From 102d548b96b788e679b39f13cec74f027b670780 Mon Sep 17 00:00:00 2001 From: Fernando Guallini Date: Wed, 19 Feb 2025 12:25:57 +0100 Subject: [PATCH 1/6] removed @ignore from NonAutoClose and SetClientMode --- .../ssl/SSLSocketImpl/NonAutoClose.java | 26 +++++---- .../ssl/SSLSocketImpl/SetClientMode.java | 53 +++++++++---------- 2 files changed, 41 insertions(+), 38 deletions(-) diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java b/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java index 2209bd3a64857..8758bb5399e0c 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,10 +29,13 @@ /* * @test * @bug 4404399 - * @ignore this test does not work any more as the TLS spec changes the - * behaviors of close_notify. + * @comment this test does not work in TLSv1.3 as the spec changes the + * behaviors of close_notify. * @summary When a layered SSL socket is closed, it should wait for close_notify - * @run main/othervm NonAutoClose + * @library /test/lib + * @run main/othervm NonAutoClose TLSv1 + * @run main/othervm NonAutoClose TLSv1.1 + * @run main/othervm NonAutoClose TLSv1.2 * @author Brad Wetmore */ @@ -40,9 +43,7 @@ import java.net.ServerSocket; import java.net.Socket; import javax.net.ssl.*; -import java.security.cert.X509Certificate; -import java.security.cert.CertificateException; - +import jdk.test.lib.security.SecurityUtils; public class NonAutoClose { /* @@ -148,6 +149,7 @@ void doServerSide() throws Exception { SSLSocket ssls = (SSLSocket) sslsf.createSocket(plainSocket, SERVER_NAME, plainSocket.getPort(), false); + ssls.setEnabledProtocols(new String[] { protocol }); ssls.setUseClientMode(false); InputStream sslis = ssls.getInputStream(); OutputStream sslos = ssls.getOutputStream(); @@ -276,6 +278,10 @@ private void doClientSide() throws Exception { // Used for running test standalone public static void main(String[] args) throws Exception { + String protocol = args[0]; + if ("TLSv1".equals(protocol) || "TLSv1.1".equals(protocol)) { + SecurityUtils.removeFromDisabledTlsAlgs(protocol); + } System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); @@ -287,18 +293,20 @@ public static void main(String[] args) throws Exception { /* * Start the tests. */ - new NonAutoClose(); + new NonAutoClose(protocol); } private Thread clientThread = null; private Thread serverThread = null; + private final String protocol; /* * Primary constructor, used to drive remainder of the test. * * Fork off the other side, then do your work. */ - NonAutoClose() throws Exception { + NonAutoClose(String protocol) throws Exception { + this.protocol = protocol; if (separateServerThread) { startServer(true); startClient(false); diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java b/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java index 8eed2344bbc19..41e62b592499a 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,11 +27,13 @@ /* * @test * @bug 6223624 - * @ignore this test does not grant to work. The handshake may have completed - * when getSession() return. Please update or remove this test case. + * @library /test/lib * @summary SSLSocket.setUseClientMode() fails to throw expected * IllegalArgumentException - * @run main/othervm SetClientMode + * @run main/othervm SetClientMode TLSv1 + * @run main/othervm SetClientMode TLSv1.1 + * @run main/othervm SetClientMode TLSv1.2 + * @run main/othervm SetClientMode TLSv1.3 */ /* @@ -50,13 +52,14 @@ import java.io.*; import java.lang.*; import java.net.*; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.TimeUnit; import javax.net.ssl.*; -import java.security.*; -import java.security.cert.*; +import jdk.test.lib.security.SecurityUtils; public class SetClientMode { - private static String[] algorithms = {"TLS", "SSL", "SSLv3", "TLS"}; volatile int serverPort = 0; + private static final CountDownLatch handshakeComplete = new CountDownLatch(1); /* * Where do we find the keystores? @@ -72,6 +75,11 @@ public SetClientMode() { } public static void main(String[] args) throws Exception { + String protocol = args[0]; + + if ("TLSv1".equals(protocol) || "TLSv1.1".equals(protocol)) { + SecurityUtils.removeFromDisabledTlsAlgs(protocol); + } String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + keyStoreFile; @@ -84,16 +92,10 @@ public static void main(String[] args) throws Exception { System.setProperty("javax.net.ssl.trustStore", trustFilename); System.setProperty("javax.net.ssl.trustStorePassword", passwd); - new SetClientMode().run(); - } - - public void run() throws