1 /*
   2  * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /* @test
  25  * @bug 6766775
  26  * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  27  * @run main/othervm IPAddressDNSIdentities
  28  *
  29  *     SunJSSE does not support dynamic system properties, no way to re-use
  30  *     system properties in samevm/agentvm mode.
  31  * @author Xuelei Fan
  32  */
  33 
  34 import java.net.*;
  35 import java.util.*;
  36 import java.io.*;
  37 import javax.net.ssl.*;
  38 import java.security.KeyStore;
  39 import java.security.KeyFactory;
  40 import java.security.cert.Certificate;
  41 import java.security.cert.CertificateFactory;
  42 import java.security.spec.*;
  43 import java.security.interfaces.*;
  44 import java.math.BigInteger;
  45 
  46 /*
  47  * Certificates and key used in the test.
  48  *
  49  * TLS server certificate:
  50  * server private key:
  51  * -----BEGIN RSA PRIVATE KEY-----
  52  * Proc-Type: 4,ENCRYPTED
  53  * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A
  54  *
  55  * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e
  56  * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI
  57  * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n
  58  * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb
  59  * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP
  60  * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz
  61  * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF
  62  * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J
  63  * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa
  64  * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH
  65  * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT
  66  * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q
  67  * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==
  68  * -----END RSA PRIVATE KEY-----
  69  *
  70  * -----BEGIN RSA PRIVATE KEY-----
  71  * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie
  72  * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU
  73  * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB
  74  * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi
  75  * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y
  76  * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo
  77  * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4
  78  * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51
  79  * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16
  80  * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2
  81  * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC
  82  * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF
  83  * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=
  84  * -----END RSA PRIVATE KEY-----
  85  *
  86  * Private-Key: (1024 bit)
  87  * modulus:
  88  *     00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
  89  *     d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
  90  *     1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
  91  *     ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
  92  *     7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
  93  *     9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
  94  *     d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
  95  *     7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
  96  *     30:05:40:2c:4f:ab:d9:74:89
  97  * publicExponent: 65537 (0x10001)
  98  * privateExponent:
  99  *     6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:
 100  *     60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:
 101  *     e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:
 102  *     0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:
 103  *     4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:
 104  *     76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:
 105  *     6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:
 106  *     fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:
 107  *     37:6b:37:59:ed:db:6d:b1
 108  * prime1:
 109  *     00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:
 110  *     ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:
 111  *     89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:
 112  *     c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:
 113  *     d6:11:4c:99:c7
 114  * prime2:
 115  *     00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:
 116  *     97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:
 117  *     31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:
 118  *     3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:
 119  *     e0:e1:84:ff:2f
 120  * exponent1:
 121  *     7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:
 122  *     8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:
 123  *     32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:
 124  *     6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:
 125  *     12:b7:6e:91
 126  * exponent2:
 127  *     00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:
 128  *     d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:
 129  *     0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:
 130  *     98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:
 131  *     19:7b:b0:de:53
 132  * coefficient:
 133  *     71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:
 134  *     cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:
 135  *     90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:
 136  *     06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:
 137  *     12:d7:eb:4f
 138  *
 139  *
 140  * server certificate:
 141  * Data:
 142  *     Version: 3 (0x2)
 143  *     Serial Number: 8 (0x8)
 144  *     Signature Algorithm: md5WithRSAEncryption
 145  *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
 146  *     Validity
 147  *         Not Before: Dec  8 03:43:04 2008 GMT
 148  *         Not After : Aug 25 03:43:04 2028 GMT
 149  *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost
 150  *     Subject Public Key Info:
 151  *         Public Key Algorithm: rsaEncryption
 152  *         RSA Public Key: (1024 bit)
 153  *             Modulus (1024 bit):
 154  *                 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
 155  *                 d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
 156  *                 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
 157  *                 ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
