| author | wetmore |
| Fri, 11 May 2018 15:53:12 -0700 | |
| branch | JDK-8145252-TLS13-branch |
| changeset 56542 | 56aaa6cb3693 |
| parent 47216 | 71c04702a3d5 |
| child 56606 | 0cabcf9cb31b |
| permissions | -rw-r--r-- |
|
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
1 |
/* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
2 |
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
4 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
8 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
13 |
* accompanied this code). |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
14 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
15 |
* You should have received a copy of the GNU General Public License version |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
18 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
20 |
* or visit www.oracle.com if you need additional information or have any |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
21 |
* questions. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
22 |
*/ |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
23 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
24 |
// SunJSSE does not support dynamic system properties, no way to re-use |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
25 |
// system properties in samevm/agentvm mode. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
26 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
27 |
/* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
28 |
* @test |
|
37309
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
29 |
* @bug 8145854 8153829 |
|
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
30 |
* @summary SSLContextImpl.statusResponseManager should be generated if required |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
31 |
* @library ../../../../java/security/testlibrary |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
32 |
* @build CertificateBuilder SimpleOCSPServer |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
33 |
* @run main/othervm StapleEnableProps |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
34 |
*/ |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
35 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
36 |
import javax.net.ssl.*; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
37 |
import javax.net.ssl.SSLEngineResult.*; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
38 |
import java.io.*; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
39 |
import java.math.BigInteger; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
40 |
import java.security.*; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
41 |
import java.nio.*; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
42 |
import java.security.cert.X509Certificate; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
43 |
import java.util.ArrayList; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
44 |
import java.util.Collections; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
45 |
import java.util.Date; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
46 |
import java.util.HashMap; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
47 |
import java.util.List; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
48 |
import java.util.Map; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
49 |
import java.util.Objects; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
50 |
import java.util.concurrent.TimeUnit; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
51 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
52 |
import sun.security.testlibrary.SimpleOCSPServer; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
53 |
import sun.security.testlibrary.CertificateBuilder; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
54 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
55 |
public class StapleEnableProps {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
56 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
57 |
/* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
58 |
* Enables logging of the SSLEngine operations. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
59 |
*/ |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
60 |
private static final boolean logging = true; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
61 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
62 |
/* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
63 |
* Enables the JSSE system debugging system property: |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
64 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
65 |
* -Djavax.net.debug=all |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
66 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
67 |
* This gives a lot of low-level information about operations underway, |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
68 |
* including specific handshake messages, and might be best examined |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
69 |
* after gaining some familiarity with this application. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
70 |
*/ |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
71 |
private static final boolean debug = false; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
72 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
73 |
// These two ByteBuffer references will be used to hang onto ClientHello |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
74 |
// messages with and without the status_request[_v2] extensions. These |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
75 |
// will be used in the server-side stapling tests. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
76 |
private static ByteBuffer cHelloStaple; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
77 |
private static ByteBuffer cHelloNoStaple; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
78 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
79 |
// The following items are used to set up the keystores. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
80 |
private static final String passwd = "passphrase"; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
81 |
private static final String ROOT_ALIAS = "root"; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
82 |
private static final String INT_ALIAS = "intermediate"; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
83 |
private static final String SSL_ALIAS = "ssl"; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
84 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
85 |
// PKI components we will need for this test |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
86 |
private static KeyManagerFactory kmf; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
87 |
private static TrustManagerFactory tmf; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
88 |
private static KeyStore rootKeystore; // Root CA Keystore |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
89 |
private static KeyStore intKeystore; // Intermediate CA Keystore |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
90 |
private static KeyStore serverKeystore; // SSL Server Keystore |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
91 |
private static KeyStore trustStore; // SSL Client trust store |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
92 |
private static SimpleOCSPServer rootOcsp; // Root CA OCSP Responder |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
93 |
private static int rootOcspPort; // Port for root OCSP |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
94 |
private static SimpleOCSPServer intOcsp; // Intermediate CA OCSP server |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
95 |
private static int intOcspPort; // Port for intermediate OCSP |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
96 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
97 |
// A few helpful TLS definitions to make it easier |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
98 |
private static final int HELLO_EXT_STATUS_REQ = 5; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
99 |
private static final int HELLO_EXT_STATUS_REQ_V2 = 17; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
100 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
101 |
/* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
102 |
