stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8186057: TLS interoperability testing between different Java versions

Browse Source 
An interop test for checking the compatibility among different Java versions.

Reviewed-by: asmotrak
This commit is contained in:
John Jiang 2017-11-28 22:19:34 -08:00
parent 6912165887
commit f8aaf97179
15 changed files with 2144 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

265
test/jdk/javax/net/ssl/compatibility/Cert.java Normal file
View File

@ -0,0 +1,265 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* The certificates and corresponding private keys used by the test.
* All of certificates uses relative weak key size and hash algorithm, then
* all JDK releases can load them. Accordingly, a custom java.security file is
* provided to make sure such weak key sizes and algorithms are not blocked by
* any JDK build.
*/
public enum Cert {
// This certificate is generated by the below command:
// openssl req -x509 -newkey rsa:1024 -days 7300 \
// -subj "/CN=RSA_SHA1_1024" -sha1 \
// -keyout key.pem -out cert.pem
RSA_SHA1_1024(
SignatureAlgorithm.RSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIIB/jCCAWegAwIBAgIJANPuKkD7/jxkMA0GCSqGSIb3DQEBBQUAMBgxFjAUBgNV\n" +
"BAMMDVJTQV9TSEExXzEwMjQwHhcNMTcwOTA3MDIwNTM0WhcNMzcwOTAyMDIwNTM0\n" +
"WjAYMRYwFAYDVQQDDA1SU0FfU0hBMV8xMDI0MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" +
"ADCBiQKBgQC3v7UeIxD5bdv4mqwcpah7sNxpI3IxUFzI2ao1g1jVzDPZt9Zawa3K\n" +
"H+m9al1Fg2X1dyNeRlbiXavcIZOQwZqNj08zJEwAdICP8iOnXQ2HUv5cpzArOPTu\n" +
"GY3flhf39xgiWsSdfb+cP0QsWNagNU8EtebbHndv8W+2K5JEdlpwQQIDAQABo1Aw\n" +
"TjAdBgNVHQ4EFgQU32KqdiGyzg39chNt/OwQzGOlUyAwHwYDVR0jBBgwFoAU32Kq\n" +
"diGyzg39chNt/OwQzGOlUyAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOB\n" +
"gQAWx8y45IIWWhy44cuQs0qcSDQihIvhXB3pvlpCNdfsSrVoaaH8lrOVjTC718ip\n" +
"fE1sF8I9niLHUg8WrAzdQRDsKyUhDUhEEJ7w1ffxwf8bcI9+NgWwEix0Dazzkub8\n" +
"2IRXuZ3dGwzoI54XtxvKMFH86nJEj4M/XQGrc9bnlhcn4g==\n" +
"-----END CERTIFICATE-----",
"30820278020100300d06092a864886f70d0101010500048202623082025e0201" +
"0002818100b7bfb51e2310f96ddbf89aac1ca5a87bb0dc69237231505cc8d9aa" +
"358358d5cc33d9b7d65ac1adca1fe9bd6a5d458365f577235e4656e25dabdc21" +
"9390c19a8d8f4f33244c0074808ff223a75d0d8752fe5ca7302b38f4ee198ddf" +
"9617f7f718225ac49d7dbf9c3f442c58d6a0354f04b5e6db1e776ff16fb62b92" +
"44765a7041020301000102818100b2c5afdf5c5a9d72c73b7eb0c9465b3fcc79" +
"0549d946255bc0861555ef2eb503f1c67757f400cfa7019996123020fb906d5b" +
"b66b789ffba90b16270cbd1fbfcf285a821dcdc78fd8f17f399eb231ce9724db" +
"af60f9dd20f3e57bb4c0f9fdc9069589b82d442dd868d48c031eb782e27f9e70" +
"8469f9b3d5b1b23cee5bf1b41781024100dec184ea77c2126c6bc0c01ba727b4" +
"642587d63811240932334dc80c7976e0f715f156e52b352a25e5c52542af2b5f" +
"68a29a9b68858f313c4375cc78ec03d859024100d32be8375f52cbe904002321" +
"6977aee83fa88bf536d4052d2ed578727d7b7e5aeef91fc52b34c1b6638c00f0" +
"4c6985fdaaa2d6e72adbcc7d10ed8bafff69da29024100ae8210acd6f13519b7" +
"38a3c7862636ce1610daa3c5d9e3526e9acad3eafc54b57d7d3a44029b7dcf7e" +
"b7f9beca1842806892929949b8aa2bb9f5b9202a55c0d1024100887dc0c2c9a2" +
"429a823374818c2207b3a631d304d443867505e884c9bbc1ae9228146e2c8b18" +
"b67ca52b411010d3c3ff89e366f454076dcd08bc01a5e8790ac102402321988a" +
"2003e19c878791d402a7c0acdd1b6dd27203ed88f86a0e3a390ee57c0cd277f3" +
"ea5df6440dbc8bdb4c8b3c28fc77e6991bc4ed3f4dc0619a5b953e8e"),
// This certificate is generated by the below command:
// openssl req -x509 -newkey rsa:1024 -days 7300 \
// -subj "/CN=www.example.com" -sha1 \
// -keyout key.pem -out cert.pem
RSA_EXAMPLE_SHA1_1024(
SignatureAlgorithm.RSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIICAjCCAWugAwIBAgIJAK6TC9eDtZg4MA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV\n" +
"BAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNzExMDIwNTA5NDRaFw0zNzEwMjgwNTA5\n" +
"NDRaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEF\n" +
"AAOBjQAwgYkCgYEAtt5kxFTzJuoxJR2UgeXUxCw7TfL3FeK3lCrU3vruBe3XKKvF\n" +
"oyCxf/B5ucm22gzMfOvJBWRg6KrNTrXGI1LtlmAYNDM5J0lK2N/neKOm3Qxe0d1W\n" +
"AZ1lwgrMNirsWu+r4UPNMq5UohL5nqVU9WwVa12t0GF3er3k32tMTBqSclcCAwEA\n" +
"AaNQME4wHQYDVR0OBBYEFNc8tKGfZdFyaY0ZslwGLt1kpRYAMB8GA1UdIwQYMBaA\n" +
"FNc8tKGfZdFyaY0ZslwGLt1kpRYAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\n" +
"BQADgYEAc71ZO83YEw9WvhxDEng9tMYUhJnNZJss6+gfWjZ487aiEGnS+VgKsHWz\n" +
"DBLBrYe9Ag5L9f1HtPNheUbnhhBbQ607jOG/wfmpi4VoU3myB5uxOfeAZdXDOB5x\n" +
"bv3t7KcEhgmPjB/e123jrBK8qnAYmDlQVlkZScctB3I1OuA2Po4=\n" +
"-----END CERTIFICATE-----",
"30820277020100300d06092a864886f70d0101010500048202613082025d0201" +
"0002818100b6de64c454f326ea31251d9481e5d4c42c3b4df2f715e2b7942ad4" +
"defaee05edd728abc5a320b17ff079b9c9b6da0ccc7cebc9056460e8aacd4eb5" +
"c62352ed96601834333927494ad8dfe778a3a6dd0c5ed1dd56019d65c20acc36" +
"2aec5aefabe143cd32ae54a212f99ea554f56c156b5dadd061777abde4df6b4c" +
"4c1a927257020301000102818048af52bc1acbdededd13d4930fa28b9441c47c" +
"b222f5c6fc92df07676db3a815a61c9b51de0a03a347b10a609bd6459a0dd926" +
"38877261686a5c6bb1ca9e8ea2373870af7685e7d6cebd66faba65af2ef04bd9" +
"1244ae56900fcd6ce11207d8c4040176e4ba9fef3d563741a1027b229134cfe1" +
"c0a90d9c8eba9ce6349835e769024100e82494b6f777c784ffc29298d033e11d" +
"af46f0d464c4dbd950d46bcd697d0f0b49a77699f0111d408e8748f2b461ab8f" +
"210071c9c20d8ecee3ae229cb9c3954b024100c9a976f0011fcdc0ca7fb2f679" +
"974fa85d420c604ca7ff64fe4667a44f73088eef290d22195474039760e99325" +
"3ca45ee444588b150467d14451d3c45dab0ba5024019df39d3ca70c703c39d63" +
"c9342b1403c2ed1d1a0ec101df8e6a9e391e7099a4a068d187068261c8381a4b" +
"bf00eb81bb49ea4ac439a4592e25a1daa9acea67510241008c4640007497bdd4" +
"94473da26b33d06a29ecae9531dd4e2edf1cf42cfc42e53a1fac2b8183a3164c" +
"053999600c6fe15a4c682a3b1cb482ceb33a4416fc9ce52d024100e4f08cd10a" +
"5c8face0b20db86443d0a42e34dfdde236dae4f042a06dd3aff7ca159f8aa3b7" +
"854df41d510148096155204f2bf46c4a96e271747a4126a66ade6c"),
// This certificate is generated by the below commands:
// openssl dsaparam -genkey 1024 -out key.pem
// openssl req -x509 -new -key key.pem -days 7300 \
// -subj "/CN=DSA_SHA1_1024" -sha1 -out cert.pem
DSA_SHA1_1024(
SignatureAlgorithm.DSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIICuzCCAnugAwIBAgIJAMAMLRrhQWQFMAkGByqGSM44BAMwGDEWMBQGA1UEAwwN\n" +
"RFNBX1NIQTFfMTAyNDAeFw0xNzExMDIwNjA4MDRaFw0zNzEwMjgwNjA4MDRaMBgx\n" +
"FjAUBgNVBAMMDURTQV9TSEExXzEwMjQwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEA\n" +
"8CspE1sE84pJ4YxzVHFEDNJvBaIxsbax03pDwNHr/ogP9PVwF9z1jT6hpC5WluHG\n" +
"g5n5gqpF2XpBhX2fKm1qqZWRxNvHKo0+zzAhUqMrvRJqcjlL4ijXndHldt67/VKS\n" +
"0eTKi9m64c+yJx80YYphCO5b93d2sTM29z8QZOlrbD8CFQCmttKnPAOk4uz8Z8cV\n" +
"uPGeGOMB9wKBgCItgPpAjW0srIwCaDysDNpydX6hB+1NTy1gFYl24n8edLGbR0mZ\n" +
"isteBd6LjMtgicRmtKZzKxW7igxoVvR3WHpTucFjms5NRNjPaj5wt3DxoXn4hyWk\n" +
"LzMvDeBvi+jKJiO0jnQ3+1NDOlAQy6ukeH59/gxZ3UmcNxDlAQ/IYHcpA4GEAAKB\n" +
"gEgvi72gL+zax7Y2hg4PL1PqZx2jFp0XlTIugiTrcsGytrAnn+/s2+3xVyVyvVMn\n" +
