stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8203687: javax/net/ssl/compatibility/Compatibility.java supports TLS 1.3

Browse Source 
Reviewed-by: xuelei
This commit is contained in:
John Jiang 2019-01-18 14:25:34 +08:00
parent be44ced10a
commit 365de9f2bc
11 changed files with 579 additions and 528 deletions

39
test/jdk/javax/net/ssl/TLSCommon/KeyAlgorithm.java Normal file

@ -0,0 +1,39 @@
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* Key algorithms.
*/
public enum KeyAlgorithm {
DSA("DSA"),
RSA("RSA"),
EC("EC"),
RSASSAPSS("RSASSA-PSS");
public final String name;
private KeyAlgorithm(String name) {
this.name = name;
}
}

524
test/jdk/javax/net/ssl/compatibility/Cert.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,235 +31,383 @@
public enum Cert {
// This certificate is generated by the below command:
// openssl req -x509 -newkey rsa:1024 -days 7300 \
// -subj "/CN=RSA_SHA1_1024" -sha1 \
// -keyout key.pem -out cert.pem
RSA_SHA1_1024(
SignatureAlgorithm.RSA,
// openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 \
// -pkeyopt rsa_keygen_pubexp:65537 -out key.pem
// openssl req -x509 -new -key key.pem \
// -subj "/CN=RSA-2048-SHA256" -sha256 -out cer.pem
RSA_2048_SHA256(
KeyAlgorithm.RSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIIB/jCCAWegAwIBAgIJANPuKkD7/jxkMA0GCSqGSIb3DQEBBQUAMBgxFjAUBgNV\n" +
"BAMMDVJTQV9TSEExXzEwMjQwHhcNMTcwOTA3MDIwNTM0WhcNMzcwOTAyMDIwNTM0\n" +
"WjAYMRYwFAYDVQQDDA1SU0FfU0hBMV8xMDI0MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" +
"ADCBiQKBgQC3v7UeIxD5bdv4mqwcpah7sNxpI3IxUFzI2ao1g1jVzDPZt9Zawa3K\n" +
"H+m9al1Fg2X1dyNeRlbiXavcIZOQwZqNj08zJEwAdICP8iOnXQ2HUv5cpzArOPTu\n" +
"GY3flhf39xgiWsSdfb+cP0QsWNagNU8EtebbHndv8W+2K5JEdlpwQQIDAQABo1Aw\n" +
"TjAdBgNVHQ4EFgQU32KqdiGyzg39chNt/OwQzGOlUyAwHwYDVR0jBBgwFoAU32Kq\n" +
"diGyzg39chNt/OwQzGOlUyAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOB\n" +
"gQAWx8y45IIWWhy44cuQs0qcSDQihIvhXB3pvlpCNdfsSrVoaaH8lrOVjTC718ip\n" +
"fE1sF8I9niLHUg8WrAzdQRDsKyUhDUhEEJ7w1ffxwf8bcI9+NgWwEix0Dazzkub8\n" +
"2IRXuZ3dGwzoI54XtxvKMFH86nJEj4M/XQGrc9bnlhcn4g==\n" +
"MIIDFTCCAf2gAwIBAgIUcCwtPduMIU144++G82mUEVNNK9kwDQYJKoZIhvcNAQEL\n" +
"BQAwGjEYMBYGA1UEAwwPUlNBLTIwNDgtU0hBMjU2MB4XDTE5MDExNjA2MDgzNVoX\n" +
"DTE5MDIxNTA2MDgzNVowGjEYMBYGA1UEAwwPUlNBLTIwNDgtU0hBMjU2MIIBIjAN\n" +
"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycT4Kd742lTlULVh5BcsZIG/AvVl\n" +
"4IVnCoKoE8EyAf+YB2f+pYTDtyPzxnIUUqJ1/1dRY1EyHKQWRv1/J6H9qrKl48Sx\n" +
"zgctOMN6zrCjPGx85MWRW7jOTi9/FNjCfmmGDzo7jjfhEeSzU56zyOMMka2UvKYa\n" +
"P7YSTfC6nT79uaQNj/fqSK98FDLypDcrMiwzJZ7UX4M4Yo33EtqT0wFJfHl/LHJT\n" +
"lmpQdn7dDCqZGviP59tfuGPO7/la18OiN8hU8cttEkAcW3k19kYNhhtfxqs1MtAZ\n" +
"xGlN3eeW4IfjitMerEUd5wHrACyC4TKuj5NO6Wk1vl8pINsdkUttv5pHbQIDAQAB\n" +
"o1MwUTAdBgNVHQ4EFgQUT6UTyQ2i4qOkx3AAPwWS6wdmgncwHwYDVR0jBBgwFoAU\n" +
"T6UTyQ2i4qOkx3AAPwWS6wdmgncwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B\n" +
"AQsFAAOCAQEAPa4ib8oo7vgOh1c/HBvynkzoZ/ci3hqQCArqHkTKQEFSpHeUz46j\n" +
"u+GBRV/bFvZWc+GR9BPedKZUyRzCy3lmWclsxXEnv1uz/PTGBRMtZpjaaveTHzXm\n" +
"VVIkMH+wTZsZ/EQiz2pHgPuAJdPTHlwIYOYo5jk/eZoTKGupBuce+gsn0ctSZQc/\n" +
"TyayRCvnbQQ9Q6VbcfbrWGAmnCa4VANGuk3uZFj2Hc87udJ+2R8WkyfgXtwypNtb\n" +
"1SrRuCqthfCFa4s+P0LlddVqp18gSvsiB+yA1RVZSlSD4GfJfrgtSsJu/ovqThr7\n" +
"+YTfrHCVl4gliXaVujl6tQHaFk23WbAMwg==\n" +
"-----END CERTIFICATE-----",
"30820278020100300d06092a864886f70d0101010500048202623082025e0201" +
"0002818100b7bfb51e2310f96ddbf89aac1ca5a87bb0dc69237231505cc8d9aa" +
"358358d5cc33d9b7d65ac1adca1fe9bd6a5d458365f577235e4656e25dabdc21" +
"9390c19a8d8f4f33244c0074808ff223a75d0d8752fe5ca7302b38f4ee198ddf" +
"9617f7f718225ac49d7dbf9c3f442c58d6a0354f04b5e6db1e776ff16fb62b92" +
"44765a7041020301000102818100b2c5afdf5c5a9d72c73b7eb0c9465b3fcc79" +
"0549d946255bc0861555ef2eb503f1c67757f400cfa7019996123020fb906d5b" +
"b66b789ffba90b16270cbd1fbfcf285a821dcdc78fd8f17f399eb231ce9724db" +
"af60f9dd20f3e57bb4c0f9fdc9069589b82d442dd868d48c031eb782e27f9e70" +
"8469f9b3d5b1b23cee5bf1b41781024100dec184ea77c2126c6bc0c01ba727b4" +
"642587d63811240932334dc80c7976e0f715f156e52b352a25e5c52542af2b5f" +
"68a29a9b68858f313c4375cc78ec03d859024100d32be8375f52cbe904002321" +
"6977aee83fa88bf536d4052d2ed578727d7b7e5aeef91fc52b34c1b6638c00f0" +
"4c6985fdaaa2d6e72adbcc7d10ed8bafff69da29024100ae8210acd6f13519b7" +
"38a3c7862636ce1610daa3c5d9e3526e9acad3eafc54b57d7d3a44029b7dcf7e" +
"b7f9beca1842806892929949b8aa2bb9f5b9202a55c0d1024100887dc0c2c9a2" +
"429a823374818c2207b3a631d304d443867505e884c9bbc1ae9228146e2c8b18" +
"b67ca52b411010d3c3ff89e366f454076dcd08bc01a5e8790ac102402321988a" +
"2003e19c878791d402a7c0acdd1b6dd27203ed88f86a0e3a390ee57c0cd277f3" +
"ea5df6440dbc8bdb4c8b3c28fc77e6991bc4ed3f4dc0619a5b953e8e"),
"308204be020100300d06092a864886f70d0101010500048204a8308204a40201" +
"000282010100c9c4f829def8da54e550b561e4172c6481bf02f565e085670a82" +
"a813c13201ff980767fea584c3b723f3c6721452a275ff57516351321ca41646" +
"fd7f27a1fdaab2a5e3c4b1ce072d38c37aceb0a33c6c7ce4c5915bb8ce4e2f7f" +
"14d8c27e69860f3a3b8e37e111e4b3539eb3c8e30c91ad94bca61a3fb6124df0" +
"ba9d3efdb9a40d8ff7ea48af7c1432f2a4372b322c33259ed45f8338628df712" +
"da93d301497c797f2c7253966a50767edd0c2a991af88fe7db5fb863ceeff95a" +
"d7c3a237c854f1cb6d12401c5b7935f6460d861b5fc6ab3532d019c4694ddde7" +
"96e087e38ad31eac451de701eb002c82e132ae8f934ee96935be5f2920db1d91" +
"4b6dbf9a476d0203010001028201006dba71df8b8438707cf9647b2529391a3b" +
"b95e69888b0ee197c4b09575b6b58183f35b2a1067e06c23e03a26e6487e53bf" +
"96840b8827c18db713ca5eb176165713aac5f0bd65b75f6f8457b03a3dbbe9a0" +
"0e662784034027230b7091e54c0c253cf8c554b5acf02739231ba6d87429ecbb" +
"c2acc98472eb988ecc81206d165d33147e03279e60f7fbf73d8f199895f627a3" +
"3cf0c2ef2bcbd096f2e08b2684ea675956da0d95e941afe081e8c79ddb003b50" +
"0f3b340978bce6821438ef25ddbf4fc9dba3f421dbf576f3099dbd4463dbcd2f" +
"da5a987067d00c5af85faa7aea6427f12a1c03c9b5155fc5b5d4da51b4e9f5bf" +
"34087e582728bcaf40b39b0938163d02818100e379b3e110ca339eb1491b95ca" +
"0e73359a167722250f161ff78fef35e22282af28e02da454d0dca6af65b9118b" +
"6e3efe9cabae5d85746b0c336e3d9002c0575afe370ae7a0294c01988d6fa098" +
"9c4a6fc0816addcef3e891f2e56289da5b1b7a1c743664bb8b30ed6028942f72" +
"74f25c075b0646b47fae6c3fc31b4bfd05b02302818100e31210ff848f5a73c6" +
"1a508be415845bb18dcf09688ad543e8b040d9399850801a322e631dc605ec3e" +
"d25695b4f66cb6a728a4e11ff211122c7d0de7de356337b344fca03176c2c370" +
"7fbcdec2433a6c75d7a7d57b761ad6a8c1c8faaf316e0f410643f667958fcfac" +
"c9960d860c73cec45d118517fe72c5939730d8482bdb2f0281807e1a5ab0bb29" +
"0ce2bd6f44de8debe2cc65466cf6bdca963e5474336d10968711e93c15b152df" +
"9262c93b40144cd26a13a5f0bab1d7a8c92b335bbabf19f75cb5f1d5bbb2da23" +
"eaa1bbdb3475b80474736d29917fb3199de542dd0cfa54d54aef2fd4f0ce78f5" +
"59c34e1a50c3d8d4a20288855a7e59d3aa731209ec18fd04693702818100c384" +
"54da8edb9878c384f901db1ca3e1081b20bfeb224fcbaf59c41cc6b8dde7cfa6" +
"91c68a666dc723b89d113ec6488965995b8ef4a0cc0e27fc6db2cee48d4ff2ae" +
"5e0fd94777202d87efaaa6fe9819b7c63f1f54b5371aca2841d3887239602d0f" +
"2609cedb3aff08ba72d7a62aa6b4cce38e2859a6a0507b6add85fd6eb5c50281" +
"8100c07809a53e9ec6769bf2d31ed767766078ff7020199869473c26a211a4b2" +
"9828618b69e6e29ed0f1d8d8cac2c61490c3f20d19c1ff067c5d291080c8e15b" +
"2ce267cd37f8b0c1afe9c070418b310b5641640805d3a75890ccf6d2bf0bea11" +
"d327323db5452cadc1a3bd17c20ab92b6f09d4216a03c7a03c6ffc72e51f51eb" +
"dfa4"),
// This certificate is generated by the below command:
// openssl req -x509 -newkey rsa:1024 -days 7300 \
// -subj "/CN=www.example.com" -sha1 \
// -keyout key.pem -out cert.pem
RSA_EXAMPLE_SHA1_1024(
SignatureAlgorithm.RSA,
// openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 \
// -pkeyopt rsa_keygen_pubexp:65537 -out key.pem
// openssl req -x509 -new -key key.pem \
// -subj "/CN=EXAMPLE" -sha256 -out cer.pem
EXAMPLE_RSA_2048_SHA256(
KeyAlgorithm.RSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIICAjCCAWugAwIBAgIJAK6TC9eDtZg4MA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV\n" +
"BAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNzExMDIwNTA5NDRaFw0zNzEwMjgwNTA5\n" +
"NDRaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEF\n" +
"AAOBjQAwgYkCgYEAtt5kxFTzJuoxJR2UgeXUxCw7TfL3FeK3lCrU3vruBe3XKKvF\n" +
"oyCxf/B5ucm22gzMfOvJBWRg6KrNTrXGI1LtlmAYNDM5J0lK2N/neKOm3Qxe0d1W\n" +
"AZ1lwgrMNirsWu+r4UPNMq5UohL5nqVU9WwVa12t0GF3er3k32tMTBqSclcCAwEA\n" +
"AaNQME4wHQYDVR0OBBYEFNc8tKGfZdFyaY0ZslwGLt1kpRYAMB8GA1UdIwQYMBaA\n" +
"FNc8tKGfZdFyaY0ZslwGLt1kpRYAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\n" +
"BQADgYEAc71ZO83YEw9WvhxDEng9tMYUhJnNZJss6+gfWjZ487aiEGnS+VgKsHWz\n" +
"DBLBrYe9Ag5L9f1HtPNheUbnhhBbQ607jOG/wfmpi4VoU3myB5uxOfeAZdXDOB5x\n" +
