1/* 2 * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24// 25// SunJSSE does not support dynamic system properties, no way to re-use 26// system properties in samevm/agentvm mode. 27// 28 29/* 30 * @test 31 * @bug 6916074 8170131 32 * @summary Add support for TLS 1.2 33 * @run main/othervm PKIXExtendedTM 0 34 * @run main/othervm PKIXExtendedTM 1 35 * @run main/othervm PKIXExtendedTM 2 36 * @run main/othervm PKIXExtendedTM 3 37 */ 38 39import java.net.*; 40import java.util.*; 41import java.io.*; 42import javax.net.ssl.*; 43import java.security.Security; 44import java.security.KeyStore; 45import java.security.KeyFactory; 46import java.security.cert.Certificate; 47import java.security.cert.CertificateFactory; 48import java.security.cert.CertPathValidatorException; 49import java.security.spec.*; 50import java.security.interfaces.*; 51import java.math.BigInteger; 52 53 54/* 55 * Certificates and key used in the test. 56 * 57 * TLS server certificate: 58 * server private key: 59 * -----BEGIN RSA PRIVATE KEY----- 60 * Proc-Type: 4,ENCRYPTED 61 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A 62 * 63 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e 64 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI 65 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n 66 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb 67 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP 68 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz 69 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF 70 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J 71 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa 72 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH 73 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT 74 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q 75 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A== 76 * -----END RSA PRIVATE KEY----- 77 * 78 * -----BEGIN RSA PRIVATE KEY----- 79 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie 80 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU 81 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB 82 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi 83 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y 84 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo 85 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4 86 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51 87 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16 88 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2 89 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC 90 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF 91 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608= 92 * -----END RSA PRIVATE KEY----- 93 * 94 * Private-Key: (1024 bit) 95 * modulus: 96 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f: 97 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2: 98 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc: 99 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a: 100 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe: 101 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14: 102 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9: 103 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0: 104 * 30:05:40:2c:4f:ab:d9:74:89 105 * publicExponent: 65537 (0x10001) 106 * privateExponent: 107 * 6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90: 108 * 60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82: 109 * e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62: 110 * 0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9: 111 * 4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77: 112 * 76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09: 113 * 6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b: 114 * fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3: 115 * 37:6b:37:59:ed:db:6d:b1 116 * prime1: 117 * 00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a: 118 * ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46: 119 * 89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33: 120 * c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7: 121 * d6:11:4c:99:c7 122 * prime2: 123 * 00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e: 124 * 97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7: 125 * 31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0: 126 * 3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc: 127 * e0:e1:84:ff:2f 128 * exponent1: 129 * 7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8: 130 * 8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1: 131 * 32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c: 132 * 6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d: 133 * 12:b7:6e:91 134 * exponent2: 135 * 00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50: 136 * d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b: 137 * 0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72: 138 * 98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4: 139 * 19:7b:b0:de:53 140 * coefficient: 141 * 71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35: 142 * cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a: 143 * 90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df: 144 * 06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21: 145 * 12:d7:eb:4f 146 * 147 * 148 * server certificate: 149 * Data: 150 * Version: 3 (0x2) 151 * Serial Number: 8 (0x8) 152 * Signature Algorithm: md5WithRSAEncryption 153 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 154 * Validity 155 * Not Before: Dec 8 03:43:04 2008 GMT 156 * Not After : Aug 25 03:43:04 2028 GMT 157 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost 158 * Subject Public Key Info: 159 * Public Key Algorithm: rsaEncryption 160 * RSA Public Key: (1024 bit) 161 * Modulus (1024 bit): 162 * 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f: 163 * d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2: 164 * 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc: 165 * ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a: 166 * 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe: 167 * 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14: 168 * d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9: 169 * 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0: 170 * 30:05:40:2c:4f:ab:d9:74:89 171 * Exponent: 65537 (0x10001) 172 * X509v3 extensions: 173 * X509v3 Basic Constraints: 174 * CA:FALSE 175 * X509v3 Key Usage: 176 * Digital Signature, Non Repudiation, Key Encipherment 177 * X509v3 Subject Key Identifier: 178 * ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54 179 * X509v3 Authority Key Identifier: 180 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 181 * 182 * X509v3 Subject Alternative Name: critical 183 * DNS:localhost 184 * Signature Algorithm: md5WithRSAEncryption0 185 * 186 * -----BEGIN CERTIFICATE----- 187 * MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 188 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 189 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ 190 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 191 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD 192 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3 193 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6 194 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS 195 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw 196 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV 197 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh 198 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac 199 * PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi 200 * nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn 201 * JqCpf5uZGOo= 202 * -----END CERTIFICATE----- 203 * 204 * 205 * TLS client certificate: 206 * client private key: 207 * ----BEGIN RSA PRIVATE KEY----- 208 * Proc-Type: 4,ENCRYPTED 209 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390 210 * 211 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4 212 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf 213 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak 214 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH 215 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat 216 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46 217 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++ 218 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+ 219 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN 220 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U 221 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO 222 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig 223 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ= 224 * -----END RSA PRIVATE KEY----- 225 * 226 * -----BEGIN RSA PRIVATE KEY----- 227 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4 228 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z 229 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB 230 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW 231 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf 232 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6 233 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3 234 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX 235 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM 236 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1 237 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j 238 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY 239 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w== 240 * -----END RSA PRIVATE KEY----- 241 * 242 * Private-Key: (1024 bit) 243 * modulus: 244 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: 245 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: 246 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: 247 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: 248 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: 249 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: 250 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: 251 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: 252 * 75:8d:f5:82:ac:43:92:44:1b 253 * publicExponent: 65537 (0x10001) 254 * privateExponent: 255 * 11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b: 256 * 25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05: 257 * fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96: 258 * b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0: 259 * 26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51: 260 * 2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef: 261 * 47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94: 262 * 4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1: 263 * e5:28:9b:f9:4c:94:c6:b1 264 * prime1: 265 * 00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38: 266 * 2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f: 267 * a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f: 268 * 1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14: 269 * e2:a0:4d:ab:b5 270 * prime2: 271 * 00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d: 272 * 96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3: 273 * 3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4: 274 * bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4: 275 * 76:7d:ce:32:8f 276 * exponent1: 277 * 2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f: 278 * 33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b: 279 * 9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa: 280 * 28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2: 281 * 4c:de:38:95 282 * exponent2: 283 * 0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3: 284 * ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce: 285 * 69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3: 286 * eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b: 287 * 0d:78:df:fd 288 * coefficient: 289 * 01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31: 290 * de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18: 291 * aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56: 292 * 93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da: 293 * 35:92:f2:e3 294 * 295 * client certificate: 296 * Data: 297 * Version: 3 (0x2) 298 * Serial Number: 9 (0x9) 299 * Signature Algorithm: md5WithRSAEncryption 300 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 301 * Validity 302 * Not Before: Dec 8 03:43:24 2008 GMT 303 * Not After : Aug 25 03:43:24 2028 GMT 304 