/*

 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

//

// SunJSSE does not support dynamic system properties, no way to re-use

// system properties in samevm/agentvm mode.

//

/**

 * @test

 * @bug 7068321

 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server

 * @library ../templates

 * @modules java.base/sun.misc

 * @build SSLCapabilities SSLExplorer

 * @run main/othervm SSLSocketExplorerMatchedSNI www.example.com

 *     www\.example\.com

 * @run main/othervm SSLSocketExplorerMatchedSNI www.example.com

 *     www\.example\.(com|org)

 * @run main/othervm SSLSocketExplorerMatchedSNI example.com

 *     (.*\.)*example\.(com|org)

 * @run main/othervm SSLSocketExplorerMatchedSNI www.example.com

 *     (.*\.)*example\.(com|org)

 * @run main/othervm SSLSocketExplorerMatchedSNI www.us.example.com

 *     (.*\.)*example\.(com|org)

 */

import java.io.*;

import java.nio.*;

import java.nio.channels.*;

import java.util.*;

import java.net.*;

import javax.net.ssl.*;

public class SSLSocketExplorerMatchedSNI {

    /*

     * =============================================================

     * Set the various variables needed for the tests, then

     * specify what tests to run on each side.

     */

    /*

     * Should we run the client or server in a separate thread?

     * Both sides can throw exceptions, but do you have a preference

     * as to which side should be the main thread.

     */

    static boolean separateServerThread = false;

    /*

     * Where do we find the keystores?

     */

    static String pathToStores = "../etc";

    static String keyStoreFile = "keystore";

    static String trustStoreFile = "truststore";

    static String passwd = "passphrase";

    /*

     * Is the server ready to serve?

     */

    volatile static boolean serverReady = false;

    /*

     * Turn on SSL debugging?

     */

    static boolean debug = false;

    /*

     * If the client or server is doing some kind of object creation

     * that the other side depends on, and that thread prematurely

     * exits, you may experience a hang.  The test harness will

     * terminate all hung threads after its timeout has expired,

     * currently 3 minutes by default, but you might try to be

     * smart about it....

     */

    /*

     * Define the server side of the test.

     *

     * If the server prematurely exits, serverReady will be set to true

     * to avoid infinite hangs.

     */

    void doServerSide() throws Exception {

        ServerSocket serverSocket = new ServerSocket(serverPort);

        // Signal Client, we're ready for his connect.

        serverPort = serverSocket.getLocalPort();

        serverReady = true;

        Socket socket = serverSocket.accept();

        InputStream ins = socket.getInputStream();

        byte[] buffer = new byte[0xFF];

        int position = 0;

        SSLCapabilities capabilities = null;

        // Read the header of TLS record

        while (position < SSLExplorer.RECORD_HEADER_SIZE) {

            int count = SSLExplorer.RECORD_HEADER_SIZE - position;

            int n = ins.read(buffer, position, count);

            if (n < 0) {

                throw new Exception("unexpected end of stream!");

            }

            position += n;

        }

        int recordLength = SSLExplorer.getRequiredSize(buffer, 0, position);

        if (buffer.length < recordLength) {

            buffer = Arrays.copyOf(buffer, recordLength);

        }

        while (position < recordLength) {

            int count = recordLength - position;

            int n = ins.read(buffer, position, count);

            if (n < 0) {

                throw new Exception("unexpected end of stream!");

            }

            position += n;

        }

        capabilities = SSLExplorer.explore(buffer, 0, recordLength);;

        if (capabilities != null) {

            System.out.println("Record version: " +

                    capabilities.getRecordVersion());

            System.out.println("Hello version: " +

                    capabilities.getHelloVersion());

        }

        SSLSocketFactory sslsf =

            (SSLSocketFactory) SSLSocketFactory.getDefault();

        ByteArrayInputStream bais =

            new ByteArrayInputStream(buffer, 0, position);

        SSLSocket sslSocket = (SSLSocket)sslsf.createSocket(socket, bais, true);

        SNIMatcher matcher = SNIHostName.createSNIMatcher(

                                                serverAcceptableHostname);

        Collection<SNIMatcher> matchers = new ArrayList<>(1);

        matchers.add(matcher);

        SSLParameters params = sslSocket.getSSLParameters();

        params.setSNIMatchers(matchers);

        sslSocket.setSSLParameters(params);

        InputStream sslIS = sslSocket.getInputStream();

        OutputStream sslOS = sslSocket.getOutputStream();

        sslIS.read();

        sslOS.write(85);

        sslOS.flush();

        ExtendedSSLSession session = (ExtendedSSLSession)sslSocket.getSession();

        checkCapabilities(capabilities, session);

        sslSocket.close();

        serverSocket.close();

    }

    /*

     * Define the client side of the test.

     *

     * If the server prematurely exits, serverReady will be set to true

     * to avoid infinite hangs.

     */

    void doClientSide() throws Exception {

        /*

         * Wait for server to get started.

