Simplify assertions about SSLEngine.

Now that the default SSLEngine implementation is backed by the same OpenSSL stack as the default SSLSocket implementation, the sets of supported/enabled cipher suites and protocols should remain the same between SSLEngine and SSLSocket. Change-Id: I1ed88f39b07950e5d8b6e2fc7d6482a034626de3
author: Alex Klyubin <klyubin@google.com> 2014-05-23 10:43:05 -0700
committer: Alex Klyubin <klyubin@google.com> 2014-05-23 10:43:05 -0700
commit: 2c8bbf4bb24657c4e71de66fd0e66ad6baad4cf5 (patch)
tree: 039ecd5837b5512a901de184f27ddd0951d5c60e /support
parent: 6167671bf318661c6d9f9f44d4ad4b14d60e9224 (diff)
download: libcore-2c8bbf4bb24657c4e71de66fd0e66ad6baad4cf5.zip
libcore-2c8bbf4bb24657c4e71de66fd0e66ad6baad4cf5.tar.gz
libcore-2c8bbf4bb24657c4e71de66fd0e66ad6baad4cf5.tar.bz2
2 files changed, 6 insertions, 78 deletions
diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java
index e37a788..d4fde94 100644
--- a/support/src/test/java/libcore/java/security/StandardNames.java
+++ b/support/src/test/java/libcore/java/security/StandardNames.java
@@ -29,7 +29,6 @@ import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Iterator;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Locale;
@@ -586,15 +585,6 @@ public final class StandardNames extends Assert {
         }
     }
 
-    public static final Set<String> SSL_SOCKET_PROTOCOLS_SSLENGINE = new HashSet<String>(SSL_SOCKET_PROTOCOLS);
-    public static final Set<String> SSL_SOCKET_PROTOCOLS_DEFAULT_SSLENGINE =
-            new HashSet<String>(SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT);
-    static {
-        if (IS_RI) {
-            SSL_SOCKET_PROTOCOLS_DEFAULT_SSLENGINE.add("SSLv2Hello");
-        }
-    }
-
     /**
      * Valid values for X509TrustManager.checkClientTrusted authType,
      * either the algorithm of the public key or UNKNOWN.
@@ -884,10 +874,6 @@ public final class StandardNames extends Assert {
                                               "SHA256",
                                               "SHA384"));
 
-    public static final List<String> CIPHER_SUITES_DEFAULT_SSLENGINE =
-            new ArrayList<String>(CIPHER_SUITES_DEFAULT);
-    public static final Set<String> CIPHER_SUITES_SSLENGINE = new HashSet<String>(CIPHER_SUITES);
-
     public static final Map<String, Class<? extends KeySpec>> PRIVATE_KEY_SPEC_CLASSES;
     public static final Map<String, Class<? extends KeySpec>> PUBLIC_KEY_SPEC_CLASSES;
     public static final Map<String, Integer> MINIMUM_KEY_SIZE;
@@ -999,32 +985,13 @@ public final class StandardNames extends Assert {
     }
 
     /**
-     * Asserts that the protocols array is non-null and that all of its contents are protocols
-     * supported by {@link javax.net.ssl.SSLEngine}.
-     */
-    public static void assertSSLEngineValidProtocols(String[] protocols) {
-        assertValidProtocols(SSL_SOCKET_PROTOCOLS_SSLENGINE, protocols);
-    }
-
-    /**
      * Asserts that the provided list of protocols matches the supported list of protocols.
-     *
-     * <p>This list may be different than the one supported by {@link javax.net.ssl.SSLEngine} --
-     * see {@link #assertSSLEngineSupportedProtocols(String[])}.
      */
     public static void assertSupportedProtocols(String[] protocols) {
         assertSupportedProtocols(SSL_SOCKET_PROTOCOLS, protocols);
     }
 
     /**
-     * Asserts that the provided list of protocols matches the supported list of protocols for
-     * {@link javax.net.ssl.SSLEngine}.
-     */
-    public static void assertSSLEngineSupportedProtocols(String[] protocols) {
-        assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_SSLENGINE, protocols);
-    }
-
-    /**
      * Asserts that the protocols array contains all the protocols enabled by default for client use
      * and no other ones.
      */
@@ -1047,8 +1014,8 @@ public final class StandardNames extends Assert {
      * {@link javax.net.ssl.SSLEngine} and no other ones.
      */
     public static void assertSSLEngineDefaultProtocols(String[] protocols) {
-        assertSSLEngineValidProtocols(protocols);
-        assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_DEFAULT_SSLENGINE, protocols);
+        assertValidProtocols(protocols);
+        assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT, protocols);
     }
 
     /**
@@ -1059,14 +1026,6 @@ public final class StandardNames extends Assert {
     }
 
     /**
-     * Asserts that the provided list of cipher suites contains only the cipher suites supported by
-     * {@link javax.net.ssl.SSLEngine}.
-     */
-    public static void assertSSLEngineValidCipherSuites(String[] cipherSuites) {
-        assertValidCipherSuites(CIPHER_SUITES_SSLENGINE, cipherSuites);
-    }
-
-    /**
      * Assert that the provided list of cipher suites matches the supported list.
      */
     public static void assertSupportedCipherSuites(String[] cipherSuites) {
@@ -1074,14 +1033,6 @@ public final class StandardNames extends Assert {
     }
 