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost 305 * Subject Public Key Info: 306 * Public Key Algorithm: rsaEncryption 307 * RSA Public Key: (1024 bit) 308 * Modulus (1024 bit): 309 * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: 310 * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: 311 * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: 312 * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: 313 * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: 314 * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: 315 * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: 316 * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: 317 * 75:8d:f5:82:ac:43:92:44:1b 318 * Exponent: 65537 (0x10001) 319 * X509v3 extensions: 320 * X509v3 Basic Constraints: 321 * CA:FALSE 322 * X509v3 Key Usage: 323 * Digital Signature, Non Repudiation, Key Encipherment 324 * X509v3 Subject Key Identifier: 325 * CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6 326 * X509v3 Authority Key Identifier: 327 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 328 * 329 * X509v3 Subject Alternative Name: critical 330 * DNS:localhost 331 * Signature Algorithm: md5WithRSAEncryption 332 * 333 * -----BEGIN CERTIFICATE----- 334 * MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 335 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 336 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ 337 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 338 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD 339 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas 340 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV 341 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq 342 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw 343 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV 344 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh 345 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F 346 * HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj 347 * XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN 348 * cl/epUcHL7E= 349 * -----END CERTIFICATE----- 350 * 351 * 352 * 353 * Trusted CA certificate: 354 * Certificate: 355 * Data: 356 * Version: 3 (0x2) 357 * Serial Number: 0 (0x0) 358 * Signature Algorithm: md5WithRSAEncryption 359 * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org 360 * Validity 361 * Not Before: Dec 8 02:43:36 2008 GMT 362 * Not After : Aug 25 02:43:36 2028 GMT 363 * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org 364 * Subject Public Key Info: 365 * Public Key Algorithm: rsaEncryption 366 * RSA Public Key: (1024 bit) 367 * Modulus (1024 bit): 368 * 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d: 369 * d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53: 370 * 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9: 371 * 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f: 372 * 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7: 373 * 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee: 374 * f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee: 375 * 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97: 376 * 89:2a:95:12:4c:d8:09:2a:e9 377 * Exponent: 65537 (0x10001) 378 * X509v3 extensions: 379 * X509v3 Subject Key Identifier: 380 * FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 381 * X509v3 Authority Key Identifier: 382 * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 383 * DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org 384 * serial:00 385 * 386 * X509v3 Basic Constraints: 387 * CA:TRUE 388 * Signature Algorithm: md5WithRSAEncryption 389 * 390 * -----BEGIN CERTIFICATE----- 391 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET 392 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK 393 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ 394 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp 395 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB 396 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX 397 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj 398 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G 399 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ 400 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt 401 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw 402 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA 403 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ 404 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P 405 * 6Mvf0r1PNTY2hwTJLJmKtg== 406 * -----END CERTIFICATE--- 407 */ 408 409 410public class PKIXExtendedTM { 411 412 /* 413 * ============================================================= 414 * Set the various variables needed for the tests, then 415 * specify what tests to run on each side. 416 */ 417 418 /* 419 * Should we run the client or server in a separate thread? 420 * Both sides can throw exceptions, but do you have a preference 421 * as to which side should be the main thread. 422 */ 423 static boolean separateServerThread = true; 424 425 /* 426 * Where do we find the keystores? 427 */ 428 static String trusedCertStr = 429 "-----BEGIN CERTIFICATE-----\n" + 430 "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 431 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 432 "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" + 433 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 434 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + 435 "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" + 436 "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" + 437 "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" + 438 "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" + 439 "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" + 440 "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" + 441 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" + 442 "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" + 443 "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" + 444 "6Mvf0r1PNTY2hwTJLJmKtg==\n" + 445 "-----END CERTIFICATE-----"; 446 447 static String serverCertStr = 448 "-----BEGIN CERTIFICATE-----\n" + 449 "MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 450 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 451 