"0z5yL5eP9cdGA7qV1+7n6KJ8jNAhLCBSiC6x5ekd88aTlqnmt5lstk4w0Q0zSa58\n" +
"Hp6dCFg2Irk6Z9ERKaXJJBBS6reaFeATVROhN/LEEzzvo1AwTjAdBgNVHQ4EFgQU\n" +
"jb+HHABclGNR4lpf19nHFZpfwPQwHwYDVR0jBBgwFoAUjb+HHABclGNR4lpf19nH\n" +
"FZpfwPQwDAYDVR0TBAUwAwEB/zAJBgcqhkjOOAQDAy8AMCwCFDB3F/m6jsZdHaoy\n" +
"1xTp2U8uHBO+AhQYzeJuJd8/qRSDVLs8mesE8TQg2g==\n" +
"-----END CERTIFICATE-----",
"3082014a0201003082012b06072a8648ce3804013082011e02818100f02b2913" +
"5b04f38a49e18c735471440cd26f05a231b1b6b1d37a43c0d1ebfe880ff4f570" +
"17dcf58d3ea1a42e5696e1c68399f982aa45d97a41857d9f2a6d6aa99591c4db" +
"c72a8d3ecf302152a32bbd126a72394be228d79dd1e576debbfd5292d1e4ca8b" +
"d9bae1cfb2271f34618a6108ee5bf77776b13336f73f1064e96b6c3f021500a6" +
"b6d2a73c03a4e2ecfc67c715b8f19e18e301f7028180222d80fa408d6d2cac8c" +
"02683cac0cda72757ea107ed4d4f2d60158976e27f1e74b19b4749998acb5e05" +
"de8b8ccb6089c466b4a6732b15bb8a0c6856f477587a53b9c1639ace4d44d8cf" +
"6a3e70b770f1a179f88725a42f332f0de06f8be8ca2623b48e7437fb53433a50" +
"10cbaba4787e7dfe0c59dd499c3710e5010fc8607729041602146ef9db36045f" +
"bcd8c7fd82ba29c5c5057ed11c7f"),
// This certificate is generated by the below commands:
// openssl dsaparam -genkey 1024 -out key.pem
// openssl req -x509 -new -key key.pem -days 7300 \
// -subj "/CN=www.example.com" -sha1 -out cert.pem
DSA_EXAMPLE_SHA1_1024(
SignatureAlgorithm.DSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIICwDCCAoCgAwIBAgIJAI5mKbdK5ZqyMAkGByqGSM44BAMwGjEYMBYGA1UEAwwP\n" +
"d3d3LmV4YW1wbGUuY29tMB4XDTE3MTEwMjA1NDczOVoXDTM3MTAyODA1NDczOVow\n" +
"GjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMIIBtzCCASwGByqGSM44BAEwggEf\n" +
"AoGBANVGWRSlxVZQKlVrTDcU/6Mr8QFlR3kGKmkvdbTHH1EhcP7YlZ7CJ30VBDbN\n" +
"LS2HvN3HHNooJ7hHBheL5Yz8EZIUa95TzPukZ1TmCo9fufR5i9HWj9Z8jLhyqx3l\n" +
"iUZOYN9H0MSn4ftK6dr5oTz2ZGYDblXDCq6R8qZfuw1URFqrAhUArx0nmGEI/1S/\n" +
"qyxnV4I6ItOntxMCgYEAxZKIZ/7aOGfzaQG2wRFdD/viHBZkkcxCsgmPUroQVUIw\n" +
"dqmUnfYk8cb02LCevhhSwcjfocQsA3y1jufIUdWaHuIB9W3EsFJQNd/Byh9j/pRD\n" +
"7zH/8lnBzJh2S7y10Vg840STVo5+ekZb4E+W7KK5gUaEQ6kAtUIIB0xjNz7RWs4D\n" +
"gYQAAoGAPVQKWqJSlMrbU4XEsx50Ur8P84CwMnS7WcQNLnih1ScaK2BijgVj5Fny\n" +
"9JZxITwj7XD7FWriq3kTjbydi3iAvrgVWij79x5Z7fTRCuoBVmtnAFkVGalwbGr2\n" +
"ghz70y6hep2Evb1pRCrHjRkMaJFE5Y2CA7VbpKoat+j47/LkXJ2jUDBOMB0GA1Ud\n" +
"DgQWBBSVjWy3SpaDfnFo+37mZJqX2aybzTAfBgNVHSMEGDAWgBSVjWy3SpaDfnFo\n" +
"+37mZJqX2aybzTAMBgNVHRMEBTADAQH/MAkGByqGSM44BAMDLwAwLAIUd5NOlcfX\n" +
"5rakT9H8UzlFcFQLr0MCFGrEYvlFUf/HJOH4FwXS2jEholBB\n" +
"-----END CERTIFICATE-----",
"3082014c0201003082012c06072a8648ce3804013082011f02818100d5465914" +
"a5c556502a556b4c3714ffa32bf101654779062a692f75b4c71f512170fed895" +
"9ec2277d150436cd2d2d87bcddc71cda2827b84706178be58cfc1192146bde53" +
"ccfba46754e60a8f5fb9f4798bd1d68fd67c8cb872ab1de589464e60df47d0c4" +
"a7e1fb4ae9daf9a13cf66466036e55c30aae91f2a65fbb0d54445aab021500af" +
"1d27986108ff54bfab2c6757823a22d3a7b71302818100c5928867feda3867f3" +
"6901b6c1115d0ffbe21c166491cc42b2098f52ba1055423076a9949df624f1c6" +
"f4d8b09ebe1852c1c8dfa1c42c037cb58ee7c851d59a1ee201f56dc4b0525035" +
"dfc1ca1f63fe9443ef31fff259c1cc98764bbcb5d1583ce34493568e7e7a465b" +
"e04f96eca2b981468443a900b54208074c63373ed15ace0417021500abf47692" +
"88c6ac41e2802e7eb7addba367339318"),
// This certificate is generated by the below commands:
// openssl ecparam -name prime256v1 -genkey -out key.pem
// openssl req -new -key key.pem -x509 -nodes -days 7300 \
// -subj "/CN=ECDSA_SHA1_prime256v1" -sha1 -out cert.pem
ECDSA_SHA1_PRIME256V1(
SignatureAlgorithm.ECDSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIIBhDCCASygAwIBAgIJAKW4wuujp9JbMAkGByqGSM49BAEwIDEeMBwGA1UEAwwV\n" +
"RUNEU0FfU0hBMV9wcmltZTI1NnYxMB4XDTE3MDkwNzAyMTA0MVoXDTM3MDkwMjAy\n" +
"MTA0MVowIDEeMBwGA1UEAwwVRUNEU0FfU0hBMV9wcmltZTI1NnYxMFkwEwYHKoZI\n" +
"zj0CAQYIKoZIzj0DAQcDQgAEdbE+AMwsFBf73YXRVwsvsx2dMt1xgDxj/4pN+BfY\n" +
"LWnO94beeZcrCJ1/N8CHmDOce7KRDR6/9kpi20wFAVXZ3KNQME4wHQYDVR0OBBYE\n" +
"FA/hB2ODDNdz1JF08u2uhknhlsVoMB8GA1UdIwQYMBaAFA/hB2ODDNdz1JF08u2u\n" +
"hknhlsVoMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNHADBEAiBNxv2L2FW+6+w/\n" +
"QtDe+YSUNRj3F8QrpLkfGk7rVaOiHQIgVF2pWJ5ytg0pbCuO8Bh+UZ7zfZUD03s8\n" +
"ZuIYW7RtMe0=\n" +
"-----END CERTIFICATE-----",
"308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02" +
"010104204d901d5efd0e3def78d5307788a4c760115effce4b9e2c31ae5860b6" +
"c11915aca1440342000475b13e00cc2c1417fbdd85d1570b2fb31d9d32dd7180" +
"3c63ff8a4df817d82d69cef786de79972b089d7f37c08798339c7bb2910d1ebf" +
"f64a62db4c050155d9dc"),
// This certificate is generated by the below commands:
// openssl ecparam -name prime256v1 -genkey -out key.pem
// openssl req -new -key key.pem -x509 -nodes -days 7300 \
// -subj "/CN=www.example.com" -sha1 -out cert.pem
ECDSA_EXAMPLE_SHA1_PRIME256V1(
SignatureAlgorithm.ECDSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIIBeDCCASCgAwIBAgIJAMxOXBpiJ5mDMAkGByqGSM49BAEwGjEYMBYGA1UEAwwP\n" +
"d3d3LmV4YW1wbGUuY29tMB4XDTE3MTEwMjA1MTg0MVoXDTM3MTAyODA1MTg0MVow\n" +
"GjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" +
"AQcDQgAER9IyuwyrJ7X9DmIqGC3YNTlWBt4Fo/Y3RnlcxhTVxb/ZAYVNhqe4MbSM\n" +
"2nsVnYMjjXXDav1plNKvmgGDf9s/saNQME4wHQYDVR0OBBYEFHNUTaIIEA89uNKH\n" +
"OOUgJ981Qj5HMB8GA1UdIwQYMBaAFHNUTaIIEA89uNKHOOUgJ981Qj5HMAwGA1Ud\n" +
"EwQFMAMBAf8wCQYHKoZIzj0EAQNHADBEAiBCW59S1nE15j8euO6/q9bM6J9Ci5xJ\n" +
"WWAVznGGxnS/HgIgFaFKC31uxTXoBN7QN0yW/umQgJ0nsjwj7Pnxc0wNyw8=\n" +
"-----END CERTIFICATE-----",
"308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02" +
"010104209aa3784cd0c1fe0553e59b3c7b8f08c8fdaffd94f34e2c1683243a79" +
"7b64b673a1440342000447d232bb0cab27b5fd0e622a182dd835395606de05a3" +
"f63746795cc614d5c5bfd901854d86a7b831b48cda7b159d83238d75c36afd69" +
"94d2af9a01837fdb3fb1");
public final SignatureAlgorithm signatureAlgorithm;
public final String certMaterials;
public final String privKeyMaterials;
private Cert(
SignatureAlgorithm signatureAlgorithm,
String certMaterials,
String privKeyMaterials) {
this.signatureAlgorithm = signatureAlgorithm;
this.certMaterials = certMaterials;
this.privKeyMaterials = privKeyMaterials;
}
// Two certificates (mainCert and exampleCert) are selected to respect the
// specified cipher suite. SNI-associated cases specify exampleCert as desired.
public static Cert[] getCerts(String cipherSuite) {
Cert mainCert = Cert.DSA_SHA1_1024;
Cert exampleCert = Cert.DSA_EXAMPLE_SHA1_1024;
if (cipherSuite.contains("_ECDHE_RSA_")) {
mainCert = Cert.RSA_SHA1_1024;
exampleCert = Cert.RSA_EXAMPLE_SHA1_1024;
} else if (cipherSuite.contains("_EC")) {
mainCert = Cert.ECDSA_SHA1_PRIME256V1;
exampleCert = Cert.ECDSA_EXAMPLE_SHA1_PRIME256V1;
} else if (cipherSuite.contains("_RSA")) {
mainCert = Cert.RSA_SHA1_1024;
exampleCert = Cert.RSA_EXAMPLE_SHA1_1024;
}
System.out.printf("mainCert=%s, exampleCert=%s%n",
mainCert, exampleCert);
return new Cert[] { mainCert, exampleCert };
}
}
enum SignatureAlgorithm {
RSA, DSA, ECDSA;
}

