diff --git a/test/jdk/javax/net/ssl/ALPN/MyX509ExtendedKeyManager.java b/test/jdk/javax/net/ssl/ALPN/MyX509ExtendedKeyManager.java deleted file mode 100644 index ecd7dcfc4eb..00000000000 --- a/test/jdk/javax/net/ssl/ALPN/MyX509ExtendedKeyManager.java +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -import java.net.Socket; -import java.security.Principal; -import java.security.PrivateKey; -import java.security.cert.X509Certificate; -import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.X509ExtendedKeyManager; - -public class MyX509ExtendedKeyManager extends X509ExtendedKeyManager { - - static final String ERROR = "ERROR"; - X509ExtendedKeyManager akm; - String expectedAP; - boolean doCheck = true; - - MyX509ExtendedKeyManager(X509ExtendedKeyManager akm) { - this.akm = akm; - } - - public MyX509ExtendedKeyManager( - X509ExtendedKeyManager akm, String expectedAP, boolean doCheck) { - this.akm = akm; - this.expectedAP = expectedAP; - this.doCheck = doCheck; - - } - - @Override - public String[] getClientAliases(String keyType, Principal[] issuers) { - return akm.getClientAliases(keyType, issuers); - } - - @Override - public String chooseClientAlias(String[] keyType, Principal[] issuers, - Socket socket) { - String nap = ((SSLSocket) socket).getHandshakeApplicationProtocol(); - checkALPN(nap); - - return akm.chooseClientAlias(keyType, issuers, socket); - } - - @Override - public String[] getServerAliases(String keyType, Principal[] issuers) { - return akm.getServerAliases(keyType, issuers); - } - - @Override - public String chooseServerAlias(String keyType, Principal[] issuers, - Socket socket) { - String nap = ((SSLSocket) socket).getHandshakeApplicationProtocol(); - checkALPN(nap); - - return akm.chooseServerAlias(keyType, issuers, socket); - } - - @Override - public X509Certificate[] getCertificateChain(String alias) { - return akm.getCertificateChain(alias); - } - - @Override - public PrivateKey getPrivateKey(String alias) { - return akm.getPrivateKey(alias); - } - - @Override - public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, - SSLEngine engine) { - String nap = engine.getHandshakeApplicationProtocol(); - checkALPN(nap); - - return akm.chooseEngineClientAlias(keyType, issuers, engine); - } - - @Override - public String chooseEngineServerAlias(String keyType, Principal[] issuers, - SSLEngine engine) { - String nap = engine.getHandshakeApplicationProtocol(); - checkALPN(nap); - - return akm.chooseEngineServerAlias(keyType, issuers, engine); - } - - private void checkALPN(String ap) { - - if (!doCheck) { - System.out.println("Skipping KeyManager checks " + - "because a callback has been registered"); - return; - } - - if (ERROR.equals(expectedAP)) { - throw new RuntimeException("Should not reach here"); - } - - System.out.println("Expected ALPN value: " + expectedAP - + " Got: " + ap); - - if (ap == null) { - throw new RuntimeException( - "ALPN should be negotiated, but null was received"); - } - if (expectedAP.equals("NONE")) { - if (!ap.isEmpty()) { - throw new RuntimeException("Expected no ALPN value"); - } else { - System.out.println("No ALPN value negotiated, as expected"); - } - } else if (!expectedAP.equals(ap)) { - throw new RuntimeException(expectedAP - + " ALPN value not available on negotiated connection"); - } - - } -} diff --git a/test/jdk/javax/net/ssl/ALPN/SSLEngineAlpnTest.java b/test/jdk/javax/net/ssl/ALPN/SSLEngineAlpnTest.java index adeb1a7dfc4..ca4af2740a0 100644 --- a/test/jdk/javax/net/ssl/ALPN/SSLEngineAlpnTest.java +++ b/test/jdk/javax/net/ssl/ALPN/SSLEngineAlpnTest.java @@ -28,7 +28,6 @@ * @test * @bug 8051498 8145849 8170282 * @summary JEP 244: TLS Application-Layer Protocol Negotiation Extension - * @compile MyX509ExtendedKeyManager.java * * @run main/othervm SSLEngineAlpnTest h2 UNUSED h2 h2 * @run main/othervm SSLEngineAlpnTest h2 UNUSED h2,http/1.1 h2 @@ -237,10 +236,6 @@ public class SSLEngineAlpnTest { throw new Exception("kms[0] not X509ExtendedKeyManager"); } - kms = new KeyManager[] { new MyX509ExtendedKeyManager( - (X509ExtendedKeyManager) kms[0], expectedAP, - !hasCallback && hasServerAPs) }; - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ts); diff --git a/test/jdk/javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java b/test/jdk/javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java index 2752649dc74..2d563284ca8 100644 --- a/test/jdk/javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java +++ b/test/jdk/javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,7 @@ * @test * @bug 8051498 8145849 8158978 8170282 * @summary JEP 244: TLS Application-Layer Protocol Negotiation Extension - * @compile MyX509ExtendedKeyManager.java + * @library /javax/net/ssl/templates * * @run main/othervm SSLServerSocketAlpnTest h2 UNUSED h2 h2 * @run main/othervm SSLServerSocketAlpnTest h2 UNUSED h2,http/1.1 h2 @@ -79,56 +79,18 @@ * This example is based on our standard SSLSocketTemplate. */ import java.io.*; -import java.security.KeyStore; import java.util.Arrays; import javax.net.ssl.*; -public class SSLServerSocketAlpnTest { +public class SSLServerSocketAlpnTest extends SSLSocketTemplate { - /* - * ============================================================= - * Set the various variables needed for the tests, then - * specify what tests to run on each side. - */ - - /* - * Should we run the client or server in a separate thread? - * Both sides can throw exceptions, but do you have a preference - * as to which side should be the main thread. - */ - static boolean separateServerThread = false; - - /* - * Where do we find the keystores? - */ - static String pathToStores = "../etc"; - static String keyStoreFile = "keystore"; - static String trustStoreFile = "truststore"; - static String passwd = "passphrase"; - - static String keyFilename = System.getProperty("test.src", ".") + "/" - + pathToStores + "/" + keyStoreFile; - static String trustFilename = System.getProperty("test.src", ".") + "/" - + pathToStores + "/" + trustStoreFile; - - private static boolean hasServerAPs; // whether server APs are present private static boolean hasCallback; // whether a callback is present - /* - * SSLContext - */ - SSLContext mySSLContext = null; - - /* - * Is the server ready to serve? - */ - volatile static boolean serverReady = false; - /* * Turn on SSL debugging? */ - static boolean debug = false; + static boolean debug = Boolean.getBoolean("test.debug"); static String[] serverAPs; static String callbackAP; @@ -144,16 +106,8 @@ public class SSLServerSocketAlpnTest { * smart about it.... */ - /* - * Define the server side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. - */ - void doServerSide() throws Exception { - SSLServerSocketFactory sslssf = mySSLContext.getServerSocketFactory(); - SSLServerSocket sslServerSocket - = (SSLServerSocket) sslssf.createServerSocket(serverPort); + @Override + protected void configureServerSocket(SSLServerSocket sslServerSocket) { sslServerSocket.setNeedClientAuth(true); SSLParameters sslp = sslServerSocket.getSSLParameters(); @@ -178,13 +132,16 @@ public class SSLServerSocketAlpnTest { sslServerSocket.setSSLParameters(sslp); serverPort = sslServerSocket.getLocalPort(); + } - /* - * Signal Client, we're ready for his connect. - */ - serverReady = true; - - SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); + /* + * Define the server side of the test. + * + * If the server prematurely exits, serverReady will be set to true + * to avoid infinite hangs. + */ + @Override + protected void runServerApplication(SSLSocket sslSocket) throws Exception { if (sslSocket.getHandshakeApplicationProtocol() != null) { throw new Exception ("getHandshakeApplicationProtocol() should " @@ -245,26 +202,9 @@ public class SSLServerSocketAlpnTest { sslSocket.close(); } - /* - * Define the client side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. - */ - void doClientSide() throws Exception { - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - SSLSocketFactory sslsf = mySSLContext.getSocketFactory(); - SSLSocket sslSocket - = (SSLSocket) sslsf.createSocket("localhost", serverPort); - - SSLParameters sslp = sslSocket.getSSLParameters(); + @Override + protected void configureClientSocket(SSLSocket socket) { + SSLParameters sslp = socket.getSSLParameters(); /* * The default ciphersuite ordering from the SSLContext may not @@ -278,7 +218,17 @@ public class SSLServerSocketAlpnTest { // Set the ALPN selection. sslp.setApplicationProtocols(clientAPs); - sslSocket.setSSLParameters(sslp); + socket.setSSLParameters(sslp); + } + + /* + * Define the client side of the test. + * + * If the server prematurely exits, serverReady will be set to true + * to avoid infinite hangs. + */ + @Override + protected void runClientApplication(SSLSocket sslSocket) throws Exception { if (sslSocket.getHandshakeApplicationProtocol() != null) { throw new Exception ("getHandshakeApplicationProtocol() should " @@ -332,9 +282,6 @@ public class SSLServerSocketAlpnTest { // use any free port by default volatile int serverPort = 0; - volatile Exception serverException = null; - volatile Exception clientException = null; - public static void main(String[] args) throws Exception { if (debug) { @@ -351,14 +298,13 @@ public class SSLServerSocketAlpnTest { clientAPs = convert(args[2]); expectedAP = args[3]; - hasServerAPs = !args[0].equals("UNUSED"); // are server APs being used? hasCallback = !callbackAP.equals("UNUSED"); // is callback being used? /* * Start the tests. */ try { - new SSLServerSocketAlpnTest(); + new SSLServerSocketAlpnTest().run(); } catch (SSLHandshakeException she) { if (args[3].equals("ERROR")) { System.out.println("Caught the expected exception: " + she); @@ -370,40 +316,6 @@ public class SSLServerSocketAlpnTest { System.out.println("Test Passed."); } - SSLContext getSSLContext(String keyFilename, String trustFilename) - throws Exception { - SSLContext ctx = SSLContext.getInstance("TLS"); - - // Keystores - KeyStore keyKS = KeyStore.getInstance("JKS"); - keyKS.load(new FileInputStream(keyFilename), passwd.toCharArray()); - - KeyStore trustKS = KeyStore.getInstance("JKS"); - trustKS.load(new FileInputStream(trustFilename), passwd.toCharArray()); - - // Generate KeyManager and TrustManager - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(keyKS, passwd.toCharArray()); - - KeyManager[] kms = kmf.getKeyManagers(); - if (!(kms[0] instanceof X509ExtendedKeyManager)) { - throw new Exception("kms[0] not X509ExtendedKeyManager"); - } - - kms = new KeyManager[] { new MyX509ExtendedKeyManager( - (X509ExtendedKeyManager) kms[0], expectedAP, - !hasCallback && hasServerAPs) }; - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(trustKS); - TrustManager[] tms = tmf.getTrustManagers(); - - // initial SSLContext - ctx.init(kms, tms, null); - - return ctx; - } - /* * Convert a comma-separated list into an array of strings. */ @@ -425,143 +337,4 @@ public class SSLServerSocketAlpnTest { return strings; } - - Thread clientThread = null; - Thread serverThread = null; - - /* - * Primary constructor, used to drive remainder of the test. - * - * Fork off the other side, then do your work. - */ - SSLServerSocketAlpnTest() throws Exception { - Exception startException = null; - mySSLContext = getSSLContext(keyFilename, trustFilename); - try { - if (separateServerThread) { - startServer(true); - startClient(false); - } else { - startClient(true); - startServer(false); - } - } catch (Exception e) { - startException = e; - } - - /* - * Wait for other side to close down. - */ - if (separateServerThread) { - if (serverThread != null) { - serverThread.join(); - } - } else { - if (clientThread != null) { - clientThread.join(); - } - } - - /* - * When we get here, the test is pretty much over. - * Which side threw the error? - */ - Exception local; - Exception remote; - - if (separateServerThread) { - remote = serverException; - local = clientException; - } else { - remote = clientException; - local = serverException; - } - - Exception exception = null; - - /* - * Check various exception conditions. - */ - if ((local != null) && (remote != null)) { - // If both failed, return the curthread's exception. - local.addSuppressed(remote); - exception = local; - } else if (local != null) { - exception = local; - } else if (remote != null) { - exception = remote; - } else if (startException != null) { - exception = startException; - } - - /* - * If there was an exception *AND* a startException, - * output it. - */ - if (exception != null) { - if (exception != startException && startException != null) { - exception.addSuppressed(startException); - } - throw exception; - } - - // Fall-through: no exception to throw! - } - - void startServer(boolean newThread) throws Exception { - if (newThread) { - serverThread = new Thread() { - @Override - public void run() { - try { - doServerSide(); - } catch (Exception e) { - /* - * Our server thread just died. - * - * Release the client, if not active already... - */ - System.err.println("Server died..."); - serverReady = true; - serverException = e; - } - } - }; - serverThread.start(); - } else { - try { - doServerSide(); - } catch (Exception e) { - serverException = e; - } finally { - serverReady = true; - } - } - } - - void startClient(boolean newThread) throws Exception { - if (newThread) { - clientThread = new Thread() { - @Override - public void run() { - try { - doClientSide(); - } catch (Exception e) { - /* - * Our client thread just died. - */ - System.err.println("Client died..."); - clientException = e; - } - } - }; - clientThread.start(); - } else { - try { - doClientSide(); - } catch (Exception e) { - clientException = e; - } - } - } } diff --git a/test/jdk/javax/net/ssl/ALPN/SSLSocketAlpnTest.java b/test/jdk/javax/net/ssl/ALPN/SSLSocketAlpnTest.java index 172eecd4608..51625f9c14f 100644 --- a/test/jdk/javax/net/ssl/ALPN/SSLSocketAlpnTest.java +++ b/test/jdk/javax/net/ssl/ALPN/SSLSocketAlpnTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,7 @@ * @test * @bug 8051498 8145849 8170282 * @summary JEP 244: TLS Application-Layer Protocol Negotiation Extension - * @compile MyX509ExtendedKeyManager.java + * @library /javax/net/ssl/templates * * @run main/othervm SSLSocketAlpnTest h2 UNUSED h2 h2 * @run main/othervm SSLSocketAlpnTest h2 UNUSED h2,http/1.1 h2 @@ -78,56 +78,18 @@ * This example is based on our standard SSLSocketTemplate. */ import java.io.*; -import java.security.KeyStore; import java.util.Arrays; import javax.net.ssl.*; -public class SSLSocketAlpnTest { +public class SSLSocketAlpnTest extends SSLSocketTemplate { - /* - * ============================================================= - * Set the various variables needed for the tests, then - * specify what tests to run on each side. - */ - - /* - * Should we run the client or server in a separate thread? - * Both sides can throw exceptions, but do you have a preference - * as to which side should be the main thread. - */ - static boolean separateServerThread = false; - - /* - * Where do we find the keystores? - */ - static String pathToStores = "../etc"; - static String keyStoreFile = "keystore"; - static String trustStoreFile = "truststore"; - static String passwd = "passphrase"; - - static String keyFilename = System.getProperty("test.src", ".") + "/" - + pathToStores + "/" + keyStoreFile; - static String trustFilename = System.getProperty("test.src", ".") + "/" - + pathToStores + "/" + trustStoreFile; - - private static boolean hasServerAPs; // whether server APs are present private static boolean hasCallback; // whether a callback is present - /* - * SSLContext - */ - SSLContext mySSLContext = null; - - /* - * Is the server ready to serve? - */ - volatile static boolean serverReady = false; - /* * Turn on SSL debugging? */ - static boolean debug = false; + static boolean debug = Boolean.getBoolean("test.debug"); static String[] serverAPs; static String callbackAP; @@ -143,28 +105,20 @@ public class SSLSocketAlpnTest { * smart about it.... */ + @Override + protected void configureServerSocket(SSLServerSocket socket) { + socket.setNeedClientAuth(true); + } + /* * Define the server side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ - void doServerSide() throws Exception { - SSLServerSocketFactory sslssf = mySSLContext.getServerSocketFactory(); - SSLServerSocket sslServerSocket - = (SSLServerSocket) sslssf.createServerSocket(serverPort); - // for both client/server to call into X509KM - sslServerSocket.setNeedClientAuth(true); - - serverPort = sslServerSocket.getLocalPort(); - - /* - * Signal Client, we're ready for his connect. - */ - serverReady = true; - - SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); - + @Override + protected void runServerApplication(SSLSocket sslSocket) throws Exception { + System.out.println("in runServerApplication(SSLSocket)"); SSLParameters sslp = sslSocket.getSSLParameters(); /* @@ -206,6 +160,7 @@ public class SSLSocketAlpnTest { } } + System.out.println("server starting handshake"); sslSocket.startHandshake(); if (sslSocket.getHandshakeApplicationProtocol() != null) { @@ -247,18 +202,9 @@ public class SSLSocketAlpnTest { * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ - void doClientSide() throws Exception { - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - SSLSocketFactory sslsf = mySSLContext.getSocketFactory(); - SSLSocket sslSocket - = (SSLSocket) sslsf.createSocket("localhost", serverPort); + @Override + protected void runClientApplication(SSLSocket sslSocket) throws Exception { + System.out.println("in runClientApplication(SSLSocket)"); SSLParameters sslp = sslSocket.getSSLParameters(); @@ -281,6 +227,7 @@ public class SSLSocketAlpnTest { + "return null before the handshake starts"); } + System.out.println("Client starting handshake"); sslSocket.startHandshake(); if (sslSocket.getHandshakeApplicationProtocol() != null) { @@ -321,16 +268,6 @@ public class SSLSocketAlpnTest { sslSocket.close(); } - /* - * ============================================================= - * The remainder is just support stuff - */ - // use any free port by default - volatile int serverPort = 0; - - volatile Exception serverException = null; - volatile Exception clientException = null; - public static void main(String[] args) throws Exception { if (debug) { @@ -347,14 +284,13 @@ public class SSLSocketAlpnTest { clientAPs = convert(args[2]); expectedAP = args[3]; - hasServerAPs = !args[0].equals("UNUSED"); // are server APs being used? hasCallback = !callbackAP.equals("UNUSED"); // is callback being used? /* * Start the tests. */ try { - new SSLSocketAlpnTest(); + new SSLSocketAlpnTest().run(); } catch (SSLHandshakeException she) { if (args[3].equals("ERROR")) { System.out.println("Caught the expected exception: " + she); @@ -366,40 +302,6 @@ public class SSLSocketAlpnTest { System.out.println("Test Passed."); } - SSLContext getSSLContext(String keyFilename, String trustFilename) - throws Exception { - SSLContext ctx = SSLContext.getInstance("TLS"); - - // Keystores - KeyStore keyKS = KeyStore.getInstance("JKS"); - keyKS.load(new FileInputStream(keyFilename), passwd.toCharArray()); - - KeyStore trustKS = KeyStore.getInstance("JKS"); - trustKS.load(new FileInputStream(trustFilename), passwd.toCharArray()); - - // Generate KeyManager and TrustManager - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(keyKS, passwd.toCharArray()); - - KeyManager[] kms = kmf.getKeyManagers(); - if (!(kms[0] instanceof X509ExtendedKeyManager)) { - throw new Exception("kms[0] not X509ExtendedKeyManager"); - } - - kms = new KeyManager[] { new MyX509ExtendedKeyManager( - (X509ExtendedKeyManager) kms[0], expectedAP, - !hasCallback && hasServerAPs) }; - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(trustKS); - TrustManager[] tms = tmf.getTrustManagers(); - - // initial SSLContext - ctx.init(kms, tms, null); - - return ctx; - } - /* * Convert a comma-separated list into an array of strings. */ @@ -421,143 +323,4 @@ public class SSLSocketAlpnTest { return strings; } - - Thread clientThread = null; - Thread serverThread = null; - - /* - * Primary constructor, used to drive remainder of the test. - * - * Fork off the other side, then do your work. - */ - SSLSocketAlpnTest() throws Exception { - Exception startException = null; - mySSLContext = getSSLContext(keyFilename, trustFilename); - try { - if (separateServerThread) { - startServer(true); - startClient(false); - } else { - startClient(true); - startServer(false); - } - } catch (Exception e) { - startException = e; - } - - /* - * Wait for other side to close down. - */ - if (separateServerThread) { - if (serverThread != null) { - serverThread.join(); - } - } else { - if (clientThread != null) { - clientThread.join(); - } - } - - /* - * When we get here, the test is pretty much over. - * Which side threw the error? - */ - Exception local; - Exception remote; - - if (separateServerThread) { - remote = serverException; - local = clientException; - } else { - remote = clientException; - local = serverException; - } - - Exception exception = null; - - /* - * Check various exception conditions. - */ - if ((local != null) && (remote != null)) { - // If both failed, return the curthread's exception. - local.addSuppressed(remote); - exception = local; - } else if (local != null) { - exception = local; - } else if (remote != null) { - exception = remote; - } else if (startException != null) { - exception = startException; - } - - /* - * If there was an exception *AND* a startException, - * output it. - */ - if (exception != null) { - if (exception != startException && startException != null) { - exception.addSuppressed(startException); - } - throw exception; - } - - // Fall-through: no exception to throw! - } - - void startServer(boolean newThread) throws Exception { - if (newThread) { - serverThread = new Thread() { - @Override - public void run() { - try { - doServerSide(); - } catch (Exception e) { - /* - * Our server thread just died. - * - * Release the client, if not active already... - */ - System.err.println("Server died..."); - serverReady = true; - serverException = e; - } - } - }; - serverThread.start(); - } else { - try { - doServerSide(); - } catch (Exception e) { - serverException = e; - } finally { - serverReady = true; - } - } - } - - void startClient(boolean newThread) throws Exception { - if (newThread) { - clientThread = new Thread() { - @Override - public void run() { - try { - doClientSide(); - } catch (Exception e) { - /* - * Our client thread just died. - */ - System.err.println("Client died..."); - clientException = e; - } - } - }; - clientThread.start(); - } else { - try { - doClientSide(); - } catch (Exception e) { - clientException = e; - } - } - } } diff --git a/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java b/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java index 71119489b85..295ad66646c 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java +++ b/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java @@ -37,19 +37,9 @@ import java.security.*; import java.nio.*; import java.util.Arrays; -public class HandshakeWithInvalidRecordVersion implements SSLContextTemplate { +public class HandshakeWithInvalidRecordVersion extends SSLContextTemplate { private static final boolean DEBUG = Boolean.getBoolean("test.debug"); - private static final String PATH_TO_STORES = "../etc"; - private static final String KEYSTORE_FILE = "keystore"; - private static final String TRUSTSTORE_FILE = "truststore"; - - private static final String KEYSTORE_PATH = - System.getProperty("test.src", "./") + "/" + PATH_TO_STORES + - "/" + KEYSTORE_FILE; - private static final String TRUSTSTORE_PATH = - System.getProperty("test.src", "./") + "/" + PATH_TO_STORES + - "/" + TRUSTSTORE_FILE; public static void main(String [] args) throws Exception { var runner = new HandshakeWithInvalidRecordVersion(); diff --git a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java index 63fb1baa231..3f275d8a285 100644 --- a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java +++ b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,86 +42,35 @@ * @run main/othervm DisabledShortRSAKeys SunX509 SSLv3 */ -import java.net.*; -import java.util.*; import java.io.*; import javax.net.ssl.*; import java.security.Security; -import java.security.KeyStore; -import java.security.KeyFactory; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; -import java.security.spec.*; -import java.security.interfaces.