author | xuelei |
Mon, 25 Jun 2018 13:41:39 -0700 | |
changeset 50768 | 68fa3d4026ea |
parent 47216 | 71c04702a3d5 |
permissions | -rw-r--r-- |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
1 |
/* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
2 |
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
4 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
8 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
13 |
* accompanied this code). |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
14 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
15 |
* You should have received a copy of the GNU General Public License version |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
18 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
20 |
* or visit www.oracle.com if you need additional information or have any |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
21 |
* questions. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
22 |
*/ |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
23 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
24 |
// SunJSSE does not support dynamic system properties, no way to re-use |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
25 |
// system properties in samevm/agentvm mode. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
26 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
27 |
/* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
28 |
* @test |
37309
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
29 |
* @bug 8145854 8153829 |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
30 |
* @summary SSLContextImpl.statusResponseManager should be generated if required |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
31 |
* @library ../../../../java/security/testlibrary |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
32 |
* @build CertificateBuilder SimpleOCSPServer |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
33 |
* @run main/othervm StapleEnableProps |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
34 |
*/ |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
35 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
36 |
import javax.net.ssl.*; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
37 |
import javax.net.ssl.SSLEngineResult.*; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
38 |
import java.io.*; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
39 |
import java.math.BigInteger; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
40 |
import java.security.*; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
41 |
import java.nio.*; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
42 |
import java.security.cert.X509Certificate; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
43 |
import java.util.ArrayList; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
44 |
import java.util.Collections; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
45 |
import java.util.Date; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
46 |
import java.util.HashMap; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
47 |
import java.util.List; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
48 |
import java.util.Map; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
49 |
import java.util.Objects; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
50 |
import java.util.concurrent.TimeUnit; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
51 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
52 |
import sun.security.testlibrary.SimpleOCSPServer; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
53 |
import sun.security.testlibrary.CertificateBuilder; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
54 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
55 |
public class StapleEnableProps { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
56 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
57 |
/* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
58 |
* Enables logging of the SSLEngine operations. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
59 |
*/ |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
60 |
private static final boolean logging = true; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
61 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
62 |
/* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
63 |
* Enables the JSSE system debugging system property: |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
64 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
65 |
* -Djavax.net.debug=all |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
66 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
67 |
* This gives a lot of low-level information about operations underway, |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
68 |
* including specific handshake messages, and might be best examined |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
69 |
* after gaining some familiarity with this application. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
70 |
*/ |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
71 |
private static final boolean debug = false; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
72 |
|
50768 | 73 |
// These four ByteBuffer references will be used to hang onto ClientHello |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
74 |
// messages with and without the status_request[_v2] extensions. These |
50768 | 75 |
// will be used in the server-side stapling tests. There are two sets, |
76 |
// one for 1.2 and earlier versions of the protocol and one for 1.3 |
|
77 |
// and later versions, since the handshake and extension sets differ |
|
78 |
// between the two sets. |
|
79 |
private static ByteBuffer cHello12Staple; |
|
80 |
private static ByteBuffer cHello12NoStaple; |
|
81 |
private static ByteBuffer cHello13Staple; |
|
82 |
private static ByteBuffer cHello13NoStaple; |
|
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
83 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
84 |
// The following items are used to set up the keystores. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
85 |
private static final String passwd = "passphrase"; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
86 |
private static final String ROOT_ALIAS = "root"; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
87 |
private static final String INT_ALIAS = "intermediate"; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
88 |
private static final String SSL_ALIAS = "ssl"; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
89 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
90 |
// PKI components we will need for this test |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
91 |
private static KeyManagerFactory kmf; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
92 |
private static TrustManagerFactory tmf; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
93 |
private static KeyStore rootKeystore; // Root CA Keystore |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
94 |
private static KeyStore intKeystore; // Intermediate CA Keystore |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
95 |
private static KeyStore serverKeystore; // SSL Server Keystore |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
96 |
private static KeyStore trustStore; // SSL Client trust store |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
97 |
private static SimpleOCSPServer rootOcsp; // Root CA OCSP Responder |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
98 |
private static int rootOcspPort; // Port for root OCSP |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
99 |
private static SimpleOCSPServer intOcsp; // Intermediate CA OCSP server |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
100 |
private static int intOcspPort; // Port for intermediate OCSP |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
101 |
|
50768 | 102 |
// Extra configuration parameters and constants |
103 |
static final String[] TLS13ONLY = new String[] { "TLSv1.3" }; |
|
104 |
static final String[] TLS12MAX = |
|
105 |
new String[] { "TLSv1.2", "TLSv1.1", "TLSv1" }; |
|
106 |
||
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
107 |
// A few helpful TLS definitions to make it easier |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
108 |
private static final int HELLO_EXT_STATUS_REQ = 5; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
109 |
private static final int HELLO_EXT_STATUS_REQ_V2 = 17; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
110 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
111 |
/* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
112 |
* Main entry point for this test. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
113 |
*/ |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
114 |
public static void main(String args[]) throws Exception { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
115 |
if (debug) { |
