jdk-sandbox: jdk/test/javax/net/ssl/Stapling/HttpsUrlConnClient.java@22badc53802f (annotated)

32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	2	* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	4	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	7	* published by the Free Software Foundation.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	8	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	13	* accompanied this code).
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	14	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	18	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	21	* questions.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	22	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	23
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	24	// SunJSSE does not support dynamic system properties, no way to re-use
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	25	// system properties in samevm/agentvm mode.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	26
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	27	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	28	* @test
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	29	* @bug 8046321
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	30	* @summary OCSP Stapling for TLS
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	31	* @library ../../../../java/security/testlibrary
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	32	* @build CertificateBuilder SimpleOCSPServer
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	33	* @run main/othervm HttpsUrlConnClient
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	34	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	35
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	36	import java.io.*;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	37	import java.math.BigInteger;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	38	import java.security.KeyPair;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	39	import java.security.KeyPairGenerator;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	40	import java.net.Socket;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	41	import java.net.URL;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	42	import java.net.HttpURLConnection;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	43	import java.net.InetAddress;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	44	import javax.net.ssl.*;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	45	import java.security.KeyStore;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	46	import java.security.PublicKey;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	47	import java.security.Security;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	48	import java.security.GeneralSecurityException;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	49	import java.security.cert.CertPathValidatorException;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	50	import java.security.cert.CertPathValidatorException.BasicReason;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	51	import java.security.cert.Certificate;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	52	import java.security.cert.PKIXBuilderParameters;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	53	import java.security.cert.X509CertSelector;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	54	import java.security.cert.X509Certificate;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	55	import java.security.cert.PKIXRevocationChecker;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	56	import java.security.spec.PKCS8EncodedKeySpec;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	57	import java.text.SimpleDateFormat;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	58	import java.util.*;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	59	import java.util.concurrent.TimeUnit;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	60
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	61	import sun.security.testlibrary.SimpleOCSPServer;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	62	import sun.security.testlibrary.CertificateBuilder;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	63	import sun.security.validator.ValidatorException;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	64
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	65	public class HttpsUrlConnClient {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	66
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	67	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	68	* =============================================================
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	69	* Set the various variables needed for the tests, then
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	70	* specify what tests to run on each side.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	71	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	72
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	73	static final byte[] LINESEP = { 10 };
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	74	static final Base64.Encoder B64E = Base64.getMimeEncoder(64, LINESEP);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	75
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	76	// Turn on TLS debugging
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	77	static boolean debug = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	78
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	79	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	80	* Should we run the client or server in a separate thread?
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	81	* Both sides can throw exceptions, but do you have a preference
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	82	* as to which side should be the main thread.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	83	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	84	static boolean separateServerThread = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	85	Thread clientThread = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	86	Thread serverThread = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	87
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	88	static String passwd = "passphrase";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	89	static String ROOT_ALIAS = "root";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	90	static String INT_ALIAS = "intermediate";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	91	static String SSL_ALIAS = "ssl";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	92
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	93	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	94	* Is the server ready to serve?
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	95	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	96	volatile static boolean serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	97	volatile int serverPort = 0;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	98
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	99	volatile Exception serverException = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	100	volatile Exception clientException = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	101
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	102	// PKI components we will need for this test
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	103	static KeyStore rootKeystore; // Root CA Keystore
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	104	static KeyStore intKeystore; // Intermediate CA Keystore
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	105	static KeyStore serverKeystore; // SSL Server Keystore
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	106	static KeyStore trustStore; // SSL Client trust store
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	107	static SimpleOCSPServer rootOcsp; // Root CA OCSP Responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	108	static int rootOcspPort; // Port number for root OCSP
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	109	static SimpleOCSPServer intOcsp; // Intermediate CA OCSP Responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	110	static int intOcspPort; // Port number for intermed. OCSP
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	111
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	112	private static final String SIMPLE_WEB_PAGE = "<HTML>\n" +
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	113	"<HEAD><Title>Web Page!</Title></HEAD>\n" +
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	114	"<BODY><H1>Web Page!</H1></BODY>\n</HTML>";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	115	private static final SimpleDateFormat utcDateFmt =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	116	new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss z");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	117	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	118	* If the client or server is doing some kind of object creation
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	119	* that the other side depends on, and that thread prematurely
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	120	* exits, you may experience a hang. The test harness will
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	121	* terminate all hung threads after its timeout has expired,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	122	* currently 3 minutes by default, but you might try to be
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	123	* smart about it....
