1 /* 2 * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 import java.util.Arrays; 24 import javax.net.ssl.SSLServerSocket; 25 import javax.net.ssl.SSLSocket; 26 27 /* 28 * @test 29 * @bug 8234728 30 * @library /javax/net/ssl/templates 31 * /javax/net/ssl/TLSCommon 32 * /lib/security 33 * @summary Test TLS ciphersuites order set through System properties 34 * @run main/othervm 35 * -Djdk.tls.client.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384 36 * -Djdk.tls.server.cipherSuites=TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256 37 * -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3" 38 * SystemPropCipherSuitesOrder TLSv1.3 39 * @run main/othervm 40 * -Djdk.tls.client.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384 41 * -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3" 42 * SystemPropCipherSuitesOrder TLSv1.3 43 * @run main/othervm 44 * -Djdk.tls.server.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384 45 * -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3" 46 * SystemPropCipherSuitesOrder TLSv1.3 47 * @run main/othervm 48 * -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 49 * -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 50 * SystemPropCipherSuitesOrder TLSv1.2 51 * @run main/othervm 52 * -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 53 * SystemPropCipherSuitesOrder TLSv1.2 54 * @run main/othervm 55 * -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 56 * SystemPropCipherSuitesOrder TLSv1.2 57 * @run main/othervm 58 * -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA 59 * -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA 60 * SystemPropCipherSuitesOrder TLSv1.1 61 * @run main/othervm 62 * -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA 63 * SystemPropCipherSuitesOrder TLSv1.1 64 * @run main/othervm 65 * -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA 66 * SystemPropCipherSuitesOrder TLSv1.1 67 * @run main/othervm 68 * -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA 69 * -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA 70 * SystemPropCipherSuitesOrder TLSv1 71 * @run main/othervm 72 * -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA 73 * SystemPropCipherSuitesOrder TLSv1 74 * @run main/othervm 75 * -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA 76 * SystemPropCipherSuitesOrder TLSv1 77 */ 78 public class SystemPropCipherSuitesOrder extends SSLSocketTemplate { 79 80 private final String protocol; 81 private static String[] servercipherSuites; 82 private static String[] clientcipherSuites; 83 84 public static void main(String[] args) { 85 servercipherSuites 86 = toArray(System.getProperty("jdk.tls.server.cipherSuites")); 87 clientcipherSuites 88 = toArray(System.getProperty("jdk.tls.client.cipherSuites")); 89 System.out.printf("SYSTEM PROPERTIES: ServerProp:%s - ClientProp:%s%n", 90 Arrays.deepToString(servercipherSuites), 91 Arrays.deepToString(clientcipherSuites)); 92 93 try { 94 new SystemPropCipherSuitesOrder(args[0]).run(); 95 } catch (Exception e) { 96 throw new RuntimeException(e); 97 } 98 } 99 100 private SystemPropCipherSuitesOrder(String protocol) { 101 this.protocol = protocol; 102 // Re-enable protocol if disabled. 103 if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) { 104 SecurityUtils.removeFromDisabledTlsAlgs(protocol); 105 } 106 } 107 108 // Servers are configured before clients, increment test case after. 109 @Override 110 protected void configureClientSocket(SSLSocket socket) { 111 socket.setEnabledProtocols(new String[]{protocol}); 112 } 113 114 @Override 115 protected void configureServerSocket(SSLServerSocket serverSocket) { 116 serverSocket.setEnabledProtocols(new String[]{protocol}); 117 } 118 119 protected void runServerApplication(SSLSocket socket) throws Exception { 120 if (servercipherSuites != null) { 121 System.out.printf("SERVER: SystemProperty:%s - " 122 + "getEnabledCipherSuites:%s%n", 123 Arrays.deepToString(servercipherSuites), 124 Arrays.deepToString(socket.getEnabledCipherSuites())); 125 } 126 if (servercipherSuites != null && !Arrays.equals( 127 servercipherSuites, socket.getEnabledCipherSuites())) { 128 throw new RuntimeException("Unmatched server side CipherSuite order"); 129 } 130 super.runServerApplication(socket); 131 } 132 133 protected void runClientApplication(SSLSocket socket) throws Exception { 134 if (clientcipherSuites != null) { 135 System.out.printf("CLIENT: SystemProperty:%s - " 136 + "getEnabledCipherSuites:%s%n", 137 Arrays.deepToString(clientcipherSuites), 138 Arrays.deepToString(socket.getEnabledCipherSuites())); 139 } 140 if (clientcipherSuites != null && !Arrays.equals(clientcipherSuites, 141 socket.getEnabledCipherSuites())) { 142 throw new RuntimeException("Unmatched client side CipherSuite order"); 143 } 144 super.runClientApplication(socket); 145 } 146 147 private static String[] toArray(String prop) { 148 return (prop != null) ? prop.split(",") : null; 149 } 150 }