"bv3t7KcEhgmPjB/e123jrBK8qnAYmDlQVlkZScctB3I1OuA2Po4=\n" +
"MIIDBTCCAe2gAwIBAgIUfmLJ5eIbVUGXAzlZXtw08GQ6ppMwDQYJKoZIhvcNAQEL\n" +
"BQAwEjEQMA4GA1UEAwwHRVhBTVBMRTAeFw0xOTAxMTYwNjA4MzVaFw0xOTAyMTUw\n" +
"NjA4MzVaMBIxEDAOBgNVBAMMB0VYQU1QTEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" +
"DwAwggEKAoIBAQCp7IDXT8J9iDMVAuLMTZS9oDD83BDkL5INGdXk1esTzyqXFmV2\n" +
"d5zNTr4A8w+YstkR081zL4MyEvHyQF1IlWoniRMXTZNMYYtU8dI8h2Fl5etSIEsc\n" +
"ArsAp3QMcoqEu4F4T68KPU7z1M5kYKevGqPsO4GJwjoydSZMLZMrq09yEyXlnE9l\n" +
"pNhyfFbQIp86mtXkY9nP3hn7JX6KMZSwAHbp7FtFkGfMx+usMnsMan+Z7UyWJE3o\n" +
"2cf29Fr9lBdV24gWAymyJA3BAW60wEI2JPYzIZVNn4zxmlkWk5sr+m5rUCXMzsyp\n" +
"G+rPk7YSpPutmczPe1BEiFwkgk+E5gZsNESbAgMBAAGjUzBRMB0GA1UdDgQWBBRm\n" +
"mZ3V6rNvJyG5DdYt1yo/Eiz+AjAfBgNVHSMEGDAWgBRmmZ3V6rNvJyG5DdYt1yo/\n" +
"Eiz+AjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBNHOWMa7f8\n" +
"iXwhET/6Rpu0JILusRrJVGXl3JOHxDsibUPAeZ4KI7VEEBw6ln0bKAFaYg+Nh9Xh\n" +
"dMuPC6e5wrX2Z912ncexa7BXDQDS4VyuvEGpp7rWFNtKRfc75hKmcRz+blgdhw9m\n" +
"gF1VcW3vBIjAUjMllRuyPlyXThgOPwcBXGEIewvyLXWbkNDFIeqycwsQsw5JJcbA\n" +
"Fh4alzjapSvSM84VS79u/MxaNZAtKpaymMaM05A8vIp8iHDm4N4AhIwHLT1mrtFt\n" +
"8y+3p4W6vtA+SlFGz8fQw5ppoxvPeJyHZmSmGeorcBv9XXWHhJ0rGz8UbE76xE0B\n" +
"EwC7yAE/SiA7\n" +
"-----END CERTIFICATE-----",
"30820277020100300d06092a864886f70d0101010500048202613082025d0201" +
"0002818100b6de64c454f326ea31251d9481e5d4c42c3b4df2f715e2b7942ad4" +
"defaee05edd728abc5a320b17ff079b9c9b6da0ccc7cebc9056460e8aacd4eb5" +
"c62352ed96601834333927494ad8dfe778a3a6dd0c5ed1dd56019d65c20acc36" +
"2aec5aefabe143cd32ae54a212f99ea554f56c156b5dadd061777abde4df6b4c" +
"4c1a927257020301000102818048af52bc1acbdededd13d4930fa28b9441c47c" +
"b222f5c6fc92df07676db3a815a61c9b51de0a03a347b10a609bd6459a0dd926" +
"38877261686a5c6bb1ca9e8ea2373870af7685e7d6cebd66faba65af2ef04bd9" +
"1244ae56900fcd6ce11207d8c4040176e4ba9fef3d563741a1027b229134cfe1" +
"c0a90d9c8eba9ce6349835e769024100e82494b6f777c784ffc29298d033e11d" +
"af46f0d464c4dbd950d46bcd697d0f0b49a77699f0111d408e8748f2b461ab8f" +
"210071c9c20d8ecee3ae229cb9c3954b024100c9a976f0011fcdc0ca7fb2f679" +
"974fa85d420c604ca7ff64fe4667a44f73088eef290d22195474039760e99325" +
"3ca45ee444588b150467d14451d3c45dab0ba5024019df39d3ca70c703c39d63" +
"c9342b1403c2ed1d1a0ec101df8e6a9e391e7099a4a068d187068261c8381a4b" +
"bf00eb81bb49ea4ac439a4592e25a1daa9acea67510241008c4640007497bdd4" +
"94473da26b33d06a29ecae9531dd4e2edf1cf42cfc42e53a1fac2b8183a3164c" +
"053999600c6fe15a4c682a3b1cb482ceb33a4416fc9ce52d024100e4f08cd10a" +
"5c8face0b20db86443d0a42e34dfdde236dae4f042a06dd3aff7ca159f8aa3b7" +
"854df41d510148096155204f2bf46c4a96e271747a4126a66ade6c"),
"308204be020100300d06092a864886f70d0101010500048204a8308204a40201" +
"000282010100a9ec80d74fc27d88331502e2cc4d94bda030fcdc10e42f920d19" +
"d5e4d5eb13cf2a97166576779ccd4ebe00f30f98b2d911d3cd732f833212f1f2" +
"405d48956a278913174d934c618b54f1d23c876165e5eb52204b1c02bb00a774" +
"0c728a84bb81784faf0a3d4ef3d4ce6460a7af1aa3ec3b8189c23a3275264c2d" +
"932bab4f721325e59c4f65a4d8727c56d0229f3a9ad5e463d9cfde19fb257e8a" +
"3194b00076e9ec5b459067ccc7ebac327b0c6a7f99ed4c96244de8d9c7f6f45a" +
"fd941755db88160329b2240dc1016eb4c0423624f63321954d9f8cf19a591693" +
"9b2bfa6e6b5025cccecca91beacf93b612a4fbad99cccf7b5044885c24824f84" +
"e6066c34449b0203010001028201005842e1357557678eec4198ab274590e1e2" +
"282fdf3ae2db96b8395831b1af962d8048d438458da1a3bea7d0a46fd077ed6a" +
"66228c16fcc570b3bd8a132a1579fb2927026ea7f8ff9db8b496e81bc5ca80df" +
"775c10c76edfa55a555bf5cedf5ce9c60d55b532dd24a7bfc0c1b7b7ab55c3e9" +
"b0c25661963de573a22494853a11dce95ea31417d3c87c806ef74cb6c8b7190c" +
"cfcdc2d21e8a756061c9e6cf40bca95d5aa43fb990b9492250ec9a752151320c" +
"b30a64beb0e17d83ad9ea702afcd5d8d6b7bfe11031aa27d83652e8db864bdbc" +
"447aee6e973018f77155aa24e05d3b7f9e232096ff93e8e2b1361b6cdbd4edf8" +
"dd88b46b178b38c34fe0ea5fc40f9102818100db14d91a4e8a89cc95a7cc687f" +
"2f2f295bc8a945826b3da840f871161ce2062f980d45b50172e744a308c0972e" +
"6f3f028465e6a59b75c0687bc3db4b69f5a931b73e9dedc6b05d41f4c1dd0575" +
"8e0460efba9bbb98f1c6ae3f018e2fb967a085dc5290ba8487703e1aee05fd90" +
"3c17867130c5676b7b9567a6fd61e9be6d660902818100c68f0053c621d52d65" +
"4ec381775e1b8fbf15ad391a0ad478d5b46374ad3f7c417a2f425f285999b4e6" +
"1672614ec6b4bad54400ecbc9e92f35cdab590a8cff4c029146a9b101d53950f" +
"7dddaa45946bfcf2a4e86bcddfc141a2cc49969519a326c7e5b001912e151d86" +
"b17f5789f39513c3f660c3e41f169a7668b22c17241e8302818100b86d0a7e4c" +
"d3ef40dc530f8e8052b63ef8d729382c9c1ea17f6025c2d9b9a43f789ee3a986" +
"78b61b5fabc485004002291a4fb6247f8456df1e21388079c8a61006149e5a46" +
"42bd9f026e18a3b9dc3def64a010ed91c926da148c38a8104a1e25d1dd679cbc" +
"684fa2d884bb62438372c2689307fb11ce4d6d9e73fb730c2d8811028181008d" +
"fda14c4739d68a9a11d3397835321c7f976ec290df01c64f7caa4abbc1d487b6" +
"6aa95a072edbfe4333f623a403f1265270490102799bb8b0c42e66fe7188230a" +
"bd70e6e685324a3c43d40a79ab83f5e5470c765b49119870650a92c69908d528" +
"ca162d68b6bd9ed9bd80c506ffcbb1d0c715b7c02083377e49ac705f34132502" +
"8180100e20febd1a5af92fdfc36aaf47d1a771cb1484d79e2389d5e6f47dc773" +
"512edef82676f9f9d5a77aac2f01d66fe864d85abcce47e3d22491421f959c1e" +
"5545c16fc5c5f5550ced81485dc237d9df8753cd6031e431bd34425e81b1e193" +
"c51a6d2c8a7cc01028f47b7fb7d79b481facb76c4775ff997f2e63acb3ff429c" +
"47b3"),
// This certificate is generated by the below commands:
// openssl dsaparam -genkey 1024 -out key.pem
// openssl genpkey -genparam -algorithm dsa -pkeyopt dsa_paramgen_bits:2048 \
// -pkeyopt dsa_paramgen_q_bits:256 -out param.pem
// openssl genpkey -paramfile param.pem -out key.pem
// openssl req -x509 -new -key key.pem -days 7300 \
// -subj "/CN=DSA_SHA1_1024" -sha1 -out cert.pem
DSA_SHA1_1024(
SignatureAlgorithm.DSA,
// -subj "/CN=DSA-2048-SHA256" -sha256 -out cer.pem
DSA_2048_SHA256(
KeyAlgorithm.DSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIICuzCCAnugAwIBAgIJAMAMLRrhQWQFMAkGByqGSM44BAMwGDEWMBQGA1UEAwwN\n" +
"RFNBX1NIQTFfMTAyNDAeFw0xNzExMDIwNjA4MDRaFw0zNzEwMjgwNjA4MDRaMBgx\n" +
"FjAUBgNVBAMMDURTQV9TSEExXzEwMjQwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEA\n" +
"8CspE1sE84pJ4YxzVHFEDNJvBaIxsbax03pDwNHr/ogP9PVwF9z1jT6hpC5WluHG\n" +
"g5n5gqpF2XpBhX2fKm1qqZWRxNvHKo0+zzAhUqMrvRJqcjlL4ijXndHldt67/VKS\n" +
"0eTKi9m64c+yJx80YYphCO5b93d2sTM29z8QZOlrbD8CFQCmttKnPAOk4uz8Z8cV\n" +
"uPGeGOMB9wKBgCItgPpAjW0srIwCaDysDNpydX6hB+1NTy1gFYl24n8edLGbR0mZ\n" +
"isteBd6LjMtgicRmtKZzKxW7igxoVvR3WHpTucFjms5NRNjPaj5wt3DxoXn4hyWk\n" +
"LzMvDeBvi+jKJiO0jnQ3+1NDOlAQy6ukeH59/gxZ3UmcNxDlAQ/IYHcpA4GEAAKB\n" +
"gEgvi72gL+zax7Y2hg4PL1PqZx2jFp0XlTIugiTrcsGytrAnn+/s2+3xVyVyvVMn\n" +
"0z5yL5eP9cdGA7qV1+7n6KJ8jNAhLCBSiC6x5ekd88aTlqnmt5lstk4w0Q0zSa58\n" +
"Hp6dCFg2Irk6Z9ERKaXJJBBS6reaFeATVROhN/LEEzzvo1AwTjAdBgNVHQ4EFgQU\n" +
"jb+HHABclGNR4lpf19nHFZpfwPQwHwYDVR0jBBgwFoAUjb+HHABclGNR4lpf19nH\n" +
"FZpfwPQwDAYDVR0TBAUwAwEB/zAJBgcqhkjOOAQDAy8AMCwCFDB3F/m6jsZdHaoy\n" +
"1xTp2U8uHBO+AhQYzeJuJd8/qRSDVLs8mesE8TQg2g==\n" +
"MIIEezCCBCCgAwIBAgIUYbBHFrJkO9EokOROEScK0dr3aVowCwYJYIZIAWUDBAMC\n" +
"MBoxGDAWBgNVBAMMD0RTQS0yMDQ4LVNIQTI1NjAeFw0xOTAxMTYwNjA4NTJaFw0z\n" +
"OTAxMTEwNjA4NTJaMBoxGDAWBgNVBAMMD0RTQS0yMDQ4LVNIQTI1NjCCA0cwggI5\n" +
"BgcqhkjOOAQBMIICLAKCAQEAnGTeaC+MitQykXl2UcGtJhkelRhBalZuzR9fh8Xf\n" +
"swSj2auVzhjkQfns6E14X72XLYDwHPQilh4ZSiC1cX7bpvohJ7CjbouGnT78Gwf0\n" +
"pfVMRBRfbNiwBQzFtzehAqlLPXyHWCPxAzW0EgzZh8asIofBEGmGh6sxlpXbEcCS\n" +
"Ra5Q2vdDRVksm4APHKwbS1F6L/0QDvjDAudWyLFdFMSBuoyeFwCf7Gr5lcVi538h\n" +
"MliXSAhJ7SXe4B9K/5/VicuzAffE+EZsZZuJKeQ4oHz8xtycdMcW86Iag1i/POzD\n" +
"0Z7c5p9j1zDgms1ZRSz4fd7YgNGjmmf6dYJlZmCX4w9YiwIhALnVATHxZmk7G1kf\n" +
"LGX7SMeflAhA/D3EPA5QWdgTc0orAoIBAGYTWMnKHBF4oMKUsx6lF6KvSrqFQ0+j\n" +
"mWN1RNAGiVYm/Js9sc7jolZCbVTWM7GblO2DxiKed3FtcL3xw4P6l3GU7kFthsjh\n" +
"bHbMG58s5JVboLX50wZo1uBOb0kRcZYjYTfUwbBYpGNnl7xfQsZ/Bxq/wzyn4gxb\n" +
"+C0pu/vzmko+opKfFr9a2EL+ADvQhPd6y/L0YcpiTihvfXDWu+n3bNlwhUZYevux\n" +
"SPVkQH3h5YEqXePF7UeY506/2sr41/xCbCkuH+Ob77Cy1IjMqr4OpXzj6wCSjlFy\n" +
"Re66yqsjGpuBeTtsn9lKmlFVl4QUdw7XYbRubafNFEdd5IazMflCcgMDggEGAAKC\n" +
"AQEAnF3/TT0nYzfwY6/+lmoqoBtGU4of7RK4U3Jdhf6dj755GwgsPGAz3Rzh/hq/\n" +
"B3fuyrtnE/aU0EK1dtRNqnKeFsMCURBi3sWYYe7vamw5TukFMSUOuH76v75b26c+\n" +
"nTfZF30iDz+66Z5gcOSwhz9aLCnF/wYwijnzagnCF4m0Nhwsjtz4qECMPfL/Rkx8\n" +
"s83tUF53mx5o8WCYMNr4yJGcHEkautvZN05zwoxZTPKZNngWeCUAY07XwOYHTUvx\n" +
"C9Sxiom9k1pZPbHZnGpUx96at2dMoeTeHR6xF/0QpiIb4wLpOg/CRxsopBmhEl0S\n" +
"BEXYNIcrXLwVBLvJD6H44DxRiqNTMFEwHQYDVR0OBBYEFCr6C8Bl7wjz5L3cYMG3\n" +
"/ZFe7Ee0MB8GA1UdIwQYMBaAFCr6C8Bl7wjz5L3cYMG3/ZFe7Ee0MA8GA1UdEwEB\n" +
"/wQFMAMBAf8wCwYJYIZIAWUDBAMCA0gAMEUCIArByiqjCG1ZuOVY91OPa9g8q60y\n" +
"/BSRWRgikEuq3AbgAiEAoZoKXW80FTMxv/9tFy0N7OrUV4rc9+AUBSTuRCuTAk4=\n" +
