jdk-sandbox: jdk/test/javax/net/ssl/Stapling/SSLSocketWithStapling.java@9669aa3c7bcb (annotated)

32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	1	/*
44479 9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	2	* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	4	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	7	* published by the Free Software Foundation.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	8	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	13	* accompanied this code).
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	14	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	18	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	21	* questions.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	22	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	23
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	24	// SunJSSE does not support dynamic system properties, no way to re-use
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	25	// system properties in samevm/agentvm mode.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	26
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	27	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	28	* @test
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	29	* @bug 8046321 8153829
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	30	* @summary OCSP Stapling for TLS
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	31	* @library ../../../../java/security/testlibrary
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	32	* @build CertificateBuilder SimpleOCSPServer
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	33	* @run main/othervm SSLSocketWithStapling
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	34	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	35
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	36	import java.io.*;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	37	import java.math.BigInteger;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	38	import java.security.KeyPair;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	39	import java.security.KeyPairGenerator;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	40	import javax.net.ssl.*;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	41	import java.security.KeyStore;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	42	import java.security.PublicKey;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	43	import java.security.Security;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	44	import java.security.cert.CertPathValidator;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	45	import java.security.cert.CertPathValidatorException;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	46	import java.security.cert.CertPathValidatorException.BasicReason;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	47	import java.security.cert.Certificate;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	48	import java.security.cert.PKIXBuilderParameters;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	49	import java.security.cert.X509CertSelector;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	50	import java.security.cert.X509Certificate;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	51	import java.security.cert.PKIXRevocationChecker;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	52	import java.security.cert.PKIXRevocationChecker.Option;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	53	import java.util.ArrayList;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	54	import java.util.Collections;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	55	import java.util.Date;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	56	import java.util.EnumSet;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	57	import java.util.List;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	58	import java.util.Map;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	59	import java.util.HashMap;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	60	import java.util.concurrent.TimeUnit;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	61
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	62	import sun.security.testlibrary.SimpleOCSPServer;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	63	import sun.security.testlibrary.CertificateBuilder;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	64
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	65	public class SSLSocketWithStapling {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	66
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	67	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	68	* =============================================================
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	69	* Set the various variables needed for the tests, then
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	70	* specify what tests to run on each side.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	71	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	72
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	73	// Turn on TLS debugging
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	74	static boolean debug = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	75
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	76	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	77	* Should we run the client or server in a separate thread?
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	78	* Both sides can throw exceptions, but do you have a preference
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	79	* as to which side should be the main thread.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	80	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	81	static boolean separateServerThread = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	82	Thread clientThread = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	83	Thread serverThread = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	84
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	85	static String passwd = "passphrase";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	86	static String ROOT_ALIAS = "root";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	87	static String INT_ALIAS = "intermediate";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	88	static String SSL_ALIAS = "ssl";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	89
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	90	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	91	* Is the server ready to serve?
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	92	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	93	volatile static boolean serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	94	volatile int serverPort = 0;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	95
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	96	volatile Exception serverException = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	97	volatile Exception clientException = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	98
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	99	// PKI components we will need for this test
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	100	static KeyStore rootKeystore; // Root CA Keystore
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	101	static KeyStore intKeystore; // Intermediate CA Keystore
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	102	static KeyStore serverKeystore; // SSL Server Keystore
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	103	static KeyStore trustStore; // SSL Client trust store
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	104	static SimpleOCSPServer rootOcsp; // Root CA OCSP Responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	105	static int rootOcspPort; // Port number for root OCSP
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	106	static SimpleOCSPServer intOcsp; // Intermediate CA OCSP Responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	107	static int intOcspPort; // Port number for intermed. OCSP
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	108
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	109	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	110	* If the client or server is doing some kind of object creation
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	111	* that the other side depends on, and that thread prematurely
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	112	* exits, you may experience a hang. The test harness will
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	113	* terminate all hung threads after its timeout has expired,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	114	* currently 3 minutes by default, but you might try to be
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	115	* smart about it....
