| Vinay Vishal | 5717147 | 2018-09-18 20:22:00 +0530 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved. |
| 3 | * |
| 4 | * This program and the accompanying materials are made available under the |
| 5 | * terms of the Eclipse Public License v. 2.0, which is available at |
| 6 | * http://www.eclipse.org/legal/epl-2.0. |
| 7 | * |
| 8 | * This Source Code may also be made available under the following Secondary |
| 9 | * Licenses when the conditions for such availability set forth in the |
| 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, |
| 11 | * version 2 with the GNU Classpath Exception, which is available at |
| 12 | * https://www.gnu.org/software/classpath/license.html. |
| 13 | * |
| 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 |
| 15 | */ |
| 16 | |
| 17 | package devtests.security; |
| 18 | |
| 19 | import java.io.*; |
| 20 | import java.security.*; |
| 21 | import java.net.*; |
| 22 | import javax.net.ssl.*; |
| 23 | import com.sun.ejte.ccl.reporter.*; |
| 24 | |
| 25 | /* |
| 26 | This is the standalone client java program to access AS web app |
| 27 | which has <security-constraint> protected by (in its web.xml) |
| 28 | <login-config> |
| 29 | <auth-method>CLIENT-CERT</auth-method> |
| 30 | <realm-name>default</realm-name> |
| 31 | </login-config> |
| 32 | */ |
| 33 | public class WebSSLClient { |
| 34 | |
| 35 | private static final String TEST_NAME |
| 36 | = "security-web-mutual-ssl"; |
| 37 | |
| 38 | private static final String EXPECTED_RESPONSE |
| 39 | = "[Ljava.security.cert.X509Certificate;"; |
| 40 | |
| 41 | private static SimpleReporterAdapter stat |
| 42 | = new SimpleReporterAdapter("appserv-tests"); |
| 43 | |
| 44 | |
| 45 | public static void main(String args[]) throws Exception{ |
| 46 | |
| 47 | String host = args[0]; |
| 48 | String port = args[1]; |
| 49 | String contextRoot = args[2]; |
| 50 | String keyStorePath = args[3]; |
| 51 | String trustStorePath = args[4]; |
| 52 | String sslPassword = args[5]; |
| 53 | |
| 54 | System.out.println("host/port=" + host + "/" + port); |
| 55 | |
| 56 | try { |
| 57 | stat.addDescription(TEST_NAME); |
| 58 | SSLSocketFactory ssf = getSSLSocketFactory(sslPassword, |
| 59 | keyStorePath, |
| 60 | trustStorePath); |
| 61 | HttpsURLConnection connection = connect("https://" + host + ":" |
| 62 | + port + contextRoot |
| 63 | + "/TestClientCert", |
| 64 | ssf); |
| 65 | |
| 66 | parseResponse(connection); |
| 67 | |
| 68 | } catch (Throwable t) { |
| 69 | stat.addStatus(TEST_NAME, stat.FAIL); |
| 70 | t.printStackTrace(); |
| 71 | } |
| 72 | stat.printSummary(TEST_NAME); |
| 73 | } |
| 74 | |
| 75 | |
| 76 | private static void parseResponse(HttpsURLConnection connection) |
| 77 | throws Exception { |
| 78 | |
| 79 | BufferedReader in = null; |
| 80 | |
| 81 | try { |
| 82 | in = new BufferedReader(new InputStreamReader( |
| 83 | connection.getInputStream())); |
| 84 | |
| 85 | String line = null; |
| 86 | while ((line = in.readLine()) != null) { |
| 87 | if (EXPECTED_RESPONSE.equals(line)) { |
| 88 | stat.addStatus(TEST_NAME, stat.PASS); |
| 89 | break; |
| 90 | } |
| 91 | } |
| 92 | |
| 93 | if (line == null) { |
| 94 | System.err.println("Wrong response. Expected: " |
| 95 | + EXPECTED_RESPONSE |
| 96 | + ", received: " + line); |
| 97 | stat.addStatus(TEST_NAME, stat.FAIL); |
| 98 | } |
| 99 | } finally { |
| 100 | if (in != null) { |
| 101 | in.close(); |
| 102 | } |
| 103 | } |
| 104 | } |
| 105 | |
| 106 | |
| 107 | private static SSLSocketFactory getSSLSocketFactory(String sslPassword, |
| 108 | String keyStorePath, |
| 109 | String trustStorePath) |
| 110 | throws Exception { |
| 111 | |
| 112 | SSLContext ctx = SSLContext.getInstance("TLS"); |
| 113 | |
| 114 | // Keystore |
| 115 | KeyStore ks = KeyStore.getInstance("JKS"); |
| 116 | char[] passphrase = sslPassword.toCharArray(); |
| 117 | ks.load(new FileInputStream(keyStorePath), passphrase); |
| 118 | KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); |
| 119 | kmf.init(ks, passphrase); |
| 120 | |
| 121 | // Truststore |
| 122 | KeyStore trustStore = KeyStore.getInstance("JKS"); |
| 123 | trustStore.load(new FileInputStream(trustStorePath), null); |
| 124 | TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); |
| 125 | tmf.init(trustStore); |
| 126 | |
| 127 | ctx.init(kmf.getKeyManagers(),tmf.getTrustManagers(), null); |
| 128 | |
| 129 | return ctx.getSocketFactory(); |
| 130 | } |
| 131 | |
| 132 | |
| 133 | private static HttpsURLConnection connect(String urlAddress, |
| 134 | SSLSocketFactory ssf) |
| 135 | throws Exception { |
| 136 | |
| 137 | URL url = new URL(urlAddress); |
| 138 | HttpsURLConnection.setDefaultSSLSocketFactory(ssf); |
| 139 | HttpsURLConnection connection = (HttpsURLConnection) |
| 140 | url.openConnection(); |
| 141 | |
| 142 | connection.setHostnameVerifier( |
| 143 | new HostnameVerifier() { |
| 144 | public boolean verify(String rserver, SSLSession sses) { |
| 145 | return true; |
| 146 | } |
| 147 | }); |
| 148 | |
| 149 | connection.setDoOutput(true); |
| 150 | |
| 151 | return connection; |
| 152 | } |
| 153 | } |
