• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  Licensed to the Apache Software Foundation (ASF) under one or more
3  *  contributor license agreements.  See the NOTICE file distributed with
4  *  this work for additional information regarding copyright ownership.
5  *  The ASF licenses this file to You under the Apache License, Version 2.0
6  *  (the "License"); you may not use this file except in compliance with
7  *  the License.  You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  */
17 
18 package org.apache.harmony.tests.javax.net.ssl;
19 
20 import java.io.ByteArrayInputStream;
21 import java.io.IOException;
22 import java.io.InputStream;
23 import java.io.OutputStream;
24 import java.net.InetSocketAddress;
25 import java.security.KeyStore;
26 import java.security.cert.Certificate;
27 import java.security.cert.CertificateException;
28 import java.util.Base64;
29 import javax.net.ssl.HandshakeCompletedEvent;
30 import javax.net.ssl.HandshakeCompletedListener;
31 import javax.net.ssl.KeyManager;
32 import javax.net.ssl.KeyManagerFactory;
33 import javax.net.ssl.SSLContext;
34 import javax.net.ssl.SSLPeerUnverifiedException;
35 import javax.net.ssl.SSLServerSocket;
36 import javax.net.ssl.SSLSession;
37 import javax.net.ssl.SSLSocket;
38 import javax.net.ssl.SSLSocketFactory;
39 import javax.net.ssl.TrustManager;
40 import javax.net.ssl.X509TrustManager;
41 import javax.security.cert.X509Certificate;
42 import junit.framework.TestCase;
43 import org.apache.harmony.xnet.tests.support.mySSLSession;
44 
45 /**
46  * Tests for <code>HandshakeCompletedEvent</code> class constructors and methods.
47  *
48  */
49 public class HandshakeCompletedEventTest extends TestCase {
50 
51     private String certificate = "-----BEGIN CERTIFICATE-----\n"
52         + "MIICZTCCAdICBQL3AAC2MA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw\n"
53         + "HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl\n"
54         + "IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NzAyMjAwMDAwMDBa\n"
55         + "Fw05ODAyMjAyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv\n"
56         + "cm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMR8wHQYDVQQKExZTdW4gTWljcm9zeXN0\n"
57         + "ZW1zLCBJbmMuMSEwHwYDVQQLExhUZXN0IGFuZCBFdmFsdWF0aW9uIE9ubHkxGjAY\n"
58         + "BgNVBAMTEWFyZ29uLmVuZy5zdW4uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n"
59         + "iQKBgQCofmdY+PiUWN01FOzEewf+GaG+lFf132UpzATmYJkA4AEA/juW7jSi+LJk\n"
60         + "wJKi5GO4RyZoyimAL/5yIWDV6l1KlvxyKslr0REhMBaD/3Z3EsLTTEf5gVrQS6sT\n"
61         + "WMoSZAyzB39kFfsB6oUXNtV8+UKKxSxKbxvhQn267PeCz5VX2QIDAQABMA0GCSqG\n"
62         + "SIb3DQEBAgUAA34AXl3at6luiV/7I9MN5CXYoPJYI8Bcdc1hBagJvTMcmlqL2uOZ\n"
63         + "H9T5hNMEL9Tk6aI7yZPXcw/xI2K6pOR/FrMp0UwJmdxX7ljV6ZtUZf7pY492UqwC\n"
64         + "1777XQ9UEZyrKJvF5ntleeO0ayBqLGVKCWzWZX9YsXCpv47FNLZbupE=\n"
65         + "-----END CERTIFICATE-----\n";
66 
67 
68     /**
69      * @throws IOException
70      * javax.net.ssl.HandshakeCompletedEvent#HandshakeCompletedEvent(SSLSocket sock, SSLSession s)
71      */
test_Constructor()72     public final void test_Constructor() throws Exception {
73         mySSLSession session = new mySSLSession();
74         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
75         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
76         try {
77             new HandshakeCompletedEvent(null, null);
78             fail("Any exception wasn't thrown for null parameters");
79         } catch (Exception expected) {
80         }
81     }
82 
83     /**
84      * @throws IOException
85      * javax.net.ssl.HandshakeCompletedEvent#getCipherSuite()
86      */
test_getCipherSuite()87     public final void test_getCipherSuite() throws Exception {
88         mySSLSession session = new mySSLSession("localhost", 1080, null);
89         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
90         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
91         assertEquals("SuiteName", event.getCipherSuite());
92     }
93 
94     /**
95      * @throws IOException
96      * javax.net.ssl.HandshakeCompletedEvent#getLocalCertificates()
97      */
test_getLocalCertificates()98     public final void test_getLocalCertificates() throws Exception {
99         mySSLSession session = new mySSLSession("localhost", 1080, null);
100         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
101         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
102         assertNull(event.getLocalCertificates());
