From 782740701db73dd2dc4fef9df8cde270b0e631a4 Mon Sep 17 00:00:00 2001 From: Alex Klyubin Date: Mon, 17 Nov 2014 18:19:39 -0800 Subject: Fix SSLContextTest.test_SSLContext_defaultConfiguration failure This test was failing because it assumed that all SSLContext instances have the same set of TLS protocol versions enabled. The fix refactored SSLDefaultConfigurationAsserts class into SSLConfigurationAsserts class. The main difference is that the new class has wider scope: it can assert that (1) the default configuration of TLS/SSL primitives is as expected -- exactly what the old SSLDefaultConfigurationAsserts class offered, and (2) that TLS/SSL primitives are configured the same as a provided SSLContext. Assertions about the default configuration of primitives other than SSLContext are now implemented by asserting that these primitives are configured exactly like the default SSLContext. Change-Id: I52d6514768c4053054df2cf79e7182d8fd87bfe2 --- .../java/libcore/java/security/StandardNames.java | 46 +--- .../javax/net/ssl/SSLConfigurationAsserts.java | 248 +++++++++++++++++++++ .../net/ssl/SSLDefaultConfigurationAsserts.java | 202 ----------------- 3 files changed, 255 insertions(+), 241 deletions(-) create mode 100644 support/src/test/java/libcore/javax/net/ssl/SSLConfigurationAsserts.java delete mode 100644 support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java (limited to 'support/src') diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java index c28a841..208adab 100644 --- a/support/src/test/java/libcore/java/security/StandardNames.java +++ b/support/src/test/java/libcore/java/security/StandardNames.java @@ -556,6 +556,7 @@ public final class StandardNames extends Assert { provideSslContextEnabledProtocols("TLSv1", TLSVersion.SSLv3, TLSVersion.TLSv1); provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.SSLv3, TLSVersion.TLSv11); provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.SSLv3, TLSVersion.TLSv12); + provideSslContextEnabledProtocols("Default", TLSVersion.SSLv3, TLSVersion.TLSv1); } else { provideSslContextEnabledProtocols("SSL", TLSVersion.SSLv3, TLSVersion.TLSv12); provideSslContextEnabledProtocols("SSLv3", TLSVersion.SSLv3, TLSVersion.TLSv12); @@ -563,6 +564,7 @@ public final class StandardNames extends Assert { provideSslContextEnabledProtocols("TLSv1", TLSVersion.TLSv1, TLSVersion.TLSv12); provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.TLSv1, TLSVersion.TLSv12); provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.TLSv1, TLSVersion.TLSv12); + provideSslContextEnabledProtocols("Default", TLSVersion.TLSv1, TLSVersion.TLSv12); } } @@ -989,7 +991,8 @@ public final class StandardNames extends Assert { * suites in a test for those that want to verify separately that * all cipher suites were included. */ - public static Set assertValidCipherSuites(Set expected, String[] cipherSuites) { + private static Set assertValidCipherSuites( + Set expected, String[] cipherSuites) { assertNotNull(cipherSuites); assertTrue(cipherSuites.length != 0); @@ -1011,7 +1014,7 @@ public final class StandardNames extends Assert { * assertSupportedCipherSuites additionally verifies that all * supported cipher suites where in the input array. */ - public static void assertSupportedCipherSuites(Set expected, String[] cipherSuites) { + private static void assertSupportedCipherSuites(Set expected, String[] cipherSuites) { Set remainingCipherSuites = assertValidCipherSuites(expected, cipherSuites); assertEquals("Missing cipher suites", Collections.EMPTY_SET, remainingCipherSuites); assertEquals(expected.size(), cipherSuites.length); @@ -1024,7 +1027,7 @@ public final class StandardNames extends Assert { * those that want to verify separately that all protocols were * included. */ - public static Set assertValidProtocols(Set expected, String[] protocols) { + private static Set assertValidProtocols(Set expected, String[] protocols) { assertNotNull(protocols); assertTrue(protocols.length != 0); @@ -1045,21 +1048,13 @@ public final class StandardNames extends Assert { * assertSupportedProtocols