jdk-sandbox: comparison test/jdk/sun/security/pkcs11/sslecc/CipherTest.java

equal deleted inserted replaced

-:356eaea05bf0
+:68fa3d4026ea
 /*
-* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 }
 public static class TestParameters {
-String cipherSuite;
+CipherSuite cipherSuite;
-String protocol;
+Protocol protocol;
 String clientAuth;
-TestParameters(String cipherSuite, String protocol,
+TestParameters(CipherSuite cipherSuite, Protocol protocol,
 String clientAuth) {
 this.cipherSuite = cipherSuite;
 this.protocol = protocol;
 this.clientAuth = clientAuth;
 }
 boolean isEnabled() {
-return TLSCipherStatus.isEnabled(cipherSuite, protocol);
+return cipherSuite.supportedByProtocol(protocol);
 }
 @Override
 public String toString() {
 String s = cipherSuite + " in " + protocol + " mode";
 if (clientAuth != null) {
 s += " with " + clientAuth + " client authentication";
 }
 return s;
-}
-static enum TLSCipherStatus {
-// cipher suites supported since TLS 1.2
-CS_01("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
-CS_02("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",   0x0303, 0xFFFF),
-CS_03("TLS_RSA_WITH_AES_256_CBC_SHA256",         0x0303, 0xFFFF),
-CS_04("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",  0x0303, 0xFFFF),
-CS_05("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",    0x0303, 0xFFFF),
-CS_06("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",     0x0303, 0xFFFF),
-CS_07("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",     0x0303, 0xFFFF),
-CS_08("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
-CS_09("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",   0x0303, 0xFFFF),
-CS_10("TLS_RSA_WITH_AES_128_CBC_SHA256",         0x0303, 0xFFFF),
-CS_11("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",  0x0303, 0xFFFF),
-CS_12("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",    0x0303, 0xFFFF),
-CS_13("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",     0x0303, 0xFFFF),
-CS_14("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",     0x0303, 0xFFFF),
-CS_15("TLS_DH_anon_WITH_AES_256_CBC_SHA256",     0x0303, 0xFFFF),
-CS_16("TLS_DH_anon_WITH_AES_128_CBC_SHA256",     0x0303, 0xFFFF),
-CS_17("TLS_RSA_WITH_NULL_SHA256",                0x0303, 0xFFFF),
-CS_20("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF),
-CS_21("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF),
-CS_22("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",   0x0303, 0xFFFF),
-CS_23("TLS_RSA_WITH_AES_256_GCM_SHA384",         0x0303, 0xFFFF),
-CS_24("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",  0x0303, 0xFFFF),
-CS_25("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",    0x0303, 0xFFFF),
-CS_26("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",     0x0303, 0xFFFF),
-CS_27("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",     0x0303, 0xFFFF),
-CS_28("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",   0x0303, 0xFFFF),
-CS_29("TLS_RSA_WITH_AES_128_GCM_SHA256",         0x0303, 0xFFFF),
-CS_30("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",  0x0303, 0xFFFF),
-CS_31("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",    0x0303, 0xFFFF),
-CS_32("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",     0x0303, 0xFFFF),
-CS_33("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",     0x0303, 0xFFFF),
-CS_34("TLS_DH_anon_WITH_AES_256_GCM_SHA384",     0x0303, 0xFFFF),
-CS_35("TLS_DH_anon_WITH_AES_128_GCM_SHA256",     0x0303, 0xFFFF),
-// cipher suites obsoleted since TLS 1.2
