Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
ac09e22d
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
ac09e22d
编写于
3月 24, 2010
作者:
A
asaha
浏览文件
操作
浏览文件
下载
差异文件
Merge
上级
69285fcf
d876c863
变更
13
隐藏空白更改
内联
并排
Showing
13 changed file
with
4941 addition
and
33 deletion
+4941
-33
src/share/classes/javax/net/SocketFactory.java
src/share/classes/javax/net/SocketFactory.java
+15
-3
src/share/classes/sun/net/NetworkClient.java
src/share/classes/sun/net/NetworkClient.java
+16
-3
src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
.../classes/sun/net/www/protocol/http/HttpURLConnection.java
+25
-4
src/share/classes/sun/net/www/protocol/https/HttpsClient.java
...share/classes/sun/net/www/protocol/https/HttpsClient.java
+38
-18
src/share/classes/sun/security/ssl/SSLSocketImpl.java
src/share/classes/sun/security/ssl/SSLSocketImpl.java
+5
-0
src/share/native/sun/management/Flag.c
src/share/native/sun/management/Flag.c
+2
-5
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
.../www/protocol/https/HttpsURLConnection/DNSIdentities.java
+879
-0
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsCreateSockTest.java
...rotocol/https/HttpsURLConnection/HttpsCreateSockTest.java
+210
-0
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsSocketFacTest.java
...protocol/https/HttpsURLConnection/HttpsSocketFacTest.java
+225
-0
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressDNSIdentities.java
...ocol/https/HttpsURLConnection/IPAddressDNSIdentities.java
+887
-0
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
...tocol/https/HttpsURLConnection/IPAddressIPIdentities.java
+880
-0
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
...t/www/protocol/https/HttpsURLConnection/IPIdentities.java
+880
-0
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java
...net/www/protocol/https/HttpsURLConnection/Identities.java
+879
-0
未找到文件。
src/share/classes/javax/net/SocketFactory.java
浏览文件 @
ac09e22d
...
@@ -27,8 +27,10 @@
...
@@ -27,8 +27,10 @@
package
javax.net
;
package
javax.net
;
import
java.io.IOException
;
import
java.io.IOException
;
import
java.net.*
;
import
java.net.InetAddress
;
import
java.net.Socket
;
import
java.net.SocketException
;
import
java.net.UnknownHostException
;
/**
/**
* This class creates sockets. It may be subclassed by other factories,
* This class creates sockets. It may be subclassed by other factories,
...
@@ -113,7 +115,17 @@ public abstract class SocketFactory
...
@@ -113,7 +115,17 @@ public abstract class SocketFactory
* @see java.net.Socket#Socket()
* @see java.net.Socket#Socket()
*/
*/
public
Socket
createSocket
()
throws
IOException
{
public
Socket
createSocket
()
throws
IOException
{
throw
new
SocketException
(
"Unconnected sockets not implemented"
);
//
// bug 6771432:
// The Exception is used by HttpsClient to signal that
// unconnected sockets have not been implemented.
//
UnsupportedOperationException
uop
=
new
UnsupportedOperationException
();
SocketException
se
=
new
SocketException
(
"Unconnected sockets not implemented"
);
se
.
initCause
(
uop
);
throw
se
;
}
}
...
...
src/share/classes/sun/net/NetworkClient.java
浏览文件 @
ac09e22d
...
@@ -29,7 +29,6 @@ import java.net.Socket;
...
@@ -29,7 +29,6 @@ import java.net.Socket;
import
java.net.InetAddress
;
import
java.net.InetAddress
;
import
java.net.InetSocketAddress
;
import
java.net.InetSocketAddress
;
import
java.net.UnknownHostException
;
import
java.net.UnknownHostException
;
import
java.net.URL
;
import
java.net.Proxy
;
import
java.net.Proxy
;
import
java.util.Arrays
;
import
java.util.Arrays
;
import
java.security.AccessController
;
import
java.security.AccessController
;
...
@@ -157,10 +156,15 @@ public class NetworkClient {
...
@@ -157,10 +156,15 @@ public class NetworkClient {
public
Socket
run
()
{
public
Socket
run
()
{
return
new
Socket
(
proxy
);
return
new
Socket
(
proxy
);
}});
}});
}
else
}
else
if
(
proxy
.
type
()
==
Proxy
.
Type
.
DIRECT
)
{
s
=
createSocket
();
}
else
{
// Still connecting through a proxy
// server & port will be the proxy address and port
s
=
new
Socket
(
Proxy
.
NO_PROXY
);
s
=
new
Socket
(
Proxy
.
NO_PROXY
);
}
}
else
}
else
s
=
new
Socket
();
s
=
create
Socket
();
// Instance specific timeouts do have priority, that means
// Instance specific timeouts do have priority, that means
// connectTimeout & readTimeout (-1 means not set)
// connectTimeout & readTimeout (-1 means not set)
// Then global default timeouts
// Then global default timeouts
...
@@ -182,6 +186,15 @@ public class NetworkClient {
...
@@ -182,6 +186,15 @@ public class NetworkClient {
return
s
;
return
s
;
}
}
/**
* The following method, createSocket, is provided to allow the
* https client to override it so that it may use its socket factory
* to create the socket.
*/
protected
Socket
createSocket
()
throws
IOException
{
return
new
java
.
net
.
Socket
();
}
protected
InetAddress
getLocalAddress
()
throws
IOException
{
protected
InetAddress
getLocalAddress
()
throws
IOException
{
if
(
serverSocket
==
null
)
if
(
serverSocket
==
null
)
throw
new
IOException
(
"not connected"
);
throw
new
IOException
(
"not connected"
);
...
...
src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
浏览文件 @
ac09e22d
/*
/*
* Copyright 1995-20
09
Sun Microsystems, Inc. All Rights Reserved.
* Copyright 1995-20
10
Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -1258,6 +1258,11 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
...
@@ -1258,6 +1258,11 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
doingNTLMp2ndStage
=
false
;
doingNTLMp2ndStage
=
false
;
continue
;
continue
;
}
}
}
else
{
inNegotiateProxy
=
false
;
doingNTLMp2ndStage
=
false
;
if
(!
isUserProxyAuth
)
requests
.
remove
(
"Proxy-Authorization"
);
}
}
// cache proxy authentication info
// cache proxy authentication info
...
@@ -1303,7 +1308,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
...
@@ -1303,7 +1308,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
serverAuthentication
.
getAuthScheme
()
!=
NTLM
)
{
serverAuthentication
.
getAuthScheme
()
!=
NTLM
)
{
if
(
serverAuthentication
.
isAuthorizationStale
(
raw
))
{
if
(
serverAuthentication
.
isAuthorizationStale
(
raw
))
{
/* we can retry with the current credentials */
/* we can retry with the current credentials */
disconnect
Internal
();
disconnect
Web
();
redirects
++;
redirects
++;
requests
.
set
(
serverAuthentication
.
getHeaderName
(),
requests
.
set
(
serverAuthentication
.
getHeaderName
(),
serverAuthentication
.
getHeaderValue
(
url
,
method
));
serverAuthentication
.
getHeaderValue
(
url
,
method
));
...
@@ -1318,7 +1323,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
...
@@ -1318,7 +1323,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
currentServerCredentials
=
serverAuthentication
;
currentServerCredentials
=
serverAuthentication
;
if
(
serverAuthentication
!=
null
)
{
if
(
serverAuthentication
!=
null
)
{
disconnect
Internal
();
disconnect
Web
();
redirects
++;
// don't let things loop ad nauseum
redirects
++;
// don't let things loop ad nauseum
setCookieHeader
();
setCookieHeader
();
continue
;
continue
;
...
@@ -1327,7 +1332,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
...
@@ -1327,7 +1332,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
reset
();
reset
();
/* header not used for ntlm */
/* header not used for ntlm */
if
(!
serverAuthentication
.
setHeaders
(
this
,
null
,
raw
))
{
if
(!
serverAuthentication
.
setHeaders
(
this
,
null
,
raw
))
{
disconnect
Internal
();
disconnect
Web
();
throw
new
IOException
(
"Authentication failure"
);
throw
new
IOException
(
"Authentication failure"
);
}
}
doingNTLM2ndStage
=
false
;
doingNTLM2ndStage
=
false
;
...
@@ -2319,6 +2324,22 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
...
@@ -2319,6 +2324,22 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
connected
=
false
;
connected
=
false
;
}
}
/**
* Disconnect from the web server at the first 401 error. Do not
* disconnect when using a proxy, a good proxy should have already
* closed the connection to the web server.
*/
private
void
disconnectWeb
()
throws
IOException
{
if
(
usingProxy
())
{
responseCode
=
-
1
;
// clean up, particularly, skip the content part
// of a 401 error response
reset
();
}
else
{
disconnectInternal
();
}
}
/**
/**
* Disconnect from the server (for internal use)
* Disconnect from the server (for internal use)
*/
*/
...
...
src/share/classes/sun/net/www/protocol/https/HttpsClient.java
浏览文件 @
ac09e22d
...
@@ -28,39 +28,24 @@ package sun.net.www.protocol.https;
...
@@ -28,39 +28,24 @@ package sun.net.www.protocol.https;
import
java.io.IOException
;
import
java.io.IOException
;
import
java.io.UnsupportedEncodingException
;
import
java.io.UnsupportedEncodingException
;
import
java.io.InputStream
;
import
java.io.OutputStream
;
import
java.io.FileInputStream
;
import
java.io.PrintStream
;
import
java.io.PrintStream
;
import
java.io.BufferedOutputStream
;
import
java.io.BufferedOutputStream
;
import
java.net.Socket
;
import
java.net.Socket
;
import
java.net.SocketException
;
import
java.net.URL
;
import
java.net.URL
;
import
java.net.UnknownHostException
;
import
java.net.UnknownHostException
;
import
java.net.InetAddress
;
import
java.net.InetSocketAddress
;
import
java.net.InetSocketAddress
;
import
java.net.Proxy
;
import
java.net.Proxy
;
import
java.net.CookieHandler
;
import
java.net.CookieHandler
;
import
java.net.Authenticator
;
import
java.net.PasswordAuthentication
;
import
java.security.Principal
;
import
java.security.Principal
;
import
java.security.KeyStore
;
import
java.security.PrivateKey
;
import
java.security.cert.*
;
import
java.security.cert.*
;
import
java.util.StringTokenizer
;
import
java.util.StringTokenizer
;
import
java.util.Vector
;
import
java.util.Vector
;
import
java.util.Collection
;
import
java.util.List
;
import
java.util.Iterator
;
import
java.security.AccessController
;
import
java.security.AccessController
;
import
javax.security.auth.x500.X500Principal
;
import
javax.security.auth.x500.X500Principal
;
import
javax.net.ssl.*
;
import
javax.net.ssl.*
;
import
sun.security.x509.X500Name
;
import
sun.misc.Regexp
;
import
sun.misc.RegexpPool
;
import
sun.net.www.HeaderParser
;
import
sun.net.www.MessageHeader
;
import
sun.net.www.http.HttpClient
;
import
sun.net.www.http.HttpClient
;
import
sun.security.action.*
;
import
sun.security.action.*
;
...
@@ -125,6 +110,7 @@ final class HttpsClient extends HttpClient
...
@@ -125,6 +110,7 @@ final class HttpsClient extends HttpClient
private
static
final
int
httpsPortNumber
=
443
;
private
static
final
int
httpsPortNumber
=
443
;
/** Returns the default HTTPS port (443) */
/** Returns the default HTTPS port (443) */
@Override
protected
int
getDefaultPort
()
{
return
httpsPortNumber
;
}
protected
int
getDefaultPort
()
{
return
httpsPortNumber
;
}
private
HostnameVerifier
hv
;
private
HostnameVerifier
hv
;
...
@@ -368,11 +354,39 @@ final class HttpsClient extends HttpClient
...
@@ -368,11 +354,39 @@ final class HttpsClient extends HttpClient
return
sslSocketFactory
;
return
sslSocketFactory
;
}
}
/**
* The following method, createSocket, is defined in NetworkClient
* and overridden here so that the socket facroty is used to create
* new sockets.
*/
@Override
protected
Socket
createSocket
()
throws
IOException
{
try
{
return
sslSocketFactory
.
createSocket
();
}
catch
(
SocketException
se
)
{
//
// bug 6771432
// javax.net.SocketFactory throws a SocketException with an
// UnsupportedOperationException as its cause to indicate that
// unconnected sockets have not been implemented.
//
Throwable
t
=
se
.
getCause
();
if
(
t
!=
null
&&
t
instanceof
UnsupportedOperationException
)
{
return
super
.
createSocket
();
}
else
{
throw
se
;
}
}
}
@Override
public
boolean
needsTunneling
()
{
public
boolean
needsTunneling
()
{
return
(
proxy
!=
null
&&
proxy
.
type
()
!=
Proxy
.
Type
.
DIRECT
return
(
proxy
!=
null
&&
proxy
.
type
()
!=
Proxy
.
Type
.
DIRECT
&&
proxy
.
type
()
!=
Proxy
.
Type
.
SOCKS
);
&&
proxy
.
type
()
!=
Proxy
.
Type
.
SOCKS
);
}
}
@Override
public
void
afterConnect
()
throws
IOException
,
UnknownHostException
{
public
void
afterConnect
()
throws
IOException
,
UnknownHostException
{
if
(!
isCachedConnection
())
{
if
(!
isCachedConnection
())
{
SSLSocket
s
=
null
;
SSLSocket
s
=
null
;
...
@@ -383,6 +397,9 @@ final class HttpsClient extends HttpClient
...
@@ -383,6 +397,9 @@ final class HttpsClient extends HttpClient
host
,
port
,
true
);
host
,
port
,
true
);
}
else
{
}
else
{
s
=
(
SSLSocket
)
serverSocket
;
s
=
(
SSLSocket
)
serverSocket
;
if
(
s
instanceof
SSLSocketImpl
)
{
((
SSLSocketImpl
)
s
).
setHost
(
host
);
}
}
}
}
catch
(
IOException
ex
)
{
}
catch
(
IOException
ex
)
{
// If we fail to connect through the tunnel, try it
// If we fail to connect through the tunnel, try it
...
@@ -451,7 +468,6 @@ final class HttpsClient extends HttpClient
...
@@ -451,7 +468,6 @@ final class HttpsClient extends HttpClient
//
//
// Get authenticated server name, if any
// Get authenticated server name, if any
//
//
boolean
done
=
false
;
String
host
=
url
.
getHost
();
String
host
=
url
.
getHost
();
// if IPv6 strip off the "[]"
// if IPv6 strip off the "[]"
...
@@ -467,7 +483,7 @@ final class HttpsClient extends HttpClient
...
@@ -467,7 +483,7 @@ final class HttpsClient extends HttpClient
// Use ciphersuite to determine whether Kerberos is present.
// Use ciphersuite to determine whether Kerberos is present.
if
(
cipher
.
startsWith
(
"TLS_KRB5"
))
{
if
(
cipher
.
startsWith
(
"TLS_KRB5"
))
{
if
(!
c
hecker
.
match
(
host
,
getPeerPrincipal
()))
{
if
(!
HostnameC
hecker
.
match
(
host
,
getPeerPrincipal
()))
{
throw
new
SSLPeerUnverifiedException
(
"Hostname checker"
+
throw
new
SSLPeerUnverifiedException
(
"Hostname checker"
+
" failed for Kerberos"
);
" failed for Kerberos"
);
}
}
...
@@ -514,6 +530,7 @@ final class HttpsClient extends HttpClient
...
@@ -514,6 +530,7 @@ final class HttpsClient extends HttpClient
+
url
.
getHost
()
+
">"
);
+
url
.
getHost
()
+
">"
);
}
}
@Override
protected
void
putInKeepAliveCache
()
{
protected
void
putInKeepAliveCache
()
{
kac
.
put
(
url
,
sslSocketFactory
,
this
);
kac
.
put
(
url
,
sslSocketFactory
,
this
);
}
}
...
@@ -521,6 +538,7 @@ final class HttpsClient extends HttpClient
...
@@ -521,6 +538,7 @@ final class HttpsClient extends HttpClient
/*
/*
* Close an idle connection to this URL (if it exists in the cache).
* Close an idle connection to this URL (if it exists in the cache).
*/
*/
@Override
public
void
closeIdleConnection
()
{
public
void
closeIdleConnection
()
{
HttpClient
http
=
(
HttpClient
)
kac
.
get
(
url
,
sslSocketFactory
);
HttpClient
http
=
(
HttpClient
)
kac
.
get
(
url
,
sslSocketFactory
);
if
(
http
!=
null
)
{
if
(
http
!=
null
)
{
...
@@ -626,6 +644,7 @@ final class HttpsClient extends HttpClient
...
@@ -626,6 +644,7 @@ final class HttpsClient extends HttpClient
* @return the proxy host being used for this client, or null
* @return the proxy host being used for this client, or null
* if we're not going through a proxy
* if we're not going through a proxy
*/
*/
@Override
public
String
getProxyHostUsed
()
{
public
String
getProxyHostUsed
()
{
if
(!
needsTunneling
())
{
if
(!
needsTunneling
())
{
return
null
;
return
null
;
...
@@ -638,6 +657,7 @@ final class HttpsClient extends HttpClient
...
@@ -638,6 +657,7 @@ final class HttpsClient extends HttpClient
* @return the proxy port being used for this client. Meaningless
* @return the proxy port being used for this client. Meaningless
* if getProxyHostUsed() gives null.
* if getProxyHostUsed() gives null.
*/
*/
@Override
public
int
getProxyPortUsed
()
{
public
int
getProxyPortUsed
()
{
return
(
proxy
==
null
||
proxy
.
type
()
==
Proxy
.
Type
.
DIRECT
||
return
(
proxy
==
null
||
proxy
.
type
()
==
Proxy
.
Type
.
DIRECT
||
proxy
.
type
()
==
Proxy
.
Type
.
SOCKS
)?
-
1
:
proxy
.
type
()
==
Proxy
.
Type
.
SOCKS
)?
-
1
:
...
...
src/share/classes/sun/security/ssl/SSLSocketImpl.java
浏览文件 @
ac09e22d
...
@@ -1852,6 +1852,11 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
...
@@ -1852,6 +1852,11 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
return
host
;
return
host
;
}
}
// ONLY used by HttpsClient to setup the URI specified hostname
synchronized
public
void
setHost
(
String
host
)
{
this
.
host
=
host
;
}
/**
/**
* Gets an input stream to read from the peer on the other side.
* Gets an input stream to read from the peer on the other side.
* Data read from this stream was always integrity protected in
* Data read from this stream was always integrity protected in
...
...
src/share/native/sun/management/Flag.c
浏览文件 @
ac09e22d
...
@@ -133,11 +133,8 @@ Java_sun_management_Flag_getFlags
...
@@ -133,11 +133,8 @@ Java_sun_management_Flag_getFlags
globals
[
i
].
value
.
j
);
globals
[
i
].
value
.
j
);
break
;
break
;
default:
default:
// unsupported type
// ignore unsupported type
sprintf
(
errmsg
,
"Unsupported VMGlobal Type %d"
,
globals
[
i
].
type
);
continue
;
JNU_ThrowInternalError
(
env
,
errmsg
);
free
(
globals
);
return
0
;
}
}
switch
(
globals
[
i
].
origin
)
{
switch
(
globals
[
i
].
origin
)
{
case
JMM_VMGLOBAL_ORIGIN_DEFAULT
:
case
JMM_VMGLOBAL_ORIGIN_DEFAULT
:
...
...
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
0 → 100644
浏览文件 @
ac09e22d
/*
* Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/* @test
* @summary X509 certificate hostname checking is broken in JDK1.6.0_10
* @bug 6766775
* @author Xuelei Fan
*/
import
java.net.*
;
import
java.util.*
;
import
java.io.*
;
import
javax.net.ssl.*
;
import
java.security.KeyStore
;
import
java.security.KeyFactory
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateFactory
;
import
java.security.spec.*
;
import
java.security.interfaces.*
;
import
java.math.BigInteger
;
import
sun.security.ssl.SSLSocketImpl
;
/*
* Certificates and key used in the test.
*
* TLS server certificate:
* server private key:
* -----BEGIN RSA PRIVATE KEY-----
* Proc-Type: 4,ENCRYPTED
* DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A
*
* WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e
* h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI
* nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n
* ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb
* Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP
* ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz
* zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF
* TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J
* LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa
* QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH
* fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT
* pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q
* QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==
* -----END RSA PRIVATE KEY-----
*
* -----BEGIN RSA PRIVATE KEY-----
* MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie
* buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU
* PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB
* AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi
* CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y
* yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo
* OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4
* 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51
* 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16
* rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2
* j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC
* dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF
* u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=
* -----END RSA PRIVATE KEY-----
*
* Private-Key: (1024 bit)
* modulus:
* 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
* d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
* 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
* ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
* 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
* 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
* d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
* 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
* 30:05:40:2c:4f:ab:d9:74:89
* publicExponent: 65537 (0x10001)
* privateExponent:
* 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:
* 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:
* e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:
* 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:
* 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:
* 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:
* 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:
* fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:
* 37:6b:37:59:ed:db:6d:b1
* prime1:
* 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:
* ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:
* 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:
* c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:
* d6:11:4c:99:c7
* prime2:
* 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:
* 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:
* 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:
* 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:
* e0:e1:84:ff:2f
* exponent1:
* 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:
* 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:
* 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:
* 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:
* 12:b7:6e:91
* exponent2:
* 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:
* d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:
* 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:
* 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:
* 19:7b:b0:de:53
* coefficient:
* 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:
* cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:
* 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:
* 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:
* 12:d7:eb:4f
*
*
* server certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 8 (0x8)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 03:43:04 2008 GMT
* Not After : Aug 25 03:43:04 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
* d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
* 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
* ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
* 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
* 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
* d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
* 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
* 30:05:40:2c:4f:ab:d9:74:89
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Basic Constraints:
* CA:FALSE
* X509v3 Key Usage:
* Digital Signature, Non Repudiation, Key Encipherment
* X509v3 Subject Key Identifier:
* ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
*
* X509v3 Subject Alternative Name: critical
* DNS:localhost
* Signature Algorithm: md5WithRSAEncryption0
*
* -----BEGIN CERTIFICATE-----
* MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD
* VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3
* ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6
* YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS
* 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw
* CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV
* HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh
* bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac
* PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi
* nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn
* JqCpf5uZGOo=
* -----END CERTIFICATE-----
*
*
* TLS client certificate:
* client private key:
* ----BEGIN RSA PRIVATE KEY-----
* Proc-Type: 4,ENCRYPTED
* DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390
*
* Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4
* Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf
* q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak
* jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH
* l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat
* 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46
* 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++
* NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+
* DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN
* rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U
* wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO
* ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig
* sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=
* -----END RSA PRIVATE KEY-----
*
* -----BEGIN RSA PRIVATE KEY-----
* MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4
* Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z
* F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB
* AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW
* tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf
* BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6
* zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3
* FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX
* 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM
* PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1
* SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j
* P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY
* FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==
* -----END RSA PRIVATE KEY-----
*
* Private-Key: (1024 bit)
* modulus:
* 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
* 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
* 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
* 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
* 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
* 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
* ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
* 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
* 75:8d:f5:82:ac:43:92:44:1b
* publicExponent: 65537 (0x10001)
* privateExponent:
* 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:
* 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:
* fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:
* b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:
* 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:
* 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:
* 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:
* 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:
* e5:28:9b:f9:4c:94:c6:b1
* prime1:
* 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:
* 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:
* a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:
* 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:
* e2:a0:4d:ab:b5
* prime2:
* 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:
* 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:
* 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:
* bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:
* 76:7d:ce:32:8f
* exponent1:
* 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:
* 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:
* 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:
* 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:
* 4c:de:38:95
* exponent2:
* 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:
* ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:
* 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:
* eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:
* 0d:78:df:fd
* coefficient:
* 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:
* de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:
* aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:
* 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:
* 35:92:f2:e3
*
* client certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 9 (0x9)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 03:43:24 2008 GMT
* Not After : Aug 25 03:43:24 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
* 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
* 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
* 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
* 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
* 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
* ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
* 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
* 75:8d:f5:82:ac:43:92:44:1b
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Basic Constraints:
* CA:FALSE
* X509v3 Key Usage:
* Digital Signature, Non Repudiation, Key Encipherment
* X509v3 Subject Key Identifier:
* CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
*
* X509v3 Subject Alternative Name: critical
* DNS:localhost
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD
* VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas
* JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV
* 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq
* ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw
* CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV
* HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh
* bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F
* HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj
* XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN
* cl/epUcHL7E=
* -----END CERTIFICATE-----
*
*
*
* Trusted CA certificate:
* Certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 0 (0x0)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 02:43:36 2008 GMT
* Not After : Aug 25 02:43:36 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:
* d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:
* 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:
* 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:
* 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:
* 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:
* f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:
* 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:
* 89:2a:95:12:4c:d8:09:2a:e9
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Subject Key Identifier:
* FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org
* serial:00
*
* X509v3 Basic Constraints:
* CA:TRUE
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
* gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX
* 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj
* 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G
* A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ
* hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt
* U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw
* DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA
* ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ
* LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P
* 6Mvf0r1PNTY2hwTJLJmKtg==
* -----END CERTIFICATE---
*/
public
class
DNSIdentities
{
static
Map
cookies
;
ServerSocket
ss
;
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static
boolean
separateServerThread
=
true
;
/*
* Where do we find the keystores?
