1 /*
2 * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /* @test
30 * @bug 6766775
31 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
32 * @run main/othervm Identities
33 * @author Xuelei Fan
34 */
35
36 import java.net.*;
37 import java.util.*;
38 import java.io.*;
39 import javax.net.ssl.*;
40 import java.security.Security;
41 import java.security.KeyStore;
42 import java.security.KeyFactory;
43 import java.security.cert.Certificate;
44 import java.security.cert.CertificateFactory;
45 import java.security.spec.*;
46 import java.security.interfaces.*;
47 import java.math.BigInteger;
48
49 /*
50 * Certificates and key used in the test.
51 *
52 * TLS server certificate:
53 * server private key:
54 * -----BEGIN RSA PRIVATE KEY-----
55 * Proc-Type: 4,ENCRYPTED
56 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A
57 *
58 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e
59 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI
60 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n
61 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb
62 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP
63 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz
64 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF
65 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J
66 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa
67 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH
68 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT
69 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q
70 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==
71 * -----END RSA PRIVATE KEY-----
72 *
73 * -----BEGIN RSA PRIVATE KEY-----
74 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie
75 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU
76 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB
77 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi
78 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y
79 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo
80 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4
81 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51
82 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16
83 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2
84 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC
85 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF
86 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=
87 * -----END RSA PRIVATE KEY-----
88 *
89 * Private-Key: (1024 bit)
90 * modulus:
91 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
92 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
93 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
94 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
95 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
96 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
97 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
98 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
99 * 30:05:40:2c:4f:ab:d9:74:89
100 * publicExponent: 65537 (0x10001)
101 * privateExponent:
102 * 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:
103 * 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:
104 * e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:
105 * 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:
106 * 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:
107 * 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:
108 * 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:
109 * fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:
110 * 37:6b:37:59:ed:db:6d:b1
111 * prime1:
112 * 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:
113 * ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:
114 * 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:
115 * c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:
116 * d6:11:4c:99:c7
117 * prime2:
118 * 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:
119 * 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:
120 * 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:
121 * 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:
122 * e0:e1:84:ff:2f
123 * exponent1:
124 * 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:
125 * 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:
126 * 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:
127 * 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:
128 * 12:b7:6e:91
129 * exponent2:
130 * 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:
131 * d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:
132 * 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:
133 * 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:
134 * 19:7b:b0:de:53
135 * coefficient:
136 * 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:
137 * cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:
138 * 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:
139 * 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:
140 * 12:d7:eb:4f
141 *
142 *
143 * server certificate:
144 * Data:
145 * Version: 3 (0x2)
146 * Serial Number: 4 (0x4)
147 * Signature Algorithm: md5WithRSAEncryption
148 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
149 * Validity
150 * Not Before: Dec 8 03:21:16 2008 GMT
151 * Not After : Aug 25 03:21:16 2028 GMT
152 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost
153 * Subject Public Key Info:
154 * Public Key Algorithm: rsaEncryption
155 * RSA Public Key: (1024 bit)
156 * Modulus (1024 bit):
157 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
158 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
159 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
160 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
161 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
162 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
163 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
164 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
165 * 30:05:40:2c:4f:ab:d9:74:89
166 * Exponent: 65537 (0x10001)
167 * X509v3 extensions:
168 * X509v3 Basic Constraints:
169 * CA:FALSE
170 * X509v3 Key Usage:
171 * Digital Signature, Non Repudiation, Key Encipherment
172 * X509v3 Subject Key Identifier:
173 * ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54
174 * X509v3 Authority Key Identifier:
175 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
176 *
177 * X509v3 Subject Alternative Name: critical
178 * IP Address:127.0.0.1, DNS:localhost
179 * Signature Algorithm: md5WithRSAEncryption
180 *
181 * -----BEGIN CERTIFICATE-----
182 * MIICqjCCAhOgAwIBAgIBBDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
183 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
184 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzIxMTZaFw0yODA4MjUwMzIxMTZaMHIxCzAJ
185 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
186 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD
187 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3
188 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6
189 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS
190 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjeTB3MAkGA1UdEwQCMAAw
191 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV
192 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB
193 * gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAWTrftGaL73lKLgRTrChGR+F6
194 * //qvs0OM94IOKVeHz36NO49cMJmhJSbKdiGIkppBgpLIBoWxZlN9NOO9oSXFYZsZ
195 * rHaAe9/lWMtQM7XpjqjhWVhB5VPvWFbkorQFMtRYLf7pkonGPFq8GOO1s0TKhogC
196 * jtYCdzlrU4v+om/J3H8=
197 * -----END CERTIFICATE-----
198 *
199 *
200 * TLS client certificate:
201 * client private key:
202 * ----BEGIN RSA PRIVATE KEY-----
203 * Proc-Type: 4,ENCRYPTED
204 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390
205 *
206 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4
207 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf
208 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak
209 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH
210 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat
211 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46
212 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++
213 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+
214 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN
215 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U
216 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO
217 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig
218 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=
219 * -----END RSA PRIVATE KEY-----
220 *
