diff --git a/jdk/test/javax/net/ssl/templates/SSLContextTemplate.java b/jdk/test/javax/net/ssl/templates/SSLContextTemplate.java index 940fd350948..3af9592e543 100644 --- a/jdk/test/javax/net/ssl/templates/SSLContextTemplate.java +++ b/jdk/test/javax/net/ssl/templates/SSLContextTemplate.java @@ -713,6 +713,59 @@ enum Cert { "5qh/p6izXJZh3IHtvwVBjHoEVplg1b2+I5e3jDCfqnwcQw82dW5SxOJMg1h/BD0I\n" + "qAL3go42DYeYhu/WnECMeis="), + CA_SHA1_RSA_2048( // for DHEKeySizing.java + "RSA", + // Signature Algorithm: sha1WithRSAEncryption + // Issuer: OU = SunJSSE Test Serivce, O = Java, C = US + // Validity + // Not Before: Sep 18 04:38:31 2013 GMT + // Not After : Dec 17 04:38:31 2013 GMT + "-----BEGIN CERTIFICATE-----\n" + + "MIIC8jCCAdqgAwIBAgIEUjkuRzANBgkqhkiG9w0BAQUFADA7MR0wGwYDVQQLExRT\n" + + "dW5KU1NFIFRlc3QgU2VyaXZjZTENMAsGA1UEChMESmF2YTELMAkGA1UEBhMCVVMw\n" + + "HhcNMTMwOTE4MDQzODMxWhcNMTMxMjE3MDQzODMxWjA7MR0wGwYDVQQLExRTdW5K\n" + + "U1NFIFRlc3QgU2VyaXZjZTENMAsGA1UEChMESmF2YTELMAkGA1UEBhMCVVMwggEi\n" + + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCO+IGeaskJAvEcYc7pCl9neK3E\n" + + "a28fwWLtChufYNaC9hQfZlUdETWYjV7fZJVJKT/oLzdDNMWuVA0LKXArpI3thLNK\n" + + "QLXisdF9hKPlZRDazACL9kWUUtJ0FzpEySK4e8wW/z9FuU6e6iO19FbjxAfInJqk\n" + + "3EDiEhB5g73S2vtvPCxgq2DvWw9TDl/LIqdKG2JCS93koXCCaHmQ7MrIOqHPd+8r\n" + + "RbGpatXT9qyHKppUv9ATxVygO4rA794mgCFxpT+fkhz+NEB0twTkM65T1hnnOv5n\n" + + "ZIxkcjBggt85UlZtnP3b9P7SYxsWIa46Oc38Od2f3YejfVg6B+PqPgWNl3+/AgMB\n" + + "AAEwDQYJKoZIhvcNAQEFBQADggEBAAlrP6DFLRPSy0IgQhcI2i56tR/na8pezSte\n" + + "ZHcCdaCZPDy4UP8mpLJ9QCjEB5VJv8hPm4xdK7ULnKGOGHgYqDpV2ZHvQlhV1woQ\n" + + "TZGb/LM3c6kAs0j4j9KM2fq3iYUYexjIkS1KzsziflxMM6igS9BRMBR2LQyU+cYq\n" + + "YEsFzkF7Aj2ET4v/+tgot9mRr2NioJcaJkdsPDpMU3IKB1cczfu+OuLQ/GCG0Fqu\n" + + "6ijCeCqfnaAbemHbJeVZZ6Qgka3uC2YMntLBmLkhqEo1d9zGYLoh7oWL77y5ibQZ\n" + + "LK5/H/zikcu579TWjlDHcqL3arCwBcrtsjSaPrRSWMrWV/6c0qw=\n" + + "-----END CERTIFICATE-----", + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCO+IGeaskJAvEc\n" + + "Yc7pCl9neK3Ea28fwWLtChufYNaC9hQfZlUdETWYjV7fZJVJKT/oLzdDNMWuVA0L\n" + + "KXArpI3thLNKQLXisdF9hKPlZRDazACL9kWUUtJ0FzpEySK4e8wW/z9FuU6e6iO1\n" + + "9FbjxAfInJqk3EDiEhB5g73S2vtvPCxgq2DvWw9TDl/LIqdKG2JCS93koXCCaHmQ\n" + + "7MrIOqHPd+8rRbGpatXT9qyHKppUv9ATxVygO4rA794mgCFxpT+fkhz+NEB0twTk\n" + + "M65T1hnnOv5nZIxkcjBggt85UlZtnP3b9P7SYxsWIa46Oc38Od2f3YejfVg6B+Pq\n" + + "PgWNl3+/AgMBAAECggEAPdb5Ycc4m4A9QBSCRcRpzbyiFLKPh0HDg1n65q4hOtYr\n" + + "kAVYTVFTSF/lqGS+Ob3w2YIKujQKSUQrvCc5UHdFuHXMgxKIWbymK0+DAMb9SlYw\n" + + "6lkkcWp9gx9E4dnJ/df2SAAxovvrKMuHlL1SFASHhVtPfH2URvSfUaANLDXxyYOs\n" + + "8BX0Nr6wazhWjLjXo9yIGnKSvFfB8XisYcA78kEgas43zhmIGCDPqaYyyffOfRbx\n" + + "pM1KNwGmlN86iWR1CbwA/wwhcMySWQueS+s7cHbpRqZIYJF9jEeELiwi0vxjealS\n" + + "EMuHYedIRFMWaDIq9XyjrvXamHb0Z25jlXBNZHaM0QKBgQDE9adl+zAezR/n79vw\n" + + "0XiX2Fx1UEo3ApZHuoA2Q/PcBk+rlKqqQ3IwTcy6Wo648wK7v6Nq7w5nEWcsf0dU\n" + + "QA2Ng/AJEev/IfF34x7sKGYxtk1gcE0EuSBA3R+ocEZxnNw1Ryd5nUU24s8d4jCP\n" + + "Mkothnyaim+zE2raDlEtVc0CaQKBgQC509av+02Uq5oMjzbQp5PBJfQFjATOQT15\n" + + "eefYnVYurkQ1kcVfixkrO2ORhg4SjmI2Z5hJDgGtXdwgidpzkad+R2epS5qLMyno\n" + + "lQVpY6bMpEZ7Mos0yQygxnm8uNohEcTExOe+nP5fNJVpzBsGmfeyYOhnPQlf6oqf\n" + + "0cHizedb5wKBgQC/l5LyMil6HOGHlhzmIm3jj7VI7QR0hJC5T6N+phVml8ESUDjA\n" + + "DYHbmSKouISTRtkG14FY+RiSjCxH7bvuKazFV2289PETquogTA/9e8MFYqfcQwG4\n" + + "sXi9gBxWlnj/9a2EKiYtOB5nKLR/BlNkSHA93tAA6N+FXEMZwMmYhxk42QKBgAuY\n" + + "HQgD3PZOsqDf+qKQIhbmAFCsSMx5o5VFtuJ8BpmJA/Z3ruHkMuDQpsi4nX4o5hXQ\n" + + "5t6AAjjH52kcUMXvK40kdWJJtk3DFnVNfvXxYsHX6hHbuHXFqYUKfSP6QJnZmvZP\n" + + "9smcz/4usLfWJUWHK740b6upUkFqx9Vq5/b3s9y3AoGAdM5TW7LkkOFsdMGVAUzR\n" + + "9iXmCWElHTK2Pcp/3yqDBHSfiQx6Yp5ANyPnE9NBM0yauCfOyBB2oxLO4Rdv3Rqk\n" + + "9V9kyR/YAGr7dJaPcQ7pZX0OpkzgueAOJYPrx5VUzPYUtklYV1ycFZTfKlpFCxT+\n" + + "Ei6KUo0NXSdUIcB4yib1J10=" + ), + EE_EC_RSA_SECP256R1( "EC", // SHA256withRSA, curve secp256r1 @@ -923,7 +976,41 @@ enum Cert { "ofaiiWffsaytVvotmT6+atElvAMbAua42V+nAQKBgHtIn3mYMHLriYGhQzpkFEA2\n" + "8YcAMlKppueOMAKVy8nLu2r3MidmLAhMiKJQKG45I3Yg0/t/25tXLiOPJlwrOebh\n" + "xQqUBI/JUOIpGAEnr48jhOXnCS+i+z294G5U/RgjXrlR4bCPvrtCmwzWwe0h79w2\n" + - "Q2hO5ZTW6UD9CVA85whf"); + "Q2hO5ZTW6UD9CVA85whf"), + + DSA_SHA1_1024_EXPIRED( // for NullCerts test + "DSA", + // Signature Algorithm: dsaWithSHA1 + // Issuer: C = US, ST = CA, L = Cupertino, O = Dummy, OU = Dummy, CN = Example + // Validity + // Not Before: Mar 11 06:33:43 2001 GMT + // Not After : Dec 6 06:33:43 2003 GMT + "-----BEGIN CERTIFICATE-----\n" + + "MIIC9TCCArMCBDqrHEcwCwYHKoZIzjgEAwUAMGAxCzAJBgNVBAYTAlVTMQswCQYD\n" + + "VQQIEwJDQTESMBAGA1UEBxMJQ3VwZXJ0aW5vMQ4wDAYDVQQKEwVEdW1teTEOMAwG\n" + + "A1UECxMFRHVtbXkxEDAOBgNVBAMTB0V4YW1wbGUwHhcNMDEwMzExMDYzMzQzWhcN\n" + + "MDMxMjA2MDYzMzQzWjBgMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNV\n" + + "BAcTCUN1cGVydGlubzEOMAwGA1UEChMFRHVtbXkxDjAMBgNVBAsTBUR1bW15MRAw\n" + + "DgYDVQQDEwdFeGFtcGxlMIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIp\n" + + "Ut9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7\n" + + "gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1\n" + + "VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUC\n" + + "gYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCB\n" + + "gLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6\n" + + "ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAPqO/boo\n" + + "m+n+tAdqetoQ2ZRoS8BpYIEFOJt4OJ8flb52T3vGNNdapq9pbjN+HKrT62ggNhZs\n" + + "hajxYwFCpaidKZuGQXvvpHkj0UHjhZFry6Dd41cfEG13dfgACf8uooeTzPGFvUPv\n" + + "TCHcPRh820BZMeOqdS4PjWPyf3HEtiTtFWR7MAsGByqGSM44BAMFAAMvADAsAhRH\n" + + "dZQef04MwUTlAALf2J6PIcgmQAIUB2H/RnW2tVg+mbCl5jQLfudsEhI=\n" + + "-----END CERTIFICATE-----", + "MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS\n" + + "PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVCl\n" + + "pJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith\n" + + "1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7L\n" + + "vKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3\n" + + "zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo\n" + + "g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUZC+jBuwAPm8ejkybfAm2gT49ApY=" + ); final String keyAlgo; final String certStr; diff --git a/jdk/test/javax/net/ssl/templates/SSLEngineTemplate.java b/jdk/test/javax/net/ssl/templates/SSLEngineTemplate.java index 08d95fcd4c9..9c044f32ebf 100644 --- a/jdk/test/javax/net/ssl/templates/SSLEngineTemplate.java +++ b/jdk/test/javax/net/ssl/templates/SSLEngineTemplate.java @@ -92,14 +92,22 @@ protected SSLEngineTemplate() throws Exception { cTOs = ByteBuffer.allocateDirect(netBufferMax); sTOc = ByteBuffer.allocateDirect(netBufferMax); - clientOut = ByteBuffer.wrap("Hi Server, I'm Client".getBytes()); - serverOut = ByteBuffer.wrap("Hello Client, I'm Server".getBytes()); + clientOut = createClientOutputBuffer(); + serverOut = createServerOutputBuffer(); + } + + protected ByteBuffer createServerOutputBuffer() { + return ByteBuffer.wrap("Hello Client, I'm Server".getBytes()); } // // Protected methods could be used to customize the test case. // + protected ByteBuffer createClientOutputBuffer() { + return ByteBuffer.wrap("Hi Server, I'm Client".getBytes()); + } + /* * Configure the client side engine. */ diff --git a/jdk/test/sun/security/ssl/ClientHandshaker/LengthCheckTest.java b/jdk/test/sun/security/ssl/ClientHandshaker/LengthCheckTest.java index 519290c521e..50d7787095d 100644 --- a/jdk/test/sun/security/ssl/ClientHandshaker/LengthCheckTest.java +++ b/jdk/test/sun/security/ssl/ClientHandshaker/LengthCheckTest.java @@ -26,7 +26,7 @@ * @bug 8044860 * @summary Vectors and fixed length fields should be verified * for allowed sizes. - * @library /lib/security + * @library /lib/security /javax/net/ssl/templates * @run main/othervm LengthCheckTest * @key randomness */ @@ -69,14 +69,13 @@ import javax.net.ssl.*; import javax.net.ssl.SSLEngineResult.*; -import java.io.*; import java.security.*; import java.nio.*; import java.util.List; import java.util.ArrayList; import java.util.Iterator; -public class LengthCheckTest { +public class LengthCheckTest extends SSLEngineTemplate { /* * Enables logging of the SSLEngine operations. @@ -95,41 +94,9 @@ public class LengthCheckTest { private static final boolean debug = false; private static final boolean dumpBufs = true; - private final SSLContext sslc; - - private SSLEngine clientEngine; // client Engine - private ByteBuffer clientOut; // write side of clientEngine - private ByteBuffer clientIn; // read side of clientEngine - - private SSLEngine serverEngine; // server Engine - private ByteBuffer serverOut; // write side of serverEngine - private ByteBuffer serverIn; // read side of serverEngine private HandshakeTest handshakeTest; - /* - * For data transport, this example uses local ByteBuffers. This - * isn't really useful, but the purpose of this example is to show - * SSLEngine concepts, not how to do network transport. - */ - private ByteBuffer cTOs; // "reliable" transport client->server - private ByteBuffer sTOc; // "reliable" transport server->client - - /* - * The following is to set up the keystores. - */ - private static final String pathToStores = "../../../../javax/net/ssl/etc"; - private static final String keyStoreFile = "keystore"; - private static final String trustStoreFile = "truststore"; - private static final String passwd = "passphrase"; - - private static final String keyFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + keyStoreFile; - private static final String trustFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + trustStoreFile; - // Define a few basic TLS record and message types we might need private static final int TLS_RECTYPE_CCS = 0x14; private static final int TLS_RECTYPE_ALERT = 0x15; @@ -173,20 +140,20 @@ public void execTest() throws Exception { // Send Client Hello clientResult = clientEngine.wrap(clientOut, cTOs); log("client wrap: ", clientResult); - runDelegatedTasks(clientResult, clientEngine); + runDelegatedTasks(clientEngine); cTOs.flip(); dumpByteBuffer("CLIENT-TO-SERVER", cTOs); // Server consumes Client Hello serverResult = serverEngine.unwrap(cTOs, serverIn); log("server unwrap: ", serverResult); - runDelegatedTasks(serverResult, serverEngine); + runDelegatedTasks(serverEngine); cTOs.compact(); // Server generates ServerHello/Cert/Done record serverResult = serverEngine.wrap(serverOut, sTOc); log("server wrap: ", serverResult); - runDelegatedTasks(serverResult, serverEngine); + runDelegatedTasks(serverEngine); sTOc.flip(); // Intercept the ServerHello messages and instead send @@ -217,19 +184,19 @@ public void execTest() throws Exception { gotException = true; } log("client unwrap: ", clientResult); - runDelegatedTasks(clientResult, clientEngine); + runDelegatedTasks(clientEngine); } } else { dumpByteBuffer("SERVER-TO-CLIENT", sTOc); log("client unwrap: ", clientResult); - runDelegatedTasks(clientResult, clientEngine); + runDelegatedTasks(clientEngine); } sTOc.compact(); // The Client should now send a TLS Alert clientResult = clientEngine.wrap(clientOut, cTOs); log("client wrap: ", clientResult); - runDelegatedTasks(clientResult, clientEngine); + runDelegatedTasks(clientEngine); cTOs.flip(); dumpByteBuffer("CLIENT-TO-SERVER", cTOs); @@ -261,7 +228,7 @@ public void execTest() throws Exception { // Server consumes Client Hello serverResult = serverEngine.unwrap(evilClientHello, serverIn); log("server unwrap: ", serverResult); - runDelegatedTasks(serverResult, serverEngine); + runDelegatedTasks(serverEngine); evilClientHello.compact(); // Under normal circumstances this should be a ServerHello @@ -270,7 +237,7 @@ public void execTest() throws Exception { try { serverResult = serverEngine.wrap(serverOut, sTOc); log("server wrap: ", serverResult); - runDelegatedTasks(serverResult, serverEngine); + runDelegatedTasks(serverEngine); } catch (SSLProtocolException ssle) { log("Received expected SSLProtocolException: " + ssle); gotException = true; @@ -279,7 +246,7 @@ public void execTest() throws Exception { // We expect to see the server generate an alert here serverResult = serverEngine.wrap(serverOut, sTOc); log("server wrap: ", serverResult); - runDelegatedTasks(serverResult, serverEngine); + runDelegatedTasks(serverEngine); sTOc.flip(); dumpByteBuffer("SERVER-TO-CLIENT", sTOc); @@ -323,26 +290,7 @@ public static void main(String args[]) throws Exception { * Create an initialized SSLContext to use for these tests. */ public LengthCheckTest(String testName) throws Exception { - - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); - - char[] passphrase = "passphrase".toCharArray(); - - ks.load(new FileInputStream(keyFilename), passphrase); - ts.load(new FileInputStream(trustFilename), passphrase); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); - - SSLContext sslCtx = SSLContext.getInstance("TLS"); - - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - - sslc = sslCtx; + super(); switch (testName) { case "ServSendLongID": @@ -375,10 +323,8 @@ public LengthCheckTest(String testName) throws Exception { * sections of code. */ private void runTest() throws Exception { - boolean dataDone = false; - - createSSLEngines(); - createBuffers(); + configureSSLEngine(); +// createBuffers(); handshakeTest.execTest(); } @@ -387,19 +333,17 @@ private void runTest() throws Exception { * Using the SSLContext created during object creation, * create/configure the SSLEngines we'll use for this test. */ - private void createSSLEngines() throws Exception { + private void configureSSLEngine() throws Exception { /* * Configure the serverEngine to act as a server in the SSL/TLS * handshake. Also, require SSL client authentication. */ - serverEngine = sslc.createSSLEngine(); serverEngine.setUseClientMode(false); serverEngine.setNeedClientAuth(false); /* * Similar to above, but using client mode instead. */ - clientEngine = sslc.createSSLEngine("client", 80); clientEngine.setUseClientMode(true); // In order to make a test that will be backwards compatible @@ -410,84 +354,6 @@ private void createSSLEngines() throws Exception { new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA"}); } - /* - * Create and size the buffers appropriately. - */ - private void createBuffers() { - - /* - * We'll assume the buffer