1 /* 2 * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // SunJSSE does not support dynamic system properties, no way to re-use 26 // system properties in samevm/agentvm mode. 27 // 28 29 /* @test 30 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 31 * @bug 6766775 32 * @run main/othervm IPIdentities 33 * @author Xuelei Fan 34 */ 35 36 import java.net.*; 37 import java.util.*; 38 import java.io.*; 39 import javax.net.ssl.*; 40 import java.security.Security; 41 import java.security.KeyStore; 42 import java.security.KeyFactory; 43 import java.security.cert.Certificate; 44 import java.security.cert.CertificateFactory; 45 import java.security.spec.*; 46 import java.security.interfaces.*; 47 import java.math.BigInteger; 48 49 import sun.security.ssl.SSLSocketImpl; 50 51 /* 52 * Certificates and key used in the test. 53 * 54 * TLS server certificate: 55 * server private key: 56 * -----BEGIN RSA PRIVATE KEY----- 57 * Proc-Type: 4,ENCRYPTED 58 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A 59 * 60 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e 61 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI 62 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n 63 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb 64 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP 65 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz 66 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF 67 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J 68 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa 69 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH 70 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT 71 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q 72 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A== 73 * -----END RSA PRIVATE KEY----- 74 * 75 * -----BEGIN RSA PRIVATE KEY----- 76 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie 77 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU 78 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB 79 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi 80 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y 81 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo 82 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4 83 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51 84 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16 85 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2 86 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC 87 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF 88 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608= 89 * -----END RSA PRIVATE KEY----- 90 * 91 * Private-Key: (1024 bit) 92 * modulus: 93 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f: 94 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2: 95 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc: 96 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a: 97 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe: 98 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14: 99 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9: 100 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0: 101 * 30:05:40:2c:4f:ab:d9:74:89 102 * publicExponent: 65537 (0x10001) 103 * privateExponent: 104 * 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90: 105 * 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82: 106 * e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62: 107 * 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9: 108 * 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77: 109 * 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09: 110 * 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b: 111 * fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3: 112 * 37:6b:37:59:ed:db:6d:b1 113 * prime1: 114 * 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a: 115 * ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46: 116 * 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33: 117 * c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7: 118 * d6:11:4c:99:c7 119 * prime2: 120 * 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e: 121 * 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7: 122 * 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0: 123 * 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc: 124 * e0:e1:84:ff:2f 125 * exponent1: 126 * 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8: 127 * 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1: 128 * 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c: 129 * 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d: 130 * 12:b7:6e:91 131 * exponent2: 132 * 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50: 133 * d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b: 134 * 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72: 135 * 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4: 136 * 19:7b:b0:de:53 137 * coefficient: 138 * 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35: 139 * cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a: 140 * 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df: 141 * 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21: 142 * 12:d7:eb:4f 143 * 144 * 145 * server certificate: 146 * Data: 147 * Version: 3 (0x2) 148 * Serial Number: 7 (0x7) 149 * Signature Algorithm: md5WithRSAEncryption 150 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 151 * Validity 152 * Not Before: Dec 8 03:27:57 2008 GMT 153 * Not After : Aug 25 03:27:57 2028 GMT 154 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost 155 * Subject Public Key Info: 156 * Public Key Algorithm: rsaEncryption 157 * RSA Public Key: (1024 bit) 158 * Modulus (1024 bit): 159 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f: 160 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2: 161 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc: 162 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a: 163 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe: 