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	116	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	117	public static void main(String[] args) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	118	if (debug) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	119	System.setProperty("javax.net.debug", "ssl");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	120	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	121
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	122	try {
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	123	// Create the PKI we will use for the test and start the OCSP servers
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	124	createPKI();
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	125
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	126	testAllDefault();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	127	testPKIXParametersRevEnabled();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	128	testRevokedCertificate();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	129	testHardFailFallback();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	130	testSoftFailFallback();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	131	testLatencyNoStaple(false);
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	132	testLatencyNoStaple(true);
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	133	} finally {
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	134	// shut down the OCSP responders before finishing the test
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	135	intOcsp.stop();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	136	rootOcsp.stop();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	137	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	138	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	139
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	140	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	141	* Default test using no externally-configured PKIXBuilderParameters
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	142	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	143	static void testAllDefault() throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	144	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	145	ServerParameters servParams = new ServerParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	146	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	147	Map<BigInteger, SimpleOCSPServer.CertStatusInfo> revInfo =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	148	new HashMap<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	149
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	150	// We will prove revocation checking is disabled by marking the SSL
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	151	// certificate as revoked. The test would only pass if revocation
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	152	// checking did not happen.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	153	X509Certificate sslCert =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	154	(X509Certificate)serverKeystore.getCertificate(SSL_ALIAS);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	155	Date fiveMinsAgo = new Date(System.currentTimeMillis() -
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	156	TimeUnit.MINUTES.toMillis(5));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	157	revInfo.put(sslCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	158	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	159	SimpleOCSPServer.CertStatus.CERT_STATUS_REVOKED,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	160	fiveMinsAgo));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	161	intOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	162
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	163	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	164	System.out.println("Stapling enabled, default configuration");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	165	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	166
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	167	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	168	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	169	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	170	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	171	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	172	} else if (tr.serverExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	173	throw tr.serverExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	174	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	175
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	176	// Return the ssl certificate to non-revoked status
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	177	revInfo.put(sslCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	178	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	179	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	180	intOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	181
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	182	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	183	System.out.println("=======================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	184	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	185
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	186	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	187	* Do a basic connection using PKIXParameters with revocation checking
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	188	* enabled and client-side OCSP disabled. It will only pass if all
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	189	* stapled responses are present, valid and have a GOOD status.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	190	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	191	static void testPKIXParametersRevEnabled() throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	192	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	193	ServerParameters servParams = new ServerParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	194	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	195
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	196	System.out.println("=====================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	197	System.out.println("Stapling enabled, PKIXParameters with");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	198	System.out.println("Revocation checking enabled ");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	199	System.out.println("=====================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	200
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	201	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	202	new X509CertSelector());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	203	cliParams.pkixParams.setRevocationEnabled(true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	204	Security.setProperty("ocsp.enable", "false");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	205
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	206	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	207	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	208	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	209	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	210	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	211	} else if (tr.serverExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	212	throw tr.serverExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	213	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	214
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	215	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	216	System.out.println("=====================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	217	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	218
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	219	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	220	* Perform a test where the certificate is revoked and placed in the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	221	* TLS handshake. Client-side OCSP is disabled, so this test will only
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	222	* pass if the OCSP response is found, since we will check the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	223	* CertPathValidatorException reason for revoked status.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	224	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	225	static void testRevokedCertificate() throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	226	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	227	ServerParameters servParams = new ServerParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	228	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	229	Map<BigInteger, SimpleOCSPServer.CertStatusInfo> revInfo =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	230	new HashMap<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	231
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	232	// We will prove revocation checking is disabled by marking the SSL
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	233	// certificate as revoked. The test would only pass if revocation
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	234	// checking did not happen.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	235	X509Certificate sslCert =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	236	(X509Certificate)serverKeystore.getCertificate(SSL_ALIAS);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	237	Date fiveMinsAgo = new Date(System.currentTimeMillis() -
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	238	TimeUnit.MINUTES.toMillis(5));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	239	revInfo.put(sslCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	240	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	241	SimpleOCSPServer.CertStatus.CERT_STATUS_REVOKED,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	242	fiveMinsAgo));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	243	intOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	244
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	245	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	246	System.out.println("Stapling enabled, default configuration");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	247	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	248
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	249	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	250	new X509CertSelector());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	251	cliParams.pkixParams.setRevocationEnabled(true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	252	Security.setProperty("ocsp.enable", "false");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	253
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	254	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	255	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	256	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	257	if (!checkClientValidationFailure(tr.clientExc, BasicReason.REVOKED)) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	258	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	259	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	260	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	261	throw new RuntimeException(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	262	"Expected client failure, but the client succeeded");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	263	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	264	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	265
