/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package tests.api.javax.net.ssl;
import dalvik.annotation.AndroidOnly;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.cert.X509Certificate;
import junit.framework.TestCase;
import libcore.io.Base64;
import org.apache.harmony.xnet.tests.support.mySSLSession;
/**
* Tests for <code>HandshakeCompletedEvent</code> class constructors and methods.
*
*/
public class HandshakeCompletedEventTest extends TestCase {
private String certificate = "-----BEGIN CERTIFICATE-----\n"
+ "MIICZTCCAdICBQL3AAC2MA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw\n"
+ "HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl\n"
+ "IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NzAyMjAwMDAwMDBa\n"
+ "Fw05ODAyMjAyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv\n"
+ "cm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMR8wHQYDVQQKExZTdW4gTWljcm9zeXN0\n"
+ "ZW1zLCBJbmMuMSEwHwYDVQQLExhUZXN0IGFuZCBFdmFsdWF0aW9uIE9ubHkxGjAY\n"
+ "BgNVBAMTEWFyZ29uLmVuZy5zdW4uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n"
+ "iQKBgQCofmdY+PiUWN01FOzEewf+GaG+lFf132UpzATmYJkA4AEA/juW7jSi+LJk\n"
+ "wJKi5GO4RyZoyimAL/5yIWDV6l1KlvxyKslr0REhMBaD/3Z3EsLTTEf5gVrQS6sT\n"
+ "WMoSZAyzB39kFfsB6oUXNtV8+UKKxSxKbxvhQn267PeCz5VX2QIDAQABMA0GCSqG\n"
+ "SIb3DQEBAgUAA34AXl3at6luiV/7I9MN5CXYoPJYI8Bcdc1hBagJvTMcmlqL2uOZ\n"
+ "H9T5hNMEL9Tk6aI7yZPXcw/xI2K6pOR/FrMp0UwJmdxX7ljV6ZtUZf7pY492UqwC\n"
+ "1777XQ9UEZyrKJvF5ntleeO0ayBqLGVKCWzWZX9YsXCpv47FNLZbupE=\n"
+ "-----END CERTIFICATE-----\n";
/**
* @throws IOException
* javax.net.ssl.HandshakeCompletedEvent#HandshakeCompletedEvent(SSLSocket sock, SSLSession s)
*/
public final void test_Constructor() throws Exception {
mySSLSession session = new mySSLSession();
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
try {
new HandshakeCompletedEvent(null, null);
fail("Any exception wasn't thrown for null parameters");
} catch (Exception expected) {
}
}
/**
* @throws IOException
* javax.net.ssl.HandshakeCompletedEvent#getCipherSuite()
*/
public final void test_getCipherSuite() throws Exception {
mySSLSession session = new mySSLSession("localhost", 1080, null);
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
assertEquals("SuiteName", event.getCipherSuite());
}
/**
* @throws IOException
* javax.net.ssl.HandshakeCompletedEvent#getLocalCertificates()
*/
public final void test_getLocalCertificates() throws Exception {
mySSLSession session = new mySSLSession("localhost", 1080, null);
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
assertNull(event.getLocalCertificates());
}
/**
* @throws IOException
