diff options
9 files changed, 262 insertions, 249 deletions
diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java index d8d9fab..533849c 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java @@ -26,7 +26,6 @@ import java.security.Security; import java.security.UnrecoverableKeyException; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; import java.util.List; import java.util.concurrent.Callable; import libcore.io.IoUtils; @@ -82,14 +81,14 @@ public class SSLContextTest extends TestCase { } public void test_SSLContext_defaultConfiguration() throws Exception { - SSLDefaultConfigurationAsserts.assertSSLContext(SSLContext.getDefault()); + SSLConfigurationAsserts.assertSSLContextDefaultConfiguration(SSLContext.getDefault()); for (String protocol : StandardNames.SSL_CONTEXT_PROTOCOLS) { SSLContext sslContext = SSLContext.getInstance(protocol); if (!protocol.equals(StandardNames.SSL_CONTEXT_PROTOCOLS_DEFAULT)) { sslContext.init(null, null, null); } - SSLDefaultConfigurationAsserts.assertSSLContext(sslContext); + SSLConfigurationAsserts.assertSSLContextDefaultConfiguration(sslContext); } } diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java index fb7e0c9..5239977 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java @@ -65,7 +65,7 @@ public class SSLEngineTest extends TestCase { } public void test_SSLEngine_defaultConfiguration() throws Exception { - SSLDefaultConfigurationAsserts.assertSSLEngine( + SSLConfigurationAsserts.assertSSLEngineDefaultConfiguration( TestSSLContext.create().clientContext.createSSLEngine()); } diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketFactoryTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketFactoryTest.java index ea9c3f0..cda1fb8 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketFactoryTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketFactoryTest.java @@ -22,7 +22,7 @@ import junit.framework.TestCase; public class SSLServerSocketFactoryTest extends TestCase { public void testDefaultConfiguration() throws Exception { - SSLDefaultConfigurationAsserts.assertSSLServerSocketFactory( + SSLConfigurationAsserts.assertSSLServerSocketFactoryDefaultConfiguration( (SSLServerSocketFactory) SSLServerSocketFactory.getDefault()); } } diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketTest.java index 59c44c1..d2c0f48 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLServerSocketTest.java @@ -24,7 +24,7 @@ import java.util.Arrays; public class SSLServerSocketTest extends TestCase { public void testDefaultConfiguration() throws Exception { - SSLDefaultConfigurationAsserts.assertSSLServerSocket( + SSLConfigurationAsserts.assertSSLServerSocketDefaultConfiguration( (SSLServerSocket) SSLServerSocketFactory.getDefault().createServerSocket()); } diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketFactoryTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketFactoryTest.java index acf69c0..83b690b 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketFactoryTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketFactoryTest.java @@ -210,7 +210,7 @@ public class SSLSocketFactoryTest extends TestCase { } public void test_SSLSocketFactory_defaultConfiguration() throws Exception { - SSLDefaultConfigurationAsserts.assertSSLSocketFactory( + SSLConfigurationAsserts.assertSSLSocketFactoryDefaultConfiguration( (SSLSocketFactory) SSLSocketFactory.getDefault()); } diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java index 742051d..abf8c89 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java @@ -73,7 +73,7 @@ import libcore.tlswire.record.TlsRecord; public class SSLSocketTest extends TestCase { public void test_SSLSocket_defaultConfiguration() throws Exception { - SSLDefaultConfigurationAsserts.assertSSLSocket( + SSLConfigurationAsserts.assertSSLSocketDefaultConfiguration( (SSLSocket) SSLSocketFactory.getDefault().createSocket()); } diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java index c28a841..208adab 100644 --- a/support/src/test/java/libcore/java/security/StandardNames.java +++ b/support/src/test/java/libcore/java/security/StandardNames.java @@ -556,6 +556,7 @@ public final class StandardNames extends Assert { provideSslContextEnabledProtocols("TLSv1", TLSVersion.SSLv3, TLSVersion.TLSv1); provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.SSLv3, TLSVersion.TLSv11); provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.SSLv3, TLSVersion.TLSv12); + provideSslContextEnabledProtocols("Default", TLSVersion.SSLv3, TLSVersion.TLSv1); } else { provideSslContextEnabledProtocols("SSL", TLSVersion.SSLv3, TLSVersion.TLSv12); provideSslContextEnabledProtocols("SSLv3", TLSVersion.SSLv3, TLSVersion.TLSv12); @@ -563,6 +564,7 @@ public final class StandardNames extends Assert { provideSslContextEnabledProtocols("TLSv1", TLSVersion.TLSv1, TLSVersion.TLSv12); provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.TLSv1, TLSVersion.TLSv12); provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.TLSv1, TLSVersion.TLSv12); + provideSslContextEnabledProtocols("Default", TLSVersion.TLSv1, TLSVersion.TLSv12); } } @@ -989,7 +991,8 @@ public final class StandardNames extends Assert { * suites in a test for those that want to verify separately that * all cipher suites were included. */ - public static Set<String> assertValidCipherSuites(Set<String> expected, String[] cipherSuites) { + private static Set<String> assertValidCipherSuites( + Set<String> expected, String[] cipherSuites) { assertNotNull(cipherSuites); assertTrue(cipherSuites.length != 0); @@ -1011,7 +1014,7 @@ public final class StandardNames extends Assert { * assertSupportedCipherSuites additionally verifies that all * supported cipher suites where in the input array. */ - public static void assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites) { + private static void assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites) { Set<String> remainingCipherSuites = assertValidCipherSuites(expected, cipherSuites); assertEquals("Missing cipher suites", Collections.EMPTY_SET, remainingCipherSuites); assertEquals(expected.size(), cipherSuites.length); @@ -1024,7 +1027,7 @@ public final class StandardNames extends Assert { * those that want to verify separately that all protocols were * included. */ - public static Set<String> assertValidProtocols(Set<String> expected, String[] protocols) { + private static Set<String> assertValidProtocols(Set<String> expected, String[] protocols) { assertNotNull(protocols); assertTrue(protocols.length != 0); @@ -1045,21 +1048,13 @@ public final class StandardNames extends Assert { * assertSupportedProtocols additionally verifies that all * supported protocols where in the input array. */ - public static void assertSupportedProtocols(Set<String> expected, String[] protocols) { + private static void assertSupportedProtocols(Set<String> expected, String[] protocols) { Set<String> remainingProtocols = assertValidProtocols(expected, protocols); assertEquals("Missing protocols", Collections.EMPTY_SET, remainingProtocols); assertEquals(expected.size(), protocols.length); } /** - * Asserts that the protocols array is non-null and that all of its contents are supported - * protocols. - */ - public static void assertValidProtocols(String[] protocols) { - assertValidProtocols(SSL_SOCKET_PROTOCOLS, protocols); - } - - /** * Asserts that the provided list of protocols matches the supported list of protocols. */ public static void assertSupportedProtocols(String[] protocols) { @@ -1067,33 +1062,6 @@ public final class StandardNames extends Assert { } /** - * Asserts that the protocols array contains all the protocols enabled by default for client use - * and no other ones. - */ - public static void assertDefaultProtocolsClient(String[] protocols) { - assertValidProtocols(protocols); - assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT, protocols); - } - - /** - * Asserts that the protocols array contains all the protocols enabled by default for server use - * and no other ones. - */ - public static void assertDefaultProtocolsServer(String[] protocols) { - assertValidProtocols(protocols); - assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT, protocols); - } - - /** - * Asserts that the protocols array contains all the protocols enabled by default for - * {@link javax.net.ssl.SSLEngine} and no other ones. - */ - public static void assertSSLEngineDefaultProtocols(String[] protocols) { - assertValidProtocols(protocols); - assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT, protocols); - } - - /** * Assert that the provided list of cipher suites contains only the supported cipher suites. */ public static void assertValidCipherSuites(String[] cipherSuites) { diff --git a/support/src/test/java/libcore/javax/net/ssl/SSLConfigurationAsserts.java b/support/src/test/java/libcore/javax/net/ssl/SSLConfigurationAsserts.java new file mode 100644 index 0000000..bdaad65 --- /dev/null +++ b/support/src/test/java/libcore/javax/net/ssl/SSLConfigurationAsserts.java @@ -0,0 +1,248 