--- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Fri May 25 12:24:17 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Fri May 25 12:43:45 2018 -0700
@@ -274,7 +274,7 @@
}
// Get supported protocols.
- abstract List<ProtocolVersion> getSuportedProtocolVersions();
+ abstract List<ProtocolVersion> getSupportedProtocolVersions();
// Get default protocols for server mode.
abstract List<ProtocolVersion> getServerDefaultProtocolVersions();
@@ -481,7 +481,7 @@
List<ProtocolVersion> availableProtocols =
Collections.<ProtocolVersion>emptyList();
- if (protocolCandidates != null && protocolCandidates.length != 0) {
+ if (protocolCandidates != null && protocolCandidates.length != 0) {
availableProtocols = new ArrayList<>(protocolCandidates.length);
for (ProtocolVersion p : protocolCandidates) {
if (p.isAvailable) {
@@ -582,7 +582,7 @@
}
@Override
- List<ProtocolVersion> getSuportedProtocolVersions() {
+ List<ProtocolVersion> getSupportedProtocolVersions() {
return supportedProtocols;
}
@@ -615,6 +615,26 @@
boolean isDTLS() {
return false;
}
+
+ static ProtocolVersion[] getSupportedProtocols() {
+ if (SunJSSE.isFIPS()) {
+ return new ProtocolVersion[] {
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ };
+ } else {
+ return new ProtocolVersion[]{
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10,
+ ProtocolVersion.SSL30,
+ ProtocolVersion.SSL20Hello
+ };
+ }
+ }
}
/*
@@ -788,10 +808,15 @@
* @see SSLContext
*/
private static class CustomizedSSLProtocols {
- private static final String PROPERTY_NAME = "jdk.tls.client.protocols";
+ private static final String JDK_TLS_CLIENT_PROTOCOLS =
+ "jdk.tls.client.protocols";
+ private static final String JDK_TLS_SERVER_PROTOCOLS =
+ "jdk.tls.server.protocols";
static IllegalArgumentException reservedException = null;
- static final ArrayList<ProtocolVersion>
- customizedProtocols = new ArrayList<>();
+ static final ArrayList<ProtocolVersion> customizedClientProtocols =
+ new ArrayList<>();
+ static final ArrayList<ProtocolVersion> customizedServerProtocols =
+ new ArrayList<>();
// Don't want a java.lang.LinkageError for illegal system property.
//
@@ -800,9 +825,18 @@
// the provider service. Instead, please handle the initialization
// exception in the caller's constructor.
static {
- String property = GetPropertyAction
- .privilegedGetProperty(PROPERTY_NAME);
- if (property != null && property.length() != 0) {
+ populate(JDK_TLS_CLIENT_PROTOCOLS, customizedClientProtocols);
+ populate(JDK_TLS_SERVER_PROTOCOLS, customizedServerProtocols);
+ }
+
+ private static void populate(String propname,
+ ArrayList<ProtocolVersion> arrayList) {
+ String property = GetPropertyAction.privilegedGetProperty(propname);
+ if (property == null) {
+ return;
+ }
+
+ if (property.length() != 0) {
// remove double quote marks from beginning/end of the property
if (property.length() > 1 && property.charAt(0) == '"' &&
property.charAt(property.length() - 1) == '"') {
@@ -810,7 +844,7 @@
}
}
- if (property != null && property.length() != 0) {
+ if (property.length() != 0) {
String[] protocols = property.split(",");
for (int i = 0; i < protocols.length; i++) {
protocols[i] = protocols[i].trim();
@@ -819,7 +853,7 @@
ProtocolVersion.nameOf(protocols[i]);
if (pv == null) {
reservedException = new IllegalArgumentException(
- PROPERTY_NAME + ": " + protocols[i] +
+ propname + ": " + protocols[i] +
" is not a supported SSL protocol name");
}
@@ -827,15 +861,15 @@
((pv == ProtocolVersion.SSL30) ||
(pv == ProtocolVersion.SSL20Hello))) {
reservedException = new IllegalArgumentException(
- PROPERTY_NAME + ": " + pv +
+ propname + ": " + pv +
" is not FIPS compliant");
break;
}
// ignore duplicated protocols
- if (!customizedProtocols.contains(pv)) {
- customizedProtocols.add(pv);
+ if (!arrayList.contains(pv)) {
+ arrayList.add(pv);
}
}
}
@@ -850,7 +884,9 @@
private static class CustomizedTLSContext extends AbstractTLSContext {
private static final List<ProtocolVersion> clientDefaultProtocols;
+ private static final List<ProtocolVersion> serverDefaultProtocols;
private static final List<CipherSuite> clientDefaultCipherSuites;
+ private static final List<CipherSuite> serverDefaultCipherSuites;
private static final IllegalArgumentException reservedException;
// Don't want a java.lang.LinkageError for illegal system property.
