1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package org.apache.harmony.tests.javax.net.ssl; 19 20 import java.io.ByteArrayInputStream; 21 import java.io.InputStream; 22 import java.io.OutputStream; 23 import java.net.InetSocketAddress; 24 import java.security.KeyStore; 25 import java.security.Principal; 26 import java.security.cert.Certificate; 27 import java.security.cert.X509Certificate; 28 import java.util.Arrays; 29 30 import javax.net.ssl.ExtendedSSLSession; 31 import javax.net.ssl.KeyManager; 32 import javax.net.ssl.KeyManagerFactory; 33 import javax.net.ssl.SSLContext; 34 import javax.net.ssl.SSLServerSocket; 35 import javax.net.ssl.SSLSession; 36 import javax.net.ssl.SSLSessionBindingEvent; 37 import javax.net.ssl.SSLSessionBindingListener; 38 import javax.net.ssl.SSLSocket; 39 import javax.net.ssl.TrustManager; 40 41 import org.apache.harmony.tests.javax.net.ssl.HandshakeCompletedEventTest.MyHandshakeListener; 42 import org.apache.harmony.tests.javax.net.ssl.HandshakeCompletedEventTest.TestTrustManager; 43 44 import junit.framework.TestCase; 45 import libcore.io.Base64; 46 import libcore.java.security.StandardNames; 47 48 public class SSLSessionTest extends TestCase { 49 50 // set to true if on Android, false if on RI 51 boolean useBKS = true; 52 53 /** 54 * javax.net.ssl.SSLSession#getPeerHost() 55 * javax.net.ssl.SSLSession#getPeerPort() 56 */ 57 public void test_getPeerHost() throws Exception { 58 SSLSession s = clientSession; 59 assertEquals(((InetSocketAddress) serverSocket.getLocalSocketAddress()).getHostString(), 60 s.getPeerHost()); 61 assertEquals(serverSocket.getLocalPort(), s.getPeerPort()); 62 } 63 64 /** 65 * javax.net.ssl.SSLSession#invalidate() 66 * javax.net.ssl.SSLSession#isValid() 67 */ 68 public void test_invalidate() { 69 SSLSession s = clientSession; 70 assertTrue(s.isValid()); 71 s.invalidate(); 72 assertFalse(s.isValid()); 73 } 74 75 /** 76 * javax.net.ssl.SSLSession#getPeerPrincipal() 77 */ 78 public void test_getPeerPrincipal() throws Exception { 79 Principal p1 = clientSession.getPeerPrincipal(); 80 KeyStore store = server.getStore(); 81 X509Certificate cert = (X509Certificate)store.getCertificate("mykey"); 82 Principal p2 = cert.getSubjectX500Principal(); 83 assertEquals(p1, p2); 84 } 85 86 /** 87 * javax.net.ssl.SSLSession#getApplicationBufferSize() 88 */ 89 public void test_getApplicationBufferSize() { 90 assertTrue(clientSession.getApplicationBufferSize() > 0); 91 } 92 93 /** 94 * javax.net.ssl.SSLSession#getCipherSuite() 95 */ 96 public void test_getCipherSuite() { 97 // Identify the expected cipher suite from the expected list of cipher suites enabled by 98 // default. 99 // This test class initializes the server with an RSA key. Thus, only cipher suites that 100 // authenticate the server using RSA are expected to be used. 101 String expectedCipherSuite = null; 102 for (String cipherSuite : StandardNames.CIPHER_SUITES_DEFAULT) { 103 if (cipherSuite.contains("_RSA_")) { 104 expectedCipherSuite = cipherSuite; 105 break; 106 } 107 } 108 if (expectedCipherSuite == null) { 109 fail("Failed to identify expected cipher suite"); 110 } 111 assertEquals(expectedCipherSuite, clientSession.getCipherSuite()); 112 } 113 114 /** 115 * javax.net.ssl.SSLSession#getCreationTime() 116 */ 117 public void test_getCreationTime() { 118 // check if creation time was in the last 10 seconds 119 long currentTime = System.currentTimeMillis(); 120 long sessionTime = clientSession.getCreationTime(); 121 long diff = currentTime - sessionTime; 122 assertTrue("diff between " + currentTime + " and " + sessionTime + " should be < 10000", 123 diff < 10000); 124 } 125 126 /** 127 * javax.net.ssl.SSLSession#getId() 128 */ 129 public void test_getId() throws Exception { 130 byte[] id = clientSession.getId(); 131 SSLSession sess = clientSslContext.getClientSessionContext().getSession(id); 132 assertNotNull("Could not find session for id " + id, sess); 133 if (clientSession instanceof ExtendedSSLSession) { 134 assertTrue(sess instanceof ExtendedSSLSession); 135 assertExtendedSSLSessionsEqual((ExtendedSSLSession) clientSession, 136 (ExtendedSSLSession) sess); 137 } else { 138 assertSSLSessionsEqual(clientSession, sess); 139 } 140 } 141 142 /** 143 * javax.net.ssl.SSLSession#getLastAccessedTime() 144 */ 145 public void test_getLastAccessedTime() { 146 // check if last access time was in the last 10 seconds 147 long currentTime = System.currentTimeMillis(); 148 long sessionTime = clientSession.getLastAccessedTime(); 149 long diff = currentTime - sessionTime; 150 assertTrue("diff between " + currentTime + " and " + sessionTime + " should be < 10000", 151 diff < 10000); 152 assertTrue ("diff should be < 10000 but is " + diff, diff < 10000); 153 } 154 155 /** 156 * javax.net.ssl.SSLSession#getLocalCertificates() 157 */ 158 public void test_getLocalCertificates() throws Exception { 159 KeyStore store = client.getStore(); 160 Certificate cert = store.getCertificate("mykey"); 161 Certificate[] certs = clientSession.getLocalCertificates(); 162 assertEquals(cert, certs[0]); 163 } 164 165 /** 166 * javax.net.ssl.SSLSession#getLocalPrincipal() 167 */ 168 public void test_getLocalPrincipal() throws Exception { 169 Principal p1 = clientSession.getLocalPrincipal(); 170 KeyStore store = client.getStore(); 171 X509Certificate cert = (X509Certificate)store.getCertificate("mykey"); 172 Principal p2 = cert.getSubjectX500Principal(); 173 assertEquals(p1, p2); 174 } 175 176 /** 177 * javax.net.ssl.SSLSession#getPacketBufferSize() 178 */ 179 public void test_getPacketBufferSize() { 180 assertTrue(clientSession.getPacketBufferSize() > 0); 181 } 182 183 /** 184 * javax.net.ssl.SSLSession#getPeerCertificates() 185 */ 186 public void test_getPeerCertificates() throws Exception { 187 Certificate[] res = clientSession.getPeerCertificates(); 188 assertTrue(res.length > 0); 189 } 190 191 /** 192 * javax.net.ssl.SSLSession#getPeerCertificateChain() 193 */ 194 public void test_getPeerCertificateChain() throws Exception { 195 javax.security.cert.X509Certificate[] res = clientSession.getPeerCertificateChain(); 196 assertTrue(res.length > 0); 197 } 198 199 /** 200 * javax.net.ssl.SSLSession#getProtocol() 201 */ 202 public void test_getProtocol() { 203 assertEquals("TLSv1.2", clientSession.getProtocol()); 204 } 205 206 /** 207 * javax.net.ssl.SSLSession#getSessionContext() 208 */ 209 public void test_getSessionContext() { 210 assertEquals(clientSession.getSessionContext(), 211 clientSslContext.getClientSessionContext()); 212 } 213 214 /** 215 * javax.net.ssl.SSLSession#putValue(String name, Object value) 216 * javax.net.ssl.SSLSession#removeValue(String name) 217 * javax.net.ssl.SSLSession#getValueNames() 218 */ 219 public void test_putValue() { 220 SSLSession s = clientSession; 221 mySSLSessionBindingListener