1 /* 2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // SunJSSE does not support dynamic system properties, no way to re-use 25 // system properties in samevm/agentvm mode. 26 27 /* 28 * @test 29 * @summary Test jdk.tls.server.protocols with TLS 30 * @run main/othervm -Djdk.tls.server.protocols="SSLv3,TLSv1,TLSv1.1" 31 * CustomizedServerDefaultProtocols 32 */ 33 34 import java.security.Security; 35 import java.util.Arrays; 36 import java.util.HashSet; 37 import java.util.Set; 38 39 import javax.net.SocketFactory; 40 import javax.net.ssl.SSLContext; 41 import javax.net.ssl.SSLEngine; 42 import javax.net.ssl.SSLParameters; 43 import javax.net.ssl.SSLServerSocket; 44 import javax.net.ssl.SSLServerSocketFactory; 45 import javax.net.ssl.SSLSocket; 46 47 public class CustomizedServerDefaultProtocols { 48 49 final static String[] supportedProtocols = new String[]{ 50 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; 51 52 enum ContextVersion { 53 TLS_CV_01("SSL", 54 new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, 55 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 56 TLS_CV_02("TLS", 57 new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, 58 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 59 TLS_CV_03("SSLv3", 60 supportedProtocols, 61 new String[]{"SSLv3", "TLSv1"}), 62 TLS_CV_04("TLSv1", 63 supportedProtocols, 64 new String[]{"SSLv3", "TLSv1"}), 65 TLS_CV_05("TLSv1.1", 66 supportedProtocols, 67 new String[]{"SSLv3", "TLSv1", "TLSv1.1"}), 68 TLS_CV_06("TLSv1.2", 69 supportedProtocols, 70 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), 71 TLS_CV_07("TLSv1.3", 72 supportedProtocols, 73 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 74 TLS_CV_08("Default", 75 new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, 76 new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}); 77 78 final String contextVersion; 79 final String[] serverEnabledProtocols; 80 final String[] clientEnabledProtocols; 81 82 ContextVersion(String contextVersion, String[] serverEnabledProtocols, 83 String[] clientEnabledProtocols) { 84 this.contextVersion = contextVersion; 85 this.serverEnabledProtocols = serverEnabledProtocols; 86 this.clientEnabledProtocols = clientEnabledProtocols; 87 } 88 } 89 90 private static boolean checkProtocols(String[] target, String[] expected) { 91 boolean success = true; 92 if (target.length == 0) { 93 System.out.println("\tError: No protocols"); 94 success = false; 95 } 96 97 if (!protocolEquals(target, expected)) { 98 System.out.println("\tError: Expected to get protocols " + 99 Arrays.toString(expected)); 100 success = false; 101 } 102 System.out.println("\t Protocols found " + Arrays.toString(target)); 103 return success; 104 } 105 106 private static boolean protocolEquals( 107 String[] actualProtocols, 108 String[] expectedProtocols) { 109 if (actualProtocols.length != expectedProtocols.length) { 110 return false; 111 } 112 113 Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols)); 114 for (String actual : actualProtocols) { 115 if (set.add(actual)) { 116 return false; 117 } 118 } 119 120 return true; 121 } 122 123 private static boolean checkCipherSuites(String[] target) { 124 boolean success = true; 125 if (target.length == 0) { 126 System.out.println("\tError: No cipher suites"); 127 success = false; 128 } 129 130 return success; 131 } 132 133 public static void main(String[] args) throws Exception { 134 // reset the security property to make sure that the algorithms 135 // and keys used in this test are not disabled. 136 Security.setProperty("jdk.tls.disabledAlgorithms", ""); 137 System.out.println("jdk.tls.client.protocols = " + 138 System.getProperty("jdk.tls.client.protocols")); 139 System.out.println("jdk.tls.server.protocols = "+ 140 System.getProperty("jdk.tls.server.protocols")); 141 Test(); 142 } 143 144 static void Test() throws Exception { 145 boolean failed = false; 146 147 for (ContextVersion cv : ContextVersion.values()) { 148 System.out.println("Checking SSLContext of " + cv.contextVersion); 149 SSLContext context = SSLContext.getInstance(cv.contextVersion); 150 151 // Default SSLContext is initialized automatically. 152 if (!cv.contextVersion.equals("Default")) { 153 // Use default TK, KM and random. 