diff --git a/examples/provider/MultiThreadedSSLClient.java b/examples/provider/MultiThreadedSSLClient.java index c3f8032..526fe7c 100644 --- a/examples/provider/MultiThreadedSSLClient.java +++ b/examples/provider/MultiThreadedSSLClient.java @@ -64,9 +64,11 @@ import com.wolfssl.provider.jsse.WolfSSLProvider; public class MultiThreadedSSLClient { - String tmfImpl = "SunX509"; /* TrustManagerFactory provider */ - String kmfImpl = "SunX509"; /* KeyManagerFactory provider */ - String ctxImpl = "wolfJSSE"; /* SSLContext provider */ + String tmfType = "SunX509"; /* TrustManagerFactory type */ + String tmfProv = "wolfJSSE"; /* TrustManagerFactory provider */ + String kmfType = "SunX509"; /* KeyManagerFactory type */ + String kmfProv = "wolfJSSE"; /* KeyManagerFactory provider */ + String ctxProv = "wolfJSSE"; /* SSLContext provider */ String srvHost = "127.0.0.1"; /* server host */ int srvPort = 11118; /* server port */ @@ -109,7 +111,7 @@ public class MultiThreadedSSLClient ThreadLocalRandom.current().nextInt(0, maxSleep +1); try { - SSLContext ctx = SSLContext.getInstance("TLS", ctxImpl); + SSLContext ctx = SSLContext.getInstance("TLS", ctxProv); ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null); SSLSocket sock = (SSLSocket)ctx.getSocketFactory() @@ -182,14 +184,15 @@ public class MultiThreadedSSLClient clientKeyStore.load(new FileInputStream(clientKS), passArr); KeyManagerFactory clientKMF = - KeyManagerFactory.getInstance(kmfImpl); + KeyManagerFactory.getInstance(kmfType, kmfProv); clientKMF.init(clientKeyStore, passArr); /* set up CA TrustManagerFactory */ KeyStore caKeyStore = KeyStore.getInstance("JKS"); caKeyStore.load(new FileInputStream(clientTS), passArr); - - TrustManagerFactory tm = TrustManagerFactory.getInstance(tmfImpl); + + TrustManagerFactory tm = TrustManagerFactory + .getInstance(tmfType, tmfProv); tm.init(caKeyStore); for (int i = 0; i < numClientConnections; i++) { diff --git a/examples/provider/MultiThreadedSSLServer.java b/examples/provider/MultiThreadedSSLServer.java index b1301db..d33fe3e 100644 --- a/examples/provider/MultiThreadedSSLServer.java +++ b/examples/provider/MultiThreadedSSLServer.java @@ -47,6 +47,7 @@ public class MultiThreadedSSLServer private char[] psw = "wolfSSL test".toCharArray(); private String serverKS = "./examples/provider/rsa.jks"; private String serverTS = "./examples/provider/client.jks"; + private String jsseProv = "wolfJSSE"; int serverPort = 11118; public MultiThreadedSSLServer() { @@ -58,18 +59,19 @@ public class MultiThreadedSSLServer KeyStore serverKeyStore = KeyStore.getInstance("JKS"); serverKeyStore.load(new FileInputStream(serverKS), psw); - KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509"); + KeyManagerFactory km = KeyManagerFactory + .getInstance("SunX509", jsseProv); km.init(serverKeyStore, psw); /* Set up CA TrustManagerFactory */ KeyStore caKeyStore = KeyStore.getInstance("JKS"); caKeyStore.load(new FileInputStream(serverTS), psw); - - TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509"); + + TrustManagerFactory tm = TrustManagerFactory + .getInstance("SunX509", jsseProv); tm.init(caKeyStore); - - SSLContext ctx = SSLContext.getInstance("TLS", "wolfJSSE"); + SSLContext ctx = SSLContext.getInstance("TLS", jsseProv); ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null); SSLServerSocket ss = (SSLServerSocket)ctx diff --git a/examples/provider/ThreadedSSLSocketClientServer.java b/examples/provider/ThreadedSSLSocketClientServer.java index aaa7c08..4e8768f 100644 --- a/examples/provider/ThreadedSSLSocketClientServer.java +++ b/examples/provider/ThreadedSSLSocketClientServer.java @@ -40,9 +40,11 @@ import com.wolfssl.provider.jsse.WolfSSLProvider; public class ThreadedSSLSocketClientServer { - String tmfImpl = "SunX509"; /* TrustManagerFactory