164 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14: 165 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9: 166 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0: 167 * 30:05:40:2c:4f:ab:d9:74:89 168 * Exponent: 65537 (0x10001) 169 * X509v3 extensions: 170 * X509v3 Basic Constraints: 171 * CA:FALSE 172 * X509v3 Key Usage: 173 * Digital Signature, Non Repudiation, Key Encipherment 174 * X509v3 Subject Key Identifier: 175 * ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54 176 * X509v3 Authority Key Identifier: 177 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 178 * 179 * X509v3 Subject Alternative Name: critical 180 * IP Address:127.0.0.1 181 * Signature Algorithm: md5WithRSAEncryption 182 * 183 * -----BEGIN CERTIFICATE----- 184 * MIICnzCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 185 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 186 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3NTdaFw0yODA4MjUwMzI3NTdaMHIxCzAJ 187 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 188 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD 189 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3 190 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6 191 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS 192 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjbjBsMAkGA1UdEwQCMAAw 193 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV 194 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB 195 * MA0GCSqGSIb3DQEBBAUAA4GBAFJjItCtCBZcjD69wdqfIbKmRFa6eJAjR6LcoDva 196 * cKC/sDOLelpspiZ66Zb0Xdv5qQ7QrfOXt3K8QqJKRMdZLF9WfUfy0gJDM32ub91h 197 * pu+TmcGPs+6RdrAQcuvU1ZDV9X8SMj7BtKaim4d5sqFw1npncKiA5xFn8vOYwdun 198 * nZif 199 * -----END CERTIFICATE----- 200 * 201 * 202 * TLS client certificate: 203 * client private key: 204 * ----BEGIN RSA PRIVATE KEY----- 205 * Proc-Type: 4,ENCRYPTED 206 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390 207 * 208 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4 209 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf 210 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak 211 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH 212 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat 213 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46 214 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++ 215 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+ 216 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN 217 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U 218 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO 219 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig 220 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ= 221 * -----END RSA PRIVATE KEY----- 222 * 223 * -----BEGIN RSA PRIVATE KEY----- 224 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4 225 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z 226 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB 227 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW 228 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf 229 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6 230 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3 231 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX 232 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM 233 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1 234 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j 235 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY 236 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w== 237 * -----END RSA PRIVATE KEY----- 238 * 239 * Private-Key: (1024 bit) 240 * modulus: 241 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: 242 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: 243 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: 244 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: 245 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: 246 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: 247 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: 248 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: 249 * 75:8d:f5:82:ac:43:92:44:1b 250 * publicExponent: 65537 (0x10001) 251 * privateExponent: 252 * 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b: 253 * 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05: 254 * fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96: 255 * b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0: 256 * 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51: 257 * 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef: 258 * 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94: 259 * 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1: 260 * e5:28:9b:f9:4c:94:c6:b1 261 * prime1: 262 * 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38: 263 * 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f: 264 * a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f: 265 * 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14: 266 * e2:a0:4d:ab:b5 267 * prime2: 268 * 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d: 269 * 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3: 270 * 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4: 271 * bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4: 272 * 76:7d:ce:32:8f 273 * exponent1: 274 * 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f: 275 * 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b: 276 * 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa: 277 * 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2: 278 * 4c:de:38:95 279 * exponent2: 280 * 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3: 281 * ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce: 282 * 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3: 283 * eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b: 284 * 0d:78:df:fd 285 * coefficient: 286 * 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31: 287 * de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18: 