*; -import java.util.Base64; - public class DisabledShortRSAKeys extends SSLSocketTemplate { - /* - * Where do we find the keystores? - */ - // Certificates and key used in the test. - static String trustedCertStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + - "MTEwODE5MDE1MjE5WhcNMzIwNzI5MDE1MjE5WjA7MQswCQYDVQQGEwJVUzENMAsG\n" + - "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" + - "KoZIhvcNAQEBBQADgY0AMIGJAoGBAM8orG08DtF98TMSscjGsidd1ZoN4jiDpi8U\n" + - "ICz+9dMm1qM1d7O2T+KH3/mxyox7Rc2ZVSCaUD0a3CkhPMnlAx8V4u0H+E9sqso6\n" + - "iDW3JpOyzMExvZiRgRG/3nvp55RMIUV4vEHOZ1QbhuqG4ebN0Vz2DkRft7+flthf\n" + - "vDld6f5JAgMBAAGjgaUwgaIwHQYDVR0OBBYEFLl81dnfp0wDrv0OJ1sxlWzH83Xh\n" + - "MGMGA1UdIwRcMFqAFLl81dnfp0wDrv0OJ1sxlWzH83XhoT+kPTA7MQswCQYDVQQG\n" + - "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + - "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEE\n" + - "BQADgYEALlgaH1gWtoBZ84EW8Hu6YtGLQ/L9zIFmHonUPZwn3Pr//icR9Sqhc3/l\n" + - "pVTxOINuFHLRz4BBtEylzRIOPzK3tg8XwuLb1zd0db90x3KBCiAL6E6cklGEPwLe\n" + - "XYMHDn9eDsaq861Tzn6ZwzMgw04zotPMoZN0mVd/3Qca8UJFucE=\n" + - "-----END CERTIFICATE-----"; - - static String targetCertStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIICNDCCAZ2gAwIBAgIBDDANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + - "MTExMTA3MTM1NTUyWhcNMzEwNzI1MTM1NTUyWjBPMQswCQYDVQQGEwJVUzENMAsG\n" + - "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEjAQBgNV\n" + - "BAMTCWxvY2FsaG9zdDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3Pb49OSPfOD2G\n" + - "HSXFCFx1GJEZfqG9ZUf7xuIi/ra5dLjPGAaoY5QF2QOa8VnOriQCXDfyXHxsuRnE\n" + - "OomxL7EVAgMBAAGjeDB2MAsGA1UdDwQEAwID6DAdBgNVHQ4EFgQUXNCJK3/dtCIc\n" + - "xb+zlA/JINlvs/MwHwYDVR0jBBgwFoAUuXzV2d+nTAOu/Q4nWzGVbMfzdeEwJwYD\n" + - "VR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAzANBgkqhkiG9w0B\n" + - "AQQFAAOBgQB2qIDUxA2caMPpGtUACZAPRUtrGssCINIfItETXJZCx/cRuZ5sP4D9\n" + - "N1acoNDn0hCULe3lhXAeTC9NZ97680yJzregQMV5wATjo1FGsKY30Ma+sc/nfzQW\n" + - "+h/7RhYtoG0OTsiaDCvyhI6swkNJzSzrAccPY4+ZgU8HiDLzZTmM3Q==\n" + - "-----END CERTIFICATE-----"; - - // Private key in the format of PKCS#8, key size is 512 bits. - static String targetPrivateKey = - "MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAtz2+PTkj3zg9hh0l\n" + - "xQhcdRiRGX6hvWVH+8biIv62uXS4zxgGqGOUBdkDmvFZzq4kAlw38lx8bLkZxDqJ\n" + - "sS+xFQIDAQABAkByx/5Oo2hQ/w2q4L8z+NTRlJ3vdl8iIDtC/4XPnfYfnGptnpG6\n" + - "ZThQRvbMZiai0xHQPQMszvAHjZVme1eDl3EBAiEA3aKJHynPVCEJhpfCLWuMwX5J\n" + - "1LntwJO7NTOyU5m8rPECIQDTpzn5X44r2rzWBDna/Sx7HW9IWCxNgUD2Eyi2nA7W\n" + - "ZQIgJerEorw4aCAuzQPxiGu57PB6GRamAihEAtoRTBQlH0ECIQDN08FgTtnesgCU\n" + - "DFYLLcw1CiHvc7fZw4neBDHCrC8NtQIgA8TOUkGnpCZlQ0KaI8KfKWI+vxFcgFnH\n" + - "3fnqsTgaUs4="; - - static char passphrase[] = "passphrase".toCharArray(); - /* * Turn on SSL debugging? */ static boolean debug = false; - @Override - protected SSLContext createClientSSLContext() throws Exception { - return generateSSLContext(trustedCertStr, null, null); + private final String enabledProtocol; + private final String tmAlgorithm; + + public DisabledShortRSAKeys(String tmAlgorithm, String enabledProtocol) { + this.tmAlgorithm = tmAlgorithm; + this.enabledProtocol = enabledProtocol; } @Override - protected SSLContext createServerSSLContext() throws Exception { - return generateSSLContext(null, targetCertStr, targetPrivateKey); + public SSLContext createClientSSLContext() throws Exception { + return createSSLContext(new Cert[]{Cert.CA_RSA_512}, null, + new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509")); + } + + @Override + public SSLContext createServerSSLContext() throws Exception { + return createSSLContext(null, new Cert[]{Cert.EE_RSA_512}, + new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509")); } @Override @@ -159,84 +108,6 @@ public class DisabledShortRSAKeys extends SSLSocketTemplate { } } - /* - * ============================================================= - * The remainder is just support stuff - */ - private static String tmAlgorithm; // trust manager - private static String enabledProtocol; // the target protocol - - private static void parseArguments(String[] args) { - tmAlgorithm = args[0]; - enabledProtocol = args[1]; - } - - private static SSLContext generateSSLContext(String trustedCertStr, - String keyCertStr, String keySpecStr) throws Exception { - - // generate certificate from cert string - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - - // create a key store - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(null, null); - - // import the trused cert - Certificate trusedCert = null; - ByteArrayInputStream is = null; - if (trustedCertStr != null) { - is = new ByteArrayInputStream(trustedCertStr.getBytes()); - trusedCert = cf.generateCertificate(is); - is.close(); - - ks.setCertificateEntry("RSA Export Signer", trusedCert); - } - - if (keyCertStr != null) { - // generate the private key. - PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( - Base64.getMimeDecoder().decode(keySpecStr)); - KeyFactory kf = KeyFactory.getInstance("RSA"); - RSAPrivateKey priKey = - (RSAPrivateKey)kf.generatePrivate(priKeySpec); - - // generate certificate chain - is = new ByteArrayInputStream(keyCertStr.getBytes()); - Certificate keyCert = cf.generateCertificate(is); - is.close(); - - Certificate[] chain = null; - if (trusedCert != null) { - chain = new Certificate[2]; - chain[0] = keyCert; - chain[1] = trusedCert; - } else { - chain = new Certificate[1]; - chain[0] = keyCert; - } - - // import the key entry. - ks.setKeyEntry("Whatever", priKey, passphrase, chain); - } - - // create SSL context - TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlgorithm); - tmf.init(ks); - - SSLContext ctx = SSLContext.getInstance("TLS"); - if (keyCertStr != null && !keyCertStr.isEmpty()) { - KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509"); - kmf.init(ks, passphrase); - - ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - ks = null; - } else { - ctx.init(null, tmf.getTrustManagers(), null); - } - - return ctx; - } - public static void main(String[] args) throws Exception { Security.setProperty("jdk.certpath.disabledAlgorithms", "RSA keySize < 1024"); @@ -247,15 +118,12 @@ public class DisabledShortRSAKeys extends SSLSocketTemplate { System.setProperty("javax.net.debug", "all"); } - /* - * Get the customized arguments. - */ - parseArguments(args); + String tmAlgorithm = args[0]; + String enabledProtocol = args[1]; /* * Start the tests. */ - new DisabledShortRSAKeys().run(); + new DisabledShortRSAKeys(tmAlgorithm, enabledProtocol).run(); } - } diff --git a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java index fd2fcd8099d..171807c5a1d 100644 --- a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java +++ b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,66 +39,186 @@ import javax.net.ssl.*; /** * SSLContext template to speed up JSSE tests. */ -public interface SSLContextTemplate { +public abstract class SSLContextTemplate { + + /* + * ======================================= + * Certificates and keys used in the test. + */ + // Trusted certificates. + Cert[] TRUSTED_CERTS = { + Cert.CA_ECDSA_SECP256R1, + Cert.CA_RSA_2048, + Cert.CA_DSA_2048 }; + + // End entity certificate. + Cert[] END_ENTITY_CERTS = { + Cert.EE_ECDSA_SECP256R1, + Cert.EE_RSA_2048, + Cert.EE_EC_RSA_SECP256R1, + Cert.EE_DSA_2048 }; + /* * Create an instance of SSLContext for client use. */ - default SSLContext createClientSSLContext() throws Exception { + protected SSLContext createClientSSLContext() throws Exception { return createSSLContext( - createClientKeyManager(), createClientTrustManager(), + createClientKeyManager(), getClientContextParameters()); } /* * Create an instance of SSLContext for server use. */ - default SSLContext createServerSSLContext() throws Exception { + protected SSLContext createServerSSLContext() throws Exception { return createSSLContext( - createServerKeyManager(), createServerTrustManager(), + createServerKeyManager(), getServerContextParameters()); } - /* - * Create an instance of KeyManager for client use. + private SSLContext createSSLContext(TrustManager trustManager, + KeyManager keyManager, + ContextParameters params) throws Exception { + SSLContext context = SSLContext.getInstance(params.contextProtocol); + context.init( + new KeyManager[] {keyManager}, + new TrustManager[] {trustManager}, + null); + return context; + } + + /** + * Creates a TrustManager with TRUSTED_CERTS and client context parameters */ - default KeyManager createClientKeyManager() throws Exception { - return createKeyManager( - endEntityCertStrs, - endEntityPrivateKeys, - endEntityPrivateKeyAlgs, - endEntityPrivateKeyNames, - getServerContextParameters()); + protected TrustManager createClientTrustManager() throws Exception { + return createTrustManager(TRUSTED_CERTS, getClientContextParameters()); + } + + /** + * Creates a TrustManager with TRUSTED_CERTS and server context parameters + */ + protected TrustManager createServerTrustManager() throws Exception { + return createTrustManager(TRUSTED_CERTS, getServerContextParameters()); + } + + /** + * Creates a TrustManager with the given array of trusted certs and + * context parameters. + */ + protected TrustManager createTrustManager(Cert[] trustedCerts, + ContextParameters params) throws Exception { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream is; + + KeyStore ts = KeyStore.getInstance("JKS"); + ts.load(null, null); + + if (trustedCerts != null && trustedCerts.length != 0) { + Certificate[] trustedCert = new Certificate[trustedCerts.length]; + for (int i = 0; i < trustedCerts.length; i++) { + is = new ByteArrayInputStream(trustedCerts[i].certStr.getBytes()); + try { + trustedCert[i] = cf.generateCertificate(is); + } finally { + is.close(); + } + + ts.setCertificateEntry( + "trusted-cert-" + trustedCerts[i].name(), trustedCert[i]); + } + } + + // Create an SSLContext object. + TrustManagerFactory tmf = + TrustManagerFactory.getInstance(params.tmAlgorithm); + tmf.init(ts); + return tmf.getTrustManagers()[0]; + } + + /** + * Create a key manager with Cert.END_ENTITY_CERTS and the client + * context parameters. + */ + protected KeyManager createClientKeyManager() throws Exception { + return createKeyManager(END_ENTITY_CERTS, getClientContextParameters()); + } + + /** + * Create a key manager with Cert.END_ENTITY_CERTS and the server + * context parameters + */ + protected KeyManager createServerKeyManager() throws Exception { + return createKeyManager(END_ENTITY_CERTS, getServerContextParameters()); + } + + /** + * Creates a KeyManager with the given end-entity Cert's and context + * parameters + */ + protected KeyManager createKeyManager(Cert[] endEntityCerts, + ContextParameters params) throws Exception { + KeyStore ks = null; // key store + char[] passphrase = "passphrase".toCharArray(); + + if (endEntityCerts == null || endEntityCerts.length == 0) { + return null; + + } else { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + ks = KeyStore.getInstance("JKS"); + ks.load(null, null); + + for (Cert endEntityCert : endEntityCerts) { + // generate the private key. + PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( + Base64.getMimeDecoder().decode(endEntityCert.privKeyStr)); + KeyFactory kf = + KeyFactory.getInstance( + endEntityCert.keyAlgo); + PrivateKey priKey = kf.generatePrivate(priKeySpec); + + // generate certificate chain + ByteArrayInputStream is = new ByteArrayInputStream( + endEntityCert.certStr.getBytes()); + Certificate keyCert = null; + try { + keyCert = cf.generateCertificate(is); + } finally { + is.close(); + } + + Certificate[] chain = new Certificate[]{keyCert}; + + // import the key entry. + ks.setKeyEntry("cert-" + endEntityCert.name(), + priKey, passphrase, chain); + } + + KeyManagerFactory kmf = + KeyManagerFactory.getInstance(params.kmAlgorithm); + kmf.init(ks, passphrase); + return kmf.getKeyManagers()[0]; + } } /* - * Create an instance of TrustManager for client use. + * Create an instance of SSLContext with the specified trust/key materials. */ - default TrustManager createClientTrustManager() throws Exception { - return createTrustManager( - trustedCertStrs, - getServerContextParameters()); - } - /* - * Create an instance of KeyManager for server use. - */ - default KeyManager createServerKeyManager() throws Exception { - return createKeyManager( - endEntityCertStrs, - endEntityPrivateKeys, - endEntityPrivateKeyAlgs, - endEntityPrivateKeyNames, - getServerContextParameters()); - } + protected SSLContext createSSLContext( + Cert[] trustedCerts, + Cert[] endEntityCerts, + ContextParameters params) throws Exception { - /* - * Create an instance of TrustManager for server use. - */ - default TrustManager createServerTrustManager() throws Exception { - return createTrustManager( - trustedCertStrs, - getServerContextParameters()); + // Generate certificate from cert string. + TrustManager tm = createTrustManager(trustedCerts, params); + + KeyManager km = createKeyManager(endEntityCerts, params); + + SSLContext context = SSLContext.getInstance(params.contextProtocol); + context.init(km == null ? null : new KeyManager[]{km}, new TrustManager[]{tm}, null); + return context; } /* @@ -121,452 +241,713 @@ public interface SSLContextTemplate { /* * Get the client side parameters of SSLContext. */ - default ContextParameters getClientContextParameters() { + protected ContextParameters getClientContextParameters() { return new ContextParameters("TLS", "PKIX", "NewSunX509"); } /* * Get the server side parameters of SSLContext. */ - default ContextParameters getServerContextParameters() { + protected ContextParameters getServerContextParameters() { return new ContextParameters("TLS", "PKIX", "NewSunX509"); } - /* - * ======================================= - * Certificates and keys used in the test. - */ - // Trusted certificates. - final static String[] trustedCertStrs = { - // SHA256withECDSA, curve prime256v1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Subject Key Identifier: - // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 - "-----BEGIN CERTIFICATE-----\n" + - "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" + - "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" + - "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" + - "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" + - "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" + - "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" + - "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" + - "2YEHlSQUAbwwqCDEVB5KxaqP\n" + - "-----END CERTIFICATE-----", - // -----BEGIN PRIVATE KEY----- - // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd - // XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd - // LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp - // -----END PRIVATE KEY----- - // SHA256withRSA, 2048 bits - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Subject Key Identifier: - // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C - "-----BEGIN CERTIFICATE-----\n" + - "MIIDSTCCAjGgAwIBAgIJAI4ZF3iy8zG+MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpMcY7aWieXDEM1/YJf\n" + - "JW27b4nRIFZyEYhEloyGsKTuQiiQjc8cqRZFNXe2vwziDB4IyTEl0Hjl5QF6ZaQE\n" + - "huPzzwvQm1pv64KrRXrmj3FisQK8B5OWLty9xp6xDqsaMRoyObLK+oIb20T5fSlE\n" + - "evmo1vYjnh8CX0Yzx5Gr5ye6YSEHQvYOWEws8ad17OlyToR2KMeC8w4qo6rs59pW\n" + - "g7Mxn9vo22ImDzrtAbTbXbCias3xlE0Bp0h5luyf+5U4UgksoL9B9r2oP4GrLNEV\n" + - "oJk57t8lwaR0upiv3CnS8LcJELpegZub5ggqLY8ZPYFQPjlK6IzLOm6rXPgZiZ3m\n" + - "RL0CAwEAAaNQME4wHQYDVR0OBBYEFA3dk8n+S701t+iZeJD721o92xVMMB8GA1Ud\n" + - "IwQYMBaAFA3dk8n+S701t+iZeJD721o92xVMMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" + - "hvcNAQELBQADggEBAJTRC3rKUUhVH07/1+stUungSYgpM08dY4utJq0BDk36BbmO\n" + - "0AnLDMbkwFdHEoqF6hQIfpm7SQTmXk0Fss6Eejm8ynYr6+EXiRAsaXOGOBCzF918\n" + - "/RuKOzqABfgSU4UBKECLM5bMfQTL60qx+HdbdVIpnikHZOFfmjCDVxoHsGyXc1LW\n" + - "Jhkht8IGOgc4PMGvyzTtRFjz01kvrVQZ75aN2E0GQv6dCxaEY0i3ypSzjUWAKqDh\n" + - "3e2OLwUSvumcdaxyCdZAOUsN6pDBQ+8VRG7KxnlRlY1SMEk46QgQYLbPDe/+W/yH\n" + - "ca4PejicPeh+9xRAwoTpiE2gulfT7Lm+fVM7Ruc=\n" + - "-----END CERTIFICATE-----", + enum Cert { - // -----BEGIN PRIVATE KEY----- - // MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6THGO2lonlwxD - // Nf2CXyVtu2+J0SBWchGIRJaMhrCk7kIokI3PHKkWRTV3tr8M4gweCMkxJdB45eUB - // emWkBIbj888L0Jtab+uCq0V65o9xYrECvAeTli7cvcaesQ6rGjEaMjmyyvqCG9tE - // +X0pRHr5qNb2I54fAl9GM8eRq+cnumEhB0L2DlhMLPGndezpck6EdijHgvMOKqOq - // 7OfaVoOzMZ/b6NtiJg867QG0212womrN8ZRNAadIeZbsn/uVOFIJLKC/Qfa9qD+B - // qyzRFaCZOe7fJcGkdLqYr9wp0vC3CRC6XoGbm+YIKi2PGT2BUD45SuiMyzpuq1z4 - // GYmd5kS9AgMBAAECggEAFHSoU2MuWwJ+2jJnb5U66t2V1bAcuOE1g5zkWvG/G5z9 - // rq6Qo5kmB8f5ovdx6tw3MGUOklLwnRXBG3RxDJ1iokz3AvkY1clMNsDPlDsUrQKF - // JSO4QUBQTPSZhnsyfR8XHSU+qJ8Y+ohMfzpVv95BEoCzebtXdVgxVegBlcEmVHo2 - // kMmkRN+bYNsr8eb2r+b0EpyumS39ZgKYh09+cFb78y3T6IFMGcVJTP6nlGBFkmA/ - // 25pYeCF2tSki08qtMJZQAvKfw0Kviibk7ZxRbJqmc7B1yfnOEHP6ftjuvKl2+RP/ - // +5P5f8CfIP6gtA0LwSzAqQX/hfIKrGV5j0pCqrD0kQKBgQDeNR6Xi4sXVq79lihO - // a1bSeV7r8yoQrS8x951uO+ox+UIZ1MsAULadl7zB/P0er92p198I9M/0Jth3KBuS - // zj45mucvpiiGvmQlMKMEfNq4nN7WHOu55kufPswQB2mR4J3xmwI+4fM/nl1zc82h - // De8JSazRldJXNhfx0RGFPmgzbwKBgQDWoVXrXLbCAn41oVnWB8vwY9wjt92ztDqJ - // HMFA/SUohjePep9UDq6ooHyAf/Lz6oE5NgeVpPfTDkgvrCFVKnaWdwALbYoKXT2W - // 9FlyJox6eQzrtHAacj3HJooXWuXlphKSizntfxj3LtMR9BmrmRJOfK+SxNOVJzW2 - // +MowT20EkwKBgHmpB8jdZBgxI7o//m2BI5Y1UZ1KE5vx1kc7VXzHXSBjYqeV9FeF - // 2ZZLP9POWh/1Fh4pzTmwIDODGT2UPhSQy0zq3O0fwkyT7WzXRknsuiwd53u/dejg - // iEL2NPAJvulZ2+AuiHo5Z99LK8tMeidV46xoJDDUIMgTG+UQHNGhK5gNAoGAZn/S - // Cn7SgMC0CWSvBHnguULXZO9wH1wZAFYNLL44OqwuaIUFBh2k578M9kkke7woTmwx - // HxQTjmWpr6qimIuY6q6WBN8hJ2Xz/d1fwhYKzIp20zHuv5KDUlJjbFfqpsuy3u1C - // kts5zwI7pr1ObRbDGVyOdKcu7HI3QtR5qqyjwaUCgYABo7Wq6oHva/9V34+G3Goh - // 63bYGUnRw2l5BD11yhQv8XzGGZFqZVincD8gltNThB0Dc/BI+qu3ky4YdgdZJZ7K - // z51GQGtaHEbrHS5caV79yQ8QGY5mUVH3E+VXSxuIqb6pZq2DH4sTAEFHyncddmOH - // zoXBInYwRG9KE/Bw5elhUw== - // -----END PRIVATE KEY----- + CA_ECDSA_SECP256R1( + "EC", + // SHA256withECDSA, curve secp256r1 + // Validity + // Not Before: May 22 07:18:16 2018 GMT + // Not After : May 17 07:18:16 2038 GMT + // Subject Key Identifier: + // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 + "-----BEGIN CERTIFICATE-----\n" + + "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + + "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + + "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" + + "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" + + "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" + + "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" + + "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" + + "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" + + "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" + + "2YEHlSQUAbwwqCDEVB5KxaqP\n" + + "-----END CERTIFICATE-----", + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd\n" + + "XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd\n" + + "LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp"), + CA_ECDSA_SECP384R1( + "EC", + // SHA384withECDSA, curve secp384r1 + // Validity + // Not Before: Jun 24 08:15:06 2019 GMT + // Not After : Jun 19 08:15:06 2039 GMT + // Subject Key Identifier: + // 0a:93:a9:a0:bf:e7:d5:48:9d:4f:89:15:c6:51:98:80:05:51:4e:4e + "-----BEGIN CERTIFICATE-----\n" + + "MIICCDCCAY6gAwIBAgIUCpOpoL/n1UidT4kVxlGYgAVRTk4wCgYIKoZIzj0EAwMw\n" + + "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + + "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" + + "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + + "dCBTZXJpdmNlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENVQN1wXWFdgC6u/dDdiC\n" + + "y+WtMTF66oL/0BSm+1ZqsogamzCryawOcHgiuXgWzx5CQ3LuOC+tDFyXpGfHuCvb\n" + + "dkzxPrP5n9NrR8/uRPe5l1KOUbchviU8z9cTP+LZxnZDo1MwUTAdBgNVHQ4EFgQU\n" + + "SktSFArR1p/5mXV0kyo0RxIVa/UwHwYDVR0jBBgwFoAUSktSFArR1p/5mXV0kyo0\n" + + "RxIVa/UwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjBZvoNmq3/v\n" + + "RD2gBTyvxjS9h0rsMRLHDnvul/KWngytwGPTOBo0Y8ixQXSjdKoc3rkCMQDkiNgx\n" + + "IDxuHedmrLQKIPnVcthTmwv7//jHiqGoKofwChMo2a1P+DQdhszmeHD/ARQ=\n" + + "-----END CERTIFICATE-----", + "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDChlbt0NF8oIKODSxn2\n" + + "WXCXuJm3z78LRkzYQS3Nx5NMjei5ytkFZz4qvD4XXMWlTEyhZANiAAQ1VA3XBdYV\n" + + "2ALq790N2ILL5a0xMXrqgv/QFKb7VmqyiBqbMKvJrA5weCK5eBbPHkJDcu44L60M\n" + + "XJekZ8e4K9t2TPE+s/mf02tHz+5E97mXUo5RtyG+JTzP1xM/4tnGdkM="), - // SHA256withDSA, 2048 bits - // Validity - // Not Before: May 22 07:18:18 2018 GMT - // Not After : May 17 07:18:18 2038 GMT - // Subject Key Identifier: - // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53 - "-----BEGIN CERTIFICATE-----\n" + - "MIIErjCCBFSgAwIBAgIJAOktYLNCbr02MAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + - "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" + - "Y2UwHhcNMTgwNTIyMDcxODE4WhcNMzgwNTE3MDcxODE4WjA7MQswCQYDVQQGEwJV\n" + - "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Uw\n" + - "ggNHMIICOQYHKoZIzjgEATCCAiwCggEBAO5GyPhSm0ze3LSu+gicdULLj05iOfTL\n" + - "UvZQ29sYz41zmqrLBQbdKiHqgJu2Re9sgTb5suLNjF047TOLPnU3jhPtWm2X8Xzi\n" + - "VGIcHym/Q/MeZxStt/88seqroI3WOKzIML2GcrishT+lcGrtH36Tf1+ue2Snn3PS\n" + - "WyxygNqPjllP5uUjYmFLvAf4QLMldkd/D2VxcwsHjB8y5iUZsXezc/LEhRZS/02m\n" + - "ivqlRw3AMkq/OVe/ZtxFWsP0nsfxEGdZuaUFpppGfixxFvymrB3+J51cTt+pZBDq\n" + - "D2y0DYfc+88iCs4jwHTfcDIpLb538HBjBj2rEgtQESQmB0ooD/+wsPsCIQC1bYch\n" + - "gElNtDYL3FgpLgNSUYp7gIWv9ehaC7LO2z7biQKCAQBitvFOnDkUja8NAF7lDpOV\n" + - "b5ipQ8SicBLW3kQamxhyuyxgZyy/PojZ/oPorkqW/T/A0rhnG6MssEpAtdiwVB+c\n" + - "rBYGo3bcwmExJhdOJ6dYuKFppPWhCwKMHs9npK+lqBMl8l5j58xlcFeC7ZfGf8GY\n" + - "GkhFW0c44vEQhMMbac6ZTTP4mw+1t7xJfmDMlLEyIpTXaAAk8uoVLWzQWnR40sHi\n" + - "ybvS0u3JxQkb7/y8tOOZu8qlz/YOS7lQ6UxUGX27Ce1E0+agfPphetoRAlS1cezq\n" + - "Wa7r64Ga0nkj1kwkcRqjgTiJx0NwnUXr78VAXFhVF95+O3lfqhvdtEGtkhDGPg7N\n" + - "A4IBBgACggEBAMmSHQK0w2i+iqUjOPzn0yNEZrzepLlLeQ1tqtn0xnlv5vBAeefD\n" + - "Pm9dd3tZOjufVWP7hhEz8xPobb1CS4e3vuQiv5UBfhdPL3f3l9T7JMAKPH6C9Vve\n" + - "OQXE5eGqbjsySbcmseHoYUt1WCSnSda1opX8zchX04e7DhGfE2/L9flpYEoSt8lI\n" + - "vMNjgOwvKdW3yvPt1/eBBHYNFG5gWPv/Q5KoyCtHS03uqGm4rNc/wZTIEEfd66C+\n" + - "QRaUltjOaHmtwOdDHaNqwhYZSVOip+Mo+TfyzHFREcdHLapo7ZXqbdYkRGxRR3d+\n" + - "3DfHaraJO0OKoYlPkr3JMvM/MSGR9AnZOcejUDBOMB0GA1UdDgQWBBR2Zp73O91F\n" + - "5TvZcjw/8FQ5hjEmUzAfBgNVHSMEGDAWgBR2Zp73O91F5TvZcjw/8FQ5hjEmUzAM\n" + - "BgNVHRMEBTADAQH/MAsGCWCGSAFlAwQDAgNHADBEAiBzriYE41M2y9Hy5ppkL0Qn\n" + - "dIlNc8JhXT/PHW7GDtViagIgMko8Qoj9gDGPK3+O9E8DC3wGiiF9CObM4LN387ok\n" + - "J+g=\n" + - "-----END CERTIFICATE-----" - // -----BEGIN PRIVATE KEY----- - // MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQDuRsj4UptM3ty0rvoInHVCy49O - // Yjn0y1L2UNvbGM+Nc5qqywUG3Soh6oCbtkXvbIE2+bLizYxdOO0ziz51N44T7Vpt - // l/F84lRiHB8pv0PzHmcUrbf/PLHqq6CN1jisyDC9hnK4rIU/pXBq7R9+k39frntk - // p59z0lsscoDaj45ZT+blI2JhS7wH+ECzJXZHfw9lcXMLB4wfMuYlGbF3s3PyxIUW - // Uv9Npor6pUcNwDJKvzlXv2bcRVrD9J7H8RBnWbmlBaaaRn4scRb8pqwd/iedXE7f - // qWQQ6g9stA2H3PvPIgrOI8B033AyKS2+d/BwYwY9qxILUBEkJgdKKA//sLD7AiEA - // tW2HIYBJTbQ2C9xYKS4DUlGKe4CFr/XoWguyzts+24kCggEAYrbxTpw5FI2vDQBe - // 5Q6TlW+YqUPEonAS1t5EGpsYcrssYGcsvz6I2f6D6K5Klv0/wNK4ZxujLLBKQLXY - // sFQfnKwWBqN23MJhMSYXTienWLihaaT1oQsCjB7PZ6SvpagTJfJeY+fMZXBXgu2X - // xn/BmBpIRVtHOOLxEITDG2nOmU0z+JsPtbe8SX5gzJSxMiKU12gAJPLqFS1s0Fp0 - // eNLB4sm70tLtycUJG+/8vLTjmbvKpc/2Dku5UOlMVBl9uwntRNPmoHz6YXraEQJU - // tXHs6lmu6+uBmtJ5I9ZMJHEao4E4icdDcJ1F6+/FQFxYVRfefjt5X6ob3bRBrZIQ - // xj4OzQQjAiEAsceWOM8do4etxp2zgnoNXV8PUUyqWhz1+0srcKV7FR4= - // -----END PRIVATE KEY----- - }; + CA_ECDSA_SECP521R1( + "EC", + // SHA512withECDSA, curve secp521r1 + // Validity + // Not Before: Jun 24 08:15:06 2019 GMT + // Not After : Jun 19 08:15:06 2039 GMT + // Subject Key Identifier: + // 25:ca:68:76:6d:29:17:9b:71:78:45:2d:d4:c6:e4:5d:fe:25:ff:90 + "-----BEGIN CERTIFICATE-----\n" + + "MIICUzCCAbSgAwIBAgIUJcpodm0pF5txeEUt1MbkXf4l/5AwCgYIKoZIzj0EAwQw\n" + + "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + + "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" + + "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + + "dCBTZXJpdmNlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAmFD5VmB2MdyJ6k+E\n" + + "eP4JncrE65ySL07gVmFwnr8otOt3NtRAyzmviMNNXXjo5R5NqNjKP4pr92JjT0sO\n" + + "D65yngkBtH151Ev/fiKPLxkXL9GzfKdWHVhDX7Zg6DUydzukzZV2/dIyloAIqwlz\n" + + "QVKJqT7RypDufdng8hnE9YfKo6ypZiujUzBRMB0GA1UdDgQWBBRAIrxa7WqtqUCe\n" + + "HFuKREDC92spvTAfBgNVHSMEGDAWgBRAIrxa7WqtqUCeHFuKREDC92spvTAPBgNV\n" + + "HRMBAf8EBTADAQH/MAoGCCqGSM49BAMEA4GMADCBiAJCAe22iirZnODCmlpxcv57\n" + + "3g5BEE60C+dtYmTqR4DtFyDaTRQ5CFf4ZxvQPIbD+SXi5Cbrl6qtrZG0cjUihPkC\n" + + "Hi1hAkIAiEcO7nMPgQLny+GrciojfN+bZXME/dPz6KHBm/89f8Me+jawVnv6y+df\n" + + "2Sbafh1KV6ntWQtB4bK3MXV8Ym9Eg1I=\n" + + "-----END CERTIFICATE-----", + "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAV8dZszV6+nLw3LeA\n" + + "Q+qLJLGaqyjlsQkaopCPcmoRdy1HX6AzB/YnKsPkHp/9DQN6A2JgUhFG5B0XvKSk\n" + + "BqNNuSGhgYkDgYYABACYUPlWYHYx3InqT4R4/gmdysTrnJIvTuBWYXCevyi063c2\n" + + "1EDLOa+Iw01deOjlHk2o2Mo/imv3YmNPSw4PrnKeCQG0fXnUS/9+Io8vGRcv0bN8\n" + + "p1YdWENftmDoNTJ3O6TNlXb90jKWgAirCXNBUompPtHKkO592eDyGcT1h8qjrKlm\n" + + "Kw=="), - // End entity certificate. - final static String[] endEntityCertStrs = { - // SHA256withECDSA, curve prime256v1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Authority Key Identifier: - // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 - "-----BEGIN CERTIFICATE-----\n" + - "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" + - "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" + - "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" + - "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" + - "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" + - "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" + - "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" + - "-----END CERTIFICATE-----", + CA_RSA_2048( + "RSA", + // SHA256withRSA, 2048 bits + // Validity + // Not Before: May 22 07:18:16 2018 GMT + // Not After : May 17 07:18:16 2038 GMT + // Subject Key Identifier: + // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C + "-----BEGIN CERTIFICATE-----\n" + + "MIIDSTCCAjGgAwIBAgIJAI4ZF3iy8zG+MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + + "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + + "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYT\n" + + "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + + "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpMcY7aWieXDEM1/YJf\n" + + "JW27b4nRIFZyEYhEloyGsKTuQiiQjc8cqRZFNXe2vwziDB4IyTEl0Hjl5QF6ZaQE\n" + + "huPzzwvQm1pv64KrRXrmj3FisQK8B5OWLty9xp6xDqsaMRoyObLK+oIb20T5fSlE\n" + + "evmo1vYjnh8CX0Yzx5Gr5ye6YSEHQvYOWEws8ad17OlyToR2KMeC8w4qo6rs59pW\n" + + "g7Mxn9vo22ImDzrtAbTbXbCias3xlE0Bp0h5luyf+5U4UgksoL9B9r2oP4GrLNEV\n" + + "oJk57t8lwaR0upiv3CnS8LcJELpegZub5ggqLY8ZPYFQPjlK6IzLOm6rXPgZiZ3m\n" + + "RL0CAwEAAaNQME4wHQYDVR0OBBYEFA3dk8n+S701t+iZeJD721o92xVMMB8GA1Ud\n" + + "IwQYMBaAFA3dk8n+S701t+iZeJD721o92xVMMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" + + "hvcNAQELBQADggEBAJTRC3rKUUhVH07/1+stUungSYgpM08dY4utJq0BDk36BbmO\n" + + "0AnLDMbkwFdHEoqF6hQIfpm7SQTmXk0Fss6Eejm8ynYr6+EXiRAsaXOGOBCzF918\n" + + "/RuKOzqABfgSU4UBKECLM5bMfQTL60qx+HdbdVIpnikHZOFfmjCDVxoHsGyXc1LW\n" + + "Jhkht8IGOgc4PMGvyzTtRFjz01kvrVQZ75aN2E0GQv6dCxaEY0i3ypSzjUWAKqDh\n" + + "3e2OLwUSvumcdaxyCdZAOUsN6pDBQ+8VRG7KxnlRlY1SMEk46QgQYLbPDe/+W/yH\n" + + "ca4PejicPeh+9xRAwoTpiE2gulfT7Lm+fVM7Ruc=\n" + + "-----END CERTIFICATE-----", + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6THGO2lonlwxD\n" + + "Nf2CXyVtu2+J0SBWchGIRJaMhrCk7kIokI3PHKkWRTV3tr8M4gweCMkxJdB45eUB\n" + + "emWkBIbj888L0Jtab+uCq0V65o9xYrECvAeTli7cvcaesQ6rGjEaMjmyyvqCG9tE\n" + + "+X0pRHr5qNb2I54fAl9GM8eRq+cnumEhB0L2DlhMLPGndezpck6EdijHgvMOKqOq\n" + + "7OfaVoOzMZ/b6NtiJg867QG0212womrN8ZRNAadIeZbsn/uVOFIJLKC/Qfa9qD+B\n" + + "qyzRFaCZOe7fJcGkdLqYr9wp0vC3CRC6XoGbm+YIKi2PGT2BUD45SuiMyzpuq1z4\n" + + "GYmd5kS9AgMBAAECggEAFHSoU2MuWwJ+2jJnb5U66t2V1bAcuOE1g5zkWvG/G5z9\n" + + "rq6Qo5kmB8f5ovdx6tw3MGUOklLwnRXBG3RxDJ1iokz3AvkY1clMNsDPlDsUrQKF\n" + + "JSO4QUBQTPSZhnsyfR8XHSU+qJ8Y+ohMfzpVv95BEoCzebtXdVgxVegBlcEmVHo2\n" + + "kMmkRN+bYNsr8eb2r+b0EpyumS39ZgKYh09+cFb78y3T6IFMGcVJTP6nlGBFkmA/\n" + + "25pYeCF2tSki08qtMJZQAvKfw0Kviibk7ZxRbJqmc7B1yfnOEHP6ftjuvKl2+RP/\n" + + "+5P5f8CfIP6gtA0LwSzAqQX/hfIKrGV5j0pCqrD0kQKBgQDeNR6Xi4sXVq79lihO\n" + + "a1bSeV7r8yoQrS8x951uO+ox+UIZ1MsAULadl7zB/P0er92p198I9M/0Jth3KBuS\n" + + "zj45mucvpiiGvmQlMKMEfNq4nN7WHOu55kufPswQB2mR4J3xmwI+4fM/nl1zc82h\n" + + "De8JSazRldJXNhfx0RGFPmgzbwKBgQDWoVXrXLbCAn41oVnWB8vwY9wjt92ztDqJ\n" + + "HMFA/SUohjePep9UDq6ooHyAf/Lz6oE5NgeVpPfTDkgvrCFVKnaWdwALbYoKXT2W\n" + + "9FlyJox6eQzrtHAacj3HJooXWuXlphKSizntfxj3LtMR9BmrmRJOfK+SxNOVJzW2\n" + + "+MowT20EkwKBgHmpB8jdZBgxI7o//m2BI5Y1UZ1KE5vx1kc7VXzHXSBjYqeV9FeF\n" + + "2ZZLP9POWh/1Fh4pzTmwIDODGT2UPhSQy0zq3O0fwkyT7WzXRknsuiwd53u/dejg\n" + + "iEL2NPAJvulZ2+AuiHo5Z99LK8tMeidV46xoJDDUIMgTG+UQHNGhK5gNAoGAZn/S\n" + + "Cn7SgMC0CWSvBHnguULXZO9wH1wZAFYNLL44OqwuaIUFBh2k578M9kkke7woTmwx\n" + + "HxQTjmWpr6qimIuY6q6WBN8hJ2Xz/d1fwhYKzIp20zHuv5KDUlJjbFfqpsuy3u1C\n" + + "kts5zwI7pr1ObRbDGVyOdKcu7HI3QtR5qqyjwaUCgYABo7Wq6oHva/9V34+G3Goh\n" + + "63bYGUnRw2l5BD11yhQv8XzGGZFqZVincD8gltNThB0Dc/BI+qu3ky4YdgdZJZ7K\n" + + "z51GQGtaHEbrHS5caV79yQ8QGY5mUVH3E+VXSxuIqb6pZq2DH4sTAEFHyncddmOH\n" + + "zoXBInYwRG9KE/Bw5elhUw=="), - // SHA256withRSA, 2048 bits - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Authority Key Identifier: - // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C - "-----BEGIN CERTIFICATE-----\n" + - "MIIDNjCCAh6gAwIBAgIJAO2+yPcFryUTMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n" + - "AQ8AMIIBCgKCAQEAszfBobWfZIp8AgC6PiWDDavP65mSvgCXUGxACbxVNAfkLhNR\n" + - "QOsHriRB3X1Q3nvO9PetC6wKlvE9jlnDDj7D+1j1r1CHO7ms1fq8rfcQYdkanDtu\n" + - "4AlHo8v+SSWX16MIXFRYDj2VVHmyPtgbltcg4zGAuwT746FdLI94uXjJjq1IOr/v\n" + - "0VIlwE5ORWH5Xc+5Tj+oFWK0E4a4GHDgtKKhn2m72hN56/GkPKGkguP5NRS1qYYV\n" + - "/EFkdyQMOV8J1M7HaicSft4OL6eKjTrgo93+kHk+tv0Dc6cpVBnalX3TorG8QI6B\n" + - "cHj1XQd78oAlAC+/jF4pc0mwi0un49kdK9gRfQIDAQABoyMwITAfBgNVHSMEGDAW\n" + - "gBQN3ZPJ/ku9NbfomXiQ+9taPdsVTDANBgkqhkiG9w0BAQsFAAOCAQEApXS0nKwm\n" + - "Kp8gpmO2yG1rpd1+2wBABiMU4JZaTqmma24DQ3RzyS+V2TeRb29dl5oTUEm98uc0\n" + - "GPZvhK8z5RFr4YE17dc04nI/VaNDCw4y1NALXGs+AHkjoPjLyGbWpi1S+gfq2sNB\n" + - "Ekkjp6COb/cb9yiFXOGVls7UOIjnVZVd0r7KaPFjZhYh82/f4PA/A1SnIKd1+nfH\n" + - "2yk7mSJNC7Z3qIVDL8MM/jBVwiC3uNe5GPB2uwhd7k5LGAVN3j4HQQGB0Sz+VC1h\n" + - "92oi6xDa+YBva2fvHuCd8P50DDjxmp9CemC7rnZ5j8egj88w14X44Xjb/Fd/ApG9\n" + - "e57NnbT7KM+Grw==\n" + - "-----END CERTIFICATE-----", + CA_RSA_512( // for DisabledShortRSAKeys test + "RSA", + // md5WithRSAEncryption, 1024 bits + // Validity + // Not Before: Aug 19 01:52:19 2011 GMT + // Not After : Jul 29 01:52:19 2032 GMT + // X509v3 Authority Key Identifier: + // keyid:B9:7C:D5:D9:DF:A7:4C:03:AE:FD:0E:27:5B:31:95:6C:C7:F3:75:E1 + // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce + // serial:00 + "-----BEGIN CERTIFICATE-----\n" + + "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + + "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + + "MTEwODE5MDE1MjE5WhcNMzIwNzI5MDE1MjE5WjA7MQswCQYDVQQGEwJVUzENMAsG\n" + + "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" + + "KoZIhvcNAQEBBQADgY0AMIGJAoGBAM8orG08DtF98TMSscjGsidd1ZoN4jiDpi8U\n" + + "ICz+9dMm1qM1d7O2T+KH3/mxyox7Rc2ZVSCaUD0a3CkhPMnlAx8V4u0H+E9sqso6\n" + + "iDW3JpOyzMExvZiRgRG/3nvp55RMIUV4vEHOZ1QbhuqG4ebN0Vz2DkRft7+flthf\n" + + "vDld6f5JAgMBAAGjgaUwgaIwHQYDVR0OBBYEFLl81dnfp0wDrv0OJ1sxlWzH83Xh\n" + + "MGMGA1UdIwRcMFqAFLl81dnfp0wDrv0OJ1sxlWzH83XhoT+kPTA7MQswCQYDVQQG\n" + + "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + + "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEE\n" + + "BQADgYEALlgaH1gWtoBZ84EW8Hu6YtGLQ/L9zIFmHonUPZwn3Pr//icR9Sqhc3/l\n" + + "pVTxOINuFHLRz4BBtEylzRIOPzK3tg8XwuLb1zd0db90x3KBCiAL6E6cklGEPwLe\n" + + "XYMHDn9eDsaq861Tzn6ZwzMgw04zotPMoZN0mVd/3Qca8UJFucE=\n" + + "-----END CERTIFICATE-----", + "MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAtz2+PTkj3zg9hh0l\n" + + "xQhcdRiRGX6hvWVH+8biIv62uXS4zxgGqGOUBdkDmvFZzq4kAlw38lx8bLkZxDqJ\n" + + "sS+xFQIDAQABAkByx/5Oo2hQ/w2q4L8z+NTRlJ3vdl8iIDtC/4XPnfYfnGptnpG6\n" + + "ZThQRvbMZiai0xHQPQMszvAHjZVme1eDl3EBAiEA3aKJHynPVCEJhpfCLWuMwX5J\n" + + "1LntwJO7NTOyU5m8rPECIQDTpzn5X44r2rzWBDna/Sx7HW9IWCxNgUD2Eyi2nA7W\n" + + "ZQIgJerEorw4aCAuzQPxiGu57PB6GRamAihEAtoRTBQlH0ECIQDN08FgTtnesgCU\n" + + "DFYLLcw1CiHvc7fZw4neBDHCrC8NtQIgA8TOUkGnpCZlQ0KaI8KfKWI+vxFcgFnH\n" + + "3fnqsTgaUs4=" - // SHA256withRSA, curv prime256v1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 21 07:18:16 2028 GMT - // Authority Key Identifier: - // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C - "-----BEGIN CERTIFICATE-----\n" + - "MIICazCCAVOgAwIBAgIJAO2+yPcFryUUMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0yODA1MjEwNzE4MTZaMFUxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" + - "AQcDQgAE59MERNTlVZ1eeps8Z3Oue5ZkgQdPtD+WIE6tj3PbIKpxGPDxvfNP959A\n" + - "yQjEK/ehWQVrCMmNoEkIzY+IIBgB06MjMCEwHwYDVR0jBBgwFoAUDd2Tyf5LvTW3\n" + - "6Jl4kPvbWj3bFUwwDQYJKoZIhvcNAQELBQADggEBAFOTVEqs70ykhZiIdrEsF1Ra\n" + - "I3B2rLvwXZk52uSltk2/bzVvewA577ZCoxQ1pL7ynkisPfBN1uVYtHjM1VA3RC+4\n" + - "+TAK78dnI7otYjWoHp5rvs4l6c/IbOspS290IlNuDUxMErEm5wxIwj+Aukx/1y68\n" + - "hOyCvHBLMY2c1LskH1MMBbDuS1aI+lnGpToi+MoYObxGcV458vxuT8+wwV8Fkpvd\n" + - "ll8IIFmeNPRv+1E+lXbES6CSNCVaZ/lFhPgdgYKleN7sfspiz50DG4dqafuEAaX5\n" + - "xaK1NWXJxTRz0ROH/IUziyuDW6jphrlgit4+3NCzp6vP9hAJQ8Vhcj0n15BKHIQ=\n" + - "-----END CERTIFICATE-----", + ), - // SHA256withDSA, 2048 bits - // Validity - // Not Before: May 22 07:18:20 2018 GMT - // Not After : May 17 07:18:20 2038 GMT - // Authority Key Identifier: - // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53 - "-----BEGIN CERTIFICATE-----\n" + - "MIIEnDCCBEGgAwIBAgIJAP/jh1qVhNVjMAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + - "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" + - "Y2UwHhcNMTgwNTIyMDcxODIwWhcNMzgwNTE3MDcxODIwWjBVMQswCQYDVQQGEwJV\n" + - "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Ux\n" + - "GDAWBgNVBAMMD1JlZ3Jlc3Npb24gVGVzdDCCA0cwggI6BgcqhkjOOAQBMIICLQKC\n" + - "AQEAmlavgoJrMcjqWRVcDE2dmWAPREgnzQvneEDef68cprDzjSwvOs5QeFyx75ib\n" + - "ado1e6jO/rW1prCGWHDD1oA/Tn4Pk3vu0nUxzvl1qATc+aJbpUU5Op0bvp6LbCsQ\n" + - "QslV9FeRh7Eb7bP6gpc/kHCBzEgC1VCK7prccXWy+t6SMOHbND3h+UbckfSaUuaV\n" + - "sVJNTD1D6GElfRj4Nmz1BGPfSYvKorwNZEU3gXwFgtDoAcGx7tcyClLpDHfqRfw/\n" + - "7yiqLyeiP7D4hl5lMNouJWDlAdMFp0FMgS3s9VDFinIcr6VtBWMTG7+4+czHAB+3\n" + - "fvrwlqNzhBn3uFHrekN/w8fNxwIhAJo7Sae1za7IMW0Q6hE5B4b+s2B/FaKPoA4E\n" + - "jtZu13B9AoIBAQCOZqLMKfvqZWUgT0PQ3QjR7dAFdd06I9Y3+TOQzZk1+j+vw/6E\n" + - "X4vFItX4gihb/u5Q9CdmpwhVGi7bvo+7+/IKeTgoQ6f5+PSug7SrWWUQ5sPwaZui\n" + - "zXZJ5nTeZDucFc2yFx0wgnjbPwiUxZklOT7xGiOMtzOTa2koCz5KuIBL+/wPKKxm\n" + - "ypo9VoY9xfbdU6LMXZv/lpD5XTM9rYHr/vUTNkukvV6Hpm0YMEWhVZKUJiqCqTqG\n" + - "XHaleOxSw6uQWB/+TznifcC7gB48UOQjCqOKf5VuwQneJLhlhU/jhRV3xtr+hLZa\n" + - "hW1wYhVi8cjLDrZFKlgEQqhB4crnJU0mJY+tA4IBBQACggEAID0ezl00/X8mv7eb\n" + - "bzovum1+DEEP7FM57k6HZEG2N3ve4CW+0m9Cd+cWPz8wkZ+M0j/Eqa6F0IdbkXEc\n" + - "Q7CuzvUyJ57xQ3L/WCgXsiS+Bh8O4Mz7GwW22CGmHqafbVv+hKBfr8MkskO6GJUt\n" + - "SUF/CVLzB4gMIvZMH26tBP2xK+i7FeEK9kT+nGdzQSZBAhFYpEVCBplHZO24/OYq\n" + - "1DNoU327nUuXIhmsfA8N0PjiWbIZIjTPwBGr9H0LpATI7DIDNcvRRvtROP+pBU9y\n" + - "fuykPkptg9C0rCM9t06bukpOSaEz/2VIQdLE8fHYFA6pHZ6CIc2+5cfvMgTPhcjz\n" + - "W2jCt6MjMCEwHwYDVR0jBBgwFoAUdmae9zvdReU72XI8P/BUOYYxJlMwCwYJYIZI\n" + - "AWUDBAMCA0gAMEUCIQCeI5fN08b9BpOaHdc3zQNGjp24FOL/RxlBLeBAorswJgIg\n" + - "JEZ8DhYxQy1O7mmZ2UIT7op6epWMB4dENjs0qWPmcKo=\n" + - "-----END CERTIFICATE-----" - }; + CA_DSA_2048( + "DSA", + // SHA256withDSA, 2048 bits + // Validity + // Not Before: May 22 07:18:18 2018 GMT + // Not After : May 17 07:18:18 2038 GMT + // Subject Key Identifier: + // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53 + "-----BEGIN CERTIFICATE-----\n" + + "MIIErjCCBFSgAwIBAgIJAOktYLNCbr02MAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + + "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" + + "Y2UwHhcNMTgwNTIyMDcxODE4WhcNMzgwNTE3MDcxODE4WjA7MQswCQYDVQQGEwJV\n" + + "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Uw\n" + + "ggNHMIICOQYHKoZIzjgEATCCAiwCggEBAO5GyPhSm0ze3LSu+gicdULLj05iOfTL\n" + + "UvZQ29sYz41zmqrLBQbdKiHqgJu2Re9sgTb5suLNjF047TOLPnU3jhPtWm2X8Xzi\n" + + "VGIcHym/Q/MeZxStt/88seqroI3WOKzIML2GcrishT+lcGrtH36Tf1+ue2Snn3PS\n" + + "WyxygNqPjllP5uUjYmFLvAf4QLMldkd/D2VxcwsHjB8y5iUZsXezc/LEhRZS/02m\n" + + "ivqlRw3AMkq/OVe/ZtxFWsP0nsfxEGdZuaUFpppGfixxFvymrB3+J51cTt+pZBDq\n" + + "D2y0DYfc+88iCs4jwHTfcDIpLb538HBjBj2rEgtQESQmB0ooD/+wsPsCIQC1bYch\n" + + "gElNtDYL3FgpLgNSUYp7gIWv9ehaC7LO2z7biQKCAQBitvFOnDkUja8NAF7lDpOV\n" + + "b5ipQ8SicBLW3kQamxhyuyxgZyy/PojZ/oPorkqW/T/A0rhnG6MssEpAtdiwVB+c\n" + + "rBYGo3bcwmExJhdOJ6dYuKFppPWhCwKMHs9npK+lqBMl8l5j58xlcFeC7ZfGf8GY\n" + + "GkhFW0c44vEQhMMbac6ZTTP4mw+1t7xJfmDMlLEyIpTXaAAk8uoVLWzQWnR40sHi\n" + + "ybvS0u3JxQkb7/y8tOOZu8qlz/YOS7lQ6UxUGX27Ce1E0+agfPphetoRAlS1cezq\n" + + "Wa7r64Ga0nkj1kwkcRqjgTiJx0NwnUXr78VAXFhVF95+O3lfqhvdtEGtkhDGPg7N\n" + + "A4IBBgACggEBAMmSHQK0w2i+iqUjOPzn0yNEZrzepLlLeQ1tqtn0xnlv5vBAeefD\n" + + "Pm9dd3tZOjufVWP7hhEz8xPobb1CS4e3vuQiv5UBfhdPL3f3l9T7JMAKPH6C9Vve\n" + + "OQXE5eGqbjsySbcmseHoYUt1WCSnSda1opX8zchX04e7DhGfE2/L9flpYEoSt8lI\n" + + "vMNjgOwvKdW3yvPt1/eBBHYNFG5gWPv/Q5KoyCtHS03uqGm4rNc/wZTIEEfd66C+\n" + + "QRaUltjOaHmtwOdDHaNqwhYZSVOip+Mo+TfyzHFREcdHLapo7ZXqbdYkRGxRR3d+\n" + + "3DfHaraJO0OKoYlPkr3JMvM/MSGR9AnZOcejUDBOMB0GA1UdDgQWBBR2Zp73O91F\n" + + "5TvZcjw/8FQ5hjEmUzAfBgNVHSMEGDAWgBR2Zp73O91F5TvZcjw/8FQ5hjEmUzAM\n" + + "BgNVHRMEBTADAQH/MAsGCWCGSAFlAwQDAgNHADBEAiBzriYE41M2y9Hy5ppkL0Qn\n" + + "dIlNc8JhXT/PHW7GDtViagIgMko8Qoj9gDGPK3+O9E8DC3wGiiF9CObM4LN387ok\n" + + "J+g=\n" + + "-----END CERTIFICATE-----", + "MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQDuRsj4UptM3ty0rvoInHVCy49O" + + "Yjn0y1L2UNvbGM+Nc5qqywUG3Soh6oCbtkXvbIE2+bLizYxdOO0ziz51N44T7Vpt" + + "l/F84lRiHB8pv0PzHmcUrbf/PLHqq6CN1jisyDC9hnK4rIU/pXBq7R9+k39frntk" + + "p59z0lsscoDaj45ZT+blI2JhS7wH+ECzJXZHfw9lcXMLB4wfMuYlGbF3s3PyxIUW" + + "Uv9Npor6pUcNwDJKvzlXv2bcRVrD9J7H8RBnWbmlBaaaRn4scRb8pqwd/iedXE7f" + + "qWQQ6g9stA2H3PvPIgrOI8B033AyKS2+d/BwYwY9qxILUBEkJgdKKA//sLD7AiEA" + + "tW2HIYBJTbQ2C9xYKS4DUlGKe4CFr/XoWguyzts+24kCggEAYrbxTpw5FI2vDQBe" + + "5Q6TlW+YqUPEonAS1t5EGpsYcrssYGcsvz6I2f6D6K5Klv0/wNK4ZxujLLBKQLXY" + + "sFQfnKwWBqN23MJhMSYXTienWLihaaT1oQsCjB7PZ6SvpagTJfJeY+fMZXBXgu2X" + + "xn/BmBpIRVtHOOLxEITDG2nOmU0z+JsPtbe8SX5gzJSxMiKU12gAJPLqFS1s0Fp0" + + "eNLB4sm70tLtycUJG+/8vLTjmbvKpc/2Dku5UOlMVBl9uwntRNPmoHz6YXraEQJU" + + "tXHs6lmu6+uBmtJ5I9ZMJHEao4E4icdDcJ1F6+/FQFxYVRfefjt5X6ob3bRBrZIQ" + + "xj4OzQQjAiEAsceWOM8do4etxp2zgnoNXV8PUUyqWhz1+0srcKV7FR4="), - // Private key in the format of PKCS#8. - final static String[] endEntityPrivateKeys = { - // - // EC private key related to cert endEntityCertStrs[0]. - // - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" + - "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" + - "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6", + CA_DSA_1024( + "DSA", + // dsaWithSHA1, 1024 bits + // Validity + // Not Before: Apr 24 12:25:43 2020 GMT + // Not After : Apr 22 12:25:43 2030 GMT + // Authority Key Identifier: + // E1:3C:01:52:EB:D1:38:F7:CF:F1:E3:5E:DB:54:75:7F:5E:AB:2D:36 + "-----BEGIN CERTIFICATE-----\n" + + "MIIC9TCCArWgAwIBAgIUd52yKk0OxQuxdaYRAfq5VLuF1ZAwCQYHKoZIzjgEAzAu\n" + + "MQswCQYDVQQGEwJVUzENMAsGA1UECgwESmF2YTEQMA4GA1UECwwHU3VuSlNTRTAe\n" + + "Fw0yMDA0MjQxMjI1NDJaFw0zMDA0MjIxMjI1NDJaMC4xCzAJBgNVBAYTAlVTMQ0w\n" + + "CwYDVQQKDARKYXZhMRAwDgYDVQQLDAdTdW5KU1NFMIIBtjCCASsGByqGSM44BAEw\n" + + "ggEeAoGBAKgyb2XpANq43T8yBf5v0PTBOddLPxd0f0FotASron5rQr86JjBTfgIW\n" + + "oE4u7nYlO6bp/M4Dw6qZr+HaDu9taIDOj6LL51eUShVsOgS7XZcUzLT8vPnkEDDo\n" + + "u326x0B7fuNCbMLm+ipM2d4FhLUTt4Qb5TcY6l7dOGHeWiL7nl43AhUAoGr8DY2m\n" + + "WHZPHk2XbZ5wpaM2lLcCgYBKiFbFFViH/ylHJRPtYtjtJw4ls1scbVP4TRHnKoZc\n" + + "HPAird1fDYgGC2b0GQNAMABhI+L+ogxS7qakySpJCheuN25AjiSyilygQdlXoWRt\n" + + "Mggsh8EQZT7iP4V4e9m3xRHzb5ECvsSTdZB1BQMcC90W2Avq+orqgBnr2in9UEd8\n" + + "qwOBhAACgYAgVWxjYWlWIv7s4BnNMQoPKppi205f3aC6wv6Rqk4BnYYYrFONEmzQ\n" + + "hzj6lSXfxLpTu4lg2zNeIraZggoS0ztkbZNNADEmAHx+OLshiJJxu2/KfoopJOZg\n" + + "8ARmuaKOkWbkW9y4hWhfBlVwZbckG3Eibff0xronIXXy7B7UKaccyqNTMFEwHQYD\n" + + "VR0OBBYEFOE8AVLr0Tj3z/HjXttUdX9eqy02MB8GA1UdIwQYMBaAFOE8AVLr0Tj3\n" + + "z/HjXttUdX9eqy02MA8GA1UdEwEB/wQFMAMBAf8wCQYHKoZIzjgEAwMvADAsAhRC\n" + + "YLduLniBEJ51SfBWIkvNW6OG7QIUSKaTY6rgEFDEMoTqOjFChR22nkk=\n" + + "-----END CERTIFICATE-----", + "MIIBSgIBADCCASsGByqGSM44BAEwggEeAoGBAKgyb2XpANq43T8yBf5v0PTBOddL\n" + + "Pxd0f0FotASron5rQr86JjBTfgIWoE4u7nYlO6bp/M4Dw6qZr+HaDu9taIDOj6LL\n" + + "51eUShVsOgS7XZcUzLT8vPnkEDDou326x0B7fuNCbMLm+ipM2d4FhLUTt4Qb5TcY\n" + + "6l7dOGHeWiL7nl43AhUAoGr8DY2mWHZPHk2XbZ5wpaM2lLcCgYBKiFbFFViH/ylH\n" + + "JRPtYtjtJw4ls1scbVP4TRHnKoZcHPAird1fDYgGC2b0GQNAMABhI+L+ogxS7qak\n" + + "ySpJCheuN25AjiSyilygQdlXoWRtMggsh8EQZT7iP4V4e9m3xRHzb5ECvsSTdZB1\n" + + "BQMcC90W2Avq+orqgBnr2in9UEd8qwQWAhQ7rSn+WvIxeuZ/CK4p04eMe5JzpA=="), - // - // RSA private key related to cert endEntityCertStrs[1]. - // - "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzN8GhtZ9kinwC\n" + - "ALo+JYMNq8/rmZK+AJdQbEAJvFU0B+QuE1FA6weuJEHdfVDee870960LrAqW8T2O\n" + - "WcMOPsP7WPWvUIc7uazV+ryt9xBh2RqcO27gCUejy/5JJZfXowhcVFgOPZVUebI+\n" + - "2BuW1yDjMYC7BPvjoV0sj3i5eMmOrUg6v+/RUiXATk5FYfldz7lOP6gVYrQThrgY\n" + - "cOC0oqGfabvaE3nr8aQ8oaSC4/k1FLWphhX8QWR3JAw5XwnUzsdqJxJ+3g4vp4qN\n" + - "OuCj3f6QeT62/QNzpylUGdqVfdOisbxAjoFwePVdB3vygCUAL7+MXilzSbCLS6fj\n" + - "2R0r2BF9AgMBAAECggEASIkPkMCuw4WdTT44IwERus3IOIYOs2IP3BgEDyyvm4B6\n" + - "JP/iihDWKfA4zEl1Gqcni1RXMHswSglXra682J4kui02Ov+vzEeJIY37Ibn2YnP5\n" + - "ZjRT2s9GtI/S2o4hl8A/mQb2IMViFC+xKehTukhV4j5d6NPKk0XzLR7gcMjnYxwn\n" + - "l21fS6D2oM1xRG/di7sL+uLF8EXLRzfiWDNi12uQv4nwtxPKvuKhH6yzHt7YqMH0\n" + - "46pmDKDaxV4w1JdycjCb6NrCJOYZygoQobuZqOQ30UZoZsPJrtovkncFr1e+lNcO\n" + - "+aWDfOLCtTH046dEQh5oCShyXMybNlry/QHsOtHOwQKBgQDh2iIjs+FPpQy7Z3EX\n" + - "DGEvHYqPjrYO9an2KSRr1m9gzRlWYxKY46WmPKwjMerYtra0GP+TBHrgxsfO8tD2\n" + - "wUAII6sd1qup0a/Sutgf2JxVilLykd0+Ge4/Cs51tCdJ8EqDV2B6WhTewOY2EGvg\n" + - "JiKYkeNwgRX/9M9CFSAMAk0hUQKBgQDLJAartL3DoGUPjYtpJnfgGM23yAGl6G5r\n" + - "NSXDn80BiYIC1p0bG3N0xm3yAjqOtJAUj9jZbvDNbCe3GJfLARMr23legX4tRrgZ\n" + - "nEdKnAFKAKL01oM+A5/lHdkwaZI9yyv+hgSVdYzUjB8rDmzeVQzo1BT7vXypt2yV\n" + - "6O1OnUpCbQKBgA/0rzDChopv6KRcvHqaX0tK1P0rYeVQqb9ATNhpf9jg5Idb3HZ8\n" + - "rrk91BNwdVz2G5ZBpdynFl9G69rNAMJOCM4KZw5mmh4XOEq09Ivba8AHU7DbaTv3\n" + - "7QL7KnbaUWRB26HHzIMYVh0el6T+KADf8NXCiMTr+bfpfbL3dxoiF3zhAoGAbCJD\n" + - "Qse1dBs/cKYCHfkSOsI5T6kx52Tw0jS6Y4X/FOBjyqr/elyEexbdk8PH9Ar931Qr\n" + - "NKMvn8oA4iA/PRrXX7M2yi3YQrWwbkGYWYjtzrzEAdzmg+5eARKAeJrZ8/bg9l3U\n" + - "ttKaItJsDPlizn8rngy3FsJpR9aSAMK6/+wOiYkCgYEA1tZkI1rD1W9NYZtbI9BE\n" + - "qlJVFi2PBOJMKNuWdouPX3HLQ72GJSQff2BFzLTELjweVVJ0SvY4IipzpQOHQOBy\n" + - "5qh/p6izXJZh3IHtvwVBjHoEVplg1b2+I5e3jDCfqnwcQw82dW5SxOJMg1h/BD0I\n" + - "qAL3go42DYeYhu/WnECMeis=", + CA_ED25519( + "EdDSA", + // ED25519 + // Validity + // Not Before: May 24 23:32:35 2020 GMT + // Not After : May 22 23:32:35 2030 GMT + // X509v3 Authority Key Identifier: + // keyid:06:76:DB:88:EB:61:55:4C:C9:63:41:C2:A0:A8:57:3F:D7:F1:B8:EC + "-----BEGIN CERTIFICATE-----\n" + + "MIIByTCCAXugAwIBAgIUCyxKvhErehsygx50JYArsHby9hAwBQYDK2VwMDsxCzAJ\n" + + "BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" + + "U2VyaXZjZTAeFw0yMDA1MjQyMzMyMzVaFw0zMDA1MjIyMzMyMzVaMDsxCzAJBgNV\n" + + "BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + + "aXZjZTAqMAUGAytlcAMhAKdotuYIkH8PYbopSLbaf1BtqUY2d6AbTgK2prMzQ6B3\n" + + "o4GQMIGNMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAZ224jrYVVMyWNBwqCo\n" + + "Vz/X8bjsMB8GA1UdIwQYMBaAFAZ224jrYVVMyWNBwqCoVz/X8bjsMA4GA1UdDwEB\n" + + "/wQEAwIBhjAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAwYIKwYBBQUHAwgGCCsGAQUF\n" + + "BwMJMAUGAytlcANBADVAArvME8xFigFhCCCOTBoy/4ldGkDZQ/GT3Q6xnAP558FU\n" + + "0G32OprKQZP43D9bmFU0LMgCVM9bHWU+bu/10AU=\n" + + "-----END CERTIFICATE-----", + "MC4CAQAwBQYDK2VwBCIEII/VYp8nu/eqq2L5y7/3IzavBgis4LWP6Rikv0N8SpgL"), - // - // EC private key related to cert endEntityCertStrs[2]. - // - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGVc7hICpmp91jbYe\n" + - "nrr8nYHD37RZP3VENY+szuA7WjuhRANCAATn0wRE1OVVnV56mzxnc657lmSBB0+0\n" + - "P5YgTq2Pc9sgqnEY8PG980/3n0DJCMQr96FZBWsIyY2gSQjNj4ggGAHT", + CA_ED448( + "EdDSA", + // ED448 + // Validity + // Not Before: May 24 23:23:43 2020 GMT + // Not After : May 22 23:23:43 2030 GMT + // X509v3 Authority Key Identifier: + // keyid:F5:D5:9D:FB:6F:B7:50:29:DF:F0:B8:83:10:5F:9B:C4:A8:1C:E9:F4 + "-----BEGIN CERTIFICATE-----\n" + + "MIICFDCCAZSgAwIBAgIUKcmLeKilq0LN40sniBJO7F1gb/owBQYDK2VxMDsxCzAJ\n" + + "BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" + + "U2VyaXZjZTAeFw0yMDA1MjQyMzIzNDNaFw0zMDA1MjIyMzIzNDNaMDsxCzAJBgNV\n" + + "BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + + "aXZjZTBDMAUGAytlcQM6APYP8iSXS8xPVDike5RgCByfTtg4GGtpYfoBtt6G5szA\n" + + "55ExAKjm03wtk29nEPU2mCHF2QgfBzUrgKOBkDCBjTAPBgNVHRMBAf8EBTADAQH/\n" + + "MB0GA1UdDgQWBBT11Z37b7dQKd/wuIMQX5vEqBzp9DAfBgNVHSMEGDAWgBT11Z37\n" + + "b7dQKd/wuIMQX5vEqBzp9DAOBgNVHQ8BAf8EBAMCAYYwKgYDVR0lAQH/BCAwHgYI\n" + + "KwYBBQUHAwMGCCsGAQUFBwMIBggrBgEFBQcDCTAFBgMrZXEDcwAlRXA2gPb52yV3\n" + + "MKJErjmKlYSFExj5w5jafbbd0QgI1yDs+qSaZLjQ8ljwabmLDg+KR+167m0djQDI\n" + + "OOoVuL7bgM0RL836KnuuBzm+gTdPp0gCXy3k9lL0KA0V2YLJHXXzu3suu+7rdgoP\n" + + "plCh2hWdLgA=\n" + + "-----END CERTIFICATE-----", + "MEcCAQAwBQYDK2VxBDsEOd6/hRZqkUyTlJSwdN5gO/HnoWYda1fD83YUm5j6m2Bg\n" + + "hAQi+QadFsQLD7R6PI/4Q0twXqlKnxU5Ug=="), - // - // DSA private key related to cert endEntityCertStrs[3]. - // - "MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQCaVq+CgmsxyOpZFVwMTZ2ZYA9E\n" + - "SCfNC+d4QN5/rxymsPONLC86zlB4XLHvmJtp2jV7qM7+tbWmsIZYcMPWgD9Ofg+T\n" + - "e+7SdTHO+XWoBNz5olulRTk6nRu+notsKxBCyVX0V5GHsRvts/qClz+QcIHMSALV\n" + - "UIrumtxxdbL63pIw4ds0PeH5RtyR9JpS5pWxUk1MPUPoYSV9GPg2bPUEY99Ji8qi\n" + - "vA1kRTeBfAWC0OgBwbHu1zIKUukMd+pF/D/vKKovJ6I/sPiGXmUw2i4lYOUB0wWn\n" + - "QUyBLez1UMWKchyvpW0FYxMbv7j5zMcAH7d++vCWo3OEGfe4Uet6Q3/Dx83HAiEA\n" + - "mjtJp7XNrsgxbRDqETkHhv6zYH8Voo+gDgSO1m7XcH0CggEBAI5moswp++plZSBP\n" + - "Q9DdCNHt0AV13Toj1jf5M5DNmTX6P6/D/oRfi8Ui1fiCKFv+7lD0J2anCFUaLtu+\n" + - "j7v78gp5OChDp/n49K6DtKtZZRDmw/Bpm6LNdknmdN5kO5wVzbIXHTCCeNs/CJTF\n" + - "mSU5PvEaI4y3M5NraSgLPkq4gEv7/A8orGbKmj1Whj3F9t1Tosxdm/+WkPldMz2t\n" + - "gev+9RM2S6S9XoembRgwRaFVkpQmKoKpOoZcdqV47FLDq5BYH/5POeJ9wLuAHjxQ\n" + - "5CMKo4p/lW7BCd4kuGWFT+OFFXfG2v6EtlqFbXBiFWLxyMsOtkUqWARCqEHhyucl\n" + - "TSYlj60EIgIgLfA75+8KcKxdN8mr6gzGjQe7jPFGG42Ejhd7Q2F4wuw=" - }; + EE_ECDSA_SECP256R1( + "EC", + // SHA256withECDSA, curve secp256r1 + // Validity + // Not Before: May 22 07:18:16 2018 GMT + // Not After : May 17 07:18:16 2038 GMT + // Authority Key Identifier: + // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 + "-----BEGIN CERTIFICATE-----\n" + + "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + + "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + + "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" + + "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" + + "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" + + "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" + + "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" + + "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" + + "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" + + "-----END CERTIFICATE-----", + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" + + "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" + + "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6"), - // Private key algorithm of endEntityPrivateKeys. - final static String[] endEntityPrivateKeyAlgs = { - "EC", - "RSA", - "EC", - "DSA", - }; + EE_ECDSA_SECP384R1( + "EC", + // SHA384withECDSA, curve secp384r1 + // Validity + // Not Before: Jun 24 08:15:06 2019 GMT + // Not After : Jun 19 08:15:06 2039 GMT + // Authority Key Identifier: + // 40:2D:AA:EE:66:AA:33:27:AD:9B:5D:52:9B:60:67:6A:2B:AD:52:D2 + "-----BEGIN CERTIFICATE-----\n" + + "MIICEjCCAZegAwIBAgIUS3F0AqAXWRg07CnbknJzxofyBQMwCgYIKoZIzj0EAwMw\n" + + "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + + "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" + + "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + + "dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwdjAQBgcqhkjOPQIB\n" + + "BgUrgQQAIgNiAARqElz8b6T07eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/w\n" + + "G8ASSevpgqgpi6EzpBZaaJxE3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEj\n" + + "iLjYmt3O0pwpklijQjBAMB0GA1UdDgQWBBRALaruZqozJ62bXVKbYGdqK61S0jAf\n" + + "BgNVHSMEGDAWgBRKS1IUCtHWn/mZdXSTKjRHEhVr9TAKBggqhkjOPQQDAwNpADBm\n" + + "AjEArVDFKf48xijN6huVUJzKCOP0zlWB5Js+DItIkZmLQuhciPLhLIB/rChf3Y4C\n" + + "xuP4AjEAmfLhQRI0O3pifpYzYSVh2G7/jHNG4eO+2dvgAcU+Lh2IIj/cpLaPFSvL\n" + + "J8FXY9Nj\n" + + "-----END CERTIFICATE-----", + "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDASuI9EtK29APXPipkc\n" + + "qDA+qwlewMjv/OcjUJ77kP1Vz62oVF9iY9SRIyFIUju8wt+hZANiAARqElz8b6T0\n" + + "7eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/wG8ASSevpgqgpi6EzpBZaaJxE\n" + + "3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEjiLjYmt3O0pwpklg="), - // Private key names of endEntityPrivateKeys. - static final String[] endEntityPrivateKeyNames = { - "ecdsa", - "rsa", - "ec-rsa", - "dsa", - }; + EE_ECDSA_SECP521R1( + "EC", + // SHA512withECDSA, curve secp521r1 + // Validity + // Not Before: Jun 24 08:15:06 2019 GMT + // Not After : Jun 19 08:15:06 2039 GMT + // Authority Key Identifier: + // 7B:AA:79:A4:49:DD:59:34:F0:86:6C:51:C7:30:F4:CE:C5:81:8A:28 + "-----BEGIN CERTIFICATE-----\n" + + "MIICXDCCAb2gAwIBAgIUck4QTsbHNqUfPxfGPJLYbedFPdswCgYIKoZIzj0EAwQw\n" + + "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + + "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" + + "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + + "dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwgZswEAYHKoZIzj0C\n" + + "AQYFK4EEACMDgYYABAGa2zDLhYQHHCLI3YBqFYJTzrnDIjzwXrxhcRTS8DYkcrjZ\n" + + "+Fih1YyNhix0sdjH+3EqElXAHHuVzn3n3hPOtQCWlQCICkErB34S0cvmtRkeW8Fi\n" + + "hrR5tvJEzEZjPSgwn81kKyhV2L70je6i7Cw884Va8bODckpgw0vTmbQb7T9dupkv\n" + + "1aNCMEAwHQYDVR0OBBYEFHuqeaRJ3Vk08IZsUccw9M7FgYooMB8GA1UdIwQYMBaA\n" + + "FEAivFrtaq2pQJ4cW4pEQML3aym9MAoGCCqGSM49BAMEA4GMADCBiAJCAb33KHdY\n" + + "WDbusORWoY8Euglpd5zsF15hJsk7wtpD5HST1/NWmdCx405w+TV6a9Gr4VPHeaIQ\n" + + "99i/+f237ALL5p6IAkIBbwwFL1vt3c/bx+niyuffQPNjly80rdC9puqAqriSiboS\n" + + "efhxjidJ9HLaIRCMEPyd6vAsC8mO8YvL1uCuEQLsiGM=\n" + + "-----END CERTIFICATE-----", + "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIB8C/2OX2Dt9vFszzV\n" + + "hcAe0CbkMlvu9uQ/L7Vz88heuIj0rUZIPGshvgIJt1hCMT8HZxYHvDa4lbUvqjFB\n" + + "+zafvPWhgYkDgYYABAGa2zDLhYQHHCLI3YBqFYJTzrnDIjzwXrxhcRTS8DYkcrjZ\n" + + "+Fih1YyNhix0sdjH+3EqElXAHHuVzn3n3hPOtQCWlQCICkErB34S0cvmtRkeW8Fi\n" + + "hrR5tvJEzEZjPSgwn81kKyhV2L70je6i7Cw884Va8bODckpgw0vTmbQb7T9dupkv\n" + + "1Q=="), - /* - * Create an instance of SSLContext with the specified trust/key materials. - */ - private SSLContext createSSLContext( - KeyManager keyManager, - TrustManager trustManager, - ContextParameters params) throws Exception { + EE_RSA_2048( + "RSA", + // SHA256withRSA, 2048 bits + // Validity + // Not Before: May 22 07:18:16 2018 GMT + // Not After : May 17 07:18:16 2038 GMT + // Authority Key Identifier: + // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C + "-----BEGIN CERTIFICATE-----\n" + + "MIIDNjCCAh6gAwIBAgIJAO2+yPcFryUTMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + + "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + + "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYT\n" + + "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + + "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n" + + "AQ8AMIIBCgKCAQEAszfBobWfZIp8AgC6PiWDDavP65mSvgCXUGxACbxVNAfkLhNR\n" + + "QOsHriRB3X1Q3nvO9PetC6wKlvE9jlnDDj7D+1j1r1CHO7ms1fq8rfcQYdkanDtu\n" + + "4AlHo8v+SSWX16MIXFRYDj2VVHmyPtgbltcg4zGAuwT746FdLI94uXjJjq1IOr/v\n" + + "0VIlwE5ORWH5Xc+5Tj+oFWK0E4a4GHDgtKKhn2m72hN56/GkPKGkguP5NRS1qYYV\n" + + "/EFkdyQMOV8J1M7HaicSft4OL6eKjTrgo93+kHk+tv0Dc6cpVBnalX3TorG8QI6B\n" + + "cHj1XQd78oAlAC+/jF4pc0mwi0un49kdK9gRfQIDAQABoyMwITAfBgNVHSMEGDAW\n" + + "gBQN3ZPJ/ku9NbfomXiQ+9taPdsVTDANBgkqhkiG9w0BAQsFAAOCAQEApXS0nKwm\n" + + "Kp8gpmO2yG1rpd1+2wBABiMU4JZaTqmma24DQ3RzyS+V2TeRb29dl5oTUEm98uc0\n" + + "GPZvhK8z5RFr4YE17dc04nI/VaNDCw4y1NALXGs+AHkjoPjLyGbWpi1S+gfq2sNB\n" + + "Ekkjp6COb/cb9yiFXOGVls7UOIjnVZVd0r7KaPFjZhYh82/f4PA/A1SnIKd1+nfH\n" + + "2yk7mSJNC7Z3qIVDL8MM/jBVwiC3uNe5GPB2uwhd7k5LGAVN3j4HQQGB0Sz+VC1h\n" + + "92oi6xDa+YBva2fvHuCd8P50DDjxmp9CemC7rnZ5j8egj88w14X44Xjb/Fd/ApG9\n" + + "e57NnbT7KM+Grw==\n" + + "-----END CERTIFICATE-----", + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzN8GhtZ9kinwC\n" + + "ALo+JYMNq8/rmZK+AJdQbEAJvFU0B+QuE1FA6weuJEHdfVDee870960LrAqW8T2O\n" + + "WcMOPsP7WPWvUIc7uazV+ryt9xBh2RqcO27gCUejy/5JJZfXowhcVFgOPZVUebI+\n" + + "2BuW1yDjMYC7BPvjoV0sj3i5eMmOrUg6v+/RUiXATk5FYfldz7lOP6gVYrQThrgY\n" + + "cOC0oqGfabvaE3nr8aQ8oaSC4/k1FLWphhX8QWR3JAw5XwnUzsdqJxJ+3g4vp4qN\n" + + "OuCj3f6QeT62/QNzpylUGdqVfdOisbxAjoFwePVdB3vygCUAL7+MXilzSbCLS6fj\n" + + "2R0r2BF9AgMBAAECggEASIkPkMCuw4WdTT44IwERus3IOIYOs2IP3BgEDyyvm4B6\n" + + "JP/iihDWKfA4zEl1Gqcni1RXMHswSglXra682J4kui02Ov+vzEeJIY37Ibn2YnP5\n" + + "ZjRT2s9GtI/S2o4hl8A/mQb2IMViFC+xKehTukhV4j5d6NPKk0XzLR7gcMjnYxwn\n" + + "l21fS6D2oM1xRG/di7sL+uLF8EXLRzfiWDNi12uQv4nwtxPKvuKhH6yzHt7YqMH0\n" + + "46pmDKDaxV4w1JdycjCb6NrCJOYZygoQobuZqOQ30UZoZsPJrtovkncFr1e+lNcO\n" + + "+aWDfOLCtTH046dEQh5oCShyXMybNlry/QHsOtHOwQKBgQDh2iIjs+FPpQy7Z3EX\n" + + "DGEvHYqPjrYO9an2KSRr1m9gzRlWYxKY46WmPKwjMerYtra0GP+TBHrgxsfO8tD2\n" + + "wUAII6sd1qup0a/Sutgf2JxVilLykd0+Ge4/Cs51tCdJ8EqDV2B6WhTewOY2EGvg\n" + + "JiKYkeNwgRX/9M9CFSAMAk0hUQKBgQDLJAartL3DoGUPjYtpJnfgGM23yAGl6G5r\n" + + "NSXDn80BiYIC1p0bG3N0xm3yAjqOtJAUj9jZbvDNbCe3GJfLARMr23legX4tRrgZ\n" + + "nEdKnAFKAKL01oM+A5/lHdkwaZI9yyv+hgSVdYzUjB8rDmzeVQzo1BT7vXypt2yV\n" + + "6O1OnUpCbQKBgA/0rzDChopv6KRcvHqaX0tK1P0rYeVQqb9ATNhpf9jg5Idb3HZ8\n" + + "rrk91BNwdVz2G5ZBpdynFl9G69rNAMJOCM4KZw5mmh4XOEq09Ivba8AHU7DbaTv3\n" + + "7QL7KnbaUWRB26HHzIMYVh0el6T+KADf8NXCiMTr+bfpfbL3dxoiF3zhAoGAbCJD\n" + + "Qse1dBs/cKYCHfkSOsI5T6kx52Tw0jS6Y4X/FOBjyqr/elyEexbdk8PH9Ar931Qr\n" + + "NKMvn8oA4iA/PRrXX7M2yi3YQrWwbkGYWYjtzrzEAdzmg+5eARKAeJrZ8/bg9l3U\n" + + "ttKaItJsDPlizn8rngy3FsJpR9aSAMK6/+wOiYkCgYEA1tZkI1rD1W9NYZtbI9BE\n" + + "qlJVFi2PBOJMKNuWdouPX3HLQ72GJSQff2BFzLTELjweVVJ0SvY4IipzpQOHQOBy\n" + + "5qh/p6izXJZh3IHtvwVBjHoEVplg1b2+I5e3jDCfqnwcQw82dW5SxOJMg1h/BD0I\n" + + "qAL3go42DYeYhu/WnECMeis="), - SSLContext context = SSLContext.getInstance(params.contextProtocol); - context.init( - new KeyManager[] { - keyManager - }, - new TrustManager[] { - trustManager - }, - null); + EE_EC_RSA_SECP256R1( + "EC", + // SHA256withRSA, curve secp256r1 + // Validity + // Not Before: May 22 07:18:16 2018 GMT + // Not After : May 21 07:18:16 2028 GMT + // Authority Key Identifier: + // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C + "-----BEGIN CERTIFICATE-----\n" + + "MIICazCCAVOgAwIBAgIJAO2+yPcFryUUMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + + "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + + "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0yODA1MjEwNzE4MTZaMFUxCzAJBgNVBAYT\n" + + "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + + "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" + + "AQcDQgAE59MERNTlVZ1eeps8Z3Oue5ZkgQdPtD+WIE6tj3PbIKpxGPDxvfNP959A\n" + + "yQjEK/ehWQVrCMmNoEkIzY+IIBgB06MjMCEwHwYDVR0jBBgwFoAUDd2Tyf5LvTW3\n" + + "6Jl4kPvbWj3bFUwwDQYJKoZIhvcNAQELBQADggEBAFOTVEqs70ykhZiIdrEsF1Ra\n" + + "I3B2rLvwXZk52uSltk2/bzVvewA577ZCoxQ1pL7ynkisPfBN1uVYtHjM1VA3RC+4\n" + + "+TAK78dnI7otYjWoHp5rvs4l6c/IbOspS290IlNuDUxMErEm5wxIwj+Aukx/1y68\n" + + "hOyCvHBLMY2c1LskH1MMBbDuS1aI+lnGpToi+MoYObxGcV458vxuT8+wwV8Fkpvd\n" + + "ll8IIFmeNPRv+1E+lXbES6CSNCVaZ/lFhPgdgYKleN7sfspiz50DG4dqafuEAaX5\n" + + "xaK1NWXJxTRz0ROH/IUziyuDW6jphrlgit4+3NCzp6vP9hAJQ8Vhcj0n15BKHIQ=\n" + + "-----END CERTIFICATE-----", + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGVc7hICpmp91jbYe\n" + + "nrr8nYHD37RZP3VENY+szuA7WjuhRANCAATn0wRE1OVVnV56mzxnc657lmSBB0+0\n" + + "P5YgTq2Pc9sgqnEY8PG980/3n0DJCMQr96FZBWsIyY2gSQjNj4ggGAHT"), - return context; - } + EE_RSA_512( + "RSA", + // md5WithRSAEncryption, 512 bits + // Validity + // Not Before: Nov 7 13:55:52 2011 GMT + // Not After : Jul 25 13:55:52 2031 GMT + // X509v3 Authority Key Identifier: + // B9:7C:D5:D9:DF:A7:4C:03:AE:FD:0E:27:5B:31:95:6C:C7:F3:75:E1 + "-----BEGIN CERTIFICATE-----\n" + + "MIICNDCCAZ2gAwIBAgIBDDANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + + "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + + "MTExMTA3MTM1NTUyWhcNMzEwNzI1MTM1NTUyWjBPMQswCQYDVQQGEwJVUzENMAsG\n" + + "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEjAQBgNV\n" + + "BAMTCWxvY2FsaG9zdDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3Pb49OSPfOD2G\n" + + "HSXFCFx1GJEZfqG9ZUf7xuIi/ra5dLjPGAaoY5QF2QOa8VnOriQCXDfyXHxsuRnE\n" + + "OomxL7EVAgMBAAGjeDB2MAsGA1UdDwQEAwID6DAdBgNVHQ4EFgQUXNCJK3/dtCIc\n" + + "xb+zlA/JINlvs/MwHwYDVR0jBBgwFoAUuXzV2d+nTAOu/Q4nWzGVbMfzdeEwJwYD\n" + + "VR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAzANBgkqhkiG9w0B\n" + + "AQQFAAOBgQB2qIDUxA2caMPpGtUACZAPRUtrGssCINIfItETXJZCx/cRuZ5sP4D9\n" + + "N1acoNDn0hCULe3lhXAeTC9NZ97680yJzregQMV5wATjo1FGsKY30Ma+sc/nfzQW\n" + + "+h/7RhYtoG0OTsiaDCvyhI6swkNJzSzrAccPY4+ZgU8HiDLzZTmM3Q==\n" + + "-----END CERTIFICATE-----", + "MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAtz2+PTkj3zg9hh0l\n" + + "xQhcdRiRGX6hvWVH+8biIv62uXS4zxgGqGOUBdkDmvFZzq4kAlw38lx8bLkZxDqJ\n" + + "sS+xFQIDAQABAkByx/5Oo2hQ/w2q4L8z+NTRlJ3vdl8iIDtC/4XPnfYfnGptnpG6\n" + + "ZThQRvbMZiai0xHQPQMszvAHjZVme1eDl3EBAiEA3aKJHynPVCEJhpfCLWuMwX5J\n" + + "1LntwJO7NTOyU5m8rPECIQDTpzn5X44r2rzWBDna/Sx7HW9IWCxNgUD2Eyi2nA7W\n" + + "ZQIgJerEorw4aCAuzQPxiGu57PB6GRamAihEAtoRTBQlH0ECIQDN08FgTtnesgCU\n" + + "DFYLLcw1CiHvc7fZw4neBDHCrC8NtQIgA8TOUkGnpCZlQ0KaI8KfKWI+vxFcgFnH\n" + + "3fnqsTgaUs4=" + ), - /* - * Create an instance of KeyManager with the specified key materials. - */ - static KeyManager createKeyManager( - String[] keyMaterialCerts, - String[] keyMaterialKeys, - String[] keyMaterialKeyAlgs, - String[] keyMaterialKeyNames, - ContextParameters params) throws Exception { + EE_DSA_2048( + "DSA", + // SHA256withDSA, 2048 bits + // Validity + // Not Before: May 22 07:18:20 2018 GMT + // Not After : May 17 07:18:20 2038 GMT + // Authority Key Identifier: + // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53 + "-----BEGIN CERTIFICATE-----\n" + + "MIIEnDCCBEGgAwIBAgIJAP/jh1qVhNVjMAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + + "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" + + "Y2UwHhcNMTgwNTIyMDcxODIwWhcNMzgwNTE3MDcxODIwWjBVMQswCQYDVQQGEwJV\n" + + "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Ux\n" + + "GDAWBgNVBAMMD1JlZ3Jlc3Npb24gVGVzdDCCA0cwggI6BgcqhkjOOAQBMIICLQKC\n" + + "AQEAmlavgoJrMcjqWRVcDE2dmWAPREgnzQvneEDef68cprDzjSwvOs5QeFyx75ib\n" + + "ado1e6jO/rW1prCGWHDD1oA/Tn4Pk3vu0nUxzvl1qATc+aJbpUU5Op0bvp6LbCsQ\n" + + "QslV9FeRh7Eb7bP6gpc/kHCBzEgC1VCK7prccXWy+t6SMOHbND3h+UbckfSaUuaV\n" + + "sVJNTD1D6GElfRj4Nmz1BGPfSYvKorwNZEU3gXwFgtDoAcGx7tcyClLpDHfqRfw/\n" + + "7yiqLyeiP7D4hl5lMNouJWDlAdMFp0FMgS3s9VDFinIcr6VtBWMTG7+4+czHAB+3\n" + + "fvrwlqNzhBn3uFHrekN/w8fNxwIhAJo7Sae1za7IMW0Q6hE5B4b+s2B/FaKPoA4E\n" + + "jtZu13B9AoIBAQCOZqLMKfvqZWUgT0PQ3QjR7dAFdd06I9Y3+TOQzZk1+j+vw/6E\n" + + "X4vFItX4gihb/u5Q9CdmpwhVGi7bvo+7+/IKeTgoQ6f5+PSug7SrWWUQ5sPwaZui\n" + + "zXZJ5nTeZDucFc2yFx0wgnjbPwiUxZklOT7xGiOMtzOTa2koCz5KuIBL+/wPKKxm\n" + + "ypo9VoY9xfbdU6LMXZv/lpD5XTM9rYHr/vUTNkukvV6Hpm0YMEWhVZKUJiqCqTqG\n" + + "XHaleOxSw6uQWB/+TznifcC7gB48UOQjCqOKf5VuwQneJLhlhU/jhRV3xtr+hLZa\n" + + "hW1wYhVi8cjLDrZFKlgEQqhB4crnJU0mJY+tA4IBBQACggEAID0ezl00/X8mv7eb\n" + + "bzovum1+DEEP7FM57k6HZEG2N3ve4CW+0m9Cd+cWPz8wkZ+M0j/Eqa6F0IdbkXEc\n" + + "Q7CuzvUyJ57xQ3L/WCgXsiS+Bh8O4Mz7GwW22CGmHqafbVv+hKBfr8MkskO6GJUt\n" + + "SUF/CVLzB4gMIvZMH26tBP2xK+i7FeEK9kT+nGdzQSZBAhFYpEVCBplHZO24/OYq\n" + + "1DNoU327nUuXIhmsfA8N0PjiWbIZIjTPwBGr9H0LpATI7DIDNcvRRvtROP+pBU9y\n" + + "fuykPkptg9C0rCM9t06bukpOSaEz/2VIQdLE8fHYFA6pHZ6CIc2+5cfvMgTPhcjz\n" + + "W2jCt6MjMCEwHwYDVR0jBBgwFoAUdmae9zvdReU72XI8P/BUOYYxJlMwCwYJYIZI\n" + + "AWUDBAMCA0gAMEUCIQCeI5fN08b9BpOaHdc3zQNGjp24FOL/RxlBLeBAorswJgIg\n" + + "JEZ8DhYxQy1O7mmZ2UIT7op6epWMB4dENjs0qWPmcKo=\n" + + "-----END CERTIFICATE-----", + "MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQCaVq+CgmsxyOpZFVwMTZ2ZYA9E\n" + + "SCfNC+d4QN5/rxymsPONLC86zlB4XLHvmJtp2jV7qM7+tbWmsIZYcMPWgD9Ofg+T\n" + + "e+7SdTHO+XWoBNz5olulRTk6nRu+notsKxBCyVX0V5GHsRvts/qClz+QcIHMSALV\n" + + "UIrumtxxdbL63pIw4ds0PeH5RtyR9JpS5pWxUk1MPUPoYSV9GPg2bPUEY99Ji8qi\n" + + "vA1kRTeBfAWC0OgBwbHu1zIKUukMd+pF/D/vKKovJ6I/sPiGXmUw2i4lYOUB0wWn\n" + + "QUyBLez1UMWKchyvpW0FYxMbv7j5zMcAH7d++vCWo3OEGfe4Uet6Q3/Dx83HAiEA\n" + + "mjtJp7XNrsgxbRDqETkHhv6zYH8Voo+gDgSO1m7XcH0CggEBAI5moswp++plZSBP\n" + + "Q9DdCNHt0AV13Toj1jf5M5DNmTX6P6/D/oRfi8Ui1fiCKFv+7lD0J2anCFUaLtu+\n" + + "j7v78gp5OChDp/n49K6DtKtZZRDmw/Bpm6LNdknmdN5kO5wVzbIXHTCCeNs/CJTF\n" + + "mSU5PvEaI4y3M5NraSgLPkq4gEv7/A8orGbKmj1Whj3F9t1Tosxdm/+WkPldMz2t\n" + + "gev+9RM2S6S9XoembRgwRaFVkpQmKoKpOoZcdqV47FLDq5BYH/5POeJ9wLuAHjxQ\n" + + "5CMKo4p/lW7BCd4kuGWFT+OFFXfG2v6EtlqFbXBiFWLxyMsOtkUqWARCqEHhyucl\n" + + "TSYlj60EIgIgLfA75+8KcKxdN8mr6gzGjQe7jPFGG42Ejhd7Q2F4wuw="), - char[] passphrase = "passphrase".toCharArray(); + EE_DSA_1024( + "DSA", + // dsaWithSHA1, 1024 bits + // Validity + // Not Before: Apr 24 12:25:43 2020 GMT + // Not After : Apr 22 12:25:43 2030 GMT + // Authority Key Identifier: + // E1:3C:01:52:EB:D1:38:F7:CF:F1:E3:5E:DB:54:75:7F:5E:AB:2D:36 + "-----BEGIN CERTIFICATE-----\n" + + "MIIDADCCAr+gAwIBAgIUd2XJ5F2VTbk9a92w/NzLXR5zjUQwCQYHKoZIzjgEAzAu\n" + + "MQswCQYDVQQGEwJVUzENMAsGA1UECgwESmF2YTEQMA4GA1UECwwHU3VuSlNTRTAe\n" + + "Fw0yMDA0MjQxMjI1NDNaFw0zMDA0MjIxMjI1NDNaMEgxCzAJBgNVBAYTAlVTMQ0w\n" + + "CwYDVQQKDARKYXZhMRAwDgYDVQQLDAdTdW5KU1NFMRgwFgYDVQQDDA9SZWdyZXNz\n" + + "aW9uIFRlc3QwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA7fSkxYISlMJT+i8N5VOb\n" + + "lHhjrPYAy3oR2/YXQW6T0hCMhm8jmxgk1bDId9ZKHrxsM05EkCtRYaqag4ZZeGde\n" + + "ywv3IwwYqCQfGtkPwT9QAsdSABYwGOrlhEtZtBG1yQ44c+Rz/Vs+PtkAyZbf5VG1\n" + + "iSxFb9bI5QFJWJ9a2VpZh58CFQCCGALQoK4MsQP8V72WlB7Bvt9erwKBgQDCxu0G\n" + + "M2iZr0J8DaAo9/ChS4m7E7h6Jz9KOm2cFhzYGekkUXNzny7nyz6Qpgbuf8KNFKjt\n" + + "qoUDC8tlcVQAUlTcESC0TZXR3h21hl9wzIBhE+kJ1j8v1KAxfOaJOxObk5QEvIaA\n" + + "5j+jiHGwRS5tDqywOatz+emwMZv1wKnCNBElNgOBhAACgYBHjuQKucCuuvy/4DpG\n" + + "rSIzdueK+HrzOW8h2pfvz3lzpsyV6XJPC6we9CjaQjU01VcjwN2PoYtbGyml0pbK\n" + + "We4sdgn6LDL1aCM/WKRSxGHVTx+wkhKQ719YtiC0T6sA+eLirc6VT3/6+FbQWC+2\n" + + "bG7N19sGpV/RAXMBpRXUnBJSQaNCMEAwHQYDVR0OBBYEFNNZxyxuQmKvWowofr/S\n" + + "HdCIS+W8MB8GA1UdIwQYMBaAFOE8AVLr0Tj3z/HjXttUdX9eqy02MAkGByqGSM44\n" + + "BAMDMAAwLQIUUzzMhZ9St/Vo/YdgNTHdTw4cm14CFQCE6tWG157Wl5YFyYsGHsLY\n" + + "NN8uCA==\n" + + "-----END CERTIFICATE-----", + "MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAO30pMWCEpTCU/ovDeVTm5R4Y6z2\n" + + "AMt6Edv2F0Fuk9IQjIZvI5sYJNWwyHfWSh68bDNORJArUWGqmoOGWXhnXssL9yMM\n" + + "GKgkHxrZD8E/UALHUgAWMBjq5YRLWbQRtckOOHPkc/1bPj7ZAMmW3+VRtYksRW/W\n" + + "yOUBSVifWtlaWYefAhUAghgC0KCuDLED/Fe9lpQewb7fXq8CgYEAwsbtBjNoma9C\n" + + "fA2gKPfwoUuJuxO4eic/SjptnBYc2BnpJFFzc58u58s+kKYG7n/CjRSo7aqFAwvL\n" + + "ZXFUAFJU3BEgtE2V0d4dtYZfcMyAYRPpCdY/L9SgMXzmiTsTm5OUBLyGgOY/o4hx\n" + + "sEUubQ6ssDmrc/npsDGb9cCpwjQRJTYEFgIUNRiLmNzfTYOuVsjkySPzP5gPImM="), - // Generate certificate from cert string. - CertificateFactory cf = CertificateFactory.getInstance("X.509"); + EE_ED25519( + "EdDSA", + // ED25519 + // Validity + // Not Before: May 24 23:32:36 2020 GMT + // Not After : May 22 23:32:36 2030 GMT + // X509v3 Authority Key Identifier: + // keyid:06:76:DB:88:EB:61:55:4C:C9:63:41:C2:A0:A8:57:3F:D7:F1:B8:EC + "-----BEGIN CERTIFICATE-----\n" + + "MIIBlDCCAUagAwIBAgIUFTt/jcgQ65nhTG8LkrWFJhhEGuwwBQYDK2VwMDsxCzAJ\n" + + "BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" + + "U2VyaXZjZTAeFw0yMDA1MjQyMzMyMzZaFw0zMDA1MjIyMzMyMzZaMFUxCzAJBgNV\n" + + "BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + + "aXZjZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MCowBQYDK2VwAyEAGAYQmKb7\n" + + "WNYpVxIdsc49lI1emNjF06/Jl85zlG0wc9OjQjBAMB0GA1UdDgQWBBQkJ2E4/S8Z\n" + + "EIM1v9uTc0eYtYNk3zAfBgNVHSMEGDAWgBQGdtuI62FVTMljQcKgqFc/1/G47DAF\n" + + "BgMrZXADQQCVZnl/AyIEtZ8r45e/hcfxwuezgRX+7e9NHZFV1A/TMGcBRORDfDUi\n" + + "bbh72K528fjT7P4/WoXvm1zJKOAzUOUL\n" + + "-----END CERTIFICATE-----", + "MC4CAQAwBQYDK2VwBCIEIGBmdh4tfc0lng/LWokhfFLlo0ZlmTn2lbI639qou2KP"), - // Import the key materials. - // - // Note that certification paths bigger than one are not supported yet. - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(null, null); - ByteArrayInputStream is; - for (int i = 0; i < keyMaterialCerts.length; i++) { - String keyCertStr = keyMaterialCerts[i]; + EE_ED448( + "EdDSA", + // ED448 + // Validity + // Not Before: May 24 23:23:43 2020 GMT + // Not After : May 22 23:23:43 2030 GMT + // X509v3 Authority Key Identifier: + // keyid:F5:D5:9D:FB:6F:B7:50:29:DF:F0:B8:83:10:5F:9B:C4:A8:1C:E9:F4 + "-----BEGIN CERTIFICATE-----\n" + + "MIIB3zCCAV+gAwIBAgIUNlWzFrH2+BILqM3SNYQjKoY98S8wBQYDK2VxMDsxCzAJ\n" + + "BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" + + "U2VyaXZjZTAeFw0yMDA1MjQyMzIzNDNaFw0zMDA1MjIyMzIzNDNaMFUxCzAJBgNV\n" + + "BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + + "aXZjZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MEMwBQYDK2VxAzoAoIubPNAg\n" + + "F11u3MQ5d9wujg10+80I0xzYzTqzzXrfJNtw+eU8NbUk86xiCvlMzJRH0Oo3DbY8\n" + + "NAKAo0IwQDAdBgNVHQ4EFgQUUiI1+qT1x+HsDgfZRIU6hUaAbmUwHwYDVR0jBBgw\n" + + "FoAU9dWd+2+3UCnf8LiDEF+bxKgc6fQwBQYDK2VxA3MAx8P0mle08s5YDd/p58dt\n" + + "yORqvDPwo5IYPasqN8Zeen1B9u1xF/kvDGFxCJ6D9Gi4ynnDx0FZFMkA83evZcxJ\n" + + "+X+swt7FyHwXrdkZcvjRKEcsWhkj+0FlxYF/NZzLTGuGIPYJnRLEwf/zr+5NDxKs\n" + + "fCoA\n" + + "-----END CERTIFICATE-----", + "MEcCAQAwBQYDK2VxBDsEOfbhmUSuKP9WCO7Nr6JxVq5rfJESk1MNMyYhC134SiAP\n" + + "Suw0Cu7RZVadpfPR7Kiwb2b/JXjMdY1HAA=="), - // generate the private key. - PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( - Base64.getMimeDecoder().decode(keyMaterialKeys[i])); - KeyFactory kf = - KeyFactory.getInstance(keyMaterialKeyAlgs[i]); - PrivateKey priKey = kf.generatePrivate(priKeySpec); + EE_RSASSA_PSS( + "RSASSA-PSS", + // Signature Algorithm: rsassaPss + // Hash Algorithm: sha256 + // Mask Algorithm: mgf1 with sha256 + // + // Validity + // Not Before: Jun 6 07:11:00 2018 GMT + // Not After : Jun 1 07:11:00 2038 GMT + // X509v3 Authority Key Identifier: + // 1F:16:2B:79:8A:55:89:99:98:02:5F:84:18:D0:7B:1A:23:D8:88:0C + "-----BEGIN CERTIFICATE-----\n" + + "MIIDZjCCAh2gAwIBAgIUHxwPs3eAgJ057nJwiLgWZWeNqdgwPgYJKoZIhvcNAQEK\n" + + "MDGgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogQC\n" + + "AgDeMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xODA2MDYwNzExMDBaFw0zODA2\n" + + "MDEwNzExMDBaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASAwCwYJKoZIhvcNAQEK\n" + + "A4IBDwAwggEKAoIBAQCl8r4Qrg27BYUO/1Va2Ix8QPGzN/lvzmKvP5Ff26ovNW4v\n" + + "RUx68HzAhhiWtcl+PwLSbJqJreEkTlle7PnRAypby3fO7ZAK0Y3YiHquaBg7d+7Y\n" + + "FhhHwv8gG0lZcyA0BkXFJHqdq76qar0xHC6DVezXm0K3mcceymGtFR9BzWmAj+7D\n" + + "YsSwvtTQ7WNoQmf0cdDMSM71IwaTwIwvT2wzX1vv5hcdDyXdr64WFqWSA9sNJ2K6\n" + + "arxaaU1klwKSgDokF6njafWQ4UxdR67d5W1MYoiioDs2Yy3utsMpO2OUzZVBZNdT\n" + + "gkr1jsJhIurpz/5K51lwJIRQBezEFSb+60AFVoMJAgMBAAGjUDBOMB0GA1UdDgQW\n" + + "BBQfFit5ilWJmZgCX4QY0HsaI9iIDDAfBgNVHSMEGDAWgBQfFit5ilWJmZgCX4QY\n" + + "0HsaI9iIDDAMBgNVHRMEBTADAQH/MD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZIAWUD\n" + + "BAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3gOCAQEAa4yUQ3gh\n" + + "d1YWPdEa1sv2hdkhtenw6m5yxbmaQl2+nIKSpk4RfpXC7K1EYwBF8TdfFbD8hGGh\n" + + "5n81BT0/dn1R9SRGCv7KTxx4lfQt31frlsw/tVciwyXQtcUZ6DqfnLP0/aRVLNgx\n" + + "zaP542JUHFYLTC3EGz2zUgv70ZUTlIsPG3/p8YO1iXdnYGQyzOuQPUBpI7nS7UtR\n" + + "Ug8VE9ACpBxxI3qChMahFZGHlXCCSjSmxpQa6UO4SQl8q5tPNnqdzWwvAW8qkCy4\n" + + "6barRQ4sMcGayhHh/uSTx7bcl0FMJpcI1ygbw7/Pc03zKtw0gMTBMns7q4yXjb/u\n" + + "ef47nW0t+LRAAg==\n" + + "-----END CERTIFICATE-----", + "MIIEuwIBADALBgkqhkiG9w0BAQoEggSnMIIEowIBAAKCAQEApfK+EK4NuwWFDv9V\n" + + "WtiMfEDxszf5b85irz+RX9uqLzVuL0VMevB8wIYYlrXJfj8C0myaia3hJE5ZXuz5\n" + + "0QMqW8t3zu2QCtGN2Ih6rmgYO3fu2BYYR8L/IBtJWXMgNAZFxSR6nau+qmq9MRwu\n" + + "g1Xs15tCt5nHHsphrRUfQc1pgI/uw2LEsL7U0O1jaEJn9HHQzEjO9SMGk8CML09s\n" + + "M19b7+YXHQ8l3a+uFhalkgPbDSdiumq8WmlNZJcCkoA6JBep42n1kOFMXUeu3eVt\n" + + "TGKIoqA7NmMt7rbDKTtjlM2VQWTXU4JK9Y7CYSLq6c/+SudZcCSEUAXsxBUm/utA\n" + + "BVaDCQIDAQABAoIBAAc4vRS0vlw5LUUtz2UYr2Ro3xvRf8Vh0eGWfpkRUiKjzJu6\n" + + "BE4FUSh/rWpBlvcrfs/xcfgz3OxbjIAZB/YUkS9Vd21F4VLXM7kMl2onlYZg/b/h\n" + + "lkTpM3kONu7xl6Er9LVTlRJveuinpHwSoeONRbVMSGb9BjFM1VtW4/lVGxZBG05D\n" + + "y9i/o4vCZqULn9cAumOwicKuCyTcS58XcMJ+puSPfRA71PYLxqFkASAoJsUwCXpo\n" + + "gs39lLsIFgrfO8mBO1ux/SE+QaRc+9XqFSHHKD1XqF/9zSYBgWjE910EcpdYEdZx\n" + + "GEkwea7Fn4brO5OpIrHY/45naqbUOBzv6gufMAECgYEAz7PHCdcrQvmOb8EiNbQH\n" + + "uvSimwObWJFeN1ykp6mfRbSnkXw7p8+M4Tc8HFi8QLpoq63Ev2AwoaQCQvHbFC2Y\n" + + "1Cz0EkC0aOp+tZP7U2AUBdkcDesZAJQTad0zV6KesyIUXdxZXDG8JJ1XSNWfTJV4\n" + + "QD+BjLZ0jiAyCIfVYvWQqYkCgYEAzIln1nKTixLMPr5CldSmR7ZarEtPJU+hHwVg\n" + + "dV/Lc6d2Yy9JgunOXRo4BXB1TEo8JFbK3HBQH6tS8li4qDr7WK5wyYfh8qb4WZyu\n" + + "lc562f2WVYntcN8/Ojb+Vyrt7lk9sq/8KoVHxEAWd6mqL9VTPYuAu1Vw9fTGIZfB\n" + + "lDeELYECgYAvdzU4UXzofGGJtohb332YwwlaBZP9xJLUcg6K5l+orWVSASMc8XiP\n" + + "i3DoRXsYC8GZ4kdBOPlEJ1gA9oaLcPQpIPDSLwlLpLM6Scw4vI822uvnXl/DWxOo\n" + + "sM1n7Jj59QLUhGPDhvYpI+/rjC4wcUQe4qR3hMbUKBVnD6u7RsU9iQKBgQCQ17VK\n" + + "7bSCRfuRaxaoGADww7gOTv5rQ6qr1xjpxb7D1hFGR9Rc+smCsPB/GZZXQjK44SWj\n" + + "WX3ED4Ubzaxmpe4cbNu+O5XMSmWQwB36RFBHUwdE5/nXdqDFzu/qNqJrqZLBmVKP\n" + + "ofaiiWffsaytVvotmT6+atElvAMbAua42V+nAQKBgHtIn3mYMHLriYGhQzpkFEA2\n" + + "8YcAMlKppueOMAKVy8nLu2r3MidmLAhMiKJQKG45I3Yg0/t/25tXLiOPJlwrOebh\n" + + "xQqUBI/JUOIpGAEnr48jhOXnCS+i+z294G5U/RgjXrlR4bCPvrtCmwzWwe0h79w2\n" + + "Q2hO5ZTW6UD9CVA85whf"); - // generate certificate chain - is = new ByteArrayInputStream(keyCertStr.getBytes()); - Certificate keyCert = null; - try { - keyCert = cf.generateCertificate(is); - } finally { - is.close(); - } + final String keyAlgo; + final String certStr; + final String privKeyStr; - Certificate[] chain = new Certificate[] { keyCert }; - - // import the key entry. - ks.setKeyEntry("cert-" + keyMaterialKeyNames[i], - priKey, passphrase, chain); + Cert(String keyAlgo, String certStr, String privKeyStr) { + this.keyAlgo = keyAlgo; + this.certStr = certStr; + this.privKeyStr = privKeyStr; } - - KeyManagerFactory kmf = - KeyManagerFactory.getInstance(params.kmAlgorithm); - kmf.init(ks, passphrase); - - KeyManager[] km = kmf.getKeyManagers(); - - return km[0]; - } - - /* - * Create an instance of TrustManager with the specified trust materials. - */ - static TrustManager createTrustManager( - String[] trustedMaterials, - ContextParameters params) throws Exception { - - // Generate certificate from cert string. - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - - // Import the trusted certs. - KeyStore ts = KeyStore.getInstance("PKCS12"); - ts.load(null, null); - - Certificate[] trustedCert = - new Certificate[trustedMaterials.length]; - ByteArrayInputStream is; - for (int i = 0; i < trustedMaterials.length; i++) { - String trustedCertStr = trustedMaterials[i]; - - is = new ByteArrayInputStream(trustedCertStr.getBytes()); - try { - trustedCert[i] = cf.generateCertificate(is); - } finally { - is.close(); - } - - ts.setCertificateEntry("trusted-cert-" + i, trustedCert[i]); - } - - // Create an SSLContext object. - TrustManagerFactory tmf = - TrustManagerFactory.getInstance(params.tmAlgorithm); - tmf.init(ts); - - TrustManager[] tms = tmf.getTrustManagers(); - return tms[0]; } } diff --git a/test/jdk/javax/net/ssl/templates/SSLEngineTemplate.java b/test/jdk/javax/net/ssl/templates/SSLEngineTemplate.java index 621aaea3546..08d95fcd4c9 100644 --- a/test/jdk/javax/net/ssl/templates/SSLEngineTemplate.java +++ b/test/jdk/javax/net/ssl/templates/SSLEngineTemplate.java @@ -51,7 +51,7 @@ import java.nio.ByteBuffer; * (wrap/unwrap) pass before any application data is consumed or * produced. */ -public class SSLEngineTemplate implements SSLContextTemplate { +public class SSLEngineTemplate extends SSLContextTemplate { protected final SSLEngine clientEngine; // client Engine protected final ByteBuffer clientOut; // write side of clientEngine protected final ByteBuffer clientIn; // read side of clientEngine diff --git a/test/jdk/javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java b/test/jdk/javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java deleted file mode 100644 index cbb42ee1a69..00000000000 --- a/test/jdk/javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java +++ /dev/null @@ -1,532 +0,0 @@ -/* - * Copyright (c) 2011, 2022, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -// -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. -// - -/* - * @test - * @bug 7105780 - * @summary Add SSLSocket client/SSLEngine server to templates directory. - * @run main/othervm SSLSocketSSLEngineTemplate TLSv1 - * @run main/othervm SSLSocketSSLEngineTemplate TLSv1.1 - * @run main/othervm SSLSocketSSLEngineTemplate TLSv1.2 - * @run main/othervm SSLSocketSSLEngineTemplate TLSv1.3 - */ - -/** - * A SSLSocket/SSLEngine interop test case. This is not the way to - * code SSLEngine-based servers, but works for what we need to do here, - * which is to make sure that SSLEngine/SSLSockets can talk to each other. - * SSLEngines can use direct or indirect buffers, and different code - * is used to get at the buffer contents internally, so we test that here. - * - * The test creates one SSLSocket (client) and one SSLEngine (server). - * The SSLSocket talks to a raw ServerSocket, and the server code - * does the translation between byte [] and ByteBuffers that the SSLEngine - * can use. The "transport" layer consists of a Socket Input/OutputStream - * and two byte buffers for the SSLEngines: think of them - * as directly connected pipes. - * - * Again, this is a *very* simple example: real code will be much more - * involved. For example, different threading and I/O models could be - * used, transport mechanisms could close unexpectedly, and so on. - * - * When this application runs, notice that several messages - * (wrap/unwrap) pass before any application data is consumed or - * produced. (For more information, please see the SSL/TLS - * specifications.) There may several steps for a successful handshake, - * so it's typical to see the following series of operations: - * - * client server message - * ====== ====== ======= - * write() ... ClientHello - * ... unwrap() ClientHello - * ... wrap() ServerHello/Certificate - * read() ... ServerHello/Certificate - * write() ... ClientKeyExchange - * write() ... ChangeCipherSpec - * write() ... Finished - * ... unwrap() ClientKeyExchange - * ... unwrap() ChangeCipherSpec - * ... unwrap() Finished - * ... wrap() ChangeCipherSpec - * ... wrap() Finished - * read() ... ChangeCipherSpec - * read() ... Finished - */ -import javax.net.ssl.*; -import javax.net.ssl.SSLEngineResult.*; -import java.io.*; -import java.net.*; -import java.security.*; -import java.nio.