1 /**
   2  * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it under
   6  * the terms of the GNU General Public License version 2 only, as published by
   7  * the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT ANY
  10  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
  11  * A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more
  12  * details (a copy is included in the LICENSE file that accompanied this code).
  13  *
  14  * You should have received a copy of the GNU General Public License version 2
  15  * along with this work; if not, write to the Free Software Foundation, Inc., 51
  16  * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  17  *
  18  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA or
  19  * visit www.oracle.com if you need additional information or have any
  20  * questions.
  21  */
  22 
  23 import java.io.ByteArrayInputStream;
  24 import java.io.EOFException;
  25 import java.io.File;
  26 import java.io.FileInputStream;
  27 import java.io.FileNotFoundException;
  28 import java.io.IOException;
  29 import java.io.InputStream;
  30 import java.io.OutputStream;
  31 import java.net.Socket;
  32 import java.security.KeyFactory;
  33 import java.security.KeyStore;
  34 import java.security.KeyStoreException;
  35 import java.security.NoSuchAlgorithmException;
  36 import java.security.Principal;
  37 import java.security.PrivateKey;
  38 import java.security.SecureRandom;
  39 import java.security.UnrecoverableKeyException;
  40 import java.security.cert.Certificate;
  41 import java.security.cert.CertificateException;
  42 import java.security.cert.CertificateFactory;
  43 import java.security.cert.X509Certificate;
  44 import java.security.interfaces.RSAPrivateKey;
  45 import java.security.spec.InvalidKeySpecException;
  46 import java.security.spec.PKCS8EncodedKeySpec;
  47 import java.util.ArrayList;
  48 import java.util.Arrays;
  49 import java.util.Base64;
  50 import java.util.List;
  51 import javax.net.ssl.KeyManagerFactory;
  52 import javax.net.ssl.SSLEngine;
  53 import javax.net.ssl.SSLServerSocket;
  54 import javax.net.ssl.SSLSocket;
  55 import javax.net.ssl.SSLSocketFactory;
  56 import javax.net.ssl.TrustManager;
  57 import javax.net.ssl.TrustManagerFactory;
  58 import javax.net.ssl.X509ExtendedKeyManager;
  59 import javax.net.ssl.X509TrustManager;
  60 
  61 /**
  62  * Test that all ciphersuites work in all versions and all client authentication
  63  * types. The way this is setup the server is stateless and all checking is done
  64  * on the client side.
  65  */
  66 
  67 public class CipherTestUtils {
  68 
  69     public static final int TIMEOUT = 20 * 1000;
  70     public static final SecureRandom secureRandom = new SecureRandom();
  71     public static char[] PASSWORD = "passphrase".toCharArray();
  72     private static final List<TestParameters> TESTS = new ArrayList<>(3);
  73     private static final List<Exception> EXCEPTIONS = new ArrayList<>(1);
  74     private static final String CLIENT_PUBLIC_KEY
  75         = "-----BEGIN CERTIFICATE-----\n"
  76         + "MIICtTCCAh4CCQDkYJ46DMcGRjANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMC\n"
  77         + "VVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR8wHQYDVQQK\n"
  78         + "DBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMSYwJAYDVQQLDB1TdW4gTWljcm9zeXN0\n"