* Main entry point for this test. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
103 |
*/ |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
104 |
public static void main(String args[]) throws Exception {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
105 |
if (debug) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
106 |
System.setProperty("javax.net.debug", "ssl");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
107 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
108 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
109 |
// Create the PKI we will use for the test and start the OCSP servers |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
110 |
createPKI(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
111 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
112 |
// Set up the KeyManagerFactory and TrustManagerFactory |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
113 |
kmf = KeyManagerFactory.getInstance("PKIX");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
114 |
kmf.init(serverKeystore, passwd.toCharArray()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
115 |
tmf = TrustManagerFactory.getInstance("PKIX");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
116 |
tmf.init(trustStore); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
117 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
118 |
// Run the client and server property tests |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
119 |
testClientProp(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
120 |
testServerProp(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
121 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
122 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
123 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
124 |
private static void testClientProp() throws Exception {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
125 |
SSLEngineResult clientResult; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
126 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
127 |
// Test with the client-side enable property set to true |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
128 |
System.out.println("=========================================");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
129 |
System.out.println("Client Test 1: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
130 |
"jdk.tls.client.enableStatusRequestExtension = true"); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
131 |
System.out.println("=========================================");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
132 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
133 |
System.setProperty("jdk.tls.client.enableStatusRequestExtension",
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
134 |
"true"); |
| 56542 | 135 |
System.out.println("*** TEST 1 BEFORE: " + System.getProperty("jdk.tls.client.enableStatusRequestExtension"));
|
136 |
SSLContext ctxStaple = SSLContext.getInstance("TLSv1.2");
|
|
137 |
System.out.println("*** TEST 1 AFTER: " + System.getProperty("jdk.tls.client.enableStatusRequestExtension"));
|
|
|
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
138 |
ctxStaple.init(null, tmf.getTrustManagers(), null); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
139 |
SSLEngine engine = ctxStaple.createSSLEngine(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
140 |
engine.setUseClientMode(true); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
141 |
SSLSession session = engine.getSession(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
142 |
ByteBuffer clientOut = ByteBuffer.wrap("I'm a Client".getBytes());
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
143 |
ByteBuffer cTOs = |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
144 |
ByteBuffer.allocateDirect(session.getPacketBufferSize()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
145 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
146 |
// Create and check the ClientHello message |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
147 |
clientResult = engine.wrap(clientOut, cTOs); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
148 |
log("client wrap: ", clientResult);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
149 |
if (clientResult.getStatus() != SSLEngineResult.Status.OK) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
150 |
throw new SSLException("Client wrap got status: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
151 |
clientResult.getStatus()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
152 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
153 |
cTOs.flip(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
154 |
System.out.println(dumpHexBytes(cTOs)); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
155 |
checkClientHello(cTOs, true, true); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
156 |
cHelloStaple = cTOs; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
157 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
158 |
// Test with the property set to false |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
159 |
System.out.println("=========================================");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
160 |
System.out.println("Client Test 2: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
161 |
"jdk.tls.client.enableStatusRequestExtension = false"); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
162 |
System.out.println("=========================================");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
163 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
164 |
System.setProperty("jdk.tls.client.enableStatusRequestExtension",
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
165 |
"false"); |
| 56542 | 166 |
System.out.println("*** TEST 2 BEFORE: " + System.getProperty("jdk.tls.client.enableStatusRequestExtension"));
|
167 |
SSLContext ctxNoStaple = SSLContext.getInstance("TLSv1.2");
|
|
168 |
System.out.println("*** TEST 2 AFTER: " + System.getProperty("jdk.tls.client.enableStatusRequestExtension"));
|
|
|
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
169 |
ctxNoStaple.init(null, tmf.getTrustManagers(), null); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
170 |
engine = ctxNoStaple.createSSLEngine(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
171 |
engine.setUseClientMode(true); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
172 |
session = engine.getSession(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
173 |
cTOs = ByteBuffer.allocateDirect(session.getPacketBufferSize()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
174 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
175 |
// Create and check the ClientHello message |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
176 |
clientResult = engine.wrap(clientOut, cTOs); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
177 |
log("client wrap: ", clientResult);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
178 |
if (clientResult.getStatus() != SSLEngineResult.Status.OK) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
179 |
throw new SSLException("Client wrap got status: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
180 |
clientResult.getStatus()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
181 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
182 |
cTOs.flip(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
183 |
System.out.println(dumpHexBytes(cTOs)); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
184 |
checkClientHello(cTOs, false, false); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
185 |
cHelloNoStaple = cTOs; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
186 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
187 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
188 |
private static void testServerProp() throws Exception {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
189 |
SSLEngineResult serverResult; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
190 |
HandshakeStatus hsStat; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
191 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
192 |
// Test with the server-side enable property set to true |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
193 |
System.out.println("=========================================");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
