1 /* 2 * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* @test 25 * @bug 6766775 26 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 27 * @run main/othervm IPAddressDNSIdentities 28 * 29 * SunJSSE does not support dynamic system properties, no way to re-use 30 * system properties in samevm/agentvm mode. 31 * @author Xuelei Fan 32 */ 33 34 import java.net.*; 35 import java.util.*; 36 import java.io.*; 37 import javax.net.ssl.*; 38 import java.security.KeyStore; 39 import java.security.KeyFactory; 40 import java.security.cert.Certificate; 41 import java.security.cert.CertificateFactory; 42 import java.security.spec.*; 43 import java.security.interfaces.*; 44 import java.math.BigInteger; 45 46 /* 47 * Certificates and key used in the test. 48 * 49 * TLS server certificate: 50 * server private key: 51 * -----BEGIN RSA PRIVATE KEY----- 52 * Proc-Type: 4,ENCRYPTED 53 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A 54 * 55 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e 56 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI 57 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n 58 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb 59 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP 60 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz 61 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF 62 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J 63 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa 64 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH 65 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT 66 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q 67 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A== 68 * -----END RSA PRIVATE KEY----- 69 * 70 * -----BEGIN RSA PRIVATE KEY----- 71 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie 72 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU 73 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB 74 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi 75 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y 76 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo 77 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4 78 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51 79 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16 80 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2 81 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC 82 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF 83 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608= 84 * -----END RSA PRIVATE KEY----- 85 * 86 * Private-Key: (1024 bit) 87 * modulus: 88 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f: 89 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2: 90 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc: 91 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a: 92 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe: 93 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14: 94 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9: 95 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0: 96 * 30:05:40:2c:4f:ab:d9:74:89 97 * publicExponent: 65537 (0x10001) 98 * privateExponent: 99 * 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90: 100 * 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82: 101 * e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62: 102 * 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9: 103 * 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77: 104 * 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09: 105 * 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b: 106 * fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3: 107 * 37:6b:37:59:ed:db:6d:b1 108 * prime1: 109 * 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a: 110 * ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46: 111 * 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33: 112 * c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7: 113 * d6:11:4c:99:c7 114 * prime2: 115 * 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e: 116 * 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7: 117 * 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0: 118 * 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc: 119 * e0:e1:84:ff:2f 120 * exponent1: 121 * 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8: 122 * 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1: 123 * 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c: 124 * 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d: 125 * 12:b7:6e:91 126 * exponent2: 127 * 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50: 128 * d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b: 129 * 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72: 130 * 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4: 131 * 19:7b:b0:de:53 132 * coefficient: 133 * 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35: 134 * cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a: 135 * 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df: 136 * 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21: 137 * 12:d7:eb:4f 138 * 139 * 140 * server certificate: 141 * Data: 142 * Version: 3 (0x2) 143 * Serial Number: 8 (0x8) 144 * Signature Algorithm: md5WithRSAEncryption 145 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 146 * Validity 147 * Not Before: Dec 8 03:43:04 2008 GMT 148 * Not After : Aug 25 03:43:04 2028 GMT 149 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost 150 * Subject Public Key Info: 151 * Public Key Algorithm: rsaEncryption 152 * RSA Public Key: (1024 bit) 153 * Modulus (1024 bit): 154 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f: 155 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2: 156 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc: 157 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a: 158 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe: 159 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14: 160 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9: 161 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0: 162 * 30:05:40:2c:4f:ab:d9:74:89 163 * Exponent: 65537 (0x10001) 164 * X509v3 extensions: 165 * X509v3 Basic Constraints: 166 * CA:FALSE 167 * X509v3 Key Usage: 168 * Digital Signature, Non Repudiation, Key Encipherment 169 * X509v3 Subject Key Identifier: 170 * ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54 171 * X509v3 Authority Key Identifier: 172 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 173 * 174 * X509v3 Subject Alternative Name: critical 175 * DNS:localhost 176 * Signature Algorithm: md5WithRSAEncryption0 177 * 178 * -----BEGIN CERTIFICATE----- 179 * MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 180 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 181 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ 182 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 183 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD 184 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3 185 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6 186 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS 187 