1 /*
   2  * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 // SunJSSE does not support dynamic system properties, no way to re-use
  25 // system properties in samevm/agentvm mode.
  26 
  27 /*
  28  * @test
  29  * @bug 7093640
  30  * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
  31  * @run main/othervm DefaultEnabledProtocols
  32  */
  33 
  34 import java.security.Security;
  35 import java.util.Arrays;
  36 import java.util.HashSet;
  37 import java.util.Set;
  38 
  39 import javax.net.SocketFactory;
  40 import javax.net.ssl.KeyManager;
  41 import javax.net.ssl.SSLContext;
  42 import javax.net.ssl.SSLEngine;
  43 import javax.net.ssl.SSLParameters;
  44 import javax.net.ssl.SSLServerSocket;
  45 import javax.net.ssl.SSLServerSocketFactory;
  46 import javax.net.ssl.SSLSocket;
  47 import javax.net.ssl.TrustManager;
  48 
  49 public class DefaultEnabledProtocols {
  50     enum ContextVersion {
  51         TLS_CV_01("SSL",
  52                 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  53         TLS_CV_02("TLS",
  54                 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  55         TLS_CV_03("SSLv3",
  56                 new String[] {"SSLv3", "TLSv1"}),
  57         TLS_CV_04("TLSv1",
  58                 new String[] {"SSLv3", "TLSv1"}),
  59         TLS_CV_05("TLSv1.1",
  60                 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
  61         TLS_CV_06("TLSv1.2",
  62                 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
  63         TLS_CV_07("TLSv1.3",
  64                 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  65         TLS_CV_08("Default",
  66                 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
  67 
  68         final String contextVersion;
  69         final String[] enabledProtocols;
  70         final static String[] supportedProtocols = new String[] {
  71                 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
  72 
  73         ContextVersion(String contextVersion, String[] enabledProtocols) {
  74             this.contextVersion = contextVersion;
  75             this.enabledProtocols = enabledProtocols;
  76         }
  77     }
  78 
  79     private static boolean checkProtocols(String[] target, String[] expected) {
  80         boolean success = true;
  81         if (target.length == 0) {
  82             System.out.println("\tError: No protocols");
  83             success = false;
  84         }
  85 
  86         if (!protocolEquals(target, expected)) {
  87             System.out.println("\tError: Expected to get protocols " +
  88                     Arrays.toString(expected));
  89             success = false;
  90         }
  91         System.out.println("\t  Protocols found " + Arrays.toString(target));
  92 
  93         return success;
  94     }
  95 
  96     private static boolean protocolEquals(
  97             String[] actualProtocols,
  98             String[] expectedProtocols) {
  99         if (actualProtocols.length != expectedProtocols.length) {
 100             return false;
 101         }
 102 
 103         Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
 104         for (String actual : actualProtocols) {
 105             if (set.add(actual)) {
 106                 return false;
 107             }
 108         }
 109 
 110         return true;
 111     }
 112 
 113     private static boolean checkCipherSuites(String[] target) {
 114         boolean success = true;
 115         if (target.length == 0) {
 116             System.out.println("\tError: No cipher suites");
 117             success = false;
 118         }
 119 
 120         return success;
 121     }
 122 
 123     public static void main(String[] args) throws Exception {
 124         // reset the security property to make sure that the algorithms
 125         // and keys used in this test are not disabled.
 126         Security.setProperty("jdk.tls.disabledAlgorithms", "");
 127 
 128         boolean failed = false;
 129         for (ContextVersion cv : ContextVersion.values()) {
 130             System.out.println("Checking SSLContext of " + cv.contextVersion);
 131             SSLContext context = SSLContext.getInstance(cv.contextVersion);
 132 
 133             // Default SSLContext is initialized automatically.
 134             if (!cv.contextVersion.equals("Default")) {
 135                 // Use default TK, KM and random.
