1782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin/* 2782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Copyright (C) 2013 The Android Open Source Project 3782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * 4782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Licensed under the Apache License, Version 2.0 (the "License"); 5782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * you may not use this file except in compliance with the License. 6782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * You may obtain a copy of the License at 7782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * 8782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * http://www.apache.org/licenses/LICENSE-2.0 9782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * 10782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Unless required by applicable law or agreed to in writing, software 11782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * distributed under the License is distributed on an "AS IS" BASIS, 12782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * See the License for the specific language governing permissions and 14782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * limitations under the License. 15782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 16782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 17782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinpackage libcore.javax.net.ssl; 18782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 19782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport junit.framework.Assert; 20782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport libcore.java.security.StandardNames; 21782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport java.io.IOException; 22782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport java.util.Arrays; 23782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport java.util.Collections; 24782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport java.util.HashSet; 25782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport java.util.Set; 26782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport javax.net.ssl.SSLContext; 27782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport javax.net.ssl.SSLEngine; 28782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport javax.net.ssl.SSLParameters; 29782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport javax.net.ssl.SSLServerSocket; 30782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport javax.net.ssl.SSLServerSocketFactory; 31782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport javax.net.ssl.SSLSocket; 32782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinimport javax.net.ssl.SSLSocketFactory; 33782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 34782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin/** 35782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Assertions about the configuration of TLS/SSL primitives. 36782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 37782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubinpublic class SSLConfigurationAsserts extends Assert { 38782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 39782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** Hidden constructor to prevent instantiation. */ 40782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin private SSLConfigurationAsserts() {} 41782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 42782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** 43782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Asserts that the provided {@link SSLContext} has the expected default configuration, and that 44782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * {@link SSLSocketFactory}, {@link SSLServerSocketFactory}, {@link SSLSocket}, 45782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * {@link SSLServerSocket} and {@link SSLEngine} instances created from the context match the 46782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * configuration. 47782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 48782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin public static void assertSSLContextDefaultConfiguration(SSLContext sslContext) 49782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin throws IOException { 50782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLParameters defaultParameters = sslContext.getDefaultSSLParameters(); 51782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin StandardNames.assertSSLContextEnabledProtocols(sslContext.getProtocol(), 52782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin defaultParameters.getProtocols()); 53782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin StandardNames.assertDefaultCipherSuites(defaultParameters.getCipherSuites()); 54782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertFalse(defaultParameters.getWantClientAuth()); 55782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertFalse(defaultParameters.getNeedClientAuth()); 56782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 57782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLParameters supportedParameters = sslContext.getSupportedSSLParameters(); 58782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin StandardNames.assertSupportedCipherSuites(supportedParameters.getCipherSuites()); 59782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin StandardNames.assertSupportedProtocols(supportedParameters.getProtocols()); 60782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertFalse(supportedParameters.getWantClientAuth()); 61782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertFalse(supportedParameters.getNeedClientAuth()); 62782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 63782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertContainsAll("Unsupported enabled cipher suites", supportedParameters.getCipherSuites(), 64782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin defaultParameters.getCipherSuites()); 65782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertContainsAll("Unsupported enabled protocols", supportedParameters.getProtocols(), 66782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin defaultParameters.getProtocols()); 67782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 68782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertSSLSocketFactoryConfigSameAsSSLContext(sslContext.getSocketFactory(), sslContext); 69782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertSSLServerSocketFactoryConfigSameAsSSLContext(sslContext.getServerSocketFactory(), 70782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext); 71782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 72782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLEngine sslEngine = sslContext.createSSLEngine(); 73782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertFalse(sslEngine.getUseClientMode()); 74782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertSSLEngineConfigSameAsSSLContext(sslEngine, sslContext); 75782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 76782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 77782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** 78782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Asserts that the provided {@link SSLSocketFactory} has the expected default configuration and 79782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * that {@link SSLSocket} instances created by the factory match the configuration. 