8284047: Harmonize/Standardize the SSLSocket/SSLEngine/SSLSocketSSLEngine test templates

Reviewed-by: rhalade
2023-03-15 17:39:11 +00:00 · 2023-03-15 17:39:11 +00:00 · 824a5e4c60
commit 824a5e4c60
parent 7ad48ea3ad
23 changed files with 1263 additions and 3437 deletions
--- a/test/jdk/javax/net/ssl/ALPN/MyX509ExtendedKeyManager.java
+++ b/test/jdk/javax/net/ssl/ALPN/MyX509ExtendedKeyManager.java
@ -1,138 +0,0 @@
 /*
 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
 import java.net.Socket;
 import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.X509ExtendedKeyManager;
 public class MyX509ExtendedKeyManager extends X509ExtendedKeyManager {
    static final String ERROR = "ERROR";
    X509ExtendedKeyManager akm;
    String expectedAP;
    boolean doCheck = true;
    MyX509ExtendedKeyManager(X509ExtendedKeyManager akm) {
        this.akm = akm;
    }
    public MyX509ExtendedKeyManager(
            X509ExtendedKeyManager akm, String expectedAP, boolean doCheck) {
        this.akm = akm;
        this.expectedAP = expectedAP;
        this.doCheck = doCheck;
    }
    @Override
    public String[] getClientAliases(String keyType, Principal[] issuers) {
        return akm.getClientAliases(keyType, issuers);
    }
    @Override
    public String chooseClientAlias(String[] keyType, Principal[] issuers,
            Socket socket) {
        String nap = ((SSLSocket) socket).getHandshakeApplicationProtocol();
        checkALPN(nap);
        return akm.chooseClientAlias(keyType, issuers, socket);
    }
    @Override
    public String[] getServerAliases(String keyType, Principal[] issuers) {
        return akm.getServerAliases(keyType, issuers);
    }
    @Override
    public String chooseServerAlias(String keyType, Principal[] issuers,
            Socket socket) {
        String nap = ((SSLSocket) socket).getHandshakeApplicationProtocol();
        checkALPN(nap);
        return akm.chooseServerAlias(keyType, issuers, socket);
    }
    @Override
    public X509Certificate[] getCertificateChain(String alias) {
        return akm.getCertificateChain(alias);
    }
    @Override
    public PrivateKey getPrivateKey(String alias) {
        return akm.getPrivateKey(alias);
    }
    @Override
    public String chooseEngineClientAlias(String[] keyType, Principal[] issuers,
            SSLEngine engine) {
        String nap = engine.getHandshakeApplicationProtocol();
        checkALPN(nap);
        return akm.chooseEngineClientAlias(keyType, issuers, engine);
    }
    @Override
    public String chooseEngineServerAlias(String keyType, Principal[] issuers,
            SSLEngine engine) {
        String nap = engine.getHandshakeApplicationProtocol();
        checkALPN(nap);
        return akm.chooseEngineServerAlias(keyType, issuers, engine);
    }
    private void checkALPN(String ap) {
        if (!doCheck) {
            System.out.println("Skipping KeyManager checks " +
                "because a callback has been registered");
            return;
        }
        if (ERROR.equals(expectedAP)) {
            throw new RuntimeException("Should not reach here");
        }
        System.out.println("Expected ALPN value: " + expectedAP
                + " Got: " + ap);
        if (ap == null) {
            throw new RuntimeException(
                    "ALPN should be negotiated, but null was received");
        }
        if (expectedAP.equals("NONE")) {
            if (!ap.isEmpty()) {
                throw new RuntimeException("Expected no ALPN value");
            } else {
                System.out.println("No ALPN value negotiated, as expected");
            }
        } else if (!expectedAP.equals(ap)) {
            throw new RuntimeException(expectedAP
                    + " ALPN value not available on negotiated connection");
        }
    }
 }
--- a/test/jdk/javax/net/ssl/ALPN/SSLEngineAlpnTest.java
+++ b/test/jdk/javax/net/ssl/ALPN/SSLEngineAlpnTest.java
@ -28,7 +28,6 @@
 * @test
 * @bug 8051498 8145849 8170282
 * @summary JEP 244: TLS Application-Layer Protocol Negotiation Extension
 * @compile MyX509ExtendedKeyManager.java
 *
 * @run main/othervm SSLEngineAlpnTest h2          UNUSED   h2          h2
 * @run main/othervm SSLEngineAlpnTest h2          UNUSED   h2,http/1.1 h2
@ -237,10 +236,6 @@ public class SSLEngineAlpnTest {
            throw new Exception("kms[0] not X509ExtendedKeyManager");
        }
        kms = new KeyManager[] { new MyX509ExtendedKeyManager(
                (X509ExtendedKeyManager) kms[0], expectedAP,
                !hasCallback && hasServerAPs) };
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(ts);
--- a/test/jdk/javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java
+++ b/test/jdk/javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
 * @test
 * @bug 8051498 8145849 8158978 8170282
 * @summary JEP 244: TLS Application-Layer Protocol Negotiation Extension
- * @compile MyX509ExtendedKeyManager.java
+ * @library /javax/net/ssl/templates
 *
 * @run main/othervm SSLServerSocketAlpnTest h2          UNUSED   h2          h2
 * @run main/othervm SSLServerSocketAlpnTest h2          UNUSED   h2,http/1.1 h2
@ -79,56 +79,18 @@
 * This example is based on our standard SSLSocketTemplate.
 */
 import java.io.*;
 import java.security.KeyStore;
 import java.util.Arrays;
 import javax.net.ssl.*;
-public class SSLServerSocketAlpnTest {
+public class SSLServerSocketAlpnTest extends SSLSocketTemplate {
    /*
     * =============================================================
     * Set the various variables needed for the tests, then
     * specify what tests to run on each side.
     */
    /*
     * Should we run the client or server in a separate thread?
     * Both sides can throw exceptions, but do you have a preference
     * as to which side should be the main thread.
     */
    static boolean separateServerThread = false;
    /*
     * Where do we find the keystores?
     */
    static String pathToStores = "../etc";
    static String keyStoreFile = "keystore";
    static String trustStoreFile = "truststore";
    static String passwd = "passphrase";
    static String keyFilename = System.getProperty("test.src", ".") + "/"
            + pathToStores + "/" + keyStoreFile;
    static String trustFilename = System.getProperty("test.src", ".") + "/"
            + pathToStores + "/" + trustStoreFile;
    private static boolean hasServerAPs; // whether server APs are present
    private static boolean hasCallback; // whether a callback is present
    /*
     * SSLContext
     */
    SSLContext mySSLContext = null;
    /*
     * Is the server ready to serve?
     */
    volatile static boolean serverReady = false;
    /*
     * Turn on SSL debugging?
     */
-    static boolean debug = false;
+    static boolean debug = Boolean.getBoolean("test.debug");
    static String[] serverAPs;
    static String callbackAP;
@ -144,16 +106,8 @@ public class SSLServerSocketAlpnTest {
     * smart about it....
     */
-    /*
+    @Override
-     * Define the server side of the test.
+    protected void configureServerSocket(SSLServerSocket sslServerSocket) {
     *
     * If the server prematurely exits, serverReady will be set to true
     * to avoid infinite hangs.
     */
    void doServerSide() throws Exception {
        SSLServerSocketFactory sslssf = mySSLContext.getServerSocketFactory();
        SSLServerSocket sslServerSocket
                = (SSLServerSocket) sslssf.createServerSocket(serverPort);
        sslServerSocket.setNeedClientAuth(true);
        SSLParameters sslp = sslServerSocket.getSSLParameters();
@ -178,13 +132,16 @@ public class SSLServerSocketAlpnTest {
        sslServerSocket.setSSLParameters(sslp);
        serverPort = sslServerSocket.getLocalPort();
    }
-        /*
+    /*
-         * Signal Client, we're ready for his connect.
+     * Define the server side of the test.
-         */
+     *
-        serverReady = true;
+     * If the server prematurely exits, serverReady will be set to true
-
+     * to avoid infinite hangs.
-        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
+     */
    @Override
    protected void runServerApplication(SSLSocket sslSocket) throws Exception {
        if (sslSocket.getHandshakeApplicationProtocol() != null) {
            throw new Exception ("getHandshakeApplicationProtocol() should "
@ -245,26 +202,9 @@ public class SSLServerSocketAlpnTest {
        sslSocket.close();
    }
-    /*
+    @Override
-     * Define the client side of the test.
+    protected void configureClientSocket(SSLSocket socket) {
-     *
+        SSLParameters sslp = socket.getSSLParameters();
     * If the server prematurely exits, serverReady will be set to true
     * to avoid infinite hangs.
     */
    void doClientSide() throws Exception {
        /*
         * Wait for server to get started.
