Higher-level default configuration asserts for TLS/SSL primitives.

This adds SSLDefaultConfigurationAsserts class that offers
higher-level checks for each TLS/SSL primitive. The goals are:
* check not only the cipher suites and protocols configured but also
  the configuration of child primitives (e.g, configuration of
  SSLSockets returned by SSLSocketFactory, or configuration of
  SSLSocketFactory returned by SSLContext).
* hide the upcoming target API level dependent configuration checks
  from test classes.

Bug: 11220570
Change-Id: Iec1476a1b2d132c984413754129adfcb671885fb

1 files changed, 202 insertions, 0 deletions

diff --git a/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java b/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java
new file mode 100644
index 0000000..be2abe9
--- /dev/null
+++ b/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java
@@ -0,0 +1,202 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package libcore.javax.net.ssl;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import junit.framework.Assert;
+import libcore.java.security.StandardNames;
+
+/**
+ * Assertions about the default configuration of TLS/SSL primitives.
+ */
+public abstract class SSLDefaultConfigurationAsserts extends Assert {
+
+  /** Hidden constructor to prevent instantiation. */
+  private SSLDefaultConfigurationAsserts() {}
+
+  /**
+   * Asserts that the provided {@link SSLContext} has the expected default configuration.
+   */
+  public static void assertSSLContext(SSLContext sslContext) throws IOException {
+    assertDefaultSSLParametersClient(sslContext.getDefaultSSLParameters());
+    assertSupportedSSLParametersClient(sslContext.getSupportedSSLParameters());
+    assertSSLSocketFactory(sslContext.getSocketFactory());
+    assertSSLServerSocketFactory(sslContext.getServerSocketFactory());
+    assertSSLEngine(sslContext.createSSLEngine());
+    assertSSLEngine(sslContext.createSSLEngine(null, -1));
+  }
+
+  /**
+   * Asserts that the provided {@link SSLSocketFactory} has the expected default configuration.
+   */
+  public static void assertSSLSocketFactory(SSLSocketFactory sslSocketFactory) throws IOException {
+    StandardNames.assertDefaultCipherSuites(sslSocketFactory.getDefaultCipherSuites());
+    StandardNames.assertSupportedCipherSuites(sslSocketFactory.getSupportedCipherSuites());
+    assertContainsAll("Unsupported default cipher suites",
+        sslSocketFactory.getSupportedCipherSuites(),
+        sslSocketFactory.getDefaultCipherSuites());
+
+    assertSSLSocket((SSLSocket) sslSocketFactory.createSocket());
+  }
+
+  /**
+   * Asserts that the provided {@link SSLServerSocketFactory} has the expected default
+   * configuration.
+   */
+  public static void assertSSLServerSocketFactory(SSLServerSocketFactory sslServerSocketFactory)
+      throws IOException {
+    StandardNames.assertDefaultCipherSuites(sslServerSocketFactory.getDefaultCipherSuites());
+    StandardNames.assertSupportedCipherSuites(sslServerSocketFactory.getSupportedCipherSuites());
+    assertContainsAll("Unsupported default cipher suites",
+        sslServerSocketFactory.getSupportedCipherSuites(),
+        sslServerSocketFactory.getDefaultCipherSuites());
+
+    assertSSLServerSocket((SSLServerSocket) sslServerSocketFactory.createServerSocket());
+  }
+
+  /**
+   * Asserts that the provided {@link SSLSocket} has the expected default configuration.
+   */
+  public static void assertSSLSocket(SSLSocket sslSocket) {
+    assertSSLParametersClient(sslSocket.getSSLParameters());
+
+    StandardNames.assertDefaultCipherSuites(sslSocket.getEnabledCipherSuites());
+    StandardNames.assertSupportedCipherSuites(sslSocket.getSupportedCipherSuites());
+    assertContainsAll("Unsupported enabled cipher suites",
+        sslSocket.getSupportedCipherSuites(),
+        sslSocket.getEnabledCipherSuites());
+
+    StandardNames.assertDefaultProtocolsClient(sslSocket.getEnabledProtocols());
+    StandardNames.assertSupportedProtocols(sslSocket.getSupportedProtocols());
+    assertContainsAll("Unsupported enabled protocols",
+        sslSocket.getSupportedProtocols(),
+        sslSocket.getEnabledProtocols());
+
+    assertTrue(sslSocket.getUseClientMode());
+    assertTrue(sslSocket.getEnableSessionCreation());
+    assertFalse(sslSocket.getNeedClientAuth());
+    assertFalse(sslSocket.getWantClientAuth());
+  }
+
+  /**