 158  *                 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
 159  *                 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
 160  *                 d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
 161  *                 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
 162  *                 30:05:40:2c:4f:ab:d9:74:89
 163  *             Exponent: 65537 (0x10001)
 164  *     X509v3 extensions:
 165  *         X509v3 Basic Constraints:
 166  *             CA:FALSE
 167  *         X509v3 Key Usage:
 168  *             Digital Signature, Non Repudiation, Key Encipherment
 169  *         X509v3 Subject Key Identifier:
 170  *             ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54
 171  *         X509v3 Authority Key Identifier:
 172  *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
 173  *
 174  *         X509v3 Subject Alternative Name: critical
 175  *             DNS:localhost
 176  * Signature Algorithm: md5WithRSAEncryption0
 177  *
 178  * -----BEGIN CERTIFICATE-----
 179  * MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
 180  * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
 181  * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ
 182  * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
 183  * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD
 184  * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3
 185  * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6
 186  * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS
 187  * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw
 188  * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV
 189  * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh
 190  * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac
 191  * PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi
 192  * nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn
 193  * JqCpf5uZGOo=
 194  * -----END CERTIFICATE-----
 195  *
 196  *
 197  * TLS client certificate:
 198  * client private key:
 199  * ----BEGIN RSA PRIVATE KEY-----
 200  * Proc-Type: 4,ENCRYPTED
 201  * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390
 202  *
 203  * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4
 204  * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf
 205  * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak
 206  * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH
 207  * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat
 208  * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46
 209  * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++
 210  * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+
 211  * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN
 212  * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U
 213  * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO
 214  * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig
 215  * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=
 216  * -----END RSA PRIVATE KEY-----
 217  *
 218  * -----BEGIN RSA PRIVATE KEY-----
 219  * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4
 220  * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z
 221  * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB
 222  * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW
 223  * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf
 224  * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6
 225  * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3
 226  * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX
 227  * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM
 228  * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1
 229  * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j
 230  * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY
 231  * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==
 232  * -----END RSA PRIVATE KEY-----
 233  *
 234  * Private-Key: (1024 bit)
 235  * modulus:
 236  *     00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
 237  *     21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
 238  *     12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
 239  *     01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
 240  *     7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
 241  *     35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
 242  *     ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
 243  *     28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
 244  *     75:8d:f5:82:ac:43:92:44:1b
 245  * publicExponent: 65537 (0x10001)
 246  * privateExponent:
 247  *     11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:
 248  *     25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:
 249  *     fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:
 250  *     b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:
 251  *     26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:
 252  *     2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:
 253  *     47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:
 254  *     4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:
 255  *     e5:28:9b:f9:4c:94:c6:b1
 256  * prime1:
 257  *     00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:
 258  *     2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:
 259  *     a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:
 260  *     1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:
 261  *     e2:a0:4d:ab:b5
 262  * prime2:
 263  *     00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:
 264  *     96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:
 265  *     3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:
 266  *     bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:
 267  *     76:7d:ce:32:8f
 268  * exponent1:
 269  *     2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:
 270  *     33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:
 271  *     9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:
 272  *     28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:
 273  *     4c:de:38:95
 274  * exponent2:
 275  *     0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:
 276  *     ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:
 277  *     69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:
 278  *     eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:
 279  *     0d:78:df:fd
 280  * coefficient:
 281  *     01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:
 282  *     de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:
