48083
|
1 |
/*
|
|
2 |
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
|
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
4 |
*
|
|
5 |
* This code is free software; you can redistribute it and/or modify it
|
|
6 |
* under the terms of the GNU General Public License version 2 only, as
|
|
7 |
* published by the Free Software Foundation.
|
|
8 |
*
|
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
13 |
* accompanied this code).
|
|
14 |
*
|
|
15 |
* You should have received a copy of the GNU General Public License version
|
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
18 |
*
|
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
20 |
* or visit www.oracle.com if you need additional information or have any
|
|
21 |
* questions.
|
|
22 |
*/
|
|
23 |
|
|
24 |
package jdk.incubator.http;
|
|
25 |
|
|
26 |
import jdk.incubator.http.internal.common.FlowTube;
|
|
27 |
import jdk.incubator.http.internal.common.SSLTube;
|
|
28 |
import jdk.incubator.http.internal.common.Utils;
|
|
29 |
import org.testng.annotations.Test;
|
|
30 |
|
|
31 |
import javax.net.ssl.KeyManagerFactory;
|
|
32 |
import javax.net.ssl.SSLContext;
|
|
33 |
import javax.net.ssl.SSLEngine;
|
|
34 |
import javax.net.ssl.SSLParameters;
|
|
35 |
import javax.net.ssl.TrustManagerFactory;
|
|
36 |
import java.io.File;
|
|
37 |
import java.io.FileInputStream;
|
|
38 |
import java.io.IOException;
|
|
39 |
import java.io.InputStream;
|
|
40 |
import java.nio.ByteBuffer;
|
|
41 |
import java.security.KeyManagementException;
|
|
42 |
import java.security.KeyStore;
|
|
43 |
import java.security.KeyStoreException;
|
|
44 |
import java.security.NoSuchAlgorithmException;
|
|
45 |
import java.security.UnrecoverableKeyException;
|
|
46 |
import java.security.cert.CertificateException;
|
|
47 |
import java.util.List;
|
|
48 |
import java.util.Random;
|
|
49 |
import java.util.StringTokenizer;
|
|
50 |
import java.util.concurrent.CompletableFuture;
|
|
51 |
import java.util.concurrent.CountDownLatch;
|
|
52 |
import java.util.concurrent.ExecutorService;
|
|
53 |
import java.util.concurrent.Flow;
|
|
54 |
import java.util.concurrent.ForkJoinPool;
|
|
55 |
import java.util.concurrent.SubmissionPublisher;
|
|
56 |
import java.util.concurrent.atomic.AtomicLong;
|
|
57 |
|
|
58 |
public class AbstractSSLTubeTest extends AbstractRandomTest {
|
|
59 |
|
|
60 |
public static final long COUNTER = 600;
|
|
61 |
public static final int LONGS_PER_BUF = 800;
|
|
62 |
public static final long TOTAL_LONGS = COUNTER * LONGS_PER_BUF;
|
|
63 |
public static final ByteBuffer SENTINEL = ByteBuffer.allocate(0);
|
|
64 |
// This is a hack to work around an issue with SubmissionPublisher.
|
|
65 |
// SubmissionPublisher will call onComplete immediately without forwarding
|
|
66 |
// remaining pending data if SubmissionPublisher.close() is called when
|
|
67 |
// there is no demand. In other words, it doesn't wait for the subscriber
|
|
68 |
// to pull all the data before calling onComplete.
|
|
69 |
// We use a CountDownLatch to figure out when it is safe to call close().
|
|
70 |
// This may cause the test to hang if data are buffered.
