Google Git
Sign in
android / platform / libcore / 004c097c61970ff6ba07f5825a8c16a4fdccf286 / . / jdk / test / javax / net / ssl / TLS / CipherTestUtils.java
blob: 38b0d871c1c62c0101b696687c003b574b895c3d [file] [log] [blame]
/*
* Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
/**
* Test that all ciphersuites work in all versions and all client authentication
* types. The way this is setup the server is stateless and all checking is done
* on the client side.
*/
public class CipherTestUtils {
public static final int TIMEOUT = 20 * 1000;
public static final SecureRandom secureRandom = new SecureRandom();
public static char[] PASSWORD = "passphrase".toCharArray();
private static final List<TestParameters> TESTS = new ArrayList<>(3);
private static final List<Exception> EXCEPTIONS
= Collections.synchronizedList(new ArrayList<>(1));
private static final String CLIENT_PUBLIC_KEY
= "-----BEGIN CERTIFICATE-----\n"
+ "MIICtTCCAh4CCQDkYJ46DMcGRjANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMC\n"
+ "VVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR8wHQYDVQQK\n"
+ "DBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMSYwJAYDVQQLDB1TdW4gTWljcm9zeXN0\n"
+ "ZW1zIExhYm9yYXRvcmllczEfMB0GA1UEAwwWVGVzdCBDQSAoMTAyNCBiaXQgUlNB\n"
+ "KTAeFw0wOTA0MjcwNDA0MDhaFw0xMzA2MDUwNDA0MDhaMIGgMQswCQYDVQQGEwJV\n"
+ "UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHzAdBgNVBAoM\n"
+ "FlN1biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsMHVN1biBNaWNyb3N5c3Rl\n"
+ "bXMgTGFib3JhdG9yaWVzMSMwIQYDVQQDDBpUZXN0IENsaWVudCAoMTAyNCBiaXQg\n"
+ "UlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAm5rwjmhO7Nwd5GWs+KvQ\n"
+ "UnDiqpRDvRriOUFdF0rCI2Op24C+iwUMDGxPsgP7VkUpOdJhw3c72aP0CAWcZ5dN\n"
+ "UCW7WVDAxnogCahLCir1jjoGdEjiNGOy0L9sypsM9UvBzJN8uvXsxsTZX4Z88cKU\n"
+ "G7RUvN8LQ88zDljk5zr3c2MCAwEAATANBgkqhkiG9w0BAQUFAAOBgQA7LUDrzHln\n"
+ "EXuGmwZeeroACB6DVtkClMskF/Pj5GnTxoeNN9DggycX/eOeIDKRloHuMpBeZPJH\n"
+ "NUwFu4LB6HBDeldQD9iRp8zD/fPakOdN+1Gk5hciIZZJ5hQmeCl7Va2Gr64vUqZG\n"
+ "MkVU755t+7ByLgzWuhPhhsX9QCuPR5FjvQ==\n"
+ "-----END CERTIFICATE-----";
private static final String CLIENT_PRIVATE_KEY
= "-----BEGIN PRIVATE KEY-----\n"
+ "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJua8I5oTuzcHeRl\n"
+ "rPir0FJw4qqUQ70a4jlBXRdKwiNjqduAvosFDAxsT7ID+1ZFKTnSYcN3O9mj9AgF\n"
+ "nGeXTVAlu1lQwMZ6IAmoSwoq9Y46BnRI4jRjstC/bMqbDPVLwcyTfLr17MbE2V+G\n"
+ "fPHClBu0VLzfC0PPMw5Y5Oc693NjAgMBAAECgYA5w73zj8Nk6J3sMNaShe3S/PcY\n"
+ "TewLopRCnwI46FbDnnbq9pNFtnzvi7HWKuY983THc1M5peTA+b1Y0QRr7F4Vg4x9\n"
+ "9UM0B/tZcIIcJJ3LS+9fXKCbYLQWq5F05JqeZu+i+QLmJFO5+2p7laeQ4oQfW7QE\n"
