diff --git a/src/share/classes/sun/security/ssl/ProtocolVersion.java b/src/share/classes/sun/security/ssl/ProtocolVersion.java index cc262f3a1ae829d4aa21e25460231da65a0470a9..20ea5860c785f44a5c5de1ae2749cf51027cea3c 100644 --- a/src/share/classes/sun/security/ssl/ProtocolVersion.java +++ b/src/share/classes/sun/security/ssl/ProtocolVersion.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -80,8 +80,8 @@ public final class ProtocolVersion implements Comparable { // maximum version we implement (TLS 1.2) final static ProtocolVersion MAX = TLS12; - // ProtocolVersion to use by default (TLS 1.0) - final static ProtocolVersion DEFAULT = TLS10; + // ProtocolVersion to use by default (TLS 1.2) + final static ProtocolVersion DEFAULT = TLS12; // Default version for hello messages (SSLv2Hello) final static ProtocolVersion DEFAULT_HELLO = FIPS ? TLS10 : SSL30; diff --git a/src/share/classes/sun/security/ssl/SSLContextImpl.java b/src/share/classes/sun/security/ssl/SSLContextImpl.java index 3d5b3e2d592041bd76f249abfa31a74558a395f0..8f8fb4d44e43e0743b750d9896ebe599d8265ddc 100644 --- a/src/share/classes/sun/security/ssl/SSLContextImpl.java +++ b/src/share/classes/sun/security/ssl/SSLContextImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,6 +36,7 @@ import java.security.cert.Certificate; import javax.net.ssl.*; import sun.security.provider.certpath.AlgorithmChecker; +import sun.security.action.GetPropertyAction; public abstract class SSLContextImpl extends SSLContextSpi { @@ -421,22 +422,21 @@ public abstract class SSLContextImpl extends SSLContextSpi { */ /* - * The conservative SSLContext implementation for TLS, SSL, SSLv3 and - * TLS10 algorithm. + * The base abstract SSLContext implementation. * - * This is a super class of DefaultSSLContext and TLS10Context. + * This abstract class encapsulates supported and the default server + * SSL parameters. * * @see SSLContext */ - private static class ConservativeSSLContext extends SSLContextImpl { + private abstract static class AbstractSSLContext extends SSLContextImpl { // parameters - private static SSLParameters defaultServerSSLParams; - private static SSLParameters defaultClientSSLParams; - private static SSLParameters supportedSSLParams; + private final static SSLParameters defaultServerSSLParams; + private final static SSLParameters supportedSSLParams; static { + supportedSSLParams = new SSLParameters(); if (SunJSSE.isFIPS()) { - supportedSSLParams = new SSLParameters(); supportedSSLParams.setProtocols(new String[] { ProtocolVersion.TLS10.name, ProtocolVersion.TLS11.name, @@ -444,14 +444,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { }); defaultServerSSLParams = supportedSSLParams; - - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name - }); - } else { - supportedSSLParams = new SSLParameters(); supportedSSLParams.setProtocols(new String[] { ProtocolVersion.SSL20Hello.name, ProtocolVersion.SSL30.name, @@ -461,8 +454,36 @@ public abstract class SSLContextImpl extends SSLContextSpi { }); defaultServerSSLParams = supportedSSLParams; + } + } + + @Override + SSLParameters getDefaultServerSSLParams() { + return defaultServerSSLParams; + } - defaultClientSSLParams = new SSLParameters(); + @Override + SSLParameters getSupportedSSLParams() { + return supportedSSLParams; + } + } + + /* + * The SSLContext implementation for SSLv3 and TLS10 algorithm + * + * @see SSLContext + */ + public static final class TLS10Context extends AbstractSSLContext { + private final static SSLParameters defaultClientSSLParams; + + static { + defaultClientSSLParams = new SSLParameters(); + if (SunJSSE.isFIPS()) { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.TLS10.name + }); + + } else { defaultClientSSLParams.setProtocols(new String[] { ProtocolVersion.SSL30.name, ProtocolVersion.TLS10.name @@ -471,27 +492,176 @@ public abstract class SSLContextImpl extends SSLContextSpi { } @Override - SSLParameters getDefaultServerSSLParams() { - return defaultServerSSLParams; + SSLParameters getDefaultClientSSLParams() { + return defaultClientSSLParams; + } + } + + /* + * The SSLContext implementation for TLS11 algorithm + * + * @see SSLContext + */ + public static final class TLS11Context extends AbstractSSLContext { + private final static SSLParameters defaultClientSSLParams; + + static { + defaultClientSSLParams = new SSLParameters(); + if (SunJSSE.isFIPS()) { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.TLS10.name, + ProtocolVersion.TLS11.name + }); + + } else { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.SSL30.name, + ProtocolVersion.TLS10.name, + ProtocolVersion.TLS11.name + }); + } + } + + @Override + SSLParameters getDefaultClientSSLParams() { + return defaultClientSSLParams; + } + } + + /* + * The SSLContext implementation for TLS12 algorithm + * + * @see SSLContext + */ + public static final class TLS12Context extends AbstractSSLContext { + private