         */
        while (!serverReady) {
            Thread.sleep(50);
        }
        SSLSocketFactory sslsf = mySSLContext.getSocketFactory();
        SSLSocket sslSocket
                = (SSLSocket) sslsf.createSocket("localhost", serverPort);
        SSLParameters sslp = sslSocket.getSSLParameters();
        /*
         * The default ciphersuite ordering from the SSLContext may not
@ -278,7 +218,17 @@ public class SSLServerSocketAlpnTest {
        // Set the ALPN selection.
        sslp.setApplicationProtocols(clientAPs);
-        sslSocket.setSSLParameters(sslp);
+        socket.setSSLParameters(sslp);
    }
    /*
     * Define the client side of the test.
     *
     * If the server prematurely exits, serverReady will be set to true
     * to avoid infinite hangs.
     */
    @Override
    protected void runClientApplication(SSLSocket sslSocket) throws Exception {
        if (sslSocket.getHandshakeApplicationProtocol() != null) {
            throw new Exception ("getHandshakeApplicationProtocol() should "
@ -332,9 +282,6 @@ public class SSLServerSocketAlpnTest {
    // use any free port by default
    volatile int serverPort = 0;
    volatile Exception serverException = null;
    volatile Exception clientException = null;
    public static void main(String[] args) throws Exception {
        if (debug) {
@ -351,14 +298,13 @@ public class SSLServerSocketAlpnTest {
        clientAPs = convert(args[2]);
        expectedAP = args[3];
        hasServerAPs = !args[0].equals("UNUSED"); // are server APs being used?
        hasCallback = !callbackAP.equals("UNUSED"); // is callback being used?
        /*
         * Start the tests.
         */
        try {
-            new SSLServerSocketAlpnTest();
+            new SSLServerSocketAlpnTest().run();
        } catch (SSLHandshakeException she) {
            if (args[3].equals("ERROR")) {
                System.out.println("Caught the expected exception: " + she);
@ -370,40 +316,6 @@ public class SSLServerSocketAlpnTest {
        System.out.println("Test Passed.");
    }
    SSLContext getSSLContext(String keyFilename, String trustFilename)
            throws Exception {
        SSLContext ctx = SSLContext.getInstance("TLS");
        // Keystores
        KeyStore keyKS = KeyStore.getInstance("JKS");
        keyKS.load(new FileInputStream(keyFilename), passwd.toCharArray());
        KeyStore trustKS = KeyStore.getInstance("JKS");
        trustKS.load(new FileInputStream(trustFilename), passwd.toCharArray());
        // Generate KeyManager and TrustManager
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(keyKS, passwd.toCharArray());
        KeyManager[] kms = kmf.getKeyManagers();
        if (!(kms[0] instanceof X509ExtendedKeyManager)) {
            throw new Exception("kms[0] not X509ExtendedKeyManager");
        }
        kms = new KeyManager[] { new MyX509ExtendedKeyManager(
                (X509ExtendedKeyManager) kms[0], expectedAP,
                !hasCallback && hasServerAPs) };
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(trustKS);
        TrustManager[] tms = tmf.getTrustManagers();
        // initial SSLContext
        ctx.init(kms, tms, null);
        return ctx;
    }
    /*
     * Convert a comma-separated list into an array of strings.
     */
@ -425,143 +337,4 @@ public class SSLServerSocketAlpnTest {
        return strings;
    }
    Thread clientThread = null;
    Thread serverThread = null;
    /*
     * Primary constructor, used to drive remainder of the test.
     *
     * Fork off the other side, then do your work.
     */
    SSLServerSocketAlpnTest() throws Exception {
        Exception startException = null;
        mySSLContext = getSSLContext(keyFilename, trustFilename);
        try {
            if (separateServerThread) {
                startServer(true);
                startClient(false);
            } else {
                startClient(true);
                startServer(false);
            }
        } catch (Exception e) {
            startException = e;
        }
        /*
         * Wait for other side to close down.
         */
        if (separateServerThread) {
            if (serverThread != null) {
                serverThread.join();
            }
        } else {
            if (clientThread != null) {
                clientThread.join();
            }
        }
        /*
         * When we get here, the test is pretty much over.
         * Which side threw the error?
         */
        Exception local;
        Exception remote;
        if (separateServerThread) {
            remote = serverException;
            local = clientException;
        } else {
            remote = clientException;
            local = serverException;
        }
        Exception exception = null;
        /*
         * Check various exception conditions.
         */
        if ((local != null) && (remote != null)) {
            // If both failed, return the curthread's exception.
            local.addSuppressed(remote);
            exception = local;
        } else if (local != null) {
            exception = local;
        } else if (remote != null) {
            exception = remote;
        } else if (startException != null) {
            exception = startException;
        }
        /*
         * If there was an exception *AND* a startException,
         * output it.
         */
        if (exception != null) {
            if (exception != startException && startException != null) {
                exception.addSuppressed(startException);
            }
            throw exception;
        }
        // Fall-through: no exception to throw!
    }
    void startServer(boolean newThread) throws Exception {
        if (newThread) {
            serverThread = new Thread() {
                @Override
                public void run() {
                    try {
                        doServerSide();
                    } catch (Exception e) {
                        /*
                         * Our server thread just died.
                         *
                         * Release the client, if not active already...
                         */
                        System.err.println("Server died...");
                        serverReady = true;
                        serverException = e;
                    }
                }
            };
            serverThread.start();
        } else {
            try {
                doServerSide();
            } catch (Exception e) {
                serverException = e;
            } finally {
                serverReady = true;
            }
        }
    }
    void startClient(boolean newThread) throws Exception {
        if (newThread) {
            clientThread = new Thread() {
                @Override
                public void run() {
                    try {
                        doClientSide();
                    } catch (Exception e) {
                        /*
                         * Our client thread just died.
                         */
                        System.err.println("Client died...");
                        clientException = e;
                    }
                }
            };
            clientThread.start();
        } else {
            try {
                doClientSide();
            } catch (Exception e) {
                clientException = e;
            }
        }
    }
 }
--- a/test/jdk/javax/net/ssl/ALPN/SSLSocketAlpnTest.java
+++ b/test/jdk/javax/net/ssl/ALPN/SSLSocketAlpnTest.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
 * @test
 * @bug 8051498 8145849 8170282
 * @summary JEP 244: TLS Application-Layer Protocol Negotiation Extension
- * @compile MyX509ExtendedKeyManager.java
+ * @library /javax/net/ssl/templates
 *
 * @run main/othervm SSLSocketAlpnTest h2          UNUSED   h2          h2
 * @run main/othervm SSLSocketAlpnTest h2          UNUSED   h2,http/1.1 h2
@ -78,56 +78,18 @@
 * This example is based on our standard SSLSocketTemplate.
 */
 import java.io.*;
 import java.security.KeyStore;
 import java.util.Arrays;
 import javax.net.ssl.*;
-public class SSLSocketAlpnTest {
+public class SSLSocketAlpnTest extends SSLSocketTemplate {
    /*
     * =============================================================
     * Set the various variables needed for the tests, then
     * specify what tests to run on each side.
     */
    /*
     * Should we run the client or server in a separate thread?
     * Both sides can throw exceptions, but do you have a preference
     * as to which side should be the main thread.
     */
    static boolean separateServerThread = false;
    /*
     * Where do we find the keystores?
     */
    static String pathToStores = "../etc";
    static String keyStoreFile = "keystore";
    static String trustStoreFile = "truststore";
    static String passwd = "passphrase";
    static String keyFilename = System.getProperty("test.src", ".") + "/"
            + pathToStores + "/" + keyStoreFile;
    static String trustFilename = System.getProperty("test.src", ".") + "/"
            + pathToStores + "/" + trustStoreFile;
    private static boolean hasServerAPs; // whether server APs are present
    private static boolean hasCallback; // whether a callback is present
    /*
     * SSLContext
     */
    SSLContext mySSLContext = null;
    /*
     * Is the server ready to serve?
     */
    volatile static boolean serverReady = false;
    /*
     * Turn on SSL debugging?
     */
-    static boolean debug = false;
+    static boolean debug = Boolean.getBoolean("test.debug");
    static String[] serverAPs;
    static String callbackAP;
@ -143,28 +105,20 @@ public class SSLSocketAlpnTest {
     * smart about it....
     */
    @Override
    protected void configureServerSocket(SSLServerSocket socket) {
        socket.setNeedClientAuth(true);
    }
    /*
     * Define the server side of the test.
     *
     * If the server prematurely exits, serverReady will be set to true
     * to avoid infinite hangs.
     */
-    void doServerSide() throws Exception {
+    @Override
-        SSLServerSocketFactory sslssf = mySSLContext.getServerSocketFactory();
+    protected void runServerApplication(SSLSocket sslSocket) throws Exception {
-        SSLServerSocket sslServerSocket
+        System.out.println("in runServerApplication(SSLSocket)");
                = (SSLServerSocket) sslssf.createServerSocket(serverPort);
        // for both client/server to call into X509KM
        sslServerSocket.setNeedClientAuth(true);
        serverPort = sslServerSocket.getLocalPort();
        /*
         * Signal Client, we're ready for his connect.
