Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / libcore / 319a3b994703aac84df7bcde272adfcb3cdbbbf0 / . / jdk / test / sun / security / ssl / sanity / interop / CipherTest.java
blob: 645829171bdc4beb495caf17e564b96833ea6669 [file] [log] [blame]
J. Duke319a3b92007-12-01 00:00:00 +0000[diff] [blame^]1/*
2 * Copyright 2002-2005 Sun Microsystems, Inc. All Rights Reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
20 * CA 95054 USA or visit www.sun.com if you need additional information or
21 * have any questions.
22 */
23
24
25import java.io.*;
26import java.net.*;
27import java.util.*;
28import java.util.concurrent.*;
29
30import java.security.*;
31import java.security.cert.*;
32import java.security.cert.Certificate;
33
34import javax.net.ssl.*;
35
36/**
37 * Test that all ciphersuites work in all versions and all client
38 * authentication types. The way this is setup the server is stateless and
39 * all checking is done on the client side.
40 *
41 * The test is multithreaded to speed it up, especially on multiprocessor
42 * machines. To simplify debugging, run with -DnumThreads=1.
43 *
44 * @author Andreas Sterbenz
45 */
46public class CipherTest {
47
48 // use any available port for the server socket
49 static int serverPort = 0;
50
51 final int THREADS;
52
53 // assume that if we do not read anything for 20 seconds, something
54 // has gone wrong
55 final static int TIMEOUT = 20 * 1000;
56
57 static KeyStore trustStore, keyStore;
58 static X509ExtendedKeyManager keyManager;
59 static X509TrustManager trustManager;
60 static SecureRandom secureRandom;
61
62 private static PeerFactory peerFactory;
63
64 static abstract class Server implements Runnable {
65
66 final CipherTest cipherTest;
67
68 Server(CipherTest cipherTest) throws Exception {
69 this.cipherTest = cipherTest;
70 }
71
72 public abstract void run();
73
74 void handleRequest(InputStream in, OutputStream out) throws IOException {
75 boolean newline = false;
76 StringBuilder sb = new StringBuilder();
77 while (true) {
78 int ch = in.read();
79 if (ch < 0) {
80 throw new EOFException();
81 }
82 sb.append((char)ch);
83 if (ch == '\r') {
84 // empty
85 } else if (ch == '\n') {
86 if (newline) {
87 // 2nd newline in a row, end of request
88 break;
89 }
90 newline = true;
91 } else {
92 newline = false;
93 }
94 }
95 String request = sb.toString();
96 if (request.startsWith("GET / HTTP/1.") == false) {
97 throw new IOException("Invalid request: " + request);
98 }
99 out.write("HTTP/1.0 200 OK\r\n\r\n".getBytes());
100 }
101
102 }
103
104 public static class TestParameters {
105
106 String cipherSuite;
107 String protocol;
108 String clientAuth;
109
110 TestParameters(String cipherSuite, String protocol,
111 String clientAuth) {
112 this.cipherSuite = cipherSuite;
113 this.protocol = protocol;
114 this.clientAuth = clientAuth;
115 }
116
117 boolean isEnabled() {
118// return cipherSuite.equals("SSL_RSA_WITH_RC4_128_MD5") &&
119// (clientAuth != null);
120// return cipherSuite.indexOf("_RSA_") != -1;
121// return cipherSuite.indexOf("DH_anon") != -1;
122 return true;
123 }
124
125 public String toString() {
126 String s = cipherSuite + " in " + protocol + " mode";
127 if (clientAuth != null) {
128 s += " with " + clientAuth + " client authentication";
129 }
130 return s;
131 }
132
133 }
134
135 private List<TestParameters> tests;
136 private Iterator<TestParameters> testIterator;
137 private SSLSocketFactory factory;
138 private boolean failed;
139
140 private CipherTest(PeerFactory peerFactory) throws IOException {
141 THREADS = Integer.parseInt(System.getProperty("numThreads", "4"));
