diff --git a/security/jss/org/mozilla/jss/tests/ClassServer.java b/security/jss/org/mozilla/jss/tests/ClassServer.java
new file mode 100755
index 00000000000..95519e65663
--- /dev/null
+++ b/security/jss/org/mozilla/jss/tests/ClassServer.java
@@ -0,0 +1,138 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Netscape Security Services for Java.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2002
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+package org.mozilla.jss.tests;
+
+import java.io.*;
+import java.net.*;
+import java.util.Vector;
+import javax.net.*;
+
+/*
+ * ClassServer.java -- JSSE_SSLServer implements this
+ * class.
+ */
+public abstract class ClassServer implements Runnable {
+
+ private ServerSocket server = null;
+ private Vector supportedCiphers = new Vector();
+
+ /**
+ * Constructs a ClassServer based on ss
+ */
+ protected ClassServer(ServerSocket ss) {
+ server = ss;
+ newListener();
+ }
+
+ /**
+ * The "listen" thread that accepts a connection to the
+ * server, parses the header to obtain the file name
+ * and sends back the bytes for the file (or error
+ * if the file is not found or the response was malformed).
+ */
+ public void run() {
+ Socket socket = null;
+ boolean socketListenStatus = true;
+
+ // accept a connection
+ while ( socketListenStatus ) {
+ try {
+ socket = server.accept();
+ } catch (Exception ex) {
+ System.exit(1);
+ }
+
+ newListener();
+
+ //try to read some bytes, to allow the handshake to go through
+ try {
+ InputStream is = socket.getInputStream();
+ BufferedReader bir = new BufferedReader(
+ new InputStreamReader(is));
+ String socketData = bir.readLine();
+ if ( socketData.equals("null") )
+ socketListenStatus = false;
+ else if ( socketData != null )
+ supportedCiphers.add(socketData);
+ socket.close();
+ } catch(EOFException e) {
+ } catch(IOException ex) {
+ } catch(NullPointerException npe) {
+ socketListenStatus = false;
+ }
+ }
+
+ try {
+ server.close();
+ } catch (Exception ex) {
+ System.exit(1);
+ }
+
+ System.out.println("Server exiting");
+ System.out.println("-------------------------------------------" +
+ "-------------");
+ System.out.println("Summary of JSS client to JSSE server " +
+ "communication test :");
+ System.out.println("-------------------------------------------" +
+ "-------------");
+ for ( int i=0; i= 3 ) {
+ System.out.println(
+ "SessionId "+ event.getSession() +
+ " Test Status : PASS");
+ System.out.flush();
+ }
+ setHandshakeCompleted();
+ }
+ }
+ );
+ } catch (Exception handshakeEx) {
+ return null;
+ }
+
+ /*
+ * send http request
+ *
+ * See SSLSocketClient.java for more information about why
+ * there is a forced handshake here when using PrintWriters.
+ */
+ String [] Ciphers = {cipherName};
+ socket.setEnabledCipherSuites(Ciphers);
+ socket.setSoTimeout(0);
+ socket.startHandshake();
+
+ PrintWriter out = new PrintWriter(
+ new BufferedWriter(
+ new OutputStreamWriter(
+ socket.getOutputStream())));
+ //writeThread wthread = new writeThread(out);
+ //wthread.start();
+
+ //out.println("GET " + path + " HTTP/1.0");
+ out.println(EOF);
+ out.flush();
+
+ /*
+ * Make sure there were no surprises
+ */
+ if (out.checkError())
+ System.out.println("SSLSocketClient: " +
+ "java.io.PrintWriter error");
+
+ /* read response */
+ BufferedReader in = new BufferedReader(
+ new InputStreamReader(
+ socket.getInputStream()));
+
+ //readThread rthread = new readThread(in);
+ //rthread.start();
+
+ String inputLine;
+
+ while ((inputLine = in.readLine()) != null)
+ System.out.println(inputLine);
+
+ //System.out.println("Shutdown the input stream ...");
+ //socket.shutdownInput();
+ in.close();
+ out.close();
+ socket.close();
+ } catch (Exception e) {
+ setHandshakeCompleted();
+ return e.getMessage();
+ }
+
+ return "success";
+ }
+
+ /**
+ * Tell our tunnel where we want to CONNECT, and look for the
+ * right reply. Throw IOException if anything goes wrong.
