am fe1f3d77: am 11708986: am b00f46fc: am 23b3ea3a: am e496d90d: am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev

* commit 'fe1f3d7795d9a5bdef327bd7796004bff5da7dbf':
  SSLEngine: Test that server params are verified

2 files changed, 161 insertions, 0 deletions

diff --git a/support/src/test/java/libcore/javax/net/ssl/ForwardingX509ExtendedKeyManager.java b/support/src/test/java/libcore/javax/net/ssl/ForwardingX509ExtendedKeyManager.java
new file mode 100644
index 0000000..e901d34
--- /dev/null
+++ b/support/src/test/java/libcore/javax/net/ssl/ForwardingX509ExtendedKeyManager.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package libcore.javax.net.ssl;
+
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedKeyManager;
+
+/**
+ * {@link X509ExtendedKeyManager} which delegates all calls to the provided
+ * {@code X509ExtendedKeyManager} instance.
+ */
+public class ForwardingX509ExtendedKeyManager extends X509ExtendedKeyManager {
+  private final X509ExtendedKeyManager delegate;
+
+  public ForwardingX509ExtendedKeyManager(X509ExtendedKeyManager delegate) {
+    this.delegate = delegate;
+  }
+
+  @Override
+  public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
+    return delegate.chooseClientAlias(keyType, issuers, socket);
+  }
+
+  @Override
+  public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
+    return delegate.chooseServerAlias(keyType, issuers, socket);
+  }
+
+  @Override
+  public X509Certificate[] getCertificateChain(String alias) {
+    return delegate.getCertificateChain(alias);
+  }
+
+  @Override
+  public String[] getClientAliases(String keyType, Principal[] issuers) {
+    return delegate.getClientAliases(keyType, issuers);
+  }
+
+  @Override
+  public String[] getServerAliases(String keyType, Principal[] issuers) {
+    return delegate.getServerAliases(keyType, issuers);
+  }
+
+  @Override
+  public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) {
+    return delegate.chooseEngineClientAlias(keyType, issuers, engine);
+  }
+
+  @Override
+  public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) {
+    return delegate.chooseEngineServerAlias(keyType, issuers, engine);
+  }
+
+  @Override
+  public PrivateKey getPrivateKey(String alias) {
+    return delegate.getPrivateKey(alias);
+  }
+}
diff --git a/support/src/test/java/libcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java b/support/src/test/java/libcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java
new file mode 100644
index 0000000..fd5cc0b
--- /dev/null
+++ b/support/src/test/java/libcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package libcore.javax.net.ssl;
+
+import junit.framework.Assert;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.spec.DSAParameterSpec;
+import java.security.spec.DSAPrivateKeySpec;
+import java.security.spec.RSAPrivateKeySpec;
+import java.util.HashMap;
+import java.util.Map;
+import javax.net.ssl.X509ExtendedKeyManager;
+
+/**
+ * {@link X509ExtendedKeyManager} which forwards all calls to a delegate while substituting
+ * the returned private key with its own randomly generated keys of the same type (and parameters).
+ */
+public class RandomPrivateKeyX509ExtendedKeyManager extends ForwardingX509ExtendedKeyManager {
+
+  private final Map<String, PrivateKey> cachedKeys = new HashMap<String, PrivateKey>();
+
+  public RandomPrivateKeyX509ExtendedKeyManager(X509ExtendedKeyManager delegate) {
+    super(delegate);
+  }
+
+  @Override
+  public PrivateKey getPrivateKey(String alias) {
+    PrivateKey originalPrivateKey = super.getPrivateKey(alias);
+    if (originalPrivateKey == null) {
+      return null;
+    }
+
+    PrivateKey result;
+    String keyAlgorithm = originalPrivateKey.getAlgorithm();
+    try {
+      KeyFactory keyFactory = KeyFactory.getInstance(keyAlgorithm);
+      if ("RSA".equals(keyAlgorithm)) {
+        RSAPrivateKeySpec originalKeySpec =
+            keyFactory.getKeySpec(originalPrivateKey, RSAPrivateKeySpec.class);
+        int keyLengthBits = originalKeySpec.getModulus().bitLength();
+        // Use a cache because RSA key generation is slow.
+        String cacheKey = keyAlgorithm + "-" + keyLengthBits;
+        result = cachedKeys.get(cacheKey);
+        if (result == null) {
+          KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlgorithm);
+          keyPairGenerator.initialize(keyLengthBits);
+          result = keyPairGenerator.generateKeyPair().getPrivate();
+          cachedKeys.put(cacheKey, result);
+        }
+      } else if ("DSA".equals(keyAlgorithm)) {
+        DSAPrivateKeySpec originalKeySpec =
+            keyFactory.getKeySpec(originalPrivateKey, DSAPrivateKeySpec.class);
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlgorithm);
+        keyPairGenerator.initialize(new DSAParameterSpec(
+            originalKeySpec.getP(), originalKeySpec.getQ(), originalKeySpec.getG()));
+        result = keyPairGenerator.generateKeyPair().getPrivate();
+      } else {
+        Assert.fail("Unsupported key algorithm: " + originalPrivateKey.getAlgorithm());
+        result = null;
+      }
+    } catch (GeneralSecurityException e) {
+      Assert.fail("Failed to generate private key: " + e);
+      result = null;
+    }
+
+    return result;
+  }
+}