-CS_50("SSL_RSA_WITH_DES_CBC_SHA",                0x0000, 0x0303),
-CS_51("SSL_DHE_RSA_WITH_DES_CBC_SHA",            0x0000, 0x0303),
-CS_52("SSL_DHE_DSS_WITH_DES_CBC_SHA",            0x0000, 0x0303),
-CS_53("SSL_DH_anon_WITH_DES_CBC_SHA",            0x0000, 0x0303),
-CS_54("TLS_KRB5_WITH_DES_CBC_SHA",               0x0000, 0x0303),
-CS_55("TLS_KRB5_WITH_DES_CBC_MD5",               0x0000, 0x0303),
-// cipher suites obsoleted since TLS 1.1
-CS_60("SSL_RSA_EXPORT_WITH_RC4_40_MD5",          0x0000, 0x0302),
-CS_61("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",      0x0000, 0x0302),
-CS_62("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",       0x0000, 0x0302),
-CS_63("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",   0x0000, 0x0302),
-CS_64("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",   0x0000, 0x0302),
-CS_65("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",   0x0000, 0x0302),
-CS_66("TLS_KRB5_EXPORT_WITH_RC4_40_SHA",         0x0000, 0x0302),
-CS_67("TLS_KRB5_EXPORT_WITH_RC4_40_MD5",         0x0000, 0x0302),
-CS_68("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",     0x0000, 0x0302),
-CS_69("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",     0x0000, 0x0302),
-// ignore TLS_EMPTY_RENEGOTIATION_INFO_SCSV always
-CS_99("TLS_EMPTY_RENEGOTIATION_INFO_SCSV",       0xFFFF, 0x0000);
-// the cipher suite name
-final String cipherSuite;
-// supported since protocol version
-final int supportedSince;
-// obsoleted since protocol version
-final int obsoletedSince;
-TLSCipherStatus(String cipherSuite,
-int supportedSince, int obsoletedSince) {
-this.cipherSuite = cipherSuite;
-this.supportedSince = supportedSince;
-this.obsoletedSince = obsoletedSince;
-}
-static boolean isEnabled(String cipherSuite, String protocol) {
-int versionNumber = toVersionNumber(protocol);
-if (versionNumber < 0) {
-return true;  // unlikely to happen
-}
-for (TLSCipherStatus status : TLSCipherStatus.values()) {
-if (cipherSuite.equals(status.cipherSuite)) {
-if ((versionNumber < status.supportedSince) ||
-(versionNumber >= status.obsoletedSince)) {
-return false;
-}
-return true;
-}
-}
-return true;
-}
-private static int toVersionNumber(String protocol) {
-int versionNumber = -1;
-switch (protocol) {
-case "SSLv2Hello":
-versionNumber = 0x0002;
-break;
-case "SSLv3":
-versionNumber = 0x0300;
-break;
-case "TLSv1":
-versionNumber = 0x0301;
-break;
-case "TLSv1.1":
-versionNumber = 0x0302;
-break;
-case "TLSv1.2":
-versionNumber = 0x0303;
-break;
-default:
-// unlikely to happen
-}
-return versionNumber;
-}
 }
 }
 private List<TestParameters> tests;
 private Iterator<TestParameters> testIterator;
 continue;
 }
 for (int k = 0; k < clientAuths.length; k++) {
 String clientAuth = clientAuths[k];
-if ((clientAuth != null) &&
+// no client with anonymous cipher suites.
-(cipherSuite.indexOf("DH_anon") != -1)) {
+// TLS_EMPTY_RENEGOTIATION_INFO_SCSV always be skipped.
-// no client with anonymous ciphersuites
+// TLS 1.3 is skipped due to the signature algorithm,
+// exactly MD5withRSA, in the certificates is not allowed.
+if ((clientAuth != null && cipherSuite.contains("DH_anon")
+|| cipherSuite.equals(
+CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV.name())
+|| "TLSv1.3".equals(protocol))) {
 continue;
 }
-tests.add(new TestParameters(cipherSuite, protocol,
+tests.add(new TestParameters(
-clientAuth));
+CipherSuite.cipherSuite(cipherSuite),
+Protocol.protocol(protocol),
+clientAuth));
 }
 }
 }
 testIterator = tests.iterator();

changeset 50768	68fa3d4026ea
parent 47216	71c04702a3d5