1 /*
2 * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // Please run in othervm mode. SunJSSE does not support dynamic system
26 // properties, no way to re-use system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 8161106 8170329
32 * @modules jdk.crypto.ec
33 * @summary Improve SSLSocket test template
34 * @run main/othervm SSLSocketTemplate
35 */
36
37 import java.io.ByteArrayInputStream;
38 import java.io.InputStream;
39 import java.io.IOException;
40 import java.io.OutputStream;
41 import javax.net.ssl.KeyManagerFactory;
42 import javax.net.ssl.SSLContext;
43 import javax.net.ssl.SSLServerSocket;
44 import javax.net.ssl.SSLServerSocketFactory;
45 import javax.net.ssl.SSLSocket;
46 import javax.net.ssl.SSLSocketFactory;
47 import javax.net.ssl.TrustManagerFactory;
48 import java.net.InetSocketAddress;
49 import java.net.SocketTimeoutException;
50 import java.security.KeyStore;
51 import java.security.PrivateKey;
52 import java.security.KeyFactory;
53 import java.security.cert.Certificate;
54 import java.security.cert.CertificateFactory;
55 import java.security.spec.PKCS8EncodedKeySpec;
56 import java.util.Base64;
57
58 import java.util.concurrent.CountDownLatch;
59 import java.util.concurrent.TimeUnit;
60
61 /**
62 * Template to help speed your client/server tests.
63 *
64 * Two examples that use this template:
65 * test/sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java
66 * test/sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java
67 */
68 public class SSLSocketTemplate {
69
70 /*
71 * ==================
72 * Run the test case.
73 */
74 public static void main(String[] args) throws Exception {
75 (new SSLSocketTemplate()).run();
76 }
77
78 /*
79 * Run the test case.
80 */
81 public void run() throws Exception {
82 bootup();
83 }
84
85 /*
86 * Define the server side application of the test for the specified socket.
87 */
88 protected void runServerApplication(SSLSocket socket) throws Exception {
89 // here comes the test logic
90 InputStream sslIS = socket.getInputStream();
91 OutputStream sslOS = socket.getOutputStream();
92
93 sslIS.read();
94 sslOS.write(85);
95 sslOS.flush();
96 }
97
98 /*
99 * Define the client side application of the test for the specified socket.
100 * This method is used if the returned value of
101 * isCustomizedClientConnection() is false.
102 *
103 * @param socket may be null is no client socket is generated.
104 *
105 * @see #isCustomizedClientConnection()
106 */
107 protected void runClientApplication(SSLSocket socket) throws Exception {
108 InputStream sslIS = socket.getInputStream();
109 OutputStream sslOS = socket.getOutputStream();
110
111 sslOS.write(280);
112 sslOS.flush();
113 sslIS.read();
114 }
115
116 /*
117 * Define the client side application of the test for the specified
118 * server port. This method is used if the returned value of
119 * isCustomizedClientConnection() is true.
120 *
121 * Note that the client need to connect to the server port by itself
122 * for the actual message exchange.
123 *
124 * @see #isCustomizedClientConnection()
125 */
126 protected void runClientApplication(int serverPort) throws Exception {
127 // blank
128 }
129
130 /*
131 * Create an instance of SSLContext for client use.
132 */
133 protected SSLContext createClientSSLContext() throws Exception {
134 return createSSLContext(trustedCertStrs,
135 endEntityCertStrs, endEntityPrivateKeys,
136 endEntityPrivateKeyNames,
137 getClientContextParameters());
138 }
139
140 /*
141 * Create an instance of SSLContext for server use.
142 */
143 protected SSLContext createServerSSLContext() throws Exception {
144 return createSSLContext(trustedCertStrs,
145 endEntityCertStrs, endEntityPrivateKeys,
146 endEntityPrivateKeyNames,
147 getServerContextParameters());
148 }
149
150 /*
151 * The parameters used to configure SSLContext.
152 */
153 protected static final class ContextParameters {
154 final String contextProtocol;
155 final String tmAlgorithm;
156 final String kmAlgorithm;
157
158 ContextParameters(String contextProtocol,
159 String tmAlgorithm, String kmAlgorithm) {
160
161 this.contextProtocol = contextProtocol;
162 this.tmAlgorithm = tmAlgorithm;
163 this.kmAlgorithm = kmAlgorithm;
164 }
165 }
166
167 /*
168 * Get the client side parameters of SSLContext.
169 */
170 protected ContextParameters getClientContextParameters() {
171 return new ContextParameters("TLS", "PKIX", "NewSunX509");
172 }
173
174 /*
175 * Get the server side parameters of SSLContext.
176 */
177 protected ContextParameters getServerContextParameters() {
178 return new ContextParameters("TLS", "PKIX", "NewSunX509");
179 }
180
181 /*
182 * Does the client side use customized connection other than
183 * explicit Socket.connect(), for example, URL.openConnection()?
184 */
185 protected boolean isCustomizedClientConnection() {
186 return false;
187 }
188
189 /*
190 * Configure the server side socket.
191 */
192 protected void configureServerSocket(SSLServerSocket socket) {
193
194 }
195
196 /*
197 * =============================================
198 * Define the client and server side operations.
199 *
200 * If the client or server is doing some kind of object creation
201 * that the other side depends on, and that thread prematurely
202 * exits, you may experience a hang. The test harness will
203 * terminate all hung threads after its timeout has expired,
204 * currently 3 minutes by default, but you might try to be
205 * smart about it....