288 * aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56: 289 * 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da: 290 * 35:92:f2:e3 291 * 292 * client certificate: 293 * Data: 294 * Version: 3 (0x2) 295 * Serial Number: 6 (0x6) 296 * Signature Algorithm: md5WithRSAEncryption 297 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 298 * Validity 299 * Not Before: Dec 8 03:27:34 2008 GMT 300 * Not After : Aug 25 03:27:34 2028 GMT 301 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost 302 * Subject Public Key Info: 303 * Public Key Algorithm: rsaEncryption 304 * RSA Public Key: (1024 bit) 305 * Modulus (1024 bit): 306 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: 307 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: 308 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: 309 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: 310 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: 311 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: 312 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: 313 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: 314 * 75:8d:f5:82:ac:43:92:44:1b 315 * Exponent: 65537 (0x10001) 316 * X509v3 extensions: 317 * X509v3 Basic Constraints: 318 * CA:FALSE 319 * X509v3 Key Usage: 320 * Digital Signature, Non Repudiation, Key Encipherment 321 * X509v3 Subject Key Identifier: 322 * CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6 323 * X509v3 Authority Key Identifier: 324 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 325 * 326 * X509v3 Subject Alternative Name: critical 327 * IP Address:127.0.0.1 328 * Signature Algorithm: md5WithRSAEncryption 329 * 330 * -----BEGIN CERTIFICATE----- 331 * MIICnzCCAgigAwIBAgIBBjANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 332 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 333 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3MzRaFw0yODA4MjUwMzI3MzRaMHIxCzAJ 334 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 335 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD 336 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas 337 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV 338 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq 339 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjbjBsMAkGA1UdEwQCMAAw 340 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV 341 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB 342 * MA0GCSqGSIb3DQEBBAUAA4GBACjj9PS+W6XOF7toFMwMOv/AemZeBOpcEF1Ei1Hx 343 * HjvB6EOHkMY8tFm5OPzkiWiK3+s3awpSW0jWdzMYwrQJ3/klMsPDpI7PEuirqwHP 344 * i5Wyl/vk7jmfWVcBO9MVhPUo4BYl4vS9aj6JA5QbkbkB95LOgT/BowY0WmHeVsXC 345 * I9aw 346 * -----END CERTIFICATE----- 347 * 348 * 349 * 350 * Trusted CA certificate: 351 * Certificate: 352 * Data: 353 * Version: 3 (0x2) 354 * Serial Number: 0 (0x0) 355 * Signature Algorithm: md5WithRSAEncryption 356 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 357 * Validity 358 * Not Before: Dec 8 02:43:36 2008 GMT 359 * Not After : Aug 25 02:43:36 2028 GMT 360 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org 361 * Subject Public Key Info: 362 * Public Key Algorithm: rsaEncryption 363 * RSA Public Key: (1024 bit) 364 * Modulus (1024 bit): 365 * 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d: 366 * d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53: 367 * 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9: 368 * 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f: 369 * 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7: 370 * 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee: 371 * f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee: 372 * 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97: 373 * 89:2a:95:12:4c:d8:09:2a:e9 374 * Exponent: 65537 (0x10001) 375 * X509v3 extensions: 376 * X509v3 Subject Key Identifier: 377 * FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 378 * X509v3 Authority Key Identifier: 379 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 380 * DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org 381 * serial:00 382 * 383 * X509v3 Basic Constraints: 384 * CA:TRUE 385 * Signature Algorithm: md5WithRSAEncryption 386 * 387 * -----BEGIN CERTIFICATE----- 388 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 389 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 390 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ 391 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 392 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 393 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX 394 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj 395 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G 396 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ 397 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt 398 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw 399 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA 400 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ 401 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P 402 * 6Mvf0r1PNTY2hwTJLJmKtg== 403 * -----END CERTIFICATE--- 404 */ 405 406 407 public class IPIdentities { 408 static Map cookies; 409 ServerSocket ss; 410 411 /* 412 * ============================================================= 413 * Set the various variables needed for the tests, then 414 * specify what tests to run on each side. 415 */ 416 417 /* 418 * Should we run the client or server in a separate thread? 419 * Both sides can throw exceptions, but do you have a preference 420 * as to which side should be the main thread. 421 */ 422 static boolean separateServerThread = true; 423 424 /* 425 * Where do we find the keystores? 