/*
* Copyright (C) 2007 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.harmony.tests.javax.net.ssl;
import junit.framework.TestCase;
import libcore.io.Base64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
public class SSLServerSocketTest extends TestCase {
// set to true if on Android, false if on RI
boolean useBKS = true;
/**
* Additional class for SSLServerSocket constructor verification
*/
class mySSLServerSocket extends SSLServerSocket {
public mySSLServerSocket() throws IOException{
super();
}
public mySSLServerSocket(int port) throws IOException{
super(port);
}
public mySSLServerSocket(int port, int backlog) throws IOException{
super(port, backlog);
}
public mySSLServerSocket(int port, int backlog, InetAddress address) throws IOException{
super(port, backlog, address);
}
public String[] getSupportedCipherSuites() {
return null;
}
public void setEnabledCipherSuites(String[] suites) {
}
public String[] getEnabledCipherSuites() {
return null;
}
public String[] getSupportedProtocols() {
return null;
}
public String[] getEnabledProtocols() {
return null;
}
public void setEnabledProtocols(String[] protocols) {
}
public void setEnableSessionCreation(boolean flag) {
}
public boolean getEnableSessionCreation() {
return false;
}
public void setNeedClientAuth(boolean need) {
}
public boolean getNeedClientAuth() {
return false;
}
public boolean getUseClientMode() {
return false;
}
public void setUseClientMode(boolean mode) {
}
public boolean getWantClientAuth() {
return false;
}
public void setWantClientAuth(boolean mode) {
}
}
/**
* javax.net.ssl.SSLServerSocket#SSLServerSocket()
*/
public void testConstructor() throws Exception {
SSLServerSocket ssl = new mySSLServerSocket();
}
/**
* javax.net.ssl.SSLServerSocket#SSLServerSocket(int port)
*/
public void testConstructor_I() throws Exception {
int[] port_invalid = {-1, 65536, Integer.MIN_VALUE, Integer.MAX_VALUE};
SSLServerSocket ssl = new mySSLServerSocket(0);
for (int i = 0; i < port_invalid.length; i++) {
try {
new mySSLServerSocket(port_invalid[i]);
fail("IllegalArgumentException should be thrown");
} catch (IllegalArgumentException expected) {
}
}
try {
new mySSLServerSocket(ssl.getLocalPort());
fail("IOException Expected when opening an already opened port");
} catch (IOException expected) {
}
}
/**
* javax.net.ssl.SSLServerSocket#SSLServerSocket(int port, int backlog)
*/
public void testConstructor_II() throws Exception {
mySSLServerSocket ssl = new mySSLServerSocket(0, 1);
int[] port_invalid = {-1, Integer.MIN_VALUE, Integer.MAX_VALUE};
for (int i = 0; i < port_invalid.length; i++) {
try {
new mySSLServerSocket(port_invalid[i], 1);
fail("IllegalArgumentException should be thrown");
} catch (IllegalArgumentException expected) {
}
}
try {
new mySSLServerSocket(ssl.getLocalPort(), 1);
fail("IOException should be thrown");
} catch (IOException expected) {
}
}
/**
* javax.net.ssl.SSLServerSocket#SSLServerSocket(int port, int backlog, InetAddress address)
*/
public void testConstructor_IIInetAddress() throws Exception {
// A null InetAddress is okay.
