Repository: mina Updated Branches: refs/heads/2.0 c6f68526e -> 24d58b93b
o Fix the certificates and the code so that the tests works with Java 8, which is more strict with the used algorithm (typically, certificate must use more than 512 bits°; The bogus.cert has been regenerated with 2048 bits, and a 10 years validity. Project: http://git-wip-us.apache.org/repos/asf/mina/repo Commit: http://git-wip-us.apache.org/repos/asf/mina/commit/24d58b93 Tree: http://git-wip-us.apache.org/repos/asf/mina/tree/24d58b93 Diff: http://git-wip-us.apache.org/repos/asf/mina/diff/24d58b93 Branch: refs/heads/2.0 Commit: 24d58b93beb9a28b887fa3e9f6fe406a8e13228a Parents: c6f6852 Author: Emmanuel Lécharny <elecha...@symas.com> Authored: Mon Dec 26 20:14:42 2016 +0100 Committer: Emmanuel Lécharny <elecha...@symas.com> Committed: Mon Dec 26 20:14:42 2016 +0100 ---------------------------------------------------------------------- .../echoserver/ssl/BogusSslContextFactory.java | 36 +++++++------ .../ssl/BogusTrustManagerFactory.java | 50 +++++++++++++++++-- .../tcp/perf/BogusSslContextFactory.java | 43 ++++++++-------- .../tcp/perf/BogusTrustManagerFactory.java | 41 +++++++++++++-- .../mina/example/echoserver/ssl/bogus.cert | Bin 937 -> 2247 bytes 5 files changed, 119 insertions(+), 51 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina/blob/24d58b93/mina-example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusSslContextFactory.java ---------------------------------------------------------------------- diff --git a/mina-example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusSslContextFactory.java b/mina-example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusSslContextFactory.java index 59ab41d..20b834c 100644 --- a/mina-example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusSslContextFactory.java +++ b/mina-example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusSslContextFactory.java @@ -38,13 +38,13 @@ public class BogusSslContextFactory { /** * Protocol to use. */ - private static final String PROTOCOL = "TLS"; + private static final String PROTOCOL = "TLSv1.2"; private static final String KEY_MANAGER_FACTORY_ALGORITHM; static { - String algorithm = Security - .getProperty("ssl.KeyManagerFactory.algorithm"); + String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); + if (algorithm == null) { algorithm = KeyManagerFactory.getDefaultAlgorithm(); } @@ -79,20 +79,20 @@ public class BogusSslContextFactory { * @return SSLContext The created SSLContext * @throws GeneralSecurityException If we had an issue creating the SSLContext */ - public static SSLContext getInstance(boolean server) - throws GeneralSecurityException { - SSLContext retInstance = null; + public static SSLContext getInstance(boolean server) throws GeneralSecurityException { + SSLContext retInstance; + if (server) { synchronized(BogusSslContextFactory.class) { if (serverInstance == null) { try { serverInstance = createBougusServerSslContext(); } catch (Exception ioe) { - throw new GeneralSecurityException( - "Can't create Server SSLContext:" + ioe); + throw new GeneralSecurityException( "Can't create Server SSLContext:" + ioe); } } } + retInstance = serverInstance; } else { synchronized (BogusSslContextFactory.class) { @@ -100,19 +100,20 @@ public class BogusSslContextFactory { clientInstance = createBougusClientSslContext(); } } + retInstance = clientInstance; } + return retInstance; } - private static SSLContext createBougusServerSslContext() - throws GeneralSecurityException, IOException { + private static SSLContext createBougusServerSslContext() throws GeneralSecurityException, IOException { // Create keystore KeyStore ks = KeyStore.getInstance("JKS"); InputStream in = null; + try { - in = BogusSslContextFactory.class - .getResourceAsStream(BOGUS_KEYSTORE); + in = BogusSslContextFactory.class.getResourceAsStream(BOGUS_KEYSTORE); ks.load(in, BOGUS_PW); } finally { if (in != null) { @@ -124,23 +125,20 @@ public class BogusSslContextFactory { } // Set up key manager factory to use our key store - KeyManagerFactory kmf = KeyManagerFactory - .getInstance(KEY_MANAGER_FACTORY_ALGORITHM); + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM); kmf.init(ks, BOGUS_PW); // Initialize the SSLContext to work with our key managers. SSLContext sslContext = SSLContext.getInstance(PROTOCOL); - sslContext.init(kmf.getKeyManagers(), - BogusTrustManagerFactory.X509_MANAGERS, null); + sslContext.init(kmf.getKeyManagers(), BogusTrustManagerFactory.X509_MANAGERS, null); return sslContext; } - private static SSLContext createBougusClientSslContext() - throws GeneralSecurityException { + private static SSLContext createBougusClientSslContext() throws GeneralSecurityException { SSLContext context = SSLContext.getInstance(PROTOCOL); context.init(null, BogusTrustManagerFactory.X509_MANAGERS, null); + return context; } - } http://git-wip-us.apache.org/repos/asf/mina/blob/24d58b93/mina-example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusTrustManagerFactory.java ---------------------------------------------------------------------- diff --git