1 /*
2 * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /* @test
25 * @bug 6766775
26 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
27 * @run main/othervm IPAddressDNSIdentities
28 *
29 * SunJSSE does not support dynamic system properties, no way to re-use
30 * system properties in samevm/agentvm mode.
31 * @author Xuelei Fan
32 */
33
34 import java.net.*;
35 import java.util.*;
36 import java.io.*;
37 import javax.net.ssl.*;
38 import java.security.KeyStore;
39 import java.security.KeyFactory;
40 import java.security.cert.Certificate;
41 import java.security.cert.CertificateFactory;
42 import java.security.spec.*;
43 import java.security.interfaces.*;
44 import java.math.BigInteger;
45
46 import sun.security.ssl.SSLSocketImpl;
47
48 /*
49 * Certificates and key used in the test.
50 *
51 * TLS server certificate:
52 * server private key:
53 * -----BEGIN RSA PRIVATE KEY-----
54 * Proc-Type: 4,ENCRYPTED
55 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A
56 *
57 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e
58 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI
59 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n
60 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb
61 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP
62 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz
63 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF
64 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J
65 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa
66 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH
67 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT
68 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q
69 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==
70 * -----END RSA PRIVATE KEY-----
71 *
72 * -----BEGIN RSA PRIVATE KEY-----
73 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie
74 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU
75 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB
76 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi
77 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y
78 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo
79 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4
80 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51
81 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16
82 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2
83 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC
84 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF
85 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=
86 * -----END RSA PRIVATE KEY-----
87 *
88 * Private-Key: (1024 bit)
89 * modulus:
90 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
91 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
92 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
93 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
94 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
95 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
96 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
97 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
98 * 30:05:40:2c:4f:ab:d9:74:89
99 * publicExponent: 65537 (0x10001)
100 * privateExponent:
101 * 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:
102 * 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:
103 * e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:
104 * 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:
105 * 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:
106 * 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:
107 * 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:
108 * fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:
109 * 37:6b:37:59:ed:db:6d:b1
110 * prime1:
111 * 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:
112 * ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:
113 * 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:
114 * c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:
115 * d6:11:4c:99:c7
116 * prime2:
117 * 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:
118 * 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:
119 * 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:
120 * 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:
121 * e0:e1:84:ff:2f
122 * exponent1:
123 * 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:
124 * 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:
125 * 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:
126 * 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:
127 * 12:b7:6e:91
128 * exponent2:
129 * 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:
130 * d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:
131 * 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:
132 * 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:
133 * 19:7b:b0:de:53
134 * coefficient:
135 * 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:
136 * cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:
137 * 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:
138 * 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:
139 * 12:d7:eb:4f
140 *
141 *
142 * server certificate:
143 * Data:
144 * Version: 3 (0x2)
145 * Serial Number: 8 (0x8)
146 * Signature Algorithm: md5WithRSAEncryption
147 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
148 * Validity
149 * Not Before: Dec 8 03:43:04 2008 GMT
150 * Not After : Aug 25 03:43:04 2028 GMT
151 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost
152 * Subject Public Key Info:
153 * Public Key Algorithm: rsaEncryption
154 * RSA Public Key: (1024 bit)
155 * Modulus (1024 bit):
156 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
157 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
158 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
159 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
160 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
161 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
162 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
163 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
164 * 30:05:40:2c:4f:ab:d9:74:89
165 * Exponent: 65537 (0x10001)
166 * X509v3 extensions:
167 * X509v3 Basic Constraints:
168 * CA:FALSE
169 * X509v3 Key Usage:
170 * Digital Signature, Non Repudiation, Key Encipherment
171 * X509v3 Subject Key Identifier:
172 * ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54
173 * X509v3 Authority Key Identifier:
174 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
175 *
176 * X509v3 Subject Alternative Name: critical
177 * DNS:localhost
178 * Signature Algorithm: md5WithRSAEncryption0
179 *
180 * -----BEGIN CERTIFICATE-----
181 * MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
182 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
183 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ
184 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
185 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD
186 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3
187 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6
188 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS
189 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw
190 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV
191 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh
192 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac
193 * PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi
194 * nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn
195 * JqCpf5uZGOo=
196 * -----END CERTIFICATE-----
197 *
198 *
199 * TLS client certificate:
200 * client private key:
201 * ----BEGIN RSA PRIVATE KEY-----
202 * Proc-Type: 4,ENCRYPTED
203 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390
204 *
205 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4
206 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf
207 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak
208 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH
209 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat
210 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46
211 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++
212 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+
213 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN
214 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U
215 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO
216 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig
217 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=
