WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

update JKS script added and more keystores

pull/23/head
Jacob Barthelmeh 2019-03-27 12:04:38 -06:00
parent b033996821
commit f8995c9b23
10 changed files with 314 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
examples/provider/all.jks 100644
View File

Binary file not shown.

BIN
examples/provider/all_mixed.jks 100644
View File

Binary file not shown.

BIN
examples/provider/client.jks
View File

Binary file not shown.

BIN
examples/provider/ecc.jks 100644
View File

Binary file not shown.

BIN
examples/provider/rsa.jks 100644
View File

Binary file not shown.

BIN
examples/provider/server.jks
View File

Binary file not shown.

84
examples/provider/update-jks.sh 100755
View File

@ -0,0 +1,84 @@
# Used to update all of the JKS stores
printf "Removing and updating JKS stores\n"
if [ -z "$1" ]; then
printf "\tNo directory to certs provided\n"
printf "\tExample use ./update-jks.sh ~/wolfssl/certs\n"
exit 1;
fi
CERT_LOCATION=$1
# keystore-name , cert file , alias , password
add_cert() {
keytool -import -keystore "$1" -file "$CERT_LOCATION/$2" -alias "$3" -noprompt -trustcacerts -storepass "$4"
if [ $? -ne 0 ]; then
printf "fail"
exit 1
fi
}
# keystore-name , cert file , key file , alias , password
add_cert_key() {
openssl pkcs12 -export -in "$CERT_LOCATION/$2" -inkey "$CERT_LOCATION/$3" -out tmp.p12 -passin pass:"$5" -passout pass:"$5" -name "$4" &> /dev/null
keytool -importkeystore -deststorepass "$5" -destkeystore "$1" -srckeystore tmp.p12 -srcstoretype PKCS12 -srcstorepass "$5" -alias "$4" &> /dev/null
if [ $? -ne 0 ]; then
printf "fail"
exit 1
fi
rm tmp.p12
}
printf "\tCreating all.jks ..."
rm all.jks &> /dev/null
add_cert_key "all.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
add_cert_key "all.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test"
add_cert_key "all.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test"
add_cert_key "all.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test"
add_cert_key "all.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
add_cert_key "all.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
add_cert_key "all.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test"
add_cert_key "all.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test"
printf "done\n"
printf "\tCreating client.jks ..."
rm client.jks &> /dev/null
add_cert_key "client.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
add_cert_key "client.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test"
add_cert_key "client.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
add_cert_key "client.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test"
add_cert_key "client.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test"
printf "done\n"
printf "\tCreating server.jks ..."
rm server.jks &> /dev/null
add_cert_key "server.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test"
add_cert_key "server.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test"
add_cert_key "server.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
add_cert_key "server.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test"
add_cert_key "server.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test"
printf "done\n"
printf "\tCreating rsa.jks ..."
rm rsa.jks &> /dev/null
add_cert_key "rsa.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
add_cert_key "rsa.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test"
add_cert_key "rsa.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test"
printf "done\n"
printf "\tCreating ecc.jks ..."
rm ecc.jks &> /dev/null
add_cert_key "ecc.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
add_cert_key "ecc.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
printf "done\n"
printf "\tCreating all_mixed.jks ..."
rm all_mixed.jks &> /dev/null
add_cert_key "all_mixed.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
add_cert_key "all_mixed.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test"
add_cert_key "all_mixed.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test"
add_cert_key "all_mixed.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
add_cert_key "all_mixed.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
add_cert_key "all_mixed.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test"
add_cert_key "all_mixed.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test"
add_cert_key "all_mixed.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test"
printf "done\n"