426 */ 427 static String trusedCertStr = 428 "-----BEGIN CERTIFICATE-----\n" + 429 "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 430 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 431 "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" + 432 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 433 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + 434 "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" + 435 "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" + 436 "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" + 437 "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" + 438 "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" + 439 "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" + 440 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" + 441 "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" + 442 "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" + 443 "6Mvf0r1PNTY2hwTJLJmKtg==\n" + 444 "-----END CERTIFICATE-----"; 445 446 static String serverCertStr = 447 "-----BEGIN CERTIFICATE-----\n" + 448 "MIICnzCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 449 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 450 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3NTdaFw0yODA4MjUwMzI3NTdaMHIxCzAJ\n" + 451 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 452 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" + 453 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" + 454 "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" + 455 "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" + 456 "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjbjBsMAkGA1UdEwQCMAAw\n" + 457 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" + 458 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB\n" + 459 "MA0GCSqGSIb3DQEBBAUAA4GBAFJjItCtCBZcjD69wdqfIbKmRFa6eJAjR6LcoDva\n" + 460 "cKC/sDOLelpspiZ66Zb0Xdv5qQ7QrfOXt3K8QqJKRMdZLF9WfUfy0gJDM32ub91h\n" + 461 "pu+TmcGPs+6RdrAQcuvU1ZDV9X8SMj7BtKaim4d5sqFw1npncKiA5xFn8vOYwdun\n" + 462 "nZif\n" + 463 "-----END CERTIFICATE-----"; 464 465 static String clientCertStr = 466 "-----BEGIN CERTIFICATE-----\n" + 467 "MIICnzCCAgigAwIBAgIBBjANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 468 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 469 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3MzRaFw0yODA4MjUwMzI3MzRaMHIxCzAJ\n" + 470 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 471 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" + 472 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" + 473 "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" + 474 "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" + 475 "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjbjBsMAkGA1UdEwQCMAAw\n" + 476 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" + 477 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB\n" + 478 "MA0GCSqGSIb3DQEBBAUAA4GBACjj9PS+W6XOF7toFMwMOv/AemZeBOpcEF1Ei1Hx\n" + 479 "HjvB6EOHkMY8tFm5OPzkiWiK3+s3awpSW0jWdzMYwrQJ3/klMsPDpI7PEuirqwHP\n" + 480 "i5Wyl/vk7jmfWVcBO9MVhPUo4BYl4vS9aj6JA5QbkbkB95LOgT/BowY0WmHeVsXC\n" + 481 "I9aw\n" + 482 "-----END CERTIFICATE-----"; 483 484 485 static byte serverPrivateExponent[] = { 486 (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83, 487 (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44, 488 (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89, 489 (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60, 490 (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21, 491 (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc, 492 (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e, 493 (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3, 494 (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54, 495 (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf, 496 (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0, 497 (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9, 498 (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29, 499 (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c, 500 (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9, 501 (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6, 502 (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72, 503 (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4, 504 (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76, 505 (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f, 506 (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5, 507 (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71, 508 (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e, 509 (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4, 510 (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a, 511 (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4, 512 (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a, 513 (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18, 514 (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba, 515 (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3, 516 (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59, 517 (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1 518 }; 519 520 static byte serverModulus[] = { 521 (byte)0x00, 522 (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c, 523 (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99, 524 (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79, 525 (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48, 526 (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84, 527 (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c, 528 (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9, 529 (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39, 530 (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72, 531 (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44, 532 (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc, 533 (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6, 534 (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54, 535 (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc, 536 (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f, 537 (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f, 538 (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2, 539 (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88, 540 (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f, 541 (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53, 542 (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33, 543 (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47, 544 (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea, 545 (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75, 546 (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc, 547 (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9, 548 (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2, 549 (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24, 550 (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03, 551 (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30, 552 (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f, 553 (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89 554 }; 555 556 static byte clientPrivateExponent[] = { 557 (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36, 558 (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce, 559 (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84, 560 (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25, 561 (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4, 562 (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a, 563 (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19, 564 (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2, 565 (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77, 566 (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84, 567 (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41, 568 (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8, 569 (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71, 570 (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a, 571 (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0, 572 (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6, 573 (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39, 574 (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e, 575 (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a, 576 (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88, 577 (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89, 578 (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d, 579 (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a, 580 (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69, 581 (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37, 582 (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7, 583 (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27, 584 (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8, 585 (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8, 586 (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1, 587 (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9, 588 (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1 589 }; 590 591 static byte clientModulus[] = { 592 (byte)0x00, 593 (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36, 594 (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e, 595 (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00, 596 (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f, 597 (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93, 598 (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1, 599 (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8, 600 (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99, 601 (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f, 602 (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24, 603 (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7, 604 (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44, 605 (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2, 606 (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c, 607 (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d, 608 (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a, 609 (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6, 610 (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f, 611 (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97, 612 (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05, 613 (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf, 614 (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3, 615 (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c, 616 (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf, 617 (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56, 618 (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9, 619 (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf, 620 (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab, 621 (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1, 622 (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75, 623 (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac, 624 (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b 625 }; 626 627 static char passphrase[] = "passphrase".toCharArray(); 628 629 /* 630 * Is the server ready to serve? 631 */ 632 volatile static boolean serverReady = false; 633 634 /* 635 * Is the connection ready to close? 636 */ 637 volatile static boolean closeReady = false; 638 639 /* 640 * Turn on SSL debugging? 641 */ 642 static boolean debug = false; 643 644 private SSLServerSocket sslServerSocket = null; 645 646 /* 647 * Define the server side of the test. 648 * 649 * If the server prematurely exits, serverReady will be set to true 650 * to avoid infinite hangs. 651 */ 652 void doServerSide() throws Exception { 653 SSLContext context = getSSLContext(trusedCertStr, serverCertStr, 654 serverModulus, serverPrivateExponent, passphrase); 655 SSLServerSocketFactory sslssf = context.getServerSocketFactory(); 656 657 sslServerSocket = 658 (SSLServerSocket) sslssf.createServerSocket(serverPort); 659 serverPort = sslServerSocket.getLocalPort(); 660 661 /* 662 * Signal Client, we're ready for his connect. 