* javax.net.ssl.HandshakeCompletedEvent#getLocalPrincipal()
*/
public final void test_getLocalPrincipal() throws Exception {
mySSLSession session = new mySSLSession("localhost", 1080, null);
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
assertNull(event.getLocalPrincipal());
}
/**
* @throws IOException
* javax.net.ssl.HandshakeCompletedEvent#getPeerCertificateChain()
*/
public final void test_getPeerCertificateChain() throws Exception {
ByteArrayInputStream bis = new ByteArrayInputStream(certificate.getBytes());
mySSLSession session = new mySSLSession((X509Certificate[]) null);
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
try {
event.getPeerCertificateChain();
fail("SSLPeerUnverifiedException wasn't thrown");
} catch (SSLPeerUnverifiedException expected) {
}
X509Certificate xc = X509Certificate.getInstance(bis);
X509Certificate[] xcs = {xc};
session = new mySSLSession(xcs);
event = new HandshakeCompletedEvent(socket, session);
X509Certificate[] res = event.getPeerCertificateChain();
assertEquals(1, res.length);
}
/**
* @throws IOException
* javax.net.ssl.HandshakeCompletedEvent#getPeerCertificates()
*/
public final void test_getPeerCertificates() throws IOException {
mySSLSession session = new mySSLSession("localhost", 1080, null);
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
try {
event.getPeerCertificates();
fail("SSLPeerUnverifiedException wasn't thrown");
} catch (SSLPeerUnverifiedException expected) {
}
session = new mySSLSession((X509Certificate[]) null);
event = new HandshakeCompletedEvent(socket, session);
Certificate[] res = event.getPeerCertificates();
assertEquals(3, res.length);
}
/**
* @throws IOException
* javax.net.ssl.HandshakeCompletedEvent#getPeerPrincipal()
*/
public final void test_getPeerPrincipal() throws IOException {
mySSLSession session = new mySSLSession("localhost", 1080, null);
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
assertNull(event.getPeerPrincipal());
}
/**
* @throws IOException
* javax.net.ssl.HandshakeCompletedEvent#getSession()
*/
public final void test_getSession() throws IOException {
mySSLSession session = new mySSLSession("localhost", 1080, null);
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session);
SSLSession ss = event.getSession();
assertNotNull(ss);
assertEquals(session, ss);
}
/**
* @throws IOException
* javax.net.ssl.HandshakeCompletedEvent#getSocket()
*/
public final void test_getSocket() throws IOException {
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, null);
SSLSocket ss = event.getSocket();
assertNotNull(ss);
assertEquals(socket, ss);
}