@@ -862,50 +898,70 @@
static {
reservedException = CustomizedSSLProtocols.reservedException;
if (reservedException == null) {
- ArrayList<ProtocolVersion>
- customizedTLSProtocols = new ArrayList<>();
- for (ProtocolVersion protocol :
- CustomizedSSLProtocols.customizedProtocols) {
- if (!protocol.isDTLS) {
- customizedTLSProtocols.add(protocol);
- }
- }
+ clientDefaultProtocols = customizedProtocols(true,
+ CustomizedSSLProtocols.customizedClientProtocols);
+ serverDefaultProtocols = customizedProtocols(false,
+ CustomizedSSLProtocols.customizedServerProtocols);
- // candidates for available protocols
- ProtocolVersion[] candidates;
- if (customizedTLSProtocols.isEmpty()) {
- // Use the default enabled client protocols if no
- // customized TLS protocols.
- if (SunJSSE.isFIPS()) {
- candidates = new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- };
- } else {
- candidates = new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10,
- ProtocolVersion.SSL30
- };
- }
- } else {
- // Use the customized TLS protocols.
- candidates =
- new ProtocolVersion[customizedTLSProtocols.size()];
- candidates = customizedTLSProtocols.toArray(candidates);
- }
-
- clientDefaultProtocols = getAvailableProtocols(candidates);
clientDefaultCipherSuites =
getApplicableEnabledCipherSuites(
clientDefaultProtocols, true);
+ serverDefaultCipherSuites =
+ getApplicableEnabledCipherSuites(
+ serverDefaultProtocols, false);
+
} else {
- clientDefaultProtocols = null; // unlikely to be used
- clientDefaultCipherSuites = null; // unlikely to be used
+ // unlikely to be used
+ clientDefaultProtocols = null;
+ serverDefaultProtocols = null;
+ clientDefaultCipherSuites = null;
+ serverDefaultCipherSuites = null;
+ }
+ }
+
+ private static List<ProtocolVersion> customizedProtocols(
+ boolean client, List<ProtocolVersion> customized) {
+ List<ProtocolVersion> refactored = new ArrayList<>();
+ for (ProtocolVersion pv : customized) {
+ if (!pv.isDTLS) {
+ refactored.add(pv);
+ }
+ }
+
+ // Use the default enabled protocols if no customization
+ ProtocolVersion[] candidates;
+ if (refactored.isEmpty()) {
+ if (client) {
+ candidates = getProtocols();
+ } else {
+ candidates = getSupportedProtocols();
+ }
+ } else {
+ // Use the customized TLS protocols.
+ candidates = new ProtocolVersion[refactored.size()];
+ candidates = refactored.toArray(candidates);
+ }
+ System.out.println(refactored.toString());
+
+ return getAvailableProtocols(candidates);
+ }
+
+ static ProtocolVersion[] getProtocols() {
+ if (SunJSSE.isFIPS()) {
+ return new ProtocolVersion[]{
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ };
+ } else {
+ return new ProtocolVersion[]{
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10,
+ ProtocolVersion.SSL30
+ };
}
}
@@ -921,9 +977,21 @@
}
@Override
+ List<ProtocolVersion> getServerDefaultProtocolVersions() {
+ return serverDefaultProtocols;
+ }
+
+ @Override
List<CipherSuite> getClientDefaultCipherSuites() {
return clientDefaultCipherSuites;
}
+
+ @Override
+ List<CipherSuite> getServerDefaultCipherSuites() {
+ return serverDefaultCipherSuites;
+ }
+
+
}
/*
@@ -1194,7 +1262,7 @@
}
@Override
- List<ProtocolVersion> getSuportedProtocolVersions() {
+ List<ProtocolVersion> getSupportedProtocolVersions() {
return supportedProtocols;
}
@@ -1299,7 +1367,9 @@
*/
private static class CustomizedDTLSContext extends AbstractDTLSContext {
private static final List<ProtocolVersion> clientDefaultProtocols;
+ private static final List<ProtocolVersion> serverDefaultProtocols;
private static final List<CipherSuite> clientDefaultCipherSuites;
+ private static final List<CipherSuite> serverDefaultCipherSuites;
private static IllegalArgumentException reservedException = null;
@@ -1312,42 +1382,53 @@
static {
reservedException = CustomizedSSLProtocols.reservedException;
if (reservedException == null) {
- ArrayList<ProtocolVersion>
- customizedDTLSProtocols = new ArrayList<>();
- for (ProtocolVersion protocol :
- CustomizedSSLProtocols.customizedProtocols) {
- if (protocol.isDTLS) {
- customizedDTLSProtocols.add(protocol);
- }
- }
+ clientDefaultProtocols = customizedProtocols(true,
+ CustomizedSSLProtocols.customizedClientProtocols);
+ serverDefaultProtocols = customizedProtocols(false,
+ CustomizedSSLProtocols.customizedServerProtocols);
- // candidates for available protocols
- ProtocolVersion[] candidates;
- if (customizedDTLSProtocols.isEmpty()) {
- // Use the default enabled client protocols if no
- // customized TLS protocols.