*; - -public class SSLSocketSSLEngineTemplate { - - /* - * Enables logging of the SSL/TLS operations. - */ - private static final boolean logging = true; - - /* - * Enables the JSSE system debugging system property: - * - * -Djavax.net.debug=all - * - * This gives a lot of low-level information about operations underway, - * including specific handshake messages, and might be best examined - * after gaining some familiarity with this application. - */ - private static final boolean debug = false; - private final SSLContext sslc; - private SSLEngine serverEngine; // server-side SSLEngine - private SSLSocket clientSocket; - - private final byte[] serverMsg = - "Hi there Client, I'm a Server.".getBytes(); - private final byte[] clientMsg = - "Hello Server, I'm a Client! Pleased to meet you!".getBytes(); - - private ByteBuffer serverOut; // write side of serverEngine - private ByteBuffer serverIn; // read side of serverEngine - - private volatile Exception clientException; - private volatile Exception serverException; - - /* - * For data transport, this example uses local ByteBuffers. - */ - private ByteBuffer cTOs; // "reliable" transport client->server - private ByteBuffer sTOc; // "reliable" transport server->client - - /* - * The following is to set up the keystores/trust material. - */ - private static final String pathToStores = "../etc"; - private static final String keyStoreFile = "keystore"; - private static final String trustStoreFile = "truststore"; - private static final String keyFilename = - System.getProperty("test.src", ".") + "/" + pathToStores - + "/" + keyStoreFile; - private static final String trustFilename = - System.getProperty("test.src", ".") + "/" + pathToStores - + "/" + trustStoreFile; - - /* - * Main entry point for this test. - */ - public static void main(String args[]) throws Exception { - String protocol = args[0]; - - // reset security properties to make sure that the algorithms - // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - Security.setProperty("jdk.certpath.disabledAlgorithms", ""); - - if (debug) { - System.setProperty("javax.net.debug", "all"); - } - - /* - * Run the tests with direct and indirect buffers. - */ - SSLSocketSSLEngineTemplate test = - new SSLSocketSSLEngineTemplate(protocol); - log("-------------------------------------"); - log("Testing " + protocol + " for direct buffers ..."); - test.runTest(true); - - log("---------------------------------------"); - log("Testing " + protocol + " for indirect buffers ..."); - test.runTest(false); - - log("Test Passed."); - } - - /* - * Create an initialized SSLContext to use for these tests. - */ - public SSLSocketSSLEngineTemplate(String protocol) throws Exception { - - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); - - char[] passphrase = "passphrase".toCharArray(); - - try (FileInputStream keyFile = new FileInputStream(keyFilename); - FileInputStream trustFile = new FileInputStream(trustFilename)) { - ks.load(keyFile, passphrase); - ts.load(trustFile, passphrase); - } - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); - - SSLContext sslCtx = SSLContext.getInstance(protocol); - - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - - sslc = sslCtx; - } - - /* - * Run the test. - * - * Sit in a tight loop, with the server engine calling wrap/unwrap - * regardless of whether data is available or not. We do this until - * we get the application data. Then we shutdown and go to the next one. - * - * The main loop handles all of the I/O phases of the SSLEngine's - * lifetime: - * - * initial handshaking - * application data transfer - * engine closing - * - * One could easily separate these phases into separate - * sections of code. - */ - private void runTest(boolean direct) throws Exception { - clientSocket = null; - boolean serverClose = direct; - - // generates the server-side Socket - try (ServerSocket serverSocket = new ServerSocket()) { - serverSocket.setReuseAddress(false); - serverSocket.bind(null); - int port = serverSocket.getLocalPort(); - log("Port: " + port); - Thread thread = createClientThread(port, serverClose); - - createSSLEngine(); - createBuffers(direct); - - // server-side socket that will read - try (Socket socket = serverSocket.accept()) { - socket.setSoTimeout(500); - - boolean closed = false; - // will try to read one more time in case client message - // is fragmented to multiple pieces - boolean retry = true; - - InputStream is = socket.getInputStream(); - OutputStream os = socket.getOutputStream(); - - SSLEngineResult serverResult; // results from last operation - - /* - * Examining the SSLEngineResults could be much more involved, - * and may alter the overall flow of the application. - * - * For example, if we received a BUFFER_OVERFLOW when trying - * to write to the output pipe, we could reallocate a larger - * pipe, but instead we wait for the peer to drain it. - */ - byte[] inbound = new byte[8192]; - byte[] outbound = new byte[8192]; - - while (!isEngineClosed(serverEngine)) { - int len; - - // Inbound data - log("================"); - - // Read from the Client side. - try { - len = is.read(inbound); - if (len == -1) { - logSocketStatus(clientSocket); - if (clientSocket.isClosed() - || clientSocket.isOutputShutdown()) { - log("Client socket was closed or shutdown output"); - break; - } else { - throw new Exception("Unexpected EOF"); - } - } - cTOs.put(inbound, 0, len); - } catch (SocketTimeoutException ste) { - // swallow. Nothing yet, probably waiting on us. - } - - cTOs.flip(); - - serverResult = serverEngine.unwrap(cTOs, serverIn); - log("server unwrap: ", serverResult); - runDelegatedTasks(serverResult, serverEngine); - cTOs.compact(); - - // Outbound data - log("----"); - - serverResult = serverEngine.wrap(serverOut, sTOc); - log("server wrap: ", serverResult); - runDelegatedTasks(serverResult, serverEngine); - - sTOc.flip(); - - if ((len = sTOc.remaining()) != 0) { - sTOc.get(outbound, 0, len); - os.write(outbound, 0, len); - // Give the other side a chance to process - } - - sTOc.compact(); - - if (!closed && (serverOut.remaining() == 0)) { - closed = true; - - /* - * We'll alternate initiatating the shutdown. - * When the server initiates, it will take one more - * loop, but tests the orderly shutdown. - */ - if (serverClose) { - serverEngine.closeOutbound(); - } - serverIn.flip(); - - /* - * A sanity check to ensure we got what was sent. - */ - if (serverIn.remaining() != clientMsg.length) { - if (retry && - serverIn.remaining() < clientMsg.length) { - log("Need to read more from client"); - serverIn.compact(); - retry = false; - continue; - } else { - throw new Exception( - "Client: Data length error"); - } - } - - for (int i = 0; i < clientMsg.length; i++) { - if (clientMsg[i] != serverIn.get()) { - throw new Exception( - "Client: Data content error"); - } - } - serverIn.compact(); - } - } - } catch (Exception e) { - serverException = e; - } finally { - // Wait for the client to join up with us. - if (thread != null) { - thread.join(); - } - } - } finally { - if (serverException != null) { - if (clientException != null) { - serverException.addSuppressed(clientException); - } - throw serverException; - } - if (clientException != null) { - if (serverException != null) { - clientException.addSuppressed(serverException); - } - throw clientException; - } - } - } - - /* - * Create a client thread which does simple SSLSocket operations. - * We'll write and read one data packet. - */ - private Thread createClientThread(final int port, - final boolean serverClose) throws Exception { - - Thread t = new Thread("ClientThread") { - - @Override - public void run() { - // client-side socket - try (SSLSocket sslSocket = (SSLSocket)sslc.getSocketFactory(). - createSocket("localhost", port)) { - clientSocket = sslSocket; - - OutputStream os = sslSocket.getOutputStream(); - InputStream is = sslSocket.getInputStream(); - - // write(byte[]) goes in one shot. - os.write(clientMsg); - - byte[] inbound = new byte[2048]; - int pos = 0; - - int len; - while ((len = is.read(inbound, pos, 2048 - pos)) != -1) { - pos += len; - // Let the client do the closing. - if ((pos == serverMsg.length) && !serverClose) { - sslSocket.close(); - break; - } - } - - if (pos != serverMsg.length) { - throw new Exception("Client: Data length error"); - } - - for (int i = 0; i < serverMsg.length; i++) { - if (inbound[i] != serverMsg[i]) { - throw new Exception("Client: Data content error"); - } - } - } catch (Exception e) { - clientException = e; - } - } - }; - t.start(); - return t; - } - - /* - * Using the SSLContext created during object creation, - * create/configure the SSLEngines we'll use for this test. - */ - private void createSSLEngine() throws Exception { - /* - * Configure the serverEngine to act as a server in the SSL/TLS - * handshake. - */ - serverEngine = sslc.createSSLEngine(); - serverEngine.setUseClientMode(false); - serverEngine.getNeedClientAuth(); - } - - /* - * Create and size the buffers appropriately. - */ - private void createBuffers(boolean direct) { - - SSLSession session = serverEngine.getSession(); - int appBufferMax = session.getApplicationBufferSize(); - int netBufferMax = session.getPacketBufferSize(); - - /* - * We'll make the input buffers a bit bigger than the max needed - * size, so that unwrap()s following a successful data transfer - * won't generate BUFFER_OVERFLOWS. - * - * We'll use a mix of direct and indirect ByteBuffers for - * tutorial purposes only. In reality, only use direct - * ByteBuffers when they give a clear performance enhancement. - */ - if (direct) { - serverIn = ByteBuffer.allocateDirect(appBufferMax + 50); - cTOs = ByteBuffer.allocateDirect(netBufferMax); - sTOc = ByteBuffer.allocateDirect(netBufferMax); - } else { - serverIn = ByteBuffer.allocate(appBufferMax + 50); - cTOs = ByteBuffer.allocate(netBufferMax); - sTOc = ByteBuffer.allocate(netBufferMax); - } - - serverOut = ByteBuffer.wrap(serverMsg); - } - - /* - * If the result indicates that we have outstanding tasks to do, - * go ahead and run them in this thread. - */ - private static void runDelegatedTasks(SSLEngineResult result, - SSLEngine engine) throws Exception { - - if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { - Runnable runnable; - while ((runnable = engine.getDelegatedTask()) != null) { - log("\trunning delegated task..."); - runnable.run(); - } - HandshakeStatus hsStatus = engine.getHandshakeStatus(); - if (hsStatus == HandshakeStatus.NEED_TASK) { - throw new Exception( - "handshake shouldn't need additional tasks"); - } - log("\tnew HandshakeStatus: " + hsStatus); - } - } - - private static boolean isEngineClosed(SSLEngine engine) { - return (engine.isOutboundDone() && engine.isInboundDone()); - } - - private static void logSocketStatus(Socket socket) { - log("##### " + socket + " #####"); - log("isBound: " + socket.isBound()); - log("isConnected: " + socket.isConnected()); - log("isClosed: " + socket.isClosed()); - log("isInputShutdown: " + socket.isInputShutdown()); - log("isOutputShutdown: " + socket.isOutputShutdown()); - } - - /* - * Logging code - */ - private static boolean resultOnce = true; - - private static void log(String str, SSLEngineResult result) { - if (!logging) { - return; - } - if (resultOnce) { - resultOnce = false; - log("The format of the SSLEngineResult is: \n" - + "\t\"getStatus() / getHandshakeStatus()\" +\n" - + "\t\"bytesConsumed() / bytesProduced()\"\n"); - } - HandshakeStatus hsStatus = result.getHandshakeStatus(); - log(str - + result.getStatus() + "/" + hsStatus + ", " - + result.bytesConsumed() + "/" + result.bytesProduced() - + " bytes"); - if (hsStatus == HandshakeStatus.FINISHED) { - log("\t...ready for application data"); - } - } - - private static void log(String str) { - if (logging) { - if (debug) { - System.err.println(str); - } else { - System.out.println(str); - } - } - } -} diff --git a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java index f200752d2a7..3515ca9c2ff 100644 --- a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java +++ b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,27 +34,17 @@ * @run main/othervm SSLSocketTemplate */ -import java.io.ByteArrayInputStream; import java.io.InputStream; import java.io.IOException; import java.io.OutputStream; -import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManagerFactory; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.SocketTimeoutException; -import java.security.KeyStore; -import java.security.PrivateKey; -import java.security.KeyFactory; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; -import java.security.spec.PKCS8EncodedKeySpec; -import java.util.Base64; import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; @@ -66,7 +56,7 @@ import java.util.concurrent.TimeUnit; * test/jdk/sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java * test/jdk/sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java */ -public class SSLSocketTemplate { +public class SSLSocketTemplate extends SSLContextTemplate { /* * ================== @@ -128,53 +118,6 @@ public class SSLSocketTemplate { // blank } - /* - * Create an instance of SSLContext for client use. - */ - protected SSLContext createClientSSLContext() throws Exception { - return createSSLContext(TRUSTED_CERTS, END_ENTITY_CERTS, - getClientContextParameters()); - } - - /* - * Create an instance of SSLContext for server use. - */ - protected SSLContext createServerSSLContext() throws Exception { - return createSSLContext(TRUSTED_CERTS, END_ENTITY_CERTS, - getServerContextParameters()); - } - - /* - * The parameters used to configure SSLContext. - */ - protected static final class ContextParameters { - final String contextProtocol; - final String tmAlgorithm; - final String kmAlgorithm; - - ContextParameters(String contextProtocol, - String tmAlgorithm, String kmAlgorithm) { - - this.contextProtocol = contextProtocol; - this.tmAlgorithm = tmAlgorithm; - this.kmAlgorithm = kmAlgorithm; - } - } - - /* - * Get the client side parameters of SSLContext. - */ - protected ContextParameters getClientContextParameters() { - return new ContextParameters("TLS", "PKIX", "NewSunX509"); - } - - /* - * Get the server side parameters of SSLContext. - */ - protected ContextParameters getServerContextParameters() { - return new ContextParameters("TLS", "PKIX", "NewSunX509"); - } - /* * Does the client side use customized connection other than * explicit Socket.connect(), for example, URL.openConnection()? @@ -360,114 +303,6 @@ public class SSLSocketTemplate { } } - /* - * ============================================= - * Stuffs to customize the SSLContext instances. - */ - - /* - * ======================================= - * Certificates and keys used in the test. - */ - // Trusted certificates. - protected final static Cert[] TRUSTED_CERTS = { - Cert.CA_ECDSA_SECP256R1, - Cert.CA_RSA_2048, - Cert.CA_DSA_2048 }; - - // End entity certificate. - protected final static Cert[] END_ENTITY_CERTS = { - Cert.EE_ECDSA_SECP256R1, - Cert.EE_RSA_2048, - Cert.EE_EC_RSA_SECP256R1, - Cert.EE_DSA_2048 }; - - /* - * Create an instance of SSLContext with the specified trust/key materials. - */ - public static SSLContext createSSLContext( - Cert[] trustedCerts, - Cert[] endEntityCerts, - ContextParameters params) throws Exception { - - KeyStore ts = null; // trust store - KeyStore ks = null; // key store - char passphrase[] = "passphrase".toCharArray(); - - // Generate certificate from cert string. - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - - // Import the trused certs. - ByteArrayInputStream is; - if (trustedCerts != null && trustedCerts.length != 0) { - ts = KeyStore.getInstance("JKS"); - ts.load(null, null); - - Certificate[] trustedCert = new Certificate[trustedCerts.length]; - for (int i = 0; i < trustedCerts.length; i++) { - is = new ByteArrayInputStream(trustedCerts[i].certStr.getBytes()); - try { - trustedCert[i] = cf.generateCertificate(is); - } finally { - is.close(); - } - - ts.setCertificateEntry( - "trusted-cert-" + trustedCerts[i].name(), trustedCert[i]); - } - } - - // Import the key materials. - if (endEntityCerts != null && endEntityCerts.length != 0) { - ks = KeyStore.getInstance("JKS"); - ks.load(null, null); - - for (int i = 0; i < endEntityCerts.length; i++) { - // generate the private key. - PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( - Base64.getMimeDecoder().decode(endEntityCerts[i].privKeyStr)); - KeyFactory kf = - KeyFactory.getInstance( - endEntityCerts[i].keyAlgo); - PrivateKey priKey = kf.generatePrivate(priKeySpec); - - // generate certificate chain - is = new ByteArrayInputStream( - endEntityCerts[i].certStr.getBytes()); - Certificate keyCert = null; - try { - keyCert = cf.generateCertificate(is); - } finally { - is.close(); - } - - Certificate[] chain = new Certificate[] { keyCert }; - - // import the key entry. - ks.setKeyEntry("cert-" + endEntityCerts[i].name(), - priKey, passphrase, chain); - } - } - - // Create an SSLContext object. - TrustManagerFactory tmf = - TrustManagerFactory.getInstance(params.tmAlgorithm); - tmf.init(ts); - - SSLContext context = SSLContext.getInstance(params.contextProtocol); - if (endEntityCerts != null && endEntityCerts.length != 0 && ks != null) { - KeyManagerFactory kmf = - KeyManagerFactory.getInstance(params.kmAlgorithm); - kmf.init(ks, passphrase); - - context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - } else { - context.init(null, tmf.getTrustManagers(), null); - } - - return context; - } - /* * ================================================= * Stuffs to boot up the client-server mode testing. @@ -597,7 +432,7 @@ public class SSLSocketTemplate { } } - private void startClient(boolean newThread) throws Exception { + private void startClient(boolean newThread) { if (newThread) { clientThread = new Thread() { @Override @@ -629,573 +464,4 @@ public class SSLSocketTemplate { cause.printStackTrace(System.out); } - public static enum Cert { - - CA_ECDSA_SECP256R1( - "EC", - // SHA256withECDSA, curve secp256r1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Subject Key Identifier: - // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 - "-----BEGIN CERTIFICATE-----\n" + - "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" + - "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" + - "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" + - "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" + - "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" + - "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" + - "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" + - "2YEHlSQUAbwwqCDEVB5KxaqP\n" + - "-----END CERTIFICATE-----", - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd\n" + - "XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd\n" + - "LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp"), - - CA_ECDSA_SECP384R1( - "EC", - // SHA384withECDSA, curve secp384r1 - // Validity - // Not Before: Jun 24 08:15:06 2019 GMT - // Not After : Jun 19 08:15:06 2039 GMT - // Subject Key Identifier: - // 0a:93:a9:a0:bf:e7:d5:48:9d:4f:89:15:c6:51:98:80:05:51:4e:4e - "-----BEGIN CERTIFICATE-----\n" + - "MIICCDCCAY6gAwIBAgIUCpOpoL/n1UidT4kVxlGYgAVRTk4wCgYIKoZIzj0EAwMw\n" + - "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + - "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" + - "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + - "dCBTZXJpdmNlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENVQN1wXWFdgC6u/dDdiC\n" + - "y+WtMTF66oL/0BSm+1ZqsogamzCryawOcHgiuXgWzx5CQ3LuOC+tDFyXpGfHuCvb\n" + - "dkzxPrP5n9NrR8/uRPe5l1KOUbchviU8z9cTP+LZxnZDo1MwUTAdBgNVHQ4EFgQU\n" + - "SktSFArR1p/5mXV0kyo0RxIVa/UwHwYDVR0jBBgwFoAUSktSFArR1p/5mXV0kyo0\n" + - "RxIVa/UwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjBZvoNmq3/v\n" + - "RD2gBTyvxjS9h0rsMRLHDnvul/KWngytwGPTOBo0Y8ixQXSjdKoc3rkCMQDkiNgx\n" + - "IDxuHedmrLQKIPnVcthTmwv7//jHiqGoKofwChMo2a1P+DQdhszmeHD/ARQ=\n" + - "-----END CERTIFICATE-----", - "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDChlbt0NF8oIKODSxn2\n" + - "WXCXuJm3z78LRkzYQS3Nx5NMjei5ytkFZz4qvD4XXMWlTEyhZANiAAQ1VA3XBdYV\n" + - "2ALq790N2ILL5a0xMXrqgv/QFKb7VmqyiBqbMKvJrA5weCK5eBbPHkJDcu44L60M\n" + - "XJekZ8e4K9t2TPE+s/mf02tHz+5E97mXUo5RtyG+JTzP1xM/4tnGdkM="), - - CA_ECDSA_SECP521R1( - "EC", - // SHA512withECDSA, curve secp521r1 - // Validity - // Not Before: Jun 24 08:15:06 2019 GMT - // Not After : Jun 19 08:15:06 2039 GMT - // Subject Key Identifier: - // 25:ca:68:76:6d:29:17:9b:71:78:45:2d:d4:c6:e4:5d:fe:25:ff:90 - "-----BEGIN CERTIFICATE-----\n" + - "MIICUzCCAbSgAwIBAgIUJcpodm0pF5txeEUt1MbkXf4l/5AwCgYIKoZIzj0EAwQw\n" + - "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + - "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" + - "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + - "dCBTZXJpdmNlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAmFD5VmB2MdyJ6k+E\n" + - "eP4JncrE65ySL07gVmFwnr8otOt3NtRAyzmviMNNXXjo5R5NqNjKP4pr92JjT0sO\n" + - "D65yngkBtH151Ev/fiKPLxkXL9GzfKdWHVhDX7Zg6DUydzukzZV2/dIyloAIqwlz\n" + - "QVKJqT7RypDufdng8hnE9YfKo6ypZiujUzBRMB0GA1UdDgQWBBRAIrxa7WqtqUCe\n" + - "HFuKREDC92spvTAfBgNVHSMEGDAWgBRAIrxa7WqtqUCeHFuKREDC92spvTAPBgNV\n" + - "HRMBAf8EBTADAQH/MAoGCCqGSM49BAMEA4GMADCBiAJCAe22iirZnODCmlpxcv57\n" + - "3g5BEE60C+dtYmTqR4DtFyDaTRQ5CFf4ZxvQPIbD+SXi5Cbrl6qtrZG0cjUihPkC\n" + - "Hi1hAkIAiEcO7nMPgQLny+GrciojfN+bZXME/dPz6KHBm/89f8Me+jawVnv6y+df\n" + - "2Sbafh1KV6ntWQtB4bK3MXV8Ym9Eg1I=\n" + - "-----END CERTIFICATE-----", - "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAV8dZszV6+nLw3LeA\n" + - "Q+qLJLGaqyjlsQkaopCPcmoRdy1HX6AzB/YnKsPkHp/9DQN6A2JgUhFG5B0XvKSk\n" + - "BqNNuSGhgYkDgYYABACYUPlWYHYx3InqT4R4/gmdysTrnJIvTuBWYXCevyi063c2\n" + - "1EDLOa+Iw01deOjlHk2o2Mo/imv3YmNPSw4PrnKeCQG0fXnUS/9+Io8vGRcv0bN8\n" + - "p1YdWENftmDoNTJ3O6TNlXb90jKWgAirCXNBUompPtHKkO592eDyGcT1h8qjrKlm\n" + - "Kw=="), - - CA_RSA_2048( - "RSA", - // SHA256withRSA, 2048 bits - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Subject Key Identifier: - // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C - "-----BEGIN CERTIFICATE-----\n" + - "MIIDSTCCAjGgAwIBAgIJAI4ZF3iy8zG+MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpMcY7aWieXDEM1/YJf\n" + - "JW27b4nRIFZyEYhEloyGsKTuQiiQjc8cqRZFNXe2vwziDB4IyTEl0Hjl5QF6ZaQE\n" + - "huPzzwvQm1pv64KrRXrmj3FisQK8B5OWLty9xp6xDqsaMRoyObLK+oIb20T5fSlE\n" + - "evmo1vYjnh8CX0Yzx5Gr5ye6YSEHQvYOWEws8ad17OlyToR2KMeC8w4qo6rs59pW\n" + - "g7Mxn9vo22ImDzrtAbTbXbCias3xlE0Bp0h5luyf+5U4UgksoL9B9r2oP4GrLNEV\n" + - "oJk57t8lwaR0upiv3CnS8LcJELpegZub5ggqLY8ZPYFQPjlK6IzLOm6rXPgZiZ3m\n" + - "RL0CAwEAAaNQME4wHQYDVR0OBBYEFA3dk8n+S701t+iZeJD721o92xVMMB8GA1Ud\n" + - "IwQYMBaAFA3dk8n+S701t+iZeJD721o92xVMMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" + - "hvcNAQELBQADggEBAJTRC3rKUUhVH07/1+stUungSYgpM08dY4utJq0BDk36BbmO\n" + - "0AnLDMbkwFdHEoqF6hQIfpm7SQTmXk0Fss6Eejm8ynYr6+EXiRAsaXOGOBCzF918\n" + - "/RuKOzqABfgSU4UBKECLM5bMfQTL60qx+HdbdVIpnikHZOFfmjCDVxoHsGyXc1LW\n" + - "Jhkht8IGOgc4PMGvyzTtRFjz01kvrVQZ75aN2E0GQv6dCxaEY0i3ypSzjUWAKqDh\n" + - "3e2OLwUSvumcdaxyCdZAOUsN6pDBQ+8VRG7KxnlRlY1SMEk46QgQYLbPDe/+W/yH\n" + - "ca4PejicPeh+9xRAwoTpiE2gulfT7Lm+fVM7Ruc=\n" + - "-----END CERTIFICATE-----", - "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6THGO2lonlwxD\n" + - "Nf2CXyVtu2+J0SBWchGIRJaMhrCk7kIokI3PHKkWRTV3tr8M4gweCMkxJdB45eUB\n" + - "emWkBIbj888L0Jtab+uCq0V65o9xYrECvAeTli7cvcaesQ6rGjEaMjmyyvqCG9tE\n" + - "+X0pRHr5qNb2I54fAl9GM8eRq+cnumEhB0L2DlhMLPGndezpck6EdijHgvMOKqOq\n" + - "7OfaVoOzMZ/b6NtiJg867QG0212womrN8ZRNAadIeZbsn/uVOFIJLKC/Qfa9qD+B\n" + - "qyzRFaCZOe7fJcGkdLqYr9wp0vC3CRC6XoGbm+YIKi2PGT2BUD45SuiMyzpuq1z4\n" + - "GYmd5kS9AgMBAAECggEAFHSoU2MuWwJ+2jJnb5U66t2V1bAcuOE1g5zkWvG/G5z9\n" + - "rq6Qo5kmB8f5ovdx6tw3MGUOklLwnRXBG3RxDJ1iokz3AvkY1clMNsDPlDsUrQKF\n" + - "JSO4QUBQTPSZhnsyfR8XHSU+qJ8Y+ohMfzpVv95BEoCzebtXdVgxVegBlcEmVHo2\n" + - "kMmkRN+bYNsr8eb2r+b0EpyumS39ZgKYh09+cFb78y3T6IFMGcVJTP6nlGBFkmA/\n" + - "25pYeCF2tSki08qtMJZQAvKfw0Kviibk7ZxRbJqmc7B1yfnOEHP6ftjuvKl2+RP/\n" + - "+5P5f8CfIP6gtA0LwSzAqQX/hfIKrGV5j0pCqrD0kQKBgQDeNR6Xi4sXVq79lihO\n" + - "a1bSeV7r8yoQrS8x951uO+ox+UIZ1MsAULadl7zB/P0er92p198I9M/0Jth3KBuS\n" + - "zj45mucvpiiGvmQlMKMEfNq4nN7WHOu55kufPswQB2mR4J3xmwI+4fM/nl1zc82h\n" + - "De8JSazRldJXNhfx0RGFPmgzbwKBgQDWoVXrXLbCAn41oVnWB8vwY9wjt92ztDqJ\n" + - "HMFA/SUohjePep9UDq6ooHyAf/Lz6oE5NgeVpPfTDkgvrCFVKnaWdwALbYoKXT2W\n" + - "9FlyJox6eQzrtHAacj3HJooXWuXlphKSizntfxj3LtMR9BmrmRJOfK+SxNOVJzW2\n" + - "+MowT20EkwKBgHmpB8jdZBgxI7o//m2BI5Y1UZ1KE5vx1kc7VXzHXSBjYqeV9FeF\n" + - "2ZZLP9POWh/1Fh4pzTmwIDODGT2UPhSQy0zq3O0fwkyT7WzXRknsuiwd53u/dejg\n" + - "iEL2NPAJvulZ2+AuiHo5Z99LK8tMeidV46xoJDDUIMgTG+UQHNGhK5gNAoGAZn/S\n" + - "Cn7SgMC0CWSvBHnguULXZO9wH1wZAFYNLL44OqwuaIUFBh2k578M9kkke7woTmwx\n" + - "HxQTjmWpr6qimIuY6q6WBN8hJ2Xz/d1fwhYKzIp20zHuv5KDUlJjbFfqpsuy3u1C\n" + - "kts5zwI7pr1ObRbDGVyOdKcu7HI3QtR5qqyjwaUCgYABo7Wq6oHva/9V34+G3Goh\n" + - "63bYGUnRw2l5BD11yhQv8XzGGZFqZVincD8gltNThB0Dc/BI+qu3ky4YdgdZJZ7K\n" + - "z51GQGtaHEbrHS5caV79yQ8QGY5mUVH3E+VXSxuIqb6pZq2DH4sTAEFHyncddmOH\n" + - "zoXBInYwRG9KE/Bw5elhUw=="), - - CA_DSA_2048( - "DSA", - // SHA256withDSA, 2048 bits - // Validity - // Not Before: May 22 07:18:18 2018 GMT - // Not After : May 17 07:18:18 2038 GMT - // Subject Key Identifier: - // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53 - "-----BEGIN CERTIFICATE-----\n" + - "MIIErjCCBFSgAwIBAgIJAOktYLNCbr02MAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + - "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" + - "Y2UwHhcNMTgwNTIyMDcxODE4WhcNMzgwNTE3MDcxODE4WjA7MQswCQYDVQQGEwJV\n" + - "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Uw\n" + - "ggNHMIICOQYHKoZIzjgEATCCAiwCggEBAO5GyPhSm0ze3LSu+gicdULLj05iOfTL\n" + - "UvZQ29sYz41zmqrLBQbdKiHqgJu2Re9sgTb5suLNjF047TOLPnU3jhPtWm2X8Xzi\n" + - "VGIcHym/Q/MeZxStt/88seqroI3WOKzIML2GcrishT+lcGrtH36Tf1+ue2Snn3PS\n" + - "WyxygNqPjllP5uUjYmFLvAf4QLMldkd/D2VxcwsHjB8y5iUZsXezc/LEhRZS/02m\n" + - "ivqlRw3AMkq/OVe/ZtxFWsP0nsfxEGdZuaUFpppGfixxFvymrB3+J51cTt+pZBDq\n" + - "D2y0DYfc+88iCs4jwHTfcDIpLb538HBjBj2rEgtQESQmB0ooD/+wsPsCIQC1bYch\n" + - "gElNtDYL3FgpLgNSUYp7gIWv9ehaC7LO2z7biQKCAQBitvFOnDkUja8NAF7lDpOV\n" + - "b5ipQ8SicBLW3kQamxhyuyxgZyy/PojZ/oPorkqW/T/A0rhnG6MssEpAtdiwVB+c\n" + - "rBYGo3bcwmExJhdOJ6dYuKFppPWhCwKMHs9npK+lqBMl8l5j58xlcFeC7ZfGf8GY\n" + - "GkhFW0c44vEQhMMbac6ZTTP4mw+1t7xJfmDMlLEyIpTXaAAk8uoVLWzQWnR40sHi\n" + - "ybvS0u3JxQkb7/y8tOOZu8qlz/YOS7lQ6UxUGX27Ce1E0+agfPphetoRAlS1cezq\n" + - "Wa7r64Ga0nkj1kwkcRqjgTiJx0NwnUXr78VAXFhVF95+O3lfqhvdtEGtkhDGPg7N\n" + - "A4IBBgACggEBAMmSHQK0w2i+iqUjOPzn0yNEZrzepLlLeQ1tqtn0xnlv5vBAeefD\n" + - "Pm9dd3tZOjufVWP7hhEz8xPobb1CS4e3vuQiv5UBfhdPL3f3l9T7JMAKPH6C9Vve\n" + - "OQXE5eGqbjsySbcmseHoYUt1WCSnSda1opX8zchX04e7DhGfE2/L9flpYEoSt8lI\n" + - "vMNjgOwvKdW3yvPt1/eBBHYNFG5gWPv/Q5KoyCtHS03uqGm4rNc/wZTIEEfd66C+\n" + - "QRaUltjOaHmtwOdDHaNqwhYZSVOip+Mo+TfyzHFREcdHLapo7ZXqbdYkRGxRR3d+\n" + - "3DfHaraJO0OKoYlPkr3JMvM/MSGR9AnZOcejUDBOMB0GA1UdDgQWBBR2Zp73O91F\n" + - "5TvZcjw/8FQ5hjEmUzAfBgNVHSMEGDAWgBR2Zp73O91F5TvZcjw/8FQ5hjEmUzAM\n" + - "BgNVHRMEBTADAQH/MAsGCWCGSAFlAwQDAgNHADBEAiBzriYE41M2y9Hy5ppkL0Qn\n" + - "dIlNc8JhXT/PHW7GDtViagIgMko8Qoj9gDGPK3+O9E8DC3wGiiF9CObM4LN387ok\n" + - "J+g=\n" + - "-----END CERTIFICATE-----", - "MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQDuRsj4UptM3ty0rvoInHVCy49O" + - "Yjn0y1L2UNvbGM+Nc5qqywUG3Soh6oCbtkXvbIE2+bLizYxdOO0ziz51N44T7Vpt" + - "l/F84lRiHB8pv0PzHmcUrbf/PLHqq6CN1jisyDC9hnK4rIU/pXBq7R9+k39frntk" + - "p59z0lsscoDaj45ZT+blI2JhS7wH+ECzJXZHfw9lcXMLB4wfMuYlGbF3s3PyxIUW" + - "Uv9Npor6pUcNwDJKvzlXv2bcRVrD9J7H8RBnWbmlBaaaRn4scRb8pqwd/iedXE7f" + - "qWQQ6g9stA2H3PvPIgrOI8B033AyKS2+d/BwYwY9qxILUBEkJgdKKA//sLD7AiEA" + - "tW2HIYBJTbQ2C9xYKS4DUlGKe4CFr/XoWguyzts+24kCggEAYrbxTpw5FI2vDQBe" + - "5Q6TlW+YqUPEonAS1t5EGpsYcrssYGcsvz6I2f6D6K5Klv0/wNK4ZxujLLBKQLXY" + - "sFQfnKwWBqN23MJhMSYXTienWLihaaT1oQsCjB7PZ6SvpagTJfJeY+fMZXBXgu2X" + - "xn/BmBpIRVtHOOLxEITDG2nOmU0z+JsPtbe8SX5gzJSxMiKU12gAJPLqFS1s0Fp0" + - "eNLB4sm70tLtycUJG+/8vLTjmbvKpc/2Dku5UOlMVBl9uwntRNPmoHz6YXraEQJU" + - "tXHs6lmu6+uBmtJ5I9ZMJHEao4E4icdDcJ1F6+/FQFxYVRfefjt5X6ob3bRBrZIQ" + - "xj4OzQQjAiEAsceWOM8do4etxp2zgnoNXV8PUUyqWhz1+0srcKV7FR4="), - - CA_DSA_1024( - "DSA", - // dsaWithSHA1, 