final MyX509KeyManager keyManager;
private final int serverPort;
private final String serverHost;
private final String testedProtocol;
JSSEClient(CipherTestUtils cipherTest, String serverHost, int serverPort,
String testedProtocols, String testedCipherSuite) throws Exception {
super(cipherTest, testedCipherSuite);
this.serverHost = serverHost;
this.serverPort = serverPort;
this.testedProtocol = testedProtocols;
this.keyManager =
new MyX509KeyManager(cipherTest.getClientKeyManager());
sslContext = SSLContext.getInstance(TLS);
}
@Override
void runTest(CipherTestUtils.TestParameters params) throws Exception {
SSLSocket socket = null;
try {
System.out.println("Connecting to server...");
keyManager.setAuthType(params.clientAuth);
sslContext.init(new KeyManager[]{keyManager},
new TrustManager[]{cipherTest.getClientTrustManager()},
CipherTestUtils.secureRandom);
SSLSocketFactory factory = (SSLSocketFactory) sslContext.
getSocketFactory();
socket = (SSLSocket) factory.createSocket(serverHost,
serverPort);
socket.setSoTimeout(CipherTestUtils.TIMEOUT);
socket.setEnabledCipherSuites(params.cipherSuite.split(","));
if (params.protocol != null && !params.protocol.trim().equals("")
&& !params.protocol.trim().equals(DEFAULT)) {
socket.setEnabledProtocols(params.protocol.split(","));
}
CipherTestUtils.printInfo(socket);
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
sendRequest(in, out);
SSLSession session = socket.getSession();
session.invalidate();
String cipherSuite = session.getCipherSuite();
if (params.cipherSuite.equals(cipherSuite) == false) {
throw new RuntimeException("Negotiated ciphersuite mismatch: "
+ cipherSuite + " != " + params.cipherSuite);
}
String protocol = session.getProtocol();
if (!DEFAULT.equals(params.protocol)
&& !params.protocol.contains(protocol)) {
throw new RuntimeException("Negotiated protocol mismatch: "
+ protocol + " != " + params.protocol);
}
if (!cipherSuite.contains("DH_anon")) {
session.getPeerCertificates();
}
Certificate[] certificates = session.getLocalCertificates();
if (params.clientAuth == null) {
if (certificates != null) {
throw new RuntimeException("Local certificates "
+ "should be null");
}
} else {
if ((certificates == null) || (certificates.length == 0)) {
throw new RuntimeException("Certificates missing");
}
String keyAlg = certificates[0].getPublicKey().getAlgorithm();
if ("EC".equals(keyAlg)) {
keyAlg = "ECDSA";
}
if (params.clientAuth == null ? keyAlg != null
: !params.clientAuth.equals(keyAlg)) {
throw new RuntimeException("Certificate type mismatch: "
+ keyAlg + " != " + params.clientAuth);
}
}
} finally {
if (socket != null) {
socket.close();
}
}
}
}
/**
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 2 only, as published by
* the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
* A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more
* details (a copy is included in the LICENSE file that accompanied this code).
*
* You should have received a copy of the GNU General Public License version 2
* along with this work; if not, write to the Free Software Foundation, Inc., 51
* Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA or
* visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
public class JSSEServer extends CipherTestUtils.Server {
private final SSLServerSocket serverSocket;
private final int serverPort;
static volatile boolean closeServer = false;
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
@Override
public void run() {
System.out.println("JSSE Server listening on port " + serverPort);
while (!closeServer) {
try (final SSLSocket socket = (SSLSocket) serverSocket.accept()) {
socket.setSoTimeout(CipherTestUtils.TIMEOUT);
try (InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream()) {
handleRequest(in, out);
out.flush();
} catch (IOException e) {
CipherTestUtils.addFailure(e);
System.out.println("Got IOException:");
e.printStackTrace(System.err);
}
} catch (Exception e) {
CipherTestUtils.addFailure(e);
System.out.println("Exception:");
e.printStackTrace(System.err);
}
}
}
}
/**
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 2 only, as published by
* the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
* A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more
* details (a copy is included in the LICENSE file that accompanied this code).
*
* You should have received a copy of the GNU General Public License version 2
* along with this work; if not, write to the Free Software Foundation, Inc., 51
* Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA or
* visit www.oracle.com if you need additional information or have any
* questions.
*/
import static java.lang.System.out;
import java.security.Provider;
import java.security.Security;
/**
* @test
* @bug 8049429
* @library ../../../../lib/testlibrary/
* @build jdk.testlibrary.Utils
* @compile CipherTestUtils.java JSSEClient.java JSSEServer.java
* @summary Test that all cipher suites work in all versions and all client
* authentication types. The way this is setup the server is stateless and
* all checking is done on the client side.
