jdk-sandbox: test/jdk/javax/net/ssl/Stapling/SSLSocketWithStapling.java@68fa3d4026ea (annotated)

32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1	/*
44479 9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	2	* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	4	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	7	* published by the Free Software Foundation.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	8	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	13	* accompanied this code).
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	14	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	18	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	21	* questions.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	22	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	23
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	24	// SunJSSE does not support dynamic system properties, no way to re-use
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	25	// system properties in samevm/agentvm mode.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	26
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	27	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	28	* @test
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	29	* @bug 8046321 8153829
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	30	* @summary OCSP Stapling for TLS
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	31	* @library ../../../../java/security/testlibrary
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	32	* @build CertificateBuilder SimpleOCSPServer
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	33	* @run main/othervm SSLSocketWithStapling
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	34	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	35
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	36	import java.io.*;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	37	import java.math.BigInteger;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	38	import java.net.InetAddress;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	39	import java.net.Socket;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	40	import java.net.ServerSocket;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	41	import java.security.GeneralSecurityException;
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	42	import java.security.KeyPair;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	43	import java.security.KeyPairGenerator;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	44	import javax.net.ssl.*;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	45	import java.security.KeyStore;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	46	import java.security.PublicKey;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	47	import java.security.Security;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	48	import java.security.cert.CertPathValidator;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	49	import java.security.cert.CertPathValidatorException;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	50	import java.security.cert.CertPathValidatorException.BasicReason;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	51	import java.security.cert.Certificate;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	52	import java.security.cert.PKIXBuilderParameters;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	53	import java.security.cert.X509CertSelector;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	54	import java.security.cert.X509Certificate;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	55	import java.security.cert.PKIXRevocationChecker;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	56	import java.security.cert.PKIXRevocationChecker.Option;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	57	import java.util.ArrayList;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	58	import java.util.Collections;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	59	import java.util.Date;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	60	import java.util.EnumSet;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	61	import java.util.List;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	62	import java.util.Map;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	63	import java.util.HashMap;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	64	import java.util.concurrent.TimeUnit;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	65
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	66	import sun.security.testlibrary.SimpleOCSPServer;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	67	import sun.security.testlibrary.CertificateBuilder;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	68
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	69	public class SSLSocketWithStapling {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	70
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	71	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	72	* =============================================================
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	73	* Set the various variables needed for the tests, then
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	74	* specify what tests to run on each side.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	75	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	76
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	77	// Turn on TLS debugging
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	78	static final boolean debug = false;
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	79
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	80	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	81	* Should we run the client or server in a separate thread?
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	82	* Both sides can throw exceptions, but do you have a preference
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	83	* as to which side should be the main thread.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	84	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	85	static boolean separateServerThread = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	86	Thread clientThread = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	87	Thread serverThread = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	88
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	89	static String passwd = "passphrase";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	90	static String ROOT_ALIAS = "root";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	91	static String INT_ALIAS = "intermediate";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	92	static String SSL_ALIAS = "ssl";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	93
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	94	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	95	* Is the server ready to serve?
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	96	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	97	volatile static boolean serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	98	volatile int serverPort = 0;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	99
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	100	volatile Exception serverException = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	101	volatile Exception clientException = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	102
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	103	// PKI components we will need for this test
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	104	static KeyStore rootKeystore; // Root CA Keystore
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	105	static KeyStore intKeystore; // Intermediate CA Keystore
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	106	static KeyStore serverKeystore; // SSL Server Keystore
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	107	static KeyStore trustStore; // SSL Client trust store
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	108	static SimpleOCSPServer rootOcsp; // Root CA OCSP Responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	109	static int rootOcspPort; // Port number for root OCSP
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	110	static SimpleOCSPServer intOcsp; // Intermediate CA OCSP Responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	111	static int intOcspPort; // Port number for intermed. OCSP
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	112
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	113	// Extra configuration parameters and constants
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	114	static final String[] TLS13ONLY = new String[] { "TLSv1.3" };
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	115	static final String[] TLS12MAX =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	116	new String[] { "TLSv1.2", "TLSv1.1", "TLSv1" };
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	117
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	118	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	119	* If the client or server is doing some kind of object creation
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	120	* that the other side depends on, and that thread prematurely
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	121	* exits, you may experience a hang. The test harness will
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	122	* terminate all hung threads after its timeout has expired,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	123	* currently 3 minutes by default, but you might try to be
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	124	* smart about it....