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw 188 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV 189 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh 190 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac 191 * PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi 192 * nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn 193 * JqCpf5uZGOo= 194 * -----END CERTIFICATE----- 195 * 196 * 197 * TLS client certificate: 198 * client private key: 199 * ----BEGIN RSA PRIVATE KEY----- 200 * Proc-Type: 4,ENCRYPTED 201 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390 202 * 203 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4 204 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf 205 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak 206 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH 207 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat 208 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46 209 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++ 210 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+ 211 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN 212 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U 213 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO 214 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig 215 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ= 216 * -----END RSA PRIVATE KEY----- 217 * 218 * -----BEGIN RSA PRIVATE KEY----- 219 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4 220 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z 221 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB 222 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW 223 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf 224 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6 225 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3 226 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX 227 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM 228 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1 229 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j 230 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY 231 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w== 232 * -----END RSA PRIVATE KEY----- 233 * 234 * Private-Key: (1024 bit) 235 * modulus: 236 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: 237 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: 238 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: 239 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: 240 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: 241 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: 242 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: 243 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: 244 * 75:8d:f5:82:ac:43:92:44:1b 245 * publicExponent: 65537 (0x10001) 246 * privateExponent: 247 * 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b: 248 * 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05: 249 * fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96: 250 * b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0: 251 * 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51: 252 * 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef: 253 * 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94: 254 * 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1: 255 * e5:28:9b:f9:4c:94:c6:b1 256 * prime1: 257 * 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38: 258 * 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f: 259 * a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f: 260 * 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14: 261 * e2:a0:4d:ab:b5 262 * prime2: 263 * 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d: 264 * 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3: 265 * 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4: 266 * bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4: 267 * 76:7d:ce:32:8f 268 * exponent1: 269 * 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f: 270 * 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b: 271 * 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa: 272 * 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2: 273 * 4c:de:38:95 274 * exponent2: 275 * 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3: 276 * ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce: 277 * 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3: 278 * eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b: 279 * 0d:78:df:fd 280 * coefficient: 281 * 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31: 282 * de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18: 283 * aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56: 284 * 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da: 285 * 35:92:f2:e3 286 * 287 * client certificate: 288 * Data: 289 * Version: 3 (0x2) 290 * Serial Number: 9 (0x9) 291 * Signature Algorithm: md5WithRSAEncryption 292 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 293 * Validity 294 * Not Before: Dec 8 03:43:24 2008 GMT 295 * Not After : Aug 25 03:43:24 2028 GMT 296 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost 297 * Subject Public Key Info: 298 * Public Key Algorithm: rsaEncryption 299 * RSA Public Key: (1024 bit) 300 * Modulus (1024 bit): 301 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: 302 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: 303 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: 304 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: 305 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: 306 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: 307 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: 308 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: 309 * 75:8d:f5:82:ac:43:92:44:1b 310 * Exponent: 65537 (0x10001) 311 * X509v3 extensions: 312 * X509v3 Basic Constraints: 313 * CA:FALSE 314 * X509v3 Key Usage: 315 * Digital Signature, Non Repudiation, Key Encipherment 316 * X509v3 Subject Key Identifier: 317 * CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6 318 * X509v3 Authority Key Identifier: 319 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 320 * 321 * X509v3 Subject Alternative Name: critical 322 * DNS:localhost 323 * Signature Algorithm: md5WithRSAEncryption 324 * 325 * -----BEGIN CERTIFICATE----- 326 * MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 327 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 328 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ 329 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 330 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD 331 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas 332 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV 333 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq 334 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw 335 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV 336 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh 337 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F 338 * HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj 339 * XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN 340 * cl/epUcHL7E= 341 * -----END CERTIFICATE----- 342 * 343 * 344 * 345 * Trusted CA certificate: 346 * Certificate: 347 * Data: 348 * Version: 3 (0x2) 349 * Serial Number: 0 (0x0) 350 * Signature Algorithm: md5WithRSAEncryption 351 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 352 * Validity 353 * Not Before: Dec 8 02:43:36 2008 GMT 354 * Not After : Aug 25 02:43:36 2028 GMT 355 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org 356 * Subject Public Key Info: 357 * Public Key Algorithm: rsaEncryption 358 * RSA Public Key: (1024 bit) 359 * Modulus (1024 bit): 360 * 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d: 361 * d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53: 362 * 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9: 363 * 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f: 364 * 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7: 365 * 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee: 366 * f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee: 367 * 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97: 368 * 89:2a:95:12:4c:d8:09:2a:e9 369 * Exponent: 65537 (0x10001) 370 * X509v3 extensions: 371 * X509v3 Subject Key Identifier: 372 * FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 373 * X509v3 Authority Key Identifier: 374 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 375 * DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org 376 * serial:00 377 * 378 * X509v3 Basic Constraints: 379 * CA:TRUE 380 * Signature Algorithm: md5WithRSAEncryption 381 * 382 * -----BEGIN CERTIFICATE----- 383 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 384 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 385 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ 386 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 387 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 388 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX 389 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj 390 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G 391 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ 392 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt 393 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw 394 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA 395 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ 396 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P 397 * 6Mvf0r1PNTY2hwTJLJmKtg== 398 * -----END CERTIFICATE--- 399 */ 400 401 402 public class IPAddressDNSIdentities { 403 static Map cookies; 404 ServerSocket ss; 405 406 /* 407 * ============================================================= 408 * Set the various variables needed for the tests, then 409 * specify what tests to run on each side. 410 */ 411 412 /* 413 * Should we run the client or server in a separate thread? 414 * Both sides can throw exceptions, but do you have a preference 415 * as to which side should be the main thread. 416 */ 417 static boolean separateServerThread = true; 418 419 /* 420 * Where do we find the keystores? 421 */ 422 static String trusedCertStr = 423 "-----BEGIN CERTIFICATE-----\n" + 424 "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 425 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 426 "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" + 427 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 428 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + 429 "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" + 430 "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" + 431 "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" + 432 "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" + 433 "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" + 434 "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" + 435 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" + 436 "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" + 437 "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" + 438 "6Mvf0r1PNTY2hwTJLJmKtg==\n" + 439 "-----END CERTIFICATE-----"; 440 441 static String serverCertStr = 442 "-----BEGIN CERTIFICATE-----\n" + 443 "MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 444 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 445 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ\n" + 446 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 447 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" + 448 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" + 449 "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" + 450 "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" + 451 "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" + 452 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" + 453 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" + 454 "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac\n" + 455 "PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi\n" + 456 "nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn\n" + 457 "JqCpf5uZGOo=\n" + 458 "-----END CERTIFICATE-----"; 459 460 static String clientCertStr = 461 "-----BEGIN CERTIFICATE-----\n" + 462 "MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 463 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 464 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ\n" + 465 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 466 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" + 467 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" + 468 "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" + 469 "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" + 470 "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" + 471 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" + 472 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" + 473 "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F\n" + 474 "HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj\n" + 475 "XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN\n" + 476 "cl/epUcHL7E=\n" + 477 "-----END CERTIFICATE-----"; 478 479 static byte serverPrivateExponent[] = { 480 (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83, 481 (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44, 482 (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89, 483 (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60, 484 (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21, 485 (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc, 486 (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e, 487 (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3, 488 (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54, 489 (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf, 490 (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0, 491 (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9, 492 (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29, 493 (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c, 494 (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9, 495 (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6, 496 (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72, 