Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
19235704
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
19235704
编写于
12月 18, 2013
作者:
X
xuelei
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
7093640: Enable client-side TLS 1.2 by default
Reviewed-by: weijun, mullan, wetmore
上级
0de0b2e0
变更
10
隐藏空白更改
内联
并排
Showing
10 changed file
with
1070 addition
and
181 deletion
+1070
-181
src/share/classes/sun/security/ssl/ProtocolVersion.java
src/share/classes/sun/security/ssl/ProtocolVersion.java
+3
-3
src/share/classes/sun/security/ssl/SSLContextImpl.java
src/share/classes/sun/security/ssl/SSLContextImpl.java
+193
-164
src/share/classes/sun/security/ssl/SunJSSE.java
src/share/classes/sun/security/ssl/SunJSSE.java
+9
-7
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
.../sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
+1
-1
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java
...ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java
+2
-2
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
...ternal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
+239
-0
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java
.../internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java
+238
-0
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/IllegalProtocolProperty.java
.../internal/ssl/SSLContextImpl/IllegalProtocolProperty.java
+138
-0
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java
.../ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java
+239
-0
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/SSLContextVersion.java
...et/ssl/internal/ssl/SSLContextImpl/SSLContextVersion.java
+8
-4
未找到文件。
src/share/classes/sun/security/ssl/ProtocolVersion.java
浏览文件 @
19235704
/*
* Copyright (c) 2002, 201
0
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -80,8 +80,8 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> {
// maximum version we implement (TLS 1.2)
final
static
ProtocolVersion
MAX
=
TLS12
;
// ProtocolVersion to use by default (TLS 1.
0
)
final
static
ProtocolVersion
DEFAULT
=
TLS1
0
;
// ProtocolVersion to use by default (TLS 1.
2
)
final
static
ProtocolVersion
DEFAULT
=
TLS1
2
;
// Default version for hello messages (SSLv2Hello)
final
static
ProtocolVersion
DEFAULT_HELLO
=
FIPS
?
TLS10
:
SSL30
;
...
...
src/share/classes/sun/security/ssl/SSLContextImpl.java
浏览文件 @
19235704
/*
* Copyright (c) 1999, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -36,6 +36,7 @@ import java.security.cert.Certificate;
import
javax.net.ssl.*
;
import
sun.security.provider.certpath.AlgorithmChecker
;
import
sun.security.action.GetPropertyAction
;
public
abstract
class
SSLContextImpl
extends
SSLContextSpi
{
...
...
@@ -421,22 +422,21 @@ public abstract class SSLContextImpl extends SSLContextSpi {
*/
/*
* The conservative SSLContext implementation for TLS, SSL, SSLv3 and
* TLS10 algorithm.
* The base abstract SSLContext implementation.
*
* This is a super class of DefaultSSLContext and TLS10Context.
* This abstract class encapsulates supported and the default server
* SSL parameters.
*
* @see SSLContext
*/
private
static
class
Conservative
SSLContext
extends
SSLContextImpl
{
private
abstract
static
class
Abstract
SSLContext
extends
SSLContextImpl
{
// parameters
private
static
SSLParameters
defaultServerSSLParams
;
private
static
SSLParameters
defaultClientSSLParams
;
private
static
SSLParameters
supportedSSLParams
;
private
final
static
SSLParameters
defaultServerSSLParams
;
private
final
static
SSLParameters
supportedSSLParams
;
static
{
supportedSSLParams
=
new
SSLParameters
();
if
(
SunJSSE
.
isFIPS
())
{
supportedSSLParams
=
new
SSLParameters
();
supportedSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
...
...
@@ -444,14 +444,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
});
defaultServerSSLParams
=
supportedSSLParams
;
defaultClientSSLParams
=
new
SSLParameters
();
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
});
}
else
{
supportedSSLParams
=
new
SSLParameters
();
supportedSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL20Hello
.
name
,
ProtocolVersion
.
SSL30
.
name
,
...
...
@@ -461,8 +454,36 @@ public abstract class SSLContextImpl extends SSLContextSpi {
});
defaultServerSSLParams
=
supportedSSLParams
;
}
}
@Override
SSLParameters
getDefaultServerSSLParams
()
{
return
defaultServerSSLParams
;
}
defaultClientSSLParams
=
new
SSLParameters
();
@Override
SSLParameters
getSupportedSSLParams
()
{
return
supportedSSLParams
;
}
}
/*
* The SSLContext implementation for SSLv3 and TLS10 algorithm
*
* @see SSLContext
*/
public
static
final
class
TLS10Context
extends
AbstractSSLContext
{
private
final
static
SSLParameters
defaultClientSSLParams
;
static
{
defaultClientSSLParams
=
new
SSLParameters
();
if
(
SunJSSE
.
isFIPS
())
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
});
}
else
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL30
.
name
,
ProtocolVersion
.
TLS10
.
name
...
...
