1 /* 2 * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // SunJSSE does not support dynamic system properties, no way to re-use 25 // system properties in samevm/agentvm mode. 26 27 /* 28 * @test 29 * @bug 7093640 30 * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE 31 * @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1" 32 * CustomizedDefaultProtocols 33 */ 34 35 import java.security.Security; 36 import java.util.Arrays; 37 import java.util.HashSet; 38 import java.util.Set; 39 40 import javax.net.SocketFactory; 41 import javax.net.ssl.KeyManager; 42 import javax.net.ssl.SSLContext; 43 import javax.net.ssl.SSLEngine; 44 import javax.net.ssl.SSLParameters; 45 import javax.net.ssl.SSLServerSocket; 46 import javax.net.ssl.SSLServerSocketFactory; 47 import javax.net.ssl.SSLSocket; 48 import javax.net.ssl.TrustManager; 49 50 public class CustomizedDefaultProtocols { 51 enum ContextVersion { 52 TLS_CV_01("SSL", 53 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), 54 TLS_CV_02("TLS", 55 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), 56 TLS_CV_03("SSLv3", 57 new String[] {"SSLv3", "TLSv1"}), 58 TLS_CV_04("TLSv1", 59 new String[] {"SSLv3", "TLSv1"}), 60 TLS_CV_05("TLSv1.1", 61 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), 62 TLS_CV_06("TLSv1.2", 63 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), 64 TLS_CV_07("TLSv1.3", 65 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 66 TLS_CV_08("Default", 67 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}); 68 69 final String contextVersion; 70 final String[] enabledProtocols; 71 final static String[] supportedProtocols = new String[] { 72 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; 73 74 ContextVersion(String contextVersion, String[] enabledProtocols) { 75 this.contextVersion = contextVersion; 76 this.enabledProtocols = enabledProtocols; 77 } 78 } 79 80 private static boolean checkProtocols(String[] target, String[] expected) { 81 boolean success = true; 82 if (target.length == 0) { 83 System.out.println("\tError: No protocols"); 84 success = false; 85 } 86 87 if (!protocolEquals(target, expected)) { 88 System.out.println("\tError: Expected to get protocols " + 89 Arrays.toString(expected)); 90 success = false; 91 } 92 System.out.println("\t Protocols found " + Arrays.toString(target)); 93 94 return success; 95 } 96 97 private static boolean protocolEquals( 98 String[] actualProtocols, 99 String[] expectedProtocols) { 100 if (actualProtocols.length != expectedProtocols.length) { 101 return false; 102 } 103 104 Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols)); 105 for (String actual : actualProtocols) { 106 if (set.add(actual)) { 107 return false; 108 } 109 } 110 111 return true; 112 } 113 114 private static boolean checkCipherSuites(String[] target) { 115 boolean success = true; 116 if (target.length == 0) { 117 System.out.println("\tError: No cipher suites"); 118 success = false; 119 } 120 121 return success; 122 } 123 124 public static void main(String[] args) throws Exception { 125 // reset the security property to make sure that the algorithms 126 // and keys used in this test are not disabled. 127 Security.setProperty("jdk.tls.disabledAlgorithms", ""); 128 129 boolean failed = false; 130 for (ContextVersion cv : ContextVersion.values()) { 131 System.out.println("Checking SSLContext of " + cv.contextVersion); 132 SSLContext context = SSLContext.getInstance(cv.contextVersion); 133 134 // Default SSLContext is initialized automatically. 135 if (!cv.contextVersion.equals("Default")) { 136 // Use default TK, KM and random. 137 context.init((KeyManager[])null, (TrustManager[])null, null); 138 } 139 140 // 141 // Check SSLContext 142 // 143 // Check default SSLParameters of SSLContext 144 System.out.println("\tChecking default SSLParameters"); 145 SSLParameters parameters = context.getDefaultSSLParameters(); 146 147 String[] protocols = parameters.getProtocols(); 148 failed |= !checkProtocols(protocols, cv.enabledProtocols); 149 150 String[] ciphers = parameters.getCipherSuites(); 151 failed |= !checkCipherSuites(ciphers); 152 153 // Check supported SSLParameters of SSLContext 154 System.out.println("\tChecking supported SSLParameters"); 155 parameters = context.getSupportedSSLParameters(); 