/* * Copyright (C) 2010 Google Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package benchmarks.regression; import com.google.caliper.BeforeExperiment; import com.google.caliper.Param; import java.io.ByteArrayInputStream; import java.net.URL; import java.security.Principal; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSessionContext; /** * This benchmark makes a real HTTP connection to a handful of hosts and * captures the served certificates as a byte array. It then verifies each * certificate in the benchmark loop, being careful to convert from the * byte[] to the certificate each time. Otherwise the certificate class * caches previous results which skews the results of the benchmark: In practice * each certificate instance is verified once and then released. */ public final class HostnameVerifierBenchmark { @Param({"android.clients.google.com", "m.google.com", "www.google.com", "www.amazon.com", "www.ubs.com"}) String host; private String hostname; private HostnameVerifier hostnameVerifier; private byte[][] encodedCertificates; @BeforeExperiment protected void setUp() throws Exception { URL url = new URL("https", host, "/"); hostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier(); HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); connection.setHostnameVerifier(new HostnameVerifier() { public boolean verify(String hostname, SSLSession sslSession) { try { encodedCertificates = certificatesToBytes(sslSession.getPeerCertificates()); } catch (Exception e) { throw new RuntimeException(e); } HostnameVerifierBenchmark.this.hostname = hostname; return true; } }); connection.getInputStream(); connection.disconnect(); } public void timeVerify(int reps) throws Exception { for (int i = 0; i < reps; i++) { final Certificate[] certificates = bytesToCertificates(encodedCertificates); FakeSSLSession sslSession = new FakeSSLSession() { @Override public Certificate[] getPeerCertificates() { return certificates; } }; hostnameVerifier.verify(hostname, sslSession); } } private byte[][] certificatesToBytes(Certificate[] certificates) throws Exception { byte[][] result = new byte[certificates.length][]; for (int i = 0, certificatesLength = certificates.length; i < certificatesLength; i++) { result[i] = certificates[i].getEncoded(); } return result; } private Certificate[] bytesToCertificates(byte[][] encodedCertificates) throws Exception { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); Certificate[] result = new Certificate[encodedCertificates.length]; for (int i = 0; i < encodedCertificates.length; i++) { result[i] = certificateFactory.generateCertificate( new ByteArrayInputStream(encodedCertificates[i])); } return result; } private static class FakeSSLSession implements SSLSession { public int getApplicationBufferSize() { throw new UnsupportedOperationException(); } public String getCipherSuite() { throw new UnsupportedOperationException(); } public long getCreationTime() { throw new UnsupportedOperationException(); } public byte[] getId() { throw new UnsupportedOperationException(); } public long getLastAccessedTime() { throw new UnsupportedOperationException(); } public Certificate[] getLocalCertificates() { throw new UnsupportedOperationException(); } public Principal getLocalPrincipal() { throw new UnsupportedOperationException(); } public int getPacketBufferSize() { throw new UnsupportedOperationException(); } public javax.security.cert.X509Certificate[] getPeerCertificateChain() { throw new UnsupportedOperationException(); } public Certificate[] getPeerCertificates() { throw new UnsupportedOperationException(); } public String getPeerHost() { throw new UnsupportedOperationException(); } public int getPeerPort() { throw new UnsupportedOperationException(); } public Principal getPeerPrincipal() { throw new UnsupportedOperationException(); } public String getProtocol() { throw new UnsupportedOperationException(); } public SSLSessionContext getSessionContext() { throw new UnsupportedOperationException(); } public Object getValue(String name) { throw new UnsupportedOperationException(); } public String[] getValueNames() { throw new UnsupportedOperationException(); } public void invalidate() { throw new UnsupportedOperationException(); } public boolean isValid() { throw new UnsupportedOperationException(); } public void putValue(String name, Object value) { throw new UnsupportedOperationException(); } public void removeValue(String name) { throw new UnsupportedOperationException(); } } }