@@ -471,27 +492,176 @@ public abstract class SSLContextImpl extends SSLContextSpi {
}
@Override
SSLParameters
getDefaultServerSSLParams
()
{
return
defaultServerSSLParams
;
SSLParameters
getDefaultClientSSLParams
()
{
return
defaultClientSSLParams
;
}
}
/*
* The SSLContext implementation for TLS11 algorithm
*
* @see SSLContext
*/
public
static
final
class
TLS11Context
extends
AbstractSSLContext
{
private
final
static
SSLParameters
defaultClientSSLParams
;
static
{
defaultClientSSLParams
=
new
SSLParameters
();
if
(
SunJSSE
.
isFIPS
())
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
});
}
else
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL30
.
name
,
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
});
}
}
@Override
SSLParameters
getDefaultClientSSLParams
()
{
return
defaultClientSSLParams
;
}
}
/*
* The SSLContext implementation for TLS12 algorithm
*
* @see SSLContext
*/
public
static
final
class
TLS12Context
extends
AbstractSSLContext
{
private
final
static
SSLParameters
defaultClientSSLParams
;
static
{
defaultClientSSLParams
=
new
SSLParameters
();
if
(
SunJSSE
.
isFIPS
())
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
});
}
else
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL30
.
name
,
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
});
}
}
@Override
SSLParameters
getDefaultClientSSLParams
()
{
return
defaultClientSSLParams
;
}
}
/*
* The SSLContext implementation for customized TLS protocols
*
* @see SSLContext
*/
private
static
class
CustomizedSSLContext
extends
AbstractSSLContext
{
private
final
static
String
PROPERTY_NAME
=
"jdk.tls.client.protocols"
;
private
final
static
SSLParameters
defaultClientSSLParams
;
private
static
IllegalArgumentException
reservedException
=
null
;
// Don't want a java.lang.LinkageError for illegal system property.
//
// Please don't throw exception in this static block. Otherwise,
// java.lang.LinkageError may be thrown during the instantiation of
// the provider service. Instead, let's handle the initialization
// exception in constructor.
static
{
String
property
=
AccessController
.
doPrivileged
(
new
GetPropertyAction
(
PROPERTY_NAME
));
defaultClientSSLParams
=
new
SSLParameters
();
if
(
property
==
null
||
property
.
length
()
==
0
)
{
// the default enabled client TLS protocols
if
(
SunJSSE
.
isFIPS
())
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
});
}
else
{
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL30
.
name
,
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
});
}
}
else
{
// remove double quote marks from beginning/end of the property
if
(
property
.
charAt
(
0
)
==
'"'
&&
property
.
charAt
(
property
.
length
()
-
1
)
==
'"'
)
{
property
=
property
.
substring
(
1
,
property
.
length
()
-
1
);
}
String
[]
protocols
=
property
.
split
(
","
);
for
(
int
i
=
0
;
i
<
protocols
.
length
;
i
++)
{
protocols
[
i
]
=
protocols
[
i
].
trim
();
// Is it a supported protocol name?
try
{
ProtocolVersion
.
valueOf
(
protocols
[
i
]);
}
catch
(
IllegalArgumentException
iae
)
{
reservedException
=
new
IllegalArgumentException
(
PROPERTY_NAME
+
": "
+
protocols
[
i
]
+
" is not a standard SSL protocol name"
,
iae
);
}
}
if
((
reservedException
==
null
)
&&
SunJSSE
.
isFIPS
())
{
for
(
String
protocol
:
protocols
)
{
if
(
ProtocolVersion
.
SSL20Hello
.
name
.
equals
(
protocol
)
||
ProtocolVersion
.
SSL30
.
name
.
equals
(
protocol
))
{
reservedException
=
new
IllegalArgumentException
(
PROPERTY_NAME
+
": "
+
protocol
+
" is not FIPS compliant"
);
}
}
}
if
(
reservedException
==
null
)
{
defaultClientSSLParams
.
setProtocols
(
protocols
);
}
}
}
protected
CustomizedSSLContext
()
{
if
(
reservedException
!=
null
)
{
throw
reservedException
;
}
}
@Override
SSLParameters
get
Supported
SSLParams
()
{
return
supported
SSLParams
;
SSLParameters
get
DefaultClient
SSLParams
()
{
return
defaultClient
SSLParams
;
}
}
/*
* The SSLContext implementation for default algorithm
* The SSLContext implementation for default "TLS" algorithm
*
* @see SSLContext
*/
public
static
final
class
TLSContext
extends
CustomizedSSLContext
{
// use the default constructor and methods
}
/*
* The SSLContext implementation for default "Default" algorithm
*
* @see SSLContext
*/
public
static
final
class
DefaultSSLContext
extends
C
onservative
SSLContext
{
public
static
final
class
DefaultSSLContext
extends
C
ustomized
SSLContext
{
private
static
final
String
NONE
=
"NONE"
;
private
static
final
String
P11KEYSTORE
=
"PKCS11"
;
...
...
