1 /* 2 * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // SunJSSE does not support dynamic system properties, no way to re-use 26 // system properties in samevm/agentvm mode. 27 // 28 29 /* @test 30 * @bug 6766775 31 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 32 * @run main/othervm Identities 33 * @author Xuelei Fan 34 */ 35 36 import java.net.*; 37 import java.util.*; 38 import java.io.*; 39 import javax.net.ssl.*; 40 import java.security.Security; 41 import java.security.KeyStore; 42 import java.security.KeyFactory; 43 import java.security.cert.Certificate; 44 import java.security.cert.CertificateFactory; 45 import java.security.spec.*; 46 import java.security.interfaces.*; 47 import java.math.BigInteger; 48 49 import sun.security.ssl.SSLSocketImpl; 50 51 /* 52 * Certificates and key used in the test. 53 * 54 * TLS server certificate: 55 * server private key: 56 * -----BEGIN RSA PRIVATE KEY----- 57 * Proc-Type: 4,ENCRYPTED 58 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A 59 * 60 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e 61 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI 62 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n 63 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb 64 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP 65 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz 66 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF 67 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J 68 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa 69 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH 70 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT 71 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q 72 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A== 73 * -----END RSA PRIVATE KEY----- 74 * 75 * -----BEGIN RSA PRIVATE KEY----- 76 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie 77 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU 78 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB 79 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi 80 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y 81 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo 82 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4 83 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51 84 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16 85 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2 86 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC 87 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF 88 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608= 89 * -----END RSA PRIVATE KEY----- 90 * 91 * Private-Key: (1024 bit) 92 * modulus: 93 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f: 94 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2: 95 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc: 96 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a: 97 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe: 98 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14: 99 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9: 100 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0: 101 * 30:05:40:2c:4f:ab:d9:74:89 102 * publicExponent: 65537 (0x10001) 103 * privateExponent: 104 * 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90: 105 * 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82: 106 * e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62: 107 * 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9: 108 * 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77: 109 * 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09: 110 * 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b: 111 * fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3: 112 * 37:6b:37:59:ed:db:6d:b1 113 * prime1: 114 * 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a: 115 * ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46: 116 * 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33: 117 * c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7: 118 * d6:11:4c:99:c7 119 * prime2: 120 * 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e: 121 * 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7: 122 * 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0: 123 * 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc: 124 * e0:e1:84:ff:2f 125 * exponent1: 126 * 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8: 127 * 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1: 128 * 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c: 129 * 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d: 130 * 12:b7:6e:91 131 * exponent2: 132 * 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50: 133 * d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b: 134 * 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72: 135 * 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4: 136 * 19:7b:b0:de:53 137 * coefficient: 138 * 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35: 139 * cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a: 140 * 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df: 141 * 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21: 142 * 12:d7:eb:4f 143 * 144 * 145 * server certificate: 146 * Data: 147 * Version: 3 (0x2) 148 * Serial Number: 4 (0x4) 149 * Signature Algorithm: md5WithRSAEncryption 150 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 151 * Validity 152 * Not Before: Dec 8 03:21:16 2008 GMT 153 * Not After : Aug 25 03:21:16 2028 GMT 154 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost 155 * Subject Public Key Info: 156 * Public Key Algorithm: rsaEncryption 157 * RSA Public Key: (1024 bit) 158 * Modulus (1024 bit): 159 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f: 160 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2: 161 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc: 162 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a: 163 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe: 164 