jdk/test/javax/net/ssl/TLS/CipherTestUtils.java
author alanb
Thu, 01 Dec 2016 08:57:53 +0000
changeset 42338 a60f280f803c
parent 39140 86f21a96d0ab
child 45028 b0ea3c0bfb81
permissions -rw-r--r--
8169069: Module system implementation refresh (11/2016) Reviewed-by: plevart, chegar, psandoz, mchung, alanb, dfuchs, naoto, coffeys, weijun Contributed-by: alan.bateman@oracle.com, mandy.chung@oracle.com, claes.redestad@oracle.com, mark.reinhold@oracle.com

/*
 * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License version 2 only, as published by
 * the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 * A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more
 * details (a copy is included in the LICENSE file that accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version 2
 * along with this work; if not, write to the Free Software Foundation, Inc., 51
 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA or
 * visit www.oracle.com if you need additional information or have any
 * questions.
 */

import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;

/**
 * Test that all ciphersuites work in all versions and all client authentication
 * types. The way this is setup the server is stateless and all checking is done
 * on the client side.
 */

public class CipherTestUtils {

    public static final int TIMEOUT = 20 * 1000;
    public static final SecureRandom secureRandom = new SecureRandom();
    public static char[] PASSWORD = "passphrase".toCharArray();
    private static final List<TestParameters> TESTS = new ArrayList<>(3);
    private static final List<Exception> EXCEPTIONS
            = Collections.synchronizedList(new ArrayList<>(1));

    private static final String CLIENT_PUBLIC_KEY
        = "-----BEGIN CERTIFICATE-----\n"
        + "MIICtTCCAh4CCQDkYJ46DMcGRjANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMC\n"
        + "VVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR8wHQYDVQQK\n"
        + "DBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMSYwJAYDVQQLDB1TdW4gTWljcm9zeXN0\n"
        + "ZW1zIExhYm9yYXRvcmllczEfMB0GA1UEAwwWVGVzdCBDQSAoMTAyNCBiaXQgUlNB\n"
        + "KTAeFw0wOTA0MjcwNDA0MDhaFw0xMzA2MDUwNDA0MDhaMIGgMQswCQYDVQQGEwJV\n"
        + "UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHzAdBgNVBAoM\n"
        + "FlN1biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsMHVN1biBNaWNyb3N5c3Rl\n"
        + "bXMgTGFib3JhdG9yaWVzMSMwIQYDVQQDDBpUZXN0IENsaWVudCAoMTAyNCBiaXQg\n"
        + "UlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAm5rwjmhO7Nwd5GWs+KvQ\n"
        + "UnDiqpRDvRriOUFdF0rCI2Op24C+iwUMDGxPsgP7VkUpOdJhw3c72aP0CAWcZ5dN\n"
        + "UCW7WVDAxnogCahLCir1jjoGdEjiNGOy0L9sypsM9UvBzJN8uvXsxsTZX4Z88cKU\n"
        + "G7RUvN8LQ88zDljk5zr3c2MCAwEAATANBgkqhkiG9w0BAQUFAAOBgQA7LUDrzHln\n"
        + "EXuGmwZeeroACB6DVtkClMskF/Pj5GnTxoeNN9DggycX/eOeIDKRloHuMpBeZPJH\n"
        + "NUwFu4LB6HBDeldQD9iRp8zD/fPakOdN+1Gk5hciIZZJ5hQmeCl7Va2Gr64vUqZG\n"
        + "MkVU755t+7ByLgzWuhPhhsX9QCuPR5FjvQ==\n"
        + "-----END CERTIFICATE-----";