@@ -652,147 +822,6 @@ public abstract class SSLContextImpl extends SSLContextSpi {
}
}
/*
* The SSLContext implementation for TLS, SSL, SSLv3 and TLS10 algorithm
*
* @see SSLContext
*/
public
static
final
class
TLS10Context
extends
ConservativeSSLContext
{
// use the default constructor and methods
}
/*
* The SSLContext implementation for TLS11 algorithm
*
* @see SSLContext
*/
public
static
final
class
TLS11Context
extends
SSLContextImpl
{
// parameters
private
static
SSLParameters
defaultServerSSLParams
;
private
static
SSLParameters
defaultClientSSLParams
;
private
static
SSLParameters
supportedSSLParams
;
static
{
if
(
SunJSSE
.
isFIPS
())
{
supportedSSLParams
=
new
SSLParameters
();
supportedSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
});
defaultServerSSLParams
=
supportedSSLParams
;
defaultClientSSLParams
=
new
SSLParameters
();
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
});
}
else
{
supportedSSLParams
=
new
SSLParameters
();
supportedSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL20Hello
.
name
,
ProtocolVersion
.
SSL30
.
name
,
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
});
defaultServerSSLParams
=
supportedSSLParams
;
defaultClientSSLParams
=
new
SSLParameters
();
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL30
.
name
,
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
});
}
}
@Override
SSLParameters
getDefaultServerSSLParams
()
{
return
defaultServerSSLParams
;
}
@Override
SSLParameters
getDefaultClientSSLParams
()
{
return
defaultClientSSLParams
;
}
@Override
SSLParameters
getSupportedSSLParams
()
{
return
supportedSSLParams
;
}
}
/*
* The SSLContext implementation for TLS12 algorithm
*
* @see SSLContext
*/
public
static
final
class
TLS12Context
extends
SSLContextImpl
{
// parameters
private
static
SSLParameters
defaultServerSSLParams
;
private
static
SSLParameters
defaultClientSSLParams
;
private
static
SSLParameters
supportedSSLParams
;
static
{
if
(
SunJSSE
.
isFIPS
())
{
supportedSSLParams
=
new
SSLParameters
();
supportedSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
});
defaultServerSSLParams
=
supportedSSLParams
;
defaultClientSSLParams
=
new
SSLParameters
();
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
});
}
else
{
supportedSSLParams
=
new
SSLParameters
();
supportedSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL20Hello
.
name
,
ProtocolVersion
.
SSL30
.
name
,
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
});
defaultServerSSLParams
=
supportedSSLParams
;
defaultClientSSLParams
=
new
SSLParameters
();
defaultClientSSLParams
.
setProtocols
(
new
String
[]
{
ProtocolVersion
.
SSL30
.
name
,
ProtocolVersion
.
TLS10
.
name
,
ProtocolVersion
.
TLS11
.
name
,
ProtocolVersion
.
TLS12
.
name
});
}
}
@Override
SSLParameters
getDefaultServerSSLParams
()
{
return
defaultServerSSLParams
;
}
@Override
SSLParameters
getDefaultClientSSLParams
()
{
return
defaultClientSSLParams
;
}
@Override
SSLParameters
getSupportedSSLParams
()
{
return
supportedSSLParams
;
}
}
}
...
...
src/share/classes/sun/security/ssl/SunJSSE.java
浏览文件 @
19235704
...
...
@@ -60,7 +60,8 @@ public abstract class SunJSSE extends java.security.Provider {
private
static
final
long
serialVersionUID
=
3231825739635378733L
;
private
static
String
info
=
"Sun JSSE provider"
+
"(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)"
;
"(PKCS12, SunX509/PKIX key/trust factories, "
+
"SSLv3/TLSv1/TLSv1.1/TLSv1.2)"
;
private
static
String
fipsInfo
=
"Sun JSSE provider (FIPS mode, crypto provider "
;
...
...
@@ -208,16 +209,17 @@ public abstract class SunJSSE extends java.security.Provider {
put
(
"SSLContext.TLSv1"
,
"sun.security.ssl.SSLContextImpl$TLS10Context"
);
put
(
"Alg.Alias.SSLContext.TLS"
,
"TLSv1"
);
if
(
isfips
==
false
)
{
put
(
"Alg.Alias.SSLContext.SSL"
,
"TLSv1"
);
put
(
"Alg.Alias.SSLContext.SSLv3"
,
"TLSv1"
);
}
put
(
"SSLContext.TLSv1.1"
,
"sun.security.ssl.SSLContextImpl$TLS11Context"
);
put
(
"SSLContext.TLSv1.2"
,
"sun.security.ssl.SSLContextImpl$TLS12Context"
);
put
(
"SSLContext.TLS"
,
"sun.security.ssl.SSLContextImpl$TLSContext"
);
if
(
isfips
==
false
)
{
put
(
"Alg.Alias.SSLContext.SSL"
,
"TLS"
);
put
(
"Alg.Alias.SSLContext.SSLv3"
,
"TLSv1"
);
}
put
(
"SSLContext.Default"
,
"sun.security.ssl.SSLContextImpl$DefaultSSLContext"
);
...
...
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
浏览文件 @
19235704
...
...
