1 /*
2 * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 8202343
32 * @summary Check that SSLv3, TLSv1 and TLSv1.1 are disabled by default
33 * @run main/othervm SSLContextDefault
34 */
35
36 import java.util.Arrays;
37 import java.util.Collections;
38 import java.util.List;
39 import javax.net.ssl.*;
40
41 public class SSLContextDefault {
42
43 private final static String[] protocols = {
44 "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"
45 };
46
47 private final static List<String> disabledProtocols;
48
49 static {
50 List<String> protocols = Arrays.asList("SSLv3", "TLSv1", "TLSv1.1");
51 protocols = Collections.unmodifiableList(protocols);
52 disabledProtocols = protocols;
53 }
54
55 public static void main(String[] args) throws Exception {
56 for (String protocol : protocols) {
57 System.out.println("//");
58 System.out.println("// " + "Testing for SSLContext of " +
59 (protocol.isEmpty() ? "<default>" : protocol));
60 System.out.println("//");
61 checkForProtocols(protocol);
62 System.out.println();
63 }
64 }
65
66 public static void checkForProtocols(String protocol) throws Exception {
67 SSLContext context;
68 if (protocol.isEmpty()) {
69 context = SSLContext.getDefault();
70 } else {
71 context = SSLContext.getInstance(protocol);
72 context.init(null, null, null);
73 }
74
75 // check for the presence of supported protocols of SSLContext
76 SSLParameters parameters = context.getSupportedSSLParameters();
77 checkProtocols(parameters.getProtocols(),
78 "Supported protocols in SSLContext", false);
79
80
81 // check for the presence of default protocols of SSLContext
82 parameters = context.getDefaultSSLParameters();
83 checkProtocols(parameters.getProtocols(),
84 "Enabled protocols in SSLContext", true);
85
86 // check for the presence of supported protocols of SSLEngine
87 SSLEngine engine = context.createSSLEngine();
88 checkProtocols(engine.getSupportedProtocols(),
89 "Supported protocols in SSLEngine", false);
90
91 // Check for the presence of default protocols of SSLEngine
92 checkProtocols(engine.getEnabledProtocols(),
93 "Enabled protocols in SSLEngine", true);
94
95 SSLSocketFactory factory = context.getSocketFactory();
96 try (SSLSocket socket = (SSLSocket)factory.createSocket()) {
97 // check for the presence of supported protocols of SSLSocket
98 checkProtocols(socket.getSupportedProtocols(),
99 "Supported cipher suites in SSLSocket", false);
100
101 // Check for the presence of default protocols of SSLSocket
102 checkProtocols(socket.getEnabledProtocols(),
103 "Enabled protocols in SSLSocket", true);
104 }
105
106 SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
107 try (SSLServerSocket serverSocket =
108 (SSLServerSocket)serverFactory.createServerSocket()) {
109 // check for the presence of supported protocols of SSLServerSocket
110 checkProtocols(serverSocket.getSupportedProtocols(),
111 "Supported cipher suites in SSLServerSocket", false);
112
113 // Check for the presence of default protocols of SSLServerSocket
114 checkProtocols(serverSocket.getEnabledProtocols(),
115 "Enabled protocols in SSLServerSocket", true);
116 }
117 }
118
119 private static void checkProtocols(String[] protocols,
120 String title, boolean disabled) throws Exception {
121 showProtocols(protocols, title);
122
123 if (disabled) {
124 for (String protocol : protocols ) {
125 if (disabledProtocols.contains(protocol)) {
126 throw new Exception(protocol +
127 " should not be enabled by default");
128 }
129 }
130 } else {
131 List<String> protocolsList = Arrays.asList(protocols);
132 protocolsList = Collections.unmodifiableList(protocolsList);
133 for (String disabledProtocol : disabledProtocols) {
134 if (!protocolsList.contains(disabledProtocol)) {
135 throw new Exception(disabledProtocol +
136 " should be supported by default");
137 }
138 }
139 }
140 }
141
142 private static void showProtocols(String[] protocols, String title) {
143 System.out.println(title + "[" + protocols.length + "]:");
144 for (String protocol : protocols) {
145 System.out.println(" " + protocol);
146 }
147 }
148 }