1 /*
   2  * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 // SunJSSE does not support dynamic system properties, no way to re-use
  25 // system properties in samevm/agentvm mode.
  26 
  27 /*
  28  * @test
  29  * @bug 7093640 8190492
  30  * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
  31  * @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1"
  32  *      CustomizedDefaultProtocols
  33  */
  34 
  35 import java.security.Security;
  36 import java.util.Arrays;
  37 import java.util.HashSet;
  38 import java.util.Set;
  39 
  40 import javax.net.SocketFactory;
  41 import javax.net.ssl.KeyManager;
  42 import javax.net.ssl.SSLContext;
  43 import javax.net.ssl.SSLEngine;
  44 import javax.net.ssl.SSLParameters;
  45 import javax.net.ssl.SSLServerSocket;
  46 import javax.net.ssl.SSLServerSocketFactory;
  47 import javax.net.ssl.SSLSocket;
  48 import javax.net.ssl.TrustManager;
  49 
  50 public class CustomizedDefaultProtocols {
  51     enum ContextVersion {
  52         TLS_CV_01("SSL",
  53                 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
  54         TLS_CV_02("TLS",
  55                 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
  56         TLS_CV_03("SSLv3",
  57                 new String[] {"TLSv1"}),
  58         TLS_CV_04("TLSv1",
  59                 new String[] {"TLSv1"}),
  60         TLS_CV_05("TLSv1.1",
  61                 new String[] {"TLSv1", "TLSv1.1"}),
  62         TLS_CV_06("TLSv1.2",
  63                 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
  64         TLS_CV_07("TLSv1.3",
  65                 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  66         TLS_CV_08("Default",
  67                 new String[] {"SSLv3", "TLSv1", "TLSv1.1"});
  68 
  69         final String contextVersion;
  70         final String[] enabledProtocols;
  71         final static String[] supportedProtocols = new String[] {
  72                 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
  73         final static String[] serverDefaultProtocols = new String[] {
  74                 "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
  75 
  76         ContextVersion(String contextVersion, String[] enabledProtocols) {
  77             this.contextVersion = contextVersion;
  78             this.enabledProtocols = enabledProtocols;
  79         }
  80     }
  81 
  82     private static boolean checkProtocols(String[] target, String[] expected) {
  83         boolean success = true;
  84         if (target.length == 0) {
  85             System.out.println("\t\t\t*** Error: No protocols");
  86             success = false;
  87         }
  88 
  89         if (!protocolEquals(target, expected)) {
  90             System.out.println("\t\t\t*** Error: Expected to get protocols " +
  91                     Arrays.toString(expected));
  92             success = false;
  93         }
  94         System.out.println("\t\t\t  Protocols found " + Arrays.toString(target));
  95         System.out.println("\t\t\t--> Protocol check passed!!");
  96 
  97         return success;
  98     }
  99 
 100     private static boolean protocolEquals(
 101             String[] actualProtocols,
 102             String[] expectedProtocols) {
 103         if (actualProtocols.length != expectedProtocols.length) {
 104             return false;
 105         }
 106 
 107         Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
 108         for (String actual : actualProtocols) {
 109             if (set.add(actual)) {
 110                 return false;
 111             }
 112         }
 113 
 114         return true;
 115     }
 116 
 117     private static boolean checkCipherSuites(String[] target) {
 118         boolean success = true;
 119         if (target.length == 0) {
 120             System.out.println("\t\t\t*** Error: No cipher suites");
 121             success = false;
 122         }
 123 
 124         System.out.println("\t\t\t--> Cipher check passed!!");
 125         return success;
 126     }
 127 
 128     public static void main(String[] args) throws Exception {
 129         // reset the security property to make sure that the algorithms
 130         // and keys used in this test are not disabled.
 131         Security.setProperty("jdk.tls.disabledAlgorithms", "");
 132 
 133         boolean failed = false;
 134         for (ContextVersion cv : ContextVersion.values()) {
 135             System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
 136             System.out.println("============================");
 137             SSLContext context = SSLContext.getInstance(cv.contextVersion);
 138 
 139             // Default SSLContext is initialized automatically.
 140             if (!cv.contextVersion.equals("Default")) {
 141                 // Use default TK, KM and random.
