|
41964
|
1 |
/*
|
|
|
2 |
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
|
|
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
4 |
*
|
|
|
5 |
* This code is free software; you can redistribute it and/or modify it
|
|
|
6 |
* under the terms of the GNU General Public License version 2 only, as
|
|
|
7 |
* published by the Free Software Foundation.
|
|
|
8 |
*
|
|
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
|
13 |
* accompanied this code).
|
|
|
14 |
*
|
|
|
15 |
* You should have received a copy of the GNU General Public License version
|
|
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
18 |
*
|
|
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
|
20 |
* or visit www.oracle.com if you need additional information or have any
|
|
|
21 |
* questions.
|
|
|
22 |
*/
|
|
|
23 |
|
|
|
24 |
import javax.net.ssl.*;
|
|
|
25 |
import javax.net.ssl.SSLEngineResult.*;
|
|
|
26 |
import java.io.*;
|
|
|
27 |
import java.nio.*;
|
|
|
28 |
import java.security.KeyStore;
|
|
|
29 |
import java.security.PrivateKey;
|
|
|
30 |
import java.security.KeyFactory;
|
|
|
31 |
import java.security.cert.Certificate;
|
|
|
32 |
import java.security.cert.CertificateFactory;
|
|
|
33 |
import java.security.spec.*;
|
|
|
34 |
import java.util.Base64;
|
|
|
35 |
|
|
|
36 |
public abstract class ClientHelloInterOp {
|
|
|
37 |
|
|
|
38 |
/*
|
|
|
39 |
* Certificates and keys used in the test.
|
|
|
40 |
*/
|
|
|
41 |
// Trusted certificates.
|
|
|
42 |
private final static String[] trustedCertStrs = {
|
|
|
43 |
// SHA256withECDSA, curve prime256v1
|
|
|
44 |
// Validity
|
|
|
45 |
// Not Before: Nov 9 03:24:05 2016 GMT
|
|
|
46 |
// Not After : Oct 20 03:24:05 2037 GMT
|
|
|
47 |
"-----BEGIN CERTIFICATE-----\n" +
|
|
|
48 |
"MIICHDCCAcGgAwIBAgIJAM83C/MVp9F5MAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
|
|
|
49 |
"AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
|
|
|
50 |
"ZTAeFw0xNjExMDkwMzI0MDVaFw0zNzEwMjAwMzI0MDVaMDsxCzAJBgNVBAYTAlVT\n" +
|
|
|
51 |
"MQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" +
|
|
|
52 |
"MBMGByqGSM49AgEGCCqGSM49AwEHA0IABGeQXwyeNyU4UAATfwUbMO5zaREI21Wh\n" +
|
|
|
53 |
"bds6WDu+PmfK8SWsTgsgpYxBRui+fZtYqSmbdjkurvAQ3j2fvN++BtWjga0wgaow\n" +
|
|
|
54 |
"HQYDVR0OBBYEFDF/OeJ82qBSRkAm1rdZUPbWfDzyMGsGA1UdIwRkMGKAFDF/OeJ8\n" +
|
|
|
55 |
