1/* 2 * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24// 25// Please run in othervm mode. SunJSSE does not support dynamic system 26// properties, no way to re-use system properties in samevm/agentvm mode. 27// 28 29/* 30 * @test 31 * @bug 8161106 8170329 32 * @modules jdk.crypto.ec 33 * @summary Improve SSLSocket test template 34 * @run main/othervm SSLSocketTemplate 35 */ 36 37import java.io.ByteArrayInputStream; 38import java.io.InputStream; 39import java.io.IOException; 40import java.io.OutputStream; 41import javax.net.ssl.KeyManagerFactory; 42import javax.net.ssl.SSLContext; 43import javax.net.ssl.SSLServerSocket; 44import javax.net.ssl.SSLServerSocketFactory; 45import javax.net.ssl.SSLSocket; 46import javax.net.ssl.SSLSocketFactory; 47import javax.net.ssl.TrustManagerFactory; 48import java.net.InetSocketAddress; 49import java.net.SocketTimeoutException; 50import java.security.KeyStore; 51import java.security.PrivateKey; 52import java.security.KeyFactory; 53import java.security.cert.Certificate; 54import java.security.cert.CertificateFactory; 55import java.security.spec.PKCS8EncodedKeySpec; 56import java.util.Base64; 57 58import java.util.concurrent.CountDownLatch; 59import java.util.concurrent.TimeUnit; 60 61/** 62 * Template to help speed your client/server tests. 63 * 64 * Two examples that use this template: 65 * test/sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java 66 * test/sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java 67 */ 68public class SSLSocketTemplate { 69 70 /* 71 * ================== 72 * Run the test case. 73 */ 74 public static void main(String[] args) throws Exception { 75 (new SSLSocketTemplate()).run(); 76 } 77 78 /* 79 * Run the test case. 80 */ 81 public void run() throws Exception { 82 bootup(); 83 } 84 85 /* 86 * Define the server side application of the test for the specified socket. 87 */ 88 protected void runServerApplication(SSLSocket socket) throws Exception { 89 // here comes the test logic 90 InputStream sslIS = socket.getInputStream(); 91 OutputStream sslOS = socket.getOutputStream(); 92 93 sslIS.read(); 94 sslOS.write(85); 95 sslOS.flush(); 96 } 97 98 /* 99 * Define the client side application of the test for the specified socket. 100 * This method is used if the returned value of 101 * isCustomizedClientConnection() is false. 102 * 103 * @param socket may be null is no client socket is generated. 104 * 105 * @see #isCustomizedClientConnection() 106 */ 107 protected void runClientApplication(SSLSocket socket) throws Exception { 108 InputStream sslIS = socket.getInputStream(); 109 OutputStream sslOS = socket.getOutputStream(); 110 111 sslOS.write(280); 112 sslOS.flush(); 113 sslIS.read(); 114 } 115 116 /* 117 * Define the client side application of the test for the specified 118 * server port. This method is used if the returned value of 119 * isCustomizedClientConnection() is true. 120 * 121 * Note that the client need to connect to the server port by itself 122 * for the actual message exchange. 123 * 124 * @see #isCustomizedClientConnection() 125 */ 126 protected void runClientApplication(int serverPort) throws Exception { 127 // blank 128 } 129 130 /* 131 * Create an instance of SSLContext for client use. 132 */ 133 protected SSLContext createClientSSLContext() throws Exception { 134 return createSSLContext(trustedCertStrs, 135 endEntityCertStrs, endEntityPrivateKeys, 136 endEntityPrivateKeyNames, 137 getClientContextParameters()); 138 } 139 140 /* 141 * Create an instance of SSLContext for server use. 142 */ 143 protected SSLContext createServerSSLContext() throws Exception { 144 return createSSLContext(trustedCertStrs, 145 endEntityCertStrs, endEntityPrivateKeys, 146 endEntityPrivateKeyNames, 147 getServerContextParameters()); 148 } 149 150 /* 151 * The parameters used to configure SSLContext. 