50768 | 116 |
System.setProperty("javax.net.debug", "ssl:handshake,verbose"); |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
117 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
118 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
119 |
// Create the PKI we will use for the test and start the OCSP servers |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
120 |
createPKI(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
121 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
122 |
// Set up the KeyManagerFactory and TrustManagerFactory |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
123 |
kmf = KeyManagerFactory.getInstance("PKIX"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
124 |
kmf.init(serverKeystore, passwd.toCharArray()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
125 |
tmf = TrustManagerFactory.getInstance("PKIX"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
126 |
tmf.init(trustStore); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
127 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
128 |
// Run the client and server property tests |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
129 |
testClientProp(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
130 |
testServerProp(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
131 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
132 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
133 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
134 |
private static void testClientProp() throws Exception { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
135 |
SSLEngineResult clientResult; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
136 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
137 |
// Test with the client-side enable property set to true |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
138 |
System.out.println("========================================="); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
139 |
System.out.println("Client Test 1: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
140 |
"jdk.tls.client.enableStatusRequestExtension = true"); |
50768 | 141 |
System.out.println("Version = TLS 1.2"); |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
142 |
System.out.println("========================================="); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
143 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
144 |
System.setProperty("jdk.tls.client.enableStatusRequestExtension", |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
145 |
"true"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
146 |
SSLContext ctxStaple = SSLContext.getInstance("TLS"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
147 |
ctxStaple.init(null, tmf.getTrustManagers(), null); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
148 |
SSLEngine engine = ctxStaple.createSSLEngine(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
149 |
engine.setUseClientMode(true); |
50768 | 150 |
engine.setEnabledProtocols(TLS12MAX); |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
151 |
SSLSession session = engine.getSession(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
152 |
ByteBuffer clientOut = ByteBuffer.wrap("I'm a Client".getBytes()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
153 |
ByteBuffer cTOs = |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
154 |
ByteBuffer.allocateDirect(session.getPacketBufferSize()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
155 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
156 |
// Create and check the ClientHello message |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
157 |
clientResult = engine.wrap(clientOut, cTOs); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
158 |
log("client wrap: ", clientResult); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
159 |
if (clientResult.getStatus() != SSLEngineResult.Status.OK) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
160 |
throw new SSLException("Client wrap got status: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
161 |
clientResult.getStatus()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
162 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
163 |
cTOs.flip(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
164 |
System.out.println(dumpHexBytes(cTOs)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
165 |
checkClientHello(cTOs, true, true); |
50768 | 166 |
cHello12Staple = cTOs; |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
167 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
168 |
// Test with the property set to false |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
169 |
System.out.println("========================================="); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
170 |
System.out.println("Client Test 2: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
171 |
"jdk.tls.client.enableStatusRequestExtension = false"); |
50768 | 172 |
System.out.println("Version = TLS 1.2"); |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
173 |
System.out.println("========================================="); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
174 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
175 |
System.setProperty("jdk.tls.client.enableStatusRequestExtension", |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
176 |
"false"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
177 |
SSLContext ctxNoStaple = SSLContext.getInstance("TLS"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
178 |
ctxNoStaple.init(null, tmf.getTrustManagers(), null); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
179 |
engine = ctxNoStaple.createSSLEngine(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
180 |
engine.setUseClientMode(true); |
50768 | 181 |
engine.setEnabledProtocols(TLS12MAX); |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
182 |
session = engine.getSession(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
183 |
cTOs = ByteBuffer.allocateDirect(session.getPacketBufferSize()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
184 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
185 |
// Create and check the ClientHello message |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
186 |
clientResult = engine.wrap(clientOut, cTOs); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
187 |
log("client wrap: ", clientResult); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
188 |
if (clientResult.getStatus() != SSLEngineResult.Status.OK) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
189 |
throw new SSLException("Client wrap got status: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
190 |
clientResult.getStatus()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
191 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
192 |
cTOs.flip(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
193 |
System.out.println(dumpHexBytes(cTOs)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
194 |
checkClientHello(cTOs, false, false); |
50768 | 195 |
cHello12NoStaple = cTOs; |
196 |
||
197 |
// Turn the property back on to true and test using TLS 1.3 |
|
198 |
System.out.println("========================================="); |
|
199 |
System.out.println("Client Test 3: " + |
|
200 |
"jdk.tls.client.enableStatusRequestExtension = true"); |
|
201 |
System.out.println("Version = TLS 1.3"); |
|
202 |
System.out.println("========================================="); |
|
203 |
||
204 |
System.setProperty("jdk.tls.client.enableStatusRequestExtension", |
|
205 |
"true"); |
|
206 |
ctxStaple = SSLContext.getInstance("TLS"); |
|
207 |
ctxStaple.init(null, tmf.getTrustManagers(), null); |
|
208 |
engine = ctxStaple.createSSLEngine(); |
|
209 |
engine.setUseClientMode(true); |
|
210 |
engine.setEnabledProtocols(TLS13ONLY); |
|
211 |
session = engine.getSession(); |
|
212 |
cTOs = ByteBuffer.allocateDirect(session.getPacketBufferSize()); |
|
213 |
||
214 |
// Create and check the ClientHello message |
|
215 |
clientResult = engine.wrap(clientOut, cTOs); |
|
216 |
log("client wrap: ", clientResult); |
|
217 |
if (clientResult.getStatus() != SSLEngineResult.Status.OK) { |
|
218 |
throw new SSLException("Client wrap got status: " + |
|
219 |
clientResult.getStatus()); |
|
220 |
} |
|
221 |
cTOs.flip(); |
|
222 |
System.out.println(dumpHexBytes(cTOs)); |
|
223 |
checkClientHello(cTOs, true, false); |
|
224 |
cHello13Staple = cTOs; |
|
225 |
||
226 |
// Turn the property off again and test in a TLS 1.3 handshake |
|
227 |
System.out.println("========================================="); |
|
228 |
System.out.println("Client Test 4: " + |
|
229 |
"jdk.tls.client.enableStatusRequestExtension = false"); |
|
230 |
System.out.println("Version = TLS 1.3"); |
|
231 |
System.out.println("========================================="); |
|
232 |
||
233 |
System.setProperty("jdk.tls.client.enableStatusRequestExtension", |
