1 /* |
1 /* |
2 * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. |
7 * published by the Free Software Foundation. |
307 TrustManagerFactory cliTmf = |
307 TrustManagerFactory cliTmf = |
308 TrustManagerFactory.getInstance("PKIX"); |
308 TrustManagerFactory.getInstance("PKIX"); |
309 cliTmf.init(mfp); |
309 cliTmf.init(mfp); |
310 |
310 |
311 // Create the SSLContexts from the factories |
311 // Create the SSLContexts from the factories |
312 SSLContext servCtx = SSLContext.getInstance("TLS"); |
312 SSLContext servCtx = SSLContext.getInstance("TLSv1.2"); |
313 servCtx.init(servKmf.getKeyManagers(), servTmf.getTrustManagers(), |
313 servCtx.init(servKmf.getKeyManagers(), servTmf.getTrustManagers(), |
314 null); |
314 null); |
315 SSLContext cliCtx = SSLContext.getInstance("TLS"); |
315 SSLContext cliCtx = SSLContext.getInstance("TLSv1.2"); |
316 cliCtx.init(null, cliTmf.getTrustManagers(), null); |
316 cliCtx.init(null, cliTmf.getTrustManagers(), null); |
317 |
317 |
318 |
318 |
319 /* |
319 /* |
320 * Configure the serverEngine to act as a server in the SSL/TLS |
320 * Configure the serverEngine to act as a server in the SSL/TLS |
635 } |
635 } |
636 |
636 |
637 /** |
637 /** |
638 * Checks a validation failure to see if it failed for the reason we think |
638 * Checks a validation failure to see if it failed for the reason we think |
639 * it should. This comes in as an SSLException of some sort, but it |
639 * it should. This comes in as an SSLException of some sort, but it |
640 * encapsulates a ValidatorException which in turn encapsulates the |
640 * encapsulates a CertPathValidatorException at some point in the |
641 * CertPathValidatorException we are interested in. |
641 * exception stack. |
642 * |
642 * |
643 * @param e the exception thrown at the top level |
643 * @param e the exception thrown at the top level |
644 * @param reason the underlying CertPathValidatorException BasicReason |
644 * @param reason the underlying CertPathValidatorException BasicReason |
645 * we are expecting it to have. |
645 * we are expecting it to have. |
646 * |
646 * |
648 */ |
648 */ |
649 static boolean checkClientValidationFailure(Exception e, |
649 static boolean checkClientValidationFailure(Exception e, |
650 CertPathValidatorException.BasicReason reason) { |
650 CertPathValidatorException.BasicReason reason) { |
651 boolean result = false; |
651 boolean result = false; |
652 |
652 |
653 if (e instanceof SSLException) { |
653 // Locate the CertPathValidatorException. If one |
654 Throwable sslhe = e.getCause(); |
654 // Does not exist, then it's an automatic failure of |
655 if (sslhe instanceof SSLHandshakeException) { |
655 // the test. |
656 Throwable valExc = sslhe.getCause(); |
656 Throwable curExc = e; |
657 if (valExc instanceof sun.security.validator.ValidatorException) { |
657 CertPathValidatorException cpve = null; |
658 Throwable cause = valExc.getCause(); |
658 while (curExc != null) { |
659 if (cause instanceof CertPathValidatorException) { |
659 if (curExc instanceof CertPathValidatorException) { |
660 CertPathValidatorException cpve = |
660 cpve = (CertPathValidatorException)curExc; |
661 (CertPathValidatorException)cause; |
|
662 if (cpve.getReason() == reason) { |
|
663 result = true; |
|
664 } |
|
665 } |
|
666 } |
|
667 } |
661 } |
668 } |
662 curExc = curExc.getCause(); |
|
663 } |
|
664 |
|
665 // If we get through the loop and cpve is null then we |
|
666 // we didn't find CPVE and this is a failure |
|
667 if (cpve != null) { |
|
668 if (cpve.getReason() == reason) { |
|
669 result = true; |
|
670 } else { |
|
671 System.out.println("CPVE Reason Mismatch: Expected = " + |
|
672 reason + ", Actual = " + cpve.getReason()); |
|
673 } |
|
674 } else { |
|
675 System.out.println("Failed to find an expected CPVE"); |
|
676 } |
|
677 |
669 return result; |
678 return result; |
670 } |
679 } |
671 } |
680 } |