221 * -----BEGIN RSA PRIVATE KEY-----
222 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4
223 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z
224 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB
225 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW
226 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf
227 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6
228 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3
229 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX
230 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM
231 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1
232 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j
233 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY
234 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==
235 * -----END RSA PRIVATE KEY-----
236 *
237 * Private-Key: (1024 bit)
238 * modulus:
239 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
240 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
241 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
242 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
243 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
244 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
245 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
246 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
247 * 75:8d:f5:82:ac:43:92:44:1b
248 * publicExponent: 65537 (0x10001)
249 * privateExponent:
250 * 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:
251 * 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:
252 * fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:
253 * b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:
254 * 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:
255 * 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:
256 * 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:
257 * 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:
258 * e5:28:9b:f9:4c:94:c6:b1
259 * prime1:
260 * 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:
261 * 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:
262 * a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:
263 * 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:
264 * e2:a0:4d:ab:b5
265 * prime2:
266 * 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:
267 * 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:
268 * 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:
269 * bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:
270 * 76:7d:ce:32:8f
271 * exponent1:
272 * 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:
273 * 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:
274 * 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:
275 * 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:
276 * 4c:de:38:95
277 * exponent2:
278 * 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:
279 * ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:
280 * 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:
281 * eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:
282 * 0d:78:df:fd
283 * coefficient:
284 * 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:
285 * de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:
286 * aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:
287 * 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:
288 * 35:92:f2:e3
289 *
290 * client certificate:
291 * Data:
292 * Version: 3 (0x2)
293 * Serial Number: 5 (0x5)
294 * Signature Algorithm: md5WithRSAEncryption
295 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
296 * Validity
297 * Not Before: Dec 8 03:22:10 2008 GMT
298 * Not After : Aug 25 03:22:10 2028 GMT
299 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost
300 * Subject Public Key Info:
301 * Public Key Algorithm: rsaEncryption
302 * RSA Public Key: (1024 bit)
303 * Modulus (1024 bit):
304 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
305 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
306 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
307 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
308 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
309 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
310 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
311 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
312 * 75:8d:f5:82:ac:43:92:44:1b
313 * Exponent: 65537 (0x10001)
314 * X509v3 extensions:
315 * X509v3 Basic Constraints:
316 * CA:FALSE
317 * X509v3 Key Usage:
318 * Digital Signature, Non Repudiation, Key Encipherment
319 * X509v3 Subject Key Identifier:
320 * CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6
321 * X509v3 Authority Key Identifier:
322 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
323 *
324 * X509v3 Subject Alternative Name: critical
325 * IP Address:127.0.0.1, DNS:localhost
326 * Signature Algorithm: md5WithRSAEncryption
327 *
328 * -----BEGIN CERTIFICATE-----
329 * MIICqjCCAhOgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
330 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
331 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzIyMTBaFw0yODA4MjUwMzIyMTBaMHIxCzAJ
332 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
333 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD
334 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas
335 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV
336 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq
337 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjeTB3MAkGA1UdEwQCMAAw
338 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV
339 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB
340 * gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAwDc4f13abs9ZeEkrl5WV2Z74
341 * BlmBhXu8ExtAvoF9q6Ug6xV1MDpxbD124KfUHHL0kNMhMB1WIpC0kOnQBxziNpfS
342 * 7u6GOc3tWLSxw/sHoJGCefnRBllLZOoQuSBrWB8qgilL6HRmZ4UqDcXu4UCaLBZ0
343 * KGDT5ASEN6Lq2GtiP4Y=
344 * -----END CERTIFICATE-----
345 *
346 *
347 *
348 * Trusted CA certificate:
349 * Certificate:
350 * Data:
351 * Version: 3 (0x2)
352 * Serial Number: 0 (0x0)
353 * Signature Algorithm: md5WithRSAEncryption
354 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
355 * Validity
356 * Not Before: Dec 8 02:43:36 2008 GMT
357 * Not After : Aug 25 02:43:36 2028 GMT
358 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org
359 * Subject Public Key Info:
360 * Public Key Algorithm: rsaEncryption
361 * RSA Public Key: (1024 bit)
362 * Modulus (1024 bit):
363 * 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:
364 * d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:
365 * 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:
366 * 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:
367 * 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:
368 * 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:
369 * f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:
370 * 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:
371 * 89:2a:95:12:4c:d8:09:2a:e9
372 * Exponent: 65537 (0x10001)
373 * X509v3 extensions:
374 * X509v3 Subject Key Identifier:
375 * FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
376 * X509v3 Authority Key Identifier:
377 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
378 * DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org
379 * serial:00
380 *
381 * X509v3 Basic Constraints:
382 * CA:TRUE
383 * Signature Algorithm: md5WithRSAEncryption
384 *
385 * -----BEGIN CERTIFICATE-----
386 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
387 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
388 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ
389 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
390 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
391 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX
392 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj
393 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G
394 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ
395 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt
396 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw
397 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA
398 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ
399 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P
400 * 6Mvf0r1PNTY2hwTJLJmKtg==
401 * -----END CERTIFICATE---
402 */
403
404
405 public class Identities {
406 static Map cookies;
407 ServerSocket ss;
408
409 /*
410 * =============================================================
411 * Set the various variables needed for the tests, then
412 * specify what tests to run on each side.
