author | chegar |
Mon, 18 Jul 2016 08:28:48 +0100 | |
changeset 41579 | c0fe2e6364d9 |
parent 30820 | 0d4717a011d3 |
child 41595 | f1213215e135 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
10328 | 2 |
* Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. |
|
8 |
* |
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
13 |
* accompanied this code). |
|
14 |
* |
|
15 |
* You should have received a copy of the GNU General Public License version |
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 |
* |
|
5506 | 19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
20 |
* or visit www.oracle.com if you need additional information or have any |
|
21 |
* questions. |
|
2 | 22 |
*/ |
23 |
||
24 |
/* |
|
25 |
* @test |
|
41579 | 26 |
* @bug 4323990 4413069 8160838 |
2 | 27 |
* @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT |
10328 | 28 |
* Incorrect checking of proxy server response |
30820 | 29 |
* @modules java.base/sun.net.www |
41579 | 30 |
* @run main/othervm ProxyAuthTest fail |
31 |
* @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Basic ProxyAuthTest fail |
|
32 |
* @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Basic, ProxyAuthTest fail |
|
33 |
* @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=BAsIc ProxyAuthTest fail |
|
34 |
* @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Basic,Digest ProxyAuthTest fail |
|
35 |
* @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Unknown,bAsIc ProxyAuthTest fail |
|
36 |
* @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes= ProxyAuthTest succeed |
|
37 |
* @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=Digest,NTLM,Negotiate ProxyAuthTest succeed |
|
38 |
* @run main/othervm -Djdk.http.auth.tunneling.disabledSchemes=UNKNOWN,notKnown ProxyAuthTest succeed |
|
2 | 39 |
*/ |
40 |
||
41579 | 41 |
// No way to reserve and restore java.lang.Authenticator, as well as read-once |
42 |
// system properties, so this tests needs to run in othervm mode. |
|
43 |
||
2 | 44 |
import java.io.*; |
45 |
import java.net.*; |
|
46 |
import java.security.KeyStore; |
|
47 |
import javax.net.*; |
|
48 |
import javax.net.ssl.*; |
|
49 |
import java.security.cert.*; |
|
41579 | 50 |
import static java.nio.charset.StandardCharsets.US_ASCII; |
2 | 51 |
|
52 |
/* |
|
53 |
* ProxyAuthTest.java -- includes a simple server that can serve |
|
54 |
* Http get request in both clear and secure channel, and a client |
|
55 |
* that makes https requests behind the firewall through an |
|
56 |
* authentication proxy |
|
57 |
*/ |
|
58 |
||
59 |
public class ProxyAuthTest { |
|
60 |
/* |
|
61 |
* Where do we find the keystores? |
|
62 |
*/ |
|
23052
241885315119
8032473: Restructure JSSE regression test hierarchy in jdk test
xuelei
parents:
10328
diff
changeset
|
63 |
static String pathToStores = "../../../../../../javax/net/ssl/etc"; |
2 | 64 |
static String keyStoreFile = "keystore"; |
65 |
static String trustStoreFile = "truststore"; |
|
66 |
static String passwd = "passphrase"; |
|
67 |
||
68 |
volatile private static int serverPort = 0; |
|
69 |
||
70 |
/* |
|
71 |
* The TestServer implements a OriginServer that |
|
72 |
* processes HTTP requests and responses. |