"2qBSRkAm1rdZUPbWfDzyoT+kPTA7MQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2\n" +
|
|
|
56 |
"YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2WCCQDPNwvzFafReTAPBgNV\n" +
|
|
|
57 |
"HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNJADBGAiEAlHQY\n" +
|
|
|
58 |
"QFPlODOsjLVQYSxgeSUvYzMp0vP8naeVB9bfFG8CIQCFfrKZvhq9z3bOtlYKxs2a\n" +
|
|
|
59 |
"EWUjUZ82a1JTqkP+lgHY5A==\n" +
|
|
|
60 |
"-----END CERTIFICATE-----",
|
|
|
61 |
|
|
|
62 |
// SHA256withRSA, 2048 bits
|
|
|
63 |
// Validity
|
|
|
64 |
// Not Before: Nov 9 03:24:16 2016 GMT
|
|
|
65 |
// Not After : Oct 20 03:24:16 2037 GMT
|
|
|
66 |
"-----BEGIN CERTIFICATE-----\n" +
|
|
|
67 |
"MIIDpzCCAo+gAwIBAgIJAJAYpR2aIlA1MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
|
|
|
68 |
"BAYTAlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2Vy\n" +
|
|
|
69 |
"aXZjZTAeFw0xNjExMDkwMzI0MTZaFw0zNzEwMjAwMzI0MTZaMDsxCzAJBgNVBAYT\n" +
|
|
|
70 |
"AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
|
|
|
71 |
"ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+F/FTPODYzsU0Pakfp\n" +
|
|
|
72 |
"lsh88YoQWZPjABhCU+HPsCTMYc8UBkaiduUzregwwVBW3D7kmec2K408krGQsxdy\n" +
|
|
|
73 |
"oKJA12GL/XX1YgzDEsyBRk/gvex5lPaBIZiJ5IZlUfjLuRDGxPjtRelBTpZ7SUet\n" +
|
|
|
74 |
"PJVZz6zV6hMPGO6kQzCtbzzET515EE0okIS40LkAmtWoOmVm3gRldomaZTrZ0V2L\n" +
|
|
|
75 |
"MMaJGzrXYqk0SX+PYul8v+2EEHeMuaXG/XpK5xsg9gZvzpKqFQcBOdENoJHB07go\n" +
|
|
|
76 |
"jCmRC328ALqr+bMyktKAuYfB+mhjmN2AU8TQx72WPpvNTXxFDYcwo+8254cCAVKB\n" +
|
|
|
77 |
"e98CAwEAAaOBrTCBqjAdBgNVHQ4EFgQUlJQlQTbi8YIyiNf+SqF7LtH+gicwawYD\n" +
|
|
|
78 |
"VR0jBGQwYoAUlJQlQTbi8YIyiNf+SqF7LtH+giehP6Q9MDsxCzAJBgNVBAYTAlVT\n" +
|
|
|
79 |
"MQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZjZYIJ\n" +
|
|
|
80 |
"AJAYpR2aIlA1MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3\n" +
|
|
|
81 |
"DQEBCwUAA4IBAQAI0lTY0YAKQ2VdoIQ6dnqolphLVWdNGiC9drHEYSn7+hmAD2r2\n" +
|
|
|
82 |
"v1U/9m752TkcT74a65xKbEVuVtleD/w6i+QjALW2PYt6ivjOnnY0a9Y9a9UCa00j\n" +
|
|
|
83 |
"C9415sCw84Tp9VoKtuYqzhN87bBUeABOw5dsW3z32C2N/YhprkqeF/vdx4JxulPr\n" +
|
|
|
84 |
"PKze5BREXnKLA1ISoDioCPphvNMKrSpkAofb1rTCwtgt5V/WFls283L52ORmpRGO\n" +
|
|
|
85 |
"Ja88ztXOz00ZGu0RQLwlmpN7m8tNgA/5MPrldyYIwegP4RSkkJlF/8+hxvvqfJhK\n" +
|
|
|
86 |
"FFDa0HHQSJfR2b9628Iniw1UHOMMT6qx5EHr\n" +
|
|
|
87 |
"-----END CERTIFICATE-----"
|
|
|
88 |
};
|
|
|
89 |
|
|
|
90 |
// End entity certificate.