  79         + "ZW1zIExhYm9yYXRvcmllczEfMB0GA1UEAwwWVGVzdCBDQSAoMTAyNCBiaXQgUlNB\n"
  80         + "KTAeFw0wOTA0MjcwNDA0MDhaFw0xMzA2MDUwNDA0MDhaMIGgMQswCQYDVQQGEwJV\n"
  81         + "UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHzAdBgNVBAoM\n"
  82         + "FlN1biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsMHVN1biBNaWNyb3N5c3Rl\n"
  83         + "bXMgTGFib3JhdG9yaWVzMSMwIQYDVQQDDBpUZXN0IENsaWVudCAoMTAyNCBiaXQg\n"
  84         + "UlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAm5rwjmhO7Nwd5GWs+KvQ\n"
  85         + "UnDiqpRDvRriOUFdF0rCI2Op24C+iwUMDGxPsgP7VkUpOdJhw3c72aP0CAWcZ5dN\n"
  86         + "UCW7WVDAxnogCahLCir1jjoGdEjiNGOy0L9sypsM9UvBzJN8uvXsxsTZX4Z88cKU\n"
  87         + "G7RUvN8LQ88zDljk5zr3c2MCAwEAATANBgkqhkiG9w0BAQUFAAOBgQA7LUDrzHln\n"
  88         + "EXuGmwZeeroACB6DVtkClMskF/Pj5GnTxoeNN9DggycX/eOeIDKRloHuMpBeZPJH\n"
  89         + "NUwFu4LB6HBDeldQD9iRp8zD/fPakOdN+1Gk5hciIZZJ5hQmeCl7Va2Gr64vUqZG\n"
  90         + "MkVU755t+7ByLgzWuhPhhsX9QCuPR5FjvQ==\n"
  91         + "-----END CERTIFICATE-----";
  92 
  93     private static final String CLIENT_PRIVATE_KEY
  94         = "-----BEGIN PRIVATE KEY-----\n"
  95         + "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJua8I5oTuzcHeRl\n"
  96         + "rPir0FJw4qqUQ70a4jlBXRdKwiNjqduAvosFDAxsT7ID+1ZFKTnSYcN3O9mj9AgF\n"
  97         + "nGeXTVAlu1lQwMZ6IAmoSwoq9Y46BnRI4jRjstC/bMqbDPVLwcyTfLr17MbE2V+G\n"
  98         + "fPHClBu0VLzfC0PPMw5Y5Oc693NjAgMBAAECgYA5w73zj8Nk6J3sMNaShe3S/PcY\n"
  99         + "TewLopRCnwI46FbDnnbq9pNFtnzvi7HWKuY983THc1M5peTA+b1Y0QRr7F4Vg4x9\n"
 100         + "9UM0B/tZcIIcJJ3LS+9fXKCbYLQWq5F05JqeZu+i+QLmJFO5+2p7laeQ4oQfW7QE\n"
 101         + "YR4u2mSaLe0SsqHvOQJBAMhgcye9C6pJO0eo2/VtRxAXI7zxNAIjHwKo1cva7bhu\n"
 102         + "GdrMaEAJBAsMJ1GEk7/WDI+3KEbTjQdfIJuAvOR4FXUCQQDGzNn/tl2k93v/ugyM\n"
 103         + "/tBhCKDipYDIbyJMoG2AOtOGmCsiGo5L7idO4OAcm/QiHBQMXjFIVgTUcH8MhGj4\n"
 104         + "blJ3AkA5fUqsxRV6tuYWKkFpif/QgwMS65VDY7Y6+hvVECwSNSyf1PO4I54QWV1S\n"
 105         + "ixok+RHDjgY1Q+77hXSCiQ4o8rcdAkBHvjfR+5sx5IpgUGElJPRIgFenU3j1XH3x\n"
 106         + "T1gVFaWuhg3S4eiGaGzRH4BhcrqY8K8fg4Kfi0N08yA2gTZsqUujAkEAjuNPTuKx\n"
 107         + "ti0LXI09kbGUqOpRMm1zW5TD6LFeEaUN6oxrSZI2YUvu7VyotAqsxX5O0u0f3VQw\n"
 108         + "ySF0Q1oZ6qu7cg==\n"
 109         + "-----END PRIVATE KEY-----";
 110     private static final String SERVER_PUBLIC_KEY
 111         = "-----BEGIN CERTIFICATE-----\n"
 112         + "MIICtTCCAh4CCQDkYJ46DMcGRTANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMC\n"
 113         + "VVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR8wHQYDVQQK\n"
 114         + "DBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMSYwJAYDVQQLDB1TdW4gTWljcm9zeXN0\n"
 115         + "ZW1zIExhYm9yYXRvcmllczEfMB0GA1UEAwwWVGVzdCBDQSAoMTAyNCBiaXQgUlNB\n"
 116         + "KTAeFw0wOTA0MjcwNDA0MDhaFw0xMzA2MDUwNDA0MDhaMIGgMQswCQYDVQQGEwJV\n"
 117         + "UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHzAdBgNVBAoM\n"
 118         + "FlN1biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsMHVN1biBNaWNyb3N5c3Rl\n"
 119         + "bXMgTGFib3JhdG9yaWVzMSMwIQYDVQQDDBpUZXN0IFNlcnZlciAoMTAyNCBiaXQg\n"
 120         + "UlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsHHeZ1O67yuxQKDSAOC\n"
 121         + "Xm271ViwBrXkxe5cvhG8MCCem6Z3XeZ/m6c2ucRwLaQxnmG1m0G6/OYaUXTivjcG\n"
 122         + "/K4bc1I+yjghAWQNLBtsOiP9w0LKibg3TSDehpeuuz/lmB5A4HMqQr8KkY4K7peD\n"