Exception { - for (int i = 0; i < algorithms.length; i++) { - testCombo( algorithms[i] ); - } + new SetClientMode().run(protocol); } - public void testCombo(String algorithm) throws Exception { + public void run(String protocol) throws Exception { Exception modeException = null ; // Create a server socket @@ -101,6 +103,7 @@ public void testCombo(String algorithm) throws Exception { (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); SSLServerSocket serverSocket = (SSLServerSocket)ssf.createServerSocket(serverPort); + serverSocket.setEnabledProtocols(new String[] { protocol }); serverPort = serverSocket.getLocalPort(); // Create a client socket @@ -120,6 +123,10 @@ public void testCombo(String algorithm) throws Exception { // force handshaking to complete connectedSocket.getSession(); + if (!handshakeComplete.await(5, TimeUnit.SECONDS)) { + throw new RuntimeException("Handshake didn't complete within 5 seconds."); + } + try { // Now try invoking setClientMode() on one // or the other of our two sockets. We expect @@ -149,8 +156,6 @@ public void testCombo(String algorithm) throws Exception { // start handshaking on the socket it's given. class SocketClient extends Thread { SSLSocket clientsideSocket; - Exception clientException = null; - boolean done = false; public SocketClient( SSLSocket s ) { clientsideSocket = s; @@ -158,7 +163,8 @@ public SocketClient( SSLSocket s ) { public void run() { try { - clientsideSocket.startHandshake(); + clientsideSocket.startHandshake(); + handshakeComplete.countDown(); // If we were to invoke setUseClientMode() // here, the expected exception will happen. @@ -166,24 +172,13 @@ public void run() { //clientsideSocket.setUseClientMode( false ); } catch ( Exception e ) { e.printStackTrace(); - clientException = e; } finally { - done = true; try { clientsideSocket.close(); } catch ( IOException e ) { // eat it } } - return; - } - - boolean isDone() { - return done; - } - - Exception getException() { - return clientException; } } } From 4a8ff24e2320e8c57b31e4c906233c997e2c8b53 Mon Sep 17 00:00:00 2001 From: Fernando Guallini Date: Wed, 19 Feb 2025 17:33:59 +0100 Subject: [PATCH 2/6] NonAutoClose.java and SetClientMode.java passing --- .../ssl/SSLSocketImpl/NonAutoClose.java | 308 ++++++------------ .../ssl/SSLSocketImpl/SetClientMode.java | 113 +++---- 2 files changed, 137 insertions(+), 284 deletions(-) diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java b/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java index 8758bb5399e0c..2c47d2fb706f2 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java @@ -40,24 +40,16 @@ */ import java.io.*; +import java.net.InetAddress; import java.net.ServerSocket; import java.net.Socket; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.TimeUnit; import javax.net.ssl.*; + import jdk.test.lib.security.SecurityUtils; public class NonAutoClose { - /* - * ============================================================= - * Set the various variables needed for the tests, then - * specify what tests to run on each side. - */ - - /* - * Should we run the client or server in a separate thread? - * Both sides can throw exceptions, but do you have a preference - * as to which side should be the main thread. - */ - private static boolean separateServerThread = true; /* * Where do we find the keystores? @@ -66,37 +58,23 @@ public class NonAutoClose { private final static String keyStoreFile = "keystore"; private final static String trustStoreFile = "truststore"; private final static String passwd = "passphrase"; - private final static char[] cpasswd = "passphrase".toCharArray(); /* * Is the server ready to serve? */ - volatile static boolean serverReady = false; + private static final CountDownLatch SERVER_READY = new CountDownLatch(1); /* * Turn on SSL debugging? */ private final static boolean DEBUG = false; - private final static boolean VERBOSE = true; - private final static int NUM_ITERATIONS = 10; + private final static int NUM_ITERATIONS = 10; private final static int PLAIN_SERVER_VAL = 1; private final static int PLAIN_CLIENT_VAL = 2; private final static int TLS_SERVER_VAL = 3; private final static int TLS_CLIENT_VAL = 4; - /* - * If the client or server is doing some kind of object creation - * that the other side depends on, and that thread prematurely - * exits, you may experience a hang. The test harness will - * terminate all hung threads after its timeout has expired, - * currently 3 minutes by default, but you might try to be - * smart about