206 */
207
208 /*
209 * Is the server ready to serve?
210 */
211 private final CountDownLatch serverCondition = new CountDownLatch(1);
212
213 /*
214 * Is the client ready to handshake?
215 */
216 private final CountDownLatch clientCondition = new CountDownLatch(1);
217
218 /*
219 * What's the server port? Use any free port by default
220 */
221 private volatile int serverPort = 0;
222
223 /*
224 * Define the server side of the test.
225 */
226 private void doServerSide() throws Exception {
227 // kick start the server side service
228 SSLContext context = createServerSSLContext();
229 SSLServerSocketFactory sslssf = context.getServerSocketFactory();
230 SSLServerSocket sslServerSocket =
231 (SSLServerSocket)sslssf.createServerSocket(serverPort);
232 configureServerSocket(sslServerSocket);
233 serverPort = sslServerSocket.getLocalPort();
234
235 // Signal the client, the server is ready to accept connection.
236 serverCondition.countDown();
237
238 // Try to accept a connection in 30 seconds.
239 SSLSocket sslSocket;
240 try {
241 sslServerSocket.setSoTimeout(30000);
242 sslSocket = (SSLSocket)sslServerSocket.accept();
243 } catch (SocketTimeoutException ste) {
244 // Ignore the test case if no connection within 30 seconds.
245 System.out.println(
246 "No incoming client connection in 30 seconds. " +
247 "Ignore in server side.");
248 return;
249 } finally {
250 sslServerSocket.close();
251 }
252
253 // handle the connection
254 try {
255 // Is it the expected client connection?
256 //
257 // Naughty test cases or third party routines may try to
258 // connection to this server port unintentionally. In
259 // order to mitigate the impact of unexpected client
260 // connections and avoid intermittent failure, it should
261 // be checked that the accepted connection is really linked
262 // to the expected client.
263 boolean clientIsReady =
264 clientCondition.await(30L, TimeUnit.SECONDS);
265
266 if (clientIsReady) {
267 // Run the application in server side.
268 runServerApplication(sslSocket);
269 } else { // Otherwise, ignore
270 // We don't actually care about plain socket connections
271 // for TLS communication testing generally. Just ignore
272 // the test if the accepted connection is not linked to
273 // the expected client or the client connection timeout
274 // in 30 seconds.
275 System.out.println(
276 "The client is not the expected one or timeout. " +
277 "Ignore in server side.");
278 }
279 } finally {
280 sslSocket.close();
281 }
282 }
283
284 /*
285 * Define the client side of the test.
286 */
287 private void doClientSide() throws Exception {
288
289 // Wait for server to get started.
290 //
291 // The server side takes care of the issue if the server cannot
292 // get started in 90 seconds. The client side would just ignore
293 // the test case if the serer is not ready.
294 boolean serverIsReady =
295 serverCondition.await(90L, TimeUnit.SECONDS);
296 if (!serverIsReady) {
297 System.out.println(
298 "The server is not ready yet in 90 seconds. " +
299 "Ignore in client side.");
300 return;
301 }
302
303 if (isCustomizedClientConnection()) {
304 // Signal the server, the client is ready to communicate.
305 clientCondition.countDown();
306
307 // Run the application in client side.
308 runClientApplication(serverPort);
309
310 return;
311 }
312
313 SSLContext context = createClientSSLContext();
314 SSLSocketFactory sslsf = context.getSocketFactory();
315
316 try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) {
317 try {
318 sslSocket.connect(
319 new InetSocketAddress("localhost", serverPort), 15000);
320 } catch (IOException ioe) {
321 // The server side may be impacted by naughty test cases or
322 // third party routines, and cannot accept connections.
323 //
324 // Just ignore the test if the connection cannot be
325 // established.
326 System.out.println(
327 "Cannot make a connection in 15 seconds. " +
328 "Ignore in client side.");
329 return;
330 }
331
332 // OK, here the client and server get connected.
333
334 // Signal the server, the client is ready to communicate.
335 clientCondition.countDown();
336
337 // There is still a chance in theory that the server thread may
338 // wait client-ready timeout and then quit. The chance should
339 // be really rare so we don't consider it until it becomes a
340 // real problem.
341
342 // Run the application in client side.
343 runClientApplication(sslSocket);
344 }
345 }
346
347 /*
348 * =============================================
349 * Stuffs to customize the SSLContext instances.
350 */
351
352 /*
353 * =======================================
354 * Certificates and keys used in the test.
355 */
356 // Trusted certificates.