+ "YR4u2mSaLe0SsqHvOQJBAMhgcye9C6pJO0eo2/VtRxAXI7zxNAIjHwKo1cva7bhu\n"
+ "GdrMaEAJBAsMJ1GEk7/WDI+3KEbTjQdfIJuAvOR4FXUCQQDGzNn/tl2k93v/ugyM\n"
+ "/tBhCKDipYDIbyJMoG2AOtOGmCsiGo5L7idO4OAcm/QiHBQMXjFIVgTUcH8MhGj4\n"
+ "blJ3AkA5fUqsxRV6tuYWKkFpif/QgwMS65VDY7Y6+hvVECwSNSyf1PO4I54QWV1S\n"
+ "ixok+RHDjgY1Q+77hXSCiQ4o8rcdAkBHvjfR+5sx5IpgUGElJPRIgFenU3j1XH3x\n"
+ "T1gVFaWuhg3S4eiGaGzRH4BhcrqY8K8fg4Kfi0N08yA2gTZsqUujAkEAjuNPTuKx\n"
+ "ti0LXI09kbGUqOpRMm1zW5TD6LFeEaUN6oxrSZI2YUvu7VyotAqsxX5O0u0f3VQw\n"
+ "ySF0Q1oZ6qu7cg==\n"
+ "-----END PRIVATE KEY-----";
private static final String SERVER_PUBLIC_KEY
= "-----BEGIN CERTIFICATE-----\n"
+ "MIICtTCCAh4CCQDkYJ46DMcGRTANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMC\n"
+ "VVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR8wHQYDVQQK\n"
+ "DBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMSYwJAYDVQQLDB1TdW4gTWljcm9zeXN0\n"
+ "ZW1zIExhYm9yYXRvcmllczEfMB0GA1UEAwwWVGVzdCBDQSAoMTAyNCBiaXQgUlNB\n"
+ "KTAeFw0wOTA0MjcwNDA0MDhaFw0xMzA2MDUwNDA0MDhaMIGgMQswCQYDVQQGEwJV\n"
+ "UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHzAdBgNVBAoM\n"
+ "FlN1biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsMHVN1biBNaWNyb3N5c3Rl\n"
+ "bXMgTGFib3JhdG9yaWVzMSMwIQYDVQQDDBpUZXN0IFNlcnZlciAoMTAyNCBiaXQg\n"
+ "UlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsHHeZ1O67yuxQKDSAOC\n"
+ "Xm271ViwBrXkxe5cvhG8MCCem6Z3XeZ/m6c2ucRwLaQxnmG1m0G6/OYaUXTivjcG\n"
+ "/K4bc1I+yjghAWQNLBtsOiP9w0LKibg3TSDehpeuuz/lmB5A4HMqQr8KkY4K7peD\n"
+ "1QkJ2Dn3zhbwQ/0d8f5CCbkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBOd8XojEnu\n"
+ "eTUHBwqfmnvRQvbICFDNbbL4KuX/JNPSy1WMGAEbNCTLZ+5yP69js8aUYqAk5vVf\n"
+ "dWRLU3MDiEzW7zxE1ubuKWjVuyGbG8Me0G01Hw+evBcZqB64Fz3OFISVfQh7MqE/\n"
+ "O0AeakRMH350FRLNl4o6KBSXmF/AADfqQQ==\n"
+ "-----END CERTIFICATE-----";
private static final String SERVER_PRIVATE_KEY
= "-----BEGIN PRIVATE KEY-----\n"
+ "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAK7Bx3mdTuu8rsUC\n"
+ "g0gDgl5tu9VYsAa15MXuXL4RvDAgnpumd13mf5unNrnEcC2kMZ5htZtBuvzmGlF0\n"
+ "4r43BvyuG3NSPso4IQFkDSwbbDoj/cNCyom4N00g3oaXrrs/5ZgeQOBzKkK/CpGO\n"
+ "Cu6Xg9UJCdg5984W8EP9HfH+Qgm5AgMBAAECgYAXUv+3qJo+9mjxHHu/IdDFn6nB\n"
+ "ONwNmTtWe5DfQWi3l7LznU0zOC9x6+hu9NvwC4kf1XSyqxw04tVCZ/JXZurEmEBz\n"
+ "YtcQ5idRQDkKYXEDOeVUfvtHO6xilzrhPKxxd0GG/sei2pozikkqnYF3OcP0qL+a\n"
+ "3nWixZQBRoF2nIRLcQJBAN97TJBr0XTRmE7OCKLUy1+ws7vZB9uQ2efHMsgwOpsY\n"
+ "3cEW5qd95hrxLU72sBeu9loHQgBrT2Q3OAxnsPXmgO0CQQDIL3u9kS/O3Ukx+n1H\n"
+ "JdPFQCRxrDm/vtJpQEmq+mLqxxnxCFRIYQ2ieAPokBxWeMDtdWJGD3VxhahjPfZm\n"
+ "5K59AkEAuDVl0tVMfUIWjT5/F9jXGjUIsZofQ/iN5OLpFOHMLPO+Nd6umPjJpwON\n"
+ "GT11wM/S+DprSPUrJ6vsYy1FTCuHsQJBAMXtnO07xgdE6AAQaRmVnyMiXmY+IQMj\n"
