Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
 Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/mscapi/ShortRSAKeyWithinTLS.java
38840 views
1
/*

2
 * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
import java.io.*;

25
import java.net.*;

26
import java.util.*;

27
import java.security.*;

28
import java.security.cert.*;

29
import javax.net.*;

30
import javax.net.ssl.*;

31


32
import sun.security.util.KeyUtil;

33


34
public class ShortRSAKeyWithinTLS {

35


36
    /*

37
     * =============================================================

38
     * Set the various variables needed for the tests, then

39
     * specify what tests to run on each side.

40
     */

41


42
    /*

43
     * Should we run the client or server in a separate thread?

44
     * Both sides can throw exceptions, but do you have a preference

45
     * as to which side should be the main thread.

46
     */

47
    static boolean separateServerThread = false;

48


49
    /*

50
     * Is the server ready to serve?

51
     */

52
    volatile static boolean serverReady = false;

53


54
    /*

55
     * Turn on SSL debugging?

56
     */

57
    static boolean debug = false;

58


59
    /*

60
     * If the client or server is doing some kind of object creation

61
     * that the other side depends on, and that thread prematurely

62
     * exits, you may experience a hang.  The test harness will

63
     * terminate all hung threads after its timeout has expired,

64
     * currently 3 minutes by default, but you might try to be

65
     * smart about it....

66
     */

67


68
    /*

69
     * Define the server side of the test.

70
     *

71
     * If the server prematurely exits, serverReady will be set to true

72
     * to avoid infinite hangs.

73
     */

74
    void doServerSide() throws Exception {

75


76
        // load the key store

77
        serverKS = KeyStore.getInstance("Windows-MY", "SunMSCAPI");

78
        serverKS.load(null, null);

79
        System.out.println("Loaded keystore: Windows-MY");

80


81
        // check key size

82
        checkKeySize(serverKS);

83


84
        // initialize the SSLContext

85
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

86
        kmf.init(serverKS, null);

87


88
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");

89
        tmf.init(serverKS);

90
        TrustManager[] tms = tmf.getTrustManagers();

91
        if (tms == null || tms.length == 0) {

92
            throw new Exception("unexpected trust manager implementation");

93
        } else {

94
            if (!(tms[0] instanceof X509TrustManager)) {

95
                throw new Exception("unexpected trust manager" +

96
                        " implementation: " +

97
                        tms[0].getClass().getCanonicalName());

98
            }

99
        }

100
        serverTM = new MyExtendedX509TM((X509TrustManager)tms[0]);

101
        tms = new TrustManager[] {serverTM};

102


103
        SSLContext ctx = SSLContext.getInstance("TLS");

104
        ctx.init(kmf.getKeyManagers(), tms, null);

105


106
        ServerSocketFactory ssf = ctx.getServerSocketFactory();

107
        SSLServerSocket sslServerSocket = (SSLServerSocket)

108
                                ssf.createServerSocket(serverPort);

109
        sslServerSocket.setNeedClientAuth(true);

110
        serverPort = sslServerSocket.getLocalPort();

111
        System.out.println("serverPort = " + serverPort);

112


113
        /*

114
         * Signal Client, we're ready for his connect.

115
         */

116
        serverReady = true;

117


118
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();

119
        InputStream sslIS = sslSocket.getInputStream();

120
        OutputStream sslOS = sslSocket.getOutputStream();

121


122
        sslIS.read();

123
        sslOS.write(85);

124
        sslOS.flush();

125


126
        sslSocket.close();

127
    }

128


129
    /*

130
     * Define the client side of the test.

131
     *

132
     * If the server prematurely exits, serverReady will be set to true

133
     * to avoid infinite hangs.

134
     */

135
    void doClientSide() throws Exception {

136


137
        /*

138
         * Wait for server to get started.