194 |
System.out.println("Server Test 1: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
195 |
"jdk.tls.server.enableStatusRequestExtension = true"); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
196 |
System.out.println("=========================================");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
197 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
198 |
System.setProperty("jdk.tls.server.enableStatusRequestExtension",
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
199 |
"true"); |
| 56542 | 200 |
SSLContext ctxStaple = SSLContext.getInstance("TLSv1.2");
|
|
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
201 |
ctxStaple.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
202 |
SSLEngine engine = ctxStaple.createSSLEngine(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
203 |
engine.setUseClientMode(false); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
204 |
SSLSession session = engine.getSession(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
205 |
ByteBuffer serverOut = ByteBuffer.wrap("I'm a Server".getBytes());
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
206 |
ByteBuffer serverIn = |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
207 |
ByteBuffer.allocate(session.getApplicationBufferSize() + 50); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
208 |
ByteBuffer sTOc = |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
209 |
ByteBuffer.allocateDirect(session.getPacketBufferSize()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
210 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
211 |
// Consume the client hello |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
212 |
serverResult = engine.unwrap(cHelloStaple, serverIn); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
213 |
log("server unwrap: ", serverResult);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
214 |
if (serverResult.getStatus() != SSLEngineResult.Status.OK) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
215 |
throw new SSLException("Server unwrap got status: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
216 |
serverResult.getStatus()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
217 |
} else if (serverResult.getHandshakeStatus() != |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
218 |
SSLEngineResult.HandshakeStatus.NEED_TASK) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
219 |
throw new SSLException("Server unwrap expected NEED_TASK, got: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
220 |
serverResult.getHandshakeStatus()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
221 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
222 |
runDelegatedTasks(serverResult, engine); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
223 |
if (engine.getHandshakeStatus() != |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
224 |
SSLEngineResult.HandshakeStatus.NEED_WRAP) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
225 |
throw new SSLException("Expected NEED_WRAP, got: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
226 |
engine.getHandshakeStatus()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
227 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
228 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
229 |
// Generate a TLS record with the ServerHello |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
230 |
serverResult = engine.wrap(serverOut, sTOc); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
231 |
log("client wrap: ", serverResult);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
232 |
if (serverResult.getStatus() != SSLEngineResult.Status.OK) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
233 |
throw new SSLException("Client wrap got status: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
234 |
serverResult.getStatus()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
235 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
236 |
sTOc.flip(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
237 |
System.out.println(dumpHexBytes(sTOc)); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
238 |
checkServerHello(sTOc, false, true); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
239 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
240 |
// Flip the client hello so we can reuse it in the next test. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
241 |
cHelloStaple.flip(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
242 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
243 |
// Test with the server-side enable property set to false |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
244 |
System.out.println("=========================================");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
245 |
System.out.println("Server Test 2: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
246 |
"jdk.tls.server.enableStatusRequestExtension = false"); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
247 |
System.out.println("=========================================");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
248 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
249 |
System.setProperty("jdk.tls.server.enableStatusRequestExtension",
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
250 |
"false"); |
| 56542 | 251 |
SSLContext ctxNoStaple = SSLContext.getInstance("TLSv1.2");
|
|
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
252 |
ctxNoStaple.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
253 |
engine = ctxNoStaple.createSSLEngine(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
254 |
engine.setUseClientMode(false); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
255 |
session = engine.getSession(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
256 |
serverIn = ByteBuffer.allocate(session.getApplicationBufferSize() + 50); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
257 |
sTOc = ByteBuffer.allocateDirect(session.getPacketBufferSize()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
258 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
259 |
// Consume the client hello |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
260 |
serverResult = engine.unwrap(cHelloStaple, serverIn); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
261 |
log("server unwrap: ", serverResult);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
262 |
if (serverResult.getStatus() != SSLEngineResult.Status.OK) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
263 |
throw new SSLException("Server unwrap got status: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
264 |
serverResult.getStatus()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
265 |
} else if (serverResult.getHandshakeStatus() != |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
266 |
SSLEngineResult.HandshakeStatus.NEED_TASK) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
267 |
throw new SSLException("Server unwrap expected NEED_TASK, got: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
268 |
serverResult.getHandshakeStatus()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
269 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
270 |
runDelegatedTasks(serverResult, engine); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
271 |
if (engine.getHandshakeStatus() != |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
272 |
SSLEngineResult.HandshakeStatus.NEED_WRAP) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
273 |
throw new SSLException("Expected NEED_WRAP, got: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
274 |
engine.getHandshakeStatus()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
275 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
276 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
277 |
// Generate a TLS record with the ServerHello |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
278 |
serverResult = engine.wrap(serverOut, sTOc); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
279 |
log("client wrap: ", serverResult);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
280 |
if (serverResult.getStatus() != SSLEngineResult.Status.OK) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
281 |
throw new SSLException("Client wrap got status: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
282 |
serverResult.getStatus()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
