8168935: sun/security/ssl/SSLContextImpl/TrustTrustedCert.java failed Intermittently
Summary: TrustTrustedCert.java uses SSLSocketTemplate to avoid timeout failure
Reviewed-by: xuelei
Contributed-by: John Jiang <sha.jiang@oracle.com>
--- a/jdk/test/javax/net/ssl/templates/SSLSocketTemplate.java Wed Dec 21 12:15:11 2016 +0800
+++ b/jdk/test/javax/net/ssl/templates/SSLSocketTemplate.java Tue Dec 20 23:09:27 2016 -0800
@@ -176,6 +176,13 @@
}
/*
+ * Configure the server side socket.
+ */
+ protected void configureServerSocket(SSLServerSocket socket) {
+
+ }
+
+ /*
* =============================================
* Define the client and server side operations.
*
@@ -211,6 +218,7 @@
SSLServerSocketFactory sslssf = context.getServerSocketFactory();
SSLServerSocket sslServerSocket =
(SSLServerSocket)sslssf.createServerSocket(serverPort);
+ configureServerSocket(sslServerSocket);
serverPort = sslServerSocket.getLocalPort();
// Signal the client, the server is ready to accept connection.
--- a/jdk/test/sun/security/ssl/SSLContextImpl/TrustTrustedCert.java Wed Dec 21 12:15:11 2016 +0800
+++ b/jdk/test/sun/security/ssl/SSLContextImpl/TrustTrustedCert.java Tue Dec 20 23:09:27 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@
* @test
* @bug 7113275 8164846
* @summary compatibility issue with MD2 trust anchor and old X509TrustManager
+ * @library /javax/net/ssl/templates
* @run main/othervm TrustTrustedCert PKIX TLSv1.1 true
* @run main/othervm TrustTrustedCert PKIX TLSv1.1 false
* @run main/othervm TrustTrustedCert SunX509 TLSv1.1 false
@@ -40,7 +41,6 @@
*/
import java.net.*;
-import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.*;
@@ -49,21 +49,7 @@
import java.security.interfaces.*;
import java.util.Base64;
-
-public class TrustTrustedCert {
-
- /*
- * =============================================================
- * Set the various variables needed for the tests, then
- * specify what tests to run on each side.
- */
-
- /*
- * Should we run the client or server in a separate thread?
- * Both sides can throw exceptions, but do you have a preference
- * as to which side should be the main thread.
- */
- static boolean separateServerThread = false;
+public class TrustTrustedCert extends SSLSocketTemplate {
/*
* Certificates and key used in the test.
@@ -124,89 +110,61 @@
"A5kokFb+E3Gplu29tJvCUpfwgBFRS+wmkvtiaU/tiyDcVgDO+An5DwedxxdVzqiE\n" +
"njWHoKY3axDQ8OU=\n";
-
static char passphrase[] = "passphrase".toCharArray();
- /*
- * Is the server ready to serve?
- */
- volatile static boolean serverReady = false;
-
- /*
- * Turn on SSL debugging?
- */
- static boolean debug = false;
+ @Override
+ protected SSLContext createServerSSLContext() throws Exception {
+ return generateSSLContext();
+ }
- /*
- * Define the server side of the test.
- *
- * If the server prematurely exits, serverReady will be set to true
- * to avoid infinite hangs.
- */
- void doServerSide() throws Exception {
- SSLContext context = generateSSLContext();
- SSLServerSocketFactory sslssf = context.getServerSocketFactory();
- SSLServerSocket sslServerSocket =
- (SSLServerSocket)sslssf.createServerSocket(serverPort);
- sslServerSocket.setNeedClientAuth(true);
- serverPort = sslServerSocket.getLocalPort();
-
- /*
- * Signal Client, we're ready for his connect.
- */
- serverReady = true;
-
- SSLSocket sslSocket = (SSLSocket)sslServerSocket.accept();
- InputStream sslIS = sslSocket.getInputStream();
- OutputStream sslOS = sslSocket.getOutputStream();
-
- sslIS.read();
- sslOS.write('A');
- sslOS.flush();
-
- sslSocket.close();
+ @Override
+ protected void configureServerSocket(SSLServerSocket socket) {
+ socket.setNeedClientAuth(true);
}
- /*
- * Define the client side of the test.
- *
- * If the server prematurely exits, serverReady will be set to true
- * to avoid infinite hangs.
- */
- void doClientSide() throws Exception {
+ @Override
+ protected void runServerApplication(SSLSocket socket) throws Exception {
+ InputStream sslIS = socket.getInputStream();
+ OutputStream sslOS = socket.getOutputStream();
- /*
- * Wait for server to get started.
