diff --git a/android/src/main/java/org/conscrypt/Platform.java b/android/src/main/java/org/conscrypt/Platform.java index cc1e10148..3ebc1c217 100644 --- a/android/src/main/java/org/conscrypt/Platform.java +++ b/android/src/main/java/org/conscrypt/Platform.java @@ -69,6 +69,7 @@ import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.StandardConstants; import javax.net.ssl.X509TrustManager; +import org.conscrypt.NativeCrypto; /** * Platform-specific methods for unbundled Android. @@ -76,9 +77,13 @@ @Internal final public class Platform { private static final String TAG = "Conscrypt"; + static boolean DEPRECATED_TLS_V1 = true; + static boolean ENABLED_TLS_V1 = false; + private static boolean FILTERED_TLS_V1 = true; private static Method m_getCurveName; static { + NativeCrypto.setTlsV1DeprecationStatus(DEPRECATED_TLS_V1, ENABLED_TLS_V1); try { m_getCurveName = ECParameterSpec.class.getDeclaredMethod("getCurveName"); m_getCurveName.setAccessible(true); @@ -89,7 +94,12 @@ final public class Platform { private Platform() {} - public static void setup() {} + public static void setup(boolean deprecatedTlsV1, boolean enabledTlsV1) { + DEPRECATED_TLS_V1 = deprecatedTlsV1; + ENABLED_TLS_V1 = enabledTlsV1; + FILTERED_TLS_V1 = !enabledTlsV1; + NativeCrypto.setTlsV1DeprecationStatus(DEPRECATED_TLS_V1, ENABLED_TLS_V1); + } /** * Default name used in the {@link java.security.Security JCE system} by {@code OpenSSLProvider} @@ -955,14 +965,14 @@ public static boolean isJavaxCertificateSupported() { } public static boolean isTlsV1Deprecated() { - return true; + return DEPRECATED_TLS_V1; } public static boolean isTlsV1Filtered() { - return false; + return FILTERED_TLS_V1; } public static boolean isTlsV1Supported() { - return false; + return ENABLED_TLS_V1; } } diff --git a/common/src/main/java/org/conscrypt/Conscrypt.java b/common/src/main/java/org/conscrypt/Conscrypt.java index c48f8f036..53bc16e7a 100644 --- a/common/src/main/java/org/conscrypt/Conscrypt.java +++ b/common/src/main/java/org/conscrypt/Conscrypt.java @@ -160,6 +160,8 @@ public static class ProviderBuilder { private String name = Platform.getDefaultProviderName(); private boolean provideTrustManager = Platform.provideTrustManagerByDefault(); private String defaultTlsProtocol = NativeCrypto.SUPPORTED_PROTOCOL_TLSV1_3; + private boolean deprecatedTlsV1 = true; + private boolean enabledTlsV1 = false; private ProviderBuilder() {} @@ -200,8 +202,21 @@ public ProviderBuilder defaultTlsProtocol(String defaultTlsProtocol) { return this; } + /** Specifies whether TLS v1.0 and 1.1 should be deprecated */ + public ProviderBuilder isTlsV1Deprecated(boolean deprecatedTlsV1) { + this.deprecatedTlsV1 = deprecatedTlsV1; + return this; + } + + /** Specifies whether TLS v1.0 and 1.1 should be enabled */ + public ProviderBuilder isTlsV1Enabled(boolean enabledTlsV1) { + this.enabledTlsV1 = enabledTlsV1; + return this; + } + public Provider build() { - return new OpenSSLProvider(name, provideTrustManager, defaultTlsProtocol); + return new OpenSSLProvider(name, provideTrustManager, + defaultTlsProtocol, deprecatedTlsV1, enabledTlsV1); } } diff --git a/common/src/main/java/org/conscrypt/NativeCrypto.java b/common/src/main/java/org/conscrypt/NativeCrypto.java index 445ac0de8..29c48f3e3 100644 --- a/common/src/main/java/org/conscrypt/NativeCrypto.java +++ b/common/src/main/java/org/conscrypt/NativeCrypto.java @@ -1025,29 +1025,48 @@ static native void SSL_set_client_CA_list(long ssl, NativeSsl ssl_holder, byte[] static native void set_SSL_psk_server_callback_enabled(long ssl, NativeSsl ssl_holder, boolean enabled); - private static final String[] ENABLED_PROTOCOLS_TLSV1 = Platform.isTlsV1Deprecated() - ? new String[0] - : new String[] { + public