1 /*
2 * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 // SunJSSE does not support dynamic system properties, no way to re-use
25 // system properties in samevm/agentvm mode.
26
27 /*
28 * @test
29 * @bug 7093640 8190492
30 * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
31 * @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1"
32 * CustomizedDefaultProtocols
33 */
34
35 import java.security.Security;
36 import java.util.Arrays;
37 import java.util.HashSet;
38 import java.util.Set;
39
40 import javax.net.SocketFactory;
41 import javax.net.ssl.KeyManager;
42 import javax.net.ssl.SSLContext;
43 import javax.net.ssl.SSLEngine;
44 import javax.net.ssl.SSLParameters;
45 import javax.net.ssl.SSLServerSocket;
46 import javax.net.ssl.SSLServerSocketFactory;
47 import javax.net.ssl.SSLSocket;
48 import javax.net.ssl.TrustManager;
49
50 public class CustomizedDefaultProtocols {
51 enum ContextVersion {
52 TLS_CV_01("SSL",
53 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
54 TLS_CV_02("TLS",
55 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
56 TLS_CV_03("SSLv3",
57 new String[] {"TLSv1"}),
58 TLS_CV_04("TLSv1",
59 new String[] {"TLSv1"}),
60 TLS_CV_05("TLSv1.1",
61 new String[] {"TLSv1", "TLSv1.1"}),
62 TLS_CV_06("TLSv1.2",
63 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
64 TLS_CV_07("TLSv1.3",
65 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
66 TLS_CV_08("Default",
67 new String[] {"SSLv3", "TLSv1", "TLSv1.1"});
68
69 final String contextVersion;
70 final String[] enabledProtocols;
71 final static String[] supportedProtocols = new String[] {
72 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
73 final static String[] serverDefaultProtocols = new String[] {
74 "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
75
76 ContextVersion(String contextVersion, String[] enabledProtocols) {
77 this.contextVersion = contextVersion;
78 this.enabledProtocols = enabledProtocols;
79 }
80 }
81
82 private static boolean checkProtocols(String[] target, String[] expected) {
83 boolean success = true;
84 if (target.length == 0) {
85 System.out.println("\t\t\t*** Error: No protocols");
86 success = false;
87 }
88
89 if (!protocolEquals(target, expected)) {
90 System.out.println("\t\t\t*** Error: Expected to get protocols " +
91 Arrays.toString(expected));
92 success = false;
93 }
94 System.out.println("\t\t\t Protocols found " + Arrays.toString(target));
95 System.out.println("\t\t\t--> Protocol check passed!!");
96
97 return success;
98 }
99
100 private static boolean protocolEquals(
101 String[] actualProtocols,
102 String[] expectedProtocols) {
103 if (actualProtocols.length != expectedProtocols.length) {
104 return false;
105 }
106
107 Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
108 for (String actual : actualProtocols) {
109 if (set.add(actual)) {
110 return false;
111 }
112 }
113
114 return true;
115 }
116
117 private static boolean checkCipherSuites(String[] target) {
118 boolean success = true;
119 if (target.length == 0) {
120 System.out.println("\t\t\t*** Error: No cipher suites");
121 success = false;
122 }
123
124 System.out.println("\t\t\t--> Cipher check passed!!");
125 return success;
126 }
127
128 public static void main(String[] args) throws Exception {
129 // reset the security property to make sure that the algorithms
130 // and keys used in this test are not disabled.
131 Security.setProperty("jdk.tls.disabledAlgorithms", "");
132
133 boolean failed = false;
134 for (ContextVersion cv : ContextVersion.values()) {
135 System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
136 System.out.println("============================");
137 SSLContext context = SSLContext.getInstance(cv.contextVersion);
138
139 // Default SSLContext is initialized automatically.
140 if (!cv.contextVersion.equals("Default")) {
141 // Use default TK, KM and random.
