1 /*
2 * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /* @test
30 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
31 * @bug 6766775
32 * @run main/othervm IPAddressIPIdentities
33 * @author Xuelei Fan
34 */
35
36 import java.net.*;
37 import java.util.*;
38 import java.io.*;
39 import javax.net.ssl.*;
40 import java.security.Security;
41 import java.security.KeyStore;
42 import java.security.KeyFactory;
43 import java.security.cert.Certificate;
44 import java.security.cert.CertificateFactory;
45 import java.security.spec.*;
46 import java.security.interfaces.*;
47 import java.math.BigInteger;
48
49 /*
50 * Certificates and key used in the test.
51 *
52 * TLS server certificate:
53 * server private key:
54 * -----BEGIN RSA PRIVATE KEY-----
55 * Proc-Type: 4,ENCRYPTED
56 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A
57 *
58 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e
59 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI
60 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n
61 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb
62 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP
63 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz
64 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF
65 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J
66 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa
67 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH
68 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT
69 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q
70 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==
71 * -----END RSA PRIVATE KEY-----
72 *
73 * -----BEGIN RSA PRIVATE KEY-----
74 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie
75 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU
76 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB
77 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi
78 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y
79 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo
80 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4
81 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51
82 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16
83 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2
84 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC
85 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF
86 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=
87 * -----END RSA PRIVATE KEY-----
88 *
89 * Private-Key: (1024 bit)
90 * modulus:
91 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
92 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
93 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
94 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
95 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
96 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
97 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
98 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
99 * 30:05:40:2c:4f:ab:d9:74:89
100 * publicExponent: 65537 (0x10001)
101 * privateExponent:
102 * 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:
103 * 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:
104 * e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:
105 * 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:
106 * 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:
107 * 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:
108 * 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:
109 * fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:
110 * 37:6b:37:59:ed:db:6d:b1
111 * prime1:
112 * 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:
113 * ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:
114 * 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:
115 * c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:
116 * d6:11:4c:99:c7
117 * prime2:
118 * 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:
119 * 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:
120 * 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:
121 * 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:
122 * e0:e1:84:ff:2f
123 * exponent1:
124 * 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:
125 * 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:
126 * 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:
127 * 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:
128 * 12:b7:6e:91
129 * exponent2:
130 * 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:
131 * d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:
132 * 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:
133 * 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:
134 * 19:7b:b0:de:53
135 * coefficient:
136 * 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:
137 * cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:
138 * 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:
139 * 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:
140 * 12:d7:eb:4f
141 *
142 *
143 * server certificate:
144 * Data:
145 * Version: 3 (0x2)
146 * Serial Number: 7 (0x7)
147 * Signature Algorithm: md5WithRSAEncryption
148 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
149 * Validity
150 * Not Before: Dec 8 03:27:57 2008 GMT
151 * Not After : Aug 25 03:27:57 2028 GMT
152 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost
153 * Subject Public Key Info:
154 * Public Key Algorithm: rsaEncryption
155 * RSA Public Key: (1024 bit)
156 * Modulus (1024 bit):
157 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
158 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
159 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
160 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
161 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
162 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
163 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
164 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
165 * 30:05:40:2c:4f:ab:d9:74:89
166 * Exponent: 65537 (0x10001)
167 * X509v3 extensions:
168 * X509v3 Basic Constraints:
169 * CA:FALSE
170 * X509v3 Key Usage:
171 * Digital Signature, Non Repudiation, Key Encipherment
172 * X509v3 Subject Key Identifier:
173 * ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54
174 * X509v3 Authority Key Identifier:
175 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
176 *
177 * X509v3 Subject Alternative Name: critical
178 * IP Address:127.0.0.1
179 * Signature Algorithm: md5WithRSAEncryption
180 *
181 * -----BEGIN CERTIFICATE-----
182 * MIICnzCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
183 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
184 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3NTdaFw0yODA4MjUwMzI3NTdaMHIxCzAJ
185 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
186 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD
187 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3
188 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6
189 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS
190 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjbjBsMAkGA1UdEwQCMAAw
191 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV
192 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB
193 * MA0GCSqGSIb3DQEBBAUAA4GBAFJjItCtCBZcjD69wdqfIbKmRFa6eJAjR6LcoDva
194 * cKC/sDOLelpspiZ66Zb0Xdv5qQ7QrfOXt3K8QqJKRMdZLF9WfUfy0gJDM32ub91h
195 * pu+TmcGPs+6RdrAQcuvU1ZDV9X8SMj7BtKaim4d5sqFw1npncKiA5xFn8vOYwdun
196 * nZif
197 * -----END CERTIFICATE-----
198 *
199 *
200 * TLS client certificate:
201 * client private key:
202 * ----BEGIN RSA PRIVATE KEY-----
203 * Proc-Type: 4,ENCRYPTED
204 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390
205 *
206 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4
207 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf
208 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak
209 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH
210 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat
211 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46
212 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++
213 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+
214 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN
215 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U
216 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO
217 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig
218 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=
219 * -----END RSA PRIVATE KEY-----
220 *
221 * -----BEGIN RSA PRIVATE KEY-----