283 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
284 |
sTOc.flip(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
285 |
System.out.println(dumpHexBytes(sTOc)); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
286 |
checkServerHello(sTOc, false, false); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
287 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
288 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
289 |
/* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
290 |
* If the result indicates that we have outstanding tasks to do, |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
291 |
* go ahead and run them in this thread. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
292 |
*/ |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
293 |
private static void runDelegatedTasks(SSLEngineResult result, |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
294 |
SSLEngine engine) throws Exception {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
295 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
296 |
if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
297 |
Runnable runnable; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
298 |
while ((runnable = engine.getDelegatedTask()) != null) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
299 |
log("\trunning delegated task...");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
300 |
runnable.run(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
301 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
302 |
HandshakeStatus hsStatus = engine.getHandshakeStatus(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
303 |
if (hsStatus == HandshakeStatus.NEED_TASK) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
304 |
throw new Exception( |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
305 |
"handshake shouldn't need additional tasks"); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
306 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
307 |
log("\tnew HandshakeStatus: " + hsStatus);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
308 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
309 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
310 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
311 |
private static void log(String str, SSLEngineResult result) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
312 |
if (!logging) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
313 |
return; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
314 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
315 |
HandshakeStatus hsStatus = result.getHandshakeStatus(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
316 |
log(str + |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
317 |
result.getStatus() + "/" + hsStatus + ", " + |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
318 |
result.bytesConsumed() + "/" + result.bytesProduced() + |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
319 |
" bytes"); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
320 |
if (hsStatus == HandshakeStatus.FINISHED) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
321 |
log("\t...ready for application data");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
322 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
323 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
324 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
325 |
private static void log(String str) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
326 |
if (logging) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
327 |
System.out.println(str); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
328 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
329 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
330 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
331 |
/** |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
332 |
* Dump a ByteBuffer as a hexdump to stdout. The dumping routine will |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
333 |
* start at the current position of the buffer and run to its limit. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
334 |
* After completing the dump, the position will be returned to its |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
335 |
* starting point. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
336 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
337 |
* @param data the ByteBuffer to dump to stdout. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
338 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
339 |
* @return the hexdump of the byte array. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
340 |
*/ |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
341 |
private static String dumpHexBytes(ByteBuffer data) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
342 |
StringBuilder sb = new StringBuilder(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
343 |
if (data != null) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
344 |
int i = 0; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
345 |
data.mark(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
346 |
while (data.hasRemaining()) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
347 |
if (i % 16 == 0 && i != 0) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
348 |
sb.append("\n");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
349 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
350 |
sb.append(String.format("%02X ", data.get()));
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
351 |
i++; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
352 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
353 |
data.reset(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
354 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
355 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
356 |
return sb.toString(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
357 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
358 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
359 |
/** |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
360 |
* Tests the ClientHello for the presence (or not) of the status_request |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
361 |
* and status_request_v2 hello extensions. It is assumed that the provided |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
362 |
* ByteBuffer has its position set at the first byte of the TLS record |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
363 |
* containing the ClientHello and contains the entire hello message. Upon |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
364 |
* successful completion of this method the ByteBuffer will have its |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
365 |
* position reset to the initial offset in the buffer. If an exception is |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
366 |
* thrown the position at the time of the exception will be preserved. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
367 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
368 |
* @param data the ByteBuffer containing the ClientHello bytes |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
369 |
* @param statReqPresent true if the status_request hello extension should |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
370 |
* be present. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
371 |
* @param statReqV2Present true if the status_request_v2 hello extension |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
372 |
* should be present. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
373 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
374 |
* @throws SSLException if the presence or lack of either the |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
375 |
* status_request or status_request_v2 extensions is inconsistent with |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
376 |
* the expected settings in the statReqPresent or statReqV2Present |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
377 |
* parameters. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
378 |
*/ |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
379 |
private static void checkClientHello(ByteBuffer data, |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
380 |