@@ -443,7 +443,7 @@ public class DHEKeySizing {
TrustManagerFactory
tmf
=
TrustManagerFactory
.
getInstance
(
"SunX509"
);
tmf
.
init
(
ts
);
SSLContext
sslCtx
=
SSLContext
.
getInstance
(
"TLS"
);
SSLContext
sslCtx
=
SSLContext
.
getInstance
(
"TLS
v1
"
);
sslCtx
.
init
(
kmf
.
getKeyManagers
(),
tmf
.
getTrustManagers
(),
null
);
return
sslCtx
;
...
...
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java
浏览文件 @
19235704
/*
* Copyright (c) 2003, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -159,7 +159,7 @@ public class DebugReportsOneExtraByte {
TrustManagerFactory
tmf
=
TrustManagerFactory
.
getInstance
(
"SunX509"
);
tmf
.
init
(
ts
);
SSLContext
sslCtx
=
SSLContext
.
getInstance
(
"TLS"
);
SSLContext
sslCtx
=
SSLContext
.
getInstance
(
"TLS
v1
"
);
sslCtx
.
init
(
kmf
.
getKeyManagers
(),
tmf
.
getTrustManagers
(),
null
);
...
...
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java
0 → 100644
浏览文件 @
19235704
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
/*
* @test
* @bug 7093640
* @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
* @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1"
* CustomizedDefaultProtocols
*/
import
javax.net.*
;
import
javax.net.ssl.*
;
import
java.util.Arrays
;
public
class
CustomizedDefaultProtocols
{
static
enum
ContextVersion
{
TLS_CV_01
(
"SSL"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
}),
TLS_CV_02
(
"TLS"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
}),
TLS_CV_03
(
"SSLv3"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
}),
TLS_CV_04
(
"TLSv1"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
}),
TLS_CV_05
(
"TLSv1.1"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
}),
TLS_CV_06
(
"TLSv1.2"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
,
"TLSv1.2"
}),
TLS_CV_07
(
"Default"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
});
final
String
contextVersion
;
final
String
[]
enabledProtocols
;
final
static
String
[]
supportedProtocols
=
new
String
[]
{
"SSLv2Hello"
,
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
,
"TLSv1.2"
};
ContextVersion
(
String
contextVersion
,
String
[]
enabledProtocols
)
{
this
.
contextVersion
=
contextVersion
;
this
.
enabledProtocols
=
enabledProtocols
;
}
}
private
static
boolean
checkProtocols
(
String
[]
target
,
String
[]
expected
)
{
boolean
success
=
true
;
if
(
target
.
length
==
0
)
{
System
.
out
.
println
(
"\tError: No protocols"
);
success
=
false
;
}
if
(!
Arrays
.
equals
(
target
,
expected
))
{
System
.
out
.
println
(
"\tError: Expected to get protocols "
+
Arrays
.
toString
(
expected
));
System
.
out
.
println
(
"\tError: The actual protocols "
+
Arrays
.
toString
(
target
));
success
=
false
;
}
return
success
;
}
private
static
boolean
checkCipherSuites
(
String
[]
target
)
{
boolean
success
=
true
;
if
(
target
.
length
==
0
)
{
System
.
out
.
println
(
"\tError: No cipher suites"
);
success
=
false
;
}
return
success
;
}
public
static
void
main
(
String
[]
args
)
throws
Exception
{
boolean
failed
=
false
;
for
(
ContextVersion
cv
:
ContextVersion
.
values
())
{
System
.
out
.
println
(
"Checking SSLContext of "
+
cv
.
contextVersion
);
SSLContext
context
=
SSLContext
.
getInstance
(
cv
.
contextVersion
);
// Default SSLContext is initialized automatically.
if
(!
cv
.
contextVersion
.
equals
(
"Default"
))
{
// Use default TK, KM and random.
context
.
init
((
KeyManager
[])
null
,
(
TrustManager
[])
null
,
null
);
}
//
// Check SSLContext
//
// Check default SSLParameters of SSLContext
System
.
out
.
println
(
"\tChecking default SSLParameters"
);
SSLParameters
parameters
=
context
.
getDefaultSSLParameters
();
String
[]
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
String
[]
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
// Check supported SSLParameters of SSLContext
System
.
out
.
println
(
"\tChecking supported SSLParameters"
);
parameters
=
context
.
getSupportedSSLParameters
();
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
//
// Check SSLEngine
//
// Check SSLParameters of SSLEngine
System
.
out
.
println
();
System
.
out
.
println
(
"\tChecking SSLEngine of this SSLContext"
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSSLParameters()"
);
SSLEngine
engine
=
context
.
createSSLEngine
();
engine
.
setUseClientMode
(
true
);
parameters
=
engine
.
getSSLParameters
();
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledProtocols()"
);
protocols
=
engine
.
getEnabledProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledCipherSuites()"
);
ciphers
=
engine
.
getEnabledCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedProtocols()"
);
protocols
=
engine
.
getSupportedProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedCipherSuites()"
);
ciphers
=
engine
.
getSupportedCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
//
// Check SSLSocket
//
// Check SSLParameters of SSLSocket
System
.
out
.
println
();
System
.
out
.
println
(
"\tChecking SSLSocket of this SSLContext"
);
System
.
out
.
