From c9461f39290f815f560f2ec50e9ccde5ff4eb8f7 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Fri, 9 May 2014 04:25:53 -0700
Subject: Document and assert support for TLS-PSK cipher suites.

This CL updates the Javadoc of SSLSocket and SSLEngine to list the
now supported TLS-PSK cipher suites. It also adds tests to assert
that these cipher suites are actually supported by SSLSocket and
SSLEngine.

Bug: 15073623
Change-Id: I8e59264455f980f23a5e66099c27b5b4d932b9bb
---
 .../java/libcore/java/security/StandardNames.java  |  8 ++++++
 .../java/libcore/javax/net/ssl/TestSSLContext.java | 33 +++++++++++++++++++---
 2 files changed, 37 insertions(+), 4 deletions(-)

(limited to 'support/src')

diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java
index e37a788..cae8565 100644
--- a/support/src/test/java/libcore/java/security/StandardNames.java
+++ b/support/src/test/java/libcore/java/security/StandardNames.java
@@ -722,6 +722,14 @@ public final class StandardNames extends Assert {
         addOpenSsl("TLS_DH_anon_WITH_AES_128_GCM_SHA256");
         addOpenSsl("TLS_DH_anon_WITH_AES_256_GCM_SHA384");
 
+        // Pre-Shared Key (PSK) cipher suites
+        addOpenSsl("TLS_PSK_WITH_RC4_128_SHA");
+        addOpenSsl("TLS_PSK_WITH_3DES_EDE_CBC_SHA");
+        addOpenSsl("TLS_PSK_WITH_AES_128_CBC_SHA");
+        addOpenSsl("TLS_PSK_WITH_AES_256_CBC_SHA");
+        addOpenSsl("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256");
+        addOpenSsl("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384");
+
         // RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation
         addBoth(CIPHER_SUITE_SECURE_RENEGOTIATION);
 
diff --git a/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java b/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java
index 9793d9a..5741f2b 100644
--- a/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java
+++ b/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java
@@ -141,15 +141,27 @@ public final class TestSSLContext extends Assert {
      * TestSSLContext creation method that allows separate creation of server key store
      */
     public static TestSSLContext create(TestKeyStore client, TestKeyStore server) {
+        return createWithAdditionalKeyManagers(client, server, null, null);
+    }
+
+    /**
+     * TestSSLContext creation method that allows separate creation of server key store and
+     * the use of additional {@code KeyManager} instances
+     */
+    public static TestSSLContext createWithAdditionalKeyManagers(
+            TestKeyStore client, TestKeyStore server,
+            KeyManager[] additionalClientKeyManagers, KeyManager[] additionalServerKeyManagers) {
         String protocol = "TLSv1.2";
+        KeyManager[] clientKeyManagers = concat(client.keyManagers, additionalClientKeyManagers);
+        KeyManager[] serverKeyManagers = concat(server.keyManagers, additionalServerKeyManagers);
         SSLContext clientContext =
-                createSSLContext(protocol, client.keyManagers, client.trustManagers);
+                createSSLContext(protocol, clientKeyManagers, client.trustManagers);
         SSLContext serverContext =
-                createSSLContext(protocol, server.keyManagers, server.trustManagers);
+                createSSLContext(protocol, serverKeyManagers, server.trustManagers);
         return create(client.keyStore, client.storePassword,
                       server.keyStore, server.storePassword,
-                      client.keyManagers,
-                      server.keyManagers,
+                      clientKeyManagers,
+                      serverKeyManagers,
                       client.trustManagers[0],
                       server.trustManagers[0],
                       clientContext,
@@ -296,4 +308,17 @@ public final class TestSSLContext extends Assert {
             }
         };
     }
+
+    private static KeyManager[] concat(KeyManager[] a, KeyManager[] b) {
+        if ((a == null) || (a.length == 0)) {
+            return b;
+        }
+        if ((b == null) || (b.length == 0)) {
+            return a;
+        }
+        KeyManager[] result = new KeyManager[a.length + b.length];
+        System.arraycopy(a, 0, result, 0, a.length);
+        System.arraycopy(b, 0, result, a.length, b.length);
+        return result;
+    }
 }
-- 
cgit v1.1