"-----END CERTIFICATE-----",
"3082014a0201003082012b06072a8648ce3804013082011e02818100f02b2913" +
"5b04f38a49e18c735471440cd26f05a231b1b6b1d37a43c0d1ebfe880ff4f570" +
"17dcf58d3ea1a42e5696e1c68399f982aa45d97a41857d9f2a6d6aa99591c4db" +
"c72a8d3ecf302152a32bbd126a72394be228d79dd1e576debbfd5292d1e4ca8b" +
"d9bae1cfb2271f34618a6108ee5bf77776b13336f73f1064e96b6c3f021500a6" +
"b6d2a73c03a4e2ecfc67c715b8f19e18e301f7028180222d80fa408d6d2cac8c" +
"02683cac0cda72757ea107ed4d4f2d60158976e27f1e74b19b4749998acb5e05" +
"de8b8ccb6089c466b4a6732b15bb8a0c6856f477587a53b9c1639ace4d44d8cf" +
"6a3e70b770f1a179f88725a42f332f0de06f8be8ca2623b48e7437fb53433a50" +
"10cbaba4787e7dfe0c59dd499c3710e5010fc8607729041602146ef9db36045f" +
"bcd8c7fd82ba29c5c5057ed11c7f"),
"308202640201003082023906072a8648ce3804013082022c02820101009c64de" +
"682f8c8ad43291797651c1ad26191e9518416a566ecd1f5f87c5dfb304a3d9ab" +
"95ce18e441f9ece84d785fbd972d80f01cf422961e194a20b5717edba6fa2127" +
"b0a36e8b869d3efc1b07f4a5f54c44145f6cd8b0050cc5b737a102a94b3d7c87" +
"5823f10335b4120cd987c6ac2287c110698687ab319695db11c09245ae50daf7" +
"4345592c9b800f1cac1b4b517a2ffd100ef8c302e756c8b15d14c481ba8c9e17" +
"009fec6af995c562e77f21325897480849ed25dee01f4aff9fd589cbb301f7c4" +
"f8466c659b8929e438a07cfcc6dc9c74c716f3a21a8358bf3cecc3d19edce69f" +
"63d730e09acd59452cf87dded880d1a39a67fa758265666097e30f588b022100" +
"b9d50131f166693b1b591f2c65fb48c79f940840fc3dc43c0e5059d813734a2b" +
"02820100661358c9ca1c1178a0c294b31ea517a2af4aba85434fa399637544d0" +
"06895626fc9b3db1cee3a256426d54d633b19b94ed83c6229e77716d70bdf1c3" +
"83fa977194ee416d86c8e16c76cc1b9f2ce4955ba0b5f9d30668d6e04e6f4911" +
"7196236137d4c1b058a4636797bc5f42c67f071abfc33ca7e20c5bf82d29bbfb" +
"f39a4a3ea2929f16bf5ad842fe003bd084f77acbf2f461ca624e286f7d70d6bb" +
"e9f76cd9708546587afbb148f564407de1e5812a5de3c5ed4798e74ebfdacaf8" +
"d7fc426c292e1fe39befb0b2d488ccaabe0ea57ce3eb00928e517245eebacaab" +
"231a9b81793b6c9fd94a9a5155978414770ed761b46e6da7cd14475de486b331" +
"f942720304220220509dd213cc9769e93825063a4a60500f67c4b979f6504b2f" +
"ccdbefb3ab8fe6da"),
// This certificate is generated by the below commands:
// openssl dsaparam -genkey 1024 -out key.pem
// openssl genpkey -genparam -algorithm dsa -pkeyopt dsa_paramgen_bits:2048 \
// -pkeyopt dsa_paramgen_q_bits:256 -out param.pem
// openssl genpkey -paramfile param.pem -out key.pem
// openssl req -x509 -new -key key.pem -days 7300 \
// -subj "/CN=www.example.com" -sha1 -out cert.pem
DSA_EXAMPLE_SHA1_1024(
SignatureAlgorithm.DSA,
// -subj "/CN=EXAMPLE" -sha256 -out cer.pem
EXAMPLE_DSA_2048_SHA256(
KeyAlgorithm.DSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIICwDCCAoCgAwIBAgIJAI5mKbdK5ZqyMAkGByqGSM44BAMwGjEYMBYGA1UEAwwP\n" +
"d3d3LmV4YW1wbGUuY29tMB4XDTE3MTEwMjA1NDczOVoXDTM3MTAyODA1NDczOVow\n" +
"GjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMIIBtzCCASwGByqGSM44BAEwggEf\n" +
"AoGBANVGWRSlxVZQKlVrTDcU/6Mr8QFlR3kGKmkvdbTHH1EhcP7YlZ7CJ30VBDbN\n" +
"LS2HvN3HHNooJ7hHBheL5Yz8EZIUa95TzPukZ1TmCo9fufR5i9HWj9Z8jLhyqx3l\n" +
"iUZOYN9H0MSn4ftK6dr5oTz2ZGYDblXDCq6R8qZfuw1URFqrAhUArx0nmGEI/1S/\n" +
"qyxnV4I6ItOntxMCgYEAxZKIZ/7aOGfzaQG2wRFdD/viHBZkkcxCsgmPUroQVUIw\n" +
"dqmUnfYk8cb02LCevhhSwcjfocQsA3y1jufIUdWaHuIB9W3EsFJQNd/Byh9j/pRD\n" +
"7zH/8lnBzJh2S7y10Vg840STVo5+ekZb4E+W7KK5gUaEQ6kAtUIIB0xjNz7RWs4D\n" +
"gYQAAoGAPVQKWqJSlMrbU4XEsx50Ur8P84CwMnS7WcQNLnih1ScaK2BijgVj5Fny\n" +
"9JZxITwj7XD7FWriq3kTjbydi3iAvrgVWij79x5Z7fTRCuoBVmtnAFkVGalwbGr2\n" +
"ghz70y6hep2Evb1pRCrHjRkMaJFE5Y2CA7VbpKoat+j47/LkXJ2jUDBOMB0GA1Ud\n" +
"DgQWBBSVjWy3SpaDfnFo+37mZJqX2aybzTAfBgNVHSMEGDAWgBSVjWy3SpaDfnFo\n" +
"+37mZJqX2aybzTAMBgNVHRMEBTADAQH/MAkGByqGSM44BAMDLwAwLAIUd5NOlcfX\n" +
"5rakT9H8UzlFcFQLr0MCFGrEYvlFUf/HJOH4FwXS2jEholBB\n" +
"MIIEaTCCBA+gAwIBAgIUckU2myqkWak+Svv0FFJX91vv1jMwCwYJYIZIAWUDBAMC\n" +
"MBIxEDAOBgNVBAMMB0VYQU1QTEUwHhcNMTkwMTE2MDYwODUzWhcNMzkwMTExMDYw\n" +
"ODUzWjASMRAwDgYDVQQDDAdFWEFNUExFMIIDRjCCAjkGByqGSM44BAEwggIsAoIB\n" +
"AQDGmXUxMKzLIVUQUy4lu4fbnv8fRXtWIbv1jxWATCNFiFt4cUxrr7GVC16MGrgm\n" +
"FtMIHXWwFlq2wTL0RhVp2WPIPQzxCwQFivQjpdewVCB1BoJ1ozlvQjU4hri5Ymdt\n" +
"ebe90uT8NsvrQrSKYCl+/pPNiZKT8oX1aKzRYPQLn0bVXUicWlACoLfHGM4irjEC\n" +
"4JezC/tdLleeNYNpy2/dKYu/atyN/u0d+dPRLWBCw6/qCRn1yRAv04GC3WYBlSXz\n" +
"f9OKlCH5kfm9sLyatz/RWDqOb/YWW2Rk7UTKAnoTAyB+I9yUXg6Gad2csNkxXv55\n" +
"9oJAhdhsOS5cdBoqlZEahIFBAiEAjiMCVBGpnAxjb2dXM/Eec7EfThflQXbl33Zn\n" +
"Uq3AAsUCggEAaBNP9Uttfs1eV/38aurLd3T1OiM0CF7DPxE0qpSM9dQz9cKZajIE\n" +
"lsVTGOLBC5/+VSat9t1VG+JoyvSspkvk97/mxx0WCz/QAYTdwCXVuMuSv+EqeOMP\n" +
"lCxEdbOS8pfD8shOK+pnDSHMJvURYxB+fJkHHeXfwesH3632Vq0GlJ8PgXH5NLHM\n" +
"MWv7oZjyZMnGWDq2taJcZZG5ETNda2fATNCF9Al430MUxie2Sp50vA1KEtyUqMu+\n" +
"CLpyOynPHi96TWHNfD23TmKFVN9Uh2nUNIpUk8NMKBwg2O7FvvNnKfbl44ikuCnc\n" +
"06U7SdF3y8NRdwyayMI3BkOsV8mkoMwUgAOCAQUAAoIBADK2c1Gl3+6zrFU8Uhro\n" +
"5lFnDy3UYXINpdtWR/8T0FJ6YMax70VCkyxucq3AUnmq9AQtFijjmXDnxzD5g7IS\n" +
"zOU/28Kg1Mmw26uzrpUZPiixNU7v/xzE37M0Ig3VCEQ9mw57/yv8gwZurHtsokGt\n" +
"k0lzH/krhYPCOpskg6NulGq5lGsnNVdPkSkiAWZFHTysgKgxvMUxXj0bUm4ZyNw6\n" +
"Lp2bFHKbmSeTy3OLo/Kvd7BIjhV+Bi5LFh7h8spf6SC7qyEm0X7Keu+61xkFHU8a\n" +
"aghnGQYwuzpTp+hsbAJdHwVLw9ElqEoaVp3rAmxtsdzqhZSxcMZoypbjEJpiZ1/v\n" +
"fQCjUzBRMB0GA1UdDgQWBBRTPXqHl7VKr5U94p9c882ge9DOXzAfBgNVHSMEGDAW\n" +
"gBRTPXqHl7VKr5U94p9c882ge9DOXzAPBgNVHRMBAf8EBTADAQH/MAsGCWCGSAFl\n" +
"AwQDAgNHADBEAiAOQxtKiMImXKWQvUKZxoUc+chXRxAj3UD3Zj7RksPF2AIgf8HG\n" +
"hOnr3hzIej3Da2Ty9RTittcgZ14boraO/Vlx9Jo=\n" +
"-----END CERTIFICATE-----",
"3082014c0201003082012c06072a8648ce3804013082011f02818100d5465914" +
"a5c556502a556b4c3714ffa32bf101654779062a692f75b4c71f512170fed895" +
"9ec2277d150436cd2d2d87bcddc71cda2827b84706178be58cfc1192146bde53" +
"ccfba46754e60a8f5fb9f4798bd1d68fd67c8cb872ab1de589464e60df47d0c4" +
"a7e1fb4ae9daf9a13cf66466036e55c30aae91f2a65fbb0d54445aab021500af" +
"1d27986108ff54bfab2c6757823a22d3a7b71302818100c5928867feda3867f3" +
"6901b6c1115d0ffbe21c166491cc42b2098f52ba1055423076a9949df624f1c6" +
"f4d8b09ebe1852c1c8dfa1c42c037cb58ee7c851d59a1ee201f56dc4b0525035" +
"dfc1ca1f63fe9443ef31fff259c1cc98764bbcb5d1583ce34493568e7e7a465b" +
"e04f96eca2b981468443a900b54208074c63373ed15ace0417021500abf47692" +
"88c6ac41e2802e7eb7addba367339318"),
"308202640201003082023906072a8648ce3804013082022c0282010100c69975" +
"3130accb215510532e25bb87db9eff1f457b5621bbf58f15804c2345885b7871" +
"4c6bafb1950b5e8c1ab82616d3081d75b0165ab6c132f4461569d963c83d0cf1" +
"0b04058af423a5d7b0542075068275a3396f42353886b8b962676d79b7bdd2e4" +
"fc36cbeb42b48a60297efe93cd899293f285f568acd160f40b9f46d55d489c5a" +
"5002a0b7c718ce22ae3102e097b30bfb5d2e579e358369cb6fdd298bbf6adc8d" +
"feed1df9d3d12d6042c3afea0919f5c9102fd38182dd66019525f37fd38a9421" +
"f991f9bdb0bc9ab73fd1583a8e6ff6165b6464ed44ca027a1303207e23dc945e" +
"0e8669dd9cb0d9315efe79f6824085d86c392e5c741a2a95911a848141022100" +
"8e23025411a99c0c636f675733f11e73b11f4e17e54176e5df766752adc002c5" +
"0282010068134ff54b6d7ecd5e57fdfc6aeacb7774f53a2334085ec33f1134aa" +
"948cf5d433f5c2996a320496c55318e2c10b9ffe5526adf6dd551be268caf4ac" +
"a64be4f7bfe6c71d160b3fd00184ddc025d5b8cb92bfe12a78e30f942c4475b3" +
"92f297c3f2c84e2bea670d21cc26f51163107e7c99071de5dfc1eb07dfadf656" +
"ad06949f0f8171f934b1cc316bfba198f264c9c6583ab6b5a25c6591b911335d" +
"6b67c04cd085f40978df4314c627b64a9e74bc0d4a12dc94a8cbbe08ba723b29" +
"cf1e2f7a4d61cd7c3db74e628554df548769d4348a5493c34c281c20d8eec5be" +
"f36729f6e5e388a4b829dcd3a53b49d177cbc351770c9ac8c2370643ac57c9a4" +
"a0cc1480042202201ba738489c54dddd5ffbf0009ef9d11851182235a251a410" +
"4a6354181ecd0348"),
// This certificate is generated by the below commands:
// openssl ecparam -name prime256v1 -genkey -out key.pem
// openssl req -new -key key.pem -x509 -nodes -days 7300 \
// -subj "/CN=ECDSA_SHA1_prime256v1" -sha1 -out cert.pem
ECDSA_SHA1_PRIME256V1(
SignatureAlgorithm.ECDSA,
// openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 \
// -pkeyopt ec_param_enc:named_curve -out key.pem
// openssl req -x509 -new -key key.pem \
// -subj "/CN=ECDSA-SECP256-SHA256" -sha256 -out cer.pem
ECDSA_PRIME256V1_SHA256(
KeyAlgorithm.EC,
"-----BEGIN CERTIFICATE-----\n" +
"MIIBhDCCASygAwIBAgIJAKW4wuujp9JbMAkGByqGSM49BAEwIDEeMBwGA1UEAwwV\n" +
"RUNEU0FfU0hBMV9wcmltZTI1NnYxMB4XDTE3MDkwNzAyMTA0MVoXDTM3MDkwMjAy\n" +
"MTA0MVowIDEeMBwGA1UEAwwVRUNEU0FfU0hBMV9wcmltZTI1NnYxMFkwEwYHKoZI\n" +
"zj0CAQYIKoZIzj0DAQcDQgAEdbE+AMwsFBf73YXRVwsvsx2dMt1xgDxj/4pN+BfY\n" +
"LWnO94beeZcrCJ1/N8CHmDOce7KRDR6/9kpi20wFAVXZ3KNQME4wHQYDVR0OBBYE\n" +
"FA/hB2ODDNdz1JF08u2uhknhlsVoMB8GA1UdIwQYMBaAFA/hB2ODDNdz1JF08u2u\n" +
"hknhlsVoMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNHADBEAiBNxv2L2FW+6+w/\n" +