152 */ 153 protected static final class ContextParameters { 154 final String contextProtocol; 155 final String tmAlgorithm; 156 final String kmAlgorithm; 157 158 ContextParameters(String contextProtocol, 159 String tmAlgorithm, String kmAlgorithm) { 160 161 this.contextProtocol = contextProtocol; 162 this.tmAlgorithm = tmAlgorithm; 163 this.kmAlgorithm = kmAlgorithm; 164 } 165 } 166 167 /* 168 * Get the client side parameters of SSLContext. 169 */ 170 protected ContextParameters getClientContextParameters() { 171 return new ContextParameters("TLS", "PKIX", "NewSunX509"); 172 } 173 174 /* 175 * Get the server side parameters of SSLContext. 176 */ 177 protected ContextParameters getServerContextParameters() { 178 return new ContextParameters("TLS", "PKIX", "NewSunX509"); 179 } 180 181 /* 182 * Does the client side use customized connection other than 183 * explicit Socket.connect(), for example, URL.openConnection()? 184 */ 185 protected boolean isCustomizedClientConnection() { 186 return false; 187 } 188 189 /* 190 * Configure the server side socket. 191 */ 192 protected void configureServerSocket(SSLServerSocket socket) { 193 194 } 195 196 /* 197 * ============================================= 198 * Define the client and server side operations. 199 * 200 * If the client or server is doing some kind of object creation 201 * that the other side depends on, and that thread prematurely 202 * exits, you may experience a hang. The test harness will 203 * terminate all hung threads after its timeout has expired, 204 * currently 3 minutes by default, but you might try to be 205 * smart about it.... 206 */ 207 208 /* 209 * Is the server ready to serve? 210 */ 211 private final CountDownLatch serverCondition = new CountDownLatch(1); 212 213 /* 214 * Is the client ready to handshake? 215 */ 216 private final CountDownLatch clientCondition = new CountDownLatch(1); 217 218 /* 219 * What's the server port? Use any free port by default 220 */ 221 private volatile int serverPort = 0; 222 223 /* 224 * Define the server side of the test. 225 */ 226 private void doServerSide() throws Exception { 227 // kick start the server side service 228 SSLContext context = createServerSSLContext(); 229 SSLServerSocketFactory sslssf = context.getServerSocketFactory(); 230 SSLServerSocket sslServerSocket = 231 (SSLServerSocket)sslssf.createServerSocket(serverPort); 232 configureServerSocket(sslServerSocket); 233 serverPort = sslServerSocket.getLocalPort(); 234 235 // Signal the client, the server is ready to accept connection. 236 serverCondition.countDown(); 237 238 // Try to accept a connection in 30 seconds. 239 SSLSocket sslSocket; 240 try { 241 sslServerSocket.setSoTimeout(30000); 242 sslSocket = (SSLSocket)sslServerSocket.accept(); 243 } catch (SocketTimeoutException ste) { 244 // Ignore the test case if no connection within 30 seconds. 245 System.out.println( 246 "No incoming client connection in 30 seconds. " + 247 "Ignore in server side."); 248 return; 249 } finally { 250 sslServerSocket.close(); 251 } 252 253 // handle the connection 254 try { 255 // Is it the expected client connection? 256 // 257 // Naughty test cases or third party routines may try to 258 // connection to this server port unintentionally. In 259 // order to mitigate the impact of unexpected client 260 // connections and avoid intermittent failure, it should 261 // be checked that the accepted connection is really linked 262 // to the expected client. 263 boolean clientIsReady = 264 clientCondition.await(30L, TimeUnit.SECONDS); 265 266 if (clientIsReady) { 267 // Run the application in server side. 268 runServerApplication(sslSocket); 269 } else { // Otherwise, ignore 270 // We don't actually care about plain socket connections 271 // for TLS communication testing generally. Just ignore 272 // the test if the accepted connection is not linked to 273 // the expected client or the client connection timeout 274 // in 30 seconds. 