218 * -----END RSA PRIVATE KEY-----
219 *
220 * -----BEGIN RSA PRIVATE KEY-----
221 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4
222 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z
223 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB
224 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW
225 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf
226 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6
227 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3
228 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX
229 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM
230 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1
231 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j
232 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY
233 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==
234 * -----END RSA PRIVATE KEY-----
235 *
236 * Private-Key: (1024 bit)
237 * modulus:
238 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
239 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
240 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
241 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
242 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
243 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
244 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
245 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
246 * 75:8d:f5:82:ac:43:92:44:1b
247 * publicExponent: 65537 (0x10001)
248 * privateExponent:
249 * 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:
250 * 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:
251 * fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:
252 * b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:
253 * 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:
254 * 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:
255 * 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:
256 * 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:
257 * e5:28:9b:f9:4c:94:c6:b1
258 * prime1:
259 * 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:
260 * 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:
261 * a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:
262 * 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:
263 * e2:a0:4d:ab:b5
264 * prime2:
265 * 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:
266 * 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:
267 * 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:
268 * bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:
269 * 76:7d:ce:32:8f
270 * exponent1:
271 * 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:
272 * 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:
273 * 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:
274 * 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:
275 * 4c:de:38:95
276 * exponent2:
277 * 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:
278 * ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:
279 * 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:
280 * eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:
281 * 0d:78:df:fd
282 * coefficient:
283 * 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:
284 * de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:
285 * aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:
286 * 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:
287 * 35:92:f2:e3
288 *
289 * client certificate:
290 * Data:
291 * Version: 3 (0x2)
292 * Serial Number: 9 (0x9)
293 * Signature Algorithm: md5WithRSAEncryption
294 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
295 * Validity
296 * Not Before: Dec 8 03:43:24 2008 GMT
297 * Not After : Aug 25 03:43:24 2028 GMT
298 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost
299 * Subject Public Key Info:
300 * Public Key Algorithm: rsaEncryption
301 * RSA Public Key: (1024 bit)
302 * Modulus (1024 bit):
303 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
304 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
305 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
306 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
307 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
308 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
309 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
310 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
311 * 75:8d:f5:82:ac:43:92:44:1b
312 * Exponent: 65537 (0x10001)
313 * X509v3 extensions:
314 * X509v3 Basic Constraints:
315 * CA:FALSE
316 * X509v3 Key Usage:
317 * Digital Signature, Non Repudiation, Key Encipherment
318 * X509v3 Subject Key Identifier:
319 * CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6
320 * X509v3 Authority Key Identifier:
321 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
322 *
323 * X509v3 Subject Alternative Name: critical
324 * DNS:localhost
325 * Signature Algorithm: md5WithRSAEncryption
326 *
327 * -----BEGIN CERTIFICATE-----
328 * MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
329 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
330 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ
331 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
332 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD
333 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas
334 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV
335 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq
336 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw
337 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV
338 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh
339 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F
340 * HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj
341 * XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN
342 * cl/epUcHL7E=
343 * -----END CERTIFICATE-----
344 *
345 *
346 *
347 * Trusted CA certificate:
348 * Certificate:
349 * Data:
350 * Version: 3 (0x2)
351 * Serial Number: 0 (0x0)
352 * Signature Algorithm: md5WithRSAEncryption
353 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
354 * Validity
355 * Not Before: Dec 8 02:43:36 2008 GMT
356 * Not After : Aug 25 02:43:36 2028 GMT
357 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org
358 * Subject Public Key Info:
359 * Public Key Algorithm: rsaEncryption
360 * RSA Public Key: (1024 bit)
361 * Modulus (1024 bit):
362 * 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:
363 * d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:
364 * 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:
365 * 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:
366 * 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:
367 * 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:
368 * f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:
369 * 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:
370 * 89:2a:95:12:4c:d8:09:2a:e9
371 * Exponent: 65537 (0x10001)
372 * X509v3 extensions:
373 * X509v3 Subject Key Identifier:
374 * FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
375 * X509v3 Authority Key Identifier:
376 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
377 * DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org
378 * serial:00
379 *
380 * X509v3 Basic Constraints:
381 * CA:TRUE
382 * Signature Algorithm: md5WithRSAEncryption
383 *
384 * -----BEGIN CERTIFICATE-----
385 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
386 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
387 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ
388 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
389 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
390 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX
391 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj
392 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G
393 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ
394 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt
395 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw
396 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA
397 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ
398 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P
399 * 6Mvf0r1PNTY2hwTJLJmKtg==
400 * -----END CERTIFICATE---
401 */
402
403
404 public class IPAddressDNSIdentities {
405 static Map cookies;
406 ServerSocket ss;
407
408 /*
409 * =============================================================
410 * Set the various variables needed for the tests, then
411 * specify what tests to run on each side.
