add more debugging in WolfSSLContext when loading CA certs, examples use wolfJSSE as KeyManagerFactory and TrustManagerFactory provider
Chris Conlon
parent
739708b5b5
commit
7ca8b97c31
|
|
@ -64,9 +64,11 @@ import com.wolfssl.provider.jsse.WolfSSLProvider;
|
|||
|
||||
public class MultiThreadedSSLClient
|
||||
{
|
||||
String tmfImpl = "SunX509"; /* TrustManagerFactory provider */
|
||||
String kmfImpl = "SunX509"; /* KeyManagerFactory provider */
|
||||
String ctxImpl = "wolfJSSE"; /* SSLContext provider */
|
||||
String tmfType = "SunX509"; /* TrustManagerFactory type */
|
||||
String tmfProv = "wolfJSSE"; /* TrustManagerFactory provider */
|
||||
String kmfType = "SunX509"; /* KeyManagerFactory type */
|
||||
String kmfProv = "wolfJSSE"; /* KeyManagerFactory provider */
|
||||
String ctxProv = "wolfJSSE"; /* SSLContext provider */
|
||||
|
||||
String srvHost = "127.0.0.1"; /* server host */
|
||||
int srvPort = 11118; /* server port */
|
||||
|
|
@ -109,7 +111,7 @@ public class MultiThreadedSSLClient
|
|||
ThreadLocalRandom.current().nextInt(0, maxSleep +1);
|
||||
|
||||
try {
|
||||
SSLContext ctx = SSLContext.getInstance("TLS", ctxImpl);
|
||||
SSLContext ctx = SSLContext.getInstance("TLS", ctxProv);
|
||||
ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);
|
||||
|
||||
SSLSocket sock = (SSLSocket)ctx.getSocketFactory()
|
||||
|
|
@ -182,14 +184,15 @@ public class MultiThreadedSSLClient
|
|||
clientKeyStore.load(new FileInputStream(clientKS), passArr);
|
||||
|
||||
KeyManagerFactory clientKMF =
|
||||
KeyManagerFactory.getInstance(kmfImpl);
|
||||
KeyManagerFactory.getInstance(kmfType, kmfProv);
|
||||
clientKMF.init(clientKeyStore, passArr);
|
||||
|
||||
/* set up CA TrustManagerFactory */
|
||||
KeyStore caKeyStore = KeyStore.getInstance("JKS");
|
||||
caKeyStore.load(new FileInputStream(clientTS), passArr);
|
||||
|
||||
TrustManagerFactory tm = TrustManagerFactory.getInstance(tmfImpl);
|
||||
TrustManagerFactory tm = TrustManagerFactory
|
||||
.getInstance(tmfType, tmfProv);
|
||||
tm.init(caKeyStore);
|
||||
|
||||
for (int i = 0; i < numClientConnections; i++) {
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ public class MultiThreadedSSLServer
|
|||
private char[] psw = "wolfSSL test".toCharArray();
|
||||
private String serverKS = "./examples/provider/rsa.jks";
|
||||
private String serverTS = "./examples/provider/client.jks";
|
||||
private String jsseProv = "wolfJSSE";
|
||||
int serverPort = 11118;
|
||||
|
||||
public MultiThreadedSSLServer() {
|
||||
|
|
@ -58,18 +59,19 @@ public class MultiThreadedSSLServer
|
|||
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
|
||||
serverKeyStore.load(new FileInputStream(serverKS), psw);
|
||||
|
||||
KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509");
|
||||
KeyManagerFactory km = KeyManagerFactory
|
||||
.getInstance("SunX509", jsseProv);
|
||||
km.init(serverKeyStore, psw);
|
||||
|
||||
/* Set up CA TrustManagerFactory */
|
||||
KeyStore caKeyStore = KeyStore.getInstance("JKS");
|
||||
caKeyStore.load(new FileInputStream(serverTS), psw);
|
||||
|
||||
TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509");
|
||||
TrustManagerFactory tm = TrustManagerFactory
|
||||
.getInstance("SunX509", jsseProv);
|
||||
tm.init(caKeyStore);
|
||||
|
||||
|
||||
SSLContext ctx = SSLContext.getInstance("TLS", "wolfJSSE");
|
||||
SSLContext ctx = SSLContext.getInstance("TLS", jsseProv);
|
||||
ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);
|
||||
|
||||
SSLServerSocket ss = (SSLServerSocket)ctx
|
||||
|
|
|
|||
|
|
@ -40,9 +40,11 @@ import com.wolfssl.provider.jsse.WolfSSLProvider;
|
|||
|
||||
public class ThreadedSSLSocketClientServer
|
||||
{
|
||||
String tmfImpl = "SunX509"; /* TrustManagerFactory provider */
|
||||
String kmfImpl = "SunX509"; /* KeyManagerFactory provider */
|
||||
String ctxImpl = "wolfJSSE"; /* SSLContext provider */
|
||||