sizes are the same - * between client and server. - */ - SSLSession session = clientEngine.getSession(); - int appBufferMax = session.getApplicationBufferSize(); - int netBufferMax = session.getPacketBufferSize(); - - /* - * We'll make the input buffers a bit bigger than the max needed - * size, so that unwrap()s following a successful data transfer - * won't generate BUFFER_OVERFLOWS. - * - * We'll use a mix of direct and indirect ByteBuffers for - * tutorial purposes only. In reality, only use direct - * ByteBuffers when they give a clear performance enhancement. - */ - clientIn = ByteBuffer.allocate(appBufferMax + 50); - serverIn = ByteBuffer.allocate(appBufferMax + 50); - - cTOs = ByteBuffer.allocateDirect(netBufferMax); - sTOc = ByteBuffer.allocateDirect(netBufferMax); - - clientOut = ByteBuffer.wrap("Hi Server, I'm Client".getBytes()); - serverOut = ByteBuffer.wrap("Hello Client, I'm Server".getBytes()); - } - - /* - * If the result indicates that we have outstanding tasks to do, - * go ahead and run them in this thread. - */ - private static void runDelegatedTasks(SSLEngineResult result, - SSLEngine engine) throws Exception { - - if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { - Runnable runnable; - while ((runnable = engine.getDelegatedTask()) != null) { - log("\trunning delegated task..."); - runnable.run(); - } - HandshakeStatus hsStatus = engine.getHandshakeStatus(); - if (hsStatus == HandshakeStatus.NEED_TASK) { - throw new Exception( - "handshake shouldn't need additional tasks"); - } - log("\tnew HandshakeStatus: " + hsStatus); - } - } - - private static boolean isEngineClosed(SSLEngine engine) { - return (engine.isOutboundDone() && engine.isInboundDone()); - } - - /* - * Simple check to make sure everything came across as expected. - */ - private static void checkTransfer(ByteBuffer a, ByteBuffer b) - throws Exception { - a.flip(); - b.flip(); - - if (!a.equals(b)) { - throw new Exception("Data didn't transfer cleanly"); - } else { - log("\tData transferred cleanly"); - } - - a.position(a.limit()); - b.position(b.limit()); - a.limit(a.capacity()); - b.limit(b.capacity()); - } - /* * Logging code */ diff --git a/jdk/test/sun/security/ssl/DHKeyExchange/DHEKeySizing.java b/jdk/test/sun/security/ssl/DHKeyExchange/DHEKeySizing.java index 26e30608bdf..57561ec0a41 100644 --- a/jdk/test/sun/security/ssl/DHKeyExchange/DHEKeySizing.java +++ b/jdk/test/sun/security/ssl/DHKeyExchange/DHEKeySizing.java @@ -30,6 +30,7 @@ * @test * @bug 6956398 * @summary make ephemeral DH key match the length of the certificate key + * @library /javax/net/ssl/templates * @run main/othervm * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1643 267 * @run main/othervm -Djsse.enableFFDHE=false @@ -109,18 +110,10 @@ import javax.net.ssl.*; import javax.net.ssl.SSLEngineResult.*; -import java.io.*; import java.nio.*; -import java.security.KeyStore; -import java.security.KeyFactory; import java.security.Security; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.interfaces.*; -import java.util.Base64; -public class DHEKeySizing { +public class DHEKeySizing extends SSLEngineTemplate { private final static boolean debug = true; @@ -132,89 +125,6 @@ public class DHEKeySizing { // negotiated DH keys. private final static int KEY_LEN_BIAS = 6; - private SSLContext sslc; - private SSLEngine ssle1; // client - private SSLEngine ssle2; // server - - private ByteBuffer appOut1; // write side of ssle1 - private ByteBuffer appIn1; // read side of ssle1 - private ByteBuffer appOut2; // write side of ssle2 - private ByteBuffer appIn2; // read side of ssle2 - - private ByteBuffer oneToTwo; // "reliable" transport ssle1->ssle2 - private ByteBuffer twoToOne; // "reliable" transport ssle2->ssle1 - - /* - * Where do we find the keystores? - */ - // Certificates and key used in the test. - static String trustedCertStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIIC8jCCAdqgAwIBAgIEUjkuRzANBgkqhkiG9w0BAQUFADA7MR0wGwYDVQQLExRT\n" + - "dW5KU1NFIFRlc3QgU2VyaXZjZTENMAsGA1UEChMESmF2YTELMAkGA1UEBhMCVVMw\n" + - "HhcNMTMwOTE4MDQzODMxWhcNMTMxMjE3MDQzODMxWjA7MR0wGwYDVQQLExRTdW5K\n" + - "U1NFIFRlc3QgU2VyaXZjZTENMAsGA1UEChMESmF2YTELMAkGA1UEBhMCVVMwggEi\n" + - "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCO+IGeaskJAvEcYc7pCl9neK3E\n" + - "a28fwWLtChufYNaC9hQfZlUdETWYjV7fZJVJKT/oLzdDNMWuVA0LKXArpI3thLNK\n" + - "QLXisdF9hKPlZRDazACL9kWUUtJ0FzpEySK4e8wW/z9FuU6e6iO19FbjxAfInJqk\n" + - "3EDiEhB5g73S2vtvPCxgq2DvWw9TDl/LIqdKG2JCS93koXCCaHmQ7MrIOqHPd+8r\n" + - "RbGpatXT9qyHKppUv9ATxVygO4rA794mgCFxpT+fkhz+NEB0twTkM65T1hnnOv5n\n" + - "ZIxkcjBggt85UlZtnP3b9P7SYxsWIa46Oc38Od2f3YejfVg6B+PqPgWNl3+/AgMB\n" + - "AAEwDQYJKoZIhvcNAQEFBQADggEBAAlrP6DFLRPSy0IgQhcI2i56tR/na8pezSte\n" + - "ZHcCdaCZPDy4UP8mpLJ9QCjEB5VJv8hPm4xdK7ULnKGOGHgYqDpV2ZHvQlhV1woQ\n" + - "TZGb/LM3c6kAs0j4j9KM2fq3iYUYexjIkS1KzsziflxMM6igS9BRMBR2LQyU+cYq\n" + - "YEsFzkF7Aj2ET4v/+tgot9mRr2NioJcaJkdsPDpMU3IKB1cczfu+OuLQ/GCG0Fqu\n" + - "6ijCeCqfnaAbemHbJeVZZ6Qgka3uC2YMntLBmLkhqEo1d9zGYLoh7oWL77y5ibQZ\n" + - "LK5/H/zikcu579TWjlDHcqL3arCwBcrtsjSaPrRSWMrWV/6c0qw=\n" + - "-----END CERTIFICATE-----"; - - // Private key in the format of PKCS#8 - static String targetPrivateKey = - "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCO+IGeaskJAvEc\n" + - "Yc7pCl9neK3Ea28fwWLtChufYNaC9hQfZlUdETWYjV7fZJVJKT/oLzdDNMWuVA0L\n" + - "KXArpI3thLNKQLXisdF9hKPlZRDazACL9kWUUtJ0FzpEySK4e8wW/z9FuU6e6iO1\n" + - "9FbjxAfInJqk3EDiEhB5g73S2vtvPCxgq2DvWw9TDl/LIqdKG2JCS93koXCCaHmQ\n" + - "7MrIOqHPd+8rRbGpatXT9qyHKppUv9ATxVygO4rA794mgCFxpT+fkhz+NEB0twTk\n" + - "M65T1hnnOv5nZIxkcjBggt85UlZtnP3b9P7SYxsWIa46Oc38Od2f3YejfVg6B+Pq\n" + - "PgWNl3+/AgMBAAECggEAPdb5Ycc4m4A9QBSCRcRpzbyiFLKPh0HDg1n65q4hOtYr\n" + - "kAVYTVFTSF/lqGS+Ob3w2YIKujQKSUQrvCc5UHdFuHXMgxKIWbymK0+DAMb9SlYw\n" + - "6lkkcWp9gx9E4dnJ/df2SAAxovvrKMuHlL1SFASHhVtPfH2URvSfUaANLDXxyYOs\n" + - "8BX0Nr6wazhWjLjXo9yIGnKSvFfB8XisYcA78kEgas43zhmIGCDPqaYyyffOfRbx\n" + - "pM1KNwGmlN86iWR1CbwA/wwhcMySWQueS+s7cHbpRqZIYJF9jEeELiwi0vxjealS\n" + - "EMuHYedIRFMWaDIq9XyjrvXamHb0Z25jlXBNZHaM0QKBgQDE9adl+zAezR/n79vw\n" + - "0XiX2Fx1UEo3ApZHuoA2Q/PcBk+rlKqqQ3IwTcy6Wo648wK7v6Nq7w5nEWcsf0dU\n" + - "QA2Ng/AJEev/IfF34x7sKGYxtk1gcE0EuSBA3R+ocEZxnNw1Ryd5nUU24s8d4jCP\n" + - "Mkothnyaim+zE2raDlEtVc0CaQKBgQC509av+02Uq5oMjzbQp5PBJfQFjATOQT15\n" + - "eefYnVYurkQ1kcVfixkrO2ORhg4SjmI2Z5hJDgGtXdwgidpzkad+R2epS5qLMyno\n" + - "lQVpY6bMpEZ7Mos0yQygxnm8uNohEcTExOe+nP5fNJVpzBsGmfeyYOhnPQlf6oqf\n" + - "0cHizedb5wKBgQC/l5LyMil6HOGHlhzmIm3jj7VI7QR0hJC5T6N+phVml8ESUDjA\n" + - "DYHbmSKouISTRtkG14FY+RiSjCxH7bvuKazFV2289PETquogTA/9e8MFYqfcQwG4\n" + - "sXi9gBxWlnj/9a2EKiYtOB5nKLR/BlNkSHA93tAA6N+FXEMZwMmYhxk42QKBgAuY\n" + - "HQgD3PZOsqDf+qKQIhbmAFCsSMx5o5VFtuJ8BpmJA/Z3ruHkMuDQpsi4nX4o5hXQ\n" + - "5t6AAjjH52kcUMXvK40kdWJJtk3DFnVNfvXxYsHX6hHbuHXFqYUKfSP6QJnZmvZP\n" + - "9smcz/4usLfWJUWHK740b6upUkFqx9Vq5/b3s9y3AoGAdM5TW7LkkOFsdMGVAUzR\n" + - "9iXmCWElHTK2Pcp/3yqDBHSfiQx6Yp5ANyPnE9NBM0yauCfOyBB2oxLO4Rdv3Rqk\n" + - "9V9kyR/YAGr7dJaPcQ7pZX0OpkzgueAOJYPrx5VUzPYUtklYV1ycFZTfKlpFCxT+\n" + - "Ei6KUo0NXSdUIcB4yib1J10="; - - static char passphrase[] = "passphrase".toCharArray(); - - /* - * Majority of the test case is here, setup is done below. - */ - - private void createSSLEngines() throws Exception { - ssle1 = sslc.createSSLEngine("client", 1); - ssle1.setUseClientMode(true); - - ssle2 = sslc.createSSLEngine("server", 2); - ssle2.setUseClientMode(false); - } - - private boolean isHandshaking(SSLEngine e) { - return (e.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING); - } - private void checkResult(ByteBuffer bbIn, ByteBuffer bbOut, SSLEngineResult result, Status status, HandshakeStatus hsStatus, @@ -255,130 +165,127 @@ private void checkResult(ByteBuffer bbIn, ByteBuffer bbOut, private void test(String cipherSuite, boolean exportable, int lenServerKeyEx, int lenClientKeyEx) throws Exception { - createSSLEngines(); - createBuffers(); - - SSLEngineResult result1; // ssle1's results from last operation - SSLEngineResult result2; // ssle2's results from last operation + SSLEngineResult result1; // clientEngine's results from last operation + SSLEngineResult result2; // serverEngine's results from last operation String[] suites = new String [] {cipherSuite}; - ssle1.setEnabledCipherSuites(suites); - ssle2.setEnabledCipherSuites(suites); + clientEngine.setEnabledCipherSuites(suites); + serverEngine.setEnabledCipherSuites(suites); log("======================================"); log("==================="); log("client hello"); - result1 = ssle1.wrap(appOut1, oneToTwo); - checkResult(appOut1, oneToTwo, result1, + result1 = clientEngine.wrap(clientOut, cTOs); + checkResult(clientOut, cTOs, result1, Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1); - oneToTwo.flip(); + cTOs.flip(); - result2 = ssle2.unwrap(oneToTwo, appIn2); - checkResult(oneToTwo, appIn2, result2, + result2 = serverEngine.unwrap(cTOs, serverIn); + checkResult(cTOs, serverIn, result2, Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); - runDelegatedTasks(ssle2); - oneToTwo.compact(); + runDelegatedTasks(serverEngine); + cTOs.compact(); log("==================="); log("ServerHello"); - result2 = ssle2.wrap(appOut2, twoToOne); - checkResult(appOut2, twoToOne, result2, + result2 = serverEngine.wrap(serverOut, sTOc); + checkResult(serverOut, sTOc, result2, Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1); - twoToOne.flip(); + sTOc.flip(); - log("Message length of ServerHello series: " + twoToOne.remaining()); - if (twoToOne.remaining() < (lenServerKeyEx - KEY_LEN_BIAS) || - twoToOne.remaining() > lenServerKeyEx) { + log("Message length of ServerHello series: " + sTOc.remaining()); + if (sTOc.remaining() < (lenServerKeyEx - KEY_LEN_BIAS) || + sTOc.remaining() > lenServerKeyEx) { throw new Exception( "Expected to generate ServerHello series messages of " + - lenServerKeyEx + " bytes, but not " + twoToOne.remaining()); + lenServerKeyEx + " bytes, but not " + sTOc.remaining()); } - result1 = ssle1.unwrap(twoToOne, appIn1); - checkResult(twoToOne, appIn1, result1, + result1 = clientEngine.unwrap(sTOc, clientIn); + checkResult(sTOc, clientIn, result1, Status.OK, HandshakeStatus.NEED_TASK, result2.bytesProduced(), 0); - runDelegatedTasks(ssle1); - twoToOne.compact(); + runDelegatedTasks(clientEngine); + sTOc.compact(); log("==================="); log("Key Exchange"); - result1 = ssle1.wrap(appOut1, oneToTwo); - checkResult(appOut1, oneToTwo, result1, + result1 = clientEngine.wrap(clientOut, cTOs); + checkResult(clientOut, cTOs, result1, Status.OK, HandshakeStatus.NEED_WRAP, 0, -1); - oneToTwo.flip(); + cTOs.flip(); - log("Message length of ClientKeyExchange: " + oneToTwo.remaining()); - if (oneToTwo.remaining() < (lenClientKeyEx - KEY_LEN_BIAS) || - oneToTwo.remaining() > lenClientKeyEx) { + log("Message length of ClientKeyExchange: " + cTOs.remaining()); + if (cTOs.remaining() < (lenClientKeyEx - KEY_LEN_BIAS) || + cTOs.remaining() > lenClientKeyEx) { throw new Exception( "Expected to generate ClientKeyExchange message of " + - lenClientKeyEx + " bytes, but not " + oneToTwo.remaining()); + lenClientKeyEx + " bytes, but not " + cTOs.remaining()); } - result2 = ssle2.unwrap(oneToTwo, appIn2); - checkResult(oneToTwo, appIn2, result2, + result2 = serverEngine.unwrap(cTOs, serverIn); + checkResult(cTOs, serverIn, result2, Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); - runDelegatedTasks(ssle2); - oneToTwo.compact(); + runDelegatedTasks(serverEngine); + cTOs.compact(); log("==================="); log("Client CCS"); - result1 = ssle1.wrap(appOut1, oneToTwo); - checkResult(appOut1, oneToTwo, result1, + result1 = clientEngine.wrap(clientOut, cTOs); + checkResult(clientOut, cTOs, result1, Status.OK, HandshakeStatus.NEED_WRAP, 0, -1); - oneToTwo.flip(); + cTOs.flip(); - result2 = ssle2.unwrap(oneToTwo, appIn2); - checkResult(oneToTwo, appIn2, result2, + result2 = serverEngine.unwrap(cTOs, serverIn); + checkResult(cTOs, serverIn, result2, Status.OK, HandshakeStatus.NEED_UNWRAP, result1.bytesProduced(), 0); - oneToTwo.compact(); + cTOs.compact(); log("==================="); log("Client Finished"); - result1 = ssle1.wrap(appOut1, oneToTwo); - checkResult(appOut1, oneToTwo, result1, + result1 = clientEngine.wrap(clientOut, cTOs); + checkResult(clientOut, cTOs, result1, Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1); - oneToTwo.flip(); + cTOs.flip(); - result2 = ssle2.unwrap(oneToTwo, appIn2); - checkResult(oneToTwo, appIn2, result2, + result2 = serverEngine.unwrap(cTOs, serverIn); + checkResult(cTOs, serverIn, result2, Status.OK, HandshakeStatus.NEED_WRAP, result1.bytesProduced(), 0); - oneToTwo.compact(); + cTOs.compact(); log("==================="); log("Server CCS"); - result2 = ssle2.wrap(appOut2, twoToOne); - checkResult(appOut2, twoToOne, result2, + result2 = serverEngine.wrap(serverOut, sTOc); + checkResult(serverOut, sTOc, result2, Status.OK, HandshakeStatus.NEED_WRAP, 0, -1); - twoToOne.flip(); + sTOc.flip(); - result1 = ssle1.unwrap(twoToOne, appIn1); - checkResult(twoToOne, appIn1, result1, + result1 = clientEngine.unwrap(sTOc, clientIn); + checkResult(sTOc, clientIn, result1, Status.OK, HandshakeStatus.NEED_UNWRAP, result2.bytesProduced(), 0); - twoToOne.compact(); + sTOc.compact(); log("==================="); log("Server Finished"); - result2 = ssle2.wrap(appOut2, twoToOne); - checkResult(appOut2, twoToOne, result2, + result2 = serverEngine.wrap(serverOut, sTOc); + checkResult(serverOut, sTOc, result2, Status.OK, HandshakeStatus.FINISHED, 0, -1); - twoToOne.flip(); + sTOc.flip(); - result1 = ssle1.unwrap(twoToOne, appIn1); - checkResult(twoToOne, appIn1, result1, + result1 = clientEngine.unwrap(sTOc, clientIn); + checkResult(sTOc, clientIn, result1, Status.OK, HandshakeStatus.FINISHED, result2.bytesProduced(), 0); - twoToOne.compact(); + sTOc.compact(); log("==================="); log("Check Session/Ciphers"); - String cs = ssle1.getSession().getCipherSuite(); + String cs = clientEngine.getSession().getCipherSuite(); if (!cs.equals(suites[0])) { throw new Exception("suites not equal: " + cs + "/" + suites[0]); } - cs = ssle2.getSession().getCipherSuite(); + cs = serverEngine.getSession().getCipherSuite(); if (!cs.equals(suites[0])) { throw new Exception("suites