- */
- while (!serverReady) {
- Thread.sleep(50);
+ try {
+ sslIS.read();
+ sslOS.write('A');
+ sslOS.flush();
+ } catch (SSLHandshakeException e) {
+ if (expectFail && !e.toString().contains("certificate_unknown")) {
+ throw new RuntimeException(
+ "Expected to see certificate_unknown in exception output",
+ e);
+ }
}
+ }
- SSLSocket sslSocket = null;
- try {
- SSLContext context = generateSSLContext();
- SSLSocketFactory sslsf = context.getSocketFactory();
+ @Override
+ protected SSLContext createClientSSLContext() throws Exception {
+ return generateSSLContext();
+ }
- sslSocket = (SSLSocket)sslsf.createSocket("localhost", serverPort);
+ @Override
+ protected void runClientApplication(SSLSocket socket) throws Exception {
+ // enable the specified TLS protocol
+ socket.setEnabledProtocols(new String[] { tlsProtocol });
- // enable the specified TLS protocol
- sslSocket.setEnabledProtocols(new String[] {tlsProtocol});
+ InputStream sslIS = socket.getInputStream();
+ OutputStream sslOS = socket.getOutputStream();
- InputStream sslIS = sslSocket.getInputStream();
- OutputStream sslOS = sslSocket.getOutputStream();
+ try {
sslOS.write('B');
sslOS.flush();
sslIS.read();
} catch (SSLHandshakeException e) {
- // focus in on the CertPathValidatorException
+ // focus on the CertPathValidatorException
Throwable t = e.getCause().getCause();
- if ((t == null) || (expectFail &&
- !t.toString().contains("MD5withRSA"))) {
+ if ((t == null)
+ || (expectFail && !t.toString().contains("MD5withRSA"))) {
throw new RuntimeException(
- "Expected to see MD5withRSA in exception output " + t);
+ "Expected to see MD5withRSA in exception output", t);
}
- } finally {
- if (sslSocket != null) sslSocket.close();
}
}
@@ -343,13 +301,6 @@
}
}
-
- // use any free port by default
- volatile int serverPort = 0;
-
- volatile Exception serverException = null;
- volatile Exception clientException = null;
-
public static void main(String[] args) throws Exception {
/*
* Get the customized arguments.
@@ -367,144 +318,9 @@
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
- if (debug)
- System.setProperty("javax.net.debug", "all");
-
/*
* Start the tests.
*/
- new TrustTrustedCert();
- }
-
- Thread clientThread = null;
- Thread serverThread = null;
-
- /*
- * Primary constructor, used to drive remainder of the test.
- *
- * Fork off the other side, then do your work.
- */
- TrustTrustedCert() throws Exception {
- try {
- if (separateServerThread) {
- startServer(true);
- startClient(false);
- } else {
- startClient(true);
- startServer(false);
- }
- } catch (Exception e) {
- System.out.println("Unexpected exception: ");
- e.printStackTrace();
- }
-
- /*
- * Wait for other side to close down.
- */
- if (separateServerThread) {
- serverThread.join();
- } else {
- clientThread.join();
- }
-
- /*
- * When we get here, the test is pretty much over.
- * Which side threw the error?
- */
- Exception local;
- Exception remote;
- String whichRemote;
-
- if (separateServerThread) {
- remote = serverException;
- local = clientException;
- whichRemote = "server";
- } else {
- remote = clientException;
- local = serverException;
- whichRemote = "client";
- }
-
- /*
- * If both failed, return the curthread's exception, but also
- * print the remote side Exception
- */
- if ((local != null) && (remote != null)) {
- System.out.println(whichRemote + " also threw:");
- remote.printStackTrace();
- System.out.println();
- throw local;
- }
-
- if (remote != null) {
- throw remote;
- }
-
- if (local != null) {
- throw local;
- }
- }
-
- void startServer(boolean newThread) throws Exception {
- if (newThread) {
- serverThread = new Thread() {
- public void run() {
- try {
- doServerSide();
- } catch (Exception e) {
- /*
- * Our server thread just died.
- *
- * Release the client, if not active already...
- */
- System.err.println("Server died...");
- serverReady = true;
- if (!expectFail) {
- // only record if we weren't expecting.
- // client side will record exception
- serverException = e;
- }
- }
- }
- };
- serverThread.start();
- } else {
- try {
- doServerSide();
- } catch (Exception e) {
- // only record if we weren't expecting.
- // client side will record exception
- if (!expectFail) {
- serverException = e;
- }
- } finally {
- serverReady = true;
- }
- }
- }
-
- void startClient(boolean newThread) throws Exception {
- if (newThread) {
- clientThread = new Thread() {
- public void run() {
- try {
- doClientSide();
- } catch (Exception e) {
- /*
- * Our client thread just died.
- */
- System.err.println("Client died...");
- clientException = e;
- }
- }
- };
- clientThread.start();
- } else {
- try {
- doClientSide();
- } catch (Exception e) {
- clientException = e;
- }
- }
+ new TrustTrustedCert().run();
}
}