Home | History | Annotate | Download | only in ssl 
      1 /*
      2  *  Licensed to the Apache Software Foundation (ASF) under one or more
      3  *  contributor license agreements.  See the NOTICE file distributed with
      4  *  this work for additional information regarding copyright ownership.
      5  *  The ASF licenses this file to You under the Apache License, Version 2.0
      6  *  (the "License"); you may not use this file except in compliance with
      7  *  the License.  You may obtain a copy of the License at
      8  *
      9  *     http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  *  Unless required by applicable law or agreed to in writing, software
     12  *  distributed under the License is distributed on an "AS IS" BASIS,
     13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  *  See the License for the specific language governing permissions and
     15  *  limitations under the License.
     16  */
     17 
     18 package tests.api.javax.net.ssl;
     19 
     20 import dalvik.annotation.AndroidOnly;
     21 import java.io.ByteArrayInputStream;
     22 import java.io.IOException;
     23 import java.io.InputStream;
     24 import java.io.OutputStream;
     25 import java.net.InetSocketAddress;
     26 import java.security.KeyStore;
     27 import java.security.cert.Certificate;
     28 import java.security.cert.CertificateException;
     29 import javax.net.ssl.HandshakeCompletedEvent;
     30 import javax.net.ssl.HandshakeCompletedListener;
     31 import javax.net.ssl.KeyManager;
     32 import javax.net.ssl.KeyManagerFactory;
     33 import javax.net.ssl.SSLContext;
     34 import javax.net.ssl.SSLPeerUnverifiedException;
     35 import javax.net.ssl.SSLServerSocket;
     36 import javax.net.ssl.SSLSession;
     37 import javax.net.ssl.SSLSocket;
     38 import javax.net.ssl.SSLSocketFactory;
     39 import javax.net.ssl.TrustManager;
     40 import javax.net.ssl.X509TrustManager;
     41 import javax.security.cert.X509Certificate;
     42 import junit.framework.TestCase;
     43 import libcore.io.Base64;
     44 import org.apache.harmony.xnet.tests.support.mySSLSession;
     45 import tests.support.Support_PortManager;
     46 
     47 /**
     48  * Tests for <code>HandshakeCompletedEvent</code> class constructors and methods.
     49  *
     50  */
     51 public class HandshakeCompletedEventTest extends TestCase {
     52 
     53     String certificate = "-----BEGIN CERTIFICATE-----\n"
     54         + "MIICZTCCAdICBQL3AAC2MA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw\n"
     55         + "HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl\n"
     56         + "IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NzAyMjAwMDAwMDBa\n"
     57         + "Fw05ODAyMjAyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv\n"
     58         + "cm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMR8wHQYDVQQKExZTdW4gTWljcm9zeXN0\n"
     59         + "ZW1zLCBJbmMuMSEwHwYDVQQLExhUZXN0IGFuZCBFdmFsdWF0aW9uIE9ubHkxGjAY\n"
     60         + "BgNVBAMTEWFyZ29uLmVuZy5zdW4uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n"
     61         + "iQKBgQCofmdY+PiUWN01FOzEewf+GaG+lFf132UpzATmYJkA4AEA/juW7jSi+LJk\n"
     62         + "wJKi5GO4RyZoyimAL/5yIWDV6l1KlvxyKslr0REhMBaD/3Z3EsLTTEf5gVrQS6sT\n"
     63         + "WMoSZAyzB39kFfsB6oUXNtV8+UKKxSxKbxvhQn267PeCz5VX2QIDAQABMA0GCSqG\n"
     64         + "SIb3DQEBAgUAA34AXl3at6luiV/7I9MN5CXYoPJYI8Bcdc1hBagJvTMcmlqL2uOZ\n"
     65         + "H9T5hNMEL9Tk6aI7yZPXcw/xI2K6pOR/FrMp0UwJmdxX7ljV6ZtUZf7pY492UqwC\n"
     66         + "1777XQ9UEZyrKJvF5ntleeO0ayBqLGVKCWzWZX9YsXCpv47FNLZbupE=\n"
     67         + "-----END CERTIFICATE-----\n";
     68 
     69 
     70     /**
     71      * @throws IOException
     72      * javax.net.ssl.HandshakeCompletedEvent#HandshakeCompletedEvent(SSLSocket sock, SSLSession s)
     73      */
     74     public final void test_Constructor() throws Exception {
     75         mySSLSession session = new mySSLSession();
     76         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
     77         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
     78         try {
     79             new HandshakeCompletedEvent(null, null);
     80             fail("Any exception wasn't thrown for null parameters");
     81         } catch (Exception expected) {
     82         }
     83     }
     84 
     85     /**
     86      * @throws IOException
     87      * javax.net.ssl.HandshakeCompletedEvent#getCipherSuite()
     88      */
     89     public final void test_getCipherSuite() throws Exception {
     90         mySSLSession session = new mySSLSession("localhost", 1080, null);
     91         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
     92         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
     93         assertEquals("SuiteName", event.getCipherSuite());
     94     }
     95 
     96     /**
     97      * @throws IOException
     98      * javax.net.ssl.HandshakeCompletedEvent#getLocalCertificates()
     99      */
    100     public final void test_getLocalCertificates() throws Exception {
