Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/sun/security/ssl/DHKeyExchange/DHEKeySizing.java
41152 views
1
/*

2
 * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
//

25
// SunJSSE does not support dynamic system properties, no way to re-use

26
// system properties in samevm/agentvm mode.

27
//

28


29
/*

30
 * @test

31
 * @bug 6956398

32
 * @summary make ephemeral DH key match the length of the certificate key

33
 * @run main/othervm -Djdk.tls.client.enableSessionTicketExtension=false

34
 *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1643 267

35
 * @run main/othervm -Djsse.enableFFDHE=false

36
 *      -Djdk.tls.client.enableSessionTicketExtension=false

37
 *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1259 75

38
 * @run main/othervm -Djsse.enableFFDHE=false

39
 *      -Djdk.tls.ephemeralDHKeySize=matched

40
 *      -Djdk.tls.client.enableSessionTicketExtension=false

41
 *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1259 75

42
 * @run main/othervm -Djsse.enableFFDHE=false

43
 *      -Djdk.tls.ephemeralDHKeySize=legacy

44
 *      -Djdk.tls.client.enableSessionTicketExtension=false

45
 *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1259 75

46
 * @run main/othervm -Djsse.enableFFDHE=false

47
 *      -Djdk.tls.ephemeralDHKeySize=1024

48
 *      -Djdk.tls.client.enableSessionTicketExtension=false

49
 *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1259 75

50
 *

51
 * @run main/othervm -Djsse.enableFFDHE=false

52
 *      -Djdk.tls.client.enableSessionTicketExtension=false

53
 *      DHEKeySizing SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA true 233 75

54
 *

55
 * @run main/othervm -Djsse.enableFFDHE=false

56
 *      -Djdk.tls.client.enableSessionTicketExtension=false

57
 *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1387 139

58
 * @run main/othervm -Djsse.enableFFDHE=false

59
 *      -Djdk.tls.ephemeralDHKeySize=legacy

60
 *      -Djdk.tls.client.enableSessionTicketExtension=false

61
 *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1323 107

62
 * @run main/othervm -Djsse.enableFFDHE=false

63
 *      -Djdk.tls.ephemeralDHKeySize=matched

64
 *      -Djdk.tls.client.enableSessionTicketExtension=false

65
 *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1643 267

66
 * @run main/othervm -Djsse.enableFFDHE=false

67
 *      -Djdk.tls.ephemeralDHKeySize=1024

68
 *      -Djdk.tls.client.enableSessionTicketExtension=false

69
 *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1387 139

70
 *

71
 * @run main/othervm -Djsse.enableFFDHE=false

72
 *      -Djdk.tls.client.enableSessionTicketExtension=false

73
 *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 361 139

74
 * @run main/othervm -Djsse.enableFFDHE=false

75
 *      -Djdk.tls.client.enableSessionTicketExtension=false

76
 *      -Djdk.tls.ephemeralDHKeySize=legacy

77
 *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 297 107

78
 * @run main/othervm -Djsse.enableFFDHE=false

79
 *      -Djdk.tls.client.enableSessionTicketExtension=false

80
 *      -Djdk.tls.ephemeralDHKeySize=matched

81
 *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 361 139

82
 * @run main/othervm -Djsse.enableFFDHE=false

83
 *      -Djdk.tls.client.enableSessionTicketExtension=false

84
 *      -Djdk.tls.ephemeralDHKeySize=1024

85
 *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 361 139

86
 */

87


88
/*

89
 * This is a simple hack to test key sizes of Diffie-Hellman key exchanging

90
 * during SSL/TLS handshaking.

91
 *

92
 * The record length of DH ServerKeyExchange and ClientKeyExchange.

93
 * ServerKeyExchange message are wrapped in ServerHello series messages, which

94
 * contains ServerHello, Certificate and ServerKeyExchange message.

95
 *

96
 *    struct {

97
 *        opaque dh_p<1..2^16-1>;

98
 *        opaque dh_g<1..2^16-1>;

99
 *        opaque dh_Ys<1..2^16-1>;

100
 *    } ServerDHParams;     // Ephemeral DH parameters

101
 *

102
 *    struct {

103
 *        select (PublicValueEncoding) {

104
 *            case implicit: struct { };

105
 *            case explicit: opaque dh_Yc<1..2^16-1>;

106
 *        } dh_public;

107
 *    } ClientDiffieHellmanPublic;

108
 *

109
 * Fomr above structures, it is clear that if the DH key size increasing 128

110
 * bits (16 bytes), the ServerHello series messages increases 48 bytes

111
 * (becuase dh_p, dh_g and dh_Ys each increase 16 bytes) and ClientKeyExchange

112
 * increases 16 bytes (because of the size increasing of dh_Yc).

