diff options
| author | Alex Klyubin <klyubin@google.com> | 2014-11-17 18:19:39 -0800 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2014-11-18 09:18:41 -0800 |
| commit | 782740701db73dd2dc4fef9df8cde270b0e631a4 (patch) | |
| tree | cd26b80b6a8092ca98f1d3c86d46a0aa9be7a82a | |
| parent | 2f629d3eff3e73b64efdc95b90446d1ff8d4e831 (diff) | |
| download | libcore-782740701db73dd2dc4fef9df8cde270b0e631a4.zip libcore-782740701db73dd2dc4fef9df8cde270b0e631a4.tar.gz libcore-782740701db73dd2dc4fef9df8cde270b0e631a4.tar.bz2 | |
Fix SSLContextTest.test_SSLContext_defaultConfiguration failure
This test was failing because it assumed that all SSLContext
instances have the same set of TLS protocol versions enabled.
The fix refactored SSLDefaultConfigurationAsserts class into
SSLConfigurationAsserts class. The main difference is that the new
class has wider scope: it can assert that (1) the default
configuration of TLS/SSL primitives is as expected -- exactly what
the old SSLDefaultConfigurationAsserts class offered, and (2) that
TLS/SSL primitives are configured the same as a provided SSLContext.
Assertions about the default configuration of primitives other than
SSLContext are now implemented by asserting that these primitives are
configured exactly like the default SSLContext.
Change-Id: I52d6514768c4053054df2cf79e7182d8fd87bfe2
9 files changed, 262 insertions, 249 deletions
diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java index d8d9fab..533849c 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java @@ -26,7 +26,6 @@ import java.security.Security; import java.security.UnrecoverableKeyException; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; import java.util.List; import java.util.concurrent.Callable; import libcore.io.IoUtils; @@ -82,14 +81,14 @@ public class SSLContextTest extends TestCase { } public void test_SSLContext_defaultConfiguration() throws Exception { - SSLDefaultConfigurationAsserts.assertSSLContext(SSLContext.getDefault()); + SSLConfigurationAsserts.assertSSLContextDefaultConfiguration(SSLContext.getDefault()); for (String protocol : StandardNames.SSL_CONTEXT_PROTOCOLS) { SSLContext sslContext = SSLContext.getInstance(protocol); if (!protocol.equals(StandardNames.SSL_CONTEXT_PROTOCOLS_DEFAULT)) { sslContext.init(null, null, null); } - SSLDefaultConfigurationAsserts.assertSSLContext(sslContext); + SSLConfigurationAsserts.assertSSLContextDefaultConfiguration(sslContext); } } diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java index fb7e0c9..5239977 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java @@ -65,7 +65,7 @@ public class SSLEngineTest extends TestCase { } public void test_SSLEngine_defaultConfiguration() throws Exception { - SSLDefaultConfigurationAsserts.assertSSLEngine( + SSLConfigurationAsserts.assertSSLEngineDefaultConfiguration( TestSSLContext.create().clientContext.createSSLEngine()); } diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketFactoryTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketFactoryTest.java index ea9c3f0..cda1fb8 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketFactoryTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketFactoryTest.java @@ -22,7 +22,7 @@ import junit.framework.TestCase; public class SSLServerSocketFactoryTest extends TestCase { public void testDefaultConfiguration() throws Exception { - SSLDefaultConfigurationAsserts.assertSSLServerSocketFactory( + SSLConfigurationAsserts.assertSSLServerSocketFactoryDefaultConfiguration( (SSLServerSocketFactory) SSLServerSocketFactory.getDefault()); } } diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketTest.java index 59c44c1..d2c0f48 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketTest.java @@ -24,7 +24,7 @@ import java.util.Arrays; public class SSLServerSocketTest extends TestCase { public void testDefaultConfiguration() throws Exception { - SSLDefaultConfigurationAsserts.assertSSLServerSocket( + SSLConfigurationAsserts.assertSSLServerSocketDefaultConfiguration( (SSLServerSocket) SSLServerSocketFactory.getDefault().createServerSocket()); } diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketFactoryTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketFactoryTest.java