Path: blob/master/test/jdk/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java
41152 views
/*1* Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223// SunJSSE does not support dynamic system properties, no way to re-use24// system properties in samevm/agentvm mode.2526/*27* @test28* @bug 709364029* @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE30* @run main/othervm DefaultEnabledProtocols31*/3233import java.security.Security;34import java.util.Arrays;35import java.util.HashSet;36import java.util.Set;3738import javax.net.SocketFactory;39import javax.net.ssl.KeyManager;40import javax.net.ssl.SSLContext;41import javax.net.ssl.SSLEngine;42import javax.net.ssl.SSLParameters;43import javax.net.ssl.SSLServerSocket;44import javax.net.ssl.SSLServerSocketFactory;45import javax.net.ssl.SSLSocket;46import javax.net.ssl.TrustManager;4748public class DefaultEnabledProtocols {49enum ContextVersion {50TLS_CV_01("SSL",51new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),52TLS_CV_02("TLS",53new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),54TLS_CV_03("SSLv3",55new String[] {"TLSv1"}),56TLS_CV_04("TLSv1",57new String[] {"TLSv1"}),58TLS_CV_05("TLSv1.1",59new String[] {"TLSv1", "TLSv1.1"}),60TLS_CV_06("TLSv1.2",61new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),62TLS_CV_07("TLSv1.3",63new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),64TLS_CV_08("Default",65new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});6667final String contextVersion;68final String[] enabledProtocols;69final static String[] supportedProtocols = new String[] {70"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};71final static String[] serverDefaultProtocols = new String[] {72"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};7374ContextVersion(String contextVersion, String[] enabledProtocols) {75this.contextVersion = contextVersion;76this.enabledProtocols = enabledProtocols;77}78}7980private static boolean checkProtocols(String[] target, String[] expected) {81boolean success = true;82if (target.length == 0) {83System.out.println("\t\t\t*** Error: No protocols");84success = false;85}8687if (!protocolEquals(target, expected)) {88System.out.println("\t\t\t*** Error: Expected to get protocols " +89Arrays.toString(expected));90success = false;91}92System.out.println("\t\t\t Protocols found " + Arrays.toString(target));93System.out.println("\t\t\t--> Protocol check passed!!");9495return success;96}9798private static boolean protocolEquals(99String[] actualProtocols,100String[] expectedProtocols) {101if (actualProtocols.length != expectedProtocols.length) {102return false;103}104105Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));106for (String actual : actualProtocols) {107if (set.add(actual)) {108return false;109}110}111112System.out.println("\t\t\t--> Cipher check passed!!");113return true;114}115116private static boolean checkCipherSuites(String[] target) {117boolean success = true;118if (target.length == 0) {119System.out.println("\t\t\t*** Error: No cipher suites");120success = false;121}122123return success;124}125126public static void main(String[] args) throws Exception {127// reset the security property to make sure that the algorithms128// and keys used in this test are not disabled.129Security.setProperty("jdk.tls.disabledAlgorithms", "");130131boolean failed = false;132for (ContextVersion cv : ContextVersion.values()) {133System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);134System.out.println("============================");135SSLContext context = SSLContext.getInstance(cv.contextVersion);136137// Default SSLContext is initialized automatically.138if (!cv.contextVersion.equals("Default")) {139// Use default TK, KM and random.140context.init((KeyManager[])null, (TrustManager[])null, null);141}142143//144// Check SSLContext145//146// Check default SSLParameters of SSLContext147System.out.println("\tChecking default SSLParameters");148System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");149SSLParameters parameters = context.getDefaultSSLParameters();150151String[] protocols = parameters.getProtocols();152failed |= !checkProtocols(protocols, cv.enabledProtocols);153154String[] ciphers = parameters.getCipherSuites();155failed |= !checkCipherSuites(ciphers);156157// Check supported SSLParameters of SSLContext158System.out.println("\t\tChecking SSLContext.getSupportedSSLParameters().getProtocols()");159parameters = context.getSupportedSSLParameters();160161protocols = parameters.getProtocols();162failed |= !checkProtocols(protocols, cv.supportedProtocols);163164ciphers = parameters.getCipherSuites();165failed |= !checkCipherSuites(ciphers);166167//168// Check SSLEngine169//170// Check SSLParameters of SSLEngine171System.out.println();172System.out.println("\tChecking SSLEngine of this SSLContext");173System.out.println("\t\tChecking SSLEngine.getSSLParameters()");174SSLEngine engine = context.createSSLEngine();175engine.setUseClientMode(true);176parameters = engine.getSSLParameters();177178protocols = parameters.getProtocols();179failed |= !checkProtocols(protocols, cv.enabledProtocols);180181ciphers = parameters.getCipherSuites();182failed |= !checkCipherSuites(ciphers);183184System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");185protocols = engine.getEnabledProtocols();186failed |= !checkProtocols(protocols, cv.enabledProtocols);187188System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");189ciphers = engine.getEnabledCipherSuites();190failed |= !checkCipherSuites(ciphers);191192System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");193protocols = engine.getSupportedProtocols();194failed |= !checkProtocols(protocols, cv.supportedProtocols);195196System.out.println(197"\t\tChecking SSLEngine.getSupportedCipherSuites()");198ciphers = engine.getSupportedCipherSuites();199failed |= !checkCipherSuites(ciphers);200201//202// Check SSLSocket203//204// Check SSLParameters of SSLSocket205System.out.println();206System.out.println("\tChecking SSLSocket of this SSLContext");207System.out.println("\t\tChecking SSLSocket.getSSLParameters()");208SocketFactory fac = context.getSocketFactory();209SSLSocket socket = (SSLSocket)fac.createSocket();210parameters = socket.getSSLParameters();211212protocols = parameters.getProtocols();213failed |= !checkProtocols(protocols, cv.enabledProtocols);214215ciphers = parameters.getCipherSuites();216failed |= !checkCipherSuites(ciphers);217218System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");219protocols = socket.getEnabledProtocols();220failed |= !checkProtocols(protocols, cv.enabledProtocols);221222System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");223ciphers = socket.getEnabledCipherSuites();224failed |= !checkCipherSuites(ciphers);225226System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");227protocols = socket.getSupportedProtocols();228failed |= !checkProtocols(protocols, cv.supportedProtocols);229230System.out.println(231"\t\tChecking SSLEngine.getSupportedCipherSuites()");232ciphers = socket.getSupportedCipherSuites();233failed |= !checkCipherSuites(ciphers);234235//236// Check SSLServerSocket237//238// Check SSLParameters of SSLServerSocket239System.out.println();240System.out.println("\tChecking SSLServerSocket of this SSLContext");241System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");242SSLServerSocketFactory sf = context.getServerSocketFactory();243SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();244parameters = ssocket.getSSLParameters();245246protocols = parameters.getProtocols();247failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);248249ciphers = parameters.getCipherSuites();250failed |= !checkCipherSuites(ciphers);251252System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");253protocols = ssocket.getEnabledProtocols();254failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);255256System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");257ciphers = ssocket.getEnabledCipherSuites();258failed |= !checkCipherSuites(ciphers);259260System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");261protocols = ssocket.getSupportedProtocols();262failed |= !checkProtocols(protocols, cv.supportedProtocols);263264System.out.println(265"\t\tChecking SSLEngine.getSupportedCipherSuites()");266ciphers = ssocket.getSupportedCipherSuites();267failed |= !checkCipherSuites(ciphers);268}269270if (failed) {271throw new Exception("Run into problems, see log for more details");272}273}274}275276277