it.... - */ - - void expectValue(int got, int expected, String msg) throws IOException { - if (VERBOSE) { - System.err.println(msg + ": read (" + got + ")"); - } + private void expectValue(int got, int expected, String msg) throws IOException { if (got != expected) { throw new IOException(msg + ": read (" + got + ") but expecting(" + expected + ")"); @@ -106,154 +84,108 @@ void expectValue(int got, int expected, String msg) throws IOException { /* * Define the server side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. */ - - void doServerSide() throws Exception { - if (VERBOSE) { - System.err.println("Starting server"); - } - - /* - * Setup the SSL stuff - */ + private void doServerSide() throws Exception { + System.out.println("Starting server"); SSLSocketFactory sslsf = - (SSLSocketFactory) SSLSocketFactory.getDefault(); + (SSLSocketFactory) SSLSocketFactory.getDefault(); - ServerSocket serverSocket = new ServerSocket(SERVER_PORT); + try (ServerSocket serverSocket = new ServerSocket(SERVER_PORT)) { + SERVER_PORT = serverSocket.getLocalPort(); - SERVER_PORT = serverSocket.getLocalPort(); - - /* - * Signal Client, we're ready for his connect. - */ - serverReady = true; + /* + * Signal Client, we're ready for his connect. + */ + System.out.println("Signal server ready"); + SERVER_READY.countDown(); - Socket plainSocket = serverSocket.accept(); - InputStream is = plainSocket.getInputStream(); - OutputStream os = plainSocket.getOutputStream(); + try (Socket plainSocket = serverSocket.accept(); + InputStream is = plainSocket.getInputStream(); + OutputStream os = plainSocket.getOutputStream()) { - expectValue(is.read(), PLAIN_CLIENT_VAL, "Server"); + expectValue(is.read(), PLAIN_CLIENT_VAL, "Server"); - os.write(PLAIN_SERVER_VAL); - os.flush(); + os.write(PLAIN_SERVER_VAL); + os.flush(); - for (int i = 1; i <= NUM_ITERATIONS; i++) { - if (VERBOSE) { - System.err.println("================================="); - System.err.println("Server Iteration #" + i); - } + for (int i = 1; i <= NUM_ITERATIONS; i++) { + if (DEBUG) { + System.out.println("================================="); + System.out.println("Server Iteration #" + i); + } - SSLSocket ssls = (SSLSocket) sslsf.createSocket(plainSocket, - SERVER_NAME, plainSocket.getPort(), false); + try (SSLSocket ssls = (SSLSocket) sslsf.createSocket(plainSocket, + plainSocket.getInetAddress().getHostName(), + plainSocket.getPort(), false)) { - ssls.setEnabledProtocols(new String[] { protocol }); - ssls.setUseClientMode(false); - InputStream sslis = ssls.getInputStream(); - OutputStream sslos = ssls.getOutputStream(); + ssls.setEnabledProtocols(new String[]{protocol}); + ssls.setUseClientMode(false); + try (InputStream sslis = ssls.getInputStream(); + OutputStream sslos = ssls.getOutputStream()) { - expectValue(sslis.read(), TLS_CLIENT_VAL, "Server"); + expectValue(sslis.read(), TLS_CLIENT_VAL, "Server"); - sslos.write(TLS_SERVER_VAL); - sslos.flush(); + sslos.write(TLS_SERVER_VAL); + sslos.flush(); + } + } + } - sslis.close(); - sslos.close(); - ssls.close(); + expectValue(is.read(), PLAIN_CLIENT_VAL, "Server"); - if (VERBOSE) { - System.err.println("TLS socket is closed"); + os.write(PLAIN_SERVER_VAL); + os.flush(); } } - - expectValue(is.read(), PLAIN_CLIENT_VAL, "Server"); - - os.write(PLAIN_SERVER_VAL); - os.flush(); - - is.close(); - os.close(); - plainSocket.close(); - - if (VERBOSE) { - System.err.println("Server plain socket is closed"); - } } /* * Define the client side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. */ private void doClientSide() throws Exception { /* * Wait for server to get started. */ - while (!serverReady) { - Thread.sleep(50); + System.out.println("Waiting for server ready"); + if (!SERVER_READY.await(5, TimeUnit.SECONDS)) { + throw new RuntimeException("Server is not ready within 5 seconds."); } - if (VERBOSE) { - System.err.println("Starting client"); - } - - /* - * Setup the SSL stuff - */ SSLSocketFactory sslsf = - (SSLSocketFactory) SSLSocketFactory.getDefault(); - - Socket plainSocket = new Socket(SERVER_NAME, SERVER_PORT); - InputStream is = plainSocket.getInputStream(); - OutputStream os = plainSocket.getOutputStream(); - - os.write(PLAIN_CLIENT_VAL); - os.flush(); - - expectValue(is.read(), PLAIN_SERVER_VAL, "Client"); - - for (int i = 1; i <= NUM_ITERATIONS; i++) { - if (VERBOSE) { - System.err.println("==================================="); - System.err.println("Client Iteration #" + i); - } + (SSLSocketFactory) SSLSocketFactory.getDefault(); - SSLSocket