not equal: " + cs + "/" + suites[0]); } @@ -415,84 +322,36 @@ public static void main(String args[]) throws Exception { */ public DHEKeySizing() throws Exception { - sslc = getSSLContext(); + super(); } - /* - * Create an initialized SSLContext to use for this test. - */ - private SSLContext getSSLContext() throws Exception { - - // generate certificate from cert string - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - - // create a key store - KeyStore ts = KeyStore.getInstance("JKS"); - KeyStore ks = KeyStore.getInstance("JKS"); - ts.load(null, null); - ks.load(null, null); - - // import the trused cert - ByteArrayInputStream is = - new ByteArrayInputStream(trustedCertStr.getBytes()); - Certificate trusedCert = cf.generateCertificate(is); - is.close(); - ts.setCertificateEntry("rsa-trusted-2048", trusedCert); - - // generate the private key. - String keySpecStr = targetPrivateKey; - PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( - Base64.getMimeDecoder().decode(keySpecStr)); - KeyFactory kf = KeyFactory.getInstance("RSA"); - RSAPrivateKey priKey = (RSAPrivateKey)kf.generatePrivate(priKeySpec); - - Certificate[] chain = new Certificate[1]; - chain[0] = trusedCert; - - // import the key entry. - ks.setKeyEntry("rsa-key-2048", priKey, passphrase, chain); - - // create SSL context - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); - - SSLContext sslCtx = SSLContext.getInstance("TLSv1"); - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - - return sslCtx; + @Override + protected SSLEngine configureServerEngine(SSLEngine engine) { + engine.setNeedClientAuth(false); + engine.setUseClientMode(false); + return engine; } - private void createBuffers() { - // Size the buffers as appropriate. - - SSLSession session = ssle1.getSession(); - int appBufferMax = session.getApplicationBufferSize(); - int netBufferMax = session.getPacketBufferSize(); - - appIn1 = ByteBuffer.allocateDirect(appBufferMax + 50); - appIn2 = ByteBuffer.allocateDirect(appBufferMax + 50); - - oneToTwo = ByteBuffer.allocateDirect(netBufferMax); - twoToOne = ByteBuffer.allocateDirect(netBufferMax); - - appOut1 = ByteBuffer.wrap("Hi Engine2, I'm SSLEngine1".getBytes()); - appOut2 = ByteBuffer.wrap("Hello Engine1, I'm SSLEngine2".getBytes()); + @Override + protected SSLContext createServerSSLContext() throws Exception { + return createSSLContext(null, new Cert[]{Cert.CA_SHA1_RSA_2048}, + getServerContextParameters()); + } - log("AppOut1 = " + appOut1); - log("AppOut2 = " + appOut2); - log(""); + @Override + protected SSLContext createClientSSLContext() throws Exception { + return createSSLContext(new Cert[]{Cert.CA_SHA1_RSA_2048}, null, + getClientContextParameters()); } - private static void runDelegatedTasks(SSLEngine engine) throws Exception { + @Override + protected ContextParameters getClientContextParameters() { + return new ContextParameters("TLSv1", "PKIX", "NewSunX509"); + } - Runnable runnable; - while ((runnable = engine.getDelegatedTask()) != null) { - log("running delegated task..."); - runnable.run(); - } + @Override + protected ContextParameters getServerContextParameters() { + return new ContextParameters("TLSv1", "PKIX", "NewSunX509"); } private static void log(String str) { diff --git a/jdk/test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java b/jdk/test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java index 378f97cd7a0..44b06fb17b0 100644 --- a/jdk/test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java +++ b/jdk/test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java @@ -25,7 +25,7 @@ * @test * @bug 7126889 * @summary Incorrect SSLEngine debug output - * @library /test/lib /lib/security + * @library /test/lib /lib/security /javax/net/ssl/templates * @run main DebugReportsOneExtraByte */ /* @@ -74,53 +74,18 @@ import javax.net.ssl.*; import javax.net.ssl.SSLEngineResult.*; -import java.io.*; -import java.security.*; import java.nio.*; import jdk.test.lib.process.OutputAnalyzer; import jdk.test.lib.process.ProcessTools; -public class DebugReportsOneExtraByte { +public class DebugReportsOneExtraByte extends SSLEngineTemplate { /* * Enables logging of the SSLEngine operations. */ private static boolean logging = true; - private SSLContext sslc; - - private SSLEngine clientEngine; // client Engine - private ByteBuffer clientOut; // write side of clientEngine - private ByteBuffer clientIn; // read side of clientEngine - - private SSLEngine serverEngine; // server Engine - private ByteBuffer serverOut; // write side of serverEngine - private ByteBuffer serverIn; // read side of serverEngine - - /* - * For data transport, this example uses local ByteBuffers. This - * isn't really useful, but the purpose of this example is to show - * SSLEngine concepts, not how to do network transport. - */ - private ByteBuffer cTOs; // "reliable" transport client->server - private ByteBuffer sTOc; // "reliable" transport server->client - - /* - * The following is to set up the keystores. - */ - private static String pathToStores = "../../../../javax/net/ssl/etc"; - private static String keyStoreFile = "keystore"; - private static String trustStoreFile = "truststore"; - private static String passwd = "passphrase"; - - private static String keyFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + keyStoreFile; - private static String trustFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + trustStoreFile; - /* * Main entry point for this test. */ @@ -146,26 +111,38 @@ public static void main(String args[]) throws Exception { * Create an initialized SSLContext to use for these tests. */ public DebugReportsOneExtraByte() throws Exception { + super(); + } - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); - - char[] passphrase = "passphrase".toCharArray(); - - ks.load(new FileInputStream(keyFilename), passphrase); - ts.load(new FileInputStream(trustFilename), passphrase); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); + @Override + protected SSLEngine configureServerEngine(SSLEngine serverEngine) { + serverEngine.setUseClientMode(false); + // Force a block-oriented ciphersuite. + serverEngine.setEnabledCipherSuites( + new String [] {"TLS_RSA_WITH_AES_128_CBC_SHA"}); + return serverEngine; + } - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); + @Override + protected ContextParameters getClientContextParameters() { + return new ContextParameters("TLSv1", "PKIX", "NewSunX509"); + } - SSLContext sslCtx = SSLContext.getInstance("TLSv1"); + @Override + protected ContextParameters getServerContextParameters() { + return new ContextParameters("TLSv1", "PKIX", "NewSunX509"); + } - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); + @Override + protected ByteBuffer createClientOutputBuffer() { + // No need to write anything on the client side, it will + // just confuse the output. + return ByteBuffer.wrap("".getBytes()); + } - sslc = sslCtx; + @Override + protected ByteBuffer createServerOutputBuffer() { + return ByteBuffer.wrap("Hi Client!".getBytes()); } /* @@ -188,9 +165,6 @@ public DebugReportsOneExtraByte() throws Exception { private void runTest() throws Exception { boolean dataDone = false; - createSSLEngines(); - createBuffers(); - SSLEngineResult clientResult; // results from client's last operation SSLEngineResult serverResult; // results from server's last operation @@ -216,11 +190,11 @@ private void runTest() throws Exception { clientResult = clientEngine.wrap(clientOut, cTOs); log("client wrap: ", clientResult); - runDelegatedTasks(clientResult, clientEngine); + runDelegatedTasks(clientEngine); serverResult = serverEngine.wrap(serverOut, sTOc); log("server wrap: ", serverResult); - runDelegatedTasks(serverResult, serverEngine); + runDelegatedTasks(serverEngine); // Next wrap will split. if (serverOut.position() == 1) { @@ -234,11 +208,11 @@ private void runTest() throws Exception { clientResult = clientEngine.unwrap(sTOc, clientIn); log("client unwrap: ", clientResult); - runDelegatedTasks(clientResult, clientEngine); + runDelegatedTasks(clientEngine); serverResult = serverEngine.unwrap(cTOs, serverIn); log("server unwrap: ", serverResult); - runDelegatedTasks(serverResult, serverEngine); + runDelegatedTasks(serverEngine); cTOs.compact(); sTOc.compact(); @@ -265,111 +239,10 @@ private void runTest() throws Exception { } } - /* - * Using the SSLContext created during object creation, - * create/configure the SSLEngines we'll use for this test. - */ - private void createSSLEngines() throws Exception { - /* - * Configure the serverEngine to act as a server in the SSL/TLS - * handshake. Also, require SSL client authentication. - */ - serverEngine = sslc.createSSLEngine(); - serverEngine.setUseClientMode(false); - serverEngine.setNeedClientAuth(true); - - // Force a block-oriented ciphersuite. - serverEngine.setEnabledCipherSuites( - new String [] {"TLS_RSA_WITH_AES_128_CBC_SHA"}); - - /* - * Similar to above, but using client mode instead. - */ - clientEngine = sslc.createSSLEngine("client", 80); - clientEngine.setUseClientMode(true); - } - - /* - * Create and size the buffers appropriately. - */ - private void createBuffers() { - - /* - * We'll assume the buffer sizes are the same - * between client and server. - */ - SSLSession session = clientEngine.getSession(); - int appBufferMax = session.getApplicationBufferSize(); - int netBufferMax = session.getPacketBufferSize(); - - /* - * We'll make the input buffers a bit bigger than the max needed - * size, so that unwrap()s following a successful data transfer - * won't generate BUFFER_OVERFLOWS. - * - * We'll use a mix of direct and indirect ByteBuffers for - * tutorial purposes only. In reality, only use direct - * ByteBuffers when they give a clear performance enhancement. - */ - clientIn = ByteBuffer.allocate(appBufferMax + 50); - serverIn = ByteBuffer.allocate(appBufferMax + 50); - - cTOs = ByteBuffer.allocateDirect(netBufferMax); - sTOc = ByteBuffer.allocateDirect(netBufferMax); - - // No need to write anything on the client side, it will - // just confuse the output. - clientOut = ByteBuffer.wrap("".getBytes()); - // 10 bytes long - serverOut = ByteBuffer.wrap("Hi Client!".getBytes()); - } - - /* - * If the result indicates that we have outstanding tasks to do, - * go ahead and run them in this thread. - */ - private static void runDelegatedTasks(SSLEngineResult result, - SSLEngine engine) throws Exception { - - if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { - Runnable runnable; - while ((runnable = engine.getDelegatedTask()) != null) { - log("\trunning delegated task..."); - runnable.run(); - } - HandshakeStatus hsStatus = engine.getHandshakeStatus(); - if (hsStatus == HandshakeStatus.NEED_TASK) { - throw new Exception( - "handshake shouldn't need additional tasks"); - } - log("\tnew HandshakeStatus: " + hsStatus); - } - } - private static boolean isEngineClosed(SSLEngine engine) { return (engine.isOutboundDone() && engine.isInboundDone()); } - /* - * Simple check to make sure everything came across as expected. - */ - private static void checkTransfer(ByteBuffer a, ByteBuffer b) - throws Exception { - a.flip(); - b.flip(); - - if (!a.equals(b)) { - throw new Exception("Data didn't transfer cleanly"); - } else { - log("\tData transferred cleanly"); - } - - a.position(a.limit()); - b.position(b.limit()); - a.limit(a.capacity()); - b.limit(b.capacity()); - } - /* * Logging code */ diff --git a/jdk/test/sun/security/ssl/HandshakeOutStream/NullCerts.java b/jdk/test/sun/security/ssl/HandshakeOutStream/NullCerts.java index 51e37a0d5af..36ecd43a33a 100644 --- a/jdk/test/sun/security/ssl/HandshakeOutStream/NullCerts.java +++ b/jdk/test/sun/security/ssl/HandshakeOutStream/NullCerts.java @@ -26,6 +26,7 @@ * @bug 4453053 * @summary If a server shuts down correctly during handshaking, the client * doesn't see it. + * @library /javax/net/ssl/templates * @run main/othervm NullCerts * * SunJSSE does not support dynamic system properties, no way to re-use @@ -34,40 +35,11 @@ */ import java.io.*; -import java.net.*; -import java.security.*; import javax.net.ssl.*; -public class NullCerts { +public class NullCerts extends SSLSocketTemplate { - /* - * ============================================================= - * Set the various variables needed for the tests, then - * specify what tests to run on each side. - */ - - /* - * Should we run the client or server in a separate thread? - * Both sides can throw exceptions, but do you have a preference - * as to which side should be the main thread. - */ - private static boolean separateServerThread = true; - - /* - * Where do we find the keystores? - */ - private final static String pathToStores = "../../../../javax/net/ssl/etc"; - private final static String keyStoreFile = "keystore"; - private final static String trustStoreFile = "truststore"; - private final static String passwd = "passphrase"; - private final static char[] cpasswd = "passphrase".toCharArray(); - - /* - * Is the server ready to serve? - */ - volatile static boolean serverReady = false; - - /* + /* * Turn on SSL debugging? */ private final static boolean DEBUG = false; @@ -81,29 +53,22 @@ public class NullCerts { * smart about it.... */ + @Override + protected void configureServerSocket(SSLServerSocket socket) { + socket.setNeedClientAuth(true); + socket.setUseClientMode(false); + } + /* * Define the server side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ - private void doServerSide() throws Exception { - SSLServerSocketFactory sslssf = - (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); - SSLServerSocket sslServerSocket = - (SSLServerSocket) sslssf.createServerSocket(serverPort, 3); - sslServerSocket.setNeedClientAuth(true); - - serverPort = sslServerSocket.getLocalPort(); - - /* - * Signal Client, we're ready for his connect. - */ - serverReady = true; - - SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); - InputStream sslIS = sslSocket.getInputStream(); - OutputStream sslOS = sslSocket.getOutputStream(); + @Override + protected void runServerApplication(SSLSocket socket) throws Exception { + InputStream sslIS = socket.getInputStream(); + OutputStream sslOS = socket.getOutputStream(); try { sslIS.read(); @@ -115,7 +80,6 @@ private void doServerSide() throws Exception { + e.toString()); } - sslSocket.close(); System.out.println("Server done and exiting!"); } @@ -125,36 +89,11 @@ private void doServerSide() throws Exception { * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ - private void doClientSide() throws Exception { - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } + @Override + protected void runClientApplication(SSLSocket sslSocket) throws Exception { System.out.println("Starting test"); - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore uks = KeyStore.getInstance("JKS"); - SSLContext ctx = SSLContext.getInstance("TLS"); - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - - uks.load(new FileInputStream(unknownFilename), cpasswd); - kmf.init(uks, cpasswd); - - ks.load(new FileInputStream(trustFilename), cpasswd); - tmf.init(ks); - - ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - - SSLSocketFactory sslsf = - (SSLSocketFactory) ctx.getSocketFactory(); - SSLSocket sslSocket = (SSLSocket) - sslsf.createSocket("localhost", serverPort); - InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); @@ -163,7 +102,6 @@ private void doClientSide() throws Exception { sslOS.flush(); sslIS.read(); - sslSocket.close(); } catch (IOException e) { String str = "\nYou will either see a bad_certificate SSLException\n" + @@ -174,131 +112,21 @@ private void doClientSide() throws Exception { } } - /* - * ============================================================= - * The remainder is just support stuff - */ - - // use any free port by default - volatile int serverPort = 0; - - private volatile Exception serverException = null; - private volatile Exception clientException = null; - - private final static String keyFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + keyStoreFile; - private final static String trustFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + trustStoreFile; - private final static String unknownFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + "unknown_keystore"; + @Override + protected KeyManager createClientKeyManager() throws Exception { + return createKeyManager(new Cert[]{Cert.DSA_SHA1_1024_EXPIRED}, + getClientContextParameters()); + } // Used for running test standalone public static void main(String[] args) throws Exception { - String testRoot = System.getProperty("test.src", "."); - System.setProperty("javax.net.ssl.keyStore", keyFilename); - System.setProperty("javax.net.ssl.keyStorePassword", passwd); - System.setProperty("javax.net.ssl.trustStore", trustFilename); - System.setProperty("javax.net.ssl.trustStorePassword", passwd); - if (DEBUG) System.setProperty("javax.net.debug", "all"); /* * Start the tests. */ - new NullCerts(); - } - - private Thread clientThread = null; - private Thread serverThread = null; - - /* - * Primary constructor, used to drive remainder of the test. - * - * Fork off the other side, then do your work. - */ - NullCerts() throws Exception { - - if (separateServerThread) { - startServer(true); - startClient(false); - } else { - startClient(true); - startServer(false); - } - - /* - * Wait for other side to close down. - */ - if (separateServerThread) { - serverThread.join(); - } else { - clientThread.join(); - } - - /* - * When we get here, the test is pretty much over. - * - * If the main thread excepted, that propagates back - * immediately. If the other thread threw an exception, we - * should report back. - */ - if (serverException != null) { - System.err.print("Server Exception:"); - throw serverException; - } - if (clientException != null) { - System.err.print("Client Exception:"); - throw clientException; - } - } - - private void startServer(boolean newThread) throws Exception { - if (newThread) { - serverThread = new Thread() { - public void run() { - try { - doServerSide(); - } catch (Exception e) { - /* - * Our server thread just died. - * - * Release the client, if not active already... - */ - System.err.println("Server died..."); - serverReady = true; - serverException = e; - } - } - }; - serverThread.start(); - } else { - doServerSide(); - } - } - - private void startClient(boolean newThread) throws Exception { - if (newThread) { - clientThread = new Thread() { - public void run() { - try { - doClientSide(); - } catch (Exception e) { - /* - * Our client thread just died. - */ - System.err.println("Client died..."); - clientException = e; - } - } - }; - clientThread.start(); - } else { - doClientSide(); - } + new NullCerts().run(); } } diff --git a/jdk/test/sun/security/ssl/SSLEngineImpl/CloseEngineException.java b/jdk/test/sun/security/ssl/SSLEngineImpl/CloseEngineException.java index 390da17f8e0..9a1e259cd16 100644 --- a/jdk/test/sun/security/ssl/SSLEngineImpl/CloseEngineException.java +++ b/jdk/test/sun/security/ssl/SSLEngineImpl/CloseEngineException.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,6 +31,7 @@ * @bug 4969799 * @summary javax.net.ssl.SSLSocket.SSLSocket(InetAddress,int) shouldn't * throw exception + * @library /javax/net/ssl/templates * @run main/othervm CloseEngineException */ @@ -40,128 +41,85 @@ // import javax.net.ssl.*; -import javax.net.ssl.SSLEngineResult.*; -import java.io.*; -import java.security.*; -import java.nio.*; // Note that this test case depends on JSSE provider implementation details. -public class CloseEngineException { +public class CloseEngineException extends SSLEngineTemplate { private static boolean debug = true; - private SSLContext sslc; - private SSLEngine ssle1; // client - private SSLEngine ssle2; // server - - private static String pathToStores = "../../../../javax/net/ssl/etc"; - private static String keyStoreFile = "keystore"; - private static String trustStoreFile = "truststore"; - private static String passwd = "passphrase"; - - private static String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - private static String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + trustStoreFile; - - private ByteBuffer appOut1; // write side of ssle1 - private ByteBuffer appIn1; // read side of ssle1 - private ByteBuffer appOut2; // write side of ssle2 - private ByteBuffer appIn2; // read side of ssle2 - - private ByteBuffer oneToTwo; // "reliable" transport ssle1->ssle2 - private ByteBuffer twoToOne; // "reliable" transport ssle2->ssle1 - - /* - * Majority of the test case is here, setup is done below. - */ - private void createSSLEngines() throws Exception { - ssle1 = sslc.createSSLEngine("client", 1); - ssle1.setUseClientMode(true); - - ssle2 = sslc.createSSLEngine(); - ssle2.setUseClientMode(false); - ssle2.setNeedClientAuth(true); - } - private void runTest() throws Exception { boolean dataDone = false; - createSSLEngines(); - createBuffers(); - - SSLEngineResult result1; // ssle1's results from last operation + SSLEngineResult result1; // clientEngine's results from last operation SSLEngineResult result2; // ssle2's results from last operation - while (!isEngineClosed(ssle1) && !isEngineClosed(ssle2)) { + while (!isEngineClosed(clientEngine) && !isEngineClosed(serverEngine)) { log("================"); - if (!isEngineClosed(ssle1)) { - result1 = ssle1.wrap(appOut1, oneToTwo); - runDelegatedTasks(result1, ssle1); + if (!isEngineClosed(clientEngine)) { + result1 = clientEngine.wrap(clientOut, cTOs); + runDelegatedTasks(clientEngine); log("wrap1: " + result1); - log("oneToTwo = " + oneToTwo); + log("oneToTwo = " + cTOs); log(""); - oneToTwo.flip(); + cTOs.flip(); } - if (!isEngineClosed(ssle2)) { - result2 = ssle2.wrap(appOut2, twoToOne); - runDelegatedTasks(result2, ssle2); + if (!isEngineClosed(serverEngine)) { + result2 = serverEngine.wrap(serverOut, sTOc); + runDelegatedTasks(serverEngine); log("wrap2: " + result2); - log("twoToOne = " + twoToOne); + log("twoToOne = " + sTOc); - twoToOne.flip(); + sTOc.flip(); } log("----"); - if (!isEngineClosed(ssle1) && !dataDone) { + if (!isEngineClosed(clientEngine) && !dataDone) { log("--"); - result1 = ssle1.unwrap(twoToOne, appIn1); - runDelegatedTasks(result1, ssle1); + result1 = clientEngine.unwrap(sTOc, clientIn); + runDelegatedTasks(clientEngine); log("unwrap1: " + result1); - log("twoToOne = " + twoToOne); + log("twoToOne = " + sTOc); log(""); - twoToOne.compact(); + sTOc.compact(); } - if (!isEngineClosed(ssle2)) { + if (!isEngineClosed(serverEngine)) { log("---"); - result2 = ssle2.unwrap(oneToTwo, appIn2); - runDelegatedTasks(result2, ssle2); + result2 = serverEngine.unwrap(cTOs, serverIn); + runDelegatedTasks(serverEngine); log("unwrap2: " + result2); - log("oneToTwo = " + oneToTwo); + log("oneToTwo = " + cTOs); - oneToTwo.compact(); + cTOs.compact(); } /* * If we've transfered all the data between app1 and app2, * we try to close and see what that gets us. */ - if (!dataDone && (appOut1.limit() == appIn2.position()) && - (appOut2.limit() == appIn1.position())) { + if (!dataDone && (clientOut.limit() == serverIn.position()) && + (serverOut.limit() == clientIn.position())) { - checkTransfer(appOut1, appIn2); - checkTransfer(appOut2, appIn1); + checkTransfer(clientOut, serverIn); + checkTransfer(serverOut, clientIn); - log("Closing ssle1's *OUTBOUND*..."); - ssle1.closeOutbound(); + log("Closing clientEngine's *OUTBOUND*..."); + clientEngine.closeOutbound(); dataDone = true; try { /* * Check that closed Outbound generates. */ - ssle1.beginHandshake(); + clientEngine.beginHandshake(); throw new Exception( "TEST FAILED: didn't throw Exception"); } catch (SSLException e) { @@ -174,7 +132,7 @@ private void runTest() throws Exception { /* * Check that closed Inbound generates. */ - ssle2.beginHandshake(); + serverEngine.beginHandshake(); throw new Exception( "TEST FAILED: didn't throw Exception"); } catch (SSLException e) { @@ -184,12 +142,7 @@ private void runTest() throws Exception { public static void main(String args[]) throws Exception { - CloseEngineException test; - - test = new CloseEngineException(); - - test.createSSLEngines(); - + CloseEngineException test = new CloseEngineException(); test.runTest(); System.err.println("Test Passed."); @@ -202,90 +155,20 @@ public static void main(String args[]) throws Exception { */ public CloseEngineException() throws Exception { - sslc = getSSLContext(keyFilename, trustFilename); + super(); } - /* - * Create an initialized SSLContext to use for this test. - */ - private SSLContext getSSLContext(String keyFile, String trustFile) - throws Exception { - - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); - - char[] passphrase = "passphrase".toCharArray(); - - ks.load(new FileInputStream(keyFile), passphrase); - ts.load(new FileInputStream(trustFile), passphrase); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); - - SSLContext sslCtx = SSLContext.getInstance("TLS"); - - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - - return sslCtx; - } - - private void createBuffers() { - // Size the buffers as appropriate. - - SSLSession session = ssle1.getSession(); - int appBufferMax = session.getApplicationBufferSize(); - int netBufferMax = session.getPacketBufferSize(); - - appIn1 = ByteBuffer.allocateDirect(appBufferMax + 50); - appIn2 = ByteBuffer.allocateDirect(appBufferMax + 50); - - oneToTwo = ByteBuffer.allocateDirect(netBufferMax); - twoToOne = ByteBuffer.allocateDirect(netBufferMax); - - appOut1 = ByteBuffer.wrap("Hi Engine2, I'm SSLEngine1".getBytes()); - appOut2 = ByteBuffer.wrap("Hello Engine1, I'm SSLEngine2".getBytes()); - - log("AppOut1 = " + appOut1); - log("AppOut2 = " + appOut2); - log(""); - } - - private static void runDelegatedTasks(SSLEngineResult result, - SSLEngine engine) throws Exception { - - if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { - Runnable runnable; - while ((runnable = engine.getDelegatedTask()) != null) { - log("running delegated task..."); - runnable.run(); - } - } + @Override + protected SSLEngine configureServerEngine(SSLEngine engine) { + engine.setUseClientMode(false); + engine.setNeedClientAuth(true); + return engine; } private static boolean isEngineClosed(SSLEngine engine) { return (engine.isOutboundDone() && engine.isInboundDone()); } - private static void checkTransfer(ByteBuffer a, ByteBuffer b) - throws Exception { - a.flip(); - b.flip(); - - if (!a.equals(b)) { - throw new Exception("Data didn't transfer cleanly"); - } else { - log("Data transferred cleanly"); - } - - a.position(a.limit()); - b.position(b.limit()); - a.limit(a.capacity()); - b.limit(b.capacity()); - } - private static void log(String str) { if (debug) { System.err.println(str); diff --git a/jdk/test/sun/security/ssl/SSLEngineImpl/CloseStart.java b/jdk/test/sun/security/ssl/SSLEngineImpl/CloseStart.java index 30c2a74234b..ba5b04148c3 100644 --- a/jdk/test/sun/security/ssl/SSLEngineImpl/CloseStart.java +++ b/jdk/test/sun/security/ssl/SSLEngineImpl/CloseStart.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,6 +30,7 @@ * @test * @bug 5019096 * @summary Add scatter/gather APIs for SSLEngine + * @library /javax/net/ssl/templates * @run main/othervm CloseStart */ @@ -38,26 +39,8 @@ // import javax.net.ssl.*; -import javax.net.ssl.SSLEngineResult.*; -import java.io.*; -import java.security.*; -import java.nio.