    101         mySSLSession session = new mySSLSession("localhost", 1080, null);
    102         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
    103         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
    104         assertNull(event.getLocalCertificates());
    105     }
    106 
    107     /**
    108      * @throws IOException
    109      * javax.net.ssl.HandshakeCompletedEvent#getLocalPrincipal()
    110      */
    111     public final void test_getLocalPrincipal() throws Exception {
    112         mySSLSession session = new mySSLSession("localhost", 1080, null);
    113         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
    114         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
    115         assertNull(event.getLocalPrincipal());
    116     }
    117 
    118     /**
    119      * @throws IOException
    120      * javax.net.ssl.HandshakeCompletedEvent#getPeerCertificateChain()
    121      */
    122     public final void test_getPeerCertificateChain() throws Exception {
    123         ByteArrayInputStream bis = new ByteArrayInputStream(certificate.getBytes());
    124         mySSLSession session = new mySSLSession((X509Certificate[]) null);
    125         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
    126         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
    127         try {
    128             event.getPeerCertificateChain();
    129             fail("SSLPeerUnverifiedException wasn't thrown");
    130         } catch (SSLPeerUnverifiedException expected) {
    131         }
    132 
    133         X509Certificate xc = X509Certificate.getInstance(bis);
    134         X509Certificate[] xcs = {xc};
    135         session = new mySSLSession(xcs);
    136         event = new HandshakeCompletedEvent(socket, session);
    137 
    138         X509Certificate[] res = event.getPeerCertificateChain();
    139         assertEquals(1, res.length);
    140     }
    141 
    142     /**
    143      * @throws IOException
    144      * javax.net.ssl.HandshakeCompletedEvent#getPeerCertificates()
    145      */
    146     public final void test_getPeerCertificates() throws IOException {
    147         mySSLSession session = new mySSLSession("localhost", 1080, null);
    148         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
    149         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
    150         try {
    151             event.getPeerCertificates();
    152             fail("SSLPeerUnverifiedException wasn't thrown");
    153         } catch (SSLPeerUnverifiedException expected) {
    154         }
    155 
    156         session = new mySSLSession((X509Certificate[]) null);
    157         event = new HandshakeCompletedEvent(socket, session);
    158         Certificate[] res = event.getPeerCertificates();
    159         assertEquals(3, res.length);
    160     }
    161 
    162     /**
    163      * @throws IOException
    164      * javax.net.ssl.HandshakeCompletedEvent#getPeerPrincipal()
    165      */
    166     public final void test_getPeerPrincipal() throws IOException {
    167         mySSLSession session = new mySSLSession("localhost", 1080, null);
    168         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
    169         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
    170         assertNull(event.getPeerPrincipal());
    171     }
    172 
    173     /**
    174      * @throws IOException
    175      * javax.net.ssl.HandshakeCompletedEvent#getSession()
    176      */
    177     public final void test_getSession() throws IOException {
    178         mySSLSession session = new mySSLSession("localhost", 1080, null);
    179         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
    180         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
    181         SSLSession ss = event.getSession();
    182         assertNotNull(ss);
    183         assertEquals(session, ss);
    184     }
    185 
    186     /**
    187      * @throws IOException
    188      * javax.net.ssl.HandshakeCompletedEvent#getSocket()
    189      */
    190     public final void test_getSocket() throws IOException {
    191         SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
    192         HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, null);
    193         SSLSocket ss = event.getSocket();
    194         assertNotNull(ss);
    195         assertEquals(socket, ss);
    196     }
    197 
    198 
    199     // Regression test for CompletedHandshakeEvent not firing with a custom
    200     // TrustManager
    201 
    202 
    203     SSLSocket socket;
    204     SSLSocket serverSocket;
    205     MyHandshakeListener listener;
    206     int port = Support_PortManager.getNextPort();
    207     String host = "localhost";
    208 
    209     private String PASSWORD = "android";
    210 
    211     /**
    212      * Defines the keystore contents for the server, BKS version. Holds just a
    213      * single self-generated key. The subject name is "Test Server".