+ * @param Socket tunneling socket
+ * @param String hostname
+ * @param int portnumber
+ */
+ private void doTunnelHandshake(Socket tunnel, String host, int port)
+ throws IOException {
+ OutputStream out = tunnel.getOutputStream();
+ String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
+ + "User-Agent: "
+ + sun.net.www.protocol.http.HttpURLConnection.userAgent
+ + "\r\n\r\n";
+ byte b[];
+ try {
+ /*
+ * We really do want ASCII7 -- the http protocol doesn't change
+ * with locale.
+ */
+ b = msg.getBytes("ASCII7");
+ } catch (UnsupportedEncodingException ignored) {
+ /*
+ * If ASCII7 isn't there, something serious is wrong, but
+ * Paranoia Is Good (tm)
+ */
+ b = msg.getBytes();
+ }
+ out.write(b);
+ out.flush();
+
+ /*
+ * We need to store the reply so we can create a detailed
+ * error message to the user.
+ */
+ byte reply[] = new byte[200];
+ int replyLen = 0;
+ int newlinesSeen = 0;
+ boolean headerDone = false; /* Done on first newline */
+
+ InputStream in = tunnel.getInputStream();
+ boolean error = false;
+
+ while (newlinesSeen < 2) {
+ int i = in.read();
+ if (i < 0) {
+ throw new IOException("Unexpected EOF from proxy");
+ }
+ if (i == '\n') {
+ headerDone = true;
+ ++newlinesSeen;
+ } else if (i != '\r') {
+ newlinesSeen = 0;
+ if (!headerDone && replyLen < reply.length) {
+ reply[replyLen++] = (byte) i;
+ }
+ }
+ }
+
+ /*
+ * Converting the byte array to a string is slightly wasteful
+ * in the case where the connection was successful, but it's
+ * insignificant compared to the network overhead.
+ */
+ String replyStr;
+ try {
+ replyStr = new String(reply, 0, replyLen, "ASCII7");
+ } catch (UnsupportedEncodingException ignored) {
+ replyStr = new String(reply, 0, replyLen);
+ }
+
+ /* We asked for HTTP/1.0, so we should get that back */
+ if (!replyStr.startsWith("HTTP/1.0 200")) {
+ throw new IOException("Unable to tunnel through "
+ + tunnelHost + ":" + tunnelPort
+ + ". Proxy returns \"" + replyStr + "\"");
+ }
+
+ /* tunneling Handshake was successful! */
+ }
+
+ /**
+ * Main method for local unit testing.
+ */
+ public static void main(String [] args) {
+
+ String testCipher = null;
+ String testHost = "localhost";
+ int testPort = 29750;
+
+ try {
+ if ( args.length >= 1 ) {
+ testCipher = (String)args[0];
+ testHost = (String)args[1];
+ testPort = new Integer(args[2]).intValue();
+ }
+ } catch (Exception e) { }
+
+
+ String javaVersion = System.getProperty("java.version");
+ String lastCipher = null;
+ System.out.println("\nUsing java version " + javaVersion + "\n");
+ JSSE_SSLClient sslSock =
+ new JSSE_SSLClient();
+ sslSock.setHost(testHost);
+ sslSock.setPort(testPort);
+
+ if ( javaVersion.indexOf("1.4") == -1 ) {
+ // Validate Ciphers supported for TLS
+ System.out.println("Testing TLS Cipher list ...");
+ sslSock = new JSSE_SSLClient();
+ sslSock.setSslRevision("TLS");
+ sslSock.setHost(testHost);
+ sslSock.setPort(testPort);
+
+ if ( testCipher != null ) {
+ sslSock.setCipherSuite(testCipher);
+ sslSock.setEOF(testCipher);
+ String errStr = sslSock.validateConnection();
+ while (!sslSock.isHandshakeCompleted()) {
+ //Do nothing
+ }
+ sslSock.clearHandshakeCompleted();
+ } else {
+ for(int i=0; i
+ * java JSSE_SSLServer
+ *
+ *
+ * new JSSE_SSLServer(port);
+ *
+ */
+ public static void main(String args[]) {
+ if ( args.length <= 1 ) {
+ System.out.println(
