Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
 Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/IPAddressDNSIdentities.java
38889 views
1
/*

2
 * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
/* @test

25
 * @bug 6766775

26
 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10

27
 * @run main/othervm IPAddressDNSIdentities

28
 *

29
 *     SunJSSE does not support dynamic system properties, no way to re-use

30
 *     system properties in samevm/agentvm mode.

31
 * @author Xuelei Fan

32
 */

33


34
import java.net.*;

35
import java.util.*;

36
import java.io.*;

37
import javax.net.ssl.*;

38
import java.security.KeyStore;

39
import java.security.KeyFactory;

40
import java.security.cert.Certificate;

41
import java.security.cert.CertificateFactory;

42
import java.security.spec.*;

43
import java.security.interfaces.*;

44
import java.math.BigInteger;

45


46
/*

47
 * Certificates and key used in the test.

48
 *

49
 * TLS server certificate:

50
 * server private key:

51
 * -----BEGIN RSA PRIVATE KEY-----

52
 * Proc-Type: 4,ENCRYPTED

53
 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A

54
 *

55
 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e

56
 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI

57
 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n

58
 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb

59
 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP

60
 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz

61
 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF

62
 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J

63
 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa

64
 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH

65
 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT

66
 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q

67
 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==

68
 * -----END RSA PRIVATE KEY-----

69
 *

70
 * -----BEGIN RSA PRIVATE KEY-----

71
 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie

72
 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU

73
 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB

74
 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi

75
 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y

76
 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo

77
 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4

78
 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51

79
 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16

80
 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2

81
 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC

82
 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF

83
 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=

84
 * -----END RSA PRIVATE KEY-----

85
 *

86
 * Private-Key: (1024 bit)

87
 * modulus:

88
 *     00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:

89
 *     d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:

90
 *     1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:

91
 *     ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:

92
 *     7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:

93
 *     9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:

94
 *     d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:

95
 *     7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:

96
 *     30:05:40:2c:4f:ab:d9:74:89

97
 * publicExponent: 65537 (0x10001)

98
 * privateExponent:

99
 *     6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:

100
 *     60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:

101
 *     e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:

102
 *     0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:

103
 *     4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:

104
 *     76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:

105
 *     6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:

106
 *     fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:

107
 *     37:6b:37:59:ed:db:6d:b1

108
 * prime1:

109
 *     00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:

110
 *     ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:

111
 *     89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:

112
 *     c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:

113
 *     d6:11:4c:99:c7

114
 * prime2:

115
 *     00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:

116
 *     97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:

117
 *     31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:

118
 *     3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:

119
 *     e0:e1:84:ff:2f

120
 * exponent1:

121
 *     7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:

122
 *     8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:

123
 *     32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:

124
 *     6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:

125
 *     12:b7:6e:91

126
 * exponent2:

127
 *     00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:

128
 *     d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:

129
 *     0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:

130
 *     98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:

131
 *     19:7b:b0:de:53

132
 * coefficient:

133
 *     71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:

134
 *     cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:

135
 *     90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:

136
 *     06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:

137
 *     12:d7:eb:4f

138
 *

139
 *

140
 * server certificate:

141
 * Data:

142
 *     Version: 3 (0x2)

143
 *     Serial Number: 8 (0x8)

144
 *     Signature Algorithm: md5WithRSAEncryption

145
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

146
 *     Validity

147
 *         Not Before: Dec  8 03:43:04 2008 GMT

148
 *         Not After : Aug 25 03:43:04 2028 GMT

149
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost

150
 *     Subject Public Key Info:

151
 *         Public Key Algorithm: rsaEncryption

152
 *         RSA Public Key: (1024 bit)

153
 *             Modulus (1024 bit):

154
 *                 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:

155
 *                 d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:

156
 *                 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:

157
 *                 ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:

158
 *                 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:

159
 *                 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:

160
 *                 d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:

161
 *                 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:

162
 *                 30:05:40:2c:4f:ab:d9:74:89

163
 *             Exponent: 65537 (0x10001)