boolean statReqPresent, boolean statReqV2Present) |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
381 |
throws SSLException {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
382 |
boolean hasV1 = false; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
383 |
boolean hasV2 = false; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
384 |
Objects.requireNonNull(data); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
385 |
data.mark(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
386 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
387 |
// Process the TLS record header |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
388 |
int type = Byte.toUnsignedInt(data.get()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
389 |
int ver_major = Byte.toUnsignedInt(data.get()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
390 |
int ver_minor = Byte.toUnsignedInt(data.get()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
391 |
int recLen = Short.toUnsignedInt(data.getShort()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
392 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
393 |
// Simple sanity checks |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
394 |
if (type != 22) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
395 |
throw new SSLException("Not a handshake: Type = " + type);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
396 |
} else if (recLen > data.remaining()) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
397 |
throw new SSLException("Incomplete record in buffer: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
398 |
"Record length = " + recLen + ", Remaining = " + |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
399 |
data.remaining()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
400 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
401 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
402 |
// Grab the handshake message header. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
403 |
int msgHdr = data.getInt(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
404 |
int msgType = (msgHdr >> 24) & 0x000000FF; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
405 |
int msgLen = msgHdr & 0x00FFFFFF; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
406 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
407 |
// More simple sanity checks |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
408 |
if (msgType != 1) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
409 |
throw new SSLException("Not a ClientHello: Type = " + msgType);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
410 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
411 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
412 |
// Skip over the protocol version and client random |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
413 |
data.position(data.position() + 34); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
414 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
415 |
// Jump past the session ID (if there is one) |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
416 |
int sessLen = Byte.toUnsignedInt(data.get()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
417 |
if (sessLen != 0) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
418 |
data.position(data.position() + sessLen); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
419 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
420 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
421 |
// Jump past the cipher suites |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
422 |
int csLen = Short.toUnsignedInt(data.getShort()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
423 |
if (csLen != 0) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
424 |
data.position(data.position() + csLen); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
425 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
426 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
427 |
// ...and the compression |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
428 |
int compLen = Byte.toUnsignedInt(data.get()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
429 |
if (compLen != 0) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
430 |
data.position(data.position() + compLen); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
431 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
432 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
433 |
// Now for the fun part. Go through the extensions and look |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
434 |
// for the two status request exts. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
435 |
int extsLen = Short.toUnsignedInt(data.getShort()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
436 |
while (data.hasRemaining()) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
437 |
int extType = Short.toUnsignedInt(data.getShort()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
438 |
int extLen = Short.toUnsignedInt(data.getShort()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
439 |
hasV1 |= (extType == HELLO_EXT_STATUS_REQ); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
440 |
hasV2 |= (extType == HELLO_EXT_STATUS_REQ_V2); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
441 |
data.position(data.position() + extLen); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
442 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
443 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
444 |
if (hasV1 != statReqPresent) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
445 |
throw new SSLException("The status_request extension is " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
446 |
"inconsistent with the expected result: expected = " + |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
447 |
statReqPresent + ", actual = " + hasV1); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
448 |
} else if (hasV2 != statReqV2Present) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
449 |
throw new SSLException("The status_request_v2 extension is " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
450 |
"inconsistent with the expected result: expected = " + |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
451 |
statReqV2Present + ", actual = " + hasV2); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
452 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
453 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
454 |
// We should be at the end of the ClientHello |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
455 |
data.reset(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
456 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
457 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
458 |
/** |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
459 |
* Tests the ServerHello for the presence (or not) of the status_request |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
460 |
* or status_request_v2 hello extension. It is assumed that the provided |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
461 |
* ByteBuffer has its position set at the first byte of the TLS record |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
462 |
* containing the ServerHello and contains the entire hello message. Upon |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
463 |
* successful completion of this method the ByteBuffer will have its |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
464 |
* position reset to the initial offset in the buffer. If an exception is |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
465 |
* thrown the position at the time of the exception will be preserved. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
466 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
467 |
* @param statReqPresent true if the status_request hello extension should |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
468 |
* be present. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
469 |
* @param statReqV2Present true if the status_request_v2 hello extension |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
470 |
* should be present. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
471 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
472 |
* @throws SSLException if the presence or lack of either the |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
