add more debugging in WolfSSLContext when loading CA certs, examples use wolfJSSE as KeyManagerFactory and TrustManagerFactory provider

2022-01-18 17:43:58 -07:00 · 2022-01-18 17:43:58 -07:00 · 7ca8b97c31
parent 739708b5b5
commit 7ca8b97c31
4 changed files with 48 additions and 30 deletions
--- a/examples/provider/MultiThreadedSSLClient.java
+++ b/examples/provider/MultiThreadedSSLClient.java
@ -64,9 +64,11 @@ import com.wolfssl.provider.jsse.WolfSSLProvider;

 public class MultiThreadedSSLClient
 {
-    String tmfImpl = "SunX509";      /* TrustManagerFactory provider */
-    String kmfImpl = "SunX509";      /* KeyManagerFactory provider */
-    String ctxImpl = "wolfJSSE";     /* SSLContext provider */
+    String tmfType = "SunX509";      /* TrustManagerFactory type */
+    String tmfProv = "wolfJSSE";     /* TrustManagerFactory provider */
+    String kmfType = "SunX509";      /* KeyManagerFactory type */
+    String kmfProv = "wolfJSSE";     /* KeyManagerFactory provider */
+    String ctxProv = "wolfJSSE";     /* SSLContext provider */

    String srvHost = "127.0.0.1";    /* server host */
    int srvPort = 11118;             /* server port */
@ -109,7 +111,7 @@ public class MultiThreadedSSLClient
                ThreadLocalRandom.current().nextInt(0, maxSleep +1);

            try {
-                SSLContext ctx = SSLContext.getInstance("TLS", ctxImpl);
+                SSLContext ctx = SSLContext.getInstance("TLS", ctxProv);
                ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);

                SSLSocket sock = (SSLSocket)ctx.getSocketFactory()
@ -182,14 +184,15 @@ public class MultiThreadedSSLClient
            clientKeyStore.load(new FileInputStream(clientKS), passArr);

            KeyManagerFactory clientKMF =
-                KeyManagerFactory.getInstance(kmfImpl);
+                KeyManagerFactory.getInstance(kmfType, kmfProv);
            clientKMF.init(clientKeyStore, passArr);

            /* set up CA TrustManagerFactory */
            KeyStore caKeyStore = KeyStore.getInstance("JKS");
            caKeyStore.load(new FileInputStream(clientTS), passArr);
-
-            TrustManagerFactory tm = TrustManagerFactory.getInstance(tmfImpl);
+            
+            TrustManagerFactory tm = TrustManagerFactory
+                .getInstance(tmfType, tmfProv);
            tm.init(caKeyStore);

            for (int i = 0; i < numClientConnections; i++) {
--- a/examples/provider/MultiThreadedSSLServer.java
+++ b/examples/provider/MultiThreadedSSLServer.java
@ -47,6 +47,7 @@ public class MultiThreadedSSLServer
    private char[] psw = "wolfSSL test".toCharArray();
    private String serverKS = "./examples/provider/rsa.jks";
    private String serverTS = "./examples/provider/client.jks";
+    private String jsseProv = "wolfJSSE";
    int serverPort = 11118;

    public MultiThreadedSSLServer() {
@ -58,18 +59,19 @@ public class MultiThreadedSSLServer
            KeyStore serverKeyStore = KeyStore.getInstance("JKS");
            serverKeyStore.load(new FileInputStream(serverKS), psw);

-            KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509");
+            KeyManagerFactory km = KeyManagerFactory
+                .getInstance("SunX509", jsseProv);
            km.init(serverKeyStore, psw);

            /* Set up CA TrustManagerFactory */
            KeyStore caKeyStore = KeyStore.getInstance("JKS");
            caKeyStore.load(new FileInputStream(serverTS), psw);
-
-            TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509");
+            
+            TrustManagerFactory tm = TrustManagerFactory
+                .getInstance("SunX509", jsseProv);
            tm.init(caKeyStore);

-
-            SSLContext ctx = SSLContext.getInstance("TLS", "wolfJSSE");
+            SSLContext ctx = SSLContext.getInstance("TLS", jsseProv);
            ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);

