|
|
177697 |
# HG changeset patch
|
|
|
177697 |
# User Andrew John Hughes <gnu.andrew@redhat.com>
|
|
|
177697 |
# Date 1453759602 0
|
|
|
177697 |
# Mon Jan 25 22:06:42 2016 +0000
|
|
|
177697 |
# Node ID 412e3ce4141e2ddb01c8fb099fc0823d783e7b3d
|
|
|
177697 |
# Parent 33e9441c53fc29f1aa1f496eedda845b6e405473
|
|
|
177697 |
S8076221, PR2808: Disable RC4 cipher suites
|
|
|
177697 |
|
|
|
177697 |
2016-01-25 Andrew John Hughes <gnu.andrew@redhat.com>
|
|
|
177697 |
|
|
|
177697 |
* Makefile.am:
|
|
|
177697 |
(ICEDTEA_PATCHES): Add new patches.
|
|
|
177697 |
* NEWS: Updated.
|
|
|
177697 |
* patches/openjdk/8076221-pr2808-disable_rc4_cipher_suites.patch:
|
|
|
177697 |
Backport of 8076221 to OpenJDK 6 b38.
|
|
|
177697 |
* patches/openjdk/8078823-disabledalgorithms_fails_intermittently.patch:
|
|
|
177697 |
Improve reliability of DisabledAlgorithms test.
|
|
|
177697 |
* patches/pr2808-fix_disabled_algorithms_test.patch:
|
|
|
177697 |
Remove Java 7 features from new DisabledAlgorithms test.
|
|
|
177697 |
|
|
|
177697 |
diff -r 33e9441c53fc -r 412e3ce4141e patches/openjdk/8076221-pr2808-disable_rc4_cipher_suites.patch
|
|
|
177697 |
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
|
|
|
177697 |
+++ b/patches/openjdk/8076221-pr2808-disable_rc4_cipher_suites.patch Mon Jan 25 22:06:42 2016 +0000
|
|
|
177697 |
@@ -0,0 +1,553 @@
|
|
|
177697 |
+# HG changeset patch
|
|
|
177697 |
+# User xuelei
|
|
|
177697 |
+# Date 1429096621 0
|
|
|
177697 |
+# Wed Apr 15 11:17:01 2015 +0000
|
|
|
177697 |
+# Node ID 6a24fc5e32a359335538bfa453040fc2d9ba13e9
|
|
|
177697 |
+# Parent fe93a8cd20a56dc59e5f2464d7e6bd0d52b807b3
|
|
|
177697 |
+8076221: Disable RC4 cipher suites
|
|
|
177697 |
+Reviewed-by: xuelei, wetmore
|
|
|
177697 |
+
|
|
|
177697 |
+diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux
|
|
|
177697 |
+--- openjdk.orig/jdk/src/share/lib/security/java.security-linux 2016-01-20 01:47:58.000000000 +0000
|
|
|
177697 |
++++ openjdk/jdk/src/share/lib/security/java.security-linux 2016-01-25 20:25:35.722972332 +0000
|
|
|
177697 |
+@@ -451,7 +451,7 @@
|
|
|
177697 |
+ #
|
|
|
177697 |
+ # Example:
|
|
|
177697 |
+ # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
|
|
|
177697 |
+-jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
|
|
|
177697 |
++jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
|
|
|
177697 |
+
|
|
|
177697 |
+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
|
|
|
177697 |
+ # processing in JSSE implementation.
|
|
|
177697 |
+diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security-solaris openjdk/jdk/src/share/lib/security/java.security-solaris
|
|
|
177697 |
+--- openjdk.orig/jdk/src/share/lib/security/java.security-solaris 2016-01-20 01:47:58.000000000 +0000
|
|
|
177697 |
++++ openjdk/jdk/src/share/lib/security/java.security-solaris 2016-01-25 20:24:27.088115212 +0000
|
|
|
177697 |
+@@ -411,7 +411,7 @@
|
|
|
177697 |
+ #
|
|
|
177697 |
+ # Example:
|
|
|
177697 |
+ # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
|
|
|
177697 |
+-jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
|
|
|
177697 |
++jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
|
|
|
177697 |
+
|
|
|
177697 |
+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
|
|
|
177697 |
+ # processing in JSSE implementation.
|
|
|
177697 |
+diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security-windows openjdk/jdk/src/share/lib/security/java.security-windows
|
|
|
177697 |
+--- openjdk.orig/jdk/src/share/lib/security/java.security-windows 2016-01-20 01:47:58.000000000 +0000
|
|
|
177697 |
++++ openjdk/jdk/src/share/lib/security/java.security-windows 2016-01-25 20:23:50.300727758 +0000
|
|
|
177697 |
+@@ -428,7 +428,7 @@
|
|
|
177697 |
+ #
|
|
|
177697 |
+ # Example:
|
|
|
177697 |
+ # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
|
|
|
177697 |
+-jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
|
|
|
177697 |
++jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
|
|
|
177697 |
+
|
|
|
177697 |
+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
|
|
|
177697 |
+ # processing in JSSE implementation.
|
|
|
177697 |
+diff -Nru openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
|
|
|
177697 |
+--- openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java 1970-01-01 01:00:00.000000000 +0100
|
|
|
177697 |
++++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java 2016-01-25 20:17:49.902742622 +0000
|
|
|
177697 |
+@@ -0,0 +1,362 @@
|
|
|
177697 |
++/*
|
|
|
177697 |
++ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
|
|
|
177697 |
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
177697 |
++ *
|
|
|
177697 |
++ * This code is free software; you can redistribute it and/or modify it
|
|
|
177697 |
++ * under the terms of the GNU General Public License version 2 only, as
|
|
|
177697 |
++ * published by the Free Software Foundation.
