}
public void testServerParameters() throws Exception {
SSLContext controlContext = SSLContext.getInstance("TLS");
controlContext.init(null, null, null);
SSLEngine controlEngine = controlContext.createSSLEngine();
SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
SSLContextParameters scp = new SSLContextParameters();
SSLContextServerParameters scsp = new SSLContextServerParameters();
scp.setServerParameters(scsp);
SSLContext context = scp.createSSLContext();
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertStartsWith(serverSocket.getEnabledProtocols(), "TLS");
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites()));
assertEquals(controlServerSocket.getWantClientAuth(), serverSocket.getWantClientAuth());
assertEquals(controlServerSocket.getNeedClientAuth(), serverSocket.getNeedClientAuth());
// No csp or filter on server params passes through shared config
scp.setCipherSuites(new CipherSuitesParameters());
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
// Csp on server params
scp.setCipherSuites(null);
CipherSuitesParameters csp = new CipherSuitesParameters();
scsp.setCipherSuites(csp);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
// Cipher suites filter on server params
FilterParameters filter = new FilterParameters();
filter.getExclude().add(".*");
scsp.setCipherSuites(null);
scsp.setCipherSuitesFilter(filter);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
// Csp on server overrides cipher suites filter on server
filter.getInclude().add(".*");
filter.getExclude().clear();
scsp.setCipherSuites(csp);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
// Sspp on server params
SecureSocketProtocolsParameters sspp = new SecureSocketProtocolsParameters();
scsp.setSecureSocketProtocols(sspp);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertEquals(0, serverSocket.getEnabledProtocols().length);
// Secure socket protocols filter on client params
filter = new FilterParameters();
filter.getExclude().add(".*");
scsp.setSecureSocketProtocols(null);
scsp.setSecureSocketProtocolsFilter(filter);
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertEquals(0, serverSocket.getEnabledProtocols().length);
// Sspp on client params overrides secure socket protocols filter on client
filter.getInclude().add(".*");
filter.getExclude().clear();
scsp.setSecureSocketProtocols(sspp);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertEquals(0, serverSocket.getEnabledProtocols().length);
// Server session timeout only affects server session configuration
scsp.setSessionTimeout("12345");