    214      */
    215     private static final String SERVER_KEYS_BKS =
    216             "AAAAAQAAABQDkebzoP1XwqyWKRCJEpn/t8dqIQAABDkEAAVteWtleQAAARpYl20nAAAAAQAFWC41"
    217             + "MDkAAAJNMIICSTCCAbKgAwIBAgIESEfU1jANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET"
    218             + "MBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNV"
    219             + "BAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgU2VydmVyMB4XDTA4MDYwNTExNTgxNFoXDTA4MDkw"
    220             + "MzExNTgxNFowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01U"
    221             + "VjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRQwEgYDVQQDEwtUZXN0IFNlcnZl"
    222             + "cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LIdKaIr9/vsTq8BZlA3R+NFWRaH4lGsTAQy"
    223             + "DPMF9ZqEDOaL6DJuu0colSBBBQ85hQTPa9m9nyJoN3pEi1hgamqOvQIWcXBk+SOpUGRZZFXwniJV"
    224             + "zDKU5nE9MYgn2B9AoiH3CSuMz6HRqgVaqtppIe1jhukMc/kHVJvlKRNy9XMCAwEAATANBgkqhkiG"
    225             + "9w0BAQUFAAOBgQC7yBmJ9O/eWDGtSH9BH0R3dh2NdST3W9hNZ8hIa8U8klhNHbUCSSktZmZkvbPU"
    226             + "hse5LI3dh6RyNDuqDrbYwcqzKbFJaq/jX9kCoeb3vgbQElMRX8D2ID1vRjxwlALFISrtaN4VpWzV"
    227             + "yeoHPW4xldeZmoVtjn8zXNzQhLuBqX2MmAAAAqwAAAAUvkUScfw9yCSmALruURNmtBai7kQAAAZx"
    228             + "4Jmijxs/l8EBaleaUru6EOPioWkUAEVWCxjM/TxbGHOi2VMsQWqRr/DZ3wsDmtQgw3QTrUK666sR"
    229             + "MBnbqdnyCyvM1J2V1xxLXPUeRBmR2CXorYGF9Dye7NkgVdfA+9g9L/0Au6Ugn+2Cj5leoIgkgApN"
    230             + "vuEcZegFlNOUPVEs3SlBgUF1BY6OBM0UBHTPwGGxFBBcetcuMRbUnu65vyDG0pslT59qpaR0TMVs"
    231             + "P+tcheEzhyjbfM32/vwhnL9dBEgM8qMt0sqF6itNOQU/F4WGkK2Cm2v4CYEyKYw325fEhzTXosck"
    232             + "MhbqmcyLab8EPceWF3dweoUT76+jEZx8lV2dapR+CmczQI43tV9btsd1xiBbBHAKvymm9Ep9bPzM"
    233             + "J0MQi+OtURL9Lxke/70/MRueqbPeUlOaGvANTmXQD2OnW7PISwJ9lpeLfTG0LcqkoqkbtLKQLYHI"
    234             + "rQfV5j0j+wmvmpMxzjN3uvNajLa4zQ8l0Eok9SFaRr2RL0gN8Q2JegfOL4pUiHPsh64WWya2NB7f"
    235             + "V+1s65eA5ospXYsShRjo046QhGTmymwXXzdzuxu8IlnTEont6P4+J+GsWk6cldGbl20hctuUKzyx"
    236             + "OptjEPOKejV60iDCYGmHbCWAzQ8h5MILV82IclzNViZmzAapeeCnexhpXhWTs+xDEYSKEiG/camt"
    237             + "bhmZc3BcyVJrW23PktSfpBQ6D8ZxoMfF0L7V2GQMaUg+3r7ucrx82kpqotjv0xHghNIm95aBr1Qw"
    238             + "1gaEjsC/0wGmmBDg1dTDH+F1p9TInzr3EFuYD0YiQ7YlAHq3cPuyGoLXJ5dXYuSBfhDXJSeddUkl"
    239             + "k1ufZyOOcskeInQge7jzaRfmKg3U94r+spMEvb0AzDQVOKvjjo1ivxMSgFRZaDb/4qw=";
    240 
    241     /**
    242      * Defines the keystore contents for the server, JKS version. Holds just a
    243      * single self-generated key. The subject name is "Test Server".