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	266	// Return the ssl certificate to non-revoked status
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	267	revInfo.put(sslCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	268	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	269	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	270	intOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	271
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	272	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	273	System.out.println("=======================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	274	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	275
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	276	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	277	* Test a case where client-side stapling is attempted, but does not
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	278	* occur because OCSP responders are unreachable. This should use a
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	279	* default hard-fail behavior.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	280	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	281	static void testHardFailFallback() throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	282	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	283	ServerParameters servParams = new ServerParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	284	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	285
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	286	// make OCSP responders reject connections
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	287	intOcsp.rejectConnections();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	288	rootOcsp.rejectConnections();
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	289
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	290	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	291	System.out.println("Stapling enbled in client and server,");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	292	System.out.println("but OCSP responders disabled.");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	293	System.out.println("PKIXParameters with Revocation checking");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	294	System.out.println("enabled.");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	295	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	296
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	297	Security.setProperty("ocsp.enable", "true");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	298	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	299	new X509CertSelector());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	300	cliParams.pkixParams.setRevocationEnabled(true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	301
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	302	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	303	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	304	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	305	if (!checkClientValidationFailure(tr.clientExc,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	306	BasicReason.UNDETERMINED_REVOCATION_STATUS)) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	307	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	308	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	309	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	310	throw new RuntimeException(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	311	"Expected client failure, but the client succeeded");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	312	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	313	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	314
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	315	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	316	System.out.println("=======================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	317
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	318	// Make OCSP responders accept connections
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	319	intOcsp.acceptConnections();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	320	rootOcsp.acceptConnections();
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	321
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	322	// Wait 5 seconds for server ready
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	323	for (int i = 0; (i < 100 && (!intOcsp.isServerReady() \|\| !rootOcsp.isServerReady())); i++) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	324	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	325	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	326	if (!intOcsp.isServerReady() \|\| !rootOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	327	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	328	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	329	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	330
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	331	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	332	* Test a case where client-side stapling is attempted, but does not
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	333	* occur because OCSP responders are unreachable. Client-side OCSP
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	334	* checking is enabled for this, with SOFT_FAIL.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	335	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	336	static void testSoftFailFallback() throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	337	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	338	ServerParameters servParams = new ServerParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	339	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	340
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	341	// make OCSP responders reject connections
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	342	intOcsp.rejectConnections();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	343	rootOcsp.rejectConnections();
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	344
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	345	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	346	System.out.println("Stapling enbled in client and server,");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	347	System.out.println("but OCSP responders disabled.");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	348	System.out.println("PKIXParameters with Revocation checking");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	349	System.out.println("enabled and SOFT_FAIL.");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	350	System.out.println("=======================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	351
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	352	Security.setProperty("ocsp.enable", "true");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	353	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	354	new X509CertSelector());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	355	cliParams.pkixParams.setRevocationEnabled(true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	356	CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	357	cliParams.revChecker =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	358	(PKIXRevocationChecker)cpv.getRevocationChecker();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	359	cliParams.revChecker.setOptions(EnumSet.of(Option.SOFT_FAIL));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	360
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	361	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	362	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	363	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	364	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	365	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	366	} else if (tr.serverExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	367	throw tr.serverExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	368	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	369
44479 9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	370	// make sure getSoftFailExceptions is not empty
9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	371	if (cliParams.revChecker.getSoftFailExceptions().isEmpty()) {
9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	372	throw new Exception("No soft fail exceptions");
9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	373	}
9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	374
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	375	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	376	System.out.println("=======================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	377
44479 9669aa3c7bcb 8161973: PKIXRevocationChecker.getSoftFailExceptions() not working mullan parents: 40390 diff changeset	378
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	379	// Make OCSP responders accept connections
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	380	intOcsp.acceptConnections();
64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	381	rootOcsp.acceptConnections();
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	382
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	383	// Wait 5 seconds for server ready
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	384	for (int i = 0; (i < 100 && (!intOcsp.isServerReady() \|\| !rootOcsp.isServerReady())); i++) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	385	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	386	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	387	if (!intOcsp.isServerReady() \|\| !rootOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	388	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	389	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	390	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	391
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	392	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	393	* This test initiates stapling from the client, but the server does not
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	394	* support OCSP stapling for this connection. In this case it happens
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	395	* because the latency of the OCSP responders is longer than the server
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	396	* is willing to wait. To keep the test streamlined, we will set the server
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	397	* latency to a 1 second wait, and set the responder latency to 3 seconds.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	398	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	399	* @param fallback if we allow client-side OCSP fallback, which
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	400	* will change the result from the client failing with CPVE (no fallback)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	401	* to a pass (fallback active).