ssls = (SSLSocket) sslsf.createSocket(plainSocket, - SERVER_NAME, plainSocket.getPort(), false); + try (Socket plainSocket = new Socket(InetAddress.getLocalHost(), SERVER_PORT); + InputStream is = plainSocket.getInputStream(); + OutputStream os = plainSocket.getOutputStream()) { - ssls.setUseClientMode(true); + os.write(PLAIN_CLIENT_VAL); + os.flush(); - InputStream sslis = ssls.getInputStream(); - OutputStream sslos = ssls.getOutputStream(); + expectValue(is.read(), PLAIN_SERVER_VAL, "Client"); - sslos.write(TLS_CLIENT_VAL); - sslos.flush(); + for (int i = 1; i <= NUM_ITERATIONS; i++) { + if (DEBUG) { + System.out.println("==================================="); + System.out.println("Client Iteration #" + i); + } + try (SSLSocket ssls = (SSLSocket) sslsf.createSocket(plainSocket, + plainSocket.getInetAddress().getHostName(), + plainSocket.getPort(), false); + InputStream sslis = ssls.getInputStream(); + OutputStream sslos = ssls.getOutputStream()) { - expectValue(sslis.read(), TLS_SERVER_VAL, "Client"); + ssls.setUseClientMode(true); - sslis.close(); - sslos.close(); - ssls.close(); + sslos.write(TLS_CLIENT_VAL); + sslos.flush(); - if (VERBOSE) { - System.err.println("Client TLS socket is closed"); + expectValue(sslis.read(), TLS_SERVER_VAL, "Client"); + } } - } - - os.write(PLAIN_CLIENT_VAL); - os.flush(); - expectValue(is.read(), PLAIN_SERVER_VAL, "Client"); - - is.close(); - os.close(); - plainSocket.close(); - - if (VERBOSE) { - System.err.println("Client plain socket is closed"); + os.write(PLAIN_CLIENT_VAL); + os.flush(); + expectValue(is.read(), PLAIN_SERVER_VAL, "Client"); } } @@ -263,20 +195,15 @@ private void doClientSide() throws Exception { */ private volatile int SERVER_PORT = 0; - private final static String SERVER_NAME = "localhost"; - - private volatile Exception serverException = null; private volatile Exception clientException = null; private final static String keyFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + keyStoreFile; + System.getProperty("test.src", ".") + "/" + pathToStores + + "/" + keyStoreFile; private final static String trustFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + trustStoreFile; + System.getProperty("test.src", ".") + "/" + pathToStores + + "/" + trustStoreFile; - - // Used for running test standalone public static void main(String[] args) throws Exception { String protocol = args[0]; if ("TLSv1".equals(protocol) || "TLSv1.1".equals(protocol)) { @@ -297,7 +224,6 @@ public static void main(String[] args) throws Exception { } private Thread clientThread = null; - private Thread serverThread = null; private final String protocol; /* @@ -307,82 +233,32 @@ public static void main(String[] args) throws Exception { */ NonAutoClose(String protocol) throws Exception { this.protocol = protocol; - if (separateServerThread) { - startServer(true); - startClient(false); - } else { - startClient(true); - startServer(false); - } + startClient(); + doServerSide(); /* * Wait for other side to close down. */ - if (separateServerThread) { - serverThread.join(); - } else { - clientThread.join(); - } + clientThread.join(); - /* - * When we get here, the test is pretty much over. - * - * If the main thread excepted, that propagates back - * immediately. If the other thread threw an exception, we - * should report back. - */ - if (serverException != null) { - System.err.print("Server Exception:"); - throw serverException; - } if (clientException != null) { System.err.print("Client Exception:"); throw clientException; } } - private void startServer(boolean newThread) throws Exception { - if (newThread) { - serverThread = new Thread() { - public void run() { - try { - doServerSide(); - } catch (Exception e) { - /* - * Our server thread just died. - * - * Release the client, if not active already... - */ - System.err.println("Server died..."); - serverReady = true; - serverException = e; - } - } - }; - serverThread.start(); - } else { - doServerSide(); - } - } - - private void startClient(boolean newThread) throws Exception { - if (newThread) { - clientThread = new Thread() { - public void run() { - try { - doClientSide(); - } catch (Exception e) { - /* - * Our client thread just died. - */ - System.err.println("Client died..."); - clientException = e; - } - } - }; - clientThread.start(); - } else { - doClientSide(); - } + private void startClient() { + clientThread = new Thread(() -> { + try { + doClientSide(); + } catch (Exception e) { + /* + * Our client thread just died. + */ + System.err.println("Client died..."); + clientException = e; + } + }); + clientThread.start(); } } diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java b/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java index 41e62b592499a..b116b6264d6f2 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java @@ -49,7 +49,6 @@ * occasionally on the very first iteration. */ -import java.io.