author | chegar |
Wed, 07 Feb 2018 14:17:24 +0000 | |
branch | http-client-branch |
changeset 56089 | 42208b2f224e |
parent 55990 | test/jdk/java/net/httpclient/whitebox/jdk.incubator.httpclient/jdk/incubator/http/AbstractSSLTubeTest.java@002db7829808 |
permissions | -rw-r--r-- |
48083 | 1 |
/* |
2 |
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. |
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. |
|
8 |
* |
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
13 |
* accompanied this code). |
|
14 |
* |
|
15 |
* You should have received a copy of the GNU General Public License version |
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 |
* |
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 |
* or visit www.oracle.com if you need additional information or have any |
|
21 |
* questions. |
|
22 |
*/ |
|
23 |
||
56089
42208b2f224e
http-client-branch: move to standard package and module name
chegar
parents:
55990
diff
changeset
|
24 |
package java.net.http; |
48083 | 25 |
|
56089
42208b2f224e
http-client-branch: move to standard package and module name
chegar
parents:
55990
diff
changeset
|
26 |
import java.net.http.internal.common.FlowTube; |
42208b2f224e
http-client-branch: move to standard package and module name
chegar
parents:
55990
diff
changeset
|
27 |
import java.net.http.internal.common.SSLTube; |
42208b2f224e
http-client-branch: move to standard package and module name
chegar
parents:
55990
diff
changeset
|
28 |
import java.net.http.internal.common.Utils; |
48083 | 29 |
import org.testng.annotations.Test; |
30 |
||
31 |
import javax.net.ssl.KeyManagerFactory; |
|
32 |
import javax.net.ssl.SSLContext; |
|
33 |
import javax.net.ssl.SSLEngine; |
|
34 |
import javax.net.ssl.SSLParameters; |
|
35 |
import javax.net.ssl.TrustManagerFactory; |
|
36 |
import java.io.File; |
|
37 |
import java.io.FileInputStream; |
|
38 |
import java.io.IOException; |
|
39 |
import java.io.InputStream; |
|
40 |
import java.nio.ByteBuffer; |
|
41 |
import java.security.KeyManagementException; |
|
42 |
import java.security.KeyStore; |
|
43 |
import java.security.KeyStoreException; |
|
44 |
import java.security.NoSuchAlgorithmException; |
|
45 |
import java.security.UnrecoverableKeyException; |
|
46 |
import java.security.cert.CertificateException; |
|
47 |
import java.util.List; |
|
48 |
import java.util.StringTokenizer; |
|
49 |
import java.util.concurrent.CompletableFuture; |
|
50 |
import java.util.concurrent.CountDownLatch; |
|
51 |
import java.util.concurrent.ExecutorService; |
|
52 |
import java.util.concurrent.Flow; |
|
53 |
import java.util.concurrent.ForkJoinPool; |
|
54 |
import java.util.concurrent.SubmissionPublisher; |
|
55 |
import java.util.concurrent.atomic.AtomicLong; |
|
56 |
||
57 |
public class AbstractSSLTubeTest extends AbstractRandomTest { |
|
58 |
||
59 |
public static final long COUNTER = 600; |
|
60 |
public static final int LONGS_PER_BUF = 800; |
|
61 |
public static final long TOTAL_LONGS = COUNTER * LONGS_PER_BUF; |
|
62 |
public static final ByteBuffer SENTINEL = ByteBuffer.allocate(0); |
|
63 |
// This is a hack to work around an issue with SubmissionPublisher. |
|
64 |
// SubmissionPublisher will call onComplete immediately without forwarding |
|
65 |
