1 /* 2 * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // SunJSSE does not support dynamic system properties, no way to re-use 25 // system properties in samevm/agentvm mode. 26 27 /* 28 * @test 29 * @bug 7093640 8190492 30 * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE 31 * @run main/othervm -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" 32 * NoOldVersionContext 33 */ 34 35 import java.security.Security; 36 import java.util.Arrays; 37 import java.util.HashSet; 38 import java.util.Set; 39 40 import javax.net.SocketFactory; 41 import javax.net.ssl.KeyManager; 42 import javax.net.ssl.SSLContext; 43 import javax.net.ssl.SSLEngine; 44 import javax.net.ssl.SSLParameters; 45 import javax.net.ssl.SSLServerSocket; 46 import javax.net.ssl.SSLServerSocketFactory; 47 import javax.net.ssl.SSLSocket; 48 import javax.net.ssl.TrustManager; 49 50 public class NoOldVersionContext { 51 static enum ContextVersion { 52 TLS_CV_01("SSL", 53 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}), 54 TLS_CV_02("TLS", 55 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}), 56 TLS_CV_03("SSLv3", 57 new String[] {"TLSv1"}), 58 TLS_CV_04("TLSv1", 59 new String[] {"TLSv1"}), 60 TLS_CV_05("TLSv1.1", 61 new String[] {"TLSv1", "TLSv1.1"}), 62 TLS_CV_06("TLSv1.2", 63 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}), 64 TLS_CV_07("TLSv1.3", 65 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), 66 TLS_CV_08("Default", 67 new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}); 68 69 final String contextVersion; 70 final String[] enabledProtocols; 71 final static String[] supportedProtocols = new String[] { 72 "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; 73 final static String[] serverDefaultProtocols = new String[] { 74 "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; 75 76 ContextVersion(String contextVersion, String[] enabledProtocols) { 77 this.contextVersion = contextVersion; 78 this.enabledProtocols = enabledProtocols; 79 } 80 } 81 82 private static boolean checkProtocols(String[] target, String[] expected) { 83 boolean success = true; 84 if (target.length == 0) { 85 System.out.println("\t\t\t*** Error: No protocols"); 86 success = false; 87 } 88 89 if (!protocolEquals(target, expected)) { 90 System.out.println("\t\t\t*** Error: Expected to get protocols " + 91 Arrays.toString(expected)); 92 System.out.println("\t\t\t*** Error: The actual protocols " + 93 Arrays.toString(target)); 94 success = false; 95 } 96 97 return success; 98 } 99 100 private static boolean protocolEquals( 101 String[] actualProtocols, 102 String[] expectedProtocols) { 103 if (actualProtocols.length != expectedProtocols.length) { 104 return false; 105 } 106 107 Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols)); 108 for (String actual : actualProtocols) { 109 if (set.add(actual)) { 110 return false; 111 } 112 } 113 114 System.out.println("\t\t\t--> Protocol check passed!!"); 115 return true; 116 } 117 118 private static boolean checkCipherSuites(String[] target) { 119 boolean success = true; 120 if (target.length == 0) { 121 System.out.println("\t\t\t*** Error: No cipher suites"); 122 success = false; 123 } 124 125 System.out.println("\t\t\t--> Cipher check passed!!"); 126 return success; 127 } 128 129 public static void main(String[] args) throws Exception { 130 // reset the security property to make sure that the algorithms 131 // and keys used in this test are not disabled. 132 Security.setProperty("jdk.tls.disabledAlgorithms", ""); 133 134 boolean failed = false; 135 for (ContextVersion cv : ContextVersion.values()) { 136 System.out.println("\n\nChecking SSLContext of " + cv.contextVersion); 137 System.out.println("============================"); 138 SSLContext context = SSLContext.getInstance(cv.contextVersion); 139 140 // Default SSLContext is initialized automatically. 141 if (!cv.contextVersion.equals("Default")) { 142 // Use default TK, KM and random. 