Cleanup

peterdettman · peterdettman · commit d51e11efdfa6 · 2022-09-30T17:45:09.000+07:00
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockRawKeysTlsClient.java b/tls/src/test/java/org/bouncycastle/tls/test/MockRawKeysTlsClient.java
@@ -4,7 +4,6 @@
 import java.security.SecureRandom;
 import java.util.Vector;
 
-import junit.framework.TestCase;
 import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
 import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
 import org.bouncycastle.tls.Certificate;
@@ -23,16 +22,16 @@
 import org.bouncycastle.tls.TlsServerCertificate;
 import org.bouncycastle.tls.TlsUtils;
 import org.bouncycastle.tls.crypto.TlsCertificate;
-import org.bouncycastle.tls.crypto.TlsCrypto;
 import org.bouncycastle.tls.crypto.TlsCryptoParameters;
 import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedSigner;
 import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
 import org.bouncycastle.tls.crypto.impl.bc.BcTlsRawKeyCertificate;
 
+import junit.framework.TestCase;
+
 class MockRawKeysTlsClient
     extends DefaultTlsClient
 {
-
     private short serverCertType;
     private short clientCertType;
     private short[] offerServerCertTypes;
@@ -46,6 +45,7 @@ class MockRawKeysTlsClient
         throws Exception
     {
         super(new BcTlsCrypto(new SecureRandom()));
+
         this.serverCertType = serverCertType;
         this.clientCertType = clientCertType;
         this.offerServerCertTypes = offerServerCertTypes;
@@ -61,9 +61,9 @@ protected ProtocolVersion[] getSupportedVersions()
 
     protected int[] getSupportedCipherSuites()
     {
-        return ProtocolVersion.TLSv13.equals(tlsVersion) ?
-                new int[] {CipherSuite.TLS_AES_128_GCM_SHA256} :
-                new int[] {CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256};
+        return TlsUtils.isTLSv13(tlsVersion)
+            ?   new int[]{ CipherSuite.TLS_AES_128_GCM_SHA256 }
+            :   new int[]{ CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 };
     }
 
     protected short[] getAllowedClientCertificateTypes()
@@ -113,19 +113,13 @@ public TlsCredentials getClientCredentials(CertificateRequest certificateRequest
                                 SignatureAlgorithm.ed25519, "x509-client-ed25519.pem", "x509-client-key-ed25519.pem");
                         break;
                     case CertificateType.RawPublicKey:
-                        TlsCertificate rawKeyCert = new BcTlsRawKeyCertificate(
-                            (BcTlsCrypto)getCrypto(),
-                                SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(privateKey.generatePublicKey()));
-                        Certificate cert = new Certificate(
-                                CertificateType.RawPublicKey,
-                                TlsUtils.isTLSv13(context) ? TlsUtils.EMPTY_BYTES : null,
-                                new CertificateEntry[] {new CertificateEntry(rawKeyCert, null)});
-                        credentials = new BcDefaultTlsCredentialedSigner(
-                                new TlsCryptoParameters(context),
-                            (BcTlsCrypto)getCrypto(),
-                                privateKey,
-                                cert,
-                                SignatureAndHashAlgorithm.ed25519);
+                        TlsCertificate rawKeyCert = new BcTlsRawKeyCertificate((BcTlsCrypto)getCrypto(),
+                            SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(privateKey.generatePublicKey()));
+                        Certificate cert = new Certificate(CertificateType.RawPublicKey,
+                            TlsUtils.isTLSv13(context) ? TlsUtils.EMPTY_BYTES : null,
+                            new CertificateEntry[]{ new CertificateEntry(rawKeyCert, null) });
+                        credentials = new BcDefaultTlsCredentialedSigner(new TlsCryptoParameters(context),
+                            (BcTlsCrypto)getCrypto(), privateKey, cert, SignatureAndHashAlgorithm.ed25519);
                         break;
                     default:
                         throw new IllegalArgumentException("Only supports X509 and raw keys");
@@ -136,9 +130,4 @@ public TlsCredentials getClientCredentials(CertificateRequest certificateRequest
             }
         };
     }
-
-    public TlsCrypto getCrypto()
-    {
-        return super.getCrypto();
-    }
 }
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockRawKeysTlsServer.java b/tls/src/test/java/org/bouncycastle/tls/test/MockRawKeysTlsServer.java
@@ -5,7 +5,6 @@
 import java.util.Hashtable;
 import java.util.Vector;
 