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14: 165 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9: 166 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0: 167 * 30:05:40:2c:4f:ab:d9:74:89 168 * Exponent: 65537 (0x10001) 169 * X509v3 extensions: 170 * X509v3 Basic Constraints: 171 * CA:FALSE 172 * X509v3 Key Usage: 173 * Digital Signature, Non Repudiation, Key Encipherment 174 * X509v3 Subject Key Identifier: 175 * ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54 176 * X509v3 Authority Key Identifier: 177 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 178 * 179 * X509v3 Subject Alternative Name: critical 180 * IP Address:127.0.0.1, DNS:localhost 181 * Signature Algorithm: md5WithRSAEncryption 182 * 183 * -----BEGIN CERTIFICATE----- 184 * MIICqjCCAhOgAwIBAgIBBDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 185 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 186 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzIxMTZaFw0yODA4MjUwMzIxMTZaMHIxCzAJ 187 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 188 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD 189 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3 190 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6 191 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS 192 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjeTB3MAkGA1UdEwQCMAAw 193 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV 194 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB 195 * gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAWTrftGaL73lKLgRTrChGR+F6 196 * //qvs0OM94IOKVeHz36NO49cMJmhJSbKdiGIkppBgpLIBoWxZlN9NOO9oSXFYZsZ 197 * rHaAe9/lWMtQM7XpjqjhWVhB5VPvWFbkorQFMtRYLf7pkonGPFq8GOO1s0TKhogC 198 * jtYCdzlrU4v+om/J3H8= 199 * -----END CERTIFICATE----- 200 * 201 * 202 * TLS client certificate: 203 * client private key: 204 * ----BEGIN RSA PRIVATE KEY----- 205 * Proc-Type: 4,ENCRYPTED 206 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390 207 * 208 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4 209 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf 210 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak 211 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH 212 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat 213 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46 214 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++ 215 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+ 216 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN 217 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U 218 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO 219 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig 220 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ= 221 * -----END RSA PRIVATE KEY----- 222 * 223 * -----BEGIN RSA PRIVATE KEY----- 224 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4 225 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z 226 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB 227 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW 228 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf 229 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6 230 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3 231 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX 232 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM 233 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1 234 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j 235 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY 236 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w== 237 * -----END RSA PRIVATE KEY----- 238 * 239 * Private-Key: (1024 bit) 240 * modulus: 241 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: 242 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: 243 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: 244 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: 245 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: 246 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: 247 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: 248 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: 249 * 75:8d:f5:82:ac:43:92:44:1b 250 * publicExponent: 65537 (0x10001) 251 * privateExponent: 252 * 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b: 253 * 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05: 254 * fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96: 255 * b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0: 256 * 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51: 257 * 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef: 258 * 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94: 259 * 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1: 260 * e5:28:9b:f9:4c:94:c6:b1 261 * prime1: 262 * 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38: 263 * 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f: 264 * a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f: 265 * 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14: 266 * e2:a0:4d:ab:b5 267 * prime2: 268 * 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d: 269 * 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3: 270 * 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4: 271 * bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4: 272 * 76:7d:ce:32:8f 273 * exponent1: 274 * 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f: 275 * 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b: 276 * 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa: 277 * 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2: 278 * 4c:de:38:95 279 * exponent2: 280 * 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3: 281 * ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce: 282 * 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3: 283 * eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b: 284 * 0d:78:df:fd 285 * coefficient: 286 * 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31: 287 * de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18: 288 * aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56: 289 * 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da: 290 * 35:92:f2:e3 291 * 292 * client certificate: 293 * Data: 294 * Version: 3 (0x2) 295 * Serial Number: 5 (0x5) 296 * Signature Algorithm: md5WithRSAEncryption 297 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 298 * Validity 299 * Not Before: Dec 8 03:22:10 2008 GMT 300 * Not After : Aug 25 03:22:10 2028 GMT 301 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost 302 * Subject Public Key Info: 303 * Public Key Algorithm: rsaEncryption 304 * RSA Public Key: (1024 bit) 305 * Modulus (1024 bit): 306 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: 307 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: 308 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: 309 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: 310 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: 311 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: 312 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: 313 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: 314 * 75:8d:f5:82:ac:43:92:44:1b 315 * Exponent: 65537 (0x10001) 316 * X509v3 extensions: 317 * X509v3 Basic Constraints: 318 * CA:FALSE 319 * X509v3 Key Usage: 320 * Digital Signature, Non Repudiation, Key Encipherment 321 * X509v3 Subject Key Identifier: 322 * CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6 323 * X509v3 Authority Key Identifier: 324 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 325 * 326 * X509v3 Subject Alternative Name: critical 327 * IP Address:127.0.0.1, DNS:localhost 328 * Signature Algorithm: md5WithRSAEncryption 329 * 330 * -----BEGIN CERTIFICATE----- 331 * MIICqjCCAhOgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 332 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 333 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzIyMTBaFw0yODA4MjUwMzIyMTBaMHIxCzAJ 334 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 335 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD 336 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas 337 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV 338 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq 339 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjeTB3MAkGA1UdEwQCMAAw 340 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV 341 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB 342 * gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAwDc4f13abs9ZeEkrl5WV2Z74 343 * BlmBhXu8ExtAvoF9q6Ug6xV1MDpxbD124KfUHHL0kNMhMB1WIpC0kOnQBxziNpfS 344 * 7u6GOc3tWLSxw/sHoJGCefnRBllLZOoQuSBrWB8qgilL6HRmZ4UqDcXu4UCaLBZ0 345 * KGDT5ASEN6Lq2GtiP4Y= 346 * -----END CERTIFICATE----- 347 * 348 * 349 * 350 * Trusted CA certificate: 351 * Certificate: 352 * Data: 353 * Version: 3 (0x2) 354 * Serial Number: 0 (0x0) 355 * Signature Algorithm: md5WithRSAEncryption 356 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 357 * Validity 358 * Not Before: Dec 8 02:43:36 2008 GMT 359 * Not After : Aug 25 02:43:36 2028 GMT 360 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org 361 * Subject Public Key Info: 362 * Public Key Algorithm: rsaEncryption 363 * RSA Public Key: (1024 bit) 364 * Modulus (1024 bit): 365 * 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d: 366 * d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53: 367 * 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9: 368 * 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f: 369 * 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7: 370 * 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee: 371 * f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee: 372 * 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97: 373 * 89:2a:95:12:4c:d8:09:2a:e9 374 * Exponent: 65537 (0x10001) 375 * X509v3 extensions: 376 * X509v3 Subject Key Identifier: 377 * FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 378 * X509v3 Authority Key Identifier: 379 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 380 * DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org 381 * serial:00 382 * 383 * X509v3 Basic Constraints: 384 * CA:TRUE 385 * Signature Algorithm: md5WithRSAEncryption 386 * 387 * -----BEGIN CERTIFICATE----- 388 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 389 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 390 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ 391 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 392 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 393 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX 394 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj 395 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G 396 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ 397 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt 398 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw 399 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA 400 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ 401 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P 402 * 6Mvf0r1PNTY2hwTJLJmKtg== 403 * -----END CERTIFICATE--- 404 */ 405 406 407 public class Identities { 408 static Map cookies; 409 ServerSocket ss; 410 411 /* 412 * ============================================================= 413 * Set the various variables needed for the tests, then 414 * specify what tests to run on each side. 415 */ 416 417 /* 418 * Should we run the client or server in a separate thread? 419 * Both sides can throw exceptions, but do you have a preference 420 * as to which side should be the main thread. 421 */ 422 static boolean separateServerThread = true; 423 424 /* 425 * Where do we find the keystores? 