357 private final static String[] trustedCertStrs = {
358 // SHA256withECDSA, curve prime256v1
359 // Validity
360 // Not Before: Nov 25 04:19:51 2016 GMT
361 // Not After : Nov 5 04:19:51 2037 GMT
362 // Subject Key Identifier:
363 // CA:48:E8:00:C1:42:BD:59:9B:79:D9:B4:B4:CE:3F:68:0C:C8:C4:0C
364 "-----BEGIN CERTIFICATE-----\n" +
365 "MIICHDCCAcGgAwIBAgIJAJtKs6ZEcVjxMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
366 "AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
367 "ZTAeFw0xNjExMjUwNDE5NTFaFw0zNzExMDUwNDE5NTFaMDsxCzAJBgNVBAYTAlVT\n" +
368 "MQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" +
369 "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABKMO/AFDHZia65RaqMIBX7WBdtzFj8fz\n" +
370 "ggqMADLJhoszS6qfTUDYskETw3uHfB3KAOENsoKX446qFFPuVjxS1aejga0wgaow\n" +
371 "HQYDVR0OBBYEFMpI6ADBQr1Zm3nZtLTOP2gMyMQMMGsGA1UdIwRkMGKAFMpI6ADB\n" +
372 "Qr1Zm3nZtLTOP2gMyMQMoT+kPTA7MQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2\n" +
373 "YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2WCCQCbSrOmRHFY8TAPBgNV\n" +
374 "HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNJADBGAiEA5cJ/\n" +
375 "jirBbXxzpZ6kdp/Zb/yrIBnr4jiPGJTLgRTb8s4CIQChUDfP1Zqg0qJVfqFNaL4V\n" +
376 "a0EAeJHXGZnvCGGqHzoxkg==\n" +
377 "-----END CERTIFICATE-----",
378
379 // SHA256withRSA, 2048 bits
380 // Validity
381 // Not Before: Nov 25 04:20:02 2016 GMT
382 // Not After : Nov 5 04:20:02 2037 GMT
383 // Subject Key Identifier:
384 // A2:DC:55:38:E4:47:7C:8B:D3:E0:CA:FA:AD:3A:C8:4A:DD:12:A0:8E
385 "-----BEGIN CERTIFICATE-----\n" +
386 "MIIDpzCCAo+gAwIBAgIJAO586A+hYNXaMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
387 "BAYTAlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2Vy\n" +
388 "aXZjZTAeFw0xNjExMjUwNDIwMDJaFw0zNzExMDUwNDIwMDJaMDsxCzAJBgNVBAYT\n" +
389 "AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
390 "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMm3veDSU4zKXO0aAHos\n" +
391 "cFRXGLBTe+MUJXAtlkNyx7VKaMZNt5wrUuqzyi/r0LFUdRfNCzZf3X8s8HPHQVii\n" +
392 "29tK0y/yeTn4sJTATSmGaAysMJQpKQcfAQ79ItcEGQ721TFQZ3kOBdgp3t/yUYAP\n" +
393 "K2tFze/QbIw72LE52SBnPPPTzyimNw7Ai2MLl4eQlyMkTs7JS07zIiAO5QYbS8s+\n" +
394 "1NW0A3Y+d0B0q8wYEoHGq7QVjOKlSAksfO0tzi4l0Zu6Uf+J5kMAyZ4ZFgEJvGvw\n" +
395 "y/OKJ+soRFH/5cy1SL8B6AWD1y7WXugeeHTHRW1eOjTxqfG1rZqTVd2lfOMER8y1\n" +
396 "bXcCAwEAAaOBrTCBqjAdBgNVHQ4EFgQUotxVOORHfIvT4Mr6rTrISt0SoI4wawYD\n" +
397 "VR0jBGQwYoAUotxVOORHfIvT4Mr6rTrISt0SoI6hP6Q9MDsxCzAJBgNVBAYTAlVT\n" +
398 "MQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZjZYIJ\n" +
399 "AO586A+hYNXaMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3\n" +
400 "DQEBCwUAA4IBAQAtNZJSFeFU6Yid0WSCs2qLAVaTyHsUNSUPUFIIhFAKxdP4DFS0\n" +
401 "+aeOFwdqizAU3kReAYULsfwEBgO51lPBSpB+9coUNQwu7cc8Q5Xqw/llRB0PrINS\n" +
402 "pZl7PW6Ur2ExTBocnUT9A/nhm8iO4PFD/Ly11sf5OdZihhX69NJ2h3a3gcrLjIpO\n" +
403 "L/ewTOgSi5xs+AGGQa+huN3YVL7dh+/rCUvMZVSBX5PloxWS5MMJi0Ui6YjwCFGO\n" +
404 "J4G9m7pI+gJs/x1UG0AgplMF2UCFfiY1SAeE2nKAeOOXAXEwEjFy0ToVTmqXx7fg\n" +
405 "m9YjhuePxlBrd2DF/YW0pc8gmLnrtm4rKPLz\n" +
406 "-----END CERTIFICATE-----",
407
408 // SHA256withDSA, 2048 bits
409 // Validity
410 // Not Before: Nov 25 04:19:56 2016 GMT
411 // Not After : Nov 5 04:19:56 2037 GMT
412 // Subject Key Identifier:
413 // 19:46:10:43:24:6A:A5:14:BE:E2:92:01:79:F0:4C:5F:E1:AE:81:B5
414 "-----BEGIN CERTIFICATE-----\n" +
415 "MIIFCzCCBLGgAwIBAgIJAOnEn6YZD/sAMAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" +
416 "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" +
417 "Y2UwHhcNMTYxMTI1MDQxOTU2WhcNMzcxMTA1MDQxOTU2WjA7MQswCQYDVQQGEwJV\n" +
418 "UzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2Uw\n" +
419 "ggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJa17ZYdIChv5yeYuPK3zXxgUEGGsdUD\n" +
420 "AzfQUxtMryCtc3aNgWLxsN1/QYvp9v+hh4twnG20VemCEH9Qlx06Pxg74DwSOA83\n" +
421 "SecO2y7cdgmrHpep9drxKbXVZafwBhbTSwhV+IDO7EO6+LaRvZuya/YOqNIE9ENx\n" +
422 "FVk0NrNsDB6pfDEXZsCZALMN2mcl8KGn1q7vdzJQUEV7F6uLGP33znVfmQyWJH3Y\n" +
423 "W09WVCFXHvDzZHGXDO2O2QwIU1B5AsXnOGeLnKgXzErCoNKwUbVFP0W0OVeJo4pc\n" +
424 "ZfL/8TVELGG90AuuH1V3Gsq6PdzCDPw4Uv/v5m7/6kwXqBQxAJA7jhMCIQCORIGV\n" +
425 "mHy5nBLRhIP4vC7vsTxb4CTApPVmZeL5gTIwtQKCAQB2VZLY22k2+IQM6deRGK3L\n" +
426 "l7tPChGrKnGmTbtUThIza70Sp9DmTBiLzMEY+IgG8kYuT5STVxWjs0cxXCKZGMQW\n" +
427 "tioMtiXPA2M3HA0/8E0mDLSmzb0RAd2xxnDyGsuqo1eVmx7PLjN3bn3EjhD/+j3d\n" +
428 "Jx3ZVScMGyq7sVWppUvpudEXi+2etf6GUHjrcX27juo7u4zQ1ezC/HYG1H+jEFqG\n" +
429 "hdQ6b7H+LBHZH9LegOyIZTMrzAY/TwIr77sXrNJWRoxmDErKB+8bRDybYhNJswlZ\n" +
430 "m0N5YYUlPmepgbl6XzwCv0y0d81h3bayqIPLXEUtRAl9GuM0hNAlA1Y+qSn9xLFY\n" +
431 "A4IBBQACggEAZgWC0uflwqQQP1GRU1tolmFZwyVtKre7SjYgCeQBrOa0Xnj/SLaD\n" +
432 "g1HZ1oH0hccaR/45YouJiCretbbsQ77KouldGSGqTHJgRL75Y2z5uvxa60+YxZ0Z\n" +
433 "v8xvZnj4seyOjgJLxSSYSPl5n/F70RaNiCLVz/kGe6OQ8KoAeQjdDTOHXCegO9KX\n" +
434 "tvhM7EaYc8CII9OIR7S7PXJW0hgLKynZcu/Unh02aM0ABh/uLmw1+tvo8e8KTp98\n" +
435 "NKYSVf6kV3/ya58n4h64UbIYL08JoKUM/5SFETcKAZTU0YKZbpWTM79oJMr8oYVk\n" +
436 "P9jKitNsXq0Xkzt5dSO0kfu/kM7zpnaFsqOBrTCBqjAdBgNVHQ4EFgQUGUYQQyRq\n" +
437 "pRS+4pIBefBMX+GugbUwawYDVR0jBGQwYoAUGUYQQyRqpRS+4pIBefBMX+GugbWh\n" +
438 "P6Q9MDsxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5K\n" +
439 "U1NFIFRlc3QgU2VyaXZjZYIJAOnEn6YZD/sAMA8GA1UdEwEB/wQFMAMBAf8wCwYD\n" +
440 "VR0PBAQDAgEGMAsGCWCGSAFlAwQDAgNHADBEAiAwBafz5RRR9nc4cCYoYuBlT/D9\n" +
441 "9eayhkjhBY/zYunypwIgNp/JnFR88/T4hh36QfSKBGXId9RBCM6uaOkOKnEGkps=\n" +
442 "-----END CERTIFICATE-----"
443 };
444
445 // End entity certificate.
446 private final static String[] endEntityCertStrs = {
447 // SHA256withECDSA, curve prime256v1
448 // Validity
449 // Not Before: Nov 25 04:19:51 2016 GMT
450 // Not After : Aug 12 04:19:51 2036 GMT
451 // Authority Key Identifier:
452 // CA:48:E8:00:C1:42:BD:59:9B:79:D9:B4:B4:CE:3F:68:0C:C8:C4:0C
453 "-----BEGIN CERTIFICATE-----\n" +
454 "MIIB1zCCAXygAwIBAgIJAPFq2QL/nUNZMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
455 "AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
456 "ZTAeFw0xNjExMjUwNDE5NTFaFw0zNjA4MTIwNDE5NTFaMFUxCzAJBgNVBAYTAlVT\n" +
457 "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" +
458 "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" +
459 "QgAE4yvRGVvy9iVATyuHPJVdX6+lh/GLm/sRJ5qLT/3PVFOoNIvlEVNiARo7xhyj\n" +
460 "2p6bnf32gNg5Ye+QCw20VUv9E6NPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSO\n" +
461 "hHlHZQp9hyBfSGTSQWeszqMXejAfBgNVHSMEGDAWgBTKSOgAwUK9WZt52bS0zj9o\n" +
462 "DMjEDDAKBggqhkjOPQQDAgNJADBGAiEAu3t6cvFglBAZfkhZlEwB04ZjUFqyfiRj\n" +