|
|
|
177697 |
++ *
|
|
|
177697 |
++ * This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
177697 |
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
177697 |
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
177697 |
++ * version 2 for more details (a copy is included in the LICENSE file that
|
|
|
177697 |
++ * accompanied this code).
|
|
|
177697 |
++ *
|
|
|
177697 |
++ * You should have received a copy of the GNU General Public License version
|
|
|
177697 |
++ * 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
177697 |
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
177697 |
++ *
|
|
|
177697 |
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
|
177697 |
++ * or visit www.oracle.com if you need additional information or have any
|
|
|
177697 |
++ * questions.
|
|
|
177697 |
++ */
|
|
|
177697 |
++
|
|
|
177697 |
++import java.io.BufferedInputStream;
|
|
|
177697 |
++import java.io.BufferedOutputStream;
|
|
|
177697 |
++import java.io.IOException;
|
|
|
177697 |
++import java.io.InputStream;
|
|
|
177697 |
++import java.io.OutputStream;
|
|
|
177697 |
++import java.security.NoSuchAlgorithmException;
|
|
|
177697 |
++import java.security.Security;
|
|
|
177697 |
++import java.util.concurrent.TimeUnit;
|
|
|
177697 |
++import javax.net.ssl.SSLContext;
|
|
|
177697 |
++import javax.net.ssl.SSLHandshakeException;
|
|
|
177697 |
++import javax.net.ssl.SSLServerSocket;
|
|
|
177697 |
++import javax.net.ssl.SSLServerSocketFactory;
|
|
|
177697 |
++import javax.net.ssl.SSLSocket;
|
|
|
177697 |
++import javax.net.ssl.SSLSocketFactory;
|
|
|
177697 |
++
|
|
|
177697 |
++/**
|
|
|
177697 |
++ * @test
|
|
|
177697 |
++ * @bug 8076221
|
|
|
177697 |
++ * @summary Check if weak cipher suites are disabled
|
|
|
177697 |
++ * @run main/othervm DisabledAlgorithms default
|
|
|
177697 |
++ * @run main/othervm DisabledAlgorithms empty
|
|
|
177697 |
++ */
|
|
|
177697 |
++public class DisabledAlgorithms {
|
|
|
177697 |
++
|
|
|
177697 |
++ private static final String pathToStores =
|
|
|
177697 |
++ "../../../../sun/security/ssl/etc";
|
|
|
177697 |
++ private static final String keyStoreFile = "keystore";
|
|
|
177697 |
++ private static final String trustStoreFile = "truststore";
|
|
|
177697 |
++ private static final String passwd = "passphrase";
|
|
|
177697 |
++
|
|
|
177697 |
++ private static final String keyFilename =
|
|
|
177697 |
++ System.getProperty("test.src", "./") + "/" + pathToStores +
|
|
|
177697 |
++ "/" + keyStoreFile;
|
|
|
177697 |
++
|
|
|
177697 |
++ private static final String trustFilename =
|
|
|
177697 |
++ System.getProperty("test.src", "./") + "/" + pathToStores +
|
|
|
177697 |
++ "/" + trustStoreFile;
|
|
|
177697 |
++
|
|
|
177697 |
++ // supported RC4 cipher suites
|
|
|
177697 |
++ // it does not contain KRB5 cipher suites because they need a KDC
|
|
|
177697 |
++ private static final String[] rc4_ciphersuites = new String[] {
|
|
|
177697 |
++ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
|
|
|
177697 |
++ "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
|
|
|
177697 |
++ "SSL_RSA_WITH_RC4_128_SHA",
|
|
|
177697 |
++ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
|
|
|
177697 |
++ "TLS_ECDH_RSA_WITH_RC4_128_SHA",
|
|
|
177697 |
++ "SSL_RSA_WITH_RC4_128_MD5",
|
|
|
177697 |
++ "TLS_ECDH_anon_WITH_RC4_128_SHA",
|
|
|
177697 |
++ "SSL_DH_anon_WITH_RC4_128_MD5"
|
|
|
177697 |
++ };
|
|
|
177697 |
++
|
|
|
177697 |
++ public static void main(String[] args) throws Exception {
|
|
|
177697 |
++ if (args.length < 1) {
|
|
|
177697 |
++ throw new RuntimeException("No parameters specified");
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ System.setProperty("javax.net.ssl.keyStore", keyFilename);
|
|
|
177697 |
++ System.setProperty("javax.net.ssl.keyStorePassword", passwd);
|
|
|
177697 |
++ System.setProperty("javax.net.ssl.trustStore", trustFilename);
|
|
|
177697 |
++ System.setProperty("javax.net.ssl.trustStorePassword", passwd);
|
|
|
177697 |
++
|
|
|
177697 |
++ switch (args[0]) {
|
|
|
177697 |
++ case "default":
|
|
|
177697 |
++ // use default jdk.tls.disabledAlgorithms
|
|
|
177697 |
++ System.out.println("jdk.tls.disabledAlgorithms = "
|
|
|
177697 |
++ + Security.getProperty("jdk.tls.disabledAlgorithms"));
|
|
|
177697 |
++
|
|
|
177697 |
++ // check if RC4 cipher suites can't be used by default
|
|
|
177697 |
++ checkFailure(rc4_ciphersuites);
|
|
|
177697 |
++ break;
|
|
|
177697 |
++ case "empty":
|
|
|
177697 |
++ // reset jdk.tls.disabledAlgorithms
|
|
|
177697 |
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
|
|
|
177697 |
++ System.out.println("jdk.tls.disabledAlgorithms = "
|
|
|
177697 |
++ + Security.getProperty("jdk.tls.disabledAlgorithms"));
|
|
|
177697 |
++
|
|
|
177697 |
++ // check if RC4 cipher suites can be used
|
|
|
177697 |
++ // if jdk.tls.disabledAlgorithms is empty
|
|
|
177697 |
++ checkSuccess(rc4_ciphersuites);
|
|
|
177697 |
++ break;
|
|
|
177697 |
++ default:
|
|
|
177697 |
++ throw new RuntimeException("Wrong parameter: " + args[0]);
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ /*
|
|
|
177697 |
++ * Checks if that specified cipher suites cannot be used.