*/
static
String
trusedCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
+
"gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n"
+
"4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n"
+
"7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n"
+
"A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n"
+
"hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n"
+
"U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n"
+
"DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n"
+
"ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n"
+
"LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n"
+
"6Mvf0r1PNTY2hwTJLJmKtg==\n"
+
"-----END CERTIFICATE-----"
;
static
String
serverCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n"
+
"VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n"
+
"ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n"
+
"YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n"
+
"7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw\n"
+
"CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n"
+
"HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n"
+
"bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac\n"
+
"PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi\n"
+
"nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn\n"
+
"JqCpf5uZGOo=\n"
+
"-----END CERTIFICATE-----"
;
static
String
clientCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n"
+
"VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n"
+
"JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n"
+
"8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n"
+
"ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw\n"
+
"CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n"
+
"HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n"
+
"bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F\n"
+
"HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj\n"
+
"XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN\n"
+
"cl/epUcHL7E=\n"
+
"-----END CERTIFICATE-----"
;
static
byte
serverPrivateExponent
[]
=
{
(
byte
)
0x6e
,
(
byte
)
0xa7
,
(
byte
)
0x1b
,
(
byte
)
0x83
,
(
byte
)
0x51
,
(
byte
)
0x35
,
(
byte
)
0x9a
,
(
byte
)
0x44
,
(
byte
)
0x7d
,
(
byte
)
0xf6
,
(
byte
)
0xe3
,
(
byte
)
0x89
,
(
byte
)
0xa0
,
(
byte
)
0xd7
,
(
byte
)
0x90
,
(
byte
)
0x60
,
(
byte
)
0xa1
,
(
byte
)
0x4e
,
(
byte
)
0x27
,
(
byte
)
0x21
,
(
byte
)
0xa2
,
(
byte
)
0x89
,
(
byte
)
0x74
,
(
byte
)
0xcc
,
(
byte
)
0x9d
,
(
byte
)
0x75
,
(
byte
)
0x75
,
(
byte
)
0x4e
,
(
byte
)
0xc7
,
(
byte
)
0x82
,
(
byte
)
0xe3
,
(
byte
)
0xe3
,
(
byte
)
0xc3
,
(
byte
)
0x7d
,
(
byte
)
0x00
,
(
byte
)
0x54
,
(
byte
)
0xec
,
(
byte
)
0x36
,
(
byte
)
0xb1
,
(
byte
)
0xdf
,
(
byte
)
0x91
,
(
byte
)
0x9c
,
(
byte
)
0x7a
,
(
byte
)
0xc0
,
(
byte
)
0x62
,
(
byte
)
0x0a
,
(
byte
)
0xd6
,
(
byte
)
0xa9
,
(
byte
)
0x22
,
(
byte
)
0x91
,
(
byte
)
0x4a
,
(
byte
)
0x29
,
(
byte
)
0x2e
,
(
byte
)
0x43
,
(
byte
)
0xfa
,
(
byte
)
0x8c
,
(
byte
)
0xd8
,
(
byte
)
0xe9
,
(
byte
)
0xbe
,
(
byte
)
0xd9
,
(
byte
)
0x4f
,
(
byte
)
0xca
,
(
byte
)
0x23
,
(
byte
)
0xc6
,
(
byte
)
0xe4
,
(
byte
)
0x3f
,
(
byte
)
0xb8
,
(
byte
)
0x72
,
(
byte
)
0xcf
,
(
byte
)
0x02
,
(
byte
)
0xfc
,
(
byte
)
0xf4
,
(
byte
)
0x58
,
(
byte
)
0x34
,
(
byte
)
0x77
,
(
byte
)
0x76
,
(
byte
)
0xce
,
(
byte
)
0x22
,
(
byte
)
0x44
,
(
byte
)
0x5f
,
(
byte
)
0x2d
,
(
byte
)
0xca
,
(
byte
)
0xee
,
(
byte
)
0xf5
,
(
byte
)
0x43
,
(
byte
)
0x56
,
(
byte
)
0x47
,
(
byte
)
0x71
,
(
byte
)
0x0b
,
(
byte
)
0x09
,
(
byte
)
0x6b
,
(
byte
)
0x5e
,
(
byte
)
0xf2
,
(
byte
)
0xc8
,
(
byte
)
0xee
,
(
byte
)
0xd4
,
(
byte
)
0x6e
,
(
byte
)
0x44
,
(
byte
)
0x92
,
(
byte
)
0x2a
,
(
byte
)
0x7f
,
(
byte
)
0xcc
,
(
byte
)
0xa7
,
(
byte
)
0xd4
,
(
byte
)
0x5b
,
(
byte
)
0xfb
,
(
byte
)
0xf7
,
(
byte
)
0x4a
,
(
byte
)
0xa9
,
(
byte
)
0xfb
,
(
byte
)
0x54
,
(
byte
)
0x18
,
(
byte
)
0xd5
,
(
byte
)
0xd5
,
(
byte
)
0x14
,
(
byte
)
0xba
,
(
byte
)
0xa0
,
(
byte
)
0x1c
,
(
byte
)
0x13
,
(
byte
)
0xb3
,
(
byte
)
0x37
,
(
byte
)
0x6b
,
(
byte
)
0x37
,
(
byte
)
0x59
,
(
byte
)
0xed
,
(
byte
)
0xdb
,
(
byte
)
0x6d
,
(
byte
)
0xb1
};
static
byte
serverModulus
[]
=
{
(
byte
)
0x00
,
(
byte
)
0xa5
,
(
byte
)
0xac
,
(
byte
)
0x5b
,
(
byte
)
0x1c
,
(
byte
)
0x37
,
(
byte
)
0xa2
,
(
byte
)
0xdd
,
(
byte
)
0x99
,
(
byte
)
0x89
,
(
byte
)
0x2d
,
(
byte
)
0xb2
,
(
byte
)
0x79
,
(
byte
)
0xb8
,
(
byte
)
0x8f
,
(
byte
)
0xd5
,
(
byte
)
0x48
,
(
byte
)
0xa5
,
(
byte
)
0xe7
,
(
byte
)
0x1c
,
(
byte
)
0x84
,
(
byte
)
0x17
,
(
byte
)
0x8d
,
(
byte
)
0x69
,
(
byte
)
0x9c
,
(
byte
)
0xc6
,
(
byte
)
0xac
,
(
byte
)
0x6d
,
(
byte
)
0xf9
,
(
byte
)
0xf2
,
(
byte
)
0x1d
,
(
byte
)
0x1f
,
(
byte
)
0x39
,
(
byte
)
0x19
,
(
byte
)
0xda
,
(
byte
)
0xd3
,
(
byte
)
0x72
,
(
byte
)
0x1e
,
(
byte
)
0x6e
,
(
byte
)
0xec
,
(
byte
)
0x44
,
(
byte
)
0xcc
,
(
byte
)
0x70
,
(
byte
)
0xa4
,
(
byte
)
0xdc
,
(
byte
)
0xba
,
(
byte
)
0x00
,
(
byte
)
0x30
,
(
byte
)
0xf6
,
(
byte
)
0xa0
,
(
byte
)
0x4f
,
(
byte
)
0x3d
,
(
byte
)
0x54
,
(
byte
)
0x7a
,
(
byte
)
0x61
,
(
byte
)
0x6a
,
(
byte
)
0xcc
,
(
byte
)
0x57
,
(
byte
)
0xd0
,
(
byte
)
0x0a
,
(
byte
)
0x7f
,
(
byte
)
0x95
,
(
byte
)
0x28
,
(
byte
)
0x18
,
(
byte
)
0x3f
,
(
byte
)
0x9a
,
(
byte
)
0xd9
,
(
byte
)
0x94
,
(
byte
)
0xf2
,
(
byte
)
0x1b
,
(
byte
)
0xc8
,
(
byte
)
0x24
,
(
byte
)
0x88
,
(
byte
)
0x7e
,
(
byte
)
0xfe
,
(
byte
)
0x9d
,
(
byte
)
0x0f
,
(
byte
)
0x3d
,
(
byte
)
0xfb
,
(
byte
)
0x57
,
(
byte
)
0x53
,
(
byte
)
0x08
,
(
byte
)
0xb3
,
(
byte
)
0x20
,
(
byte
)
0x33
,
(
byte
)
0xd4
,
(
byte
)
0x3f
,
(
byte
)
0x17
,
(
byte
)
0x47
,
(
byte
)
0x14
,
(
byte
)
0xd1
,
(
byte
)
0xcd
,
(
byte
)
0xea
,
(
byte
)
0x08
,
(
byte
)
0xd8
,
(
byte
)
0x0e
,
(
byte
)
0x75
,
(
byte
)
0x4e
,
(
byte
)
0xaf
,
(
byte
)
0xbe
,
(
byte
)
0xcc
,
(
byte
)
0xd2
,
(
byte
)
0xec
,
(
byte
)
0xaf
,
(
byte
)
0xa9
,
(
byte
)
0x7a
,
(
byte
)
0x49
,
(
byte
)
0xdf
,
(
byte
)
0xc2
,
(
byte
)
0xd9
,
(
byte
)
0xac
,
(
byte
)
0xb8
,
(
byte
)
0x24
,
(
byte
)
0x40
,
(
byte
)
0x90
,
(
byte
)
0xa6
,
(
byte
)
0x03
,
(
byte
)
0x56
,
(
byte
)
0x2a
,
(
byte
)
0xd0
,
(
byte
)
0x30
,
(
byte
)
0x05
,
(
byte
)
0x40
,
(
byte
)
0x2c
,
(
byte
)
0x4f
,
(
byte
)
0xab
,
(
byte
)
0xd9
,
(
byte
)
0x74
,
(
byte
)
0x89
};
static
byte
clientPrivateExponent
[]
=
{
(
byte
)
0x11
,
(
byte
)
0xb7
,
(
byte
)
0x6a
,
(
byte
)
0x36
,
(
byte
)
0x3d
,
(
byte
)
0x30
,
(
byte
)
0x37
,
(
byte
)
0xce
,
(
byte
)
0x61
,
(
byte
)
0x9d
,
(
byte
)
0x6c
,
(
byte
)
0x84
,
(
byte
)
0x8b
,
(
byte
)
0xf3
,
(
byte
)
0x9b
,
(
byte
)
0x25
,
(
byte
)
0x4f
,
(
byte
)
0x14
,
(
byte
)
0xc8
,
(
byte
)
0xa4
,
(
byte
)
0xdd
,
(
byte
)
0x2f
,
(
byte
)
0xd7
,
(
byte
)
0x9a
,
(
byte
)
0x17
,
(
byte
)
0xbd
,
(
byte
)
0x90
,
(
byte
)
0x19
,
(
byte
)
0xf7
,
(
byte
)
0x05
,
(
byte
)
0xfd
,
(
byte
)
0xf2
,
(
byte
)
0xd2
,
(
byte
)
0xc5
,
(
byte
)
0xf7
,
(
byte
)
0x77
,
(
byte
)
0xbe
,
(
byte
)
0xea
,
(
byte
)
0xe2
,
(
byte
)
0x84
,
(
byte
)
0x87
,
(
byte
)
0x97
,
(
byte
)
0x3a
,
(
byte
)
0x41
,
(
byte
)
0x96
,
(
byte
)
0xb6
,
(
byte
)
0x99
,
(
byte
)
0xf8
,
(
byte
)
0x94
,
(
byte
)
0x8c
,
(
byte
)
0x58
,
(
byte
)
0x71
,
(
byte
)
0x51
,
(
byte
)
0x8c
,
(
byte
)
0xf4
,
(
byte
)
0x2a
,
(
byte
)
0x20
,
(
byte
)
0x9e
,
(
byte
)
0x1a
,
(
byte
)
0xa0
,
(
byte
)
0x26
,
(
byte
)
0x99
,
(
byte
)
0x75
,
(
byte
)
0xd6
,
(
byte
)
0x31
,
(
byte
)
0x53
,
(
byte
)
0x43
,
(
byte
)
0x39
,
(
byte
)
0xf5
,
(
byte
)
0x2a
,
(
byte
)
0xa6
,
(
byte
)
0x7e
,
(
byte
)
0x34
,
(
byte
)
0x42
,
(
byte
)
0x51
,
(
byte
)
0x2a
,
(
byte
)
0x40
,
(
byte
)
0x87
,
(
byte
)
0x03
,
(
byte
)
0x88
,
(
byte
)
0x43
,
(
byte
)
0x69
,
(
byte
)
0xb2
,
(
byte
)
0x89
,
(
byte
)
0x6d
,
(
byte
)
0x20
,
(
byte
)
0xbd
,
(
byte
)
0x7d
,
(
byte
)
0x71
,
(
byte
)
0xef
,
(
byte
)
0x47
,
(
byte
)
0x0a
,
(
byte
)
0xdf
,
(
byte
)
0x06
,
(
byte
)
0xc1
,
(
byte
)
0x69
,
(
byte
)
0x66
,
(
byte
)
0xa8
,
(
byte
)
0x22
,
(
byte
)
0x37
,
(
byte
)
0x1a
,
(
byte
)
0x77
,
(
byte
)
0x1e
,
(
byte
)
0xc7
,
(
byte
)
0x94
,
(
byte
)
0x4e
,
(
byte
)
0x2c
,
(
byte
)
0x27
,
(
byte
)
0x69
,
(
byte
)
0x45
,
(
byte
)
0x5e
,
(
byte
)
0xc8
,
(
byte
)
0xf8
,
(
byte
)
0x0c
,
(
byte
)
0xb7
,
(
byte
)
0xf8
,
(
byte
)
0xc0
,
(
byte
)
0x8f
,
(
byte
)
0x99
,
(
byte
)
0xc1
,
(
byte
)
0xe5
,
(
byte
)
0x28
,
(
byte
)
0x9b
,
(
byte
)
0xf9
,
(
byte
)
0x4c
,
(
byte
)
0x94
,
(
byte
)
0xc6
,
(
byte
)
0xb1
};
static
byte
clientModulus
[]
=
{
(
byte
)
0x00
,
(
byte
)
0xbb
,
(
byte
)
0xf0
,
(
byte
)
0x40
,
(
byte
)
0x36
,
(
byte
)
0xac
,
(
byte
)
0x26
,
(
byte
)
0x54
,
(
byte
)
0x4e
,
(
byte
)
0xf4
,
(
byte
)
0xa3
,
(
byte
)
0x5a
,
(
byte
)
0x00
,
(
byte
)
0x2f
,
(
byte
)
0x69
,
(
byte
)
0x21
,
(
byte
)
0x6f
,
(
byte
)
0xb9
,
(
byte
)
0x7a
,
(
byte
)
0x3a
,
(
byte
)
0x93
,
(
byte
)
0xec
,
(
byte
)
0xa2
,
(
byte
)
0xf6
,
(
byte
)
0xe1
,
(
byte
)
0x8e
,
(
byte
)
0xc7
,
(
byte
)
0x63
,
(
byte
)
0xd8
,
(
byte
)
0x2f
,
(
byte
)
0x12
,
(
byte
)
0x30
,
(
byte
)
0x99
,
(
byte
)
0x2e
,
(
byte
)
0xb0
,
(
byte
)
0xf2
,
(
byte
)
0x8f
,
(
byte
)
0xf8
,
(
byte
)
0x27
,
(
byte
)
0x2d
,
(
byte
)
0x24
,
(
byte
)
0x78
,
(
byte
)
0x28
,
(
byte
)
0x84
,
(
byte
)
0xf7
,
(
byte
)
0x01
,
(
byte
)
0xbf
,
(
byte
)
0x8d
,
(
byte
)
0x44
,
(
byte
)
0x79
,
(
byte
)
0xdd
,
(
byte
)
0x3b
,
(
byte
)
0xd2
,
(
byte
)
0x55
,
(
byte
)
0xf3
,
(
byte
)
0xce
,
(
byte
)
0x3c
,
(
byte
)
0xb2
,
(
byte
)
0x5b
,
(
byte
)
0x21
,
(
byte
)
0x7d
,
(
byte
)
0xef
,
(
byte
)
0xfd
,
(
byte
)
0x33
,
(
byte
)
0x4a
,
(
byte
)
0xb1
,
(
byte
)
0xa3
,
(
byte
)
0xff
,
(
byte
)
0xc6
,
(
byte
)
0xc8
,
(
byte
)
0x9b
,
(
byte
)
0xb9
,
(
byte
)
0x0f
,
(
byte
)
0x7c
,
(
byte
)
0x41
,
(
byte
)
0x35
,
(
byte
)
0x97
,
(
byte
)
0xf9
,
(
byte
)
0xdb
,
(
byte
)
0x3a
,
(
byte
)
0x05
,
(
byte
)
0x60
,
(
byte
)
0x05
,
(
byte
)
0x15
,
(
byte
)
0xaf
,
(
byte
)
0x59
,
(
byte
)
0x17
,
(
byte
)
0x92
,
(
byte
)
0xa3
,
(
byte
)
0x10
,
(
byte
)
0xad
,
(
byte
)
0x16
,
(
byte
)
0x1c
,
(
byte
)
0xe4
,
(
byte
)
0x07
,
(
byte
)
0x53
,
(
byte
)
0xaf
,
(
byte
)
0xa8
,
(
byte
)
0x76
,
(
byte
)
0xa2
,
(
byte
)
0x56
,
(
byte
)
0x2a
,
(
byte
)
0x92
,
(
byte
)
0xd3
,
(
byte
)
0xf9
,
(
byte
)
0x28
,
(
byte
)
0xe0
,
(
byte
)
0x78
,
(
byte
)
0xcf
,
(
byte
)
0x5e
,
(
byte
)
0x1f
,
(
byte
)
0x48
,
(
byte
)
0xab
,
(
byte
)
0x5c
,
(
byte
)
0x19
,
(
byte
)
0xdd
,
(
byte
)
0xe1
,
(
byte
)
0x67
,
(
byte
)
0x43
,
(
byte
)
0xba
,
(
byte
)
0x75
,
(
byte
)
0x8d
,
(
byte
)
0xf5
,
(
byte
)
0x82
,
(
byte
)
0xac
,
(
byte
)
0x43
,
(
byte
)
0x92
,
(
byte
)
0x44
,
(
byte
)
0x1b
};
static
char
passphrase
[]
=
"passphrase"
.
toCharArray
();
/*
* Is the server ready to serve?
*/
volatile
static
boolean
serverReady
=
false
;
/*
* Turn on SSL debugging?
*/
static
boolean
debug
=
false
;
private
SSLServerSocket
sslServerSocket
=
null
;
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void
doServerSide
()
throws
Exception
{
SSLContext
context
=
getSSLContext
(
trusedCertStr
,
serverCertStr
,
serverModulus
,
serverPrivateExponent
,
passphrase
);
SSLServerSocketFactory
sslssf
=
context
.
getServerSocketFactory
();
sslServerSocket
=
(
SSLServerSocket
)
sslssf
.
createServerSocket
(
serverPort
);
serverPort
=
sslServerSocket
.
getLocalPort
();
/*
* Signal Client, we're ready for his connect.
*/
serverReady
=
true
;
SSLSocket
sslSocket
=
(
SSLSocket
)
sslServerSocket
.
accept
();
sslSocket
.
setNeedClientAuth
(
true
);
if
(
sslSocket
instanceof
SSLSocketImpl
)
{
((
SSLSocketImpl
)
sslSocket
).
trySetHostnameVerification
(
"HTTPS"
);
}
PrintStream
out
=
new
PrintStream
(
sslSocket
.
getOutputStream
());
try
{
// ignore request data
// send the response
out
.
print
(
"HTTP/1.1 200 OK\r\n"
);
out
.
print
(
"Content-Type: text/html; charset=iso-8859-1\r\n"
);
out
.
print
(
"Content-Length: "
+
9
+
"\r\n"
);
out
.
print
(
"\r\n"
);
out
.
print
(
"Testing\r\n"
);
out
.
flush
();
}
finally
{
// close the socket
Thread
.
sleep
(
2000
);
System
.
out
.
println
(
"Server closing socket"
);
sslSocket
.
close
();
serverReady
=
false
;
}
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void
doClientSide
()
throws
Exception
{
SSLContext
context
=
getSSLContext
(
trusedCertStr
,
clientCertStr
,
clientModulus
,
clientPrivateExponent
,
passphrase
);
SSLContext
.
setDefault
(
context
);
/*
* Wait for server to get started.
*/
while
(!
serverReady
)
{
Thread
.
sleep
(
50
);
}
HttpsURLConnection
http
=
null
;
/* establish http connection to server */
URL
url
=
new
URL
(
"https://localhost:"
+
serverPort
+
"/"
);
System
.
out
.
println
(
"url is "
+
url
.
toString
());
http
=
(
HttpsURLConnection
)
url
.
openConnection
();
int
respCode
=
http
.
getResponseCode
();
System
.
out
.
println
(
"respCode = "
+
respCode
);
http
.
disconnect
();
}
/*
* =============================================================
* The remainder is just support stuff
*/
// use any free port by default
volatile
int
serverPort
=
0
;
volatile
Exception
serverException
=
null
;
volatile
Exception
clientException
=
null
;
public
static
void
main
(
String
args
[])
throws
Exception
{
if
(
debug
)
System
.
setProperty
(
"javax.net.debug"
,
"all"
);
/*
* Start the tests.
*/
new
DNSIdentities
();
}
Thread
clientThread
=
null
;
Thread
serverThread
=
null
;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
DNSIdentities
()
throws
Exception
{
if
(
separateServerThread
)
{
startServer
(
true
);
startClient
(
false
);
}
else
{
startClient
(
true
);
startServer
(
false
);
}
/*
* Wait for other side to close down.
*/
if
(
separateServerThread
)
{
serverThread
.
join
();
}
else
{
clientThread
.
join
();
}
/*
* When we get here, the test is pretty much over.
*
* If the main thread excepted, that propagates back
* immediately. If the other thread threw an exception, we
* should report back.
*/
if
(
serverException
!=
null
)
throw
serverException
;
if
(
clientException
!=
null
)
throw
clientException
;
}
void
startServer
(
boolean
newThread
)
throws
Exception
{
if
(
newThread
)
{
serverThread
=
new
Thread
()
{
public
void
run
()
{
try
{
doServerSide
();
}
catch
(
Exception
e
)
{
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System
.
err
.
println
(
"Server died..."
);
serverReady
=
true
;
serverException
=
e
;
}
}
};
serverThread
.
start
();
}
else
{
doServerSide
();
}
}
void
startClient
(
boolean
newThread
)
throws
Exception
{
if
(
newThread
)
{
clientThread
=
new
Thread
()
{
public
void
run
()
{
try
{
doClientSide
();
}
catch
(
Exception
e
)
{
/*
* Our client thread just died.
*/
System
.
err
.
println
(
"Client died..."
);
clientException
=
e
;
}
}
};
clientThread
.
start
();
}
else
{
doClientSide
();
}
}
// get the ssl context
private
static
SSLContext
getSSLContext
(
String
trusedCertStr
,
String
keyCertStr
,
byte
[]
modulus
,
byte
[]
privateExponent
,
char
[]
passphrase
)
throws
Exception
{
// generate certificate from cert string
CertificateFactory
cf
=
CertificateFactory
.
getInstance
(
"X.509"
);
ByteArrayInputStream
is
=
new
ByteArrayInputStream
(
trusedCertStr
.
getBytes
());
Certificate
trusedCert
=
cf
.
generateCertificate
(
is
);
is
.
close
();
// create a key store
KeyStore
ks
=
KeyStore
.
getInstance
(
"JKS"
);
ks
.
load
(
null
,
null
);
// import the trused cert
ks
.
setCertificateEntry
(
"RSA Export Signer"
,
trusedCert
);
if
(
keyCertStr
!=
null
)
{
// generate the private key.
