# HG changeset patch # User kshefov # Date 1433496156 -10800 # Node ID babdeee3c007338cefb7a398e7cd646c335efa09 # Parent 5b500c93ce4822d47061cd518ff3f72d9d8cb5b5 8072515: Test Task: Develop new tests for JEP 219: Datagram Transport Layer Security (DTLS) Reviewed-by: xuelei, asmotrak, rhalade diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSBufferOverflowUnderflowTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSBufferOverflowUnderflowTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS buffer overflow and underflow status when dealing with + * application data. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm DTLSBufferOverflowUnderflowTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm_sni DTLSBufferOverflowUnderflowTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=krb DTLSBufferOverflowUnderflowTest + */ + +/** + * Testing DTLS incorrect app data packages unwrapping. + */ +public class DTLSBufferOverflowUnderflowTest { + public static void main(String[] args) { + BufferOverflowUnderflowTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSDataExchangeTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSDataExchangeTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS application data exchange using each of the supported + * cipher suites. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm DTLSDataExchangeTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm_sni DTLSDataExchangeTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=krb DTLSDataExchangeTest + */ + +/** + * Testing DTLS application data exchange using each of the supported cipher + * suites. + */ +public class DTLSDataExchangeTest { + public static void main(String[] args) { + DataExchangeTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSEnginesClosureTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSEnginesClosureTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines closing using each of the supported + * cipher suites. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm DTLSEnginesClosureTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm_sni DTLSEnginesClosureTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=krb DTLSEnginesClosureTest + */ + +/** + * Testing DTLS engines closing using each of the supported cipher suites. + */ +public class DTLSEnginesClosureTest { + public static void main(String[] args) { + EnginesClosureTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSHandshakeTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSHandshakeTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines handshake using each of the supported + * cipher suites. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm DTLSHandshakeTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm_sni DTLSHandshakeTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=krb DTLSHandshakeTest + */ + +/** + * Testing DTLS engines handshake using each of the supported cipher suites. + */ +public class DTLSHandshakeTest { + public static void main(String[] args) { + HandshakeTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines handshake using each of the supported + * cipher suites with replicated packets check. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm DTLSHandshakeWithReplicatedPacketsTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm_sni DTLSHandshakeWithReplicatedPacketsTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=krb DTLSHandshakeWithReplicatedPacketsTest + */ + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLException; + +/** + * Testing DTLS engines handshake using each of the supported cipher suites with + * replicated packets check. + */ +public class DTLSHandshakeWithReplicatedPacketsTest extends SSLEngineTestCase { + + private static String testMode; + + public static void main(String[] args) { + DTLSHandshakeWithReplicatedPacketsTest test + = new DTLSHandshakeWithReplicatedPacketsTest(); + setUpAndStartKDCIfNeeded(); + test.runTests(); + } + + @Override + protected void testOneCipher(String cipher) throws SSLException { + SSLContext context = getContext(); + int maxPacketSize = getMaxPacketSize(); + boolean useSNI = !TEST_MODE.equals("norm"); + SSLEngine clientEngine = getClientSSLEngine(context, useSNI); + SSLEngine serverEngine = getServerSSLEngine(context, useSNI); + clientEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setNeedClientAuth(!cipher.contains("anon")); + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.INITIAL_HANDSHAKE, true); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,101 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS incorrect app data packages unwrapping. + * @key randomness + * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm DTLSIncorrectAppDataTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm_sni DTLSIncorrectAppDataTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=krb DTLSIncorrectAppDataTest + */ + +import java.nio.ByteBuffer; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLEngineResult; +import javax.net.ssl.SSLException; +import java.util.Random; +import jdk.testlibrary.RandomFactory; + +/** + * Testing DTLS incorrect app data packages unwrapping. Incorrect application + * data packages should be ignored by DTLS SSLEngine. + */ +public class DTLSIncorrectAppDataTest extends SSLEngineTestCase { + + private final String MESSAGE = "Hello peer!"; + + public static void main(String[] s) { + DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest(); + setUpAndStartKDCIfNeeded(); + test.runTests(); + } + + @Override + protected void testOneCipher(String cipher) { + SSLContext context = getContext(); + int maxPacketSize = getMaxPacketSize(); + boolean useSNI = !TEST_MODE.equals("norm"); + SSLEngine clientEngine = getClientSSLEngine(context, useSNI); + SSLEngine serverEngine = getServerSSLEngine(context, useSNI); + clientEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setNeedClientAuth(!cipher.contains("anon")); + try { + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.INITIAL_HANDSHAKE); + checkIncorrectAppDataUnwrap(clientEngine, serverEngine); + checkIncorrectAppDataUnwrap(serverEngine, clientEngine); + } catch (SSLException ssle) { + throw new AssertionError("Error during handshake or sending app data", + ssle); + } + } + + private void checkIncorrectAppDataUnwrap(SSLEngine sendEngine, + SSLEngine recvEngine) throws SSLException { + String direction = sendEngine.getUseClientMode() ? "client" + : "server"; + System.out.println("=================================================" + + "==========="); + System.out.println("Testing DTLS incorrect app data packages unwrapping" + + " by sending data from " + direction); + ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes()); + ByteBuffer net = doWrap(sendEngine, direction, 0, app); + final Random RNG = RandomFactory.getRandom(); + int randomPlace = RNG.nextInt(net.remaining()); + net.array()[randomPlace] += 1; + app = ByteBuffer.allocate(recvEngine.getSession() + .getApplicationBufferSize()); + recvEngine.unwrap(net, app); + app.flip(); + int length = app.remaining(); + System.out.println("Unwrapped " + length + " bytes."); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSMFLNTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSMFLNTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines handshake using each of the supported + * cipher suites with different maximum fragment length. Testing of + * MFLN extension. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm DTLSMFLNTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm_sni DTLSMFLNTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=krb DTLSMFLNTest + */ + +/** + * Testing DTLS engines handshake using each of the supported cipher suites with + * different maximum fragment length. Testing of MFLN extension. + */ +public class DTLSMFLNTest { + public static void main(String[] args) { + MFLNTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSNotEnabledRC4Test.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSNotEnabledRC4Test.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines do not enable RC4 ciphers by default. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS DTLSNotEnabledRC4Test + */ + +/** + * Testing DTLS engines do not enable RC4 ciphers by default. + */ +public class DTLSNotEnabledRC4Test { + public static void main(String[] args) throws Exception { + NotEnabledRC4Test.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSRehandshakeTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSRehandshakeTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines re-handshaking using each of the supported + * cipher suites. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm DTLSRehandshakeTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm_sni DTLSRehandshakeTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=krb DTLSRehandshakeTest + */ + +/** + * Testing DTLS engines re-handshaking using each of the supported cipher + * suites. + */ +public class DTLSRehandshakeTest { + public static void main(String[] args) { + RehandshakeTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSRehandshakeWithCipherChangeTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSRehandshakeWithCipherChangeTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines re-handshaking with cipher change. New cipher + * is taken randomly from the supporetd ciphers list. + * @key randomness + * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS + * DTLSRehandshakeWithCipherChangeTest + */ + +/** + * Testing DTLS engines re-handshaking with cipher change. New cipher is taken + * randomly from the supported ciphers list. + */ +public class DTLSRehandshakeWithCipherChangeTest { + public static void main(String[] args) { + RehandshakeWithCipherChangeTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSRehandshakeWithDataExTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSRehandshakeWithDataExTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines re-handshaking using each of the supported + * cipher suites with application data exchange before and after + * re-handshake and closing of the engines. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm DTLSRehandshakeWithDataExTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm_sni DTLSRehandshakeWithDataExTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=krb DTLSRehandshakeWithDataExTest + */ + +/** + * Testing DTLS engines re-handshaking using each of the supported cipher suites + * with application data exchange before and after re-handshake and closing of + * the engines. + */ +public class DTLSRehandshakeWithDataExTest { + public static void main(String[] args) { + RehandshakeWithDataExTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,176 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS records sequence number property support in application + * data exchange. + * @key randomness + * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm DTLSSequenceNumberTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm_sni DTLSSequenceNumberTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=krb DTLSSequenceNumberTest + */ + +import java.nio.ByteBuffer; +import java.util.TreeMap; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLEngineResult; +import javax.net.ssl.SSLException; +import java.util.Random; +import jdk.testlibrary.RandomFactory; + +/** + * Testing DTLS records sequence number property support in application data + * exchange. + */ +public class DTLSSequenceNumberTest extends SSLEngineTestCase { + + private final String BIG_MESSAGE = "Very very big message. One two three" + + " four five six seven eight nine ten eleven twelve thirteen" + + " fourteen fifteen sixteen seventeen eighteen nineteen twenty."; + private final byte[] BIG_MESSAGE_BYTES = BIG_MESSAGE.getBytes(); + private final int PIECES_NUMBER = 15; + + public static void main(String[] args) { + DTLSSequenceNumberTest test = new DTLSSequenceNumberTest(); + setUpAndStartKDCIfNeeded(); + test.runTests(); + } + + @Override + protected void testOneCipher(String cipher) throws SSLException { + SSLContext context = getContext(); + int maxPacketSize = getMaxPacketSize(); + boolean useSNI = !TEST_MODE.equals("norm"); + SSLEngine clientEngine = getClientSSLEngine(context, useSNI); + SSLEngine serverEngine = getServerSSLEngine(context, useSNI); + clientEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setNeedClientAuth(!cipher.contains("anon")); + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.INITIAL_HANDSHAKE); + checkSeqNumPropertyWithAppDataSend(clientEngine, serverEngine); + checkSeqNumPropertyWithAppDataSend(serverEngine, clientEngine); + } + + private void checkSeqNumPropertyWithAppDataSend(SSLEngine sendEngine, + SSLEngine recvEngine) throws SSLException { + String sender, reciever; + if (sendEngine.getUseClientMode() && !recvEngine.getUseClientMode()) { + sender = "Client"; + reciever = "Server"; + } else if (recvEngine.getUseClientMode() && !sendEngine.getUseClientMode()) { + sender = "Server"; + reciever = "Client"; + } else { + throw new Error("Both engines are in the same mode"); + } + System.out.println("=================================================" + + "==========="); + System.out.println("Checking DTLS sequence number support" + + " by sending data from " + sender + " to " + reciever); + ByteBuffer[] sentMessages = new ByteBuffer[PIECES_NUMBER]; + ByteBuffer[] netBuffers = new ByteBuffer[PIECES_NUMBER]; + TreeMap recvMap = new TreeMap<>(Long::compareUnsigned); + int symbolsInAMessage; + int symbolsInTheLastMessage; + int[] recievingSequence = new int[PIECES_NUMBER]; + for (int i = 0; i < PIECES_NUMBER; i++) { + recievingSequence[i] = i; + } + shuffleArray(recievingSequence); + if (BIG_MESSAGE.length() % PIECES_NUMBER == 0) { + symbolsInAMessage = BIG_MESSAGE.length() / PIECES_NUMBER; + symbolsInTheLastMessage = symbolsInAMessage; + } else { + symbolsInAMessage = BIG_MESSAGE.length() / (PIECES_NUMBER - 1); + symbolsInTheLastMessage = BIG_MESSAGE.length() % (PIECES_NUMBER - 1); + } + for (int i = 0; i < PIECES_NUMBER - 1; i++) { + sentMessages[i] = ByteBuffer.wrap(BIG_MESSAGE_BYTES, + i * symbolsInAMessage, symbolsInAMessage); + } + sentMessages[PIECES_NUMBER - 1] = ByteBuffer.wrap(BIG_MESSAGE_BYTES, + (PIECES_NUMBER - 1) * symbolsInAMessage, symbolsInTheLastMessage); + long prevSeqNum = 0L; + //Wrapping massages in direct order + for (int i = 0; i < PIECES_NUMBER; i++) { + netBuffers[i] = ByteBuffer.allocate(sendEngine.getSession() + .getPacketBufferSize()); + SSLEngineResult[] r = new SSLEngineResult[1]; + netBuffers[i] = doWrap(sendEngine, sender, 0, sentMessages[i], r); + long seqNum = r[0].sequenceNumber(); + if (Long.compareUnsigned(seqNum, prevSeqNum) <= 0) { + throw new AssertionError("Sequence number of the wrapped " + + "message is less or equal than that of the" + + " previous one! " + + "Was " + prevSeqNum + ", now " + seqNum + "."); + } + prevSeqNum = seqNum; + } + //Unwrapping messages in random order and trying to reconstruct order + //from sequence number. + for (int i = 0; i < PIECES_NUMBER; i++) { + int recvNow = recievingSequence[i]; + SSLEngineResult[] r = new SSLEngineResult[1]; + ByteBuffer recvMassage = doUnWrap(recvEngine, reciever, + netBuffers[recvNow], r); + long seqNum = r[0].sequenceNumber(); + recvMap.put(seqNum, recvMassage); + } + int mapSize = recvMap.size(); + if (mapSize != PIECES_NUMBER) { + throw new AssertionError("The number of received massages " + + mapSize + " is not equal to the number of sent messages " + + PIECES_NUMBER + "!"); + } + byte[] recvBigMsgBytes = new byte[BIG_MESSAGE_BYTES.length]; + int counter = 0; + for (ByteBuffer msg : recvMap.values()) { + System.arraycopy(msg.array(), 0, recvBigMsgBytes, + counter * symbolsInAMessage, msg.remaining()); + counter++; + } + String recvBigMsg = new String(recvBigMsgBytes); + if (!recvBigMsg.equals(BIG_MESSAGE)) { + throw new AssertionError("Received big message is not equal to" + + " one that was sent! Received message is: " + recvBigMsg); + } + } + + private static void shuffleArray(int[] ar) { + final Random RNG = RandomFactory.getRandom(); + for (int i = ar.length - 1; i > 0; i--) { + int index = RNG.nextInt(i + 1); + int a = ar[index]; + ar[index] = ar[i]; + ar[i] = a; + } + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/DTLSUnSupportedCiphersTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/DTLSUnSupportedCiphersTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing that try to enable unsupported ciphers + * causes IllegalArgumentException. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLS DTLSUnSupportedCiphersTest + */ + +/** + * Testing that a try to enable unsupported ciphers causes IllegalArgumentException. + */ +public class DTLSUnSupportedCiphersTest { + public static void main(String[] args) { + UnSupportedCiphersTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLS/TEST.properties --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLS/TEST.properties Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,1 @@ +modules=java.base java.security.jgss diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10BufferOverflowUnderflowTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10BufferOverflowUnderflowTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS buffer overflow and underflow status when dealing with + * application data. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm DTLSv10BufferOverflowUnderflowTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm_sni DTLSv10BufferOverflowUnderflowTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=krb DTLSv10BufferOverflowUnderflowTest + */ + +/** + * Testing DTLS incorrect app data packages unwrapping. + */ +public class DTLSv10BufferOverflowUnderflowTest { + public static void main(String[] args) { + BufferOverflowUnderflowTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10DataExchangeTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10DataExchangeTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS application data exchange using each of the supported + * cipher suites. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm DTLSv10DataExchangeTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm_sni DTLSv10DataExchangeTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=krb DTLSv10DataExchangeTest + */ + +/** + * Testing DTLS application data exchange using each of the supported cipher + * suites. + */ +public class DTLSv10DataExchangeTest { + public static void main(String[] args) { + DataExchangeTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10EnginesClosureTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10EnginesClosureTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines closing using each of the supported + * cipher suites. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm DTLSv10EnginesClosureTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm_sni DTLSv10EnginesClosureTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=krb DTLSv10EnginesClosureTest + */ + +/** + * Testing DTLS engines closing using each of the supported cipher suites. + */ +public class DTLSv10EnginesClosureTest { + public static void main(String[] args) { + EnginesClosureTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10HandshakeTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10HandshakeTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines handshake using each of the supported + * cipher suites. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm DTLSv10HandshakeTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm_sni DTLSv10HandshakeTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=krb DTLSv10HandshakeTest + */ + +/** + * Testing DTLS engines handshake using each of the supported cipher suites. + */ +public class DTLSv10HandshakeTest { + public static void main(String[] args) { + HandshakeTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10HandshakeWithReplicatedPacketsTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10HandshakeWithReplicatedPacketsTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines handshake using each of the supported + * cipher suites with replicated packets check. