1 /* 2 * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // Please run in othervm mode. SunJSSE does not support dynamic system 26 // properties, no way to re-use system properties in samevm/agentvm mode. 27 // 28 29 /* 30 * @test 31 * @bug 8161106 8170329 32 * @summary Improve SSLSocket test template 33 * @run main/othervm SSLSocketTemplate 34 */ 35 36 import java.io.ByteArrayInputStream; 37 import java.io.InputStream; 38 import java.io.IOException; 39 import java.io.OutputStream; 40 import javax.net.ssl.KeyManagerFactory; 41 import javax.net.ssl.SSLContext; 42 import javax.net.ssl.SSLServerSocket; 43 import javax.net.ssl.SSLServerSocketFactory; 44 import javax.net.ssl.SSLSocket; 45 import javax.net.ssl.SSLSocketFactory; 46 import javax.net.ssl.TrustManagerFactory; 47 import java.net.InetSocketAddress; 48 import java.net.SocketTimeoutException; 49 import java.security.KeyStore; 50 import java.security.PrivateKey; 51 import java.security.KeyFactory; 52 import java.security.cert.Certificate; 53 import java.security.cert.CertificateFactory; 54 import java.security.spec.PKCS8EncodedKeySpec; 55 import java.util.Base64; 56 57 import java.util.concurrent.CountDownLatch; 58 import java.util.concurrent.TimeUnit; 59 60 /** 61 * Template to help speed your client/server tests. 62 * 63 * Two examples that use this template: 64 * test/sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java 65 * test/sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java 66 */ 67 public class SSLSocketTemplate { 68 69 /* 70 * ================== 71 * Run the test case. 72 */ 73 public static void main(String[] args) throws Exception { 74 (new SSLSocketTemplate()).run(); 75 } 76 77 /* 78 * Run the test case. 79 */ 80 public void run() throws Exception { 81 bootup(); 82 } 83 84 /* 85 * Define the server side application of the test for the specified socket. 86 */ 87 protected void runServerApplication(SSLSocket socket) throws Exception { 88 // here comes the test logic 89 InputStream sslIS = socket.getInputStream(); 90 OutputStream sslOS = socket.getOutputStream(); 91 92 sslIS.read(); 93 sslOS.write(85); 94 sslOS.flush(); 95 } 96 97 /* 98 * Define the client side application of the test for the specified socket. 99 * This method is used if the returned value of 100 * isCustomizedClientConnection() is false. 101 * 102 * @param socket may be null is no client socket is generated. 103 * 104 * @see #isCustomizedClientConnection() 105 */ 106 protected void runClientApplication(SSLSocket socket) throws Exception { 107 InputStream sslIS = socket.getInputStream(); 108 OutputStream sslOS = socket.getOutputStream(); 109 110 sslOS.write(280); 111 sslOS.flush(); 112 sslIS.read(); 113 } 114 115 /* 116 * Define the client side application of the test for the specified 117 * server port. This method is used if the returned value of 118 * isCustomizedClientConnection() is true. 119 * 120 * Note that the client need to connect to the server port by itself 121 * for the actual message exchange. 122 * 123 * @see #isCustomizedClientConnection() 124 */ 125 protected void runClientApplication(int serverPort) throws Exception { 126 // blank 127 } 128 129 /* 130 * Create an instance of SSLContext for client use. 131 */ 132 protected SSLContext createClientSSLContext() throws Exception { 133 return createSSLContext(trustedCertStrs, 134 endEntityCertStrs, endEntityPrivateKeys, 135 endEntityPrivateKeyAlgs, 136 endEntityPrivateKeyNames, 137 getClientContextParameters()); 138 } 139 140 /* 141 * Create an instance of SSLContext for server use. 142 */ 143 protected SSLContext createServerSSLContext() throws Exception { 144 return createSSLContext(trustedCertStrs, 145 endEntityCertStrs, endEntityPrivateKeys, 146 endEntityPrivateKeyAlgs, 147 endEntityPrivateKeyNames, 148 getServerContextParameters()); 149 } 150 151 /* 152 * The parameters used to configure SSLContext. 153 */ 154 protected static final class ContextParameters { 155 final String contextProtocol; 156 final String tmAlgorithm; 157 final String kmAlgorithm; 158 159 ContextParameters(String contextProtocol, 160 String tmAlgorithm, String kmAlgorithm) { 161 162 this.contextProtocol = contextProtocol; 163 this.tmAlgorithm = tmAlgorithm; 164 this.kmAlgorithm = kmAlgorithm; 165 } 166 } 167 168 /* 169 * Get the client side parameters of SSLContext. 