/* * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; /* * @test * @bug 8224650 * @library /javax/net/ssl/templates * /javax/net/ssl/TLSCommon * @summary Test TLS ciphersuite with each individual supported group * @run main/othervm NamedGroupsWithCipherSuite x25519 * @run main/othervm NamedGroupsWithCipherSuite x448 * @run main/othervm NamedGroupsWithCipherSuite secp256r1 * @run main/othervm NamedGroupsWithCipherSuite secp384r1 * @run main/othervm NamedGroupsWithCipherSuite secp521r1 * @run main/othervm NamedGroupsWithCipherSuite ffdhe2048 * @run main/othervm NamedGroupsWithCipherSuite ffdhe3072 * @run main/othervm NamedGroupsWithCipherSuite ffdhe4096 * @run main/othervm NamedGroupsWithCipherSuite ffdhe6144 * @run main/othervm NamedGroupsWithCipherSuite ffdhe8192 */ public class NamedGroupsWithCipherSuite extends SSLSocketTemplate { private static final Protocol[] PROTOCOLS = new Protocol[] { Protocol.TLSV1_3, Protocol.TLSV1_2, Protocol.TLSV1_1, Protocol.TLSV1 }; private static final CipherSuite[] CIPHER_SUITES = new CipherSuite[] { CipherSuite.TLS_AES_128_GCM_SHA256, CipherSuite.TLS_AES_256_GCM_SHA384, CipherSuite.TLS_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA, CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 }; private String protocol; private String cipher; private SSLSocketTemplate.Cert[] trustedCerts = TRUSTED_CERTS; private SSLSocketTemplate.Cert[] endEntityCerts = END_ENTITY_CERTS; NamedGroupsWithCipherSuite( String protocol, String cipher, String namedGroup) { this.protocol = protocol; this.cipher = cipher; if (cipher.startsWith("TLS_ECDHE_ECDSA")) { switch (namedGroup) { case "secp256r1": trustedCerts = new SSLSocketTemplate.Cert[] { SSLSocketTemplate.Cert.CA_ECDSA_SECP256R1 }; endEntityCerts = new SSLSocketTemplate.Cert[] { SSLSocketTemplate.Cert.EE_ECDSA_SECP256R1 }; break; case "secp384r1": trustedCerts = new SSLSocketTemplate.Cert[] { SSLSocketTemplate.Cert.CA_ECDSA_SECP384R1 }; endEntityCerts = new SSLSocketTemplate.Cert[] { SSLSocketTemplate.Cert.EE_ECDSA_SECP384R1 }; break; case "secp521r1": trustedCerts = new SSLSocketTemplate.Cert[] { SSLSocketTemplate.Cert.CA_ECDSA_SECP521R1 }; endEntityCerts = new SSLSocketTemplate.Cert[] { SSLSocketTemplate.Cert.EE_ECDSA_SECP521R1 }; } } } protected SSLContext createClientSSLContext() throws Exception { return createSSLContext(trustedCerts, endEntityCerts, getClientContextParameters()); } protected SSLContext createServerSSLContext() throws Exception { return createSSLContext(trustedCerts, endEntityCerts, getServerContextParameters()); } // Servers are configured before clients, increment test case after. @Override protected void configureClientSocket(SSLSocket socket) { socket.setEnabledProtocols(new String[] { protocol }); socket.setEnabledCipherSuites(new String[] { cipher }); } @Override protected void configureServerSocket(SSLServerSocket serverSocket) { serverSocket.setEnabledProtocols(new String[] { protocol }); serverSocket.setEnabledCipherSuites(new String[] { cipher }); } public static void main(String[] args) throws Exception { String namedGroup = args[0]; System.setProperty("jdk.tls.namedGroups", namedGroup); System.out.println("NamedGroup: " + namedGroup); for (Protocol protocol : PROTOCOLS) { for (CipherSuite cipherSuite : CIPHER_SUITES) { if (cipherSuite.supportedByProtocol(protocol) && groupSupportdByCipher(namedGroup, cipherSuite)) { System.out.printf("Protocol: %s, cipher suite: %s%n", protocol, cipherSuite); new NamedGroupsWithCipherSuite(protocol.name, cipherSuite.name(), namedGroup).run(); } } } } private static boolean groupSupportdByCipher(String group, CipherSuite cipherSuite) { return (group.startsWith("x") && xdhGroupSupportdByCipher(cipherSuite)) || (group.startsWith("secp") && ecdhGroupSupportdByCipher(cipherSuite)) || (group.startsWith("ffdhe") && ffdhGroupSupportdByCipher(cipherSuite)); } private static boolean xdhGroupSupportdByCipher( CipherSuite cipherSuite) { return cipherSuite.keyExAlgorithm == null || cipherSuite.keyExAlgorithm == KeyExAlgorithm.ECDHE_RSA; } private static boolean ecdhGroupSupportdByCipher( CipherSuite cipherSuite) { return cipherSuite.keyExAlgorithm == null || cipherSuite.keyExAlgorithm == KeyExAlgorithm.ECDHE_RSA || cipherSuite.keyExAlgorithm == KeyExAlgorithm.ECDHE_ECDSA; } private static boolean ffdhGroupSupportdByCipher( CipherSuite cipherSuite) { return cipherSuite.keyExAlgorithm == null || cipherSuite.keyExAlgorithm == KeyExAlgorithm.DHE_DSS || cipherSuite.keyExAlgorithm == KeyExAlgorithm.DHE_RSA; } }