    private static final String CLIENT_PRIVATE_KEY
        = "-----BEGIN PRIVATE KEY-----\n"
        + "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJua8I5oTuzcHeRl\n"
        + "rPir0FJw4qqUQ70a4jlBXRdKwiNjqduAvosFDAxsT7ID+1ZFKTnSYcN3O9mj9AgF\n"
        + "nGeXTVAlu1lQwMZ6IAmoSwoq9Y46BnRI4jRjstC/bMqbDPVLwcyTfLr17MbE2V+G\n"
        + "fPHClBu0VLzfC0PPMw5Y5Oc693NjAgMBAAECgYA5w73zj8Nk6J3sMNaShe3S/PcY\n"
        + "TewLopRCnwI46FbDnnbq9pNFtnzvi7HWKuY983THc1M5peTA+b1Y0QRr7F4Vg4x9\n"
        + "9UM0B/tZcIIcJJ3LS+9fXKCbYLQWq5F05JqeZu+i+QLmJFO5+2p7laeQ4oQfW7QE\n"
        + "YR4u2mSaLe0SsqHvOQJBAMhgcye9C6pJO0eo2/VtRxAXI7zxNAIjHwKo1cva7bhu\n"
        + "GdrMaEAJBAsMJ1GEk7/WDI+3KEbTjQdfIJuAvOR4FXUCQQDGzNn/tl2k93v/ugyM\n"
        + "/tBhCKDipYDIbyJMoG2AOtOGmCsiGo5L7idO4OAcm/QiHBQMXjFIVgTUcH8MhGj4\n"
        + "blJ3AkA5fUqsxRV6tuYWKkFpif/QgwMS65VDY7Y6+hvVECwSNSyf1PO4I54QWV1S\n"
        + "ixok+RHDjgY1Q+77hXSCiQ4o8rcdAkBHvjfR+5sx5IpgUGElJPRIgFenU3j1XH3x\n"
        + "T1gVFaWuhg3S4eiGaGzRH4BhcrqY8K8fg4Kfi0N08yA2gTZsqUujAkEAjuNPTuKx\n"
        + "ti0LXI09kbGUqOpRMm1zW5TD6LFeEaUN6oxrSZI2YUvu7VyotAqsxX5O0u0f3VQw\n"
        + "ySF0Q1oZ6qu7cg==\n"
        + "-----END PRIVATE KEY-----";
    private static final String SERVER_PUBLIC_KEY
        = "-----BEGIN CERTIFICATE-----\n"
        + "MIICtTCCAh4CCQDkYJ46DMcGRTANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMC\n"
        + "VVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR8wHQYDVQQK\n"
        + "DBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMSYwJAYDVQQLDB1TdW4gTWljcm9zeXN0\n"
        + "ZW1zIExhYm9yYXRvcmllczEfMB0GA1UEAwwWVGVzdCBDQSAoMTAyNCBiaXQgUlNB\n"
        + "KTAeFw0wOTA0MjcwNDA0MDhaFw0xMzA2MDUwNDA0MDhaMIGgMQswCQYDVQQGEwJV\n"
        + "UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHzAdBgNVBAoM\n"
        + "FlN1biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsMHVN1biBNaWNyb3N5c3Rl\n"
        + "bXMgTGFib3JhdG9yaWVzMSMwIQYDVQQDDBpUZXN0IFNlcnZlciAoMTAyNCBiaXQg\n"
        + "UlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsHHeZ1O67yuxQKDSAOC\n"
        + "Xm271ViwBrXkxe5cvhG8MCCem6Z3XeZ/m6c2ucRwLaQxnmG1m0G6/OYaUXTivjcG\n"
        + "/K4bc1I+yjghAWQNLBtsOiP9w0LKibg3TSDehpeuuz/lmB5A4HMqQr8KkY4K7peD\n"
        + "1QkJ2Dn3zhbwQ/0d8f5CCbkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBOd8XojEnu\n"
        + "eTUHBwqfmnvRQvbICFDNbbL4KuX/JNPSy1WMGAEbNCTLZ+5yP69js8aUYqAk5vVf\n"
        + "dWRLU3MDiEzW7zxE1ubuKWjVuyGbG8Me0G01Hw+evBcZqB64Fz3OFISVfQh7MqE/\n"
        + "O0AeakRMH350FRLNl4o6KBSXmF/AADfqQQ==\n"
        + "-----END CERTIFICATE-----";

