1 /*
2 * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 7174244
32 * @summary NPE in Krb5ProxyImpl.getServerKeys()
33 * @ignore the dependent implementation details are changed
34 * @run main/othervm CipherSuitesInOrder
35 */
36
37 import java.util.*;
38 import javax.net.ssl.*;
39 import java.security.Security;
40
41 public class CipherSuitesInOrder {
42
43 // supported ciphersuites
44 private final static List<String> supportedCipherSuites =
45 Arrays.<String>asList(
46 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
47 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
48 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
49 "TLS_RSA_WITH_AES_256_GCM_SHA384",
50 "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
51 "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
52 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
53 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
54 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
55 "TLS_RSA_WITH_AES_128_GCM_SHA256",
56 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
57 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
58 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
59 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
60
61 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
62 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
63 "TLS_RSA_WITH_AES_256_CBC_SHA256",
64 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
65 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
135 "TLS_ECDHE_RSA_WITH_NULL_SHA",
136 "SSL_RSA_WITH_NULL_SHA",
137 "TLS_ECDH_ECDSA_WITH_NULL_SHA",
138 "TLS_ECDH_RSA_WITH_NULL_SHA",
139 "TLS_ECDH_anon_WITH_NULL_SHA",
140 "SSL_RSA_WITH_NULL_MD5",
141
142 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
143 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
144 "TLS_KRB5_WITH_RC4_128_SHA",
145 "TLS_KRB5_WITH_RC4_128_MD5",
146 "TLS_KRB5_WITH_DES_CBC_SHA",
147 "TLS_KRB5_WITH_DES_CBC_MD5",
148 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
149 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
150 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
151 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"
152 );
153
154 private final static String[] protocols = {
155 "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"
156 };
157
158
159 public static void main(String[] args) throws Exception {
160 // show all of the supported cipher suites
161 showSuites(supportedCipherSuites.toArray(new String[0]),
162 "All supported cipher suites");
163
164 for (String protocol : protocols) {
165 System.out.println("//");
166 System.out.println("// " +
167 "Testing for SSLContext of " + protocol);
168 System.out.println("//");
169 checkForProtocols(protocol);
170 }
171 }
172
173 public static void checkForProtocols(String protocol) throws Exception {
174 SSLContext context;
175 if (protocol.isEmpty()) {
176 context = SSLContext.getDefault();
177 } else {
178 context = SSLContext.getInstance(protocol);
179 context.init(null, null, null);
180 }
181
182 // check the order of default cipher suites of SSLContext
183 SSLParameters parameters = context.getDefaultSSLParameters();
184 checkSuites(parameters.getCipherSuites(),
185 "Default cipher suites in SSLContext");
186
187 // check the order of supported cipher suites of SSLContext
188 parameters = context.getSupportedSSLParameters();
189 checkSuites(parameters.getCipherSuites(),
190 "Supported cipher suites in SSLContext");
191
192
193 //
194 // Check the cipher suites order of SSLEngine
195 //
196 SSLEngine engine = context.createSSLEngine();
197
198 // check the order of endabled cipher suites
199 String[] ciphers = engine.getEnabledCipherSuites();
200 checkSuites(ciphers,
201 "Enabled cipher suites in SSLEngine");
202
203 // check the order of supported cipher suites
204 ciphers = engine.getSupportedCipherSuites();
205 checkSuites(ciphers,
206 "Supported cipher suites in SSLEngine");
207
208 //
209 // Check the cipher suites order of SSLSocket
210 //
211 SSLSocketFactory factory = context.getSocketFactory();
212 try (SSLSocket socket = (SSLSocket)factory.createSocket()) {
213
214 // check the order of endabled cipher suites
215 ciphers = socket.getEnabledCipherSuites();
216 checkSuites(ciphers,
217 "Enabled cipher suites in SSLSocket");
218
219 // check the order of supported cipher suites
220 ciphers = socket.getSupportedCipherSuites();
221 checkSuites(ciphers,
222 "Supported cipher suites in SSLSocket");
223 }
224
225 //
226 // Check the cipher suites order of SSLServerSocket
227 //
228 SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
229 try (SSLServerSocket serverSocket =
230 (SSLServerSocket)serverFactory.createServerSocket()) {
231 // check the order of endabled cipher suites
232 ciphers = serverSocket.getEnabledCipherSuites();
233 checkSuites(ciphers,
234 "Enabled cipher suites in SSLServerSocket");
235
236 // check the order of supported cipher suites
237 ciphers = serverSocket.getSupportedCipherSuites();
238 checkSuites(ciphers,
239 "Supported cipher suites in SSLServerSocket");
240 }
241 }
242
243 private static void checkSuites(String[] suites, String title) {
244 showSuites(suites, title);
245
246 int loc = -1;
247 int index = 0;
248 for (String suite : suites) {
249 index = supportedCipherSuites.indexOf(suite);
250 if (index <= loc) {
251 throw new RuntimeException(suite + " is not in order");
252 }
253
254 loc = index;
255 }
256 }
257
258 private static void showSuites(String[] suites, String title) {
259 System.out.println(title + "[" + suites.length + "]:");
260 for (String suite : suites) {
261 System.out.println(" " + suite);