 123         + "1QkJ2Dn3zhbwQ/0d8f5CCbkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBOd8XojEnu\n"
 124         + "eTUHBwqfmnvRQvbICFDNbbL4KuX/JNPSy1WMGAEbNCTLZ+5yP69js8aUYqAk5vVf\n"
 125         + "dWRLU3MDiEzW7zxE1ubuKWjVuyGbG8Me0G01Hw+evBcZqB64Fz3OFISVfQh7MqE/\n"
 126         + "O0AeakRMH350FRLNl4o6KBSXmF/AADfqQQ==\n"
 127         + "-----END CERTIFICATE-----";
 128 
 129     private static final String SERVER_PRIVATE_KEY
 130         = "-----BEGIN PRIVATE KEY-----\n"
 131         + "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAK7Bx3mdTuu8rsUC\n"
 132         + "g0gDgl5tu9VYsAa15MXuXL4RvDAgnpumd13mf5unNrnEcC2kMZ5htZtBuvzmGlF0\n"
 133         + "4r43BvyuG3NSPso4IQFkDSwbbDoj/cNCyom4N00g3oaXrrs/5ZgeQOBzKkK/CpGO\n"
 134         + "Cu6Xg9UJCdg5984W8EP9HfH+Qgm5AgMBAAECgYAXUv+3qJo+9mjxHHu/IdDFn6nB\n"
 135         + "ONwNmTtWe5DfQWi3l7LznU0zOC9x6+hu9NvwC4kf1XSyqxw04tVCZ/JXZurEmEBz\n"
 136         + "YtcQ5idRQDkKYXEDOeVUfvtHO6xilzrhPKxxd0GG/sei2pozikkqnYF3OcP0qL+a\n"
 137         + "3nWixZQBRoF2nIRLcQJBAN97TJBr0XTRmE7OCKLUy1+ws7vZB9uQ2efHMsgwOpsY\n"
 138         + "3cEW5qd95hrxLU72sBeu9loHQgBrT2Q3OAxnsPXmgO0CQQDIL3u9kS/O3Ukx+n1H\n"
 139         + "JdPFQCRxrDm/vtJpQEmq+mLqxxnxCFRIYQ2ieAPokBxWeMDtdWJGD3VxhahjPfZm\n"
 140         + "5K59AkEAuDVl0tVMfUIWjT5/F9jXGjUIsZofQ/iN5OLpFOHMLPO+Nd6umPjJpwON\n"
 141         + "GT11wM/S+DprSPUrJ6vsYy1FTCuHsQJBAMXtnO07xgdE6AAQaRmVnyMiXmY+IQMj\n"
 142         + "CyuhsrToyDDWFyIoWB0QSMjg3QxuoHYnAqpGK5qV4ksSGgG13BCz/okCQQCRHTgn\n"
 143         + "DuFG2f7GYLFjI4NaTEzHGp+J9LiNYY1kYYLonpwAC3Z5hzJVanYT3/g23AUZ/fdF\n"
 144         + "v5PDIViuPo5ZB1eD\n"
 145         + "-----END PRIVATE KEY-----";
 146 
 147     private static final String CA_PUBLIC_KEY
 148         = "-----BEGIN CERTIFICATE-----\n"
 149         + "MIIDCDCCAnGgAwIBAgIJAIYlGfwNBY6NMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD\n"
 150         + "VQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHzAd\n"
 151         + "BgNVBAoMFlN1biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsMHVN1biBNaWNy\n"
 152         + "b3N5c3RlbXMgTGFib3JhdG9yaWVzMR8wHQYDVQQDDBZUZXN0IENBICgxMDI0IGJp\n"
 153         + "dCBSU0EpMB4XDTA5MDQyNzA0MDQwOFoXDTEzMDYwNTA0MDQwOFowgZwxCzAJBgNV\n"
 154         + "BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEfMB0G\n"
 155         + "A1UECgwWU3VuIE1pY3Jvc3lzdGVtcywgSW5jLjEmMCQGA1UECwwdU3VuIE1pY3Jv\n"
 156         + "c3lzdGVtcyBMYWJvcmF0b3JpZXMxHzAdBgNVBAMMFlRlc3QgQ0EgKDEwMjQgYml0\n"
 157         + "IFJTQSkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOK4DJxxb0XX6MJ1CVjp\n"
 158         + "9Gmr/Ua8MS12R58F9lDpSKuq8cFexA4W7OdZ4jtbKv0tRHX5YxmbnXedwS+gdcOA\n"
 159         + "GRgXMoeXlgTFGpdL+TR8xKIlMGRSjnR7MpR2tRyIYI2p+UTEiD6LTlIm5Wh4z1q8\n"
 160         + "LYbxyMVD1XNNNymvPM44OjsBAgMBAAGjUDBOMB0GA1UdDgQWBBT27BLUflmfdtbi\n"
 161         + "WTgjwWnoxop2MTAfBgNVHSMEGDAWgBT27BLUflmfdtbiWTgjwWnoxop2MTAMBgNV\n"
 162         + "HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEQELNzhZpjnSgigd+QJ6I/3CPDo\n"
 163         + "SDkMLdP1BHlT/DkMIZvABm+M09ePNlWiLYCNCsL9nWmX0gw0rFDKsTklZyKTUzaM\n"
 164         + "oy/AZCrAaoIc6SO5m1xE1RMyVxd/Y/kg6cbfWxxCJFlMeU5rsSdC97HTE/lDyuoh\n"
 165         + "BmlOBB7SdR+1ScjA\n"
 166         + "-----END CERTIFICATE-----";
 167 
 168     private static final String CA_PRIVATE_KEY
 169         = "-----BEGIN PRIVATE KEY-----\n"