    private static final String SERVER_PRIVATE_KEY
        = "-----BEGIN PRIVATE KEY-----\n"
        + "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAK7Bx3mdTuu8rsUC\n"
        + "g0gDgl5tu9VYsAa15MXuXL4RvDAgnpumd13mf5unNrnEcC2kMZ5htZtBuvzmGlF0\n"
        + "4r43BvyuG3NSPso4IQFkDSwbbDoj/cNCyom4N00g3oaXrrs/5ZgeQOBzKkK/CpGO\n"
        + "Cu6Xg9UJCdg5984W8EP9HfH+Qgm5AgMBAAECgYAXUv+3qJo+9mjxHHu/IdDFn6nB\n"
        + "ONwNmTtWe5DfQWi3l7LznU0zOC9x6+hu9NvwC4kf1XSyqxw04tVCZ/JXZurEmEBz\n"
        + "YtcQ5idRQDkKYXEDOeVUfvtHO6xilzrhPKxxd0GG/sei2pozikkqnYF3OcP0qL+a\n"
        + "3nWixZQBRoF2nIRLcQJBAN97TJBr0XTRmE7OCKLUy1+ws7vZB9uQ2efHMsgwOpsY\n"
        + "3cEW5qd95hrxLU72sBeu9loHQgBrT2Q3OAxnsPXmgO0CQQDIL3u9kS/O3Ukx+n1H\n"
        + "JdPFQCRxrDm/vtJpQEmq+mLqxxnxCFRIYQ2ieAPokBxWeMDtdWJGD3VxhahjPfZm\n"
        + "5K59AkEAuDVl0tVMfUIWjT5/F9jXGjUIsZofQ/iN5OLpFOHMLPO+Nd6umPjJpwON\n"
        + "GT11wM/S+DprSPUrJ6vsYy1FTCuHsQJBAMXtnO07xgdE6AAQaRmVnyMiXmY+IQMj\n"
        + "CyuhsrToyDDWFyIoWB0QSMjg3QxuoHYnAqpGK5qV4ksSGgG13BCz/okCQQCRHTgn\n"
        + "DuFG2f7GYLFjI4NaTEzHGp+J9LiNYY1kYYLonpwAC3Z5hzJVanYT3/g23AUZ/fdF\n"
        + "v5PDIViuPo5ZB1eD\n"
        + "-----END PRIVATE KEY-----";

    private static final String CA_PUBLIC_KEY
        = "-----BEGIN CERTIFICATE-----\n"
        + "MIIDCDCCAnGgAwIBAgIJAIYlGfwNBY6NMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD\n"
        + "VQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHzAd\n"
        + "BgNVBAoMFlN1biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsMHVN1biBNaWNy\n"
        + "b3N5c3RlbXMgTGFib3JhdG9yaWVzMR8wHQYDVQQDDBZUZXN0IENBICgxMDI0IGJp\n"
        + "dCBSU0EpMB4XDTA5MDQyNzA0MDQwOFoXDTEzMDYwNTA0MDQwOFowgZwxCzAJBgNV\n"
        + "BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEfMB0G\n"
        + "A1UECgwWU3VuIE1pY3Jvc3lzdGVtcywgSW5jLjEmMCQGA1UECwwdU3VuIE1pY3Jv\n"
        + "c3lzdGVtcyBMYWJvcmF0b3JpZXMxHzAdBgNVBAMMFlRlc3QgQ0EgKDEwMjQgYml0\n"
        + "IFJTQSkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOK4DJxxb0XX6MJ1CVjp\n"
        + "9Gmr/Ua8MS12R58F9lDpSKuq8cFexA4W7OdZ4jtbKv0tRHX5YxmbnXedwS+gdcOA\n"
        + "GRgXMoeXlgTFGpdL+TR8xKIlMGRSjnR7MpR2tRyIYI2p+UTEiD6LTlIm5Wh4z1q8\n"
        + "LYbxyMVD1XNNNymvPM44OjsBAgMBAAGjUDBOMB0GA1UdDgQWBBT27BLUflmfdtbi\n"
        + "WTgjwWnoxop2MTAfBgNVHSMEGDAWgBT27BLUflmfdtbiWTgjwWnoxop2MTAMBgNV\n"
        + "HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEQELNzhZpjnSgigd+QJ6I/3CPDo\n"
        + "SDkMLdP1BHlT/DkMIZvABm+M09ePNlWiLYCNCsL9nWmX0gw0rFDKsTklZyKTUzaM\n"
        + "oy/AZCrAaoIc6SO5m1xE1RMyVxd/Y/kg6cbfWxxCJFlMeU5rsSdC97HTE/lDyuoh\n"
        + "BmlOBB7SdR+1ScjA\n"
        + "-----END CERTIFICATE-----";

