# HG changeset patch # User ascarpino # Date 1527277425 25200 # Node ID f8f7e604e1f855e643b75b28b8705a27693b2479 # Parent 4933c5e1ed638d996d44d272c751737a7082ce41 added jdk.tls.server.protocols diff -r 4933c5e1ed63 -r f8f7e604e1f8 src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java --- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Fri May 25 12:24:17 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Fri May 25 12:43:45 2018 -0700 @@ -274,7 +274,7 @@ } // Get supported protocols. - abstract List getSuportedProtocolVersions(); + abstract List getSupportedProtocolVersions(); // Get default protocols for server mode. abstract List getServerDefaultProtocolVersions(); @@ -481,7 +481,7 @@ List availableProtocols = Collections.emptyList(); - if (protocolCandidates != null && protocolCandidates.length != 0) { + if (protocolCandidates != null && protocolCandidates.length != 0) { availableProtocols = new ArrayList<>(protocolCandidates.length); for (ProtocolVersion p : protocolCandidates) { if (p.isAvailable) { @@ -582,7 +582,7 @@ } @Override - List getSuportedProtocolVersions() { + List getSupportedProtocolVersions() { return supportedProtocols; } @@ -615,6 +615,26 @@ boolean isDTLS() { return false; } + + static ProtocolVersion[] getSupportedProtocols() { + if (SunJSSE.isFIPS()) { + return new ProtocolVersion[] { + ProtocolVersion.TLS13, + ProtocolVersion.TLS12, + ProtocolVersion.TLS11, + ProtocolVersion.TLS10 + }; + } else { + return new ProtocolVersion[]{ + ProtocolVersion.TLS13, + ProtocolVersion.TLS12, + ProtocolVersion.TLS11, + ProtocolVersion.TLS10, + ProtocolVersion.SSL30, + ProtocolVersion.SSL20Hello + }; + } + } } /* @@ -788,10 +808,15 @@ * @see SSLContext */ private static class CustomizedSSLProtocols { - private static final String PROPERTY_NAME = "jdk.tls.client.protocols"; + private static final String JDK_TLS_CLIENT_PROTOCOLS = + "jdk.tls.client.protocols"; + private static final String JDK_TLS_SERVER_PROTOCOLS = + "jdk.tls.server.protocols"; static IllegalArgumentException reservedException = null; - static final ArrayList - customizedProtocols = new ArrayList<>(); + static final ArrayList customizedClientProtocols = + new ArrayList<>(); + static final ArrayList customizedServerProtocols = + new ArrayList<>(); // Don't want a java.lang.LinkageError for illegal system property. // @@ -800,9 +825,18 @@ // the provider service. Instead, please handle the initialization // exception in the caller's constructor. static { - String property = GetPropertyAction - .privilegedGetProperty(PROPERTY_NAME); - if (property != null && property.length() != 0) { + populate(JDK_TLS_CLIENT_PROTOCOLS, customizedClientProtocols); + populate(JDK_TLS_SERVER_PROTOCOLS, customizedServerProtocols); + } + + private static void populate(String propname, + ArrayList arrayList) { + String property = GetPropertyAction.privilegedGetProperty(propname); + if (property == null) { + return; + } + + if (property.length() != 0) { // remove double quote marks from beginning/end of the property if (property.length() > 1 && property.charAt(0) == '"' && property.charAt(property.length() - 1) == '"') { @@ -810,7 +844,7 @@ } } - if (property != null && property.length() != 0) { + if (property.length() != 0) { String[] protocols = property.split(","); for (int i = 0; i < protocols.length; i++) { protocols[i] = protocols[i].trim(); @@ -819,7 +853,7 @@ ProtocolVersion.nameOf(protocols[i]); if (pv == null) { reservedException = new IllegalArgumentException( - PROPERTY_NAME + ": " + protocols[i] + + propname + ": " + protocols[i] + " is not a supported SSL protocol name"); } @@ -827,15 +861,15 @@ ((pv == ProtocolVersion.SSL30) || (pv == ProtocolVersion.SSL20Hello))) { reservedException = new IllegalArgumentException( - PROPERTY_NAME + ": " + pv + + propname + ": " + pv + " is not FIPS compliant"); break; } // ignore duplicated protocols - if (!customizedProtocols.contains(pv)) { - customizedProtocols.add(pv); + if (!arrayList.contains(pv)) { + arrayList.add(pv); } } } @@ -850,7 +884,9 @@ private static class CustomizedTLSContext extends AbstractTLSContext { private static final List clientDefaultProtocols; + private static final List serverDefaultProtocols; private static final List clientDefaultCipherSuites; + private static final List serverDefaultCipherSuites; private static final IllegalArgumentException reservedException; // Don't want a java.lang.LinkageError for illegal system property. @@ -862,50 +898,70 @@ static { reservedException = CustomizedSSLProtocols.reservedException; if (reservedException == null) { - ArrayList - customizedTLSProtocols = new