"QtDe+YSUNRj3F8QrpLkfGk7rVaOiHQIgVF2pWJ5ytg0pbCuO8Bh+UZ7zfZUD03s8\n" +
"ZuIYW7RtMe0=\n" +
"MIIBkzCCATmgAwIBAgIUXebzNfSMvdkNrc5175FM6dE/gxwwCgYIKoZIzj0EAwIw\n" +
"HzEdMBsGA1UEAwwURUNEU0EtU0VDUDI1Ni1TSEEyNTYwHhcNMTkwMTE2MDYwODQx\n" +
"WhcNMTkwMjE1MDYwODQxWjAfMR0wGwYDVQQDDBRFQ0RTQS1TRUNQMjU2LVNIQTI1\n" +
"NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOp7VcLfpVc5ghO0HlYjwH+YSAf7\n" +
"zTShLeoY35PwqcoUgg9DBR4g7rM3xovOKxGZ5uORD8vo5l9L0+53f2+7YH+jUzBR\n" +
"MB0GA1UdDgQWBBSmW8/6KP8EJKBVlfmFkBSbVWTEWzAfBgNVHSMEGDAWgBSmW8/6\n" +
"KP8EJKBVlfmFkBSbVWTEWzAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gA\n" +
"MEUCIQCtGdW3Xl5OzX7QiwtiT6pbIrm6eCUwN/vVoMfs3Yn5rgIgCbLidpdMpFrd\n" +
"HWB2/mVxQegLBCOIGMVPXrTat4A76As=\n" +
"-----END CERTIFICATE-----",
"308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02" +
"010104204d901d5efd0e3def78d5307788a4c760115effce4b9e2c31ae5860b6" +
"c11915aca1440342000475b13e00cc2c1417fbdd85d1570b2fb31d9d32dd7180" +
"3c63ff8a4df817d82d69cef786de79972b089d7f37c08798339c7bb2910d1ebf" +
"f64a62db4c050155d9dc"),
"01010420aa9602d20de7ebfc2787a6e5ae20166d1e8d8bd29b4e5f046414bae8" +
"9a8e7eb9a14403420004ea7b55c2dfa557398213b41e5623c07f984807fbcd34" +
"a12dea18df93f0a9ca14820f43051e20eeb337c68bce2b1199e6e3910fcbe8e6" +
"5f4bd3ee777f6fbb607f"),
// This certificate is generated by the below commands:
// openssl ecparam -name prime256v1 -genkey -out key.pem
// openssl req -new -key key.pem -x509 -nodes -days 7300 \
// -subj "/CN=www.example.com" -sha1 -out cert.pem
ECDSA_EXAMPLE_SHA1_PRIME256V1(
SignatureAlgorithm.ECDSA,
// openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 \
// -pkeyopt ec_param_enc:named_curve -out key.pem
// openssl req -x509 -new -key key.pem \
// -subj "/CN=EXAMPLE" -sha256 -out cer.pem
EXAMPLE_ECDSA_PRIME256V1_SHA256(
KeyAlgorithm.EC,
"-----BEGIN CERTIFICATE-----\n" +
"MIIBeDCCASCgAwIBAgIJAMxOXBpiJ5mDMAkGByqGSM49BAEwGjEYMBYGA1UEAwwP\n" +
"d3d3LmV4YW1wbGUuY29tMB4XDTE3MTEwMjA1MTg0MVoXDTM3MTAyODA1MTg0MVow\n" +
"GjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" +
"AQcDQgAER9IyuwyrJ7X9DmIqGC3YNTlWBt4Fo/Y3RnlcxhTVxb/ZAYVNhqe4MbSM\n" +
"2nsVnYMjjXXDav1plNKvmgGDf9s/saNQME4wHQYDVR0OBBYEFHNUTaIIEA89uNKH\n" +
"OOUgJ981Qj5HMB8GA1UdIwQYMBaAFHNUTaIIEA89uNKHOOUgJ981Qj5HMAwGA1Ud\n" +
"EwQFMAMBAf8wCQYHKoZIzj0EAQNHADBEAiBCW59S1nE15j8euO6/q9bM6J9Ci5xJ\n" +
"WWAVznGGxnS/HgIgFaFKC31uxTXoBN7QN0yW/umQgJ0nsjwj7Pnxc0wNyw8=\n" +
"MIIBeTCCAR+gAwIBAgIUWZkzN4WOoj7HUYLoWtgy+ad/zjswCgYIKoZIzj0EAwIw\n" +
"EjEQMA4GA1UEAwwHRVhBTVBMRTAeFw0xOTAxMTYwNjA4NDFaFw0xOTAyMTUwNjA4\n" +
"NDFaMBIxEDAOBgNVBAMMB0VYQU1QTEUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\n" +
"AAQMzWjRuN9r2/kcVYyHFpKduuYj2VFRXo81qd+EcyjnLZab5m9RqIYy6iDUvZk5\n" +
"w8wHeHGpMybPzNSEQ2mVY5Yvo1MwUTAdBgNVHQ4EFgQUUhVK37nQDP6OEW5w7XEb\n" +
"p8/sCxMwHwYDVR0jBBgwFoAUUhVK37nQDP6OEW5w7XEbp8/sCxMwDwYDVR0TAQH/\n" +
"BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEA9B2e4TWZKMxS8/uyVjl6D+cyqsPU\n" +
"7/qATL5cTK1AIUACID8BPfcPE46ARCretiGWywVuQzAVKz1fkjwEwLmAo+2x\n" +
"-----END CERTIFICATE-----",
"308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02" +
"010104209aa3784cd0c1fe0553e59b3c7b8f08c8fdaffd94f34e2c1683243a79" +
"7b64b673a1440342000447d232bb0cab27b5fd0e622a182dd835395606de05a3" +
"f63746795cc614d5c5bfd901854d86a7b831b48cda7b159d83238d75c36afd69" +
"94d2af9a01837fdb3fb1");
"01010420ed3600c6b62b351b48b4c61f37c46c45460ff599aa7f9c2d79635d0e" +
"147c23a3a144034200040ccd68d1b8df6bdbf91c558c8716929dbae623d95151" +
"5e8f35a9df847328e72d969be66f51a88632ea20d4bd9939c3cc077871a93326" +
"cfccd48443699563962f"),
public final SignatureAlgorithm signatureAlgorithm;
// This certificate is generated by the below commands:
// openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 \
// -pkeyopt ec_param_enc:named_curve -out key.pem
// openssl req -new -key key.pem \
// -subj "/CN=EC-RSA-SECP256-SHA256" -sha256 -out csr.pem
// openssl x509 -req -CAcreateserial -in csr.pem -sha256 \
// -CA CA.cer -CAkey CA.key -out cer.pem
// Actually the CA is RSA_2048_SHA256
EC_RSA_PRIME256V1_SHA256(
KeyAlgorithm.EC,
"-----BEGIN CERTIFICATE-----\n" +
"MIIB9TCB3gIUIpSnxoBfFOKeRdx52FvEKuk1uvYwDQYJKoZIhvcNAQELBQAwGjEY\n" +
"MBYGA1UEAwwPUlNBLTIwNDgtU0hBMjU2MB4XDTE5MDExNjA2MDg0NloXDTE5MDIx\n" +
"NTA2MDg0NlowIDEeMBwGA1UEAwwVRUMtUlNBLVNFQ1AyNTYtU0hBMjU2MFkwEwYH\n" +
"KoZIzj0CAQYIKoZIzj0DAQcDQgAETcLM10u7ehsxJQbX3ypbSRMz7ZDkFS/QsmPF\n" +
"04NSwiBncQPjtpaPSshVDJzigEDfACcwIdO0BH4Eh2oHcB6hDzANBgkqhkiG9w0B\n" +
"AQsFAAOCAQEAHg06hhIec3ctUh7pao53ZF3SVJ/Pty4rgQ3Hb5gNhZHrmYWldj6J\n" +
"UagMRtfX0fJwzIdY0kNTol38es+6XDTCdYsaDDw4Ix1yF/xoExu6PqJ49npMVxqB\n" +
"yeXwg8aDB9sbmeczZp0kWa1DiN3HgJGoA8HbPOUZbuetCVl2ME82ZPdKdLaHgjO/\n" +
"Af3/gjYGVR27YB5sVIXkq3wJ5wEF+EvePKQZqnHFLhjz0xIIyp7mU6NFr26TsNh0\n" +
"JYecs5S0ydhf41x9GS4p8KpqRcfAOX4z5DEBe+BjgSuprGZabflFCbZ/PQrtBmdp\n" +
"5+cg/cNcA3zEXnsAzLu2R/+73/h9v75g/Q==\n" +
"-----END CERTIFICATE-----",
"308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02" +
"010104200ab17f2b70ba744b08564635ebfc535c60d43139e1c722cfb9c7152e" +
"9faad5b3a144034200044dc2ccd74bbb7a1b312506d7df2a5b491333ed90e415" +
"2fd0b263c5d38352c220677103e3b6968f4ac8550c9ce28040df00273021d3b4" +
"047e04876a07701ea10f"),
// This certificate is generated by the below commands:
// openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 \
// -pkeyopt ec_param_enc:named_curve -out key.pem
// openssl req -new -key key.pem -subj "/CN=EXAMPLE" -sha256 -out csr.pem
// openssl x509 -req -CAcreateserial -in csr.pem -sha256 \
// -CA CA.cer -CAkey CA.key -out cer.pem
// Actually the CA is EXAMPLE_RSA_2048_SHA256
EXAMPLE_EC_RSA_PRIME256V1_SHA256(
KeyAlgorithm.EC,
"-----BEGIN CERTIFICATE-----\n" +
"MIIB3zCByAIUbogHun+2LFxbX9B5fImITzFQVfIwDQYJKoZIhvcNAQELBQAwEjEQ\n" +
"MA4GA1UEAwwHRVhBTVBMRTAeFw0xOTAxMTYwNjA4NDZaFw0xOTAyMTUwNjA4NDZa\n" +
"MBIxEDAOBgNVBAMMB0VYQU1QTEUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA\n" +
"pPapPXO0qJO7mDm9dTuSKdsxWatAaloJZnwenBFIY8krulHd8VPSGbERmxRBY/z2\n" +
"+MH8dwaC1t9DAFb+1qdWMA0GCSqGSIb3DQEBCwUAA4IBAQA3SfXMUFj7xCl7nR8L\n" +
"/6mf0La/q4O1pGKmVpy55aP7dZmY3xzaPtDFevdnMqb7tBTiLl0Y8OehMQW/8usb\n" +
"qtcYPekZJV5g1ezMhyB/AHecotfsrBS7l9r+IWYf/GUoQ8izC1srNXVrqDCt0cbB\n" +
"o7bc0lQFhI+rcMt1AzQtrNkVhX0dcBbLyhNJzgyAXatSB5R0/R3kTddUZfrOtOoC\n" +
"IXUZJRQ7hZKx7qi/U4+q246IuKSSp2SjFTU1QpeO4/Q06eJ3sbtx5Nd1Rfzlo2Jq\n" +
"uYi8szOupFC8xKCB+odMndHvh1QO/8E4e4r0mShkrnK3M/lKiwi67yl3Jk9uY9ls\n" +
"X5Q6\n" +
"-----END CERTIFICATE-----",
"308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02" +
"01010420618ff6a884185b97322aaeab5f9fdf8a14ab18d0478565317b483db0" +
"0f3b5bf6a1440342000480a4f6a93d73b4a893bb9839bd753b9229db3159ab40" +
"6a5a09667c1e9c114863c92bba51ddf153d219b1119b144163fcf6f8c1fc7706" +
"82d6df430056fed6a756");
public final KeyAlgorithm keyAlgorithm;
public final String certMaterials;
public final String privKeyMaterials;
private Cert(
SignatureAlgorithm signatureAlgorithm,
KeyAlgorithm keyAlgorithm,
String certMaterials,
String privKeyMaterials) {
this.signatureAlgorithm = signatureAlgorithm;
this.keyAlgorithm = keyAlgorithm;
this.certMaterials = certMaterials;
this.privKeyMaterials = privKeyMaterials;
}
// Two certificates (mainCert and exampleCert) are selected to respect the
// specified cipher suite. SNI-associated cases specify exampleCert as desired.
public static Cert[] getCerts(String cipherSuite) {
Cert mainCert = Cert.DSA_SHA1_1024;
Cert exampleCert = Cert.DSA_EXAMPLE_SHA1_1024;
if (cipherSuite.contains("_ECDHE_RSA_")) {
mainCert = Cert.RSA_SHA1_1024;
exampleCert = Cert.RSA_EXAMPLE_SHA1_1024;
} else if (cipherSuite.contains("_EC")) {
mainCert = Cert.ECDSA_SHA1_PRIME256V1;
exampleCert = Cert.ECDSA_EXAMPLE_SHA1_PRIME256V1;
} else if (cipherSuite.contains("_RSA")) {
mainCert = Cert.RSA_SHA1_1024;
exampleCert = Cert.RSA_EXAMPLE_SHA1_1024;
public static Cert[] getCerts(CipherSuite cipherSuite) {
Cert mainCert = Cert.ECDSA_PRIME256V1_SHA256;
Cert exampleCert = Cert.EXAMPLE_ECDSA_PRIME256V1_SHA256;
if (cipherSuite.keyExAlgorithm == KeyExAlgorithm.ECDHE_RSA
|| cipherSuite.keyExAlgorithm == KeyExAlgorithm.DHE_RSA
|| cipherSuite.keyExAlgorithm == KeyExAlgorithm.RSA) {
mainCert = Cert.RSA_2048_SHA256;
exampleCert = Cert.EXAMPLE_RSA_2048_SHA256;
} else if (cipherSuite.keyExAlgorithm == KeyExAlgorithm.ECDH_RSA) {
mainCert = Cert.EC_RSA_PRIME256V1_SHA256;
exampleCert = Cert.EXAMPLE_EC_RSA_PRIME256V1_SHA256;
} else if (cipherSuite.keyExAlgorithm == KeyExAlgorithm.DHE_DSS) {
mainCert = Cert.DSA_2048_SHA256;
exampleCert = Cert.EXAMPLE_DSA_2048_SHA256;
}
System.out.printf("mainCert=%s, exampleCert=%s%n",
mainCert, exampleCert);
return new Cert[] { mainCert, exampleCert };
}
}
enum SignatureAlgorithm {
RSA, DSA, ECDSA;
}