final static SSLParameters defaultClientSSLParams; + + static { + defaultClientSSLParams = new SSLParameters(); + if (SunJSSE.isFIPS()) { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.TLS10.name, + ProtocolVersion.TLS11.name, + ProtocolVersion.TLS12.name + }); + + } else { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.SSL30.name, + ProtocolVersion.TLS10.name, + ProtocolVersion.TLS11.name, + ProtocolVersion.TLS12.name + }); + } } @Override SSLParameters getDefaultClientSSLParams() { return defaultClientSSLParams; } + } + + /* + * The SSLContext implementation for customized TLS protocols + * + * @see SSLContext + */ + private static class CustomizedSSLContext extends AbstractSSLContext { + private final static String PROPERTY_NAME = "jdk.tls.client.protocols"; + private final static SSLParameters defaultClientSSLParams; + private static IllegalArgumentException reservedException = null; + + // Don't want a java.lang.LinkageError for illegal system property. + // + // Please don't throw exception in this static block. Otherwise, + // java.lang.LinkageError may be thrown during the instantiation of + // the provider service. Instead, let's handle the initialization + // exception in constructor. + static { + String property = AccessController.doPrivileged( + new GetPropertyAction(PROPERTY_NAME)); + defaultClientSSLParams = new SSLParameters(); + if (property == null || property.length() == 0) { + // the default enabled client TLS protocols + if (SunJSSE.isFIPS()) { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.TLS10.name, + ProtocolVersion.TLS11.name, + ProtocolVersion.TLS12.name + }); + + } else { + defaultClientSSLParams.setProtocols(new String[] { + ProtocolVersion.SSL30.name, + ProtocolVersion.TLS10.name, + ProtocolVersion.TLS11.name, + ProtocolVersion.TLS12.name + }); + } + } else { + // remove double quote marks from beginning/end of the property + if (property.charAt(0) == '"' && + property.charAt(property.length() - 1) == '"') { + property = property.substring(1, property.length() - 1); + } + + String[] protocols = property.split(","); + for (int i = 0; i < protocols.length; i++) { + protocols[i] = protocols[i].trim(); + // Is it a supported protocol name? + try { + ProtocolVersion.valueOf(protocols[i]); + } catch (IllegalArgumentException iae) { + reservedException = new IllegalArgumentException( + PROPERTY_NAME + ": " + protocols[i] + + " is not a standard SSL protocol name", iae); + } + } + + if ((reservedException == null) && SunJSSE.isFIPS()) { + for (String protocol : protocols) { + if (ProtocolVersion.SSL20Hello.name.equals(protocol) || + ProtocolVersion.SSL30.name.equals(protocol)) { + reservedException = new IllegalArgumentException( + PROPERTY_NAME + ": " + protocol + + " is not FIPS compliant"); + } + } + } + + if (reservedException == null) { + defaultClientSSLParams.setProtocols(protocols); + } + } + } + + protected CustomizedSSLContext() { + if (reservedException != null) { + throw reservedException; + } + } @Override - SSLParameters getSupportedSSLParams() { - return supportedSSLParams; + SSLParameters getDefaultClientSSLParams() { + return defaultClientSSLParams; } } /* - * The SSLContext implementation for default algorithm + * The SSLContext implementation for default "TLS" algorithm + * + * @see SSLContext + */ + public static final class TLSContext extends CustomizedSSLContext { + // use the default constructor and methods + } + + /* + * The SSLContext implementation for default "Default" algorithm * * @see SSLContext */ - public static final class DefaultSSLContext extends ConservativeSSLContext { + public static final class DefaultSSLContext extends CustomizedSSLContext { private static final String NONE = "NONE"; private static final String P11KEYSTORE = "PKCS11"; @@ -652,147 +822,6 @@ public abstract class SSLContextImpl extends SSLContextSpi { } } - /* - * The SSLContext implementation for TLS, SSL, SSLv3 and TLS10 algorithm - * - * @see SSLContext - */ - public static final class TLS10Context extends ConservativeSSLContext { - // use the default constructor and methods - } - - /* - * The SSLContext implementation for TLS11 algorithm - * - * @see SSLContext - */ - public static final class TLS11Context extends SSLContextImpl { - // parameters - private static SSLParameters defaultServerSSLParams; - private static SSLParameters defaultClientSSLParams; - private static SSLParameters supportedSSLParams; - - static { - if (SunJSSE.isFIPS()) { - supportedSSLParams = new SSLParameters(); - supportedSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - - defaultServerSSLParams = supportedSSLParams; - - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name - }); - - } else { - supportedSSLParams = new SSLParameters(); - supportedSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL20Hello.name, - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - - defaultServerSSLParams = supportedSSLParams; - - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name - }); - } - } - - @Override - SSLParameters getDefaultServerSSLParams() { - return defaultServerSSLParams; - } - - @Override - SSLParameters getDefaultClientSSLParams() { - return defaultClientSSLParams; - } - - @Override - SSLParameters getSupportedSSLParams() { - return supportedSSLParams; - } - } - - /* - * The SSLContext implementation for TLS12 algorithm - * - * @see SSLContext - */ - public static final class TLS12Context extends SSLContextImpl { - // parameters - private static SSLParameters defaultServerSSLParams; - private static SSLParameters defaultClientSSLParams; - private static SSLParameters supportedSSLParams; - - static { - if (SunJSSE.isFIPS()) { - supportedSSLParams = new SSLParameters(); - supportedSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - - defaultServerSSLParams = supportedSSLParams; - - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - - } else { - supportedSSLParams = new SSLParameters(); - supportedSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL20Hello.name, - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - - defaultServerSSLParams = supportedSSLParams; - - defaultClientSSLParams = new SSLParameters(); - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - } - } - - @Override - SSLParameters getDefaultServerSSLParams() { - return defaultServerSSLParams; - } - - @Override - SSLParameters getDefaultClientSSLParams() { - return defaultClientSSLParams; - } - - @Override - SSLParameters getSupportedSSLParams() { - return supportedSSLParams; - } - } - } diff --git a/src/share/classes/sun/security/ssl/SunJSSE.java b/src/share/classes/sun/security/ssl/SunJSSE.java index 3498cc61cfc8f891e85741a56da70cbb48d9787e..63119dd14d3c7ea1c2625fa61086e5aee4f6f96b 100644 --- a/src/share/classes/sun/security/ssl/SunJSSE.java +++ b/src/share/classes/sun/security/ssl/SunJSSE.java @@ -60,7 +60,8 @@ public abstract class SunJSSE extends java.security.Provider { private static final long serialVersionUID = 3231825739635378733L; private static String info = "Sun JSSE provider" + - "(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)"; + "(PKCS12, SunX509/PKIX key/trust factories, " + + "SSLv3/TLSv1/TLSv1.1/TLSv1.2)"; private static String fipsInfo = "Sun JSSE provider (FIPS mode, crypto provider "; @@ -208,16 +209,17 @@ public abstract class SunJSSE extends java.security.Provider { put("SSLContext.TLSv1", "sun.security.ssl.SSLContextImpl$TLS10Context"); - put("Alg.Alias.SSLContext.TLS", "TLSv1"); - if (isfips == false) { - put("Alg.Alias.SSLContext.SSL", "TLSv1"); - put("Alg.Alias.SSLContext.SSLv3", "TLSv1"); - } - put("SSLContext.TLSv1.1", "sun.security.ssl.SSLContextImpl$TLS11Context"); put("SSLContext.TLSv1.2", "sun.security.ssl.SSLContextImpl$TLS12Context"); + put("SSLContext.TLS", + "sun.security.ssl.SSLContextImpl$TLSContext"); + if (isfips == false) { + put("Alg.Alias.SSLContext.SSL", "TLS"); + put("Alg.Alias.SSLContext.SSLv3", "TLSv1"); + } + put("SSLContext.Default", "sun.security.ssl.SSLContextImpl$DefaultSSLContext"); diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java index ec61b303bc8f6e854786e9d7922014b4855eea47..5c784b4e9ec5a23d6231436faf5631144bdbf53d 100644 --- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java @@ -443,7 +443,7 @@ public class DHEKeySizing { TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ts); - SSLContext sslCtx = SSLContext.getInstance("TLS"); + SSLContext sslCtx = SSLContext.getInstance("TLSv1"); sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return sslCtx; diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java index 0f69a0590d92302a1b6ec0e0a4d12b13b5c2b637..fc6eafa259a44119c24cf0b111dc335554898ae7 100644 --- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -159,7 +159,7 @@ public class DebugReportsOneExtraByte { TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ts); - SSLContext sslCtx = SSLContext.getInstance("TLS"); + SSLContext sslCtx = SSLContext.getInstance("TLSv1"); sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java new file mode 100644 index 0000000000000000000000000000000000000000..3045064d0ad50fa30822db5881aa4e8f52d189f7 --- /dev/null +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/CustomizedDefaultProtocols.java @@ -0,0 +1,239 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @bug 7093640 + * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE + * @run main/othervm -Djdk.tls.client.protocols="SSLv3,TLSv1,TLSv1.1" + * CustomizedDefaultProtocols + */ + +import javax.net.*; +import javax.net.ssl.