    private static final String CA_PRIVATE_KEY
        = "-----BEGIN PRIVATE KEY-----\n"
        + "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOK4DJxxb0XX6MJ1\n"
        + "CVjp9Gmr/Ua8MS12R58F9lDpSKuq8cFexA4W7OdZ4jtbKv0tRHX5YxmbnXedwS+g\n"
        + "dcOAGRgXMoeXlgTFGpdL+TR8xKIlMGRSjnR7MpR2tRyIYI2p+UTEiD6LTlIm5Wh4\n"
        + "z1q8LYbxyMVD1XNNNymvPM44OjsBAgMBAAECgYEApmMOlk3FrQtsvjGof4GLp3Xa\n"
        + "tmvs54FzxKhagj0C4UHelNyYpAJ9MLjNiGQ7I31yTeaNrUCAi0XSfsKTSrwbLSnJ\n"
        + "qsUPKMBrnzcWrOyui2+cupHZXaTlNeYB97teLJYpa6Ql9CZLoTHoim1+//s7diBh\n"
        + "03Vls+M6Poi5PMvv59UCQQD+k/BiokmbBgWHfBY5cZSlx3Z4VTwSHJmHDTO3Tjso\n"
        + "EVErXUSVvqD/KHX6eM4VPM8lySV5djWV8lDsESCWMtiLAkEA4/xFNsiOLMQpxW/O\n"
        + "bt2tukxJkAxldD4lPoFZR+zbXtMtt8OjERtX2wD+nj6h7jfIeSyVuBEcBN8Uj8xe\n"
        + "kgfgIwJAPbKG4LCqHAsCjgpRrIxNVTwZByLJEy6hOqzFathn19cSj+rjs1Lm28/n\n"
        + "f9OFRnpdTbAJB/3REM0QNZYVCrG57wJBAN0KuTytZJNouaswhPCew5Kt5mDgc/kp\n"
        + "S8j3dk2zCto8W8Ygy1iJrzuqEjPxO+UQdrFtlde51vWuKGxnVIW3VwsCQEldqk7r\n"
        + "8y7PgquPP+k3L0OXno5wGBrPcW1+U0mhIZGnwSzE4SPX2ddqUSEUA/Av4RjAckL/\n"
        + "fpqmCkpTanyYW9U=\n"
        + "-----END PRIVATE KEY-----";

    private final SSLSocketFactory factory;
    private final X509ExtendedKeyManager clientKeyManager;
    private final X509ExtendedKeyManager serverKeyManager;
    private final X509TrustManager clientTrustManager;
    private final X509TrustManager serverTrustManager;

    static abstract class Server implements Runnable, AutoCloseable {

        final CipherTestUtils cipherTest;

        Server(CipherTestUtils cipherTest) throws Exception {
            this.cipherTest = cipherTest;
        }

        @Override
        public abstract void run();

        abstract int getPort();

        void handleRequest(InputStream in, OutputStream out)
                throws IOException {
            boolean newline = false;
            StringBuilder sb = new StringBuilder();
            while (true) {
                int ch = in.read();
                if (ch < 0) {
                    throw new EOFException();
                }
                sb.append((char) ch);
                if (ch == '\r') {
                    // empty
                } else if (ch == '\n') {
                    if (newline) {
                        // 2nd newline in a row, end of request
                        break;
                    }
                    newline = true;
                } else {
                    newline = false;
                }
            }
            String request = sb.toString();
            if (request.startsWith("GET / HTTP/1.") == false) {
                throw new IOException("Invalid request: " + request);
            }
            out.write("HTTP/1.0 200 OK\r\n\r\n".getBytes());
            out.write("Tested Scenario: ".getBytes());
            TestParameters tp = (TestParameters) CipherTestUtils.TESTS.get(0);
            out.write(tp.toString().getBytes());
            out.write(" Test PASSED.".getBytes());
        }
    }

    public static class TestParameters {

        final String cipherSuite;
        final String protocol;
        final String clientAuth;