143 context.init((KeyManager[])null, (TrustManager[])null, null); 144 } 145 146 // 147 // Check SSLContext 148 // 149 // Check default SSLParameters of SSLContext 150 System.out.println("\tChecking default SSLParameters"); 151 System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols"); 152 SSLParameters parameters = context.getDefaultSSLParameters(); 153 154 String[] protocols = parameters.getProtocols(); 155 failed |= !checkProtocols(protocols, cv.enabledProtocols); 156 157 String[] ciphers = parameters.getCipherSuites(); 158 failed |= !checkCipherSuites(ciphers); 159 160 // Check supported SSLParameters of SSLContext 161 System.out.println("\t\tChecking SSLContext.getSupportedSSLParameters().getProtocols()"); 162 parameters = context.getSupportedSSLParameters(); 163 164 protocols = parameters.getProtocols(); 165 failed |= !checkProtocols(protocols, cv.supportedProtocols); 166 167 ciphers = parameters.getCipherSuites(); 168 failed |= !checkCipherSuites(ciphers); 169 170 // 171 // Check SSLEngine 172 // 173 // Check SSLParameters of SSLEngine 174 System.out.println(); 175 System.out.println("\tChecking SSLEngine of this SSLContext - client mode"); 176 System.out.println("\t\tChecking SSLEngine.getSSLParameters()"); 177 SSLEngine engine = context.createSSLEngine(); 178 engine.setUseClientMode(true); 179 parameters = engine.getSSLParameters(); 180 181 protocols = parameters.getProtocols(); 182 failed |= !checkProtocols(protocols, cv.enabledProtocols); 183 184 ciphers = parameters.getCipherSuites(); 185 failed |= !checkCipherSuites(ciphers); 186 187 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()"); 188 protocols = engine.getEnabledProtocols(); 189 failed |= !checkProtocols(protocols, cv.enabledProtocols); 190 191 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()"); 192 ciphers = engine.getEnabledCipherSuites(); 193 failed |= !checkCipherSuites(ciphers); 194 195 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()"); 196 protocols = engine.getSupportedProtocols(); 197 failed |= !checkProtocols(protocols, cv.supportedProtocols); 198 199 System.out.println( 200 "\t\tChecking SSLEngine.getSupportedCipherSuites()"); 201 ciphers = engine.getSupportedCipherSuites(); 202 failed |= !checkCipherSuites(ciphers); 203 204 // 205 // Check SSLSocket 206 // 207 // Check SSLParameters of SSLSocket 208 System.out.println(); 209 System.out.println("\tChecking SSLSocket of this SSLContext"); 210 System.out.println("\t\tChecking SSLSocket.getSSLParameters()"); 211 SocketFactory fac = context.getSocketFactory(); 212 SSLSocket socket = (SSLSocket)fac.createSocket(); 213 parameters = socket.getSSLParameters(); 214 215 protocols = parameters.getProtocols(); 216 failed |= !checkProtocols(protocols, cv.enabledProtocols); 217 218 ciphers = parameters.getCipherSuites(); 219 failed |= !checkCipherSuites(ciphers); 220 221 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()"); 222 protocols = socket.getEnabledProtocols(); 223 failed |= !checkProtocols(protocols, cv.enabledProtocols); 224 225 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()"); 226 ciphers = socket.getEnabledCipherSuites(); 227 failed |= !checkCipherSuites(ciphers); 228 229 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()"); 230 protocols = socket.getSupportedProtocols(); 231 failed |= !checkProtocols(protocols, cv.supportedProtocols); 232 233 System.out.println( 234 "\t\tChecking SSLEngine.getSupportedCipherSuites()"); 235 ciphers = socket.getSupportedCipherSuites(); 236 failed |= !checkCipherSuites(ciphers); 237 238 // 239 // Check SSLServerSocket 240 // 241 // Check SSLParameters of SSLServerSocket 242 System.out.println(); 243 System.out.println("\tChecking SSLServerSocket of this SSLContext"); 244 System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()"); 245 SSLServerSocketFactory sf = context.getServerSocketFactory(); 246 SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); 247 parameters = ssocket.getSSLParameters(); 248 249 protocols = parameters.getProtocols(); 250 failed |= !checkProtocols(protocols, cv.serverDefaultProtocols); 251 252 ciphers = parameters.getCipherSuites(); 253 failed |= !checkCipherSuites(ciphers); 254 255 System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()"); 256 protocols = ssocket.getEnabledProtocols(); 257 failed |= !checkProtocols(protocols, cv.serverDefaultProtocols); 258 259 System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()"); 260 ciphers = ssocket.getEnabledCipherSuites(); 261 failed |= !checkCipherSuites(ciphers); 262 263 System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()"); 264 protocols = ssocket.getSupportedProtocols(); 265 failed |= !checkProtocols(protocols, cv.supportedProtocols); 266 267 System.out.println( 268 "\t\tChecking SSLEngine.getSupportedCipherSuites()"); 269 ciphers = ssocket.getSupportedCipherSuites(); 270 failed |= !checkCipherSuites(ciphers); 271 } 272 273 if (failed) { 274 throw new Exception("Run into problems, see log for more details"); 275 } 276 } 277 }