+ "CyuhsrToyDDWFyIoWB0QSMjg3QxuoHYnAqpGK5qV4ksSGgG13BCz/okCQQCRHTgn\n"
+ "DuFG2f7GYLFjI4NaTEzHGp+J9LiNYY1kYYLonpwAC3Z5hzJVanYT3/g23AUZ/fdF\n"
+ "v5PDIViuPo5ZB1eD\n"
+ "-----END PRIVATE KEY-----";
private static final String CA_PUBLIC_KEY
= "-----BEGIN CERTIFICATE-----\n"
+ "MIIDCDCCAnGgAwIBAgIJAIYlGfwNBY6NMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD\n"
+ "VQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHzAd\n"
+ "BgNVBAoMFlN1biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsMHVN1biBNaWNy\n"
+ "b3N5c3RlbXMgTGFib3JhdG9yaWVzMR8wHQYDVQQDDBZUZXN0IENBICgxMDI0IGJp\n"
+ "dCBSU0EpMB4XDTA5MDQyNzA0MDQwOFoXDTEzMDYwNTA0MDQwOFowgZwxCzAJBgNV\n"
+ "BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEfMB0G\n"
+ "A1UECgwWU3VuIE1pY3Jvc3lzdGVtcywgSW5jLjEmMCQGA1UECwwdU3VuIE1pY3Jv\n"
+ "c3lzdGVtcyBMYWJvcmF0b3JpZXMxHzAdBgNVBAMMFlRlc3QgQ0EgKDEwMjQgYml0\n"
+ "IFJTQSkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOK4DJxxb0XX6MJ1CVjp\n"
+ "9Gmr/Ua8MS12R58F9lDpSKuq8cFexA4W7OdZ4jtbKv0tRHX5YxmbnXedwS+gdcOA\n"
+ "GRgXMoeXlgTFGpdL+TR8xKIlMGRSjnR7MpR2tRyIYI2p+UTEiD6LTlIm5Wh4z1q8\n"
+ "LYbxyMVD1XNNNymvPM44OjsBAgMBAAGjUDBOMB0GA1UdDgQWBBT27BLUflmfdtbi\n"
+ "WTgjwWnoxop2MTAfBgNVHSMEGDAWgBT27BLUflmfdtbiWTgjwWnoxop2MTAMBgNV\n"
+ "HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEQELNzhZpjnSgigd+QJ6I/3CPDo\n"
+ "SDkMLdP1BHlT/DkMIZvABm+M09ePNlWiLYCNCsL9nWmX0gw0rFDKsTklZyKTUzaM\n"
+ "oy/AZCrAaoIc6SO5m1xE1RMyVxd/Y/kg6cbfWxxCJFlMeU5rsSdC97HTE/lDyuoh\n"
+ "BmlOBB7SdR+1ScjA\n"
+ "-----END CERTIFICATE-----";
private static final String CA_PRIVATE_KEY
= "-----BEGIN PRIVATE KEY-----\n"
+ "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOK4DJxxb0XX6MJ1\n"
+ "CVjp9Gmr/Ua8MS12R58F9lDpSKuq8cFexA4W7OdZ4jtbKv0tRHX5YxmbnXedwS+g\n"
+ "dcOAGRgXMoeXlgTFGpdL+TR8xKIlMGRSjnR7MpR2tRyIYI2p+UTEiD6LTlIm5Wh4\n"
+ "z1q8LYbxyMVD1XNNNymvPM44OjsBAgMBAAECgYEApmMOlk3FrQtsvjGof4GLp3Xa\n"
+ "tmvs54FzxKhagj0C4UHelNyYpAJ9MLjNiGQ7I31yTeaNrUCAi0XSfsKTSrwbLSnJ\n"
+ "qsUPKMBrnzcWrOyui2+cupHZXaTlNeYB97teLJYpa6Ql9CZLoTHoim1+//s7diBh\n"
+ "03Vls+M6Poi5PMvv59UCQQD+k/BiokmbBgWHfBY5cZSlx3Z4VTwSHJmHDTO3Tjso\n"
+ "EVErXUSVvqD/KHX6eM4VPM8lySV5djWV8lDsESCWMtiLAkEA4/xFNsiOLMQpxW/O\n"
+ "bt2tukxJkAxldD4lPoFZR+zbXtMtt8OjERtX2wD+nj6h7jfIeSyVuBEcBN8Uj8xe\n"
+ "kgfgIwJAPbKG4LCqHAsCjgpRrIxNVTwZByLJEy6hOqzFathn19cSj+rjs1Lm28/n\n"
+ "f9OFRnpdTbAJB/3REM0QNZYVCrG57wJBAN0KuTytZJNouaswhPCew5Kt5mDgc/kp\n"
+ "S8j3dk2zCto8W8Ygy1iJrzuqEjPxO+UQdrFtlde51vWuKGxnVIW3VwsCQEldqk7r\n"
+ "8y7PgquPP+k3L0OXno5wGBrPcW1+U0mhIZGnwSzE4SPX2ddqUSEUA/Av4RjAckL/\n"
+ "fpqmCkpTanyYW9U=\n"
+ "-----END PRIVATE KEY-----";
private final SSLSocketFactory factory;