103     }
104 
105     /**
106      * @throws IOException
107      * javax.net.ssl.HandshakeCompletedEvent#getLocalPrincipal()
108      */
test_getLocalPrincipal()109     public final void test_getLocalPrincipal() throws Exception {
110         mySSLSession session = new mySSLSession("localhost", 1080, null);
111         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
112         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
113         assertNull(event.getLocalPrincipal());
114     }
115 
116     /**
117      * @throws IOException
118      * javax.net.ssl.HandshakeCompletedEvent#getPeerCertificateChain()
119      */
test_getPeerCertificateChain()120     public final void test_getPeerCertificateChain() throws Exception {
121         ByteArrayInputStream bis = new ByteArrayInputStream(certificate.getBytes());
122         mySSLSession session = new mySSLSession((X509Certificate[]) null);
123         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
124         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
125         try {
126             event.getPeerCertificateChain();
127             fail("SSLPeerUnverifiedException wasn't thrown");
128         } catch (SSLPeerUnverifiedException expected) {
129         }
130 
131         X509Certificate xc = X509Certificate.getInstance(bis);
132         X509Certificate[] xcs = {xc};
133         session = new mySSLSession(xcs);
134         event = new HandshakeCompletedEvent(socket, session);
135 
136         X509Certificate[] res = event.getPeerCertificateChain();
137         assertEquals(1, res.length);
138     }
139 
140     /**
141      * @throws IOException
142      * javax.net.ssl.HandshakeCompletedEvent#getPeerCertificates()
143      */
test_getPeerCertificates()144     public final void test_getPeerCertificates() throws IOException {
145         mySSLSession session = new mySSLSession("localhost", 1080, null);
146         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
147         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
148         try {
149             event.getPeerCertificates();
150             fail("SSLPeerUnverifiedException wasn't thrown");
151         } catch (SSLPeerUnverifiedException expected) {
152         }
153 
154         session = new mySSLSession((X509Certificate[]) null);
155         event = new HandshakeCompletedEvent(socket, session);
156         Certificate[] res = event.getPeerCertificates();
157         assertEquals(3, res.length);
158     }
159 
160     /**
161      * @throws IOException
162      * javax.net.ssl.HandshakeCompletedEvent#getPeerPrincipal()
163      */
test_getPeerPrincipal()164     public final void test_getPeerPrincipal() throws IOException {
165         mySSLSession session = new mySSLSession("localhost", 1080, null);
166         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
167         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
168         assertNull(event.getPeerPrincipal());
169     }
170 
171     /**
172      * @throws IOException
173      * javax.net.ssl.HandshakeCompletedEvent#getSession()
174      */
test_getSession()175     public final void test_getSession() throws IOException {
176         mySSLSession session = new mySSLSession("localhost", 1080, null);
177         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
178         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
179         SSLSession ss = event.getSession();
180         assertNotNull(ss);
181         assertEquals(session, ss);
182     }
183 
184     /**
185      * @throws IOException
186      * javax.net.ssl.HandshakeCompletedEvent#getSocket()
187      */
test_getSocket()188     public final void test_getSocket() throws IOException {
189         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
190         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, null);
191         SSLSocket ss = event.getSocket();
192         assertNotNull(ss);
193         assertEquals(socket, ss);
194     }
195 
196 
197     // Regression test for CompletedHandshakeEvent not firing with a custom
198     // TrustManager
199 
200 
201     private SSLSocket socket;
202     private SSLServerSocket serverSocket;
203     private MyHandshakeListener listener;
204     private String host = "localhost";
205 
206     private String PASSWORD = "android";
207 
208     /**
209      * Defines the keystore contents for the server, BKS version. Holds just a
210      * single self-generated key. The subject name is "Test Server".