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package libcore.javax.net.ssl; + +import junit.framework.Assert; +import libcore.java.security.StandardNames; +import java.io.IOException; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + +/** + * Assertions about the configuration of TLS/SSL primitives. + */ +public class SSLConfigurationAsserts extends Assert { + + /** Hidden constructor to prevent instantiation. */ + private SSLConfigurationAsserts() {} + + /** + * Asserts that the provided {@link SSLContext} has the expected default configuration, and that + * {@link SSLSocketFactory}, {@link SSLServerSocketFactory}, {@link SSLSocket}, + * {@link SSLServerSocket} and {@link SSLEngine} instances created from the context match the + * configuration. + */ + public static void assertSSLContextDefaultConfiguration(SSLContext sslContext) + throws IOException { + SSLParameters defaultParameters = sslContext.getDefaultSSLParameters(); + StandardNames.assertSSLContextEnabledProtocols(sslContext.getProtocol(), + defaultParameters.getProtocols()); + StandardNames.assertDefaultCipherSuites(defaultParameters.getCipherSuites()); + assertFalse(defaultParameters.getWantClientAuth()); + assertFalse(defaultParameters.getNeedClientAuth()); + + SSLParameters supportedParameters = sslContext.getSupportedSSLParameters(); + StandardNames.assertSupportedCipherSuites(supportedParameters.getCipherSuites()); + StandardNames.assertSupportedProtocols(supportedParameters.getProtocols()); + assertFalse(supportedParameters.getWantClientAuth()); + assertFalse(supportedParameters.getNeedClientAuth()); + + assertContainsAll("Unsupported enabled cipher suites", supportedParameters.getCipherSuites(), + defaultParameters.getCipherSuites()); + assertContainsAll("Unsupported enabled protocols", supportedParameters.getProtocols(), + defaultParameters.getProtocols()); + + assertSSLSocketFactoryConfigSameAsSSLContext(sslContext.getSocketFactory(), sslContext); + assertSSLServerSocketFactoryConfigSameAsSSLContext(sslContext.getServerSocketFactory(), + sslContext); + + SSLEngine sslEngine = sslContext.createSSLEngine(); + assertFalse(sslEngine.getUseClientMode()); + assertSSLEngineConfigSameAsSSLContext(sslEngine, sslContext); + } + + /** + * Asserts that the provided {@link SSLSocketFactory} has the expected default configuration and + * that {@link SSLSocket} instances created by the factory match the configuration. + */ + public static void assertSSLSocketFactoryDefaultConfiguration( + SSLSocketFactory sslSocketFactory) throws Exception { + assertSSLSocketFactoryConfigSameAsSSLContext(sslSocketFactory, + SSLContext.getDefault()); + } + + /** + * Asserts that {@link SSLSocketFactory}'s configuration matches {@code SSLContext}'s + * configuration, and that {@link SSLSocket} instances obtained from the factory match this + * configuration as well. + */ + private static void assertSSLSocketFactoryConfigSameAsSSLContext( + SSLSocketFactory sslSocketFactory, SSLContext sslContext) throws IOException { + assertCipherSuitesEqual(sslContext.getDefaultSSLParameters().getCipherSuites(), + sslSocketFactory.getDefaultCipherSuites()); + assertCipherSuitesEqual(sslContext.getSupportedSSLParameters().getCipherSuites(), + sslSocketFactory.getSupportedCipherSuites()); + + try (SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket()) { + assertTrue(sslSocket.getUseClientMode()); + assertTrue(sslSocket.getEnableSessionCreation()); + assertSSLSocketConfigSameAsSSLContext(sslSocket, sslContext); + } + } + + /** + * Asserts that the provided {@link SSLSocket} has the expected default configuration. + */ + public static void assertSSLSocketDefaultConfiguration(SSLSocket sslSocket) throws Exception { + assertTrue(sslSocket.getUseClientMode()); + assertTrue(sslSocket.getEnableSessionCreation()); + assertSSLSocketConfigSameAsSSLContext(sslSocket, SSLContext.getDefault()); + } + + /** + * Asserts that {@link SSLSocket}'s configuration matches {@code SSLContext's} configuration. + */ + private static void assertSSLSocketConfigSameAsSSLContext(SSLSocket sslSocket, + SSLContext sslContext) { + assertSSLParametersEqual(sslSocket.getSSLParameters(), sslContext.getDefaultSSLParameters()); + assertCipherSuitesEqual(sslSocket.getEnabledCipherSuites(), + sslContext.getDefaultSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslSocket.getEnabledProtocols(), + sslContext.getDefaultSSLParameters().getProtocols()); + + assertCipherSuitesEqual(sslSocket.getSupportedCipherSuites(), + sslContext.getSupportedSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslSocket.getSupportedProtocols(), + sslContext.getSupportedSSLParameters().getProtocols()); + } + + /** + * Asserts