154 context.init(null, null, null); 155 } 156 157 // 158 // Check SSLContext 159 // 160 // Check default SSLParameters of SSLContext 161 System.out.println("\tChecking default SSLParameters"); 162 SSLParameters parameters = context.getDefaultSSLParameters(); 163 164 String[] protocols = parameters.getProtocols(); 165 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 166 167 String[] ciphers = parameters.getCipherSuites(); 168 failed |= !checkCipherSuites(ciphers); 169 170 // Check supported SSLParameters of SSLContext 171 System.out.println("\tChecking supported SSLParameters"); 172 parameters = context.getSupportedSSLParameters(); 173 174 protocols = parameters.getProtocols(); 175 failed |= !checkProtocols(protocols, supportedProtocols); 176 177 ciphers = parameters.getCipherSuites(); 178 failed |= !checkCipherSuites(ciphers); 179 180 // 181 // Check SSLEngine 182 // 183 // Check SSLParameters of SSLEngine 184 System.out.println(); 185 System.out.println("\tChecking SSLEngine of this SSLContext"); 186 System.out.println("\tChecking SSLEngine.getSSLParameters()"); 187 SSLEngine engine = context.createSSLEngine(); 188 engine.setUseClientMode(true); 189 parameters = engine.getSSLParameters(); 190 191 protocols = parameters.getProtocols(); 192 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 193 194 ciphers = parameters.getCipherSuites(); 195 failed |= !checkCipherSuites(ciphers); 196 197 System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); 198 protocols = engine.getEnabledProtocols(); 199 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 200 201 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); 202 ciphers = engine.getEnabledCipherSuites(); 203 failed |= !checkCipherSuites(ciphers); 204 205 System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); 206 protocols = engine.getSupportedProtocols(); 207 failed |= !checkProtocols(protocols, supportedProtocols); 208 209 System.out.println( 210 "\tChecking SSLEngine.getSupportedCipherSuites()"); 211 ciphers = engine.getSupportedCipherSuites(); 212 failed |= !checkCipherSuites(ciphers); 213 214 // 215 // Check SSLSocket 216 // 217 // Check SSLParameters of SSLSocket 218 System.out.println(); 219 System.out.println("\tChecking SSLSocket of this SSLContext"); 220 System.out.println("\tChecking SSLSocket.getSSLParameters()"); 221 SocketFactory fac = context.getSocketFactory(); 222 SSLSocket socket = (SSLSocket) fac.createSocket(); 223 parameters = socket.getSSLParameters(); 224 225 protocols = parameters.getProtocols(); 226 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 227 228 ciphers = parameters.getCipherSuites(); 229 failed |= !checkCipherSuites(ciphers); 230 231 System.out.println("\tChecking SSLSocket.getEnabledProtocols()"); 232 protocols = socket.getEnabledProtocols(); 233 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 234 235 System.out.println("\tChecking SSLSocket.getEnabledCipherSuites()"); 236 ciphers = socket.getEnabledCipherSuites(); 237 failed |= !checkCipherSuites(ciphers); 238 239 System.out.println("\tChecking SSLSocket.getSupportedProtocols()"); 240 protocols = socket.getSupportedProtocols(); 241 failed |= !checkProtocols(protocols, supportedProtocols); 242 243 System.out.println( 244 "\tChecking SSLSocket.getSupportedCipherSuites()"); 245 ciphers = socket.getSupportedCipherSuites(); 246 failed |= !checkCipherSuites(ciphers); 247 248 // 249 // Check SSLServerSocket 250 // 251 // Check SSLParameters of SSLServerSocket 252 System.out.println(); 253 System.out.println("\tChecking SSLServerSocket of this SSLContext"); 254 System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); 255 SSLServerSocketFactory sf = context.getServerSocketFactory(); 256 SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket(); 257 parameters = ssocket.getSSLParameters(); 258 259 protocols = parameters.getProtocols(); 260 failed |= !checkProtocols(protocols, cv.serverEnabledProtocols); 261 262 ciphers = parameters.getCipherSuites(); 263 failed |= !checkCipherSuites(ciphers); 264 265 System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); 266 protocols = ssocket.getEnabledProtocols(); 267 failed |= !checkProtocols(protocols, cv.serverEnabledProtocols); 268 269 System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); 270 ciphers = ssocket.getEnabledCipherSuites(); 271 failed |= !checkCipherSuites(ciphers); 272 273 System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); 274 protocols = ssocket.getSupportedProtocols(); 275 failed |= !checkProtocols(protocols, supportedProtocols); 276 277 System.out.println( 278 "\tChecking SSLEngine.getSupportedCipherSuites()"); 279 ciphers = ssocket.getSupportedCipherSuites(); 280 failed |= !checkCipherSuites(ciphers); 281 282 if (failed) { 283 throw new Exception("Run into problems, see log for more details"); 284 } else { 285 System.out.println("\t... Success"); 286 } 287 } 288 } 289 } | 1 /* 2 * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // SunJSSE does not support dynamic system properties, no way to re-use 25 // system properties in samevm/agentvm mode. 26 27 /* 28 * @test 