1 /*
   2  * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 import java.util.Arrays;
  24 import javax.net.ssl.SSLServerSocket;
  25 import javax.net.ssl.SSLSocket;
  26 
  27 /*
  28  * @test
  29  * @bug 8234728
  30  * @library /javax/net/ssl/templates
  31  *          /javax/net/ssl/TLSCommon
  32  * @summary Test TLS ciphersuites order.
  33  *      Parameter order: <protocol> <client cipher order> <server cipher order>
  34  * @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED default
  35  * @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED default
  36  * @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED UNORDERED
  37  * @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED ORDERED
  38  * @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED default
  39  * @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED default
  40  * @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED UNORDERED
  41  * @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED ORDERED
  42  * @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED default
  43  * @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED default
  44  * @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED UNORDERED
  45  * @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED ORDERED
  46  * @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED default
  47  * @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED default
  48  * @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED UNORDERED
  49  * @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED ORDERED
  50  */
  51 public class TLSCipherSuitesOrder extends SSLSocketTemplate {
  52 
  53     private final String protocol;
  54     private final String[] servercipherSuites;
  55     private final String[] clientcipherSuites;
  56 
  57     public static void main(String[] args) {
  58         PROTOCOL protocol = PROTOCOL.valueOf(args[0]);
  59         try {
  60             new TLSCipherSuitesOrder(protocol.getProtocol(),
  61                     protocol.getCipherSuite(args[1]),
  62                     protocol.getCipherSuite(args[2])).run();
  63         } catch (Exception e) {
  64             throw new RuntimeException(e);
  65         }
  66     }
  67 
  68     private TLSCipherSuitesOrder(String protocol, String[] clientcipherSuites,
  69             String[] servercipherSuites) {
  70         this.protocol = protocol;
  71         this.clientcipherSuites = clientcipherSuites;
  72         this.servercipherSuites = servercipherSuites;
  73     }
  74 
  75     // Servers are configured before clients, increment test case after.
  76     @Override
  77     protected void configureClientSocket(SSLSocket socket) {
  78         socket.setEnabledProtocols(new String[]{protocol});
  79         if (clientcipherSuites != null) {
  80             socket.setEnabledCipherSuites(clientcipherSuites);
  81         }
  82     }
  83 
  84     @Override
  85     protected void configureServerSocket(SSLServerSocket serverSocket) {
  86         serverSocket.setEnabledProtocols(new String[]{protocol});
  87         if (servercipherSuites != null) {
  88             serverSocket.setEnabledCipherSuites(servercipherSuites);
  89         }
  90     }
  91 
  92     protected void runServerApplication(SSLSocket socket) throws Exception {
  93         if (servercipherSuites != null) {
  94             System.out.printf("SERVER: setEnabledCipherSuites:%s - "
  95                     + "getEnabledCipherSuites:%s%n",
  96                     Arrays.deepToString(servercipherSuites),
  97                     Arrays.deepToString(socket.getEnabledCipherSuites()));
  98         }
  99         if (servercipherSuites != null && !Arrays.equals(servercipherSuites,
 100                 socket.getEnabledCipherSuites())) {
 101             throw new RuntimeException("Unmatched server side CipherSuite order");
 102         }
 103         super.runServerApplication(socket);
 104     }
 105 
 106     protected void runClientApplication(SSLSocket socket) throws Exception {
 107         if (clientcipherSuites != null) {
 108             System.out.printf("CLIENT: setEnabledCipherSuites:%s - "
 109                     + "getEnabledCipherSuites:%s%n",
 110                     Arrays.deepToString(clientcipherSuites),
 111                     Arrays.deepToString(socket.getEnabledCipherSuites()));
 112         }
 113         if (clientcipherSuites != null && !Arrays.equals(
 114                 clientcipherSuites, socket.getEnabledCipherSuites())) {
 115             throw new RuntimeException("Unmatched client side CipherSuite order");
 116         }
 117         super.runClientApplication(socket);
 118     }
 119 
 120     enum PROTOCOL {
 121         TLSv13("TLSv1.3",
 122                 new String[]{
 123                     "TLS_AES_256_GCM_SHA384",
 124                     "TLS_AES_128_GCM_SHA256"},
 125                 new String[]{
 126                     "TLS_AES_128_GCM_SHA256",
 127                     "TLS_AES_256_GCM_SHA384"}),
 128         TLSv12("TLSv1.2",
 129                 new String[]{
 130                     "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
 131                     "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
 132                 new String[]{
 133                     "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
 134                     "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}),
 135         TLSv11("TLSv1.1",
 136                 new String[]{
 137                     "TLS_RSA_WITH_AES_256_CBC_SHA",
 138                     "TLS_RSA_WITH_AES_128_CBC_SHA"},
 139                 new String[]{
 140                     "TLS_RSA_WITH_AES_128_CBC_SHA",
 141                     "TLS_RSA_WITH_AES_256_CBC_SHA"}),
 142         TLSv1("TLSv1",
 143                 new String[]{
 144                     "TLS_RSA_WITH_AES_256_CBC_SHA",
 145                     "TLS_RSA_WITH_AES_128_CBC_SHA"},
 146                 new String[]{
 147                     "TLS_RSA_WITH_AES_128_CBC_SHA",
 148                     "TLS_RSA_WITH_AES_256_CBC_SHA"});
 149 
 150         String protocol;
 151         String[] orderedCiphers;
 152         String[] unOrderedCiphers;
 153 
 154         private PROTOCOL(String protocol, String[] orderedCiphers,
 155                 String[] unOrderedCiphers) {
 156             this.protocol = protocol;
 157             this.orderedCiphers = orderedCiphers;
 158             this.unOrderedCiphers = unOrderedCiphers;
 159         }
 160 
 161         public String getProtocol() {
 162             return protocol;
 163         }
 164 
 165         public String[] getOrderedCiphers() {
 166             return orderedCiphers;
 167         }
 168 
 169         public String[] getUnOrderedCiphers() {
 170             return unOrderedCiphers;
 171         }
 172 
 173         public String[] getCipherSuite(String order) {
 174             switch (order) {
 175                 case "ORDERED":
 176                     return getOrderedCiphers();
 177                 case "UNORDERED":
 178                     return getUnOrderedCiphers();
 179                 default:
 180                     return null;
 181             }
 182         }
 183     }
 184 }