that the provided {@link SSLServerSocketFactory} has the expected default + * configuration, and that {@link SSLServerSocket} instances created by the factory match the + * configuration. + */ + public static void assertSSLServerSocketFactoryDefaultConfiguration( + SSLServerSocketFactory sslServerSocketFactory) throws Exception { + assertSSLServerSocketFactoryConfigSameAsSSLContext(sslServerSocketFactory, + SSLContext.getDefault()); + } + + /** + * Asserts that {@link SSLServerSocketFactory}'s configuration matches {@code SSLContext}'s + * configuration, and that {@link SSLServerSocket} instances obtained from the factory match this + * configuration as well. + */ + private static void assertSSLServerSocketFactoryConfigSameAsSSLContext( + SSLServerSocketFactory sslServerSocketFactory, SSLContext sslContext) throws IOException { + assertCipherSuitesEqual(sslContext.getDefaultSSLParameters().getCipherSuites(), + sslServerSocketFactory.getDefaultCipherSuites()); + assertCipherSuitesEqual(sslContext.getSupportedSSLParameters().getCipherSuites(), + sslServerSocketFactory.getSupportedCipherSuites()); + try (SSLServerSocket sslServerSocket = + (SSLServerSocket) sslServerSocketFactory.createServerSocket()) { + assertFalse(sslServerSocket.getUseClientMode()); + assertTrue(sslServerSocket.getEnableSessionCreation()); + assertSSLServerSocketConfigSameAsSSLContext(sslServerSocket, sslContext); + } + } + + /** + * Asserts that the provided {@link SSLServerSocket} has the expected default configuration. + */ + public static void assertSSLServerSocketDefaultConfiguration(SSLServerSocket sslServerSocket) + throws Exception { + assertFalse(sslServerSocket.getUseClientMode()); + assertTrue(sslServerSocket.getEnableSessionCreation()); + assertSSLServerSocketConfigSameAsSSLContext(sslServerSocket, SSLContext.getDefault()); + // TODO: Check SSLParameters when supported by SSLServerSocket API + } + + /** + * Asserts that {@link SSLServerSocket}'s configuration matches {@code SSLContext's} + * configuration. + */ + private static void assertSSLServerSocketConfigSameAsSSLContext(SSLServerSocket sslServerSocket, + SSLContext sslContext) { + assertCipherSuitesEqual(sslServerSocket.getEnabledCipherSuites(), + sslContext.getDefaultSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslServerSocket.getEnabledProtocols(), + sslContext.getDefaultSSLParameters().getProtocols()); + + assertCipherSuitesEqual(sslServerSocket.getSupportedCipherSuites(), + sslContext.getSupportedSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslServerSocket.getSupportedProtocols(), + sslContext.getSupportedSSLParameters().getProtocols()); + + assertEquals(sslServerSocket.getNeedClientAuth(), + sslContext.getDefaultSSLParameters().getNeedClientAuth()); + assertEquals(sslServerSocket.getWantClientAuth(), + sslContext.getDefaultSSLParameters().getWantClientAuth()); + } + + /** + * Asserts that the provided {@link SSLEngine} has the expected default configuration. + */ + public static void assertSSLEngineDefaultConfiguration(SSLEngine sslEngine) throws Exception { + assertFalse(sslEngine.getUseClientMode()); + assertTrue(sslEngine.getEnableSessionCreation()); + assertSSLEngineConfigSameAsSSLContext(sslEngine, SSLContext.getDefault()); + } + + /** + * Asserts that {@link SSLEngine}'s configuration matches {@code SSLContext's} configuration. + */ + private static void assertSSLEngineConfigSameAsSSLContext(SSLEngine sslEngine, + SSLContext sslContext) { + assertSSLParametersEqual(sslEngine.getSSLParameters(), sslContext.getDefaultSSLParameters()); + assertCipherSuitesEqual(sslEngine.getEnabledCipherSuites(), + sslContext.getDefaultSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslEngine.getEnabledProtocols(), + sslContext.getDefaultSSLParameters().getProtocols()); + + assertCipherSuitesEqual(sslEngine.getSupportedCipherSuites(), + sslContext.getSupportedSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslEngine.getSupportedProtocols(), + sslContext.getSupportedSSLParameters().getProtocols()); + } + + private static void assertSSLParametersEqual(SSLParameters expected, SSLParameters actual) { + assertCipherSuitesEqual(expected.getCipherSuites(), actual.getCipherSuites()); + assertProtocolsEqual(expected.getProtocols(), actual.getProtocols()); + assertEquals(expected.getNeedClientAuth(), actual.getNeedClientAuth()); + assertEquals(expected.getWantClientAuth(), actual.getWantClientAuth()); + } + + private