        TestParameters(String cipherSuite, String protocol, String clientAuth) {
            this.cipherSuite = cipherSuite;
            this.protocol = protocol;
            this.clientAuth = clientAuth;
        }

        boolean isEnabled() {
            return true;
        }

        @Override
        public String toString() {
            String s = cipherSuite + " in " + protocol + " mode";
            if (clientAuth != null) {
                s += " with " + clientAuth + " client authentication";
            }
            return s;
        }
    }

    private static volatile CipherTestUtils instance = null;

    public static CipherTestUtils getInstance() throws Exception {
        if (instance == null) {
            synchronized (CipherTestUtils.class) {
                if (instance == null) {
                    instance = new CipherTestUtils();
                }
            }
        }
        return instance;
    }

    public static void setTestedArguments(String protocol, String ciphersuite) {
        ciphersuite = ciphersuite.trim();
        TestParameters params = new TestParameters(ciphersuite, protocol, null);
        TESTS.add(params);
    }

    public X509ExtendedKeyManager getClientKeyManager() {
        return clientKeyManager;
    }

    public X509TrustManager getClientTrustManager() {
        return clientTrustManager;
    }

    public X509ExtendedKeyManager getServerKeyManager() {
        return serverKeyManager;
    }

    public X509TrustManager getServerTrustManager() {
        return serverTrustManager;
    }

    public static void addFailure(Exception e) {
        EXCEPTIONS.add(e);
    }

    private CipherTestUtils() throws Exception {
        factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
                SERVER_PRIVATE_KEY);
        KeyStore serverTrustStore = createServerKeyStore(CA_PUBLIC_KEY,
                CA_PRIVATE_KEY);

        if (serverKeyStore != null) {
            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(
                            KeyManagerFactory.getDefaultAlgorithm());
            keyFactory.init(serverKeyStore, PASSWORD);
            serverKeyManager = (X509ExtendedKeyManager)
                    keyFactory.getKeyManagers()[0];
        } else {
            serverKeyManager = null;
        }
        serverTrustManager = serverTrustStore != null
                ? new AlwaysTrustManager(serverTrustStore) : null;

        KeyStore clientKeyStore, clientTrustStore;
        clientTrustStore = serverTrustStore;
        clientKeyStore =
                createServerKeyStore(CLIENT_PUBLIC_KEY,CLIENT_PRIVATE_KEY);
        if (clientKeyStore != null) {
            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(
                            KeyManagerFactory.getDefaultAlgorithm());
            keyFactory.init(clientKeyStore, PASSWORD);
            clientKeyManager = (X509ExtendedKeyManager)
                    keyFactory.getKeyManagers()[0];
        } else {
            clientKeyManager = null;
        }
        clientTrustManager = (clientTrustStore != null)
                ? new AlwaysTrustManager(clientTrustStore) : null;
    }

    void checkResult(String exception) throws Exception {
        if (EXCEPTIONS.size() >= 1) {
            Exception actualException = EXCEPTIONS.get(0);
            if (exception == null) {
                throw new RuntimeException("FAILED: got unexpected exception: "
                        + actualException);
            }
            if (!exception.equals(actualException.getClass().getName())) {
                throw new RuntimeException("FAILED: got unexpected exception: "
                        + actualException);
            }

            System.out.println("PASSED: got expected exception: "
                    + actualException);
        } else {
            if (exception != null) {
                throw new RuntimeException("FAILED: " + exception
                        + " was expected");
            }
            System.out.println("PASSED");
        }
    }

    SSLSocketFactory getFactory() {
        return factory;
    }

    static abstract class Client implements Runnable {

        final CipherTestUtils cipherTest;
        TestParameters testedParams;

        Client(CipherTestUtils cipherTest) throws Exception {
            this.cipherTest = cipherTest;
        }

        Client(CipherTestUtils cipherTest, String testedCipherSuite)
                throws Exception {
            this.cipherTest = cipherTest;
        }