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	124	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	125	public static void main(String[] args) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	126	if (debug) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	127	System.setProperty("javax.net.debug", "ssl");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	128	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	129
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	130	System.setProperty("javax.net.ssl.keyStore", "");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	131	System.setProperty("javax.net.ssl.keyStorePassword", "");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	132	System.setProperty("javax.net.ssl.trustStore", "");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	133	System.setProperty("javax.net.ssl.trustStorePassword", "");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	134
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	135	// Create the PKI we will use for the test and start the OCSP servers
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	136	createPKI();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	137	utcDateFmt.setTimeZone(TimeZone.getTimeZone("GMT"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	138
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	139	testPKIXParametersRevEnabled();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	140
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	141	// shut down the OCSP responders before finishing the test
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	142	intOcsp.stop();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	143	rootOcsp.stop();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	144	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	145
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	146	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	147	* Do a basic connection using PKIXParameters with revocation checking
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	148	* enabled and client-side OCSP disabled. It will only pass if all
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	149	* stapled responses are present, valid and have a GOOD status.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	150	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	151	static void testPKIXParametersRevEnabled() throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	152	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	153	ServerParameters servParams = new ServerParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	154	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	155
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	156	System.out.println("=====================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	157	System.out.println("Stapling enabled, PKIXParameters with");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	158	System.out.println("Revocation checking enabled ");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	159	System.out.println("=====================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	160
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	161	// Set the certificate entry in the intermediate OCSP responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	162	// with a revocation date of 8 hours ago.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	163	X509Certificate sslCert =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	164	(X509Certificate)serverKeystore.getCertificate(SSL_ALIAS);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	165	Map<BigInteger, SimpleOCSPServer.CertStatusInfo> revInfo =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	166	new HashMap<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	167	revInfo.put(sslCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	168	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	169	SimpleOCSPServer.CertStatus.CERT_STATUS_REVOKED,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	170	new Date(System.currentTimeMillis() -
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	171	TimeUnit.HOURS.toMillis(8))));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	172	intOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	173
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	174	// Set up revocation checking on the client with no client-side
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	175	// OCSP fall-back
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	176	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	177	new X509CertSelector());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	178	cliParams.pkixParams.setRevocationEnabled(true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	179	Security.setProperty("ocsp.enable", "false");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	180
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	181	HttpsUrlConnClient sslTest = new HttpsUrlConnClient(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	182	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	183	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	184	if (!checkClientValidationFailure(tr.clientExc, BasicReason.REVOKED)) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	185	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	186	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	187	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	188	throw new RuntimeException(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	189	"Expected client failure, but the client succeeded");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	190	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	191	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	192
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	193	// In this case the server should also have thrown an exception
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	194	// because of the client alert
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	195	if (tr.serverExc instanceof SSLHandshakeException) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	196	if (!tr.serverExc.getMessage().contains(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	197	"alert: bad_certificate_status_response")) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	198	throw tr.serverExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	199	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	200	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	201
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	202	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	203	System.out.println("=====================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	204	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	205
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	206	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	207	* Define the server side of the test.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	208	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	209	* If the server prematurely exits, serverReady will be set to true
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	210	* to avoid infinite hangs.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	211	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	212	void doServerSide(ServerParameters servParams) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	213
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	214	// Selectively enable or disable the feature
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	215	System.setProperty("jdk.tls.server.enableStatusRequestExtension",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	216	Boolean.toString(servParams.enabled));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	217
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	218	// Set all the other operating parameters
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	219	System.setProperty("jdk.tls.stapling.cacheSize",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	220	Integer.toString(servParams.cacheSize));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	221	System.setProperty("jdk.tls.stapling.cacheLifetime",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	222	Integer.toString(servParams.cacheLifetime));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	223	System.setProperty("jdk.tls.stapling.responseTimeout",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	224	Integer.toString(servParams.respTimeout));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	225	System.setProperty("jdk.tls.stapling.responderURI", servParams.respUri);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	226	System.setProperty("jdk.tls.stapling.responderOverride",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	227	Boolean.toString(servParams.respOverride));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	228	System.setProperty("jdk.tls.stapling.ignoreExtensions",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	229	Boolean.toString(servParams.ignoreExts));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	230
