1 /*
2 * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /* @test
30 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
31 * @bug 6766775
32 * @run main/othervm IPIdentities
33 * @author Xuelei Fan
34 */
35
36 import java.net.*;
37 import java.util.*;
38 import java.io.*;
39 import javax.net.ssl.*;
40 import java.security.Security;
41 import java.security.KeyStore;
42 import java.security.KeyFactory;
43 import java.security.cert.Certificate;
44 import java.security.cert.CertificateFactory;
45 import java.security.spec.*;
46 import java.security.interfaces.*;
47 import java.math.BigInteger;
48
49 import sun.security.ssl.SSLSocketImpl;
50
51 /*
52 * Certificates and key used in the test.
53 *
54 * TLS server certificate:
55 * server private key:
56 * -----BEGIN RSA PRIVATE KEY-----
57 * Proc-Type: 4,ENCRYPTED
58 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A
59 *
60 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e
61 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI
62 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n
63 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb
64 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP
65 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz
66 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF
67 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J
68 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa
69 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH
70 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT
71 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q
72 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==
73 * -----END RSA PRIVATE KEY-----
74 *
75 * -----BEGIN RSA PRIVATE KEY-----
76 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie
77 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU
78 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB
79 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi
80 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y
81 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo
82 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4
83 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51
84 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16
85 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2
86 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC
87 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF
88 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=
89 * -----END RSA PRIVATE KEY-----
90 *
91 * Private-Key: (1024 bit)
92 * modulus:
93 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
94 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
95 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
96 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
97 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
98 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
99 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
100 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
101 * 30:05:40:2c:4f:ab:d9:74:89
102 * publicExponent: 65537 (0x10001)
103 * privateExponent:
104 * 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:
105 * 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:
106 * e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:
107 * 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:
108 * 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:
109 * 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:
110 * 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:
111 * fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:
112 * 37:6b:37:59:ed:db:6d:b1
113 * prime1:
114 * 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:
115 * ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:
116 * 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:
117 * c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:
118 * d6:11:4c:99:c7
119 * prime2:
120 * 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:
121 * 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:
122 * 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:
123 * 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:
124 * e0:e1:84:ff:2f
125 * exponent1:
126 * 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:
127 * 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:
128 * 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:
129 * 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:
130 * 12:b7:6e:91
131 * exponent2:
132 * 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:
133 * d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:
134 * 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:
135 * 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:
136 * 19:7b:b0:de:53
137 * coefficient:
138 * 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:
139 * cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:
140 * 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:
141 * 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:
142 * 12:d7:eb:4f
143 *
144 *
145 * server certificate:
146 * Data:
147 * Version: 3 (0x2)
148 * Serial Number: 7 (0x7)
149 * Signature Algorithm: md5WithRSAEncryption
150 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
151 * Validity
152 * Not Before: Dec 8 03:27:57 2008 GMT
153 * Not After : Aug 25 03:27:57 2028 GMT
154 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost
155 * Subject Public Key Info:
156 * Public Key Algorithm: rsaEncryption
157 * RSA Public Key: (1024 bit)
158 * Modulus (1024 bit):
159 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
160 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
161 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
162 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
163 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
164 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
165 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
166 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
167 * 30:05:40:2c:4f:ab:d9:74:89
168 * Exponent: 65537 (0x10001)
169 * X509v3 extensions:
170 * X509v3 Basic Constraints:
171 * CA:FALSE
172 * X509v3 Key Usage:
173 * Digital Signature, Non Repudiation, Key Encipherment
174 * X509v3 Subject Key Identifier:
175 * ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54
176 * X509v3 Authority Key Identifier:
177 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
178 *
179 * X509v3 Subject Alternative Name: critical
180 * IP Address:127.0.0.1
181 * Signature Algorithm: md5WithRSAEncryption
182 *
183 * -----BEGIN CERTIFICATE-----
184 * MIICnzCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
185 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
186 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3NTdaFw0yODA4MjUwMzI3NTdaMHIxCzAJ
187 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
188 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD
189 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3
190 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6
191 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS
192 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjbjBsMAkGA1UdEwQCMAAw
193 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV
194 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB
195 * MA0GCSqGSIb3DQEBBAUAA4GBAFJjItCtCBZcjD69wdqfIbKmRFa6eJAjR6LcoDva
196 * cKC/sDOLelpspiZ66Zb0Xdv5qQ7QrfOXt3K8QqJKRMdZLF9WfUfy0gJDM32ub91h
197 * pu+TmcGPs+6RdrAQcuvU1ZDV9X8SMj7BtKaim4d5sqFw1npncKiA5xFn8vOYwdun
198 * nZif
199 * -----END CERTIFICATE-----
200 *
201 *
202 * TLS client certificate:
203 * client private key:
204 * ----BEGIN RSA PRIVATE KEY-----
205 * Proc-Type: 4,ENCRYPTED
206 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390
207 *
208 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4
209 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf
210 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak
211 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH
212 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat
213 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46
214 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++
215 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+
216 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN
217 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U
218 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO
219 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig
220 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=
221 * -----END RSA PRIVATE KEY-----
222 *