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	125	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	126	public static void main(String[] args) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	127	if (debug) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	128	System.setProperty("javax.net.debug", "ssl:handshake");
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	129	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	130
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	131	try {
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	132	// Create the PKI we will use for the test and start the OCSP servers
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	133	createPKI();
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	134
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	135	testAllDefault(false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	136	testAllDefault(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	137	testPKIXParametersRevEnabled(false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	138	testPKIXParametersRevEnabled(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	139	testRevokedCertificate(false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	140	testRevokedCertificate(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	141	testRevokedIntermediate(false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	142	testRevokedIntermediate(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	143	testMissingIntermediate(false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	144	testMissingIntermediate(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	145	testHardFailFallback(false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	146	testHardFailFallback(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	147	testSoftFailFallback(false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	148	testSoftFailFallback(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	149	testLatencyNoStaple(false, false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	150	testLatencyNoStaple(false, true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	151	testLatencyNoStaple(true, false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	152	testLatencyNoStaple(true, true);
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	153	} finally {
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	154	// shut down the OCSP responders before finishing the test
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	155	intOcsp.stop();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	156	rootOcsp.stop();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	157	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	158	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	159
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	160	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	161	* Default test using no externally-configured PKIXBuilderParameters
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	162	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	163	static void testAllDefault(boolean isTls13) throws Exception {
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	164	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	165	ServerParameters servParams = new ServerParameters();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	166	if (isTls13) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	167	cliParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	168	servParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	169	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	170	cliParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	171	servParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	172	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	173	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	174	Map<BigInteger, SimpleOCSPServer.CertStatusInfo> revInfo =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	175	new HashMap<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	176
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	177	// We will prove revocation checking is disabled by marking the SSL
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	178	// certificate as revoked. The test would only pass if revocation
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	179	// checking did not happen.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	180	X509Certificate sslCert =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	181	(X509Certificate)serverKeystore.getCertificate(SSL_ALIAS);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	182	Date fiveMinsAgo = new Date(System.currentTimeMillis() -
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	183	TimeUnit.MINUTES.toMillis(5));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	184	revInfo.put(sslCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	185	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	186	SimpleOCSPServer.CertStatus.CERT_STATUS_REVOKED,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	187	fiveMinsAgo));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	188	intOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	189
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	190	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	191	System.out.println("Stapling enabled, default configuration");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	192	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	193
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	194	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	195	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	196	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	197	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	198	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	199	} else if (tr.serverExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	200	throw tr.serverExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	201	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	202
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	203	// Return the ssl certificate to non-revoked status
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	204	revInfo.put(sslCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	205	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	206	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	207	intOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	208
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	209	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	210	System.out.println("=======================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	211	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	212
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	213	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	214	* Do a basic connection using PKIXParameters with revocation checking
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	215	* enabled and client-side OCSP disabled. It will only pass if all
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	216	* stapled responses are present, valid and have a GOOD status.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	217	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	218	static void testPKIXParametersRevEnabled(boolean isTls13) throws Exception {
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	219	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	220	ServerParameters servParams = new ServerParameters();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	221	if (isTls13) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	222	cliParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	223	servParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	224	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	225	cliParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	226	servParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	227	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	228	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	229
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	230	System.out.println("=====================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	231	System.out.println("Stapling enabled, PKIXParameters with");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	232	System.out.println("Revocation checking enabled ");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	233	System.out.println("=====================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	234
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	235	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	236	new X509CertSelector());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	237	cliParams.pkixParams.setRevocationEnabled(true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	238	Security.setProperty("ocsp.enable", "false");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	239
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	240	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	241	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	242	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	243	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	244	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	245	} else if (tr.serverExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	246	throw tr.serverExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	247	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	248
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	249	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	250	System.out.println("=====================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	251	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	252
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	253	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	254	* Perform a test where the certificate is revoked and placed in the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	255	* TLS handshake. Client-side OCSP is disabled, so this test will only
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	256	* pass if the OCSP response is found, since we will check the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	257	* CertPathValidatorException reason for revoked status.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	258	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	259	static void testRevokedCertificate(boolean isTls13) throws Exception {
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	260	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	261	ServerParameters servParams = new ServerParameters();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	262	if (isTls13) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	263	cliParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	264	servParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	265	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	266	cliParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	267	servParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	268	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	269	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	270	Map<BigInteger, SimpleOCSPServer.CertStatusInfo> revInfo =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	271	new HashMap<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	272
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	273	// We will prove revocation checking is disabled by marking the SSL
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	274	// certificate as revoked. The test would only pass if revocation
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	275	// checking did not happen.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	276	X509Certificate sslCert =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	277	(X509Certificate)serverKeystore.getCertificate(SSL_ALIAS);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	278	Date fiveMinsAgo = new Date(System.currentTimeMillis() -
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	279	TimeUnit.MINUTES.toMillis(5));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	280	revInfo.put(sslCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	281	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	282	SimpleOCSPServer.CertStatus.CERT_STATUS_REVOKED,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	283	fiveMinsAgo));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	284	intOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	285
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	286	System.out.println("============================================");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	287	System.out.println("Stapling enabled, detect revoked certificate");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	288	System.out.println("============================================");
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	289
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	290	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	291	new X509CertSelector());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	292	cliParams.pkixParams.setRevocationEnabled(true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	293	Security.setProperty("ocsp.enable", "false");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	294
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	295	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	296	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	297	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	298	if (!checkClientValidationFailure(tr.clientExc, BasicReason.REVOKED)) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	299	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	300	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	301	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	302	throw new RuntimeException(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	303	"Expected client failure, but the client succeeded");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	304	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	305	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	306
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	307	// Return the ssl certificate to non-revoked status
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	308	revInfo.put(sslCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	309	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	310	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	311	intOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	312
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	313	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	314	System.out.println("=======================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	315	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	316
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	317	/**
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	318	* Perform a test where the intermediate CA certificate is revoked and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	319	* placed in the TLS handshake. Client-side OCSP is disabled, so this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	320	* test will only pass if the OCSP response for the intermediate CA is
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	321	* found and placed into the CertificateStatus or Certificate message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	322	* (depending on the protocol version) since we will check
