1 /* 2 * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // SunJSSE does not support dynamic system properties, no way to re-use 26 // system properties in samevm/agentvm mode. 27 // 28 29 /* @test 30 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 31 * @bug 6766775 32 * @run main/othervm IPAddressIPIdentities 33 * @author Xuelei Fan 34 */ 35 36 import java.net.*; 37 import java.util.*; 38 import java.io.*; 39 import javax.net.ssl.*; 40 import java.security.Security; 41 import java.security.KeyStore; 42 import java.security.KeyFactory; 43 import java.security.cert.Certificate; 44 import java.security.cert.CertificateFactory; 45 import java.security.spec.*; 46 import java.security.interfaces.*; 47 import java.math.BigInteger; 48 49 /* 50 * Certificates and key used in the test. 51 * 52 * TLS server certificate: 53 * server private key: 54 * -----BEGIN RSA PRIVATE KEY----- 55 * Proc-Type: 4,ENCRYPTED 56 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A 57 * 58 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e 59 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI 60 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n 61 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb 62 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP 63 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz 64 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF 65 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J 66 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa 67 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH 68 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT 69 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q 70 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A== 71 * -----END RSA PRIVATE KEY----- 72 * 73 * -----BEGIN RSA PRIVATE KEY----- 74 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie 75 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU 76 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB 77 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi 78 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y 79 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo 80 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4 81 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51 82 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16 83 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2 84 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC 85 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF 86 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608= 87 * -----END RSA PRIVATE KEY----- 88 * 89 * Private-Key: (1024 bit) 90 * modulus: 91 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f: 92 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2: 93 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc: 94 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a: 95 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe: 96 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14: 97 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9: 98 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0: 99 * 30:05:40:2c:4f:ab:d9:74:89 100 * publicExponent: 65537 (0x10001) 101 * privateExponent: 102 * 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90: 103 * 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82: 104 * e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62: 105 * 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9: 106 * 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77: 107 * 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09: 108 * 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b: 109 * fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3: 110 * 37:6b:37:59:ed:db:6d:b1 111 * prime1: 112 * 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a: 113 * ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46: 114 * 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33: 115 * c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7: 116 * d6:11:4c:99:c7 117 * prime2: 118 * 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e: 119 * 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7: 120 * 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0: 121 * 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc: 122 * e0:e1:84:ff:2f 123 * exponent1: 124 * 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8: 125 * 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1: 126 * 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c: 127 * 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d: 128 * 12:b7:6e:91 129 * exponent2: 130 * 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50: 131 * d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b: 132 * 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72: 133 * 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4: 134 * 19:7b:b0:de:53 135 * coefficient: 136 * 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35: 137 * cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a: 138 * 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df: 139 * 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21: 140 * 12:d7:eb:4f 141 * 142 * 143 * server certificate: 144 * Data: 145 * Version: 3 (0x2) 146 * Serial Number: 7 (0x7) 147 * Signature Algorithm: md5WithRSAEncryption 148 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 149 * Validity 150 * Not Before: Dec 8 03:27:57 2008 GMT 151 * Not After : Aug 25 03:27:57 2028 GMT 152 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost 153 * Subject Public Key Info: 154 * Public Key Algorithm: rsaEncryption 155 * RSA Public Key: (1024 bit) 156 * Modulus (1024 bit): 157 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f: 158 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2: 159 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc: 160 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a: 161 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe: 162 