package org.bouncycastle.jsse.provider.test;
import java.security.KeyStore;
import java.security.Security;
import java.util.ArrayList;
import java.util.concurrent.CountDownLatch;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
class SSLUtils
{
static void enableAll(SSLServerSocket ss)
{
ss.setEnabledCipherSuites(ss.getSupportedCipherSuites());
ss.setEnabledProtocols(ss.getEnabledProtocols());
}
static void restrictKeyExchange(SSLSocket s, String keyExchange)
{
ArrayList<String> enabled = new ArrayList<String>();
for (String suite : s.getSupportedCipherSuites())
{
if (suite.startsWith("TLS_" + keyExchange + "_WITH"))
{
enabled.add(suite);
}
}
// some JSSE don't use TLS_
if (enabled.isEmpty())
{
for (String suite : s.getSupportedCipherSuites())
{
if (suite.startsWith("SSL_" + keyExchange + "_WITH"))
{
enabled.add(suite);
}
}
}
s.setEnabledCipherSuites(enabled.toArray(new String[enabled.size()]));
}
static void startServer(final KeyStore keyStore, final char[] password, final KeyStore serverStore)
{
startServer(keyStore, password, serverStore, false, 8888);
}
static void startServer(final KeyStore keyStore, final char[] password, final KeyStore serverStore, final boolean needClientAuth,
final int port)
{
final CountDownLatch latch = new CountDownLatch(1);
Runnable serverTask = new Runnable()
{
public void run()
{
try
{
KeyManagerFactory keyManagerFactory;
if (Security.getProvider("IBMJSSE2") != null)
{
keyManagerFactory = KeyManagerFactory.getInstance("IBMX509");
}
else
{
keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
}
keyManagerFactory.init(keyStore, password);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
trustManagerFactory.init(serverStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
SSLServerSocketFactory sslSocketFactory = context.getServerSocketFactory();
SSLServerSocket ss = (SSLServerSocket)sslSocketFactory.createServerSocket(port);
enableAll(ss);
ss.setNeedClientAuth(needClientAuth);
latch.countDown();
SSLSocket s = (SSLSocket)ss.accept();
s.setUseClientMode(false);
s.getInputStream().read();
s.getOutputStream().write('!');
s.close();
ss.close();
}
catch (Exception e)
{
e.printStackTrace();
}
}
};
new Thread(serverTask).start();
try
{
latch.await();
}
catch (InterruptedException e)
{
}
}
}