| /* |
| * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| import java.io.ByteArrayInputStream; |
| import java.io.EOFException; |
| import java.io.File; |
| import java.io.FileInputStream; |
| import java.io.FileNotFoundException; |
| import java.io.IOException; |
| import java.io.InputStream; |
| import java.io.OutputStream; |
| import java.net.Socket; |
| import java.security.KeyFactory; |
| import java.security.KeyStore; |
| import java.security.KeyStoreException; |
| import java.security.NoSuchAlgorithmException; |
| import java.security.Principal; |
| import java.security.PrivateKey; |
| import java.security.SecureRandom; |
| import java.security.UnrecoverableKeyException; |
| import java.security.cert.Certificate; |
| import java.security.cert.CertificateException; |
| import java.security.cert.CertificateFactory; |
| import java.security.cert.X509Certificate; |
| import java.security.interfaces.RSAPrivateKey; |
| import java.security.spec.InvalidKeySpecException; |
| import java.security.spec.PKCS8EncodedKeySpec; |
| import java.util.ArrayList; |
| import java.util.Arrays; |
| import java.util.Base64; |
| import java.util.Collections; |
| import java.util.List; |
| import javax.net.ssl.KeyManagerFactory; |
| import javax.net.ssl.SSLEngine; |
| import javax.net.ssl.SSLServerSocket; |
| import javax.net.ssl.SSLSocket; |
| import javax.net.ssl.SSLSocketFactory; |
| import javax.net.ssl.TrustManager; |
| import javax.net.ssl.TrustManagerFactory; |
| import javax.net.ssl.X509ExtendedKeyManager; |
| import javax.net.ssl.X509TrustManager; |
| |
| /** |
| * Test that all ciphersuites work in all versions and all client authentication |
| * types. The way this is setup the server is stateless and all checking is done |
| * on the client side. |
| */ |
| |
| public class CipherTestUtils { |
| |
| public static final int TIMEOUT = 20 * 1000; |
| public static final SecureRandom secureRandom = new SecureRandom(); |
| public static char[] PASSWORD = "passphrase".toCharArray(); |
| private static final List<TestParameters> TESTS = new ArrayList<>(3); |
| private static final List<Exception> EXCEPTIONS |
| = Collections.synchronizedList(new ArrayList<>(1)); |
| |
| private static final String CLIENT_PUBLIC_KEY |
| = "-----BEGIN CERTIFICATE-----\n" |
| + "MIICtTCCAh4CCQDkYJ46DMcGRjANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMC\n" |
| + "VVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR8wHQYDVQQK\n" |
| + "DBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMSYwJAYDVQQLDB1TdW4gTWljcm9zeXN0\n" |
| + "ZW1zIExhYm9yYXRvcmllczEfMB0GA1UEAwwWVGVzdCBDQSAoMTAyNCBiaXQgUlNB\n" |
| + "KTAeFw0wOTA0MjcwNDA0MDhaFw0xMzA2MDUwNDA0MDhaMIGgMQswCQYDVQQGEwJV\n" |
| + "UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHzAdBgNVBAoM\n" |
| + "FlN1biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsMHVN1biBNaWNyb3N5c3Rl\n" |
| + "bXMgTGFib3JhdG9yaWVzMSMwIQYDVQQDDBpUZXN0IENsaWVudCAoMTAyNCBiaXQg\n" |
| + "UlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAm5rwjmhO7Nwd5GWs+KvQ\n" |
