< prev index next >

test/lib/security/SecurityUtils.java

Print this page 
rev 14340 : 8202343: Disable TLS 1.0 and 1.1
Reviewed-by: xuelei, dfuchs, coffeys
   1 /*
   2  * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import java.io.File;
  25 import java.io.FileInputStream;
  26 import java.security.KeyStore;





  27 
  28 /**
  29  * Common library for various security test helper functions.
  30  */
  31 public final class SecurityUtils {
  32 
  33     private static String getCacerts() {
  34         String sep = File.separator;
  35         return System.getProperty("java.home") + sep
  36                 + "lib" + sep + "security" + sep + "cacerts";
  37     }
  38 
  39     /**
  40      * Returns the cacerts keystore with the configured CA certificates.
  41      */
  42     public static KeyStore getCacertsKeyStore() throws Exception {
  43         File file = new File(getCacerts());
  44         if (!file.exists()) {
  45             return null;
  46         }
  47 
  48         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
  49         try (FileInputStream fis = new FileInputStream(file)) {
  50             ks.load(fis, null);
  51         }
  52         return ks;




















  53     }
  54 
  55     private SecurityUtils() {}
  56 }

   1 /*
   2  * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import java.io.File;
  25 import java.io.FileInputStream;
  26 import java.security.KeyStore;
  27 import java.security.Security;
  28 import java.util.Arrays;
  29 import java.util.Collections;
  30 import java.util.List;
  31 import java.util.stream.Collectors;
  32 
  33 /**
  34  * Common library for various security test helper functions.
  35  */
  36 public final class SecurityUtils {
  37 
  38     private static String getCacerts() {
  39         String sep = File.separator;
  40         return System.getProperty("java.home") + sep
  41                 + "lib" + sep + "security" + sep + "cacerts";
  42     }
  43 
  44     /**
  45      * Returns the cacerts keystore with the configured CA certificates.
  46      */
  47     public static KeyStore getCacertsKeyStore() throws Exception {
  48         File file = new File(getCacerts());
  49         if (!file.exists()) {
  50             return null;
  51         }
  52 
  53         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
  54         try (FileInputStream fis = new FileInputStream(file)) {
  55             ks.load(fis, null);
  56         }
  57         return ks;
  58     }
  59 
  60     /**
  61      * Removes the specified protocols from the jdk.tls.disabledAlgorithms
  62      * security property.
  63      */
  64     public static void removeFromDisabledTlsAlgs(String... protocols) {
  65         List<String> protocolsList = Arrays.asList(protocols);
  66         protocolsList = Collections.unmodifiableList(protocolsList);
  67         removeFromDisabledAlgs("jdk.tls.disabledAlgorithms",
  68                                protocolsList);
  69     }
  70 
  71     private static void removeFromDisabledAlgs(String prop, List<String> algs) {
  72         String value = Security.getProperty(prop);
  73         value = Arrays.stream(value.split(","))
  74                       .map(s -> s.trim())
  75                       .filter(s -> !algs.contains(s))
  76                       .collect(Collectors.joining(","));
  77         Security.setProperty(prop, value);
  78     }
  79 
  80     private SecurityUtils() {}
  81 }
< prev index next >