println
(
"\tChecking SSLSocket.getSSLParameters()"
);
SocketFactory
fac
=
context
.
getSocketFactory
();
SSLSocket
socket
=
(
SSLSocket
)
fac
.
createSocket
();
parameters
=
socket
.
getSSLParameters
();
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledProtocols()"
);
protocols
=
socket
.
getEnabledProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledCipherSuites()"
);
ciphers
=
socket
.
getEnabledCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedProtocols()"
);
protocols
=
socket
.
getSupportedProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedCipherSuites()"
);
ciphers
=
socket
.
getSupportedCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
//
// Check SSLServerSocket
//
// Check SSLParameters of SSLServerSocket
System
.
out
.
println
();
System
.
out
.
println
(
"\tChecking SSLServerSocket of this SSLContext"
);
System
.
out
.
println
(
"\tChecking SSLServerSocket.getSSLParameters()"
);
SSLServerSocketFactory
sf
=
context
.
getServerSocketFactory
();
SSLServerSocket
ssocket
=
(
SSLServerSocket
)
sf
.
createServerSocket
();
parameters
=
ssocket
.
getSSLParameters
();
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledProtocols()"
);
protocols
=
ssocket
.
getEnabledProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledCipherSuites()"
);
ciphers
=
ssocket
.
getEnabledCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedProtocols()"
);
protocols
=
ssocket
.
getSupportedProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedCipherSuites()"
);
ciphers
=
ssocket
.
getSupportedCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
}
if
(
failed
)
{
throw
new
Exception
(
"Run into problems, see log for more details"
);
}
else
{
System
.
out
.
println
(
"\t... Success"
);
}
}
}
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java
0 → 100644
浏览文件 @
19235704
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
/*
* @test
* @bug 7093640
* @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
* @run main/othervm DefaultEnabledProtocols
*/
import
javax.net.*
;
import
javax.net.ssl.*
;
import
java.util.Arrays
;
public
class
DefaultEnabledProtocols
{
static
enum
ContextVersion
{
TLS_CV_01
(
"SSL"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
,
"TLSv1.2"
}),
TLS_CV_02
(
"TLS"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
,
"TLSv1.2"
}),
TLS_CV_03
(
"SSLv3"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
}),
TLS_CV_04
(
"TLSv1"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
}),
TLS_CV_05
(
"TLSv1.1"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
}),
TLS_CV_06
(
"TLSv1.2"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
,
"TLSv1.2"
}),
TLS_CV_07
(
"Default"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
,
"TLSv1.2"
});
final
String
contextVersion
;
final
String
[]
enabledProtocols
;
final
static
String
[]
supportedProtocols
=
new
String
[]
{
"SSLv2Hello"
,
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
,
"TLSv1.2"
};
ContextVersion
(
String
contextVersion
,
String
[]
enabledProtocols
)
{
this
.
contextVersion
=
contextVersion
;
this
.
enabledProtocols
=
enabledProtocols
;
}
}
private
static
boolean
checkProtocols
(
String
[]
target
,
String
[]
expected
)
{
boolean
success
=
true
;
if
(
target
.
length
==
0
)
{
System
.
out
.
println
(
"\tError: No protocols"
);
success
=
false
;
}
if
(!
Arrays
.
equals
(
target
,
expected
))
{
System
.
out
.
println
(
"\tError: Expected to get protocols "
+
Arrays
.
toString
(
expected
));
System
.
out
.
println
(
"\tError: The actual protocols "
+
Arrays
.
toString
(
target
));
success
=
false
;
}
return
success
;
}
private
static
boolean
checkCipherSuites
(
String
[]
target
)
{
boolean
success
=
true
;
if
(
target
.
length
==
0
)
{
System
.
out
.
println
(
"\tError: No cipher suites"
);
success
=
false
;
}
return
success
;
}
public
static
void
main
(
String
[]
args
)
throws
Exception
{
boolean
failed
=
false
;
for
(
ContextVersion
cv
:
ContextVersion
.
values
())
{
System
.
out
.
println
(
"Checking SSLContext of "
+
cv
.
contextVersion
);
SSLContext
context
=
SSLContext
.
getInstance
(
cv
.
contextVersion
);
// Default SSLContext is initialized automatically.
if
(!
cv
.
contextVersion
.
equals
(
"Default"
))
{
// Use default TK, KM and random.
context
.
init
((
KeyManager
[])
null
,
(
TrustManager
[])
null
,
null
);
}
//
// Check SSLContext
//
// Check default SSLParameters of SSLContext
System
.
out
.
println
(
"\tChecking default SSLParameters"
);
SSLParameters
parameters
=
context
.
getDefaultSSLParameters
();
String
[]
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
String
[]
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
// Check supported SSLParameters of SSLContext
System
.
out
.
println
(
"\tChecking supported SSLParameters"
);
parameters
=
context
.
getSupportedSSLParameters
();
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
//
// Check SSLEngine
//
// Check SSLParameters of SSLEngine
System
.
out
.
println
();
System
.
out
.
println
(
"\tChecking SSLEngine of this SSLContext"
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSSLParameters()"
);
SSLEngine
engine
=
context
.