|
|
|
177697 |
++ */
|
|
|
177697 |
++ private static void checkFailure(String[] ciphersuites) throws Exception {
|
|
|
177697 |
++ try (SSLServer server = SSLServer.init(ciphersuites)) {
|
|
|
177697 |
++ startNewThread(server);
|
|
|
177697 |
++ while (!server.isRunning()) {
|
|
|
177697 |
++ sleep();
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ int port = server.getPort();
|
|
|
177697 |
++ for (String ciphersuite : ciphersuites) {
|
|
|
177697 |
++ try (SSLClient client = SSLClient.init(port, ciphersuite)) {
|
|
|
177697 |
++ client.connect();
|
|
|
177697 |
++ throw new RuntimeException("Expected SSLHandshakeException "
|
|
|
177697 |
++ + "not thrown");
|
|
|
177697 |
++ } catch (SSLHandshakeException e) {
|
|
|
177697 |
++ System.out.println("Expected exception on client side: "
|
|
|
177697 |
++ + e);
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ server.stop();
|
|
|
177697 |
++ while (server.isRunning()) {
|
|
|
177697 |
++ sleep();
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ if (!server.sslError()) {
|
|
|
177697 |
++ throw new RuntimeException("Expected SSL exception "
|
|
|
177697 |
++ + "not thrown on server side");
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ /*
|
|
|
177697 |
++ * Checks if specified cipher suites can be used.
|
|
|
177697 |
++ */
|
|
|
177697 |
++ private static void checkSuccess(String[] ciphersuites) throws Exception {
|
|
|
177697 |
++ try (SSLServer server = SSLServer.init(ciphersuites)) {
|
|
|
177697 |
++ startNewThread(server);
|
|
|
177697 |
++ while (!server.isRunning()) {
|
|
|
177697 |
++ sleep();
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ int port = server.getPort();
|
|
|
177697 |
++ for (String ciphersuite : ciphersuites) {
|
|
|
177697 |
++ try (SSLClient client = SSLClient.init(port, ciphersuite)) {
|
|
|
177697 |
++ client.connect();
|
|
|
177697 |
++ String negotiated = client.getNegotiatedCipherSuite();
|
|
|
177697 |
++ System.out.println("Negotiated cipher suite: "
|
|
|
177697 |
++ + negotiated);
|
|
|
177697 |
++ if (!negotiated.equals(ciphersuite)) {
|
|
|
177697 |
++ throw new RuntimeException("Unexpected cipher suite: "
|
|
|
177697 |
++ + negotiated);
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ server.stop();
|
|
|
177697 |
++ while (server.isRunning()) {
|
|
|
177697 |
++ sleep();
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ if (server.error()) {
|
|
|
177697 |
++ throw new RuntimeException("Unexpected error on server side");
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ private static Thread startNewThread(SSLServer server) {
|
|
|
177697 |
++ Thread serverThread = new Thread(server, "SSL server thread");
|
|
|
177697 |
++ serverThread.setDaemon(true);
|
|
|
177697 |
++ serverThread.start();
|
|
|
177697 |
++ return serverThread;
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ private static void sleep() {
|
|
|
177697 |
++ try {
|
|
|
177697 |
++ TimeUnit.MILLISECONDS.sleep(50);
|
|
|
177697 |
++ } catch (InterruptedException e) {
|
|
|
177697 |
++ // do nothing
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ static class SSLServer implements Runnable, AutoCloseable {
|
|
|
177697 |
++
|
|
|
177697 |
++ private final SSLServerSocket ssocket;
|
|
|
177697 |
++ private volatile boolean stopped = false;
|
|
|
177697 |
++ private volatile boolean running = false;
|
|
|
177697 |
++ private volatile boolean sslError = false;
|
|
|
177697 |
++ private volatile boolean otherError = false;
|
|
|
177697 |
++
|
|
|
177697 |
++ private SSLServer(SSLServerSocket ssocket) {
|
|
|
177697 |
++ this.ssocket = ssocket;
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ @Override
|
|
|
177697 |
++ public void run() {
|
|
|
177697 |
++ System.out.println("Server: started");
|
|
|
177697 |
++ running = true;
|
|
|
177697 |
++ while (!stopped) {
|
|
|
177697 |
++ try (SSLSocket socket = (SSLSocket) ssocket.accept()) {
|
|
|
177697 |
++ System.out.println("Server: accepted client connection");
|
|
|
177697 |
++ InputStream in = socket.getInputStream();
|
|
|
177697 |
++ OutputStream out = socket.getOutputStream();
|
|
|
177697 |
++ int b = in.read();
|
|
|
177697 |
++ if (b < 0) {
|
|
|
177697 |
++ throw new IOException("Unexpected EOF");
|
|
|
177697 |
++ }
|
|
|
177697 |
++ System.out.println("Server: send data: " + b);
|
|
|
177697 |
++ out.write(b);
|
|
|
177697 |
++ out.flush();
|
|
|
177697 |
++ socket.getSession().invalidate();
|
|
|
177697 |
++ } catch (SSLHandshakeException e) {
|
|
|
177697 |
++ System.out.println("Server: run: " + e);
|
|
|
177697 |
++ sslError = true;
|
|
|
177697 |
++ } catch (IOException e) {
|
|
|
177697 |
++ if (!stopped) {
|
|
|
177697 |
++ System.out.println("Server: run: " + e);
|
|
|
177697 |
++ e.printStackTrace();
|
|
|
177697 |
++ otherError = true;
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ System.out.println("Server: finished");
|
|
|
177697 |
++ running = false;
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ int getPort() {
|
|
|
177697 |
++ return ssocket.getLocalPort();
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ String[] getEnabledCiperSuites() {
|
|
|
177697 |
++ return ssocket.getEnabledCipherSuites();
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ boolean isRunning() {
|
|
|
177697 |
++ return running;