222 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4
223 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z
224 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB
225 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW
226 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf
227 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6
228 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3
229 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX
230 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM
231 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1
232 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j
233 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY
234 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==
235 * -----END RSA PRIVATE KEY-----
236 *
237 * Private-Key: (1024 bit)
238 * modulus:
239 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
240 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
241 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
242 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
243 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
244 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
245 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
246 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
247 * 75:8d:f5:82:ac:43:92:44:1b
248 * publicExponent: 65537 (0x10001)
249 * privateExponent:
250 * 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:
251 * 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:
252 * fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:
253 * b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:
254 * 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:
255 * 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:
256 * 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:
257 * 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:
258 * e5:28:9b:f9:4c:94:c6:b1
259 * prime1:
260 * 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:
261 * 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:
262 * a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:
263 * 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:
264 * e2:a0:4d:ab:b5
265 * prime2:
266 * 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:
267 * 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:
268 * 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:
269 * bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:
270 * 76:7d:ce:32:8f
271 * exponent1:
272 * 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:
273 * 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:
274 * 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:
275 * 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:
276 * 4c:de:38:95
277 * exponent2:
278 * 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:
279 * ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:
280 * 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:
281 * eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:
282 * 0d:78:df:fd
283 * coefficient:
284 * 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:
285 * de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:
286 * aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:
287 * 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:
288 * 35:92:f2:e3
289 *
290 * client certificate:
291 * Data:
292 * Version: 3 (0x2)
293 * Serial Number: 6 (0x6)
294 * Signature Algorithm: md5WithRSAEncryption
295 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
296 * Validity
297 * Not Before: Dec 8 03:27:34 2008 GMT
298 * Not After : Aug 25 03:27:34 2028 GMT
299 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost
300 * Subject Public Key Info:
301 * Public Key Algorithm: rsaEncryption
302 * RSA Public Key: (1024 bit)
303 * Modulus (1024 bit):
304 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
305 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
306 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
307 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
308 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
309 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
310 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
311 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
312 * 75:8d:f5:82:ac:43:92:44:1b
313 * Exponent: 65537 (0x10001)
314 * X509v3 extensions:
315 * X509v3 Basic Constraints:
316 * CA:FALSE
317 * X509v3 Key Usage:
318 * Digital Signature, Non Repudiation, Key Encipherment
319 * X509v3 Subject Key Identifier:
320 * CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6
321 * X509v3 Authority Key Identifier:
322 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
323 *
324 * X509v3 Subject Alternative Name: critical
325 * IP Address:127.0.0.1
326 * Signature Algorithm: md5WithRSAEncryption
327 *
328 * -----BEGIN CERTIFICATE-----
329 * MIICnzCCAgigAwIBAgIBBjANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
330 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
331 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3MzRaFw0yODA4MjUwMzI3MzRaMHIxCzAJ
332 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
333 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD
334 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas
335 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV
336 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq
337 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjbjBsMAkGA1UdEwQCMAAw
338 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV
339 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB
340 * MA0GCSqGSIb3DQEBBAUAA4GBACjj9PS+W6XOF7toFMwMOv/AemZeBOpcEF1Ei1Hx
341 * HjvB6EOHkMY8tFm5OPzkiWiK3+s3awpSW0jWdzMYwrQJ3/klMsPDpI7PEuirqwHP
342 * i5Wyl/vk7jmfWVcBO9MVhPUo4BYl4vS9aj6JA5QbkbkB95LOgT/BowY0WmHeVsXC
343 * I9aw
344 * -----END CERTIFICATE-----
345 *
346 *
347 *
348 * Trusted CA certificate:
349 * Certificate:
350 * Data:
351 * Version: 3 (0x2)
352 * Serial Number: 0 (0x0)
353 * Signature Algorithm: md5WithRSAEncryption
354 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
355 * Validity
356 * Not Before: Dec 8 02:43:36 2008 GMT
357 * Not After : Aug 25 02:43:36 2028 GMT
358 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org
359 * Subject Public Key Info:
360 * Public Key Algorithm: rsaEncryption
361 * RSA Public Key: (1024 bit)
362 * Modulus (1024 bit):
363 * 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:
364 * d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:
365 * 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:
366 * 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:
367 * 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:
368 * 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:
369 * f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:
370 * 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:
371 * 89:2a:95:12:4c:d8:09:2a:e9
372 * Exponent: 65537 (0x10001)
373 * X509v3 extensions:
374 * X509v3 Subject Key Identifier:
375 * FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
376 * X509v3 Authority Key Identifier:
377 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
378 * DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org
379 * serial:00
380 *
381 * X509v3 Basic Constraints:
382 * CA:TRUE
383 * Signature Algorithm: md5WithRSAEncryption
384 *
385 * -----BEGIN CERTIFICATE-----
386 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
387 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
388 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ
389 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
390 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
391 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX
392 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj
393 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G
394 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ
395 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt
396 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw
397 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA
398 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ
399 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P
400 * 6Mvf0r1PNTY2hwTJLJmKtg==
401 * -----END CERTIFICATE---
402 */
403
404
405 public class IPAddressIPIdentities {
406 static Map cookies;
407 ServerSocket ss;
408
409 /*
410 * =============================================================
411 * Set the various variables needed for the tests, then
412 * specify what tests to run on each side.