createSSLEngine
();
engine
.
setUseClientMode
(
true
);
parameters
=
engine
.
getSSLParameters
();
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledProtocols()"
);
protocols
=
engine
.
getEnabledProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledCipherSuites()"
);
ciphers
=
engine
.
getEnabledCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedProtocols()"
);
protocols
=
engine
.
getSupportedProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedCipherSuites()"
);
ciphers
=
engine
.
getSupportedCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
//
// Check SSLSocket
//
// Check SSLParameters of SSLSocket
System
.
out
.
println
();
System
.
out
.
println
(
"\tChecking SSLSocket of this SSLContext"
);
System
.
out
.
println
(
"\tChecking SSLSocket.getSSLParameters()"
);
SocketFactory
fac
=
context
.
getSocketFactory
();
SSLSocket
socket
=
(
SSLSocket
)
fac
.
createSocket
();
parameters
=
socket
.
getSSLParameters
();
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledProtocols()"
);
protocols
=
socket
.
getEnabledProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledCipherSuites()"
);
ciphers
=
socket
.
getEnabledCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedProtocols()"
);
protocols
=
socket
.
getSupportedProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedCipherSuites()"
);
ciphers
=
socket
.
getSupportedCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
//
// Check SSLServerSocket
//
// Check SSLParameters of SSLServerSocket
System
.
out
.
println
();
System
.
out
.
println
(
"\tChecking SSLServerSocket of this SSLContext"
);
System
.
out
.
println
(
"\tChecking SSLServerSocket.getSSLParameters()"
);
SSLServerSocketFactory
sf
=
context
.
getServerSocketFactory
();
SSLServerSocket
ssocket
=
(
SSLServerSocket
)
sf
.
createServerSocket
();
parameters
=
ssocket
.
getSSLParameters
();
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledProtocols()"
);
protocols
=
ssocket
.
getEnabledProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledCipherSuites()"
);
ciphers
=
ssocket
.
getEnabledCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedProtocols()"
);
protocols
=
ssocket
.
getSupportedProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedCipherSuites()"
);
ciphers
=
ssocket
.
getSupportedCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
}
if
(
failed
)
{
throw
new
Exception
(
"Run into problems, see log for more details"
);
}
else
{
System
.
out
.
println
(
"\t... Success"
);
}
}
}
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/IllegalProtocolProperty.java
0 → 100644
浏览文件 @
19235704
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
/*
* @test
* @bug 7093640
* @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
* @run main/othervm -Djdk.tls.client.protocols="XSLv3,TLSv1"
* IllegalProtocolProperty
*/
import
javax.net.ssl.*
;
import
java.security.NoSuchAlgorithmException
;
public
class
IllegalProtocolProperty
{
static
enum
ContextVersion
{
TLS_CV_01
(
"SSL"
,
"TLSv1"
,
"TLSv1.2"
,
true
),
TLS_CV_02
(
"TLS"
,
"TLSv1"
,
"TLSv1.2"
,
true
),
TLS_CV_03
(
"SSLv3"
,
"TLSv1"
,
"TLSv1.2"
,
false
),
TLS_CV_04
(
"TLSv1"
,
"TLSv1"
,
"TLSv1.2"
,
false
),
TLS_CV_05
(
"TLSv1.1"
,
"TLSv1.1"
,
"TLSv1.2"
,
false
),
TLS_CV_06
(
"TLSv1.2"
,
"TLSv1.2"
,
"TLSv1.2"
,
false
),
TLS_CV_07
(
"Default"
,
"TLSv1"
,
"TLSv1.2"
,
true
);
final
String
contextVersion
;
final
String
defaultProtocolVersion
;
final
String
supportedProtocolVersion
;
final
boolean
impacted
;
ContextVersion
(
String
contextVersion
,
String
defaultProtocolVersion
,
String
supportedProtocolVersion
,
boolean
impacted
)
{
this
.
contextVersion
=
contextVersion
;
this
.
defaultProtocolVersion
=
defaultProtocolVersion
;
this
.
supportedProtocolVersion
=
supportedProtocolVersion
;
this
.
impacted
=
impacted
;
}
}
public
static
void
main
(
String
[]
args
)
throws
Exception
{
for
(
ContextVersion
cv
:
ContextVersion
.
values
())
{
System
.
out
.
println
(
"Checking SSLContext of "
+
cv
.
contextVersion
);
SSLContext
context
;
try
{
context
=
SSLContext
.
getInstance
(
cv
.
contextVersion
);
if
(
cv
.
impacted
)
{
throw
new
Exception
(
"illegal system property jdk.tls.client.protocols: "
+
System
.
getProperty
(
"jdk.tls.client.protocols"
));
}
}
catch
(
NoSuchAlgorithmException
nsae
)
{
if
(
cv
.
impacted
)
{
System
.
out
.
println
(
"\tIgnore: illegal system property "
+
"jdk.tls.client.protocols="
+
System
.