sbl = new mySSLSessionBindingListener(); 222 assertNotNull(s.getValueNames()); 223 assertEquals(0, s.getValueNames().length); 224 s.putValue("Name_01", sbl); 225 s.putValue("Name_02", sbl); 226 s.putValue("Name_03", sbl); 227 assertEquals(3, s.getValueNames().length); 228 s.removeValue("Name_01"); 229 assertEquals(2, s.getValueNames().length); 230 231 try { 232 s.putValue(null, null); 233 fail("IllegalArgumentException wasn't thrown"); 234 } catch (IllegalArgumentException expected) { 235 // expected 236 } 237 try { 238 s.putValue("ABC", null); 239 fail("IllegalArgumentException wasn't thrown"); 240 } catch (IllegalArgumentException expected) { 241 // expected 242 } 243 try { 244 s.putValue(null, sbl); 245 fail("IllegalArgumentException wasn't thrown"); 246 } catch (IllegalArgumentException expected) { 247 // expected 248 } 249 250 try { 251 s.removeValue(null); 252 fail("IllegalArgumentException wasn't thrown"); 253 } catch (IllegalArgumentException expected) { 254 // expected 255 } 256 } 257 258 /** 259 * javax.net.ssl.SSLSession#getValue(String name) 260 */ 261 public void test_getValue() { 262 SSLSession s = clientSession; 263 mySSLSessionBindingListener sbl = new mySSLSessionBindingListener(); 264 265 try { 266 s.getValue(null); 267 fail("IllegalArgumentException wasn't thrown"); 268 } catch (IllegalArgumentException expected) { 269 // expected 270 } 271 272 s.putValue("Name", sbl); 273 Object obj = s.getValue("Name"); 274 assertTrue(obj instanceof SSLSessionBindingListener); 275 } 276 277 Thread serverThread, clientThread; 278 TestServer server; 279 TestClient client; 280 281 @Override 282 protected void setUp() throws Exception { 283 String serverKeys = (useBKS ? SERVER_KEYS_BKS : SERVER_KEYS_JKS); 284 String clientKeys = (useBKS ? CLIENT_KEYS_BKS : CLIENT_KEYS_JKS); 285 server = new TestServer(true, TestServer.CLIENT_AUTH_WANTED, serverKeys); 286 client = new TestClient(true, clientKeys); 287 288 serverThread = new Thread(server); 289 clientThread = new Thread(client); 290 291 serverThread.start(); 292 try { 293 Thread.currentThread().sleep(1000); 294 clientThread.start(); 295 } catch (InterruptedException e) { 296 fail("Could not create server or cient " + e.getMessage()); 297 } 298 while (clientSession == null 299 && server.exception == null 300 && client.exception == null) { 301 try { 302 Thread.currentThread().sleep(500); 303 } catch (InterruptedException e) { 304 fail("couldn't create session"); 305 } 306 } 307 if (server.exception != null) { 308 server.exception.printStackTrace(); 309 } 310 assertNull("server thread has a pending exception: " + server.exception, 311 server.exception); 312 if (client.exception != null) { 313 client.exception.printStackTrace(); 314 } 315 assertNull("client thread has a pending exception: " + client.exception, 316 client.exception); 317 assertNotNull("Could not initialize session", clientSession); 318 } 319 320 @Override 321 protected void tearDown() { 322 notFinished = false; 323 try { 324 serverThread.join(); 325 } catch (InterruptedException e) { 326 throw new RuntimeException(e); 327 } 328 try { 329 clientThread.join(); 330 } catch (InterruptedException e) { 331 throw new RuntimeException(e); 332 } 333 334 // The server must have completed without an exception. 335 if (server.getException() != null) { 336 throw new RuntimeException(server.getException()); 337 } 338 339 // The client must have completed without an exception. 