 170         + "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOK4DJxxb0XX6MJ1\n"
 171         + "CVjp9Gmr/Ua8MS12R58F9lDpSKuq8cFexA4W7OdZ4jtbKv0tRHX5YxmbnXedwS+g\n"
 172         + "dcOAGRgXMoeXlgTFGpdL+TR8xKIlMGRSjnR7MpR2tRyIYI2p+UTEiD6LTlIm5Wh4\n"
 173         + "z1q8LYbxyMVD1XNNNymvPM44OjsBAgMBAAECgYEApmMOlk3FrQtsvjGof4GLp3Xa\n"
 174         + "tmvs54FzxKhagj0C4UHelNyYpAJ9MLjNiGQ7I31yTeaNrUCAi0XSfsKTSrwbLSnJ\n"
 175         + "qsUPKMBrnzcWrOyui2+cupHZXaTlNeYB97teLJYpa6Ql9CZLoTHoim1+//s7diBh\n"
 176         + "03Vls+M6Poi5PMvv59UCQQD+k/BiokmbBgWHfBY5cZSlx3Z4VTwSHJmHDTO3Tjso\n"
 177         + "EVErXUSVvqD/KHX6eM4VPM8lySV5djWV8lDsESCWMtiLAkEA4/xFNsiOLMQpxW/O\n"
 178         + "bt2tukxJkAxldD4lPoFZR+zbXtMtt8OjERtX2wD+nj6h7jfIeSyVuBEcBN8Uj8xe\n"
 179         + "kgfgIwJAPbKG4LCqHAsCjgpRrIxNVTwZByLJEy6hOqzFathn19cSj+rjs1Lm28/n\n"
 180         + "f9OFRnpdTbAJB/3REM0QNZYVCrG57wJBAN0KuTytZJNouaswhPCew5Kt5mDgc/kp\n"
 181         + "S8j3dk2zCto8W8Ygy1iJrzuqEjPxO+UQdrFtlde51vWuKGxnVIW3VwsCQEldqk7r\n"
 182         + "8y7PgquPP+k3L0OXno5wGBrPcW1+U0mhIZGnwSzE4SPX2ddqUSEUA/Av4RjAckL/\n"
 183         + "fpqmCkpTanyYW9U=\n"
 184         + "-----END PRIVATE KEY-----";
 185 
 186     private final SSLSocketFactory factory;
 187     private final X509ExtendedKeyManager clientKeyManager;
 188     private final X509ExtendedKeyManager serverKeyManager;
 189     private final X509TrustManager clientTrustManager;
 190     private final X509TrustManager serverTrustManager;
 191 
 192     static abstract class Server implements Runnable {
 193 
 194         final CipherTestUtils cipherTest;
 195 
 196         Server(CipherTestUtils cipherTest) throws Exception {
 197             this.cipherTest = cipherTest;
 198         }
 199 
 200         @Override
 201         public abstract void run();
 202 
 203         void handleRequest(InputStream in, OutputStream out)
 204                 throws IOException {
 205             boolean newline = false;
 206             StringBuilder sb = new StringBuilder();
 207             while (true) {
 208                 int ch = in.read();
 209                 if (ch < 0) {
 210                     throw new EOFException();
 211                 }
 212                 sb.append((char) ch);
 213                 if (ch == '\r') {
 214                     // empty
 215                 } else if (ch == '\n') {
 216                     if (newline) {
 217                         // 2nd newline in a row, end of request
 218                         break;
 219                     }
 220                     newline = true;
 221                 } else {
 222                     newline = false;
 223                 }
 224             }
 225             String request = sb.toString();
 226             if (request.startsWith("GET / HTTP/1.") == false) {
 227                 throw new IOException("Invalid request: " + request);
 228             }
 229             out.write("HTTP/1.0 200 OK\r\n\r\n".getBytes());
 230             out.write("Tested Scenario: ".getBytes());
 231             TestParameters tp = (TestParameters) CipherTestUtils.TESTS.get(0);
 232             out.write(tp.toString().getBytes());
 233             out.write(" Test PASSED.".getBytes());
 234         }
 235     }
 236 
 237     public static class TestParameters {
 238 
 239         String cipherSuite;
 240         String protocol;
 241         String clientAuth;
 242 