*; +import java.util.Arrays; + +public class CustomizedDefaultProtocols { + static enum ContextVersion { + TLS_CV_01("SSL", + new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), + TLS_CV_02("TLS", + new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), + TLS_CV_03("SSLv3", + new String[] {"SSLv3", "TLSv1"}), + TLS_CV_04("TLSv1", + new String[] {"SSLv3", "TLSv1"}), + TLS_CV_05("TLSv1.1", + new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), + TLS_CV_06("TLSv1.2", + new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_07("Default", + new String[] {"SSLv3", "TLSv1", "TLSv1.1"}); + + final String contextVersion; + final String[] enabledProtocols; + final static String[] supportedProtocols = new String[] { + "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}; + + ContextVersion(String contextVersion, String[] enabledProtocols) { + this.contextVersion = contextVersion; + this.enabledProtocols = enabledProtocols; + } + } + + private static boolean checkProtocols(String[] target, String[] expected) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No protocols"); + success = false; + } + + if (!Arrays.equals(target, expected)) { + System.out.println("\tError: Expected to get protocols " + + Arrays.toString(expected)); + System.out.println("\tError: The actual protocols " + + Arrays.toString(target)); + success = false; + } + + return success; + } + + private static boolean checkCipherSuites(String[] target) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No cipher suites"); + success = false; + } + + return success; + } + + public static void main(String[] args) throws Exception { + boolean failed = false; + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + SSLContext context = SSLContext.getInstance(cv.contextVersion); + + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init((KeyManager[])null, (TrustManager[])null, null); + } + + // + // Check SSLContext + // + // Check default SSLParameters of SSLContext + System.out.println("\tChecking default SSLParameters"); + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + String[] ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // Check supported SSLParameters of SSLContext + System.out.println("\tChecking supported SSLParameters"); + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLEngine + // + // Check SSLParameters of SSLEngine + System.out.println(); + System.out.println("\tChecking SSLEngine of this SSLContext"); + System.out.println("\tChecking SSLEngine.getSSLParameters()"); + SSLEngine engine = context.createSSLEngine(); + engine.setUseClientMode(true); + parameters = engine.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = engine.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = engine.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = engine.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = engine.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLSocket + // + // Check SSLParameters of SSLSocket + System.out.println(); + System.out.println("\tChecking SSLSocket of this SSLContext"); + System.out.println("\tChecking SSLSocket.getSSLParameters()"); + SocketFactory fac = context.getSocketFactory(); + SSLSocket socket = (SSLSocket)fac.createSocket(); + parameters = socket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = socket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = socket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = socket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = socket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLServerSocket + // + // Check SSLParameters of SSLServerSocket + System.out.println(); + System.out.println("\tChecking SSLServerSocket of this SSLContext"); + System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); + SSLServerSocketFactory sf = context.getServerSocketFactory(); + SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); + parameters = ssocket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = ssocket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = ssocket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = ssocket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = ssocket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + } + + if (failed) { + throw new Exception("Run into problems, see log for more details"); + } else { + System.out.println("\t... Success"); + } + } +} diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java new file mode 100644 index 0000000000000000000000000000000000000000..20381c6b5779a3843e5d560608014f82c7e107b3 --- /dev/null +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/DefaultEnabledProtocols.java @@ -0,0 +1,238 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @bug 7093640 + * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE + * @run main/othervm DefaultEnabledProtocols + */ + +import javax.net.*; +import javax.net.ssl.