additionally verifies that all * supported protocols where in the input array. */ - public static void assertSupportedProtocols(Set expected, String[] protocols) { + private static void assertSupportedProtocols(Set expected, String[] protocols) { Set remainingProtocols = assertValidProtocols(expected, protocols); assertEquals("Missing protocols", Collections.EMPTY_SET, remainingProtocols); assertEquals(expected.size(), protocols.length); } /** - * Asserts that the protocols array is non-null and that all of its contents are supported - * protocols. - */ - public static void assertValidProtocols(String[] protocols) { - assertValidProtocols(SSL_SOCKET_PROTOCOLS, protocols); - } - - /** * Asserts that the provided list of protocols matches the supported list of protocols. */ public static void assertSupportedProtocols(String[] protocols) { @@ -1067,33 +1062,6 @@ public final class StandardNames extends Assert { } /** - * Asserts that the protocols array contains all the protocols enabled by default for client use - * and no other ones. - */ - public static void assertDefaultProtocolsClient(String[] protocols) { - assertValidProtocols(protocols); - assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT, protocols); - } - - /** - * Asserts that the protocols array contains all the protocols enabled by default for server use - * and no other ones. - */ - public static void assertDefaultProtocolsServer(String[] protocols) { - assertValidProtocols(protocols); - assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT, protocols); - } - - /** - * Asserts that the protocols array contains all the protocols enabled by default for - * {@link javax.net.ssl.SSLEngine} and no other ones. - */ - public static void assertSSLEngineDefaultProtocols(String[] protocols) { - assertValidProtocols(protocols); - assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT, protocols); - } - - /** * Assert that the provided list of cipher suites contains only the supported cipher suites. */ public static void assertValidCipherSuites(String[] cipherSuites) { diff --git a/support/src/test/java/libcore/javax/net/ssl/SSLConfigurationAsserts.java b/support/src/test/java/libcore/javax/net/ssl/SSLConfigurationAsserts.java new file mode 100644 index 0000000..bdaad65 --- /dev/null +++ b/support/src/test/java/libcore/javax/net/ssl/SSLConfigurationAsserts.java @@ -0,0 +1,248 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package libcore.javax.net.ssl; + +import junit.framework.Assert; +import libcore.java.security.StandardNames; +import java.io.IOException; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + +/** + * Assertions about the configuration of TLS/SSL primitives. + */ +public class SSLConfigurationAsserts extends Assert { + + /** Hidden constructor to prevent instantiation. */ + private SSLConfigurationAsserts() {} + + /** + * Asserts that the provided {@link SSLContext} has the expected default configuration, and that + * {@link SSLSocketFactory}, {@link SSLServerSocketFactory}, {@link SSLSocket}, + * {@link SSLServerSocket} and {@link SSLEngine} instances created from the context match the + * configuration. + */ + public static void assertSSLContextDefaultConfiguration(SSLContext sslContext) + throws IOException { + SSLParameters defaultParameters = sslContext.getDefaultSSLParameters(); + StandardNames.assertSSLContextEnabledProtocols(sslContext.getProtocol(), + defaultParameters.getProtocols()); + StandardNames.assertDefaultCipherSuites(defaultParameters.getCipherSuites()); + assertFalse(defaultParameters.getWantClientAuth()); + assertFalse(defaultParameters.getNeedClientAuth()); + + SSLParameters supportedParameters = sslContext.getSupportedSSLParameters(); + StandardNames.assertSupportedCipherSuites(supportedParameters.getCipherSuites()); + StandardNames.assertSupportedProtocols(supportedParameters.getProtocols()); + assertFalse(supportedParameters.getWantClientAuth()); + assertFalse(supportedParameters.getNeedClientAuth()); + + assertContainsAll("Unsupported enabled cipher