275 System.out.println( 276 "The client is not the expected one or timeout. " + 277 "Ignore in server side."); 278 } 279 } finally { 280 sslSocket.close(); 281 } 282 } 283 284 /* 285 * Define the client side of the test. 286 */ 287 private void doClientSide() throws Exception { 288 289 // Wait for server to get started. 290 // 291 // The server side takes care of the issue if the server cannot 292 // get started in 90 seconds. The client side would just ignore 293 // the test case if the serer is not ready. 294 boolean serverIsReady = 295 serverCondition.await(90L, TimeUnit.SECONDS); 296 if (!serverIsReady) { 297 System.out.println( 298 "The server is not ready yet in 90 seconds. " + 299 "Ignore in client side."); 300 return; 301 } 302 303 if (isCustomizedClientConnection()) { 304 // Signal the server, the client is ready to communicate. 305 clientCondition.countDown(); 306 307 // Run the application in client side. 308 runClientApplication(serverPort); 309 310 return; 311 } 312 313 SSLContext context = createClientSSLContext(); 314 SSLSocketFactory sslsf = context.getSocketFactory(); 315 316 try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) { 317 try { 318 sslSocket.connect( 319 new InetSocketAddress("localhost", serverPort), 15000); 320 } catch (IOException ioe) { 321 // The server side may be impacted by naughty test cases or 322 // third party routines, and cannot accept connections. 323 // 324 // Just ignore the test if the connection cannot be 325 // established. 326 System.out.println( 327 "Cannot make a connection in 15 seconds. " + 328 "Ignore in client side."); 329 return; 330 } 331 332 // OK, here the client and server get connected. 333 334 // Signal the server, the client is ready to communicate. 335 clientCondition.countDown(); 336 337 // There is still a chance in theory that the server thread may 338 // wait client-ready timeout and then quit. The chance should 339 // be really rare so we don't consider it until it becomes a 340 // real problem. 341 342 // Run the application in client side. 343 runClientApplication(sslSocket); 344 } 345 } 346 347 /* 348 * ============================================= 349 * Stuffs to customize the SSLContext instances. 350 */ 351 352 /* 353 * ======================================= 354 * Certificates and keys used in the test. 355 */ 356 // Trusted certificates. 357 private final static String[] trustedCertStrs = { 358 // SHA256withECDSA, curve prime256v1 359 // Validity 360 // Not Before: Nov 25 04:19:51 2016 GMT 361 // Not After : Nov 5 04:19:51 2037 GMT 362 // Subject Key Identifier: 363 // CA:48:E8:00:C1:42:BD:59:9B:79:D9:B4:B4:CE:3F:68:0C:C8:C4:0C 364 "-----BEGIN CERTIFICATE-----\n" + 365 "MIICHDCCAcGgAwIBAgIJAJtKs6ZEcVjxMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + 366 "AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 367 "ZTAeFw0xNjExMjUwNDE5NTFaFw0zNzExMDUwNDE5NTFaMDsxCzAJBgNVBAYTAlVT\n" + 368 "MQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" + 369 "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABKMO/AFDHZia65RaqMIBX7WBdtzFj8fz\n" + 370 "ggqMADLJhoszS6qfTUDYskETw3uHfB3KAOENsoKX446qFFPuVjxS1aejga0wgaow\n" + 371 "HQYDVR0OBBYEFMpI6ADBQr1Zm3nZtLTOP2gMyMQMMGsGA1UdIwRkMGKAFMpI6ADB\n" + 372 "Qr1Zm3nZtLTOP2gMyMQMoT+kPTA7MQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2\n" + 373 "YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2WCCQCbSrOmRHFY8TAPBgNV\n" + 374 "HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNJADBGAiEA5cJ/\n" + 375 "jirBbXxzpZ6kdp/Zb/yrIBnr4jiPGJTLgRTb8s4CIQChUDfP1Zqg0qJVfqFNaL4V\n" + 376 "a0EAeJHXGZnvCGGqHzoxkg==\n" + 377 "-----END CERTIFICATE-----", 378 379 // SHA256withRSA, 2048 bits 380 // Validity 381 // Not Before: Nov 25 04:20:02 2016 GMT 382 // Not After : Nov 5 04:20:02 2037 GMT 383 // Subject Key Identifier: 384 // A2:DC:55:38:E4:47:7C:8B:D3:E0:CA:FA:AD:3A:C8:4A:DD:12:A0:8E 385 "-----BEGIN CERTIFICATE-----\n" + 386 "MIIDpzCCAo+gAwIBAgIJAO586A+hYNXaMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + 387 "BAYTAlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2Vy\n" + 388 "aXZjZTAeFw0xNjExMjUwNDIwMDJaFw0zNzExMDUwNDIwMDJaMDsxCzAJBgNVBAYT\n" + 389 "AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 390 "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMm3veDSU4zKXO0aAHos\n" + 391 "cFRXGLBTe+MUJXAtlkNyx7VKaMZNt5wrUuqzyi/r0LFUdRfNCzZf3X8s8HPHQVii\n" + 392 "29tK0y/yeTn4sJTATSmGaAysMJQpKQcfAQ79ItcEGQ721TFQZ3kOBdgp3t/yUYAP\n" + 393 "K2tFze/QbIw72LE52SBnPPPTzyimNw7Ai2MLl4eQlyMkTs7JS07zIiAO5QYbS8s+\n" + 394 "1NW0A3Y+d0B0q8wYEoHGq7QVjOKlSAksfO0tzi4l0Zu6Uf+J5kMAyZ4ZFgEJvGvw\n" + 395 "y/OKJ+soRFH/5cy1SL8B6AWD1y7WXugeeHTHRW1eOjTxqfG1rZqTVd2lfOMER8y1\n" + 396 "bXcCAwEAAaOBrTCBqjAdBgNVHQ4EFgQUotxVOORHfIvT4Mr6rTrISt0SoI4wawYD\n" + 397 "VR0jBGQwYoAUotxVOORHfIvT4Mr6rTrISt0SoI6hP6Q9MDsxCzAJBgNVBAYTAlVT\n" + 398 "MQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZjZYIJ\n" + 399 "AO586A+hYNXaMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3\n" + 400 "DQEBCwUAA4IBAQAtNZJSFeFU6Yid0WSCs2qLAVaTyHsUNSUPUFIIhFAKxdP4DFS0\n" + 401 "+aeOFwdqizAU3kReAYULsfwEBgO51lPBSpB+9coUNQwu7cc8Q5Xqw/llRB0PrINS\n" + 402 "pZl7PW6Ur2ExTBocnUT9A/nhm8iO4PFD/Ly11sf5OdZihhX69NJ2h3a3gcrLjIpO\n" + 403 "L/ewTOgSi5xs+AGGQa+huN3YVL7dh+/rCUvMZVSBX5PloxWS5MMJi0Ui6YjwCFGO\n" + 404 "J4G9m7pI+gJs/x1UG0AgplMF2UCFfiY1SAeE2nKAeOOXAXEwEjFy0ToVTmqXx7fg\n" + 405 "m9YjhuePxlBrd2DF/YW0pc8gmLnrtm4rKPLz\n" + 406 "-----END CERTIFICATE-----", 407 408 // SHA256withDSA, 2048 bits 409 // Validity 410 // Not Before: Nov 25 04:19:56 2016 GMT 411 // Not After : Nov 5 04:19:56 2037 GMT 412 // Subject Key Identifier: 413 // 19:46:10:43:24:6A:A5:14:BE:E2:92:01:79:F0:4C:5F:E1:AE:81:B5 414 "-----BEGIN CERTIFICATE-----\n" + 415 "MIIFCzCCBLGgAwIBAgIJAOnEn6YZD/sAMAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + 416 "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + 417 "Y2UwHhcNMTYxMTI1MDQxOTU2WhcNMzcxMTA1MDQxOTU2WjA7MQswCQYDVQQGEwJV\n" + 418 "UzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2Uw\n" + 419 "ggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJa17ZYdIChv5yeYuPK3zXxgUEGGsdUD\n" + 420 "AzfQUxtMryCtc3aNgWLxsN1/QYvp9v+hh4twnG20VemCEH9Qlx06Pxg74DwSOA83\n" + 421 "SecO2y7cdgmrHpep9drxKbXVZafwBhbTSwhV+IDO7EO6+LaRvZuya/YOqNIE9ENx\n" + 422 "FVk0NrNsDB6pfDEXZsCZALMN2mcl8KGn1q7vdzJQUEV7F6uLGP33znVfmQyWJH3Y\n" + 423 "W09WVCFXHvDzZHGXDO2O2QwIU1B5AsXnOGeLnKgXzErCoNKwUbVFP0W0OVeJo4pc\n" + 424 "ZfL/8TVELGG90AuuH1V3Gsq6PdzCDPw4Uv/v5m7/6kwXqBQxAJA7jhMCIQCORIGV\n" + 425 "mHy5nBLRhIP4vC7vsTxb4CTApPVmZeL5gTIwtQKCAQB2VZLY22k2+IQM6deRGK3L\n" + 426 "l7tPChGrKnGmTbtUThIza70Sp9DmTBiLzMEY+IgG8kYuT5STVxWjs0cxXCKZGMQW\n" + 427 "tioMtiXPA2M3HA0/8E0mDLSmzb0RAd2xxnDyGsuqo1eVmx7PLjN3bn3EjhD/+j3d\n" + 428 "Jx3ZVScMGyq7sVWppUvpudEXi+2etf6GUHjrcX27juo7u4zQ1ezC/HYG1H+jEFqG\n" + 429 "hdQ6b7H+LBHZH9LegOyIZTMrzAY/TwIr77sXrNJWRoxmDErKB+8bRDybYhNJswlZ\n" + 430 "m0N5YYUlPmepgbl6XzwCv0y0d81h3bayqIPLXEUtRAl9GuM0hNAlA1Y+qSn9xLFY\n" + 431 "A4IBBQACggEAZgWC0uflwqQQP1GRU1tolmFZwyVtKre7SjYgCeQBrOa0Xnj/SLaD\n" + 432 "g1HZ1oH0hccaR/45YouJiCretbbsQ77KouldGSGqTHJgRL75Y2z5uvxa60+YxZ0Z\n" + 433 "v8xvZnj4seyOjgJLxSSYSPl5n/F70RaNiCLVz/kGe6OQ8KoAeQjdDTOHXCegO9KX\n" + 434 "tvhM7EaYc8CII9OIR7S7PXJW0hgLKynZcu/Unh02aM0ABh/uLmw1+tvo8e8KTp98\n" + 435 "NKYSVf6kV3/ya58n4h64UbIYL08JoKUM/5SFETcKAZTU0YKZbpWTM79oJMr8oYVk\n" + 436 "P9jKitNsXq0Xkzt5dSO0kfu/kM7zpnaFsqOBrTCBqjAdBgNVHQ4EFgQUGUYQQyRq\n" + 437 "pRS+4pIBefBMX+GugbUwawYDVR0jBGQwYoAUGUYQQyRqpRS+4pIBefBMX+GugbWh\n" + 438 "P6Q9MDsxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5K\n" + 439 "U1NFIFRlc3QgU2VyaXZjZYIJAOnEn6YZD/sAMA8GA1UdEwEB/wQFMAMBAf8wCwYD\n" + 440 "VR0PBAQDAgEGMAsGCWCGSAFlAwQDAgNHADBEAiAwBafz5RRR9nc4cCYoYuBlT/D9\n" + 441 "9eayhkjhBY/zYunypwIgNp/JnFR88/T4hh36QfSKBGXId9RBCM6uaOkOKnEGkps=\n" + 442 "-----END CERTIFICATE-----" 443 }; 444 445 // End entity certificate. 