|
73 |
*/ |
|
74 |
static class TestServer extends OriginServer { |
|
75 |
public TestServer(ServerSocket ss) throws Exception { |
|
76 |
super(ss); |
|
77 |
} |
|
78 |
||
79 |
/* |
|
80 |
* Returns an array of bytes containing the bytes for |
|
81 |
* the data sent in the response. |
|
82 |
* |
|
83 |
* @return bytes for the data in the response |
|
84 |
*/ |
|
85 |
public byte[] getBytes() { |
|
86 |
return "Proxy authentication for tunneling succeeded ..". |
|
41579 | 87 |
getBytes(US_ASCII); |
2 | 88 |
} |
89 |
} |
|
90 |
||
91 |
/* |
|
92 |
* Main method to create the server and the client |
|
93 |
*/ |
|
10328 | 94 |
public static void main(String args[]) throws Exception { |
41579 | 95 |
boolean expectSuccess; |
96 |
if (args[0].equals("succeed")) { |
|
97 |
expectSuccess = true; |
|
98 |
} else { |
|
99 |
expectSuccess = false; |
|
100 |
} |
|
101 |
||
2 | 102 |
String keyFilename = |
103 |
System.getProperty("test.src", "./") + "/" + pathToStores + |
|
104 |
"/" + keyStoreFile; |
|
105 |
String trustFilename = |
|
106 |
System.getProperty("test.src", "./") + "/" + pathToStores + |
|
107 |
"/" + trustStoreFile; |
|
108 |
||
109 |
System.setProperty("javax.net.ssl.keyStore", keyFilename); |
|
110 |
System.setProperty("javax.net.ssl.keyStorePassword", passwd); |
|
111 |
System.setProperty("javax.net.ssl.trustStore", trustFilename); |
|
112 |
System.setProperty("javax.net.ssl.trustStorePassword", passwd); |
|
113 |
||
114 |
boolean useSSL = true; |
|
115 |
/* |
|
116 |
* setup the server |
|
117 |
*/ |
|
41579 | 118 |
Closeable server; |
2 | 119 |
try { |
120 |
ServerSocketFactory ssf = |
|
121 |
ProxyAuthTest.getServerSocketFactory(useSSL); |
|
122 |
ServerSocket ss = ssf.createServerSocket(serverPort); |
|
123 |
serverPort = ss.getLocalPort(); |
|
41579 | 124 |
server = new TestServer(ss); |
2 | 125 |
} catch (Exception e) { |
126 |
System.out.println("Server side failed:" + |
|
127 |
e.getMessage()); |
|
128 |
throw e; |
|
129 |
} |
|
130 |
// trigger the client |
|
131 |
try { |
|
132 |
doClientSide(); |
|
41579 | 133 |
if (!expectSuccess) { |
134 |
throw new RuntimeException( |
|
135 |
"Expected exception/failure to connect, but succeeded."); |
|
136 |
} |
|
137 |
} catch (IOException e) { |
|
138 |
if (expectSuccess) { |
|
139 |
System.out.println("Client side failed: " + e.getMessage()); |
|
140 |
throw e; |
|
141 |
} |
|
142 |
||
143 |
if (! (e.getMessage().contains("Unable to tunnel through proxy") && |
|
144 |
e.getMessage().contains("407")) ) { |
|
145 |
throw new RuntimeException( |
|
146 |
"Expected exception about cannot tunnel, 407, etc, but got", e); |
|
147 |
} else { |
|
148 |
// Informative |
|
149 |
System.out.println("Caught expected exception: " + e.getMessage()); |
|
150 |
} |
|
151 |
} finally { |
|
152 |
if (server != null) |
|
153 |
server.close(); |
|
10328 | 154 |
} |
2 | 155 |
} |
156 |
||
157 |
private static ServerSocketFactory getServerSocketFactory |
|
158 |
(boolean useSSL) throws Exception { |
|
159 |
if (useSSL) { |
|
160 |
SSLServerSocketFactory ssf = null; |
|
161 |
// set up key manager to do server authentication |
|
162 |
SSLContext ctx; |
|
163 |
KeyManagerFactory kmf; |
|
164 |
