1 /*
2 * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // Please run in othervm mode. SunJSSE does not support dynamic system
26 // properties, no way to re-use system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 8161106 8170329
32 * @summary Improve SSLSocket test template
33 * @run main/othervm SSLSocketTemplate
34 */
35
36 import java.io.ByteArrayInputStream;
37 import java.io.InputStream;
38 import java.io.IOException;
39 import java.io.OutputStream;
40 import javax.net.ssl.KeyManagerFactory;
41 import javax.net.ssl.SSLContext;
42 import javax.net.ssl.SSLServerSocket;
43 import javax.net.ssl.SSLServerSocketFactory;
44 import javax.net.ssl.SSLSocket;
45 import javax.net.ssl.SSLSocketFactory;
46 import javax.net.ssl.TrustManagerFactory;
47 import java.net.InetSocketAddress;
48 import java.net.SocketTimeoutException;
49 import java.security.KeyStore;
50 import java.security.PrivateKey;
51 import java.security.KeyFactory;
52 import java.security.cert.Certificate;
53 import java.security.cert.CertificateFactory;
54 import java.security.spec.PKCS8EncodedKeySpec;
55 import java.util.Base64;
56
57 import java.util.concurrent.CountDownLatch;
58 import java.util.concurrent.TimeUnit;
59
60 /**
61 * Template to help speed your client/server tests.
62 *
63 * Two examples that use this template:
64 * test/sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java
65 * test/sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java
66 */
67 public class SSLSocketTemplate {
68
69 /*
70 * ==================
71 * Run the test case.
72 */
73 public static void main(String[] args) throws Exception {
74 (new SSLSocketTemplate()).run();
75 }
76
77 /*
78 * Run the test case.
79 */
80 public void run() throws Exception {
81 bootup();
82 }
83
84 /*
85 * Define the server side application of the test for the specified socket.
86 */
87 protected void runServerApplication(SSLSocket socket) throws Exception {
88 // here comes the test logic
89 InputStream sslIS = socket.getInputStream();
90 OutputStream sslOS = socket.getOutputStream();
91
92 sslIS.read();
93 sslOS.write(85);
94 sslOS.flush();
95 }
96
97 /*
98 * Define the client side application of the test for the specified socket.
99 * This method is used if the returned value of
100 * isCustomizedClientConnection() is false.
101 *
102 * @param socket may be null is no client socket is generated.
103 *
104 * @see #isCustomizedClientConnection()
105 */
106 protected void runClientApplication(SSLSocket socket) throws Exception {
107 InputStream sslIS = socket.getInputStream();
108 OutputStream sslOS = socket.getOutputStream();
109
110 sslOS.write(280);
111 sslOS.flush();
112 sslIS.read();
113 }
114
115 /*
116 * Define the client side application of the test for the specified
117 * server port. This method is used if the returned value of
118 * isCustomizedClientConnection() is true.
119 *
120 * Note that the client need to connect to the server port by itself
121 * for the actual message exchange.
122 *
123 * @see #isCustomizedClientConnection()
124 */
125 protected void runClientApplication(int serverPort) throws Exception {
126 // blank
127 }
128
129 /*
130 * Create an instance of SSLContext for client use.
131 */
132 protected SSLContext createClientSSLContext() throws Exception {
133 return createSSLContext(trustedCertStrs,
134 endEntityCertStrs, endEntityPrivateKeys,
135 endEntityPrivateKeyAlgs,
136 endEntityPrivateKeyNames,
137 getClientContextParameters());
138 }
139
140 /*
141 * Create an instance of SSLContext for server use.
142 */
143 protected SSLContext createServerSSLContext() throws Exception {
144 return createSSLContext(trustedCertStrs,
145 endEntityCertStrs, endEntityPrivateKeys,
146 endEntityPrivateKeyAlgs,
147 endEntityPrivateKeyNames,
148 getServerContextParameters());
149 }
150
151 /*
152 * The parameters used to configure SSLContext.
153 */
154 protected static final class ContextParameters {
155 final String contextProtocol;
156 final String tmAlgorithm;
157 final String kmAlgorithm;
158
159 ContextParameters(String contextProtocol,
160 String tmAlgorithm, String kmAlgorithm) {
161
162 this.contextProtocol = contextProtocol;
163 this.tmAlgorithm = tmAlgorithm;
164 this.kmAlgorithm = kmAlgorithm;
165 }
166 }
167
168 /*
169 * Get the client side parameters of SSLContext.
170 */
171 protected ContextParameters getClientContextParameters() {
172 return new ContextParameters("TLS", "PKIX", "NewSunX509");
173 }
174
175 /*
176 * Get the server side parameters of SSLContext.
177 */
178 protected ContextParameters getServerContextParameters() {
179 return new ContextParameters("TLS", "PKIX", "NewSunX509");
180 }
181
182 /*
183 * Does the client side use customized connection other than
184 * explicit Socket.connect(), for example, URL.openConnection()?
185 */
186 protected boolean isCustomizedClientConnection() {
187 return false;
188 }
189
190 /*
191 * Configure the server side socket.
192 */
193 protected void configureServerSocket(SSLServerSocket socket) {
194
195 }
196
197 /*
198 * =============================================
199 * Define the client and server side operations.
200 *
201 * If the client or server is doing some kind of object creation
202 * that the other side depends on, and that thread prematurely
203 * exits, you may experience a hang. The test harness will
204 * terminate all hung threads after its timeout has expired,
205 * currently 3 minutes by default, but you might try to be
206 * smart about it....
207 */
208
209 /*
210 * Is the server ready to serve?
211 */
212 private final CountDownLatch serverCondition = new CountDownLatch(1);
213
214 /*
215 * Is the client ready to handshake?
216 */
217 private final CountDownLatch clientCondition = new CountDownLatch(1);
218
219 /*
220 * What's the server port? Use any free port by default
221 */
222 private volatile int serverPort = 0;
223
224 /*
225 * Define the server side of the test.