223 * -----BEGIN RSA PRIVATE KEY-----
224 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4
225 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z
226 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB
227 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW
228 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf
229 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6
230 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3
231 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX
232 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM
233 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1
234 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j
235 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY
236 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==
237 * -----END RSA PRIVATE KEY-----
238 *
239 * Private-Key: (1024 bit)
240 * modulus:
241 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
242 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
243 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
244 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
245 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
246 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
247 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
248 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
249 * 75:8d:f5:82:ac:43:92:44:1b
250 * publicExponent: 65537 (0x10001)
251 * privateExponent:
252 * 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:
253 * 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:
254 * fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:
255 * b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:
256 * 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:
257 * 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:
258 * 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:
259 * 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:
260 * e5:28:9b:f9:4c:94:c6:b1
261 * prime1:
262 * 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:
263 * 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:
264 * a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:
265 * 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:
266 * e2:a0:4d:ab:b5
267 * prime2:
268 * 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:
269 * 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:
270 * 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:
271 * bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:
272 * 76:7d:ce:32:8f
273 * exponent1:
274 * 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:
275 * 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:
276 * 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:
277 * 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:
278 * 4c:de:38:95
279 * exponent2:
280 * 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:
281 * ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:
282 * 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:
283 * eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:
284 * 0d:78:df:fd
285 * coefficient:
286 * 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:
287 * de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:
288 * aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:
289 * 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:
290 * 35:92:f2:e3
291 *
292 * client certificate:
293 * Data:
294 * Version: 3 (0x2)
295 * Serial Number: 6 (0x6)
296 * Signature Algorithm: md5WithRSAEncryption
297 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
298 * Validity
299 * Not Before: Dec 8 03:27:34 2008 GMT
300 * Not After : Aug 25 03:27:34 2028 GMT
301 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost
302 * Subject Public Key Info:
303 * Public Key Algorithm: rsaEncryption
304 * RSA Public Key: (1024 bit)
305 * Modulus (1024 bit):
306 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
307 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
308 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
309 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
310 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
311 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
312 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
313 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
314 * 75:8d:f5:82:ac:43:92:44:1b
315 * Exponent: 65537 (0x10001)
316 * X509v3 extensions:
317 * X509v3 Basic Constraints:
318 * CA:FALSE
319 * X509v3 Key Usage:
320 * Digital Signature, Non Repudiation, Key Encipherment
321 * X509v3 Subject Key Identifier:
322 * CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6
323 * X509v3 Authority Key Identifier:
324 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
325 *
326 * X509v3 Subject Alternative Name: critical
327 * IP Address:127.0.0.1
328 * Signature Algorithm: md5WithRSAEncryption
329 *
330 * -----BEGIN CERTIFICATE-----
331 * MIICnzCCAgigAwIBAgIBBjANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
332 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
333 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3MzRaFw0yODA4MjUwMzI3MzRaMHIxCzAJ
334 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
335 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD
336 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas
337 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV
338 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq
339 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjbjBsMAkGA1UdEwQCMAAw
340 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV
341 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB
342 * MA0GCSqGSIb3DQEBBAUAA4GBACjj9PS+W6XOF7toFMwMOv/AemZeBOpcEF1Ei1Hx
343 * HjvB6EOHkMY8tFm5OPzkiWiK3+s3awpSW0jWdzMYwrQJ3/klMsPDpI7PEuirqwHP
344 * i5Wyl/vk7jmfWVcBO9MVhPUo4BYl4vS9aj6JA5QbkbkB95LOgT/BowY0WmHeVsXC
345 * I9aw
346 * -----END CERTIFICATE-----
347 *
348 *
349 *
350 * Trusted CA certificate:
351 * Certificate:
352 * Data:
353 * Version: 3 (0x2)
354 * Serial Number: 0 (0x0)
355 * Signature Algorithm: md5WithRSAEncryption
356 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
357 * Validity
358 * Not Before: Dec 8 02:43:36 2008 GMT
359 * Not After : Aug 25 02:43:36 2028 GMT
360 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org
361 * Subject Public Key Info:
362 * Public Key Algorithm: rsaEncryption
363 * RSA Public Key: (1024 bit)
364 * Modulus (1024 bit):
365 * 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:
366 * d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:
367 * 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:
368 * 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:
369 * 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:
370 * 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:
371 * f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:
372 * 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:
373 * 89:2a:95:12:4c:d8:09:2a:e9
374 * Exponent: 65537 (0x10001)
375 * X509v3 extensions:
376 * X509v3 Subject Key Identifier:
377 * FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
378 * X509v3 Authority Key Identifier:
379 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
380 * DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org
381 * serial:00
382 *
383 * X509v3 Basic Constraints:
384 * CA:TRUE
385 * Signature Algorithm: md5WithRSAEncryption
386 *
387 * -----BEGIN CERTIFICATE-----
388 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
389 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
390 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ
391 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
392 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
393 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX
394 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj
395 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G
396 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ
397 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt
398 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw
399 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA
400 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ
401 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P
402 * 6Mvf0r1PNTY2hwTJLJmKtg==
403 * -----END CERTIFICATE---
404 */
405
406
407 public class IPIdentities {
408 static Map cookies;
409 ServerSocket ss;
410
411 /*
412 * =============================================================
413 * Set the various variables needed for the tests, then
414 * specify what tests to run on each side.