340 if (client.getException() != null) { 341 throw new RuntimeException(client.getException()); 342 } 343 } 344 345 public class mySSLSessionBindingListener implements 346 SSLSessionBindingListener { 347 mySSLSessionBindingListener() { 348 } 349 public void valueBound(SSLSessionBindingEvent event) {} 350 public void valueUnbound(SSLSessionBindingEvent event) {} 351 } 352 353 /** 354 * Defines the keystore contents for the server, BKS version. Holds just a 355 * single self-generated key. The subject name is "Test Server". 356 */ 357 private static final String SERVER_KEYS_BKS = 358 "AAAAAQAAABQDkebzoP1XwqyWKRCJEpn/t8dqIQAABDkEAAVteWtleQAAARpYl20nAAAAAQAFWC41" 359 + "MDkAAAJNMIICSTCCAbKgAwIBAgIESEfU1jANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET" 360 + "MBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNV" 361 + "BAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgU2VydmVyMB4XDTA4MDYwNTExNTgxNFoXDTA4MDkw" 362 + "MzExNTgxNFowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01U" 363 + "VjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRQwEgYDVQQDEwtUZXN0IFNlcnZl" 364 + "cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LIdKaIr9/vsTq8BZlA3R+NFWRaH4lGsTAQy" 365 + "DPMF9ZqEDOaL6DJuu0colSBBBQ85hQTPa9m9nyJoN3pEi1hgamqOvQIWcXBk+SOpUGRZZFXwniJV" 366 + "zDKU5nE9MYgn2B9AoiH3CSuMz6HRqgVaqtppIe1jhukMc/kHVJvlKRNy9XMCAwEAATANBgkqhkiG" 367 + "9w0BAQUFAAOBgQC7yBmJ9O/eWDGtSH9BH0R3dh2NdST3W9hNZ8hIa8U8klhNHbUCSSktZmZkvbPU" 368 + "hse5LI3dh6RyNDuqDrbYwcqzKbFJaq/jX9kCoeb3vgbQElMRX8D2ID1vRjxwlALFISrtaN4VpWzV" 369 + "yeoHPW4xldeZmoVtjn8zXNzQhLuBqX2MmAAAAqwAAAAUvkUScfw9yCSmALruURNmtBai7kQAAAZx" 370 + "4Jmijxs/l8EBaleaUru6EOPioWkUAEVWCxjM/TxbGHOi2VMsQWqRr/DZ3wsDmtQgw3QTrUK666sR" 371 + "MBnbqdnyCyvM1J2V1xxLXPUeRBmR2CXorYGF9Dye7NkgVdfA+9g9L/0Au6Ugn+2Cj5leoIgkgApN" 372 + "vuEcZegFlNOUPVEs3SlBgUF1BY6OBM0UBHTPwGGxFBBcetcuMRbUnu65vyDG0pslT59qpaR0TMVs" 373 + "P+tcheEzhyjbfM32/vwhnL9dBEgM8qMt0sqF6itNOQU/F4WGkK2Cm2v4CYEyKYw325fEhzTXosck" 374 + "MhbqmcyLab8EPceWF3dweoUT76+jEZx8lV2dapR+CmczQI43tV9btsd1xiBbBHAKvymm9Ep9bPzM" 375 + "J0MQi+OtURL9Lxke/70/MRueqbPeUlOaGvANTmXQD2OnW7PISwJ9lpeLfTG0LcqkoqkbtLKQLYHI" 376 + "rQfV5j0j+wmvmpMxzjN3uvNajLa4zQ8l0Eok9SFaRr2RL0gN8Q2JegfOL4pUiHPsh64WWya2NB7f" 377 + "V+1s65eA5ospXYsShRjo046QhGTmymwXXzdzuxu8IlnTEont6P4+J+GsWk6cldGbl20hctuUKzyx" 378 + "OptjEPOKejV60iDCYGmHbCWAzQ8h5MILV82IclzNViZmzAapeeCnexhpXhWTs+xDEYSKEiG/camt" 379 + "bhmZc3BcyVJrW23PktSfpBQ6D8ZxoMfF0L7V2GQMaUg+3r7ucrx82kpqotjv0xHghNIm95aBr1Qw" 380 + "1gaEjsC/0wGmmBDg1dTDH+F1p9TInzr3EFuYD0YiQ7YlAHq3cPuyGoLXJ5dXYuSBfhDXJSeddUkl" 381 + "k1ufZyOOcskeInQge7jzaRfmKg3U94r+spMEvb0AzDQVOKvjjo1ivxMSgFRZaDb/4qw="; 382 383 /** 384 * Defines the keystore contents for the client, BKS version. Holds just a 385 * single self-generated key. The subject name is "Test Client". 386 */ 387 private static final String CLIENT_KEYS_BKS = 388 "AAAAAQAAABT4Rka6fxbFps98Y5k2VilmbibNkQAABfQEAAVteWtleQAAARpYl+POAAAAAQAFWC41" 389 + "MDkAAAJNMIICSTCCAbKgAwIBAgIESEfU9TANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET" 390 + "MBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNV" 391 + "BAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgQ2xpZW50MB4XDTA4MDYwNTExNTg0NVoXDTA4MDkw" 392 + "MzExNTg0NVowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01U" 393 + "VjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRQwEgYDVQQDEwtUZXN0IENsaWVu" 