1 /*
2 * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 // SunJSSE does not support dynamic system properties, no way to re-use
25 // system properties in samevm/agentvm mode.
26
27 /*
28 * @test
29 * @bug 7093640
30 * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
31 * @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1"
32 * CustomizedDefaultProtocols
33 */
34
35 import java.security.Security;
36 import java.util.Arrays;
37 import java.util.HashSet;
38 import java.util.Set;
39
40 import javax.net.SocketFactory;
41 import javax.net.ssl.KeyManager;
42 import javax.net.ssl.SSLContext;
43 import javax.net.ssl.SSLEngine;
44 import javax.net.ssl.SSLParameters;
45 import javax.net.ssl.SSLServerSocket;
46 import javax.net.ssl.SSLServerSocketFactory;
47 import javax.net.ssl.SSLSocket;
48 import javax.net.ssl.TrustManager;
49
50 public class CustomizedDefaultProtocols {
51 static enum ContextVersion {
52 TLS_CV_01("SSL",
53 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
54 TLS_CV_02("TLS",
55 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
56 TLS_CV_03("SSLv3",
57 new String[] {"SSLv3", "TLSv1"}),
58 TLS_CV_04("TLSv1",
59 new String[] {"SSLv3", "TLSv1"}),
60 TLS_CV_05("TLSv1.1",
61 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
62 TLS_CV_06("TLSv1.2",
63 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
64 TLS_CV_07("TLSv1.3",
65 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
66 TLS_CV_08("Default",
67 new String[] {"SSLv3", "TLSv1", "TLSv1.1"});
68
69 final String contextVersion;
70 final String[] enabledProtocols;
71 final static String[] supportedProtocols = new String[] {
72 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
73
74 ContextVersion(String contextVersion, String[] enabledProtocols) {
75 this.contextVersion = contextVersion;
76 this.enabledProtocols = enabledProtocols;
77 }
78 }
79
80 private static boolean checkProtocols(String[] target, String[] expected) {
81 boolean success = true;
82 if (target.length == 0) {
83 System.out.println("\tError: No protocols");
84 success = false;
85 }
86
87 if (!protocolEquals(target, expected)) {
88 System.out.println("\tError: Expected to get protocols " +
89 Arrays.toString(expected));
90 System.out.println("\tError: The actual protocols " +
91 Arrays.toString(target));
92 success = false;
93 }
94
95 return success;
96 }
97
98 private static boolean protocolEquals(
99 String[] actualProtocols,
100 String[] expectedProtocols) {
101 if (actualProtocols.length != expectedProtocols.length) {
102 return false;
103 }
104
105 Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
106 for (String actual : actualProtocols) {
107 if (set.add(actual)) {
108 return false;
109 }
110 }
111
112 return true;
113 }
114
115 private static boolean checkCipherSuites(String[] target) {
116 boolean success = true;
117 if (target.length == 0) {
118 System.out.println("\tError: No cipher suites");
119 success = false;
120 }
121
122 return success;
123 }
124
125 public static void main(String[] args) throws Exception {
126 // reset the security property to make sure that the algorithms
127 // and keys used in this test are not disabled.
128 Security.setProperty("jdk.tls.disabledAlgorithms", "");
129
130 boolean failed = false;
131 for (ContextVersion cv : ContextVersion.values()) {
132 System.out.println("Checking SSLContext of " + cv.contextVersion);
133 SSLContext context = SSLContext.getInstance(cv.contextVersion);
134
135 // Default SSLContext is initialized automatically.
136 if (!cv.contextVersion.equals("Default")) {
137 // Use default TK, KM and random.