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ boolean sslError() {
|
|
|
177697 |
++ return sslError;
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ boolean error() {
|
|
|
177697 |
++ return sslError || otherError;
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ void stop() {
|
|
|
177697 |
++ stopped = true;
|
|
|
177697 |
++ if (!ssocket.isClosed()) {
|
|
|
177697 |
++ try {
|
|
|
177697 |
++ ssocket.close();
|
|
|
177697 |
++ } catch (IOException e) {
|
|
|
177697 |
++ System.out.println("Server: close: " + e);
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ @Override
|
|
|
177697 |
++ public void close() {
|
|
|
177697 |
++ stop();
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ static SSLServer init(String[] ciphersuites)
|
|
|
177697 |
++ throws IOException {
|
|
|
177697 |
++ SSLServerSocketFactory ssf = (SSLServerSocketFactory)
|
|
|
177697 |
++ SSLServerSocketFactory.getDefault();
|
|
|
177697 |
++ SSLServerSocket ssocket = (SSLServerSocket)
|
|
|
177697 |
++ ssf.createServerSocket(0);
|
|
|
177697 |
++
|
|
|
177697 |
++ if (ciphersuites != null) {
|
|
|
177697 |
++ System.out.println("Server: enable cipher suites: "
|
|
|
177697 |
++ + java.util.Arrays.toString(ciphersuites));
|
|
|
177697 |
++ ssocket.setEnabledCipherSuites(ciphersuites);
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ return new SSLServer(ssocket);
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ static class SSLClient implements AutoCloseable {
|
|
|
177697 |
++
|
|
|
177697 |
++ private final SSLSocket socket;
|
|
|
177697 |
++
|
|
|
177697 |
++ private SSLClient(SSLSocket socket) {
|
|
|
177697 |
++ this.socket = socket;
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ void connect() throws IOException {
|
|
|
177697 |
++ System.out.println("Client: connect to server");
|
|
|
177697 |
++ try (
|
|
|
177697 |
++ BufferedInputStream bis = new BufferedInputStream(
|
|
|
177697 |
++ socket.getInputStream());
|
|
|
177697 |
++ BufferedOutputStream bos = new BufferedOutputStream(
|
|
|
177697 |
++ socket.getOutputStream())) {
|
|
|
177697 |
++ bos.write('x');
|
|
|
177697 |
++ bos.flush();
|
|
|
177697 |
++
|
|
|
177697 |
++ int read = bis.read();
|
|
|
177697 |
++ if (read < 0) {
|
|
|
177697 |
++ throw new IOException("Client: couldn't read a response");
|
|
|
177697 |
++ }
|
|
|
177697 |
++ socket.getSession().invalidate();
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ String[] getEnabledCiperSuites() {
|
|
|
177697 |
++ return socket.getEnabledCipherSuites();
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ String getNegotiatedCipherSuite() {
|
|
|
177697 |
++ return socket.getSession().getCipherSuite();
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ @Override
|
|
|
177697 |
++ public void close() throws Exception {
|
|
|
177697 |
++ if (!socket.isClosed()) {
|
|
|
177697 |
++ try {
|
|
|
177697 |
++ socket.close();
|
|
|
177697 |
++ } catch (IOException e) {
|
|
|
177697 |
++ System.out.println("Client: close: " + e);
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ static SSLClient init(int port)
|
|
|
177697 |
++ throws NoSuchAlgorithmException, IOException {
|
|
|
177697 |
++ return init(port, null);
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ static SSLClient init(int port, String ciphersuite)
|
|
|
177697 |
++ throws NoSuchAlgorithmException, IOException {
|
|
|
177697 |
++ SSLContext context = SSLContext.getDefault();
|
|
|
177697 |
++ SSLSocketFactory ssf = (SSLSocketFactory)
|
|
|
177697 |
++ context.getSocketFactory();
|
|
|
177697 |
++ SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port);
|
|
|
177697 |
++
|
|
|
177697 |
++ if (ciphersuite != null) {
|
|
|
177697 |
++ System.out.println("Client: enable cipher suite: "
|
|
|
177697 |
++ + ciphersuite);
|
|
|
177697 |
++ socket.setEnabledCipherSuites(new String[] { ciphersuite });
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ return new SSLClient(socket);
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++ }
|
|
|
177697 |
++
|
|
|
177697 |
++
|
|
|
177697 |
++}
|
|
|
177697 |
+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java
|
|
|
177697 |
+--- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java 2016-01-20 01:42:21.000000000 +0000
|
|
|
177697 |
++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java 2016-01-25 20:23:28.749086605 +0000
|
|
|
177697 |
+@@ -1,5 +1,5 @@
|
|
|
177697 |
+ /*
|
|
|
177697 |
+- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
|
|
|
177697 |
++ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
|
|
|
177697 |
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
177697 |
+ *
|
|
|
177697 |
+ * This code is free software; you can redistribute it and/or modify it
|
|
|
177697 |
+@@ -30,7 +30,7 @@
|
|
|
177697 |
+ */
|
|
|
177697 |
+
|
|
|
177697 |
+ import java.io.*;
|
|
|
177697 |
+-import java.net.*;
|
|
|
177697 |
++import java.security.Security;
|
|
|
177697 |
+ import javax.net.ssl.*;
|
|
|
177697 |
+
|
|
|
177697 |
+ public class CipherSuiteOrder {
|
|
|
177697 |
+@@ -192,6 +192,10 @@
|
|
|
177697 |
+ volatile Exception clientException = null;
|
|
|
177697 |
+
|
|
|
177697 |
+ public static void main(String[] args) throws Exception {
|
|
|
177697 |
++ // reset the security property to make sure that the algorithms
|
|
|
177697 |
++ // and keys used in this test are not disabled.