164
 *     X509v3 extensions:

165
 *         X509v3 Basic Constraints:

166
 *             CA:FALSE

167
 *         X509v3 Key Usage:

168
 *             Digital Signature, Non Repudiation, Key Encipherment

169
 *         X509v3 Subject Key Identifier:

170
 *             ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54

171
 *         X509v3 Authority Key Identifier:

172
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

173
 *

174
 *         X509v3 Subject Alternative Name: critical

175
 *             DNS:localhost

176
 * Signature Algorithm: md5WithRSAEncryption0

177
 *

178
 * -----BEGIN CERTIFICATE-----

179
 * MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

180
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

181
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ

182
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

183
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD

184
 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3

185
 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6

186
 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS

187
 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw

188
 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV

189
 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh

190
 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac

191
 * PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi

192
 * nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn

193
 * JqCpf5uZGOo=

194
 * -----END CERTIFICATE-----

195
 *

196
 *

197
 * TLS client certificate:

198
 * client private key:

199
 * ----BEGIN RSA PRIVATE KEY-----

200
 * Proc-Type: 4,ENCRYPTED

201
 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390

202
 *

203
 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4

204
 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf

205
 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak

206
 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH

207
 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat

208
 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46

209
 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++

210
 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+

211
 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN

212
 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U

213
 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO

214
 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig

215
 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=

216
 * -----END RSA PRIVATE KEY-----

217
 *

218
 * -----BEGIN RSA PRIVATE KEY-----

219
 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4

220
 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z

221
 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB

222
 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW

223
 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf

224
 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6

225
 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3

226
 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX

227
 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM

228
 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1

229
 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j

230
 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY

231
 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==

232
 * -----END RSA PRIVATE KEY-----

233
 *

234
 * Private-Key: (1024 bit)

235
 * modulus:

236
 *     00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:

237
 *     21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:

238
 *     12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:

239
 *     01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:

240
 *     7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:

241
 *     35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:

242
 *     ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:

243
 *     28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:

244
 *     75:8d:f5:82:ac:43:92:44:1b

245
 * publicExponent: 65537 (0x10001)

246
 * privateExponent:

247
 *     11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:

248
 *     25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:

249
 *     fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:

250
 *     b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:

251
 *     26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:

252
 *     2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:

253
 *     47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:

254
 *     4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:

255
 *     e5:28:9b:f9:4c:94:c6:b1

256
 * prime1:

257
 *     00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:

258
 *     2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:

259
 *     a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:

260
 *     1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:

261
 *     e2:a0:4d:ab:b5

262
 * prime2:

263
 *     00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:

264
 *     96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:

265
 *     3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:

266
 *     bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:

267
 *     76:7d:ce:32:8f

268
 * exponent1:

269
 *     2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:

270
 *     33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:

271
 *     9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:

272
 *     28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:

273
 *     4c:de:38:95

274
 * exponent2:

275
 *     0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:

276
 *     ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:

277
 *     69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:

278
 *     eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:

279
 *     0d:78:df:fd

280
 * coefficient:

281
 *     01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:

282
 *     de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:

283
 *     aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:

284
 *     93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:

285
 *     35:92:f2:e3

286
 *

287
 * client certificate:

288
 * Data:

289
 *     Version: 3 (0x2)

290
 *     Serial Number: 9 (0x9)

291
 *     Signature Algorithm: md5WithRSAEncryption

292
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

293
 *     Validity

294
 *         Not Before: Dec  8 03:43:24 2008 GMT

295
 *         Not After : Aug 25 03:43:24 2028 GMT

296
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost

297
 *     Subject Public Key Info:

298
 *         Public Key Algorithm: rsaEncryption

299
 *         RSA Public Key: (1024 bit)

300
 *             Modulus (1024 bit):

301
 *                 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:

302
 *                 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:

303
 *                 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:

304
 *                 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:

305
 *                 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:

306
 *                 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:

307
 *                 ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:

308
 *                 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:

309
 *                 75:8d:f5:82:ac:43:92:44:1b

310
 *             Exponent: 65537 (0x10001)

311
 *     X509v3 extensions:

312
 *         X509v3 Basic Constraints:

313
 *             CA:FALSE

314
 *         X509v3 Key Usage:

315
 *             Digital Signature, Non Repudiation, Key Encipherment

316
 *         X509v3 Subject Key Identifier:

317
 *             CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6

318
 *         X509v3 Authority Key Identifier:

319
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

320
 *

321
 *         X509v3 Subject Alternative Name: critical

322
 *             DNS:localhost

323
 * Signature Algorithm: md5WithRSAEncryption

324
 *

325
 * -----BEGIN CERTIFICATE-----

326
 * MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

327
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

328
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ

329
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

330
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD

331
 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas

332
 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV

333
 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq

334
 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw

335
 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV

336
 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh

337
 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F

338
 * HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj

339
 * XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN

340
 * cl/epUcHL7E=

341
 * -----END CERTIFICATE-----

342
 *

343
 *

344
 *

345
 * Trusted CA certificate:

346
 * Certificate:

347
 *   Data:

348
 *     Version: 3 (0x2)

349
 *     Serial Number: 0 (0x0)

350
 *     Signature Algorithm: md5WithRSAEncryption

351
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

352
 *     Validity

353
 *         Not Before: Dec  8 02:43:36 2008 GMT

354
 *         Not After : Aug 25 02:43:36 2028 GMT

355
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org

356
 *     Subject Public Key Info:

357
 *         Public Key Algorithm: rsaEncryption

358
 *         RSA Public Key: (1024 bit)

359
 *             Modulus (1024 bit):

360
 *                 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:

361
 *                 d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:

362
 *                 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:

363
 *                 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:

364
 *                 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:

365
 *                 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:

366
 *                 f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:

367
 *                 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:

368
 *                 89:2a:95:12:4c:d8:09:2a:e9

369
 *             Exponent: 65537 (0x10001)

370
 *     X509v3 extensions:

371
 *         X509v3 Subject Key Identifier:

372
 *             FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

373
 *         X509v3 Authority Key Identifier:

374
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

375
 *             DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org

376
 *             serial:00

377
 *

378
 *         X509v3 Basic Constraints:

379
 *             CA:TRUE

380
 *  Signature Algorithm: md5WithRSAEncryption

381
 *

382
 * -----BEGIN CERTIFICATE-----

383
 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

384
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

385
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ

386
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

387
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB

388
 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX

389
 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj

390
 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G

391
 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ

392
 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt

393
 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw

394
 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA

395
 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ

396
 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P

397
 * 6Mvf0r1PNTY2hwTJLJmKtg==

398
 * -----END CERTIFICATE---

399
 */

400


401


402
public class IPAddressDNSIdentities {

403
    static Map cookies;

404
    ServerSocket ss;

405


406
    /*

407
     * =============================================================

408
     * Set the various variables needed for the tests, then

409
     * specify what tests to run on each side.

410
     */

411


412
    /*

413
     * Should we run the client or server in a separate thread?

414
     * Both sides can throw exceptions, but do you have a preference

415
     * as to which side should be the main thread.

416
     */

417
    static boolean separateServerThread = true;

418


419
    /*

420
     * Where do we find the keystores?

421
     */

422
    static String trusedCertStr =

423
        "-----BEGIN CERTIFICATE-----\n" +

424
        "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

425
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

426
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" +

427
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

428
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +

429
        "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" +

430
        "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" +

431
        "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" +

432
        "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" +

433
        "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" +

434
        "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" +

435
        "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" +

436
        "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" +

437
        "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" +

438
        "6Mvf0r1PNTY2hwTJLJmKtg==\n" +

439
        "-----END CERTIFICATE-----";