suites", supportedParameters.getCipherSuites(), + defaultParameters.getCipherSuites()); + assertContainsAll("Unsupported enabled protocols", supportedParameters.getProtocols(), + defaultParameters.getProtocols()); + + assertSSLSocketFactoryConfigSameAsSSLContext(sslContext.getSocketFactory(), sslContext); + assertSSLServerSocketFactoryConfigSameAsSSLContext(sslContext.getServerSocketFactory(), + sslContext); + + SSLEngine sslEngine = sslContext.createSSLEngine(); + assertFalse(sslEngine.getUseClientMode()); + assertSSLEngineConfigSameAsSSLContext(sslEngine, sslContext); + } + + /** + * Asserts that the provided {@link SSLSocketFactory} has the expected default configuration and + * that {@link SSLSocket} instances created by the factory match the configuration. + */ + public static void assertSSLSocketFactoryDefaultConfiguration( + SSLSocketFactory sslSocketFactory) throws Exception { + assertSSLSocketFactoryConfigSameAsSSLContext(sslSocketFactory, + SSLContext.getDefault()); + } + + /** + * Asserts that {@link SSLSocketFactory}'s configuration matches {@code SSLContext}'s + * configuration, and that {@link SSLSocket} instances obtained from the factory match this + * configuration as well. + */ + private static void assertSSLSocketFactoryConfigSameAsSSLContext( + SSLSocketFactory sslSocketFactory, SSLContext sslContext) throws IOException { + assertCipherSuitesEqual(sslContext.getDefaultSSLParameters().getCipherSuites(), + sslSocketFactory.getDefaultCipherSuites()); + assertCipherSuitesEqual(sslContext.getSupportedSSLParameters().getCipherSuites(), + sslSocketFactory.getSupportedCipherSuites()); + + try (SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket()) { + assertTrue(sslSocket.getUseClientMode()); + assertTrue(sslSocket.getEnableSessionCreation()); + assertSSLSocketConfigSameAsSSLContext(sslSocket, sslContext); + } + } + + /** + * Asserts that the provided {@link SSLSocket} has the expected default configuration. + */ + public static void assertSSLSocketDefaultConfiguration(SSLSocket sslSocket) throws Exception { + assertTrue(sslSocket.getUseClientMode()); + assertTrue(sslSocket.getEnableSessionCreation()); + assertSSLSocketConfigSameAsSSLContext(sslSocket, SSLContext.getDefault()); + } + + /** + * Asserts that {@link SSLSocket}'s configuration matches {@code SSLContext's} configuration. + */ + private static void assertSSLSocketConfigSameAsSSLContext(SSLSocket sslSocket, + SSLContext sslContext) { + assertSSLParametersEqual(sslSocket.getSSLParameters(), sslContext.getDefaultSSLParameters()); + assertCipherSuitesEqual(sslSocket.getEnabledCipherSuites(), + sslContext.getDefaultSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslSocket.getEnabledProtocols(), + sslContext.getDefaultSSLParameters().getProtocols()); + + assertCipherSuitesEqual(sslSocket.getSupportedCipherSuites(), + sslContext.getSupportedSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslSocket.getSupportedProtocols(), + sslContext.getSupportedSSLParameters().getProtocols()); + } + + /** + * Asserts that the provided {@link SSLServerSocketFactory} has the expected default + * configuration, and that {@link SSLServerSocket} instances created by the factory match the + * configuration. + */ + public static void assertSSLServerSocketFactoryDefaultConfiguration( + SSLServerSocketFactory sslServerSocketFactory) throws Exception { + assertSSLServerSocketFactoryConfigSameAsSSLContext(sslServerSocketFactory, + SSLContext.getDefault()); + } + + /** + * Asserts that {@link SSLServerSocketFactory}'s configuration matches {@code SSLContext}'s + * configuration, and that {@link SSLServerSocket} instances obtained from the factory match this + * configuration as well. + */ + private static void assertSSLServerSocketFactoryConfigSameAsSSLContext( + SSLServerSocketFactory sslServerSocketFactory, SSLContext sslContext) throws IOException { + assertCipherSuitesEqual(sslContext.getDefaultSSLParameters().getCipherSuites(), + sslServerSocketFactory.getDefaultCipherSuites()); + assertCipherSuitesEqual(sslContext.getSupportedSSLParameters().getCipherSuites(), + sslServerSocketFactory.getSupportedCipherSuites()); + try (SSLServerSocket sslServerSocket = + (SSLServerSocket) sslServerSocketFactory.createServerSocket()) { + assertFalse(sslServerSocket.getUseClientMode()); + assertTrue(sslServerSocket.getEnableSessionCreation()); + assertSSLServerSocketConfigSameAsSSLContext(sslServerSocket, sslContext); + } + } + + /** + * Asserts that the provided {@link SSLServerSocket} has the expected default configuration. + */ + public static void assertSSLServerSocketDefaultConfiguration(SSLServerSocket sslServerSocket) + throws Exception { + assertFalse(sslServerSocket.getUseClientMode()); + assertTrue(sslServerSocket.getEnableSessionCreation()); + assertSSLServerSocketConfigSameAsSSLContext(sslServerSocket, SSLContext.getDefault()); + // TODO: Check SSLParameters when supported by SSLServerSocket API + } + + /** + * Asserts that {@link SSLServerSocket}'s configuration matches {@code SSLContext's} + * configuration. + */ + private static void assertSSLServerSocketConfigSameAsSSLContext(SSLServerSocket sslServerSocket, + SSLContext sslContext) { + assertCipherSuitesEqual(sslServerSocket.getEnabledCipherSuites(), + sslContext.getDefaultSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslServerSocket.getEnabledProtocols(), + sslContext.getDefaultSSLParameters().getProtocols()); + + assertCipherSuitesEqual(sslServerSocket.getSupportedCipherSuites(), + sslContext.getSupportedSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslServerSocket.getSupportedProtocols(), + sslContext.getSupportedSSLParameters().getProtocols()); + + assertEquals(sslServerSocket.getNeedClientAuth(), + sslContext.getDefaultSSLParameters().getNeedClientAuth()); + assertEquals(sslServerSocket.getWantClientAuth(), + sslContext.getDefaultSSLParameters().getWantClientAuth()); + } + + /** + * Asserts that the provided {@link SSLEngine} has the expected default configuration. + */ + public static void assertSSLEngineDefaultConfiguration(SSLEngine sslEngine) throws Exception { + assertFalse(sslEngine.getUseClientMode()); + assertTrue(sslEngine.getEnableSessionCreation()); + assertSSLEngineConfigSameAsSSLContext(sslEngine, SSLContext.getDefault()); + } + + /** + * Asserts that {@link SSLEngine}'s configuration matches {@code SSLContext's} configuration. + */ + private static void assertSSLEngineConfigSameAsSSLContext(SSLEngine sslEngine, + SSLContext sslContext) { + assertSSLParametersEqual(sslEngine.getSSLParameters(), sslContext.getDefaultSSLParameters()); + assertCipherSuitesEqual(sslEngine.getEnabledCipherSuites(), + sslContext.getDefaultSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslEngine.getEnabledProtocols(), + sslContext.getDefaultSSLParameters().getProtocols()); + + assertCipherSuitesEqual(sslEngine.getSupportedCipherSuites(), + sslContext.getSupportedSSLParameters().getCipherSuites()); + assertProtocolsEqual(sslEngine.getSupportedProtocols(), + sslContext.getSupportedSSLParameters().getProtocols()); + } + + private static void assertSSLParametersEqual(SSLParameters expected, SSLParameters actual) { + assertCipherSuitesEqual(expected.getCipherSuites(), actual.getCipherSuites()); + assertProtocolsEqual(expected.getProtocols(), actual.getProtocols()); + assertEquals(expected.getNeedClientAuth(), actual.getNeedClientAuth()); + assertEquals(expected.getWantClientAuth(), actual.getWantClientAuth()); + } + + private static void assertCipherSuitesEqual(String[] expected, String[] actual) { + assertEquals(Arrays.asList(expected), Arrays.asList(actual)); + } + + private static void assertProtocolsEqual(String[] expected, String[] actual) { + // IMPLEMENTATION NOTE: The order of protocols versions does not matter. Similarly, it only + // matters whether a protocol version is present or absent in the array. These arrays are + // supposed to represent sets of protocol versions. Thus, we treat them as such. + assertEquals(new HashSet(Arrays.asList(expected)), + new HashSet(Arrays.asList(actual))); + } + + /** + * Asserts that the {@code container} contains all the {@code elements}. + */ + private static void assertContainsAll(String