From bda96e051a3634b75abec3c989dcf0a8fab009b3 Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Thu, 30 Oct 2014 15:46:10 -0700 Subject: SSLSocket: document current behavior with SSLContext Currently Android does not pay attention to the algorithm choice, so use this test as documentation of that. Bug: 17136008 Change-Id: If8e516be48721bf65a98f22a9cdf02eded8f6375 --- .../java/libcore/java/security/StandardNames.java | 50 ++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'support') diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java index 528a651..ff6128e 100644 --- a/support/src/test/java/libcore/java/security/StandardNames.java +++ b/support/src/test/java/libcore/java/security/StandardNames.java @@ -101,6 +101,9 @@ public final class StandardNames extends Assert { public static final Map> CIPHER_PADDINGS = new HashMap>(); + private static final Map SSL_CONTEXT_PROTOCOLS_ENABLED + = new HashMap(); + private static void provide(String type, String algorithm) { Set algorithms = PROVIDER_ALGORITHMS.get(type); if (algorithms == null) { @@ -134,6 +137,18 @@ public final class StandardNames extends Assert { } paddings.addAll(Arrays.asList(newPaddings)); } + private static void provideSslContextEnabledProtocols(String algorithm, TLSVersion minimum, + TLSVersion maximum) { + if (minimum.ordinal() > maximum.ordinal()) { + throw new RuntimeException("TLS version: minimum > maximum"); + } + int versionsLength = maximum.ordinal() - minimum.ordinal() + 1; + String[] versionNames = new String[versionsLength]; + for (int i = 0; i < versionsLength; i++) { + versionNames[i] = TLSVersion.values()[i + minimum.ordinal()].name; + } + SSL_CONTEXT_PROTOCOLS_ENABLED.put(algorithm, versionNames); + } static { provide("AlgorithmParameterGenerator", "DSA"); provide("AlgorithmParameterGenerator", "DiffieHellman"); @@ -533,6 +548,22 @@ public final class StandardNames extends Assert { } } + + if (IS_RI) { + provideSslContextEnabledProtocols("SSL", TLSVersion.SSLv3, TLSVersion.TLSv1); + provideSslContextEnabledProtocols("SSLv3", TLSVersion.SSLv3, TLSVersion.TLSv1); + provideSslContextEnabledProtocols("TLS", TLSVersion.SSLv3, TLSVersion.TLSv1); + provideSslContextEnabledProtocols("TLSv1", TLSVersion.SSLv3, TLSVersion.TLSv1); + provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.SSLv3, TLSVersion.TLSv11); + provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.SSLv3, TLSVersion.TLSv12); + } else { + provideSslContextEnabledProtocols("SSL", TLSVersion.SSLv3, TLSVersion.TLSv12); + provideSslContextEnabledProtocols("SSLv3", TLSVersion.SSLv3, TLSVersion.TLSv12); + provideSslContextEnabledProtocols("TLS", TLSVersion.SSLv3, TLSVersion.TLSv12); + provideSslContextEnabledProtocols("TLSv1", TLSVersion.SSLv3, TLSVersion.TLSv12); + provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.SSLv3, TLSVersion.TLSv12); + provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.SSLv3, TLSVersion.TLSv12); + } } public static final String SSL_CONTEXT_PROTOCOLS_DEFAULT = "Default"; @@ -593,6 +624,19 @@ public final class StandardNames extends Assert { } } + private static enum TLSVersion { + SSLv3("SSLv3"), + TLSv1("TLSv1"), + TLSv11("TLSv1.1"), + TLSv12("TLSv1.2"); + + private final String name; + + TLSVersion(String name) { + this.name = name; + } + }; + /** * Valid values for X509TrustManager.checkClientTrusted authType, * either the algorithm of the public key or UNKNOWN. @@ -1084,6 +1128,12 @@ public final class StandardNames extends Assert { } } + public static void assertSSLContextEnabledProtocols(String version, String[] protocols) { + assertEquals("For protocol \"" + version + "\"", + Arrays.toString(SSL_CONTEXT_PROTOCOLS_ENABLED.get(version)), + Arrays.toString(protocols)); + } + private static boolean isPermittedDefaultCipherSuite(String cipherSuite) { assertNotNull(cipherSuite); if (CIPHER_SUITE_SECURE_RENEGOTIATION.equals(cipherSuite)) { -- cgit v1.1