public void testCipherSuitesFilter() throws Exception {
SSLContext controlContext = SSLContext.getInstance("TLS");
controlContext.init(null, null, null);
SSLEngine controlEngine = controlContext.createSSLEngine();
SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
SSLServerSocket controlServerSocket =
(SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
// default
SSLContextParameters scp = new SSLContextParameters();
SSLContext context = scp.createSSLContext();
CipherSuitesParameters csp = new CipherSuitesParameters();
scp.setCipherSuites(csp);
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
SSLServerSocket serverSocket =
(SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertTrue(
Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(
Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertTrue(
Arrays.equals(
this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()),
serverSocket.getEnabledCipherSuites()));
// empty filter
FilterParameters filter = new FilterParameters();
scp.setCipherSuitesFilter(filter);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
// explicit filter
filter.getInclude().add(".*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
// explicit filter with excludes (excludes overrides)
filter.getExclude().add(".*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
// explicit filter single include
filter.getInclude().clear();
filter.getExclude().clear();
csp.getCipherSuite().add("TLS_RSA_WITH_AES_128_CBC_SHA");
filter.getInclude().add("TLS.*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
// not all platforms/JDKs have these cipher suites
if (!isPlatform("aix")) {
assertTrue(engine.getEnabledCipherSuites().length >= 1);
assertStartsWith(engine.getEnabledCipherSuites(), "TLS");
assertTrue(socket.getEnabledCipherSuites().length >= 1);
assertStartsWith(socket.getEnabledCipherSuites(), "TLS");
assertTrue(serverSocket.getEnabledCipherSuites().length >= 1);
assertStartsWith(serverSocket.getEnabledCipherSuites(), "TLS");
}
}
public void testCipherSuites() throws Exception {
SSLContext controlContext = SSLContext.getInstance("TLS");
controlContext.init(null, null, null);
SSLEngine controlEngine = controlContext.createSSLEngine();
SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
SSLServerSocket controlServerSocket =
(SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
// default
SSLContextParameters scp = new SSLContextParameters();
SSLContext context = scp.createSSLContext();
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
SSLServerSocket serverSocket =
(SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertTrue(
Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(
Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertTrue(
Arrays.equals(
this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()),
serverSocket.getEnabledCipherSuites()));
// empty csp
CipherSuitesParameters csp = new CipherSuitesParameters();
scp.setCipherSuites(csp);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
// explicit csp
csp.getCipherSuite().add(controlEngine.getEnabledCipherSuites()[0]);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(1, engine.getEnabledCipherSuites().length);
assertEquals(controlEngine.getEnabledCipherSuites()[0], engine.getEnabledCipherSuites()[0]);
assertEquals(1, socket.getEnabledCipherSuites().length);
assertEquals(controlEngine.getEnabledCipherSuites()[0], socket.getEnabledCipherSuites()[0]);
assertEquals(1, serverSocket.getEnabledCipherSuites().length);
assertEquals(
controlEngine.getEnabledCipherSuites()[0], serverSocket.getEnabledCipherSuites()[0]);
// explicit csp overrides filter
FilterParameters filter = new FilterParameters();
filter.getInclude().add(".*");
scp.setCipherSuitesFilter(filter);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(1, engine.getEnabledCipherSuites().length);
assertEquals(controlEngine.getEnabledCipherSuites()[0], engine.getEnabledCipherSuites()[0]);
assertEquals(1, socket.getEnabledCipherSuites().length);
assertEquals(controlEngine.getEnabledCipherSuites()[0], socket.getEnabledCipherSuites()[0]);
assertEquals(1, socket.getEnabledCipherSuites().length);
assertEquals(
controlEngine.getEnabledCipherSuites()[0], serverSocket.getEnabledCipherSuites()[0]);
}