412 */
413
414 /*
415 * Should we run the client or server in a separate thread?
416 * Both sides can throw exceptions, but do you have a preference
417 * as to which side should be the main thread.
418 */
419 static boolean separateServerThread = true;
420
421 /*
422 * Where do we find the keystores?
423 */
424 static String trusedCertStr =
425 "-----BEGIN CERTIFICATE-----\n" +
426 "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
427 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
428 "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" +
429 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
430 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +
431 "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" +
432 "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" +
433 "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" +
434 "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" +
435 "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" +
436 "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" +
437 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" +
438 "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" +
439 "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" +
440 "6Mvf0r1PNTY2hwTJLJmKtg==\n" +
441 "-----END CERTIFICATE-----";
442
443 static String serverCertStr =
444 "-----BEGIN CERTIFICATE-----\n" +
445 "MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
446 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
447 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ\n" +
448 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
449 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" +
450 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" +
451 "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" +
452 "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" +
453 "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" +
454 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" +
455 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" +
456 "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac\n" +
457 "PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi\n" +
458 "nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn\n" +
459 "JqCpf5uZGOo=\n" +
460 "-----END CERTIFICATE-----";
461
462 static String clientCertStr =
463 "-----BEGIN CERTIFICATE-----\n" +
464 "MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
465 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
466 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ\n" +
467 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
468 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" +
469 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" +
470 "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" +
471 "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" +
472 "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" +
473 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" +
474 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" +
475 "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F\n" +
476 "HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj\n" +
477 "XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN\n" +
478 "cl/epUcHL7E=\n" +
479 "-----END CERTIFICATE-----";
480
481 static byte serverPrivateExponent[] = {
482 (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83,
483 (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44,
484 (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89,
485 (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60,
486 (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21,
487 (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc,
488 (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e,
489 (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3,
490 (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54,
491 (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf,
492 (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0,
493 (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9,
494 (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29,
495 (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c,
496 (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9,
497 (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6,
498 (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72,
499 (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4,
500 (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76,
501 (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f,
502 (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5,
503 (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71,
504 (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e,
505 (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4,
506 (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a,
507 (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4,
508 (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a,
509 (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18,
510 (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba,
511 (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3,
512 (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59,
513 (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1
514 };
515
516 static byte serverModulus[] = {
517 (byte)0x00,
518 (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c,
519 (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99,
520 (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79,
521 (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48,
522 (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84,
523 (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c,
524 (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9,
525 (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39,
526 (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72,
527 (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44,
528 (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc,
529 (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6,
530 (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54,
531 (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc,
532 (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f,
533 (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f,
534 (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2,
535 (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88,
536 (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f,
537 (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53,
538 (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33,
539 (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47,
540 (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea,
541 (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75,
542 (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc,
543 (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9,
544 (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2,
545 (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24,
546 (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03,
547 (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30,
548 (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f,
549 (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89
550 };
551
552 static byte clientPrivateExponent[] = {
553 (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36,
554 (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce,
555 (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84,
556 (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25,
557 (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4,
558 (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a,
559 (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19,
560 (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2,
561 (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77,
562 (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84,
563 (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41,
564 (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8,
565 (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71,
566 (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a,
567 (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0,
568 (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6,
569 (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39,
570 (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e,
571 (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a,
572 (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88,
573 (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89,
574 (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d,
575 (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a,
576 (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69,
577 (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37,
578 (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7,
579 (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27,
580 (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8,
581 (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8,
582 (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1,
583 (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9,
584 (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1
585 };
586
587 static byte clientModulus[] = {
588 (byte)0x00,
589 (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36,
590 (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e,
591 (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00,
592 (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f,
593 (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93,
594 (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1,
595 (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8,
596 (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99,
597 (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f,
598 (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24,
599 (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7,
600 (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44,
601 (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2,
602 (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c,
603 (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d,
604 (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a,
605 (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6,
606 (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f,
607 (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97,
608 (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05,
609 (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf,
610 (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3,
611 (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c,
612 (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf,
613 (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56,
614 (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9,
615 (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf,
616 (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab,
617 (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1,
618 (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75,
619 (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac,
620 (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b
621 };
622
623 static char passphrase[] = "passphrase".toCharArray();
624
625 /*
626 * Is the server ready to serve?
