Author: markt
Date: Thu Jul 31 21:28:51 2014
New Revision: 1615009
URL: http://svn.apache.org/r1615009
Log:
Expand alias tests to cover all and [k][DHE|EDH]
Fix a couple of bugs:
- ALL didn't exclude NULL encryption
- k[DHE|EDH] didn't include the anonymous cipher suites
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1615009&r1=1615008&r2=1615009&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
Thu Jul 31 21:28:51 2014
@@ -373,95 +373,97 @@ public class OpenSSLCipherConfigurationP
}
aliases.put(cipher.name(), Collections.singletonList(cipher));
}
- List<Cipher> allCiphers = Arrays.asList(Cipher.values());
- Collections.reverse(allCiphers);
- LinkedHashSet<Cipher> all = defaultSort(new
LinkedHashSet<>(allCiphers));
+ List<Cipher> allCiphersList = Arrays.asList(Cipher.values());
+ Collections.reverse(allCiphersList);
+ LinkedHashSet<Cipher> allCiphers = defaultSort(new
LinkedHashSet<>(allCiphersList));
+ addListAlias(eNULL, filterByEncryption(allCiphers,
Collections.singleton(Encryption.eNULL)));
+ LinkedHashSet<Cipher> all = new LinkedHashSet<>(allCiphers);
+ remove(all, eNULL);
addListAlias(ALL, all);
- addListAlias(HIGH, filterByEncryptionLevel(all,
Collections.singleton(EncryptionLevel.HIGH)));
- addListAlias(MEDIUM, filterByEncryptionLevel(all,
Collections.singleton(EncryptionLevel.MEDIUM)));
- addListAlias(LOW, filterByEncryptionLevel(all,
Collections.singleton(EncryptionLevel.LOW)));
- addListAlias(EXPORT, filterByEncryptionLevel(all, new
HashSet<>(Arrays.asList(EncryptionLevel.EXP40, EncryptionLevel.EXP56))));
+ addListAlias(HIGH, filterByEncryptionLevel(allCiphers,
Collections.singleton(EncryptionLevel.HIGH)));
+ addListAlias(MEDIUM, filterByEncryptionLevel(allCiphers,
Collections.singleton(EncryptionLevel.MEDIUM)));
+ addListAlias(LOW, filterByEncryptionLevel(allCiphers,
Collections.singleton(EncryptionLevel.LOW)));
+ addListAlias(EXPORT, filterByEncryptionLevel(allCiphers, new
HashSet<>(Arrays.asList(EncryptionLevel.EXP40, EncryptionLevel.EXP56))));
aliases.put("EXP", aliases.get(EXPORT));
- addListAlias(EXPORT40, filterByEncryptionLevel(all,
Collections.singleton(EncryptionLevel.EXP40)));
- addListAlias(EXPORT56, filterByEncryptionLevel(all,
Collections.singleton(EncryptionLevel.EXP56)));
- addListAlias(eNULL, filterByEncryption(all,
Collections.singleton(Encryption.eNULL)));
+ addListAlias(EXPORT40, filterByEncryptionLevel(allCiphers,
Collections.singleton(EncryptionLevel.EXP40)));
+ addListAlias(EXPORT56, filterByEncryptionLevel(allCiphers,
Collections.singleton(EncryptionLevel.EXP56)));
aliases.put("NULL", aliases.get(eNULL));
aliases.put(COMPLEMENTOFALL, aliases.get(eNULL));
- addListAlias(aNULL, filterByAuthentication(all,
Collections.singleton(Authentication.aNULL)));
- addListAlias(kRSA, filterByKeyExchange(all,
Collections.singleton(KeyExchange.RSA)));
- addListAlias(aRSA, filterByAuthentication(all,
Collections.singleton(Authentication.RSA)));
+ addListAlias(aNULL, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.aNULL)));
+ addListAlias(kRSA, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.RSA)));
+ addListAlias(aRSA, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.RSA)));
// Despite what the docs say, RSA is equivalent to kRSA
aliases.put(RSA, aliases.get(kRSA));
- addListAlias(kEDH, filterByKeyExchange(all,
Collections.singleton(KeyExchange.EDH)));
- addListAlias(kDHE, filterByKeyExchange(all,
Collections.singleton(KeyExchange.EDH)));
- Set<Cipher> edh = filterByKeyExchange(all,
Collections.singleton(KeyExchange.EDH));
