1 /*
2 * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 import java.io.*;
25 import java.net.*;
26
27 import java.security.cert.Certificate;
28
29 import javax.net.ssl.*;
30
31 class JSSEClient extends CipherTest.Client {
32
33 private final SSLContext sslContext;
34 private final MyX509KeyManager keyManager;
35
36 JSSEClient(CipherTest cipherTest) throws Exception {
37 super(cipherTest);
38 this.keyManager = new MyX509KeyManager(CipherTest.keyManager);
39 sslContext = SSLContext.getInstance("TLS");
40 }
41
42 void runTest(CipherTest.TestParameters params) throws Exception {
43 SSLSocket socket = null;
44 try {
45 keyManager.setAuthType(params.clientAuth);
46 sslContext.init(
47 new KeyManager[] { keyManager },
48 new TrustManager[] { CipherTest.trustManager },
49 CipherTest.secureRandom);
50 SSLSocketFactory factory
51 = (SSLSocketFactory) sslContext.getSocketFactory();
52
53 socket = (SSLSocket) factory.createSocket();
54 try {
55 socket.connect(new InetSocketAddress("127.0.0.1",
56 CipherTest.serverPort), 15000);
57 } catch (IOException ioe) {
58 // The server side may be impacted by naughty test cases or
59 // third party routines, and cannot accept connections.
60 //
61 // Just ignore the test if the connection cannot be
62 // established.
63 System.out.println(
64 "Cannot make a connection in 15 seconds. " +
65 "Ignore in client side.");
66 return;
67 }
68
69 socket.setSoTimeout(CipherTest.TIMEOUT);
70 socket.setEnabledCipherSuites(new String[] {params.cipherSuite});
71 socket.setEnabledProtocols(new String[] {params.protocol});
72 InputStream in = socket.getInputStream();
73 OutputStream out = socket.getOutputStream();
74 sendRequest(in, out);
75 socket.close();
76 SSLSession session = socket.getSession();
77 session.invalidate();
78 String cipherSuite = session.getCipherSuite();
79 if (params.cipherSuite.equals(cipherSuite) == false) {
80 throw new Exception("Negotiated ciphersuite mismatch: " + cipherSuite + " != " + params.cipherSuite);
81 }
82 String protocol = session.getProtocol();
83 if (params.protocol.equals(protocol) == false) {
84 throw new Exception("Negotiated protocol mismatch: " + protocol + " != " + params.protocol);
85 }
86 if (cipherSuite.indexOf("DH_anon") == -1) {
87 session.getPeerCertificates();
88 }
89 Certificate[] certificates = session.getLocalCertificates();
90 if (params.clientAuth == null) {
91 if (certificates != null) {
92 throw new Exception("Local certificates should be null");
93 }
94 } else {
95 if ((certificates == null) || (certificates.length == 0)) {
96 throw new Exception("Certificates missing");
97 }
98 String keyAlg = certificates[0].getPublicKey().getAlgorithm();
99 if (keyAlg.equals("EC")) {
100 keyAlg = "ECDSA";
101 }
102 if (params.clientAuth != keyAlg) {
103 throw new Exception("Certificate type mismatch: " + keyAlg + " != " + params.clientAuth);
104 }
105 }
106 } finally {
107 if (socket != null) {
108 socket.close();
109 }
110 }
111 }
112
113 }