ArrayList<>(); - for (ProtocolVersion protocol : - CustomizedSSLProtocols.customizedProtocols) { - if (!protocol.isDTLS) { - customizedTLSProtocols.add(protocol); - } - } + clientDefaultProtocols = customizedProtocols(true, + CustomizedSSLProtocols.customizedClientProtocols); + serverDefaultProtocols = customizedProtocols(false, + CustomizedSSLProtocols.customizedServerProtocols); - // candidates for available protocols - ProtocolVersion[] candidates; - if (customizedTLSProtocols.isEmpty()) { - // Use the default enabled client protocols if no - // customized TLS protocols. - if (SunJSSE.isFIPS()) { - candidates = new ProtocolVersion[] { - ProtocolVersion.TLS13, - ProtocolVersion.TLS12, - ProtocolVersion.TLS11, - ProtocolVersion.TLS10 - }; - } else { - candidates = new ProtocolVersion[] { - ProtocolVersion.TLS13, - ProtocolVersion.TLS12, - ProtocolVersion.TLS11, - ProtocolVersion.TLS10, - ProtocolVersion.SSL30 - }; - } - } else { - // Use the customized TLS protocols. - candidates = - new ProtocolVersion[customizedTLSProtocols.size()]; - candidates = customizedTLSProtocols.toArray(candidates); - } - - clientDefaultProtocols = getAvailableProtocols(candidates); clientDefaultCipherSuites = getApplicableEnabledCipherSuites( clientDefaultProtocols, true); + serverDefaultCipherSuites = + getApplicableEnabledCipherSuites( + serverDefaultProtocols, false); + } else { - clientDefaultProtocols = null; // unlikely to be used - clientDefaultCipherSuites = null; // unlikely to be used + // unlikely to be used + clientDefaultProtocols = null; + serverDefaultProtocols = null; + clientDefaultCipherSuites = null; + serverDefaultCipherSuites = null; + } + } + + private static List customizedProtocols( + boolean client, List customized) { + List refactored = new ArrayList<>(); + for (ProtocolVersion pv : customized) { + if (!pv.isDTLS) { + refactored.add(pv); + } + } + + // Use the default enabled protocols if no customization + ProtocolVersion[] candidates; + if (refactored.isEmpty()) { + if (client) { + candidates = getProtocols(); + } else { + candidates = getSupportedProtocols(); + } + } else { + // Use the customized TLS protocols. + candidates = new ProtocolVersion[refactored.size()]; + candidates = refactored.toArray(candidates); + } + System.out.println(refactored.toString()); + + return getAvailableProtocols(candidates); + } + + static ProtocolVersion[] getProtocols() { + if (SunJSSE.isFIPS()) { + return new ProtocolVersion[]{ + ProtocolVersion.TLS13, + ProtocolVersion.TLS12, + ProtocolVersion.TLS11, + ProtocolVersion.TLS10 + }; + } else { + return new ProtocolVersion[]{ + ProtocolVersion.TLS13, + ProtocolVersion.TLS12, + ProtocolVersion.TLS11, + ProtocolVersion.TLS10, + ProtocolVersion.SSL30 + }; } } @@ -921,9 +977,21 @@ } @Override + List getServerDefaultProtocolVersions() { + return serverDefaultProtocols; + } + + @Override List getClientDefaultCipherSuites() { return clientDefaultCipherSuites; } + + @Override + List getServerDefaultCipherSuites() { + return serverDefaultCipherSuites; + } + + } /* @@ -1194,7 +1262,7 @@ } @Override - List getSuportedProtocolVersions() { + List getSupportedProtocolVersions() { return supportedProtocols; } @@ -1299,7 +1367,9 @@ */ private static class CustomizedDTLSContext extends AbstractDTLSContext { private static final List clientDefaultProtocols; + private static final List serverDefaultProtocols; private static final List clientDefaultCipherSuites; + private static final List serverDefaultCipherSuites; private static IllegalArgumentException reservedException = null; @@ -1312,42 +1382,53 @@ static { reservedException = CustomizedSSLProtocols.reservedException; if (reservedException == null) { - ArrayList - customizedDTLSProtocols = new ArrayList<>(); - for (ProtocolVersion protocol : - CustomizedSSLProtocols.customizedProtocols) { - if (protocol.isDTLS) { - customizedDTLSProtocols.add(protocol); - } - } + clientDefaultProtocols = customizedProtocols(true, + CustomizedSSLProtocols.customizedClientProtocols); + serverDefaultProtocols = customizedProtocols(false, + CustomizedSSLProtocols.customizedServerProtocols); - // candidates for available protocols - ProtocolVersion[] candidates; - if (customizedDTLSProtocols.isEmpty()) { - // Use the default enabled client protocols if no - // customized TLS protocols. - // - // Both DTLSv1.0 and DTLSv1.2 can be used in FIPS mode. - candidates = new ProtocolVersion[] { - ProtocolVersion.DTLS12, - ProtocolVersion.DTLS10 - }; - - } else { - // Use the customized TLS protocols. - candidates = - new ProtocolVersion[customizedDTLSProtocols.size()]; - candidates = customizedDTLSProtocols.toArray(candidates); - } - - clientDefaultProtocols = getAvailableProtocols(candidates); clientDefaultCipherSuites = getApplicableEnabledCipherSuites( clientDefaultProtocols, true); + serverDefaultCipherSuites = + getApplicableEnabledCipherSuites( + serverDefaultProtocols, false); + } else { - clientDefaultProtocols = null; // unlikely to be used - clientDefaultCipherSuites = null; // unlikely to be used + // unlikely to be used + clientDefaultProtocols = null; + serverDefaultProtocols = null; + clientDefaultCipherSuites = null; + serverDefaultCipherSuites = null; + } + } + + private static List customizedProtocols(boolean client, + List customized) { + List refactored = new ArrayList<>(); + for (ProtocolVersion pv : customized) { + if (pv.isDTLS) { + refactored.add(pv); + } } + + ProtocolVersion[] candidates; + // Use the default enabled protocols if no customization + if (refactored.isEmpty()) { + candidates = new ProtocolVersion[]{ + ProtocolVersion.DTLS12, + ProtocolVersion.DTLS10 + }; + if (!client) + return Arrays.asList(candidates); + } else { + // Use the customized TLS protocols. + candidates = + new ProtocolVersion[customized.size()]; + candidates = customized.toArray(candidates); + } + + return getAvailableProtocols(candidates); } protected CustomizedDTLSContext() { @@ -1362,9 +1443,19 @@ } @Override + List getServerDefaultProtocolVersions() { + return serverDefaultProtocols; + } + + @Override List getClientDefaultCipherSuites() { return clientDefaultCipherSuites; } + + @Override + List getServerDefaultCipherSuites() { + return serverDefaultCipherSuites; + } } /* diff -r 4933c5e1ed63 -r f8f7e604e1f8 src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java --- a/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Fri May 25 12:24:17 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Fri May 25 12:43:45 2018 -0700 @@ -740,7 +740,7 @@ @Override public String[] getSupportedProtocols() { return ProtocolVersion.toStringArray( - sslContext.getSuportedProtocolVersions()); + sslContext.getSupportedProtocolVersions()); } @Override diff -r 4933c5e1ed63 -r f8f7e604e1f8 src/java.base/share/classes/sun/security/ssl/SSLServerSocketImpl.java --- a/src/java.base/share/classes/sun/security/ssl/SSLServerSocketImpl.java Fri May 25 12:24:17 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SSLServerSocketImpl.java Fri May 25 12:43:45 2018 -0700 @@ -106,7 +106,7 @@ @Override public String[] getSupportedProtocols() { return ProtocolVersion.toStringArray( - sslContext.getSuportedProtocolVersions()); + sslContext.getSupportedProtocolVersions()); } @Override diff -r 4933c5e1ed63 -r f8f7e604e1f8 src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java --- a/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Fri May 25 12:24:17 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Fri May 25 12:43:45 2018 -0700 @@ -309,7 +309,7 @@ @Override public String[] getSupportedProtocols() { return ProtocolVersion.toStringArray( - sslContext.getSuportedProtocolVersions()); + sslContext.getSupportedProtocolVersions()); } @Override diff -r 4933c5e1ed63 -r f8f7e604e1f8 test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDTLSDefaultProtocols.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDTLSDefaultProtocols.java Fri May 25 12:43:45 2018 -0700 @@ -0,0 +1,263 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @summary Test jdk.tls.client.protocols with DTLS + * @run main/othervm -Djdk.tls.client.protocols="DTLSv1.0" + * CustomizedDTLSDefaultProtocols +*/ + + +import java.security.Security; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + +import javax.net.SocketFactory; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.TrustManager; + +public class CustomizedDTLSDefaultProtocols { + + enum ContextVersion { + TLS_CV_01("DTLS", + new String[] {"DTLSv1.0"}), + TLS_CV_02("DTLSv1.0", + new String[] {"DTLSv1.0"}), + TLS_CV_03("DTLSv1.2", + new String[] {"DTLSv1.0", "DTLSv1.2"}); + + final String contextVersion; + final String[] enabledProtocols; + final static String[] supportedProtocols = new String[] { + "DTLSv1.0", "DTLSv1.2"}; + + ContextVersion(String contextVersion, String[] enabledProtocols) { + this.contextVersion = contextVersion; + this.enabledProtocols = enabledProtocols; + } + } + + private static boolean checkProtocols(String[] target, String[] expected) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No protocols"); + success = false; + } + + if (!protocolEquals(target, expected)) { + System.out.println("\tError: Expected to get protocols " + + Arrays.toString(expected)); + success = false; + } + System.out.println("\t