message, String[] container, String[] elements) { + Set elementsNotInContainer = new HashSet(Arrays.asList(elements)); + elementsNotInContainer.removeAll(Arrays.asList(container)); + assertEquals(message, Collections.EMPTY_SET, elementsNotInContainer); + } +} diff --git a/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java b/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java deleted file mode 100644 index d54f5e5..0000000 --- a/support/src/test/java/libcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Copyright (C) 2013 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package libcore.javax.net.ssl; - -import java.io.IOException; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLParameters; -import javax.net.ssl.SSLServerSocket; -import javax.net.ssl.SSLServerSocketFactory; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; -import junit.framework.Assert; -import libcore.java.security.StandardNames; - -/** - * Assertions about the default configuration of TLS/SSL primitives. - */ -public abstract class SSLDefaultConfigurationAsserts extends Assert { - - /** Hidden constructor to prevent instantiation. */ - private SSLDefaultConfigurationAsserts() {} - - /** - * Asserts that the provided {@link SSLContext} has the expected default configuration. - */ - public static void assertSSLContext(SSLContext sslContext) throws IOException { - assertDefaultSSLParametersClient(sslContext.getDefaultSSLParameters()); - assertSupportedSSLParametersClient(sslContext.getSupportedSSLParameters()); - assertSSLSocketFactory(sslContext.getSocketFactory()); - assertSSLServerSocketFactory(sslContext.getServerSocketFactory()); - assertSSLEngine(sslContext.createSSLEngine()); - assertSSLEngine(sslContext.createSSLEngine(null, -1)); - } - - /** - * Asserts that the provided {@link SSLSocketFactory} has the expected default configuration. - */ - public static void assertSSLSocketFactory(SSLSocketFactory sslSocketFactory) throws IOException { - StandardNames.assertDefaultCipherSuites(sslSocketFactory.getDefaultCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslSocketFactory.getSupportedCipherSuites()); - assertContainsAll("Unsupported default cipher suites", - sslSocketFactory.getSupportedCipherSuites(), - sslSocketFactory.getDefaultCipherSuites()); - - assertSSLSocket((SSLSocket) sslSocketFactory.createSocket()); - } - - /** - * Asserts that the provided {@link SSLServerSocketFactory} has the expected default - * configuration. - */ - public static void assertSSLServerSocketFactory(SSLServerSocketFactory sslServerSocketFactory) - throws IOException { - StandardNames.assertDefaultCipherSuites(sslServerSocketFactory.getDefaultCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslServerSocketFactory.getSupportedCipherSuites()); - assertContainsAll("Unsupported default cipher suites", - sslServerSocketFactory.getSupportedCipherSuites(), - sslServerSocketFactory.getDefaultCipherSuites()); - - assertSSLServerSocket((SSLServerSocket) sslServerSocketFactory.createServerSocket()); - } - - /** - * Asserts that the provided {@link SSLSocket} has the expected default configuration. - */ - public static void assertSSLSocket(SSLSocket sslSocket) { - assertSSLParametersClient(sslSocket.getSSLParameters()); - - StandardNames.assertDefaultCipherSuites(sslSocket.getEnabledCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslSocket.getSupportedCipherSuites()); - assertContainsAll("Unsupported enabled cipher suites", - sslSocket.getSupportedCipherSuites(), - sslSocket.getEnabledCipherSuites()); - - StandardNames.assertDefaultProtocolsClient(sslSocket.getEnabledProtocols()); - StandardNames.assertSupportedProtocols(sslSocket.getSupportedProtocols()); - assertContainsAll("Unsupported enabled protocols", - sslSocket.getSupportedProtocols(), - sslSocket.getEnabledProtocols()); - - assertTrue(sslSocket.getUseClientMode()); - assertTrue(sslSocket.getEnableSessionCreation()); - assertFalse(sslSocket.getNeedClientAuth()); - assertFalse(sslSocket.getWantClientAuth()); - } - - /** - * Asserts that the provided {@link SSLServerSocket} has