Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
 Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/Identities.java
38889 views
1
/*

2
 * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
//

25
// SunJSSE does not support dynamic system properties, no way to re-use

26
// system properties in samevm/agentvm mode.

27
//

28


29
/* @test

30
 * @bug 6766775

31
 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10

32
 * @run main/othervm Identities

33
 * @author Xuelei Fan

34
 */

35


36
import java.net.*;

37
import java.util.*;

38
import java.io.*;

39
import javax.net.ssl.*;

40
import java.security.Security;

41
import java.security.KeyStore;

42
import java.security.KeyFactory;

43
import java.security.cert.Certificate;

44
import java.security.cert.CertificateFactory;

45
import java.security.spec.*;

46
import java.security.interfaces.*;

47
import java.math.BigInteger;

48


49
/*

50
 * Certificates and key used in the test.

51
 *

52
 * TLS server certificate:

53
 * server private key:

54
 * -----BEGIN RSA PRIVATE KEY-----

55
 * Proc-Type: 4,ENCRYPTED

56
 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A

57
 *

58
 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e

59
 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI

60
 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n

61
 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb

62
 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP

63
 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz

64
 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF

65
 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J

66
 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa

67
 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH

68
 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT

69
 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q

70
 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==

71
 * -----END RSA PRIVATE KEY-----

72
 *

73
 * -----BEGIN RSA PRIVATE KEY-----

74
 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie

75
 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU

76
 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB

77
 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi

78
 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y

79
 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo

80
 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4

81
 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51

82
 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16

83
 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2

84
 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC

85
 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF

86
 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=

87
 * -----END RSA PRIVATE KEY-----

88
 *

89
 * Private-Key: (1024 bit)

90
 * modulus:

91
 *     00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:

92
 *     d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:

93
 *     1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:

94
 *     ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:

95
 *     7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:

96
 *     9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:

97
 *     d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:

98
 *     7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:

99
 *     30:05:40:2c:4f:ab:d9:74:89

100
 * publicExponent: 65537 (0x10001)

101
 * privateExponent:

102
 *     6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:

103
 *     60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:

104
 *     e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:

105
 *     0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:

106
 *     4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:

107
 *     76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:

108
 *     6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:

109
 *     fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:

110
 *     37:6b:37:59:ed:db:6d:b1

111
 * prime1:

112
 *     00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:

113
 *     ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:

114
 *     89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:

115
 *     c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:

116
 *     d6:11:4c:99:c7

117
 * prime2:

118
 *     00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:

119
 *     97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:

120
 *     31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:

121
 *     3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:

122
 *     e0:e1:84:ff:2f

123
 * exponent1:

124
 *     7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:

125
 *     8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:

126
 *     32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:

127
 *     6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:

128
 *     12:b7:6e:91

129
 * exponent2:

130
 *     00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:

131
 *     d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:

132
 *     0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:

133
 *     98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:

134
 *     19:7b:b0:de:53

135
 * coefficient:

136
 *     71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:

137
 *     cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:

138
 *     90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:

139
 *     06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:

140
 *     12:d7:eb:4f

141
 *

142
 *

143
 * server certificate:

144
 * Data:

145
 *     Version: 3 (0x2)

146
 *     Serial Number: 4 (0x4)

147
 *     Signature Algorithm: md5WithRSAEncryption

148
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

149
 *     Validity

150
 *         Not Before: Dec  8 03:21:16 2008 GMT

151
 *         Not After : Aug 25 03:21:16 2028 GMT

152
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost

153
 *     Subject Public Key Info:

154
 *         Public Key Algorithm: rsaEncryption

155
 *         RSA Public Key: (1024 bit)

156
 *             Modulus (1024 bit):

157
 *                 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:

158
 *                 d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:

159
 *                 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:

160
 *                 ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:

161
 *                 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:

162
 *                 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:

163
 *                 d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:

164
 *                 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:

165
 *                 30:05:40:2c:4f:ab:d9:74:89

166
 *             Exponent: 65537 (0x10001)

167
 *     X509v3 extensions:

168
 *         X509v3 Basic Constraints:

169
 *             CA:FALSE

170
 *         X509v3 Key Usage:

171
 *             Digital Signature, Non Repudiation, Key Encipherment

172
 *         X509v3 Subject Key Identifier:

173
 *             ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54

174
 *         X509v3 Authority Key Identifier:

175
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

176
 *

177
 *         X509v3 Subject Alternative Name: critical

178
 *             IP Address:127.0.0.1, DNS:localhost

179
 * Signature Algorithm: md5WithRSAEncryption

180
 *

181
 * -----BEGIN CERTIFICATE-----

182
 * MIICqjCCAhOgAwIBAgIBBDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

183
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

184
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzIxMTZaFw0yODA4MjUwMzIxMTZaMHIxCzAJ

185
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

186
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD

187
 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3

188
 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6

189
 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS

190
 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjeTB3MAkGA1UdEwQCMAAw

191
 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV

192
 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB

193
 * gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAWTrftGaL73lKLgRTrChGR+F6

194
 * //qvs0OM94IOKVeHz36NO49cMJmhJSbKdiGIkppBgpLIBoWxZlN9NOO9oSXFYZsZ

195
 * rHaAe9/lWMtQM7XpjqjhWVhB5VPvWFbkorQFMtRYLf7pkonGPFq8GOO1s0TKhogC

196
 * jtYCdzlrU4v+om/J3H8=

197
 * -----END CERTIFICATE-----

198
 *

199
 *

200
 * TLS client certificate:

201
 * client private key:

202
 * ----BEGIN RSA PRIVATE KEY-----

203
 * Proc-Type: 4,ENCRYPTED

204
 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390

205
 *

206
 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4

207
 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf

208
 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak

209
 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH

210
 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat

211
 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46

212
 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++

213
 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+

214
 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN

215
 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U

216
 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO

217
 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig

218
 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=

219
 * -----END RSA PRIVATE KEY-----

220
 *

221
 * -----BEGIN RSA PRIVATE KEY-----

222
 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4

223
 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z

224
 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB

225
 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW

226
 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf

227
 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6

228
 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3

229
 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX

230
 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM

231
 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1

232
 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j

233
 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY

234
 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==

235
 * -----END RSA PRIVATE KEY-----

236
 *

237
 * Private-Key: (1024 bit)

238
 * modulus:

239
 *     00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:

240
 *     21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:

241
 *     12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:

242
 *     01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:

243
 *     7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:

244
 *     35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:

245
 *     ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:

246
 *     28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:

247
 *     75:8d:f5:82:ac:43:92:44:1b

248
 * publicExponent: 65537 (0x10001)

249
 * privateExponent:

250
 *     11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:

251
 *     25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:

252
 *     fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:

253
 *     b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:

254
 *     26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:

255
 *     2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:

256
 *     47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:

257
 *     4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:

258
 *     e5:28:9b:f9:4c:94:c6:b1

259
 * prime1:

260
 *     00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:

261
 *     2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:

262
 *     a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:

263
 *     1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:

264
 *     e2:a0:4d:ab:b5

265
 * prime2:

266
 *     00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:

267
 *     96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:

268
 *     3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:

269
 *     bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:

270
 *     76:7d:ce:32:8f

271
 * exponent1:

272
 *     2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:

273
 *     33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:

274
 *     9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:

275
 *     28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:

276
 *     4c:de:38:95

277
 * exponent2:

278
 *     0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:

279
 *     ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:

280
 *     69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:

281
 *     eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:

282
 *     0d:78:df:fd

283
 * coefficient:

284
 *     01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:

285
 *     de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:

286
 *     aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:

287
 *     93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:

288
 *     35:92:f2:e3

289
 *

290
 * client certificate:

291
 * Data:

292
 *     Version: 3 (0x2)

293
 *     Serial Number: 5 (0x5)

294
 *     Signature Algorithm: md5WithRSAEncryption

295
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

296
 *     Validity

297
 *         Not Before: Dec  8 03:22:10 2008 GMT

298
 *         Not After : Aug 25 03:22:10 2028 GMT

299
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost

300
 *     Subject Public Key Info:

301
 *         Public Key Algorithm: rsaEncryption

302
 *         RSA Public Key: (1024 bit)

303
 *             Modulus (1024 bit):

304
 *                 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:

305
 *                 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:

306
 *                 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:

307
 *                 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:

308
 *                 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:

309
 *                 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:

310
 *                 ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:

311
 *                 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:

312
 *                 75:8d:f5:82:ac:43:92:44:1b

313
 *             Exponent: 65537 (0x10001)

314
 *     X509v3 extensions:

315
 *         X509v3 Basic Constraints:

316
 *             CA:FALSE

317
 *         X509v3 Key Usage:

318
 *             Digital Signature, Non Repudiation, Key Encipherment

319
 *         X509v3 Subject Key Identifier:

320
 *             CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6

321
 *         X509v3 Authority Key Identifier:

322
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

323
 *

324
 *         X509v3 Subject Alternative Name: critical

325
 *             IP Address:127.0.0.1, DNS:localhost

326
 * Signature Algorithm: md5WithRSAEncryption

327
 *

328
 * -----BEGIN CERTIFICATE-----

329
 * MIICqjCCAhOgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

330
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

331
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzIyMTBaFw0yODA4MjUwMzIyMTBaMHIxCzAJ

332
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

333
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD

334
 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas

335
 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV

336
 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq

337
 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjeTB3MAkGA1UdEwQCMAAw

338
 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV

339
 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB

340
 * gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAwDc4f13abs9ZeEkrl5WV2Z74

341
 * BlmBhXu8ExtAvoF9q6Ug6xV1MDpxbD124KfUHHL0kNMhMB1WIpC0kOnQBxziNpfS

342
 * 7u6GOc3tWLSxw/sHoJGCefnRBllLZOoQuSBrWB8qgilL6HRmZ4UqDcXu4UCaLBZ0

343
 * KGDT5ASEN6Lq2GtiP4Y=

344
 * -----END CERTIFICATE-----

345
 *

346
 *

347
 *

348
 * Trusted CA certificate:

349
 * Certificate:

350
 *   Data:

351
 *     Version: 3 (0x2)

352
 *     Serial Number: 0 (0x0)

353
 *     Signature Algorithm: md5WithRSAEncryption

354
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

355
 *     Validity

356
 *         Not Before: Dec  8 02:43:36 2008 GMT

357
 *         Not After : Aug 25 02:43:36 2028 GMT

358
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org

359
 *     Subject Public Key Info:

360
 *         Public Key Algorithm: rsaEncryption

361
 *         RSA Public Key: (1024 bit)

362
 *             Modulus (1024 bit):

363
 *                 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:

364
 *                 d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:

365
 *                 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:

366
 *                 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:

367
 *                 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:

368
 *                 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:

369
 *                 f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:

370
 *                 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:

371
 *                 89:2a:95:12:4c:d8:09:2a:e9

372
 *             Exponent: 65537 (0x10001)

373
 *     X509v3 extensions:

374
 *         X509v3 Subject Key Identifier:

375
 *             FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

376
 *         X509v3 Authority Key Identifier:

377
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

378
 *             DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org

379
 *             serial:00

380
 *

381
 *         X509v3 Basic Constraints:

382
 *             CA:TRUE

383
 *  Signature Algorithm: md5WithRSAEncryption

384
 *

385
 * -----BEGIN CERTIFICATE-----

386
 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

387
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

388
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ

389
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

390
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB

391
 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX

392
 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj

393
 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G

394
 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ

395
 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt

396
 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw

397
 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA

398
 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ

399
 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P

400
 * 6Mvf0r1PNTY2hwTJLJmKtg==

401
 * -----END CERTIFICATE---

402
 */

403


404


405
public class Identities {

406
    static Map cookies;

407
    ServerSocket ss;

408


409
    /*

410
     * =============================================================

411
     * Set the various variables needed for the tests, then

412
     * specify what tests to run on each side.

413
     */

414


415
    /*

416
     * Should we run the client or server in a separate thread?

417
     * Both sides can throw exceptions, but do you have a preference

418
     * as to which side should be the main thread.

419
     */

420
    static boolean separateServerThread = true;

421


422
    /*

423
     * Where do we find the keystores?

424
     */

425
    static String trusedCertStr =

426
        "-----BEGIN CERTIFICATE-----\n" +

427
        "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

428
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

429
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" +

430
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

431
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +

432
        "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" +

433
        "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" +

434
        "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" +

435
        "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" +

436
        "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" +

437
        "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" +

438
        "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" +

439
        "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" +

440
        "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" +

441
        "6Mvf0r1PNTY2hwTJLJmKtg==\n" +

442
        "-----END CERTIFICATE-----";

443


444
    static String serverCertStr =

445
        "-----BEGIN CERTIFICATE-----\n" +

446
        "MIICqjCCAhOgAwIBAgIBBDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