private final X509ExtendedKeyManager clientKeyManager;
private final X509ExtendedKeyManager serverKeyManager;
private final X509TrustManager clientTrustManager;
private final X509TrustManager serverTrustManager;
static abstract class Server implements Runnable, AutoCloseable {
final CipherTestUtils cipherTest;
Server(CipherTestUtils cipherTest) throws Exception {
this.cipherTest = cipherTest;
}
@Override
public abstract void run();
abstract int getPort();
void handleRequest(InputStream in, OutputStream out)
throws IOException {
boolean newline = false;
StringBuilder sb = new StringBuilder();
while (true) {
int ch = in.read();
if (ch < 0) {
throw new EOFException();
}
sb.append((char) ch);
if (ch == '\r') {
// empty
} else if (ch == '\n') {
if (newline) {
// 2nd newline in a row, end of request
break;
}
newline = true;
} else {
newline = false;
}
}
String request = sb.toString();
if (request.startsWith("GET / HTTP/1.") == false) {
throw new IOException("Invalid request: " + request);
}
out.write("HTTP/1.0 200 OK\r\n\r\n".getBytes());
out.write("Tested Scenario: ".getBytes());
TestParameters tp = (TestParameters) CipherTestUtils.TESTS.get(0);
out.write(tp.toString().getBytes());
out.write(" Test PASSED.".getBytes());
}
}
public static class TestParameters {
final String cipherSuite;
final String protocol;
final String clientAuth;
TestParameters(String cipherSuite, String protocol, String clientAuth) {
this.cipherSuite = cipherSuite;
this.protocol = protocol;
this.clientAuth = clientAuth;
}
boolean isEnabled() {
return true;
}
@Override
public String toString() {
String s = cipherSuite + " in " + protocol + " mode";
if (clientAuth != null) {
s += " with " + clientAuth + " client authentication";
}
return s;
}
}
private static volatile CipherTestUtils instance = null;
public static CipherTestUtils getInstance() throws Exception {
if (instance == null) {
synchronized (CipherTestUtils.class) {
if (instance == null) {
instance = new CipherTestUtils();
}
}
}
return instance;
}
public static void setTestedArguments(String protocol, String ciphersuite) {
ciphersuite = ciphersuite.trim();
TestParameters params = new TestParameters(ciphersuite, protocol, null);
TESTS.add(params);
}
public X509ExtendedKeyManager getClientKeyManager() {
return clientKeyManager;
}
public X509TrustManager getClientTrustManager() {
return clientTrustManager;
}
public X509ExtendedKeyManager getServerKeyManager() {
return serverKeyManager;
}
public X509TrustManager getServerTrustManager() {
return serverTrustManager;
}
public static void addFailure(Exception e) {
EXCEPTIONS.add(e);
}
