test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/AbstractSSLTubeTest.java
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package jdk.internal.net.http;
import jdk.internal.net.http.common.FlowTube;
import jdk.internal.net.http.common.SSLTube;
import jdk.internal.net.http.common.Utils;
import org.testng.annotations.Test;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.List;
import java.util.StringTokenizer;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Flow;
import java.util.concurrent.ForkJoinPool;
import java.util.concurrent.SubmissionPublisher;
import java.util.concurrent.atomic.AtomicLong;
public class AbstractSSLTubeTest extends AbstractRandomTest {
public static final long COUNTER = 600;
public static final int LONGS_PER_BUF = 800;
public static final long TOTAL_LONGS = COUNTER * LONGS_PER_BUF;
public static final ByteBuffer SENTINEL = ByteBuffer.allocate(0);
// This is a hack to work around an issue with SubmissionPublisher.
// SubmissionPublisher will call onComplete immediately without forwarding
// remaining pending data if SubmissionPublisher.close() is called when
// there is no demand. In other words, it doesn't wait for the subscriber
// to pull all the data before calling onComplete.
// We use a CountDownLatch to figure out when it is safe to call close().
// This may cause the test to hang if data are buffered.
protected final CountDownLatch allBytesReceived = new CountDownLatch(1);
protected static ByteBuffer getBuffer(long startingAt) {
ByteBuffer buf = ByteBuffer.allocate(LONGS_PER_BUF * 8);
for (int j = 0; j < LONGS_PER_BUF; j++) {
buf.putLong(startingAt++);
}
buf.flip();
return buf;
}
protected void run(FlowTube server,
ExecutorService sslExecutor,
CountDownLatch allBytesReceived) throws IOException {
FlowTube client = new SSLTube(createSSLEngine(true),
sslExecutor,
server);
SubmissionPublisher<List<ByteBuffer>> p =
new SubmissionPublisher<>(ForkJoinPool.commonPool(),
Integer.MAX_VALUE);
FlowTube.TubePublisher begin = p::subscribe;
CompletableFuture<Void> completion = new CompletableFuture<>();
EndSubscriber end = new EndSubscriber(TOTAL_LONGS, completion, allBytesReceived);
client.connectFlows(begin, end);
/* End of wiring */
long count = 0;
System.out.printf("Submitting %d buffer arrays\n", COUNTER);
System.out.printf("LoopCount should be %d\n", TOTAL_LONGS);
for (long i = 0; i < COUNTER; i++) {
ByteBuffer b = getBuffer(count);
count += LONGS_PER_BUF;
p.submit(List.of(b));
}
System.out.println("Finished submission. Waiting for loopback");
completion.whenComplete((r,t) -> allBytesReceived.countDown());
try {
allBytesReceived.await();
} catch (InterruptedException e) {
throw new IOException(e);
}
p.close();
System.out.println("All bytes received: calling publisher.close()");
try {
completion.join();
System.out.println("OK");
} finally {
sslExecutor.shutdownNow();
}
}
protected static void sleep(long millis) {
try {
Thread.sleep(millis);
} catch (InterruptedException e) {
}
}
/**
* The final subscriber which receives the decrypted looped-back data. Just
* needs to compare the data with what was sent. The given CF is either
* completed exceptionally with an error or normally on success.