Protocols found " + Arrays.toString(target)); + + return success; + } + + private static boolean protocolEquals( + String[] actualProtocols, + String[] expectedProtocols) { + if (actualProtocols.length != expectedProtocols.length) { + return false; + } + + Set set = new HashSet<>(Arrays.asList(expectedProtocols)); + for (String actual : actualProtocols) { + if (set.add(actual)) { + return false; + } + } + + return true; + } + + private static boolean checkCipherSuites(String[] target) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No cipher suites"); + success = false; + } + + return success; + } + + public static void main(String[] args) throws Exception { + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + + boolean failed = false; + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + SSLContext context = SSLContext.getInstance(cv.contextVersion); + + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init((KeyManager[])null, (TrustManager[])null, null); + } + + // + // Check SSLContext + // + // Check default SSLParameters of SSLContext + System.out.println("\tChecking default SSLParameters"); + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + String[] ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // Check supported SSLParameters of SSLContext + System.out.println("\tChecking supported SSLParameters"); + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLEngine + // + // Check SSLParameters of SSLEngine + System.out.println(); + System.out.println("\tChecking SSLEngine of this SSLContext"); + System.out.println("\tChecking SSLEngine.getSSLParameters()"); + SSLEngine engine = context.createSSLEngine(); + engine.setUseClientMode(true); + parameters = engine.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = engine.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = engine.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = engine.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = engine.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLSocket + // + // Check SSLParameters of SSLSocket + System.out.println(); + System.out.println("\tChecking SSLSocket of this SSLContext"); + System.out.println("\tChecking SSLSocket.getSSLParameters()"); + SocketFactory fac = context.getSocketFactory(); + SSLSocket socket = (SSLSocket)fac.createSocket(); + parameters = socket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = socket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = socket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = socket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = socket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLServerSocket + // + // Check SSLParameters of SSLServerSocket + System.out.println(); + System.out.println("\tChecking SSLServerSocket of this SSLContext"); + System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); + SSLServerSocketFactory sf = context.getServerSocketFactory(); + SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); + parameters = ssocket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = ssocket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = ssocket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = ssocket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = ssocket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + } + + if (failed) { + throw new Exception("Run into problems, see log for more details"); + } else { + System.out.println("\t... Success"); + } + } +} diff -r 4933c5e1ed63 -r f8f7e604e1f8 test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDTLSServerDefaultProtocols.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDTLSServerDefaultProtocols.java Fri May 25 12:43:45 2018 -0700 @@ -0,0 +1,283 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @summary Test jdk.tls.server.protocols with DTLS + * @run main/othervm -Djdk.tls.server.protocols="DTLSv1.0" + * CustomizedDTLSServerDefaultProtocols + */ + +import java.security.NoSuchAlgorithmException; +import java.security.Security; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + +import javax.net.SocketFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; + +public class CustomizedDTLSServerDefaultProtocols { + + final static String[] supportedProtocols = new String[]{ + "DTLSv1.0", "DTLSv1.2"}; + + enum ContextVersion { + TLS_CV_01("DTLS", + new String[]{"DTLSv1.0"}, + supportedProtocols), + TLS_CV_02("DTLSv1.0", + supportedProtocols, + new String[]{"DTLSv1.0"}), + TLS_CV_03("DTLS1.2", + supportedProtocols, + supportedProtocols); + + final String contextVersion; + final String[] serverEnabledProtocols; + final