138 context.init((KeyManager[])null, (TrustManager[])null, null);
139 }
140
141 //
142 // Check SSLContext
143 //
144 // Check default SSLParameters of SSLContext
145 System.out.println("\tChecking default SSLParameters");
146 SSLParameters parameters = context.getDefaultSSLParameters();
147
148 String[] protocols = parameters.getProtocols();
149 failed |= !checkProtocols(protocols, cv.enabledProtocols);
150
151 String[] ciphers = parameters.getCipherSuites();
152 failed |= !checkCipherSuites(ciphers);
153
154 // Check supported SSLParameters of SSLContext
155 System.out.println("\tChecking supported SSLParameters");
156 parameters = context.getSupportedSSLParameters();
157
158 protocols = parameters.getProtocols();
159 failed |= !checkProtocols(protocols, cv.supportedProtocols);
160
161 ciphers = parameters.getCipherSuites();
162 failed |= !checkCipherSuites(ciphers);
163
164 //
165 // Check SSLEngine
166 //
167 // Check SSLParameters of SSLEngine
168 System.out.println();
169 System.out.println("\tChecking SSLEngine of this SSLContext");
170 System.out.println("\tChecking SSLEngine.getSSLParameters()");
171 SSLEngine engine = context.createSSLEngine();
172 engine.setUseClientMode(true);
173 parameters = engine.getSSLParameters();
174
175 protocols = parameters.getProtocols();
176 failed |= !checkProtocols(protocols, cv.enabledProtocols);
177
178 ciphers = parameters.getCipherSuites();
179 failed |= !checkCipherSuites(ciphers);
180
181 System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
182 protocols = engine.getEnabledProtocols();
183 failed |= !checkProtocols(protocols, cv.enabledProtocols);
184
185 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
186 ciphers = engine.getEnabledCipherSuites();
187 failed |= !checkCipherSuites(ciphers);
188
189 System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
190 protocols = engine.getSupportedProtocols();
191 failed |= !checkProtocols(protocols, cv.supportedProtocols);
192
193 System.out.println(
194 "\tChecking SSLEngine.getSupportedCipherSuites()");
195 ciphers = engine.getSupportedCipherSuites();
196 failed |= !checkCipherSuites(ciphers);
197
198 //
199 // Check SSLSocket
200 //
201 // Check SSLParameters of SSLSocket
202 System.out.println();
203 System.out.println("\tChecking SSLSocket of this SSLContext");
204 System.out.println("\tChecking SSLSocket.getSSLParameters()");
205 SocketFactory fac = context.getSocketFactory();
206 SSLSocket socket = (SSLSocket)fac.createSocket();
207 parameters = socket.getSSLParameters();
208
209 protocols = parameters.getProtocols();
210 failed |= !checkProtocols(protocols, cv.enabledProtocols);
211
212 ciphers = parameters.getCipherSuites();
213 failed |= !checkCipherSuites(ciphers);
214
215 System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
216 protocols = socket.getEnabledProtocols();
217 failed |= !checkProtocols(protocols, cv.enabledProtocols);
218
219 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
220 ciphers = socket.getEnabledCipherSuites();
221 failed |= !checkCipherSuites(ciphers);
222
223 System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
224 protocols = socket.getSupportedProtocols();
225 failed |= !checkProtocols(protocols, cv.supportedProtocols);
226
227 System.out.println(
228 "\tChecking SSLEngine.getSupportedCipherSuites()");
229 ciphers = socket.getSupportedCipherSuites();
230 failed |= !checkCipherSuites(ciphers);
231
232 //
233 // Check SSLServerSocket
234 //
235 // Check SSLParameters of SSLServerSocket
236 System.out.println();
237 System.out.println("\tChecking SSLServerSocket of this SSLContext");
238 System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
239 SSLServerSocketFactory sf = context.getServerSocketFactory();
240 SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
241 parameters = ssocket.getSSLParameters();
242
243 protocols = parameters.getProtocols();
244 failed |= !checkProtocols(protocols, cv.supportedProtocols);
245
246 ciphers = parameters.getCipherSuites();
247 failed |= !checkCipherSuites(ciphers);
248
249 System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
250 protocols = ssocket.getEnabledProtocols();
251 failed |= !checkProtocols(protocols, cv.supportedProtocols);
252
253 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
254 ciphers = ssocket.getEnabledCipherSuites();
255 failed |= !checkCipherSuites(ciphers);
256
257 System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
258 protocols = ssocket.getSupportedProtocols();
259 failed |= !checkProtocols(protocols, cv.supportedProtocols);
260
261 System.out.println(
262 "\tChecking SSLEngine.getSupportedCipherSuites()");
263 ciphers = ssocket.getSupportedCipherSuites();
264 failed |= !checkCipherSuites(ciphers);
265 }
266
267 if (failed) {
268 throw new Exception("Run into problems, see log for more details");
269 } else {
270 System.out.println("\t... Success");
271 }
272 }
273 }