 243         TestParameters(String cipherSuite, String protocol,
 244                 String clientAuth) {
 245             this.cipherSuite = cipherSuite;
 246             this.protocol = protocol;
 247             this.clientAuth = clientAuth;
 248         }
 249 
 250         boolean isEnabled() {
 251             return true;
 252         }
 253 
 254         @Override
 255         public String toString() {
 256             String s = cipherSuite + " in " + protocol + " mode";
 257             if (clientAuth != null) {
 258                 s += " with " + clientAuth + " client authentication";
 259             }
 260             return s;
 261         }
 262     }
 263 
 264     private static volatile CipherTestUtils instnace = null;
 265 
 266     public static CipherTestUtils getInstance() throws IOException,
 267             FileNotFoundException, KeyStoreException,
 268             NoSuchAlgorithmException, CertificateException,
 269             UnrecoverableKeyException, InvalidKeySpecException {
 270         if (instnace == null) {
 271             synchronized (CipherTestUtils.class) {
 272                 if (instnace == null) {
 273                     instnace = new CipherTestUtils();
 274                 }
 275             }
 276         }
 277         return instnace;
 278     }
 279 
 280     public static void setTestedArguments(String testedProtocol,
 281             String testedCipherSuite) {
 282 
 283         TestParameters testedParams;
 284 
 285         String cipherSuite = testedCipherSuite.trim();
 286         if (cipherSuite.startsWith("SSL_")) {
 287             testedParams =
 288                 new TestParameters(cipherSuite, testedProtocol, null);
 289             TESTS.add(testedParams);
 290 
 291         } else {
 292             System.out.println("Your input Cipher suites is not correct, "
 293                     + "please try another one .");
 294         }
 295     }
 296 
 297     public X509ExtendedKeyManager getClientKeyManager() {
 298         return clientKeyManager;
 299     }
 300 
 301     public X509TrustManager getClientTrustManager() {
 302         return clientTrustManager;
 303     }
 304 
 305     public X509ExtendedKeyManager getServerKeyManager() {
 306         return serverKeyManager;
 307     }
 308 
 309     public X509TrustManager getServerTrustManager() {
 310         return serverTrustManager;
 311     }
 312 
 313     public static void addFailure(Exception e) {
 314         EXCEPTIONS.add(e);
 315     }
 316 
 317     private CipherTestUtils()
 318             throws IOException, FileNotFoundException, KeyStoreException,
 319             NoSuchAlgorithmException, CertificateException,
 320             UnrecoverableKeyException, InvalidKeySpecException {
 321         factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
 322         KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
 323                 SERVER_PRIVATE_KEY);
 324         KeyStore serverTrustStore = createServerKeyStore(CA_PUBLIC_KEY,
 325                 CA_PRIVATE_KEY);
 326 
 327         if (serverKeyStore != null) {
 328             KeyManagerFactory keyFactory1
 329                     = KeyManagerFactory.getInstance(
 330                             KeyManagerFactory.getDefaultAlgorithm());
 331             keyFactory1.init(serverKeyStore, PASSWORD);
 332             serverKeyManager = (X509ExtendedKeyManager) keyFactory1.
