infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-01-28 12:09:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

8356544: Implement additional tests for ciphersuites disabled with wildcards

Browse Source 
Reviewed-by: rhalade
This commit is contained in:
Matthew Donovan 2025-12-04 18:38:57 +00:00
parent c7aa10339a
commit b19163b107
1 changed files with 158 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
test/jdk/sun/security/ssl/CipherSuite/DisabledCipherSuitesNotNegotiated.java Normal file
View File

@ -0,0 +1,158 @@
/*
* Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8341964
* @library /test/lib
* @run main/othervm DisabledCipherSuitesNotNegotiated client
* @run main/othervm DisabledCipherSuitesNotNegotiated server
*/
import java.net.InetAddress;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import jdk.test.lib.security.SecurityUtils;
import jdk.test.lib.process.ProcessTools;
import jdk.test.lib.process.OutputAnalyzer;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.SSLHandshakeException;
public class DisabledCipherSuitesNotNegotiated {
private static final String TLS_PROTOCOL = "TLSv1.2";
private static volatile int serverPort = 0;
private static volatile Exception serverException = null;
private static final CountDownLatch waitForServer = new CountDownLatch(1);
private static final int WAIT_FOR_SERVER_SECS = 5;
private static final String DISABLED_CIPHERSUITE = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
private static final String DISABLED_CIPHER_WILDCARD = "TLS_ECDH*WITH_AES_256_GCM_*";
private static void runServer(boolean disabledInClient) throws Exception {
SSLContext ctx = SSLContext.getInstance(TLS_PROTOCOL);
ctx.init(null, null, null);
SSLServerSocketFactory factory = ctx.getServerSocketFactory();
try(SSLServerSocket serverSocket = (SSLServerSocket)factory
.createServerSocket(0, -1, InetAddress.getLoopbackAddress())) {
serverPort = serverSocket.getLocalPort();
waitForServer.countDown();
if (disabledInClient) {
// set cipher suite to disabled ciphersuite
serverSocket.setEnabledCipherSuites(new String[]{DISABLED_CIPHERSUITE});
}
try(SSLSocket clientSocket = (SSLSocket) serverSocket.accept()) {
try {
clientSocket.getInputStream().readAllBytes();
throw new Exception("SERVER: The expected handshake exception was not thrown.");
} catch (SSLHandshakeException exc) {
System.out.println("Server caught expected SSLHandshakeException");
exc.printStackTrace(System.out);
}
}
}
}
private static void runClient(boolean disableInClient, int portNumber) throws Exception {
SSLContext ctx = SSLContext.getInstance(TLS_PROTOCOL);
ctx.init(null, null, null);
SSLSocketFactory factory = ctx.getSocketFactory();
try(SSLSocket socket = (SSLSocket)factory.createSocket("localhost", portNumber)) {
if (!disableInClient) {
socket.setEnabledCipherSuites(new String[]{DISABLED_CIPHERSUITE});
}
try {
socket.getOutputStream().write("hello".getBytes(StandardCharsets.UTF_8));
throw new Exception("CLIENT: The expected handshake exception was not thrown.");
} catch (SSLHandshakeException exc) {
System.out.println("Client caught expected SSLHandshakeException");
}
}
}
public static void main(String [] args) throws Exception {
if (args.length == 1) {
// run server-side
final boolean disabledInClient = args[0].equals("client");
if (!disabledInClient) {
SecurityUtils.addToDisabledTlsAlgs(DISABLED_CIPHER_WILDCARD);
}
try(ExecutorService executorService = Executors.newSingleThreadExecutor()) {
executorService.submit(() -> {
try {
runServer(disabledInClient);
} catch (Exception exc) {
System.out.println("Server Exception:");
exc.printStackTrace(System.out);
serverException = exc;
throw new RuntimeException(exc);
}
});
if (!waitForServer.await(WAIT_FOR_SERVER_SECS, TimeUnit.SECONDS)) {
throw new Exception("Server did not start within " +
WAIT_FOR_SERVER_SECS + " seconds.");
}
System.out.printf("Server listening on port %d.%nStarting client process...",
serverPort);
OutputAnalyzer oa = ProcessTools.executeProcess(
ProcessTools.createTestJavaProcessBuilder("DisabledCipherSuitesNotNegotiated",
"" + disabledInClient, "" + serverPort));
oa.shouldHaveExitValue(0);
System.out.println("Client output:");
System.out.println(oa.getOutput());
if (serverException != null) {
throw new Exception ("Server-side threw an unexpected exception: "
+ serverException);
}
}
} else if (args.length == 2) {
// run client-side
boolean disabledInClient = Boolean.parseBoolean(args[0]);
if (disabledInClient) {
SecurityUtils.addToDisabledTlsAlgs(DISABLED_CIPHER_WILDCARD);
}
runClient(Boolean.parseBoolean(args[0]), Integer.parseInt(args[1]));
} else {
throw new Exception(
"DisabledCipherSuitesNotNegotiated called with invalid arguments");
}
}
}