*; -public class CloseStart { - - private static boolean debug = false; - - private static String pathToStores = "../../../../javax/net/ssl/etc"; - private static String keyStoreFile = "keystore"; - private static String trustStoreFile = "truststore"; - private static String passwd = "passphrase"; - - private static String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - private static String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + trustStoreFile; +public class CloseStart extends SSLContextTemplate { private static void checkDone(SSLEngine ssle) throws Exception { if (!ssle.isInboundDone()) { @@ -74,14 +57,17 @@ private static void runTest2(SSLEngine ssle) throws Exception { } public static void main(String args[]) throws Exception { + new CloseStart().run(); + } - SSLEngine ssle = createSSLEngine(keyFilename, trustFilename); + private void run() throws Exception { + SSLEngine ssle = createSSLEngine(); ssle.closeInbound(); if (!ssle.isInboundDone()) { throw new Exception("isInboundDone isn't done"); } - ssle = createSSLEngine(keyFilename, trustFilename); + ssle = createSSLEngine(); ssle.closeOutbound(); if (!ssle.isOutboundDone()) { throw new Exception("isOutboundDone isn't done"); @@ -93,30 +79,10 @@ public static void main(String args[]) throws Exception { /* * Create an initialized SSLContext to use for this test. */ - static private SSLEngine createSSLEngine(String keyFile, String trustFile) - throws Exception { - - SSLEngine ssle; - - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); - - char[] passphrase = "passphrase".toCharArray(); - - ks.load(new FileInputStream(keyFile), passphrase); - ts.load(new FileInputStream(trustFile), passphrase); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); - - SSLContext sslCtx = SSLContext.getInstance("TLS"); - - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); + private SSLEngine createSSLEngine() throws Exception { - ssle = sslCtx.createSSLEngine("client", 1001); + SSLContext sslCtx = createClientSSLContext(); + SSLEngine ssle = sslCtx.createSSLEngine("client", 1001); ssle.setUseClientMode(true); return ssle; diff --git a/jdk/test/sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java b/jdk/test/sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java index 57da9fb0a71..e54f8ffec42 100644 --- a/jdk/test/sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java +++ b/jdk/test/sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,72 +30,38 @@ * @test * @bug 4969459 * @summary Delegated tasks are not reflecting the subclasses of SSLException + * @library /javax/net/ssl/templates * @run main/othervm DelegatedTaskWrongException */ import javax.net.ssl.*; -import javax.net.ssl.SSLEngineResult.*; -import java.io.*; import java.security.*; -import java.nio.*; -public class DelegatedTaskWrongException { +public class DelegatedTaskWrongException extends SSLEngineTemplate { private static boolean debug = false; - private SSLContext sslc; - private SSLEngine ssle1; // client - private SSLEngine ssle2; // server - - private static String pathToStores = "../../../../javax/net/ssl/etc"; - private static String keyStoreFile = "keystore"; - private static String trustStoreFile = "truststore"; - private static String passwd = "passphrase"; - - private static String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - private static String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + trustStoreFile; - - private ByteBuffer appOut1; // write side of ssle1 - private ByteBuffer appIn1; // read side of ssle1 - private ByteBuffer appOut2; // write side of ssle2 - private ByteBuffer appIn2; // read side of ssle2 - - private ByteBuffer oneToTwo; // "reliable" transport ssle1->ssle2 - private ByteBuffer twoToOne; // "reliable" transport ssle2->ssle1 - - /* - * Majority of the test case is here, setup is done below. - */ - private void createSSLEngines() throws Exception { - ssle1 = sslc.createSSLEngine("client", 1); - ssle1.setUseClientMode(true); - - ssle2 = sslc.createSSLEngine(); - ssle2.setUseClientMode(false); + @Override + protected SSLEngine configureServerEngine(SSLEngine engine) { + engine.setUseClientMode(false); + engine.setEnabledProtocols(new String [] { "TLSv1" }); + return engine; + } - ssle1.setEnabledProtocols(new String [] { "SSLv3" }); - ssle2.setEnabledProtocols(new String [] { "TLSv1" }); + @Override + protected SSLEngine configureClientEngine(SSLEngine engine) { + engine.setUseClientMode(true); + engine.setEnabledProtocols(new String [] { "SSLv3" }); + return engine; } private void runTest() throws Exception { - boolean dataDone = false; - - createSSLEngines(); - createBuffers(); - - SSLEngineResult result1; // ssle1's results from last operation - SSLEngineResult result2; // ssle2's results from last operation - - result1 = ssle1.wrap(appOut1, oneToTwo); - oneToTwo.flip(); - result2 = ssle2.unwrap(oneToTwo, appIn2); + clientEngine.wrap(clientOut, cTOs); + cTOs.flip(); - runDelegatedTasks(result2, ssle2); + serverEngine.unwrap(cTOs, serverIn); + runDelegatedTasks(serverEngine); try { /* @@ -103,7 +69,7 @@ private void runTest() throws Exception { * If this changes, we'll need to update this test. * Anything else and we fail. */ - result2 = ssle2.unwrap(oneToTwo, appIn2); + serverEngine.unwrap(cTOs, serverIn); throw new Exception( "TEST FAILED: Didn't generate any exception"); } catch (SSLHandshakeException e) { @@ -119,12 +85,7 @@ public static void main(String args[]) throws Exception { // and keys used in this test are not disabled. Security.setProperty("jdk.tls.disabledAlgorithms", ""); - DelegatedTaskWrongException test; - - test = new DelegatedTaskWrongException(); - - test.createSSLEngines(); - + DelegatedTaskWrongException test = new DelegatedTaskWrongException(); test.runTest(); System.out.println("Test Passed."); @@ -137,88 +98,7 @@ public static void main(String args[]) throws Exception { */ public DelegatedTaskWrongException() throws Exception { - sslc = getSSLContext(keyFilename, trustFilename); - } - - /* - * Create an initialized SSLContext to use for this test. - */ - private SSLContext getSSLContext(String keyFile, String trustFile) - throws Exception { - - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); - - char[] passphrase = "passphrase".toCharArray(); - - ks.load(new FileInputStream(keyFile), passphrase); - ts.load(new FileInputStream(trustFile), passphrase); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); - - SSLContext sslCtx = SSLContext.getInstance("TLS"); - - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - - return sslCtx; - } - - private void createBuffers() { - // Size the buffers as appropriate. - - SSLSession session = ssle1.getSession(); - int appBufferMax = session.getApplicationBufferSize(); - int netBufferMax = session.getPacketBufferSize(); - - appIn1 = ByteBuffer.allocateDirect(appBufferMax + 50); - appIn2 = ByteBuffer.allocateDirect(appBufferMax + 50); - - oneToTwo = ByteBuffer.allocateDirect(netBufferMax); - twoToOne = ByteBuffer.allocateDirect(netBufferMax); - - appOut1 = ByteBuffer.wrap("Hi Engine2, I'm SSLEngine1".getBytes()); - appOut2 = ByteBuffer.wrap("Hello Engine1, I'm SSLEngine2".getBytes()); - - log("AppOut1 = " + appOut1); - log("AppOut2 = " + appOut2); - log(""); - } - - private static void runDelegatedTasks(SSLEngineResult result, - SSLEngine engine) throws Exception { - - if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { - Runnable runnable; - while ((runnable = engine.getDelegatedTask()) != null) { - log("running delegated task..."); - runnable.run(); - } - } - } - - private static boolean isEngineClosed(SSLEngine engine) { - return (engine.isOutboundDone() && engine.isInboundDone()); - } - - private static void checkTransfer(ByteBuffer a, ByteBuffer b) - throws Exception { - a.flip(); - b.flip(); - - if (!a.equals(b)) { - throw new Exception("Data didn't transfer cleanly"); - } else { - log("Data transferred cleanly"); - } - - a.position(a.limit()); - b.position(b.limit()); - a.limit(a.capacity()); - b.limit(b.capacity()); + super(); } private static void log(String str) { diff --git a/jdk/test/sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java b/jdk/test/sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java index f04570481a9..e0eb6957e78 100644 --- a/jdk/test/sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java +++ b/jdk/test/sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,42 +30,19 @@ * @test * @bug 6728126 * @summary Parsing Extensions in Client Hello message is done in a wrong way - * @library /lib/security + * @library /lib/security /javax/net/ssl/templates * @run main/othervm EmptyExtensionData */ import javax.net.ssl.*; import javax.net.ssl.SSLEngineResult.*; -import java.io.*; -import java.security.*; import java.nio.*; -public class EmptyExtensionData { +public class EmptyExtensionData extends SSLContextTemplate { private static boolean debug = false; - private static String pathToStores = "../../../../javax/net/ssl/etc"; - private static String keyStoreFile = "keystore"; - private static String trustStoreFile = "truststore"; - private static String passwd = "passphrase"; - - private static String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - private static String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + trustStoreFile; - - private static void checkDone(SSLEngine ssle) throws Exception { - if (!ssle.isInboundDone()) { - throw new Exception("isInboundDone isn't done"); - } - if (!ssle.isOutboundDone()) { - throw new Exception("isOutboundDone isn't done"); - } - } - - private static void runTest(SSLEngine ssle) throws Exception { + private void runTest(SSLEngine ssle) throws Exception { // a client hello message with an empty extension data byte[] msg_clihello = { (byte)0x16, (byte)0x03, (byte)0x01, (byte)0x00, @@ -136,7 +113,7 @@ private static void runTest(SSLEngine ssle) throws Exception { * If the result indicates that we have outstanding tasks to do, * go ahead and run them in this thread. */ - private static void runDelegatedTasks(SSLEngineResult result, + private void runDelegatedTasks(SSLEngineResult result, SSLEngine engine) throws Exception { if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { @@ -157,46 +134,17 @@ private static void runDelegatedTasks(SSLEngineResult result, public static void main(String args[]) throws Exception { // Re-enable TLSv1 since test depends on it. SecurityUtils.removeFromDisabledTlsAlgs("TLSv1"); - - SSLEngine ssle = createSSLEngine(keyFilename, trustFilename); - runTest(ssle); - - System.out.println("Test Passed."); + new EmptyExtensionData().run(); } - /* - * Create an initialized SSLContext to use for this test. - */ - static private SSLEngine createSSLEngine(String keyFile, String trustFile) - throws Exception { - - SSLEngine ssle; - - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); - - char[] passphrase = "passphrase".toCharArray(); - - ks.load(new FileInputStream(keyFile), passphrase); - ts.load(new FileInputStream(trustFile), passphrase); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); - - SSLContext sslCtx = SSLContext.getInstance("TLS"); - - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - - ssle = sslCtx.createSSLEngine(); + private void run() throws Exception { + SSLEngine ssle = createServerSSLContext().createSSLEngine(); ssle.setUseClientMode(false); + runTest(ssle); - return ssle; + System.out.println("Test Passed."); } - private static void log(String str) { if (debug) { System.out.println(str); diff --git a/jdk/test/sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java b/jdk/test/sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java index 8b7a377926c..1dcd9971556 100644 --- a/jdk/test/sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java +++ b/jdk/test/sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,71 +30,37 @@ * @test * @bug 4980882 8207250 * @summary SSLEngine should enforce setUseClientMode + * @library /javax/net/ssl/templates * @run main/othervm EngineEnforceUseClientMode * @author Brad R. Wetmore */ import javax.net.ssl.*; -import javax.net.ssl.SSLEngineResult.*; -import java.io.*; -import java.security.*; -import java.nio.*; -public class EngineEnforceUseClientMode { +public class EngineEnforceUseClientMode extends SSLEngineTemplate { private static boolean debug = false; - private SSLContext sslc; - private SSLEngine ssle1; // client - private SSLEngine ssle2; // server - - private SSLEngine ssle3; // server - private SSLEngine ssle4; // server - private SSLEngine ssle5; // server - - private static String pathToStores = "../../../../javax/net/ssl/etc"; - private static String keyStoreFile = "keystore"; - private static String trustStoreFile = "truststore"; - private static String passwd = "passphrase"; - - private static String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - private static String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + trustStoreFile; - - private ByteBuffer appOut1; // write side of ssle1 - private ByteBuffer appIn1; // read side of ssle1 - private ByteBuffer appOut2; // write side of ssle2 - private ByteBuffer appIn2; // read side of ssle2 - - private ByteBuffer oneToTwo; // "reliable" transport ssle1->ssle2 - private ByteBuffer twoToOne; // "reliable" transport ssle2->ssle1 + private SSLEngine serverEngine2; // server + private SSLEngine serverEngine3; // server + private SSLEngine serverEngine4; // server /* * Majority of the test case is here, setup is done below. */ - private void createSSLEngines() throws Exception { - ssle1 = sslc.createSSLEngine("client", 1); - ssle1.setUseClientMode(true); - - ssle2 = sslc.createSSLEngine(); - ssle2.setUseClientMode(false); - ssle2.setNeedClientAuth(true); - + private void createAdditionalSSLEngines() throws Exception { + SSLContext sslc = createServerSSLContext(); /* * Note, these are not initialized to client/server */ - ssle3 = sslc.createSSLEngine(); - ssle4 = sslc.createSSLEngine(); - ssle5 = sslc.createSSLEngine(); + serverEngine2 = sslc.createSSLEngine(); + serverEngine3 = sslc.createSSLEngine(); + serverEngine4 = sslc.createSSLEngine(); } private void runTest() throws Exception { - createSSLEngines(); - createBuffers(); + createAdditionalSSLEngines(); /* * First try the engines with no client/server initialization @@ -102,35 +68,35 @@ private void runTest() throws Exception { */ try { System.out.println("Testing wrap()"); - ssle3.wrap(appOut1, oneToTwo); + serverEngine2.wrap(clientOut, cTOs); throw new RuntimeException( "wrap(): Didn't catch the exception properly"); } catch (IllegalStateException e) { System.out.println("Caught the correct exception."); - oneToTwo.flip(); - if (oneToTwo.hasRemaining()) { + cTOs.flip(); + if (cTOs.hasRemaining()) { throw new Exception("wrap generated data"); } - oneToTwo.clear(); + cTOs.clear(); } try { System.out.println("Testing unwrap()"); - ssle4.unwrap(oneToTwo, appIn1); + serverEngine3.unwrap(cTOs, clientIn); throw new RuntimeException( "unwrap(): Didn't catch the exception properly"); } catch (IllegalStateException e) { System.out.println("Caught the correct exception."); - appIn1.flip(); - if (appIn1.hasRemaining()) { + clientIn.flip(); + if (clientIn.hasRemaining()) { throw new Exception("unwrap generated data"); } - appIn1.clear(); + clientIn.clear(); } try { System.out.println("Testing beginHandshake()"); - ssle5.beginHandshake(); + serverEngine4.beginHandshake(); throw new RuntimeException( "unwrap(): Didn't catch the exception properly"); } catch (IllegalStateException e) { @@ -142,60 +108,60 @@ private void runTest() throws Exception { SSLEngineResult result1; // ssle1's results from last operation SSLEngineResult result2; // ssle2's results from last operation - while (!isEngineClosed(ssle1) || !isEngineClosed(ssle2)) { + while (!isEngineClosed(clientEngine) || !isEngineClosed(serverEngine)) { log("================"); - result1 = ssle1.wrap(appOut1, oneToTwo); - result2 = ssle2.wrap(appOut2, twoToOne); + result1 = clientEngine.wrap(clientOut, cTOs); + result2 = serverEngine.wrap(serverOut, sTOc); log("wrap1: " + result1); - log("oneToTwo = " + oneToTwo); + log("oneToTwo = " + cTOs); log(""); log("wrap2: " + result2); - log("twoToOne = " + twoToOne); + log("twoToOne = " + sTOc); - runDelegatedTasks(result1, ssle1); - runDelegatedTasks(result2, ssle2); + runDelegatedTasks(clientEngine); + runDelegatedTasks(serverEngine); - oneToTwo.flip(); - twoToOne.flip(); + cTOs.flip(); + sTOc.flip(); log("----"); - result1 = ssle1.unwrap(twoToOne, appIn1); - result2 = ssle2.unwrap(oneToTwo, appIn2); + result1 = clientEngine.unwrap(sTOc, clientIn); + result2 = serverEngine.unwrap(cTOs, serverIn); log("unwrap1: " + result1); - log("twoToOne = " + twoToOne); + log("twoToOne = " + sTOc); log(""); log("unwrap2: " + result2); - log("oneToTwo = " + oneToTwo); + log("oneToTwo = " + cTOs); - runDelegatedTasks(result1, ssle1); - runDelegatedTasks(result2, ssle2); + runDelegatedTasks(clientEngine); + runDelegatedTasks(serverEngine); - oneToTwo.compact(); - twoToOne.compact(); + cTOs.compact(); + sTOc.compact(); /* * If we've transfered all the data between app1 and app2, * we try to close and see what that gets us. */ - if (!dataDone && (appOut1.limit() == appIn2.position()) && - (appOut2.limit() == appIn1.position())) { + if (!dataDone && (clientOut.limit() == serverIn.position()) && + (serverOut.limit() == clientIn.position())) { - checkTransfer(appOut1, appIn2); - checkTransfer(appOut2, appIn1); + checkTransfer(clientOut, serverIn); + checkTransfer(serverOut, clientIn); // Should not be able to set mode now, no matter if // it is the same of different. System.out.println("Try changing modes..."); for (boolean b : new Boolean[] {true, false}) { try { - ssle2.setUseClientMode(b); + serverEngine.setUseClientMode(b); throw new RuntimeException( "setUseClientMode(" + b + "): " + "Didn't catch the exception properly"); @@ -211,12 +177,8 @@ private void runTest() throws Exception { public static void main(String args[]) throws Exception { - EngineEnforceUseClientMode test; - - test = new EngineEnforceUseClientMode(); - - test.createSSLEngines(); - + EngineEnforceUseClientMode test = new EngineEnforceUseClientMode(); + test.createAdditionalSSLEngines(); test.runTest(); System.out.println("Test Passed."); @@ -229,89 +191,13 @@ public static void main(String args[]) throws Exception { */ public EngineEnforceUseClientMode() throws Exception { - sslc = getSSLContext(keyFilename, trustFilename); - } - - /* - * Create an initialized SSLContext to use for this test. - */ - private SSLContext getSSLContext(String keyFile, String trustFile) - throws Exception { - - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); - - char[] passphrase = "passphrase".toCharArray(); - - ks.load(new FileInputStream(keyFile), passphrase); - ts.load(new FileInputStream(trustFile), passphrase); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); - - SSLContext sslCtx = SSLContext.getInstance("TLS"); - - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - - return sslCtx; - } - - private void createBuffers() { - // Size the buffers as appropriate. - - SSLSession session = ssle1.getSession(); - int appBufferMax = session.getApplicationBufferSize(); - int netBufferMax = session.getPacketBufferSize(); - - appIn1 = ByteBuffer.allocateDirect(appBufferMax + 50); - appIn2 = ByteBuffer.allocateDirect(appBufferMax + 50); - - oneToTwo = ByteBuffer.allocateDirect(netBufferMax); - twoToOne = ByteBuffer.allocateDirect(netBufferMax); - - appOut1 = ByteBuffer.wrap("Hi Engine2, I'm SSLEngine1".getBytes()); - appOut2 = ByteBuffer.wrap("Hello Engine1, I'm SSLEngine2".getBytes()); - - log("AppOut1 = " + appOut1); - log("AppOut2 = " + appOut2); - log(""); - } - - private static void runDelegatedTasks(SSLEngineResult result, - SSLEngine engine) throws Exception { - - if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { - Runnable runnable; - while ((runnable = engine.getDelegatedTask()) != null) { - log("running delegated task..."); - runnable.run(); - } - } + super(); } private static boolean isEngineClosed(SSLEngine engine) { return (engine.isOutboundDone() && engine.isInboundDone()); } - private static void checkTransfer(ByteBuffer a, ByteBuffer b) - throws Exception { - a.flip(); - b.flip(); - - if (!a.equals(b)) { - throw new Exception("Data didn't transfer cleanly"); - } else { - log("Data transferred cleanly"); - } - - a.position(a.limit()); - b.position(b.limit()); - a.limit(a.capacity()); - b.limit(b.capacity()); - } private static void log(String str) { if (debug) { diff --git a/jdk/test/sun/security/ssl/SSLEngineImpl/RehandshakeFinished.java b/jdk/test/sun/security/ssl/SSLEngineImpl/RehandshakeFinished.java index 6967caccb99..740500f9db9 100644 --- a/jdk/test/sun/security/ssl/SSLEngineImpl/RehandshakeFinished.java +++ b/jdk/test/sun/security/ssl/SSLEngineImpl/RehandshakeFinished.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,6 +31,7 @@ * @bug 6207322 * @summary SSLEngine is returning a premature FINISHED message when doing * an abbreviated handshake. + * @library /javax/net/ssl/templates * @run main/othervm RehandshakeFinished * @author Brad Wetmore */ @@ -86,11 +87,9 @@ import javax.net.ssl.*; import javax.net.ssl.SSLEngineResult.*; -import java.io.*; -import java.security.*; import java.nio.*; -public class RehandshakeFinished { +public class RehandshakeFinished extends SSLContextTemplate { /* * Enables logging of the SSLEngine operations. @@ -108,7 +107,7 @@ public class RehandshakeFinished { */ private static boolean debug = false; - static private SSLContext sslc; + private final SSLContext sslc; private SSLEngine clientEngine; // client Engine private ByteBuffer clientOut; // write side of clientEngine @@ -126,46 +125,8 @@ public class RehandshakeFinished { private ByteBuffer cTOs; // "reliable" transport client->server private ByteBuffer sTOc; // "reliable" transport server->client - /* - * The following is to set up the keystores. - */ - private static String pathToStores = "../../../../javax/net/ssl/etc"; - private static String keyStoreFile = "keystore"; - private static String trustStoreFile = "truststore"; - private static String passwd = "passphrase"; - - private static String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - private static String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + trustStoreFile; - - private static Exception loadException = null; - - static { - try { - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); - - char[] passphrase = "passphrase".toCharArray(); - - ks.load(new FileInputStream(keyFilename), passphrase); - ts.load(new FileInputStream(trustFilename), passphrase); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - TrustManagerFactory tmf = - TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); - - SSLContext sslCtx = SSLContext.getInstance("TLSv1.2"); - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - sslc = sslCtx; - } catch (Exception e) { - loadException = e; - } + public RehandshakeFinished() throws Exception { + sslc = createServerSSLContext(); } /* @@ -176,14 +137,10 @@ public static void main(String args[]) throws Exception { System.setProperty("javax.net.debug", "all"); } - if (loadException != null) { - throw loadException; - } - + RehandshakeFinished test = new RehandshakeFinished(); // Prime the session cache with a good session // Second connection should be a simple session resumption. - if ((new RehandshakeFinished().runTest()) != - new RehandshakeFinished().runRehandshake()) { + if (test.runTest() != test.runRehandshake()) { throw new Exception("Sessions not equivalent"); } @@ -412,6 +369,11 @@ private void createSSLEngines() throws Exception { clientEngine.setUseClientMode(true); } + @Override + protected ContextParameters getServerContextParameters() { + return new ContextParameters("TLSv1.2", "PKIX", "NewSunX509"); + } + /* * Create and size the buffers appropriately. */ diff --git a/jdk/test/sun/security/ssl/SSLEngineImpl/SSLEngineDeadlock.java b/jdk/test/sun/security/ssl/SSLEngineImpl/SSLEngineDeadlock.java index d61b25bd886..931830db16d 100644 --- a/jdk/test/sun/security/ssl/SSLEngineImpl/SSLEngineDeadlock.java +++ b/jdk/test/sun/security/ssl/SSLEngineImpl/SSLEngineDeadlock.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,6 +28,7 @@ * @test * @bug 6492872 * @summary Deadlock in SSLEngine + * @library /javax/net/ssl/templates * @run main/othervm SSLEngineDeadlock * @author Brad R. Wetmore */ @@ -70,12 +71,9 @@ import javax.net.ssl.*; import javax.net.ssl.SSLEngineResult.*; -import java.io.*; -import java.security.*; -import java.nio.*; import java.lang.management.*; -public class SSLEngineDeadlock { +public class SSLEngineDeadlock extends SSLEngineTemplate { /* * Enables logging of the SSLEngine operations. @@ -93,41 +91,8 @@ public class SSLEngineDeadlock { */ private static boolean debug = false; - private SSLContext sslc; - - private SSLEngine clientEngine; // client Engine - private ByteBuffer clientOut; // write side of clientEngine - private ByteBuffer clientIn; // read side of clientEngine - - private SSLEngine serverEngine; // server Engine - private ByteBuffer serverOut; // write side of serverEngine - private ByteBuffer serverIn; // read side of serverEngine - private volatile boolean testDone = false; - /* - * For data transport, this example uses local ByteBuffers. This - * isn't really useful, but the purpose of this example is to show - * SSLEngine concepts, not how to do network transport. - */ - private ByteBuffer cTOs; // "reliable" transport client->server - private ByteBuffer sTOc; // "reliable" transport server->client - - /* - * The following is to set up the keystores. - */ - private static String pathToStores = "../../../../javax/net/ssl/etc"; - private static String keyStoreFile = "keystore"; - private static String trustStoreFile = "truststore"; - private static String passwd = "passphrase"; - - private static String keyFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + keyStoreFile; - private static String trustFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + trustStoreFile; - /* * Main entry point for this test. */ @@ -154,26 +119,7 @@ public static void main(String args[]) throws Exception { * Create an initialized SSLContext to use for these tests. */ public SSLEngineDeadlock() throws Exception { - - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); - - char[] passphrase = "passphrase".toCharArray(); - - ks.load(new FileInputStream(keyFilename), passphrase); - ts.load(new FileInputStream(trustFilename), passphrase); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); - - SSLContext sslCtx = SSLContext.getInstance("TLS"); - - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - - sslc = sslCtx; + super(); } /* @@ -214,9 +160,6 @@ private void doTask() { private void runTest() throws Exception { boolean dataDone = false; - createSSLEngines(); - createBuffers(); - SSLEngineResult clientResult; // results from client's last operation SSLEngineResult serverResult; // results from server's last operation @@ -287,82 +230,10 @@ public void run() { testDone = true; } - /* - * Using the SSLContext created during object creation, - * create/configure the SSLEngines we'll use for this test. - */ - private void createSSLEngines() throws Exception { - /* - * Configure the serverEngine to act as a server in the SSL/TLS - * handshake. Also, require SSL client authentication. - */ - serverEngine = sslc.createSSLEngine(); - serverEngine.setUseClientMode(false); - serverEngine.setNeedClientAuth(true); - - /* - * Similar to above, but using client mode instead. - */ - clientEngine = sslc.createSSLEngine("client", 80); - clientEngine.setUseClientMode(true); - } - - /* - * Create and size the buffers appropriately. - */ - private void createBuffers() { - - /* - * We'll assume the buffer sizes are the same - * between client and server. - */ - SSLSession session = clientEngine.getSession(); - int appBufferMax = session.getApplicationBufferSize(); - int netBufferMax = session.getPacketBufferSize(); - - /* - * We'll make the input buffers a bit bigger than the max needed - * size, so that unwrap()s following a successful data transfer - * won't generate BUFFER_OVERFLOWS. - * - * We'll use a mix of direct and indirect ByteBuffers for - * tutorial purposes only. In reality, only use direct - * ByteBuffers when they give a clear performance enhancement. - */ - clientIn = ByteBuffer.allocate(appBufferMax + 50); - serverIn = ByteBuffer.allocate(appBufferMax + 50); - - cTOs = ByteBuffer.allocateDirect(netBufferMax); - sTOc = ByteBuffer.allocateDirect(netBufferMax); - - clientOut = ByteBuffer.wrap("Hi Server, I'm Client".getBytes()); - serverOut = ByteBuffer.wrap("Hello Client, I'm Server".getBytes()); - } - private static boolean isEngineClosed(SSLEngine engine) { return (engine.isOutboundDone() && engine.isInboundDone()); } - /* - * Simple check to make sure everything came across as expected. - */ - private static void checkTransfer(ByteBuffer a, ByteBuffer b) - throws Exception { - a.flip(); - b.flip(); - - if (!a.equals(b)) { - throw new Exception("Data didn't transfer cleanly"); - } else { - log("\tData transferred cleanly"); - } - - a.position(a.limit()); - b.position(b.limit()); - a.limit(a.capacity()); - b.limit(b.capacity()); - } - /* * Detect dead lock */ diff --git a/jdk/test/sun/security/ssl/SSLEngineImpl/SSLEngineFailedALPN.java b/jdk/test/sun/security/ssl/SSLEngineImpl/SSLEngineFailedALPN.java index 0b5a2c3d054..90a6e2525d0 100644 --- a/jdk/test/sun/security/ssl/SSLEngineImpl/SSLEngineFailedALPN.java +++ b/jdk/test/sun/security/ssl/SSLEngineImpl/SSLEngineFailedALPN.