index acf69c0..83b690b 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketFactoryTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketFactoryTest.java @@ -210,7 +210,7 @@ public class SSLSocketFactoryTest extends TestCase { } public void test_SSLSocketFactory_defaultConfiguration() throws Exception { - SSLDefaultConfigurationAsserts.assertSSLSocketFactory( + SSLConfigurationAsserts.assertSSLSocketFactoryDefaultConfiguration( (SSLSocketFactory) SSLSocketFactory.getDefault()); } diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java index 742051d..abf8c89 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java @@ -73,7 +73,7 @@ import libcore.tlswire.record.TlsRecord; public class SSLSocketTest extends TestCase { public void test_SSLSocket_defaultConfiguration() throws Exception { - SSLDefaultConfigurationAsserts.assertSSLSocket( + SSLConfigurationAsserts.assertSSLSocketDefaultConfiguration( (SSLSocket) SSLSocketFactory.getDefault().createSocket()); } diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java index c28a841..208adab 100644 --- a/support/src/test/java/libcore/java/security/StandardNames.java +++ b/support/src/test/java/libcore/java/security/StandardNames.java @@ -556,6 +556,7 @@ public final class StandardNames extends Assert { provideSslContextEnabledProtocols("TLSv1", TLSVersion.SSLv3, TLSVersion.TLSv1); provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.SSLv3, TLSVersion.TLSv11); provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.SSLv3, TLSVersion.TLSv12); + provideSslContextEnabledProtocols("Default", TLSVersion.SSLv3, TLSVersion.TLSv1); } else { provideSslContextEnabledProtocols("SSL", TLSVersion.SSLv3, TLSVersion.TLSv12); provideSslContextEnabledProtocols("SSLv3", TLSVersion.SSLv3, TLSVersion.TLSv12); @@ -563,6 +564,7 @@ public final class StandardNames extends Assert { provideSslContextEnabledProtocols("TLSv1", TLSVersion.TLSv1, TLSVersion.TLSv12); provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.TLSv1, TLSVersion.TLSv12); provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.TLSv1, TLSVersion.TLSv12); + provideSslContextEnabledProtocols("Default", TLSVersion.TLSv1, TLSVersion.TLSv12); } } @@ -989,7 +991,8 @@ public final class StandardNames extends Assert { * suites in a test for those that want to verify separately that * all cipher suites were included. */ - public static Set<String> assertValidCipherSuites(Set<String> expected, String[] cipherSuites) { + private static Set<String> assertValidCipherSuites( + Set<String> expected, String[] cipherSuites) { assertNotNull(cipherSuites); assertTrue(cipherSuites.length != 0); @@ -1011,7 +1014,7 @@ public final class StandardNames extends Assert { * assertSupportedCipherSuites additionally verifies that all * supported cipher suites where in the input array. */ - public static void assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites) { + private static void assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites) { Set<String> remainingCipherSuites = assertValidCipherSuites(expected, cipherSuites); assertEquals("Missing cipher suites", Collections.EMPTY_SET, remainingCipherSuites); assertEquals(expected.size(), cipherSuites.length); @@ -1024,7 +1027,7 @@ public final class StandardNames extends Assert { * those that want to verify separately that all protocols were * included. */ - public static Set<String> assertValidProtocols(Set<String> expected, String[] protocols) { + private static Set<String> assertValidProtocols(Set<String> expected, String[] protocols) { assertNotNull(protocols); assertTrue(protocols.length != 0); @@ -1045,21 +1048,13 @@ public final class StandardNames extends Assert { * assertSupportedProtocols additionally verifies that all * supported protocols where in the input array. */ - public static void assertSupportedProtocols(Set<String> expected, String[] protocols) { + private