        @Override
        public final void run() {

            TESTS.stream().map((params) -> {
                if (!params.isEnabled()) {
                    System.out.println("Skipping disabled test " + params);
                }
                return params;
            }).forEach((params) -> {
                try {
                    System.out.println("Testing " + params);
                    runTest(params);
                    System.out.println("Passed " + params);
                } catch (Exception e) {
                    CipherTestUtils.addFailure(e);
                    System.out.println("** Failed " + params
                            + "**, got exception:");
                    e.printStackTrace(System.out);
                }
            });
        }

        abstract void runTest(TestParameters params) throws Exception;

        void sendRequest(InputStream in, OutputStream out) throws IOException {
            out.write("GET / HTTP/1.0\r\n\r\n".getBytes());
            out.flush();
            StringBuilder sb = new StringBuilder();
            while (true) {
                int ch = in.read();
                if (ch < 0) {
                    break;
                }
                sb.append((char) ch);
            }
            String response = sb.toString();
            if (response.startsWith("HTTP/1.0 200 ") == false) {
                throw new IOException("Invalid response: " + response);
            } else {
                System.out.println();
                System.out.println("--- Response --- ");
                System.out.println(response);
                System.out.println("---------------- ");
            }
        }
    }

    public static void printStringArray(String[] stringArray) {
        System.out.println(Arrays.toString(stringArray));
        System.out.println();
    }

    public static void printInfo(SSLServerSocket socket) {
        System.out.println();
        System.out.println("--- SSL ServerSocket Info ---");
        System.out.print("SupportedProtocols    : ");
        printStringArray(socket.getSupportedProtocols());
        System.out.print("SupportedCipherSuites : ");
        printStringArray(socket.getSupportedCipherSuites());
        System.out.print("EnabledProtocols      : ");
        printStringArray(socket.getEnabledProtocols());
        System.out.print("EnabledCipherSuites   : ");
        String[] supportedCipherSuites = socket.getEnabledCipherSuites();
        Arrays.sort(supportedCipherSuites);
        printStringArray(supportedCipherSuites);
        System.out.println("NeedClientAuth        : "
                + socket.getNeedClientAuth());
        System.out.println("WantClientAuth        : "
                + socket.getWantClientAuth());
        System.out.println("-----------------------");
    }

    public static void printInfo(SSLSocket socket) {
        System.out.println();
        System.out.println("--- SSL Socket Info ---");
        System.out.print(" SupportedProtocols    : ");
        printStringArray(socket.getSupportedProtocols());
        System.out.println(" EnabledProtocols      : "
                + socket.getEnabledProtocols()[0]);
        System.out.print(" SupportedCipherSuites : ");
        String[] supportedCipherSuites = socket.getEnabledCipherSuites();
        Arrays.sort(supportedCipherSuites);
        printStringArray(supportedCipherSuites);
        System.out.println(" EnabledCipherSuites   : "
                + socket.getEnabledCipherSuites()[0]);
        System.out.println(" NeedClientAuth        : "
                + socket.getNeedClientAuth());
        System.out.println(" WantClientAuth        : "
                + socket.getWantClientAuth());
        System.out.println("-----------------------");
    }

    private static KeyStore createServerKeyStore(String publicKey,
            String keySpecStr) throws KeyStoreException, IOException,
            NoSuchAlgorithmException, CertificateException,
            InvalidKeySpecException {

        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(null, null);
        if (publicKey == null || keySpecStr == null) {
            throw new IllegalArgumentException("publicKey or "
                    + "keySpecStr cannot be null");
        }
        String strippedPrivateKey = keySpecStr.substring(
                keySpecStr.indexOf("\n"), keySpecStr.lastIndexOf("\n"));

        // generate the private key.
        PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
                Base64.getMimeDecoder().decode(strippedPrivateKey));
        KeyFactory kf = KeyFactory.getInstance("RSA");
        RSAPrivateKey priKey
                = (RSAPrivateKey) kf.generatePrivate(priKeySpec);

        // generate certificate chain
        try (InputStream is = new ByteArrayInputStream(publicKey.getBytes())) {
            // generate certificate from cert string
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            Certificate keyCert = cf.generateCertificate(is);
            Certificate[] chain = {keyCert};
            ks.setKeyEntry("TestEntry", priKey, PASSWORD, chain);
        }

        return ks;
    }

    public static Server mainServer(PeerFactory peerFactory,
            String expectedException) throws Exception {

        setTestedArguments(peerFactory.getTestedProtocol(),
                peerFactory.getTestedCipher());

        System.out.print(
                " Initializing test '" + peerFactory.getName() + "'...");
        secureRandom.nextInt();

