/*

 * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

// SunJSSE does not support dynamic system properties, no way to re-use

// system properties in samevm/agentvm mode.

/*

 * @test

 * @bug 4416068 4478803 4479736

 * @summary 4273544 JSSE request for function forceV3ClientHello()

 *          4479736 setEnabledProtocols API does not work correctly

 *          4478803 Need APIs to determine the protocol versions used in an SSL

 *                  session

 *          4701722 protocol mismatch exceptions should be consistent between

 *                  SSLv3 and TLSv1

 * @run main/othervm TestEnabledProtocols

 * @author Ram Marti

 */

import java.io.*;

import java.net.*;

import java.util.*;

import java.security.*;

import javax.net.ssl.*;

import java.security.cert.*;

public class TestEnabledProtocols {

    /*

     * For each of the valid protocols combinations, start a server thread

     * that sets up an SSLServerSocket supporting that protocol. Then run

     * a client thread that attemps to open a connection with all

     * possible protocol combinataion.  Verify that we get handshake

     * exceptions correctly. Whenever the connection is established

     * successfully, verify that the negotiated protocol was correct.

     * See results file in this directory for complete results.

     */

    static final String[][] protocolStrings = {

                                {"TLSv1"},

                                {"TLSv1", "SSLv2Hello"},

                                {"TLSv1", "SSLv3"},

                                {"SSLv3", "SSLv2Hello"},

                                {"SSLv3"},

                                {"TLSv1", "SSLv3", "SSLv2Hello"}

                                };

    static final boolean [][] eXceptionArray = {

        // Do we expect exception?       Protocols supported by the server

        { false, true,  false, true,  true,  true }, // TLSv1

        { false, false, false, true,  true,  false}, // TLSv1,SSLv2Hello

        { false, true,  false, true,  false, true }, // TLSv1,SSLv3

        { true,  true,  false, false, false, false}, // SSLv3, SSLv2Hello

        { true,  true,  false, true,  false, true }, // SSLv3

        { false, false, false, false, false, false } // TLSv1,SSLv3,SSLv2Hello

        };

    static final String[][] protocolSelected = {

        // TLSv1

        { "TLSv1",  null,   "TLSv1",  null,   null,     null },

        // TLSv1,SSLv2Hello

        { "TLSv1", "TLSv1", "TLSv1",  null,   null,    "TLSv1"},

        // TLSv1,SSLv3

        { "TLSv1",  null,   "TLSv1",  null,   "SSLv3",  null },

        // SSLv3, SSLv2Hello

        {  null,    null,   "SSLv3", "SSLv3", "SSLv3",  "SSLv3"},

        // SSLv3

        {  null,    null,   "SSLv3",  null,   "SSLv3",  null },

        // TLSv1,SSLv3,SSLv2Hello

        { "TLSv1", "TLSv1", "TLSv1", "SSLv3", "SSLv3", "TLSv1" }

    };

    /*

     * Where do we find the keystores?

     */

    final static String pathToStores = "../etc";

    static String passwd = "passphrase";

    static String keyStoreFile = "keystore";

    static String trustStoreFile = "truststore";

    /*

     * Is the server ready to serve?

     */

    volatile static boolean serverReady = false;

    /*

     * Turn on SSL debugging?

     */

    final static boolean debug = false;

    // use any free port by default

    volatile int serverPort = 0;

    volatile Exception clientException = null;

    public static void main(String[] args) throws Exception {

        // reset the security property to make sure that the algorithms

        // and keys used in this test are not disabled.

        Security.setProperty("jdk.tls.disabledAlgorithms", "");

        String keyFilename =

            System.getProperty("test.src", "./") + "/" + pathToStores +

                "/" + keyStoreFile;

        String trustFilename =

            System.getProperty("test.src", "./") + "/" + pathToStores +

                "/" + trustStoreFile;

        System.setProperty("javax.net.ssl.keyStore", keyFilename);

        System.setProperty("javax.net.ssl.keyStorePassword", passwd);

        System.setProperty("javax.net.ssl.trustStore", trustFilename);

        System.setProperty("javax.net.ssl.trustStorePassword", passwd);

        if (debug)

            System.setProperty("javax.net.debug", "all");

        new TestEnabledProtocols();

    }

    TestEnabledProtocols() throws Exception  {

        /*

         * Start the tests.