static void assertSupportedProtocols(Set<String> expected, String[] protocols) { Set<String> remainingProtocols = assertValidProtocols(expected, protocols); assertEquals("Missing protocols", Collections.EMPTY_SET, remainingProtocols); assertEquals(expected.size(), protocols.length); } /** - * Asserts that the protocols array is non-null and that all of its contents are supported - * protocols. - */ - public static void assertValidProtocols(String[] protocols) { - assertValidProtocols(SSL_SOCKET_PROTOCOLS, protocols); - } - - /** * Asserts that the provided list of protocols matches the supported list of protocols. */ public static void assertSupportedProtocols(String[] protocols) { @@ -1067,33 +1062,6 @@ public final class StandardNames extends Assert { } /** - * Asserts that the protocols array contains all the protocols enabled by default for client use - * and no other ones. - */ - public static void assertDefaultProtocolsClient(String[] protocols) { - assertValidProtocols(protocols); - assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT, protocols); - } - - /** - * Asserts that the protocols array contains all the protocols enabled by default for server use - * and no other ones. - */ - public static void assertDefaultProtocolsServer(String[] protocols) { - assertValidProtocols(protocols); - assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT, protocols); - } - - /** - * Asserts that the protocols array contains all the protocols enabled by default for - * {@link javax.net.ssl.SSLEngine} and no other ones. - */ - public static void assertSSLEngineDefaultProtocols(String[] protocols) { - assertValidProtocols(protocols); - assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT, protocols); - } - - /** * Assert that the provided list of cipher suites contains only the supported cipher suites. */ public static void assertValidCipherSuites(String[] cipherSuites) { diff --git a/support/src/test/java/libcore/javax/net/ssl/SSLConfigurationAsserts.java b/support/src/test/java/libcore/javax/net/ssl/SSLConfigurationAsserts.java new file mode 100644 index 0000000..bdaad65 --- /dev/null +++ b/support/src/test/java/libcore/javax/net/ssl/SSLConfigurationAsserts.java @@ -0,0 +1,248 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package libcore.javax.net.ssl; + +import junit.framework.Assert; +import libcore.java.security.StandardNames; +import java.io.IOException; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + +/** + * Assertions about the configuration of TLS/SSL primitives. + */ +public class SSLConfigurationAsserts extends Assert { + + /** Hidden constructor to prevent instantiation. */ + private SSLConfigurationAsserts() {} + + /** + * Asserts that the provided {@link SSLContext} has the expected default configuration, and that + * {@link SSLSocketFactory}, {@link SSLServerSocketFactory}, {@link SSLSocket}, + * {@link SSLServerSocket} and {@link SSLEngine} instances created from the context match the + * configuration. + */ + public static void assertSSLContextDefaultConfiguration(SSLContext sslContext) + throws IOException { + SSLParameters defaultParameters = sslContext.getDefaultSSLParameters(); + StandardNames.assertSSLContextEnabledProtocols(sslContext.getProtocol(), + defaultParameters.getProtocols()); + StandardNames.assertDefaultCipherSuites(defaultParameters.getCipherSuites()); + assertFalse(defaultParameters.getWantClientAuth()); + assertFalse(defaultParameters.getNeedClientAuth()); + + SSLParameters supportedParameters = sslContext.getSupportedSSLParameters(); + StandardNames.assertSupportedCipherSuites(supportedParameters.getCipherSuites()); + StandardNames.assertSupportedProtocols(supportedParameters.getProtocols()); + assertFalse(supportedParameters.getWantClientAuth()); + assertFalse(supportedParameters.getNeedClientAuth()); + + assertContainsAll("Unsupported enabled cipher suites", supportedParameters.getCipherSuites(), + defaultParameters.getCipherSuites()); + assertContainsAll("Unsupported enabled