211      */
212     private static final String SERVER_KEYS_BKS =
213             "AAAAAQAAABQDkebzoP1XwqyWKRCJEpn/t8dqIQAABDkEAAVteWtleQAAARpYl20nAAAAAQAFWC41"
214             + "MDkAAAJNMIICSTCCAbKgAwIBAgIESEfU1jANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET"
215             + "MBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNV"
216             + "BAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgU2VydmVyMB4XDTA4MDYwNTExNTgxNFoXDTA4MDkw"
217             + "MzExNTgxNFowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01U"
218             + "VjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRQwEgYDVQQDEwtUZXN0IFNlcnZl"
219             + "cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LIdKaIr9/vsTq8BZlA3R+NFWRaH4lGsTAQy"
220             + "DPMF9ZqEDOaL6DJuu0colSBBBQ85hQTPa9m9nyJoN3pEi1hgamqOvQIWcXBk+SOpUGRZZFXwniJV"
221             + "zDKU5nE9MYgn2B9AoiH3CSuMz6HRqgVaqtppIe1jhukMc/kHVJvlKRNy9XMCAwEAATANBgkqhkiG"
222             + "9w0BAQUFAAOBgQC7yBmJ9O/eWDGtSH9BH0R3dh2NdST3W9hNZ8hIa8U8klhNHbUCSSktZmZkvbPU"
223             + "hse5LI3dh6RyNDuqDrbYwcqzKbFJaq/jX9kCoeb3vgbQElMRX8D2ID1vRjxwlALFISrtaN4VpWzV"
224             + "yeoHPW4xldeZmoVtjn8zXNzQhLuBqX2MmAAAAqwAAAAUvkUScfw9yCSmALruURNmtBai7kQAAAZx"
225             + "4Jmijxs/l8EBaleaUru6EOPioWkUAEVWCxjM/TxbGHOi2VMsQWqRr/DZ3wsDmtQgw3QTrUK666sR"
226             + "MBnbqdnyCyvM1J2V1xxLXPUeRBmR2CXorYGF9Dye7NkgVdfA+9g9L/0Au6Ugn+2Cj5leoIgkgApN"
227             + "vuEcZegFlNOUPVEs3SlBgUF1BY6OBM0UBHTPwGGxFBBcetcuMRbUnu65vyDG0pslT59qpaR0TMVs"
228             + "P+tcheEzhyjbfM32/vwhnL9dBEgM8qMt0sqF6itNOQU/F4WGkK2Cm2v4CYEyKYw325fEhzTXosck"
229             + "MhbqmcyLab8EPceWF3dweoUT76+jEZx8lV2dapR+CmczQI43tV9btsd1xiBbBHAKvymm9Ep9bPzM"
230             + "J0MQi+OtURL9Lxke/70/MRueqbPeUlOaGvANTmXQD2OnW7PISwJ9lpeLfTG0LcqkoqkbtLKQLYHI"
231             + "rQfV5j0j+wmvmpMxzjN3uvNajLa4zQ8l0Eok9SFaRr2RL0gN8Q2JegfOL4pUiHPsh64WWya2NB7f"
232             + "V+1s65eA5ospXYsShRjo046QhGTmymwXXzdzuxu8IlnTEont6P4+J+GsWk6cldGbl20hctuUKzyx"
233             + "OptjEPOKejV60iDCYGmHbCWAzQ8h5MILV82IclzNViZmzAapeeCnexhpXhWTs+xDEYSKEiG/camt"
234             + "bhmZc3BcyVJrW23PktSfpBQ6D8ZxoMfF0L7V2GQMaUg+3r7ucrx82kpqotjv0xHghNIm95aBr1Qw"
235             + "1gaEjsC/0wGmmBDg1dTDH+F1p9TInzr3EFuYD0YiQ7YlAHq3cPuyGoLXJ5dXYuSBfhDXJSeddUkl"
236             + "k1ufZyOOcskeInQge7jzaRfmKg3U94r+spMEvb0AzDQVOKvjjo1ivxMSgFRZaDb/4qw=";
237 
238     /**
239      * Defines the keystore contents for the server, JKS version. Holds just a
240      * single self-generated key. The subject name is "Test Server".
