1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package tests.api.javax.net.ssl; 19 20 import dalvik.annotation.AndroidOnly; 21 import java.io.ByteArrayInputStream; 22 import java.io.IOException; 23 import java.io.InputStream; 24 import java.io.OutputStream; 25 import java.net.InetSocketAddress; 26 import java.security.KeyStore; 27 import java.security.cert.Certificate; 28 import java.security.cert.CertificateException; 29 import javax.net.ssl.HandshakeCompletedEvent; 30 import javax.net.ssl.HandshakeCompletedListener; 31 import javax.net.ssl.KeyManager; 32 import javax.net.ssl.KeyManagerFactory; 33 import javax.net.ssl.SSLContext; 34 import javax.net.ssl.SSLPeerUnverifiedException; 35 import javax.net.ssl.SSLServerSocket; 36 import javax.net.ssl.SSLSession; 37 import javax.net.ssl.SSLSocket; 38 import javax.net.ssl.SSLSocketFactory; 39 import javax.net.ssl.TrustManager; 40 import javax.net.ssl.X509TrustManager; 41 import javax.security.cert.X509Certificate; 42 import junit.framework.TestCase; 43 import libcore.io.Base64; 44 import org.apache.harmony.xnet.tests.support.mySSLSession; 45 import tests.support.Support_PortManager; 46 47 /** 48 * Tests for <code>HandshakeCompletedEvent</code> class constructors and methods. 49 * 50 */ 51 public class HandshakeCompletedEventTest extends TestCase { 52 53 String certificate = "-----BEGIN CERTIFICATE-----\n" 54 + "MIICZTCCAdICBQL3AAC2MA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw\n" 55 + "HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl\n" 56 + "IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NzAyMjAwMDAwMDBa\n" 57 + "Fw05ODAyMjAyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv\n" 58 + "cm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMR8wHQYDVQQKExZTdW4gTWljcm9zeXN0\n" 59 + "ZW1zLCBJbmMuMSEwHwYDVQQLExhUZXN0IGFuZCBFdmFsdWF0aW9uIE9ubHkxGjAY\n" 60 + "BgNVBAMTEWFyZ29uLmVuZy5zdW4uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n" 61 + "iQKBgQCofmdY+PiUWN01FOzEewf+GaG+lFf132UpzATmYJkA4AEA/juW7jSi+LJk\n" 62 + "wJKi5GO4RyZoyimAL/5yIWDV6l1KlvxyKslr0REhMBaD/3Z3EsLTTEf5gVrQS6sT\n" 63 + "WMoSZAyzB39kFfsB6oUXNtV8+UKKxSxKbxvhQn267PeCz5VX2QIDAQABMA0GCSqG\n" 64 + "SIb3DQEBAgUAA34AXl3at6luiV/7I9MN5CXYoPJYI8Bcdc1hBagJvTMcmlqL2uOZ\n" 65 + "H9T5hNMEL9Tk6aI7yZPXcw/xI2K6pOR/FrMp0UwJmdxX7ljV6ZtUZf7pY492UqwC\n" 66 + "1777XQ9UEZyrKJvF5ntleeO0ayBqLGVKCWzWZX9YsXCpv47FNLZbupE=\n" 67 + "-----END CERTIFICATE-----\n"; 68 69 70 /** 71 * @throws IOException 72 * javax.net.ssl.HandshakeCompletedEvent#HandshakeCompletedEvent(SSLSocket sock, SSLSession s) 73 */ 74 public final void test_Constructor() throws Exception { 75 mySSLSession session = new mySSLSession(); 76 SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); 77 HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); 78 try { 79 new HandshakeCompletedEvent(null, null); 80 fail("Any exception wasn't thrown for null parameters"); 81 } catch (Exception expected) { 82 } 83 } 84 85 /** 86 * @throws IOException 87 * javax.net.ssl.HandshakeCompletedEvent#getCipherSuite() 