415 */
416
417 /*
418 * Should we run the client or server in a separate thread?
419 * Both sides can throw exceptions, but do you have a preference
420 * as to which side should be the main thread.
421 */
422 static boolean separateServerThread = true;
423
424 /*
425 * Where do we find the keystores?
426 */
427 static String trusedCertStr =
428 "-----BEGIN CERTIFICATE-----\n" +
429 "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
430 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
431 "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" +
432 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
433 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +
434 "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" +
435 "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" +
436 "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" +
437 "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" +
438 "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" +
439 "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" +
440 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" +
441 "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" +
442 "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" +
443 "6Mvf0r1PNTY2hwTJLJmKtg==\n" +
444 "-----END CERTIFICATE-----";
445
446 static String serverCertStr =
447 "-----BEGIN CERTIFICATE-----\n" +
448 "MIICnzCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
449 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
450 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3NTdaFw0yODA4MjUwMzI3NTdaMHIxCzAJ\n" +
451 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
452 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" +
453 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" +
454 "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" +
455 "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" +
456 "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjbjBsMAkGA1UdEwQCMAAw\n" +
457 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" +
458 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB\n" +
459 "MA0GCSqGSIb3DQEBBAUAA4GBAFJjItCtCBZcjD69wdqfIbKmRFa6eJAjR6LcoDva\n" +
460 "cKC/sDOLelpspiZ66Zb0Xdv5qQ7QrfOXt3K8QqJKRMdZLF9WfUfy0gJDM32ub91h\n" +
461 "pu+TmcGPs+6RdrAQcuvU1ZDV9X8SMj7BtKaim4d5sqFw1npncKiA5xFn8vOYwdun\n" +
462 "nZif\n" +
463 "-----END CERTIFICATE-----";
464
465 static String clientCertStr =
466 "-----BEGIN CERTIFICATE-----\n" +
467 "MIICnzCCAgigAwIBAgIBBjANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
468 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
469 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3MzRaFw0yODA4MjUwMzI3MzRaMHIxCzAJ\n" +
470 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
471 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" +
472 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" +
473 "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" +
474 "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" +
475 "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjbjBsMAkGA1UdEwQCMAAw\n" +
476 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" +
477 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB\n" +
478 "MA0GCSqGSIb3DQEBBAUAA4GBACjj9PS+W6XOF7toFMwMOv/AemZeBOpcEF1Ei1Hx\n" +
479 "HjvB6EOHkMY8tFm5OPzkiWiK3+s3awpSW0jWdzMYwrQJ3/klMsPDpI7PEuirqwHP\n" +
480 "i5Wyl/vk7jmfWVcBO9MVhPUo4BYl4vS9aj6JA5QbkbkB95LOgT/BowY0WmHeVsXC\n" +
481 "I9aw\n" +
482 "-----END CERTIFICATE-----";
483
484
485 static byte serverPrivateExponent[] = {
486 (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83,
487 (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44,
488 (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89,
489 (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60,
490 (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21,
491 (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc,
492 (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e,
493 (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3,
494 (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54,
495 (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf,
496 (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0,
497 (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9,
498 (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29,
499 (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c,
500 (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9,
501 (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6,
502 (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72,
503 (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4,
504 (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76,
505 (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f,
506 (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5,
507 (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71,
508 (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e,
509 (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4,
510 (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a,
511 (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4,
512 (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a,
513 (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18,
514 (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba,
515 (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3,
516 (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59,
517 (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1
518 };
519
520 static byte serverModulus[] = {
521 (byte)0x00,
522 (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c,
523 (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99,
524 (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79,
525 (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48,
526 (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84,
527 (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c,
528 (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9,
529 (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39,
530 (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72,
531 (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44,
532 (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc,
533 (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6,
534 (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54,
535 (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc,
536 (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f,
537 (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f,
538 (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2,
539 (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88,
540 (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f,
541 (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53,
542 (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33,
543 (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47,