+ "USAGE: java JSSE_SSLServer port [TLS | SSLv3 [true]]");
+ System.out.println("");
+ System.out.println(
+ "If the second argument is TLS, it will start as a\n" +
+ "TLS server, otherwise, it will be started in SSLv3 mode." +
+ "\nIf the third argument is true,it will require\n" +
+ "client authentication as well.");
+ System.exit(0);
+ }
+
+ int port = DefaultServerPort;
+ String type = "SSLv3";
+
+ if (args.length >= 2) {
+ port = Integer.parseInt(args[0]);
+ type = args[1];
+ }
+
+ try {
+ SSLServerSocketFactory ssf =
+ JSSE_SSLServer.getServerSocketFactory(type);
+ SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket(port);
+
+ // Based on J2SE version, enable appropriate ciphers
+ if ( (System.getProperty("java.version")).indexOf("1.4") != -1 ) {
+ System.out.println("*** Using J2SE 1.4.x ***");
+ ss.setEnabledCipherSuites(Constants.sslciphersarray_jdk142);
+ } else {
+ System.out.println("*** Using J2SE 1.5.x ***");
+ ss.setEnabledCipherSuites(Constants.sslciphersarray_jdk150);
+ }
+
+ if (args.length >= 3 && args[2].equals("true")) {
+ ((SSLServerSocket)ss).setNeedClientAuth(true);
+ }
+ new JSSE_SSLServer(ss);
+ } catch (IOException e) {
+ System.out.println("Unable to start ClassServer: " +
+ e.getMessage());
+ e.printStackTrace();
+ System.exit(1);
+ }
+ }
+
+ static SSLServerSocketFactory getServerSocketFactory(String type) {
+
+ // set up key manager to do server authentication
+ SSLContext ctx = null;
+ KeyManagerFactory kmf = null;
+ KeyStore ks = null;
+ char[] passphrase = "netscape".toCharArray();
+ SSLServerSocketFactory ssf = null;
+
+ // trust manager that trusts all cetificates
+ TrustManager[] trustAllCerts = new TrustManager[]{
+ new X509TrustManager() {
+ public boolean checkClientTrusted(
+ java.security.cert.X509Certificate[] chain){
+ return true;
+ }
+ public boolean isServerTrusted(
+ java.security.cert.X509Certificate[] chain){
+ return true;
+ }
+ public boolean isClientTrusted(
+ java.security.cert.X509Certificate[] chain){
+ return true;
+ }
+ public java.security.cert.X509Certificate[]
+ getAcceptedIssuers() {
+ return null;
+ }
+ public void checkClientTrusted(
+ java.security.cert.X509Certificate[] chain,
+ String authType) {}
+ public void checkServerTrusted(
+ java.security.cert.X509Certificate[] chain,
+ String authType) {}
+ }
+ };
+
+ if (type.equals("TLS")) {
+ try {
+ ctx = SSLContext.getInstance("TLS");
+ kmf = KeyManagerFactory.getInstance("SunX509");
+ ks = KeyStore.getInstance("PKCS12");
+
+ ks.load(new FileInputStream("keystore.pfx"), passphrase);
+ kmf.init(ks, passphrase);
+ ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
+
+ ssf = ctx.getServerSocketFactory();
+ return ssf;
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.exit(1);
+ }
+ } else if (type.equals("SSLv3")) {
+ try {
+ ctx = SSLContext.getInstance("SSLv3");
+ kmf = KeyManagerFactory.getInstance("SunX509");
+ ks = KeyStore.getInstance("PKCS12");
+
+ ks.load(new FileInputStream("keystore.pfx"), passphrase);
+ kmf.init(ks, passphrase);
+ ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
+
+ ssf = ctx.getServerSocketFactory();
+ return ssf;
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.exit(1);
+ }
+ }
+ return null;
+ }
+}
diff --git a/security/jss/org/mozilla/jss/tests/JSS_SSLClient.java b/security/jss/org/mozilla/jss/tests/JSS_SSLClient.java