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	323	* the CertPathValidatorException reason for revoked status.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	324	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	325	static void testRevokedIntermediate(boolean isTls13) throws Exception {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	326	ClientParameters cliParams = new ClientParameters();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	327	ServerParameters servParams = new ServerParameters();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	328	if (isTls13) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	329	cliParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	330	servParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	331	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	332	cliParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	333	servParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	334	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	335	serverReady = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	336	Map<BigInteger, SimpleOCSPServer.CertStatusInfo> revInfo =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	337	new HashMap<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	338
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	339	// We will prove revocation checking is disabled by marking the SSL
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	340	// certificate as revoked. The test would only pass if revocation
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	341	// checking did not happen.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	342	X509Certificate intCACert =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	343	(X509Certificate)intKeystore.getCertificate(INT_ALIAS);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	344	Date fiveMinsAgo = new Date(System.currentTimeMillis() -
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	345	TimeUnit.MINUTES.toMillis(5));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	346	revInfo.put(intCACert.getSerialNumber(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	347	new SimpleOCSPServer.CertStatusInfo(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	348	SimpleOCSPServer.CertStatus.CERT_STATUS_REVOKED,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	349	fiveMinsAgo));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	350	rootOcsp.updateStatusDb(revInfo);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	351
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	352	System.out.println("===============================================");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	353	System.out.println("Stapling enabled, detect revoked CA certificate");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	354	System.out.println("===============================================");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	355
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	356	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	357	new X509CertSelector());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	358	cliParams.pkixParams.setRevocationEnabled(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	359	Security.setProperty("ocsp.enable", "false");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	360
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	361	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	362	servParams);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	363	TestResult tr = sslTest.getResult();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	364	if (!checkClientValidationFailure(tr.clientExc, BasicReason.REVOKED)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	365	if (tr.clientExc != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	366	throw tr.clientExc;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	367	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	368	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	369	"Expected client failure, but the client succeeded");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	370	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	371	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	372
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	373	// Return the ssl certificate to non-revoked status
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	374	revInfo.put(intCACert.getSerialNumber(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	375	new SimpleOCSPServer.CertStatusInfo(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	376	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	377	rootOcsp.updateStatusDb(revInfo);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	378
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	379	System.out.println(" PASS");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	380	System.out.println("=======================================\n");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	381	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	382
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	383	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	384	* Test a case where OCSP stapling is attempted, but partially occurs
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	385	* because the root OCSP responder is unreachable. This should use a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	386	* default hard-fail behavior.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	387	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	388	static void testMissingIntermediate(boolean isTls13) throws Exception {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	389	ClientParameters cliParams = new ClientParameters();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	390	ServerParameters servParams = new ServerParameters();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	391	if (isTls13) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	392	cliParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	393	servParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	394	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	395	cliParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	396	servParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	397	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	398	serverReady = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	399
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	400	// Make the OCSP responder reject connections
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	401	rootOcsp.rejectConnections();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	402
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	403	System.out.println("=======================================");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	404	System.out.println("Stapling enbled in client and server,");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	405	System.out.println("but root OCSP responder disabled.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	406	System.out.println("PKIXParameters with Revocation checking");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	407	System.out.println("enabled.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	408	System.out.println("=======================================");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	409
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	410	Security.setProperty("ocsp.enable", "false");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	411	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	412	new X509CertSelector());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	413	cliParams.pkixParams.setRevocationEnabled(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	414
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	415	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	416	servParams);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	417	TestResult tr = sslTest.getResult();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	418	if (!checkClientValidationFailure(tr.clientExc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	419	BasicReason.UNDETERMINED_REVOCATION_STATUS)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	420	if (tr.clientExc != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	421	throw tr.clientExc;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	422	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	423	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	424	"Expected client failure, but the client succeeded");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	425	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	426	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	427
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	428	System.out.println(" PASS");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	429	System.out.println("=======================================\n");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	430
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	431	// Make root OCSP responder accept connections
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	432	rootOcsp.acceptConnections();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	433
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	434	// Wait 5 seconds for server ready
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	435	for (int i = 0; (i < 100 && !rootOcsp.isServerReady()); i++) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	436	Thread.sleep(50);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	437	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	438	if (!rootOcsp.isServerReady()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	439	throw new RuntimeException("Root OCSP responder not ready yet");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	440	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	441	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	442
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	443	/**
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	444	* Test a case where client-side stapling is attempted, but does not
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	445	* occur because OCSP responders are unreachable. This should use a
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	446	* default hard-fail behavior.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	447	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	448	static void testHardFailFallback(boolean isTls13) throws Exception {
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	449	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	450	ServerParameters servParams = new ServerParameters();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	451	if (isTls13) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	452	cliParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	453	servParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	454	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	455	cliParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	456	servParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	457	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	458	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	459
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	460	// make OCSP responders reject connections
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	461	intOcsp.rejectConnections();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	462	rootOcsp.rejectConnections();
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	463
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	464	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	465	System.out.println("Stapling enbled in client and server,");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	466	System.out.println("but OCSP responders disabled.");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	467	System.out.println("PKIXParameters with Revocation checking");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	468	System.out.println("enabled.");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	469	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	470
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	471	Security.setProperty("ocsp.enable", "true");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	472	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	473	new X509CertSelector());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	474	cliParams.pkixParams.setRevocationEnabled(true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	475
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	476	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	477	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	478	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	479	if (!checkClientValidationFailure(tr.clientExc,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	480	BasicReason.UNDETERMINED_REVOCATION_STATUS)) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	481	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	482	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	483	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	484	throw new RuntimeException(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	485	"Expected client failure, but the client succeeded");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	486	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	487	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	488
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	489	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	490	System.out.println("=======================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	491
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	492	// Make OCSP responders accept connections
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	493	intOcsp.acceptConnections();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	494	rootOcsp.acceptConnections();
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	495
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	496	// Wait 5 seconds for server ready
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	497	for (int i = 0; (i < 100 && (!intOcsp.isServerReady() \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	498	!rootOcsp.isServerReady())); i++) {
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	499	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	500	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	501	if (!intOcsp.isServerReady() \|\| !rootOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	502	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	503	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	504	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	505
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	506	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	507	* Test a case where client-side stapling is attempted, but does not
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	508	* occur because OCSP responders are unreachable. Client-side OCSP
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	509	* checking is enabled for this, with SOFT_FAIL.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	510	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	511	static void testSoftFailFallback(boolean isTls13) throws Exception {