226 */
227 private void doServerSide() throws Exception {
228 // kick start the server side service
229 SSLContext context = createServerSSLContext();
230 SSLServerSocketFactory sslssf = context.getServerSocketFactory();
231 SSLServerSocket sslServerSocket =
232 (SSLServerSocket)sslssf.createServerSocket(serverPort);
233 configureServerSocket(sslServerSocket);
234 serverPort = sslServerSocket.getLocalPort();
235
236 // Signal the client, the server is ready to accept connection.
237 serverCondition.countDown();
238
239 // Try to accept a connection in 30 seconds.
240 SSLSocket sslSocket;
241 try {
242 sslServerSocket.setSoTimeout(30000);
243 sslSocket = (SSLSocket)sslServerSocket.accept();
244 } catch (SocketTimeoutException ste) {
245 // Ignore the test case if no connection within 30 seconds.
246 System.out.println(
247 "No incoming client connection in 30 seconds. " +
248 "Ignore in server side.");
249 return;
250 } finally {
251 sslServerSocket.close();
252 }
253
254 // handle the connection
255 try {
256 // Is it the expected client connection?
257 //
258 // Naughty test cases or third party routines may try to
259 // connection to this server port unintentionally. In
260 // order to mitigate the impact of unexpected client
261 // connections and avoid intermittent failure, it should
262 // be checked that the accepted connection is really linked
263 // to the expected client.
264 boolean clientIsReady =
265 clientCondition.await(30L, TimeUnit.SECONDS);
266
267 if (clientIsReady) {
268 // Run the application in server side.
269 runServerApplication(sslSocket);
270 } else { // Otherwise, ignore
271 // We don't actually care about plain socket connections
272 // for TLS communication testing generally. Just ignore
273 // the test if the accepted connection is not linked to
274 // the expected client or the client connection timeout
275 // in 30 seconds.
276 System.out.println(
277 "The client is not the expected one or timeout. " +
278 "Ignore in server side.");
279 }
280 } finally {
281 sslSocket.close();
282 }
283 }
284
285 /*
286 * Define the client side of the test.
287 */
288 private void doClientSide() throws Exception {
289
290 // Wait for server to get started.
291 //
292 // The server side takes care of the issue if the server cannot
293 // get started in 90 seconds. The client side would just ignore
294 // the test case if the serer is not ready.
295 boolean serverIsReady =
296 serverCondition.await(90L, TimeUnit.SECONDS);
297 if (!serverIsReady) {
298 System.out.println(
299 "The server is not ready yet in 90 seconds. " +
300 "Ignore in client side.");
301 return;
302 }
303
304 if (isCustomizedClientConnection()) {
305 // Signal the server, the client is ready to communicate.
306 clientCondition.countDown();
307
308 // Run the application in client side.
309 runClientApplication(serverPort);
310
311 return;
312 }
313
314 SSLContext context = createClientSSLContext();
315 SSLSocketFactory sslsf = context.getSocketFactory();
316
317 try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) {
318 try {
319 sslSocket.connect(
320 new InetSocketAddress("localhost", serverPort), 15000);
321 } catch (IOException ioe) {
322 // The server side may be impacted by naughty test cases or
323 // third party routines, and cannot accept connections.
324 //
325 // Just ignore the test if the connection cannot be
326 // established.
327 System.out.println(
328 "Cannot make a connection in 15 seconds. " +
329 "Ignore in client side.");
330 return;
331 }
332
333 // OK, here the client and server get connected.
334
335 // Signal the server, the client is ready to communicate.
336 clientCondition.countDown();
337
338 // There is still a chance in theory that the server thread may
339 // wait client-ready timeout and then quit. The chance should
340 // be really rare so we don't consider it until it becomes a
341 // real problem.
342
343 // Run the application in client side.
344 runClientApplication(sslSocket);
345 }
346 }
347
348 /*
349 * =============================================
350 * Stuffs to customize the SSLContext instances.