4
test/jdk/javax/net/ssl/compatibility/Client.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -137,7 +137,7 @@ public class Client {
Status status = Status.SUCCESS;
Client client = null;
try {
client = new Client(Cert.getCerts(cipherSuite));
client = new Client(Cert.getCerts(CipherSuite.cipherSuite(cipherSuite)));
client.setEnabledProtocols(protocol);
client.setEnabledCipherSuites(cipherSuite);

36
test/jdk/javax/net/ssl/compatibility/Compatibility.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,8 +28,8 @@
* Note that, this is a manual test. For more details about the test and
* its usages, please look through README.
*
* @library /test/lib
* @compile -source 1.7 -target 1.7 JdkUtils.java Parameter.java Server.java Client.java
* @library /test/lib ../TLSCommon
* @compile -source 1.7 -target 1.7 JdkUtils.java Server.java Client.java
* @run main/manual Compatibility
*/
@ -81,20 +81,16 @@ public class Compatibility {
for (UseCase useCase : UseCase.getAllUseCases()) {
for (JdkInfo serverJdk : jdkInfos) {
if (useCase.ignoredByJdk(serverJdk)) {
continue;
}
Map<String, String> props = new LinkedHashMap<>();
if (debug) {
props.put("javax.net.debug", "ssl");
props.put("javax.net.debug", "all");
}
props.put("java.security.properties", javaSecurityFile);
props.put(Utils.PROP_PROTOCOL, useCase.protocol.version);
props.put(Utils.PROP_PROTOCOL, useCase.protocol.name);
props.put(Utils.PROP_CIPHER_SUITE, useCase.cipherSuite.name());
props.put(Utils.PROP_CLIENT_AUTH, useCase.clientAuth.name());
if (useCase.appProtocol != AppProtocol.NONE) {
props.put(Utils.PROP_CLIENT_AUTH, String.valueOf(useCase.clientAuth));
if (useCase.appProtocol != UseCase.AppProtocol.NONE) {
props.put(Utils.PROP_APP_PROTOCOLS,
Utils.join(Utils.VALUE_DELIMITER,
useCase.appProtocol.appProtocols));
@ -109,14 +105,10 @@ public class Compatibility {
serverJdk.supportsALPN + "");
for (JdkInfo clientJdk : jdkInfos) {
if (useCase.ignoredByJdk(clientJdk)) {
continue;
}
TestCase testCase = new TestCase(serverJdk, clientJdk,
useCase);
System.out.println(Utils.anchorName(testCase.toString(),
"----- Case start -----"));
"===== Case start ====="));
System.out.println(testCase.toString());
props.put(Utils.PROP_NEGATIVE_CASE_ON_SERVER,
@ -138,7 +130,7 @@ public class Compatibility {
clientJdk.supportsSNI + "");
props.put(Utils.PROP_SUPPORTS_ALPN_ON_CLIENT,
clientJdk.supportsALPN + "");
if (useCase.serverName != ServerName.NONE) {
if (useCase.serverName != UseCase.ServerName.NONE) {
props.put(Utils.PROP_SERVER_NAME,
useCase.serverName.name);
}
@ -158,7 +150,7 @@ public class Compatibility {
"ServerStatus=%s, ClientStatus=%s, CaseStatus=%s%n",
serverStatus, clientStatus, testCase.getStatus());
System.out.println("----- Case end -----");
System.out.println("===== Case end =====");
}
}
}
@ -309,14 +301,14 @@ public class Compatibility {
i + ""),
testCase.serverJdk.version,
testCase.clientJdk.version,
testCase.useCase.protocol.version,
testCase.useCase.protocol.name,
testCase.useCase.cipherSuite,
Utils.boolToStr(
testCase.useCase.clientAuth == ClientAuth.TRUE),
testCase.useCase.clientAuth),
Utils.boolToStr(
testCase.useCase.serverName == ServerName.EXAMPLE),
testCase.useCase.serverName == UseCase.ServerName.EXAMPLE),
Utils.boolToStr(
testCase.useCase.appProtocol == AppProtocol.EXAMPLE),
testCase.useCase.appProtocol == UseCase.AppProtocol.EXAMPLE),
testCase.getStatus()));
failed = failed
|| testCase.getStatus() == Status.FAIL

