1 /*
   2  * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 // SunJSSE does not support dynamic system properties, no way to re-use
  25 // system properties in samevm/agentvm mode.
  26 
  27 /*
  28  * @test
  29  * @bug 8196584 8190492
  30  * @summary Test jdk.tls.server.protocols with TLS
  31  * @run main/othervm -Djdk.tls.server.protocols="SSLv3,TLSv1,TLSv1.1"
  32  *      CustomizedServerDefaultProtocols
  33  */
  34 
  35 import java.security.Security;
  36 import java.util.Arrays;
  37 import java.util.HashSet;
  38 import java.util.Set;
  39 
  40 import javax.net.SocketFactory;
  41 import javax.net.ssl.SSLContext;
  42 import javax.net.ssl.SSLEngine;
  43 import javax.net.ssl.SSLParameters;
  44 import javax.net.ssl.SSLServerSocket;
  45 import javax.net.ssl.SSLServerSocketFactory;
  46 import javax.net.ssl.SSLSocket;
  47 
  48 public class CustomizedServerDefaultProtocols {
  49 
  50     final static String[] supportedProtocols = new String[]{
  51             "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
  52     final static String[] serverDefaultProtocols = new String[] {
  53             "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
  54 
  55     enum ContextVersion {
  56         TLS_CV_01("SSL",
  57                 new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
  58                 new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  59         TLS_CV_02("TLS",
  60                 new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
  61                 new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  62         TLS_CV_03("SSLv3",
  63                 serverDefaultProtocols,
  64                 new String[]{"TLSv1"}),
  65         TLS_CV_04("TLSv1",
  66                 serverDefaultProtocols,
  67                 new String[]{"TLSv1"}),
  68         TLS_CV_05("TLSv1.1",
  69                 serverDefaultProtocols,
  70                 new String[]{"TLSv1", "TLSv1.1"}),
  71         TLS_CV_06("TLSv1.2",
  72                 serverDefaultProtocols,
  73                 new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"}),
  74         TLS_CV_07("TLSv1.3",
  75                 serverDefaultProtocols,
  76                 new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  77         TLS_CV_08("Default",
  78                 new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
  79                 new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
  80 
  81         final String contextVersion;
  82         final String[] serverEnabledProtocols;
  83         final String[] clientEnabledProtocols;
  84 
  85         ContextVersion(String contextVersion, String[] serverEnabledProtocols,
  86                 String[] clientEnabledProtocols) {
  87             this.contextVersion = contextVersion;
  88             this.serverEnabledProtocols = serverEnabledProtocols;
  89             this.clientEnabledProtocols = clientEnabledProtocols;
  90         }
  91     }
  92 
  93     private static boolean checkProtocols(String[] target, String[] expected) {
  94         boolean success = true;
  95         if (target.length == 0) {
  96             System.out.println("\t\t\t*** Error: No protocols");
  97             success = false;
  98         }
  99 
 100         if (!protocolEquals(target, expected)) {
 101             System.out.println("\t\t\t*** Error: Expected to get protocols " +
 102                     Arrays.toString(expected));
 103             success = false;
 104         }
 105         System.out.println("\t\t\t  Protocols found " + Arrays.toString(target));
 106         System.out.println("\t\t\t--> Protocol check passed!!");
 107 
 108         return success;
 109     }
 110 
 111     private static boolean protocolEquals(
 112             String[] actualProtocols,
 113             String[] expectedProtocols) {
 114         if (actualProtocols.length != expectedProtocols.length) {
 115             return false;
 116         }
 117 
 118         Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
 119         for (String actual : actualProtocols) {
 120             if (set.add(actual)) {
 121                 return false;
 122             }
 123         }
 124 
 125         return true;
 126     }
 127 
 128     private static boolean checkCipherSuites(String[] target) {
 129         boolean success = true;
 130         if (target.length == 0) {
 131             System.out.println("\t\t\t*** Error: No cipher suites");
 132             success = false;
 133         }
 134 
 135         System.out.println("\t\t\t--> Cipher check passed!!");
 136         return success;
 137     }
 138 
 139     public static void main(String[] args) throws Exception {
 140         // reset the security property to make sure that the algorithms
 141         // and keys used in this test are not disabled.
 142         Security.setProperty("jdk.tls.disabledAlgorithms", "");
 143         System.out.println("jdk.tls.client.protocols = " +
 144                 System.getProperty("jdk.tls.client.protocols"));
 145         System.out.println("jdk.tls.server.protocols = "+
 146                 System.getProperty("jdk.tls.server.protocols"));
 147         Test();
 148     }
 149 
 150     static void Test() throws Exception {
 151         boolean failed = false;
 152 
 153         for (ContextVersion cv : ContextVersion.values()) {
 154             System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
 155             System.out.println("============================");
 156             SSLContext context = SSLContext.getInstance(cv.contextVersion);
 157 
 158             // Default SSLContext is initialized automatically.
 159             if (!cv.contextVersion.equals("Default")) {
 160                 // Use default TK, KM and random.