    244      */
    245     private static final String SERVER_KEYS_JKS =
    246             "/u3+7QAAAAIAAAABAAAAAQAFbXlrZXkAAAEaWFfBeAAAArowggK2MA4GCisGAQQBKgIRAQEFAASC"
    247             + "AqI2kp5XjnF8YZkhcF92YsJNQkvsmH7zqMM87j23zSoV4DwyE3XeC/gZWq1ToScIhoqZkzlbWcu4"
    248             + "T/Zfc/DrfGk/rKbBL1uWKGZ8fMtlZk8KoAhxZk1JSyJvdkyKxqmzUbxk1OFMlN2VJNu97FPVH+du"
    249             + "dvjTvmpdoM81INWBW/1fZJeQeDvn4mMbbe0IxgpiLnI9WSevlaDP/sm1X3iO9yEyzHLL+M5Erspo"
    250             + "Cwa558fOu5DdsICMXhvDQxjWFKFhPHnKtGe+VvwkG9/bAaDgx3kfhk0w5zvdnkKb+8Ed9ylNRzdk"
    251             + "ocAa/mxlMTOsTvDKXjjsBupNPIIj7OP4GNnZaxkJjSs98pEO67op1GX2qhy6FSOPNuq8k/65HzUc"
    252             + "PYn6voEeh6vm02U/sjEnzRevQ2+2wXoAdp0EwtQ/DlMe+NvcwPGWKuMgX4A4L93DZGb04N2VmAU3"
    253             + "YLOtZwTO0LbuWrcCM/q99G/7LcczkxIVrO2I/rh8RXVczlf9QzcrFObFv4ATuspWJ8xG7DhsMbnk"
    254             + "rT94Pq6TogYeoz8o8ZMykesAqN6mt/9+ToIemmXv+e+KU1hI5oLwWMnUG6dXM6hIvrULY6o+QCPH"
    255             + "172YQJMa+68HAeS+itBTAF4Clm/bLn6reHCGGU6vNdwU0lYldpiOj9cB3t+u2UuLo6tiFWjLf5Zs"
    256             + "EQJETd4g/EK9nHxJn0GAKrWnTw7pEHQJ08elzUuy04C/jEEG+4QXU1InzS4o/kR0Sqz2WTGDoSoq"
    257             + "ewuPRU5bzQs/b9daq3mXrnPtRBL6HfSDAdpTK76iHqLCGdqx3avHjVSBm4zFvEuYBCev+3iKOBmg"
    258             + "yh7eQRTjz4UOWfy85omMBr7lK8PtfVBDzOXpasxS0uBgdUyBDX4tO6k9jZ8a1kmQRQAAAAEABVgu"
    259             + "NTA5AAACSDCCAkQwggGtAgRIR8SKMA0GCSqGSIb3DQEBBAUAMGkxCzAJBgNVBAYTAlVTMRMwEQYD"
    260             + "VQQIEwpDYWxpZm9ybmlhMQwwCgYDVQQHEwNNVFYxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMH"
    261             + "QW5kcm9pZDEUMBIGA1UEAxMLVGVzdCBTZXJ2ZXIwHhcNMDgwNjA1MTA0ODQyWhcNMDgwOTAzMTA0"
    262             + "ODQyWjBpMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8w"
    263             + "DQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgU2VydmVyMIGf"
    264             + "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwoC6chqCI84rj1PrXuJgbiit4EV909zR6N0jNlYfg"
    265             + "itwB39bP39wH03rFm8T59b3mbSptnGmCIpLZn25KPPFsYD3JJ+wFlmiUdEP9H05flfwtFQJnw9uT"
    266             + "3rRIdYVMPcQ3RoZzwAMliGr882I2thIDbA6xjGU/1nRIdvk0LtxH3QIDAQABMA0GCSqGSIb3DQEB"
    267             + "BAUAA4GBAJn+6YgUlY18Ie+0+Vt8oEi81DNi/bfPrAUAh63fhhBikx/3R9dl3wh09Z6p7cIdNxjW"
    268             + "n2ll+cRW9eqF7z75F0Omm0C7/KAEPjukVbszmzeU5VqzkpSt0j84YWi+TfcHRrfvhLbrlmGITVpY"
    269             + "ol5pHLDyqGmDs53pgwipWqsn/nEXEBgj3EoqPeqHbDf7YaP8h/5BSt0=";
    270 
    271     /**
    272      * Defines the keystore contents for the client, JKS version. Holds just a
    273      * single self-generated key. The subject name is "Test Client".
