1 /*
2 * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 7174244 8234728
32 * @summary Test for ciphersuites order
33 * @run main/othervm CipherSuitesInOrder
34 */
35
36 import java.util.*;
37 import javax.net.ssl.*;
38
39 public class CipherSuitesInOrder {
40
41 // Supported ciphersuites
42 private final static List<String> supportedCipherSuites
43 = Arrays.<String>asList(
44 "TLS_AES_128_GCM_SHA256",
45 "TLS_AES_256_GCM_SHA384",
46 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
47 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
48 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
49 "TLS_RSA_WITH_AES_256_GCM_SHA384",
50 "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
51 "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
52 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
53 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
54 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
55 "TLS_RSA_WITH_AES_128_GCM_SHA256",
56 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
57 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
58 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
59 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
60
61 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
62 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
63 "TLS_RSA_WITH_AES_256_CBC_SHA256",
64 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
65 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
66 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
67 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
68 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
69 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
70 "TLS_RSA_WITH_AES_256_CBC_SHA",
71 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
72 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
73 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
74 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
75 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
76 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
77 "TLS_RSA_WITH_AES_128_CBC_SHA256",
78 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
79 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
80 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
81 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
82 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
83 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
84 "TLS_RSA_WITH_AES_128_CBC_SHA",
85 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
86 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
87 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
88 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
89
90 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
91 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
92 "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
93 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
94 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
95 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
96 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
97
98 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
99
100 "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
101 "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
102
103 "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
104 "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
105 "TLS_DH_anon_WITH_AES_256_CBC_SHA",
106 "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
107 "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
108 "TLS_DH_anon_WITH_AES_128_CBC_SHA",
109 "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
110 "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
111
112 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
113 "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
114 "SSL_RSA_WITH_RC4_128_SHA",
115 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
116 "TLS_ECDH_RSA_WITH_RC4_128_SHA",
117 "SSL_RSA_WITH_RC4_128_MD5",
118 "TLS_ECDH_anon_WITH_RC4_128_SHA",
119 "SSL_DH_anon_WITH_RC4_128_MD5",
120
121 "SSL_RSA_WITH_DES_CBC_SHA",
122 "SSL_DHE_RSA_WITH_DES_CBC_SHA",
123 "SSL_DHE_DSS_WITH_DES_CBC_SHA",
124 "SSL_DH_anon_WITH_DES_CBC_SHA",
125 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
126 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
127 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
128 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
129
130 "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
131 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
132
133 "TLS_RSA_WITH_NULL_SHA256",
134 "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
135 "TLS_ECDHE_RSA_WITH_NULL_SHA",
136 "SSL_RSA_WITH_NULL_SHA",
137 "TLS_ECDH_ECDSA_WITH_NULL_SHA",
138 "TLS_ECDH_RSA_WITH_NULL_SHA",
139 "TLS_ECDH_anon_WITH_NULL_SHA",
140 "SSL_RSA_WITH_NULL_MD5",
141
142 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
143 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
144 "TLS_KRB5_WITH_RC4_128_SHA",
145 "TLS_KRB5_WITH_RC4_128_MD5",
146 "TLS_KRB5_WITH_DES_CBC_SHA",
147 "TLS_KRB5_WITH_DES_CBC_MD5",
148 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
149 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
150 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
151 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"
152 );
153
154 private final static String[] protocols = {
155 "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"
156 };
157
158
159 public static void main(String[] args) throws Exception {
160 // show all of the supported cipher suites
161 showSuites(supportedCipherSuites.toArray(new String[0]),
162 "All supported cipher suites");
163
164 for (String protocol : protocols) {
165 System.out.println("//");
166 System.out.println("// "
167 + "Testing for SSLContext of " + protocol);
168 System.out.println("//");
169 checkForProtocols(protocol);
170 }
171 }
172
173 public static void checkForProtocols(String protocol) throws Exception {
174 SSLContext context;
175 if (protocol.isEmpty()) {
176 context = SSLContext.getDefault();
177 } else {
178 context = SSLContext.getInstance(protocol);
179 context.init(null, null, null);
180 }
181
182 // check the order of default cipher suites of SSLContext
183 SSLParameters parameters = context.getDefaultSSLParameters();
184 checkSuites(parameters.getCipherSuites(),
185 "Default cipher suites in SSLContext");
186
187 // check the order of supported cipher suites of SSLContext
188 parameters = context.getSupportedSSLParameters();
189 checkSuites(parameters.getCipherSuites(),
190 "Supported cipher suites in SSLContext");
191
192 //
193 // Check the cipher suites order of SSLEngine
194 //
195 SSLEngine engine = context.createSSLEngine();
196
197 // check the order of endabled cipher suites
198 String[] ciphers = engine.getEnabledCipherSuites();
199 checkSuites(ciphers,
200 "Enabled cipher suites in SSLEngine");
201
202 // check the order of supported cipher suites
203 ciphers = engine.getSupportedCipherSuites();
204 checkSuites(ciphers,
205 "Supported cipher suites in SSLEngine");
206
207 //
208 // Check the cipher suites order of SSLSocket
209 //
210 SSLSocketFactory factory = context.getSocketFactory();
211 try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
212
213 // check the order of endabled cipher suites
214 ciphers = socket.getEnabledCipherSuites();
215 checkSuites(ciphers,
216 "Enabled cipher suites in SSLSocket");
217
218 // check the order of supported cipher suites
219 ciphers = socket.getSupportedCipherSuites();
220 checkSuites(ciphers,
221 "Supported cipher suites in SSLSocket");
222 }
223
224 //
225 // Check the cipher suites order of SSLServerSocket
226 //
227 SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
228 try (SSLServerSocket serverSocket
229 = (SSLServerSocket) serverFactory.createServerSocket()) {
230 // check the order of endabled cipher suites
231 ciphers = serverSocket.getEnabledCipherSuites();
232 checkSuites(ciphers,
233 "Enabled cipher suites in SSLServerSocket");
234
235 // check the order of supported cipher suites
236 ciphers = serverSocket.getSupportedCipherSuites();
237 checkSuites(ciphers,
238 "Supported cipher suites in SSLServerSocket");
239 }
240 }
241
242 private static void checkSuites(String[] suites, String title) {
243 showSuites(suites, title);
244
245 int loc = -1;
246 int index = 0;
247 for (String suite : suites) {
248 index = supportedCipherSuites.indexOf(suite);
249 if (index <= loc) {
250 throw new RuntimeException(suite + " is not in order");
251 }
252 loc = index;
253 }
254 }
255
256 private static void showSuites(String[] suites, String title) {
257 System.out.println(title + "[" + suites.length + "]:");
258 for (String suite : suites) {
259 System.out.println(" " + suite);
260 }
261 }
262 }