jdk-sandbox: test/jdk/javax/net/ssl/Stapling/StapleEnableProps.java@68fa3d4026ea (annotated)

36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	1	/*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	2	* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	4	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	7	* published by the Free Software Foundation.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	8	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	13	* accompanied this code).
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	14	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	18	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	21	* questions.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	22	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	23
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	24	// SunJSSE does not support dynamic system properties, no way to re-use
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	25	// system properties in samevm/agentvm mode.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	26
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	27	/*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	28	* @test
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	29	* @bug 8145854 8153829
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	30	* @summary SSLContextImpl.statusResponseManager should be generated if required
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	31	* @library ../../../../java/security/testlibrary
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	32	* @build CertificateBuilder SimpleOCSPServer
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	33	* @run main/othervm StapleEnableProps
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	34	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	35
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	36	import javax.net.ssl.*;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	37	import javax.net.ssl.SSLEngineResult.*;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	38	import java.io.*;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	39	import java.math.BigInteger;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	40	import java.security.*;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	41	import java.nio.*;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	42	import java.security.cert.X509Certificate;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	43	import java.util.ArrayList;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	44	import java.util.Collections;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	45	import java.util.Date;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	46	import java.util.HashMap;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	47	import java.util.List;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	48	import java.util.Map;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	49	import java.util.Objects;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	50	import java.util.concurrent.TimeUnit;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	51
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	52	import sun.security.testlibrary.SimpleOCSPServer;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	53	import sun.security.testlibrary.CertificateBuilder;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	54
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	55	public class StapleEnableProps {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	56
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	57	/*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	58	* Enables logging of the SSLEngine operations.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	59	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	60	private static final boolean logging = true;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	61
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	62	/*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	63	* Enables the JSSE system debugging system property:
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	64	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	65	* -Djavax.net.debug=all
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	66	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	67	* This gives a lot of low-level information about operations underway,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	68	* including specific handshake messages, and might be best examined
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	69	* after gaining some familiarity with this application.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	70	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	71	private static final boolean debug = false;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	72
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	73	// These four ByteBuffer references will be used to hang onto ClientHello
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	74	// messages with and without the status_request[_v2] extensions. These
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	75	// will be used in the server-side stapling tests. There are two sets,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	76	// one for 1.2 and earlier versions of the protocol and one for 1.3
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	77	// and later versions, since the handshake and extension sets differ
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	78	// between the two sets.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	79	private static ByteBuffer cHello12Staple;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	80	private static ByteBuffer cHello12NoStaple;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	81	private static ByteBuffer cHello13Staple;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	82	private static ByteBuffer cHello13NoStaple;
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	83
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	84	// The following items are used to set up the keystores.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	85	private static final String passwd = "passphrase";
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	86	private static final String ROOT_ALIAS = "root";
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	87	private static final String INT_ALIAS = "intermediate";
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	88	private static final String SSL_ALIAS = "ssl";
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	89
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	90	// PKI components we will need for this test
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	91	private static KeyManagerFactory kmf;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	92	private static TrustManagerFactory tmf;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	93	private static KeyStore rootKeystore; // Root CA Keystore
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	94	private static KeyStore intKeystore; // Intermediate CA Keystore
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	95	private static KeyStore serverKeystore; // SSL Server Keystore
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	96	private static KeyStore trustStore; // SSL Client trust store
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	97	private static SimpleOCSPServer rootOcsp; // Root CA OCSP Responder
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	98	private static int rootOcspPort; // Port for root OCSP
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	99	private static SimpleOCSPServer intOcsp; // Intermediate CA OCSP server
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	100	private static int intOcspPort; // Port for intermediate OCSP
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	101
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	102	// Extra configuration parameters and constants
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	103	static final String[] TLS13ONLY = new String[] { "TLSv1.3" };
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	104	static final String[] TLS12MAX =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	105	new String[] { "TLSv1.2", "TLSv1.1", "TLSv1" };
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	106
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	107	// A few helpful TLS definitions to make it easier
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	108	private static final int HELLO_EXT_STATUS_REQ = 5;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	109	private static final int HELLO_EXT_STATUS_REQ_V2 = 17;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	110
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	111	/*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	112	* Main entry point for this test.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	113	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	114	public static void main(String args[]) throws Exception {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	115	if (debug) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	116	System.setProperty("javax.net.debug", "ssl:handshake,verbose");
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	117	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	118
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	119	// Create the PKI we will use for the test and start the OCSP servers
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	120	createPKI();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	121
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	122	// Set up the KeyManagerFactory and TrustManagerFactory
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	123	kmf = KeyManagerFactory.getInstance("PKIX");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	124	kmf.init(serverKeystore, passwd.toCharArray());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	125	tmf = TrustManagerFactory.getInstance("PKIX");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	126	tmf.init(trustStore);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	127