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon /javax/net/ssl/DTLS + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm DTLSv10HandshakeWithReplicatedPacketsTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm_sni DTLSv10HandshakeWithReplicatedPacketsTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=krb DTLSv10HandshakeWithReplicatedPacketsTest + */ + +/** + * Testing DTLS engines handshake using each of the supported cipher suites with + * replicated packets check. + */ +public class DTLSv10HandshakeWithReplicatedPacketsTest { + public static void main(String[] args) { + DTLSHandshakeWithReplicatedPacketsTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10IncorrectAppDataTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10IncorrectAppDataTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS incorrect app data packages unwrapping. + * @key randomness + * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon /javax/net/ssl/DTLS + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm DTLSIncorrectAppDataTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm_sni DTLSIncorrectAppDataTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=krb DTLSIncorrectAppDataTest + */ + +/** + * Testing DTLS incorrect app data packages unwrapping. Incorrect application + * data packages should be ignored by DTLS SSLEngine. + */ +public class DTLSv10IncorrectAppDataTest { + public static void main(String[] args) { + DTLSIncorrectAppDataTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10MFLNTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10MFLNTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines handshake using each of the supported + * cipher suites with different maximum fragment length. Testing of + * MFLN extension. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm DTLSv10MFLNTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm_sni DTLSv10MFLNTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=krb DTLSv10MFLNTest + */ + +/** + * Testing DTLS engines handshake using each of the supported cipher suites with + * different maximum fragment length. Testing of MFLN extension. + */ +public class DTLSv10MFLNTest { + public static void main(String[] args) { + MFLNTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10NotEnabledRC4Test.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10NotEnabledRC4Test.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines do not enable RC4 ciphers by default. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 DTLSv10NotEnabledRC4Test + */ + +/** + * Testing DTLS engines do not enable RC4 ciphers by default. + */ +public class DTLSv10NotEnabledRC4Test { + public static void main(String[] args) throws Exception { + NotEnabledRC4Test.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines re-handshaking using each of the supported + * cipher suites. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm DTLSv10RehandshakeTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm_sni DTLSv10RehandshakeTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=krb DTLSv10RehandshakeTest + */ + +/** + * Testing DTLS engines re-handshaking using each of the supported cipher + * suites. + */ +public class DTLSv10RehandshakeTest { + public static void main(String[] args) { + RehandshakeTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithCipherChangeTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithCipherChangeTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines re-handshaking with cipher change. New cipher + * is taken randomly from the supporetd ciphers list. + * @key randomness + * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * DTLSv10RehandshakeWithCipherChangeTest + */ + +/** + * Testing DTLS engines re-handshaking with cipher change. New cipher is taken + * randomly from the supported ciphers list. + */ +public class DTLSv10RehandshakeWithCipherChangeTest { + public static void main(String[] args) { + RehandshakeWithCipherChangeTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithDataExTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithDataExTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS engines re-handshaking using each of the supported + * cipher suites with application data exchange before and after + * re-handshake and closing of the engines. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm DTLSv10RehandshakeWithDataExTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm_sni DTLSv10RehandshakeWithDataExTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=krb DTLSv10RehandshakeWithDataExTest + */ + +/** + * Testing DTLS engines re-handshaking using each of the supported cipher suites + * with application data exchange before and after re-handshake and closing of + * the engines. + */ +public class DTLSv10RehandshakeWithDataExTest { + public static void main(String[] args) { + RehandshakeWithDataExTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10SequenceNumberTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10SequenceNumberTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing DTLS records sequence number property support in application + * data exchange. + * @key randomness + * @library /sun/security/krb5/auto /lib/testlibrary /javax/net/ssl/TLSCommon /javax/net/ssl/DTLS + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm DTLSv10SequenceNumberTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=norm_sni DTLSv10SequenceNumberTest + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * -Dtest.mode=krb DTLSv10SequenceNumberTest + */ + +/** + * Testing DTLS records sequence number property support in application data + * exchange. + */ +public class DTLSv10SequenceNumberTest { + public static void main(String[] args) { + DTLSHandshakeWithReplicatedPacketsTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/DTLSv10UnSupportedCiphersTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/DTLSv10UnSupportedCiphersTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8043758 + * @summary Testing that try to enable unsupported ciphers + * causes IllegalArgumentException. + * @library /sun/security/krb5/auto /javax/net/ssl/TLSCommon + * @run main/othervm -Dtest.security.protocol=DTLSv1.0 + * DTLSv10UnSupportedCiphersTest + */ + +/** + * Testing that a try to enable unsupported ciphers causes IllegalArgumentException. + */ +public class DTLSv10UnSupportedCiphersTest { + public static void main(String[] args) { + UnSupportedCiphersTest.main(args); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/DTLSv10/TEST.properties --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/DTLSv10/TEST.properties Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,1 @@ +modules=java.base java.security.jgss diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/TLSCommon/BufferOverflowUnderflowTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/TLSCommon/BufferOverflowUnderflowTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,135 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.nio.ByteBuffer; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLEngineResult; +import javax.net.ssl.SSLException; + +/** + * Testing SSLEngine incorrect app data packages unwrapping. + */ +public class BufferOverflowUnderflowTest extends SSLEngineTestCase { + + private final String MESSAGE = "Hello peer!"; + + public static void main(String[] args) { + BufferOverflowUnderflowTest test = new BufferOverflowUnderflowTest(); + setUpAndStartKDCIfNeeded(); + test.runTests(); + } + + @Override + protected void testOneCipher(String cipher) throws SSLException { + SSLContext context = getContext(); + int maxPacketSize = getMaxPacketSize(); + boolean useSNI = !TEST_MODE.equals("norm"); + SSLEngine clientEngine = getClientSSLEngine(context, useSNI); + SSLEngine serverEngine = getServerSSLEngine(context, useSNI); + clientEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setNeedClientAuth(!cipher.contains("anon")); + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.INITIAL_HANDSHAKE); + checkBufferOverflowOnWrap(clientEngine); + checkBufferOverflowOnWrap(serverEngine); + checkBufferOverflowOnUnWrap(clientEngine, serverEngine); + checkBufferOverflowOnUnWrap(serverEngine, clientEngine); + checkBufferUnderflowOnUnWrap(serverEngine, clientEngine); + checkBufferUnderflowOnUnWrap(clientEngine, serverEngine); + } + + private void checkBufferOverflowOnWrap(SSLEngine engine) + throws SSLException { + String mode = engine.getUseClientMode() ? "client" + : "server"; + System.out.println("=================================================" + + "==========="); + System.out.println("Testing SSLEngine buffer overflow" + + " on wrap by " + mode); + ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes()); + //Making net buffer size less than required by 1 byte. + ByteBuffer net = ByteBuffer + .allocate(engine.getSession().getPacketBufferSize() - 1); + SSLEngineResult r = engine.wrap(app, net); + checkResult(r, SSLEngineResult.Status.BUFFER_OVERFLOW); + System.out.println("Passed"); + } + + private void checkBufferOverflowOnUnWrap(SSLEngine wrappingEngine, + SSLEngine unwrappingEngine) + throws SSLException { + String wrapperMode = wrappingEngine.getUseClientMode() ? "client" + : "server"; + String unwrapperMode = unwrappingEngine.getUseClientMode() ? "client" + : "server"; + if (wrapperMode.equals(unwrapperMode)) { + throw new Error("Test error: both engines are in the same mode!"); + } + System.out.println("=================================================" + + "==========="); + System.out.println("Testing SSLEngine buffer overflow" + + " on unwrap by " + unwrapperMode); + ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes()); + ByteBuffer net = ByteBuffer + .allocate(wrappingEngine.getSession().getPacketBufferSize()); + SSLEngineResult r = wrappingEngine.wrap(app, net); + checkResult(r, SSLEngineResult.Status.OK); + //Making app buffer size less than required by 1 byte. + app = ByteBuffer.allocate(MESSAGE.length() - 