*; import java.lang.*; import java.net.*; import java.util.concurrent.CountDownLatch; @@ -58,21 +57,16 @@ import jdk.test.lib.security.SecurityUtils; public class SetClientMode { - volatile int serverPort = 0; - private static final CountDownLatch handshakeComplete = new CountDownLatch(1); + private volatile int serverPort = 0; + private static final CountDownLatch HANDSHAKE_COMPLETE = new CountDownLatch(1); /* * Where do we find the keystores? */ - static String pathToStores = "../../../../javax/net/ssl/etc"; - static String keyStoreFile = "keystore"; - static String trustStoreFile = "truststore"; - static String passwd = "passphrase"; - - - public SetClientMode() { - // trivial constructor - } + private final static String pathToStores = "../../../../javax/net/ssl/etc"; + private final static String keyStoreFile = "keystore"; + private final static String trustStoreFile = "truststore"; + private final static String passwd = "passphrase"; public static void main(String[] args) throws Exception { String protocol = args[0]; @@ -96,88 +90,71 @@ public static void main(String[] args) throws Exception { } public void run(String protocol) throws Exception { - Exception modeException = null ; - // Create a server socket SSLServerSocketFactory ssf = - (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); - SSLServerSocket serverSocket = - (SSLServerSocket)ssf.createServerSocket(serverPort); - serverSocket.setEnabledProtocols(new String[] { protocol }); - serverPort = serverSocket.getLocalPort(); + (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); - // Create a client socket - SSLSocketFactory sf = (SSLSocketFactory)SSLSocketFactory.getDefault(); - SSLSocket clientSocket = (SSLSocket)sf.createSocket( - InetAddress.getLocalHost(), - serverPort ); + try (SSLServerSocket serverSocket = + (SSLServerSocket) ssf.createServerSocket(serverPort)) { + serverSocket.setEnabledProtocols(new String[]{ protocol }); + serverPort = serverSocket.getLocalPort(); - // Create a client which will use the SSLSocket to talk to the server - SocketClient client = new SocketClient(clientSocket); + // Create a client socket + SSLSocketFactory sf = (SSLSocketFactory) SSLSocketFactory.getDefault(); - // Start the client and then accept any connection - client.start(); + try (SSLSocket clientSocket = (SSLSocket) sf.createSocket( + InetAddress.getLocalHost(), + serverPort)) { - SSLSocket connectedSocket = (SSLSocket)serverSocket.accept(); + // Create a client which will use the SSLSocket to talk to the server + Client client = new Client(clientSocket); - // force handshaking to complete - connectedSocket.getSession(); + // Start the client and then accept any connection + client.start(); - if (!handshakeComplete.await(5, TimeUnit.SECONDS)) { - throw new RuntimeException("Handshake didn't complete within 5 seconds."); - } + SSLSocket connectedSocket = (SSLSocket) serverSocket.accept(); + + // force handshaking to complete + connectedSocket.getSession(); - try { - // Now try invoking setClientMode() on one - // or the other of our two sockets. We expect - // to see an IllegalArgumentException because - // handshaking has begun. - clientSocket.setUseClientMode(false); - - modeException = new Exception("no IllegalArgumentException"); - } catch (IllegalArgumentException iae) { - System.out.println("succeeded, we can't set the client mode"); - } catch (Exception e) { - modeException = e; - } finally { - // Shut down. - connectedSocket.close(); - serverSocket.close(); - - if (modeException != null) { - throw modeException; + if (!HANDSHAKE_COMPLETE.await(5, TimeUnit.SECONDS)) { + throw new RuntimeException("Handshake didn't complete within 5 seconds."); + } + + try { + // Now try invoking setClientMode() on the client socket. + // We expect to see an IllegalArgumentException because + // handshaking has begun. + clientSocket.setUseClientMode(false); + + throw new RuntimeException("no IllegalArgumentException"); + } catch (IllegalArgumentException iae) { + System.out.println("succeeded, we can't set the client mode"); + } } } - - return; } // A thread-based