From df6fbdb2af45950db1b52ed86e860f0ebdd8d067 Mon Sep 17 00:00:00 2001 From: John Jiang Date: Fri, 28 Jun 2019 05:29:54 +0800 Subject: [PATCH 1/7] 8224650: Add tests to support X25519 and X448 in TLS Reviewed-by: xuelei --- .../net/ssl/templates/SSLSocketTemplate.java | 789 ++++++++++-------- .../NamedGroupsWithCipherSuite.java | 185 ++++ 2 files changed, 623 insertions(+), 351 deletions(-) create mode 100644 test/jdk/sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java diff --git a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java index 354ee8adde8..961ab69338b 100644 --- a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java +++ b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java @@ -131,10 +131,7 @@ public class SSLSocketTemplate { * Create an instance of SSLContext for client use. */ protected SSLContext createClientSSLContext() throws Exception { - return createSSLContext(trustedCertStrs, - endEntityCertStrs, endEntityPrivateKeys, - endEntityPrivateKeyAlgs, - endEntityPrivateKeyNames, + return createSSLContext(TRUSTED_CERTS, END_ENTITY_CERTS, getClientContextParameters()); } @@ -142,10 +139,7 @@ public class SSLSocketTemplate { * Create an instance of SSLContext for server use. */ protected SSLContext createServerSSLContext() throws Exception { - return createSSLContext(trustedCertStrs, - endEntityCertStrs, endEntityPrivateKeys, - endEntityPrivateKeyAlgs, - endEntityPrivateKeyNames, + return createSSLContext(TRUSTED_CERTS, END_ENTITY_CERTS, getServerContextParameters()); } @@ -362,330 +356,24 @@ public class SSLSocketTemplate { * Certificates and keys used in the test. */ // Trusted certificates. - private final static String[] trustedCertStrs = { - // SHA256withECDSA, curve prime256v1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Subject Key Identifier: - // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 - "-----BEGIN CERTIFICATE-----\n" + - "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" + - "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" + - "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" + - "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" + - "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" + - "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" + - "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" + - "2YEHlSQUAbwwqCDEVB5KxaqP\n" + - "-----END CERTIFICATE-----", - // -----BEGIN PRIVATE KEY----- - // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd - // XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd - // LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp - // -----END PRIVATE KEY----- - - // SHA256withRSA, 2048 bits - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Subject Key Identifier: - // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C - "-----BEGIN CERTIFICATE-----\n" + - "MIIDSTCCAjGgAwIBAgIJAI4ZF3iy8zG+MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpMcY7aWieXDEM1/YJf\n" + - "JW27b4nRIFZyEYhEloyGsKTuQiiQjc8cqRZFNXe2vwziDB4IyTEl0Hjl5QF6ZaQE\n" + - "huPzzwvQm1pv64KrRXrmj3FisQK8B5OWLty9xp6xDqsaMRoyObLK+oIb20T5fSlE\n" + - "evmo1vYjnh8CX0Yzx5Gr5ye6YSEHQvYOWEws8ad17OlyToR2KMeC8w4qo6rs59pW\n" + - "g7Mxn9vo22ImDzrtAbTbXbCias3xlE0Bp0h5luyf+5U4UgksoL9B9r2oP4GrLNEV\n" + - "oJk57t8lwaR0upiv3CnS8LcJELpegZub5ggqLY8ZPYFQPjlK6IzLOm6rXPgZiZ3m\n" + - "RL0CAwEAAaNQME4wHQYDVR0OBBYEFA3dk8n+S701t+iZeJD721o92xVMMB8GA1Ud\n" + - "IwQYMBaAFA3dk8n+S701t+iZeJD721o92xVMMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" + - "hvcNAQELBQADggEBAJTRC3rKUUhVH07/1+stUungSYgpM08dY4utJq0BDk36BbmO\n" + - "0AnLDMbkwFdHEoqF6hQIfpm7SQTmXk0Fss6Eejm8ynYr6+EXiRAsaXOGOBCzF918\n" + - "/RuKOzqABfgSU4UBKECLM5bMfQTL60qx+HdbdVIpnikHZOFfmjCDVxoHsGyXc1LW\n" + - "Jhkht8IGOgc4PMGvyzTtRFjz01kvrVQZ75aN2E0GQv6dCxaEY0i3ypSzjUWAKqDh\n" + - "3e2OLwUSvumcdaxyCdZAOUsN6pDBQ+8VRG7KxnlRlY1SMEk46QgQYLbPDe/+W/yH\n" + - "ca4PejicPeh+9xRAwoTpiE2gulfT7Lm+fVM7Ruc=\n" + - "-----END CERTIFICATE-----", - // -----BEGIN PRIVATE KEY----- - // MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6THGO2lonlwxD - // Nf2CXyVtu2+J0SBWchGIRJaMhrCk7kIokI3PHKkWRTV3tr8M4gweCMkxJdB45eUB - // emWkBIbj888L0Jtab+uCq0V65o9xYrECvAeTli7cvcaesQ6rGjEaMjmyyvqCG9tE - // +X0pRHr5qNb2I54fAl9GM8eRq+cnumEhB0L2DlhMLPGndezpck6EdijHgvMOKqOq - // 7OfaVoOzMZ/b6NtiJg867QG0212womrN8ZRNAadIeZbsn/uVOFIJLKC/Qfa9qD+B - // qyzRFaCZOe7fJcGkdLqYr9wp0vC3CRC6XoGbm+YIKi2PGT2BUD45SuiMyzpuq1z4 - // GYmd5kS9AgMBAAECggEAFHSoU2MuWwJ+2jJnb5U66t2V1bAcuOE1g5zkWvG/G5z9 - // rq6Qo5kmB8f5ovdx6tw3MGUOklLwnRXBG3RxDJ1iokz3AvkY1clMNsDPlDsUrQKF - // JSO4QUBQTPSZhnsyfR8XHSU+qJ8Y+ohMfzpVv95BEoCzebtXdVgxVegBlcEmVHo2 - // kMmkRN+bYNsr8eb2r+b0EpyumS39ZgKYh09+cFb78y3T6IFMGcVJTP6nlGBFkmA/ - // 25pYeCF2tSki08qtMJZQAvKfw0Kviibk7ZxRbJqmc7B1yfnOEHP6ftjuvKl2+RP/ - // +5P5f8CfIP6gtA0LwSzAqQX/hfIKrGV5j0pCqrD0kQKBgQDeNR6Xi4sXVq79lihO - // a1bSeV7r8yoQrS8x951uO+ox+UIZ1MsAULadl7zB/P0er92p198I9M/0Jth3KBuS - // zj45mucvpiiGvmQlMKMEfNq4nN7WHOu55kufPswQB2mR4J3xmwI+4fM/nl1zc82h - // De8JSazRldJXNhfx0RGFPmgzbwKBgQDWoVXrXLbCAn41oVnWB8vwY9wjt92ztDqJ - // HMFA/SUohjePep9UDq6ooHyAf/Lz6oE5NgeVpPfTDkgvrCFVKnaWdwALbYoKXT2W - // 9FlyJox6eQzrtHAacj3HJooXWuXlphKSizntfxj3LtMR9BmrmRJOfK+SxNOVJzW2 - // +MowT20EkwKBgHmpB8jdZBgxI7o//m2BI5Y1UZ1KE5vx1kc7VXzHXSBjYqeV9FeF - // 2ZZLP9POWh/1Fh4pzTmwIDODGT2UPhSQy0zq3O0fwkyT7WzXRknsuiwd53u/dejg - // iEL2NPAJvulZ2+AuiHo5Z99LK8tMeidV46xoJDDUIMgTG+UQHNGhK5gNAoGAZn/S - // Cn7SgMC0CWSvBHnguULXZO9wH1wZAFYNLL44OqwuaIUFBh2k578M9kkke7woTmwx - // HxQTjmWpr6qimIuY6q6WBN8hJ2Xz/d1fwhYKzIp20zHuv5KDUlJjbFfqpsuy3u1C - // kts5zwI7pr1ObRbDGVyOdKcu7HI3QtR5qqyjwaUCgYABo7Wq6oHva/9V34+G3Goh - // 63bYGUnRw2l5BD11yhQv8XzGGZFqZVincD8gltNThB0Dc/BI+qu3ky4YdgdZJZ7K - // z51GQGtaHEbrHS5caV79yQ8QGY5mUVH3E+VXSxuIqb6pZq2DH4sTAEFHyncddmOH - // zoXBInYwRG9KE/Bw5elhUw== - // -----END PRIVATE KEY----- - - // SHA256withDSA, 2048 bits - // Validity - // Not Before: May 22 07:18:18 2018 GMT - // Not After : May 17 07:18:18 2038 GMT - // Subject Key Identifier: - // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53 - "-----BEGIN CERTIFICATE-----\n" + - "MIIErjCCBFSgAwIBAgIJAOktYLNCbr02MAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + - "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" + - "Y2UwHhcNMTgwNTIyMDcxODE4WhcNMzgwNTE3MDcxODE4WjA7MQswCQYDVQQGEwJV\n" + - "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Uw\n" + - "ggNHMIICOQYHKoZIzjgEATCCAiwCggEBAO5GyPhSm0ze3LSu+gicdULLj05iOfTL\n" + - "UvZQ29sYz41zmqrLBQbdKiHqgJu2Re9sgTb5suLNjF047TOLPnU3jhPtWm2X8Xzi\n" + - "VGIcHym/Q/MeZxStt/88seqroI3WOKzIML2GcrishT+lcGrtH36Tf1+ue2Snn3PS\n" + - "WyxygNqPjllP5uUjYmFLvAf4QLMldkd/D2VxcwsHjB8y5iUZsXezc/LEhRZS/02m\n" + - "ivqlRw3AMkq/OVe/ZtxFWsP0nsfxEGdZuaUFpppGfixxFvymrB3+J51cTt+pZBDq\n" + - "D2y0DYfc+88iCs4jwHTfcDIpLb538HBjBj2rEgtQESQmB0ooD/+wsPsCIQC1bYch\n" + - "gElNtDYL3FgpLgNSUYp7gIWv9ehaC7LO2z7biQKCAQBitvFOnDkUja8NAF7lDpOV\n" + - "b5ipQ8SicBLW3kQamxhyuyxgZyy/PojZ/oPorkqW/T/A0rhnG6MssEpAtdiwVB+c\n" + - "rBYGo3bcwmExJhdOJ6dYuKFppPWhCwKMHs9npK+lqBMl8l5j58xlcFeC7ZfGf8GY\n" + - "GkhFW0c44vEQhMMbac6ZTTP4mw+1t7xJfmDMlLEyIpTXaAAk8uoVLWzQWnR40sHi\n" + - "ybvS0u3JxQkb7/y8tOOZu8qlz/YOS7lQ6UxUGX27Ce1E0+agfPphetoRAlS1cezq\n" + - "Wa7r64Ga0nkj1kwkcRqjgTiJx0NwnUXr78VAXFhVF95+O3lfqhvdtEGtkhDGPg7N\n" + - "A4IBBgACggEBAMmSHQK0w2i+iqUjOPzn0yNEZrzepLlLeQ1tqtn0xnlv5vBAeefD\n" + - "Pm9dd3tZOjufVWP7hhEz8xPobb1CS4e3vuQiv5UBfhdPL3f3l9T7JMAKPH6C9Vve\n" + - "OQXE5eGqbjsySbcmseHoYUt1WCSnSda1opX8zchX04e7DhGfE2/L9flpYEoSt8lI\n" + - "vMNjgOwvKdW3yvPt1/eBBHYNFG5gWPv/Q5KoyCtHS03uqGm4rNc/wZTIEEfd66C+\n" + - "QRaUltjOaHmtwOdDHaNqwhYZSVOip+Mo+TfyzHFREcdHLapo7ZXqbdYkRGxRR3d+\n" + - "3DfHaraJO0OKoYlPkr3JMvM/MSGR9AnZOcejUDBOMB0GA1UdDgQWBBR2Zp73O91F\n" + - "5TvZcjw/8FQ5hjEmUzAfBgNVHSMEGDAWgBR2Zp73O91F5TvZcjw/8FQ5hjEmUzAM\n" + - "BgNVHRMEBTADAQH/MAsGCWCGSAFlAwQDAgNHADBEAiBzriYE41M2y9Hy5ppkL0Qn\n" + - "dIlNc8JhXT/PHW7GDtViagIgMko8Qoj9gDGPK3+O9E8DC3wGiiF9CObM4LN387ok\n" + - "J+g=\n" + - "-----END CERTIFICATE-----" - // -----BEGIN PRIVATE KEY----- - // MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQDuRsj4UptM3ty0rvoInHVCy49O - // Yjn0y1L2UNvbGM+Nc5qqywUG3Soh6oCbtkXvbIE2+bLizYxdOO0ziz51N44T7Vpt - // l/F84lRiHB8pv0PzHmcUrbf/PLHqq6CN1jisyDC9hnK4rIU/pXBq7R9+k39frntk - // p59z0lsscoDaj45ZT+blI2JhS7wH+ECzJXZHfw9lcXMLB4wfMuYlGbF3s3PyxIUW - // Uv9Npor6pUcNwDJKvzlXv2bcRVrD9J7H8RBnWbmlBaaaRn4scRb8pqwd/iedXE7f - // qWQQ6g9stA2H3PvPIgrOI8B033AyKS2+d/BwYwY9qxILUBEkJgdKKA//sLD7AiEA - // tW2HIYBJTbQ2C9xYKS4DUlGKe4CFr/XoWguyzts+24kCggEAYrbxTpw5FI2vDQBe - // 5Q6TlW+YqUPEonAS1t5EGpsYcrssYGcsvz6I2f6D6K5Klv0/wNK4ZxujLLBKQLXY - // sFQfnKwWBqN23MJhMSYXTienWLihaaT1oQsCjB7PZ6SvpagTJfJeY+fMZXBXgu2X - // xn/BmBpIRVtHOOLxEITDG2nOmU0z+JsPtbe8SX5gzJSxMiKU12gAJPLqFS1s0Fp0 - // eNLB4sm70tLtycUJG+/8vLTjmbvKpc/2Dku5UOlMVBl9uwntRNPmoHz6YXraEQJU - // tXHs6lmu6+uBmtJ5I9ZMJHEao4E4icdDcJ1F6+/FQFxYVRfefjt5X6ob3bRBrZIQ - // xj4OzQQjAiEAsceWOM8do4etxp2zgnoNXV8PUUyqWhz1+0srcKV7FR4= - // -----END PRIVATE KEY----- - }; + protected final static Cert[] TRUSTED_CERTS = { + Cert.CA_ECDSA_SECP256R1, + Cert.CA_RSA_2048, + Cert.CA_DSA_2048 }; // End entity certificate. - private final static String[] endEntityCertStrs = { - // SHA256withECDSA, curve prime256v1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Authority Key Identifier: - // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 - "-----BEGIN CERTIFICATE-----\n" + - "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" + - "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" + - "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" + - "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" + - "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" + - "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" + - "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" + - "-----END CERTIFICATE-----", - - // SHA256withRSA, 2048 bits - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Authority Key Identifier: - // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C - "-----BEGIN CERTIFICATE-----\n" + - "MIIDNjCCAh6gAwIBAgIJAO2+yPcFryUTMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n" + - "AQ8AMIIBCgKCAQEAszfBobWfZIp8AgC6PiWDDavP65mSvgCXUGxACbxVNAfkLhNR\n" + - "QOsHriRB3X1Q3nvO9PetC6wKlvE9jlnDDj7D+1j1r1CHO7ms1fq8rfcQYdkanDtu\n" + - "4AlHo8v+SSWX16MIXFRYDj2VVHmyPtgbltcg4zGAuwT746FdLI94uXjJjq1IOr/v\n" + - "0VIlwE5ORWH5Xc+5Tj+oFWK0E4a4GHDgtKKhn2m72hN56/GkPKGkguP5NRS1qYYV\n" + - "/EFkdyQMOV8J1M7HaicSft4OL6eKjTrgo93+kHk+tv0Dc6cpVBnalX3TorG8QI6B\n" + - "cHj1XQd78oAlAC+/jF4pc0mwi0un49kdK9gRfQIDAQABoyMwITAfBgNVHSMEGDAW\n" + - "gBQN3ZPJ/ku9NbfomXiQ+9taPdsVTDANBgkqhkiG9w0BAQsFAAOCAQEApXS0nKwm\n" + - "Kp8gpmO2yG1rpd1+2wBABiMU4JZaTqmma24DQ3RzyS+V2TeRb29dl5oTUEm98uc0\n" + - "GPZvhK8z5RFr4YE17dc04nI/VaNDCw4y1NALXGs+AHkjoPjLyGbWpi1S+gfq2sNB\n" + - "Ekkjp6COb/cb9yiFXOGVls7UOIjnVZVd0r7KaPFjZhYh82/f4PA/A1SnIKd1+nfH\n" + - "2yk7mSJNC7Z3qIVDL8MM/jBVwiC3uNe5GPB2uwhd7k5LGAVN3j4HQQGB0Sz+VC1h\n" + - "92oi6xDa+YBva2fvHuCd8P50DDjxmp9CemC7rnZ5j8egj88w14X44Xjb/Fd/ApG9\n" + - "e57NnbT7KM+Grw==\n" + - "-----END CERTIFICATE-----", - - // SHA256withRSA, curv prime256v1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 21 07:18:16 2028 GMT - // Authority Key Identifier: - // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C - "-----BEGIN CERTIFICATE-----\n" + - "MIICazCCAVOgAwIBAgIJAO2+yPcFryUUMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0yODA1MjEwNzE4MTZaMFUxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" + - "AQcDQgAE59MERNTlVZ1eeps8Z3Oue5ZkgQdPtD+WIE6tj3PbIKpxGPDxvfNP959A\n" + - "yQjEK/ehWQVrCMmNoEkIzY+IIBgB06MjMCEwHwYDVR0jBBgwFoAUDd2Tyf5LvTW3\n" + - "6Jl4kPvbWj3bFUwwDQYJKoZIhvcNAQELBQADggEBAFOTVEqs70ykhZiIdrEsF1Ra\n" + - "I3B2rLvwXZk52uSltk2/bzVvewA577ZCoxQ1pL7ynkisPfBN1uVYtHjM1VA3RC+4\n" + - "+TAK78dnI7otYjWoHp5rvs4l6c/IbOspS290IlNuDUxMErEm5wxIwj+Aukx/1y68\n" + - "hOyCvHBLMY2c1LskH1MMBbDuS1aI+lnGpToi+MoYObxGcV458vxuT8+wwV8Fkpvd\n" + - "ll8IIFmeNPRv+1E+lXbES6CSNCVaZ/lFhPgdgYKleN7sfspiz50DG4dqafuEAaX5\n" + - "xaK1NWXJxTRz0ROH/IUziyuDW6jphrlgit4+3NCzp6vP9hAJQ8Vhcj0n15BKHIQ=\n" + - "-----END CERTIFICATE-----", - - // SHA256withDSA, 2048 bits - // Validity - // Not Before: May 22 07:18:20 2018 GMT - // Not After : May 17 07:18:20 2038 GMT - // Authority Key Identifier: - // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53 - "-----BEGIN CERTIFICATE-----\n" + - "MIIEnDCCBEGgAwIBAgIJAP/jh1qVhNVjMAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + - "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" + - "Y2UwHhcNMTgwNTIyMDcxODIwWhcNMzgwNTE3MDcxODIwWjBVMQswCQYDVQQGEwJV\n" + - "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Ux\n" + - "GDAWBgNVBAMMD1JlZ3Jlc3Npb24gVGVzdDCCA0cwggI6BgcqhkjOOAQBMIICLQKC\n" + - "AQEAmlavgoJrMcjqWRVcDE2dmWAPREgnzQvneEDef68cprDzjSwvOs5QeFyx75ib\n" + - "ado1e6jO/rW1prCGWHDD1oA/Tn4Pk3vu0nUxzvl1qATc+aJbpUU5Op0bvp6LbCsQ\n" + - "QslV9FeRh7Eb7bP6gpc/kHCBzEgC1VCK7prccXWy+t6SMOHbND3h+UbckfSaUuaV\n" + - "sVJNTD1D6GElfRj4Nmz1BGPfSYvKorwNZEU3gXwFgtDoAcGx7tcyClLpDHfqRfw/\n" + - "7yiqLyeiP7D4hl5lMNouJWDlAdMFp0FMgS3s9VDFinIcr6VtBWMTG7+4+czHAB+3\n" + - "fvrwlqNzhBn3uFHrekN/w8fNxwIhAJo7Sae1za7IMW0Q6hE5B4b+s2B/FaKPoA4E\n" + - "jtZu13B9AoIBAQCOZqLMKfvqZWUgT0PQ3QjR7dAFdd06I9Y3+TOQzZk1+j+vw/6E\n" + - "X4vFItX4gihb/u5Q9CdmpwhVGi7bvo+7+/IKeTgoQ6f5+PSug7SrWWUQ5sPwaZui\n" + - "zXZJ5nTeZDucFc2yFx0wgnjbPwiUxZklOT7xGiOMtzOTa2koCz5KuIBL+/wPKKxm\n" + - "ypo9VoY9xfbdU6LMXZv/lpD5XTM9rYHr/vUTNkukvV6Hpm0YMEWhVZKUJiqCqTqG\n" + - "XHaleOxSw6uQWB/+TznifcC7gB48UOQjCqOKf5VuwQneJLhlhU/jhRV3xtr+hLZa\n" + - "hW1wYhVi8cjLDrZFKlgEQqhB4crnJU0mJY+tA4IBBQACggEAID0ezl00/X8mv7eb\n" + - "bzovum1+DEEP7FM57k6HZEG2N3ve4CW+0m9Cd+cWPz8wkZ+M0j/Eqa6F0IdbkXEc\n" + - "Q7CuzvUyJ57xQ3L/WCgXsiS+Bh8O4Mz7GwW22CGmHqafbVv+hKBfr8MkskO6GJUt\n" + - "SUF/CVLzB4gMIvZMH26tBP2xK+i7FeEK9kT+nGdzQSZBAhFYpEVCBplHZO24/OYq\n" + - "1DNoU327nUuXIhmsfA8N0PjiWbIZIjTPwBGr9H0LpATI7DIDNcvRRvtROP+pBU9y\n" + - "fuykPkptg9C0rCM9t06bukpOSaEz/2VIQdLE8fHYFA6pHZ6CIc2+5cfvMgTPhcjz\n" + - "W2jCt6MjMCEwHwYDVR0jBBgwFoAUdmae9zvdReU72XI8P/BUOYYxJlMwCwYJYIZI\n" + - "AWUDBAMCA0gAMEUCIQCeI5fN08b9BpOaHdc3zQNGjp24FOL/RxlBLeBAorswJgIg\n" + - "JEZ8DhYxQy1O7mmZ2UIT7op6epWMB4dENjs0qWPmcKo=\n" + - "-----END CERTIFICATE-----" - }; - - // Private key in the format of PKCS#8. - private final static String[] endEntityPrivateKeys = { - // - // EC private key related to cert endEntityCertStrs[0]. - // - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" + - "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" + - "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6", - - // - // RSA private key related to cert endEntityCertStrs[1]. - // - "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzN8GhtZ9kinwC\n" + - "ALo+JYMNq8/rmZK+AJdQbEAJvFU0B+QuE1FA6weuJEHdfVDee870960LrAqW8T2O\n" + - "WcMOPsP7WPWvUIc7uazV+ryt9xBh2RqcO27gCUejy/5JJZfXowhcVFgOPZVUebI+\n" + - "2BuW1yDjMYC7BPvjoV0sj3i5eMmOrUg6v+/RUiXATk5FYfldz7lOP6gVYrQThrgY\n" + - "cOC0oqGfabvaE3nr8aQ8oaSC4/k1FLWphhX8QWR3JAw5XwnUzsdqJxJ+3g4vp4qN\n" + - "OuCj3f6QeT62/QNzpylUGdqVfdOisbxAjoFwePVdB3vygCUAL7+MXilzSbCLS6fj\n" + - "2R0r2BF9AgMBAAECggEASIkPkMCuw4WdTT44IwERus3IOIYOs2IP3BgEDyyvm4B6\n" + - "JP/iihDWKfA4zEl1Gqcni1RXMHswSglXra682J4kui02Ov+vzEeJIY37Ibn2YnP5\n" + - "ZjRT2s9GtI/S2o4hl8A/mQb2IMViFC+xKehTukhV4j5d6NPKk0XzLR7gcMjnYxwn\n" + - "l21fS6D2oM1xRG/di7sL+uLF8EXLRzfiWDNi12uQv4nwtxPKvuKhH6yzHt7YqMH0\n" + - "46pmDKDaxV4w1JdycjCb6NrCJOYZygoQobuZqOQ30UZoZsPJrtovkncFr1e+lNcO\n" + - "+aWDfOLCtTH046dEQh5oCShyXMybNlry/QHsOtHOwQKBgQDh2iIjs+FPpQy7Z3EX\n" + - "DGEvHYqPjrYO9an2KSRr1m9gzRlWYxKY46WmPKwjMerYtra0GP+TBHrgxsfO8tD2\n" + - "wUAII6sd1qup0a/Sutgf2JxVilLykd0+Ge4/Cs51tCdJ8EqDV2B6WhTewOY2EGvg\n" + - "JiKYkeNwgRX/9M9CFSAMAk0hUQKBgQDLJAartL3DoGUPjYtpJnfgGM23yAGl6G5r\n" + - "NSXDn80BiYIC1p0bG3N0xm3yAjqOtJAUj9jZbvDNbCe3GJfLARMr23legX4tRrgZ\n" + - "nEdKnAFKAKL01oM+A5/lHdkwaZI9yyv+hgSVdYzUjB8rDmzeVQzo1BT7vXypt2yV\n" + - "6O1OnUpCbQKBgA/0rzDChopv6KRcvHqaX0tK1P0rYeVQqb9ATNhpf9jg5Idb3HZ8\n" + - "rrk91BNwdVz2G5ZBpdynFl9G69rNAMJOCM4KZw5mmh4XOEq09Ivba8AHU7DbaTv3\n" + - "7QL7KnbaUWRB26HHzIMYVh0el6T+KADf8NXCiMTr+bfpfbL3dxoiF3zhAoGAbCJD\n" + - "Qse1dBs/cKYCHfkSOsI5T6kx52Tw0jS6Y4X/FOBjyqr/elyEexbdk8PH9Ar931Qr\n" + - "NKMvn8oA4iA/PRrXX7M2yi3YQrWwbkGYWYjtzrzEAdzmg+5eARKAeJrZ8/bg9l3U\n" + - "ttKaItJsDPlizn8rngy3FsJpR9aSAMK6/+wOiYkCgYEA1tZkI1rD1W9NYZtbI9BE\n" + - "qlJVFi2PBOJMKNuWdouPX3HLQ72GJSQff2BFzLTELjweVVJ0SvY4IipzpQOHQOBy\n" + - "5qh/p6izXJZh3IHtvwVBjHoEVplg1b2+I5e3jDCfqnwcQw82dW5SxOJMg1h/BD0I\n" + - "qAL3go42DYeYhu/WnECMeis=", - - // - // EC private key related to cert endEntityCertStrs[2]. - // - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGVc7hICpmp91jbYe\n" + - "nrr8nYHD37RZP3VENY+szuA7WjuhRANCAATn0wRE1OVVnV56mzxnc657lmSBB0+0\n" + - "P5YgTq2Pc9sgqnEY8PG980/3n0DJCMQr96FZBWsIyY2gSQjNj4ggGAHT", - - // - // DSA private key related to cert endEntityCertStrs[3]. - // - "MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQCaVq+CgmsxyOpZFVwMTZ2ZYA9E\n" + - "SCfNC+d4QN5/rxymsPONLC86zlB4XLHvmJtp2jV7qM7+tbWmsIZYcMPWgD9Ofg+T\n" + - "e+7SdTHO+XWoBNz5olulRTk6nRu+notsKxBCyVX0V5GHsRvts/qClz+QcIHMSALV\n" + - "UIrumtxxdbL63pIw4ds0PeH5RtyR9JpS5pWxUk1MPUPoYSV9GPg2bPUEY99Ji8qi\n" + - "vA1kRTeBfAWC0OgBwbHu1zIKUukMd+pF/D/vKKovJ6I/sPiGXmUw2i4lYOUB0wWn\n" + - "QUyBLez1UMWKchyvpW0FYxMbv7j5zMcAH7d++vCWo3OEGfe4Uet6Q3/Dx83HAiEA\n" + - "mjtJp7XNrsgxbRDqETkHhv6zYH8Voo+gDgSO1m7XcH0CggEBAI5moswp++plZSBP\n" + - "Q9DdCNHt0AV13Toj1jf5M5DNmTX6P6/D/oRfi8Ui1fiCKFv+7lD0J2anCFUaLtu+\n" + - "j7v78gp5OChDp/n49K6DtKtZZRDmw/Bpm6LNdknmdN5kO5wVzbIXHTCCeNs/CJTF\n" + - "mSU5PvEaI4y3M5NraSgLPkq4gEv7/A8orGbKmj1Whj3F9t1Tosxdm/+WkPldMz2t\n" + - "gev+9RM2S6S9XoembRgwRaFVkpQmKoKpOoZcdqV47FLDq5BYH/5POeJ9wLuAHjxQ\n" + - "5CMKo4p/lW7BCd4kuGWFT+OFFXfG2v6EtlqFbXBiFWLxyMsOtkUqWARCqEHhyucl\n" + - "TSYlj60EIgIgLfA75+8KcKxdN8mr6gzGjQe7jPFGG42Ejhd7Q2F4wuw=" - }; - - // Private key algorithm of endEntityPrivateKeys. - private final static String[] endEntityPrivateKeyAlgs = { - "EC", - "RSA", - "EC", - "DSA", - }; - - // Private key names of endEntityPrivateKeys. - private final static String[] endEntityPrivateKeyNames = { - "ecdsa", - "rsa", - "ec-rsa", - "dsa", - }; + protected final static Cert[] END_ENTITY_CERTS = { + Cert.EE_ECDSA_SECP256R1, + Cert.EE_RSA_2048, + Cert.EE_EC_RSA_SECP256R1, + Cert.EE_DSA_2048 }; /* * Create an instance of SSLContext with the specified trust/key materials. */ - private SSLContext createSSLContext( - String[] trustedMaterials, - String[] keyMaterialCerts, - String[] keyMaterialKeys, - String[] keyMaterialKeyAlgs, - String[] keyMaterialKeyNames, + public static SSLContext createSSLContext( + Cert[] trustedCerts, + Cert[] endEntityCerts, ContextParameters params) throws Exception { KeyStore ts = null; // trust store @@ -697,51 +385,41 @@ public class SSLSocketTemplate { // Import the trused certs. ByteArrayInputStream is; - if (trustedMaterials != null && trustedMaterials.length != 0) { + if (trustedCerts != null && trustedCerts.length != 0) { ts = KeyStore.getInstance("JKS"); ts.load(null, null); - Certificate[] trustedCert = - new Certificate[trustedMaterials.length]; - for (int i = 0; i < trustedMaterials.length; i++) { - String trustedCertStr = trustedMaterials[i]; - - is = new ByteArrayInputStream(trustedCertStr.getBytes()); + Certificate[] trustedCert = new Certificate[trustedCerts.length]; + for (int i = 0; i < trustedCerts.length; i++) { + is = new ByteArrayInputStream(trustedCerts[i].certStr.getBytes()); try { trustedCert[i] = cf.generateCertificate(is); } finally { is.close(); } - ts.setCertificateEntry("trusted-cert-" + i, trustedCert[i]); + ts.setCertificateEntry( + "trusted-cert-" + trustedCerts[i].name(), trustedCert[i]); } } // Import the key materials. - // - // Note that certification pathes bigger than one are not supported yet. - boolean hasKeyMaterials = - (keyMaterialCerts != null) && (keyMaterialCerts.length != 0) && - (keyMaterialKeys != null) && (keyMaterialKeys.length != 0) && - (keyMaterialKeyAlgs != null) && (keyMaterialKeyAlgs.length != 0) && - (keyMaterialCerts.length == keyMaterialKeys.length) && - (keyMaterialCerts.length == keyMaterialKeyAlgs.length); - if (hasKeyMaterials) { + if (endEntityCerts != null && endEntityCerts.length != 0) { ks = KeyStore.getInstance("JKS"); ks.load(null, null); - for (int i = 0; i < keyMaterialCerts.length; i++) { - String keyCertStr = keyMaterialCerts[i]; - + for (int i = 0; i < endEntityCerts.length; i++) { // generate the private key. PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( - Base64.getMimeDecoder().decode(keyMaterialKeys[i])); + Base64.getMimeDecoder().decode(endEntityCerts[i].privKeyStr)); KeyFactory kf = - KeyFactory.getInstance(keyMaterialKeyAlgs[i]); + KeyFactory.getInstance( + endEntityCerts[i].keyAlgo); PrivateKey priKey = kf.generatePrivate(priKeySpec); // generate certificate chain - is = new ByteArrayInputStream(keyCertStr.getBytes()); + is = new ByteArrayInputStream( + endEntityCerts[i].certStr.getBytes()); Certificate keyCert = null; try { keyCert = cf.generateCertificate(is); @@ -752,7 +430,7 @@ public class SSLSocketTemplate { Certificate[] chain = new Certificate[] { keyCert }; // import the key entry. - ks.setKeyEntry("cert-" + keyMaterialKeyNames[i], + ks.setKeyEntry("cert-" + endEntityCerts[i].name(), priKey, passphrase, chain); } } @@ -763,7 +441,7 @@ public class SSLSocketTemplate { tmf.init(ts); SSLContext context = SSLContext.getInstance(params.contextProtocol); - if (hasKeyMaterials && ks != null) { + if (endEntityCerts != null && endEntityCerts.length != 0 && ks != null) { KeyManagerFactory kmf = KeyManagerFactory.getInstance(params.kmAlgorithm); kmf.init(ks, passphrase); @@ -928,4 +606,413 @@ public class SSLSocketTemplate { System.out.println(prefix + ": " + cause); cause.printStackTrace(System.out); } + + public static enum Cert { + + CA_ECDSA_SECP256R1( + "EC", + // SHA256withECDSA, curve secp256r1 + // Validity + // Not Before: May 22 07:18:16 2018 GMT + // Not After : May 17 07:18:16 2038 GMT + // Subject Key Identifier: + // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 + "-----BEGIN CERTIFICATE-----\n" + + "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + + "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + + "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" + + "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" + + "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" + + "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" + + "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" + + "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" + + "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" + + "2YEHlSQUAbwwqCDEVB5KxaqP\n" + + "-----END CERTIFICATE-----", + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd\n" + + "XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd\n" + + "LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp"), + + CA_ECDSA_SECP384R1( + "EC", + // SHA384withECDSA, curve secp384r1 + // Validity + // Not Before: Jun 24 08:15:06 2019 GMT + // Not After : Jun 19 08:15:06 2039 GMT + // Subject Key Identifier: + // 0a:93:a9:a0:bf:e7:d5:48:9d:4f:89:15:c6:51:98:80:05:51:4e:4e + "-----BEGIN CERTIFICATE-----\n" + + "MIICCDCCAY6gAwIBAgIUCpOpoL/n1UidT4kVxlGYgAVRTk4wCgYIKoZIzj0EAwMw\n" + + "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + + "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" + + "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + + "dCBTZXJpdmNlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENVQN1wXWFdgC6u/dDdiC\n" + + "y+WtMTF66oL/0BSm+1ZqsogamzCryawOcHgiuXgWzx5CQ3LuOC+tDFyXpGfHuCvb\n" + + "dkzxPrP5n9NrR8/uRPe5l1KOUbchviU8z9cTP+LZxnZDo1MwUTAdBgNVHQ4EFgQU\n" + + "SktSFArR1p/5mXV0kyo0RxIVa/UwHwYDVR0jBBgwFoAUSktSFArR1p/5mXV0kyo0\n" + + "RxIVa/UwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjBZvoNmq3/v\n" + + "RD2gBTyvxjS9h0rsMRLHDnvul/KWngytwGPTOBo0Y8ixQXSjdKoc3rkCMQDkiNgx\n" + + "IDxuHedmrLQKIPnVcthTmwv7//jHiqGoKofwChMo2a1P+DQdhszmeHD/ARQ=\n" + + "-----END CERTIFICATE-----", + "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDChlbt0NF8oIKODSxn2\n" + + "WXCXuJm3z78LRkzYQS3Nx5NMjei5ytkFZz4qvD4XXMWlTEyhZANiAAQ1VA3XBdYV\n" + + "2ALq790N2ILL5a0xMXrqgv/QFKb7VmqyiBqbMKvJrA5weCK5eBbPHkJDcu44L60M\n" + + "XJekZ8e4K9t2TPE+s/mf02tHz+5E97mXUo5RtyG+JTzP1xM/4tnGdkM="), + + CA_ECDSA_SECP521R1( + "EC", + // SHA512withECDSA, curve secp521r1 + // Validity + // Not Before: Jun 24 08:15:06 2019 GMT + // Not After : Jun 19 08:15:06 2039 GMT + // Subject Key Identifier: + // 25:ca:68:76:6d:29:17:9b:71:78:45:2d:d4:c6:e4:5d:fe:25:ff:90 + "-----BEGIN CERTIFICATE-----\n" + + "MIICUzCCAbSgAwIBAgIUJcpodm0pF5txeEUt1MbkXf4l/5AwCgYIKoZIzj0EAwQw\n" + + "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + + "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" + + "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + + "dCBTZXJpdmNlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAmFD5VmB2MdyJ6k+E\n" + + "eP4JncrE65ySL07gVmFwnr8otOt3NtRAyzmviMNNXXjo5R5NqNjKP4pr92JjT0sO\n" + + "D65yngkBtH151Ev/fiKPLxkXL9GzfKdWHVhDX7Zg6DUydzukzZV2/dIyloAIqwlz\n" + + "QVKJqT7RypDufdng8hnE9YfKo6ypZiujUzBRMB0GA1UdDgQWBBRAIrxa7WqtqUCe\n" + + "HFuKREDC92spvTAfBgNVHSMEGDAWgBRAIrxa7WqtqUCeHFuKREDC92spvTAPBgNV\n" + + "HRMBAf8EBTADAQH/MAoGCCqGSM49BAMEA4GMADCBiAJCAe22iirZnODCmlpxcv57\n" + + "3g5BEE60C+dtYmTqR4DtFyDaTRQ5CFf4ZxvQPIbD+SXi5Cbrl6qtrZG0cjUihPkC\n" + + "Hi1hAkIAiEcO7nMPgQLny+GrciojfN+bZXME/dPz6KHBm/89f8Me+jawVnv6y+df\n" + + "2Sbafh1KV6ntWQtB4bK3MXV8Ym9Eg1I=\n" + + "-----END CERTIFICATE-----", + "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAV8dZszV6+nLw3LeA\n" + + "Q+qLJLGaqyjlsQkaopCPcmoRdy1HX6AzB/YnKsPkHp/9DQN6A2JgUhFG5B0XvKSk\n" + + "BqNNuSGhgYkDgYYABACYUPlWYHYx3InqT4R4/gmdysTrnJIvTuBWYXCevyi063c2\n" + + "1EDLOa+Iw01deOjlHk2o2Mo/imv3YmNPSw4PrnKeCQG0fXnUS/9+Io8vGRcv0bN8\n" + + "p1YdWENftmDoNTJ3O6TNlXb90jKWgAirCXNBUompPtHKkO592eDyGcT1h8qjrKlm\n" + + "Kw=="), + + CA_RSA_2048( + "RSA", + // SHA256withRSA, 2048 bits + // Validity + // Not Before: May 22 07:18:16 2018 GMT + // Not After : May 17 07:18:16 2038 GMT + // Subject Key Identifier: + // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C + "-----BEGIN CERTIFICATE-----\n" + + "MIIDSTCCAjGgAwIBAgIJAI4ZF3iy8zG+MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + + "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + + "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYT\n" + + "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + + "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpMcY7aWieXDEM1/YJf\n" + + "JW27b4nRIFZyEYhEloyGsKTuQiiQjc8cqRZFNXe2vwziDB4IyTEl0Hjl5QF6ZaQE\n" + + "huPzzwvQm1pv64KrRXrmj3FisQK8B5OWLty9xp6xDqsaMRoyObLK+oIb20T5fSlE\n" + + "evmo1vYjnh8CX0Yzx5Gr5ye6YSEHQvYOWEws8ad17OlyToR2KMeC8w4qo6rs59pW\n" + + "g7Mxn9vo22ImDzrtAbTbXbCias3xlE0Bp0h5luyf+5U4UgksoL9B9r2oP4GrLNEV\n" + + "oJk57t8lwaR0upiv3CnS8LcJELpegZub5ggqLY8ZPYFQPjlK6IzLOm6rXPgZiZ3m\n" + + "RL0CAwEAAaNQME4wHQYDVR0OBBYEFA3dk8n+S701t+iZeJD721o92xVMMB8GA1Ud\n" + + "IwQYMBaAFA3dk8n+S701t+iZeJD721o92xVMMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" + + "hvcNAQELBQADggEBAJTRC3rKUUhVH07/1+stUungSYgpM08dY4utJq0BDk36BbmO\n" + + "0AnLDMbkwFdHEoqF6hQIfpm7SQTmXk0Fss6Eejm8ynYr6+EXiRAsaXOGOBCzF918\n" + + "/RuKOzqABfgSU4UBKECLM5bMfQTL60qx+HdbdVIpnikHZOFfmjCDVxoHsGyXc1LW\n" + + "Jhkht8IGOgc4PMGvyzTtRFjz01kvrVQZ75aN2E0GQv6dCxaEY0i3ypSzjUWAKqDh\n" + + "3e2OLwUSvumcdaxyCdZAOUsN6pDBQ+8VRG7KxnlRlY1SMEk46QgQYLbPDe/+W/yH\n" + + "ca4PejicPeh+9xRAwoTpiE2gulfT7Lm+fVM7Ruc=\n" + + "-----END CERTIFICATE-----", + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6THGO2lonlwxD\n" + + "Nf2CXyVtu2+J0SBWchGIRJaMhrCk7kIokI3PHKkWRTV3tr8M4gweCMkxJdB45eUB\n" + + "emWkBIbj888L0Jtab+uCq0V65o9xYrECvAeTli7cvcaesQ6rGjEaMjmyyvqCG9tE\n" + + "+X0pRHr5qNb2I54fAl9GM8eRq+cnumEhB0L2DlhMLPGndezpck6EdijHgvMOKqOq\n" + + "7OfaVoOzMZ/b6NtiJg867QG0212womrN8ZRNAadIeZbsn/uVOFIJLKC/Qfa9qD+B\n" + + "qyzRFaCZOe7fJcGkdLqYr9wp0vC3CRC6XoGbm+YIKi2PGT2BUD45SuiMyzpuq1z4\n" + + "GYmd5kS9AgMBAAECggEAFHSoU2MuWwJ+2jJnb5U66t2V1bAcuOE1g5zkWvG/G5z9\n" + + "rq6Qo5kmB8f5ovdx6tw3MGUOklLwnRXBG3RxDJ1iokz3AvkY1clMNsDPlDsUrQKF\n" + + "JSO4QUBQTPSZhnsyfR8XHSU+qJ8Y+ohMfzpVv95BEoCzebtXdVgxVegBlcEmVHo2\n" + + "kMmkRN+bYNsr8eb2r+b0EpyumS39ZgKYh09+cFb78y3T6IFMGcVJTP6nlGBFkmA/\n" + + "25pYeCF2tSki08qtMJZQAvKfw0Kviibk7ZxRbJqmc7B1yfnOEHP6ftjuvKl2+RP/\n" + + "+5P5f8CfIP6gtA0LwSzAqQX/hfIKrGV5j0pCqrD0kQKBgQDeNR6Xi4sXVq79lihO\n" + + "a1bSeV7r8yoQrS8x951uO+ox+UIZ1MsAULadl7zB/P0er92p198I9M/0Jth3KBuS\n" + + "zj45mucvpiiGvmQlMKMEfNq4nN7WHOu55kufPswQB2mR4J3xmwI+4fM/nl1zc82h\n" + + "De8JSazRldJXNhfx0RGFPmgzbwKBgQDWoVXrXLbCAn41oVnWB8vwY9wjt92ztDqJ\n" + + "HMFA/SUohjePep9UDq6ooHyAf/Lz6oE5NgeVpPfTDkgvrCFVKnaWdwALbYoKXT2W\n" + + "9FlyJox6eQzrtHAacj3HJooXWuXlphKSizntfxj3LtMR9BmrmRJOfK+SxNOVJzW2\n" + + "+MowT20EkwKBgHmpB8jdZBgxI7o//m2BI5Y1UZ1KE5vx1kc7VXzHXSBjYqeV9FeF\n" + + "2ZZLP9POWh/1Fh4pzTmwIDODGT2UPhSQy0zq3O0fwkyT7WzXRknsuiwd53u/dejg\n" + + "iEL2NPAJvulZ2+AuiHo5Z99LK8tMeidV46xoJDDUIMgTG+UQHNGhK5gNAoGAZn/S\n" + + "Cn7SgMC0CWSvBHnguULXZO9wH1wZAFYNLL44OqwuaIUFBh2k578M9kkke7woTmwx\n" + + "HxQTjmWpr6qimIuY6q6WBN8hJ2Xz/d1fwhYKzIp20zHuv5KDUlJjbFfqpsuy3u1C\n" + + "kts5zwI7pr1ObRbDGVyOdKcu7HI3QtR5qqyjwaUCgYABo7Wq6oHva/9V34+G3Goh\n" + + "63bYGUnRw2l5BD11yhQv8XzGGZFqZVincD8gltNThB0Dc/BI+qu3ky4YdgdZJZ7K\n" + + "z51GQGtaHEbrHS5caV79yQ8QGY5mUVH3E+VXSxuIqb6pZq2DH4sTAEFHyncddmOH\n" + + "zoXBInYwRG9KE/Bw5elhUw=="), + + CA_DSA_2048( + "DSA", + // SHA256withDSA, 2048 bits + // Validity + // Not Before: May 22 07:18:18 2018 GMT + // Not After : May 17 07:18:18 2038 GMT + // Subject Key Identifier: + // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53 + "-----BEGIN CERTIFICATE-----\n" + + "MIIErjCCBFSgAwIBAgIJAOktYLNCbr02MAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + + "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" + + "Y2UwHhcNMTgwNTIyMDcxODE4WhcNMzgwNTE3MDcxODE4WjA7MQswCQYDVQQGEwJV\n" + + "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Uw\n" + + "ggNHMIICOQYHKoZIzjgEATCCAiwCggEBAO5GyPhSm0ze3LSu+gicdULLj05iOfTL\n" + + "UvZQ29sYz41zmqrLBQbdKiHqgJu2Re9sgTb5suLNjF047TOLPnU3jhPtWm2X8Xzi\n" + + "VGIcHym/Q/MeZxStt/88seqroI3WOKzIML2GcrishT+lcGrtH36Tf1+ue2Snn3PS\n" + + "WyxygNqPjllP5uUjYmFLvAf4QLMldkd/D2VxcwsHjB8y5iUZsXezc/LEhRZS/02m\n" + + "ivqlRw3AMkq/OVe/ZtxFWsP0nsfxEGdZuaUFpppGfixxFvymrB3+J51cTt+pZBDq\n" + + "D2y0DYfc+88iCs4jwHTfcDIpLb538HBjBj2rEgtQESQmB0ooD/+wsPsCIQC1bYch\n" + + "gElNtDYL3FgpLgNSUYp7gIWv9ehaC7LO2z7biQKCAQBitvFOnDkUja8NAF7lDpOV\n" + + "b5ipQ8SicBLW3kQamxhyuyxgZyy/PojZ/oPorkqW/T/A0rhnG6MssEpAtdiwVB+c\n" + + "rBYGo3bcwmExJhdOJ6dYuKFppPWhCwKMHs9npK+lqBMl8l5j58xlcFeC7ZfGf8GY\n" + + "GkhFW0c44vEQhMMbac6ZTTP4mw+1t7xJfmDMlLEyIpTXaAAk8uoVLWzQWnR40sHi\n" + + "ybvS0u3JxQkb7/y8tOOZu8qlz/YOS7lQ6UxUGX27Ce1E0+agfPphetoRAlS1cezq\n" + + "Wa7r64Ga0nkj1kwkcRqjgTiJx0NwnUXr78VAXFhVF95+O3lfqhvdtEGtkhDGPg7N\n" + + "A4IBBgACggEBAMmSHQK0w2i+iqUjOPzn0yNEZrzepLlLeQ1tqtn0xnlv5vBAeefD\n" + + "Pm9dd3tZOjufVWP7hhEz8xPobb1CS4e3vuQiv5UBfhdPL3f3l9T7JMAKPH6C9Vve\n" + + "OQXE5eGqbjsySbcmseHoYUt1WCSnSda1opX8zchX04e7DhGfE2/L9flpYEoSt8lI\n" + + "vMNjgOwvKdW3yvPt1/eBBHYNFG5gWPv/Q5KoyCtHS03uqGm4rNc/wZTIEEfd66C+\n" + + "QRaUltjOaHmtwOdDHaNqwhYZSVOip+Mo+TfyzHFREcdHLapo7ZXqbdYkRGxRR3d+\n" + + "3DfHaraJO0OKoYlPkr3JMvM/MSGR9AnZOcejUDBOMB0GA1UdDgQWBBR2Zp73O91F\n" + + "5TvZcjw/8FQ5hjEmUzAfBgNVHSMEGDAWgBR2Zp73O91F5TvZcjw/8FQ5hjEmUzAM\n" + + "BgNVHRMEBTADAQH/MAsGCWCGSAFlAwQDAgNHADBEAiBzriYE41M2y9Hy5ppkL0Qn\n" + + "dIlNc8JhXT/PHW7GDtViagIgMko8Qoj9gDGPK3+O9E8DC3wGiiF9CObM4LN387ok\n" + + "J+g=\n" + + "-----END CERTIFICATE-----", + "MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQDuRsj4UptM3ty0rvoInHVCy49O" + + "Yjn0y1L2UNvbGM+Nc5qqywUG3Soh6oCbtkXvbIE2+bLizYxdOO0ziz51N44T7Vpt" + + "l/F84lRiHB8pv0PzHmcUrbf/PLHqq6CN1jisyDC9hnK4rIU/pXBq7R9+k39frntk" + + "p59z0lsscoDaj45ZT+blI2JhS7wH+ECzJXZHfw9lcXMLB4wfMuYlGbF3s3PyxIUW" + + "Uv9Npor6pUcNwDJKvzlXv2bcRVrD9J7H8RBnWbmlBaaaRn4scRb8pqwd/iedXE7f" + + "qWQQ6g9stA2H3PvPIgrOI8B033AyKS2+d/BwYwY9qxILUBEkJgdKKA//sLD7AiEA" + + "tW2HIYBJTbQ2C9xYKS4DUlGKe4CFr/XoWguyzts+24kCggEAYrbxTpw5FI2vDQBe" + + "5Q6TlW+YqUPEonAS1t5EGpsYcrssYGcsvz6I2f6D6K5Klv0/wNK4ZxujLLBKQLXY" + + "sFQfnKwWBqN23MJhMSYXTienWLihaaT1oQsCjB7PZ6SvpagTJfJeY+fMZXBXgu2X" + + "xn/BmBpIRVtHOOLxEITDG2nOmU0z+JsPtbe8SX5gzJSxMiKU12gAJPLqFS1s0Fp0" + + "eNLB4sm70tLtycUJG+/8vLTjmbvKpc/2Dku5UOlMVBl9uwntRNPmoHz6YXraEQJU" + + "tXHs6lmu6+uBmtJ5I9ZMJHEao4E4icdDcJ1F6+/FQFxYVRfefjt5X6ob3bRBrZIQ" + + "xj4OzQQjAiEAsceWOM8do4etxp2zgnoNXV8PUUyqWhz1+0srcKV7FR4="), + + EE_ECDSA_SECP256R1( + "EC", + // SHA256withECDSA, curve secp256r1 + // Validity + // Not Before: May 22 07:18:16 2018 GMT + // Not After : May 17 07:18:16 2038 GMT + // Authority Key Identifier: + // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 + "-----BEGIN CERTIFICATE-----\n" + + "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + + "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + + "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" + + "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" + + "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" + + "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" + + "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" + + "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" + + "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" + + "-----END CERTIFICATE-----", + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" + + "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" + + "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6"), + + EE_ECDSA_SECP384R1( + "EC", + // SHA384withECDSA, curve secp384r1 + // Validity + // Not Before: Jun 24 08:15:06 2019 GMT + // Not After : Jun 19 08:15:06 2039 GMT + // Authority Key Identifier: + // 40:2D:AA:EE:66:AA:33:27:AD:9B:5D:52:9B:60:67:6A:2B:AD:52:D2 + "-----BEGIN CERTIFICATE-----\n" + + "MIICEjCCAZegAwIBAgIUS3F0AqAXWRg07CnbknJzxofyBQMwCgYIKoZIzj0EAwMw\n" + + "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + + "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" + + "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + + "dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwdjAQBgcqhkjOPQIB\n" + + "BgUrgQQAIgNiAARqElz8b6T07eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/w\n" + + "G8ASSevpgqgpi6EzpBZaaJxE3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEj\n" + + "iLjYmt3O0pwpklijQjBAMB0GA1UdDgQWBBRALaruZqozJ62bXVKbYGdqK61S0jAf\n" + + "BgNVHSMEGDAWgBRKS1IUCtHWn/mZdXSTKjRHEhVr9TAKBggqhkjOPQQDAwNpADBm\n" + + "AjEArVDFKf48xijN6huVUJzKCOP0zlWB5Js+DItIkZmLQuhciPLhLIB/rChf3Y4C\n" + + "xuP4AjEAmfLhQRI0O3pifpYzYSVh2G7/jHNG4eO+2dvgAcU+Lh2IIj/cpLaPFSvL\n" + + "J8FXY9Nj\n" + + "-----END CERTIFICATE-----", + "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDASuI9EtK29APXPipkc\n" + + "qDA+qwlewMjv/OcjUJ77kP1Vz62oVF9iY9SRIyFIUju8wt+hZANiAARqElz8b6T0\n" + + "7eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/wG8ASSevpgqgpi6EzpBZaaJxE\n" + + "3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEjiLjYmt3O0pwpklg="), + + EE_ECDSA_SECP521R1( + "EC", + // SHA512withECDSA, curve secp521r1 + // Validity + // Not Before: Jun 24 08:15:06 2019 GMT + // Not After : Jun 19 08:15:06 2039 GMT + // Authority Key Identifier: + // 7B:AA:79:A4:49:DD:59:34:F0:86:6C:51:C7:30:F4:CE:C5:81:8A:28 + "-----BEGIN CERTIFICATE-----\n" + + "MIICXDCCAb2gAwIBAgIUck4QTsbHNqUfPxfGPJLYbedFPdswCgYIKoZIzj0EAwQw\n" + + "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + + "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" + + "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + + "dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwgZswEAYHKoZIzj0C\n" + + "AQYFK4EEACMDgYYABAGa2zDLhYQHHCLI3YBqFYJTzrnDIjzwXrxhcRTS8DYkcrjZ\n" + + "+Fih1YyNhix0sdjH+3EqElXAHHuVzn3n3hPOtQCWlQCICkErB34S0cvmtRkeW8Fi\n" + + "hrR5tvJEzEZjPSgwn81kKyhV2L70je6i7Cw884Va8bODckpgw0vTmbQb7T9dupkv\n" + + "1aNCMEAwHQYDVR0OBBYEFHuqeaRJ3Vk08IZsUccw9M7FgYooMB8GA1UdIwQYMBaA\n" + + "FEAivFrtaq2pQJ4cW4pEQML3aym9MAoGCCqGSM49BAMEA4GMADCBiAJCAb33KHdY\n" + + "WDbusORWoY8Euglpd5zsF15hJsk7wtpD5HST1/NWmdCx405w+TV6a9Gr4VPHeaIQ\n" + + "99i/+f237ALL5p6IAkIBbwwFL1vt3c/bx+niyuffQPNjly80rdC9puqAqriSiboS\n" + + "efhxjidJ9HLaIRCMEPyd6vAsC8mO8YvL1uCuEQLsiGM=\n" + + "-----END CERTIFICATE-----", + "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIB8C/2OX2Dt9vFszzV\n" + + "hcAe0CbkMlvu9uQ/L7Vz88heuIj0rUZIPGshvgIJt1hCMT8HZxYHvDa4lbUvqjFB\n" + + "+zafvPWhgYkDgYYABAGa2zDLhYQHHCLI3YBqFYJTzrnDIjzwXrxhcRTS8DYkcrjZ\n" + + "+Fih1YyNhix0sdjH+3EqElXAHHuVzn3n3hPOtQCWlQCICkErB34S0cvmtRkeW8Fi\n" + + "hrR5tvJEzEZjPSgwn81kKyhV2L70je6i7Cw884Va8bODckpgw0vTmbQb7T9dupkv\n" + + "1Q=="), + + EE_RSA_2048( + "RSA", + // SHA256withRSA, 2048 bits + // Validity + // Not Before: May 22 07:18:16 2018 GMT + // Not After : May 17 07:18:16 2038 GMT + // Authority Key Identifier: + // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C + "-----BEGIN CERTIFICATE-----\n" + + "MIIDNjCCAh6gAwIBAgIJAO2+yPcFryUTMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + + "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + + "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYT\n" + + "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + + "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n" + + "AQ8AMIIBCgKCAQEAszfBobWfZIp8AgC6PiWDDavP65mSvgCXUGxACbxVNAfkLhNR\n" + + "QOsHriRB3X1Q3nvO9PetC6wKlvE9jlnDDj7D+1j1r1CHO7ms1fq8rfcQYdkanDtu\n" + + "4AlHo8v+SSWX16MIXFRYDj2VVHmyPtgbltcg4zGAuwT746FdLI94uXjJjq1IOr/v\n" + + "0VIlwE5ORWH5Xc+5Tj+oFWK0E4a4GHDgtKKhn2m72hN56/GkPKGkguP5NRS1qYYV\n" + + "/EFkdyQMOV8J1M7HaicSft4OL6eKjTrgo93+kHk+tv0Dc6cpVBnalX3TorG8QI6B\n" + + "cHj1XQd78oAlAC+/jF4pc0mwi0un49kdK9gRfQIDAQABoyMwITAfBgNVHSMEGDAW\n" + + "gBQN3ZPJ/ku9NbfomXiQ+9taPdsVTDANBgkqhkiG9w0BAQsFAAOCAQEApXS0nKwm\n" + + "Kp8gpmO2yG1rpd1+2wBABiMU4JZaTqmma24DQ3RzyS+V2TeRb29dl5oTUEm98uc0\n" + + "GPZvhK8z5RFr4YE17dc04nI/VaNDCw4y1NALXGs+AHkjoPjLyGbWpi1S+gfq2sNB\n" + + "Ekkjp6COb/cb9yiFXOGVls7UOIjnVZVd0r7KaPFjZhYh82/f4PA/A1SnIKd1+nfH\n" + + "2yk7mSJNC7Z3qIVDL8MM/jBVwiC3uNe5GPB2uwhd7k5LGAVN3j4HQQGB0Sz+VC1h\n" + + "92oi6xDa+YBva2fvHuCd8P50DDjxmp9CemC7rnZ5j8egj88w14X44Xjb/Fd/ApG9\n" + + "e57NnbT7KM+Grw==\n" + + "-----END CERTIFICATE-----", + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzN8GhtZ9kinwC\n" + + "ALo+JYMNq8/rmZK+AJdQbEAJvFU0B+QuE1FA6weuJEHdfVDee870960LrAqW8T2O\n" + + "WcMOPsP7WPWvUIc7uazV+ryt9xBh2RqcO27gCUejy/5JJZfXowhcVFgOPZVUebI+\n" + + "2BuW1yDjMYC7BPvjoV0sj3i5eMmOrUg6v+/RUiXATk5FYfldz7lOP6gVYrQThrgY\n" + + "cOC0oqGfabvaE3nr8aQ8oaSC4/k1FLWphhX8QWR3JAw5XwnUzsdqJxJ+3g4vp4qN\n" + + "OuCj3f6QeT62/QNzpylUGdqVfdOisbxAjoFwePVdB3vygCUAL7+MXilzSbCLS6fj\n" + + "2R0r2BF9AgMBAAECggEASIkPkMCuw4WdTT44IwERus3IOIYOs2IP3BgEDyyvm4B6\n" + + "JP/iihDWKfA4zEl1Gqcni1RXMHswSglXra682J4kui02Ov+vzEeJIY37Ibn2YnP5\n" + + "ZjRT2s9GtI/S2o4hl8A/mQb2IMViFC+xKehTukhV4j5d6NPKk0XzLR7gcMjnYxwn\n" + + "l21fS6D2oM1xRG/di7sL+uLF8EXLRzfiWDNi12uQv4nwtxPKvuKhH6yzHt7YqMH0\n" + + "46pmDKDaxV4w1JdycjCb6NrCJOYZygoQobuZqOQ30UZoZsPJrtovkncFr1e+lNcO\n" + + "+aWDfOLCtTH046dEQh5oCShyXMybNlry/QHsOtHOwQKBgQDh2iIjs+FPpQy7Z3EX\n" + + "DGEvHYqPjrYO9an2KSRr1m9gzRlWYxKY46WmPKwjMerYtra0GP+TBHrgxsfO8tD2\n" + + "wUAII6sd1qup0a/Sutgf2JxVilLykd0+Ge4/Cs51tCdJ8EqDV2B6WhTewOY2EGvg\n" + + "JiKYkeNwgRX/9M9CFSAMAk0hUQKBgQDLJAartL3DoGUPjYtpJnfgGM23yAGl6G5r\n" + + "NSXDn80BiYIC1p0bG3N0xm3yAjqOtJAUj9jZbvDNbCe3GJfLARMr23legX4tRrgZ\n" + + "nEdKnAFKAKL01oM+A5/lHdkwaZI9yyv+hgSVdYzUjB8rDmzeVQzo1BT7vXypt2yV\n" + + "6O1OnUpCbQKBgA/0rzDChopv6KRcvHqaX0tK1P0rYeVQqb9ATNhpf9jg5Idb3HZ8\n" + + "rrk91BNwdVz2G5ZBpdynFl9G69rNAMJOCM4KZw5mmh4XOEq09Ivba8AHU7DbaTv3\n" + + "7QL7KnbaUWRB26HHzIMYVh0el6T+KADf8NXCiMTr+bfpfbL3dxoiF3zhAoGAbCJD\n" + + "Qse1dBs/cKYCHfkSOsI5T6kx52Tw0jS6Y4X/FOBjyqr/elyEexbdk8PH9Ar931Qr\n" + + "NKMvn8oA4iA/PRrXX7M2yi3YQrWwbkGYWYjtzrzEAdzmg+5eARKAeJrZ8/bg9l3U\n" + + "ttKaItJsDPlizn8rngy3FsJpR9aSAMK6/+wOiYkCgYEA1tZkI1rD1W9NYZtbI9BE\n" + + "qlJVFi2PBOJMKNuWdouPX3HLQ72GJSQff2BFzLTELjweVVJ0SvY4IipzpQOHQOBy\n" + + "5qh/p6izXJZh3IHtvwVBjHoEVplg1b2+I5e3jDCfqnwcQw82dW5SxOJMg1h/BD0I\n" + + "qAL3go42DYeYhu/WnECMeis="), + + EE_EC_RSA_SECP256R1( + "EC", + // SHA256withRSA, curve