1); + net.flip(); + r = unwrappingEngine.unwrap(net, app); + checkResult(r, SSLEngineResult.Status.BUFFER_OVERFLOW); + System.out.println("Passed"); + } + + private void checkBufferUnderflowOnUnWrap(SSLEngine wrappingEngine, + SSLEngine unwrappingEngine) + throws SSLException { + String wrapperMode = wrappingEngine.getUseClientMode() ? "client" + : "server"; + String unwrapperMode = unwrappingEngine.getUseClientMode() ? "client" + : "server"; + if (wrapperMode.equals(unwrapperMode)) { + throw new Error("Test error: both engines are in the same mode!"); + } + System.out.println("=================================================" + + "==========="); + System.out.println("Testing SSLEngine buffer underflow" + + " on unwrap by " + unwrapperMode); + ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes()); + ByteBuffer net = ByteBuffer + .allocate(wrappingEngine.getSession().getPacketBufferSize()); + SSLEngineResult r = wrappingEngine.wrap(app, net); + checkResult(r, SSLEngineResult.Status.OK); + app = ByteBuffer.allocate(unwrappingEngine.getSession() + .getApplicationBufferSize()); + net.flip(); + //Making net buffer size less than size of dtls message. + net.limit(net.limit() - 1); + r = unwrappingEngine.unwrap(net, app); + checkResult(r, SSLEngineResult.Status.BUFFER_UNDERFLOW); + System.out.println("Passed"); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/TLSCommon/DataExchangeTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/TLSCommon/DataExchangeTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLException; + +/** + * Testing SSLEngine application data exchange using each of the supported cipher + * suites. + */ +public class DataExchangeTest extends SSLEngineTestCase { + + public static void main(String[] args) { + DataExchangeTest test = new DataExchangeTest(); + setUpAndStartKDCIfNeeded(); + test.runTests(); + } + + @Override + protected void testOneCipher(String cipher) throws SSLException { + SSLContext context = getContext(); + int maxPacketSize = getMaxPacketSize(); + boolean useSNI = !TEST_MODE.equals("norm"); + SSLEngine clientEngine = getClientSSLEngine(context, useSNI); + SSLEngine serverEngine = getServerSSLEngine(context, useSNI); + clientEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setNeedClientAuth(!cipher.contains("anon")); + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.INITIAL_HANDSHAKE); + sendApplicationData(clientEngine, serverEngine); + sendApplicationData(serverEngine, clientEngine); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/TLSCommon/EnginesClosureTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/TLSCommon/EnginesClosureTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLException; + +/** + * Testing SSLEngines closing using each of the supported cipher suites. + */ +public class EnginesClosureTest extends SSLEngineTestCase { + + public static void main(String[] args) { + EnginesClosureTest test = new EnginesClosureTest(); + setUpAndStartKDCIfNeeded(); + test.runTests(); + } + + @Override + protected void testOneCipher(String cipher) throws SSLException { + closingTest(cipher, true); + closingTest(cipher, false); + } + + private void closingTest(String cipher, boolean clientCloses) + throws SSLException { + SSLContext context = getContext(); + int maxPacketSize = getMaxPacketSize(); + boolean useSNI = !TEST_MODE.equals("norm"); + SSLEngine clientEngine = getClientSSLEngine(context, useSNI); + SSLEngine serverEngine = getServerSSLEngine(context, useSNI); + clientEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setNeedClientAuth(!cipher.contains("anon")); + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.INITIAL_HANDSHAKE); + if (clientCloses) { + closeEngines(clientEngine, serverEngine); + } else { + closeEngines(serverEngine, clientEngine); + } + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/TLSCommon/HandshakeTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/TLSCommon/HandshakeTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLException; + +/** + * Testing SSLEngines handshake using each of the supported cipher suites. + */ +public class HandshakeTest extends SSLEngineTestCase { + + public static void main(String[] args) { + HandshakeTest test = new HandshakeTest(); + setUpAndStartKDCIfNeeded(); + test.runTests(); + } + + @Override + protected void testOneCipher(String cipher) throws SSLException { + SSLContext context = getContext(); + int maxPacketSize = getMaxPacketSize(); + boolean useSNI = !TEST_MODE.equals("norm"); + SSLEngine clientEngine = getClientSSLEngine(context, useSNI); + SSLEngine serverEngine = getServerSSLEngine(context, useSNI); + clientEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setNeedClientAuth(!cipher.contains("anon")); + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.INITIAL_HANDSHAKE); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/TLSCommon/MFLNTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/TLSCommon/MFLNTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLException; + +/** + * Testing SSLEngines handshake using each of the supported cipher suites with + * different maximum fragment length. Testing of MFLN extension. + */ +public class MFLNTest extends SSLEngineTestCase { + + public static void main(String[] args) { + setUpAndStartKDCIfNeeded(); + System.setProperty("jsse.enableMFLNExtension", "true"); + for (int mfl = 4096; mfl >= 256; mfl /= 2) { + System.out.println("==============================================" + + "=============="); + System.out.printf("Testsing DTLS handshake with MFL = %d%n", mfl); + MFLNTest test = new MFLNTest(mfl); + test.runTests(); + } + } + + protected MFLNTest(int maxPacketSize) { + super(maxPacketSize); + } + + @Override + protected void testOneCipher(String cipher) throws SSLException { + SSLContext context = getContext(); + int maxPacketSize = getMaxPacketSize(); + boolean useSNI = !TEST_MODE.equals("norm"); + SSLEngine clientEngine = getClientSSLEngine(context, useSNI); + SSLEngine serverEngine = getServerSSLEngine(context, useSNI); + clientEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setNeedClientAuth(!cipher.contains("anon")); + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.INITIAL_HANDSHAKE); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/TLSCommon/NotEnabledRC4Test.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/TLSCommon/NotEnabledRC4Test.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; + +/** + * Testing SSLEngines do not enable RC4 ciphers by default. + */ +public class NotEnabledRC4Test { + + public static void main(String[] s) throws Exception { + SSLContext context = SSLEngineTestCase.getContext(); + SSLEngine clientEngine = context.createSSLEngine(); + clientEngine.setUseClientMode(true); + SSLEngine serverEngine = context.createSSLEngine(); + serverEngine.setUseClientMode(false); + String[] cliEnabledCiphers = clientEngine.getEnabledCipherSuites(); + rc4Test(cliEnabledCiphers, true); + String[] srvEnabledCiphers = serverEngine.getEnabledCipherSuites(); + rc4Test(srvEnabledCiphers, false); + } + + private static void rc4Test(String[] ciphers, boolean isClient) { + String mode = isClient ? "client" : "server"; + for (String cipher : ciphers) { + if (cipher.contains("RC4")) { + throw new AssertionError("RC4 cipher " + cipher + " is enabled" + + " by default on " + mode + " SSLEngine," + + " but it should not!"); + } + } + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/TLSCommon/RehandshakeTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/TLSCommon/RehandshakeTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLException; + +/** + * Testing SSLEngines re-handshaking using each of the supported cipher + * suites. + */ +public class RehandshakeTest extends SSLEngineTestCase { + + public static void main(String[] args) { + RehandshakeTest test = new RehandshakeTest(); + setUpAndStartKDCIfNeeded(); + test.runTests(); + } + + @Override + protected void testOneCipher(String cipher) throws SSLException { + SSLContext context = getContext(); + int maxPacketSize = getMaxPacketSize(); + boolean useSNI = !TEST_MODE.equals("norm"); + SSLEngine clientEngine = getClientSSLEngine(context, useSNI); + SSLEngine serverEngine = getServerSSLEngine(context, useSNI); + clientEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setNeedClientAuth(!cipher.contains("anon")); + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.INITIAL_HANDSHAKE); + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.REHANDSHAKE_BEGIN_CLIENT); + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.REHANDSHAKE_BEGIN_SERVER); + } + +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/TLSCommon/RehandshakeWithCipherChangeTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/TLSCommon/RehandshakeWithCipherChangeTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLEngineResult; +import javax.net.ssl.SSLException; +import java.util.Random; +import jdk.testlibrary.RandomFactory; + +/** + * Testing SSLEngines re-handshaking with cipher change. New cipher is taken + * randomly from the supported ciphers list. + */ +public class RehandshakeWithCipherChangeTest extends SSLEngineTestCase { + + public static void main(String[] s) { + RehandshakeWithCipherChangeTest test + = new RehandshakeWithCipherChangeTest(); + test.runTests(Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS); + } + + @Override + protected void testOneCipher(String cipher) throws SSLException { + SSLContext context = getContext(); + int maxPacketSize = getMaxPacketSize(); + SSLEngine clientEngine = context.createSSLEngine(); + clientEngine.setUseClientMode(true); + SSLEngine serverEngine = context.createSSLEngine(); + serverEngine.setUseClientMode(false); + clientEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setEnabledCipherSuites( + Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers); + String randomCipher; + serverEngine.setNeedClientAuth(true); + long initialEpoch = 0; + long secondEpoch = 0; + SSLEngineResult r; + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.INITIAL_HANDSHAKE); + sendApplicationData(clientEngine, serverEngine); + r = sendApplicationData(serverEngine, clientEngine); + if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) { + initialEpoch = r.sequenceNumber() >> 48; + } + final Random RNG = RandomFactory.getRandom(); + randomCipher = Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers[RNG + .nextInt(Ciphers.ENABLED_NON_KRB_NOT_ANON_CIPHERS.ciphers.length)]; + clientEngine.setEnabledCipherSuites(new String[]{randomCipher}); + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.REHANDSHAKE_BEGIN_CLIENT); + sendApplicationData(clientEngine, serverEngine); + r = sendApplicationData(serverEngine, clientEngine); + if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) { + secondEpoch = r.sequenceNumber() >> 48; + AssertionError epochError = new AssertionError("Epoch number" + + " did not grow after re-handshake! " + + " Was " + initialEpoch + ", now " + secondEpoch + "."); + if (Long.compareUnsigned(secondEpoch, initialEpoch) <= 0) { + throw epochError; + } + } + closeEngines(clientEngine, serverEngine); + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/TLSCommon/RehandshakeWithDataExTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/TLSCommon/RehandshakeWithDataExTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLEngineResult; +import javax.net.ssl.SSLException; + +/** + * Testing SSLEngines re-handshaking using each of the supported cipher suites + * with application data exchange before and after re-handshake and closing of + * the engines. + */ +public class RehandshakeWithDataExTest extends SSLEngineTestCase { + + public static void main(String[] args) { + RehandshakeWithDataExTest test = new RehandshakeWithDataExTest(); + setUpAndStartKDCIfNeeded(); + test.runTests(); + } + + @Override + protected void testOneCipher(String cipher) throws SSLException { + SSLContext context = getContext(); + int maxPacketSize = getMaxPacketSize(); + boolean useSNI = !TEST_MODE.equals("norm"); + SSLEngine clientEngine = getClientSSLEngine(context, useSNI); + SSLEngine serverEngine = getServerSSLEngine(context, useSNI); + clientEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setEnabledCipherSuites(new String[]{cipher}); + serverEngine.setNeedClientAuth(!cipher.contains("anon")); + long initialEpoch = 0; + long secondEpoch = 0; + long thirdEpoch = 0; + SSLEngineResult r; + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.INITIAL_HANDSHAKE); + sendApplicationData(clientEngine, serverEngine); + r = sendApplicationData(serverEngine, clientEngine); + if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) { + initialEpoch = r.sequenceNumber() >> 48; + } + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.REHANDSHAKE_BEGIN_CLIENT); + sendApplicationData(clientEngine, serverEngine); + r = sendApplicationData(serverEngine, clientEngine); + AssertionError epochError = new AssertionError("Epoch number" + + " did not grow after re-handshake! " + + " Was " + initialEpoch + ", now " + secondEpoch + "."); + if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) { + secondEpoch = r.sequenceNumber() >> 48; + if (Long.compareUnsigned(secondEpoch, initialEpoch) <= 0) { + throw epochError; + } + } + doHandshake(clientEngine, serverEngine, maxPacketSize, + HandshakeMode.REHANDSHAKE_BEGIN_SERVER); + sendApplicationData(clientEngine, serverEngine); + r = sendApplicationData(serverEngine, clientEngine); + if (TESTED_SECURITY_PROTOCOL.contains("DTLS")) { + thirdEpoch = r.sequenceNumber() >> 48; + if (Long.compareUnsigned(thirdEpoch, secondEpoch) <= 0) { + throw epochError; + } + } + closeEngines(clientEngine, serverEngine); + } + +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/TLSCommon/SSLEngineTestCase.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/TLSCommon/SSLEngineTestCase.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,1081 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SNIHostName; +import javax.net.ssl.SNIMatcher; +import javax.net.ssl.SNIServerName; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLEngineResult; +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.TrustManagerFactory; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.nio.ByteBuffer; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; + +/** + * Basic class to inherit SSLEngine test cases from it. Tests apply for + * the TLS or DTLS security protocols and their versions. + */ +abstract public class SSLEngineTestCase { + + public enum Ciphers { + + /** + * Ciphers supported by the tested SSLEngine without those with kerberos + * authentication. + */ + SUPPORTED_NON_KRB_CIPHERS(SSLEngineTestCase.SUPPORTED_NON_KRB_CIPHERS, + "Supported non kerberos"), + /** + * Ciphers supported by the tested SSLEngine without those with kerberos + * authentication and without those with SHA256 ans SHA384. + */ + SUPPORTED_NON_KRB_NON_SHA_CIPHERS(SSLEngineTestCase.SUPPORTED_NON_KRB_NON_SHA_CIPHERS, + "Supported non kerberos non SHA256 and SHA384"), + /** + * Ciphers supported by the tested SSLEngine with kerberos authentication. + */ + SUPPORTED_KRB_CIPHERS(SSLEngineTestCase.SUPPORTED_KRB_CIPHERS, + "Supported kerberos"), + /** + * Ciphers enabled by default for the tested SSLEngine without kerberos + * and anon. + */ + ENABLED_NON_KRB_NOT_ANON_CIPHERS( + SSLEngineTestCase.ENABLED_NON_KRB_NOT_ANON_CIPHERS, + "Enabled by default non kerberos not anonymous"), + /** + * Ciphers unsupported by the tested SSLEngine. + */ + UNSUPPORTED_CIPHERS(SSLEngineTestCase.UNSUPPORTED_CIPHERS, + "Unsupported"); + + Ciphers(String[] ciphers, String description) { + this.ciphers = ciphers; + this.description = description; + } + + final String[] ciphers; + final String description; + } + + /** + * Enumeration used to distinguish handshake mode in + * {@link SSLEngineTestCase#doHandshake(javax.net.ssl.SSLEngine, + * javax.net.ssl.SSLEngine, int, SSLEngineTestCase.HandshakeMode, boolean) + * SSLEngineTestCase.doHandshake} method. + */ + public enum HandshakeMode { + + /** + * Initial handshake done for the first time: both engines call + * {@link SSLEngine#beginHandshake()} method. + */ + INITIAL_HANDSHAKE, + /** + * Repeated handshake done by client: client engine calls + * {@link SSLEngine#beginHandshake()} method. + */ + REHANDSHAKE_BEGIN_CLIENT, + /** + * Repeated handshake done by server: server engine calls + * {@link SSLEngine#beginHandshake()} method. + */ + REHANDSHAKE_BEGIN_SERVER; + } + /** + * Security protocol to be tested: "TLS" or "DTLS" or their versions, + * e.g. "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1.0", "DTLSv1.2". + */ + public static final String TESTED_SECURITY_PROTOCOL + = System.getProperty("test.security.protocol", "TLS"); + /** + * Test mode: "norm", "norm_sni" or "krb". + * Modes "norm" and "norm_sni" are used to run + * with all supported non-kerberos ciphers. + * Mode "krb" is used to run with kerberos ciphers. + */ + public static final String TEST_MODE + = System.getProperty("test.mode", "norm"); + + private static final String FS = System.getProperty("file.separator", "/"); + private static final String PATH_TO_STORES = ".." + FS + "etc"; + private static final String KEY_STORE_FILE = "keystore"; + private static final String TRUST_STORE_FILE = "truststore"; + private static final String PASSWD = "passphrase"; + + private static final String KEY_FILE_NAME + = System.getProperty("test.src", ".") + FS + PATH_TO_STORES + + FS + KEY_STORE_FILE; + private static final String TRUST_FILE_NAME + = System.getProperty("test.src", ".") + FS + PATH_TO_STORES + + FS + TRUST_STORE_FILE; + + private static ByteBuffer net; + private static ByteBuffer netReplicatedClient; + private static ByteBuffer netReplicatedServer; + private static final int MAX_HANDSHAKE_LOOPS = 100; + private static final String EXCHANGE_MSG_SENT = "Hello, peer!"; + private static boolean doUnwrapForNotHandshakingStatus; + private static boolean endHandshakeLoop = false; + private static final String TEST_SRC = System.getProperty("test.src", "."); + private static final String KTAB_FILENAME = "krb5.keytab.data"; + private static final String KRB_REALM = "TEST.REALM"; + private static final String KRBTGT_PRINCIPAL = "krbtgt/" + KRB_REALM; + private static final String KRB_USER = "USER"; + private static final String KRB_USER_PASSWORD = "password"; + private static final String KRB_USER_PRINCIPAL = KRB_USER + "@" + KRB_REALM; + private static final String KRB5_CONF_FILENAME = "krb5.conf"; + private static final String PATH_TO_COMMON = ".." + FS + "TLSCommon"; + private static final String JAAS_CONF_FILE = PATH_TO_COMMON + + FS + "jaas.conf"; + private static final int DELAY = 1000; + private static final String HOST = "localhost"; + private static final String SERVER_NAME = "service.localhost"; + private static final String SNI_PATTERN = ".