import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/**
 * Works if TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher is available with the
 * JDK. Unfortunately, elliptic curve ciphers aren't available in Fedora's
 * OpenJDK. Also note that for the broken JDK cipher TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 * is picked which uses DH. For some reason all RSA based ciphers are disabled.
 * 
 * 
 * @author Severin Gehwolf
 *
 */
public class DHHandshakerTest {
	
	public static void main(String[] args) {
		DHHandshakerTest handshaker = new DHHandshakerTest();
		try {
			handshaker.establish();
		} catch (Exception e) {
			throw new RuntimeException(e);
		}
		System.out.println("Test passed");
	}

	private void establish() throws Exception {
		// Create the context.  Specify the SunJSSE provider to avoid
		// picking up third-party providers.
		SSLContext ctx = null;
		try {
		    ctx = SSLContext.getInstance("TLSv1.2", "SunJSSE");
		} catch (NoSuchAlgorithmException e) {
		    e.printStackTrace();
		    throw new AssertionError(e);
		}
		TrustManager tm = new MyTrustManager();
		ctx.init(null, new TrustManager[] { tm }, new SecureRandom());
		SSLParameters params = ctx.getDefaultSSLParameters();
		// Get supported ciphers
		ArrayList<String> ciphers = new ArrayList<String>(
		    Arrays.asList(params.getCipherSuites()));
		System.out.println("Supported ciphers: " + ciphers);

		// Create the socket and connect it at the TCP layer.
		SSLSocket socket = (SSLSocket) ctx.getSocketFactory()
		    .createSocket("fedorahosted.org", 443);

		// Perform the handshake.
		socket.startHandshake();

		System.out.println("Handshake done!");
	}
	
	private static class MyTrustManager implements X509TrustManager {

	    @Override
	    public void checkClientTrusted(X509Certificate[] chain, String authType)
	            throws CertificateException {
	        throw new UnsupportedOperationException();
	    }

	    @Override
	    public void checkServerTrusted(X509Certificate[] chain,
	            String authType) throws CertificateException {
	        System.out.println("Tusting all certificates!");
	    }

	    @Override
	    public X509Certificate[] getAcceptedIssuers() {
	        return new X509Certificate[0];
	    }
	}
}