- //
- // Both DTLSv1.0 and DTLSv1.2 can be used in FIPS mode.
- candidates = new ProtocolVersion[] {
- ProtocolVersion.DTLS12,
- ProtocolVersion.DTLS10
- };
-
- } else {
- // Use the customized TLS protocols.
- candidates =
- new ProtocolVersion[customizedDTLSProtocols.size()];
- candidates = customizedDTLSProtocols.toArray(candidates);
- }
-
- clientDefaultProtocols = getAvailableProtocols(candidates);
clientDefaultCipherSuites =
getApplicableEnabledCipherSuites(
clientDefaultProtocols, true);
+ serverDefaultCipherSuites =
+ getApplicableEnabledCipherSuites(
+ serverDefaultProtocols, false);
+
} else {
- clientDefaultProtocols = null; // unlikely to be used
- clientDefaultCipherSuites = null; // unlikely to be used
+ // unlikely to be used
+ clientDefaultProtocols = null;
+ serverDefaultProtocols = null;
+ clientDefaultCipherSuites = null;
+ serverDefaultCipherSuites = null;
+ }
+ }
+
+ private static List<ProtocolVersion> customizedProtocols(boolean client,
+ List<ProtocolVersion> customized) {
+ List<ProtocolVersion> refactored = new ArrayList<>();
+ for (ProtocolVersion pv : customized) {
+ if (pv.isDTLS) {
+ refactored.add(pv);
+ }
}
+
+ ProtocolVersion[] candidates;
+ // Use the default enabled protocols if no customization
+ if (refactored.isEmpty()) {
+ candidates = new ProtocolVersion[]{
+ ProtocolVersion.DTLS12,
+ ProtocolVersion.DTLS10
+ };
+ if (!client)
+ return Arrays.asList(candidates);
+ } else {
+ // Use the customized TLS protocols.
+ candidates =
+ new ProtocolVersion[customized.size()];
+ candidates = customized.toArray(candidates);
+ }
+
+ return getAvailableProtocols(candidates);
}
protected CustomizedDTLSContext() {
@@ -1362,9 +1443,19 @@
}
@Override
+ List<ProtocolVersion> getServerDefaultProtocolVersions() {
+ return serverDefaultProtocols;
+ }
+
+ @Override
List<CipherSuite> getClientDefaultCipherSuites() {
return clientDefaultCipherSuites;
}
+
+ @Override
+ List<CipherSuite> getServerDefaultCipherSuites() {
+ return serverDefaultCipherSuites;
+ }
}
/*
--- a/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Fri May 25 12:24:17 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Fri May 25 12:43:45 2018 -0700
@@ -740,7 +740,7 @@
@Override
public String[] getSupportedProtocols() {
return ProtocolVersion.toStringArray(
- sslContext.getSuportedProtocolVersions());
+ sslContext.getSupportedProtocolVersions());
}
@Override
--- a/src/java.base/share/classes/sun/security/ssl/SSLServerSocketImpl.java Fri May 25 12:24:17 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLServerSocketImpl.java Fri May 25 12:43:45 2018 -0700
@@ -106,7 +106,7 @@
@Override
public String[] getSupportedProtocols() {
return ProtocolVersion.toStringArray(
- sslContext.getSuportedProtocolVersions());
+ sslContext.getSupportedProtocolVersions());
}
@Override
--- a/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Fri May 25 12:24:17 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Fri May 25 12:43:45 2018 -0700
@@ -309,7 +309,7 @@
@Override
public String[] getSupportedProtocols() {
return ProtocolVersion.toStringArray(
- sslContext.getSuportedProtocolVersions());
+ sslContext.getSupportedProtocolVersions());
}
@Override
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDTLSDefaultProtocols.java Fri May 25 12:43:45 2018 -0700
@@ -0,0 +1,263 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @summary Test jdk.tls.client.protocols with DTLS
+ * @run main/othervm -Djdk.tls.client.protocols="DTLSv1.0"
+ * CustomizedDTLSDefaultProtocols
+*/
+
+
+import java.security.Security;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.TrustManager;
+
+public class CustomizedDTLSDefaultProtocols {
+
+ enum ContextVersion {
+ TLS_CV_01("DTLS",
+ new String[] {"DTLSv1.0"}),
+ TLS_CV_02("DTLSv1.0",