 136                 context.init((KeyManager[])null, (TrustManager[])null, null);
 137             }
 138 
 139             //
 140             // Check SSLContext
 141             //
 142             // Check default SSLParameters of SSLContext
 143             System.out.println("\tChecking default SSLParameters");
 144             SSLParameters parameters = context.getDefaultSSLParameters();
 145 
 146             String[] protocols = parameters.getProtocols();
 147             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 148 
 149             String[] ciphers = parameters.getCipherSuites();
 150             failed |= !checkCipherSuites(ciphers);
 151 
 152             // Check supported SSLParameters of SSLContext
 153             System.out.println("\tChecking supported SSLParameters");
 154             parameters = context.getSupportedSSLParameters();
 155 
 156             protocols = parameters.getProtocols();
 157             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 158 
 159             ciphers = parameters.getCipherSuites();
 160             failed |= !checkCipherSuites(ciphers);
 161 
 162             //
 163             // Check SSLEngine
 164             //
 165             // Check SSLParameters of SSLEngine
 166             System.out.println();
 167             System.out.println("\tChecking SSLEngine of this SSLContext");
 168             System.out.println("\tChecking SSLEngine.getSSLParameters()");
 169             SSLEngine engine = context.createSSLEngine();
 170             engine.setUseClientMode(true);
 171             parameters = engine.getSSLParameters();
 172 
 173             protocols = parameters.getProtocols();
 174             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 175 
 176             ciphers = parameters.getCipherSuites();
 177             failed |= !checkCipherSuites(ciphers);
 178 
 179             System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
 180             protocols = engine.getEnabledProtocols();
 181             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 182 
 183             System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
 184             ciphers = engine.getEnabledCipherSuites();
 185             failed |= !checkCipherSuites(ciphers);
 186 
 187             System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
 188             protocols = engine.getSupportedProtocols();
 189             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 190 
 191             System.out.println(
 192                     "\tChecking SSLEngine.getSupportedCipherSuites()");
 193             ciphers = engine.getSupportedCipherSuites();
 194             failed |= !checkCipherSuites(ciphers);
 195 
 196             //
 197             // Check SSLSocket
 198             //
 199             // Check SSLParameters of SSLSocket
 200             System.out.println();
 201             System.out.println("\tChecking SSLSocket of this SSLContext");
 202             System.out.println("\tChecking SSLSocket.getSSLParameters()");
 203             SocketFactory fac = context.getSocketFactory();
 204             SSLSocket socket = (SSLSocket)fac.createSocket();
 205             parameters = socket.getSSLParameters();
 206 
 207             protocols = parameters.getProtocols();
 208             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 209 
 210             ciphers = parameters.getCipherSuites();
 211             failed |= !checkCipherSuites(ciphers);
 212 
 213             System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
 214             protocols = socket.getEnabledProtocols();
 215             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 216 
 217             System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
 218             ciphers = socket.getEnabledCipherSuites();
 219             failed |= !checkCipherSuites(ciphers);
 220 
 221             System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
 222             protocols = socket.getSupportedProtocols();
 223             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 224 
 225             System.out.println(
 226                     "\tChecking SSLEngine.getSupportedCipherSuites()");
 227             ciphers = socket.getSupportedCipherSuites();
 228             failed |= !checkCipherSuites(ciphers);
 229 
 230             //
 231             // Check SSLServerSocket
 232             //
 233             // Check SSLParameters of SSLServerSocket
 234             System.out.println();
 235             System.out.println("\tChecking SSLServerSocket of this SSLContext");
 236             System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
 237             SSLServerSocketFactory sf = context.getServerSocketFactory();
 238             SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
 239             parameters = ssocket.getSSLParameters();
 240 
 241             protocols = parameters.getProtocols();
 242             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 243 
 244             ciphers = parameters.getCipherSuites();
 245             failed |= !checkCipherSuites(ciphers);
 246 
 247             System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
 248             protocols = ssocket.getEnabledProtocols();
 249             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 250 
 251             System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
 252             ciphers = ssocket.getEnabledCipherSuites();
 253             failed |= !checkCipherSuites(ciphers);
 254 
 255             System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
 256             protocols = ssocket.getSupportedProtocols();
 257             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 258 
 259             System.out.println(
 260                     "\tChecking SSLEngine.getSupportedCipherSuites()");
 261             ciphers = ssocket.getSupportedCipherSuites();
 262             failed |= !checkCipherSuites(ciphers);
 263         }
 264 
 265         if (failed) {
 266             throw new Exception("Run into problems, see log for more details");
 267         } else {
 268             System.out.println("\t... Success");
 269         }
 270     }
 271 }