author | mchung |
Thu, 28 May 2015 10:54:48 -0700 | |
changeset 30820 | 0d4717a011d3 |
parent 23052 | 241885315119 |
child 41579 | c0fe2e6364d9 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
10328 | 2 |
* Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. |
|
8 |
* |
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
13 |
* accompanied this code). |
|
14 |
* |
|
15 |
* You should have received a copy of the GNU General Public License version |
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 |
* |
|
5506 | 19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
20 |
* or visit www.oracle.com if you need additional information or have any |
|
21 |
* questions. |
|
2 | 22 |
*/ |
23 |
||
24 |
/* |
|
25 |
* @test |
|
26 |
* @bug 4323990 4413069 |
|
27 |
* @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT |
|
10328 | 28 |
* Incorrect checking of proxy server response |
30820 | 29 |
* @modules java.base/sun.net.www |
10328 | 30 |
* @run main/othervm ProxyAuthTest |
31 |
* |
|
32 |
* No way to reserve and restore java.lang.Authenticator, need to run this |
|
33 |
* test in othervm mode. |
|
2 | 34 |
*/ |
35 |
||
36 |
import java.io.*; |
|
37 |
import java.net.*; |
|
38 |
import java.security.KeyStore; |
|
39 |
import javax.net.*; |
|
40 |
import javax.net.ssl.*; |
|
41 |
import java.security.cert.*; |
|
42 |
||
43 |
/* |
|
44 |
* ProxyAuthTest.java -- includes a simple server that can serve |
|
45 |
* Http get request in both clear and secure channel, and a client |
|
46 |
* that makes https requests behind the firewall through an |
|
47 |
* authentication proxy |
|
48 |
*/ |
|
49 |
||
50 |
public class ProxyAuthTest { |
|
51 |
/* |
|
52 |
* Where do we find the keystores? |
|
53 |
*/ |
|
23052
241885315119
8032473: Restructure JSSE regression test hierarchy in jdk test
xuelei
parents:
10328
diff
changeset
|
54 |
static String pathToStores = "../../../../../../javax/net/ssl/etc"; |
2 | 55 |
static String keyStoreFile = "keystore"; |
56 |
static String trustStoreFile = "truststore"; |
|
57 |
static String passwd = "passphrase"; |
|
58 |
||
59 |
volatile private static int serverPort = 0; |
|
60 |
||
61 |
/* |
|
62 |
* The TestServer implements a OriginServer that |
|
63 |
* processes HTTP requests and responses. |
|
64 |
*/ |
|
65 |
static class TestServer extends OriginServer { |
|
66 |
public TestServer(ServerSocket ss) throws Exception { |
|
67 |
super(ss); |
|
68 |
} |
|
69 |
||
70 |
/* |
|
71 |
* Returns an array of bytes containing the bytes for |
|
72 |
* the data sent in the response. |
|
73 |
* |
|
74 |
* @return bytes for the data in the response |
|
75 |
*/ |
|
76 |
public byte[] getBytes() { |
|
77 |
return "Proxy authentication for tunneling succeeded ..". |
|
78 |
getBytes(); |
|
79 |
} |
|
80 |
} |
|
81 |
||
82 |
/* |
|
83 |
* Main method to create the server and the client |
|
84 |
*/ |
|
10328 | 85 |
public static void main(String args[]) throws Exception { |
2 | 86 |
String keyFilename = |
87 |
System.getProperty("test.src", "./") + "/" + pathToStores + |
|
88 |
"/" + keyStoreFile; |
|
89 |
String trustFilename = |
|
90 |
System.getProperty("test.src", "./") + "/" + pathToStores + |
|
91 |
"/" + trustStoreFile; |
|
92 |
||
93 |
System.setProperty("javax.net.ssl.keyStore", keyFilename); |
|
94 |
System.setProperty("javax.net.ssl.keyStorePassword", passwd); |
|
95 |
System.setProperty("javax.net.ssl.trustStore", trustFilename); |
|
96 |
System.setProperty("javax.net.ssl.trustStorePassword", passwd); |
|
97 |
||
98 |
boolean useSSL = true; |
|
99 |
/* |
|
100 |
* setup the server |
|
101 |
*/ |
|
102 |
try { |
|
103 |
ServerSocketFactory ssf = |
|