447
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

448
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMzIxMTZaFw0yODA4MjUwMzIxMTZaMHIxCzAJ\n" +

449
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

450
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" +

451
        "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" +

452
        "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" +

453
        "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" +

454
        "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjeTB3MAkGA1UdEwQCMAAw\n" +

455
        "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" +

456
        "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB\n" +

457
        "gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAWTrftGaL73lKLgRTrChGR+F6\n" +

458
        "//qvs0OM94IOKVeHz36NO49cMJmhJSbKdiGIkppBgpLIBoWxZlN9NOO9oSXFYZsZ\n" +

459
        "rHaAe9/lWMtQM7XpjqjhWVhB5VPvWFbkorQFMtRYLf7pkonGPFq8GOO1s0TKhogC\n" +

460
        "jtYCdzlrU4v+om/J3H8=\n" +

461
        "-----END CERTIFICATE-----";

462


463
    static String clientCertStr =

464
        "-----BEGIN CERTIFICATE-----\n" +

465
        "MIICqjCCAhOgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

466
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

467
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMzIyMTBaFw0yODA4MjUwMzIyMTBaMHIxCzAJ\n" +

468
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

469
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" +

470
        "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" +

471
        "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" +

472
        "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" +

473
        "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjeTB3MAkGA1UdEwQCMAAw\n" +

474
        "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" +

475
        "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAdBgNVHREBAf8EEzARhwR/AAAB\n" +

476
        "gglsb2NhbGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAwDc4f13abs9ZeEkrl5WV2Z74\n" +

477
        "BlmBhXu8ExtAvoF9q6Ug6xV1MDpxbD124KfUHHL0kNMhMB1WIpC0kOnQBxziNpfS\n" +

478
        "7u6GOc3tWLSxw/sHoJGCefnRBllLZOoQuSBrWB8qgilL6HRmZ4UqDcXu4UCaLBZ0\n" +

479
        "KGDT5ASEN6Lq2GtiP4Y=\n" +

480
        "-----END CERTIFICATE-----";

481


482
    static byte serverPrivateExponent[] = {

483
        (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83,

484
        (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44,

485
        (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89,

486
        (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60,

487
        (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21,

488
        (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc,

489
        (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e,

490
        (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3,

491
        (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54,

492
        (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf,

493
        (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0,

494
        (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9,

495
        (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29,

496
        (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c,

497
        (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9,

498
        (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6,

499
        (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72,

500
        (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4,

501
        (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76,

502
        (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f,

503
        (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5,

504
        (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71,

505
        (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e,

506
        (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4,

507
        (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a,

508
        (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4,

509
        (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a,

510
        (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18,

511
        (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba,

512
        (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3,

513
        (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59,

514
        (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1

515
    };

516


517
    static byte serverModulus[] = {

518
        (byte)0x00,

519
        (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c,

520
        (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99,

521
        (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79,

522
        (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48,

523
        (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84,

524
        (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c,

525
        (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9,

526
        (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39,

527
        (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72,

528
        (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44,

529
        (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc,

530
        (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6,

531
        (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54,

532
        (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc,

533
        (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f,

534
        (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f,

535
        (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2,

536
        (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88,

537
        (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f,

538
        (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53,

539
        (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33,

540
        (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47,

541
        (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea,

542
        (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75,

543
        (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc,

544
        (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9,

545
        (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2,

546
        (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24,

547
        (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03,

548
        (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30,

549
        (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f,

550
        (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89

551
    };

552


553
    static byte clientPrivateExponent[] = {

554
        (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36,

555
        (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce,

556
        (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84,

557
        (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25,

558
        (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4,

559
        (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a,

560
        (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19,

561
        (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2,

562
        (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77,

563
        (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84,

564
        (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41,

565
        (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8,

566
        (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71,

567
        (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a,

568
        (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0,

569
        (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6,

570
        (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39,

571
        (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e,

572
        (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a,

573
        (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88,

574
        (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89,

575
        (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d,

576
        (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a,

577
        (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69,

578
        (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37,

579
        (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7,

580
        (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27,

581
        (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8,

582
        (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8,

583
        (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1,

584
        (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9,

585
        (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1

586
    };

