1 /*
2 * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 // SunJSSE does not support dynamic system properties, no way to re-use
25 // system properties in samevm/agentvm mode.
26
27 /*
28 * @test
29 * @bug 7093640
30 * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
31 * @run main/othervm DefaultEnabledProtocols
32 */
33
34 import java.security.Security;
35 import java.util.Arrays;
36 import java.util.HashSet;
37 import java.util.Set;
38
39 import javax.net.SocketFactory;
40 import javax.net.ssl.KeyManager;
41 import javax.net.ssl.SSLContext;
42 import javax.net.ssl.SSLEngine;
43 import javax.net.ssl.SSLParameters;
44 import javax.net.ssl.SSLServerSocket;
45 import javax.net.ssl.SSLServerSocketFactory;
46 import javax.net.ssl.SSLSocket;
47 import javax.net.ssl.TrustManager;
48
49 public class DefaultEnabledProtocols {
50 enum ContextVersion {
51 TLS_CV_01("SSL",
52 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
53 TLS_CV_02("TLS",
54 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
55 TLS_CV_03("SSLv3",
56 new String[] {"TLSv1"}),
57 TLS_CV_04("TLSv1",
58 new String[] {"TLSv1"}),
59 TLS_CV_05("TLSv1.1",
60 new String[] {"TLSv1", "TLSv1.1"}),
61 TLS_CV_06("TLSv1.2",
62 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),
63 TLS_CV_07("TLSv1.3",
64 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
65 TLS_CV_08("Default",
66 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
67
68 final String contextVersion;
69 final String[] enabledProtocols;
70 final static String[] supportedProtocols = new String[] {
71 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
72 final static String[] serverDefaultProtocols = new String[] {
73 "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
74
75 ContextVersion(String contextVersion, String[] enabledProtocols) {
76 this.contextVersion = contextVersion;
77 this.enabledProtocols = enabledProtocols;
78 }
79 }
80
81 private static boolean checkProtocols(String[] target, String[] expected) {
82 boolean success = true;
83 if (target.length == 0) {
84 System.out.println("\t\t\t*** Error: No protocols");
85 success = false;
86 }
87
88 if (!protocolEquals(target, expected)) {
89 System.out.println("\t\t\t*** Error: Expected to get protocols " +
90 Arrays.toString(expected));
91 success = false;
92 }
93 System.out.println("\t\t\t Protocols found " + Arrays.toString(target));
94 System.out.println("\t\t\t--> Protocol check passed!!");
95
96 return success;
97 }
98
99 private static boolean protocolEquals(
100 String[] actualProtocols,
101 String[] expectedProtocols) {
102 if (actualProtocols.length != expectedProtocols.length) {
103 return false;
104 }
105
106 Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
107 for (String actual : actualProtocols) {
108 if (set.add(actual)) {
109 return false;
110 }
111 }
112
113 System.out.println("\t\t\t--> Cipher check passed!!");
114 return true;
115 }
116
117 private static boolean checkCipherSuites(String[] target) {
118 boolean success = true;
119 if (target.length == 0) {
120 System.out.println("\t\t\t*** Error: No cipher suites");
121 success = false;
122 }
123
124 return success;
125 }
126
127 public static void main(String[] args) throws Exception {
128 // reset the security property to make sure that the algorithms
129 // and keys used in this test are not disabled.
130 Security.setProperty("jdk.tls.disabledAlgorithms", "");
131
132 boolean failed = false;
133 for (ContextVersion cv : ContextVersion.values()) {
134 System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);
135 System.out.println("============================");
136 SSLContext context = SSLContext.getInstance(cv.contextVersion);
137
138 // Default SSLContext is initialized automatically.
139 if (!cv.contextVersion.equals("Default")) {
140 // Use default TK, KM and random.