RSAPrivateKeySpec
priKeySpec
=
new
RSAPrivateKeySpec
(
new
BigInteger
(
modulus
),
new
BigInteger
(
privateExponent
));
KeyFactory
kf
=
KeyFactory
.
getInstance
(
"RSA"
);
RSAPrivateKey
priKey
=
(
RSAPrivateKey
)
kf
.
generatePrivate
(
priKeySpec
);
// generate certificate chain
is
=
new
ByteArrayInputStream
(
keyCertStr
.
getBytes
());
Certificate
keyCert
=
cf
.
generateCertificate
(
is
);
is
.
close
();
Certificate
[]
chain
=
new
Certificate
[
2
];
chain
[
0
]
=
keyCert
;
chain
[
1
]
=
trusedCert
;
// import the key entry.
ks
.
setKeyEntry
(
"Whatever"
,
priKey
,
passphrase
,
chain
);
}
// create SSL context
TrustManagerFactory
tmf
=
TrustManagerFactory
.
getInstance
(
"PKIX"
);
tmf
.
init
(
ks
);
SSLContext
ctx
=
SSLContext
.
getInstance
(
"TLS"
);
if
(
keyCertStr
!=
null
)
{
KeyManagerFactory
kmf
=
KeyManagerFactory
.
getInstance
(
"SunX509"
);
kmf
.
init
(
ks
,
passphrase
);
ctx
.
init
(
kmf
.
getKeyManagers
(),
tmf
.
getTrustManagers
(),
null
);
}
else
{
ctx
.
init
(
null
,
tmf
.
getTrustManagers
(),
null
);
}
return
ctx
;
}
}
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsCreateSockTest.java
0 → 100644
浏览文件 @
ac09e22d
/*
* Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/**
* @test
* @bug 6771432
* @summary createSocket() - smpatch fails using 1.6.0_10 because of "Unconnected sockets not implemented"
*/
import
javax.net.SocketFactory
;
import
javax.net.ssl.HostnameVerifier
;
import
javax.net.ssl.HttpsURLConnection
;
import
javax.net.ssl.SSLContext
;
import
javax.net.ssl.SSLSession
;
import
javax.net.ssl.SSLSocketFactory
;
import
java.security.NoSuchAlgorithmException
;
import
java.net.InetAddress
;
import
java.net.InetSocketAddress
;
import
java.net.Socket
;
import
java.net.URL
;
import
java.io.BufferedWriter
;
import
java.io.IOException
;
import
java.io.OutputStreamWriter
;
import
com.sun.net.httpserver.HttpExchange
;
import
com.sun.net.httpserver.HttpHandler
;
import
com.sun.net.httpserver.HttpsConfigurator
;
/*
* This class tests that the HTTPS protocol handler is using its socket factory for
* creating new Sockets. It does this by wrapping the default SSLSocketFactory with
* its own socket factory, SimpleSSLSocketFactory, and verifying that when a https
* connection is made one of the socket factories createSocket methods, that
* actually creates a Socket, is being invoked by the protocol handler.
*/
public
class
HttpsCreateSockTest
{
/*
* Where do we find the keystores?
*/
static
String
pathToStores
=
"../../../../../../etc"
;
static
String
keyStoreFile
=
"keystore"
;
static
String
trustStoreFile
=
"truststore"
;
static
String
passwd
=
"passphrase"
;
com
.
sun
.
net
.
httpserver
.
HttpsServer
httpsServer
;
MyHandler
httpHandler
;
public
static
void
main
(
String
[]
args
)
{
String
keyFilename
=
System
.
getProperty
(
"test.src"
,
"./"
)
+
"/"
+
pathToStores
+
"/"
+
keyStoreFile
;
String
trustFilename
=
System
.
getProperty
(
"test.src"
,
"./"
)
+
"/"
+
pathToStores
+
"/"
+
trustStoreFile
;
System
.
setProperty
(
"javax.net.ssl.keyStore"
,
keyFilename
);
System
.
setProperty
(
"javax.net.ssl.keyStorePassword"
,
passwd
);
System
.
setProperty
(
"javax.net.ssl.trustStore"
,
trustFilename
);
System
.
setProperty
(
"javax.net.ssl.trustStorePassword"
,
passwd
);
new
HttpsCreateSockTest
();
}
public
HttpsCreateSockTest
()
{
try
{
startHttpsServer
();
doClient
();
}
catch
(
NoSuchAlgorithmException
e
)
{
e
.
printStackTrace
();
}
catch
(
IOException
ioe
)
{
ioe
.
printStackTrace
();
}
finally
{
httpsServer
.
stop
(
1
);
}
}
void
doClient
()
throws
IOException
{
InetSocketAddress
address
=
httpsServer
.
getAddress
();
URL
url
=
new
URL
(
"https://localhost:"
+
address
.
getPort
()
+
"/"
);
System
.
out
.
println
(
"trying to connect to "
+
url
+
"..."
);
HttpsURLConnection
uc
=
(
HttpsURLConnection
)
url
.
openConnection
();
uc
.
setHostnameVerifier
(
new
AllHostnameVerifier
());
if
(
uc
instanceof
javax
.
net
.
ssl
.
HttpsURLConnection
)
{
((
javax
.
net
.
ssl
.
HttpsURLConnection
)
uc
).
setSSLSocketFactory
(
new
SimpleSSLSocketFactory
());
System
.
out
.
println
(
"Using TestSocketFactory"
);
}
uc
.
connect
();
System
.
out
.
println
(
"CONNECTED "
+
uc
);
System
.
out
.
println
(
uc
.
getResponseMessage
());
uc
.
disconnect
();
}
/**
* Https Server
*/
public
void
startHttpsServer
()
throws
IOException
,
NoSuchAlgorithmException
{
httpsServer
=
com
.
sun
.
net
.
httpserver
.
HttpsServer
.
create
(
new
InetSocketAddress
(
0
),
0
);
httpsServer
.
createContext
(
"/"
,
new
MyHandler
());
httpsServer
.
setHttpsConfigurator
(
new
HttpsConfigurator
(
SSLContext
.
getDefault
()));
httpsServer
.
start
();
}
class
MyHandler
implements
HttpHandler
{
private
String
message
=
"This is a message!"
;
@Override
public
void
handle
(
HttpExchange
t
)
throws
IOException
{
t
.
sendResponseHeaders
(
200
,
message
.
length
());
BufferedWriter
writer
=
new
BufferedWriter
(
new
OutputStreamWriter
(
t
.
getResponseBody
(),
"ISO8859-1"
));
writer
.
write
(
message
,
0
,
message
.
length
());
writer
.
close
();
t
.
close
();
}
}
/**
* Simple wrapper on default SSLSocketFactory
*/
class
SimpleSSLSocketFactory
extends
SSLSocketFactory
{
/*
* true if this factory has been used to create a new Socket, i.e.
* one of the SocketFactory methods has been called.
*/
boolean
socketCreated
=
false
;
/*
* true if this factory has been used to wrap a Socket, i.e.
* the SSLSocketFactory method,
* createSocket(Socket, String, int, boolean), has been called.
*/
boolean
socketWrapped
=
false
;
@Override
public
Socket
createSocket
(
InetAddress
host
,
int
port
)
throws
IOException
{
socketCreated
=
true
;
return
SocketFactory
.
getDefault
().
createSocket
(
host
,
port
);
}
@Override
public
Socket
createSocket
(
InetAddress
address
,
int
port
,
InetAddress
localAddress
,
int
localPort
)
throws
IOException
{
socketCreated
=
true
;
return
SocketFactory
.
getDefault
().
createSocket
(
address
,
port
,
localAddress
,
localPort
);
}
@Override
public
Socket
createSocket
(
String
host
,
int
port
)
throws
IOException
{
socketCreated
=
true
;
return
SocketFactory
.
getDefault
().
createSocket
(
host
,
port
);
}
@Override
public
Socket
createSocket
(
String
host
,
int
port
,
InetAddress
localHost
,
int
localPort
)
throws
IOException
{
socketCreated
=
true
;
return
SocketFactory
.
getDefault
().
createSocket
(
host
,
port
,
localHost
,
localPort
);
}
// methods from SSLSocketFactory
@Override
public
Socket
createSocket
(
Socket
s
,
String
host
,
int
port
,
boolean
autoClose
)
throws
IOException
{
socketWrapped
=
true
;
return
((
SSLSocketFactory
)
SSLSocketFactory
.
getDefault
()).
createSocket
(
s
,
host
,
port
,
autoClose
);
}
@Override
public
String
[]
getDefaultCipherSuites
()
{
return
((
SSLSocketFactory
)
SSLSocketFactory
.
getDefault
()).
getDefaultCipherSuites
();
}
@Override
public
String
[]
getSupportedCipherSuites
()
{
return
((
SSLSocketFactory
)
SSLSocketFactory
.
getDefault
()).
getSupportedCipherSuites
();
}
}
class
AllHostnameVerifier
implements
HostnameVerifier
{
@Override
public
boolean
verify
(
String
hostname
,
SSLSession
session
)
{
return
true
;
}
}
}
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsSocketFacTest.java
0 → 100644
浏览文件 @
ac09e22d
/*
* Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6614957
* @summary HttpsURLConnection not using the set SSLSocketFactory for creating all its Sockets
* @run main/othervm HttpsSocketFacTest
*/
import
javax.net.SocketFactory
;
import
javax.net.ssl.HostnameVerifier
;
import
javax.net.ssl.HttpsURLConnection
;
import
javax.net.ssl.SSLContext
;
import
javax.net.ssl.SSLSession
;
import
javax.net.ssl.SSLSocketFactory
;
import
java.security.NoSuchAlgorithmException
;
import
java.net.InetAddress
;
import
java.net.InetSocketAddress
;
import
java.net.Socket
;
import
java.net.URL
;
import
java.io.BufferedWriter
;
import
java.io.InputStream
;
import
java.io.IOException
;
import
java.io.OutputStreamWriter
;
import
com.sun.net.httpserver.HttpExchange
;
import
com.sun.net.httpserver.HttpHandler
;
import
com.sun.net.httpserver.HttpsConfigurator
;
/*
* This class tests that the HTTPS protocol handler is using its socket factory for
* creating new Sockets. It does this by wrapping the default SSLSocketFactory with
* its own socket factory, SimpleSSLSocketFactory, and verifying that when a https
* connection is made one of the socket factories createSocket methods, that
* actually creates a Socket, is being invoked by the protocol handler.
*/
public
class
HttpsSocketFacTest
{
/*
* Where do we find the keystores?
*/
static
String
pathToStores
=
"../../../../../../etc"
;
static
String
keyStoreFile
=
"keystore"
;
static
String
trustStoreFile
=
"truststore"
;
static
String
passwd
=
"passphrase"
;
com
.
sun
.
net
.
httpserver
.
HttpsServer
httpsServer
;
MyHandler
httpHandler
;
public
static
void
main
(
String
[]
args
)
{
String
keyFilename
=
System
.
getProperty
(
"test.src"
,
"./"
)
+
"/"
+
pathToStores
+
"/"
+
keyStoreFile
;
String
trustFilename
=
System
.
getProperty
(
"test.src"
,
"./"
)
+
"/"
+
pathToStores
+
"/"
+
trustStoreFile
;
System
.
setProperty
(
"javax.net.ssl.keyStore"
,
keyFilename
);
System
.
setProperty
(
"javax.net.ssl.keyStorePassword"
,
passwd
);
System
.
setProperty
(
"javax.net.ssl.trustStore"
,
trustFilename
);
System
.
setProperty
(
"javax.net.ssl.trustStorePassword"
,
passwd
);
new
HttpsSocketFacTest
();
}
public
HttpsSocketFacTest
()
{
try
{
startHttpsServer
();
doClient
();
}
catch
(
NoSuchAlgorithmException
e
)
{
e
.
printStackTrace
();
}
catch
(
IOException
ioe
)
{
ioe
.
printStackTrace
();
}
finally
{
httpsServer
.
stop
(
1
);
}
}
void
doClient
()
throws
IOException
{
InetSocketAddress
address
=
httpsServer
.
getAddress
();
URL
url
=
new
URL
(
"https://localhost:"
+
address
.
getPort
()
+
"/test6614957/"
);
System
.
out
.
println
(
"trying to connect to "
+
url
+
"..."
);
HttpsURLConnection
uc
=
(
HttpsURLConnection
)
url
.
openConnection
();
SimpleSSLSocketFactory
sssf
=
new
SimpleSSLSocketFactory
();
uc
.
setSSLSocketFactory
(
sssf
);
uc
.
setHostnameVerifier
(
new
AllHostnameVerifier
());
InputStream
is
=
uc
.
getInputStream
();
byte
[]
ba
=
new
byte
[
1024
];
int
read
=
0
;
while
((
read
=
is
.
read
(
ba
))
!=
-
1
)
{
System
.
out
.
println
(
new
String
(
ba
,
0
,
read
));
}
System
.
out
.
println
(
"SimpleSSLSocketFactory.socketCreated = "
+
sssf
.
socketCreated
);
System
.
out
.
println
(
"SimpleSSLSocketFactory.socketWrapped = "
+
sssf
.
socketWrapped
);
if
(!
sssf
.
socketCreated
)
throw
new
RuntimeException
(
"Failed: Socket Factory not being called to create Socket"
);
}
/**
* Https Server
*/
public
void
startHttpsServer
()
throws
IOException
,
NoSuchAlgorithmException
{
httpsServer
=
com
.
sun
.
net
.
httpserver
.
HttpsServer
.
create
(
new
InetSocketAddress
(
0
),
0
);
httpsServer
.
createContext
(
"/test6614957/"
,
new
MyHandler
());
httpsServer
.
setHttpsConfigurator
(
new
HttpsConfigurator
(
SSLContext
.
getDefault
()));
httpsServer
.
start
();
}
class
MyHandler
implements
HttpHandler
{
private
String
message
=
"This is a message!"
;
@Override
public
void
handle
(
HttpExchange
t
)
throws
IOException
{
t
.
sendResponseHeaders
(
200
,
message
.
length
());
BufferedWriter
writer
=
new
BufferedWriter
(
new
OutputStreamWriter
(
t
.
getResponseBody
(),
"ISO8859-1"
));
writer
.
write
(
message
,
0
,
message
.
length
());
writer
.
close
();
t
.
close
();
}
}
/**
* Simple wrapper on default SSLSocketFactory
*/
class
SimpleSSLSocketFactory
extends
SSLSocketFactory
{
/*
* true if this factory has been used to create a new Socket, i.e.
* one of the SocketFactory methods has been called.
*/
boolean
socketCreated
=
false
;
/*
* true if this factory has been used to wrap a Socket, i.e.
* the SSLSocketFactory method,
* createSocket(Socket, String, int, boolean), has been called.
*/
boolean
socketWrapped
=
false
;
// methods for SocketFactory
@Override
public
Socket
createSocket
()
throws
IOException
{
socketCreated
=
true
;
return
SocketFactory
.
getDefault
().
createSocket
();
}
@Override
public
Socket
createSocket
(
InetAddress
host
,
int
port
)
throws
IOException
{
socketCreated
=
true
;
return
SocketFactory
.
getDefault
().
createSocket
(
host
,
port
);
}
@Override
public
Socket
createSocket
(
InetAddress
address
,
int
port
,
InetAddress
localAddress
,
int
localPort
)
throws
IOException
{
socketCreated
=
true
;
return
SocketFactory
.
getDefault
().
createSocket
(
address
,
port
,
localAddress
,
localPort
);
}
@Override
public
Socket
createSocket
(
String
host
,
int
port
)
throws
IOException
{
socketCreated
=
true
;
return
SocketFactory
.
getDefault
().
createSocket
(
host
,
port
);
}
@Override
public
Socket
createSocket
(
String
host
,
int
port
,
InetAddress
localHost
,
int
localPort
)
throws
IOException
{
socketCreated
=
true
;
return
SocketFactory
.
getDefault
().
createSocket
(
host
,
port
,
localHost
,
localPort
);
}
// methods from SSLSocketFactory
@Override
public
Socket
createSocket
(
Socket
s
,
String
host
,
int
port
,
boolean
autoClose
)
throws
IOException
{
socketWrapped
=
true
;
return
((
SSLSocketFactory
)
SSLSocketFactory
.
getDefault
()).
createSocket
(
s
,
host
,
port
,
autoClose
);
}
@Override
public
String
[]
getDefaultCipherSuites
()
{
return
((
SSLSocketFactory
)
SSLSocketFactory
.
getDefault
()).
getDefaultCipherSuites
();
}
@Override
public
String
[]
getSupportedCipherSuites
()
{
return
((
SSLSocketFactory
)
SSLSocketFactory
.
getDefault
()).
getSupportedCipherSuites
();
}
}
class
AllHostnameVerifier
implements
HostnameVerifier
{
@Override
public
boolean
verify
(
String
hostname
,
SSLSession
session
)
{
return
true
;
}
}
}
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressDNSIdentities.java
0 → 100644
浏览文件 @
ac09e22d
/*
* Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/* @test
* @summary X509 certificate hostname checking is broken in JDK1.6.0_10
* @bug 6766775
* @author Xuelei Fan
*/
import
java.net.*
;
import
java.util.*
;
import
java.io.*
;
import
javax.net.ssl.*
;
import
java.security.KeyStore
;
import
java.security.KeyFactory
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateFactory
;
import
java.security.spec.*
;
import
java.security.interfaces.*
;
import
java.math.BigInteger
;
import
sun.security.ssl.SSLSocketImpl
;
/*
* Certificates and key used in the test.
*
* TLS server certificate:
* server private key:
* -----BEGIN RSA PRIVATE KEY-----
* Proc-Type: 4,ENCRYPTED
* DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A
*
* WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e
* h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI
* nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n
* ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb
* Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP
* ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz
* zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF
* TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J
* LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa
* QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH
* fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT
* pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q
* QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==
* -----END RSA PRIVATE KEY-----
*
* -----BEGIN RSA PRIVATE KEY-----
* MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie
* buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU
* PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB
* AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi
* CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y
* yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo
* OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4
* 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51
* 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16
* rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2
* j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC
* dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF
* u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=
* -----END RSA PRIVATE KEY-----
*
* Private-Key: (1024 bit)
* modulus:
* 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
* d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
* 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
* ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
* 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
* 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
* d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
* 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
* 30:05:40:2c:4f:ab:d9:74:89
* publicExponent: 65537 (0x10001)
* privateExponent:
* 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:
* 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:
* e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:
* 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:
* 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:
* 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:
* 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:
* fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:
* 37:6b:37:59:ed:db:6d:b1
* prime1:
* 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:
* ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:
* 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:
* c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:
* d6:11:4c:99:c7
* prime2:
* 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:
* 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:
* 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:
* 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:
* e0:e1:84:ff:2f
* exponent1:
* 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:
* 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:
* 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:
* 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:
* 12:b7:6e:91
* exponent2:
* 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:
* d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:
* 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:
* 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:
* 19:7b:b0:de:53
* coefficient:
* 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:
* cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:
* 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:
* 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:
* 12:d7:eb:4f
*
*
* server certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 8 (0x8)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 03:43:04 2008 GMT
* Not After : Aug 25 03:43:04 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
* d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
* 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
* ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
* 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
* 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
* d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
* 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
* 30:05:40:2c:4f:ab:d9:74:89
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Basic Constraints:
* CA:FALSE
* X509v3 Key Usage:
* Digital Signature, Non Repudiation, Key Encipherment
* X509v3 Subject Key Identifier:
* ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
*
* X509v3 Subject Alternative Name: critical
* DNS:localhost
* Signature Algorithm: md5WithRSAEncryption0
*
* -----BEGIN CERTIFICATE-----
* MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD
* VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3
* ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6
* YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS
* 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw
* CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV
* HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh
* bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac
* PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi
* nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn
* JqCpf5uZGOo=
* -----END CERTIFICATE-----
*
*
* TLS client certificate:
* client private key:
* ----BEGIN RSA PRIVATE KEY-----
* Proc-Type: 4,ENCRYPTED
* DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390
*
* Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4
* Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf
* q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak
* jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH
* l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat
* 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46
* 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++
* NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+
* DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN
* rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U
* wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO
* ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig
* sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=
* -----END RSA PRIVATE KEY-----
*
* -----BEGIN RSA PRIVATE KEY-----
* MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4
* Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z
* F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB
* AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW
* tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf
* BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6
* zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3
* FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX
* 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM
* PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1
* SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j
* P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY
* FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==
* -----END RSA PRIVATE KEY-----
*
* Private-Key: (1024 bit)
* modulus:
* 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
* 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
* 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
* 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
* 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
* 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
* ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
* 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
* 75:8d:f5:82:ac:43:92:44:1b
* publicExponent: 65537 (0x10001)
* privateExponent:
* 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:
* 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:
* fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:
* b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:
* 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:
* 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:
* 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:
* 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:
* e5:28:9b:f9:4c:94:c6:b1
* prime1:
* 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:
* 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:
* a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:
* 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:
* e2:a0:4d:ab:b5
* prime2:
* 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:
* 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:
* 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:
* bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:
* 76:7d:ce:32:8f
* exponent1:
* 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:
* 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:
* 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:
* 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:
* 4c:de:38:95
* exponent2:
* 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:
* ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:
* 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:
* eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:
* 0d:78:df:fd
* coefficient:
* 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:
* de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:
* aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:
* 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:
* 35:92:f2:e3
*
* client certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 9 (0x9)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 03:43:24 2008 GMT
* Not After : Aug 25 03:43:24 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
* 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
* 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
* 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
* 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
* 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
* ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
* 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
* 75:8d:f5:82:ac:43:92:44:1b
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Basic Constraints:
* CA:FALSE
* X509v3 Key Usage:
* Digital Signature, Non Repudiation, Key Encipherment
* X509v3 Subject Key Identifier:
* CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
*
* X509v3 Subject Alternative Name: critical
* DNS:localhost
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD
* VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas
* JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV
* 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq
* ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw
* CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV
* HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh
* bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F
* HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj
* XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN
* cl/epUcHL7E=
* -----END CERTIFICATE-----
*
*
*
* Trusted CA certificate:
* Certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 0 (0x0)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 02:43:36 2008 GMT
* Not After : Aug 25 02:43:36 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:
* d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:
* 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:
* 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:
* 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:
* 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:
* f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:
* 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:
* 89:2a:95:12:4c:d8:09:2a:e9
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Subject Key Identifier:
* FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org
* serial:00
*
* X509v3 Basic Constraints:
* CA:TRUE
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
* gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX
* 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj
* 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G
* A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ
* hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt
* U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw
* DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA
* ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ
* LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P
* 6Mvf0r1PNTY2hwTJLJmKtg==
* -----END CERTIFICATE---
*/
public
class
IPAddressDNSIdentities
{
static
Map
cookies
;
ServerSocket
ss
;
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static
boolean
separateServerThread
=
true
;
/*
* Where do we find the keystores?