static void setTlsV1DeprecationStatus(boolean deprecated, boolean supported) { + if (deprecated) { + TLSV12_PROTOCOLS = new String[] { + SUPPORTED_PROTOCOL_TLSV1_2, + }; + TLSV13_PROTOCOLS = new String[] { + SUPPORTED_PROTOCOL_TLSV1_2, + SUPPORTED_PROTOCOL_TLSV1_3, + }; + } else { + TLSV12_PROTOCOLS = new String[] { DEPRECATED_PROTOCOL_TLSV1, DEPRECATED_PROTOCOL_TLSV1_1, + SUPPORTED_PROTOCOL_TLSV1_2, }; - - private static final String[] SUPPORTED_PROTOCOLS_TLSV1 = Platform.isTlsV1Supported() - ? new String[] { + TLSV13_PROTOCOLS = new String[] { DEPRECATED_PROTOCOL_TLSV1, DEPRECATED_PROTOCOL_TLSV1_1, - } : new String[0]; + SUPPORTED_PROTOCOL_TLSV1_2, + SUPPORTED_PROTOCOL_TLSV1_3, + }; + } + if (supported) { + SUPPORTED_PROTOCOLS = new String[] { + DEPRECATED_PROTOCOL_TLSV1, + DEPRECATED_PROTOCOL_TLSV1_1, + SUPPORTED_PROTOCOL_TLSV1_2, + SUPPORTED_PROTOCOL_TLSV1_3, + }; + } else { + SUPPORTED_PROTOCOLS = new String[] { + SUPPORTED_PROTOCOL_TLSV1_2, + SUPPORTED_PROTOCOL_TLSV1_3, + }; + } + } /** Protocols to enable by default when "TLSv1.3" is requested. */ - static final String[] TLSV13_PROTOCOLS = ArrayUtils.concatValues( - ENABLED_PROTOCOLS_TLSV1, - SUPPORTED_PROTOCOL_TLSV1_2, - SUPPORTED_PROTOCOL_TLSV1_3); + static String[] TLSV13_PROTOCOLS; /** Protocols to enable by default when "TLSv1.2" is requested. */ - static final String[] TLSV12_PROTOCOLS = ArrayUtils.concatValues( - ENABLED_PROTOCOLS_TLSV1, - SUPPORTED_PROTOCOL_TLSV1_2); + static String[] TLSV12_PROTOCOLS; /** Protocols to enable by default when "TLSv1.1" is requested. */ static final String[] TLSV11_PROTOCOLS = new String[] { @@ -1059,20 +1078,12 @@ static native void SSL_set_client_CA_list(long ssl, NativeSsl ssl_holder, byte[] /** Protocols to enable by default when "TLSv1" is requested. */ static final String[] TLSV1_PROTOCOLS = TLSV11_PROTOCOLS; - static final String[] DEFAULT_PROTOCOLS = TLSV13_PROTOCOLS; - // If we ever get a new protocol go look for tests which are skipped using // assumeTlsV11Enabled() - private static final String[] SUPPORTED_PROTOCOLS = ArrayUtils.concatValues( - SUPPORTED_PROTOCOLS_TLSV1, - SUPPORTED_PROTOCOL_TLSV1_2, - SUPPORTED_PROTOCOL_TLSV1_3); + private static String[] SUPPORTED_PROTOCOLS; public static String[] getDefaultProtocols() { - if (Platform.isTlsV1Deprecated()) { - return DEFAULT_PROTOCOLS.clone(); - } - return SUPPORTED_PROTOCOLS.clone(); + return TLSV13_PROTOCOLS.clone(); } static String[] getSupportedProtocols() { diff --git a/common/src/main/java/org/conscrypt/OpenSSLProvider.java b/common/src/main/java/org/conscrypt/OpenSSLProvider.java index d0e7fd5c5..7c52c9b1b 100644 --- a/common/src/main/java/org/conscrypt/OpenSSLProvider.java +++ b/common/src/main/java/org/conscrypt/OpenSSLProvider.java @@ -51,17 +51,29 @@ public OpenSSLProvider() { @SuppressWarnings("deprecation") public OpenSSLProvider(String providerName) { - this(providerName, Platform.provideTrustManagerByDefault(), "TLSv1.3"); + this(providerName, Platform.provideTrustManagerByDefault(), "TLSv1.3", + Platform.DEPRECATED_TLS_V1, Platform.ENABLED_TLS_V1); } - OpenSSLProvider(String providerName, boolean includeTrustManager, String defaultTlsProtocol) { + OpenSSLProvider(String providerName, boolean includeTrustManager, + String defaultTlsProtocol) { + this(providerName, includeTrustManager, defaultTlsProtocol, + Platform.DEPRECATED_TLS_V1, Platform.ENABLED_TLS_V1); + } + + OpenSSLProvider(String providerName, boolean includeTrustManager, + String defaultTlsProtocol, boolean deprecatedTlsV1, + boolean enabledTlsV1) { super(providerName, 1.0, "Android's OpenSSL-backed security provider"); // Ensure that the native library has been loaded. NativeCrypto.checkAvailability(); + if (!deprecatedTlsV1 && !enabledTlsV1) { + throw new IllegalArgumentException("TLSv1 is not deprecated and cannot be disabled."); + } // Make sure the platform is initialized. - Platform.setup(); + Platform.setup(deprecatedTlsV1, enabledTlsV1); /* === SSL Contexts === */ String classOpenSSLContextImpl = PREFIX + "OpenSSLContextImpl"; diff --git a/common/src/test/java/org/conscrypt/javax/net/ssl/SSLSocketVersionCompatibilityTest.java b/common/src/test/java/org/conscrypt/javax/net/ssl/SSLSocketVersionCompatibilityTest.java index a05746f40..84d4af44c 100644 --- a/common/src/test/java/org/conscrypt/javax/net/ssl/SSLSocketVersionCompatibilityTest.java +++ b/common/src/test/java/org/conscrypt/javax/net/ssl/SSLSocketVersionCompatibilityTest.java @@ -1837,22 +1837,6 @@ public void test_SSLSocket_TLSv1Supported() throws Exception { } } -// @TargetSdkVersion(35) - @Test - public void test_SSLSocket_SSLv3Unsupported_35() throws Exception { - assumeFalse(isTlsV1Filtered()); - TestSSLContext context = new TestSSLContext.Builder() - .clientProtocol(clientVersion) - .serverProtocol(serverVersion) - .build(); - final SSLSocket client = - (SSLSocket) context.clientContext.getSocketFactory().createSocket(); - assertThrows(IllegalArgumentException.class, - () -> client.setEnabledProtocols(new String[] {"SSLv3"})); - assertThrows(IllegalArgumentException.class, - () -> client.setEnabledProtocols(new String[] {"SSL"})); - } - // @TargetSdkVersion(34) @Test @Ignore("For platform CTS only") @@ -1889,20 +1873,6 @@ public void test_TLSv1Filtered_34() throws Exception { assertEquals("TLSv1.2", client.getEnabledProtocols()[0]); } -// @TargetSdkVersion(35) - @Test - public void test_TLSv1Filtered_35() throws Exception { - assumeTrue(isTlsV1Filtered()); - TestSSLContext context = new TestSSLContext.Builder() - .clientProtocol(clientVersion) - .serverProtocol(serverVersion) - .build(); - final SSLSocket client = - (SSLSocket) context.clientContext.getSocketFactory().createSocket(); - assertThrows(IllegalArgumentException.class, () -> - client.setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"})); - } - @Test public void test_TLSv1Unsupported_notEnabled() { assumeTrue(!isTlsV1Supported()); diff --git a/openjdk/src/main/java/org/conscrypt/Platform.java b/openjdk/src/main/java/org/conscrypt/Platform.java index a651d4788..55f871c03 100644 --- a/openjdk/src/main/java/org/conscrypt/Platform.java +++ b/openjdk/src/main/java/org/conscrypt/Platform.java @@ -84,6 +84,7 @@ import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; +import org.conscrypt.NativeCrypto; /** * Platform-specific methods for OpenJDK. @@ -94,9 +95,12 @@ final public class Platform { private static final int JAVA_VERSION = javaVersion0(); private static final Method GET_CURVE_NAME_METHOD; + static boolean DEPRECATED_TLS_V1 = true; + static boolean ENABLED_TLS_V1 = false; + private static boolean FILTERED_TLS_V1 = true; static { - + NativeCrypto.setTlsV1DeprecationStatus(DEPRECATED_TLS_V1, ENABLED_TLS_V1); Method getCurveNameMethod = null; try { getCurveNameMethod = ECParameterSpec.class.getDeclaredMethod("getCurveName"); @@ -109,7 +113,12 @@ final public class Platform { private Platform() {} - static void setup() {} + public static void setup(boolean deprecatedTlsV1, boolean enabledTlsV1) { + DEPRECATED_TLS_V1 = deprecatedTlsV1; + ENABLED_TLS_V1 = enabledTlsV1; + FILTERED_TLS_V1 = !enabledTlsV1; + NativeCrypto.setTlsV1DeprecationStatus(DEPRECATED_TLS_V1, ENABLED_TLS_V1); + } /** @@ -839,14 +848,14 @@ public static boolean isJavaxCertificateSupported() { } public static boolean isTlsV1Deprecated() { - return true; + return DEPRECATED_TLS_V1; } public static boolean isTlsV1Filtered() { - return false; + return FILTERED_TLS_V1; } public static boolean