170 */ 171 protected ContextParameters getClientContextParameters() { 172 return new ContextParameters("TLS", "PKIX", "NewSunX509"); 173 } 174 175 /* 176 * Get the server side parameters of SSLContext. 177 */ 178 protected ContextParameters getServerContextParameters() { 179 return new ContextParameters("TLS", "PKIX", "NewSunX509"); 180 } 181 182 /* 183 * Does the client side use customized connection other than 184 * explicit Socket.connect(), for example, URL.openConnection()? 185 */ 186 protected boolean isCustomizedClientConnection() { 187 return false; 188 } 189 190 /* 191 * Configure the server side socket. 192 */ 193 protected void configureServerSocket(SSLServerSocket socket) { 194 195 } 196 197 /* 198 * ============================================= 199 * Define the client and server side operations. 200 * 201 * If the client or server is doing some kind of object creation 202 * that the other side depends on, and that thread prematurely 203 * exits, you may experience a hang. The test harness will 204 * terminate all hung threads after its timeout has expired, 205 * currently 3 minutes by default, but you might try to be 206 * smart about it.... 207 */ 208 209 /* 210 * Is the server ready to serve? 211 */ 212 private final CountDownLatch serverCondition = new CountDownLatch(1); 213 214 /* 215 * Is the client ready to handshake? 216 */ 217 private final CountDownLatch clientCondition = new CountDownLatch(1); 218 219 /* 220 * What's the server port? Use any free port by default 221 */ 222 private volatile int serverPort = 0; 223 224 /* 225 * Define the server side of the test. 226 */ 227 private void doServerSide() throws Exception { 228 // kick start the server side service 229 SSLContext context = createServerSSLContext(); 230 SSLServerSocketFactory sslssf = context.getServerSocketFactory(); 231 SSLServerSocket sslServerSocket = 232 (SSLServerSocket)sslssf.createServerSocket(serverPort); 233 configureServerSocket(sslServerSocket); 234 serverPort = sslServerSocket.getLocalPort(); 235 236 // Signal the client, the server is ready to accept connection. 237 serverCondition.countDown(); 238 239 // Try to accept a connection in 30 seconds. 240 SSLSocket sslSocket; 241 try { 242 sslServerSocket.setSoTimeout(30000); 243 sslSocket = (SSLSocket)sslServerSocket.accept(); 244 } catch (SocketTimeoutException ste) { 245 // Ignore the test case if no connection within 30 seconds. 246 System.out.println( 247 "No incoming client connection in 30 seconds. " + 248 "Ignore in server side."); 249 return; 250 } finally { 251 sslServerSocket.close(); 252 } 253 254 // handle the connection 255 try { 256 // Is it the expected client connection? 257 // 258 // Naughty test cases or third party routines may try to 259 // connection to this server port unintentionally. In 260 // order to mitigate the impact of unexpected client 261 // connections and avoid intermittent failure, it should 262 // be checked that the accepted connection is really linked 263 // to the expected client. 264 boolean clientIsReady = 265 clientCondition.await(30L, TimeUnit.SECONDS); 266 267 if (clientIsReady) { 268 // Run the application in server side. 269 runServerApplication(sslSocket); 270 } else { // Otherwise, ignore 271 // We don't actually care about plain socket connections 272 // for TLS communication testing generally. Just ignore 273 // the test if the accepted connection is not linked to 274 // the expected client or the client connection timeout 275 // in 30 seconds. 276 System.out.println( 277 "The client is not the expected one or timeout. " + 278 "Ignore in server side."); 279 } 280 } finally { 281 sslSocket.close(); 282 } 283 } 284 285 /* 286 * Define the client side of the test. 287 */ 288 private void doClientSide() throws Exception { 289 290 // Wait for server to get started. 291 // 292 // The server side takes care of the issue if the server cannot 293 // get started in 90 seconds. The client side would just ignore 294 // the test case if the serer is not ready. 295 boolean serverIsReady = 296 serverCondition.await(90L, TimeUnit.SECONDS); 297 if (!serverIsReady) { 298 System.out.println( 299 "The server is not ready yet in 90 seconds. " + 300 "Ignore in client side."); 301 return; 302 } 303 304 if (isCustomizedClientConnection()) { 305 // Signal the server, the client is ready to communicate. 