113
 *

114
 * Here is a summary of the record length in the test case.

115
 *

116
 *            |  ServerHello Series  |  ClientKeyExchange | ServerHello Anon

117
 *   512-bit  |          1259 bytes  |           75 bytes |        233 bytes

118
 *   768-bit  |          1323 bytes  |          107 bytes |        297 bytes

119
 *  1024-bit  |          1387 bytes  |          139 bytes |        361 bytes

120
 *  2048-bit  |          1643 bytes  |          267 bytes |        361 bytes

121
 */

122


123
import javax.net.ssl.*;

124
import javax.net.ssl.SSLEngineResult.*;

125
import java.io.*;

126
import java.nio.*;

127
import java.security.KeyStore;

128
import java.security.KeyFactory;

129
import java.security.Security;

130
import java.security.cert.Certificate;

131
import java.security.cert.CertificateFactory;

132
import java.security.spec.PKCS8EncodedKeySpec;

133
import java.security.interfaces.*;

134
import java.util.Base64;

135


136
public class DHEKeySizing {

137


138
    private final static boolean debug = true;

139


140
    // key length bias because of the stripping of leading zero bytes of

141
    // negotiated DH keys.

142
    //

143
    // This is an effort to mimum intermittent failure when we cannot

144
    // estimate what's the exact number of leading zero bytes of

145
    // negotiated DH keys.

146
    private final static int KEY_LEN_BIAS = 6;

147


148
    private SSLContext sslc;

149
    private SSLEngine ssle1;    // client

150
    private SSLEngine ssle2;    // server

151


152
    private ByteBuffer appOut1;         // write side of ssle1

153
    private ByteBuffer appIn1;          // read side of ssle1

154
    private ByteBuffer appOut2;         // write side of ssle2

155
    private ByteBuffer appIn2;          // read side of ssle2

156


157
    private ByteBuffer oneToTwo;        // "reliable" transport ssle1->ssle2

158
    private ByteBuffer twoToOne;        // "reliable" transport ssle2->ssle1

159


160
    /*

161
     * Where do we find the keystores?

162
     */

163
    // Certificates and key used in the test.

164
    static String trustedCertStr =

165
        "-----BEGIN CERTIFICATE-----\n" +

166
        "MIIC8jCCAdqgAwIBAgIEUjkuRzANBgkqhkiG9w0BAQUFADA7MR0wGwYDVQQLExRT\n" +

167
        "dW5KU1NFIFRlc3QgU2VyaXZjZTENMAsGA1UEChMESmF2YTELMAkGA1UEBhMCVVMw\n" +

168
        "HhcNMTMwOTE4MDQzODMxWhcNMTMxMjE3MDQzODMxWjA7MR0wGwYDVQQLExRTdW5K\n" +

169
        "U1NFIFRlc3QgU2VyaXZjZTENMAsGA1UEChMESmF2YTELMAkGA1UEBhMCVVMwggEi\n" +

170
        "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCO+IGeaskJAvEcYc7pCl9neK3E\n" +

171
        "a28fwWLtChufYNaC9hQfZlUdETWYjV7fZJVJKT/oLzdDNMWuVA0LKXArpI3thLNK\n" +

172
        "QLXisdF9hKPlZRDazACL9kWUUtJ0FzpEySK4e8wW/z9FuU6e6iO19FbjxAfInJqk\n" +

173
        "3EDiEhB5g73S2vtvPCxgq2DvWw9TDl/LIqdKG2JCS93koXCCaHmQ7MrIOqHPd+8r\n" +

174
        "RbGpatXT9qyHKppUv9ATxVygO4rA794mgCFxpT+fkhz+NEB0twTkM65T1hnnOv5n\n" +

175
        "ZIxkcjBggt85UlZtnP3b9P7SYxsWIa46Oc38Od2f3YejfVg6B+PqPgWNl3+/AgMB\n" +

176
        "AAEwDQYJKoZIhvcNAQEFBQADggEBAAlrP6DFLRPSy0IgQhcI2i56tR/na8pezSte\n" +