new file mode 100755
index 00000000000..32382751318
--- /dev/null
+++ b/security/jss/org/mozilla/jss/tests/JSS_SSLClient.java
@@ -0,0 +1,398 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Netscape Security Services for Java.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2002
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+package org.mozilla.jss.tests;
+
+import org.mozilla.jss.ssl.*;
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.crypto.*;
+import org.mozilla.jss.asn1.*;
+import org.mozilla.jss.pkix.primitive.*;
+import org.mozilla.jss.pkix.cert.*;
+import org.mozilla.jss.pkix.cert.Certificate;
+import org.mozilla.jss.util.PasswordCallback;
+
+import java.util.Calendar;
+import java.util.Date;
+import java.security.*;
+import java.security.PrivateKey;
+import java.net.*;
+import java.io.*;
+
+public class JSS_SSLClient {
+
+ private String clientCertNick = null;
+ private String serverHost = null;
+ private boolean TestCertCallBack = false;
+ private boolean success = true;
+ private int fCipher = -1;
+ private int port = 29753;
+ private String EOF = "test";
+ private boolean handshakeCompleted = false;
+
+ private CryptoManager cm = null;
+ private CryptoToken tok = null;
+ private PasswordCallback cb = null;
+ private String fPasswordFile = "passwords";
+ private String fCertDbPath = ".";
+
+ private static String usage = "USAGE: java JSS_SSLClient " +
+ " ";
+
+ /**
+ * Default Constructor, do not use.
+ */
+ public JSS_SSLClient() {
+ try {
+ CryptoManager.initialize(fCertDbPath);
+ cm = CryptoManager.getInstance();
+ tok = cm.getInternalKeyStorageToken();
+ cb = new FilePasswordCallback(fPasswordFile);
+ tok.login(cb);
+ } catch (Exception e) {
+ }
+ }
+
+ /**
+ * Initialize the desired cipher to be set
+ * on the socket.
+ * @param int Cipher
+ */
+ public void setCipher(int aCipher) {
+ fCipher = aCipher;
+ }
+
+ /**
+ * Initialize the hostname to run the server
+ * @param String ServerName
+ */
+ public void setHostName(String aHostName) {
+ serverHost = aHostName;
+ }
+
+ /**
+ * Initialize the port to run the server
+ * @param int port
+ */
+ public void setPort(int aPort) {
+ port = aPort;
+ }
+
+ /**
+ * Initialize the passwords file name
+ * @param String passwords
+ */
+ public void setPasswordFile(String aPasswordFile) {
+ fPasswordFile = aPasswordFile;
+ }
+
+ /**
+ * Initialize the cert db path name
+ * @param String CertDbPath
+ */
+ public void setCertDbPath(String aCertDbPath) {
+ fCertDbPath = aCertDbPath;
+ }
+
+ /**
+ * Enable/disable Test Cert Callback.
+ * @param boolean
+ */
+ public void setTestCertCallback(boolean aTestCertCallback) {
+ TestCertCallBack = aTestCertCallback;
+ }
+
+ /**
+ * Set client certificate
+ * @param String Certificate Nick Name
+ */
+ public void setClientCertNick(String aClientCertNick) {
+ clientCertNick = aClientCertNick;
+ }
+
+ /**
+ * Return true if handshake is completed
+ * else return false;
+ * @return boolean handshake status
+ */
+ public boolean isHandshakeCompleted() {
+ return this.handshakeCompleted;
+ }
+
+ /**
+ * Set handshakeCompleted flag to indicate
+ * that the socket handshake is coplete.
+ */
+ public void setHandshakeCompleted() {
+ this.handshakeCompleted = true;
+ }
+
+ /**
+ * Clear handshakeCompleted flag to indicate
+ * that the system is now ready for another
+ * socket connection.