241      */
242     private static final String SERVER_KEYS_JKS =
243             "/u3+7QAAAAIAAAABAAAAAQAFbXlrZXkAAAEaWFfBeAAAArowggK2MA4GCisGAQQBKgIRAQEFAASC"
244             + "AqI2kp5XjnF8YZkhcF92YsJNQkvsmH7zqMM87j23zSoV4DwyE3XeC/gZWq1ToScIhoqZkzlbWcu4"
245             + "T/Zfc/DrfGk/rKbBL1uWKGZ8fMtlZk8KoAhxZk1JSyJvdkyKxqmzUbxk1OFMlN2VJNu97FPVH+du"
246             + "dvjTvmpdoM81INWBW/1fZJeQeDvn4mMbbe0IxgpiLnI9WSevlaDP/sm1X3iO9yEyzHLL+M5Erspo"
247             + "Cwa558fOu5DdsICMXhvDQxjWFKFhPHnKtGe+VvwkG9/bAaDgx3kfhk0w5zvdnkKb+8Ed9ylNRzdk"
248             + "ocAa/mxlMTOsTvDKXjjsBupNPIIj7OP4GNnZaxkJjSs98pEO67op1GX2qhy6FSOPNuq8k/65HzUc"
249             + "PYn6voEeh6vm02U/sjEnzRevQ2+2wXoAdp0EwtQ/DlMe+NvcwPGWKuMgX4A4L93DZGb04N2VmAU3"
250             + "YLOtZwTO0LbuWrcCM/q99G/7LcczkxIVrO2I/rh8RXVczlf9QzcrFObFv4ATuspWJ8xG7DhsMbnk"
251             + "rT94Pq6TogYeoz8o8ZMykesAqN6mt/9+ToIemmXv+e+KU1hI5oLwWMnUG6dXM6hIvrULY6o+QCPH"
252             + "172YQJMa+68HAeS+itBTAF4Clm/bLn6reHCGGU6vNdwU0lYldpiOj9cB3t+u2UuLo6tiFWjLf5Zs"
253             + "EQJETd4g/EK9nHxJn0GAKrWnTw7pEHQJ08elzUuy04C/jEEG+4QXU1InzS4o/kR0Sqz2WTGDoSoq"
254             + "ewuPRU5bzQs/b9daq3mXrnPtRBL6HfSDAdpTK76iHqLCGdqx3avHjVSBm4zFvEuYBCev+3iKOBmg"
255             + "yh7eQRTjz4UOWfy85omMBr7lK8PtfVBDzOXpasxS0uBgdUyBDX4tO6k9jZ8a1kmQRQAAAAEABVgu"
256             + "NTA5AAACSDCCAkQwggGtAgRIR8SKMA0GCSqGSIb3DQEBBAUAMGkxCzAJBgNVBAYTAlVTMRMwEQYD"
257             + "VQQIEwpDYWxpZm9ybmlhMQwwCgYDVQQHEwNNVFYxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMH"
258             + "QW5kcm9pZDEUMBIGA1UEAxMLVGVzdCBTZXJ2ZXIwHhcNMDgwNjA1MTA0ODQyWhcNMDgwOTAzMTA0"
259             + "ODQyWjBpMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8w"
260             + "DQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgU2VydmVyMIGf"
261             + "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwoC6chqCI84rj1PrXuJgbiit4EV909zR6N0jNlYfg"
262             + "itwB39bP39wH03rFm8T59b3mbSptnGmCIpLZn25KPPFsYD3JJ+wFlmiUdEP9H05flfwtFQJnw9uT"
263             + "3rRIdYVMPcQ3RoZzwAMliGr882I2thIDbA6xjGU/1nRIdvk0LtxH3QIDAQABMA0GCSqGSIb3DQEB"
264             + "BAUAA4GBAJn+6YgUlY18Ie+0+Vt8oEi81DNi/bfPrAUAh63fhhBikx/3R9dl3wh09Z6p7cIdNxjW"
265             + "n2ll+cRW9eqF7z75F0Omm0C7/KAEPjukVbszmzeU5VqzkpSt0j84YWi+TfcHRrfvhLbrlmGITVpY"
266             + "ol5pHLDyqGmDs53pgwipWqsn/nEXEBgj3EoqPeqHbDf7YaP8h/5BSt0=";
267 
268     /**
269      * Defines the keystore contents for the client, JKS version. Holds just a
270      * single self-generated key. The subject name is "Test Client".