413 */
414
415 /*
416 * Should we run the client or server in a separate thread?
417 * Both sides can throw exceptions, but do you have a preference
418 * as to which side should be the main thread.
419 */
420 static boolean separateServerThread = true;
421
422 /*
423 * Where do we find the keystores?
424 */
425 static String trusedCertStr =
426 "-----BEGIN CERTIFICATE-----\n" +
427 "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
428 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
429 "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" +
430 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
431 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +
432 "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" +
433 "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" +
434 "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" +
435 "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" +
436 "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" +
437 "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" +
438 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" +
439 "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" +
440 "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" +
441 "6Mvf0r1PNTY2hwTJLJmKtg==\n" +
442 "-----END CERTIFICATE-----";
443
444 static String serverCertStr =
445 "-----BEGIN CERTIFICATE-----\n" +
446 "MIICnzCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
447 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
448 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3NTdaFw0yODA4MjUwMzI3NTdaMHIxCzAJ\n" +
449 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
450 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" +
451 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" +
452 "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" +
453 "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" +
454 "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjbjBsMAkGA1UdEwQCMAAw\n" +
455 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" +
456 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB\n" +
457 "MA0GCSqGSIb3DQEBBAUAA4GBAFJjItCtCBZcjD69wdqfIbKmRFa6eJAjR6LcoDva\n" +
458 "cKC/sDOLelpspiZ66Zb0Xdv5qQ7QrfOXt3K8QqJKRMdZLF9WfUfy0gJDM32ub91h\n" +
459 "pu+TmcGPs+6RdrAQcuvU1ZDV9X8SMj7BtKaim4d5sqFw1npncKiA5xFn8vOYwdun\n" +
460 "nZif\n" +
461 "-----END CERTIFICATE-----";
462
463 static String clientCertStr =
464 "-----BEGIN CERTIFICATE-----\n" +
465 "MIICnzCCAgigAwIBAgIBBjANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
466 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
467 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3MzRaFw0yODA4MjUwMzI3MzRaMHIxCzAJ\n" +
468 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
469 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" +
470 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" +
471 "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" +
472 "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" +
473 "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjbjBsMAkGA1UdEwQCMAAw\n" +
474 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" +
475 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB\n" +
476 "MA0GCSqGSIb3DQEBBAUAA4GBACjj9PS+W6XOF7toFMwMOv/AemZeBOpcEF1Ei1Hx\n" +
477 "HjvB6EOHkMY8tFm5OPzkiWiK3+s3awpSW0jWdzMYwrQJ3/klMsPDpI7PEuirqwHP\n" +
478 "i5Wyl/vk7jmfWVcBO9MVhPUo4BYl4vS9aj6JA5QbkbkB95LOgT/BowY0WmHeVsXC\n" +
479 "I9aw\n" +
480 "-----END CERTIFICATE-----";
481
482
483 static byte serverPrivateExponent[] = {
484 (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83,
485 (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44,
486 (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89,
487 (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60,
488 (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21,
489 (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc,
490 (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e,
491 (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3,
492 (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54,
493 (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf,
494 (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0,
495 (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9,
496 (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29,
497 (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c,
498 (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9,
499 (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6,
500 (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72,
501 (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4,
502 (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76,
503 (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f,
504 (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5,
505 (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71,
506 (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e,
507 (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4,
508 (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a,
509 (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4,
510 (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a,
511 (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18,
512 (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba,
513 (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3,
514 (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59,
515 (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1
516 };
517
518 static byte serverModulus[] = {
519 (byte)0x00,
520 (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c,
521 (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99,
522 (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79,
523 (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48,
524 (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84,
525 (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c,
526 (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9,
527 (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39,
528 (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72,
529 (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44,
530 (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc,
531 (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6,
532 (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54,
533 (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc,
534 (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f,
535 (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f,
536 (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2,
537 (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88,
538 (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f,
539 (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53,
540 (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33,
541 (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47,