|
|
|
91 |
private final static String[] endEntityCertStrs = {
|
|
|
92 |
// SHA256withECDSA, curve prime256v1
|
|
|
93 |
// Validity
|
|
|
94 |
// Not Before: Nov 9 03:24:05 2016 GMT
|
|
|
95 |
// Not After : Jul 27 03:24:05 2036 GMT
|
|
|
96 |
"-----BEGIN CERTIFICATE-----\n" +
|
|
|
97 |
"MIIB1DCCAXmgAwIBAgIJAKVa+4dIUjaLMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
|
|
|
98 |
"AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
|
|
|
99 |
"ZTAeFw0xNjExMDkwMzI0MDVaFw0zNjA3MjcwMzI0MDVaMFIxCzAJBgNVBAYTAlVT\n" +
|
|
|
100 |
"MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEV\n" +
|
|
|
101 |
"MBMGA1UEAwwMSW50ZXJPcCBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n" +
|
|
|
102 |
"h4vXNUJzULq4e7fAOvF0WiWU6cllOAMus1GqTFvcnRPOChl8suZsvksO0CpZqL3h\n" +
|
|
|
103 |
"jXmVX9dp1FV/rUBGLo1aG6NPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSO8V5+\n" +
|
|
|
104 |
"bj0ik0T9BtJc4jLJt7m6wjAfBgNVHSMEGDAWgBQxfznifNqgUkZAJta3WVD21nw8\n" +
|
|
|
105 |
"8jAKBggqhkjOPQQDAgNJADBGAiEAk7MF+L9bFRwUsbPsBCbCqH9DMdzBQR+kFDNf\n" +
|
|
|
106 |
"lfn8Rs4CIQD9qWvBXd+EJqwraxiX6cftaFchn+T2HpvMboy+irMFow==\n" +
|
|
|
107 |
"-----END CERTIFICATE-----",
|
|
|
108 |
|
|
|
109 |
// SHA256withRSA, 2048 bits
|
|
|
110 |
// Validity
|
|
|
111 |
// Not Before: Nov 9 03:24:16 2016 GMT
|
|
|
112 |
// Not After : Jul 27 03:24:16 2036 GMT
|
|
|
113 |
"-----BEGIN CERTIFICATE-----\n" +
|
|
|
114 |
"MIIDczCCAlugAwIBAgIJAPhM2oUKx0aJMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
|
|
|
115 |
"BAYTAlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2Vy\n" +
|
|
|
116 |
"aXZjZTAeFw0xNjExMDkwMzI0MTZaFw0zNjA3MjcwMzI0MTZaMFIxCzAJBgNVBAYT\n" +
|
|
|
117 |
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
|
|
|
118 |
"ZTEVMBMGA1UEAwwMSW50ZXJPcCBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\n" +
|
|
|
119 |
"MIIBCgKCAQEA36tJaXfJ2B/AFvES+tnueyQPSNABVu9nfMdU+NEPamJ+FH7cEF8Z\n" +
|
|
|
120 |
"1Spr1vlQgNzCpDUVrfnmT75rCapgz5ldA9+y+3hdfUyHjZBzzfx+6GHXLB4u6eU2\n" +
|
|
|
121 |
"NATa7vqSLNbcLcfZ7/QmkFqg4JRJbX4F42kKkRJrWdKZ8UoCYC8WXWvDaZ3nUs05\n" +
|
|
|
122 |
"XHe+mBJ8qMNPTbYST1jpzXPyH5CljlFGYi2mKJDTImDhwht7mu2+zvwvbJ81Gj2X\n" +
|
|
|
123 |
"JUSTSf9fu0zxFcCk6RmJPw9nSVqePVlOwtNNBodfKN+k4yr+gOz1v8NmMtmEtklV\n" +
|
|
|
124 |
"Sulr/J4QxI+E2Zar/C+4XjxkvstIS+PNKQIDAQABo2MwYTALBgNVHQ8EBAMCA+gw\n" +
|
|
|
125 |
"HQYDVR0OBBYEFHt19CItAz0VOF0WKGWwaT4DtEsSMB8GA1UdIwQYMBaAFJSUJUE2\n" +
|
|
|
126 |
"4vGCMojX/kqhey7R/oInMBIGA1UdEQEB/wQIMAaHBH8AAAEwDQYJKoZIhvcNAQEL\n" +
|
|
|
127 |
"BQADggEBACKYZWvo9B9IEpCCdBba2sNo4X1NI/VEY3fyUx1lkw+Kna+1d2Ab+RCZ\n" +
|
|
|
128 |
"cf3Y85fcwv03hNE///wNBp+Nde4NQRDK/oiQARzWwWslfinm5d83eQwzC3cpSzt+\n" +
|
|
|
129 |
"7ts6M5UlOblGsLXZI7THWO1tkgoEra9p+zezxLMmf/2MpNyZMZlVoJPM2YGxU9cN\n" +
|
|
|
130 |
"ws0AyeY1gpBEdT21vjsBPdxxj6qklXVMnzS3zF8YwXyOndDYQWdjmFEknRK/qmQ2\n" +
|
|
|
131 |
"gkLHrzpSpyCziecna5mGuDRdCU2dpsWiq1npEPXTq+PQGwWYcoaFTtXF8DDqhfPC\n" +
|
|
|
132 |
"4Abe8gPm6MfzerdmS3RFTj9b/DIIENM=\n" +
|
|
|
133 |
"-----END CERTIFICATE-----"
|
|
|
134 |
};
|
|
|
135 |
|
|
|
136 |
// Private key in the format of PKCS#8.
