diff options
| author | Brian Carlstrom <bdc@google.com> | 2011-03-17 22:29:44 -0700 |
|---|---|---|
| committer | Brian Carlstrom <bdc@google.com> | 2011-04-06 14:29:45 -0700 |
| commit | 3258b52429c7768ea91bda93c5a15257cdd390e5 (patch) | |
| tree | 2624501660fb7fd89395c044a251d6e439d8a61e /support | |
| parent | 1662d76b21f3f77ed666f82977f02793569c1302 (diff) | |
| download | libcore-3258b52429c7768ea91bda93c5a15257cdd390e5.zip libcore-3258b52429c7768ea91bda93c5a15257cdd390e5.tar.gz libcore-3258b52429c7768ea91bda93c5a15257cdd390e5.tar.bz2 | |
libcore key chain support
Allow access to default IndexedPKIXParameters, similar to access to
default TrustManager. Needed to allow framework to add/remove trusted
CAs at runtime.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Add test support for looking up a cert by an issuer for use in key chain tests.
support/src/test/java/libcore/java/security/TestKeyStore.java
Add test support SSLSocketFactory that sets desired client auth on
each created socket. For use with MockWebServer for key chain testing.
support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java
Change-Id: Iecdbd40c67f1673bda25a52b4e229156c805d564
Diffstat (limited to 'support')
| -rw-r--r-- | support/src/test/java/libcore/java/security/TestKeyStore.java | 68 | ||||
| -rw-r--r-- | support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java | 53 |
2 files changed, 110 insertions, 11 deletions
diff --git a/support/src/test/java/libcore/java/security/TestKeyStore.java b/support/src/test/java/libcore/java/security/TestKeyStore.java index 12b166b..353ca20 100644 --- a/support/src/test/java/libcore/java/security/TestKeyStore.java +++ b/support/src/test/java/libcore/java/security/TestKeyStore.java @@ -576,7 +576,7 @@ public final class TestKeyStore extends Assert { String keyAlgorithm, String signatureAlgorithm) throws Exception { PrivateKeyEntry found = null; PasswordProtection password = new PasswordProtection(keyPassword); - for (String alias: Collections.list(keyStore.aliases())) { + for (String alias : Collections.list(keyStore.aliases())) { if (!keyStore.entryInstanceOf(alias, PrivateKeyEntry.class)) { continue; } @@ -589,7 +589,7 @@ public final class TestKeyStore extends Assert { continue; } if (found != null) { - throw new IllegalStateException("keyStore has more than one private key for " + throw new IllegalStateException("KeyStore has more than one private key for " + " keyAlgorithm: " + keyAlgorithm + " signatureAlgorithm: " + signatureAlgorithm + "\nfirst: " + found.getPrivateKey() @@ -598,7 +598,7 @@ public final class TestKeyStore extends Assert { found = privateKey; } if (found == null) { - throw new IllegalStateException("keyStore contained no private key for " + throw new IllegalStateException("KeyStore contained no private key for " + " keyAlgorithm: " + keyAlgorithm + " signatureAlgorithm: " + signatureAlgorithm); } @@ -606,6 +606,56 @@ public final class TestKeyStore extends Assert { } /** + * Return the issuing CA certificate of the given + * certificate. Throws IllegalStateException if there are are more + * or less than one. + */ + public Certificate getIssuer(Certificate cert) throws Exception { + return issuer(keyStore, cert); + } + + /** + * Return the issuing CA certificate of the given + * certificate. Throws IllegalStateException if there are are more + * or less than one. + */ + public static Certificate issuer(KeyStore keyStore, Certificate c) + throws Exception { + if (!(c instanceof X509Certificate)) { + throw new IllegalStateException("issuer requires an X509Certificate, found " + c); + } + X509Certificate cert = (X509Certificate) c; + + Certificate found = null; + for (String alias : Collections.list(keyStore.aliases())) { + if (!keyStore.entryInstanceOf(alias, TrustedCertificateEntry.class)) { + continue; + } + TrustedCertificateEntry certificateEntry = + (TrustedCertificateEntry) keyStore.getEntry(alias, null); + Certificate certificate = certificateEntry.getTrustedCertificate(); + if (!(certificate instanceof X509Certificate)) { + continue; + } + X509Certificate x = (X509Certificate) certificate; + if (!cert.getIssuerDN().equals(x.getSubjectDN())) { + continue; + } + if (found != null) { + throw new IllegalStateException("KeyStore has more than one issuing CA for " + + cert + + "\nfirst: " + found + + "\nsecond: " + certificate ); + } + found = certificate; + } + if (found == null) { + throw new IllegalStateException("KeyStore contained no issuing CA for " + cert); + } + return found; + } + + /** * Return the only self-signed root certificate in a TestKeyStore * for the given algorithm. Throws IllegalStateException if there * are are more or less than one. @@ -622,7 +672,7 @@ public final class TestKeyStore extends Assert { public