351 */
352
353 /*
354 * =======================================
355 * Certificates and keys used in the test.
356 */
357 // Trusted certificates.
358 private final static String[] trustedCertStrs = {
359 // SHA256withECDSA, curve prime256v1
360 // Validity
361 // Not Before: May 22 07:18:16 2018 GMT
362 // Not After : May 17 07:18:16 2038 GMT
363 // Subject Key Identifier:
364 // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
365 "-----BEGIN CERTIFICATE-----\n" +
366 "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
367 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
368 "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" +
369 "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" +
370 "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" +
371 "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" +
372 "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" +
373 "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" +
374 "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" +
375 "2YEHlSQUAbwwqCDEVB5KxaqP\n" +
376 "-----END CERTIFICATE-----",
377 // -----BEGIN PRIVATE KEY-----
378 // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd
379 // XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd
380 // LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp
381 // -----END PRIVATE KEY-----
382
383 // SHA256withRSA, 2048 bits
384 // Validity
385 // Not Before: May 22 07:18:16 2018 GMT
386 // Not After : May 17 07:18:16 2038 GMT
387 // Subject Key Identifier:
388 // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C
389 "-----BEGIN CERTIFICATE-----\n" +
390 "MIIDSTCCAjGgAwIBAgIJAI4ZF3iy8zG+MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
391 "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
392 "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYT\n" +
393 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
394 "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpMcY7aWieXDEM1/YJf\n" +
395 "JW27b4nRIFZyEYhEloyGsKTuQiiQjc8cqRZFNXe2vwziDB4IyTEl0Hjl5QF6ZaQE\n" +
396 "huPzzwvQm1pv64KrRXrmj3FisQK8B5OWLty9xp6xDqsaMRoyObLK+oIb20T5fSlE\n" +
397 "evmo1vYjnh8CX0Yzx5Gr5ye6YSEHQvYOWEws8ad17OlyToR2KMeC8w4qo6rs59pW\n" +
398 "g7Mxn9vo22ImDzrtAbTbXbCias3xlE0Bp0h5luyf+5U4UgksoL9B9r2oP4GrLNEV\n" +
399 "oJk57t8lwaR0upiv3CnS8LcJELpegZub5ggqLY8ZPYFQPjlK6IzLOm6rXPgZiZ3m\n" +
400 "RL0CAwEAAaNQME4wHQYDVR0OBBYEFA3dk8n+S701t+iZeJD721o92xVMMB8GA1Ud\n" +
401 "IwQYMBaAFA3dk8n+S701t+iZeJD721o92xVMMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" +
402 "hvcNAQELBQADggEBAJTRC3rKUUhVH07/1+stUungSYgpM08dY4utJq0BDk36BbmO\n" +
403 "0AnLDMbkwFdHEoqF6hQIfpm7SQTmXk0Fss6Eejm8ynYr6+EXiRAsaXOGOBCzF918\n" +
404 "/RuKOzqABfgSU4UBKECLM5bMfQTL60qx+HdbdVIpnikHZOFfmjCDVxoHsGyXc1LW\n" +
405 "Jhkht8IGOgc4PMGvyzTtRFjz01kvrVQZ75aN2E0GQv6dCxaEY0i3ypSzjUWAKqDh\n" +
406 "3e2OLwUSvumcdaxyCdZAOUsN6pDBQ+8VRG7KxnlRlY1SMEk46QgQYLbPDe/+W/yH\n" +
407 "ca4PejicPeh+9xRAwoTpiE2gulfT7Lm+fVM7Ruc=\n" +
408 "-----END CERTIFICATE-----",
409 // -----BEGIN PRIVATE KEY-----
410 // MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6THGO2lonlwxD
411 // Nf2CXyVtu2+J0SBWchGIRJaMhrCk7kIokI3PHKkWRTV3tr8M4gweCMkxJdB45eUB
412 // emWkBIbj888L0Jtab+uCq0V65o9xYrECvAeTli7cvcaesQ6rGjEaMjmyyvqCG9tE
413 // +X0pRHr5qNb2I54fAl9GM8eRq+cnumEhB0L2DlhMLPGndezpck6EdijHgvMOKqOq
414 // 7OfaVoOzMZ/b6NtiJg867QG0212womrN8ZRNAadIeZbsn/uVOFIJLKC/Qfa9qD+B
415 // qyzRFaCZOe7fJcGkdLqYr9wp0vC3CRC6XoGbm+YIKi2PGT2BUD45SuiMyzpuq1z4
416 // GYmd5kS9AgMBAAECggEAFHSoU2MuWwJ+2jJnb5U66t2V1bAcuOE1g5zkWvG/G5z9
417 // rq6Qo5kmB8f5ovdx6tw3MGUOklLwnRXBG3RxDJ1iokz3AvkY1clMNsDPlDsUrQKF
418 // JSO4QUBQTPSZhnsyfR8XHSU+qJ8Y+ohMfzpVv95BEoCzebtXdVgxVegBlcEmVHo2
419 // kMmkRN+bYNsr8eb2r+b0EpyumS39ZgKYh09+cFb78y3T6IFMGcVJTP6nlGBFkmA/
420 // 25pYeCF2tSki08qtMJZQAvKfw0Kviibk7ZxRbJqmc7B1yfnOEHP6ftjuvKl2+RP/
421 // +5P5f8CfIP6gtA0LwSzAqQX/hfIKrGV5j0pCqrD0kQKBgQDeNR6Xi4sXVq79lihO
422 // a1bSeV7r8yoQrS8x951uO+ox+UIZ1MsAULadl7zB/P0er92p198I9M/0Jth3KBuS
423 // zj45mucvpiiGvmQlMKMEfNq4nN7WHOu55kufPswQB2mR4J3xmwI+4fM/nl1zc82h