29 * @bug 8196584 8190492 30 * @summary Test jdk.tls.server.protocols with TLS 31 * @run main/othervm -Djdk.tls.server.protocols="SSLv3,TLSv1,TLSv1.1" 32 * CustomizedServerDefaultProtocols 33 */ 34 35 import java.security.Security; 36 import java.util.Arrays; 37 import java.util.HashSet; 38 import java.util.Set; 39 40 import javax.net.SocketFactory; 41 import javax.net.ssl.SSLContext; 42 import javax.net.ssl.SSLEngine; 43 import javax.net.ssl.SSLParameters; 44 import javax.net.ssl.SSLServerSocket; 45 import javax.net.ssl.SSLServerSocketFactory; 46 import javax.net.ssl.SSLSocket; 47 48 public class CustomizedServerDefaultProtocols { 49 50 final static String[] supportedProtocols = new String[]{ 51 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; 52 final static String[] serverDefaultProtocols = new String[] { 53 "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; 54 55 enum ContextVersion { 56 TLS_CV_01("SSL", 57 new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, 58 new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 59 TLS_CV_02("TLS", 60 new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, 61 new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 62 TLS_CV_03("SSLv3", 63 serverDefaultProtocols, 64 new String[]{"TLSv1"}), 65 TLS_CV_04("TLSv1", 66 serverDefaultProtocols, 67 new String[]{"TLSv1"}), 68 TLS_CV_05("TLSv1.1", 69 serverDefaultProtocols, 70 new String[]{"TLSv1", "TLSv1.1"}), 71 TLS_CV_06("TLSv1.2", 72 serverDefaultProtocols, 73 new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"}), 74 TLS_CV_07("TLSv1.3", 75 serverDefaultProtocols, 76 new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 77 TLS_CV_08("Default", 78 new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, 79 new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}); 80 81 final String contextVersion; 82 final String[] serverEnabledProtocols; 83 final String[] clientEnabledProtocols; 84 85 ContextVersion(String contextVersion, String[] serverEnabledProtocols, 86 String[] clientEnabledProtocols) { 87 this.contextVersion = contextVersion; 88 this.serverEnabledProtocols = serverEnabledProtocols; 89 this.clientEnabledProtocols = clientEnabledProtocols; 90 } 91 } 92 93 private static boolean checkProtocols(String[] target, String[] expected) { 94 boolean success = true; 95 if (target.length == 0) { 96 System.out.println("\t\t\t*** Error: No protocols"); 97 success = false; 98 } 99 100 if (!protocolEquals(target, expected)) { 101 System.out.println("\t\t\t*** Error: Expected to get protocols " + 102 Arrays.toString(expected)); 103 success = false; 104 } 105 System.out.println("\t\t\t Protocols found " + Arrays.toString(target)); 106 System.out.println("\t\t\t--> Protocol check passed!!"); 107 108 return success; 109 } 110 111 private static boolean protocolEquals( 112 String[] actualProtocols, 113 String[] expectedProtocols) { 114 if (actualProtocols.length != expectedProtocols.length) { 115 return false; 116 } 117 118 Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols)); 119 for (String actual : actualProtocols) { 120 if (set.add(actual)) { 121 return false; 122 } 123 } 124 125 return true; 126 } 127 128 private static boolean checkCipherSuites(String[] target) { 129 boolean success = true; 130 if (target.length == 0) { 131 System.out.println("\t\t\t*** Error: No cipher suites"); 132 success = false; 133 } 134 135 System.out.println("\t\t\t--> Cipher check passed!!"); 136 return success; 137 } 138 139 public static void main(String[] args) throws Exception { 140 // reset the security property to make sure that the algorithms 141 // and keys used in this test are not disabled. 142 Security.setProperty("jdk.tls.disabledAlgorithms", ""); 143 System.out.println("jdk.tls.client.protocols = " + 144 System.getProperty("jdk.tls.client.protocols")); 145 System.out.println("jdk.tls.server.protocols = "+ 146 System.getProperty("jdk.tls.server.protocols")); 147 Test(); 148 } 149 150 static void Test() throws Exception { 151 boolean failed = false; 152 153 for (ContextVersion cv : ContextVersion.values()) { 154 System.out.println("\n\nChecking SSLContext of " + cv.contextVersion); 155 System.out.println("============================"); 156 SSLContext context = SSLContext.getInstance(cv.contextVersion); 157 158 // Default SSLContext is initialized automatically. 159 if (!cv.contextVersion.equals("Default")) { 160 // Use default TK, KM and random. 