getProperty
(
"jdk.tls.client.protocols"
));
continue
;
}
else
{
throw
nsae
;
}
}
// Default SSLContext is initialized automatically.
if
(!
cv
.
contextVersion
.
equals
(
"Default"
))
{
// Use default TK, KM and random.
context
.
init
((
KeyManager
[])
null
,
(
TrustManager
[])
null
,
null
);
}
SSLParameters
parameters
=
context
.
getDefaultSSLParameters
();
String
[]
protocols
=
parameters
.
getProtocols
();
String
[]
ciphers
=
parameters
.
getCipherSuites
();
if
(
protocols
.
length
==
0
||
ciphers
.
length
==
0
)
{
throw
new
Exception
(
"No default protocols or cipher suites"
);
}
boolean
isMatch
=
false
;
for
(
String
protocol
:
protocols
)
{
System
.
out
.
println
(
"\tdefault protocol version "
+
protocol
);
if
(
protocol
.
equals
(
cv
.
defaultProtocolVersion
))
{
isMatch
=
true
;
break
;
}
}
if
(!
isMatch
)
{
throw
new
Exception
(
"No matched default protocol"
);
}
parameters
=
context
.
getSupportedSSLParameters
();
protocols
=
parameters
.
getProtocols
();
ciphers
=
parameters
.
getCipherSuites
();
if
(
protocols
.
length
==
0
||
ciphers
.
length
==
0
)
{
throw
new
Exception
(
"No supported protocols or cipher suites"
);
}
isMatch
=
false
;
for
(
String
protocol
:
protocols
)
{
System
.
out
.
println
(
"\tsupported protocol version "
+
protocol
);
if
(
protocol
.
equals
(
cv
.
supportedProtocolVersion
))
{
isMatch
=
true
;
break
;
}
}
if
(!
isMatch
)
{
throw
new
Exception
(
"No matched supported protocol"
);
}
System
.
out
.
println
(
"\t... Success"
);
}
}
}
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java
0 → 100644
浏览文件 @
19235704
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
/*
* @test
* @bug 7093640
* @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
* @run main/othervm -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"
* NoOldVersionContext
*/
import
javax.net.*
;
import
javax.net.ssl.*
;
import
java.util.Arrays
;
public
class
NoOldVersionContext
{
static
enum
ContextVersion
{
TLS_CV_01
(
"SSL"
,
new
String
[]
{
"TLSv1"
,
"TLSv1.1"
,
"TLSv1.2"
}),
TLS_CV_02
(
"TLS"
,
new
String
[]
{
"TLSv1"
,
"TLSv1.1"
,
"TLSv1.2"
}),
TLS_CV_03
(
"SSLv3"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
}),
TLS_CV_04
(
"TLSv1"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
}),
TLS_CV_05
(
"TLSv1.1"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
}),
TLS_CV_06
(
"TLSv1.2"
,
new
String
[]
{
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
,
"TLSv1.2"
}),
TLS_CV_07
(
"Default"
,
new
String
[]
{
"TLSv1"
,
"TLSv1.1"
,
"TLSv1.2"
});
final
String
contextVersion
;
final
String
[]
enabledProtocols
;
final
static
String
[]
supportedProtocols
=
new
String
[]
{
"SSLv2Hello"
,
"SSLv3"
,
"TLSv1"
,
"TLSv1.1"
,
"TLSv1.2"
};
ContextVersion
(
String
contextVersion
,
String
[]
enabledProtocols
)
{
this
.
contextVersion
=
contextVersion
;
this
.
enabledProtocols
=
enabledProtocols
;
}
}
private
static
boolean
checkProtocols
(
String
[]
target
,
String
[]
expected
)
{
boolean
success
=
true
;
if
(
target
.
length
==
0
)
{
System
.
out
.
println
(
"\tError: No protocols"
);
success
=
false
;
}
if
(!
Arrays
.
equals
(
target
,
expected
))
{
System
.
out
.
println
(
"\tError: Expected to get protocols "
+
Arrays
.
toString
(
expected
));
System
.
out
.
println
(
"\tError: The actual protocols "
+
Arrays
.
toString
(
target
));
success
=
false
;
}
return
success
;
}
private
static
boolean
checkCipherSuites
(
String
[]
target
)
{
boolean
success
=
true
;
if
(
target
.
length
==
0
)
{
System
.
out
.
println
(
"\tError: No cipher suites"
);
success
=
false
;
}
return
success
;
}
public
static
void
main
(
String
[]
args
)
throws
Exception
{
boolean
failed
=
false
;
for
(
ContextVersion
cv
:
ContextVersion
.
values
())
{
System
.
out
.
println
(
"Checking SSLContext of "
+
cv
.
contextVersion
);
SSLContext
context
=
SSLContext
.
getInstance
(
cv
.
contextVersion
);
// Default SSLContext is initialized automatically.
if
(!
cv
.
contextVersion
.
equals
(
"Default"
))
{
// Use default TK, KM and random.
context
.
init
((
KeyManager
[])
null
,
(
TrustManager
[])
null
,
null
);
}
//
// Check SSLContext
//
// Check default SSLParameters of SSLContext
System
.