isTlsV1Supported() { - return true; + return ENABLED_TLS_V1; } } diff --git a/openjdk/src/test/java/org/conscrypt/ConscryptSocketTest.java b/openjdk/src/test/java/org/conscrypt/ConscryptSocketTest.java index fbd041dee..cd83a8435 100644 --- a/openjdk/src/test/java/org/conscrypt/ConscryptSocketTest.java +++ b/openjdk/src/test/java/org/conscrypt/ConscryptSocketTest.java @@ -663,7 +663,7 @@ public AbstractConscryptSocket createSocket(ServerSocket listener) throws IOExce + ": " + connection.clientException.getMessage(), connection.clientException instanceof SSLHandshakeException); assertTrue( - connection.clientException.getMessage().contains("SSLv3 is no longer supported")); + connection.clientException.getMessage().contains("SSLv3")); assertTrue("Expected SSLHandshakeException, but got " + connection.serverException.getClass().getSimpleName() + ": " + connection.serverException.getMessage(), diff --git a/platform/src/main/java/org/conscrypt/Platform.java b/platform/src/main/java/org/conscrypt/Platform.java index 9691c3de9..2c5301c05 100644 --- a/platform/src/main/java/org/conscrypt/Platform.java +++ b/platform/src/main/java/org/conscrypt/Platform.java @@ -75,18 +75,30 @@ import javax.net.ssl.StandardConstants; import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; - +import libcore.net.NetworkSecurityPolicy; +import org.conscrypt.NativeCrypto; import sun.security.x509.AlgorithmId; @Internal final public class Platform { private static class NoPreloadHolder { public static final Platform MAPPER = new Platform(); } + static boolean DEPRECATED_TLS_V1 = true; + static boolean ENABLED_TLS_V1 = false; + private static boolean FILTERED_TLS_V1 = true; + + static { + NativeCrypto.setTlsV1DeprecationStatus(DEPRECATED_TLS_V1, ENABLED_TLS_V1); + } /** * Runs all the setup for the platform that only needs to run once. */ - public static void setup() { + public static void setup(boolean deprecatedTlsV1, boolean enabledTlsV1) { + DEPRECATED_TLS_V1 = deprecatedTlsV1; + ENABLED_TLS_V1 = enabledTlsV1; + FILTERED_TLS_V1 = !enabledTlsV1; NoPreloadHolder.MAPPER.ping(); + NativeCrypto.setTlsV1DeprecationStatus(DEPRECATED_TLS_V1, ENABLED_TLS_V1); } /** @@ -552,34 +564,34 @@ public static boolean isJavaxCertificateSupported() { } public static boolean isTlsV1Deprecated() { - return true; + return DEPRECATED_TLS_V1; } public static boolean isTlsV1Filtered() { Object targetSdkVersion = getTargetSdkVersion(); - if ((targetSdkVersion != null) && ((int) targetSdkVersion > 34)) + if ((targetSdkVersion != null) && ((int) targetSdkVersion > 35) + && ((int) targetSdkVersion < 100)) return false; - return true; + return FILTERED_TLS_V1; } public static boolean isTlsV1Supported() { - return false; + return ENABLED_TLS_V1; } static Object getTargetSdkVersion() { try { - Class vmRuntime = Class.forName("dalvik.system.VMRuntime"); - if (vmRuntime == null) { - return null; - } - OptionalMethod getSdkVersion = - new OptionalMethod(vmRuntime, - "getTargetSdkVersion"); - return getSdkVersion.invokeStatic(); - } catch (ClassNotFoundException e) { - return null; - } catch (NullPointerException e) { + Class vmRuntimeClass = Class.forName("dalvik.system.VMRuntime"); + Method getRuntimeMethod = vmRuntimeClass.getDeclaredMethod("getRuntime"); + Method getTargetSdkVersionMethod = + vmRuntimeClass.getDeclaredMethod("getTargetSdkVersion"); + Object vmRuntime = getRuntimeMethod.invoke(null); + return getTargetSdkVersionMethod.invoke(vmRuntime); + } catch (IllegalAccessException | + NullPointerException | InvocationTargetException e) { return null; + } catch (Exception e) { + throw new RuntimeException(e); } } } diff --git a/platform/src/test/java/org/conscrypt/TlsDeprecationTest.java b/platform/src/test/java/org/conscrypt/TlsDeprecationTest.java