1 /*
2 * Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 // SunJSSE does not support dynamic system properties, no way to re-use
25 // system properties in samevm/agentvm mode.
26
27 /*
28 * @test
29 * @bug 7093640
30 * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
31 * @library /lib/security
32 * @run main/othervm -Djdk.tls.client.protocols="XSLv3,TLSv1"
33 * IllegalProtocolProperty
34 */
35
36 import javax.net.ssl.*;
37 import java.security.NoSuchAlgorithmException;
38
39 public class IllegalProtocolProperty {
40 static enum ContextVersion {
41 TLS_CV_01("SSL", "TLSv1", "TLSv1.2", true),
42 TLS_CV_02("TLS", "TLSv1", "TLSv1.2", true),
43 TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2", false),
44 TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2", false),
45 TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2", false),
46 TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2", false),
47 TLS_CV_07("Default", "TLSv1", "TLSv1.2", true);
48
49 final String contextVersion;
50 final String defaultProtocolVersion;
51 final String supportedProtocolVersion;
52 final boolean impacted;
53
54 ContextVersion(String contextVersion, String defaultProtocolVersion,
55 String supportedProtocolVersion, boolean impacted) {
56 this.contextVersion = contextVersion;
57 this.defaultProtocolVersion = defaultProtocolVersion;
58 this.supportedProtocolVersion = supportedProtocolVersion;
59 this.impacted = impacted;
60 }
61 }
62
63 public static void main(String[] args) throws Exception {
64 // Re-enable TLSv1 and TLSv1.1 since test depends on them.
65 SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1");
66
67 for (ContextVersion cv : ContextVersion.values()) {
68 System.out.println("Checking SSLContext of " + cv.contextVersion);
69
70 SSLContext context;
71 try {
72 context = SSLContext.getInstance(cv.contextVersion);
73 if (cv.impacted) {
74 throw new Exception(
75 "illegal system property jdk.tls.client.protocols: " +
76 System.getProperty("jdk.tls.client.protocols"));
77 }
78 } catch (NoSuchAlgorithmException nsae) {
79 if (cv.impacted) {
80 System.out.println(
81 "\tIgnore: illegal system property " +
82 "jdk.tls.client.protocols=" +
83 System.getProperty("jdk.tls.client.protocols"));
84 continue;
85 } else {
86 throw nsae;
87 }
88 }
89
90 // Default SSLContext is initialized automatically.
91 if (!cv.contextVersion.equals("Default")) {
92 // Use default TK, KM and random.
93 context.init((KeyManager[])null, (TrustManager[])null, null);
94 }
95
96 SSLParameters parameters = context.getDefaultSSLParameters();
97
98 String[] protocols = parameters.getProtocols();
99 String[] ciphers = parameters.getCipherSuites();
100
101 if (protocols.length == 0 || ciphers.length == 0) {
102 throw new Exception("No default protocols or cipher suites");
103 }
104
105 boolean isMatch = false;
106 for (String protocol : protocols) {
107 System.out.println("\tdefault protocol version " + protocol);
108 if (protocol.equals(cv.defaultProtocolVersion)) {
109 isMatch = true;
110 break;
111 }
112 }
113
114 if (!isMatch) {
115 throw new Exception("No matched default protocol");
116 }
117
118 parameters = context.getSupportedSSLParameters();
119
120 protocols = parameters.getProtocols();
121 ciphers = parameters.getCipherSuites();
122
123 if (protocols.length == 0 || ciphers.length == 0) {
124 throw new Exception("No supported protocols or cipher suites");
125 }
126
127 isMatch = false;
128 for (String protocol : protocols) {
129 System.out.println("\tsupported protocol version " + protocol);
130 if (protocol.equals(cv.supportedProtocolVersion)) {
131 isMatch = true;
132 break;
133 }
134 }
135
136 if (!isMatch) {
137 throw new Exception("No matched supported protocol");
138 }
139 System.out.println("\t... Success");
140 }
141 }
142 }