| + "UnDiqpRDvRriOUFdF0rCI2Op24C+iwUMDGxPsgP7VkUpOdJhw3c72aP0CAWcZ5dN\n" |
| + "UCW7WVDAxnogCahLCir1jjoGdEjiNGOy0L9sypsM9UvBzJN8uvXsxsTZX4Z88cKU\n" |
| + "G7RUvN8LQ88zDljk5zr3c2MCAwEAATANBgkqhkiG9w0BAQUFAAOBgQA7LUDrzHln\n" |
| + "EXuGmwZeeroACB6DVtkClMskF/Pj5GnTxoeNN9DggycX/eOeIDKRloHuMpBeZPJH\n" |
| + "NUwFu4LB6HBDeldQD9iRp8zD/fPakOdN+1Gk5hciIZZJ5hQmeCl7Va2Gr64vUqZG\n" |
| + "MkVU755t+7ByLgzWuhPhhsX9QCuPR5FjvQ==\n" |
| + "-----END CERTIFICATE-----"; |
| |
| private static final String CLIENT_PRIVATE_KEY |
| = "-----BEGIN PRIVATE KEY-----\n" |
| + "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJua8I5oTuzcHeRl\n" |
| + "rPir0FJw4qqUQ70a4jlBXRdKwiNjqduAvosFDAxsT7ID+1ZFKTnSYcN3O9mj9AgF\n" |
| + "nGeXTVAlu1lQwMZ6IAmoSwoq9Y46BnRI4jRjstC/bMqbDPVLwcyTfLr17MbE2V+G\n" |
| + "fPHClBu0VLzfC0PPMw5Y5Oc693NjAgMBAAECgYA5w73zj8Nk6J3sMNaShe3S/PcY\n" |
| + "TewLopRCnwI46FbDnnbq9pNFtnzvi7HWKuY983THc1M5peTA+b1Y0QRr7F4Vg4x9\n" |
| + "9UM0B/tZcIIcJJ3LS+9fXKCbYLQWq5F05JqeZu+i+QLmJFO5+2p7laeQ4oQfW7QE\n" |
| + "YR4u2mSaLe0SsqHvOQJBAMhgcye9C6pJO0eo2/VtRxAXI7zxNAIjHwKo1cva7bhu\n" |
| + "GdrMaEAJBAsMJ1GEk7/WDI+3KEbTjQdfIJuAvOR4FXUCQQDGzNn/tl2k93v/ugyM\n" |
| + "/tBhCKDipYDIbyJMoG2AOtOGmCsiGo5L7idO4OAcm/QiHBQMXjFIVgTUcH8MhGj4\n" |
| + "blJ3AkA5fUqsxRV6tuYWKkFpif/QgwMS65VDY7Y6+hvVECwSNSyf1PO4I54QWV1S\n" |
| + "ixok+RHDjgY1Q+77hXSCiQ4o8rcdAkBHvjfR+5sx5IpgUGElJPRIgFenU3j1XH3x\n" |
| + "T1gVFaWuhg3S4eiGaGzRH4BhcrqY8K8fg4Kfi0N08yA2gTZsqUujAkEAjuNPTuKx\n" |
| + "ti0LXI09kbGUqOpRMm1zW5TD6LFeEaUN6oxrSZI2YUvu7VyotAqsxX5O0u0f3VQw\n" |
| + "ySF0Q1oZ6qu7cg==\n" |
| + "-----END PRIVATE KEY-----"; |
| private static final String SERVER_PUBLIC_KEY |
| = "-----BEGIN CERTIFICATE-----\n" |
| + "MIICtTCCAh4CCQDkYJ46DMcGRTANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMC\n" |
| + "VVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR8wHQYDVQQK\n" |
| + "DBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMSYwJAYDVQQLDB1TdW4gTWljcm9zeXN0\n" |
| + "ZW1zIExhYm9yYXRvcmllczEfMB0GA1UEAwwWVGVzdCBDQSAoMTAyNCBiaXQgUlNB\n" |
| + "KTAeFw0wOTA0MjcwNDA0MDhaFw0xMzA2MDUwNDA0MDhaMIGgMQswCQYDVQQGEwJV\n" |
| + "UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHzAdBgNVBAoM\n" |
| + "FlN1biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsMHVN1biBNaWNyb3N5c3Rl\n" |
| + "bXMgTGFib3JhdG9yaWVzMSMwIQYDVQQDDBpUZXN0IFNlcnZlciAoMTAyNCBiaXQg\n" |
| + "UlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsHHeZ1O67yuxQKDSAOC\n" |
| + "Xm271ViwBrXkxe5cvhG8MCCem6Z3XeZ/m6c2ucRwLaQxnmG1m0G6/OYaUXTivjcG\n" |
| + "/K4bc1I+yjghAWQNLBtsOiP9w0LKibg3TSDehpeuuz/lmB5A4HMqQr8KkY4K7peD\n" |
| + "1QkJ2Dn3zhbwQ/0d8f5CCbkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBOd8XojEnu\n" |
| + "eTUHBwqfmnvRQvbICFDNbbL4KuX/JNPSy1WMGAEbNCTLZ+5yP69js8aUYqAk5vVf\n" |
| + "dWRLU3MDiEzW7zxE1ubuKWjVuyGbG8Me0G01Hw+evBcZqB64Fz3OFISVfQh7MqE/\n" |
| + "O0AeakRMH350FRLNl4o6KBSXmF/AADfqQQ==\n" |
| + "-----END CERTIFICATE-----"; |
| |
| private static final String SERVER_PRIVATE_KEY |
| = "-----BEGIN PRIVATE KEY-----\n" |
| + "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAK7Bx3mdTuu8rsUC\n" |