271      */
272     private static final String CLIENT_KEYS_JKS =
273             "/u3+7QAAAAIAAAABAAAAAQAFbXlrZXkAAAEaWFhyMAAAArkwggK1MA4GCisGAQQBKgIRAQEFAASC"
274             + "AqGVSfXolBStZy4nnRNn4fAr+S7kfU2BS23wwW8uB2Ru3GvtLzlK9q08Gvq/LNqBafjyFTVL5FV5"
275             + "SED/8YomO5a98GpskSeRvytCiTBLJdgGhws5TOGekgIAcBROPGIyOtJPQ0HfOQs+BqgzGDHzHQhw"
276             + "u/8Tm6yQwiP+W/1I9B1QnaEztZA3mhTyMMJsmsFTYroGgAog885D5Cmzd8sYGfxec3R6I+xcmBAY"
277             + "eibR5kGpWwt1R+qMvRrtBqh5r6WSKhCBNax+SJVbtUNRiKyjKccdJg6fGqIWWeivwYTy0OhjA6b4"
278             + "NiZ/ZZs5pxFGWUj/Rlp0RYy8fCF6aw5/5s4Bf4MI6dPSqMG8Hf7sJR91GbcELyzPdM0h5lNavgit"
279             + "QPEzKeuDrGxhY1frJThBsNsS0gxeu+OgfJPEb/H4lpYX5IvuIGbWKcxoO9zq4/fimIZkdA8A+3eY"
280             + "mfDaowvy65NBVQPJSxaOyFhLHfeLqOeCsVENAea02vA7andZHTZehvcrqyKtm+z8ncHGRC2H9H8O"
281             + "jKwKHfxxrYY/jMAKLl00+PBb3kspO+BHI2EcQnQuMw/zr83OR9Meq4TJ0TMuNkApZELAeFckIBbS"
282             + "rBr8NNjAIfjuCTuKHhsTFWiHfk9ZIzigxXagfeDRiyVc6khOuF/bGorj23N2o7Rf3uLoU6PyXWi4"
283             + "uhctR1aL6NzxDoK2PbYCeA9hxbDv8emaVPIzlVwpPK3Ruvv9mkjcOhZ74J8bPK2fQmbplbOljcZi"
284             + "tZijOfzcO/11JrwhuJZRA6wanTqHoujgChV9EukVrmbWGGAcewFnAsSbFXIik7/+QznXaDIt5NgL"
285             + "H/Bcz4Z/fdV7Ae1eUaxKXdPbI//4J+8liVT/d8awjW2tldIaDlmGMR3aoc830+3mAAAAAQAFWC41"
286             + "MDkAAAJIMIICRDCCAa0CBEhHxLgwDQYJKoZIhvcNAQEEBQAwaTELMAkGA1UEBhMCVVMxEzARBgNV"
287             + "BAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01UVjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdB"
288             + "bmRyb2lkMRQwEgYDVQQDEwtUZXN0IENsaWVudDAeFw0wODA2MDUxMDQ5MjhaFw0wODA5MDMxMDQ5"
289             + "MjhaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQwwCgYDVQQHEwNNVFYxDzAN"
290             + "BgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHQW5kcm9pZDEUMBIGA1UEAxMLVGVzdCBDbGllbnQwgZ8w"
291             + "DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIK3Q+KiFbmCGg422TAo4gggdhMH6FJhiuz8DxRyeMKR"
292             + "UAfP4MK0wtc8N42waZ6OKvxpBFUy0BRfBsX0GD4Ku99yu9/tavSigTraeJtwV3WWRRjIqk7L3wX5"
293             + "cmgS2KSD43Y0rNUKrko26lnt9N4qiYRBSj+tcAN3Lx9+ptqk1LApAgMBAAEwDQYJKoZIhvcNAQEE"
294             + "BQADgYEANb7Q1GVSuy1RPJ0FmiXoMYCCtvlRLkmJphwxovK0cAQK12Vll+yAzBhHiQHy/RA11mng"
295             + "wYudC7u3P8X/tBT8GR1Yk7QW3KgFyPafp3lQBBCraSsfrjKj+dCLig1uBLUr4f68W8VFWZWWTHqp"
296             + "NMGpCX6qmjbkJQLVK/Yfo1ePaUexPSOX0G9m8+DoV3iyNw6at01NRw==";
297 
298     /**
299      * Defines the keystore contents for the client, BKS version. Holds just a
300      * single self-generated key. The subject name is "Test Client".
