WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #22 from cconlon/jsse_1.7fix 

Fixes to resolve ant test failures on OpenJDK 7
pull/24/head
JacobBarthelmeh 2020-01-16 11:04:52 -07:00 committed by GitHub
parent 93b0d670e4 26f12ae874
commit e86a4eed1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 87 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/java/com/wolfssl/provider/jsse/WolfSSLContext.java
View File

@ -156,6 +156,7 @@ public class WolfSSLContext extends SSLContextSpi {
int ret, offset; int ret, offset;
X509KeyManager km = authStore.getX509KeyManager(); X509KeyManager km = authStore.getX509KeyManager();
String javaVersion = System.getProperty("java.version");
if (km == null) { if (km == null) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.ERROR, WolfSSLDebug.log(getClass(), WolfSSLDebug.ERROR,
@ -164,9 +165,12 @@ public class WolfSSLContext extends SSLContextSpi {
} }
/* We only load keys from algorithms enabled in native wolfSSL, /* We only load keys from algorithms enabled in native wolfSSL,
* and in the priority order of ECC first, then RSA */ * and in the priority order of ECC first, then RSA. JDK 1.7.0_201
* has a bug that causes PrivateKey.getEncoded() to fail for EC keys.
* This has been fixed in later JDK versions, but skip adding EC
* here if we're running on OpenJDK 1.7.0_201. */
ArrayList<String> keyAlgos = new ArrayList<String>(); ArrayList<String> keyAlgos = new ArrayList<String>();
if (WolfSSL.EccEnabled()) { if (WolfSSL.EccEnabled() && !javaVersion.equals("1.7.0_201")) {
keyAlgos.add("EC"); keyAlgos.add("EC");
} }
if (WolfSSL.RsaEnabled()) { if (WolfSSL.RsaEnabled()) {

103
src/test/com/wolfssl/provider/jsse/test/WolfSSLTrustX509Test.java
View File

@ -71,7 +71,7 @@ public class WolfSSLTrustX509Test {
} }
} }
@Test @Test
public void testCAParsing() public void testCAParsing()
throws NoSuchProviderException, NoSuchAlgorithmException { throws NoSuchProviderException, NoSuchAlgorithmException {
@ -83,7 +83,13 @@ public class WolfSSLTrustX509Test {
String OU[] = { "OU=Consulting", "OU=Programming-1024", "OU=ECC", String OU[] = { "OU=Consulting", "OU=Programming-1024", "OU=ECC",
"OU=Consulting_1024", "OU=Support", "OU=Support_1024", "OU=Fast", "OU=Consulting_1024", "OU=Support", "OU=Support_1024", "OU=Fast",
"OU=Development", "OU=Programming-2048" }; "OU=Development", "OU=Programming-2048" };
/* OpenJDK 1.7 KeyStore load order */
String OU_17[] = { "OU=Support_1024", "OU=Programming-2048",
"OU=Consulting_1024", "OU=Fast", "OU=Support",
"OU=Programming-1024", "OU=Consulting", "OU=Development",
"OU=ECC" };
System.out.print("\tTesting parse all.jks"); System.out.print("\tTesting parse all.jks");
if (tf.isAndroid()) { if (tf.isAndroid()) {
@ -97,7 +103,21 @@ public class WolfSSLTrustX509Test {
if (this.provider != null && this.provider.equals("wolfJSSE")) { if (this.provider != null && this.provider.equals("wolfJSSE")) {
expected = 8; /* one less than SunJSSE because of server-ecc */ expected = 8; /* one less than SunJSSE because of server-ecc */
} }
/* Test for KeyStore provider/version, cert order is different */
try {
KeyStore tmpStore = KeyStore.getInstance("JKS");
String tmpStoreProv = tmpStore.getProvider().getName();
double tmpStoreProvVer = tmpStore.getProvider().getVersion();
if (tmpStoreProv.equals("SUN") && tmpStoreProvVer == 1.7) {
OU = OU_17;