client which does nothing except // start handshaking on the socket it's given. - class SocketClient extends Thread { - SSLSocket clientsideSocket; + static class Client extends Thread { + private final SSLSocket socket; - public SocketClient( SSLSocket s ) { - clientsideSocket = s; + public Client(SSLSocket s ) { + socket = s; } public void run() { try { - clientsideSocket.startHandshake(); - handshakeComplete.countDown(); + socket.startHandshake(); + HANDSHAKE_COMPLETE.countDown(); // If we were to invoke setUseClientMode() // here, the expected exception will happen. //clientsideSocket.getSession(); //clientsideSocket.setUseClientMode( false ); - } catch ( Exception e ) { + } catch (Exception e ) { e.printStackTrace(); - } finally { - try { - clientsideSocket.close(); - } catch ( IOException e ) { - // eat it - } } } } From 50a2d9390460abed5b1c548ebee5d4eefea81246 Mon Sep 17 00:00:00 2001 From: Fernando Guallini Date: Thu, 20 Feb 2025 12:10:34 +0100 Subject: [PATCH 3/6] SetClientMode minor cleanup --- .../security/ssl/SSLSocketImpl/SetClientMode.java | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java b/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java index b116b6264d6f2..a75ea9d71393c 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java @@ -72,7 +72,7 @@ public static void main(String[] args) throws Exception { String protocol = args[0]; if ("TLSv1".equals(protocol) || "TLSv1.1".equals(protocol)) { - SecurityUtils.removeFromDisabledTlsAlgs(protocol); + SecurityUtils.removeFromDisabledTlsAlgs(protocol); } String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + @@ -95,7 +95,7 @@ public void run(String protocol) throws Exception { (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); try (SSLServerSocket serverSocket = - (SSLServerSocket) ssf.createServerSocket(serverPort)) { + (SSLServerSocket) ssf.createServerSocket(serverPort)) { serverSocket.setEnabledProtocols(new String[]{ protocol }); serverPort = serverSocket.getLocalPort(); @@ -140,7 +140,7 @@ public void run(String protocol) throws Exception { static class Client extends Thread { private final SSLSocket socket; - public Client(SSLSocket s ) { + public Client(SSLSocket s) { socket = s; } @@ -148,12 +148,7 @@ public void run() { try { socket.startHandshake(); HANDSHAKE_COMPLETE.countDown(); - - // If we were to invoke setUseClientMode() - // here, the expected exception will happen. - //clientsideSocket.getSession(); - //clientsideSocket.setUseClientMode( false ); - } catch (Exception e ) { + } catch (Exception e) { e.printStackTrace(); } } From b6ac1491d5e4dfba52b96d71ecc961c0ed23bba4 Mon Sep 17 00:00:00 2001 From: Fernando Guallini Date: Thu, 6 Mar 2025 09:11:40 -0300 Subject: [PATCH 4/6] SSLContextTemplate and using asserts --- .../ssl/SSLSocketImpl/NonAutoClose.java | 51 +++++-------------- .../ssl/SSLSocketImpl/SetClientMode.java | 28 ++-------- 2 files changed, 16 insertions(+), 63 deletions(-) diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java b/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java index 2c47d2fb706f2..aee3009189394 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java @@ -32,7 +32,7 @@ * @comment this test does not work in TLSv1.3 as the spec changes the * behaviors of close_notify. * @summary When a layered SSL socket is closed, it should wait for close_notify - * @library /test/lib + * @library /test/lib /javax/net/ssl/templates * @run main/othervm NonAutoClose TLSv1 * @run main/othervm NonAutoClose TLSv1.1 * @run main/othervm NonAutoClose TLSv1.2 @@ -49,15 +49,9 @@ import jdk.test.lib.security.SecurityUtils; -public class NonAutoClose { +import static jdk.test.lib.Asserts.assertEquals; - /* - * Where do we find the keystores? - */ - private final static String pathToStores = "../../../../javax/net/ssl/etc"; - private final static String keyStoreFile = "keystore"; - private final static String trustStoreFile = "truststore"; - private final static String passwd = "passphrase"; +public class NonAutoClose extends SSLContextTemplate { /* * Is the server ready to serve? @@ -67,28 +61,19 @@ public class NonAutoClose { /* * Turn on SSL debugging? */ - private final static boolean DEBUG = false; + private final static boolean DEBUG = Boolean.getBoolean("test.debug"); private final static int NUM_ITERATIONS = 10; private final static int PLAIN_SERVER_VAL = 1; private final static int PLAIN_CLIENT_VAL = 2; private final static int TLS_SERVER_VAL = 3; private final static int TLS_CLIENT_VAL = 4; - private