 283  *     aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:
 284  *     93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:
 285  *     35:92:f2:e3
 286  *
 287  * client certificate:
 288  * Data:
 289  *     Version: 3 (0x2)
 290  *     Serial Number: 9 (0x9)
 291  *     Signature Algorithm: md5WithRSAEncryption
 292  *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
 293  *     Validity
 294  *         Not Before: Dec  8 03:43:24 2008 GMT
 295  *         Not After : Aug 25 03:43:24 2028 GMT
 296  *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost
 297  *     Subject Public Key Info:
 298  *         Public Key Algorithm: rsaEncryption
 299  *         RSA Public Key: (1024 bit)
 300  *             Modulus (1024 bit):
 301  *                 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
 302  *                 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
 303  *                 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
 304  *                 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
 305  *                 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
 306  *                 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
 307  *                 ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
 308  *                 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
 309  *                 75:8d:f5:82:ac:43:92:44:1b
 310  *             Exponent: 65537 (0x10001)
 311  *     X509v3 extensions:
 312  *         X509v3 Basic Constraints:
 313  *             CA:FALSE
 314  *         X509v3 Key Usage:
 315  *             Digital Signature, Non Repudiation, Key Encipherment
 316  *         X509v3 Subject Key Identifier:
 317  *             CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6
 318  *         X509v3 Authority Key Identifier:
 319  *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
 320  *
 321  *         X509v3 Subject Alternative Name: critical
 322  *             DNS:localhost
 323  * Signature Algorithm: md5WithRSAEncryption
 324  *
 325  * -----BEGIN CERTIFICATE-----
 326  * MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
 327  * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
 328  * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ
 329  * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
 330  * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD
 331  * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas
 332  * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV
 333  * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq
 334  * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw
 335  * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV
 336  * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh
 337  * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F
 338  * HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj
 339  * XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN
 340  * cl/epUcHL7E=
 341  * -----END CERTIFICATE-----
 342  *
 343  *
 344  *
 345  * Trusted CA certificate:
 346  * Certificate:
 347  *   Data:
 348  *     Version: 3 (0x2)
 349  *     Serial Number: 0 (0x0)
 350  *     Signature Algorithm: md5WithRSAEncryption
 351  *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
 352  *     Validity
 353  *         Not Before: Dec  8 02:43:36 2008 GMT
 354  *         Not After : Aug 25 02:43:36 2028 GMT
 355  *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org
 356  *     Subject Public Key Info:
 357  *         Public Key Algorithm: rsaEncryption
 358  *         RSA Public Key: (1024 bit)
 359  *             Modulus (1024 bit):
 360  *                 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:
 361  *                 d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:
 362  *                 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:
 363  *                 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:
 364  *                 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:
 365  *                 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:
 366  *                 f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:
 367  *                 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:
 368  *                 89:2a:95:12:4c:d8:09:2a:e9
 369  *             Exponent: 65537 (0x10001)
 370  *     X509v3 extensions:
 371  *         X509v3 Subject Key Identifier:
 372  *             FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
 373  *         X509v3 Authority Key Identifier:
 374  *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
 375  *             DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org
 376  *             serial:00
 377  *
 378  *         X509v3 Basic Constraints:
 379  *             CA:TRUE
 380  *  Signature Algorithm: md5WithRSAEncryption
 381  *
 382  * -----BEGIN CERTIFICATE-----
 383  * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
 384  * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
 385  * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ
 386  * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
 387  * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
 388  * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX
 389  * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj
 390  * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G
 391  * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ
 392  * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt
 393  * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw
 394  * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA
 395  * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ
 396  * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P
 397  * 6Mvf0r1PNTY2hwTJLJmKtg==
 398  * -----END CERTIFICATE---
 399  */
 400 
 401 
 402 public class IPAddressDNSIdentities {
 403     static Map cookies;
 404     ServerSocket ss;
 405 
 406     /*
 407      * =============================================================
 408      * Set the various variables needed for the tests, then
 409      * specify what tests to run on each side.
 410      */
 411 
 412     /*
 413      * Should we run the client or server in a separate thread?
 414      * Both sides can throw exceptions, but do you have a preference
 415      * as to which side should be the main thread.
 416      */
 417     static boolean separateServerThread = true;
 418 
 419     /*
 420      * Where do we find the keystores?
