jdk/test/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
author xuelei
Wed, 05 Mar 2014 07:24:34 +0000
changeset 23052 241885315119
parent 22268 jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java@d72c97c708ae
child 35298 9f93cbce8c44
permissions -rw-r--r--
8032473: Restructure JSSE regression test hierarchy in jdk test Reviewed-by: weijun
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
     1
/*
22268
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property
xuelei
parents: 14342
diff changeset
     2
 * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
     3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
     4
 *
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
     5
 * This code is free software; you can redistribute it and/or modify it
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
     6
 * under the terms of the GNU General Public License version 2 only, as
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
     7
 * published by the Free Software Foundation.  Oracle designates this
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
     8
 * particular file as subject to the "Classpath" exception as provided
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
     9
 * by Oracle in the LICENSE file that accompanied this code.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    10
 *
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    11
 * This code is distributed in the hope that it will be useful, but WITHOUT
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    14
 * version 2 for more details (a copy is included in the LICENSE file that
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    15
 * accompanied this code).
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    16
 *
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    17
 * You should have received a copy of the GNU General Public License version
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    18
 * 2 along with this work; if not, write to the Free Software Foundation,
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    20
 *
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    22
 * or visit www.oracle.com if you need additional information or have any
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    23
 * questions.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    24
 */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    25
22268
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property
xuelei
parents: 14342
diff changeset
    26
//
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property
xuelei
parents: 14342
diff changeset
    27
// SunJSSE does not support dynamic system properties, no way to re-use
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property
xuelei
parents: 14342
diff changeset
    28
// system properties in samevm/agentvm mode.
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property
xuelei
parents: 14342
diff changeset
    29
//
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property
xuelei
parents: 14342
diff changeset
    30
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    31
/*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    32
 * @test
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    33
 * @bug 4873188
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    34
 * @summary Support TLS 1.1
10328
06c93c42bca0 7055363: jdk_security3 test target cleanup
weijun
parents: 7039
diff changeset
    35
 * @run main/othervm EmptyCertificateAuthorities
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    36
 * @author Xuelei Fan
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    37
 */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    38
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    39
import java.io.*;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    40
import java.net.*;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    41
import java.security.*;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    42
import java.security.cert.*;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    43
import javax.net.ssl.*;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    44
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    45
public class EmptyCertificateAuthorities {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    46
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    47
    /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    48
     * =============================================================
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    49
     * Set the various variables needed for the tests, then
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    50
     * specify what tests to run on each side.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    51
     */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    52
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    53
    /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    54
     * Should we run the client or server in a separate thread?
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    55
     * Both sides can throw exceptions, but do you have a preference
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    56
     * as to which side should be the main thread.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    57
     */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    58
    static boolean separateServerThread = false;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    59
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    60
    /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    61
     * Where do we find the keystores?
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    62
     */
23052
241885315119 8032473: Restructure JSSE regression test hierarchy in jdk test
xuelei
parents: 22268
diff changeset
    63
    static String pathToStores = "../etc";
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    64
    static String keyStoreFile = "keystore";
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    65
    static String trustStoreFile = "truststore";
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    66
    static String passwd = "passphrase";
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    67
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    68
    /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    69
     * Is the server ready to serve?
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    70
     */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    71
    volatile static boolean serverReady = false;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    72
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    73
    /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    74
     * Turn on SSL debugging?
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    75
     */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    76
    static boolean debug = false;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    77
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    78
    /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    79
     * If the client or server is doing some kind of object creation
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    80
     * that the other side depends on, and that thread prematurely
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    81
     * exits, you may experience a hang.  The test harness will
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    82
     * terminate all hung threads after its timeout has expired,
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    83
     * currently 3 minutes by default, but you might try to be
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    84
     * smart about it....