         */
        serverReady = true;
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
        SSLParameters sslp = sslSocket.getSSLParameters();
        /*
@ -206,6 +160,7 @@ public class SSLSocketAlpnTest {
            }
        }
        System.out.println("server starting handshake");
        sslSocket.startHandshake();
        if (sslSocket.getHandshakeApplicationProtocol() != null) {
@ -247,18 +202,9 @@ public class SSLSocketAlpnTest {
     * If the server prematurely exits, serverReady will be set to true
     * to avoid infinite hangs.
     */
-    void doClientSide() throws Exception {
+    @Override
-
+    protected void runClientApplication(SSLSocket sslSocket) throws Exception {
-        /*
+        System.out.println("in runClientApplication(SSLSocket)");
         * Wait for server to get started.
         */
        while (!serverReady) {
            Thread.sleep(50);
        }
        SSLSocketFactory sslsf = mySSLContext.getSocketFactory();
        SSLSocket sslSocket
                = (SSLSocket) sslsf.createSocket("localhost", serverPort);
        SSLParameters sslp = sslSocket.getSSLParameters();
@ -281,6 +227,7 @@ public class SSLSocketAlpnTest {
                    + "return null before the handshake starts");
        }
        System.out.println("Client starting handshake");
        sslSocket.startHandshake();
        if (sslSocket.getHandshakeApplicationProtocol() != null) {
@ -321,16 +268,6 @@ public class SSLSocketAlpnTest {
        sslSocket.close();
    }
    /*
     * =============================================================
     * The remainder is just support stuff
     */
    // use any free port by default
    volatile int serverPort = 0;
    volatile Exception serverException = null;
    volatile Exception clientException = null;
    public static void main(String[] args) throws Exception {
        if (debug) {
@ -347,14 +284,13 @@ public class SSLSocketAlpnTest {
        clientAPs = convert(args[2]);
        expectedAP = args[3];
        hasServerAPs = !args[0].equals("UNUSED"); // are server APs being used?
        hasCallback = !callbackAP.equals("UNUSED"); // is callback being used?
        /*
         * Start the tests.
         */
        try {
-            new SSLSocketAlpnTest();
+            new SSLSocketAlpnTest().run();
        } catch (SSLHandshakeException she) {
            if (args[3].equals("ERROR")) {
                System.out.println("Caught the expected exception: " + she);
@ -366,40 +302,6 @@ public class SSLSocketAlpnTest {
        System.out.println("Test Passed.");
    }
    SSLContext getSSLContext(String keyFilename, String trustFilename)
            throws Exception {
        SSLContext ctx = SSLContext.getInstance("TLS");
        // Keystores
        KeyStore keyKS = KeyStore.getInstance("JKS");
        keyKS.load(new FileInputStream(keyFilename), passwd.toCharArray());
        KeyStore trustKS = KeyStore.getInstance("JKS");
        trustKS.load(new FileInputStream(trustFilename), passwd.toCharArray());
        // Generate KeyManager and TrustManager
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(keyKS, passwd.toCharArray());
        KeyManager[] kms = kmf.getKeyManagers();
        if (!(kms[0] instanceof X509ExtendedKeyManager)) {
            throw new Exception("kms[0] not X509ExtendedKeyManager");
        }
        kms = new KeyManager[] { new MyX509ExtendedKeyManager(
                (X509ExtendedKeyManager) kms[0], expectedAP,
                !hasCallback && hasServerAPs) };
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(trustKS);
        TrustManager[] tms = tmf.getTrustManagers();
        // initial SSLContext
        ctx.init(kms, tms, null);
        return ctx;
    }
    /*
     * Convert a comma-separated list into an array of strings.
     */
@ -421,143 +323,4 @@ public class SSLSocketAlpnTest {
        return strings;
    }
    Thread clientThread = null;
    Thread serverThread = null;
    /*
     * Primary constructor, used to drive remainder of the test.
     *
     * Fork off the other side, then do your work.
     */
    SSLSocketAlpnTest() throws Exception {
        Exception startException = null;
        mySSLContext = getSSLContext(keyFilename, trustFilename);
        try {
            if (separateServerThread) {
                startServer(true);
                startClient(false);
            } else {
                startClient(true);
                startServer(false);
            }
        } catch (Exception e) {
            startException = e;
        }
        /*
         * Wait for other side to close down.
         */
        if (separateServerThread) {
            if (serverThread != null) {
                serverThread.join();
            }
        } else {
            if (clientThread != null) {
                clientThread.join();
            }
        }
        /*
         * When we get here, the test is pretty much over.
         * Which side threw the error?
         */
        Exception local;
        Exception remote;
        if (separateServerThread) {
            remote = serverException;
            local = clientException;
        } else {
            remote = clientException;
            local = serverException;
        }
        Exception exception = null;
        /*
         * Check various exception conditions.
         */
        if ((local != null) && (remote != null)) {
            // If both failed, return the curthread's exception.
            local.addSuppressed(remote);
            exception = local;
        } else if (local != null) {
            exception = local;
        } else if (remote != null) {
            exception = remote;
        } else if (startException != null) {
            exception = startException;
        }
        /*
         * If there was an exception *AND* a startException,
         * output it.
         */
        if (exception != null) {
            if (exception != startException && startException != null) {
                exception.addSuppressed(startException);
            }
            throw exception;
        }
        // Fall-through: no exception to throw!
    }
    void startServer(boolean newThread) throws Exception {
        if (newThread) {
            serverThread = new Thread() {
                @Override
                public void run() {
                    try {
                        doServerSide();
                    } catch (Exception e) {
                        /*
                         * Our server thread just died.
                         *
                         * Release the client, if not active already...
                         */
                        System.err.println("Server died...");
                        serverReady = true;
                        serverException = e;
                    }
                }
            };
            serverThread.start();
        } else {
            try {
                doServerSide();
            } catch (Exception e) {
                serverException = e;
            } finally {
                serverReady = true;
            }
        }
    }
    void startClient(boolean newThread) throws Exception {
        if (newThread) {
            clientThread = new Thread() {
                @Override
                public void run() {
                    try {
                        doClientSide();
                    } catch (Exception e) {
                        /*
                         * Our client thread just died.
                         */
                        System.err.println("Client died...");
                        clientException = e;
                    }
                }
            };
            clientThread.start();
        } else {
            try {
                doClientSide();
            } catch (Exception e) {
                clientException = e;
            }
        }
    }
 }
--- a/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java
@ -37,19 +37,9 @@ import java.security.*;
 import java.nio.*;
 import java.util.Arrays;
-public class HandshakeWithInvalidRecordVersion implements SSLContextTemplate {
+public class HandshakeWithInvalidRecordVersion extends SSLContextTemplate {
    private static final boolean DEBUG = Boolean.getBoolean("test.debug");
    private static final String PATH_TO_STORES = "../etc";
    private static final String KEYSTORE_FILE = "keystore";
    private static final String TRUSTSTORE_FILE = "truststore";
    private static final String KEYSTORE_PATH =
            System.getProperty("test.src", "./") + "/" + PATH_TO_STORES +
                    "/" + KEYSTORE_FILE;
    private static final String TRUSTSTORE_PATH =
            System.getProperty("test.src", "./") + "/" + PATH_TO_STORES +
                    "/" + TRUSTSTORE_FILE;
    public static void main(String [] args) throws Exception {
        var runner = new HandshakeWithInvalidRecordVersion();
--- a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java
+++ b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -42,86 +42,35 @@
 * @run main/othervm DisabledShortRSAKeys SunX509 SSLv3
 */
 import java.net.*;
 import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
 import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.spec.*;
 import java.security.interfaces.*;
 import java.util.Base64;
 public class DisabledShortRSAKeys extends SSLSocketTemplate {
    /*
     * Where do we find the keystores?