protocols", supportedParameters.getProtocols(), + defaultParameters.getProtocols()); + + assertSSLSocketFactoryConfigSameAsSSLContext(sslContext.getSocketFactory(), sslContext); + assertSSLServerSocketFactoryConfigSameAsSSLContext(sslContext.getServerSocketFactory(), + sslContext); + + SSLEngine sslEngine = sslContext.createSSLEngine(); + assertFalse(sslEngine.getUseClientMode()); + assertSSLEngineConfigSameAsSSLContext(sslEngine, sslContext); + } + + /** + * Asserts that the provided {@link SSLSocketFactory} has the expected default configuration and + * that {@link SSLSocket} instances created by the factory match the configuration. + */ + public static void assertSSLSocketFactoryDefaultConfiguration( + SSLSocketFactory sslSocketFactory) throws Exception { + assertSSLSocketFactoryConfigSameAsSSLContext(sslSocketFactory, + SSLContext.getDefault()); + } + + /** + * Asserts that {@link SSLSocketFactory}'s configuration matches {@code SSLContext}'s + * configuration, and that {@link SSLSocket} instances obtained from the factory match this + * configuration as well. + */ + private static void assertSSLSocketFactoryConfigSameAsSSLContext( + SSLSocketFactory sslSocketFactory, SSLContext sslContext) throws IOException { + assertCipherSuitesEqual(sslContext.getDefaultSSLParameters().getCipherSuites(), + sslSocketFactory.getDefaultCipherSuites()); + assertCipherSuitesEqual(sslContext.getSupportedSSLParameters().getCipherSuites(), + sslSocketFactory.getSupportedCipherSuites()); + + try (SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket()) { + assertTrue(sslSocket.getUseClientMode()); + assertTrue(sslSocket.getEnableSessionCreation()); + assertSSLSocketConfigSameAsSSLContext(sslSocket, sslContext); + } + } + + /** + * Asserts that the provided {@link SSLSocket} has the expected default configuration. + */ + public static void assertSSLSocketDefaultConfiguration(SSLSocket sslSocket) throws Exception { + assertTrue(sslSocket.getUseClientMode()); + assertTrue(sslSocket.getEnableSessionCreation()); + assertSSLSocketConfigSameAsSSLContext(sslSocket, SSLContext.getDefault()); + } + + /** + * Asserts that {@link SSLSocket}'s configuration matches {@code SSLContext's} configuration. + */ + private static void assertSSLSocketConfigSameAsSSLContext(SSLSocket sslSocket, + SSLContext sslContext) { + assertSSLParametersEqual(sslSocket.getSSLParameters(), sslContext.getDefaultSSLParameters()); + assertCipherSuitesEqual(sslSocket.getEnabledCipherSuites(), + sslContext.getDefaultSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslSocket.getEnabledProtocols(), + sslContext.getDefaultSSLParameters().getProtocols()); + + assertCipherSuitesEqual(sslSocket.getSupportedCipherSuites(), + sslContext.getSupportedSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslSocket.getSupportedProtocols(), + sslContext.getSupportedSSLParameters().getProtocols()); + } + + /** + * Asserts that the provided {@link SSLServerSocketFactory} has the expected default + * configuration, and that {@link SSLServerSocket} instances created by the factory match the + * configuration. + */ + public static void assertSSLServerSocketFactoryDefaultConfiguration( + SSLServerSocketFactory sslServerSocketFactory) throws Exception { + assertSSLServerSocketFactoryConfigSameAsSSLContext(sslServerSocketFactory, + SSLContext.getDefault()); + } + + /** + * Asserts that {@link SSLServerSocketFactory}'s configuration matches {@code SSLContext}'s + * configuration, and that {@link SSLServerSocket} instances obtained from the factory match this + * configuration as well. + */ + private static void assertSSLServerSocketFactoryConfigSameAsSSLContext( + SSLServerSocketFactory sslServerSocketFactory, SSLContext sslContext) throws IOException { + assertCipherSuitesEqual(sslContext.getDefaultSSLParameters().getCipherSuites(), + sslServerSocketFactory.getDefaultCipherSuites()); + assertCipherSuitesEqual(sslContext.getSupportedSSLParameters().getCipherSuites(), + sslServerSocketFactory.getSupportedCipherSuites()); + try (SSLServerSocket sslServerSocket = + (SSLServerSocket) sslServerSocketFactory.createServerSocket()) { + assertFalse(sslServerSocket.getUseClientMode()); + assertTrue(sslServerSocket.getEnableSessionCreation()); + assertSSLServerSocketConfigSameAsSSLContext(sslServerSocket, sslContext); + } + } + + /** + * Asserts that the provided {@link SSLServerSocket} has the expected default configuration. + */ + public static void assertSSLServerSocketDefaultConfiguration(SSLServerSocket sslServerSocket) + throws Exception { + assertFalse(sslServerSocket.getUseClientMode()); + assertTrue(sslServerSocket.getEnableSessionCreation()); + assertSSLServerSocketConfigSameAsSSLContext(sslServerSocket, SSLContext.getDefault()); + // TODO: Check SSLParameters when supported by SSLServerSocket API + } + + /** + * Asserts that {@link SSLServerSocket}'s configuration matches {@code SSLContext's} + * configuration. + */ + private static void assertSSLServerSocketConfigSameAsSSLContext(SSLServerSocket sslServerSocket, + SSLContext sslContext) { + assertCipherSuitesEqual(sslServerSocket.getEnabledCipherSuites(), + sslContext.getDefaultSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslServerSocket.getEnabledProtocols(), + sslContext.getDefaultSSLParameters().getProtocols()); + + assertCipherSuitesEqual(sslServerSocket.getSupportedCipherSuites(), + sslContext.getSupportedSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslServerSocket.getSupportedProtocols(), + sslContext.getSupportedSSLParameters().getProtocols()); + + assertEquals(sslServerSocket.getNeedClientAuth(), + sslContext.getDefaultSSLParameters().getNeedClientAuth()); + assertEquals(sslServerSocket.getWantClientAuth(), + sslContext.getDefaultSSLParameters().getWantClientAuth()); + } + + /** + * Asserts that the provided {@link SSLEngine} has the expected default configuration. + */ + public static void assertSSLEngineDefaultConfiguration(SSLEngine sslEngine) throws Exception { + assertFalse(sslEngine.getUseClientMode()); + assertTrue(sslEngine.getEnableSessionCreation()); + assertSSLEngineConfigSameAsSSLContext(sslEngine, SSLContext.getDefault()); + } + + /** + * Asserts that {@link SSLEngine}'s configuration matches {@code SSLContext's} configuration. + */ + private static void assertSSLEngineConfigSameAsSSLContext(SSLEngine sslEngine, + SSLContext sslContext) { + assertSSLParametersEqual(sslEngine.getSSLParameters(), sslContext.getDefaultSSLParameters()); + assertCipherSuitesEqual(sslEngine.getEnabledCipherSuites(), + sslContext.getDefaultSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslEngine.getEnabledProtocols(), + sslContext.getDefaultSSLParameters().getProtocols()); + + assertCipherSuitesEqual(sslEngine.getSupportedCipherSuites(), + sslContext.getSupportedSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslEngine.getSupportedProtocols(), + sslContext.getSupportedSSLParameters().getProtocols()); + } + + private static void assertSSLParametersEqual(SSLParameters expected, SSLParameters actual) { + assertCipherSuitesEqual(expected.getCipherSuites(), actual.getCipherSuites()); + assertProtocolsEqual(expected.getProtocols(), actual.getProtocols()); + assertEquals(expected.getNeedClientAuth(), actual.getNeedClientAuth()); + assertEquals(expected.getWantClientAuth(), actual.getWantClientAuth()); + } + + private static void assertCipherSuitesEqual(String[] expected, String[] actual) { + assertEquals(Arrays.asList(expected), Arrays.asList(actual)); + } + + private static void assertProtocolsEqual(String[] expected, String[] actual) { + // IMPLEMENTATION NOTE: The order of protocols versions does not matter. Similarly, it only + // matters whether a protocol version is present or absent in the array. These arrays are + // supposed to represent sets of protocol versions. Thus, we treat them as such. + assertEquals(new HashSet<String>(Arrays.asList(expected)), + new HashSet<String>(Arrays.asList(actual))); + } + + /** + * Asserts that the {@code container} contains all the {@code elements}. + */ + private static void assertContainsAll(String message, String[] container, String[] elements) { + Set<String> elementsNotInContainer = new HashSet<String>(Arrays.asList(elements)); + elementsNotInContainer.removeAll(Arrays.asList(container)); + assertEquals(message, Collections.EMPTY_SET, elementsNotInContainer); + } +} diff --git a/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java b/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java deleted file mode 100644 index d54f5e5..0000000 --- a/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Copyright (C) 2013 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package libcore.javax.net.ssl; - -import java.io.IOException; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLParameters; -import javax.net.ssl.SSLServerSocket; -import javax.net.ssl.SSLServerSocketFactory; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; -import junit.framework.Assert; -import libcore.java.security.StandardNames; - -/** - * Assertions about the default configuration of TLS/SSL primitives. - */ -public abstract class SSLDefaultConfigurationAsserts extends Assert { - - /** Hidden constructor to prevent instantiation. */ - private SSLDefaultConfigurationAsserts() {} - - /** - * Asserts that the provided {@link SSLContext} has the expected default configuration. - */ - public static void assertSSLContext(SSLContext sslContext) throws IOException { - assertDefaultSSLParametersClient(sslContext.getDefaultSSLParameters()); - assertSupportedSSLParametersClient(sslContext.getSupportedSSLParameters()); - assertSSLSocketFactory(sslContext.getSocketFactory()); - assertSSLServerSocketFactory(sslContext.getServerSocketFactory()); - assertSSLEngine(sslContext.createSSLEngine()); - assertSSLEngine(sslContext.createSSLEngine(null, -1)); - } - - /** - * Asserts that the provided {@link SSLSocketFactory} has the expected default configuration. - */ - public static void assertSSLSocketFactory(SSLSocketFactory sslSocketFactory) throws IOException { - StandardNames.assertDefaultCipherSuites(sslSocketFactory.getDefaultCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslSocketFactory.getSupportedCipherSuites()); - assertContainsAll("Unsupported default cipher suites", - sslSocketFactory.getSupportedCipherSuites(), - sslSocketFactory.getDefaultCipherSuites()); - - assertSSLSocket((SSLSocket) sslSocketFactory.createSocket()); - } - - /** - * Asserts that the provided {@link SSLServerSocketFactory} has the expected default - * configuration. - */ - public static void assertSSLServerSocketFactory(SSLServerSocketFactory sslServerSocketFactory) - throws IOException { - StandardNames.assertDefaultCipherSuites(sslServerSocketFactory.getDefaultCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslServerSocketFactory.getSupportedCipherSuites()); - assertContainsAll("Unsupported default cipher suites", - sslServerSocketFactory.getSupportedCipherSuites(), - sslServerSocketFactory.getDefaultCipherSuites()); - - assertSSLServerSocket((SSLServerSocket) sslServerSocketFactory.createServerSocket()); - } - - /** - * Asserts that the provided {@link SSLSocket} has the expected default configuration. - */ - public static void assertSSLSocket(SSLSocket sslSocket) { - assertSSLParametersClient(sslSocket.getSSLParameters()); - - StandardNames.assertDefaultCipherSuites(sslSocket.getEnabledCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslSocket.getSupportedCipherSuites()); - assertContainsAll("Unsupported enabled cipher suites", - sslSocket.getSupportedCipherSuites(), - sslSocket.getEnabledCipherSuites()); - - StandardNames.assertDefaultProtocolsClient(sslSocket.getEnabledProtocols()); - StandardNames.assertSupportedProtocols(sslSocket.getSupportedProtocols()); - assertContainsAll("Unsupported enabled protocols", - sslSocket.getSupportedProtocols(), - sslSocket.getEnabledProtocols()); - - assertTrue(sslSocket.getUseClientMode()); - assertTrue(sslSocket.getEnableSessionCreation()); - assertFalse(sslSocket.getNeedClientAuth()); - assertFalse(sslSocket.getWantClientAuth()); - } - - /** - * Asserts that the provided {@link SSLServerSocket} has the expected default