+   * Asserts that the provided {@link SSLServerSocket} has the expected default configuration.
+   */
+  public static void assertSSLServerSocket(SSLServerSocket sslServerSocket) {
+    // TODO: Check SSLParameters when supported by SSLServerSocket API
+
+    StandardNames.assertDefaultCipherSuites(sslServerSocket.getEnabledCipherSuites());
+    StandardNames.assertSupportedCipherSuites(sslServerSocket.getSupportedCipherSuites());
+    assertContainsAll("Unsupported enabled cipher suites",
+        sslServerSocket.getSupportedCipherSuites(),
+        sslServerSocket.getEnabledCipherSuites());
+
+    StandardNames.assertDefaultProtocolsServer(sslServerSocket.getEnabledProtocols());
+    StandardNames.assertSupportedProtocols(sslServerSocket.getSupportedProtocols());
+    assertContainsAll("Unsupported enabled protocols",
+        sslServerSocket.getSupportedProtocols(),
+        sslServerSocket.getEnabledProtocols());
+
+    assertTrue(sslServerSocket.getEnableSessionCreation());
+    assertFalse(sslServerSocket.getNeedClientAuth());
+    assertFalse(sslServerSocket.getWantClientAuth());
+  }
+
+  /**
+   * Asserts that the provided {@link SSLEngine} has the expected default configuration.
+   */
+  public static void assertSSLEngine(SSLEngine sslEngine) {
+    assertFalse(sslEngine.getUseClientMode());
+    assertSSLEngineSSLParameters(sslEngine.getSSLParameters());
+
+    StandardNames.assertSSLEngineDefaultCipherSuites(sslEngine.getEnabledCipherSuites());
+    StandardNames.assertSSLEngineSupportedCipherSuites(sslEngine.getSupportedCipherSuites());
+    assertContainsAll("Unsupported enabled cipher suites",
+        sslEngine.getSupportedCipherSuites(),
+        sslEngine.getEnabledCipherSuites());
+
+    StandardNames.assertSSLEngineDefaultProtocols(sslEngine.getEnabledProtocols());
+    StandardNames.assertSSLEngineSupportedProtocols(sslEngine.getSupportedProtocols());
+    assertContainsAll("Unsupported enabled protocols",
+        sslEngine.getSupportedProtocols(),
+        sslEngine.getEnabledProtocols());
+
+    assertTrue(sslEngine.getEnableSessionCreation());
+    assertFalse(sslEngine.getNeedClientAuth());
+    assertFalse(sslEngine.getWantClientAuth());
+  }
+
+  /**
+   * Asserts that the provided {@link SSLParameters} describe the expected default configuration
+   * for client-side mode of operation.
+   */
+  public static void assertSSLParametersClient(SSLParameters sslParameters) {
+    assertDefaultSSLParametersClient(sslParameters);
+  }
+
+  /**
+   * Asserts that the provided default {@link SSLParameters} are as expected for client-side mode of
+   * operation.
+   */
+  private static void assertDefaultSSLParametersClient(SSLParameters sslParameters) {
+    StandardNames.assertDefaultCipherSuites(sslParameters.getCipherSuites());
+    StandardNames.assertDefaultProtocolsClient(sslParameters.getProtocols());
+    assertFalse(sslParameters.getWantClientAuth());
+    assertFalse(sslParameters.getNeedClientAuth());
+  }
+
+  /**
+   * Asserts that the provided supported {@link SSLParameters} are as expected for client-side mode
+   * of operation.
+   */
+  private static void assertSupportedSSLParametersClient(SSLParameters sslParameters) {
+    StandardNames.assertSupportedCipherSuites(sslParameters.getCipherSuites());
+    StandardNames.assertSupportedProtocols(sslParameters.getProtocols());
+    assertFalse(sslParameters.getWantClientAuth());
+    assertFalse(sslParameters.getNeedClientAuth());
+  }
+
+  /**
+   * Asserts that the provided {@link SSLParameters} has the expected default configuration for
+   * {@link SSLEngine}.
+   */
+  public static void assertSSLEngineSSLParameters(SSLParameters sslParameters) {
+    StandardNames.assertSSLEngineDefaultCipherSuites(sslParameters.getCipherSuites());
+    StandardNames.assertSSLEngineDefaultProtocols(sslParameters.getProtocols());
+    assertFalse(sslParameters.getWantClientAuth());
+    assertFalse(sslParameters.getNeedClientAuth());
+  }
+
+  /**
+   * Asserts that the {@code container} contains all the {@code elements}.
+   */
+  private static void assertContainsAll(String message, String[] container, String[] elements) {
+    Set<String> elementsNotInContainer = new HashSet<String>(Arrays.asList(elements));
+    elementsNotInContainer.removeAll(Arrays.asList(container));
+    assertEquals(message, Collections.EMPTY_SET, elementsNotInContainer);
+  }
+}