*"; + + private static final String[] SUPPORTED_NON_KRB_CIPHERS; + + static { + try { + String[] allSupportedCiphers = getContext() + .createSSLEngine().getSupportedCipherSuites(); + List supportedCiphersList = new LinkedList<>(); + for (String cipher : allSupportedCiphers) { + if (!cipher.contains("KRB5") + && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) { + supportedCiphersList.add(cipher); + } + } + SUPPORTED_NON_KRB_CIPHERS = supportedCiphersList.toArray(new String[0]); + } catch (Exception ex) { + throw new Error("Unexpected issue", ex); + } + } + + private static final String[] SUPPORTED_NON_KRB_NON_SHA_CIPHERS; + + static { + try { + String[] allSupportedCiphers = getContext() + .createSSLEngine().getSupportedCipherSuites(); + List supportedCiphersList = new LinkedList<>(); + for (String cipher : allSupportedCiphers) { + if (!cipher.contains("KRB5") + && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV") + && !cipher.endsWith("_SHA256") + && !cipher.endsWith("_SHA384")) { + supportedCiphersList.add(cipher); + } + } + SUPPORTED_NON_KRB_NON_SHA_CIPHERS + = supportedCiphersList.toArray(new String[0]); + } catch (Exception ex) { + throw new Error("Unexpected issue", ex); + } + } + + private static final String[] SUPPORTED_KRB_CIPHERS; + + static { + try { + String[] allSupportedCiphers = getContext() + .createSSLEngine().getSupportedCipherSuites(); + List supportedCiphersList = new LinkedList<>(); + for (String cipher : allSupportedCiphers) { + if (cipher.contains("KRB5") + && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) { + supportedCiphersList.add(cipher); + } + } + SUPPORTED_KRB_CIPHERS = supportedCiphersList.toArray(new String[0]); + } catch (Exception ex) { + throw new Error("Unexpected issue", ex); + } + } + + private static final String[] ENABLED_NON_KRB_NOT_ANON_CIPHERS; + + static { + try { + SSLEngine temporary = getContext().createSSLEngine(); + temporary.setUseClientMode(true); + String[] enabledCiphers = temporary.getEnabledCipherSuites(); + List enabledCiphersList = new LinkedList<>(); + for (String cipher : enabledCiphers) { + if (!cipher.contains("anon") && !cipher.contains("KRB5") + && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) { + enabledCiphersList.add(cipher); + } + } + ENABLED_NON_KRB_NOT_ANON_CIPHERS = enabledCiphersList.toArray(new String[0]); + } catch (Exception ex) { + throw new Error("Unexpected issue", ex); + } + } + + private static final String[] UNSUPPORTED_CIPHERS = { + "SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", + "SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", + "SSL_DHE_DSS_WITH_RC4_128_SHA", + "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "SSL_DH_DSS_WITH_DES_CBC_SHA", + "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "SSL_DH_RSA_WITH_DES_CBC_SHA", + "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", + "SSL_FORTEZZA_DMS_WITH_NULL_SHA", + "SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", + "SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", + "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", + "SSL_RSA_FIPS_WITH_DES_CBC_SHA", + "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", + "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", + "TLS_KRB5_WITH_IDEA_CBC_MD5", + "TLS_KRB5_WITH_IDEA_CBC_SHA", + "SSL_RSA_WITH_IDEA_CBC_SHA", + "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", + "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", + "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" + }; + + private final int maxPacketSize; + + /** + * Constructs test case with the given MFLN maxMacketSize. + * + * @param maxPacketSize - MLFN extension max packet size. + */ + public SSLEngineTestCase(int maxPacketSize) { + this.maxPacketSize = maxPacketSize; + } + + /** + * Constructs test case with {@code maxPacketSize = 0}. + */ + public SSLEngineTestCase() { + this.maxPacketSize = 0; + } + + /** + * Wraps data with the specified engine. + * + * @param engine - SSLEngine that wraps data. + * @param wrapper - Set wrapper id, e.g. "server" of "client". Used for + * logging only. + * @param maxPacketSize - Max packet size to check that MFLN extension works + * or zero for no check. + * @param app - Buffer with data to wrap. + * @return - Buffer with wrapped data. + * @throws SSLException - thrown on engine errors. + */ + public static ByteBuffer doWrap(SSLEngine engine, String wrapper, + int maxPacketSize, ByteBuffer app) + throws SSLException { + return doWrap(engine, wrapper, maxPacketSize, + app, SSLEngineResult.Status.OK, null); + } + + /** + * Wraps data with the specified engine. + * + * @param engine - SSLEngine that wraps data. + * @param wrapper - Set wrapper id, e.g. "server" of "client". Used for + * logging only. + * @param maxPacketSize - Max packet size to check that MFLN extension works + * or zero for no check. + * @param app - Buffer with data to wrap. + * @param result - Array which first element will be used to output wrap + * result object. + * @return - Buffer with wrapped data. + * @throws SSLException - thrown on engine errors. + */ + public static ByteBuffer doWrap(SSLEngine engine, String wrapper, + int maxPacketSize, ByteBuffer app, + SSLEngineResult[] result) + throws SSLException { + return doWrap(engine, wrapper, maxPacketSize, + app, SSLEngineResult.Status.OK, result); + } + + /** + * Wraps data with the specified engine. + * + * @param engine - SSLEngine that wraps data. + * @param wrapper - Set wrapper id, e.g. "server" of "client". Used for + * logging only. + * @param maxPacketSize - Max packet size to check that MFLN extension works + * or zero for no check. + * @param app - Buffer with data to wrap. + * @param wantedStatus - Specifies expected result status of wrapping. + * @return - Buffer with wrapped data. + * @throws SSLException - thrown on engine errors. + */ + public static ByteBuffer doWrap(SSLEngine engine, String wrapper, + int maxPacketSize, ByteBuffer app, + SSLEngineResult.Status wantedStatus) + throws SSLException { + return doWrap(engine, wrapper, maxPacketSize, + app, wantedStatus, null); + } + + /** + * Wraps data with the specified engine. + * + * @param engine - SSLEngine that wraps data. + * @param wrapper - Set wrapper id, e.g. "server" of "client". Used for + * logging only. + * @param maxPacketSize - Max packet size to check that MFLN extension works + * or zero for no check. + * @param app - Buffer with data to wrap. + * @param wantedStatus - Specifies expected result status of wrapping. + * @param result - Array which first element will be used to output wrap + * result object. + * @return - Buffer with wrapped data. + * @throws SSLException - thrown on engine errors. + */ + public static ByteBuffer doWrap(SSLEngine engine, String wrapper, + int maxPacketSize, ByteBuffer app, + SSLEngineResult.Status wantedStatus, + SSLEngineResult[] result) + throws SSLException { + ByteBuffer net = ByteBuffer.allocate(engine.getSession() + .getPacketBufferSize()); + SSLEngineResult r = engine.wrap(app, net); + net.flip(); + int length = net.remaining(); + System.out.println(wrapper + " wrapped " + length + " bytes."); + System.out.println(wrapper + " handshake status is " + + engine.getHandshakeStatus()); + if (maxPacketSize < length && maxPacketSize != 0) { + throw new AssertionError("Handshake wrapped net buffer length " + + length + " exceeds maximum packet size " + + maxPacketSize); + } + checkResult(r, wantedStatus); + if (result != null && result.length > 0) { + result[0] = r; + } + return net; + } + + /** + * Unwraps data with the specified engine. + * + * @param engine - SSLEngine that unwraps data. + * @param unwrapper - Set unwrapper id, e.g. "server" of "client". Used for + * logging only. + * @param net - Buffer with data to unwrap. + * @return - Buffer with unwrapped data. + * @throws SSLException - thrown on engine errors. + */ + public static ByteBuffer doUnWrap(SSLEngine engine, String unwrapper, + ByteBuffer net) + throws SSLException { + return doUnWrap(engine, unwrapper, net, SSLEngineResult.Status.OK, null); + } + + /** + * Unwraps data with the specified engine. + * + * @param engine - SSLEngine that unwraps data. + * @param unwrapper - Set unwrapper id, e.g. "server" of "client". Used for + * logging only. + * @param net - Buffer with data to unwrap. + * @param result - Array which first element will be used to output wrap + * result object. + * @return - Buffer with unwrapped data. + * @throws SSLException - thrown on engine errors. + */ + public static ByteBuffer doUnWrap(SSLEngine engine, String unwrapper, + ByteBuffer net, SSLEngineResult[] result) + throws SSLException { + return doUnWrap(engine, unwrapper, net, SSLEngineResult.Status.OK, result); + } + + /** + * Unwraps data with the specified engine. + * + * @param engine - SSLEngine that unwraps data. + * @param unwrapper - Set unwrapper id, e.g. "server" of "client". Used for + * logging only. + * @param net - Buffer with data to unwrap. + * @param wantedStatus - Specifies expected result status of wrapping. + * @return - Buffer with unwrapped data. + * @throws SSLException - thrown on engine errors. + */ + public static ByteBuffer doUnWrap(SSLEngine engine, String unwrapper, + ByteBuffer net, + SSLEngineResult.Status wantedStatus) + throws SSLException { + return doUnWrap(engine, unwrapper, net, wantedStatus, null); + } + + /** + * Unwraps data with the specified engine. + * + * @param engine - SSLEngine that unwraps data. + * @param unwrapper - Set unwrapper id, e.g. "server" of "client". Used for + * logging only. + * @param net - Buffer with data to unwrap. + * @param wantedStatus - Specifies expected result status of wrapping. + * @param result - Array which first element will be used to output wrap + * result object. + * @return - Buffer with unwrapped data. + * @throws SSLException - thrown on engine errors. + */ + public static ByteBuffer doUnWrap(SSLEngine engine, String unwrapper, + ByteBuffer net, + SSLEngineResult.Status wantedStatus, + SSLEngineResult[] result) + throws SSLException { + ByteBuffer app = ByteBuffer.allocate(engine.getSession() + .getApplicationBufferSize()); + int length = net.remaining(); + System.out.println(unwrapper + " unwrapping " + + length + " bytes..."); + SSLEngineResult r = engine.unwrap(net, app); + app.flip(); + System.out.println(unwrapper + " handshake status is " + + engine.getHandshakeStatus()); + checkResult(r, wantedStatus); + if (result != null && result.length > 0) { + result[0] = r; + } + return app; + } + + /** + * Does the handshake of the two specified engines according to the + * {@code mode} specified. + * + * @param clientEngine - Client SSLEngine. + * @param serverEngine - Server SSLEngine. + * @param maxPacketSize - Maximum packet size for MFLN of zero for no limit. + * @param mode - Handshake mode according to {@link HandshakeMode} enum. + * @throws SSLException - thrown on engine errors. + */ + public static void doHandshake(SSLEngine clientEngine, + SSLEngine serverEngine, + int maxPacketSize, HandshakeMode mode) + throws SSLException { + doHandshake(clientEngine, serverEngine, maxPacketSize, mode, false); + } + + /** + * Does the handshake of the two specified engines according to the + * {@code mode} specified. + * + * @param clientEngine - Client SSLEngine. + * @param serverEngine - Server