     */
    // Certificates and key used in the test.
    static String trustedCertStr =
        "-----BEGIN CERTIFICATE-----\n" +
        "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
        "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
        "MTEwODE5MDE1MjE5WhcNMzIwNzI5MDE1MjE5WjA7MQswCQYDVQQGEwJVUzENMAsG\n" +
        "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" +
        "KoZIhvcNAQEBBQADgY0AMIGJAoGBAM8orG08DtF98TMSscjGsidd1ZoN4jiDpi8U\n" +
        "ICz+9dMm1qM1d7O2T+KH3/mxyox7Rc2ZVSCaUD0a3CkhPMnlAx8V4u0H+E9sqso6\n" +
        "iDW3JpOyzMExvZiRgRG/3nvp55RMIUV4vEHOZ1QbhuqG4ebN0Vz2DkRft7+flthf\n" +
        "vDld6f5JAgMBAAGjgaUwgaIwHQYDVR0OBBYEFLl81dnfp0wDrv0OJ1sxlWzH83Xh\n" +
        "MGMGA1UdIwRcMFqAFLl81dnfp0wDrv0OJ1sxlWzH83XhoT+kPTA7MQswCQYDVQQG\n" +
        "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" +
        "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEE\n" +
        "BQADgYEALlgaH1gWtoBZ84EW8Hu6YtGLQ/L9zIFmHonUPZwn3Pr//icR9Sqhc3/l\n" +
        "pVTxOINuFHLRz4BBtEylzRIOPzK3tg8XwuLb1zd0db90x3KBCiAL6E6cklGEPwLe\n" +
        "XYMHDn9eDsaq861Tzn6ZwzMgw04zotPMoZN0mVd/3Qca8UJFucE=\n" +
        "-----END CERTIFICATE-----";
    static String targetCertStr =
        "-----BEGIN CERTIFICATE-----\n" +
        "MIICNDCCAZ2gAwIBAgIBDDANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
        "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
        "MTExMTA3MTM1NTUyWhcNMzEwNzI1MTM1NTUyWjBPMQswCQYDVQQGEwJVUzENMAsG\n" +
        "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEjAQBgNV\n" +
        "BAMTCWxvY2FsaG9zdDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3Pb49OSPfOD2G\n" +
        "HSXFCFx1GJEZfqG9ZUf7xuIi/ra5dLjPGAaoY5QF2QOa8VnOriQCXDfyXHxsuRnE\n" +
        "OomxL7EVAgMBAAGjeDB2MAsGA1UdDwQEAwID6DAdBgNVHQ4EFgQUXNCJK3/dtCIc\n" +
        "xb+zlA/JINlvs/MwHwYDVR0jBBgwFoAUuXzV2d+nTAOu/Q4nWzGVbMfzdeEwJwYD\n" +
        "VR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAzANBgkqhkiG9w0B\n" +
        "AQQFAAOBgQB2qIDUxA2caMPpGtUACZAPRUtrGssCINIfItETXJZCx/cRuZ5sP4D9\n" +
        "N1acoNDn0hCULe3lhXAeTC9NZ97680yJzregQMV5wATjo1FGsKY30Ma+sc/nfzQW\n" +
        "+h/7RhYtoG0OTsiaDCvyhI6swkNJzSzrAccPY4+ZgU8HiDLzZTmM3Q==\n" +
        "-----END CERTIFICATE-----";
    // Private key in the format of PKCS#8, key size is 512 bits.
    static String targetPrivateKey =
        "MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAtz2+PTkj3zg9hh0l\n" +
        "xQhcdRiRGX6hvWVH+8biIv62uXS4zxgGqGOUBdkDmvFZzq4kAlw38lx8bLkZxDqJ\n" +
        "sS+xFQIDAQABAkByx/5Oo2hQ/w2q4L8z+NTRlJ3vdl8iIDtC/4XPnfYfnGptnpG6\n" +
        "ZThQRvbMZiai0xHQPQMszvAHjZVme1eDl3EBAiEA3aKJHynPVCEJhpfCLWuMwX5J\n" +
        "1LntwJO7NTOyU5m8rPECIQDTpzn5X44r2rzWBDna/Sx7HW9IWCxNgUD2Eyi2nA7W\n" +
        "ZQIgJerEorw4aCAuzQPxiGu57PB6GRamAihEAtoRTBQlH0ECIQDN08FgTtnesgCU\n" +
        "DFYLLcw1CiHvc7fZw4neBDHCrC8NtQIgA8TOUkGnpCZlQ0KaI8KfKWI+vxFcgFnH\n" +
        "3fnqsTgaUs4=";
    static char passphrase[] = "passphrase".toCharArray();
    /*
     * Turn on SSL debugging?
     */
    static boolean debug = false;
-    @Override
+    private final String enabledProtocol;
-    protected SSLContext createClientSSLContext() throws Exception {
+    private final String tmAlgorithm;
-        return generateSSLContext(trustedCertStr, null, null);
+
    public DisabledShortRSAKeys(String tmAlgorithm, String enabledProtocol) {
        this.tmAlgorithm = tmAlgorithm;
        this.enabledProtocol = enabledProtocol;
    }
    @Override
-    protected SSLContext createServerSSLContext() throws Exception {
+    public SSLContext createClientSSLContext() throws Exception {
-        return generateSSLContext(null, targetCertStr, targetPrivateKey);
+        return createSSLContext(new Cert[]{Cert.CA_RSA_512}, null,
                new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509"));
    }
    @Override
    public SSLContext createServerSSLContext() throws Exception {
        return createSSLContext(null, new Cert[]{Cert.EE_RSA_512},
                new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509"));
    }
    @Override
@ -159,84 +108,6 @@ public class DisabledShortRSAKeys extends SSLSocketTemplate {
        }
    }
    /*
     * =============================================================
     * The remainder is just support stuff
     */
    private static String tmAlgorithm; // trust manager
    private static String enabledProtocol; // the target protocol
    private static void parseArguments(String[] args) {
            tmAlgorithm = args[0];
            enabledProtocol = args[1];
    }
    private static SSLContext generateSSLContext(String trustedCertStr,
                String keyCertStr, String keySpecStr) throws Exception {
        // generate certificate from cert string
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        // create a key store
        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(null, null);
        // import the trused cert
        Certificate trusedCert = null;
        ByteArrayInputStream is = null;
        if (trustedCertStr != null) {
            is = new ByteArrayInputStream(trustedCertStr.getBytes());
            trusedCert = cf.generateCertificate(is);
            is.close();
            ks.setCertificateEntry("RSA Export Signer", trusedCert);
        }
        if (keyCertStr != null) {
            // generate the private key.
            PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
                            Base64.getMimeDecoder().decode(keySpecStr));
            KeyFactory kf = KeyFactory.getInstance("RSA");
            RSAPrivateKey priKey =
                (RSAPrivateKey)kf.generatePrivate(priKeySpec);
            // generate certificate chain
            is = new ByteArrayInputStream(keyCertStr.getBytes());
            Certificate keyCert = cf.generateCertificate(is);
            is.close();
            Certificate[] chain = null;
            if (trusedCert != null) {
                chain = new Certificate[2];
                chain[0] = keyCert;
                chain[1] = trusedCert;
            } else {
                chain = new Certificate[1];
                chain[0] = keyCert;
            }
            // import the key entry.
            ks.setKeyEntry("Whatever", priKey, passphrase, chain);
        }
        // create SSL context
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlgorithm);
        tmf.init(ks);
        SSLContext ctx = SSLContext.getInstance("TLS");
        if (keyCertStr != null && !keyCertStr.isEmpty()) {
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
            kmf.init(ks, passphrase);
            ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
            ks = null;
        } else {
            ctx.init(null, tmf.getTrustManagers(), null);
        }
        return ctx;
    }
    public static void main(String[] args) throws Exception {
        Security.setProperty("jdk.certpath.disabledAlgorithms",
                "RSA keySize < 1024");
@ -247,15 +118,12 @@ public class DisabledShortRSAKeys extends SSLSocketTemplate {
            System.setProperty("javax.net.debug", "all");
        }
-        /*
+        String tmAlgorithm = args[0];
-         * Get the customized arguments.
+        String enabledProtocol = args[1];
         */
        parseArguments(args);
        /*
         * Start the tests.
         */
-        new DisabledShortRSAKeys().run();
+        new DisabledShortRSAKeys(tmAlgorithm, enabledProtocol).run();
    }
 }
--- a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java
+++ b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java
--- a/test/jdk/javax/net/ssl/templates/SSLEngineTemplate.java
+++ b/test/jdk/javax/net/ssl/templates/SSLEngineTemplate.java
@ -51,7 +51,7 @@ import java.nio.ByteBuffer;
 * (wrap/unwrap) pass before any application data is consumed or
 * produced.
 */
-public class SSLEngineTemplate implements SSLContextTemplate {
+public class SSLEngineTemplate extends SSLContextTemplate {
    protected final SSLEngine clientEngine;     // client Engine
    protected final ByteBuffer clientOut;       // write side of clientEngine
    protected final ByteBuffer clientIn;        // read side of clientEngine
--- a/test/jdk/javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java
+++ b/test/jdk/javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java
@ -1,532 +0,0 @@
 /*
 * Copyright (c) 2011, 2022, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
 //
 // SunJSSE does not support dynamic system properties, no way to re-use
 // system properties in samevm/agentvm mode.
 //
 /*
 * @test
 * @bug 7105780
 * @summary Add SSLSocket client/SSLEngine server to templates directory.
 * @run main/othervm SSLSocketSSLEngineTemplate TLSv1
 * @run main/othervm SSLSocketSSLEngineTemplate TLSv1.1
 * @run main/othervm SSLSocketSSLEngineTemplate TLSv1.2
 * @run main/othervm SSLSocketSSLEngineTemplate TLSv1.3
 */
 /**
 * A SSLSocket/SSLEngine interop test case.  This is not the way to
 * code SSLEngine-based servers, but works for what we need to do here,
 * which is to make sure that SSLEngine/SSLSockets can talk to each other.