142 factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
143 SSLSocket socket = (SSLSocket)factory.createSocket();
144 String[] cipherSuites = socket.getSupportedCipherSuites();
145 String[] protocols = socket.getSupportedProtocols();
146 String[] clientAuths = {null, "RSA", "DSA"};
147 tests = new ArrayList<TestParameters>(
148 cipherSuites.length * protocols.length * clientAuths.length);
149 for (int i = 0; i < cipherSuites.length; i++) {
150 String cipherSuite = cipherSuites[i];
151 if (peerFactory.isSupported(cipherSuite) == false) {
152 continue;
153 }
154 // skip kerberos cipher suites
155 if (cipherSuite.startsWith("TLS_KRB5")) {
156 continue;
157 }
158 for (int j = 0; j < protocols.length; j++) {
159 String protocol = protocols[j];
160 if (protocol.equals("SSLv2Hello")) {
161 continue;
162 }
163 for (int k = 0; k < clientAuths.length; k++) {
164 String clientAuth = clientAuths[k];
165 if ((clientAuth != null) &&
166 (cipherSuite.indexOf("DH_anon") != -1)) {
167 // no client with anonymous ciphersuites
168 continue;
169 }
170 tests.add(new TestParameters(cipherSuite, protocol,
171 clientAuth));
172 }
173 }
174 }
175 testIterator = tests.iterator();
176 }
177
178 synchronized void setFailed() {
179 failed = true;
180 }
181
182 public void run() throws Exception {
183 Thread[] threads = new Thread[THREADS];
184 for (int i = 0; i < THREADS; i++) {
185 try {
186 threads[i] = new Thread(peerFactory.newClient(this),
187 "Client " + i);
188 } catch (Exception e) {
189 e.printStackTrace();
190 return;
191 }
192 threads[i].start();
193 }
194 try {
195 for (int i = 0; i < THREADS; i++) {
196 threads[i].join();
197 }
198 } catch (InterruptedException e) {
199 setFailed();
200 e.printStackTrace();
201 }
202 if (failed) {
203 throw new Exception("*** Test '" + peerFactory.getName() +
204 "' failed ***");
205 } else {
206 System.out.println("Test '" + peerFactory.getName() +
207 "' completed successfully");
208 }
209 }
210
211 synchronized TestParameters getTest() {
212 if (failed) {
213 return null;
214 }
215 if (testIterator.hasNext()) {
216 return (TestParameters)testIterator.next();
217 }
218 return null;
219 }
220
221 SSLSocketFactory getFactory() {
222 return factory;
223 }
224
225 static abstract class Client implements Runnable {
226
227 final CipherTest cipherTest;
228
229 Client(CipherTest cipherTest) throws Exception {
230 this.cipherTest = cipherTest;
231 }
232
233 public final void run() {
234 while (true) {
235 TestParameters params = cipherTest.getTest();
236 if (params == null) {
237 // no more tests
238 break;
239 }
240 if (params.isEnabled() == false) {
241 System.out.println("Skipping disabled test " + params);
242 continue;
243 }
244 try {
245 runTest(params);
246 System.out.println("Passed " + params);
247 } catch (Exception e) {
248 cipherTest.setFailed();
249 System.out.println("** Failed " + params + "**");
250 e.printStackTrace();
251 }
252 }
253 }
254
255 abstract void runTest(TestParameters params) throws Exception;
256
257 void sendRequest(InputStream in, OutputStream out) throws IOException {
258 out.write("GET / HTTP/1.0\r\n\r\n".getBytes());
259 out.flush();
260 StringBuilder sb = new StringBuilder();
261 while (true) {
262 int ch = in.read();
263 if (ch < 0) {
264 break;
265 }
266 sb.append((char)ch);
267 }
268 String response = sb.toString();
269 if (response.startsWith("HTTP/1.0 200 ") == false) {
270 throw new IOException("Invalid response: " + response);
271 }
272 }
273
274 }
275
276 // for some reason, ${test.src} has a different value when the
277 // test is called from the script and when it is called directly...