104 |
ProxyAuthTest.getServerSocketFactory(useSSL); |
|
105 |
ServerSocket ss = ssf.createServerSocket(serverPort); |
|
106 |
serverPort = ss.getLocalPort(); |
|
107 |
new TestServer(ss); |
|
108 |
} catch (Exception e) { |
|
109 |
System.out.println("Server side failed:" + |
|
110 |
e.getMessage()); |
|
111 |
throw e; |
|
112 |
} |
|
113 |
// trigger the client |
|
114 |
try { |
|
115 |
doClientSide(); |
|
116 |
} catch (Exception e) { |
|
10328 | 117 |
System.out.println("Client side failed: " + e.getMessage()); |
2 | 118 |
throw e; |
10328 | 119 |
} |
2 | 120 |
} |
121 |
||
122 |
private static ServerSocketFactory getServerSocketFactory |
|
123 |
(boolean useSSL) throws Exception { |
|
124 |
if (useSSL) { |
|
125 |
SSLServerSocketFactory ssf = null; |
|
126 |
// set up key manager to do server authentication |
|
127 |
SSLContext ctx; |
|
128 |
KeyManagerFactory kmf; |
|
129 |
KeyStore ks; |
|
130 |
char[] passphrase = passwd.toCharArray(); |
|
131 |
||
132 |
ctx = SSLContext.getInstance("TLS"); |
|
133 |
kmf = KeyManagerFactory.getInstance("SunX509"); |
|
134 |
ks = KeyStore.getInstance("JKS"); |
|
135 |
||
136 |
ks.load(new FileInputStream(System.getProperty( |
|
137 |
"javax.net.ssl.keyStore")), passphrase); |
|
138 |
kmf.init(ks, passphrase); |
|
139 |
ctx.init(kmf.getKeyManagers(), null, null); |
|
140 |
||
141 |
ssf = ctx.getServerSocketFactory(); |
|
142 |
return ssf; |
|
143 |
} else { |
|
144 |
return ServerSocketFactory.getDefault(); |
|
145 |
} |
|
146 |
} |
|
147 |
||
148 |
static void doClientSide() throws Exception { |
|
149 |
/* |
|
150 |
* setup up a proxy with authentication information |
|
151 |
*/ |
|
152 |
setupProxy(); |
|
153 |
||
154 |
/* |
|
155 |
* we want to avoid URLspoofCheck failures in cases where the cert |
|
156 |
* DN name does not match the hostname in the URL. |
|
157 |
*/ |
|
158 |
HttpsURLConnection.setDefaultHostnameVerifier( |
|
159 |
new NameVerifier()); |
|
160 |
URL url = new URL("https://" + "localhost:" + serverPort |
|
161 |
+ "/index.html"); |
|
162 |
BufferedReader in = null; |
|
163 |
try { |
|
164 |
in = new BufferedReader(new InputStreamReader( |
|
165 |
url.openStream())); |
|
166 |
String inputLine; |
|
167 |
System.out.print("Client recieved from the server: "); |
|
168 |
while ((inputLine = in.readLine()) != null) |
|
169 |
System.out.println(inputLine); |
|
170 |
in.close(); |
|
171 |
} catch (SSLException e) { |
|
172 |
if (in != null) |
|
173 |
in.close(); |
|
174 |
throw e; |
|
175 |
} |
|
176 |
} |
|
177 |
||
178 |
static class NameVerifier implements HostnameVerifier { |
|
179 |
public boolean verify(String hostname, SSLSession session) { |
|
180 |
return true; |
|
181 |
} |
|
182 |
} |
|
183 |
||
184 |
static void setupProxy() throws IOException { |
|
185 |
ProxyTunnelServer pserver = new ProxyTunnelServer(); |
|
186 |
/* |
|
187 |
* register a system wide authenticator and setup the proxy for |
|
188 |
* authentication |
|
189 |
*/ |
|
190 |
Authenticator.setDefault(new TestAuthenticator()); |
|
191 |
||
192 |
// register with the username and password |
|
193 |
pserver.needUserAuth(true); |
|
194 |
pserver.setUserAuth("Test", "test123"); |
|
195 |
||
196 |
pserver.start(); |
|
197 |
System.setProperty("https.proxyHost", "localhost"); |
|
198 |
System.setProperty("https.proxyPort", String.valueOf( |
|
199 |
pserver.getPort())); |
|
200 |
} |
|
201 |
||
202 |
public static class TestAuthenticator extends Authenticator { |
|
203 |
||
204 |
public PasswordAuthentication getPasswordAuthentication() { |
|
205 |
return new PasswordAuthentication("Test", |
|
206 |
"test123".toCharArray()); |
|
207 |
} |
|
208 |
} |
|
209 |
} |