    274      */
    275     private static final String CLIENT_KEYS_JKS =
    276             "/u3+7QAAAAIAAAABAAAAAQAFbXlrZXkAAAEaWFhyMAAAArkwggK1MA4GCisGAQQBKgIRAQEFAASC"
    277             + "AqGVSfXolBStZy4nnRNn4fAr+S7kfU2BS23wwW8uB2Ru3GvtLzlK9q08Gvq/LNqBafjyFTVL5FV5"
    278             + "SED/8YomO5a98GpskSeRvytCiTBLJdgGhws5TOGekgIAcBROPGIyOtJPQ0HfOQs+BqgzGDHzHQhw"
    279             + "u/8Tm6yQwiP+W/1I9B1QnaEztZA3mhTyMMJsmsFTYroGgAog885D5Cmzd8sYGfxec3R6I+xcmBAY"
    280             + "eibR5kGpWwt1R+qMvRrtBqh5r6WSKhCBNax+SJVbtUNRiKyjKccdJg6fGqIWWeivwYTy0OhjA6b4"
    281             + "NiZ/ZZs5pxFGWUj/Rlp0RYy8fCF6aw5/5s4Bf4MI6dPSqMG8Hf7sJR91GbcELyzPdM0h5lNavgit"
    282             + "QPEzKeuDrGxhY1frJThBsNsS0gxeu+OgfJPEb/H4lpYX5IvuIGbWKcxoO9zq4/fimIZkdA8A+3eY"
    283             + "mfDaowvy65NBVQPJSxaOyFhLHfeLqOeCsVENAea02vA7andZHTZehvcrqyKtm+z8ncHGRC2H9H8O"
    284             + "jKwKHfxxrYY/jMAKLl00+PBb3kspO+BHI2EcQnQuMw/zr83OR9Meq4TJ0TMuNkApZELAeFckIBbS"
    285             + "rBr8NNjAIfjuCTuKHhsTFWiHfk9ZIzigxXagfeDRiyVc6khOuF/bGorj23N2o7Rf3uLoU6PyXWi4"
    286             + "uhctR1aL6NzxDoK2PbYCeA9hxbDv8emaVPIzlVwpPK3Ruvv9mkjcOhZ74J8bPK2fQmbplbOljcZi"
    287             + "tZijOfzcO/11JrwhuJZRA6wanTqHoujgChV9EukVrmbWGGAcewFnAsSbFXIik7/+QznXaDIt5NgL"
    288             + "H/Bcz4Z/fdV7Ae1eUaxKXdPbI//4J+8liVT/d8awjW2tldIaDlmGMR3aoc830+3mAAAAAQAFWC41"
    289             + "MDkAAAJIMIICRDCCAa0CBEhHxLgwDQYJKoZIhvcNAQEEBQAwaTELMAkGA1UEBhMCVVMxEzARBgNV"
    290             + "BAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01UVjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdB"
    291             + "bmRyb2lkMRQwEgYDVQQDEwtUZXN0IENsaWVudDAeFw0wODA2MDUxMDQ5MjhaFw0wODA5MDMxMDQ5"
    292             + "MjhaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQwwCgYDVQQHEwNNVFYxDzAN"
    293             + "BgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHQW5kcm9pZDEUMBIGA1UEAxMLVGVzdCBDbGllbnQwgZ8w"
    294             + "DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIK3Q+KiFbmCGg422TAo4gggdhMH6FJhiuz8DxRyeMKR"
    295             + "UAfP4MK0wtc8N42waZ6OKvxpBFUy0BRfBsX0GD4Ku99yu9/tavSigTraeJtwV3WWRRjIqk7L3wX5"
    296             + "cmgS2KSD43Y0rNUKrko26lnt9N4qiYRBSj+tcAN3Lx9+ptqk1LApAgMBAAEwDQYJKoZIhvcNAQEE"
    297             + "BQADgYEANb7Q1GVSuy1RPJ0FmiXoMYCCtvlRLkmJphwxovK0cAQK12Vll+yAzBhHiQHy/RA11mng"
    298             + "wYudC7u3P8X/tBT8GR1Yk7QW3KgFyPafp3lQBBCraSsfrjKj+dCLig1uBLUr4f68W8VFWZWWTHqp"
    299             + "NMGpCX6qmjbkJQLVK/Yfo1ePaUexPSOX0G9m8+DoV3iyNw6at01NRw==";
    300 
    301     /**
    302      * Defines the keystore contents for the client, BKS version. Holds just a
    303      * single self-generated key. The subject name is "Test Client".