542 (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea,
543 (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75,
544 (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc,
545 (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9,
546 (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2,
547 (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24,
548 (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03,
549 (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30,
550 (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f,
551 (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89
552 };
553
554 static byte clientPrivateExponent[] = {
555 (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36,
556 (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce,
557 (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84,
558 (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25,
559 (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4,
560 (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a,
561 (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19,
562 (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2,
563 (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77,
564 (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84,
565 (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41,
566 (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8,
567 (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71,
568 (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a,
569 (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0,
570 (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6,
571 (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39,
572 (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e,
573 (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a,
574 (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88,
575 (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89,
576 (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d,
577 (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a,
578 (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69,
579 (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37,
580 (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7,
581 (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27,
582 (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8,
583 (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8,
584 (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1,
585 (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9,
586 (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1
587 };
588
589 static byte clientModulus[] = {
590 (byte)0x00,
591 (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36,
592 (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e,
593 (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00,
594 (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f,
595 (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93,
596 (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1,
597 (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8,
598 (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99,
599 (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f,
600 (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24,
601 (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7,
602 (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44,
603 (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2,
604 (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c,
605 (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d,
606 (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a,
607 (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6,
608 (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f,
609 (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97,
610 (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05,
611 (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf,
612 (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3,
613 (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c,
614 (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf,
615 (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56,
616 (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9,
617 (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf,
618 (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab,
619 (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1,
620 (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75,
621 (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac,
622 (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b
623 };
624
625 static char passphrase[] = "passphrase".toCharArray();
626
627 /*
628 * Is the server ready to serve?
629 */
630 volatile static boolean serverReady = false;
631
632 /*
633 * Is the connection ready to close?
634 */
635 volatile static boolean closeReady = false;
636
637 /*
638 * Turn on SSL debugging?
639 */
640 static boolean debug = false;
641
642 private SSLServerSocket sslServerSocket = null;
643
644 /*
645 * Define the server side of the test.
646 *
647 * If the server prematurely exits, serverReady will be set to true
648 * to avoid infinite hangs.
649 */
650 void doServerSide() throws Exception {
651 SSLContext context = getSSLContext(trusedCertStr, serverCertStr,
652 serverModulus, serverPrivateExponent, passphrase);
653 SSLServerSocketFactory sslssf = context.getServerSocketFactory();
654
655 sslServerSocket =
656 (SSLServerSocket) sslssf.createServerSocket(serverPort);
657 serverPort = sslServerSocket.getLocalPort();
658
659 /*
660 * Signal Client, we're ready for his connect.
661 */
662 serverReady = true;
663
664 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
665 sslSocket.setNeedClientAuth(true);
666
667 PrintStream out =
668 new PrintStream(sslSocket.getOutputStream());
669
670 try {
671 // ignore request data
672
673 // send the response
674 out.print("HTTP/1.1 200 OK\r\n");
675 out.print("Content-Type: text/html; charset=iso-8859-1\r\n");
676 out.print("Content-Length: "+ 9 +"\r\n");
677 out.print("\r\n");
678 out.print("Testing\r\n");
679 out.flush();
680 } finally {
681 // close the socket
682 while (!closeReady) {
683 Thread.sleep(50);
684 }
685
686 System.out.println("Server closing socket");
687 sslSocket.close();
688 serverReady = false;
689 }
690
691 }
692
693 /*
694 * Define the client side of the test.
695 *
696 * If the server prematurely exits, serverReady will be set to true
697 * to avoid infinite hangs.
698 */
699 void doClientSide() throws Exception {
700 SSLContext reservedSSLContext = SSLContext.getDefault();
701 try {
702 SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
703 clientModulus, clientPrivateExponent, passphrase);
704
705 SSLContext.setDefault(context);
706
707 /*
708 * Wait for server to get started.