out
.
println
(
"\tChecking default SSLParameters"
);
SSLParameters
parameters
=
context
.
getDefaultSSLParameters
();
String
[]
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
String
[]
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
// Check supported SSLParameters of SSLContext
System
.
out
.
println
(
"\tChecking supported SSLParameters"
);
parameters
=
context
.
getSupportedSSLParameters
();
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
//
// Check SSLEngine
//
// Check SSLParameters of SSLEngine
System
.
out
.
println
();
System
.
out
.
println
(
"\tChecking SSLEngine of this SSLContext"
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSSLParameters()"
);
SSLEngine
engine
=
context
.
createSSLEngine
();
engine
.
setUseClientMode
(
true
);
parameters
=
engine
.
getSSLParameters
();
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledProtocols()"
);
protocols
=
engine
.
getEnabledProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledCipherSuites()"
);
ciphers
=
engine
.
getEnabledCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedProtocols()"
);
protocols
=
engine
.
getSupportedProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedCipherSuites()"
);
ciphers
=
engine
.
getSupportedCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
//
// Check SSLSocket
//
// Check SSLParameters of SSLSocket
System
.
out
.
println
();
System
.
out
.
println
(
"\tChecking SSLSocket of this SSLContext"
);
System
.
out
.
println
(
"\tChecking SSLSocket.getSSLParameters()"
);
SocketFactory
fac
=
context
.
getSocketFactory
();
SSLSocket
socket
=
(
SSLSocket
)
fac
.
createSocket
();
parameters
=
socket
.
getSSLParameters
();
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledProtocols()"
);
protocols
=
socket
.
getEnabledProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
enabledProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledCipherSuites()"
);
ciphers
=
socket
.
getEnabledCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedProtocols()"
);
protocols
=
socket
.
getSupportedProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedCipherSuites()"
);
ciphers
=
socket
.
getSupportedCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
//
// Check SSLServerSocket
//
// Check SSLParameters of SSLServerSocket
System
.
out
.
println
();
System
.
out
.
println
(
"\tChecking SSLServerSocket of this SSLContext"
);
System
.
out
.
println
(
"\tChecking SSLServerSocket.getSSLParameters()"
);
SSLServerSocketFactory
sf
=
context
.
getServerSocketFactory
();
SSLServerSocket
ssocket
=
(
SSLServerSocket
)
sf
.
createServerSocket
();
parameters
=
ssocket
.
getSSLParameters
();
protocols
=
parameters
.
getProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
ciphers
=
parameters
.
getCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledProtocols()"
);
protocols
=
ssocket
.
getEnabledProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getEnabledCipherSuites()"
);
ciphers
=
ssocket
.
getEnabledCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedProtocols()"
);
protocols
=
ssocket
.
getSupportedProtocols
();
failed
|=
!
checkProtocols
(
protocols
,
cv
.
supportedProtocols
);
System
.
out
.
println
(
"\tChecking SSLEngine.getSupportedCipherSuites()"
);
ciphers
=
ssocket
.
getSupportedCipherSuites
();
failed
|=
!
checkCipherSuites
(
ciphers
);
}
if
(
failed
)
{
throw
new
Exception
(
"Run into problems, see log for more details"
);
}
else
{
System
.
out
.
println
(
"\t... Success"
);
}
}
}
test/sun/security/ssl/
javax/net/ss
l/SSLContextVersion.java
→
test/sun/security/ssl/
com/sun/net/ssl/internal/ssl/SSLContextImp
l/SSLContextVersion.java
浏览文件 @
19235704
/*
* Copyright (c) 2011, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2011, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -21,24 +21,28 @@
* questions.
*/
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
/*
* @test
* @bug 6976117
* @summary SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets
* without TLSv1.1 enabled
* @run main/othervm SSLContextVersion
*/
import
javax.net.ssl.*
;
public
class
SSLContextVersion
{
static
enum
ContextVersion
{
TLS_CV_01
(
"SSL"
,
"TLSv1"
,
"TLSv1.2"
),
TLS_CV_02
(
"TLS"
,
"TLSv1"
,
"TLSv1.2"
),
TLS_CV_01
(
"SSL"
,
"TLSv1
.2
"
,
"TLSv1.2"
),
TLS_CV_02
(
"TLS"
,
"TLSv1
.2
"
,
"TLSv1.2"
),
TLS_CV_03
(
"SSLv3"
,
"TLSv1"
,
"TLSv1.2"
),
TLS_CV_04
(
"TLSv1"
,
"TLSv1"
,
"TLSv1.2"
),
TLS_CV_05
(
"TLSv1.1"
,
"TLSv1.1"
,
"TLSv1.2"
),
TLS_CV_06
(
"TLSv1.2"
,
"TLSv1.2"
,
"TLSv1.2"
),
TLS_CV_07
(
"Default"
,
"TLSv1"
,
"TLSv1.2"
);
TLS_CV_07
(
"Default"
,
"TLSv1
.2
"
,
"TLSv1.2"
);
final
String
contextVersion
;
final
String
defaultProtocolVersion
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录