1 /* 2 * Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // SunJSSE does not support dynamic system properties, no way to re-use 25 // system properties in samevm/agentvm mode. 26 27 /* 28 * @test 29 * @bug 7093640 30 * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE 31 * @library /lib/security 32 * @run main/othervm -Djdk.tls.client.protocols="XSLv3,TLSv1" 33 * IllegalProtocolProperty 34 */ 35 36 import javax.net.ssl.*; 37 import java.security.NoSuchAlgorithmException; 38 39 public class IllegalProtocolProperty { 40 static enum ContextVersion { 41 TLS_CV_01("SSL", "TLSv1", "TLSv1.2", true), 42 TLS_CV_02("TLS", "TLSv1", "TLSv1.2", true), 43 TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2", false), 44 TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2", false), 45 TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2", false), 46 TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2", false), 47 TLS_CV_07("Default", "TLSv1", "TLSv1.2", true); 48 49 final String contextVersion; 50 final String defaultProtocolVersion; 51 final String supportedProtocolVersion; 52 final boolean impacted; 53 54 ContextVersion(String contextVersion, String defaultProtocolVersion, 55 String supportedProtocolVersion, boolean impacted) { 56 this.contextVersion = contextVersion; 57 this.defaultProtocolVersion = defaultProtocolVersion; 58 this.supportedProtocolVersion = supportedProtocolVersion; 59 this.impacted = impacted; 60 } 61 } 62 63 public static void main(String[] args) throws Exception { 64 // Re-enable TLSv1 and TLSv1.1 since test depends on them. 65 SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1"); 66 67 for (ContextVersion cv : ContextVersion.values()) { 68 System.out.println("Checking SSLContext of " + cv.contextVersion); 69 70 SSLContext context; 71 try { 72 context = SSLContext.getInstance(cv.contextVersion); 73 if (cv.impacted) { 74 throw new Exception( 75 "illegal system property jdk.tls.client.protocols: " + 76 System.getProperty("jdk.tls.client.protocols")); 77 } 78 } catch (NoSuchAlgorithmException nsae) { 79 if (cv.impacted) { 80 System.out.println( 81 "\tIgnore: illegal system property " + 82 "jdk.tls.client.protocols=" + 83 System.getProperty("jdk.tls.client.protocols")); 84 continue; 85 } else { 86 throw nsae; 87 } 88 } 89 90 // Default SSLContext is initialized automatically. 91 if (!cv.contextVersion.equals("Default")) { 92 // Use default TK, KM and random. 93 context.init((KeyManager[])null, (TrustManager[])null, null); 94 } 95 96 SSLParameters parameters = context.getDefaultSSLParameters(); 97 98 String[] protocols = parameters.getProtocols(); 99 String[] ciphers = parameters.getCipherSuites(); 100 101 if (protocols.length == 0 || ciphers.length == 0) { 102 throw new Exception("No default protocols or cipher suites"); 103 } 104 105 boolean isMatch = false; 106 for (String protocol : protocols) { 107 System.out.println("\tdefault protocol version " + protocol); 108 if (protocol.equals(cv.defaultProtocolVersion)) { 109 isMatch = true; 110 break; 111 } 112 } 113 114 if (!isMatch) { 115 throw new Exception("No matched default protocol"); 116 } 117 118 parameters = context.getSupportedSSLParameters(); 119 120 protocols = parameters.getProtocols(); 121 ciphers = parameters.getCipherSuites(); 122 123 if (protocols.length == 0 || ciphers.length == 0) { 124 throw new Exception("No supported protocols or cipher suites"); 125 } 126 127 isMatch = false; 128 for (String protocol : protocols) { 129 System.out.println("\tsupported protocol version " + protocol); 130 if (protocol.equals(cv.supportedProtocolVersion)) { 131 isMatch = true; 132 break; 133 } 134 } 135 136 if (!isMatch) { 137 throw new Exception("No matched supported protocol"); 138 } 139 System.out.println("\t... Success"); 140 } 141 } 142 }