         */

        SSLServerSocketFactory sslssf =

            (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();

        SSLServerSocket sslServerSocket =

            (SSLServerSocket) sslssf.createServerSocket(serverPort);

        serverPort = sslServerSocket.getLocalPort();

        // sslServerSocket.setNeedClientAuth(true);

        for (int i = 0; i < protocolStrings.length; i++) {

            String [] serverProtocols = protocolStrings[i];

            startServer ss = new startServer(serverProtocols,

                sslServerSocket, protocolStrings.length);

            ss.setDaemon(true);

            ss.start();

            for (int j = 0; j < protocolStrings.length; j++) {

                String [] clientProtocols = protocolStrings[j];

                startClient sc = new startClient(

                    clientProtocols, serverProtocols,

                    eXceptionArray[i][j], protocolSelected[i][j]);

                sc.start();

                sc.join();

                if (clientException != null) {

                    ss.requestStop();

                    throw clientException;

                }

            }

            ss.requestStop();

            System.out.println("Waiting for the server to complete");

            ss.join();

        }

    }

    class startServer extends Thread  {

        private String[] enabledP = null;

        SSLServerSocket sslServerSocket = null;

        int numExpConns;

        volatile boolean stopRequested = false;

        public startServer(String[] enabledProtocols,

                            SSLServerSocket sslServerSocket,

                            int numExpConns) {

            super("Server Thread");

            serverReady = false;

            enabledP = enabledProtocols;

            this.sslServerSocket = sslServerSocket;

            sslServerSocket.setEnabledProtocols(enabledP);

            this.numExpConns = numExpConns;

        }

        public void requestStop() {

            stopRequested = true;

        }

        public void run() {

            int conns = 0;

            while (!stopRequested) {

                SSLSocket socket = null;

                try {

                    serverReady = true;

                    socket = (SSLSocket)sslServerSocket.accept();

                    conns++;

                    // set ready to false. this is just to make the

                    // client wait and synchronise exception messages

                    serverReady = false;

                    socket.startHandshake();

                    SSLSession session = socket.getSession();

                    session.invalidate();

                    InputStream in = socket.getInputStream();

                    OutputStream out = socket.getOutputStream();

                    out.write(280);

                    in.read();

                    socket.close();

                    // sleep for a while so that the server thread can be

                    // stopped

                    Thread.sleep(30);

                } catch (SSLHandshakeException se) {

                    // ignore it; this is part of the testing

                    // log it for debugging

                    System.out.println("Server SSLHandshakeException:");

                    se.printStackTrace(System.out);

                } catch (java.io.InterruptedIOException ioe) {

                    // must have been interrupted, no harm

                    break;

                } catch (java.lang.InterruptedException ie) {

                    // must have been interrupted, no harm

                    break;

                } catch (Exception e) {

                    System.out.println("Server exception:");

                    e.printStackTrace(System.out);

                    throw new RuntimeException(e);

                } finally {

                    try {

                        if (socket != null) {

                            socket.close();

                        }

                    } catch (IOException e) {

                        // ignore

                    }

                }

                if (conns >= numExpConns) {

                    break;

                }

            }

        }

    }

    private static void showProtocols(String name, String[] protocols) {

        System.out.println("Enabled protocols on the " + name + " are: " + Arrays.asList(protocols));

    }

    class startClient extends Thread {

        boolean hsCompleted = false;

        boolean exceptionExpected = false;

        private String[] enabledP = null;

        private String[] serverP = null; // used to print the result

        private String protocolToUse = null;

        startClient(String[] enabledProtocol,

                    String[] serverP,

                    boolean eXception,

                    String protocol) throws Exception {

            super("Client Thread");

            this.enabledP = enabledProtocol;

            this.serverP = serverP;

            this.exceptionExpected = eXception;

            this.protocolToUse = protocol;

        }

        public void run() {

            SSLSocket sslSocket = null;

            try {

                while (!serverReady) {

                    Thread.sleep(50);

                }

                System.out.flush();

                System.out.println("=== Starting new test run ===");

                showProtocols("server", serverP);

                showProtocols("client", enabledP);

                SSLSocketFactory sslsf =

                    (SSLSocketFactory)SSLSocketFactory.getDefault();

                sslSocket = (SSLSocket)

                    sslsf.createSocket("localhost", serverPort);

                sslSocket.setEnabledProtocols(enabledP);

                sslSocket.startHandshake();

                SSLSession session = sslSocket.getSession();

                session.invalidate();

                String protocolName = session.getProtocol();

                System.out.println("Protocol name after getSession is " +

                    protocolName);

                if (protocolName.equals(protocolToUse)) {

                    System.out.println("** Success **");

                } else {

                    System.out.println("** FAILURE ** ");

                    throw new RuntimeException

                        ("expected protocol " + protocolToUse +

                         " but using " + protocolName);

                }

                InputStream in = sslSocket.getInputStream();

                OutputStream out = sslSocket.getOutputStream();

                in.read();

                out.write(280);

                sslSocket.close();

            } catch (SSLHandshakeException e) {

                if (!exceptionExpected) {

                    System.out.println("Client got UNEXPECTED SSLHandshakeException:");

                    e.printStackTrace(System.out);

                    System.out.println("** FAILURE **");

                    clientException = e;

                } else {

                    System.out.println("Client got expected SSLHandshakeException:");

                    e.printStackTrace(System.out);

                    System.out.println("** Success **");

                }

            } catch (RuntimeException e) {

                clientException = e;

            } catch (Exception e) {

                System.out.println("Client got UNEXPECTED Exception:");

                e.printStackTrace(System.out);

                System.out.println("** FAILURE **");

                clientException = e;

            }

        }

    }

}