156 157 protocols = parameters.getProtocols(); 158 failed |= !checkProtocols(protocols, cv.supportedProtocols); 159 160 ciphers = parameters.getCipherSuites(); 161 failed |= !checkCipherSuites(ciphers); 162 163 // 164 // Check SSLEngine 165 // 166 // Check SSLParameters of SSLEngine 167 System.out.println(); 168 System.out.println("\tChecking SSLEngine of this SSLContext"); 169 System.out.println("\tChecking SSLEngine.getSSLParameters()"); 170 SSLEngine engine = context.createSSLEngine(); 171 engine.setUseClientMode(true); 172 parameters = engine.getSSLParameters(); 173 174 protocols = parameters.getProtocols(); 175 failed |= !checkProtocols(protocols, cv.enabledProtocols); 176 177 ciphers = parameters.getCipherSuites(); 178 failed |= !checkCipherSuites(ciphers); 179 180 System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); 181 protocols = engine.getEnabledProtocols(); 182 failed |= !checkProtocols(protocols, cv.enabledProtocols); 183 184 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); 185 ciphers = engine.getEnabledCipherSuites(); 186 failed |= !checkCipherSuites(ciphers); 187 188 System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); 189 protocols = engine.getSupportedProtocols(); 190 failed |= !checkProtocols(protocols, cv.supportedProtocols); 191 192 System.out.println( 193 "\tChecking SSLEngine.getSupportedCipherSuites()"); 194 ciphers = engine.getSupportedCipherSuites(); 195 failed |= !checkCipherSuites(ciphers); 196 197 // 198 // Check SSLSocket 199 // 200 // Check SSLParameters of SSLSocket 201 System.out.println(); 202 System.out.println("\tChecking SSLSocket of this SSLContext"); 203 System.out.println("\tChecking SSLSocket.getSSLParameters()"); 204 SocketFactory fac = context.getSocketFactory(); 205 SSLSocket socket = (SSLSocket)fac.createSocket(); 206 parameters = socket.getSSLParameters(); 207 208 protocols = parameters.getProtocols(); 209 failed |= !checkProtocols(protocols, cv.enabledProtocols); 210 211 ciphers = parameters.getCipherSuites(); 212 failed |= !checkCipherSuites(ciphers); 213 214 System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); 215 protocols = socket.getEnabledProtocols(); 216 failed |= !checkProtocols(protocols, cv.enabledProtocols); 217 218 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); 219 ciphers = socket.getEnabledCipherSuites(); 220 failed |= !checkCipherSuites(ciphers); 221 222 System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); 223 protocols = socket.getSupportedProtocols(); 224 failed |= !checkProtocols(protocols, cv.supportedProtocols); 225 226 System.out.println( 227 "\tChecking SSLEngine.getSupportedCipherSuites()"); 228 ciphers = socket.getSupportedCipherSuites(); 229 failed |= !checkCipherSuites(ciphers); 230 231 // 232 // Check SSLServerSocket 233 // 234 // Check SSLParameters of SSLServerSocket 235 System.out.println(); 236 System.out.println("\tChecking SSLServerSocket of this SSLContext"); 237 System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); 238 SSLServerSocketFactory sf = context.getServerSocketFactory(); 239 SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); 240 parameters = ssocket.getSSLParameters(); 241 242 protocols = parameters.getProtocols(); 243 failed |= !checkProtocols(protocols, cv.supportedProtocols); 244 245 ciphers = parameters.getCipherSuites(); 246 failed |= !checkCipherSuites(ciphers); 247 248 System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); 249 protocols = ssocket.getEnabledProtocols(); 250 failed |= !checkProtocols(protocols, cv.supportedProtocols); 251 252 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); 253 ciphers = ssocket.getEnabledCipherSuites(); 254 failed |= !checkCipherSuites(ciphers); 255 256 System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); 257 protocols = ssocket.getSupportedProtocols(); 258 failed |= !checkProtocols(protocols, cv.supportedProtocols); 259 260 System.out.println( 261 "\tChecking SSLEngine.getSupportedCipherSuites()"); 262 ciphers = ssocket.getSupportedCipherSuites(); 263 failed |= !checkCipherSuites(ciphers); 264 } 265 266 if (failed) { 267 throw new Exception("Run into problems, see log for more details"); 268 } else { 269 System.out.println("\t... Success"); 270 } 271 } 272 }