262 }
263 }
264 }
|
1 /*
2 * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 7174244 8234728
32 * @summary Test for ciphersuites order
33 * @run main/othervm CipherSuitesInOrder
34 */
35
36 import java.util.*;
37 import javax.net.ssl.*;
38
39 public class CipherSuitesInOrder {
40
41 // Supported ciphersuites
42 private final static List<String> supportedCipherSuites
43 = Arrays.<String>asList(
44 "TLS_AES_128_GCM_SHA256",
45 "TLS_AES_256_GCM_SHA384",
46 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
47 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
48 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
49 "TLS_RSA_WITH_AES_256_GCM_SHA384",
50 "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
51 "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
52 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
53 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
54 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
55 "TLS_RSA_WITH_AES_128_GCM_SHA256",
56 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
57 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
58 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
59 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
60
61 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
62 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
63 "TLS_RSA_WITH_AES_256_CBC_SHA256",
64 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
65 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
135 "TLS_ECDHE_RSA_WITH_NULL_SHA",
136 "SSL_RSA_WITH_NULL_SHA",
137 "TLS_ECDH_ECDSA_WITH_NULL_SHA",
138 "TLS_ECDH_RSA_WITH_NULL_SHA",
139 "TLS_ECDH_anon_WITH_NULL_SHA",
140 "SSL_RSA_WITH_NULL_MD5",
141
142 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
143 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
144 "TLS_KRB5_WITH_RC4_128_SHA",
145 "TLS_KRB5_WITH_RC4_128_MD5",
146 "TLS_KRB5_WITH_DES_CBC_SHA",
147 "TLS_KRB5_WITH_DES_CBC_MD5",
148 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
149 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
150 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
151 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"
152 );
153
154 private final static String[] protocols = {
155 "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"
156 };
157
158
159 public static void main(String[] args) throws Exception {
160 // show all of the supported cipher suites
161 showSuites(supportedCipherSuites.toArray(new String[0]),
162 "All supported cipher suites");
163
164 for (String protocol : protocols) {
165 System.out.println("//");
166 System.out.println("// "
167 + "Testing for SSLContext of " + protocol);
168 System.out.println("//");
169 checkForProtocols(protocol);
170 }
171 }
172
173 public static void checkForProtocols(String protocol) throws Exception {
174 SSLContext context;
175 if (protocol.isEmpty()) {
176 context = SSLContext.getDefault();
177 } else {
178 context = SSLContext.getInstance(protocol);
179 context.init(null, null, null);
180 }
181
182 // check the order of default cipher suites of SSLContext
183 SSLParameters parameters = context.getDefaultSSLParameters();
184 checkSuites(parameters.getCipherSuites(),
185 "Default cipher suites in SSLContext");
186
187 // check the order of supported cipher suites of SSLContext
188 parameters = context.getSupportedSSLParameters();
189 checkSuites(parameters.getCipherSuites(),
190 "Supported cipher suites in SSLContext");
191
192 //
193 // Check the cipher suites order of SSLEngine
194 //
195 SSLEngine engine = context.createSSLEngine();
196
197 // check the order of endabled cipher suites
198 String[] ciphers = engine.getEnabledCipherSuites();
199 checkSuites(ciphers,
200 "Enabled cipher suites in SSLEngine");
201
202 // check the order of supported cipher suites
203 ciphers = engine.getSupportedCipherSuites();
204 checkSuites(ciphers,
205 "Supported cipher suites in SSLEngine");
206
207 //
208 // Check the cipher suites order of SSLSocket
209 //
210 SSLSocketFactory factory = context.getSocketFactory();
211 try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
212
213 // check the order of endabled cipher suites
214 ciphers = socket.getEnabledCipherSuites();
215 checkSuites(ciphers,
216 "Enabled cipher suites in SSLSocket");
217
218 // check the order of supported cipher suites
219 ciphers = socket.getSupportedCipherSuites();
220 checkSuites(ciphers,
221 "Supported cipher suites in SSLSocket");
222 }
223
224 //
225 // Check the cipher suites order of SSLServerSocket
226 //
227 SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
228 try (SSLServerSocket serverSocket
229 = (SSLServerSocket) serverFactory.createServerSocket()) {
230 // check the order of endabled cipher suites
231 ciphers = serverSocket.getEnabledCipherSuites();
232 checkSuites(ciphers,
233 "Enabled cipher suites in SSLServerSocket");
234
235 // check the order of supported cipher suites
236 ciphers = serverSocket.getSupportedCipherSuites();
237 checkSuites(ciphers,
238 "Supported cipher suites in SSLServerSocket");
239 }
240 }
241
242 private static void checkSuites(String[] suites, String title) {
243 showSuites(suites, title);
244
245 int loc = -1;
246 int index = 0;
247 for (String suite : suites) {
248 index = supportedCipherSuites.indexOf(suite);
249 if (index <= loc) {
250 throw new RuntimeException(suite + " is not in order");
251 }
252 loc = index;
253 }
254 }
255
256 private static void showSuites(String[] suites, String title) {
257 System.out.println(title + "[" + suites.length + "]:");
258 for (String suite : suites) {
259 System.out.println(" " + suite);
260 }
261 }
262 }
|