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	128	// Run the client and server property tests
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	129	testClientProp();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	130	testServerProp();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	131
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	132	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	133
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	134	private static void testClientProp() throws Exception {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	135	SSLEngineResult clientResult;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	136
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	137	// Test with the client-side enable property set to true
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	138	System.out.println("=========================================");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	139	System.out.println("Client Test 1: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	140	"jdk.tls.client.enableStatusRequestExtension = true");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	141	System.out.println("Version = TLS 1.2");
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	142	System.out.println("=========================================");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	143
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	144	System.setProperty("jdk.tls.client.enableStatusRequestExtension",
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	145	"true");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	146	SSLContext ctxStaple = SSLContext.getInstance("TLS");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	147	ctxStaple.init(null, tmf.getTrustManagers(), null);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	148	SSLEngine engine = ctxStaple.createSSLEngine();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	149	engine.setUseClientMode(true);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	150	engine.setEnabledProtocols(TLS12MAX);
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	151	SSLSession session = engine.getSession();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	152	ByteBuffer clientOut = ByteBuffer.wrap("I'm a Client".getBytes());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	153	ByteBuffer cTOs =
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	154	ByteBuffer.allocateDirect(session.getPacketBufferSize());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	155
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	156	// Create and check the ClientHello message
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	157	clientResult = engine.wrap(clientOut, cTOs);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	158	log("client wrap: ", clientResult);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	159	if (clientResult.getStatus() != SSLEngineResult.Status.OK) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	160	throw new SSLException("Client wrap got status: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	161	clientResult.getStatus());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	162	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	163	cTOs.flip();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	164	System.out.println(dumpHexBytes(cTOs));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	165	checkClientHello(cTOs, true, true);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	166	cHello12Staple = cTOs;
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	167
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	168	// Test with the property set to false
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	169	System.out.println("=========================================");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	170	System.out.println("Client Test 2: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	171	"jdk.tls.client.enableStatusRequestExtension = false");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	172	System.out.println("Version = TLS 1.2");
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	173	System.out.println("=========================================");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	174
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	175	System.setProperty("jdk.tls.client.enableStatusRequestExtension",
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	176	"false");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	177	SSLContext ctxNoStaple = SSLContext.getInstance("TLS");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	178	ctxNoStaple.init(null, tmf.getTrustManagers(), null);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	179	engine = ctxNoStaple.createSSLEngine();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	180	engine.setUseClientMode(true);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	181	engine.setEnabledProtocols(TLS12MAX);
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	182	session = engine.getSession();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	183	cTOs = ByteBuffer.allocateDirect(session.getPacketBufferSize());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	184
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	185	// Create and check the ClientHello message
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	186	clientResult = engine.wrap(clientOut, cTOs);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	187	log("client wrap: ", clientResult);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	188	if (clientResult.getStatus() != SSLEngineResult.Status.OK) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	189	throw new SSLException("Client wrap got status: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	190	clientResult.getStatus());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	191	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	192	cTOs.flip();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	193	System.out.println(dumpHexBytes(cTOs));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	194	checkClientHello(cTOs, false, false);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	195	cHello12NoStaple = cTOs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	196
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	197	// Turn the property back on to true and test using TLS 1.3
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	198	System.out.println("=========================================");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	199	System.out.println("Client Test 3: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	200	"jdk.tls.client.enableStatusRequestExtension = true");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	201	System.out.println("Version = TLS 1.3");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	202	System.out.println("=========================================");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	203
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	204	System.setProperty("jdk.tls.client.enableStatusRequestExtension",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	205	"true");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	206	ctxStaple = SSLContext.getInstance("TLS");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	207	ctxStaple.init(null, tmf.getTrustManagers(), null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	208	engine = ctxStaple.createSSLEngine();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	209	engine.setUseClientMode(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	210	engine.setEnabledProtocols(TLS13ONLY);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	211	session = engine.getSession();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	212	cTOs = ByteBuffer.allocateDirect(session.getPacketBufferSize());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	213
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	214	// Create and check the ClientHello message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	215	clientResult = engine.wrap(clientOut, cTOs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	216	log("client wrap: ", clientResult);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	217	if (clientResult.getStatus() != SSLEngineResult.Status.OK) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	218	throw new SSLException("Client wrap got status: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	219	clientResult.getStatus());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	220	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	221	cTOs.flip();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	222	System.out.println(dumpHexBytes(cTOs));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	223	checkClientHello(cTOs, true, false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	224	cHello13Staple = cTOs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	225
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	226	// Turn the property off again and test in a TLS 1.3 handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	227	System.out.println("=========================================");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	228	System.out.println("Client Test 4: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	229	"jdk.tls.client.enableStatusRequestExtension = false");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	230	System.out.println("Version = TLS 1.3");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	231	System.out.println("=========================================");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	232