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	402	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	403	static void testLatencyNoStaple(Boolean fallback) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	404	ClientParameters cliParams = new ClientParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	405	ServerParameters servParams = new ServerParameters();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	406	serverReady = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	407
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	408	// Give a 1 second delay before running the test.
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	409	intOcsp.setDelay(3000);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	410	rootOcsp.setDelay(3000);
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	411	Thread.sleep(1000);
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	412
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	413	// Wait 5 seconds for server ready
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	414	for (int i = 0; (i < 100 && (!intOcsp.isServerReady() \|\| !rootOcsp.isServerReady())); i++) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	415	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	416	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	417	if (!intOcsp.isServerReady() \|\| !rootOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	418	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	419	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	420
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	421	System.out.println("========================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	422	System.out.println("Stapling enbled in client. Server does");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	423	System.out.println("not support stapling due to OCSP latency.");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	424	System.out.println("PKIXParameters with Revocation checking");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	425	System.out.println("enabled, client-side OCSP checking is.");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	426	System.out.println(fallback ? "enabled" : "disabled");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	427	System.out.println("========================================");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	428
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	429	Security.setProperty("ocsp.enable", fallback.toString());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	430	cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	431	new X509CertSelector());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	432	cliParams.pkixParams.setRevocationEnabled(true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	433	servParams.respTimeout = 1000;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	434
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	435	SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	436	servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	437	TestResult tr = sslTest.getResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	438
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	439	if (fallback) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	440	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	441	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	442	} else if (tr.serverExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	443	throw tr.serverExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	444	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	445	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	446	if (!checkClientValidationFailure(tr.clientExc,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	447	BasicReason.UNDETERMINED_REVOCATION_STATUS)) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	448	if (tr.clientExc != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	449	throw tr.clientExc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	450	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	451	throw new RuntimeException(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	452	"Expected client failure, but the client succeeded");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	453	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	454	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	455	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	456	System.out.println(" PASS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	457	System.out.println("========================================\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	458
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	459	// Remove the OCSP responder latency
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	460	intOcsp.setDelay(0);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	461	rootOcsp.setDelay(0);
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	462	Thread.sleep(1000);
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	463
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	464	// Wait 5 seconds for server ready
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	465	for (int i = 0; (i < 100 && (!intOcsp.isServerReady() \|\| !rootOcsp.isServerReady())); i++) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	466	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	467	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	468	if (!intOcsp.isServerReady() \|\| !rootOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	469	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	470	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	471	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	472
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	473	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	474	* Define the server side of the test.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	475	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	476	* If the server prematurely exits, serverReady will be set to true
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	477	* to avoid infinite hangs.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	478	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	479	void doServerSide(ServerParameters servParams) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	480
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	481	// Selectively enable or disable the feature
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	482	System.setProperty("jdk.tls.server.enableStatusRequestExtension",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	483	Boolean.toString(servParams.enabled));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	484
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	485	// Set all the other operating parameters
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	486	System.setProperty("jdk.tls.stapling.cacheSize",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	487	Integer.toString(servParams.cacheSize));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	488	System.setProperty("jdk.tls.stapling.cacheLifetime",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	489	Integer.toString(servParams.cacheLifetime));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	490	System.setProperty("jdk.tls.stapling.responseTimeout",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	491	Integer.toString(servParams.respTimeout));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	492	System.setProperty("jdk.tls.stapling.responderURI", servParams.respUri);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	493	System.setProperty("jdk.tls.stapling.responderOverride",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	494	Boolean.toString(servParams.respOverride));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	495	System.setProperty("jdk.tls.stapling.ignoreExtensions",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	496	Boolean.toString(servParams.ignoreExts));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	497
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	498	// Set keystores and trust stores for the server
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	499	KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	500	kmf.init(serverKeystore, passwd.toCharArray());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	501	TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	502	tmf.init(trustStore);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	503
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	504	SSLContext sslc = SSLContext.getInstance("TLS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	505	sslc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	506
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	507	SSLServerSocketFactory sslssf = sslc.getServerSocketFactory();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	508
39317 fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	509	try (SSLServerSocket sslServerSocket =
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	510	(SSLServerSocket) sslssf.createServerSocket(serverPort)) {
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	511
39317 fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	512	serverPort = sslServerSocket.getLocalPort();
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	513
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	514	/*
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	515	* Signal Client, we're ready for his connect.