394 + "dDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApUvmWsQDHPpbDKK13Yez2/q54tTOmRml/qva" 395 + "2K6dZjkjSTW0iRuk7ztaVEvdJpfVIDv1oBsCI51ttyLHROy1epjF+GoL74mJb7fkcd0VOoSOTjtD" 396 + "+3GgZkHPAm5YmUYxiJXqxKKJJqMCTIW46eJaA2nAep9QIwZ14/NFAs4ObV8CAwEAATANBgkqhkiG" 397 + "9w0BAQUFAAOBgQCJrCr3hZQFDlLIfsSKI1/w+BLvyf4fubOid0pBxfklR8KBNPTiqjSmu7pd/C/F" 398 + "1FR8CdZUDoPflZHCOU+fj5r5KUC1HyigY/tEUvlforBpfB0uCF+tXW4DbUfOWhfMtLV4nCOJOOZg" 399 + "awfZLJWBJouLKOp427vDftxTSB+Ks8YjlgAAAqwAAAAU+NH6TtrzjyDdCXm5B6Vo7xX5G4YAAAZx" 400 + "EAUkcZtmykn7YdaYxC1jRFJ+GEJpC8nZVg83QClVuCSIS8a5f8Hl44Bk4oepOZsPzhtz3RdVzDVi" 401 + "RFfoyZFsrk9F5bDTVJ6sQbb/1nfJkLhZFXokka0vND5AXMSoD5Bj1Fqem3cK7fSUyqKvFoRKC3XD" 402 + "FQvhqoam29F1rbl8FaYdPvhhZo8TfZQYUyUKwW+RbR44M5iHPx+ykieMe/C/4bcM3z8cwIbYI1aO" 403 + "gjQKS2MK9bs17xaDzeAh4sBKrskFGrDe+2dgvrSKdoakJhLTNTBSG6m+rzqMSCeQpafLKMSjTSSz" 404 + "+KoQ9bLyax8cbvViGGju0SlVhquloZmKOfHr8TukIoV64h3uCGFOVFtQjCYDOq6NbfRvMh14UVF5" 405 + "zgDIGczoD9dMoULWxBmniGSntoNgZM+QP6Id7DBasZGKfrHIAw3lHBqcvB5smemSu7F4itRoa3D8" 406 + "N7hhUEKAc+xA+8NKmXfiCBoHfPHTwDvt4IR7gWjeP3Xv5vitcKQ/MAfO5RwfzkYCXQ3FfjfzmsE1" 407 + "1IfLRDiBj+lhQSulhRVStKI88Che3M4JUNGKllrc0nt1pWa1vgzmUhhC4LSdm6trTHgyJnB6OcS9" 408 + "t2furYjK88j1AuB4921oxMxRm8c4Crq8Pyuf+n3YKi8Pl2BzBtw++0gj0ODlgwut8SrVj66/nvIB" 409 + "jN3kLVahR8nZrEFF6vTTmyXi761pzq9yOVqI57wJGx8o3Ygox1p+pWUPl1hQR7rrhUbgK/Q5wno9" 410 + "uJk07h3IZnNxE+/IKgeMTP/H4+jmyT4mhsexJ2BFHeiKF1KT/FMcJdSi+ZK5yoNVcYuY8aZbx0Ef" 411 + "lHorCXAmLFB0W6Cz4KPP01nD9YBB4olxiK1t7m0AU9zscdivNiuUaB5OIEr+JuZ6dNw="; 412 413 /** 414 * Defines the keystore contents for the server, JKS version. Holds just a 415 * single self-generated key. The subject name is "Test Server". 416 */ 417 private static final String SERVER_KEYS_JKS = 418 "/u3+7QAAAAIAAAABAAAAAQAFbXlrZXkAAAEaWFfBeAAAArowggK2MA4GCisGAQQBKgIRAQEFAASC" 419 + "AqI2kp5XjnF8YZkhcF92YsJNQkvsmH7zqMM87j23zSoV4DwyE3XeC/gZWq1ToScIhoqZkzlbWcu4" 420 + "T/Zfc/DrfGk/rKbBL1uWKGZ8fMtlZk8KoAhxZk1JSyJvdkyKxqmzUbxk1OFMlN2VJNu97FPVH+du" 421 + "dvjTvmpdoM81INWBW/1fZJeQeDvn4mMbbe0IxgpiLnI9WSevlaDP/sm1X3iO9yEyzHLL+M5Erspo" 422 + "Cwa558fOu5DdsICMXhvDQxjWFKFhPHnKtGe+VvwkG9/bAaDgx3kfhk0w5zvdnkKb+8Ed9ylNRzdk" 423 + "ocAa/mxlMTOsTvDKXjjsBupNPIIj7OP4GNnZaxkJjSs98pEO67op1GX2qhy6FSOPNuq8k/65HzUc" 424 + "PYn6voEeh6vm02U/sjEnzRevQ2+2wXoAdp0EwtQ/DlMe+NvcwPGWKuMgX4A4L93DZGb04N2VmAU3" 425 + "YLOtZwTO0LbuWrcCM/q99G/7LcczkxIVrO2I/rh8RXVczlf9QzcrFObFv4ATuspWJ8xG7DhsMbnk" 426 + "rT94Pq6TogYeoz8o8ZMykesAqN6mt/9+ToIemmXv+e+KU1hI5oLwWMnUG6dXM6hIvrULY6o+QCPH" 427 + "172YQJMa+68HAeS+itBTAF4Clm/bLn6reHCGGU6vNdwU0lYldpiOj9cB3t+u2UuLo6tiFWjLf5Zs" 428 + "EQJETd4g/EK9nHxJn0GAKrWnTw7pEHQJ08elzUuy04C/jEEG+4QXU1InzS4o/kR0Sqz2WTGDoSoq" 429 + "ewuPRU5bzQs/b9daq3mXrnPtRBL6HfSDAdpTK76iHqLCGdqx3avHjVSBm4zFvEuYBCev+3iKOBmg" 430 + "yh7eQRTjz4UOWfy85omMBr7lK8PtfVBDzOXpasxS0uBgdUyBDX4tO6k9jZ8a1kmQRQAAAAEABVgu" 431 + "NTA5AAACSDCCAkQwggGtAgRIR8SKMA0GCSqGSIb3DQEBBAUAMGkxCzAJBgNVBAYTAlVTMRMwEQYD" 432 + "VQQIEwpDYWxpZm9ybmlhMQwwCgYDVQQHEwNNVFYxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMH" 433 + "QW5kcm9pZDEUMBIGA1UEAxMLVGVzdCBTZXJ2ZXIwHhcNMDgwNjA1MTA0ODQyWhcNMDgwOTAzMTA0" 434 + "ODQyWjBpMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8w" 435 + "DQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgU2VydmVyMIGf" 436 + "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwoC6chqCI84rj1PrXuJgbiit4EV909zR6N0jNlYfg" 