// Regression test for CompletedHandshakeEvent not firing with a custom
// TrustManager
private SSLSocket socket;
private SSLServerSocket serverSocket;
private MyHandshakeListener listener;
private String host = "localhost";
private String PASSWORD = "android";
/**
* Defines the keystore contents for the server, BKS version. Holds just a
* single self-generated key. The subject name is "Test Server".
*/
private static final String SERVER_KEYS_BKS =
"AAAAAQAAABQDkebzoP1XwqyWKRCJEpn/t8dqIQAABDkEAAVteWtleQAAARpYl20nAAAAAQAFWC41"
+ "MDkAAAJNMIICSTCCAbKgAwIBAgIESEfU1jANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET"
+ "MBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNV"
+ "BAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgU2VydmVyMB4XDTA4MDYwNTExNTgxNFoXDTA4MDkw"
+ "MzExNTgxNFowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01U"
+ "VjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRQwEgYDVQQDEwtUZXN0IFNlcnZl"
+ "cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LIdKaIr9/vsTq8BZlA3R+NFWRaH4lGsTAQy"
+ "DPMF9ZqEDOaL6DJuu0colSBBBQ85hQTPa9m9nyJoN3pEi1hgamqOvQIWcXBk+SOpUGRZZFXwniJV"
+ "zDKU5nE9MYgn2B9AoiH3CSuMz6HRqgVaqtppIe1jhukMc/kHVJvlKRNy9XMCAwEAATANBgkqhkiG"
+ "9w0BAQUFAAOBgQC7yBmJ9O/eWDGtSH9BH0R3dh2NdST3W9hNZ8hIa8U8klhNHbUCSSktZmZkvbPU"
+ "hse5LI3dh6RyNDuqDrbYwcqzKbFJaq/jX9kCoeb3vgbQElMRX8D2ID1vRjxwlALFISrtaN4VpWzV"
+ "yeoHPW4xldeZmoVtjn8zXNzQhLuBqX2MmAAAAqwAAAAUvkUScfw9yCSmALruURNmtBai7kQAAAZx"
+ "4Jmijxs/l8EBaleaUru6EOPioWkUAEVWCxjM/TxbGHOi2VMsQWqRr/DZ3wsDmtQgw3QTrUK666sR"
+ "MBnbqdnyCyvM1J2V1xxLXPUeRBmR2CXorYGF9Dye7NkgVdfA+9g9L/0Au6Ugn+2Cj5leoIgkgApN"
+ "vuEcZegFlNOUPVEs3SlBgUF1BY6OBM0UBHTPwGGxFBBcetcuMRbUnu65vyDG0pslT59qpaR0TMVs"
+ "P+tcheEzhyjbfM32/vwhnL9dBEgM8qMt0sqF6itNOQU/F4WGkK2Cm2v4CYEyKYw325fEhzTXosck"
+ "MhbqmcyLab8EPceWF3dweoUT76+jEZx8lV2dapR+CmczQI43tV9btsd1xiBbBHAKvymm9Ep9bPzM"
+ "J0MQi+OtURL9Lxke/70/MRueqbPeUlOaGvANTmXQD2OnW7PISwJ9lpeLfTG0LcqkoqkbtLKQLYHI"
+ "rQfV5j0j+wmvmpMxzjN3uvNajLa4zQ8l0Eok9SFaRr2RL0gN8Q2JegfOL4pUiHPsh64WWya2NB7f"
+ "V+1s65eA5ospXYsShRjo046QhGTmymwXXzdzuxu8IlnTEont6P4+J+GsWk6cldGbl20hctuUKzyx"
+ "OptjEPOKejV60iDCYGmHbCWAzQ8h5MILV82IclzNViZmzAapeeCnexhpXhWTs+xDEYSKEiG/camt"
+ "bhmZc3BcyVJrW23PktSfpBQ6D8ZxoMfF0L7V2GQMaUg+3r7ucrx82kpqotjv0xHghNIm95aBr1Qw"
+ "1gaEjsC/0wGmmBDg1dTDH+F1p9TInzr3EFuYD0YiQ7YlAHq3cPuyGoLXJ5dXYuSBfhDXJSeddUkl"
+ "k1ufZyOOcskeInQge7jzaRfmKg3U94r+spMEvb0AzDQVOKvjjo1ivxMSgFRZaDb/4qw=";
/**
* Defines the keystore contents for the server, JKS version. Holds just a
* single self-generated key. The subject name is "Test Server".
*/
private static final String SERVER_KEYS_JKS =