// remaining pending data if SubmissionPublisher.close() is called when |
|
66 |
// there is no demand. In other words, it doesn't wait for the subscriber |
|
67 |
// to pull all the data before calling onComplete. |
|
68 |
// We use a CountDownLatch to figure out when it is safe to call close(). |
|
69 |
// This may cause the test to hang if data are buffered. |
|
70 |
protected final CountDownLatch allBytesReceived = new CountDownLatch(1); |
|
71 |
||
72 |
||
73 |
protected static ByteBuffer getBuffer(long startingAt) { |
|
74 |
ByteBuffer buf = ByteBuffer.allocate(LONGS_PER_BUF * 8); |
|
75 |
for (int j = 0; j < LONGS_PER_BUF; j++) { |
|
76 |
buf.putLong(startingAt++); |
|
77 |
} |
|
78 |
buf.flip(); |
|
79 |
return buf; |
|
80 |
} |
|
81 |
||
82 |
protected void run(FlowTube server, |
|
83 |
ExecutorService sslExecutor, |
|
84 |
CountDownLatch allBytesReceived) throws IOException { |
|
85 |
FlowTube client = new SSLTube(createSSLEngine(true), |
|
86 |
sslExecutor, |
|
87 |
server); |
|
88 |
SubmissionPublisher<List<ByteBuffer>> p = |
|
89 |
new SubmissionPublisher<>(ForkJoinPool.commonPool(), |
|
90 |
Integer.MAX_VALUE); |
|
91 |
FlowTube.TubePublisher begin = p::subscribe; |
|
92 |
CompletableFuture<Void> completion = new CompletableFuture<>(); |
|
93 |
EndSubscriber end = new EndSubscriber(TOTAL_LONGS, completion, allBytesReceived); |
|
94 |
client.connectFlows(begin, end); |
|
95 |
/* End of wiring */ |
|
96 |
||
97 |
long count = 0; |
|
98 |
System.out.printf("Submitting %d buffer arrays\n", COUNTER); |
|
99 |
System.out.printf("LoopCount should be %d\n", TOTAL_LONGS); |
|
100 |
for (long i = 0; i < COUNTER; i++) { |
|
101 |
ByteBuffer b = getBuffer(count); |
|
102 |
count += LONGS_PER_BUF; |
|
103 |
p.submit(List.of(b)); |
|
104 |
} |
|
105 |
System.out.println("Finished submission. Waiting for loopback"); |
|
106 |
completion.whenComplete((r,t) -> allBytesReceived.countDown()); |
|
107 |
try { |
|
108 |
allBytesReceived.await(); |
|
109 |
} catch (InterruptedException e) { |
|
110 |
throw new IOException(e); |
|
111 |
} |
|
112 |
p.close(); |
|
113 |
System.out.println("All bytes received: calling publisher.close()"); |
|
114 |
try { |
|
115 |
completion.join(); |
|
116 |
System.out.println("OK"); |
|
117 |
} finally { |
|
118 |
sslExecutor.shutdownNow(); |
|
119 |
} |
|
120 |
} |
|
121 |
||
122 |
protected static void sleep(long millis) { |
|
123 |
try { |
|
124 |
Thread.sleep(millis); |
|
125 |
} catch (InterruptedException e) { |
|
126 |
||
127 |
} |
|
128 |
} |
|
129 |
||
130 |
/** |
|
131 |
* The final subscriber which receives the decrypted looped-back data. Just |
|
132 |
* needs to compare the data with what was sent. The given CF is either |
|
133 |
* completed exceptionally with an error or normally on success. |
|
134 |
*/ |
|
135 |
protected static class EndSubscriber implements FlowTube.TubeSubscriber { |
|
136 |
||
137 |
private static final int REQUEST_WINDOW = 13; |
|
138 |
||
139 |
private final long nbytes; |
|
140 |
private final AtomicLong counter = new AtomicLong(); |
|
141 |
private final CompletableFuture<?> completion; |
|
142 |
private final CountDownLatch allBytesReceived; |
|
143 |
private volatile Flow.Subscription subscription; |
|
144 |
private long unfulfilled; |
|
145 |