 421      */
 422     static String trusedCertStr =
 423         "-----BEGIN CERTIFICATE-----\n" +
 424         "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
 425         "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
 426         "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" +
 427         "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
 428         "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +
 429         "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" +
 430         "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" +
 431         "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" +
 432         "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" +
 433         "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" +
 434         "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" +
 435         "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" +
 436         "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" +
 437         "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" +
 438         "6Mvf0r1PNTY2hwTJLJmKtg==\n" +
 439         "-----END CERTIFICATE-----";
 440 
 441     static String serverCertStr =
 442         "-----BEGIN CERTIFICATE-----\n" +
 443         "MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
 444         "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
 445         "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ\n" +
 446         "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
 447         "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" +
 448         "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" +
 449         "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" +
 450         "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" +
 451         "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" +
 452         "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" +
 453         "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" +
 454         "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac\n" +
 455         "PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi\n" +
 456         "nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn\n" +
 457         "JqCpf5uZGOo=\n" +
 458         "-----END CERTIFICATE-----";
 459 
 460     static String clientCertStr =
 461         "-----BEGIN CERTIFICATE-----\n" +
 462         "MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
 463         "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
 464         "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ\n" +
 465         "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
 466         "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" +
 467         "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" +
 468         "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" +
 469         "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" +
 470         "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" +
 471         "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" +
 472         "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" +
 473         "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F\n" +
 474         "HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj\n" +
 475         "XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN\n" +
 476         "cl/epUcHL7E=\n" +
 477         "-----END CERTIFICATE-----";
 478 
 479     static byte serverPrivateExponent[] = {
 480         (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83,
 481         (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44,
 482         (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89,
 483         (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60,
 484         (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21,
 485         (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc,
 486         (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e,
 487         (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3,
 488         (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54,
 489         (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf,
 490         (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0,
 491         (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9,
 492         (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29,
 493         (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c,
 494         (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9,
 495         (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6,
 496         (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72,
 497         (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4,
 498         (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76,
 499         (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f,
 500         (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5,
 501         (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71,
 502         (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e,
 503         (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4,
 504         (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a,
 505         (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4,
 506         (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a,
 507         (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18,
 508         (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba,
 509         (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3,
 510         (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59,
 511         (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1
 512     };
 513 
 514     static byte serverModulus[] = {
 515         (byte)0x00,
 516         (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c,
 517         (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99,
 518         (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79,
 519         (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48,
 520         (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84,
 521         (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c,
 522         (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9,
 523         (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39,
 524         (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72,
 525         (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44,
 526         (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc,
 527         (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6,
 528         (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54,
 529         (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc,
 530         (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f,
 531         (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f,
 532         (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2,
 533         (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88,
 534         (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f,
 535         (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53,
 536         (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33,
 537         (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47,
 538         (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea,
 539         (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75,
 540         (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc,
 541         (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9,
 542         (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2,
 543         (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24,
 544         (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03,
 545         (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30,
 546         (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f,
 547         (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89
 548     };
 549 
 550     static byte clientPrivateExponent[] = {
 551         (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36,
 552         (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce,
 553         (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84,
 554         (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25,
 555         (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4,
 556         (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a,
 557         (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19,
 558         (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2,
 559         (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77,
 560         (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84,
 561         (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41,
 562         (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8,
 563         (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71,
 564         (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a,
 565         (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0,
 566         (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6,
 567         (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39,
 568         (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e,
 569         (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a,
 570         (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88,
 571         (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89,
 572         (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d,
 573         (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a,
 574         (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69,
 575         (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37,
 576         (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7,
 577         (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27,
 578         (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8,
 579         (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8,
 580         (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1,
 581         (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9,
 582         (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1
 583     };
 584 
 585     static byte clientModulus[] = {
 586         (byte)0x00,
 587         (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36,
 588         (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e,
 589         (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00,
 590         (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f,
 591         (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93,
 592         (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1,
 593         (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8,
 594         (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99,
 595         (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f,
 596         (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24,
 597         (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7,
 598         (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44,
 599         (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2,
 600         (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c,
 601         (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d,
 602         (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a,
 603         (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6,
 604         (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f,
 605         (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97,
 606         (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05,
 607         (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf,
 608         (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3,
 609         (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c,
 610         (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf,
 611         (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56,
 612         (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9,
 613         (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf,
 614         (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab,
 615         (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1,
 616         (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75,
 617         (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac,
 618         (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b
 619     };
 620 
 621     static char passphrase[] = "passphrase".toCharArray();
 622 
 623     /*
 624      * Is the server ready to serve?
 625      */
 626     volatile static boolean serverReady = false;
 627 
 628     /*
 629      * Is the connection ready to close?
 630      */
 631     volatile static boolean closeReady = false;
 632 
 633     /*
 634      * Turn on SSL debugging?