161 context.init(null, null, null); 162 } 163 164 // 165 // Check SSLContext 166 // 167 // Check default SSLParameters of SSLContext 168 System.out.println("\tChecking default SSLParameters"); 169 System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols"); 170 SSLParameters parameters = context.getDefaultSSLParameters(); 171 172 String[] protocols = parameters.getProtocols(); 173 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 174 175 String[] ciphers = parameters.getCipherSuites(); 176 failed |= !checkCipherSuites(ciphers); 177 178 // Check supported SSLParameters of SSLContext 179 System.out.println("\t\tChecking supported SSLParameters"); 180 parameters = context.getSupportedSSLParameters(); 181 182 protocols = parameters.getProtocols(); 183 failed |= !checkProtocols(protocols, supportedProtocols); 184 185 ciphers = parameters.getCipherSuites(); 186 failed |= !checkCipherSuites(ciphers); 187 188 // 189 // Check SSLEngine 190 // 191 // Check SSLParameters of SSLEngine 192 System.out.println(); 193 System.out.println("\tChecking SSLEngine of this SSLContext"); 194 System.out.println("\t\tChecking SSLEngine.getSSLParameters()"); 195 SSLEngine engine = context.createSSLEngine(); 196 engine.setUseClientMode(true); 197 parameters = engine.getSSLParameters(); 198 199 protocols = parameters.getProtocols(); 200 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 201 202 ciphers = parameters.getCipherSuites(); 203 failed |= !checkCipherSuites(ciphers); 204 205 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()"); 206 protocols = engine.getEnabledProtocols(); 207 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 208 209 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()"); 210 ciphers = engine.getEnabledCipherSuites(); 211 failed |= !checkCipherSuites(ciphers); 212 213 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()"); 214 protocols = engine.getSupportedProtocols(); 215 failed |= !checkProtocols(protocols, supportedProtocols); 216 217 System.out.println( 218 "\t\tChecking SSLEngine.getSupportedCipherSuites()"); 219 ciphers = engine.getSupportedCipherSuites(); 220 failed |= !checkCipherSuites(ciphers); 221 222 // 223 // Check SSLSocket 224 // 225 // Check SSLParameters of SSLSocket 226 System.out.println(); 227 System.out.println("\tChecking SSLSocket of this SSLContext"); 228 System.out.println("\t\tChecking SSLSocket.getSSLParameters()"); 229 SocketFactory fac = context.getSocketFactory(); 230 SSLSocket socket = (SSLSocket) fac.createSocket(); 231 parameters = socket.getSSLParameters(); 232 233 protocols = parameters.getProtocols(); 234 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 235 236 ciphers = parameters.getCipherSuites(); 237 failed |= !checkCipherSuites(ciphers); 238 239 System.out.println("\t\tChecking SSLSocket.getEnabledProtocols()"); 240 protocols = socket.getEnabledProtocols(); 241 failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); 242 243 System.out.println("\t\tChecking SSLSocket.getEnabledCipherSuites()"); 244 ciphers = socket.getEnabledCipherSuites(); 245 failed |= !checkCipherSuites(ciphers); 246 247 System.out.println("\t\tChecking SSLSocket.getSupportedProtocols()"); 248 protocols = socket.getSupportedProtocols(); 249 failed |= !checkProtocols(protocols, supportedProtocols); 250 251 System.out.println( 252 "\t\tChecking SSLSocket.getSupportedCipherSuites()"); 253 ciphers = socket.getSupportedCipherSuites(); 254 failed |= !checkCipherSuites(ciphers); 255 256 // 257 // Check SSLServerSocket 258 // 259 // Check SSLParameters of SSLServerSocket 260 System.out.println(); 261 System.out.println("\tChecking SSLServerSocket of this SSLContext"); 262 System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()"); 263 SSLServerSocketFactory sf = context.getServerSocketFactory(); 264 SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket(); 265 parameters = ssocket.getSSLParameters(); 266 267 protocols = parameters.getProtocols(); 268 failed |= !checkProtocols(protocols, cv.serverEnabledProtocols); 269 270 ciphers = parameters.getCipherSuites(); 271 failed |= !checkCipherSuites(ciphers); 272 273 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()"); 274 protocols = ssocket.getEnabledProtocols(); 275 failed |= !checkProtocols(protocols, cv.serverEnabledProtocols); 276 277 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()"); 278 ciphers = ssocket.getEnabledCipherSuites(); 279 failed |= !checkCipherSuites(ciphers); 280 281 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()"); 282 protocols = ssocket.getSupportedProtocols(); 283 failed |= !checkProtocols(protocols, supportedProtocols); 284 285 System.out.println( 286 "\t\tChecking SSLEngine.getSupportedCipherSuites()"); 287 ciphers = ssocket.getSupportedCipherSuites(); 288 failed |= !checkCipherSuites(ciphers); 289 290 if (failed) { 291 throw new Exception("Run into problems, see log for more details"); 292 } 293 } 294 } 295 } |