| + "g0gDgl5tu9VYsAa15MXuXL4RvDAgnpumd13mf5unNrnEcC2kMZ5htZtBuvzmGlF0\n" |
| + "4r43BvyuG3NSPso4IQFkDSwbbDoj/cNCyom4N00g3oaXrrs/5ZgeQOBzKkK/CpGO\n" |
| + "Cu6Xg9UJCdg5984W8EP9HfH+Qgm5AgMBAAECgYAXUv+3qJo+9mjxHHu/IdDFn6nB\n" |
| + "ONwNmTtWe5DfQWi3l7LznU0zOC9x6+hu9NvwC4kf1XSyqxw04tVCZ/JXZurEmEBz\n" |
| + "YtcQ5idRQDkKYXEDOeVUfvtHO6xilzrhPKxxd0GG/sei2pozikkqnYF3OcP0qL+a\n" |
| + "3nWixZQBRoF2nIRLcQJBAN97TJBr0XTRmE7OCKLUy1+ws7vZB9uQ2efHMsgwOpsY\n" |
| + "3cEW5qd95hrxLU72sBeu9loHQgBrT2Q3OAxnsPXmgO0CQQDIL3u9kS/O3Ukx+n1H\n" |
| + "JdPFQCRxrDm/vtJpQEmq+mLqxxnxCFRIYQ2ieAPokBxWeMDtdWJGD3VxhahjPfZm\n" |
| + "5K59AkEAuDVl0tVMfUIWjT5/F9jXGjUIsZofQ/iN5OLpFOHMLPO+Nd6umPjJpwON\n" |
| + "GT11wM/S+DprSPUrJ6vsYy1FTCuHsQJBAMXtnO07xgdE6AAQaRmVnyMiXmY+IQMj\n" |
| + "CyuhsrToyDDWFyIoWB0QSMjg3QxuoHYnAqpGK5qV4ksSGgG13BCz/okCQQCRHTgn\n" |
| + "DuFG2f7GYLFjI4NaTEzHGp+J9LiNYY1kYYLonpwAC3Z5hzJVanYT3/g23AUZ/fdF\n" |
| + "v5PDIViuPo5ZB1eD\n" |
| + "-----END PRIVATE KEY-----"; |
| |
| private static final String CA_PUBLIC_KEY |
| = "-----BEGIN CERTIFICATE-----\n" |
| + "MIIDCDCCAnGgAwIBAgIJAIYlGfwNBY6NMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD\n" |
| + "VQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHzAd\n" |
| + "BgNVBAoMFlN1biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsMHVN1biBNaWNy\n" |
| + "b3N5c3RlbXMgTGFib3JhdG9yaWVzMR8wHQYDVQQDDBZUZXN0IENBICgxMDI0IGJp\n" |
| + "dCBSU0EpMB4XDTA5MDQyNzA0MDQwOFoXDTEzMDYwNTA0MDQwOFowgZwxCzAJBgNV\n" |
| + "BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEfMB0G\n" |
| + "A1UECgwWU3VuIE1pY3Jvc3lzdGVtcywgSW5jLjEmMCQGA1UECwwdU3VuIE1pY3Jv\n" |
| + "c3lzdGVtcyBMYWJvcmF0b3JpZXMxHzAdBgNVBAMMFlRlc3QgQ0EgKDEwMjQgYml0\n" |
| + "IFJTQSkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOK4DJxxb0XX6MJ1CVjp\n" |
| + "9Gmr/Ua8MS12R58F9lDpSKuq8cFexA4W7OdZ4jtbKv0tRHX5YxmbnXedwS+gdcOA\n" |
| + "GRgXMoeXlgTFGpdL+TR8xKIlMGRSjnR7MpR2tRyIYI2p+UTEiD6LTlIm5Wh4z1q8\n" |
| + "LYbxyMVD1XNNNymvPM44OjsBAgMBAAGjUDBOMB0GA1UdDgQWBBT27BLUflmfdtbi\n" |
| + "WTgjwWnoxop2MTAfBgNVHSMEGDAWgBT27BLUflmfdtbiWTgjwWnoxop2MTAMBgNV\n" |
| + "HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEQELNzhZpjnSgigd+QJ6I/3CPDo\n" |
| + "SDkMLdP1BHlT/DkMIZvABm+M09ePNlWiLYCNCsL9nWmX0gw0rFDKsTklZyKTUzaM\n" |
| + "oy/AZCrAaoIc6SO5m1xE1RMyVxd/Y/kg6cbfWxxCJFlMeU5rsSdC97HTE/lDyuoh\n" |
| + "BmlOBB7SdR+1ScjA\n" |
| + "-----END CERTIFICATE-----"; |
| |
| private static final String CA_PRIVATE_KEY |
| = "-----BEGIN PRIVATE KEY-----\n" |
| + "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOK4DJxxb0XX6MJ1\n" |
| + "CVjp9Gmr/Ua8MS12R58F9lDpSKuq8cFexA4W7OdZ4jtbKv0tRHX5YxmbnXedwS+g\n" |
| + "dcOAGRgXMoeXlgTFGpdL+TR8xKIlMGRSjnR7MpR2tRyIYI2p+UTEiD6LTlIm5Wh4\n" |
| + "z1q8LYbxyMVD1XNNNymvPM44OjsBAgMBAAECgYEApmMOlk3FrQtsvjGof4GLp3Xa\n" |
| + "tmvs54FzxKhagj0C4UHelNyYpAJ9MLjNiGQ7I31yTeaNrUCAi0XSfsKTSrwbLSnJ\n" |
| + "qsUPKMBrnzcWrOyui2+cupHZXaTlNeYB97teLJYpa6Ql9CZLoTHoim1+//s7diBh\n" |
| + "03Vls+M6Poi5PMvv59UCQQD+k/BiokmbBgWHfBY5cZSlx3Z4VTwSHJmHDTO3Tjso\n" |
| + "EVErXUSVvqD/KHX6eM4VPM8lySV5djWV8lDsESCWMtiLAkEA4/xFNsiOLMQpxW/O\n" |
