/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wildfly.openssl;
import java.io.IOException;
import java.net.ServerSocket;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
/**
* @author Stuart Douglas
*/
public class SslCiphersTest extends AbstractOpenSSLTest {
@BeforeClass
public static void setup() {
OpenSSLProvider.register();
}
@Test
public void testCipherSuiteConverter() throws IOException {
final SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
for (String cipher : socket.getSupportedCipherSuites()) {
if (cipher.contains("EMPTY")) {
continue;
}
String openSslCipherSuite = CipherSuiteConverter.toOpenSsl(cipher);
Assert.assertNotNull(cipher, openSslCipherSuite);
Assert.assertEquals(cipher, CipherSuiteConverter.toJava(openSslCipherSuite, cipher.substring(0, 3)));
}
}
@Test
public void testAvailableProtocols() throws Exception {
final AtomicReference<byte[]> sessionID = new AtomicReference<>();
final SSLContext sslContext = SSLTestUtils.createSSLContext("openssl.TLSv1.2");
//we only test a subset of ciphers
//TODO: figure out which ones we need to support, and what sort of cert we need for each
String[] suites = new String[]{
//"TLS_RSA_WITH_AES_256_CBC_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
//"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_CBC_SHA",
//"TLS_RSA_WITH_AES_256_CBC_SHA"
};
for (String suite : suites) {
final AtomicReference<SSLEngine> engineRef = new AtomicReference<>();
ServerSocket serverSocket = SSLTestUtils.createServerSocket();
EchoRunnable echo = new EchoRunnable(serverSocket, sslContext, sessionID, (engine -> {
engineRef.set(engine);
try {
engine.setEnabledCipherSuites(new String[]{suite});
return engine;
} catch (Exception e) {
throw new RuntimeException(e);
}
}));
Thread acceptThread = new Thread(echo);
acceptThread.start();
final SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
socket.setEnabledCipherSuites(new String[]{suite});
socket.connect(SSLTestUtils.createSocketAddress());
socket.getOutputStream().write("hello world".getBytes(StandardCharsets.US_ASCII));
byte[] data = new byte[100];
int read = socket.getInputStream().read(data);
Assert.assertEquals("hello world", new String(data, 0, read));
//make sure the names match
String cipherSuite = socket.getSession().getCipherSuite();
SSLEngine sslEngine = engineRef.get();
SSLSession session = sslEngine.getSession();
// SSL is an alias for TLS, Windows and IBM J9 seem to use SSL for simplicity we'll just replace SSL with
// TLS to match what we're expecting
if(cipherSuite.startsWith("SSL")) {
cipherSuite = cipherSuite.replace("SSL", "TLS");
}
Assert.assertEquals(session.getCipherSuite(), cipherSuite);
Assert.assertEquals(session.getCipherSuite(), suite);
Assert.assertArrayEquals(socket.getSession().getId(), sessionID.get());
socket.getSession().invalidate();
socket.close();
echo.stop();
serverSocket.close();
acceptThread.join();
}
}
}