413 */
414
415 /*
416 * Should we run the client or server in a separate thread?
417 * Both sides can throw exceptions, but do you have a preference
418 * as to which side should be the main thread.
419 */
420 static boolean separateServerThread = true;
421
422 /*
423 * Where do we find the keystores?
424 */
425 static String trusedCertStr =
426 "-----BEGIN CERTIFICATE-----\n" +
427 "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
428 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
429 "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" +
430 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
431 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +
432 "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" +
433 "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" +
434 "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" +
435 "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" +
436 "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" +
437 "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" +
438 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" +
439 "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" +
440 "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" +
441 "6Mvf0r1PNTY2hwTJLJmKtg==\n" +
442 "-----END CERTIFICATE-----";
443
444 static String serverCertStr =
445 "-----BEGIN CERTIFICATE-----\n" +
446 "MIICqjCCAhOgAwIBAgIBBDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
447 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
448 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzIxMTZaFw0yODA4MjUwMzIxMTZaMHIxCzAJ\n" +
449 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
450 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" +
451 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" +
452 "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" +
453 "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" +
454 "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjeTB3MAkGA1UdEwQCMAAw\n" +
455 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" +
456 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB\n" +
457 "gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAWTrftGaL73lKLgRTrChGR+F6\n" +
458 "//qvs0OM94IOKVeHz36NO49cMJmhJSbKdiGIkppBgpLIBoWxZlN9NOO9oSXFYZsZ\n" +
459 "rHaAe9/lWMtQM7XpjqjhWVhB5VPvWFbkorQFMtRYLf7pkonGPFq8GOO1s0TKhogC\n" +
460 "jtYCdzlrU4v+om/J3H8=\n" +
461 "-----END CERTIFICATE-----";
462
463 static String clientCertStr =
464 "-----BEGIN CERTIFICATE-----\n" +
465 "MIICqjCCAhOgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
466 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
467 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzIyMTBaFw0yODA4MjUwMzIyMTBaMHIxCzAJ\n" +
468 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
469 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" +
470 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" +
471 "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" +
472 "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" +
473 "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjeTB3MAkGA1UdEwQCMAAw\n" +
474 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" +
475 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB\n" +
476 "gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAwDc4f13abs9ZeEkrl5WV2Z74\n" +
477 "BlmBhXu8ExtAvoF9q6Ug6xV1MDpxbD124KfUHHL0kNMhMB1WIpC0kOnQBxziNpfS\n" +
478 "7u6GOc3tWLSxw/sHoJGCefnRBllLZOoQuSBrWB8qgilL6HRmZ4UqDcXu4UCaLBZ0\n" +
479 "KGDT5ASEN6Lq2GtiP4Y=\n" +
480 "-----END CERTIFICATE-----";
481
482 static byte serverPrivateExponent[] = {
483 (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83,
484 (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44,
485 (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89,
486 (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60,
487 (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21,
488 (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc,
489 (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e,
490 (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3,
491 (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54,
492 (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf,
493 (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0,
494 (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9,
495 (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29,
496 (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c,
497 (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9,
498 (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6,
499 (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72,
500 (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4,
501 (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76,
502 (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f,
503 (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5,
504 (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71,
505 (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e,
506 (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4,
507 (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a,
508 (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4,
509 (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a,
510 (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18,
511 (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba,
512 (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3,
513 (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59,
514 (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1
515 };
516
517 static byte serverModulus[] = {
518 (byte)0x00,
519 (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c,
520 (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99,
521 (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79,
522 (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48,
523 (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84,
524 (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c,
525 (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9,
526 (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39,
527 (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72,
528 (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44,
529 (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc,
530 (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6,
531 (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54,
532 (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc,
533 (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f,
534 (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f,
535 (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2,
536 (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88,
537 (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f,
538 (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53,
539 (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33,