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	233	System.setProperty("jdk.tls.client.enableStatusRequestExtension",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	234	"false");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	235	ctxNoStaple = SSLContext.getInstance("TLS");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	236	ctxNoStaple.init(null, tmf.getTrustManagers(), null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	237	engine = ctxNoStaple.createSSLEngine();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	238	engine.setUseClientMode(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	239	engine.setEnabledProtocols(TLS13ONLY);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	240	session = engine.getSession();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	241	cTOs = ByteBuffer.allocateDirect(session.getPacketBufferSize());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	242
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	243	// Create and check the ClientHello message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	244	clientResult = engine.wrap(clientOut, cTOs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	245	log("client wrap: ", clientResult);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	246	if (clientResult.getStatus() != SSLEngineResult.Status.OK) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	247	throw new SSLException("Client wrap got status: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	248	clientResult.getStatus());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	249	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	250	cTOs.flip();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	251	System.out.println(dumpHexBytes(cTOs));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	252	checkClientHello(cTOs, false, false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	253	cHello13NoStaple = cTOs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	254
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	255	// A TLS 1.3-capable hello, one that is not strictly limited to
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	256	// the TLS 1.3 protocol should have both status_request and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	257	// status_request_v2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	258	System.out.println("=========================================");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	259	System.out.println("Client Test 5: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	260	"jdk.tls.client.enableStatusRequestExtension = true");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	261	System.out.println("Version = TLS 1.3 capable [default hello]");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	262	System.out.println("=========================================");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	263
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	264	System.setProperty("jdk.tls.client.enableStatusRequestExtension",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	265	"true");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	266	ctxStaple = SSLContext.getInstance("TLS");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	267	ctxStaple.init(null, tmf.getTrustManagers(), null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	268	engine = ctxStaple.createSSLEngine();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	269	engine.setUseClientMode(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	270	// Note: Unlike the other tests, there is no explicit protocol setting
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	271	session = engine.getSession();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	272	cTOs = ByteBuffer.allocateDirect(session.getPacketBufferSize());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	273
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	274	// Create and check the ClientHello message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	275	clientResult = engine.wrap(clientOut, cTOs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	276	log("client wrap: ", clientResult);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	277	if (clientResult.getStatus() != SSLEngineResult.Status.OK) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	278	throw new SSLException("Client wrap got status: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	279	clientResult.getStatus());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	280	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	281	cTOs.flip();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	282	System.out.println(dumpHexBytes(cTOs));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	283	checkClientHello(cTOs, true, true);
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	284	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	285
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	286	private static void testServerProp() throws Exception {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	287	SSLEngineResult serverResult;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	288	HandshakeStatus hsStat;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	289
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	290	// Test with the server-side enable property set to true
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	291	System.out.println("=========================================");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	292	System.out.println("Server Test 1: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	293	"jdk.tls.server.enableStatusRequestExtension = true");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	294	System.out.println("Version = TLS 1.2");
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	295	System.out.println("=========================================");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	296
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	297	System.setProperty("jdk.tls.server.enableStatusRequestExtension",
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	298	"true");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	299	SSLContext ctxStaple = SSLContext.getInstance("TLS");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	300	ctxStaple.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	301	SSLEngine engine = ctxStaple.createSSLEngine();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	302	engine.setUseClientMode(false);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	303	engine.setEnabledProtocols(TLS12MAX);
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	304	SSLSession session = engine.getSession();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	305	ByteBuffer serverOut = ByteBuffer.wrap("I'm a Server".getBytes());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	306	ByteBuffer serverIn =
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	307	ByteBuffer.allocate(session.getApplicationBufferSize() + 50);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	308	ByteBuffer sTOc =
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	309	ByteBuffer.allocateDirect(session.getPacketBufferSize());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	310
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	311	// Consume the client hello
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	312	serverResult = engine.unwrap(cHello12Staple, serverIn);
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	313	log("server unwrap: ", serverResult);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	314	if (serverResult.getStatus() != SSLEngineResult.Status.OK) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	315	throw new SSLException("Server unwrap got status: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	316	serverResult.getStatus());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	317	} else if (serverResult.getHandshakeStatus() !=
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	318	SSLEngineResult.HandshakeStatus.NEED_TASK) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	319	throw new SSLException("Server unwrap expected NEED_TASK, got: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	320	serverResult.getHandshakeStatus());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	321	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	322	runDelegatedTasks(serverResult, engine);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	323	if (engine.getHandshakeStatus() !=
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	324	SSLEngineResult.HandshakeStatus.NEED_WRAP) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	325	throw new SSLException("Expected NEED_WRAP, got: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	326	engine.getHandshakeStatus());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	327	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	328
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	329	// Generate a TLS record with the ServerHello
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	330	serverResult = engine.wrap(serverOut, sTOc);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	331	log("client wrap: ", serverResult);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	332	if (serverResult.getStatus() != SSLEngineResult.Status.OK) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	333	throw new SSLException("Client wrap got status: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	334	serverResult.getStatus());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	335	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	336	sTOc.flip();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	337	System.out.println(dumpHexBytes(sTOc));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	338	checkServerHello(sTOc, false, true);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	339
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	340	// Flip the client hello so we can reuse it in the next test.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	341	cHello12Staple.flip();
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	342