446 private final static String[] endEntityCertStrs = { 447 // SHA256withECDSA, curve prime256v1 448 // Validity 449 // Not Before: Nov 25 04:19:51 2016 GMT 450 // Not After : Aug 12 04:19:51 2036 GMT 451 // Authority Key Identifier: 452 // CA:48:E8:00:C1:42:BD:59:9B:79:D9:B4:B4:CE:3F:68:0C:C8:C4:0C 453 "-----BEGIN CERTIFICATE-----\n" + 454 "MIIB1zCCAXygAwIBAgIJAPFq2QL/nUNZMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + 455 "AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 456 "ZTAeFw0xNjExMjUwNDE5NTFaFw0zNjA4MTIwNDE5NTFaMFUxCzAJBgNVBAYTAlVT\n" + 457 "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" + 458 "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" + 459 "QgAE4yvRGVvy9iVATyuHPJVdX6+lh/GLm/sRJ5qLT/3PVFOoNIvlEVNiARo7xhyj\n" + 460 "2p6bnf32gNg5Ye+QCw20VUv9E6NPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSO\n" + 461 "hHlHZQp9hyBfSGTSQWeszqMXejAfBgNVHSMEGDAWgBTKSOgAwUK9WZt52bS0zj9o\n" + 462 "DMjEDDAKBggqhkjOPQQDAgNJADBGAiEAu3t6cvFglBAZfkhZlEwB04ZjUFqyfiRj\n" + 463 "4Hr275E4ZoQCIQDUEonJHlmA19J6oobfR5lYsmoqPm1r0DPm/IiNNKGKKA==\n" + 464 "-----END CERTIFICATE-----", 465 466 // SHA256withRSA, 2048 bits 467 // Validity 468 // Not Before: Nov 25 04:20:02 2016 GMT 469 // Not After : Aug 12 04:20:02 2036 GMT 470 // Authority Key Identifier: 471 // A2:DC:55:38:E4:47:7C:8B:D3:E0:CA:FA:AD:3A:C8:4A:DD:12:A0:8E 472 "-----BEGIN CERTIFICATE-----\n" + 473 "MIIDdjCCAl6gAwIBAgIJAJDcIGOlAmBmMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + 474 "BAYTAlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2Vy\n" + 475 "aXZjZTAeFw0xNjExMjUwNDIwMDJaFw0zNjA4MTIwNDIwMDJaMFUxCzAJBgNVBAYT\n" + 476 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 477 "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n" + 478 "AQ8AMIIBCgKCAQEAp0dHrifTg2aY0sH03f2JjK2fW4DL6gLDKq0YirsNE07z54LF\n" + 479 "IeeDio49XwPjB7OpbUTC1hf/YKZ7XiRWyPa1rYozZ88emhZt+cpkyKz+nmW4avlA\n" + 480 "WnrV+gx4+bU9T+WuBWdAraBcq27Y1I26yfCEtC8k3+O0sdlHbhasF+BUDmX/n4+n\n" + 481 "ifJdbNm5eSDx8eFYHFTdjhAud3An2X6QD9WWSoJpPdDi4utHhFAlxW6osjJxsAPv\n" + 482 "zo8YsqmpCMjZcEks4ZsqiZKKiWUWUAjCcbMerDPDX29fyeo348uztvJsmNRzfcwl\n" + 483 "FtwxpYdxuZqwHi2QoNaQTGXjjbZFmjn7qEkjXwIDAQABo2MwYTALBgNVHQ8EBAMC\n" + 484 "A+gwHQYDVR0OBBYEFP+henfufE6Znr60lRkmayadVdxnMB8GA1UdIwQYMBaAFKLc\n" + 485 "VTjkR3yL0+DK+q06yErdEqCOMBIGA1UdEQEB/wQIMAaHBH8AAAEwDQYJKoZIhvcN\n" + 486 "AQELBQADggEBAK56pV2XoAIkrHFTCkWtYX518nuvkzN6a6BqPKALQlmlbJnq/lhV\n" + 487 "tPQx79b0j7tow28l2ze/3M0hRb5Ft/d/7mITZNMR+0owk4U51AU2NacRt7fpoxu5\n" + 488 "wX3hTa4VgX2+BAXeoWF+Yzy6Jj5gAVmSLzBnkTUH0d+EyL1pp+DFE3QdvZqf3+nP\n" + 489 "zkxz15h3iW8FwI+7/19MX2j2XB/sG8mJpqoszWw8lM4qCa2eWyCbqSHhPi+/+rGg\n" + 490 "dDG5uzZeOC845GEH2T3tHDA+F3WwcZG/W+4RR6ZaaHlqPKKMcwFL73YbsqdCiKBv\n" + 491 "p6sXrhIiP0oXImRBRLDlidj5TIOLfAtNM9A=\n" + 492 "-----END CERTIFICATE-----", 493 494 // SHA256withDSA, 2048 bits 495 // Validity 496 // Not Before: Nov 25 04:19:56 2016 GMT 497 // Not After : Aug 12 04:19:56 2036 GMT 498 // Authority Key Identifier: 499 // 19:46:10:43:24:6A:A5:14:BE:E2:92:01:79:F0:4C:5F:E1:AE:81:B5 500 "-----BEGIN CERTIFICATE-----\n" + 501 "MIIE2jCCBICgAwIBAgIJAONcI1oba9V9MAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + 502 "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + 503 "Y2UwHhcNMTYxMTI1MDQxOTU2WhcNMzYwODEyMDQxOTU2WjBVMQswCQYDVQQGEwJV\n" + 504 "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Ux\n" + 505 "GDAWBgNVBAMMD1JlZ3Jlc3Npb24gVGVzdDCCA0YwggI5BgcqhkjOOAQBMIICLAKC\n" + 506 "AQEAlrXtlh0gKG/nJ5i48rfNfGBQQYax1QMDN9BTG0yvIK1zdo2BYvGw3X9Bi+n2\n" + 507 "/6GHi3CcbbRV6YIQf1CXHTo/GDvgPBI4DzdJ5w7bLtx2Casel6n12vEptdVlp/AG\n" + 508 "FtNLCFX4gM7sQ7r4tpG9m7Jr9g6o0gT0Q3EVWTQ2s2wMHql8MRdmwJkAsw3aZyXw\n" + 509 "oafWru93MlBQRXsXq4sY/ffOdV+ZDJYkfdhbT1ZUIVce8PNkcZcM7Y7ZDAhTUHkC\n" + 