141 context.init((KeyManager[])null, (TrustManager[])null, null);
142 }
143
144 //
145 // Check SSLContext
146 //
147 // Check default SSLParameters of SSLContext
148 System.out.println("\tChecking default SSLParameters");
149 System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");
150 SSLParameters parameters = context.getDefaultSSLParameters();
151
152 String[] protocols = parameters.getProtocols();
153 failed |= !checkProtocols(protocols, cv.enabledProtocols);
154
155 String[] ciphers = parameters.getCipherSuites();
156 failed |= !checkCipherSuites(ciphers);
157
158 // Check supported SSLParameters of SSLContext
159 System.out.println("\t\tChecking SSLContext.getSupportedSSLParameters().getProtocols()");
160 parameters = context.getSupportedSSLParameters();
161
162 protocols = parameters.getProtocols();
163 failed |= !checkProtocols(protocols, cv.supportedProtocols);
164
165 ciphers = parameters.getCipherSuites();
166 failed |= !checkCipherSuites(ciphers);
167
168 //
169 // Check SSLEngine
170 //
171 // Check SSLParameters of SSLEngine
172 System.out.println();
173 System.out.println("\tChecking SSLEngine of this SSLContext");
174 System.out.println("\t\tChecking SSLEngine.getSSLParameters()");
175 SSLEngine engine = context.createSSLEngine();
176 engine.setUseClientMode(true);
177 parameters = engine.getSSLParameters();
178
179 protocols = parameters.getProtocols();
180 failed |= !checkProtocols(protocols, cv.enabledProtocols);
181
182 ciphers = parameters.getCipherSuites();
183 failed |= !checkCipherSuites(ciphers);
184
185 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
186 protocols = engine.getEnabledProtocols();
187 failed |= !checkProtocols(protocols, cv.enabledProtocols);
188
189 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
190 ciphers = engine.getEnabledCipherSuites();
191 failed |= !checkCipherSuites(ciphers);
192
193 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
194 protocols = engine.getSupportedProtocols();
195 failed |= !checkProtocols(protocols, cv.supportedProtocols);
196
197 System.out.println(
198 "\t\tChecking SSLEngine.getSupportedCipherSuites()");
199 ciphers = engine.getSupportedCipherSuites();
200 failed |= !checkCipherSuites(ciphers);
201
202 //
203 // Check SSLSocket
204 //
205 // Check SSLParameters of SSLSocket
206 System.out.println();
207 System.out.println("\tChecking SSLSocket of this SSLContext");
208 System.out.println("\t\tChecking SSLSocket.getSSLParameters()");
209 SocketFactory fac = context.getSocketFactory();
210 SSLSocket socket = (SSLSocket)fac.createSocket();
211 parameters = socket.getSSLParameters();
212
213 protocols = parameters.getProtocols();
214 failed |= !checkProtocols(protocols, cv.enabledProtocols);
215
216 ciphers = parameters.getCipherSuites();
217 failed |= !checkCipherSuites(ciphers);
218
219 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
220 protocols = socket.getEnabledProtocols();
221 failed |= !checkProtocols(protocols, cv.enabledProtocols);
222
223 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
224 ciphers = socket.getEnabledCipherSuites();
225 failed |= !checkCipherSuites(ciphers);
226
227 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
228 protocols = socket.getSupportedProtocols();
229 failed |= !checkProtocols(protocols, cv.supportedProtocols);
230
231 System.out.println(
232 "\t\tChecking SSLEngine.getSupportedCipherSuites()");
233 ciphers = socket.getSupportedCipherSuites();
234 failed |= !checkCipherSuites(ciphers);
235
236 //
237 // Check SSLServerSocket
238 //
239 // Check SSLParameters of SSLServerSocket
240 System.out.println();
241 System.out.println("\tChecking SSLServerSocket of this SSLContext");
242 System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");
243 SSLServerSocketFactory sf = context.getServerSocketFactory();
244 SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
245 parameters = ssocket.getSSLParameters();
246
247 protocols = parameters.getProtocols();
248 failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
249
250 ciphers = parameters.getCipherSuites();
251 failed |= !checkCipherSuites(ciphers);
252
253 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");
254 protocols = ssocket.getEnabledProtocols();
255 failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);
256
257 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");
258 ciphers = ssocket.getEnabledCipherSuites();
259 failed |= !checkCipherSuites(ciphers);
260
261 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");
262 protocols = ssocket.getSupportedProtocols();
263 failed |= !checkProtocols(protocols, cv.supportedProtocols);
264
265 System.out.println(
266 "\t\tChecking SSLEngine.getSupportedCipherSuites()");
267 ciphers = ssocket.getSupportedCipherSuites();
268 failed |= !checkCipherSuites(ciphers);
269 }
270
271 if (failed) {
272 throw new Exception("Run into problems, see log for more details");
273 }
274 }
275 }