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	231	// Set keystores and trust stores for the server
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	232	KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	233	kmf.init(serverKeystore, passwd.toCharArray());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	234	TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	235	tmf.init(trustStore);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	236
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	237	SSLContext sslc = SSLContext.getInstance("TLS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	238	sslc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	239
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	240	SSLServerSocketFactory sslssf = sslc.getServerSocketFactory();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	241	SSLServerSocket sslServerSocket =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	242	(SSLServerSocket) sslssf.createServerSocket(serverPort);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	243
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	244	serverPort = sslServerSocket.getLocalPort();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	245	log("Server Port is " + serverPort);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	246
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	247	// Dump the private key in PKCS8 format, not encrypted. This
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	248	// key dump can be used if the traffic was captured using tcpdump
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	249	// or wireshark to look into the encrypted packets for debug purposes.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	250	if (debug) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	251	byte[] keybytes = serverKeystore.getKey(SSL_ALIAS,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	252	passwd.toCharArray()).getEncoded();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	253	PKCS8EncodedKeySpec p8spec = new PKCS8EncodedKeySpec(keybytes);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	254	StringBuilder keyPem = new StringBuilder();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	255	keyPem.append("-----BEGIN PRIVATE KEY-----\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	256	keyPem.append(B64E.encodeToString(p8spec.getEncoded())).append("\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	257	keyPem.append("-----END PRIVATE KEY-----\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	258	log("Private key is:\n" + keyPem.toString());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	259	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	260
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	261	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	262	* Signal Client, we're ready for his connect.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	263	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	264	serverReady = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	265
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	266	try (SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	267	BufferedReader in = new BufferedReader(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	268	new InputStreamReader(sslSocket.getInputStream()));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	269	OutputStream out = sslSocket.getOutputStream()) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	270	StringBuilder hdrBldr = new StringBuilder();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	271	String line;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	272	while ((line = in.readLine()) != null && !line.isEmpty()) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	273	hdrBldr.append(line).append("\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	274	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	275	String headerText = hdrBldr.toString();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	276	log("Header Received: " + headerText.length() + " bytes\n" +
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	277	headerText);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	278
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	279	StringBuilder sb = new StringBuilder();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	280	sb.append("HTTP/1.0 200 OK\r\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	281	sb.append("Date: ").append(utcDateFmt.format(new Date())).
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	282	append("\r\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	283	sb.append("Content-Type: text/html\r\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	284	sb.append("Content-Length: ").append(SIMPLE_WEB_PAGE.length());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	285	sb.append("\r\n\r\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	286	out.write(sb.toString().getBytes("UTF-8"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	287	out.write(SIMPLE_WEB_PAGE.getBytes("UTF-8"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	288	out.flush();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	289	log("Server replied with:\n" + sb.toString() + SIMPLE_WEB_PAGE);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	290	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	291	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	292
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	293	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	294	* Define the client side of the test.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	295	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	296	* If the server prematurely exits, serverReady will be set to true
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	297	* to avoid infinite hangs.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	298	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	299	void doClientSide(ClientParameters cliParams) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	300
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	301	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	302	* Wait for server to get started.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	303	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	304	while (!serverReady) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	305	Thread.sleep(50);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	306	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	307
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	308	// Selectively enable or disable the feature
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	309	System.setProperty("jdk.tls.client.enableStatusRequestExtension",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	310	Boolean.toString(cliParams.enabled));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	311
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	312	HtucSSLSocketFactory sockFac = new HtucSSLSocketFactory(cliParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	313	HttpsURLConnection.setDefaultSSLSocketFactory(sockFac);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	314	URL location = new URL("https://localhost:" + serverPort);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	315	HttpsURLConnection tlsConn =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	316	(HttpsURLConnection)location.openConnection();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	317	tlsConn.setConnectTimeout(5000);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	318	tlsConn.setReadTimeout(5000);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	319	tlsConn.setDoInput(true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	320
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	321	try (InputStream in = tlsConn.getInputStream()) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	322	// Check the response
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	323	if (debug && tlsConn.getResponseCode() !=
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	324	HttpURLConnection.HTTP_OK) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	325	log("Received HTTP error: " + tlsConn.getResponseCode() +
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	326	" - " + tlsConn.getResponseMessage());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	327	throw new IOException("HTTP error: " +
