From 1c3b425d48787332117b535f9d28048a81e54060 Mon Sep 17 00:00:00 2001
From: Andrew Kerr <andrew.kerr@neotechnology.com>
Date: Fri, 15 Feb 2019 13:39:56 +0000
Subject: [PATCH] Ignore test cases with unsupported ciphers

---
 .../org/neo4j/ssl/SslNegotiationTest.java     | 76 +++++++++++++++++--
 1 file changed, 68 insertions(+), 8 deletions(-)

diff --git a/integrationtests/src/test/java/org/neo4j/ssl/SslNegotiationTest.java b/integrationtests/src/test/java/org/neo4j/ssl/SslNegotiationTest.java
index 7724668fbbb4..d264e13f16c4 100644
--- a/integrationtests/src/test/java/org/neo4j/ssl/SslNegotiationTest.java
+++ b/integrationtests/src/test/java/org/neo4j/ssl/SslNegotiationTest.java
@@ -19,13 +19,18 @@
  */
 package org.neo4j.ssl;
 
+import org.hamcrest.collection.IsArrayContaining;
 import org.junit.After;
+import org.junit.Assume;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 
-import org.neo4j.ssl.SslContextFactory.SslParameters;
+import java.io.IOException;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
 import org.neo4j.test.rule.TestDirectory;
 import org.neo4j.test.rule.fs.DefaultFileSystemRule;
 
@@ -34,8 +39,8 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
-import static org.neo4j.ssl.SslContextFactory.SslParameters.protocols;
 import static org.neo4j.ssl.SslContextFactory.makeSslContext;
+import static org.neo4j.ssl.SslNegotiationTest.SslParametersSetup.protocols;
 import static org.neo4j.ssl.SslResourceBuilder.selfSignedKeyId;
 
 @RunWith( Parameterized.class )
@@ -169,13 +174,23 @@ public void cleanup()
     @Test
     public void shouldNegotiateCorrectly() throws Exception
     {
+        for ( String cipher : setup.serverParams.ciphers )
+        {
+            assumeCipherSupported( cipher );
+        }
+
+        for ( String cipher : setup.clientParams.ciphers )
+        {
+            assumeCipherSupported( cipher );
+        }
+
         SslResource sslServerResource = selfSignedKeyId( 0 ).trustKeyId( 1 ).install( testDir.directory( "server" ) );
         SslResource sslClientResource = selfSignedKeyId( 1 ).trustKeyId( 0 ).install( testDir.directory( "client" ) );
 
-        server = new SecureServer( makeSslContext( sslServerResource, true, setup.serverParams ) );
+        server = new SecureServer( makeSslContext( sslServerResource, true, setup.serverParams.toSslParameters() ) );
 
         server.start();
-        client = new SecureClient( makeSslContext( sslClientResource, false, setup.clientParams ) );
+        client = new SecureClient( makeSslContext( sslClientResource, false, setup.clientParams.toSslParameters() ) );
         client.connect( server.port() );
 
         assertTrue( client.sslHandshakeFuture().await( 1, MINUTES ) );
@@ -192,21 +207,32 @@ public void shouldNegotiateCorrectly() throws Exception
         }
     }
 
+    private void assumeCipherSupported( String cipher ) throws IOException
+    {
+        SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
+        SSLSocket socket = (SSLSocket)factory.createSocket();
+        String[] enabled = socket.getEnabledCipherSuites();
+        socket.close();
+
+        Assume.assumeThat( enabled, IsArrayContaining.hasItemInArray( cipher ) );
+    }
+
     private static class TestSetup
     {
-        private final SslParameters serverParams;
-        private final SslParameters clientParams;
+        private final SslParametersSetup serverParams;
+        private final SslParametersSetup clientParams;
 
         private final boolean expectedSuccess;
         private final String expectedProtocol;
         private final String expectedCipher;
 
-        private TestSetup( SslParameters serverParams, SslParameters clientParams, boolean expectedSuccess )
+        private TestSetup( SslParametersSetup serverParams, SslParametersSetup clientParams, boolean expectedSuccess )
         {
             this( serverParams, clientParams, expectedSuccess, null, null );
         }
 
-        private TestSetup( SslParameters serverParams, SslParameters clientParams, boolean expectedSuccess, String expectedProtocol, String expectedCipher )
+        private TestSetup( SslParametersSetup serverParams, SslParametersSetup clientParams, boolean expectedSuccess, String expectedProtocol,
+                String expectedCipher )
         {
             this.serverParams = serverParams;
             this.clientParams = clientParams;
@@ -222,4 +248,38 @@ public String toString()
                     ", expectedProtocol='" + expectedProtocol + '\'' + ", expectedCipher='" + expectedCipher + '\'' + '}';
         }
     }
+
+    static class SslParametersSetup
+    {
+        private String[] protocols;
+        private String[] ciphers;
+
+        private SslParametersSetup( String[] protocols, String[] ciphers )
+        {
+            this.protocols = protocols;
+            this.ciphers = ciphers;
+        }
+
+        public static SslParametersSetup protocols( String... protocols )
+        {
+            return new SslParametersSetup( protocols, null );
+        }
+
+        public SslParametersSetup ciphers( String... ciphers )
+        {
+            this.ciphers = ciphers;
+            return this;
+        }
+
+        public SslContextFactory.SslParameters toSslParameters()
+        {
+            return SslContextFactory.SslParameters.protocols( protocols ).ciphers( ciphers );
+        }
+
+        @Override
+        public String toString()
+        {
+            return "SslParametersSetup{" + "protocols='" + protocols + '\'' + ", ciphers='" + ciphers + '\'' + '}';
+        }
+    }
 }