Path: blob/master/test/jdk/sun/security/ssl/SSLContextImpl/NoOldVersionContext.java
41152 views
/*1* Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223// SunJSSE does not support dynamic system properties, no way to re-use24// system properties in samevm/agentvm mode.2526/*27* @test28* @bug 7093640 819049229* @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE30* @run main/othervm -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"31* NoOldVersionContext32*/3334import java.security.Security;35import java.util.Arrays;36import java.util.HashSet;37import java.util.Set;3839import javax.net.SocketFactory;40import javax.net.ssl.KeyManager;41import javax.net.ssl.SSLContext;42import javax.net.ssl.SSLEngine;43import javax.net.ssl.SSLParameters;44import javax.net.ssl.SSLServerSocket;45import javax.net.ssl.SSLServerSocketFactory;46import javax.net.ssl.SSLSocket;47import javax.net.ssl.TrustManager;4849public class NoOldVersionContext {50static enum ContextVersion {51TLS_CV_01("SSL",52new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),53TLS_CV_02("TLS",54new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),55TLS_CV_03("SSLv3",56new String[] {"TLSv1"}),57TLS_CV_04("TLSv1",58new String[] {"TLSv1"}),59TLS_CV_05("TLSv1.1",60new String[] {"TLSv1", "TLSv1.1"}),61TLS_CV_06("TLSv1.2",62new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}),63TLS_CV_07("TLSv1.3",64new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),65TLS_CV_08("Default",66new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"});6768final String contextVersion;69final String[] enabledProtocols;70final static String[] supportedProtocols = new String[] {71"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};72final static String[] serverDefaultProtocols = new String[] {73"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};7475ContextVersion(String contextVersion, String[] enabledProtocols) {76this.contextVersion = contextVersion;77this.enabledProtocols = enabledProtocols;78}79}8081private static boolean checkProtocols(String[] target, String[] expected) {82boolean success = true;83if (target.length == 0) {84System.out.println("\t\t\t*** Error: No protocols");85success = false;86}8788if (!protocolEquals(target, expected)) {89System.out.println("\t\t\t*** Error: Expected to get protocols " +90Arrays.toString(expected));91System.out.println("\t\t\t*** Error: The actual protocols " +92Arrays.toString(target));93success = false;94}9596return success;97}9899private static boolean protocolEquals(100String[] actualProtocols,101String[] expectedProtocols) {102if (actualProtocols.length != expectedProtocols.length) {103return false;104}105106Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));107for (String actual : actualProtocols) {108if (set.add(actual)) {109return false;110}111}112113System.out.println("\t\t\t--> Protocol check passed!!");114return true;115}116117private static boolean checkCipherSuites(String[] target) {118boolean success = true;119if (target.length == 0) {120System.out.println("\t\t\t*** Error: No cipher suites");121success = false;122}123124System.out.println("\t\t\t--> Cipher check passed!!");125return success;126}127128public static void main(String[] args) throws Exception {129// reset the security property to make sure that the algorithms130// and keys used in this test are not disabled.131Security.setProperty("jdk.tls.disabledAlgorithms", "");132133boolean failed = false;134for (ContextVersion cv : ContextVersion.values()) {135System.out.println("\n\nChecking SSLContext of " + cv.contextVersion);136System.out.println("============================");137SSLContext context = SSLContext.getInstance(cv.contextVersion);138139// Default SSLContext is initialized automatically.140if (!cv.contextVersion.equals("Default")) {141// Use default TK, KM and random.142context.init((KeyManager[])null, (TrustManager[])null, null);143}144145//146// Check SSLContext147//148// Check default SSLParameters of SSLContext149System.out.println("\tChecking default SSLParameters");150System.out.println("\t\tChecking SSLContext.getDefaultSSLParameters().getProtocols");151SSLParameters parameters = context.getDefaultSSLParameters();152153String[] protocols = parameters.getProtocols();154failed |= !checkProtocols(protocols, cv.enabledProtocols);155156String[] ciphers = parameters.getCipherSuites();157failed |= !checkCipherSuites(ciphers);158159// Check supported SSLParameters of SSLContext160System.out.println("\t\tChecking SSLContext.getSupportedSSLParameters().getProtocols()");161parameters = context.getSupportedSSLParameters();162163protocols = parameters.getProtocols();164failed |= !checkProtocols(protocols, cv.supportedProtocols);165166ciphers = parameters.getCipherSuites();167failed |= !checkCipherSuites(ciphers);168169//170// Check SSLEngine171//172// Check SSLParameters of SSLEngine173System.out.println();174System.out.println("\tChecking SSLEngine of this SSLContext - client mode");175System.out.println("\t\tChecking SSLEngine.getSSLParameters()");176SSLEngine engine = context.createSSLEngine();177engine.setUseClientMode(true);178parameters = engine.getSSLParameters();179180protocols = parameters.getProtocols();181failed |= !checkProtocols(protocols, cv.enabledProtocols);182183ciphers = parameters.getCipherSuites();184failed |= !checkCipherSuites(ciphers);185186System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");187protocols = engine.getEnabledProtocols();188failed |= !checkProtocols(protocols, cv.enabledProtocols);189190System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");191ciphers = engine.getEnabledCipherSuites();192failed |= !checkCipherSuites(ciphers);193194System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");195protocols = engine.getSupportedProtocols();196failed |= !checkProtocols(protocols, cv.supportedProtocols);197198System.out.println(199"\t\tChecking SSLEngine.getSupportedCipherSuites()");200ciphers = engine.getSupportedCipherSuites();201failed |= !checkCipherSuites(ciphers);202203//204// Check SSLSocket205//206// Check SSLParameters of SSLSocket207System.out.println();208System.out.println("\tChecking SSLSocket of this SSLContext");209System.out.println("\t\tChecking SSLSocket.getSSLParameters()");210SocketFactory fac = context.getSocketFactory();211SSLSocket socket = (SSLSocket)fac.createSocket();212parameters = socket.getSSLParameters();213214protocols = parameters.getProtocols();215failed |= !checkProtocols(protocols, cv.enabledProtocols);216217ciphers = parameters.getCipherSuites();218failed |= !checkCipherSuites(ciphers);219220System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");221protocols = socket.getEnabledProtocols();222failed |= !checkProtocols(protocols, cv.enabledProtocols);223224System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");225ciphers = socket.getEnabledCipherSuites();226failed |= !checkCipherSuites(ciphers);227228System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");229protocols = socket.getSupportedProtocols();230failed |= !checkProtocols(protocols, cv.supportedProtocols);231232System.out.println(233"\t\tChecking SSLEngine.getSupportedCipherSuites()");234ciphers = socket.getSupportedCipherSuites();235failed |= !checkCipherSuites(ciphers);236237//238// Check SSLServerSocket239//240// Check SSLParameters of SSLServerSocket241System.out.println();242System.out.println("\tChecking SSLServerSocket of this SSLContext");243System.out.println("\t\tChecking SSLServerSocket.getSSLParameters()");244SSLServerSocketFactory sf = context.getServerSocketFactory();245SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();246parameters = ssocket.getSSLParameters();247248protocols = parameters.getProtocols();249failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);250251ciphers = parameters.getCipherSuites();252failed |= !checkCipherSuites(ciphers);253254System.out.println("\t\tChecking SSLEngine.getEnabledProtocols()");255protocols = ssocket.getEnabledProtocols();256failed |= !checkProtocols(protocols, cv.serverDefaultProtocols);257258System.out.println("\t\tChecking SSLEngine.getEnabledCipherSuites()");259ciphers = ssocket.getEnabledCipherSuites();260failed |= !checkCipherSuites(ciphers);261262System.out.println("\t\tChecking SSLEngine.getSupportedProtocols()");263protocols = ssocket.getSupportedProtocols();264failed |= !checkProtocols(protocols, cv.supportedProtocols);265266System.out.println(267"\t\tChecking SSLEngine.getSupportedCipherSuites()");268ciphers = ssocket.getSupportedCipherSuites();269failed |= !checkCipherSuites(ciphers);270}271272if (failed) {273throw new Exception("Run into problems, see log for more details");274}275}276}277278279