306 clientCondition.countDown(); 307 308 // Run the application in client side. 309 runClientApplication(serverPort); 310 311 return; 312 } 313 314 SSLContext context = createClientSSLContext(); 315 SSLSocketFactory sslsf = context.getSocketFactory(); 316 317 try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) { 318 try { 319 sslSocket.connect( 320 new InetSocketAddress("localhost", serverPort), 15000); 321 } catch (IOException ioe) { 322 // The server side may be impacted by naughty test cases or 323 // third party routines, and cannot accept connections. 324 // 325 // Just ignore the test if the connection cannot be 326 // established. 327 System.out.println( 328 "Cannot make a connection in 15 seconds. " + 329 "Ignore in client side."); 330 return; 331 } 332 333 // OK, here the client and server get connected. 334 335 // Signal the server, the client is ready to communicate. 336 clientCondition.countDown(); 337 338 // There is still a chance in theory that the server thread may 339 // wait client-ready timeout and then quit. The chance should 340 // be really rare so we don't consider it until it becomes a 341 // real problem. 342 343 // Run the application in client side. 344 runClientApplication(sslSocket); 345 } 346 } 347 348 /* 349 * ============================================= 350 * Stuffs to customize the SSLContext instances. 351 */ 352 353 /* 354 * ======================================= 355 * Certificates and keys used in the test. 356 */ 357 // Trusted certificates. 358 private final static String[] trustedCertStrs = { 359 // SHA256withECDSA, curve prime256v1 360 // Validity 361 // Not Before: May 22 07:18:16 2018 GMT 362 // Not After : May 17 07:18:16 2038 GMT 363 // Subject Key Identifier: 364 // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 365 "-----BEGIN CERTIFICATE-----\n" + 366 "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + 367 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 368 "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" + 369 "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" + 370 "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" + 371 "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" + 372 "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" + 373 "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" + 374 "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" + 375 "2YEHlSQUAbwwqCDEVB5KxaqP\n" + 376 "-----END CERTIFICATE-----", 377 // -----BEGIN PRIVATE KEY----- 378 // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd 379 // XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd 380 // LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp 381 // -----END PRIVATE KEY----- 382 383 // SHA256withRSA, 2048 bits 384 // Validity 385 // Not Before: May 22 07:18:16 2018 GMT 386 // Not After : May 17 07:18:16 2038 GMT 387 // Subject Key Identifier: 388 // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C 389 "-----BEGIN CERTIFICATE-----\n" + 390 "MIIDSTCCAjGgAwIBAgIJAI4ZF3iy8zG+MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + 391 "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + 392 "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYT\n" + 393 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 394 "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpMcY7aWieXDEM1/YJf\n" + 395 "JW27b4nRIFZyEYhEloyGsKTuQiiQjc8cqRZFNXe2vwziDB4IyTEl0Hjl5QF6ZaQE\n" + 396 "huPzzwvQm1pv64KrRXrmj3FisQK8B5OWLty9xp6xDqsaMRoyObLK+oIb20T5fSlE\n" + 397 "evmo1vYjnh8CX0Yzx5Gr5ye6YSEHQvYOWEws8ad17OlyToR2KMeC8w4qo6rs59pW\n" + 398 "g7Mxn9vo22ImDzrtAbTbXbCias3xlE0Bp0h5luyf+5U4UgksoL9B9r2oP4GrLNEV\n" + 399 "oJk57t8lwaR0upiv3CnS8LcJELpegZub5ggqLY8ZPYFQPjlK6IzLOm6rXPgZiZ3m\n" + 400 "RL0CAwEAAaNQME4wHQYDVR0OBBYEFA3dk8n+S701t+iZeJD721o92xVMMB8GA1Ud\n" + 401 "IwQYMBaAFA3dk8n+S701t+iZeJD721o92xVMMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" + 402 "hvcNAQELBQADggEBAJTRC3rKUUhVH07/1+stUungSYgpM08dY4utJq0BDk36BbmO\n" + 403 "0AnLDMbkwFdHEoqF6hQIfpm7SQTmXk0Fss6Eejm8ynYr6+EXiRAsaXOGOBCzF918\n" + 404 "/RuKOzqABfgSU4UBKECLM5bMfQTL60qx+HdbdVIpnikHZOFfmjCDVxoHsGyXc1LW\n" + 405 "Jhkht8IGOgc4PMGvyzTtRFjz01kvrVQZ75aN2E0GQv6dCxaEY0i3ypSzjUWAKqDh\n" + 406 "3e2OLwUSvumcdaxyCdZAOUsN6pDBQ+8VRG7KxnlRlY1SMEk46QgQYLbPDe/+W/yH\n" + 407 "ca4PejicPeh+9xRAwoTpiE2gulfT7Lm+fVM7Ruc=\n" + 408 "-----END CERTIFICATE-----", 409 // -----BEGIN PRIVATE KEY----- 410 // MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6THGO2lonlwxD 411 // Nf2CXyVtu2+J0SBWchGIRJaMhrCk7kIokI3PHKkWRTV3tr8M4gweCMkxJdB45eUB 412 // emWkBIbj888L0Jtab+uCq0V65o9xYrECvAeTli7cvcaesQ6rGjEaMjmyyvqCG9tE 413 // +X0pRHr5qNb2I54fAl9GM8eRq+cnumEhB0L2DlhMLPGndezpck6EdijHgvMOKqOq 414 // 7OfaVoOzMZ/b6NtiJg867QG0212womrN8ZRNAadIeZbsn/uVOFIJLKC/Qfa9qD+B 415 // qyzRFaCZOe7fJcGkdLqYr9wp0vC3CRC6XoGbm+YIKi2PGT2BUD45SuiMyzpuq1z4 416 // GYmd5kS9AgMBAAECggEAFHSoU2MuWwJ+2jJnb5U66t2V1bAcuOE1g5zkWvG/G5z9 417 // rq6Qo5kmB8f5ovdx6tw3MGUOklLwnRXBG3RxDJ1iokz3AvkY1clMNsDPlDsUrQKF 418 // JSO4QUBQTPSZhnsyfR8XHSU+qJ8Y+ohMfzpVv95BEoCzebtXdVgxVegBlcEmVHo2 419 // kMmkRN+bYNsr8eb2r+b0EpyumS39ZgKYh09+cFb78y3T6IFMGcVJTP6nlGBFkmA/ 420 // 25pYeCF2tSki08qtMJZQAvKfw0Kviibk7ZxRbJqmc7B1yfnOEHP6ftjuvKl2+RP/ 421 // +5P5f8CfIP6gtA0LwSzAqQX/hfIKrGV5j0pCqrD0kQKBgQDeNR6Xi4sXVq79lihO 422 // a1bSeV7r8yoQrS8x951uO+ox+UIZ1MsAULadl7zB/P0er92p198I9M/0Jth3KBuS 423 // zj45mucvpiiGvmQlMKMEfNq4nN7WHOu55kufPswQB2mR4J3xmwI+4fM/nl1zc82h 424 // De8JSazRldJXNhfx0RGFPmgzbwKBgQDWoVXrXLbCAn41oVnWB8vwY9wjt92ztDqJ 425 // HMFA/SUohjePep9UDq6ooHyAf/Lz6oE5NgeVpPfTDkgvrCFVKnaWdwALbYoKXT2W 426 // 9FlyJox6eQzrtHAacj3HJooXWuXlphKSizntfxj3LtMR9BmrmRJOfK+SxNOVJzW2 427 // +MowT20EkwKBgHmpB8jdZBgxI7o//m2BI5Y1UZ1KE5vx1kc7VXzHXSBjYqeV9FeF 428 // 2ZZLP9POWh/1Fh4pzTmwIDODGT2UPhSQy0zq3O0fwkyT7WzXRknsuiwd53u/dejg 429 // iEL2NPAJvulZ2+AuiHo5Z99LK8tMeidV46xoJDDUIMgTG+UQHNGhK5gNAoGAZn/S 430 // Cn7SgMC0CWSvBHnguULXZO9wH1wZAFYNLL44OqwuaIUFBh2k578M9kkke7woTmwx 431 // HxQTjmWpr6qimIuY6q6WBN8hJ2Xz/d1fwhYKzIp20zHuv5KDUlJjbFfqpsuy3u1C 432 // kts5zwI7pr1ObRbDGVyOdKcu7HI3QtR5qqyjwaUCgYABo7Wq6oHva/9V34+G3Goh 433 // 63bYGUnRw2l5BD11yhQv8XzGGZFqZVincD8gltNThB0Dc/BI+qu3ky4YdgdZJZ7K 434 // z51GQGtaHEbrHS5caV79yQ8QGY5mUVH3E+VXSxuIqb6pZq2DH4sTAEFHyncddmOH 435 // zoXBInYwRG9KE/Bw5elhUw== 436 // -----END PRIVATE KEY----- 437 438 // SHA256withDSA, 2048 bits 439 // Validity 440 // Not Before: May 22 07:18:18 2018 GMT 441 // Not After : May 17 07:18:18 2038 GMT 442 // Subject Key Identifier: 443 // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53 444 "-----BEGIN CERTIFICATE-----\n" + 445 "MIIErjCCBFSgAwIBAgIJAOktYLNCbr02MAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + 446 "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" + 447 "Y2UwHhcNMTgwNTIyMDcxODE4WhcNMzgwNTE3MDcxODE4WjA7MQswCQYDVQQGEwJV\n" + 448 "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Uw\n" + 449 "ggNHMIICOQYHKoZIzjgEATCCAiwCggEBAO5GyPhSm0ze3LSu+gicdULLj05iOfTL\n" + 450 "UvZQ29sYz41zmqrLBQbdKiHqgJu2Re9sgTb5suLNjF047TOLPnU3jhPtWm2X8Xzi\n" + 451 "VGIcHym/Q/MeZxStt/88seqroI3WOKzIML2GcrishT+lcGrtH36Tf1+ue2Snn3PS\n" + 452 "WyxygNqPjllP5uUjYmFLvAf4QLMldkd/D2VxcwsHjB8y5iUZsXezc/LEhRZS/02m\n" + 453 "ivqlRw3AMkq/OVe/ZtxFWsP0nsfxEGdZuaUFpppGfixxFvymrB3+J51cTt+pZBDq\n" + 454 "D2y0DYfc+88iCs4jwHTfcDIpLb538HBjBj2rEgtQESQmB0ooD/+wsPsCIQC1bYch\n" + 455 "gElNtDYL3FgpLgNSUYp7gIWv9ehaC7LO2z7biQKCAQBitvFOnDkUja8NAF7lDpOV\n" + 456 "b5ipQ8SicBLW3kQamxhyuyxgZyy/PojZ/oPorkqW/T/A0rhnG6MssEpAtdiwVB+c\n" + 457 "rBYGo3bcwmExJhdOJ6dYuKFppPWhCwKMHs9npK+lqBMl8l5j58xlcFeC7ZfGf8GY\n" + 458 "GkhFW0c44vEQhMMbac6ZTTP4mw+1t7xJfmDMlLEyIpTXaAAk8uoVLWzQWnR40sHi\n" + 459 "ybvS0u3JxQkb7/y8tOOZu8qlz/YOS7lQ6UxUGX27Ce1E0+agfPphetoRAlS1cezq\n" + 460 "Wa7r64Ga0nkj1kwkcRqjgTiJx0NwnUXr78VAXFhVF95+O3lfqhvdtEGtkhDGPg7N\n" + 461 "A4IBBgACggEBAMmSHQK0w2i+iqUjOPzn0yNEZrzepLlLeQ1tqtn0xnlv5vBAeefD\n" + 462 "Pm9dd3tZOjufVWP7hhEz8xPobb1CS4e3vuQiv5UBfhdPL3f3l9T7JMAKPH6C9Vve\n" + 463 "OQXE5eGqbjsySbcmseHoYUt1WCSnSda1opX8zchX04e7DhGfE2/L9flpYEoSt8lI\n" + 464 "vMNjgOwvKdW3yvPt1/eBBHYNFG5gWPv/Q5KoyCtHS03uqGm4rNc/wZTIEEfd66C+\n" + 465 "QRaUltjOaHmtwOdDHaNqwhYZSVOip+Mo+TfyzHFREcdHLapo7ZXqbdYkRGxRR3d+\n" + 466 "3DfHaraJO0OKoYlPkr3JMvM/MSGR9AnZOcejUDBOMB0GA1UdDgQWBBR2Zp73O91F\n" + 467 "5TvZcjw/8FQ5hjEmUzAfBgNVHSMEGDAWgBR2Zp73O91F5TvZcjw/8FQ5hjEmUzAM\n" + 468 "BgNVHRMEBTADAQH/MAsGCWCGSAFlAwQDAgNHADBEAiBzriYE41M2y9Hy5ppkL0Qn\n" + 469 "dIlNc8JhXT/PHW7GDtViagIgMko8Qoj9gDGPK3+O9E8DC3wGiiF9CObM4LN387ok\n" + 470 "J+g=\n" + 471 "-----END CERTIFICATE-----" 472 // -----BEGIN PRIVATE KEY----- 473 // MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQDuRsj4UptM3ty0rvoInHVCy49O 474 // Yjn0y1L2UNvbGM+Nc5qqywUG3Soh6oCbtkXvbIE2+bLizYxdOO0ziz51N44T7Vpt 475 // l/F84lRiHB8pv0PzHmcUrbf/PLHqq6CN1jisyDC9hnK4rIU/pXBq7R9+k39frntk 476 // p59z0lsscoDaj45ZT+blI2JhS7wH+ECzJXZHfw9lcXMLB4wfMuYlGbF3s3PyxIUW 