String tmfType = "SunX509"; /* TrustManagerFactory type */
|
||||
String tmfProv = "wolfJSSE"; /* TrustManagerFactory provider */
|
||||
String kmfType = "SunX509"; /* KeyManagerFactory type */
|
||||
String kmfProv = "wolfJSSE"; /* KeyManagerFactory provider */
|
||||
String ctxProv = "wolfJSSE"; /* SSLContext provider */
|
||||
int srvPort = 11118; /* server port */
|
||||
|
||||
class ServerThread extends Thread
|
||||
|
|
@ -70,13 +72,15 @@ public class ThreadedSSLSocketClientServer
|
|||
KeyStore cert = KeyStore.getInstance("JKS");
|
||||
cert.load(new FileInputStream(trustStorePath), tsPass);
|
||||
|
||||
TrustManagerFactory tm = TrustManagerFactory.getInstance(tmfImpl);
|
||||
TrustManagerFactory tm = TrustManagerFactory
|
||||
.getInstance(tmfType, tmfProv);
|
||||
tm.init(cert);
|
||||
|
||||
KeyManagerFactory km = KeyManagerFactory.getInstance(kmfImpl);
|
||||
KeyManagerFactory km = KeyManagerFactory
|
||||
.getInstance(kmfType, kmfProv);
|
||||
km.init(pKey, ksPass);
|
||||
|
||||
SSLContext ctx = SSLContext.getInstance("TLS", ctxImpl);
|
||||
SSLContext ctx = SSLContext.getInstance("TLS", ctxProv);
|
||||
ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);
|
||||
|
||||
SSLServerSocket ss = (SSLServerSocket)ctx
|
||||
|
|
@ -116,13 +120,15 @@ public class ThreadedSSLSocketClientServer
|
|||
KeyStore cert = KeyStore.getInstance("JKS");
|
||||
cert.load(new FileInputStream(trustStorePath), tsPass);
|
||||
|
||||
TrustManagerFactory tm = TrustManagerFactory.getInstance(tmfImpl);
|
||||
TrustManagerFactory tm = TrustManagerFactory
|
||||
.getInstance(tmfType, tmfProv);
|
||||
tm.init(cert);
|
||||
|
||||
KeyManagerFactory km = KeyManagerFactory.getInstance(kmfImpl);
|
||||
KeyManagerFactory km = KeyManagerFactory
|
||||
.getInstance(kmfType, kmfProv);
|
||||
km.init(pKey, ksPass);
|
||||
|
||||
SSLContext ctx = SSLContext.getInstance("TLS", ctxImpl);
|
||||
SSLContext ctx = SSLContext.getInstance("TLS", ctxProv);
|
||||
ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);
|
||||
|
||||
SSLSocket sock = (SSLSocket)ctx.getSocketFactory()
|
||||
|
|
@ -144,7 +150,7 @@ public class ThreadedSSLSocketClientServer
|
|||
|
||||
Security.addProvider(new WolfSSLProvider());
|
||||
|
||||
String serverKS = "./examples/provider/rsa.jks";
|
||||
String serverKS = "./examples/provider/server.jks";
|
||||
String serverTS = "./examples/provider/client.jks";
|
||||
String clientKS = "./examples/provider/client.jks";
|
||||
String clientTS = "./examples/provider/client.jks";
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ import java.security.PrivateKey;
|
|||
import java.security.SecureRandom;
|
||||
import java.security.cert.CertificateEncodingException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
|
@ -181,6 +182,9 @@ public class WolfSSLContext extends SSLContextSpi {
|
|||
return;
|
||||
}
|
||||
|
||||
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||
"Number of certs in X509TrustManager: " + caList.length);
|
||||
|
||||
/* Load accepted issuer certificates into native WOLFSSL_CTX to be
|
||||
* used in native wolfSSL verify logic */
|
||||
for (int i = 0; i < caList.length; i++) {
|
||||
|
|
@ -208,13 +212,16 @@ public class WolfSSLContext extends SSLContextSpi {
|
|||
"skipped loading CA, JNI exception");
|
||||
}
|
||||
|
||||
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||
"loaded trusted root cert (" + caList[i].getSigAlgName()
|
||||
+ "): " + caList[i].getSubjectX500Principal().getName(
|
||||
X500Principal.RFC1779));
|
||||
}
|
||||
|
||||
if (loadedCACount == 0) {
|
||||
throw new IllegalArgumentException("wolfSSL failed to load " +
|
||||
"any trusted CA certificates from TrustManager");
|
||||
}
|
||||
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
|
||||
"loaded trusted root certs from TrustManager");
|
||||
}
|
||||
}
|
||||
|
||||
private void LoadClientKeyAndCertChain() throws Exception {
|
||||
|
|
|
|||
Loading…
Reference in New Issue