-import junit.framework.TestCase;
 import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
 import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
 import org.bouncycastle.tls.Certificate;
@@ -22,15 +21,15 @@
 import org.bouncycastle.tls.TlsCredentials;
 import org.bouncycastle.tls.TlsUtils;
 import org.bouncycastle.tls.crypto.TlsCertificate;
-import org.bouncycastle.tls.crypto.TlsCrypto;
 import org.bouncycastle.tls.crypto.TlsCryptoParameters;
 import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedSigner;
 import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
 import org.bouncycastle.tls.crypto.impl.bc.BcTlsRawKeyCertificate;
 
+import junit.framework.TestCase;
+
 class MockRawKeysTlsServer extends DefaultTlsServer
 {
-
     private short serverCertType;
     private short clientCertType;
     private short[] allowedClientCertTypes;
@@ -40,11 +39,11 @@ class MockRawKeysTlsServer extends DefaultTlsServer
 
     Hashtable receivedClientExtensions;
 
-    MockRawKeysTlsServer(short serverCertType, short clientCertType,
-            short[] allowedClientCertTypes, Ed25519PrivateKeyParameters privateKey,
-            ProtocolVersion tlsVersion) throws Exception
+    MockRawKeysTlsServer(short serverCertType, short clientCertType, short[] allowedClientCertTypes,
+        Ed25519PrivateKeyParameters privateKey, ProtocolVersion tlsVersion) throws Exception
     {
         super(new BcTlsCrypto(new SecureRandom()));
+
         this.serverCertType = serverCertType;
         this.clientCertType = clientCertType;
         this.allowedClientCertTypes = allowedClientCertTypes;
@@ -68,47 +67,44 @@ public TlsCredentials getCredentials() throws IOException
 
     protected ProtocolVersion[] getSupportedVersions()
     {
-        return new ProtocolVersion[] {tlsVersion};
+        return new ProtocolVersion[]{ tlsVersion };
     }
 
     protected int[] getSupportedCipherSuites()
     {
-        return ProtocolVersion.TLSv13.equals(tlsVersion) ?
-                new int[] {CipherSuite.TLS_AES_128_GCM_SHA256} :
-                new int[] {CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256};
+        return TlsUtils.isTLSv13(tlsVersion)
+            ?   new int[]{ CipherSuite.TLS_AES_128_GCM_SHA256 }
+            :   new int[]{ CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 };
     }
 
     public void processClientExtensions(Hashtable clientExtensions) throws IOException
     {
-        receivedClientExtensions = clientExtensions;
+        this.receivedClientExtensions = clientExtensions;
+
         super.processClientExtensions(clientExtensions);
     }
 
     protected TlsCredentialedSigner getECDSASignerCredentials() throws IOException
     {
         if (credentials == null)
         {
+            BcTlsCrypto crypto = (BcTlsCrypto)getCrypto();
+
             switch (serverCertType)
             {
             case CertificateType.X509:
-                credentials = TlsTestUtils.loadSignerCredentials(
-                        context, context.getSecurityParametersHandshake().getClientSigAlgs(),
-                        SignatureAlgorithm.ed25519, "x509-client-ed25519.pem", "x509-client-key-ed25519.pem");
+                credentials = TlsTestUtils.loadSignerCredentials(context,
+                    context.getSecurityParametersHandshake().getClientSigAlgs(), SignatureAlgorithm.ed25519,
+                    "x509-client-ed25519.pem", "x509-client-key-ed25519.pem");
                 break;
             case CertificateType.RawPublicKey:
-                TlsCertificate rawKeyCert = new BcTlsRawKeyCertificate(
-                    (BcTlsCrypto)getCrypto(),
-                        SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(privateKey.generatePublicKey()));
-                Certificate cert = new Certificate(
-                        CertificateType.RawPublicKey,
-                        TlsUtils.isTLSv13(context) ? TlsUtils.EMPTY_BYTES : null,
-                        new CertificateEntry[] {new CertificateEntry(rawKeyCert, null)});
-                credentials = new BcDefaultTlsCredentialedSigner(
-                        new TlsCryptoParameters(context),
-                    (BcTlsCrypto)getCrypto(),
-                        privateKey,
-                        cert,
-                        SignatureAndHashAlgorithm.ed25519);
+                TlsCertificate rawKeyCert = new BcTlsRawKeyCertificate(crypto,
+                    SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(privateKey.generatePublicKey()));
+                Certificate cert = new Certificate(CertificateType.RawPublicKey,
+                    TlsUtils.isTLSv13(context) ? TlsUtils.EMPTY_BYTES : null,
+                    new CertificateEntry[]{ new CertificateEntry(rawKeyCert, null) });
+                credentials = new BcDefaultTlsCredentialedSigner(new TlsCryptoParameters(context),
+                    crypto, privateKey, cert, SignatureAndHashAlgorithm.ed25519);
                 break;
             default:
                 throw new IllegalArgumentException("Only supports X509 and raw keys");
@@ -140,26 +136,21 @@ public CertificateRequest getCertificateRequest() throws IOException
             return null;
         }
 