477 // Uv9Npor6pUcNwDJKvzlXv2bcRVrD9J7H8RBnWbmlBaaaRn4scRb8pqwd/iedXE7f 478 // qWQQ6g9stA2H3PvPIgrOI8B033AyKS2+d/BwYwY9qxILUBEkJgdKKA//sLD7AiEA 479 // tW2HIYBJTbQ2C9xYKS4DUlGKe4CFr/XoWguyzts+24kCggEAYrbxTpw5FI2vDQBe 480 // 5Q6TlW+YqUPEonAS1t5EGpsYcrssYGcsvz6I2f6D6K5Klv0/wNK4ZxujLLBKQLXY 481 // sFQfnKwWBqN23MJhMSYXTienWLihaaT1oQsCjB7PZ6SvpagTJfJeY+fMZXBXgu2X 482 // xn/BmBpIRVtHOOLxEITDG2nOmU0z+JsPtbe8SX5gzJSxMiKU12gAJPLqFS1s0Fp0 483 // eNLB4sm70tLtycUJG+/8vLTjmbvKpc/2Dku5UOlMVBl9uwntRNPmoHz6YXraEQJU 484 // tXHs6lmu6+uBmtJ5I9ZMJHEao4E4icdDcJ1F6+/FQFxYVRfefjt5X6ob3bRBrZIQ 485 // xj4OzQQjAiEAsceWOM8do4etxp2zgnoNXV8PUUyqWhz1+0srcKV7FR4= 486 // -----END PRIVATE KEY----- 487 }; 488 489 // End entity certificate. 490 private final static String[] endEntityCertStrs = { 491 // SHA256withECDSA, curve prime256v1 492 // Validity 493 // Not Before: May 22 07:18:16 2018 GMT 494 // Not After : May 17 07:18:16 2038 GMT 495 // Authority Key Identifier: 496 // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 497 "-----BEGIN CERTIFICATE-----\n" + 498 "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + 499 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 500 "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" + 501 "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" + 502 "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" + 503 "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" + 504 "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" + 505 "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" + 506 "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" + 507 "-----END CERTIFICATE-----", 508 509 // SHA256withRSA, 2048 bits 510 // Validity 511 // Not Before: May 22 07:18:16 2018 GMT 512 // Not After : May 17 07:18:16 2038 GMT 513 // Authority Key Identifier: 514 // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C 515 "-----BEGIN CERTIFICATE-----\n" + 516 "MIIDNjCCAh6gAwIBAgIJAO2+yPcFryUTMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + 517 "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + 518 "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYT\n" + 519 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 520 "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n" + 521 "AQ8AMIIBCgKCAQEAszfBobWfZIp8AgC6PiWDDavP65mSvgCXUGxACbxVNAfkLhNR\n" + 522 "QOsHriRB3X1Q3nvO9PetC6wKlvE9jlnDDj7D+1j1r1CHO7ms1fq8rfcQYdkanDtu\n" + 523 "4AlHo8v+SSWX16MIXFRYDj2VVHmyPtgbltcg4zGAuwT746FdLI94uXjJjq1IOr/v\n" + 524 "0VIlwE5ORWH5Xc+5Tj+oFWK0E4a4GHDgtKKhn2m72hN56/GkPKGkguP5NRS1qYYV\n" + 525 "/EFkdyQMOV8J1M7HaicSft4OL6eKjTrgo93+kHk+tv0Dc6cpVBnalX3TorG8QI6B\n" + 526 "cHj1XQd78oAlAC+/jF4pc0mwi0un49kdK9gRfQIDAQABoyMwITAfBgNVHSMEGDAW\n" + 527 "gBQN3ZPJ/ku9NbfomXiQ+9taPdsVTDANBgkqhkiG9w0BAQsFAAOCAQEApXS0nKwm\n" + 528 "Kp8gpmO2yG1rpd1+2wBABiMU4JZaTqmma24DQ3RzyS+V2TeRb29dl5oTUEm98uc0\n" + 529 "GPZvhK8z5RFr4YE17dc04nI/VaNDCw4y1NALXGs+AHkjoPjLyGbWpi1S+gfq2sNB\n" + 530 "Ekkjp6COb/cb9yiFXOGVls7UOIjnVZVd0r7KaPFjZhYh82/f4PA/A1SnIKd1+nfH\n" + 531 "2yk7mSJNC7Z3qIVDL8MM/jBVwiC3uNe5GPB2uwhd7k5LGAVN3j4HQQGB0Sz+VC1h\n" + 532 "92oi6xDa+YBva2fvHuCd8P50DDjxmp9CemC7rnZ5j8egj88w14X44Xjb/Fd/ApG9\n" + 533 "e57NnbT7KM+Grw==\n" + 534 "-----END CERTIFICATE-----", 535 536 // SHA256withRSA, curv prime256v1 537 // Validity 538 // Not Before: May 22 07:18:16 2018 GMT 539 // Not After : May 21 07:18:16 2028 GMT 540 // Authority Key Identifier: 541 // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C 542 "-----BEGIN CERTIFICATE-----\n" + 543 "MIICazCCAVOgAwIBAgIJAO2+yPcFryUUMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + 544 "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + 545 "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0yODA1MjEwNzE4MTZaMFUxCzAJBgNVBAYT\n" + 546 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 547 "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" + 548 "AQcDQgAE59MERNTlVZ1eeps8Z3Oue5ZkgQdPtD+WIE6tj3PbIKpxGPDxvfNP959A\n" + 549 "yQjEK/ehWQVrCMmNoEkIzY+IIBgB06MjMCEwHwYDVR0jBBgwFoAUDd2Tyf5LvTW3\n" + 550 "6Jl4kPvbWj3bFUwwDQYJKoZIhvcNAQELBQADggEBAFOTVEqs70ykhZiIdrEsF1Ra\n" + 551 "I3B2rLvwXZk52uSltk2/bzVvewA577ZCoxQ1pL7ynkisPfBN1uVYtHjM1VA3RC+4\n" + 552 "+TAK78dnI7otYjWoHp5rvs4l6c/IbOspS290IlNuDUxMErEm5wxIwj+Aukx/1y68\n" + 553 "hOyCvHBLMY2c1LskH1MMBbDuS1aI+lnGpToi+MoYObxGcV458vxuT8+wwV8Fkpvd\n" + 554 "ll8IIFmeNPRv+1E+lXbES6CSNCVaZ/lFhPgdgYKleN7sfspiz50DG4dqafuEAaX5\n" + 555 "xaK1NWXJxTRz0ROH/IUziyuDW6jphrlgit4+3NCzp6vP9hAJQ8Vhcj0n15BKHIQ=\n" + 556 "-----END CERTIFICATE-----", 557 558 // SHA256withDSA, 2048 bits 559 // Validity 560 // Not Before: May 22 07:18:20 2018 GMT 561 // Not After : May 17 07:18:20 2038 GMT 562 // Authority Key Identifier: 563 // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53 564 "-----BEGIN CERTIFICATE-----\n" + 565 "MIIEnDCCBEGgAwIBAgIJAP/jh1qVhNVjMAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + 566 "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" + 567 "Y2UwHhcNMTgwNTIyMDcxODIwWhcNMzgwNTE3MDcxODIwWjBVMQswCQYDVQQGEwJV\n" + 568 "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Ux\n" + 569 "GDAWBgNVBAMMD1JlZ3Jlc3Npb24gVGVzdDCCA0cwggI6BgcqhkjOOAQBMIICLQKC\n" + 570 "AQEAmlavgoJrMcjqWRVcDE2dmWAPREgnzQvneEDef68cprDzjSwvOs5QeFyx75ib\n" + 571 "ado1e6jO/rW1prCGWHDD1oA/Tn4Pk3vu0nUxzvl1qATc+aJbpUU5Op0bvp6LbCsQ\n" + 572 "QslV9FeRh7Eb7bP6gpc/kHCBzEgC1VCK7prccXWy+t6SMOHbND3h+UbckfSaUuaV\n" + 573 "sVJNTD1D6GElfRj4Nmz1BGPfSYvKorwNZEU3gXwFgtDoAcGx7tcyClLpDHfqRfw/\n" + 574 "7yiqLyeiP7D4hl5lMNouJWDlAdMFp0FMgS3s9VDFinIcr6VtBWMTG7+4+czHAB+3\n" + 575 "fvrwlqNzhBn3uFHrekN/w8fNxwIhAJo7Sae1za7IMW0Q6hE5B4b+s2B/FaKPoA4E\n" + 576 "jtZu13B9AoIBAQCOZqLMKfvqZWUgT0PQ3QjR7dAFdd06I9Y3+TOQzZk1+j+vw/6E\n" + 577 "X4vFItX4gihb/u5Q9CdmpwhVGi7bvo+7+/IKeTgoQ6f5+PSug7SrWWUQ5sPwaZui\n" + 578 "zXZJ5nTeZDucFc2yFx0wgnjbPwiUxZklOT7xGiOMtzOTa2koCz5KuIBL+/wPKKxm\n" + 579 "ypo9VoY9xfbdU6LMXZv/lpD5XTM9rYHr/vUTNkukvV6Hpm0YMEWhVZKUJiqCqTqG\n" + 580 "XHaleOxSw6uQWB/+TznifcC7gB48UOQjCqOKf5VuwQneJLhlhU/jhRV3xtr+hLZa\n" + 581 "hW1wYhVi8cjLDrZFKlgEQqhB4crnJU0mJY+tA4IBBQACggEAID0ezl00/X8mv7eb\n" + 582 "bzovum1+DEEP7FM57k6HZEG2N3ve4CW+0m9Cd+cWPz8wkZ+M0j/Eqa6F0IdbkXEc\n" + 583 "Q7CuzvUyJ57xQ3L/WCgXsiS+Bh8O4Mz7GwW22CGmHqafbVv+hKBfr8MkskO6GJUt\n" + 584 "SUF/CVLzB4gMIvZMH26tBP2xK+i7FeEK9kT+nGdzQSZBAhFYpEVCBplHZO24/OYq\n" + 585 "1DNoU327nUuXIhmsfA8N0PjiWbIZIjTPwBGr9H0LpATI7DIDNcvRRvtROP+pBU9y\n" + 586 "fuykPkptg9C0rCM9t06bukpOSaEz/2VIQdLE8fHYFA6pHZ6CIc2+5cfvMgTPhcjz\n" + 587 "W2jCt6MjMCEwHwYDVR0jBBgwFoAUdmae9zvdReU72XI8P/BUOYYxJlMwCwYJYIZI\n" + 588 "AWUDBAMCA0gAMEUCIQCeI5fN08b9BpOaHdc3zQNGjp24FOL/RxlBLeBAorswJgIg\n" + 589 "JEZ8DhYxQy1O7mmZ2UIT7op6epWMB4dENjs0qWPmcKo=\n" + 590 "-----END CERTIFICATE-----" 591 }; 592 593 // Private key in the format of PKCS#8. 594 private final static String[] endEntityPrivateKeys = { 595 // 596 // EC private key related to cert endEntityCertStrs[0]. 597 // 598 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" + 599 "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" + 600 "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6", 601 602 // 603 // RSA private key related to cert endEntityCertStrs[1]. 604 // 605 "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzN8GhtZ9kinwC\n" + 606 "ALo+JYMNq8/rmZK+AJdQbEAJvFU0B+QuE1FA6weuJEHdfVDee870960LrAqW8T2O\n" + 607 "WcMOPsP7WPWvUIc7uazV+ryt9xBh2RqcO27gCUejy/5JJZfXowhcVFgOPZVUebI+\n" + 608 "2BuW1yDjMYC7BPvjoV0sj3i5eMmOrUg6v+/RUiXATk5FYfldz7lOP6gVYrQThrgY\n" + 609 "cOC0oqGfabvaE3nr8aQ8oaSC4/k1FLWphhX8QWR3JAw5XwnUzsdqJxJ+3g4vp4qN\n" + 610 "OuCj3f6QeT62/QNzpylUGdqVfdOisbxAjoFwePVdB3vygCUAL7+MXilzSbCLS6fj\n" + 611 "2R0r2BF9AgMBAAECggEASIkPkMCuw4WdTT44IwERus3IOIYOs2IP3BgEDyyvm4B6\n" + 612 "JP/iihDWKfA4zEl1Gqcni1RXMHswSglXra682J4kui02Ov+vzEeJIY37Ibn2YnP5\n" + 613 "ZjRT2s9GtI/S2o4hl8A/mQb2IMViFC+xKehTukhV4j5d6NPKk0XzLR7gcMjnYxwn\n" + 614 "l21fS6D2oM1xRG/di7sL+uLF8EXLRzfiWDNi12uQv4nwtxPKvuKhH6yzHt7YqMH0\n" + 615 "46pmDKDaxV4w1JdycjCb6NrCJOYZygoQobuZqOQ30UZoZsPJrtovkncFr1e+lNcO\n" + 616 "+aWDfOLCtTH046dEQh5oCShyXMybNlry/QHsOtHOwQKBgQDh2iIjs+FPpQy7Z3EX\n" + 617 "DGEvHYqPjrYO9an2KSRr1m9gzRlWYxKY46WmPKwjMerYtra0GP+TBHrgxsfO8tD2\n" + 618 "wUAII6sd1qup0a/Sutgf2JxVilLykd0+Ge4/Cs51tCdJ8EqDV2B6WhTewOY2EGvg\n" + 619 "JiKYkeNwgRX/9M9CFSAMAk0hUQKBgQDLJAartL3DoGUPjYtpJnfgGM23yAGl6G5r\n" + 620 "NSXDn80BiYIC1p0bG3N0xm3yAjqOtJAUj9jZbvDNbCe3GJfLARMr23legX4tRrgZ\n" + 621 "nEdKnAFKAKL01oM+A5/lHdkwaZI9yyv+hgSVdYzUjB8rDmzeVQzo1BT7vXypt2yV\n" + 622 "6O1OnUpCbQKBgA/0rzDChopv6KRcvHqaX0tK1P0rYeVQqb9ATNhpf9jg5Idb3HZ8\n" + 623 "rrk91BNwdVz2G5ZBpdynFl9G69rNAMJOCM4KZw5mmh4XOEq09Ivba8AHU7DbaTv3\n" + 624 "7QL7KnbaUWRB26HHzIMYVh0el6T+KADf8NXCiMTr+bfpfbL3dxoiF3zhAoGAbCJD\n" + 625 "Qse1dBs/cKYCHfkSOsI5T6kx52Tw0jS6Y4X/FOBjyqr/elyEexbdk8PH9Ar931Qr\n" + 626 "NKMvn8oA4iA/PRrXX7M2yi3YQrWwbkGYWYjtzrzEAdzmg+5eARKAeJrZ8/bg9l3U\n" + 627 "ttKaItJsDPlizn8rngy3FsJpR9aSAMK6/+wOiYkCgYEA1tZkI1rD1W9NYZtbI9BE\n" + 628 "qlJVFi2PBOJMKNuWdouPX3HLQ72GJSQff2BFzLTELjweVVJ0SvY4IipzpQOHQOBy\n" + 629 "5qh/p6izXJZh3IHtvwVBjHoEVplg1b2+I5e3jDCfqnwcQw82dW5SxOJMg1h/BD0I\n" + 630 "qAL3go42DYeYhu/WnECMeis=", 631 632 // 633 // EC private key related to cert endEntityCertStrs[2]. 