Skip to content

Commit

Permalink
u
Browse files Browse the repository at this point in the history
  • Loading branch information
JinhangZhang committed Aug 12, 2024
1 parent d229bda commit 7c54ae2
Show file tree
Hide file tree
Showing 11 changed files with 130 additions and 113 deletions.
17 changes: 8 additions & 9 deletions test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,13 @@ public static void main(String[] args) throws Exception {
break;
} catch (SocketTimeoutException exc) {
System.out.println("The server timed-out waiting for packets from the client.");
} catch (javax.net.ssl.SSLHandshakeException sslhe) {
if (Utils.isFIPS() && !SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
return;
}
}
}
}
if (tries == totalAttempts) {
Expand All @@ -102,15 +109,7 @@ private static void runServer(String protocol) throws Exception {
clientProcess = builder.inheritIO().start();
server.run();
System.out.println("Success: DTLSv1.0 connection was not established.");
// } catch (javax.net.ssl.SSLHandshakeException sslhe) {
// if ((Utils.isFIPS()
// && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))
// && !SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
// if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
// System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
// return;
// }
// }

} finally {
if (clientProcess != null) {
clientProcess.destroy();
Expand Down
29 changes: 8 additions & 21 deletions test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,6 @@ private void runTest(String cipher) throws Exception {
result1 = ssle1.wrap(appOut1, oneToTwo);
result2 = ssle2.wrap(appOut2, twoToOne);

System.out.println("result1.bytesConsumed() is: " + result1.bytesConsumed());

if ((result1.bytesConsumed() != 0) &&
(result1.bytesConsumed() != appBufferMax) &&
(result1.bytesConsumed() != OFFSET)) {
Expand Down Expand Up @@ -143,8 +141,6 @@ private void runTest(String cipher) throws Exception {
result1 = ssle1.unwrap(twoToOne, appIn1);
result2 = ssle2.unwrap(oneToTwo, appIn2);

System.out.println("result1.bytesProduced() is: " + result1.bytesProduced());

if ((result1.bytesProduced() != 0) &&
(result1.bytesProduced() != appBufferMax) &&
(result1.bytesProduced() != 2 * OFFSET)) {
Expand Down Expand Up @@ -188,29 +184,21 @@ private void runTest(String cipher) throws Exception {
}

public static void main(String args[]) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
Security.setProperty("jdk.tls.disabledAlgorithms", "");
}

LargeBufs test;

if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
if (!(Utils.isFIPS())) {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
test = new LargeBufs();
test.runTest("SSL_RSA_WITH_RC4_128_MD5");
}

if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
test = new LargeBufs();
test.runTest("SSL_RSA_WITH_3DES_EDE_CBC_SHA");
}

if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
} else {
test = new LargeBufs();
test.runTest("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
test = new LargeBufs();
test.runTest("TLS_AES_128_GCM_SHA256");
test.runTest("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
}

System.out.println("Test Passed.");
Expand Down Expand Up @@ -264,7 +252,6 @@ private void createBuffers() {
// that the ability to concume or produce applicaton data upto
// the size. 16384 is the default JSSE implementation maximum
// application size that could be consumed and produced.
// appBufferMax = 16384;
appBufferMax = 16384;
netBufferMax = session.getPacketBufferSize();

Expand Down Expand Up @@ -329,5 +316,5 @@ private static void log(String str) {
if (debug) {
System.out.println(str);
}
}
}
}
}
1 change: 0 additions & 1 deletion test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,6 @@ public static void main(String[] args) throws Exception {

if (debug)
System.setProperty("javax.net.debug", "all");

/*
* Start the tests.
*/
Expand Down
5 changes: 1 addition & 4 deletions test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,6 @@ public class RenegotiateTLS13 {
// Server done flag
static boolean done = false;

static String keystoreType = System.getProperty("javax.net.ssl.keyStore");

// Main server code

void doServerSide() throws Exception {
Expand Down Expand Up @@ -148,7 +146,6 @@ public static void main(String[] args) throws Exception {
if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
keystoreType = "PKCS12";
}