||
146 |
EndSubscriber(long nbytes, CompletableFuture<?> completion, |
|
147 |
CountDownLatch allBytesReceived) { |
|
148 |
this.nbytes = nbytes; |
|
149 |
this.completion = completion; |
|
150 |
this.allBytesReceived = allBytesReceived; |
|
151 |
} |
|
152 |
||
153 |
@Override |
|
154 |
public void onSubscribe(Flow.Subscription subscription) { |
|
155 |
this.subscription = subscription; |
|
156 |
unfulfilled = REQUEST_WINDOW; |
|
157 |
System.out.println("EndSubscriber request " + REQUEST_WINDOW); |
|
158 |
subscription.request(REQUEST_WINDOW); |
|
159 |
} |
|
160 |
||
161 |
public static String info(List<ByteBuffer> i) { |
|
162 |
StringBuilder sb = new StringBuilder(); |
|
163 |
sb.append("size: ").append(Integer.toString(i.size())); |
|
164 |
int x = 0; |
|
165 |
for (ByteBuffer b : i) |
|
166 |
x += b.remaining(); |
|
167 |
sb.append(" bytes: ").append(x); |
|
168 |
return sb.toString(); |
|
169 |
} |
|
170 |
||
171 |
@Override |
|
172 |
public void onNext(List<ByteBuffer> buffers) { |
|
173 |
if (--unfulfilled == (REQUEST_WINDOW / 2)) { |
|
174 |
long req = REQUEST_WINDOW - unfulfilled; |
|
175 |
System.out.println("EndSubscriber request " + req); |
|
176 |
unfulfilled = REQUEST_WINDOW; |
|
177 |
subscription.request(req); |
|
178 |
} |
|
179 |
||
180 |
long currval = counter.get(); |
|
181 |
if (currval % 500 == 0) { |
|
182 |
System.out.println("EndSubscriber: " + currval); |
|
183 |
} |
|
184 |
System.out.println("EndSubscriber onNext " + Utils.remaining(buffers)); |
|
185 |
||
186 |
for (ByteBuffer buf : buffers) { |
|
187 |
while (buf.hasRemaining()) { |
|
188 |
long n = buf.getLong(); |
|
189 |
if (currval > (TOTAL_LONGS - 50)) { |
|
190 |
System.out.println("End: " + currval); |
|
191 |
} |
|
192 |
if (n != currval++) { |
|
193 |
System.out.println("ERROR at " + n + " != " + (currval - 1)); |
|
194 |
completion.completeExceptionally(new RuntimeException("ERROR")); |
|
195 |
subscription.cancel(); |
|
196 |
return; |
|
197 |
} |
|
198 |
} |
|
199 |
} |
|
200 |
||
201 |
counter.set(currval); |
|
202 |
if (currval >= TOTAL_LONGS) { |
|
203 |
allBytesReceived.countDown(); |
|
204 |
} |
|
205 |
} |
|
206 |
||
207 |
@Override |
|
208 |
public void onError(Throwable throwable) { |
|
209 |
System.out.println("EndSubscriber onError " + throwable); |
|
210 |
completion.completeExceptionally(throwable); |
|
211 |
allBytesReceived.countDown(); |
|
212 |
} |
|
213 |
||
214 |
@Override |
|
215 |
public void onComplete() { |
|
216 |
long n = counter.get(); |
|
217 |
if (n != nbytes) { |
|
218 |
System.out.printf("nbytes=%d n=%d\n", nbytes, n); |
|
219 |
completion.completeExceptionally(new RuntimeException("ERROR AT END")); |
|
220 |
} else { |
|
221 |
System.out.println("DONE OK"); |
|
222 |
completion.complete(null); |
|
223 |
} |
|
224 |
allBytesReceived.countDown(); |
|
225 |
} |
|
226 |
||
227 |
@Override |
|
228 |
public String toString() { |
|
229 |
return "EndSubscriber"; |
|
230 |
} |
|
231 |
} |
|
232 |
||
233 |
protected static SSLEngine createSSLEngine(boolean client) throws IOException { |
|
234 |
SSLContext context = (new SimpleSSLContext()).get(); |
|
235 |
SSLEngine engine = context.createSSLEngine(); |
|
236 |
SSLParameters params = context.getSupportedSSLParameters(); |
|
237 |