    304      */
    305     private static final String CLIENT_KEYS_BKS =
    306             "AAAAAQAAABT4Rka6fxbFps98Y5k2VilmbibNkQAABfQEAAVteWtleQAAARpYl+POAAAAAQAFWC41"
    307             + "MDkAAAJNMIICSTCCAbKgAwIBAgIESEfU9TANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET"
    308             + "MBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNV"
    309             + "BAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgQ2xpZW50MB4XDTA4MDYwNTExNTg0NVoXDTA4MDkw"
    310             + "MzExNTg0NVowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01U"
    311             + "VjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRQwEgYDVQQDEwtUZXN0IENsaWVu"
    312             + "dDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApUvmWsQDHPpbDKK13Yez2/q54tTOmRml/qva"
    313             + "2K6dZjkjSTW0iRuk7ztaVEvdJpfVIDv1oBsCI51ttyLHROy1epjF+GoL74mJb7fkcd0VOoSOTjtD"
    314             + "+3GgZkHPAm5YmUYxiJXqxKKJJqMCTIW46eJaA2nAep9QIwZ14/NFAs4ObV8CAwEAATANBgkqhkiG"
    315             + "9w0BAQUFAAOBgQCJrCr3hZQFDlLIfsSKI1/w+BLvyf4fubOid0pBxfklR8KBNPTiqjSmu7pd/C/F"
    316             + "1FR8CdZUDoPflZHCOU+fj5r5KUC1HyigY/tEUvlforBpfB0uCF+tXW4DbUfOWhfMtLV4nCOJOOZg"
    317             + "awfZLJWBJouLKOp427vDftxTSB+Ks8YjlgAAAqwAAAAU+NH6TtrzjyDdCXm5B6Vo7xX5G4YAAAZx"
    318             + "EAUkcZtmykn7YdaYxC1jRFJ+GEJpC8nZVg83QClVuCSIS8a5f8Hl44Bk4oepOZsPzhtz3RdVzDVi"
    319             + "RFfoyZFsrk9F5bDTVJ6sQbb/1nfJkLhZFXokka0vND5AXMSoD5Bj1Fqem3cK7fSUyqKvFoRKC3XD"
    320             + "FQvhqoam29F1rbl8FaYdPvhhZo8TfZQYUyUKwW+RbR44M5iHPx+ykieMe/C/4bcM3z8cwIbYI1aO"
    321             + "gjQKS2MK9bs17xaDzeAh4sBKrskFGrDe+2dgvrSKdoakJhLTNTBSG6m+rzqMSCeQpafLKMSjTSSz"
    322             + "+KoQ9bLyax8cbvViGGju0SlVhquloZmKOfHr8TukIoV64h3uCGFOVFtQjCYDOq6NbfRvMh14UVF5"
    323             + "zgDIGczoD9dMoULWxBmniGSntoNgZM+QP6Id7DBasZGKfrHIAw3lHBqcvB5smemSu7F4itRoa3D8"
    324             + "N7hhUEKAc+xA+8NKmXfiCBoHfPHTwDvt4IR7gWjeP3Xv5vitcKQ/MAfO5RwfzkYCXQ3FfjfzmsE1"
    325             + "1IfLRDiBj+lhQSulhRVStKI88Che3M4JUNGKllrc0nt1pWa1vgzmUhhC4LSdm6trTHgyJnB6OcS9"
    326             + "t2furYjK88j1AuB4921oxMxRm8c4Crq8Pyuf+n3YKi8Pl2BzBtw++0gj0ODlgwut8SrVj66/nvIB"
    327             + "jN3kLVahR8nZrEFF6vTTmyXi761pzq9yOVqI57wJGx8o3Ygox1p+pWUPl1hQR7rrhUbgK/Q5wno9"
    328             + "uJk07h3IZnNxE+/IKgeMTP/H4+jmyT4mhsexJ2BFHeiKF1KT/FMcJdSi+ZK5yoNVcYuY8aZbx0Ef"
    329             + "lHorCXAmLFB0W6Cz4KPP01nD9YBB4olxiK1t7m0AU9zscdivNiuUaB5OIEr+JuZ6dNw=";
    330 
    331 
    332     /**
    333      * Implements the actual test case. Launches a server and a client, requires
    334      * client authentication and checks the certificates afterwards (not in the
    335      * usual sense, we just make sure that we got the expected certificates,
    336      * because our self-signed test certificates are not valid.)