|
|
|
177697 |
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
|
|
|
177697 |
++
|
|
|
177697 |
+ String keyFilename =
|
|
|
177697 |
+ System.getProperty("test.src", "./") + "/" + pathToStores +
|
|
|
177697 |
+ "/" + keyStoreFile;
|
|
|
177697 |
+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
|
|
|
177697 |
+--- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java 2016-01-25 20:15:46.384811880 +0000
|
|
|
177697 |
++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java 2016-01-25 20:17:49.902742622 +0000
|
|
|
177697 |
+@@ -1,5 +1,5 @@
|
|
|
177697 |
+ /*
|
|
|
177697 |
+- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
|
|
|
177697 |
++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
|
|
|
177697 |
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
177697 |
+ *
|
|
|
177697 |
+ * This code is free software; you can redistribute it and/or modify it
|
|
|
177697 |
+@@ -102,10 +102,10 @@
|
|
|
177697 |
+ import java.nio.*;
|
|
|
177697 |
+ import java.security.KeyStore;
|
|
|
177697 |
+ import java.security.KeyFactory;
|
|
|
177697 |
++import java.security.Security;
|
|
|
177697 |
+ import java.security.cert.Certificate;
|
|
|
177697 |
+ import java.security.cert.CertificateFactory;
|
|
|
177697 |
+ import java.security.spec.PKCS8EncodedKeySpec;
|
|
|
177697 |
+-import java.security.spec.*;
|
|
|
177697 |
+ import java.security.interfaces.*;
|
|
|
177697 |
+ import java.util.Base64;
|
|
|
177697 |
+
|
|
|
177697 |
+@@ -367,6 +367,10 @@
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+ public static void main(String args[]) throws Exception {
|
|
|
177697 |
++ // reset the security property to make sure that the algorithms
|
|
|
177697 |
++ // and keys used in this test are not disabled.
|
|
|
177697 |
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
|
|
|
177697 |
++
|
|
|
177697 |
+ if (args.length != 4) {
|
|
|
177697 |
+ System.out.println(
|
|
|
177697 |
+ "Usage: java DHEKeySizing cipher-suite " +
|
|
|
177697 |
+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
|
|
|
177697 |
+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java 2016-01-20 01:42:24.000000000 +0000
|
|
|
177697 |
++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java 2016-01-25 20:17:49.902742622 +0000
|
|
|
177697 |
+@@ -1,5 +1,5 @@
|
|
|
177697 |
+ /*
|
|
|
177697 |
+- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
|
|
|
177697 |
++ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
|
|
|
177697 |
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
177697 |
+ *
|
|
|
177697 |
+ * This code is free software; you can redistribute it and/or modify it
|
|
|
177697 |
+@@ -622,6 +622,9 @@
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+ public static void main(String args[]) throws Exception {
|
|
|
177697 |
++ // reset the security property to make sure that the algorithms
|
|
|
177697 |
++ // and keys used in this test are not disabled.
|
|
|
177697 |
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
|
|
|
177697 |
+
|
|
|
177697 |
+ CheckStatus cs;
|
|
|
177697 |
+
|
|
|
177697 |
+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
|
|
|
177697 |
+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java 2016-01-20 01:42:24.000000000 +0000
|
|
|
177697 |
++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java 2016-01-25 20:20:24.580152890 +0000
|
|
|
177697 |
+@@ -33,6 +33,8 @@
|
|
|
177697 |
+ * The code could certainly be tightened up a lot.
|
|
|
177697 |
+ *
|
|
|
177697 |
+ * @author Brad Wetmore
|
|
|
177697 |
++ *
|
|
|
177697 |
++ * @run main/othervm ConnectionTest
|
|
|
177697 |
+ */
|
|
|
177697 |
+
|
|
|
177697 |
+ import javax.net.ssl.*;
|
|
|
177697 |
+@@ -672,6 +674,10 @@
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+ public static void main(String args[]) throws Exception {
|
|
|
177697 |
++ // reset the security property to make sure that the algorithms
|
|
|
177697 |
++ // and keys used in this test are not disabled.
|
|
|
177697 |
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
|
|
|
177697 |
++
|
|
|
177697 |
+ ConnectionTest ct = new ConnectionTest();
|
|
|
177697 |
+ ct.test();
|
|
|
177697 |
+ }
|
|
|
177697 |
+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java
|
|
|
177697 |
+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java 2016-01-20 01:42:24.000000000 +0000
|
|
|
177697 |
++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java 2016-01-25 20:19:17.305278447 +0000
|
|
|
177697 |
+@@ -180,6 +180,9 @@
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+ public static void main(String args[]) throws Exception {
|
|
|
177697 |
++ // reset the security property to make sure that the algorithms
|
|
|
177697 |
++ // and keys used in this test are not disabled.
|
|
|
177697 |
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
|
|
|
177697 |
+
|
|
|
177697 |
+ LargeBufs test;
|
|
|
177697 |
+
|
|
|
177697 |
+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java
|
|
|
177697 |
+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java 2016-01-20 01:42:25.000000000 +0000
|
|
|
177697 |
++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java 2016-01-25 20:18:53.009685445 +0000
|
|
|
177697 |
+@@ -33,7 +33,7 @@
|
|
|
177697 |
+ */
|
|
|
177697 |
+
|
|
|
177697 |
+ import java.io.*;
|
|
|
177697 |
+-import java.net.*;
|
|
|
177697 |
++import java.security.Security;
|
|
|
177697 |
+ import javax.net.ssl.*;
|
|
|
177697 |
+
|
|
|
177697 |
+ public class GenericStreamCipher {
|
|
|
177697 |
+@@ -161,6 +161,10 @@
|
|
|
177697 |
+ volatile Exception clientException = null;
|
|
|
177697 |
+
|
|
|
177697 |
+ public static void main(String[] args) throws Exception {
|
|
|
177697 |
++ // reset the security property to make sure that the algorithms
|
|
|
177697 |
++ // and keys used in this test are not disabled.