+ new String[] {"DTLSv1.0"}),
+ TLS_CV_03("DTLSv1.2",
+ new String[] {"DTLSv1.0", "DTLSv1.2"});
+
+ final String contextVersion;
+ final String[] enabledProtocols;
+ final static String[] supportedProtocols = new String[] {
+ "DTLSv1.0", "DTLSv1.2"};
+
+ ContextVersion(String contextVersion, String[] enabledProtocols) {
+ this.contextVersion = contextVersion;
+ this.enabledProtocols = enabledProtocols;
+ }
+ }
+
+ private static boolean checkProtocols(String[] target, String[] expected) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No protocols");
+ success = false;
+ }
+
+ if (!protocolEquals(target, expected)) {
+ System.out.println("\tError: Expected to get protocols " +
+ Arrays.toString(expected));
+ success = false;
+ }
+ System.out.println("\t Protocols found " + Arrays.toString(target));
+
+ return success;
+ }
+
+ private static boolean protocolEquals(
+ String[] actualProtocols,
+ String[] expectedProtocols) {
+ if (actualProtocols.length != expectedProtocols.length) {
+ return false;
+ }
+
+ Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
+ for (String actual : actualProtocols) {
+ if (set.add(actual)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private static boolean checkCipherSuites(String[] target) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No cipher suites");
+ success = false;
+ }
+
+ return success;
+ }
+
+ public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
+ boolean failed = false;
+ for (ContextVersion cv : ContextVersion.values()) {
+ System.out.println("Checking SSLContext of " + cv.contextVersion);
+ SSLContext context = SSLContext.getInstance(cv.contextVersion);
+
+ // Default SSLContext is initialized automatically.
+ if (!cv.contextVersion.equals("Default")) {
+ // Use default TK, KM and random.
+ context.init((KeyManager[])null, (TrustManager[])null, null);
+ }
+
+ //
+ // Check SSLContext
+ //
+ // Check default SSLParameters of SSLContext
+ System.out.println("\tChecking default SSLParameters");
+ SSLParameters parameters = context.getDefaultSSLParameters();
+
+ String[] protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ String[] ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ // Check supported SSLParameters of SSLContext
+ System.out.println("\tChecking supported SSLParameters");
+ parameters = context.getSupportedSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLEngine
+ //
+ // Check SSLParameters of SSLEngine
+ System.out.println();
+ System.out.println("\tChecking SSLEngine of this SSLContext");
+ System.out.println("\tChecking SSLEngine.getSSLParameters()");
+ SSLEngine engine = context.createSSLEngine();
+ engine.setUseClientMode(true);
+ parameters = engine.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = engine.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = engine.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = engine.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = engine.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLSocket
+ //
+ // Check SSLParameters of SSLSocket
+ System.out.println();
+ System.out.println("\tChecking SSLSocket of this SSLContext");
+ System.out.println("\tChecking SSLSocket.getSSLParameters()");
+ SocketFactory fac = context.getSocketFactory();
+ SSLSocket socket = (SSLSocket)fac.createSocket();
+ parameters = socket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = socket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = socket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = socket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = socket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLServerSocket
+ //
+ // Check SSLParameters of SSLServerSocket
+ System.out.println();
+ System.out.println("\tChecking SSLServerSocket of this SSLContext");
