22068
|
1 |
/*
|
|
2 |
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
|
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
4 |
*
|
|
5 |
* This code is free software; you can redistribute it and/or modify it
|
|
6 |
* under the terms of the GNU General Public License version 2 only, as
|
|
7 |
* published by the Free Software Foundation.
|
|
8 |
*
|
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
13 |
* accompanied this code).
|
|
14 |
*
|
|
15 |
* You should have received a copy of the GNU General Public License version
|
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
18 |
*
|
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
20 |
* or visit www.oracle.com if you need additional information or have any
|
|
21 |
* questions.
|
|
22 |
*/
|
|
23 |
|
|
24 |
// SunJSSE does not support dynamic system properties, no way to re-use
|
|
25 |
// system properties in samevm/agentvm mode.
|
|
26 |
|
|
27 |
/*
|
|
28 |
* @test
|
|
29 |
* @bug 7093640
|
|
30 |
* @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
|
|
31 |
* @run main/othervm -Djdk.tls.client.protocols="XSLv3,TLSv1"
|
|
32 |
* IllegalProtocolProperty
|
|
33 |
*/
|
|
34 |
|
|
35 |
import javax.net.ssl.*;
|
|
36 |
import java.security.NoSuchAlgorithmException;
|
|
37 |
|
|
38 |
public class IllegalProtocolProperty {
|
|
39 |
static enum ContextVersion {
|
|
40 |
TLS_CV_01("SSL", "TLSv1", "TLSv1.2", true),
|
|
41 |
TLS_CV_02("TLS", "TLSv1", "TLSv1.2", true),
|
|
42 |
TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2", false),
|
|
43 |
TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2", false),
|
|
44 |
TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2", false),
|
|
45 |
TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2", false),
|
|
46 |
TLS_CV_07("Default", "TLSv1", "TLSv1.2", true);
|
|
47 |
|
|
48 |
final String contextVersion;
|
|
49 |
final String defaultProtocolVersion;
|
|
50 |
final String supportedProtocolVersion;
|
|
51 |
final boolean impacted;
|
|
52 |
|
|
53 |
ContextVersion(String contextVersion, String defaultProtocolVersion,
|
|
54 |
String supportedProtocolVersion, boolean impacted) {
|
|
55 |
this.contextVersion = contextVersion;
|
|
56 |
this.defaultProtocolVersion = defaultProtocolVersion;
|
|
57 |
this.supportedProtocolVersion = supportedProtocolVersion;
|
|
58 |
this.impacted = impacted;
|
|
59 |
}
|
|
60 |
}
|
|
61 |
|
|
62 |
public static void main(String[] args) throws Exception {
|
|
63 |
for (ContextVersion cv : ContextVersion.values()) {
|
|
64 |
System.out.println("Checking SSLContext of " + cv.contextVersion);
|
|
65 |
|
|
66 |
SSLContext context;
|
|
67 |
try {
|
|
68 |
context = SSLContext.getInstance(cv.contextVersion);
|
|
69 |
if (cv.impacted) {
|
|
70 |
throw new Exception(
|
|
71 |
"illegal system property jdk.tls.client.protocols: " +
|
|
72 |
System.getProperty("jdk.tls.client.protocols"));
|
|
73 |
}
|
|
74 |
} catch (NoSuchAlgorithmException nsae) {
|
|
75 |
if (cv.impacted) {
|
|
76 |
System.out.println(
|
|
77 |
"\tIgnore: illegal system property " +
|
|
78 |
"jdk.tls.client.protocols=" +
|
|
79 |
System.getProperty("jdk.tls.client.protocols"));
|
|
80 |
continue;
|
|
81 |
} else {
|
|
82 |
throw nsae;
|
|
83 |
}
|
|
84 |
}
|
|
85 |
|
|
86 |
// Default SSLContext is initialized automatically.
|
|
87 |
if (!cv.contextVersion.equals("Default")) {
|
|
88 |
// Use default TK, KM and random.
|
|
89 |
context.init((KeyManager[])null, (TrustManager[])null, null);
|
|
90 |
}
|
|
91 |
|
|
92 |
SSLParameters parameters = context.getDefaultSSLParameters();
|
|
93 |
|
|
94 |
String[] protocols = parameters.getProtocols();
|
|
95 |
String[] ciphers = parameters.getCipherSuites();
|
|
96 |
|
|
97 |
if (protocols.length == 0 || ciphers.length == 0) {
|
|
98 |
throw new Exception("No default protocols or cipher suites");
|
|
99 |
}
|
|
100 |
|
|
101 |
boolean isMatch = false;
|
|
102 |
for (String protocol : protocols) {
|
|
103 |
System.out.println("\tdefault protocol version " + protocol);
|
|
104 |
if (protocol.equals(cv.defaultProtocolVersion)) {
|
|
105 |
isMatch = true;
|
|
106 |
break;
|
|
107 |
}
|
|
108 |
}
|
|
109 |
|
|
110 |
if (!isMatch) {
|
|
111 |
throw new Exception("No matched default protocol");
|
|
112 |
}
|
|
113 |
|
|
114 |
parameters = context.getSupportedSSLParameters();
|
|
115 |
|
|
116 |
protocols = parameters.getProtocols();
|
|
117 |
ciphers = parameters.getCipherSuites();
|
|
118 |
|
|
119 |
if (protocols.length == 0 || ciphers.length == 0) {
|
|
120 |
throw new Exception("No supported protocols or cipher suites");
|
|
121 |
}
|
|
122 |
|
|
123 |
isMatch = false;
|
|
124 |
for (String protocol : protocols) {
|
|
125 |
System.out.println("\tsupported protocol version " + protocol);
|
|
126 |
if (protocol.equals(cv.supportedProtocolVersion)) {
|
|
127 |
isMatch = true;
|
|
128 |
break;
|
|
129 |
}
|
|
130 |
}
|
|
131 |
|
|
132 |
if (!isMatch) {
|
|
133 |
throw new Exception("No matched supported protocol");
|
|
134 |
}
|
|
135 |
System.out.println("\t... Success");
|
|
136 |
}
|
|
137 |
}
|
|
138 |
}
|