+ */
+ public void clearHandshakeCompleted() {
+ this.handshakeCompleted = false;
+ }
+
+ /**
+ * Set EOF for closinng server socket
+ * @param null for closing server socket
+ */
+ public void setEOF(String fEof) {
+ this.EOF = fEof;
+ }
+
+ /**
+ * Initialize and create a socket connection to
+ * SSLServer using the set parameters.
+ */
+ public void doIt() throws Exception {
+
+ // connect to the server
+ if ( Constants.debug_level >= 3 )
+ System.out.println("client about to connect...");
+
+ String hostAddr =
+ InetAddress.getByName(serverHost).getHostAddress();
+
+ if ( Constants.debug_level >= 3 )
+ System.out.println("the host " + serverHost +
+ " and the address " + hostAddr);
+
+ SSLCertificateApprovalCallback approvalCallback =
+ new TestCertApprovalCallback();
+ SSLClientCertificateSelectionCallback certSelectionCallback =
+ new TestClientCertificateSelectionCallback();
+
+ SSLSocket sock = null;
+
+ if (TestCertCallBack) {
+ if ( Constants.debug_level >= 3 )
+ System.out.println("calling approvalCallBack");
+ sock = new SSLSocket(InetAddress.getByName(hostAddr),
+ port,
+ null,
+ 0,
+ new TestCertApprovalCallback(),
+ null);
+ } else {
+ if ( Constants.debug_level >= 3 )
+ System.out.println("NOT calling approvalCallBack");
+ sock = new SSLSocket(InetAddress.getByName(hostAddr),
+ port);
+ }
+
+ if ( Constants.debug_level >= 3 )
+ System.out.println("clientCertNick=" + clientCertNick);
+ sock.setClientCertNickname(clientCertNick);
+ if ( fCipher != -1 ) {
+ sock.setCipherPreference(fCipher, true);
+ }
+ if ( Constants.debug_level >= 3 ) {
+ System.out.println("Client specified cert by nickname");
+ System.out.println("client connected");
+ }
+
+ sock.addHandshakeCompletedListener(
+ new HandshakeListener("client",this));
+
+ // force the handshake
+ sock.forceHandshake();
+ if ( Constants.debug_level >= 3 )
+ System.out.println("client forced handshake");
+
+ PrintWriter out = new PrintWriter(
+ new BufferedWriter(
+ new OutputStreamWriter(sock.getOutputStream())));
+ out.println(EOF);
+ out.flush();
+
+ /*
+ * Make sure there were no surprises
+ */
+ if (out.checkError())
+ System.out.println("SSLSocketClient: java.io.PrintWriter error");
+ sock.close();
+ }
+
+ /**
+ * SSL Handshake Listeren implementation.
+ */
+ public class HandshakeListener
+ implements SSLHandshakeCompletedListener {
+ private String who;
+ private JSS_SSLClient boss;
+ public HandshakeListener(String who, JSS_SSLClient boss) {
+ this.who = who;
+ this.boss = boss;
+ }
+ public void handshakeCompleted(SSLHandshakeCompletedEvent event) {
+ try {
+ String mesg = who + " got a completed handshake ";
+ SSLSecurityStatus status = event.getStatus();
+ if( status.isSecurityOn() ) {
+ mesg += "(security is ON)";
+ } else {
+ mesg += "(security is OFF)";
+ }
+ if ( Constants.debug_level >= 3 )
+ System.out.println(mesg);
+ } catch(Exception e) {
+ e.printStackTrace();
+ boss.setFailure();
+ }
+ setHandshakeCompleted();
+ }
+ }
+
+ /**
+ * Set status return value to false.
+ */
+ public synchronized void setFailure() {
+ success = false;
+ }
+
+ /**
+ * Set status return value to success.
+ */
+ public synchronized boolean getSuccess() {
+ return success;
+ }
+
+ /**
+ * Main method. Used for unit testing.