}
} catch (KeyStoreException kse) {
error("\t\t... failed");
fail("failed to detect KeyStore provider version");
}
tm = tf.createTrustManager("SunX509", tf.allJKS, provider); tm = tf.createTrustManager("SunX509", tf.allJKS, provider);
if (tm == null) { if (tm == null) {
error("\t\t... failed"); error("\t\t... failed");
@ -122,17 +142,17 @@ public class WolfSSLTrustX509Test {
provider.equals("wolfJSSE") && x.equals("OU=ECC")) { provider.equals("wolfJSSE") && x.equals("OU=ECC")) {
continue; continue;
} }
if (!cas[i].getSubjectDN().getName().contains(x)) { if (!cas[i].getSubjectDN().getName().contains(x)) {
error("\t\t... failed"); error("\t\t... failed");
fail("wrong CA found"); fail("wrong CA found");
} }
i++; i++;
} }
pass("\t\t... passed"); pass("\t\t... passed");
} }
@Test @Test
public void testServerParsing() public void testServerParsing()
throws NoSuchProviderException, NoSuchAlgorithmException { throws NoSuchProviderException, NoSuchAlgorithmException {
@ -143,7 +163,11 @@ public class WolfSSLTrustX509Test {
int expected = 6; int expected = 6;
String OU[] = { "OU=Programming-1024", "OU=Support", "OU=Support_1024", String OU[] = { "OU=Programming-1024", "OU=Support", "OU=Support_1024",
"OU=Fast", "OU=Programming-2048"}; "OU=Fast", "OU=Programming-2048"};
/* OpenJDK 1.7 KeyStore load order */
String OU_17[] = { "OU=Support_1024", "OU=Programming-2048",
"OU=Fast", "OU=Programming-1024", "OU=Support"};
System.out.print("\tTesting parsing server.jks"); System.out.print("\tTesting parsing server.jks");
if (tf.isAndroid()) { if (tf.isAndroid()) {
@ -152,16 +176,31 @@ public class WolfSSLTrustX509Test {
return; return;
} }
/* Test for KeyStore provider/version, some order certs differently */
try {
KeyStore tmpStore = KeyStore.getInstance("JKS");
String tmpStoreProv = tmpStore.getProvider().getName();
double tmpStoreProvVer = tmpStore.getProvider().getVersion();
if (tmpStoreProv.equals("SUN") && tmpStoreProvVer == 1.7) {
OU = OU_17;
}
} catch (KeyStoreException kse) {
error("\t... failed");
fail("failed to detect KeyStore provider version");
}
/* wolfSSL only returns a list of CA's, server-ecc basic constraint is set /* wolfSSL only returns a list of CA's, server-ecc basic constraint is set
* to false so it is not added as a CA */ * to false so it is not added as a CA */
if (this.provider != null && this.provider.equals("wolfJSSE")) { if (this.provider != null && this.provider.equals("wolfJSSE")) {
expected = expected-1; /* one less than SunJSSE because of server-ecc */ expected = expected-1; /* one less than SunJSSE because of server-ecc */
} }
tm = tf.createTrustManager("SunX509", tf.serverJKS, provider); tm = tf.createTrustManager("SunX509", tf.serverJKS, provider);
if (tm == null) { if (tm == null) {
error("\t... failed"); error("\t... failed");
fail("failed to create trustmanager"); fail("failed to create trustmanager");
return; return;
} }
x509tm = (X509TrustManager) tm[0]; x509tm = (X509TrustManager) tm[0];
@ -171,25 +210,25 @@ public class WolfSSLTrustX509Test {
fail("no CAs were found"); fail("no CAs were found");
return; return;
} }
if (cas.length != expected) { if (cas.length != expected) {
error("\t... failed"); error("\t... failed");
fail("wrong number of CAs found"); fail("wrong number of CAs found");
} }
for (String x : OU) { for (String x : OU) {