587


588
    static byte clientModulus[] = {

589
        (byte)0x00,

590
        (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36,

591
        (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e,

592
        (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00,

593
        (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f,

594
        (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93,

595
        (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1,

596
        (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8,

597
        (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99,

598
        (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f,

599
        (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24,

600
        (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7,

601
        (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44,

602
        (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2,

603
        (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c,

604
        (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d,

605
        (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a,

606
        (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6,

607
        (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f,

608
        (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97,

609
        (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05,

610
        (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf,

611
        (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3,

612
        (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c,

613
        (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf,

614
        (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56,

615
        (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9,

616
        (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf,

617
        (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab,

618
        (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1,

619
        (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75,

620
        (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac,

621
        (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b

622
    };

623


624
    static char passphrase[] = "passphrase".toCharArray();

625


626
    /*

627
     * Is the server ready to serve?

628
     */

629
    volatile static boolean serverReady = false;

630


631
    /*

632
     * Is the connection ready to close?

633
     */

634
    volatile static boolean closeReady = false;

635


636
    /*

637
     * Turn on SSL debugging?

638
     */

639
    static boolean debug = false;

640


641
    private SSLServerSocket sslServerSocket = null;

642


643
    /*

644
     * Define the server side of the test.

645
     *

646
     * If the server prematurely exits, serverReady will be set to true

647
     * to avoid infinite hangs.

648
     */

649
    void doServerSide() throws Exception {

650
        SSLContext context = getSSLContext(trusedCertStr, serverCertStr,

651
            serverModulus, serverPrivateExponent, passphrase);

652
        SSLServerSocketFactory sslssf = context.getServerSocketFactory();

653


654
        sslServerSocket =

655
            (SSLServerSocket) sslssf.createServerSocket(serverPort);

656
        serverPort = sslServerSocket.getLocalPort();

657


658
        /*

659
         * Signal Client, we're ready for his connect.

660
         */

661
        serverReady = true;

662


663
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();

664
        sslSocket.setNeedClientAuth(true);

665


666
        PrintStream out =

667
                new PrintStream(sslSocket.getOutputStream());

668


669
        try {

670
            // ignore request data

671


672
            // send the response

673
            out.print("HTTP/1.1 200 OK\r\n");

674
            out.print("Content-Type: text/html; charset=iso-8859-1\r\n");

675
            out.print("Content-Length: "+ 9 +"\r\n");

676
            out.print("\r\n");

677
            out.print("Testing\r\n");

678
            out.flush();

679
        } finally {

680
             // close the socket

681
             while (!closeReady) {

682
                 Thread.sleep(50);

683
             }

684


685
             System.out.println("Server closing socket");

686
             sslSocket.close();

687
             serverReady = false;

688
        }

689


690
    }

691


692
    /*

693
     * Define the client side of the test.

694
     *

695
     * If the server prematurely exits, serverReady will be set to true

696
     * to avoid infinite hangs.

697
     */

698
    void doClientSide() throws Exception {

699
        SSLContext reservedSSLContext = SSLContext.getDefault();

700
        try {

701
            SSLContext context = getSSLContext(trusedCertStr, clientCertStr,

702
                clientModulus, clientPrivateExponent, passphrase);

703


704
            SSLContext.setDefault(context);

705


706
            /*

707
             * Wait for server to get started.

708
             */

709
            while (!serverReady) {

710
                Thread.sleep(50);

711
            }

712


713
            HttpsURLConnection http = null;

714


715
            /* establish http connection to server */

716
            URL url = new URL("https://localhost:" + serverPort+"/");

717
            System.out.println("url is "+url.toString());

718


719
            try {

720
                http = (HttpsURLConnection)url.openConnection();

721


722
                int respCode = http.getResponseCode();

723
                System.out.println("respCode = "+respCode);

724
            } finally {

725
                if (http != null) {

726
                    http.disconnect();

727
                }

728
                closeReady = true;

729
            }

730
        } finally {

731
            SSLContext.setDefault(reservedSSLContext);

732
        }

733
    }

734


735
    /*

736
     * =============================================================

737
     * The remainder is just support stuff

738
     */

739


740
    // use any free port by default

741
    volatile int serverPort = 0;

742


743
    volatile Exception serverException = null;

744
    volatile Exception clientException = null;

745


746
    public static void main(String args[]) throws Exception {

747
        // MD5 is used in this test case, don't disable MD5 algorithm.

