jdk-sandbox: jdk/test/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java@a60f280f803c (annotated)

7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	1	/*
40949 be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	2	* Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	4	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	10	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	15	* accompanied this code).
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	16	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	20	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	23	* questions.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	24	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	25
22268 d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property xuelei parents: 14342 diff changeset	26	//
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property xuelei parents: 14342 diff changeset	27	// SunJSSE does not support dynamic system properties, no way to re-use
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property xuelei parents: 14342 diff changeset	28	// system properties in samevm/agentvm mode.
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property xuelei parents: 14342 diff changeset	29	//
d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property xuelei parents: 14342 diff changeset	30
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	31	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	32	* @test
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	33	* @bug 4873188
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	34	* @summary Support TLS 1.1
10328 06c93c42bca0 7055363: jdk_security3 test target cleanup weijun parents: 7039 diff changeset	35	* @run main/othervm EmptyCertificateAuthorities
40949 be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	36	* @modules java.security.jgss
42338 a60f280f803c 8169069: Module system implementation refresh (11/2016) alanb parents: 40949 diff changeset	37	* java.security.jgss/sun.security.krb5:+open
a60f280f803c 8169069: Module system implementation refresh (11/2016) alanb parents: 40949 diff changeset	38	* java.security.jgss/sun.security.krb5.internal:+open
a60f280f803c 8169069: Module system implementation refresh (11/2016) alanb parents: 40949 diff changeset	39	* java.security.jgss/sun.security.krb5.internal.ccache
40949 be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	40	* java.security.jgss/sun.security.krb5.internal.crypto
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	41	* java.security.jgss/sun.security.krb5.internal.ktab
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	42	* java.base/sun.security.util
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	43	* @author Xuelei Fan
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	44	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	45
40949 be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	46	import java.io.FileInputStream;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	47	import java.io.InputStream;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	48	import java.io.OutputStream;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	49	import java.security.KeyStore;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	50	import java.security.Security;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	51	import java.security.cert.CertificateException;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	52	import java.security.cert.X509Certificate;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	53	import javax.net.ssl.KeyManager;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	54	import javax.net.ssl.KeyManagerFactory;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	55	import javax.net.ssl.SSLContext;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	56	import javax.net.ssl.SSLServerSocket;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	57	import javax.net.ssl.SSLServerSocketFactory;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	58	import javax.net.ssl.SSLSocket;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	59	import javax.net.ssl.SSLSocketFactory;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	60	import javax.net.ssl.TrustManager;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	61	import javax.net.ssl.TrustManagerFactory;
be7a612613ae 8166032: Fix module dependencies for javax.SSL tests skovalev parents: 35298 diff changeset	62	import javax.net.ssl.X509TrustManager;
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	63
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	64	public class EmptyCertificateAuthorities {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	65
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	66	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	67	* =============================================================
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	68	* Set the various variables needed for the tests, then
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	69	* specify what tests to run on each side.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	70	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	71
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	72	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	73	* Should we run the client or server in a separate thread?
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	74	* Both sides can throw exceptions, but do you have a preference
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	75	* as to which side should be the main thread.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	76	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	77	static boolean separateServerThread = false;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	78
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	79	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	80	* Where do we find the keystores?
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	81	*/
23052 241885315119 8032473: Restructure JSSE regression test hierarchy in jdk test xuelei parents: 22268 diff changeset	82	static String pathToStores = "../etc";
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	83	static String keyStoreFile = "keystore";
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	84	static String trustStoreFile = "truststore";
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	85	static String passwd = "passphrase";
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	86
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	87	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	88	* Is the server ready to serve?
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	89	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	90	volatile static boolean serverReady = false;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	91
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	92	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	93	* Turn on SSL debugging?
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	94	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	95	static boolean debug = false;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	96
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	97	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	98	* If the client or server is doing some kind of object creation
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	99	* that the other side depends on, and that thread prematurely
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	100	* exits, you may experience a hang. The test harness will
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	101	* terminate all hung threads after its timeout has expired,
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	102	* currently 3 minutes by default, but you might try to be
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	103	* smart about it....