| + "bt2tukxJkAxldD4lPoFZR+zbXtMtt8OjERtX2wD+nj6h7jfIeSyVuBEcBN8Uj8xe\n" |
| + "kgfgIwJAPbKG4LCqHAsCjgpRrIxNVTwZByLJEy6hOqzFathn19cSj+rjs1Lm28/n\n" |
| + "f9OFRnpdTbAJB/3REM0QNZYVCrG57wJBAN0KuTytZJNouaswhPCew5Kt5mDgc/kp\n" |
| + "S8j3dk2zCto8W8Ygy1iJrzuqEjPxO+UQdrFtlde51vWuKGxnVIW3VwsCQEldqk7r\n" |
| + "8y7PgquPP+k3L0OXno5wGBrPcW1+U0mhIZGnwSzE4SPX2ddqUSEUA/Av4RjAckL/\n" |
| + "fpqmCkpTanyYW9U=\n" |
| + "-----END PRIVATE KEY-----"; |
| |
| private final SSLSocketFactory factory; |
| private final X509ExtendedKeyManager clientKeyManager; |
| private final X509ExtendedKeyManager serverKeyManager; |
| private final X509TrustManager clientTrustManager; |
| private final X509TrustManager serverTrustManager; |
| |
| static abstract class Server implements Runnable, AutoCloseable { |
| |
| final CipherTestUtils cipherTest; |
| |
| Server(CipherTestUtils cipherTest) throws Exception { |
| this.cipherTest = cipherTest; |
| } |
| |
| @Override |
| public abstract void run(); |
| |
| abstract int getPort(); |
| |
| void handleRequest(InputStream in, OutputStream out) |
| throws IOException { |
| boolean newline = false; |
| StringBuilder sb = new StringBuilder(); |
| while (true) { |
| int ch = in.read(); |
| if (ch < 0) { |
| throw new EOFException(); |
| } |
| sb.append((char) ch); |
| if (ch == '\r') { |
| // empty |
| } else if (ch == '\n') { |
| if (newline) { |
| // 2nd newline in a row, end of request |
| break; |
| } |
| newline = true; |
| } else { |
| newline = false; |
| } |
| } |
| String request = sb.toString(); |
| if (request.startsWith("GET / HTTP/1.") == false) { |
| throw new IOException("Invalid request: " + request); |
| } |
| out.write("HTTP/1.0 200 OK\r\n\r\n".getBytes()); |
| out.write("Tested Scenario: ".getBytes()); |
| TestParameters tp = (TestParameters) CipherTestUtils.TESTS.get(0); |
| out.write(tp.toString().getBytes()); |
| out.write(" Test PASSED.".getBytes()); |
| } |
| } |
| |
| public static class TestParameters { |
| |
| final String cipherSuite; |
| final String protocol; |
| final String clientAuth; |
| |
| TestParameters(String cipherSuite, String protocol, String clientAuth) { |
| this.cipherSuite = cipherSuite; |
| this.protocol = protocol; |
| this.clientAuth = clientAuth; |
| } |
| |
| boolean isEnabled() { |
| return true; |
| } |
| |
| @Override |
| public String toString() { |
| String s = cipherSuite + " in " + protocol + " mode"; |
| if (clientAuth != null) { |
| s += " with " + clientAuth + " client authentication"; |
| } |
| return s; |
| } |
| } |
| |
| private static volatile CipherTestUtils instance = null; |
| |
| public static CipherTestUtils getInstance() throws Exception { |
| if (instance == null) { |
| synchronized (CipherTestUtils.class) { |
| if (instance == null) { |
| instance = new CipherTestUtils(); |
| } |
| } |
| } |
| return instance; |
| } |
| |
| public static void setTestedArguments(String protocol, String ciphersuite) { |
| ciphersuite = ciphersuite.trim(); |
| TestParameters params = new TestParameters(ciphersuite, protocol, null); |