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ * @bug 8207317 * @summary SSLEngine negotiation fail Exception behavior changed from * fail-fast to fail-lazy + * @library /javax/net/ssl/templates * @run main/othervm SSLEngineFailedALPN */ /** @@ -68,11 +69,8 @@ */ import javax.net.ssl.*; import javax.net.ssl.SSLEngineResult.*; -import java.io.*; -import java.security.*; -import java.nio.*; -public class SSLEngineFailedALPN { +public class SSLEngineFailedALPN extends SSLEngineTemplate { /* * Enables logging of the SSLEngine operations. @@ -90,39 +88,6 @@ public class SSLEngineFailedALPN { */ private static final boolean debug = false; - private final SSLContext sslc; - - private SSLEngine clientEngine; // client Engine - private ByteBuffer clientOut; // write side of clientEngine - private ByteBuffer clientIn; // read side of clientEngine - - private SSLEngine serverEngine; // server Engine - private ByteBuffer serverOut; // write side of serverEngine - private ByteBuffer serverIn; // read side of serverEngine - - /* - * For data transport, this example uses local ByteBuffers. This - * isn't really useful, but the purpose of this example is to show - * SSLEngine concepts, not how to do network transport. - */ - private ByteBuffer cTOs; // "reliable" transport client->server - private ByteBuffer sTOc; // "reliable" transport server->client - - /* - * The following is to set up the keystores. - */ - private static final String pathToStores = "../../../../javax/net/ssl/etc"; - private static final String keyStoreFile = "keystore"; - private static final String trustStoreFile = "truststore"; - private static final char[] passphrase = "passphrase".toCharArray(); - - private static final String keyFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + keyStoreFile; - private static final String trustFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + trustStoreFile; - /* * Main entry point for this test. */ @@ -141,24 +106,7 @@ public static void main(String args[]) throws Exception { * Create an initialized SSLContext to use for these tests. */ public SSLEngineFailedALPN() throws Exception { - - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); - - ks.load(new FileInputStream(keyFilename), passphrase); - ts.load(new FileInputStream(trustFilename), passphrase); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); - - SSLContext sslCtx = SSLContext.getInstance("TLS"); - - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - - sslc = sslCtx; + super(); } /* @@ -181,9 +129,6 @@ public SSLEngineFailedALPN() throws Exception { private void runTest() throws Exception { boolean dataDone = false; - createSSLEngines(); - createBuffers(); - // results from client's last operation SSLEngineResult clientResult; @@ -309,113 +254,33 @@ private static void logEngineStatus(SSLEngine engine) { log("\tisOutboundDone(): " + engine.isOutboundDone()); } - /* - * Using the SSLContext created during object creation, - * create/configure the SSLEngines we'll use for this test. - */ - private void createSSLEngines() throws Exception { - /* - * Configure the serverEngine to act as a server in the SSL/TLS - * handshake. Also, require SSL client authentication. - */ - serverEngine = sslc.createSSLEngine(); - serverEngine.setUseClientMode(false); - serverEngine.setNeedClientAuth(true); + @Override + protected SSLEngine configureServerEngine(SSLEngine engine) { + engine.setUseClientMode(false); + engine.setNeedClientAuth(true); // Get/set parameters if needed - SSLParameters paramsServer = serverEngine.getSSLParameters(); + SSLParameters paramsServer = engine.getSSLParameters(); paramsServer.setApplicationProtocols(new String[]{"one"}); - serverEngine.setSSLParameters(paramsServer); + engine.setSSLParameters(paramsServer); + return engine; + } - /* - * Similar to above, but using client mode instead. - */ - clientEngine = sslc.createSSLEngine("client", 80); - clientEngine.setUseClientMode(true); + @Override + protected SSLEngine configureClientEngine(SSLEngine engine) { + engine.setUseClientMode(true); // Get/set parameters if needed - SSLParameters paramsClient = clientEngine.getSSLParameters(); + SSLParameters paramsClient = engine.getSSLParameters(); paramsClient.setApplicationProtocols(new String[]{"two"}); - clientEngine.setSSLParameters(paramsClient); - } - - /* - * Create and size the buffers appropriately. - */ - private void createBuffers() { - - /* - * We'll assume the buffer sizes are the same - * between client and server. - */ - SSLSession session = clientEngine.getSession(); - int appBufferMax = session.getApplicationBufferSize(); - int netBufferMax = session.getPacketBufferSize(); - - /* - * We'll make the input buffers a bit bigger than the max needed - * size, so that unwrap()s following a successful data transfer - * won't generate BUFFER_OVERFLOWS. - * - * We'll use a mix of direct and indirect ByteBuffers for - * tutorial purposes only. In reality, only use direct - * ByteBuffers when they give a clear performance enhancement. - */ - clientIn = ByteBuffer.allocate(appBufferMax + 50); - serverIn = ByteBuffer.allocate(appBufferMax + 50); - - cTOs = ByteBuffer.allocateDirect(netBufferMax); - sTOc = ByteBuffer.allocateDirect(netBufferMax); - - clientOut = ByteBuffer.wrap("Hi Server, I'm Client".getBytes()); - serverOut = ByteBuffer.wrap("Hello Client, I'm Server".getBytes()); - } - - /* - * If the result indicates that we have outstanding tasks to do, - * go ahead and run them in this thread. - */ - private static void runDelegatedTasks(SSLEngine engine) throws Exception { - - if (engine.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { - Runnable runnable; - while ((runnable = engine.getDelegatedTask()) != null) { - log(" running delegated task..."); - runnable.run(); - } - HandshakeStatus hsStatus = engine.getHandshakeStatus(); - if (hsStatus == HandshakeStatus.NEED_TASK) { - throw new Exception( - "handshake shouldn't need additional tasks"); - } - logEngineStatus(engine); - } + engine.setSSLParameters(paramsClient); + return engine; } private static boolean isEngineClosed(SSLEngine engine) { return (engine.isOutboundDone() && engine.isInboundDone()); } - /* - * Simple check to make sure everything came across as expected. - */ - private static void checkTransfer(ByteBuffer a, ByteBuffer b) - throws Exception { - a.flip(); - b.flip(); - - if (!a.equals(b)) { - throw new Exception("Data didn't transfer cleanly"); - } else { - log("\tData transferred cleanly"); - } - - a.position(a.limit()); - b.position(b.limit()); - a.limit(a.capacity()); - b.limit(b.capacity()); - } - /* * Logging code */ diff --git a/jdk/test/sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java b/jdk/test/sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java index 735daa2ef5c..02c6d3f2e2b 100644 --- a/jdk/test/sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java +++ b/jdk/test/sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java @@ -24,7 +24,7 @@ /* * @test * @bug 8164879 - * @library /lib/testlibrary ../../ + * @library /lib/testlibrary ../../ /javax/net/ssl/templates * @summary Verify AES/GCM's limits set in the jdk.tls.keyLimits property * start a new handshake sequence to renegotiate the symmetric key with an * SSLSocket connection. This test verifies the handshake method was called @@ -41,24 +41,20 @@ * success. */ -import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; -import javax.net.ssl.TrustManagerFactory; import java.io.File; import java.io.FileInputStream; import java.io.PrintWriter; import java.nio.ByteBuffer; -import java.security.KeyStore; -import java.security.SecureRandom; import java.util.Arrays; import jdk.testlibrary.ProcessTools; import jdk.testlibrary.Utils; import jdk.testlibrary.OutputAnalyzer; -public class SSLEngineKeyLimit { +public class SSLEngineKeyLimit extends SSLContextTemplate { SSLEngine eng; static ByteBuffer cTos; @@ -66,11 +62,6 @@ public class SSLEngineKeyLimit { static ByteBuffer outdata; ByteBuffer buf; static boolean ready = false; - - static String pathToStores = "../../../../javax/net/ssl/etc/"; - static String keyStoreFile = "keystore"; - static String passwd = "passphrase"; - static String keyFilename; static int dataLen = 10240; static boolean serverwrite = true; int totalDataLen = 0; @@ -154,13 +145,6 @@ public static void main(String args[]) throws Throwable { } cTos = ByteBuffer.allocateDirect(dataLen*4); - keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - - System.setProperty("javax.net.ssl.keyStore", keyFilename); - System.setProperty("javax.net.ssl.keyStorePassword", passwd); - sToc = ByteBuffer.allocateDirect(dataLen*4); outdata = ByteBuffer.allocateDirect(dataLen); @@ -401,19 +385,12 @@ ByteBuffer getWriteBuf() { SSLContext initContext() throws Exception { - SSLContext sc = SSLContext.getInstance("TLSv1.3"); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(new FileInputStream(new File(System.getProperty("javax.net.ssl.keyStore"))), - passwd.toCharArray()); - KeyManagerFactory kmf = KeyManagerFactory.getInstance( - KeyManagerFactory.getDefaultAlgorithm()); - kmf.init(ks, passwd.toCharArray()); - TrustManagerFactory tmf = TrustManagerFactory.getInstance( - TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(ks); - sc.init(kmf.getKeyManagers(), - tmf.getTrustManagers(), new SecureRandom()); - return sc; + return createServerSSLContext(); + } + + @Override + protected ContextParameters getServerContextParameters() { + return new ContextParameters("TLSv1.3", "PKIX", "NewSunX509"); } static class Server extends SSLEngineKeyLimit implements Runnable { diff --git a/jdk/test/sun/security/ssl/SSLEngineImpl/TLS13BeginHandshake.java b/jdk/test/sun/security/ssl/SSLEngineImpl/TLS13BeginHandshake.java index 7edc31333ee..8569111b9f5 100644 --- a/jdk/test/sun/security/ssl/SSLEngineImpl/TLS13BeginHandshake.java +++ b/jdk/test/sun/security/ssl/SSLEngineImpl/TLS13BeginHandshake.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,53 +25,36 @@ * @test * @summary Test SSLEngine.begineHandshake() triggers a KeyUpdate handshake * in TLSv1.3 + * @library /javax/net/ssl/templates * @run main/othervm TLS13BeginHandshake */ -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; -import javax.net.ssl.SSLEngineResult.HandshakeStatus; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManagerFactory; -import java.io.File; -import java.io.FileInputStream; -import java.nio.ByteBuffer; -import java.security.KeyStore; -import java.security.SecureRandom; - -public class TLS13BeginHandshake { - static String pathToStores = - System.getProperty("test.src") + "/../../../../javax/net/ssl/etc/"; - static String keyStoreFile = "keystore"; - static String passwd = "passphrase"; - - private SSLEngine serverEngine, clientEngine; + +public class TLS13BeginHandshake extends SSLEngineTemplate { SSLEngineResult clientResult, serverResult; - private ByteBuffer clientOut, clientIn; - private ByteBuffer serverOut, serverIn; - private ByteBuffer cTOs,sTOc; public static void main(String args[]) throws Exception{ new TLS13BeginHandshake().runDemo(); } + public TLS13BeginHandshake() throws Exception { + super(); + } + private void runDemo() throws Exception { int done = 0; - createSSLEngines(); - createBuffers(); - while (!isEngineClosed(clientEngine) || !isEngineClosed(serverEngine)) { System.out.println("================"); clientResult = clientEngine.wrap(clientOut, cTOs); System.out.println("client wrap: " + clientResult); - runDelegatedTasks(clientResult, clientEngine); + runDelegatedTasks(clientEngine); serverResult = serverEngine.wrap(serverOut, sTOc); System.out.println("server wrap: " + serverResult); - runDelegatedTasks(serverResult, serverEngine); + runDelegatedTasks(serverEngine); cTOs.flip(); sTOc.flip(); @@ -81,10 +64,11 @@ private void runDemo() throws Exception { System.out.println("client unwrap: " + clientResult); if (clientResult.getStatus() == SSLEngineResult.Status.CLOSED) { break; - } runDelegatedTasks(clientResult, clientEngine); + } + runDelegatedTasks(clientEngine); serverResult = serverEngine.unwrap(cTOs, serverIn); System.out.println("server unwrap: " + serverResult); - runDelegatedTasks(serverResult, serverEngine); + runDelegatedTasks(serverEngine); cTOs.compact(); sTOc.compact(); @@ -122,72 +106,14 @@ private static boolean isEngineClosed(SSLEngine engine) { return (engine.isOutboundDone() && engine.isInboundDone()); } - private static void checkTransfer(ByteBuffer a, ByteBuffer b) - throws Exception { - a.flip(); - b.flip(); - - if (!a.equals(b)) { - throw new Exception("Data didn't transfer cleanly"); - } else { - System.out.println("\tData transferred cleanly"); - } - - a.compact(); - b.compact(); - + @Override + protected ContextParameters getServerContextParameters() { + return new ContextParameters("TLSv1.3", "PKIX", "NewSunX509"); } - private void createBuffers() { - SSLSession session = clientEngine.getSession(); - int appBufferMax = session.getApplicationBufferSize(); - int netBufferMax = session.getPacketBufferSize(); - - clientIn = ByteBuffer.allocate(appBufferMax + 50); - serverIn = ByteBuffer.allocate(appBufferMax + 50); - - cTOs = ByteBuffer.allocateDirect(netBufferMax); - sTOc = ByteBuffer.allocateDirect(netBufferMax); - clientOut = ByteBuffer.wrap("client".getBytes()); - serverOut = ByteBuffer.wrap("server".getBytes()); + @Override + protected ContextParameters getClientContextParameters() { + return new ContextParameters("TLSv1.3", "PKIX", "NewSunX509"); } - private void createSSLEngines() throws Exception { - serverEngine = initContext().createSSLEngine(); - serverEngine.setUseClientMode(false); - serverEngine.setNeedClientAuth(true); - - clientEngine = initContext().createSSLEngine("client", 80); - clientEngine.setUseClientMode(true); - } - - private SSLContext initContext() throws Exception { - SSLContext sc = SSLContext.getInstance("TLSv1.3"); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(new FileInputStream(new File(pathToStores + keyStoreFile)), - passwd.toCharArray()); - KeyManagerFactory kmf = - KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - kmf.init(ks, passwd.toCharArray()); - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(ks); - sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); - return sc; - } - - private static void runDelegatedTasks(SSLEngineResult result, - SSLEngine engine) throws Exception { - - if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { - Runnable runnable; - while ((runnable = engine.getDelegatedTask()) != null) { - runnable.run(); - } - HandshakeStatus hsStatus = engine.getHandshakeStatus(); - if (hsStatus == HandshakeStatus.NEED_TASK) { - throw new Exception( - "handshake shouldn't need additional tasks"); - } - } - } } diff --git a/jdk/test/sun/security/ssl/SSLSessionImpl/HashCodeMissing.java b/jdk/test/sun/security/ssl/SSLSessionImpl/HashCodeMissing.java index 61f0c6cb477..43ec90d8f8e 100644 --- a/jdk/test/sun/security/ssl/SSLSessionImpl/HashCodeMissing.java +++ b/jdk/test/sun/security/ssl/SSLSessionImpl/HashCodeMissing.