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14: 163 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9: 164 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0: 165 * 30:05:40:2c:4f:ab:d9:74:89 166 * Exponent: 65537 (0x10001) 167 * X509v3 extensions: 168 * X509v3 Basic Constraints: 169 * CA:FALSE 170 * X509v3 Key Usage: 171 * Digital Signature, Non Repudiation, Key Encipherment 172 * X509v3 Subject Key Identifier: 173 * ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54 174 * X509v3 Authority Key Identifier: 175 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 176 * 177 * X509v3 Subject Alternative Name: critical 178 * IP Address:127.0.0.1 179 * Signature Algorithm: md5WithRSAEncryption 180 * 181 * -----BEGIN CERTIFICATE----- 182 * MIICnzCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 183 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 184 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3NTdaFw0yODA4MjUwMzI3NTdaMHIxCzAJ 185 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 186 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD 187 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3 188 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6 189 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS 190 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjbjBsMAkGA1UdEwQCMAAw 191 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV 192 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB 193 * MA0GCSqGSIb3DQEBBAUAA4GBAFJjItCtCBZcjD69wdqfIbKmRFa6eJAjR6LcoDva 194 * cKC/sDOLelpspiZ66Zb0Xdv5qQ7QrfOXt3K8QqJKRMdZLF9WfUfy0gJDM32ub91h 195 * pu+TmcGPs+6RdrAQcuvU1ZDV9X8SMj7BtKaim4d5sqFw1npncKiA5xFn8vOYwdun 196 * nZif 197 * -----END CERTIFICATE----- 198 * 199 * 200 * TLS client certificate: 201 * client private key: 202 * ----BEGIN RSA PRIVATE KEY----- 203 * Proc-Type: 4,ENCRYPTED 204 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390 205 * 206 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4 207 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf 208 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak 209 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH 210 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat 211 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46 212 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++ 213 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+ 214 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN 215 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U 216 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO 217 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig 218 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ= 219 * -----END RSA PRIVATE KEY----- 220 * 221 * -----BEGIN RSA PRIVATE KEY----- 222 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4 223 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z 224 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB 225 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW 226 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf 227 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6 228 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3 229 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX 230 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM 231 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1 232 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j 233 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY 234 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w== 235 * -----END RSA PRIVATE KEY----- 236 * 237 * Private-Key: (1024 bit) 238 * modulus: 239 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: 240 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: 241 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: 242 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: 243 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: 244 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: 245 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: 246 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: 247 * 75:8d:f5:82:ac:43:92:44:1b 248 * publicExponent: 65537 (0x10001) 249 * privateExponent: 250 * 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b: 251 * 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05: 252 * fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96: 253 * b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0: 254 * 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51: 255 * 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef: 256 * 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94: 257 * 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1: 258 * e5:28:9b:f9:4c:94:c6:b1 259 * prime1: 260 * 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38: 261 * 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f: 262 * a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f: 263 * 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14: 264 * e2:a0:4d:ab:b5 265 * prime2: 266 * 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d: 267 * 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3: 268 * 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4: 269 * bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4: 270 * 76:7d:ce:32:8f 271 * exponent1: 272 * 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f: 273 * 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b: 274 * 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa: 275 * 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2: 276 * 4c:de:38:95 277 * exponent2: 278 * 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3: 279 * ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce: 280 * 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3: 281 * eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b: 282 * 0d:78:df:fd 283 * coefficient: 284 * 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31: 285 * de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18: 286 * aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56: 287 * 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da: 288 * 35:92:f2:e3 289 * 290 * client certificate: 291 * Data: 292 * Version: 3 (0x2) 293 * Serial Number: 6 (0x6) 294 * Signature Algorithm: md5WithRSAEncryption 295 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 296 * Validity 297 * Not Before: Dec 8 03:27:34 2008 GMT 298 * Not After : Aug 25 03:27:34 2028 GMT 299 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost 300 * Subject Public Key Info: 301 * Public Key Algorithm: rsaEncryption 302 * RSA Public Key: (1024 bit) 303 * Modulus (1024 bit): 304 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: 305 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: 306 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: 307 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: 308 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: 309 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: 310 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: 311 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: 312 * 75:8d:f5:82:ac:43:92:44:1b 313 * Exponent: 65537 (0x10001) 314 * X509v3 extensions: 315 * X509v3 Basic Constraints: 316 * CA:FALSE 317 * X509v3 Key Usage: 318 * Digital Signature, Non Repudiation, Key Encipherment 319 * X509v3 Subject Key Identifier: 320 * CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6 321 * X509v3 Authority Key Identifier: 322 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 323 * 324 * X509v3 Subject Alternative Name: critical 325 * IP Address:127.0.0.1 326 * Signature Algorithm: md5WithRSAEncryption 327 * 328 * -----BEGIN CERTIFICATE----- 329 * MIICnzCCAgigAwIBAgIBBjANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 330 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 331 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3MzRaFw0yODA4MjUwMzI3MzRaMHIxCzAJ 332 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 333 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD 334 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas 335 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV 336 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq 337 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjbjBsMAkGA1UdEwQCMAAw 338 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV 339 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB 340 * MA0GCSqGSIb3DQEBBAUAA4GBACjj9PS+W6XOF7toFMwMOv/AemZeBOpcEF1Ei1Hx 341 * HjvB6EOHkMY8tFm5OPzkiWiK3+s3awpSW0jWdzMYwrQJ3/klMsPDpI7PEuirqwHP 342 * i5Wyl/vk7jmfWVcBO9MVhPUo4BYl4vS9aj6JA5QbkbkB95LOgT/BowY0WmHeVsXC 343 * I9aw 344 * -----END CERTIFICATE----- 345 * 346 * 347 * 348 * Trusted CA certificate: 349 * Certificate: 350 * Data: 351 * Version: 3 (0x2) 352 * Serial Number: 0 (0x0) 353 * Signature Algorithm: md5WithRSAEncryption 354 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 355 * Validity 356 * Not Before: Dec 8 02:43:36 2008 GMT 357 * Not After : Aug 25 02:43:36 2028 GMT 358 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org 359 * Subject Public Key Info: 360 * Public Key Algorithm: rsaEncryption 361 * RSA Public Key: (1024 bit) 362 * Modulus (1024 bit): 363 * 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d: 364 * d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53: 365 * 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9: 366 * 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f: 367 * 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7: 368 * 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee: 369 * f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee: 370 * 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97: 371 * 89:2a:95:12:4c:d8:09:2a:e9 372 * Exponent: 65537 (0x10001) 373 * X509v3 extensions: 374 * X509v3 Subject Key Identifier: 375 * FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 376 * X509v3 Authority Key Identifier: 377 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 378 * DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org 379 * serial:00 380 * 381 * X509v3 Basic Constraints: 382 * CA:TRUE 383 * Signature Algorithm: md5WithRSAEncryption 384 * 385 * -----BEGIN CERTIFICATE----- 386 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 387 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 388 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ 389 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 390 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 391 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX 392 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj 393 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G 394 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ 395 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt 396 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw 397 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA 398 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ 399 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P 400 * 6Mvf0r1PNTY2hwTJLJmKtg== 401 * -----END CERTIFICATE--- 402 */ 403 404 405 public class IPAddressIPIdentities { 406 static Map cookies; 407 ServerSocket ss; 408 409 /* 410 * ============================================================= 411 * Set the various variables needed for the tests, then 412 * specify what tests to run on each side. 413 */ 414 415 /* 416 * Should we run the client or server in a separate thread? 417 * Both sides can throw exceptions, but do you have a preference 418 * as to which side should be the main thread. 419 */ 420 static boolean separateServerThread = true; 421 422 /* 423 * Where do we find the keystores? 