SSLEngine. + * @param maxPacketSize - Maximum packet size for MFLN of zero for no limit. + * @param mode - Handshake mode according to {@link HandshakeMode} enum. + * @param enableReplicatedPacks - Set {@code true} to enable replicated + * packet sending. + * @throws SSLException - thrown on engine errors. + */ + public static void doHandshake(SSLEngine clientEngine, + SSLEngine serverEngine, int maxPacketSize, + HandshakeMode mode, + boolean enableReplicatedPacks) + throws SSLException { + System.out.println("=================================================" + + "==========="); + System.out.println("Starting handshake " + mode.name()); + int loop = 0; + if (maxPacketSize < 0) { + throw new Error("Test issue: maxPacketSize is less than zero!"); + } + SSLParameters params = clientEngine.getSSLParameters(); + params.setMaximumPacketSize(maxPacketSize); + clientEngine.setSSLParameters(params); + params = serverEngine.getSSLParameters(); + params.setMaximumPacketSize(maxPacketSize); + serverEngine.setSSLParameters(params); + SSLEngine firstEngine; + SSLEngine secondEngine; + switch (mode) { + case INITIAL_HANDSHAKE: + firstEngine = clientEngine; + secondEngine = serverEngine; + doUnwrapForNotHandshakingStatus = false; + clientEngine.beginHandshake(); + serverEngine.beginHandshake(); + break; + case REHANDSHAKE_BEGIN_CLIENT: + firstEngine = clientEngine; + secondEngine = serverEngine; + doUnwrapForNotHandshakingStatus = true; + clientEngine.beginHandshake(); + break; + case REHANDSHAKE_BEGIN_SERVER: + firstEngine = serverEngine; + secondEngine = clientEngine; + doUnwrapForNotHandshakingStatus = true; + serverEngine.beginHandshake(); + break; + default: + throw new Error("Test issue: unknown handshake mode"); + } + endHandshakeLoop = false; + while (!endHandshakeLoop) { + if (++loop > MAX_HANDSHAKE_LOOPS) { + throw new Error("Too much loops for handshaking"); + } + System.out.println("=============================================="); + System.out.println("Handshake loop " + loop); + SSLEngineResult.HandshakeStatus clientHSStatus + = clientEngine.getHandshakeStatus(); + SSLEngineResult.HandshakeStatus serverHSStatus + = serverEngine.getHandshakeStatus(); + System.out.println("Client handshake status " + + clientHSStatus.name()); + System.out.println("Server handshake status " + + serverHSStatus.name()); + handshakeProcess(firstEngine, secondEngine, maxPacketSize, + enableReplicatedPacks); + handshakeProcess(secondEngine, firstEngine, maxPacketSize, + enableReplicatedPacks); + } + } + + /** + * Routine to send application data from one SSLEngine to another. + * + * @param fromEngine - Sending engine. + * @param toEngine - Receiving engine. + * @return - Result of unwrap method of the receiving engine. + * @throws SSLException - thrown on engine errors. + */ + public static SSLEngineResult sendApplicationData(SSLEngine fromEngine, + SSLEngine toEngine) + throws SSLException { + String sender = null; + String reciever = null; + String excMsgSent = EXCHANGE_MSG_SENT; + if (fromEngine.getUseClientMode() && !toEngine.getUseClientMode()) { + sender = "Client"; + reciever = "Server"; + excMsgSent += " Client."; + } else if (toEngine.getUseClientMode() && !fromEngine.getUseClientMode()) { + sender = "Server"; + reciever = "Client"; + excMsgSent += " Server."; + } else { + throw new Error("Test issue: both engines are in the same mode"); + } + System.out.println("=================================================" + + "==========="); + System.out.println("Trying to send application data from " + sender + + " to " + reciever); + ByteBuffer clientAppSent + = ByteBuffer.wrap(excMsgSent.getBytes()); + net = doWrap(fromEngine, sender, 0, clientAppSent); + SSLEngineResult[] r = new SSLEngineResult[1]; + ByteBuffer serverAppRecv = doUnWrap(toEngine, reciever, net, r); + byte[] serverAppRecvTrunc = Arrays.copyOf(serverAppRecv.array(), + serverAppRecv.limit()); + String msgRecv = new String(serverAppRecvTrunc); + if (!msgRecv.equals(excMsgSent)) { + throw new AssertionError(sender + " to " + reciever + + ": application data" + + " has been altered while sending." + + " Message sent: " + "\"" + excMsgSent + "\"." + + " Message recieved: " + "\"" + msgRecv + "\"."); + } + System.out.println("Successful sending application data from " + sender + + " to " + reciever); + return r[0]; + } + + /** + * Close engines by sending "close outbound" message from one SSLEngine to + * another. + * + * @param fromEngine - Sending engine. + * @param toEngine - Receiving engine. + * @throws SSLException - thrown on engine errors. + */ + public static void closeEngines(SSLEngine fromEngine, + SSLEngine toEngine) throws SSLException { + String from = null; + String to = null; + ByteBuffer app; + if (fromEngine.getUseClientMode() && !toEngine.getUseClientMode()) { + from = "Client"; + to = "Server"; + } else if (toEngine.getUseClientMode() && !fromEngine.getUseClientMode()) { + from = "Server"; + to = "Client"; + } else { + throw new Error("Both engines are in the same mode"); + } + System.out.println("========================================================="); + System.out.println("Trying to close engines from " + from + " to " + to); + // Sending close outbound request to peer + fromEngine.closeOutbound(); + app = ByteBuffer.allocate(fromEngine.getSession().getApplicationBufferSize()); + net = doWrap(fromEngine, from, 0, app, SSLEngineResult.Status.CLOSED); + doUnWrap(toEngine, to, net, SSLEngineResult.Status.CLOSED); + app = ByteBuffer.allocate(fromEngine.getSession().getApplicationBufferSize()); + net = doWrap(toEngine, to, 0, app, SSLEngineResult.Status.CLOSED); + doUnWrap(fromEngine, from, net, SSLEngineResult.Status.CLOSED); + if (!toEngine.isInboundDone()) { + throw new AssertionError(from + " sent close request to " + to + + ", but " + to + "did not close inbound."); + } + // Executing close inbound + fromEngine.closeInbound(); + app = ByteBuffer.allocate(fromEngine.getSession().getApplicationBufferSize()); + net = doWrap(fromEngine, from, 0, app, SSLEngineResult.Status.CLOSED); + doUnWrap(toEngine, to, net, SSLEngineResult.Status.CLOSED); + if (!toEngine.isOutboundDone()) { + throw new AssertionError(from + "sent close request to " + to + + ", but " + to + "did not close outbound."); + } + System.out.println("Successful closing from " + from + " to " + to); + } + + /** + * Runs the same test case for all given {@code ciphers}. Method counts all + * failures and throws {@code AssertionError} if one or more tests fail. + * + * @param ciphers - Ciphers that should be tested. + */ + public void runTests(Ciphers ciphers) { + int total = ciphers.ciphers.length; + int failed = testSomeCiphers(ciphers); + if (failed > 0) { + throw new AssertionError("" + failed + " of " + total + + " tests failed!"); + } + System.out.println("All tests passed!"); + } + + /** + * Runs test cases for ciphers defined by the test mode. + */ + public void runTests() { + switch (TEST_MODE) { + case "norm": + case "norm_sni": + switch (TESTED_SECURITY_PROTOCOL) { + case "DTLSv1.0": + case "TLSv1": + case "TLSv1.1": + runTests(Ciphers.SUPPORTED_NON_KRB_NON_SHA_CIPHERS); + break; + default: + runTests(Ciphers.SUPPORTED_NON_KRB_CIPHERS); + } + break; + case "krb": + runTests(Ciphers.SUPPORTED_KRB_CIPHERS); + break; + default: + throw new Error("Test error: unexpected test mode: " + TEST_MODE); + } + } + + /** + * Returns maxPacketSize value used for MFLN extension testing + * + * @return - MLFN extension max packet size. + */ + public int getMaxPacketSize() { + return maxPacketSize; + } + + /** + * Checks that status of result {@code r} is {@code wantedStatus}. + * + * @param r - Result. + * @param wantedStatus - Wanted status of the result. + * @throws AssertionError - if status or {@code r} is not + * {@code wantedStatus}. + */ + public static void checkResult(SSLEngineResult r, + SSLEngineResult.Status wantedStatus) { + SSLEngineResult.Status rs = r.getStatus(); + if (!rs.equals(wantedStatus)) { + throw new AssertionError("Unexpected status " + rs.name() + + ", should be " + wantedStatus.name()); + } + } + + /** + * Returns SSLContext with TESTED_SECURITY_PROTOCOL protocol and sets up keys. + * + * @return - SSLContext with a protocol specified by TESTED_SECURITY_PROTOCOL. + */ + public static SSLContext getContext() { + try { + KeyStore ks = KeyStore.getInstance("JKS"); + KeyStore ts = KeyStore.getInstance("JKS"); + char[] passphrase = PASSWD.toCharArray(); + try (FileInputStream keyFileStream = new FileInputStream(KEY_FILE_NAME)) { + ks.load(keyFileStream, passphrase); + } + try (FileInputStream trustFileStream = new FileInputStream(TRUST_FILE_NAME)) { + ts.load(trustFileStream, passphrase); + } + KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); + kmf.init(ks, passphrase); + TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); + tmf.init(ts); + SSLContext sslCtx = SSLContext.getInstance(TESTED_SECURITY_PROTOCOL); + sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); + return sslCtx; + } catch (KeyStoreException | IOException | NoSuchAlgorithmException | + CertificateException | UnrecoverableKeyException | + KeyManagementException ex) { + throw new Error("Unexpected exception", ex); + } + } + + /** + * Sets up and starts kerberos KDC server. + */ + public static void setUpAndStartKDC() { + String servicePrincipal = "host/" + SERVER_NAME + "@" + KRB_REALM; + Map principals = new HashMap<>(); + principals.put(KRB_USER_PRINCIPAL, KRB_USER_PASSWORD); + principals.put(KRBTGT_PRINCIPAL, null); + principals.put(servicePrincipal, null); + System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME); + startKDC(KRB_REALM, principals, KTAB_FILENAME); + System.setProperty("java.security.auth.login.config", + TEST_SRC + FS + JAAS_CONF_FILE); + System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); + } + + /** + * Sets up and starts kerberos KDC server if SSLEngineTestCase.TEST_MODE is "krb". + */ + public static void setUpAndStartKDCIfNeeded() { + if (TEST_MODE.equals("krb")) { + setUpAndStartKDC(); + } + } + + /** + * Returns client