177
        "ZHcCdaCZPDy4UP8mpLJ9QCjEB5VJv8hPm4xdK7ULnKGOGHgYqDpV2ZHvQlhV1woQ\n" +

178
        "TZGb/LM3c6kAs0j4j9KM2fq3iYUYexjIkS1KzsziflxMM6igS9BRMBR2LQyU+cYq\n" +

179
        "YEsFzkF7Aj2ET4v/+tgot9mRr2NioJcaJkdsPDpMU3IKB1cczfu+OuLQ/GCG0Fqu\n" +

180
        "6ijCeCqfnaAbemHbJeVZZ6Qgka3uC2YMntLBmLkhqEo1d9zGYLoh7oWL77y5ibQZ\n" +

181
        "LK5/H/zikcu579TWjlDHcqL3arCwBcrtsjSaPrRSWMrWV/6c0qw=\n" +

182
        "-----END CERTIFICATE-----";

183


184
    // Private key in the format of PKCS#8

185
    static String targetPrivateKey =

186
        "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCO+IGeaskJAvEc\n" +

187
        "Yc7pCl9neK3Ea28fwWLtChufYNaC9hQfZlUdETWYjV7fZJVJKT/oLzdDNMWuVA0L\n" +

188
        "KXArpI3thLNKQLXisdF9hKPlZRDazACL9kWUUtJ0FzpEySK4e8wW/z9FuU6e6iO1\n" +

189
        "9FbjxAfInJqk3EDiEhB5g73S2vtvPCxgq2DvWw9TDl/LIqdKG2JCS93koXCCaHmQ\n" +

190
        "7MrIOqHPd+8rRbGpatXT9qyHKppUv9ATxVygO4rA794mgCFxpT+fkhz+NEB0twTk\n" +

191
        "M65T1hnnOv5nZIxkcjBggt85UlZtnP3b9P7SYxsWIa46Oc38Od2f3YejfVg6B+Pq\n" +

192
        "PgWNl3+/AgMBAAECggEAPdb5Ycc4m4A9QBSCRcRpzbyiFLKPh0HDg1n65q4hOtYr\n" +

193
        "kAVYTVFTSF/lqGS+Ob3w2YIKujQKSUQrvCc5UHdFuHXMgxKIWbymK0+DAMb9SlYw\n" +

194
        "6lkkcWp9gx9E4dnJ/df2SAAxovvrKMuHlL1SFASHhVtPfH2URvSfUaANLDXxyYOs\n" +

195
        "8BX0Nr6wazhWjLjXo9yIGnKSvFfB8XisYcA78kEgas43zhmIGCDPqaYyyffOfRbx\n" +

196
        "pM1KNwGmlN86iWR1CbwA/wwhcMySWQueS+s7cHbpRqZIYJF9jEeELiwi0vxjealS\n" +

197
        "EMuHYedIRFMWaDIq9XyjrvXamHb0Z25jlXBNZHaM0QKBgQDE9adl+zAezR/n79vw\n" +

198
        "0XiX2Fx1UEo3ApZHuoA2Q/PcBk+rlKqqQ3IwTcy6Wo648wK7v6Nq7w5nEWcsf0dU\n" +

199
        "QA2Ng/AJEev/IfF34x7sKGYxtk1gcE0EuSBA3R+ocEZxnNw1Ryd5nUU24s8d4jCP\n" +

200
        "Mkothnyaim+zE2raDlEtVc0CaQKBgQC509av+02Uq5oMjzbQp5PBJfQFjATOQT15\n" +

201
        "eefYnVYurkQ1kcVfixkrO2ORhg4SjmI2Z5hJDgGtXdwgidpzkad+R2epS5qLMyno\n" +

202
        "lQVpY6bMpEZ7Mos0yQygxnm8uNohEcTExOe+nP5fNJVpzBsGmfeyYOhnPQlf6oqf\n" +

203
        "0cHizedb5wKBgQC/l5LyMil6HOGHlhzmIm3jj7VI7QR0hJC5T6N+phVml8ESUDjA\n" +

204
        "DYHbmSKouISTRtkG14FY+RiSjCxH7bvuKazFV2289PETquogTA/9e8MFYqfcQwG4\n" +

205
        "sXi9gBxWlnj/9a2EKiYtOB5nKLR/BlNkSHA93tAA6N+FXEMZwMmYhxk42QKBgAuY\n" +