424 // De8JSazRldJXNhfx0RGFPmgzbwKBgQDWoVXrXLbCAn41oVnWB8vwY9wjt92ztDqJ
425 // HMFA/SUohjePep9UDq6ooHyAf/Lz6oE5NgeVpPfTDkgvrCFVKnaWdwALbYoKXT2W
426 // 9FlyJox6eQzrtHAacj3HJooXWuXlphKSizntfxj3LtMR9BmrmRJOfK+SxNOVJzW2
427 // +MowT20EkwKBgHmpB8jdZBgxI7o//m2BI5Y1UZ1KE5vx1kc7VXzHXSBjYqeV9FeF
428 // 2ZZLP9POWh/1Fh4pzTmwIDODGT2UPhSQy0zq3O0fwkyT7WzXRknsuiwd53u/dejg
429 // iEL2NPAJvulZ2+AuiHo5Z99LK8tMeidV46xoJDDUIMgTG+UQHNGhK5gNAoGAZn/S
430 // Cn7SgMC0CWSvBHnguULXZO9wH1wZAFYNLL44OqwuaIUFBh2k578M9kkke7woTmwx
431 // HxQTjmWpr6qimIuY6q6WBN8hJ2Xz/d1fwhYKzIp20zHuv5KDUlJjbFfqpsuy3u1C
432 // kts5zwI7pr1ObRbDGVyOdKcu7HI3QtR5qqyjwaUCgYABo7Wq6oHva/9V34+G3Goh
433 // 63bYGUnRw2l5BD11yhQv8XzGGZFqZVincD8gltNThB0Dc/BI+qu3ky4YdgdZJZ7K
434 // z51GQGtaHEbrHS5caV79yQ8QGY5mUVH3E+VXSxuIqb6pZq2DH4sTAEFHyncddmOH
435 // zoXBInYwRG9KE/Bw5elhUw==
436 // -----END PRIVATE KEY-----
437
438 // SHA256withDSA, 2048 bits
439 // Validity
440 // Not Before: May 22 07:18:18 2018 GMT
441 // Not After : May 17 07:18:18 2038 GMT
442 // Subject Key Identifier:
443 // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53
444 "-----BEGIN CERTIFICATE-----\n" +
445 "MIIErjCCBFSgAwIBAgIJAOktYLNCbr02MAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" +
446 "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" +
447 "Y2UwHhcNMTgwNTIyMDcxODE4WhcNMzgwNTE3MDcxODE4WjA7MQswCQYDVQQGEwJV\n" +
448 "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Uw\n" +
449 "ggNHMIICOQYHKoZIzjgEATCCAiwCggEBAO5GyPhSm0ze3LSu+gicdULLj05iOfTL\n" +
450 "UvZQ29sYz41zmqrLBQbdKiHqgJu2Re9sgTb5suLNjF047TOLPnU3jhPtWm2X8Xzi\n" +
451 "VGIcHym/Q/MeZxStt/88seqroI3WOKzIML2GcrishT+lcGrtH36Tf1+ue2Snn3PS\n" +
452 "WyxygNqPjllP5uUjYmFLvAf4QLMldkd/D2VxcwsHjB8y5iUZsXezc/LEhRZS/02m\n" +
453 "ivqlRw3AMkq/OVe/ZtxFWsP0nsfxEGdZuaUFpppGfixxFvymrB3+J51cTt+pZBDq\n" +
454 "D2y0DYfc+88iCs4jwHTfcDIpLb538HBjBj2rEgtQESQmB0ooD/+wsPsCIQC1bYch\n" +
455 "gElNtDYL3FgpLgNSUYp7gIWv9ehaC7LO2z7biQKCAQBitvFOnDkUja8NAF7lDpOV\n" +
456 "b5ipQ8SicBLW3kQamxhyuyxgZyy/PojZ/oPorkqW/T/A0rhnG6MssEpAtdiwVB+c\n" +
457 "rBYGo3bcwmExJhdOJ6dYuKFppPWhCwKMHs9npK+lqBMl8l5j58xlcFeC7ZfGf8GY\n" +
458 "GkhFW0c44vEQhMMbac6ZTTP4mw+1t7xJfmDMlLEyIpTXaAAk8uoVLWzQWnR40sHi\n" +
459 "ybvS0u3JxQkb7/y8tOOZu8qlz/YOS7lQ6UxUGX27Ce1E0+agfPphetoRAlS1cezq\n" +
460 "Wa7r64Ga0nkj1kwkcRqjgTiJx0NwnUXr78VAXFhVF95+O3lfqhvdtEGtkhDGPg7N\n" +
461 "A4IBBgACggEBAMmSHQK0w2i+iqUjOPzn0yNEZrzepLlLeQ1tqtn0xnlv5vBAeefD\n" +
462 "Pm9dd3tZOjufVWP7hhEz8xPobb1CS4e3vuQiv5UBfhdPL3f3l9T7JMAKPH6C9Vve\n" +
463 "OQXE5eGqbjsySbcmseHoYUt1WCSnSda1opX8zchX04e7DhGfE2/L9flpYEoSt8lI\n" +
464 "vMNjgOwvKdW3yvPt1/eBBHYNFG5gWPv/Q5KoyCtHS03uqGm4rNc/wZTIEEfd66C+\n" +
465 "QRaUltjOaHmtwOdDHaNqwhYZSVOip+Mo+TfyzHFREcdHLapo7ZXqbdYkRGxRR3d+\n" +
466 "3DfHaraJO0OKoYlPkr3JMvM/MSGR9AnZOcejUDBOMB0GA1UdDgQWBBR2Zp73O91F\n" +
467 "5TvZcjw/8FQ5hjEmUzAfBgNVHSMEGDAWgBR2Zp73O91F5TvZcjw/8FQ5hjEmUzAM\n" +
468 "BgNVHRMEBTADAQH/MAsGCWCGSAFlAwQDAgNHADBEAiBzriYE41M2y9Hy5ppkL0Qn\n" +
469 "dIlNc8JhXT/PHW7GDtViagIgMko8Qoj9gDGPK3+O9E8DC3wGiiF9CObM4LN387ok\n" +
470 "J+g=\n" +
471 "-----END CERTIFICATE-----"
472 // -----BEGIN PRIVATE KEY-----
473 // MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQDuRsj4UptM3ty0rvoInHVCy49O
474 // Yjn0y1L2UNvbGM+Nc5qqywUG3Soh6oCbtkXvbIE2+bLizYxdOO0ziz51N44T7Vpt
475 // l/F84lRiHB8pv0PzHmcUrbf/PLHqq6CN1jisyDC9hnK4rIU/pXBq7R9+k39frntk
476 // p59z0lsscoDaj45ZT+blI2JhS7wH+ECzJXZHfw9lcXMLB4wfMuYlGbF3s3PyxIUW
477 // Uv9Npor6pUcNwDJKvzlXv2bcRVrD9J7H8RBnWbmlBaaaRn4scRb8pqwd/iedXE7f
478 // qWQQ6g9stA2H3PvPIgrOI8B033AyKS2+d/BwYwY9qxILUBEkJgdKKA//sLD7AiEA
479 // tW2HIYBJTbQ2C9xYKS4DUlGKe4CFr/XoWguyzts+24kCggEAYrbxTpw5FI2vDQBe
480 // 5Q6TlW+YqUPEonAS1t5EGpsYcrssYGcsvz6I2f6D6K5Klv0/wNK4ZxujLLBKQLXY
481 // sFQfnKwWBqN23MJhMSYXTienWLihaaT1oQsCjB7PZ6SvpagTJfJeY+fMZXBXgu2X
482 // xn/BmBpIRVtHOOLxEITDG2nOmU0z+JsPtbe8SX5gzJSxMiKU12gAJPLqFS1s0Fp0
483 // eNLB4sm70tLtycUJG+/8vLTjmbvKpc/2Dku5UOlMVBl9uwntRNPmoHz6YXraEQJU
484 // tXHs6lmu6+uBmtJ5I9ZMJHEao4E4icdDcJ1F6+/FQFxYVRfefjt5X6ob3bRBrZIQ
485 // xj4OzQQjAiEAsceWOM8do4etxp2zgnoNXV8PUUyqWhz1+0srcKV7FR4=
486 // -----END PRIVATE KEY-----
487 };
488
489 // End entity certificate.