440


441
    static String serverCertStr =

442
        "-----BEGIN CERTIFICATE-----\n" +

443
        "MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

444
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

445
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ\n" +

446
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

447
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" +

448
        "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" +

449
        "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" +

450
        "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" +

451
        "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" +

452
        "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" +

453
        "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" +

454
        "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac\n" +

455
        "PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi\n" +

456
        "nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn\n" +

457
        "JqCpf5uZGOo=\n" +

458
        "-----END CERTIFICATE-----";

459


460
    static String clientCertStr =

461
        "-----BEGIN CERTIFICATE-----\n" +

462
        "MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

463
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

464
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ\n" +

465
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

466
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" +

467
        "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" +

468
        "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" +

469
        "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" +

470
        "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" +

471
        "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" +

472
        "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" +

473
        "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F\n" +

474
        "HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj\n" +

475
        "XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN\n" +

476
        "cl/epUcHL7E=\n" +

477
        "-----END CERTIFICATE-----";

478


479
    static byte serverPrivateExponent[] = {

480
        (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83,

481
        (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44,

482
        (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89,

483
        (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60,

484
        (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21,

485
        (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc,

486
        (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e,

487
        (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3,

488
        (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54,

489
        (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf,

490
        (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0,

491
        (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9,

492
        (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29,

493
        (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c,

494
        (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9,

495
        (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6,

496
        (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72,

497
        (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4,

498
        (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76,

499
        (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f,

500
        (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5,

501
        (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71,

502
        (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e,

503
        (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4,

504
        (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a,

505
        (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4,

506
        (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a,

507
        (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18,

508
        (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba,

509
        (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3,

510
        (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59,

511
        (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1

512
    };

513


514
    static byte serverModulus[] = {

515
        (byte)0x00,

516
        (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c,

517
        (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99,

518
        (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79,

519
        (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48,

520
        (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84,

521
        (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c,

522
        (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9,

523
        (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39,

524
        (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72,

525
        (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44,

526
        (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc,

527
        (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6,

528
        (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54,

529
        (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc,

530
        (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f,

531
        (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f,

532
        (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2,

533
        (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88,

534
        (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f,

535
        (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53,

536
        (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33,

537
        (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47,

538
        (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea,

539
        (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75,

540
        (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc,

541
        (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9,

542
        (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2,

543
        (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24,

544
        (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03,

545
        (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30,

546
        (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f,

547
        (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89

548
    };

549


550
    static byte clientPrivateExponent[] = {

551
        (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36,

552
        (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce,

553
        (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84,

554
        (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25,

555
        (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4,

556
        (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a,

557
        (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19,

558
        (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2,

559
        (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77,

560
        (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84,

561
        (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41,

562
        (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8,

563
        (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71,

564
        (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a,

565
        (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0,

566
        (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6,

567
        (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39,

568
        (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e,

569
        (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a,

570
        (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88,

571
        (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89,

572
        (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d,

573
        (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a,

574
        (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69,

575
        (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37,

576
        (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7,

577
        (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27,

578
        (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8,

579
        (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8,

580
        (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1,

581
        (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9,

582
        (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1

583
    };

584


585
    static byte clientModulus[] = {

586
        (byte)0x00,

587
        (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36,

588
        (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e,

589
        (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00,

590
        (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f,

591
        (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93,

592
        (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1,

593
        (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8,

594
        (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99,

595
        (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f,

596
        (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24,

597
        (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7,

598
        (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44,

599
        (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2,

600
        (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c,

601
        (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d,

602
        (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a,

603
        (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6,

604
        (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f,

605
        (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97,

606
        (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05,

607
        (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf,

608
        (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3,

609
        (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c,

610
        (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf,

611
        (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56,

612
        (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9,

613
        (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf,

614
        (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab,

615
        (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1,

616
        (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75,

617
        (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac,

618
        (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b

619
    };

620


621
    static char passphrase[] = "passphrase".toCharArray();

622


623
    /*

624
     * Is the server ready to serve?

625
     */

626
    volatile static boolean serverReady = false;

627


628
    /*

629
     * Is the connection ready to close?

630
     */

631
    volatile static boolean closeReady = false;

632


633
    /*

634
     * Turn on SSL debugging?