463 "4Hr275E4ZoQCIQDUEonJHlmA19J6oobfR5lYsmoqPm1r0DPm/IiNNKGKKA==\n" +
464 "-----END CERTIFICATE-----",
465
466 // SHA256withRSA, 2048 bits
467 // Validity
468 // Not Before: Nov 25 04:20:02 2016 GMT
469 // Not After : Aug 12 04:20:02 2036 GMT
470 // Authority Key Identifier:
471 // A2:DC:55:38:E4:47:7C:8B:D3:E0:CA:FA:AD:3A:C8:4A:DD:12:A0:8E
472 "-----BEGIN CERTIFICATE-----\n" +
473 "MIIDdjCCAl6gAwIBAgIJAJDcIGOlAmBmMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
474 "BAYTAlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2Vy\n" +
475 "aXZjZTAeFw0xNjExMjUwNDIwMDJaFw0zNjA4MTIwNDIwMDJaMFUxCzAJBgNVBAYT\n" +
476 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
477 "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n" +
478 "AQ8AMIIBCgKCAQEAp0dHrifTg2aY0sH03f2JjK2fW4DL6gLDKq0YirsNE07z54LF\n" +
479 "IeeDio49XwPjB7OpbUTC1hf/YKZ7XiRWyPa1rYozZ88emhZt+cpkyKz+nmW4avlA\n" +
480 "WnrV+gx4+bU9T+WuBWdAraBcq27Y1I26yfCEtC8k3+O0sdlHbhasF+BUDmX/n4+n\n" +
481 "ifJdbNm5eSDx8eFYHFTdjhAud3An2X6QD9WWSoJpPdDi4utHhFAlxW6osjJxsAPv\n" +
482 "zo8YsqmpCMjZcEks4ZsqiZKKiWUWUAjCcbMerDPDX29fyeo348uztvJsmNRzfcwl\n" +
483 "FtwxpYdxuZqwHi2QoNaQTGXjjbZFmjn7qEkjXwIDAQABo2MwYTALBgNVHQ8EBAMC\n" +
484 "A+gwHQYDVR0OBBYEFP+henfufE6Znr60lRkmayadVdxnMB8GA1UdIwQYMBaAFKLc\n" +
485 "VTjkR3yL0+DK+q06yErdEqCOMBIGA1UdEQEB/wQIMAaHBH8AAAEwDQYJKoZIhvcN\n" +
486 "AQELBQADggEBAK56pV2XoAIkrHFTCkWtYX518nuvkzN6a6BqPKALQlmlbJnq/lhV\n" +
487 "tPQx79b0j7tow28l2ze/3M0hRb5Ft/d/7mITZNMR+0owk4U51AU2NacRt7fpoxu5\n" +
488 "wX3hTa4VgX2+BAXeoWF+Yzy6Jj5gAVmSLzBnkTUH0d+EyL1pp+DFE3QdvZqf3+nP\n" +
489 "zkxz15h3iW8FwI+7/19MX2j2XB/sG8mJpqoszWw8lM4qCa2eWyCbqSHhPi+/+rGg\n" +
490 "dDG5uzZeOC845GEH2T3tHDA+F3WwcZG/W+4RR6ZaaHlqPKKMcwFL73YbsqdCiKBv\n" +
491 "p6sXrhIiP0oXImRBRLDlidj5TIOLfAtNM9A=\n" +
492 "-----END CERTIFICATE-----",
493
494 // SHA256withDSA, 2048 bits
495 // Validity
496 // Not Before: Nov 25 04:19:56 2016 GMT
497 // Not After : Aug 12 04:19:56 2036 GMT
498 // Authority Key Identifier:
499 // 19:46:10:43:24:6A:A5:14:BE:E2:92:01:79:F0:4C:5F:E1:AE:81:B5
500 "-----BEGIN CERTIFICATE-----\n" +
501 "MIIE2jCCBICgAwIBAgIJAONcI1oba9V9MAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" +
502 "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" +
503 "Y2UwHhcNMTYxMTI1MDQxOTU2WhcNMzYwODEyMDQxOTU2WjBVMQswCQYDVQQGEwJV\n" +
504 "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Ux\n" +
505 "GDAWBgNVBAMMD1JlZ3Jlc3Npb24gVGVzdDCCA0YwggI5BgcqhkjOOAQBMIICLAKC\n" +
506 "AQEAlrXtlh0gKG/nJ5i48rfNfGBQQYax1QMDN9BTG0yvIK1zdo2BYvGw3X9Bi+n2\n" +
507 "/6GHi3CcbbRV6YIQf1CXHTo/GDvgPBI4DzdJ5w7bLtx2Casel6n12vEptdVlp/AG\n" +
508 "FtNLCFX4gM7sQ7r4tpG9m7Jr9g6o0gT0Q3EVWTQ2s2wMHql8MRdmwJkAsw3aZyXw\n" +
509 "oafWru93MlBQRXsXq4sY/ffOdV+ZDJYkfdhbT1ZUIVce8PNkcZcM7Y7ZDAhTUHkC\n" +
510 "xec4Z4ucqBfMSsKg0rBRtUU/RbQ5V4mjilxl8v/xNUQsYb3QC64fVXcayro93MIM\n" +
511 "/DhS/+/mbv/qTBeoFDEAkDuOEwIhAI5EgZWYfLmcEtGEg/i8Lu+xPFvgJMCk9WZl\n" +
512 "4vmBMjC1AoIBAHZVktjbaTb4hAzp15EYrcuXu08KEasqcaZNu1ROEjNrvRKn0OZM\n" +
513 "GIvMwRj4iAbyRi5PlJNXFaOzRzFcIpkYxBa2Kgy2Jc8DYzccDT/wTSYMtKbNvREB\n" +
514 "3bHGcPIay6qjV5WbHs8uM3dufcSOEP/6Pd0nHdlVJwwbKruxVamlS+m50ReL7Z61\n" +
515 "/oZQeOtxfbuO6ju7jNDV7ML8dgbUf6MQWoaF1Dpvsf4sEdkf0t6A7IhlMyvMBj9P\n" +
516 "Aivvuxes0lZGjGYMSsoH7xtEPJtiE0mzCVmbQ3lhhSU+Z6mBuXpfPAK/TLR3zWHd\n" +