|
|
71 |
protected final CountDownLatch allBytesReceived = new CountDownLatch(1);
|
|
72 |
|
|
73 |
|
|
74 |
protected static ByteBuffer getBuffer(long startingAt) {
|
|
75 |
ByteBuffer buf = ByteBuffer.allocate(LONGS_PER_BUF * 8);
|
|
76 |
for (int j = 0; j < LONGS_PER_BUF; j++) {
|
|
77 |
buf.putLong(startingAt++);
|
|
78 |
}
|
|
79 |
buf.flip();
|
|
80 |
return buf;
|
|
81 |
}
|
|
82 |
|
|
83 |
protected void run(FlowTube server,
|
|
84 |
ExecutorService sslExecutor,
|
|
85 |
CountDownLatch allBytesReceived) throws IOException {
|
|
86 |
FlowTube client = new SSLTube(createSSLEngine(true),
|
|
87 |
sslExecutor,
|
|
88 |
server);
|
|
89 |
SubmissionPublisher<List<ByteBuffer>> p =
|
|
90 |
new SubmissionPublisher<>(ForkJoinPool.commonPool(),
|
|
91 |
Integer.MAX_VALUE);
|
|
92 |
FlowTube.TubePublisher begin = p::subscribe;
|
|
93 |
CompletableFuture<Void> completion = new CompletableFuture<>();
|
|
94 |
EndSubscriber end = new EndSubscriber(TOTAL_LONGS, completion, allBytesReceived);
|
|
95 |
client.connectFlows(begin, end);
|
|
96 |
/* End of wiring */
|
|
97 |
|
|
98 |
long count = 0;
|
|
99 |
System.out.printf("Submitting %d buffer arrays\n", COUNTER);
|
|
100 |
System.out.printf("LoopCount should be %d\n", TOTAL_LONGS);
|
|
101 |
for (long i = 0; i < COUNTER; i++) {
|
|
102 |
ByteBuffer b = getBuffer(count);
|
|
103 |
count += LONGS_PER_BUF;
|
|
104 |
p.submit(List.of(b));
|
|
105 |
}
|
|
106 |
System.out.println("Finished submission. Waiting for loopback");
|
|
107 |
completion.whenComplete((r,t) -> allBytesReceived.countDown());
|
|
108 |
try {
|
|
109 |
allBytesReceived.await();
|
|
110 |
} catch (InterruptedException e) {
|
|
111 |
throw new IOException(e);
|
|
112 |
}
|
|
113 |
p.close();
|
|
114 |
System.out.println("All bytes received: calling publisher.close()");
|
|
115 |
try {
|
|
116 |
completion.join();
|
|
117 |
System.out.println("OK");
|
|
118 |
} finally {
|
|
119 |
sslExecutor.shutdownNow();
|
|
120 |
}
|
|
121 |
}
|
|
122 |
|
|
123 |
protected static void sleep(long millis) {
|
|
124 |
try {
|
|
125 |
Thread.sleep(millis);
|
|
126 |
} catch (InterruptedException e) {
|
|
127 |
|
|
128 |
}
|
|
129 |
}
|
|
130 |
|
|
131 |
/**
|
|
132 |
* The final subscriber which receives the decrypted looped-back data. Just
|
|
133 |
* needs to compare the data with what was sent. The given CF is either
|
|
134 |
* completed exceptionally with an error or normally on success.