80782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 81782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin public static void assertSSLSocketFactoryDefaultConfiguration( 82782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLSocketFactory sslSocketFactory) throws Exception { 83782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertSSLSocketFactoryConfigSameAsSSLContext(sslSocketFactory, 84782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLContext.getDefault()); 85782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 86782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 87782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** 88782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Asserts that {@link SSLSocketFactory}'s configuration matches {@code SSLContext}'s 89782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * configuration, and that {@link SSLSocket} instances obtained from the factory match this 90782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * configuration as well. 91782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 92782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin private static void assertSSLSocketFactoryConfigSameAsSSLContext( 93782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLSocketFactory sslSocketFactory, SSLContext sslContext) throws IOException { 94782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertCipherSuitesEqual(sslContext.getDefaultSSLParameters().getCipherSuites(), 95782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslSocketFactory.getDefaultCipherSuites()); 96782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertCipherSuitesEqual(sslContext.getSupportedSSLParameters().getCipherSuites(), 97782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslSocketFactory.getSupportedCipherSuites()); 98782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 99782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin try (SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket()) { 100782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertTrue(sslSocket.getUseClientMode()); 101782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertTrue(sslSocket.getEnableSessionCreation()); 102782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertSSLSocketConfigSameAsSSLContext(sslSocket, sslContext); 103782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 104782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 105782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 106782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** 107782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Asserts that the provided {@link SSLSocket} has the expected default configuration. 108782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 109782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin public static void assertSSLSocketDefaultConfiguration(SSLSocket sslSocket) throws Exception { 110782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertTrue(sslSocket.getUseClientMode()); 111782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertTrue(sslSocket.getEnableSessionCreation()); 112782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertSSLSocketConfigSameAsSSLContext(sslSocket, SSLContext.getDefault()); 113782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 114782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 115782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** 116782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Asserts that {@link SSLSocket}'s configuration matches {@code SSLContext's} configuration. 117782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 118782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin private static void assertSSLSocketConfigSameAsSSLContext(SSLSocket sslSocket, 119782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLContext sslContext) { 120782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertSSLParametersEqual(sslSocket.getSSLParameters(), sslContext.getDefaultSSLParameters()); 121782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertCipherSuitesEqual(sslSocket.getEnabledCipherSuites(), 122782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getDefaultSSLParameters().getCipherSuites()); 123782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertProtocolsEqual(sslSocket.getEnabledProtocols(), 124782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getDefaultSSLParameters().getProtocols()); 125782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 126782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertCipherSuitesEqual(sslSocket.getSupportedCipherSuites(), 127782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getSupportedSSLParameters().getCipherSuites()); 128782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertProtocolsEqual(sslSocket.getSupportedProtocols(), 129782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getSupportedSSLParameters().getProtocols()); 130782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 131782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 132782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** 133782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Asserts that the provided {@link SSLServerSocketFactory} has the expected default 134782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * configuration, and that {@link SSLServerSocket} instances created by the factory match the 135782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * configuration. 136782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 137782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin public static void assertSSLServerSocketFactoryDefaultConfiguration( 138782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLServerSocketFactory sslServerSocketFactory) throws Exception { 139782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertSSLServerSocketFactoryConfigSameAsSSLContext(sslServerSocketFactory, 140782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLContext.getDefault()); 141782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 142782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 143782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** 144782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Asserts that {@link SSLServerSocketFactory}'s configuration matches {@code SSLContext}'s 145782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * configuration, and that {@link SSLServerSocket} instances obtained from the factory match this 146782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * configuration as well. 147782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 148782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin private static void assertSSLServerSocketFactoryConfigSameAsSSLContext( 149782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLServerSocketFactory sslServerSocketFactory, SSLContext sslContext) throws IOException { 150782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertCipherSuitesEqual(sslContext.getDefaultSSLParameters().getCipherSuites(), 151782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslServerSocketFactory.getDefaultCipherSuites()); 152782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertCipherSuitesEqual(sslContext.getSupportedSSLParameters().getCipherSuites(), 153782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslServerSocketFactory.getSupportedCipherSuites()); 154782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin try (SSLServerSocket sslServerSocket = 155782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin (SSLServerSocket) sslServerSocketFactory.createServerSocket()) { 156782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertFalse(sslServerSocket.getUseClientMode()); 157782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertTrue(sslServerSocket.getEnableSessionCreation()); 158782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertSSLServerSocketConfigSameAsSSLContext(sslServerSocket, sslContext); 159782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 160782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 161782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 162782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** 163782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Asserts that the provided {@link SSLServerSocket} has the expected default configuration. 