 333                     getKeyManagers()[0];
 334         } else {
 335             serverKeyManager = null;
 336         }
 337         serverTrustManager = serverTrustStore != null
 338                 ? new AlwaysTrustManager(serverTrustStore) : null;
 339 
 340         KeyStore clientKeyStore, clientTrustStore;
 341         clientTrustStore = serverTrustStore;
 342         clientKeyStore =
 343                 createServerKeyStore(CLIENT_PUBLIC_KEY,CLIENT_PRIVATE_KEY);
 344         if (clientKeyStore != null) {
 345             KeyManagerFactory keyFactory
 346                     = KeyManagerFactory.getInstance(
 347                             KeyManagerFactory.getDefaultAlgorithm());
 348             keyFactory.init(clientKeyStore, PASSWORD);
 349             clientKeyManager = (X509ExtendedKeyManager) keyFactory.
 350                     getKeyManagers()[0];
 351         } else {
 352             clientKeyManager = null;
 353         }
 354         clientTrustManager = (clientTrustStore != null)
 355                 ? new AlwaysTrustManager(clientTrustStore) : null;
 356     }
 357 
 358     void checkResult(String exception) throws Exception {
 359         if (EXCEPTIONS.size() >= 1) {
 360             Exception actualException = EXCEPTIONS.get(0);
 361             if (exception == null) {
 362                 throw new RuntimeException("FAILED: got unexpected exception: "
 363                         + actualException);
 364             }
 365             if (!exception.equals(actualException.getClass().getName())) {
 366                 throw new RuntimeException("FAILED: got unexpected exception: "
 367                         + actualException);
 368             }
 369 
 370             System.out.println("PASSED: got expected exception: "
 371                     + actualException);
 372         } else {
 373             if (exception != null) {
 374                 throw new RuntimeException("FAILED: " + exception
 375                         + " was expected");
 376             }
 377             System.out.println("PASSED");
 378         }
 379     }
 380 
 381     SSLSocketFactory getFactory() {
 382         return factory;
 383     }
 384 
 385     static abstract class Client implements Runnable {
 386 
 387         final CipherTestUtils cipherTest;
 388         TestParameters testedParams;
 389 
 390         Client(CipherTestUtils cipherTest) throws Exception {
 391             this.cipherTest = cipherTest;
 392         }
 393 
 394         Client(CipherTestUtils cipherTest,
 395                 String testedCipherSuite) throws Exception {
 396             this.cipherTest = cipherTest;
 397         }
 398 
 399         @Override
 400         public final void run() {
 401 
 402             TESTS.stream().map((params) -> {
 403                 if (!params.isEnabled()) {
 404                     System.out.println("Skipping disabled test " + params);
 405                 }
 406                 return params;
 407             }).forEach((params) -> {
 408                 try {
 409                     runTest(params);
 410                     System.out.println("Passed " + params);
 411                 } catch (Exception e) {
 412                     CipherTestUtils.addFailure(e);
 413                     System.out.println("** Failed " + params
 414                             + "**, got exception:");
 415                     e.printStackTrace(System.err);
 416                 }
 417             });
 418         }
 419 
 420         abstract void runTest(TestParameters params) throws Exception;
 421 
 422         void sendRequest(InputStream in, OutputStream out) throws IOException {
 423             out.write("GET / HTTP/1.0\r\n\r\n".getBytes());
 424             out.flush();
 425             StringBuilder sb = new StringBuilder();
 426             while (true) {
 427                 int ch = in.read();
 428                 if (ch < 0) {
 429                     break;
 430                 }
 431                 sb.append((char) ch);
 432             }
 433             String response = sb.toString();
 434             if (response.startsWith("HTTP/1.0 200 ") == false) {
 435                 throw new IOException("Invalid response: " + response);
 436             } else {
 437                 System.out.println();
 438                 System.out.println("--- Response --- ");
 439                 System.out.println(response);
 440                 System.out.println("---------------- ");
 441             }
 442         }
 443     }
 444 
 445     public static void printStringArray(String[] stringArray) {
 446         System.out.print(stringArray.length + " : ");
 447         for (String stringArray1 : stringArray) {
 448             System.out.print(stringArray1);
 449             System.out.print(",");
 450         }
 451         System.out.println();
 452     }
 453 
 454     public static void printInfo(SSLServerSocket socket) {
 455         System.out.println();
 456         System.out.println("--- SSL ServerSocket Info ---");
 457         System.out.print("SupportedProtocols    : ");
 458         printStringArray(socket.getSupportedProtocols());
 459         System.out.print("SupportedCipherSuites : ");
 460         printStringArray(socket.getSupportedCipherSuites());
 461         System.out.print("EnabledProtocols      : ");