206
test/jdk/javax/net/ssl/compatibility/Client.java Normal file
View File

@ -0,0 +1,206 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
/*
* A simple SSL socket client.
*/
public class Client {
private final SSLSocket socket;
public Client(SSLContext context) throws Exception {
SSLSocketFactory socketFactory = context.getSocketFactory();
socket = (SSLSocket) socketFactory.createSocket();
socket.setSoTimeout(Utils.TIMEOUT);
}
public Client(Cert... certs) throws Exception {
this(Utils.createSSLContext(certs));
}
private SSLSession getSession() {
return socket.getSession();
}
private void setEnabledCipherSuites(String... cipherSuites) {
socket.setEnabledCipherSuites(cipherSuites);
}
private void setEnabledProtocols(String... protocols) {
socket.setEnabledProtocols(protocols);
}
@SuppressWarnings(value = { "unchecked", "rawtypes" })
private void setServerName(String hostname) {
List serverNames = new ArrayList();
serverNames.add(createSNIHostName(hostname));
SSLParameters params = socket.getSSLParameters();
params.setServerNames(serverNames);
socket.setSSLParameters(params);
}
// Create SNIHostName via reflection due to pre-8 JDK builds don't support
// SNI. Those JDK builds cannot find classes SNIServerName and SNIHostName.
private Object createSNIHostName(String hostname) {
try {
Class<?> clazz = Class.forName("javax.net.ssl.SNIHostName");
return clazz.getConstructor(String.class).newInstance(hostname);
} catch (Exception e) {
throw new RuntimeException("Creates SNIHostName failed!", e);
}
}
private void setApplicationProtocols(String... protocols) {
SSLParameters params = socket.getSSLParameters();
params.setApplicationProtocols(protocols);
socket.setSSLParameters(params);
}
private String getNegotiatedApplicationProtocol() {
return socket.getApplicationProtocol();
}
private void oneTimeConnect(String host, int port) throws IOException {
socket.connect(new InetSocketAddress(host, port));
OutputStream out = socket.getOutputStream();
out.write('C');
out.flush();
InputStream in = socket.getInputStream();
in.read();
}
public void close() throws IOException {
socket.close();
}
public static void main(String[] args) throws IOException {
System.out.println("----- Client start -----");
int port = Integer.valueOf(System.getProperty(Utils.PROP_PORT));
String protocol = System.getProperty(Utils.PROP_PROTOCOL);
String cipherSuite = System.getProperty(Utils.PROP_CIPHER_SUITE);
String serverName = System.getProperty(Utils.PROP_SERVER_NAME);
String appProtocols = System.getProperty(Utils.PROP_APP_PROTOCOLS);
boolean supportsSNIOnServer
= Utils.getBoolProperty(Utils.PROP_SUPPORTS_SNI_ON_SERVER);
boolean supportsSNIOnClient
= Utils.getBoolProperty(Utils.PROP_SUPPORTS_SNI_ON_CLIENT);
boolean supportsALPNOnServer
= Utils.getBoolProperty(Utils.PROP_SUPPORTS_ALPN_ON_SERVER);
boolean supportsALPNOnClient
= Utils.getBoolProperty(Utils.PROP_SUPPORTS_ALPN_ON_CLIENT);
boolean negativeCase
= Utils.getBoolProperty(Utils.PROP_NEGATIVE_CASE_ON_CLIENT);
System.out.println(Utils.join(Utils.PARAM_DELIMITER,
"ClientJDK=" + System.getProperty(Utils.PROP_CLIENT_JDK),
"Protocol=" + protocol,
"CipherSuite=" + cipherSuite,
"ServerName=" + serverName,
"AppProtocols=" + appProtocols));
Status status = Status.SUCCESS;
Client client = null;
try {
client = new Client(Cert.getCerts(cipherSuite));
client.setEnabledProtocols(protocol);
client.setEnabledCipherSuites(cipherSuite);
if (serverName != null) {
if (supportsSNIOnClient) {
client.setServerName(serverName);
} else {
System.out.println(
"Ignored due to client doesn't support SNI.");
}
}
if (appProtocols != null) {
if (supportsALPNOnClient) {
client.setApplicationProtocols(
Utils.split(appProtocols, Utils.VALUE_DELIMITER));
} else {
System.out.println(
"Ignored due to client doesn't support ALPN.");
}
}
client.oneTimeConnect("localhost", port);
if (serverName != null && supportsSNIOnServer
&& supportsSNIOnClient) {
X509Certificate cert
= (X509Certificate) client.getSession().getPeerCertificates()[0];
String subject
= cert.getSubjectX500Principal().getName();
if (!subject.contains(serverName)) {
System.out.println("Unexpected server: " + subject);
status = Status.FAIL;
}
}
if (appProtocols != null && supportsALPNOnServer
&& supportsALPNOnClient) {
String negoAppProtocol
= client.getNegotiatedApplicationProtocol();
String expectedNegoAppProtocol
= System.getProperty(Utils.PROP_NEGO_APP_PROTOCOL);
if (!expectedNegoAppProtocol.equals(negoAppProtocol)) {
System.out.println("Unexpected negotiated app protocol: "
+ negoAppProtocol);
status = Status.FAIL;
}
}
if (status != Status.FAIL) {
status = negativeCase
? Status.UNEXPECTED_SUCCESS
: Status.SUCCESS;
}
} catch (Exception exception) {
status = Utils.handleException(exception, negativeCase);
} finally {
if (client != null) {
client.close();
}
}
System.out.println("STATUS: " + status);
System.out.println("----- Client end -----");
}
}

338
test/jdk/javax/net/ssl/compatibility/Compatibility.java Normal file
View File

@ -0,0 +1,338 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @summary This test is used to check the interop compatibility on JSSE among
* different JDK releases.
* Note that, this is a manual test. For more details about the test and
* its usages, please look through README.
*
* @library /test/lib
* @compile -source 1.6 -target 1.6 JdkUtils.java Parameter.java Server.java Client.java
* @run main/manual Compatibility
*/
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import jdk.test.lib.process.OutputAnalyzer;
public class Compatibility {
public static void main(String[] args) throws Throwable {
String javaSecurityFile
= System.getProperty("test.src") + "/java.security";
boolean debug = Utils.getBoolProperty("debug");
Set<JdkInfo> jdkInfos = jdkInfoList();
System.out.println("Test start");
List<TestCase> testCases = new ArrayList<>();
ExecutorService executor = Executors.newCachedThreadPool();
PrintStream origStdOut = System.out;
PrintStream origStdErr = System.err;
try (PrintStream printStream = new PrintStream(
new FileOutputStream(Utils.TEST_LOG, true))) {
System.setOut(printStream);
System.setErr(printStream);
System.out.println(Utils.startHtml());
System.out.println(Utils.startPre());
for (UseCase useCase : UseCase.getAllUseCases()) {
for (JdkInfo serverJdk : jdkInfos) {
if (useCase.ignoredByJdk(serverJdk)) {
continue;
}
Map<String, String> props = new LinkedHashMap<>();
if (debug) {
props.put("javax.net.debug", "ssl");
}
props.put("java.security.properties", javaSecurityFile);
props.put(Utils.PROP_PROTOCOL, useCase.protocol.version);
props.put(Utils.PROP_CIPHER_SUITE, useCase.cipherSuite.name());
props.put(Utils.PROP_CLIENT_AUTH, useCase.clientAuth.name());