497 (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4, 498 (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76, 499 (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f, 500 (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5, 501 (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71, 502 (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e, 503 (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4, 504 (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a, 505 (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4, 506 (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a, 507 (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18, 508 (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba, 509 (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3, 510 (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59, 511 (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1 512 }; 513 514 static byte serverModulus[] = { 515 (byte)0x00, 516 (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c, 517 (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99, 518 (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79, 519 (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48, 520 (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84, 521 (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c, 522 (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9, 523 (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39, 524 (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72, 525 (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44, 526 (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc, 527 (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6, 528 (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54, 529 (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc, 530 (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f, 531 (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f, 532 (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2, 533 (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88, 534 (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f, 535 (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53, 536 (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33, 537 (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47, 538 (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea, 539 (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75, 540 (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc, 541 (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9, 542 (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2, 543 (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24, 544 (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03, 545 (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30, 546 (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f, 547 (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89 548 }; 549 550 static byte clientPrivateExponent[] = { 551 (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36, 552 (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce, 553 (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84, 554 (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25, 555 (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4, 556 (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a, 557 (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19, 558 (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2, 559 (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77, 560 (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84, 561 (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41, 562 (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8, 563 (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71, 564 (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a, 565 (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0, 566 (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6, 567 (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39, 568 (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e, 569 (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a, 570 (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88, 571 (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89, 572 (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d, 573 (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a, 574 (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69, 575 (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37, 576 (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7, 577 (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27, 578 (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8, 579 (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8, 580 (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1, 581 (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9, 582 (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1 583 }; 584 585 static byte clientModulus[] = { 586 (byte)0x00, 587 (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36, 588 (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e, 589 (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00, 590 (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f, 591 (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93, 592 (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1, 593 (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8, 594 (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99, 595 (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f, 596 (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24, 597 (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7, 598 (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44, 599 (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2, 600 (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c, 601 (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d, 602 (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a, 603 (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6, 604 (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f, 605 (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97, 606 (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05, 607 (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf, 608 (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3, 609 (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c, 610 (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf, 611 (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56, 612 (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9, 613 (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf, 614 (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab, 615 (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1, 616 (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75, 617 (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac, 618 (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b 619 }; 620 621 static char passphrase[] = "passphrase".toCharArray(); 622 623 /* 624 * Is the server ready to serve? 625 */ 626 volatile static boolean serverReady = false; 627 628 /* 629 * Is the connection ready to close? 