424 */ 425 static String trusedCertStr = 426 "-----BEGIN CERTIFICATE-----\n" + 427 "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 428 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 429 "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" + 430 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 431 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + 432 "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" + 433 "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" + 434 "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" + 435 "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" + 436 "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" + 437 "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" + 438 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" + 439 "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" + 440 "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" + 441 "6Mvf0r1PNTY2hwTJLJmKtg==\n" + 442 "-----END CERTIFICATE-----"; 443 444 static String serverCertStr = 445 "-----BEGIN CERTIFICATE-----\n" + 446 "MIICnzCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 447 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 448 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3NTdaFw0yODA4MjUwMzI3NTdaMHIxCzAJ\n" + 449 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 450 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" + 451 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" + 452 "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" + 453 "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" + 454 "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjbjBsMAkGA1UdEwQCMAAw\n" + 455 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" + 456 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB\n" + 457 "MA0GCSqGSIb3DQEBBAUAA4GBAFJjItCtCBZcjD69wdqfIbKmRFa6eJAjR6LcoDva\n" + 458 "cKC/sDOLelpspiZ66Zb0Xdv5qQ7QrfOXt3K8QqJKRMdZLF9WfUfy0gJDM32ub91h\n" + 459 "pu+TmcGPs+6RdrAQcuvU1ZDV9X8SMj7BtKaim4d5sqFw1npncKiA5xFn8vOYwdun\n" + 460 "nZif\n" + 461 "-----END CERTIFICATE-----"; 462 463 static String clientCertStr = 464 "-----BEGIN CERTIFICATE-----\n" + 465 "MIICnzCCAgigAwIBAgIBBjANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 466 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 467 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3MzRaFw0yODA4MjUwMzI3MzRaMHIxCzAJ\n" + 468 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 469 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" + 470 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" + 471 "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" + 472 "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" + 473 "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjbjBsMAkGA1UdEwQCMAAw\n" + 474 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" + 475 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB\n" + 476 "MA0GCSqGSIb3DQEBBAUAA4GBACjj9PS+W6XOF7toFMwMOv/AemZeBOpcEF1Ei1Hx\n" + 477 "HjvB6EOHkMY8tFm5OPzkiWiK3+s3awpSW0jWdzMYwrQJ3/klMsPDpI7PEuirqwHP\n" + 478 "i5Wyl/vk7jmfWVcBO9MVhPUo4BYl4vS9aj6JA5QbkbkB95LOgT/BowY0WmHeVsXC\n" + 479 "I9aw\n" + 480 "-----END CERTIFICATE-----"; 481 482 483 static byte serverPrivateExponent[] = { 484 (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83, 485 (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44, 486 (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89, 487 (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60, 488 (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21, 489 (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc, 490 (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e, 491 (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3, 492 (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54, 493 (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf, 494 (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0, 495 (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9, 496 (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29, 497 (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c, 498 (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9, 499 (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6, 500 (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72, 501 (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4, 502 (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76, 503 (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f, 504 (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5, 505 (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71, 506 (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e, 507 (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4, 508 (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a, 509 (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4, 510 (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a, 511 (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18, 512 (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba, 513 (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3, 514 (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59, 515 (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1 516 }; 517 518 static byte serverModulus[] = { 519 (byte)0x00, 520 (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c, 521 (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99, 522 (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79, 523 (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48, 524 (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84, 525 (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c, 526 (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9, 527 (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39, 528 (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72, 529 (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44, 530 (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc, 531 (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6, 532 (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54, 533 (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc, 534 (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f, 535 (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f, 536 (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2, 537 (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88, 