jdk-sandbox: comparison test/jdk/javax/net/ssl/sanity/interop/CipherTest.java

equal deleted inserted replaced

-:92cbbfc996f3
+:56aaa6cb3693
 /*
-* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
 import java.io.*;
 import java.net.*;
 import java.util.*;
 import java.util.concurrent.*;
 import java.security.*;
 import java.security.cert.*;
-import java.security.cert.Certificate;
 import javax.net.ssl.*;
 /**
 * Test that all ciphersuites work in all versions and all client
 }
 public static class TestParameters {
-String cipherSuite;
+CipherSuite cipherSuite;
-String protocol;
+Protocol protocol;
 String clientAuth;
-TestParameters(String cipherSuite, String protocol,
+TestParameters(CipherSuite cipherSuite, Protocol protocol,
 String clientAuth) {
 this.cipherSuite = cipherSuite;
 this.protocol = protocol;
 this.clientAuth = clientAuth;
 }
 boolean isEnabled() {
-return TLSCipherStatus.isEnabled(cipherSuite, protocol);
+return cipherSuite.supportedByProtocol(protocol);
 }
 public String toString() {
 String s = cipherSuite + " in " + protocol + " mode";
 if (clientAuth != null) {
 s += " with " + clientAuth + " client authentication";
 }
 return s;
-}
-static enum TLSCipherStatus {
-// cipher suites supported since TLS 1.2
-CS_01("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
-CS_02("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",   0x0303, 0xFFFF),
-CS_03("TLS_RSA_WITH_AES_256_CBC_SHA256",         0x0303, 0xFFFF),
-CS_04("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",  0x0303, 0xFFFF),
-CS_05("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",    0x0303, 0xFFFF),
-CS_06("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",     0x0303, 0xFFFF),
-CS_07("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",     0x0303, 0xFFFF),
-CS_08("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
-CS_09("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",   0x0303, 0xFFFF),
-CS_10("TLS_RSA_WITH_AES_128_CBC_SHA256",         0x0303, 0xFFFF),
-CS_11("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",  0x0303, 0xFFFF),
-CS_12("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",    0x0303, 0xFFFF),
-CS_13("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",     0x0303, 0xFFFF),
-CS_14("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",     0x0303, 0xFFFF),
-CS_15("TLS_DH_anon_WITH_AES_256_CBC_SHA256",     0x0303, 0xFFFF),
-CS_16("TLS_DH_anon_WITH_AES_128_CBC_SHA256",     0x0303, 0xFFFF),
-CS_17("TLS_RSA_WITH_NULL_SHA256",                0x0303, 0xFFFF),
-CS_20("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF),
-CS_21("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF),
-CS_22("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",   0x0303, 0xFFFF),
-CS_23("TLS_RSA_WITH_AES_256_GCM_SHA384",         0x0303, 0xFFFF),
-CS_24("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",  0x0303, 0xFFFF),
-CS_25("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",    0x0303, 0xFFFF),
-CS_26("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",     0x0303, 0xFFFF),
-CS_27("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",     0x0303, 0xFFFF),
-CS_28("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",   0x0303, 0xFFFF),
-CS_29("TLS_RSA_WITH_AES_128_GCM_SHA256",         0x0303, 0xFFFF),
-CS_30("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",  0x0303, 0xFFFF),
-CS_31("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",    0x0303, 0xFFFF),
-CS_32("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",     0x0303, 0xFFFF),
-CS_33("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",     0x0303, 0xFFFF),
-CS_34("TLS_DH_anon_WITH_AES_256_GCM_SHA384",     0x0303, 0xFFFF),
-CS_35("TLS_DH_anon_WITH_AES_128_GCM_SHA256",     0x0303, 0xFFFF),
-// cipher suites obsoleted since TLS 1.2
-CS_50("SSL_RSA_WITH_DES_CBC_SHA",                0x0000, 0x0303),
-CS_51("SSL_DHE_RSA_WITH_DES_CBC_SHA",            0x0000, 0x0303),
-CS_52("SSL_DHE_DSS_WITH_DES_CBC_SHA",            0x0000, 0x0303),
-CS_53("SSL_DH_anon_WITH_DES_CBC_SHA",            0x0000, 0x0303),
-CS_54("TLS_KRB5_WITH_DES_CBC_SHA",               0x0000, 0x0303),
-CS_55("TLS_KRB5_WITH_DES_CBC_MD5",               0x0000, 0x0303),
-// cipher suites obsoleted since TLS 1.1
-CS_60("SSL_RSA_EXPORT_WITH_RC4_40_MD5",          0x0000, 0x0302),
-CS_61("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",      0x0000, 0x0302),
-CS_62("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",       0x0000, 0x0302),
-CS_63("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",   0x0000, 0x0302),
-CS_64("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",   0x0000, 0x0302),
-CS_65("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",   0x0000, 0x0302),
-CS_66("TLS_KRB5_EXPORT_WITH_RC4_40_SHA",         0x0000, 0x0302),
-CS_67("TLS_KRB5_EXPORT_WITH_RC4_40_MD5",         0x0000, 0x0302),
-CS_68("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",     0x0000, 0x0302),