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,7 @@ * @test * @bug 4910892 * @summary 4518403 was not properly fixed. hashcode should be hashCode. + * @library /javax/net/ssl/templates * @run main/othervm HashCodeMissing * * SunJSSE does not support dynamic system properties, no way to re-use @@ -33,72 +34,19 @@ */ import java.io.*; -import java.net.*; import javax.net.ssl.*; import java.lang.reflect.*; -public class HashCodeMissing { - - /* - * ============================================================= - * Set the various variables needed for the tests, then - * specify what tests to run on each side. - */ - - /* - * Should we run the client or server in a separate thread? - * Both sides can throw exceptions, but do you have a preference - * as to which side should be the main thread. - */ - static boolean separateServerThread = false; - - /* - * Where do we find the keystores? - */ - static String pathToStores = "../../../../javax/net/ssl/etc"; - static String keyStoreFile = "keystore"; - static String trustStoreFile = "truststore"; - static String passwd = "passphrase"; - - /* - * Is the server ready to serve? - */ - volatile static boolean serverReady = false; +public class HashCodeMissing extends SSLSocketTemplate { /* * Turn on SSL debugging? */ static boolean debug = false; - /* - * If the client or server is doing some kind of object creation - * that the other side depends on, and that thread prematurely - * exits, you may experience a hang. The test harness will - * terminate all hung threads after its timeout has expired, - * currently 3 minutes by default, but you might try to be - * smart about it.... - */ - /* - * Define the server side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. - */ - void doServerSide() throws Exception { - SSLServerSocketFactory sslssf = - (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); - SSLServerSocket sslServerSocket = - (SSLServerSocket) sslssf.createServerSocket(serverPort); - - serverPort = sslServerSocket.getLocalPort(); - - /* - * Signal Client, we're ready for his connect. - */ - serverReady = true; - - SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); + @Override + protected void runServerApplication(SSLSocket sslSocket) throws Exception { InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); @@ -106,28 +54,10 @@ void doServerSide() throws Exception { sslOS.write(85); sslOS.flush(); - sslSocket.close(); } - /* - * Define the client side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. - */ - void doClientSide() throws Exception { - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - SSLSocketFactory sslsf = - (SSLSocketFactory) SSLSocketFactory.getDefault(); - SSLSocket sslSocket = (SSLSocket) - sslsf.createSocket("localhost", serverPort); + @Override + protected void runClientApplication(SSLSocket sslSocket) throws Exception { InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); @@ -150,29 +80,7 @@ void doClientSide() throws Exception { System.out.println("Method = " + method); } - /* - * ============================================================= - * The remainder is just support stuff - */ - - // use any free port by default - volatile int serverPort = 0; - - volatile Exception serverException = null; - volatile Exception clientException = null; - public static void main(String[] args) throws Exception { - String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + trustStoreFile; - - System.setProperty("javax.net.ssl.keyStore", keyFilename); - System.setProperty("javax.net.ssl.keyStorePassword", passwd); - System.setProperty("javax.net.ssl.trustStore", trustFilename); - System.setProperty("javax.net.ssl.trustStorePassword", passwd); if (debug) System.setProperty("javax.net.debug", "all"); @@ -180,129 +88,7 @@ public static void main(String[] args) throws Exception { /* * Start the tests. */ - new HashCodeMissing(); + new HashCodeMissing().run(); } - Thread clientThread = null; - Thread serverThread = null; - - /* - * Primary constructor, used to drive remainder of the test. - * - * Fork off the other side, then do your work. - */ - HashCodeMissing() throws Exception { - try { - if (separateServerThread) { - startServer(true); - startClient(false); - } else { - startClient(true); - startServer(false); - } - } catch (Exception e) { - //swallow for now. Show later - } - - /* - * Wait for other side to close down. - */ - if (separateServerThread) { - serverThread.join(); - } else { - clientThread.join(); - } - - /* - * When we get here, the test is pretty much over. - * Which side threw the error? - */ - Exception local; - Exception remote; - String whichRemote; - - if (separateServerThread) { - remote = serverException; - local = clientException; - whichRemote = "server"; - } else { - remote = clientException; - local = serverException; - whichRemote = "client"; - } - - /* - * If both failed, return the curthread's exception, but also - * print the remote side Exception - */ - if ((local != null) && (remote != null)) { - System.out.println(whichRemote + " also threw:"); - remote.printStackTrace(); - System.out.println(); - throw local; - } - - if (remote != null) { - throw remote; - } - - if (local != null) { - throw local; - } - } - - void startServer(boolean newThread) throws Exception { - if (newThread) { - serverThread = new Thread() { - public void run() { - try { - doServerSide(); - } catch (Exception e) { - /* - * Our server thread just died. - * - * Release the client, if not active already... - */ - System.err.println("Server died..."); - serverReady = true; - serverException = e; - } - } - }; - serverThread.start(); - } else { - try { - doServerSide(); - } catch (Exception e) { - serverException = e; - } finally { - serverReady = true; - } - } - } - - void startClient(boolean newThread) throws Exception { - if (newThread) { - clientThread = new Thread() { - public void run() { - try { - doClientSide(); - } catch (Exception e) { - /* - * Our client thread just died. - */ - System.err.println("Client died..."); - clientException = e; - } - } - }; - clientThread.start(); - } else { - try { - doClientSide(); - } catch (Exception e) { - clientException = e; - } - } - } } diff --git a/jdk/test/sun/security/ssl/SSLSessionImpl/ResumeChecksClient.java b/jdk/test/sun/security/ssl/SSLSessionImpl/ResumeChecksClient.java index b8c20cc0d95..e62b00ff8e3 100644 --- a/jdk/test/sun/security/ssl/SSLSessionImpl/ResumeChecksClient.java +++ b/jdk/test/sun/security/ssl/SSLSessionImpl/ResumeChecksClient.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ * @bug 8206929 8212885 * @summary ensure that client only resumes a session if certain properties * of the session are compatible with the new connection + * @library /javax/net/ssl/templates * @run main/othervm -Djdk.tls.client.protocols=TLSv1.2 ResumeChecksClient BASIC * @run main/othervm -Djdk.tls.client.protocols=TLSv1.3 ResumeChecksClient BASIC * @run main/othervm ResumeChecksClient BASIC @@ -43,13 +44,7 @@ import java.net.*; import java.util.*; -public class ResumeChecksClient { - - static String pathToStores = "../../../../javax/net/ssl/etc"; - static String keyStoreFile = "keystore"; - static String trustStoreFile = "truststore"; - static String passwd = "passphrase"; - +public class ResumeChecksClient extends SSLContextTemplate { enum TestMode { BASIC, VERSION_2_TO_3, @@ -59,38 +54,32 @@ enum TestMode { } public static void main(String[] args) throws Exception { + new ResumeChecksClient(TestMode.valueOf(args[0])).run(); + } - TestMode mode = TestMode.valueOf(args[0]); - - String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + trustStoreFile; - - System.setProperty("javax.net.ssl.keyStore", keyFilename); - System.setProperty("javax.net.ssl.keyStorePassword", passwd); - System.setProperty("javax.net.ssl.trustStore", trustFilename); - System.setProperty("javax.net.ssl.trustStorePassword", passwd); + private final TestMode testMode; + public ResumeChecksClient(TestMode mode) { + this.testMode = mode; + } + private void run() throws Exception { Server server = startServer(); server.signal(); - SSLContext sslContext = SSLContext.getDefault(); + SSLContext sslContext = createClientSSLContext(); while (!server.started) { Thread.yield(); } - SSLSession firstSession = connect(sslContext, server.port, mode, false); + SSLSession firstSession = connect(sslContext, server.port, testMode, false); server.signal(); long secondStartTime = System.currentTimeMillis(); Thread.sleep(10); - SSLSession secondSession = connect(sslContext, server.port, mode, true); + SSLSession secondSession = connect(sslContext, server.port, testMode, true); server.go = false; server.signal(); - switch (mode) { + switch (testMode) { case BASIC: // fail if session is not resumed checkResumedSession(firstSession, secondSession); @@ -105,7 +94,7 @@ public static void main(String[] args) throws Exception { } break; default: - throw new RuntimeException("unknown mode: " + mode); + throw new RuntimeException("unknown mode: " + testMode); } } @@ -287,7 +276,7 @@ private static Server startServer() { return server; } - private static class Server implements Runnable { + private static class Server extends SSLContextTemplate implements Runnable { public volatile boolean go = true; private boolean signal = false; @@ -313,7 +302,7 @@ public synchronized void signal() { public void run() { try { - SSLContext sc = SSLContext.getDefault(); + SSLContext sc = createServerSSLContext(); ServerSocketFactory fac = sc.getServerSocketFactory(); SSLServerSocket ssock = (SSLServerSocket) fac.createServerSocket(0); diff --git a/jdk/test/sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java b/jdk/test/sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java index 14faf95d701..ee7bc5f6918 100644 --- a/jdk/test/sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java +++ b/jdk/test/sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ * @bug 8206929 * @summary ensure that server only resumes a session if certain properties * of the session are compatible with the new connection + * @library /javax/net/ssl/templates * @run main/othervm -Djdk.tls.client.protocols=TLSv1.2 ResumeChecksServer BASIC * @run main/othervm -Djdk.tls.client.protocols=TLSv1.3 ResumeChecksServer BASIC * @run main/othervm ResumeChecksServer BASIC @@ -46,12 +47,7 @@ import java.net.*; import java.util.*; -public class ResumeChecksServer { - - static String pathToStores = "../../../../javax/net/ssl/etc"; - static String keyStoreFile = "keystore"; - static String trustStoreFile = "truststore"; - static String passwd = "passphrase"; +public class ResumeChecksServer extends SSLContextTemplate { enum TestMode { BASIC, @@ -64,23 +60,18 @@ enum TestMode { public static void main(String[] args) throws Exception { - TestMode mode = TestMode.valueOf(args[0]); - - String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + trustStoreFile; + new ResumeChecksServer(TestMode.valueOf(args[0])).run(); + } + private final TestMode testMode; - System.setProperty("javax.net.ssl.keyStore", keyFilename); - System.setProperty("javax.net.ssl.keyStorePassword", passwd); - System.setProperty("javax.net.ssl.trustStore", trustFilename); - System.setProperty("javax.net.ssl.trustStorePassword", passwd); + public ResumeChecksServer(TestMode testMode) { + this.testMode = testMode; + } + private void run() throws Exception { SSLSession secondSession = null; - SSLContext sslContext = SSLContext.getDefault(); + SSLContext sslContext = createServerSSLContext(); ServerSocketFactory fac = sslContext.getServerSocketFactory(); SSLServerSocket ssock = (SSLServerSocket) fac.createServerSocket(0); @@ -88,7 +79,7 @@ public static void main(String[] args) throws Exception { Client client = startClient(ssock.getLocalPort()); try { - connect(client, ssock, mode, false); + connect(client, ssock, testMode, false); } catch (Exception ex) { throw new RuntimeException(ex); } @@ -96,7 +87,7 @@ public static void main(String[] args) throws Exception { long secondStartTime = System.currentTimeMillis(); Thread.sleep(10); try { - secondSession = connect(client, ssock, mode, true); + secondSession = connect(client, ssock, testMode, true); } catch (SSLHandshakeException ex) { // this is expected } catch (Exception ex) { @@ -106,7 +97,7 @@ public static void main(String[] args) throws Exception { client.go = false; client.signal(); - switch (mode) { + switch (testMode) { case BASIC: // fail if session is not resumed if (secondSession.getCreationTime() > secondStartTime) { @@ -127,7 +118,7 @@ public static void main(String[] args) throws Exception { } break; default: - throw new RuntimeException("unknown mode: " + mode); + throw new RuntimeException("unknown mode: " + testMode); } } @@ -242,7 +233,7 @@ private static Client startClient(int port) { return client; } - private static class Client implements Runnable { + private static class Client extends SSLContextTemplate implements Runnable { public volatile boolean go = true; private boolean signal = false; @@ -276,7 +267,7 @@ public synchronized void signal() { public void run() { try { - SSLContext sc = SSLContext.getDefault(); + SSLContext sc = createClientSSLContext(); waitForSignal(); while (go) {