538 (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f, 539 (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53, 540 (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33, 541 (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47, 542 (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea, 543 (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75, 544 (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc, 545 (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9, 546 (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2, 547 (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24, 548 (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03, 549 (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30, 550 (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f, 551 (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89 552 }; 553 554 static byte clientPrivateExponent[] = { 555 (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36, 556 (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce, 557 (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84, 558 (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25, 559 (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4, 560 (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a, 561 (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19, 562 (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2, 563 (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77, 564 (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84, 565 (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41, 566 (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8, 567 (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71, 568 (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a, 569 (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0, 570 (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6, 571 (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39, 572 (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e, 573 (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a, 574 (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88, 575 (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89, 576 (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d, 577 (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a, 578 (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69, 579 (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37, 580 (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7, 581 (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27, 582 (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8, 583 (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8, 584 (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1, 585 (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9, 586 (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1 587 }; 588 589 static byte clientModulus[] = { 590 (byte)0x00, 591 (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36, 592 (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e, 593 (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00, 594 (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f, 595 (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93, 596 (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1, 597 (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8, 598 (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99, 599 (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f, 600 (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24, 601 (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7, 602 (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44, 603 (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2, 604 (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c, 605 (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d, 606 (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a, 607 (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6, 608 (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f, 609 (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97, 610 (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05, 611 (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf, 612 (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3, 613 (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c, 614 (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf, 615 (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56, 616 (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9, 617 (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf, 618 (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab, 619 (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1, 620 (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75, 621 (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac, 622 (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b 623 }; 624 625 static char passphrase[] = "passphrase".toCharArray(); 626 627 /* 628 * Is the server ready to serve? 629 */ 630 volatile static boolean serverReady = false; 631 632 /* 633 * Is the connection ready to close? 634 */ 635 volatile static boolean closeReady = false; 636 637 /* 638 * Turn on SSL debugging? 639 */ 640 static boolean debug = false; 641 642 private SSLServerSocket sslServerSocket = null; 643 644 /* 645 * Define the server side of the test. 646 * 647 * If the server prematurely exits, serverReady will be set to true 648 * to avoid infinite hangs. 649 */ 650 void doServerSide() throws Exception { 651 SSLContext context = getSSLContext(trusedCertStr, serverCertStr, 652 serverModulus, serverPrivateExponent, passphrase); 653 SSLServerSocketFactory sslssf = context.getServerSocketFactory(); 654 655 sslServerSocket = 656 (SSLServerSocket) sslssf.createServerSocket(serverPort); 657 serverPort = sslServerSocket.getLocalPort(); 658 659 /* 660 * Signal Client, we're ready for his connect. 