1 /*
2 * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 7174244
32 * @summary NPE in Krb5ProxyImpl.getServerKeys()
33 * @ignore the dependent implementation details are changed
34 * @run main/othervm CipherSuitesInOrder
35 */
36
37 import java.util.*;
38 import javax.net.ssl.*;
39 import java.security.Security;
40
41 public class CipherSuitesInOrder {
42
43 // supported ciphersuites
44 private final static List<String> supportedCipherSuites =
45 Arrays.<String>asList(
46 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
47 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
48 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
49 "TLS_RSA_WITH_AES_256_GCM_SHA384",
50 "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
51 "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
52 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
53 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
54 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
55 "TLS_RSA_WITH_AES_128_GCM_SHA256",
56 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
57 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
58 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
59 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
60
61 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
62 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
63 "TLS_RSA_WITH_AES_256_CBC_SHA256",
64 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
65 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
66 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
67 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
68 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
69 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
70 "TLS_RSA_WITH_AES_256_CBC_SHA",
71 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
72 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
73 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
74 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
75 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
76 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
77 "TLS_RSA_WITH_AES_128_CBC_SHA256",
78 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
79 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
80 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
81 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
82 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
83 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
84 "TLS_RSA_WITH_AES_128_CBC_SHA",
85 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
86 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
87 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
88 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
89
90 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
91 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
92 "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
93 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
94 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
95 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
96 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
97
98 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
99
100 "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
101 "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
102
103 "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
104 "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
105 "TLS_DH_anon_WITH_AES_256_CBC_SHA",
106 "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
107 "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
108 "TLS_DH_anon_WITH_AES_128_CBC_SHA",
109 "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
110 "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
111
112 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
113 "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
114 "SSL_RSA_WITH_RC4_128_SHA",
115 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
116 "TLS_ECDH_RSA_WITH_RC4_128_SHA",
117 "SSL_RSA_WITH_RC4_128_MD5",
118 "TLS_ECDH_anon_WITH_RC4_128_SHA",
119 "SSL_DH_anon_WITH_RC4_128_MD5",
120
121 "SSL_RSA_WITH_DES_CBC_SHA",
122 "SSL_DHE_RSA_WITH_DES_CBC_SHA",
123 "SSL_DHE_DSS_WITH_DES_CBC_SHA",
124 "SSL_DH_anon_WITH_DES_CBC_SHA",
125 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
126 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
127 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
128 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
129
130 "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
131 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
132
133 "TLS_RSA_WITH_NULL_SHA256",
134 "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
135 "TLS_ECDHE_RSA_WITH_NULL_SHA",
136 "SSL_RSA_WITH_NULL_SHA",
137 "TLS_ECDH_ECDSA_WITH_NULL_SHA",
138 "TLS_ECDH_RSA_WITH_NULL_SHA",
139 "TLS_ECDH_anon_WITH_NULL_SHA",
140 "SSL_RSA_WITH_NULL_MD5",
141
142 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
143 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
144 "TLS_KRB5_WITH_RC4_128_SHA",
145 "TLS_KRB5_WITH_RC4_128_MD5",
146 "TLS_KRB5_WITH_DES_CBC_SHA",
147 "TLS_KRB5_WITH_DES_CBC_MD5",
148 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
149 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
150 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
151 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"
152 );
153
154 private final static String[] protocols = {
155 "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"
156 };
157
158
159 public static void main(String[] args) throws Exception {
160 // show all of the supported cipher suites
161 showSuites(supportedCipherSuites.toArray(new String[0]),
162 "All supported cipher suites");
163
164 for (String protocol : protocols) {
165 System.out.println("//");
166 System.out.println("// " +
167 "Testing for SSLContext of " + protocol);
168 System.out.println("//");
169 checkForProtocols(protocol);
170 }
171 }
172
173 public static void checkForProtocols(String protocol) throws Exception {
174 SSLContext context;
175 if (protocol.isEmpty()) {
176 context = SSLContext.getDefault();
177 } else {
178 context = SSLContext.getInstance(protocol);
179 context.init(null, null, null);
180 }
181
182 // check the order of default cipher suites of SSLContext
183 SSLParameters parameters = context.getDefaultSSLParameters();
184 checkSuites(parameters.getCipherSuites(),
185 "Default cipher suites in SSLContext");
186
187 // check the order of supported cipher suites of SSLContext
188 parameters = context.getSupportedSSLParameters();
189 checkSuites(parameters.getCipherSuites(),
190 "Supported cipher suites in SSLContext");
191
192
193 //
194 // Check the cipher suites order of SSLEngine
195 //
196 SSLEngine engine = context.createSSLEngine();
197
198 // check the order of endabled cipher suites
199 String[] ciphers = engine.getEnabledCipherSuites();
200 checkSuites(ciphers,
201 "Enabled cipher suites in SSLEngine");
202
203 // check the order of supported cipher suites
204 ciphers = engine.getSupportedCipherSuites();
205 checkSuites(ciphers,
206 "Supported cipher suites in SSLEngine");
207
208 //
209 // Check the cipher suites order of SSLSocket
210 //
211 SSLSocketFactory factory = context.getSocketFactory();
212 try (SSLSocket socket = (SSLSocket)factory.createSocket()) {
213
214 // check the order of endabled cipher suites
215 ciphers = socket.getEnabledCipherSuites();
216 checkSuites(ciphers,
217 "Enabled cipher suites in SSLSocket");
218
219 // check the order of supported cipher suites
220 ciphers = socket.getSupportedCipherSuites();
221 checkSuites(ciphers,
222 "Supported cipher suites in SSLSocket");
223 }
224
225 //
226 // Check the cipher suites order of SSLServerSocket
227 //
228 SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
229 try (SSLServerSocket serverSocket =
230 (SSLServerSocket)serverFactory.createServerSocket()) {
231 // check the order of endabled cipher suites
232 ciphers = serverSocket.getEnabledCipherSuites();
233 checkSuites(ciphers,
234 "Enabled cipher suites in SSLServerSocket");
235
236 // check the order of supported cipher suites
237 ciphers = serverSocket.getSupportedCipherSuites();
238 checkSuites(ciphers,
239 "Supported cipher suites in SSLServerSocket");
240 }
241 }
242
243 private static void checkSuites(String[] suites, String title) {
244 showSuites(suites, title);
245
246 int loc = -1;
247 int index = 0;
248 for (String suite : suites) {
249 index = supportedCipherSuites.indexOf(suite);
250 if (index <= loc) {
251 throw new RuntimeException(suite + " is not in order");
252 }
253
254 loc = index;
255 }
256 }
257
258 private static void showSuites(String[] suites, String title) {
259 System.out.println(title + "[" + suites.length + "]:");
260 for (String suite : suites) {
261 System.out.println(" " + suite);
262 }
263 }
264 }