1
/*
2
 * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
//
25
// SunJSSE does not support dynamic system properties, no way to re-use
26
// system properties in samevm/agentvm mode.
27
//
28

29
/*
30
 * @test
31
 * @bug 8202343
32
 * @summary Check that SSLv3, TLSv1 and TLSv1.1 are disabled by default
33
 * @run main/othervm SSLContextDefault
34
 */
35

36
import java.util.List;
37
import javax.net.ssl.*;
38

39
public class SSLContextDefault {
40

41
    private final static String[] protocols = {
42
        "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"
43
    };
44

45
    private final static List<String> disabledProtocols = List.<String>of(
46
        "SSLv3", "TLSv1", "TLSv1.1"
47
    );
48

49
    public static void main(String[] args) throws Exception {
50
        for (String protocol : protocols) {
51
            System.out.println("//");
52
            System.out.println("// " + "Testing for SSLContext of " +
53
                    (protocol.isEmpty() ? "<default>" : protocol));
54
            System.out.println("//");
55
            checkForProtocols(protocol);
56
            System.out.println();
57
        }
58
    }
59

60
    public static void checkForProtocols(String protocol) throws Exception {
61
        SSLContext context;
62
        if (protocol.isEmpty()) {
63
            context = SSLContext.getDefault();
64
        } else {
65
            context = SSLContext.getInstance(protocol);
66
            context.init(null, null, null);
67
        }
68

69
        // check for the presence of supported protocols of SSLContext
70
        SSLParameters parameters = context.getSupportedSSLParameters();
71
        checkProtocols(parameters.getProtocols(),
72
                "Supported protocols in SSLContext", false);
73

74

75
        // check for the presence of default protocols of SSLContext
76
        parameters = context.getDefaultSSLParameters();
77
        checkProtocols(parameters.getProtocols(),
78
                "Enabled protocols in SSLContext", true);
79

80
        // check for the presence of supported protocols of SSLEngine
81
        SSLEngine engine = context.createSSLEngine();
82
        checkProtocols(engine.getSupportedProtocols(),
83
                "Supported protocols in SSLEngine", false);
84

85
        // Check for the presence of default protocols of SSLEngine
86
        checkProtocols(engine.getEnabledProtocols(),
87
                "Enabled protocols in SSLEngine", true);
88

89
        SSLSocketFactory factory = context.getSocketFactory();
90
        try (SSLSocket socket = (SSLSocket)factory.createSocket()) {
91
            // check for the presence of supported protocols of SSLSocket
92
            checkProtocols(socket.getSupportedProtocols(),
93
                "Supported cipher suites in SSLSocket", false);
94

95
            // Check for the presence of default protocols of SSLSocket
96
            checkProtocols(socket.getEnabledProtocols(),
97
                "Enabled protocols in SSLSocket", true);
98
        }
99

100
        SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
101
        try (SSLServerSocket serverSocket =
102
                (SSLServerSocket)serverFactory.createServerSocket()) {
103
            // check for the presence of supported protocols of SSLServerSocket
104
            checkProtocols(serverSocket.getSupportedProtocols(),
105
                "Supported cipher suites in SSLServerSocket", false);
106

107
            // Check for the presence of default protocols of SSLServerSocket
108
            checkProtocols(serverSocket.getEnabledProtocols(),
109
                "Enabled protocols in SSLServerSocket", true);
110
        }
111
    }
112

113
    private static void checkProtocols(String[] protocols,
114
            String title, boolean disabled) throws Exception {
115
        showProtocols(protocols, title);
116

117
        if (disabled) {
118
            for (String protocol : protocols ) {
119
                if (disabledProtocols.contains(protocol)) {
120
                    throw new Exception(protocol +
121
                                        " should not be enabled by default");
122
                }
123
            }
124
        } else {
125
            for (String disabledProtocol : disabledProtocols) {
126
                if (!List.of(protocols).contains(disabledProtocol)) {
127
                    throw new Exception(disabledProtocol +
128
                                        " should be supported by default");
129
                }
130
            }
131
        }
132
    }
133

134
    private static void showProtocols(String[] protocols, String title) {
135
        System.out.println(title + "[" + protocols.length + "]:");
136
        for (String protocol : protocols) {
137
            System.out.println("  " + protocol);
138
        }
139
    }
140
}
141

142