437 + "itwB39bP39wH03rFm8T59b3mbSptnGmCIpLZn25KPPFsYD3JJ+wFlmiUdEP9H05flfwtFQJnw9uT" 438 + "3rRIdYVMPcQ3RoZzwAMliGr882I2thIDbA6xjGU/1nRIdvk0LtxH3QIDAQABMA0GCSqGSIb3DQEB" 439 + "BAUAA4GBAJn+6YgUlY18Ie+0+Vt8oEi81DNi/bfPrAUAh63fhhBikx/3R9dl3wh09Z6p7cIdNxjW" 440 + "n2ll+cRW9eqF7z75F0Omm0C7/KAEPjukVbszmzeU5VqzkpSt0j84YWi+TfcHRrfvhLbrlmGITVpY" 441 + "ol5pHLDyqGmDs53pgwipWqsn/nEXEBgj3EoqPeqHbDf7YaP8h/5BSt0="; 442 443 /** 444 * Defines the keystore contents for the client, JKS version. Holds just a 445 * single self-generated key. The subject name is "Test Client". 446 */ 447 private static final String CLIENT_KEYS_JKS = 448 "/u3+7QAAAAIAAAABAAAAAQAFbXlrZXkAAAEaWFhyMAAAArkwggK1MA4GCisGAQQBKgIRAQEFAASC" 449 + "AqGVSfXolBStZy4nnRNn4fAr+S7kfU2BS23wwW8uB2Ru3GvtLzlK9q08Gvq/LNqBafjyFTVL5FV5" 450 + "SED/8YomO5a98GpskSeRvytCiTBLJdgGhws5TOGekgIAcBROPGIyOtJPQ0HfOQs+BqgzGDHzHQhw" 451 + "u/8Tm6yQwiP+W/1I9B1QnaEztZA3mhTyMMJsmsFTYroGgAog885D5Cmzd8sYGfxec3R6I+xcmBAY" 452 + "eibR5kGpWwt1R+qMvRrtBqh5r6WSKhCBNax+SJVbtUNRiKyjKccdJg6fGqIWWeivwYTy0OhjA6b4" 453 + "NiZ/ZZs5pxFGWUj/Rlp0RYy8fCF6aw5/5s4Bf4MI6dPSqMG8Hf7sJR91GbcELyzPdM0h5lNavgit" 454 + "QPEzKeuDrGxhY1frJThBsNsS0gxeu+OgfJPEb/H4lpYX5IvuIGbWKcxoO9zq4/fimIZkdA8A+3eY" 455 + "mfDaowvy65NBVQPJSxaOyFhLHfeLqOeCsVENAea02vA7andZHTZehvcrqyKtm+z8ncHGRC2H9H8O" 456 + "jKwKHfxxrYY/jMAKLl00+PBb3kspO+BHI2EcQnQuMw/zr83OR9Meq4TJ0TMuNkApZELAeFckIBbS" 457 + "rBr8NNjAIfjuCTuKHhsTFWiHfk9ZIzigxXagfeDRiyVc6khOuF/bGorj23N2o7Rf3uLoU6PyXWi4" 458 + "uhctR1aL6NzxDoK2PbYCeA9hxbDv8emaVPIzlVwpPK3Ruvv9mkjcOhZ74J8bPK2fQmbplbOljcZi" 459 + "tZijOfzcO/11JrwhuJZRA6wanTqHoujgChV9EukVrmbWGGAcewFnAsSbFXIik7/+QznXaDIt5NgL" 460 + "H/Bcz4Z/fdV7Ae1eUaxKXdPbI//4J+8liVT/d8awjW2tldIaDlmGMR3aoc830+3mAAAAAQAFWC41" 461 + "MDkAAAJIMIICRDCCAa0CBEhHxLgwDQYJKoZIhvcNAQEEBQAwaTELMAkGA1UEBhMCVVMxEzARBgNV" 462 + "BAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01UVjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdB" 463 + "bmRyb2lkMRQwEgYDVQQDEwtUZXN0IENsaWVudDAeFw0wODA2MDUxMDQ5MjhaFw0wODA5MDMxMDQ5" 464 + "MjhaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQwwCgYDVQQHEwNNVFYxDzAN" 465 + "BgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHQW5kcm9pZDEUMBIGA1UEAxMLVGVzdCBDbGllbnQwgZ8w" 466 + "DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIK3Q+KiFbmCGg422TAo4gggdhMH6FJhiuz8DxRyeMKR" 467 + "UAfP4MK0wtc8N42waZ6OKvxpBFUy0BRfBsX0GD4Ku99yu9/tavSigTraeJtwV3WWRRjIqk7L3wX5" 468 + "cmgS2KSD43Y0rNUKrko26lnt9N4qiYRBSj+tcAN3Lx9+ptqk1LApAgMBAAEwDQYJKoZIhvcNAQEE" 469 + "BQADgYEANb7Q1GVSuy1RPJ0FmiXoMYCCtvlRLkmJphwxovK0cAQK12Vll+yAzBhHiQHy/RA11mng" 470 + "wYudC7u3P8X/tBT8GR1Yk7QW3KgFyPafp3lQBBCraSsfrjKj+dCLig1uBLUr4f68W8VFWZWWTHqp" 471 + "NMGpCX6qmjbkJQLVK/Yfo1ePaUexPSOX0G9m8+DoV3iyNw6at01NRw=="; 472 473 474 SSLServerSocket serverSocket; 475 MyHandshakeListener listener; 476 String host = "localhost"; 477 boolean notFinished = true; 478 SSLSession clientSession = null; 479 SSLContext clientSslContext = null; 480 String testData = "PING"; 481 482 private String PASSWORD = "android"; 483 484 /** 485 * Implements a test SSL socket server. It waits for a connection on a given 486 * port, requests client authentication (if specified), reads from the socket, 487 * and writes to the socket. 