|
|
|
137 |
private final static String[] endEntityPrivateKeys = {
|
|
|
138 |
//
|
|
|
139 |
// EC private key related to cert endEntityCertStrs[0].
|
|
|
140 |
//
|
|
|
141 |
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgA3pmS+OrIjGyUv2F\n" +
|
|
|
142 |
"K/PkyayJIePM2RTFYxNoQqmJGnihRANCAASHi9c1QnNQurh7t8A68XRaJZTpyWU4\n" +
|
|
|
143 |
"Ay6zUapMW9ydE84KGXyy5my+Sw7QKlmoveGNeZVf12nUVX+tQEYujVob",
|
|
|
144 |
|
|
|
145 |
//
|
|
|
146 |
// RSA private key related to cert endEntityCertStrs[1].
|
|
|
147 |
//
|
|
|
148 |
"MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfq0lpd8nYH8AW\n" +
|
|
|
149 |
"8RL62e57JA9I0AFW72d8x1T40Q9qYn4UftwQXxnVKmvW+VCA3MKkNRWt+eZPvmsJ\n" +
|
|
|
150 |
"qmDPmV0D37L7eF19TIeNkHPN/H7oYdcsHi7p5TY0BNru+pIs1twtx9nv9CaQWqDg\n" +
|
|
|
151 |
"lEltfgXjaQqREmtZ0pnxSgJgLxZda8NpnedSzTlcd76YEnyow09NthJPWOnNc/If\n" +
|
|
|
152 |
"kKWOUUZiLaYokNMiYOHCG3ua7b7O/C9snzUaPZclRJNJ/1+7TPEVwKTpGYk/D2dJ\n" +
|
|
|
153 |
"Wp49WU7C000Gh18o36TjKv6A7PW/w2Yy2YS2SVVK6Wv8nhDEj4TZlqv8L7hePGS+\n" +
|
|
|
154 |
"y0hL480pAgMBAAECggEBAJyP1zk+IkloIBtu7+wrdCU6HoDHKMjjlzrehHoOTI4Z\n" +
|
|
|
155 |
"F0vdaMkE6J4vrYCyz0kEPjKW/e/jxvT2wxHm8xEdtuApS61+mWJFmXTcMlNzdJnR\n" +
|
|
|
156 |
"Mr6s+gW67fAHngA94OgGFeTtyX2PFxdgeM/6vFMqLZD7S+w0SnR7WEpvla4iB7On\n" +
|
|
|
157 |
"lXqhJKVQeVc+IpByg/S4MmJb91jck73GltCaCL/b6BTrsz+zc/AY5tb8JInxjMZ9\n" +
|
|
|
158 |
"jmjmA+s6l7tnBrFQfJHlF9a374lxCOtZTxyxVJjD7tQcGpsUpSHXZGdpDcT34qYT\n" +
|
|
|
159 |
"UGh0yp2Mc/1PfWni5gS/6UGLrYmT57RRCn5YJBJTEkkCgYEA/XPCNehFaOMSxOZh\n" +
|
|
|
160 |
"OGBVhQ+eRAmdpJfMhSUsDdEdQLZyWGmZsMTHjZZrwevBX/D0dxQYDv/sAl0GZomJ\n" +
|
|
|
161 |
"d6iRCHlscycwx5Q0U/EpacsgRlYHz1nMRzXqS3Ry+8O8qQlliqCLUM7SfVgzdI5/\n" +
|
|
|
162 |
"ll9JMrng9NnRl8ccjEdOGK8g/MMCgYEA4eriKMfRslGY4uOQoTPbuEJSMMwQ2X4k\n" +
|