544 (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea,
545 (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75,
546 (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc,
547 (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9,
548 (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2,
549 (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24,
550 (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03,
551 (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30,
552 (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f,
553 (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89
554 };
555
556 static byte clientPrivateExponent[] = {
557 (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36,
558 (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce,
559 (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84,
560 (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25,
561 (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4,
562 (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a,
563 (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19,
564 (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2,
565 (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77,
566 (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84,
567 (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41,
568 (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8,
569 (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71,
570 (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a,
571 (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0,
572 (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6,
573 (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39,
574 (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e,
575 (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a,
576 (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88,
577 (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89,
578 (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d,
579 (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a,
580 (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69,
581 (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37,
582 (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7,
583 (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27,
584 (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8,
585 (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8,
586 (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1,
587 (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9,
588 (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1
589 };
590
591 static byte clientModulus[] = {
592 (byte)0x00,
593 (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36,
594 (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e,
595 (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00,
596 (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f,
597 (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93,
598 (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1,
599 (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8,
600 (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99,
601 (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f,
602 (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24,
603 (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7,
604 (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44,
605 (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2,
606 (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c,
607 (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d,
608 (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a,
609 (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6,
610 (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f,
611 (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97,
612 (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05,
613 (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf,
614 (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3,
615 (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c,
616 (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf,
617 (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56,
618 (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9,
619 (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf,
620 (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab,
621 (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1,
622 (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75,
623 (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac,
624 (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b
625 };
626
627 static char passphrase[] = "passphrase".toCharArray();
628
629 /*
630 * Is the server ready to serve?
631 */
632 volatile static boolean serverReady = false;
633
634 /*
635 * Is the connection ready to close?
636 */
637 volatile static boolean closeReady = false;
638
639 /*
640 * Turn on SSL debugging?
641 */
642 static boolean debug = false;
643
644 private SSLServerSocket sslServerSocket = null;
645
646 /*
647 * Define the server side of the test.
648 *
649 * If the server prematurely exits, serverReady will be set to true
650 * to avoid infinite hangs.
651 */
652 void doServerSide() throws Exception {
653 SSLContext context = getSSLContext(trusedCertStr, serverCertStr,
654 serverModulus, serverPrivateExponent, passphrase);
655 SSLServerSocketFactory sslssf = context.getServerSocketFactory();
656
657 sslServerSocket =
658 (SSLServerSocket) sslssf.createServerSocket(serverPort);
659 serverPort = sslServerSocket.getLocalPort();
660
661 /*
662 * Signal Client, we're ready for his connect.
663 */
664 serverReady = true;
665
666 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
667 sslSocket.setNeedClientAuth(true);
668
669 PrintStream out =
670 new PrintStream(sslSocket.getOutputStream());
671
672 try {
673 // ignore request data
674
675 // send the response
676 out.print("HTTP/1.1 200 OK\r\n");
677 out.print("Content-Type: text/html; charset=iso-8859-1\r\n");
678 out.print("Content-Length: "+ 9 +"\r\n");
679 out.print("\r\n");
680 out.print("Testing\r\n");
681 out.flush();
682 } finally {
683 // close the socket
684 while (!closeReady) {
685 Thread.sleep(50);
686 }
687
688 System.out.println("Server closing socket");
689 sslSocket.close();
690 serverReady = false;
691 }
692
693 }
694
695 /*
696 * Define the client side of the test.
697 *
698 * If the server prematurely exits, serverReady will be set to true
699 * to avoid infinite hangs.
700 */
701 void doClientSide() throws Exception {
702 SSLContext reservedSSLContext = SSLContext.getDefault();
703 try {
704 SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
705 clientModulus, clientPrivateExponent, passphrase);
706 SSLContext.setDefault(context);
707
708 /*
709 * Wait for server to get started.