new mySSLServerSocket(0, 0, null);
int[] port_invalid = {-1, 65536, Integer.MIN_VALUE, Integer.MAX_VALUE};
mySSLServerSocket ssl = new mySSLServerSocket(0, 0, InetAddress.getLocalHost());
for (int i = 0; i < port_invalid.length; i++) {
try {
new mySSLServerSocket(port_invalid[i], 1, InetAddress.getLocalHost());
fail("IllegalArgumentException should be thrown");
} catch (IllegalArgumentException expected) {
}
}
try {
new mySSLServerSocket(ssl.getLocalPort(), 0, InetAddress.getLocalHost());
fail("IOException should be thrown for");
} catch (IOException expected) {
}
}
/**
* @throws Exception
* javax.net.ssl.SSLServerSocket#getSupportedCipherSuites()
*/
public void test_getSupportedCipherSuites() throws Exception {
SSLServerSocket sss = getSSLServerSocket();
String[] res = sss.getSupportedCipherSuites();
assertNotNull("NULL result", res);
assertTrue("no supported cipher suites available.", res.length > 0);
}
/**
* @throws IOException
* javax.net.ssl.SSLServerSocket#getEnabledCipherSuites()
* javax.net.ssl.SSLServerSocket#setEnabledCipherSuites(String[] suites)
*/
public void test_EnabledCipherSuites() throws Exception {
SSLServerSocket sss = getSSLServerSocket();
try {
sss.setEnabledCipherSuites(null);
} catch (IllegalArgumentException iae) {
//expected
}
String[] unsupportedCipherSuites = {"unsupported"};
try {
sss.setEnabledCipherSuites(unsupportedCipherSuites);
} catch (IllegalArgumentException iae) {
//expected
}
int count = sss.getSupportedCipherSuites().length;
assertTrue("No supported cipher suites", count > 0);
sss.setEnabledCipherSuites(sss.getSupportedCipherSuites());
String[] res = sss.getEnabledCipherSuites();
assertNotNull("NULL result", res);
assertEquals("not all supported cipher suites were enabled",
Arrays.asList(sss.getSupportedCipherSuites()),
Arrays.asList(res));
}
/**
* @throws IOException
* javax.net.ssl.SSLServerSocket#getSupportedProtocols()
*/
public void test_getSupportedProtocols() throws Exception {
SSLServerSocket sss = getSSLServerSocket();
String[] res = sss.getSupportedCipherSuites();
assertNotNull("NULL result", res);
assertTrue("no supported protocols available.", res.length > 0);
}
/**
* @throws IOException
* javax.net.ssl.SSLServerSocket#getEnabledProtocols()
* javax.net.ssl.SSLServerSocket#setEnabledProtocols(String[] protocols)
*/
public void test_EnabledProtocols() throws Exception {
SSLServerSocket sss = getSSLServerSocket();
try {
sss.setEnabledProtocols(null);
} catch (IllegalArgumentException iae) {
//expected
}
String[] unsupportedProtocols = {"unsupported"};
try {
sss.setEnabledProtocols(unsupportedProtocols);
} catch (IllegalArgumentException iae) {
//expected
}
int count = sss.getSupportedProtocols().length;
assertTrue("No supported protocols", count > 0);
sss.setEnabledProtocols(sss.getSupportedProtocols());
String[] res = sss.getEnabledProtocols();
assertNotNull("NULL result", res);
assertTrue("no enabled protocols.", res.length == count);
}
/**
* @throws IOException
* javax.net.ssl.SSLServerSocket#setEnableSessionCreation(boolean flag)
* javax.net.ssl.SSLServerSocket#getEnableSessionCreation()
*/
public void test_EnableSessionCreation() throws Exception {
SSLServerSocket sss = getSSLServerSocket();
assertTrue(sss.getEnableSessionCreation());
sss.setEnableSessionCreation(false);
assertFalse(sss.getEnableSessionCreation());
sss.setEnableSessionCreation(true);
assertTrue(sss.getEnableSessionCreation());
}
/**
* @throws IOException
* javax.net.ssl.SSLServerSocket#setNeedClientAuth(boolean need)
* javax.net.ssl.SSLServerSocket#getNeedClientAuthCreation()
*/
public void test_NeedClientAuth() throws Exception {
SSLServerSocket sss = getSSLServerSocket();
sss.setNeedClientAuth(true);
assertTrue(sss.getNeedClientAuth());
sss.setNeedClientAuth(false);
assertFalse(sss.getNeedClientAuth());
}
/**
* @throws IOException
* javax.net.ssl.SSLServerSocket#getUseClientMode()
* javax.net.ssl.SSLServerSocket#setUseClientMode(boolean mode)
*/
public void test_UseClientMode() throws Exception {
SSLServerSocket sss = getSSLServerSocket();
sss.setUseClientMode(false);
assertFalse(sss.getUseClientMode());
sss.setUseClientMode(true);
assertTrue(sss.getUseClientMode());
}
/**
* @throws IOException
* javax.net.ssl.SSLServerSocket#setWantClientAuth(boolean want)
* javax.net.ssl.SSLServerSocket#getWantClientAuthCreation()
*/
public void test_WantClientAuth() throws Exception {
SSLServerSocket sss = getSSLServerSocket();
sss.setWantClientAuth(true);
assertTrue(sss.getWantClientAuth());
sss.setWantClientAuth(false);
assertFalse(sss.getWantClientAuth());
}
/**
* Defines the keystore contents for the server, BKS version. Holds just a
* single self-generated key. The subject name is "Test Server".