String[] clientEnabledProtocols; + + ContextVersion(String contextVersion, String[] serverEnabledProtocols, + String[] clientEnabledProtocols) { + this.contextVersion = contextVersion; + this.serverEnabledProtocols = serverEnabledProtocols; + this.clientEnabledProtocols = clientEnabledProtocols; + } + } + + private static boolean checkProtocols(String[] target, String[] expected) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No protocols"); + success = false; + } + + if (!protocolEquals(target, expected)) { + System.out.println("\tError: Expected to get protocols " + + Arrays.toString(expected)); + success = false; + } + System.out.println("\t Protocols found " + Arrays.toString(target)); + return success; + } + + private static boolean protocolEquals( + String[] actualProtocols, + String[] expectedProtocols) { + if (actualProtocols.length != expectedProtocols.length) { + return false; + } + + Set set = new HashSet<>(Arrays.asList(expectedProtocols)); + for (String actual : actualProtocols) { + if (set.add(actual)) { + return false; + } + } + + return true; + } + + private static boolean checkCipherSuites(String[] target) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No cipher suites"); + success = false; + } + + return success; + } + + public static void main(String[] args) throws Exception { + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + System.out.println("jdk.tls.client.protocols = " + + System.getProperty("jdk.tls.client.protocols")); + System.out.println("jdk.tls.server.protocols = "+ + System.getProperty("jdk.tls.server.protocols")); + Test(); + } + + static void Test() throws Exception { + boolean failed = false; + + SSLContext context; + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + try { + context = SSLContext.getInstance(cv.contextVersion); + } catch (NoSuchAlgorithmException e) { + if (cv.contextVersion.compareToIgnoreCase("DTLS1.2") == 0) { + System.out.println("Exception expected: " + e.getMessage()); + continue; + } + throw e; + } + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init(null, null, null); + } + + // + // Check SSLContext + // + // Check default SSLParameters of SSLContext + System.out.println("\tChecking default SSLParameters"); + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); + + String[] ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // Check supported SSLParameters of SSLContext + System.out.println("\tChecking supported SSLParameters"); + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLEngine + // + // Check SSLParameters of SSLEngine + System.out.println(); + System.out.println("\tChecking SSLEngine of this SSLContext"); + System.out.println("\tChecking SSLEngine.getSSLParameters()"); + SSLEngine engine = context.createSSLEngine(); + engine.setUseClientMode(true); + parameters = engine.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = engine.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = engine.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = engine.getSupportedProtocols(); + failed |= !checkProtocols(protocols, supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = engine.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLSocket + // + // Check SSLParameters of SSLSocket + System.out.println(); + System.out.println("\tChecking SSLSocket of this SSLContext"); + System.out.println("\tChecking SSLSocket.getSSLParameters()"); + SocketFactory fac = context.getSocketFactory(); + SSLSocket socket = (SSLSocket) fac.createSocket(); + parameters = socket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLSocket.getEnabledProtocols()"); + protocols = socket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); + + System.out.println("\tChecking SSLSocket.getEnabledCipherSuites()"); + ciphers = socket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLSocket.getSupportedProtocols()"); + protocols = socket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, supportedProtocols); + + System.out.println( + "\tChecking SSLSocket.getSupportedCipherSuites()"); + ciphers = socket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLServerSocket + // + // Check SSLParameters of SSLServerSocket + System.out.println(); + System.out.println("\tChecking SSLServerSocket of this SSLContext"); + System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); + SSLServerSocketFactory sf = context.getServerSocketFactory(); + SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket(); + parameters = ssocket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.serverEnabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = ssocket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.serverEnabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = ssocket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = ssocket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = ssocket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + if (failed) { + throw new Exception("Run into problems, see log for more details"); + } else { + System.out.println("\t... Success"); + } + } + } +} diff -r 4933c5e1ed63 -r f8f7e604e1f8 test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java --- a/test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java Fri May 25 12:24:17 2018 -0700 +++ b/test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java Fri May 25 12:43:45 2018 -0700 @@ -48,7 +48,7 @@ import javax.net.ssl.TrustManager; public class CustomizedDefaultProtocols { - static enum ContextVersion { + enum ContextVersion { TLS_CV_01("SSL", new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), TLS_CV_02("TLS", @@ -87,10 +87,9 @@ if (!protocolEquals(target, expected)) { System.out.println("\tError: Expected to get protocols " + Arrays.toString(expected)); - System.out.println("\tError: The actual protocols " + - Arrays.toString(target)); success = false; } + System.out.println("\t Protocols found " + Arrays.toString(target)); return success; } diff -r 4933c5e1ed63 -r f8f7e604e1f8 test/jdk/sun/security/ssl/SSLContextImpl/CustomizedServerDefaultProtocols.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/sun/security/ssl/SSLContextImpl/CustomizedServerDefaultProtocols.java Fri May 25 12:43:45 2018 -0700 @@ -0,0 +1,289 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @summary Test jdk.tls.server.protocols with TLS + * @run main/othervm -Djdk.tls.server.protocols="SSLv3,TLSv1,TLSv1.1" + * CustomizedServerDefaultProtocols + */ + +import java.security.Security; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + +import javax.net.SocketFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; + +public class CustomizedServerDefaultProtocols { + + final static String[] supportedProtocols = new String[]{ + "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; + + enum ContextVersion { + TLS_CV_01("SSL", + new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, + new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), + TLS_CV_02("TLS", + new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, + new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), + TLS_CV_03("SSLv3", + supportedProtocols, + new String[]{"SSLv3", "TLSv1"}), + TLS_CV_04("TLSv1", + supportedProtocols, + new String[]{"SSLv3", "TLSv1"}), + TLS_CV_05("TLSv1.1", + supportedProtocols, + new String[]{"SSLv3", "TLSv1", "TLSv1.1"}), + TLS_CV_06("TLSv1.2", + supportedProtocols, + new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_07("TLSv1.3", + supportedProtocols, + new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), + TLS_CV_08("Default", + new String[]{"SSLv3", "TLSv1", "TLSv1.1"}, + new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}); + + final String contextVersion; + final String[] serverEnabledProtocols; + final String[] clientEnabledProtocols; + + ContextVersion(String contextVersion, String[] serverEnabledProtocols, + String[] clientEnabledProtocols) { + this.contextVersion = contextVersion; + this.serverEnabledProtocols = serverEnabledProtocols; + this.clientEnabledProtocols = clientEnabledProtocols; + } + } + + private static boolean checkProtocols(String[] target, String[] expected) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No protocols"); + success = false; + } + + if (!protocolEquals(target, expected)) { + System.out.println("\tError: Expected to get protocols " + + Arrays.toString(expected)); + success = false; + } + System.out.println("\t Protocols found " + Arrays.toString(target)); + return success; + } + + private static boolean protocolEquals( + String[] actualProtocols, + String[] expectedProtocols) { + if (actualProtocols.length != expectedProtocols.length) { + return false; + } + + Set set = new HashSet<>(Arrays.asList(expectedProtocols)); + for (String actual : actualProtocols) { + if (set.add(actual)) { + return false; + } + } + + return true; + } + + private static boolean checkCipherSuites(String[] target) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No cipher suites"); + success = false; + } + + return success; + } + + public static void main(String[] args) throws Exception { + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + System.out.println("jdk.tls.client.protocols = " + + System.getProperty("jdk.tls.client.protocols")); + System.out.println("jdk.tls.server.protocols = "+ + System.getProperty("jdk.tls.server.protocols")); + Test(); + } + + static void Test() throws Exception { + boolean failed = false; + + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + SSLContext context = SSLContext.getInstance(cv.contextVersion); + + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init(null, null, null); + } + + // + // Check SSLContext + // + // Check default SSLParameters of SSLContext + System.out.println("\tChecking default SSLParameters"); + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); + + String[] ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // Check supported SSLParameters of SSLContext + System.out.println("\tChecking supported SSLParameters"); + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLEngine + // + // Check SSLParameters of SSLEngine + System.out.println(); + System.out.println("\tChecking SSLEngine of this SSLContext"); + System.out.println("\tChecking SSLEngine.getSSLParameters()"); + SSLEngine engine = context.createSSLEngine(); + engine.setUseClientMode(true); + parameters = engine.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = engine.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = engine.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = engine.getSupportedProtocols(); + failed |= !checkProtocols(protocols, supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = engine.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLSocket + // + // Check SSLParameters of SSLSocket + System.out.println(); + System.out.println("\tChecking SSLSocket of this SSLContext"); + System.out.println("\tChecking SSLSocket.getSSLParameters()"); + SocketFactory fac = context.getSocketFactory(); + SSLSocket socket = (SSLSocket) fac.createSocket(); + parameters = socket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLSocket.getEnabledProtocols()"); + protocols = socket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.clientEnabledProtocols); + + System.out.println("\tChecking SSLSocket.getEnabledCipherSuites()"); + ciphers = socket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLSocket.getSupportedProtocols()"); + protocols = socket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, supportedProtocols); + + System.out.println( + "\tChecking SSLSocket.getSupportedCipherSuites()"); + ciphers = socket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLServerSocket + // + // Check SSLParameters of SSLServerSocket + System.out.println(); + System.out.println("\tChecking SSLServerSocket of this SSLContext"); + System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); + SSLServerSocketFactory sf = context.getServerSocketFactory(); + SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket(); + parameters = ssocket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.serverEnabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = ssocket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.serverEnabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = ssocket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = ssocket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = ssocket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + if (failed) { + throw new Exception("Run into problems, see log for more details"); + } else { + System.out.println("\t... Success"); + } + } + } +} diff -r 4933c5e1ed63 -r f8f7e604e1f8 test/jdk/sun/security/ssl/SSLContextImpl/DefaultDTLSEnabledProtocols.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/sun/security/ssl/SSLContextImpl/DefaultDTLSEnabledProtocols.java Fri May 25 12:43:45 2018 -0700 @@ -0,0 +1,260 @@ +/* + * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @summary Test jdk.tls.client.protocols with DTLS + * @run main/othervm DefaultDTLSEnabledProtocols + */ + +import java.security.Security; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + +import javax.net.SocketFactory; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.TrustManager; + +public class DefaultDTLSEnabledProtocols { + static enum ContextVersion { + TLS_CV_01("DTLS", + new String[] {"DTLSv1.0", "DTLSv1.2"}), + TLS_CV_02("DTLSv1.0", + new String[] {"DTLSv1.0"}), + TLS_CV_03("DTLSv1.2", + new String[] {"DTLSv1.0", "DTLSv1.2"}); + + final String contextVersion; + final String[] enabledProtocols; + final static String[] supportedProtocols = new String[] { + "DTLSv1.0", "DTLSv1.2"}; + + ContextVersion(String contextVersion, String[] enabledProtocols) { + this.contextVersion = contextVersion; + this.enabledProtocols = enabledProtocols; + } + } + + private static boolean checkProtocols(String[] target, String[] expected) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No