8246330: Add TLS Tests for Legacy ECDSA curves

Reviewed-by: rhalade
2020-06-09 00:04:40 -07:00 · 2020-06-09 00:04:40 -07:00 · 82e3640eb1
commit 82e3640eb1
parent 8dc66431d4
2 changed files with 173 additions and 0 deletions
--- a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
+++ b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
@ -372,12 +372,14 @@ public class SSLSocketTemplate {
    // Trusted certificates.
    protected final static Cert[] TRUSTED_CERTS = {
            Cert.CA_ECDSA_SECP256R1,
+            Cert.CA_ECDSA_SECT283R1,
            Cert.CA_RSA_2048,
            Cert.CA_DSA_2048 };

    // End entity certificate.
    protected final static Cert[] END_ENTITY_CERTS = {
            Cert.EE_ECDSA_SECP256R1,
+            Cert.EE_ECDSA_SECT283R1,
            Cert.EE_RSA_2048,
            Cert.EE_EC_RSA_SECP256R1,
            Cert.EE_DSA_2048 };
@ -703,6 +705,32 @@ public class SSLSocketTemplate {
                "p1YdWENftmDoNTJ3O6TNlXb90jKWgAirCXNBUompPtHKkO592eDyGcT1h8qjrKlm\n" +
                "Kw=="),

+         CA_ECDSA_SECT283R1(
+                "EC",
+                // SHA1withECDSA, curve sect283r1
+                // Validity
+                //     Not Before: May 26 06:06:52 2020 GMT
+                //     Not After : May 21 06:06:52 2040 GMT
+                // Subject Key Identifier:
+                //     CF:A3:99:ED:4C:6E:04:41:09:21:31:33:B6:80:D5:A7:BF:2B:98:04
+                "-----BEGIN CERTIFICATE-----\n" +
+                "MIIB8TCCAY+gAwIBAgIJANQFsBngZ3iMMAsGByqGSM49BAEFADBdMQswCQYDVQQG\n" +
+                "EwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNBMQ8wDQYDVQQKEwZPcmFjbGUx\n" +
+                "DzANBgNVBAsTBkpQR1NRRTESMBAGA1UEAxMJc2VjdDI4M3IxMB4XDTIwMDUyNjE4\n" +
+                "MDY1MloXDTQwMDUyMTE4MDY1MlowXTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB\n" +
+                "MQswCQYDVQQHEwJTQTEPMA0GA1UEChMGT3JhY2xlMQ8wDQYDVQQLEwZKUEdTUUUx\n" +
+                "EjAQBgNVBAMTCXNlY3QyODNyMTBeMBAGByqGSM49AgEGBSuBBAARA0oABALatmDt\n" +
+                "QIhjpK4vJjv4GgC8CUH/VAWLUSQRU7yGGQ3NF8rVBARv0aehiII0nzjDVX5KrP/A\n" +
+                "w/DmW7q8PfEAIktuaA/tcKv/OKMyMDAwHQYDVR0OBBYEFM+jme1MbgRBCSExM7aA\n" +
+                "1ae/K5gEMA8GA1UdEwEB/wQFMAMBAf8wCwYHKoZIzj0EAQUAA08AMEwCJAGHsAP8\n" +
+                "HlcVqszra+fxq35juTxHJIfxTKIr7f54Ywtz7AJowgIkAxydv8g+dkuniOUAj0Xt\n" +
+                "FnGVp6HzKX5KM1zLpfqmix8ZPP/A\n" +
+                "-----END CERTIFICATE-----",
+                "MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAdcyn/FxiNvuTsSgDehq\n" +
+                "SGFiTxAKNMMJfmsO6GHekzszFqjPoUwDSgAEAtq2YO1AiGOkri8mO/gaALwJQf9U\n" +
+                "BYtRJBFTvIYZDc0XytUEBG/Rp6GIgjSfOMNVfkqs/8DD8OZburw98QAiS25oD+1w\n" +
+                "q/84"),
+
        CA_RSA_2048(
                "RSA",
                // SHA256withRSA, 2048 bits
@ -889,6 +917,33 @@ public class SSLSocketTemplate {
                "MEcCAQAwBQYDK2VxBDsEOd6/hRZqkUyTlJSwdN5gO/HnoWYda1fD83YUm5j6m2Bg\n" +
                "hAQi+QadFsQLD7R6PI/4Q0twXqlKnxU5Ug=="),