if (useCase.appProtocol != AppProtocol.NONE) {
props.put(Utils.PROP_APP_PROTOCOLS,
Utils.join(Utils.VALUE_DELIMITER,
useCase.appProtocol.appProtocols));
props.put(Utils.PROP_NEGO_APP_PROTOCOL,
useCase.appProtocol.negoAppProtocol);
}
props.put(Utils.PROP_SERVER_JDK, serverJdk.version);
props.put(Utils.PROP_SUPPORTS_SNI_ON_SERVER,
serverJdk.supportsSNI + "");
props.put(Utils.PROP_SUPPORTS_ALPN_ON_SERVER,
serverJdk.supportsALPN + "");
for (JdkInfo clientJdk : jdkInfos) {
if (useCase.ignoredByJdk(clientJdk)) {
continue;
}
TestCase testCase = new TestCase(serverJdk, clientJdk,
useCase);
System.out.println(Utils.anchorName(testCase.toString(),
"----- Case start -----"));
System.out.println(testCase.toString());
props.put(Utils.PROP_NEGATIVE_CASE_ON_SERVER,
testCase.negativeCaseOnServer + "");
props.put(Utils.PROP_NEGATIVE_CASE_ON_CLIENT,
testCase.negativeCaseOnClient + "");
Future<OutputAnalyzer> serverFuture = executor.submit(() -> {
return runServer(serverJdk.jdkPath, props);
});
int port = waitForServerStarted();
System.out.println("port=" + port);
props.put(Utils.PROP_PORT, port + "");
props.put(Utils.PROP_CLIENT_JDK, clientJdk.version);
props.put(Utils.PROP_SUPPORTS_SNI_ON_CLIENT,
clientJdk.supportsSNI + "");
props.put(Utils.PROP_SUPPORTS_ALPN_ON_CLIENT,
clientJdk.supportsALPN + "");
if (useCase.serverName != ServerName.NONE) {
props.put(Utils.PROP_SERVER_NAME,
useCase.serverName.name);
}
Status clientStatus = null;
if (port != -1) {
String clientOutput = runClient(clientJdk.jdkPath,
props).getOutput();
clientStatus = getStatus(clientOutput);
}
String serverOutput = serverFuture.get().getOutput();
Status serverStatus = getStatus(serverOutput);
testCase.setStatus(caseStatus(serverStatus, clientStatus));
testCases.add(testCase);
System.out.printf(
"ServerStatus=%s, ClientStatus=%s, CaseStatus=%s%n",
serverStatus, clientStatus, testCase.getStatus());
// Confirm the server has stopped.
if(new File(Utils.PORT_LOG).exists()) {
throw new RuntimeException("Server doesn't stop.");
}
System.out.println("----- Case end -----");
}
}
}
System.out.println(Utils.endPre());
System.out.println(Utils.endHtml());
}
System.setOut(origStdOut);
System.setErr(origStdErr);
executor.shutdown();
System.out.println("Test end");
System.out.println("Report is being generated...");
boolean failed = generateReport(testCases);
System.out.println("Report is generated.");
if (failed) {
throw new RuntimeException("At least one case failed. "
+ "Please check logs for more details.");
}
}
private static Status getStatus(String log) {
if (log.contains(Status.UNEXPECTED_SUCCESS.name())) {
return Status.UNEXPECTED_SUCCESS;
} else if (log.contains(Status.SUCCESS.name())) {
return Status.SUCCESS;
} else if (log.contains(Status.EXPECTED_FAIL.name())) {
return Status.EXPECTED_FAIL;
} else if (log.contains(Status.TIMEOUT.name())) {
return Status.TIMEOUT;
} else {
return Status.FAIL;
}
}
private static Status caseStatus(Status serverStatus, Status clientStatus) {
if (clientStatus == null || clientStatus == Status.TIMEOUT) {
return serverStatus == Status.EXPECTED_FAIL
? Status.EXPECTED_FAIL
: Status.FAIL;
} else if (serverStatus == Status.TIMEOUT) {
return clientStatus == Status.EXPECTED_FAIL
? Status.EXPECTED_FAIL
: Status.FAIL;
} else {
return serverStatus == clientStatus
? serverStatus
: Status.FAIL;
}
}
// Retrieves JDK info from the file which is specified by jdkListFile.
// If no such file or no JDK is specified by the file, the current testing
// JDK will be used.
private static Set<JdkInfo> jdkInfoList() throws Throwable {
List<String> jdkList = jdkList("jdkListFile");
if (jdkList.size() == 0) {
jdkList.add(System.getProperty("test.jdk"));
}
Set<JdkInfo> jdkInfoList = new LinkedHashSet<>();
for (String jdkPath : jdkList) {
JdkInfo jdkInfo = new JdkInfo(jdkPath);
// JDK version must be unique.
if (!jdkInfoList.add(jdkInfo)) {
System.out.println("The JDK version is duplicate: " + jdkPath);
}
}
return jdkInfoList;
}
private static List<String> jdkList(String listFileProp) throws IOException {
String listFile = System.getProperty(listFileProp);
System.out.println(listFileProp + "=" + listFile);
if (listFile != null && new File(listFile).exists()) {
return Files.lines(Paths.get(listFile))
.filter(line -> { return !line.trim().isEmpty(); })
.collect(Collectors.toList());
} else {
return new ArrayList<>();
}
}
// Checks if server is already launched, and returns server port.
private static int waitForServerStarted()
throws IOException, InterruptedException {
System.out.print("Waiting for server");
long deadline = System.currentTimeMillis() + Utils.TIMEOUT;
int port;
while ((port = getServerPort()) == -1
&& System.currentTimeMillis() < deadline) {
System.out.print(".");
TimeUnit.SECONDS.sleep(1);
}
System.out.println();
return port;
}
// Retrieves the latest server port from port.log.
private static int getServerPort() throws IOException {
if (!new File(Utils.PORT_LOG).exists()) {
return -1;
}
return Integer.valueOf(
Files.lines(Paths.get(Utils.PORT_LOG)).findFirst().get());
}
private static OutputAnalyzer runServer(String jdkPath,
Map<String, String> props) {
return ProcessUtils.java(jdkPath, props, Server.class);
}
private static OutputAnalyzer runClient(String jdkPath,
Map<String, String> props) {
return ProcessUtils.java(jdkPath, props, Client.class);
}
// Generates the test result report.
private static boolean generateReport(List<TestCase> testCases)
throws IOException {
boolean failed = false;
StringBuilder report = new StringBuilder();
report.append(Utils.startHtml());
report.append(Utils.tableStyle());
report.append(Utils.startTable());
report.append(Utils.row(
"No.",
"ServerJDK",
"ClientJDK",
"Protocol",
"CipherSuite",
"ClientAuth",
"SNI",
"ALPN",
"Status"));
for (int i = 0, size = testCases.size(); i < size; i++) {
TestCase testCase = testCases.get(i);
report.append(Utils.row(
Utils.anchorLink(
Utils.TEST_LOG,
testCase.toString(),
i + ""),
testCase.serverJdk.version,
testCase.clientJdk.version,
testCase.useCase.protocol.version,
testCase.useCase.cipherSuite,
Utils.boolToStr(
testCase.useCase.clientAuth == ClientAuth.TRUE),
Utils.boolToStr(
testCase.useCase.serverName == ServerName.EXAMPLE),
Utils.boolToStr(
testCase.useCase.appProtocol == AppProtocol.EXAMPLE),
testCase.getStatus()));
failed = failed
|| testCase.getStatus() == Status.FAIL
|| testCase.getStatus() == Status.UNEXPECTED_SUCCESS;
}
report.append(Utils.endTable());
report.append(Utils.endHtml());
generateFile("report.html", report.toString());
return failed;
}
private static void generateFile(String path, String content)
throws IOException {
try(FileWriter writer = new FileWriter(new File(path))) {
writer.write(content);
}
}
}