        CipherTestUtils cipherTest = CipherTestUtils.getInstance();
        Server srv = peerFactory.newServer(cipherTest, PeerFactory.FREE_PORT);
        Thread serverThread = new Thread(srv, "Server");
        serverThread.start();

        return srv;
    }

    public static void mainClient(PeerFactory peerFactory, int port,
            String expectedException) throws Exception {

        long time = System.currentTimeMillis();
        setTestedArguments(peerFactory.getTestedProtocol(),
                peerFactory.getTestedCipher());

        System.out.print(
                " Initializing test '" + peerFactory.getName() + "'...");
        secureRandom.nextInt();

        CipherTestUtils cipherTest = CipherTestUtils.getInstance();
        peerFactory.newClient(cipherTest, port).run();
        cipherTest.checkResult(expectedException);

        time = System.currentTimeMillis() - time;
        System.out.println("Elapsed time " + time);
    }

    public static abstract class PeerFactory {

        public static final int FREE_PORT = 0;

        abstract String getName();

        abstract String getTestedProtocol();

        abstract String getTestedCipher();

        abstract Client newClient(CipherTestUtils cipherTest, int testPort)
                throws Exception;

        abstract Server newServer(CipherTestUtils cipherTest, int testPort)
                throws Exception;

        boolean isSupported(String cipherSuite) {
            return true;
        }
    }
}

class AlwaysTrustManager implements X509TrustManager {

    X509TrustManager trustManager;

    public AlwaysTrustManager(KeyStore keyStore)
            throws NoSuchAlgorithmException, KeyStoreException {

        TrustManagerFactory tmf
                = TrustManagerFactory.getInstance(TrustManagerFactory.
                        getDefaultAlgorithm());
        tmf.init(keyStore);

        TrustManager tms[] = tmf.getTrustManagers();
        for (TrustManager tm : tms) {
            trustManager = (X509TrustManager) tm;
            return;
        }

    }

    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        try {
            trustManager.checkClientTrusted(chain, authType);
        } catch (CertificateException excep) {
            System.out.println("ERROR in client trust manager: " + excep);
        }
    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        try {
            trustManager.checkServerTrusted(chain, authType);
        } catch (CertificateException excep) {
            System.out.println("ERROR in server trust manager: " + excep);
        }
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return trustManager.getAcceptedIssuers();
    }
}

class MyX509KeyManager extends X509ExtendedKeyManager {

    private final X509ExtendedKeyManager keyManager;
    private String authType;

    MyX509KeyManager(X509ExtendedKeyManager keyManager) {
        this.keyManager = keyManager;
    }

    void setAuthType(String authType) {
        this.authType = "ECDSA".equals(authType) ? "EC" : authType;
    }

    @Override
    public String[] getClientAliases(String keyType, Principal[] issuers) {
        if (authType == null) {
            return null;
        }
        return keyManager.getClientAliases(authType, issuers);
    }

    @Override
    public String chooseClientAlias(String[] keyType, Principal[] issuers,
            Socket socket) {
        if (authType == null) {
            return null;
        }
        return keyManager.chooseClientAlias(new String[]{authType},
                issuers, socket);
    }

    @Override
    public String chooseEngineClientAlias(String[] keyType,
            Principal[] issuers, SSLEngine engine) {
        if (authType == null) {
            return null;
        }
        return keyManager.chooseEngineClientAlias(new String[]{authType},
                issuers, engine);
    }

    @Override
    public String[] getServerAliases(String keyType, Principal[] issuers) {
        throw new UnsupportedOperationException("Servers not supported");
    }

    @Override
    public String chooseServerAlias(String keyType, Principal[] issuers,
            Socket socket) {
        throw new UnsupportedOperationException("Servers not supported");
    }

    @Override
    public String chooseEngineServerAlias(String keyType, Principal[] issuers,
            SSLEngine engine) {
        throw new UnsupportedOperationException("Servers not supported");
    }

    @Override
    public X509Certificate[] getCertificateChain(String alias) {
        return keyManager.getCertificateChain(alias);
    }

    @Override
    public PrivateKey getPrivateKey(String alias) {
        return keyManager.getPrivateKey(alias);
    }
}