org.jsslutils.sslcontext.test
Class MiniSslClientServer

java.lang.Object
  extended by org.jsslutils.sslcontext.test.MiniSslClientServer

public abstract class MiniSslClientServer
extends java.lang.Object

This class contains both a client and a server that can be used to build small tests, to test the SSLContextFactory. These examples come with a demo CA (a few certificates and keys). These are not to be used in real-life application. DO NOT add them to your set of trusted certificates in your web-browser or similar application.

Author:
Bruno Harbulot.

Nested Class Summary
protected static class MiniSslClientServer.RequestHandler
          Small class that handles a server request.
 
Field Summary
static java.lang.String CERTIFICATES_DIRECTORY
           
static java.lang.String KEYSTORE_PASSWORD
           
protected  java.lang.Exception listeningServerException
           
protected  java.util.concurrent.LinkedBlockingQueue<java.util.concurrent.Future<java.lang.Object>> serverRequestsFutures
           
protected  int serverTimeout
           
protected  boolean stopServer
           
protected  int testPort
           
protected  boolean verboseExceptions
           
 
Constructor Summary
MiniSslClientServer()
           
 
Method Summary
 java.security.KeyStore getBadClientCertKeyStore()
          Returns the keystore containing a test key and certificate that is not to be trusted by the server when CRLs are enabled.
 java.security.KeyStore getCaKeyStore()
          Returns the store of CA certificates, to be used as a trust store.
protected  java.lang.String getCertificatesDirectory()
           
 java.security.KeyStore getGoodClientCertKeyStore()
          Returns the keystore containing a test key and certificate that is to be trusted by the server.
 java.util.Collection<java.security.cert.X509CRL> getLocalCRLs()
          Returns a collection of CRLs to be used by the tests.
 java.security.KeyStore getServerCertKeyStore()
          Returns the keystore containing the key and the certificate to be used by the server.
protected  java.lang.Exception makeClientRequest(javax.net.ssl.SSLContext sslClientContext)
           
protected  javax.net.ssl.SSLServerSocket prepareServerSocket(javax.net.ssl.SSLContext sslServerContext)
          Creates and binds the SSLServerSocket to a port after trying a few port numbers.
protected  java.lang.Throwable printSslException(java.lang.String prefix, javax.net.ssl.SSLException sslException, javax.net.ssl.SSLSocket socket)
          Used for printing out more info when there's a problem.
protected  void printSslSocketInfo(javax.net.ssl.SSLSocket socket)
          Used for printing out more info when there's a problem.
protected  java.lang.Thread runServer(javax.net.ssl.SSLServerSocket serverSocket)
          Starts the mini server.
 boolean runTest(javax.net.ssl.SSLContext sslClientContext, javax.net.ssl.SSLContext sslServerContext)
          This runs the main test: it runs a client and a server.
protected  void setServerRequestNumber(int serverRequestNumber)
          Sets the number of requests the mini server is supposed to accept.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CERTIFICATES_DIRECTORY

public static final java.lang.String CERTIFICATES_DIRECTORY
See Also:
Constant Field Values

KEYSTORE_PASSWORD

public static final java.lang.String KEYSTORE_PASSWORD
See Also:
Constant Field Values

stopServer

protected volatile boolean stopServer

verboseExceptions

protected boolean verboseExceptions

serverTimeout

protected volatile int serverTimeout

testPort

protected int testPort

serverRequestsFutures

protected final java.util.concurrent.LinkedBlockingQueue<java.util.concurrent.Future<java.lang.Object>> serverRequestsFutures

listeningServerException

protected volatile java.lang.Exception listeningServerException
Constructor Detail

MiniSslClientServer

public MiniSslClientServer()
Method Detail

getCertificatesDirectory

protected java.lang.String getCertificatesDirectory()

getCaKeyStore

public java.security.KeyStore getCaKeyStore()
                                     throws java.io.IOException,
                                            java.security.NoSuchAlgorithmException,
                                            java.security.KeyStoreException,
                                            java.security.cert.CertificateException
Returns the store of CA certificates, to be used as a trust store. The default value is to load 'dummy.jks', part of this test suite.