*/
static
String
trusedCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
+
"gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n"
+
"4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n"
+
"7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n"
+
"A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n"
+
"hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n"
+
"U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n"
+
"DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n"
+
"ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n"
+
"LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n"
+
"6Mvf0r1PNTY2hwTJLJmKtg==\n"
+
"-----END CERTIFICATE-----"
;
static
String
serverCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n"
+
"VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n"
+
"ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n"
+
"YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n"
+
"7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw\n"
+
"CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n"
+
"HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n"
+
"bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac\n"
+
"PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi\n"
+
"nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn\n"
+
"JqCpf5uZGOo=\n"
+
"-----END CERTIFICATE-----"
;
static
String
clientCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n"
+
"VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n"
+
"JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n"
+
"8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n"
+
"ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw\n"
+
"CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n"
+
"HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n"
+
"bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F\n"
+
"HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj\n"
+
"XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN\n"
+
"cl/epUcHL7E=\n"
+
"-----END CERTIFICATE-----"
;
static
byte
serverPrivateExponent
[]
=
{
(
byte
)
0x6e
,
(
byte
)
0xa7
,
(
byte
)
0x1b
,
(
byte
)
0x83
,
(
byte
)
0x51
,
(
byte
)
0x35
,
(
byte
)
0x9a
,
(
byte
)
0x44
,
(
byte
)
0x7d
,
(
byte
)
0xf6
,
(
byte
)
0xe3
,
(
byte
)
0x89
,
(
byte
)
0xa0
,
(
byte
)
0xd7
,
(
byte
)
0x90
,
(
byte
)
0x60
,
(
byte
)
0xa1
,
(
byte
)
0x4e
,
(
byte
)
0x27
,
(
byte
)
0x21
,
(
byte
)
0xa2
,
(
byte
)
0x89
,
(
byte
)
0x74
,
(
byte
)
0xcc
,
(
byte
)
0x9d
,
(
byte
)
0x75
,
(
byte
)
0x75
,
(
byte
)
0x4e
,
(
byte
)
0xc7
,
(
byte
)
0x82
,
(
byte
)
0xe3
,
(
byte
)
0xe3
,
(
byte
)
0xc3
,
(
byte
)
0x7d
,
(
byte
)
0x00
,
(
byte
)
0x54
,
(
byte
)
0xec
,
(
byte
)
0x36
,
(
byte
)
0xb1
,
(
byte
)
0xdf
,
(
byte
)
0x91
,
(
byte
)
0x9c
,
(
byte
)
0x7a
,
(
byte
)
0xc0
,
(
byte
)
0x62
,
(
byte
)
0x0a
,
(
byte
)
0xd6
,
(
byte
)
0xa9
,
(
byte
)
0x22
,
(
byte
)
0x91
,
(
byte
)
0x4a
,
(
byte
)
0x29
,
(
byte
)
0x2e
,
(
byte
)
0x43
,
(
byte
)
0xfa
,
(
byte
)
0x8c
,
(
byte
)
0xd8
,
(
byte
)
0xe9
,
(
byte
)
0xbe
,
(
byte
)
0xd9
,
(
byte
)
0x4f
,
(
byte
)
0xca
,
(
byte
)
0x23
,
(
byte
)
0xc6
,
(
byte
)
0xe4
,
(
byte
)
0x3f
,
(
byte
)
0xb8
,
(
byte
)
0x72
,
(
byte
)
0xcf
,
(
byte
)
0x02
,
(
byte
)
0xfc
,
(
byte
)
0xf4
,
(
byte
)
0x58
,
(
byte
)
0x34
,
(
byte
)
0x77
,
(
byte
)
0x76
,
(
byte
)
0xce
,
(
byte
)
0x22
,
(
byte
)
0x44
,
(
byte
)
0x5f
,
(
byte
)
0x2d
,
(
byte
)
0xca
,
(
byte
)
0xee
,
(
byte
)
0xf5
,
(
byte
)
0x43
,
(
byte
)
0x56
,
(
byte
)
0x47
,
(
byte
)
0x71
,
(
byte
)
0x0b
,
(
byte
)
0x09
,
(
byte
)
0x6b
,
(
byte
)
0x5e
,
(
byte
)
0xf2
,
(
byte
)
0xc8
,
(
byte
)
0xee
,
(
byte
)
0xd4
,
(
byte
)
0x6e
,
(
byte
)
0x44
,
(
byte
)
0x92
,
(
byte
)
0x2a
,
(
byte
)
0x7f
,
(
byte
)
0xcc
,
(
byte
)
0xa7
,
(
byte
)
0xd4
,
(
byte
)
0x5b
,
(
byte
)
0xfb
,
(
byte
)
0xf7
,
(
byte
)
0x4a
,
(
byte
)
0xa9
,
(
byte
)
0xfb
,
(
byte
)
0x54
,
(
byte
)
0x18
,
(
byte
)
0xd5
,
(
byte
)
0xd5
,
(
byte
)
0x14
,
(
byte
)
0xba
,
(
byte
)
0xa0
,
(
byte
)
0x1c
,
(
byte
)
0x13
,
(
byte
)
0xb3
,
(
byte
)
0x37
,
(
byte
)
0x6b
,
(
byte
)
0x37
,
(
byte
)
0x59
,
(
byte
)
0xed
,
(
byte
)
0xdb
,
(
byte
)
0x6d
,
(
byte
)
0xb1
};
static
byte
serverModulus
[]
=
{
(
byte
)
0x00
,
(
byte
)
0xa5
,
(
byte
)
0xac
,
(
byte
)
0x5b
,
(
byte
)
0x1c
,
(
byte
)
0x37
,
(
byte
)
0xa2
,
(
byte
)
0xdd
,
(
byte
)
0x99
,
(
byte
)
0x89
,
(
byte
)
0x2d
,
(
byte
)
0xb2
,
(
byte
)
0x79
,
(
byte
)
0xb8
,
(
byte
)
0x8f
,
(
byte
)
0xd5
,
(
byte
)
0x48
,
(
byte
)
0xa5
,
(
byte
)
0xe7
,
(
byte
)
0x1c
,
(
byte
)
0x84
,
(
byte
)
0x17
,
(
byte
)
0x8d
,
(
byte
)
0x69
,
(
byte
)
0x9c
,
(
byte
)
0xc6
,
(
byte
)
0xac
,
(
byte
)
0x6d
,
(
byte
)
0xf9
,
(
byte
)
0xf2
,
(
byte
)
0x1d
,
(
byte
)
0x1f
,
(
byte
)
0x39
,
(
byte
)
0x19
,
(
byte
)
0xda
,
(
byte
)
0xd3
,
(
byte
)
0x72
,
(
byte
)
0x1e
,
(
byte
)
0x6e
,
(
byte
)
0xec
,
(
byte
)
0x44
,
(
byte
)
0xcc
,
(
byte
)
0x70
,
(
byte
)
0xa4
,
(
byte
)
0xdc
,
(
byte
)
0xba
,
(
byte
)
0x00
,
(
byte
)
0x30
,
(
byte
)
0xf6
,
(
byte
)
0xa0
,
(
byte
)
0x4f
,
(
byte
)
0x3d
,
(
byte
)
0x54
,
(
byte
)
0x7a
,
(
byte
)
0x61
,
(
byte
)
0x6a
,
(
byte
)
0xcc
,
(
byte
)
0x57
,
(
byte
)
0xd0
,
(
byte
)
0x0a
,
(
byte
)
0x7f
,
(
byte
)
0x95
,
(
byte
)
0x28
,
(
byte
)
0x18
,
(
byte
)
0x3f
,
(
byte
)
0x9a
,
(
byte
)
0xd9
,
(
byte
)
0x94
,
(
byte
)
0xf2
,
(
byte
)
0x1b
,
(
byte
)
0xc8
,
(
byte
)
0x24
,
(
byte
)
0x88
,
(
byte
)
0x7e
,
(
byte
)
0xfe
,
(
byte
)
0x9d
,
(
byte
)
0x0f
,
(
byte
)
0x3d
,
(
byte
)
0xfb
,
(
byte
)
0x57
,
(
byte
)
0x53
,
(
byte
)
0x08
,
(
byte
)
0xb3
,
(
byte
)
0x20
,
(
byte
)
0x33
,
(
byte
)
0xd4
,
(
byte
)
0x3f
,
(
byte
)
0x17
,
(
byte
)
0x47
,
(
byte
)
0x14
,
(
byte
)
0xd1
,
(
byte
)
0xcd
,
(
byte
)
0xea
,
(
byte
)
0x08
,
(
byte
)
0xd8
,
(
byte
)
0x0e
,
(
byte
)
0x75
,
(
byte
)
0x4e
,
(
byte
)
0xaf
,
(
byte
)
0xbe
,
(
byte
)
0xcc
,
(
byte
)
0xd2
,
(
byte
)
0xec
,
(
byte
)
0xaf
,
(
byte
)
0xa9
,
(
byte
)
0x7a
,
(
byte
)
0x49
,
(
byte
)
0xdf
,
(
byte
)
0xc2
,
(
byte
)
0xd9
,
(
byte
)
0xac
,
(
byte
)
0xb8
,
(
byte
)
0x24
,
(
byte
)
0x40
,
(
byte
)
0x90
,
(
byte
)
0xa6
,
(
byte
)
0x03
,
(
byte
)
0x56
,
(
byte
)
0x2a
,
(
byte
)
0xd0
,
(
byte
)
0x30
,
(
byte
)
0x05
,
(
byte
)
0x40
,
(
byte
)
0x2c
,
(
byte
)
0x4f
,
(
byte
)
0xab
,
(
byte
)
0xd9
,
(
byte
)
0x74
,
(
byte
)
0x89
};
static
byte
clientPrivateExponent
[]
=
{
(
byte
)
0x11
,
(
byte
)
0xb7
,
(
byte
)
0x6a
,
(
byte
)
0x36
,
(
byte
)
0x3d
,
(
byte
)
0x30
,
(
byte
)
0x37
,
(
byte
)
0xce
,
(
byte
)
0x61
,
(
byte
)
0x9d
,
(
byte
)
0x6c
,
(
byte
)
0x84
,
(
byte
)
0x8b
,
(
byte
)
0xf3
,
(
byte
)
0x9b
,
(
byte
)
0x25
,
(
byte
)
0x4f
,
(
byte
)
0x14
,
(
byte
)
0xc8
,
(
byte
)
0xa4
,
(
byte
)
0xdd
,
(
byte
)
0x2f
,
(
byte
)
0xd7
,
(
byte
)
0x9a
,
(
byte
)
0x17
,
(
byte
)
0xbd
,
(
byte
)
0x90
,
(
byte
)
0x19
,
(
byte
)
0xf7
,
(
byte
)
0x05
,
(
byte
)
0xfd
,
(
byte
)
0xf2
,
(
byte
)
0xd2
,
(
byte
)
0xc5
,
(
byte
)
0xf7
,
(
byte
)
0x77
,
(
byte
)
0xbe
,
(
byte
)
0xea
,
(
byte
)
0xe2
,
(
byte
)
0x84
,
(
byte
)
0x87
,
(
byte
)
0x97
,
(
byte
)
0x3a
,
(
byte
)
0x41
,
(
byte
)
0x96
,
(
byte
)
0xb6
,
(
byte
)
0x99
,
(
byte
)
0xf8
,
(
byte
)
0x94
,
(
byte
)
0x8c
,
(
byte
)
0x58
,
(
byte
)
0x71
,
(
byte
)
0x51
,
(
byte
)
0x8c
,
(
byte
)
0xf4
,
(
byte
)
0x2a
,
(
byte
)
0x20
,
(
byte
)
0x9e
,
(
byte
)
0x1a
,
(
byte
)
0xa0
,
(
byte
)
0x26
,
(
byte
)
0x99
,
(
byte
)
0x75
,
(
byte
)
0xd6
,
(
byte
)
0x31
,
(
byte
)
0x53
,
(
byte
)
0x43
,
(
byte
)
0x39
,
(
byte
)
0xf5
,
(
byte
)
0x2a
,
(
byte
)
0xa6
,
(
byte
)
0x7e
,
(
byte
)
0x34
,
(
byte
)
0x42
,
(
byte
)
0x51
,
(
byte
)
0x2a
,
(
byte
)
0x40
,
(
byte
)
0x87
,
(
byte
)
0x03
,
(
byte
)
0x88
,
(
byte
)
0x43
,
(
byte
)
0x69
,
(
byte
)
0xb2
,
(
byte
)
0x89
,
(
byte
)
0x6d
,
(
byte
)
0x20
,
(
byte
)
0xbd
,
(
byte
)
0x7d
,
(
byte
)
0x71
,
(
byte
)
0xef
,
(
byte
)
0x47
,
(
byte
)
0x0a
,
(
byte
)
0xdf
,
(
byte
)
0x06
,
(
byte
)
0xc1
,
(
byte
)
0x69
,
(
byte
)
0x66
,
(
byte
)
0xa8
,
(
byte
)
0x22
,
(
byte
)
0x37
,
(
byte
)
0x1a
,
(
byte
)
0x77
,
(
byte
)
0x1e
,
(
byte
)
0xc7
,
(
byte
)
0x94
,
(
byte
)
0x4e
,
(
byte
)
0x2c
,
(
byte
)
0x27
,
(
byte
)
0x69
,
(
byte
)
0x45
,
(
byte
)
0x5e
,
(
byte
)
0xc8
,
(
byte
)
0xf8
,
(
byte
)
0x0c
,
(
byte
)
0xb7
,
(
byte
)
0xf8
,
(
byte
)
0xc0
,
(
byte
)
0x8f
,
(
byte
)
0x99
,
(
byte
)
0xc1
,
(
byte
)
0xe5
,
(
byte
)
0x28
,
(
byte
)
0x9b
,
(
byte
)
0xf9
,
(
byte
)
0x4c
,
(
byte
)
0x94
,
(
byte
)
0xc6
,
(
byte
)
0xb1
};
static
byte
clientModulus
[]
=
{
(
byte
)
0x00
,
(
byte
)
0xbb
,
(
byte
)
0xf0
,
(
byte
)
0x40
,
(
byte
)
0x36
,
(
byte
)
0xac
,
(
byte
)
0x26
,
(
byte
)
0x54
,
(
byte
)
0x4e
,
(
byte
)
0xf4
,
(
byte
)
0xa3
,
(
byte
)
0x5a
,
(
byte
)
0x00
,
(
byte
)
0x2f
,
(
byte
)
0x69
,
(
byte
)
0x21
,
(
byte
)
0x6f
,
(
byte
)
0xb9
,
(
byte
)
0x7a
,
(
byte
)
0x3a
,
(
byte
)
0x93
,
(
byte
)
0xec
,
(
byte
)
0xa2
,
(
byte
)
0xf6
,
(
byte
)
0xe1
,
(
byte
)
0x8e
,
(
byte
)
0xc7
,
(
byte
)
0x63
,
(
byte
)
0xd8
,
(
byte
)
0x2f
,
(
byte
)
0x12
,
(
byte
)
0x30
,
(
byte
)
0x99
,
(
byte
)
0x2e
,
(
byte
)
0xb0
,
(
byte
)
0xf2
,
(
byte
)
0x8f
,
(
byte
)
0xf8
,
(
byte
)
0x27
,
(
byte
)
0x2d
,
(
byte
)
0x24
,
(
byte
)
0x78
,
(
byte
)
0x28
,
(
byte
)
0x84
,
(
byte
)
0xf7
,
(
byte
)
0x01
,
(
byte
)
0xbf
,
(
byte
)
0x8d
,
(
byte
)
0x44
,
(
byte
)
0x79
,
(
byte
)
0xdd
,
(
byte
)
0x3b
,
(
byte
)
0xd2
,
(
byte
)
0x55
,
(
byte
)
0xf3
,
(
byte
)
0xce
,
(
byte
)
0x3c
,
(
byte
)
0xb2
,
(
byte
)
0x5b
,
(
byte
)
0x21
,
(
byte
)
0x7d
,
(
byte
)
0xef
,
(
byte
)
0xfd
,
(
byte
)
0x33
,
(
byte
)
0x4a
,
(
byte
)
0xb1
,
(
byte
)
0xa3
,
(
byte
)
0xff
,
(
byte
)
0xc6
,
(
byte
)
0xc8
,
(
byte
)
0x9b
,
(
byte
)
0xb9
,
(
byte
)
0x0f
,
(
byte
)
0x7c
,
(
byte
)
0x41
,
(
byte
)
0x35
,
(
byte
)
0x97
,
(
byte
)
0xf9
,
(
byte
)
0xdb
,
(
byte
)
0x3a
,
(
byte
)
0x05
,
(
byte
)
0x60
,
(
byte
)
0x05
,
(
byte
)
0x15
,
(
byte
)
0xaf
,
(
byte
)
0x59
,
(
byte
)
0x17
,
(
byte
)
0x92
,
(
byte
)
0xa3
,
(
byte
)
0x10
,
(
byte
)
0xad
,
(
byte
)
0x16
,
(
byte
)
0x1c
,
(
byte
)
0xe4
,
(
byte
)
0x07
,
(
byte
)
0x53
,
(
byte
)
0xaf
,
(
byte
)
0xa8
,
(
byte
)
0x76
,
(
byte
)
0xa2
,
(
byte
)
0x56
,
(
byte
)
0x2a
,
(
byte
)
0x92
,
(
byte
)
0xd3
,
(
byte
)
0xf9
,
(
byte
)
0x28
,
(
byte
)
0xe0
,
(
byte
)
0x78
,
(
byte
)
0xcf
,
(
byte
)
0x5e
,
(
byte
)
0x1f
,
(
byte
)
0x48
,
(
byte
)
0xab
,
(
byte
)
0x5c
,
(
byte
)
0x19
,
(
byte
)
0xdd
,
(
byte
)
0xe1
,
(
byte
)
0x67
,
(
byte
)
0x43
,
(
byte
)
0xba
,
(
byte
)
0x75
,
(
byte
)
0x8d
,
(
byte
)
0xf5
,
(
byte
)
0x82
,
(
byte
)
0xac
,
(
byte
)
0x43
,
(
byte
)
0x92
,
(
byte
)
0x44
,
(
byte
)
0x1b
};
static
char
passphrase
[]
=
"passphrase"
.
toCharArray
();
/*
* Is the server ready to serve?
*/
volatile
static
boolean
serverReady
=
false
;
/*
* Turn on SSL debugging?
*/
static
boolean
debug
=
false
;
private
SSLServerSocket
sslServerSocket
=
null
;
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void
doServerSide
()
throws
Exception
{
SSLContext
context
=
getSSLContext
(
trusedCertStr
,
serverCertStr
,
serverModulus
,
serverPrivateExponent
,
passphrase
);
SSLServerSocketFactory
sslssf
=
context
.
getServerSocketFactory
();
sslServerSocket
=
(
SSLServerSocket
)
sslssf
.
createServerSocket
(
serverPort
);
serverPort
=
sslServerSocket
.
getLocalPort
();
/*
* Signal Client, we're ready for his connect.
*/
serverReady
=
true
;
SSLSocket
sslSocket
=
(
SSLSocket
)
sslServerSocket
.
accept
();
sslSocket
.
setNeedClientAuth
(
true
);
if
(
sslSocket
instanceof
SSLSocketImpl
)
{
((
SSLSocketImpl
)
sslSocket
).
trySetHostnameVerification
(
"HTTPS"
);
}
PrintStream
out
=
new
PrintStream
(
sslSocket
.
getOutputStream
());
try
{
// ignore request data
// send the response
out
.
print
(
"HTTP/1.1 200 OK\r\n"
);
out
.
print
(
"Content-Type: text/html; charset=iso-8859-1\r\n"
);
out
.
print
(
"Content-Length: "
+
9
+
"\r\n"
);
out
.
print
(
"\r\n"
);
out
.
print
(
"Testing\r\n"
);
out
.
flush
();
}
finally
{
// close the socket
Thread
.
sleep
(
2000
);
System
.
out
.
println
(
"Server closing socket"
);
sslSocket
.
close
();
serverReady
=
false
;
}
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void
doClientSide
()
throws
Exception
{
SSLContext
context
=
getSSLContext
(
trusedCertStr
,
clientCertStr
,
clientModulus
,
clientPrivateExponent
,
passphrase
);
SSLContext
.
setDefault
(
context
);
/*
* Wait for server to get started.
*/
while
(!
serverReady
)
{
Thread
.
sleep
(
50
);
}
HttpsURLConnection
http
=
null
;
/* establish http connection to server */
URL
url
=
new
URL
(
"https://127.0.0.1:"
+
serverPort
+
"/"
);
System
.
out
.
println
(
"url is "
+
url
.
toString
());
try
{
http
=
(
HttpsURLConnection
)
url
.
openConnection
();
int
respCode
=
http
.
getResponseCode
();
System
.
out
.
println
(
"respCode = "
+
respCode
);
throw
new
Exception
(
"Unexpectly found subject alternative name "
+
"matching IP address"
);
}
catch
(
SSLHandshakeException
sslhe
)
{
// no subject alternative names matching IP address 127.0.0.1 found
// that's the expected exception, ignore it.
}
finally
{
http
.
disconnect
();
}
}
/*
* =============================================================
* The remainder is just support stuff
*/
// use any free port by default
volatile
int
serverPort
=
0
;
volatile
Exception
serverException
=
null
;
volatile
Exception
clientException
=
null
;
public
static
void
main
(
String
args
[])
throws
Exception
{
if
(
debug
)
System
.
setProperty
(
"javax.net.debug"
,
"all"
);
/*
* Start the tests.
*/
new
IPAddressDNSIdentities
();
}
Thread
clientThread
=
null
;
Thread
serverThread
=
null
;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
IPAddressDNSIdentities
()
throws
Exception
{
if
(
separateServerThread
)
{
startServer
(
true
);
startClient
(
false
);
}
else
{
startClient
(
true
);
startServer
(
false
);
}
/*
* Wait for other side to close down.
*/
if
(
separateServerThread
)
{
serverThread
.
join
();
}
else
{
clientThread
.
join
();
}
/*
* When we get here, the test is pretty much over.
*
* If the main thread excepted, that propagates back
* immediately. If the other thread threw an exception, we
* should report back.
*/
if
(
serverException
!=
null
)
throw
serverException
;
if
(
clientException
!=
null
)
throw
clientException
;
}
void
startServer
(
boolean
newThread
)
throws
Exception
{
if
(
newThread
)
{
serverThread
=
new
Thread
()
{
public
void
run
()
{
try
{
doServerSide
();
}
catch
(
Exception
e
)
{
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System
.
err
.
println
(
"Server died..."
);
serverReady
=
true
;
serverException
=
e
;
}
}
};
serverThread
.
start
();
}
else
{
doServerSide
();
}
}
void
startClient
(
boolean
newThread
)
throws
Exception
{
if
(
newThread
)
{
clientThread
=
new
Thread
()
{
public
void
run
()
{
try
{
doClientSide
();
}
catch
(
Exception
e
)
{
/*
* Our client thread just died.
*/
System
.
err
.
println
(
"Client died..."
);
clientException
=
e
;
}
}
};
clientThread
.
start
();
}
else
{
doClientSide
();
}
}
// get the ssl context
private
static
SSLContext
getSSLContext
(
String
trusedCertStr
,
String
keyCertStr
,
byte
[]
modulus
,
byte
[]
privateExponent
,
char
[]
passphrase
)
throws
Exception
{
// generate certificate from cert string
CertificateFactory
cf
=
CertificateFactory
.
getInstance
(
"X.509"
);
ByteArrayInputStream
is
=
new
ByteArrayInputStream
(
trusedCertStr
.
getBytes
());
Certificate
trusedCert
=
cf
.
generateCertificate
(
is
);
is
.
close
();
// create a key store
KeyStore
ks
=
KeyStore
.
getInstance
(
"JKS"
);
ks
.
load
(
null
,
null
);
// import the trused cert
ks
.
setCertificateEntry
(
"RSA Export Signer"
,
trusedCert
);
if
(
keyCertStr
!=
null
)
{
// generate the private key.
RSAPrivateKeySpec
priKeySpec
=
new
RSAPrivateKeySpec
(
new
BigInteger
(
modulus
),
new
BigInteger
(
privateExponent
));
KeyFactory
kf
=
KeyFactory
.
getInstance
(
"RSA"
);
RSAPrivateKey
priKey
=
(
RSAPrivateKey
)
kf
.
generatePrivate
(
priKeySpec
);
// generate certificate chain
is
=
new
ByteArrayInputStream
(
keyCertStr
.
getBytes
());
Certificate
keyCert
=
cf
.
generateCertificate
(
is
);
is
.
close
();
Certificate
[]
chain
=
new
Certificate
[
2
];
chain
[
0
]
=
keyCert
;
chain
[
1
]
=
trusedCert
;
// import the key entry.
ks
.
setKeyEntry
(
"Whatever"
,
priKey
,
passphrase
,
chain
);
}
// create SSL context
TrustManagerFactory
tmf
=
TrustManagerFactory
.
getInstance
(
"PKIX"
);
tmf
.
init
(
ks
);
SSLContext
ctx
=
SSLContext
.
getInstance
(
"TLS"
);
if
(
keyCertStr
!=
null
)
{
KeyManagerFactory
kmf
=
KeyManagerFactory
.
getInstance
(
"SunX509"
);
kmf
.
init
(
ks
,
passphrase
);
ctx
.
init
(
kmf
.
getKeyManagers
(),
tmf
.
getTrustManagers
(),
null
);
}
else
{
ctx
.
init
(
null
,
tmf
.
getTrustManagers
(),
null
);
}
return
ctx
;
}
}
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
0 → 100644
浏览文件 @
ac09e22d
/*
* Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/* @test
* @summary X509 certificate hostname checking is broken in JDK1.6.0_10
* @bug 6766775
* @author Xuelei Fan
*/
import
java.net.*
;
import
java.util.*
;
import
java.io.*
;
import
javax.net.ssl.*
;
import
java.security.KeyStore
;
import
java.security.KeyFactory
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateFactory
;
import
java.security.spec.*
;
import
java.security.interfaces.*
;
import
java.math.BigInteger
;
import
sun.security.ssl.SSLSocketImpl
;
/*
* Certificates and key used in the test.