+ */
+ public static void main(String[] args) {
+
+ String certnick = "JSSCATestCert";
+ String testCipher = null;
+ String testhost = "localhost";
+ int testport = 29753;
+ String certDbPath = null;
+ String passwdFile = null;
+
+ String usage = "USAGE:\n" +
+ "java org.mozilla.jss.tests.JSS_SSLClient" +
+ " \n" +
+ " ";
+
+ try {
+ if ( args.length >= 1 ) {
+ testCipher = (String)args[0];
+ if ( testCipher.toLowerCase().equals("-h"))
+ System.out.println(usage);
+ }
+
+ if ( args.length >= 3 ) {
+ testhost = (String)args[1];
+ testport = new Integer(args[2]).intValue();
+ }
+
+ if ( args.length >= 5 ) {
+ certDbPath = (String)args[3];
+ passwdFile = (String)args[4];
+ }
+ Thread.sleep(5000);
+ } catch (Exception e) {
+ }
+
+ JSS_SSLClient jssTest = new JSS_SSLClient();
+ try {
+ if ( !testhost.equals("localhost") )
+ jssTest.setHostName(testhost);
+
+ if ( testport != 29753 )
+ jssTest.setPort(testport);
+
+ jssTest.setTestCertCallback(true);
+ jssTest.setClientCertNick(certnick);
+
+ if ( certDbPath != null )
+ jssTest.setCertDbPath(certDbPath);
+
+ if ( passwdFile != null )
+ jssTest.setPasswordFile(passwdFile);
+
+ if ( testCipher != null ) {
+ try {
+ jssTest.setCipher(new Integer(testCipher).intValue());
+ jssTest.setEOF(testCipher);
+ jssTest.doIt();
+ while (!jssTest.isHandshakeCompleted()) {
+ //Do nothing
+ }
+ jssTest.clearHandshakeCompleted();
+ } catch (Exception ex) {
+ }
+ // Set EOF to null to trigger server socket close
+ jssTest.setCipher(new Integer(testCipher).intValue());
+ jssTest.setEOF("null");
+ jssTest.doIt();
+ while (!jssTest.isHandshakeCompleted()) {
+ //Do nothing
+ }
+ jssTest.clearHandshakeCompleted();
+ } else {
+ for ( int i=0; i= 3 )
+ System.out.println("Server about .... to create socket");
+ SSLServerSocket serverSock = null;
+
+ if (TestInetAddress) {
+ if ( Constants.debug_level >= 3 )
+ System.out.println("the HostName " + serverHost +
+ " the Inet Address " +
+ InetAddress.getByName(serverHost));
+ serverSock = new SSLServerSocket(port, 5,
+ InetAddress.getByName(serverHost), null , true);
+ } else {
+ if ( Constants.debug_level >= 3 )
+ System.out.println("Inet set to Null");
+ serverSock = new SSLServerSocket(port, 5, null , null , true);
+ }
+
+ if ( Constants.debug_level >= 3 )
+ System.out.println("Server created socket");
+
+ serverSock.requireClientAuth(true, true);
+ serverSock.setServerCertNickname(serverCertNick);
+ if ( Constants.debug_level >= 3 )
+ System.out.println("Server specified cert by nickname");
+
+ boolean socketListenStatus = true;
+
+ while ( socketListenStatus ) {
+ // accept the connection
+ SSLSocket sock = (SSLSocket) serverSock.accept();
+ sock.addHandshakeCompletedListener(
+ new HandshakeListener("server", this));
+
+ // try to read some bytes, to allow the handshake to go through
+ InputStream is = sock.getInputStream();
+ try {
+ BufferedReader bir = new BufferedReader(
+ new InputStreamReader(is));
+ String socketData = bir.readLine();
+ if ( socketData.equals("null") )
+ socketListenStatus = false;
+ else if ( socketData != null )
+ jssSupportedCiphers.add(socketData);
+ } catch(EOFException e) {
+ } catch(IOException ex) {
+ } catch(NullPointerException npe) {
+ socketListenStatus = false;
+ }
+ sock.close();