configuration. - */ - public static void assertSSLServerSocket(SSLServerSocket sslServerSocket) { - // TODO: Check SSLParameters when supported by SSLServerSocket API - - StandardNames.assertDefaultCipherSuites(sslServerSocket.getEnabledCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslServerSocket.getSupportedCipherSuites()); - assertContainsAll("Unsupported enabled cipher suites", - sslServerSocket.getSupportedCipherSuites(), - sslServerSocket.getEnabledCipherSuites()); - - StandardNames.assertDefaultProtocolsServer(sslServerSocket.getEnabledProtocols()); - StandardNames.assertSupportedProtocols(sslServerSocket.getSupportedProtocols()); - assertContainsAll("Unsupported enabled protocols", - sslServerSocket.getSupportedProtocols(), - sslServerSocket.getEnabledProtocols()); - - assertTrue(sslServerSocket.getEnableSessionCreation()); - assertFalse(sslServerSocket.getNeedClientAuth()); - assertFalse(sslServerSocket.getWantClientAuth()); - } - - /** - * Asserts that the provided {@link SSLEngine} has the expected default configuration. - */ - public static void assertSSLEngine(SSLEngine sslEngine) { - assertFalse(sslEngine.getUseClientMode()); - assertSSLEngineSSLParameters(sslEngine.getSSLParameters()); - - StandardNames.assertDefaultCipherSuites(sslEngine.getEnabledCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslEngine.getSupportedCipherSuites()); - assertContainsAll("Unsupported enabled cipher suites", - sslEngine.getSupportedCipherSuites(), - sslEngine.getEnabledCipherSuites()); - - StandardNames.assertSSLEngineDefaultProtocols(sslEngine.getEnabledProtocols()); - StandardNames.assertSupportedProtocols(sslEngine.getSupportedProtocols()); - assertContainsAll("Unsupported enabled protocols", - sslEngine.getSupportedProtocols(), - sslEngine.getEnabledProtocols()); - - assertTrue(sslEngine.getEnableSessionCreation()); - assertFalse(sslEngine.getNeedClientAuth()); - assertFalse(sslEngine.getWantClientAuth()); - } - - /** - * Asserts that the provided {@link SSLParameters} describe the expected default configuration - * for client-side mode of operation. - */ - public static void assertSSLParametersClient(SSLParameters sslParameters) { - assertDefaultSSLParametersClient(sslParameters); - } - - /** - * Asserts that the provided default {@link SSLParameters} are as expected for client-side mode of - * operation. - */ - private static void assertDefaultSSLParametersClient(SSLParameters sslParameters) { - StandardNames.assertDefaultCipherSuites(sslParameters.getCipherSuites()); - StandardNames.assertDefaultProtocolsClient(sslParameters.getProtocols()); - assertFalse(sslParameters.getWantClientAuth()); - assertFalse(sslParameters.getNeedClientAuth()); - } - - /** - * Asserts that the provided supported {@link SSLParameters} are as expected for client-side mode - * of operation. - */ - private static void assertSupportedSSLParametersClient(SSLParameters sslParameters) { - StandardNames.assertSupportedCipherSuites(sslParameters.getCipherSuites()); - StandardNames.assertSupportedProtocols(sslParameters.getProtocols()); - assertFalse(sslParameters.getWantClientAuth()); - assertFalse(sslParameters.getNeedClientAuth()); - } - - /** - * Asserts that the provided {@link SSLParameters} has the expected default configuration for - * {@link SSLEngine}. - */ - public static void assertSSLEngineSSLParameters(SSLParameters sslParameters) { - StandardNames.assertDefaultCipherSuites(sslParameters.getCipherSuites()); - StandardNames.assertSSLEngineDefaultProtocols(sslParameters.getProtocols()); - assertFalse(sslParameters.getWantClientAuth()); - assertFalse(sslParameters.getNeedClientAuth()); - } - - /** - * Asserts that the {@code container} contains all the {@code elements}. - */ - private static void assertContainsAll(String message, String[] container, String[] elements) { - Set<String> elementsNotInContainer = new HashSet<String>(Arrays.asList(elements)); - elementsNotInContainer.removeAll(Arrays.asList(container)); - assertEquals(message, Collections.EMPTY_SET, elementsNotInContainer); - } -} |