+ System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
+ SSLServerSocketFactory sf = context.getServerSocketFactory();
+ SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
+ parameters = ssocket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = ssocket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = ssocket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = ssocket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = ssocket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+ }
+
+ if (failed) {
+ throw new Exception("Run into problems, see log for more details");
+ } else {
+ System.out.println("\t... Success");
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDTLSServerDefaultProtocols.java Fri May 25 12:43:45 2018 -0700
@@ -0,0 +1,283 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @summary Test jdk.tls.server.protocols with DTLS
+ * @run main/othervm -Djdk.tls.server.protocols="DTLSv1.0"
+ * CustomizedDTLSServerDefaultProtocols
+ */
+
+import java.security.NoSuchAlgorithmException;
+import java.security.Security;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+
+public class CustomizedDTLSServerDefaultProtocols {
+
+ final static String[] supportedProtocols = new String[]{
+ "DTLSv1.0", "DTLSv1.2"};
+
+ enum ContextVersion {
+ TLS_CV_01("DTLS",
+ new String[]{"DTLSv1.0"},
+ supportedProtocols),
+ TLS_CV_02("DTLSv1.0",
+ supportedProtocols,
+ new String[]{"DTLSv1.0"}),
+ TLS_CV_03("DTLS1.2",
+ supportedProtocols,
+ supportedProtocols);
+
+ final String contextVersion;
+ final String[] serverEnabledProtocols;
+ final String[] clientEnabledProtocols;
+
+ ContextVersion(String contextVersion, String[] serverEnabledProtocols,
+ String[] clientEnabledProtocols) {
+ this.contextVersion = contextVersion;
+ this.serverEnabledProtocols = serverEnabledProtocols;
+ this.clientEnabledProtocols = clientEnabledProtocols;
+ }
+ }
+
+ private static boolean checkProtocols(String[] target, String[] expected) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No protocols");
+ success = false;
+ }
+
+ if (!protocolEquals(target, expected)) {
+ System.out.println("\tError: Expected to get protocols " +
+ Arrays.toString(expected));
+ success = false;
+ }
+ System.out.println("\t Protocols found " + Arrays.toString(target));
+ return success;
+ }
+
+ private static boolean protocolEquals(
+ String[] actualProtocols,
+ String[] expectedProtocols) {
+ if (actualProtocols.length != expectedProtocols.length) {
+ return false;
+ }
+
+ Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
+ for (String actual : actualProtocols) {
+ if (set.add(actual)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private static boolean checkCipherSuites(String[] target) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No cipher suites");
+ success = false;
+ }
+
+ return success;
+ }
+
+ public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ System.out.println("jdk.tls.client.protocols = " +
+ System.getProperty("jdk.tls.client.protocols"));
+ System.out.println("jdk.tls.server.protocols = "+
+ System.getProperty("jdk.tls.server.protocols"));
+ Test();
+ }
+
+ static void Test() throws Exception {
+ boolean failed = false;
+
+ SSLContext context;
+ for (ContextVersion cv : ContextVersion.values()) {
+ System.out.println("Checking SSLContext of " + cv.contextVersion);
+ try {
+ context = SSLContext.getInstance(cv.contextVersion);
+ } catch (NoSuchAlgorithmException e) {
+ if (cv.contextVersion.compareToIgnoreCase("DTLS1.2") == 0) {
+ System.out.println("Exception expected: " + e.getMessage());
+ continue;
+ }
+ throw e;
+ }
+ // Default SSLContext is initialized automatically.
+ if (!cv.contextVersion.equals("Default")) {
+ // Use default TK, KM and random.