1024 bits - // Validity - // Not Before: Apr 24 12:25:43 2020 GMT - // Not After : Apr 22 12:25:43 2030 GMT - // Authority Key Identifier: - // E1:3C:01:52:EB:D1:38:F7:CF:F1:E3:5E:DB:54:75:7F:5E:AB:2D:36 - "-----BEGIN CERTIFICATE-----\n" + - "MIIC9TCCArWgAwIBAgIUd52yKk0OxQuxdaYRAfq5VLuF1ZAwCQYHKoZIzjgEAzAu\n" + - "MQswCQYDVQQGEwJVUzENMAsGA1UECgwESmF2YTEQMA4GA1UECwwHU3VuSlNTRTAe\n" + - "Fw0yMDA0MjQxMjI1NDJaFw0zMDA0MjIxMjI1NDJaMC4xCzAJBgNVBAYTAlVTMQ0w\n" + - "CwYDVQQKDARKYXZhMRAwDgYDVQQLDAdTdW5KU1NFMIIBtjCCASsGByqGSM44BAEw\n" + - "ggEeAoGBAKgyb2XpANq43T8yBf5v0PTBOddLPxd0f0FotASron5rQr86JjBTfgIW\n" + - "oE4u7nYlO6bp/M4Dw6qZr+HaDu9taIDOj6LL51eUShVsOgS7XZcUzLT8vPnkEDDo\n" + - "u326x0B7fuNCbMLm+ipM2d4FhLUTt4Qb5TcY6l7dOGHeWiL7nl43AhUAoGr8DY2m\n" + - "WHZPHk2XbZ5wpaM2lLcCgYBKiFbFFViH/ylHJRPtYtjtJw4ls1scbVP4TRHnKoZc\n" + - "HPAird1fDYgGC2b0GQNAMABhI+L+ogxS7qakySpJCheuN25AjiSyilygQdlXoWRt\n" + - "Mggsh8EQZT7iP4V4e9m3xRHzb5ECvsSTdZB1BQMcC90W2Avq+orqgBnr2in9UEd8\n" + - "qwOBhAACgYAgVWxjYWlWIv7s4BnNMQoPKppi205f3aC6wv6Rqk4BnYYYrFONEmzQ\n" + - "hzj6lSXfxLpTu4lg2zNeIraZggoS0ztkbZNNADEmAHx+OLshiJJxu2/KfoopJOZg\n" + - "8ARmuaKOkWbkW9y4hWhfBlVwZbckG3Eibff0xronIXXy7B7UKaccyqNTMFEwHQYD\n" + - "VR0OBBYEFOE8AVLr0Tj3z/HjXttUdX9eqy02MB8GA1UdIwQYMBaAFOE8AVLr0Tj3\n" + - "z/HjXttUdX9eqy02MA8GA1UdEwEB/wQFMAMBAf8wCQYHKoZIzjgEAwMvADAsAhRC\n" + - "YLduLniBEJ51SfBWIkvNW6OG7QIUSKaTY6rgEFDEMoTqOjFChR22nkk=\n" + - "-----END CERTIFICATE-----", - "MIIBSgIBADCCASsGByqGSM44BAEwggEeAoGBAKgyb2XpANq43T8yBf5v0PTBOddL\n" + - "Pxd0f0FotASron5rQr86JjBTfgIWoE4u7nYlO6bp/M4Dw6qZr+HaDu9taIDOj6LL\n" + - "51eUShVsOgS7XZcUzLT8vPnkEDDou326x0B7fuNCbMLm+ipM2d4FhLUTt4Qb5TcY\n" + - "6l7dOGHeWiL7nl43AhUAoGr8DY2mWHZPHk2XbZ5wpaM2lLcCgYBKiFbFFViH/ylH\n" + - "JRPtYtjtJw4ls1scbVP4TRHnKoZcHPAird1fDYgGC2b0GQNAMABhI+L+ogxS7qak\n" + - "ySpJCheuN25AjiSyilygQdlXoWRtMggsh8EQZT7iP4V4e9m3xRHzb5ECvsSTdZB1\n" + - "BQMcC90W2Avq+orqgBnr2in9UEd8qwQWAhQ7rSn+WvIxeuZ/CK4p04eMe5JzpA=="), - - CA_ED25519( - "EdDSA", - // ED25519 - // Validity - // Not Before: May 24 23:32:35 2020 GMT - // Not After : May 22 23:32:35 2030 GMT - // X509v3 Authority Key Identifier: - // keyid:06:76:DB:88:EB:61:55:4C:C9:63:41:C2:A0:A8:57:3F:D7:F1:B8:EC - "-----BEGIN CERTIFICATE-----\n" + - "MIIByTCCAXugAwIBAgIUCyxKvhErehsygx50JYArsHby9hAwBQYDK2VwMDsxCzAJ\n" + - "BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" + - "U2VyaXZjZTAeFw0yMDA1MjQyMzMyMzVaFw0zMDA1MjIyMzMyMzVaMDsxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTAqMAUGAytlcAMhAKdotuYIkH8PYbopSLbaf1BtqUY2d6AbTgK2prMzQ6B3\n" + - "o4GQMIGNMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAZ224jrYVVMyWNBwqCo\n" + - "Vz/X8bjsMB8GA1UdIwQYMBaAFAZ224jrYVVMyWNBwqCoVz/X8bjsMA4GA1UdDwEB\n" + - "/wQEAwIBhjAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAwYIKwYBBQUHAwgGCCsGAQUF\n" + - "BwMJMAUGAytlcANBADVAArvME8xFigFhCCCOTBoy/4ldGkDZQ/GT3Q6xnAP558FU\n" + - "0G32OprKQZP43D9bmFU0LMgCVM9bHWU+bu/10AU=\n" + - "-----END CERTIFICATE-----", - "MC4CAQAwBQYDK2VwBCIEII/VYp8nu/eqq2L5y7/3IzavBgis4LWP6Rikv0N8SpgL"), - - CA_ED448( - "EdDSA", - // ED448 - // Validity - // Not Before: May 24 23:23:43 2020 GMT - // Not After : May 22 23:23:43 2030 GMT - // X509v3 Authority Key Identifier: - // keyid:F5:D5:9D:FB:6F:B7:50:29:DF:F0:B8:83:10:5F:9B:C4:A8:1C:E9:F4 - "-----BEGIN CERTIFICATE-----\n" + - "MIICFDCCAZSgAwIBAgIUKcmLeKilq0LN40sniBJO7F1gb/owBQYDK2VxMDsxCzAJ\n" + - "BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" + - "U2VyaXZjZTAeFw0yMDA1MjQyMzIzNDNaFw0zMDA1MjIyMzIzNDNaMDsxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTBDMAUGAytlcQM6APYP8iSXS8xPVDike5RgCByfTtg4GGtpYfoBtt6G5szA\n" + - "55ExAKjm03wtk29nEPU2mCHF2QgfBzUrgKOBkDCBjTAPBgNVHRMBAf8EBTADAQH/\n" + - "MB0GA1UdDgQWBBT11Z37b7dQKd/wuIMQX5vEqBzp9DAfBgNVHSMEGDAWgBT11Z37\n" + - "b7dQKd/wuIMQX5vEqBzp9DAOBgNVHQ8BAf8EBAMCAYYwKgYDVR0lAQH/BCAwHgYI\n" + - "KwYBBQUHAwMGCCsGAQUFBwMIBggrBgEFBQcDCTAFBgMrZXEDcwAlRXA2gPb52yV3\n" + - "MKJErjmKlYSFExj5w5jafbbd0QgI1yDs+qSaZLjQ8ljwabmLDg+KR+167m0djQDI\n" + - "OOoVuL7bgM0RL836KnuuBzm+gTdPp0gCXy3k9lL0KA0V2YLJHXXzu3suu+7rdgoP\n" + - "plCh2hWdLgA=\n" + - "-----END CERTIFICATE-----", - "MEcCAQAwBQYDK2VxBDsEOd6/hRZqkUyTlJSwdN5gO/HnoWYda1fD83YUm5j6m2Bg\n" + - "hAQi+QadFsQLD7R6PI/4Q0twXqlKnxU5Ug=="), - - EE_ECDSA_SECP256R1( - "EC", - // SHA256withECDSA, curve secp256r1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Authority Key Identifier: - // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 - "-----BEGIN CERTIFICATE-----\n" + - "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" + - "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" + - "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" + - "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" + - "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" + - "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" + - "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" + - "-----END CERTIFICATE-----", - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" + - "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" + - "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6"), - - EE_ECDSA_SECP384R1( - "EC", - // SHA384withECDSA, curve secp384r1 - // Validity - // Not Before: Jun 24 08:15:06 2019 GMT - // Not After : Jun 19 08:15:06 2039 GMT - // Authority Key Identifier: - // 40:2D:AA:EE:66:AA:33:27:AD:9B:5D:52:9B:60:67:6A:2B:AD:52:D2 - "-----BEGIN CERTIFICATE-----\n" + - "MIICEjCCAZegAwIBAgIUS3F0AqAXWRg07CnbknJzxofyBQMwCgYIKoZIzj0EAwMw\n" + - "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + - "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" + - "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + - "dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwdjAQBgcqhkjOPQIB\n" + - "BgUrgQQAIgNiAARqElz8b6T07eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/w\n" + - "G8ASSevpgqgpi6EzpBZaaJxE3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEj\n" + - "iLjYmt3O0pwpklijQjBAMB0GA1UdDgQWBBRALaruZqozJ62bXVKbYGdqK61S0jAf\n" + - "BgNVHSMEGDAWgBRKS1IUCtHWn/mZdXSTKjRHEhVr9TAKBggqhkjOPQQDAwNpADBm\n" + - "AjEArVDFKf48xijN6huVUJzKCOP0zlWB5Js+DItIkZmLQuhciPLhLIB/rChf3Y4C\n" + - "xuP4AjEAmfLhQRI0O3pifpYzYSVh2G7/jHNG4eO+2dvgAcU+Lh2IIj/cpLaPFSvL\n" + - "J8FXY9Nj\n" + - "-----END CERTIFICATE-----", - "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDASuI9EtK29APXPipkc\n" + - "qDA+qwlewMjv/OcjUJ77kP1Vz62oVF9iY9SRIyFIUju8wt+hZANiAARqElz8b6T0\n" + - "7eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/wG8ASSevpgqgpi6EzpBZaaJxE\n" + - "3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEjiLjYmt3O0pwpklg="), - - EE_ECDSA_SECP521R1( - "EC", - // SHA512withECDSA, curve secp521r1 - // Validity - // Not Before: Jun 24 08:15:06 2019 GMT - // Not After : Jun 19 08:15:06 2039 GMT - // Authority Key Identifier: - // 7B:AA:79:A4:49:DD:59:34:F0:86:6C:51:C7:30:F4:CE:C5:81:8A:28 - "-----BEGIN CERTIFICATE-----\n" + - "MIICXDCCAb2gAwIBAgIUck4QTsbHNqUfPxfGPJLYbedFPdswCgYIKoZIzj0EAwQw\n" + - "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + - "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" + - "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + - "dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwgZswEAYHKoZIzj0C\n" + - "AQYFK4EEACMDgYYABAGa2zDLhYQHHCLI3YBqFYJTzrnDIjzwXrxhcRTS8DYkcrjZ\n" + - "+Fih1YyNhix0sdjH+3EqElXAHHuVzn3n3hPOtQCWlQCICkErB34S0cvmtRkeW8Fi\n" + - "hrR5tvJEzEZjPSgwn81kKyhV2L70je6i7Cw884Va8bODckpgw0vTmbQb7T9dupkv\n" + - "1aNCMEAwHQYDVR0OBBYEFHuqeaRJ3Vk08IZsUccw9M7FgYooMB8GA1UdIwQYMBaA\n" + - "FEAivFrtaq2pQJ4cW4pEQML3aym9MAoGCCqGSM49BAMEA4GMADCBiAJCAb33KHdY\n" + - "WDbusORWoY8Euglpd5zsF15hJsk7wtpD5HST1/NWmdCx405w+TV6a9Gr4VPHeaIQ\n" + - "99i/+f237ALL5p6IAkIBbwwFL1vt3c/bx+niyuffQPNjly80rdC9puqAqriSiboS\n" + - "efhxjidJ9HLaIRCMEPyd6vAsC8mO8YvL1uCuEQLsiGM=\n" + - "-----END CERTIFICATE-----", - "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIB8C/2OX2Dt9vFszzV\n" + - "hcAe0CbkMlvu9uQ/L7Vz88heuIj0rUZIPGshvgIJt1hCMT8HZxYHvDa4lbUvqjFB\n" + - "+zafvPWhgYkDgYYABAGa2zDLhYQHHCLI3YBqFYJTzrnDIjzwXrxhcRTS8DYkcrjZ\n" + - "+Fih1YyNhix0sdjH+3EqElXAHHuVzn3n3hPOtQCWlQCICkErB34S0cvmtRkeW8Fi\n" + - "hrR5tvJEzEZjPSgwn81kKyhV2L70je6i7Cw884Va8bODckpgw0vTmbQb7T9dupkv\n" + - "1Q=="), - - EE_RSA_2048( - "RSA", - // SHA256withRSA, 2048 bits - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Authority Key Identifier: - // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C - "-----BEGIN CERTIFICATE-----\n" + - "MIIDNjCCAh6gAwIBAgIJAO2+yPcFryUTMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n" + - "AQ8AMIIBCgKCAQEAszfBobWfZIp8AgC6PiWDDavP65mSvgCXUGxACbxVNAfkLhNR\n" + - "QOsHriRB3X1Q3nvO9PetC6wKlvE9jlnDDj7D+1j1r1CHO7ms1fq8rfcQYdkanDtu\n" + - "4AlHo8v+SSWX16MIXFRYDj2VVHmyPtgbltcg4zGAuwT746FdLI94uXjJjq1IOr/v\n" + - "0VIlwE5ORWH5Xc+5Tj+oFWK0E4a4GHDgtKKhn2m72hN56/GkPKGkguP5NRS1qYYV\n" + - "/EFkdyQMOV8J1M7HaicSft4OL6eKjTrgo93+kHk+tv0Dc6cpVBnalX3TorG8QI6B\n" + - "cHj1XQd78oAlAC+/jF4pc0mwi0un49kdK9gRfQIDAQABoyMwITAfBgNVHSMEGDAW\n" + - "gBQN3ZPJ/ku9NbfomXiQ+9taPdsVTDANBgkqhkiG9w0BAQsFAAOCAQEApXS0nKwm\n" + - "Kp8gpmO2yG1rpd1+2wBABiMU4JZaTqmma24DQ3RzyS+V2TeRb29dl5oTUEm98uc0\n" + - "GPZvhK8z5RFr4YE17dc04nI/VaNDCw4y1NALXGs+AHkjoPjLyGbWpi1S+gfq2sNB\n" + - "Ekkjp6COb/cb9yiFXOGVls7UOIjnVZVd0r7KaPFjZhYh82/f4PA/A1SnIKd1+nfH\n" + - "2yk7mSJNC7Z3qIVDL8MM/jBVwiC3uNe5GPB2uwhd7k5LGAVN3j4HQQGB0Sz+VC1h\n" + - "92oi6xDa+YBva2fvHuCd8P50DDjxmp9CemC7rnZ5j8egj88w14X44Xjb/Fd/ApG9\n" + - "e57NnbT7KM+Grw==\n" + - "-----END CERTIFICATE-----", - "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzN8GhtZ9kinwC\n" + - "ALo+JYMNq8/rmZK+AJdQbEAJvFU0B+QuE1FA6weuJEHdfVDee870960LrAqW8T2O\n" + - "WcMOPsP7WPWvUIc7uazV+ryt9xBh2RqcO27gCUejy/5JJZfXowhcVFgOPZVUebI+\n" + - "2BuW1yDjMYC7BPvjoV0sj3i5eMmOrUg6v+/RUiXATk5FYfldz7lOP6gVYrQThrgY\n" + - "cOC0oqGfabvaE3nr8aQ8oaSC4/k1FLWphhX8QWR3JAw5XwnUzsdqJxJ+3g4vp4qN\n" + - "OuCj3f6QeT62/QNzpylUGdqVfdOisbxAjoFwePVdB3vygCUAL7+MXilzSbCLS6fj\n" + - "2R0r2BF9AgMBAAECggEASIkPkMCuw4WdTT44IwERus3IOIYOs2IP3BgEDyyvm4B6\n" + - "JP/iihDWKfA4zEl1Gqcni1RXMHswSglXra682J4kui02Ov+vzEeJIY37Ibn2YnP5\n" + - "ZjRT2s9GtI/S2o4hl8A/mQb2IMViFC+xKehTukhV4j5d6NPKk0XzLR7gcMjnYxwn\n" + - "l21fS6D2oM1xRG/di7sL+uLF8EXLRzfiWDNi12uQv4nwtxPKvuKhH6yzHt7YqMH0\n" + - "46pmDKDaxV4w1JdycjCb6NrCJOYZygoQobuZqOQ30UZoZsPJrtovkncFr1e+lNcO\n" + - "+aWDfOLCtTH046dEQh5oCShyXMybNlry/QHsOtHOwQKBgQDh2iIjs+FPpQy7Z3EX\n" + - "DGEvHYqPjrYO9an2KSRr1m9gzRlWYxKY46WmPKwjMerYtra0GP+TBHrgxsfO8tD2\n" + - "wUAII6sd1qup0a/Sutgf2JxVilLykd0+Ge4/Cs51tCdJ8EqDV2B6WhTewOY2EGvg\n" + - "JiKYkeNwgRX/9M9CFSAMAk0hUQKBgQDLJAartL3DoGUPjYtpJnfgGM23yAGl6G5r\n" + - "NSXDn80BiYIC1p0bG3N0xm3yAjqOtJAUj9jZbvDNbCe3GJfLARMr23legX4tRrgZ\n" + - "nEdKnAFKAKL01oM+A5/lHdkwaZI9yyv+hgSVdYzUjB8rDmzeVQzo1BT7vXypt2yV\n" + - "6O1OnUpCbQKBgA/0rzDChopv6KRcvHqaX0tK1P0rYeVQqb9ATNhpf9jg5Idb3HZ8\n" + - "rrk91BNwdVz2G5ZBpdynFl9G69rNAMJOCM4KZw5mmh4XOEq09Ivba8AHU7DbaTv3\n" + - "7QL7KnbaUWRB26HHzIMYVh0el6T+KADf8NXCiMTr+bfpfbL3dxoiF3zhAoGAbCJD\n" + - "Qse1dBs/cKYCHfkSOsI5T6kx52Tw0jS6Y4X/FOBjyqr/elyEexbdk8PH9Ar931Qr\n" + - "NKMvn8oA4iA/PRrXX7M2yi3YQrWwbkGYWYjtzrzEAdzmg+5eARKAeJrZ8/bg9l3U\n" + - "ttKaItJsDPlizn8rngy3FsJpR9aSAMK6/+wOiYkCgYEA1tZkI1rD1W9NYZtbI9BE\n" + - "qlJVFi2PBOJMKNuWdouPX3HLQ72GJSQff2BFzLTELjweVVJ0SvY4IipzpQOHQOBy\n" + - "5qh/p6izXJZh3IHtvwVBjHoEVplg1b2+I5e3jDCfqnwcQw82dW5SxOJMg1h/BD0I\n" + - "qAL3go42DYeYhu/WnECMeis="), - - EE_EC_RSA_SECP256R1( - "EC", - // SHA256withRSA, curve secp256r1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 21 07:18:16 2028 GMT - // Authority Key Identifier: - // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C - "-----BEGIN CERTIFICATE-----\n" + - "MIICazCCAVOgAwIBAgIJAO2+yPcFryUUMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0yODA1MjEwNzE4MTZaMFUxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" + - "AQcDQgAE59MERNTlVZ1eeps8Z3Oue5ZkgQdPtD+WIE6tj3PbIKpxGPDxvfNP959A\n" + - "yQjEK/ehWQVrCMmNoEkIzY+IIBgB06MjMCEwHwYDVR0jBBgwFoAUDd2Tyf5LvTW3\n" + - "6Jl4kPvbWj3bFUwwDQYJKoZIhvcNAQELBQADggEBAFOTVEqs70ykhZiIdrEsF1Ra\n" + - "I3B2rLvwXZk52uSltk2/bzVvewA577ZCoxQ1pL7ynkisPfBN1uVYtHjM1VA3RC+4\n" + - "+TAK78dnI7otYjWoHp5rvs4l6c/IbOspS290IlNuDUxMErEm5wxIwj+Aukx/1y68\n" + - "hOyCvHBLMY2c1LskH1MMBbDuS1aI+lnGpToi+MoYObxGcV458vxuT8+wwV8Fkpvd\n" + - "ll8IIFmeNPRv+1E+lXbES6CSNCVaZ/lFhPgdgYKleN7sfspiz50DG4dqafuEAaX5\n" + - "xaK1NWXJxTRz0ROH/IUziyuDW6jphrlgit4+3NCzp6vP9hAJQ8Vhcj0n15BKHIQ=\n" + - "-----END CERTIFICATE-----", - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGVc7hICpmp91jbYe\n" + - "nrr8nYHD37RZP3VENY+szuA7WjuhRANCAATn0wRE1OVVnV56mzxnc657lmSBB0+0\n" + - "P5YgTq2Pc9sgqnEY8PG980/3n0DJCMQr96FZBWsIyY2gSQjNj4ggGAHT"), - - EE_DSA_2048( - "DSA", - // SHA256withDSA, 2048 bits - // Validity - // Not Before: May 22 07:18:20 2018 GMT - // Not After : May 17 07:18:20 2038 GMT - // Authority Key Identifier: - // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53 - "-----BEGIN CERTIFICATE-----\n" + - "MIIEnDCCBEGgAwIBAgIJAP/jh1qVhNVjMAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" + - "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" + - "Y2UwHhcNMTgwNTIyMDcxODIwWhcNMzgwNTE3MDcxODIwWjBVMQswCQYDVQQGEwJV\n" + - "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Ux\n" + - "GDAWBgNVBAMMD1JlZ3Jlc3Npb24gVGVzdDCCA0cwggI6BgcqhkjOOAQBMIICLQKC\n" + - "AQEAmlavgoJrMcjqWRVcDE2dmWAPREgnzQvneEDef68cprDzjSwvOs5QeFyx75ib\n" + - "ado1e6jO/rW1prCGWHDD1oA/Tn4Pk3vu0nUxzvl1qATc+aJbpUU5Op0bvp6LbCsQ\n" + - "QslV9FeRh7Eb7bP6gpc/kHCBzEgC1VCK7prccXWy+t6SMOHbND3h+UbckfSaUuaV\n" + - "sVJNTD1D6GElfRj4Nmz1BGPfSYvKorwNZEU3gXwFgtDoAcGx7tcyClLpDHfqRfw/\n" + - "7yiqLyeiP7D4hl5lMNouJWDlAdMFp0FMgS3s9VDFinIcr6VtBWMTG7+4+czHAB+3\n" + - "fvrwlqNzhBn3uFHrekN/w8fNxwIhAJo7Sae1za7IMW0Q6hE5B4b+s2B/FaKPoA4E\n" + - "jtZu13B9AoIBAQCOZqLMKfvqZWUgT0PQ3QjR7dAFdd06I9Y3+TOQzZk1+j+vw/6E\n" + - "X4vFItX4gihb/u5Q9CdmpwhVGi7bvo+7+/IKeTgoQ6f5+PSug7SrWWUQ5sPwaZui\n" + - "zXZJ5nTeZDucFc2yFx0wgnjbPwiUxZklOT7xGiOMtzOTa2koCz5KuIBL+/wPKKxm\n" + - "ypo9VoY9xfbdU6LMXZv/lpD5XTM9rYHr/vUTNkukvV6Hpm0YMEWhVZKUJiqCqTqG\n" + - "XHaleOxSw6uQWB/+TznifcC7gB48UOQjCqOKf5VuwQneJLhlhU/jhRV3xtr+hLZa\n" + - "hW1wYhVi8cjLDrZFKlgEQqhB4crnJU0mJY+tA4IBBQACggEAID0ezl00/X8mv7eb\n" + - "bzovum1+DEEP7FM57k6HZEG2N3ve4CW+0m9Cd+cWPz8wkZ+M0j/Eqa6F0IdbkXEc\n" + - "Q7CuzvUyJ57xQ3L/WCgXsiS+Bh8O4Mz7GwW22CGmHqafbVv+hKBfr8MkskO6GJUt\n" + - "SUF/CVLzB4gMIvZMH26tBP2xK+i7FeEK9kT+nGdzQSZBAhFYpEVCBplHZO24/OYq\n" + - "1DNoU327nUuXIhmsfA8N0PjiWbIZIjTPwBGr9H0LpATI7DIDNcvRRvtROP+pBU9y\n" + - "fuykPkptg9C0rCM9t06bukpOSaEz/2VIQdLE8fHYFA6pHZ6CIc2+5cfvMgTPhcjz\n" + - "W2jCt6MjMCEwHwYDVR0jBBgwFoAUdmae9zvdReU72XI8P/BUOYYxJlMwCwYJYIZI\n" + - "AWUDBAMCA0gAMEUCIQCeI5fN08b9BpOaHdc3zQNGjp24FOL/RxlBLeBAorswJgIg\n" + - "JEZ8DhYxQy1O7mmZ2UIT7op6epWMB4dENjs0qWPmcKo=\n" + - "-----END CERTIFICATE-----", - "MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQCaVq+CgmsxyOpZFVwMTZ2ZYA9E\n" + - "SCfNC+d4QN5/rxymsPONLC86zlB4XLHvmJtp2jV7qM7+tbWmsIZYcMPWgD9Ofg+T\n" + - "e+7SdTHO+XWoBNz5olulRTk6nRu+notsKxBCyVX0V5GHsRvts/qClz+QcIHMSALV\n" + - "UIrumtxxdbL63pIw4ds0PeH5RtyR9JpS5pWxUk1MPUPoYSV9GPg2bPUEY99Ji8qi\n" + - "vA1kRTeBfAWC0OgBwbHu1zIKUukMd+pF/D/vKKovJ6I/sPiGXmUw2i4lYOUB0wWn\n" + - "QUyBLez1UMWKchyvpW0FYxMbv7j5zMcAH7d++vCWo3OEGfe4Uet6Q3/Dx83HAiEA\n" + - "mjtJp7XNrsgxbRDqETkHhv6zYH8Voo+gDgSO1m7XcH0CggEBAI5moswp++plZSBP\n" + - "Q9DdCNHt0AV13Toj1jf5M5DNmTX6P6/D/oRfi8Ui1fiCKFv+7lD0J2anCFUaLtu+\n" + - "j7v78gp5OChDp/n49K6DtKtZZRDmw/Bpm6LNdknmdN5kO5wVzbIXHTCCeNs/CJTF\n" + - "mSU5PvEaI4y3M5NraSgLPkq4gEv7/A8orGbKmj1Whj3F9t1Tosxdm/+WkPldMz2t\n" + - "gev+9RM2S6S9XoembRgwRaFVkpQmKoKpOoZcdqV47FLDq5BYH/5POeJ9wLuAHjxQ\n" + - "5CMKo4p/lW7BCd4kuGWFT+OFFXfG2v6EtlqFbXBiFWLxyMsOtkUqWARCqEHhyucl\n" + - "TSYlj60EIgIgLfA75+8KcKxdN8mr6gzGjQe7jPFGG42Ejhd7Q2F4wuw="), - - EE_DSA_1024( - "DSA", - // dsaWithSHA1, 1024 bits - // Validity - // Not Before: Apr 24 12:25:43 2020 GMT - // Not After : Apr 22 12:25:43 2030 GMT - // Authority Key Identifier: - // E1:3C:01:52:EB:D1:38:F7:CF:F1:E3:5E:DB:54:75:7F:5E:AB:2D:36 - "-----BEGIN CERTIFICATE-----\n" + - "MIIDADCCAr+gAwIBAgIUd2XJ5F2VTbk9a92w/NzLXR5zjUQwCQYHKoZIzjgEAzAu\n" + - "MQswCQYDVQQGEwJVUzENMAsGA1UECgwESmF2YTEQMA4GA1UECwwHU3VuSlNTRTAe\n" + - "Fw0yMDA0MjQxMjI1NDNaFw0zMDA0MjIxMjI1NDNaMEgxCzAJBgNVBAYTAlVTMQ0w\n" + - "CwYDVQQKDARKYXZhMRAwDgYDVQQLDAdTdW5KU1NFMRgwFgYDVQQDDA9SZWdyZXNz\n" + - "aW9uIFRlc3QwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA7fSkxYISlMJT+i8N5VOb\n" + - "lHhjrPYAy3oR2/YXQW6T0hCMhm8jmxgk1bDId9ZKHrxsM05EkCtRYaqag4ZZeGde\n" + - "ywv3IwwYqCQfGtkPwT9QAsdSABYwGOrlhEtZtBG1yQ44c+Rz/Vs+PtkAyZbf5VG1\n" + - "iSxFb9bI5QFJWJ9a2VpZh58CFQCCGALQoK4MsQP8V72WlB7Bvt9erwKBgQDCxu0G\n" + - "M2iZr0J8DaAo9/ChS4m7E7h6Jz9KOm2cFhzYGekkUXNzny7nyz6Qpgbuf8KNFKjt\n" + - "qoUDC8tlcVQAUlTcESC0TZXR3h21hl9wzIBhE+kJ1j8v1KAxfOaJOxObk5QEvIaA\n" + - "5j+jiHGwRS5tDqywOatz+emwMZv1wKnCNBElNgOBhAACgYBHjuQKucCuuvy/4DpG\n" + - "rSIzdueK+HrzOW8h2pfvz3lzpsyV6XJPC6we9CjaQjU01VcjwN2PoYtbGyml0pbK\n" + - "We4sdgn6LDL1aCM/WKRSxGHVTx+wkhKQ719YtiC0T6sA+eLirc6VT3/6+FbQWC+2\n" + - "bG7N19sGpV/RAXMBpRXUnBJSQaNCMEAwHQYDVR0OBBYEFNNZxyxuQmKvWowofr/S\n" + - "HdCIS+W8MB8GA1UdIwQYMBaAFOE8AVLr0Tj3z/HjXttUdX9eqy02MAkGByqGSM44\n" + - "BAMDMAAwLQIUUzzMhZ9St/Vo/YdgNTHdTw4cm14CFQCE6tWG157Wl5YFyYsGHsLY\n" + - "NN8uCA==\n" + - "-----END CERTIFICATE-----", - "MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAO30pMWCEpTCU/ovDeVTm5R4Y6z2\n" + - "AMt6Edv2F0Fuk9IQjIZvI5sYJNWwyHfWSh68bDNORJArUWGqmoOGWXhnXssL9yMM\n" + - "GKgkHxrZD8E/UALHUgAWMBjq5YRLWbQRtckOOHPkc/1bPj7ZAMmW3+VRtYksRW/W\n" + - "yOUBSVifWtlaWYefAhUAghgC0KCuDLED/Fe9lpQewb7fXq8CgYEAwsbtBjNoma9C\n" + - "fA2gKPfwoUuJuxO4eic/SjptnBYc2BnpJFFzc58u58s+kKYG7n/CjRSo7aqFAwvL\n" + - "ZXFUAFJU3BEgtE2V0d4dtYZfcMyAYRPpCdY/L9SgMXzmiTsTm5OUBLyGgOY/o4hx\n" + - "sEUubQ6ssDmrc/npsDGb9cCpwjQRJTYEFgIUNRiLmNzfTYOuVsjkySPzP5gPImM="), - - EE_ED25519( - "EdDSA", - // ED25519 - // Validity - // Not Before: May 24 23:32:36 2020 GMT - // Not After : May 22 23:32:36 2030 GMT - // X509v3 Authority Key Identifier: - // keyid:06:76:DB:88:EB:61:55:4C:C9:63:41:C2:A0:A8:57:3F:D7:F1:B8:EC - "-----BEGIN CERTIFICATE-----\n" + - "MIIBlDCCAUagAwIBAgIUFTt/jcgQ65nhTG8LkrWFJhhEGuwwBQYDK2VwMDsxCzAJ\n" + - "BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" + - "U2VyaXZjZTAeFw0yMDA1MjQyMzMyMzZaFw0zMDA1MjIyMzMyMzZaMFUxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MCowBQYDK2VwAyEAGAYQmKb7\n" + - "WNYpVxIdsc49lI1emNjF06/Jl85zlG0wc9OjQjBAMB0GA1UdDgQWBBQkJ2E4/S8Z\n" + - "EIM1v9uTc0eYtYNk3zAfBgNVHSMEGDAWgBQGdtuI62FVTMljQcKgqFc/1/G47DAF\n" + - "BgMrZXADQQCVZnl/AyIEtZ8r45e/hcfxwuezgRX+7e9NHZFV1A/TMGcBRORDfDUi\n" + - "bbh72K528fjT7P4/WoXvm1zJKOAzUOUL\n" + - "-----END CERTIFICATE-----", - "MC4CAQAwBQYDK2VwBCIEIGBmdh4tfc0lng/LWokhfFLlo0ZlmTn2lbI639qou2KP"), - - EE_ED448( - "EdDSA", - // ED448 - // Validity - // Not Before: May 24 23:23:43 2020 GMT - // Not After : May 22 23:23:43 2030 GMT - // X509v3 Authority Key Identifier: - // keyid:F5:D5:9D:FB:6F:B7:50:29:DF:F0:B8:83:10:5F:9B:C4:A8:1C:E9:F4 - "-----BEGIN CERTIFICATE-----\n" + - "MIIB3zCCAV+gAwIBAgIUNlWzFrH2+BILqM3SNYQjKoY98S8wBQYDK2VxMDsxCzAJ\n" + - "BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" + - "U2VyaXZjZTAeFw0yMDA1MjQyMzIzNDNaFw0zMDA1MjIyMzIzNDNaMFUxCzAJBgNV\n" + - "BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" + - "aXZjZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MEMwBQYDK2VxAzoAoIubPNAg\n" + - "F11u3MQ5d9wujg10+80I0xzYzTqzzXrfJNtw+eU8NbUk86xiCvlMzJRH0Oo3DbY8\n" + - "NAKAo0IwQDAdBgNVHQ4EFgQUUiI1+qT1x+HsDgfZRIU6hUaAbmUwHwYDVR0jBBgw\n" + - "FoAU9dWd+2+3UCnf8LiDEF+bxKgc6fQwBQYDK2VxA3MAx8P0mle08s5YDd/p58dt\n" + - "yORqvDPwo5IYPasqN8Zeen1B9u1xF/kvDGFxCJ6D9Gi4ynnDx0FZFMkA83evZcxJ\n" + - "+X+swt7FyHwXrdkZcvjRKEcsWhkj+0FlxYF/NZzLTGuGIPYJnRLEwf/zr+5NDxKs\n" + - "fCoA\n" + - "-----END CERTIFICATE-----", - "MEcCAQAwBQYDK2VxBDsEOfbhmUSuKP9WCO7Nr6JxVq5rfJESk1MNMyYhC134SiAP\n" + - "Suw0Cu7RZVadpfPR7Kiwb2b/JXjMdY1HAA=="); - - final String keyAlgo; - final String certStr; - final String privKeyStr; - - Cert(String keyAlgo, String certStr, String privKeyStr) { - this.keyAlgo = keyAlgo; - this.certStr = certStr; - this.privKeyStr = privKeyStr; - } - } } diff --git a/test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java b/test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java index 66efefeee4a..734906f03e1 100644 --- a/test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java +++ b/test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java @@ -53,7 +53,7 @@ import java.util.Arrays; * (wrap/unwrap) pass before any application data is consumed or * produced. */ -public class AlpnGreaseTest implements SSLContextTemplate { +public class AlpnGreaseTest extends SSLContextTemplate { private final SSLEngine clientEngine; // client Engine private final ByteBuffer clientOut; // write side of clientEngine diff --git a/test/jdk/sun/security/ssl/CipherSuite/DisabledCurve.java b/test/jdk/sun/security/ssl/CipherSuite/DisabledCurve.java index e63c1689512..26304c5df95 100644 --- a/test/jdk/sun/security/ssl/CipherSuite/DisabledCurve.java +++ b/test/jdk/sun/security/ssl/CipherSuite/DisabledCurve.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -48,21 +48,23 @@ public class DisabledCurve extends SSLSocketTemplate { { { "TLSv1.2" }, { "TLSv1.2" } }, { { "TLSv1.1" }, { "TLSv1.1" } }, { { "TLSv1" }, { "TLSv1" } } }; + @Override protected SSLContext createClientSSLContext() throws Exception { return createSSLContext( - new SSLSocketTemplate.Cert[] { - SSLSocketTemplate.Cert.CA_ECDSA_SECP384R1 }, - new SSLSocketTemplate.Cert[] { - SSLSocketTemplate.Cert.EE_ECDSA_SECP384R1 }, + new SSLContextTemplate.Cert[] { + SSLContextTemplate.Cert.CA_ECDSA_SECP384R1 }, + new SSLContextTemplate.Cert[] { + SSLContextTemplate.Cert.EE_ECDSA_SECP384R1 }, getClientContextParameters()); } + @Override protected SSLContext createServerSSLContext() throws Exception { return createSSLContext( - new SSLSocketTemplate.Cert[] { - SSLSocketTemplate.Cert.CA_ECDSA_SECP384R1 }, - new SSLSocketTemplate.Cert[] { - SSLSocketTemplate.Cert.EE_ECDSA_SECP384R1 }, + new SSLContextTemplate.Cert[] { + SSLContextTemplate.Cert.CA_ECDSA_SECP384R1 }, + new SSLContextTemplate.Cert[] { + SSLContextTemplate.Cert.EE_ECDSA_SECP384R1 }, getServerContextParameters()); } diff --git a/test/jdk/sun/security/ssl/CipherSuite/RestrictSignatureScheme.java b/test/jdk/sun/security/ssl/CipherSuite/RestrictSignatureScheme.java index 3dde234a2ce..eebff3ec96c 100644 --- a/test/jdk/sun/security/ssl/CipherSuite/RestrictSignatureScheme.java +++ b/test/jdk/sun/security/ssl/CipherSuite/RestrictSignatureScheme.