secp256r1 + // Validity + // Not Before: May 22 07:18:16 2018 GMT + // Not After : May 21 07:18:16 2028 GMT + // Authority Key Identifier: + // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C + "-----BEGIN CERTIFICATE-----\n" + + "MIICazCCAVOgAwIBAgIJAO2+yPcFryUUMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + + "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + + "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0yODA1MjEwNzE4MTZaMFUxCzAJBgNVBAYT\n" + + "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + + "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" + + "AQcDQgAE59MERNTlVZ1eeps8Z3Oue5ZkgQdPtD+WIE6tj3PbIKpxGPDxvfNP959A\n" + + "yQjEK/ehWQVrCMmNoEkIzY+IIBgB06MjMCEwHwYDVR0jBBgwFoAUDd2Tyf5LvTW3\n" + + "6Jl4kPvbWj3bFUwwDQYJKoZIhvcNAQELBQADggEBAFOTVEqs70ykhZiIdrEsF1Ra\n" + + "I3B2rLvwXZk52uSltk2/bzVvewA577ZCoxQ1pL7ynkisPfBN1uVYtHjM1VA3RC+4\n" + + "+TAK78dnI7otYjWoHp5rvs4l6c/IbOspS290IlNuDUxMErEm5wxIwj+Aukx/1y68\n" + + "hOyCvHBLMY2c1LskH1MMBbDuS1aI+lnGpToi+MoYObxGcV458vxuT8+wwV8Fkpvd\n" + + "ll8IIFmeNPRv+1E+lXbES6CSNCVaZ/lFhPgdgYKleN7sfspiz50DG4dqafuEAaX5\n" + + "xaK1NWXJxTRz0ROH/IUziyuDW6jphrlgit4+3NCzp6vP9hAJQ8Vhcj0n15BKHIQ=\n" + + "-----END CERTIFICATE-----", + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGVc7hICpmp91jbYe\n" + + "nrr8nYHD37RZP3VENY+szuA7WjuhRANCAATn0wRE1OVVnV56mzxnc657lmSBB0+0\n" + + "P5YgTq2Pc9sgqnEY8PG980/3n0DJCMQr96FZBWsIyY2gSQjNj4ggGAHT"), + + EE_DSA_2048( + "DSA", + // SHA256withDSA, 2048 bits + // Validity + // Not Before: May 22 07:18:20 2018 GMT + // Not After : May 17 07:18:20 2038 GMT + // Authority Key Identifier: + // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53 + "-----BEGIN CERTIFICATE-----\n" + + "MIIEnDCCBEGgAwIBAgIJAP/jh1qVhNVjMAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + + "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" + + "Y2UwHhcNMTgwNTIyMDcxODIwWhcNMzgwNTE3MDcxODIwWjBVMQswCQYDVQQGEwJV\n" + + "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Ux\n" + + "GDAWBgNVBAMMD1JlZ3Jlc3Npb24gVGVzdDCCA0cwggI6BgcqhkjOOAQBMIICLQKC\n" + + "AQEAmlavgoJrMcjqWRVcDE2dmWAPREgnzQvneEDef68cprDzjSwvOs5QeFyx75ib\n" + + "ado1e6jO/rW1prCGWHDD1oA/Tn4Pk3vu0nUxzvl1qATc+aJbpUU5Op0bvp6LbCsQ\n" + + "QslV9FeRh7Eb7bP6gpc/kHCBzEgC1VCK7prccXWy+t6SMOHbND3h+UbckfSaUuaV\n" + + "sVJNTD1D6GElfRj4Nmz1BGPfSYvKorwNZEU3gXwFgtDoAcGx7tcyClLpDHfqRfw/\n" + + "7yiqLyeiP7D4hl5lMNouJWDlAdMFp0FMgS3s9VDFinIcr6VtBWMTG7+4+czHAB+3\n" + + "fvrwlqNzhBn3uFHrekN/w8fNxwIhAJo7Sae1za7IMW0Q6hE5B4b+s2B/FaKPoA4E\n" + + "jtZu13B9AoIBAQCOZqLMKfvqZWUgT0PQ3QjR7dAFdd06I9Y3+TOQzZk1+j+vw/6E\n" + + "X4vFItX4gihb/u5Q9CdmpwhVGi7bvo+7+/IKeTgoQ6f5+PSug7SrWWUQ5sPwaZui\n" + + "zXZJ5nTeZDucFc2yFx0wgnjbPwiUxZklOT7xGiOMtzOTa2koCz5KuIBL+/wPKKxm\n" + + "ypo9VoY9xfbdU6LMXZv/lpD5XTM9rYHr/vUTNkukvV6Hpm0YMEWhVZKUJiqCqTqG\n" + + "XHaleOxSw6uQWB/+TznifcC7gB48UOQjCqOKf5VuwQneJLhlhU/jhRV3xtr+hLZa\n" + + "hW1wYhVi8cjLDrZFKlgEQqhB4crnJU0mJY+tA4IBBQACggEAID0ezl00/X8mv7eb\n" + + "bzovum1+DEEP7FM57k6HZEG2N3ve4CW+0m9Cd+cWPz8wkZ+M0j/Eqa6F0IdbkXEc\n" + + "Q7CuzvUyJ57xQ3L/WCgXsiS+Bh8O4Mz7GwW22CGmHqafbVv+hKBfr8MkskO6GJUt\n" + + "SUF/CVLzB4gMIvZMH26tBP2xK+i7FeEK9kT+nGdzQSZBAhFYpEVCBplHZO24/OYq\n" + + "1DNoU327nUuXIhmsfA8N0PjiWbIZIjTPwBGr9H0LpATI7DIDNcvRRvtROP+pBU9y\n" + + "fuykPkptg9C0rCM9t06bukpOSaEz/2VIQdLE8fHYFA6pHZ6CIc2+5cfvMgTPhcjz\n" + + "W2jCt6MjMCEwHwYDVR0jBBgwFoAUdmae9zvdReU72XI8P/BUOYYxJlMwCwYJYIZI\n" + + "AWUDBAMCA0gAMEUCIQCeI5fN08b9BpOaHdc3zQNGjp24FOL/RxlBLeBAorswJgIg\n" + + "JEZ8DhYxQy1O7mmZ2UIT7op6epWMB4dENjs0qWPmcKo=\n" + + "-----END CERTIFICATE-----", + "MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQCaVq+CgmsxyOpZFVwMTZ2ZYA9E\n" + + "SCfNC+d4QN5/rxymsPONLC86zlB4XLHvmJtp2jV7qM7+tbWmsIZYcMPWgD9Ofg+T\n" + + "e+7SdTHO+XWoBNz5olulRTk6nRu+notsKxBCyVX0V5GHsRvts/qClz+QcIHMSALV\n" + + "UIrumtxxdbL63pIw4ds0PeH5RtyR9JpS5pWxUk1MPUPoYSV9GPg2bPUEY99Ji8qi\n" + + "vA1kRTeBfAWC0OgBwbHu1zIKUukMd+pF/D/vKKovJ6I/sPiGXmUw2i4lYOUB0wWn\n" + + "QUyBLez1UMWKchyvpW0FYxMbv7j5zMcAH7d++vCWo3OEGfe4Uet6Q3/Dx83HAiEA\n" + + "mjtJp7XNrsgxbRDqETkHhv6zYH8Voo+gDgSO1m7XcH0CggEBAI5moswp++plZSBP\n" + + "Q9DdCNHt0AV13Toj1jf5M5DNmTX6P6/D/oRfi8Ui1fiCKFv+7lD0J2anCFUaLtu+\n" + + "j7v78gp5OChDp/n49K6DtKtZZRDmw/Bpm6LNdknmdN5kO5wVzbIXHTCCeNs/CJTF\n" + + "mSU5PvEaI4y3M5NraSgLPkq4gEv7/A8orGbKmj1Whj3F9t1Tosxdm/+WkPldMz2t\n" + + "gev+9RM2S6S9XoembRgwRaFVkpQmKoKpOoZcdqV47FLDq5BYH/5POeJ9wLuAHjxQ\n" + + "5CMKo4p/lW7BCd4kuGWFT+OFFXfG2v6EtlqFbXBiFWLxyMsOtkUqWARCqEHhyucl\n" + + "TSYlj60EIgIgLfA75+8KcKxdN8mr6gzGjQe7jPFGG42Ejhd7Q2F4wuw="); + + final String keyAlgo; + final String certStr; + final String privKeyStr; + + Cert(String keyAlgo, String certStr, String privKeyStr) { + this.keyAlgo = keyAlgo; + this.certStr = certStr; + this.privKeyStr = privKeyStr; + } + } } diff --git a/test/jdk/sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java b/test/jdk/sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java new file mode 100644 index 00000000000..28bb12377e5 --- /dev/null +++ b/test/jdk/sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java @@ -0,0 +1,185 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLSocket; + +/* + * @test + * @bug 8224650 + * @library /javax/net/ssl/templates + * /javax/net/ssl/TLSCommon + * @summary Test TLS ciphersuite with each individual supported group + * @run main/othervm NamedGroupsWithCipherSuite x25519 + * @run main/othervm NamedGroupsWithCipherSuite x448 + * @run main/othervm NamedGroupsWithCipherSuite secp256r1 + * @run main/othervm NamedGroupsWithCipherSuite secp384r1 + * @run main/othervm NamedGroupsWithCipherSuite secp521r1 + * @run main/othervm NamedGroupsWithCipherSuite ffdhe2048 + * @run main/othervm NamedGroupsWithCipherSuite ffdhe3072 + * @run main/othervm NamedGroupsWithCipherSuite ffdhe4096 + * @run main/othervm NamedGroupsWithCipherSuite ffdhe6144 + * @run main/othervm NamedGroupsWithCipherSuite ffdhe8192 + */ +public class NamedGroupsWithCipherSuite extends SSLSocketTemplate { + + private static final Protocol[] PROTOCOLS = new Protocol[] { + Protocol.TLSV1_3, + Protocol.TLSV1_2, + Protocol.TLSV1_1, + Protocol.TLSV1 + }; + + private static final CipherSuite[] CIPHER_SUITES = new CipherSuite[] { + CipherSuite.TLS_AES_128_GCM_SHA256, + CipherSuite.TLS_AES_256_GCM_SHA384, + CipherSuite.TLS_CHACHA20_POLY1305_SHA256, + + CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + + CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + + CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, + + CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + }; + + private String protocol; + private String cipher; + + private SSLSocketTemplate.Cert[] trustedCerts = TRUSTED_CERTS; + private SSLSocketTemplate.Cert[] endEntityCerts = END_ENTITY_CERTS; + + NamedGroupsWithCipherSuite( + String protocol, + String cipher, + String namedGroup) { + this.protocol = protocol; + this.cipher = cipher; + + if (cipher.startsWith("TLS_ECDHE_ECDSA")) { + switch (namedGroup) { + case "secp256r1": + trustedCerts = new SSLSocketTemplate.Cert[] { + SSLSocketTemplate.Cert.CA_ECDSA_SECP256R1 }; + endEntityCerts = new SSLSocketTemplate.Cert[] { + SSLSocketTemplate.Cert.EE_ECDSA_SECP256R1 }; + break; + case "secp384r1": + trustedCerts = new SSLSocketTemplate.Cert[] { + SSLSocketTemplate.Cert.CA_ECDSA_SECP384R1 }; + endEntityCerts = new SSLSocketTemplate.Cert[] { + SSLSocketTemplate.Cert.EE_ECDSA_SECP384R1 }; + break; + case "secp521r1": + trustedCerts = new SSLSocketTemplate.Cert[] { + SSLSocketTemplate.Cert.CA_ECDSA_SECP521R1 }; + endEntityCerts = new SSLSocketTemplate.Cert[] { + SSLSocketTemplate.Cert.EE_ECDSA_SECP521R1 }; + } + } + } + + protected SSLContext createClientSSLContext() throws Exception { + return createSSLContext(trustedCerts, endEntityCerts, + getClientContextParameters()); + } + + protected SSLContext createServerSSLContext() throws Exception { + return createSSLContext(trustedCerts, endEntityCerts, + getServerContextParameters()); + } + + // Servers are configured before clients, increment test case after. + @Override + protected void configureClientSocket(SSLSocket socket) { + socket.setEnabledProtocols(new String[] { protocol }); + socket.setEnabledCipherSuites(new String[] { cipher }); + } + + @Override + protected void configureServerSocket(SSLServerSocket serverSocket) { + serverSocket.setEnabledProtocols(new String[] { protocol }); + serverSocket.setEnabledCipherSuites(new String[] { cipher }); + } + + public static void main(String[] args) throws Exception { + String namedGroup = args[0]; + + System.setProperty("jdk.tls.namedGroups", namedGroup); + System.out.println("NamedGroup: " + namedGroup); + + for (Protocol protocol : PROTOCOLS) { + for (CipherSuite cipherSuite : CIPHER_SUITES) { + if (cipherSuite.supportedByProtocol(protocol) + && groupSupportdByCipher(namedGroup, cipherSuite)) { + System.out.printf("Protocol: %s, cipher suite: %s%n", + protocol, cipherSuite); + + new NamedGroupsWithCipherSuite(protocol.name, + cipherSuite.name(), namedGroup).run(); + } + } + } + } + + private static boolean groupSupportdByCipher(String group, + CipherSuite cipherSuite) { + return (group.startsWith("x") + && xdhGroupSupportdByCipher(cipherSuite)) + || (group.startsWith("secp") + && ecdhGroupSupportdByCipher(cipherSuite)) + || (group.startsWith("ffdhe") + && ffdhGroupSupportdByCipher(cipherSuite)); + } + + private static boolean xdhGroupSupportdByCipher( + CipherSuite cipherSuite) { + return cipherSuite.keyExAlgorithm == null + || cipherSuite.keyExAlgorithm == KeyExAlgorithm.ECDHE_RSA; + } + + private static boolean ecdhGroupSupportdByCipher( + CipherSuite cipherSuite) { + return cipherSuite.keyExAlgorithm == null + || cipherSuite.keyExAlgorithm == KeyExAlgorithm.ECDHE_RSA + || cipherSuite.keyExAlgorithm == KeyExAlgorithm.ECDHE_ECDSA; + } + + private static boolean ffdhGroupSupportdByCipher( + CipherSuite cipherSuite) { + return cipherSuite.keyExAlgorithm == null + || cipherSuite.keyExAlgorithm == KeyExAlgorithm.DHE_DSS + || cipherSuite.keyExAlgorithm == KeyExAlgorithm.DHE_RSA; + } +} From e81d3fa8c374f6cba7b8317f1b4e990554effecc Mon Sep 17 00:00:00 2001 From: Jan Lahoda Date: Thu, 27 Jun 2019 10:39:27 +0200 Subject: [PATCH 2/7] 8226510: No compilation error when switch expression has no result expressions Ensure a compile-time error is produced when there are no result expressions in an switch expression. Reviewed-by: vromero --- .../com/sun/tools/javac/comp/Attr.java | 3 ++ .../tools/javac/resources/compiler.properties | 3 ++ .../BreakOutsideSwitchExpression.java | 3 +- .../ContinueOutsideSwitchExpression.java | 3 +- .../ReturnOutsideSwitchExpression.java | 3 +- .../diags/examples/RuleCompletesNormally.java | 3 +- .../SwitchExpressionCompletesNormally.java | 1 + .../SwitchExpressionNoResultExpressions.java | 35 +++++++++++++++++++ .../tools/javac/switchexpr/EmptySwitch.java | 20 +++++++++-- .../tools/javac/switchexpr/EmptySwitch.out | 6 +++- .../switchexpr/ExpressionSwitchBreaks2.java | 2 ++ .../switchexpr/ExpressionSwitchBreaks2.out | 6 ++-- .../switchexpr/ExpressionSwitchFlow.java | 5 +++ .../javac/switchexpr/ExpressionSwitchFlow.out | 12 +++---- .../tools/javac/switchexpr/WrongBreakTest.out | 3 +- 15 files changed, 90 insertions(+), 18 deletions(-) create mode 100644 test/langtools/tools/javac/diags/examples/SwitchExpressionNoResultExpressions.java diff --git a/src/jdk.compiler/share/classes/com/sun/tools/javac/comp/Attr.java b/src/jdk.compiler/share/classes/com/sun/tools/javac/comp/Attr.java index edc31e65090..3d2886c8f5a 100644 --- a/src/jdk.compiler/share/classes/com/sun/tools/javac/comp/Attr.java +++ b/src/jdk.compiler/share/classes/com/sun/tools/javac/comp/Attr.java @@ -1447,6 +1447,9 @@ public class Attr extends JCTree.Visitor { if (tree.cases.isEmpty()) { log.error(tree.pos(), Errors.SwitchExpressionEmpty); + } else if (caseTypes.isEmpty()) { + log.error(tree.pos(), + Errors.SwitchExpressionNoResultExpressions); } Type owntype = (tree.polyKind == PolyKind.STANDALONE) ? condType(caseTypePositions.toList(), caseTypes.toList()) : pt(); diff --git a/src/jdk.compiler/share/classes/com/sun/tools/javac/resources/compiler.properties b/src/jdk.compiler/share/classes/com/sun/tools/javac/resources/compiler.properties index 162f5c4e1ad..bb0f4b62708 100644 --- a/src/jdk.compiler/share/classes/com/sun/tools/javac/resources/compiler.properties +++ b/src/jdk.compiler/share/classes/com/sun/tools/javac/resources/compiler.properties @@ -223,6 +223,9 @@ compiler.warn.invalid.yield=\ compiler.err.switch.expression.empty=\ switch expression does not have any case clauses +compiler.err.switch.expression.no.result.expressions=\ + switch expression does not have any result expressions + # 0: name compiler.err.call.must.be.first.stmt.in.ctor=\ call to {0} must be first statement in constructor diff --git a/test/langtools/tools/javac/diags/examples/BreakOutsideSwitchExpression.java b/test/langtools/tools/javac/diags/examples/BreakOutsideSwitchExpression.java index aa7d7d2fcd4..0c3895b6efa 100644 --- a/test/langtools/tools/javac/diags/examples/BreakOutsideSwitchExpression.java +++ b/test/langtools/tools/javac/diags/examples/BreakOutsideSwitchExpression.java @@ -30,7 +30,8 @@ class BreakOutsideSwitchExpression { int t(int i) { OUT: while (true) { return switch (i) { - default: break OUT; + case 0: break OUT; + default: yield 0; }; } return -1; diff --git a/test/langtools/tools/javac/diags/examples/ContinueOutsideSwitchExpression.java b/test/langtools/tools/javac/diags/examples/ContinueOutsideSwitchExpression.java index c7ae16d6a89..e316892fc2c 100644 --- a/test/langtools/tools/javac/diags/examples/ContinueOutsideSwitchExpression.java +++ b/test/langtools/tools/javac/diags/examples/ContinueOutsideSwitchExpression.java @@ -30,7 +30,8 @@ class ContinueOutsideSwitchExpression { int t(int i) { OUT: while (true) { return switch (i) { - default: continue OUT; + case 0: continue OUT; + default: yield 0; }; } } diff --git a/test/langtools/tools/javac/diags/examples/ReturnOutsideSwitchExpression.java b/test/langtools/tools/javac/diags/examples/ReturnOutsideSwitchExpression.java index 4db3dcdfa5a..fb0dba6e5dc 100644 --- a/test/langtools/tools/javac/diags/examples/ReturnOutsideSwitchExpression.java +++ b/test/langtools/tools/javac/diags/examples/ReturnOutsideSwitchExpression.java @@ -29,7 +29,8 @@ class ReturnOutsideSwitchExpression { int t(int i) { return switch (i) { - default: return -1; + case 0: return -1; + default: yield 0; }; } } diff --git a/test/langtools/tools/javac/diags/examples/RuleCompletesNormally.java b/test/langtools/tools/javac/diags/examples/RuleCompletesNormally.java index 69fe3325061..d740d98eb71 100644 --- a/test/langtools/tools/javac/diags/examples/RuleCompletesNormally.java +++ b/test/langtools/tools/javac/diags/examples/RuleCompletesNormally.java @@ -29,7 +29,8 @@ class RuleCompletesNormally { public String convert(int i) { return switch (i) { - default -> {} + case 0 -> {} + default -> ""; }; } } diff --git a/test/langtools/tools/javac/diags/examples/SwitchExpressionCompletesNormally.java b/test/langtools/tools/javac/diags/examples/SwitchExpressionCompletesNormally.java index 49daf1f1011..311aed3b282 100644 --- a/test/langtools/tools/javac/diags/examples/SwitchExpressionCompletesNormally.java +++ b/test/langtools/tools/javac/diags/examples/SwitchExpressionCompletesNormally.java @@ -29,6 +29,7 @@ class SwitchExpressionCompletesNormally { public String convert(int i) { return switch (i) { + case 0: yield ""; default: }; } diff --git a/test/langtools/tools/javac/diags/examples/SwitchExpressionNoResultExpressions.java b/test/langtools/tools/javac/diags/examples/SwitchExpressionNoResultExpressions.java new file mode 100644 index 00000000000..3533b93ccba --- /dev/null +++ b/test/langtools/tools/javac/diags/examples/SwitchExpressionNoResultExpressions.java @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// key: compiler.err.switch.expression.no.result.expressions +// key: compiler.note.preview.filename +// key: compiler.note.preview.recompile +// options: --enable-preview -source ${jdk.version} + +class SwitchExpressionCompletesNormally { + public String convert(int i) { + return switch (i) { + default -> throw new AssertionError(); + }; + } +} diff --git a/test/langtools/tools/javac/switchexpr/EmptySwitch.java b/test/langtools/tools/javac/switchexpr/EmptySwitch.java index 553d9031024..73bd52aa4dc 100644 --- a/test/langtools/tools/javac/switchexpr/EmptySwitch.java +++ b/test/langtools/tools/javac/switchexpr/EmptySwitch.java @@ -23,15 +23,29 @@ /* * @test - * @bug 8206986 - * @summary Verify than an empty switch expression is rejected. - * @compile/fail/ref=EmptySwitch.out --enable-preview -source ${jdk.version} -XDrawDiagnostics EmptySwitch.java + * @bug 8206986 8226510 + * @summary Verify than a switch that does not yield a value is rejected. + * @compile/fail/ref=EmptySwitch.out --enable-preview -source ${jdk.version} -XDrawDiagnostics -XDshould-stop.at=FLOW EmptySwitch.java */ public class EmptySwitch { private void print(EmptySwitchEnum t) { (switch (t) { }).toString(); + (switch (t) { + default -> throw new IllegalStateException(); + }).toString(); + (switch (t) { + default: throw new IllegalStateException(); + }).toString(); + (switch (0) { + case 0: yield ""; + default: + }).toString(); + (switch (0) { + case 0 -> { yield ""; } + default -> { } + }).toString(); } enum EmptySwitchEnum { diff --git a/test/langtools/tools/javac/switchexpr/EmptySwitch.out b/test/langtools/tools/javac/switchexpr/EmptySwitch.out index c4333a87678..87489dcd491 100644 --- a/test/langtools/tools/javac/switchexpr/EmptySwitch.out +++ b/test/langtools/tools/javac/switchexpr/EmptySwitch.out @@ -1,4 +1,8 @@ EmptySwitch.java:33:10: compiler.err.switch.expression.empty +EmptySwitch.java:35:10: compiler.err.switch.expression.no.result.expressions +EmptySwitch.java:38:10: compiler.err.switch.expression.no.result.expressions +EmptySwitch.java:44:9: compiler.err.switch.expression.completes.normally +EmptySwitch.java:47:26: compiler.err.rule.completes.normally - compiler.note.preview.filename: EmptySwitch.java - compiler.note.preview.recompile -1 error +5 errors diff --git a/test/langtools/tools/javac/switchexpr/ExpressionSwitchBreaks2.java b/test/langtools/tools/javac/switchexpr/ExpressionSwitchBreaks2.java index 7237142b87f..124ebfc98d5 100644 --- a/test/langtools/tools/javac/switchexpr/ExpressionSwitchBreaks2.java +++ b/test/langtools/tools/javac/switchexpr/ExpressionSwitchBreaks2.java @@ -41,9 +41,11 @@ public class ExpressionSwitchBreaks2 { } } j: print(switch (i) { + case 0: yield 0; default: break j; }, 0); j2: print(switch (i) { + case 0: yield 0; default: break j2; }, 0); return null; diff --git a/test/langtools/tools/javac/switchexpr/ExpressionSwitchBreaks2.out b/test/langtools/tools/javac/switchexpr/ExpressionSwitchBreaks2.out index 9930cc232b3..d49a35ee69f 100644 --- a/test/langtools/tools/javac/switchexpr/ExpressionSwitchBreaks2.out +++ b/test/langtools/tools/javac/switchexpr/ExpressionSwitchBreaks2.out @@ -5,8 +5,8 @@ ExpressionSwitchBreaks2.java:29:29: compiler.err.continue.outside.switch.express ExpressionSwitchBreaks2.java:30:29: compiler.err.undef.label: UNKNOWN ExpressionSwitchBreaks2.java:40:17: compiler.err.no.switch.expression ExpressionSwitchBreaks2.java:40:29: compiler.err.cant.resolve.location: kindname.variable, undef, , , (compiler.misc.location: kindname.class, ExpressionSwitchBreaks2, null) -ExpressionSwitchBreaks2.java:44:22: compiler.err.break.outside.switch.expression -ExpressionSwitchBreaks2.java:47:22: compiler.err.break.outside.switch.expression +ExpressionSwitchBreaks2.java:45:22: compiler.err.break.outside.switch.expression +ExpressionSwitchBreaks2.java:49:22: compiler.err.break.outside.switch.expression - compiler.note.preview.filename: ExpressionSwitchBreaks2.java - compiler.note.preview.recompile -9 errors +9 errors \ No newline at end of file diff --git a/test/langtools/tools/javac/switchexpr/ExpressionSwitchFlow.java b/test/langtools/tools/javac/switchexpr/ExpressionSwitchFlow.java index da91aba7f8c..64f2a54ff91 100644 --- a/test/langtools/tools/javac/switchexpr/ExpressionSwitchFlow.java +++ b/test/langtools/tools/javac/switchexpr/ExpressionSwitchFlow.java @@ -22,6 +22,7 @@ public class ExpressionSwitchFlow { private String test3(int i) { return switch (i) { case 0 -> {} + case 1 -> ""; default -> throw new IllegalStateException(); }; } @@ -40,17 +41,20 @@ public class ExpressionSwitchFlow { private String test6(int i) { return switch (i) { case 0 -> throw new IllegalStateException(); + case 1 -> ""; default -> {} }; } private String test7(int i) { return switch (i) { case 0: throw new IllegalStateException(); + case 1: yield ""; default: }; } private String test8(int i) { return switch (i) { + case 1: yield ""; case 0: i++; default: { } @@ -58,6 +62,7 @@ public class ExpressionSwitchFlow { } private String test9(int i) { return switch (i) { + case 1: yield ""; case 0: default: System.err.println(); diff --git a/test/langtools/tools/javac/switchexpr/ExpressionSwitchFlow.out b/test/langtools/tools/javac/switchexpr/ExpressionSwitchFlow.out index 722192c56cd..a8d5b6dea86 100644 --- a/test/langtools/tools/javac/switchexpr/ExpressionSwitchFlow.out +++ b/test/langtools/tools/javac/switchexpr/ExpressionSwitchFlow.out @@ -1,12 +1,12 @@ ExpressionSwitchFlow.java:11:24: compiler.err.rule.completes.normally ExpressionSwitchFlow.java:18:13: compiler.err.rule.completes.normally ExpressionSwitchFlow.java:24:24: compiler.err.rule.completes.normally -ExpressionSwitchFlow.java:31:25: compiler.err.rule.completes.normally -ExpressionSwitchFlow.java:37:25: compiler.err.rule.completes.normally -ExpressionSwitchFlow.java:43:25: compiler.err.rule.completes.normally -ExpressionSwitchFlow.java:50:9: compiler.err.switch.expression.completes.normally -ExpressionSwitchFlow.java:57:9: compiler.err.switch.expression.completes.normally -ExpressionSwitchFlow.java:64:9: compiler.err.switch.expression.completes.normally +ExpressionSwitchFlow.java:32:25: compiler.err.rule.completes.normally +ExpressionSwitchFlow.java:38:25: compiler.err.rule.completes.normally +ExpressionSwitchFlow.java:45:25: compiler.err.rule.completes.normally +ExpressionSwitchFlow.java:53:9: compiler.err.switch.expression.completes.normally +ExpressionSwitchFlow.java:61:9: compiler.err.switch.expression.completes.normally +ExpressionSwitchFlow.java:69:9: compiler.err.switch.expression.completes.normally - compiler.note.preview.filename: ExpressionSwitchFlow.java - compiler.note.preview.recompile 9 errors diff --git a/test/langtools/tools/javac/switchexpr/WrongBreakTest.out b/test/langtools/tools/javac/switchexpr/WrongBreakTest.out index 12d8d1d668b..2f520bca7b9 100644 --- a/test/langtools/tools/javac/switchexpr/WrongBreakTest.out +++ b/test/langtools/tools/javac/switchexpr/WrongBreakTest.out @@ -1,8 +1,9 @@ WrongBreakTest.java:36:41: compiler.err.illegal.start.of.expr WrongBreakTest.java:35:39: compiler.err.break.outside.switch.expression +WrongBreakTest.java:35:17: compiler.err.switch.expression.no.result.expressions WrongBreakTest.java:36:9: compiler.err.ref.ambiguous: test, kindname.method, test(int), WrongBreakTest, kindname.method, test(java.lang.Object), WrongBreakTest WrongBreakTest.java:38:13: compiler.err.no.switch.expression WrongBreakTest.java:41:13: compiler.err.no.switch.expression - compiler.note.preview.filename: WrongBreakTest.java - compiler.note.preview.recompile -5 errors +6 errors From bb9049d3c1213fa45878c78eb3933d79ed953f1a Mon Sep 17 00:00:00 2001 From: Naoto Sato Date: Fri, 28 Jun 2019 08:48:17 -0700 Subject: [PATCH 3/7] 8226876: Assertion in sun/util/locale/provider/CalendarDataUtility on Windows after JDK-8218960 Reviewed-by: clanger --- .../locale/provider/CalendarDataUtility.java | 6 +++ .../provider/CalendarDataRegression.java | 42 +++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 test/jdk/sun/util/locale/provider/CalendarDataRegression.java diff --git a/src/java.base/share/classes/sun/util/locale/provider/CalendarDataUtility.java b/src/java.base/share/classes/sun/util/locale/provider/CalendarDataUtility.java index 41b9ba3e9a7..72a05904ade 100644 --- a/src/java.base/share/classes/sun/util/locale/provider/CalendarDataUtility.java +++ b/src/java.base/share/classes/sun/util/locale/provider/CalendarDataUtility.java @@ -249,9 +249,15 @@ public class CalendarDataUtility { switch (requestID) { case FIRST_DAY_OF_WEEK: value = calendarDataProvider.getFirstDayOfWeek(locale); + if (value == 0) { + value = MONDAY; // default for the world ("001") + } break; case MINIMAL_DAYS_IN_FIRST_WEEK: value = calendarDataProvider.getMinimalDaysInFirstWeek(locale); + if (value == 0) { + value = 1; // default for the world ("001") + } break; default: throw new InternalError("invalid requestID: " + requestID); diff --git a/test/jdk/sun/util/locale/provider/CalendarDataRegression.java b/test/jdk/sun/util/locale/provider/CalendarDataRegression.java new file mode 100644 index 00000000000..64550807909 --- /dev/null +++ b/test/jdk/sun/util/locale/provider/CalendarDataRegression.java @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8226876 + * @summary Test CalendarDataUtility class not throwing AssertionError + * @run main/othervm -ea -esa -Djava.locale.providers=HOST CalendarDataRegression + */ + +import java.text.DateFormat; +import java.util.Locale; + +public class CalendarDataRegression { + public static void main(String[] args) { + // Host locale provider on Windows returns 0 for + // firstDayOfWeek/minimalDaysInFirstWeek, which should + // default to non-zero value. Otherwise AssertionError + // will be thrown. + DateFormat.getDateInstance(DateFormat.FULL, Locale.US); + } +} From 1e0c8e5b26d214f05314cf106439d725ff23a7ab Mon Sep 17 00:00:00 2001 From: Valerie Peng Date: Fri, 28 Jun 2019 19:36:32 +0000 Subject: [PATCH 4/7] 8226651: Setting the mgfHash in CK_RSA_PKCS_PSS_PARAMS has no effect Fixed to get the MGF digest algorithm from MGF1ParameterSpec Reviewed-by: xuelei --- .../sun/security/pkcs11/P11PSSSignature.java | 26 ++++++++-- .../wrapper/CK_RSA_PKCS_PSS_PARAMS.java | 2 +- .../Signature/KeyAndParamCheckForPSS.java | 21 +++++--- .../pkcs11/Signature/SigInteropPSS.java | 49 ++++++------------- .../pkcs11/Signature/SignatureTestPSS.java | 31 ++++++------ 5 files changed, 69 insertions(+), 60 deletions(-) diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java index c0f48715d80..cb9ab66e3d0 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java @@ -395,33 +395,49 @@ final class P11PSSSignature extends SignatureSpi { ("Unsupported digest algorithm in Signature parameters: " + digestAlgorithm); } + if (!(params.getMGFAlgorithm().equalsIgnoreCase("MGF1"))) { throw new InvalidAlgorithmParameterException("Only supports MGF1"); } + + // defaults to the digest algorithm unless overridden + String mgfDigestAlgo = digestAlgorithm; + AlgorithmParameterSpec mgfParams = params.getMGFParameters(); + if (mgfParams != null) { + if (!(mgfParams instanceof MGF1ParameterSpec)) { + throw new InvalidAlgorithmParameterException + ("Only MGF1ParameterSpec is supported"); + } + mgfDigestAlgo = ((MGF1ParameterSpec)mgfParams).getDigestAlgorithm(); + } + if (params.getTrailerField() != PSSParameterSpec.TRAILER_FIELD_BC) { throw new InvalidAlgorithmParameterException ("Only supports TrailerFieldBC(1)"); } + int saltLen = params.getSaltLength(); if (this.p11Key != null) { - int maxSaltLen = ((this.p11Key.length() + 7) >> 3) - digestLen.intValue() - 2; + int maxSaltLen = ((this.p11Key.length() + 7) >> 3) - + digestLen.intValue() - 2; if (DEBUG) { System.out.println("Max saltLen = " + maxSaltLen); System.out.println("Curr saltLen = " + saltLen); } if (maxSaltLen < 0 || saltLen > maxSaltLen) { - throw new InvalidAlgorithmParameterException("Invalid with current key size"); + throw new InvalidAlgorithmParameterException + ("Invalid with current key size"); } - } else { - if (DEBUG) System.out.println("No key available for validating saltLen"); + } else if (DEBUG) { + System.out.println("No key available for validating saltLen"); } // validated, now try to store the parameter internally try { this.mechanism.setParameter( new CK_RSA_PKCS_PSS_PARAMS(digestAlgorithm, "MGF1", - digestAlgorithm, saltLen)); + mgfDigestAlgo, saltLen)); this.sigParams = params; } catch (IllegalArgumentException iae) { throw new InvalidAlgorithmParameterException(iae); diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java index 7309f0d2e72..e077943bbc2 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java @@ -57,7 +57,7 @@ public class CK_RSA_PKCS_PSS_PARAMS { throw new ProviderException("Only MGF1 is supported"); } // no dash in PKCS#11 mechanism names - this.mgf = Functions.getMGFId("CKG_MGF1_" + hashAlg.replaceFirst("-", "")); + this.mgf = Functions.getMGFId("CKG_MGF1_" + mgfHash.replaceFirst("-", "")); this.sLen = sLen; } diff --git a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java index a401521c8c9..2e4fedbf1d5 100644 --- a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java @@ -26,7 +26,7 @@ import java.security.spec.