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ\n" + 452 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 453 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" + 454 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" + 455 "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" + 456 "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" + 457 "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" + 458 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" + 459 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" + 460 "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac\n" + 461 "PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi\n" + 462 "nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn\n" + 463 "JqCpf5uZGOo=\n" + 464 "-----END CERTIFICATE-----"; 465 466 static String clientCertStr = 467 "-----BEGIN CERTIFICATE-----\n" + 468 "MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + 469 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + 470 "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ\n" + 471 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + 472 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" + 473 "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" + 474 "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" + 475 "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" + 476 "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" + 477 "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" + 478 "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" + 479 "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F\n" + 480 "HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj\n" + 481 "XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN\n" + 482 "cl/epUcHL7E=\n" + 483 "-----END CERTIFICATE-----"; 484 485 static byte serverPrivateExponent[] = { 486 (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83, 487 (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44, 488 (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89, 489 (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60, 490 (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21, 491 (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc, 492 (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e, 493 (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3, 494 (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54, 495 (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf, 496 (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0, 497 (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9, 498 (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29, 499 (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c, 500 (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9, 501 (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6, 502 (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72, 503 (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4, 504 (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76, 505 (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f, 506 (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5, 507 (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71, 508 (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e, 509 (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4, 510 (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a, 511 (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4, 512 (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a, 513 (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18, 514 (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba, 515 (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3, 516 (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59, 517 (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1 518 }; 519 520 static byte serverModulus[] = { 521 (byte)0x00, 522 (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c, 523 (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99, 524 (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79, 525 (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48, 526 (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84, 527 (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c, 528 (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9, 529 (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39, 530 (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72, 531 (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44, 532 (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc, 533 (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6, 534 (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54, 535 (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc, 536 (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f, 537 (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f, 538 (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2, 539 (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88, 540 (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f, 541 (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53, 542 (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33, 543 (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47, 544 (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea, 545 (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75, 546 (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc, 547 (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9, 548 (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2, 549 (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24, 550 (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03, 551 (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30, 552 (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f, 553 (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89 554 }; 555 556 static byte clientPrivateExponent[] = { 557 (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36, 558 (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce, 559 (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84, 560 (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25, 561 (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4, 562 (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a, 563 (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19, 