748
        Security.setProperty("jdk.certpath.disabledAlgorithms",

749
                "MD2, RSA keySize < 1024");

750
        Security.setProperty("jdk.tls.disabledAlgorithms",

751
                "SSLv3, RC4, DH keySize < 768");

752


753
        if (debug)

754
            System.setProperty("javax.net.debug", "all");

755


756
        /*

757
         * Start the tests.

758
         */

759
        new Identities();

760
    }

761


762
    Thread clientThread = null;

763
    Thread serverThread = null;

764
    /*

765
     * Primary constructor, used to drive remainder of the test.

766
     *

767
     * Fork off the other side, then do your work.

768
     */

769
    Identities() throws Exception {

770
        if (separateServerThread) {

771
            startServer(true);

772
            startClient(false);

773
        } else {

774
            startClient(true);

775
            startServer(false);

776
        }

777


778
        /*

779
         * Wait for other side to close down.

780
         */

781
        if (separateServerThread) {

782
            serverThread.join();

783
        } else {

784
            clientThread.join();

785
        }

786


787
        /*

788
         * When we get here, the test is pretty much over.

789
         *

790
         * If the main thread excepted, that propagates back

791
         * immediately.  If the other thread threw an exception, we

792
         * should report back.

793
         */

794
        if (serverException != null)

795
            throw serverException;

796
        if (clientException != null)

797
            throw clientException;

798
    }

799


800
    void startServer(boolean newThread) throws Exception {

801
        if (newThread) {

802
            serverThread = new Thread() {

803
                public void run() {

804
                    try {

805
                        doServerSide();

806
                    } catch (Exception e) {

807
                        /*

808
                         * Our server thread just died.

809
                         *

810
                         * Release the client, if not active already...

811
                         */

812
                        System.err.println("Server died...");

813
                        serverReady = true;

814
                        serverException = e;

815
                    }

816
                }

817
            };

818
            serverThread.start();

819
        } else {

820
            doServerSide();

821
        }

822
    }

823


824
    void startClient(boolean newThread) throws Exception {

825
        if (newThread) {

826
            clientThread = new Thread() {

827
                public void run() {

828
                    try {

829
                        doClientSide();

830
                    } catch (Exception e) {

831
                        /*

832
                         * Our client thread just died.

833
                         */

834
                        System.err.println("Client died...");

835
                        clientException = e;

836
                    }

837
                }

838
            };

839
            clientThread.start();

840
        } else {

841
            doClientSide();

842
        }

843
    }

844


845
    // get the ssl context

846
    private static SSLContext getSSLContext(String trusedCertStr,

847
            String keyCertStr, byte[] modulus,

848
            byte[] privateExponent, char[] passphrase) throws Exception {

849


850
        // generate certificate from cert string

851
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

852


853
        ByteArrayInputStream is =

854
                    new ByteArrayInputStream(trusedCertStr.getBytes());

855
        Certificate trusedCert = cf.generateCertificate(is);

856
        is.close();

857


858
        // create a key store

859
        KeyStore ks = KeyStore.getInstance("JKS");

860
        ks.load(null, null);

861


862
        // import the trused cert

863
        ks.setCertificateEntry("RSA Export Signer", trusedCert);

864


865
        if (keyCertStr != null) {

866
            // generate the private key.

867
            RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(

868
                                            new BigInteger(modulus),

869
                                            new BigInteger(privateExponent));

870
            KeyFactory kf = KeyFactory.getInstance("RSA");

871
            RSAPrivateKey priKey =

872
                    (RSAPrivateKey)kf.generatePrivate(priKeySpec);

873


874
            // generate certificate chain

875
            is = new ByteArrayInputStream(keyCertStr.getBytes());

876
            Certificate keyCert = cf.generateCertificate(is);

877
            is.close();

878


879
            Certificate[] chain = new Certificate[2];

880
            chain[0] = keyCert;

881
            chain[1] = trusedCert;

882


883
            // import the key entry.

884
            ks.setKeyEntry("Whatever", priKey, passphrase, chain);

885
        }

886


887
        // create SSL context

888
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");

889
        tmf.init(ks);

890


891
        SSLContext ctx = SSLContext.getInstance("TLS");

892


893
        if (keyCertStr != null) {

894
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

895
            kmf.init(ks, passphrase);

896


897
            ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

898
        } else {

899
            ctx.init(null, tmf.getTrustManagers(), null);

900
        }

901


902
        return ctx;

903
    }

904


905
}

906


907