Path: blob/master/test/jdk/sun/security/ssl/SSLContextImpl/CustomizedServerDefaultProtocols.java
41152 views
/*1* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223// SunJSSE does not support dynamic system properties, no way to re-use24// system properties in samevm/agentvm mode.2526/*27* @test28* @bug 8196584 819049229* @summary Test jdk.tls.server.protocols with TLS30* @run main/othervm -Djdk.tls.server.protocols="SSLv3,TLSv1,TLSv1.1"31* CustomizedServerDefaultProtocols32*/3334import java.security.Security;35import java.util.Arrays;36import java.util.HashSet;37import java.util.Set;3839import javax.net.SocketFactory;40import javax.net.ssl.SSLContext;41import javax.net.ssl.SSLEngine;42import javax.net.ssl.SSLParameters;43import javax.net.ssl.SSLServerSocket;44import javax.net.ssl.SSLServerSocketFactory;45import javax.net.ssl.SSLSocket;4647public class CustomizedServerDefaultProtocols {4849final static String[] supportedProtocols = new String[]{50"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};51final static String[] serverDefaultProtocols = new String[] {52"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};5354enum ContextVersion {55TLS_CV_01("SSL",56new String[]{"SSLv3", "TLSv1", "TLSv1.1"},57new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),58TLS_CV_02("TLS",59new String[]{"SSLv3", "TLSv1", "TLSv1.1"},60new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),61TLS_CV_03("SSLv3",62serverDefaultProtocols,63new String[]{"TLSv1"}),64TLS_CV_04("TLSv1",65serverDefaultProtocols,66new String[]{"TLSv1"}),67TLS_CV_05("TLSv1.1",68serverDefaultProtocols,69new String[]{"TLSv1", "TLSv1.1"}),70TLS_CV_06("TLSv1.2",71serverDefaultProtocols,72new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"}),73TLS_CV_07("TLSv1.3",74serverDefaultProtocols,75new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),76TLS_CV_08("Default",77new String[]{"SSLv3", "TLSv1", "TLSv1.1"},78new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});7980final String contextVersion;81final String[] serverEnabledProtocols;82final String[] clientEnabledProtocols;8384ContextVersion(String contextVersion, String[] serverEnabledProtocols,85String[] clientEnabledProtocols) {86this.contextVersion = contextVersion;87this.serverEnabledProtocols = serverEnabledProtocols;88this.clientEnabledProtocols = clientEnabledProtocols;89}90}9192private static boolean checkProtocols(String[] target, String[] expected) {93boolean success = true;94if (target.length == 0) {95System.out.println("\t\t\t*** Error: No protocols");96success = false;97}9899if (!protocolEquals(target, expected)) {100System.out.println("\t\t\t*** Error: Expected to get protocols " +101Arrays.toString(expected));102success = false;103}104System.out.println("\t\t\t Protocols found " + Arrays.toString(target));105System.out.println("\t\t\t--> Protocol check passed!!");106107return success;108}109110private static boolean protocolEquals(111String[] actualProtocols,112String[] expectedProtocols) {113if (actualProtocols.length != expectedProtocols.length) {114return false;115}116117Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));118for (String actual : actualProtocols) {119if (set.add(actual)) {120return false;121}122}123124return true;125}126127private static boolean checkCipherSuites(String[] target) {128boolean success = true;129if (target.length == 0) {130System.out.println("\t\t\t*** Error: No cipher suites");131success = false;132}133134System.out.println("\t\t\t--> Cipher check passed!!");135return success;136}137138public static void main(String[] args) throws Exception {139// reset the security property to make sure that the algorithms140// and keys used in this test are not disabled.141Security.setProperty("jdk.tls.disabledAlgorithms", "");142System.out.println("jdk.tls.client.protocols = " +143System.getProperty("jdk.tls.client.protocols"));144System.out.println("jdk.tls.server.protocols = "+145System.getProperty("jdk.tls.server.protocols"));146Test();147}148149static void Test() throws Exception {150boolean failed = false;151152for (ContextVersion cv : ContextVersion.values()) {153System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);154System.out.println("============================");155SSLContext context = SSLContext.getInstance(cv.contextVersion);156157// Default SSLContext is initialized automatically.158if (!cv.contextVersion.equals("Default")) {159// Use default TK, KM and random.160context.init(null, null, null);161}162163//164// Check SSLContext165//166// Check default SSLParameters of SSLContext167System.out.println("\tChecking