142 context.init((KeyManager[])null, (TrustManager[])null, null);
143 }
144
145 //
146 // Check SSLContext
147 //
148 // Check default SSLParameters of SSLContext
149 System.out.println("\tChecking default SSLParameters");
150 System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
151 SSLParameters parameters = context.getDefaultSSLParameters();
152
153 String[] protocols = parameters.getProtocols();
154 failed |= !checkProtocols(protocols, cv.enabledProtocols);
155
156 String[] ciphers = parameters.getCipherSuites();
157 failed |= !checkCipherSuites(ciphers);
158
159 // Check supported SSLParameters of SSLContext
160 System.out.println("\t\tChecking supported SSLParameters");
161 parameters = context.getSupportedSSLParameters();
162
163 protocols = parameters.getProtocols();
164 failed |= !checkProtocols(protocols, cv.supportedProtocols);
165
166 ciphers = parameters.getCipherSuites();
167 failed |= !checkCipherSuites(ciphers);
168
169 //
170 // Check SSLEngine
171 //
172 // Check SSLParameters of SSLEngine
173 System.out.println();
174 System.out.println("\tChecking SSLEngine of this SSLContext");
175 System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
176 SSLEngine engine = context.createSSLEngine();
177 engine.setUseClientMode(true);
178 parameters = engine.getSSLParameters();
179
180 protocols = parameters.getProtocols();
181 failed |= !checkProtocols(protocols, cv.enabledProtocols);
182
183 ciphers = parameters.getCipherSuites();
184 failed |= !checkCipherSuites(ciphers);
185
186 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
187 protocols = engine.getEnabledProtocols();
188 failed |= !checkProtocols(protocols, cv.enabledProtocols);
189
190 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
191 ciphers = engine.getEnabledCipherSuites();
192 failed |= !checkCipherSuites(ciphers);
193
194 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
195 protocols = engine.getSupportedProtocols();
196 failed |= !checkProtocols(protocols, cv.supportedProtocols);
197
198 System.out.println(
199 "\t\tChecking SSLEngine.getSupportedCipherSuites()");
200 ciphers = engine.getSupportedCipherSuites();
201 failed |= !checkCipherSuites(ciphers);
202
203 //
204 // Check SSLSocket
205 //
206 // Check SSLParameters of SSLSocket
207 System.out.println();
208 System.out.println("\tChecking SSLSocket of this SSLContext");
209 System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
210 SocketFactory fac = context.getSocketFactory();
211 SSLSocket socket = (SSLSocket)fac.createSocket();
212 parameters = socket.getSSLParameters();
213
214 protocols = parameters.getProtocols();
215 failed |= !checkProtocols(protocols, cv.enabledProtocols);
216
217 ciphers = parameters.getCipherSuites();
218 failed |= !checkCipherSuites(ciphers);
219
220 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
221 protocols = socket.getEnabledProtocols();
222 failed |= !checkProtocols(protocols, cv.enabledProtocols);
223
224 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
225 ciphers = socket.getEnabledCipherSuites();
226 failed |= !checkCipherSuites(ciphers);
227
228 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
229 protocols = socket.getSupportedProtocols();
230 failed |= !checkProtocols(protocols, cv.supportedProtocols);
231
232 System.out.println(
233 "\t\tChecking SSLEngine.getSupportedCipherSuites()");
234 ciphers = socket.getSupportedCipherSuites();
235 failed |= !checkCipherSuites(ciphers);
236
237 //
238 // Check SSLServerSocket
239 //
240 // Check SSLParameters of SSLServerSocket
241 System.out.println();
242 System.out.println("\tChecking SSLServerSocket of this SSLContext");
243 System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
244 SSLServerSocketFactory sf = context.getServerSocketFactory();
245 SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
246 parameters = ssocket.getSSLParameters();
247
248 protocols = parameters.getProtocols();
249 failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
250
251 ciphers = parameters.getCipherSuites();
252 failed |= !checkCipherSuites(ciphers);
253
254 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
255 protocols = ssocket.getEnabledProtocols();
256 failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
257
258 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
259 ciphers = ssocket.getEnabledCipherSuites();
260 failed |= !checkCipherSuites(ciphers);
261
262 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
263 protocols = ssocket.getSupportedProtocols();
264 failed |= !checkProtocols(protocols, cv.supportedProtocols);
265
266 System.out.println(
267 "\t\tChecking SSLEngine.getSupportedCipherSuites()");
268 ciphers = ssocket.getSupportedCipherSuites();
269 failed |= !checkCipherSuites(ciphers);
270 }
271
272 if (failed) {
273 throw new Exception("Run into problems, see log for more details");
274 }
275 }
276 }