709 */
710 while (!serverReady) {
711 Thread.sleep(50);
712 }
713
714 HttpsURLConnection http = null;
715
716 /* establish http connection to server */
717 URL url = new URL("https://127.0.0.1:" + serverPort+"/");
718 System.out.println("url is "+url.toString());
719
720 try {
721 http = (HttpsURLConnection)url.openConnection();
722
723 int respCode = http.getResponseCode();
724 System.out.println("respCode = "+respCode);
725 } finally {
726 if (http != null) {
727 http.disconnect();
728 }
729 closeReady = true;
730 }
731 } finally {
732 SSLContext.setDefault(reservedSSLContext);
733 }
734 }
735
736 /*
737 * =============================================================
738 * The remainder is just support stuff
739 */
740
741 // use any free port by default
742 volatile int serverPort = 0;
743
744 volatile Exception serverException = null;
745 volatile Exception clientException = null;
746
747 public static void main(String args[]) throws Exception {
748 // MD5 is used in this test case, don't disable MD5 algorithm.
749 Security.setProperty(
750 "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
751
752 if (debug)
753 System.setProperty("javax.net.debug", "all");
754
755 /*
756 * Start the tests.
757 */
758 new IPAddressIPIdentities();
759 }
760
761 Thread clientThread = null;
762 Thread serverThread = null;
763 /*
764 * Primary constructor, used to drive remainder of the test.
765 *
766 * Fork off the other side, then do your work.
767 */
768 IPAddressIPIdentities() throws Exception {
769 if (separateServerThread) {
770 startServer(true);
771 startClient(false);
772 } else {
773 startClient(true);
774 startServer(false);
775 }
776
777 /*
778 * Wait for other side to close down.
779 */
780 if (separateServerThread) {
781 serverThread.join();
782 } else {
783 clientThread.join();
784 }
785
786 /*
787 * When we get here, the test is pretty much over.
788 *
789 * If the main thread excepted, that propagates back
790 * immediately. If the other thread threw an exception, we
791 * should report back.
792 */
793 if (serverException != null)
794 throw serverException;
795 if (clientException != null)
796 throw clientException;
797 }
798
799 void startServer(boolean newThread) throws Exception {
800 if (newThread) {
801 serverThread = new Thread() {
802 public void run() {
803 try {
804 doServerSide();
805 } catch (Exception e) {
806 /*
807 * Our server thread just died.
808 *
809 * Release the client, if not active already...
810 */
811 System.err.println("Server died...");
812 serverReady = true;
813 serverException = e;
814 }
815 }
816 };
817 serverThread.start();
818 } else {
819 doServerSide();
820 }
821 }
822
823 void startClient(boolean newThread) throws Exception {
824 if (newThread) {
825 clientThread = new Thread() {
826 public void run() {
827 try {
828 doClientSide();
829 } catch (Exception e) {
830 /*
831 * Our client thread just died.
832 */
833 System.err.println("Client died...");
834 clientException = e;
835 }
836 }
837 };
838 clientThread.start();
839 } else {
840 doClientSide();
841 }
842 }
843
844 // get the ssl context
845 private static SSLContext getSSLContext(String trusedCertStr,
846 String keyCertStr, byte[] modulus,
847 byte[] privateExponent, char[] passphrase) throws Exception {
848
849 // generate certificate from cert string
850 CertificateFactory cf = CertificateFactory.getInstance("X.509");
851
852 ByteArrayInputStream is =
853 new ByteArrayInputStream(trusedCertStr.getBytes());
854 Certificate trusedCert = cf.generateCertificate(is);
855 is.close();
856
857 // create a key store
858 KeyStore ks = KeyStore.getInstance("JKS");
859 ks.load(null, null);
860
861 // import the trused cert
862 ks.setCertificateEntry("RSA Export Signer", trusedCert);
863
864 if (keyCertStr != null) {
865 // generate the private key.
866 RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(
867 new BigInteger(modulus),
868 new BigInteger(privateExponent));
869 KeyFactory kf = KeyFactory.getInstance("RSA");
870 RSAPrivateKey priKey =
871 (RSAPrivateKey)kf.generatePrivate(priKeySpec);
872
873 // generate certificate chain
874 is = new ByteArrayInputStream(keyCertStr.getBytes());
875 Certificate keyCert = cf.generateCertificate(is);
876 is.close();
877
878 Certificate[] chain = new Certificate[2];
879 chain[0] = keyCert;
880 chain[1] = trusedCert;
881
882 // import the key entry.
883 ks.setKeyEntry("Whatever", priKey, passphrase, chain);
884 }
885
886 // create SSL context
887 TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
888 tmf.init(ks);
889
890 SSLContext ctx = SSLContext.getInstance("TLS");
891
892 if (keyCertStr != null) {
893 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
894 kmf.init(ks, passphrase);
895
896 ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
897 } else {
898 ctx.init(null, tmf.getTrustManagers(), null);
899 }
900
901 return ctx;
902 }
903
904 }