301      */
302     private static final String CLIENT_KEYS_BKS =
303             "AAAAAQAAABT4Rka6fxbFps98Y5k2VilmbibNkQAABfQEAAVteWtleQAAARpYl+POAAAAAQAFWC41"
304             + "MDkAAAJNMIICSTCCAbKgAwIBAgIESEfU9TANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET"
305             + "MBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNV"
306             + "BAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgQ2xpZW50MB4XDTA4MDYwNTExNTg0NVoXDTA4MDkw"
307             + "MzExNTg0NVowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01U"
308             + "VjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRQwEgYDVQQDEwtUZXN0IENsaWVu"
309             + "dDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApUvmWsQDHPpbDKK13Yez2/q54tTOmRml/qva"
310             + "2K6dZjkjSTW0iRuk7ztaVEvdJpfVIDv1oBsCI51ttyLHROy1epjF+GoL74mJb7fkcd0VOoSOTjtD"
311             + "+3GgZkHPAm5YmUYxiJXqxKKJJqMCTIW46eJaA2nAep9QIwZ14/NFAs4ObV8CAwEAATANBgkqhkiG"
312             + "9w0BAQUFAAOBgQCJrCr3hZQFDlLIfsSKI1/w+BLvyf4fubOid0pBxfklR8KBNPTiqjSmu7pd/C/F"
313             + "1FR8CdZUDoPflZHCOU+fj5r5KUC1HyigY/tEUvlforBpfB0uCF+tXW4DbUfOWhfMtLV4nCOJOOZg"
314             + "awfZLJWBJouLKOp427vDftxTSB+Ks8YjlgAAAqwAAAAU+NH6TtrzjyDdCXm5B6Vo7xX5G4YAAAZx"
315             + "EAUkcZtmykn7YdaYxC1jRFJ+GEJpC8nZVg83QClVuCSIS8a5f8Hl44Bk4oepOZsPzhtz3RdVzDVi"
316             + "RFfoyZFsrk9F5bDTVJ6sQbb/1nfJkLhZFXokka0vND5AXMSoD5Bj1Fqem3cK7fSUyqKvFoRKC3XD"
317             + "FQvhqoam29F1rbl8FaYdPvhhZo8TfZQYUyUKwW+RbR44M5iHPx+ykieMe/C/4bcM3z8cwIbYI1aO"
318             + "gjQKS2MK9bs17xaDzeAh4sBKrskFGrDe+2dgvrSKdoakJhLTNTBSG6m+rzqMSCeQpafLKMSjTSSz"
319             + "+KoQ9bLyax8cbvViGGju0SlVhquloZmKOfHr8TukIoV64h3uCGFOVFtQjCYDOq6NbfRvMh14UVF5"
320             + "zgDIGczoD9dMoULWxBmniGSntoNgZM+QP6Id7DBasZGKfrHIAw3lHBqcvB5smemSu7F4itRoa3D8"
321             + "N7hhUEKAc+xA+8NKmXfiCBoHfPHTwDvt4IR7gWjeP3Xv5vitcKQ/MAfO5RwfzkYCXQ3FfjfzmsE1"
322             + "1IfLRDiBj+lhQSulhRVStKI88Che3M4JUNGKllrc0nt1pWa1vgzmUhhC4LSdm6trTHgyJnB6OcS9"
323             + "t2furYjK88j1AuB4921oxMxRm8c4Crq8Pyuf+n3YKi8Pl2BzBtw++0gj0ODlgwut8SrVj66/nvIB"
324             + "jN3kLVahR8nZrEFF6vTTmyXi761pzq9yOVqI57wJGx8o3Ygox1p+pWUPl1hQR7rrhUbgK/Q5wno9"
325             + "uJk07h3IZnNxE+/IKgeMTP/H4+jmyT4mhsexJ2BFHeiKF1KT/FMcJdSi+ZK5yoNVcYuY8aZbx0Ef"
326             + "lHorCXAmLFB0W6Cz4KPP01nD9YBB4olxiK1t7m0AU9zscdivNiuUaB5OIEr+JuZ6dNw=";
327 
328 
329     /**
330      * Implements the actual test case. Launches a server and a client, requires
331      * client authentication and checks the certificates afterwards (not in the
332      * usual sense, we just make sure that we got the expected certificates,
333      * because our self-signed test certificates are not valid.)