    337      */
    338 
    339     @AndroidOnly("Uses bks key store. Change useBKS to false to run on the RI")
    340     public void testClientAuth() throws Exception {
    341 
    342         boolean useBKS = true;
    343 
    344         listener = new MyHandshakeListener();
    345         String serverKeys = (useBKS ? SERVER_KEYS_BKS : SERVER_KEYS_JKS);
    346         String clientKeys = (useBKS ? CLIENT_KEYS_BKS : CLIENT_KEYS_JKS);
    347         TestServer server = new TestServer(true,
    348                                            TestServer.CLIENT_AUTH_WANTED, serverKeys);
    349         TestClient client = new TestClient(true, clientKeys);
    350 
    351         Thread serverThread = new Thread(server);
    352         Thread clientThread = new Thread(client);
    353 
    354         serverThread.start();
    355         Thread.currentThread().sleep(3000);
    356         clientThread.start();
    357 
    358         serverThread.join();
    359         clientThread.join();
    360 
    361         // The server must have completed without an exception.
    362         Exception e = server.getException();
    363         if (e != null) {
    364             e.printStackTrace();
    365         }
    366 
    367         // The client must have completed without an exception.
    368         e = client.getException();
    369         if (e != null) {
    370             e.printStackTrace();
    371         }
    372 
    373         assertNull(e);
    374 
    375         assertTrue(listener.completeDone);
    376     }
    377 
    378     /**
    379      * Implements a test SSL socket server. It wait for a connection on a given
    380      * port, requests client authentication (if specified), reads 256 bytes
    381      * from the socket, and writes 256 bytes to the socket.
    382      */
    383     class TestServer implements Runnable {
    384 
    385         public static final int CLIENT_AUTH_NONE = 0;
    386 
    387         public static final int CLIENT_AUTH_WANTED = 1;
    388 
    389         public static final int CLIENT_AUTH_NEEDED = 2;
    390 
    391         private TestTrustManager trustManager;
    392 
    393         private Exception exception;
    394 
    395         String keys;
    396 
    397         private int clientAuth;
    398 
    399         private boolean provideKeys;
    400 
    401         public TestServer(boolean provideKeys, int clientAuth, String keys) {
    402             this.keys = keys;
    403             this.clientAuth = clientAuth;
    404             this.provideKeys = provideKeys;
    405 
    406             trustManager = new TestTrustManager();
    407         }
    408 
    409         public void run() {
    410             try {
    411                 KeyManager[] keyManagers = provideKeys ? getKeyManagers(keys) : null;
    412                 TrustManager[] trustManagers = new TrustManager[] { trustManager };
    413 
    414                 SSLContext sslContext = SSLContext.getInstance("TLS");
    415                 sslContext.init(keyManagers, trustManagers, null);
    416 
    417                 SSLServerSocket serverSocket = (SSLServerSocket)
    418                         sslContext.getServerSocketFactory().createServerSocket();
    419 
    420                 if (clientAuth == CLIENT_AUTH_WANTED) {
    421                     serverSocket.setWantClientAuth(true);
    422                 } else if (clientAuth == CLIENT_AUTH_NEEDED) {
    423                     serverSocket.setNeedClientAuth(true);
    424                 } else {
    425                     serverSocket.setWantClientAuth(false);
    426                 }
    427 
    428                 serverSocket.bind(new InetSocketAddress(port));
    429 
    430                 SSLSocket clientSocket = (SSLSocket)serverSocket.accept();
    431 
    432                 InputStream istream = clientSocket.getInputStream();
    433 
    434                 for (int i = 0; i < 256; i++) {
    435                     int j = istream.read();
    436                     assertEquals(i, j);
    437                 }
    438 
    439                 istream.close();
    440 
    441                 OutputStream ostream = clientSocket.getOutputStream();
    442 
    443                 for (int i = 0; i < 256; i++) {
    444                     ostream.write(i);
    445                 }
    446 
    447                 ostream.flush();
    448                 ostream.close();
    449 
    450                 clientSocket.close();
    451                 serverSocket.close();
    452 
    453             } catch (Exception ex) {
    454                 exception = ex;
    455             }
    456         }
    457 
    458         public Exception getException() {
    459             return exception;
    460         }
    461 
    462         public X509Certificate[] getChain() {
    463             return trustManager.getChain();
    464         }
    465 
    466     }
    467 
    468     /**
    469      * Implements a test SSL socket client. It open a connection to localhost on
    470      * a given port, writes 256 bytes to the socket, and reads 256 bytes from the
    471      * socket.