627 */
628 volatile static boolean serverReady = false;
629
630 /*
631 * Is the connection ready to close?
632 */
633 volatile static boolean closeReady = false;
634
635 /*
636 * Turn on SSL debugging?
637 */
638 static boolean debug = false;
639
640 private SSLServerSocket sslServerSocket = null;
641
642 /*
643 * Define the server side of the test.
644 *
645 * If the server prematurely exits, serverReady will be set to true
646 * to avoid infinite hangs.
647 */
648 void doServerSide() throws Exception {
649 SSLContext context = getSSLContext(trusedCertStr, serverCertStr,
650 serverModulus, serverPrivateExponent, passphrase);
651 SSLServerSocketFactory sslssf = context.getServerSocketFactory();
652
653 sslServerSocket =
654 (SSLServerSocket) sslssf.createServerSocket(serverPort);
655 serverPort = sslServerSocket.getLocalPort();
656
657 /*
658 * Signal Client, we're ready for his connect.
659 */
660 serverReady = true;
661
662 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
663 sslSocket.setNeedClientAuth(true);
664
665 PrintStream out =
666 new PrintStream(sslSocket.getOutputStream());
667
668 try {
669 // ignore request data
670
671 // send the response
672 out.print("HTTP/1.1 200 OK\r\n");
673 out.print("Content-Type: text/html; charset=iso-8859-1\r\n");
674 out.print("Content-Length: "+ 9 +"\r\n");
675 out.print("\r\n");
676 out.print("Testing\r\n");
677 out.flush();
678 } finally {
679 // close the socket
680 while (!closeReady) {
681 Thread.sleep(50);
682 }
683
684 System.out.println("Server closing socket");
685 sslSocket.close();
686 serverReady = false;
687 }
688
689 }
690
691 /*
692 * Define the client side of the test.
693 *
694 * If the server prematurely exits, serverReady will be set to true
695 * to avoid infinite hangs.
696 */
697 void doClientSide() throws Exception {
698 SSLContext reservedSSLContext = SSLContext.getDefault();
699 try {
700 SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
701 clientModulus, clientPrivateExponent, passphrase);
702
703 SSLContext.setDefault(context);
704
705 /*
706 * Wait for server to get started.
707 */
708 while (!serverReady) {
709 Thread.sleep(50);
710 }
711
712 HttpsURLConnection http = null;
713
714 /* establish http connection to server */
715 URL url = new URL("https://127.0.0.1:" + serverPort+"/");
716 System.out.println("url is "+url.toString());
717
718 try {
719 http = (HttpsURLConnection)url.openConnection();
720
721 int respCode = http.getResponseCode();
722 System.out.println("respCode = " + respCode);
723
724 throw new Exception("Unexpectly found " +
725 "subject alternative name matching IP address");
726 } catch (SSLHandshakeException sslhe) {
727 // no subject alternative names matching IP address 127.0.0.1
728 // found that's the expected exception, ignore it.
729 } catch (IOException ioe) {
730 // HttpsClient may throw IOE during checking URL spoofing,
731 // that's the expected exception, ignore it.