334      */
335 
testClientAuth()336     public void testClientAuth() throws Exception {
337 
338         boolean useBKS = true;
339 
340         listener = new MyHandshakeListener();
341         String serverKeys = (useBKS ? SERVER_KEYS_BKS : SERVER_KEYS_JKS);
342         String clientKeys = (useBKS ? CLIENT_KEYS_BKS : CLIENT_KEYS_JKS);
343         TestServer server = new TestServer(true,
344                                            TestServer.CLIENT_AUTH_WANTED, serverKeys);
345         TestClient client = new TestClient(true, clientKeys);
346 
347         Thread serverThread = new Thread(server);
348         Thread clientThread = new Thread(client);
349 
350         serverThread.start();
351         Thread.currentThread().sleep(3000);
352         clientThread.start();
353 
354         serverThread.join();
355         clientThread.join();
356 
357         // The server must have completed without an exception.
358         Exception e = server.getException();
359         if (e != null) {
360             e.printStackTrace();
361         }
362 
363         // The client must have completed without an exception.
364         e = client.getException();
365         if (e != null) {
366             e.printStackTrace();
367         }
368 
369         assertNull(e);
370 
371         assertTrue(listener.completeDone);
372     }
373 
374     /**
375      * Implements a test SSL socket server. It wait for a connection on a given
376      * port, requests client authentication (if specified), reads 256 bytes
377      * from the socket, and writes 256 bytes to the socket.
378      */
379     class TestServer implements Runnable {
380 
381         public static final int CLIENT_AUTH_NONE = 0;
382 
383         public static final int CLIENT_AUTH_WANTED = 1;
384 
385         public static final int CLIENT_AUTH_NEEDED = 2;
386 
387         private TestTrustManager trustManager;
388 
389         private Exception exception;
390 
391         String keys;
392 
393         private int clientAuth;
394 
395         private boolean provideKeys;
396 
TestServer(boolean provideKeys, int clientAuth, String keys)397         public TestServer(boolean provideKeys, int clientAuth, String keys) throws Exception {
398             this.keys = keys;
399             this.clientAuth = clientAuth;
400             this.provideKeys = provideKeys;
401 
402             trustManager = new TestTrustManager();
403 
404             KeyManager[] keyManagers = provideKeys ? getKeyManagers(keys) : null;
405             TrustManager[] trustManagers = new TrustManager[] { trustManager };
406 
407             SSLContext sslContext = SSLContext.getInstance("TLS");
408             sslContext.init(keyManagers, trustManagers, null);
409 
410             serverSocket = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket();
411 
412             if (clientAuth == CLIENT_AUTH_WANTED) {
413                 serverSocket.setWantClientAuth(true);
414             } else if (clientAuth == CLIENT_AUTH_NEEDED) {
415                 serverSocket.setNeedClientAuth(true);
416             } else {
417                 serverSocket.setWantClientAuth(false);
418             }
419 
420             serverSocket.bind(new InetSocketAddress(0));
421         }
422 
run()423         public void run() {
424             try {
425                 SSLSocket clientSocket = (SSLSocket)serverSocket.accept();
426 
427                 InputStream istream = clientSocket.getInputStream();
428 
429                 for (int i = 0; i < 256; i++) {
430                     int j = istream.read();
431                     assertEquals(i, j);
432                 }
433 
434                 OutputStream ostream = clientSocket.getOutputStream();
435 
436                 for (int i = 0; i < 256; i++) {
437                     ostream.write(i);
438                 }
439 
440                 ostream.flush();
441                 ostream.close();
442 
443                 clientSocket.close();
444                 serverSocket.close();
445 
446             } catch (Exception ex) {
447                 exception = ex;
448             }
449         }
450 
getException()451         public Exception getException() {
452             return exception;
453         }
454 
getChain()455         public X509Certificate[] getChain() {
456             return trustManager.getChain();
457         }
458 
459     }
460 
461     /**
462      * Implements a test SSL socket client. It open a connection to localhost on
463      * a given port, writes 256 bytes to the socket, and reads 256 bytes from the
464      * socket.