|
|
163 |
"lPj1p+xSQfU9QBaWJake67oBj3vpCxqN7/VkvCIeC6LCjhLpWHCn4EkdGiqkEdWz\n" +
|
|
|
164 |
"m5CHzpzVIgznzWnbt0rCVL2KdL+ihgY8KPDdsZ6tZrABHuYhsWkAu10wyvuQYM88\n" +
|
|
|
165 |
"3u6yOIQn36MCgYEAk5qR1UEzAxWTPbaJkgKQa5Cf9DHBbDS3eCcg098f8SsPxquh\n" +
|
|
|
166 |
"RRAkwzGCCgqZsJ0sUhkStdGXifzRGHAq7dPuuwe0ABAn2WNXYjeFjcYtQqkhnUFH\n" +
|
|
|
167 |
"tYURsOXdfQAOZEdDqos691GrxjHSraO7bECL6Y3VE+Oyq3jbCFsSgU+kn28CgYBT\n" +
|
|
|
168 |
"mrXZO6FJqVK33FlAns1YEgsSjeJKapklHEDkxNroF9Zz6ifkhgKwX6SGMefbORd/\n" +
|
|
|
169 |
"zsNZsBKIYdI3+52pIf+uS8BeV5tiEkCmeEUZ3AYv1LDP3rX1zc++xmn/rI97o8EN\n" +
|
|
|
170 |
"sZ2JRtyK3OV9RtL/MYmYzPLqm1Ah02+GXLVNnvKWmwKBgE8Ble8CzrXYuuPdGxXz\n" +
|
|
|
171 |
"BZU6HnXQrmTUcgeze0tj8SDHzCfsGsaG6pHrVNkT7CKsRuCHTZLM0kXmUijLFKuP\n" +
|
|
|
172 |
"5xyE257z4IbbEbs+tcbB3p28n4/47MzZkSR3kt8+FrsEMZq5oOHbFTGzgp9dhZCC\n" +
|
|
|
173 |
"dKUqlw5BPHdbxoWB/JpSHGCV"
|
|
|
174 |
};
|
|
|
175 |
|
|
|
176 |
// Private key names of endEntityPrivateKeys.
|
|
|
177 |
private final static String[] endEntityPrivateKeyNames = {
|
|
|
178 |
"EC",
|
|
|
179 |
"RSA"
|
|
|
180 |
};
|
|
|
181 |
|
|
|
182 |
/*
|
|
|
183 |
* Run the test case.
|
|
|
184 |
*/
|
|
|
185 |
public void run() throws Exception {
|
|
|
186 |
SSLEngine serverEngine = createServerEngine();
|
|
|
187 |
|
|
|
188 |
//
|
|
|
189 |
// Create and size the buffers appropriately.
|
|
|
190 |
//
|
|
|
191 |
SSLSession session = serverEngine.getSession();
|
|
|
192 |
ByteBuffer serverAppInbound =
|
|
|
193 |
ByteBuffer.allocate(session.getApplicationBufferSize());
|
|
|
194 |
ByteBuffer clientHello =
|
|
|
195 |
ByteBuffer.allocate(session.getPacketBufferSize());
|
|
|
196 |
|
|
|
197 |
//
|
|
|
198 |
// Generate a ClientHello message, and check if the server
|
|
|
199 |
// engine can read it or not.