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	343	// Test with the server-side enable property set to false
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	344	System.out.println("=========================================");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	345	System.out.println("Server Test 2: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	346	"jdk.tls.server.enableStatusRequestExtension = false");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	347	System.out.println("Version = TLS 1.2");
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	348	System.out.println("=========================================");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	349
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	350	System.setProperty("jdk.tls.server.enableStatusRequestExtension",
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	351	"false");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	352	SSLContext ctxNoStaple = SSLContext.getInstance("TLS");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	353	ctxNoStaple.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	354	engine = ctxNoStaple.createSSLEngine();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	355	engine.setUseClientMode(false);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	356	engine.setEnabledProtocols(TLS12MAX);
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	357	session = engine.getSession();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	358	serverIn = ByteBuffer.allocate(session.getApplicationBufferSize() + 50);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	359	sTOc = ByteBuffer.allocateDirect(session.getPacketBufferSize());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	360
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	361	// Consume the client hello
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	362	serverResult = engine.unwrap(cHello12Staple, serverIn);
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	363	log("server unwrap: ", serverResult);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	364	if (serverResult.getStatus() != SSLEngineResult.Status.OK) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	365	throw new SSLException("Server unwrap got status: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	366	serverResult.getStatus());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	367	} else if (serverResult.getHandshakeStatus() !=
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	368	SSLEngineResult.HandshakeStatus.NEED_TASK) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	369	throw new SSLException("Server unwrap expected NEED_TASK, got: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	370	serverResult.getHandshakeStatus());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	371	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	372	runDelegatedTasks(serverResult, engine);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	373	if (engine.getHandshakeStatus() !=
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	374	SSLEngineResult.HandshakeStatus.NEED_WRAP) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	375	throw new SSLException("Expected NEED_WRAP, got: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	376	engine.getHandshakeStatus());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	377	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	378
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	379	// Generate a TLS record with the ServerHello
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	380	serverResult = engine.wrap(serverOut, sTOc);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	381	log("client wrap: ", serverResult);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	382	if (serverResult.getStatus() != SSLEngineResult.Status.OK) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	383	throw new SSLException("Client wrap got status: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	384	serverResult.getStatus());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	385	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	386	sTOc.flip();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	387	System.out.println(dumpHexBytes(sTOc));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	388	checkServerHello(sTOc, false, false);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	389	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	390
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	391	/*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	392	* If the result indicates that we have outstanding tasks to do,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	393	* go ahead and run them in this thread.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	394	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	395	private static void runDelegatedTasks(SSLEngineResult result,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	396	SSLEngine engine) throws Exception {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	397
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	398	if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	399	Runnable runnable;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	400	while ((runnable = engine.getDelegatedTask()) != null) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	401	log("\trunning delegated task...");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	402	runnable.run();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	403	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	404	HandshakeStatus hsStatus = engine.getHandshakeStatus();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	405	if (hsStatus == HandshakeStatus.NEED_TASK) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	406	throw new Exception(
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	407	"handshake shouldn't need additional tasks");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	408	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	409	log("\tnew HandshakeStatus: " + hsStatus);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	410	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	411	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	412
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	413	private static void log(String str, SSLEngineResult result) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	414	if (!logging) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	415	return;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	416	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	417	HandshakeStatus hsStatus = result.getHandshakeStatus();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	418	log(str +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	419	result.getStatus() + "/" + hsStatus + ", " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	420	result.bytesConsumed() + "/" + result.bytesProduced() +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	421	" bytes");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	422	if (hsStatus == HandshakeStatus.FINISHED) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	423	log("\t...ready for application data");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	424	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	425	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	426
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	427	private static void log(String str) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	428	if (logging) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	429	System.out.println(str);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	430	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	431	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	432
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	433	/**
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	434	* Dump a ByteBuffer as a hexdump to stdout. The dumping routine will
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	435	* start at the current position of the buffer and run to its limit.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	436	* After completing the dump, the position will be returned to its
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	437	* starting point.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	438	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	439	* @param data the ByteBuffer to dump to stdout.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	440	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	441	* @return the hexdump of the byte array.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	442	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	443	private static String dumpHexBytes(ByteBuffer data) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	444	StringBuilder sb = new StringBuilder();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	445	if (data != null) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	446	int i = 0;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	447	data.mark();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	448	while (data.hasRemaining()) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	449	if (i % 16 == 0 && i != 0) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	450	sb.append("\n");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	451	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	452	sb.append(String.format("%02X ", data.get()));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	453	i++;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	454	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	455	data.reset();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	456	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	457
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	458	return sb.toString();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	459	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	460
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	461	/**