517 "trKog8tcRS1ECX0a4zSE0CUDVj6pKf3EsVgDggEFAAKCAQBEGmdP55PyE3M+Q3fU\n" +
518 "dCGq0sbKw/04xPVhaNYRnRKNR82n+wb8bMCI1vvFqXy1BB6svti4mTHbQZ8+bQXm\n" +
519 "gyce67uYMwIa5BIk6omNGCeW/kd4ruPgyFxeb6O/Y/7w6AWyRmQttlxRA5M5OhSC\n" +
520 "tVS4oVC1KK1EfHAUh7mu8S8GrWJoJAWA3PM97Oy/HSGCEUl6HGEu1m7FHPhOKeYG\n" +
521 "cLkSaov5cbCYO76smHchI+tdUciVqeL3YKQdS+KAzsQoeAZIu/WpbaI1V+5/rSG1\n" +
522 "I94uBITLCjlJfJZ1aredCDrRXOFH7qgSBhM8/WzwFpFCnnpbSKMgrcrKubsFmW9E\n" +
523 "jQhXo2MwYTALBgNVHQ8EBAMCA+gwHQYDVR0OBBYEFNA9PhQOjB+05fxxXPNqe0OT\n" +
524 "doCjMB8GA1UdIwQYMBaAFBlGEEMkaqUUvuKSAXnwTF/hroG1MBIGA1UdEQEB/wQI\n" +
525 "MAaHBH8AAAEwCwYJYIZIAWUDBAMCA0cAMEQCIE0LM2sZi+L8tjH9sgjLEwJmYZvO\n" +
526 "yqNfQnXrkTCb+MLMAiBZLaRTVJrOW3edQjum+SonKKuiN22bRclO6pGuNRCtng==\n" +
527 "-----END CERTIFICATE-----"
528 };
529
530 // Private key in the format of PKCS#8.
531 private final static String[] endEntityPrivateKeys = {
532 //
533 // EC private key related to cert endEntityCertStrs[0].
534 //
535 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGAy4Pxrd2keM7AdP\n" +
536 "VNUMEO5iO681v4/tstVGfdXkCTuhRANCAATjK9EZW/L2JUBPK4c8lV1fr6WH8Yub\n" +
537 "+xEnmotP/c9UU6g0i+URU2IBGjvGHKPanpud/faA2Dlh75ALDbRVS/0T",
538
539 //
540 // RSA private key related to cert endEntityCertStrs[1].
541 //
542 "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCnR0euJ9ODZpjS\n" +
543 "wfTd/YmMrZ9bgMvqAsMqrRiKuw0TTvPngsUh54OKjj1fA+MHs6ltRMLWF/9gpnte\n" +
544 "JFbI9rWtijNnzx6aFm35ymTIrP6eZbhq+UBaetX6DHj5tT1P5a4FZ0CtoFyrbtjU\n" +
545 "jbrJ8IS0LyTf47Sx2UduFqwX4FQOZf+fj6eJ8l1s2bl5IPHx4VgcVN2OEC53cCfZ\n" +
546 "fpAP1ZZKgmk90OLi60eEUCXFbqiyMnGwA+/OjxiyqakIyNlwSSzhmyqJkoqJZRZQ\n" +
547 "CMJxsx6sM8Nfb1/J6jfjy7O28myY1HN9zCUW3DGlh3G5mrAeLZCg1pBMZeONtkWa\n" +
548 "OfuoSSNfAgMBAAECggEAWnAHKPkPObN2XDvQj1RL0WrtBSOVG2dy7Ne4tQh8ATxm\n" +
549 "UXw56CKq03YjaANJ8xgHObQ7QlSnFTHs8PDkmrIHd1OIh09LVDNcMfhilLwyzKBi\n" +
550 "HDO1vzU6Cn5DyX1bMJ8UfodcSIKyl1zOjdwyaItIs8HpRcJuJtk57SME18PIrh9H\n" +
551 "EWchWSxTvPvKDY2bhb4vBMgVPfTQO3yc8gY/1J5vKPqDpyEuCGjV13zd/AoL/u5A\n" +
552 "sG10hQ2veJ9KAn1xwPwEoAkCdNLL8vPB1rCbeMZNamqHZRihfoOgDnnJIf3FtUFF\n" +
553 "8bS2FM2kGQR+05SZdhBmJl0obPrbBWil/2vxqeFrgQKBgQDZl1yQsFss2BKK2VAh\n" +
554 "9PKc8tU1v6RpHQZhJEDSct2slHQS5DF6bWl5kJiPevXSvcnjgoPamZf7Joii+Rds\n" +
555 "3xtPQmRw2vQmXBQzQS1YoRuh4hUlkdFWCjUNNg1kvipue6FO4PVg3ViP7llN8PXK\n" +
556 "rSpVxn0a36UiN9jN2zMOUs6tJwKBgQDEzlqa7DghMli7TUdL44uvD2/ceiHqHMMw\n" +
557 "5eLsEHeRVn/EVU99beKw/dAOGwRssTpCd9h7fwzQ2503/Qb/Goe0nKE7+xvt3/sE\n" +
558 "n2Y8Qfv1W1+hGb2qU2jhQaR5bZrLZp0+BgRuQ4ttpYvzopYe4FLZWhDBA0zsGyu0\n" +
559 "nCi7lUSrCQKBgGeGYW8hyS9r2l6fiEWvsiLEUnbRKFsuiRN82S6HojpzI0q9sWDL\n" +
560 "X6yMBFn3qa/LxpttRGikPTAsJERN+Tw+ZlLuhrU/J3x8wMumDfomJOx/kYofd5bV\n" +
561 "ImqXtgWhiLSqM5RA6d5dUb6hK3Iu2/LDMuo+ltVLZNkD8y32RbNh6J1vAoGAbLqQ\n" +
562 "pgyhSf3Vtc0Q+aVB87p0k3tKJ1wynl4zSzYhyMLgHakAHIzL8/qVqmVUwXP8euJZ\n" +
563 "UIk1nGHobxk0d1XB6Y+rKEcn+/iFZt1ljx7pQ3ly0L824NXqGKC6bHeYUI1li/Gp\n" +
564 "Gv3oFvCh7D1D8NUAEKLIpMndAohUUhkAC/qAkHkCgYEAzSIarDNquayV+umC1SXm\n" +
565 "Zo6XLuzWjudLxPd2lyCfwR2aRKlrb+5OFYErX+RSLyCJmaqVZMyXP09PBIvNXu2Z\n" +
566 "+gbx5WUC+kA+6zdKEPXowei6i6EHMXYT2AL7395ZbPajZjsCduE3WuUztuHrhtMm\n" +
567 "JI+k1o4rCnSLlX4gWdN1oTs=",
568
569 //
570 // DSA private key related to cert endEntityCertStrs[2].