static void assertCipherSuitesEqual(String[] expected, String[] actual) { + assertEquals(Arrays.asList(expected), Arrays.asList(actual)); + } + + private static void assertProtocolsEqual(String[] expected, String[] actual) { + // IMPLEMENTATION NOTE: The order of protocols versions does not matter. Similarly, it only + // matters whether a protocol version is present or absent in the array. These arrays are + // supposed to represent sets of protocol versions. Thus, we treat them as such. + assertEquals(new HashSet<String>(Arrays.asList(expected)), + new HashSet<String>(Arrays.asList(actual))); + } + + /** + * Asserts that the {@code container} contains all the {@code elements}. + */ + private static void assertContainsAll(String message, String[] container, String[] elements) { + Set<String> elementsNotInContainer = new HashSet<String>(Arrays.asList(elements)); + elementsNotInContainer.removeAll(Arrays.asList(container)); + assertEquals(message, Collections.EMPTY_SET, elementsNotInContainer); + } +} diff --git a/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java b/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java deleted file mode 100644 index d54f5e5..0000000 --- a/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Copyright (C) 2013 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package libcore.javax.net.ssl; - -import java.io.IOException; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLParameters; -import javax.net.ssl.SSLServerSocket; -import javax.net.ssl.SSLServerSocketFactory; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; -import junit.framework.Assert; -import libcore.java.security.StandardNames; - -/** - * Assertions about the default configuration of TLS/SSL primitives. - */ -public abstract class SSLDefaultConfigurationAsserts extends Assert { - - /** Hidden constructor to prevent instantiation. */ - private SSLDefaultConfigurationAsserts() {} - - /** - * Asserts that the provided {@link SSLContext} has the expected default configuration. - */ - public static void assertSSLContext(SSLContext sslContext) throws IOException { - assertDefaultSSLParametersClient(sslContext.getDefaultSSLParameters()); - assertSupportedSSLParametersClient(sslContext.getSupportedSSLParameters()); - assertSSLSocketFactory(sslContext.getSocketFactory()); - assertSSLServerSocketFactory(sslContext.getServerSocketFactory()); - assertSSLEngine(sslContext.createSSLEngine()); - assertSSLEngine(sslContext.createSSLEngine(null, -1)); - } - - /** - * Asserts that the provided {@link SSLSocketFactory} has the expected default configuration. - */ - public static void assertSSLSocketFactory(SSLSocketFactory sslSocketFactory) throws IOException { - StandardNames.assertDefaultCipherSuites(sslSocketFactory.getDefaultCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslSocketFactory.getSupportedCipherSuites()); - assertContainsAll("Unsupported default cipher suites", - sslSocketFactory.getSupportedCipherSuites(), - sslSocketFactory.getDefaultCipherSuites()); - - assertSSLSocket((SSLSocket) sslSocketFactory.createSocket()); - } - - /** - * Asserts that the provided {@link SSLServerSocketFactory} has the expected default - * configuration. - */ - public static void assertSSLServerSocketFactory(SSLServerSocketFactory sslServerSocketFactory) - throws IOException { - StandardNames.assertDefaultCipherSuites(sslServerSocketFactory.getDefaultCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslServerSocketFactory.getSupportedCipherSuites()); - assertContainsAll("Unsupported default cipher suites", - sslServerSocketFactory.getSupportedCipherSuites(), - sslServerSocketFactory.getDefaultCipherSuites()); - - assertSSLServerSocket((SSLServerSocket) sslServerSocketFactory.createServerSocket()); - } - - /** - * Asserts that the provided {@link SSLSocket} has the expected default configuration. - */ - public static void assertSSLSocket(SSLSocket sslSocket) { - assertSSLParametersClient(sslSocket.getSSLParameters()); - - StandardNames.assertDefaultCipherSuites(sslSocket.getEnabledCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslSocket.getSupportedCipherSuites()); - assertContainsAll("Unsupported enabled cipher suites", - sslSocket.getSupportedCipherSuites(), - sslSocket.getEnabledCipherSuites()); - - StandardNames.assertDefaultProtocolsClient(sslSocket.getEnabledProtocols()); - StandardNames.assertSupportedProtocols(sslSocket.getSupportedProtocols()); - assertContainsAll("Unsupported