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	462	* Tests the ClientHello for the presence (or not) of the status_request
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	463	* and status_request_v2 hello extensions. It is assumed that the provided
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	464	* ByteBuffer has its position set at the first byte of the TLS record
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	465	* containing the ClientHello and contains the entire hello message. Upon
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	466	* successful completion of this method the ByteBuffer will have its
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	467	* position reset to the initial offset in the buffer. If an exception is
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	468	* thrown the position at the time of the exception will be preserved.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	469	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	470	* @param data the ByteBuffer containing the ClientHello bytes
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	471	* @param statReqPresent true if the status_request hello extension should
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	472	* be present.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	473	* @param statReqV2Present true if the status_request_v2 hello extension
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	474	* should be present.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	475	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	476	* @throws SSLException if the presence or lack of either the
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	477	* status_request or status_request_v2 extensions is inconsistent with
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	478	* the expected settings in the statReqPresent or statReqV2Present
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	479	* parameters.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	480	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	481	private static void checkClientHello(ByteBuffer data,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	482	boolean statReqPresent, boolean statReqV2Present)
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	483	throws SSLException {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	484	boolean hasV1 = false;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	485	boolean hasV2 = false;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	486	Objects.requireNonNull(data);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	487	data.mark();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	488
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	489	// Process the TLS record header
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	490	int type = Byte.toUnsignedInt(data.get());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	491	int ver_major = Byte.toUnsignedInt(data.get());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	492	int ver_minor = Byte.toUnsignedInt(data.get());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	493	int recLen = Short.toUnsignedInt(data.getShort());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	494
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	495	// Simple sanity checks
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	496	if (type != 22) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	497	throw new SSLException("Not a handshake: Type = " + type);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	498	} else if (recLen > data.remaining()) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	499	throw new SSLException("Incomplete record in buffer: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	500	"Record length = " + recLen + ", Remaining = " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	501	data.remaining());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	502	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	503
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	504	// Grab the handshake message header.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	505	int msgHdr = data.getInt();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	506	int msgType = (msgHdr >> 24) & 0x000000FF;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	507	int msgLen = msgHdr & 0x00FFFFFF;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	508
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	509	// More simple sanity checks
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	510	if (msgType != 1) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	511	throw new SSLException("Not a ClientHello: Type = " + msgType);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	512	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	513
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	514	// Skip over the protocol version and client random
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	515	data.position(data.position() + 34);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	516
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	517	// Jump past the session ID (if there is one)
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	518	int sessLen = Byte.toUnsignedInt(data.get());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	519	if (sessLen != 0) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	520	data.position(data.position() + sessLen);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	521	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	522
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	523	// Jump past the cipher suites
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	524	int csLen = Short.toUnsignedInt(data.getShort());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	525	if (csLen != 0) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	526	data.position(data.position() + csLen);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	527	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	528
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	529	// ...and the compression
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	530	int compLen = Byte.toUnsignedInt(data.get());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	531	if (compLen != 0) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	532	data.position(data.position() + compLen);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	533	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	534
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	535	// Now for the fun part. Go through the extensions and look
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	536	// for the two status request exts.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	537	int extsLen = Short.toUnsignedInt(data.getShort());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	538	while (data.hasRemaining()) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	539	int extType = Short.toUnsignedInt(data.getShort());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	540	int extLen = Short.toUnsignedInt(data.getShort());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	541	hasV1 \|= (extType == HELLO_EXT_STATUS_REQ);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	542	hasV2 \|= (extType == HELLO_EXT_STATUS_REQ_V2);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	543	data.position(data.position() + extLen);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	544	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	545
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	546	if (hasV1 != statReqPresent) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	547	throw new SSLException("The status_request extension is " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	548	"inconsistent with the expected result: expected = " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	549	statReqPresent + ", actual = " + hasV1);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	550	} else if (hasV2 != statReqV2Present) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	551	throw new SSLException("The status_request_v2 extension is " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	552	"inconsistent with the expected result: expected = " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	553	statReqV2Present + ", actual = " + hasV2);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	554	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	555
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	556	// We should be at the end of the ClientHello
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	557	data.reset();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	558	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	559
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	560	/**
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	561	* Tests the ServerHello for the presence (or not) of the status_request
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	562	* or status_request_v2 hello extension. It is assumed that the provided
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	563	* ByteBuffer has its position set at the first byte of the TLS record
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	564	* containing the ServerHello and contains the entire hello message. Upon
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	565	* successful completion of this method the ByteBuffer will have its
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	566	* position reset to the initial offset in the buffer. If an exception is
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	567	* thrown the position at the time of the exception will be preserved.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	568	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	569	* @param statReqPresent true if the status_request hello extension should
