Add client authentication to DTLS test

author: Peter Dettman <peter.dettman@bouncycastle.org> 2013-05-10 07:54:31 +0400
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2013-05-10 07:54:31 +0400
commit: fa5b8d7b38278fd9da92a71f6c47987e12da0507 (patch)
tree: 33107708e269e18d715b968a2fa53634247611c6
parent: 914f71b8594f5e7a30b8028cc7b2adc78976f8b4 (diff)
2 files changed, 65 insertions, 4 deletions
diff --git a/src/test/java/org/bouncycastle/crypto/tls/test/MockDTLSClient.java b/src/test/java/org/bouncycastle/crypto/tls/test/MockDTLSClient.java
index e2a5ed54..13c87028 100644
--- a/src/test/java/org/bouncycastle/crypto/tls/test/MockDTLSClient.java
+++ b/src/test/java/org/bouncycastle/crypto/tls/test/MockDTLSClient.java
@@ -6,17 +6,20 @@ import java.io.PrintStream;
 import org.bouncycastle.asn1.x509.Certificate;
 import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.CertificateRequest;
+import org.bouncycastle.crypto.tls.ClientCertificateType;
 import org.bouncycastle.crypto.tls.DefaultTlsClient;
 import org.bouncycastle.crypto.tls.ProtocolVersion;
-import org.bouncycastle.crypto.tls.ServerOnlyTlsAuthentication;
 import org.bouncycastle.crypto.tls.TlsAuthentication;
+import org.bouncycastle.crypto.tls.TlsCredentials;
 import org.bouncycastle.util.encoders.Hex;
 
 public class MockDTLSClient extends DefaultTlsClient {
 
     public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Exception cause) {
         PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
-        out.println("DTLS client raised alert (AlertLevel." + alertLevel + ", AlertDescription." + alertDescription + ")");
+        out.println("DTLS client raised alert (AlertLevel." + alertLevel + ", AlertDescription." + alertDescription
+            + ")");
         if (message != null) {
             out.println(message);
         }
@@ -27,7 +30,8 @@ public class MockDTLSClient extends DefaultTlsClient {
 
     public void notifyAlertReceived(short alertLevel, short alertDescription) {
         PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
-        out.println("DTLS client received alert (AlertLevel." + alertLevel + ", AlertDescription." + alertDescription + ")");
+        out.println("DTLS client received alert (AlertLevel." + alertLevel + ", AlertDescription." + alertDescription
+            + ")");
     }
 
     public ProtocolVersion getClientVersion() {
@@ -39,7 +43,7 @@ public class MockDTLSClient extends DefaultTlsClient {
     }
 
     public TlsAuthentication getAuthentication() throws IOException {
-        return new ServerOnlyTlsAuthentication() {
+        return new TlsAuthentication() {
             public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate serverCertificate)
                 throws IOException {
                 Certificate[] chain = serverCertificate.getCertificateList();
@@ -50,6 +54,20 @@ public class MockDTLSClient extends DefaultTlsClient {
                         + ")");
                 }
             }
+
+            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
+                short[] certificateTypes = certificateRequest.getCertificateTypes();
+                if (certificateTypes != null) {
+                    for (int i = 0; i < certificateTypes.length; ++i) {
+                        if (certificateTypes[i] == ClientCertificateType.rsa_sign) {
+                            // TODO Create a distinct client certificate for use here
+                            return TlsTestUtils.loadSignerCredentials(context, new String[] { "x509-server.pem",
+                                "x509-ca.pem" }, "x509-server-key.pem");
+                        }
+                    }
+                }
+                return null;
+            }
         };
     }
 
diff --git a/src/test/java/org/bouncycastle/crypto/tls/test/MockDTLSServer.java b/src/test/java/org/bouncycastle/crypto/tls/test/MockDTLSServer.java
index e20a412b..363bf79c 100644
--- a/src/test/java/org/bouncycastle/crypto/tls/test/MockDTLSServer.java
+++ b/src/test/java/org/bouncycastle/crypto/tls/test/MockDTLSServer.java
@@ -3,11 +3,16 @@ package org.bouncycastle.crypto.tls.test;
 import java.io.IOException;
 import java.io.PrintStream;
 
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.CertificateRequest;
+import org.bouncycastle.crypto.tls.ClientCertificateType;
 import org.bouncycastle.crypto.tls.DefaultTlsServer;
 import org.bouncycastle.crypto.tls.ProtocolVersion;
 import org.bouncycastle.crypto.tls.TlsEncryptionCredentials;
 import org.bouncycastle.crypto.tls.TlsSignerCredentials;
+import org.bouncycastle.util.encoders.Hex;
 
 public class MockDTLSServer extends DefaultTlsServer {
 
@@ -29,6 +34,20 @@ public class MockDTLSServer extends DefaultTlsServer {
             + ")");
     }
 
+    public CertificateRequest getCertificateRequest() {
+        return new CertificateRequest(new short[]{ ClientCertificateType.rsa_sign }, null);
+    }
+
+    public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate) throws IOException {
+        Certificate[] chain = clientCertificate.getCertificateList();
+        System.out.println("Received server certificate chain of length " + chain.length);
+        for (Certificate entry : chain) {
+            // TODO Create fingerprint based on certificate signature algorithm digest
+            System.out.println("    fingerprint:SHA-256 " + fingerprint(entry) + " (" + entry.getSubject()
+                + ")");
+        }
+    }
+
     protected ProtocolVersion getMaximumVersion() {
         return ProtocolVersion.DTLSv10;
     }
@@ -46,4 +65,28 @@ public class MockDTLSServer extends DefaultTlsServer {
         return TlsTestUtils.loadSignerCredentials(context, new String[] { "x509-server.pem", "x509-ca.pem" },
             "x509-server-key.pem");
     }
+
+    private static String fingerprint(Certificate c) throws IOException {
+        byte[] der = c.getEncoded();
+        byte[] sha1 = sha256DigestOf(der);
+        byte[] hexBytes = Hex.encode(sha1);
+        String hex = new String(hexBytes, "ASCII").toUpperCase();
+
+        StringBuffer fp = new StringBuffer();
+        int i = 0;
+        fp.append(hex.substring(i, i + 2));
+        while ((i += 2) < hex.length()) {
+            fp.append(':');
+            fp.append(hex.substring(i, i + 2));
+        }
+        return fp.toString();
+    }
+
+    private static byte[] sha256DigestOf(byte[] input) {
+        SHA256Digest d = new SHA256Digest();
+        d.update(input, 0, input.length);
+        byte[] result = new byte[d.getDigestSize()];
+        d.doFinal(result, 0);
+        return result;
+    }
 }
author	Peter Dettman <peter.dettman@bouncycastle.org>	2013-05-10 07:54:31 +0400
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2013-05-10 07:54:31 +0400
commit	fa5b8d7b38278fd9da92a71f6c47987e12da0507 (patch)
tree	33107708e269e18d715b968a2fa53634247611c6
parent	914f71b8594f5e7a30b8028cc7b2adc78976f8b4 (diff)