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,21 +28,12 @@ * @summary Restrict signature algorithms and named groups * @run main/othervm RestrictSignatureScheme */ -import java.io.ByteArrayInputStream; -import java.security.KeyFactory; -import java.security.KeyStore; -import java.security.PrivateKey; + import java.security.Security; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; -import java.security.spec.PKCS8EncodedKeySpec; import java.util.Arrays; -import java.util.Base64; -import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLServerSocket; -import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.SSLException; public class RestrictSignatureScheme extends SSLSocketTemplate { @@ -58,16 +49,20 @@ public class RestrictSignatureScheme extends SSLSocketTemplate { private final SSLContext context; RestrictSignatureScheme() throws Exception { - this.context = createSSLContext(); + this.context = createSSLContext( + new Cert[]{Cert.EE_RSASSA_PSS}, + new Cert[]{Cert.EE_RSASSA_PSS}, + new ContextParameters("TLS", "PKIX", "NewSunX509") + ); } @Override - protected SSLContext createClientSSLContext() throws Exception { + public SSLContext createClientSSLContext() throws Exception { return context; } @Override - protected SSLContext createServerSSLContext() throws Exception { + public SSLContext createServerSSLContext() throws Exception { return context; } @@ -117,116 +112,4 @@ public class RestrictSignatureScheme extends SSLSocketTemplate { throw new Exception("The test case should be disabled"); } } - - - private static final String trustedCertStr = - /** - * Signature Algorithm: rsassaPss - * Issuer: CN = localhost - * Validity Not Before: Jun 6 07:11:00 2018 GMT - * Not After : Jun 1 07:11:00 2038 GMT - * Subject: CN = localhost - * Public Key Algorithm: rsassaPss - */ - "-----BEGIN CERTIFICATE-----\n" - + "MIIDZjCCAh2gAwIBAgIUHxwPs3eAgJ057nJwiLgWZWeNqdgwPgYJKoZIhvcNAQEK\n" - + "MDGgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogQC\n" - + "AgDeMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xODA2MDYwNzExMDBaFw0zODA2\n" - + "MDEwNzExMDBaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASAwCwYJKoZIhvcNAQEK\n" - + "A4IBDwAwggEKAoIBAQCl8r4Qrg27BYUO/1Va2Ix8QPGzN/lvzmKvP5Ff26ovNW4v\n" - + "RUx68HzAhhiWtcl+PwLSbJqJreEkTlle7PnRAypby3fO7ZAK0Y3YiHquaBg7d+7Y\n" - + "FhhHwv8gG0lZcyA0BkXFJHqdq76qar0xHC6DVezXm0K3mcceymGtFR9BzWmAj+7D\n" - + "YsSwvtTQ7WNoQmf0cdDMSM71IwaTwIwvT2wzX1vv5hcdDyXdr64WFqWSA9sNJ2K6\n" - + "arxaaU1klwKSgDokF6njafWQ4UxdR67d5W1MYoiioDs2Yy3utsMpO2OUzZVBZNdT\n" - + "gkr1jsJhIurpz/5K51lwJIRQBezEFSb+60AFVoMJAgMBAAGjUDBOMB0GA1UdDgQW\n" - + "BBQfFit5ilWJmZgCX4QY0HsaI9iIDDAfBgNVHSMEGDAWgBQfFit5ilWJmZgCX4QY\n" - + "0HsaI9iIDDAMBgNVHRMEBTADAQH/MD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZIAWUD\n" - + "BAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3gOCAQEAa4yUQ3gh\n" - + "d1YWPdEa1sv2hdkhtenw6m5yxbmaQl2+nIKSpk4RfpXC7K1EYwBF8TdfFbD8hGGh\n" - + "5n81BT0/dn1R9SRGCv7KTxx4lfQt31frlsw/tVciwyXQtcUZ6DqfnLP0/aRVLNgx\n" - + "zaP542JUHFYLTC3EGz2zUgv70ZUTlIsPG3/p8YO1iXdnYGQyzOuQPUBpI7nS7UtR\n" - + "Ug8VE9ACpBxxI3qChMahFZGHlXCCSjSmxpQa6UO4SQl8q5tPNnqdzWwvAW8qkCy4\n" - + "6barRQ4sMcGayhHh/uSTx7bcl0FMJpcI1ygbw7/Pc03zKtw0gMTBMns7q4yXjb/u\n" - + "ef47nW0t+LRAAg==\n" - + "-----END CERTIFICATE-----\n"; - - private static final String keyCertStr = trustedCertStr; - - private static final String privateKey = - "MIIEuwIBADALBgkqhkiG9w0BAQoEggSnMIIEowIBAAKCAQEApfK+EK4NuwWFDv9V\n" - + "WtiMfEDxszf5b85irz+RX9uqLzVuL0VMevB8wIYYlrXJfj8C0myaia3hJE5ZXuz5\n" - + "0QMqW8t3zu2QCtGN2Ih6rmgYO3fu2BYYR8L/IBtJWXMgNAZFxSR6nau+qmq9MRwu\n" - + "g1Xs15tCt5nHHsphrRUfQc1pgI/uw2LEsL7U0O1jaEJn9HHQzEjO9SMGk8CML09s\n" - + "M19b7+YXHQ8l3a+uFhalkgPbDSdiumq8WmlNZJcCkoA6JBep42n1kOFMXUeu3eVt\n" - + "TGKIoqA7NmMt7rbDKTtjlM2VQWTXU4JK9Y7CYSLq6c/+SudZcCSEUAXsxBUm/utA\n" - + "BVaDCQIDAQABAoIBAAc4vRS0vlw5LUUtz2UYr2Ro3xvRf8Vh0eGWfpkRUiKjzJu6\n" - + "BE4FUSh/rWpBlvcrfs/xcfgz3OxbjIAZB/YUkS9Vd21F4VLXM7kMl2onlYZg/b/h\n" - + "lkTpM3kONu7xl6Er9LVTlRJveuinpHwSoeONRbVMSGb9BjFM1VtW4/lVGxZBG05D\n" - + "y9i/o4vCZqULn9cAumOwicKuCyTcS58XcMJ+puSPfRA71PYLxqFkASAoJsUwCXpo\n" - + "gs39lLsIFgrfO8mBO1ux/SE+QaRc+9XqFSHHKD1XqF/9zSYBgWjE910EcpdYEdZx\n" - + "GEkwea7Fn4brO5OpIrHY/45naqbUOBzv6gufMAECgYEAz7PHCdcrQvmOb8EiNbQH\n" - + "uvSimwObWJFeN1ykp6mfRbSnkXw7p8+M4Tc8HFi8QLpoq63Ev2AwoaQCQvHbFC2Y\n" - + "1Cz0EkC0aOp+tZP7U2AUBdkcDesZAJQTad0zV6KesyIUXdxZXDG8JJ1XSNWfTJV4\n" - + "QD+BjLZ0jiAyCIfVYvWQqYkCgYEAzIln1nKTixLMPr5CldSmR7ZarEtPJU+hHwVg\n" - + "dV/Lc6d2Yy9JgunOXRo4BXB1TEo8JFbK3HBQH6tS8li4qDr7WK5wyYfh8qb4WZyu\n" - + "lc562f2WVYntcN8/Ojb+Vyrt7lk9sq/8KoVHxEAWd6mqL9VTPYuAu1Vw9fTGIZfB\n" - + "lDeELYECgYAvdzU4UXzofGGJtohb332YwwlaBZP9xJLUcg6K5l+orWVSASMc8XiP\n" - + "i3DoRXsYC8GZ4kdBOPlEJ1gA9oaLcPQpIPDSLwlLpLM6Scw4vI822uvnXl/DWxOo\n" - + "sM1n7Jj59QLUhGPDhvYpI+/rjC4wcUQe4qR3hMbUKBVnD6u7RsU9iQKBgQCQ17VK\n" - + "7bSCRfuRaxaoGADww7gOTv5rQ6qr1xjpxb7D1hFGR9Rc+smCsPB/GZZXQjK44SWj\n" - + "WX3ED4Ubzaxmpe4cbNu+O5XMSmWQwB36RFBHUwdE5/nXdqDFzu/qNqJrqZLBmVKP\n" - + "ofaiiWffsaytVvotmT6+atElvAMbAua42V+nAQKBgHtIn3mYMHLriYGhQzpkFEA2\n" - + "8YcAMlKppueOMAKVy8nLu2r3MidmLAhMiKJQKG45I3Yg0/t/25tXLiOPJlwrOebh\n" - + "xQqUBI/JUOIpGAEnr48jhOXnCS+i+z294G5U/RgjXrlR4bCPvrtCmwzWwe0h79w2\n" - + "Q2hO5ZTW6UD9CVA85whf"; - - private static SSLContext createSSLContext() throws Exception { - // Generate certificate from cert string - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - - // Create a key store - KeyStore ts = KeyStore.getInstance("PKCS12"); - KeyStore ks = KeyStore.getInstance("PKCS12"); - ts.load(null, null); - ks.load(null, null); - char passphrase[] = "passphrase".toCharArray(); - - // Import the trusted cert - ts.setCertificateEntry("trusted-cert-RSASSA-PSS", - cf.generateCertificate(new ByteArrayInputStream( - trustedCertStr.getBytes()))); - - boolean hasKeyMaterials = keyCertStr != null && privateKey != null; - if (hasKeyMaterials) { - - // Generate the private key. - PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( - Base64.getMimeDecoder().decode(privateKey)); - KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS"); - PrivateKey priKey = kf.generatePrivate(priKeySpec); - - // Generate certificate chain - Certificate keyCert = cf.generateCertificate( - new ByteArrayInputStream(keyCertStr.getBytes())); - Certificate[] chain = new Certificate[]{keyCert}; - - // Import the key entry. - ks.setKeyEntry("cert-RSASSA-PSS", priKey, passphrase, chain); - } - - // Create SSL context - TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); - tmf.init(ts); - - SSLContext context = SSLContext.getInstance("TLS"); - if (hasKeyMaterials) { - KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509"); - kmf.init(ks, passphrase); - context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - } else { - context.init(null, tmf.getTrustManagers(), null); - } - - return context; - } } diff --git a/test/jdk/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java b/test/jdk/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java index a3e355af361..497544bafc6 100644 --- a/test/jdk/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java +++ b/test/jdk/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java @@ -30,7 +30,7 @@ * @test * @bug 7031830 * @summary bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine - * @library /test/lib + * @library /test/lib /javax/net/ssl/templates * @run main/othervm SSLEngineBadBufferArrayAccess */ @@ -82,19 +82,19 @@ import javax.net.ssl.*; import javax.net.ssl.SSLEngineResult.*; import java.io.*; import java.net.*; -import java.security.*; import java.nio.*; import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; import jdk.test.lib.security.SecurityUtils; -public class SSLEngineBadBufferArrayAccess { +public class SSLEngineBadBufferArrayAccess extends SSLContextTemplate { /* * Enables logging of the SSL/TLS operations. */ - private static boolean logging = true; + private final static boolean logging = Boolean.parseBoolean( + System.getProperty("test.logging", "true")); /* * Enables the JSSE system debugging system property: @@ -105,8 +105,9 @@ public class SSLEngineBadBufferArrayAccess { * including specific handshake messages, and might be best examined * after gaining some familiarity with this application. */ - private static boolean debug = false; - private SSLContext sslc; + private final static boolean debug = Boolean.getBoolean("test.debug"); + private final String PROTOCOL; + private SSLEngine serverEngine; // server-side SSLEngine private final byte[] serverMsg = "Hi there Client, I'm a Server".getBytes(); @@ -124,20 +125,6 @@ public class SSLEngineBadBufferArrayAccess { private ByteBuffer cTOs; // "reliable" transport client->server private ByteBuffer sTOc; // "reliable" transport server->client - /* - * The following is to set up the keystores/trust material. - */ - private static final String pathToStores = "../../../../javax/net/ssl/etc"; - private static final String keyStoreFile = "keystore"; - private static final String trustStoreFile = "truststore"; - private static final String passwd = "passphrase"; - private static String keyFilename = - System.getProperty("test.src", ".") + "/" + pathToStores - + "/" + keyStoreFile; - private static String trustFilename = - System.getProperty("test.src", ".") + "/" + pathToStores - + "/" + trustStoreFile; - /* * Is the server ready to serve? */ @@ -156,7 +143,7 @@ public class SSLEngineBadBufferArrayAccess { /* * Main entry point for this test. */ - public static void main(String args[]) throws Exception { + public static void main(String[] args) throws Exception { if (debug) { System.setProperty("javax.net.debug", "all"); } @@ -165,7 +152,7 @@ public class SSLEngineBadBufferArrayAccess { SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1"); String [] protocols = new String [] { - "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" }; + "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; for (String protocol : protocols) { /* @@ -184,32 +171,18 @@ public class SSLEngineBadBufferArrayAccess { /* * Create an initialized SSLContext to use for these tests. */ - public SSLEngineBadBufferArrayAccess(String protocol) throws Exception { + public SSLEngineBadBufferArrayAccess(String protocol) { + PROTOCOL = protocol; + } - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); + @Override + protected ContextParameters getServerContextParameters() { + return new ContextParameters(PROTOCOL, "PKIX", "NewSunX509"); + } - char[] passphrase = "passphrase".toCharArray(); - - try (FileInputStream fis = new FileInputStream(keyFilename)) { - ks.load(fis, passphrase); - } - - try (FileInputStream fis = new FileInputStream(trustFilename)) { - ts.load(fis, passphrase); - } - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ts); - - SSLContext sslCtx = SSLContext.getInstance(protocol); - - sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - - sslc = sslCtx; + @Override + protected ContextParameters getClientContextParameters() { + return new ContextParameters(PROTOCOL, "PKIX", "NewSunX509"); } /* @@ -232,6 +205,7 @@ public class SSLEngineBadBufferArrayAccess { private void runTest(boolean direct) throws Exception { boolean serverClose = direct; + System.out.println("Running test serverClose = " + serverClose); ServerSocket serverSocket = new ServerSocket(0); serverPort = serverSocket.getLocalPort(); @@ -244,7 +218,7 @@ public class SSLEngineBadBufferArrayAccess { Socket socket; try { serverSocket.setSoTimeout(30000); - socket = (Socket) serverSocket.accept(); + socket = serverSocket.accept(); } catch (SocketTimeoutException ste) { serverSocket.close(); @@ -327,7 +301,7 @@ public class SSLEngineBadBufferArrayAccess { byte[] outbound = new byte[8192]; while (!isEngineClosed(serverEngine)) { - int len = 0; + int len; // Inbound data log("================"); @@ -336,7 +310,14 @@ public class SSLEngineBadBufferArrayAccess { try { len = is.read(inbound); if (len == -1) { - throw new Exception("Unexpected EOF"); + logSocketStatus(socket); + if (socket.isClosed() + || socket.isOutputShutdown()) { + log("Client socket was closed or shutdown output"); + break; + } else { + throw new Exception("Unexpected EOF"); + } } cTOs.put(inbound, 0, len); } catch (SocketTimeoutException ste) { @@ -372,16 +353,13 @@ public class SSLEngineBadBufferArrayAccess { closed = true; /* - * We'll alternate initiatating the shutdown. + * We'll alternate initiating the shutdown. * When the server initiates, it will take one more * loop, but tests the orderly shutdown. */ if (serverClose) { serverEngine.closeOutbound(); } - } - - if (closed && isEngineClosed(serverEngine)) { serverIn.flip(); /* @@ -403,6 +381,7 @@ public class SSLEngineBadBufferArrayAccess { } } serverIn.compact(); + break; } } } @@ -450,7 +429,7 @@ public class SSLEngineBadBufferArrayAccess { return; } - SSLSocketFactory sslsf = sslc.getSocketFactory(); + SSLSocketFactory sslsf = createClientSSLContext().getSocketFactory(); try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) { try { sslSocket.connect( @@ -492,6 +471,7 @@ public class SSLEngineBadBufferArrayAccess { InputStream is = sslSocket.getInputStream(); // write(byte[]) goes in one shot. + System.out.println("writing message to server."); os.write(clientMsg); byte[] inbound = new byte[2048]; @@ -499,14 +479,16 @@ public class SSLEngineBadBufferArrayAccess { int len; while ((len = is.read(inbound, pos, 2048 - pos)) != -1) { + System.out.printf("Client read %d bytes. Waiting for %d from server.%n", len, serverMsg.length); pos += len; // Let the client do the closing. if ((pos == serverMsg.length) && !serverClose) { + System.out.println("Closing the socket"); sslSocket.close(); break; } } - + System.out.println("Read everything we're going to, I guess."); if (pos != serverMsg.length) { throw new Exception("Client: Data length error"); } @@ -527,7 +509,7 @@ public class SSLEngineBadBufferArrayAccess { * Configure the serverEngine to act as a server in the SSL/TLS * handshake. */ - serverEngine = sslc.createSSLEngine(); + serverEngine = createServerSSLContext().createSSLEngine(); serverEngine.setUseClientMode(false); serverEngine.getNeedClientAuth(); } @@ -589,6 +571,15 @@ public class SSLEngineBadBufferArrayAccess { return (engine.isOutboundDone() && engine.isInboundDone()); } + private static void logSocketStatus(Socket socket) { + log("##### " + socket + " #####"); + log("isBound: " + socket.isBound()); + log("isConnected: " + socket.isConnected()); + log("isClosed: " + socket.isClosed()); + log("isInputShutdown: " + socket.isInputShutdown()); + log("isOutputShutdown: " + socket.isOutputShutdown()); + } + /* * Logging code */ diff --git a/test/jdk/sun/security/ssl/SSLSessionImpl/InvalidateSession.java b/test/jdk/sun/security/ssl/SSLSessionImpl/InvalidateSession.java index 2a13a8cdb8f..87eeeaebfdb 100644 --- a/test/jdk/sun/security/ssl/SSLSessionImpl/InvalidateSession.java +++ b/test/jdk/sun/security/ssl/SSLSessionImpl/InvalidateSession.java @@ -37,7 +37,7 @@ import java.util.*; import jdk.test.lib.security.SecurityUtils; -public class InvalidateSession implements SSLContextTemplate { +public class InvalidateSession extends SSLContextTemplate { static ServerSocketFactory serverSsf = null; static SSLSocketFactory clientSsf = null; diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java b/test/jdk/sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java index 249aab13291..e21cc314775 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java @@ -34,7 +34,7 @@ import javax.net.ssl.*; import java.net.InetAddress; -public class ClientSocketCloseHang implements SSLContextTemplate { +public class ClientSocketCloseHang extends SSLContextTemplate { public static void main(String[] args) throws Exception { System.setProperty("jdk.tls.client.protocols", args[0]); diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java b/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java deleted file mode 100644 index b220a3d434b..00000000000 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -// -// Please run in othervm mode. SunJSSE does not support dynamic system -// properties, no way to re-use system properties in samevm/agentvm mode. -// - -/* - * @test - * @bug 8209333 - * @summary Socket reset issue for TLS 1.3 socket close - * @library /javax/net/ssl/templates - * @run main/othervm SSLSocketBruceForceClose - */ - -import javax.net.ssl.*; -import java.io.*; -import java.net.InetAddress; - -public class SSLSocketBruceForceClose implements SSLContextTemplate { - - public static void main(String[] args) throws Exception { - for (int i = 0; i<= 10; i++) { - System.err.println("==================================="); - System.err.println("loop " + i); - System.err.println("==================================="); - new SSLSocketBruceForceClose().test(); - } - } - - private void test() throws Exception { - SSLServerSocket listenSocket = null; - SSLSocket serverSocket = null; - ClientSocket clientSocket = null; - try { - SSLServerSocketFactory serversocketfactory = - createServerSSLContext().getServerSocketFactory(); - listenSocket = - (SSLServerSocket)serversocketfactory.createServerSocket(0); - listenSocket.setNeedClientAuth(false); - listenSocket.setEnableSessionCreation(true); - listenSocket.setUseClientMode(false); - - - System.err.println("Starting client"); - clientSocket = new ClientSocket(listenSocket.getLocalPort()); - clientSocket.start(); - - System.err.println("Accepting client requests"); - serverSocket = (SSLSocket) listenSocket.accept(); - - System.err.println("Reading data from client"); - BufferedReader serverReader = new BufferedReader( - new InputStreamReader(serverSocket.getInputStream())); - String data = serverReader.readLine(); - System.err.println("Received data from client: " + data); - - System.err.println("Reading more data from client"); - data = serverReader.readLine(); - System.err.println("Received data from client: " + data); - } finally { - if (listenSocket != null) { - listenSocket.close(); - } - - if (serverSocket != null) { - serverSocket.close(); - } - } - - if (clientSocket != null && clientSocket.clientException != null) { - throw clientSocket.clientException; - } - } - - private class ClientSocket extends Thread{ - int serverPort = 0; - Exception clientException; - - public ClientSocket(int serverPort) { - this.serverPort = serverPort; - } - - @Override - public void run() { - SSLSocket clientSocket = null; - String clientData = "Hi, I am client"; - try { - System.err.println( - "Connecting to server at port " + serverPort); - SSLSocketFactory sslSocketFactory = - createClientSSLContext().getSocketFactory(); - clientSocket = (SSLSocket)sslSocketFactory.createSocket( - InetAddress.getLocalHost(), serverPort); - clientSocket.setSoLinger(true, 3); - clientSocket.setSoTimeout(1000); - - - System.err.println("Sending data to server ..."); - - BufferedWriter os = new BufferedWriter( - new OutputStreamWriter(clientSocket.getOutputStream())); - os.write(clientData, 0, clientData.length()); - os.newLine(); - os.flush(); - - System.err.println("Sending more data to server ..."); - os.write(clientData, 0, clientData.length()); - os.newLine(); - os.flush(); - } catch (Exception e) { - clientException = e; - } finally { - if (clientSocket != null) { - try{ - clientSocket.close(); - System.err.println("client socket closed"); - } catch (IOException ioe) { - clientException = ioe; - } - } - } - } - } -} - diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketBruteForceClose.java b/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketBruteForceClose.java new file mode 100644 index 00000000000..bbc8a4f8bf5 --- /dev/null +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketBruteForceClose.java @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// +// Please run in othervm mode. SunJSSE does not support dynamic system +// properties, no way to re-use system properties in samevm/agentvm mode. +// + +/* + * @test + * @bug 8209333 + * @summary Socket reset issue for TLS 1.3 socket close + * @library /javax/net/ssl/templates + * @run main/othervm SSLSocketBruteForceClose + */ + +import javax.net.ssl.*; +import java.io.*; +import java.net.SocketException; + +public class SSLSocketBruteForceClose extends SSLSocketTemplate { + + public static void main(String[] args) throws Exception { + for (int i = 0; i<= 10; i++) { + System.err.println("==================================="); + System.err.println("loop " + i); + System.err.println("==================================="); + new SSLSocketBruteForceClose().run(); + } + } + + @Override + protected void configureServerSocket(SSLServerSocket socket) { + socket.setNeedClientAuth(false); + socket.setEnableSessionCreation(true); + socket.setUseClientMode(false); + } + + @Override + protected void runServerApplication(SSLSocket socket) throws Exception { + System.err.println("Reading data from client"); + BufferedReader serverReader = new BufferedReader( + new InputStreamReader(socket.getInputStream())); + String data = serverReader.readLine(); + System.err.println("Received data from client: " + data); + + System.err.println("Reading more data from client"); + data = serverReader.readLine(); + System.err.println("Received data from client: " + data); + } + + @Override + protected void configureClientSocket(SSLSocket socket) { + try { + socket.setSoLinger(true, 3); + socket.setSoTimeout(1000); + } catch (SocketException exc) { + throw new RuntimeException("Could not configure client socket", exc); + } + } + + @Override + protected void runClientApplication(SSLSocket socket) throws Exception { + String clientData = "Hi, I am client"; + + System.err.println("Sending data to server ..."); + BufferedWriter os = new BufferedWriter( + new OutputStreamWriter(socket.getOutputStream())); + os.write(clientData, 0, clientData.length()); + os.newLine(); + os.flush(); + + System.err.println("Sending more data to server ..."); + os.write(clientData, 0, clientData.length()); + os.newLine(); + os.flush(); + + socket.close(); + System.err.println("client socket closed"); + } +} + diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketClose.java b/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketClose.java index 47a06093e3f..2ca82ef514e 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketClose.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketClose.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,123 +37,79 @@ import javax.net.ssl.*; import java.io.*; import java.net.InetAddress; +import java.net.SocketException; -public class SSLSocketClose implements SSLContextTemplate { +public class SSLSocketClose extends SSLSocketTemplate { public static void main(String[] args) throws Exception { for (int i = 0; i<= 10; i++) { - System.err.println("==================================="); - System.err.println("loop " + i); - System.err.println("==================================="); - new SSLSocketClose().test(); + System.out.println("==================================="); + System.out.println("loop " + i); + System.out.println("==================================="); + new SSLSocketClose().run(); } } - private void test() throws Exception { - SSLServerSocket listenSocket = null; - SSLSocket serverSocket = null; - ClientSocket clientSocket = null; + @Override + protected void configureServerSocket(SSLServerSocket socket) { + socket.setNeedClientAuth(false); + socket.setEnableSessionCreation(true); + socket.setUseClientMode(false); + } + + @Override + protected void runServerApplication(SSLSocket socket) throws Exception { + System.out.println("Reading data from client"); + BufferedReader serverReader = new BufferedReader( + new InputStreamReader(socket.getInputStream())); + String data = serverReader.readLine(); + System.out.println("Received data from client: " + data); + + System.out.println("Sending data to client ..."); + String serverData = "Hi, I am server"; + BufferedWriter os = new BufferedWriter( + new OutputStreamWriter(socket.getOutputStream())); + os.write(serverData, 0, serverData.length()); + os.newLine(); + os.flush(); + + System.out.println("Reading more data from client"); + data = serverReader.readLine(); + System.out.println("Received data from client: " + data); + } + + @Override + protected void configureClientSocket(SSLSocket socket) { try { - SSLServerSocketFactory serversocketfactory = - createServerSSLContext().getServerSocketFactory(); - listenSocket = - (SSLServerSocket)serversocketfactory.createServerSocket(0); - listenSocket.setNeedClientAuth(false); - listenSocket.setEnableSessionCreation(true); - listenSocket.setUseClientMode(false); - - - System.err.println("Starting client"); - clientSocket = new ClientSocket(listenSocket.getLocalPort()); - clientSocket.start(); - - System.err.println("Accepting client requests"); - serverSocket = (SSLSocket) listenSocket.accept(); - - System.err.println("Reading data from client"); - BufferedReader serverReader = new BufferedReader( - new InputStreamReader(serverSocket.getInputStream())); - String data = serverReader.readLine(); - System.err.println("Received data from client: " + data); - - System.err.println("Sending data to client ..."); - String serverData = "Hi, I am server"; - BufferedWriter os = new BufferedWriter( - new OutputStreamWriter(serverSocket.getOutputStream())); - os.write(serverData, 0, serverData.length()); - os.newLine(); - os.flush(); - - System.err.println("Reading more data from client"); - data = serverReader.readLine(); - System.err.println("Received data from client: " + data); - } finally { - if (listenSocket != null) { - listenSocket.close(); - } - - if (serverSocket != null) { - serverSocket.close(); - } - } - - if (clientSocket != null && clientSocket.clientException != null) { - throw clientSocket.clientException; + socket.setSoLinger(true, 3); + } catch (SocketException e) { + throw new RuntimeException("Could not configure client socket", e); } } - private class ClientSocket extends Thread{ - int serverPort = 0; - Exception clientException; + @Override + protected void runClientApplication(SSLSocket socket) throws Exception { + String clientData = "Hi, I am client"; + System.out.println("Sending data to server ..."); - public ClientSocket(int serverPort) { - this.serverPort = serverPort; - } + BufferedWriter os = new BufferedWriter( + new OutputStreamWriter(socket.getOutputStream())); + os.write(clientData, 0, clientData.length()); + os.newLine(); + os.flush(); - @Override - public void run() { - SSLSocket clientSocket = null; - String clientData = "Hi, I am client"; - try { - System.err.println( - "Connecting to server at port " + serverPort); - SSLSocketFactory sslSocketFactory = - createClientSSLContext().getSocketFactory(); - clientSocket = (SSLSocket)sslSocketFactory.createSocket( - InetAddress.getLocalHost(), serverPort); - clientSocket.setSoLinger(true, 3); + System.out.println("Reading data from server"); + BufferedReader is = new BufferedReader( + new InputStreamReader(socket.getInputStream())); + String data = is.readLine(); + System.out.println("Received Data from server: " + data); - System.err.println("Sending data to server ..."); + System.out.println("Sending more data to server ..."); + os.write(clientData, 0, clientData.length()); + os.newLine(); + os.flush(); - BufferedWriter os = new BufferedWriter( - new OutputStreamWriter(clientSocket.getOutputStream())); - os.write(clientData, 0, clientData.length()); - os.newLine(); - os.flush(); - - System.err.println("Reading data from server"); - BufferedReader is = new BufferedReader( - new InputStreamReader(clientSocket.getInputStream())); - String data = is.readLine(); - System.err.println("Received Data from server: " + data); - - System.err.println("Sending more data to server ..."); - os.write(clientData, 0, clientData.length()); - os.newLine(); - os.flush(); - } catch (Exception e) { - clientException = e; - } finally { - if (clientSocket != null) { - try{ - clientSocket.close(); - System.err.println("client socket closed"); - } catch (IOException ioe) { - clientException = ioe; - } - } - } - } + socket.close(); } } diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/SocketExceptionForSocketIssues.java b/test/jdk/sun/security/ssl/SSLSocketImpl/SocketExceptionForSocketIssues.java index dcaf6dab977..8a406ee65bb 100644 --- a/test/jdk/sun/security/ssl/SSLSocketImpl/SocketExceptionForSocketIssues.java +++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SocketExceptionForSocketIssues.java @@ -37,126 +37,84 @@ import javax.net.ssl.