 161                 context.init(null, null, null);
 162             }
 163 
 164             //
 165             // Check SSLContext
 166             //
 167             // Check default SSLParameters of SSLContext
 168             System.out.println("\tChecking default SSLParameters");
 169             System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
 170             SSLParameters parameters = context.getDefaultSSLParameters();
 171 
 172             String[] protocols = parameters.getProtocols();
 173             failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
 174 
 175             String[] ciphers = parameters.getCipherSuites();
 176             failed |= !checkCipherSuites(ciphers);
 177 
 178             // Check supported SSLParameters of SSLContext
 179             System.out.println("\t\tChecking supported SSLParameters");
 180             parameters = context.getSupportedSSLParameters();
 181 
 182             protocols = parameters.getProtocols();
 183             failed |= !checkProtocols(protocols, supportedProtocols);
 184 
 185             ciphers = parameters.getCipherSuites();
 186             failed |= !checkCipherSuites(ciphers);
 187 
 188             //
 189             // Check SSLEngine
 190             //
 191             // Check SSLParameters of SSLEngine
 192             System.out.println();
 193             System.out.println("\tChecking SSLEngine of this SSLContext");
 194             System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
 195             SSLEngine engine = context.createSSLEngine();
 196             engine.setUseClientMode(true);
 197             parameters = engine.getSSLParameters();
 198 
 199             protocols = parameters.getProtocols();
 200             failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
 201 
 202             ciphers = parameters.getCipherSuites();
 203             failed |= !checkCipherSuites(ciphers);
 204 
 205             System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
 206             protocols = engine.getEnabledProtocols();
 207             failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
 208 
 209             System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
 210             ciphers = engine.getEnabledCipherSuites();
 211             failed |= !checkCipherSuites(ciphers);
 212 
 213             System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
 214             protocols = engine.getSupportedProtocols();
 215             failed |= !checkProtocols(protocols, supportedProtocols);
 216 
 217             System.out.println(
 218                     "\t\tChecking SSLEngine.getSupportedCipherSuites()");
 219             ciphers = engine.getSupportedCipherSuites();
 220             failed |= !checkCipherSuites(ciphers);
 221 
 222             //
 223             // Check SSLSocket
 224             //
 225             // Check SSLParameters of SSLSocket
 226             System.out.println();
 227             System.out.println("\tChecking SSLSocket of this SSLContext");
 228             System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
 229             SocketFactory fac = context.getSocketFactory();
 230             SSLSocket socket = (SSLSocket) fac.createSocket();
 231             parameters = socket.getSSLParameters();
 232 
 233             protocols = parameters.getProtocols();
 234             failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
 235 
 236             ciphers = parameters.getCipherSuites();
 237             failed |= !checkCipherSuites(ciphers);
 238 
 239             System.out.println("\t\tChecking SSLSocket.getEnabledProtocols()");
 240             protocols = socket.getEnabledProtocols();
 241             failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
 242 
 243             System.out.println("\t\tChecking SSLSocket.getEnabledCipherSuites()");
 244             ciphers = socket.getEnabledCipherSuites();
 245             failed |= !checkCipherSuites(ciphers);
 246 
 247             System.out.println("\t\tChecking SSLSocket.getSupportedProtocols()");
 248             protocols = socket.getSupportedProtocols();
 249             failed |= !checkProtocols(protocols, supportedProtocols);
 250 
 251             System.out.println(
 252                     "\t\tChecking SSLSocket.getSupportedCipherSuites()");
 253             ciphers = socket.getSupportedCipherSuites();
 254             failed |= !checkCipherSuites(ciphers);
 255 
 256             //
 257             // Check SSLServerSocket
 258             //
 259             // Check SSLParameters of SSLServerSocket
 260             System.out.println();
 261             System.out.println("\tChecking SSLServerSocket of this SSLContext");
 262             System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
 263             SSLServerSocketFactory sf = context.getServerSocketFactory();
 264             SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket();
 265             parameters = ssocket.getSSLParameters();
 266 
 267             protocols = parameters.getProtocols();
 268             failed |= !checkProtocols(protocols, cv.serverEnabledProtocols);
 269 
 270             ciphers = parameters.getCipherSuites();
 271             failed |= !checkCipherSuites(ciphers);
 272 
 273             System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
 274             protocols = ssocket.getEnabledProtocols();
 275             failed |= !checkProtocols(protocols, cv.serverEnabledProtocols);
 276 
 277             System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
 278             ciphers = ssocket.getEnabledCipherSuites();
 279             failed |= !checkCipherSuites(ciphers);
 280 
 281             System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
 282             protocols = ssocket.getSupportedProtocols();
 283             failed |= !checkProtocols(protocols, supportedProtocols);
 284 
 285             System.out.println(
 286                     "\t\tChecking SSLEngine.getSupportedCipherSuites()");
 287             ciphers = ssocket.getSupportedCipherSuites();
 288             failed |= !checkCipherSuites(ciphers);
 289 
 290             if (failed) {
 291                 throw new Exception("Run into problems, see log for more details");
 292             }
 293         }
 294     }
 295 }