- edh.removeAll(filterByAuthentication(all,
Collections.singleton(Authentication.DH)));
+ addListAlias(kEDH, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EDH)));
+ addListAlias(kDHE, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EDH)));
+ Set<Cipher> edh = filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EDH));
+ edh.removeAll(filterByAuthentication(allCiphers,
Collections.singleton(Authentication.aNULL)));
addListAlias(EDH, edh);
addListAlias(DHE, edh);
- addListAlias(kDHr, filterByKeyExchange(all,
Collections.singleton(KeyExchange.DHr)));
- addListAlias(kDHd, filterByKeyExchange(all,
Collections.singleton(KeyExchange.DHd)));
- addListAlias(kDH, filterByKeyExchange(all, new
HashSet<>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd))));
-
- addListAlias(kECDHr, filterByKeyExchange(all,
Collections.singleton(KeyExchange.ECDHr)));
- addListAlias(kECDHe, filterByKeyExchange(all,
Collections.singleton(KeyExchange.ECDHe)));
- addListAlias(kECDH, filterByKeyExchange(all, new
HashSet<>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr))));
+ addListAlias(kDHr, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.DHr)));
+ addListAlias(kDHd, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.DHd)));
+ addListAlias(kDH, filterByKeyExchange(allCiphers, new
HashSet<>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd))));
+
+ addListAlias(kECDHr, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.ECDHr)));
+ addListAlias(kECDHe, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.ECDHe)));
+ addListAlias(kECDH, filterByKeyExchange(allCiphers, new
HashSet<>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr))));
aliases.put(ECDH, aliases.get(kECDH));
- addListAlias(kECDHE, filterByKeyExchange(all,
Collections.singleton(KeyExchange.ECDHe)));
+ addListAlias(kECDHE, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.ECDHe)));
aliases.put(ECDHE, aliases.get(kECDHE));
- addListAlias(kEECDH, filterByKeyExchange(all,
Collections.singleton(KeyExchange.EECDH)));
+ addListAlias(kEECDH, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EECDH)));
aliases.put(EECDHE, aliases.get(kEECDH));
- addListAlias(aDSS, filterByAuthentication(all,
Collections.singleton(Authentication.DSS)));
+ addListAlias(aDSS, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.DSS)));
aliases.put("DSS", aliases.get(aDSS));
- addListAlias(aDH, filterByAuthentication(all,
Collections.singleton(Authentication.DH)));
- Set<Cipher> aecdh = filterByKeyExchange(all, new
HashSet<>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr)));
- aecdh.removeAll(filterByAuthentication(all,
Collections.singleton(Authentication.aNULL)));
+ addListAlias(aDH, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.DH)));
+ Set<Cipher> aecdh = filterByKeyExchange(allCiphers, new
HashSet<>(Arrays.asList(KeyExchange.ECDHe, KeyExchange.ECDHr)));
+ aecdh.removeAll(filterByAuthentication(allCiphers,
Collections.singleton(Authentication.aNULL)));
addListAlias(AECDH, aecdh);
- addListAlias(aECDH, filterByAuthentication(all,
Collections.singleton(Authentication.ECDH)));
- addListAlias(ECDSA, filterByAuthentication(all,
Collections.singleton(Authentication.ECDSA)));
+ addListAlias(aECDH, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.ECDH)));
+ addListAlias(ECDSA, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.ECDSA)));
aliases.put(aECDSA, aliases.get(ECDSA));
- addListAlias(kFZA, filterByKeyExchange(all,
Collections.singleton(KeyExchange.FZA)));
- addListAlias(aFZA, filterByAuthentication(all,
Collections.singleton(Authentication.FZA)));