| TESTS.add(params); |
| } |
| |
| public X509ExtendedKeyManager getClientKeyManager() { |
| return clientKeyManager; |
| } |
| |
| public X509TrustManager getClientTrustManager() { |
| return clientTrustManager; |
| } |
| |
| public X509ExtendedKeyManager getServerKeyManager() { |
| return serverKeyManager; |
| } |
| |
| public X509TrustManager getServerTrustManager() { |
| return serverTrustManager; |
| } |
| |
| public static void addFailure(Exception e) { |
| EXCEPTIONS.add(e); |
| } |
| |
| private CipherTestUtils() throws Exception { |
| factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); |
| KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY, |
| SERVER_PRIVATE_KEY); |
| KeyStore serverTrustStore = createServerKeyStore(CA_PUBLIC_KEY, |
| CA_PRIVATE_KEY); |
| |
| if (serverKeyStore != null) { |
| KeyManagerFactory keyFactory = KeyManagerFactory.getInstance( |
| KeyManagerFactory.getDefaultAlgorithm()); |
| keyFactory.init(serverKeyStore, PASSWORD); |
| serverKeyManager = (X509ExtendedKeyManager) |
| keyFactory.getKeyManagers()[0]; |
| } else { |
| serverKeyManager = null; |
| } |
| serverTrustManager = serverTrustStore != null |
| ? new AlwaysTrustManager(serverTrustStore) : null; |
| |
| KeyStore clientKeyStore, clientTrustStore; |
| clientTrustStore = serverTrustStore; |
| clientKeyStore = |
| createServerKeyStore(CLIENT_PUBLIC_KEY,CLIENT_PRIVATE_KEY); |
| if (clientKeyStore != null) { |
| KeyManagerFactory keyFactory = KeyManagerFactory.getInstance( |
| KeyManagerFactory.getDefaultAlgorithm()); |
| keyFactory.init(clientKeyStore, PASSWORD); |
| clientKeyManager = (X509ExtendedKeyManager) |
| keyFactory.getKeyManagers()[0]; |
| } else { |
| clientKeyManager = null; |
| } |
| clientTrustManager = (clientTrustStore != null) |
| ? new AlwaysTrustManager(clientTrustStore) : null; |
| } |
| |
| void checkResult(String exception) throws Exception { |
| if (EXCEPTIONS.size() >= 1) { |
| Exception actualException = EXCEPTIONS.get(0); |
| if (exception == null) { |
| throw new RuntimeException("FAILED: got unexpected exception: " |
| + actualException); |
| } |
| if (!exception.equals(actualException.getClass().getName())) { |
| throw new RuntimeException("FAILED: got unexpected exception: " |
| + actualException); |
| } |
| |
| System.out.println("PASSED: got expected exception: " |
| + actualException); |
| } else { |
| if (exception != null) { |
| throw new RuntimeException("FAILED: " + exception |
| + " was expected"); |
| } |
| System.out.println("PASSED"); |
| } |
| } |
| |
| SSLSocketFactory getFactory() { |
| return factory; |
| } |
| |
| static abstract class Client implements Runnable { |
| |
| final CipherTestUtils cipherTest; |
| TestParameters testedParams; |
| |
| Client(CipherTestUtils cipherTest) throws Exception { |
| this.cipherTest = cipherTest; |
| } |
| |
| Client(CipherTestUtils cipherTest, String testedCipherSuite) |
| throws Exception { |
| this.cipherTest = cipherTest; |
| } |
| |
| @Override |
| public final void run() { |
| |
| TESTS.stream().map((params) -> { |