ssl engine. + * + * @param context - SSLContext to get SSLEngine from. + * @param useSNI - flag used to enable or disable using SNI extension. + * Needed for Kerberos. + */ + public static SSLEngine getClientSSLEngine(SSLContext context, boolean useSNI) { + SSLEngine clientEngine = context.createSSLEngine(HOST, 80); + clientEngine.setUseClientMode(true); + if (useSNI) { + SNIHostName serverName = new SNIHostName(SERVER_NAME); + List serverNames = new ArrayList<>(); + serverNames.add(serverName); + SSLParameters params = clientEngine.getSSLParameters(); + params.setServerNames(serverNames); + clientEngine.setSSLParameters(params); + } + return clientEngine; + } + + /** + * Returns server ssl engine. + * + * @param context - SSLContext to get SSLEngine from. + * @param useSNI - flag used to enable or disable using SNI extension. + * Needed for Kerberos. + */ + public static SSLEngine getServerSSLEngine(SSLContext context, boolean useSNI) { + SSLEngine serverEngine = context.createSSLEngine(); + serverEngine.setUseClientMode(false); + if (useSNI) { + SNIMatcher matcher = SNIHostName.createSNIMatcher(SNI_PATTERN); + List matchers = new ArrayList<>(); + matchers.add(matcher); + SSLParameters params = serverEngine.getSSLParameters(); + params.setSNIMatchers(matchers); + serverEngine.setSSLParameters(params); + } + return serverEngine; + } + + /** + * Runs the test case for one cipher suite. + * + * @param cipher - Cipher suite name. + * @throws SSLException - If tests fails. + */ + abstract protected void testOneCipher(String cipher) + throws SSLException; + + /** + * Iterates through an array of ciphers and runs the same test case for + * every entry. + * + * @param ciphers - Array of cipher names. + * @return - Number of tests failed. + */ + protected int testSomeCiphers(Ciphers ciphers) { + int failedNum = 0; + String description = ciphers.description; + System.out.println("===================================================" + + "========="); + System.out.println(description + " ciphers testing"); + System.out.println("===================================================" + + "========="); + for (String cs : ciphers.ciphers) { + System.out.println("-----------------------------------------------" + + "-------------"); + System.out.println("Testing cipher suite " + cs); + System.out.println("-----------------------------------------------" + + "-------------"); + Throwable error = null; + try { + testOneCipher(cs); + } catch (Throwable t) { + error = t; + } + switch (ciphers) { + case SUPPORTED_NON_KRB_CIPHERS: + case SUPPORTED_NON_KRB_NON_SHA_CIPHERS: + case SUPPORTED_KRB_CIPHERS: + case ENABLED_NON_KRB_NOT_ANON_CIPHERS: + if (error != null) { + System.out.println("Test Failed: " + cs); + System.err.println("Test Exception for " + cs); + error.printStackTrace(); + failedNum++; + } else { + System.out.println("Test Passed: " + cs); + } + break; + case UNSUPPORTED_CIPHERS: + if (error == null) { + System.out.println("Test Failed: " + cs); + System.err.println("Test for " + cs + " should have thrown" + + " IllegalArgumentException, but it has not!"); + failedNum++; + } else if (!(error instanceof IllegalArgumentException)) { + System.out.println("Test Failed: " + cs); + System.err.println("Test Exception for " + cs); + error.printStackTrace(); + failedNum++; + } else { + System.out.println("Test Passed: " + cs); + } + break; + default: + throw new Error("Test issue: unexpected ciphers: " + + ciphers.name()); + } + } + return failedNum; + } + + /** + * Method used for the handshake routine. + * + * @param wrapingEngine - Engine that is expected to wrap data. + * @param unwrapingEngine - Engine that is expected to unwrap data. + * @param maxPacketSize - Maximum packet size for MFLN of zero for no limit. + * @param enableReplicatedPacks - Set {@code true} to enable replicated + * packet sending. + * @throws SSLException - thrown on engine errors. + */ + private static void handshakeProcess(SSLEngine wrapingEngine, + SSLEngine unwrapingEngine, + int maxPacketSize, + boolean enableReplicatedPacks) + throws SSLException { + SSLEngineResult.HandshakeStatus wrapingHSStatus = wrapingEngine + .getHandshakeStatus(); + SSLEngineResult.HandshakeStatus unwrapingHSStatus = unwrapingEngine + .getHandshakeStatus(); + SSLEngineResult r; + String wrapper, unwrapper; + if (wrapingEngine.getUseClientMode() + && !unwrapingEngine.getUseClientMode()) { + wrapper = "Client"; + unwrapper = "Server"; + } else if (unwrapingEngine.getUseClientMode() + && !wrapingEngine.getUseClientMode()) { + wrapper = "Server"; + unwrapper = "Client"; + } else { + throw new Error("Both engines are in the same mode"); + } + switch (wrapingHSStatus) { + case NEED_WRAP: + if (enableReplicatedPacks) { + if (net != null) { + net.flip(); + if (net.remaining() != 0) { + if (wrapingEngine.getUseClientMode()) { + netReplicatedServer = net; + } else { + netReplicatedClient = net; + } + } + } + } + ByteBuffer app = ByteBuffer.allocate(wrapingEngine.getSession() + .getApplicationBufferSize()); + net = doWrap(wrapingEngine, wrapper, maxPacketSize, app); + case NOT_HANDSHAKING: + switch (unwrapingHSStatus) { + case NEED_TASK: + runDelegatedTasks(unwrapingEngine); + case NEED_UNWRAP: + doUnWrap(unwrapingEngine, unwrapper, net); + if (enableReplicatedPacks) { + System.out.println("Unwrapping replicated packet..."); + if (unwrapingEngine.getHandshakeStatus() + .equals(SSLEngineResult.HandshakeStatus.NEED_TASK)) { + runDelegatedTasks(unwrapingEngine); + } + runDelegatedTasks(unwrapingEngine); + ByteBuffer netReplicated; + if (unwrapingEngine.getUseClientMode()) { + netReplicated = netReplicatedClient; + } else { + netReplicated = netReplicatedServer; + } + if (netReplicated != null) { + doUnWrap(unwrapingEngine, unwrapper, netReplicated); + } else { + net.flip(); + doUnWrap(unwrapingEngine, unwrapper, net); + } + } + break; + case NEED_UNWRAP_AGAIN: + break; + case NOT_HANDSHAKING: + if (doUnwrapForNotHandshakingStatus) { + doUnWrap(unwrapingEngine, unwrapper, net); + doUnwrapForNotHandshakingStatus = false; + break; + } else { + endHandshakeLoop = true; + } + break; + default: + throw new Error("Unexpected unwraping engine handshake status " + + unwrapingHSStatus.name()); + } + break; + case NEED_UNWRAP: + break; + case NEED_UNWRAP_AGAIN: + net.flip(); + doUnWrap(wrapingEngine, wrapper, net); + break; + case NEED_TASK: + runDelegatedTasks(wrapingEngine); + break; + default: + throw new Error("Unexpected wraping engine handshake status " + + wrapingHSStatus.name()); + } + } + + private static void runDelegatedTasks(SSLEngine engine) { + Runnable runnable; + System.out.println("Running delegated tasks..."); + while ((runnable = engine.getDelegatedTask()) != null) { + runnable.run(); + } + SSLEngineResult.HandshakeStatus hs = engine.getHandshakeStatus(); + if (hs == SSLEngineResult.HandshakeStatus.NEED_TASK) { + throw new Error("Handshake shouldn't need additional tasks."); + } + } + + /** + * Start a KDC server: + * - create a KDC instance + * - create Kerberos principals + * - save Kerberos configuration + * - save keys to keytab file + * - no pre-auth is required + */ + private static void startKDC(String realm, Map principals, + String ktab) { + try { + KDC kdc = KDC.create(realm, HOST, 0, true); + kdc.setOption(KDC.Option.PREAUTH_REQUIRED, Boolean.FALSE); + if (principals != null) { + principals.entrySet().stream().forEach((entry) -> { + String name = entry.getKey(); + String password = entry.getValue(); + if (password == null || password.isEmpty()) { + System.out.println("KDC: add a principal '" + name + + "' with a random password"); + kdc.addPrincipalRandKey(name); + } else { + System.out.println("KDC: add a principal '" + name + + "' with '" + password + "' password"); + kdc.addPrincipal(name, password.toCharArray()); + } + }); + } + KDC.saveConfig(KRB5_CONF_FILENAME, kdc); + if (ktab != null) { + File ktabFile = new File(ktab); + if (ktabFile.exists()) { + System.out.println("KDC: append keys to an exising " + + "keytab file " + ktab); + kdc.appendKtab(ktab); + } else { + System.out.println("KDC: create a new keytab file " + + ktab); + kdc.writeKtab(ktab); + } + } + System.out.println("KDC: started on " + HOST + ":" + kdc.getPort() + + " with '" + realm + "' realm"); + } catch (Exception e) { + throw new RuntimeException("KDC: unexpected exception", e); + } + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/TLSCommon/UnSupportedCiphersTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/TLSCommon/UnSupportedCiphersTest.java Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; + +/** + * Testing that try to enable unsupported ciphers causes IllegalArgumentException. + */ +public class UnSupportedCiphersTest extends SSLEngineTestCase { + + public static void main(String[] s) { + UnSupportedCiphersTest test = new UnSupportedCiphersTest(); + test.runTests(Ciphers.UNSUPPORTED_CIPHERS); + } + + @Override + protected void testOneCipher(String cipher) { + unsupTest(cipher, true); + unsupTest(cipher, false); + } + + private void unsupTest(String cipher, boolean clientTest) { + SSLContext context = getContext(); + SSLEngine clientEngine = context.createSSLEngine(); + clientEngine.setUseClientMode(true); + SSLEngine serverEngine = context.createSSLEngine(); + serverEngine.setUseClientMode(false); + if (clientTest) { + clientEngine.setEnabledCipherSuites(new String[]{cipher}); + } else { + serverEngine.setEnabledCipherSuites(new String[]{cipher}); + } + } +} diff -r 5b500c93ce48 -r babdeee3c007 jdk/test/javax/net/ssl/TLSCommon/jaas.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/net/ssl/TLSCommon/jaas.conf Fri Jun 05 12:22:36 2015 +0300 @@ -0,0 +1,17 @@ +com.sun.net.ssl.client { + com.sun.security.auth.module.Krb5LoginModule required + principal="USER@TEST.REALM" + doNotPrompt=true + useKeyTab=true + keyTab="krb5.keytab.data"; +}; + +com.sun.net.ssl.server { + com.sun.security.auth.module.Krb5LoginModule required + principal="host/service.localhost@TEST.REALM" + isInitiator=false + useKeyTab=true + keyTab="krb5.keytab.data" + storeKey=true; +}; +