+ context.init(null, null, null);
+ }
+
+ //
+ // Check SSLContext
+ //
+ // Check default SSLParameters of SSLContext
+ System.out.println("\tChecking default SSLParameters");
+ SSLParameters parameters = context.getDefaultSSLParameters();
+
+ String[] protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
+
+ String[] ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ // Check supported SSLParameters of SSLContext
+ System.out.println("\tChecking supported SSLParameters");
+ parameters = context.getSupportedSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, supportedProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLEngine
+ //
+ // Check SSLParameters of SSLEngine
+ System.out.println();
+ System.out.println("\tChecking SSLEngine of this SSLContext");
+ System.out.println("\tChecking SSLEngine.getSSLParameters()");
+ SSLEngine engine = context.createSSLEngine();
+ engine.setUseClientMode(true);
+ parameters = engine.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = engine.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = engine.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = engine.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = engine.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLSocket
+ //
+ // Check SSLParameters of SSLSocket
+ System.out.println();
+ System.out.println("\tChecking SSLSocket of this SSLContext");
+ System.out.println("\tChecking SSLSocket.getSSLParameters()");
+ SocketFactory fac = context.getSocketFactory();
+ SSLSocket socket = (SSLSocket) fac.createSocket();
+ parameters = socket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLSocket.getEnabledProtocols()");
+ protocols = socket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
+
+ System.out.println("\tChecking SSLSocket.getEnabledCipherSuites()");
+ ciphers = socket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLSocket.getSupportedProtocols()");
+ protocols = socket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLSocket.getSupportedCipherSuites()");
+ ciphers = socket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLServerSocket
+ //
+ // Check SSLParameters of SSLServerSocket
+ System.out.println();
+ System.out.println("\tChecking SSLServerSocket of this SSLContext");
+ System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
+ SSLServerSocketFactory sf = context.getServerSocketFactory();
+ SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket();
+ parameters = ssocket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.serverEnabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = ssocket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.serverEnabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = ssocket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = ssocket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = ssocket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ if (failed) {
+ throw new Exception("Run into problems, see log for more details");
+ } else {
+ System.out.println("\t... Success");
+ }
+ }
+ }
+}
--- a/test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java Fri May 25 12:24:17 2018 -0700
+++ b/test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java Fri May 25 12:43:45 2018 -0700
@@ -48,7 +48,7 @@
import javax.net.ssl.TrustManager;
public class CustomizedDefaultProtocols {
- static enum ContextVersion {
+ enum ContextVersion {
TLS_CV_01("SSL",
new String[] {"SSLv3", "TLSv1", "TLSv1.1"}),
TLS_CV_02("TLS",
@@ -87,10 +87,9 @@
if (!protocolEquals(target, expected)) {
System.out.println("\tError: Expected to get protocols " +
Arrays.toString(expected));
- System.out.println("\tError: The actual protocols " +
- Arrays.toString(target));
success = false;
}
+ System.out.println("\t Protocols found " + Arrays.toString(target));
return success;
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/ssl/SSLContextImpl/CustomizedServerDefaultProtocols.java Fri May 25 12:43:45 2018 -0700
@@ -0,0 +1,289 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @summary Test jdk.tls.server.protocols with TLS
+ * @run main/othervm -Djdk.tls.server.protocols="SSLv3,TLSv1,TLSv1.1"
+ * CustomizedServerDefaultProtocols
+ */
+
+import java.security.Security;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+
+public class CustomizedServerDefaultProtocols {
+
+ final static String[] supportedProtocols = new String[]{
+ "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
+
+ enum ContextVersion {
+ TLS_CV_01("SSL",
+ new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
+ new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
+ TLS_CV_02("TLS",
+ new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
+ new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
+ TLS_CV_03("SSLv3",
+ supportedProtocols,
+ new String[]{"SSLv3", "TLSv1"}),
+ TLS_CV_04("TLSv1",
+ supportedProtocols,
+ new String[]{"SSLv3", "TLSv1"}),
+ TLS_CV_05("TLSv1.1",
+ supportedProtocols,
+ new String[]{"SSLv3", "TLSv1", "TLSv1.1"}),
+ TLS_CV_06("TLSv1.2",
+ supportedProtocols,
+ new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}),
+ TLS_CV_07("TLSv1.3",
+ supportedProtocols,
+ new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
+ TLS_CV_08("Default",
+ new String[]{"SSLv3", "TLSv1", "TLSv1.1"},
+ new String[]{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"});
+
+ final String contextVersion;
+ final String[] serverEnabledProtocols;
+ final String[] clientEnabledProtocols;
+
+ ContextVersion(String contextVersion, String[] serverEnabledProtocols,
+ String[] clientEnabledProtocols) {
+ this.contextVersion = contextVersion;
+ this.serverEnabledProtocols = serverEnabledProtocols;
+ this.clientEnabledProtocols = clientEnabledProtocols;
+ }
+ }
+
+ private static boolean checkProtocols(String[] target, String[] expected) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No protocols");
+ success = false;
+ }
+
+ if (!protocolEquals(target, expected)) {
+ System.out.println("\tError: Expected to get protocols " +
+ Arrays.toString(expected));
+ success = false;
+ }
+ System.out.println("\t Protocols found " + Arrays.toString(target));
+ return success;
+ }
+
+ private static boolean protocolEquals(
+ String[] actualProtocols,
+ String[] expectedProtocols) {
+ if (actualProtocols.length != expectedProtocols.length) {
+ return false;
+ }
+
+ Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
+ for (String actual : actualProtocols) {
+ if (set.add(actual)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private static boolean checkCipherSuites(String[] target) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No cipher suites");
+ success = false;
+ }
+
+ return success;
+ }
+
+ public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ System.out.println("jdk.tls.client.protocols = " +
+ System.getProperty("jdk.tls.client.protocols"));
+ System.out.println("jdk.tls.server.protocols = "+
+ System.getProperty("jdk.tls.server.protocols"));
+ Test();
+ }
+
+ static void Test() throws Exception {
+ boolean failed = false;
+
+ for (ContextVersion cv : ContextVersion.values()) {
+ System.out.println("Checking SSLContext of " + cv.contextVersion);
+ SSLContext context = SSLContext.getInstance(cv.contextVersion);
+
+ // Default SSLContext is initialized automatically.