System.setProperty("javax.net.ssl.keyStore", keyFilename);
Expand Down Expand Up @@ -290,7 +287,7 @@ SSLContext initContext() throws Exception {
System.out.println("Using TLS13");
SSLContext sc = SSLContext.getInstance("TLSv1.3");
KeyStore ks = KeyStore.getInstance(
new File(keystoreType),
new File(System.getProperty("javax.net.ssl.keyStore")),
passwd.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
Expand Down
8 changes: 4 additions & 4 deletions test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java
Original file line number Diff line number Diff line change
Expand Up @@ -93,10 +93,10 @@ public static void main(String args[]) throws Exception {
System.setProperty("javax.net.debug", "ssl:handshake");
}

if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
keyFilename = Utils.revertJKSToPKCS12(keyFilename, "passphrase");
trustFilename = Utils.revertJKSToPKCS12(trustFilename, "passphrase");
}
// if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
// keyFilename = Utils.revertJKSToPKCS12(keyFilename, "passphrase");
// trustFilename = Utils.revertJKSToPKCS12(trustFilename, "passphrase");
// }

KeyManagerFactory kmf = makeKeyManagerFactory(keyFilename,
passphrase);
Expand Down
32 changes: 25 additions & 7 deletions test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
Original file line number Diff line number Diff line change
Expand Up @@ -254,6 +254,8 @@ public class SSLSocketSNISensitive {
*/
static boolean debug = false;

static String[] signatureAlgos = new String[5];

/*
* Define the server side of the test.
*
Expand Down Expand Up @@ -366,7 +368,7 @@ private static void parseArguments(String[] args) {
clientRequestedHostname = args[1];
}

private static void printCert(String trustedCertStr) {
private static void printCert(String trustedCertStr, int index) {
try {
// Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace
String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "")
Expand All @@ -391,6 +393,7 @@ private static void printCert(String trustedCertStr) {
System.out.println("Signature Algorithm: " + cert.getSigAlgName());
System.out.println("Version: " + cert.getVersion());

signatureAlgos[index] = cert.getSigAlgName();
} catch (Exception e) {
e.printStackTrace();
}
Expand Down Expand Up @@ -486,19 +489,34 @@ public static void main(String[] args) throws Exception {
parseArguments(args);

System.out.println("Now printing trustedCertStr==================");
printCert(trustedCertStr);
printCert(trustedCertStr, 0);
System.out.println("Now printing targetCertStr_A==================");
printCert(targetCertStr_A);
printCert(targetCertStr_A, 1);
System.out.println("Now printing targetCertStr_B==================");
printCert(targetCertStr_B);
printCert(targetCertStr_B, 2);
System.out.println("Now printing targetCertStr_C==================");
printCert(targetCertStr_C);
printCert(targetCertStr_C, 3);
System.out.println("Now printing targetCertStr_D==================");
printCert(targetCertStr_D);
printCert(targetCertStr_D, 4);
/*
* Start the tests.
*/
new SSLSocketSNISensitive();
try {
new SSLSocketSNISensitive();
} catch (Exception e) {
if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
for (int i=0; i<signatureAlgos.length; i++) {
if (signatureAlgos[i].contains("MD5")
&& e instanceof javax.net.ssl.SSLHandshakeException
&& "no cipher suites in common".equals(e.getMessage())) {
System.out.println("Expected exception msg: <no cipher suites in common> is caught.");
return;
}
}
}
e.printStackTrace();
return;
}
}

Thread clientThread = null;
Expand Down
17 changes: 1 addition & 16 deletions test/jdk/javax/net/ssl/TLS/CipherTestUtils.java
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ public class CipherTestUtils {
public static final SecureRandom secureRandom = new SecureRandom();
public static char[] PASSWORD = "passphrase".toCharArray();
private static final List<TestParameters> TESTS = new ArrayList<>(3);
private static final List<Exception> EXCEPTIONS
public static final List<Exception> EXCEPTIONS
= Collections.synchronizedList(new ArrayList<>(1));

private static final String CLIENT_PUBLIC_KEY
Expand Down Expand Up @@ -316,21 +316,6 @@ private CipherTestUtils() throws Exception {
TLS_PROTOCOLS.add("TLSv1.2");
TLS_PROTOCOLS.add("TLSv1.3");

TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3");
TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");

factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
SERVER_PRIVATE_KEY);
Expand Down
3 changes: 3 additions & 0 deletions test/jdk/javax/net/ssl/TLS/JSSEClient.java
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import java.util.*;

class JSSEClient extends CipherTestUtils.Client {

Expand All @@ -42,6 +43,8 @@ class JSSEClient extends CipherTestUtils.Client {
private final String host;
private final String protocol;

private static final Map<String, String> TLS_CIPHERSUITES = new HashMap<>();

JSSEClient(CipherTestUtils cipherTest, String host, int port,
String protocols, String ciphersuite) throws Exception {
super(cipherTest, ciphersuite);
Expand Down
43 changes: 21 additions & 22 deletions test/jdk/javax/net/ssl/TLS/TestJSSE.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@
* questions.
*/

import java.lang.reflect.Field;

import java.util.List;
import java.util.ArrayList;
import java.util.Arrays;
Expand All @@ -35,7 +37,6 @@ public class TestJSSE {

private static final String LOCAL_IP = InetAddress.getLoopbackAddress().getHostAddress();
private static boolean isFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips"));
private static String customProfile = System.getProperty("semeru.customprofile");
private static final Map<String, String> TLS_CIPHERSUITES = new HashMap<>();

private static String checkIfProtocolIsUsedInCommonFIPS(String srvProtocol, String clnProtocol) {
Expand Down Expand Up @@ -66,7 +67,7 @@ private static String checkIfProtocolIsUsedInCommonFIPS(String srvProtocol, Stri
public static void main(String... args) throws Exception {

// enable debug output
System.setProperty("javax.net.debug", "ssl,record");
// System.setProperty("javax.net.debug", "ssl,record");

String srvProtocol = System.getProperty("SERVER_PROTOCOL");
String clnProtocol = System.getProperty("CLIENT_PROTOCOL");
Expand All @@ -87,7 +88,7 @@ public static void main(String... args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
String protocolUsedInHandShake = null;
if (!(isFIPS && customProfile.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
if (!(isFIPS)) {
Security.setProperty("jdk.tls.disabledAlgorithms", "");
} else {
TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
Expand All @@ -96,37 +97,35 @@ public static void main(String... args) throws Exception {
TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2");
TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
protocolUsedInHandShake = checkIfProtocolIsUsedInCommonFIPS(srvProtocol, clnProtocol);
}

try (CipherTestUtils.Server srv = server(srvProtocol, cipher, args)) {
client(srv.getPort(), clnProtocol, cipher, args);
} catch (Exception e) {
if (isFIPS && customProfile.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
System.out.println("1");
if ((protocolUsedInHandShake == null
|| !TLS_CIPHERSUITES.containsKey(cipher)
|| !TLS_CIPHERSUITES.get(cipher).equals(protocolUsedInHandShake))
&& e instanceof javax.net.ssl.SSLHandshakeException
&& "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(e.getMessage())) {
if (args.length >= 1 && args[0].equals("javax.net.ssl.SSLHandshakeException")) {
System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
return;
} else {
System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
return;
}
if (isFIPS) {
if (protocolUsedInHandShake == null || !TLS_CIPHERSUITES.containsKey(cipher)
|| (protocolUsedInHandShake != null && !TLS_CIPHERSUITES.get(cipher).equals(protocolUsedInHandShake))) {
System.out.println("Caught exceptions list: ");
// CipherTestUtils.EXCEPTIONS.get(0).printStackTrace(System.out);
if (e instanceof javax.net.ssl.SSLHandshakeException) {
if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(CipherTestUtils.EXCEPTIONS.get(0).getMessage())) {
if (args.length >= 1 && args[0].equals("javax.net.ssl.SSLHandshakeException")) {
System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
return;
} else {
System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
return;
}
}
System.out.println("================================");
}
}
}
}
}

public static void client(int port, String protocols, String cipher,
Expand Down
Loading

0 comments on commit 7c54ae2

Please sign in to comment.