*; +import java.util.Arrays; + +public class DefaultEnabledProtocols { + static enum ContextVersion { + TLS_CV_01("SSL", + new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_02("TLS", + new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_03("SSLv3", + new String[] {"SSLv3", "TLSv1"}), + TLS_CV_04("TLSv1", + new String[] {"SSLv3", "TLSv1"}), + TLS_CV_05("TLSv1.1", + new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), + TLS_CV_06("TLSv1.2", + new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_07("Default", + new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}); + + final String contextVersion; + final String[] enabledProtocols; + final static String[] supportedProtocols = new String[] { + "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}; + + ContextVersion(String contextVersion, String[] enabledProtocols) { + this.contextVersion = contextVersion; + this.enabledProtocols = enabledProtocols; + } + } + + private static boolean checkProtocols(String[] target, String[] expected) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No protocols"); + success = false; + } + + if (!Arrays.equals(target, expected)) { + System.out.println("\tError: Expected to get protocols " + + Arrays.toString(expected)); + System.out.println("\tError: The actual protocols " + + Arrays.toString(target)); + success = false; + } + + return success; + } + + private static boolean checkCipherSuites(String[] target) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No cipher suites"); + success = false; + } + + return success; + } + + public static void main(String[] args) throws Exception { + boolean failed = false; + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + SSLContext context = SSLContext.getInstance(cv.contextVersion); + + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init((KeyManager[])null, (TrustManager[])null, null); + } + + // + // Check SSLContext + // + // Check default SSLParameters of SSLContext + System.out.println("\tChecking default SSLParameters"); + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + String[] ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // Check supported SSLParameters of SSLContext + System.out.println("\tChecking supported SSLParameters"); + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLEngine + // + // Check SSLParameters of SSLEngine + System.out.println(); + System.out.println("\tChecking SSLEngine of this SSLContext"); + System.out.println("\tChecking SSLEngine.getSSLParameters()"); + SSLEngine engine = context.createSSLEngine(); + engine.setUseClientMode(true); + parameters = engine.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = engine.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = engine.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = engine.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = engine.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLSocket + // + // Check SSLParameters of SSLSocket + System.out.println(); + System.out.println("\tChecking SSLSocket of this SSLContext"); + System.out.println("\tChecking SSLSocket.getSSLParameters()"); + SocketFactory fac = context.getSocketFactory(); + SSLSocket socket = (SSLSocket)fac.createSocket(); + parameters = socket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = socket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = socket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = socket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = socket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLServerSocket + // + // Check SSLParameters of SSLServerSocket + System.out.println(); + System.out.println("\tChecking SSLServerSocket of this SSLContext"); + System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); + SSLServerSocketFactory sf = context.getServerSocketFactory(); + SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); + parameters = ssocket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = ssocket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = ssocket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = ssocket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = ssocket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + } + + if (failed) { + throw new Exception("Run into problems, see log for more details"); + } else { + System.out.println("\t... Success"); + } + } +} diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/IllegalProtocolProperty.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/IllegalProtocolProperty.java new file mode 100644 index 0000000000000000000000000000000000000000..f85d166178bc179c35697279829fb52ef7a9e99f --- /dev/null +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/IllegalProtocolProperty.java @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @bug 7093640 + * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE + * @run main/othervm -Djdk.tls.client.protocols="XSLv3,TLSv1" + * IllegalProtocolProperty + */ + +import javax.net.ssl.