88 */ 89 public final void test_getCipherSuite() throws Exception { 90 mySSLSession session = new mySSLSession("localhost", 1080, null); 91 SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); 92 HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); 93 assertEquals("SuiteName", event.getCipherSuite()); 94 } 95 96 /** 97 * @throws IOException 98 * javax.net.ssl.HandshakeCompletedEvent#getLocalCertificates() 99 */ 100 public final void test_getLocalCertificates() throws Exception { 101 mySSLSession session = new mySSLSession("localhost", 1080, null); 102 SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); 103 HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); 104 assertNull(event.getLocalCertificates()); 105 } 106 107 /** 108 * @throws IOException 109 * javax.net.ssl.HandshakeCompletedEvent#getLocalPrincipal() 110 */ 111 public final void test_getLocalPrincipal() throws Exception { 112 mySSLSession session = new mySSLSession("localhost", 1080, null); 113 SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); 114 HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); 115 assertNull(event.getLocalPrincipal()); 116 } 117 118 /** 119 * @throws IOException 120 * javax.net.ssl.HandshakeCompletedEvent#getPeerCertificateChain() 121 */ 122 public final void test_getPeerCertificateChain() throws Exception { 123 ByteArrayInputStream bis = new ByteArrayInputStream(certificate.getBytes()); 124 mySSLSession session = new mySSLSession((X509Certificate[]) null); 125 SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); 126 HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); 127 try { 128 event.getPeerCertificateChain(); 129 fail("SSLPeerUnverifiedException wasn't thrown"); 130 } catch (SSLPeerUnverifiedException expected) { 131 } 132 133 X509Certificate xc = X509Certificate.getInstance(bis); 134 X509Certificate[] xcs = {xc}; 135 session = new mySSLSession(xcs); 136 event = new HandshakeCompletedEvent(socket, session); 137 138 X509Certificate[] res = event.getPeerCertificateChain(); 139 assertEquals(1, res.length); 140 } 141 142 /** 143 * @throws IOException 144 * javax.net.ssl.HandshakeCompletedEvent#getPeerCertificates() 145 */ 146 public final void test_getPeerCertificates() throws IOException { 147 mySSLSession session = new mySSLSession("localhost", 1080, null); 148 SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); 149 HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); 150 try { 151 event.getPeerCertificates(); 152 fail("SSLPeerUnverifiedException wasn't thrown"); 153 } catch (SSLPeerUnverifiedException expected) { 154 } 155 156 session = new mySSLSession((X509Certificate[]) null); 157 event = new HandshakeCompletedEvent(socket, session); 158 Certificate[] res = event.getPeerCertificates(); 159 assertEquals(3, res.length); 160 } 161 162 /** 163 * @throws IOException 164 * javax.net.ssl.HandshakeCompletedEvent#getPeerPrincipal() 165 */ 166 public final void test_getPeerPrincipal() throws IOException { 167 mySSLSession