510 "xec4Z4ucqBfMSsKg0rBRtUU/RbQ5V4mjilxl8v/xNUQsYb3QC64fVXcayro93MIM\n" + 511 "/DhS/+/mbv/qTBeoFDEAkDuOEwIhAI5EgZWYfLmcEtGEg/i8Lu+xPFvgJMCk9WZl\n" + 512 "4vmBMjC1AoIBAHZVktjbaTb4hAzp15EYrcuXu08KEasqcaZNu1ROEjNrvRKn0OZM\n" + 513 "GIvMwRj4iAbyRi5PlJNXFaOzRzFcIpkYxBa2Kgy2Jc8DYzccDT/wTSYMtKbNvREB\n" + 514 "3bHGcPIay6qjV5WbHs8uM3dufcSOEP/6Pd0nHdlVJwwbKruxVamlS+m50ReL7Z61\n" + 515 "/oZQeOtxfbuO6ju7jNDV7ML8dgbUf6MQWoaF1Dpvsf4sEdkf0t6A7IhlMyvMBj9P\n" + 516 "Aivvuxes0lZGjGYMSsoH7xtEPJtiE0mzCVmbQ3lhhSU+Z6mBuXpfPAK/TLR3zWHd\n" + 517 "trKog8tcRS1ECX0a4zSE0CUDVj6pKf3EsVgDggEFAAKCAQBEGmdP55PyE3M+Q3fU\n" + 518 "dCGq0sbKw/04xPVhaNYRnRKNR82n+wb8bMCI1vvFqXy1BB6svti4mTHbQZ8+bQXm\n" + 519 "gyce67uYMwIa5BIk6omNGCeW/kd4ruPgyFxeb6O/Y/7w6AWyRmQttlxRA5M5OhSC\n" + 520 "tVS4oVC1KK1EfHAUh7mu8S8GrWJoJAWA3PM97Oy/HSGCEUl6HGEu1m7FHPhOKeYG\n" + 521 "cLkSaov5cbCYO76smHchI+tdUciVqeL3YKQdS+KAzsQoeAZIu/WpbaI1V+5/rSG1\n" + 522 "I94uBITLCjlJfJZ1aredCDrRXOFH7qgSBhM8/WzwFpFCnnpbSKMgrcrKubsFmW9E\n" + 523 "jQhXo2MwYTALBgNVHQ8EBAMCA+gwHQYDVR0OBBYEFNA9PhQOjB+05fxxXPNqe0OT\n" + 524 "doCjMB8GA1UdIwQYMBaAFBlGEEMkaqUUvuKSAXnwTF/hroG1MBIGA1UdEQEB/wQI\n" + 525 "MAaHBH8AAAEwCwYJYIZIAWUDBAMCA0cAMEQCIE0LM2sZi+L8tjH9sgjLEwJmYZvO\n" + 526 "yqNfQnXrkTCb+MLMAiBZLaRTVJrOW3edQjum+SonKKuiN22bRclO6pGuNRCtng==\n" + 527 "-----END CERTIFICATE-----" 528 }; 529 530 // Private key in the format of PKCS#8. 531 private final static String[] endEntityPrivateKeys = { 532 // 533 // EC private key related to cert endEntityCertStrs[0]. 534 // 535 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGAy4Pxrd2keM7AdP\n" + 536 "VNUMEO5iO681v4/tstVGfdXkCTuhRANCAATjK9EZW/L2JUBPK4c8lV1fr6WH8Yub\n" + 537 "+xEnmotP/c9UU6g0i+URU2IBGjvGHKPanpud/faA2Dlh75ALDbRVS/0T", 538 539 // 540 // RSA private key related to cert endEntityCertStrs[1]. 541 // 542 "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCnR0euJ9ODZpjS\n" + 543 "wfTd/YmMrZ9bgMvqAsMqrRiKuw0TTvPngsUh54OKjj1fA+MHs6ltRMLWF/9gpnte\n" + 544 "JFbI9rWtijNnzx6aFm35ymTIrP6eZbhq+UBaetX6DHj5tT1P5a4FZ0CtoFyrbtjU\n" + 545 "jbrJ8IS0LyTf47Sx2UduFqwX4FQOZf+fj6eJ8l1s2bl5IPHx4VgcVN2OEC53cCfZ\n" + 546 "fpAP1ZZKgmk90OLi60eEUCXFbqiyMnGwA+/OjxiyqakIyNlwSSzhmyqJkoqJZRZQ\n" + 547 "CMJxsx6sM8Nfb1/J6jfjy7O28myY1HN9zCUW3DGlh3G5mrAeLZCg1pBMZeONtkWa\n" + 548 "OfuoSSNfAgMBAAECggEAWnAHKPkPObN2XDvQj1RL0WrtBSOVG2dy7Ne4tQh8ATxm\n" + 549 "UXw56CKq03YjaANJ8xgHObQ7QlSnFTHs8PDkmrIHd1OIh09LVDNcMfhilLwyzKBi\n" + 550 "HDO1vzU6Cn5DyX1bMJ8UfodcSIKyl1zOjdwyaItIs8HpRcJuJtk57SME18PIrh9H\n" + 551 "EWchWSxTvPvKDY2bhb4vBMgVPfTQO3yc8gY/1J5vKPqDpyEuCGjV13zd/AoL/u5A\n" + 552 "sG10hQ2veJ9KAn1xwPwEoAkCdNLL8vPB1rCbeMZNamqHZRihfoOgDnnJIf3FtUFF\n" + 553 "8bS2FM2kGQR+05SZdhBmJl0obPrbBWil/2vxqeFrgQKBgQDZl1yQsFss2BKK2VAh\n" + 554 "9PKc8tU1v6RpHQZhJEDSct2slHQS5DF6bWl5kJiPevXSvcnjgoPamZf7Joii+Rds\n" + 555 "3xtPQmRw2vQmXBQzQS1YoRuh4hUlkdFWCjUNNg1kvipue6FO4PVg3ViP7llN8PXK\n" + 556 "rSpVxn0a36UiN9jN2zMOUs6tJwKBgQDEzlqa7DghMli7TUdL44uvD2/ceiHqHMMw\n" + 557 "5eLsEHeRVn/EVU99beKw/dAOGwRssTpCd9h7fwzQ2503/Qb/Goe0nKE7+xvt3/sE\n" + 558 "n2Y8Qfv1W1+hGb2qU2jhQaR5bZrLZp0+BgRuQ4ttpYvzopYe4FLZWhDBA0zsGyu0\n" + 559 "nCi7lUSrCQKBgGeGYW8hyS9r2l6fiEWvsiLEUnbRKFsuiRN82S6HojpzI0q9sWDL\n" + 560 "X6yMBFn3qa/LxpttRGikPTAsJERN+Tw+ZlLuhrU/J3x8wMumDfomJOx/kYofd5bV\n" + 561 "ImqXtgWhiLSqM5RA6d5dUb6hK3Iu2/LDMuo+ltVLZNkD8y32RbNh6J1vAoGAbLqQ\n" + 562 "pgyhSf3Vtc0Q+aVB87p0k3tKJ1wynl4zSzYhyMLgHakAHIzL8/qVqmVUwXP8euJZ\n" + 563 "UIk1nGHobxk0d1XB6Y+rKEcn+/iFZt1ljx7pQ3ly0L824NXqGKC6bHeYUI1li/Gp\n" + 564 "Gv3oFvCh7D1D8NUAEKLIpMndAohUUhkAC/qAkHkCgYEAzSIarDNquayV+umC1SXm\n" + 565 "Zo6XLuzWjudLxPd2lyCfwR2aRKlrb+5OFYErX+RSLyCJmaqVZMyXP09PBIvNXu2Z\n" + 566 "+gbx5WUC+kA+6zdKEPXowei6i6EHMXYT2AL7395ZbPajZjsCduE3WuUztuHrhtMm\n" + 567 "JI+k1o4rCnSLlX4gWdN1oTs=", 568 569 // 570 // DSA private key related to cert endEntityCertStrs[2]. 