473 |
* status_request or status_request_v2 extensions is inconsistent with |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
474 |
* the expected settings in the statReqPresent or statReqV2Present |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
475 |
* parameters. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
476 |
*/ |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
477 |
private static void checkServerHello(ByteBuffer data, |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
478 |
boolean statReqPresent, boolean statReqV2Present) |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
479 |
throws SSLException {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
480 |
boolean hasV1 = false; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
481 |
boolean hasV2 = false; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
482 |
Objects.requireNonNull(data); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
483 |
int startPos = data.position(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
484 |
data.mark(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
485 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
486 |
// Process the TLS record header |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
487 |
int type = Byte.toUnsignedInt(data.get()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
488 |
int ver_major = Byte.toUnsignedInt(data.get()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
489 |
int ver_minor = Byte.toUnsignedInt(data.get()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
490 |
int recLen = Short.toUnsignedInt(data.getShort()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
491 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
492 |
// Simple sanity checks |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
493 |
if (type != 22) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
494 |
throw new SSLException("Not a handshake: Type = " + type);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
495 |
} else if (recLen > data.remaining()) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
496 |
throw new SSLException("Incomplete record in buffer: " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
497 |
"Record length = " + recLen + ", Remaining = " + |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
498 |
data.remaining()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
499 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
500 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
501 |
// Grab the handshake message header. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
502 |
int msgHdr = data.getInt(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
503 |
int msgType = (msgHdr >> 24) & 0x000000FF; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
504 |
int msgLen = msgHdr & 0x00FFFFFF; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
505 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
506 |
// More simple sanity checks |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
507 |
if (msgType != 2) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
508 |
throw new SSLException("Not a ServerHello: Type = " + msgType);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
509 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
510 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
511 |
// Skip over the protocol version and server random |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
512 |
data.position(data.position() + 34); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
513 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
514 |
// Jump past the session ID |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
515 |
int sessLen = Byte.toUnsignedInt(data.get()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
516 |
if (sessLen != 0) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
517 |
data.position(data.position() + sessLen); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
518 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
519 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
520 |
// Skip the cipher suite and compression method |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
521 |
data.position(data.position() + 3); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
522 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
523 |
// Go through the extensions and look for the request extension |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
524 |
// expected by the caller. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
525 |
int extsLen = Short.toUnsignedInt(data.getShort()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
526 |
while (data.position() < recLen + startPos + 5) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
527 |
int extType = Short.toUnsignedInt(data.getShort()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
528 |
int extLen = Short.toUnsignedInt(data.getShort()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
529 |
hasV1 |= (extType == HELLO_EXT_STATUS_REQ); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
530 |
hasV2 |= (extType == HELLO_EXT_STATUS_REQ_V2); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
531 |
data.position(data.position() + extLen); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
532 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
533 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
534 |
if (hasV1 != statReqPresent) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
535 |
throw new SSLException("The status_request extension is " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
536 |
"inconsistent with the expected result: expected = " + |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
537 |
statReqPresent + ", actual = " + hasV1); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
538 |
} else if (hasV2 != statReqV2Present) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
539 |
throw new SSLException("The status_request_v2 extension is " +
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
540 |
"inconsistent with the expected result: expected = " + |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
541 |
statReqV2Present + ", actual = " + hasV2); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
542 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
543 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
544 |
// Reset the position to the initial spot at the start of this method. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
545 |
data.reset(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
546 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
547 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
548 |
/** |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
549 |
* Creates the PKI components necessary for this test, including |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
550 |
* Root CA, Intermediate CA and SSL server certificates, the keystores |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
551 |
* for each entity, a client trust store, and starts the OCSP responders. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
552 |
*/ |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
553 |
private static void createPKI() throws Exception {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
554 |
CertificateBuilder cbld = new CertificateBuilder(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
555 |
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
556 |
keyGen.initialize(2048); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
557 |
KeyStore.Builder keyStoreBuilder = |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
558 |
KeyStore.Builder.newInstance("PKCS12", null,
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
559 |
new KeyStore.PasswordProtection(passwd.toCharArray())); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
560 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
561 |
// Generate Root, IntCA, EE keys |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
562 |
KeyPair rootCaKP = keyGen.genKeyPair(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
563 |
log("Generated Root CA KeyPair");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
564 |
KeyPair intCaKP = keyGen.genKeyPair(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
565 |
log("Generated Intermediate CA KeyPair");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