*
* TLS server certificate:
* server private key:
* -----BEGIN RSA PRIVATE KEY-----
* Proc-Type: 4,ENCRYPTED
* DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A
*
* WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e
* h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI
* nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n
* ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb
* Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP
* ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz
* zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF
* TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J
* LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa
* QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH
* fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT
* pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q
* QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==
* -----END RSA PRIVATE KEY-----
*
* -----BEGIN RSA PRIVATE KEY-----
* MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie
* buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU
* PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB
* AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi
* CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y
* yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo
* OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4
* 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51
* 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16
* rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2
* j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC
* dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF
* u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=
* -----END RSA PRIVATE KEY-----
*
* Private-Key: (1024 bit)
* modulus:
* 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
* d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
* 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
* ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
* 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
* 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
* d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
* 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
* 30:05:40:2c:4f:ab:d9:74:89
* publicExponent: 65537 (0x10001)
* privateExponent:
* 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:
* 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:
* e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:
* 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:
* 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:
* 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:
* 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:
* fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:
* 37:6b:37:59:ed:db:6d:b1
* prime1:
* 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:
* ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:
* 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:
* c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:
* d6:11:4c:99:c7
* prime2:
* 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:
* 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:
* 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:
* 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:
* e0:e1:84:ff:2f
* exponent1:
* 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:
* 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:
* 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:
* 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:
* 12:b7:6e:91
* exponent2:
* 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:
* d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:
* 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:
* 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:
* 19:7b:b0:de:53
* coefficient:
* 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:
* cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:
* 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:
* 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:
* 12:d7:eb:4f
*
*
* server certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 7 (0x7)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 03:27:57 2008 GMT
* Not After : Aug 25 03:27:57 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
* d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
* 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
* ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
* 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
* 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
* d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
* 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
* 30:05:40:2c:4f:ab:d9:74:89
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Basic Constraints:
* CA:FALSE
* X509v3 Key Usage:
* Digital Signature, Non Repudiation, Key Encipherment
* X509v3 Subject Key Identifier:
* ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
*
* X509v3 Subject Alternative Name: critical
* IP Address:127.0.0.1
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICnzCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3NTdaFw0yODA4MjUwMzI3NTdaMHIxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD
* VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3
* ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6
* YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS
* 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjbjBsMAkGA1UdEwQCMAAw
* CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV
* HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB
* MA0GCSqGSIb3DQEBBAUAA4GBAFJjItCtCBZcjD69wdqfIbKmRFa6eJAjR6LcoDva
* cKC/sDOLelpspiZ66Zb0Xdv5qQ7QrfOXt3K8QqJKRMdZLF9WfUfy0gJDM32ub91h
* pu+TmcGPs+6RdrAQcuvU1ZDV9X8SMj7BtKaim4d5sqFw1npncKiA5xFn8vOYwdun
* nZif
* -----END CERTIFICATE-----
*
*
* TLS client certificate:
* client private key:
* ----BEGIN RSA PRIVATE KEY-----
* Proc-Type: 4,ENCRYPTED
* DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390
*
* Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4
* Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf
* q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak
* jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH
* l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat
* 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46
* 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++
* NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+
* DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN
* rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U
* wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO
* ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig
* sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=
* -----END RSA PRIVATE KEY-----
*
* -----BEGIN RSA PRIVATE KEY-----
* MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4
* Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z
* F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB
* AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW
* tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf
* BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6
* zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3
* FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX
* 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM
* PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1
* SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j
* P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY
* FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==
* -----END RSA PRIVATE KEY-----
*
* Private-Key: (1024 bit)
* modulus:
* 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
* 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
* 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
* 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
* 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
* 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
* ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
* 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
* 75:8d:f5:82:ac:43:92:44:1b
* publicExponent: 65537 (0x10001)
* privateExponent:
* 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:
* 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:
* fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:
* b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:
* 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:
* 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:
* 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:
* 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:
* e5:28:9b:f9:4c:94:c6:b1
* prime1:
* 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:
* 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:
* a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:
* 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:
* e2:a0:4d:ab:b5
* prime2:
* 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:
* 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:
* 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:
* bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:
* 76:7d:ce:32:8f
* exponent1:
* 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:
* 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:
* 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:
* 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:
* 4c:de:38:95
* exponent2:
* 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:
* ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:
* 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:
* eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:
* 0d:78:df:fd
* coefficient:
* 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:
* de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:
* aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:
* 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:
* 35:92:f2:e3
*
* client certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 6 (0x6)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 03:27:34 2008 GMT
* Not After : Aug 25 03:27:34 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
* 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
* 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
* 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
* 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
* 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
* ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
* 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
* 75:8d:f5:82:ac:43:92:44:1b
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Basic Constraints:
* CA:FALSE
* X509v3 Key Usage:
* Digital Signature, Non Repudiation, Key Encipherment
* X509v3 Subject Key Identifier:
* CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
*
* X509v3 Subject Alternative Name: critical
* IP Address:127.0.0.1
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICnzCCAgigAwIBAgIBBjANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3MzRaFw0yODA4MjUwMzI3MzRaMHIxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD
* VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas
* JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV
* 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq
* ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjbjBsMAkGA1UdEwQCMAAw
* CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV
* HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB
* MA0GCSqGSIb3DQEBBAUAA4GBACjj9PS+W6XOF7toFMwMOv/AemZeBOpcEF1Ei1Hx
* HjvB6EOHkMY8tFm5OPzkiWiK3+s3awpSW0jWdzMYwrQJ3/klMsPDpI7PEuirqwHP
* i5Wyl/vk7jmfWVcBO9MVhPUo4BYl4vS9aj6JA5QbkbkB95LOgT/BowY0WmHeVsXC
* I9aw
* -----END CERTIFICATE-----
*
*
*
* Trusted CA certificate:
* Certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 0 (0x0)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 02:43:36 2008 GMT
* Not After : Aug 25 02:43:36 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:
* d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:
* 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:
* 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:
* 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:
* 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:
* f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:
* 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:
* 89:2a:95:12:4c:d8:09:2a:e9
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Subject Key Identifier:
* FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org
* serial:00
*
* X509v3 Basic Constraints:
* CA:TRUE
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
* gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX
* 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj
* 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G
* A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ
* hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt
* U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw
* DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA
* ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ
* LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P
* 6Mvf0r1PNTY2hwTJLJmKtg==
* -----END CERTIFICATE---
*/
public
class
IPAddressIPIdentities
{
static
Map
cookies
;
ServerSocket
ss
;
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static
boolean
separateServerThread
=
true
;
/*
* Where do we find the keystores?
*/
static
String
trusedCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
+
"gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n"
+
"4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n"
+
"7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n"
+
"A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n"
+
"hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n"
+
"U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n"
+
"DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n"
+
"ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n"
+
"LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n"
+
"6Mvf0r1PNTY2hwTJLJmKtg==\n"
+
"-----END CERTIFICATE-----"
;
static
String
serverCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICnzCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3NTdaFw0yODA4MjUwMzI3NTdaMHIxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n"
+
"VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n"
+
"ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n"
+
"YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n"
+
"7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjbjBsMAkGA1UdEwQCMAAw\n"
+
"CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n"
+
"HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB\n"
+
"MA0GCSqGSIb3DQEBBAUAA4GBAFJjItCtCBZcjD69wdqfIbKmRFa6eJAjR6LcoDva\n"
+
"cKC/sDOLelpspiZ66Zb0Xdv5qQ7QrfOXt3K8QqJKRMdZLF9WfUfy0gJDM32ub91h\n"
+
"pu+TmcGPs+6RdrAQcuvU1ZDV9X8SMj7BtKaim4d5sqFw1npncKiA5xFn8vOYwdun\n"
+
"nZif\n"
+
"-----END CERTIFICATE-----"
;
static
String
clientCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICnzCCAgigAwIBAgIBBjANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3MzRaFw0yODA4MjUwMzI3MzRaMHIxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n"
+
"VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n"
+
"JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n"
+
"8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n"
+
"ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjbjBsMAkGA1UdEwQCMAAw\n"
+
"CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n"
+
"HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB\n"
+
"MA0GCSqGSIb3DQEBBAUAA4GBACjj9PS+W6XOF7toFMwMOv/AemZeBOpcEF1Ei1Hx\n"
+
"HjvB6EOHkMY8tFm5OPzkiWiK3+s3awpSW0jWdzMYwrQJ3/klMsPDpI7PEuirqwHP\n"
+
"i5Wyl/vk7jmfWVcBO9MVhPUo4BYl4vS9aj6JA5QbkbkB95LOgT/BowY0WmHeVsXC\n"
+
"I9aw\n"
+
"-----END CERTIFICATE-----"
;
static
byte
serverPrivateExponent
[]
=
{
(
byte
)
0x6e
,
(
byte
)
0xa7
,
(
byte
)
0x1b
,
(
byte
)
0x83
,
(
byte
)
0x51
,
(
byte
)
0x35
,
(
byte
)
0x9a
,
(
byte
)
0x44
,
(
byte
)
0x7d
,
(
byte
)
0xf6
,
(
byte
)
0xe3
,
(
byte
)
0x89
,
(
byte
)
0xa0
,
(
byte
)
0xd7
,
(
byte
)
0x90
,
(
byte
)
0x60
,
(
byte
)
0xa1
,
(
byte
)
0x4e
,
(
byte
)
0x27
,
(
byte
)
0x21
,
(
byte
)
0xa2
,
(
byte
)
0x89
,
(
byte
)
0x74
,
(
byte
)
0xcc
,
(
byte
)
0x9d
,
(
byte
)
0x75
,
(
byte
)
0x75
,
(
byte
)
0x4e
,
(
byte
)
0xc7
,
(
byte
)
0x82
,
(
byte
)
0xe3
,
(
byte
)
0xe3
,
(
byte
)
0xc3
,
(
byte
)
0x7d
,
(
byte
)
0x00
,
(
byte
)
0x54
,
(
byte
)
0xec
,
(
byte
)
0x36
,
(
byte
)
0xb1
,
(
byte
)
0xdf
,
(
byte
)
0x91
,
(
byte
)
0x9c
,
(
byte
)
0x7a
,
(
byte
)
0xc0
,
(
byte
)
0x62
,
(
byte
)
0x0a
,
(
byte
)
0xd6
,
(
byte
)
0xa9
,
(
byte
)
0x22
,
(
byte
)
0x91
,
(
byte
)
0x4a
,
(
byte
)
0x29
,
(
byte
)
0x2e
,
(
byte
)
0x43
,
(
byte
)
0xfa
,
(
byte
)
0x8c
,
(
byte
)
0xd8
,
(
byte
)
0xe9
,
(
byte
)
0xbe
,
(
byte
)
0xd9
,
(
byte
)
0x4f
,
(
byte
)
0xca
,
(
byte
)
0x23
,
(
byte
)
0xc6
,
(
byte
)
0xe4
,
(
byte
)
0x3f
,
(
byte
)
0xb8
,
(
byte
)
0x72
,
(
byte
)
0xcf
,
(
byte
)
0x02
,
(
byte
)
0xfc
,
(
byte
)
0xf4
,
(
byte
)
0x58
,
(
byte
)
0x34
,
(
byte
)
0x77
,
(
byte
)
0x76
,
(
byte
)
0xce
,
(
byte
)
0x22
,
(
byte
)
0x44
,
(
byte
)
0x5f
,
(
byte
)
0x2d
,
(
byte
)
0xca
,
(
byte
)
0xee
,
(
byte
)
0xf5
,
(
byte
)
0x43
,
(
byte
)
0x56
,
(
byte
)
0x47
,
(
byte
)
0x71
,
(
byte
)
0x0b
,
(
byte
)
0x09
,
(
byte
)
0x6b
,
(
byte
)
0x5e
,
(
byte
)
0xf2
,
(
byte
)
0xc8
,
(
byte
)
0xee
,
(
byte
)
0xd4
,
(
byte
)
0x6e
,
(
byte
)
0x44
,
(
byte
)
0x92
,
(
byte
)
0x2a
,
(
byte
)
0x7f
,
(
byte
)
0xcc
,
(
byte
)
0xa7
,
(
byte
)
0xd4
,
(
byte
)
0x5b
,
(
byte
)
0xfb
,
(
byte
)
0xf7
,
(
byte
)
0x4a
,
(
byte
)
0xa9
,
(
byte
)
0xfb
,
(
byte
)
0x54
,
(
byte
)
0x18
,
(
byte
)
0xd5
,
(
byte
)
0xd5
,
(
byte
)
0x14
,
(
byte
)
0xba
,
(
byte
)
0xa0
,
(
byte
)
0x1c
,
(
byte
)
0x13
,
(
byte
)
0xb3
,
(
byte
)
0x37
,
(
byte
)
0x6b
,
(
byte
)
0x37
,
(
byte
)
0x59
,
(
byte
)
0xed
,
(
byte
)
0xdb
,
(
byte
)
0x6d
,
(
byte
)
0xb1
};
static
byte
serverModulus
[]
=
{
(
byte
)
0x00
,
(
byte
)
0xa5
,
(
byte
)
0xac
,
(
byte
)
0x5b
,
(
byte
)
0x1c
,
(
byte
)
0x37
,
(
byte
)
0xa2
,
(
byte
)
0xdd
,
(
byte
)
0x99
,
(
byte
)
0x89
,
(
byte
)
0x2d
,
(
byte
)
0xb2
,
(
byte
)
0x79
,
(
byte
)
0xb8
,
(
byte
)
0x8f
,
(
byte
)
0xd5
,
(
byte
)
0x48
,
(
byte
)
0xa5
,
(
byte
)
0xe7
,
(
byte
)
0x1c
,
(
byte
)
0x84
,
(
byte
)
0x17
,
(
byte
)
0x8d
,
(
byte
)
0x69
,
(
byte
)
0x9c
,
(
byte
)
0xc6
,
(
byte
)
0xac
,
(
byte
)
0x6d
,
(
byte
)
0xf9
,
(
byte
)
0xf2
,
(
byte
)
0x1d
,
(
byte
)
0x1f
,
(
byte
)
0x39
,
(
byte
)
0x19
,
(
byte
)
0xda
,
(
byte
)
0xd3
,
(
byte
)
0x72
,
(
byte
)
0x1e
,
(
byte
)
0x6e
,
(
byte
)
0xec
,
(
byte
)
0x44
,
(
byte
)
0xcc
,
(
byte
)
0x70
,
(
byte
)
0xa4
,
(
byte
)
0xdc
,
(
byte
)
0xba
,
(
byte
)
0x00
,
(
byte
)
0x30
,
(
byte
)
0xf6
,
(
byte
)
0xa0
,
(
byte
)
0x4f
,
(
byte
)
0x3d
,
(
byte
)
0x54
,
(
byte
)
0x7a
,
(
byte
)
0x61
,
(
byte
)
0x6a
,
(
byte
)
0xcc
,
(
byte
)
0x57
,
(
byte
)
0xd0
,
(
byte
)
0x0a
,
(
byte
)
0x7f
,
(
byte
)
0x95
,
(
byte
)
0x28
,
(
byte
)
0x18
,
(
byte
)
0x3f
,
(
byte
)
0x9a
,
(
byte
)
0xd9
,
(
byte
)
0x94
,
(
byte
)
0xf2
,
(
byte
)
0x1b
,
(
byte
)
0xc8
,
(
byte
)
0x24
,
(
byte
)
0x88
,
(
byte
)
0x7e
,
(
byte
)
0xfe
,
(
byte
)
0x9d
,
(
byte
)
0x0f
,
(
byte
)
0x3d
,
(
byte
)
0xfb
,
(
byte
)
0x57
,
(
byte
)
0x53
,
(
byte
)
0x08
,
(
byte
)
0xb3
,
(
byte
)
0x20
,
(
byte
)
0x33
,
(
byte
)
0xd4
,
(
byte
)
0x3f
,
(
byte
)
0x17
,
(
byte
)
0x47
,
(
byte
)
0x14
,
(
byte
)
0xd1
,
(
byte
)
0xcd
,
(
byte
)
0xea
,
(
byte
)
0x08
,
(
byte
)
0xd8
,
(
byte
)
0x0e
,
(
byte
)
0x75
,
(
byte
)
0x4e
,
(
byte
)
0xaf
,
(
byte
)
0xbe
,
(
byte
)
0xcc
,
(
byte
)
0xd2
,
(
byte
)
0xec
,
(
byte
)
0xaf
,
(
byte
)
0xa9
,
(
byte
)
0x7a
,
(
byte
)
0x49
,
(
byte
)
0xdf
,
(
byte
)
0xc2
,
(
byte
)
0xd9
,
(
byte
)
0xac
,
(
byte
)
0xb8
,
(
byte
)
0x24
,
(
byte
)
0x40
,
(
byte
)
0x90
,
(
byte
)
0xa6
,
(
byte
)
0x03
,
(
byte
)
0x56
,
(
byte
)
0x2a
,
(
byte
)
0xd0
,
(
byte
)
0x30
,
(
byte
)
0x05
,
(
byte
)
0x40
,
(
byte
)
0x2c
,
(
byte
)
0x4f
,
(
byte
)
0xab
,
(
byte
)
0xd9
,
(
byte
)
0x74
,
(
byte
)
0x89
};
static
byte
clientPrivateExponent
[]
=
{
(
byte
)
0x11
,
(
byte
)
0xb7
,
(
byte
)
0x6a
,
(
byte
)
0x36
,
(
byte
)
0x3d
,
(
byte
)
0x30
,
(
byte
)
0x37
,
(
byte
)
0xce
,
(
byte
)
0x61
,
(
byte
)
0x9d
,
(
byte
)
0x6c
,
(
byte
)
0x84
,
(
byte
)
0x8b
,
(
byte
)
0xf3
,
(
byte
)
0x9b
,
(
byte
)
0x25
,
(
byte
)
0x4f
,
(
byte
)
0x14
,
(
byte
)
0xc8
,
(
byte
)
0xa4
,
(
byte
)
0xdd
,
(
byte
)
0x2f
,
(
byte
)
0xd7
,
(
byte
)
0x9a
,
(
byte
)
0x17
,
(
byte
)
0xbd
,
(
byte
)
0x90
,
(
byte
)
0x19
,
(
byte
)
0xf7
,
(
byte
)
0x05
,
(
byte
)
0xfd
,
(
byte
)
0xf2
,
(
byte
)
0xd2
,
(
byte
)
0xc5
,
(
byte
)
0xf7
,
(
byte
)
0x77
,
(
byte
)
0xbe
,
(
byte
)
0xea
,
(
byte
)
0xe2
,
(
byte
)
0x84
,
(
byte
)
0x87
,
(
byte
)
0x97
,
(
byte
)
0x3a
,
(
byte
)
0x41
,
(
byte
)
0x96
,
(
byte
)
0xb6
,
(
byte
)
0x99
,
(
byte
)
0xf8
,
(
byte
)
0x94
,
(
byte
)
0x8c
,
(
byte
)
0x58
,
(
byte
)
0x71
,
(
byte
)
0x51
,
(
byte
)
0x8c
,
(
byte
)
0xf4
,
(
byte
)
0x2a
,
(
byte
)
0x20
,
(
byte
)
0x9e
,
(
byte
)
0x1a
,
(
byte
)
0xa0
,
(
byte
)
0x26
,
(
byte
)
0x99
,
(
byte
)
0x75
,
(
byte
)
0xd6
,
(
byte
)
0x31
,
(
byte
)
0x53
,
(
byte
)
0x43
,
(
byte
)
0x39
,
(
byte
)
0xf5
,
(
byte
)
0x2a
,
(
byte
)
0xa6
,
(
byte
)
0x7e
,
(
byte
)
0x34
,
(
byte
)
0x42
,
(
byte
)
0x51
,
(
byte
)
0x2a
,
(
byte
)
0x40
,
(
byte
)
0x87
,
(
byte
)
0x03
,
(
byte
)
0x88
,
(
byte
)
0x43
,
(
byte
)
0x69
,
(
byte
)
0xb2
,
(
byte
)
0x89
,
(
byte
)
0x6d
,
(
byte
)
0x20
,
(
byte
)
0xbd
,
(
byte
)
0x7d
,
(
byte
)
0x71
,
(
byte
)
0xef
,
(
byte
)
0x47
,
(
byte
)
0x0a
,
(
byte
)
0xdf
,
(
byte
)
0x06
,
(
byte
)
0xc1
,
(
byte
)
0x69
,
(
byte
)
0x66
,
(
byte
)
0xa8
,
(
byte
)
0x22
,
(
byte
)
0x37
,
(
byte
)
0x1a
,
(
byte
)
0x77
,
(
byte
)
0x1e
,
(
byte
)
0xc7
,
(
byte
)
0x94
,
(
byte
)
0x4e
,
(
byte
)
0x2c
,
(
byte
)
0x27
,
(
byte
)
0x69
,
(
byte
)
0x45
,
(
byte
)
0x5e
,
(
byte
)
0xc8
,
(
byte
)
0xf8
,
(
byte
)
0x0c
,
(
byte
)
0xb7
,
(
byte
)
0xf8
,
(
byte
)
0xc0
,
(
byte
)
0x8f
,
(
byte
)
0x99
,
(
byte
)
0xc1
,
(
byte
)
0xe5
,
(
byte
)
0x28
,
(
byte
)
0x9b
,
(
byte
)
0xf9
,
(
byte
)
0x4c
,
(
byte
)
0x94
,
(
byte
)
0xc6
,
(
byte
)
0xb1
};
static
byte
clientModulus
[]
=
{
(
byte
)
0x00
,
(
byte
)
0xbb
,
(
byte
)
0xf0
,
(
byte
)
0x40
,
(
byte
)
0x36
,
(
byte
)
0xac
,
(
byte
)
0x26
,
(
byte
)
0x54
,
(
byte
)
0x4e
,
(
byte
)
0xf4
,
(
byte
)
0xa3
,
(
byte
)
0x5a
,
(
byte
)
0x00
,
(
byte
)
0x2f
,
(
byte
)
0x69
,
(
byte
)
0x21
,
(
byte
)
0x6f
,
(
byte
)
0xb9
,
(
byte
)
0x7a
,
(
byte
)
0x3a
,
(
byte
)
0x93
,
(
byte
)
0xec
,
(
byte
)
0xa2
,
(
byte
)
0xf6
,
(
byte
)
0xe1
,
(
byte
)
0x8e
,
(
byte
)
0xc7
,
(
byte
)
0x63
,
(
byte
)
0xd8
,
(
byte
)
0x2f
,
(
byte
)
0x12
,
(
byte
)
0x30
,
(
byte
)
0x99
,
(
byte
)
0x2e
,
(
byte
)
0xb0
,
(
byte
)
0xf2
,
(
byte
)
0x8f
,
(
byte
)
0xf8
,
(
byte
)
0x27
,
(
byte
)
0x2d
,
(
byte
)
0x24
,
(
byte
)
0x78
,
(
byte
)
0x28
,
(
byte
)
0x84
,
(
byte
)
0xf7
,
(
byte
)
0x01
,
(
byte
)
0xbf
,
(
byte
)
0x8d
,
(
byte
)
0x44
,
(
byte
)
0x79
,
(
byte
)
0xdd
,
(
byte
)
0x3b
,
(
byte
)
0xd2
,
(
byte
)
0x55
,
(
byte
)
0xf3
,
(
byte
)
0xce
,
(
byte
)
0x3c
,
(
byte
)
0xb2
,
(
byte
)
0x5b
,
(
byte
)
0x21
,
(
byte
)
0x7d
,
(
byte
)
0xef
,
(
byte
)
0xfd
,
(
byte
)
0x33
,
(
byte
)
0x4a
,
(
byte
)
0xb1
,
(
byte
)
0xa3
,
(
byte
)
0xff
,
(
byte
)
0xc6
,
(
byte
)
0xc8
,
(
byte
)
0x9b
,
(
byte
)
0xb9
,
(
byte
)
0x0f
,
(
byte
)
0x7c
,
(
byte
)
0x41
,
(
byte
)
0x35
,
(
byte
)
0x97
,
(
byte
)
0xf9
,
(
byte
)
0xdb
,
(
byte
)
0x3a
,
(
byte
)
0x05
,
(
byte
)
0x60
,
(
byte
)
0x05
,
(
byte
)
0x15
,
(
byte
)
0xaf
,
(
byte
)
0x59
,
(
byte
)
0x17
,
(
byte
)
0x92
,
(
byte
)
0xa3
,
(
byte
)
0x10
,
(
byte
)
0xad
,
(
byte
)
0x16
,
(
byte
)
0x1c
,
(
byte
)
0xe4
,
(
byte
)
0x07
,
(
byte
)
0x53
,
(
byte
)
0xaf
,
(
byte
)
0xa8
,
(
byte
)
0x76
,
(
byte
)
0xa2
,
(
byte
)
0x56
,
(
byte
)
0x2a
,
(
byte
)
0x92
,
(
byte
)
0xd3
,
(
byte
)
0xf9
,
(
byte
)
0x28
,
(
byte
)
0xe0
,
(
byte
)
0x78
,
(
byte
)
0xcf
,
(
byte
)
0x5e
,
(
byte
)
0x1f
,
(
byte
)
0x48
,
(
byte
)
0xab
,
(
byte
)
0x5c
,
(
byte
)
0x19
,
(
byte
)
0xdd
,
(
byte
)
0xe1
,
(
byte
)
0x67
,
(
byte
)
0x43
,
(
byte
)
0xba
,
(
byte
)
0x75
,
(
byte
)
0x8d
,
(
byte
)
0xf5
,
(
byte
)
0x82
,
(
byte
)
0xac
,
(
byte
)
0x43
,
(
byte
)
0x92
,
(
byte
)
0x44
,
(
byte
)
0x1b
};
static
char
passphrase
[]
=
"passphrase"
.
toCharArray
();
/*
* Is the server ready to serve?