571 // 572 "MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCWte2WHSAob+cnmLjyt818YFBB\n" + 573 "hrHVAwM30FMbTK8grXN2jYFi8bDdf0GL6fb/oYeLcJxttFXpghB/UJcdOj8YO+A8\n" + 574 "EjgPN0nnDtsu3HYJqx6XqfXa8Sm11WWn8AYW00sIVfiAzuxDuvi2kb2bsmv2DqjS\n" + 575 "BPRDcRVZNDazbAweqXwxF2bAmQCzDdpnJfChp9au73cyUFBFexerixj99851X5kM\n" + 576 "liR92FtPVlQhVx7w82RxlwztjtkMCFNQeQLF5zhni5yoF8xKwqDSsFG1RT9FtDlX\n" + 577 "iaOKXGXy//E1RCxhvdALrh9VdxrKuj3cwgz8OFL/7+Zu/+pMF6gUMQCQO44TAiEA\n" + 578 "jkSBlZh8uZwS0YSD+Lwu77E8W+AkwKT1ZmXi+YEyMLUCggEAdlWS2NtpNviEDOnX\n" + 579 "kRity5e7TwoRqypxpk27VE4SM2u9EqfQ5kwYi8zBGPiIBvJGLk+Uk1cVo7NHMVwi\n" + 580 "mRjEFrYqDLYlzwNjNxwNP/BNJgy0ps29EQHdscZw8hrLqqNXlZsezy4zd259xI4Q\n" + 581 "//o93Scd2VUnDBsqu7FVqaVL6bnRF4vtnrX+hlB463F9u47qO7uM0NXswvx2BtR/\n" + 582 "oxBahoXUOm+x/iwR2R/S3oDsiGUzK8wGP08CK++7F6zSVkaMZgxKygfvG0Q8m2IT\n" + 583 "SbMJWZtDeWGFJT5nqYG5el88Ar9MtHfNYd22sqiDy1xFLUQJfRrjNITQJQNWPqkp\n" + 584 "/cSxWAQiAiAKHYbYwEy0XS9J0MeKQmqPswn0nCJKvH+esfMKkZvV3w==" 585 }; 586 587 // Private key names of endEntityPrivateKeys. 588 private final static String[] endEntityPrivateKeyNames = { 589 "EC", 590 "RSA", 591 "DSA", 592 }; 593 594 /* 595 * Create an instance of SSLContext with the specified trust/key materials. 596 */ 597 private SSLContext createSSLContext( 598 String[] trustedMaterials, 599 String[] keyMaterialCerts, 600 String[] keyMaterialKeys, 601 String[] keyMaterialKeyAlgs, 602 ContextParameters params) throws Exception { 603 604 KeyStore ts = null; // trust store 605 KeyStore ks = null; // key store 606 char passphrase[] = "passphrase".toCharArray(); 607 608 // Generate certificate from cert string. 609 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 610 611 // Import the trused certs. 612 ByteArrayInputStream is; 613 if (trustedMaterials != null && trustedMaterials.length != 0) { 614 ts = KeyStore.getInstance("JKS"); 615 ts.load(null, null); 616 617 Certificate[] trustedCert = 618 new Certificate[trustedMaterials.length]; 619 for (int i = 0; i < trustedMaterials.length; i++) { 620 String trustedCertStr = trustedMaterials[i]; 621 622 is = new ByteArrayInputStream(trustedCertStr.getBytes()); 623 try { 624 trustedCert[i] = cf.generateCertificate(is); 625 } finally { 626 is.close(); 627 } 628 629 ts.setCertificateEntry("trusted-cert-" + i, trustedCert[i]); 630 } 631 } 632 633 // Import the key materials. 634 // 635 // Note that certification pathes bigger than one are not supported yet. 636 boolean hasKeyMaterials = 637 (keyMaterialCerts != null) && (keyMaterialCerts.length != 0) && 638 (keyMaterialKeys != null) && (keyMaterialKeys.length != 0) && 639 (keyMaterialKeyAlgs != null) && (keyMaterialKeyAlgs.length != 0) && 640 (keyMaterialCerts.length == keyMaterialKeys.length) && 641 (keyMaterialCerts.length == keyMaterialKeyAlgs.length); 642 if (hasKeyMaterials) { 643 ks = KeyStore.getInstance("JKS"); 644 ks.load(null, null); 645 646 for (int i = 0; i < keyMaterialCerts.length; i++) { 647 String keyCertStr = keyMaterialCerts[i]; 648 649 // generate the private key. 650 PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( 651 Base64.getMimeDecoder().decode(keyMaterialKeys[i])); 652 KeyFactory kf = 653 KeyFactory.getInstance(keyMaterialKeyAlgs[i]); 654 PrivateKey priKey = kf.generatePrivate(priKeySpec); 655 656 // generate certificate chain 657 is = new ByteArrayInputStream(keyCertStr.getBytes()); 658 Certificate keyCert = null; 659 try { 660 keyCert = cf.generateCertificate(is); 661 } finally { 662 is.close(); 663 } 664 665 Certificate[] chain = new Certificate[] { keyCert }; 666 667 // import the key entry. 668 ks.setKeyEntry("cert-" + keyMaterialKeyAlgs[i], 669 priKey, passphrase, chain); 670 } 671 } 672 673 // Create an SSLContext object. 