634 // 635 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGVc7hICpmp91jbYe\n" + 636 "nrr8nYHD37RZP3VENY+szuA7WjuhRANCAATn0wRE1OVVnV56mzxnc657lmSBB0+0\n" + 637 "P5YgTq2Pc9sgqnEY8PG980/3n0DJCMQr96FZBWsIyY2gSQjNj4ggGAHT", 638 639 // 640 // DSA private key related to cert endEntityCertStrs[3]. 641 // 642 "MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQCaVq+CgmsxyOpZFVwMTZ2ZYA9E\n" + 643 "SCfNC+d4QN5/rxymsPONLC86zlB4XLHvmJtp2jV7qM7+tbWmsIZYcMPWgD9Ofg+T\n" + 644 "e+7SdTHO+XWoBNz5olulRTk6nRu+notsKxBCyVX0V5GHsRvts/qClz+QcIHMSALV\n" + 645 "UIrumtxxdbL63pIw4ds0PeH5RtyR9JpS5pWxUk1MPUPoYSV9GPg2bPUEY99Ji8qi\n" + 646 "vA1kRTeBfAWC0OgBwbHu1zIKUukMd+pF/D/vKKovJ6I/sPiGXmUw2i4lYOUB0wWn\n" + 647 "QUyBLez1UMWKchyvpW0FYxMbv7j5zMcAH7d++vCWo3OEGfe4Uet6Q3/Dx83HAiEA\n" + 648 "mjtJp7XNrsgxbRDqETkHhv6zYH8Voo+gDgSO1m7XcH0CggEBAI5moswp++plZSBP\n" + 649 "Q9DdCNHt0AV13Toj1jf5M5DNmTX6P6/D/oRfi8Ui1fiCKFv+7lD0J2anCFUaLtu+\n" + 650 "j7v78gp5OChDp/n49K6DtKtZZRDmw/Bpm6LNdknmdN5kO5wVzbIXHTCCeNs/CJTF\n" + 651 "mSU5PvEaI4y3M5NraSgLPkq4gEv7/A8orGbKmj1Whj3F9t1Tosxdm/+WkPldMz2t\n" + 652 "gev+9RM2S6S9XoembRgwRaFVkpQmKoKpOoZcdqV47FLDq5BYH/5POeJ9wLuAHjxQ\n" + 653 "5CMKo4p/lW7BCd4kuGWFT+OFFXfG2v6EtlqFbXBiFWLxyMsOtkUqWARCqEHhyucl\n" + 654 "TSYlj60EIgIgLfA75+8KcKxdN8mr6gzGjQe7jPFGG42Ejhd7Q2F4wuw=" 655 }; 656 657 // Private key algorithm of endEntityPrivateKeys. 658 private final static String[] endEntityPrivateKeyAlgs = { 659 "EC", 660 "RSA", 661 "EC", 662 "DSA", 663 }; 664 665 // Private key names of endEntityPrivateKeys. 666 private final static String[] endEntityPrivateKeyNames = { 667 "ecdsa", 668 "rsa", 669 "ec-rsa", 670 "dsa", 671 }; 672 673 /* 674 * Create an instance of SSLContext with the specified trust/key materials. 675 */ 676 private SSLContext createSSLContext( 677 String[] trustedMaterials, 678 String[] keyMaterialCerts, 679 String[] keyMaterialKeys, 680 String[] keyMaterialKeyAlgs, 681 String[] keyMaterialKeyNames, 682 ContextParameters params) throws Exception { 683 684 KeyStore ts = null; // trust store 685 KeyStore ks = null; // key store 686 char passphrase[] = "passphrase".toCharArray(); 687 688 // Generate certificate from cert string. 689 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 690 691 // Import the trused certs. 692 ByteArrayInputStream is; 693 if (trustedMaterials != null && trustedMaterials.length != 0) { 694 ts = KeyStore.getInstance("JKS"); 695 ts.load(null, null); 696 697 Certificate[] trustedCert = 698 new Certificate[trustedMaterials.length]; 699 for (int i = 0; i < trustedMaterials.length; i++) { 700 String trustedCertStr = trustedMaterials[i]; 701 702 is = new ByteArrayInputStream(trustedCertStr.getBytes()); 703 try { 704 trustedCert[i] = cf.generateCertificate(is); 705 } finally { 706 is.close(); 707 } 708 709 ts.setCertificateEntry("trusted-cert-" + i, trustedCert[i]); 710 } 711 } 712 713 // Import the key materials. 714 // 715 // Note that certification pathes bigger than one are not supported yet. 716 boolean hasKeyMaterials = 717 (keyMaterialCerts != null) && (keyMaterialCerts.length != 0) && 718 (keyMaterialKeys != null) && (keyMaterialKeys.length != 0) && 719 (keyMaterialKeyAlgs != null) && (keyMaterialKeyAlgs.length != 0) && 720 (keyMaterialCerts.length == keyMaterialKeys.length) && 721 (keyMaterialCerts.length == keyMaterialKeyAlgs.length); 722 if (hasKeyMaterials) { 723 ks = KeyStore.getInstance("JKS"); 724 ks.load(null, null); 725 726 for (int i = 0; i < keyMaterialCerts.length; i++) { 727 String keyCertStr = keyMaterialCerts[i]; 728 729 // generate the private key. 730 PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( 731 Base64.getMimeDecoder().decode(keyMaterialKeys[i])); 732 KeyFactory kf = 733 KeyFactory.getInstance(keyMaterialKeyAlgs[i]); 734 PrivateKey priKey = kf.generatePrivate(priKeySpec); 735 736 // generate certificate chain 737 is = new ByteArrayInputStream(keyCertStr.getBytes()); 738 Certificate keyCert = null; 739 try { 740 keyCert = cf.generateCertificate(is); 741 } finally { 742 is.close(); 743 } 744 745 Certificate[] chain = new Certificate[] { keyCert }; 746 747 // import the key entry. 