1 /*
2 * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 // SunJSSE does not support dynamic system properties, no way to re-use
25 // system properties in samevm/agentvm mode.
26
27 /*
28 * @test
29 * @bug 7093640
30 * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
31 * @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1"
32 * CustomizedDefaultProtocols
33 */
34
35 import java.security.Security;
36 import java.util.Arrays;
37 import java.util.HashSet;
38 import java.util.Set;
39
40 import javax.net.SocketFactory;
41 import javax.net.ssl.KeyManager;
42 import javax.net.ssl.SSLContext;
43 import javax.net.ssl.SSLEngine;
44 import javax.net.ssl.SSLParameters;
45 import javax.net.ssl.SSLServerSocket;
46 import javax.net.ssl.SSLServerSocketFactory;
47 import javax.net.ssl.SSLSocket;
48 import javax.net.ssl.TrustManager;
49
50 public class CustomizedDefaultProtocols {
51 enum ContextVersion {
52 TLS_CV_01("SSL",
53 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
54 TLS_CV_02("TLS",
55 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
56 TLS_CV_03("SSLv3",
57 new String[] {"SSLv3", "TLSv1"}),
58 TLS_CV_04("TLSv1",
59 new String[] {"SSLv3", "TLSv1"}),
60 TLS_CV_05("TLSv1.1",
61 new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
62 TLS_CV_06("TLSv1.2",
63 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
64 TLS_CV_07("TLSv1.3",
65 new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
66 TLS_CV_08("Default",
67 new String[] {"SSLv3", "TLSv1", "TLSv1.1"});
68
69 final String contextVersion;
70 final String[] enabledProtocols;
71 final static String[] supportedProtocols = new String[] {
72 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
73
74 ContextVersion(String contextVersion, String[] enabledProtocols) {
75 this.contextVersion = contextVersion;
76 this.enabledProtocols = enabledProtocols;
77 }
78 }
79
80 private static boolean checkProtocols(String[] target, String[] expected) {
81 boolean success = true;
82 if (target.length == 0) {
83 System.out.println("\tError: No protocols");
84 success = false;
85 }
86
87 if (!protocolEquals(target, expected)) {
88 System.out.println("\tError: Expected to get protocols " +
89 Arrays.toString(expected));
90 success = false;
91 }
92 System.out.println("\t Protocols found " + Arrays.toString(target));
93
94 return success;
95 }
96
97 private static boolean protocolEquals(
98 String[] actualProtocols,
99 String[] expectedProtocols) {
100 if (actualProtocols.length != expectedProtocols.length) {
101 return false;
102 }
103
104 Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
105 for (String actual : actualProtocols) {
106 if (set.add(actual)) {
107 return false;
108 }
109 }
110
111 return true;
112 }
113
114 private static boolean checkCipherSuites(String[] target) {
115 boolean success = true;
116 if (target.length == 0) {
117 System.out.println("\tError: No cipher suites");
118 success = false;
119 }
120
121 return success;
122 }
123
124 public static void main(String[] args) throws Exception {
125 // reset the security property to make sure that the algorithms
126 // and keys used in this test are not disabled.
127 Security.setProperty("jdk.tls.disabledAlgorithms", "");
128
129 boolean failed = false;
130 for (ContextVersion cv : ContextVersion.values()) {
131 System.out.println("Checking SSLContext of " + cv.contextVersion);
132 SSLContext context = SSLContext.getInstance(cv.contextVersion);
133
134 // Default SSLContext is initialized automatically.
135 if (!cv.contextVersion.equals("Default")) {
136 // Use default TK, KM and random.