enabled protocols", - sslSocket.getSupportedProtocols(), - sslSocket.getEnabledProtocols()); - - assertTrue(sslSocket.getUseClientMode()); - assertTrue(sslSocket.getEnableSessionCreation()); - assertFalse(sslSocket.getNeedClientAuth()); - assertFalse(sslSocket.getWantClientAuth()); - } - - /** - * Asserts that the provided {@link SSLServerSocket} has the expected default configuration. - */ - public static void assertSSLServerSocket(SSLServerSocket sslServerSocket) { - // TODO: Check SSLParameters when supported by SSLServerSocket API - - StandardNames.assertDefaultCipherSuites(sslServerSocket.getEnabledCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslServerSocket.getSupportedCipherSuites()); - assertContainsAll("Unsupported enabled cipher suites", - sslServerSocket.getSupportedCipherSuites(), - sslServerSocket.getEnabledCipherSuites()); - - StandardNames.assertDefaultProtocolsServer(sslServerSocket.getEnabledProtocols()); - StandardNames.assertSupportedProtocols(sslServerSocket.getSupportedProtocols()); - assertContainsAll("Unsupported enabled protocols", - sslServerSocket.getSupportedProtocols(), - sslServerSocket.getEnabledProtocols()); - - assertTrue(sslServerSocket.getEnableSessionCreation()); - assertFalse(sslServerSocket.getNeedClientAuth()); - assertFalse(sslServerSocket.getWantClientAuth()); - } - - /** - * Asserts that the provided {@link SSLEngine} has the expected default configuration. - */ - public static void assertSSLEngine(SSLEngine sslEngine) { - assertFalse(sslEngine.getUseClientMode()); - assertSSLEngineSSLParameters(sslEngine.getSSLParameters()); - - StandardNames.assertDefaultCipherSuites(sslEngine.getEnabledCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslEngine.getSupportedCipherSuites()); - assertContainsAll("Unsupported enabled cipher suites", - sslEngine.getSupportedCipherSuites(), - sslEngine.getEnabledCipherSuites()); - - StandardNames.assertSSLEngineDefaultProtocols(sslEngine.getEnabledProtocols()); - StandardNames.assertSupportedProtocols(sslEngine.getSupportedProtocols()); - assertContainsAll("Unsupported enabled protocols", - sslEngine.getSupportedProtocols(), - sslEngine.getEnabledProtocols()); - - assertTrue(sslEngine.getEnableSessionCreation()); - assertFalse(sslEngine.getNeedClientAuth()); - assertFalse(sslEngine.getWantClientAuth()); - } - - /** - * Asserts that the provided {@link SSLParameters} describe the expected default configuration - * for client-side mode of operation. - */ - public static void assertSSLParametersClient(SSLParameters sslParameters) { - assertDefaultSSLParametersClient(sslParameters); - } - - /** - * Asserts that the provided default {@link SSLParameters} are as expected for client-side mode of - * operation. - */ - private static void assertDefaultSSLParametersClient(SSLParameters sslParameters) { - StandardNames.assertDefaultCipherSuites(sslParameters.getCipherSuites()); - StandardNames.assertDefaultProtocolsClient(sslParameters.getProtocols()); - assertFalse(sslParameters.getWantClientAuth()); - assertFalse(sslParameters.getNeedClientAuth()); - } - - /** - * Asserts that the provided supported {@link SSLParameters} are as expected for client-side mode - * of operation. - */ - private static void assertSupportedSSLParametersClient(SSLParameters sslParameters) { - StandardNames.assertSupportedCipherSuites(sslParameters.getCipherSuites()); - StandardNames.assertSupportedProtocols(sslParameters.getProtocols()); - assertFalse(sslParameters.getWantClientAuth()); - assertFalse(sslParameters.getNeedClientAuth()); - } - - /** - * Asserts that the provided {@link SSLParameters} has the expected default configuration for - * {@link SSLEngine}. - */ - public static void assertSSLEngineSSLParameters(SSLParameters sslParameters) { - StandardNames.assertDefaultCipherSuites(sslParameters.getCipherSuites()); - StandardNames.assertSSLEngineDefaultProtocols(sslParameters.getProtocols()); - assertFalse(sslParameters.getWantClientAuth()); - assertFalse(sslParameters.getNeedClientAuth()); - } - - /** - * Asserts that the {@code container} contains all the {@code elements}. - */ - private static void assertContainsAll(String message, String[] container, String[] elements) { - Set<String> elementsNotInContainer = new HashSet<String>(Arrays.asList(elements)); - elementsNotInContainer.removeAll(Arrays.asList(container)); - assertEquals(message, Collections.EMPTY_SET, elementsNotInContainer); - } -} |