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	104	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	105
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	106	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	107	* Define the server side of the test.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	108	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	109	* If the server prematurely exits, serverReady will be set to true
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	110	* to avoid infinite hangs.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	111	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	112	void doServerSide() throws Exception {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	113	SSLServerSocketFactory sslssf = getSSLServerSF();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	114	SSLServerSocket sslServerSocket =
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	115	(SSLServerSocket) sslssf.createServerSocket(serverPort);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	116
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	117	// require client authentication.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	118	sslServerSocket.setNeedClientAuth(true);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	119
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	120	serverPort = sslServerSocket.getLocalPort();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	121
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	122	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	123	* Signal Client, we're ready for his connect.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	124	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	125	serverReady = true;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	126
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	127	SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	128	InputStream sslIS = sslSocket.getInputStream();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	129	OutputStream sslOS = sslSocket.getOutputStream();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	130
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	131	sslIS.read();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	132	sslOS.write('A');
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	133	sslOS.flush();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	134
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	135	sslSocket.close();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	136	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	137
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	138	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	139	* Define the client side of the test.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	140	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	141	* If the server prematurely exits, serverReady will be set to true
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	142	* to avoid infinite hangs.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	143	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	144	void doClientSide() throws Exception {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	145
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	146	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	147	* Wait for server to get started.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	148	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	149	while (!serverReady) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	150	Thread.sleep(50);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	151	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	152
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	153	SSLSocketFactory sslsf =
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	154	(SSLSocketFactory) SSLSocketFactory.getDefault();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	155	SSLSocket sslSocket = (SSLSocket)
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	156	sslsf.createSocket("localhost", serverPort);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	157
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	158	// enable TLSv1.1 only
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	159	sslSocket.setEnabledProtocols(new String[] {"TLSv1.1"});
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	160
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	161	InputStream sslIS = sslSocket.getInputStream();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	162	OutputStream sslOS = sslSocket.getOutputStream();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	163
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	164	sslOS.write('B');
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	165	sslOS.flush();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	166	sslIS.read();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	167
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	168	sslSocket.close();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	169	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	170
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	171	private SSLServerSocketFactory getSSLServerSF() throws Exception {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	172
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	173	char [] password =
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	174	System.getProperty("javax.net.ssl.keyStorePassword").toCharArray();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	175	String keyFilename = System.getProperty("javax.net.ssl.keyStore");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	176
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	177	KeyStore ks = KeyStore.getInstance("JKS");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	178	ks.load(new FileInputStream(keyFilename), password);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	179
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	180	KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	181	kmf.init(ks, password);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	182
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	183	KeyManager[] kms = kmf.getKeyManagers();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	184	TrustManager[] tms = new MyX509TM[] {new MyX509TM()};
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	185
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	186	SSLContext ctx = SSLContext.getInstance("TLS");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	187	ctx.init(kms, tms, null);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	188
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	189	return ctx.getServerSocketFactory();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	190	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	191
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	192
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	193	static class MyX509TM implements X509TrustManager {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	194	X509TrustManager tm;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	195
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	196	public void checkClientTrusted(X509Certificate[] chain,
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	197	String authType) throws CertificateException {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	198	if (tm == null) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	199	initialize();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	200	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	201	tm.checkClientTrusted(chain, authType);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	202	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	203
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	204	public void checkServerTrusted(X509Certificate[] chain,
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	205	String authType) throws CertificateException {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	206	if (tm == null) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	207	initialize();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	208	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	209	tm.checkServerTrusted(chain, authType);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	210	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	211
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	212	public X509Certificate[] getAcceptedIssuers() {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	213	// always return empty array
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	214	return new X509Certificate[0];
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	215	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	216
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	217	private void initialize() throws CertificateException {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	218	String passwd =
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	219	System.getProperty("javax.net.ssl.trustStorePassword");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	220	char [] password = passwd.toCharArray();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	221	String trustFilename =
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	222	System.getProperty("javax.net.ssl.trustStore");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	223
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	224	try {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	225	KeyStore ks = KeyStore.getInstance("JKS");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	226	ks.load(new FileInputStream(trustFilename), password);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	227
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	228	TrustManagerFactory tmf =
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	229	TrustManagerFactory.getInstance("PKIX");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	230	tmf.init(ks);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	231	tm = (X509TrustManager)tmf.getTrustManagers()[0];
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	232	} catch (Exception e) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	233	throw new CertificateException("Unable to initialize TM");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	234	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	235
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	236	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	237	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	238
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	239	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	240	* =============================================================
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	241	* The remainder is just support stuff
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	242	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	243
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	244	// use any free port by default
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	245	volatile int serverPort = 0;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	246
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	247	volatile Exception serverException = null;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	248	volatile Exception clientException = null;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	249
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	250	public static void main(String[] args) throws Exception {
22268 d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property xuelei parents: 14342 diff changeset	251	// MD5 is used in this test case, don't disable MD5 algorithm.