564 (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2, 565 (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77, 566 (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84, 567 (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41, 568 (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8, 569 (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71, 570 (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a, 571 (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0, 572 (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6, 573 (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39, 574 (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e, 575 (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a, 576 (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88, 577 (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89, 578 (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d, 579 (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a, 580 (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69, 581 (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37, 582 (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7, 583 (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27, 584 (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8, 585 (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8, 586 (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1, 587 (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9, 588 (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1 589 }; 590 591 static byte clientModulus[] = { 592 (byte)0x00, 593 (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36, 594 (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e, 595 (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00, 596 (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f, 597 (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93, 598 (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1, 599 (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8, 600 (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99, 601 (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f, 602 (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24, 603 (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7, 604 (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44, 605 (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2, 606 (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c, 607 (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d, 608 (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a, 609 (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6, 610 (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f, 611 (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97, 612 (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05, 613 (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf, 614 (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3, 615 (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c, 616 (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf, 617 (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56, 618 (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9, 619 (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf, 620 (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab, 621 (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1, 622 (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75, 623 (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac, 624 (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b 625 }; 626 627 static char passphrase[] = "passphrase".toCharArray(); 628 629 /* 630 * Is the server ready to serve? 631 */ 632 volatile static boolean serverReady = false; 633 634 /* 635 * Turn on SSL debugging? 636 */ 637 static boolean debug = false; 638 639 /* 640 * Define the server side of the test. 641 * 642 * If the server prematurely exits, serverReady will be set to true 643 * to avoid infinite hangs. 644 */ 645 void doServerSide() throws Exception { 646 SSLContext context = getSSLContext(trusedCertStr, serverCertStr, 647 serverModulus, serverPrivateExponent, passphrase); 648 SSLServerSocketFactory sslssf = context.getServerSocketFactory(); 649 650 SSLServerSocket sslServerSocket = 651 (SSLServerSocket) sslssf.createServerSocket(serverPort); 652 serverPort = sslServerSocket.getLocalPort(); 653 654 // enable endpoint identification 655 // ignore, we may test the feature when known how to parse client 656 // hostname 657 //SSLParameters params = sslServerSocket.getSSLParameters(); 658 //params.setEndpointIdentificationAlgorithm("HTTPS"); 659 //sslServerSocket.setSSLParameters(params); 660 661 /* 662 * Signal Client, we're ready for his connect. 663 */ 664 serverReady = true; 665 666 SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); 667 sslSocket.setNeedClientAuth(true); 668 669 InputStream sslIS = sslSocket.getInputStream(); 670 OutputStream sslOS = sslSocket.getOutputStream(); 671 672 sslIS.read(); 673 sslOS.write(85); 674 sslOS.flush(); 675 676 sslSocket.close(); 677 678 } 679 680 /* 681 * Define the client side of the test. 682 * 683 * If the server prematurely exits, serverReady will be set to true 684 * to avoid infinite hangs. 685 */ 686 void doClientSide() throws Exception { 687 /* 688 * Wait for server to get started. 689 */ 690 while (!serverReady) { 691 Thread.sleep(50); 692 } 693 694 SSLContext context = getSSLContext(trusedCertStr, clientCertStr, 695 clientModulus, clientPrivateExponent, passphrase); 696 697 SSLSocketFactory sslsf = context.getSocketFactory(); 698 SSLSocket sslSocket = (SSLSocket) 699 sslsf.createSocket("localhost", serverPort); 700 701 // enable endpoint identification 702 SSLParameters params = sslSocket.getSSLParameters(); 703 params.setEndpointIdentificationAlgorithm("HTTPS"); 704 sslSocket.setSSLParameters(params); 705 706 InputStream sslIS = sslSocket.getInputStream(); 707 OutputStream sslOS = sslSocket.getOutputStream(); 708 709 sslOS.write(280); 710 sslOS.flush(); 711 sslIS.read(); 712 713 sslSocket.close(); 714 715 } 716 717 // get the ssl context 718 private static SSLContext getSSLContext(String trusedCertStr, 719 String keyCertStr, byte[] modulus, 720 byte[] privateExponent, char[] passphrase) throws Exception { 721 722 // generate