540 (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47,
541 (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea,
542 (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75,
543 (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc,
544 (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9,
545 (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2,
546 (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24,
547 (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03,
548 (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30,
549 (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f,
550 (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89
551 };
552
553 static byte clientPrivateExponent[] = {
554 (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36,
555 (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce,
556 (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84,
557 (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25,
558 (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4,
559 (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a,
560 (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19,
561 (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2,
562 (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77,
563 (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84,
564 (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41,
565 (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8,
566 (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71,
567 (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a,
568 (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0,
569 (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6,
570 (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39,
571 (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e,
572 (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a,
573 (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88,
574 (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89,
575 (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d,
576 (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a,
577 (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69,
578 (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37,
579 (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7,
580 (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27,
581 (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8,
582 (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8,
583 (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1,
584 (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9,
585 (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1
586 };
587
588 static byte clientModulus[] = {
589 (byte)0x00,
590 (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36,
591 (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e,
592 (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00,
593 (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f,
594 (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93,
595 (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1,
596 (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8,
597 (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99,
598 (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f,
599 (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24,
600 (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7,
601 (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44,
602 (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2,
603 (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c,
604 (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d,
605 (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a,
606 (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6,
607 (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f,
608 (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97,
609 (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05,
610 (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf,
611 (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3,
612 (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c,
613 (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf,
614 (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56,
615 (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9,
616 (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf,
617 (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab,
618 (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1,
619 (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75,
620 (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac,
621 (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b
622 };
623
624 static char passphrase[] = "passphrase".toCharArray();
625
626 /*
627 * Is the server ready to serve?
628 */
629 volatile static boolean serverReady = false;
630
631 /*
632 * Is the connection ready to close?
633 */
634 volatile static boolean closeReady = false;
635
636 /*
637 * Turn on SSL debugging?
638 */
639 static boolean debug = false;
640
641 private SSLServerSocket sslServerSocket = null;
642
643 /*
644 * Define the server side of the test.
645 *
646 * If the server prematurely exits, serverReady will be set to true
647 * to avoid infinite hangs.
648 */
649 void doServerSide() throws Exception {
650 SSLContext context = getSSLContext(trusedCertStr, serverCertStr,
651 serverModulus, serverPrivateExponent, passphrase);
652 SSLServerSocketFactory sslssf = context.getServerSocketFactory();
653
654 sslServerSocket =
655 (SSLServerSocket) sslssf.createServerSocket(serverPort);
656 serverPort = sslServerSocket.getLocalPort();
657
658 /*
659 * Signal Client, we're ready for his connect.
660 */
661 serverReady = true;
662
663 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
664 sslSocket.setNeedClientAuth(true);
665
666 PrintStream out =
667 new PrintStream(sslSocket.getOutputStream());
668
669 try {
670 // ignore request data
671
672 // send the response
673 out.print("HTTP/1.1 200 OK\r\n");
674 out.print("Content-Type: text/html; charset=iso-8859-1\r\n");
675 out.print("Content-Length: "+ 9 +"\r\n");
676 out.print("\r\n");
677 out.print("Testing\r\n");
678 out.flush();
679 } finally {
680 // close the socket
681 while (!closeReady) {
682 Thread.sleep(50);
683 }
684
685 System.out.println("Server closing socket");
686 sslSocket.close();
687 serverReady = false;
688 }
689
690 }
691
692 /*
693 * Define the client side of the test.
694 *
695 * If the server prematurely exits, serverReady will be set to true
696 * to avoid infinite hangs.
697 */
698 void doClientSide() throws Exception {
699 SSLContext reservedSSLContext = SSLContext.getDefault();
700 try {
701 SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
702 clientModulus, clientPrivateExponent, passphrase);
703
704 SSLContext.setDefault(context);
705
706 /*
707 * Wait for server to get started.