private CipherTestUtils() throws Exception {
factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
SERVER_PRIVATE_KEY);
KeyStore serverTrustStore = createServerKeyStore(CA_PUBLIC_KEY,
CA_PRIVATE_KEY);
if (serverKeyStore != null) {
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(serverKeyStore, PASSWORD);
serverKeyManager = (X509ExtendedKeyManager)
keyFactory.getKeyManagers()[0];
} else {
serverKeyManager = null;
}
serverTrustManager = serverTrustStore != null
? new AlwaysTrustManager(serverTrustStore) : null;
KeyStore clientKeyStore, clientTrustStore;
clientTrustStore = serverTrustStore;
clientKeyStore =
createServerKeyStore(CLIENT_PUBLIC_KEY,CLIENT_PRIVATE_KEY);
if (clientKeyStore != null) {
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(clientKeyStore, PASSWORD);
clientKeyManager = (X509ExtendedKeyManager)
keyFactory.getKeyManagers()[0];
} else {
clientKeyManager = null;
}
clientTrustManager = (clientTrustStore != null)
? new AlwaysTrustManager(clientTrustStore) : null;
}
void checkResult(String exception) throws Exception {
if (EXCEPTIONS.size() >= 1) {
Exception actualException = EXCEPTIONS.get(0);
if (exception == null) {
throw new RuntimeException("FAILED: got unexpected exception: "
+ actualException);
}
if (!exception.equals(actualException.getClass().getName())) {
throw new RuntimeException("FAILED: got unexpected exception: "
+ actualException);
}
System.out.println("PASSED: got expected exception: "
+ actualException);
} else {
if (exception != null) {
throw new RuntimeException("FAILED: " + exception
+ " was expected");
}
System.out.println("PASSED");
}
}
SSLSocketFactory getFactory() {
return factory;
}
static abstract class Client implements Runnable {
final CipherTestUtils cipherTest;
TestParameters testedParams;
Client(CipherTestUtils cipherTest) throws Exception {
this.cipherTest = cipherTest;
}
Client(CipherTestUtils cipherTest, String testedCipherSuite)
throws Exception {
this.cipherTest = cipherTest;
}
@Override
public final void run() {
TESTS.stream().map((params) -> {
if (!params.isEnabled()) {
System.out.println("Skipping disabled test " + params);
}
return params;
}).forEach((params) -> {
try {
System.out.println("Testing " + params);
runTest(params);
System.out.println("Passed " + params);
} catch (Exception e) {
CipherTestUtils.addFailure(e);
System.out.println("** Failed " + params
+ "**, got exception:");
e.printStackTrace(System.out);
}
});
}
abstract void runTest(TestParameters params) throws Exception;
void sendRequest(InputStream in, OutputStream out) throws IOException {
out.write("GET / HTTP/1.0\r\n\r\n".getBytes());