the expected default configuration. - */ - public static void assertSSLServerSocket(SSLServerSocket sslServerSocket) { - // TODO: Check SSLParameters when supported by SSLServerSocket API - - StandardNames.assertDefaultCipherSuites(sslServerSocket.getEnabledCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslServerSocket.getSupportedCipherSuites()); - assertContainsAll("Unsupported enabled cipher suites", - sslServerSocket.getSupportedCipherSuites(), - sslServerSocket.getEnabledCipherSuites()); - - StandardNames.assertDefaultProtocolsServer(sslServerSocket.getEnabledProtocols()); - StandardNames.assertSupportedProtocols(sslServerSocket.getSupportedProtocols()); - assertContainsAll("Unsupported enabled protocols", - sslServerSocket.getSupportedProtocols(), - sslServerSocket.getEnabledProtocols()); - - assertTrue(sslServerSocket.getEnableSessionCreation()); - assertFalse(sslServerSocket.getNeedClientAuth()); - assertFalse(sslServerSocket.getWantClientAuth()); - } - - /** - * Asserts that the provided {@link SSLEngine} has the expected default configuration. - */ - public static void assertSSLEngine(SSLEngine sslEngine) { - assertFalse(sslEngine.getUseClientMode()); - assertSSLEngineSSLParameters(sslEngine.getSSLParameters()); - - StandardNames.assertDefaultCipherSuites(sslEngine.getEnabledCipherSuites()); - StandardNames.assertSupportedCipherSuites(sslEngine.getSupportedCipherSuites()); - assertContainsAll("Unsupported enabled cipher suites", - sslEngine.getSupportedCipherSuites(), - sslEngine.getEnabledCipherSuites()); - - StandardNames.assertSSLEngineDefaultProtocols(sslEngine.getEnabledProtocols()); - StandardNames.assertSupportedProtocols(sslEngine.getSupportedProtocols()); - assertContainsAll("Unsupported enabled protocols", - sslEngine.getSupportedProtocols(), - sslEngine.getEnabledProtocols()); - - assertTrue(sslEngine.getEnableSessionCreation()); - assertFalse(sslEngine.getNeedClientAuth()); - assertFalse(sslEngine.getWantClientAuth()); - } - - /** - * Asserts that the provided {@link SSLParameters} describe the expected default configuration - * for client-side mode of operation. - */ - public static void assertSSLParametersClient(SSLParameters sslParameters) { - assertDefaultSSLParametersClient(sslParameters); - } - - /** - * Asserts that the provided default {@link SSLParameters} are as expected for client-side mode of - * operation. - */ - private static void assertDefaultSSLParametersClient(SSLParameters sslParameters) { - StandardNames.assertDefaultCipherSuites(sslParameters.getCipherSuites()); - StandardNames.assertDefaultProtocolsClient(sslParameters.getProtocols()); - assertFalse(sslParameters.getWantClientAuth()); - assertFalse(sslParameters.getNeedClientAuth()); - } - - /** - * Asserts that the provided supported {@link SSLParameters} are as expected for client-side mode - * of operation. - */ - private static void assertSupportedSSLParametersClient(SSLParameters sslParameters) { - StandardNames.assertSupportedCipherSuites(sslParameters.getCipherSuites()); - StandardNames.assertSupportedProtocols(sslParameters.getProtocols()); - assertFalse(sslParameters.getWantClientAuth()); - assertFalse(sslParameters.getNeedClientAuth()); - } - - /** - * Asserts that the provided {@link SSLParameters} has the expected default configuration for - * {@link SSLEngine}. - */ - public static void assertSSLEngineSSLParameters(SSLParameters sslParameters) { - StandardNames.assertDefaultCipherSuites(sslParameters.getCipherSuites()); - StandardNames.assertSSLEngineDefaultProtocols(sslParameters.getProtocols()); - assertFalse(sslParameters.getWantClientAuth()); - assertFalse(sslParameters.getNeedClientAuth()); - } - - /** - * Asserts that the {@code container} contains all the {@code elements}. - */ - private static void assertContainsAll(String message, String[] container, String[] elements) { - Set elementsNotInContainer = new HashSet(Arrays.asList(elements)); - elementsNotInContainer.removeAll(Arrays.asList(container)); - assertEquals(message, Collections.EMPTY_SET, elementsNotInContainer); - } -} -- cgit v1.1