|
234 |
"false"); |
|
235 |
ctxNoStaple = SSLContext.getInstance("TLS"); |
|
236 |
ctxNoStaple.init(null, tmf.getTrustManagers(), null); |
|
237 |
engine = ctxNoStaple.createSSLEngine(); |
|
238 |
engine.setUseClientMode(true); |
|
239 |
engine.setEnabledProtocols(TLS13ONLY); |
|
240 |
session = engine.getSession(); |
|
241 |
cTOs = ByteBuffer.allocateDirect(session.getPacketBufferSize()); |
|
242 |
||
243 |
// Create and check the ClientHello message |
|
244 |
clientResult = engine.wrap(clientOut, cTOs); |
|
245 |
log("client wrap: ", clientResult); |
|
246 |
if (clientResult.getStatus() != SSLEngineResult.Status.OK) { |
|
247 |
throw new SSLException("Client wrap got status: " + |
|
248 |
clientResult.getStatus()); |
|
249 |
} |
|
250 |
cTOs.flip(); |
|
251 |
System.out.println(dumpHexBytes(cTOs)); |
|
252 |
checkClientHello(cTOs, false, false); |
|
253 |
cHello13NoStaple = cTOs; |
|
254 |
||
255 |
// A TLS 1.3-capable hello, one that is not strictly limited to |
|
256 |
// the TLS 1.3 protocol should have both status_request and |
|
257 |
// status_request_v2 |
|
258 |
System.out.println("========================================="); |
|
259 |
System.out.println("Client Test 5: " + |
|
260 |
"jdk.tls.client.enableStatusRequestExtension = true"); |
|
261 |
System.out.println("Version = TLS 1.3 capable [default hello]"); |
|
262 |
System.out.println("========================================="); |
|
263 |
||
264 |
System.setProperty("jdk.tls.client.enableStatusRequestExtension", |
|
265 |
"true"); |
|
266 |
ctxStaple = SSLContext.getInstance("TLS"); |
|
267 |
ctxStaple.init(null, tmf.getTrustManagers(), null); |
|
268 |
engine = ctxStaple.createSSLEngine(); |
|
269 |
engine.setUseClientMode(true); |
|
270 |
// Note: Unlike the other tests, there is no explicit protocol setting |
|
271 |
session = engine.getSession(); |
|
272 |
cTOs = ByteBuffer.allocateDirect(session.getPacketBufferSize()); |
|
273 |
||
274 |
// Create and check the ClientHello message |
|
275 |
clientResult = engine.wrap(clientOut, cTOs); |
|
276 |
log("client wrap: ", clientResult); |
|
277 |
if (clientResult.getStatus() != SSLEngineResult.Status.OK) { |
|
278 |
throw new SSLException("Client wrap got status: " + |
|
279 |
clientResult.getStatus()); |
|
280 |
} |
|
281 |
cTOs.flip(); |
|
282 |
System.out.println(dumpHexBytes(cTOs)); |
|
283 |
checkClientHello(cTOs, true, true); |
|
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
284 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
285 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
286 |
private static void testServerProp() throws Exception { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
287 |
SSLEngineResult serverResult; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
288 |
HandshakeStatus hsStat; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
289 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
290 |
// Test with the server-side enable property set to true |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
291 |
System.out.println("========================================="); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
292 |
System.out.println("Server Test 1: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
293 |
"jdk.tls.server.enableStatusRequestExtension = true"); |
50768 | 294 |
System.out.println("Version = TLS 1.2"); |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
295 |
System.out.println("========================================="); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
296 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
297 |
System.setProperty("jdk.tls.server.enableStatusRequestExtension", |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
298 |
"true"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
299 |
SSLContext ctxStaple = SSLContext.getInstance("TLS"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
300 |
ctxStaple.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
301 |
SSLEngine engine = ctxStaple.createSSLEngine(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
302 |
engine.setUseClientMode(false); |
50768 | 303 |
engine.setEnabledProtocols(TLS12MAX); |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
304 |
SSLSession session = engine.getSession(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
305 |
ByteBuffer serverOut = ByteBuffer.wrap("I'm a Server".getBytes()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
306 |
ByteBuffer serverIn = |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
307 |
ByteBuffer.allocate(session.getApplicationBufferSize() + 50); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
308 |
ByteBuffer sTOc = |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
309 |
ByteBuffer.allocateDirect(session.getPacketBufferSize()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
310 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
311 |
// Consume the client hello |
50768 | 312 |
serverResult = engine.unwrap(cHello12Staple, serverIn); |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
313 |
log("server unwrap: ", serverResult); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
314 |
if (serverResult.getStatus() != SSLEngineResult.Status.OK) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
315 |
throw new SSLException("Server unwrap got status: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
316 |
serverResult.getStatus()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
317 |
} else if (serverResult.getHandshakeStatus() != |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
318 |
SSLEngineResult.HandshakeStatus.NEED_TASK) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
319 |
throw new SSLException("Server unwrap expected NEED_TASK, got: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
320 |
serverResult.getHandshakeStatus()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
321 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
322 |
runDelegatedTasks(serverResult, engine); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
323 |
if (engine.getHandshakeStatus() != |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
324 |
SSLEngineResult.HandshakeStatus.NEED_WRAP) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
325 |
throw new SSLException("Expected NEED_WRAP, got: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
326 |
engine.getHandshakeStatus()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
327 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
328 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
329 |
// Generate a TLS record with the ServerHello |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
330 |
serverResult = engine.wrap(serverOut, sTOc); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
331 |
log("client wrap: ", serverResult); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
332 |
if (serverResult.getStatus() != SSLEngineResult.Status.OK) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
333 |
throw new SSLException("Client wrap got status: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
334 |
serverResult.getStatus()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
335 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
336 |
sTOc.flip(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
337 |
System.out.println(dumpHexBytes(sTOc)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
338 |
checkServerHello(sTOc, false, true); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
339 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
340 |
// Flip the client hello so we can reuse it in the next test. |
50768 | 341 |
cHello12Staple.flip(); |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
342 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
343 |
// Test with the server-side enable property set to false |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
344 |
System.out.println("========================================="); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
345 |
System.out.println("Server Test 2: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
346 |
"jdk.tls.server.enableStatusRequestExtension = false"); |
50768 | 347 |
System.out.println("Version = TLS 1.2"); |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
348 |
System.out.println("========================================="); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
349 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
350 |
System.setProperty("jdk.tls.server.enableStatusRequestExtension", |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
351 |
"false"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
352 |
SSLContext ctxNoStaple = SSLContext.getInstance("TLS"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
353 |
ctxNoStaple.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
354 |
engine = ctxNoStaple.createSSLEngine(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
355 |
engine.setUseClientMode(false); |