 * SSLEngines can use direct or indirect buffers, and different code
 * is used to get at the buffer contents internally, so we test that here.
 *
 * The test creates one SSLSocket (client) and one SSLEngine (server).
 * The SSLSocket talks to a raw ServerSocket, and the server code
 * does the translation between byte [] and ByteBuffers that the SSLEngine
 * can use.  The "transport" layer consists of a Socket Input/OutputStream
 * and two byte buffers for the SSLEngines:  think of them
 * as directly connected pipes.
 *
 * Again, this is a *very* simple example: real code will be much more
 * involved.  For example, different threading and I/O models could be
 * used, transport mechanisms could close unexpectedly, and so on.
 *
 * When this application runs, notice that several messages
 * (wrap/unwrap) pass before any application data is consumed or
 * produced.  (For more information, please see the SSL/TLS
 * specifications.)  There may several steps for a successful handshake,
 * so it's typical to see the following series of operations:
 *
 *      client          server          message
 *      ======          ======          =======
 *      write()         ...             ClientHello
 *      ...             unwrap()        ClientHello
 *      ...             wrap()          ServerHello/Certificate
 *      read()          ...             ServerHello/Certificate
 *      write()         ...             ClientKeyExchange
 *      write()         ...             ChangeCipherSpec
 *      write()         ...             Finished
 *      ...             unwrap()        ClientKeyExchange
 *      ...             unwrap()        ChangeCipherSpec
 *      ...             unwrap()        Finished
 *      ...             wrap()          ChangeCipherSpec
 *      ...             wrap()          Finished
 *      read()          ...             ChangeCipherSpec
 *      read()          ...             Finished
 */
 import javax.net.ssl.*;
 import javax.net.ssl.SSLEngineResult.*;
 import java.io.*;
 import java.net.*;
 import java.security.*;
 import java.nio.*;
 public class SSLSocketSSLEngineTemplate {
    /*
     * Enables logging of the SSL/TLS operations.
     */
    private static final boolean logging = true;
    /*
     * Enables the JSSE system debugging system property:
     *
     *     -Djavax.net.debug=all
     *
     * This gives a lot of low-level information about operations underway,
     * including specific handshake messages, and might be best examined
     * after gaining some familiarity with this application.
     */
    private static final boolean debug = false;
    private final SSLContext sslc;
    private SSLEngine serverEngine;     // server-side SSLEngine
    private SSLSocket clientSocket;
    private final byte[] serverMsg =
        "Hi there Client, I'm a Server.".getBytes();
    private final byte[] clientMsg =
        "Hello Server, I'm a Client! Pleased to meet you!".getBytes();
    private ByteBuffer serverOut;       // write side of serverEngine
    private ByteBuffer serverIn;        // read side of serverEngine
    private volatile Exception clientException;
    private volatile Exception serverException;
    /*
     * For data transport, this example uses local ByteBuffers.
     */
    private ByteBuffer cTOs;            // "reliable" transport client->server
    private ByteBuffer sTOc;            // "reliable" transport server->client
    /*
     * The following is to set up the keystores/trust material.
     */
    private static final String pathToStores = "../etc";
    private static final String keyStoreFile = "keystore";
    private static final String trustStoreFile = "truststore";
    private static final String keyFilename =
            System.getProperty("test.src", ".") + "/" + pathToStores
            + "/" + keyStoreFile;
    private static final String trustFilename =
            System.getProperty("test.src", ".") + "/" + pathToStores
            + "/" + trustStoreFile;
    /*
     * Main entry point for this test.
     */
    public static void main(String args[]) throws Exception {
        String protocol = args[0];
        // reset security properties to make sure that the algorithms
        // and keys used in this test are not disabled.
        Security.setProperty("jdk.tls.disabledAlgorithms", "");
        Security.setProperty("jdk.certpath.disabledAlgorithms", "");
        if (debug) {
            System.setProperty("javax.net.debug", "all");
        }
        /*
         * Run the tests with direct and indirect buffers.
         */
        SSLSocketSSLEngineTemplate test =
            new SSLSocketSSLEngineTemplate(protocol);
        log("-------------------------------------");
        log("Testing " + protocol + " for direct buffers ...");
        test.runTest(true);
        log("---------------------------------------");
        log("Testing " + protocol + " for indirect buffers ...");
        test.runTest(false);
        log("Test Passed.");
    }
    /*
     * Create an initialized SSLContext to use for these tests.
     */
    public SSLSocketSSLEngineTemplate(String protocol) throws Exception {
        KeyStore ks = KeyStore.getInstance("JKS");
        KeyStore ts = KeyStore.getInstance("JKS");
        char[] passphrase = "passphrase".toCharArray();
        try (FileInputStream keyFile = new FileInputStream(keyFilename);
                FileInputStream trustFile = new FileInputStream(trustFilename)) {
            ks.load(keyFile, passphrase);
            ts.load(trustFile, passphrase);
        }
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(ks, passphrase);
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(ts);
        SSLContext sslCtx = SSLContext.getInstance(protocol);
        sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
        sslc = sslCtx;
    }
    /*
     * Run the test.
     *
     * Sit in a tight loop, with the server engine calling wrap/unwrap
     * regardless of whether data is available or not.  We do this until
     * we get the application data.  Then we shutdown and go to the next one.
     *
     * The main loop handles all of the I/O phases of the SSLEngine's
     * lifetime:
     *
     *     initial handshaking
     *     application data transfer
     *     engine closing
     *
     * One could easily separate these phases into separate
     * sections of code.
     */
    private void runTest(boolean direct) throws Exception {
        clientSocket = null;
        boolean serverClose = direct;
        // generates the server-side Socket
        try (ServerSocket serverSocket = new ServerSocket()) {
            serverSocket.setReuseAddress(false);
            serverSocket.bind(null);
            int port = serverSocket.getLocalPort();
            log("Port: " + port);
            Thread thread = createClientThread(port, serverClose);
            createSSLEngine();
            createBuffers(direct);
            // server-side socket that will read
            try (Socket socket = serverSocket.accept()) {
                socket.setSoTimeout(500);
                boolean closed = false;
                // will try to read one more time in case client message
                // is fragmented to multiple pieces
                boolean retry = true;
                InputStream is = socket.getInputStream();
                OutputStream os = socket.getOutputStream();
                SSLEngineResult serverResult;   // results from last operation
                /*
                 * Examining the SSLEngineResults could be much more involved,
                 * and may alter the overall flow of the application.
                 *
                 * For example, if we received a BUFFER_OVERFLOW when trying
                 * to write to the output pipe, we could reallocate a larger
                 * pipe, but instead we wait for the peer to drain it.
                 */
                byte[] inbound = new byte[8192];
                byte[] outbound = new byte[8192];
                while (!isEngineClosed(serverEngine)) {
                    int len;
                    // Inbound data
                    log("================");
                    // Read from the Client side.
                    try {
                        len = is.read(inbound);
                        if (len == -1) {
                            logSocketStatus(clientSocket);
                            if (clientSocket.isClosed()
                                    || clientSocket.isOutputShutdown()) {
                                log("Client socket was closed or shutdown output");
                                break;
                            } else {
                                throw new Exception("Unexpected EOF");
                            }
                        }
                        cTOs.put(inbound, 0, len);
                    } catch (SocketTimeoutException ste) {
                        // swallow. Nothing yet, probably waiting on us.
                    }
                    cTOs.flip();
                    serverResult = serverEngine.unwrap(cTOs, serverIn);
                    log("server unwrap: ", serverResult);
                    runDelegatedTasks(serverResult, serverEngine);
                    cTOs.compact();
                    // Outbound data
                    log("----");
                    serverResult = serverEngine.wrap(serverOut, sTOc);
                    log("server wrap: ", serverResult);
                    runDelegatedTasks(serverResult, serverEngine);
                    sTOc.flip();
                    if ((len = sTOc.remaining()) != 0) {
                        sTOc.get(outbound, 0, len);
                        os.write(outbound, 0, len);
                        // Give the other side a chance to process
                    }
                    sTOc.compact();
                    if (!closed && (serverOut.remaining() == 0)) {
                        closed = true;
                        /*
                         * We'll alternate initiatating the shutdown.
                         * When the server initiates, it will take one more
                         * loop, but tests the orderly shutdown.
                         */
                        if (serverClose) {
                            serverEngine.closeOutbound();
                        }
                        serverIn.flip();
                        /*
                         * A sanity check to ensure we got what was sent.