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	516	*/
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	517	serverReady = true;
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	518
39317 fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	519	try (SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	520	InputStream sslIS = sslSocket.getInputStream();
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	521	OutputStream sslOS = sslSocket.getOutputStream()) {
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	522	int numberIn = sslIS.read();
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	523	int numberSent = 85;
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	524	log("Server received number: " + numberIn);
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	525	sslOS.write(numberSent);
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	526	sslOS.flush();
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	527	log("Server sent number: " + numberSent);
fbda4d400372 8143302: javax/net/ssl/Stapling/SSLSocketWithStapling.java fails intermittently: Server died jnimeh parents: 37309 diff changeset	528	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	529	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	530	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	531
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	532	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	533	* Define the client side of the test.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	534	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	535	* If the server prematurely exits, serverReady will be set to true
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	536	* to avoid infinite hangs.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	537	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	538	void doClientSide(ClientParameters cliParams) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	539
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	540	// Wait 5 seconds for server ready
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	541	for (int i = 0; (i < 100 && !serverReady); i++) {
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	542	Thread.sleep(50);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	543	}
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	544	if (!serverReady) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	545	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	546	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	547
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	548	// Selectively enable or disable the feature
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	549	System.setProperty("jdk.tls.client.enableStatusRequestExtension",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	550	Boolean.toString(cliParams.enabled));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	551
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	552	// Create the Trust Manager Factory using the PKIX variant
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	553	TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	554
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	555	// If we have a customized pkixParameters then use it
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	556	if (cliParams.pkixParams != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	557	// LIf we have a customized PKIXRevocationChecker, add
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	558	// it to the PKIXBuilderParameters.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	559	if (cliParams.revChecker != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	560	cliParams.pkixParams.addCertPathChecker(cliParams.revChecker);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	561	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	562
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	563	ManagerFactoryParameters trustParams =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	564	new CertPathTrustManagerParameters(cliParams.pkixParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	565	tmf.init(trustParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	566	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	567	tmf.init(trustStore);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	568	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	569
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	570	SSLContext sslc = SSLContext.getInstance("TLS");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	571	sslc.init(null, tmf.getTrustManagers(), null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	572
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	573	SSLSocketFactory sslsf = sslc.getSocketFactory();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	574	try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket("localhost",
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	575	serverPort);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	576	InputStream sslIS = sslSocket.getInputStream();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	577	OutputStream sslOS = sslSocket.getOutputStream()) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	578	int numberSent = 80;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	579	sslOS.write(numberSent);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	580	sslOS.flush();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	581	log("Client sent number: " + numberSent);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	582	int numberIn = sslIS.read();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	583	log("Client received number:" + numberIn);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	584	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	585	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	586
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	587	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	588	* Primary constructor, used to drive remainder of the test.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	589	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	590	* Fork off the other side, then do your work.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	591	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	592	SSLSocketWithStapling(ClientParameters cliParams,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	593	ServerParameters servParams) throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	594	Exception startException = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	595	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	596	if (separateServerThread) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	597	startServer(servParams, true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	598	startClient(cliParams, false);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	599	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	600	startClient(cliParams, true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	601	startServer(servParams, false);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	602	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	603	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	604	startException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	605	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	606
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	607	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	608	* Wait for other side to close down.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	609	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	610	if (separateServerThread) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	611	if (serverThread != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	612	serverThread.join();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	613	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	614	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	615	if (clientThread != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	616	clientThread.join();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	617	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	618	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	619	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	620
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	621	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	622	* Checks a validation failure to see if it failed for the reason we think
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	623	* it should. This comes in as an SSLException of some sort, but it
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	624	* encapsulates a ValidatorException which in turn encapsulates the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	625	* CertPathValidatorException we are interested in.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	626	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	627	* @param e the exception thrown at the top level
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	628	* @param reason the underlying CertPathValidatorException BasicReason
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	629	* we are expecting it to have.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	630	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	631	* @return true if the reason matches up, false otherwise.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	632	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	633	static boolean checkClientValidationFailure(Exception e,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	634	BasicReason reason) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	635	boolean result = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	636
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	637	if (e instanceof SSLException) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	638	Throwable valExc = e.getCause();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	639	if (valExc instanceof sun.security.validator.ValidatorException) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	640	Throwable cause = valExc.getCause();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	641	if (cause instanceof CertPathValidatorException) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	642	CertPathValidatorException cpve =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	643	(CertPathValidatorException)cause;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	644	if (cpve.getReason() == reason) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	645	result = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	646	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	647	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	648	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	649	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	650	return result;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	651	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	652
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	653	TestResult getResult() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	654	TestResult tr = new TestResult();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	655	tr.clientExc = clientException;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	656	tr.serverExc = serverException;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	657	return tr;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	658	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	659
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	660	void startServer(ServerParameters servParams, boolean newThread)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	661	throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	662	if (newThread) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	663	serverThread = new Thread() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	664	public void run() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	665	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	666	doServerSide(servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	667	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	668	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	669	* Our server thread just died.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	670	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	671	* Release the client, if not active already...
