8149922: Remove intermittent key from security tests
8150047: Remove SSLSession/SessionCacheSizeTests from ProblemList
Reviewed-by: xuelei
/*
* Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 4366807
* @summary Need new APIs to get/set session timeout and session cache size.
* @run main/othervm SessionCacheSizeTests
*/
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
import java.util.*;
import java.security.*;
/**
* Session cache size tests cover the following cases:
* 1. Effect of system property javax.net.ssl.SessionCacheSize (this
* property is not documented for public).
* 2. Reducing the cache size, results in uncaching of sessions if #of
* sessions present exceeds the new size.
* 3. Increasing the cache size, results in accomodating new sessions if the
* number of cached sessions is the current size limit.
*
* Invairant for passing this test is, at any given time,
* #cached_sessions <= current_cache_size , for current_cache_size > 0
*/
public class SessionCacheSizeTests {
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static boolean separateServerThread = true;
/*
* Where do we find the keystores?
*/
static String pathToStores = "../etc";
static String keyStoreFile = "keystore";
static String trustStoreFile = "truststore";
static String passwd = "passphrase";
/*
* Is the server ready to serve?
*/
volatile static boolean serverReady = false;
/*
* Turn on SSL debugging?
*/
static boolean debug = false;
/*
* If the client or server is doing some kind of object creation
* that the other side depends on, and that thread prematurely
* exits, you may experience a hang. The test harness will
* terminate all hung threads after its timeout has expired,
* currently 3 minutes by default, but you might try to be
* smart about it....
*/
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
/*
* A limit on the number of connections at any given time
*/
static int MAX_ACTIVE_CONNECTIONS = 4;
void doServerSide(int serverPort, int serverConns) throws Exception {
try (SSLServerSocket sslServerSocket =
(SSLServerSocket) sslssf.createServerSocket(serverPort)) {
// timeout to accept a connection
sslServerSocket.setSoTimeout(45000);
// make sure createdPorts++ is atomic
synchronized(serverPorts) {
serverPorts[createdPorts++] = sslServerSocket.getLocalPort();
/*
* Signal Client, we're ready for his connect.
*/
if (createdPorts == serverPorts.length) {
serverReady = true;
}
}
int read = 0;
int nConnections = 0;
/*
* Divide the max connections among the available server ports.
* The use of more than one server port ensures creation of more
* than one session.
*/
SSLSession sessions [] = new SSLSession [serverConns];
SSLSessionContext sessCtx = sslctx.getServerSessionContext();
while (nConnections < serverConns) {
try (SSLSocket sslSocket =
(SSLSocket)sslServerSocket.accept()) {
sslSocket.setSoTimeout(90000); // timeout to read
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
read = sslIS.read();
sessions[nConnections] = sslSocket.getSession();
sslOS.write(85);
sslOS.flush();
nConnections++;
}
}
}
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
int nConnections = 0;
SSLSocket sslSockets[] = new SSLSocket [MAX_ACTIVE_CONNECTIONS];
Vector sessions = new Vector();
SSLSessionContext sessCtx = sslctx.getClientSessionContext();
sessCtx.setSessionTimeout(0); // no limit
while (nConnections < (MAX_ACTIVE_CONNECTIONS - 1)) {
// divide the connections among the available server ports
sslSockets[nConnections] = (SSLSocket) sslsf.
createSocket("localhost",
serverPorts [nConnections % (serverPorts.length)]);
InputStream sslIS = sslSockets[nConnections].getInputStream();
OutputStream sslOS = sslSockets[nConnections].getOutputStream();
sslOS.write(237);
sslOS.flush();
int read = sslIS.read();
SSLSession sess = sslSockets[nConnections].getSession();
if (!sessions.contains(sess))
sessions.add(sess);
nConnections++;
}
System.out.println("Current cacheSize is set to: " +
sessCtx.getSessionCacheSize());
System.out.println();
System.out.println("Currently cached Sessions......");
System.out.println("============================================"
+ "============================");
System.out.println("Session "
+ " Session-last-accessTime");
System.out.println("============================================"
+ "============================");
checkCachedSessions(sessCtx, nConnections);
// Change session cache size
sessCtx.setSessionCacheSize(2);
System.out.println("Session cache size changed to: "
+ sessCtx.getSessionCacheSize());
System.out.println();
checkCachedSessions(sessCtx, nConnections);
// Test the effect of increasing the cache size
sessCtx.setSessionCacheSize(3);
System.out.println("Session cache size changed to: "
+ sessCtx.getSessionCacheSize());
// create a new session
sslSockets[nConnections] = (SSLSocket) sslsf.