out.flush();
StringBuilder sb = new StringBuilder();
while (true) {
int ch = in.read();
if (ch < 0) {
break;
}
sb.append((char) ch);
}
String response = sb.toString();
if (response.startsWith("HTTP/1.0 200 ") == false) {
throw new IOException("Invalid response: " + response);
} else {
System.out.println();
System.out.println("--- Response --- ");
System.out.println(response);
System.out.println("---------------- ");
}
}
}
public static void printStringArray(String[] stringArray) {
System.out.println(Arrays.toString(stringArray));
System.out.println();
}
public static void printInfo(SSLServerSocket socket) {
System.out.println();
System.out.println("--- SSL ServerSocket Info ---");
System.out.print("SupportedProtocols : ");
printStringArray(socket.getSupportedProtocols());
System.out.print("SupportedCipherSuites : ");
printStringArray(socket.getSupportedCipherSuites());
System.out.print("EnabledProtocols : ");
printStringArray(socket.getEnabledProtocols());
System.out.print("EnabledCipherSuites : ");
String[] supportedCipherSuites = socket.getEnabledCipherSuites();
Arrays.sort(supportedCipherSuites);
printStringArray(supportedCipherSuites);
System.out.println("NeedClientAuth : "
+ socket.getNeedClientAuth());
System.out.println("WantClientAuth : "
+ socket.getWantClientAuth());
System.out.println("-----------------------");
}
public static void printInfo(SSLSocket socket) {
System.out.println();
System.out.println("--- SSL Socket Info ---");
System.out.print(" SupportedProtocols : ");
printStringArray(socket.getSupportedProtocols());
System.out.println(" EnabledProtocols : "
+ socket.getEnabledProtocols()[0]);
System.out.print(" SupportedCipherSuites : ");
String[] supportedCipherSuites = socket.getEnabledCipherSuites();
Arrays.sort(supportedCipherSuites);
printStringArray(supportedCipherSuites);
System.out.println(" EnabledCipherSuites : "
+ socket.getEnabledCipherSuites()[0]);
System.out.println(" NeedClientAuth : "
+ socket.getNeedClientAuth());
System.out.println(" WantClientAuth : "
+ socket.getWantClientAuth());
System.out.println("-----------------------");
}
private static KeyStore createServerKeyStore(String publicKey,
String keySpecStr) throws KeyStoreException, IOException,
NoSuchAlgorithmException, CertificateException,
InvalidKeySpecException {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
if (publicKey == null || keySpecStr == null) {
throw new IllegalArgumentException("publicKey or "
+ "keySpecStr cannot be null");
}
String strippedPrivateKey = keySpecStr.substring(
keySpecStr.indexOf("\n"), keySpecStr.lastIndexOf("\n"));
// generate the private key.
