Update SSLEngineTest for RI

The RI now supports TLSv1.2 with SSLEngine, so update all the
expectations for their tests. It also appears to disable "weak"
algorithms when you select TLSv1.2.

Change-Id: I564283bb4945d3b71bee0f89c93c6dd6e238b4f8

4 files changed, 41 insertions, 15 deletions

diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java
index 74263f6..a14de53 100644
--- a/support/src/test/java/libcore/java/security/StandardNames.java
+++ b/support/src/test/java/libcore/java/security/StandardNames.java
@@ -583,12 +583,6 @@ public final class StandardNames extends Assert {
              * do to disable general use of SSLv2.
              */
             SSL_SOCKET_PROTOCOLS.add("SSLv2Hello");
-
-            // RI doesn't support these by default.
-            SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT.remove("TLSv1.1");
-            SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT.remove("TLSv1.2");
-            SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT.remove("TLSv1.1");
-            SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT.remove("TLSv1.2");
         }
     }
 
@@ -596,12 +590,8 @@ public final class StandardNames extends Assert {
     public static final Set<String> SSL_SOCKET_PROTOCOLS_DEFAULT_SSLENGINE =
             new HashSet<String>(SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT);
     static {
-        // No TLSv1.1 or TLSv1.2 support on SSLEngine based provider
-        if (!IS_RI) {
-            SSL_SOCKET_PROTOCOLS_SSLENGINE.remove("TLSv1.1");
-            SSL_SOCKET_PROTOCOLS_SSLENGINE.remove("TLSv1.2");
-            SSL_SOCKET_PROTOCOLS_DEFAULT_SSLENGINE.remove("TLSv1.1");
-            SSL_SOCKET_PROTOCOLS_DEFAULT_SSLENGINE.remove("TLSv1.2");
+        if (IS_RI) {
+            SSL_SOCKET_PROTOCOLS_DEFAULT_SSLENGINE.add("SSLv2Hello");
         }
     }
 
@@ -790,16 +780,47 @@ public final class StandardNames extends Assert {
         CIPHER_SUITES = (IS_RI) ? CIPHER_SUITES_RI : CIPHER_SUITES_OPENSSL;
     }
 
+    /**
+     * Cipher suites that are not negotiated when TLSv1.2 is selected on the RI.
+     */
+    public static final List<String> CIPHER_SUITES_OBSOLETE_TLS12 =
+            Arrays.asList(
+                    "SSL_RSA_WITH_DES_CBC_SHA",
+                    "SSL_DHE_RSA_WITH_DES_CBC_SHA",
+                    "SSL_DHE_DSS_WITH_DES_CBC_SHA",
+                    "SSL_DH_anon_WITH_DES_CBC_SHA",
+                    "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
+                    "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
+                    "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
+                    "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+                    "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+                    "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"
+            );
+
     // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and
     // javax.net.ssl.SSLEngine.
     public static final List<String> CIPHER_SUITES_DEFAULT = (IS_RI)
-            ? Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+            ? Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+                            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+                            "TLS_RSA_WITH_AES_256_CBC_SHA256",
+                            "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
+                            "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
+                            "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+                            "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
+                            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
                             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
                             "TLS_RSA_WITH_AES_256_CBC_SHA",
                             "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
                             "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
                             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
                             "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+                            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+                            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+                            "TLS_RSA_WITH_AES_128_CBC_SHA256",
+                            "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
+                            "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
+                            "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+                            "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
                             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
                             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
                             "TLS_RSA_WITH_AES_128_CBC_SHA",
diff --git a/support/src/test/java/libcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java b/support/src/test/java/libcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java
index fd5cc0b..ce40129 100644
--- a/support/src/test/java/libcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java
+++ b/support/src/test/java/libcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java
@@ -21,6 +21,7 @@ import java.security.GeneralSecurityException;
 import java.security.KeyFactory;
 import java.security.KeyPairGenerator;
 import java.security.PrivateKey;
+import java.security.interfaces.ECPrivateKey;
 import java.security.spec.DSAParameterSpec;
 import java.security.spec.DSAPrivateKeySpec;
 import java.security.spec.RSAPrivateKeySpec;
@@ -71,6 +72,10 @@ public class RandomPrivateKeyX509ExtendedKeyManager extends ForwardingX509Extend
         keyPairGenerator.initialize(new DSAParameterSpec(
             originalKeySpec.getP(), originalKeySpec.getQ(), originalKeySpec.getG()));
         result = keyPairGenerator.generateKeyPair().getPrivate();
+      } else if ("EC".equals(keyAlgorithm)) {
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlgorithm);
+        keyPairGenerator.initialize(((ECPrivateKey) originalPrivateKey).getParams());
+        result = keyPairGenerator.generateKeyPair().getPrivate();
       } else {
         Assert.fail("Unsupported key algorithm: " + originalPrivateKey.getAlgorithm());
         result = null;
diff --git a/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java b/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java
index 64c8ccb..9793d9a 100644
--- a/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java
+++ b/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java
@@ -141,7 +141,7 @@ public final class TestSSLContext extends Assert {
      * TestSSLContext creation method that allows separate creation of server key store
      */
     public static TestSSLContext create(TestKeyStore client, TestKeyStore server) {
-        String protocol = "TLS";
+        String protocol = "TLSv1.2";
         SSLContext clientContext =
                 createSSLContext(protocol, client.keyManagers, client.trustManagers);
         SSLContext serverContext =
diff --git a/support/src/test/java/libcore/javax/net/ssl/TestSSLEnginePair.java b/support/src/test/java/libcore/javax/net/ssl/TestSSLEnginePair.java
index b6efdeb..5feedb3 100644
--- a/support/src/test/java/libcore/javax/net/ssl/TestSSLEnginePair.java
+++ b/support/src/test/java/libcore/javax/net/ssl/TestSSLEnginePair.java
@@ -73,7 +73,7 @@ public final class TestSSLEnginePair extends Assert {
         int applicationBufferSize = session.getApplicationBufferSize();
         ByteBuffer scratch = ByteBuffer.allocate(applicationBufferSize);
 
-        SSLEngine client = c.clientContext.createSSLEngine();
+        SSLEngine client = c.clientContext.createSSLEngine(c.host.getHostName(), c.port);
         SSLEngine server = c.serverContext.createSSLEngine();
         client.setUseClientMode(true);
         server.setUseClientMode(false);