21
test/jdk/javax/net/ssl/compatibility/JdkInfo.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,7 +31,8 @@ public class JdkInfo {
public final String jdkPath;
public final String version;
public final boolean supportsECKey;
public final String supportedProtocols;
public final String supportedCipherSuites;
public final boolean supportsSNI;
public final boolean supportsALPN;
@ -46,9 +47,10 @@ public class JdkInfo {
String[] attributes = Utils.split(output, Utils.PARAM_DELIMITER);
version = attributes[0].replaceAll(".*=", "");
supportsECKey = Boolean.valueOf(attributes[1].replaceAll(".*=", ""));
supportsSNI = Boolean.valueOf(attributes[2].replaceAll(".*=", ""));
supportsALPN = Boolean.valueOf(attributes[3].replaceAll(".*=", ""));
supportedProtocols = attributes[1].replaceAll(".*=", "");
supportedCipherSuites = attributes[2].replaceAll(".*=", "");
supportsSNI = Boolean.valueOf(attributes[3].replaceAll(".*=", ""));
supportsALPN = Boolean.valueOf(attributes[4].replaceAll(".*=", ""));
}
// Determines the specific attributes for the specified JDK.
@ -83,10 +85,11 @@ public class JdkInfo {
return true;
}
public boolean supportsProtocol(Protocol protocol) {
return supportedProtocols.contains(protocol.name);
}
public boolean supportsCipherSuite(CipherSuite cipherSuite) {
JdkRelease jdkRelease = JdkRelease.getRelease(version);
return cipherSuite.startJdk.sequence <= jdkRelease.sequence
&& (cipherSuite.endJdk == null
|| cipherSuite.endJdk.sequence >= jdkRelease.sequence);
return supportedCipherSuites.contains(cipherSuite.name());
}
}