    472      */
    473     class TestClient implements Runnable {
    474 
    475         private TestTrustManager trustManager;
    476 
    477         private Exception exception;
    478 
    479         private String keys;
    480 
    481         private boolean provideKeys;
    482 
    483         public TestClient(boolean provideKeys, String keys) {
    484             this.keys = keys;
    485             this.provideKeys = provideKeys;
    486 
    487             trustManager = new TestTrustManager();
    488         }
    489 
    490         public void run() {
    491             try {
    492                 KeyManager[] keyManagers = provideKeys ? getKeyManagers(keys) : null;
    493                 TrustManager[] trustManagers = new TrustManager[] { trustManager };
    494 
    495                 SSLContext sslContext = SSLContext.getInstance("TLS");
    496                 sslContext.init(keyManagers, trustManagers, null);
    497 
    498                 SSLSocket socket = (SSLSocket)sslContext.getSocketFactory().createSocket();
    499 
    500                 socket.connect(new InetSocketAddress(port));
    501                 socket.addHandshakeCompletedListener(listener);
    502                 socket.startHandshake();
    503 
    504                 OutputStream ostream = socket.getOutputStream();
    505 
    506                 for (int i = 0; i < 256; i++) {
    507                     ostream.write(i);
    508                 }
    509 
    510                 ostream.flush();
    511                 ostream.close();
    512 
    513                 InputStream istream = socket.getInputStream();
    514 
    515                 for (int i = 0; i < 256; i++) {
    516                     int j = istream.read();
    517                     assertEquals(i, j);
    518                 }
    519 
    520                 istream.close();
    521 
    522                 socket.close();
    523 
    524             } catch (Exception ex) {
    525                 exception = ex;
    526             }
    527         }
    528 
    529         public Exception getException() {
    530             return exception;
    531         }
    532 
    533         public X509Certificate[] getChain() {
    534             return trustManager.getChain();
    535         }
    536     }
    537 
    538     /**
    539      * Loads a keystore from a base64-encoded String. Returns the KeyManager[]
    540      * for the result.
    541      */
    542     private KeyManager[] getKeyManagers(String keys) throws Exception {
    543         byte[] bytes = Base64.decode(keys.getBytes());
    544         InputStream inputStream = new ByteArrayInputStream(bytes);
    545 
    546         KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    547         keyStore.load(inputStream, PASSWORD.toCharArray());
    548         inputStream.close();
    549 
    550         String algorithm = KeyManagerFactory.getDefaultAlgorithm();
    551         KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(algorithm);
    552         keyManagerFactory.init(keyStore, PASSWORD.toCharArray());
    553 
    554         return keyManagerFactory.getKeyManagers();
    555     }
    556 
    557 
    558     /**
    559      * Implements basically a dummy TrustManager. It stores the certificate
    560      * chain it sees, so it can later be queried.
    561      */
    562     public static class TestTrustManager implements X509TrustManager {
    563 
    564         private X509Certificate[] chain;
    565 
    566         private String authType;
    567 
    568         public void checkClientTrusted(X509Certificate[] chain, String authType) {
    569             this.chain = chain;
    570             this.authType = authType;
    571         }
    572 
    573         public void checkServerTrusted(X509Certificate[] chain, String authType) {
    574             this.chain = chain;
    575             this.authType = authType;
    576         }
    577 
    578         public java.security.cert.X509Certificate[] getAcceptedIssuers() {
    579             return new java.security.cert.X509Certificate[0];
    580         }
    581 
    582         public X509Certificate[] getChain() {
    583             return chain;
    584         }
    585 
    586         public String getAuthType() {
    587             return authType;
    588         }
    589 
    590         public void checkClientTrusted(
    591                 java.security.cert.X509Certificate[] chain, String authType)
    592                 throws CertificateException {
    593 
    594         }
    595 
    596         public void checkServerTrusted(
    597                 java.security.cert.X509Certificate[] chain, String authType)
    598                 throws CertificateException {
    599 
    600         }
    601 
    602     }
    603 
    604     class MyHandshakeListener implements HandshakeCompletedListener {
    605 
    606         public boolean completeDone;
    607 
    608         MyHandshakeListener() {
    609             completeDone = false;
    610         }
    611 
    612         public void handshakeCompleted(HandshakeCompletedEvent event) {
    613             if (event != null) completeDone = true;
    614         }
    615     }
    616 }
    617