490 private final static String[] endEntityCertStrs = {
491 // SHA256withECDSA, curve prime256v1
492 // Validity
493 // Not Before: May 22 07:18:16 2018 GMT
494 // Not After : May 17 07:18:16 2038 GMT
495 // Authority Key Identifier:
496 // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
497 "-----BEGIN CERTIFICATE-----\n" +
498 "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
499 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
500 "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" +
501 "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" +
502 "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" +
503 "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" +
504 "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" +
505 "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" +
506 "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" +
507 "-----END CERTIFICATE-----",
508
509 // SHA256withRSA, 2048 bits
510 // Validity
511 // Not Before: May 22 07:18:16 2018 GMT
512 // Not After : May 17 07:18:16 2038 GMT
513 // Authority Key Identifier:
514 // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C
515 "-----BEGIN CERTIFICATE-----\n" +
516 "MIIDNjCCAh6gAwIBAgIJAO2+yPcFryUTMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
517 "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
518 "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYT\n" +
519 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
520 "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n" +
521 "AQ8AMIIBCgKCAQEAszfBobWfZIp8AgC6PiWDDavP65mSvgCXUGxACbxVNAfkLhNR\n" +
522 "QOsHriRB3X1Q3nvO9PetC6wKlvE9jlnDDj7D+1j1r1CHO7ms1fq8rfcQYdkanDtu\n" +
523 "4AlHo8v+SSWX16MIXFRYDj2VVHmyPtgbltcg4zGAuwT746FdLI94uXjJjq1IOr/v\n" +
524 "0VIlwE5ORWH5Xc+5Tj+oFWK0E4a4GHDgtKKhn2m72hN56/GkPKGkguP5NRS1qYYV\n" +
525 "/EFkdyQMOV8J1M7HaicSft4OL6eKjTrgo93+kHk+tv0Dc6cpVBnalX3TorG8QI6B\n" +
526 "cHj1XQd78oAlAC+/jF4pc0mwi0un49kdK9gRfQIDAQABoyMwITAfBgNVHSMEGDAW\n" +
527 "gBQN3ZPJ/ku9NbfomXiQ+9taPdsVTDANBgkqhkiG9w0BAQsFAAOCAQEApXS0nKwm\n" +
528 "Kp8gpmO2yG1rpd1+2wBABiMU4JZaTqmma24DQ3RzyS+V2TeRb29dl5oTUEm98uc0\n" +
529 "GPZvhK8z5RFr4YE17dc04nI/VaNDCw4y1NALXGs+AHkjoPjLyGbWpi1S+gfq2sNB\n" +
530 "Ekkjp6COb/cb9yiFXOGVls7UOIjnVZVd0r7KaPFjZhYh82/f4PA/A1SnIKd1+nfH\n" +
531 "2yk7mSJNC7Z3qIVDL8MM/jBVwiC3uNe5GPB2uwhd7k5LGAVN3j4HQQGB0Sz+VC1h\n" +
532 "92oi6xDa+YBva2fvHuCd8P50DDjxmp9CemC7rnZ5j8egj88w14X44Xjb/Fd/ApG9\n" +
533 "e57NnbT7KM+Grw==\n" +
534 "-----END CERTIFICATE-----",
535
536 // SHA256withRSA, curv prime256v1
537 // Validity
538 // Not Before: May 22 07:18:16 2018 GMT
539 // Not After : May 21 07:18:16 2028 GMT
540 // Authority Key Identifier:
541 // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C
542 "-----BEGIN CERTIFICATE-----\n" +
543 "MIICazCCAVOgAwIBAgIJAO2+yPcFryUUMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
544 "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
545 "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0yODA1MjEwNzE4MTZaMFUxCzAJBgNVBAYT\n" +
546 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
547 "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" +
548 "AQcDQgAE59MERNTlVZ1eeps8Z3Oue5ZkgQdPtD+WIE6tj3PbIKpxGPDxvfNP959A\n" +
549 "yQjEK/ehWQVrCMmNoEkIzY+IIBgB06MjMCEwHwYDVR0jBBgwFoAUDd2Tyf5LvTW3\n" +
550 "6Jl4kPvbWj3bFUwwDQYJKoZIhvcNAQELBQADggEBAFOTVEqs70ykhZiIdrEsF1Ra\n" +
551 "I3B2rLvwXZk52uSltk2/bzVvewA577ZCoxQ1pL7ynkisPfBN1uVYtHjM1VA3RC+4\n" +
552 "+TAK78dnI7otYjWoHp5rvs4l6c/IbOspS290IlNuDUxMErEm5wxIwj+Aukx/1y68\n" +