164782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 165782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin public static void assertSSLServerSocketDefaultConfiguration(SSLServerSocket sslServerSocket) 166782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin throws Exception { 167782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertFalse(sslServerSocket.getUseClientMode()); 168782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertTrue(sslServerSocket.getEnableSessionCreation()); 169782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertSSLServerSocketConfigSameAsSSLContext(sslServerSocket, SSLContext.getDefault()); 170782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin // TODO: Check SSLParameters when supported by SSLServerSocket API 171782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 172782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 173782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** 174782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Asserts that {@link SSLServerSocket}'s configuration matches {@code SSLContext's} 175782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * configuration. 176782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 177782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin private static void assertSSLServerSocketConfigSameAsSSLContext(SSLServerSocket sslServerSocket, 178782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLContext sslContext) { 179782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertCipherSuitesEqual(sslServerSocket.getEnabledCipherSuites(), 180782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getDefaultSSLParameters().getCipherSuites()); 181782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertProtocolsEqual(sslServerSocket.getEnabledProtocols(), 182782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getDefaultSSLParameters().getProtocols()); 183782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 184782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertCipherSuitesEqual(sslServerSocket.getSupportedCipherSuites(), 185782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getSupportedSSLParameters().getCipherSuites()); 186782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertProtocolsEqual(sslServerSocket.getSupportedProtocols(), 187782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getSupportedSSLParameters().getProtocols()); 188782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 189782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertEquals(sslServerSocket.getNeedClientAuth(), 190782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getDefaultSSLParameters().getNeedClientAuth()); 191782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertEquals(sslServerSocket.getWantClientAuth(), 192782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getDefaultSSLParameters().getWantClientAuth()); 193782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 194782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 195782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** 196782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Asserts that the provided {@link SSLEngine} has the expected default configuration. 197782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 198782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin public static void assertSSLEngineDefaultConfiguration(SSLEngine sslEngine) throws Exception { 199782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertFalse(sslEngine.getUseClientMode()); 200782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertTrue(sslEngine.getEnableSessionCreation()); 201782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertSSLEngineConfigSameAsSSLContext(sslEngine, SSLContext.getDefault()); 202782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 203782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 204782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** 205782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Asserts that {@link SSLEngine}'s configuration matches {@code SSLContext's} configuration. 206782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 207782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin private static void assertSSLEngineConfigSameAsSSLContext(SSLEngine sslEngine, 208782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin SSLContext sslContext) { 209782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertSSLParametersEqual(sslEngine.getSSLParameters(), sslContext.getDefaultSSLParameters()); 210782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertCipherSuitesEqual(sslEngine.getEnabledCipherSuites(), 211782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getDefaultSSLParameters().getCipherSuites()); 212782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertProtocolsEqual(sslEngine.getEnabledProtocols(), 213782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getDefaultSSLParameters().getProtocols()); 214782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 215782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertCipherSuitesEqual(sslEngine.getSupportedCipherSuites(), 216782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getSupportedSSLParameters().getCipherSuites()); 217782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertProtocolsEqual(sslEngine.getSupportedProtocols(), 218782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin sslContext.getSupportedSSLParameters().getProtocols()); 219782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 220782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 221782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin private static void assertSSLParametersEqual(SSLParameters expected, SSLParameters actual) { 222782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertCipherSuitesEqual(expected.getCipherSuites(), actual.getCipherSuites()); 223782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertProtocolsEqual(expected.getProtocols(), actual.getProtocols()); 224782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertEquals(expected.getNeedClientAuth(), actual.getNeedClientAuth()); 225782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertEquals(expected.getWantClientAuth(), actual.getWantClientAuth()); 226782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 227782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 228782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin private static void assertCipherSuitesEqual(String[] expected, String[] actual) { 229782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertEquals(Arrays.asList(expected), Arrays.asList(actual)); 230782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 231782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 232782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin private static void assertProtocolsEqual(String[] expected, String[] actual) { 233782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin // IMPLEMENTATION NOTE: The order of protocols versions does not matter. Similarly, it only 234782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin // matters whether a protocol version is present or absent in the array. These arrays are 235782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin // supposed to represent sets of protocol versions. Thus, we treat them as such. 236782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertEquals(new HashSet<String>(Arrays.asList(expected)), 237782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin new HashSet<String>(Arrays.asList(actual))); 238782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 239782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin 240782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin /** 241782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin * Asserts that the {@code container} contains all the {@code elements}. 242782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin */ 243782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin private static void assertContainsAll(String message, String[] container, String[] elements) { 244782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin Set<String> elementsNotInContainer = new HashSet<String>(Arrays.asList(elements)); 245782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin elementsNotInContainer.removeAll(Arrays.asList(container)); 246782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin assertEquals(message, Collections.EMPTY_SET, elementsNotInContainer); 247782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin } 248782740701db73dd2dc4fef9df8cde270b0e631a4Alex Klyubin} 249