| if (!params.isEnabled()) { |
| System.out.println("Skipping disabled test " + params); |
| } |
| return params; |
| }).forEach((params) -> { |
| try { |
| System.out.println("Testing " + params); |
| runTest(params); |
| System.out.println("Passed " + params); |
| } catch (Exception e) { |
| CipherTestUtils.addFailure(e); |
| System.out.println("** Failed " + params |
| + "**, got exception:"); |
| e.printStackTrace(System.out); |
| } |
| }); |
| } |
| |
| abstract void runTest(TestParameters params) throws Exception; |
| |
| void sendRequest(InputStream in, OutputStream out) throws IOException { |
| out.write("GET / HTTP/1.0\r\n\r\n".getBytes()); |
| out.flush(); |
| StringBuilder sb = new StringBuilder(); |
| while (true) { |
| int ch = in.read(); |
| if (ch < 0) { |
| break; |
| } |
| sb.append((char) ch); |
| } |
| String response = sb.toString(); |
| if (response.startsWith("HTTP/1.0 200 ") == false) { |
| throw new IOException("Invalid response: " + response); |
| } else { |
| System.out.println(); |
| System.out.println("--- Response --- "); |
| System.out.println(response); |
| System.out.println("---------------- "); |
| } |
| } |
| } |
| |
| public static void printStringArray(String[] stringArray) { |
| System.out.println(Arrays.toString(stringArray)); |
| System.out.println(); |
| } |
| |
| public static void printInfo(SSLServerSocket socket) { |
| System.out.println(); |
| System.out.println("--- SSL ServerSocket Info ---"); |
| System.out.print("SupportedProtocols : "); |
| printStringArray(socket.getSupportedProtocols()); |
| System.out.print("SupportedCipherSuites : "); |
| printStringArray(socket.getSupportedCipherSuites()); |
| System.out.print("EnabledProtocols : "); |
| printStringArray(socket.getEnabledProtocols()); |
| System.out.print("EnabledCipherSuites : "); |
| String[] supportedCipherSuites = socket.getEnabledCipherSuites(); |
| Arrays.sort(supportedCipherSuites); |
| printStringArray(supportedCipherSuites); |
| System.out.println("NeedClientAuth : " |
| + socket.getNeedClientAuth()); |
| System.out.println("WantClientAuth : " |
| + socket.getWantClientAuth()); |
| System.out.println("-----------------------"); |
| } |
| |
| public static void printInfo(SSLSocket socket) { |
| System.out.println(); |
| System.out.println("--- SSL Socket Info ---"); |
| System.out.print(" SupportedProtocols : "); |
| printStringArray(socket.getSupportedProtocols()); |
| System.out.println(" EnabledProtocols : " |
| + socket.getEnabledProtocols()[0]); |
| System.out.print(" SupportedCipherSuites : "); |
| String[] supportedCipherSuites = socket.getEnabledCipherSuites(); |
| Arrays.sort(supportedCipherSuites); |
| printStringArray(supportedCipherSuites); |
| System.out.println(" EnabledCipherSuites : " |
| + socket.getEnabledCipherSuites()[0]); |
| System.out.println(" NeedClientAuth : " |
| + socket.getNeedClientAuth()); |
| System.out.println(" WantClientAuth : " |
| + socket.getWantClientAuth()); |
| System.out.println("-----------------------"); |
| } |
| |