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	512	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	513	ServerParameters servParams = new ServerParameters();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	514	if (isTls13) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	515	cliParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	516	servParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	517	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	518	cliParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	519	servParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	520	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	521	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	522
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	523	// make OCSP responders reject connections
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	524	intOcsp.rejectConnections();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	525	rootOcsp.rejectConnections();
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	526
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	527	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	528	System.out.println("Stapling enbled in client and server,");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	529	System.out.println("but OCSP responders disabled.");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	530	System.out.println("PKIXParameters with Revocation checking");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	531	System.out.println("enabled and SOFT_FAIL.");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	532	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	533
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	534	Security.setProperty("ocsp.enable", "true");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	535	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	536	new X509CertSelector());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	537	cliParams.pkixParams.setRevocationEnabled(true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	538	CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	539	cliParams.revChecker =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	540	(PKIXRevocationChecker)cpv.getRevocationChecker();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	541	cliParams.revChecker.setOptions(EnumSet.of(Option.SOFT_FAIL));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	542
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	543	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	544	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	545	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	546	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	547	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	548	} else if (tr.serverExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	549	throw tr.serverExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	550	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	551
44479 9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	552	// make sure getSoftFailExceptions is not empty
9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	553	if (cliParams.revChecker.getSoftFailExceptions().isEmpty()) {
9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	554	throw new Exception("No soft fail exceptions");
9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	555	}
9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	556
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	557	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	558	System.out.println("=======================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	559
44479 9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	560
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	561	// Make OCSP responders accept connections
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	562	intOcsp.acceptConnections();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	563	rootOcsp.acceptConnections();
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	564
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	565	// Wait 5 seconds for server ready
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	566	for (int i = 0; (i < 100 && (!intOcsp.isServerReady() \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	567	!rootOcsp.isServerReady())); i++) {
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	568	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	569	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	570	if (!intOcsp.isServerReady() \|\| !rootOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	571	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	572	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	573	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	574
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	575	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	576	* This test initiates stapling from the client, but the server does not
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	577	* support OCSP stapling for this connection. In this case it happens
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	578	* because the latency of the OCSP responders is longer than the server
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	579	* is willing to wait. To keep the test streamlined, we will set the server
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	580	* latency to a 1 second wait, and set the responder latency to 3 seconds.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	581	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	582	* @param fallback if we allow client-side OCSP fallback, which
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	583	* will change the result from the client failing with CPVE (no fallback)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	584	* to a pass (fallback active).
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	585	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	586	static void testLatencyNoStaple(Boolean fallback, boolean isTls13)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	587	throws Exception {
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	588	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	589	ServerParameters servParams = new ServerParameters();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	590	if (isTls13) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	591	cliParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	592	servParams.protocols = TLS13ONLY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	593	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	594	cliParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	595	servParams.protocols = TLS12MAX;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	596	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	597	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	598
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	599	// Give a 1 second delay before running the test.
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	600	intOcsp.setDelay(3000);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	601	rootOcsp.setDelay(3000);
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	602	Thread.sleep(1000);
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	603
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	604	// Wait 5 seconds for server ready
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	605	for (int i = 0; (i < 100 && (!intOcsp.isServerReady() \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	606	!rootOcsp.isServerReady())); i++) {
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	607	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	608	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	609	if (!intOcsp.isServerReady() \|\| !rootOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	610	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	611	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	612
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	613	System.out.println("========================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	614	System.out.println("Stapling enbled in client. Server does");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	615	System.out.println("not support stapling due to OCSP latency.");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	616	System.out.println("PKIXParameters with Revocation checking");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	617	System.out.println("enabled, client-side OCSP checking is.");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	618	System.out.println(fallback ? "enabled" : "disabled");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	619	System.out.println("========================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	620
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	621	Security.setProperty("ocsp.enable", fallback.toString());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	622	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	623	new X509CertSelector());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	624	cliParams.pkixParams.setRevocationEnabled(true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	625	servParams.respTimeout = 1000;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	626
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	627	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	628	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	629	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	630
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	631	if (fallback) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	632	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	633	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	634	} else if (tr.serverExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	635	throw tr.serverExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	636	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	637	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	638	if (!checkClientValidationFailure(tr.clientExc,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	639	BasicReason.UNDETERMINED_REVOCATION_STATUS)) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	640	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	641	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	642	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	643	throw new RuntimeException(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	644	"Expected client failure, but the client succeeded");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	645	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	646	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	647	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	648	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	649	System.out.println("========================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	650
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	651	// Remove the OCSP responder latency
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	652	intOcsp.setDelay(0);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	653	rootOcsp.setDelay(0);
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	654	Thread.sleep(1000);
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	655
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	656	// Wait 5 seconds for server ready
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	657	for (int i = 0; (i < 100 && (!intOcsp.isServerReady() \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	658	!rootOcsp.isServerReady())); i++) {
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	659	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	660	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	661	if (!intOcsp.isServerReady() \|\| !rootOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	662	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	663	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	664	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	665
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	666	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	667	* Define the server side of the test.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	668	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	669	* If the server prematurely exits, serverReady will be set to true
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	670	* to avoid infinite hangs.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	671	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	672	void doServerSide(ServerParameters servParams) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	673
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	674	// Selectively enable or disable the feature
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	675	System.setProperty("jdk.tls.server.enableStatusRequestExtension",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	676	Boolean.toString(servParams.enabled));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	677
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	678	// Set all the other operating parameters
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	679	System.setProperty("jdk.tls.stapling.cacheSize",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	680	Integer.toString(servParams.cacheSize));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	681	System.setProperty("jdk.tls.stapling.cacheLifetime",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	682	Integer.toString(servParams.cacheLifetime));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	683	System.setProperty("jdk.tls.stapling.responseTimeout",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	684	Integer.toString(servParams.respTimeout));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	685	System.setProperty("jdk.tls.stapling.responderURI", servParams.respUri);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	686	System.setProperty("jdk.tls.stapling.responderOverride",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	687	Boolean.toString(servParams.respOverride));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	688	System.setProperty("jdk.tls.stapling.ignoreExtensions",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	689	Boolean.toString(servParams.ignoreExts));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	690
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	691	// Set keystores and trust stores for the server
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	692	KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	693	kmf.init(serverKeystore, passwd.toCharArray());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	694	TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	695	tmf.init(trustStore);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	696
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	697	SSLContext sslc = SSLContext.getInstance("TLS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	698	sslc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	699
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	700	SSLServerSocketFactory sslssf = new CustomizedServerSocketFactory(sslc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	701	servParams.protocols, servParams.ciphers);
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	702
39317 fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	703	try (SSLServerSocket sslServerSocket =
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	704	(SSLServerSocket) sslssf.createServerSocket(serverPort)) {
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	705
39317 fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	706	serverPort = sslServerSocket.getLocalPort();
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	707
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	708	/*
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	709	* Signal Client, we're ready for his connect.