session = new mySSLSession("localhost", 1080, null); 168 SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); 169 HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); 170 assertNull(event.getPeerPrincipal()); 171 } 172 173 /** 174 * @throws IOException 175 * javax.net.ssl.HandshakeCompletedEvent#getSession() 176 */ 177 public final void test_getSession() throws IOException { 178 mySSLSession session = new mySSLSession("localhost", 1080, null); 179 SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); 180 HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); 181 SSLSession ss = event.getSession(); 182 assertNotNull(ss); 183 assertEquals(session, ss); 184 } 185 186 /** 187 * @throws IOException 188 * javax.net.ssl.HandshakeCompletedEvent#getSocket() 189 */ 190 public final void test_getSocket() throws IOException { 191 SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); 192 HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, null); 193 SSLSocket ss = event.getSocket(); 194 assertNotNull(ss); 195 assertEquals(socket, ss); 196 } 197 198 199 // Regression test for CompletedHandshakeEvent not firing with a custom 200 // TrustManager 201 202 203 SSLSocket socket; 204 SSLSocket serverSocket; 205 MyHandshakeListener listener; 206 int port = Support_PortManager.getNextPort(); 207 String host = "localhost"; 208 209 private String PASSWORD = "android"; 210 211 /** 212 * Defines the keystore contents for the server, BKS version. Holds just a 213 * single self-generated key. The subject name is "Test Server". 214 */ 215 private static final String SERVER_KEYS_BKS = 216 "AAAAAQAAABQDkebzoP1XwqyWKRCJEpn/t8dqIQAABDkEAAVteWtleQAAARpYl20nAAAAAQAFWC41" 217 + "MDkAAAJNMIICSTCCAbKgAwIBAgIESEfU1jANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET" 218 + "MBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNV" 219 + "BAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgU2VydmVyMB4XDTA4MDYwNTExNTgxNFoXDTA4MDkw" 220 + "MzExNTgxNFowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01U" 221 + "VjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRQwEgYDVQQDEwtUZXN0IFNlcnZl" 222 + "cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LIdKaIr9/vsTq8BZlA3R+NFWRaH4lGsTAQy" 223 + "DPMF9ZqEDOaL6DJuu0colSBBBQ85hQTPa9m9nyJoN3pEi1hgamqOvQIWcXBk+SOpUGRZZFXwniJV" 224 + "zDKU5nE9MYgn2B9AoiH3CSuMz6HRqgVaqtppIe1jhukMc/kHVJvlKRNy9XMCAwEAATANBgkqhkiG" 225 + "9w0BAQUFAAOBgQC7yBmJ9O/eWDGtSH9BH0R3dh2NdST3W9hNZ8hIa8U8klhNHbUCSSktZmZkvbPU" 226 + "hse5LI3dh6RyNDuqDrbYwcqzKbFJaq/jX9kCoeb3vgbQElMRX8D2ID1vRjxwlALFISrtaN4VpWzV" 227 + "yeoHPW4xldeZmoVtjn8zXNzQhLuBqX2MmAAAAqwAAAAUvkUScfw9yCSmALruURNmtBai7kQAAAZx" 228 + "4Jmijxs/l8EBaleaUru6EOPioWkUAEVWCxjM/TxbGHOi2VMsQWqRr/DZ3wsDmtQgw3QTrUK666sR" 229 + "MBnbqdnyCyvM1J2V1xxLXPUeRBmR2CXorYGF9Dye7NkgVdfA+9g9L/0Au6Ugn+2Cj5leoIgkgApN" 230 + "vuEcZegFlNOUPVEs3SlBgUF1BY6OBM0UBHTPwGGxFBBcetcuMRbUnu65vyDG0pslT59qpaR0TMVs" 231 + "P+tcheEzhyjbfM32/vwhnL9dBEgM8qMt0sqF6itNOQU/F4WGkK2Cm2v4CYEyKYw325fEhzTXosck" 232 + "MhbqmcyLab8EPceWF3dweoUT76+jEZx8lV2dapR+CmczQI43tV9btsd1xiBbBHAKvymm9Ep9bPzM" 233 + "J0MQi+OtURL9Lxke/70/MRueqbPeUlOaGvANTmXQD2OnW7PISwJ9lpeLfTG0LcqkoqkbtLKQLYHI" 234 + "rQfV5j0j+wmvmpMxzjN3uvNajLa4zQ8l0Eok9SFaRr2RL0gN8Q2JegfOL4pUiHPsh64WWya2NB7f" 235 + "V+1s65eA5ospXYsShRjo046QhGTmymwXXzdzuxu8IlnTEont6P4+J+GsWk6cldGbl20hctuUKzyx" 236 + "OptjEPOKejV60iDCYGmHbCWAzQ8h5MILV82IclzNViZmzAapeeCnexhpXhWTs+xDEYSKEiG/camt" 237 + "bhmZc3BcyVJrW23PktSfpBQ6D8ZxoMfF0L7V2GQMaUg+3r7ucrx82kpqotjv0xHghNIm95aBr1Qw" 238 + "1gaEjsC/0wGmmBDg1dTDH+F1p9TInzr3EFuYD0YiQ7YlAHq3cPuyGoLXJ5dXYuSBfhDXJSeddUkl" 239 + "k1ufZyOOcskeInQge7jzaRfmKg3U94r+spMEvb0AzDQVOKvjjo1ivxMSgFRZaDb/4qw="; 240 241 /** 242 * Defines the keystore contents for the server, JKS version. Holds just a 243 * single self-generated key. The subject name is "Test Server". 244 */ 245 private static final String SERVER_KEYS_JKS = 246 "/u3+7QAAAAIAAAABAAAAAQAFbXlrZXkAAAEaWFfBeAAAArowggK2MA4GCisGAQQBKgIRAQEFAASC" 247 + "AqI2kp5XjnF8YZkhcF92YsJNQkvsmH7zqMM87j23zSoV4DwyE3XeC/gZWq1ToScIhoqZkzlbWcu4" 248 + "T/Zfc/DrfGk/rKbBL1uWKGZ8fMtlZk8KoAhxZk1JSyJvdkyKxqmzUbxk1OFMlN2VJNu97FPVH+du" 249 + "dvjTvmpdoM81INWBW/1fZJeQeDvn4mMbbe0IxgpiLnI9WSevlaDP/sm1X3iO9yEyzHLL+M5Erspo" 250 + "Cwa558fOu5DdsICMXhvDQxjWFKFhPHnKtGe+VvwkG9/bAaDgx3kfhk0w5zvdnkKb+8Ed9ylNRzdk" 251 + "ocAa/mxlMTOsTvDKXjjsBupNPIIj7OP4GNnZaxkJjSs98pEO67op1GX2qhy6FSOPNuq8k/65HzUc" 252 + "PYn6voEeh6vm02U/sjEnzRevQ2+2wXoAdp0EwtQ/DlMe+NvcwPGWKuMgX4A4L93DZGb04N2VmAU3" 253 + "YLOtZwTO0LbuWrcCM/q99G/7LcczkxIVrO2I/rh8RXVczlf9QzcrFObFv4ATuspWJ8xG7DhsMbnk" 254 + "rT94Pq6TogYeoz8o8ZMykesAqN6mt/9+ToIemmXv+e+KU1hI5oLwWMnUG6dXM6hIvrULY6o+QCPH" 255 + "172YQJMa+68HAeS+itBTAF4Clm/bLn6reHCGGU6vNdwU0lYldpiOj9cB3t+u2UuLo6tiFWjLf5Zs" 256 + "EQJETd4g/EK9nHxJn0GAKrWnTw7pEHQJ08elzUuy04C/jEEG+4QXU1InzS4o/kR0Sqz2WTGDoSoq" 257 + "ewuPRU5bzQs/b9daq3mXrnPtRBL6HfSDAdpTK76iHqLCGdqx3avHjVSBm4zFvEuYBCev+3iKOBmg" 258 + "yh7eQRTjz4UOWfy85omMBr7lK8PtfVBDzOXpasxS0uBgdUyBDX4tO6k9jZ8a1kmQRQAAAAEABVgu" 259 + "NTA5AAACSDCCAkQwggGtAgRIR8SKMA0GCSqGSIb3DQEBBAUAMGkxCzAJBgNVBAYTAlVTMRMwEQYD" 260 + "VQQIEwpDYWxpZm9ybmlhMQwwCgYDVQQHEwNNVFYxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMH" 261 + "QW5kcm9pZDEUMBIGA1UEAxMLVGVzdCBTZXJ2ZXIwHhcNMDgwNjA1MTA0ODQyWhcNMDgwOTAzMTA0" 262 + "ODQyWjBpMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8w" 263 + "DQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgU2VydmVyMIGf" 264 + "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwoC6chqCI84rj1PrXuJgbiit4EV909zR6N0jNlYfg" 265 + "itwB39bP39wH03rFm8T59b3mbSptnGmCIpLZn25KPPFsYD3JJ+wFlmiUdEP9H05flfwtFQJnw9uT" 266 + "3rRIdYVMPcQ3RoZzwAMliGr882I2thIDbA6xjGU/1nRIdvk0LtxH3QIDAQABMA0GCSqGSIb3DQEB" 267 + "BAUAA4GBAJn+6YgUlY18Ie+0+Vt8oEi81DNi/bfPrAUAh63fhhBikx/3R9dl3wh09Z6p7cIdNxjW" 268 + "n2ll+cRW9eqF7z75F0Omm0C7/KAEPjukVbszmzeU5VqzkpSt0j84YWi+TfcHRrfvhLbrlmGITVpY" 269 + "ol5pHLDyqGmDs53pgwipWqsn/nEXEBgj3EoqPeqHbDf7YaP8h/5BSt0="; 270 271 /** 272 * Defines the keystore contents for the client, JKS version. Holds just a 273 * single self-generated key. The subject name is "Test Client". 