426 */ 427 static String trusedCertStr = 428 "-----BEGIN CERTIFICATE-----\n" + 429 "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 430 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 431 "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" + 432 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 433 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + 434 "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" + 435 "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" + 436 "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" + 437 "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" + 438 "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" + 439 "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" + 440 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" + 441 "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" + 442 "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" + 443 "6Mvf0r1PNTY2hwTJLJmKtg==\n" + 444 "-----END CERTIFICATE-----"; 445 446 static String serverCertStr = 447 "-----BEGIN CERTIFICATE-----\n" + 448 "MIICqjCCAhOgAwIBAgIBBDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 449 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 450 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzIxMTZaFw0yODA4MjUwMzIxMTZaMHIxCzAJ\n" + 451 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 452 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" + 453 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" + 454 "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" + 455 "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" + 456 "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjeTB3MAkGA1UdEwQCMAAw\n" + 457 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" + 458 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB\n" + 459 "gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAWTrftGaL73lKLgRTrChGR+F6\n" + 460 "//qvs0OM94IOKVeHz36NO49cMJmhJSbKdiGIkppBgpLIBoWxZlN9NOO9oSXFYZsZ\n" + 461 "rHaAe9/lWMtQM7XpjqjhWVhB5VPvWFbkorQFMtRYLf7pkonGPFq8GOO1s0TKhogC\n" + 462 "jtYCdzlrU4v+om/J3H8=\n" + 463 "-----END CERTIFICATE-----"; 464 465 static String clientCertStr = 466 "-----BEGIN CERTIFICATE-----\n" + 467 "MIICqjCCAhOgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 468 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 469 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzIyMTBaFw0yODA4MjUwMzIyMTBaMHIxCzAJ\n" + 470 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 471 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" + 472 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" + 473 "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" + 474 "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" + 475 "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjeTB3MAkGA1UdEwQCMAAw\n" + 476 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" + 477 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB\n" + 478 "gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAwDc4f13abs9ZeEkrl5WV2Z74\n" + 479 "BlmBhXu8ExtAvoF9q6Ug6xV1MDpxbD124KfUHHL0kNMhMB1WIpC0kOnQBxziNpfS\n" + 480 "7u6GOc3tWLSxw/sHoJGCefnRBllLZOoQuSBrWB8qgilL6HRmZ4UqDcXu4UCaLBZ0\n" + 481 "KGDT5ASEN6Lq2GtiP4Y=\n" + 482 "-----END CERTIFICATE-----"; 483 484 static byte serverPrivateExponent[] = { 485 (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83, 486 (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44, 487 (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89, 488 (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60, 489 (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21, 490 (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc, 491 (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e, 492 (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3, 493 (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54, 494 (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf, 495 (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0, 496 (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9, 497 (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29, 498 (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c, 499 (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9, 500 (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6, 501 (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72, 502 (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4, 503 (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76, 504 (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f, 505 (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5, 506 (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71, 507 (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e, 508 (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4, 509 (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a, 510 (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4, 511 (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a, 512 (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18, 513 (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba, 514 (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3, 515 (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59, 516 (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1 517 }; 518 519 static byte serverModulus[] = { 520 (byte)0x00, 521 (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c, 522 (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99, 523 (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79, 524 (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48, 525 (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84, 526 (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c, 527 (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9, 528 (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39, 529 (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72, 530 (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44, 531 (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc, 532 (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6, 533 (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54, 534 (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc, 535 (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f, 536 (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f, 537 (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2, 538 (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88, 539 (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f, 540 (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53, 541 (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33, 542 (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47, 543 (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea, 544 (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75, 545 (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc, 546 (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9, 547 (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2, 548 (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24, 549 (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03, 550 (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30, 551 (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f, 552 (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89 553 }; 554 555 static byte clientPrivateExponent[] = { 556 (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36, 557 (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce, 558 (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84, 559 (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25, 560 (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4, 561 (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a, 562 (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19, 563 (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2, 564 (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77, 565 (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84, 566 (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41, 567 (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8, 568 (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71, 569 (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a, 570 (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0, 571 (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6, 572 (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39, 573 (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e, 574 (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a, 575 (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88, 576 (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89, 577 (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d, 578 (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a, 579 (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69, 580 (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37, 581 (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7, 582 (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27, 583 (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8, 584 (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8, 585 (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1, 586 (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9, 587 (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1 588 }; 589 590 static byte clientModulus[] = { 591 (byte)0x00, 592 (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36, 593 (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e, 594 (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00, 595 (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f, 596 (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93, 597 (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1, 598 (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8, 599 (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99, 600 (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f, 601 (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24, 602 (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7, 603 (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44, 604 (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2, 605 (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c, 606 (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d, 607 (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a, 608 (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6, 609 (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f, 610 (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97, 611 (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05, 612 (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf, 613 (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3, 614 (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c, 615 (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf, 616 (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56, 617 (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9, 618 (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf, 619 (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab, 620 (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1, 621 (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75, 622 (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac, 623 (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b 624 }; 625 626 static char passphrase[] = "passphrase".toCharArray(); 627 628 /* 629 * Is the server ready to serve? 630 */ 631 volatile static boolean serverReady = false; 632 633 /* 634 * Is the connection ready to close? 635 */ 636 volatile static boolean closeReady = false; 637 638 /* 639 * Turn on SSL debugging? 640 */ 641 static boolean debug = false; 642 643 private SSLServerSocket sslServerSocket = null; 644 645 /* 646 * Define the server side of the test. 647 * 648 * If the server prematurely exits, serverReady will be set to true 649 * to avoid infinite hangs. 650 */ 651 void doServerSide() throws Exception { 652 SSLContext context = getSSLContext(trusedCertStr, serverCertStr, 653 serverModulus, serverPrivateExponent, passphrase); 654 SSLServerSocketFactory sslssf = context.getServerSocketFactory(); 655 656 sslServerSocket = 657 (SSLServerSocket) sslssf.createServerSocket(serverPort); 658 serverPort = sslServerSocket.getLocalPort(); 659 660 /* 661 * Signal Client, we're ready for his connect. 