748 ks.setKeyEntry("cert-" + keyMaterialKeyNames[i], 749 priKey, passphrase, chain); 750 } 751 } 752 753 // Create an SSLContext object. 754 TrustManagerFactory tmf = 755 TrustManagerFactory.getInstance(params.tmAlgorithm); 756 tmf.init(ts); 757 758 SSLContext context = SSLContext.getInstance(params.contextProtocol); 759 if (hasKeyMaterials && ks != null) { 760 KeyManagerFactory kmf = 761 KeyManagerFactory.getInstance(params.kmAlgorithm); 762 kmf.init(ks, passphrase); 763 764 context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 765 } else { 766 context.init(null, tmf.getTrustManagers(), null); 767 } 768 769 return context; 770 } 771 772 /* 773 * ================================================= 774 * Stuffs to boot up the client-server mode testing. 775 */ 776 private Thread clientThread = null; 777 private Thread serverThread = null; 778 private volatile Exception serverException = null; 779 private volatile Exception clientException = null; 780 781 /* 782 * Should we run the client or server in a separate thread? 783 * Both sides can throw exceptions, but do you have a preference 784 * as to which side should be the main thread. 785 */ 786 private static final boolean separateServerThread = false; 787 788 /* 789 * Boot up the testing, used to drive remainder of the test. 790 */ 791 private void bootup() throws Exception { 792 Exception startException = null; 793 try { 794 if (separateServerThread) { 795 startServer(true); 796 startClient(false); 797 } else { 798 startClient(true); 799 startServer(false); 800 } 801 } catch (Exception e) { 802 startException = e; 803 } 804 805 /* 806 * Wait for other side to close down. 807 */ 808 if (separateServerThread) { 809 if (serverThread != null) { 810 serverThread.join(); 811 } 812 } else { 813 if (clientThread != null) { 814 clientThread.join(); 815 } 816 } 817 818 /* 819 * When we get here, the test is pretty much over. 820 * Which side threw the error? 821 */ 822 Exception local; 823 Exception remote; 824 825 if (separateServerThread) { 826 remote = serverException; 827 local = clientException; 828 } else { 829 remote = clientException; 830 local = serverException; 831 } 832 833 Exception exception = null; 834 835 /* 836 * Check various exception conditions. 837 */ 838 if ((local != null) && (remote != null)) { 839 // If both failed, return the curthread's exception. 840 local.initCause(remote); 841 exception = local; 842 } else if (local != null) { 843 exception = local; 844 } else if (remote != null) { 845 exception = remote; 846 } else if (startException != null) { 847 exception = startException; 848 } 849 850 /* 851 * If there was an exception *AND* a startException, 852 * output it. 853 */ 854 if (exception != null) { 855 if (exception != startException && startException != null) { 856 exception.addSuppressed(startException); 857 } 858 throw exception; 859 } 860 861 // Fall-through: no exception to throw! 862 } 863 864 private void startServer(boolean newThread) throws Exception { 865 if (newThread) { 866 serverThread = new Thread() { 867 @Override 868 public void run() { 869 try { 870 doServerSide(); 871 } catch (Exception e) { 872 /* 873 * Our server thread just died. 874 * 875 * Release the client, if not active already... 876 */ 877 logException("Server died", e); 878 serverException = e; 879 } 880 } 881 }; 882 serverThread.start(); 883 } else { 884 try { 885 doServerSide(); 886 } catch (Exception e) { 887 logException("Server failed", e); 888 serverException = e; 889 } 890 } 891 } 892 893 private void startClient(boolean newThread) throws Exception { 894 if (newThread) { 895 clientThread = new Thread() { 896 @Override 897 public void run() { 898 try { 899 doClientSide(); 900 } catch (Exception e) { 901 /* 902 * Our client thread just died. 903 */ 904 logException("Client died", e); 905 clientException = e; 906 } 907 } 908 }; 909 clientThread.start(); 910 } else { 911 try { 912 doClientSide(); 913 } catch (Exception e) { 914 logException("Client failed", e); 915 clientException = e; 916 } 917 } 918 } 919 920 private synchronized void logException(String prefix, Throwable cause) { 921 System.out.println(prefix + ": " + cause); 922 cause.printStackTrace(System.out); 923 } 924 }