WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

add more debugging in WolfSSLContext when loading CA certs, examples use wolfJSSE as KeyManagerFactory and TrustManagerFactory provider

pull/90/head
Chris Conlon 2022-01-18 17:43:58 -07:00
parent 739708b5b5
commit 7ca8b97c31
4 changed files with 48 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
examples/provider/MultiThreadedSSLClient.java
View File

@ -64,9 +64,11 @@ import com.wolfssl.provider.jsse.WolfSSLProvider;
public class MultiThreadedSSLClient public class MultiThreadedSSLClient
{ {
String tmfImpl = "SunX509"; /* TrustManagerFactory provider */ String tmfType = "SunX509"; /* TrustManagerFactory type */
String kmfImpl = "SunX509"; /* KeyManagerFactory provider */ String tmfProv = "wolfJSSE"; /* TrustManagerFactory provider */
String ctxImpl = "wolfJSSE"; /* SSLContext provider */ String kmfType = "SunX509"; /* KeyManagerFactory type */
String kmfProv = "wolfJSSE"; /* KeyManagerFactory provider */
String ctxProv = "wolfJSSE"; /* SSLContext provider */
String srvHost = "127.0.0.1"; /* server host */ String srvHost = "127.0.0.1"; /* server host */
int srvPort = 11118; /* server port */ int srvPort = 11118; /* server port */
@ -109,7 +111,7 @@ public class MultiThreadedSSLClient
ThreadLocalRandom.current().nextInt(0, maxSleep +1); ThreadLocalRandom.current().nextInt(0, maxSleep +1);
try { try {
SSLContext ctx = SSLContext.getInstance("TLS", ctxImpl); SSLContext ctx = SSLContext.getInstance("TLS", ctxProv);
ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null); ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);
SSLSocket sock = (SSLSocket)ctx.getSocketFactory() SSLSocket sock = (SSLSocket)ctx.getSocketFactory()
@ -182,14 +184,15 @@ public class MultiThreadedSSLClient
clientKeyStore.load(new FileInputStream(clientKS), passArr); clientKeyStore.load(new FileInputStream(clientKS), passArr);
KeyManagerFactory clientKMF = KeyManagerFactory clientKMF =
KeyManagerFactory.getInstance(kmfImpl); KeyManagerFactory.getInstance(kmfType, kmfProv);
clientKMF.init(clientKeyStore, passArr); clientKMF.init(clientKeyStore, passArr);
/* set up CA TrustManagerFactory */ /* set up CA TrustManagerFactory */
KeyStore caKeyStore = KeyStore.getInstance("JKS"); KeyStore caKeyStore = KeyStore.getInstance("JKS");
caKeyStore.load(new FileInputStream(clientTS), passArr); caKeyStore.load(new FileInputStream(clientTS), passArr);
TrustManagerFactory tm = TrustManagerFactory.getInstance(tmfImpl); TrustManagerFactory tm = TrustManagerFactory
.getInstance(tmfType, tmfProv);
tm.init(caKeyStore); tm.init(caKeyStore);
for (int i = 0; i < numClientConnections; i++) { for (int i = 0; i < numClientConnections; i++) {

12
examples/provider/MultiThreadedSSLServer.java
View File

@ -47,6 +47,7 @@ public class MultiThreadedSSLServer
private char[] psw = "wolfSSL test".toCharArray(); private char[] psw = "wolfSSL test".toCharArray();
private String serverKS = "./examples/provider/rsa.jks"; private String serverKS = "./examples/provider/rsa.jks";
private String serverTS = "./examples/provider/client.jks"; private String serverTS = "./examples/provider/client.jks";
private String jsseProv = "wolfJSSE";
int serverPort = 11118; int serverPort = 11118;
public MultiThreadedSSLServer() { public MultiThreadedSSLServer() {
@ -58,18 +59,19 @@ public class MultiThreadedSSLServer
KeyStore serverKeyStore = KeyStore.getInstance("JKS"); KeyStore serverKeyStore = KeyStore.getInstance("JKS");
serverKeyStore.load(new FileInputStream(serverKS), psw); serverKeyStore.load(new FileInputStream(serverKS), psw);
KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509"); KeyManagerFactory km = KeyManagerFactory
.getInstance("SunX509", jsseProv);
km.init(serverKeyStore, psw); km.init(serverKeyStore, psw);
/* Set up CA TrustManagerFactory */ /* Set up CA TrustManagerFactory */
KeyStore caKeyStore = KeyStore.getInstance("JKS"); KeyStore caKeyStore = KeyStore.getInstance("JKS");
caKeyStore.load(new FileInputStream(serverTS), psw); caKeyStore.load(new FileInputStream(serverTS), psw);
TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509"); TrustManagerFactory tm = TrustManagerFactory
.getInstance("SunX509", jsseProv);
tm.init(caKeyStore); tm.init(caKeyStore);
SSLContext ctx = SSLContext.getInstance("TLS", jsseProv);
SSLContext ctx = SSLContext.getInstance("TLS", "wolfJSSE");
ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null); ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);
SSLServerSocket ss = (SSLServerSocket)ctx SSLServerSocket ss = (SSLServerSocket)ctx

