Skip to content
Permalink
Browse files
8246330: Add TLS Tests for Legacy ECDSA curves
Reviewed-by: rhalade
  • Loading branch information
Shivangi Gupta committed Jun 9, 2020
1 parent 8dc6643 commit 82e3640eb17af676a664214997a5613d282af5c8
Showing 2 changed files with 173 additions and 0 deletions.
@@ -372,12 +372,14 @@ protected void doClientSide() throws Exception {
// Trusted certificates.
protected final static Cert[] TRUSTED_CERTS = {
Cert.CA_ECDSA_SECP256R1,
Cert.CA_ECDSA_SECT283R1,
Cert.CA_RSA_2048,
Cert.CA_DSA_2048 };

// End entity certificate.
protected final static Cert[] END_ENTITY_CERTS = {
Cert.EE_ECDSA_SECP256R1,
Cert.EE_ECDSA_SECT283R1,
Cert.EE_RSA_2048,
Cert.EE_EC_RSA_SECP256R1,
Cert.EE_DSA_2048 };
@@ -703,6 +705,32 @@ public static enum Cert {
"p1YdWENftmDoNTJ3O6TNlXb90jKWgAirCXNBUompPtHKkO592eDyGcT1h8qjrKlm\n" +
"Kw=="),

CA_ECDSA_SECT283R1(
"EC",
// SHA1withECDSA, curve sect283r1
// Validity
// Not Before: May 26 06:06:52 2020 GMT
// Not After : May 21 06:06:52 2040 GMT
// Subject Key Identifier:
// CF:A3:99:ED:4C:6E:04:41:09:21:31:33:B6:80:D5:A7:BF:2B:98:04
"-----BEGIN CERTIFICATE-----\n" +
"MIIB8TCCAY+gAwIBAgIJANQFsBngZ3iMMAsGByqGSM49BAEFADBdMQswCQYDVQQG\n" +
"EwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNBMQ8wDQYDVQQKEwZPcmFjbGUx\n" +
"DzANBgNVBAsTBkpQR1NRRTESMBAGA1UEAxMJc2VjdDI4M3IxMB4XDTIwMDUyNjE4\n" +
"MDY1MloXDTQwMDUyMTE4MDY1MlowXTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB\n" +
"MQswCQYDVQQHEwJTQTEPMA0GA1UEChMGT3JhY2xlMQ8wDQYDVQQLEwZKUEdTUUUx\n" +
"EjAQBgNVBAMTCXNlY3QyODNyMTBeMBAGByqGSM49AgEGBSuBBAARA0oABALatmDt\n" +
"QIhjpK4vJjv4GgC8CUH/VAWLUSQRU7yGGQ3NF8rVBARv0aehiII0nzjDVX5KrP/A\n" +
"w/DmW7q8PfEAIktuaA/tcKv/OKMyMDAwHQYDVR0OBBYEFM+jme1MbgRBCSExM7aA\n" +
"1ae/K5gEMA8GA1UdEwEB/wQFMAMBAf8wCwYHKoZIzj0EAQUAA08AMEwCJAGHsAP8\n" +
"HlcVqszra+fxq35juTxHJIfxTKIr7f54Ywtz7AJowgIkAxydv8g+dkuniOUAj0Xt\n" +
"FnGVp6HzKX5KM1zLpfqmix8ZPP/A\n" +
"-----END CERTIFICATE-----",
"MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAdcyn/FxiNvuTsSgDehq\n" +
"SGFiTxAKNMMJfmsO6GHekzszFqjPoUwDSgAEAtq2YO1AiGOkri8mO/gaALwJQf9U\n" +
"BYtRJBFTvIYZDc0XytUEBG/Rp6GIgjSfOMNVfkqs/8DD8OZburw98QAiS25oD+1w\n" +
"q/84"),

CA_RSA_2048(
"RSA",
// SHA256withRSA, 2048 bits
@@ -889,6 +917,33 @@ public static enum Cert {
"MEcCAQAwBQYDK2VxBDsEOd6/hRZqkUyTlJSwdN5gO/HnoWYda1fD83YUm5j6m2Bg\n" +
"hAQi+QadFsQLD7R6PI/4Q0twXqlKnxU5Ug=="),