661 */ 662 serverReady = true; 663 664 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); 665 sslSocket.setNeedClientAuth(true); 666 667 PrintStream out = 668 new PrintStream(sslSocket.getOutputStream()); 669 670 try { 671 // ignore request data 672 673 // send the response 674 out.print("HTTP/1.1 200 OK\r\n"); 675 out.print("Content-Type: text/html; charset=iso-8859-1\r\n"); 676 out.print("Content-Length: "+ 9 +"\r\n"); 677 out.print("\r\n"); 678 out.print("Testing\r\n"); 679 out.flush(); 680 } finally { 681 // close the socket 682 while (!closeReady) { 683 Thread.sleep(50); 684 } 685 686 System.out.println("Server closing socket"); 687 sslSocket.close(); 688 serverReady = false; 689 } 690 691 } 692 693 /* 694 * Define the client side of the test. 695 * 696 * If the server prematurely exits, serverReady will be set to true 697 * to avoid infinite hangs. 698 */ 699 void doClientSide() throws Exception { 700 SSLContext reservedSSLContext = SSLContext.getDefault(); 701 try { 702 SSLContext context = getSSLContext(trusedCertStr, clientCertStr, 703 clientModulus, clientPrivateExponent, passphrase); 704 705 SSLContext.setDefault(context); 706 707 /* 708 * Wait for server to get started. 709 */ 710 while (!serverReady) { 711 Thread.sleep(50); 712 } 713 714 HttpsURLConnection http = null; 715 716 /* establish http connection to server */ 717 URL url = new URL("https://127.0.0.1:" + serverPort+"/"); 718 System.out.println("url is "+url.toString()); 719 720 try { 721 http = (HttpsURLConnection)url.openConnection(); 722 723 int respCode = http.getResponseCode(); 724 System.out.println("respCode = "+respCode); 725 } finally { 726 if (http != null) { 727 http.disconnect(); 728 } 729 closeReady = true; 730 } 731 } finally { 732 SSLContext.setDefault(reservedSSLContext); 733 } 734 } 735 736 /* 737 * ============================================================= 738 * The remainder is just support stuff 739 */ 740 741 // use any free port by default 742 volatile int serverPort = 0; 743 744 volatile Exception serverException = null; 745 volatile Exception clientException = null; 746 747 public static void main(String args[]) throws Exception { 748 // MD5 is used in this test case, don't disable MD5 algorithm. 749 Security.setProperty( 750 "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); 751 752 if (debug) 753 System.setProperty("javax.net.debug", "all"); 754 755 /* 756 * Start the tests. 757 */ 758 new IPAddressIPIdentities(); 759 } 760 761 Thread clientThread = null; 762 Thread serverThread = null; 763 /* 764 * Primary constructor, used to drive remainder of the test. 765 * 766 * Fork off the other side, then do your work. 767 */ 768 IPAddressIPIdentities() throws Exception { 769 if (separateServerThread) { 770 startServer(true); 771 startClient(false); 772 } else { 773 startClient(true); 774 startServer(false); 775 } 776 777 /* 778 * Wait for other side to close down. 779 */ 780 if (separateServerThread) { 781 serverThread.join(); 782 } else { 783 clientThread.join(); 784 } 785 786 /* 787 * When we get here, the test is pretty much over. 788 * 789 * If the main thread excepted, that propagates back 790 * immediately. If the other thread threw an exception, we 791 * should report back. 792 */ 793 if (serverException != null) 794 throw serverException; 795 if (clientException != null) 796 throw clientException; 797 } 798 799 void startServer(boolean newThread) throws Exception { 800 if (newThread) { 801 serverThread = new Thread() { 802 public void run() { 803 try { 804 doServerSide(); 805 } catch (Exception e) { 806 /* 807 * Our server thread just died. 808 * 809 * Release the client, if not active already... 810 */ 811 System.err.println("Server died..."); 812 serverReady = true; 813 serverException = e; 814 } 815 } 816 }; 817 serverThread.start(); 818 } else { 819 doServerSide(); 820 } 821 } 822 823 void startClient(boolean newThread) throws Exception { 824 if (newThread) { 825 clientThread = new Thread() { 826 public void run() { 827 try { 828 doClientSide(); 829 } catch (Exception e) { 830 /* 831 * Our client thread just died. 832 */ 833 System.err.println("Client died..."); 834 clientException = e; 835 } 836 } 837 }; 838 clientThread.start(); 839 } else { 840 doClientSide(); 841 } 842 } 843 844 // get the ssl context 845 private static SSLContext getSSLContext(String trusedCertStr, 846 String keyCertStr, byte[] modulus, 847 byte[] privateExponent, char[] passphrase) throws Exception { 848 849 // generate certificate from cert string 850 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 851 852 ByteArrayInputStream is = 853 new ByteArrayInputStream(trusedCertStr.getBytes()); 854 Certificate trusedCert = cf.generateCertificate(is); 855 is.close(); 856 857 // create a key store 858 KeyStore ks = KeyStore.getInstance("JKS"); 859 ks.load(null, null); 860 861 // import the trused cert 862 ks.setCertificateEntry("RSA Export Signer", trusedCert); 863 864 if (keyCertStr != null) { 865 // generate the private key. 866 RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec( 867 new BigInteger(modulus), 868 new BigInteger(privateExponent)); 869 KeyFactory kf = KeyFactory.getInstance("RSA"); 870 RSAPrivateKey priKey = 871 (RSAPrivateKey)kf.generatePrivate(priKeySpec); 872 873 // generate certificate chain 874 is = new ByteArrayInputStream(keyCertStr.getBytes()); 875 Certificate keyCert = cf.generateCertificate(is); 876 is.close(); 877 878 Certificate[] chain = new Certificate[2]; 879 chain[0] = keyCert; 880 chain[1] = trusedCert; 881 882 // import the key entry. 883 ks.setKeyEntry("Whatever", priKey, passphrase, chain); 884 } 885 886 // create SSL context 887 TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); 888 tmf.init(ks); 889 890 SSLContext ctx = SSLContext.getInstance("TLS"); 891 892 if (keyCertStr != null) { 893 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); 894 kmf.init(ks, passphrase); 895 896 ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 897 } else { 898 ctx.init(null, tmf.getTrustManagers(), null); 899 } 900 901 return ctx; 902 } 903 904 }