571 //
572 "MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCWte2WHSAob+cnmLjyt818YFBB\n" +
573 "hrHVAwM30FMbTK8grXN2jYFi8bDdf0GL6fb/oYeLcJxttFXpghB/UJcdOj8YO+A8\n" +
574 "EjgPN0nnDtsu3HYJqx6XqfXa8Sm11WWn8AYW00sIVfiAzuxDuvi2kb2bsmv2DqjS\n" +
575 "BPRDcRVZNDazbAweqXwxF2bAmQCzDdpnJfChp9au73cyUFBFexerixj99851X5kM\n" +
576 "liR92FtPVlQhVx7w82RxlwztjtkMCFNQeQLF5zhni5yoF8xKwqDSsFG1RT9FtDlX\n" +
577 "iaOKXGXy//E1RCxhvdALrh9VdxrKuj3cwgz8OFL/7+Zu/+pMF6gUMQCQO44TAiEA\n" +
578 "jkSBlZh8uZwS0YSD+Lwu77E8W+AkwKT1ZmXi+YEyMLUCggEAdlWS2NtpNviEDOnX\n" +
579 "kRity5e7TwoRqypxpk27VE4SM2u9EqfQ5kwYi8zBGPiIBvJGLk+Uk1cVo7NHMVwi\n" +
580 "mRjEFrYqDLYlzwNjNxwNP/BNJgy0ps29EQHdscZw8hrLqqNXlZsezy4zd259xI4Q\n" +
581 "//o93Scd2VUnDBsqu7FVqaVL6bnRF4vtnrX+hlB463F9u47qO7uM0NXswvx2BtR/\n" +
582 "oxBahoXUOm+x/iwR2R/S3oDsiGUzK8wGP08CK++7F6zSVkaMZgxKygfvG0Q8m2IT\n" +
583 "SbMJWZtDeWGFJT5nqYG5el88Ar9MtHfNYd22sqiDy1xFLUQJfRrjNITQJQNWPqkp\n" +
584 "/cSxWAQiAiAKHYbYwEy0XS9J0MeKQmqPswn0nCJKvH+esfMKkZvV3w=="
585 };
586
587 // Private key names of endEntityPrivateKeys.
588 private final static String[] endEntityPrivateKeyNames = {
589 "EC",
590 "RSA",
591 "DSA",
592 };
593
594 /*
595 * Create an instance of SSLContext with the specified trust/key materials.
596 */
597 private SSLContext createSSLContext(
598 String[] trustedMaterials,
599 String[] keyMaterialCerts,
600 String[] keyMaterialKeys,
601 String[] keyMaterialKeyAlgs,
602 ContextParameters params) throws Exception {
603
604 KeyStore ts = null; // trust store
605 KeyStore ks = null; // key store
606 char passphrase[] = "passphrase".toCharArray();
607
608 // Generate certificate from cert string.
609 CertificateFactory cf = CertificateFactory.getInstance("X.509");
610
611 // Import the trused certs.
612 ByteArrayInputStream is;
613 if (trustedMaterials != null && trustedMaterials.length != 0) {
614 ts = KeyStore.getInstance("JKS");
615 ts.load(null, null);
616
617 Certificate[] trustedCert =
618 new Certificate[trustedMaterials.length];
619 for (int i = 0; i < trustedMaterials.length; i++) {
620 String trustedCertStr = trustedMaterials[i];
621
622 is = new ByteArrayInputStream(trustedCertStr.getBytes());
623 try {
624 trustedCert[i] = cf.generateCertificate(is);
625 } finally {
626 is.close();
627 }
628
629 ts.setCertificateEntry("trusted-cert-" + i, trustedCert[i]);
630 }
631 }
632
633 // Import the key materials.
634 //
635 // Note that certification pathes bigger than one are not supported yet.