708 */
709 while (!serverReady) {
710 Thread.sleep(50);
711 }
712
713 HttpsURLConnection http = null;
714
715 /* establish http connection to server */
716 URL url = new URL("https://localhost:" + serverPort+"/");
717 System.out.println("url is "+url.toString());
718
719 try {
720 http = (HttpsURLConnection)url.openConnection();
721
722 int respCode = http.getResponseCode();
723 System.out.println("respCode = "+respCode);
724 } finally {
725 if (http != null) {
726 http.disconnect();
727 }
728 closeReady = true;
729 }
730 } finally {
731 SSLContext.setDefault(reservedSSLContext);
732 }
733 }
734
735 /*
736 * =============================================================
737 * The remainder is just support stuff
738 */
739
740 // use any free port by default
741 volatile int serverPort = 0;
742
743 volatile Exception serverException = null;
744 volatile Exception clientException = null;
745
746 public static void main(String args[]) throws Exception {
747 // MD5 is used in this test case, don't disable MD5 algorithm.
748 Security.setProperty(
749 "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
750
751 if (debug)
752 System.setProperty("javax.net.debug", "all");
753
754 /*
755 * Start the tests.
756 */
757 new Identities();
758 }
759
760 Thread clientThread = null;
761 Thread serverThread = null;
762 /*
763 * Primary constructor, used to drive remainder of the test.
764 *
765 * Fork off the other side, then do your work.
766 */
767 Identities() throws Exception {
768 if (separateServerThread) {
769 startServer(true);
770 startClient(false);
771 } else {
772 startClient(true);
773 startServer(false);
774 }
775
776 /*
777 * Wait for other side to close down.
778 */
779 if (separateServerThread) {
780 serverThread.join();
781 } else {
782 clientThread.join();
783 }
784
785 /*
786 * When we get here, the test is pretty much over.
787 *
788 * If the main thread excepted, that propagates back
789 * immediately. If the other thread threw an exception, we
790 * should report back.
791 */
792 if (serverException != null)
793 throw serverException;
794 if (clientException != null)
795 throw clientException;
796 }
797
798 void startServer(boolean newThread) throws Exception {
799 if (newThread) {
800 serverThread = new Thread() {
801 public void run() {
802 try {
803 doServerSide();
804 } catch (Exception e) {
805 /*
806 * Our server thread just died.
807 *
808 * Release the client, if not active already...
809 */
810 System.err.println("Server died...");
811 serverReady = true;
812 serverException = e;
813 }
814 }
815 };
816 serverThread.start();
817 } else {
818 doServerSide();
819 }
820 }
821
822 void startClient(boolean newThread) throws Exception {
823 if (newThread) {
824 clientThread = new Thread() {
825 public void run() {
826 try {
827 doClientSide();
828 } catch (Exception e) {
829 /*
830 * Our client thread just died.
831 */
832 System.err.println("Client died...");
833 clientException = e;
834 }
835 }
836 };
837 clientThread.start();
838 } else {
839 doClientSide();
840 }
841 }
842
843 // get the ssl context
844 private static SSLContext getSSLContext(String trusedCertStr,
845 String keyCertStr, byte[] modulus,
846 byte[] privateExponent, char[] passphrase) throws Exception {
847
848 // generate certificate from cert string
849 CertificateFactory cf = CertificateFactory.getInstance("X.509");
850
851 ByteArrayInputStream is =
852 new ByteArrayInputStream(trusedCertStr.getBytes());
853 Certificate trusedCert = cf.generateCertificate(is);
854 is.close();
855
856 // create a key store
857 KeyStore ks = KeyStore.getInstance("JKS");
858 ks.load(null, null);
859
860 // import the trused cert
861 ks.setCertificateEntry("RSA Export Signer", trusedCert);
862
863 if (keyCertStr != null) {
864 // generate the private key.
865 RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(
866 new BigInteger(modulus),
867 new BigInteger(privateExponent));
868 KeyFactory kf = KeyFactory.getInstance("RSA");
869 RSAPrivateKey priKey =
870 (RSAPrivateKey)kf.generatePrivate(priKeySpec);
871
872 // generate certificate chain
873 is = new ByteArrayInputStream(keyCertStr.getBytes());
874 Certificate keyCert = cf.generateCertificate(is);
875 is.close();
876
877 Certificate[] chain = new Certificate[2];
878 chain[0] = keyCert;
879 chain[1] = trusedCert;
880
881 // import the key entry.
882 ks.setKeyEntry("Whatever", priKey, passphrase, chain);
883 }
884
885 // create SSL context
886 TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
887 tmf.init(ks);
888
889 SSLContext ctx = SSLContext.getInstance("TLS");
890
891 if (keyCertStr != null) {
892 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
893 kmf.init(ks, passphrase);
894
895 ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
896 } else {
897 ctx.init(null, tmf.getTrustManagers(), null);
898 }
899
900 return ctx;
901 }
902
903 }