+ if (!cv.contextVersion.equals("Default")) {
+ // Use default TK, KM and random.
+ context.init(null, null, null);
+ }
+
+ //
+ // Check SSLContext
+ //
+ // Check default SSLParameters of SSLContext
+ System.out.println("\tChecking default SSLParameters");
+ SSLParameters parameters = context.getDefaultSSLParameters();
+
+ String[] protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
+
+ String[] ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ // Check supported SSLParameters of SSLContext
+ System.out.println("\tChecking supported SSLParameters");
+ parameters = context.getSupportedSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, supportedProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLEngine
+ //
+ // Check SSLParameters of SSLEngine
+ System.out.println();
+ System.out.println("\tChecking SSLEngine of this SSLContext");
+ System.out.println("\tChecking SSLEngine.getSSLParameters()");
+ SSLEngine engine = context.createSSLEngine();
+ engine.setUseClientMode(true);
+ parameters = engine.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = engine.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = engine.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = engine.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = engine.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLSocket
+ //
+ // Check SSLParameters of SSLSocket
+ System.out.println();
+ System.out.println("\tChecking SSLSocket of this SSLContext");
+ System.out.println("\tChecking SSLSocket.getSSLParameters()");
+ SocketFactory fac = context.getSocketFactory();
+ SSLSocket socket = (SSLSocket) fac.createSocket();
+ parameters = socket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLSocket.getEnabledProtocols()");
+ protocols = socket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.clientEnabledProtocols);
+
+ System.out.println("\tChecking SSLSocket.getEnabledCipherSuites()");
+ ciphers = socket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLSocket.getSupportedProtocols()");
+ protocols = socket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLSocket.getSupportedCipherSuites()");
+ ciphers = socket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLServerSocket
+ //
+ // Check SSLParameters of SSLServerSocket
+ System.out.println();
+ System.out.println("\tChecking SSLServerSocket of this SSLContext");
+ System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
+ SSLServerSocketFactory sf = context.getServerSocketFactory();
+ SSLServerSocket ssocket = (SSLServerSocket) sf.createServerSocket();
+ parameters = ssocket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.serverEnabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = ssocket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.serverEnabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = ssocket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = ssocket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = ssocket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ if (failed) {
+ throw new Exception("Run into problems, see log for more details");
+ } else {
+ System.out.println("\t... Success");
+ }
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/ssl/SSLContextImpl/DefaultDTLSEnabledProtocols.java Fri May 25 12:43:45 2018 -0700
@@ -0,0 +1,260 @@
+/*
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+
+/*
+ * @test
+ * @summary Test jdk.tls.client.protocols with DTLS
+ * @run main/othervm DefaultDTLSEnabledProtocols
+ */
+
+import java.security.Security;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.TrustManager;
+
+public class DefaultDTLSEnabledProtocols {
+ static enum ContextVersion {
+ TLS_CV_01("DTLS",
+ new String[] {"DTLSv1.0", "DTLSv1.2"}),
+ TLS_CV_02("DTLSv1.0",
+ new String[] {"DTLSv1.0"}),
+ TLS_CV_03("DTLSv1.2",
+ new String[] {"DTLSv1.0", "DTLSv1.2"});
+
+ final String contextVersion;
+ final String[] enabledProtocols;
+ final static String[] supportedProtocols = new String[] {
+ "DTLSv1.0", "DTLSv1.2"};
+
+ ContextVersion(String contextVersion, String[] enabledProtocols) {
+ this.contextVersion = contextVersion;
+ this.enabledProtocols = enabledProtocols;
+ }
+ }
+
+ private static boolean checkProtocols(String[] target, String[] expected) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No protocols");
+ success = false;
+ }
+
+ if (!protocolEquals(target, expected)) {
+ System.out.println("\tError: Expected to get protocols " +
+ Arrays.toString(expected));
+ success = false;
+ }
+ System.out.println("\t Protocols found " + Arrays.toString(target));
+
+ return success;
+ }
+
+ private static boolean protocolEquals(
+ String[] actualProtocols,
+ String[] expectedProtocols) {
+ if (actualProtocols.length != expectedProtocols.length) {
+ return false;
+ }
+
+ Set<String> set = new HashSet<>(Arrays.asList(expectedProtocols));
+ for (String actual : actualProtocols) {
+ if (set.add(actual)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private static boolean checkCipherSuites(String[] target) {
+ boolean success = true;
+ if (target.length == 0) {
+ System.out.println("\tError: No cipher suites");
+ success = false;
+ }
+
+ return success;
+ }
+
+ public static void main(String[] args) throws Exception {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
+ boolean failed = false;
+ for (ContextVersion cv : ContextVersion.values()) {
+ System.out.println("Checking SSLContext of " + cv.contextVersion);
+ SSLContext context = SSLContext.getInstance(cv.contextVersion);
+
+ // Default SSLContext is initialized automatically.