*/
protected static class EndSubscriber implements FlowTube.TubeSubscriber {
private static final int REQUEST_WINDOW = 13;
private final long nbytes;
private final AtomicLong counter = new AtomicLong();
private final CompletableFuture<?> completion;
private final CountDownLatch allBytesReceived;
private volatile Flow.Subscription subscription;
private long unfulfilled;
EndSubscriber(long nbytes, CompletableFuture<?> completion,
CountDownLatch allBytesReceived) {
this.nbytes = nbytes;
this.completion = completion;
this.allBytesReceived = allBytesReceived;
}
@Override
public void onSubscribe(Flow.Subscription subscription) {
this.subscription = subscription;
unfulfilled = REQUEST_WINDOW;
System.out.println("EndSubscriber request " + REQUEST_WINDOW);
subscription.request(REQUEST_WINDOW);
}
public static String info(List<ByteBuffer> i) {
StringBuilder sb = new StringBuilder();
sb.append("size: ").append(Integer.toString(i.size()));
int x = 0;
for (ByteBuffer b : i)
x += b.remaining();
sb.append(" bytes: ").append(x);
return sb.toString();
}
@Override
public void onNext(List<ByteBuffer> buffers) {
if (--unfulfilled == (REQUEST_WINDOW / 2)) {
long req = REQUEST_WINDOW - unfulfilled;
System.out.println("EndSubscriber request " + req);
unfulfilled = REQUEST_WINDOW;
subscription.request(req);
}
long currval = counter.get();
if (currval % 500 == 0) {
System.out.println("EndSubscriber: " + currval);
}
System.out.println("EndSubscriber onNext " + Utils.remaining(buffers));
for (ByteBuffer buf : buffers) {
while (buf.hasRemaining()) {
long n = buf.getLong();
if (currval > (TOTAL_LONGS - 50)) {
System.out.println("End: " + currval);
}
if (n != currval++) {
System.out.println("ERROR at " + n + " != " + (currval - 1));
completion.completeExceptionally(new RuntimeException("ERROR"));
subscription.cancel();
return;
}
}
}
counter.set(currval);
if (currval >= TOTAL_LONGS) {
allBytesReceived.countDown();
}
}
@Override
public void onError(Throwable throwable) {
System.out.println("EndSubscriber onError " + throwable);
completion.completeExceptionally(throwable);
allBytesReceived.countDown();
}
@Override
public void onComplete() {
long n = counter.get();
if (n != nbytes) {
System.out.printf("nbytes=%d n=%d\n", nbytes, n);
completion.completeExceptionally(new RuntimeException("ERROR AT END"));
} else {
System.out.println("DONE OK");
completion.complete(null);
}
allBytesReceived.countDown();
}
@Override
public String toString() {
return "EndSubscriber";
}
}
protected static SSLEngine createSSLEngine(boolean client) throws IOException {
SSLContext context = (new SimpleSSLContext()).get();
SSLEngine engine = context.createSSLEngine();
SSLParameters params = context.getSupportedSSLParameters();
params.setProtocols(new String[]{"TLSv1.2"}); // TODO: This is essential. Needs to be protocol impl
if (client) {
params.setApplicationProtocols(new String[]{"proto1", "proto2"}); // server will choose proto2
} else {
params.setApplicationProtocols(new String[]{"proto2"}); // server will choose proto2
}
engine.setSSLParameters(params);
engine.setUseClientMode(client);
return engine;
}
/**
* Creates a simple usable SSLContext for SSLSocketFactory or a HttpsServer
* using either a given keystore or a default one in the test tree.
*
* Using this class with a security manager requires the following
* permissions to be granted:
*
* permission "java.util.PropertyPermission" "test.src.path", "read";
* permission java.io.FilePermission "${test.src}/../../../../lib/testlibrary/jdk/testlibrary/testkeys",
* "read"; The exact path above depends on the location of the test.
*/
protected static class SimpleSSLContext {
private final SSLContext ssl;
/**
* Loads default keystore from SimpleSSLContext source directory
*/
public SimpleSSLContext() throws IOException {
String paths = System.getProperty("test.src.path");
StringTokenizer st = new StringTokenizer(paths, File.pathSeparator);
boolean securityExceptions = false;
SSLContext sslContext = null;
while (st.hasMoreTokens()) {
String path = st.nextToken();
try {
File f = new File(path, "../../../../lib/testlibrary/jdk/testlibrary/testkeys");
if (f.exists()) {
try (FileInputStream fis = new FileInputStream(f)) {
sslContext = init(fis);
break;
}
}
} catch (SecurityException e) {
// catch and ignore because permission only required
// for one entry on path (at most)
securityExceptions = true;
}
}
if (securityExceptions) {
System.err.println("SecurityExceptions thrown on loading testkeys");
}
ssl = sslContext;
}
private SSLContext init(InputStream i) throws IOException {
try {
char[] passphrase = "passphrase".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(i, passphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
SSLContext ssl = SSLContext.getInstance("TLS");
ssl.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
return ssl;
} catch (KeyManagementException | KeyStoreException |
UnrecoverableKeyException | CertificateException |
NoSuchAlgorithmException e) {
throw new RuntimeException(e.getMessage());
}
}
public SSLContext get() {
return ssl;
}
}
}