Returns:
KeyStore containing the certificates to trust.
Throws:
java.io.IOException
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.cert.CertificateException

getServerCertKeyStore

public java.security.KeyStore getServerCertKeyStore()
                                             throws java.io.IOException,
                                                    java.security.NoSuchAlgorithmException,
                                                    java.security.KeyStoreException,
                                                    java.security.cert.CertificateException
Returns the keystore containing the key and the certificate to be used by the server.

Returns:
KeyStore containing the server credentials.
Throws:
java.io.IOException
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.cert.CertificateException

getGoodClientCertKeyStore

public java.security.KeyStore getGoodClientCertKeyStore()
                                                 throws java.io.IOException,
                                                        java.security.NoSuchAlgorithmException,
                                                        java.security.KeyStoreException,
                                                        java.security.cert.CertificateException
Returns the keystore containing a test key and certificate that is to be trusted by the server. This is the "good" keystore in that its certificate has not been revoked by the demo CA. This should work whether-or-not CRLs are used.

Returns:
KeyStore containing the "good" client credentials.
Throws:
java.io.IOException
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.cert.CertificateException

getBadClientCertKeyStore

public java.security.KeyStore getBadClientCertKeyStore()
                                                throws java.io.IOException,
                                                       java.security.NoSuchAlgorithmException,
                                                       java.security.KeyStoreException,
                                                       java.security.cert.CertificateException
Returns the keystore containing a test key and certificate that is not to be trusted by the server when CRLs are enabled. This is the "bad" keystore in that its certificate has been revoked by the demo CA. This should pass work when CRLs checks are disabled, but fail when they are used.

Returns:
KeyStore containing the "bad" client credentials.
Throws:
java.io.IOException
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.cert.CertificateException

getLocalCRLs

public java.util.Collection<java.security.cert.X509CRL> getLocalCRLs()
                                                              throws java.io.IOException,
                                                                     java.security.NoSuchAlgorithmException,
                                                                     java.security.KeyStoreException,
                                                                     java.security.cert.CertificateException,
                                                                     java.security.cert.CRLException
Returns a collection of CRLs to be used by the tests. This is loaded from 'newca.crl'.

Returns:
CRLs
Throws:
java.io.IOException
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.cert.CertificateException
java.security.cert.CRLException

setServerRequestNumber

protected void setServerRequestNumber(int serverRequestNumber)
Sets the number of requests the mini server is supposed to accept. This defaults to 1, with a 4-second timeout.

Parameters:
serverRequestNumber -

prepareServerSocket

protected javax.net.ssl.SSLServerSocket prepareServerSocket(javax.net.ssl.SSLContext sslServerContext)
Creates and binds the SSLServerSocket to a port after trying a few port numbers.

Parameters:
sslServerContext - SSLContext from which to build the socket and its SSLSocketFactory.
Returns:
Bound SSLServerSocket.

runServer

protected java.lang.Thread runServer(javax.net.ssl.SSLServerSocket serverSocket)
Starts the mini server.

Parameters:
serverSocket - bound SSLServerSocket for this server.

runTest

public boolean runTest(javax.net.ssl.SSLContext sslClientContext,
                       javax.net.ssl.SSLContext sslServerContext)
                throws java.io.IOException,
                       java.lang.InterruptedException
This runs the main test: it runs a client and a server.

Parameters:
sslClientContext - SSLContext to be used by the client.
sslServerContext - SSLContext to be used by the server.
Returns:
true if the server accepted the SSL certificate.
Throws:
SSLContextFactoryException
java.io.IOException
java.lang.InterruptedException

makeClientRequest

protected java.lang.Exception makeClientRequest(javax.net.ssl.SSLContext sslClientContext)
                                         throws java.io.IOException
Parameters:
sslClientSocketFactory -
Throws:
java.io.IOException

printSslException

protected java.lang.Throwable printSslException(java.lang.String prefix,
                                                javax.net.ssl.SSLException sslException,
                                                javax.net.ssl.SSLSocket socket)
Used for printing out more info when there's a problem.

Parameters:
prefix -
sslException -
socket -
Returns:

printSslSocketInfo

protected void printSslSocketInfo(javax.net.ssl.SSLSocket socket)
Used for printing out more info when there's a problem.

Parameters:
socket -


Copyright © 2011. All Rights Reserved.