53
test/jdk/javax/net/ssl/compatibility/JdkUtils.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,10 +21,11 @@
* questions.
*/
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocketFactory;
/*
* This class is used for returning some specific JDK information.
@ -32,7 +33,8 @@ import javax.net.ssl.SSLParameters;
public class JdkUtils {
public static final String JAVA_RUNTIME_VERSION = "javaRuntimeVersion";
public static final String SUPPORTS_EC_KEY = "supportsECKey";
public static final String SUPPORTED_PROTOCOLS = "supportedProtocols";
public static final String SUPPORTED_CIPHER_SUITES = "supportedCipherSuites";
public static final String SUPPORTS_SNI = "supportsSNI";
public static final String SUPPORTS_ALPN = "supportsALPN";
@ -41,15 +43,39 @@ public class JdkUtils {
return System.getProperty("java.runtime.version");
}
// Checks if EC key algorithm is supported by the JDK build.
private static boolean supportsECKey() {
boolean isSupported = true;
try {
KeyFactory.getInstance("EC");
} catch (NoSuchAlgorithmException e) {
isSupported = false;
private static String supportedProtocols() {
StringBuilder protocols = new StringBuilder();
for (String protocol : new String[] {
"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" }) {
if (supportsProtocol(protocol)) {
protocols.append(protocol).append(Utils.VALUE_DELIMITER);
}
}
return isSupported;
return protocols.toString().substring(
0, protocols.toString().length() - 1);
}
private static boolean supportsProtocol(String protocol) {
boolean supported = true;
try {
SSLContext.getInstance(protocol);
} catch (NoSuchAlgorithmException e) {
supported = false;
}
return supported;
}
private static String supportedCipherSuites() {
StringBuilder cipherSuites = new StringBuilder();
String[] supportedCipherSuites = ((SSLSocketFactory) SSLSocketFactory
.getDefault()).getSupportedCipherSuites();
for (int i = 0; i < supportedCipherSuites.length - 1; i++) {
cipherSuites.append(supportedCipherSuites[i])
.append(Utils.VALUE_DELIMITER);
}
cipherSuites.append(
supportedCipherSuites[supportedCipherSuites.length - 1]);
return cipherSuites.toString();
}
// Checks if SNI is supported by the JDK build.
@ -74,10 +100,11 @@ public class JdkUtils {
return isSupported;
}
public static void main(String[] args) {
public static void main(String[] args) throws NoSuchAlgorithmException {
System.out.print(Utils.join(Utils.PARAM_DELIMITER,
attr(JAVA_RUNTIME_VERSION, javaRuntimeVersion()),
attr(SUPPORTS_EC_KEY, supportsECKey()),
attr(SUPPORTED_PROTOCOLS, supportedProtocols()),
attr(SUPPORTED_CIPHER_SUITES, supportedCipherSuites()),
attr(SUPPORTS_SNI, supportsSNI()),
attr(SUPPORTS_ALPN, supportsALPN())));
}