278 static String pathToStores = "../../etc";
279 static String pathToStoresSH = ".";
280 static String keyStoreFile = "keystore";
281 static String trustStoreFile = "truststore";
282 static char[] passwd = "passphrase".toCharArray();
283
284 static File PATH;
285
286 private static KeyStore readKeyStore(String name) throws Exception {
287 File file = new File(PATH, name);
288 InputStream in = new FileInputStream(file);
289 KeyStore ks = KeyStore.getInstance("JKS");
290 ks.load(in, passwd);
291 in.close();
292 return ks;
293 }
294
295 public static void main(PeerFactory peerFactory, String[] args)
296 throws Exception {
297 long time = System.currentTimeMillis();
298 String relPath;
299 if ((args.length > 0) && args[0].equals("sh")) {
300 relPath = pathToStoresSH;
301 } else {
302 relPath = pathToStores;
303 }
304 PATH = new File(System.getProperty("test.src", "."), relPath);
305 CipherTest.peerFactory = peerFactory;
306 System.out.print(
307 "Initializing test '" + peerFactory.getName() + "'...");
308 secureRandom = new SecureRandom();
309 secureRandom.nextInt();
310 trustStore = readKeyStore(trustStoreFile);
311 keyStore = readKeyStore(keyStoreFile);
312 KeyManagerFactory keyFactory =
313 KeyManagerFactory.getInstance(
314 KeyManagerFactory.getDefaultAlgorithm());
315 keyFactory.init(keyStore, passwd);
316 keyManager = (X509ExtendedKeyManager)keyFactory.getKeyManagers()[0];
317 trustManager = new AlwaysTrustManager();
318
319 CipherTest cipherTest = new CipherTest(peerFactory);
320 Thread serverThread = new Thread(peerFactory.newServer(cipherTest),
321 "Server");
322 serverThread.setDaemon(true);
323 serverThread.start();
324 System.out.println("Done");
325 cipherTest.run();
326 time = System.currentTimeMillis() - time;
327 System.out.println("Done. (" + time + " ms)");
328 }
329
330 static abstract class PeerFactory {
331
332 abstract String getName();
333
334 abstract Client newClient(CipherTest cipherTest) throws Exception;
335
336 abstract Server newServer(CipherTest cipherTest) throws Exception;
337
338 boolean isSupported(String cipherSuite) {
339 return true;
340 }
341 }
342
343}
344
345// we currently don't do any chain verification. we assume that works ok
346// and we can speed up the test. we could also just add a plain certificate
347// chain comparision with our trusted certificates.
348class AlwaysTrustManager implements X509TrustManager {
349
350 public AlwaysTrustManager() {
351
352 }
353
354 public void checkClientTrusted(X509Certificate[] chain, String authType)
355 throws CertificateException {
356 // empty
357 }
358
359 public void checkServerTrusted(X509Certificate[] chain, String authType)
360 throws CertificateException {
361 // empty
362 }
363
364 public X509Certificate[] getAcceptedIssuers() {
365 return new X509Certificate[0];
366 }
367}
368
369class MyX509KeyManager extends X509ExtendedKeyManager {
370
371 private final X509ExtendedKeyManager keyManager;
372 private String authType;
373
374 MyX509KeyManager(X509ExtendedKeyManager keyManager) {
375 this.keyManager = keyManager;
376 }
377
378 void setAuthType(String authType) {
379 this.authType = authType;
380 }
381
382 public String[] getClientAliases(String keyType, Principal[] issuers) {
383 if (authType == null) {
384 return null;
385 }
386 return keyManager.getClientAliases(authType, issuers);
387 }
388
389 public String chooseClientAlias(String[] keyType, Principal[] issuers,
390 Socket socket) {
391 if (authType == null) {
392 return null;
393 }
394 return keyManager.chooseClientAlias(new String[] {authType},
395 issuers, socket);
396 }
397
398 public String chooseEngineClientAlias(String[] keyType,
399 Principal[] issuers, SSLEngine engine) {
400 if (authType == null) {
401 return null;
402 }
403 return keyManager.chooseEngineClientAlias(new String[] {authType},
404 issuers, engine);
405 }
406
407 public String[] getServerAliases(String keyType, Principal[] issuers) {
408 throw new UnsupportedOperationException("Servers not supported");
409 }
410
411 public String chooseServerAlias(String keyType, Principal[] issuers,
412 Socket socket) {
413 throw new UnsupportedOperationException("Servers not supported");
414 }
415
416 public String chooseEngineServerAlias(String keyType, Principal[] issuers,
417 SSLEngine engine) {
418 throw new UnsupportedOperationException("Servers not supported");
419 }
420
421 public X509Certificate[] getCertificateChain(String alias) {
422 return keyManager.getCertificateChain(alias);
423 }
424
425 public PrivateKey getPrivateKey(String alias) {
426 return keyManager.getPrivateKey(alias);
427 }
428
429}
430
431class DaemonThreadFactory implements ThreadFactory {
432
433 final static ThreadFactory INSTANCE = new DaemonThreadFactory();
434
435 private final static ThreadFactory DEFAULT = Executors.defaultThreadFactory();
436
437 public Thread newThread(Runnable r) {
438 Thread t = DEFAULT.newThread(r);
439 t.setDaemon(true);
440 return t;
441 }
442
443}