EE_ECDSA_SECT283R1(
"EC",
// SHA1withECDSA, curve sect283r1
// Validity
// Not Before: May 26 06:08:15 2020 GMT
// Not After : May 21 06:08:15 2040 GMT
// Authority Key Identifier:
// CF:A3:99:ED:4C:6E:04:41:09:21:31:33:B6:80:D5:A7:BF:2B:98:04
"-----BEGIN CERTIFICATE-----\n" +
"MIICFTCCAbOgAwIBAgIJAM0Dd9zxR9CeMAsGByqGSM49BAEFADBdMQswCQYDVQQG\n" +
"EwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNBMQ8wDQYDVQQKEwZPcmFjbGUx\n" +
"DzANBgNVBAsTBkpQR1NRRTESMBAGA1UEAxMJc2VjdDI4M3IxMB4XDTIwMDUyNjE4\n" +
"MDgxNVoXDTQwMDUyMTE4MDgxNVowYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB\n" +
"MQswCQYDVQQHEwJTQTEPMA0GA1UEChMGT3JhY2xlMQ8wDQYDVQQLEwZKUEdTUUUx\n" +
"FTATBgNVBAMMDHNlY3QyODNyMV9lZTBeMBAGByqGSM49AgEGBSuBBAARA0oABAMP\n" +
"oaMP2lIiCrNaFSePtZA8nBnqJXSGCz8kosKeYTqz/SPE1AN6BvM4xl0kPQZvJWMz\n" +
"fyTcm2Ar0PdbIh8f22vJfO+0JpfhnqNTMFEwHQYDVR0OBBYEFOzDGNWQhslU5ei4\n" +
"SYda/ro9DickMA8GA1UdEwQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUz6OZ7UxuBEEJ\n" +
"ITEztoDVp78rmAQwCwYHKoZIzj0EAQUAA08AMEwCJALYBWSYdbhRiW4mNulQh6/v\n" +
"dfHG3y/oMjzJEmT/A0WYl96ohgIkAbDC0Ke632RXtCZ4xa2FrmzP41Vb80mSH1iY\n" +
"FCJ3LVoTEUgN\n" +
"-----END CERTIFICATE-----",
"MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAXq9LPYU+XSrImPzgO1e\n" +
"hsgjfTBXlWGveFUtn0OHPtbp7hzpoUwDSgAEAw+how/aUiIKs1oVJ4+1kDycGeol\n" +
"dIYLPySiwp5hOrP9I8TUA3oG8zjGXSQ9Bm8lYzN/JNybYCvQ91siHx/ba8l877Qm\n" +
"l+Ge"),

EE_ECDSA_SECP256R1(
"EC",
// SHA256withECDSA, curve secp256r1
@@ -0,0 +1,118 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

/*
* @test
* @bug 8246330
* @library /javax/net/ssl/templates
* @run main/othervm -Djdk.tls.namedGroups="sect283r1"
DisabledCurve DISABLE_NONE PASS
* @run main/othervm -Djdk.tls.namedGroups="sect283r1"
DisabledCurve sect283r1 FAIL
*/
import java.security.Security;
import java.util.Arrays;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;

public class DisabledCurve extends SSLSocketTemplate {

private static volatile int index;
private static final String[][][] protocols = {
{ { "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1" }, { "TLSv1.2" } },
{ { "TLSv1.2" }, { "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1" } },
{ { "TLSv1.2" }, { "TLSv1.2" } }, { { "TLSv1.1" }, { "TLSv1.1" } },
{ { "TLSv1" }, { "TLSv1" } } };

protected SSLContext createClientSSLContext() throws Exception {
return createSSLContext(
new SSLSocketTemplate.Cert[] {
SSLSocketTemplate.Cert.CA_ECDSA_SECT283R1 },
new SSLSocketTemplate.Cert[] {
SSLSocketTemplate.Cert.EE_ECDSA_SECT283R1 },
getClientContextParameters());
}

protected SSLContext createServerSSLContext() throws Exception {
return createSSLContext(
new SSLSocketTemplate.Cert[] {
SSLSocketTemplate.Cert.CA_ECDSA_SECT283R1 },
new SSLSocketTemplate.Cert[] {
SSLSocketTemplate.Cert.EE_ECDSA_SECT283R1 },
getServerContextParameters());
}

@Override
protected void configureClientSocket(SSLSocket socket) {
String[] ps = protocols[index][0];

System.out.print("Setting client protocol(s): ");
Arrays.stream(ps).forEachOrdered(System.out::print);
System.out.println();

socket.setEnabledProtocols(ps);
}

@Override
protected void configureServerSocket(SSLServerSocket serverSocket) {
String[] ps = protocols[index][1];

System.out.print("Setting server protocol(s): ");
Arrays.stream(ps).forEachOrdered(System.out::print);
System.out.println();

serverSocket.setEnabledProtocols(ps);
}

public static void main(String[] args) throws Exception {
String expected = args[1];
String disabledName = ("DISABLE_NONE".equals(args[0]) ? "" : args[0]);
if (disabledName.equals("")) {
Security.setProperty("jdk.disabled.namedCurves", "");
}
System.setProperty("jdk.sunec.disableNative", "false");

for (index = 0; index < protocols.length; index++) {
try {
(new DisabledCurve()).run();
if (expected.equals("FAIL")) {
throw new RuntimeException(
"The test case should not reach here");
}
} catch (SSLException | IllegalStateException ssle) {
if ((expected.equals("FAIL"))
&& Security.getProperty("jdk.disabled.namedCurves")
.contains(disabledName)) {
System.out.println(
"Expected exception was thrown: TEST PASSED");
} else {
throw new RuntimeException(ssle);
}

}

}
}
}

0 comments on commit 82e3640

Please sign in to comment.