"/u3+7QAAAAIAAAABAAAAAQAFbXlrZXkAAAEaWFfBeAAAArowggK2MA4GCisGAQQBKgIRAQEFAASC"
+ "AqI2kp5XjnF8YZkhcF92YsJNQkvsmH7zqMM87j23zSoV4DwyE3XeC/gZWq1ToScIhoqZkzlbWcu4"
+ "T/Zfc/DrfGk/rKbBL1uWKGZ8fMtlZk8KoAhxZk1JSyJvdkyKxqmzUbxk1OFMlN2VJNu97FPVH+du"
+ "dvjTvmpdoM81INWBW/1fZJeQeDvn4mMbbe0IxgpiLnI9WSevlaDP/sm1X3iO9yEyzHLL+M5Erspo"
+ "Cwa558fOu5DdsICMXhvDQxjWFKFhPHnKtGe+VvwkG9/bAaDgx3kfhk0w5zvdnkKb+8Ed9ylNRzdk"
+ "ocAa/mxlMTOsTvDKXjjsBupNPIIj7OP4GNnZaxkJjSs98pEO67op1GX2qhy6FSOPNuq8k/65HzUc"
+ "PYn6voEeh6vm02U/sjEnzRevQ2+2wXoAdp0EwtQ/DlMe+NvcwPGWKuMgX4A4L93DZGb04N2VmAU3"
+ "YLOtZwTO0LbuWrcCM/q99G/7LcczkxIVrO2I/rh8RXVczlf9QzcrFObFv4ATuspWJ8xG7DhsMbnk"
+ "rT94Pq6TogYeoz8o8ZMykesAqN6mt/9+ToIemmXv+e+KU1hI5oLwWMnUG6dXM6hIvrULY6o+QCPH"
+ "172YQJMa+68HAeS+itBTAF4Clm/bLn6reHCGGU6vNdwU0lYldpiOj9cB3t+u2UuLo6tiFWjLf5Zs"
+ "EQJETd4g/EK9nHxJn0GAKrWnTw7pEHQJ08elzUuy04C/jEEG+4QXU1InzS4o/kR0Sqz2WTGDoSoq"
+ "ewuPRU5bzQs/b9daq3mXrnPtRBL6HfSDAdpTK76iHqLCGdqx3avHjVSBm4zFvEuYBCev+3iKOBmg"
+ "yh7eQRTjz4UOWfy85omMBr7lK8PtfVBDzOXpasxS0uBgdUyBDX4tO6k9jZ8a1kmQRQAAAAEABVgu"
+ "NTA5AAACSDCCAkQwggGtAgRIR8SKMA0GCSqGSIb3DQEBBAUAMGkxCzAJBgNVBAYTAlVTMRMwEQYD"
+ "VQQIEwpDYWxpZm9ybmlhMQwwCgYDVQQHEwNNVFYxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMH"
+ "QW5kcm9pZDEUMBIGA1UEAxMLVGVzdCBTZXJ2ZXIwHhcNMDgwNjA1MTA0ODQyWhcNMDgwOTAzMTA0"
+ "ODQyWjBpMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8w"
+ "DQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgU2VydmVyMIGf"
+ "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwoC6chqCI84rj1PrXuJgbiit4EV909zR6N0jNlYfg"
+ "itwB39bP39wH03rFm8T59b3mbSptnGmCIpLZn25KPPFsYD3JJ+wFlmiUdEP9H05flfwtFQJnw9uT"
+ "3rRIdYVMPcQ3RoZzwAMliGr882I2thIDbA6xjGU/1nRIdvk0LtxH3QIDAQABMA0GCSqGSIb3DQEB"
+ "BAUAA4GBAJn+6YgUlY18Ie+0+Vt8oEi81DNi/bfPrAUAh63fhhBikx/3R9dl3wh09Z6p7cIdNxjW"
+ "n2ll+cRW9eqF7z75F0Omm0C7/KAEPjukVbszmzeU5VqzkpSt0j84YWi+TfcHRrfvhLbrlmGITVpY"
+ "ol5pHLDyqGmDs53pgwipWqsn/nEXEBgj3EoqPeqHbDf7YaP8h/5BSt0=";
/**
* Defines the keystore contents for the client, JKS version. Holds just a
* single self-generated key. The subject name is "Test Client".
*/
private static final String CLIENT_KEYS_JKS =
"/u3+7QAAAAIAAAABAAAAAQAFbXlrZXkAAAEaWFhyMAAAArkwggK1MA4GCisGAQQBKgIRAQEFAASC"
+ "AqGVSfXolBStZy4nnRNn4fAr+S7kfU2BS23wwW8uB2Ru3GvtLzlK9q08Gvq/LNqBafjyFTVL5FV5"
+ "SED/8YomO5a98GpskSeRvytCiTBLJdgGhws5TOGekgIAcBROPGIyOtJPQ0HfOQs+BqgzGDHzHQhw"
+ "u/8Tm6yQwiP+W/1I9B1QnaEztZA3mhTyMMJsmsFTYroGgAog885D5Cmzd8sYGfxec3R6I+xcmBAY"
+ "eibR5kGpWwt1R+qMvRrtBqh5r6WSKhCBNax+SJVbtUNRiKyjKccdJg6fGqIWWeivwYTy0OhjA6b4"
+ "NiZ/ZZs5pxFGWUj/Rlp0RYy8fCF6aw5/5s4Bf4MI6dPSqMG8Hf7sJR91GbcELyzPdM0h5lNavgit"
