164 lines
6.0 KiB
Java
164 lines
6.0 KiB
Java
/*
|
|
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/*
|
|
* @test
|
|
* @summary This is an interop compatibility test on TLSv1.3 hello retry request.
|
|
*
|
|
* @library /test/lib
|
|
* ../TLSCommon
|
|
* ../TLSCommon/interop
|
|
* @compile -source 1.8 -target 1.8
|
|
* JdkInfoUtils.java
|
|
* ../TLSCommon/interop/JdkProcServer.java
|
|
* ../TLSCommon/interop/JdkProcClient.java
|
|
* @run main/manual HrrTest true
|
|
* @run main/manual HrrTest false
|
|
*/
|
|
|
|
import java.util.ArrayList;
|
|
import java.util.List;
|
|
import java.util.Set;
|
|
|
|
import jdk.test.lib.security.CertUtils;
|
|
|
|
public class HrrTest extends ExtInteropTest {
|
|
|
|
private JdkInfo serverJdkInfo;
|
|
private JdkInfo clientJdkInfo;
|
|
|
|
public HrrTest(JdkInfo serverJdkInfo, JdkInfo clientJdkInfo) {
|
|
super(new Jdk(serverJdkInfo.version, serverJdkInfo.javaPath),
|
|
new Jdk(clientJdkInfo.version, clientJdkInfo.javaPath));
|
|
|
|
this.serverJdkInfo = serverJdkInfo;
|
|
this.clientJdkInfo = clientJdkInfo;
|
|
}
|
|
|
|
@Override
|
|
protected boolean skipExecute() {
|
|
return super.skipExecute() || !supportsTLSv1_3();
|
|
}
|
|
|
|
private boolean supportsTLSv1_3() {
|
|
boolean supported = true;
|
|
|
|
if (!serverJdkInfo.enablesProtocol(Protocol.TLSV1_3)) {
|
|
System.out.println("The server doesn't support TLSv1.3.");
|
|
supported = false;
|
|
}
|
|
|
|
if (!clientJdkInfo.enablesProtocol(Protocol.TLSV1_3)) {
|
|
System.out.println("The client doesn't support TLSv1.3.");
|
|
supported = false;
|
|
}
|
|
|
|
return supported;
|
|
}
|
|
|
|
/*
|
|
* It takes the server to support secp384r1 only, and the client to support
|
|
* secp256r1 and secp384r1 in order, the server should respond hello retry
|
|
* request message.
|
|
* Please note that it has to specify the supported groups via property
|
|
* jdk.tls.namedGroups for JSSE peers.
|
|
*/
|
|
@Override
|
|
protected List<TestCase<ExtUseCase>> getTestCases() {
|
|
List<TestCase<ExtUseCase>> testCases = new ArrayList<>();
|
|
for (CipherSuite cipherSuite : new CipherSuite[] {
|
|
CipherSuite.TLS_AES_128_GCM_SHA256,
|
|
CipherSuite.TLS_AES_256_GCM_SHA384,
|
|
CipherSuite.TLS_CHACHA20_POLY1305_SHA256}) {
|
|
testCases.add(createTestCase(cipherSuite));
|
|
}
|
|
return testCases;
|
|
}
|
|
|
|
private TestCase<ExtUseCase> createTestCase(CipherSuite cipherSuite) {
|
|
Cert cert = new Cert(KeyAlgorithm.RSA, SignatureAlgorithm.RSA,
|
|
HashAlgorithm.SHA256, CertUtils.RSA_CERT, CertUtils.RSA_KEY);
|
|
CertTuple certTuple = new CertTuple(cert, cert);
|
|
|
|
ExtUseCase serverCase = ExtUseCase.newInstance();
|
|
serverCase.setCertTuple(certTuple);
|
|
serverCase.setNamedGroups(NamedGroup.SECP384R1);
|
|
|
|
ExtUseCase clientCase = ExtUseCase.newInstance();
|
|
clientCase.setCertTuple(certTuple);
|
|
clientCase.setProtocols(Protocol.TLSV1_3);
|
|
clientCase.setCipherSuites(cipherSuite);
|
|
clientCase.setNamedGroups(NamedGroup.SECP256R1, NamedGroup.SECP384R1);
|
|
|
|
return new TestCase<ExtUseCase>(serverCase, clientCase);
|
|
}
|
|
|
|
@Override
|
|
protected boolean ignoreTestCase(TestCase<ExtUseCase> testCase) {
|
|
CipherSuite cipherSuite = testCase.clientCase.getCipherSuite();
|
|
return !serverJdkInfo.enablesCipherSuite(cipherSuite)
|
|
|| !clientJdkInfo.supportsCipherSuite(cipherSuite);
|
|
}
|
|
|
|
@Override
|
|
protected JdkProcServer.Builder createServerBuilder(ExtUseCase useCase)
|
|
throws Exception {
|
|
JdkProcServer.Builder builder = new JdkProcServer.Builder();
|
|
builder.setJdk((Jdk) serverProduct);
|
|
builder.setCertTuple(useCase.getCertTuple());
|
|
builder.setProtocols(useCase.getProtocols());
|
|
builder.setCipherSuites(useCase.getCipherSuites());
|
|
builder.setClientAuth(useCase.isClientAuth());
|
|
builder.setServerNames(useCase.getServerNames());
|
|
builder.setAppProtocols(useCase.getAppProtocols());
|
|
builder.setNamedGroups(useCase.getNamedGroups());
|
|
return builder;
|
|
}
|
|
|
|
@Override
|
|
protected JdkProcClient.Builder createClientBuilder(ExtUseCase useCase)
|
|
throws Exception {
|
|
JdkProcClient.Builder builder = new JdkProcClient.Builder();
|
|
builder.setJdk((Jdk) clientProduct);
|
|
builder.setCertTuple(useCase.getCertTuple());
|
|
builder.setProtocols(useCase.getProtocols());
|
|
builder.setCipherSuites(useCase.getCipherSuites());
|
|
builder.setServerNames(useCase.getServerNames());
|
|
builder.setAppProtocols(useCase.getAppProtocols());
|
|
builder.setNamedGroups(useCase.getNamedGroups());
|
|
return builder;
|
|
}
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
Boolean defaultJdkAsServer = Boolean.valueOf(args[0]);
|
|
|
|
Set<JdkInfo> jdkInfos = Utils.jdkInfoList();
|
|
for (JdkInfo jdkInfo : jdkInfos) {
|
|
HrrTest test = new HrrTest(
|
|
defaultJdkAsServer ? JdkInfo.DEFAULT : jdkInfo,
|
|
defaultJdkAsServer ? jdkInfo : JdkInfo.DEFAULT);
|
|
test.execute();
|
|
}
|
|
}
|
|
}
|