465      */
466     class TestClient implements Runnable {
467 
468         private TestTrustManager trustManager;
469 
470         private Exception exception;
471 
472         private String keys;
473 
474         private boolean provideKeys;
475 
TestClient(boolean provideKeys, String keys)476         public TestClient(boolean provideKeys, String keys) {
477             this.keys = keys;
478             this.provideKeys = provideKeys;
479 
480             trustManager = new TestTrustManager();
481         }
482 
run()483         public void run() {
484             try {
485                 KeyManager[] keyManagers = provideKeys ? getKeyManagers(keys) : null;
486                 TrustManager[] trustManagers = new TrustManager[] { trustManager };
487 
488                 SSLContext sslContext = SSLContext.getInstance("TLS");
489                 sslContext.init(keyManagers, trustManagers, null);
490 
491                 SSLSocket socket = (SSLSocket)sslContext.getSocketFactory().createSocket();
492 
493                 socket.connect(serverSocket.getLocalSocketAddress());
494                 socket.addHandshakeCompletedListener(listener);
495                 socket.startHandshake();
496 
497                 OutputStream ostream = socket.getOutputStream();
498 
499                 for (int i = 0; i < 256; i++) {
500                     ostream.write(i);
501                 }
502 
503                 ostream.flush();
504 
505                 InputStream istream = socket.getInputStream();
506 
507                 for (int i = 0; i < 256; i++) {
508                     int j = istream.read();
509                     assertEquals(i, j);
510                 }
511 
512                 istream.close();
513 
514                 socket.close();
515 
516             } catch (Exception ex) {
517                 exception = ex;
518             }
519         }
520 
getException()521         public Exception getException() {
522             return exception;
523         }
524 
getChain()525         public X509Certificate[] getChain() {
526             return trustManager.getChain();
527         }
528     }
529 
530     /**
531      * Loads a keystore from a base64-encoded String. Returns the KeyManager[]
532      * for the result.
533      */
getKeyManagers(String keys)534     private KeyManager[] getKeyManagers(String keys) throws Exception {
535         byte[] bytes = Base64.getDecoder().decode(keys.getBytes());
536         InputStream inputStream = new ByteArrayInputStream(bytes);
537 
538         KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
539         keyStore.load(inputStream, PASSWORD.toCharArray());
540         inputStream.close();
541 
542         String algorithm = KeyManagerFactory.getDefaultAlgorithm();
543         KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(algorithm);
544         keyManagerFactory.init(keyStore, PASSWORD.toCharArray());
545 
546         return keyManagerFactory.getKeyManagers();
547     }
548 
549 
550     /**
551      * Implements basically a fake TrustManager. It stores the certificate
552      * chain it sees, so it can later be queried.
553      */
554     public static class TestTrustManager implements X509TrustManager {
555 
556         private X509Certificate[] chain;
557 
558         private String authType;
559 
checkClientTrusted(X509Certificate[] chain, String authType)560         public void checkClientTrusted(X509Certificate[] chain, String authType) {
561             this.chain = chain;
562             this.authType = authType;
563         }
564 
checkServerTrusted(X509Certificate[] chain, String authType)565         public void checkServerTrusted(X509Certificate[] chain, String authType) {
566             this.chain = chain;
567             this.authType = authType;
568         }
569 
getAcceptedIssuers()570         public java.security.cert.X509Certificate[] getAcceptedIssuers() {
571             return new java.security.cert.X509Certificate[0];
572         }
573 
getChain()574         public X509Certificate[] getChain() {
575             return chain;
576         }
577 
getAuthType()578         public String getAuthType() {
579             return authType;
580         }
581 
checkClientTrusted( java.security.cert.X509Certificate[] chain, String authType)582         public void checkClientTrusted(
583                 java.security.cert.X509Certificate[] chain, String authType)
584                 throws CertificateException {
585 
586         }
587 
checkServerTrusted( java.security.cert.X509Certificate[] chain, String authType)588         public void checkServerTrusted(
589                 java.security.cert.X509Certificate[] chain, String authType)
590                 throws CertificateException {
591 
592         }
593 
594     }
595 
596     class MyHandshakeListener implements HandshakeCompletedListener {
597 
598         public boolean completeDone;
599 
MyHandshakeListener()600         MyHandshakeListener() {
601             completeDone = false;
602         }
603 
handshakeCompleted(HandshakeCompletedEvent event)604         public void handshakeCompleted(HandshakeCompletedEvent event) {
605             if (event != null) completeDone = true;
606         }
607     }
608 }
609