Check for RFC 5746 TLS extension

RFC 5746 allows you to either include a signaling cipher suite or a TLS
extension. However, since TLS API has no way to indicate or check that
a certain TLS extension is used, we insert it into the cipher suites
we see to check against the enabled cipher suites.

(cherry picked from commit 81885494e46596c796cdcb5037b91d92915b65a7)

Bug: 24602368
Change-Id: I06422b9a90f47bb5ffa10ef614233d856773d336

2 files changed, 19 insertions, 2 deletions

diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
index bf2d0f8..11dfb3d 100644
--- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
+++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
@@ -1559,7 +1559,23 @@ public class SSLSocketTest extends TestCase {
             @Override
             public void run(SSLSocketFactory sslSocketFactory) throws Exception {
                 ClientHello clientHello = captureTlsHandshakeClientHello(sslSocketFactory);
-                String[] cipherSuites = new String[clientHello.cipherSuites.size()];
+                final String[] cipherSuites;
+
+                // RFC 5746 allows you to send an empty "renegotiation_info" extension *or*
+                // a special signaling cipher suite. The TLS API has no way to check or
+                // indicate that a certain TLS extension should be used.
+                HelloExtension renegotiationInfoExtension = clientHello.findExtensionByType(
+                        HelloExtension.TYPE_RENEGOTIATION_INFO);
+                if (renegotiationInfoExtension != null &&
+                        renegotiationInfoExtension.data.length == 1 &&
+                        renegotiationInfoExtension.data[0] == 0) {
+                    cipherSuites = new String[clientHello.cipherSuites.size() + 1];
+                    cipherSuites[clientHello.cipherSuites.size()] =
+                            StandardNames.CIPHER_SUITE_SECURE_RENEGOTIATION;
+                } else {
+                    cipherSuites = new String[clientHello.cipherSuites.size()];
+                }
+
                 for (int i = 0; i < clientHello.cipherSuites.size(); i++) {
                     CipherSuite cipherSuite = clientHello.cipherSuites.get(i);
                     cipherSuites[i] = cipherSuite.getAndroidName();
diff --git a/support/src/test/java/libcore/tlswire/handshake/HelloExtension.java b/support/src/test/java/libcore/tlswire/handshake/HelloExtension.java
index 5741072..a648cdf 100644
--- a/support/src/test/java/libcore/tlswire/handshake/HelloExtension.java
+++ b/support/src/test/java/libcore/tlswire/handshake/HelloExtension.java
@@ -31,6 +31,7 @@ public class HelloExtension {
     public static final int TYPE_SERVER_NAME = 0;
     public static final int TYPE_PADDING = 21;
     public static final int TYPE_SESSION_TICKET = 35;
+    public static final int TYPE_RENEGOTIATION_INFO = 65281;
 
     private static final Map<Integer, String> TYPE_TO_NAME = new HashMap<Integer, String>();
     static {
@@ -60,7 +61,7 @@ public class HelloExtension {
         TYPE_TO_NAME.put(13172, "next_protocol_negotiation");
         TYPE_TO_NAME.put(30031, "Channel ID (old)");
         TYPE_TO_NAME.put(30032, "Channel ID (new)");
-        TYPE_TO_NAME.put(65281, "renegotiation_info");
+        TYPE_TO_NAME.put(TYPE_RENEGOTIATION_INFO, "renegotiation_info");
     }
 
     public int type;