*/
private static final String SERVER_KEYS_BKS =
"AAAAAQAAABQDkebzoP1XwqyWKRCJEpn/t8dqIQAABDkEAAVteWtleQAAARpYl20nAAAAAQAFWC41" +
"MDkAAAJNMIICSTCCAbKgAwIBAgIESEfU1jANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET" +
"MBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNV" +
"BAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgU2VydmVyMB4XDTA4MDYwNTExNTgxNFoXDTA4MDkw" +
"MzExNTgxNFowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01U" +
"VjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRQwEgYDVQQDEwtUZXN0IFNlcnZl" +
"cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LIdKaIr9/vsTq8BZlA3R+NFWRaH4lGsTAQy" +
"DPMF9ZqEDOaL6DJuu0colSBBBQ85hQTPa9m9nyJoN3pEi1hgamqOvQIWcXBk+SOpUGRZZFXwniJV" +
"zDKU5nE9MYgn2B9AoiH3CSuMz6HRqgVaqtppIe1jhukMc/kHVJvlKRNy9XMCAwEAATANBgkqhkiG" +
"9w0BAQUFAAOBgQC7yBmJ9O/eWDGtSH9BH0R3dh2NdST3W9hNZ8hIa8U8klhNHbUCSSktZmZkvbPU" +
"hse5LI3dh6RyNDuqDrbYwcqzKbFJaq/jX9kCoeb3vgbQElMRX8D2ID1vRjxwlALFISrtaN4VpWzV" +
"yeoHPW4xldeZmoVtjn8zXNzQhLuBqX2MmAAAAqwAAAAUvkUScfw9yCSmALruURNmtBai7kQAAAZx" +
"4Jmijxs/l8EBaleaUru6EOPioWkUAEVWCxjM/TxbGHOi2VMsQWqRr/DZ3wsDmtQgw3QTrUK666sR" +
"MBnbqdnyCyvM1J2V1xxLXPUeRBmR2CXorYGF9Dye7NkgVdfA+9g9L/0Au6Ugn+2Cj5leoIgkgApN" +
"vuEcZegFlNOUPVEs3SlBgUF1BY6OBM0UBHTPwGGxFBBcetcuMRbUnu65vyDG0pslT59qpaR0TMVs" +
"P+tcheEzhyjbfM32/vwhnL9dBEgM8qMt0sqF6itNOQU/F4WGkK2Cm2v4CYEyKYw325fEhzTXosck" +
"MhbqmcyLab8EPceWF3dweoUT76+jEZx8lV2dapR+CmczQI43tV9btsd1xiBbBHAKvymm9Ep9bPzM" +
"J0MQi+OtURL9Lxke/70/MRueqbPeUlOaGvANTmXQD2OnW7PISwJ9lpeLfTG0LcqkoqkbtLKQLYHI" +
"rQfV5j0j+wmvmpMxzjN3uvNajLa4zQ8l0Eok9SFaRr2RL0gN8Q2JegfOL4pUiHPsh64WWya2NB7f" +
"V+1s65eA5ospXYsShRjo046QhGTmymwXXzdzuxu8IlnTEont6P4+J+GsWk6cldGbl20hctuUKzyx" +
"OptjEPOKejV60iDCYGmHbCWAzQ8h5MILV82IclzNViZmzAapeeCnexhpXhWTs+xDEYSKEiG/camt" +
"bhmZc3BcyVJrW23PktSfpBQ6D8ZxoMfF0L7V2GQMaUg+3r7ucrx82kpqotjv0xHghNIm95aBr1Qw" +
"1gaEjsC/0wGmmBDg1dTDH+F1p9TInzr3EFuYD0YiQ7YlAHq3cPuyGoLXJ5dXYuSBfhDXJSeddUkl" +
"k1ufZyOOcskeInQge7jzaRfmKg3U94r+spMEvb0AzDQVOKvjjo1ivxMSgFRZaDb/4qw=";
/**
* Defines the keystore contents for the server, JKS version. Holds just a
* single self-generated key. The subject name is "Test Server".