provider */ - String kmfImpl = "SunX509"; /* KeyManagerFactory provider */ - String ctxImpl = "wolfJSSE"; /* SSLContext provider */ + String tmfType = "SunX509"; /* TrustManagerFactory type */ + String tmfProv = "wolfJSSE"; /* TrustManagerFactory provider */ + String kmfType = "SunX509"; /* KeyManagerFactory type */ + String kmfProv = "wolfJSSE"; /* KeyManagerFactory provider */ + String ctxProv = "wolfJSSE"; /* SSLContext provider */ int srvPort = 11118; /* server port */ class ServerThread extends Thread @@ -70,13 +72,15 @@ public class ThreadedSSLSocketClientServer KeyStore cert = KeyStore.getInstance("JKS"); cert.load(new FileInputStream(trustStorePath), tsPass); - TrustManagerFactory tm = TrustManagerFactory.getInstance(tmfImpl); + TrustManagerFactory tm = TrustManagerFactory + .getInstance(tmfType, tmfProv); tm.init(cert); - - KeyManagerFactory km = KeyManagerFactory.getInstance(kmfImpl); + + KeyManagerFactory km = KeyManagerFactory + .getInstance(kmfType, kmfProv); km.init(pKey, ksPass); - SSLContext ctx = SSLContext.getInstance("TLS", ctxImpl); + SSLContext ctx = SSLContext.getInstance("TLS", ctxProv); ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null); SSLServerSocket ss = (SSLServerSocket)ctx @@ -115,14 +119,16 @@ public class ThreadedSSLSocketClientServer pKey.load(new FileInputStream(keyStorePath), ksPass); KeyStore cert = KeyStore.getInstance("JKS"); cert.load(new FileInputStream(trustStorePath), tsPass); - - TrustManagerFactory tm = TrustManagerFactory.getInstance(tmfImpl); + + TrustManagerFactory tm = TrustManagerFactory + .getInstance(tmfType, tmfProv); tm.init(cert); - - KeyManagerFactory km = KeyManagerFactory.getInstance(kmfImpl); + + KeyManagerFactory km = KeyManagerFactory + .getInstance(kmfType, kmfProv); km.init(pKey, ksPass); - SSLContext ctx = SSLContext.getInstance("TLS", ctxImpl); + SSLContext ctx = SSLContext.getInstance("TLS", ctxProv); ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null); SSLSocket sock = (SSLSocket)ctx.getSocketFactory() @@ -144,7 +150,7 @@ public class ThreadedSSLSocketClientServer Security.addProvider(new WolfSSLProvider()); - String serverKS = "./examples/provider/rsa.jks"; + String serverKS = "./examples/provider/server.jks"; String serverTS = "./examples/provider/client.jks"; String clientKS = "./examples/provider/client.jks"; String clientTS = "./examples/provider/client.jks"; diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java index eb3f234..3106265 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java @@ -27,6 +27,7 @@ import java.security.PrivateKey; import java.security.SecureRandom; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; +import javax.security.auth.x500.X500Principal; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -181,6 +182,9 @@ public class WolfSSLContext extends SSLContextSpi { return; } + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Number of certs in X509TrustManager: " + caList.length); + /* Load accepted issuer certificates into native WOLFSSL_CTX to be * used in native wolfSSL verify logic */ for (int i = 0; i < caList.length; i++) { @@ -208,12 +212,15 @@ public class WolfSSLContext extends SSLContextSpi { "skipped loading CA, JNI exception"); } - if (loadedCACount == 0) { - throw new IllegalArgumentException("wolfSSL failed to load " + - "any trusted CA certificates from TrustManager"); - } WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - "loaded trusted root certs from TrustManager"); + "loaded trusted root cert (" + caList[i].getSigAlgName() + + "): " + caList[i].getSubjectX500Principal().getName( + X500Principal.RFC1779)); + } + + if (loadedCACount == 0) { + throw new IllegalArgumentException("wolfSSL failed to load " + + "any trusted CA certificates from TrustManager"); } }