 462         printStringArray(socket.getEnabledProtocols());
 463         System.out.print("EnabledCipherSuites   : ");
 464         String[] supportedCipherSuites = socket.getEnabledCipherSuites();
 465         Arrays.sort(supportedCipherSuites);
 466         printStringArray(supportedCipherSuites);
 467         System.out.println("NeedClientAuth        : "
 468                 + socket.getNeedClientAuth());
 469         System.out.println("WantClientAuth        : "
 470                 + socket.getWantClientAuth());
 471         System.out.println("-----------------------");
 472     }
 473 
 474     public static void printInfo(SSLSocket socket) {
 475         System.out.println();
 476         System.out.println("--- SSL Socket Info ---");
 477         System.out.print(" SupportedProtocols    : ");
 478         printStringArray(socket.getSupportedProtocols());
 479         System.out.println(" EnabledProtocols      : "
 480                 + socket.getEnabledProtocols()[0]);
 481         System.out.print(" SupportedCipherSuites : ");
 482         String[] supportedCipherSuites = socket.getEnabledCipherSuites();
 483         Arrays.sort(supportedCipherSuites);
 484         printStringArray(supportedCipherSuites);
 485         System.out.println(" EnabledCipherSuites   : "
 486                 + socket.getEnabledCipherSuites()[0]);
 487         System.out.println(" NeedClientAuth        : "
 488                 + socket.getNeedClientAuth());
 489         System.out.println(" WantClientAuth        : "
 490                 + socket.getWantClientAuth());
 491         System.out.println("-----------------------");
 492     }
 493 
 494     private static KeyStore createServerKeyStore(String publicKeyStr,
 495             String keySpecStr) throws KeyStoreException, IOException,
 496             NoSuchAlgorithmException, CertificateException,
 497             InvalidKeySpecException {
 498 
 499         KeyStore ks = KeyStore.getInstance("JKS");
 500         ks.load(null, null);
 501         if (publicKeyStr == null || keySpecStr == null) {
 502             throw new IllegalArgumentException("publicKeyStr or "
 503                     + "keySpecStr cannot be null");
 504         }
 505         String strippedPrivateKey = keySpecStr.substring(
 506                 keySpecStr.indexOf("\n"), keySpecStr.lastIndexOf("\n"));
 507 
 508         // generate the private key.
 509         PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
 510                 Base64.getMimeDecoder().decode(strippedPrivateKey));
 511         KeyFactory kf = KeyFactory.getInstance("RSA");
 512         RSAPrivateKey priKey
 513                 = (RSAPrivateKey) kf.generatePrivate(priKeySpec);
 514 
 515         // generate certificate chain
 516         try (InputStream is =
 517                 new ByteArrayInputStream(publicKeyStr.getBytes())) {
 518             // generate certificate from cert string
 519             CertificateFactory cf = CertificateFactory.getInstance("X.509");
 520             Certificate keyCert = cf.generateCertificate(is);
 521             Certificate[] chain = {keyCert};
 522             ks.setKeyEntry("TestEntry", priKey, PASSWORD, chain);
 523         }
 524 
 525         return ks;
 526     }
 527 
 528     public static void main(PeerFactory peerFactory, String mode,
 529             String expectedException)
 530             throws Exception {
 531         long time = System.currentTimeMillis();
 532         setTestedArguments(peerFactory.getTestedProtocol(),
 533                 peerFactory.getTestedCipher());
 534 
 535         System.out.print(
 536                 " Initializing test '" + peerFactory.getName() + "'...");
 537         secureRandom.nextInt();
 538 
 539         CipherTestUtils cipherTest = CipherTestUtils.getInstance();
 540         if (mode.equalsIgnoreCase("Server")) {  // server mode
 541             Thread serverThread = new Thread(peerFactory.newServer(cipherTest),
 542                     "Server");
 543             serverThread.start();
 544         } else if (mode.equalsIgnoreCase("Client")) {
 545             peerFactory.newClient(cipherTest).run();
 546             cipherTest.checkResult(expectedException);
 547             JSSEServer.closeServer = true;
 548         } else {
 549             throw new RuntimeException("unsupported mode");
 550         }
 551         time = System.currentTimeMillis() - time;
 552         System.out.println("Elapsed time " + time);
 553 
 554     }
 555 
 556     public static abstract class PeerFactory {
 557 
 558         abstract String getName();
 559 
 560         abstract String getTestedProtocol();
 561 
 562         abstract String getTestedCipher();
 563 
 564         abstract Client newClient(CipherTestUtils cipherTest) throws Exception;
 565 
 566         abstract Server newServer(CipherTestUtils cipherTest) throws Exception;
 567 
 568         boolean isSupported(String cipherSuite) {
 569             return true;
 570         }
 571     }
 572 }
 573 
 574 class AlwaysTrustManager implements X509TrustManager {
 575 
 576     X509TrustManager trustManager;
 577 
 578     public AlwaysTrustManager(KeyStore keyStore)
 579             throws NoSuchAlgorithmException, KeyStoreException {
 580 
 581         TrustManagerFactory tmf
 582                 = TrustManagerFactory.getInstance(TrustManagerFactory.