50768 | 356 |
engine.setEnabledProtocols(TLS12MAX); |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
357 |
session = engine.getSession(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
358 |
serverIn = ByteBuffer.allocate(session.getApplicationBufferSize() + 50); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
359 |
sTOc = ByteBuffer.allocateDirect(session.getPacketBufferSize()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
360 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
361 |
// Consume the client hello |
50768 | 362 |
serverResult = engine.unwrap(cHello12Staple, serverIn); |
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
363 |
log("server unwrap: ", serverResult); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
364 |
if (serverResult.getStatus() != SSLEngineResult.Status.OK) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
365 |
throw new SSLException("Server unwrap got status: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
366 |
serverResult.getStatus()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
367 |
} else if (serverResult.getHandshakeStatus() != |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
368 |
SSLEngineResult.HandshakeStatus.NEED_TASK) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
369 |
throw new SSLException("Server unwrap expected NEED_TASK, got: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
370 |
serverResult.getHandshakeStatus()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
371 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
372 |
runDelegatedTasks(serverResult, engine); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
373 |
if (engine.getHandshakeStatus() != |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
374 |
SSLEngineResult.HandshakeStatus.NEED_WRAP) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
375 |
throw new SSLException("Expected NEED_WRAP, got: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
376 |
engine.getHandshakeStatus()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
377 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
378 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
379 |
// Generate a TLS record with the ServerHello |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
380 |
serverResult = engine.wrap(serverOut, sTOc); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
381 |
log("client wrap: ", serverResult); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
382 |
if (serverResult.getStatus() != SSLEngineResult.Status.OK) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
383 |
throw new SSLException("Client wrap got status: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
384 |
serverResult.getStatus()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
385 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
386 |
sTOc.flip(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
387 |
System.out.println(dumpHexBytes(sTOc)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
388 |
checkServerHello(sTOc, false, false); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
389 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
390 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
391 |
/* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
392 |
* If the result indicates that we have outstanding tasks to do, |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
393 |
* go ahead and run them in this thread. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
394 |
*/ |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
395 |
private static void runDelegatedTasks(SSLEngineResult result, |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
396 |
SSLEngine engine) throws Exception { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
397 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
398 |
if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
399 |
Runnable runnable; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
400 |
while ((runnable = engine.getDelegatedTask()) != null) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
401 |
log("\trunning delegated task..."); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
402 |
runnable.run(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
403 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
404 |
HandshakeStatus hsStatus = engine.getHandshakeStatus(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
405 |
if (hsStatus == HandshakeStatus.NEED_TASK) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
406 |
throw new Exception( |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
407 |
"handshake shouldn't need additional tasks"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
408 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
409 |
log("\tnew HandshakeStatus: " + hsStatus); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
410 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
411 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
412 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
413 |
private static void log(String str, SSLEngineResult result) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
414 |
if (!logging) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
415 |
return; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
416 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
417 |
HandshakeStatus hsStatus = result.getHandshakeStatus(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
418 |
log(str + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
419 |
result.getStatus() + "/" + hsStatus + ", " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
420 |
result.bytesConsumed() + "/" + result.bytesProduced() + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
421 |
" bytes"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
422 |
if (hsStatus == HandshakeStatus.FINISHED) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
423 |
log("\t...ready for application data"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
424 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
425 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
426 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
427 |
private static void log(String str) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
428 |
if (logging) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
429 |
System.out.println(str); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
430 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
431 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
432 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
433 |
/** |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
434 |
* Dump a ByteBuffer as a hexdump to stdout. The dumping routine will |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
435 |
* start at the current position of the buffer and run to its limit. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
436 |
* After completing the dump, the position will be returned to its |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
437 |
* starting point. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
438 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
439 |
* @param data the ByteBuffer to dump to stdout. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
440 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
441 |
* @return the hexdump of the byte array. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
442 |
*/ |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
443 |
private static String dumpHexBytes(ByteBuffer data) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
444 |
StringBuilder sb = new StringBuilder(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
445 |
if (data != null) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
446 |
int i = 0; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
447 |
data.mark(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
448 |
while (data.hasRemaining()) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
449 |
if (i % 16 == 0 && i != 0) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
450 |
sb.append("\n"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
451 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
452 |
sb.append(String.format("%02X ", data.get())); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
453 |
i++; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
454 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
455 |
data.reset(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
456 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
457 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
458 |
return sb.toString(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
459 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
460 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
461 |
/** |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
462 |