*/
volatile
static
boolean
serverReady
=
false
;
/*
* Turn on SSL debugging?
*/
static
boolean
debug
=
false
;
private
SSLServerSocket
sslServerSocket
=
null
;
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void
doServerSide
()
throws
Exception
{
SSLContext
context
=
getSSLContext
(
trusedCertStr
,
serverCertStr
,
serverModulus
,
serverPrivateExponent
,
passphrase
);
SSLServerSocketFactory
sslssf
=
context
.
getServerSocketFactory
();
sslServerSocket
=
(
SSLServerSocket
)
sslssf
.
createServerSocket
(
serverPort
);
serverPort
=
sslServerSocket
.
getLocalPort
();
/*
* Signal Client, we're ready for his connect.
*/
serverReady
=
true
;
SSLSocket
sslSocket
=
(
SSLSocket
)
sslServerSocket
.
accept
();
sslSocket
.
setNeedClientAuth
(
true
);
if
(
sslSocket
instanceof
SSLSocketImpl
)
{
((
SSLSocketImpl
)
sslSocket
).
trySetHostnameVerification
(
"HTTPS"
);
}
PrintStream
out
=
new
PrintStream
(
sslSocket
.
getOutputStream
());
try
{
// ignore request data
// send the response
out
.
print
(
"HTTP/1.1 200 OK\r\n"
);
out
.
print
(
"Content-Type: text/html; charset=iso-8859-1\r\n"
);
out
.
print
(
"Content-Length: "
+
9
+
"\r\n"
);
out
.
print
(
"\r\n"
);
out
.
print
(
"Testing\r\n"
);
out
.
flush
();
}
finally
{
// close the socket
Thread
.
sleep
(
2000
);
System
.
out
.
println
(
"Server closing socket"
);
sslSocket
.
close
();
serverReady
=
false
;
}
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void
doClientSide
()
throws
Exception
{
SSLContext
context
=
getSSLContext
(
trusedCertStr
,
clientCertStr
,
clientModulus
,
clientPrivateExponent
,
passphrase
);
SSLContext
.
setDefault
(
context
);
/*
* Wait for server to get started.
*/
while
(!
serverReady
)
{
Thread
.
sleep
(
50
);
}
HttpsURLConnection
http
=
null
;
/* establish http connection to server */
URL
url
=
new
URL
(
"https://127.0.0.1:"
+
serverPort
+
"/"
);
System
.
out
.
println
(
"url is "
+
url
.
toString
());
http
=
(
HttpsURLConnection
)
url
.
openConnection
();
int
respCode
=
http
.
getResponseCode
();
System
.
out
.
println
(
"respCode = "
+
respCode
);
http
.
disconnect
();
}
/*
* =============================================================
* The remainder is just support stuff
*/
// use any free port by default
volatile
int
serverPort
=
0
;
volatile
Exception
serverException
=
null
;
volatile
Exception
clientException
=
null
;
public
static
void
main
(
String
args
[])
throws
Exception
{
if
(
debug
)
System
.
setProperty
(
"javax.net.debug"
,
"all"
);
/*
* Start the tests.
*/
new
IPAddressIPIdentities
();
}
Thread
clientThread
=
null
;
Thread
serverThread
=
null
;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
IPAddressIPIdentities
()
throws
Exception
{
if
(
separateServerThread
)
{
startServer
(
true
);
startClient
(
false
);
}
else
{
startClient
(
true
);
startServer
(
false
);
}
/*
* Wait for other side to close down.
*/
if
(
separateServerThread
)
{
serverThread
.
join
();
}
else
{
clientThread
.
join
();
}
/*
* When we get here, the test is pretty much over.
*
* If the main thread excepted, that propagates back
* immediately. If the other thread threw an exception, we
* should report back.
*/
if
(
serverException
!=
null
)
throw
serverException
;
if
(
clientException
!=
null
)
throw
clientException
;
}
void
startServer
(
boolean
newThread
)
throws
Exception
{
if
(
newThread
)
{
serverThread
=
new
Thread
()
{
public
void
run
()
{
try
{
doServerSide
();
}
catch
(
Exception
e
)
{
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System
.
err
.
println
(
"Server died..."
);
serverReady
=
true
;
serverException
=
e
;
}
}
};
serverThread
.
start
();
}
else
{
doServerSide
();
}
}
void
startClient
(
boolean
newThread
)
throws
Exception
{
if
(
newThread
)
{
clientThread
=
new
Thread
()
{
public
void
run
()
{
try
{
doClientSide
();
}
catch
(
Exception
e
)
{
/*
* Our client thread just died.
*/
System
.
err
.
println
(
"Client died..."
);
clientException
=
e
;
}
}
};
clientThread
.
start
();
}
else
{
doClientSide
();
}
}
// get the ssl context
private
static
SSLContext
getSSLContext
(
String
trusedCertStr
,
String
keyCertStr
,
byte
[]
modulus
,
byte
[]
privateExponent
,
char
[]
passphrase
)
throws
Exception
{
// generate certificate from cert string
CertificateFactory
cf
=
CertificateFactory
.
getInstance
(
"X.509"
);
ByteArrayInputStream
is
=
new
ByteArrayInputStream
(
trusedCertStr
.
getBytes
());
Certificate
trusedCert
=
cf
.
generateCertificate
(
is
);
is
.
close
();
// create a key store
KeyStore
ks
=
KeyStore
.
getInstance
(
"JKS"
);
ks
.
load
(
null
,
null
);
// import the trused cert
ks
.
setCertificateEntry
(
"RSA Export Signer"
,
trusedCert
);
if
(
keyCertStr
!=
null
)
{
// generate the private key.
RSAPrivateKeySpec
priKeySpec
=
new
RSAPrivateKeySpec
(
new
BigInteger
(
modulus
),
new
BigInteger
(
privateExponent
));
KeyFactory
kf
=
KeyFactory
.
getInstance
(
"RSA"
);
RSAPrivateKey
priKey
=
(
RSAPrivateKey
)
kf
.
generatePrivate
(
priKeySpec
);
// generate certificate chain
is
=
new
ByteArrayInputStream
(
keyCertStr
.
getBytes
());
Certificate
keyCert
=
cf
.
generateCertificate
(
is
);
is
.
close
();
Certificate
[]
chain
=
new
Certificate
[
2
];
chain
[
0
]
=
keyCert
;
chain
[
1
]
=
trusedCert
;
// import the key entry.
ks
.
setKeyEntry
(
"Whatever"
,
priKey
,
passphrase
,
chain
);
}
// create SSL context
TrustManagerFactory
tmf
=
TrustManagerFactory
.
getInstance
(
"PKIX"
);
tmf
.
init
(
ks
);
SSLContext
ctx
=
SSLContext
.
getInstance
(
"TLS"
);
if
(
keyCertStr
!=
null
)
{
KeyManagerFactory
kmf
=
KeyManagerFactory
.
getInstance
(
"SunX509"
);
kmf
.
init
(
ks
,
passphrase
);
ctx
.
init
(
kmf
.
getKeyManagers
(),
tmf
.
getTrustManagers
(),
null
);
}
else
{
ctx
.
init
(
null
,
tmf
.
getTrustManagers
(),
null
);
}
return
ctx
;
}
}
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
0 → 100644
浏览文件 @
ac09e22d
/*
* Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/* @test
* @summary X509 certificate hostname checking is broken in JDK1.6.0_10
* @bug 6766775
* @author Xuelei Fan
*/
import
java.net.*
;
import
java.util.*
;
import
java.io.*
;
import
javax.net.ssl.*
;
import
java.security.KeyStore
;
import
java.security.KeyFactory
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateFactory
;
import
java.security.spec.*
;
import
java.security.interfaces.*
;
import
java.math.BigInteger
;
import
sun.security.ssl.SSLSocketImpl
;
/*
* Certificates and key used in the test.
*
* TLS server certificate:
* server private key:
* -----BEGIN RSA PRIVATE KEY-----
* Proc-Type: 4,ENCRYPTED
* DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A
*
* WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e
* h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI
* nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n
* ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb
* Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP
* ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz
* zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF
* TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J
* LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa
* QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH
* fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT
* pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q
* QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==
* -----END RSA PRIVATE KEY-----
*
* -----BEGIN RSA PRIVATE KEY-----
* MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie
* buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU
* PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB
* AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi
* CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y
* yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo
* OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4
* 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51
* 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16
* rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2
* j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC
* dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF
* u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=
* -----END RSA PRIVATE KEY-----
*
* Private-Key: (1024 bit)
* modulus:
* 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
* d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
* 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
* ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
* 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
* 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
* d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
* 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
* 30:05:40:2c:4f:ab:d9:74:89
* publicExponent: 65537 (0x10001)
* privateExponent:
* 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:
* 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:
* e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:
* 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:
* 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:
* 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:
* 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:
* fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:
* 37:6b:37:59:ed:db:6d:b1
* prime1:
* 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:
* ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:
* 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:
* c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:
* d6:11:4c:99:c7
* prime2:
* 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:
* 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:
* 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:
* 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:
* e0:e1:84:ff:2f
* exponent1:
* 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:
* 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:
* 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:
* 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:
* 12:b7:6e:91
* exponent2:
* 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:
* d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:
* 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:
* 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:
* 19:7b:b0:de:53
* coefficient:
* 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:
* cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:
* 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:
* 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:
* 12:d7:eb:4f
*
*
* server certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 7 (0x7)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 03:27:57 2008 GMT
* Not After : Aug 25 03:27:57 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
* d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
* 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
* ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
* 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
* 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
* d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
* 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
* 30:05:40:2c:4f:ab:d9:74:89
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Basic Constraints:
* CA:FALSE
* X509v3 Key Usage:
* Digital Signature, Non Repudiation, Key Encipherment
* X509v3 Subject Key Identifier:
* ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
*
* X509v3 Subject Alternative Name: critical
* IP Address:127.0.0.1
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICnzCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3NTdaFw0yODA4MjUwMzI3NTdaMHIxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD
* VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3
* ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6
* YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS
* 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjbjBsMAkGA1UdEwQCMAAw
* CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV
* HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB
* MA0GCSqGSIb3DQEBBAUAA4GBAFJjItCtCBZcjD69wdqfIbKmRFa6eJAjR6LcoDva
* cKC/sDOLelpspiZ66Zb0Xdv5qQ7QrfOXt3K8QqJKRMdZLF9WfUfy0gJDM32ub91h
* pu+TmcGPs+6RdrAQcuvU1ZDV9X8SMj7BtKaim4d5sqFw1npncKiA5xFn8vOYwdun
* nZif
* -----END CERTIFICATE-----
*
*
* TLS client certificate:
* client private key:
* ----BEGIN RSA PRIVATE KEY-----
* Proc-Type: 4,ENCRYPTED
* DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390
*
* Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4
* Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf
* q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak
* jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH
* l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat
* 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46
* 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++
* NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+
* DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN
* rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U
* wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO
* ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig
* sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=
* -----END RSA PRIVATE KEY-----
*
* -----BEGIN RSA PRIVATE KEY-----
* MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4
* Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z
* F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB
* AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW
* tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf
* BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6
* zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3
* FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX
* 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM
* PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1
* SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j
* P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY
* FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==
* -----END RSA PRIVATE KEY-----
*
* Private-Key: (1024 bit)
* modulus:
* 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
* 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
* 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
* 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
* 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
* 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
* ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
* 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
* 75:8d:f5:82:ac:43:92:44:1b
* publicExponent: 65537 (0x10001)
* privateExponent:
* 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:
* 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:
* fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:
* b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:
* 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:
* 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:
* 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:
* 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:
* e5:28:9b:f9:4c:94:c6:b1
* prime1:
* 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:
* 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:
* a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:
* 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:
* e2:a0:4d:ab:b5
* prime2:
* 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:
* 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:
* 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:
* bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:
* 76:7d:ce:32:8f
* exponent1:
* 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:
* 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:
* 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:
* 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:
* 4c:de:38:95
* exponent2:
* 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:
* ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:
* 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:
* eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:
* 0d:78:df:fd
* coefficient:
* 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:
* de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:
* aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:
* 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:
* 35:92:f2:e3
*
* client certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 6 (0x6)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 03:27:34 2008 GMT
* Not After : Aug 25 03:27:34 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
* 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
* 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
* 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
* 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
* 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
* ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
* 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
* 75:8d:f5:82:ac:43:92:44:1b
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Basic Constraints:
* CA:FALSE
* X509v3 Key Usage:
* Digital Signature, Non Repudiation, Key Encipherment
* X509v3 Subject Key Identifier:
* CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
*
* X509v3 Subject Alternative Name: critical
* IP Address:127.0.0.1
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICnzCCAgigAwIBAgIBBjANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3MzRaFw0yODA4MjUwMzI3MzRaMHIxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD
* VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas
* JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV
* 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq
* ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjbjBsMAkGA1UdEwQCMAAw
* CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV
* HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB
* MA0GCSqGSIb3DQEBBAUAA4GBACjj9PS+W6XOF7toFMwMOv/AemZeBOpcEF1Ei1Hx
* HjvB6EOHkMY8tFm5OPzkiWiK3+s3awpSW0jWdzMYwrQJ3/klMsPDpI7PEuirqwHP
* i5Wyl/vk7jmfWVcBO9MVhPUo4BYl4vS9aj6JA5QbkbkB95LOgT/BowY0WmHeVsXC
* I9aw
* -----END CERTIFICATE-----
*
*
*
* Trusted CA certificate:
* Certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 0 (0x0)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 02:43:36 2008 GMT
* Not After : Aug 25 02:43:36 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:
* d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:
* 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:
* 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:
* 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:
* 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:
* f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:
* 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:
* 89:2a:95:12:4c:d8:09:2a:e9
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Subject Key Identifier:
* FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org
* serial:00
*
* X509v3 Basic Constraints:
* CA:TRUE
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
* gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX
* 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj
* 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G
* A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ
* hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt
* U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw
* DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA
* ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ
* LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P
* 6Mvf0r1PNTY2hwTJLJmKtg==
* -----END CERTIFICATE---
*/
public
class
IPIdentities
{
static
Map
cookies
;
ServerSocket
ss
;
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static
boolean
separateServerThread
=
true
;
/*
* Where do we find the keystores?
*/
static
String
trusedCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
+
"gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n"
+
"4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n"
+
"7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n"
+
"A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n"
+
"hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n"
+
"U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n"
+
"DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n"
+
"ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n"
+
"LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n"
+
"6Mvf0r1PNTY2hwTJLJmKtg==\n"
+
"-----END CERTIFICATE-----"
;
static
String
serverCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICnzCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3NTdaFw0yODA4MjUwMzI3NTdaMHIxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n"
+
"VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n"
+
"ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n"
+
"YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n"
+
"7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjbjBsMAkGA1UdEwQCMAAw\n"
+
"CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n"
+
"HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB\n"
+
"MA0GCSqGSIb3DQEBBAUAA4GBAFJjItCtCBZcjD69wdqfIbKmRFa6eJAjR6LcoDva\n"
+
"cKC/sDOLelpspiZ66Zb0Xdv5qQ7QrfOXt3K8QqJKRMdZLF9WfUfy0gJDM32ub91h\n"
+
"pu+TmcGPs+6RdrAQcuvU1ZDV9X8SMj7BtKaim4d5sqFw1npncKiA5xFn8vOYwdun\n"
+
"nZif\n"
+
"-----END CERTIFICATE-----"
;
static
String
clientCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICnzCCAgigAwIBAgIBBjANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMzI3MzRaFw0yODA4MjUwMzI3MzRaMHIxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n"
+
"VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n"
+
"JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n"
+
"8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n"
+
"ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjbjBsMAkGA1UdEwQCMAAw\n"
+
"CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n"
+
"HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDASBgNVHREBAf8ECDAGhwR/AAAB\n"
+
"MA0GCSqGSIb3DQEBBAUAA4GBACjj9PS+W6XOF7toFMwMOv/AemZeBOpcEF1Ei1Hx\n"
+
"HjvB6EOHkMY8tFm5OPzkiWiK3+s3awpSW0jWdzMYwrQJ3/klMsPDpI7PEuirqwHP\n"
+
"i5Wyl/vk7jmfWVcBO9MVhPUo4BYl4vS9aj6JA5QbkbkB95LOgT/BowY0WmHeVsXC\n"
+
"I9aw\n"
+
"-----END CERTIFICATE-----"
;
static
byte
serverPrivateExponent
[]
=
{
(
byte
)
0x6e
,
(
byte
)
0xa7
,
(
byte
)
0x1b
,
(
byte
)
0x83
,
(
byte
)
0x51
,
(
byte
)
0x35
,
(
byte
)
0x9a
,
(
byte
)
0x44
,
(
byte
)
0x7d
,
(
byte
)
0xf6
,
(
byte
)
0xe3
,
(
byte
)
0x89
,
(
byte
)
0xa0
,
(
byte
)
0xd7
,
(
byte
)
0x90
,
(
byte
)
0x60
,
(
byte
)
0xa1
,
(
byte
)
0x4e
,
(
byte
)
0x27
,
(
byte
)
0x21
,
(
byte
)
0xa2
,
(
byte
)
0x89
,
(
byte
)
0x74
,
(
byte
)
0xcc
,
(
byte
)
0x9d
,
(
byte
)
0x75
,
(
byte
)
0x75
,
(
byte
)
0x4e
,
(
byte
)
0xc7
,
(
byte
)
0x82
,
(
byte
)
0xe3
,
(
byte
)
0xe3
,
(
byte
)
0xc3
,
(
byte
)
0x7d
,
(
byte
)
0x00
,
(
byte
)
0x54
,
(
byte
)
0xec
,
(
byte
)
0x36
,
(
byte
)
0xb1
,
(
byte
)
0xdf
,
(
byte
)
0x91
,
(
byte
)
0x9c
,
(
byte
)
0x7a
,
(
byte
)
0xc0
,
(
byte
)
0x62
,
(
byte
)
0x0a
,
(
byte
)
0xd6
,
(
byte
)
0xa9
,
(
byte
)
0x22
,
(
byte
)
0x91
,
(
byte
)
0x4a
,
(
byte
)
0x29
,
(
byte
)
0x2e
,
(
byte
)
0x43
,
(
byte
)
0xfa
,
(
byte
)
0x8c
,
(
byte
)
0xd8
,
(
byte
)
0xe9
,
(
byte
)
0xbe
,
(
byte
)
0xd9
,
(
byte
)
0x4f
,
(
byte
)
0xca
,
(
byte
)
0x23
,
(
byte
)
0xc6
,
(
byte
)
0xe4
,
(
byte
)
0x3f
,
(
byte
)
0xb8
,
(
byte
)
0x72
,
(
byte
)
0xcf
,
(
byte
)
0x02
,
(
byte
)
0xfc
,
(
byte
)
0xf4
,
(
byte
)
0x58
,
(
byte
)
0x34
,
(
byte
)
0x77
,
(
byte
)
0x76
,
(
byte
)
0xce
,
(
byte
)
0x22
,
(
byte
)
0x44
,
(
byte
)
0x5f
,
(
byte
)
0x2d
,
(
byte
)
0xca
,
(
byte
)
0xee
,
(
byte
)
0xf5
,
(
byte
)
0x43
,
(
byte
)
0x56
,
(
byte
)
0x47
,
(
byte
)
0x71
,
(
byte
)
0x0b
,
(
byte
)
0x09
,
(
byte
)
0x6b
,
(
byte
)
0x5e
,
(
byte
)
0xf2
,
(
byte
)
0xc8
,
(
byte
)
0xee
,
(
byte
)
0xd4
,
(
byte
)
0x6e
,
(
byte
)
0x44
,
(
byte
)
0x92
,
(
byte
)
0x2a
,
(
byte
)
0x7f
,
(
byte
)
0xcc
,
(
byte
)
0xa7
,
(
byte
)
0xd4
,
(
byte
)
0x5b
,
(
byte
)
0xfb
,
(
byte
)
0xf7
,
(
byte
)
0x4a
,
(
byte
)
0xa9
,
(
byte
)
0xfb
,
(
byte
)
0x54
,
(
byte
)
0x18
,
(
byte
)
0xd5
,
(
byte
)
0xd5
,
(
byte
)
0x14
,
(
byte
)
0xba
,
(
byte
)
0xa0
,
(
byte
)
0x1c
,
(
byte
)
0x13
,
(
byte
)
0xb3
,
(
byte
)
0x37
,
(
byte
)
0x6b
,
(
byte
)
0x37
,
(
byte
)
0x59
,
(
byte
)
0xed
,
(
byte
)
0xdb
,
(
byte
)
0x6d
,
(
byte
)
0xb1
};
static
byte
serverModulus
[]
=
{
(
byte
)
0x00
,
(
byte
)
0xa5
,
(
byte
)
0xac
,
(
byte
)
0x5b
,
(
byte
)
0x1c
,
(
byte
)
0x37
,
(
byte
)
0xa2
,
(
byte
)
0xdd
,
(
byte
)
0x99
,
(
byte
)
0x89
,
(
byte
)
0x2d
,
(
byte
)
0xb2
,
(
byte
)
0x79
,
(
byte
)
0xb8
,
(
byte
)
0x8f
,
(
byte
)
0xd5
,
(
byte
)
0x48
,
(
byte
)
0xa5
,
(
byte
)
0xe7
,
(
byte
)
0x1c
,
(
byte
)
0x84
,
(
byte
)
0x17
,
(
byte
)
0x8d
,
(
byte
)
0x69
,
(
byte
)
0x9c
,
(
byte
)
0xc6
,
(
byte
)
0xac
,
(
byte
)
0x6d
,
(
byte
)
0xf9
,
(
byte
)
0xf2
,
(
byte
)
0x1d
,
(
byte
)
0x1f
,
(
byte
)
0x39
,
(
byte
)
0x19
,
(
byte
)
0xda
,
(
byte
)
0xd3
,
(
byte
)
0x72
,
(
byte
)
0x1e
,
(
byte
)
0x6e
,
(
byte
)
0xec
,
(
byte
)
0x44
,
(
byte
)
0xcc
,
(
byte
)
0x70
,
(
byte
)
0xa4
,
(
byte
)
0xdc
,
(
byte
)
0xba
,
(
byte
)
0x00
,
(
byte
)
0x30
,
(
byte
)
0xf6
,
(
byte
)
0xa0
,
(
byte
)
0x4f
,
(
byte
)
0x3d
,
(
byte
)
0x54
,
(
byte
)
0x7a
,
(
byte
)
0x61
,
(
byte
)
0x6a
,
(
byte
)
0xcc
,
(
byte
)
0x57
,
(
byte
)
0xd0
,
(
byte
)
0x0a
,
(
byte
)
0x7f
,
(
byte
)
0x95
,
(
byte
)
0x28
,
(
byte
)
0x18
,
(
byte
)
0x3f
,
(
byte
)
0x9a
,
(
byte
)
0xd9
,
(
byte
)
0x94
,
(
byte
)
