< prev index next >

test/jdk/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java

Print this page


   1 /*
   2  * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */


  32  */
  33 
  34 import java.security.Security;
  35 import java.util.Arrays;
  36 import java.util.HashSet;
  37 import java.util.Set;
  38 
  39 import javax.net.SocketFactory;
  40 import javax.net.ssl.KeyManager;
  41 import javax.net.ssl.SSLContext;
  42 import javax.net.ssl.SSLEngine;
  43 import javax.net.ssl.SSLParameters;
  44 import javax.net.ssl.SSLServerSocket;
  45 import javax.net.ssl.SSLServerSocketFactory;
  46 import javax.net.ssl.SSLSocket;
  47 import javax.net.ssl.TrustManager;
  48 
  49 public class DefaultEnabledProtocols {
  50     enum ContextVersion {
  51         TLS_CV_01("SSL",
  52                 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  53         TLS_CV_02("TLS",
  54                 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  55         TLS_CV_03("SSLv3",
  56                 new String[] {"SSLv3", "TLSv1"}),
  57         TLS_CV_04("TLSv1",
  58                 new String[] {"SSLv3", "TLSv1"}),
  59         TLS_CV_05("TLSv1.1",
  60                 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
  61         TLS_CV_06("TLSv1.2",
  62                 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
  63         TLS_CV_07("TLSv1.3",
  64                 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  65         TLS_CV_08("Default",
  66                 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
  67 
  68         final String contextVersion;
  69         final String[] enabledProtocols;
  70         final static String[] supportedProtocols = new String[] {
  71                 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};


  72 
  73         ContextVersion(String contextVersion, String[] enabledProtocols) {
  74             this.contextVersion = contextVersion;
  75             this.enabledProtocols = enabledProtocols;
  76         }
  77     }
  78 
  79     private static boolean checkProtocols(String[] target, String[] expected) {
  80         boolean success = true;
  81         if (target.length == 0) {
  82             System.out.println("\tError: No protocols");
  83             success = false;
  84         }
  85 
  86         if (!protocolEquals(target, expected)) {
  87             System.out.println("\tError: Expected to get protocols " +
  88                     Arrays.toString(expected));
  89             success = false;
  90         }
  91         System.out.println("\t  Protocols found " + Arrays.toString(target));

  92 
  93         return success;
  94     }
  95 
  96     private static boolean protocolEquals(
  97             String[] actualProtocols,
  98             String[] expectedProtocols) {
  99         if (actualProtocols.length != expectedProtocols.length) {
 100             return false;
 101         }
 102 
 103         Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
 104         for (String actual : actualProtocols) {
 105             if (set.add(actual)) {
 106                 return false;
 107             }
 108         }
 109 

 110         return true;
 111     }
 112 
 113     private static boolean checkCipherSuites(String[] target) {
 114         boolean success = true;
 115         if (target.length == 0) {
 116             System.out.println("\tError: No cipher suites");
 117             success = false;
 118         }
 119 
 120         return success;
 121     }
 122 
 123     public static void main(String[] args) throws Exception {
 124         // reset the security property to make sure that the algorithms
 125         // and keys used in this test are not disabled.
 126         Security.setProperty("jdk.tls.disabledAlgorithms", "");
 127 
 128         boolean failed = false;
 129         for (ContextVersion cv : ContextVersion.values()) {
 130             System.out.println("Checking SSLContext of " + cv.contextVersion);

 131             SSLContext context = SSLContext.getInstance(cv.contextVersion);
 132 
 133             // Default SSLContext is initialized automatically.
 134             if (!cv.contextVersion.equals("Default")) {
 135                 // Use default TK, KM and random.
 136                 context.init((KeyManager[])null, (TrustManager[])null, null);
 137             }
 138 
 139             //
 140             // Check SSLContext
 141             //
 142             // Check default SSLParameters of SSLContext
 143             System.out.println("\tChecking default SSLParameters");