+ "QPEzKeuDrGxhY1frJThBsNsS0gxeu+OgfJPEb/H4lpYX5IvuIGbWKcxoO9zq4/fimIZkdA8A+3eY"
+ "mfDaowvy65NBVQPJSxaOyFhLHfeLqOeCsVENAea02vA7andZHTZehvcrqyKtm+z8ncHGRC2H9H8O"
+ "jKwKHfxxrYY/jMAKLl00+PBb3kspO+BHI2EcQnQuMw/zr83OR9Meq4TJ0TMuNkApZELAeFckIBbS"
+ "rBr8NNjAIfjuCTuKHhsTFWiHfk9ZIzigxXagfeDRiyVc6khOuF/bGorj23N2o7Rf3uLoU6PyXWi4"
+ "uhctR1aL6NzxDoK2PbYCeA9hxbDv8emaVPIzlVwpPK3Ruvv9mkjcOhZ74J8bPK2fQmbplbOljcZi"
+ "tZijOfzcO/11JrwhuJZRA6wanTqHoujgChV9EukVrmbWGGAcewFnAsSbFXIik7/+QznXaDIt5NgL"
+ "H/Bcz4Z/fdV7Ae1eUaxKXdPbI//4J+8liVT/d8awjW2tldIaDlmGMR3aoc830+3mAAAAAQAFWC41"
+ "MDkAAAJIMIICRDCCAa0CBEhHxLgwDQYJKoZIhvcNAQEEBQAwaTELMAkGA1UEBhMCVVMxEzARBgNV"
+ "BAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01UVjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdB"
+ "bmRyb2lkMRQwEgYDVQQDEwtUZXN0IENsaWVudDAeFw0wODA2MDUxMDQ5MjhaFw0wODA5MDMxMDQ5"
+ "MjhaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQwwCgYDVQQHEwNNVFYxDzAN"
+ "BgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHQW5kcm9pZDEUMBIGA1UEAxMLVGVzdCBDbGllbnQwgZ8w"
+ "DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIK3Q+KiFbmCGg422TAo4gggdhMH6FJhiuz8DxRyeMKR"
+ "UAfP4MK0wtc8N42waZ6OKvxpBFUy0BRfBsX0GD4Ku99yu9/tavSigTraeJtwV3WWRRjIqk7L3wX5"
+ "cmgS2KSD43Y0rNUKrko26lnt9N4qiYRBSj+tcAN3Lx9+ptqk1LApAgMBAAEwDQYJKoZIhvcNAQEE"
+ "BQADgYEANb7Q1GVSuy1RPJ0FmiXoMYCCtvlRLkmJphwxovK0cAQK12Vll+yAzBhHiQHy/RA11mng"
+ "wYudC7u3P8X/tBT8GR1Yk7QW3KgFyPafp3lQBBCraSsfrjKj+dCLig1uBLUr4f68W8VFWZWWTHqp"
+ "NMGpCX6qmjbkJQLVK/Yfo1ePaUexPSOX0G9m8+DoV3iyNw6at01NRw==";
/**
* Defines the keystore contents for the client, BKS version. Holds just a
* single self-generated key. The subject name is "Test Client".
*/
private static final String CLIENT_KEYS_BKS =
"AAAAAQAAABT4Rka6fxbFps98Y5k2VilmbibNkQAABfQEAAVteWtleQAAARpYl+POAAAAAQAFWC41"
+ "MDkAAAJNMIICSTCCAbKgAwIBAgIESEfU9TANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET"
+ "MBEGA1UECBMKQ2FsaWZvcm5pYTEMMAoGA1UEBxMDTVRWMQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNV"
+ "BAsTB0FuZHJvaWQxFDASBgNVBAMTC1Rlc3QgQ2xpZW50MB4XDTA4MDYwNTExNTg0NVoXDTA4MDkw"
+ "MzExNTg0NVowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDDAKBgNVBAcTA01U"
+ "VjEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRQwEgYDVQQDEwtUZXN0IENsaWVu"
+ "dDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApUvmWsQDHPpbDKK13Yez2/q54tTOmRml/qva"
+ "2K6dZjkjSTW0iRuk7ztaVEvdJpfVIDv1oBsCI51ttyLHROy1epjF+GoL74mJb7fkcd0VOoSOTjtD"
+ "+3GgZkHPAm5YmUYxiJXqxKKJJqMCTIW46eJaA2nAep9QIwZ14/NFAs4ObV8CAwEAATANBgkqhkiG"
+ "9w0BAQUFAAOBgQCJrCr3hZQFDlLIfsSKI1/w+BLvyf4fubOid0pBxfklR8KBNPTiqjSmu7pd/C/F"