protocols"); + success = false; + } + + if (!protocolEquals(target, expected)) { + System.out.println("\tError: Expected to get protocols " + + Arrays.toString(expected)); + success = false; + } + System.out.println("\t Protocols found " + Arrays.toString(target)); + + return success; + } + + private static boolean protocolEquals( + String[] actualProtocols, + String[] expectedProtocols) { + if (actualProtocols.length != expectedProtocols.length) { + return false; + } + + Set set = new HashSet<>(Arrays.asList(expectedProtocols)); + for (String actual : actualProtocols) { + if (set.add(actual)) { + return false; + } + } + + return true; + } + + private static boolean checkCipherSuites(String[] target) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No cipher suites"); + success = false; + } + + return success; + } + + public static void main(String[] args) throws Exception { + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + + boolean failed = false; + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + SSLContext context = SSLContext.getInstance(cv.contextVersion); + + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init((KeyManager[])null, (TrustManager[])null, null); + } + + // + // Check SSLContext + // + // Check default SSLParameters of SSLContext + System.out.println("\tChecking default SSLParameters"); + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + String[] ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // Check supported SSLParameters of SSLContext + System.out.println("\tChecking supported SSLParameters"); + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLEngine + // + // Check SSLParameters of SSLEngine + System.out.println(); + System.out.println("\tChecking SSLEngine of this SSLContext"); + System.out.println("\tChecking SSLEngine.getSSLParameters()"); + SSLEngine engine = context.createSSLEngine(); + engine.setUseClientMode(true); + parameters = engine.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = engine.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = engine.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = engine.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = engine.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLSocket + // + // Check SSLParameters of SSLSocket + System.out.println(); + System.out.println("\tChecking SSLSocket of this SSLContext"); + System.out.println("\tChecking SSLSocket.getSSLParameters()"); + SocketFactory fac = context.getSocketFactory(); + SSLSocket socket = (SSLSocket)fac.createSocket(); + parameters = socket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = socket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = socket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = socket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = socket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLServerSocket + // + // Check SSLParameters of SSLServerSocket + System.out.println(); + System.out.println("\tChecking SSLServerSocket of this SSLContext"); + System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); + SSLServerSocketFactory sf = context.getServerSocketFactory(); + SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); + parameters = ssocket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = ssocket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = ssocket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = ssocket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = ssocket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + } + + if (failed) { + throw new Exception("Run into problems, see log for more details"); + } else { + System.out.println("\t... Success"); + } + } +} diff -r 4933c5e1ed63 -r f8f7e604e1f8 test/jdk/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java --- a/test/jdk/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java Fri May 25 12:24:17 2018 -0700 +++ b/test/jdk/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java Fri May 25 12:43:45 2018 -0700 @@ -47,7 +47,7 @@ import javax.net.ssl.TrustManager; public class DefaultEnabledProtocols { - static enum ContextVersion { + enum ContextVersion { TLS_CV_01("SSL", new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}), TLS_CV_02("TLS", @@ -86,10 +86,9 @@ if (!protocolEquals(target, expected)) { System.out.println("\tError: Expected to get protocols " + Arrays.toString(expected)); - System.out.println("\tError: The actual protocols " + - Arrays.toString(target)); success = false; } + System.out.println("\t Protocols found " + Arrays.toString(target)); return success; }