a/mina-example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusTrustManagerFactory.java b/mina-example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusTrustManagerFactory.java index 7d209d6..c920b65 100644 --- a/mina-example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusTrustManagerFactory.java +++ b/mina-example/src/main/java/org/apache/mina/example/echoserver/ssl/BogusTrustManagerFactory.java @@ -19,6 +19,7 @@ */ package org.apache.mina.example.echoserver.ssl; +import java.net.Socket; import java.security.InvalidAlgorithmParameterException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -26,8 +27,10 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.ManagerFactoryParameters; +import javax.net.ssl.SSLEngine; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactorySpi; +import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; /** @@ -36,36 +39,73 @@ import javax.net.ssl.X509TrustManager; * @author <a href="http://mina.apache.org";>Apache MINA Project</a> */ class BogusTrustManagerFactory extends TrustManagerFactorySpi { + static final X509TrustManager X509 = new X509ExtendedTrustManager() { - static final X509TrustManager X509 = new X509TrustManager() { - public void checkClientTrusted(X509Certificate[] x509Certificates, - String s) throws CertificateException { + @Override + public void checkClientTrusted( X509Certificate[] chain, String authType ) throws CertificateException { + // Nothing to do } - public void checkServerTrusted(X509Certificate[] x509Certificates, - String s) throws CertificateException { + @Override + public void checkServerTrusted( X509Certificate[] chain, String authType ) throws CertificateException { + // Nothing to do } + @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } + + @Override + public void checkClientTrusted( X509Certificate[] chain, String authType, Socket socket ) + throws CertificateException { + // Nothing to do + } + + @Override + public void checkClientTrusted( X509Certificate[] chain, String authType, SSLEngine engine ) + throws CertificateException { + // Nothing to do + } + + @Override + public void checkServerTrusted( X509Certificate[] chain, String authType, Socket socket ) + throws CertificateException { + // Nothing to do + } + + @Override + public void checkServerTrusted( X509Certificate[] chain, String authType, SSLEngine engine ) + throws CertificateException { + // Nothing to do + } }; static final TrustManager[] X509_MANAGERS = new TrustManager[] { X509 }; public BogusTrustManagerFactory() { + // Do nothing } + /** + * {@inheritDoc} + */ @Override protected TrustManager[] engineGetTrustManagers() { return X509_MANAGERS; } + /** + * {@inheritDoc} + */ @Override protected void engineInit(KeyStore keystore) throws KeyStoreException { // noop } + /** + * {@inheritDoc} + */ @Override protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException { http://git-wip-us.apache.org/repos/asf/mina/blob/24d58b93/mina-example/src/main/java/org/apache/mina/example/tcp/perf/BogusSslContextFactory.java ---------------------------------------------------------------------- diff --git a/mina-example/src/main/java/org/apache/mina/example/tcp/perf/BogusSslContextFactory.java b/mina-example/src/main/java/org/apache/mina/example/tcp/perf/BogusSslContextFactory.java index 9b836c0..0d6ace2 100644 --- a/mina-example/src/main/java/org/apache/mina/example/tcp/perf/BogusSslContextFactory.java +++ b/mina-example/src/main/java/org/apache/mina/example/tcp/perf/BogusSslContextFactory.java @@ -38,13 +38,13 @@ public class BogusSslContextFactory { /** * Protocol to use. */ - private static final String PROTOCOL = "TLS"; + private static final String PROTOCOL = "TLSv1.2"; private static final String KEY_MANAGER_FACTORY_ALGORITHM; static { - String algorithm = Security - .getProperty("ssl.KeyManagerFactory.algorithm"); + String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); + if (algorithm == null) { algorithm = KeyManagerFactory.getDefaultAlgorithm(); } @@ -53,15 +53,15 @@ public class BogusSslContextFactory { } /** - * Bougus Server certificate keystore file name. + * Bogus Server certificate keystore file name. */ private static final String BOGUS_KEYSTORE = "bogus.cert"; // NOTE: The keystore was generated using keytool: - // keytool -genkey -alias bogus -keysize 512 -validity 3650 - // -keyalg RSA -dname "CN=bogus.com, OU=XXX CA, - // O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE" - // -keypass boguspw -storepass boguspw -keystore bogus.cert + // keytool -genkey -alias bogus -keysize 2048 -validity 3650 + // -keyalg RSA -dname "CN=bogus.com, OU=XXX CA, + // O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE" + // -keypass boguspw -storepass boguspw -keystore bogus.cert /** * Bougus keystore password. @@ -79,9 +79,9 @@ public class BogusSslContextFactory { * @return SSLContext The created SSLContext * @throws GeneralSecurityException If we had an issue creating the SSLContext */ - public static SSLContext getInstance(boolean server) - throws GeneralSecurityException { - SSLContext retInstance = null; + public static SSLContext getInstance(boolean server) throws GeneralSecurityException { + SSLContext retInstance; + if (server) { synchronized(BogusSslContextFactory.class) { if (serverInstance == null) { @@ -93,6 +93,7 @@ public class BogusSslContextFactory { } } } + retInstance = serverInstance; } else { synchronized (BogusSslContextFactory.class) { @@ -100,19 +101,20 @@ public class BogusSslContextFactory { clientInstance = createBougusClientSslContext(); } } + retInstance = clientInstance; } + return retInstance; } - private static SSLContext createBougusServerSslContext() - throws GeneralSecurityException, IOException { + private static SSLContext createBougusServerSslContext() throws GeneralSecurityException, IOException { // Create keystore KeyStore ks = KeyStore.getInstance("JKS"); InputStream in = null; + try { - in = BogusSslContextFactory.class - .getResourceAsStream(BOGUS_KEYSTORE); + in = BogusSslContextFactory.class.getResourceAsStream(BOGUS_KEYSTORE); ks.load(in, BOGUS_PW); } finally { if (in != null) { @@ -124,23 +126,20 @@ public class BogusSslContextFactory { } // Set up key manager factory to use our key store - KeyManagerFactory kmf = KeyManagerFactory - .getInstance(KEY_MANAGER_FACTORY_ALGORITHM); + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM); kmf.init(ks, BOGUS_PW); // Initialize the SSLContext to work with our key managers. SSLContext sslContext = SSLContext.getInstance(PROTOCOL); - sslContext.init(kmf.getKeyManagers(), - BogusTrustManagerFactory.X509_MANAGERS, null); + sslContext.init(kmf.getKeyManagers(), BogusTrustManagerFactory.X509_MANAGERS, null); return sslContext; } - private static SSLContext createBougusClientSslContext() - throws GeneralSecurityException { + private static SSLContext createBougusClientSslContext() throws GeneralSecurityException { SSLContext context = SSLContext.getInstance(PROTOCOL); context.init(null, BogusTrustManagerFactory.X509_MANAGERS, null); + return context; } - } http://git-wip-us.apache.org/repos/asf/mina/blob/24d58b93/mina-example/src/main/java/org/apache/mina/example/tcp/perf/BogusTrustManagerFactory.java ---------------------------------------------------------------------- diff --git a/mina-example/src/main/java/org/apache/mina/example/tcp/perf/BogusTrustManagerFactory.java b/mina-example/src/main/java/org/apache/mina/example/tcp/perf/BogusTrustManagerFactory.java index bcb3c82..ebfa049 100644 --- a/mina-example/src/main/java/org/apache/mina/example/tcp/perf/BogusTrustManagerFactory.java +++ b/mina-example/src/main/java/org/apache/mina/example/tcp/perf/BogusTrustManagerFactory.java @@ -19,6 +19,7 @@ */ package org.apache.mina.example.tcp.perf; +import java.net.Socket; import java.security.InvalidAlgorithmParameterException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -26,8 +27,10 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.ManagerFactoryParameters; +import javax.net.ssl.SSLEngine; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactorySpi; +import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; /** @@ -37,18 +40,46 @@ import javax.net.ssl.X509TrustManager; */ class BogusTrustManagerFactory extends TrustManagerFactorySpi { - static final X509TrustManager X509 = new X509TrustManager() { - public void checkClientTrusted(X509Certificate[] x509Certificates, - String s) throws CertificateException { + static final X509TrustManager X509 = new X509ExtendedTrustManager() { + + @Override + public void checkClientTrusted( X509Certificate[] chain, String authType ) throws CertificateException { + // Nothing to do } - public void checkServerTrusted(X509Certificate[] x509Certificates, - String s) throws CertificateException { + @Override + public void checkServerTrusted( X509Certificate[] chain, String authType ) throws CertificateException { + // Nothing to do } + @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } + + @Override + public void checkClientTrusted( X509Certificate[] chain, String authType, Socket socket ) + throws CertificateException { + // Nothing to do + } + + @Override + public void checkClientTrusted( X509Certificate[] chain, String authType, SSLEngine engine ) + throws CertificateException { + // Nothing to do + } + + @Override + public void checkServerTrusted( X509Certificate[] chain, String authType, Socket socket ) + throws CertificateException { + // Nothing to do + } + + @Override + public void checkServerTrusted( X509Certificate[] chain, String authType, SSLEngine engine ) + throws CertificateException { + // Nothing to do + } }; static final TrustManager[] X509_MANAGERS = new TrustManager[] { X509 }; http://git-wip-us.apache.org/repos/asf/mina/blob/24d58b93/mina-example/src/main/resources/org/apache/mina/example/echoserver/ssl/bogus.cert ---------------------------------------------------------------------- diff --git a/mina-example/src/main/resources/org/apache/mina/example/echoserver/ssl/bogus.cert b/mina-example/src/main/resources/org/apache/mina/example/echoserver/ssl/bogus.cert index d34502d..769c124 100644 Binary files a/mina-example/src/main/resources/org/apache/mina/example/echoserver/ssl/bogus.cert and b/mina-example/src/main/resources/org/apache/mina/example/echoserver/ssl/bogus.cert differ