|
|
|
177697 |
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
|
|
|
177697 |
++
|
|
|
177697 |
+ String keyFilename =
|
|
|
177697 |
+ System.getProperty("test.src", ".") + "/" + pathToStores +
|
|
|
177697 |
+ "/" + keyStoreFile;
|
|
|
177697 |
diff -r 33e9441c53fc -r 412e3ce4141e patches/openjdk/8078823-disabledalgorithms_fails_intermittently.patch
|
|
|
177697 |
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
|
|
|
177697 |
+++ b/patches/openjdk/8078823-disabledalgorithms_fails_intermittently.patch Mon Jan 25 22:06:42 2016 +0000
|
|
|
177697 |
@@ -0,0 +1,58 @@
|
|
|
177697 |
+# HG changeset patch
|
|
|
177697 |
+# User asmotrak
|
|
|
177697 |
+# Date 1435145895 -10800
|
|
|
177697 |
+# Wed Jun 24 14:38:15 2015 +0300
|
|
|
177697 |
+# Node ID 66bf77932d57ef00e0c68c19c5e45e0b1de80fad
|
|
|
177697 |
+# Parent fddcb008fd1d285ed7d84011a43cdf556ab16bcb
|
|
|
177697 |
+8078823: javax/net/ssl/ciphersuites/DisabledAlgorithms.java fails intermittently
|
|
|
177697 |
+Reviewed-by: xuelei
|
|
|
177697 |
+
|
|
|
177697 |
+diff -r fddcb008fd1d -r 66bf77932d57 test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
|
|
|
177697 |
+--- openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java Tue Jun 23 15:07:18 2015 +0100
|
|
|
177697 |
++++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java Wed Jun 24 14:38:15 2015 +0300
|
|
|
177697 |
+@@ -104,6 +104,8 @@
|
|
|
177697 |
+ default:
|
|
|
177697 |
+ throw new RuntimeException("Wrong parameter: " + args[0]);
|
|
|
177697 |
+ }
|
|
|
177697 |
++
|
|
|
177697 |
++ System.out.println("Test passed");
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+ /*
|
|
|
177697 |
+@@ -128,7 +130,6 @@
|
|
|
177697 |
+ }
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+- server.stop();
|
|
|
177697 |
+ while (server.isRunning()) {
|
|
|
177697 |
+ sleep();
|
|
|
177697 |
+ }
|
|
|
177697 |
+@@ -224,11 +225,19 @@
|
|
|
177697 |
+ } catch (SSLHandshakeException e) {
|
|
|
177697 |
+ System.out.println("Server: run: " + e);
|
|
|
177697 |
+ sslError = true;
|
|
|
177697 |
++ stopped = true;
|
|
|
177697 |
+ } catch (IOException e) {
|
|
|
177697 |
+ if (!stopped) {
|
|
|
177697 |
+- System.out.println("Server: run: " + e);
|
|
|
177697 |
++ System.out.println("Server: run: unexpected exception: "
|
|
|
177697 |
++ + e);
|
|
|
177697 |
+ e.printStackTrace();
|
|
|
177697 |
+ otherError = true;
|
|
|
177697 |
++ stopped = true;
|
|
|
177697 |
++ } else {
|
|
|
177697 |
++ System.out.println("Server: run: " + e);
|
|
|
177697 |
++ System.out.println("The exception above occurred "
|
|
|
177697 |
++ + "because socket was closed, "
|
|
|
177697 |
++ + "please ignore it");
|
|
|
177697 |
+ }
|
|
|
177697 |
+ }
|
|
|
177697 |
+ }
|
|
|
177697 |
+@@ -261,6 +270,7 @@
|
|
|
177697 |
+ stopped = true;
|
|
|
177697 |
+ if (!ssocket.isClosed()) {
|
|
|
177697 |
+ try {
|
|
|
177697 |
++ System.out.println("Server: close socket");
|
|
|
177697 |
+ ssocket.close();
|
|
|
177697 |
+ } catch (IOException e) {
|
|
|
177697 |
+ System.out.println("Server: close: " + e);
|
|
|
177697 |
diff -r 33e9441c53fc -r 412e3ce4141e patches/pr2808-fix_disabled_algorithms_test.patch
|
|
|
177697 |
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
|
|
|
177697 |
+++ b/patches/pr2808-fix_disabled_algorithms_test.patch Mon Jan 25 22:06:42 2016 +0000
|
|
|
177697 |
@@ -0,0 +1,226 @@
|
|
|
177697 |
+--- openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java 2015-10-21 05:20:57.910156611 +0100
|
|
|
177697 |
++++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java 2016-01-25 21:58:39.334103875 +0000
|
|
|
177697 |
+@@ -82,16 +82,14 @@
|
|
|
177697 |
+ System.setProperty("javax.net.ssl.trustStore", trustFilename);
|
|
|
177697 |
+ System.setProperty("javax.net.ssl.trustStorePassword", passwd);
|
|
|
177697 |
+
|
|
|
177697 |
+- switch (args[0]) {
|
|
|
177697 |
+- case "default":
|
|
|
177697 |
++ if ("default".equals(args[0])) {
|
|
|
177697 |
+ // use default jdk.tls.disabledAlgorithms
|
|
|
177697 |
+ System.out.println("jdk.tls.disabledAlgorithms = "
|
|
|
177697 |
+ + Security.getProperty("jdk.tls.disabledAlgorithms"));
|
|
|
177697 |
+
|
|
|
177697 |
+ // check if RC4 cipher suites can't be used by default
|
|
|
177697 |
+ checkFailure(rc4_ciphersuites);
|
|
|
177697 |
+- break;
|
|
|
177697 |
+- case "empty":
|
|
|
177697 |
++ } else if ("empty".equals(args[0])) {
|
|
|
177697 |
+ // reset jdk.tls.disabledAlgorithms
|
|
|
177697 |
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
|
|
|
177697 |
+ System.out.println("jdk.tls.disabledAlgorithms = "
|
|
|
177697 |
+@@ -100,19 +98,19 @@
|
|
|
177697 |
+ // check if RC4 cipher suites can be used
|
|
|
177697 |
+ // if jdk.tls.disabledAlgorithms is empty
|
|
|
177697 |
+ checkSuccess(rc4_ciphersuites);
|
|
|
177697 |
+- break;
|
|
|
177697 |
+- default:
|
|
|
177697 |
++ } else {
|
|
|
177697 |
+ throw new RuntimeException("Wrong parameter: " + args[0]);
|
|
|
177697 |
+ }
|
|
|
177697 |
+-
|
|
|
177697 |
+- System.out.println("Test passed");
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+ /*
|
|
|
177697 |
+ * Checks if that specified cipher suites cannot be used.