139
         */

140
        while (!serverReady) {

141
            Thread.sleep(50);

142
        }

143


144
        // load the key store

145
        KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");

146
        ks.load(null, null);

147
        System.out.println("Loaded keystore: Windows-MY");

148


149
        // initialize the SSLContext

150
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

151
        kmf.init(ks, null);

152


153
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");

154
        tmf.init(ks);

155


156
        SSLContext ctx = SSLContext.getInstance("TLS");

157
        ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

158


159
        SSLSocketFactory sslsf = ctx.getSocketFactory();

160
        SSLSocket sslSocket = (SSLSocket)

161
            sslsf.createSocket("localhost", serverPort);

162


163
        if (clientProtocol != null) {

164
            sslSocket.setEnabledProtocols(new String[] {clientProtocol});

165
        }

166


167
        if (clientCiperSuite != null) {

168
            sslSocket.setEnabledCipherSuites(new String[] {clientCiperSuite});

169
        }

170


171
        InputStream sslIS = sslSocket.getInputStream();

172
        OutputStream sslOS = sslSocket.getOutputStream();

173


174
        sslOS.write(280);

175
        sslOS.flush();

176
        sslIS.read();

177


178
        sslSocket.close();

179
    }

180


181
    private void checkKeySize(KeyStore ks) throws Exception {

182
        PrivateKey privateKey = null;

183
        PublicKey publicKey = null;

184


185
        if (ks.containsAlias(keyAlias)) {

186
            System.out.println("Loaded entry: " + keyAlias);

187
            privateKey = (PrivateKey)ks.getKey(keyAlias, null);

188
            publicKey = (PublicKey)ks.getCertificate(keyAlias).getPublicKey();

189


190
            int privateKeySize = KeyUtil.getKeySize(privateKey);

191
            if (privateKeySize != keySize) {

192
                throw new Exception("Expected key size is " + keySize +

193
                        ", but the private key size is " + privateKeySize);

194
            }

195


196
            int publicKeySize = KeyUtil.getKeySize(publicKey);

197
            if (publicKeySize != keySize) {

198
                throw new Exception("Expected key size is " + keySize +

199
                        ", but the public key size is " + publicKeySize);

200
            }

201
        }

202
    }

203


204
    /*

205
     * =============================================================

206
     * The remainder is just support stuff

207
     */

208


209
    // use any free port by default

210
    volatile int serverPort = 0;

211


212
    volatile Exception serverException = null;

213
    volatile Exception clientException = null;

214


215
    private static String keyAlias;

216
    private static int keySize;

217
    private static String clientProtocol = null;

218
    private static String clientCiperSuite = null;

219


220
    private static void parseArguments(String[] args) {

221
        keyAlias = args[0];

222
        keySize = Integer.parseInt(args[1]);

223


224
        if (args.length > 2) {

225
            clientProtocol = args[2];

226
        }

227


228
        if (args.length > 3) {

229
            clientCiperSuite = args[3];

230
        }

231
    }

232


233
    public static void main(String[] args) throws Exception {

234
        if (debug) {

235
            System.setProperty("javax.net.debug", "all");

236
        }

237


238
        // Get the customized arguments.

239
        parseArguments(args);

240


241
        new ShortRSAKeyWithinTLS();

242
    }

243


244
    Thread clientThread = null;

245
    Thread serverThread = null;

246
    KeyStore serverKS;

247
    MyExtendedX509TM serverTM;

248


249
    /*

250
     * Primary constructor, used to drive remainder of the test.

251
     *

252
     * Fork off the other side, then do your work.

253
     */

254
    ShortRSAKeyWithinTLS() throws Exception {

255
        try {

256
            if (separateServerThread) {

257
                startServer(true);

258
                startClient(false);

259
            } else {

260
                startClient(true);

261
                startServer(false);

262
            }

263
        } catch (Exception e) {

264
            // swallow for now.  Show later

265
        }

266


267
        /*

268
         * Wait for other side to close down.

269
         */

270
        if (separateServerThread) {

271
            serverThread.join();

272
        } else {

273
            clientThread.join();

274
        }

275


276
        /*

277
         * When we get here, the test is pretty much over.

278
         * Which side threw the error?