* Tests the ClientHello for the presence (or not) of the status_request |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
463 |
* and status_request_v2 hello extensions. It is assumed that the provided |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
464 |
* ByteBuffer has its position set at the first byte of the TLS record |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
465 |
* containing the ClientHello and contains the entire hello message. Upon |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
466 |
* successful completion of this method the ByteBuffer will have its |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
467 |
* position reset to the initial offset in the buffer. If an exception is |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
468 |
* thrown the position at the time of the exception will be preserved. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
469 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
470 |
* @param data the ByteBuffer containing the ClientHello bytes |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
471 |
* @param statReqPresent true if the status_request hello extension should |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
472 |
* be present. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
473 |
* @param statReqV2Present true if the status_request_v2 hello extension |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
474 |
* should be present. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
475 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
476 |
* @throws SSLException if the presence or lack of either the |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
477 |
* status_request or status_request_v2 extensions is inconsistent with |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
478 |
* the expected settings in the statReqPresent or statReqV2Present |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
479 |
* parameters. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
480 |
*/ |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
481 |
private static void checkClientHello(ByteBuffer data, |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
482 |
boolean statReqPresent, boolean statReqV2Present) |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
483 |
throws SSLException { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
484 |
boolean hasV1 = false; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
485 |
boolean hasV2 = false; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
486 |
Objects.requireNonNull(data); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
487 |
data.mark(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
488 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
489 |
// Process the TLS record header |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
490 |
int type = Byte.toUnsignedInt(data.get()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
491 |
int ver_major = Byte.toUnsignedInt(data.get()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
492 |
int ver_minor = Byte.toUnsignedInt(data.get()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
493 |
int recLen = Short.toUnsignedInt(data.getShort()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
494 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
495 |
// Simple sanity checks |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
496 |
if (type != 22) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
497 |
throw new SSLException("Not a handshake: Type = " + type); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
498 |
} else if (recLen > data.remaining()) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
499 |
throw new SSLException("Incomplete record in buffer: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
500 |
"Record length = " + recLen + ", Remaining = " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
501 |
data.remaining()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
502 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
503 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
504 |
// Grab the handshake message header. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
505 |
int msgHdr = data.getInt(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
506 |
int msgType = (msgHdr >> 24) & 0x000000FF; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
507 |
int msgLen = msgHdr & 0x00FFFFFF; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
508 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
509 |
// More simple sanity checks |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
510 |
if (msgType != 1) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
511 |
throw new SSLException("Not a ClientHello: Type = " + msgType); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
512 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
513 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
514 |
// Skip over the protocol version and client random |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
515 |
data.position(data.position() + 34); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
516 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
517 |
// Jump past the session ID (if there is one) |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
518 |
int sessLen = Byte.toUnsignedInt(data.get()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
519 |
if (sessLen != 0) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
520 |
data.position(data.position() + sessLen); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
521 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
522 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
523 |
// Jump past the cipher suites |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
524 |
int csLen = Short.toUnsignedInt(data.getShort()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
525 |
if (csLen != 0) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
526 |
data.position(data.position() + csLen); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
527 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
528 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
529 |
// ...and the compression |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
530 |
int compLen = Byte.toUnsignedInt(data.get()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
531 |
if (compLen != 0) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
532 |
data.position(data.position() + compLen); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
533 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
534 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
535 |
// Now for the fun part. Go through the extensions and look |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
536 |
// for the two status request exts. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
537 |
int extsLen = Short.toUnsignedInt(data.getShort()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
538 |
while (data.hasRemaining()) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
539 |
int extType = Short.toUnsignedInt(data.getShort()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
540 |
int extLen = Short.toUnsignedInt(data.getShort()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
541 |
hasV1 |= (extType == HELLO_EXT_STATUS_REQ); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
542 |
hasV2 |= (extType == HELLO_EXT_STATUS_REQ_V2); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
543 |
data.position(data.position() + extLen); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
544 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
545 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
546 |
if (hasV1 != statReqPresent) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
547 |
throw new SSLException("The status_request extension is " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
548 |
"inconsistent with the expected result: expected = " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
549 |
statReqPresent + ", actual = " + hasV1); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
550 |
} else if (hasV2 != statReqV2Present) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
551 |
throw new SSLException("The status_request_v2 extension is " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
552 |
"inconsistent with the expected result: expected = " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
553 |
statReqV2Present + ", actual = " + hasV2); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
554 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
555 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
556 |
// We should be at the end of the ClientHello |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
557 |
data.reset(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
558 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
559 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
560 |
