1 /*
   2  * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 // SunJSSE does not support dynamic system properties, no way to re-use
  25 // system properties in samevm/agentvm mode.
  26 
  27 /*
  28  * @test
  29  * @summary Test jdk.tls.server.protocols with TLS
  30  * @run main/othervm -Djdk.tls.server.protocols="SSLv3,TLSv1,TLSv1.1"
  31  *      CustomizedServerDefaultProtocols
  32  */
  33 
  34 import java.security.Security;
  35 import java.util.Arrays;
  36 import java.util.HashSet;
  37 import java.util.Set;
  38 
  39 import javax.net.SocketFactory;
  40 import javax.net.ssl.SSLContext;
  41 import javax.net.ssl.SSLEngine;
  42 import javax.net.ssl.SSLParameters;
  43 import javax.net.ssl.SSLServerSocket;
  44 import javax.net.ssl.SSLServerSocketFactory;
  45 import javax.net.ssl.SSLSocket;
  46 
  47 public class CustomizedServerDefaultProtocols {
  48 
  49     final static String[] supportedProtocols = new String[]{
  50             "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
  51 
  52     enum ContextVersion {
  53         TLS_CV_01("SSL",
  54                 new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
  55                 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  56         TLS_CV_02("TLS",
  57                 new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
  58                 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  59         TLS_CV_03("SSLv3",
  60                 supportedProtocols,
  61                 new String[]{"SSLv3", "TLSv1"}),
  62         TLS_CV_04("TLSv1",
  63                 supportedProtocols,
  64                 new String[]{"SSLv3", "TLSv1"}),
  65         TLS_CV_05("TLSv1.1",
  66                 supportedProtocols,
  67                 new String[]{"SSLv3", "TLSv1", "TLSv1.1"}),
  68         TLS_CV_06("TLSv1.2",
  69                 supportedProtocols,
  70                 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
  71         TLS_CV_07("TLSv1.3",
  72                 supportedProtocols,
  73                 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  74         TLS_CV_08("Default",
  75                 new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
  76                 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
  77 
  78         final String contextVersion;
  79         final String[] serverEnabledProtocols;
  80         final String[] clientEnabledProtocols;
  81 
  82         ContextVersion(String contextVersion, String[] serverEnabledProtocols,
  83                 String[] clientEnabledProtocols) {
  84             this.contextVersion = contextVersion;
  85             this.serverEnabledProtocols = serverEnabledProtocols;
  86             this.clientEnabledProtocols = clientEnabledProtocols;
  87         }
  88     }
  89 
  90     private static boolean checkProtocols(String[] target, String[] expected) {
  91         boolean success = true;
  92         if (target.length == 0) {
  93             System.out.println("\tError: No protocols");
  94             success = false;
  95         }
  96 
  97         if (!protocolEquals(target, expected)) {
  98             System.out.println("\tError: Expected to get protocols " +
  99                     Arrays.toString(expected));
 100             success = false;
 101         }
 102         System.out.println("\t  Protocols found " + Arrays.toString(target));
 103         return success;
 104     }
 105 
 106     private static boolean protocolEquals(
 107             String[] actualProtocols,
 108             String[] expectedProtocols) {
 109         if (actualProtocols.length != expectedProtocols.length) {
 110             return false;
 111         }
 112 
 113         Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
 114         for (String actual : actualProtocols) {
 115             if (set.add(actual)) {
 116                 return false;
 117             }
 118         }
 119 
 120         return true;
 121     }
 122 
 123     private static boolean checkCipherSuites(String[] target) {
 124         boolean success = true;
 125         if (target.length == 0) {
 126             System.out.println("\tError: No cipher suites");
 127             success = false;
 128         }
 129 
 130         return success;
 131     }
 132 
 133     public static void main(String[] args) throws Exception {
 134         // reset the security property to make sure that the algorithms
 135         // and keys used in this test are not disabled.
 136         Security.setProperty("jdk.tls.disabledAlgorithms", "");
 137         System.out.println("jdk.tls.client.protocols = " +
 138                 System.getProperty("jdk.tls.client.protocols"));
 139         System.out.println("jdk.tls.server.protocols = "+
 140                 System.getProperty("jdk.tls.server.protocols"));
 141         Test();
 142     }
 143 
 144     static void Test() throws Exception {
 145         boolean failed = false;
 146 
 147         for (ContextVersion cv : ContextVersion.values()) {
 148             System.out.println("Checking SSLContext of " + cv.contextVersion);
 149             SSLContext context = SSLContext.getInstance(cv.contextVersion);
 150 
 151             // Default SSLContext is initialized automatically.
 152             if (!cv.contextVersion.equals("Default")) {
 153                 // Use default TK, KM and random.