488 */ 489 class TestServer implements Runnable { 490 491 public static final int CLIENT_AUTH_NONE = 0; 492 493 public static final int CLIENT_AUTH_WANTED = 1; 494 495 public static final int CLIENT_AUTH_NEEDED = 2; 496 497 private TestTrustManager trustManager; 498 499 private Exception exception; 500 501 String keys; 502 503 private int clientAuth; 504 505 private boolean provideKeys; 506 507 private KeyStore store; 508 509 public TestServer(boolean provideKeys, int clientAuth, String keys) throws Exception { 510 this.keys = keys; 511 this.clientAuth = clientAuth; 512 this.provideKeys = provideKeys; 513 514 trustManager = new TestTrustManager(); 515 516 store = provideKeys ? getKeyStore(keys) : null; 517 KeyManager[] keyManagers = store != null ? getKeyManagers(store) : null; 518 TrustManager[] trustManagers = new TrustManager[] { trustManager }; 519 520 SSLContext sslContext = SSLContext.getInstance("TLS"); 521 sslContext.init(keyManagers, trustManagers, null); 522 523 serverSocket = (SSLServerSocket)sslContext.getServerSocketFactory().createServerSocket(); 524 525 if (clientAuth == CLIENT_AUTH_WANTED) { 526 serverSocket.setWantClientAuth(true); 527 } else if (clientAuth == CLIENT_AUTH_NEEDED) { 528 serverSocket.setNeedClientAuth(true); 529 } else { 530 serverSocket.setWantClientAuth(false); 531 } 532 533 serverSocket.bind(null); 534 } 535 536 public void run() { 537 try { 538 SSLSocket clientSocket = (SSLSocket)serverSocket.accept(); 539 540 InputStream istream = clientSocket.getInputStream(); 541 byte[] buffer = new byte[1024]; 542 istream.read(buffer); 543 544 OutputStream ostream = clientSocket.getOutputStream(); 545 ostream.write(testData.getBytes()); 546 ostream.flush(); 547 548 while (notFinished) { 549 Thread.currentThread().sleep(500); 550 } 551 552 clientSocket.close(); 553 serverSocket.close(); 554 555 } catch (Exception ex) { 556 exception = ex; 557 } 558 } 559 560 public Exception getException() { 561 return exception; 562 } 563 564 public javax.security.cert.X509Certificate[] getChain() { 565 return trustManager.getChain(); 566 } 567 568 public KeyStore getStore() { 569 return store; 570 } 571 572 } 573 574 /** 575 * Implements a test SSL socket client. It opens a connection to localhost on 576 * a given port, writes to the socket, and reads from the socket. 577 */ 578 class TestClient implements Runnable { 579 580 private TestTrustManager trustManager; 581 582 private Exception exception; 583 584 private String keys; 585 586 private boolean provideKeys; 587 588 private KeyStore store; 589 590 public TestClient(boolean provideKeys, String keys) { 591 this.keys = keys; 592 this.provideKeys = provideKeys; 593 594 trustManager = new TestTrustManager(); 595 } 596 597 public void run() { 598 try { 599 store = provideKeys ? getKeyStore(keys) : null; 600 KeyManager[] keyManagers = store != null ? getKeyManagers(store) : null; 601 TrustManager[] trustManagers = new TrustManager[] { trustManager }; 602 603 clientSslContext = SSLContext.getInstance("TLS"); 604 clientSslContext.init(keyManagers, trustManagers, null); 605 606 SSLSocket socket = (SSLSocket)clientSslContext.getSocketFactory().createSocket(); 607 608 socket.connect(serverSocket.getLocalSocketAddress()); 609 OutputStream ostream = socket.getOutputStream(); 610 ostream.write(testData.getBytes()); 611 ostream.flush(); 612 613 InputStream istream = socket.getInputStream(); 614 byte[] buffer = new byte[1024]; 615 istream.read(buffer); 616 617 clientSession = socket.getSession(); 618 while (notFinished) { 619 Thread.currentThread().sleep(500); 620 } 621 socket.close(); 622 623 } catch (Exception ex) { 624 exception = ex; 625 } 626 } 627 628 public Exception getException() { 629 return exception; 630 } 631 632 public javax.security.cert.X509Certificate[] getChain() { 633 return trustManager.getChain(); 634 } 635 636 public KeyStore getStore() { 637 return store; 638 } 639 } 640 641 /** 642 * Loads a keystore from a base64-encoded String. Returns the KeyManager[] 643 * for the result. 