630 */ 631 volatile static boolean closeReady = false; 632 633 /* 634 * Turn on SSL debugging? 635 */ 636 static boolean debug = false; 637 638 private SSLServerSocket sslServerSocket = null; 639 640 /* 641 * Define the server side of the test. 642 * 643 * If the server prematurely exits, serverReady will be set to true 644 * to avoid infinite hangs. 645 */ 646 void doServerSide() throws Exception { 647 SSLContext context = getSSLContext(trusedCertStr, serverCertStr, 648 serverModulus, serverPrivateExponent, passphrase); 649 SSLServerSocketFactory sslssf = context.getServerSocketFactory(); 650 651 sslServerSocket = 652 (SSLServerSocket) sslssf.createServerSocket(serverPort); 653 serverPort = sslServerSocket.getLocalPort(); 654 655 /* 656 * Signal Client, we're ready for his connect. 657 */ 658 serverReady = true; 659 660 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); 661 sslSocket.setNeedClientAuth(true); 662 663 PrintStream out = 664 new PrintStream(sslSocket.getOutputStream()); 665 666 try { 667 // ignore request data 668 669 // send the response 670 out.print("HTTP/1.1 200 OK\r\n"); 671 out.print("Content-Type: text/html; charset=iso-8859-1\r\n"); 672 out.print("Content-Length: "+ 9 +"\r\n"); 673 out.print("\r\n"); 674 out.print("Testing\r\n"); 675 out.flush(); 676 } finally { 677 // close the socket 678 while (!closeReady) { 679 Thread.sleep(50); 680 } 681 682 System.out.println("Server closing socket"); 683 sslSocket.close(); 684 serverReady = false; 685 } 686 687 } 688 689 /* 690 * Define the client side of the test. 691 * 692 * If the server prematurely exits, serverReady will be set to true 693 * to avoid infinite hangs. 694 */ 695 void doClientSide() throws Exception { 696 SSLContext reservedSSLContext = SSLContext.getDefault(); 697 try { 698 SSLContext context = getSSLContext(trusedCertStr, clientCertStr, 699 clientModulus, clientPrivateExponent, passphrase); 700 701 SSLContext.setDefault(context); 702 703 /* 704 * Wait for server to get started. 705 */ 706 while (!serverReady) { 707 Thread.sleep(50); 708 } 709 710 HttpsURLConnection http = null; 711 712 /* establish http connection to server */ 713 URL url = new URL("https://127.0.0.1:" + serverPort+"/"); 714 System.out.println("url is "+url.toString()); 715 716 try { 717 http = (HttpsURLConnection)url.openConnection(); 718 719 int respCode = http.getResponseCode(); 720 System.out.println("respCode = " + respCode); 721 722 throw new Exception("Unexpectly found " + 723 "subject alternative name matching IP address"); 724 } catch (SSLHandshakeException sslhe) { 725 // no subject alternative names matching IP address 127.0.0.1 726 // found that's the expected exception, ignore it. 727 } catch (IOException ioe) { 728 // HttpsClient may throw IOE during checking URL spoofing, 729 // that's the expected exception, ignore it. 730 } finally { 731 if (http != null) { 732 http.disconnect(); 733 } 734 closeReady = true; 735 } 736 } finally { 737 SSLContext.setDefault(reservedSSLContext); 738 } 739 } 740 741 /* 742 * ============================================================= 743 * The remainder is just support stuff 744 */ 745 746 // use any free port by default 747 volatile int serverPort = 0; 748 749 volatile Exception serverException = null; 750 volatile Exception clientException = null; 751 752 public static void main(String args[]) throws Exception { 753 if (debug) 754 System.setProperty("javax.net.debug", "all"); 755 756 /* 757 * Start the tests. 758 */ 759 new IPAddressDNSIdentities(); 760 } 761 762 Thread clientThread = null; 763 Thread serverThread = null; 764 /* 765 * Primary constructor, used to drive remainder of the test. 766 * 767 * Fork off the other side, then do your work. 768 */ 769 IPAddressDNSIdentities() throws Exception { 770 if (separateServerThread) { 771 startServer(true); 772 startClient(false); 773 } else { 774 startClient(true); 775 startServer(false); 776 } 777 778 /* 779 * Wait for other side to close down. 780 */ 781 if (separateServerThread) { 782 serverThread.join(); 783 } else { 784 clientThread.join(); 785 } 786 787 /* 788 * When we get here, the test is pretty much over. 789 * 790 * If the main thread excepted, that propagates back 791 * immediately. If the other thread threw an exception, we 792 * should report back. 793 */ 794 if (serverException != null) 795 throw serverException; 796 if (clientException != null) 797 throw clientException; 798 } 799 800 void startServer(boolean newThread) throws Exception { 801 if (newThread) { 802 serverThread = new Thread() { 803 public void run() { 804 try { 805 doServerSide(); 806 } catch (Exception e) { 807 /* 808 * Our server thread just died. 809 * 810 * Release the client, if not active already... 811 */ 812 System.err.println("Server died..."); 813 serverReady = true; 814 serverException = e; 815 } 816 } 817 }; 818 serverThread.start(); 819 } else { 820 doServerSide(); 821 } 822 } 823 824 void startClient(boolean newThread) throws Exception { 825 if (newThread) { 826 clientThread = new Thread() { 827 public void run() { 828 try { 829 doClientSide(); 830 } catch (Exception e) { 831 /* 832 * Our client thread just died. 833 */ 834 System.err.println("Client died..."); 835 clientException = e; 836 } 837 } 838 }; 839 clientThread.start(); 840 } else { 841 doClientSide(); 842 } 843 } 844 845 // get the ssl context 846 private static SSLContext getSSLContext(String trusedCertStr, 847 String keyCertStr, byte[] modulus, 848 byte[] privateExponent, char[] passphrase) throws Exception { 849 850 // generate certificate from cert string 851 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 852 853 ByteArrayInputStream is = 854 new ByteArrayInputStream(trusedCertStr.getBytes()); 855 Certificate trusedCert = cf.generateCertificate(is); 856 is.close(); 857 858 // create a key store 859 KeyStore ks = KeyStore.getInstance("JKS"); 860 ks.load(null, null); 861 862 // import the trused cert 863 ks.setCertificateEntry("RSA Export Signer", trusedCert); 864 865 if (keyCertStr != null) { 866 // generate the private key. 867 RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec( 868 new BigInteger(modulus), 869 new BigInteger(privateExponent)); 870 KeyFactory kf = KeyFactory.getInstance("RSA"); 871 RSAPrivateKey priKey = 872 (RSAPrivateKey)kf.generatePrivate(priKeySpec); 873 874 // generate certificate chain 875 is = new ByteArrayInputStream(keyCertStr.getBytes()); 876 Certificate keyCert = cf.generateCertificate(is); 877 is.close(); 878 879 Certificate[] chain = new Certificate[2]; 880 chain[0] = keyCert; 881 chain[1] = trusedCert; 882 883 // import the key entry. 884 ks.setKeyEntry("Whatever", priKey, passphrase, chain); 885 } 886 887 // create SSL context 888 TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); 889 tmf.init(ks); 890 891 SSLContext ctx = SSLContext.getInstance("TLS"); 892 893 if (keyCertStr != null) { 894 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); 895 kmf.init(ks, passphrase); 896 897 ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 898 } else { 899 ctx.init(null, tmf.getTrustManagers(), null); 900 } 901 902 return ctx; 903 } 904 905 }