1 /* |
1 /* |
2 * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. |
7 * published by the Free Software Foundation. |
83 */ |
83 */ |
84 ENABLED_NON_KRB_NOT_ANON_CIPHERS( |
84 ENABLED_NON_KRB_NOT_ANON_CIPHERS( |
85 SSLEngineTestCase.ENABLED_NON_KRB_NOT_ANON_CIPHERS, |
85 SSLEngineTestCase.ENABLED_NON_KRB_NOT_ANON_CIPHERS, |
86 "Enabled by default non kerberos not anonymous"), |
86 "Enabled by default non kerberos not anonymous"), |
87 /** |
87 /** |
|
88 * Ciphers supported by TLS 1.3 only. |
|
89 */ |
|
90 TLS13_CIPHERS( |
|
91 SSLEngineTestCase.TLS13_CIPHERS, |
|
92 "Supported by TLS 1.3 only"), |
|
93 /** |
88 * Ciphers unsupported by the tested SSLEngine. |
94 * Ciphers unsupported by the tested SSLEngine. |
89 */ |
95 */ |
90 UNSUPPORTED_CIPHERS(SSLEngineTestCase.UNSUPPORTED_CIPHERS, |
96 UNSUPPORTED_CIPHERS(SSLEngineTestCase.UNSUPPORTED_CIPHERS, |
91 "Unsupported"); |
97 "Unsupported"); |
92 |
98 |
172 private static final int DELAY = 1000; |
178 private static final int DELAY = 1000; |
173 private static final String HOST = "localhost"; |
179 private static final String HOST = "localhost"; |
174 private static final String SERVER_NAME = "service.localhost"; |
180 private static final String SERVER_NAME = "service.localhost"; |
175 private static final String SNI_PATTERN = ".*"; |
181 private static final String SNI_PATTERN = ".*"; |
176 |
182 |
|
183 private static final String[] TLS13_CIPHERS = { |
|
184 "TLS_AES_256_GCM_SHA384", |
|
185 "TLS_AES_128_GCM_SHA256" |
|
186 }; |
|
187 |
177 private static final String[] SUPPORTED_NON_KRB_CIPHERS; |
188 private static final String[] SUPPORTED_NON_KRB_CIPHERS; |
178 |
189 |
179 static { |
190 static { |
180 try { |
191 try { |
181 String[] allSupportedCiphers = getContext() |
192 String[] allSupportedCiphers = getContext() |
182 .createSSLEngine().getSupportedCipherSuites(); |
193 .createSSLEngine().getSupportedCipherSuites(); |
183 List<String> supportedCiphersList = new LinkedList<>(); |
194 List<String> supportedCiphersList = new LinkedList<>(); |
184 for (String cipher : allSupportedCiphers) { |
195 for (String cipher : allSupportedCiphers) { |
185 if (!cipher.contains("KRB5") |
196 if (!cipher.contains("KRB5") |
186 && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) { |
197 && !isTLS13Cipher(cipher) |
187 |
198 && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) { |
188 supportedCiphersList.add(cipher); |
199 supportedCiphersList.add(cipher); |
189 } |
200 } |
190 } |
201 } |
191 SUPPORTED_NON_KRB_CIPHERS = |
202 SUPPORTED_NON_KRB_CIPHERS = |
192 supportedCiphersList.toArray(new String[0]); |
203 supportedCiphersList.toArray(new String[0]); |
202 String[] allSupportedCiphers = getContext() |
213 String[] allSupportedCiphers = getContext() |
203 .createSSLEngine().getSupportedCipherSuites(); |
214 .createSSLEngine().getSupportedCipherSuites(); |
204 List<String> supportedCiphersList = new LinkedList<>(); |
215 List<String> supportedCiphersList = new LinkedList<>(); |
205 for (String cipher : allSupportedCiphers) { |
216 for (String cipher : allSupportedCiphers) { |
206 if (!cipher.contains("KRB5") |
217 if (!cipher.contains("KRB5") |
|
218 && !isTLS13Cipher(cipher) |
207 && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV") |
219 && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV") |
208 && !cipher.endsWith("_SHA256") |
220 && !cipher.endsWith("_SHA256") |
209 && !cipher.endsWith("_SHA384")) { |
221 && !cipher.endsWith("_SHA384")) { |
210 supportedCiphersList.add(cipher); |
222 supportedCiphersList.add(cipher); |
211 } |
223 } |
224 String[] allSupportedCiphers = getContext() |
236 String[] allSupportedCiphers = getContext() |
225 .createSSLEngine().getSupportedCipherSuites(); |
237 .createSSLEngine().getSupportedCipherSuites(); |
226 List<String> supportedCiphersList = new LinkedList<>(); |
238 List<String> supportedCiphersList = new LinkedList<>(); |
227 for (String cipher : allSupportedCiphers) { |
239 for (String cipher : allSupportedCiphers) { |
228 if (cipher.contains("KRB5") |
240 if (cipher.contains("KRB5") |
229 && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) { |