index 9894fbf3c..a04788625 100644 --- a/platform/src/test/java/org/conscrypt/TlsDeprecationTest.java +++ b/platform/src/test/java/org/conscrypt/TlsDeprecationTest.java @@ -16,28 +16,32 @@ package org.conscrypt; -import static org.conscrypt.TestUtils.isTlsV1Filtered; - import libcore.junit.util.SwitchTargetSdkVersionRule; import libcore.junit.util.SwitchTargetSdkVersionRule.TargetSdkVersion; +import java.security.Provider; import javax.net.ssl.SSLSocket; import org.junit.Test; import org.junit.runner.RunWith; +import org.junit.rules.TestRule; +import org.junit.Rule; import org.junit.runners.JUnit4; import org.conscrypt.javax.net.ssl.TestSSLContext; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertThrows; import static org.junit.Assert.fail; import static org.junit.Assume.assumeFalse; @RunWith(JUnit4.class) public class TlsDeprecationTest { - @TargetSdkVersion(35) + @Test - public void test_SSLSocket_SSLv3Unsupported_35() throws Exception { - assumeFalse(isTlsV1Filtered()); + @TargetSdkVersion(36) + public void test_SSLSocket_SSLv3Unsupported_36() throws Exception { + assertFalse(TestUtils.isTlsV1Filtered()); TestSSLContext context = TestSSLContext.create(); final SSLSocket client = (SSLSocket) context.clientContext.getSocketFactory().createSocket(); @@ -45,26 +49,23 @@ public void test_SSLSocket_SSLv3Unsupported_35() throws Exception { assertThrows(IllegalArgumentException.class, () -> client.setEnabledProtocols(new String[] {"SSL"})); } - @TargetSdkVersion(34) @Test + @TargetSdkVersion(34) public void test_SSLSocket_SSLv3Unsupported_34() throws Exception { + assertTrue(TestUtils.isTlsV1Filtered()); TestSSLContext context = TestSSLContext.create(); final SSLSocket client = (SSLSocket) context.clientContext.getSocketFactory().createSocket(); // For app compatibility, SSLv3 is stripped out when setting only. client.setEnabledProtocols(new String[] {"SSLv3"}); assertEquals(0, client.getEnabledProtocols().length); - try { - client.setEnabledProtocols(new String[] {"SSL"}); - fail("SSLSocket should not support SSL protocol"); - } catch (IllegalArgumentException expected) { - // Ignored. - } + assertThrows(IllegalArgumentException.class, () -> client.setEnabledProtocols(new String[] {"SSL"})); } - @TargetSdkVersion(34) @Test + @TargetSdkVersion(34) public void test_TLSv1Filtered_34() throws Exception { + assertTrue(TestUtils.isTlsV1Filtered()); TestSSLContext context = TestSSLContext.create(); final SSLSocket client = (SSLSocket) context.clientContext.getSocketFactory().createSocket(); @@ -73,14 +74,91 @@ public void test_TLSv1Filtered_34() throws Exception { assertEquals("TLSv1.2", client.getEnabledProtocols()[0]); } - @TargetSdkVersion(35) @Test - public void test_TLSv1Filtered_35() throws Exception { - assumeFalse(isTlsV1Filtered()); + @TargetSdkVersion(34) + public void test_TLSv1FilteredEmpty_34() throws Exception { + assertTrue(TestUtils.isTlsV1Filtered()); + TestSSLContext context = TestSSLContext.create(); + final SSLSocket client = + (SSLSocket) context.clientContext.getSocketFactory().createSocket(); + client.setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1"}); + assertEquals(0, client.getEnabledProtocols().length); + } + + @Test + @TargetSdkVersion(36) + public void test_TLSv1Filtered_36() throws Exception { + assertFalse(TestUtils.isTlsV1Filtered()); TestSSLContext context = TestSSLContext.create(); final SSLSocket client = (SSLSocket) context.clientContext.getSocketFactory().createSocket(); assertThrows(IllegalArgumentException.class, () -> client.setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"})); } -} \ No newline at end of file + + @Test + @TargetSdkVersion(34) + public void testInitializeDeprecatedEnabled_34() { + Provider