1 /* 2 * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // SunJSSE does not support dynamic system properties, no way to re-use 25 // system properties in samevm/agentvm mode. 26 27 /* 28 * @test 29 * @bug 7093640 30 * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE 31 * @run main/othervm DefaultEnabledProtocols 32 */ 33 34 import java.security.Security; 35 import java.util.Arrays; 36 import java.util.HashSet; 37 import java.util.Set; 38 39 import javax.net.SocketFactory; 40 import javax.net.ssl.KeyManager; 41 import javax.net.ssl.SSLContext; 42 import javax.net.ssl.SSLEngine; 43 import javax.net.ssl.SSLParameters; 44 import javax.net.ssl.SSLServerSocket; 45 import javax.net.ssl.SSLServerSocketFactory; 46 import javax.net.ssl.SSLSocket; 47 import javax.net.ssl.TrustManager; 48 49 public class DefaultEnabledProtocols { 50 enum ContextVersion { 51 TLS_CV_01("SSL", 52 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 53 TLS_CV_02("TLS", 54 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 55 TLS_CV_03("SSLv3", 56 new String[] {"TLSv1"}), 57 TLS_CV_04("TLSv1", 58 new String[] {"TLSv1"}), 59 TLS_CV_05("TLSv1.1", 60 new String[] {"TLSv1", "TLSv1.1"}), 61 TLS_CV_06("TLSv1.2", 62 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}), 63 TLS_CV_07("TLSv1.3", 64 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 65 TLS_CV_08("Default", 66 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}); 67 68 final String contextVersion; 69 final String[] enabledProtocols; 70 final static String[] supportedProtocols = new String[] { 71 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; 72 final static String[] serverDefaultProtocols = new String[] { 73 "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; 74 75 ContextVersion(String contextVersion, String[] enabledProtocols) { 76 this.contextVersion = contextVersion; 77 this.enabledProtocols = enabledProtocols; 78 } 79 } 80 81 private static boolean checkProtocols(String[] target, String[] expected) { 82 boolean success = true; 83 if (target.length == 0) { 84 System.out.println("\t\t\t*** Error: No protocols"); 85 success = false; 86 } 87 88 if (!protocolEquals(target, expected)) { 89 System.out.println("\t\t\t*** Error: Expected to get protocols " + 90 Arrays.toString(expected)); 91 success = false; 92 } 93 System.out.println("\t\t\t Protocols found " + Arrays.toString(target)); 94 System.out.println("\t\t\t--> Protocol check passed!!"); 95 96 return success; 97 } 98 99 private static boolean protocolEquals( 100 String[] actualProtocols, 101 String[] expectedProtocols) { 102 if (actualProtocols.length != expectedProtocols.length) { 103 return false; 104 } 105 106 Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols)); 107 for (String actual : actualProtocols) { 108 if (set.add(actual)) { 109 return false; 110 } 111 } 112 113 System.out.println("\t\t\t--> Cipher check passed!!"); 114 return true; 115 } 116 117 private static boolean checkCipherSuites(String[] target) { 118 boolean success = true; 119 if (target.length == 0) { 120 System.out.println("\t\t\t*** Error: No cipher suites"); 121 success = false; 122 } 123 124 return success; 125 } 126 127 public static void main(String[] args) throws Exception { 128 // reset the security property to make sure that the algorithms 129 // and keys used in this test are not disabled. 130 Security.setProperty("jdk.tls.disabledAlgorithms", ""); 131 132 boolean failed = false; 133 for (ContextVersion cv : ContextVersion.values()) { 134 System.out.println("\n\nChecking SSLContext of " + cv.contextVersion); 135 System.out.println("============================"); 136 SSLContext context = SSLContext.getInstance(cv.contextVersion); 137 138 // Default SSLContext is initialized automatically. 139 if (!cv.contextVersion.equals("Default")) { 140 // Use default TK, KM and random. 