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	672	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	673	System.err.println("Server died...");
40390 64541737c7f7 8162484: javax/net/ssl/Stapling/SSLSocketWithStapling.java test fails intermittently with "Address already in use" error asmotrak parents: 39317 diff changeset	674	e.printStackTrace(System.err);
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	675	serverReady = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	676	serverException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	677	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	678	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	679	};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	680	serverThread.start();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	681	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	682	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	683	doServerSide(servParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	684	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	685	serverException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	686	} finally {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	687	serverReady = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	688	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	689	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	690	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	691
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	692	void startClient(ClientParameters cliParams, boolean newThread)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	693	throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	694	if (newThread) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	695	clientThread = new Thread() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	696	public void run() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	697	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	698	doClientSide(cliParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	699	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	700	/*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	701	* Our client thread just died.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	702	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	703	System.err.println("Client died...");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	704	clientException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	705	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	706	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	707	};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	708	clientThread.start();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	709	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	710	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	711	doClientSide(cliParams);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	712	} catch (Exception e) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	713	clientException = e;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	714	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	715	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	716	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	717
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	718	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	719	* Creates the PKI components necessary for this test, including
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	720	* Root CA, Intermediate CA and SSL server certificates, the keystores
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	721	* for each entity, a client trust store, and starts the OCSP responders.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	722	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	723	private static void createPKI() throws Exception {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	724	CertificateBuilder cbld = new CertificateBuilder();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	725	KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	726	keyGen.initialize(2048);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	727	KeyStore.Builder keyStoreBuilder =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	728	KeyStore.Builder.newInstance("PKCS12", null,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	729	new KeyStore.PasswordProtection(passwd.toCharArray()));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	730
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	731	// Generate Root, IntCA, EE keys
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	732	KeyPair rootCaKP = keyGen.genKeyPair();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	733	log("Generated Root CA KeyPair");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	734	KeyPair intCaKP = keyGen.genKeyPair();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	735	log("Generated Intermediate CA KeyPair");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	736	KeyPair sslKP = keyGen.genKeyPair();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	737	log("Generated SSL Cert KeyPair");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	738
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	739	// Set up the Root CA Cert
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	740	cbld.setSubjectName("CN=Root CA Cert, O=SomeCompany");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	741	cbld.setPublicKey(rootCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	742	cbld.setSerialNumber(new BigInteger("1"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	743	// Make a 3 year validity starting from 60 days ago
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	744	long start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(60);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	745	long end = start + TimeUnit.DAYS.toMillis(1085);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	746	cbld.setValidity(new Date(start), new Date(end));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	747	addCommonExts(cbld, rootCaKP.getPublic(), rootCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	748	addCommonCAExts(cbld);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	749	// Make our Root CA Cert!