35298 9f93cbce8c44 8144773: Further reduce use of MD5 xuelei parents: 23052 diff changeset	252	Security.setProperty("jdk.certpath.disabledAlgorithms",
9f93cbce8c44 8144773: Further reduce use of MD5 xuelei parents: 23052 diff changeset	253	"MD2, RSA keySize < 1024");
9f93cbce8c44 8144773: Further reduce use of MD5 xuelei parents: 23052 diff changeset	254	Security.setProperty("jdk.tls.disabledAlgorithms",
9f93cbce8c44 8144773: Further reduce use of MD5 xuelei parents: 23052 diff changeset	255	"SSLv3, RC4, DH keySize < 768");
22268 d72c97c708ae 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property xuelei parents: 14342 diff changeset	256
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	257	String keyFilename =
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	258	System.getProperty("test.src", ".") + "/" + pathToStores +
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	259	"/" + keyStoreFile;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	260	String trustFilename =
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	261	System.getProperty("test.src", ".") + "/" + pathToStores +
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	262	"/" + trustStoreFile;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	263
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	264	System.setProperty("javax.net.ssl.keyStore", keyFilename);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	265	System.setProperty("javax.net.ssl.keyStorePassword", passwd);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	266	System.setProperty("javax.net.ssl.trustStore", trustFilename);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	267	System.setProperty("javax.net.ssl.trustStorePassword", passwd);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	268
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	269	if (debug)
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	270	System.setProperty("javax.net.debug", "all");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	271
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	272	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	273	* Start the tests.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	274	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	275	new EmptyCertificateAuthorities();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	276	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	277
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	278	Thread clientThread = null;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	279	Thread serverThread = null;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	280
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	281	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	282	* Primary constructor, used to drive remainder of the test.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	283	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	284	* Fork off the other side, then do your work.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	285	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	286	EmptyCertificateAuthorities() throws Exception {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	287	try {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	288	if (separateServerThread) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	289	startServer(true);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	290	startClient(false);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	291	} else {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	292	startClient(true);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	293	startServer(false);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	294	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	295	} catch (Exception e) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	296	// swallow for now. Show later
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	297	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	298
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	299	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	300	* Wait for other side to close down.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	301	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	302	if (separateServerThread) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	303	serverThread.join();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	304	} else {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	305	clientThread.join();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	306	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	307
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	308	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	309	* When we get here, the test is pretty much over.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	310	* Which side threw the error?
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	311	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	312	Exception local;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	313	Exception remote;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	314	String whichRemote;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	315
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	316	if (separateServerThread) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	317	remote = serverException;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	318	local = clientException;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	319	whichRemote = "server";
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	320	} else {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	321	remote = clientException;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	322	local = serverException;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	323	whichRemote = "client";
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	324	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	325
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	326	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	327	* If both failed, return the curthread's exception, but also
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	328	* print the remote side Exception
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	329	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	330	if ((local != null) && (remote != null)) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	331	System.out.println(whichRemote + " also threw:");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	332	remote.printStackTrace();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	333	System.out.println();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	334	throw local;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	335	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	336
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	337	if (remote != null) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	338	throw remote;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	339	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	340
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	341	if (local != null) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	342	throw local;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	343	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	344	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	345
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	346	void startServer(boolean newThread) throws Exception {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	347	if (newThread) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	348	serverThread = new Thread() {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	349	public void run() {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	350	try {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	351	doServerSide();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	352	} catch (Exception e) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	353	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	354	* Our server thread just died.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	355	*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	356	* Release the client, if not active already...
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	357	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	358	System.err.println("Server died...");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	359	serverReady = true;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	360	serverException = e;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	361	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	362	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	363	};
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	364	serverThread.start();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	365	} else {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	366	try {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	367	doServerSide();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	368	} catch (Exception e) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	369	serverException = e;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	370	} finally {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	371	serverReady = true;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	372	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	373	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	374	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	375
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	376	void startClient(boolean newThread) throws Exception {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	377	if (newThread) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	378	clientThread = new Thread() {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	379	public void run() {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	380	try {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	381	doClientSide();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	382	} catch (Exception e) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	383	/*
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	384	* Our client thread just died.
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	385	*/
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	386	System.err.println("Client died...");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	387	clientException = e;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	388	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	389	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	390	};
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	391	clientThread.start();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	392	} else {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	393	try {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	394	doClientSide();
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	395	} catch (Exception e) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	396	clientException = e;
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	397	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	398	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	399	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: diff changeset	400	}

author	alanb
	Thu, 01 Dec 2016 08:57:53 +0000
changeset 42338	a60f280f803c
parent 40949	be7a612613ae
permissions	-rw-r--r--