+ "1FR8CdZUDoPflZHCOU+fj5r5KUC1HyigY/tEUvlforBpfB0uCF+tXW4DbUfOWhfMtLV4nCOJOOZg"
+ "awfZLJWBJouLKOp427vDftxTSB+Ks8YjlgAAAqwAAAAU+NH6TtrzjyDdCXm5B6Vo7xX5G4YAAAZx"
+ "EAUkcZtmykn7YdaYxC1jRFJ+GEJpC8nZVg83QClVuCSIS8a5f8Hl44Bk4oepOZsPzhtz3RdVzDVi"
+ "RFfoyZFsrk9F5bDTVJ6sQbb/1nfJkLhZFXokka0vND5AXMSoD5Bj1Fqem3cK7fSUyqKvFoRKC3XD"
+ "FQvhqoam29F1rbl8FaYdPvhhZo8TfZQYUyUKwW+RbR44M5iHPx+ykieMe/C/4bcM3z8cwIbYI1aO"
+ "gjQKS2MK9bs17xaDzeAh4sBKrskFGrDe+2dgvrSKdoakJhLTNTBSG6m+rzqMSCeQpafLKMSjTSSz"
+ "+KoQ9bLyax8cbvViGGju0SlVhquloZmKOfHr8TukIoV64h3uCGFOVFtQjCYDOq6NbfRvMh14UVF5"
+ "zgDIGczoD9dMoULWxBmniGSntoNgZM+QP6Id7DBasZGKfrHIAw3lHBqcvB5smemSu7F4itRoa3D8"
+ "N7hhUEKAc+xA+8NKmXfiCBoHfPHTwDvt4IR7gWjeP3Xv5vitcKQ/MAfO5RwfzkYCXQ3FfjfzmsE1"
+ "1IfLRDiBj+lhQSulhRVStKI88Che3M4JUNGKllrc0nt1pWa1vgzmUhhC4LSdm6trTHgyJnB6OcS9"
+ "t2furYjK88j1AuB4921oxMxRm8c4Crq8Pyuf+n3YKi8Pl2BzBtw++0gj0ODlgwut8SrVj66/nvIB"
+ "jN3kLVahR8nZrEFF6vTTmyXi761pzq9yOVqI57wJGx8o3Ygox1p+pWUPl1hQR7rrhUbgK/Q5wno9"
+ "uJk07h3IZnNxE+/IKgeMTP/H4+jmyT4mhsexJ2BFHeiKF1KT/FMcJdSi+ZK5yoNVcYuY8aZbx0Ef"
+ "lHorCXAmLFB0W6Cz4KPP01nD9YBB4olxiK1t7m0AU9zscdivNiuUaB5OIEr+JuZ6dNw=";
/**
* Implements the actual test case. Launches a server and a client, requires
* client authentication and checks the certificates afterwards (not in the
* usual sense, we just make sure that we got the expected certificates,
* because our self-signed test certificates are not valid.)
*/
@AndroidOnly("Uses bks key store. Change useBKS to false to run on the RI")
public void testClientAuth() throws Exception {
boolean useBKS = true;
listener = new MyHandshakeListener();
String serverKeys = (useBKS ? SERVER_KEYS_BKS : SERVER_KEYS_JKS);
String clientKeys = (useBKS ? CLIENT_KEYS_BKS : CLIENT_KEYS_JKS);
TestServer server = new TestServer(true,
TestServer.CLIENT_AUTH_WANTED, serverKeys);
TestClient client = new TestClient(true, clientKeys);
Thread serverThread = new Thread(server);
Thread clientThread = new Thread(client);
serverThread.start();
Thread.currentThread().sleep(3000);
clientThread.start();
serverThread.join();
clientThread.join();
// The server must have completed without an exception.
Exception e = server.getException();
if (e != null) {
e.printStackTrace();
}
// The client must have completed without an exception.
e = client.getException();
if (e != null) {
e.printStackTrace();
}
assertNull(e);
assertTrue(listener.completeDone);
}
/**
* Implements a test SSL socket server. It wait for a connection on a given
* port, requests client authentication (if specified), reads 256 bytes
* from the socket, and writes 256 bytes to the socket.