|
|
|
200 |
//
|
|
|
201 |
clientHello.put(createClientHelloMessage());
|
|
|
202 |
clientHello.flip();
|
|
|
203 |
|
|
|
204 |
SSLEngineResult serverResult =
|
|
|
205 |
serverEngine.unwrap(clientHello, serverAppInbound);
|
|
|
206 |
log("Server unwrap: ", serverResult);
|
|
|
207 |
runDelegatedTasks(serverResult, serverEngine);
|
|
|
208 |
|
|
|
209 |
//
|
|
|
210 |
// Generate server responses to the ClientHello request.
|
|
|
211 |
//
|
|
|
212 |
ByteBuffer clientNetInbound =
|
|
|
213 |
ByteBuffer.allocate(session.getPacketBufferSize());
|
|
|
214 |
ByteBuffer clientAppInbound =
|
|
|
215 |
ByteBuffer.wrap("Hello Client, I'm Server".getBytes());
|
|
|
216 |
|
|
|
217 |
serverResult = serverEngine.wrap(clientAppInbound, clientNetInbound);
|
|
|
218 |
log("Server wrap: ", serverResult);
|
|
|
219 |
runDelegatedTasks(serverResult, serverEngine);
|
|
|
220 |
}
|
|
|
221 |
|
|
|
222 |
/*
|
|
|
223 |
* Create a ClientHello message.
|
|
|
224 |
*/
|
|
|
225 |
abstract protected byte[] createClientHelloMessage();
|
|
|
226 |
|
|
|
227 |
/*
|
|
|
228 |
* Create an instance of SSLContext for client use.
|
|
|
229 |
*/
|
|
|
230 |
protected SSLContext createClientSSLContext() throws Exception {
|
|
|
231 |
return createSSLContext(trustedCertStrs, null, null, null);
|
|
|
232 |
}
|
|
|
233 |
|
|
|
234 |
/*
|
|
|
235 |
* Create an instance of SSLContext for server use.
|
|
|
236 |
*/
|
|
|
237 |
protected SSLContext createServerSSLContext() throws Exception {
|
|
|
238 |
return createSSLContext(null,
|
|
|
239 |
endEntityCertStrs, endEntityPrivateKeys,
|
|
|
240 |
endEntityPrivateKeyNames);
|
|
|
241 |
}
|
|
|
242 |
|
|
|
243 |
/*
|
|
|
244 |
* Create an instance of SSLContext with the specified trust/key materials.
|
|
|
245 |
*/
|
|
|
246 |
protected SSLContext createSSLContext(
|
|
|
247 |
String[] trustedMaterials,
|
|
|
248 |
String[] keyMaterialCerts,
|
|
|
249 |
String[] keyMaterialKeys,
|
|
|
250 |
String[] keyMaterialKeyAlgs) throws Exception {
|
|
|
251 |
|
|
|
252 |
KeyStore ts = null; // trust store
|
|
|
253 |
KeyStore ks = null; // key store
|
|
|
254 |
char passphrase[] = "passphrase".toCharArray();
|
|
|
255 |
|
|
|
256 |
// Generate certificate from cert string.
|
|
|
257 |
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
|
|
258 |
|
|
|
259 |
// Import the trused certs.
|
|
|
260 |
ByteArrayInputStream is;
|
|
|
261 |
if (trustedMaterials != null && trustedMaterials.length != 0) {
|
|
|
262 |
ts = KeyStore.getInstance("JKS");
|
|
|
263 |
ts.load(null, null);
|
|
|
264 |
|
|
|
265 |
Certificate[] trustedCert =
|
|
|
266 |
new Certificate[trustedMaterials.length];
|
|
|
267 |
for (int i = 0; i < trustedMaterials.length; i++) {
|
|
|
268 |
String trustedCertStr = trustedMaterials[i];
|
|
|
269 |
|
|
|
270 |
is = new ByteArrayInputStream(trustedCertStr.getBytes());
|
|
|
271 |
try {
|
|
|
272 |
trustedCert[i] = cf.generateCertificate(is);
|
|
|
273 |
} finally {
|
|
|
274 |
is.close();
|
|
|
275 |
}
|
|
|
276 |
|
|
|
277 |
ts.setCertificateEntry("trusted-cert-" + i, trustedCert[i]);
|
|
|
278 |
}
|
|
|
279 |
}
|
|
|
280 |
|
|
|
281 |
// Import the key materials.
