1 /* 2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // SunJSSE does not support dynamic system properties, no way to re-use 25 // system properties in samevm/agentvm mode. 26 27 /* 28 * @test 29 * @summary Test jdk.tls.server.protocols with TLS 30 * @run main/othervm -Djdk.tls.server.protocols="SSLv3,TLSv1,TLSv1.1" 31 * CustomizedServerDefaultProtocols 32 */ 33 34 import java.security.Security; 35 import java.util.Arrays; 36 import java.util.HashSet; 37 import java.util.Set; 38 39 import javax.net.SocketFactory; 40 import javax.net.ssl.SSLContext; 41 import javax.net.ssl.SSLEngine; 42 import javax.net.ssl.SSLParameters; 43 import javax.net.ssl.SSLServerSocket; 44 import javax.net.ssl.SSLServerSocketFactory; 45 import javax.net.ssl.SSLSocket; 46 47 public class CustomizedServerDefaultProtocols { 48 49 final static String[] supportedProtocols = new String[]{ 50 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; 51 52 enum ContextVersion { 53 TLS_CV_01("SSL", 54 new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, 55 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 56 TLS_CV_02("TLS", 57 new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, 58 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 59 TLS_CV_03("SSLv3", 60 supportedProtocols, 61 new String[]{"SSLv3", "TLSv1"}), 62 TLS_CV_04("TLSv1", 63 supportedProtocols, 64 new String[]{"SSLv3", "TLSv1"}), 65 TLS_CV_05("TLSv1.1", 66 supportedProtocols, 67 new String[]{"SSLv3", "TLSv1", "TLSv1.1"}), 68 TLS_CV_06("TLSv1.2", 69 supportedProtocols, 70 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), 71 TLS_CV_07("TLSv1.3", 72 supportedProtocols, 73 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 74 TLS_CV_08("Default", 75 new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, 76 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}); 77 78 final String contextVersion; 79 final String[] serverEnabledProtocols; 80 final String[] clientEnabledProtocols; 81 82 ContextVersion(String contextVersion, String[] serverEnabledProtocols, 83 String[] clientEnabledProtocols) { 84 this.contextVersion = contextVersion; 85 this.serverEnabledProtocols = serverEnabledProtocols; 86 this.clientEnabledProtocols = clientEnabledProtocols; 87 } 88 } 89 90 private static boolean checkProtocols(String[] target, String[] expected) { 91 boolean success = true; 92 if (target.length == 0) { 93 System.out.println("\tError: No protocols"); 94 success = false; 95 } 96 97 if (!protocolEquals(target, expected)) { 98 System.out.println("\tError: Expected to get protocols " + 99 Arrays.toString(expected)); 100 success = false; 101 } 102 System.out.println("\t Protocols found " + Arrays.toString(target)); 103 return success; 104 } 105 106 private static boolean protocolEquals( 107 String[] actualProtocols, 108 String[] expectedProtocols) { 109 if (actualProtocols.length != expectedProtocols.length) { 110 return false; 111 } 112 113 Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols)); 114 for (String actual : actualProtocols) { 115 if (set.add(actual)) { 116 return false; 117 } 118 } 119 120 return true; 121 } 122 123 private static boolean checkCipherSuites(String[] target) { 124 boolean success = true; 125 if (target.length == 0) { 126 System.out.println("\tError: No cipher suites"); 127 success = false; 128 } 129 130 return success; 131 } 132 133 public static void main(String[] args) throws Exception { 134 // reset the security property to make sure that the algorithms 135 // and keys used in this test are not disabled. 136 Security.setProperty("jdk.tls.disabledAlgorithms", ""); 137 System.out.println("jdk.tls.client.protocols = " + 138 System.getProperty("jdk.tls.client.protocols")); 139 System.out.println("jdk.tls.server.protocols = "+ 140 System.getProperty("jdk.tls.server.protocols")); 141 Test(); 142 } 143 144 static void Test() throws Exception { 145 boolean failed = false; 146 147 for (ContextVersion cv : ContextVersion.values()) { 148 System.out.println("Checking SSLContext of " + cv.contextVersion); 149 SSLContext context = SSLContext.getInstance(cv.contextVersion); 150 151 // Default SSLContext is initialized automatically. 152 if (!cv.contextVersion.equals("Default")) { 153 // Use default TK, KM and random. 