void expectValue(int got, int expected, String msg) throws IOException { - if (got != expected) { - throw new IOException(msg + ": read (" + got - + ") but expecting(" + expected + ")"); - } - } - - /* * Define the server side of the test. */ private void doServerSide() throws Exception { System.out.println("Starting server"); - SSLSocketFactory sslsf = - (SSLSocketFactory) SSLSocketFactory.getDefault(); + SSLSocketFactory sslsf = createServerSSLContext().getSocketFactory(); try (ServerSocket serverSocket = new ServerSocket(SERVER_PORT)) { SERVER_PORT = serverSocket.getLocalPort(); @@ -103,7 +88,7 @@ private void doServerSide() throws Exception { InputStream is = plainSocket.getInputStream(); OutputStream os = plainSocket.getOutputStream()) { - expectValue(is.read(), PLAIN_CLIENT_VAL, "Server"); + assertEquals(PLAIN_CLIENT_VAL, is.read()); os.write(PLAIN_SERVER_VAL); os.flush(); @@ -123,7 +108,7 @@ private void doServerSide() throws Exception { try (InputStream sslis = ssls.getInputStream(); OutputStream sslos = ssls.getOutputStream()) { - expectValue(sslis.read(), TLS_CLIENT_VAL, "Server"); + assertEquals(TLS_CLIENT_VAL, sslis.read()); sslos.write(TLS_SERVER_VAL); sslos.flush(); @@ -131,7 +116,7 @@ private void doServerSide() throws Exception { } } - expectValue(is.read(), PLAIN_CLIENT_VAL, "Server"); + assertEquals(PLAIN_CLIENT_VAL, is.read()); os.write(PLAIN_SERVER_VAL); os.flush(); @@ -151,8 +136,7 @@ private void doClientSide() throws Exception { throw new RuntimeException("Server is not ready within 5 seconds."); } - SSLSocketFactory sslsf = - (SSLSocketFactory) SSLSocketFactory.getDefault(); + SSLSocketFactory sslsf = createClientSSLContext().getSocketFactory(); try (Socket plainSocket = new Socket(InetAddress.getLocalHost(), SERVER_PORT); InputStream is = plainSocket.getInputStream(); @@ -161,7 +145,7 @@ private void doClientSide() throws Exception { os.write(PLAIN_CLIENT_VAL); os.flush(); - expectValue(is.read(), PLAIN_SERVER_VAL, "Client"); + assertEquals(PLAIN_SERVER_VAL, is.read()); for (int i = 1; i <= NUM_ITERATIONS; i++) { if (DEBUG) { @@ -179,13 +163,13 @@ private void doClientSide() throws Exception { sslos.write(TLS_CLIENT_VAL); sslos.flush(); - expectValue(sslis.read(), TLS_SERVER_VAL, "Client"); + assertEquals(TLS_SERVER_VAL, sslis.read()); } } os.write(PLAIN_CLIENT_VAL); os.flush(); - expectValue(is.read(), PLAIN_SERVER_VAL, "Client"); + assertEquals(PLAIN_SERVER_VAL, is.read()); } } @@ -197,22 +181,11 @@ private void doClientSide() throws Exception { private volatile int SERVER_PORT = 0; private volatile Exception clientException = null; - private final static String keyFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + keyStoreFile; - private final static String trustFilename = - System.getProperty("test.src", ".") + "/" + pathToStores + - "/" + trustStoreFile; - public static void main(String[] args) throws Exception { String protocol = args[0]; if ("TLSv1".equals(protocol) || "TLSv1.1".equals(protocol)) { SecurityUtils.removeFromDisabledTlsAlgs(protocol); } - System.setProperty("javax.net.ssl.keyStore", keyFilename); - System.setProperty("javax.net.ssl.keyStorePassword", passwd); - System.setProperty("javax.net.ssl.trustStore", trustFilename); - System.setProperty("javax.net.ssl.trustStorePassword", passwd); if (DEBUG) System.setProperty("javax.net.debug", "all"); diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java b/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java index a75ea9d71393c..3bf1f8f589d08 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java @@ -27,7 +27,7 @@ /* * @test * @bug 6223624 - * @library /test/lib + * @library /test/lib /javax/net/ssl/templates * @summary SSLSocket.setUseClientMode() fails to throw expected * IllegalArgumentException * @run main/othervm SetClientMode TLSv1 @@ -56,43 +56,23 @@ import javax.net.ssl.