Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java
41152 views
1
/*

2
 * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
// SunJSSE does not support dynamic system properties, no way to re-use

25
// system properties in samevm/agentvm mode.

26


27
/*

28
 * @test

29
 * @bug 8162362

30
 * @summary Cannot enable previously default enabled cipher suites

31
 * @run main/othervm

32
 *      CustomizedCipherSuites Default true

33
 *      TLS_RSA_WITH_AES_128_CBC_SHA

34
 *      TLS_ECDH_anon_WITH_AES_128_CBC_SHA

35
 * @run main/othervm

36
 *      -Djdk.tls.client.cipherSuites="unknown"

37
 *      CustomizedCipherSuites Default true

38
 *      TLS_RSA_WITH_AES_128_CBC_SHA

39
 *      TLS_ECDH_anon_WITH_AES_128_CBC_SHA

40
 * @run main/othervm

41
 *      -Djdk.tls.client.cipherSuites=""

42
 *      CustomizedCipherSuites Default true

43
 *      TLS_RSA_WITH_AES_128_CBC_SHA

44
 *      TLS_ECDH_anon_WITH_AES_128_CBC_SHA

45
 * @run main/othervm

46
 *      -Djdk.tls.client.cipherSuites="TLS_ECDH_anon_WITH_AES_128_CBC_SHA"

47
 *      CustomizedCipherSuites Default true

48
 *      TLS_ECDH_anon_WITH_AES_128_CBC_SHA

49
 *      TLS_RSA_WITH_AES_128_CBC_SHA

50
 * @run main/othervm

51
 *      -Djdk.tls.server.cipherSuites="TLS_ECDH_anon_WITH_AES_128_CBC_SHA"

52
 *      CustomizedCipherSuites Default false

53
 *      TLS_ECDH_anon_WITH_AES_128_CBC_SHA

54
 *      TLS_RSA_WITH_AES_128_CBC_SHA

55
 * @run main/othervm

56
 *      -Djdk.tls.client.cipherSuites="TLS_RSA_WITH_AES_128_CBC_SHA,unknown,TLS_ECDH_anon_WITH_AES_128_CBC_SHA"

57
 *      CustomizedCipherSuites Default true

58
 *      TLS_ECDH_anon_WITH_AES_128_CBC_SHA

59
 *      ""

60
 * @run main/othervm

61
 *      -Djdk.tls.server.cipherSuites="TLS_RSA_WITH_AES_128_CBC_SHA,unknown,TLS_ECDH_anon_WITH_AES_128_CBC_SHA"

62
 *      CustomizedCipherSuites Default false

63
 *      TLS_RSA_WITH_AES_128_CBC_SHA

64
 *      ""

65
 * @run main/othervm

66
 *      -Djdk.tls.server.cipherSuites="TLS_ECDH_anon_WITH_AES_128_CBC_SHA"

67
 *      CustomizedCipherSuites Default true

68
 *      TLS_RSA_WITH_AES_128_CBC_SHA

69
 *      TLS_ECDH_anon_WITH_AES_128_CBC_SHA

70
 * @run main/othervm

71
 *      -Djdk.tls.client.cipherSuites="TLS_ECDH_anon_WITH_AES_128_CBC_SHA"

72
 *      CustomizedCipherSuites Default false

73
 *      TLS_RSA_WITH_AES_128_CBC_SHA

74
 *      TLS_ECDH_anon_WITH_AES_128_CBC_SHA

75
 */

76


77
import java.security.Security;

78
import javax.net.ssl.*;

79


80
/**

81
 * Test the customized default cipher suites.

82
 *

83
 * This test is based on the behavior that TLS_ECDH_anon_WITH_AES_128_CBC_SHA is

84
 * disabled by default, and TLS_RSA_WITH_AES_128_CBC_SHA is enabled by

85
 * default in JDK.  If the behavior is changed in the future, please

86
 * update the test cases above accordingly.

87
 */

88
public class CustomizedCipherSuites {

89


90
    private static String contextProtocol;

91
    private static boolean isClientMode;

92


93
    private static String enabledCipherSuite;

94
    private static String notEnabledCipherSuite;

95


96
    public static void main(String[] args) throws Exception {

97


98
        // reset the security property to make sure the cipher suites

99
        // used in this test are not disabled

100
        Security.setProperty("jdk.tls.disabledAlgorithms", "");

101


102
        contextProtocol = trimQuotes(args[0]);

103
        isClientMode = Boolean.parseBoolean(args[1]);

104
        enabledCipherSuite = trimQuotes(args[2]);

105
        notEnabledCipherSuite = trimQuotes(args[3]);

106


107
        //

108
        // Create instance of SSLContext with the specified protocol.

109
        //

110
        SSLContext context = SSLContext.getInstance(contextProtocol);

111


112
        // Default SSLContext is initialized automatically.

113
        if (!contextProtocol.equals("Default")) {

114
            // Use default TK, KM and random.

115
            context.init((KeyManager[])null, (TrustManager[])null, null);

116
        }

117


118
        // SSLContext default parameters is client mode in JDK.

