1/* 2 * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24import java.io.*; 25import java.net.*; 26 27import java.security.cert.Certificate; 28 29import javax.net.ssl.*; 30 31class JSSEClient extends CipherTest.Client { 32 33 private final SSLContext sslContext; 34 private final MyX509KeyManager keyManager; 35 36 JSSEClient(CipherTest cipherTest) throws Exception { 37 super(cipherTest); 38 this.keyManager = new MyX509KeyManager(CipherTest.keyManager); 39 sslContext = SSLContext.getInstance("TLS"); 40 } 41 42 void runTest(CipherTest.TestParameters params) throws Exception { 43 SSLSocket socket = null; 44 try { 45 keyManager.setAuthType(params.clientAuth); 46 sslContext.init( 47 new KeyManager[] { keyManager }, 48 new TrustManager[] { CipherTest.trustManager }, 49 CipherTest.secureRandom); 50 SSLSocketFactory factory 51 = (SSLSocketFactory) sslContext.getSocketFactory(); 52 53 socket = (SSLSocket) factory.createSocket(); 54 try { 55 socket.connect(new InetSocketAddress("127.0.0.1", 56 CipherTest.serverPort), 15000); 57 } catch (IOException ioe) { 58 // The server side may be impacted by naughty test cases or 59 // third party routines, and cannot accept connections. 60 // 61 // Just ignore the test if the connection cannot be 62 // established. 63 System.out.println( 64 "Cannot make a connection in 15 seconds. " + 65 "Ignore in client side."); 66 return; 67 } 68 69 socket.setSoTimeout(CipherTest.TIMEOUT); 70 socket.setEnabledCipherSuites(new String[] {params.cipherSuite}); 71 socket.setEnabledProtocols(new String[] {params.protocol}); 72 InputStream in = socket.getInputStream(); 73 OutputStream out = socket.getOutputStream(); 74 sendRequest(in, out); 75 socket.close(); 76 SSLSession session = socket.getSession(); 77 session.invalidate(); 78 String cipherSuite = session.getCipherSuite(); 79 if (params.cipherSuite.equals(cipherSuite) == false) { 80 throw new Exception("Negotiated ciphersuite mismatch: " + cipherSuite + " != " + params.cipherSuite); 81 } 82 String protocol = session.getProtocol(); 83 if (params.protocol.equals(protocol) == false) { 84 throw new Exception("Negotiated protocol mismatch: " + protocol + " != " + params.protocol); 85 } 86 if (cipherSuite.indexOf("DH_anon") == -1) { 87 session.getPeerCertificates(); 88 } 89 Certificate[] certificates = session.getLocalCertificates(); 90 if (params.clientAuth == null) { 91 if (certificates != null) { 92 throw new Exception("Local certificates should be null"); 93 } 94 } else { 95 if ((certificates == null) || (certificates.length == 0)) { 96 throw new Exception("Certificates missing"); 97 } 98 String keyAlg = certificates[0].getPublicKey().getAlgorithm(); 99 if (keyAlg.equals("EC")) { 100 keyAlg = "ECDSA"; 101 } 102 if (params.clientAuth != keyAlg) { 103 throw new Exception("Certificate type mismatch: " + keyAlg + " != " + params.clientAuth); 104 } 105 } 106 } finally { 107 if (socket != null) { 108 socket.close(); 109 } 110 } 111 } 112 113} 114