1 /*
2 * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 // SunJSSE does not support dynamic system properties, no way to re-use
25 // system properties in samevm/agentvm mode.
26
27 /*
28 * @test
29 * @bug 7093640
30 * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
31 * @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1"
32 * CustomizedDefaultProtocols
33 */
34
35 import javax.net.*;
36 import javax.net.ssl.*;
37 import java.util.Arrays;
38 import java.security.Security;
39
40 public class CustomizedDefaultProtocols {
41 static enum ContextVersion {
42 TLS_CV_01("SSL",
43 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
44 TLS_CV_02("TLS",
45 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
46 TLS_CV_03("SSLv3",
47 new String[] {"SSLv3", "TLSv1"}),
48 TLS_CV_04("TLSv1",
49 new String[] {"SSLv3", "TLSv1"}),
50 TLS_CV_05("TLSv1.1",
51 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
52 TLS_CV_06("TLSv1.2",
53 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
54 TLS_CV_07("Default",
55 new String[] {"SSLv3", "TLSv1", "TLSv1.1"});
56
57 final String contextVersion;
58 final String[] enabledProtocols;
59 final static String[] supportedProtocols = new String[] {
60 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"};
61
62 ContextVersion(String contextVersion, String[] enabledProtocols) {
63 this.contextVersion = contextVersion;
64 this.enabledProtocols = enabledProtocols;
65 }
66 }
67
68 private static boolean checkProtocols(String[] target, String[] expected) {
69 boolean success = true;
70 if (target.length == 0) {
71 System.out.println("\tError: No protocols");
72 success = false;
73 }
74
75 if (!Arrays.equals(target, expected)) {
76 System.out.println("\tError: Expected to get protocols " +
77 Arrays.toString(expected));
78 System.out.println("\tError: The actual protocols " +
79 Arrays.toString(target));
80 success = false;
81 }
82
83 return success;
84 }
85
86 private static boolean checkCipherSuites(String[] target) {
87 boolean success = true;
88 if (target.length == 0) {
89 System.out.println("\tError: No cipher suites");
90 success = false;
91 }
92
93 return success;
94 }
95
96 public static void main(String[] args) throws Exception {
97 // reset the security property to make sure that the algorithms
98 // and keys used in this test are not disabled.
99 Security.setProperty("jdk.tls.disabledAlgorithms", "");
100
101 boolean failed = false;
102 for (ContextVersion cv : ContextVersion.values()) {
103 System.out.println("Checking SSLContext of " + cv.contextVersion);
104 SSLContext context = SSLContext.getInstance(cv.contextVersion);
105
106 // Default SSLContext is initialized automatically.
107 if (!cv.contextVersion.equals("Default")) {
108 // Use default TK, KM and random.
109 context.init((KeyManager[])null, (TrustManager[])null, null);
110 }
111
112 //
113 // Check SSLContext
114 //
115 // Check default SSLParameters of SSLContext
116 System.out.println("\tChecking default SSLParameters");
117 SSLParameters parameters = context.getDefaultSSLParameters();
118
119 String[] protocols = parameters.getProtocols();
120 failed |= !checkProtocols(protocols, cv.enabledProtocols);
121
122 String[] ciphers = parameters.getCipherSuites();
123 failed |= !checkCipherSuites(ciphers);
124
125 // Check supported SSLParameters of SSLContext
126 System.out.println("\tChecking supported SSLParameters");
127 parameters = context.getSupportedSSLParameters();
128
129 protocols = parameters.getProtocols();
130 failed |= !checkProtocols(protocols, cv.supportedProtocols);
131
132 ciphers = parameters.getCipherSuites();
133 failed |= !checkCipherSuites(ciphers);
134
135 //
136 // Check SSLEngine
137 //
138 // Check SSLParameters of SSLEngine
139 System.out.println();
140 System.out.println("\tChecking SSLEngine of this SSLContext");
141 System.out.println("\tChecking SSLEngine.getSSLParameters()");
142 SSLEngine engine = context.createSSLEngine();
143 engine.setUseClientMode(true);
144 parameters = engine.getSSLParameters();
145
146 protocols = parameters.getProtocols();
147 failed |= !checkProtocols(protocols, cv.enabledProtocols);
148
149 ciphers = parameters.getCipherSuites();
150 failed |= !checkCipherSuites(ciphers);
151
152 System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
153 protocols = engine.getEnabledProtocols();
154 failed |= !checkProtocols(protocols, cv.enabledProtocols);
155
156 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
157 ciphers = engine.getEnabledCipherSuites();
158 failed |= !checkCipherSuites(ciphers);
159
160 System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
161 protocols = engine.getSupportedProtocols();
162 failed |= !checkProtocols(protocols, cv.supportedProtocols);
163
164 System.out.println(
165 "\tChecking SSLEngine.getSupportedCipherSuites()");
166 ciphers = engine.getSupportedCipherSuites();
167 failed |= !checkCipherSuites(ciphers);
168
169 //
170 // Check SSLSocket
171 //
172 // Check SSLParameters of SSLSocket
173 System.out.println();
174 System.out.println("\tChecking SSLSocket of this SSLContext");
175 System.out.println("\tChecking SSLSocket.getSSLParameters()");
176 SocketFactory fac = context.getSocketFactory();
177 SSLSocket socket = (SSLSocket)fac.createSocket();
178 parameters = socket.getSSLParameters();
179
180 protocols = parameters.getProtocols();
181 failed |= !checkProtocols(protocols, cv.enabledProtocols);
182
183 ciphers = parameters.getCipherSuites();
184 failed |= !checkCipherSuites(ciphers);
185
186 System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
187 protocols = socket.getEnabledProtocols();
188 failed |= !checkProtocols(protocols, cv.enabledProtocols);
189
190 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
191 ciphers = socket.getEnabledCipherSuites();
192 failed |= !checkCipherSuites(ciphers);
193
194 System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
195 protocols = socket.getSupportedProtocols();
196 failed |= !checkProtocols(protocols, cv.supportedProtocols);
197
198 System.out.println(
199 "\tChecking SSLEngine.getSupportedCipherSuites()");
200 ciphers = socket.getSupportedCipherSuites();
201 failed |= !checkCipherSuites(ciphers);
202
203 //
204 // Check SSLServerSocket
205 //
206 // Check SSLParameters of SSLServerSocket
207 System.out.println();
208 System.out.println("\tChecking SSLServerSocket of this SSLContext");
209 System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
210 SSLServerSocketFactory sf = context.getServerSocketFactory();
211 SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
212 parameters = ssocket.getSSLParameters();
213
214 protocols = parameters.getProtocols();
215 failed |= !checkProtocols(protocols, cv.supportedProtocols);
216
217 ciphers = parameters.getCipherSuites();
218 failed |= !checkCipherSuites(ciphers);
219
220 System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
221 protocols = ssocket.getEnabledProtocols();
222 failed |= !checkProtocols(protocols, cv.supportedProtocols);
223
224 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
225 ciphers = ssocket.getEnabledCipherSuites();
226 failed |= !checkCipherSuites(ciphers);
227
228 System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
229 protocols = ssocket.getSupportedProtocols();
230 failed |= !checkProtocols(protocols, cv.supportedProtocols);
231
232 System.out.println(
233 "\tChecking SSLEngine.getSupportedCipherSuites()");
234 ciphers = ssocket.getSupportedCipherSuites();
235 failed |= !checkCipherSuites(ciphers);
236 }
237
238 if (failed) {
239 throw new Exception("Run into problems, see log for more details");
240 } else {
241 System.out.println("\t... Success");
242 }
243 }
244 }