+ }
+
+ serverSock.close();
+
+ System.out.println("Server exiting");
+ System.out.println("-----------------------------------------" +
+ "----------------");
+ System.out.println("Summary of JSSE client to JSS server " +
+ "communication test :");
+ System.out.println("-----------------------------------------" +
+ "----------------");
+ for ( int i=0; i= 3 )
+ System.out.println(mesg);
+ } catch(Exception e) {
+ e.printStackTrace();
+ boss.setFailure();
+ }
+ }
+ }
+
+ public synchronized void setFailure() {
+ success = false;
+ }
+
+ public synchronized boolean getSuccess() {
+ return success;
+ }
+}
diff --git a/security/jss/org/mozilla/jss/tests/all.pl b/security/jss/org/mozilla/jss/tests/all.pl
index 25c371fcd94..dbd44542558 100644
--- a/security/jss/org/mozilla/jss/tests/all.pl
+++ b/security/jss/org/mozilla/jss/tests/all.pl
@@ -49,6 +49,12 @@ sub usage {
}
my $nss_lib_dir;
+my $dist_dir;
+my $pathsep = ":";
+my $scriptext = "sh";
+my $exe_suffix = "";
+my $jss_rel_dir = "";
+my $jss_classpath = "";
sub setup_vars {
my $argv = shift;
@@ -56,10 +62,9 @@ sub setup_vars {
my $osname = `uname -s`;
my $truncate_lib_path = 1;
- my $pathsep = ":";
- my $exe_suffix = "";
if( $osname =~ /HP/ ) {
$ld_lib_path = "SHLIB_PATH";
+ $scriptext = "sh";
} elsif( $osname =~ /win/i ) {
$ld_lib_path = "PATH";
$truncate_lib_path = 0;
@@ -67,9 +72,11 @@ sub setup_vars {
$exe_suffix = ".exe";
} else {
$ld_lib_path = "LD_LIBRARY_PATH";
+ $scriptext = "sh";
}
- my $dbg_suffix = "_dbg";
+ my $jar_dbg_suffix = "_dbg";
+ my $dbg_suffix = "_DBG";
$ENV{BUILD_OPT} and $dbg_suffix = "";
$ENV{CLASSPATH} = "";
@@ -77,24 +84,27 @@ sub setup_vars {
if( $$argv[0] eq "dist" ) {
shift @$argv;
- my $dist_dir = shift @$argv or usage("did not provide dist_dir");
+ $dist_dir = shift @$argv or usage("did not provide dist_dir");
- $ENV{CLASSPATH} .= "$dist_dir/../xpclass$dbg_suffix.jar";
+ $ENV{CLASSPATH} .= "$dist_dir/../xpclass$jar_dbg_suffix.jar";
( -f $ENV{CLASSPATH} ) or die "$ENV{CLASSPATH} does not exist";
$ENV{$ld_lib_path} = $ENV{$ld_lib_path} . $pathsep . "$dist_dir/lib";
- $nss_lib_dir = "$dist_dir/lib"
+ $nss_lib_dir = "$dist_dir/lib";
+ $jss_rel_dir = "$dist_dir/../classes$dbg_suffix/org";
+ $jss_classpath = "$dist_dir/../xpclass$jar_dbg_suffix.jar";
} elsif( $$argv[0] eq "release" ) {
shift @$argv;
- my $jss_rel_dir = shift @$argv or usage();
- my $nss_rel_dir = shift @$argv or usage();
+ $jss_rel_dir = shift @$argv or usage();
+ my $nss_rel_dir = shift @$argv or usage();
my $nspr_rel_dir = shift @$argv or usage();
- $ENV{CLASSPATH} .= "$jss_rel_dir/../xpclass$dbg_suffix.jar";
+ $ENV{CLASSPATH} .= "$jss_rel_dir/../xpclass$jar_dbg_suffix.jar";
$ENV{$ld_lib_path} =
"$jss_rel_dir/lib$pathsep$nss_rel_dir/lib$pathsep$nspr_rel_dir/lib"
. $pathsep . $ENV{$ld_lib_path};
$nss_lib_dir = "$nss_rel_dir/lib";
+ $jss_classpath = "$jss_rel_dir/../xpclass$jar_dbg_suffix.jar";
} else {
usage();
}
@@ -153,6 +163,7 @@ if( ! -d $testdir ) {
$result and die "Failed to copy builtins library";
}
my $result;
+
print STDERR "============= Setup DB\n";
$result = system("$java org.mozilla.jss.tests.SetupDBs testdir $pwfile");
$result >>=8;
@@ -195,6 +206,13 @@ $result = system("$java org.mozilla.jss.tests.SigTest $testdir " .