553 "hOyCvHBLMY2c1LskH1MMBbDuS1aI+lnGpToi+MoYObxGcV458vxuT8+wwV8Fkpvd\n" +
554 "ll8IIFmeNPRv+1E+lXbES6CSNCVaZ/lFhPgdgYKleN7sfspiz50DG4dqafuEAaX5\n" +
555 "xaK1NWXJxTRz0ROH/IUziyuDW6jphrlgit4+3NCzp6vP9hAJQ8Vhcj0n15BKHIQ=\n" +
556 "-----END CERTIFICATE-----",
557
558 // SHA256withDSA, 2048 bits
559 // Validity
560 // Not Before: May 22 07:18:20 2018 GMT
561 // Not After : May 17 07:18:20 2038 GMT
562 // Authority Key Identifier:
563 // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53
564 "-----BEGIN CERTIFICATE-----\n" +
565 "MIIEnDCCBEGgAwIBAgIJAP/jh1qVhNVjMAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" +
566 "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" +
567 "Y2UwHhcNMTgwNTIyMDcxODIwWhcNMzgwNTE3MDcxODIwWjBVMQswCQYDVQQGEwJV\n" +
568 "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Ux\n" +
569 "GDAWBgNVBAMMD1JlZ3Jlc3Npb24gVGVzdDCCA0cwggI6BgcqhkjOOAQBMIICLQKC\n" +
570 "AQEAmlavgoJrMcjqWRVcDE2dmWAPREgnzQvneEDef68cprDzjSwvOs5QeFyx75ib\n" +
571 "ado1e6jO/rW1prCGWHDD1oA/Tn4Pk3vu0nUxzvl1qATc+aJbpUU5Op0bvp6LbCsQ\n" +
572 "QslV9FeRh7Eb7bP6gpc/kHCBzEgC1VCK7prccXWy+t6SMOHbND3h+UbckfSaUuaV\n" +
573 "sVJNTD1D6GElfRj4Nmz1BGPfSYvKorwNZEU3gXwFgtDoAcGx7tcyClLpDHfqRfw/\n" +
574 "7yiqLyeiP7D4hl5lMNouJWDlAdMFp0FMgS3s9VDFinIcr6VtBWMTG7+4+czHAB+3\n" +
575 "fvrwlqNzhBn3uFHrekN/w8fNxwIhAJo7Sae1za7IMW0Q6hE5B4b+s2B/FaKPoA4E\n" +
576 "jtZu13B9AoIBAQCOZqLMKfvqZWUgT0PQ3QjR7dAFdd06I9Y3+TOQzZk1+j+vw/6E\n" +
577 "X4vFItX4gihb/u5Q9CdmpwhVGi7bvo+7+/IKeTgoQ6f5+PSug7SrWWUQ5sPwaZui\n" +
578 "zXZJ5nTeZDucFc2yFx0wgnjbPwiUxZklOT7xGiOMtzOTa2koCz5KuIBL+/wPKKxm\n" +
579 "ypo9VoY9xfbdU6LMXZv/lpD5XTM9rYHr/vUTNkukvV6Hpm0YMEWhVZKUJiqCqTqG\n" +
580 "XHaleOxSw6uQWB/+TznifcC7gB48UOQjCqOKf5VuwQneJLhlhU/jhRV3xtr+hLZa\n" +
581 "hW1wYhVi8cjLDrZFKlgEQqhB4crnJU0mJY+tA4IBBQACggEAID0ezl00/X8mv7eb\n" +
582 "bzovum1+DEEP7FM57k6HZEG2N3ve4CW+0m9Cd+cWPz8wkZ+M0j/Eqa6F0IdbkXEc\n" +
583 "Q7CuzvUyJ57xQ3L/WCgXsiS+Bh8O4Mz7GwW22CGmHqafbVv+hKBfr8MkskO6GJUt\n" +
584 "SUF/CVLzB4gMIvZMH26tBP2xK+i7FeEK9kT+nGdzQSZBAhFYpEVCBplHZO24/OYq\n" +
585 "1DNoU327nUuXIhmsfA8N0PjiWbIZIjTPwBGr9H0LpATI7DIDNcvRRvtROP+pBU9y\n" +
586 "fuykPkptg9C0rCM9t06bukpOSaEz/2VIQdLE8fHYFA6pHZ6CIc2+5cfvMgTPhcjz\n" +
587 "W2jCt6MjMCEwHwYDVR0jBBgwFoAUdmae9zvdReU72XI8P/BUOYYxJlMwCwYJYIZI\n" +
588 "AWUDBAMCA0gAMEUCIQCeI5fN08b9BpOaHdc3zQNGjp24FOL/RxlBLeBAorswJgIg\n" +
589 "JEZ8DhYxQy1O7mmZ2UIT7op6epWMB4dENjs0qWPmcKo=\n" +
590 "-----END CERTIFICATE-----"
591 };
592
593 // Private key in the format of PKCS#8.
594 private final static String[] endEntityPrivateKeys = {
595 //
596 // EC private key related to cert endEntityCertStrs[0].
597 //
598 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" +
599 "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" +
600 "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6",
601
602 //
603 // RSA private key related to cert endEntityCertStrs[1].
604 //
605 "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzN8GhtZ9kinwC\n" +
606 "ALo+JYMNq8/rmZK+AJdQbEAJvFU0B+QuE1FA6weuJEHdfVDee870960LrAqW8T2O\n" +
607 "WcMOPsP7WPWvUIc7uazV+ryt9xBh2RqcO27gCUejy/5JJZfXowhcVFgOPZVUebI+\n" +
608 "2BuW1yDjMYC7BPvjoV0sj3i5eMmOrUg6v+/RUiXATk5FYfldz7lOP6gVYrQThrgY\n" +
609 "cOC0oqGfabvaE3nr8aQ8oaSC4/k1FLWphhX8QWR3JAw5XwnUzsdqJxJ+3g4vp4qN\n" +
610 "OuCj3f6QeT62/QNzpylUGdqVfdOisbxAjoFwePVdB3vygCUAL7+MXilzSbCLS6fj\n" +
611 "2R0r2BF9AgMBAAECggEASIkPkMCuw4WdTT44IwERus3IOIYOs2IP3BgEDyyvm4B6\n" +
612 "JP/iihDWKfA4zEl1Gqcni1RXMHswSglXra682J4kui02Ov+vzEeJIY37Ibn2YnP5\n" +
613 "ZjRT2s9GtI/S2o4hl8A/mQb2IMViFC+xKehTukhV4j5d6NPKk0XzLR7gcMjnYxwn\n" +
