alvinalexander.com | career | drupal | java | mac | mysql | perl | scala | uml | unix  

Java example source code file (SslContextTrustManagerTest.java)

This example Java source code file (SslContextTrustManagerTest.java) is included in the alvinalexander.com "Java Source Code Warehouse" project. The intent of this project is to help you "Learn Java by Example" TM.

Learn more about this Java project at its project page.

Java - Java tags/keywords

cannot, cas, certificateexception, certificatefactory, exception, inputstream, net, rsa, ssl, sslcontexttrustmanagertest, string, test, trustmanagerfactory, unable, util, x509certificate, x509trustmanager

The SslContextTrustManagerTest.java Java example source code

/*
 * Copyright 2016 The Netty Project
 *
 * The Netty Project licenses this file to you under the Apache License,
 * version 2.0 (the "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at:
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations
 * under the License.
 */
package io.netty.handler.ssl;

import static org.junit.Assert.fail;
import static org.junit.Assert.assertNotNull;

import java.io.InputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;

import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

import org.junit.Test;

public class SslContextTrustManagerTest {
    @Test
    public void testUsingAllCAs() throws Exception {
        runTests(new String[] { "tm_test_ca_1a.pem", "tm_test_ca_1b.pem",
                "tm_test_ca_2.pem" }, new String[] { "tm_test_eec_1.pem",
                "tm_test_eec_2.pem", "tm_test_eec_3.pem" }, new boolean[] {
                true, true, true });
    }

    @Test
    public void testUsingAllCAsWithDuplicates() throws Exception {
        runTests(new String[] { "tm_test_ca_1a.pem", "tm_test_ca_1b.pem",
                "tm_test_ca_2.pem", "tm_test_ca_2.pem" },
                new String[] { "tm_test_eec_1.pem", "tm_test_eec_2.pem",
                        "tm_test_eec_3.pem" },
                new boolean[] { true, true, true });
    }

    @Test
    public void testUsingCAsOneAandB() throws Exception {
        runTests(new String[] { "tm_test_ca_1a.pem", "tm_test_ca_1b.pem", },
                new String[] { "tm_test_eec_1.pem", "tm_test_eec_2.pem",
                        "tm_test_eec_3.pem" }, new boolean[] { true, true,
                        false });
    }

    @Test
    public void testUsingCAsOneAandTwo() throws Exception {
        runTests(new String[] { "tm_test_ca_1a.pem", "tm_test_ca_2.pem" },
                new String[] { "tm_test_eec_1.pem", "tm_test_eec_2.pem",
                        "tm_test_eec_3.pem" }, new boolean[] { true, false,
                        true });
    }

    /**
     *
     * @param caResources
     *            an array of paths to CA Certificates in PEM format to load
     *            from the classpath (relative to this class).
     * @param eecResources
     *            an array of paths to Server Certificates in PEM format in to
     *            load from the classpath (relative to this class).
     * @param expectations
     *            an array of expecting results for each EEC Server Certificate
     *            (the array is expected to have the same length the previous
     *            argument, and be arrange in matching order: true means
     *            expected to be valid, false otherwise.
     */
    private static void runTests(String[] caResources, String[] eecResources,
            boolean[] expectations) throws Exception {
        X509TrustManager tm = getTrustManager(caResources);

        X509Certificate[] eecCerts = loadCertCollection(eecResources);

        for (int i = 0; i < eecResources.length; i++) {
            X509Certificate eecCert = eecCerts[i];
            assertNotNull("Cannot use cert " + eecResources[i], eecCert);
            try {
                tm.checkServerTrusted(new X509Certificate[] { eecCert }, "RSA");
                if (!expectations[i]) {
                    fail(String.format(
                            "Certificate %s was expected not to be valid when using CAs %s, but its "
                                    + "verification passed.", eecResources[i],
                            Arrays.asList(caResources)));
                }
            } catch (CertificateException e) {
                if (expectations[i]) {
                    fail(String.format(
                            "Certificate %s was expected to be valid when using CAs %s, but its "
                                    + "verification failed.", eecResources[i],
                            Arrays.asList(caResources)));
                }
            }
        }
    }

    private static X509TrustManager getTrustManager(String[] resourceNames)
            throws Exception {
        X509Certificate[] certCollection = loadCertCollection(resourceNames);
        TrustManagerFactory tmf = SslContext.buildTrustManagerFactory(
                certCollection, null);

        for (TrustManager tm : tmf.getTrustManagers()) {
            if (tm instanceof X509TrustManager) {
                return (X509TrustManager) tm;
            }
        }

        throw new Exception(
                "Unable to find any X509TrustManager from this factory.");
    }

    private static X509Certificate[] loadCertCollection(String[] resourceNames)
            throws Exception {
        CertificateFactory certFactory = CertificateFactory
                .getInstance("X.509");

        X509Certificate[] certCollection = new X509Certificate[resourceNames.length];
        for (int i = 0; i < resourceNames.length; i++) {
            String resourceName = resourceNames[i];
            InputStream is = null;
            try {
                is = SslContextTest.class.getResourceAsStream(resourceName);
                assertNotNull("Cannot find " + resourceName, is);
                certCollection[i] = (X509Certificate) certFactory
                        .generateCertificate(is);
            } finally {
                if (is != null) {
                    is.close();
                }
            }
        }
        return certCollection;
    }
}

Other Java examples (source code examples)

Here is a short list of links related to this Java SslContextTrustManagerTest.java source code file:

... this post is sponsored by my books ...

#1 New Release!

FP Best Seller

 

new blog posts

 

Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.

A percentage of advertising revenue from
pages under the /java/jwarehouse URI on this website is
paid back to open source projects.