1 /*
   2  * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 // SunJSSE does not support dynamic system properties, no way to re-use
  25 // system properties in samevm/agentvm mode.
  26 
  27 /*
  28  * @test
  29  * @bug 7093640
  30  * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
  31  * @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1"
  32  *      CustomizedDefaultProtocols
  33  */
  34 
  35 import java.security.Security;
  36 import java.util.Arrays;
  37 import java.util.HashSet;
  38 import java.util.Set;
  39 
  40 import javax.net.SocketFactory;
  41 import javax.net.ssl.KeyManager;
  42 import javax.net.ssl.SSLContext;
  43 import javax.net.ssl.SSLEngine;
  44 import javax.net.ssl.SSLParameters;
  45 import javax.net.ssl.SSLServerSocket;
  46 import javax.net.ssl.SSLServerSocketFactory;
  47 import javax.net.ssl.SSLSocket;
  48 import javax.net.ssl.TrustManager;
  49 
  50 public class CustomizedDefaultProtocols {
  51     enum ContextVersion {
  52         TLS_CV_01("SSL",
  53                 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
  54         TLS_CV_02("TLS",
  55                 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
  56         TLS_CV_03("SSLv3",
  57                 new String[] {"SSLv3", "TLSv1"}),
  58         TLS_CV_04("TLSv1",
  59                 new String[] {"SSLv3", "TLSv1"}),
  60         TLS_CV_05("TLSv1.1",
  61                 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
  62         TLS_CV_06("TLSv1.2",
  63                 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
  64         TLS_CV_07("TLSv1.3",
  65                 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  66         TLS_CV_08("Default",
  67                 new String[] {"SSLv3", "TLSv1", "TLSv1.1"});
  68 
  69         final String contextVersion;
  70         final String[] enabledProtocols;
  71         final static String[] supportedProtocols = new String[] {
  72                 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};


  73 
  74         ContextVersion(String contextVersion, String[] enabledProtocols) {
  75             this.contextVersion = contextVersion;
  76             this.enabledProtocols = enabledProtocols;
  77         }
  78     }
  79 
  80     private static boolean checkProtocols(String[] target, String[] expected) {
  81         boolean success = true;
  82         if (target.length == 0) {
  83             System.out.println("\tError: No protocols");
  84             success = false;
  85         }
  86 
  87         if (!protocolEquals(target, expected)) {
  88             System.out.println("\tError: Expected to get protocols " +
  89                     Arrays.toString(expected));
  90             success = false;
  91         }
  92         System.out.println("\t  Protocols found " + Arrays.toString(target));

  93 
  94         return success;
  95     }
  96 
  97     private static boolean protocolEquals(
  98             String[] actualProtocols,
  99             String[] expectedProtocols) {
 100         if (actualProtocols.length != expectedProtocols.length) {
 101             return false;
 102         }
 103 
 104         Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
 105         for (String actual : actualProtocols) {
 106             if (set.add(actual)) {
 107                 return false;
 108             }
 109         }
 110 
 111         return true;
 112     }
 113 
 114     private static boolean checkCipherSuites(String[] target) {
 115         boolean success = true;
 116         if (target.length == 0) {
 117             System.out.println("\tError: No cipher suites");
 118             success = false;
 119         }
 120 

 121         return success;
 122     }
 123 
 124     public static void main(String[] args) throws Exception {
 125         // reset the security property to make sure that the algorithms
 126         // and keys used in this test are not disabled.
 127         Security.setProperty("jdk.tls.disabledAlgorithms", "");
 128 
 129         boolean failed = false;
 130         for (ContextVersion cv : ContextVersion.values()) {
 131             System.out.println("Checking SSLContext of " + cv.contextVersion);

 132             SSLContext context = SSLContext.getInstance(cv.contextVersion);
 133 
 134             // Default SSLContext is initialized automatically.
 135             if (!cv.contextVersion.equals("Default")) {
 136                 // Use default TK, KM and random.
 137                 context.init((KeyManager[])null, (TrustManager[])null, null);
 138             }
 139 
 140             //
 141             // Check SSLContext
 142             //
 143             // Check default SSLParameters of SSLContext
 144             System.out.println("\tChecking default SSLParameters");