732 } finally {
733 if (http != null) {
734 http.disconnect();
735 }
736 closeReady = true;
737 }
738 } finally {
739 SSLContext.setDefault(reservedSSLContext);
740 }
741 }
742
743 /*
744 * =============================================================
745 * The remainder is just support stuff
746 */
747
748 // use any free port by default
749 volatile int serverPort = 0;
750
751 volatile Exception serverException = null;
752 volatile Exception clientException = null;
753
754 public static void main(String args[]) throws Exception {
755 if (debug)
756 System.setProperty("javax.net.debug", "all");
757
758 /*
759 * Start the tests.
760 */
761 new IPAddressDNSIdentities();
762 }
763
764 Thread clientThread = null;
765 Thread serverThread = null;
766 /*
767 * Primary constructor, used to drive remainder of the test.
768 *
769 * Fork off the other side, then do your work.
770 */
771 IPAddressDNSIdentities() throws Exception {
772 if (separateServerThread) {
773 startServer(true);
774 startClient(false);
775 } else {
776 startClient(true);
777 startServer(false);
778 }
779
780 /*
781 * Wait for other side to close down.
782 */
783 if (separateServerThread) {
784 serverThread.join();
785 } else {
786 clientThread.join();
787 }
788
789 /*
790 * When we get here, the test is pretty much over.
791 *
792 * If the main thread excepted, that propagates back
793 * immediately. If the other thread threw an exception, we
794 * should report back.
795 */
796 if (serverException != null)
797 throw serverException;
798 if (clientException != null)
799 throw clientException;
800 }
801
802 void startServer(boolean newThread) throws Exception {
803 if (newThread) {
804 serverThread = new Thread() {
805 public void run() {
806 try {
807 doServerSide();
808 } catch (Exception e) {
809 /*
810 * Our server thread just died.
811 *
812 * Release the client, if not active already...
813 */
814 System.err.println("Server died...");
815 serverReady = true;
816 serverException = e;
817 }
818 }
819 };
820 serverThread.start();
821 } else {
822 doServerSide();
823 }
824 }
825
826 void startClient(boolean newThread) throws Exception {
827 if (newThread) {
828 clientThread = new Thread() {
829 public void run() {
830 try {
831 doClientSide();
832 } catch (Exception e) {
833 /*
834 * Our client thread just died.
835 */
836 System.err.println("Client died...");
837 clientException = e;
838 }
839 }
840 };
841 clientThread.start();
842 } else {
843 doClientSide();
844 }
845 }
846
847 // get the ssl context
848 private static SSLContext getSSLContext(String trusedCertStr,
849 String keyCertStr, byte[] modulus,
850 byte[] privateExponent, char[] passphrase) throws Exception {
851
852 // generate certificate from cert string
853 CertificateFactory cf = CertificateFactory.getInstance("X.509");
854
855 ByteArrayInputStream is =
856 new ByteArrayInputStream(trusedCertStr.getBytes());
857 Certificate trusedCert = cf.generateCertificate(is);
858 is.close();
859
860 // create a key store
861 KeyStore ks = KeyStore.getInstance("JKS");
862 ks.load(null, null);
863
864 // import the trused cert
865 ks.setCertificateEntry("RSA Export Signer", trusedCert);
866
867 if (keyCertStr != null) {
868 // generate the private key.
869 RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(
870 new BigInteger(modulus),
871 new BigInteger(privateExponent));
872 KeyFactory kf = KeyFactory.getInstance("RSA");
873 RSAPrivateKey priKey =
874 (RSAPrivateKey)kf.generatePrivate(priKeySpec);
875
876 // generate certificate chain
877 is = new ByteArrayInputStream(keyCertStr.getBytes());
878 Certificate keyCert = cf.generateCertificate(is);
879 is.close();
880
881 Certificate[] chain = new Certificate[2];
882 chain[0] = keyCert;
883 chain[1] = trusedCert;
884
885 // import the key entry.
886 ks.setKeyEntry("Whatever", priKey, passphrase, chain);
887 }
888
889 // create SSL context
890 TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
891 tmf.init(ks);
892
893 SSLContext ctx = SSLContext.getInstance("TLS");
894
895 if (keyCertStr != null) {
896 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
897 kmf.init(ks, passphrase);
898
899 ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
900 } else {
901 ctx.init(null, tmf.getTrustManagers(), null);
902 }
903
904 return ctx;
905 }
906
907 }