* @run main/othervm -DSERVER_PROTOCOL=SSLv3
* -DCLIENT_PROTOCOL=SSLv3
* -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
* @run main/othervm -DSERVER_PROTOCOL=TLSv1
* -DCLIENT_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2
* -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
* @run main/othervm -DSERVER_PROTOCOL=TLSv1.1
* -DCLIENT_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2
* -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
* @run main/othervm -DSERVER_PROTOCOL=TLSv1.2
* -DCLIENT_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2
* -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
* @run main/othervm -DSERVER_PROTOCOL=SSLv3,TLSv1
* -DCLIENT_PROTOCOL=TLSv1 -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
* @run main/othervm -DSERVER_PROTOCOL=SSLv3,TLSv1,TLSv1.1
* -DCLIENT_PROTOCOL=TLSv1.1 -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
* @run main/othervm -DSERVER_PROTOCOL=SSLv3
* -DCLIENT_PROTOCOL=TLSv1.1,TLSv1.2
* -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
* TestJSSE javax.net.ssl.SSLHandshakeException
* @run main/othervm -DSERVER_PROTOCOL=TLSv1
* -DCLIENT_PROTOCOL=TLSv1.1,TLSv1.2
* -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
* TestJSSE javax.net.ssl.SSLHandshakeException
* @run main/othervm -DSERVER_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2
* -DCLIENT_PROTOCOL=TLSv1.2 -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
* @run main/othervm -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1
* -DCLIENT_PROTOCOL=DEFAULT -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
* @run main/othervm -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
* -DCLIENT_PROTOCOL=DEFAULT -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
* @run main/othervm -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
* -DCLIENT_PROTOCOL=DEFAULT -Djdk.tls.client.protocols=TLSv1
* -DCIPHER=SSL_RSA_WITH_RC4_128_MD5 TestJSSE
* @run main/othervm -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1
* -DCLIENT_PROTOCOL=DEFAULT -Djdk.tls.client.protocols=TLSv1.2
* -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
* TestJSSE javax.net.ssl.SSLHandshakeException
*
*/
public class TestJSSE {
private static final String LOCAL_IP = "127.0.0.1";
public static void main(String... args) throws Exception {
String serverProtocol = System.getProperty("SERVER_PROTOCOL");
String clientProtocol = System.getProperty("CLIENT_PROTOCOL");
int port = jdk.testlibrary.Utils.getFreePort();
String cipher = System.getProperty("CIPHER");
if (serverProtocol == null
|| clientProtocol == null
|| cipher == null) {
throw new IllegalArgumentException("SERVER_PROTOCOL "
+ "or CLIENT_PROTOCOL or CIPHER is missing");
}
out.println("ServerProtocol =" + serverProtocol);
out.println("ClientProtocol =" + clientProtocol);
out.println("Cipher =" + cipher);
server(serverProtocol, cipher, port, args);
client(port, clientProtocol, cipher, args);
}
public static void client(int testPort,
String testProtocols, String testCipher,
String... exception) throws Exception {
String expectedException = exception.length >= 1
? exception[0] : null;
out.println("=========================================");
out.println(" Testing - https://" + LOCAL_IP + ":" + testPort);
out.println(" Testing - Protocol : " + testProtocols);
out.println(" Testing - Cipher : " + testCipher);
Provider p = new sun.security.ec.SunEC();
Security.insertProviderAt(p, 1);
try {
CipherTestUtils.main(new JSSEFactory(LOCAL_IP,
testPort, testProtocols,
testCipher, "client JSSE"),
"client", expectedException);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public static void server(String testProtocol, String testCipher,
int testPort,
String... exception) throws Exception {
String expectedException = exception.length >= 1
? exception[0] : null;
out.println(" This is Server");
out.println(" Testing Protocol: " + testProtocol);
out.println(" Testing Cipher: " + testCipher);
out.println(" Testing Port: " + testPort);
Provider p = new sun.security.ec.SunEC();
Security.insertProviderAt(p, 1);
try {
CipherTestUtils.main(new JSSEFactory(null, testPort,
testProtocol, testCipher, "Server JSSE"),
"Server", expectedException);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private static class JSSEFactory extends CipherTestUtils.PeerFactory {
final String testedCipherSuite, testedProtocol, testHost;
final int testPort;
final String name;
JSSEFactory(String testHost, int testPort, String testedProtocol,
String testedCipherSuite, String name) {
this.testedCipherSuite = testedCipherSuite;
this.testedProtocol = testedProtocol;
this.testHost = testHost;
this.testPort = testPort;
this.name = name;
}
@Override
String getName() {
return name;
}
@Override
String getTestedCipher() {
return testedCipherSuite;
}
@Override
String getTestedProtocol() {
return testedProtocol;
}
@Override
CipherTestUtils.Client newClient(CipherTestUtils cipherTest)
throws Exception {
return new JSSEClient(cipherTest, testHost, testPort,
testedProtocol, testedCipherSuite);
}
@Override
CipherTestUtils.Server newServer(CipherTestUtils cipherTest)
throws Exception {
return new JSSEServer(cipherTest, testPort,
testedProtocol, testedCipherSuite);
}
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册