-        short[] certificateTypes = new short[] {ClientCertificateType.ecdsa_sign};
+        short[] certificateTypes = new short[]{ ClientCertificateType.ecdsa_sign };
 
         Vector serverSigAlgs = null;
         if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(context.getServerVersion()))
         {
             serverSigAlgs = TlsUtils.getDefaultSupportedSignatureAlgorithms(context);
         }
 
-        return ProtocolVersion.TLSv13.equals(tlsVersion) ?
-                new CertificateRequest(TlsUtils.EMPTY_BYTES, serverSigAlgs, null, null) :
-                new CertificateRequest(certificateTypes, serverSigAlgs, null);
+        return TlsUtils.isTLSv13(tlsVersion)
+            ?   new CertificateRequest(TlsUtils.EMPTY_BYTES, serverSigAlgs, null, null)
+            :   new CertificateRequest(certificateTypes, serverSigAlgs, null);
     }
 
     public void notifyClientCertificate(Certificate clientCertificate) throws IOException
     {
         TestCase.assertEquals("client certificate is the wrong type", clientCertType, clientCertificate.getCertificateType());
     }
-
-    public TlsCrypto getCrypto()
-    {
-        return super.getCrypto();
-    }
 }
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/TlsRawKeysProtocolTest.java b/tls/src/test/java/org/bouncycastle/tls/test/TlsRawKeysProtocolTest.java
@@ -23,7 +23,7 @@
 public class TlsRawKeysProtocolTest
     extends TestCase
 {
-    private SecureRandom rng = new SecureRandom();
+    private final SecureRandom RANDOM = new SecureRandom();
 
     public void testClientSendsExtensionButServerDoesNotSupportIt() throws Exception
     {
@@ -42,13 +42,13 @@ private void testClientSendsExtensionButServerDoesNotSupportIt(ProtocolVersion t
                 (short) -1,
                 new short[] {CertificateType.RawPublicKey, CertificateType.X509},
                 null,
-                generateKeypair(),
+                generateKeyPair(),
                 tlsVersion);
         MockRawKeysTlsServer server = new MockRawKeysTlsServer(
                 CertificateType.X509,
                 (short) -1,
                 null,
-                generateKeypair(),
+                generateKeyPair(),
                 tlsVersion);
         pumpData(client, server);
     }
@@ -70,13 +70,13 @@ private void testExtensionsAreOmittedIfSpecifiedButOnlyContainX509(ProtocolVersi
                 CertificateType.X509,
                 new short[] {CertificateType.X509},
                 new short[] {CertificateType.X509},
-                generateKeypair(),
+                generateKeyPair(),
                 tlsVersion);
         MockRawKeysTlsServer server = new MockRawKeysTlsServer(
                 CertificateType.X509,
                 CertificateType.X509,
                 new short[] {CertificateType.X509},
-                generateKeypair(),
+                generateKeyPair(),
                 tlsVersion);
         pumpData(client, server);
 