202
src/test/com/wolfssl/provider/jsse/test/WolfSSLEngineTest.java
View File

@ -21,6 +21,7 @@
package com.wolfssl.provider.jsse.test;
import com.wolfssl.provider.jsse.WolfSSLProvider;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
@ -31,6 +32,8 @@ import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
@ -45,6 +48,7 @@ import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
import org.junit.BeforeClass;
import org.junit.Test;
@ -77,82 +81,17 @@ public class WolfSSLEngineTest {
throws NoSuchProviderException {
System.out.println("WolfSSLEngine Class");
/* install wolfJSSE provider at runtime */
Security.addProvider(new WolfSSLProvider());
Provider p = Security.getProvider("wolfJSSE");
assertNotNull(p);
tf = new WolfSSLTestFactory();
}
private TrustManager[] createTrustManager(String type, String file) {
TrustManagerFactory tm;
KeyStore cert;
try {
cert = KeyStore.getInstance("JKS");
cert.load(new FileInputStream(file), jksPass);
tm = TrustManagerFactory.getInstance(type);
tm.init(cert);
return tm.getTrustManagers();
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
} catch (KeyStoreException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
} catch (FileNotFoundException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
} catch (CertificateException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
}
return null;
}
private KeyManager[] createKeyManager(String type, String file) {
KeyManagerFactory km;
KeyStore pKey;
try {
/* set up KeyStore */
pKey = KeyStore.getInstance("JKS");
pKey.load(new FileInputStream(file), jksPass);
/* load private key */
km = KeyManagerFactory.getInstance(type);
km.init(pKey, jksPass);
return km.getKeyManagers();
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
} catch (KeyStoreException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
} catch (FileNotFoundException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
} catch (CertificateException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
} catch (UnrecoverableKeyException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
}
return null;
}
private void createSSLContext(String protocol) {
try {
if (engineProvider != null) {
this.ctx = SSLContext.getInstance(protocol, engineProvider);
}
else {
this.ctx = SSLContext.getInstance(protocol);
}
this.ctx.init(createKeyManager("SunX509", clientJKS),
createTrustManager("SunX509", clientJKS), null);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
} catch (KeyManagementException ex) {
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
} catch (NoSuchProviderException ex) {
System.out.println("Could not find the provider : " + engineProvider);
Logger.getLogger(WolfSSLEngineTest.class.getName()).log(Level.SEVERE, null, ex);
}
}
private int CloseConnection(SSLEngine server, SSLEngine client, boolean earlyClose) throws SSLException {
ByteBuffer serToCli = ByteBuffer.allocateDirect(server.getSession().getPacketBufferSize());
ByteBuffer cliToSer = ByteBuffer.allocateDirect(client.getSession().getPacketBufferSize());
@ -441,10 +380,10 @@ public class WolfSSLEngineTest {
this.ctx = tf.createSSLContext("TLSv1.2", engineProvider);
e = this.ctx.createSSLEngine();
if (e == null) {
System.out.println("\t\t... failed");
error("\t\t... failed");
fail("failed to create engine");
}
System.out.println("\t\t... passed");
pass("\t\t... passed");
}
@Test
@ -458,7 +397,7 @@ public class WolfSSLEngineTest {
this.ctx = tf.createSSLContext("TLSv1.2", engineProvider);
e = this.ctx.createSSLEngine();
if (e == null) {
System.out.println("\t\t... failed");
error("\t\t... failed");
fail("failed to create engine");
}
@ -476,10 +415,10 @@ public class WolfSSLEngineTest {
e.setEnabledCipherSuites(new String[] {sup[0]});
if (e.getEnabledCipherSuites() == null ||
!sup[0].equals(e.getEnabledCipherSuites()[0])) {
System.out.println("\t\t... failed");
error("\t\t... failed");
fail("unexpected empty cipher list");
}
System.out.println("\t\t... passed");
pass("\t\t... passed");
}
@Test
@ -522,22 +461,99 @@ public class WolfSSLEngineTest {
ret = testConnection(server, client, new String[] { cipher },
new String[] { "TLSv1.2" }, "Test cipher suite");
if (ret != 0) {
System.out.println("\t... failed");
error("\t... failed");
System.out.println("failed with ret = " + ret);
fail("failed to create engine");
}
System.out.println("\t... passed");
/* check if inbound is still open */
if (server.isInboundDone() && client.isInboundDone()) {
error("\t... failed");
fail("inbound done too early");
}
/* check if outbound is still open */
if (server.isOutboundDone() && client.isOutboundDone()) {
error("\t... failed");
fail("outbound done too early");
}
pass("\t... passed");
System.out.print("\tTesting close connection");
try {
/* test close connection */
CloseConnection(server, client, false);
} catch (SSLException ex) {
System.out.println("\t... failed");
error("\t... failed");
fail("failed to create engine");
}
System.out.println("\t... passed");
/* check if inbound is still open */
if (!server.isInboundDone() || !client.isInboundDone()) {
error("\t... failed");
fail("inbound is not done");
}
/* check if outbound is still open */
if (!server.isOutboundDone() || !client.isOutboundDone()) {
error("\t... failed");
fail("outbound is not done");
}
/* close inbound should do nothing now */
try {
server.closeInbound();
} catch (SSLException ex) {
error("\t... failed");
fail("close inbound failure");
}
pass("\t... passed");
}
@Test
public void testConnectionOutIn()
throws NoSuchProviderException, NoSuchAlgorithmException {
SSLEngine server;
SSLEngine client;
int ret;
/* create new SSLEngine */
System.out.print("\tTesting out/in bound");
this.ctx = tf.createSSLContext("TLS", engineProvider);
server = this.ctx.createSSLEngine();
client = this.ctx.createSSLEngine("wolfSSL client test", 11111);
ret = testConnection(server, client, null, null, "Test in/out bound");
if (ret != 0) {
error("\t\t... failed");
System.out.println("failed with ret = " + ret);
fail("failed to create engine");
}
/* check if inbound is still open */
if (server.isInboundDone() && client.isInboundDone()) {
error("\t\t... failed");
fail("inbound done too early");
}
/* check if outbound is still open */
if (server.isOutboundDone() && client.isOutboundDone()) {
error("\t\t... failed");
fail("outbound done too early");
}
/* close inbound before peer responded to shutdown should fail */
try {
server.closeInbound();
System.out.println("closed inbound early");
error("\t\t... failed");
fail("was able to incorrectly close inbound");
} catch (SSLException ex) {
}
pass("\t\t... passed");
}
@Test
@ -567,7 +583,7 @@ public class WolfSSLEngineTest {
ret = testConnection(server, client, null, null, "Test reuse");
if (ret != 0) {
System.out.println("\t... failed");
error("\t... failed");
fail("failed to create engine");
}
@ -575,7 +591,7 @@ public class WolfSSLEngineTest {
/* test close connection */
CloseConnection(server, client, false);
} catch (SSLException ex) {
System.out.println("\t... failed");
error("\t... failed");
fail("failed to create engine");
}
@ -596,17 +612,17 @@ public class WolfSSLEngineTest {
client.setEnableSessionCreation(false);
ret = testConnection(server, client, null, null, "Test reuse");
if (ret != 0) {
System.out.println("\t... failed");
error("\t... failed");
fail("failed to create engine");
}
try {
/* test close connection */
CloseConnection(server, client, false);
} catch (SSLException ex) {
System.out.println("\t... failed");
error("\t... failed");
fail("failed to create engine");
}
System.out.println("\t... passed");
pass("\t... passed");
}
@Test
@ -648,15 +664,23 @@ public class WolfSSLEngineTest {
}
if (!server.success || !client.success) {
System.out.println("\t\t... failed");
error("\t\t... failed");
fail("failed to successfully connect");
}
System.out.println("\t\t... passed");
pass("\t\t... passed");
}
/* status tests buffer overflow/underflow/closed test */
private void pass(String msg) {
WolfSSLTestFactory.pass(msg);
}
private void error(String msg) {
WolfSSLTestFactory.fail(msg);
}
protected class ServerEngine extends Thread
{
private final SSLEngine server;