566 |
KeyPair sslKP = keyGen.genKeyPair(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
567 |
log("Generated SSL Cert KeyPair");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
568 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
569 |
// Set up the Root CA Cert |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
570 |
cbld.setSubjectName("CN=Root CA Cert, O=SomeCompany");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
571 |
cbld.setPublicKey(rootCaKP.getPublic()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
572 |
cbld.setSerialNumber(new BigInteger("1"));
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
573 |
// Make a 3 year validity starting from 60 days ago |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
574 |
long start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(60); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
575 |
long end = start + TimeUnit.DAYS.toMillis(1085); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
576 |
cbld.setValidity(new Date(start), new Date(end)); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
577 |
addCommonExts(cbld, rootCaKP.getPublic(), rootCaKP.getPublic()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
578 |
addCommonCAExts(cbld); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
579 |
// Make our Root CA Cert! |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
580 |
X509Certificate rootCert = cbld.build(null, rootCaKP.getPrivate(), |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
581 |
"SHA256withRSA"); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
582 |
log("Root CA Created:\n" + certInfo(rootCert));
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
583 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
584 |
// Now build a keystore and add the keys and cert |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
585 |
rootKeystore = keyStoreBuilder.getKeyStore(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
586 |
java.security.cert.Certificate[] rootChain = {rootCert};
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
587 |
rootKeystore.setKeyEntry(ROOT_ALIAS, rootCaKP.getPrivate(), |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
588 |
passwd.toCharArray(), rootChain); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
589 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
590 |
// Now fire up the OCSP responder |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
591 |
rootOcsp = new SimpleOCSPServer(rootKeystore, passwd, ROOT_ALIAS, null); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
592 |
rootOcsp.enableLog(logging); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
593 |
rootOcsp.setNextUpdateInterval(3600); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
594 |
rootOcsp.start(); |
|
37309
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
595 |
|
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
596 |
// Wait 5 seconds for server ready |
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
597 |
for (int i = 0; (i < 100 && !rootOcsp.isServerReady()); i++) {
|
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
598 |
Thread.sleep(50); |
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
599 |
} |
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
600 |
if (!rootOcsp.isServerReady()) {
|
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
601 |
throw new RuntimeException("Server not ready yet");
|
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
602 |
} |
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
603 |
|
|
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
604 |
rootOcspPort = rootOcsp.getPort(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
605 |
String rootRespURI = "http://localhost:" + rootOcspPort; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
606 |
log("Root OCSP Responder URI is " + rootRespURI);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
607 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
608 |
// Now that we have the root keystore and OCSP responder we can |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
609 |
// create our intermediate CA. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
610 |
cbld.reset(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
611 |
cbld.setSubjectName("CN=Intermediate CA Cert, O=SomeCompany");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
612 |
cbld.setPublicKey(intCaKP.getPublic()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
613 |
cbld.setSerialNumber(new BigInteger("100"));
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
614 |
// Make a 2 year validity starting from 30 days ago |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
615 |
start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(30); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
616 |
end = start + TimeUnit.DAYS.toMillis(730); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
617 |
cbld.setValidity(new Date(start), new Date(end)); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
618 |
addCommonExts(cbld, intCaKP.getPublic(), rootCaKP.getPublic()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
619 |
addCommonCAExts(cbld); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
620 |
cbld.addAIAExt(Collections.singletonList(rootRespURI)); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
621 |
// Make our Intermediate CA Cert! |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
622 |
X509Certificate intCaCert = cbld.build(rootCert, rootCaKP.getPrivate(), |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
623 |
"SHA256withRSA"); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
624 |
log("Intermediate CA Created:\n" + certInfo(intCaCert));
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
625 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
626 |
// Provide intermediate CA cert revocation info to the Root CA |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
627 |
// OCSP responder. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
628 |
Map<BigInteger, SimpleOCSPServer.CertStatusInfo> revInfo = |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
629 |
new HashMap<>(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
630 |
revInfo.put(intCaCert.getSerialNumber(), |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
631 |
new SimpleOCSPServer.CertStatusInfo( |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
632 |
SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD)); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
633 |
rootOcsp.updateStatusDb(revInfo); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
634 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
635 |
// Now build a keystore and add the keys, chain and root cert as a TA |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
636 |
intKeystore = keyStoreBuilder.getKeyStore(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
637 |
java.security.cert.Certificate[] intChain = {intCaCert, rootCert};
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
638 |
intKeystore.setKeyEntry(INT_ALIAS, intCaKP.getPrivate(), |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
639 |
passwd.toCharArray(), intChain); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
640 |
intKeystore.setCertificateEntry(ROOT_ALIAS, rootCert); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
641 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
642 |
// Now fire up the Intermediate CA OCSP responder |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
643 |
intOcsp = new SimpleOCSPServer(intKeystore, passwd, |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
644 |
INT_ALIAS, null); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
645 |
intOcsp.enableLog(logging); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
646 |
intOcsp.setNextUpdateInterval(3600); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
647 |
intOcsp.start(); |
|
37309
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
648 |
|
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
649 |
// Wait 5 seconds for server ready |
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
650 |
for (int i = 0; (i < 100 && !intOcsp.isServerReady()); i++) {
|
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
651 |
Thread.sleep(50); |
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
652 |
} |