137 context.init((KeyManager[])null, (TrustManager[])null, null);
138 }
139
140 //
141 // Check SSLContext
142 //
143 // Check default SSLParameters of SSLContext
144 System.out.println("\tChecking default SSLParameters");
145 SSLParameters parameters = context.getDefaultSSLParameters();
146
147 String[] protocols = parameters.getProtocols();
148 failed |= !checkProtocols(protocols, cv.enabledProtocols);
149
150 String[] ciphers = parameters.getCipherSuites();
151 failed |= !checkCipherSuites(ciphers);
152
153 // Check supported SSLParameters of SSLContext
154 System.out.println("\tChecking supported SSLParameters");
155 parameters = context.getSupportedSSLParameters();
156
157 protocols = parameters.getProtocols();
158 failed |= !checkProtocols(protocols, cv.supportedProtocols);
159
160 ciphers = parameters.getCipherSuites();
161 failed |= !checkCipherSuites(ciphers);
162
163 //
164 // Check SSLEngine
165 //
166 // Check SSLParameters of SSLEngine
167 System.out.println();
168 System.out.println("\tChecking SSLEngine of this SSLContext");
169 System.out.println("\tChecking SSLEngine.getSSLParameters()");
170 SSLEngine engine = context.createSSLEngine();
171 engine.setUseClientMode(true);
172 parameters = engine.getSSLParameters();
173
174 protocols = parameters.getProtocols();
175 failed |= !checkProtocols(protocols, cv.enabledProtocols);
176
177 ciphers = parameters.getCipherSuites();
178 failed |= !checkCipherSuites(ciphers);
179
180 System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
181 protocols = engine.getEnabledProtocols();
182 failed |= !checkProtocols(protocols, cv.enabledProtocols);
183
184 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
185 ciphers = engine.getEnabledCipherSuites();
186 failed |= !checkCipherSuites(ciphers);
187
188 System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
189 protocols = engine.getSupportedProtocols();
190 failed |= !checkProtocols(protocols, cv.supportedProtocols);
191
192 System.out.println(
193 "\tChecking SSLEngine.getSupportedCipherSuites()");
194 ciphers = engine.getSupportedCipherSuites();
195 failed |= !checkCipherSuites(ciphers);
196
197 //
198 // Check SSLSocket
199 //
200 // Check SSLParameters of SSLSocket
201 System.out.println();
202 System.out.println("\tChecking SSLSocket of this SSLContext");
203 System.out.println("\tChecking SSLSocket.getSSLParameters()");
204 SocketFactory fac = context.getSocketFactory();
205 SSLSocket socket = (SSLSocket)fac.createSocket();
206 parameters = socket.getSSLParameters();
207
208 protocols = parameters.getProtocols();
209 failed |= !checkProtocols(protocols, cv.enabledProtocols);
210
211 ciphers = parameters.getCipherSuites();
212 failed |= !checkCipherSuites(ciphers);
213
214 System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
215 protocols = socket.getEnabledProtocols();
216 failed |= !checkProtocols(protocols, cv.enabledProtocols);
217
218 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
219 ciphers = socket.getEnabledCipherSuites();
220 failed |= !checkCipherSuites(ciphers);
221
222 System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
223 protocols = socket.getSupportedProtocols();
224 failed |= !checkProtocols(protocols, cv.supportedProtocols);
225
226 System.out.println(
227 "\tChecking SSLEngine.getSupportedCipherSuites()");
228 ciphers = socket.getSupportedCipherSuites();
229 failed |= !checkCipherSuites(ciphers);
230
231 //
232 // Check SSLServerSocket
233 //
234 // Check SSLParameters of SSLServerSocket
235 System.out.println();
236 System.out.println("\tChecking SSLServerSocket of this SSLContext");
237 System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
238 SSLServerSocketFactory sf = context.getServerSocketFactory();
239 SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
240 parameters = ssocket.getSSLParameters();
241
242 protocols = parameters.getProtocols();
243 failed |= !checkProtocols(protocols, cv.supportedProtocols);
244
245 ciphers = parameters.getCipherSuites();
246 failed |= !checkCipherSuites(ciphers);
247
248 System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
249 protocols = ssocket.getEnabledProtocols();
250 failed |= !checkProtocols(protocols, cv.supportedProtocols);
251
252 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
253 ciphers = ssocket.getEnabledCipherSuites();
254 failed |= !checkCipherSuites(ciphers);
255
256 System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
257 protocols = ssocket.getSupportedProtocols();
258 failed |= !checkProtocols(protocols, cv.supportedProtocols);
259
260 System.out.println(
261 "\tChecking SSLEngine.getSupportedCipherSuites()");
262 ciphers = ssocket.getSupportedCipherSuites();
263 failed |= !checkCipherSuites(ciphers);
264 }
265
266 if (failed) {
267 throw new Exception("Run into problems, see log for more details");
268 } else {
269 System.out.println("\t... Success");
270 }
271 }
272 }