92
test/jdk/javax/net/ssl/compatibility/JdkInfo.java Normal file
View File

@ -0,0 +1,92 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* It represents a JDK with some specific attributes.
* If two JdkInfo instances have the same version value, the instances are
* regarded as equivalent.
*/
public class JdkInfo {
public final String jdkPath;
public final String version;
public final boolean supportsECKey;
public final boolean supportsSNI;
public final boolean supportsALPN;
public JdkInfo(String jdkPath) throws Throwable {
this.jdkPath = jdkPath;
String output = jdkAttributes(jdkPath);
if (output == null || output.trim().isEmpty()) {
throw new RuntimeException(
"Cannot determine the JDK attributes: " + jdkPath);
}
String[] attributes = Utils.split(output, Utils.PARAM_DELIMITER);
version = attributes[0].replaceAll(".*=", "");
supportsECKey = Boolean.valueOf(attributes[1].replaceAll(".*=", ""));
supportsSNI = Boolean.valueOf(attributes[2].replaceAll(".*=", ""));
supportsALPN = Boolean.valueOf(attributes[3].replaceAll(".*=", ""));
}
// Determines the specific attributes for the specified JDK.
private static String jdkAttributes(String jdkPath) throws Throwable {
return ProcessUtils.java(jdkPath, null, JdkUtils.class).getOutput();
}
@Override
public int hashCode() {
return version == null ? 0 : version.hashCode();
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (getClass() != obj.getClass()) {
return false;
}
JdkInfo other = (JdkInfo) obj;
if (version == null) {
if (other.version != null) {
return false;
}
} else if (!version.equals(other.version)) {
return false;
}
return true;
}
public boolean supportsCipherSuite(CipherSuite cipherSuite) {
JdkRelease jdkRelease = JdkRelease.getRelease(version);
return cipherSuite.startJdk.sequence <= jdkRelease.sequence
&& (cipherSuite.endJdk == null
|| cipherSuite.endJdk.sequence >= jdkRelease.sequence);
}
}

58
test/jdk/javax/net/ssl/compatibility/JdkRelease.java Normal file
View File

@ -0,0 +1,58 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* JDK major versions.
*/
public enum JdkRelease {
JDK6(6, "1.6"),
JDK7(7, "1.7"),
JDK8(8, "1.8"),
JDK9(9, "9"),
JDK10(10, "10");
public final int sequence;
public final String release;
private JdkRelease(int sequence, String release) {
this.sequence = sequence;
this.release = release;
}
public static JdkRelease getRelease(String jdkVersion) {
if (jdkVersion.startsWith(JDK6.release)) {
return JDK6;
} else if (jdkVersion.startsWith(JDK7.release)) {
return JDK7;
} else if (jdkVersion.startsWith(JDK8.release)) {
return JDK8;
} else if (jdkVersion.startsWith(JDK9.release)) {
return JDK9;
} else if (jdkVersion.startsWith(JDK10.release)) {
return JDK10;
}
return null;
}
}

88
test/jdk/javax/net/ssl/compatibility/JdkUtils.java Normal file
View File

@ -0,0 +1,88 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLParameters;
/*
* This class is used for returning some specific JDK information.
*/
public class JdkUtils {
public static final String JAVA_RUNTIME_VERSION = "javaRuntimeVersion";
public static final String SUPPORTS_EC_KEY = "supportsECKey";
public static final String SUPPORTS_SNI = "supportsSNI";
public static final String SUPPORTS_ALPN = "supportsALPN";
// Returns the JDK build version.
public static String javaRuntimeVersion() {
return System.getProperty("java.runtime.version");
}
// Checks if EC key algorithm is supported by the JDK build.
private static boolean supportsECKey() {
boolean isSupported = true;
try {
KeyFactory.getInstance("EC");
} catch (NoSuchAlgorithmException e) {
isSupported = false;
}
return isSupported;
}
// Checks if SNI is supported by the JDK build.
private static boolean supportsSNI() {
boolean isSupported = true;
try {
SSLParameters.class.getMethod("getServerNames");
} catch (NoSuchMethodException e) {
isSupported = false;
}
return isSupported;
}
// Checks if ALPN is supported by the JDK build.
private static boolean supportsALPN() {
boolean isSupported = true;
try {
SSLParameters.class.getMethod("getApplicationProtocols");
} catch (NoSuchMethodException e) {
isSupported = false;
}
return isSupported;
}
public static void main(String[] args) {
System.out.print(Utils.join(Utils.PARAM_DELIMITER,
attr(JAVA_RUNTIME_VERSION, javaRuntimeVersion()),
attr(SUPPORTS_EC_KEY, supportsECKey()),
attr(SUPPORTS_SNI, supportsSNI()),
attr(SUPPORTS_ALPN, supportsALPN())));
}
private static String attr(String name, Object value) {
return name + "=" + String.valueOf(value);
}
}