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
653 |
if (!intOcsp.isServerReady()) {
|
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
654 |
throw new RuntimeException("Server not ready yet");
|
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
655 |
} |
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
656 |
|
|
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
657 |
intOcspPort = intOcsp.getPort(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
658 |
String intCaRespURI = "http://localhost:" + intOcspPort; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
659 |
log("Intermediate CA OCSP Responder URI is " + intCaRespURI);
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
660 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
661 |
// Last but not least, let's make our SSLCert and add it to its own |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
662 |
// Keystore |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
663 |
cbld.reset(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
664 |
cbld.setSubjectName("CN=SSLCertificate, O=SomeCompany");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
665 |
cbld.setPublicKey(sslKP.getPublic()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
666 |
cbld.setSerialNumber(new BigInteger("4096"));
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
667 |
// Make a 1 year validity starting from 7 days ago |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
668 |
start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(7); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
669 |
end = start + TimeUnit.DAYS.toMillis(365); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
670 |
cbld.setValidity(new Date(start), new Date(end)); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
671 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
672 |
// Add extensions |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
673 |
addCommonExts(cbld, sslKP.getPublic(), intCaKP.getPublic()); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
674 |
boolean[] kuBits = {true, false, true, false, false, false,
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
675 |
false, false, false}; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
676 |
cbld.addKeyUsageExt(kuBits); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
677 |
List<String> ekuOids = new ArrayList<>(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
678 |
ekuOids.add("1.3.6.1.5.5.7.3.1");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
679 |
ekuOids.add("1.3.6.1.5.5.7.3.2");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
680 |
cbld.addExtendedKeyUsageExt(ekuOids); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
681 |
cbld.addSubjectAltNameDNSExt(Collections.singletonList("localhost"));
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
682 |
cbld.addAIAExt(Collections.singletonList(intCaRespURI)); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
683 |
// Make our SSL Server Cert! |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
684 |
X509Certificate sslCert = cbld.build(intCaCert, intCaKP.getPrivate(), |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
685 |
"SHA256withRSA"); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
686 |
log("SSL Certificate Created:\n" + certInfo(sslCert));
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
687 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
688 |
// Provide SSL server cert revocation info to the Intermeidate CA |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
689 |
// OCSP responder. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
690 |
revInfo = new HashMap<>(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
691 |
revInfo.put(sslCert.getSerialNumber(), |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
692 |
new SimpleOCSPServer.CertStatusInfo( |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
693 |
SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD)); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
694 |
intOcsp.updateStatusDb(revInfo); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
695 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
696 |
// Now build a keystore and add the keys, chain and root cert as a TA |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
697 |
serverKeystore = keyStoreBuilder.getKeyStore(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
698 |
java.security.cert.Certificate[] sslChain = {sslCert, intCaCert, rootCert};
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
699 |
serverKeystore.setKeyEntry(SSL_ALIAS, sslKP.getPrivate(), |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
700 |
passwd.toCharArray(), sslChain); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
701 |
serverKeystore.setCertificateEntry(ROOT_ALIAS, rootCert); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
702 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
703 |
// And finally a Trust Store for the client |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
704 |
trustStore = keyStoreBuilder.getKeyStore(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
705 |
trustStore.setCertificateEntry(ROOT_ALIAS, rootCert); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
706 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
707 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
708 |
private static void addCommonExts(CertificateBuilder cbld, |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
709 |
PublicKey subjKey, PublicKey authKey) throws IOException {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
710 |
cbld.addSubjectKeyIdExt(subjKey); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
711 |
cbld.addAuthorityKeyIdExt(authKey); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
712 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
713 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
714 |
private static void addCommonCAExts(CertificateBuilder cbld) |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
715 |
throws IOException {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
716 |
cbld.addBasicConstraintsExt(true, true, -1); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
717 |
// Set key usage bits for digitalSignature, keyCertSign and cRLSign |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
718 |
boolean[] kuBitSettings = {true, false, false, false, false, true,
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
719 |
true, false, false}; |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
720 |
cbld.addKeyUsageExt(kuBitSettings); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
721 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
722 |
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
723 |
/** |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
724 |
* Helper routine that dumps only a few cert fields rather than |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
725 |
* the whole toString() output. |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
726 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
727 |
* @param cert an X509Certificate to be displayed |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
728 |
* |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
729 |
* @return the String output of the issuer, subject and |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
730 |
* serial number |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
731 |
*/ |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
732 |
private static String certInfo(X509Certificate cert) {
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
733 |
StringBuilder sb = new StringBuilder(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
734 |
sb.append("Issuer: ").append(cert.getIssuerX500Principal()).
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
735 |
append("\n");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
736 |
sb.append("Subject: ").append(cert.getSubjectX500Principal()).
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
737 |
append("\n");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
738 |
sb.append("Serial: ").append(cert.getSerialNumber()).append("\n");
|
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
739 |
return sb.toString(); |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
740 |
} |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
741 |
} |