                         */
                        if (serverIn.remaining() !=  clientMsg.length) {
                            if (retry &&
                                    serverIn.remaining() < clientMsg.length) {
                                log("Need to read more from client");
                                serverIn.compact();
                                retry = false;
                                continue;
                            } else {
                                throw new Exception(
                                        "Client: Data length error");
                            }
                        }
                        for (int i = 0; i < clientMsg.length; i++) {
                            if (clientMsg[i] != serverIn.get()) {
                                throw new Exception(
                                        "Client: Data content error");
                            }
                        }
                        serverIn.compact();
                    }
                }
            } catch (Exception e) {
                serverException = e;
            } finally {
                // Wait for the client to join up with us.
                if (thread != null) {
                    thread.join();
                }
            }
        } finally {
            if (serverException != null) {
                if (clientException != null) {
                    serverException.addSuppressed(clientException);
                }
                throw serverException;
            }
            if (clientException != null) {
                if (serverException != null) {
                    clientException.addSuppressed(serverException);
                }
                throw clientException;
            }
        }
    }
    /*
     * Create a client thread which does simple SSLSocket operations.
     * We'll write and read one data packet.
     */
    private Thread createClientThread(final int port,
            final boolean serverClose) throws Exception {
        Thread t = new Thread("ClientThread") {
            @Override
            public void run() {
                // client-side socket
                try (SSLSocket sslSocket = (SSLSocket)sslc.getSocketFactory().
                            createSocket("localhost", port)) {
                    clientSocket = sslSocket;
                    OutputStream os = sslSocket.getOutputStream();
                    InputStream is = sslSocket.getInputStream();
                    // write(byte[]) goes in one shot.
                    os.write(clientMsg);
                    byte[] inbound = new byte[2048];
                    int pos = 0;
                    int len;
                    while ((len = is.read(inbound, pos, 2048 - pos)) != -1) {
                        pos += len;
                        // Let the client do the closing.
                        if ((pos == serverMsg.length) && !serverClose) {
                            sslSocket.close();
                            break;
                        }
                    }
                    if (pos != serverMsg.length) {
                        throw new Exception("Client:  Data length error");
                    }
                    for (int i = 0; i < serverMsg.length; i++) {
                        if (inbound[i] != serverMsg[i]) {
                            throw new Exception("Client:  Data content error");
                        }
                    }
                } catch (Exception e) {
                    clientException = e;
                }
            }
        };
        t.start();
        return t;
    }
    /*
     * Using the SSLContext created during object creation,
     * create/configure the SSLEngines we'll use for this test.
     */
    private void createSSLEngine() throws Exception {
        /*
         * Configure the serverEngine to act as a server in the SSL/TLS
         * handshake.
         */
        serverEngine = sslc.createSSLEngine();
        serverEngine.setUseClientMode(false);
        serverEngine.getNeedClientAuth();
    }
    /*
     * Create and size the buffers appropriately.
     */
    private void createBuffers(boolean direct) {
        SSLSession session = serverEngine.getSession();
        int appBufferMax = session.getApplicationBufferSize();
        int netBufferMax = session.getPacketBufferSize();
        /*
         * We'll make the input buffers a bit bigger than the max needed
         * size, so that unwrap()s following a successful data transfer
         * won't generate BUFFER_OVERFLOWS.
         *
         * We'll use a mix of direct and indirect ByteBuffers for
         * tutorial purposes only.  In reality, only use direct
         * ByteBuffers when they give a clear performance enhancement.
         */
        if (direct) {
            serverIn = ByteBuffer.allocateDirect(appBufferMax + 50);
            cTOs = ByteBuffer.allocateDirect(netBufferMax);
            sTOc = ByteBuffer.allocateDirect(netBufferMax);
        } else {
            serverIn = ByteBuffer.allocate(appBufferMax + 50);
            cTOs = ByteBuffer.allocate(netBufferMax);
            sTOc = ByteBuffer.allocate(netBufferMax);
        }
        serverOut = ByteBuffer.wrap(serverMsg);
    }
    /*
     * If the result indicates that we have outstanding tasks to do,
     * go ahead and run them in this thread.
     */
    private static void runDelegatedTasks(SSLEngineResult result,
            SSLEngine engine) throws Exception {
        if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
            Runnable runnable;
            while ((runnable = engine.getDelegatedTask()) != null) {
                log("\trunning delegated task...");
                runnable.run();
            }
            HandshakeStatus hsStatus = engine.getHandshakeStatus();
            if (hsStatus == HandshakeStatus.NEED_TASK) {
                throw new Exception(
                        "handshake shouldn't need additional tasks");
            }
            log("\tnew HandshakeStatus: " + hsStatus);
        }
    }
    private static boolean isEngineClosed(SSLEngine engine) {
        return (engine.isOutboundDone() && engine.isInboundDone());
    }
    private static void logSocketStatus(Socket socket) {
        log("##### " + socket + " #####");
        log("isBound: " + socket.isBound());
        log("isConnected: " + socket.isConnected());
        log("isClosed: " + socket.isClosed());
        log("isInputShutdown: " + socket.isInputShutdown());
        log("isOutputShutdown: " + socket.isOutputShutdown());
    }
    /*
     * Logging code
     */
    private static boolean resultOnce = true;
    private static void log(String str, SSLEngineResult result) {
        if (!logging) {
            return;
        }
        if (resultOnce) {
            resultOnce = false;
            log("The format of the SSLEngineResult is: \n"
                    + "\t\"getStatus() / getHandshakeStatus()\" +\n"
                    + "\t\"bytesConsumed() / bytesProduced()\"\n");
        }
        HandshakeStatus hsStatus = result.getHandshakeStatus();
        log(str
                + result.getStatus() + "/" + hsStatus + ", "
                + result.bytesConsumed() + "/" + result.bytesProduced()
                + " bytes");
        if (hsStatus == HandshakeStatus.FINISHED) {
            log("\t...ready for application data");
        }
    }
    private static void log(String str) {
        if (logging) {
            if (debug) {
                System.err.println(str);
            } else {
                System.out.println(str);
            }
        }
    }
 }
--- a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
+++ b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -34,27 +34,17 @@
 * @run main/othervm SSLSocketTemplate
 */
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.io.IOException;
 import java.io.OutputStream;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLServerSocket;
 import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManagerFactory;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.SocketTimeoutException;
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.Base64;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
@ -66,7 +56,7 @@ import java.util.concurrent.TimeUnit;
 * test/jdk/sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java
 * test/jdk/sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java
 */
-public class SSLSocketTemplate {
+public class SSLSocketTemplate extends SSLContextTemplate {
    /*
     * ==================
@ -128,53 +118,6 @@ public class SSLSocketTemplate {
        // blank
    }
    /*
     * Create an instance of SSLContext for client use.
     */
    protected SSLContext createClientSSLContext() throws Exception {
        return createSSLContext(TRUSTED_CERTS, END_ENTITY_CERTS,
                getClientContextParameters());
    }
    /*
     * Create an instance of SSLContext for server use.
     */
    protected SSLContext createServerSSLContext() throws Exception {
        return createSSLContext(TRUSTED_CERTS, END_ENTITY_CERTS,
                getServerContextParameters());
    }
    /*
     * The parameters used to configure SSLContext.
     */
    protected static final class ContextParameters {
        final String contextProtocol;
        final String tmAlgorithm;
        final String kmAlgorithm;
        ContextParameters(String contextProtocol,
                String tmAlgorithm, String kmAlgorithm) {
            this.contextProtocol = contextProtocol;
            this.tmAlgorithm = tmAlgorithm;
            this.kmAlgorithm = kmAlgorithm;
        }
    }
    /*
     * Get the client side parameters of SSLContext.
     */
    protected ContextParameters getClientContextParameters() {
        return new ContextParameters("TLS", "PKIX", "NewSunX509");
    }
    /*
     * Get the server side parameters of SSLContext.
     */
    protected ContextParameters getServerContextParameters() {
        return new ContextParameters("TLS", "PKIX", "NewSunX509");
    }
    /*
     * Does the client side use customized connection other than
     * explicit Socket.connect(), for example, URL.openConnection()?
@ -360,114 +303,6 @@ public class SSLSocketTemplate {
        }
    }
    /*
     * =============================================
     * Stuffs to customize the SSLContext instances.
     */
    /*
     * =======================================
     * Certificates and keys used in the test.
     */
    // Trusted certificates.
    protected final static Cert[] TRUSTED_CERTS = {
            Cert.CA_ECDSA_SECP256R1,
            Cert.CA_RSA_2048,
            Cert.CA_DSA_2048 };
    // End entity certificate.
    protected final static Cert[] END_ENTITY_CERTS = {
            Cert.EE_ECDSA_SECP256R1,
            Cert.EE_RSA_2048,
            Cert.EE_EC_RSA_SECP256R1,
            Cert.EE_DSA_2048 };
    /*
     * Create an instance of SSLContext with the specified trust/key materials.
     */
    public static SSLContext createSSLContext(
            Cert[] trustedCerts,
            Cert[] endEntityCerts,
            ContextParameters params) throws Exception {
        KeyStore ts = null;     // trust store
        KeyStore ks = null;     // key store
        char passphrase[] = "passphrase".toCharArray();
        // Generate certificate from cert string.
