change mock GMSSL CLient/Server to SimpleGMSSL public access.

bcgit · Trisia · Mar 5, 2021 · Mar 5, 2021 · Mar 5, 2021 · Mar 5, 2021
commit 5dfe15eaa3201b5e4038e4643602ad46487d6bee
diff --git a/...ouncycastle/tls/test/MockGMSSLClient.java → ...e/jsse/provider/gm/SimpleGMSSLClient.java b/...ouncycastle/tls/test/MockGMSSLClient.java → ...e/jsse/provider/gm/SimpleGMSSLClient.java
@@ -1,4 +1,4 @@
-package org.bouncycastle.tls.test;
+package org.bouncycastle.jsse.provider.gm;
 
 import org.bouncycastle.tls.*;
 import org.bouncycastle.tls.crypto.TlsCrypto;
@@ -9,12 +9,15 @@
 import java.util.Hashtable;
 
 /**
- * Mock GMSSL client
+ * Simple GMSSL client
+ *
+ * - make handshake connection
+ * - no authentication
  *
  * @author Cliven
  * @since 2021-03-09 14:01:50
  */
-public class MockGMSSLClient extends AbstractTlsClient
+public class SimpleGMSSLClient extends AbstractTlsClient
 {
     private static final int[] DEFAULT_CIPHER_SUITES = new int[]
     {
@@ -24,12 +27,12 @@ public class MockGMSSLClient extends AbstractTlsClient
         CipherSuite.GMSSL_ECC_SM4_SM3,
     };
 
-    public MockGMSSLClient()
+    public SimpleGMSSLClient()
     {
         this(new BcTlsCrypto(new SecureRandom()));
     }
 
-    public MockGMSSLClient(TlsCrypto crypto)
+    public SimpleGMSSLClient(TlsCrypto crypto)
     {
         super(crypto);
     }
@@ -52,12 +55,12 @@ public TlsAuthentication getAuthentication() throws IOException
 
             public void notifyServerCertificate(TlsServerCertificate serverCertificate) throws IOException
             {
-                System.out.println(">> TlsAuthentication on notifyServerCertificate");
+//                System.out.println(">> TlsAuthentication on notifyServerCertificate");
             }
 
             public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException
             {
-                System.out.println(">> TlsAuthentication on getClientCredentials");
+//                System.out.println(">> TlsAuthentication on getClientCredentials");
                    return null;
             }
         };

diff --git a/tls/src/main/java/org/bouncycastle/jsse/provider/gm/SimpleGMSSLServer.java b/tls/src/main/java/org/bouncycastle/jsse/provider/gm/SimpleGMSSLServer.java
@@ -0,0 +1,121 @@
+package org.bouncycastle.jsse.provider.gm;
+
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.tls.*;
+import org.bouncycastle.tls.crypto.TlsCrypto;
+import org.bouncycastle.tls.crypto.impl.bc.BcGMSSLCredentials;
+import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
+import org.bouncycastle.util.encoders.Hex;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.security.SecureRandom;
+
+/**
+ * Simple GMSSL Server
+ *
+ * @author Cliven
+ * @since 2021-03-16 09:31:14
+ */
+public class SimpleGMSSLServer
+    extends DefaultTlsServer
+{
+    /*
+     * contain two cert, first for sign, second for encrypt
+     */
+    protected Certificate certList;
+    protected AsymmetricKeyParameter signKey;
+    protected AsymmetricKeyParameter encKey;
+
+    /**
+     * Create GMSSL Server Instance
+     *
+     * @param crypto  crypto
+     * @param certList contain two cert, first for sign, second for encrypt
+     * @param signKey sign private key
+     * @param encKey encrypt private key
+     */
+    public SimpleGMSSLServer(TlsCrypto crypto, Certificate certList, AsymmetricKeyParameter signKey, AsymmetricKeyParameter encKey)
+    {
+        super(crypto);
+        this.certList = certList;
+        this.signKey = signKey;
+        this.encKey = encKey;
+    }
+
+    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+    {
+//        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+//        out.println("GMSSL server raised alert: " + AlertLevel.getText(alertLevel)
+//            + ", " + AlertDescription.getText(alertDescription));
+//        if (message != null)
+//        {
+//            out.println("> " + message);
+//        }
+//        if (cause != null)
+//        {
+//            cause.printStackTrace(out);
+//        }
+    }
+
+    public void notifyAlertReceived(short alertLevel, short alertDescription)
+    {
+//        PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+//        out.println("GMSSL server received alert: " + AlertLevel.getText(alertLevel)
+//            + ", " + AlertDescription.getText(alertDescription));
+    }
+
+    @Override
+    public void notifySecureRenegotiation(boolean secureRenegotiation) throws IOException
+    {
+
+    }
+
+    public ProtocolVersion getServerVersion() throws IOException
+    {
+        return ProtocolVersion.GMSSLv11;
+    }
+
+    public CertificateRequest getCertificateRequest() throws IOException
+    {
+        return null;
+    }
+
+    public void notifyClientCertificate(Certificate clientCertificate) throws IOException
+    {
+
+    }
+
+    public void notifyHandshakeComplete() throws IOException
+    {
+
+    }
+
+    @Override
+    public TlsCredentials getCredentials() throws IOException
+    {
+        return new BcGMSSLCredentials((BcTlsCrypto) getCrypto(), certList, signKey, encKey);
+    }
+
+    @Override
+    public boolean shouldUseGMTUnixTime()
+    {
+        return true;
+    }
+
+    protected int[] getSupportedCipherSuites()
+    {
+        return new int[]{CipherSuite.GMSSL_ECC_SM4_SM3};
+    }
+
+    protected ProtocolVersion[] getSupportedVersions()
+    {
+        return ProtocolVersion.GMSSLv11.only();
+    }
+
+    protected String hex(byte[] data)
+    {
+        return data == null ? "(null)" : Hex.toHexString(data);
+    }
+
+}
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/GMSSLClientTest.java b/tls/src/test/java/org/bouncycastle/tls/test/GMSSLClientTest.java
@@ -2,6 +2,7 @@
 