614 "l21fS6D2oM1xRG/di7sL+uLF8EXLRzfiWDNi12uQv4nwtxPKvuKhH6yzHt7YqMH0\n" +
615 "46pmDKDaxV4w1JdycjCb6NrCJOYZygoQobuZqOQ30UZoZsPJrtovkncFr1e+lNcO\n" +
616 "+aWDfOLCtTH046dEQh5oCShyXMybNlry/QHsOtHOwQKBgQDh2iIjs+FPpQy7Z3EX\n" +
617 "DGEvHYqPjrYO9an2KSRr1m9gzRlWYxKY46WmPKwjMerYtra0GP+TBHrgxsfO8tD2\n" +
618 "wUAII6sd1qup0a/Sutgf2JxVilLykd0+Ge4/Cs51tCdJ8EqDV2B6WhTewOY2EGvg\n" +
619 "JiKYkeNwgRX/9M9CFSAMAk0hUQKBgQDLJAartL3DoGUPjYtpJnfgGM23yAGl6G5r\n" +
620 "NSXDn80BiYIC1p0bG3N0xm3yAjqOtJAUj9jZbvDNbCe3GJfLARMr23legX4tRrgZ\n" +
621 "nEdKnAFKAKL01oM+A5/lHdkwaZI9yyv+hgSVdYzUjB8rDmzeVQzo1BT7vXypt2yV\n" +
622 "6O1OnUpCbQKBgA/0rzDChopv6KRcvHqaX0tK1P0rYeVQqb9ATNhpf9jg5Idb3HZ8\n" +
623 "rrk91BNwdVz2G5ZBpdynFl9G69rNAMJOCM4KZw5mmh4XOEq09Ivba8AHU7DbaTv3\n" +
624 "7QL7KnbaUWRB26HHzIMYVh0el6T+KADf8NXCiMTr+bfpfbL3dxoiF3zhAoGAbCJD\n" +
625 "Qse1dBs/cKYCHfkSOsI5T6kx52Tw0jS6Y4X/FOBjyqr/elyEexbdk8PH9Ar931Qr\n" +
626 "NKMvn8oA4iA/PRrXX7M2yi3YQrWwbkGYWYjtzrzEAdzmg+5eARKAeJrZ8/bg9l3U\n" +
627 "ttKaItJsDPlizn8rngy3FsJpR9aSAMK6/+wOiYkCgYEA1tZkI1rD1W9NYZtbI9BE\n" +
628 "qlJVFi2PBOJMKNuWdouPX3HLQ72GJSQff2BFzLTELjweVVJ0SvY4IipzpQOHQOBy\n" +
629 "5qh/p6izXJZh3IHtvwVBjHoEVplg1b2+I5e3jDCfqnwcQw82dW5SxOJMg1h/BD0I\n" +
630 "qAL3go42DYeYhu/WnECMeis=",
631
632 //
633 // EC private key related to cert endEntityCertStrs[2].
634 //
635 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGVc7hICpmp91jbYe\n" +
636 "nrr8nYHD37RZP3VENY+szuA7WjuhRANCAATn0wRE1OVVnV56mzxnc657lmSBB0+0\n" +
637 "P5YgTq2Pc9sgqnEY8PG980/3n0DJCMQr96FZBWsIyY2gSQjNj4ggGAHT",
638
639 //
640 // DSA private key related to cert endEntityCertStrs[3].
641 //
642 "MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQCaVq+CgmsxyOpZFVwMTZ2ZYA9E\n" +
643 "SCfNC+d4QN5/rxymsPONLC86zlB4XLHvmJtp2jV7qM7+tbWmsIZYcMPWgD9Ofg+T\n" +
644 "e+7SdTHO+XWoBNz5olulRTk6nRu+notsKxBCyVX0V5GHsRvts/qClz+QcIHMSALV\n" +
645 "UIrumtxxdbL63pIw4ds0PeH5RtyR9JpS5pWxUk1MPUPoYSV9GPg2bPUEY99Ji8qi\n" +
646 "vA1kRTeBfAWC0OgBwbHu1zIKUukMd+pF/D/vKKovJ6I/sPiGXmUw2i4lYOUB0wWn\n" +
647 "QUyBLez1UMWKchyvpW0FYxMbv7j5zMcAH7d++vCWo3OEGfe4Uet6Q3/Dx83HAiEA\n" +
648 "mjtJp7XNrsgxbRDqETkHhv6zYH8Voo+gDgSO1m7XcH0CggEBAI5moswp++plZSBP\n" +
649 "Q9DdCNHt0AV13Toj1jf5M5DNmTX6P6/D/oRfi8Ui1fiCKFv+7lD0J2anCFUaLtu+\n" +
650 "j7v78gp5OChDp/n49K6DtKtZZRDmw/Bpm6LNdknmdN5kO5wVzbIXHTCCeNs/CJTF\n" +
651 "mSU5PvEaI4y3M5NraSgLPkq4gEv7/A8orGbKmj1Whj3F9t1Tosxdm/+WkPldMz2t\n" +
652 "gev+9RM2S6S9XoembRgwRaFVkpQmKoKpOoZcdqV47FLDq5BYH/5POeJ9wLuAHjxQ\n" +
653 "5CMKo4p/lW7BCd4kuGWFT+OFFXfG2v6EtlqFbXBiFWLxyMsOtkUqWARCqEHhyucl\n" +
654 "TSYlj60EIgIgLfA75+8KcKxdN8mr6gzGjQe7jPFGG42Ejhd7Q2F4wuw="
655 };
656
657 // Private key algorithm of endEntityPrivateKeys.
658 private final static String[] endEntityPrivateKeyAlgs = {
659 "EC",
660 "RSA",
661 "EC",
662 "DSA",
663 };
664
665 // Private key names of endEntityPrivateKeys.
666 private final static String[] endEntityPrivateKeyNames = {
667 "ecdsa",
668 "rsa",
669 "ec-rsa",
670 "dsa",
671 };
672
673 /*
674 * Create an instance of SSLContext with the specified trust/key materials.
675 */
676 private SSLContext createSSLContext(
677 String[] trustedMaterials,
678 String[] keyMaterialCerts,
679 String[] keyMaterialKeys,
680 String[] keyMaterialKeyAlgs,
681 String[] keyMaterialKeyNames,
682 ContextParameters params) throws Exception {
683
684 KeyStore ts = null; // trust store
685 KeyStore ks = null; // key store
686 char passphrase[] = "passphrase".toCharArray();
687
688 // Generate certificate from cert string.
689 CertificateFactory cf = CertificateFactory.getInstance("X.509");
690
691 // Import the trused certs.