- addListAlias(eFZA, filterByEncryption(all,
Collections.singleton(Encryption.FZA)));
- addListAlias(FZA, filter(all, null,
Collections.singleton(KeyExchange.FZA),
Collections.singleton(Authentication.FZA),
Collections.singleton(Encryption.FZA), null, null));
- addListAlias(TLSv1_2, filterByProtocol(all,
Collections.singleton(Protocol.TLSv1_2)));
- addListAlias("TLSv1.1", filterByProtocol(all,
Collections.singleton(Protocol.SSLv3)));
- addListAlias(TLSv1, filterByProtocol(all,
Collections.singleton(Protocol.TLSv1)));
- addListAlias(SSLv3, filterByProtocol(all,
Collections.singleton(Protocol.SSLv3)));
- addListAlias(SSLv2, filterByProtocol(all,
Collections.singleton(Protocol.SSLv2)));
- addListAlias(DH, filterByKeyExchange(all, new
HashSet<>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd, KeyExchange.EDH))));
- Set<Cipher> adh = filterByKeyExchange(all,
Collections.singleton(KeyExchange.EDH));
- adh.retainAll(filterByAuthentication(all,
Collections.singleton(Authentication.aNULL)));
+ addListAlias(kFZA, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.FZA)));
+ addListAlias(aFZA, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.FZA)));
+ addListAlias(eFZA, filterByEncryption(allCiphers,
Collections.singleton(Encryption.FZA)));
+ addListAlias(FZA, filter(allCiphers, null,
Collections.singleton(KeyExchange.FZA),
Collections.singleton(Authentication.FZA),
Collections.singleton(Encryption.FZA), null, null));
+ addListAlias(TLSv1_2, filterByProtocol(allCiphers,
Collections.singleton(Protocol.TLSv1_2)));
+ addListAlias("TLSv1.1", filterByProtocol(allCiphers,
Collections.singleton(Protocol.SSLv3)));
+ addListAlias(TLSv1, filterByProtocol(allCiphers,
Collections.singleton(Protocol.TLSv1)));
+ addListAlias(SSLv3, filterByProtocol(allCiphers,
Collections.singleton(Protocol.SSLv3)));
+ addListAlias(SSLv2, filterByProtocol(allCiphers,
Collections.singleton(Protocol.SSLv2)));
+ addListAlias(DH, filterByKeyExchange(allCiphers, new
HashSet<>(Arrays.asList(KeyExchange.DHr, KeyExchange.DHd, KeyExchange.EDH))));
+ Set<Cipher> adh = filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.EDH));
+ adh.retainAll(filterByAuthentication(allCiphers,
Collections.singleton(Authentication.aNULL)));
addListAlias(ADH, adh);
- addListAlias(AES128, filterByEncryption(all, new
HashSet<>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM))));
- addListAlias(AES256, filterByEncryption(all, new
HashSet<>(Arrays.asList(Encryption.AES256, Encryption.AES256GCM))));
- addListAlias(AES, filterByEncryption(all, new
HashSet<>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM,
Encryption.AES256, Encryption.AES256GCM))));
- addListAlias(AESGCM, filterByEncryption(all, new
HashSet<>(Arrays.asList(Encryption.AES128GCM, Encryption.AES256GCM))));
- addListAlias(CAMELLIA, filterByEncryption(all, new
HashSet<>(Arrays.asList(Encryption.CAMELLIA128, Encryption.CAMELLIA256))));
- addListAlias(CAMELLIA128, filterByEncryption(all,
Collections.singleton(Encryption.CAMELLIA128)));
- addListAlias(CAMELLIA256, filterByEncryption(all,
Collections.singleton(Encryption.CAMELLIA256)));
- addListAlias(TRIPLE_DES, filterByEncryption(all,
Collections.singleton(Encryption.TRIPLE_DES)));
- addListAlias(DES, filterByEncryption(all,
Collections.singleton(Encryption.DES)));
- addListAlias(RC4, filterByEncryption(all,
Collections.singleton(Encryption.RC4)));
- addListAlias(RC2, filterByEncryption(all,
Collections.singleton(Encryption.RC2)));
- addListAlias(IDEA, filterByEncryption(all,
Collections.singleton(Encryption.IDEA)));