*/
class TestServer implements Runnable {
public static final int CLIENT_AUTH_NONE = 0;
public static final int CLIENT_AUTH_WANTED = 1;
public static final int CLIENT_AUTH_NEEDED = 2;
private TestTrustManager trustManager;
private Exception exception;
String keys;
private int clientAuth;
private boolean provideKeys;
public TestServer(boolean provideKeys, int clientAuth, String keys) throws Exception {
this.keys = keys;
this.clientAuth = clientAuth;
this.provideKeys = provideKeys;
trustManager = new TestTrustManager();
KeyManager[] keyManagers = provideKeys ? getKeyManagers(keys) : null;
TrustManager[] trustManagers = new TrustManager[] { trustManager };
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);
serverSocket = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket();
if (clientAuth == CLIENT_AUTH_WANTED) {
serverSocket.setWantClientAuth(true);
} else if (clientAuth == CLIENT_AUTH_NEEDED) {
serverSocket.setNeedClientAuth(true);
} else {
serverSocket.setWantClientAuth(false);
}
serverSocket.bind(new InetSocketAddress(0));
}
public void run() {
try {
SSLSocket clientSocket = (SSLSocket)serverSocket.accept();
InputStream istream = clientSocket.getInputStream();
for (int i = 0; i < 256; i++) {
int j = istream.read();
assertEquals(i, j);
}
istream.close();
OutputStream ostream = clientSocket.getOutputStream();
for (int i = 0; i < 256; i++) {
ostream.write(i);
}
ostream.flush();
ostream.close();
clientSocket.close();
serverSocket.close();
} catch (Exception ex) {
exception = ex;
}
}
public Exception getException() {
return exception;
}
public X509Certificate[] getChain() {
return trustManager.getChain();
}
}
/**
* Implements a test SSL socket client. It open a connection to localhost on
* a given port, writes 256 bytes to the socket, and reads 256 bytes from the
* socket.
*/
class TestClient implements Runnable {
private TestTrustManager trustManager;
private Exception exception;
private String keys;
private boolean provideKeys;
public TestClient(boolean provideKeys, String keys) {
this.keys = keys;
this.provideKeys = provideKeys;
trustManager = new TestTrustManager();
}
public void run() {
try {
KeyManager[] keyManagers = provideKeys ? getKeyManagers(keys) : null;
TrustManager[] trustManagers = new TrustManager[] { trustManager };
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);
SSLSocket socket = (SSLSocket)sslContext.getSocketFactory().createSocket();
socket.connect(serverSocket.getLocalSocketAddress());
socket.addHandshakeCompletedListener(listener);
socket.startHandshake();
OutputStream ostream = socket.getOutputStream();
for (int i = 0; i < 256; i++) {
ostream.write(i);
}
ostream.flush();
ostream.close();
InputStream istream = socket.getInputStream();
for (int i = 0; i < 256; i++) {
int j = istream.read();
assertEquals(i, j);
}
istream.close();
socket.close();
} catch (Exception ex) {
exception = ex;
}
}
public Exception getException() {
return exception;
}
public X509Certificate[] getChain() {
return trustManager.getChain();
}
}
/**
* Loads a keystore from a base64-encoded String. Returns the KeyManager[]
* for the result.
*/
private KeyManager[] getKeyManagers(String keys) throws Exception {
byte[] bytes = Base64.decode(keys.getBytes());
InputStream inputStream = new ByteArrayInputStream(bytes);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(inputStream, PASSWORD.toCharArray());
inputStream.close();
String algorithm = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(algorithm);
keyManagerFactory.init(keyStore, PASSWORD.toCharArray());
return keyManagerFactory.getKeyManagers();
}
/**
* Implements basically a dummy TrustManager. It stores the certificate
* chain it sees, so it can later be queried.
*/
public static class TestTrustManager implements X509TrustManager {
private X509Certificate[] chain;
private String authType;
public void checkClientTrusted(X509Certificate[] chain, String authType) {
this.chain = chain;
this.authType = authType;
}
public void checkServerTrusted(X509Certificate[] chain, String authType) {
this.chain = chain;
this.authType = authType;
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
public X509Certificate[] getChain() {
return chain;
}
public String getAuthType() {
return authType;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain, String authType)
throws CertificateException {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain, String authType)
throws CertificateException {
}
}
class MyHandshakeListener implements HandshakeCompletedListener {
public boolean completeDone;
MyHandshakeListener() {
completeDone = false;
}
public void handshakeCompleted(HandshakeCompletedEvent event) {
if (event != null) completeDone = true;
}
}
}