644 */ 645 private KeyStore getKeyStore(String keys) throws Exception { 646 byte[] bytes = Base64.decode(keys.getBytes()); 647 InputStream inputStream = new ByteArrayInputStream(bytes); 648 649 KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 650 keyStore.load(inputStream, PASSWORD.toCharArray()); 651 inputStream.close(); 652 return keyStore; 653 } 654 655 /** 656 * Loads a keystore from a base64-encoded String. Returns the KeyManager[] 657 * for the result. 658 */ 659 private KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception { 660 String algorithm = KeyManagerFactory.getDefaultAlgorithm(); 661 KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(algorithm); 662 keyManagerFactory.init(keyStore, PASSWORD.toCharArray()); 663 664 return keyManagerFactory.getKeyManagers(); 665 } 666 667 public static void assertSSLSessionsEqual(SSLSession a, SSLSession b) throws Exception { 668 assertEquals(a.getApplicationBufferSize(), b.getApplicationBufferSize()); 669 assertEquals(a.getCipherSuite(), b.getCipherSuite()); 670 assertEquals(a.getCreationTime(), b.getCreationTime()); 671 assertEquals(Arrays.toString(a.getId()), Arrays.toString(b.getId())); 672 assertEquals(a.getLastAccessedTime(), b.getLastAccessedTime()); 673 assertEquals(Arrays.toString(a.getLocalCertificates()), 674 Arrays.toString(b.getLocalCertificates())); 675 assertEquals(a.getLocalPrincipal(), b.getLocalPrincipal()); 676 assertEquals(a.getPacketBufferSize(), b.getPacketBufferSize()); 677 assertEquals(Arrays.toString(a.getPeerCertificateChain()), 678 Arrays.toString(b.getPeerCertificateChain())); 679 assertEquals(Arrays.toString(a.getPeerCertificates()), 680 Arrays.toString(b.getPeerCertificates())); 681 assertEquals(a.getPeerHost(), b.getPeerHost()); 682 assertEquals(a.getPeerPort(), b.getPeerPort()); 683 assertEquals(a.getPeerPrincipal(), b.getPeerPrincipal()); 684 assertEquals(a.getProtocol(), b.getProtocol()); 685 assertEquals(Arrays.toString(a.getValueNames()), Arrays.toString(b.getValueNames())); 686 for (String name : a.getValueNames()) { 687 assertEquals(a.getValue(name), b.getValue(name)); 688 } 689 } 690 691 private static void assertExtendedSSLSessionsEqual(ExtendedSSLSession a, ExtendedSSLSession b) 692 throws Exception { 693 assertSSLSessionsEqual(a, b); 694 assertEquals(Arrays.toString(a.getLocalSupportedSignatureAlgorithms()), 695 Arrays.toString(b.getLocalSupportedSignatureAlgorithms())); 696 assertEquals(Arrays.toString(a.getPeerSupportedSignatureAlgorithms()), 697 Arrays.toString(b.getPeerSupportedSignatureAlgorithms())); 698 699 if (a.getRequestedServerNames() == null) { 700 assertNull(b.getRequestedServerNames()); 701 } else { 702 assertEquals(a.getRequestedServerNames().size(), b.getRequestedServerNames().size()); 703 for (int i = 0; i < a.getRequestedServerNames().size(); i++) { 704 assertEquals(a.getRequestedServerNames().get(i), 705 b.getRequestedServerNames().get(i)); 706 } 707 } 708 } 709 } 710