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	750	X509Certificate rootCert = cbld.build(null, rootCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	751	"SHA256withRSA");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	752	log("Root CA Created:\n" + certInfo(rootCert));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	753
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	754	// Now build a keystore and add the keys and cert
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	755	rootKeystore = keyStoreBuilder.getKeyStore();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	756	Certificate[] rootChain = {rootCert};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	757	rootKeystore.setKeyEntry(ROOT_ALIAS, rootCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	758	passwd.toCharArray(), rootChain);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	759
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	760	// Now fire up the OCSP responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	761	rootOcsp = new SimpleOCSPServer(rootKeystore, passwd, ROOT_ALIAS, null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	762	rootOcsp.enableLog(debug);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	763	rootOcsp.setNextUpdateInterval(3600);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	764	rootOcsp.start();
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	765
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	766	// Wait 5 seconds for server ready
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	767	for (int i = 0; (i < 100 && !rootOcsp.isServerReady()); i++) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	768	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	769	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	770	if (!rootOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	771	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	772	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	773
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	774	rootOcspPort = rootOcsp.getPort();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	775	String rootRespURI = "http://localhost:" + rootOcspPort;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	776	log("Root OCSP Responder URI is " + rootRespURI);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	777
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	778	// Now that we have the root keystore and OCSP responder we can
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	779	// create our intermediate CA.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	780	cbld.reset();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	781	cbld.setSubjectName("CN=Intermediate CA Cert, O=SomeCompany");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	782	cbld.setPublicKey(intCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	783	cbld.setSerialNumber(new BigInteger("100"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	784	// Make a 2 year validity starting from 30 days ago
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	785	start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(30);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	786	end = start + TimeUnit.DAYS.toMillis(730);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	787	cbld.setValidity(new Date(start), new Date(end));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	788	addCommonExts(cbld, intCaKP.getPublic(), rootCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	789	addCommonCAExts(cbld);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	790	cbld.addAIAExt(Collections.singletonList(rootRespURI));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	791	// Make our Intermediate CA Cert!
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	792	X509Certificate intCaCert = cbld.build(rootCert, rootCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	793	"SHA256withRSA");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	794	log("Intermediate CA Created:\n" + certInfo(intCaCert));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	795
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	796	// Provide intermediate CA cert revocation info to the Root CA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	797	// OCSP responder.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	798	Map<BigInteger, SimpleOCSPServer.CertStatusInfo> revInfo =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	799	new HashMap<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	800	revInfo.put(intCaCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	801	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	802	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	803	rootOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	804
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	805	// Now build a keystore and add the keys, chain and root cert as a TA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	806	intKeystore = keyStoreBuilder.getKeyStore();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	807	Certificate[] intChain = {intCaCert, rootCert};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	808	intKeystore.setKeyEntry(INT_ALIAS, intCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	809	passwd.toCharArray(), intChain);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	810	intKeystore.setCertificateEntry(ROOT_ALIAS, rootCert);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	811
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	812	// Now fire up the Intermediate CA OCSP responder
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	813	intOcsp = new SimpleOCSPServer(intKeystore, passwd,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	814	INT_ALIAS, null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	815	intOcsp.enableLog(debug);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	816	intOcsp.setNextUpdateInterval(3600);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	817	intOcsp.start();
37309 8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	818
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	819	// Wait 5 seconds for server ready
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	820	for (int i = 0; (i < 100 && !intOcsp.isServerReady()); i++) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	821	Thread.sleep(50);
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	822	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	823	if (!intOcsp.isServerReady()) {
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	824	throw new RuntimeException("Server not ready yet");
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	825	}
8f530b9d18f4 8153829: javax/net/ssl/Stapling/HttpsUrlConnClient.java fails intermittently with NullPointerException rhalade parents: 32032 diff changeset	826
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	827	intOcspPort = intOcsp.getPort();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	828	String intCaRespURI = "http://localhost:" + intOcspPort;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	829	log("Intermediate CA OCSP Responder URI is " + intCaRespURI);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	830
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	831	// Last but not least, let's make our SSLCert and add it to its own
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	832	// Keystore
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	833	cbld.reset();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	834	cbld.setSubjectName("CN=SSLCertificate, O=SomeCompany");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	835	cbld.setPublicKey(sslKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	836	cbld.setSerialNumber(new BigInteger("4096"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	837	// Make a 1 year validity starting from 7 days ago
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	838	start = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(7);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	839	end = start + TimeUnit.DAYS.toMillis(365);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	840	cbld.setValidity(new Date(start), new Date(end));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	841
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	842	// Add extensions
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	843	addCommonExts(cbld, sslKP.getPublic(), intCaKP.getPublic());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	844	boolean[] kuBits = {true, false, true, false, false, false,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	845	false, false, false};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	846	cbld.addKeyUsageExt(kuBits);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	847	List<String> ekuOids = new ArrayList<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	848	ekuOids.add("1.3.6.1.5.5.7.3.1");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	849	ekuOids.add("1.3.6.1.5.5.7.3.2");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	850	cbld.addExtendedKeyUsageExt(ekuOids);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	851	cbld.addSubjectAltNameDNSExt(Collections.singletonList("localhost"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	852	cbld.addAIAExt(Collections.singletonList(intCaRespURI));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	853	// Make our SSL Server Cert!