- addListAlias(SEED, filterByEncryption(all,
Collections.singleton(Encryption.SEED)));
- addListAlias(MD5, filterByMessageDigest(all,
Collections.singleton(MessageDigest.MD5)));
- addListAlias(SHA1, filterByMessageDigest(all,
Collections.singleton(MessageDigest.SHA1)));
+ addListAlias(AES128, filterByEncryption(allCiphers, new
HashSet<>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM))));
+ addListAlias(AES256, filterByEncryption(allCiphers, new
HashSet<>(Arrays.asList(Encryption.AES256, Encryption.AES256GCM))));
+ addListAlias(AES, filterByEncryption(allCiphers, new
HashSet<>(Arrays.asList(Encryption.AES128, Encryption.AES128GCM,
Encryption.AES256, Encryption.AES256GCM))));
+ addListAlias(AESGCM, filterByEncryption(allCiphers, new
HashSet<>(Arrays.asList(Encryption.AES128GCM, Encryption.AES256GCM))));
+ addListAlias(CAMELLIA, filterByEncryption(allCiphers, new
HashSet<>(Arrays.asList(Encryption.CAMELLIA128, Encryption.CAMELLIA256))));
+ addListAlias(CAMELLIA128, filterByEncryption(allCiphers,
Collections.singleton(Encryption.CAMELLIA128)));
+ addListAlias(CAMELLIA256, filterByEncryption(allCiphers,
Collections.singleton(Encryption.CAMELLIA256)));
+ addListAlias(TRIPLE_DES, filterByEncryption(allCiphers,
Collections.singleton(Encryption.TRIPLE_DES)));
+ addListAlias(DES, filterByEncryption(allCiphers,
Collections.singleton(Encryption.DES)));
+ addListAlias(RC4, filterByEncryption(allCiphers,
Collections.singleton(Encryption.RC4)));
+ addListAlias(RC2, filterByEncryption(allCiphers,
Collections.singleton(Encryption.RC2)));
+ addListAlias(IDEA, filterByEncryption(allCiphers,
Collections.singleton(Encryption.IDEA)));
+ addListAlias(SEED, filterByEncryption(allCiphers,
Collections.singleton(Encryption.SEED)));
+ addListAlias(MD5, filterByMessageDigest(allCiphers,
Collections.singleton(MessageDigest.MD5)));
+ addListAlias(SHA1, filterByMessageDigest(allCiphers,
Collections.singleton(MessageDigest.SHA1)));
aliases.put(SHA, aliases.get(SHA1));
- addListAlias(SHA256, filterByMessageDigest(all,
Collections.singleton(MessageDigest.SHA256)));
- addListAlias(SHA384, filterByMessageDigest(all,
Collections.singleton(MessageDigest.SHA384)));
- addListAlias(aGOST, filterByAuthentication(all, new
HashSet<>(Arrays.asList(Authentication.GOST01, Authentication.GOST94))));
- addListAlias(aGOST01, filterByAuthentication(all,
Collections.singleton(Authentication.GOST01)));
- addListAlias(aGOST94, filterByAuthentication(all,
Collections.singleton(Authentication.GOST94)));
- addListAlias(kGOST, filterByKeyExchange(all,
Collections.singleton(KeyExchange.GOST)));
- addListAlias(GOST94, filterByMessageDigest(all,
Collections.singleton(MessageDigest.GOST94)));
- addListAlias(GOST89MAC, filterByMessageDigest(all,
Collections.singleton(MessageDigest.GOST89MAC)));
- addListAlias(PSK, filter(all, null,
Collections.singleton(KeyExchange.PSK),
Collections.singleton(Authentication.PSK), null, null, null));
- addListAlias(KRB5, filter(all, null,
Collections.singleton(KeyExchange.KRB5),
Collections.singleton(Authentication.KRB5), null, null, null));
+ addListAlias(SHA256, filterByMessageDigest(allCiphers,
Collections.singleton(MessageDigest.SHA256)));
+ addListAlias(SHA384, filterByMessageDigest(allCiphers,
Collections.singleton(MessageDigest.SHA384)));
+ addListAlias(aGOST, filterByAuthentication(allCiphers, new
HashSet<>(Arrays.asList(Authentication.GOST01, Authentication.GOST94))));
+ addListAlias(aGOST01, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.GOST01)));