createSocket("localhost",
serverPorts [nConnections % (serverPorts.length)]);
InputStream sslIS = sslSockets[nConnections].getInputStream();
OutputStream sslOS = sslSockets[nConnections].getOutputStream();
sslOS.write(237);
sslOS.flush();
int read = sslIS.read();
SSLSession sess = sslSockets[nConnections].getSession();
if (!sessions.contains(sess))
sessions.add(sess);
nConnections++;
// test the number of sessions cached against the cache size
checkCachedSessions(sessCtx, nConnections);
for (int i = 0; i < nConnections; i++) {
sslSockets[i].close();
}
System.out.println("Session cache size tests passed");
}
void checkCachedSessions(SSLSessionContext sessCtx,
int nConn) throws Exception {
int nSessions = 0;
Enumeration e = sessCtx.getIds();
int cacheSize = sessCtx.getSessionCacheSize();
SSLSession sess;
while (e.hasMoreElements()) {
sess = sessCtx.getSession((byte[]) e.nextElement());
long lastAccessedTime = sess.getLastAccessedTime();
System.out.println(sess + " "
+ new Date(lastAccessedTime));
nSessions++;
}
System.out.println("--------------------------------------------"
+ "----------------------------");
if ((cacheSize > 0) && (nSessions > cacheSize)) {
// close all active connections before exiting
for (int conn = nConn; conn < MAX_ACTIVE_CONNECTIONS; conn++) {
SSLSocket s = (SSLSocket) sslsf.createSocket("localhost",
serverPorts [conn % (serverPorts.length)]);
s.close();
}
throw new Exception("Session cache size test failed,"
+ " current cache size: " + cacheSize + " #sessions cached: "
+ nSessions);
}
}
/*
* =============================================================
* The remainder is just support stuff
*/
/*
* #of ports > 1, guarantees creation of more than one session.
* Using four ports (one per each connection), we are able to create
* alteast four sessions.
*/
int serverPorts[] = new int[]{0, 0, 0, 0}; // MAX_ACTIVE_CONNECTIONS: 4
int createdPorts = 0;
static SSLServerSocketFactory sslssf;
static SSLSocketFactory sslsf;
static SSLContext sslctx;
volatile Exception serverException = null;
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
String trustFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
System.setProperty("javax.net.ssl.trustStorePassword", passwd);
// test the effect of javax.net.ssl.sessionCacheSize
System.setProperty("javax.net.ssl.sessionCacheSize", String.valueOf(0));
sslctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keyFilename), passwd.toCharArray());
kmf.init(ks, passwd.toCharArray());
sslctx.init(kmf.getKeyManagers(), null, null);
sslssf = (SSLServerSocketFactory) sslctx.getServerSocketFactory();
sslsf = (SSLSocketFactory) sslctx.getSocketFactory();
if (debug)
System.setProperty("javax.net.debug", "all");
/*
* Start the tests.
*/
new SessionCacheSizeTests();
}
Thread clientThread = null;
Thread serverThread = null;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
SessionCacheSizeTests() throws Exception {
/*
* create the SSLServerSocket and SSLSocket factories
*/
/*
* Divide the max connections among the available server ports.
* The use of more than one server port ensures creation of more
* than one session.
*/
int serverConns = MAX_ACTIVE_CONNECTIONS / (serverPorts.length);
int remainingConns = MAX_ACTIVE_CONNECTIONS % (serverPorts.length);
Exception startException = null;
try {
if (separateServerThread) {
for (int i = 0; i < serverPorts.length; i++) {
// distribute remaining connections among the
// available ports
if (i < remainingConns)
startServer(serverPorts[i], (serverConns + 1), true);
else
startServer(serverPorts[i], serverConns, true);
}
startClient(false);
} else {
startClient(true);
for (int i = 0; i < serverPorts.length; i++) {
if (i < remainingConns)
startServer(serverPorts[i], (serverConns + 1), false);
else
startServer(serverPorts[i], serverConns, false);
}
}
} catch (Exception e) {
startException = e;
}
/*
* Wait for other side to close down.
*/
if (separateServerThread) {
if (serverThread != null) {
serverThread.join();
}
} else {
if (clientThread != null) {
clientThread.join();
}
}
/*
* When we get here, the test is pretty much over.
*/
Exception local;
Exception remote;
if (separateServerThread) {
remote = serverException;
local = clientException;
} else {
remote = clientException;
local = serverException;
}
Exception exception = null;
/*
* Check various exception conditions.
*/
if ((local != null) && (remote != null)) {
// If both failed, return the curthread's exception.
local.initCause(remote);
exception = local;
} else if (local != null) {
exception = local;
} else if (remote != null) {
exception = remote;
} else if (startException != null) {
exception = startException;
}
/*
* If there was an exception *AND* a startException,
* output it.
*/
if (exception != null) {
if (exception != startException && startException != null) {
exception.addSuppressed(startException);
}
throw exception;
}
// Fall-through: no exception to throw!
}
void startServer(final int port, final int nConns,
boolean newThread) throws Exception {
if (newThread) {
serverThread = new Thread() {
public void run() {
try {
doServerSide(port, nConns);
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died...");
e.printStackTrace();
serverReady = true;
serverException = e;
}
}
};
serverThread.start();
} else {
try {
doServerSide(port, nConns);
} catch (Exception e) {
serverException = e;
} finally {
serverReady = true;
}
}
}
void startClient(boolean newThread)
throws Exception {
if (newThread) {
clientThread = new Thread() {
public void run() {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died...");
clientException = e;
}
}
};
clientThread.start();
} else {
try {
doClientSide();
} catch (Exception e) {
clientException = e;
}
}
}
}