252
test/jdk/javax/net/ssl/compatibility/Parameter.java Normal file
View File

@ -0,0 +1,252 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* A tagging interface that all TLS communication parameters must implement.
*/
public interface Parameter { }
/* The followings are TLS communication parameters. */
enum Protocol implements Parameter {
SSLV3_0(3, "SSLv3"),
TLSV1_0(4, "TLSv1"),
TLSV1_1(5, "TLSv1.1"),
TLSV1_2(6, "TLSv1.2");
public final int sequence;
public final String version;
private Protocol(int sequence, String version) {
this.sequence = sequence;
this.version = version;
}
static Protocol getProtocol(String version) {
for (Protocol protocol : values()) {
if (protocol.version.equals(version)) {
return protocol;
}
}
return null;
}
static Protocol[] getMandatoryValues() {
return new Protocol[] { TLSV1_0, TLSV1_1, TLSV1_2 };
}
}
enum CipherSuite implements Parameter {
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_RSA_WITH_AES_256_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(),
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(),
TLS_RSA_WITH_AES_256_CBC_SHA(),
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(),
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(),
TLS_DHE_RSA_WITH_AES_256_CBC_SHA(),
TLS_DHE_DSS_WITH_AES_256_CBC_SHA(),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_RSA_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(),
TLS_RSA_WITH_AES_128_CBC_SHA(),
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
Protocol.SSLV3_0, JdkRelease.JDK7),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA(),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA(),
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_RSA_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_RSA_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(),
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(),
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(),
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(),
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(),
TLS_ECDHE_RSA_WITH_RC4_128_SHA(),
TLS_ECDH_ECDSA_WITH_RC4_128_SHA(),
TLS_ECDH_RSA_WITH_RC4_128_SHA(),
SSL_RSA_WITH_RC4_128_SHA(),
SSL_RSA_WITH_3DES_EDE_CBC_SHA(),
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
Protocol.SSLV3_0, JdkRelease.JDK6),
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
Protocol.SSLV3_0, JdkRelease.JDK6),
SSL_RSA_WITH_RC4_128_MD5(
Protocol.SSLV3_0, JdkRelease.JDK6);
private static final boolean FULL_CIPHER_SUITES
= Utils.getBoolProperty("fullCipherSuites");
final Protocol startProtocol;
final Protocol endProtocol;
final JdkRelease startJdk;
final JdkRelease endJdk;
private CipherSuite(
Protocol startProtocol, Protocol endProtocol,
JdkRelease startJdk, JdkRelease endJdk) {
this.startProtocol = startProtocol;
this.endProtocol = endProtocol;
this.startJdk = startJdk;
this.endJdk = endJdk;
}
private CipherSuite(Protocol startProtocol, JdkRelease startJdk) {
this(startProtocol, null, startJdk, null);
}
private CipherSuite() {
this(Protocol.TLSV1_0, null, JdkRelease.JDK6, null);
}
boolean supportedByProtocol(Protocol protocol) {
return startProtocol.sequence <= protocol.sequence
&& (endProtocol == null || endProtocol.sequence >= protocol.sequence);
}
static CipherSuite[] getMandatoryValues() {
return FULL_CIPHER_SUITES
? values()
: new CipherSuite[] {
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 };
}
static CipherSuite getCipherSuite(String name) {
for (CipherSuite cipherSuite : values()) {
if (cipherSuite.name().equals(name)) {
return cipherSuite;
}
}
return null;
}
}
enum ClientAuth implements Parameter {
FALSE,
TRUE;
static ClientAuth[] getMandatoryValues() {
return new ClientAuth[] { TRUE };
}
}
enum ServerName implements Parameter {
NONE(null),
EXAMPLE("www.example.com");
final String name;
private ServerName(String name) {
this.name = name;
}
static ServerName[] getMandatoryValues() {
return new ServerName[] { EXAMPLE };
}
}
enum AppProtocol implements Parameter {
NONE(null, null),
EXAMPLE(new String[] { Utils.HTTP_2, Utils.HTTP_1_1 }, Utils.HTTP_2);
final String[] appProtocols;
// Expected negotiated application protocol
final String negoAppProtocol;
private AppProtocol(String[] appProtocols, String negoAppProtocol) {
this.appProtocols = appProtocols;
this.negoAppProtocol = negoAppProtocol;
}
static AppProtocol[] getMandatoryValues() {
return new AppProtocol[] { EXAMPLE };
}
}

59
test/jdk/javax/net/ssl/compatibility/ProcessUtils.java Normal file
View File

@ -0,0 +1,59 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import jdk.test.lib.process.OutputAnalyzer;
import jdk.test.lib.process.ProcessTools;
/*
* Utilities for executing java process.
*/
public class ProcessUtils {
private static final String TEST_CLASSES = System.getProperty("test.classes");
public static OutputAnalyzer java(String jdkPath, Map<String, String> props,
Class<?> clazz) {
List<String> cmds = new ArrayList<>();
cmds.add(jdkPath + "/bin/java");
if (props != null) {
for (Map.Entry<String, String> prop : props.entrySet()) {
cmds.add("-D" + prop.getKey() + "=" + prop.getValue());
}
}
cmds.add("-cp");
cmds.add(TEST_CLASSES);
cmds.add(clazz.getName());
try {
return ProcessTools.executeCommand(
cmds.toArray(new String[cmds.size()]));
} catch (Throwable e) {
throw new RuntimeException("Execute command failed: " + cmds, e);
}
}
}

130
test/jdk/javax/net/ssl/compatibility/README Normal file
View File

@ -0,0 +1,130 @@
# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
##### Summary #####
This test is used to check the interop compatibility on JSSE among different
JDK releases. The oldest version supported by the test is JDK 6. Some of Java
source files, JdkUtils.java, Parameter.java, Server.java, and Client.java, use
only JDK 6-compliant language features and APIs, in order to allowing different
JDK releases can load and run associated classes.
##### Output #####
The test can generate a report at $JTREG_WORKDIR/scratch/report.html to display
the key information for each case. It also outputs all of details on both of
server and client sides to a separated file at $JTREG_WORKDIR/scratch/test.html.
##### Report Columns #####
No.
A sequence number. It contains a hyper link to the corresponding details
in $JTREG_WORKDIR/scratch/test.html.
ServerJDK
The version of the JDK that acts as server.
ClientJDK
The version of the JDK that acts as client.
Protocol
The TLS protocol version.
CipherSuite
The only enabled cipher suite on both of server and client.
ClientAuth
If the client authentication is checked, the value is "Y"; otherwise, "N".
SNI
If the SNI is checked, the value is "Y"; otherwise, "N".
ALPN
If the ALPN is checked, the value is "Y"; otherwise, "N".
Status
It indicates the communication status for a test case.
There are three status:
SUCCESS: Communication succeed as expected.
UNEXPECTED_SUCCESS: Communication succeed as unexpected.
FAIL: Communication fails with unexpected failure.
EXPECTED_FAIL: Communication fails with expected failure.
Please note that, if a case finishes as status UNEXPECTED_SUCCESS or FAIL,
that means the case fails. Any failed case results in the test goes to fail.
##### Usage #####
jtreg [-options] \
[-Ddebug=<true|false>] \
[-DfullCases=<true|false>] \
[-DfullCipherSuites=<true|false>] \
[-DjdkListFile=</path/to/jdkListFile>] \
$JDK_WORKSPACE/test/jdk/javax/net/ssl/compatibility/Compatibility.java
Besides the common jtreg options, like -jdk, this test introduces some more
properties:
debug
It indicates if the test enable -Djavax.net.ssl=debug. This is a boolean
property, and the default value is false.
It is not mandatory.
fullCases
It indicates if testing the full or mandatory set of parameter values.
Every parameter provides a mandatory value set that must be covered.
For more details about the parameter value sets, please see Parameter.java.
This is a boolean property, and the default value is false.
It is not mandatory.
fullCipherSuites
It indicates if testing the full or mandatory set of cipher suites.
For more details about the specific cipher suite sets, see CipherSuite in
Parameter.java.
This is a boolean property, and the default value is false.
It is not mandatory.
jdkListFile
It indicate the path of a file, which lists the absolute paths of different
JDK builds. If no this property, the current testing JDK, specified by JTREG
option -jdk, is used as the testing JDK.
It is not mandatory.
##### Usage Examples #####
Example 1
$ jtreg -jdk:/path/to/latest/jdk \
$JDK_WS/jdk/test/javax/net/ssl/compatibility/Compatibility.java
This example doesn't specify any property introduced by the test. That means
it uses the current testing JDK, namely /path/to/latest/jdk, as server and
client. It doesn't output any debug log, and tests only mandatory parameter
value sets.
Example 2
$ cat /path/to/jdkList
/path/to/jdk6
/path/to/jdk7
/path/to/jdk8
/path/to/jdk9
/path/to/jdk10
$ jtreg -jdk:/path/to/latest/jdk \
-Ddebug=true \
-DfullCipherSuites=true \
-DjdkListFile=/path/to/jdkList \
$JDK_WS/jdk/test/javax/net/ssl/compatibility/Compatibility.java
The above example uses a file "/path/to/jdkList" to contain the paths of local
different JDK builds through 6 to 10. The execution uses each of JDK builds as
server and client respectively. And it enables SSL debug flag, and tests the
full parameter value set.