/** |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
561 |
* Tests the ServerHello for the presence (or not) of the status_request |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
562 |
* or status_request_v2 hello extension. It is assumed that the provided |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
563 |
* ByteBuffer has its position set at the first byte of the TLS record |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
564 |
* containing the ServerHello and contains the entire hello message. Upon |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
565 |
* successful completion of this method the ByteBuffer will have its |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
566 |
* position reset to the initial offset in the buffer. If an exception is |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
567 |
* thrown the position at the time of the exception will be preserved. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
568 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
569 |
* @param statReqPresent true if the status_request hello extension should |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
570 |
* be present. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
571 |
* @param statReqV2Present true if the status_request_v2 hello extension |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
572 |
* should be present. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
573 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
574 |
* @throws SSLException if the presence or lack of either the |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
575 |
* status_request or status_request_v2 extensions is inconsistent with |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
576 |
* the expected settings in the statReqPresent or statReqV2Present |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
577 |
* parameters. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
578 |
*/ |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
579 |
private static void checkServerHello(ByteBuffer data, |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
580 |
boolean statReqPresent, boolean statReqV2Present) |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
581 |
throws SSLException { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
582 |
boolean hasV1 = false; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
583 |
boolean hasV2 = false; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
584 |
Objects.requireNonNull(data); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
585 |
int startPos = data.position(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
586 |
data.mark(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
587 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
588 |
// Process the TLS record header |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
589 |
int type = Byte.toUnsignedInt(data.get()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
590 |
int ver_major = Byte.toUnsignedInt(data.get()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
591 |
int ver_minor = Byte.toUnsignedInt(data.get()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
592 |
int recLen = Short.toUnsignedInt(data.getShort()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
593 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
594 |
// Simple sanity checks |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
595 |
if (type != 22) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
596 |
throw new SSLException("Not a handshake: Type = " + type); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
597 |
} else if (recLen > data.remaining()) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
598 |
throw new SSLException("Incomplete record in buffer: " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
599 |
"Record length = " + recLen + ", Remaining = " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
600 |
data.remaining()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
601 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
602 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
603 |
// Grab the handshake message header. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
604 |
int msgHdr = data.getInt(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
605 |
int msgType = (msgHdr >> 24) & 0x000000FF; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
606 |
int msgLen = msgHdr & 0x00FFFFFF; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
607 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
608 |
// More simple sanity checks |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
609 |
if (msgType != 2) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
610 |
throw new SSLException("Not a ServerHello: Type = " + msgType); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
611 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
612 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
613 |
// Skip over the protocol version and server random |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
614 |
data.position(data.position() + 34); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
615 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
616 |
// Jump past the session ID |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
617 |
int sessLen = Byte.toUnsignedInt(data.get()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
618 |
if (sessLen != 0) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
619 |
data.position(data.position() + sessLen); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
620 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
621 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
622 |
// Skip the cipher suite and compression method |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
623 |
data.position(data.position() + 3); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
624 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
625 |
// Go through the extensions and look for the request extension |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
626 |
// expected by the caller. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
627 |
int extsLen = Short.toUnsignedInt(data.getShort()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
628 |
while (data.position() < recLen + startPos + 5) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
629 |
int extType = Short.toUnsignedInt(data.getShort()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
630 |
int extLen = Short.toUnsignedInt(data.getShort()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
631 |
hasV1 |= (extType == HELLO_EXT_STATUS_REQ); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
632 |
hasV2 |= (extType == HELLO_EXT_STATUS_REQ_V2); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
633 |
data.position(data.position() + extLen); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
634 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
635 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
636 |
if (hasV1 != statReqPresent) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
637 |
throw new SSLException("The status_request extension is " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
638 |
"inconsistent with the expected result: expected = " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
639 |
statReqPresent + ", actual = " + hasV1); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
640 |
} else if (hasV2 != statReqV2Present) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
641 |
throw new SSLException("The status_request_v2 extension is " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
642 |
"inconsistent with the expected result: expected = " + |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
643 |
statReqV2Present + ", actual = " + hasV2); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
644 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
645 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
646 |
// Reset the position to the initial spot at the start of this method. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
647 |
data.reset(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
648 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
649 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
650 |
/** |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
651 |
* Creates the PKI components necessary for this test, including |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
652 |
* Root CA, Intermediate CA and SSL server certificates, the keystores |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
653 |
* for each entity, a client trust store, and starts the OCSP responders. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
654 |
*/ |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
655 |
private static void createPKI() throws Exception { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