certificate from cert string 723 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 724 725 ByteArrayInputStream is = 726 new ByteArrayInputStream(trusedCertStr.getBytes()); 727 Certificate trusedCert = cf.generateCertificate(is); 728 is.close(); 729 730 // create a key store 731 KeyStore ks = KeyStore.getInstance("JKS"); 732 ks.load(null, null); 733 734 // import the trused cert 735 ks.setCertificateEntry("RSA Export Signer", trusedCert); 736 737 if (keyCertStr != null) { 738 // generate the private key. 739 RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec( 740 new BigInteger(modulus), 741 new BigInteger(privateExponent)); 742 KeyFactory kf = KeyFactory.getInstance("RSA"); 743 RSAPrivateKey priKey = 744 (RSAPrivateKey)kf.generatePrivate(priKeySpec); 745 746 // generate certificate chain 747 is = new ByteArrayInputStream(keyCertStr.getBytes()); 748 Certificate keyCert = cf.generateCertificate(is); 749 is.close(); 750 751 Certificate[] chain = new Certificate[2]; 752 chain[0] = keyCert; 753 chain[1] = trusedCert; 754 755 // import the key entry. 756 ks.setKeyEntry("Whatever", priKey, passphrase, chain); 757 } 758 759 // create SSL context 760 TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); 761 tmf.init(ks); 762 763 TrustManager tms[] = tmf.getTrustManagers(); 764 if (tms == null || tms.length == 0) { 765 throw new Exception("unexpected trust manager implementation"); 766 } else { 767 if (!(tms[0] instanceof X509ExtendedTrustManager)) { 768 throw new Exception("unexpected trust manager implementation: " 769 + tms[0].getClass().getCanonicalName()); 770 } 771 } 772 773 774 SSLContext ctx = SSLContext.getInstance("TLS"); 775 776 if (keyCertStr != null) { 777 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); 778 kmf.init(ks, passphrase); 779 780 ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 781 } else { 782 ctx.init(null, tmf.getTrustManagers(), null); 783 } 784 785 return ctx; 786 } 787 788 /* 789 * ============================================================= 790 * The remainder is just support stuff 791 */ 792 793 // use any free port by default 794 volatile int serverPort = 0; 795 796 volatile Exception serverException = null; 797 volatile Exception clientException = null; 798 799 static class Test { 800 String tlsDisAlgs; 801 String certPathDisAlgs; 802 boolean fail; 803 Test(String tlsDisAlgs, String certPathDisAlgs, boolean fail) { 804 this.tlsDisAlgs = tlsDisAlgs; 805 this.certPathDisAlgs = certPathDisAlgs; 806 this.fail = fail; 807 } 808 } 809 810 static Test[] tests = { 811 // MD5 is used in this test case, don't disable MD5 algorithm. 812 new Test( 813 "SSLv3, RC4, DH keySize < 768", 814 "MD2, RSA keySize < 1024", 815 false), 816 // Disable MD5 but only if cert chains back to public root CA, should 817 // pass because the MD5 cert in this test case is issued by test CA 818 new Test( 819 "SSLv3, RC4, DH keySize < 768", 820 "MD2, MD5 jdkCA, RSA keySize < 1024", 821 false), 822 // Disable MD5 alg via TLS property and expect failure 823 new Test( 824 "SSLv3, MD5, RC4, DH keySize < 768", 825 "MD2, RSA keySize < 1024", 826 true), 827 // Disable MD5 alg via certpath property and expect failure 828 new Test( 829 "SSLv3, RC4, DH keySize < 768", 830 "MD2, MD5, RSA keySize < 1024", 831 true), 832 }; 833 834 public static void main(String args[]) throws Exception { 835 if (args.length != 1) { 836 throw new Exception("Incorrect number of arguments"); 837 } 838 Test test = tests[Integer.parseInt(args[0])]; 839 Security.setProperty("jdk.tls.disabledAlgorithms", test.tlsDisAlgs); 840 Security.setProperty("jdk.certpath.disabledAlgorithms", 841 test.certPathDisAlgs); 842 843 if (debug) { 844 System.setProperty("javax.net.debug", "all"); 845 } 846 847 /* 848 * Start the tests. 849 */ 850 try { 851 new PKIXExtendedTM(); 852 if (test.fail) { 853 throw new Exception("Expected MD5 certificate to be blocked"); 854 } 855 } catch (Exception e) { 856 if (test.fail) { 857 // find expected cause 858 boolean correctReason = false; 859 Throwable cause = e.getCause(); 860 while (cause != null) { 861 if (cause instanceof CertPathValidatorException) { 862 CertPathValidatorException cpve = 863 (CertPathValidatorException)cause; 864 if (cpve.getReason() == CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED) { 865 correctReason = true; 866 break; 867 } 868 } 869 cause = cause.getCause(); 870 } 871 if (!correctReason) { 872 throw new Exception("Unexpected exception", e); 873 } 874 } else { 875 throw e; 876 } 877 } 878 } 879 880 Thread clientThread = null; 881 Thread serverThread = null; 882 /* 883 * Primary constructor, used to drive remainder of the test. 884 * 885 * Fork off the other side, then do your work. 886 */ 887 PKIXExtendedTM() throws Exception { 888 if (separateServerThread) { 889 startServer(true); 890 startClient(false); 891 } else { 892 startClient(true); 893 startServer(false); 894 } 895 896 /* 897 * Wait for other side to close down. 898 */ 899 if (separateServerThread) { 900 serverThread.join(); 901 } else { 902 clientThread.join(); 903 } 904 905 /* 906 * When we get here, the test is pretty much over. 907 * 908 * If the main thread excepted, that propagates back 909 * immediately. If the other thread threw an exception, we 910 * should report back. 911 */ 912 if (serverException != null) 913 throw serverException; 914 if (clientException != null) 915 throw clientException; 916 } 917 918 void startServer(boolean newThread) throws Exception { 919 if (newThread) { 920 serverThread = new Thread() { 921 public void run() { 922 try { 923 doServerSide(); 924 } catch (Exception e) { 925 /* 926 * Our server thread just died. 927 * 928 * Release the client, if not active already... 929 */ 930 System.err.println("Server died..."); 931 serverReady = true; 932 serverException = e; 933 } 934 } 935 }; 936 serverThread.start(); 937 } else { 938 doServerSide(); 939 } 940 } 941 942 void startClient(boolean newThread) throws Exception { 943 if (newThread) { 944 clientThread = new Thread() { 945 public void run() { 946 try { 947 doClientSide(); 948 } catch (Exception e) { 949 /* 950 * Our client thread just died. 951 */ 952 System.err.println("Client died..."); 953 clientException = e; 954 } 955 } 956 }; 957 clientThread.start(); 958 } else { 959 doClientSide(); 960 } 961 } 962 963} 964