710 */
711 while (!serverReady) {
712 Thread.sleep(50);
713 }
714
715 HttpsURLConnection http = null;
716
717 /* establish http connection to server */
718 URL url = new URL("https://localhost:" + serverPort+"/");
719 System.out.println("url is "+url.toString());
720
721 try {
722 http = (HttpsURLConnection)url.openConnection();
723
724 int respCode = http.getResponseCode();
725 System.out.println("respCode = "+respCode);
726 } finally {
727 if (http != null) {
728 http.disconnect();
729 }
730 closeReady = true;
731 }
732 } finally {
733 SSLContext.setDefault(reservedSSLContext);
734 }
735 }
736
737 /*
738 * =============================================================
739 * The remainder is just support stuff
740 */
741
742 // use any free port by default
743 volatile int serverPort = 0;
744
745 volatile Exception serverException = null;
746 volatile Exception clientException = null;
747
748 public static void main(String args[]) throws Exception {
749 // MD5 is used in this test case, don't disable MD5 algorithm.
750 Security.setProperty(
751 "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
752
753 if (debug)
754 System.setProperty("javax.net.debug", "all");
755
756 /*
757 * Start the tests.
758 */
759 new IPIdentities();
760 }
761
762 Thread clientThread = null;
763 Thread serverThread = null;
764 /*
765 * Primary constructor, used to drive remainder of the test.
766 *
767 * Fork off the other side, then do your work.
768 */
769 IPIdentities() throws Exception {
770 if (separateServerThread) {
771 startServer(true);
772 startClient(false);
773 } else {
774 startClient(true);
775 startServer(false);
776 }
777
778 /*
779 * Wait for other side to close down.
780 */
781 if (separateServerThread) {
782 serverThread.join();
783 } else {
784 clientThread.join();
785 }
786
787 /*
788 * When we get here, the test is pretty much over.
789 *
790 * If the main thread excepted, that propagates back
791 * immediately. If the other thread threw an exception, we
792 * should report back.
793 */
794 if (serverException != null)
795 throw serverException;
796 if (clientException != null)
797 throw clientException;
798 }
799
800 void startServer(boolean newThread) throws Exception {
801 if (newThread) {
802 serverThread = new Thread() {
803 public void run() {
804 try {
805 doServerSide();
806 } catch (Exception e) {
807 /*
808 * Our server thread just died.
809 *
810 * Release the client, if not active already...
811 */
812 System.err.println("Server died...");
813 serverReady = true;
814 serverException = e;
815 }
816 }
817 };
818 serverThread.start();
819 } else {
820 doServerSide();
821 }
822 }
823
824 void startClient(boolean newThread) throws Exception {
825 if (newThread) {
826 clientThread = new Thread() {
827 public void run() {
828 try {
829 doClientSide();
830 } catch (Exception e) {
831 /*
832 * Our client thread just died.
833 */
834 System.err.println("Client died...");
835 clientException = e;
836 }
837 }
838 };
839 clientThread.start();
840 } else {
841 doClientSide();
842 }
843 }
844
845 // get the ssl context
846 private static SSLContext getSSLContext(String trusedCertStr,
847 String keyCertStr, byte[] modulus,
848 byte[] privateExponent, char[] passphrase) throws Exception {
849
850 // generate certificate from cert string
851 CertificateFactory cf = CertificateFactory.getInstance("X.509");
852
853 ByteArrayInputStream is =
854 new ByteArrayInputStream(trusedCertStr.getBytes());
855 Certificate trusedCert = cf.generateCertificate(is);
856 is.close();
857
858 // create a key store
859 KeyStore ks = KeyStore.getInstance("JKS");
860 ks.load(null, null);
861
862 // import the trused cert
863 ks.setCertificateEntry("RSA Export Signer", trusedCert);
864
865 if (keyCertStr != null) {
866 // generate the private key.
867 RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(
868 new BigInteger(modulus),
869 new BigInteger(privateExponent));
870 KeyFactory kf = KeyFactory.getInstance("RSA");
871 RSAPrivateKey priKey =
872 (RSAPrivateKey)kf.generatePrivate(priKeySpec);
873
874 // generate certificate chain
875 is = new ByteArrayInputStream(keyCertStr.getBytes());
876 Certificate keyCert = cf.generateCertificate(is);
877 is.close();
878
879 Certificate[] chain = new Certificate[2];
880 chain[0] = keyCert;
881 chain[1] = trusedCert;
882
883 // import the key entry.
884 ks.setKeyEntry("Whatever", priKey, passphrase, chain);
885 }
886
887 // create SSL context
888 TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
889 tmf.init(ks);
890
891 SSLContext ctx = SSLContext.getInstance("TLS");
892
893 if (keyCertStr != null) {
894 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
895 kmf.init(ks, passphrase);
896
897 ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
898 } else {
899 ctx.init(null, tmf.getTrustManagers(), null);
900 }
901
902 return ctx;
903 }
904
905 }