206
        "HQgD3PZOsqDf+qKQIhbmAFCsSMx5o5VFtuJ8BpmJA/Z3ruHkMuDQpsi4nX4o5hXQ\n" +

207
        "5t6AAjjH52kcUMXvK40kdWJJtk3DFnVNfvXxYsHX6hHbuHXFqYUKfSP6QJnZmvZP\n" +

208
        "9smcz/4usLfWJUWHK740b6upUkFqx9Vq5/b3s9y3AoGAdM5TW7LkkOFsdMGVAUzR\n" +

209
        "9iXmCWElHTK2Pcp/3yqDBHSfiQx6Yp5ANyPnE9NBM0yauCfOyBB2oxLO4Rdv3Rqk\n" +

210
        "9V9kyR/YAGr7dJaPcQ7pZX0OpkzgueAOJYPrx5VUzPYUtklYV1ycFZTfKlpFCxT+\n" +

211
        "Ei6KUo0NXSdUIcB4yib1J10=";

212


213
    static char passphrase[] = "passphrase".toCharArray();

214


215
    /*

216
     * Majority of the test case is here, setup is done below.

217
     */

218


219
    private void createSSLEngines() throws Exception {

220
        ssle1 = sslc.createSSLEngine("client", 1);

221
        ssle1.setUseClientMode(true);

222


223
        ssle2 = sslc.createSSLEngine("server", 2);

224
        ssle2.setUseClientMode(false);

225
    }

226


227
    private boolean isHandshaking(SSLEngine e) {

228
        return (e.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING);

229
    }

230


231
    private void checkResult(ByteBuffer bbIn, ByteBuffer bbOut,

232
            SSLEngineResult result,

233
            Status status, HandshakeStatus hsStatus,

234
            int consumed, int produced)

235
            throws Exception {

236


237
        if ((status != null) && (result.getStatus() != status)) {

238
            throw new Exception("Unexpected Status: need = " + status +

239
                " got = " + result.getStatus());

240
        }

241


242
        if ((hsStatus != null) && (result.getHandshakeStatus() != hsStatus)) {

243
            throw new Exception("Unexpected hsStatus: need = " + hsStatus +

244
                " got = " + result.getHandshakeStatus());

245
        }

246


247
        if ((consumed != -1) && (consumed != result.bytesConsumed())) {

248
            throw new Exception("Unexpected consumed: need = " + consumed +

249
                " got = " + result.bytesConsumed());

250
        }

251


252
        if ((produced != -1) && (produced != result.bytesProduced())) {

253
            throw new Exception("Unexpected produced: need = " + produced +

254
                " got = " + result.bytesProduced());

255
        }

256


257
        if ((consumed != -1) && (bbIn.position() != result.bytesConsumed())) {

258
            throw new Exception("Consumed " + bbIn.position() +

259
                " != " + consumed);

260
        }

261


262
        if ((produced != -1) && (bbOut.position() != result.bytesProduced())) {

263
            throw new Exception("produced " + bbOut.position() +

264
                " != " + produced);

265
        }

266
    }

267


268
    private void test(String cipherSuite, boolean exportable,

269
            int lenServerKeyEx, int lenClientKeyEx) throws Exception {

270


271
        createSSLEngines();

272
        createBuffers();

273


274
        SSLEngineResult result1;        // ssle1's results from last operation

275
        SSLEngineResult result2;        // ssle2's results from last operation

276


277
        String[] suites = new String [] {cipherSuite};

278


279
        ssle1.setEnabledCipherSuites(suites);

280
        ssle2.setEnabledCipherSuites(suites);

281


282
        log("======================================");

283
        log("===================");

284
        log("client hello");

285
        result1 = ssle1.wrap(appOut1, oneToTwo);

286
        checkResult(appOut1, oneToTwo, result1,

287
            Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1);

288
        oneToTwo.flip();

289


290
        result2 = ssle2.unwrap(oneToTwo, appIn2);

291
        checkResult(oneToTwo, appIn2, result2,

292
            Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0);

293
        runDelegatedTasks(ssle2);

294
        oneToTwo.compact();

295


296
        log("===================");

297
        log("ServerHello");

298
        result2 = ssle2.wrap(appOut2, twoToOne);

299
        checkResult(appOut2, twoToOne, result2,

300
            Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1);

301
        twoToOne.flip();