0xf2
,
(
byte
)
0x1b
,
(
byte
)
0xc8
,
(
byte
)
0x24
,
(
byte
)
0x88
,
(
byte
)
0x7e
,
(
byte
)
0xfe
,
(
byte
)
0x9d
,
(
byte
)
0x0f
,
(
byte
)
0x3d
,
(
byte
)
0xfb
,
(
byte
)
0x57
,
(
byte
)
0x53
,
(
byte
)
0x08
,
(
byte
)
0xb3
,
(
byte
)
0x20
,
(
byte
)
0x33
,
(
byte
)
0xd4
,
(
byte
)
0x3f
,
(
byte
)
0x17
,
(
byte
)
0x47
,
(
byte
)
0x14
,
(
byte
)
0xd1
,
(
byte
)
0xcd
,
(
byte
)
0xea
,
(
byte
)
0x08
,
(
byte
)
0xd8
,
(
byte
)
0x0e
,
(
byte
)
0x75
,
(
byte
)
0x4e
,
(
byte
)
0xaf
,
(
byte
)
0xbe
,
(
byte
)
0xcc
,
(
byte
)
0xd2
,
(
byte
)
0xec
,
(
byte
)
0xaf
,
(
byte
)
0xa9
,
(
byte
)
0x7a
,
(
byte
)
0x49
,
(
byte
)
0xdf
,
(
byte
)
0xc2
,
(
byte
)
0xd9
,
(
byte
)
0xac
,
(
byte
)
0xb8
,
(
byte
)
0x24
,
(
byte
)
0x40
,
(
byte
)
0x90
,
(
byte
)
0xa6
,
(
byte
)
0x03
,
(
byte
)
0x56
,
(
byte
)
0x2a
,
(
byte
)
0xd0
,
(
byte
)
0x30
,
(
byte
)
0x05
,
(
byte
)
0x40
,
(
byte
)
0x2c
,
(
byte
)
0x4f
,
(
byte
)
0xab
,
(
byte
)
0xd9
,
(
byte
)
0x74
,
(
byte
)
0x89
};
static
byte
clientPrivateExponent
[]
=
{
(
byte
)
0x11
,
(
byte
)
0xb7
,
(
byte
)
0x6a
,
(
byte
)
0x36
,
(
byte
)
0x3d
,
(
byte
)
0x30
,
(
byte
)
0x37
,
(
byte
)
0xce
,
(
byte
)
0x61
,
(
byte
)
0x9d
,
(
byte
)
0x6c
,
(
byte
)
0x84
,
(
byte
)
0x8b
,
(
byte
)
0xf3
,
(
byte
)
0x9b
,
(
byte
)
0x25
,
(
byte
)
0x4f
,
(
byte
)
0x14
,
(
byte
)
0xc8
,
(
byte
)
0xa4
,
(
byte
)
0xdd
,
(
byte
)
0x2f
,
(
byte
)
0xd7
,
(
byte
)
0x9a
,
(
byte
)
0x17
,
(
byte
)
0xbd
,
(
byte
)
0x90
,
(
byte
)
0x19
,
(
byte
)
0xf7
,
(
byte
)
0x05
,
(
byte
)
0xfd
,
(
byte
)
0xf2
,
(
byte
)
0xd2
,
(
byte
)
0xc5
,
(
byte
)
0xf7
,
(
byte
)
0x77
,
(
byte
)
0xbe
,
(
byte
)
0xea
,
(
byte
)
0xe2
,
(
byte
)
0x84
,
(
byte
)
0x87
,
(
byte
)
0x97
,
(
byte
)
0x3a
,
(
byte
)
0x41
,
(
byte
)
0x96
,
(
byte
)
0xb6
,
(
byte
)
0x99
,
(
byte
)
0xf8
,
(
byte
)
0x94
,
(
byte
)
0x8c
,
(
byte
)
0x58
,
(
byte
)
0x71
,
(
byte
)
0x51
,
(
byte
)
0x8c
,
(
byte
)
0xf4
,
(
byte
)
0x2a
,
(
byte
)
0x20
,
(
byte
)
0x9e
,
(
byte
)
0x1a
,
(
byte
)
0xa0
,
(
byte
)
0x26
,
(
byte
)
0x99
,
(
byte
)
0x75
,
(
byte
)
0xd6
,
(
byte
)
0x31
,
(
byte
)
0x53
,
(
byte
)
0x43
,
(
byte
)
0x39
,
(
byte
)
0xf5
,
(
byte
)
0x2a
,
(
byte
)
0xa6
,
(
byte
)
0x7e
,
(
byte
)
0x34
,
(
byte
)
0x42
,
(
byte
)
0x51
,
(
byte
)
0x2a
,
(
byte
)
0x40
,
(
byte
)
0x87
,
(
byte
)
0x03
,
(
byte
)
0x88
,
(
byte
)
0x43
,
(
byte
)
0x69
,
(
byte
)
0xb2
,
(
byte
)
0x89
,
(
byte
)
0x6d
,
(
byte
)
0x20
,
(
byte
)
0xbd
,
(
byte
)
0x7d
,
(
byte
)
0x71
,
(
byte
)
0xef
,
(
byte
)
0x47
,
(
byte
)
0x0a
,
(
byte
)
0xdf
,
(
byte
)
0x06
,
(
byte
)
0xc1
,
(
byte
)
0x69
,
(
byte
)
0x66
,
(
byte
)
0xa8
,
(
byte
)
0x22
,
(
byte
)
0x37
,
(
byte
)
0x1a
,
(
byte
)
0x77
,
(
byte
)
0x1e
,
(
byte
)
0xc7
,
(
byte
)
0x94
,
(
byte
)
0x4e
,
(
byte
)
0x2c
,
(
byte
)
0x27
,
(
byte
)
0x69
,
(
byte
)
0x45
,
(
byte
)
0x5e
,
(
byte
)
0xc8
,
(
byte
)
0xf8
,
(
byte
)
0x0c
,
(
byte
)
0xb7
,
(
byte
)
0xf8
,
(
byte
)
0xc0
,
(
byte
)
0x8f
,
(
byte
)
0x99
,
(
byte
)
0xc1
,
(
byte
)
0xe5
,
(
byte
)
0x28
,
(
byte
)
0x9b
,
(
byte
)
0xf9
,
(
byte
)
0x4c
,
(
byte
)
0x94
,
(
byte
)
0xc6
,
(
byte
)
0xb1
};
static
byte
clientModulus
[]
=
{
(
byte
)
0x00
,
(
byte
)
0xbb
,
(
byte
)
0xf0
,
(
byte
)
0x40
,
(
byte
)
0x36
,
(
byte
)
0xac
,
(
byte
)
0x26
,
(
byte
)
0x54
,
(
byte
)
0x4e
,
(
byte
)
0xf4
,
(
byte
)
0xa3
,
(
byte
)
0x5a
,
(
byte
)
0x00
,
(
byte
)
0x2f
,
(
byte
)
0x69
,
(
byte
)
0x21
,
(
byte
)
0x6f
,
(
byte
)
0xb9
,
(
byte
)
0x7a
,
(
byte
)
0x3a
,
(
byte
)
0x93
,
(
byte
)
0xec
,
(
byte
)
0xa2
,
(
byte
)
0xf6
,
(
byte
)
0xe1
,
(
byte
)
0x8e
,
(
byte
)
0xc7
,
(
byte
)
0x63
,
(
byte
)
0xd8
,
(
byte
)
0x2f
,
(
byte
)
0x12
,
(
byte
)
0x30
,
(
byte
)
0x99
,
(
byte
)
0x2e
,
(
byte
)
0xb0
,
(
byte
)
0xf2
,
(
byte
)
0x8f
,
(
byte
)
0xf8
,
(
byte
)
0x27
,
(
byte
)
0x2d
,
(
byte
)
0x24
,
(
byte
)
0x78
,
(
byte
)
0x28
,
(
byte
)
0x84
,
(
byte
)
0xf7
,
(
byte
)
0x01
,
(
byte
)
0xbf
,
(
byte
)
0x8d
,
(
byte
)
0x44
,
(
byte
)
0x79
,
(
byte
)
0xdd
,
(
byte
)
0x3b
,
(
byte
)
0xd2
,
(
byte
)
0x55
,
(
byte
)
0xf3
,
(
byte
)
0xce
,
(
byte
)
0x3c
,
(
byte
)
0xb2
,
(
byte
)
0x5b
,
(
byte
)
0x21
,
(
byte
)
0x7d
,
(
byte
)
0xef
,
(
byte
)
0xfd
,
(
byte
)
0x33
,
(
byte
)
0x4a
,
(
byte
)
0xb1
,
(
byte
)
0xa3
,
(
byte
)
0xff
,
(
byte
)
0xc6
,
(
byte
)
0xc8
,
(
byte
)
0x9b
,
(
byte
)
0xb9
,
(
byte
)
0x0f
,
(
byte
)
0x7c
,
(
byte
)
0x41
,
(
byte
)
0x35
,
(
byte
)
0x97
,
(
byte
)
0xf9
,
(
byte
)
0xdb
,
(
byte
)
0x3a
,
(
byte
)
0x05
,
(
byte
)
0x60
,
(
byte
)
0x05
,
(
byte
)
0x15
,
(
byte
)
0xaf
,
(
byte
)
0x59
,
(
byte
)
0x17
,
(
byte
)
0x92
,
(
byte
)
0xa3
,
(
byte
)
0x10
,
(
byte
)
0xad
,
(
byte
)
0x16
,
(
byte
)
0x1c
,
(
byte
)
0xe4
,
(
byte
)
0x07
,
(
byte
)
0x53
,
(
byte
)
0xaf
,
(
byte
)
0xa8
,
(
byte
)
0x76
,
(
byte
)
0xa2
,
(
byte
)
0x56
,
(
byte
)
0x2a
,
(
byte
)
0x92
,
(
byte
)
0xd3
,
(
byte
)
0xf9
,
(
byte
)
0x28
,
(
byte
)
0xe0
,
(
byte
)
0x78
,
(
byte
)
0xcf
,
(
byte
)
0x5e
,
(
byte
)
0x1f
,
(
byte
)
0x48
,
(
byte
)
0xab
,
(
byte
)
0x5c
,
(
byte
)
0x19
,
(
byte
)
0xdd
,
(
byte
)
0xe1
,
(
byte
)
0x67
,
(
byte
)
0x43
,
(
byte
)
0xba
,
(
byte
)
0x75
,
(
byte
)
0x8d
,
(
byte
)
0xf5
,
(
byte
)
0x82
,
(
byte
)
0xac
,
(
byte
)
0x43
,
(
byte
)
0x92
,
(
byte
)
0x44
,
(
byte
)
0x1b
};
static
char
passphrase
[]
=
"passphrase"
.
toCharArray
();
/*
* Is the server ready to serve?
*/
volatile
static
boolean
serverReady
=
false
;
/*
* Turn on SSL debugging?
*/
static
boolean
debug
=
false
;
private
SSLServerSocket
sslServerSocket
=
null
;
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void
doServerSide
()
throws
Exception
{
SSLContext
context
=
getSSLContext
(
trusedCertStr
,
serverCertStr
,
serverModulus
,
serverPrivateExponent
,
passphrase
);
SSLServerSocketFactory
sslssf
=
context
.
getServerSocketFactory
();
sslServerSocket
=
(
SSLServerSocket
)
sslssf
.
createServerSocket
(
serverPort
);
serverPort
=
sslServerSocket
.
getLocalPort
();
/*
* Signal Client, we're ready for his connect.
*/
serverReady
=
true
;
SSLSocket
sslSocket
=
(
SSLSocket
)
sslServerSocket
.
accept
();
sslSocket
.
setNeedClientAuth
(
true
);
if
(
sslSocket
instanceof
SSLSocketImpl
)
{
((
SSLSocketImpl
)
sslSocket
).
trySetHostnameVerification
(
"HTTPS"
);
}
PrintStream
out
=
new
PrintStream
(
sslSocket
.
getOutputStream
());
try
{
// ignore request data
// send the response
out
.
print
(
"HTTP/1.1 200 OK\r\n"
);
out
.
print
(
"Content-Type: text/html; charset=iso-8859-1\r\n"
);
out
.
print
(
"Content-Length: "
+
9
+
"\r\n"
);
out
.
print
(
"\r\n"
);
out
.
print
(
"Testing\r\n"
);
out
.
flush
();
}
finally
{
// close the socket
Thread
.
sleep
(
2000
);
System
.
out
.
println
(
"Server closing socket"
);
sslSocket
.
close
();
serverReady
=
false
;
}
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void
doClientSide
()
throws
Exception
{
SSLContext
context
=
getSSLContext
(
trusedCertStr
,
clientCertStr
,
clientModulus
,
clientPrivateExponent
,
passphrase
);
SSLContext
.
setDefault
(
context
);
/*
* Wait for server to get started.
*/
while
(!
serverReady
)
{
Thread
.
sleep
(
50
);
}
HttpsURLConnection
http
=
null
;
/* establish http connection to server */
URL
url
=
new
URL
(
"https://localhost:"
+
serverPort
+
"/"
);
System
.
out
.
println
(
"url is "
+
url
.
toString
());
http
=
(
HttpsURLConnection
)
url
.
openConnection
();
int
respCode
=
http
.
getResponseCode
();
System
.
out
.
println
(
"respCode = "
+
respCode
);
http
.
disconnect
();
}
/*
* =============================================================
* The remainder is just support stuff
*/
// use any free port by default
volatile
int
serverPort
=
0
;
volatile
Exception
serverException
=
null
;
volatile
Exception
clientException
=
null
;
public
static
void
main
(
String
args
[])
throws
Exception
{
if
(
debug
)
System
.
setProperty
(
"javax.net.debug"
,
"all"
);
/*
* Start the tests.
*/
new
IPIdentities
();
}
Thread
clientThread
=
null
;
Thread
serverThread
=
null
;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
IPIdentities
()
throws
Exception
{
if
(
separateServerThread
)
{
startServer
(
true
);
startClient
(
false
);
}
else
{
startClient
(
true
);
startServer
(
false
);
}
/*
* Wait for other side to close down.
*/
if
(
separateServerThread
)
{
serverThread
.
join
();
}
else
{
clientThread
.
join
();
}
/*
* When we get here, the test is pretty much over.
*
* If the main thread excepted, that propagates back
* immediately. If the other thread threw an exception, we
* should report back.
*/
if
(
serverException
!=
null
)
throw
serverException
;
if
(
clientException
!=
null
)
throw
clientException
;
}
void
startServer
(
boolean
newThread
)
throws
Exception
{
if
(
newThread
)
{
serverThread
=
new
Thread
()
{
public
void
run
()
{
try
{
doServerSide
();
}
catch
(
Exception
e
)
{
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System
.
err
.
println
(
"Server died..."
);
serverReady
=
true
;
serverException
=
e
;
}
}
};
serverThread
.
start
();
}
else
{
doServerSide
();
}
}
void
startClient
(
boolean
newThread
)
throws
Exception
{
if
(
newThread
)
{
clientThread
=
new
Thread
()
{
public
void
run
()
{
try
{
doClientSide
();
}
catch
(
Exception
e
)
{
/*
* Our client thread just died.
*/
System
.
err
.
println
(
"Client died..."
);
clientException
=
e
;
}
}
};
clientThread
.
start
();
}
else
{
doClientSide
();
}
}
// get the ssl context
private
static
SSLContext
getSSLContext
(
String
trusedCertStr
,
String
keyCertStr
,
byte
[]
modulus
,
byte
[]
privateExponent
,
char
[]
passphrase
)
throws
Exception
{
// generate certificate from cert string
CertificateFactory
cf
=
CertificateFactory
.
getInstance
(
"X.509"
);
ByteArrayInputStream
is
=
new
ByteArrayInputStream
(
trusedCertStr
.
getBytes
());
Certificate
trusedCert
=
cf
.
generateCertificate
(
is
);
is
.
close
();
// create a key store
KeyStore
ks
=
KeyStore
.
getInstance
(
"JKS"
);
ks
.
load
(
null
,
null
);
// import the trused cert
ks
.
setCertificateEntry
(
"RSA Export Signer"
,
trusedCert
);
if
(
keyCertStr
!=
null
)
{
// generate the private key.
RSAPrivateKeySpec
priKeySpec
=
new
RSAPrivateKeySpec
(
new
BigInteger
(
modulus
),
new
BigInteger
(
privateExponent
));
KeyFactory
kf
=
KeyFactory
.
getInstance
(
"RSA"
);
RSAPrivateKey
priKey
=
(
RSAPrivateKey
)
kf
.
generatePrivate
(
priKeySpec
);
// generate certificate chain
is
=
new
ByteArrayInputStream
(
keyCertStr
.
getBytes
());
Certificate
keyCert
=
cf
.
generateCertificate
(
is
);
is
.
close
();
Certificate
[]
chain
=
new
Certificate
[
2
];
chain
[
0
]
=
keyCert
;
chain
[
1
]
=
trusedCert
;
// import the key entry.
ks
.
setKeyEntry
(
"Whatever"
,
priKey
,
passphrase
,
chain
);
}
// create SSL context
TrustManagerFactory
tmf
=
TrustManagerFactory
.
getInstance
(
"PKIX"
);
tmf
.
init
(
ks
);
SSLContext
ctx
=
SSLContext
.
getInstance
(
"TLS"
);
if
(
keyCertStr
!=
null
)
{
KeyManagerFactory
kmf
=
KeyManagerFactory
.
getInstance
(
"SunX509"
);
kmf
.
init
(
ks
,
passphrase
);
ctx
.
init
(
kmf
.
getKeyManagers
(),
tmf
.
getTrustManagers
(),
null
);
}
else
{
ctx
.
init
(
null
,
tmf
.
getTrustManagers
(),
null
);
}
return
ctx
;
}
}
test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java
0 → 100644
浏览文件 @
ac09e22d
/*
* Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/* @test
* @summary X509 certificate hostname checking is broken in JDK1.6.0_10
* @bug 6766775
* @author Xuelei Fan
*/
import
java.net.*
;
import
java.util.*
;
import
java.io.*
;
import
javax.net.ssl.*
;
import
java.security.KeyStore
;
import
java.security.KeyFactory
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateFactory
;
import
java.security.spec.*
;
import
java.security.interfaces.*
;
import
java.math.BigInteger
;
import
sun.security.ssl.SSLSocketImpl
;
/*
* Certificates and key used in the test.
*
* TLS server certificate:
* server private key:
* -----BEGIN RSA PRIVATE KEY-----
* Proc-Type: 4,ENCRYPTED
* DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A
*
* WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e
* h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI
* nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n
* ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb
* Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP
* ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz
* zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF
* TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J
* LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa
* QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH
* fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT
* pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q
* QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==
* -----END RSA PRIVATE KEY-----
*
* -----BEGIN RSA PRIVATE KEY-----
* MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie
* buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU
* PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB
* AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi
* CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y
* yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo
* OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4
* 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51
* 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16
* rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2
* j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC
* dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF
* u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=
* -----END RSA PRIVATE KEY-----
*
* Private-Key: (1024 bit)
* modulus:
* 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
* d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
* 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
* ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
* 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
* 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
* d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
* 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
* 30:05:40:2c:4f:ab:d9:74:89
* publicExponent: 65537 (0x10001)
* privateExponent:
* 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:
* 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:
* e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:
* 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:
* 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:
* 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:
* 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:
* fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:
* 37:6b:37:59:ed:db:6d:b1
* prime1:
* 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:
* ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:
* 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:
* c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:
* d6:11:4c:99:c7
* prime2:
* 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:
* 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:
* 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:
* 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:
* e0:e1:84:ff:2f
* exponent1:
* 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:
* 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:
* 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:
* 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:
* 12:b7:6e:91
* exponent2:
* 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:
* d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:
* 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:
* 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:
* 19:7b:b0:de:53
* coefficient:
* 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:
* cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:
* 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:
* 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:
* 12:d7:eb:4f
*
*
* server certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 4 (0x4)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 03:21:16 2008 GMT
* Not After : Aug 25 03:21:16 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:
* d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:
* 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:
* ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:
* 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:
* 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:
* d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:
* 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:
* 30:05:40:2c:4f:ab:d9:74:89
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Basic Constraints:
* CA:FALSE
* X509v3 Key Usage:
* Digital Signature, Non Repudiation, Key Encipherment
* X509v3 Subject Key Identifier:
* ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
*
* X509v3 Subject Alternative Name: critical
* IP Address:127.0.0.1, DNS:localhost
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICqjCCAhOgAwIBAgIBBDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMzIxMTZaFw0yODA4MjUwMzIxMTZaMHIxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD
* VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3
* ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6
* YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS
* 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjeTB3MAkGA1UdEwQCMAAw
* CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV
* HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB
* gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAWTrftGaL73lKLgRTrChGR+F6
* //qvs0OM94IOKVeHz36NO49cMJmhJSbKdiGIkppBgpLIBoWxZlN9NOO9oSXFYZsZ
* rHaAe9/lWMtQM7XpjqjhWVhB5VPvWFbkorQFMtRYLf7pkonGPFq8GOO1s0TKhogC
* jtYCdzlrU4v+om/J3H8=
* -----END CERTIFICATE-----
*
*
* TLS client certificate:
* client private key:
* ----BEGIN RSA PRIVATE KEY-----
* Proc-Type: 4,ENCRYPTED
* DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390
*
* Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4
* Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf
* q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak
* jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH
* l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat
* 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46
* 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++
* NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+
* DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN
* rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U
* wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO
* ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig
* sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=
* -----END RSA PRIVATE KEY-----
*
* -----BEGIN RSA PRIVATE KEY-----
* MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4
* Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z
* F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB
* AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW
* tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf
* BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6
* zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3
* FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX
* 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM
* PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1
* SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j
* P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY
* FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==
* -----END RSA PRIVATE KEY-----
*
* Private-Key: (1024 bit)
* modulus:
* 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
* 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
* 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
* 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
* 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
* 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
* ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
* 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
* 75:8d:f5:82:ac:43:92:44:1b
* publicExponent: 65537 (0x10001)
* privateExponent:
* 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:
* 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:
* fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:
* b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:
* 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:
* 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:
* 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:
* 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:
* e5:28:9b:f9:4c:94:c6:b1
* prime1:
* 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:
* 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:
* a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:
* 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:
* e2:a0:4d:ab:b5
* prime2:
* 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:
* 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:
* 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:
* bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:
* 76:7d:ce:32:8f
* exponent1:
* 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:
* 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:
* 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:
* 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:
* 4c:de:38:95
* exponent2:
* 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:
* ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:
* 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:
* eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:
* 0d:78:df:fd
* coefficient:
* 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:
* de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:
* aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:
* 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:
* 35:92:f2:e3
*
* client certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 5 (0x5)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 03:22:10 2008 GMT
* Not After : Aug 25 03:22:10 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
* 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
* 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
* 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
* 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
* 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
* ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
* 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
* 75:8d:f5:82:ac:43:92:44:1b
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Basic Constraints:
* CA:FALSE
* X509v3 Key Usage:
* Digital Signature, Non Repudiation, Key Encipherment
* X509v3 Subject Key Identifier:
* CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
*
* X509v3 Subject Alternative Name: critical
* IP Address:127.0.0.1, DNS:localhost
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICqjCCAhOgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMzIyMTBaFw0yODA4MjUwMzIyMTBaMHIxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD
* VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas
* JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV
* 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq
* ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjeTB3MAkGA1UdEwQCMAAw
* CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV
* HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB
* gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAwDc4f13abs9ZeEkrl5WV2Z74
* BlmBhXu8ExtAvoF9q6Ug6xV1MDpxbD124KfUHHL0kNMhMB1WIpC0kOnQBxziNpfS
* 7u6GOc3tWLSxw/sHoJGCefnRBllLZOoQuSBrWB8qgilL6HRmZ4UqDcXu4UCaLBZ0
* KGDT5ASEN6Lq2GtiP4Y=
* -----END CERTIFICATE-----
*
*
*
* Trusted CA certificate:
* Certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 0 (0x0)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 02:43:36 2008 GMT
* Not After : Aug 25 02:43:36 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:
* d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:
* 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:
* 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:
* 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:
* 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:
* f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:
* 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:
* 89:2a:95:12:4c:d8:09:2a:e9
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Subject Key Identifier:
* FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org
* serial:00
*
* X509v3 Basic Constraints:
* CA:TRUE
* Signature Algorithm: md5WithRSAEncryption
*
* -----BEGIN CERTIFICATE-----
* MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET
* MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK
* EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ
* BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp
* dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
* gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX
* 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj
* 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G
* A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ
* hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt
* U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw
* DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA
* ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ
* LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P
* 6Mvf0r1PNTY2hwTJLJmKtg==
* -----END CERTIFICATE---
*/
public
class
Identities
{
static
Map
cookies
;
ServerSocket
ss
;
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static
boolean
separateServerThread
=
true
;
/*
* Where do we find the keystores?