conscryptProvider = TestUtils.getConscryptProvider(true, true); + assertTrue(TestUtils.isTlsV1Deprecated()); + assertFalse(TestUtils.isTlsV1Filtered()); + assertTrue(TestUtils.isTlsV1Supported()); + } + + @Test + @TargetSdkVersion(36) + public void testInitializeDeprecatedEnabled_36() { + Provider conscryptProvider = TestUtils.getConscryptProvider(true, true); + assertTrue(TestUtils.isTlsV1Deprecated()); + assertFalse(TestUtils.isTlsV1Filtered()); + assertTrue(TestUtils.isTlsV1Supported()); + } + + @Test + @TargetSdkVersion(34) + public void testInitializeDeprecatedDisabled_34() { + Provider conscryptProvider = TestUtils.getConscryptProvider(true, false); + assertTrue(TestUtils.isTlsV1Deprecated()); + assertTrue(TestUtils.isTlsV1Filtered()); + assertFalse(TestUtils.isTlsV1Supported()); + } + + @Test + @TargetSdkVersion(36) + public void testInitializeDeprecatedDisabled_36() { + Provider conscryptProvider = TestUtils.getConscryptProvider(true, false); + assertTrue(TestUtils.isTlsV1Deprecated()); + assertFalse(TestUtils.isTlsV1Filtered()); + assertFalse(TestUtils.isTlsV1Supported()); + } + + @Test + @TargetSdkVersion(34) + public void testInitializeUndeprecatedEnabled_34() { + Provider conscryptProvider = TestUtils.getConscryptProvider(false, true); + assertFalse(TestUtils.isTlsV1Deprecated()); + assertFalse(TestUtils.isTlsV1Filtered()); + assertTrue(TestUtils.isTlsV1Supported()); + } + + @Test + @TargetSdkVersion(36) + public void testInitializeUndeprecatedEnabled_36() { + Provider conscryptProvider = TestUtils.getConscryptProvider(false, true); + assertFalse(TestUtils.isTlsV1Deprecated()); + assertFalse(TestUtils.isTlsV1Filtered()); + assertTrue(TestUtils.isTlsV1Supported()); + } + + @Test + @TargetSdkVersion(34) + public void testInitializeUndeprecatedDisabled_34() { + assertThrows(RuntimeException.class, () -> TestUtils.getConscryptProvider(false, false)); + } + + @Test + @TargetSdkVersion(36) + public void testInitializeUndeprecatedDisabled_36() { + assertThrows(RuntimeException.class, () -> TestUtils.getConscryptProvider(false, false)); + } +} diff --git a/testing/src/main/java/org/conscrypt/TestUtils.java b/testing/src/main/java/org/conscrypt/TestUtils.java index c6e6e22ff..86967a004 100644 --- a/testing/src/main/java/org/conscrypt/TestUtils.java +++ b/testing/src/main/java/org/conscrypt/TestUtils.java @@ -234,24 +234,33 @@ public static InetAddress getLoopbackAddress() { } } - public static Provider getConscryptProvider() { + public static Provider getConscryptProvider(boolean isTlsV1Deprecated, + boolean isTlsV1Enabled) { try { String defaultName = (String) conscryptClass("Platform") .getDeclaredMethod("getDefaultProviderName") .invoke(null); - Constructor c = conscryptClass("OpenSSLProvider") - .getDeclaredConstructor(String.class, Boolean.TYPE, String.class); + Constructor c = + conscryptClass("OpenSSLProvider") + .getDeclaredConstructor(String.class, Boolean.TYPE, + String.class, Boolean.TYPE, Boolean.TYPE); if (!isClassAvailable("javax.net.ssl.X509ExtendedTrustManager")) { - return (Provider) c.newInstance(defaultName, false, "TLSv1.3"); + return (Provider) c.newInstance(defaultName, false, "TLSv1.3", + isTlsV1Deprecated, isTlsV1Enabled); } else { - return (Provider) c.newInstance(defaultName, true, "TLSv1.3"); + return (Provider) c.newInstance(defaultName, true, "TLSv1.3", + isTlsV1Deprecated, isTlsV1Enabled); } } catch (Exception e) { throw new RuntimeException(e); } } + public static Provider getConscryptProvider() { + return getConscryptProvider(true, false); + } + public static synchronized void installConscryptAsDefaultProvider() { Provider conscryptProvider = getConscryptProvider(); Provider[] providers = Security.getProviders();