Path: blob/master/test/jdk/javax/net/ssl/sanity/ciphersuites/NoKerberos.java
41154 views
/*1* Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/* @test24* @bug 800450225* @summary Sanity check to ensure that Kerberos cipher suites cannot be26* negotiated when running on a compact profile that does not include Kerberos27*/2829import java.net.*;30import java.util.*;31import javax.net.ssl.*;3233public class NoKerberos {3435static final List<String> KERBEROS_CIPHER_SUITES = Arrays.asList(36"TLS_KRB5_WITH_RC4_128_SHA",37"TLS_KRB5_WITH_RC4_128_MD5",38"TLS_KRB5_WITH_3DES_EDE_CBC_SHA",39"TLS_KRB5_WITH_3DES_EDE_CBC_MD5",40"TLS_KRB5_WITH_DES_CBC_SHA",41"TLS_KRB5_WITH_DES_CBC_MD5",42"TLS_KRB5_EXPORT_WITH_RC4_40_SHA",43"TLS_KRB5_EXPORT_WITH_RC4_40_MD5",44"TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",45"TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"46);4748/**49* Checks that the given array of supported cipher suites does not include50* any Kerberos cipher suites.51*/52static void checkNotSupported(String[] supportedSuites) {53for (String suites: supportedSuites) {54if (KERBEROS_CIPHER_SUITES.contains(suites)) {55throw new RuntimeException("Supported list of cipher suites " +56" should not include Kerberos cipher suites");57}58}59}6061public static void main(String[] args) throws Exception {62try {63Class.forName("javax.security.auth.kerberos.KerberosPrincipal");64System.out.println("Kerberos is present, nothing to test");65return;66} catch (ClassNotFoundException okay) { }6768// test SSLSocket69try (Socket s = SSLSocketFactory.getDefault().createSocket()) {70SSLSocket sslSocket = (SSLSocket)s;7172checkNotSupported(sslSocket.getSupportedCipherSuites());7374// attempt to enable each of the Kerberos cipher suites75for (String kcs: KERBEROS_CIPHER_SUITES) {76String[] suites = { kcs };77try {78sslSocket.setEnabledCipherSuites(suites);79throw new RuntimeException("SSLSocket.setEnabledCipherSuitessuites allowed " +80kcs + " but Kerberos not supported");81} catch (IllegalArgumentException expected) { }82}83}8485// test SSLServerSocket86try (ServerSocket ss = SSLServerSocketFactory.getDefault().createServerSocket()) {87SSLServerSocket sslSocket = (SSLServerSocket)ss;8889checkNotSupported(sslSocket.getSupportedCipherSuites());9091// attempt to enable each of the Kerberos cipher suites92for (String kcs: KERBEROS_CIPHER_SUITES) {93String[] suites = { kcs };94try {95sslSocket.setEnabledCipherSuites(suites);96throw new RuntimeException("SSLSocket.setEnabledCipherSuitessuites allowed " +97kcs + " but Kerberos not supported");98} catch (IllegalArgumentException expected) { }99}100}101}102}103104105