141 context.init((KeyManager[])null, (TrustManager[])null, null); 142 } 143 144 // 145 // Check SSLContext 146 // 147 // Check default SSLParameters of SSLContext 148 System.out.println("\tChecking default SSLParameters"); 149 System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols"); 150 SSLParameters parameters = context.getDefaultSSLParameters(); 151 152 String[] protocols = parameters.getProtocols(); 153 failed |= !checkProtocols(protocols, cv.enabledProtocols); 154 155 String[] ciphers = parameters.getCipherSuites(); 156 failed |= !checkCipherSuites(ciphers); 157 158 // Check supported SSLParameters of SSLContext 159 System.out.println("\t\tChecking SSLContext.getSupportedSSLParameters().getProtocols()"); 160 parameters = context.getSupportedSSLParameters(); 161 162 protocols = parameters.getProtocols(); 163 failed |= !checkProtocols(protocols, cv.supportedProtocols); 164 165 ciphers = parameters.getCipherSuites(); 166 failed |= !checkCipherSuites(ciphers); 167 168 // 169 // Check SSLEngine 170 // 171 // Check SSLParameters of SSLEngine 172 System.out.println(); 173 System.out.println("\tChecking SSLEngine of this SSLContext"); 174 System.out.println("\t\tChecking SSLEngine.getSSLParameters()"); 175 SSLEngine engine = context.createSSLEngine(); 176 engine.setUseClientMode(true); 177 parameters = engine.getSSLParameters(); 178 179 protocols = parameters.getProtocols(); 180 failed |= !checkProtocols(protocols, cv.enabledProtocols); 181 182 ciphers = parameters.getCipherSuites(); 183 failed |= !checkCipherSuites(ciphers); 184 185 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()"); 186 protocols = engine.getEnabledProtocols(); 187 failed |= !checkProtocols(protocols, cv.enabledProtocols); 188 189 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()"); 190 ciphers = engine.getEnabledCipherSuites(); 191 failed |= !checkCipherSuites(ciphers); 192 193 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()"); 194 protocols = engine.getSupportedProtocols(); 195 failed |= !checkProtocols(protocols, cv.supportedProtocols); 196 197 System.out.println( 198 "\t\tChecking SSLEngine.getSupportedCipherSuites()"); 199 ciphers = engine.getSupportedCipherSuites(); 200 failed |= !checkCipherSuites(ciphers); 201 202 // 203 // Check SSLSocket 204 // 205 // Check SSLParameters of SSLSocket 206 System.out.println(); 207 System.out.println("\tChecking SSLSocket of this SSLContext"); 208 System.out.println("\t\tChecking SSLSocket.getSSLParameters()"); 209 SocketFactory fac = context.getSocketFactory(); 210 SSLSocket socket = (SSLSocket)fac.createSocket(); 211 parameters = socket.getSSLParameters(); 212 213 protocols = parameters.getProtocols(); 214 failed |= !checkProtocols(protocols, cv.enabledProtocols); 215 216 ciphers = parameters.getCipherSuites(); 217 failed |= !checkCipherSuites(ciphers); 218 219 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()"); 220 protocols = socket.getEnabledProtocols(); 221 failed |= !checkProtocols(protocols, cv.enabledProtocols); 222 223 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()"); 224 ciphers = socket.getEnabledCipherSuites(); 225 failed |= !checkCipherSuites(ciphers); 226 227 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()"); 228 protocols = socket.getSupportedProtocols(); 229 failed |= !checkProtocols(protocols, cv.supportedProtocols); 230 231 System.out.println( 232 "\t\tChecking SSLEngine.getSupportedCipherSuites()"); 233 ciphers = socket.getSupportedCipherSuites(); 234 failed |= !checkCipherSuites(ciphers); 235 236 // 237 // Check SSLServerSocket 238 // 239 // Check SSLParameters of SSLServerSocket 240 System.out.println(); 241 System.out.println("\tChecking SSLServerSocket of this SSLContext"); 242 System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()"); 243 SSLServerSocketFactory sf = context.getServerSocketFactory(); 244 SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); 245 parameters = ssocket.getSSLParameters(); 246 247 protocols = parameters.getProtocols(); 248 failed |= !checkProtocols(protocols, cv.serverDefaultProtocols); 249 250 ciphers = parameters.getCipherSuites(); 251 failed |= !checkCipherSuites(ciphers); 252 253 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()"); 254 protocols = ssocket.getEnabledProtocols(); 255 failed |= !checkProtocols(protocols, cv.serverDefaultProtocols); 256 257 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()"); 258 ciphers = ssocket.getEnabledCipherSuites(); 259 failed |= !checkCipherSuites(ciphers); 260 261 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()"); 262 protocols = ssocket.getSupportedProtocols(); 263 failed |= !checkProtocols(protocols, cv.supportedProtocols); 264 265 System.out.println( 266 "\t\tChecking SSLEngine.getSupportedCipherSuites()"); 267 ciphers = ssocket.getSupportedCipherSuites(); 268 failed |= !checkCipherSuites(ciphers); 269 } 270 271 if (failed) { 272 throw new Exception("Run into problems, see log for more details"); 273 } 274 } 275 }