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	854	X509Certificate sslCert = cbld.build(intCaCert, intCaKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	855	"SHA256withRSA");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	856	log("SSL Certificate Created:\n" + certInfo(sslCert));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	857
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	858	// Provide SSL server cert revocation info to the Intermeidate CA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	859	// OCSP responder.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	860	revInfo = new HashMap<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	861	revInfo.put(sslCert.getSerialNumber(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	862	new SimpleOCSPServer.CertStatusInfo(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	863	SimpleOCSPServer.CertStatus.CERT_STATUS_GOOD));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	864	intOcsp.updateStatusDb(revInfo);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	865
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	866	// Now build a keystore and add the keys, chain and root cert as a TA
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	867	serverKeystore = keyStoreBuilder.getKeyStore();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	868	Certificate[] sslChain = {sslCert, intCaCert, rootCert};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	869	serverKeystore.setKeyEntry(SSL_ALIAS, sslKP.getPrivate(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	870	passwd.toCharArray(), sslChain);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	871	serverKeystore.setCertificateEntry(ROOT_ALIAS, rootCert);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	872
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	873	// And finally a Trust Store for the client
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	874	trustStore = keyStoreBuilder.getKeyStore();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	875	trustStore.setCertificateEntry(ROOT_ALIAS, rootCert);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	876	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	877
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	878	private static void addCommonExts(CertificateBuilder cbld,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	879	PublicKey subjKey, PublicKey authKey) throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	880	cbld.addSubjectKeyIdExt(subjKey);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	881	cbld.addAuthorityKeyIdExt(authKey);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	882	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	883
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	884	private static void addCommonCAExts(CertificateBuilder cbld)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	885	throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	886	cbld.addBasicConstraintsExt(true, true, -1);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	887	// Set key usage bits for digitalSignature, keyCertSign and cRLSign
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	888	boolean[] kuBitSettings = {true, false, false, false, false, true,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	889	true, false, false};
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	890	cbld.addKeyUsageExt(kuBitSettings);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	891	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	892
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	893	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	894	* Helper routine that dumps only a few cert fields rather than
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	895	* the whole toString() output.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	896	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	897	* @param cert an X509Certificate to be displayed
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	898	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	899	* @return the String output of the issuer, subject and
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	900	* serial number
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	901	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	902	private static String certInfo(X509Certificate cert) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	903	StringBuilder sb = new StringBuilder();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	904	sb.append("Issuer: ").append(cert.getIssuerX500Principal()).
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	905	append("\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	906	sb.append("Subject: ").append(cert.getSubjectX500Principal()).
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	907	append("\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	908	sb.append("Serial: ").append(cert.getSerialNumber()).append("\n");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	909	return sb.toString();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	910	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	911
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	912	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	913	* Log a message on stdout
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	914	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	915	* @param message The message to log
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	916	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	917	private static void log(String message) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	918	if (debug) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	919	System.out.println(message);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	920	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	921	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	922
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	923	// The following two classes are Simple nested class to group a handful
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	924	// of configuration parameters used before starting a client or server.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	925	// We'll just access the data members directly for convenience.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	926	static class ClientParameters {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	927	boolean enabled = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	928	PKIXBuilderParameters pkixParams = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	929	PKIXRevocationChecker revChecker = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	930
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	931	ClientParameters() { }
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	932	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	933
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	934	static class ServerParameters {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	935	boolean enabled = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	936	int cacheSize = 256;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	937	int cacheLifetime = 3600;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	938	int respTimeout = 5000;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	939	String respUri = "";
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	940	boolean respOverride = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	941	boolean ignoreExts = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	942
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	943	ServerParameters() { }
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	944	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	945
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	946	static class TestResult {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	947	Exception serverExc = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	948	Exception clientExc = null;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	949	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	950
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: diff changeset	951	}

author	mullan
	Thu, 06 Apr 2017 16:21:05 -0400
changeset 44479	9669aa3c7bcb
parent 40390	64541737c7f7
permissions	-rw-r--r--