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	328	tlsConn.getResponseCode());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	329	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	330
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	331	int contentLength = tlsConn.getContentLength();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	332	if (contentLength == -1) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	333	contentLength = Integer.MAX_VALUE;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	334	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	335	byte[] response = new byte[contentLength > 2048 ? 2048 : contentLength];
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	336	int total = 0;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	337	while (total < contentLength) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	338	int count = in.read(response, total, response.length - total);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	339	if (count < 0)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	340	break;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	341
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	342	total += count;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	343	log("Read " + count + " bytes (" + total + " total)");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	344	if (total >= response.length && total < contentLength) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	345	response = Arrays.copyOf(response, total * 2);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	346	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	347	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	348	response = Arrays.copyOf(response, total);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	349	String webPage = new String(response, 0, total);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	350	if (debug) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	351	log("Web page:\n" + webPage);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	352	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	353	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	354	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	355
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	356	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	357	* Primary constructor, used to drive remainder of the test.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	358	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	359	* Fork off the other side, then do your work.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	360	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	361	HttpsUrlConnClient(ClientParameters cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	362	ServerParameters servParams) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	363	Exception startException = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	364	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	365	if (separateServerThread) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	366	startServer(servParams, true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	367	startClient(cliParams, false);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	368	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	369	startClient(cliParams, true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	370	startServer(servParams, false);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	371	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	372	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	373	startException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	374	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	375
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	376	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	377	* Wait for other side to close down.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	378	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	379	if (separateServerThread) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	380	if (serverThread != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	381	serverThread.join();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	382	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	383	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	384	if (clientThread != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	385	clientThread.join();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	386	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	387	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	388	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	389
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	390	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	391	* Checks a validation failure to see if it failed for the reason we think
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	392	* it should. This comes in as an SSLException of some sort, but it
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	393	* encapsulates a ValidatorException which in turn encapsulates the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	394	* CertPathValidatorException we are interested in.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	395	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	396	* @param e the exception thrown at the top level
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	397	* @param reason the underlying CertPathValidatorException BasicReason
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	398	* we are expecting it to have.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	399	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	400	* @return true if the reason matches up, false otherwise.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	401	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	402	static boolean checkClientValidationFailure(Exception e,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	403	BasicReason reason) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	404	boolean result = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	405
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	406	if (e instanceof SSLException) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	407	Throwable valExc = e.getCause();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	408	if (valExc instanceof sun.security.validator.ValidatorException) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	409	Throwable cause = valExc.getCause();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	410	if (cause instanceof CertPathValidatorException) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	411	CertPathValidatorException cpve =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	412	(CertPathValidatorException)cause;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	413	if (cpve.getReason() == reason) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	414	result = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	415	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	416	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	417	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	418	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	419	return result;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	420	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	421
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	422	TestResult getResult() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	423	TestResult tr = new TestResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	424	tr.clientExc = clientException;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	425	tr.serverExc = serverException;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	426	return tr;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	427	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	428
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	429	final void startServer(ServerParameters servParams, boolean newThread)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	430	throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	431	if (newThread) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	432	serverThread = new Thread() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	433	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	434	public void run() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	435	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	436	doServerSide(servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	437	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	438	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	439	* Our server thread just died.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	440	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	441	* Release the client, if not active already...