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
+import org.bouncycastle.jsse.provider.gm.SimpleGMSSLClient;
 import org.bouncycastle.tls.TlsClientProtocol;
 import org.bouncycastle.util.io.Streams;
 
@@ -30,16 +31,15 @@ public static void main(String[] args)
         Security.addProvider(new BouncyCastleJsseProvider());
 
         String host = "localhost";
-        int port = 446;
+        int port = 5557;
 //        String host = "sm2test.ovssl.cn";
 //        int port = 443;
-//        jsse(host, port);
         bc(host, port);
     }
 
     private static void bc(String host, int port) throws IOException
     {
-        final MockGMSSLClient client = new MockGMSSLClient();
+        final SimpleGMSSLClient client = new SimpleGMSSLClient();
         Socket s = new Socket(host, port);
         TlsClientProtocol protocol = new TlsClientProtocol(s.getInputStream(), s.getOutputStream());
         protocol.connect(client);

diff --git a/tls/src/test/java/org/bouncycastle/tls/test/GMSSLServerTest.java b/tls/src/test/java/org/bouncycastle/tls/test/GMSSLServerTest.java
@@ -1,6 +1,9 @@
 package org.bouncycastle.tls.test;
 
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.jsse.provider.gm.SimpleGMSSLServer;
 import org.bouncycastle.tls.*;
+import org.bouncycastle.tls.crypto.TlsCertificate;
 import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
 import org.bouncycastle.util.io.Streams;
 import org.bouncycastle.util.io.TeeOutputStream;
@@ -11,18 +14,33 @@
 
 /**
  * A simple test designed to conduct a GMSSL handshake with an external GMSSL client.
- * <p>
  *
- * </p>
+ * @author Cliven
+ * @since 2021-03-16 09:57:58
  */
 public class GMSSLServerTest
 {
+    static BcTlsCrypto crypto;
+    static AsymmetricKeyParameter signKey;
+    static AsymmetricKeyParameter encKey;
+    static Certificate certList;
+
     public static void main(String[] args) throws Exception
     {
 
         int port = 5557;
-
         ServerSocket ss = new ServerSocket(port, 16);
+
+        crypto = new BcTlsCrypto(new SecureRandom());
+
+        certList = new Certificate(new TlsCertificate[]{
+                TlsTestUtils.loadCertificateResource(crypto, "x509-server-sm2-sign.pem"),
+                TlsTestUtils.loadCertificateResource(crypto, "x509-server-sm2-enc.pem"),
+        });
+
+        signKey = TlsTestUtils.loadBcPrivateKeyResource("x509-server-key-sm2-sign.pem");
+        encKey = TlsTestUtils.loadBcPrivateKeyResource("x509-server-key-sm2-enc.pem");
+
         try
         {
             while (true)
@@ -50,10 +68,9 @@ static class ServerThread extends Thread
 
         public void run()
         {
-            byte[] buff = new byte[2028];
             try
             {
-                MockGMSSLServer server = new MockGMSSLServer();
+                SimpleGMSSLServer server = new SimpleGMSSLServer(crypto, certList, signKey, encKey);
                 TlsServerProtocol serverProtocol = new TlsServerProtocol(s.getInputStream(), s.getOutputStream());
                 serverProtocol.accept(server);
 
@@ -73,11 +90,7 @@ public void run()
                 System.out.println();
 
                 OutputStream outputStream = serverProtocol.getOutputStream();
-                String resp = "HTTP/1.1 200 OK\r\n"
-                        + "Content-Length: 6\r\n"
-                        + "Content-Type: text/plain; charset=utf-8\r\n"
-                        + "\r\n"
-                        + "hello\n";
+                String resp = "HTTP/1.1 200 OK\r\n" + "Content-Length: 6\r\n" + "Content-Type: text/plain; charset=utf-8\r\n" + "\r\n" + "hello\n";
                 outputStream.write(resp.getBytes("UTF-8"));
                 outputStream.flush();
                 serverProtocol.close();

diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockGMSSLServer.java b/tls/src/test/java/org/bouncycastle/tls/test/MockGMSSLServer.java