         */

        while (!serverReady) {

            Thread.sleep(50);

        }

        SSLSocketFactory sslsf =

            (SSLSocketFactory) SSLSocketFactory.getDefault();

        SSLSocket sslSocket = (SSLSocket)

            sslsf.createSocket("localhost", serverPort);

        SNIHostName serverName = new SNIHostName(clientRequestedHostname);

        List<SNIServerName> serverNames = new ArrayList<>(1);

        serverNames.add(serverName);

        SSLParameters params = sslSocket.getSSLParameters();

        params.setServerNames(serverNames);

        sslSocket.setSSLParameters(params);

        InputStream sslIS = sslSocket.getInputStream();

        OutputStream sslOS = sslSocket.getOutputStream();

        sslOS.write(280);

        sslOS.flush();

        sslIS.read();

        ExtendedSSLSession session = (ExtendedSSLSession)sslSocket.getSession();

        checkSNIInSession(session);

        sslSocket.close();

    }

    void checkCapabilities(SSLCapabilities capabilities,

            ExtendedSSLSession session) throws Exception {

        List<SNIServerName> sessionSNI = session.getRequestedServerNames();

        if (!sessionSNI.equals(capabilities.getServerNames())) {

            for (SNIServerName sni : sessionSNI) {

                System.out.println("SNI in session is " + sni);

            }

            List<SNIServerName> capaSNI = capabilities.getServerNames();

            for (SNIServerName sni : capaSNI) {

                System.out.println("SNI in session is " + sni);

            }

            throw new Exception(

                    "server name indication does not match capabilities");

        }

        checkSNIInSession(session);

    }

    void checkSNIInSession(ExtendedSSLSession session) throws Exception {

        List<SNIServerName> sessionSNI = session.getRequestedServerNames();

        if (sessionSNI.isEmpty()) {

            throw new Exception(

                    "unexpected empty request server name indication");

        }

        if (sessionSNI.size() != 1) {

            throw new Exception(

                    "unexpected request server name indication");

        }

        SNIServerName serverName = sessionSNI.get(0);

        if (!(serverName instanceof SNIHostName)) {

            throw new Exception(

                    "unexpected instance of request server name indication");

        }

        String hostname = ((SNIHostName)serverName).getAsciiName();

        if (!clientRequestedHostname.equalsIgnoreCase(hostname)) {

            throw new Exception(

                    "unexpected request server name indication value");

        }

    }

    private static String clientRequestedHostname;

    private static String serverAcceptableHostname;

    private static void parseArguments(String[] args) {

        clientRequestedHostname = args[0];

        serverAcceptableHostname = args[1];

    }

    /*

     * =============================================================

     * The remainder is just support stuff

     */

    // use any free port by default

    volatile int serverPort = 0;

    volatile Exception serverException = null;

    volatile Exception clientException = null;

    public static void main(String[] args) throws Exception {

        String keyFilename =

            System.getProperty("test.src", ".") + "/" + pathToStores +

                "/" + keyStoreFile;

        String trustFilename =

            System.getProperty("test.src", ".") + "/" + pathToStores +

                "/" + trustStoreFile;

        System.setProperty("javax.net.ssl.keyStore", keyFilename);

        System.setProperty("javax.net.ssl.keyStorePassword", passwd);

        System.setProperty("javax.net.ssl.trustStore", trustFilename);

        System.setProperty("javax.net.ssl.trustStorePassword", passwd);

        if (debug)

            System.setProperty("javax.net.debug", "all");

        /*

         * Get the customized arguments.

         */

        parseArguments(args);

        /*

         * Start the tests.

         */

        new SSLSocketExplorerMatchedSNI();

    }

    Thread clientThread = null;

    Thread serverThread = null;

    /*

     * Primary constructor, used to drive remainder of the test.

     *

     * Fork off the other side, then do your work.

     */

    SSLSocketExplorerMatchedSNI() throws Exception {

        try {

            if (separateServerThread) {

                startServer(true);

                startClient(false);

            } else {

                startClient(true);

                startServer(false);

            }

        } catch (Exception e) {

            // swallow for now.  Show later

        }

        /*

         * Wait for other side to close down.

         */

        if (separateServerThread) {

            serverThread.join();

        } else {

            clientThread.join();

        }

        /*

         * When we get here, the test is pretty much over.

         * Which side threw the error?

         */

        Exception local;

        Exception remote;

        String whichRemote;

        if (separateServerThread) {

            remote = serverException;

            local = clientException;

            whichRemote = "server";

        } else {

            remote = clientException;

            local = serverException;

            whichRemote = "client";

        }

        /*

         * If both failed, return the curthread's exception, but also

         * print the remote side Exception

         */

        if ((local != null) && (remote != null)) {

            System.out.println(whichRemote + " also threw:");

            remote.printStackTrace();

            System.out.println();

            throw local;

        }

        if (remote != null) {

            throw remote;

        }

        if (local != null) {

            throw local;

        }

    }

    void startServer(boolean newThread) throws Exception {

        if (newThread) {

            serverThread = new Thread() {

                public void run() {

                    try {

                        doServerSide();

                    } catch (Exception e) {

                        /*

                         * Our server thread just died.

                         *

                         * Release the client, if not active already...

                         */

                        System.err.println("Server died...");

                        serverReady = true;

                        serverException = e;

                    }

                }

            };

            serverThread.start();

        } else {

            try {

                doServerSide();

            } catch (Exception e) {

                serverException = e;

            } finally {

                serverReady = true;

            }

        }

    }

    void startClient(boolean newThread) throws Exception {

        if (newThread) {

            clientThread = new Thread() {

                public void run() {

                    try {

                        doClientSide();

                    } catch (Exception e) {

                        /*

                         * Our client thread just died.

                         */

                        System.err.println("Client died...");

                        clientException = e;

                    }

                }

            };

            clientThread.start();

        } else {

            try {

                doClientSide();

            } catch (Exception e) {

                clientException = e;

            }

        }

    }

}