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	442	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	443	System.err.println("Server died...");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	444	serverReady = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	445	serverException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	446	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	447	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	448	};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	449	serverThread.start();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	450	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	451	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	452	doServerSide(servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	453	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	454	serverException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	455	} finally {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	456	serverReady = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	457	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	458	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	459	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	460
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	461	final void startClient(ClientParameters cliParams, boolean newThread)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	462	throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	463	if (newThread) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	464	clientThread = new Thread() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	465	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	466	public void run() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	467	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	468	doClientSide(cliParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	469	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	470	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	471	* Our client thread just died.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	472	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	473	System.err.println("Client died...");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	474	clientException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	475	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	476	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	477	};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	478	clientThread.start();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	479	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	480	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	481	doClientSide(cliParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	482	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	483	clientException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	484	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	485	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	486	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	487
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	488	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	489	* Creates the PKI components necessary for this test, including
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	490	* Root CA, Intermediate CA and SSL server certificates, the keystores
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	491	* for each entity, a client trust store, and starts the OCSP responders.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	492	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	493	private static void createPKI() throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	494	CertificateBuilder cbld = new CertificateBuilder();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	495	KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	496	keyGen.initialize(2048);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	497	KeyStore.Builder keyStoreBuilder =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	498	KeyStore.Builder.newInstance("PKCS12", null,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	499	new KeyStore.PasswordProtection(passwd.toCharArray()));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	500
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	501	// Generate Root, IntCA, EE keys
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	502	KeyPair rootCaKP = keyGen.genKeyPair();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	503	log("Generated Root CA KeyPair");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	504	KeyPair intCaKP = keyGen.genKeyPair();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	505	log("Generated Intermediate CA KeyPair");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	506	KeyPair sslKP = keyGen.genKeyPair();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	507	log("Generated SSL Cert KeyPair");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	508
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	509	// Set up the Root CA Cert
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	510	cbld.setSubjectName("CN=Root CA Cert, O=SomeCompany");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	511	cbld.setPublicKey(rootCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	512	cbld.setSerialNumber(new BigInteger("1"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	513	// Make a 3 year validity starting from 60 days ago
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	514	long start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(60);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	515	long end = start + TimeUnit.DAYS.toMillis(1085);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	516	cbld.setValidity(new Date(start), new Date(end));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	517	addCommonExts(cbld, rootCaKP.getPublic(), rootCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	518	addCommonCAExts(cbld);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	519	// Make our Root CA Cert!
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	520	X509Certificate rootCert = cbld.build(null, rootCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	521	"SHA256withRSA");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	522	log("Root CA Created:\n" + certInfo(rootCert));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	523
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	524	// Now build a keystore and add the keys and cert
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	525	rootKeystore = keyStoreBuilder.getKeyStore();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	526	Certificate[] rootChain = {rootCert};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	527	rootKeystore.setKeyEntry(ROOT_ALIAS, rootCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	528	passwd.toCharArray(), rootChain);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	529
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	530	// Now fire up the OCSP responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	531	rootOcsp = new SimpleOCSPServer(rootKeystore, passwd, ROOT_ALIAS, null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	532	rootOcsp.enableLog(debug);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	533	rootOcsp.setNextUpdateInterval(3600);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	534	rootOcsp.start();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	535	Thread.sleep(1000); // Give the server a second to start up
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	536	rootOcspPort = rootOcsp.getPort();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	537	String rootRespURI = "http://localhost:" + rootOcspPort;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	538	log("Root OCSP Responder URI is " + rootRespURI);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	539
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	540	// Now that we have the root keystore and OCSP responder we can
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	541	// create our intermediate CA.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	542	cbld.reset();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	543	cbld.setSubjectName("CN=Intermediate CA Cert, O=SomeCompany");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	544	cbld.setPublicKey(intCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	545	cbld.setSerialNumber(new BigInteger("100"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	546	// Make a 2 year validity starting from 30 days ago
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	547	start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(30);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	548	end = start + TimeUnit.DAYS.toMillis(730);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	549	cbld.setValidity(new Date(start), new Date(end));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	550	addCommonExts(cbld, intCaKP.getPublic(), rootCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	551	addCommonCAExts(cbld);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	552	cbld.addAIAExt(Collections.singletonList(rootRespURI));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	553	// Make our Intermediate CA Cert!