663 */ 664 serverReady = true; 665 666 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); 667 sslSocket.setNeedClientAuth(true); 668 669 PrintStream out = 670 new PrintStream(sslSocket.getOutputStream()); 671 672 try { 673 // ignore request data 674 675 // send the response 676 out.print("HTTP/1.1 200 OK\r\n"); 677 out.print("Content-Type: text/html; charset=iso-8859-1\r\n"); 678 out.print("Content-Length: "+ 9 +"\r\n"); 679 out.print("\r\n"); 680 out.print("Testing\r\n"); 681 out.flush(); 682 } finally { 683 // close the socket 684 while (!closeReady) { 685 Thread.sleep(50); 686 } 687 688 System.out.println("Server closing socket"); 689 sslSocket.close(); 690 serverReady = false; 691 } 692 693 } 694 695 /* 696 * Define the client side of the test. 697 * 698 * If the server prematurely exits, serverReady will be set to true 699 * to avoid infinite hangs. 700 */ 701 void doClientSide() throws Exception { 702 SSLContext reservedSSLContext = SSLContext.getDefault(); 703 try { 704 SSLContext context = getSSLContext(trusedCertStr, clientCertStr, 705 clientModulus, clientPrivateExponent, passphrase); 706 SSLContext.setDefault(context); 707 708 /* 709 * Wait for server to get started. 710 */ 711 while (!serverReady) { 712 Thread.sleep(50); 713 } 714 715 HttpsURLConnection http = null; 716 717 /* establish http connection to server */ 718 URL url = new URL("https://localhost:" + serverPort+"/"); 719 System.out.println("url is "+url.toString()); 720 721 try { 722 http = (HttpsURLConnection)url.openConnection(); 723 724 int respCode = http.getResponseCode(); 725 System.out.println("respCode = "+respCode); 726 } finally { 727 if (http != null) { 728 http.disconnect(); 729 } 730 closeReady = true; 731 } 732 } finally { 733 SSLContext.setDefault(reservedSSLContext); 734 } 735 } 736 737 /* 738 * ============================================================= 739 * The remainder is just support stuff 740 */ 741 742 // use any free port by default 743 volatile int serverPort = 0; 744 745 volatile Exception serverException = null; 746 volatile Exception clientException = null; 747 748 public static void main(String args[]) throws Exception { 749 // MD5 is used in this test case, don't disable MD5 algorithm. 750 Security.setProperty( 751 "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); 752 753 if (debug) 754 System.setProperty("javax.net.debug", "all"); 755 756 /* 757 * Start the tests. 758 */ 759 new IPIdentities(); 760 } 761 762 Thread clientThread = null; 763 Thread serverThread = null; 764 /* 765 * Primary constructor, used to drive remainder of the test. 766 * 767 * Fork off the other side, then do your work. 768 */ 769 IPIdentities() throws Exception { 770 if (separateServerThread) { 771 startServer(true); 772 startClient(false); 773 } else { 774 startClient(true); 775 startServer(false); 776 } 777 778 /* 779 * Wait for other side to close down. 780 */ 781 if (separateServerThread) { 782 serverThread.join(); 783 } else { 784 clientThread.join(); 785 } 786 787 /* 788 * When we get here, the test is pretty much over. 789 * 790 * If the main thread excepted, that propagates back 791 * immediately. If the other thread threw an exception, we 792 * should report back. 793 */ 794 if (serverException != null) 795 throw serverException; 796 if (clientException != null) 797 throw clientException; 798 } 799 800 void startServer(boolean newThread) throws Exception { 801 if (newThread) { 802 serverThread = new Thread() { 803 public void run() { 804 try { 805 doServerSide(); 806 } catch (Exception e) { 807 /* 808 * Our server thread just died. 809 * 810 * Release the client, if not active already... 811 */ 812 System.err.println("Server died..."); 813 serverReady = true; 814 serverException = e; 815 } 816 } 817 }; 818 serverThread.start(); 819 } else { 820 doServerSide(); 821 } 822 } 823 824 void startClient(boolean newThread) throws Exception { 825 if (newThread) { 826 clientThread = new Thread() { 827 public void run() { 828 try { 829 doClientSide(); 830 } catch (Exception e) { 831 /* 832 * Our client thread just died. 833 */ 834 System.err.println("Client died..."); 835 clientException = e; 836 } 837 } 838 }; 839 clientThread.start(); 840 } else { 841 doClientSide(); 842 } 843 } 844 845 // get the ssl context 846 private static SSLContext getSSLContext(String trusedCertStr, 847 String keyCertStr, byte[] modulus, 848 byte[] privateExponent, char[] passphrase) throws Exception { 849 850 // generate certificate from cert string 851 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 852 853 ByteArrayInputStream is = 854 new ByteArrayInputStream(trusedCertStr.getBytes()); 855 Certificate trusedCert = cf.generateCertificate(is); 856 is.close(); 857 858 // create a key store 859 KeyStore ks = KeyStore.getInstance("JKS"); 860 ks.load(null, null); 861 862 // import the trused cert 863 ks.setCertificateEntry("RSA Export Signer", trusedCert); 864 865 if (keyCertStr != null) { 866 // generate the private key. 867 RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec( 868 new BigInteger(modulus), 869 new BigInteger(privateExponent)); 870 KeyFactory kf = KeyFactory.getInstance("RSA"); 871 RSAPrivateKey priKey = 872 (RSAPrivateKey)kf.generatePrivate(priKeySpec); 873 874 // generate certificate chain 875 is = new ByteArrayInputStream(keyCertStr.getBytes()); 876 Certificate keyCert = cf.generateCertificate(is); 877 is.close(); 878 879 Certificate[] chain = new Certificate[2]; 880 chain[0] = keyCert; 881 chain[1] = trusedCert; 882 883 // import the key entry. 884 ks.setKeyEntry("Whatever", priKey, passphrase, chain); 885 } 886 887 // create SSL context 888 TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); 889 tmf.init(ks); 890 891 SSLContext ctx = SSLContext.getInstance("TLS"); 892 893 if (keyCertStr != null) { 894 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); 895 kmf.init(ks, passphrase); 896 897 ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 898 } else { 899 ctx.init(null, tmf.getTrustManagers(), null); 900 } 901 902 return ctx; 903 } 904 905 }