|
|
135 |
*/
|
|
136 |
protected static class EndSubscriber implements FlowTube.TubeSubscriber {
|
|
137 |
|
|
138 |
private static final int REQUEST_WINDOW = 13;
|
|
139 |
|
|
140 |
private final long nbytes;
|
|
141 |
private final AtomicLong counter = new AtomicLong();
|
|
142 |
private final CompletableFuture<?> completion;
|
|
143 |
private final CountDownLatch allBytesReceived;
|
|
144 |
private volatile Flow.Subscription subscription;
|
|
145 |
private long unfulfilled;
|
|
146 |
|
|
147 |
EndSubscriber(long nbytes, CompletableFuture<?> completion,
|
|
148 |
CountDownLatch allBytesReceived) {
|
|
149 |
this.nbytes = nbytes;
|
|
150 |
this.completion = completion;
|
|
151 |
this.allBytesReceived = allBytesReceived;
|
|
152 |
}
|
|
153 |
|
|
154 |
@Override
|
|
155 |
public void onSubscribe(Flow.Subscription subscription) {
|
|
156 |
this.subscription = subscription;
|
|
157 |
unfulfilled = REQUEST_WINDOW;
|
|
158 |
System.out.println("EndSubscriber request " + REQUEST_WINDOW);
|
|
159 |
subscription.request(REQUEST_WINDOW);
|
|
160 |
}
|
|
161 |
|
|
162 |
public static String info(List<ByteBuffer> i) {
|
|
163 |
StringBuilder sb = new StringBuilder();
|
|
164 |
sb.append("size: ").append(Integer.toString(i.size()));
|
|
165 |
int x = 0;
|
|
166 |
for (ByteBuffer b : i)
|
|
167 |
x += b.remaining();
|
|
168 |
sb.append(" bytes: ").append(x);
|
|
169 |
return sb.toString();
|
|
170 |
}
|
|
171 |
|
|
172 |
@Override
|
|
173 |
public void onNext(List<ByteBuffer> buffers) {
|
|
174 |
if (--unfulfilled == (REQUEST_WINDOW / 2)) {
|
|
175 |
long req = REQUEST_WINDOW - unfulfilled;
|
|
176 |
System.out.println("EndSubscriber request " + req);
|
|
177 |
unfulfilled = REQUEST_WINDOW;
|
|
178 |
subscription.request(req);
|
|
179 |
}
|
|
180 |
|
|
181 |
long currval = counter.get();
|
|
182 |
if (currval % 500 == 0) {
|
|
183 |
System.out.println("EndSubscriber: " + currval);
|
|
184 |
}
|
|
185 |
System.out.println("EndSubscriber onNext " + Utils.remaining(buffers));
|
|
186 |
|
|
187 |
for (ByteBuffer buf : buffers) {
|
|
188 |
while (buf.hasRemaining()) {
|
|
189 |
long n = buf.getLong();
|
|
190 |
if (currval > (TOTAL_LONGS - 50)) {
|
|
191 |
System.out.println("End: " + currval);
|
|
192 |
}
|
|
193 |
if (n != currval++) {
|
|
194 |
System.out.println("ERROR at " + n + " != " + (currval - 1));
|
|
195 |
completion.completeExceptionally(new RuntimeException("ERROR"));
|
|
196 |
subscription.cancel();
|
|
197 |
return;
|
|
198 |
}
|
|
199 |
}
|
|
200 |
}
|
|
201 |
|
|
202 |
counter.set(currval);
|
|
203 |
if (currval >= TOTAL_LONGS) {
|
|
204 |
allBytesReceived.countDown();
|
|
205 |
}
|
|
206 |
}
|
|
207 |
|
|
208 |
@Override
|
|
209 |
public void onError(Throwable throwable) {
|
|
210 |
System.out.println("EndSubscriber onError " + throwable);
|
|
211 |
completion.completeExceptionally(throwable);
|
|
212 |
allBytesReceived.countDown();
|
|
213 |
}
|
|
214 |
|
|
215 |
@Override
|
|
216 |
public void onComplete() {
|
|
217 |
long n = counter.get();
|
|
218 |
if (n != nbytes) {
|
|
219 |
System.out.printf("nbytes=%d n=%d\n", nbytes, n);
|
|
220 |
completion.completeExceptionally(new RuntimeException("ERROR AT END"));
|
|
221 |
} else {
|
|
222 |
System.out.println("DONE OK");
|
|
223 |
completion.complete(null);
|
|
224 |
}
|
|
225 |
allBytesReceived.countDown();
|
|
226 |
}
|
|
227 |
|
|
228 |
@Override
|
|
229 |
public String toString() {
|
|
230 |
return "EndSubscriber";
|
|
231 |
}
|
|
232 |
}
|
|
233 |
|
|
234 |
protected static SSLEngine createSSLEngine(boolean client) throws IOException {
|
|
235 |
SSLContext context = (new SimpleSSLContext()).get();
|
|
236 |
SSLEngine engine = context.createSSLEngine();
|
|
237 |
SSLParameters params = context.getSupportedSSLParameters();
|
|
238 |
params.setProtocols(new String[]{"TLSv1.2"}); // TODO: This is essential. Needs to be protocol impl
|
|
239 |
if (client) {
|
|
240 |
params.setApplicationProtocols(new String[]{"proto1", "proto2"}); // server will choose proto2
|
|
241 |
} else {
|
|
242 |
params.setApplicationProtocols(new String[]{"proto2"}); // server will choose proto2
|
|
243 |
}
|
|
244 |
engine.setSSLParameters(params);
|
|
245 |
engine.setUseClientMode(client);
|
|
246 |
return engine;
|
|
247 |
}
|
|
248 |
|
|
249 |
/**
|
|
250 |
* Creates a simple usable SSLContext for SSLSocketFactory or a HttpsServer
|
|
251 |
* using either a given keystore or a default one in the test tree.