*; +import java.security.NoSuchAlgorithmException; + +public class IllegalProtocolProperty { + static enum ContextVersion { + TLS_CV_01("SSL", "TLSv1", "TLSv1.2", true), + TLS_CV_02("TLS", "TLSv1", "TLSv1.2", true), + TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2", false), + TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2", false), + TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2", false), + TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2", false), + TLS_CV_07("Default", "TLSv1", "TLSv1.2", true); + + final String contextVersion; + final String defaultProtocolVersion; + final String supportedProtocolVersion; + final boolean impacted; + + ContextVersion(String contextVersion, String defaultProtocolVersion, + String supportedProtocolVersion, boolean impacted) { + this.contextVersion = contextVersion; + this.defaultProtocolVersion = defaultProtocolVersion; + this.supportedProtocolVersion = supportedProtocolVersion; + this.impacted = impacted; + } + } + + public static void main(String[] args) throws Exception { + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + + SSLContext context; + try { + context = SSLContext.getInstance(cv.contextVersion); + if (cv.impacted) { + throw new Exception( + "illegal system property jdk.tls.client.protocols: " + + System.getProperty("jdk.tls.client.protocols")); + } + } catch (NoSuchAlgorithmException nsae) { + if (cv.impacted) { + System.out.println( + "\tIgnore: illegal system property " + + "jdk.tls.client.protocols=" + + System.getProperty("jdk.tls.client.protocols")); + continue; + } else { + throw nsae; + } + } + + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init((KeyManager[])null, (TrustManager[])null, null); + } + + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + String[] ciphers = parameters.getCipherSuites(); + + if (protocols.length == 0 || ciphers.length == 0) { + throw new Exception("No default protocols or cipher suites"); + } + + boolean isMatch = false; + for (String protocol : protocols) { + System.out.println("\tdefault protocol version " + protocol); + if (protocol.equals(cv.defaultProtocolVersion)) { + isMatch = true; + break; + } + } + + if (!isMatch) { + throw new Exception("No matched default protocol"); + } + + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + ciphers = parameters.getCipherSuites(); + + if (protocols.length == 0 || ciphers.length == 0) { + throw new Exception("No supported protocols or cipher suites"); + } + + isMatch = false; + for (String protocol : protocols) { + System.out.println("\tsupported protocol version " + protocol); + if (protocol.equals(cv.supportedProtocolVersion)) { + isMatch = true; + break; + } + } + + if (!isMatch) { + throw new Exception("No matched supported protocol"); + } + System.out.println("\t... Success"); + } + } +} diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java new file mode 100644 index 0000000000000000000000000000000000000000..d7b1abdeffc8514b1dc523198fb30402babe8a8e --- /dev/null +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/NoOldVersionContext.java @@ -0,0 +1,239 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + +/* + * @test + * @bug 7093640 + * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE + * @run main/othervm -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" + * NoOldVersionContext + */ + +import javax.net.*; +import javax.net.ssl.*; +import java.util.Arrays; + +public class NoOldVersionContext { + static enum ContextVersion { + TLS_CV_01("SSL", + new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_02("TLS", + new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_03("SSLv3", + new String[] {"SSLv3", "TLSv1"}), + TLS_CV_04("TLSv1", + new String[] {"SSLv3", "TLSv1"}), + TLS_CV_05("TLSv1.1", + new String[] {"SSLv3", "TLSv1", "TLSv1.1"}), + TLS_CV_06("TLSv1.2", + new String[] {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}), + TLS_CV_07("Default", + new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}); + + final String contextVersion; + final String[] enabledProtocols; + final static String[] supportedProtocols = new String[] { + "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}; + + ContextVersion(String contextVersion, String[] enabledProtocols) { + this.contextVersion = contextVersion; + this.enabledProtocols = enabledProtocols; + } + } + + private static boolean checkProtocols(String[] target, String[] expected) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No protocols"); + success = false; + } + + if (!Arrays.equals(target, expected)) { + System.out.println("\tError: Expected to get protocols " + + Arrays.toString(expected)); + System.out.println("\tError: The actual protocols " + + Arrays.toString(target)); + success = false; + } + + return success; + } + + private static boolean checkCipherSuites(String[] target) { + boolean success = true; + if (target.length == 0) { + System.out.println("\tError: No cipher suites"); + success = false; + } + + return success; + } + + public static void main(String[] args) throws Exception { + boolean failed = false; + for (ContextVersion