New test/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java

   1 /*
   2  * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 import java.util.Arrays;
  24 import javax.net.ssl.SSLServerSocket;
  25 import javax.net.ssl.SSLSocket;
  26 
  27 /*
  28  * @test
  29  * @bug 8234728
  30  * @library /javax/net/ssl/templates
  31  *          /javax/net/ssl/TLSCommon
  32  *          /lib/security
  33  * @summary Test TLS ciphersuites order set through System properties
  34  * @run main/othervm
  35  *      -Djdk.tls.client.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384
  36  *      -Djdk.tls.server.cipherSuites=TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256
  37  *      -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3"
  38  *      SystemPropCipherSuitesOrder TLSv1.3
  39  * @run main/othervm
  40  *      -Djdk.tls.client.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384
  41  *      -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3"
  42  *      SystemPropCipherSuitesOrder TLSv1.3
  43  * @run main/othervm
  44  *      -Djdk.tls.server.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384
  45  *      -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3"
  46  *      SystemPropCipherSuitesOrder TLSv1.3
  47  * @run main/othervm
  48  *      -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  49  *      -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  50  *      SystemPropCipherSuitesOrder TLSv1.2
  51  * @run main/othervm
  52  *      -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  53  *      SystemPropCipherSuitesOrder TLSv1.2
  54  * @run main/othervm
  55  *      -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  56  *      SystemPropCipherSuitesOrder TLSv1.2
  57  * @run main/othervm
  58  *      -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
  59  *      -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
  60  *      SystemPropCipherSuitesOrder TLSv1.1
  61  * @run main/othervm
  62  *      -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
  63  *      SystemPropCipherSuitesOrder TLSv1.1
  64  * @run main/othervm
  65  *      -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
  66  *      SystemPropCipherSuitesOrder TLSv1.1
  67  * @run main/othervm
  68  *      -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
  69  *      -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
  70  *      SystemPropCipherSuitesOrder TLSv1
  71  * @run main/othervm
  72  *      -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
  73  *      SystemPropCipherSuitesOrder TLSv1
  74  * @run main/othervm
  75  *      -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
  76  *      SystemPropCipherSuitesOrder TLSv1
  77  */
  78 public class SystemPropCipherSuitesOrder extends SSLSocketTemplate {
  79 
  80     private final String protocol;
  81     private static String[] servercipherSuites;
  82     private static String[] clientcipherSuites;
  83 
  84     public static void main(String[] args) {
  85         servercipherSuites
  86                 = toArray(System.getProperty("jdk.tls.server.cipherSuites"));
  87         clientcipherSuites
  88                 = toArray(System.getProperty("jdk.tls.client.cipherSuites"));
  89         System.out.printf("SYSTEM PROPERTIES: ServerProp:%s - ClientProp:%s%n",
  90                 Arrays.deepToString(servercipherSuites),
  91                 Arrays.deepToString(clientcipherSuites));
  92 
  93         try {
  94             new SystemPropCipherSuitesOrder(args[0]).run();
  95         } catch (Exception e) {
  96             throw new RuntimeException(e);
  97         }
  98     }
  99 
 100     private SystemPropCipherSuitesOrder(String protocol) {
 101         this.protocol = protocol;
 102         // Re-enable protocol if disabled.
 103         if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) {
 104             SecurityUtils.removeFromDisabledTlsAlgs(protocol);
 105         }
 106     }
 107 
 108     // Servers are configured before clients, increment test case after.
 109     @Override
 110     protected void configureClientSocket(SSLSocket socket) {
 111         socket.setEnabledProtocols(new String[]{protocol});
 112     }
 113 
 114     @Override
 115     protected void configureServerSocket(SSLServerSocket serverSocket) {
 116         serverSocket.setEnabledProtocols(new String[]{protocol});
 117     }
 118 
 119     protected void runServerApplication(SSLSocket socket) throws Exception {
 120         if (servercipherSuites != null) {
 121             System.out.printf("SERVER: SystemProperty:%s - "
 122                     + "getEnabledCipherSuites:%s%n",
 123                     Arrays.deepToString(servercipherSuites),
 124                     Arrays.deepToString(socket.getEnabledCipherSuites()));
 125         }
 126         if (servercipherSuites != null && !Arrays.equals(
 127                 servercipherSuites, socket.getEnabledCipherSuites())) {
 128             throw new RuntimeException("Unmatched server side CipherSuite order");
 129         }
 130         super.runServerApplication(socket);
 131     }
 132 
 133     protected void runClientApplication(SSLSocket socket) throws Exception {
 134         if (clientcipherSuites != null) {
 135             System.out.printf("CLIENT: SystemProperty:%s - "
 136                     + "getEnabledCipherSuites:%s%n",
 137                     Arrays.deepToString(clientcipherSuites),
 138                     Arrays.deepToString(socket.getEnabledCipherSuites()));
 139         }
 140         if (clientcipherSuites != null && !Arrays.equals(clientcipherSuites,
 141                 socket.getEnabledCipherSuites())) {
 142             throw new RuntimeException("Unmatched client side CipherSuite order");
 143         }
 144         super.runClientApplication(socket);
 145     }
 146 
 147     private static String[] toArray(String prop) {
 148         return (prop != null) ? prop.split(",") : null;
 149     }
 150 }