 144             SSLParameters parameters = context.getDefaultSSLParameters();
 145 
 146             String[] protocols = parameters.getProtocols();
 147             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 148 
 149             String[] ciphers = parameters.getCipherSuites();
 150             failed |= !checkCipherSuites(ciphers);
 151 
 152             // Check supported SSLParameters of SSLContext
 153             System.out.println("\tChecking supported SSLParameters");
 154             parameters = context.getSupportedSSLParameters();
 155 
 156             protocols = parameters.getProtocols();
 157             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 158 
 159             ciphers = parameters.getCipherSuites();
 160             failed |= !checkCipherSuites(ciphers);
 161 
 162             //
 163             // Check SSLEngine
 164             //
 165             // Check SSLParameters of SSLEngine
 166             System.out.println();
 167             System.out.println("\tChecking SSLEngine of this SSLContext");
 168             System.out.println("\tChecking SSLEngine.getSSLParameters()");
 169             SSLEngine engine = context.createSSLEngine();
 170             engine.setUseClientMode(true);
 171             parameters = engine.getSSLParameters();
 172 
 173             protocols = parameters.getProtocols();
 174             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 175 
 176             ciphers = parameters.getCipherSuites();
 177             failed |= !checkCipherSuites(ciphers);
 178 
 179             System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
 180             protocols = engine.getEnabledProtocols();
 181             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 182 
 183             System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
 184             ciphers = engine.getEnabledCipherSuites();
 185             failed |= !checkCipherSuites(ciphers);
 186 
 187             System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
 188             protocols = engine.getSupportedProtocols();
 189             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 190 
 191             System.out.println(
 192                     "\tChecking SSLEngine.getSupportedCipherSuites()");
 193             ciphers = engine.getSupportedCipherSuites();
 194             failed |= !checkCipherSuites(ciphers);
 195 
 196             //
 197             // Check SSLSocket
 198             //
 199             // Check SSLParameters of SSLSocket
 200             System.out.println();
 201             System.out.println("\tChecking SSLSocket of this SSLContext");
 202             System.out.println("\tChecking SSLSocket.getSSLParameters()");
 203             SocketFactory fac = context.getSocketFactory();
 204             SSLSocket socket = (SSLSocket)fac.createSocket();
 205             parameters = socket.getSSLParameters();
 206 
 207             protocols = parameters.getProtocols();
 208             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 209 
 210             ciphers = parameters.getCipherSuites();
 211             failed |= !checkCipherSuites(ciphers);
 212 
 213             System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
 214             protocols = socket.getEnabledProtocols();
 215             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 216 
 217             System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
 218             ciphers = socket.getEnabledCipherSuites();
 219             failed |= !checkCipherSuites(ciphers);
 220 
 221             System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
 222             protocols = socket.getSupportedProtocols();
 223             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 224 
 225             System.out.println(
 226                     "\tChecking SSLEngine.getSupportedCipherSuites()");
 227             ciphers = socket.getSupportedCipherSuites();
 228             failed |= !checkCipherSuites(ciphers);
 229 
 230             //
 231             // Check SSLServerSocket
 232             //
 233             // Check SSLParameters of SSLServerSocket
 234             System.out.println();
 235             System.out.println("\tChecking SSLServerSocket of this SSLContext");
 236             System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
 237             SSLServerSocketFactory sf = context.getServerSocketFactory();
 238             SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
 239             parameters = ssocket.getSSLParameters();
 240 
 241             protocols = parameters.getProtocols();
 242             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 243 
 244             ciphers = parameters.getCipherSuites();
 245             failed |= !checkCipherSuites(ciphers);
 246 
 247             System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
 248             protocols = ssocket.getEnabledProtocols();
 249             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 250 
 251             System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
 252             ciphers = ssocket.getEnabledCipherSuites();
 253             failed |= !checkCipherSuites(ciphers);
 254 
 255             System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
 256             protocols = ssocket.getSupportedProtocols();
 257             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 258 
 259             System.out.println(
 260                     "\tChecking SSLEngine.getSupportedCipherSuites()");
 261             ciphers = ssocket.getSupportedCipherSuites();
 262             failed |= !checkCipherSuites(ciphers);
 263         }
 264 
 265         if (failed) {
 266             throw new Exception("Run into problems, see log for more details");
 267         } else {
 268             System.out.println("\t... Success");
 269         }
 270     }
 271 }
   1 /*
   2  * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */


  32  */
  33 
  34 import java.security.Security;
  35 import java.util.Arrays;
  36 import java.util.HashSet;
  37 import java.util.Set;
  38 
  39 import javax.net.SocketFactory;
  40 import javax.net.ssl.KeyManager;
  41 import javax.net.ssl.SSLContext;
  42 import javax.net.ssl.SSLEngine;
  43 import javax.net.ssl.SSLParameters;
  44 import javax.net.ssl.SSLServerSocket;
  45 import javax.net.ssl.SSLServerSocketFactory;
  46 import javax.net.ssl.SSLSocket;
  47 import javax.net.ssl.TrustManager;
  48 
  49 public class DefaultEnabledProtocols {
  50     enum ContextVersion {
  51         TLS_CV_01("SSL",
  52                 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  53         TLS_CV_02("TLS",
  54                 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  55         TLS_CV_03("SSLv3",
  56                 new String[] {"TLSv1"}),
  57         TLS_CV_04("TLSv1",
  58                 new String[] {"TLSv1"}),
  59         TLS_CV_05("TLSv1.1",
  60                 new String[] {"TLSv1", "TLSv1.1"}),
  61         TLS_CV_06("TLSv1.2",
  62                 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
  63         TLS_CV_07("TLSv1.3",
  64                 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
  65         TLS_CV_08("Default",
  66                 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
  67 
  68         final String contextVersion;
  69         final String[] enabledProtocols;
  70         final static String[] supportedProtocols = new String[] {
  71                 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
  72         final static String[] serverDefaultProtocols = new String[] {
  73                 "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
  74 
  75         ContextVersion(String contextVersion, String[] enabledProtocols) {
  76             this.contextVersion = contextVersion;
  77             this.enabledProtocols = enabledProtocols;
  78         }
  79     }
  80 
  81     private static boolean checkProtocols(String[] target, String[] expected) {
  82         boolean success = true;
  83         if (target.length == 0) {
  84             System.out.println("\t\t\t*** Error: No protocols");
  85             success = false;
  86         }
  87 
  88         if (!protocolEquals(target, expected)) {
  89             System.out.println("\t\t\t*** Error: Expected to get protocols " +
  90                     Arrays.toString(expected));
  91             success = false;
  92         }
  93         System.out.println("\t\t\t  Protocols found " + Arrays.toString(target));
  94         System.out.println("\t\t\t--> Protocol check passed!!");
  95 
  96         return success;
  97     }
  98 
  99     private static boolean protocolEquals(
 100             String[] actualProtocols,
 101             String[] expectedProtocols) {
 102         if (actualProtocols.length != expectedProtocols.length) {
 103             return false;
 104         }
 105 
 106         Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
 107         for (String actual : actualProtocols) {
 108             if (set.add(actual)) {
 109                 return false;
 110             }
 111         }
 112 
 113         System.out.println("\t\t\t--> Cipher check passed!!");
 114         return true;
 115     }
 116 
 117     private static boolean checkCipherSuites(String[] target) {
 118         boolean success = true;
 119         if (target.length == 0) {
 120             System.out.println("\t\t\t*** Error: No cipher suites");
 121             success = false;
 122         }
 123 
 124         return success;
 125     }
 126 
 127     public static void main(String[] args) throws Exception {
 128         // reset the security property to make sure that the algorithms
 129         // and keys used in this test are not disabled.
 130         Security.setProperty("jdk.tls.disabledAlgorithms", "");
 131 
 132         boolean failed = false;
 133         for (ContextVersion cv : ContextVersion.values()) {
 134             System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
 135             System.out.println("============================");
 136             SSLContext context = SSLContext.getInstance(cv.contextVersion);
 137 
 138             // Default SSLContext is initialized automatically.
 139             if (!cv.contextVersion.equals("Default")) {
 140                 // Use default TK, KM and random.
 141                 context.init((KeyManager[])null, (TrustManager[])null, null);
 142             }
 143 
 144             //
 145             // Check SSLContext
 146             //
 147             // Check default SSLParameters of SSLContext
 148             System.out.println("\tChecking default SSLParameters");
 149             System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
 150             SSLParameters parameters = context.getDefaultSSLParameters();
 151 
 152             String[] protocols = parameters.getProtocols();
 153             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 154 
 155             String[] ciphers = parameters.getCipherSuites();
 156             failed |= !checkCipherSuites(ciphers);
 157 
 158             // Check supported SSLParameters of SSLContext
 159             System.out.println("\t\tChecking SSLContext.getSupportedSSLParameters().getProtocols()");
 160             parameters = context.getSupportedSSLParameters();