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	570	* be present.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	571	* @param statReqV2Present true if the status_request_v2 hello extension
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	572	* should be present.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	573	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	574	* @throws SSLException if the presence or lack of either the
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	575	* status_request or status_request_v2 extensions is inconsistent with
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	576	* the expected settings in the statReqPresent or statReqV2Present
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	577	* parameters.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	578	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	579	private static void checkServerHello(ByteBuffer data,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	580	boolean statReqPresent, boolean statReqV2Present)
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	581	throws SSLException {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	582	boolean hasV1 = false;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	583	boolean hasV2 = false;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	584	Objects.requireNonNull(data);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	585	int startPos = data.position();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	586	data.mark();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	587
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	588	// Process the TLS record header
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	589	int type = Byte.toUnsignedInt(data.get());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	590	int ver_major = Byte.toUnsignedInt(data.get());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	591	int ver_minor = Byte.toUnsignedInt(data.get());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	592	int recLen = Short.toUnsignedInt(data.getShort());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	593
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	594	// Simple sanity checks
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	595	if (type != 22) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	596	throw new SSLException("Not a handshake: Type = " + type);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	597	} else if (recLen > data.remaining()) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	598	throw new SSLException("Incomplete record in buffer: " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	599	"Record length = " + recLen + ", Remaining = " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	600	data.remaining());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	601	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	602
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	603	// Grab the handshake message header.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	604	int msgHdr = data.getInt();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	605	int msgType = (msgHdr >> 24) & 0x000000FF;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	606	int msgLen = msgHdr & 0x00FFFFFF;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	607
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	608	// More simple sanity checks
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	609	if (msgType != 2) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	610	throw new SSLException("Not a ServerHello: Type = " + msgType);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	611	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	612
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	613	// Skip over the protocol version and server random
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	614	data.position(data.position() + 34);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	615
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	616	// Jump past the session ID
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	617	int sessLen = Byte.toUnsignedInt(data.get());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	618	if (sessLen != 0) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	619	data.position(data.position() + sessLen);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	620	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	621
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	622	// Skip the cipher suite and compression method
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	623	data.position(data.position() + 3);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	624
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	625	// Go through the extensions and look for the request extension
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	626	// expected by the caller.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	627	int extsLen = Short.toUnsignedInt(data.getShort());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	628	while (data.position() < recLen + startPos + 5) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	629	int extType = Short.toUnsignedInt(data.getShort());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	630	int extLen = Short.toUnsignedInt(data.getShort());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	631	hasV1 \|= (extType == HELLO_EXT_STATUS_REQ);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	632	hasV2 \|= (extType == HELLO_EXT_STATUS_REQ_V2);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	633	data.position(data.position() + extLen);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	634	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	635
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	636	if (hasV1 != statReqPresent) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	637	throw new SSLException("The status_request extension is " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	638	"inconsistent with the expected result: expected = " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	639	statReqPresent + ", actual = " + hasV1);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	640	} else if (hasV2 != statReqV2Present) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	641	throw new SSLException("The status_request_v2 extension is " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	642	"inconsistent with the expected result: expected = " +
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	643	statReqV2Present + ", actual = " + hasV2);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	644	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	645
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	646	// Reset the position to the initial spot at the start of this method.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	647	data.reset();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	648	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	649
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	650	/**
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	651	* Creates the PKI components necessary for this test, including
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	652	* Root CA, Intermediate CA and SSL server certificates, the keystores
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	653	* for each entity, a client trust store, and starts the OCSP responders.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	654	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	655	private static void createPKI() throws Exception {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	656	CertificateBuilder cbld = new CertificateBuilder();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	657	KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	658	keyGen.initialize(2048);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	659	KeyStore.Builder keyStoreBuilder =
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	660	KeyStore.Builder.newInstance("PKCS12", null,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	661	new KeyStore.PasswordProtection(passwd.toCharArray()));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	662
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	663	// Generate Root, IntCA, EE keys
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	664	KeyPair rootCaKP = keyGen.genKeyPair();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	665	log("Generated Root CA KeyPair");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	666	KeyPair intCaKP = keyGen.genKeyPair();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	667	log("Generated Intermediate CA KeyPair");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	668	KeyPair sslKP = keyGen.genKeyPair();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	669	log("Generated SSL Cert KeyPair");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	670
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	671	// Set up the Root CA Cert
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	672	cbld.setSubjectName("CN=Root CA Cert, O=SomeCompany");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	673	cbld.setPublicKey(rootCaKP.getPublic());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	674	cbld.setSerialNumber(new BigInteger("1"));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	675	// Make a 3 year validity starting from 60 days ago
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	676	long start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(60);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	677	long end = start + TimeUnit.DAYS.toMillis(1085);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	678	cbld.setValidity(new Date(start), new Date(end));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	679	addCommonExts(cbld, rootCaKP.getPublic(), rootCaKP.getPublic());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	680	addCommonCAExts(cbld);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	681	// Make our Root CA Cert!