 142                 context.init((KeyManager[])null, (TrustManager[])null, null);
 143             }
 144 
 145             //
 146             // Check SSLContext
 147             //
 148             // Check default SSLParameters of SSLContext
 149             System.out.println("\tChecking default SSLParameters");
 150             System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
 151             SSLParameters parameters = context.getDefaultSSLParameters();
 152 
 153             String[] protocols = parameters.getProtocols();
 154             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 155 
 156             String[] ciphers = parameters.getCipherSuites();
 157             failed |= !checkCipherSuites(ciphers);
 158 
 159             // Check supported SSLParameters of SSLContext
 160             System.out.println("\t\tChecking supported SSLParameters");
 161             parameters = context.getSupportedSSLParameters();
 162 
 163             protocols = parameters.getProtocols();
 164             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 165 
 166             ciphers = parameters.getCipherSuites();
 167             failed |= !checkCipherSuites(ciphers);
 168 
 169             //
 170             // Check SSLEngine
 171             //
 172             // Check SSLParameters of SSLEngine
 173             System.out.println();
 174             System.out.println("\tChecking SSLEngine of this SSLContext");
 175             System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
 176             SSLEngine engine = context.createSSLEngine();
 177             engine.setUseClientMode(true);
 178             parameters = engine.getSSLParameters();
 179 
 180             protocols = parameters.getProtocols();
 181             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 182 
 183             ciphers = parameters.getCipherSuites();
 184             failed |= !checkCipherSuites(ciphers);
 185 
 186             System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
 187             protocols = engine.getEnabledProtocols();
 188             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 189 
 190             System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
 191             ciphers = engine.getEnabledCipherSuites();
 192             failed |= !checkCipherSuites(ciphers);
 193 
 194             System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
 195             protocols = engine.getSupportedProtocols();
 196             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 197 
 198             System.out.println(
 199                     "\t\tChecking SSLEngine.getSupportedCipherSuites()");
 200             ciphers = engine.getSupportedCipherSuites();
 201             failed |= !checkCipherSuites(ciphers);
 202 
 203             //
 204             // Check SSLSocket
 205             //
 206             // Check SSLParameters of SSLSocket
 207             System.out.println();
 208             System.out.println("\tChecking SSLSocket of this SSLContext");
 209             System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
 210             SocketFactory fac = context.getSocketFactory();
 211             SSLSocket socket = (SSLSocket)fac.createSocket();
 212             parameters = socket.getSSLParameters();
 213 
 214             protocols = parameters.getProtocols();
 215             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 216 
 217             ciphers = parameters.getCipherSuites();
 218             failed |= !checkCipherSuites(ciphers);
 219 
 220             System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
 221             protocols = socket.getEnabledProtocols();
 222             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 223 
 224             System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
 225             ciphers = socket.getEnabledCipherSuites();
 226             failed |= !checkCipherSuites(ciphers);
 227 
 228             System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
 229             protocols = socket.getSupportedProtocols();
 230             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 231 
 232             System.out.println(
 233                     "\t\tChecking SSLEngine.getSupportedCipherSuites()");
 234             ciphers = socket.getSupportedCipherSuites();
 235             failed |= !checkCipherSuites(ciphers);
 236 
 237             //
 238             // Check SSLServerSocket
 239             //
 240             // Check SSLParameters of SSLServerSocket
 241             System.out.println();
 242             System.out.println("\tChecking SSLServerSocket of this SSLContext");
 243             System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
 244             SSLServerSocketFactory sf = context.getServerSocketFactory();
 245             SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
 246             parameters = ssocket.getSSLParameters();
 247 
 248             protocols = parameters.getProtocols();
 249             failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
 250 
 251             ciphers = parameters.getCipherSuites();
 252             failed |= !checkCipherSuites(ciphers);
 253 
 254             System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
 255             protocols = ssocket.getEnabledProtocols();
 256             failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
 257 
 258             System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
 259             ciphers = ssocket.getEnabledCipherSuites();
 260             failed |= !checkCipherSuites(ciphers);
 261 
 262             System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
 263             protocols = ssocket.getSupportedProtocols();
 264             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 265 
 266             System.out.println(
 267                     "\t\tChecking SSLEngine.getSupportedCipherSuites()");
 268             ciphers = ssocket.getSupportedCipherSuites();
 269             failed |= !checkCipherSuites(ciphers);
 270         }
 271 
 272         if (failed) {
 273             throw new Exception("Run into problems, see log for more details");


 274         }
 275     }
 276 }
--- EOF ---