692 ByteArrayInputStream is;
693 if (trustedMaterials != null && trustedMaterials.length != 0) {
694 ts = KeyStore.getInstance("JKS");
695 ts.load(null, null);
696
697 Certificate[] trustedCert =
698 new Certificate[trustedMaterials.length];
699 for (int i = 0; i < trustedMaterials.length; i++) {
700 String trustedCertStr = trustedMaterials[i];
701
702 is = new ByteArrayInputStream(trustedCertStr.getBytes());
703 try {
704 trustedCert[i] = cf.generateCertificate(is);
705 } finally {
706 is.close();
707 }
708
709 ts.setCertificateEntry("trusted-cert-" + i, trustedCert[i]);
710 }
711 }
712
713 // Import the key materials.
714 //
715 // Note that certification pathes bigger than one are not supported yet.
716 boolean hasKeyMaterials =
717 (keyMaterialCerts != null) && (keyMaterialCerts.length != 0) &&
718 (keyMaterialKeys != null) && (keyMaterialKeys.length != 0) &&
719 (keyMaterialKeyAlgs != null) && (keyMaterialKeyAlgs.length != 0) &&
720 (keyMaterialCerts.length == keyMaterialKeys.length) &&
721 (keyMaterialCerts.length == keyMaterialKeyAlgs.length);
722 if (hasKeyMaterials) {
723 ks = KeyStore.getInstance("JKS");
724 ks.load(null, null);
725
726 for (int i = 0; i < keyMaterialCerts.length; i++) {
727 String keyCertStr = keyMaterialCerts[i];
728
729 // generate the private key.
730 PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
731 Base64.getMimeDecoder().decode(keyMaterialKeys[i]));
732 KeyFactory kf =
733 KeyFactory.getInstance(keyMaterialKeyAlgs[i]);
734 PrivateKey priKey = kf.generatePrivate(priKeySpec);
735
736 // generate certificate chain
737 is = new ByteArrayInputStream(keyCertStr.getBytes());
738 Certificate keyCert = null;
739 try {
740 keyCert = cf.generateCertificate(is);
741 } finally {
742 is.close();
743 }
744
745 Certificate[] chain = new Certificate[] { keyCert };
746
747 // import the key entry.
748 ks.setKeyEntry("cert-" + keyMaterialKeyNames[i],
749 priKey, passphrase, chain);
750 }
751 }
752
753 // Create an SSLContext object.
754 TrustManagerFactory tmf =
755 TrustManagerFactory.getInstance(params.tmAlgorithm);
756 tmf.init(ts);
757
758 SSLContext context = SSLContext.getInstance(params.contextProtocol);
759 if (hasKeyMaterials && ks != null) {
760 KeyManagerFactory kmf =
761 KeyManagerFactory.getInstance(params.kmAlgorithm);
762 kmf.init(ks, passphrase);
763
764 context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
765 } else {
766 context.init(null, tmf.getTrustManagers(), null);
767 }
768
769 return context;
770 }
771
772 /*
773 * =================================================
774 * Stuffs to boot up the client-server mode testing.
775 */
776 private Thread clientThread = null;
777 private Thread serverThread = null;
778 private volatile Exception serverException = null;
779 private volatile Exception clientException = null;
780
781 /*
782 * Should we run the client or server in a separate thread?
783 * Both sides can throw exceptions, but do you have a preference
784 * as to which side should be the main thread.
785 */
786 private static final boolean separateServerThread = false;
787
788 /*
789 * Boot up the testing, used to drive remainder of the test.
790 */
791 private void bootup() throws Exception {
792 Exception startException = null;
793 try {
794 if (separateServerThread) {
795 startServer(true);
796 startClient(false);
797 } else {
798 startClient(true);
799 startServer(false);
800 }
801 } catch (Exception e) {
802 startException = e;
803 }
804
805 /*
806 * Wait for other side to close down.
807 */
808 if (separateServerThread) {
809 if (serverThread != null) {
810 serverThread.join();
811 }
812 } else {
813 if (clientThread != null) {
814 clientThread.join();
815 }
816 }
817
818 /*
819 * When we get here, the test is pretty much over.
820 * Which side threw the error?
821 */
822 Exception local;
823 Exception remote;
824
825 if (separateServerThread) {
826 remote = serverException;
827 local = clientException;
828 } else {
829 remote = clientException;
830 local = serverException;
831 }
832
833 Exception exception = null;
834
835 /*
836 * Check various exception conditions.
837 */
838 if ((local != null) && (remote != null)) {
839 // If both failed, return the curthread's exception.
840 local.initCause(remote);
841 exception = local;
842 } else if (local != null) {
843 exception = local;
844 } else if (remote != null) {
845 exception = remote;
846 } else if (startException != null) {
847 exception = startException;
848 }
849
850 /*
851 * If there was an exception *AND* a startException,
852 * output it.
853 */
854 if (exception != null) {
855 if (exception != startException && startException != null) {
856 exception.addSuppressed(startException);
857 }
858 throw exception;
859 }
860
861 // Fall-through: no exception to throw!
862 }
863
864 private void startServer(boolean newThread) throws Exception {
865 if (newThread) {
866 serverThread = new Thread() {
867 @Override
868 public void run() {
869 try {
870 doServerSide();
871 } catch (Exception e) {
872 /*
873 * Our server thread just died.
874 *
875 * Release the client, if not active already...
876 */
877 logException("Server died", e);
878 serverException = e;
879 }
880 }
881 };
882 serverThread.start();
883 } else {
884 try {
885 doServerSide();
886 } catch (Exception e) {
887 logException("Server failed", e);
888 serverException = e;
889 }
890 }
891 }
892
893 private void startClient(boolean newThread) throws Exception {
894 if (newThread) {
895 clientThread = new Thread() {
896 @Override
897 public void run() {
898 try {
899 doClientSide();
900 } catch (Exception e) {
901 /*
902 * Our client thread just died.
903 */
904 logException("Client died", e);
905 clientException = e;
906 }
907 }
908 };
909 clientThread.start();
910 } else {
911 try {
912 doClientSide();
913 } catch (Exception e) {
914 logException("Client failed", e);
915 clientException = e;
916 }
917 }
918 }
919
920 private synchronized void logException(String prefix, Throwable cause) {
921 System.out.println(prefix + ": " + cause);
922 cause.printStackTrace(System.out);
923 }
924 }