private static KeyStore readKeyStore(String name) throws Exception { File file = new File(PATH, name); InputStream in = new FileInputStream(file); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(in, passwd); in.close(); return ks; }
/* * Define the client side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ void doClientSide() throws Exception { /* * Wait for server to get started. */ while (!serverReady) { Thread.sleep(50); } /* * See if an unknown keystore actually gets checked ok. */ System.out.println("=============="); System.out.println("Starting test0"); KeyStore uks = KeyStore.getInstance("JKS"); SSLContext ctx = SSLContext.getInstance("TLS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); uks.load(new FileInputStream(unknownFilename), cpasswd); kmf.init(uks, cpasswd); TrustManager[] tms = new TrustManager[] {new MyJavaxX509TrustManager()}; ctx.init(kmf.getKeyManagers(), tms, null); SSLSocketFactory sslsf = (SSLSocketFactory) ctx.getSocketFactory(); System.out.println("Trying first socket " + serverPort); SSLSocket sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort); doTest(sslSocket); /* * Now try the other way. */ com.sun.net.ssl.SSLContext ctx1 = com.sun.net.ssl.SSLContext.getInstance("TLS"); com.sun.net.ssl.KeyManagerFactory kmf1 = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509"); kmf1.init(uks, cpasswd); com.sun.net.ssl.TrustManager[] tms1 = new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()}; ctx1.init(kmf1.getKeyManagers(), tms1, null); sslsf = (SSLSocketFactory) ctx1.getSocketFactory(); System.out.println("Trying second socket " + serverPort1); sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort1); doTest(sslSocket); System.out.println("Completed test1"); }
/* * Define the server side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ void doServerSide() throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); com.sun.net.ssl.SSLContext ctx = com.sun.net.ssl.SSLContext.getInstance("TLS"); com.sun.net.ssl.KeyManagerFactory kmf = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509"); ks.load(new FileInputStream(keyFilename), cpasswd); kmf.init(ks, cpasswd); com.sun.net.ssl.TrustManager[] tms = new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()}; ctx.init(kmf.getKeyManagers(), tms, null); SSLServerSocketFactory sslssf = (SSLServerSocketFactory) ctx.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); serverPort = sslServerSocket.getLocalPort(); sslServerSocket.setNeedClientAuth(true); /* * Create using the other type. */ SSLContext ctx1 = SSLContext.getInstance("TLS"); KeyManagerFactory kmf1 = KeyManagerFactory.getInstance("SunX509"); TrustManager[] tms1 = new TrustManager[] {new MyJavaxX509TrustManager()}; kmf1.init(ks, cpasswd); ctx1.init(kmf1.getKeyManagers(), tms1, null); sslssf = (SSLServerSocketFactory) ctx1.getServerSocketFactory(); SSLServerSocket sslServerSocket1 = (SSLServerSocket) sslssf.createServerSocket(serverPort1); serverPort1 = sslServerSocket1.getLocalPort(); sslServerSocket1.setNeedClientAuth(true); /* * Signal Client, we're ready for his connect. */ serverReady = true; SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); sslServerSocket.close(); serverReady = false; InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); sslIS.read(); sslOS.write(85); sslOS.flush(); sslSocket.close(); sslSocket = (SSLSocket) sslServerSocket1.accept(); sslIS = sslSocket.getInputStream(); sslOS = sslSocket.getOutputStream(); sslIS.read(); sslOS.write(85); sslOS.flush(); sslSocket.close(); System.out.println("Server exiting!"); System.out.flush(); }
private KeyStore createKeyStore(@Nullable String path) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException { String keyStoreType = KeyStore.getDefaultType(); char[] defaultPassword = "******".toCharArray(); if (path != null) { // If the user provided path, only try to load the keystore at that path. KeyStore keyStore = KeyStore.getInstance(keyStoreType); FileInputStream is = new FileInputStream(path); keyStore.load(is, defaultPassword); return keyStore; } try { // Check if we are on Android. Class version = Class.forName("android.os.Build$VERSION"); // Build.VERSION_CODES.ICE_CREAM_SANDWICH is 14. if (version.getDeclaredField("SDK_INT").getInt(version) >= 14) { // After ICS, Android provided this nice method for loading the keystore, // so we don't have to specify the location explicitly. KeyStore keystore = KeyStore.getInstance("AndroidCAStore"); keystore.load(null, null); return keystore; } else { keyStoreType = "BKS"; path = System.getProperty("java.home") + "/etc/security/cacerts.bks".replace('/', File.separatorChar); } } catch (ClassNotFoundException e) { // NOP. android.os.Build is not present, so we are not on Android. Fall through. } catch (NoSuchFieldException e) { throw new RuntimeException(e); // Should never happen. } catch (IllegalAccessException e) { throw new RuntimeException(e); // Should never happen. } if (path == null) { path = System.getProperty("javax.net.ssl.trustStore"); } if (path == null) { // Try this default system location for Linux/Windows/OSX. path = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar); } try { KeyStore keyStore = KeyStore.getInstance(keyStoreType); FileInputStream is = new FileInputStream(path); keyStore.load(is, defaultPassword); return keyStore; } catch (FileNotFoundException e) { // If we failed to find a system trust store, load our own fallback trust store. This can fail // on Android // but we should never reach it there. KeyStore keyStore = KeyStore.getInstance("JKS"); InputStream is = getClass().getResourceAsStream("cacerts"); keyStore.load(is, defaultPassword); return keyStore; } }