662 */ 663 serverReady = true; 664 665 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); 666 sslSocket.setNeedClientAuth(true); 667 668 PrintStream out = 669 new PrintStream(sslSocket.getOutputStream()); 670 671 try { 672 // ignore request data 673 674 // send the response 675 out.print("HTTP/1.1 200 OK\r\n"); 676 out.print("Content-Type: text/html; charset=iso-8859-1\r\n"); 677 out.print("Content-Length: "+ 9 +"\r\n"); 678 out.print("\r\n"); 679 out.print("Testing\r\n"); 680 out.flush(); 681 } finally { 682 // close the socket 683 while (!closeReady) { 684 Thread.sleep(50); 685 } 686 687 System.out.println("Server closing socket"); 688 sslSocket.close(); 689 serverReady = false; 690 } 691 692 } 693 694 /* 695 * Define the client side of the test. 696 * 697 * If the server prematurely exits, serverReady will be set to true 698 * to avoid infinite hangs. 699 */ 700 void doClientSide() throws Exception { 701 SSLContext reservedSSLContext = SSLContext.getDefault(); 702 try { 703 SSLContext context = getSSLContext(trusedCertStr, clientCertStr, 704 clientModulus, clientPrivateExponent, passphrase); 705 706 SSLContext.setDefault(context); 707 708 /* 709 * Wait for server to get started. 710 */ 711 while (!serverReady) { 712 Thread.sleep(50); 713 } 714 715 HttpsURLConnection http = null; 716 717 /* establish http connection to server */ 718 URL url = new URL("https://localhost:" + serverPort+"/"); 719 System.out.println("url is "+url.toString()); 720 721 try { 722 http = (HttpsURLConnection)url.openConnection(); 723 724 int respCode = http.getResponseCode(); 725 System.out.println("respCode = "+respCode); 726 } finally { 727 if (http != null) { 728 http.disconnect(); 729 } 730 closeReady = true; 731 } 732 } finally { 733 SSLContext.setDefault(reservedSSLContext); 734 } 735 } 736 737 /* 738 * ============================================================= 739 * The remainder is just support stuff 740 */ 741 742 // use any free port by default 743 volatile int serverPort = 0; 744 745 volatile Exception serverException = null; 746 volatile Exception clientException = null; 747 748 public static void main(String args[]) throws Exception { 749 // MD5 is used in this test case, don't disable MD5 algorithm. 750 Security.setProperty( 751 "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); 752 753 if (debug) 754 System.setProperty("javax.net.debug", "all"); 755 756 /* 757 * Start the tests. 758 */ 759 new Identities(); 760 } 761 762 Thread clientThread = null; 763 Thread serverThread = null; 764 /* 765 * Primary constructor, used to drive remainder of the test. 766 * 767 * Fork off the other side, then do your work. 768 */ 769 Identities() throws Exception { 770 if (separateServerThread) { 771 startServer(true); 772 startClient(false); 773 } else { 774 startClient(true); 775 startServer(false); 776 } 777 778 /* 779 * Wait for other side to close down. 780 */ 781 if (separateServerThread) { 782 serverThread.join(); 783 } else { 784 clientThread.join(); 785 } 786 787 /* 788 * When we get here, the test is pretty much over. 789 * 790 * If the main thread excepted, that propagates back 791 * immediately. If the other thread threw an exception, we 792 * should report back. 793 */ 794 if (serverException != null) 795 throw serverException; 796 if (clientException != null) 797 throw clientException; 798 } 799 800 void startServer(boolean newThread) throws Exception { 801 if (newThread) { 802 serverThread = new Thread() { 803 public void run() { 804 try { 805 doServerSide(); 806 } catch (Exception e) { 807 /* 808 * Our server thread just died. 809 * 810 * Release the client, if not active already... 811 */ 812 System.err.println("Server died..."); 813 serverReady = true; 814 serverException = e; 815 } 816 } 817 }; 818 serverThread.start(); 819 } else { 820 doServerSide(); 821 } 822 } 823 824 void startClient(boolean newThread) throws Exception { 825 if (newThread) { 826 clientThread = new Thread() { 827 public void run() { 828 try { 829 doClientSide(); 830 } catch (Exception e) { 831 /* 832 * Our client thread just died. 833 */ 834 System.err.println("Client died..."); 835 clientException = e; 836 } 837 } 838 }; 839 clientThread.start(); 840 } else { 841 doClientSide(); 842 } 843 } 844 845 // get the ssl context 846 private static SSLContext getSSLContext(String trusedCertStr, 847 String keyCertStr, byte[] modulus, 848 byte[] privateExponent, char[] passphrase) throws Exception { 849 850 // generate certificate from cert string 851 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 852 853 ByteArrayInputStream is = 854 new ByteArrayInputStream(trusedCertStr.getBytes()); 855 Certificate trusedCert = cf.generateCertificate(is); 856 is.close(); 857 858 // create a key store 859 KeyStore ks = KeyStore.getInstance("JKS"); 860 ks.load(null, null); 861 862 // import the trused cert 863 ks.setCertificateEntry("RSA Export Signer", trusedCert); 864 865 if (keyCertStr != null) { 866 // generate the private key. 867 RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec( 868 new BigInteger(modulus), 869 new BigInteger(privateExponent)); 870 KeyFactory kf = KeyFactory.getInstance("RSA"); 871 RSAPrivateKey priKey = 872 (RSAPrivateKey)kf.generatePrivate(priKeySpec); 873 874 // generate certificate chain 875 is = new ByteArrayInputStream(keyCertStr.getBytes()); 876 Certificate keyCert = cf.generateCertificate(is); 877 is.close(); 878 879 Certificate[] chain = new Certificate[2]; 880 chain[0] = keyCert; 881 chain[1] = trusedCert; 882 883 // import the key entry. 884 ks.setKeyEntry("Whatever", priKey, passphrase, chain); 885 } 886 887 // create SSL context 888 TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); 889 tmf.init(ks); 890 891 SSLContext ctx = SSLContext.getInstance("TLS"); 892 893 if (keyCertStr != null) { 894 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); 895 kmf.init(ks, passphrase); 896 897 ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 898 } else { 899 ctx.init(null, tmf.getTrustManagers(), null); 900 } 901 902 return ctx; 903 } 904 905 }