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        // Import the trused certs.
        ByteArrayInputStream is;
        if (trustedCerts != null && trustedCerts.length != 0) {
            ts = KeyStore.getInstance("JKS");
            ts.load(null, null);
            Certificate[] trustedCert = new Certificate[trustedCerts.length];
            for (int i = 0; i < trustedCerts.length; i++) {
                is = new ByteArrayInputStream(trustedCerts[i].certStr.getBytes());
                try {
                    trustedCert[i] = cf.generateCertificate(is);
                } finally {
                    is.close();
                }
                ts.setCertificateEntry(
                        "trusted-cert-" + trustedCerts[i].name(), trustedCert[i]);
            }
        }
        // Import the key materials.
        if (endEntityCerts != null && endEntityCerts.length != 0) {
            ks = KeyStore.getInstance("JKS");
            ks.load(null, null);
            for (int i = 0; i < endEntityCerts.length; i++) {
                // generate the private key.
                PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
                    Base64.getMimeDecoder().decode(endEntityCerts[i].privKeyStr));
                KeyFactory kf =
                    KeyFactory.getInstance(
                            endEntityCerts[i].keyAlgo);
                PrivateKey priKey = kf.generatePrivate(priKeySpec);
                // generate certificate chain
                is = new ByteArrayInputStream(
                        endEntityCerts[i].certStr.getBytes());
                Certificate keyCert = null;
                try {
                    keyCert = cf.generateCertificate(is);
                } finally {
                    is.close();
                }
                Certificate[] chain = new Certificate[] { keyCert };
                // import the key entry.
                ks.setKeyEntry("cert-" + endEntityCerts[i].name(),
                        priKey, passphrase, chain);
            }
        }
        // Create an SSLContext object.
        TrustManagerFactory tmf =
                TrustManagerFactory.getInstance(params.tmAlgorithm);
        tmf.init(ts);
        SSLContext context = SSLContext.getInstance(params.contextProtocol);
        if (endEntityCerts != null && endEntityCerts.length != 0 && ks != null) {
            KeyManagerFactory kmf =
                    KeyManagerFactory.getInstance(params.kmAlgorithm);
            kmf.init(ks, passphrase);
            context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
        } else {
            context.init(null, tmf.getTrustManagers(), null);
        }
        return context;
    }
    /*
     * =================================================
     * Stuffs to boot up the client-server mode testing.
@ -597,7 +432,7 @@ public class SSLSocketTemplate {
        }
    }
-    private void startClient(boolean newThread) throws Exception {
+    private void startClient(boolean newThread) {
        if (newThread) {
            clientThread = new Thread() {
                @Override
@ -629,573 +464,4 @@ public class SSLSocketTemplate {
        cause.printStackTrace(System.out);
    }
    public static enum Cert {
        CA_ECDSA_SECP256R1(
                "EC",
                // SHA256withECDSA, curve secp256r1
                // Validity
                //     Not Before: May 22 07:18:16 2018 GMT
                //     Not After : May 17 07:18:16 2038 GMT
                // Subject Key Identifier:
                //     60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
                "-----BEGIN CERTIFICATE-----\n" +
                "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
                "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
                "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" +
                "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" +
                "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" +
                "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" +
                "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" +
                "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" +
                "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" +
                "2YEHlSQUAbwwqCDEVB5KxaqP\n" +
                "-----END CERTIFICATE-----",
                "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd\n" +
                "XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd\n" +
                "LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp"),
        CA_ECDSA_SECP384R1(
                "EC",
                // SHA384withECDSA, curve secp384r1
                // Validity
                //     Not Before: Jun 24 08:15:06 2019 GMT
                //     Not After : Jun 19 08:15:06 2039 GMT
                // Subject Key Identifier:
                //     0a:93:a9:a0:bf:e7:d5:48:9d:4f:89:15:c6:51:98:80:05:51:4e:4e
                "-----BEGIN CERTIFICATE-----\n" +
                "MIICCDCCAY6gAwIBAgIUCpOpoL/n1UidT4kVxlGYgAVRTk4wCgYIKoZIzj0EAwMw\n" +
                "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
                "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" +
                "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" +
                "dCBTZXJpdmNlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENVQN1wXWFdgC6u/dDdiC\n" +
                "y+WtMTF66oL/0BSm+1ZqsogamzCryawOcHgiuXgWzx5CQ3LuOC+tDFyXpGfHuCvb\n" +
                "dkzxPrP5n9NrR8/uRPe5l1KOUbchviU8z9cTP+LZxnZDo1MwUTAdBgNVHQ4EFgQU\n" +
                "SktSFArR1p/5mXV0kyo0RxIVa/UwHwYDVR0jBBgwFoAUSktSFArR1p/5mXV0kyo0\n" +
                "RxIVa/UwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjBZvoNmq3/v\n" +
                "RD2gBTyvxjS9h0rsMRLHDnvul/KWngytwGPTOBo0Y8ixQXSjdKoc3rkCMQDkiNgx\n" +
                "IDxuHedmrLQKIPnVcthTmwv7//jHiqGoKofwChMo2a1P+DQdhszmeHD/ARQ=\n" +
                "-----END CERTIFICATE-----",
                "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDChlbt0NF8oIKODSxn2\n" +
                "WXCXuJm3z78LRkzYQS3Nx5NMjei5ytkFZz4qvD4XXMWlTEyhZANiAAQ1VA3XBdYV\n" +
                "2ALq790N2ILL5a0xMXrqgv/QFKb7VmqyiBqbMKvJrA5weCK5eBbPHkJDcu44L60M\n" +
                "XJekZ8e4K9t2TPE+s/mf02tHz+5E97mXUo5RtyG+JTzP1xM/4tnGdkM="),
        CA_ECDSA_SECP521R1(
                "EC",
                // SHA512withECDSA, curve secp521r1
                // Validity
                //     Not Before: Jun 24 08:15:06 2019 GMT
                //     Not After : Jun 19 08:15:06 2039 GMT
                // Subject Key Identifier:
                //     25:ca:68:76:6d:29:17:9b:71:78:45:2d:d4:c6:e4:5d:fe:25:ff:90
                "-----BEGIN CERTIFICATE-----\n" +
                "MIICUzCCAbSgAwIBAgIUJcpodm0pF5txeEUt1MbkXf4l/5AwCgYIKoZIzj0EAwQw\n" +
                "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
                "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" +
                "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" +