 161 
 162             protocols = parameters.getProtocols();
 163             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 164 
 165             ciphers = parameters.getCipherSuites();
 166             failed |= !checkCipherSuites(ciphers);
 167 
 168             //
 169             // Check SSLEngine
 170             //
 171             // Check SSLParameters of SSLEngine
 172             System.out.println();
 173             System.out.println("\tChecking SSLEngine of this SSLContext");
 174             System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
 175             SSLEngine engine = context.createSSLEngine();
 176             engine.setUseClientMode(true);
 177             parameters = engine.getSSLParameters();
 178 
 179             protocols = parameters.getProtocols();
 180             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 181 
 182             ciphers = parameters.getCipherSuites();
 183             failed |= !checkCipherSuites(ciphers);
 184 
 185             System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
 186             protocols = engine.getEnabledProtocols();
 187             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 188 
 189             System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
 190             ciphers = engine.getEnabledCipherSuites();
 191             failed |= !checkCipherSuites(ciphers);
 192 
 193             System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
 194             protocols = engine.getSupportedProtocols();
 195             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 196 
 197             System.out.println(
 198                     "\t\tChecking SSLEngine.getSupportedCipherSuites()");
 199             ciphers = engine.getSupportedCipherSuites();
 200             failed |= !checkCipherSuites(ciphers);
 201 
 202             //
 203             // Check SSLSocket
 204             //
 205             // Check SSLParameters of SSLSocket
 206             System.out.println();
 207             System.out.println("\tChecking SSLSocket of this SSLContext");
 208             System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
 209             SocketFactory fac = context.getSocketFactory();
 210             SSLSocket socket = (SSLSocket)fac.createSocket();
 211             parameters = socket.getSSLParameters();
 212 
 213             protocols = parameters.getProtocols();
 214             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 215 
 216             ciphers = parameters.getCipherSuites();
 217             failed |= !checkCipherSuites(ciphers);
 218 
 219             System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
 220             protocols = socket.getEnabledProtocols();
 221             failed |= !checkProtocols(protocols, cv.enabledProtocols);
 222 
 223             System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
 224             ciphers = socket.getEnabledCipherSuites();
 225             failed |= !checkCipherSuites(ciphers);
 226 
 227             System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
 228             protocols = socket.getSupportedProtocols();
 229             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 230 
 231             System.out.println(
 232                     "\t\tChecking SSLEngine.getSupportedCipherSuites()");
 233             ciphers = socket.getSupportedCipherSuites();
 234             failed |= !checkCipherSuites(ciphers);
 235 
 236             //
 237             // Check SSLServerSocket
 238             //
 239             // Check SSLParameters of SSLServerSocket
 240             System.out.println();
 241             System.out.println("\tChecking SSLServerSocket of this SSLContext");
 242             System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
 243             SSLServerSocketFactory sf = context.getServerSocketFactory();
 244             SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
 245             parameters = ssocket.getSSLParameters();
 246 
 247             protocols = parameters.getProtocols();
 248             failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
 249 
 250             ciphers = parameters.getCipherSuites();
 251             failed |= !checkCipherSuites(ciphers);
 252 
 253             System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
 254             protocols = ssocket.getEnabledProtocols();
 255             failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
 256 
 257             System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
 258             ciphers = ssocket.getEnabledCipherSuites();
 259             failed |= !checkCipherSuites(ciphers);
 260 
 261             System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
 262             protocols = ssocket.getSupportedProtocols();
 263             failed |= !checkProtocols(protocols, cv.supportedProtocols);
 264 
 265             System.out.println(
 266                     "\t\tChecking SSLEngine.getSupportedCipherSuites()");
 267             ciphers = ssocket.getSupportedCipherSuites();
 268             failed |= !checkCipherSuites(ciphers);
 269         }
 270 
 271         if (failed) {
 272             throw new Exception("Run into problems, see log for more details");


 273         }
 274     }
 275 }
< prev index next >