656 |
CertificateBuilder cbld = new CertificateBuilder(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
657 |
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
658 |
keyGen.initialize(2048); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
659 |
KeyStore.Builder keyStoreBuilder = |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
660 |
KeyStore.Builder.newInstance("PKCS12", null, |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
661 |
new KeyStore.PasswordProtection(passwd.toCharArray())); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
662 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
663 |
// Generate Root, IntCA, EE keys |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
664 |
KeyPair rootCaKP = keyGen.genKeyPair(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
665 |
log("Generated Root CA KeyPair"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
666 |
KeyPair intCaKP = keyGen.genKeyPair(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
667 |
log("Generated Intermediate CA KeyPair"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
668 |
KeyPair sslKP = keyGen.genKeyPair(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
669 |
log("Generated SSL Cert KeyPair"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
670 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
671 |
// Set up the Root CA Cert |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
672 |
cbld.setSubjectName("CN=Root CA Cert, O=SomeCompany"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
673 |
cbld.setPublicKey(rootCaKP.getPublic()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
674 |
cbld.setSerialNumber(new BigInteger("1")); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
675 |
// Make a 3 year validity starting from 60 days ago |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
676 |
long start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(60); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
677 |
long end = start + TimeUnit.DAYS.toMillis(1085); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
678 |
cbld.setValidity(new Date(start), new Date(end)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
679 |
addCommonExts(cbld, rootCaKP.getPublic(), rootCaKP.getPublic()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
680 |
addCommonCAExts(cbld); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
681 |
// Make our Root CA Cert! |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
682 |
X509Certificate rootCert = cbld.build(null, rootCaKP.getPrivate(), |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
683 |
"SHA256withRSA"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
684 |
log("Root CA Created:\n" + certInfo(rootCert)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
685 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
686 |
// Now build a keystore and add the keys and cert |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
687 |
rootKeystore = keyStoreBuilder.getKeyStore(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
688 |
java.security.cert.Certificate[] rootChain = {rootCert}; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
689 |
rootKeystore.setKeyEntry(ROOT_ALIAS, rootCaKP.getPrivate(), |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
690 |
passwd.toCharArray(), rootChain); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
691 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
692 |
// Now fire up the OCSP responder |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
693 |
rootOcsp = new SimpleOCSPServer(rootKeystore, passwd, ROOT_ALIAS, null); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
694 |
rootOcsp.enableLog(logging); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
695 |
rootOcsp.setNextUpdateInterval(3600); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
696 |
rootOcsp.start(); |
37309
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
697 |
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
698 |
// Wait 5 seconds for server ready |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
699 |
for (int i = 0; (i < 100 && !rootOcsp.isServerReady()); i++) { |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
700 |
Thread.sleep(50); |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
701 |
} |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
702 |
if (!rootOcsp.isServerReady()) { |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
703 |
throw new RuntimeException("Server not ready yet"); |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
704 |
} |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
705 |
|
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
706 |
rootOcspPort = rootOcsp.getPort(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
707 |
String rootRespURI = "http://localhost:" + rootOcspPort; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
708 |
log("Root OCSP Responder URI is " + rootRespURI); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
709 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
710 |
// Now that we have the root keystore and OCSP responder we can |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
711 |
// create our intermediate CA. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
712 |
cbld.reset(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
713 |
cbld.setSubjectName("CN=Intermediate CA Cert, O=SomeCompany"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
714 |
cbld.setPublicKey(intCaKP.getPublic()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
715 |
cbld.setSerialNumber(new BigInteger("100")); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
716 |
// Make a 2 year validity starting from 30 days ago |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
717 |
start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(30); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
718 |
end = start + TimeUnit.DAYS.toMillis(730); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
719 |
cbld.setValidity(new Date(start), new Date(end)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
720 |
addCommonExts(cbld, intCaKP.getPublic(), rootCaKP.getPublic()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
721 |
addCommonCAExts(cbld); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
722 |
cbld.addAIAExt(Collections.singletonList(rootRespURI)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
723 |
// Make our Intermediate CA Cert! |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
724 |
X509Certificate intCaCert = cbld.build(rootCert, rootCaKP.getPrivate(), |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
725 |
"SHA256withRSA"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
726 |
log("Intermediate CA Created:\n" + certInfo(intCaCert)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
727 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
728 |
// Provide intermediate CA cert revocation info to the Root CA |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
729 |
// OCSP responder. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
730 |
Map<BigInteger, SimpleOCSPServer.CertStatusInfo> revInfo = |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
731 |
new HashMap<>(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
732 |
revInfo.put(intCaCert.getSerialNumber(), |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
733 |
new SimpleOCSPServer.CertStatusInfo( |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
734 |
SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
735 |
rootOcsp.updateStatusDb(revInfo); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
736 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
737 |
// Now build a keystore and add the keys, chain and root cert as a TA |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
738 |
intKeystore = keyStoreBuilder.getKeyStore(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
739 |
java.security.cert.Certificate[] intChain = {intCaCert, rootCert}; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
740 |
intKeystore.setKeyEntry(INT_ALIAS, intCaKP.getPrivate(), |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
741 |
passwd.toCharArray(), intChain); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
742 |
intKeystore.setCertificateEntry(ROOT_ALIAS, rootCert); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
743 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
744 |
// Now fire up the Intermediate CA OCSP responder |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
745 |
intOcsp = new SimpleOCSPServer(intKeystore, passwd, |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
746 |
INT_ALIAS, null); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
747 |
intOcsp.enableLog(logging); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
748 |
intOcsp.setNextUpdateInterval(3600); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
749 |
intOcsp.start(); |