if (!cas[i].getSubjectDN().getName().contains(x)) { if (!cas[i].getSubjectDN().getName().contains(x)) {
error("\t... failed"); error("\t... failed");
fail("wrong CA found"); fail("wrong CA found");
} }
i++; i++;
} }
pass("\t... passed"); pass("\t... passed");
} }
@Test @Test
public void testCAParsingMixed() public void testCAParsingMixed()
throws NoSuchProviderException, NoSuchAlgorithmException { throws NoSuchProviderException, NoSuchAlgorithmException {
@ -201,7 +240,12 @@ public class WolfSSLTrustX509Test {
String OU[] = { "OU=Consulting", "OU=Programming-1024", "OU=ECC", String OU[] = { "OU=Consulting", "OU=Programming-1024", "OU=ECC",
"OU=Consulting_1024", "OU=Support", "OU=Support_1024", "OU=Fast", "OU=Consulting_1024", "OU=Support", "OU=Support_1024", "OU=Fast",
"OU=Programming-2048" }; "OU=Programming-2048" };
/* OpenJDK 1.7 KeyStore load order */
String OU_17[] = { "OU=Support_1024", "OU=Programming-2048",
"OU=Consulting_1024", "OU=Fast", "OU=Support",
"OU=Programming-1024", "OU=Consulting", "OU=ECC" };
System.out.print("\tTesting parse all_mixed.jks"); System.out.print("\tTesting parse all_mixed.jks");
if (tf.isAndroid()) { if (tf.isAndroid()) {
@ -214,11 +258,26 @@ public class WolfSSLTrustX509Test {
if (this.provider != null && this.provider.equals("wolfJSSE")) { if (this.provider != null && this.provider.equals("wolfJSSE")) {
expected = 7; /* one less than SunJSSE because of server-ecc */ expected = 7; /* one less than SunJSSE because of server-ecc */
} }
/* Test for KeyStore provider/version, cert order is different */
try {
KeyStore tmpStore = KeyStore.getInstance("JKS");
String tmpStoreProv = tmpStore.getProvider().getName();
double tmpStoreProvVer = tmpStore.getProvider().getVersion();
if (tmpStoreProv.equals("SUN") && tmpStoreProvVer == 1.7) {
OU = OU_17;
}
} catch (KeyStoreException kse) {
error("\t... failed");
fail("failed to detect KeyStore provider version");
}
tm = tf.createTrustManager("SunX509", tf.mixedJKS, provider); tm = tf.createTrustManager("SunX509", tf.mixedJKS, provider);
if (tm == null) { if (tm == null) {
error("\t... failed"); error("\t... failed");
fail("failed to create trustmanager"); fail("failed to create trustmanager");
return; return;
} }
x509tm = (X509TrustManager) tm[0]; x509tm = (X509TrustManager) tm[0];
@ -228,28 +287,28 @@ public class WolfSSLTrustX509Test {
fail("no CAs where found"); fail("no CAs where found");
return; return;
} }
if (cas.length != expected) { if (cas.length != expected) {
error("\t... failed"); error("\t... failed");
fail("wrong number of CAs found"); fail("wrong number of CAs found");
} }
for (j = 0; j < OU.length && i < cas.length; j++) { for (j = 0; j < OU.length && i < cas.length; j++) {
if (this.provider != null && if (this.provider != null &&
provider.equals("wolfJSSE") && OU[j].equals("OU=ECC")) { provider.equals("wolfJSSE") && OU[j].equals("OU=ECC")) {
continue; continue;
} }
if (!cas[i].getSubjectDN().getName().contains(OU[j])) { if (!cas[i].getSubjectDN().getName().contains(OU[j])) {
error("\t... failed"); error("\t... failed");
fail("wrong CA found"); fail("wrong CA found");
} }
i++; i++;
} }
pass("\t... passed"); pass("\t... passed");
} }
@Test @Test
public void testSystemLoad() { public void testSystemLoad() {
String file = System.getProperty("javax.net.ssl.trustStore"); String file = System.getProperty("javax.net.ssl.trustStore");