     /**
-     * Asserts that the provided list of cipher suites matches the supported list of cipher suites
-     * for {@link javax.net.ssl.SSLEngine}.
-     */
-    public static void assertSSLEngineSupportedCipherSuites(String[] cipherSuites) {
-        assertSupportedCipherSuites(CIPHER_SUITES_SSLENGINE, cipherSuites);
-    }
-
-    /**
      * Assert cipher suites match the default list in content and priority order and contain
      * only cipher suites permitted by default.
      */
@@ -1104,29 +1055,6 @@ public final class StandardNames extends Assert {
         }
     }
 
-    /**
-     * Assert cipher suites match the default list in content and priority order and contain
-     * only cipher suites permitted by default for {@link javax.net.ssl.SSLEngine}.
-     */
-    public static void assertSSLEngineDefaultCipherSuites(String[] cipherSuites) {
-        assertSSLEngineValidCipherSuites(cipherSuites);
-        assertEquals(CIPHER_SUITES_DEFAULT_SSLENGINE, Arrays.asList(cipherSuites));
-
-        // Assert that all the cipher suites are permitted to be in the default list.
-        // This assertion is a backup for the stricter assertion above.
-        //
-        // There is no point in asserting this for the RI as it's outside of our control.
-        if (!IS_RI) {
-            List<String> disallowedDefaultCipherSuites = new ArrayList<String>();
-            for (String cipherSuite : cipherSuites) {
-                if (!isPermittedDefaultCipherSuite(cipherSuite)) {
-                    disallowedDefaultCipherSuites.add(cipherSuite);
-                }
-            }
-            assertEquals(Collections.EMPTY_LIST, disallowedDefaultCipherSuites);
-        }
-    }
-
     private static boolean isPermittedDefaultCipherSuite(String cipherSuite) {
         assertNotNull(cipherSuite);
         if (CIPHER_SUITE_SECURE_RENEGOTIATION.equals(cipherSuite)) {
diff --git a/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java b/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java
index be2abe9..d54f5e5 100644
--- a/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java
+++ b/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java
@@ -133,14 +133,14 @@ public abstract class SSLDefaultConfigurationAsserts extends Assert {
     assertFalse(sslEngine.getUseClientMode());
     assertSSLEngineSSLParameters(sslEngine.getSSLParameters());
 
-    StandardNames.assertSSLEngineDefaultCipherSuites(sslEngine.getEnabledCipherSuites());
-    StandardNames.assertSSLEngineSupportedCipherSuites(sslEngine.getSupportedCipherSuites());
+    StandardNames.assertDefaultCipherSuites(sslEngine.getEnabledCipherSuites());
+    StandardNames.assertSupportedCipherSuites(sslEngine.getSupportedCipherSuites());
     assertContainsAll("Unsupported enabled cipher suites",
         sslEngine.getSupportedCipherSuites(),
         sslEngine.getEnabledCipherSuites());
 
     StandardNames.assertSSLEngineDefaultProtocols(sslEngine.getEnabledProtocols());
-    StandardNames.assertSSLEngineSupportedProtocols(sslEngine.getSupportedProtocols());
+    StandardNames.assertSupportedProtocols(sslEngine.getSupportedProtocols());
     assertContainsAll("Unsupported enabled protocols",
         sslEngine.getSupportedProtocols(),
         sslEngine.getEnabledProtocols());
@@ -185,7 +185,7 @@ public abstract class SSLDefaultConfigurationAsserts extends Assert {
    * {@link SSLEngine}.
    */
   public static void assertSSLEngineSSLParameters(SSLParameters sslParameters) {
-    StandardNames.assertSSLEngineDefaultCipherSuites(sslParameters.getCipherSuites());
+    StandardNames.assertDefaultCipherSuites(sslParameters.getCipherSuites());
     StandardNames.assertSSLEngineDefaultProtocols(sslParameters.getProtocols());
     assertFalse(sslParameters.getWantClientAuth());
     assertFalse(sslParameters.getNeedClientAuth());
author	Alex Klyubin <klyubin@google.com>	2014-05-23 10:43:05 -0700
committer	Alex Klyubin <klyubin@google.com>	2014-05-23 10:43:05 -0700
commit	2c8bbf4bb24657c4e71de66fd0e66ad6baad4cf5 (patch)
tree	039ecd5837b5512a901de184f27ddd0951d5c60e /support
parent	6167671bf318661c6d9f9f44d4ad4b14d60e9224 (diff)
download	libcore-2c8bbf4bb24657c4e71de66fd0e66ad6baad4cf5.zip libcore-2c8bbf4bb24657c4e71de66fd0e66ad6baad4cf5.tar.gz libcore-2c8bbf4bb24657c4e71de66fd0e66ad6baad4cf5.tar.bz2