 154                 context.init(null, null, null);
 155             }
 156 
 157             //
 158             // Check SSLContext
 159             //
 160             // Check default SSLParameters of SSLContext
 161             System.out.println("\tChecking default SSLParameters");
 162             SSLParameters parameters = context.getDefaultSSLParameters();
 163 
 164             String[] protocols = parameters.getProtocols();
 165             failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
 166 
 167             String[] ciphers = parameters.getCipherSuites();
 168             failed |= !checkCipherSuites(ciphers);
 169 
 170             // Check supported SSLParameters of SSLContext
 171             System.out.println("\tChecking supported SSLParameters");
 172             parameters = context.getSupportedSSLParameters();
 173 
 174             protocols = parameters.getProtocols();
 175             failed |= !checkProtocols(protocols, supportedProtocols);
 176 
 177             ciphers = parameters.getCipherSuites();
 178             failed |= !checkCipherSuites(ciphers);
 179 
 180             //
 181             // Check SSLEngine
 182             //
 183             // Check SSLParameters of SSLEngine
 184             System.out.println();
 185             System.out.println("\tChecking SSLEngine of this SSLContext");
 186             System.out.println("\tChecking SSLEngine.getSSLParameters()");
 187             SSLEngine engine = context.createSSLEngine();
 188             engine.setUseClientMode(true);
 189             parameters = engine.getSSLParameters();
 190 
 191             protocols = parameters.getProtocols();
 192             failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
 193 
 194             ciphers = parameters.getCipherSuites();
 195             failed |= !checkCipherSuites(ciphers);
 196 
 197             System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
 198             protocols = engine.getEnabledProtocols();
 199             failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
 200 
 201             System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
 202             ciphers = engine.getEnabledCipherSuites();
 203             failed |= !checkCipherSuites(ciphers);
 204 
 205             System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
 206             protocols = engine.getSupportedProtocols();
 207             failed |= !checkProtocols(protocols, supportedProtocols);
 208 
 209             System.out.println(
 210                     "\tChecking SSLEngine.getSupportedCipherSuites()");
 211             ciphers = engine.getSupportedCipherSuites();
 212             failed |= !checkCipherSuites(ciphers);
 213 
 214             //
 215             // Check SSLSocket
 216             //
 217             // Check SSLParameters of SSLSocket
 218             System.out.println();
 219             System.out.println("\tChecking SSLSocket of this SSLContext");
 220             System.out.println("\tChecking SSLSocket.getSSLParameters()");
 221             SocketFactory fac = context.getSocketFactory();
 222             SSLSocket socket = (SSLSocket) fac.createSocket();
 223             parameters = socket.getSSLParameters();
 224 
 225             protocols = parameters.getProtocols();
 226             failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
 227 
 228             ciphers = parameters.getCipherSuites();
 229             failed |= !checkCipherSuites(ciphers);
 230 
 231             System.out.println("\tChecking SSLSocket.getEnabledProtocols()");
 232             protocols = socket.getEnabledProtocols();
 233             failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
 234 
 235             System.out.println("\tChecking SSLSocket.getEnabledCipherSuites()");
 236             ciphers = socket.getEnabledCipherSuites();
 237             failed |= !checkCipherSuites(ciphers);
 238 
 239             System.out.println("\tChecking SSLSocket.getSupportedProtocols()");
 240             protocols = socket.getSupportedProtocols();
 241             failed |= !checkProtocols(protocols, supportedProtocols);
 242 
 243             System.out.println(
 244                     "\tChecking SSLSocket.getSupportedCipherSuites()");
 245             ciphers = socket.getSupportedCipherSuites();
 246             failed |= !checkCipherSuites(ciphers);
 247 
 248             //
 249             // Check SSLServerSocket
 250             //
 251             // Check SSLParameters of SSLServerSocket
 252             System.out.println();
 253             System.out.println("\tChecking SSLServerSocket of this SSLContext");
 254             System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
 255             SSLServerSocketFactory sf = context.getServerSocketFactory();
 256             SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket();
 257             parameters = ssocket.getSSLParameters();
 258 
 259             protocols = parameters.getProtocols();
 260             failed |= !checkProtocols(protocols, cv.serverEnabledProtocols);
 261 
 262             ciphers = parameters.getCipherSuites();
 263             failed |= !checkCipherSuites(ciphers);
 264 
 265             System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
 266             protocols = ssocket.getEnabledProtocols();
 267             failed |= !checkProtocols(protocols, cv.serverEnabledProtocols);
 268 
 269             System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
 270             ciphers = ssocket.getEnabledCipherSuites();
 271             failed |= !checkCipherSuites(ciphers);
 272 
 273             System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
 274             protocols = ssocket.getSupportedProtocols();
 275             failed |= !checkProtocols(protocols, supportedProtocols);
 276 
 277             System.out.println(
 278                     "\tChecking SSLEngine.getSupportedCipherSuites()");
 279             ciphers = ssocket.getSupportedCipherSuites();
 280             failed |= !checkCipherSuites(ciphers);
 281 
 282             if (failed) {
 283                 throw new Exception("Run into problems, see log for more details");
 284             } else {
 285                 System.out.println("\t... Success");
 286             }
 287         }
 288     }
 289 }