274 */ 275 private static final String CLIENT_KEYS_JKS = 276 "/u3+7QAAAAIAAAABAAAAAQAFbXlrZXkAAAEaWFhyMAAAArkwggK1MA4GCisGAQQBKgIRAQEFAASC" 277 + "AqGVSfXolBStZy4nnRNn4fAr+S7kfU2BS23wwW8uB2Ru3GvtLzlK9q08Gvq/LNqBafjyFTVL5FV5" 278 + "SED/8YomO5a98GpskSeRvytCiTBLJdgGhws5TOGekgIAcBROPGIyOtJPQ0HfOQs+BqgzGDHzHQhw" 279 + "u/8Tm6yQwiP+W/1I9B1QnaEztZA3mhTyMMJsmsFTYroGgAog885D5Cmzd8sYGfxec3R6I+xcmBAY" 280 + "eibR5kGpWwt1R+qMvRrtBqh5r6WSKhCBNax+SJVbtUNRiKyjKccdJg6fGqIWWeivwYTy0OhjA6b4" 281 + "NiZ/ZZs5pxFGWUj/Rlp0RYy8fCF6aw5/5s4Bf4MI6dPSqMG8Hf7sJR91GbcELyzPdM0h5lNavgit" 282 + "QPEzKeuDrGxhY1frJThBsNsS0gxeu+OgfJPEb/H4lpYX5IvuIGbWKcxoO9zq4/fimIZkdA8A+3eY" 283 + "mfDaowvy65NBVQPJSxaOyFhLHfeLqOeCsVENAea02vA7andZHTZehvcrqyKtm+z8ncHGRC2H9H8O" 284 + "jKwKHfxxrYY/jMAKLl00+PBb3kspO+BHI2EcQnQuMw/zr83OR9Meq4TJ0TMuNkApZELAeFckIBbS" 285 + "rBr8NNjAIfjuCTuKHhsTFWiHfk9ZIzigxXagfeDRiyVc6khOuF/bGorj23N2o7Rf3uLoU6PyXWi4" 286 + "uhctR1aL6NzxDoK2PbYCeA9hxbDv8emaVPIzlVwpPK3Ruvv9mkjcOhZ74J8bPK2fQmbplbOljcZi" 287 + "tZijOfzcO/11JrwhuJZRA6wanTqHoujgChV9EukVrmbWGGAcewFnAsSbFXIik7/+QznXaDIt5NgL" 288 + "H/Bcz4Z/fdV7Ae1eUaxKXdPbI//4J+8liVT/d8awjW2tldIaDlmGMR3aoc830+3mAAAAAQAFWC41" 289 + "MDkAAAJIMIICRDCCAa0CBEhHxLgwDQYJKoZIhvcNAQEEBQAwaTELMAkGA1UEBhMCVVMxEzARBgNV" 290 + "BAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01UVjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdB" 291 + "bmRyb2lkMRQwEgYDVQQDEwtUZXN0IENsaWVudDAeFw0wODA2MDUxMDQ5MjhaFw0wODA5MDMxMDQ5" 292 + "MjhaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQwwCgYDVQQHEwNNVFYxDzAN" 293 + "BgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHQW5kcm9pZDEUMBIGA1UEAxMLVGVzdCBDbGllbnQwgZ8w" 294 + "DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIK3Q+KiFbmCGg422TAo4gggdhMH6FJhiuz8DxRyeMKR" 295 + "UAfP4MK0wtc8N42waZ6OKvxpBFUy0BRfBsX0GD4Ku99yu9/tavSigTraeJtwV3WWRRjIqk7L3wX5" 296 + "cmgS2KSD43Y0rNUKrko26lnt9N4qiYRBSj+tcAN3Lx9+ptqk1LApAgMBAAEwDQYJKoZIhvcNAQEE" 297 + "BQADgYEANb7Q1GVSuy1RPJ0FmiXoMYCCtvlRLkmJphwxovK0cAQK12Vll+yAzBhHiQHy/RA11mng" 298 + "wYudC7u3P8X/tBT8GR1Yk7QW3KgFyPafp3lQBBCraSsfrjKj+dCLig1uBLUr4f68W8VFWZWWTHqp" 299 + "NMGpCX6qmjbkJQLVK/Yfo1ePaUexPSOX0G9m8+DoV3iyNw6at01NRw=="; 300 301 /** 302 * Defines the keystore contents for the client, BKS version. Holds just a 303 * single self-generated key. The subject name is "Test Client". 304 */ 305 private static final String CLIENT_KEYS_BKS = 306 "AAAAAQAAABT4Rka6fxbFps98Y5k2VilmbibNkQAABfQEAAVteWtleQAAARpYl+POAAAAAQAFWC41" 307 + "MDkAAAJNMIICSTCCAbKgAwIBAgIESEfU9TANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET" 308 + "MBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNV" 309 + "BAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgQ2xpZW50MB4XDTA4MDYwNTExNTg0NVoXDTA4MDkw" 310 + "MzExNTg0NVowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01U" 311 + "VjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRQwEgYDVQQDEwtUZXN0IENsaWVu" 312 + "dDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApUvmWsQDHPpbDKK13Yez2/q54tTOmRml/qva" 