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    85
     */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    86
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    87
    /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    88
     * Define the server side of the test.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    89
     *
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    90
     * If the server prematurely exits, serverReady will be set to true
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    91
     * to avoid infinite hangs.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    92
     */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    93
    void doServerSide() throws Exception {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    94
        SSLServerSocketFactory sslssf = getSSLServerSF();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    95
        SSLServerSocket sslServerSocket =
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    96
            (SSLServerSocket) sslssf.createServerSocket(serverPort);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    97
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    98
        // require client authentication.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
    99
        sslServerSocket.setNeedClientAuth(true);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   100
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   101
        serverPort = sslServerSocket.getLocalPort();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   102
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   103
        /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   104
         * Signal Client, we're ready for his connect.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   105
         */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   106
        serverReady = true;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   107
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   108
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   109
        InputStream sslIS = sslSocket.getInputStream();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   110
        OutputStream sslOS = sslSocket.getOutputStream();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   111
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   112
        sslIS.read();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   113
        sslOS.write('A');
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   114
        sslOS.flush();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   115
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   116
        sslSocket.close();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   117
    }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   118
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   119
    /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   120
     * Define the client side of the test.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   121
     *
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   122
     * If the server prematurely exits, serverReady will be set to true
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   123
     * to avoid infinite hangs.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   124
     */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   125
    void doClientSide() throws Exception {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   126
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   127
        /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   128
         * Wait for server to get started.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   129
         */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   130
        while (!serverReady) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   131
            Thread.sleep(50);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   132
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   133
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   134
        SSLSocketFactory sslsf =
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   135
            (SSLSocketFactory) SSLSocketFactory.getDefault();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   136
        SSLSocket sslSocket = (SSLSocket)
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   137
            sslsf.createSocket("localhost", serverPort);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   138
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   139
        // enable TLSv1.1 only
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   140
        sslSocket.setEnabledProtocols(new String[] {"TLSv1.1"});
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   141
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   142
        InputStream sslIS = sslSocket.getInputStream();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   143
        OutputStream sslOS = sslSocket.getOutputStream();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   144
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   145
        sslOS.write('B');
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   146
        sslOS.flush();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   147
        sslIS.read();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   148
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   149
        sslSocket.close();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   150
    }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   151
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   152
    private SSLServerSocketFactory getSSLServerSF() throws Exception {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   153
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   154
        char [] password =
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   155
            System.getProperty("javax.net.ssl.keyStorePassword").toCharArray();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   156
        String keyFilename = System.getProperty("javax.net.ssl.keyStore");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   157
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   158
        KeyStore ks = KeyStore.getInstance("JKS");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   159
        ks.load(new FileInputStream(keyFilename), password);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   160
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   161
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   162
        kmf.init(ks, password);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   163
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   164
        KeyManager[] kms = kmf.getKeyManagers();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   165
        TrustManager[] tms = new MyX509TM[] {new MyX509TM()};
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   166
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   167
        SSLContext ctx = SSLContext.getInstance("TLS");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   168
        ctx.init(kms, tms, null);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   169
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   170
        return ctx.getServerSocketFactory();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   171
    }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   172
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   173
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   174
    static class MyX509TM implements X509TrustManager {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   175
        X509TrustManager tm;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   176
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   177
        public void checkClientTrusted(X509Certificate[] chain,
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   178
            String authType) throws CertificateException {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   179
            if (tm == null) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   180
                initialize();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   181
            }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   182
            tm.checkClientTrusted(chain, authType);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   183
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   184
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   185
        public void checkServerTrusted(X509Certificate[] chain,
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   186
            String authType) throws CertificateException {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   187
            if (tm == null) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   188
                initialize();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   189
            }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   190
            tm.checkServerTrusted(chain, authType);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   191
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   192
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   193
        public X509Certificate[] getAcceptedIssuers() {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   194
            // always return empty array
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   195
            return new X509Certificate[0];
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   196
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   197
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   198
        private void initialize() throws CertificateException {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   199
            String passwd =
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   200
                System.getProperty("javax.net.ssl.trustStorePassword");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   201
            char [] password = passwd.toCharArray();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   202
            String trustFilename =
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   203
                System.getProperty("javax.net.ssl.trustStore");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   204
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   205
            try {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   206
                KeyStore ks = KeyStore.getInstance("JKS");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   207
                ks.load(new FileInputStream(trustFilename), password);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   208
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   209
                TrustManagerFactory tmf =
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   210
                        TrustManagerFactory.getInstance("PKIX");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   211
                tmf.init(ks);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   212
                tm = (X509TrustManager)tmf.getTrustManagers()[0];
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   213
            } catch (Exception e) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   214
                throw new CertificateException("Unable to initialize TM");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   215
            }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   216
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   217
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   218
    }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   219
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   220
    /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   221
     * =============================================================
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   222
     * The remainder is just support stuff
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   223
     */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   224
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   225
    // use any free port by default
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   226
    volatile int serverPort = 0;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   227
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   228
    volatile Exception serverException = null;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   229
    volatile Exception clientException = null;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   230
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   231
    public static void main(String[] args) throws Exception {
22268
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property
xuelei
parents: 14342
diff changeset
   232
        // MD5 is used in this test case, don't disable MD5 algorithm.