"\"$signingToken\" $pwfile"); $result >>=8;
$result and die "SigTest returned $result";
+# test JCA Sig Test
+#
+print STDERR "============= test Mozilla-JSS SigatureSPI JCASitTest\n";
+$result = system("$java org.mozilla.jss.tests.JCASigTest $testdir $pwfile");
+$result >>=8;
+$result and die "TestJCASigTest returned $result";
+
# test Secret Decoder Ring
#
print STDERR "============= test Secret Decoder Ring\n";
@@ -202,9 +220,52 @@ $result = system("$java org.mozilla.jss.tests.TestSDR $testdir $pwfile");
$result >>=8;
$result and die "TestSDR returned $result";
-# test JCA Sig Test
#
-print STDERR "============= test Mozilla-JSS SigatureSPI JCASitTest\n";
-$result = system("$java org.mozilla.jss.tests.JCASigTest $testdir $pwfile");
+# Generate a known cert pair that can be used for testing
+#
+print STDERR "============= Generate known cert pair for testing\n";
+$result=system("$java org.mozilla.jss.tests.GenerateTestCert $testdir $pwfile");
$result >>=8;
-$result and die "TestJCASigTest returned $result";
+$result and die "Generate known cert pair for testing returned $result";
+
+#
+# Create keystore.pfx from generated cert db
+# for "JSSCATestCert"
+print STDERR "============= convert PKCS11 cert to PKCS12 format\n";
+$result = system("$nss_lib_dir/../bin/pk12util$exe_suffix -o keystore.pfx -n JSSCATestCert -d ./$testdir -K netscape -W netscape");
+$result >>=8;
+$result and die "Convert PKCS11 to PKCS12 returned $result";
+
+#
+# Start both JSS and JSSE servers
+#
+print STDERR "============= Start JSSE server tests\n";
+$result=system("./startJsseServ.$scriptext $jss_classpath $testdir");
+$result >>=8;
+$result and die "JSSE servers returned $result";
+
+#
+# Test JSS client communication
+#
+print STDERR "============= Start JSS client tests\n";
+$result = system("cp $testdir/*.db .");
+$result = system("$java org.mozilla.jss.tests.JSS_SSLClient");
+$result >>=8;
+$result and die "JSS client returned $result";
+
+#
+# Start both JSS and JSSE servers
+#
+print STDERR "============= Start JSS server tests\n";
+$result=system("./startJssServ.$scriptext $jss_classpath $testdir");
+$result >>=8;
+$result and die "JSS servers returned $result";
+
+#
+# Test JSSE client communication
+#
+print STDERR "============= Start JSSE client tests\n";
+$result = system("$java org.mozilla.jss.tests.JSSE_SSLClient");
+$result >>=8;
+$result and die "JSSE client returned $result";
+
diff --git a/security/jss/org/mozilla/jss/tests/startJssServ.sh b/security/jss/org/mozilla/jss/tests/startJssServ.sh
new file mode 100755
index 00000000000..c07d5ec8336
--- /dev/null
+++ b/security/jss/org/mozilla/jss/tests/startJssServ.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1994-2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+########################################################################
+#
+# "Starting JSS JAA_SSLServer..."
+#
+${JAVA_HOME}/bin/java -classpath $1 org.mozilla.jss.tests.JSS_SSLServer $2 passwords localhost JSSCATestCert true &
+
diff --git a/security/jss/org/mozilla/jss/tests/startJsseServ.sh b/security/jss/org/mozilla/jss/tests/startJsseServ.sh
new file mode 100755
index 00000000000..8d8988f962c
--- /dev/null
+++ b/security/jss/org/mozilla/jss/tests/startJsseServ.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1994-2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+########################################################################
+#
+# "Starting JSSE JSSE_SSLServer Test..."
+#
+${JAVA_HOME}/bin/java -classpath $1 org.mozilla.jss.tests.JSSE_SSLServer 29753 SSLv3 false &
+