KeyStore ks; |
|
165 |
char[] passphrase = passwd.toCharArray(); |
|
166 |
||
167 |
ctx = SSLContext.getInstance("TLS"); |
|
168 |
kmf = KeyManagerFactory.getInstance("SunX509"); |
|
169 |
ks = KeyStore.getInstance("JKS"); |
|
170 |
||
171 |
ks.load(new FileInputStream(System.getProperty( |
|
172 |
"javax.net.ssl.keyStore")), passphrase); |
|
173 |
kmf.init(ks, passphrase); |
|
174 |
ctx.init(kmf.getKeyManagers(), null, null); |
|
175 |
||
176 |
ssf = ctx.getServerSocketFactory(); |
|
177 |
return ssf; |
|
178 |
} else { |
|
179 |
return ServerSocketFactory.getDefault(); |
|
180 |
} |
|
181 |
} |
|
182 |
||
41579 | 183 |
static void doClientSide() throws IOException { |
2 | 184 |
/* |
185 |
* setup up a proxy with authentication information |
|
186 |
*/ |
|
41579 | 187 |
ProxyTunnelServer ps = setupProxy(); |
2 | 188 |
|
189 |
/* |
|
190 |
* we want to avoid URLspoofCheck failures in cases where the cert |
|
191 |
* DN name does not match the hostname in the URL. |
|
192 |
*/ |
|
193 |
HttpsURLConnection.setDefaultHostnameVerifier( |
|
194 |
new NameVerifier()); |
|
41579 | 195 |
|
196 |
InetSocketAddress paddr = new InetSocketAddress("localhost", ps.getPort()); |
|
197 |
Proxy proxy = new Proxy(Proxy.Type.HTTP, paddr); |
|
198 |
||
2 | 199 |
URL url = new URL("https://" + "localhost:" + serverPort |
200 |
+ "/index.html"); |
|
201 |
BufferedReader in = null; |
|
41579 | 202 |
HttpsURLConnection uc = (HttpsURLConnection) url.openConnection(proxy); |
2 | 203 |
try { |
41579 | 204 |
in = new BufferedReader(new InputStreamReader(uc.getInputStream())); |
2 | 205 |
String inputLine; |
206 |
System.out.print("Client recieved from the server: "); |
|
207 |
while ((inputLine = in.readLine()) != null) |
|
208 |
System.out.println(inputLine); |
|
209 |
in.close(); |
|
41579 | 210 |
} catch (IOException e) { |
211 |
// Assert that the error stream is not accessible from the failed |
|
212 |
// tunnel setup. |
|
213 |
if (uc.getErrorStream() != null) { |
|
214 |
throw new RuntimeException("Unexpected error stream."); |
|
215 |
} |
|
216 |
||
2 | 217 |
if (in != null) |
218 |
in.close(); |
|
219 |
throw e; |
|
220 |
} |
|
221 |
} |
|
222 |
||
223 |
static class NameVerifier implements HostnameVerifier { |
|
224 |
public boolean verify(String hostname, SSLSession session) { |
|
225 |
return true; |
|
226 |
} |
|
227 |
} |
|
228 |
||
41579 | 229 |
static ProxyTunnelServer setupProxy() throws IOException { |
2 | 230 |
ProxyTunnelServer pserver = new ProxyTunnelServer(); |
231 |
/* |
|
232 |
* register a system wide authenticator and setup the proxy for |
|
233 |
* authentication |
|
234 |
*/ |
|
235 |
Authenticator.setDefault(new TestAuthenticator()); |
|
236 |
||
237 |
// register with the username and password |
|
238 |
pserver.needUserAuth(true); |
|
239 |
pserver.setUserAuth("Test", "test123"); |
|
240 |
||
241 |
pserver.start(); |
|
41579 | 242 |
return pserver; |
2 | 243 |
} |
244 |
||
245 |
public static class TestAuthenticator extends Authenticator { |
|
246 |
||
247 |
public PasswordAuthentication getPasswordAuthentication() { |
|
248 |
return new PasswordAuthentication("Test", |
|
249 |
"test123".toCharArray()); |
|
250 |
} |
|
251 |
} |
|
252 |
} |