 635      */
 636     static boolean debug = false;
 637 
 638     private SSLServerSocket sslServerSocket = null;
 639 
 640     /*
 641      * Define the server side of the test.
 642      *
 643      * If the server prematurely exits, serverReady will be set to true
 644      * to avoid infinite hangs.
 645      */
 646     void doServerSide() throws Exception {
 647         SSLContext context = getSSLContext(trusedCertStr, serverCertStr,
 648             serverModulus, serverPrivateExponent, passphrase);
 649         SSLServerSocketFactory sslssf = context.getServerSocketFactory();
 650 
 651         sslServerSocket =
 652             (SSLServerSocket) sslssf.createServerSocket(serverPort);
 653         serverPort = sslServerSocket.getLocalPort();
 654 
 655         /*
 656          * Signal Client, we're ready for his connect.
 657          */
 658         serverReady = true;
 659 
 660         SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
 661         sslSocket.setNeedClientAuth(true);
 662 
 663         PrintStream out =
 664                 new PrintStream(sslSocket.getOutputStream());
 665 
 666         try {
 667             // ignore request data
 668 
 669             // send the response
 670             out.print("HTTP/1.1 200 OK\r\n");
 671             out.print("Content-Type: text/html; charset=iso-8859-1\r\n");
 672             out.print("Content-Length: "+ 9 +"\r\n");
 673             out.print("\r\n");
 674             out.print("Testing\r\n");
 675             out.flush();
 676         } finally {
 677             // close the socket
 678             while (!closeReady) {
 679                 Thread.sleep(50);
 680             }
 681 
 682             System.out.println("Server closing socket");
 683             sslSocket.close();
 684             serverReady = false;
 685         }
 686 
 687     }
 688 
 689     /*
 690      * Define the client side of the test.
 691      *
 692      * If the server prematurely exits, serverReady will be set to true
 693      * to avoid infinite hangs.
 694      */
 695     void doClientSide() throws Exception {
 696         SSLContext reservedSSLContext = SSLContext.getDefault();
 697         try {
 698             SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
 699                 clientModulus, clientPrivateExponent, passphrase);
 700 
 701             SSLContext.setDefault(context);
 702 
 703             /*
 704              * Wait for server to get started.
 705              */
 706             while (!serverReady) {
 707                 Thread.sleep(50);
 708             }
 709 
 710             HttpsURLConnection http = null;
 711 
 712             /* establish http connection to server */
 713             URL url = new URL("https://127.0.0.1:" + serverPort+"/");
 714             System.out.println("url is "+url.toString());
 715 
 716             try {
 717                 http = (HttpsURLConnection)url.openConnection();
 718 
 719                 int respCode = http.getResponseCode();
 720                 System.out.println("respCode = " + respCode);
 721 
 722                 throw new Exception("Unexpectly found " +
 723                         "subject alternative name matching IP address");
 724             } catch (SSLHandshakeException sslhe) {
 725                 // no subject alternative names matching IP address 127.0.0.1
 726                 // found that's the expected exception, ignore it.
 727             } catch (IOException ioe) {
 728                 // HttpsClient may throw IOE during checking URL spoofing,
 729                 // that's the expected exception, ignore it.
 730             } finally {
 731                 if (http != null) {
 732                     http.disconnect();
 733                 }
 734                 closeReady = true;
 735             }
 736         } finally {
 737             SSLContext.setDefault(reservedSSLContext);
 738         }
 739     }
 740 
 741     /*
 742      * =============================================================
 743      * The remainder is just support stuff
 744      */
 745 
 746     // use any free port by default
 747     volatile int serverPort = 0;
 748 
 749     volatile Exception serverException = null;
 750     volatile Exception clientException = null;
 751 
 752     public static void main(String args[]) throws Exception {
 753         if (debug)
 754             System.setProperty("javax.net.debug", "all");
 755 
 756         /*
 757          * Start the tests.
 758          */
 759         new IPAddressDNSIdentities();
 760     }
 761 
 762     Thread clientThread = null;
 763     Thread serverThread = null;
 764     /*
 765      * Primary constructor, used to drive remainder of the test.