154 context.init(null, null, null); 155 } 156 157 // 158 // Check SSLContext 159 // 160 // Check default SSLParameters of SSLContext 161 System.out.println("\tChecking default SSLParameters"); 162 SSLParameters parameters = context.getDefaultSSLParameters(); 163 164 String[] protocols = parameters.getProtocols(); 165 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 166 167 String[] ciphers = parameters.getCipherSuites(); 168 failed |= !checkCipherSuites(ciphers); 169 170 // Check supported SSLParameters of SSLContext 171 System.out.println("\tChecking supported SSLParameters"); 172 parameters = context.getSupportedSSLParameters(); 173 174 protocols = parameters.getProtocols(); 175 failed |= !checkProtocols(protocols, supportedProtocols); 176 177 ciphers = parameters.getCipherSuites(); 178 failed |= !checkCipherSuites(ciphers); 179 180 // 181 // Check SSLEngine 182 // 183 // Check SSLParameters of SSLEngine 184 System.out.println(); 185 System.out.println("\tChecking SSLEngine of this SSLContext"); 186 System.out.println("\tChecking SSLEngine.getSSLParameters()"); 187 SSLEngine engine = context.createSSLEngine(); 188 engine.setUseClientMode(true); 189 parameters = engine.getSSLParameters(); 190 191 protocols = parameters.getProtocols(); 192 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 193 194 ciphers = parameters.getCipherSuites(); 195 failed |= !checkCipherSuites(ciphers); 196 197 System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); 198 protocols = engine.getEnabledProtocols(); 199 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 200 201 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); 202 ciphers = engine.getEnabledCipherSuites(); 203 failed |= !checkCipherSuites(ciphers); 204 205 System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); 206 protocols = engine.getSupportedProtocols(); 207 failed |= !checkProtocols(protocols, supportedProtocols); 208 209 System.out.println( 210 "\tChecking SSLEngine.getSupportedCipherSuites()"); 211 ciphers = engine.getSupportedCipherSuites(); 212 failed |= !checkCipherSuites(ciphers); 213 214 // 215 // Check SSLSocket 216 // 217 // Check SSLParameters of SSLSocket 218 System.out.println(); 219 System.out.println("\tChecking SSLSocket of this SSLContext"); 220 System.out.println("\tChecking SSLSocket.getSSLParameters()"); 221 SocketFactory fac = context.getSocketFactory(); 222 SSLSocket socket = (SSLSocket) fac.createSocket(); 223 parameters = socket.getSSLParameters(); 224 225 protocols = parameters.getProtocols(); 226 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 227 228 ciphers = parameters.getCipherSuites(); 229 failed |= !checkCipherSuites(ciphers); 230 231 System.out.println("\tChecking SSLSocket.getEnabledProtocols()"); 232 protocols = socket.getEnabledProtocols(); 233 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 234 235 System.out.println("\tChecking SSLSocket.getEnabledCipherSuites()"); 236 ciphers = socket.getEnabledCipherSuites(); 237 failed |= !checkCipherSuites(ciphers); 238 239 System.out.println("\tChecking SSLSocket.getSupportedProtocols()"); 240 protocols = socket.getSupportedProtocols(); 241 failed |= !checkProtocols(protocols, supportedProtocols); 242 243 System.out.println( 244 "\tChecking SSLSocket.getSupportedCipherSuites()"); 245 ciphers = socket.getSupportedCipherSuites(); 246 failed |= !checkCipherSuites(ciphers); 247 248 // 249 // Check SSLServerSocket 250 // 251 // Check SSLParameters of SSLServerSocket 252 System.out.println(); 253 System.out.println("\tChecking SSLServerSocket of this SSLContext"); 254 System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); 255 SSLServerSocketFactory sf = context.getServerSocketFactory(); 256 SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket(); 257 parameters = ssocket.getSSLParameters(); 258 259 protocols = parameters.getProtocols(); 260 failed |= !checkProtocols(protocols, cv.serverEnabledProtocols); 261 262 ciphers = parameters.getCipherSuites(); 263 failed |= !checkCipherSuites(ciphers); 264 265 System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); 266 protocols = ssocket.getEnabledProtocols(); 267 failed |= !checkProtocols(protocols, cv.serverEnabledProtocols); 268 269 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); 270 ciphers = ssocket.getEnabledCipherSuites(); 271 failed |= !checkCipherSuites(ciphers); 272 273 System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); 274 protocols = ssocket.getSupportedProtocols(); 275 failed |= !checkProtocols(protocols, supportedProtocols); 276 277 System.out.println( 278 "\tChecking SSLEngine.getSupportedCipherSuites()"); 279 ciphers = ssocket.getSupportedCipherSuites(); 280 failed |= !checkCipherSuites(ciphers); 281 282 if (failed) { 283 throw new Exception("Run into problems, see log for more details"); 284 } else { 285 System.out.println("\t... Success"); 286 } 287 } 288 } 289 }