|
|
252 |
*
|
|
253 |
* Using this class with a security manager requires the following
|
|
254 |
* permissions to be granted:
|
|
255 |
*
|
|
256 |
* permission "java.util.PropertyPermission" "test.src.path", "read";
|
|
257 |
* permission java.io.FilePermission "${test.src}/../../../../lib/testlibrary/jdk/testlibrary/testkeys",
|
|
258 |
* "read"; The exact path above depends on the location of the test.
|
|
259 |
*/
|
|
260 |
protected static class SimpleSSLContext {
|
|
261 |
|
|
262 |
private final SSLContext ssl;
|
|
263 |
|
|
264 |
/**
|
|
265 |
* Loads default keystore from SimpleSSLContext source directory
|
|
266 |
*/
|
|
267 |
public SimpleSSLContext() throws IOException {
|
|
268 |
String paths = System.getProperty("test.src.path");
|
|
269 |
StringTokenizer st = new StringTokenizer(paths, File.pathSeparator);
|
|
270 |
boolean securityExceptions = false;
|
|
271 |
SSLContext sslContext = null;
|
|
272 |
while (st.hasMoreTokens()) {
|
|
273 |
String path = st.nextToken();
|
|
274 |
try {
|
|
275 |
File f = new File(path, "../../../../lib/testlibrary/jdk/testlibrary/testkeys");
|
|
276 |
if (f.exists()) {
|
|
277 |
try (FileInputStream fis = new FileInputStream(f)) {
|
|
278 |
sslContext = init(fis);
|
|
279 |
break;
|
|
280 |
}
|
|
281 |
}
|
|
282 |
} catch (SecurityException e) {
|
|
283 |
// catch and ignore because permission only required
|
|
284 |
// for one entry on path (at most)
|
|
285 |
securityExceptions = true;
|
|
286 |
}
|
|
287 |
}
|
|
288 |
if (securityExceptions) {
|
|
289 |
System.err.println("SecurityExceptions thrown on loading testkeys");
|
|
290 |
}
|
|
291 |
ssl = sslContext;
|
|
292 |
}
|
|
293 |
|
|
294 |
private SSLContext init(InputStream i) throws IOException {
|
|
295 |
try {
|
|
296 |
char[] passphrase = "passphrase".toCharArray();
|
|
297 |
KeyStore ks = KeyStore.getInstance("JKS");
|
|
298 |
ks.load(i, passphrase);
|
|
299 |
|
|
300 |
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
|
|
301 |
kmf.init(ks, passphrase);
|
|
302 |
|
|
303 |
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
|
|
304 |
tmf.init(ks);
|
|
305 |
|
|
306 |
SSLContext ssl = SSLContext.getInstance("TLS");
|
|
307 |
ssl.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
|
|
308 |
return ssl;
|
|
309 |
} catch (KeyManagementException | KeyStoreException |
|
|
310 |
UnrecoverableKeyException | CertificateException |
|
|
311 |
NoSuchAlgorithmException e) {
|
|
312 |
throw new RuntimeException(e.getMessage());
|
|
313 |
}
|
|
314 |
}
|
|
315 |
|
|
316 |
public SSLContext get() {
|
|
317 |
return ssl;
|
|
318 |
}
|
|
319 |
}
|
|
320 |
}
|