Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/pkcs11/KeyStore/ClientAuth.java
38855 views
/*1* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import java.io.*;24import java.net.*;25import java.util.*;26import java.security.*;27import javax.net.*;28import javax.net.ssl.*;29import java.lang.reflect.*;3031public class ClientAuth extends PKCS11Test {3233/*34* =============================================================35* Set the various variables needed for the tests, then36* specify what tests to run on each side.37*/3839private static Provider provider;40private static final String NSS_PWD = "test12";41private static final String JKS_PWD = "passphrase";42private static final String SERVER_KS = "server.keystore";43private static final String TS = "truststore";44private static String p11config;4546private static String DIR = System.getProperty("DIR");4748/*49* Should we run the client or server in a separate thread?50* Both sides can throw exceptions, but do you have a preference51* as to which side should be the main thread.52*/53static boolean separateServerThread = false;5455/*56* Is the server ready to serve?57*/58volatile static boolean serverReady = false;5960/*61* Turn on SSL debugging?62*/63static boolean debug = false;6465/*66* If the client or server is doing some kind of object creation67* that the other side depends on, and that thread prematurely68* exits, you may experience a hang. The test harness will69* terminate all hung threads after its timeout has expired,70* currently 3 minutes by default, but you might try to be71* smart about it....72*/7374/*75* Define the server side of the test.76*77* If the server prematurely exits, serverReady will be set to true78* to avoid infinite hangs.79*/80void doServerSide() throws Exception {8182SSLContext ctx = SSLContext.getInstance("TLS");83char[] passphrase = JKS_PWD.toCharArray();8485// server gets KeyStore from JKS keystore86KeyStore ks = KeyStore.getInstance("JKS");87ks.load(new FileInputStream(new File(DIR, SERVER_KS)), passphrase);88KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");89kmf.init(ks, passphrase);9091// server gets TrustStore from PKCS#11 token92/*93passphrase = NSS_PWD.toCharArray();94KeyStore ts = KeyStore.getInstance("PKCS11", "SunPKCS11-nss");95ts.load(null, passphrase);96TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");97tmf.init(ts);98*/99100//ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);101ctx.init(kmf.getKeyManagers(), null, null);102ServerSocketFactory ssf = ctx.getServerSocketFactory();103SSLServerSocket sslServerSocket = (SSLServerSocket)104ssf.createServerSocket(serverPort);105sslServerSocket.setNeedClientAuth(true);106serverPort = sslServerSocket.getLocalPort();107System.out.println("serverPort = " + serverPort);108109/*110* Signal Client, we're ready for his connect.111*/112serverReady = true;113114SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();115InputStream sslIS = sslSocket.getInputStream();116OutputStream sslOS = sslSocket.getOutputStream();117118sslIS.read();119sslOS.write(85);120sslOS.flush();121122sslSocket.close();123}124125/*126* Define the client side of the test.127*128* If the server prematurely exits, serverReady will be set to true129* to avoid infinite hangs.130*/131void doClientSide() throws Exception {132133/*134* Wait for server to get started.135*/136while (!serverReady) {137Thread.sleep(50);138}139140SSLContext ctx = SSLContext.getInstance("TLS");141KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");142143// client gets KeyStore from PKCS#11 token,144// and gets TrustStore from JKS KeyStore (using system properties)145char[] passphrase = NSS_PWD.toCharArray();146KeyStore ks = KeyStore.getInstance("PKCS11", "SunPKCS11-nss");147ks.load(null, passphrase);148149kmf = KeyManagerFactory.getInstance("SunX509");150kmf.init(ks, passphrase);151ctx.init(kmf.getKeyManagers(), null, null);152153SSLSocketFactory sslsf = ctx.getSocketFactory();154SSLSocket sslSocket = (SSLSocket)155sslsf.createSocket("localhost", serverPort);156157if (clientProtocol != null) {158sslSocket.setEnabledProtocols(new String[] {clientProtocol});159}160161if (clientCiperSuite != null) {162sslSocket.setEnabledCipherSuites(new String[] {clientCiperSuite});163}164165InputStream sslIS = sslSocket.getInputStream();166OutputStream sslOS = sslSocket.getOutputStream();167168sslOS.write(280);169sslOS.flush();170sslIS.read();171172sslSocket.close();173}174175/*176* =============================================================177* The remainder is just support stuff178*/179180// use any free port by default181volatile int serverPort = 0;182183volatile Exception serverException = null;184volatile Exception clientException = null;185186private static String clientProtocol = null;187private static String clientCiperSuite = null;188189private static void parseArguments(String[] args) {190if (args.length > 0) {191clientProtocol = args[0];192}193194if (args.length > 1) {195clientCiperSuite = args[1];196}197}198199public static void main(String[] args) throws Exception {200// Get the customized arguments.201parseArguments(args);202main(new ClientAuth());203}204205public void main(Provider p) throws Exception {206// SSL RSA client auth currently needs an RSA cipher207// (cf. NONEwithRSA hack), which is currently not available in208// open builds.209try {210javax.crypto.Cipher.getInstance("RSA/ECB/PKCS1Padding", p);211} catch (GeneralSecurityException e) {212System.out.println("Not supported by provider, skipping");213return;214}215216this.provider = p;217218System.setProperty("javax.net.ssl.trustStore",219new File(DIR, TS).toString());220System.setProperty("javax.net.ssl.trustStoreType", "JKS");221System.setProperty("javax.net.ssl.trustStoreProvider", "SUN");222System.setProperty("javax.net.ssl.trustStorePassword", JKS_PWD);223224// perform Security.addProvider of P11 provider225ProviderLoader.go(System.getProperty("CUSTOM_P11_CONFIG"));226227if (debug) {228System.setProperty("javax.net.debug", "all");229}230231/*232* Start the tests.233*/234go();235}236237Thread clientThread = null;238Thread serverThread = null;239240/*241* Fork off the other side, then do your work.242*/243private void go() throws Exception {244try {245if (separateServerThread) {246startServer(true);247startClient(false);248} else {249startClient(true);250startServer(false);251}252} catch (Exception e) {253//swallow for now. Show later254}255256/*257* Wait for other side to close down.258*/259if (separateServerThread) {260serverThread.join();261} else {262clientThread.join();263}264265/*266* When we get here, the test is pretty much over.267* Which side threw the error?268*/269Exception local;270Exception remote;271String whichRemote;272273if (separateServerThread) {274remote = serverException;275local = clientException;276whichRemote = "server";277} else {278remote = clientException;279local = serverException;280whichRemote = "client";281}282283/*284* If both failed, return the curthread's exception, but also285* print the remote side Exception286*/287if ((local != null) && (remote != null)) {288System.out.println(whichRemote + " also threw:");289remote.printStackTrace();290System.out.println();291throw local;292}293294if (remote != null) {295throw remote;296}297298if (local != null) {299throw local;300}301}302303void startServer(boolean newThread) throws Exception {304if (newThread) {305serverThread = new Thread() {306public void run() {307try {308doServerSide();309} catch (Exception e) {310/*311* Our server thread just died.312*313* Release the client, if not active already...314*/315System.err.println("Server died...");316serverReady = true;317serverException = e;318}319}320};321serverThread.start();322} else {323try {324doServerSide();325} catch (Exception e) {326serverException = e;327} finally {328serverReady = true;329}330}331}332333void startClient(boolean newThread) throws Exception {334if (newThread) {335clientThread = new Thread() {336public void run() {337try {338doClientSide();339} catch (Exception e) {340/*341* Our client thread just died.342*/343System.err.println("Client died...");344clientException = e;345}346}347};348clientThread.start();349} else {350try {351doClientSide();352} catch (Exception e) {353clientException = e;354}355}356}357}358359360