636 boolean hasKeyMaterials =
637 (keyMaterialCerts != null) && (keyMaterialCerts.length != 0) &&
638 (keyMaterialKeys != null) && (keyMaterialKeys.length != 0) &&
639 (keyMaterialKeyAlgs != null) && (keyMaterialKeyAlgs.length != 0) &&
640 (keyMaterialCerts.length == keyMaterialKeys.length) &&
641 (keyMaterialCerts.length == keyMaterialKeyAlgs.length);
642 if (hasKeyMaterials) {
643 ks = KeyStore.getInstance("JKS");
644 ks.load(null, null);
645
646 for (int i = 0; i < keyMaterialCerts.length; i++) {
647 String keyCertStr = keyMaterialCerts[i];
648
649 // generate the private key.
650 PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
651 Base64.getMimeDecoder().decode(keyMaterialKeys[i]));
652 KeyFactory kf =
653 KeyFactory.getInstance(keyMaterialKeyAlgs[i]);
654 PrivateKey priKey = kf.generatePrivate(priKeySpec);
655
656 // generate certificate chain
657 is = new ByteArrayInputStream(keyCertStr.getBytes());
658 Certificate keyCert = null;
659 try {
660 keyCert = cf.generateCertificate(is);
661 } finally {
662 is.close();
663 }
664
665 Certificate[] chain = new Certificate[] { keyCert };
666
667 // import the key entry.
668 ks.setKeyEntry("cert-" + keyMaterialKeyAlgs[i],
669 priKey, passphrase, chain);
670 }
671 }
672
673 // Create an SSLContext object.
674 TrustManagerFactory tmf =
675 TrustManagerFactory.getInstance(params.tmAlgorithm);
676 tmf.init(ts);
677
678 SSLContext context = SSLContext.getInstance(params.contextProtocol);
679 if (hasKeyMaterials && ks != null) {
680 KeyManagerFactory kmf =
681 KeyManagerFactory.getInstance(params.kmAlgorithm);
682 kmf.init(ks, passphrase);
683
684 context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
685 } else {
686 context.init(null, tmf.getTrustManagers(), null);
687 }
688
689 return context;
690 }
691
692 /*
693 * =================================================
694 * Stuffs to boot up the client-server mode testing.
695 */
696 private Thread clientThread = null;
697 private Thread serverThread = null;
698 private volatile Exception serverException = null;
699 private volatile Exception clientException = null;
700
701 /*
702 * Should we run the client or server in a separate thread?
703 * Both sides can throw exceptions, but do you have a preference
704 * as to which side should be the main thread.
705 */
706 private static final boolean separateServerThread = false;
707
708 /*
709 * Boot up the testing, used to drive remainder of the test.
710 */
711 private void bootup() throws Exception {
712 Exception startException = null;
713 try {
714 if (separateServerThread) {
715 startServer(true);
716 startClient(false);
717 } else {
718 startClient(true);
719 startServer(false);
720 }
721 } catch (Exception e) {
722 startException = e;
723 }
724
725 /*
726 * Wait for other side to close down.
727 */
728 if (separateServerThread) {
729 if (serverThread != null) {
730 serverThread.join();
731 }
732 } else {
733 if (clientThread != null) {
734 clientThread.join();
735 }
736 }
737
738 /*
739 * When we get here, the test is pretty much over.
740 * Which side threw the error?
741 */
742 Exception local;
743 Exception remote;
744
745 if (separateServerThread) {
746 remote = serverException;
747 local = clientException;
748 } else {
749 remote = clientException;
750 local = serverException;
751 }
752
753 Exception exception = null;
754
755 /*
756 * Check various exception conditions.
757 */
758 if ((local != null) && (remote != null)) {
759 // If both failed, return the curthread's exception.
760 local.initCause(remote);
761 exception = local;
762 } else if (local != null) {
763 exception = local;
764 } else if (remote != null) {
765 exception = remote;
766 } else if (startException != null) {
767 exception = startException;
768 }
769
770 /*
771 * If there was an exception *AND* a startException,
772 * output it.
773 */
774 if (exception != null) {
775 if (exception != startException && startException != null) {
776 exception.addSuppressed(startException);
777 }
778 throw exception;
779 }
780
781 // Fall-through: no exception to throw!
782 }
783
784 private void startServer(boolean newThread) throws Exception {
785 if (newThread) {
786 serverThread = new Thread() {
787 @Override
788 public void run() {
789 try {
790 doServerSide();
791 } catch (Exception e) {
792 /*
793 * Our server thread just died.
794 *
795 * Release the client, if not active already...
796 */
797 logException("Server died", e);
798 serverException = e;
799 }
800 }
801 };
802 serverThread.start();
803 } else {
804 try {
805 doServerSide();
806 } catch (Exception e) {
807 logException("Server failed", e);
808 serverException = e;
809 }
810 }
811 }
812
813 private void startClient(boolean newThread) throws Exception {
814 if (newThread) {
815 clientThread = new Thread() {
816 @Override
817 public void run() {
818 try {
819 doClientSide();
820 } catch (Exception e) {
821 /*
822 * Our client thread just died.
823 */
824 logException("Client died", e);
825 clientException = e;
826 }
827 }
828 };
829 clientThread.start();
830 } else {
831 try {
832 doClientSide();
833 } catch (Exception e) {
834 logException("Client failed", e);
835 clientException = e;
836 }
837 }
838 }
839
840 private synchronized void logException(String prefix, Throwable cause) {
841 System.out.println(prefix + ": " + cause);
842 cause.printStackTrace(System.out);
843 }
844 }