313 + "2K6dZjkjSTW0iRuk7ztaVEvdJpfVIDv1oBsCI51ttyLHROy1epjF+GoL74mJb7fkcd0VOoSOTjtD" 314 + "+3GgZkHPAm5YmUYxiJXqxKKJJqMCTIW46eJaA2nAep9QIwZ14/NFAs4ObV8CAwEAATANBgkqhkiG" 315 + "9w0BAQUFAAOBgQCJrCr3hZQFDlLIfsSKI1/w+BLvyf4fubOid0pBxfklR8KBNPTiqjSmu7pd/C/F" 316 + "1FR8CdZUDoPflZHCOU+fj5r5KUC1HyigY/tEUvlforBpfB0uCF+tXW4DbUfOWhfMtLV4nCOJOOZg" 317 + "awfZLJWBJouLKOp427vDftxTSB+Ks8YjlgAAAqwAAAAU+NH6TtrzjyDdCXm5B6Vo7xX5G4YAAAZx" 318 + "EAUkcZtmykn7YdaYxC1jRFJ+GEJpC8nZVg83QClVuCSIS8a5f8Hl44Bk4oepOZsPzhtz3RdVzDVi" 319 + "RFfoyZFsrk9F5bDTVJ6sQbb/1nfJkLhZFXokka0vND5AXMSoD5Bj1Fqem3cK7fSUyqKvFoRKC3XD" 320 + "FQvhqoam29F1rbl8FaYdPvhhZo8TfZQYUyUKwW+RbR44M5iHPx+ykieMe/C/4bcM3z8cwIbYI1aO" 321 + "gjQKS2MK9bs17xaDzeAh4sBKrskFGrDe+2dgvrSKdoakJhLTNTBSG6m+rzqMSCeQpafLKMSjTSSz" 322 + "+KoQ9bLyax8cbvViGGju0SlVhquloZmKOfHr8TukIoV64h3uCGFOVFtQjCYDOq6NbfRvMh14UVF5" 323 + "zgDIGczoD9dMoULWxBmniGSntoNgZM+QP6Id7DBasZGKfrHIAw3lHBqcvB5smemSu7F4itRoa3D8" 324 + "N7hhUEKAc+xA+8NKmXfiCBoHfPHTwDvt4IR7gWjeP3Xv5vitcKQ/MAfO5RwfzkYCXQ3FfjfzmsE1" 325 + "1IfLRDiBj+lhQSulhRVStKI88Che3M4JUNGKllrc0nt1pWa1vgzmUhhC4LSdm6trTHgyJnB6OcS9" 326 + "t2furYjK88j1AuB4921oxMxRm8c4Crq8Pyuf+n3YKi8Pl2BzBtw++0gj0ODlgwut8SrVj66/nvIB" 327 + "jN3kLVahR8nZrEFF6vTTmyXi761pzq9yOVqI57wJGx8o3Ygox1p+pWUPl1hQR7rrhUbgK/Q5wno9" 328 + "uJk07h3IZnNxE+/IKgeMTP/H4+jmyT4mhsexJ2BFHeiKF1KT/FMcJdSi+ZK5yoNVcYuY8aZbx0Ef" 329 + "lHorCXAmLFB0W6Cz4KPP01nD9YBB4olxiK1t7m0AU9zscdivNiuUaB5OIEr+JuZ6dNw="; 330 331 332 /** 333 * Implements the actual test case. Launches a server and a client, requires 334 * client authentication and checks the certificates afterwards (not in the 335 * usual sense, we just make sure that we got the expected certificates, 336 * because our self-signed test certificates are not valid.) 337 */ 338 339 @AndroidOnly("Uses bks key store. Change useBKS to false to run on the RI") 340 public void testClientAuth() throws Exception { 341 342 boolean useBKS = true; 343 344 listener = new MyHandshakeListener(); 345 String serverKeys = (useBKS ? SERVER_KEYS_BKS : SERVER_KEYS_JKS); 346 String clientKeys = (useBKS ? CLIENT_KEYS_BKS : CLIENT_KEYS_JKS); 347 TestServer server = new TestServer(true, 348 TestServer.CLIENT_AUTH_WANTED, serverKeys); 349 TestClient client = new TestClient(true, clientKeys); 350 351 Thread serverThread = new Thread(server); 352 Thread clientThread = new Thread(client); 353 354 serverThread.start(); 355 Thread.currentThread().sleep(3000); 356 clientThread.start(); 357 358 serverThread.join(); 359 clientThread.join(); 360 361 // The server must have completed without an exception. 362 Exception e = server.getException(); 363 if (e != null) { 364 e.printStackTrace(); 365 } 366 367 // The client must have completed without an exception. 368 e = client.getException(); 369 if (e != null) { 370 e.printStackTrace(); 371 } 372 373 assertNull(e); 374 375 assertTrue(listener.completeDone); 376 } 377 378 /** 379 * Implements a test SSL socket server. It wait for a connection on a given 380 * port, requests client authentication (if specified), reads 256 bytes 381 * from the socket, and writes 256 bytes to the socket. 