252
test/jdk/javax/net/ssl/compatibility/Parameter.java

@ -1,252 +0,0 @@
/*
* Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* A tagging interface that all TLS communication parameters must implement.
*/
public interface Parameter { }
/* The followings are TLS communication parameters. */
enum Protocol implements Parameter {
SSLV3_0(3, "SSLv3"),
TLSV1_0(4, "TLSv1"),
TLSV1_1(5, "TLSv1.1"),
TLSV1_2(6, "TLSv1.2");
public final int sequence;
public final String version;
private Protocol(int sequence, String version) {
this.sequence = sequence;
this.version = version;
}
static Protocol getProtocol(String version) {
for (Protocol protocol : values()) {
if (protocol.version.equals(version)) {
return protocol;
}
}
return null;
}
static Protocol[] getMandatoryValues() {
return new Protocol[] { TLSV1_0, TLSV1_1, TLSV1_2 };
}
}
enum CipherSuite implements Parameter {
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_RSA_WITH_AES_256_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(),
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(),
TLS_RSA_WITH_AES_256_CBC_SHA(),
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(),
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(),
TLS_DHE_RSA_WITH_AES_256_CBC_SHA(),
TLS_DHE_DSS_WITH_AES_256_CBC_SHA(),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_RSA_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK7),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(),
TLS_RSA_WITH_AES_128_CBC_SHA(),
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
Protocol.SSLV3_0, JdkRelease.JDK7),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA(),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA(),
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_RSA_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_RSA_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
Protocol.TLSV1_2, JdkRelease.JDK8),
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(),
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(),
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(),
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(),
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(),
TLS_ECDHE_RSA_WITH_RC4_128_SHA(),
TLS_ECDH_ECDSA_WITH_RC4_128_SHA(),
TLS_ECDH_RSA_WITH_RC4_128_SHA(),
SSL_RSA_WITH_RC4_128_SHA(),
SSL_RSA_WITH_3DES_EDE_CBC_SHA(),
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
Protocol.SSLV3_0, JdkRelease.JDK7),
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
Protocol.SSLV3_0, JdkRelease.JDK7),
SSL_RSA_WITH_RC4_128_MD5(
Protocol.SSLV3_0, JdkRelease.JDK7);
private static final boolean FULL_CIPHER_SUITES
= Utils.getBoolProperty("fullCipherSuites");
final Protocol startProtocol;
final Protocol endProtocol;
final JdkRelease startJdk;
final JdkRelease endJdk;
private CipherSuite(
Protocol startProtocol, Protocol endProtocol,
JdkRelease startJdk, JdkRelease endJdk) {
this.startProtocol = startProtocol;
this.endProtocol = endProtocol;
this.startJdk = startJdk;
this.endJdk = endJdk;
}
private CipherSuite(Protocol startProtocol, JdkRelease startJdk) {
this(startProtocol, null, startJdk, null);
}
private CipherSuite() {
this(Protocol.TLSV1_0, null, JdkRelease.JDK7, null);
}
boolean supportedByProtocol(Protocol protocol) {
return startProtocol.sequence <= protocol.sequence
&& (endProtocol == null || endProtocol.sequence >= protocol.sequence);
}
static CipherSuite[] getMandatoryValues() {
return FULL_CIPHER_SUITES
? values()
: new CipherSuite[] {
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 };
}
static CipherSuite getCipherSuite(String name) {
for (CipherSuite cipherSuite : values()) {
if (cipherSuite.name().equals(name)) {
return cipherSuite;
}
}
return null;
}
}
enum ClientAuth implements Parameter {
FALSE,
TRUE;
static ClientAuth[] getMandatoryValues() {
return new ClientAuth[] { TRUE };
}
}
enum ServerName implements Parameter {
NONE(null),
EXAMPLE("www.example.com");
final String name;
private ServerName(String name) {
this.name = name;
}
static ServerName[] getMandatoryValues() {
return new ServerName[] { EXAMPLE };
}
}
enum AppProtocol implements Parameter {
NONE(null, null),
EXAMPLE(new String[] { Utils.HTTP_2, Utils.HTTP_1_1 }, Utils.HTTP_2);
final String[] appProtocols;
// Expected negotiated application protocol
final String negoAppProtocol;
private AppProtocol(String[] appProtocols, String negoAppProtocol) {
this.appProtocols = appProtocols;
this.negoAppProtocol = negoAppProtocol;
}
static AppProtocol[] getMandatoryValues() {
return new AppProtocol[] { EXAMPLE };
}
}

12
test/jdk/javax/net/ssl/compatibility/README

@ -1,4 +1,4 @@
# Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@ -21,10 +21,10 @@
##### Summary #####
This test is used to check the interop compatibility on JSSE among different
JDK releases. The oldest version supported by the test is JDK 6. Some of Java
source files, JdkUtils.java, Parameter.java, Server.java, and Client.java, use
only JDK 6-compliant language features and APIs, in order to allowing different
JDK releases can load and run associated classes.
JDK releases. The oldest version supported by the test is JDK 7. Some of Java
source files, JdkUtils.java, Server.java, and Client.java, use only JDK 7-compliant
language features and APIs, in order to allowing different JDK releases can load
and run associated classes.
##### Output #####
The test can generate a report at $JTREG_WORKDIR/scratch/report.html to display
@ -78,7 +78,7 @@ jtreg [-options] \
Besides the common jtreg options, like -jdk, this test introduces some more
properties:
debug
It indicates if the test enable -Djavax.net.ssl=debug. This is a boolean
It indicates if the test enable -Djavax.net.debug=all. This is a boolean
property, and the default value is false.
It is not mandatory.

16
test/jdk/javax/net/ssl/compatibility/Server.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -120,7 +120,7 @@ public class Server {
Status status = Status.SUCCESS;
Server server = null;
try {
server = new Server(Cert.getCerts(cipherSuite));
server = new Server(Cert.getCerts(CipherSuite.cipherSuite(cipherSuite)));
System.out.println("port=" + server.getPort());
server.setNeedClientAuth(clientAuth);
server.setEnabledProtocols(protocol);
@ -146,16 +146,20 @@ public class Server {
server.close();
}
// Cleanups port log.
if (!new File(Utils.PORT_LOG).delete()) {
throw new RuntimeException("Cannot delete port log");
}
deletePortFile();
}
System.out.println("STATUS: " + status);
System.out.println("----- Server end -----");
}
private static void deletePortFile() {
File portFile = new File(Utils.PORT_LOG);
if (portFile.exists() && !portFile.delete()) {
throw new RuntimeException("Cannot delete port log");
}
}
private static void savePort(int port) throws IOException {
FileWriter writer = null;
try {

138
test/jdk/javax/net/ssl/compatibility/UseCase.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,16 +32,119 @@ public class UseCase {
private static final boolean FULL_CASES
= Utils.getBoolProperty("fullCases");
private static final Parameter[][] PARAMS = new Parameter[][] {
FULL_CASES ? Protocol.values() : Protocol.getMandatoryValues(),
FULL_CASES ? CipherSuite.values() : CipherSuite.getMandatoryValues(),
FULL_CASES ? ClientAuth.values() : ClientAuth.getMandatoryValues(),
FULL_CASES ? ServerName.values() : ServerName.getMandatoryValues(),
FULL_CASES ? AppProtocol.values() : AppProtocol.getMandatoryValues() };
public static final boolean FULL_CIPHER_SUITES
= Utils.getBoolProperty("fullCipherSuites");
public static final Protocol[] PROTOCOLS = new Protocol[] {
Protocol.TLSV1,
Protocol.TLSV1_1,
Protocol.TLSV1_2,
Protocol.TLSV1_3 };
public static final CipherSuite[] CIPHER_SUITES = new CipherSuite[] {
CipherSuite.TLS_AES_128_GCM_SHA256,
CipherSuite.TLS_AES_256_GCM_SHA384,
CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
CipherSuite.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
CipherSuite.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 };
public static final CipherSuite[] MANDATORY_CIPHER_SUITES = new CipherSuite[] {
CipherSuite.TLS_AES_128_GCM_SHA256,
CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 };
enum ServerName {
NONE(null),
EXAMPLE("EXAMPLE");
final String name;
private ServerName(String name) {
this.name = name;
}
}
enum AppProtocol {
NONE(null, null),
EXAMPLE(new String[] { Utils.HTTP_2, Utils.HTTP_1_1 }, Utils.HTTP_2);
final String[] appProtocols;
// Expected negotiated application protocol
final String negoAppProtocol;
private AppProtocol(String[] appProtocols, String negoAppProtocol) {
this.appProtocols = appProtocols;
this.negoAppProtocol = negoAppProtocol;
}
}
private static final Object[][] PARAMS = new Object[][] {
FULL_CASES ? PROTOCOLS : PROTOCOLS,
FULL_CASES ? CIPHER_SUITES : MANDATORY_CIPHER_SUITES,
FULL_CASES ? new Boolean[] { false, true } : new Boolean[] { true },
FULL_CASES
? new ServerName[] { ServerName.NONE, ServerName.EXAMPLE }
: new ServerName[] { ServerName.EXAMPLE },
FULL_CASES
? new AppProtocol[] {
AppProtocol.NONE,
AppProtocol.EXAMPLE }
: new AppProtocol[] {
AppProtocol.EXAMPLE } };
public final Protocol protocol;
public final CipherSuite cipherSuite;
public final ClientAuth clientAuth;
public final Boolean clientAuth;
public final ServerName serverName;
public final AppProtocol appProtocol;
@ -50,7 +153,7 @@ public class UseCase {
public UseCase(
Protocol protocol,
CipherSuite cipherSuite,
ClientAuth clientAuth,
boolean clientAuth,
ServerName serverName,
AppProtocol appProtocol) {
this.protocol = protocol;
@ -62,15 +165,10 @@ public class UseCase {
negativeCase = !cipherSuite.supportedByProtocol(protocol);
}
// JDK 6 doesn't support EC key algorithm.
public boolean ignoredByJdk(JdkInfo jdkInfo) {
return cipherSuite.name().contains("_EC") && !jdkInfo.supportsECKey;
}
@Override
public String toString() {
return Utils.join(Utils.PARAM_DELIMITER,
"Protocol=" + protocol.version,
"Protocol=" + protocol.name,
"CipherSuite=" + cipherSuite,
"ClientAuth=" + clientAuth,
"ServerName=" + serverName,
@ -79,12 +177,12 @@ public class UseCase {
public static List<UseCase> getAllUseCases() {
List<UseCase> useCases = new ArrayList<>();
getUseCases(PARAMS, 0, new Parameter[PARAMS.length], useCases);
getUseCases(PARAMS, 0, new Object[PARAMS.length], useCases);
return useCases;
}
private static void getUseCases(Parameter[][] params, int index,
Parameter[] currentValues, List<UseCase> useCases) {
private static void getUseCases(Object[][] params, int index,
Object[] currentValues, List<UseCase> useCases) {
if (index == params.length) {
Protocol protocol = (Protocol) currentValues[0];
CipherSuite cipherSuite = (CipherSuite) currentValues[1];
@ -92,12 +190,12 @@ public class UseCase {
UseCase useCase = new UseCase(
protocol,
cipherSuite,
(ClientAuth) currentValues[2],
(Boolean) currentValues[2],
(ServerName) currentValues[3],
(AppProtocol) currentValues[4]);
useCases.add(useCase);
} else {
Parameter[] values = params[index];
Object[] values = params[index];
for (int i = 0; i < values.length; i++) {
currentValues[index] = values[i];
getUseCases(params, index + 1, currentValues, useCases);

12
test/jdk/javax/net/ssl/compatibility/Utils.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -124,19 +124,11 @@ public class Utils {
PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(
hexToBytes(cert.privKeyMaterials));
KeyFactory keyFactory = KeyFactory.getInstance(
getKeyAlgorithm(cert.signatureAlgorithm));
cert.keyAlgorithm.name);
PrivateKey privKey = keyFactory.generatePrivate(privKeySpec);
return privKey;
}
private static String getKeyAlgorithm(
SignatureAlgorithm signatureAlgorithm) {
String signatureAlogrithmName = signatureAlgorithm.name();
return signatureAlogrithmName.equals(SignatureAlgorithm.ECDSA.name())
? "EC"
: signatureAlogrithmName;
}
public static byte[] hexToBytes(String hex) {
if (hex == null) {
return null;