diff options
author | Kenny Root <kroot@google.com> | 2014-04-02 10:41:37 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2014-04-10 14:38:46 -0700 |
commit | 3ad1704dc8e4653f4ceaeb5d8315ddb28318a1bb (patch) | |
tree | cde7c2c5065ec05984645c701b9dd00e15e12720 /support | |
parent | 86d9e253247b530a5f234a2210450ae34ec408fb (diff) | |
download | libcore-3ad1704dc8e4653f4ceaeb5d8315ddb28318a1bb.zip libcore-3ad1704dc8e4653f4ceaeb5d8315ddb28318a1bb.tar.gz libcore-3ad1704dc8e4653f4ceaeb5d8315ddb28318a1bb.tar.bz2 |
Update SSLEngineTest for RI
The RI now supports TLSv1.2 with SSLEngine, so update all the
expectations for their tests. It also appears to disable "weak"
algorithms when you select TLSv1.2.
Change-Id: I564283bb4945d3b71bee0f89c93c6dd6e238b4f8
Diffstat (limited to 'support')
4 files changed, 41 insertions, 15 deletions
diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java index 74263f6..a14de53 100644 --- a/support/src/test/java/libcore/java/security/StandardNames.java +++ b/support/src/test/java/libcore/java/security/StandardNames.java @@ -583,12 +583,6 @@ public final class StandardNames extends Assert { * do to disable general use of SSLv2. */ SSL_SOCKET_PROTOCOLS.add("SSLv2Hello"); - - // RI doesn't support these by default. - SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT.remove("TLSv1.1"); - SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT.remove("TLSv1.2"); - SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT.remove("TLSv1.1"); - SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT.remove("TLSv1.2"); } } @@ -596,12 +590,8 @@ public final class StandardNames extends Assert { public static final Set<String> SSL_SOCKET_PROTOCOLS_DEFAULT_SSLENGINE = new HashSet<String>(SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT); static { - // No TLSv1.1 or TLSv1.2 support on SSLEngine based provider - if (!IS_RI) { - SSL_SOCKET_PROTOCOLS_SSLENGINE.remove("TLSv1.1"); - SSL_SOCKET_PROTOCOLS_SSLENGINE.remove("TLSv1.2"); - SSL_SOCKET_PROTOCOLS_DEFAULT_SSLENGINE.remove("TLSv1.1"); - SSL_SOCKET_PROTOCOLS_DEFAULT_SSLENGINE.remove("TLSv1.2"); + if (IS_RI) { + SSL_SOCKET_PROTOCOLS_DEFAULT_SSLENGINE.add("SSLv2Hello"); } } @@ -790,16 +780,47 @@ public final class StandardNames extends Assert { CIPHER_SUITES = (IS_RI) ? CIPHER_SUITES_RI : CIPHER_SUITES_OPENSSL; } + /** + * Cipher suites that are not negotiated when TLSv1.2 is selected on the RI. + */ + public static final List<String> CIPHER_SUITES_OBSOLETE_TLS12 = + Arrays.asList( + "SSL_RSA_WITH_DES_CBC_SHA", + "SSL_DHE_RSA_WITH_DES_CBC_SHA", + "SSL_DHE_DSS_WITH_DES_CBC_SHA", + "SSL_DH_anon_WITH_DES_CBC_SHA", + "SSL_RSA_EXPORT_WITH_RC4_40_MD5", + "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", + "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA" + ); + // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and // javax.net.ssl.SSLEngine. public static final List<String> CIPHER_SUITES_DEFAULT = (IS_RI) - ? Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + ? Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "TLS_RSA_WITH_AES_256_CBC_SHA256", + "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "TLS_RSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", diff --git a/support/src/test/java/libcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java b/support/src/test/java/libcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java index fd5cc0b..ce40129 100644 --- a/support/src/test/java/libcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java +++ b/support/src/test/java/libcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java @@ -21,6 +21,7 @@ import java.security.GeneralSecurityException; import java.security.KeyFactory; import java.security.KeyPairGenerator; import java.security.PrivateKey; +import java.security.interfaces.ECPrivateKey; import java.security.spec.DSAParameterSpec; import java.security.spec.DSAPrivateKeySpec; import java.security.spec.RSAPrivateKeySpec; @@ -71,6 +72,10 @@ public class RandomPrivateKeyX509ExtendedKeyManager extends ForwardingX509Extend keyPairGenerator.initialize(new DSAParameterSpec( originalKeySpec.getP(), originalKeySpec.getQ(), originalKeySpec.getG())); result = keyPairGenerator.generateKeyPair().getPrivate(); + } else if ("EC".equals(keyAlgorithm)) { + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlgorithm); + keyPairGenerator.initialize(((ECPrivateKey) originalPrivateKey).getParams()); + result = keyPairGenerator.generateKeyPair().getPrivate(); } else { Assert.fail("Unsupported key algorithm: " + originalPrivateKey.getAlgorithm()); result = null; diff --git a/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java b/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java index 64c8ccb..9793d9a 100644 --- a/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java +++ b/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java @@ -141,7 +141,7 @@ public final class TestSSLContext extends Assert { * TestSSLContext creation method that allows separate creation of server key store */ public static TestSSLContext create(TestKeyStore client, TestKeyStore server) { - String protocol = "TLS"; + String protocol = "TLSv1.2"; SSLContext clientContext = createSSLContext(protocol, client.keyManagers, client.trustManagers); SSLContext serverContext = diff --git a/support/src/test/java/libcore/javax/net/ssl/TestSSLEnginePair.java b/support/src/test/java/libcore/javax/net/ssl/TestSSLEnginePair.java index b6efdeb..5feedb3 100644 --- a/support/src/test/java/libcore/javax/net/ssl/TestSSLEnginePair.java +++ b/support/src/test/java/libcore/javax/net/ssl/TestSSLEnginePair.java @@ -73,7 +73,7 @@ public final class TestSSLEnginePair extends Assert { int applicationBufferSize = session.getApplicationBufferSize(); ByteBuffer scratch = ByteBuffer.allocate(applicationBufferSize); - SSLEngine client = c.clientContext.createSSLEngine(); + SSLEngine client = c.clientContext.createSSLEngine(c.host.getHostName(), c.port); SSLEngine server = c.serverContext.createSSLEngine(); client.setUseClientMode(true); server.setUseClientMode(false); |