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	710	*/
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	711	serverReady = true;
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	712
39317 fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	713	try (SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	714	InputStream sslIS = sslSocket.getInputStream();
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	715	OutputStream sslOS = sslSocket.getOutputStream()) {
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	716	int numberIn = sslIS.read();
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	717	int numberSent = 85;
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	718	log("Server received number: " + numberIn);
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	719	sslOS.write(numberSent);
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	720	sslOS.flush();
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	721	log("Server sent number: " + numberSent);
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	722	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	723	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	724	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	725
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	726	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	727	* Define the client side of the test.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	728	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	729	* If the server prematurely exits, serverReady will be set to true
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	730	* to avoid infinite hangs.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	731	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	732	void doClientSide(ClientParameters cliParams) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	733
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	734	// Wait 5 seconds for server ready
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	735	for (int i = 0; (i < 100 && !serverReady); i++) {
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	736	Thread.sleep(50);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	737	}
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	738	if (!serverReady) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	739	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	740	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	741
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	742	// Selectively enable or disable the feature
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	743	System.setProperty("jdk.tls.client.enableStatusRequestExtension",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	744	Boolean.toString(cliParams.enabled));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	745
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	746	// Create the Trust Manager Factory using the PKIX variant
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	747	TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	748
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	749	// If we have a customized pkixParameters then use it
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	750	if (cliParams.pkixParams != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	751	// LIf we have a customized PKIXRevocationChecker, add
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	752	// it to the PKIXBuilderParameters.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	753	if (cliParams.revChecker != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	754	cliParams.pkixParams.addCertPathChecker(cliParams.revChecker);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	755	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	756
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	757	ManagerFactoryParameters trustParams =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	758	new CertPathTrustManagerParameters(cliParams.pkixParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	759	tmf.init(trustParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	760	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	761	tmf.init(trustStore);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	762	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	763
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	764	SSLContext sslc = SSLContext.getInstance("TLS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	765	sslc.init(null, tmf.getTrustManagers(), null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	766
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	767	SSLSocketFactory sslsf = new CustomizedSocketFactory(sslc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	768	cliParams.protocols, cliParams.ciphers);
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	769	try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket("localhost",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	770	serverPort);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	771	InputStream sslIS = sslSocket.getInputStream();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	772	OutputStream sslOS = sslSocket.getOutputStream()) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	773	int numberSent = 80;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	774	sslOS.write(numberSent);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	775	sslOS.flush();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	776	log("Client sent number: " + numberSent);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	777	int numberIn = sslIS.read();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	778	log("Client received number:" + numberIn);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	779	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	780	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	781
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	782	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	783	* Primary constructor, used to drive remainder of the test.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	784	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	785	* Fork off the other side, then do your work.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	786	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	787	SSLSocketWithStapling(ClientParameters cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	788	ServerParameters servParams) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	789	Exception startException = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	790	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	791	if (separateServerThread) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	792	startServer(servParams, true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	793	startClient(cliParams, false);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	794	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	795	startClient(cliParams, true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	796	startServer(servParams, false);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	797	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	798	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	799	startException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	800	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	801
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	802	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	803	* Wait for other side to close down.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	804	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	805	if (separateServerThread) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	806	if (serverThread != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	807	serverThread.join();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	808	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	809	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	810	if (clientThread != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	811	clientThread.join();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	812	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	813	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	814	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	815
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	816	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	817	* Checks a validation failure to see if it failed for the reason we think
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	818	* it should. This comes in as an SSLException of some sort, but it
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	819	* encapsulates a ValidatorException which in turn encapsulates the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	820	* CertPathValidatorException we are interested in.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	821	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	822	* @param e the exception thrown at the top level
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	823	* @param reason the underlying CertPathValidatorException BasicReason
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	824	* we are expecting it to have.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	825	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	826	* @return true if the reason matches up, false otherwise.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	827	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	828	static boolean checkClientValidationFailure(Exception e,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	829	BasicReason reason) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	830	boolean result = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	831
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	832	if (e instanceof SSLException) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	833	Throwable valExc = e.getCause();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	834	if (valExc instanceof sun.security.validator.ValidatorException) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	835	Throwable cause = valExc.getCause();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	836	if (cause instanceof CertPathValidatorException) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	837	CertPathValidatorException cpve =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	838	(CertPathValidatorException)cause;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	839	if (cpve.getReason() == reason) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	840	result = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	841	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	842	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	843	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	844	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	845	return result;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	846	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	847
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	848	TestResult getResult() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	849	TestResult tr = new TestResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	850	tr.clientExc = clientException;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	851	tr.serverExc = serverException;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	852	return tr;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	853	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	854
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	855	void startServer(ServerParameters servParams, boolean newThread)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	856	throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	857	if (newThread) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	858	serverThread = new Thread() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	859	public void run() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	860	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	861	doServerSide(servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	862	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	863	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	864	* Our server thread just died.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	865	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	866	* Release the client, if not active already...
