Mercurial > hg > icedtea8-forest > jdk

view test/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java @ 14928:466b007eedbb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8234728: Some security tests should support TLSv1.3 Summary: Tests were updated to support TLSv1.3 and cipher suite order Reviewed-by: xuelei, andrew
author ssahoo
date Fri, 13 Dec 2019 01:43:14 -0800
parents
children 25ef0910e622
line wrap: on
line source

/*
 * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
import java.util.Arrays;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;

/*
 * @test
 * @bug 8234728
 * @library /javax/net/ssl/templates
 *          /javax/net/ssl/TLSCommon
 * @summary Test TLS ciphersuites order set through System properties
 * @ignore Not applicable until the cipher order of system property maintained.
 * @run main/othervm
 *      -Djdk.tls.client.cipherSuites=TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384
 *      -Djdk.tls.server.cipherSuites=TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256
 *      -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3"
 *      SystemPropCipherSuitesOrder TLSv1.3
 * @run main/othervm
 *      -Djdk.tls.client.cipherSuites=TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384
 *      -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3"
 *      SystemPropCipherSuitesOrder TLSv1.3
 * @run main/othervm
 *      -Djdk.tls.server.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384
 *      -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3"
 *      SystemPropCipherSuitesOrder TLSv1.3
 * @run main/othervm
 *      -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 *      -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 *      SystemPropCipherSuitesOrder TLSv1.2
 * @run main/othervm
 *      -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 *      SystemPropCipherSuitesOrder TLSv1.2
 * @run main/othervm
 *      -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 *      SystemPropCipherSuitesOrder TLSv1.2
 * @run main/othervm
 *      -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
 *      -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
 *      SystemPropCipherSuitesOrder TLSv1.1
 * @run main/othervm
 *      -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
 *      SystemPropCipherSuitesOrder TLSv1.1
 * @run main/othervm
 *      -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
 *      SystemPropCipherSuitesOrder TLSv1.1
 * @run main/othervm
 *      -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
 *      -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
 *      SystemPropCipherSuitesOrder TLSv1
 * @run main/othervm
 *      -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
 *      SystemPropCipherSuitesOrder TLSv1
 * @run main/othervm
 *      -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
 *      SystemPropCipherSuitesOrder TLSv1
 */
public class SystemPropCipherSuitesOrder extends SSLSocketTemplate {

    private final String protocol;
    private static String[] servercipherSuites;
    private static String[] clientcipherSuites;

    public static void main(String[] args) {
        servercipherSuites
                = toArray(System.getProperty("jdk.tls.server.cipherSuites"));
        clientcipherSuites
                = toArray(System.getProperty("jdk.tls.client.cipherSuites"));
        System.out.printf("SYSTEM PROPERTIES: ServerProp:%s - ClientProp:%s%n",
                Arrays.deepToString(servercipherSuites),
                Arrays.deepToString(clientcipherSuites));

        try {
            new SystemPropCipherSuitesOrder(args[0]).run();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private SystemPropCipherSuitesOrder(String protocol) {
        this.protocol = protocol;
    }

    // Servers are configured before clients, increment test case after.
    @Override
    protected void configureClientSocket(SSLSocket socket) {
        socket.setEnabledProtocols(new String[]{protocol});
    }

    @Override
    protected void configureServerSocket(SSLServerSocket serverSocket) {
        serverSocket.setEnabledProtocols(new String[]{protocol});
    }

    protected void runServerApplication(SSLSocket socket) throws Exception {
        if (servercipherSuites != null) {
            System.out.printf("SERVER: SystemProperty:%s - "
                    + "getEnabledCipherSuites:%s%n",
                    Arrays.deepToString(servercipherSuites),
                    Arrays.deepToString(socket.getEnabledCipherSuites()));
        }
        if (servercipherSuites != null && !Arrays.equals(
                servercipherSuites, socket.getEnabledCipherSuites())) {
            throw new RuntimeException("Unmatched server side CipherSuite order");
        }
        super.runServerApplication(socket);
    }

    protected void runClientApplication(SSLSocket socket) throws Exception {
        if (clientcipherSuites != null) {
            System.out.printf("CLIENT: SystemProperty:%s - "
                    + "getEnabledCipherSuites:%s%n",
                    Arrays.deepToString(clientcipherSuites),
                    Arrays.deepToString(socket.getEnabledCipherSuites()));
        }
        if (clientcipherSuites != null && !Arrays.equals(clientcipherSuites,
                socket.getEnabledCipherSuites())) {
            throw new RuntimeException("Unmatched client side CipherSuite order");
        }
        super.runClientApplication(socket);
    }

    private static String[] toArray(String prop) {
        return (prop != null) ? prop.split(",") : null;
    }
}