171
test/jdk/javax/net/ssl/compatibility/Server.java Normal file
View File

@ -0,0 +1,171 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
/*
* A simple SSL socket server.
*/
public class Server {
private final SSLServerSocket serverSocket;
public Server(SSLContext context, int port) throws Exception {
SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
serverSocket = (SSLServerSocket) serverFactory.createServerSocket(port);
serverSocket.setSoTimeout(Utils.TIMEOUT);
}
public Server(Cert[] certs, int port) throws Exception {
this(Utils.createSSLContext(certs), port);
}
public Server(Cert[] certs) throws Exception {
this(certs, 0);
}
private void setEnabledCipherSuites(String... cipherSuites) {
serverSocket.setEnabledCipherSuites(cipherSuites);
}
private void setEnabledProtocols(String... protocols) {
serverSocket.setEnabledProtocols(protocols);
}
private void setNeedClientAuth(boolean needClientAuth) {
serverSocket.setNeedClientAuth(needClientAuth);
}
private void setApplicationProtocols(String... protocols) {
SSLParameters params = serverSocket.getSSLParameters();
params.setApplicationProtocols(protocols);
serverSocket.setSSLParameters(params);
}
public int getPort() {
return serverSocket.getLocalPort();
}
private void accept() throws IOException {
SSLSocket socket = null;
try {
socket = (SSLSocket) serverSocket.accept();
InputStream in = socket.getInputStream();
in.read();
OutputStream out = socket.getOutputStream();
out.write('S');
out.flush();
} finally {
if (socket != null) {
socket.close();
}
}
}
public void close() throws IOException {
serverSocket.close();
}
public static void main(String[] args) throws IOException {
System.out.println("----- Server start -----");
String protocol = System.getProperty(Utils.PROP_PROTOCOL);
String cipherSuite = System.getProperty(Utils.PROP_CIPHER_SUITE);
boolean clientAuth
= Utils.getBoolProperty(Utils.PROP_CLIENT_AUTH);
String appProtocols = System.getProperty(Utils.PROP_APP_PROTOCOLS);
boolean supportsALPN
= Utils.getBoolProperty(Utils.PROP_SUPPORTS_ALPN_ON_SERVER);
boolean negativeCase
= Utils.getBoolProperty(Utils.PROP_NEGATIVE_CASE_ON_SERVER);
System.out.println(Utils.join(Utils.PARAM_DELIMITER,
"ServerJDK=" + System.getProperty(Utils.PROP_SERVER_JDK),
"Protocol=" + protocol,
"CipherSuite=" + cipherSuite,
"ClientAuth=" + clientAuth,
"AppProtocols=" + appProtocols));
Status status = Status.SUCCESS;
Server server = null;
try {
server = new Server(Cert.getCerts(cipherSuite));
System.out.println("port=" + server.getPort());
server.setNeedClientAuth(clientAuth);
server.setEnabledProtocols(protocol);
server.setEnabledCipherSuites(cipherSuite);
if (appProtocols != null) {
if (supportsALPN) {
server.setApplicationProtocols(
Utils.split(appProtocols, Utils.VALUE_DELIMITER));
} else {
System.out.println(
"Ignored due to server doesn't support ALPN.");
}
}
savePort(server.getPort());
server.accept();
status = negativeCase ? Status.UNEXPECTED_SUCCESS : Status.SUCCESS;
} catch (Exception exception) {
status = Utils.handleException(exception, negativeCase);
} finally {
if (server != null) {
server.close();
}
// Cleanups port.log.
File file = new File(Utils.PORT_LOG);
if (file.exists()) {
file.delete();
}
}
System.out.println("STATUS: " + status);
System.out.println("----- Server end -----");
}
private static void savePort(int port) throws IOException {
FileWriter writer = null;
try {
writer = new FileWriter(new File(Utils.PORT_LOG));
writer.write(port + "");
} finally {
if (writer != null) {
writer.close();
}
}
}
}

30
test/jdk/javax/net/ssl/compatibility/Status.java Normal file
View File

@ -0,0 +1,30 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* Test case result status.
*/
public enum Status {
SUCCESS, UNEXPECTED_SUCCESS, FAIL, EXPECTED_FAIL, TIMEOUT;
}

64
test/jdk/javax/net/ssl/compatibility/TestCase.java Normal file
View File

@ -0,0 +1,64 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* A test case for a specific TLS communication use case between two JDKs.
*/
public class TestCase {
public final JdkInfo serverJdk;
public final JdkInfo clientJdk;
public final UseCase useCase;
public final boolean negativeCaseOnServer;
public final boolean negativeCaseOnClient;
private Status status;
public TestCase(JdkInfo serverJdk, JdkInfo clientJdk, UseCase useCase) {
this.serverJdk = serverJdk;
this.clientJdk = clientJdk;
this.useCase = useCase;
negativeCaseOnServer = useCase.negativeCase
|| !serverJdk.supportsCipherSuite(useCase.cipherSuite);
negativeCaseOnClient = useCase.negativeCase
|| !clientJdk.supportsCipherSuite(useCase.cipherSuite);
}
public Status getStatus() {
return status;
}
public void setStatus(Status status) {
this.status = status;
}
@Override
public String toString() {
return Utils.join(Utils.PARAM_DELIMITER,
"ServerJDK=" + serverJdk.version,
"ClientJDK=" + clientJdk.version,
useCase.toString());
}
}

107
test/jdk/javax/net/ssl/compatibility/UseCase.java Normal file
View File

@ -0,0 +1,107 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.util.ArrayList;
import java.util.List;
/*
* The TLS communication use case.
*/
public class UseCase {
private static final boolean FULL_CASES
= Utils.getBoolProperty("fullCases");
private static final Parameter[][] PARAMS = new Parameter[][] {
FULL_CASES ? Protocol.values() : Protocol.getMandatoryValues(),
FULL_CASES ? CipherSuite.values() : CipherSuite.getMandatoryValues(),
FULL_CASES ? ClientAuth.values() : ClientAuth.getMandatoryValues(),
FULL_CASES ? ServerName.values() : ServerName.getMandatoryValues(),
FULL_CASES ? AppProtocol.values() : AppProtocol.getMandatoryValues() };
public final Protocol protocol;
public final CipherSuite cipherSuite;
public final ClientAuth clientAuth;
public final ServerName serverName;
public final AppProtocol appProtocol;
public final boolean negativeCase;
public UseCase(
Protocol protocol,
CipherSuite cipherSuite,
ClientAuth clientAuth,
ServerName serverName,
AppProtocol appProtocol) {
this.protocol = protocol;
this.cipherSuite = cipherSuite;
this.clientAuth = clientAuth;
this.serverName = serverName;
this.appProtocol = appProtocol;
negativeCase = !cipherSuite.supportedByProtocol(protocol);
}
// JDK 6 doesn't support EC key algorithm.
public boolean ignoredByJdk(JdkInfo jdkInfo) {
return cipherSuite.name().contains("_EC") && !jdkInfo.supportsECKey;
}
@Override
public String toString() {
return Utils.join(Utils.PARAM_DELIMITER,
"Protocol=" + protocol.version,
"CipherSuite=" + cipherSuite,
"ClientAuth=" + clientAuth,
"ServerName=" + serverName,
"AppProtocols=" + appProtocol);
}
public static List<UseCase> getAllUseCases() {
List<UseCase> useCases = new ArrayList<>();
getUseCases(PARAMS, 0, new Parameter[PARAMS.length], useCases);
return useCases;
}
private static void getUseCases(Parameter[][] params, int index,
Parameter[] currentValues, List<UseCase> useCases) {
if (index == params.length) {
Protocol protocol = (Protocol) currentValues[0];
CipherSuite cipherSuite = (CipherSuite) currentValues[1];
UseCase useCase = new UseCase(
protocol,
cipherSuite,
(ClientAuth) currentValues[2],
(ServerName) currentValues[3],
(AppProtocol) currentValues[4]);
useCases.add(useCase);
} else {
Parameter[] values = params[index];
for (int i = 0; i < values.length; i++) {
currentValues[index] = values[i];
getUseCases(params, index + 1, currentValues, useCases);
}
}
}
}