|
|
|
282 |
//
|
|
|
283 |
// Note that certification pathes bigger than one are not supported yet.
|
|
|
284 |
boolean hasKeyMaterials =
|
|
|
285 |
(keyMaterialCerts != null) && (keyMaterialCerts.length != 0) &&
|
|
|
286 |
(keyMaterialKeys != null) && (keyMaterialKeys.length != 0) &&
|
|
|
287 |
(keyMaterialKeyAlgs != null) && (keyMaterialKeyAlgs.length != 0) &&
|
|
|
288 |
(keyMaterialCerts.length == keyMaterialKeys.length) &&
|
|
|
289 |
(keyMaterialCerts.length == keyMaterialKeyAlgs.length);
|
|
|
290 |
if (hasKeyMaterials) {
|
|
|
291 |
ks = KeyStore.getInstance("JKS");
|
|
|
292 |
ks.load(null, null);
|
|
|
293 |
|
|
|
294 |
for (int i = 0; i < keyMaterialCerts.length; i++) {
|
|
|
295 |
String keyCertStr = keyMaterialCerts[i];
|
|
|
296 |
|
|
|
297 |
// generate the private key.
|
|
|
298 |
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
|
|
|
299 |
Base64.getMimeDecoder().decode(keyMaterialKeys[i]));
|
|
|
300 |
KeyFactory kf =
|
|
|
301 |
KeyFactory.getInstance(keyMaterialKeyAlgs[i]);
|
|
|
302 |
PrivateKey priKey = kf.generatePrivate(priKeySpec);
|
|
|
303 |
|
|
|
304 |
// generate certificate chain
|
|
|
305 |
is = new ByteArrayInputStream(keyCertStr.getBytes());
|
|
|
306 |
Certificate keyCert = null;
|
|
|
307 |
try {
|
|
|
308 |
keyCert = cf.generateCertificate(is);
|
|
|
309 |
} finally {
|
|
|
310 |
is.close();
|
|
|
311 |
}
|
|
|
312 |
|
|
|
313 |
Certificate[] chain = new Certificate[] { keyCert };
|
|
|
314 |
|
|
|
315 |
// import the key entry.
|
|
|
316 |
ks.setKeyEntry("cert-" + i, priKey, passphrase, chain);
|
|
|
317 |
}
|
|
|
318 |
}
|
|
|
319 |
|
|
|
320 |
// Create an SSLContext object.
|
|
|
321 |
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
|
|
|
322 |
tmf.init(ts);
|
|
|
323 |
|
|
|
324 |
SSLContext context = SSLContext.getInstance("TLS");
|
|
|
325 |
if (hasKeyMaterials && ks != null) {
|
|
|
326 |
KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
|
|
|
327 |
kmf.init(ks, passphrase);
|
|
|
328 |
|
|
|
329 |
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
|
|
|
330 |
} else {
|
|
|
331 |
context.init(null, tmf.getTrustManagers(), null);
|
|
|
332 |
}
|
|
|
333 |
|
|
|
334 |
return context;
|
|
|
335 |
}
|
|
|
336 |
|
|
|
337 |
/*
|
|
|
338 |
* Create an instance of SSLEngine in client mode.
|
|
|
339 |
*/
|
|
|
340 |
protected SSLEngine createClientEngine() throws Exception {
|
|
|
341 |
return createClientEngine(createClientSSLContext());
|
|
|
342 |
}
|
|
|
343 |
|
|
|
344 |
/*
|
|
|
345 |
* Create an instance of SSLEngine in client mode with the
|
|
|
346 |
* specified SSLContext object.