+ if (!cv.contextVersion.equals("Default")) {
+ // Use default TK, KM and random.
+ context.init((KeyManager[])null, (TrustManager[])null, null);
+ }
+
+ //
+ // Check SSLContext
+ //
+ // Check default SSLParameters of SSLContext
+ System.out.println("\tChecking default SSLParameters");
+ SSLParameters parameters = context.getDefaultSSLParameters();
+
+ String[] protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ String[] ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ // Check supported SSLParameters of SSLContext
+ System.out.println("\tChecking supported SSLParameters");
+ parameters = context.getSupportedSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLEngine
+ //
+ // Check SSLParameters of SSLEngine
+ System.out.println();
+ System.out.println("\tChecking SSLEngine of this SSLContext");
+ System.out.println("\tChecking SSLEngine.getSSLParameters()");
+ SSLEngine engine = context.createSSLEngine();
+ engine.setUseClientMode(true);
+ parameters = engine.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = engine.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = engine.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = engine.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = engine.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLSocket
+ //
+ // Check SSLParameters of SSLSocket
+ System.out.println();
+ System.out.println("\tChecking SSLSocket of this SSLContext");
+ System.out.println("\tChecking SSLSocket.getSSLParameters()");
+ SocketFactory fac = context.getSocketFactory();
+ SSLSocket socket = (SSLSocket)fac.createSocket();
+ parameters = socket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = socket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.enabledProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = socket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = socket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = socket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ //
+ // Check SSLServerSocket
+ //
+ // Check SSLParameters of SSLServerSocket
+ System.out.println();
+ System.out.println("\tChecking SSLServerSocket of this SSLContext");
+ System.out.println("\tChecking SSLServerSocket.getSSLParameters()");
+ SSLServerSocketFactory sf = context.getServerSocketFactory();
+ SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket();
+ parameters = ssocket.getSSLParameters();
+
+ protocols = parameters.getProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ ciphers = parameters.getCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getEnabledProtocols()");
+ protocols = ssocket.getEnabledProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()");
+ ciphers = ssocket.getEnabledCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+
+ System.out.println("\tChecking SSLEngine.getSupportedProtocols()");
+ protocols = ssocket.getSupportedProtocols();
+ failed |= !checkProtocols(protocols, cv.supportedProtocols);
+
+ System.out.println(
+ "\tChecking SSLEngine.getSupportedCipherSuites()");
+ ciphers = ssocket.getSupportedCipherSuites();
+ failed |= !checkCipherSuites(ciphers);
+ }
+
+ if (failed) {
+ throw new Exception("Run into problems, see log for more details");
+ } else {
+ System.out.println("\t... Success");
+ }
+ }
+}
--- a/test/jdk/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java Fri May 25 12:24:17 2018 -0700
+++ b/test/jdk/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java Fri May 25 12:43:45 2018 -0700
@@ -47,7 +47,7 @@
import javax.net.ssl.TrustManager;
public class DefaultEnabledProtocols {
- static enum ContextVersion {
+ enum ContextVersion {
TLS_CV_01("SSL",
new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}),
TLS_CV_02("TLS",
@@ -86,10 +86,9 @@
if (!protocolEquals(target, expected)) {
System.out.println("\tError: Expected to get protocols " +
Arrays.toString(expected));
- System.out.println("\tError: The actual protocols " +
- Arrays.toString(target));
success = false;
}
+ System.out.println("\t Protocols found " + Arrays.toString(target));
return success;
}