params.setProtocols(new String[]{"TLSv1.2"}); // TODO: This is essential. Needs to be protocol impl |
|
238 |
if (client) { |
|
239 |
params.setApplicationProtocols(new String[]{"proto1", "proto2"}); // server will choose proto2 |
|
240 |
} else { |
|
241 |
params.setApplicationProtocols(new String[]{"proto2"}); // server will choose proto2 |
|
242 |
} |
|
243 |
engine.setSSLParameters(params); |
|
244 |
engine.setUseClientMode(client); |
|
245 |
return engine; |
|
246 |
} |
|
247 |
||
248 |
/** |
|
249 |
* Creates a simple usable SSLContext for SSLSocketFactory or a HttpsServer |
|
250 |
* using either a given keystore or a default one in the test tree. |
|
251 |
* |
|
252 |
* Using this class with a security manager requires the following |
|
253 |
* permissions to be granted: |
|
254 |
* |
|
255 |
* permission "java.util.PropertyPermission" "test.src.path", "read"; |
|
256 |
* permission java.io.FilePermission "${test.src}/../../../../lib/testlibrary/jdk/testlibrary/testkeys", |
|
257 |
* "read"; The exact path above depends on the location of the test. |
|
258 |
*/ |
|
259 |
protected static class SimpleSSLContext { |
|
260 |
||
261 |
private final SSLContext ssl; |
|
262 |
||
263 |
/** |
|
264 |
* Loads default keystore from SimpleSSLContext source directory |
|
265 |
*/ |
|
266 |
public SimpleSSLContext() throws IOException { |
|
267 |
String paths = System.getProperty("test.src.path"); |
|
268 |
StringTokenizer st = new StringTokenizer(paths, File.pathSeparator); |
|
269 |
boolean securityExceptions = false; |
|
270 |
SSLContext sslContext = null; |
|
271 |
while (st.hasMoreTokens()) { |
|
272 |
String path = st.nextToken(); |
|
273 |
try { |
|
274 |
File f = new File(path, "../../../../lib/testlibrary/jdk/testlibrary/testkeys"); |
|
275 |
if (f.exists()) { |
|
276 |
try (FileInputStream fis = new FileInputStream(f)) { |
|
277 |
sslContext = init(fis); |
|
278 |
break; |
|
279 |
} |
|
280 |
} |
|
281 |
} catch (SecurityException e) { |
|
282 |
// catch and ignore because permission only required |
|
283 |
// for one entry on path (at most) |
|
284 |
securityExceptions = true; |
|
285 |
} |
|
286 |
} |
|
287 |
if (securityExceptions) { |
|
288 |
System.err.println("SecurityExceptions thrown on loading testkeys"); |
|
289 |
} |
|
290 |
ssl = sslContext; |
|
291 |
} |
|
292 |
||
293 |
private SSLContext init(InputStream i) throws IOException { |
|
294 |
try { |
|
295 |
char[] passphrase = "passphrase".toCharArray(); |
|
296 |
KeyStore ks = KeyStore.getInstance("JKS"); |
|
297 |
ks.load(i, passphrase); |
|
298 |
||
299 |
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); |
|
300 |
kmf.init(ks, passphrase); |
|
301 |
||
302 |
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); |
|
303 |
tmf.init(ks); |
|
304 |
||
305 |
SSLContext ssl = SSLContext.getInstance("TLS"); |
|
306 |
ssl.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
|
307 |
return ssl; |
|
308 |
} catch (KeyManagementException | KeyStoreException | |
|
309 |
UnrecoverableKeyException | CertificateException | |
|
310 |
NoSuchAlgorithmException e) { |
|
311 |
throw new RuntimeException(e.getMessage()); |
|
312 |
} |
|
313 |
} |
|
314 |
||
315 |
public SSLContext get() { |
|
316 |
return ssl; |
|
317 |
} |
|
318 |
} |
|
319 |
} |