*; import jdk.test.lib.security.SecurityUtils; -public class SetClientMode { +public class SetClientMode extends SSLContextTemplate { private volatile int serverPort = 0; private static final CountDownLatch HANDSHAKE_COMPLETE = new CountDownLatch(1); - /* - * Where do we find the keystores? - */ - private final static String pathToStores = "../../../../javax/net/ssl/etc"; - private final static String keyStoreFile = "keystore"; - private final static String trustStoreFile = "truststore"; - private final static String passwd = "passphrase"; - public static void main(String[] args) throws Exception { String protocol = args[0]; if ("TLSv1".equals(protocol) || "TLSv1.1".equals(protocol)) { SecurityUtils.removeFromDisabledTlsAlgs(protocol); } - String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + trustStoreFile; - - System.setProperty("javax.net.ssl.keyStore", keyFilename); - System.setProperty("javax.net.ssl.keyStorePassword", passwd); - System.setProperty("javax.net.ssl.trustStore", trustFilename); - System.setProperty("javax.net.ssl.trustStorePassword", passwd); new SetClientMode().run(protocol); } public void run(String protocol) throws Exception { // Create a server socket - SSLServerSocketFactory ssf = - (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); + SSLServerSocketFactory ssf = createServerSSLContext().getServerSocketFactory(); try (SSLServerSocket serverSocket = (SSLServerSocket) ssf.createServerSocket(serverPort)) { @@ -100,7 +80,7 @@ public void run(String protocol) throws Exception { serverPort = serverSocket.getLocalPort(); // Create a client socket - SSLSocketFactory sf = (SSLSocketFactory) SSLSocketFactory.getDefault(); + SSLSocketFactory sf = createClientSSLContext().getSocketFactory(); try (SSLSocket clientSocket = (SSLSocket) sf.createSocket( InetAddress.getLocalHost(), From 0133c60ff527e07176479732715cb4e24dffd1ca Mon Sep 17 00:00:00 2001 From: Fernando Guallini Date: Thu, 20 Mar 2025 12:02:30 +0100 Subject: [PATCH 5/6] latch await --- test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java | 5 +---- test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java b/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java index aee3009189394..82f3b7d153777 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/NonAutoClose.java @@ -44,7 +44,6 @@ import java.net.ServerSocket; import java.net.Socket; import java.util.concurrent.CountDownLatch; -import java.util.concurrent.TimeUnit; import javax.net.ssl.*; import jdk.test.lib.security.SecurityUtils; @@ -132,9 +131,7 @@ private void doClientSide() throws Exception { * Wait for server to get started. */ System.out.println("Waiting for server ready"); - if (!SERVER_READY.await(5, TimeUnit.SECONDS)) { - throw new RuntimeException("Server is not ready within 5 seconds."); - } + SERVER_READY.await(); SSLSocketFactory sslsf = createClientSSLContext().getSocketFactory(); diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java b/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java index 3bf1f8f589d08..f40734f281e09 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java @@ -52,7 +52,6 @@ import java.lang.*; import java.net.*; import java.util.concurrent.CountDownLatch; -import java.util.concurrent.TimeUnit; import javax.net.ssl.*; import jdk.test.lib.security.SecurityUtils; @@ -97,9 +96,7 @@ public void run(String protocol) throws Exception { // force handshaking to complete connectedSocket.getSession(); - if (!HANDSHAKE_COMPLETE.await(5, TimeUnit.SECONDS)) { - throw new RuntimeException("Handshake didn't complete within 5 seconds."); - } + HANDSHAKE_COMPLETE.await(); try { // Now try invoking setClientMode() on the client socket. From 2741a197a77bddff35e7dbaa69fc65b3d6ef7522 Mon Sep 17 00:00:00 2001 From: Fernando Guallini Date: Fri, 21 Mar 2025 11:20:23 +0100 Subject: [PATCH 6/6] using assertThrows --- .../ssl/SSLSocketImpl/SetClientMode.java | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java b/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java index f40734f281e09..4b55ac6ea9048 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SetClientMode.java @@ -55,6 +55,8 @@ import javax.net.ssl.*; import jdk.test.lib.security.SecurityUtils; +import static jdk.test.lib.Asserts.assertThrows; + public class SetClientMode extends SSLContextTemplate { private volatile int serverPort = 0; private static final CountDownLatch HANDSHAKE_COMPLETE = new CountDownLatch(1); @@ -98,16 +100,11 @@ public void run(String protocol) throws Exception { HANDSHAKE_COMPLETE.await(); - try { - // Now try invoking setClientMode() on the client socket. - // We expect to see an IllegalArgumentException because - // handshaking has begun. - clientSocket.setUseClientMode(false); - - throw new RuntimeException("no IllegalArgumentException"); - } catch (IllegalArgumentException iae) { - System.out.println("succeeded, we can't set the client mode"); - } + // Now try invoking setClientMode() on the client socket. + // We expect to see an IllegalArgumentException because + // handshaking has begun. + assertThrows(IllegalArgumentException.class, + () -> clientSocket.setUseClientMode(false)); } } }