| private static KeyStore createServerKeyStore(String publicKey, |
| String keySpecStr) throws KeyStoreException, IOException, |
| NoSuchAlgorithmException, CertificateException, |
| InvalidKeySpecException { |
| |
| KeyStore ks = KeyStore.getInstance("JKS"); |
| ks.load(null, null); |
| if (publicKey == null || keySpecStr == null) { |
| throw new IllegalArgumentException("publicKey or " |
| + "keySpecStr cannot be null"); |
| } |
| String strippedPrivateKey = keySpecStr.substring( |
| keySpecStr.indexOf("\n"), keySpecStr.lastIndexOf("\n")); |
| |
| // generate the private key. |
| PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( |
| Base64.getMimeDecoder().decode(strippedPrivateKey)); |
| KeyFactory kf = KeyFactory.getInstance("RSA"); |
| RSAPrivateKey priKey |
| = (RSAPrivateKey) kf.generatePrivate(priKeySpec); |
| |
| // generate certificate chain |
| try (InputStream is = new ByteArrayInputStream(publicKey.getBytes())) { |
| // generate certificate from cert string |
| CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
| Certificate keyCert = cf.generateCertificate(is); |
| Certificate[] chain = {keyCert}; |
| ks.setKeyEntry("TestEntry", priKey, PASSWORD, chain); |
| } |
| |
| return ks; |
| } |
| |
| public static Server mainServer(PeerFactory peerFactory, |
| String expectedException) throws Exception { |
| |
| setTestedArguments(peerFactory.getTestedProtocol(), |
| peerFactory.getTestedCipher()); |
| |
| System.out.print( |
| " Initializing test '" + peerFactory.getName() + "'..."); |
| secureRandom.nextInt(); |
| |
| CipherTestUtils cipherTest = CipherTestUtils.getInstance(); |
| Server srv = peerFactory.newServer(cipherTest, PeerFactory.FREE_PORT); |
| Thread serverThread = new Thread(srv, "Server"); |
| serverThread.start(); |
| |
| return srv; |
| } |
| |
| public static void mainClient(PeerFactory peerFactory, int port, |
| String expectedException) throws Exception { |
| |
| long time = System.currentTimeMillis(); |
| setTestedArguments(peerFactory.getTestedProtocol(), |
| peerFactory.getTestedCipher()); |
| |
| System.out.print( |
| " Initializing test '" + peerFactory.getName() + "'..."); |
| secureRandom.nextInt(); |
| |
| CipherTestUtils cipherTest = CipherTestUtils.getInstance(); |
| peerFactory.newClient(cipherTest, port).run(); |
| cipherTest.checkResult(expectedException); |
| |
| time = System.currentTimeMillis() - time; |
| System.out.println("Elapsed time " + time); |
| } |
| |
| public static abstract class PeerFactory { |
| |
| public static final int FREE_PORT = 0; |
| |
| abstract String getName(); |
| |
| abstract String getTestedProtocol(); |
| |
| abstract String getTestedCipher(); |
| |
| abstract Client newClient(CipherTestUtils cipherTest, int testPort) |
| throws Exception; |
| |
| abstract Server newServer(CipherTestUtils cipherTest, int testPort) |
| throws Exception; |
| |
| boolean isSupported(String cipherSuite) { |
| return true; |
| } |
| } |
| } |
| |
| class AlwaysTrustManager implements X509TrustManager { |
| |
| X509TrustManager trustManager; |
| |
| public AlwaysTrustManager(KeyStore keyStore) |