282
test/jdk/javax/net/ssl/compatibility/Utils.java Normal file
View File

@ -0,0 +1,282 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.SocketTimeoutException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManagerFactory;
/*
* Utilities for testing.
*/
public class Utils {
/* ***** Properties ***** */
public static final String PROP_PORT = "test.port";
public static final String PROP_PROTOCOL = "test.protocol";
public static final String PROP_CIPHER_SUITE = "test.cipher.suite";
public static final String PROP_CLIENT_AUTH = "test.client.auth";
public static final String PROP_SERVER_JDK = "test.server.jdk";
public static final String PROP_CLIENT_JDK = "test.client.jdk";
public static final String PROP_SERVER_NAME = "test.server.name";
public static final String PROP_APP_PROTOCOLS
= "test.app.protocols";
public static final String PROP_NEGO_APP_PROTOCOL
= "test.negotiated.app.protocol";
public static final String PROP_SUPPORTS_SNI_ON_SERVER
= "test.supports.sni.on.server";
public static final String PROP_SUPPORTS_SNI_ON_CLIENT
= "test.supports.sni.on.client";
public static final String PROP_SUPPORTS_ALPN_ON_SERVER
= "test.supports.alpn.on.server";
public static final String PROP_SUPPORTS_ALPN_ON_CLIENT
= "test.supports.alpn.on.client";
public static final String PROP_NEGATIVE_CASE_ON_SERVER
= "test.negative.case.on.server";
public static final String PROP_NEGATIVE_CASE_ON_CLIENT
= "test.negative.case.on.client";
public static final int TIMEOUT = 10000;
public static final char[] PASSWORD = "testpass".toCharArray();
public static final String TEST_LOG = "test.html";
public static final String PORT_LOG = "port";
public static final String HTTP_2 = "h2";
public static final String HTTP_1_1 = "http/1.1";
public static final String PARAM_DELIMITER = ";";
public static final String VALUE_DELIMITER = ",";
/*
* Creates SSL context with the specified certificate.
*/
public static SSLContext createSSLContext(Cert... certs) throws Exception {
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(null, null);
for (int i = 0; i < certs.length; i++) {
trustStore.setCertificateEntry("trust-" + certs[i].name(),
createCert(certs[i]));
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(trustStore);
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
for (int i = 0; i < certs.length; i++) {
PrivateKey privKey = createKey(certs[i]);
keyStore.setKeyEntry("cert-" + certs[i].name(), privKey, PASSWORD,
new Certificate[] { createCert(certs[i]) });
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
kmf.init(keyStore, PASSWORD);
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
return context;
}
private static Certificate createCert(Cert cert) throws IOException {
try {
CertificateFactory certFactory
= CertificateFactory.getInstance("X.509");
return certFactory.generateCertificate(
new ByteArrayInputStream(cert.certMaterials.getBytes()));
} catch (Exception e) {
throw new RuntimeException("Create key failed: " + cert, e);
}
}
private static PrivateKey createKey(Cert cert)
throws NoSuchAlgorithmException, InvalidKeySpecException {
PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(
hexToBytes(cert.privKeyMaterials));
KeyFactory keyFactory = KeyFactory.getInstance(
getKeyAlgorithm(cert.signatureAlgorithm));
PrivateKey privKey = keyFactory.generatePrivate(privKeySpec);
return privKey;
}
private static String getKeyAlgorithm(
SignatureAlgorithm signatureAlgorithm) {
String signatureAlogrithmName = signatureAlgorithm.name();
return signatureAlogrithmName.equals(SignatureAlgorithm.ECDSA.name())
? "EC"
: signatureAlogrithmName;
}
public static byte[] hexToBytes(String hex) {
if (hex == null) {
return null;
}
int length = hex.length();
if (length % 2 != 0) {
throw new IllegalArgumentException("Hex format is wrong.");
}
byte[] bytes = new byte[length / 2];
for (int i = 0; i < length; i += 2) {
bytes[i / 2] = (byte) ((Character.digit(hex.charAt(i), 16) << 4)
+ Character.digit(hex.charAt(i + 1), 16));
}
return bytes;
}
public static String join(String delimiter, String... values) {
StringBuilder result = new StringBuilder();
if (values != null && values.length > 0) {
for (int i = 0; i < values.length - 1; i++) {
result.append(values[i]).append(delimiter);
}
result.append(values[values.length - 1]);
}
return result.toString();
}
public static String[] split(String str, String delimiter) {
return str == null ? new String[0] : str.split(delimiter);
}
public static String boolToStr(boolean bool) {
return bool ? "Y" : "N";
}
public static boolean getBoolProperty(String prop) {
return Boolean.valueOf(System.getProperty(prop));
}
public static Status handleException(Exception exception,
boolean negativeCase) {
Status status;
if ((exception instanceof SSLHandshakeException
|| exception instanceof IllegalArgumentException)
&& negativeCase) {
System.out.println("Expected exception: " + exception);
status = Status.EXPECTED_FAIL;
} else if (exception instanceof SocketTimeoutException) {
status = Status.TIMEOUT;
} else {
exception.printStackTrace(System.out);
status = Status.FAIL;
}
return status;
}
/* The HTML-related constants and methods. */
private static final String STYLE
= "style=\"font-family: Courier New; "
+ "font-size: 12px; "
+ "white-space: pre-wrap\"";
private static final String TABLE_STYLE
= "#test { font-family: \"Courier New\"; font-size: 12px; border-collapse: collapse; }\n"
+ "#test td { border: 1px solid #ddd; padding: 4px; }\n"
+ "#test tr:nth-child(odd) { background-color: #f2f2f2; }";
public static String row(Object... values) {
StringBuilder row = new StringBuilder();
row.append(startTr());
for (Object value : values) {
row.append(startTd());
row.append(value);
row.append(endTd());
}
row.append(endTr());
return row.toString();
}
public static String startHtml() {
return startTag("html");
}
public static String endHtml() {
return endTag("html");
}
public static String startPre() {
return startTag("pre " + STYLE);
}
public static String endPre() {
return endTag("pre");
}
public static String anchorName(String name, String text) {
return "<a name=" + name + ">" + text + "</a>";
}
public static String anchorLink(String file, String anchorName,
String text) {
return "<a href=" + file + "#" + anchorName + ">" + text + "</a>";
}
public static String tableStyle() {
return startTag("style") + TABLE_STYLE +endTag("style");
}
public static String startTable() {
return startTag("table id=\"test\"");
}
public static String endTable() {
return endTag("table");
}
private static String startTr() {
return startTag("tr");
}
private static String endTr() {
return endTag("tr");
}
private static String startTd() {
return startTag("td");
}
private static String endTd() {
return endTag("td");
}
private static String startTag(String tag) {
return "<" + tag + ">";
}
private static String endTag(String tag) {
return "</" + tag + ">";
}
}

2
test/jdk/javax/net/ssl/compatibility/java.security Normal file
View File

@ -0,0 +1,2 @@
jdk.certpath.disabledAlgorithms=
jdk.tls.disabledAlgorithms=