|
|
|
177697 |
+ */
|
|
|
177697 |
+ private static void checkFailure(String[] ciphersuites) throws Exception {
|
|
|
177697 |
+- try (SSLServer server = SSLServer.init(ciphersuites)) {
|
|
|
177697 |
++ SSLServer server = null;
|
|
|
177697 |
++
|
|
|
177697 |
++ try {
|
|
|
177697 |
++ server = SSLServer.init(ciphersuites);
|
|
|
177697 |
+ startNewThread(server);
|
|
|
177697 |
+ while (!server.isRunning()) {
|
|
|
177697 |
+ sleep();
|
|
|
177697 |
+@@ -120,16 +118,21 @@
|
|
|
177697 |
+
|
|
|
177697 |
+ int port = server.getPort();
|
|
|
177697 |
+ for (String ciphersuite : ciphersuites) {
|
|
|
177697 |
+- try (SSLClient client = SSLClient.init(port, ciphersuite)) {
|
|
|
177697 |
++ SSLClient client = null;
|
|
|
177697 |
++ try {
|
|
|
177697 |
++ client = SSLClient.init(port, ciphersuite);
|
|
|
177697 |
+ client.connect();
|
|
|
177697 |
+ throw new RuntimeException("Expected SSLHandshakeException "
|
|
|
177697 |
+ + "not thrown");
|
|
|
177697 |
+ } catch (SSLHandshakeException e) {
|
|
|
177697 |
+ System.out.println("Expected exception on client side: "
|
|
|
177697 |
+ + e);
|
|
|
177697 |
++ } finally {
|
|
|
177697 |
++ if (client != null) { client.close(); }
|
|
|
177697 |
+ }
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
++ server.stop();
|
|
|
177697 |
+ while (server.isRunning()) {
|
|
|
177697 |
+ sleep();
|
|
|
177697 |
+ }
|
|
|
177697 |
+@@ -138,15 +141,18 @@
|
|
|
177697 |
+ throw new RuntimeException("Expected SSL exception "
|
|
|
177697 |
+ + "not thrown on server side");
|
|
|
177697 |
+ }
|
|
|
177697 |
++ } finally {
|
|
|
177697 |
++ if (server != null ) { server.close(); }
|
|
|
177697 |
+ }
|
|
|
177697 |
+-
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+ /*
|
|
|
177697 |
+ * Checks if specified cipher suites can be used.
|
|
|
177697 |
+ */
|
|
|
177697 |
+ private static void checkSuccess(String[] ciphersuites) throws Exception {
|
|
|
177697 |
+- try (SSLServer server = SSLServer.init(ciphersuites)) {
|
|
|
177697 |
++ SSLServer server = null;
|
|
|
177697 |
++ try {
|
|
|
177697 |
++ server = SSLServer.init(ciphersuites);
|
|
|
177697 |
+ startNewThread(server);
|
|
|
177697 |
+ while (!server.isRunning()) {
|
|
|
177697 |
+ sleep();
|
|
|
177697 |
+@@ -154,7 +160,9 @@
|
|
|
177697 |
+
|
|
|
177697 |
+ int port = server.getPort();
|
|
|
177697 |
+ for (String ciphersuite : ciphersuites) {
|
|
|
177697 |
+- try (SSLClient client = SSLClient.init(port, ciphersuite)) {
|
|
|
177697 |
++ SSLClient client = null;
|
|
|
177697 |
++ try {
|
|
|
177697 |
++ client = SSLClient.init(port, ciphersuite);
|
|
|
177697 |
+ client.connect();
|
|
|
177697 |
+ String negotiated = client.getNegotiatedCipherSuite();
|
|
|
177697 |
+ System.out.println("Negotiated cipher suite: "
|
|
|
177697 |
+@@ -163,6 +171,8 @@
|
|
|
177697 |
+ throw new RuntimeException("Unexpected cipher suite: "
|
|
|
177697 |
+ + negotiated);
|
|
|
177697 |
+ }
|
|
|
177697 |
++ } finally {
|
|
|
177697 |
++ if (client != null) { client.close(); }
|
|
|
177697 |
+ }
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+@@ -174,6 +184,8 @@
|
|
|
177697 |
+ if (server.error()) {
|
|
|
177697 |
+ throw new RuntimeException("Unexpected error on server side");
|
|
|
177697 |
+ }
|
|
|
177697 |
++ } finally {
|
|
|
177697 |
++ if (server != null) { server.close(); }
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+ }
|
|
|
177697 |
+@@ -193,7 +205,7 @@
|
|
|
177697 |
+ }
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+- static class SSLServer implements Runnable, AutoCloseable {
|
|
|
177697 |
++ static class SSLServer implements Runnable {
|
|
|
177697 |
+
|
|
|
177697 |
+ private final SSLServerSocket ssocket;
|
|
|
177697 |
+ private volatile boolean stopped = false;
|
|
|
177697 |
+@@ -210,7 +222,9 @@
|
|
|
177697 |