*/
private static final String SERVER_KEYS_JKS =
"/u3+7QAAAAIAAAABAAAAAQAFbXlrZXkAAAEaWFfBeAAAArowggK2MA4GCisGAQQBKgIRAQEFAASC" +
"AqI2kp5XjnF8YZkhcF92YsJNQkvsmH7zqMM87j23zSoV4DwyE3XeC/gZWq1ToScIhoqZkzlbWcu4" +
"T/Zfc/DrfGk/rKbBL1uWKGZ8fMtlZk8KoAhxZk1JSyJvdkyKxqmzUbxk1OFMlN2VJNu97FPVH+du" +
"dvjTvmpdoM81INWBW/1fZJeQeDvn4mMbbe0IxgpiLnI9WSevlaDP/sm1X3iO9yEyzHLL+M5Erspo" +
"Cwa558fOu5DdsICMXhvDQxjWFKFhPHnKtGe+VvwkG9/bAaDgx3kfhk0w5zvdnkKb+8Ed9ylNRzdk" +
"ocAa/mxlMTOsTvDKXjjsBupNPIIj7OP4GNnZaxkJjSs98pEO67op1GX2qhy6FSOPNuq8k/65HzUc" +
"PYn6voEeh6vm02U/sjEnzRevQ2+2wXoAdp0EwtQ/DlMe+NvcwPGWKuMgX4A4L93DZGb04N2VmAU3" +
"YLOtZwTO0LbuWrcCM/q99G/7LcczkxIVrO2I/rh8RXVczlf9QzcrFObFv4ATuspWJ8xG7DhsMbnk" +
"rT94Pq6TogYeoz8o8ZMykesAqN6mt/9+ToIemmXv+e+KU1hI5oLwWMnUG6dXM6hIvrULY6o+QCPH" +
"172YQJMa+68HAeS+itBTAF4Clm/bLn6reHCGGU6vNdwU0lYldpiOj9cB3t+u2UuLo6tiFWjLf5Zs" +
"EQJETd4g/EK9nHxJn0GAKrWnTw7pEHQJ08elzUuy04C/jEEG+4QXU1InzS4o/kR0Sqz2WTGDoSoq" +
"ewuPRU5bzQs/b9daq3mXrnPtRBL6HfSDAdpTK76iHqLCGdqx3avHjVSBm4zFvEuYBCev+3iKOBmg" +
"yh7eQRTjz4UOWfy85omMBr7lK8PtfVBDzOXpasxS0uBgdUyBDX4tO6k9jZ8a1kmQRQAAAAEABVgu" +
"NTA5AAACSDCCAkQwggGtAgRIR8SKMA0GCSqGSIb3DQEBBAUAMGkxCzAJBgNVBAYTAlVTMRMwEQYD" +
"VQQIEwpDYWxpZm9ybmlhMQwwCgYDVQQHEwNNVFYxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMH" +
"QW5kcm9pZDEUMBIGA1UEAxMLVGVzdCBTZXJ2ZXIwHhcNMDgwNjA1MTA0ODQyWhcNMDgwOTAzMTA0" +
"ODQyWjBpMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8w" +
"DQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgU2VydmVyMIGf" +
"MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwoC6chqCI84rj1PrXuJgbiit4EV909zR6N0jNlYfg" +
"itwB39bP39wH03rFm8T59b3mbSptnGmCIpLZn25KPPFsYD3JJ+wFlmiUdEP9H05flfwtFQJnw9uT" +
"3rRIdYVMPcQ3RoZzwAMliGr882I2thIDbA6xjGU/1nRIdvk0LtxH3QIDAQABMA0GCSqGSIb3DQEB" +
"BAUAA4GBAJn+6YgUlY18Ie+0+Vt8oEi81DNi/bfPrAUAh63fhhBikx/3R9dl3wh09Z6p7cIdNxjW" +
"n2ll+cRW9eqF7z75F0Omm0C7/KAEPjukVbszmzeU5VqzkpSt0j84YWi+TfcHRrfvhLbrlmGITVpY" +
"ol5pHLDyqGmDs53pgwipWqsn/nEXEBgj3EoqPeqHbDf7YaP8h/5BSt0=";
private String PASSWORD = "android";
/**
* Loads a keystore from a base64-encoded String. Returns the KeyManager[]
* for the result.
*/
private KeyManager[] getKeyManagers() throws Exception {
String keys = (useBKS ? SERVER_KEYS_BKS : SERVER_KEYS_JKS);
byte[] bytes = Base64.decode(keys.getBytes());
InputStream inputStream = new ByteArrayInputStream(bytes);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(inputStream, PASSWORD.toCharArray());
inputStream.close();
String algorithm = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(algorithm);
keyManagerFactory.init(keyStore, PASSWORD.toCharArray());
return keyManagerFactory.getKeyManagers();
}
private SSLServerSocket getSSLServerSocket() throws Exception {
SSLContext context = SSLContext.getInstance("TLS");
context.init(getKeyManagers(), null, null);
SSLServerSocket sss = (SSLServerSocket) context.getServerSocketFactory()
.createServerSocket();
return sss;
}
public void test_creationStressTest() throws Exception {
KeyManager[] keyManagers = getKeyManagers();
// Test the default codepath, which uses /dev/urandom.
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, null, null);
for (int i = 0; i < 2048; ++i) {
sslContext.getServerSocketFactory().createServerSocket().close();
}
// Test the other codepath, which copies a seed from a byte[].
sslContext.init(keyManagers, null, new SecureRandom());
for (int i = 0; i < 2048; ++i) {
sslContext.getServerSocketFactory().createServerSocket().close();
}
}
}