382 */ 383 class TestServer implements Runnable { 384 385 public static final int CLIENT_AUTH_NONE = 0; 386 387 public static final int CLIENT_AUTH_WANTED = 1; 388 389 public static final int CLIENT_AUTH_NEEDED = 2; 390 391 private TestTrustManager trustManager; 392 393 private Exception exception; 394 395 String keys; 396 397 private int clientAuth; 398 399 private boolean provideKeys; 400 401 public TestServer(boolean provideKeys, int clientAuth, String keys) { 402 this.keys = keys; 403 this.clientAuth = clientAuth; 404 this.provideKeys = provideKeys; 405 406 trustManager = new TestTrustManager(); 407 } 408 409 public void run() { 410 try { 411 KeyManager[] keyManagers = provideKeys ? getKeyManagers(keys) : null; 412 TrustManager[] trustManagers = new TrustManager[] { trustManager }; 413 414 SSLContext sslContext = SSLContext.getInstance("TLS"); 415 sslContext.init(keyManagers, trustManagers, null); 416 417 SSLServerSocket serverSocket = (SSLServerSocket) 418 sslContext.getServerSocketFactory().createServerSocket(); 419 420 if (clientAuth == CLIENT_AUTH_WANTED) { 421 serverSocket.setWantClientAuth(true); 422 } else if (clientAuth == CLIENT_AUTH_NEEDED) { 423 serverSocket.setNeedClientAuth(true); 424 } else { 425 serverSocket.setWantClientAuth(false); 426 } 427 428 serverSocket.bind(new InetSocketAddress(port)); 429 430 SSLSocket clientSocket = (SSLSocket)serverSocket.accept(); 431 432 InputStream istream = clientSocket.getInputStream(); 433 434 for (int i = 0; i < 256; i++) { 435 int j = istream.read(); 436 assertEquals(i, j); 437 } 438 439 istream.close(); 440 441 OutputStream ostream = clientSocket.getOutputStream(); 442 443 for (int i = 0; i < 256; i++) { 444 ostream.write(i); 445 } 446 447 ostream.flush(); 448 ostream.close(); 449 450 clientSocket.close(); 451 serverSocket.close(); 452 453 } catch (Exception ex) { 454 exception = ex; 455 } 456 } 457 458 public Exception getException() { 459 return exception; 460 } 461 462 public X509Certificate[] getChain() { 463 return trustManager.getChain(); 464 } 465 466 } 467 468 /** 469 * Implements a test SSL socket client. It open a connection to localhost on 470 * a given port, writes 256 bytes to the socket, and reads 256 bytes from the 471 * socket. 472 */ 473 class TestClient implements Runnable { 474 475 private TestTrustManager trustManager; 476 477 private Exception exception; 478 479 private String keys; 480 481 private boolean provideKeys; 482 483 public TestClient(boolean provideKeys, String keys) { 484 this.keys = keys; 485 this.provideKeys = provideKeys; 486 487 trustManager = new TestTrustManager(); 488 } 489 490 public void run() { 491 try { 492 KeyManager[] keyManagers = provideKeys ? getKeyManagers(keys) : null; 493 TrustManager[] trustManagers = new TrustManager[] { trustManager }; 494 495 SSLContext sslContext = SSLContext.getInstance("TLS"); 496 sslContext.init(keyManagers, trustManagers, null); 