/*
* Copyright (C) 2010 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package benchmarks.regression;
import com.google.caliper.Param;
import com.google.caliper.Runner;
import com.google.caliper.SimpleBenchmark;
import java.io.ByteArrayInputStream;
import java.net.URL;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
/**
* This benchmark makes a real HTTP connection to a handful of hosts and
* captures the served certificates as a byte array. It then verifies each
* certificate in the benchmark loop, being careful to convert from the
* byte[] to the certificate each time. Otherwise the certificate class
* caches previous results which skews the results of the benchmark: In practice
* each certificate instance is verified once and then released.
*/
public final class HostnameVerifierBenchmark extends SimpleBenchmark {
@Param({"android.clients.google.com",
"m.google.com",
"www.google.com",
"www.amazon.com",
"www.ubs.com"}) String host;
private String hostname;
private HostnameVerifier hostnameVerifier;
private byte[][] encodedCertificates;
@Override protected void setUp() throws Exception {
URL url = new URL("https", host, "/");
hostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession sslSession) {
try {
encodedCertificates = certificatesToBytes(sslSession.getPeerCertificates());
} catch (Exception e) {
throw new RuntimeException(e);
}
HostnameVerifierBenchmark.this.hostname = hostname;
return true;
}
});
connection.getInputStream();
connection.disconnect();
}
public void timeVerify(int reps) throws Exception {
for (int i = 0; i < reps; i++) {
final Certificate[] certificates = bytesToCertificates(encodedCertificates);
FakeSSLSession sslSession = new FakeSSLSession() {
@Override public Certificate[] getPeerCertificates() {
return certificates;
}
};
hostnameVerifier.verify(hostname, sslSession);
}
}
private byte[][] certificatesToBytes(Certificate[] certificates) throws Exception {
byte[][] result = new byte[certificates.length][];
for (int i = 0, certificatesLength = certificates.length; i < certificatesLength; i++) {
result[i] = certificates[i].getEncoded();
}
return result;
}
private Certificate[] bytesToCertificates(byte[][] encodedCertificates) throws Exception {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate[] result = new Certificate[encodedCertificates.length];
for (int i = 0; i < encodedCertificates.length; i++) {
result[i] = certificateFactory.generateCertificate(
new ByteArrayInputStream(encodedCertificates[i]));
}
return result;
}
private static class FakeSSLSession implements SSLSession {
public int getApplicationBufferSize() {
throw new UnsupportedOperationException();
}
public String getCipherSuite() {
throw new UnsupportedOperationException();
}
public long getCreationTime() {
throw new UnsupportedOperationException();
}
public byte[] getId() {
throw new UnsupportedOperationException();
}
public long getLastAccessedTime() {
throw new UnsupportedOperationException();
}
public Certificate[] getLocalCertificates() {
throw new UnsupportedOperationException();
}
public Principal getLocalPrincipal() {
throw new UnsupportedOperationException();
}
public int getPacketBufferSize() {
throw new UnsupportedOperationException();
}
public javax.security.cert.X509Certificate[] getPeerCertificateChain() {
throw new UnsupportedOperationException();
}
public Certificate[] getPeerCertificates() {
throw new UnsupportedOperationException();
}
public String getPeerHost() {
throw new UnsupportedOperationException();
}
public int getPeerPort() {
throw new UnsupportedOperationException();
}
public Principal getPeerPrincipal() {
throw new UnsupportedOperationException();
}
public String getProtocol() {
throw new UnsupportedOperationException();
}
public SSLSessionContext getSessionContext() {
throw new UnsupportedOperationException();
}
public Object getValue(String name) {
throw new UnsupportedOperationException();
}
public String[] getValueNames() {
throw new UnsupportedOperationException();
}
public void invalidate() {
throw new UnsupportedOperationException();
}
public boolean isValid() {
throw new UnsupportedOperationException();
}
public void putValue(String name, Object value) {
throw new UnsupportedOperationException();
}
public void removeValue(String name) {
throw new UnsupportedOperationException();
}
}
public static void main(String[] args) {
Runner.main(HostnameVerifierBenchmark.class, args);
}
}