+ addListAlias(aGOST94, filterByAuthentication(allCiphers,
Collections.singleton(Authentication.GOST94)));
+ addListAlias(kGOST, filterByKeyExchange(allCiphers,
Collections.singleton(KeyExchange.GOST)));
+ addListAlias(GOST94, filterByMessageDigest(allCiphers,
Collections.singleton(MessageDigest.GOST94)));
+ addListAlias(GOST89MAC, filterByMessageDigest(allCiphers,
Collections.singleton(MessageDigest.GOST89MAC)));
+ addListAlias(PSK, filter(allCiphers, null,
Collections.singleton(KeyExchange.PSK),
Collections.singleton(Authentication.PSK), null, null, null));
+ addListAlias(KRB5, filter(allCiphers, null,
Collections.singleton(KeyExchange.KRB5),
Collections.singleton(Authentication.KRB5), null, null, null));
initialized = true;
String defaultExpression = System.getProperty(DEFAULT_EXPRESSION_KEY,
"ALL:!eNULL:!aNULL");
addListAlias(DEFAULT, parse(defaultExpression));
- LinkedHashSet<Cipher> complementOfDefault = new LinkedHashSet<>(all);
+ LinkedHashSet<Cipher> complementOfDefault = new
LinkedHashSet<>(allCiphers);
complementOfDefault.removeAll(aliases.get(DEFAULT));
addListAlias(COMPLEMENTOFDEFAULT, complementOfDefault);
}
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1615009&r1=1615008&r2=1615009&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Thu Jul 31 21:28:51 2014
@@ -19,70 +19,103 @@ package org.apache.tomcat.util.net.jsse.
import java.util.List;
import org.junit.Assert;
+import org.junit.Ignore;
import org.junit.Test;
public class TestOpenSSLCipherConfigurationParser {
@Test
- public void testANull() throws Exception {
+ public void testALL() throws Exception {
+ testSpecification("ALL");
+ }
+
+
+ @Test
+ public void testaNULL() throws Exception {
testSpecification("aNULL");
}
@Test
- public void testeNull() throws Exception {
+ public void testeNULL() throws Exception {
testSpecification("eNULL");
}
@Test
- public void testHigh() throws Exception {
+ public void testHIGH() throws Exception {
testSpecification("HIGH");
}
@Test
- public void testMedium() throws Exception {
+ public void testMEDIUM() throws Exception {
testSpecification("MEDIUM");
}
@Test
- public void testLow() throws Exception {
+ public void testLOW() throws Exception {
testSpecification("LOW");
}
@Test
- public void testExport40() throws Exception {
+ public void testEXPORT40() throws Exception {
testSpecification("EXPORT40");
}
@Test
- public void testExport() throws Exception {
+ public void testEXPORT() throws Exception {
testSpecification("EXPORT");
}
@Test
- public void testRsa() throws Exception {
+ public void testRSA() throws Exception {
testSpecification("RSA");
}
@Test
- public void testARsa() throws Exception {
+ public void testaRSA() throws Exception {
testSpecification("aRSA");
}
@Test
- public void testKRsa() throws Exception {
+ public void testkRSA() throws Exception {
testSpecification("kRSA");
}
+ @Test
+ public void testkEDH() throws Exception {
+ testSpecification("kEDH");
+ }
+
+
+ @Test
+ @Ignore("Contrary to the docs, OpenSSL does not recognise kDHE")
+ public void testkDHE() throws Exception {
+ testSpecification("kDHE");
+ }
+
+
+ @Test
+ public void testEDH() throws Exception {
+ testSpecification("EDH");
+ }
+
+
+ @Test
+ @Ignore("Contrary to the docs, OpenSSL does not recognise DHE")
+ public void testDHE() throws Exception {
+ testSpecification("DHE");
+ }
+
+
private void testSpecification(String specification) throws Exception {
// Filter out cipher suites that OpenSSL does not implement
String parserSpecification = "" + specification;
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