37309
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
750 |
|
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
751 |
// Wait 5 seconds for server ready |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
752 |
for (int i = 0; (i < 100 && !intOcsp.isServerReady()); i++) { |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
753 |
Thread.sleep(50); |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
754 |
} |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
755 |
if (!intOcsp.isServerReady()) { |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
756 |
throw new RuntimeException("Server not ready yet"); |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
757 |
} |
8f530b9d18f4
8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException
rhalade
parents:
36132
diff
changeset
|
758 |
|
36132
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
759 |
intOcspPort = intOcsp.getPort(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
760 |
String intCaRespURI = "http://localhost:" + intOcspPort; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
761 |
log("Intermediate CA OCSP Responder URI is " + intCaRespURI); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
762 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
763 |
// Last but not least, let's make our SSLCert and add it to its own |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
764 |
// Keystore |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
765 |
cbld.reset(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
766 |
cbld.setSubjectName("CN=SSLCertificate, O=SomeCompany"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
767 |
cbld.setPublicKey(sslKP.getPublic()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
768 |
cbld.setSerialNumber(new BigInteger("4096")); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
769 |
// Make a 1 year validity starting from 7 days ago |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
770 |
start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(7); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
771 |
end = start + TimeUnit.DAYS.toMillis(365); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
772 |
cbld.setValidity(new Date(start), new Date(end)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
773 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
774 |
// Add extensions |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
775 |
addCommonExts(cbld, sslKP.getPublic(), intCaKP.getPublic()); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
776 |
boolean[] kuBits = {true, false, true, false, false, false, |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
777 |
false, false, false}; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
778 |
cbld.addKeyUsageExt(kuBits); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
779 |
List<String> ekuOids = new ArrayList<>(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
780 |
ekuOids.add("1.3.6.1.5.5.7.3.1"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
781 |
ekuOids.add("1.3.6.1.5.5.7.3.2"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
782 |
cbld.addExtendedKeyUsageExt(ekuOids); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
783 |
cbld.addSubjectAltNameDNSExt(Collections.singletonList("localhost")); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
784 |
cbld.addAIAExt(Collections.singletonList(intCaRespURI)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
785 |
// Make our SSL Server Cert! |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
786 |
X509Certificate sslCert = cbld.build(intCaCert, intCaKP.getPrivate(), |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
787 |
"SHA256withRSA"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
788 |
log("SSL Certificate Created:\n" + certInfo(sslCert)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
789 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
790 |
// Provide SSL server cert revocation info to the Intermeidate CA |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
791 |
// OCSP responder. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
792 |
revInfo = new HashMap<>(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
793 |
revInfo.put(sslCert.getSerialNumber(), |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
794 |
new SimpleOCSPServer.CertStatusInfo( |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
795 |
SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD)); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
796 |
intOcsp.updateStatusDb(revInfo); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
797 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
798 |
// Now build a keystore and add the keys, chain and root cert as a TA |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
799 |
serverKeystore = keyStoreBuilder.getKeyStore(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
800 |
java.security.cert.Certificate[] sslChain = {sslCert, intCaCert, rootCert}; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
801 |
serverKeystore.setKeyEntry(SSL_ALIAS, sslKP.getPrivate(), |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
802 |
passwd.toCharArray(), sslChain); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
803 |
serverKeystore.setCertificateEntry(ROOT_ALIAS, rootCert); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
804 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
805 |
// And finally a Trust Store for the client |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
806 |
trustStore = keyStoreBuilder.getKeyStore(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
807 |
trustStore.setCertificateEntry(ROOT_ALIAS, rootCert); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
808 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
809 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
810 |
private static void addCommonExts(CertificateBuilder cbld, |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
811 |
PublicKey subjKey, PublicKey authKey) throws IOException { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
812 |
cbld.addSubjectKeyIdExt(subjKey); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
813 |
cbld.addAuthorityKeyIdExt(authKey); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
814 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
815 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
816 |
private static void addCommonCAExts(CertificateBuilder cbld) |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
817 |
throws IOException { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
818 |
cbld.addBasicConstraintsExt(true, true, -1); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
819 |
// Set key usage bits for digitalSignature, keyCertSign and cRLSign |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
820 |
boolean[] kuBitSettings = {true, false, false, false, false, true, |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
821 |
true, false, false}; |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
822 |
cbld.addKeyUsageExt(kuBitSettings); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
823 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
824 |
|
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
825 |
/** |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
826 |
* Helper routine that dumps only a few cert fields rather than |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
827 |
* the whole toString() output. |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
828 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
829 |
* @param cert an X509Certificate to be displayed |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
830 |
* |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
831 |
* @return the String output of the issuer, subject and |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
832 |
* serial number |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
833 |
*/ |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
834 |
private static String certInfo(X509Certificate cert) { |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
835 |
StringBuilder sb = new StringBuilder(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
836 |
sb.append("Issuer: ").append(cert.getIssuerX500Principal()). |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
837 |
append("\n"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
838 |
sb.append("Subject: ").append(cert.getSubjectX500Principal()). |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
839 |
append("\n"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
840 |
sb.append("Serial: ").append(cert.getSerialNumber()).append("\n"); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
841 |
return sb.toString(); |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
842 |
} |
c99a60377145
8145854: SSLContextImpl.statusResponseManager should be generated if required
jnimeh
parents:
diff
changeset
|
843 |
} |