diff --git a/test/jdk/sun/security/ssl/CipherSuite/DisabledCipherSuitesNotNegotiated.java b/test/jdk/sun/security/ssl/CipherSuite/DisabledCipherSuitesNotNegotiated.java new file mode 100644 index 00000000000..229ab03b568 --- /dev/null +++ b/test/jdk/sun/security/ssl/CipherSuite/DisabledCipherSuitesNotNegotiated.java @@ -0,0 +1,158 @@ +/* + * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8341964 + * @library /test/lib + * @run main/othervm DisabledCipherSuitesNotNegotiated client + * @run main/othervm DisabledCipherSuitesNotNegotiated server + */ + +import java.net.InetAddress; +import java.nio.charset.StandardCharsets; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.TimeUnit; + +import jdk.test.lib.security.SecurityUtils; +import jdk.test.lib.process.ProcessTools; +import jdk.test.lib.process.OutputAnalyzer; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.SSLHandshakeException; + +public class DisabledCipherSuitesNotNegotiated { + private static final String TLS_PROTOCOL = "TLSv1.2"; + private static volatile int serverPort = 0; + private static volatile Exception serverException = null; + + private static final CountDownLatch waitForServer = new CountDownLatch(1); + private static final int WAIT_FOR_SERVER_SECS = 5; + + private static final String DISABLED_CIPHERSUITE = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; + private static final String DISABLED_CIPHER_WILDCARD = "TLS_ECDH*WITH_AES_256_GCM_*"; + + private static void runServer(boolean disabledInClient) throws Exception { + SSLContext ctx = SSLContext.getInstance(TLS_PROTOCOL); + ctx.init(null, null, null); + SSLServerSocketFactory factory = ctx.getServerSocketFactory(); + try(SSLServerSocket serverSocket = (SSLServerSocket)factory + .createServerSocket(0, -1, InetAddress.getLoopbackAddress())) { + serverPort = serverSocket.getLocalPort(); + waitForServer.countDown(); + + if (disabledInClient) { + // set cipher suite to disabled ciphersuite + serverSocket.setEnabledCipherSuites(new String[]{DISABLED_CIPHERSUITE}); + } + + try(SSLSocket clientSocket = (SSLSocket) serverSocket.accept()) { + try { + clientSocket.getInputStream().readAllBytes(); + throw new Exception("SERVER: The expected handshake exception was not thrown."); + } catch (SSLHandshakeException exc) { + System.out.println("Server caught expected SSLHandshakeException"); + exc.printStackTrace(System.out); + } + } + } + } + + private static void runClient(boolean disableInClient, int portNumber) throws Exception { + SSLContext ctx = SSLContext.getInstance(TLS_PROTOCOL); + ctx.init(null, null, null); + SSLSocketFactory factory = ctx.getSocketFactory(); + try(SSLSocket socket = (SSLSocket)factory.createSocket("localhost", portNumber)) { + if (!disableInClient) { + socket.setEnabledCipherSuites(new String[]{DISABLED_CIPHERSUITE}); + } + + try { + socket.getOutputStream().write("hello".getBytes(StandardCharsets.UTF_8)); + throw new Exception("CLIENT: The expected handshake exception was not thrown."); + } catch (SSLHandshakeException exc) { + System.out.println("Client caught expected SSLHandshakeException"); + } + } + } + + public static void main(String [] args) throws Exception { + if (args.length == 1) { + // run server-side + final boolean disabledInClient = args[0].equals("client"); + if (!disabledInClient) { + SecurityUtils.addToDisabledTlsAlgs(DISABLED_CIPHER_WILDCARD); + } + try(ExecutorService executorService = Executors.newSingleThreadExecutor()) { + executorService.submit(() -> { + try { + runServer(disabledInClient); + } catch (Exception exc) { + System.out.println("Server Exception:"); + exc.printStackTrace(System.out); + serverException = exc; + throw new RuntimeException(exc); + } + }); + + if (!waitForServer.await(WAIT_FOR_SERVER_SECS, TimeUnit.SECONDS)) { + throw new Exception("Server did not start within " + + WAIT_FOR_SERVER_SECS + " seconds."); + } + + System.out.printf("Server listening on port %d.%nStarting client process...", + serverPort); + + OutputAnalyzer oa = ProcessTools.executeProcess( + ProcessTools.createTestJavaProcessBuilder("DisabledCipherSuitesNotNegotiated", + "" + disabledInClient, "" + serverPort)); + oa.shouldHaveExitValue(0); + System.out.println("Client output:"); + System.out.println(oa.getOutput()); + if (serverException != null) { + throw new Exception ("Server-side threw an unexpected exception: " + + serverException); + } + } + + } else if (args.length == 2) { + // run client-side + boolean disabledInClient = Boolean.parseBoolean(args[0]); + if (disabledInClient) { + SecurityUtils.addToDisabledTlsAlgs(DISABLED_CIPHER_WILDCARD); + } + runClient(Boolean.parseBoolean(args[0]), Integer.parseInt(args[1])); + + } else { + throw new Exception( + "DisabledCipherSuitesNotNegotiated called with invalid arguments"); + } + } + +}