*; import java.io.*; import java.net.*; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.TimeUnit; -public class SocketExceptionForSocketIssues implements SSLContextTemplate { +public class SocketExceptionForSocketIssues extends SSLSocketTemplate { + + private final CountDownLatch waitForClient = new CountDownLatch(1); public static void main(String[] args) throws Exception { - System.err.println("==================================="); - new SocketExceptionForSocketIssues().test(); + System.out.println("==================================="); + new SocketExceptionForSocketIssues().run(); } - private void test() throws Exception { - SSLServerSocket listenSocket = null; - SSLSocket serverSocket = null; - ClientSocket clientSocket = null; + @Override + protected void configureServerSocket(SSLServerSocket socket) { + socket.setNeedClientAuth(false); + socket.setEnableSessionCreation(true); + socket.setUseClientMode(false); + } + + @Override + protected void runServerApplication(SSLSocket socket) throws Exception { try { - SSLServerSocketFactory serversocketfactory = - createServerSSLContext().getServerSocketFactory(); - listenSocket = - (SSLServerSocket)serversocketfactory.createServerSocket(0); - listenSocket.setNeedClientAuth(false); - listenSocket.setEnableSessionCreation(true); - listenSocket.setUseClientMode(false); - - System.err.println("Starting client"); - clientSocket = new ClientSocket(listenSocket.getLocalPort()); - clientSocket.start(); - - System.err.println("Accepting client requests"); - serverSocket = (SSLSocket)listenSocket.accept(); - - if (!clientSocket.isDone) { - System.err.println("Waiting 3 seconds for client "); - Thread.sleep(3000); + if (!waitForClient.await(5, TimeUnit.SECONDS)) { + throw new RuntimeException("Client didn't complete within 5 seconds."); } - System.err.println("Sending data to client ..."); + System.out.println("Sending data to client ..."); String serverData = "Hi, I am server"; BufferedWriter os = new BufferedWriter( - new OutputStreamWriter(serverSocket.getOutputStream())); + new OutputStreamWriter(socket.getOutputStream())); os.write(serverData, 0, serverData.length()); os.newLine(); os.flush(); - } catch (SSLProtocolException | SSLHandshakeException sslhe) { - throw sslhe; + throw new RuntimeException("The expected SocketException was not thrown."); } catch (SocketException se) { // the expected exception, ignore it - System.err.println("server exception: " + se); - } finally { - if (listenSocket != null) { - listenSocket.close(); - } - - if (serverSocket != null) { - serverSocket.close(); - } - } - - if (clientSocket != null && clientSocket.clientException != null) { - throw clientSocket.clientException; + System.out.println("Caught expected SocketException: " + se); } } - - - private class ClientSocket extends Thread{ - boolean isDone = false; - int serverPort = 0; - Exception clientException; - - public ClientSocket(int serverPort) { - this.serverPort = serverPort; + @Override + protected void configureClientSocket(SSLSocket socket) { + try { + socket.setSoLinger(true, 3); + socket.setSoTimeout(100); + } catch (SocketException exc) { + throw new RuntimeException("Could not configure client socket.", exc); } + } - @Override - public void run() { - SSLSocket clientSocket = null; + @Override + protected void runClientApplication(SSLSocket socket) throws Exception { + try { String clientData = "Hi, I am client"; - try { - System.err.println( - "Connecting to server at port " + serverPort); - SSLSocketFactory sslSocketFactory = - createClientSSLContext().getSocketFactory(); - clientSocket = (SSLSocket)sslSocketFactory.createSocket( - InetAddress.getLocalHost(), serverPort); - clientSocket.setSoLinger(true, 3); - clientSocket.setSoTimeout(100); + BufferedWriter os = new BufferedWriter( + new OutputStreamWriter(socket.getOutputStream())); + os.write(clientData, 0, clientData.length()); + os.newLine(); + os.flush(); + System.out.println("Reading data from server"); + BufferedReader is = new BufferedReader( + new InputStreamReader(socket.getInputStream())); + String data = is.readLine(); + System.out.println("Received Data from server: " + data); - System.err.println("Sending data to server ..."); + throw new RuntimeException("The expected client exception was not thrown."); - BufferedWriter os = new BufferedWriter( - new OutputStreamWriter(clientSocket.getOutputStream())); - os.write(clientData, 0, clientData.length()); - os.newLine(); - os.flush(); + } catch (SSLProtocolException | SSLHandshakeException sslhe) { + System.err.println("Client had unexpected SSL exception: " + sslhe); + throw sslhe; - System.err.println("Reading data from server"); - BufferedReader is = new BufferedReader( - new InputStreamReader(clientSocket.getInputStream())); - String data = is.readLine(); - System.err.println("Received Data from server: " + data); - } catch (SSLProtocolException | SSLHandshakeException sslhe) { - clientException = sslhe; - System.err.println("unexpected client exception: " + sslhe); - } catch (SSLException | SocketTimeoutException ssle) { - // the expected exception, ignore it - System.err.println("expected client exception: " + ssle); - } catch (Exception e) { - clientException = e; - System.err.println("unexpected client exception: " + e); - } finally { - if (clientSocket != null) { - try { - clientSocket.close(); - System.err.println("client socket closed"); - } catch (IOException ioe) { - clientException = ioe; - } - } + } catch (SSLException | SocketTimeoutException ssle) { + // the expected exception, ignore it + System.out.println("Caught expected client exception: " + ssle); - isDone = true; - } + } finally { + waitForClient.countDown(); } } } diff --git a/test/jdk/sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java b/test/jdk/sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java index d7d068f339d..30a01552b30 100644 --- a/test/jdk/sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java +++ b/test/jdk/sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java @@ -61,115 +61,7 @@ public class SigAlgosExtTestWithTLS12 extends SSLEngineTemplate { private static final boolean EXPECT_FAIL = Boolean.getBoolean("test.expectFail"); - private static final String[] CA_CERTS = new String[] { - // SHA256withECDSA, curve secp256r1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Subject Key Identifier: - // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 - "-----BEGIN CERTIFICATE-----\n" + - "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" + - "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" + - "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" + - "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" + - "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" + - "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" + - "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" + - "2YEHlSQUAbwwqCDEVB5KxaqP\n" + - "-----END CERTIFICATE-----", - - // SHA384withECDSA, curve secp384r1 - // Validity - // Not Before: Jun 24 08:15:06 2019 GMT - // Not After : Jun 19 08:15:06 2039 GMT - // Subject Key Identifier: - // 0a:93:a9:a0:bf:e7:d5:48:9d:4f:89:15:c6:51:98:80:05:51:4e:4e - "-----BEGIN CERTIFICATE-----\n" + - "MIICCDCCAY6gAwIBAgIUCpOpoL/n1UidT4kVxlGYgAVRTk4wCgYIKoZIzj0EAwMw\n" + - "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + - "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" + - "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + - "dCBTZXJpdmNlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENVQN1wXWFdgC6u/dDdiC\n" + - "y+WtMTF66oL/0BSm+1ZqsogamzCryawOcHgiuXgWzx5CQ3LuOC+tDFyXpGfHuCvb\n" + - "dkzxPrP5n9NrR8/uRPe5l1KOUbchviU8z9cTP+LZxnZDo1MwUTAdBgNVHQ4EFgQU\n" + - "SktSFArR1p/5mXV0kyo0RxIVa/UwHwYDVR0jBBgwFoAUSktSFArR1p/5mXV0kyo0\n" + - "RxIVa/UwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjBZvoNmq3/v\n" + - "RD2gBTyvxjS9h0rsMRLHDnvul/KWngytwGPTOBo0Y8ixQXSjdKoc3rkCMQDkiNgx\n" + - "IDxuHedmrLQKIPnVcthTmwv7//jHiqGoKofwChMo2a1P+DQdhszmeHD/ARQ=\n" + - "-----END CERTIFICATE-----" - }; - - private static final String[] EE_CERTS = new String[] { - // SHA256withECDSA, curve secp256r1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Authority Key Identifier: - // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 - "-----BEGIN CERTIFICATE-----\n" + - "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" + - "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" + - "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" + - "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" + - "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" + - "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" + - "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" + - "-----END CERTIFICATE-----", - - // SHA384withECDSA, curve secp384r1 - // Validity - // Not Before: Jun 24 08:15:06 2019 GMT - // Not After : Jun 19 08:15:06 2039 GMT - // Authority Key Identifier: - // 40:2D:AA:EE:66:AA:33:27:AD:9B:5D:52:9B:60:67:6A:2B:AD:52:D2 - "-----BEGIN CERTIFICATE-----\n" + - "MIICEjCCAZegAwIBAgIUS3F0AqAXWRg07CnbknJzxofyBQMwCgYIKoZIzj0EAwMw\n" + - "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" + - "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" + - "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" + - "dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwdjAQBgcqhkjOPQIB\n" + - "BgUrgQQAIgNiAARqElz8b6T07eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/w\n" + - "G8ASSevpgqgpi6EzpBZaaJxE3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEj\n" + - "iLjYmt3O0pwpklijQjBAMB0GA1UdDgQWBBRALaruZqozJ62bXVKbYGdqK61S0jAf\n" + - "BgNVHSMEGDAWgBRKS1IUCtHWn/mZdXSTKjRHEhVr9TAKBggqhkjOPQQDAwNpADBm\n" + - "AjEArVDFKf48xijN6huVUJzKCOP0zlWB5Js+DItIkZmLQuhciPLhLIB/rChf3Y4C\n" + - "xuP4AjEAmfLhQRI0O3pifpYzYSVh2G7/jHNG4eO+2dvgAcU+Lh2IIj/cpLaPFSvL\n" + - "J8FXY9Nj\n" + - "-----END CERTIFICATE-----" - }; - - private static final String[] EE_KEYS = new String[] { - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" + - "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" + - "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6", - "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDASuI9EtK29APXPipkc\n" + - "qDA+qwlewMjv/OcjUJ77kP1Vz62oVF9iY9SRIyFIUju8wt+hZANiAARqElz8b6T0\n" + - "7eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/wG8ASSevpgqgpi6EzpBZaaJxE\n" + - "3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEjiLjYmt3O0pwpklg=" - }; - - private static final String[] EE_ALGS = new String[] { - "EC", - "EC" - }; - - private static final String[] EE_ALIASES = new String[] { - "EC-SHA256", - "EC-SHA384" - }; - - private static final Map SIG_SCHEMES_MAP = Map.of( - 0x0403, "ecdsa_secp256r1_sha256", - 0x0503, "ecdsa_secp384r1_sha384"); - - private static final int TLS_HS_CLI_HELLO = 1; private static final int TLS_HS_CERT_REQ = 13; - private static final int HELLO_EXT_SIG_ALGS = 13; public SigAlgosExtTestWithTLS12() throws Exception { super(); @@ -178,36 +70,31 @@ public class SigAlgosExtTestWithTLS12 extends SSLEngineTemplate { /* * Create an instance of KeyManager for client use. */ - public KeyManager createClientKeyManager() throws Exception { - return SSLContextTemplate.createKeyManager( - EE_CERTS, - EE_KEYS, - EE_ALGS, - EE_ALIASES, - getServerContextParameters()); + @Override + protected KeyManager createClientKeyManager() throws Exception { + return createKeyManager( + new Cert[]{Cert.EE_ECDSA_SECP256R1, Cert.EE_ECDSA_SECP384R1}, + getClientContextParameters()); } @Override public TrustManager createClientTrustManager() throws Exception { - return SSLContextTemplate.createTrustManager( - CA_CERTS, + return createTrustManager( + new Cert[]{Cert.CA_ECDSA_SECP256R1, Cert.CA_ECDSA_SECP384R1}, getServerContextParameters()); } @Override public KeyManager createServerKeyManager() throws Exception { - return SSLContextTemplate.createKeyManager( - EE_CERTS, - EE_KEYS, - EE_ALGS, - EE_ALIASES, + return createKeyManager( + new Cert[]{Cert.EE_ECDSA_SECP256R1, Cert.EE_ECDSA_SECP384R1}, getServerContextParameters()); } @Override public TrustManager createServerTrustManager() throws Exception { - return SSLContextTemplate.createTrustManager( - CA_CERTS, + return createTrustManager( + new Cert[]{Cert.CA_ECDSA_SECP256R1, Cert.CA_ECDSA_SECP384R1}, getServerContextParameters()); } diff --git a/test/jdk/sun/security/ssl/SignatureScheme/Tls13NamedGroups.java b/test/jdk/sun/security/ssl/SignatureScheme/Tls13NamedGroups.java index fa876db5b3c..ed428df60bc 100644 --- a/test/jdk/sun/security/ssl/SignatureScheme/Tls13NamedGroups.java +++ b/test/jdk/sun/security/ssl/SignatureScheme/Tls13NamedGroups.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,14 +37,7 @@ * @run main/othervm Tls13NamedGroups */ -import java.net.*; -import java.io.*; import javax.net.ssl.*; -import java.security.*; -import java.security.cert.*; -import java.security.spec.*; -import java.security.interfaces.*; -import java.util.Base64; public class Tls13NamedGroups extends SSLSocketTemplate { @@ -56,8 +49,10 @@ public class Tls13NamedGroups extends SSLSocketTemplate { } @Override - protected SSLContext createServerSSLContext() throws Exception { - return generateSSLContext(); + public SSLContext createServerSSLContext() throws Exception { + return createSSLContext(new Cert[]{Cert.CA_ECDSA_SECP256R1}, + new Cert[]{Cert.EE_ECDSA_SECP256R1}, + new ContextParameters("TLSv1.3", "PKIX", "NewSunX509")); } @Override @@ -66,123 +61,9 @@ public class Tls13NamedGroups extends SSLSocketTemplate { } @Override - protected SSLContext createClientSSLContext() throws Exception { - return generateSSLContext(); - } - - /* - * ============================================================= - * The remainder is just support stuff - */ - - // Certificates and key used in the test. - // - // Trusted Certificate. - static String trustedCertStr = - // SHA256withECDSA, curve prime256v1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Subject Key Identifier: - // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 - "-----BEGIN CERTIFICATE-----\n" + - "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" + - "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" + - "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" + - "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" + - "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" + - "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" + - "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" + - "2YEHlSQUAbwwqCDEVB5KxaqP\n" + - "-----END CERTIFICATE-----"; - // -----BEGIN PRIVATE KEY----- - // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd - // XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd - // LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp - // -----END PRIVATE KEY----- - - // End entity certificate. - static String targetCertStr = - // SHA256withECDSA, curve prime256v1 - // Validity - // Not Before: May 22 07:18:16 2018 GMT - // Not After : May 17 07:18:16 2038 GMT - // Authority Key Identifier: - // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 - "-----BEGIN CERTIFICATE-----\n" + - "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + - "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + - "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" + - "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" + - "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" + - "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" + - "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" + - "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" + - "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" + - "-----END CERTIFICATE-----"; - - // Private key in the format of PKCS#8. - static String targetPrivateKey = - // - // EC private key related to cert endEntityCertStrs[0]. - // - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" + - "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" + - "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6"; - - static char passphrase[] = "passphrase".toCharArray(); - - // Create the SSLContext instance. - private static SSLContext generateSSLContext() throws Exception { - - // generate certificate from cert string - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - - // create a key store - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(null, null); - - // import the trused cert - X509Certificate trusedCert = null; - ByteArrayInputStream is = - new ByteArrayInputStream(trustedCertStr.getBytes()); - trusedCert = (X509Certificate)cf.generateCertificate(is); - is.close(); - - ks.setCertificateEntry("Trusted EC Signer", trusedCert); - - // generate the private key. - PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( - Base64.getMimeDecoder().decode(targetPrivateKey)); - KeyFactory kf = KeyFactory.getInstance("EC"); - ECPrivateKey priKey = - (ECPrivateKey)kf.generatePrivate(priKeySpec); - - // generate certificate chain - is = new ByteArrayInputStream(targetCertStr.getBytes()); - X509Certificate keyCert = (X509Certificate)cf.generateCertificate(is); - is.close(); - - X509Certificate[] chain = new X509Certificate[2]; - chain[0] = keyCert; - chain[1] = trusedCert; - - // import the key entry and the chain - ks.setKeyEntry("TheKey", priKey, passphrase, chain); - - // create SSL context - TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); - tmf.init(ks); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509"); - kmf.init(ks, passphrase); - - SSLContext ctx = SSLContext.getInstance("TLSv1.3"); - ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - ks = null; - - return ctx; + public SSLContext createClientSSLContext() throws Exception { + return createSSLContext(new Cert[]{Cert.CA_ECDSA_SECP256R1}, + new Cert[]{Cert.EE_ECDSA_SECP256R1}, + new ContextParameters("TLSv1.3", "PKIX", "NewSunX509")); } } diff --git a/test/jdk/sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java b/test/jdk/sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java index 9e44b1cdc94..41b7055e5fb 100644 --- a/test/jdk/sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java +++ b/test/jdk/sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,18 +32,17 @@ import javax.net.ssl.*; import javax.security.auth.x500.X500Principal; import java.io.*; -import java.net.InetAddress; import java.net.Socket; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import java.util.Arrays; +import java.util.concurrent.CyclicBarrier; /** * Check if the connection can be established if the client or server trusts * more CAs such that it exceeds the size limit of the certificate_authorities * extension (2^16). */ -public class TooManyCAs implements SSLContextTemplate { +public class TooManyCAs extends SSLSocketTemplate { private static final String[][][] protocols = { {{"TLSv1.3"}, {"TLSv1.3"}}, @@ -55,44 +54,54 @@ public class TooManyCAs implements SSLContextTemplate { private final String[] serverProtocols; private final boolean needClientAuth; + /* + * Used to synchronize client and server; there were intermittent + * failures on Windows due to the connection being killed. + */ + private final CyclicBarrier barrier = new CyclicBarrier(2); + TooManyCAs(int index, boolean needClientAuth) { this.clientProtocols = protocols[index][0]; this.serverProtocols = protocols[index][1]; this.needClientAuth = needClientAuth; + + System.out.printf("Testing%n\tclient protocols: %s%n\t" + + "server protocols: %s%n\tneed client auth: %s%n", + String.join(", ", clientProtocols), + String.join(", ", serverProtocols), + needClientAuth); } - // Servers are configured before clients, increment test case after. - void configureClientSocket(SSLSocket clientSocket) { - System.err.print("Setting client protocol(s): "); - Arrays.stream(clientProtocols).forEachOrdered(System.err::print); - System.err.println(); + @Override + protected void configureClientSocket(SSLSocket clientSocket) { + System.out.println("Setting client protocol(s): " + + String.join(",", clientProtocols)); clientSocket.setEnabledProtocols(clientProtocols); } - void configureServerSocket(SSLServerSocket serverSocket) { - System.err.print("Setting server protocol(s): "); - Arrays.stream(serverProtocols).forEachOrdered(System.err::print); - System.err.println(); + @Override + protected void configureServerSocket(SSLServerSocket serverSocket) { + serverSocket.setNeedClientAuth(needClientAuth); + serverSocket.setEnableSessionCreation(true); + serverSocket.setUseClientMode(false); + + System.out.println("Setting server protocol(s): " + + String.join(",", serverProtocols)); serverSocket.setEnabledProtocols(serverProtocols); - if (needClientAuth) { - serverSocket.setNeedClientAuth(true); - } } @Override - public TrustManager createClientTrustManager() throws Exception { - TrustManager trustManager = - SSLContextTemplate.super.createClientTrustManager(); + protected TrustManager createClientTrustManager() throws Exception { + TrustManager trustManager = super.createClientTrustManager(); return new BogusX509TrustManager( (X509TrustManager)trustManager); } @Override - public TrustManager createServerTrustManager() throws Exception { - TrustManager trustManager = - SSLContextTemplate.super.createServerTrustManager(); + protected TrustManager createServerTrustManager() throws Exception { + TrustManager trustManager = super.createServerTrustManager(); return new BogusX509TrustManager( (X509TrustManager)trustManager); } @@ -107,104 +116,42 @@ public class TooManyCAs implements SSLContextTemplate { } } - private void run() throws Exception { - SSLServerSocket listenSocket = null; - SSLSocket serverSocket = null; - ClientSocket clientSocket = null; + @Override + protected void runServerApplication(SSLSocket socket) throws Exception { try { - SSLServerSocketFactory serversocketfactory = - createServerSSLContext().getServerSocketFactory(); - listenSocket = - (SSLServerSocket)serversocketfactory.createServerSocket(0); - listenSocket.setNeedClientAuth(false); - listenSocket.setEnableSessionCreation(true); - listenSocket.setUseClientMode(false); - configureServerSocket(listenSocket); - - System.err.println("Starting client"); - clientSocket = new ClientSocket(listenSocket.getLocalPort()); - clientSocket.start(); - - System.err.println("Accepting client requests"); - serverSocket = (SSLSocket)listenSocket.accept(); - - if (!clientSocket.isDone) { - System.err.println("Waiting 3 seconds for client "); - Thread.sleep(3000); - } - - System.err.println("Sending data to client ..."); + System.out.println("Sending data to client ..."); String serverData = "Hi, I am server"; BufferedWriter os = new BufferedWriter( - new OutputStreamWriter(serverSocket.getOutputStream())); + new OutputStreamWriter(socket.getOutputStream())); os.write(serverData, 0, serverData.length()); os.newLine(); os.flush(); } finally { - if (listenSocket != null) { - listenSocket.close(); - } - - if (serverSocket != null) { - serverSocket.close(); - } - } - - if (clientSocket != null && clientSocket.clientException != null) { - throw clientSocket.clientException; + barrier.await(); + System.out.println("Server done"); } } - private class ClientSocket extends Thread{ - boolean isDone = false; - int serverPort = 0; - Exception clientException; - - public ClientSocket(int serverPort) { - this.serverPort = serverPort; - } - - @Override - public void run() { - SSLSocket clientSocket = null; + @Override + protected void runClientApplication(SSLSocket socket) throws Exception { + try { String clientData = "Hi, I am client"; - try { - System.err.println( - "Connecting to server at port " + serverPort); - SSLSocketFactory sslSocketFactory = - createClientSSLContext().getSocketFactory(); - clientSocket = (SSLSocket)sslSocketFactory.createSocket( - InetAddress.getLocalHost(), serverPort); - configureClientSocket(clientSocket); + System.out.println("Sending data to server ..."); - System.err.println("Sending data to server ..."); + BufferedWriter os = new BufferedWriter( + new OutputStreamWriter(socket.getOutputStream())); + os.write(clientData, 0, clientData.length()); + os.newLine(); + os.flush(); - BufferedWriter os = new BufferedWriter( - new OutputStreamWriter(clientSocket.getOutputStream())); - os.write(clientData, 0, clientData.length()); - os.newLine(); - os.flush(); - - System.err.println("Reading data from server"); - BufferedReader is = new BufferedReader( - new InputStreamReader(clientSocket.getInputStream())); - String data = is.readLine(); - System.err.println("Received Data from server: " + data); - } catch (Exception e) { - clientException = e; - System.err.println("unexpected client exception: " + e); - } finally { - if (clientSocket != null) { - try { - clientSocket.close(); - System.err.println("client socket closed"); - } catch (IOException ioe) { - clientException = ioe; - } - } - - isDone = true; - } + System.out.println("Reading data from server"); + BufferedReader is = new BufferedReader( + new InputStreamReader(socket.getInputStream())); + String data = is.readLine(); + System.out.println("Received Data from server: " + data); + } finally { + barrier.await(); + System.out.println("client done."); } } @@ -273,7 +220,7 @@ public class TooManyCAs implements SSLContextTemplate { for (int i = 0; i < duplicated; i++) { System.arraycopy(trustedCerts, 0, returnedCAs, - i * trustedCerts.length + 0, trustedCerts.length); + i * trustedCerts.length, trustedCerts.length); } return returnedCAs;