1 /* |
1 /* |
2 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. |
7 * published by the Free Software Foundation. |
94 SSLServerSocketFactory sslssf = |
94 SSLServerSocketFactory sslssf = |
95 getContext(true).getServerSocketFactory(); |
95 getContext(true).getServerSocketFactory(); |
96 SSLServerSocket sslServerSocket = |
96 SSLServerSocket sslServerSocket = |
97 (SSLServerSocket) sslssf.createServerSocket(serverPort); |
97 (SSLServerSocket) sslssf.createServerSocket(serverPort); |
98 serverPort = sslServerSocket.getLocalPort(); |
98 serverPort = sslServerSocket.getLocalPort(); |
|
99 if (debug) { |
|
100 System.out.println("Server port is " + serverPort); |
|
101 } |
99 |
102 |
100 // enable endpoint identification |
103 // enable endpoint identification |
101 // ignore, we may test the feature when known how to parse client |
104 // ignore, we may test the feature when known how to parse client |
102 // hostname |
105 // hostname |
103 //SSLParameters params = sslServerSocket.getSSLParameters(); |
106 //SSLParameters params = sslServerSocket.getSSLParameters(); |
151 } |
154 } |
152 |
155 |
153 SSLSocketFactory sslsf = getContext(false).getSocketFactory(); |
156 SSLSocketFactory sslsf = getContext(false).getSocketFactory(); |
154 SSLSocket sslSocket = (SSLSocket) |
157 SSLSocket sslSocket = (SSLSocket) |
155 sslsf.createSocket("localhost", serverPort); |
158 sslsf.createSocket("localhost", serverPort); |
|
159 if (debug) { |
|
160 System.out.println("Connected to: " + |
|
161 sslSocket.getRemoteSocketAddress()); |
|
162 } |
156 |
163 |
157 // enable endpoint identification |
164 // enable endpoint identification |
158 SSLParameters params = sslSocket.getSSLParameters(); |
165 SSLParameters params = sslSocket.getSSLParameters(); |
159 params.setEndpointIdentificationAlgorithm("HTTPS"); |
166 params.setEndpointIdentificationAlgorithm("HTTPS"); |
160 sslSocket.setSSLParameters(params); |
167 sslSocket.setSSLParameters(params); |
212 clientTM = new MyExtendedX509TM((X509TrustManager)tms[0]); |
219 clientTM = new MyExtendedX509TM((X509TrustManager)tms[0]); |
213 |
220 |
214 tms = new TrustManager[] {clientTM}; |
221 tms = new TrustManager[] {clientTM}; |
215 } |
222 } |
216 |
223 |
217 SSLContext ctx = SSLContext.getInstance("TLS"); |
224 SSLContext ctx = SSLContext.getInstance("TLSv1.2"); |
218 ctx.init(kmf.getKeyManagers(), tms, null); |
225 ctx.init(kmf.getKeyManagers(), tms, null); |
219 |
226 |
220 return ctx; |
227 return ctx; |
221 } |
228 } |
222 |
229 |
241 |
248 |
242 public boolean wasServerChecked() { |
249 public boolean wasServerChecked() { |
243 return serverChecked; |
250 return serverChecked; |
244 } |
251 } |
245 |
252 |
246 |
253 @Override |
247 public void checkClientTrusted(X509Certificate chain[], String authType) |
254 public void checkClientTrusted(X509Certificate chain[], String authType) |
248 throws CertificateException { |
255 throws CertificateException { |
249 tm.checkClientTrusted(chain, authType); |
256 tm.checkClientTrusted(chain, authType); |
250 } |
257 } |
251 |
258 |
|
259 @Override |
252 public void checkServerTrusted(X509Certificate chain[], String authType) |
260 public void checkServerTrusted(X509Certificate chain[], String authType) |
253 throws CertificateException { |
261 throws CertificateException { |
254 tm.checkServerTrusted(chain, authType); |
262 tm.checkServerTrusted(chain, authType); |
255 } |
263 } |
256 |
264 |
|
265 @Override |
257 public X509Certificate[] getAcceptedIssuers() { |
266 public X509Certificate[] getAcceptedIssuers() { |
258 // (hack code) increase the size of the returned array to make a |
267 // (hack code) increase the size of the returned array to make a |
259 // overflow CertificateRequest. |
268 // overflow CertificateRequest. |
260 List<X509Certificate> issuersList = new LinkedList<>(); |
269 List<X509Certificate> issuersList = new LinkedList<>(); |
261 X509Certificate[] issuers = tm.getAcceptedIssuers(); |
270 X509Certificate[] issuers = tm.getAcceptedIssuers(); |
266 } |
275 } |
267 |
276 |
268 return issuersList.toArray(issuers); |
277 return issuersList.toArray(issuers); |
269 } |
278 } |
270 |
279 |
|
280 @Override |
271 public void checkClientTrusted(X509Certificate[] chain, String authType, |
281 public void checkClientTrusted(X509Certificate[] chain, String authType, |
272 Socket socket) throws CertificateException { |
282 Socket socket) throws CertificateException { |
273 clientChecked = true; |
283 clientChecked = true; |
274 tm.checkClientTrusted(chain, authType); |
284 tm.checkClientTrusted(chain, authType); |
275 } |
285 } |
276 |
286 |
|
287 @Override |
277 public void checkServerTrusted(X509Certificate[] chain, String authType, |
288 public void checkServerTrusted(X509Certificate[] chain, String authType, |
278 Socket socket) throws CertificateException { |
289 Socket socket) throws CertificateException { |
279 serverChecked = true; |
290 serverChecked = true; |
280 tm.checkServerTrusted(chain, authType); |
291 tm.checkServerTrusted(chain, authType); |
281 } |
292 } |
282 |
293 |
|
294 @Override |
283 public void checkClientTrusted(X509Certificate[] chain, String authType, |
295 public void checkClientTrusted(X509Certificate[] chain, String authType, |
284 SSLEngine engine) throws CertificateException { |
296 SSLEngine engine) throws CertificateException { |
285 clientChecked = true; |
297 clientChecked = true; |
286 tm.checkClientTrusted(chain, authType); |
298 tm.checkClientTrusted(chain, authType); |
287 } |
299 } |
288 |
300 |
|
301 @Override |
289 public void checkServerTrusted(X509Certificate[] chain, String authType, |
302 public void checkServerTrusted(X509Certificate[] chain, String authType, |
290 SSLEngine engine) throws CertificateException { |
303 SSLEngine engine) throws CertificateException { |
291 serverChecked = true; |
304 serverChecked = true; |
292 tm.checkServerTrusted(chain, authType); |
305 tm.checkServerTrusted(chain, authType); |
293 } |
306 } |