-CS_69("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",     0x0000, 0x0302),
-// ignore TLS_EMPTY_RENEGOTIATION_INFO_SCSV always
-CS_99("TLS_EMPTY_RENEGOTIATION_INFO_SCSV",       0xFFFF, 0x0000);
-// the cipher suite name
-final String cipherSuite;
-// supported since protocol version
-final int supportedSince;
-// obsoleted since protocol version
-final int obsoletedSince;
-TLSCipherStatus(String cipherSuite,
-int supportedSince, int obsoletedSince) {
-this.cipherSuite = cipherSuite;
-this.supportedSince = supportedSince;
-this.obsoletedSince = obsoletedSince;
-}
-static boolean isEnabled(String cipherSuite, String protocol) {
-int versionNumber = toVersionNumber(protocol);
-if (versionNumber < 0) {
-return true;  // unlikely to happen
-}
-for (TLSCipherStatus status : TLSCipherStatus.values()) {
-if (cipherSuite.equals(status.cipherSuite)) {
-if ((versionNumber < status.supportedSince) ||
-(versionNumber >= status.obsoletedSince)) {
-return false;
-}
-return true;
-}
-}
-return true;
-}
-private static int toVersionNumber(String protocol) {
-int versionNumber = -1;
-switch (protocol) {
-case "SSLv2Hello":
-versionNumber = 0x0002;
-break;
-case "SSLv3":
-versionNumber = 0x0300;
-break;
-case "TLSv1":
-versionNumber = 0x0301;
-break;
-case "TLSv1.1":
-versionNumber = 0x0302;
-break;
-case "TLSv1.2":
-versionNumber = 0x0303;
-break;
-default:
-// unlikely to happen
-}
-return versionNumber;
-}
 }
 }
 private List<TestParameters> tests;
 private Iterator<TestParameters> testIterator;
 String[] cipherSuites = socket.getSupportedCipherSuites();
 String[] protocols = socket.getSupportedProtocols();
 String[] clientAuths = {null, "RSA", "DSA"};
 tests = new ArrayList<TestParameters>(
 cipherSuites.length * protocols.length * clientAuths.length);
-for (int i = 0; i < cipherSuites.length; i++) {
+for (int j = 0; j < protocols.length; j++) {
-String cipherSuite = cipherSuites[i];
+String protocol = protocols[j];
+if (protocol.equals(Protocol.SSLV2HELLO.name)) {
-for (int j = 0; j < protocols.length; j++) {
+System.out.println("Skipping SSLv2Hello protocol");
-String protocol = protocols[j];
+continue;
+}
+for (int i = 0; i < cipherSuites.length; i++) {
+String cipherSuite = cipherSuites[i];
+// skip kerberos cipher suites and TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+if (cipherSuite.startsWith("TLS_KRB5") || cipherSuite.equals(
+CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV.name())) {
+System.out.println("Skipping unsupported test for " +
+cipherSuite + " of " + protocol);
+continue;
+}
 if (!peerFactory.isSupported(cipherSuite, protocol)) {
 continue;
 }
 for (int k = 0; k < clientAuths.length; k++) {
 String clientAuth = clientAuths[k];
-if ((clientAuth != null) &&
+// no client with anonymous cipher suites;
-(cipherSuite.indexOf("DH_anon") != -1)) {
+// TLS 1.3 doesn't support DSA
-// no client with anonymous ciphersuites
+if ((clientAuth != null && cipherSuite.contains("DH_anon"))
+|| ("DSA".equals(clientAuth) && "TLSv1.3".equals(protocol))) {
 continue;
 }
-tests.add(new TestParameters(cipherSuite, protocol,
+tests.add(new TestParameters(
-clientAuth));
+CipherSuite.cipherSuite(cipherSuite),
+Protocol.protocol(protocol),
+clientAuth));
 }
 }
 }
 testIterator = tests.iterator();
 }
 TestParameters params = cipherTest.getTest();
 if (params == null) {
 // no more tests
 break;
 }
-if (params.isEnabled() == false) {
+if (!params.isEnabled()) {
 System.out.println("Skipping disabled test " + params);
 continue;
 }
 try {
 runTest(params);
 } else {
 relPath = pathToStores;
 }
 PATH = new File(System.getProperty("test.src", "."), relPath);
 CipherTest.peerFactory = peerFactory;
-System.out.print(
+System.out.println(
 "Initializing test '" + peerFactory.getName() + "'...");
 secureRandom = new SecureRandom();
 secureRandom.nextInt();
 trustStore = readKeyStore(trustStoreFile);
 keyStore = readKeyStore(keyStoreFile);
 abstract Client newClient(CipherTest cipherTest) throws Exception;
 abstract Server newServer(CipherTest cipherTest) throws Exception;
 boolean isSupported(String cipherSuite, String protocol) {
-// skip kerberos cipher suites
-if (cipherSuite.startsWith("TLS_KRB5")) {
-System.out.println("Skipping unsupported test for " +
-cipherSuite + " of " + protocol);
-return false;
-}
-// skip SSLv2Hello protocol
-if (protocol.equals("SSLv2Hello")) {
-System.out.println("Skipping unsupported test for " +
-cipherSuite + " of " + protocol);
-return false;
-}
 // ignore exportable cipher suite for TLSv1.1
-if (protocol.equals("TLSv1.1")) {
+if (protocol.equals("TLSv1.1")
-if (cipherSuite.indexOf("_EXPORT_WITH") != -1) {
+&& (cipherSuite.indexOf("_EXPORT_WITH") != -1)) {
 System.out.println("Skipping obsoleted test for " +
 cipherSuite + " of " + protocol);
 return false;
-}
 }
 // ignore obsoleted cipher suite for the specified protocol
 // TODO

branch	JDK-8145252-TLS13-branch
changeset 56542	56aaa6cb3693
parent 47216	71c04702a3d5