279
         */

280
        Exception local;

281
        Exception remote;

282
        String whichRemote;

283


284
        if (separateServerThread) {

285
            remote = serverException;

286
            local = clientException;

287
            whichRemote = "server";

288
        } else {

289
            remote = clientException;

290
            local = serverException;

291
            whichRemote = "client";

292
        }

293


294
        /*

295
         * If both failed, return the curthread's exception, but also

296
         * print the remote side Exception

297
         */

298
        if ((local != null) && (remote != null)) {

299
            System.out.println(whichRemote + " also threw:");

300
            remote.printStackTrace();

301
            System.out.println();

302
            throw local;

303
        }

304


305
        if (remote != null) {

306
            throw remote;

307
        }

308


309
        if (local != null) {

310
            throw local;

311
        }

312
    }

313


314
    void startServer(boolean newThread) throws Exception {

315
        if (newThread) {

316
            serverThread = new Thread() {

317
                public void run() {

318
                    try {

319
                        doServerSide();

320
                    } catch (Exception e) {

321
                        /*

322
                         * Our server thread just died.

323
                         *

324
                         * Release the client, if not active already...

325
                         */

326
                        System.err.println("Server died...");

327
                        serverReady = true;

328
                        serverException = e;

329
                    }

330
                }

331
            };

332
            serverThread.start();

333
        } else {

334
            try {

335
                doServerSide();

336
            } catch (Exception e) {

337
                serverException = e;

338
            } finally {

339
                serverReady = true;

340
            }

341
        }

342
    }

343


344
    void startClient(boolean newThread) throws Exception {

345
        if (newThread) {

346
            clientThread = new Thread() {

347
                public void run() {

348
                    try {

349
                        doClientSide();

350
                    } catch (Exception e) {

351
                        /*

352
                         * Our client thread just died.

353
                         */

354
                        System.err.println("Client died...");

355
                        clientException = e;

356
                    }

357
                }

358
            };

359
            clientThread.start();

360
        } else {

361
            try {

362
                doClientSide();

363
            } catch (Exception e) {

364
                clientException = e;

365
            }

366
        }

367
    }

368


369


370
    class MyExtendedX509TM extends X509ExtendedTrustManager

371
            implements X509TrustManager {

372


373
        X509TrustManager tm;

374


375
        MyExtendedX509TM(X509TrustManager tm) {

376
            this.tm = tm;

377
        }

378


379
        public void checkClientTrusted(X509Certificate chain[], String authType)

380
                throws CertificateException {

381
            tm.checkClientTrusted(chain, authType);

382
        }

383


384
        public void checkServerTrusted(X509Certificate chain[], String authType)

385
                throws CertificateException {

386
            tm.checkServerTrusted(chain, authType);

387
        }

388


389
        public X509Certificate[] getAcceptedIssuers() {

390
            List<X509Certificate> certs = new ArrayList<>();

391
            try {

392
                for (X509Certificate c : tm.getAcceptedIssuers()) {

393
                    if (serverKS.getCertificateAlias(c).equals(keyAlias))

394
                        certs.add(c);

395
                }

396
            } catch (KeyStoreException kse) {

397
                throw new RuntimeException(kse);

398
            }

399
            return certs.toArray(new X509Certificate[certs.size()]);

400
        }

401


402
        public void checkClientTrusted(X509Certificate[] chain, String authType,

403
                Socket socket) throws CertificateException {

404
            tm.checkClientTrusted(chain, authType);

405
        }

406


407
        public void checkServerTrusted(X509Certificate[] chain, String authType,

408
                Socket socket) throws CertificateException {

409
            tm.checkServerTrusted(chain, authType);

410
        }

411


412
        public void checkClientTrusted(X509Certificate[] chain, String authType,

413
            SSLEngine engine) throws CertificateException {

414
            tm.checkClientTrusted(chain, authType);

415
        }

416


417
        public void checkServerTrusted(X509Certificate[] chain, String authType,

418
            SSLEngine engine) throws CertificateException {

419
            tm.checkServerTrusted(chain, authType);

420
        }

421
    }

422


423
}

424


425


426