29 * @summary compatibility issue with MD2 trust anchor and old X509TrustManager
30 *
31 * SunJSSE does not support dynamic system properties, no way to re-use
32 * system properties in samevm/agentvm mode.
33 * @run main/othervm MD2InTrustAnchor PKIX TLSv1.1
34 * @run main/othervm MD2InTrustAnchor SunX509 TLSv1.1
35 * @run main/othervm MD2InTrustAnchor PKIX TLSv1.2
36 * @run main/othervm MD2InTrustAnchor SunX509 TLSv1.2
37 */
38
39 import java.net.*;
40 import java.util.*;
41 import java.io.*;
42 import javax.net.ssl.*;
43 import java.security.KeyStore;
44 import java.security.KeyFactory;
45 import java.security.cert.Certificate;
46 import java.security.cert.CertificateFactory;
47 import java.security.spec.*;
48 import java.security.interfaces.*;
49 import sun.misc.BASE64Decoder;
50
51
52 public class MD2InTrustAnchor {
53
54 /*
55 * =============================================================
56 * Set the various variables needed for the tests, then
57 * specify what tests to run on each side.
58 */
59
60 /*
61 * Should we run the client or server in a separate thread?
62 * Both sides can throw exceptions, but do you have a preference
63 * as to which side should be the main thread.
64 */
65 static boolean separateServerThread = false;
66
67 /*
68 * Certificates and key used in the test.
69 */
70
71 // It's a trust anchor signed with MD2 hash function.
221 CertificateFactory cf = CertificateFactory.getInstance("X.509");
222
223 // create a key store
224 KeyStore ks = KeyStore.getInstance("JKS");
225 ks.load(null, null);
226
227 // import the trused cert
228 Certificate trusedCert = null;
229 ByteArrayInputStream is = null;
230 if (trustedCertStr != null) {
231 is = new ByteArrayInputStream(trustedCertStr.getBytes());
232 trusedCert = cf.generateCertificate(is);
233 is.close();
234
235 ks.setCertificateEntry("RSA Export Signer", trusedCert);
236 }
237
238 if (keyCertStr != null) {
239 // generate the private key.
240 PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
241 new BASE64Decoder().decodeBuffer(keySpecStr));
242 KeyFactory kf = KeyFactory.getInstance("RSA");
243 RSAPrivateKey priKey =
244 (RSAPrivateKey)kf.generatePrivate(priKeySpec);
245
246 // generate certificate chain
247 is = new ByteArrayInputStream(keyCertStr.getBytes());
248 Certificate keyCert = cf.generateCertificate(is);
249 is.close();
250
251 // It's not allowed to send MD2 signed certificate to peer,
252 // even it may be a trusted certificate. Then we will not
253 // place the trusted certficate in the chain.
254 Certificate[] chain = new Certificate[1];
255 chain[0] = keyCert;
256
257 // import the key entry.
258 ks.setKeyEntry("Whatever", priKey, passphrase, chain);
259 }
260
261 // create SSL context
|
29 * @summary compatibility issue with MD2 trust anchor and old X509TrustManager
30 *
31 * SunJSSE does not support dynamic system properties, no way to re-use
32 * system properties in samevm/agentvm mode.
33 * @run main/othervm MD2InTrustAnchor PKIX TLSv1.1
34 * @run main/othervm MD2InTrustAnchor SunX509 TLSv1.1
35 * @run main/othervm MD2InTrustAnchor PKIX TLSv1.2
36 * @run main/othervm MD2InTrustAnchor SunX509 TLSv1.2
37 */
38
39 import java.net.*;
40 import java.util.*;
41 import java.io.*;
42 import javax.net.ssl.*;
43 import java.security.KeyStore;
44 import java.security.KeyFactory;
45 import java.security.cert.Certificate;
46 import java.security.cert.CertificateFactory;
47 import java.security.spec.*;
48 import java.security.interfaces.*;
49 import java.util.Base64;
50
51 public class MD2InTrustAnchor {
52
53 /*
54 * =============================================================
55 * Set the various variables needed for the tests, then
56 * specify what tests to run on each side.
57 */
58
59 /*
60 * Should we run the client or server in a separate thread?
61 * Both sides can throw exceptions, but do you have a preference
62 * as to which side should be the main thread.
63 */
64 static boolean separateServerThread = false;
65
66 /*
67 * Certificates and key used in the test.
68 */
69
70 // It's a trust anchor signed with MD2 hash function.
220 CertificateFactory cf = CertificateFactory.getInstance("X.509");
221
222 // create a key store
223 KeyStore ks = KeyStore.getInstance("JKS");
224 ks.load(null, null);
225
226 // import the trused cert
227 Certificate trusedCert = null;
228 ByteArrayInputStream is = null;
229 if (trustedCertStr != null) {
230 is = new ByteArrayInputStream(trustedCertStr.getBytes());
231 trusedCert = cf.generateCertificate(is);
232 is.close();
233
234 ks.setCertificateEntry("RSA Export Signer", trusedCert);
235 }
236
237 if (keyCertStr != null) {
238 // generate the private key.
239 PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
240 Base64.getMimeDecoder().decode(keySpecStr));
241 KeyFactory kf = KeyFactory.getInstance("RSA");
242 RSAPrivateKey priKey =
243 (RSAPrivateKey)kf.generatePrivate(priKeySpec);
244
245 // generate certificate chain
246 is = new ByteArrayInputStream(keyCertStr.getBytes());
247 Certificate keyCert = cf.generateCertificate(is);
248 is.close();
249
250 // It's not allowed to send MD2 signed certificate to peer,
251 // even it may be a trusted certificate. Then we will not
252 // place the trusted certficate in the chain.
253 Certificate[] chain = new Certificate[1];
254 chain[0] = keyCert;
255
256 // import the key entry.
257 ks.setKeyEntry("Whatever", priKey, passphrase, chain);
258 }
259
260 // create SSL context
|