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	682	X509Certificate rootCert = cbld.build(null, rootCaKP.getPrivate(),
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	683	"SHA256withRSA");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	684	log("Root CA Created:\n" + certInfo(rootCert));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	685
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	686	// Now build a keystore and add the keys and cert
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	687	rootKeystore = keyStoreBuilder.getKeyStore();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	688	java.security.cert.Certificate[] rootChain = {rootCert};
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	689	rootKeystore.setKeyEntry(ROOT_ALIAS, rootCaKP.getPrivate(),
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	690	passwd.toCharArray(), rootChain);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	691
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	692	// Now fire up the OCSP responder
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	693	rootOcsp = new SimpleOCSPServer(rootKeystore, passwd, ROOT_ALIAS, null);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	694	rootOcsp.enableLog(logging);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	695	rootOcsp.setNextUpdateInterval(3600);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	696	rootOcsp.start();
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	697
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	698	// Wait 5 seconds for server ready
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	699	for (int i = 0; (i < 100 && !rootOcsp.isServerReady()); i++) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	700	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	701	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	702	if (!rootOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	703	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	704	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	705
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	706	rootOcspPort = rootOcsp.getPort();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	707	String rootRespURI = "http://localhost:" + rootOcspPort;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	708	log("Root OCSP Responder URI is " + rootRespURI);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	709
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	710	// Now that we have the root keystore and OCSP responder we can
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	711	// create our intermediate CA.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	712	cbld.reset();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	713	cbld.setSubjectName("CN=Intermediate CA Cert, O=SomeCompany");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	714	cbld.setPublicKey(intCaKP.getPublic());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	715	cbld.setSerialNumber(new BigInteger("100"));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	716	// Make a 2 year validity starting from 30 days ago
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	717	start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(30);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	718	end = start + TimeUnit.DAYS.toMillis(730);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	719	cbld.setValidity(new Date(start), new Date(end));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	720	addCommonExts(cbld, intCaKP.getPublic(), rootCaKP.getPublic());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	721	addCommonCAExts(cbld);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	722	cbld.addAIAExt(Collections.singletonList(rootRespURI));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	723	// Make our Intermediate CA Cert!
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	724	X509Certificate intCaCert = cbld.build(rootCert, rootCaKP.getPrivate(),
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	725	"SHA256withRSA");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	726	log("Intermediate CA Created:\n" + certInfo(intCaCert));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	727
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	728	// Provide intermediate CA cert revocation info to the Root CA
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	729	// OCSP responder.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	730	Map<BigInteger, SimpleOCSPServer.CertStatusInfo> revInfo =
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	731	new HashMap<>();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	732	revInfo.put(intCaCert.getSerialNumber(),
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	733	new SimpleOCSPServer.CertStatusInfo(
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	734	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	735	rootOcsp.updateStatusDb(revInfo);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	736
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	737	// Now build a keystore and add the keys, chain and root cert as a TA
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	738	intKeystore = keyStoreBuilder.getKeyStore();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	739	java.security.cert.Certificate[] intChain = {intCaCert, rootCert};
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	740	intKeystore.setKeyEntry(INT_ALIAS, intCaKP.getPrivate(),
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	741	passwd.toCharArray(), intChain);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	742	intKeystore.setCertificateEntry(ROOT_ALIAS, rootCert);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	743
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	744	// Now fire up the Intermediate CA OCSP responder
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	745	intOcsp = new SimpleOCSPServer(intKeystore, passwd,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	746	INT_ALIAS, null);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	747	intOcsp.enableLog(logging);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	748	intOcsp.setNextUpdateInterval(3600);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	749	intOcsp.start();
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	750
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	751	// Wait 5 seconds for server ready
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	752	for (int i = 0; (i < 100 && !intOcsp.isServerReady()); i++) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	753	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	754	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	755	if (!intOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	756	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	757	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 36132 diff changeset	758
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	759	intOcspPort = intOcsp.getPort();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	760	String intCaRespURI = "http://localhost:" + intOcspPort;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	761	log("Intermediate CA OCSP Responder URI is " + intCaRespURI);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	762
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	763	// Last but not least, let's make our SSLCert and add it to its own