32
examples/provider/ThreadedSSLSocketClientServer.java
View File

@ -40,9 +40,11 @@ import com.wolfssl.provider.jsse.WolfSSLProvider;
public class ThreadedSSLSocketClientServer public class ThreadedSSLSocketClientServer
{ {
String tmfImpl = "SunX509"; /* TrustManagerFactory provider */ String tmfType = "SunX509"; /* TrustManagerFactory type */
String kmfImpl = "SunX509"; /* KeyManagerFactory provider */ String tmfProv = "wolfJSSE"; /* TrustManagerFactory provider */
String ctxImpl = "wolfJSSE"; /* SSLContext provider */ String kmfType = "SunX509"; /* KeyManagerFactory type */
String kmfProv = "wolfJSSE"; /* KeyManagerFactory provider */
String ctxProv = "wolfJSSE"; /* SSLContext provider */
int srvPort = 11118; /* server port */ int srvPort = 11118; /* server port */
class ServerThread extends Thread class ServerThread extends Thread
@ -70,13 +72,15 @@ public class ThreadedSSLSocketClientServer
KeyStore cert = KeyStore.getInstance("JKS"); KeyStore cert = KeyStore.getInstance("JKS");
cert.load(new FileInputStream(trustStorePath), tsPass); cert.load(new FileInputStream(trustStorePath), tsPass);
TrustManagerFactory tm = TrustManagerFactory.getInstance(tmfImpl); TrustManagerFactory tm = TrustManagerFactory
.getInstance(tmfType, tmfProv);
tm.init(cert); tm.init(cert);
KeyManagerFactory km = KeyManagerFactory.getInstance(kmfImpl); KeyManagerFactory km = KeyManagerFactory
.getInstance(kmfType, kmfProv);
km.init(pKey, ksPass); km.init(pKey, ksPass);
SSLContext ctx = SSLContext.getInstance("TLS", ctxImpl); SSLContext ctx = SSLContext.getInstance("TLS", ctxProv);
ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null); ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);
SSLServerSocket ss = (SSLServerSocket)ctx SSLServerSocket ss = (SSLServerSocket)ctx
@ -115,14 +119,16 @@ public class ThreadedSSLSocketClientServer
pKey.load(new FileInputStream(keyStorePath), ksPass); pKey.load(new FileInputStream(keyStorePath), ksPass);
KeyStore cert = KeyStore.getInstance("JKS"); KeyStore cert = KeyStore.getInstance("JKS");
cert.load(new FileInputStream(trustStorePath), tsPass); cert.load(new FileInputStream(trustStorePath), tsPass);
TrustManagerFactory tm = TrustManagerFactory.getInstance(tmfImpl); TrustManagerFactory tm = TrustManagerFactory
.getInstance(tmfType, tmfProv);
tm.init(cert); tm.init(cert);
KeyManagerFactory km = KeyManagerFactory.getInstance(kmfImpl); KeyManagerFactory km = KeyManagerFactory
.getInstance(kmfType, kmfProv);
km.init(pKey, ksPass); km.init(pKey, ksPass);
SSLContext ctx = SSLContext.getInstance("TLS", ctxImpl); SSLContext ctx = SSLContext.getInstance("TLS", ctxProv);
ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null); ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);
SSLSocket sock = (SSLSocket)ctx.getSocketFactory() SSLSocket sock = (SSLSocket)ctx.getSocketFactory()
@ -144,7 +150,7 @@ public class ThreadedSSLSocketClientServer
Security.addProvider(new WolfSSLProvider()); Security.addProvider(new WolfSSLProvider());
String serverKS = "./examples/provider/rsa.jks"; String serverKS = "./examples/provider/server.jks";
String serverTS = "./examples/provider/client.jks"; String serverTS = "./examples/provider/client.jks";
String clientKS = "./examples/provider/client.jks"; String clientKS = "./examples/provider/client.jks";
String clientTS = "./examples/provider/client.jks"; String clientTS = "./examples/provider/client.jks";

17
src/java/com/wolfssl/provider/jsse/WolfSSLContext.java
View File

@ -27,6 +27,7 @@ import java.security.PrivateKey;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@ -181,6 +182,9 @@ public class WolfSSLContext extends SSLContextSpi {
return; return;
} }
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"Number of certs in X509TrustManager: " + caList.length);
/* Load accepted issuer certificates into native WOLFSSL_CTX to be /* Load accepted issuer certificates into native WOLFSSL_CTX to be
* used in native wolfSSL verify logic */ * used in native wolfSSL verify logic */
for (int i = 0; i < caList.length; i++) { for (int i = 0; i < caList.length; i++) {
@ -208,12 +212,15 @@ public class WolfSSLContext extends SSLContextSpi {
"skipped loading CA, JNI exception"); "skipped loading CA, JNI exception");
} }
if (loadedCACount == 0) {
throw new IllegalArgumentException("wolfSSL failed to load " +
"any trusted CA certificates from TrustManager");
}
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"loaded trusted root certs from TrustManager"); "loaded trusted root cert (" + caList[i].getSigAlgName()
+ "): " + caList[i].getSubjectX500Principal().getName(
X500Principal.RFC1779));
}
if (loadedCACount == 0) {
throw new IllegalArgumentException("wolfSSL failed to load " +
"any trusted CA certificates from TrustManager");
} }
} }