302


303
        log("Message length of ServerHello series: " + twoToOne.remaining());

304
        if (twoToOne.remaining() < (lenServerKeyEx - KEY_LEN_BIAS) ||

305
                twoToOne.remaining() > lenServerKeyEx) {

306
            throw new Exception(

307
                "Expected to generate ServerHello series messages of " +

308
                lenServerKeyEx + " bytes, but not " + twoToOne.remaining());

309
        }

310


311
        result1 = ssle1.unwrap(twoToOne, appIn1);

312
        checkResult(twoToOne, appIn1, result1,

313
            Status.OK, HandshakeStatus.NEED_TASK, result2.bytesProduced(), 0);

314
        runDelegatedTasks(ssle1);

315
        twoToOne.compact();

316


317
        log("===================");

318
        log("Key Exchange");

319
        result1 = ssle1.wrap(appOut1, oneToTwo);

320
        checkResult(appOut1, oneToTwo, result1,

321
            Status.OK, HandshakeStatus.NEED_WRAP, 0, -1);

322
        oneToTwo.flip();

323


324
        log("Message length of ClientKeyExchange: " + oneToTwo.remaining());

325
        if (oneToTwo.remaining() < (lenClientKeyEx - KEY_LEN_BIAS) ||

326
                oneToTwo.remaining() > lenClientKeyEx) {

327
            throw new Exception(

328
                "Expected to generate ClientKeyExchange message of " +

329
                lenClientKeyEx + " bytes, but not " + oneToTwo.remaining());

330
        }

331
        result2 = ssle2.unwrap(oneToTwo, appIn2);

332
        checkResult(oneToTwo, appIn2, result2,

333
            Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0);

334
        runDelegatedTasks(ssle2);

335
        oneToTwo.compact();

336


337
        log("===================");

338
        log("Client CCS");

339
        result1 = ssle1.wrap(appOut1, oneToTwo);

340
        checkResult(appOut1, oneToTwo, result1,

341
            Status.OK, HandshakeStatus.NEED_WRAP, 0, -1);

342
        oneToTwo.flip();

343


344
        result2 = ssle2.unwrap(oneToTwo, appIn2);

345
        checkResult(oneToTwo, appIn2, result2,

346
            Status.OK, HandshakeStatus.NEED_UNWRAP,

347
            result1.bytesProduced(), 0);

348
        oneToTwo.compact();

349


350
        log("===================");

351
        log("Client Finished");

352
        result1 = ssle1.wrap(appOut1, oneToTwo);

353
        checkResult(appOut1, oneToTwo, result1,

354
            Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1);

355
        oneToTwo.flip();

356


357
        result2 = ssle2.unwrap(oneToTwo, appIn2);

358
        checkResult(oneToTwo, appIn2, result2,

359
            Status.OK, HandshakeStatus.NEED_WRAP,

360
            result1.bytesProduced(), 0);

361
        oneToTwo.compact();

362


363
        log("===================");

364
        log("Server CCS");

365
        result2 = ssle2.wrap(appOut2, twoToOne);

366
        checkResult(appOut2, twoToOne, result2,

367
            Status.OK, HandshakeStatus.NEED_WRAP, 0, -1);

368
        twoToOne.flip();

369


370
        result1 = ssle1.unwrap(twoToOne, appIn1);

371
        checkResult(twoToOne, appIn1, result1,

372
            Status.OK, HandshakeStatus.NEED_UNWRAP, result2.bytesProduced(), 0);

373
        twoToOne.compact();

374


375
        log("===================");

376
        log("Server Finished");

377
        result2 = ssle2.wrap(appOut2, twoToOne);

378
        checkResult(appOut2, twoToOne, result2,

379
            Status.OK, HandshakeStatus.FINISHED, 0, -1);

380
        twoToOne.flip();

381


382
        result1 = ssle1.unwrap(twoToOne, appIn1);

383
        checkResult(twoToOne, appIn1, result1,

384
            Status.OK, HandshakeStatus.FINISHED, result2.bytesProduced(), 0);

385
        twoToOne.compact();

386


387
        log("===================");

388
        log("Check Session/Ciphers");

389
        String cs = ssle1.getSession().getCipherSuite();

390
        if (!cs.equals(suites[0])) {

391
            throw new Exception("suites not equal: " + cs + "/" + suites[0]);

392
        }

393


394
        cs = ssle2.getSession().getCipherSuite();

395
        if (!cs.equals(suites[0])) {

396
            throw new Exception("suites not equal: " + cs + "/" + suites[0]);

397
        }

398


399
        log("===================");

400
        log("Done with SSL/TLS handshaking");

401
    }

402


403
    public static void main(String args[]) throws Exception {

404
        // reset security properties to make sure that the algorithms

405
        // and keys used in this test are not disabled.