241 && !isTLS13Cipher(cipher) |
|
242 && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) { |
230 supportedCiphersList.add(cipher); |
243 supportedCiphersList.add(cipher); |
231 } |
244 } |
232 } |
245 } |
233 SUPPORTED_KRB_CIPHERS = supportedCiphersList.toArray(new String[0]); |
246 SUPPORTED_KRB_CIPHERS = supportedCiphersList.toArray(new String[0]); |
234 } catch (Exception ex) { |
247 } catch (Exception ex) { |
244 temporary.setUseClientMode(true); |
257 temporary.setUseClientMode(true); |
245 String[] enabledCiphers = temporary.getEnabledCipherSuites(); |
258 String[] enabledCiphers = temporary.getEnabledCipherSuites(); |
246 List<String> enabledCiphersList = new LinkedList<>(); |
259 List<String> enabledCiphersList = new LinkedList<>(); |
247 for (String cipher : enabledCiphers) { |
260 for (String cipher : enabledCiphers) { |
248 if (!cipher.contains("anon") && !cipher.contains("KRB5") |
261 if (!cipher.contains("anon") && !cipher.contains("KRB5") |
249 && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) { |
262 && !isTLS13Cipher(cipher) |
|
263 && !cipher.contains("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) { |
250 enabledCiphersList.add(cipher); |
264 enabledCiphersList.add(cipher); |
251 } |
265 } |
252 } |
266 } |
253 ENABLED_NON_KRB_NOT_ANON_CIPHERS = |
267 ENABLED_NON_KRB_NOT_ANON_CIPHERS = |
254 enabledCiphersList.toArray(new String[0]); |
268 enabledCiphersList.toArray(new String[0]); |
301 */ |
315 */ |
302 public SSLEngineTestCase() { |
316 public SSLEngineTestCase() { |
303 this.maxPacketSize = 0; |
317 this.maxPacketSize = 0; |
304 } |
318 } |
305 |
319 |
|
320 private static boolean isTLS13Cipher(String cipher) { |
|
321 for (String cipherSuite : TLS13_CIPHERS) { |
|
322 if (cipherSuite.equals(cipher)) { |
|
323 return true; |
|
324 } |
|
325 } |
|
326 |
|
327 return false; |
|
328 } |
|
329 |
306 /** |
330 /** |
307 * Wraps data with the specified engine. |
331 * Wraps data with the specified engine. |
308 * |
332 * |
309 * @param engine - SSLEngine that wraps data. |
333 * @param engine - SSLEngine that wraps data. |
310 * @param wrapper - Set wrapper id, e.g. "server" of "client". |
334 * @param wrapper - Set wrapper id, e.g. "server" of "client". |
390 SSLEngineResult r = engine.wrap(app, net); |
414 SSLEngineResult r = engine.wrap(app, net); |
391 net.flip(); |
415 net.flip(); |
392 int length = net.remaining(); |
416 int length = net.remaining(); |
393 System.out.println(wrapper + " wrapped " + length + " bytes."); |
417 System.out.println(wrapper + " wrapped " + length + " bytes."); |
394 System.out.println(wrapper + " handshake status is " |
418 System.out.println(wrapper + " handshake status is " |
395 + engine.getHandshakeStatus()); |
419 + engine.getHandshakeStatus() + " Result is " + r.getStatus()); |
396 if (maxPacketSize < length && maxPacketSize != 0) { |
420 if (maxPacketSize < length && maxPacketSize != 0) { |
397 throw new AssertionError("Handshake wrapped net buffer length " |
421 throw new AssertionError("Handshake wrapped net buffer length " |
398 + length + " exceeds maximum packet size " |
422 + length + " exceeds maximum packet size " |
399 + maxPacketSize); |
423 + maxPacketSize); |
400 } |
424 } |
478 int length = net.remaining(); |
502 int length = net.remaining(); |
479 System.out.println(unwrapper + " unwrapping " + length + " bytes..."); |
503 System.out.println(unwrapper + " unwrapping " + length + " bytes..."); |
480 SSLEngineResult r = engine.unwrap(net, app); |
504 SSLEngineResult r = engine.unwrap(net, app); |
481 app.flip(); |
505 app.flip(); |
482 System.out.println(unwrapper + " handshake status is " |
506 System.out.println(unwrapper + " handshake status is " |
483 + engine.getHandshakeStatus()); |
507 + engine.getHandshakeStatus() + " Result is " + r.getStatus()); |
484 checkResult(r, wantedStatus); |
508 checkResult(r, wantedStatus); |
485 if (result != null && result.length > 0) { |
509 if (result != null && result.length > 0) { |
486 result[0] = r; |
510 result[0] = r; |
487 } |
511 } |
488 return app; |
512 return app; |