@@ -105,13 +105,13 @@ private void testBothSidesUseRawKey(ProtocolVersion tlsVersion) throws Exception
                 CertificateType.RawPublicKey,
                 new short[] {CertificateType.RawPublicKey},
                 new short[] {CertificateType.RawPublicKey},
-                generateKeypair(),
+                generateKeyPair(),
                 tlsVersion);
         MockRawKeysTlsServer server = new MockRawKeysTlsServer(
                 CertificateType.RawPublicKey,
                 CertificateType.RawPublicKey,
                 new short[] {CertificateType.RawPublicKey},
-                generateKeypair(),
+                generateKeyPair(),
                 tlsVersion);
         pumpData(client, server);
     }
@@ -133,13 +133,13 @@ private void testServerUsesRawKeyAndClientIsAnonymous(ProtocolVersion tlsVersion
                 (short) -1,
                 new short[] {CertificateType.RawPublicKey},
                 null,
-                generateKeypair(),
+                generateKeyPair(),
                 tlsVersion);
         MockRawKeysTlsServer server = new MockRawKeysTlsServer(
                 CertificateType.RawPublicKey,
                 (short) -1,
                 null,
-                generateKeypair(),
+                generateKeyPair(),
                 tlsVersion);
         pumpData(client, server);
     }
@@ -161,13 +161,13 @@ private void testServerUsesRawKeyAndClientUsesX509(ProtocolVersion tlsVersion) t
                 CertificateType.X509,
                 new short[] {CertificateType.RawPublicKey},
                 null,
-                generateKeypair(),
+                generateKeyPair(),
                 tlsVersion);
         MockRawKeysTlsServer server = new MockRawKeysTlsServer(
                 CertificateType.RawPublicKey,
                 CertificateType.X509,
                 null,
-                generateKeypair(),
+                generateKeyPair(),
                 tlsVersion);
         pumpData(client, server);
     }
@@ -189,13 +189,13 @@ private void testServerUsesX509AndClientUsesRawKey(ProtocolVersion tlsVersion) t
                 CertificateType.RawPublicKey,
                 null,
                 new short[] {CertificateType.RawPublicKey},
-                generateKeypair(),
+                generateKeyPair(),
                 tlsVersion);
         MockRawKeysTlsServer server = new MockRawKeysTlsServer(
                 CertificateType.X509,
                 CertificateType.RawPublicKey,
                 new short[] {CertificateType.RawPublicKey},
-                generateKeypair(),
+                generateKeyPair(),
                 tlsVersion);
         pumpData(client, server);
     }
@@ -219,13 +219,13 @@ private void testClientSendsClientCertExtensionButServerHasNoCommonTypes(Protoco
                     CertificateType.RawPublicKey,
                     null,
                     new short[] {CertificateType.RawPublicKey},
-                    generateKeypair(),
+                    generateKeyPair(),
                     tlsVersion);
             MockRawKeysTlsServer server = new MockRawKeysTlsServer(
                     CertificateType.X509,
                     CertificateType.X509,
                     new short[] {CertificateType.X509},
-                    generateKeypair(),
+                    generateKeyPair(),
                     tlsVersion);
             pumpData(client, server);
             fail("Should have caused unsupported_certificate alert");
@@ -255,13 +255,13 @@ private void testClientSendsServerCertExtensionButServerHasNoCommonTypes(Protoco
                     CertificateType.RawPublicKey,
                     new short[] {CertificateType.RawPublicKey},
                     null,
-                    generateKeypair(),
+                    generateKeyPair(),
                     tlsVersion);
             MockRawKeysTlsServer server = new MockRawKeysTlsServer(
                     CertificateType.X509,
                     CertificateType.RawPublicKey,
                     new short[] {CertificateType.RawPublicKey},
-                    generateKeypair(),
+                    generateKeyPair(),
                     tlsVersion);
             pumpData(client, server);
             fail("Should have caused unsupported_certificate alert");
@@ -272,15 +272,13 @@ private void testClientSendsServerCertExtensionButServerHasNoCommonTypes(Protoco
         }
     }
 
-    private Ed25519PrivateKeyParameters generateKeypair()
+    private Ed25519PrivateKeyParameters generateKeyPair()
     {
-        return new Ed25519PrivateKeyParameters(rng);
+        return new Ed25519PrivateKeyParameters(RANDOM);
     }
 
     private void pumpData(TlsClient client, TlsServer server) throws Exception
     {
-        SecureRandom secureRandom = new SecureRandom();
-
         PipedInputStream clientRead = TlsTestUtils.createPipedInputStream();
         PipedInputStream serverRead = TlsTestUtils.createPipedInputStream();
         PipedOutputStream clientWrite = new PipedOutputStream(serverRead);
@@ -298,7 +296,7 @@ private void pumpData(TlsClient client, TlsServer server) throws Exception
         int length = 1000;
 
         byte[] data = new byte[length];
-        secureRandom.nextBytes(data);
+        RANDOM.nextBytes(data);
 
         OutputStream output = clientProtocol.getOutputStream();
         output.write(data);