406
        Security.setProperty("jdk.tls.disabledAlgorithms", "");

407
        Security.setProperty("jdk.certpath.disabledAlgorithms", "");

408


409
        if (args.length != 4) {

410
            System.out.println(

411
                "Usage: java DHEKeySizing cipher-suite " +

412
                "exportable(true|false)\n" +

413
                "    size-of-server-hello-record size-of-client-key-exchange");

414
            throw new Exception("Incorrect usage!");

415
        }

416


417
        (new DHEKeySizing()).test(args[0],

418
                Boolean.parseBoolean(args[1]),

419
                Integer.parseInt(args[2]),

420
                Integer.parseInt(args[3]));

421
        System.out.println("Test Passed.");

422
    }

423


424
    /*

425
     * **********************************************************

426
     * Majority of the test case is above, below is just setup stuff

427
     * **********************************************************

428
     */

429


430
    public DHEKeySizing() throws Exception {

431
        sslc = getSSLContext();

432
    }

433


434
    /*

435
     * Create an initialized SSLContext to use for this test.

436
     */

437
    private SSLContext getSSLContext() throws Exception {

438


439
        // generate certificate from cert string

440
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

441


442
        // create a key store

443
        KeyStore ts = KeyStore.getInstance("JKS");

444
        KeyStore ks = KeyStore.getInstance("JKS");

445
        ts.load(null, null);

446
        ks.load(null, null);

447


448
        // import the trused cert

449
        ByteArrayInputStream is =

450
                    new ByteArrayInputStream(trustedCertStr.getBytes());

451
        Certificate trusedCert = cf.generateCertificate(is);

452
        is.close();

453
        ts.setCertificateEntry("rsa-trusted-2048", trusedCert);

454


455
        // generate the private key.

456
        String keySpecStr = targetPrivateKey;

457
        PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(

458
                            Base64.getMimeDecoder().decode(keySpecStr));

459
        KeyFactory kf = KeyFactory.getInstance("RSA");

460
        RSAPrivateKey priKey = (RSAPrivateKey)kf.generatePrivate(priKeySpec);

461


462
        Certificate[] chain = new Certificate[1];

463
        chain[0] = trusedCert;

464


465
        // import the key entry.

466
        ks.setKeyEntry("rsa-key-2048", priKey, passphrase, chain);

467


468
        // create SSL context

469
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

470
        kmf.init(ks, passphrase);

471


472
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");

473
        tmf.init(ts);

474


475
        SSLContext sslCtx = SSLContext.getInstance("TLSv1");

476
        sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

477


478
        return sslCtx;

479
    }

480


481
    private void createBuffers() {

482
        // Size the buffers as appropriate.

483


484
        SSLSession session = ssle1.getSession();

485
        int appBufferMax = session.getApplicationBufferSize();

486
        int netBufferMax = session.getPacketBufferSize();

487


488
        appIn1 = ByteBuffer.allocateDirect(appBufferMax + 50);

489
        appIn2 = ByteBuffer.allocateDirect(appBufferMax + 50);

490


491
        oneToTwo = ByteBuffer.allocateDirect(netBufferMax);

492
        twoToOne = ByteBuffer.allocateDirect(netBufferMax);

493


494
        appOut1 = ByteBuffer.wrap("Hi Engine2, I'm SSLEngine1".getBytes());

495
        appOut2 = ByteBuffer.wrap("Hello Engine1, I'm SSLEngine2".getBytes());

496


497
        log("AppOut1 = " + appOut1);

498
        log("AppOut2 = " + appOut2);

499
        log("");

500
    }

501


502
    private static void runDelegatedTasks(SSLEngine engine) throws Exception {

503


504
        Runnable runnable;

505
        while ((runnable = engine.getDelegatedTask()) != null) {

506
            log("running delegated task...");

507
            runnable.run();

508
        }

509
    }

510


511
    private static void log(String str) {

512
        if (debug) {

513
            System.out.println(str);

514
        }

515
    }

516
}

517


518