635
     */

636
    static boolean debug = false;

637


638
    private SSLServerSocket sslServerSocket = null;

639


640
    /*

641
     * Define the server side of the test.

642
     *

643
     * If the server prematurely exits, serverReady will be set to true

644
     * to avoid infinite hangs.

645
     */

646
    void doServerSide() throws Exception {

647
        SSLContext context = getSSLContext(trusedCertStr, serverCertStr,

648
            serverModulus, serverPrivateExponent, passphrase);

649
        SSLServerSocketFactory sslssf = context.getServerSocketFactory();

650


651
        sslServerSocket =

652
            (SSLServerSocket) sslssf.createServerSocket(serverPort);

653
        serverPort = sslServerSocket.getLocalPort();

654


655
        /*

656
         * Signal Client, we're ready for his connect.

657
         */

658
        serverReady = true;

659


660
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();

661
        sslSocket.setNeedClientAuth(true);

662


663
        PrintStream out =

664
                new PrintStream(sslSocket.getOutputStream());

665


666
        try {

667
            // ignore request data

668


669
            // send the response

670
            out.print("HTTP/1.1 200 OK\r\n");

671
            out.print("Content-Type: text/html; charset=iso-8859-1\r\n");

672
            out.print("Content-Length: "+ 9 +"\r\n");

673
            out.print("\r\n");

674
            out.print("Testing\r\n");

675
            out.flush();

676
        } finally {

677
            // close the socket

678
            while (!closeReady) {

679
                Thread.sleep(50);

680
            }

681


682
            System.out.println("Server closing socket");

683
            sslSocket.close();

684
            serverReady = false;

685
        }

686


687
    }

688


689
    /*

690
     * Define the client side of the test.

691
     *

692
     * If the server prematurely exits, serverReady will be set to true

693
     * to avoid infinite hangs.

694
     */

695
    void doClientSide() throws Exception {

696
        SSLContext reservedSSLContext = SSLContext.getDefault();

697
        try {

698
            SSLContext context = getSSLContext(trusedCertStr, clientCertStr,

699
                clientModulus, clientPrivateExponent, passphrase);

700


701
            SSLContext.setDefault(context);

702


703
            /*

704
             * Wait for server to get started.

705
             */

706
            while (!serverReady) {

707
                Thread.sleep(50);

708
            }

709


710
            HttpsURLConnection http = null;

711


712
            /* establish http connection to server */

713
            URL url = new URL("https://127.0.0.1:" + serverPort+"/");

714
            System.out.println("url is "+url.toString());

715


716
            try {

717
                http = (HttpsURLConnection)url.openConnection();

718


719
                int respCode = http.getResponseCode();

720
                System.out.println("respCode = " + respCode);

721


722
                throw new Exception("Unexpectly found " +

723
                        "subject alternative name matching IP address");

724
            } catch (SSLHandshakeException sslhe) {

725
                // no subject alternative names matching IP address 127.0.0.1

726
                // found that's the expected exception, ignore it.

727
            } catch (IOException ioe) {

728
                // HttpsClient may throw IOE during checking URL spoofing,

729
                // that's the expected exception, ignore it.

730
            } finally {

731
                if (http != null) {

732
                    http.disconnect();

733
                }

734
                closeReady = true;

735
            }

736
        } finally {

737
            SSLContext.setDefault(reservedSSLContext);

738
        }

739
    }

740


741
    /*

742
     * =============================================================

743
     * The remainder is just support stuff

744
     */

745


746
    // use any free port by default

747
    volatile int serverPort = 0;

748


749
    volatile Exception serverException = null;

750
    volatile Exception clientException = null;

751


752
    public static void main(String args[]) throws Exception {

753
        if (debug)

754
            System.setProperty("javax.net.debug", "all");

755


756
        /*

757
         * Start the tests.

758
         */

759
        new IPAddressDNSIdentities();

760
    }

761


762
    Thread clientThread = null;

763
    Thread serverThread = null;

764
    /*

765
     * Primary constructor, used to drive remainder of the test.