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(strippedPrivateKey));
KeyFactory kf = KeyFactory.getInstance("RSA");
RSAPrivateKey priKey
= (RSAPrivateKey) kf.generatePrivate(priKeySpec);
// generate certificate chain
try (InputStream is = new ByteArrayInputStream(publicKey.getBytes())) {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate keyCert = cf.generateCertificate(is);
Certificate[] chain = {keyCert};
ks.setKeyEntry("TestEntry", priKey, PASSWORD, chain);
}
return ks;
}
public static Server mainServer(PeerFactory peerFactory,
String expectedException) throws Exception {
setTestedArguments(peerFactory.getTestedProtocol(),
peerFactory.getTestedCipher());
System.out.print(
" Initializing test '" + peerFactory.getName() + "'...");
secureRandom.nextInt();
CipherTestUtils cipherTest = CipherTestUtils.getInstance();
Server srv = peerFactory.newServer(cipherTest, PeerFactory.FREE_PORT);
Thread serverThread = new Thread(srv, "Server");
serverThread.start();
return srv;
}
public static void mainClient(PeerFactory peerFactory, int port,
String expectedException) throws Exception {
long time = System.currentTimeMillis();
setTestedArguments(peerFactory.getTestedProtocol(),
peerFactory.getTestedCipher());
System.out.print(
" Initializing test '" + peerFactory.getName() + "'...");
secureRandom.nextInt();
CipherTestUtils cipherTest = CipherTestUtils.getInstance();
peerFactory.newClient(cipherTest, port).run();
cipherTest.checkResult(expectedException);
time = System.currentTimeMillis() - time;
System.out.println("Elapsed time " + time);
}
public static abstract class PeerFactory {
public static final int FREE_PORT = 0;
abstract String getName();
abstract String getTestedProtocol();
abstract String getTestedCipher();
abstract Client newClient(CipherTestUtils cipherTest, int testPort)
throws Exception;
abstract Server newServer(CipherTestUtils cipherTest, int testPort)
throws Exception;
boolean isSupported(String cipherSuite) {
return true;
}
}
}
class AlwaysTrustManager implements X509TrustManager {
X509TrustManager trustManager;
public AlwaysTrustManager(KeyStore keyStore)
throws NoSuchAlgorithmException, KeyStoreException {
TrustManagerFactory tmf
= TrustManagerFactory.getInstance(TrustManagerFactory.
getDefaultAlgorithm());
tmf.init(keyStore);
TrustManager tms[] = tmf.getTrustManagers();
for (TrustManager tm : tms) {
trustManager = (X509TrustManager) tm;
return;
}
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
try {
trustManager.checkClientTrusted(chain, authType);
} catch (CertificateException excep) {
System.out.println("ERROR in client trust manager: " + excep);
}
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
try {
trustManager.checkServerTrusted(chain, authType);
} catch (CertificateException excep) {
System.out.println("ERROR in server trust manager: " + excep);
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return trustManager.getAcceptedIssuers();
}
}
class MyX509KeyManager extends X509ExtendedKeyManager {
private final X509ExtendedKeyManager keyManager;
private String authType;
MyX509KeyManager(X509ExtendedKeyManager keyManager) {
this.keyManager = keyManager;
}
void setAuthType(String authType) {
this.authType = "ECDSA".equals(authType) ? "EC" : authType;
}
@Override
public String[] getClientAliases(String keyType, Principal[] issuers) {
if (authType == null) {
return null;
}
return keyManager.getClientAliases(authType, issuers);
}
@Override
public String chooseClientAlias(String[] keyType, Principal[] issuers,
Socket socket) {
if (authType == null) {
return null;
}
return keyManager.chooseClientAlias(new String[]{authType},
issuers, socket);
}
@Override
public String chooseEngineClientAlias(String[] keyType,
Principal[] issuers, SSLEngine engine) {
if (authType == null) {
return null;
}
return keyManager.chooseEngineClientAlias(new String[]{authType},
issuers, engine);
}
@Override
public String[] getServerAliases(String keyType, Principal[] issuers) {
throw new UnsupportedOperationException("Servers not supported");
}
@Override
public String chooseServerAlias(String keyType, Principal[] issuers,
Socket socket) {
throw new UnsupportedOperationException("Servers not supported");
}
@Override
public String chooseEngineServerAlias(String keyType, Principal[] issuers,
SSLEngine engine) {
throw new UnsupportedOperationException("Servers not supported");
}
@Override
public X509Certificate[] getCertificateChain(String alias) {
return keyManager.getCertificateChain(alias);
}
@Override
public PrivateKey getPrivateKey(String alias) {
return keyManager.getPrivateKey(alias);
}
}