 583                         getDefaultAlgorithm());
 584         tmf.init(keyStore);
 585 
 586         TrustManager tms[] = tmf.getTrustManagers();
 587         for (TrustManager tm : tms) {
 588             trustManager = (X509TrustManager) tm;
 589             return;
 590         }
 591 
 592     }
 593 
 594     @Override
 595     public void checkClientTrusted(X509Certificate[] chain, String authType)
 596             throws CertificateException {
 597         try {
 598             trustManager.checkClientTrusted(chain, authType);
 599         } catch (CertificateException excep) {
 600             System.out.println("ERROR in client trust manager");
 601         }
 602     }
 603 
 604     @Override
 605     public void checkServerTrusted(X509Certificate[] chain, String authType)
 606             throws CertificateException {
 607         try {
 608             trustManager.checkServerTrusted(chain, authType);
 609         } catch (CertificateException excep) {
 610             System.out.println("ERROR in server Trust manger");
 611         }
 612     }
 613 
 614     @Override
 615     public X509Certificate[] getAcceptedIssuers() {
 616         return trustManager.getAcceptedIssuers();
 617     }
 618 }
 619 
 620 class MyX509KeyManager extends X509ExtendedKeyManager {
 621 
 622     private final X509ExtendedKeyManager keyManager;
 623     private String authType;
 624 
 625     MyX509KeyManager(X509ExtendedKeyManager keyManager) {
 626         this.keyManager = keyManager;
 627     }
 628 
 629     void setAuthType(String authType) {
 630         this.authType = "ECDSA".equals(authType) ? "EC" : authType;
 631     }
 632 
 633     @Override
 634     public String[] getClientAliases(String keyType, Principal[] issuers) {
 635         if (authType == null) {
 636             return null;
 637         }
 638         return keyManager.getClientAliases(authType, issuers);
 639     }
 640 
 641     @Override
 642     public String chooseClientAlias(String[] keyType, Principal[] issuers,
 643             Socket socket) {
 644         if (authType == null) {
 645             return null;
 646         }
 647         return keyManager.chooseClientAlias(new String[]{authType},
 648                 issuers, socket);
 649     }
 650 
 651     @Override
 652     public String chooseEngineClientAlias(String[] keyType,
 653             Principal[] issuers, SSLEngine engine) {
 654         if (authType == null) {
 655             return null;
 656         }
 657         return keyManager.chooseEngineClientAlias(new String[]{authType},
 658                 issuers, engine);
 659     }
 660 
 661     @Override
 662     public String[] getServerAliases(String keyType, Principal[] issuers) {
 663         throw new UnsupportedOperationException("Servers not supported");
 664     }
 665 
 666     @Override
 667     public String chooseServerAlias(String keyType, Principal[] issuers,
 668             Socket socket) {
 669         throw new UnsupportedOperationException("Servers not supported");
 670     }
 671 
 672     @Override
 673     public String chooseEngineServerAlias(String keyType, Principal[] issuers,
 674             SSLEngine engine) {
 675         throw new UnsupportedOperationException("Servers not supported");
 676     }
 677 
 678     @Override
 679     public X509Certificate[] getCertificateChain(String alias) {
 680         return keyManager.getCertificateChain(alias);
 681     }
 682 
 683     @Override
 684     public PrivateKey getPrivateKey(String alias) {
 685         return keyManager.getPrivateKey(alias);
 686     }
 687 }