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	867	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	868	System.err.println("Server died...");
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	869	e.printStackTrace(System.err);
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	870	serverReady = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	871	serverException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	872	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	873	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	874	};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	875	serverThread.start();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	876	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	877	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	878	doServerSide(servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	879	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	880	serverException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	881	} finally {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	882	serverReady = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	883	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	884	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	885	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	886
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	887	void startClient(ClientParameters cliParams, boolean newThread)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	888	throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	889	if (newThread) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	890	clientThread = new Thread() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	891	public void run() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	892	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	893	doClientSide(cliParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	894	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	895	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	896	* Our client thread just died.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	897	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	898	System.err.println("Client died...");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	899	clientException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	900	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	901	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	902	};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	903	clientThread.start();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	904	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	905	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	906	doClientSide(cliParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	907	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	908	clientException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	909	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	910	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	911	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	912
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	913	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	914	* Creates the PKI components necessary for this test, including
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	915	* Root CA, Intermediate CA and SSL server certificates, the keystores
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	916	* for each entity, a client trust store, and starts the OCSP responders.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	917	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	918	private static void createPKI() throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	919	CertificateBuilder cbld = new CertificateBuilder();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	920	KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	921	keyGen.initialize(2048);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	922	KeyStore.Builder keyStoreBuilder =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	923	KeyStore.Builder.newInstance("PKCS12", null,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	924	new KeyStore.PasswordProtection(passwd.toCharArray()));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	925
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	926	// Generate Root, IntCA, EE keys
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	927	KeyPair rootCaKP = keyGen.genKeyPair();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	928	log("Generated Root CA KeyPair");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	929	KeyPair intCaKP = keyGen.genKeyPair();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	930	log("Generated Intermediate CA KeyPair");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	931	KeyPair sslKP = keyGen.genKeyPair();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	932	log("Generated SSL Cert KeyPair");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	933
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	934	// Set up the Root CA Cert
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	935	cbld.setSubjectName("CN=Root CA Cert, O=SomeCompany");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	936	cbld.setPublicKey(rootCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	937	cbld.setSerialNumber(new BigInteger("1"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	938	// Make a 3 year validity starting from 60 days ago
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	939	long start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(60);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	940	long end = start + TimeUnit.DAYS.toMillis(1085);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	941	cbld.setValidity(new Date(start), new Date(end));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	942	addCommonExts(cbld, rootCaKP.getPublic(), rootCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	943	addCommonCAExts(cbld);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	944	// Make our Root CA Cert!
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	945	X509Certificate rootCert = cbld.build(null, rootCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	946	"SHA256withRSA");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	947	log("Root CA Created:\n" + certInfo(rootCert));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	948
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	949	// Now build a keystore and add the keys and cert
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	950	rootKeystore = keyStoreBuilder.getKeyStore();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	951	Certificate[] rootChain = {rootCert};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	952	rootKeystore.setKeyEntry(ROOT_ALIAS, rootCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	953	passwd.toCharArray(), rootChain);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	954
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	955	// Now fire up the OCSP responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	956	rootOcsp = new SimpleOCSPServer(rootKeystore, passwd, ROOT_ALIAS, null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	957	rootOcsp.enableLog(debug);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	958	rootOcsp.setNextUpdateInterval(3600);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	959	rootOcsp.start();
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	960
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	961	// Wait 5 seconds for server ready
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	962	for (int i = 0; (i < 100 && !rootOcsp.isServerReady()); i++) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	963	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	964	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	965	if (!rootOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	966	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	967	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	968
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	969	rootOcspPort = rootOcsp.getPort();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	970	String rootRespURI = "http://localhost:" + rootOcspPort;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	971	log("Root OCSP Responder URI is " + rootRespURI);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	972
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	973	// Now that we have the root keystore and OCSP responder we can
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	974	// create our intermediate CA.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	975	cbld.reset();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	976	cbld.setSubjectName("CN=Intermediate CA Cert, O=SomeCompany");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	977	cbld.setPublicKey(intCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	978	cbld.setSerialNumber(new BigInteger("100"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	979	// Make a 2 year validity starting from 30 days ago
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	980	start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(30);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	981	end = start + TimeUnit.DAYS.toMillis(730);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	982	cbld.setValidity(new Date(start), new Date(end));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	983	addCommonExts(cbld, intCaKP.getPublic(), rootCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	984	addCommonCAExts(cbld);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	985	cbld.addAIAExt(Collections.singletonList(rootRespURI));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	986	// Make our Intermediate CA Cert!