+ System.out.println("Server: started");
|
|
|
177697 |
+ running = true;
|
|
|
177697 |
+ while (!stopped) {
|
|
|
177697 |
+- try (SSLSocket socket = (SSLSocket) ssocket.accept()) {
|
|
|
177697 |
++ SSLSocket socket = null;
|
|
|
177697 |
++ try {
|
|
|
177697 |
++ socket = (SSLSocket) ssocket.accept();
|
|
|
177697 |
+ System.out.println("Server: accepted client connection");
|
|
|
177697 |
+ InputStream in = socket.getInputStream();
|
|
|
177697 |
+ OutputStream out = socket.getOutputStream();
|
|
|
177697 |
+@@ -225,19 +239,16 @@
|
|
|
177697 |
+ } catch (SSLHandshakeException e) {
|
|
|
177697 |
+ System.out.println("Server: run: " + e);
|
|
|
177697 |
+ sslError = true;
|
|
|
177697 |
+- stopped = true;
|
|
|
177697 |
+ } catch (IOException e) {
|
|
|
177697 |
+ if (!stopped) {
|
|
|
177697 |
+- System.out.println("Server: run: unexpected exception: "
|
|
|
177697 |
+- + e);
|
|
|
177697 |
++ System.out.println("Server: run: " + e);
|
|
|
177697 |
+ e.printStackTrace();
|
|
|
177697 |
+ otherError = true;
|
|
|
177697 |
+- stopped = true;
|
|
|
177697 |
+- } else {
|
|
|
177697 |
+- System.out.println("Server: run: " + e);
|
|
|
177697 |
+- System.out.println("The exception above occurred "
|
|
|
177697 |
+- + "because socket was closed, "
|
|
|
177697 |
+- + "please ignore it");
|
|
|
177697 |
++ }
|
|
|
177697 |
++ } finally {
|
|
|
177697 |
++ if (socket != null ) {
|
|
|
177697 |
++ try { socket.close(); }
|
|
|
177697 |
++ catch (IOException e) { }
|
|
|
177697 |
+ }
|
|
|
177697 |
+ }
|
|
|
177697 |
+ }
|
|
|
177697 |
+@@ -270,7 +281,6 @@
|
|
|
177697 |
+ stopped = true;
|
|
|
177697 |
+ if (!ssocket.isClosed()) {
|
|
|
177697 |
+ try {
|
|
|
177697 |
+- System.out.println("Server: close socket");
|
|
|
177697 |
+ ssocket.close();
|
|
|
177697 |
+ } catch (IOException e) {
|
|
|
177697 |
+ System.out.println("Server: close: " + e);
|
|
|
177697 |
+@@ -278,7 +288,6 @@
|
|
|
177697 |
+ }
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+- @Override
|
|
|
177697 |
+ public void close() {
|
|
|
177697 |
+ stop();
|
|
|
177697 |
+ }
|
|
|
177697 |
+@@ -300,7 +309,7 @@
|
|
|
177697 |
+ }
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+- static class SSLClient implements AutoCloseable {
|
|
|
177697 |
++ static class SSLClient {
|
|
|
177697 |
+
|
|
|
177697 |
+ private final SSLSocket socket;
|
|
|
177697 |
+
|
|
|
177697 |
+@@ -310,11 +319,12 @@
|
|
|
177697 |
+
|
|
|
177697 |
+ void connect() throws IOException {
|
|
|
177697 |
+ System.out.println("Client: connect to server");
|
|
|
177697 |
+- try (
|
|
|
177697 |
+- BufferedInputStream bis = new BufferedInputStream(
|
|
|
177697 |
+- socket.getInputStream());
|
|
|
177697 |
+- BufferedOutputStream bos = new BufferedOutputStream(
|
|
|
177697 |
+- socket.getOutputStream())) {
|
|
|
177697 |
++ BufferedInputStream bis = null;
|
|
|
177697 |
++ BufferedOutputStream bos = null;
|
|
|
177697 |
++ try {
|
|
|
177697 |
++ bis = new BufferedInputStream(socket.getInputStream());
|
|
|
177697 |
++ bos = new BufferedOutputStream(socket.getOutputStream());
|
|
|
177697 |
++
|
|
|
177697 |
+ bos.write('x');
|
|
|
177697 |
+ bos.flush();
|
|
|
177697 |
+
|
|
|
177697 |
+@@ -323,6 +333,9 @@
|
|
|
177697 |
+ throw new IOException("Client: couldn't read a response");
|
|
|
177697 |
+ }
|
|
|
177697 |
+ socket.getSession().invalidate();
|
|
|
177697 |
++ } finally {
|
|
|
177697 |
++ if (bis != null) { bis.close(); }
|
|
|
177697 |
++ if (bos != null) { bos.close(); }
|
|
|
177697 |
+ }
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+@@ -334,7 +347,6 @@
|
|
|
177697 |
+ return socket.getSession().getCipherSuite();
|
|
|
177697 |
+ }
|
|
|
177697 |
+
|
|
|
177697 |
+- @Override
|
|
|
177697 |
+ public void close() throws Exception {
|
|
|
177697 |
+ if (!socket.isClosed()) {
|
|
|
177697 |
+ try {
|