            SSLServerSocket ss = (SSLServerSocket)ctx
--- a/examples/provider/ThreadedSSLSocketClientServer.java
+++ b/examples/provider/ThreadedSSLSocketClientServer.java
@ -40,9 +40,11 @@ import com.wolfssl.provider.jsse.WolfSSLProvider;

 public class ThreadedSSLSocketClientServer
 {
-    String tmfImpl = "SunX509";     /* TrustManagerFactory provider */
-    String kmfImpl = "SunX509";     /* KeyManagerFactory provider */
-    String ctxImpl = "wolfJSSE";    /* SSLContext provider */
+    String tmfType = "SunX509";     /* TrustManagerFactory type */
+    String tmfProv = "wolfJSSE";    /* TrustManagerFactory provider */
+    String kmfType = "SunX509";     /* KeyManagerFactory type */
+    String kmfProv = "wolfJSSE";    /* KeyManagerFactory provider */
+    String ctxProv = "wolfJSSE";    /* SSLContext provider */
    int srvPort = 11118;            /* server port */

    class ServerThread extends Thread
@ -70,13 +72,15 @@ public class ThreadedSSLSocketClientServer
                KeyStore cert = KeyStore.getInstance("JKS");
                cert.load(new FileInputStream(trustStorePath), tsPass);

-                TrustManagerFactory tm = TrustManagerFactory.getInstance(tmfImpl);
+                TrustManagerFactory tm = TrustManagerFactory
+                    .getInstance(tmfType, tmfProv);
                tm.init(cert);
-
-                KeyManagerFactory km = KeyManagerFactory.getInstance(kmfImpl);
+                
+                KeyManagerFactory km = KeyManagerFactory
+                    .getInstance(kmfType, kmfProv);
                km.init(pKey, ksPass);

-                SSLContext ctx = SSLContext.getInstance("TLS", ctxImpl);
+                SSLContext ctx = SSLContext.getInstance("TLS", ctxProv);
                ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);

                SSLServerSocket ss = (SSLServerSocket)ctx
@ -115,14 +119,16 @@ public class ThreadedSSLSocketClientServer
                pKey.load(new FileInputStream(keyStorePath), ksPass);
                KeyStore cert = KeyStore.getInstance("JKS");
                cert.load(new FileInputStream(trustStorePath), tsPass);
-
-                TrustManagerFactory tm = TrustManagerFactory.getInstance(tmfImpl);
+                
+                TrustManagerFactory tm = TrustManagerFactory
+                    .getInstance(tmfType, tmfProv);
                tm.init(cert);
-
-                KeyManagerFactory km = KeyManagerFactory.getInstance(kmfImpl);
+                
+                KeyManagerFactory km = KeyManagerFactory
+                    .getInstance(kmfType, kmfProv);
                km.init(pKey, ksPass);

-                SSLContext ctx = SSLContext.getInstance("TLS", ctxImpl);
+                SSLContext ctx = SSLContext.getInstance("TLS", ctxProv);
                ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);

                SSLSocket sock = (SSLSocket)ctx.getSocketFactory()
@ -144,7 +150,7 @@ public class ThreadedSSLSocketClientServer

        Security.addProvider(new WolfSSLProvider());

-        String serverKS = "./examples/provider/rsa.jks";
+        String serverKS = "./examples/provider/server.jks";
        String serverTS = "./examples/provider/client.jks";
        String clientKS = "./examples/provider/client.jks";
        String clientTS = "./examples/provider/client.jks";
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java
@ -27,6 +27,7 @@ import java.security.PrivateKey;
 import java.security.SecureRandom;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
+import javax.security.auth.x500.X500Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@ -181,6 +182,9 @@ public class WolfSSLContext extends SSLContextSpi {
            return;
        }

+        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                "Number of certs in X509TrustManager: " + caList.length);
+
        /* Load accepted issuer certificates into native WOLFSSL_CTX to be
         * used in native wolfSSL verify logic */
        for (int i = 0; i < caList.length; i++) {
@ -208,12 +212,15 @@ public class WolfSSLContext extends SSLContextSpi {
                        "skipped loading CA, JNI exception");
            }

-            if (loadedCACount == 0) {
-                throw new IllegalArgumentException("wolfSSL failed to load " +
-                    "any trusted CA certificates from TrustManager");
-            }
            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                    "loaded trusted root certs from TrustManager");
+                    "loaded trusted root cert (" + caList[i].getSigAlgName()
+                    + "): " + caList[i].getSubjectX500Principal().getName(
+                    X500Principal.RFC1779));
+        }
+
+        if (loadedCACount == 0) {
+            throw new IllegalArgumentException("wolfSSL failed to load " +
+                "any trusted CA certificates from TrustManager");
        }
    }