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	987	X509Certificate intCaCert = cbld.build(rootCert, rootCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	988	"SHA256withRSA");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	989	log("Intermediate CA Created:\n" + certInfo(intCaCert));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	990
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	991	// Provide intermediate CA cert revocation info to the Root CA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	992	// OCSP responder.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	993	Map<BigInteger, SimpleOCSPServer.CertStatusInfo> revInfo =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	994	new HashMap<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	995	revInfo.put(intCaCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	996	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	997	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	998	rootOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	999
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1000	// Now build a keystore and add the keys, chain and root cert as a TA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1001	intKeystore = keyStoreBuilder.getKeyStore();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1002	Certificate[] intChain = {intCaCert, rootCert};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1003	intKeystore.setKeyEntry(INT_ALIAS, intCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1004	passwd.toCharArray(), intChain);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1005	intKeystore.setCertificateEntry(ROOT_ALIAS, rootCert);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1006
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1007	// Now fire up the Intermediate CA OCSP responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1008	intOcsp = new SimpleOCSPServer(intKeystore, passwd,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1009	INT_ALIAS, null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1010	intOcsp.enableLog(debug);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1011	intOcsp.setNextUpdateInterval(3600);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1012	intOcsp.start();
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	1013
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	1014	// Wait 5 seconds for server ready
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	1015	for (int i = 0; (i < 100 && !intOcsp.isServerReady()); i++) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	1016	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	1017	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	1018	if (!intOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	1019	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	1020	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	1021
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1022	intOcspPort = intOcsp.getPort();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1023	String intCaRespURI = "http://localhost:" + intOcspPort;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1024	log("Intermediate CA OCSP Responder URI is " + intCaRespURI);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1025
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1026	// Last but not least, let's make our SSLCert and add it to its own
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1027	// Keystore
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1028	cbld.reset();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1029	cbld.setSubjectName("CN=SSLCertificate, O=SomeCompany");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1030	cbld.setPublicKey(sslKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1031	cbld.setSerialNumber(new BigInteger("4096"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1032	// Make a 1 year validity starting from 7 days ago
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1033	start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(7);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1034	end = start + TimeUnit.DAYS.toMillis(365);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1035	cbld.setValidity(new Date(start), new Date(end));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1036
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1037	// Add extensions
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1038	addCommonExts(cbld, sslKP.getPublic(), intCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1039	boolean[] kuBits = {true, false, true, false, false, false,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1040	false, false, false};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1041	cbld.addKeyUsageExt(kuBits);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1042	List<String> ekuOids = new ArrayList<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1043	ekuOids.add("1.3.6.1.5.5.7.3.1");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1044	ekuOids.add("1.3.6.1.5.5.7.3.2");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1045	cbld.addExtendedKeyUsageExt(ekuOids);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1046	cbld.addSubjectAltNameDNSExt(Collections.singletonList("localhost"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1047	cbld.addAIAExt(Collections.singletonList(intCaRespURI));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1048	// Make our SSL Server Cert!
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1049	X509Certificate sslCert = cbld.build(intCaCert, intCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1050	"SHA256withRSA");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1051	log("SSL Certificate Created:\n" + certInfo(sslCert));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1052
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1053	// Provide SSL server cert revocation info to the Intermeidate CA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1054	// OCSP responder.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1055	revInfo = new HashMap<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1056	revInfo.put(sslCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1057	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1058	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1059	intOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1060
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1061	// Now build a keystore and add the keys, chain and root cert as a TA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1062	serverKeystore = keyStoreBuilder.getKeyStore();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1063	Certificate[] sslChain = {sslCert, intCaCert, rootCert};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1064	serverKeystore.setKeyEntry(SSL_ALIAS, sslKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1065	passwd.toCharArray(), sslChain);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1066	serverKeystore.setCertificateEntry(ROOT_ALIAS, rootCert);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1067
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1068	// And finally a Trust Store for the client
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1069	trustStore = keyStoreBuilder.getKeyStore();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1070	trustStore.setCertificateEntry(ROOT_ALIAS, rootCert);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1071	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1072
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1073	private static void addCommonExts(CertificateBuilder cbld,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1074	PublicKey subjKey, PublicKey authKey) throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1075	cbld.addSubjectKeyIdExt(subjKey);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1076	cbld.addAuthorityKeyIdExt(authKey);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1077	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1078
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1079	private static void addCommonCAExts(CertificateBuilder cbld)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1080	throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1081	cbld.addBasicConstraintsExt(true, true, -1);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1082	// Set key usage bits for digitalSignature, keyCertSign and cRLSign
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1083	boolean[] kuBitSettings = {true, false, false, false, false, true,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1084	true, false, false};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1085	cbld.addKeyUsageExt(kuBitSettings);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1086	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1087
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1088	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1089	* Helper routine that dumps only a few cert fields rather than
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1090	* the whole toString() output.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1091	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1092	* @param cert an X509Certificate to be displayed
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1093	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1094	* @return the String output of the issuer, subject and
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1095	* serial number
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1096	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1097	private static String certInfo(X509Certificate cert) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1098	StringBuilder sb = new StringBuilder();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1099	sb.append("Issuer: ").append(cert.getIssuerX500Principal()).
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1100	append("\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1101	sb.append("Subject: ").append(cert.getSubjectX500Principal()).