|
|
|
347 |
*/
|
|
|
348 |
protected SSLEngine createClientEngine(
|
|
|
349 |
SSLContext context) throws Exception {
|
|
|
350 |
|
|
|
351 |
SSLEngine engine = context.createSSLEngine();
|
|
|
352 |
engine.setUseClientMode(true);
|
|
|
353 |
|
|
|
354 |
/*
|
|
|
355 |
* Customize the SSLEngine object.
|
|
|
356 |
*/
|
|
|
357 |
// blank
|
|
|
358 |
|
|
|
359 |
return engine;
|
|
|
360 |
}
|
|
|
361 |
|
|
|
362 |
/*
|
|
|
363 |
* Create an instance of SSLEngine in server mode.
|
|
|
364 |
*/
|
|
|
365 |
protected SSLEngine createServerEngine() throws Exception {
|
|
|
366 |
return createServerEngine(createServerSSLContext());
|
|
|
367 |
}
|
|
|
368 |
|
|
|
369 |
/*
|
|
|
370 |
* Create an instance of SSLEngine in server mode with the
|
|
|
371 |
* specified SSLContext object.
|
|
|
372 |
*/
|
|
|
373 |
protected SSLEngine createServerEngine(
|
|
|
374 |
SSLContext context) throws Exception {
|
|
|
375 |
|
|
|
376 |
SSLEngine engine = context.createSSLEngine();
|
|
|
377 |
engine.setUseClientMode(false);
|
|
|
378 |
|
|
|
379 |
/*
|
|
|
380 |
* Customize the SSLEngine object.
|
|
|
381 |
*/
|
|
|
382 |
engine.setNeedClientAuth(false);
|
|
|
383 |
|
|
|
384 |
return engine;
|
|
|
385 |
}
|
|
|
386 |
|
|
|
387 |
/*
|
|
|
388 |
* Run the delagayed tasks if any.
|
|
|
389 |
*
|
|
|
390 |
* If the result indicates that we have outstanding tasks to do,
|
|
|
391 |
* go ahead and run them in this thread.
|
|
|
392 |
*/
|
|
|
393 |
protected static void runDelegatedTasks(SSLEngineResult result,
|
|
|
394 |
SSLEngine engine) throws Exception {
|
|
|
395 |
|
|
|
396 |
if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
|
|
|
397 |
Runnable runnable;
|
|
|
398 |
while ((runnable = engine.getDelegatedTask()) != null) {
|
|
|
399 |
log("\trunning delegated task...");
|
|
|
400 |
runnable.run();
|
|
|
401 |
}
|
|
|
402 |
HandshakeStatus hsStatus = engine.getHandshakeStatus();
|
|
|
403 |
if (hsStatus == HandshakeStatus.NEED_TASK) {
|
|
|
404 |
throw new Exception(
|
|
|
405 |
"handshake shouldn't need additional tasks");
|
|
|
406 |
}
|
|
|
407 |
log("\tnew HandshakeStatus: " + hsStatus);
|
|
|
408 |
}
|
|
|
409 |
}
|
|
|
410 |
|
|
|
411 |
/*
|
|
|
412 |
* Logging the specificated message and the SSLEngine operation result.
|
|
|
413 |
*/
|
|
|
414 |
protected static void log(String str, SSLEngineResult result) {
|
|
|
415 |
HandshakeStatus hsStatus = result.getHandshakeStatus();
|
|
|
416 |
log(str +
|
|
|
417 |
result.getStatus() + "/" + hsStatus + ", consumed: " +
|
|
|
418 |
result.bytesConsumed() + "/produced: " + result.bytesProduced() +
|
|
|
419 |
" bytes");
|
|
|
420 |
|
|
|
421 |
if (hsStatus == HandshakeStatus.FINISHED) {
|
|
|
422 |
log("\t...ready for application data");
|
|
|
423 |
}
|
|
|
424 |
}
|
|
|
425 |
|
|
|
426 |
/*
|
|
|
427 |
* Logging the specificated message.
|
|
|
428 |
*/
|
|
|
429 |
protected static void log(String str) {
|
|
|
430 |
System.out.println(str);
|
|
|
431 |
}
|
|
|
432 |
}
|