 145             SSLParameters parameters = context.getDefaultSSLParameters();
 146 
 147             String[] protocols = parameters.getProtocols();
 148             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 149 
 150             String[] ciphers = parameters.getCipherSuites();
 151             failed |= !checkCipherSuites(ciphers);
 152 
 153             // Check supported SSLParameters of SSLContext
 154             System.out.println("\tChecking supported SSLParameters");
 155             parameters = context.getSupportedSSLParameters();
 156 
 157             protocols = parameters.getProtocols();
 158             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 159 
 160             ciphers = parameters.getCipherSuites();
 161             failed |= !checkCipherSuites(ciphers);
 162 
 163             //
 164             // Check SSLEngine
 165             //
 166             // Check SSLParameters of SSLEngine
 167             System.out.println();
 168             System.out.println("\tChecking SSLEngine of this SSLContext");
 169             System.out.println("\tChecking SSLEngine.getSSLParameters()");
 170             SSLEngine engine = context.createSSLEngine();
 171             engine.setUseClientMode(true);
 172             parameters = engine.getSSLParameters();
 173 
 174             protocols = parameters.getProtocols();
 175             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 176 
 177             ciphers = parameters.getCipherSuites();
 178             failed |= !checkCipherSuites(ciphers);
 179 
 180             System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
 181             protocols = engine.getEnabledProtocols();
 182             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 183 
 184             System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
 185             ciphers = engine.getEnabledCipherSuites();
 186             failed |= !checkCipherSuites(ciphers);
 187 
 188             System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
 189             protocols = engine.getSupportedProtocols();
 190             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 191 
 192             System.out.println(
 193                     "\tChecking SSLEngine.getSupportedCipherSuites()");
 194             ciphers = engine.getSupportedCipherSuites();
 195             failed |= !checkCipherSuites(ciphers);
 196 
 197             //
 198             // Check SSLSocket
 199             //
 200             // Check SSLParameters of SSLSocket
 201             System.out.println();
 202             System.out.println("\tChecking SSLSocket of this SSLContext");
 203             System.out.println("\tChecking SSLSocket.getSSLParameters()");
 204             SocketFactory fac = context.getSocketFactory();
 205             SSLSocket socket = (SSLSocket)fac.createSocket();
 206             parameters = socket.getSSLParameters();
 207 
 208             protocols = parameters.getProtocols();
 209             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 210 
 211             ciphers = parameters.getCipherSuites();
 212             failed |= !checkCipherSuites(ciphers);
 213 
 214             System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
 215             protocols = socket.getEnabledProtocols();
 216             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 217 
 218             System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
 219             ciphers = socket.getEnabledCipherSuites();
 220             failed |= !checkCipherSuites(ciphers);
 221 
 222             System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
 223             protocols = socket.getSupportedProtocols();
 224             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 225 
 226             System.out.println(
 227                     "\tChecking SSLEngine.getSupportedCipherSuites()");
 228             ciphers = socket.getSupportedCipherSuites();
 229             failed |= !checkCipherSuites(ciphers);
 230 
 231             //
 232             // Check SSLServerSocket
 233             //
 234             // Check SSLParameters of SSLServerSocket
 235             System.out.println();
 236             System.out.println("\tChecking SSLServerSocket of this SSLContext");
 237             System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
 238             SSLServerSocketFactory sf = context.getServerSocketFactory();
 239             SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
 240             parameters = ssocket.getSSLParameters();
 241 
 242             protocols = parameters.getProtocols();
 243             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 244 
 245             ciphers = parameters.getCipherSuites();
 246             failed |= !checkCipherSuites(ciphers);
 247 
 248             System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
 249             protocols = ssocket.getEnabledProtocols();
 250             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 251 
 252             System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
 253             ciphers = ssocket.getEnabledCipherSuites();
 254             failed |= !checkCipherSuites(ciphers);
 255 
 256             System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
 257             protocols = ssocket.getSupportedProtocols();
 258             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 259 
 260             System.out.println(
 261                     "\tChecking SSLEngine.getSupportedCipherSuites()");
 262             ciphers = ssocket.getSupportedCipherSuites();
 263             failed |= !checkCipherSuites(ciphers);
 264         }
 265 
 266         if (failed) {
 267             throw new Exception("Run into problems, see log for more details");
 268         } else {
 269             System.out.println("\t... Success");
 270         }
 271     }
 272 }
--- EOF ---