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	554	X509Certificate intCaCert = cbld.build(rootCert, rootCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	555	"SHA256withRSA");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	556	log("Intermediate CA Created:\n" + certInfo(intCaCert));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	557
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	558	// Provide intermediate CA cert revocation info to the Root CA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	559	// OCSP responder.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	560	Map<BigInteger, SimpleOCSPServer.CertStatusInfo> revInfo =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	561	new HashMap<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	562	revInfo.put(intCaCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	563	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	564	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	565	rootOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	566
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	567	// Now build a keystore and add the keys, chain and root cert as a TA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	568	intKeystore = keyStoreBuilder.getKeyStore();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	569	Certificate[] intChain = {intCaCert, rootCert};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	570	intKeystore.setKeyEntry(INT_ALIAS, intCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	571	passwd.toCharArray(), intChain);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	572	intKeystore.setCertificateEntry(ROOT_ALIAS, rootCert);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	573
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	574	// Now fire up the Intermediate CA OCSP responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	575	intOcsp = new SimpleOCSPServer(intKeystore, passwd,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	576	INT_ALIAS, null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	577	intOcsp.enableLog(debug);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	578	intOcsp.setNextUpdateInterval(3600);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	579	intOcsp.start();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	580	Thread.sleep(1000);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	581	intOcspPort = intOcsp.getPort();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	582	String intCaRespURI = "http://localhost:" + intOcspPort;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	583	log("Intermediate CA OCSP Responder URI is " + intCaRespURI);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	584
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	585	// Last but not least, let's make our SSLCert and add it to its own
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	586	// Keystore
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	587	cbld.reset();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	588	cbld.setSubjectName("CN=SSLCertificate, O=SomeCompany");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	589	cbld.setPublicKey(sslKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	590	cbld.setSerialNumber(new BigInteger("4096"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	591	// Make a 1 year validity starting from 7 days ago
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	592	start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(7);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	593	end = start + TimeUnit.DAYS.toMillis(365);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	594	cbld.setValidity(new Date(start), new Date(end));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	595
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	596	// Add extensions
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	597	addCommonExts(cbld, sslKP.getPublic(), intCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	598	boolean[] kuBits = {true, false, true, false, false, false,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	599	false, false, false};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	600	cbld.addKeyUsageExt(kuBits);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	601	List<String> ekuOids = new ArrayList<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	602	ekuOids.add("1.3.6.1.5.5.7.3.1");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	603	ekuOids.add("1.3.6.1.5.5.7.3.2");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	604	cbld.addExtendedKeyUsageExt(ekuOids);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	605	cbld.addSubjectAltNameDNSExt(Collections.singletonList("localhost"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	606	cbld.addAIAExt(Collections.singletonList(intCaRespURI));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	607	// Make our SSL Server Cert!
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	608	X509Certificate sslCert = cbld.build(intCaCert, intCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	609	"SHA256withRSA");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	610	log("SSL Certificate Created:\n" + certInfo(sslCert));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	611
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	612	// Provide SSL server cert revocation info to the Intermeidate CA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	613	// OCSP responder.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	614	revInfo = new HashMap<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	615	revInfo.put(sslCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	616	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	617	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	618	intOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	619
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	620	// Now build a keystore and add the keys, chain and root cert as a TA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	621	serverKeystore = keyStoreBuilder.getKeyStore();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	622	Certificate[] sslChain = {sslCert, intCaCert, rootCert};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	623	serverKeystore.setKeyEntry(SSL_ALIAS, sslKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	624	passwd.toCharArray(), sslChain);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	625	serverKeystore.setCertificateEntry(ROOT_ALIAS, rootCert);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	626
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	627	// And finally a Trust Store for the client
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	628	trustStore = keyStoreBuilder.getKeyStore();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	629	trustStore.setCertificateEntry(ROOT_ALIAS, rootCert);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	630	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	631
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	632	private static void addCommonExts(CertificateBuilder cbld,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	633	PublicKey subjKey, PublicKey authKey) throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	634	cbld.addSubjectKeyIdExt(subjKey);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	635	cbld.addAuthorityKeyIdExt(authKey);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	636	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	637
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	638	private static void addCommonCAExts(CertificateBuilder cbld)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	639	throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	640	cbld.addBasicConstraintsExt(true, true, -1);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	641	// Set key usage bits for digitalSignature, keyCertSign and cRLSign
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	642	boolean[] kuBitSettings = {true, false, false, false, false, true,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	643	true, false, false};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	644	cbld.addKeyUsageExt(kuBitSettings);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	645	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	646
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	647	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	648	* Helper routine that dumps only a few cert fields rather than
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	649	* the whole toString() output.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	650	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	651	* @param cert an X509Certificate to be displayed
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	652	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	653	* @return the String output of the issuer, subject and
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	654	* serial number
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	655	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	656	private static String certInfo(X509Certificate cert) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	657	StringBuilder sb = new StringBuilder();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	658	sb.append("Issuer: ").append(cert.getIssuerX500Principal()).
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	659	append("\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	660	sb.append("Subject: ").append(cert.getSubjectX500Principal()).
