add trustmanager example and progress on wolfSSL TrustManager

examples/provider/provider_trustmanager.java

@@ -0,0 +1,96 @@
+/* provider_server.java
+ *
+ * Copyright (C) 2006-2018 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+public class provider_trustmanager {
+    public provider_trustmanager(){}
+
+    public void test_trustmanager() throws NoSuchAlgorithmException, KeyManagementException,
+            IOException, KeyStoreException, CertificateException,
+            UnrecoverableKeyException {
+        KeyStore cert;
+        TrustManagerFactory tm;
+        char[] psw = "wolfSSL test".toCharArray();
+        InputStream in;
+        X509TrustManager X509tm;
+        X509Certificate serv;
+        X509Certificate servEcc;
+        X509Certificate CAs[];
+        X509Certificate chain[];
+        
+        in = new FileInputStream("../certs/server-cert.pem");
+        serv = (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(in);
+
+        in = new FileInputStream("../certs/server-ecc.pem");
+        servEcc = (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(in);
+
+        
+        cert = KeyStore.getInstance("JKS");
+        cert.load(new FileInputStream("../provider/server.jks"), psw);
+        
+        /* trust manager (certificates) */
+        tm = TrustManagerFactory.getInstance("SunX509");
+        tm.init(cert);
+        System.out.printf("Provider name = %s\n", tm.getProvider().getName());
+
+        X509tm = (X509TrustManager)tm.getTrustManagers()[0];
+        CAs = X509tm.getAcceptedIssuers();
+        if (CAs.length > 0) {
+            System.out.printf("Found %d CAs\n", CAs.length);
+        }
+        
+        chain = new X509Certificate[]{serv};
+        X509tm.checkServerTrusted(chain, "RSA");
+        System.out.println("Verified serv ok");
+        
+        try {
+            chain[0] = servEcc;
+            X509tm.checkServerTrusted(chain, "RSA");
+        }
+        catch (Exception ex) {
+            System.out.println("Found exception success");
+        }
+    }
+    
+    public static void main(String[] args) {
+        provider_trustmanager t = new provider_trustmanager();
+        try {
+            t.test_trustmanager();
+        } catch (Exception ex) {
+            Logger.getLogger(provider_trustmanager.class.getName()).log(Level.SEVERE, null, ex);
+        }
+    }
+}

src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java

@@ -30,9 +30,13 @@ import javax.net.ssl.TrustManagerFactorySpi;
 
 public class WolfSSLTrustManager extends TrustManagerFactorySpi {
 
+    public WolfSSLTrustManager() {}
+    
+    private KeyStore store;
+    
     @Override
-    protected void engineInit(KeyStore arg0) throws KeyStoreException {
-        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    protected void engineInit(KeyStore in) throws KeyStoreException {
+       this.store = in;
     }
 
     @Override
@@ -42,7 +46,9 @@ public class WolfSSLTrustManager extends TrustManagerFactorySpi {
 
     @Override
     protected TrustManager[] engineGetTrustManagers() {
-        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+        /* array of WolfSSLX509Trust objects to use */
+        TrustManager[] tm = {new WolfSSLTrustX509(this.store)};
+        return tm;
     }
     
 }

src/java/com/wolfssl/provider/jsse/WolfSSLTrustX509.java

@@ -0,0 +1,87 @@
+/* WolfSSLTrustX509.java
+ *
+ * Copyright (C) 2006-2018 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+package com.wolfssl.provider.jsse;
+
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.net.ssl.X509TrustManager;
+
+public class WolfSSLTrustX509 implements X509TrustManager {
+    private KeyStore store;
+    private List<String> CAs;
+    
+    public WolfSSLTrustX509(KeyStore in) {
+        this.store = in;
+        
+        try {
+            /* Store the alias of all CAs */
+            Enumeration<String> aliases = store.aliases();
+            while (aliases.hasMoreElements()) {
+                String name = aliases.nextElement();
+                X509Certificate cert = (X509Certificate) store.getCertificate(name);
+                if (cert.getBasicConstraints() == 1) {
+                    CAs.add(name);
+                }
+            }
+        } catch (KeyStoreException ex) {
+            Logger.getLogger(WolfSSLTrustX509.class.getName()).log(Level.SEVERE, null, ex);
+        }
+    }
+    
+    public void checkClientTrusted(X509Certificate[] certs, String type)
+            throws CertificateException, IllegalArgumentException {
+        if (certs.length == 0 || type.length() == 0) {
+            throw new IllegalArgumentException();
+        }
+        
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    public void checkServerTrusted(X509Certificate[] certs, String type) throws CertificateException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    public X509Certificate[] getAcceptedIssuers() {
+        X509Certificate ret[];
+        
+        ret = new X509Certificate[CAs.size()];
+        if (CAs.size() > 0) {
+            int i;
+            for (i = 0; i < CAs.size(); i++) {
+                try {
+                    ret[i] = (X509Certificate)store.getCertificate(CAs.get(i));
+                } catch (KeyStoreException ex) {
+                    Logger.getLogger(WolfSSLTrustX509.class.getName()).log(Level.SEVERE, null, ex);
+                }
+            }
+        }
+        return ret;
+    }
+    
+    
+}