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property
xuelei
parents: 14342
diff changeset
   233
        Security.setProperty(
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property
xuelei
parents: 14342
diff changeset
   234
                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property
xuelei
parents: 14342
diff changeset
   235
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   236
        String keyFilename =
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   237
            System.getProperty("test.src", ".") + "/" + pathToStores +
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   238
                "/" + keyStoreFile;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   239
        String trustFilename =
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   240
            System.getProperty("test.src", ".") + "/" + pathToStores +
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   241
                "/" + trustStoreFile;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   242
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   243
        System.setProperty("javax.net.ssl.keyStore", keyFilename);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   244
        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   245
        System.setProperty("javax.net.ssl.trustStore", trustFilename);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   246
        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   247
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   248
        if (debug)
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   249
            System.setProperty("javax.net.debug", "all");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   250
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   251
        /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   252
         * Start the tests.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   253
         */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   254
        new EmptyCertificateAuthorities();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   255
    }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   256
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   257
    Thread clientThread = null;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   258
    Thread serverThread = null;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   259
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   260
    /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   261
     * Primary constructor, used to drive remainder of the test.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   262
     *
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   263
     * Fork off the other side, then do your work.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   264
     */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   265
    EmptyCertificateAuthorities() throws Exception {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   266
        try {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   267
            if (separateServerThread) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   268
                startServer(true);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   269
                startClient(false);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   270
            } else {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   271
                startClient(true);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   272
                startServer(false);
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   273
            }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   274
        } catch (Exception e) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   275
            // swallow for now.  Show later
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   276
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   277
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   278
        /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   279
         * Wait for other side to close down.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   280
         */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   281
        if (separateServerThread) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   282
            serverThread.join();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   283
        } else {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   284
            clientThread.join();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   285
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   286
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   287
        /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   288
         * When we get here, the test is pretty much over.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   289
         * Which side threw the error?
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   290
         */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   291
        Exception local;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   292
        Exception remote;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   293
        String whichRemote;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   294
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   295
        if (separateServerThread) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   296
            remote = serverException;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   297
            local = clientException;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   298
            whichRemote = "server";
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   299
        } else {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   300
            remote = clientException;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   301
            local = serverException;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   302
            whichRemote = "client";
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   303
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   304
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   305
        /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   306
         * If both failed, return the curthread's exception, but also
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   307
         * print the remote side Exception
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   308
         */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   309
        if ((local != null) && (remote != null)) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   310
            System.out.println(whichRemote + " also threw:");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   311
            remote.printStackTrace();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   312
            System.out.println();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   313
            throw local;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   314
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   315
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   316
        if (remote != null) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   317
            throw remote;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   318
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   319
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   320
        if (local != null) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   321
            throw local;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   322
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   323
    }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   324
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   325
    void startServer(boolean newThread) throws Exception {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   326
        if (newThread) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   327
            serverThread = new Thread() {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   328
                public void run() {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   329
                    try {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   330
                        doServerSide();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   331
                    } catch (Exception e) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   332
                        /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   333
                         * Our server thread just died.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   334
                         *
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   335
                         * Release the client, if not active already...
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   336
                         */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   337
                        System.err.println("Server died...");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   338
                        serverReady = true;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   339
                        serverException = e;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   340
                    }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   341
                }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   342
            };
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   343
            serverThread.start();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   344
        } else {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   345
            try {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   346
                doServerSide();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   347
            } catch (Exception e) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   348
                serverException = e;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   349
            } finally {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   350
                serverReady = true;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   351
            }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   352
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   353
    }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   354
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   355
    void startClient(boolean newThread) throws Exception {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   356
        if (newThread) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   357
            clientThread = new Thread() {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   358
                public void run() {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   359
                    try {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   360
                        doClientSide();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   361
                    } catch (Exception e) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   362
                        /*
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   363
                         * Our client thread just died.
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   364
                         */
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   365
                        System.err.println("Client died...");
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   366
                        clientException = e;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   367
                    }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   368
                }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   369
            };
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   370
            clientThread.start();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   371
        } else {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   372
            try {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   373
                doClientSide();
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   374
            } catch (Exception e) {
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   375
                clientException = e;
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   376
            }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   377
        }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   378
    }
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents:
diff changeset
   379
}