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	661	append("\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	662	sb.append("Serial: ").append(cert.getSerialNumber()).append("\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	663	return sb.toString();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	664	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	665
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	666	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	667	* Log a message on stdout
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	668	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	669	* @param message The message to log
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	670	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	671	private static void log(String message) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	672	if (debug) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	673	System.out.println(message);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	674	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	675	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	676
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	677	// The following two classes are Simple nested class to group a handful
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	678	// of configuration parameters used before starting a client or server.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	679	// We'll just access the data members directly for convenience.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	680	static class ClientParameters {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	681	boolean enabled = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	682	PKIXBuilderParameters pkixParams = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	683	PKIXRevocationChecker revChecker = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	684
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	685	ClientParameters() { }
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	686	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	687
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	688	static class ServerParameters {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	689	boolean enabled = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	690	int cacheSize = 256;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	691	int cacheLifetime = 3600;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	692	int respTimeout = 5000;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	693	String respUri = "";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	694	boolean respOverride = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	695	boolean ignoreExts = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	696
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	697	ServerParameters() { }
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	698	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	699
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	700	static class TestResult {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	701	Exception serverExc = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	702	Exception clientExc = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	703	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	704
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	705	static class HtucSSLSocketFactory extends SSLSocketFactory {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	706	SSLContext sslc = SSLContext.getInstance("TLS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	707
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	708	HtucSSLSocketFactory(ClientParameters cliParams)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	709	throws GeneralSecurityException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	710	super();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	711
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	712	// Create the Trust Manager Factory using the PKIX variant
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	713	TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	714
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	715	// If we have a customized pkixParameters then use it
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	716	if (cliParams.pkixParams != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	717	// LIf we have a customized PKIXRevocationChecker, add
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	718	// it to the PKIXBuilderParameters.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	719	if (cliParams.revChecker != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	720	cliParams.pkixParams.addCertPathChecker(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	721	cliParams.revChecker);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	722	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	723
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	724	ManagerFactoryParameters trustParams =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	725	new CertPathTrustManagerParameters(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	726	cliParams.pkixParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	727	tmf.init(trustParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	728	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	729	tmf.init(trustStore);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	730	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	731
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	732	sslc.init(null, tmf.getTrustManagers(), null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	733	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	734
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	735	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	736	public Socket createSocket(Socket s, String host, int port,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	737	boolean autoClose) throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	738	Socket sock = sslc.getSocketFactory().createSocket(s, host, port,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	739	autoClose);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	740	setCiphers(sock);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	741	return sock;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	742	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	743
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	744	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	745	public Socket createSocket(InetAddress host, int port)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	746	throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	747	Socket sock = sslc.getSocketFactory().createSocket(host, port);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	748	setCiphers(sock);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	749	return sock;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	750	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	751
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	752	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	753	public Socket createSocket(InetAddress host, int port,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	754	InetAddress localAddress, int localPort) throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	755	Socket sock = sslc.getSocketFactory().createSocket(host, port,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	756	localAddress, localPort);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	757	setCiphers(sock);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	758	return sock;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	759	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	760
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	761	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	762	public Socket createSocket(String host, int port)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	763	throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	764	Socket sock = sslc.getSocketFactory().createSocket(host, port);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	765	setCiphers(sock);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	766	return sock;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	767	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	768
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	769	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	770	public Socket createSocket(String host, int port,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	771	InetAddress localAddress, int localPort)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	772	throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	773	Socket sock = sslc.getSocketFactory().createSocket(host, port,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	774	localAddress, localPort);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	775	setCiphers(sock);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	776	return sock;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	777	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	778
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	779	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	780	public String[] getDefaultCipherSuites() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	781	return sslc.getDefaultSSLParameters().getCipherSuites();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	782	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	783
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	784	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	785	public String[] getSupportedCipherSuites() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	786	return sslc.getSupportedSSLParameters().getCipherSuites();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	787	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	788
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	789	private static void setCiphers(Socket sock) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	790	if (sock instanceof SSLSocket) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	791	String[] ciphers = { "TLS_RSA_WITH_AES_128_CBC_SHA" };
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	792	((SSLSocket)sock).setEnabledCipherSuites(ciphers);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	793	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	794	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	795	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	796
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	797	}

author	jnimeh
	Wed, 05 Aug 2015 12:19:38 -0700
changeset 32032	22badc53802f
child 37309	8f530b9d18f4
permissions	-rw-r--r--