*/
static
String
trusedCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
+
"gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n"
+
"4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n"
+
"7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n"
+
"A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n"
+
"hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n"
+
"U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n"
+
"DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n"
+
"ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n"
+
"LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n"
+
"6Mvf0r1PNTY2hwTJLJmKtg==\n"
+
"-----END CERTIFICATE-----"
;
static
String
serverCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICqjCCAhOgAwIBAgIBBDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMzIxMTZaFw0yODA4MjUwMzIxMTZaMHIxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n"
+
"VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n"
+
"ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n"
+
"YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n"
+
"7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjeTB3MAkGA1UdEwQCMAAw\n"
+
"CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n"
+
"HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB\n"
+
"gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAWTrftGaL73lKLgRTrChGR+F6\n"
+
"//qvs0OM94IOKVeHz36NO49cMJmhJSbKdiGIkppBgpLIBoWxZlN9NOO9oSXFYZsZ\n"
+
"rHaAe9/lWMtQM7XpjqjhWVhB5VPvWFbkorQFMtRYLf7pkonGPFq8GOO1s0TKhogC\n"
+
"jtYCdzlrU4v+om/J3H8=\n"
+
"-----END CERTIFICATE-----"
;
static
String
clientCertStr
=
"-----BEGIN CERTIFICATE-----\n"
+
"MIICqjCCAhOgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n"
+
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n"
+
"EwhTb21lLU9yZzAeFw0wODEyMDgwMzIyMTBaFw0yODA4MjUwMzIyMTBaMHIxCzAJ\n"
+
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n"
+
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n"
+
"VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n"
+
"JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n"
+
"8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n"
+
"ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjeTB3MAkGA1UdEwQCMAAw\n"
+
"CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n"
+
"HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB\n"
+
"gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAwDc4f13abs9ZeEkrl5WV2Z74\n"
+
"BlmBhXu8ExtAvoF9q6Ug6xV1MDpxbD124KfUHHL0kNMhMB1WIpC0kOnQBxziNpfS\n"
+
"7u6GOc3tWLSxw/sHoJGCefnRBllLZOoQuSBrWB8qgilL6HRmZ4UqDcXu4UCaLBZ0\n"
+
"KGDT5ASEN6Lq2GtiP4Y=\n"
+
"-----END CERTIFICATE-----"
;
static
byte
serverPrivateExponent
[]
=
{
(
byte
)
0x6e
,
(
byte
)
0xa7
,
(
byte
)
0x1b
,
(
byte
)
0x83
,
(
byte
)
0x51
,
(
byte
)
0x35
,
(
byte
)
0x9a
,
(
byte
)
0x44
,
(
byte
)
0x7d
,
(
byte
)
0xf6
,
(
byte
)
0xe3
,
(
byte
)
0x89
,
(
byte
)
0xa0
,
(
byte
)
0xd7
,
(
byte
)
0x90
,
(
byte
)
0x60
,
(
byte
)
0xa1
,
(
byte
)
0x4e
,
(
byte
)
0x27
,
(
byte
)
0x21
,
(
byte
)
0xa2
,
(
byte
)
0x89
,
(
byte
)
0x74
,
(
byte
)
0xcc
,
(
byte
)
0x9d
,
(
byte
)
0x75
,
(
byte
)
0x75
,
(
byte
)
0x4e
,
(
byte
)
0xc7
,
(
byte
)
0x82
,
(
byte
)
0xe3
,
(
byte
)
0xe3
,
(
byte
)
0xc3
,
(
byte
)
0x7d
,
(
byte
)
0x00
,
(
byte
)
0x54
,
(
byte
)
0xec
,
(
byte
)
0x36
,
(
byte
)
0xb1
,
(
byte
)
0xdf
,
(
byte
)
0x91
,
(
byte
)
0x9c
,
(
byte
)
0x7a
,
(
byte
)
0xc0
,
(
byte
)
0x62
,
(
byte
)
0x0a
,
(
byte
)
0xd6
,
(
byte
)
0xa9
,
(
byte
)
0x22
,
(
byte
)
0x91
,
(
byte
)
0x4a
,
(
byte
)
0x29
,
(
byte
)
0x2e
,
(
byte
)
0x43
,
(
byte
)
0xfa
,
(
byte
)
0x8c
,
(
byte
)
0xd8
,
(
byte
)
0xe9
,
(
byte
)
0xbe
,
(
byte
)
0xd9
,
(
byte
)
0x4f
,
(
byte
)
0xca
,
(
byte
)
0x23
,
(
byte
)
0xc6
,
(
byte
)
0xe4
,
(
byte
)
0x3f
,
(
byte
)
0xb8
,
(
byte
)
0x72
,
(
byte
)
0xcf
,
(
byte
)
0x02
,
(
byte
)
0xfc
,
(
byte
)
0xf4
,
(
byte
)
0x58
,
(
byte
)
0x34
,
(
byte
)
0x77
,
(
byte
)
0x76
,
(
byte
)
0xce
,
(
byte
)
0x22
,
(
byte
)
0x44
,
(
byte
)
0x5f
,
(
byte
)
0x2d
,
(
byte
)
0xca
,
(
byte
)
0xee
,
(
byte
)
0xf5
,
(
byte
)
0x43
,
(
byte
)
0x56
,
(
byte
)
0x47
,
(
byte
)
0x71
,
(
byte
)
0x0b
,
(
byte
)
0x09
,
(
byte
)
0x6b
,
(
byte
)
0x5e
,
(
byte
)
0xf2
,
(
byte
)
0xc8
,
(
byte
)
0xee
,
(
byte
)
0xd4
,
(
byte
)
0x6e
,
(
byte
)
0x44
,
(
byte
)
0x92
,
(
byte
)
0x2a
,
(
byte
)
0x7f
,
(
byte
)
0xcc
,
(
byte
)
0xa7
,
(
byte
)
0xd4
,
(
byte
)
0x5b
,
(
byte
)
0xfb
,
(
byte
)
0xf7
,
(
byte
)
0x4a
,
(
byte
)
0xa9
,
(
byte
)
0xfb
,
(
byte
)
0x54
,
(
byte
)
0x18
,
(
byte
)
0xd5
,
(
byte
)
0xd5
,
(
byte
)
0x14
,
(
byte
)
0xba
,
(
byte
)
0xa0
,
(
byte
)
0x1c
,
(
byte
)
0x13
,
(
byte
)
0xb3
,
(
byte
)
0x37
,
(
byte
)
0x6b
,
(
byte
)
0x37
,
(
byte
)
0x59
,
(
byte
)
0xed
,
(
byte
)
0xdb
,
(
byte
)
0x6d
,
(
byte
)
0xb1
};
static
byte
serverModulus
[]
=
{
(
byte
)
0x00
,
(
byte
)
0xa5
,
(
byte
)
0xac
,
(
byte
)
0x5b
,
(
byte
)
0x1c
,
(
byte
)
0x37
,
(
byte
)
0xa2
,
(
byte
)
0xdd
,
(
byte
)
0x99
,
(
byte
)
0x89
,
(
byte
)
0x2d
,
(
byte
)
0xb2
,
(
byte
)
0x79
,
(
byte
)
0xb8
,
(
byte
)
0x8f
,
(
byte
)
0xd5
,
(
byte
)
0x48
,
(
byte
)
0xa5
,
(
byte
)
0xe7
,
(
byte
)
0x1c
,
(
byte
)
0x84
,
(
byte
)
0x17
,
(
byte
)
0x8d
,
(
byte
)
0x69
,
(
byte
)
0x9c
,
(
byte
)
0xc6
,
(
byte
)
0xac
,
(
byte
)
0x6d
,
(
byte
)
0xf9
,
(
byte
)
0xf2
,
(
byte
)
0x1d
,
(
byte
)
0x1f
,
(
byte
)
0x39
,
(
byte
)
0x19
,
(
byte
)
0xda
,
(
byte
)
0xd3
,
(
byte
)
0x72
,
(
byte
)
0x1e
,
(
byte
)
0x6e
,
(
byte
)
0xec
,
(
byte
)
0x44
,
(
byte
)
0xcc
,
(
byte
)
0x70
,
(
byte
)
0xa4
,
(
byte
)
0xdc
,
(
byte
)
0xba
,
(
byte
)
0x00
,
(
byte
)
0x30
,
(
byte
)
0xf6
,
(
byte
)
0xa0
,
(
byte
)
0x4f
,
(
byte
)
0x3d
,
(
byte
)
0x54
,
(
byte
)
0x7a
,
(
byte
)
0x61
,
(
byte
)
0x6a
,
(
byte
)
0xcc
,
(
byte
)
0x57
,
(
byte
)
0xd0
,
(
byte
)
0x0a
,
(
byte
)
0x7f
,
(
byte
)
0x95
,
(
byte
)
0x28
,
(
byte
)
0x18
,
(
byte
)
0x3f
,
(
byte
)
0x9a
,
(
byte
)
0xd9
,
(
byte
)
0x94
,
(
byte
)
0xf2
,
(
byte
)
0x1b
,
(
byte
)
0xc8
,
(
byte
)
0x24
,
(
byte
)
0x88
,
(
byte
)
0x7e
,
(
byte
)
0xfe
,
(
byte
)
0x9d
,
(
byte
)
0x0f
,
(
byte
)
0x3d
,
(
byte
)
0xfb
,
(
byte
)
0x57
,
(
byte
)
0x53
,
(
byte
)
0x08
,
(
byte
)
0xb3
,
(
byte
)
0x20
,
(
byte
)
0x33
,
(
byte
)
0xd4
,
(
byte
)
0x3f
,
(
byte
)
0x17
,
(
byte
)
0x47
,
(
byte
)
0x14
,
(
byte
)
0xd1
,
(
byte
)
0xcd
,
(
byte
)
0xea
,
(
byte
)
0x08
,
(
byte
)
0xd8
,
(
byte
)
0x0e
,
(
byte
)
0x75
,
(
byte
)
0x4e
,
(
byte
)
0xaf
,
(
byte
)
0xbe
,
(
byte
)
0xcc
,
(
byte
)
0xd2
,
(
byte
)
0xec
,
(
byte
)
0xaf
,
(
byte
)
0xa9
,
(
byte
)
0x7a
,
(
byte
)
0x49
,
(
byte
)
0xdf
,
(
byte
)
0xc2
,
(
byte
)
0xd9
,
(
byte
)
0xac
,
(
byte
)
0xb8
,
(
byte
)
0x24
,
(
byte
)
0x40
,
(
byte
)
0x90
,
(
byte
)
0xa6
,
(
byte
)
0x03
,
(
byte
)
0x56
,
(
byte
)
0x2a
,
(
byte
)
0xd0
,
(
byte
)
0x30
,
(
byte
)
0x05
,
(
byte
)
0x40
,
(
byte
)
0x2c
,
(
byte
)
0x4f
,
(
byte
)
0xab
,
(
byte
)
0xd9
,
(
byte
)
0x74
,
(
byte
)
0x89
};
static
byte
clientPrivateExponent
[]
=
{
(
byte
)
0x11
,
(
byte
)
0xb7
,
(
byte
)
0x6a
,
(
byte
)
0x36
,
(
byte
)
0x3d
,
(
byte
)
0x30
,
(
byte
)
0x37
,
(
byte
)
0xce
,
(
byte
)
0x61
,
(
byte
)
0x9d
,
(
byte
)
0x6c
,
(
byte
)
0x84
,
(
byte
)
0x8b
,
(
byte
)
0xf3
,
(
byte
)
0x9b
,
(
byte
)
0x25
,
(
byte
)
0x4f
,
(
byte
)
0x14
,
(
byte
)
0xc8
,
(
byte
)
0xa4
,
(
byte
)
0xdd
,
(
byte
)
0x2f
,
(
byte
)
0xd7
,
(
byte
)
0x9a
,
(
byte
)
0x17
,
(
byte
)
0xbd
,
(
byte
)
0x90
,
(
byte
)
0x19
,
(
byte
)
0xf7
,
(
byte
)
0x05
,
(
byte
)
0xfd
,
(
byte
)
0xf2
,
(
byte
)
0xd2
,
(
byte
)
0xc5
,
(
byte
)
0xf7
,
(
byte
)
0x77
,
(
byte
)
0xbe
,
(
byte
)
0xea
,
(
byte
)
0xe2
,
(
byte
)
0x84
,
(
byte
)
0x87
,
(
byte
)
0x97
,
(
byte
)
0x3a
,
(
byte
)
0x41
,
(
byte
)
0x96
,
(
byte
)
0xb6
,
(
byte
)
0x99
,
(
byte
)
0xf8
,
(
byte
)
0x94
,
(
byte
)
0x8c
,
(
byte
)
0x58
,
(
byte
)
0x71
,
(
byte
)
0x51
,
(
byte
)
0x8c
,
(
byte
)
0xf4
,
(
byte
)
0x2a
,
(
byte
)
0x20
,
(
byte
)
0x9e
,
(
byte
)
0x1a
,
(
byte
)
0xa0
,
(
byte
)
0x26
,
(
byte
)
0x99
,
(
byte
)
0x75
,
(
byte
)
0xd6
,
(
byte
)
0x31
,
(
byte
)
0x53
,
(
byte
)
0x43
,
(
byte
)
0x39
,
(
byte
)
0xf5
,
(
byte
)
0x2a
,
(
byte
)
0xa6
,
(
byte
)
0x7e
,
(
byte
)
0x34
,
(
byte
)
0x42
,
(
byte
)
0x51
,
(
byte
)
0x2a
,
(
byte
)
0x40
,
(
byte
)
0x87
,
(
byte
)
0x03
,
(
byte
)
0x88
,
(
byte
)
0x43
,
(
byte
)
0x69
,
(
byte
)
0xb2
,
(
byte
)
0x89
,
(
byte
)
0x6d
,
(
byte
)
0x20
,
(
byte
)
0xbd
,
(
byte
)
0x7d
,
(
byte
)
0x71
,
(
byte
)
0xef
,
(
byte
)
0x47
,
(
byte
)
0x0a
,
(
byte
)
0xdf
,
(
byte
)
0x06
,
(
byte
)
0xc1
,
(
byte
)
0x69
,
(
byte
)
0x66
,
(
byte
)
0xa8
,
(
byte
)
0x22
,
(
byte
)
0x37
,
(
byte
)
0x1a
,
(
byte
)
0x77
,
(
byte
)
0x1e
,
(
byte
)
0xc7
,
(
byte
)
0x94
,
(
byte
)
0x4e
,
(
byte
)
0x2c
,
(
byte
)
0x27
,
(
byte
)
0x69
,
(
byte
)
0x45
,
(
byte
)
0x5e
,
(
byte
)
0xc8
,
(
byte
)
0xf8
,
(
byte
)
0x0c
,
(
byte
)
0xb7
,
(
byte
)
0xf8
,
(
byte
)
0xc0
,
(
byte
)
0x8f
,
(
byte
)
0x99
,
(
byte
)
0xc1
,
(
byte
)
0xe5
,
(
byte
)
0x28
,
(
byte
)
0x9b
,
(
byte
)
0xf9
,
(
byte
)
0x4c
,
(
byte
)
0x94
,
(
byte
)
0xc6
,
(
byte
)
0xb1
};
static
byte
clientModulus
[]
=
{
(
byte
)
0x00
,
(
byte
)
0xbb
,
(
byte
)
0xf0
,
(
byte
)
0x40
,
(
byte
)
0x36
,
(
byte
)
0xac
,
(
byte
)
0x26
,
(
byte
)
0x54
,
(
byte
)
0x4e
,
(
byte
)
0xf4
,
(
byte
)
0xa3
,
(
byte
)
0x5a
,
(
byte
)
0x00
,
(
byte
)
0x2f
,
(
byte
)
0x69
,
(
byte
)
0x21
,
(
byte
)
0x6f
,
(
byte
)
0xb9
,
(
byte
)
0x7a
,
(
byte
)
0x3a
,
(
byte
)
0x93
,
(
byte
)
0xec
,
(
byte
)
0xa2
,
(
byte
)
0xf6
,
(
byte
)
0xe1
,
(
byte
)
0x8e
,
(
byte
)
0xc7
,
(
byte
)
0x63
,
(
byte
)
0xd8
,
(
byte
)
0x2f
,
(
byte
)
0x12
,
(
byte
)
0x30
,
(
byte
)
0x99
,
(
byte
)
0x2e
,
(
byte
)
0xb0
,
(
byte
)
0xf2
,
(
byte
)
0x8f
,
(
byte
)
0xf8
,
(
byte
)
0x27
,
(
byte
)
0x2d
,
(
byte
)
0x24
,
(
byte
)
0x78
,
(
byte
)
0x28
,
(
byte
)
0x84
,
(
byte
)
0xf7
,
(
byte
)
0x01
,
(
byte
)
0xbf
,
(
byte
)
0x8d
,
(
byte
)
0x44
,
(
byte
)
0x79
,
(
byte
)
0xdd
,
(
byte
)
0x3b
,
(
byte
)
0xd2
,
(
byte
)
0x55
,
(
byte
)
0xf3
,
(
byte
)
0xce
,
(
byte
)
0x3c
,
(
byte
)
0xb2
,
(
byte
)
0x5b
,
(
byte
)
0x21
,
(
byte
)
0x7d
,
(
byte
)
0xef
,
(
byte
)
0xfd
,
(
byte
)
0x33
,
(
byte
)
0x4a
,
(
byte
)
0xb1
,
(
byte
)
0xa3
,
(
byte
)
0xff
,
(
byte
)
0xc6
,
(
byte
)
0xc8
,
(
byte
)
0x9b
,
(
byte
)
0xb9
,
(
byte
)
0x0f
,
(
byte
)
0x7c
,
(
byte
)
0x41
,
(
byte
)
0x35
,
(
byte
)
0x97
,
(
byte
)
0xf9
,
(
byte
)
0xdb
,
(
byte
)
0x3a
,
(
byte
)
0x05
,
(
byte
)
0x60
,
(
byte
)
0x05
,
(
byte
)
0x15
,
(
byte
)
0xaf
,
(
byte
)
0x59
,
(
byte
)
0x17
,
(
byte
)
0x92
,
(
byte
)
0xa3
,
(
byte
)
0x10
,
(
byte
)
0xad
,
(
byte
)
0x16
,
(
byte
)
0x1c
,
(
byte
)
0xe4
,
(
byte
)
0x07
,
(
byte
)
0x53
,
(
byte
)
0xaf
,
(
byte
)
0xa8
,
(
byte
)
0x76
,
(
byte
)
0xa2
,
(
byte
)
0x56
,
(
byte
)
0x2a
,
(
byte
)
0x92
,
(
byte
)
0xd3
,
(
byte
)
0xf9
,
(
byte
)
0x28
,
(
byte
)
0xe0
,
(
byte
)
0x78
,
(
byte
)
0xcf
,
(
byte
)
0x5e
,
(
byte
)
0x1f
,
(
byte
)
0x48
,
(
byte
)
0xab
,
(
byte
)
0x5c
,
(
byte
)
0x19
,
(
byte
)
0xdd
,
(
byte
)
0xe1
,
(
byte
)
0x67
,
(
byte
)
0x43
,
(
byte
)
0xba
,
(
byte
)
0x75
,
(
byte
)
0x8d
,
(
byte
)
0xf5
,
(
byte
)
0x82
,
(
byte
)
0xac
,
(
byte
)
0x43
,
(
byte
)
0x92
,
(
byte
)
0x44
,
(
byte
)
0x1b
};
static
char
passphrase
[]
=
"passphrase"
.
toCharArray
();
/*
* Is the server ready to serve?
*/
volatile
static
boolean
serverReady
=
false
;
/*
* Turn on SSL debugging?
*/
static
boolean
debug
=
false
;
private
SSLServerSocket
sslServerSocket
=
null
;
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void
doServerSide
()
throws
Exception
{
SSLContext
context
=
getSSLContext
(
trusedCertStr
,
serverCertStr
,
serverModulus
,
serverPrivateExponent
,
passphrase
);
SSLServerSocketFactory
sslssf
=
context
.
getServerSocketFactory
();
sslServerSocket
=
(
SSLServerSocket
)
sslssf
.
createServerSocket
(
serverPort
);
serverPort
=
sslServerSocket
.
getLocalPort
();
/*
* Signal Client, we're ready for his connect.
*/
serverReady
=
true
;
SSLSocket
sslSocket
=
(
SSLSocket
)
sslServerSocket
.
accept
();
sslSocket
.
setNeedClientAuth
(
true
);
if
(
sslSocket
instanceof
SSLSocketImpl
)
{
((
SSLSocketImpl
)
sslSocket
).
trySetHostnameVerification
(
"HTTPS"
);
}
PrintStream
out
=
new
PrintStream
(
sslSocket
.
getOutputStream
());
try
{
// ignore request data
// send the response
out
.
print
(
"HTTP/1.1 200 OK\r\n"
);
out
.
print
(
"Content-Type: text/html; charset=iso-8859-1\r\n"
);
out
.
print
(
"Content-Length: "
+
9
+
"\r\n"
);
out
.
print
(
"\r\n"
);
out
.
print
(
"Testing\r\n"
);
out
.
flush
();
}
finally
{
// close the socket
Thread
.
sleep
(
2000
);
System
.
out
.
println
(
"Server closing socket"
);
sslSocket
.
close
();
serverReady
=
false
;
}
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void
doClientSide
()
throws
Exception
{
SSLContext
context
=
getSSLContext
(
trusedCertStr
,
clientCertStr
,
clientModulus
,
clientPrivateExponent
,
passphrase
);
SSLContext
.
setDefault
(
context
);
/*
* Wait for server to get started.
*/
while
(!
serverReady
)
{
Thread
.
sleep
(
50
);
}
HttpsURLConnection
http
=
null
;
/* establish http connection to server */
URL
url
=
new
URL
(
"https://localhost:"
+
serverPort
+
"/"
);
System
.
out
.
println
(
"url is "
+
url
.
toString
());
http
=
(
HttpsURLConnection
)
url
.
openConnection
();
int
respCode
=
http
.
getResponseCode
();
System
.
out
.
println
(
"respCode = "
+
respCode
);
http
.
disconnect
();
}
/*
* =============================================================
* The remainder is just support stuff
*/
// use any free port by default
volatile
int
serverPort
=
0
;
volatile
Exception
serverException
=
null
;
volatile
Exception
clientException
=
null
;
public
static
void
main
(
String
args
[])
throws
Exception
{
if
(
debug
)
System
.
setProperty
(
"javax.net.debug"
,
"all"
);
/*
* Start the tests.
*/
new
Identities
();
}
Thread
clientThread
=
null
;
Thread
serverThread
=
null
;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
Identities
()
throws
Exception
{
if
(
separateServerThread
)
{
startServer
(
true
);
startClient
(
false
);
}
else
{
startClient
(
true
);
startServer
(
false
);
}
/*
* Wait for other side to close down.
*/
if
(
separateServerThread
)
{
serverThread
.
join
();
}
else
{
clientThread
.
join
();
}
/*
* When we get here, the test is pretty much over.
*
* If the main thread excepted, that propagates back
* immediately. If the other thread threw an exception, we
* should report back.
*/
if
(
serverException
!=
null
)
throw
serverException
;
if
(
clientException
!=
null
)
throw
clientException
;
}
void
startServer
(
boolean
newThread
)
throws
Exception
{
if
(
newThread
)
{
serverThread
=
new
Thread
()
{
public
void
run
()
{
try
{
doServerSide
();
}
catch
(
Exception
e
)
{
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System
.
err
.
println
(
"Server died..."
);
serverReady
=
true
;
serverException
=
e
;
}
}
};
serverThread
.
start
();
}
else
{
doServerSide
();
}
}
void
startClient
(
boolean
newThread
)
throws
Exception
{
if
(
newThread
)
{
clientThread
=
new
Thread
()
{
public
void
run
()
{
try
{
doClientSide
();
}
catch
(
Exception
e
)
{
/*
* Our client thread just died.
*/
System
.
err
.
println
(
"Client died..."
);
clientException
=
e
;
}
}
};
clientThread
.
start
();
}
else
{
doClientSide
();
}
}
// get the ssl context
private
static
SSLContext
getSSLContext
(
String
trusedCertStr
,
String
keyCertStr
,
byte
[]
modulus
,
byte
[]
privateExponent
,
char
[]
passphrase
)
throws
Exception
{
// generate certificate from cert string
CertificateFactory
cf
=
CertificateFactory
.
getInstance
(
"X.509"
);
ByteArrayInputStream
is
=
new
ByteArrayInputStream
(
trusedCertStr
.
getBytes
());
Certificate
trusedCert
=
cf
.
generateCertificate
(
is
);
is
.
close
();
// create a key store
KeyStore
ks
=
KeyStore
.
getInstance
(
"JKS"
);
ks
.
load
(
null
,
null
);
// import the trused cert
ks
.
setCertificateEntry
(
"RSA Export Signer"
,
trusedCert
);
if
(
keyCertStr
!=
null
)
{
// generate the private key.
RSAPrivateKeySpec
priKeySpec
=
new
RSAPrivateKeySpec
(
new
BigInteger
(
modulus
),
new
BigInteger
(
privateExponent
));
KeyFactory
kf
=
KeyFactory
.
getInstance
(
"RSA"
);
RSAPrivateKey
priKey
=
(
RSAPrivateKey
)
kf
.
generatePrivate
(
priKeySpec
);
// generate certificate chain
is
=
new
ByteArrayInputStream
(
keyCertStr
.
getBytes
());
Certificate
keyCert
=
cf
.
generateCertificate
(
is
);
is
.
close
();
Certificate
[]
chain
=
new
Certificate
[
2
];
chain
[
0
]
=
keyCert
;
chain
[
1
]
=
trusedCert
;
// import the key entry.
ks
.
setKeyEntry
(
"Whatever"
,
priKey
,
passphrase
,
chain
);
}
// create SSL context
TrustManagerFactory
tmf
=
TrustManagerFactory
.
getInstance
(
"PKIX"
);
tmf
.
init
(
ks
);
SSLContext
ctx
=
SSLContext
.
getInstance
(
"TLS"
);
if
(
keyCertStr
!=
null
)
{
KeyManagerFactory
kmf
=
KeyManagerFactory
.
getInstance
(
"SunX509"
);
kmf
.
init
(
ks
,
passphrase
);
ctx
.
init
(
kmf
.
getKeyManagers
(),
tmf
.
getTrustManagers
(),
null
);
}
else
{
ctx
.
init
(
null
,
tmf
.
getTrustManagers
(),
null
);
}
return
ctx
;
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