default SSLParameters");168System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");169SSLParameters parameters = context.getDefaultSSLParameters();170171String[] protocols = parameters.getProtocols();172failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);173174String[] ciphers = parameters.getCipherSuites();175failed |= !checkCipherSuites(ciphers);176177// Check supported SSLParameters of SSLContext178System.out.println("\t\tChecking supported SSLParameters");179parameters = context.getSupportedSSLParameters();180181protocols = parameters.getProtocols();182failed |= !checkProtocols(protocols, supportedProtocols);183184ciphers = parameters.getCipherSuites();185failed |= !checkCipherSuites(ciphers);186187//188// Check SSLEngine189//190// Check SSLParameters of SSLEngine191System.out.println();192System.out.println("\tChecking SSLEngine of this SSLContext");193System.out.println("\t\tChecking SSLEngine.getSSLParameters()");194SSLEngine engine = context.createSSLEngine();195engine.setUseClientMode(true);196parameters = engine.getSSLParameters();197198protocols = parameters.getProtocols();199failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);200201ciphers = parameters.getCipherSuites();202failed |= !checkCipherSuites(ciphers);203204System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");205protocols = engine.getEnabledProtocols();206failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);207208System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");209ciphers = engine.getEnabledCipherSuites();210failed |= !checkCipherSuites(ciphers);211212System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");213protocols = engine.getSupportedProtocols();214failed |= !checkProtocols(protocols, supportedProtocols);215216System.out.println(217"\t\tChecking SSLEngine.getSupportedCipherSuites()");218ciphers = engine.getSupportedCipherSuites();219failed |= !checkCipherSuites(ciphers);220221//222// Check SSLSocket223//224// Check SSLParameters of SSLSocket225System.out.println();226System.out.println("\tChecking SSLSocket of this SSLContext");227System.out.println("\t\tChecking SSLSocket.getSSLParameters()");228SocketFactory fac = context.getSocketFactory();229SSLSocket socket = (SSLSocket) fac.createSocket();230parameters = socket.getSSLParameters();231232protocols = parameters.getProtocols();233failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);234235ciphers = parameters.getCipherSuites();236failed |= !checkCipherSuites(ciphers);237238System.out.println("\t\tChecking SSLSocket.getEnabledProtocols()");239protocols = socket.getEnabledProtocols();240failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);241242System.out.println("\t\tChecking SSLSocket.getEnabledCipherSuites()");243ciphers = socket.getEnabledCipherSuites();244failed |= !checkCipherSuites(ciphers);245246System.out.println("\t\tChecking SSLSocket.getSupportedProtocols()");247protocols = socket.getSupportedProtocols();248failed |= !checkProtocols(protocols, supportedProtocols);249250System.out.println(251"\t\tChecking SSLSocket.getSupportedCipherSuites()");252ciphers = socket.getSupportedCipherSuites();253failed |= !checkCipherSuites(ciphers);254255//256// Check SSLServerSocket257//258// Check SSLParameters of SSLServerSocket259System.out.println();260System.out.println("\tChecking SSLServerSocket of this SSLContext");261System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");262SSLServerSocketFactory sf = context.getServerSocketFactory();263SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket();264parameters = ssocket.getSSLParameters();265266protocols = parameters.getProtocols();267failed |= !checkProtocols(protocols, cv.serverEnabledProtocols);268269ciphers = parameters.getCipherSuites();270failed |= !checkCipherSuites(ciphers);271272System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");273protocols = ssocket.getEnabledProtocols();274failed |= !checkProtocols(protocols, cv.serverEnabledProtocols);275276System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");277ciphers = ssocket.getEnabledCipherSuites();278failed |= !checkCipherSuites(ciphers);279280System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");281protocols = ssocket.getSupportedProtocols();282failed |= !checkProtocols(protocols, supportedProtocols);283284System.out.println(285"\t\tChecking SSLEngine.getSupportedCipherSuites()");286ciphers = ssocket.getSupportedCipherSuites();287failed |= !checkCipherSuites(ciphers);288289if (failed) {290throw new Exception("Run into problems, see log for more details");291}292}293}294}295296297