+        EE_ECDSA_SECT283R1(
+                "EC",
+                // SHA1withECDSA, curve sect283r1
+                // Validity
+                //     Not Before: May 26 06:08:15 2020 GMT
+                //     Not After : May 21 06:08:15 2040 GMT
+                // Authority Key Identifier:
+                //     CF:A3:99:ED:4C:6E:04:41:09:21:31:33:B6:80:D5:A7:BF:2B:98:04
+                "-----BEGIN CERTIFICATE-----\n" +
+                "MIICFTCCAbOgAwIBAgIJAM0Dd9zxR9CeMAsGByqGSM49BAEFADBdMQswCQYDVQQG\n" +
+                "EwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNBMQ8wDQYDVQQKEwZPcmFjbGUx\n" +
+                "DzANBgNVBAsTBkpQR1NRRTESMBAGA1UEAxMJc2VjdDI4M3IxMB4XDTIwMDUyNjE4\n" +
+                "MDgxNVoXDTQwMDUyMTE4MDgxNVowYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB\n" +
+                "MQswCQYDVQQHEwJTQTEPMA0GA1UEChMGT3JhY2xlMQ8wDQYDVQQLEwZKUEdTUUUx\n" +
+                "FTATBgNVBAMMDHNlY3QyODNyMV9lZTBeMBAGByqGSM49AgEGBSuBBAARA0oABAMP\n" +
+                "oaMP2lIiCrNaFSePtZA8nBnqJXSGCz8kosKeYTqz/SPE1AN6BvM4xl0kPQZvJWMz\n" +
+                "fyTcm2Ar0PdbIh8f22vJfO+0JpfhnqNTMFEwHQYDVR0OBBYEFOzDGNWQhslU5ei4\n" +
+                "SYda/ro9DickMA8GA1UdEwQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUz6OZ7UxuBEEJ\n" +
+                "ITEztoDVp78rmAQwCwYHKoZIzj0EAQUAA08AMEwCJALYBWSYdbhRiW4mNulQh6/v\n" +
+                "dfHG3y/oMjzJEmT/A0WYl96ohgIkAbDC0Ke632RXtCZ4xa2FrmzP41Vb80mSH1iY\n" +
+                "FCJ3LVoTEUgN\n" +
+                "-----END CERTIFICATE-----",
+                "MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAXq9LPYU+XSrImPzgO1e\n" +
+                "hsgjfTBXlWGveFUtn0OHPtbp7hzpoUwDSgAEAw+how/aUiIKs1oVJ4+1kDycGeol\n" +
+                "dIYLPySiwp5hOrP9I8TUA3oG8zjGXSQ9Bm8lYzN/JNybYCvQ91siHx/ba8l877Qm\n" +
+                "l+Ge"),
+
        EE_ECDSA_SECP256R1(
                "EC",
                // SHA256withECDSA, curve secp256r1
--- a/test/jdk/sun/security/ssl/CipherSuite/DisabledCurve.java
+++ b/test/jdk/sun/security/ssl/CipherSuite/DisabledCurve.java
@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8246330
+ * @library /javax/net/ssl/templates
+ * @run main/othervm -Djdk.tls.namedGroups="sect283r1"
+        DisabledCurve DISABLE_NONE PASS
+ * @run main/othervm -Djdk.tls.namedGroups="sect283r1"
+        DisabledCurve sect283r1 FAIL
+*/
+import java.security.Security;
+import java.util.Arrays;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+
+public class DisabledCurve extends SSLSocketTemplate {
+
+    private static volatile int index;
+    private static final String[][][] protocols = {
+            { { "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1" }, { "TLSv1.2" } },
+            { { "TLSv1.2" }, { "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1" } },
+            { { "TLSv1.2" }, { "TLSv1.2" } }, { { "TLSv1.1" }, { "TLSv1.1" } },
+            { { "TLSv1" }, { "TLSv1" } } };
+
+    protected SSLContext createClientSSLContext() throws Exception {
+        return createSSLContext(
+                new SSLSocketTemplate.Cert[] {
+                        SSLSocketTemplate.Cert.CA_ECDSA_SECT283R1 },
+                new SSLSocketTemplate.Cert[] {
+                        SSLSocketTemplate.Cert.EE_ECDSA_SECT283R1 },
+                getClientContextParameters());
+    }
+
+    protected SSLContext createServerSSLContext() throws Exception {
+        return createSSLContext(
+                new SSLSocketTemplate.Cert[] {
+                        SSLSocketTemplate.Cert.CA_ECDSA_SECT283R1 },
+                new SSLSocketTemplate.Cert[] {
+                        SSLSocketTemplate.Cert.EE_ECDSA_SECT283R1 },
+                getServerContextParameters());
+    }
+
+    @Override
+    protected void configureClientSocket(SSLSocket socket) {
+        String[] ps = protocols[index][0];
+
+        System.out.print("Setting client protocol(s): ");
+        Arrays.stream(ps).forEachOrdered(System.out::print);
+        System.out.println();
+
+        socket.setEnabledProtocols(ps);
+    }
+
+    @Override
+    protected void configureServerSocket(SSLServerSocket serverSocket) {
+        String[] ps = protocols[index][1];
+
+        System.out.print("Setting server protocol(s): ");
+        Arrays.stream(ps).forEachOrdered(System.out::print);
+        System.out.println();
+
+        serverSocket.setEnabledProtocols(ps);
+    }
+
+    public static void main(String[] args) throws Exception {
+        String expected = args[1];
+        String disabledName = ("DISABLE_NONE".equals(args[0]) ? "" : args[0]);
+        if (disabledName.equals("")) {
+            Security.setProperty("jdk.disabled.namedCurves", "");
+        }
+        System.setProperty("jdk.sunec.disableNative", "false");
+
+        for (index = 0; index < protocols.length; index++) {
+            try {
+                (new DisabledCurve()).run();
+                if (expected.equals("FAIL")) {
+                    throw new RuntimeException(
+                            "The test case should not reach here");
+                }
+            } catch (SSLException | IllegalStateException ssle) {
+                if ((expected.equals("FAIL"))
+                        && Security.getProperty("jdk.disabled.namedCurves")
+                                .contains(disabledName)) {
+                    System.out.println(
+                            "Expected exception was thrown: TEST PASSED");
+                } else {
+                    throw new RuntimeException(ssle);
+                }
+
+            }
+
+        }
+    }
+}