cv : ContextVersion.values()) { + System.out.println("Checking SSLContext of " + cv.contextVersion); + SSLContext context = SSLContext.getInstance(cv.contextVersion); + + // Default SSLContext is initialized automatically. + if (!cv.contextVersion.equals("Default")) { + // Use default TK, KM and random. + context.init((KeyManager[])null, (TrustManager[])null, null); + } + + // + // Check SSLContext + // + // Check default SSLParameters of SSLContext + System.out.println("\tChecking default SSLParameters"); + SSLParameters parameters = context.getDefaultSSLParameters(); + + String[] protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + String[] ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // Check supported SSLParameters of SSLContext + System.out.println("\tChecking supported SSLParameters"); + parameters = context.getSupportedSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLEngine + // + // Check SSLParameters of SSLEngine + System.out.println(); + System.out.println("\tChecking SSLEngine of this SSLContext"); + System.out.println("\tChecking SSLEngine.getSSLParameters()"); + SSLEngine engine = context.createSSLEngine(); + engine.setUseClientMode(true); + parameters = engine.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = engine.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = engine.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = engine.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = engine.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLSocket + // + // Check SSLParameters of SSLSocket + System.out.println(); + System.out.println("\tChecking SSLSocket of this SSLContext"); + System.out.println("\tChecking SSLSocket.getSSLParameters()"); + SocketFactory fac = context.getSocketFactory(); + SSLSocket socket = (SSLSocket)fac.createSocket(); + parameters = socket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = socket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.enabledProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = socket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = socket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = socket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + // + // Check SSLServerSocket + // + // Check SSLParameters of SSLServerSocket + System.out.println(); + System.out.println("\tChecking SSLServerSocket of this SSLContext"); + System.out.println("\tChecking SSLServerSocket.getSSLParameters()"); + SSLServerSocketFactory sf = context.getServerSocketFactory(); + SSLServerSocket ssocket = (SSLServerSocket)sf.createServerSocket(); + parameters = ssocket.getSSLParameters(); + + protocols = parameters.getProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + ciphers = parameters.getCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getEnabledProtocols()"); + protocols = ssocket.getEnabledProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println("\tChecking SSLEngine.getEnabledCipherSuites()"); + ciphers = ssocket.getEnabledCipherSuites(); + failed |= !checkCipherSuites(ciphers); + + System.out.println("\tChecking SSLEngine.getSupportedProtocols()"); + protocols = ssocket.getSupportedProtocols(); + failed |= !checkProtocols(protocols, cv.supportedProtocols); + + System.out.println( + "\tChecking SSLEngine.getSupportedCipherSuites()"); + ciphers = ssocket.getSupportedCipherSuites(); + failed |= !checkCipherSuites(ciphers); + } + + if (failed) { + throw new Exception("Run into problems, see log for more details"); + } else { + System.out.println("\t... Success"); + } + } +} diff --git a/test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/SSLContextVersion.java similarity index 91% rename from test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java rename to test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/SSLContextVersion.java index 003c3ab17dae5284e31f32506d041ff95ab9f869..3a9ba719b94fa7b53979a6afddcbe3c0558e4edd 100644 --- a/test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/SSLContextVersion.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,24 +21,28 @@ * questions. */ +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + /* * @test * @bug 6976117 * @summary SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets * without TLSv1.1 enabled + * @run main/othervm SSLContextVersion */ import javax.net.ssl.*; public class SSLContextVersion { static enum ContextVersion { - TLS_CV_01("SSL", "TLSv1", "TLSv1.2"), - TLS_CV_02("TLS", "TLSv1", "TLSv1.2"), + TLS_CV_01("SSL", "TLSv1.2", "TLSv1.2"), + TLS_CV_02("TLS", "TLSv1.2", "TLSv1.2"), TLS_CV_03("SSLv3", "TLSv1", "TLSv1.2"), TLS_CV_04("TLSv1", "TLSv1", "TLSv1.2"), TLS_CV_05("TLSv1.1", "TLSv1.1", "TLSv1.2"), TLS_CV_06("TLSv1.2", "TLSv1.2", "TLSv1.2"), - TLS_CV_07("Default", "TLSv1", "TLSv1.2"); + TLS_CV_07("Default", "TLSv1.2", "TLSv1.2"); final String contextVersion; final String defaultProtocolVersion;