119
        if (isClientMode) {

120
            //

121
            // Check default parameters of the specified SSLContext protocol

122
            //

123
            SSLParameters parameters = context.getDefaultSSLParameters();

124
            System.out.println("Checking SSLContext default parameters ...");

125
            checkEnabledCiphers(parameters.getCipherSuites());

126
        }

127


128
        //

129
        // Check supported parameters of the specified SSLContext protocol

130
        //

131
        SSLParameters parameters = context.getSupportedSSLParameters();

132
        System.out.println("Checking SSLContext suppport parameters ...");

133
        checkSupportedCiphers(parameters.getCipherSuites());

134


135


136
        //

137
        // Check the default cipher suites of SSLEngine.

138
        //

139
        SSLEngine engine = context.createSSLEngine();

140
        engine.setUseClientMode(isClientMode);

141


142
        System.out.println("Checking SSLEngine default cipher suites ...");

143
        checkEnabledCiphers(engine.getEnabledCipherSuites());

144


145
        //

146
        // Check the supported cipher suites of SSLEngine.

147
        //

148
        System.out.println("Checking SSLEngine supported cipher suites ...");

149
        checkSupportedCiphers(engine.getSupportedCipherSuites());

150


151
        if (isClientMode) {

152
            SSLSocketFactory factory = context.getSocketFactory();

153
            // Use an unconnected socket.

154
            try (SSLSocket socket = (SSLSocket)factory.createSocket()) {

155
                //

156
                // Check the default cipher suites of SSLSocket.

157
                //

158
                System.out.println(

159
                        "Checking SSLSocket default cipher suites ...");

160
                checkEnabledCiphers(socket.getEnabledCipherSuites());

161


162
                //

163
                // Check the supported cipher suites of SSLSocket.

164
                //

165
                System.out.println(

166
                        "Checking SSLSocket supported cipher suites ...");

167
                checkSupportedCiphers(socket.getSupportedCipherSuites());

168
            }

169
        } else {

170
            SSLServerSocketFactory factory = context.getServerSocketFactory();

171
            // Use an unbound server socket.

172
            try (SSLServerSocket socket =

173
                    (SSLServerSocket)factory.createServerSocket()) {

174
                //

175
                // Check the default cipher suites of SSLServerSocket.

176
                //

177
                System.out.println(

178
                        "Checking SSLServerSocket default cipher suites ...");

179
                checkEnabledCiphers(socket.getEnabledCipherSuites());

180


181
                //

182
                // Check the supported cipher suites of SSLServerSocket.

183
                //

184
                System.out.println(

185
                        "Checking SSLServerSocket supported cipher suites ...");

186
                checkSupportedCiphers(socket.getSupportedCipherSuites());

187
            }

188
        }

189


190
        System.out.println("\t... Success");

191
    }

192


193
    private static void checkEnabledCiphers(

194
            String[] ciphers) throws Exception {

195


196
        if (ciphers.length == 0) {

197
            throw new Exception("No default cipher suites");

198
        }

199


200
        boolean isMatch = false;

201
        if (enabledCipherSuite.isEmpty()) {

202
            // Don't check if not specify the expected cipher suite.

203
            isMatch = true;

204
        }

205


206
        boolean isBroken = false;

207
        for (String cipher : ciphers) {

208
            System.out.println("\tdefault cipher suite " + cipher);

209
            if (!enabledCipherSuite.isEmpty() &&

210
                        cipher.equals(enabledCipherSuite)) {

211
                isMatch = true;

212
            }

213


214
            if (!notEnabledCipherSuite.isEmpty() &&

215
                        cipher.equals(notEnabledCipherSuite)) {

216
                isBroken = true;

217
            }

218
        }

219


220
        if (!isMatch) {

221
            throw new Exception(

222
                "Cipher suite " + enabledCipherSuite + " should be enabled");

223
        }

224


225
        if (isBroken) {

226
            throw new Exception(

227
                "Cipher suite " + notEnabledCipherSuite + " should not be enabled");

228
        }

229
    }

230


231
    private static void checkSupportedCiphers(

232
            String[] ciphers) throws Exception {

233


234
        if (ciphers.length == 0) {

235
            throw new Exception("No supported cipher suites");

236
        }

237


238
        boolean hasEnabledCipherSuite = enabledCipherSuite.isEmpty();

239
        boolean hasNotEnabledCipherSuite = notEnabledCipherSuite.isEmpty();

240
        for (String cipher : ciphers) {

241
            System.out.println("\tsupported cipher suite " + cipher);

242
            if (!enabledCipherSuite.isEmpty() &&

243
                        cipher.equals(enabledCipherSuite)) {

244
                hasEnabledCipherSuite = true;

245
            }

246


247
            if (!notEnabledCipherSuite.isEmpty() &&

248
                        cipher.equals(notEnabledCipherSuite)) {

249
                hasNotEnabledCipherSuite = true;

250
            }

251
        }

252


253
        if (!hasEnabledCipherSuite) {

254
            throw new Exception(

255
                "Cipher suite " + enabledCipherSuite + " should be supported");

256
        }

257


258
        if (!hasNotEnabledCipherSuite) {

259
            throw new Exception(

260
                "Cipher suite " + notEnabledCipherSuite + " should not be enabled");

261
        }

262
    }

263


264
    private static String trimQuotes(String candidate) {

265
        if (candidate != null && candidate.length() != 0) {

266
            // Remove double quote marks from beginning/end of the string.

267
            if (candidate.length() > 1 && candidate.charAt(0) == '"' &&

268
                    candidate.charAt(candidate.length() - 1) == '"') {

269
                return candidate.substring(1, candidate.length() - 1);

270
            }

271
        }

272


273
        return candidate;

274
    }

275
}

276


277