From 7fd440d97c2bb7b7a6cd7094e7339d65d23e7815 Mon Sep 17 00:00:00 2001 From: Matthew Donovan Date: Thu, 9 Feb 2023 18:21:38 +0000 Subject: [PATCH] 8298868: Update EngineCloseOnAlert.java for changes to TLS implementation Reviewed-by: rhalade --- test/jdk/ProblemList.txt | 2 - .../net/ssl/SSLEngine/EngineCloseOnAlert.java | 96 ++++++++++--------- 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/test/jdk/ProblemList.txt b/test/jdk/ProblemList.txt index e94f267a38c..25fbecf4343 100644 --- a/test/jdk/ProblemList.txt +++ b/test/jdk/ProblemList.txt @@ -586,8 +586,6 @@ sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java 8161536 generic- sun/security/tools/keytool/ListKeychainStore.sh 8156889 macosx-all -javax/net/ssl/SSLEngine/EngineCloseOnAlert.java 8298868 generic-all - sun/security/smartcardio/TestChannel.java 8039280 generic-all sun/security/smartcardio/TestConnect.java 8039280 generic-all sun/security/smartcardio/TestConnectAgain.java 8039280 generic-all diff --git a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java index 1ddd9edfa59..7a4f71d8171 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java +++ b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,7 @@ * @bug 8133632 * @summary javax.net.ssl.SSLEngine does not properly handle received * SSL fatal alerts - * - * @run main/othervm EngineCloseOnAlert + * @run main EngineCloseOnAlert */ import java.io.FileInputStream; @@ -40,23 +39,20 @@ import static javax.net.ssl.SSLEngineResult.HandshakeStatus.*; public class EngineCloseOnAlert { - private static final String pathToStores = "../etc"; - private static final String keyStoreFile = "keystore"; - private static final String trustStoreFile = "truststore"; + private static final String PATH_TO_STORES = "../etc"; + private static final String KEYSTORE_FILENAME = "keystore"; + private static final String TRUSTSTORE_FILENAME = "truststore"; private static final String passwd = "passphrase"; - private static final String keyFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + keyStoreFile; - private static final String trustFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + trustStoreFile; + private static final String KEYSTORE_PATH = + System.getProperty("test.src", ".") + "/" + PATH_TO_STORES + + "/" + KEYSTORE_FILENAME; + private static final String TRUSTSTORE_PATH = + System.getProperty("test.src", ".") + "/" + PATH_TO_STORES + + "/" + TRUSTSTORE_FILENAME; private static KeyManagerFactory KMF; private static TrustManagerFactory TMF; - private static TrustManagerFactory EMPTY_TMF; - private static final String[] TLS10ONLY = { "TLSv1" }; - private static final String[] TLS12ONLY = { "TLSv1.2" }; private static final String[] ONECIPHER = { "TLS_RSA_WITH_AES_128_CBC_SHA" }; @@ -91,6 +87,7 @@ public class EngineCloseOnAlert { } } + private static final String TLSv12 = "TLSv1.2"; private static final TestCase clientReceivesAlert = new TestCase() { @Override public void runTest() throws Exception { @@ -104,7 +101,9 @@ public class EngineCloseOnAlert { // match the requested ciphers offered by the client. This // will generate an alert from the server to the client. - SSLContext context = SSLContext.getDefault(); + SSLContext context = SSLContext.getInstance(TLSv12); + context.init(null, null, null); + SSLEngine client = context.createSSLEngine(); SSLEngine server = context.createSSLEngine(); client.setUseClientMode(true); @@ -136,7 +135,8 @@ public class EngineCloseOnAlert { serverResult = server.wrap(plain, raw); System.out.println("Server result: " + serverResult); runDelegatedTasks(serverResult, server); - } catch (SSLException e) { + throw new RuntimeException("The expected SSLHandshakeException was not thrown."); + } catch (SSLHandshakeException e) { // This is the expected code path System.out.println("Server throws exception: " + e); System.out.println("Server engine state: " + @@ -147,16 +147,13 @@ public class EngineCloseOnAlert { } raw.clear(); - // The above should show that isInboundDone returns true, and - // handshake status is NEED_WRAP. That is the correct behavior, - // wrap will put a fatal alert message in the buffer. serverResult = server.wrap(plain, raw); System.out.println("Server result (wrap after exception): " + serverResult); System.out.println("Server engine closure state: isInboundDone=" + server.isInboundDone() + ", isOutboundDone=" + server.isOutboundDone()); - checkEngineState(server, NEED_UNWRAP, true, true); + checkEngineState(server, NOT_HANDSHAKING, true, true); raw.flip(); System.out.println("Server-to-Client:\n-----------------\n" + @@ -167,7 +164,8 @@ public class EngineCloseOnAlert { clientResult = client.unwrap(raw, plain); System.out.println("Client result (unwrap alert): " + clientResult); - } catch (SSLException e) { + throw new RuntimeException("Client did not throw the expected SSLException."); + } catch (SSLHandshakeException e) { System.out.println("Client throws exception: " + e); System.out.println("Engine closure status: isInboundDone=" + client.isInboundDone() + ", isOutboundDone=" @@ -188,17 +186,16 @@ public class EngineCloseOnAlert { private static final TestCase serverReceivesAlert = new TestCase() { @Override public void runTest() throws Exception { - SSLContext cliContext = SSLContext.getDefault(); - SSLContext servContext = SSLContext.getInstance("TLS"); + SSLContext cliContext = SSLContext.getInstance(TLSv12); + cliContext.init(null, null, null); + SSLContext servContext = SSLContext.getInstance(TLSv12); servContext.init(KMF.getKeyManagers(), TMF.getTrustManagers(), null); SSLEngine client = cliContext.createSSLEngine(); SSLEngine server = servContext.createSSLEngine(); client.setUseClientMode(true); - client.setEnabledProtocols(TLS12ONLY); client.setEnabledCipherSuites(ONECIPHER); server.setUseClientMode(false); - server.setEnabledProtocols(TLS10ONLY); SSLEngineResult clientResult; SSLEngineResult serverResult; ByteBuffer raw = ByteBuffer.allocate(32768); @@ -232,36 +229,41 @@ public class EngineCloseOnAlert { System.out.println("Server-to-Client:\n-----------------\n" + dumpHexBytes(raw, 16, "\n", ":")); - // The client should parse this and throw an exception because - // It is unwiling to do TLS 1.0 + // Change the handshake type field to client_hello which will + // cause the client to generate an unexpected_message alert + raw.put(5, (byte)0x1); clientResult = client.unwrap(raw, plain); checkEngineState(client, NEED_TASK, false, false); runDelegatedTasks(clientResult, client); - checkEngineState(client, NEED_UNWRAP, false, false); - - try { - client.unwrap(raw, plain); - } catch (SSLException e) { - System.out.println("Client throws exception: " + e); - System.out.println("Engine closure status: isInboundDone=" - + client.isInboundDone() + ", isOutboundDone=" - + client.isOutboundDone() + ", handshake status=" - + client.getHandshakeStatus()); - checkEngineState(client, NEED_WRAP, true, false); - } + checkEngineState(client, NEED_WRAP, true, false); raw.clear(); // Now the client should wrap the exception + try { + client.wrap(plain, raw); + throw new RuntimeException("The expected exception was not " + + "thrown after the client processed an unexpected message."); + } catch (SSLProtocolException exc) { + // this is the expected code path + System.out.println("Client throws expected exception: " + exc); + System.out.println("Client engine state: " + + "isInboundDone = "+ client.isInboundDone() + + ", isOutboundDone = " + client.isOutboundDone() + + ", handshake status = " + client.getHandshakeStatus()); + checkEngineState(client, NEED_WRAP, true, false); + } + raw.clear(); client.wrap(plain, raw); - checkEngineState(client, NEED_UNWRAP, true, true); - raw.flip(); + checkEngineState(client, NOT_HANDSHAKING, true, true); System.out.println("Client-to-Server:\n-----------------\n" + dumpHexBytes(raw, 16, "\n", ":")); + raw.flip(); try { server.unwrap(raw, plain); - checkEngineState(server, NEED_UNWRAP, false, false); - } catch (SSLException e) { + throw new RuntimeException("The server did not throw an " + + "SSLProtocolException after parsing an alert message."); + } catch (SSLProtocolException e) { System.out.println("Server throws exception: " + e); System.out.println("Engine closure status: isInboundDone=" + server.isInboundDone() + ", isOutboundDone=" @@ -338,15 +340,15 @@ public class EngineCloseOnAlert { KeyStore empty_ts = KeyStore.getInstance("PKCS12"); char[] passphrase = passwd.toCharArray(); - keystore.load(new FileInputStream(keyFilename), passphrase); - truststore.load(new FileInputStream(trustFilename), passphrase); + keystore.load(new FileInputStream(KEYSTORE_PATH), passphrase); + truststore.load(new FileInputStream(TRUSTSTORE_PATH), passphrase); empty_ts.load(null, "".toCharArray()); KMF = KeyManagerFactory.getInstance("PKIX"); KMF.init(keystore, passphrase); TMF = TrustManagerFactory.getInstance("PKIX"); TMF.init(truststore); - EMPTY_TMF = TrustManagerFactory.getInstance("PKIX"); + TrustManagerFactory EMPTY_TMF = TrustManagerFactory.getInstance("PKIX"); EMPTY_TMF.init(truststore); }