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	764	// Keystore
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	765	cbld.reset();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	766	cbld.setSubjectName("CN=SSLCertificate, O=SomeCompany");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	767	cbld.setPublicKey(sslKP.getPublic());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	768	cbld.setSerialNumber(new BigInteger("4096"));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	769	// Make a 1 year validity starting from 7 days ago
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	770	start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(7);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	771	end = start + TimeUnit.DAYS.toMillis(365);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	772	cbld.setValidity(new Date(start), new Date(end));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	773
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	774	// Add extensions
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	775	addCommonExts(cbld, sslKP.getPublic(), intCaKP.getPublic());
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	776	boolean[] kuBits = {true, false, true, false, false, false,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	777	false, false, false};
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	778	cbld.addKeyUsageExt(kuBits);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	779	List<String> ekuOids = new ArrayList<>();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	780	ekuOids.add("1.3.6.1.5.5.7.3.1");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	781	ekuOids.add("1.3.6.1.5.5.7.3.2");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	782	cbld.addExtendedKeyUsageExt(ekuOids);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	783	cbld.addSubjectAltNameDNSExt(Collections.singletonList("localhost"));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	784	cbld.addAIAExt(Collections.singletonList(intCaRespURI));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	785	// Make our SSL Server Cert!
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	786	X509Certificate sslCert = cbld.build(intCaCert, intCaKP.getPrivate(),
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	787	"SHA256withRSA");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	788	log("SSL Certificate Created:\n" + certInfo(sslCert));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	789
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	790	// Provide SSL server cert revocation info to the Intermeidate CA
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	791	// OCSP responder.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	792	revInfo = new HashMap<>();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	793	revInfo.put(sslCert.getSerialNumber(),
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	794	new SimpleOCSPServer.CertStatusInfo(
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	795	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	796	intOcsp.updateStatusDb(revInfo);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	797
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	798	// Now build a keystore and add the keys, chain and root cert as a TA
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	799	serverKeystore = keyStoreBuilder.getKeyStore();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	800	java.security.cert.Certificate[] sslChain = {sslCert, intCaCert, rootCert};
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	801	serverKeystore.setKeyEntry(SSL_ALIAS, sslKP.getPrivate(),
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	802	passwd.toCharArray(), sslChain);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	803	serverKeystore.setCertificateEntry(ROOT_ALIAS, rootCert);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	804
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	805	// And finally a Trust Store for the client
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	806	trustStore = keyStoreBuilder.getKeyStore();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	807	trustStore.setCertificateEntry(ROOT_ALIAS, rootCert);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	808	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	809
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	810	private static void addCommonExts(CertificateBuilder cbld,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	811	PublicKey subjKey, PublicKey authKey) throws IOException {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	812	cbld.addSubjectKeyIdExt(subjKey);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	813	cbld.addAuthorityKeyIdExt(authKey);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	814	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	815
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	816	private static void addCommonCAExts(CertificateBuilder cbld)
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	817	throws IOException {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	818	cbld.addBasicConstraintsExt(true, true, -1);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	819	// Set key usage bits for digitalSignature, keyCertSign and cRLSign
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	820	boolean[] kuBitSettings = {true, false, false, false, false, true,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	821	true, false, false};
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	822	cbld.addKeyUsageExt(kuBitSettings);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	823	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	824
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	825	/**
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	826	* Helper routine that dumps only a few cert fields rather than
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	827	* the whole toString() output.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	828	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	829	* @param cert an X509Certificate to be displayed
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	830	*
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	831	* @return the String output of the issuer, subject and
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	832	* serial number
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	833	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	834	private static String certInfo(X509Certificate cert) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	835	StringBuilder sb = new StringBuilder();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	836	sb.append("Issuer: ").append(cert.getIssuerX500Principal()).
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	837	append("\n");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	838	sb.append("Subject: ").append(cert.getSubjectX500Principal()).
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	839	append("\n");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	840	sb.append("Serial: ").append(cert.getSerialNumber()).append("\n");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	841	return sb.toString();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	842	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: diff changeset	843	}

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
parent 47216	71c04702a3d5
permissions	-rw-r--r--