 766      *
 767      * Fork off the other side, then do your work.
 768      */
 769     IPAddressDNSIdentities() throws Exception {
 770         if (separateServerThread) {
 771             startServer(true);
 772             startClient(false);
 773         } else {
 774             startClient(true);
 775             startServer(false);
 776         }
 777 
 778         /*
 779          * Wait for other side to close down.
 780          */
 781         if (separateServerThread) {
 782             serverThread.join();
 783         } else {
 784             clientThread.join();
 785         }
 786 
 787         /*
 788          * When we get here, the test is pretty much over.
 789          *
 790          * If the main thread excepted, that propagates back
 791          * immediately.  If the other thread threw an exception, we
 792          * should report back.
 793          */
 794         if (serverException != null)
 795             throw serverException;
 796         if (clientException != null)
 797             throw clientException;
 798     }
 799 
 800     void startServer(boolean newThread) throws Exception {
 801         if (newThread) {
 802             serverThread = new Thread() {
 803                 public void run() {
 804                     try {
 805                         doServerSide();
 806                     } catch (Exception e) {
 807                         /*
 808                          * Our server thread just died.
 809                          *
 810                          * Release the client, if not active already...
 811                          */
 812                         System.err.println("Server died...");
 813                         serverReady = true;
 814                         serverException = e;
 815                     }
 816                 }
 817             };
 818             serverThread.start();
 819         } else {
 820             doServerSide();
 821         }
 822     }
 823 
 824     void startClient(boolean newThread) throws Exception {
 825         if (newThread) {
 826             clientThread = new Thread() {
 827                 public void run() {
 828                     try {
 829                         doClientSide();
 830                     } catch (Exception e) {
 831                         /*
 832                          * Our client thread just died.
 833                          */
 834                         System.err.println("Client died...");
 835                         clientException = e;
 836                     }
 837                 }
 838             };
 839             clientThread.start();
 840         } else {
 841             doClientSide();
 842         }
 843     }
 844 
 845     // get the ssl context
 846     private static SSLContext getSSLContext(String trusedCertStr,
 847             String keyCertStr, byte[] modulus,
 848             byte[] privateExponent, char[] passphrase) throws Exception {
 849 
 850         // generate certificate from cert string
 851         CertificateFactory cf = CertificateFactory.getInstance("X.509");
 852 
 853         ByteArrayInputStream is =
 854                     new ByteArrayInputStream(trusedCertStr.getBytes());
 855         Certificate trusedCert = cf.generateCertificate(is);
 856         is.close();
 857 
 858         // create a key store
 859         KeyStore ks = KeyStore.getInstance("JKS");
 860         ks.load(null, null);
 861 
 862         // import the trused cert
 863         ks.setCertificateEntry("RSA Export Signer", trusedCert);
 864 
 865         if (keyCertStr != null) {
 866             // generate the private key.
 867             RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(
 868                                             new BigInteger(modulus),
 869                                             new BigInteger(privateExponent));
 870             KeyFactory kf = KeyFactory.getInstance("RSA");
 871             RSAPrivateKey priKey =
 872                     (RSAPrivateKey)kf.generatePrivate(priKeySpec);
 873 
 874             // generate certificate chain
 875             is = new ByteArrayInputStream(keyCertStr.getBytes());
 876             Certificate keyCert = cf.generateCertificate(is);
 877             is.close();
 878 
 879             Certificate[] chain = new Certificate[2];
 880             chain[0] = keyCert;
 881             chain[1] = trusedCert;
 882 
 883             // import the key entry.
 884             ks.setKeyEntry("Whatever", priKey, passphrase, chain);
 885         }
 886 
 887         // create SSL context
 888         TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
 889         tmf.init(ks);
 890 
 891         SSLContext ctx = SSLContext.getInstance("TLS");
 892 
 893         if (keyCertStr != null) {
 894             KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
 895             kmf.init(ks, passphrase);
 896 
 897             ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
 898         } else {
 899             ctx.init(null, tmf.getTrustManagers(), null);
 900         }
 901 
 902         return ctx;
 903     }
 904 
 905 }