| throws NoSuchAlgorithmException, KeyStoreException { |
| |
| TrustManagerFactory tmf |
| = TrustManagerFactory.getInstance(TrustManagerFactory. |
| getDefaultAlgorithm()); |
| tmf.init(keyStore); |
| |
| TrustManager tms[] = tmf.getTrustManagers(); |
| for (TrustManager tm : tms) { |
| trustManager = (X509TrustManager) tm; |
| return; |
| } |
| |
| } |
| |
| @Override |
| public void checkClientTrusted(X509Certificate[] chain, String authType) |
| throws CertificateException { |
| try { |
| trustManager.checkClientTrusted(chain, authType); |
| } catch (CertificateException excep) { |
| System.out.println("ERROR in client trust manager: " + excep); |
| } |
| } |
| |
| @Override |
| public void checkServerTrusted(X509Certificate[] chain, String authType) |
| throws CertificateException { |
| try { |
| trustManager.checkServerTrusted(chain, authType); |
| } catch (CertificateException excep) { |
| System.out.println("ERROR in server trust manager: " + excep); |
| } |
| } |
| |
| @Override |
| public X509Certificate[] getAcceptedIssuers() { |
| return trustManager.getAcceptedIssuers(); |
| } |
| } |
| |
| class MyX509KeyManager extends X509ExtendedKeyManager { |
| |
| private final X509ExtendedKeyManager keyManager; |
| private String authType; |
| |
| MyX509KeyManager(X509ExtendedKeyManager keyManager) { |
| this.keyManager = keyManager; |
| } |
| |
| void setAuthType(String authType) { |
| this.authType = "ECDSA".equals(authType) ? "EC" : authType; |
| } |
| |
| @Override |
| public String[] getClientAliases(String keyType, Principal[] issuers) { |
| if (authType == null) { |
| return null; |
| } |
| return keyManager.getClientAliases(authType, issuers); |
| } |
| |
| @Override |
| public String chooseClientAlias(String[] keyType, Principal[] issuers, |
| Socket socket) { |
| if (authType == null) { |
| return null; |
| } |
| return keyManager.chooseClientAlias(new String[]{authType}, |
| issuers, socket); |
| } |
| |
| @Override |
| public String chooseEngineClientAlias(String[] keyType, |
| Principal[] issuers, SSLEngine engine) { |
| if (authType == null) { |
| return null; |
| } |
| return keyManager.chooseEngineClientAlias(new String[]{authType}, |
| issuers, engine); |
| } |
| |
| @Override |
| public String[] getServerAliases(String keyType, Principal[] issuers) { |
| throw new UnsupportedOperationException("Servers not supported"); |
| } |
| |
| @Override |
| public String chooseServerAlias(String keyType, Principal[] issuers, |
| Socket socket) { |
| throw new UnsupportedOperationException("Servers not supported"); |
| } |
| |
| @Override |
| public String chooseEngineServerAlias(String keyType, Principal[] issuers, |
| SSLEngine engine) { |
| throw new UnsupportedOperationException("Servers not supported"); |
| } |
| |
| @Override |
| public X509Certificate[] getCertificateChain(String alias) { |
| return keyManager.getCertificateChain(alias); |
| } |
| |
| @Override |
| public PrivateKey getPrivateKey(String alias) { |
| return keyManager.getPrivateKey(alias); |
| } |
| } |