674 TrustManagerFactory tmf = 675 TrustManagerFactory.getInstance(params.tmAlgorithm); 676 tmf.init(ts); 677 678 SSLContext context = SSLContext.getInstance(params.contextProtocol); 679 if (hasKeyMaterials && ks != null) { 680 KeyManagerFactory kmf = 681 KeyManagerFactory.getInstance(params.kmAlgorithm); 682 kmf.init(ks, passphrase); 683 684 context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 685 } else { 686 context.init(null, tmf.getTrustManagers(), null); 687 } 688 689 return context; 690 } 691 692 /* 693 * ================================================= 694 * Stuffs to boot up the client-server mode testing. 695 */ 696 private Thread clientThread = null; 697 private Thread serverThread = null; 698 private volatile Exception serverException = null; 699 private volatile Exception clientException = null; 700 701 /* 702 * Should we run the client or server in a separate thread? 703 * Both sides can throw exceptions, but do you have a preference 704 * as to which side should be the main thread. 705 */ 706 private static final boolean separateServerThread = false; 707 708 /* 709 * Boot up the testing, used to drive remainder of the test. 710 */ 711 private void bootup() throws Exception { 712 Exception startException = null; 713 try { 714 if (separateServerThread) { 715 startServer(true); 716 startClient(false); 717 } else { 718 startClient(true); 719 startServer(false); 720 } 721 } catch (Exception e) { 722 startException = e; 723 } 724 725 /* 726 * Wait for other side to close down. 727 */ 728 if (separateServerThread) { 729 if (serverThread != null) { 730 serverThread.join(); 731 } 732 } else { 733 if (clientThread != null) { 734 clientThread.join(); 735 } 736 } 737 738 /* 739 * When we get here, the test is pretty much over. 740 * Which side threw the error? 741 */ 742 Exception local; 743 Exception remote; 744 745 if (separateServerThread) { 746 remote = serverException; 747 local = clientException; 748 } else { 749 remote = clientException; 750 local = serverException; 751 } 752 753 Exception exception = null; 754 755 /* 756 * Check various exception conditions. 757 */ 758 if ((local != null) && (remote != null)) { 759 // If both failed, return the curthread's exception. 760 local.initCause(remote); 761 exception = local; 762 } else if (local != null) { 763 exception = local; 764 } else if (remote != null) { 765 exception = remote; 766 } else if (startException != null) { 767 exception = startException; 768 } 769 770 /* 771 * If there was an exception *AND* a startException, 772 * output it. 773 */ 774 if (exception != null) { 775 if (exception != startException && startException != null) { 776 exception.addSuppressed(startException); 777 } 778 throw exception; 779 } 780 781 // Fall-through: no exception to throw! 782 } 783 784 private void startServer(boolean newThread) throws Exception { 785 if (newThread) { 786 serverThread = new Thread() { 787 @Override 788 public void run() { 789 try { 790 doServerSide(); 791 } catch (Exception e) { 792 /* 793 * Our server thread just died. 794 * 795 * Release the client, if not active already... 796 */ 797 logException("Server died", e); 798 serverException = e; 799 } 800 } 801 }; 802 serverThread.start(); 803 } else { 804 try { 805 doServerSide(); 806 } catch (Exception e) { 807 logException("Server failed", e); 808 serverException = e; 809 } 810 } 811 } 812 813 private void startClient(boolean newThread) throws Exception { 814 if (newThread) { 815 clientThread = new Thread() { 816 @Override 817 public void run() { 818 try { 819 doClientSide(); 820 } catch (Exception e) { 821 /* 822 * Our client thread just died. 823 */ 824 logException("Client died", e); 825 clientException = e; 826 } 827 } 828 }; 829 clientThread.start(); 830 } else { 831 try { 832 doClientSide(); 833 } catch (Exception e) { 834 logException("Client failed", e); 835 clientException = e; 836 } 837 } 838 } 839 840 private synchronized void logException(String prefix, Throwable cause) { 841 System.out.println(prefix + ": " + cause); 842 cause.printStackTrace(System.out); 843 } 844} 845