1 /*
2 * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 7174244
32 * @summary NPE in Krb5ProxyImpl.getServerKeys()
33 * @run main/othervm CipherSuitesInOrder
34 */
35
36 import java.util.*;
37 import javax.net.ssl.*;
38 import java.security.Security;
39
40 public class CipherSuitesInOrder {
41
42 // supported ciphersuites
43 private final static List<String> supportedCipherSuites =
44 Arrays.<String>asList(
45 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
46 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
47 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
48 "TLS_RSA_WITH_AES_256_GCM_SHA384",
49 "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
50 "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
51 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
52 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
53 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
54 "TLS_RSA_WITH_AES_128_GCM_SHA256",
55 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
56 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
57 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
58 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
59
60 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
61 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
62 "TLS_RSA_WITH_AES_256_CBC_SHA256",
63 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
64 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
65 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
66 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
67 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
68 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
69 "TLS_RSA_WITH_AES_256_CBC_SHA",
70 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
71 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
72 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
73 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
74 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
75 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
76 "TLS_RSA_WITH_AES_128_CBC_SHA256",
77 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
78 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
79 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
80 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
81 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
82 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
83 "TLS_RSA_WITH_AES_128_CBC_SHA",
84 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
85 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
86 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
87 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
88
89 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
90 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
91 "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
92 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
93 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
94 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
95 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
96
97 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
98
99 "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
100 "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
101
102 "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
103 "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
104 "TLS_DH_anon_WITH_AES_256_CBC_SHA",
105 "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
106 "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
107 "TLS_DH_anon_WITH_AES_128_CBC_SHA",
108 "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
109 "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
110
111 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
112 "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
113 "SSL_RSA_WITH_RC4_128_SHA",
114 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
115 "TLS_ECDH_RSA_WITH_RC4_128_SHA",
116 "SSL_RSA_WITH_RC4_128_MD5",
117 "TLS_ECDH_anon_WITH_RC4_128_SHA",
118 "SSL_DH_anon_WITH_RC4_128_MD5",
119
120 "SSL_RSA_WITH_DES_CBC_SHA",
121 "SSL_DHE_RSA_WITH_DES_CBC_SHA",
122 "SSL_DHE_DSS_WITH_DES_CBC_SHA",
123 "SSL_DH_anon_WITH_DES_CBC_SHA",
124 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
125 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
126 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
127 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
128
129 "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
130 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
131
132 "TLS_RSA_WITH_NULL_SHA256",
133 "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
134 "TLS_ECDHE_RSA_WITH_NULL_SHA",
135 "SSL_RSA_WITH_NULL_SHA",
136 "TLS_ECDH_ECDSA_WITH_NULL_SHA",
137 "TLS_ECDH_RSA_WITH_NULL_SHA",
138 "TLS_ECDH_anon_WITH_NULL_SHA",
139 "SSL_RSA_WITH_NULL_MD5",
140
141 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
142 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
143 "TLS_KRB5_WITH_RC4_128_SHA",
144 "TLS_KRB5_WITH_RC4_128_MD5",
145 "TLS_KRB5_WITH_DES_CBC_SHA",
146 "TLS_KRB5_WITH_DES_CBC_MD5",
147 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
148 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
149 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
150 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"
151 );
152
153 private final static String[] protocols = {
154 "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"
155 };
156
157
158 public static void main(String[] args) throws Exception {
159 // show all of the supported cipher suites
160 showSuites(supportedCipherSuites.toArray(new String[0]),
161 "All supported cipher suites");
162
163 for (String protocol : protocols) {
164 System.out.println("//");
165 System.out.println("// " +
166 "Testing for SSLContext of " + protocol);
167 System.out.println("//");
168 checkForProtocols(protocol);
169 }
170 }
171
172 public static void checkForProtocols(String protocol) throws Exception {
173 SSLContext context;
174 if (protocol.isEmpty()) {
175 context = SSLContext.getDefault();
176 } else {
177 context = SSLContext.getInstance(protocol);
178 context.init(null, null, null);
179 }
180
181 // check the order of default cipher suites of SSLContext
182 SSLParameters parameters = context.getDefaultSSLParameters();
183 checkSuites(parameters.getCipherSuites(),
184 "Default cipher suites in SSLContext");
185
186 // check the order of supported cipher suites of SSLContext
187 parameters = context.getSupportedSSLParameters();
188 checkSuites(parameters.getCipherSuites(),
189 "Supported cipher suites in SSLContext");
190
191
192 //
193 // Check the cipher suites order of SSLEngine
194 //
195 SSLEngine engine = context.createSSLEngine();
196
197 // check the order of endabled cipher suites
198 String[] ciphers = engine.getEnabledCipherSuites();
199 checkSuites(ciphers,
200 "Enabled cipher suites in SSLEngine");
201
202 // check the order of supported cipher suites
203 ciphers = engine.getSupportedCipherSuites();
204 checkSuites(ciphers,
205 "Supported cipher suites in SSLEngine");
206
207 //
208 // Check the cipher suites order of SSLSocket
209 //
210 SSLSocketFactory factory = context.getSocketFactory();
211 try (SSLSocket socket = (SSLSocket)factory.createSocket()) {
212
213 // check the order of endabled cipher suites
214 ciphers = socket.getEnabledCipherSuites();
215 checkSuites(ciphers,
216 "Enabled cipher suites in SSLSocket");
217
218 // check the order of supported cipher suites
219 ciphers = socket.getSupportedCipherSuites();
220 checkSuites(ciphers,
221 "Supported cipher suites in SSLSocket");
222 }
223
224 //
225 // Check the cipher suites order of SSLServerSocket
226 //
227 SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
228 try (SSLServerSocket serverSocket =
229 (SSLServerSocket)serverFactory.createServerSocket()) {
230 // check the order of endabled cipher suites
231 ciphers = serverSocket.getEnabledCipherSuites();
232 checkSuites(ciphers,
233 "Enabled cipher suites in SSLServerSocket");
234
235 // check the order of supported cipher suites
236 ciphers = serverSocket.getSupportedCipherSuites();
237 checkSuites(ciphers,
238 "Supported cipher suites in SSLServerSocket");
239 }
240 }
241
242 private static void checkSuites(String[] suites, String title) {
243 showSuites(suites, title);
244
245 int loc = -1;
246 int index = 0;
247 for (String suite : suites) {
248 index = supportedCipherSuites.indexOf(suite);
249 if (index <= loc) {
250 throw new RuntimeException(suite + " is not in order");
251 }
252
253 loc = index;
254 }
255 }
256
257 private static void showSuites(String[] suites, String title) {
258 System.out.println(title + "[" + suites.length + "]:");
259 for (String suite : suites) {
260 System.out.println(" " + suite);
261 }
262 }
263 }