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1102	append("\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1103	sb.append("Serial: ").append(cert.getSerialNumber()).append("\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1104	return sb.toString();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1105	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1106
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1107	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1108	* Log a message on stdout
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1109	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1110	* @param message The message to log
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1111	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1112	private static void log(String message) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1113	if (debug) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1114	System.out.println(message);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1115	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1116	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1117
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1118	// The following two classes are Simple nested class to group a handful
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1119	// of configuration parameters used before starting a client or server.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1120	// We'll just access the data members directly for convenience.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1121	static class ClientParameters {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1122	boolean enabled = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1123	PKIXBuilderParameters pkixParams = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1124	PKIXRevocationChecker revChecker = null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1125	String[] protocols = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1126	String[] ciphers = null;
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1127
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1128	ClientParameters() { }
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1129	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1130
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1131	static class ServerParameters {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1132	boolean enabled = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1133	int cacheSize = 256;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1134	int cacheLifetime = 3600;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1135	int respTimeout = 5000;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1136	String respUri = "";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1137	boolean respOverride = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1138	boolean ignoreExts = false;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1139	String[] protocols = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1140	String[] ciphers = null;
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1141
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1142	ServerParameters() { }
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1143	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1144
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1145	static class CustomizedSocketFactory extends SSLSocketFactory {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1146	final SSLContext sslc;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1147	final String[] protocols;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1148	final String[] cipherSuites;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1149
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1150	CustomizedSocketFactory(SSLContext ctx, String[] prots, String[] suites)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1151	throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1152	super();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1153	sslc = (ctx != null) ? ctx : SSLContext.getDefault();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1154	protocols = prots;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1155	cipherSuites = suites;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1156
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1157	// Create the Trust Manager Factory using the PKIX variant
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1158	TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1159	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1160
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1161	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1162	public Socket createSocket(Socket s, String host, int port,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1163	boolean autoClose) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1164	Socket sock = sslc.getSocketFactory().createSocket(s, host, port,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1165	autoClose);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1166	customizeSocket(sock);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1167	return sock;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1168	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1169
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1170	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1171	public Socket createSocket(InetAddress host, int port)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1172	throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1173	Socket sock = sslc.getSocketFactory().createSocket(host, port);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1174	customizeSocket(sock);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1175	return sock;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1176	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1177
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1178	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1179	public Socket createSocket(InetAddress host, int port,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1180	InetAddress localAddress, int localPort) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1181	Socket sock = sslc.getSocketFactory().createSocket(host, port,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1182	localAddress, localPort);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1183	customizeSocket(sock);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1184	return sock;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1185	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1186
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1187	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1188	public Socket createSocket(String host, int port)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1189	throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1190	Socket sock = sslc.getSocketFactory().createSocket(host, port);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1191	customizeSocket(sock);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1192	return sock;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1193	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1194
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1195	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1196	public Socket createSocket(String host, int port,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1197	InetAddress localAddress, int localPort)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1198	throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1199	Socket sock = sslc.getSocketFactory().createSocket(host, port,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1200	localAddress, localPort);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1201	customizeSocket(sock);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1202	return sock;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1203	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1204
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1205	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1206	public String[] getDefaultCipherSuites() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1207	return sslc.getDefaultSSLParameters().getCipherSuites();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1208	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1209
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1210	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1211	public String[] getSupportedCipherSuites() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1212	return sslc.getSupportedSSLParameters().getCipherSuites();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1213	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1214
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1215	private void customizeSocket(Socket sock) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1216	if (sock instanceof SSLSocket) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1217	if (protocols != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1218	((SSLSocket)sock).setEnabledProtocols(protocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1219	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1220	if (cipherSuites != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1221	((SSLSocket)sock).setEnabledCipherSuites(cipherSuites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1222	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1223	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1224	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1225	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1226
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1227	static class CustomizedServerSocketFactory extends SSLServerSocketFactory {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1228	final SSLContext sslc;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1229	final String[] protocols;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1230	final String[] cipherSuites;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1231
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1232	CustomizedServerSocketFactory(SSLContext ctx, String[] prots, String[] suites)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1233	throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1234	super();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1235	sslc = (ctx != null) ? ctx : SSLContext.getDefault();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1236	protocols = prots;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1237	cipherSuites = suites;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1238
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1239	// Create the Trust Manager Factory using the PKIX variant
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1240	TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1241	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1242
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1243	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1244	public ServerSocket createServerSocket(int port) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1245	ServerSocket sock =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1246	sslc.getServerSocketFactory().createServerSocket(port);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1247	customizeSocket(sock);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1248	return sock;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1249	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1250
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1251	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1252	public ServerSocket createServerSocket(int port, int backlog)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1253	throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1254	ServerSocket sock =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1255	sslc.getServerSocketFactory().createServerSocket(port,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1256	backlog);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1257	customizeSocket(sock);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1258	return sock;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1259	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1260
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1261	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1262	public ServerSocket createServerSocket(int port, int backlog,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1263	InetAddress ifAddress) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1264	ServerSocket sock =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1265	sslc.getServerSocketFactory().createServerSocket(port,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1266	backlog, ifAddress);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1267	customizeSocket(sock);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1268	return sock;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1269	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1270
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1271	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1272	public String[] getDefaultCipherSuites() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1273	return sslc.getDefaultSSLParameters().getCipherSuites();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1274	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1275
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1276	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1277	public String[] getSupportedCipherSuites() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1278	return sslc.getSupportedSSLParameters().getCipherSuites();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1279	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1280
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1281	private void customizeSocket(ServerSocket sock) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1282	if (sock instanceof SSLServerSocket) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1283	if (protocols != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1284	((SSLServerSocket)sock).setEnabledProtocols(protocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1285	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1286	if (cipherSuites != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1287	((SSLServerSocket)sock).setEnabledCipherSuites(cipherSuites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1288	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1289	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1290	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1291	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1292
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1293
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1294	static class TestResult {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1295	Exception serverExc = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1296	Exception clientExc = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1297	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1298
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1299	}

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
parent 47216	71c04702a3d5
permissions	-rw-r--r--