equal
deleted
inserted
replaced
240 new SimpleOCSPServer.CertStatusInfo( |
240 new SimpleOCSPServer.CertStatusInfo( |
241 SimpleOCSPServer.CertStatus.CERT_STATUS_REVOKED, |
241 SimpleOCSPServer.CertStatus.CERT_STATUS_REVOKED, |
242 fiveMinsAgo)); |
242 fiveMinsAgo)); |
243 intOcsp.updateStatusDb(revInfo); |
243 intOcsp.updateStatusDb(revInfo); |
244 |
244 |
245 System.out.println("======================================="); |
245 System.out.println("============================================"); |
246 System.out.println("Stapling enabled, default configuration"); |
246 System.out.println("Stapling enabled, detect revoked certificate"); |
247 System.out.println("======================================="); |
247 System.out.println("============================================"); |
248 |
248 |
249 cliParams.pkixParams = new PKIXBuilderParameters(trustStore, |
249 cliParams.pkixParams = new PKIXBuilderParameters(trustStore, |
250 new X509CertSelector()); |
250 new X509CertSelector()); |
251 cliParams.pkixParams.setRevocationEnabled(true); |
251 cliParams.pkixParams.setRevocationEnabled(true); |
252 Security.setProperty("ocsp.enable", "false"); |
252 Security.setProperty("ocsp.enable", "false"); |
379 // Make OCSP responders accept connections |
379 // Make OCSP responders accept connections |
380 intOcsp.acceptConnections(); |
380 intOcsp.acceptConnections(); |
381 rootOcsp.acceptConnections(); |
381 rootOcsp.acceptConnections(); |
382 |
382 |
383 // Wait 5 seconds for server ready |
383 // Wait 5 seconds for server ready |
384 for (int i = 0; (i < 100 && (!intOcsp.isServerReady() || !rootOcsp.isServerReady())); i++) { |
384 for (int i = 0; (i < 100 && (!intOcsp.isServerReady() || |
|
385 !rootOcsp.isServerReady())); i++) { |
385 Thread.sleep(50); |
386 Thread.sleep(50); |
386 } |
387 } |
387 if (!intOcsp.isServerReady() || !rootOcsp.isServerReady()) { |
388 if (!intOcsp.isServerReady() || !rootOcsp.isServerReady()) { |
388 throw new RuntimeException("Server not ready yet"); |
389 throw new RuntimeException("Server not ready yet"); |
389 } |
390 } |
409 intOcsp.setDelay(3000); |
410 intOcsp.setDelay(3000); |
410 rootOcsp.setDelay(3000); |
411 rootOcsp.setDelay(3000); |
411 Thread.sleep(1000); |
412 Thread.sleep(1000); |
412 |
413 |
413 // Wait 5 seconds for server ready |
414 // Wait 5 seconds for server ready |
414 for (int i = 0; (i < 100 && (!intOcsp.isServerReady() || !rootOcsp.isServerReady())); i++) { |
415 for (int i = 0; (i < 100 && (!intOcsp.isServerReady() || |
|
416 !rootOcsp.isServerReady())); i++) { |
415 Thread.sleep(50); |
417 Thread.sleep(50); |
416 } |
418 } |
417 if (!intOcsp.isServerReady() || !rootOcsp.isServerReady()) { |
419 if (!intOcsp.isServerReady() || !rootOcsp.isServerReady()) { |
418 throw new RuntimeException("Server not ready yet"); |
420 throw new RuntimeException("Server not ready yet"); |
419 } |
421 } |
499 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); |
501 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); |
500 kmf.init(serverKeystore, passwd.toCharArray()); |
502 kmf.init(serverKeystore, passwd.toCharArray()); |
501 TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); |
503 TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); |
502 tmf.init(trustStore); |
504 tmf.init(trustStore); |
503 |
505 |
504 SSLContext sslc = SSLContext.getInstance("TLS"); |
506 SSLContext sslc = SSLContext.getInstance("TLSv1.2"); |
505 sslc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
507 sslc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
506 |
508 |
507 SSLServerSocketFactory sslssf = sslc.getServerSocketFactory(); |
509 SSLServerSocketFactory sslssf = sslc.getServerSocketFactory(); |
508 |
510 |
509 try (SSLServerSocket sslServerSocket = |
511 try (SSLServerSocket sslServerSocket = |
565 tmf.init(trustParams); |
567 tmf.init(trustParams); |
566 } else { |
568 } else { |
567 tmf.init(trustStore); |
569 tmf.init(trustStore); |
568 } |
570 } |
569 |
571 |
570 SSLContext sslc = SSLContext.getInstance("TLS"); |
572 SSLContext sslc = SSLContext.getInstance("TLSv1.2"); |
571 sslc.init(null, tmf.getTrustManagers(), null); |
573 sslc.init(null, tmf.getTrustManagers(), null); |
572 |
574 |
573 SSLSocketFactory sslsf = sslc.getSocketFactory(); |
575 SSLSocketFactory sslsf = sslc.getSocketFactory(); |
574 try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket("localhost", |
576 try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket("localhost", |
575 serverPort); |
577 serverPort); |