static Certificate rootCertificate(KeyStore keyStore, String algorithm) throws Exception { Certificate found = null; - for (String alias: Collections.list(keyStore.aliases())) { + for (String alias : Collections.list(keyStore.aliases())) { if (!keyStore.entryInstanceOf(alias, TrustedCertificateEntry.class)) { continue; } @@ -640,7 +690,7 @@ public final class TestKeyStore extends Assert { continue; } if (found != null) { - throw new IllegalStateException("keyStore has more than one root CA for " + throw new IllegalStateException("KeyStore has more than one root CA for " + algorithm + "\nfirst: " + found + "\nsecond: " + certificate ); @@ -648,7 +698,7 @@ public final class TestKeyStore extends Assert { found = certificate; } if (found == null) { - throw new IllegalStateException("keyStore contained no root CA for " + algorithm); + throw new IllegalStateException("KeyStore contained no root CA for " + algorithm); } return found; } @@ -668,7 +718,7 @@ public final class TestKeyStore extends Assert { */ public static boolean copySelfSignedCertificates(KeyStore dst, KeyStore src) throws Exception { boolean copied = false; - for (String alias: Collections.list(src.aliases())) { + for (String alias : Collections.list(src.aliases())) { if (!src.isCertificateEntry(alias)) { continue; } @@ -688,7 +738,7 @@ public final class TestKeyStore extends Assert { */ public static boolean copyCertificate(Principal subject, KeyStore dst, KeyStore src) throws Exception { - for (String alias: Collections.list(src.aliases())) { + for (String alias : Collections.list(src.aliases())) { if (!src.isCertificateEntry(alias)) { continue; } @@ -715,7 +765,7 @@ public final class TestKeyStore extends Assert { out.println("\tkeyPassword=" + ((keyPassword == null) ? null : new String(keyPassword))); out.println("\tsize=" + keyStore.size()); - for (String alias: Collections.list(keyStore.aliases())) { + for (String alias : Collections.list(keyStore.aliases())) { out.println("alias=" + alias); out.println("\tcreationDate=" + keyStore.getCreationDate(alias)); if (keyStore.isCertificateEntry(alias)) { diff --git a/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java b/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java index f171c6c..e1af9e2 100644 --- a/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java +++ b/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java @@ -16,13 +16,14 @@ package libcore.javax.net.ssl; +import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; +import java.net.Socket; +import java.net.UnknownHostException; import java.security.KeyStore; import java.security.Principal; import java.security.SecureRandom; -import libcore.java.security.StandardNames; -import libcore.java.security.TestKeyStore; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -30,10 +31,14 @@ import java.util.Collections; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509TrustManager; import junit.framework.Assert; +import libcore.java.security.StandardNames; +import libcore.java.security.TestKeyStore; /** * TestSSLContext is a convenience class for other tests that @@ -255,4 +260,48 @@ public final class TestSSLContext extends Assert { X509Certificate[] chain = (X509Certificate[]) clientChain; trustManager.checkClientTrusted(chain, chain[0].getPublicKey().getAlgorithm()); } + + /** + * Returns an SSLSocketFactory that calls setWantClientAuth and + * setNeedClientAuth as specified on all returned sockets. + */ + public static SSLSocketFactory clientAuth(final SSLSocketFactory sf, + final boolean want, + final boolean need) { + return new SSLSocketFactory() { + private SSLSocket set(Socket socket) { + SSLSocket s = (SSLSocket) socket; + s.setWantClientAuth(want); + s.setNeedClientAuth(need); + return s; + } + public Socket createSocket(String host, int port) + throws IOException, UnknownHostException { + return set(sf.createSocket(host, port)); + } + public Socket createSocket(String host, int port, InetAddress localHost, int localPort) + throws IOException, UnknownHostException { + return set(sf.createSocket(host, port, localHost, localPort)); + } + public Socket createSocket(InetAddress host, int port) throws IOException { + return set(sf.createSocket(host, port)); + } + public Socket createSocket(InetAddress address, int port, + InetAddress localAddress, int localPort) throws IOException { + return set(sf.createSocket(address, port)); + } + + public String[] getDefaultCipherSuites() { + return sf.getDefaultCipherSuites(); + } + public String[] getSupportedCipherSuites() { + return sf.getSupportedCipherSuites(); + } + + public Socket createSocket(Socket s, String host, int port, boolean autoClose) + throws IOException { + return set(sf.createSocket(s, host, port, autoClose)); + } + }; + } } |