36
src/test/com/wolfssl/provider/jsse/test/WolfSSLTestFactory.java
View File

@ -239,4 +239,40 @@ class WolfSSLTestFactory {
TrustManager[] tm, KeyManager[] km) {
return internalCreateSSLContext(protocol, provider, tm, km);
}
/**
* Red coloring to fail message
* @param msg
*/
static void fail(String msg) {
System.out.println(msg);
/* commented out because of portability concerns
if (System.getProperty("os.name").contains("Windows")) {
System.out.println(msg);
}
else {
String red = "\u001B[31m";
String reset = "\u001B[0m";
System.out.println(red + msg + reset);
}
*/
}
/**
* Green coloring to pass message
* @param msg
*/
static void pass(String msg) {
System.out.println(msg);
/* commented out because of portability concerns
if (System.getProperty("os.name").contains("Windows")) {
System.out.println(msg);
}
else {
String green = "\u001B[32m";
String reset = "\u001B[0m";
System.out.println(green + msg + reset);
}
*/
}
}

81
src/test/com/wolfssl/provider/jsse/test/WolfSSLTrustX509Test.java 100644
View File

@ -0,0 +1,81 @@
/* WolfSSLTrustX509Test.java
*
* Copyright (C) 2006-2018 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
package com.wolfssl.provider.jsse.test;
import com.wolfssl.provider.jsse.WolfSSLProvider;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author wolfSSL
*/
public class WolfSSLTrustX509Test {
private static WolfSSLTestFactory tf;
private String allJKS;
private String provider = null;
@BeforeClass
public static void testProviderInstallationAtRuntime()
throws NoSuchProviderException {
System.out.println("WolfSSLTrustX509 Class");
/* install wolfJSSE provider at runtime */
Security.addProvider(new WolfSSLProvider());
Provider p = Security.getProvider("wolfJSSE");
assertNotNull(p);
tf = new WolfSSLTestFactory();
}
@Test
public void testParsing()
throws NoSuchProviderException, NoSuchAlgorithmException {
TrustManager[] tm;
System.out.print("\tTesting parsing");
tm = tf.createTrustManager("SunX509", allJKS, provider);
if (tm == null) {
error("\t... failed");
fail("failed to create trustmanager");
}
}
private void pass(String msg) {
WolfSSLTestFactory.pass(msg);
}
private void error(String msg) {
WolfSSLTestFactory.fail(msg);
}
}