766
     *

767
     * Fork off the other side, then do your work.

768
     */

769
    IPAddressDNSIdentities() throws Exception {

770
        if (separateServerThread) {

771
            startServer(true);

772
            startClient(false);

773
        } else {

774
            startClient(true);

775
            startServer(false);

776
        }

777


778
        /*

779
         * Wait for other side to close down.

780
         */

781
        if (separateServerThread) {

782
            serverThread.join();

783
        } else {

784
            clientThread.join();

785
        }

786


787
        /*

788
         * When we get here, the test is pretty much over.

789
         *

790
         * If the main thread excepted, that propagates back

791
         * immediately.  If the other thread threw an exception, we

792
         * should report back.

793
         */

794
        if (serverException != null)

795
            throw serverException;

796
        if (clientException != null)

797
            throw clientException;

798
    }

799


800
    void startServer(boolean newThread) throws Exception {

801
        if (newThread) {

802
            serverThread = new Thread() {

803
                public void run() {

804
                    try {

805
                        doServerSide();

806
                    } catch (Exception e) {

807
                        /*

808
                         * Our server thread just died.

809
                         *

810
                         * Release the client, if not active already...

811
                         */

812
                        System.err.println("Server died...");

813
                        serverReady = true;

814
                        serverException = e;

815
                    }

816
                }

817
            };

818
            serverThread.start();

819
        } else {

820
            doServerSide();

821
        }

822
    }

823


824
    void startClient(boolean newThread) throws Exception {

825
        if (newThread) {

826
            clientThread = new Thread() {

827
                public void run() {

828
                    try {

829
                        doClientSide();

830
                    } catch (Exception e) {

831
                        /*

832
                         * Our client thread just died.

833
                         */

834
                        System.err.println("Client died...");

835
                        clientException = e;

836
                    }

837
                }

838
            };

839
            clientThread.start();

840
        } else {

841
            doClientSide();

842
        }

843
    }

844


845
    // get the ssl context

846
    private static SSLContext getSSLContext(String trusedCertStr,

847
            String keyCertStr, byte[] modulus,

848
            byte[] privateExponent, char[] passphrase) throws Exception {

849


850
        // generate certificate from cert string

851
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

852


853
        ByteArrayInputStream is =

854
                    new ByteArrayInputStream(trusedCertStr.getBytes());

855
        Certificate trusedCert = cf.generateCertificate(is);

856
        is.close();

857


858
        // create a key store

859
        KeyStore ks = KeyStore.getInstance("JKS");

860
        ks.load(null, null);

861


862
        // import the trused cert

863
        ks.setCertificateEntry("RSA Export Signer", trusedCert);

864


865
        if (keyCertStr != null) {

866
            // generate the private key.

867
            RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(

868
                                            new BigInteger(modulus),

869
                                            new BigInteger(privateExponent));

870
            KeyFactory kf = KeyFactory.getInstance("RSA");

871
            RSAPrivateKey priKey =

872
                    (RSAPrivateKey)kf.generatePrivate(priKeySpec);

873


874
            // generate certificate chain

875
            is = new ByteArrayInputStream(keyCertStr.getBytes());

876
            Certificate keyCert = cf.generateCertificate(is);

877
            is.close();

878


879
            Certificate[] chain = new Certificate[2];

880
            chain[0] = keyCert;

881
            chain[1] = trusedCert;

882


883
            // import the key entry.

884
            ks.setKeyEntry("Whatever", priKey, passphrase, chain);

885
        }

886


887
        // create SSL context

888
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");

889
        tmf.init(ks);

890


891
        SSLContext ctx = SSLContext.getInstance("TLS");

892


893
        if (keyCertStr != null) {

894
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

895
            kmf.init(ks, passphrase);

896


897
            ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

898
        } else {

899
            ctx.init(null, tmf.getTrustManagers(), null);

900
        }

901


902
        return ctx;

903
    }

904


905
}

906


907