*; /** * @test - * @bug 8080462 + * @bug 8080462 8226651 * @summary Ensure that PSS key and params check are implemented properly * regardless of call sequence * @library /test/lib .. @@ -57,12 +57,19 @@ public class KeyAndParamCheckForPSS extends PKCS11Test { } // NOTE: key length >= (digest length + 2) in bytes // otherwise, even salt length = 0 would not work - runTest(p, 1024, "SHA-384"); - runTest(p, 1040, "SHA-512"); + runTest(p, 1024, "SHA-256", "SHA-256"); + runTest(p, 1024, "SHA-256", "SHA-384"); + runTest(p, 1024, "SHA-256", "SHA-512"); + runTest(p, 1024, "SHA-384", "SHA-256"); + runTest(p, 1024, "SHA-384", "SHA-384"); + runTest(p, 1024, "SHA-384", "SHA-512"); + runTest(p, 1040, "SHA-512", "SHA-256"); + runTest(p, 1040, "SHA-512", "SHA-384"); + runTest(p, 1040, "SHA-512", "SHA-512"); } - private void runTest(Provider p, int keySize, String hashAlg) - throws Exception { + private void runTest(Provider p, int keySize, String hashAlg, + String mgfHashAlg) throws Exception { System.out.println("Testing [" + keySize + " " + hashAlg + "]"); // create a key pair with the supplied size @@ -72,9 +79,9 @@ public class KeyAndParamCheckForPSS extends PKCS11Test { int bigSaltLen = keySize/8 - 14; AlgorithmParameterSpec paramsBad = new PSSParameterSpec(hashAlg, - "MGF1", new MGF1ParameterSpec(hashAlg), bigSaltLen, 1); + "MGF1", new MGF1ParameterSpec(mgfHashAlg), bigSaltLen, 1); AlgorithmParameterSpec paramsGood = new PSSParameterSpec(hashAlg, - "MGF1", new MGF1ParameterSpec(hashAlg), 0, 1); + "MGF1", new MGF1ParameterSpec(mgfHashAlg), 0, 1); PrivateKey priv = kp.getPrivate(); PublicKey pub = kp.getPublic(); diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java index 0cc1eb55b36..3c3edb5aa6a 100644 --- a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java @@ -27,7 +27,7 @@ import java.security.interfaces.*; /* * @test - * @bug 8080462 + * @bug 8080462 8226651 * @summary testing interoperability of PSS signatures of PKCS11 provider * against SunRsaSign provider * @library /test/lib .. @@ -64,42 +64,31 @@ public class SigInteropPSS extends PKCS11Test { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p); kpg.initialize(3072); KeyPair kp = kpg.generateKeyPair(); - boolean status; - try { - status = runTest(sigSunRsaSign, sigPkcs11, kp); - status &= runTest(sigPkcs11, sigSunRsaSign, kp); - } catch (Exception e) { - System.out.println("Unexpected exception: " + e); - e.printStackTrace(System.out); - status = false; - } - if (!status) { - throw new RuntimeException("One or more test failed"); - } + runTest(sigSunRsaSign, sigPkcs11, kp); + runTest(sigPkcs11, sigSunRsaSign, kp); + System.out.println("Test passed"); } - static boolean runTest(Signature signer, Signature verifier, KeyPair kp) throws Exception { + static void runTest(Signature signer, Signature verifier, KeyPair kp) + throws Exception { System.out.println("\tSign using " + signer.getProvider().getName()); System.out.println("\tVerify using " + verifier.getProvider().getName()); - boolean status; - for (String digestAlg : DIGESTS) { - System.out.println("\tDigest = " + digestAlg); - PSSParameterSpec params = new PSSParameterSpec(digestAlg, "MGF1", - new MGF1ParameterSpec(digestAlg), 0, 1); - try { + for (String hash : DIGESTS) { + for (String mgfHash : DIGESTS) { + System.out.println("\tDigest = " + hash); + System.out.println("\tMGF = MGF1_" + mgfHash); + + PSSParameterSpec params = new PSSParameterSpec(hash, "MGF1", + new MGF1ParameterSpec(mgfHash), 0, 1); + signer.setParameter(params); signer.initSign(kp.getPrivate()); verifier.setParameter(params); verifier.initVerify(kp.getPublic()); - } catch (Exception e) { - System.out.println("\tERROR: unexpected ex during init" + e); - status = false; - continue; - } - try { + signer.update(MSG); byte[] sigBytes = signer.sign(); verifier.update(MSG); @@ -107,15 +96,9 @@ public class SigInteropPSS extends PKCS11Test { if (isValid) { System.out.println("\tPSS Signature verified"); } else { - System.out.println("\tERROR verifying PSS Signature"); - status = false; + throw new RuntimeException("ERROR verifying PSS Signature"); } - } catch (Exception e) { - System.out.println("\tERROR: unexpected ex" + e); - e.printStackTrace(); - status = false; } } - return true; } } diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java index 1cf142bf19e..3a6dbe345e9 100644 --- a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java @@ -27,7 +27,7 @@ import java.util.stream.IntStream; /** * @test - * @bug 8080462 + * @bug 8080462 8226651 * @summary Generate a RSASSA-PSS signature and verify it using PKCS11 provider * @library /test/lib .. * @modules jdk.crypto.cryptoki @@ -86,17 +86,19 @@ public class SignatureTestPSS extends PKCS11Test { test(DIGESTS, kpair.getPrivate(), kpair.getPublic(), data); } - private void test(String[] testAlgs, PrivateKey privKey, + private void test(String[] digestAlgs, PrivateKey privKey, PublicKey pubKey, byte[] data) throws RuntimeException { // For signature algorithm, create and verify a signature - for (String testAlg : testAlgs) { - try { - checkSignature(data, pubKey, privKey, testAlg); - } catch (NoSuchAlgorithmException | InvalidKeyException | - SignatureException | NoSuchProviderException ex) { - throw new RuntimeException(ex); - } catch (InvalidAlgorithmParameterException ex2) { - System.out.println("Skip test due to " + ex2); + for (String hash : digestAlgs) { + for (String mgfHash : digestAlgs) { + try { + checkSignature(data, pubKey, privKey, hash, mgfHash); + } catch (NoSuchAlgorithmException | InvalidKeyException | + SignatureException | NoSuchProviderException ex) { + throw new RuntimeException(ex); + } catch (InvalidAlgorithmParameterException ex2) { + System.out.println("Skip test due to " + ex2); + } } }; } @@ -109,13 +111,14 @@ public class SignatureTestPSS extends PKCS11Test { } private void checkSignature(byte[] data, PublicKey pub, - PrivateKey priv, String mdAlg) throws NoSuchAlgorithmException, - InvalidKeyException, SignatureException, NoSuchProviderException, + PrivateKey priv, String hash, String mgfHash) + throws NoSuchAlgorithmException, InvalidKeyException, + SignatureException, NoSuchProviderException, InvalidAlgorithmParameterException { - System.out.println("Testing against " + mdAlg); + System.out.println("Testing against " + hash + " and MGF1_" + mgfHash); Signature sig = Signature.getInstance(SIGALG, prov); AlgorithmParameterSpec params = new PSSParameterSpec( - mdAlg, "MGF1", new MGF1ParameterSpec(mdAlg), 0, 1); + hash, "MGF1", new MGF1ParameterSpec(mgfHash), 0, 1); sig.setParameter(params); sig.initSign(priv); for (int i = 0; i < UPDATE_TIMES_HUNDRED; i++) { From a8fc8c4c2174f546382e99d226cfe78c808120b1 Mon Sep 17 00:00:00 2001 From: Christoph Langer Date: Fri, 28 Jun 2019 20:46:25 +0100 Subject: [PATCH 5/7] 8226869: Test java/util/Locale/LocaleProvidersRun.java should enable assertions Reviewed-by: naoto --- test/jdk/java/util/Locale/LocaleProvidersRun.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/jdk/java/util/Locale/LocaleProvidersRun.java b/test/jdk/java/util/Locale/LocaleProvidersRun.java index 6770cf281ad..4f3d3d0f53f 100644 --- a/test/jdk/java/util/Locale/LocaleProvidersRun.java +++ b/test/jdk/java/util/Locale/LocaleProvidersRun.java @@ -159,7 +159,9 @@ public class LocaleProvidersRun { private static void testRun(String prefList, String methodName, String param1, String param2, String param3) throws Throwable{ JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("java"); - launcher.addToolArg("-cp") + launcher.addToolArg("-ea") + .addToolArg("-esa") + .addToolArg("-cp") .addToolArg(Utils.TEST_CLASS_PATH) .addToolArg("-Djava.locale.providers=" + prefList) .addToolArg("--add-exports=java.base/sun.util.locale.provider=ALL-UNNAMED") From 9d6c7764b6a64264be3f3aa6df1e35b96e9a1634 Mon Sep 17 00:00:00 2001 From: Doug Simon Date: Fri, 28 Jun 2019 16:50:14 -0400 Subject: [PATCH 6/7] 8226533: JVMCI: findUniqueConcreteMethod should handle statically bindable methods directly Reviewed-by: kvn, dlong --- .../src/jdk/vm/ci/hotspot/HotSpotResolvedObjectTypeImpl.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/jdk.internal.vm.ci/share/classes/jdk.vm.ci.hotspot/src/jdk/vm/ci/hotspot/HotSpotResolvedObjectTypeImpl.java b/src/jdk.internal.vm.ci/share/classes/jdk.vm.ci.hotspot/src/jdk/vm/ci/hotspot/HotSpotResolvedObjectTypeImpl.java index c17aaf493f7..2df615038f3 100644 --- a/src/jdk.internal.vm.ci/share/classes/jdk.vm.ci.hotspot/src/jdk/vm/ci/hotspot/HotSpotResolvedObjectTypeImpl.java +++ b/src/jdk.internal.vm.ci/share/classes/jdk.vm.ci.hotspot/src/jdk/vm/ci/hotspot/HotSpotResolvedObjectTypeImpl.java @@ -579,6 +579,10 @@ final class HotSpotResolvedObjectTypeImpl extends HotSpotResolvedJavaType implem // The type isn't known to implement the method. return null; } + if (resolvedMethod.canBeStaticallyBound()) { + // No assumptions are required. + return new AssumptionResult<>(resolvedMethod); + } ResolvedJavaMethod result = resolvedMethod.uniqueConcreteMethod(this); if (result != null) { From ff1f2fad6e332590197b52453ac305fc366d92ee Mon Sep 17 00:00:00 2001 From: Serguei Spitsyn Date: Fri, 28 Jun 2019 16:06:44 -0700 Subject: [PATCH 7/7] 8226917: jvmti/scenarios/contention/TC04/tc04t001/TestDescription.java fails on jvmti->InterruptThread (JVMTI_ERROR_THREAD_NOT_ALIVE) Fix one more sync issue in the test Reviewed-by: dcubed, gadams, amenkov --- .../scenarios/contention/TC04/tc04t001/tc04t001.cpp | 9 --------- 1 file changed, 9 deletions(-) diff --git a/test/hotspot/jtreg/vmTestbase/nsk/jvmti/scenarios/contention/TC04/tc04t001/tc04t001.cpp b/test/hotspot/jtreg/vmTestbase/nsk/jvmti/scenarios/contention/TC04/tc04t001/tc04t001.cpp index 718434ae275..6000051f1ad 100644 --- a/test/hotspot/jtreg/vmTestbase/nsk/jvmti/scenarios/contention/TC04/tc04t001/tc04t001.cpp +++ b/test/hotspot/jtreg/vmTestbase/nsk/jvmti/scenarios/contention/TC04/tc04t001/tc04t001.cpp @@ -119,19 +119,10 @@ MonitorContendedEnter(jvmtiEnv *jvmti, JNIEnv* jni, jthread thr, jobject obj) { /* check if event is for tested object */ if (jni->IsSameObject(object_M, obj)) { - jvmtiMonitorUsage usageInfo; - if (lockSyncLock(jvmti)) { enterEventsCount++; unlockSyncLock(jvmti); } - - if (!NSK_JVMTI_VERIFY(jvmti->GetObjectMonitorUsage(obj, &usageInfo))) { - nsk_jvmti_setFailStatus(); - } else if (usageInfo.owner != NULL) { - if (!NSK_JVMTI_VERIFY(jvmti->InterruptThread(usageInfo.owner))) - nsk_jvmti_setFailStatus(); - } } }