497 498 SSLSocket socket = (SSLSocket)sslContext.getSocketFactory().createSocket(); 499 500 socket.connect(new InetSocketAddress(port)); 501 socket.addHandshakeCompletedListener(listener); 502 socket.startHandshake(); 503 504 OutputStream ostream = socket.getOutputStream(); 505 506 for (int i = 0; i < 256; i++) { 507 ostream.write(i); 508 } 509 510 ostream.flush(); 511 ostream.close(); 512 513 InputStream istream = socket.getInputStream(); 514 515 for (int i = 0; i < 256; i++) { 516 int j = istream.read(); 517 assertEquals(i, j); 518 } 519 520 istream.close(); 521 522 socket.close(); 523 524 } catch (Exception ex) { 525 exception = ex; 526 } 527 } 528 529 public Exception getException() { 530 return exception; 531 } 532 533 public X509Certificate[] getChain() { 534 return trustManager.getChain(); 535 } 536 } 537 538 /** 539 * Loads a keystore from a base64-encoded String. Returns the KeyManager[] 540 * for the result. 541 */ 542 private KeyManager[] getKeyManagers(String keys) throws Exception { 543 byte[] bytes = Base64.decode(keys.getBytes()); 544 InputStream inputStream = new ByteArrayInputStream(bytes); 545 546 KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 547 keyStore.load(inputStream, PASSWORD.toCharArray()); 548 inputStream.close(); 549 550 String algorithm = KeyManagerFactory.getDefaultAlgorithm(); 551 KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(algorithm); 552 keyManagerFactory.init(keyStore, PASSWORD.toCharArray()); 553 554 return keyManagerFactory.getKeyManagers(); 555 } 556 557 558 /** 559 * Implements basically a dummy TrustManager. It stores the certificate 560 * chain it sees, so it can later be queried. 561 */ 562 public static class TestTrustManager implements X509TrustManager { 563 564 private X509Certificate[] chain; 565 566 private String authType; 567 568 public void checkClientTrusted(X509Certificate[] chain, String authType) { 569 this.chain = chain; 570 this.authType = authType; 571 } 572 573 public void checkServerTrusted(X509Certificate[] chain, String authType) { 574 this.chain = chain; 575 this.authType = authType; 576 } 577 578 public java.security.cert.X509Certificate[] getAcceptedIssuers() { 579 return new java.security.cert.X509Certificate[0]; 580 } 581 582 public X509Certificate[] getChain() { 583 return chain; 584 } 585 586 public String getAuthType() { 587 return authType; 588 } 589 590 public void checkClientTrusted( 591 java.security.cert.X509Certificate[] chain, String authType) 592 throws CertificateException { 593 594 } 595 596 public void checkServerTrusted( 597 java.security.cert.X509Certificate[] chain, String authType) 598 throws CertificateException { 599 600 } 601 602 } 603 604 class MyHandshakeListener implements HandshakeCompletedListener { 605 606 public boolean completeDone; 607 608 MyHandshakeListener() { 609 completeDone = false; 610 } 611 612 public void handshakeCompleted(HandshakeCompletedEvent event) { 613 if (event != null) completeDone = true; 614 } 615 } 616 } 617