                "dCBTZXJpdmNlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAmFD5VmB2MdyJ6k+E\n" +
                "eP4JncrE65ySL07gVmFwnr8otOt3NtRAyzmviMNNXXjo5R5NqNjKP4pr92JjT0sO\n" +
                "D65yngkBtH151Ev/fiKPLxkXL9GzfKdWHVhDX7Zg6DUydzukzZV2/dIyloAIqwlz\n" +
                "QVKJqT7RypDufdng8hnE9YfKo6ypZiujUzBRMB0GA1UdDgQWBBRAIrxa7WqtqUCe\n" +
                "HFuKREDC92spvTAfBgNVHSMEGDAWgBRAIrxa7WqtqUCeHFuKREDC92spvTAPBgNV\n" +
                "HRMBAf8EBTADAQH/MAoGCCqGSM49BAMEA4GMADCBiAJCAe22iirZnODCmlpxcv57\n" +
                "3g5BEE60C+dtYmTqR4DtFyDaTRQ5CFf4ZxvQPIbD+SXi5Cbrl6qtrZG0cjUihPkC\n" +
                "Hi1hAkIAiEcO7nMPgQLny+GrciojfN+bZXME/dPz6KHBm/89f8Me+jawVnv6y+df\n" +
                "2Sbafh1KV6ntWQtB4bK3MXV8Ym9Eg1I=\n" +
                "-----END CERTIFICATE-----",
                "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAV8dZszV6+nLw3LeA\n" +
                "Q+qLJLGaqyjlsQkaopCPcmoRdy1HX6AzB/YnKsPkHp/9DQN6A2JgUhFG5B0XvKSk\n" +
                "BqNNuSGhgYkDgYYABACYUPlWYHYx3InqT4R4/gmdysTrnJIvTuBWYXCevyi063c2\n" +
                "1EDLOa+Iw01deOjlHk2o2Mo/imv3YmNPSw4PrnKeCQG0fXnUS/9+Io8vGRcv0bN8\n" +
                "p1YdWENftmDoNTJ3O6TNlXb90jKWgAirCXNBUompPtHKkO592eDyGcT1h8qjrKlm\n" +
                "Kw=="),
        CA_RSA_2048(
                "RSA",
                // SHA256withRSA, 2048 bits
                // Validity
                //     Not Before: May 22 07:18:16 2018 GMT
                //     Not After : May 17 07:18:16 2038 GMT
                // Subject Key Identifier:
                //     0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C
                "-----BEGIN CERTIFICATE-----\n" +
                "MIIDSTCCAjGgAwIBAgIJAI4ZF3iy8zG+MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
                "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
                "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYT\n" +
                "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
                "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpMcY7aWieXDEM1/YJf\n" +
                "JW27b4nRIFZyEYhEloyGsKTuQiiQjc8cqRZFNXe2vwziDB4IyTEl0Hjl5QF6ZaQE\n" +
                "huPzzwvQm1pv64KrRXrmj3FisQK8B5OWLty9xp6xDqsaMRoyObLK+oIb20T5fSlE\n" +
                "evmo1vYjnh8CX0Yzx5Gr5ye6YSEHQvYOWEws8ad17OlyToR2KMeC8w4qo6rs59pW\n" +
                "g7Mxn9vo22ImDzrtAbTbXbCias3xlE0Bp0h5luyf+5U4UgksoL9B9r2oP4GrLNEV\n" +
                "oJk57t8lwaR0upiv3CnS8LcJELpegZub5ggqLY8ZPYFQPjlK6IzLOm6rXPgZiZ3m\n" +
                "RL0CAwEAAaNQME4wHQYDVR0OBBYEFA3dk8n+S701t+iZeJD721o92xVMMB8GA1Ud\n" +
                "IwQYMBaAFA3dk8n+S701t+iZeJD721o92xVMMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" +
                "hvcNAQELBQADggEBAJTRC3rKUUhVH07/1+stUungSYgpM08dY4utJq0BDk36BbmO\n" +
                "0AnLDMbkwFdHEoqF6hQIfpm7SQTmXk0Fss6Eejm8ynYr6+EXiRAsaXOGOBCzF918\n" +
                "/RuKOzqABfgSU4UBKECLM5bMfQTL60qx+HdbdVIpnikHZOFfmjCDVxoHsGyXc1LW\n" +
                "Jhkht8IGOgc4PMGvyzTtRFjz01kvrVQZ75aN2E0GQv6dCxaEY0i3ypSzjUWAKqDh\n" +
                "3e2OLwUSvumcdaxyCdZAOUsN6pDBQ+8VRG7KxnlRlY1SMEk46QgQYLbPDe/+W/yH\n" +
                "ca4PejicPeh+9xRAwoTpiE2gulfT7Lm+fVM7Ruc=\n" +
                "-----END CERTIFICATE-----",
                "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6THGO2lonlwxD\n" +
                "Nf2CXyVtu2+J0SBWchGIRJaMhrCk7kIokI3PHKkWRTV3tr8M4gweCMkxJdB45eUB\n" +
                "emWkBIbj888L0Jtab+uCq0V65o9xYrECvAeTli7cvcaesQ6rGjEaMjmyyvqCG9tE\n" +
                "+X0pRHr5qNb2I54fAl9GM8eRq+cnumEhB0L2DlhMLPGndezpck6EdijHgvMOKqOq\n" +
                "7OfaVoOzMZ/b6NtiJg867QG0212womrN8ZRNAadIeZbsn/uVOFIJLKC/Qfa9qD+B\n" +
                "qyzRFaCZOe7fJcGkdLqYr9wp0vC3CRC6XoGbm+YIKi2PGT2BUD45SuiMyzpuq1z4\n" +
                "GYmd5kS9AgMBAAECggEAFHSoU2MuWwJ+2jJnb5U66t2V1bAcuOE1g5zkWvG/G5z9\n" +
                "rq6Qo5kmB8f5ovdx6tw3MGUOklLwnRXBG3RxDJ1iokz3AvkY1clMNsDPlDsUrQKF\n" +
                "JSO4QUBQTPSZhnsyfR8XHSU+qJ8Y+ohMfzpVv95BEoCzebtXdVgxVegBlcEmVHo2\n" +
                "kMmkRN+bYNsr8eb2r+b0EpyumS39ZgKYh09+cFb78y3T6IFMGcVJTP6nlGBFkmA/\n" +
                "25pYeCF2tSki08qtMJZQAvKfw0Kviibk7ZxRbJqmc7B1yfnOEHP6ftjuvKl2+RP/\n" +
                "+5P5f8CfIP6gtA0LwSzAqQX/hfIKrGV5j0pCqrD0kQKBgQDeNR6Xi4sXVq79lihO\n" +
                "a1bSeV7r8yoQrS8x951uO+ox+UIZ1MsAULadl7zB/P0er92p198I9M/0Jth3KBuS\n" +
                "zj45mucvpiiGvmQlMKMEfNq4nN7WHOu55kufPswQB2mR4J3xmwI+4fM/nl1zc82h\n" +
                "De8JSazRldJXNhfx0RGFPmgzbwKBgQDWoVXrXLbCAn41oVnWB8vwY9wjt92ztDqJ\n" +
                "HMFA/SUohjePep9UDq6ooHyAf/Lz6oE5NgeVpPfTDkgvrCFVKnaWdwALbYoKXT2W\n" +
                "9FlyJox6eQzrtHAacj3HJooXWuXlphKSizntfxj3LtMR9BmrmRJOfK+SxNOVJzW2\n" +
                "+MowT20EkwKBgHmpB8jdZBgxI7o//m2BI5Y1UZ1KE5vx1kc7VXzHXSBjYqeV9FeF\n" +
                "2ZZLP9POWh/1Fh4pzTmwIDODGT2UPhSQy0zq3O0fwkyT7WzXRknsuiwd53u/dejg\n" +
                "iEL2NPAJvulZ2+AuiHo5Z99LK8tMeidV46xoJDDUIMgTG+UQHNGhK5gNAoGAZn/S\n" +
                "Cn7SgMC0CWSvBHnguULXZO9wH1wZAFYNLL44OqwuaIUFBh2k578M9kkke7woTmwx\n" +
                "HxQTjmWpr6qimIuY6q6WBN8hJ2Xz/d1fwhYKzIp20zHuv5KDUlJjbFfqpsuy3u1C\n" +
                "kts5zwI7pr1ObRbDGVyOdKcu7HI3QtR5qqyjwaUCgYABo7Wq6oHva/9V34+G3Goh\n" +
                "63bYGUnRw2l5BD11yhQv8XzGGZFqZVincD8gltNThB0Dc/BI+qu3ky4YdgdZJZ7K\n" +
                "z51GQGtaHEbrHS5caV79yQ8QGY5mUVH3E+VXSxuIqb6pZq2DH4sTAEFHyncddmOH\n" +
                "zoXBInYwRG9KE/Bw5elhUw=="),
        CA_DSA_2048(
                "DSA",
                // SHA256withDSA, 2048 bits
                // Validity
                //     Not Before: May 22 07:18:18 2018 GMT
                //     Not After : May 17 07:18:18 2038 GMT
                // Subject Key Identifier:
                //     76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53
                "-----BEGIN CERTIFICATE-----\n" +
                "MIIErjCCBFSgAwIBAgIJAOktYLNCbr02MAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" +
                "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" +
                "Y2UwHhcNMTgwNTIyMDcxODE4WhcNMzgwNTE3MDcxODE4WjA7MQswCQYDVQQGEwJV\n" +
                "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Uw\n" +
                "ggNHMIICOQYHKoZIzjgEATCCAiwCggEBAO5GyPhSm0ze3LSu+gicdULLj05iOfTL\n" +
                "UvZQ29sYz41zmqrLBQbdKiHqgJu2Re9sgTb5suLNjF047TOLPnU3jhPtWm2X8Xzi\n" +
                "VGIcHym/Q/MeZxStt/88seqroI3WOKzIML2GcrishT+lcGrtH36Tf1+ue2Snn3PS\n" +
                "WyxygNqPjllP5uUjYmFLvAf4QLMldkd/D2VxcwsHjB8y5iUZsXezc/LEhRZS/02m\n" +
                "ivqlRw3AMkq/OVe/ZtxFWsP0nsfxEGdZuaUFpppGfixxFvymrB3+J51cTt+pZBDq\n" +
                "D2y0DYfc+88iCs4jwHTfcDIpLb538HBjBj2rEgtQESQmB0ooD/+wsPsCIQC1bYch\n" +
                "gElNtDYL3FgpLgNSUYp7gIWv9ehaC7LO2z7biQKCAQBitvFOnDkUja8NAF7lDpOV\n" +
                "b5ipQ8SicBLW3kQamxhyuyxgZyy/PojZ/oPorkqW/T/A0rhnG6MssEpAtdiwVB+c\n" +
                "rBYGo3bcwmExJhdOJ6dYuKFppPWhCwKMHs9npK+lqBMl8l5j58xlcFeC7ZfGf8GY\n" +
                "GkhFW0c44vEQhMMbac6ZTTP4mw+1t7xJfmDMlLEyIpTXaAAk8uoVLWzQWnR40sHi\n" +
                "ybvS0u3JxQkb7/y8tOOZu8qlz/YOS7lQ6UxUGX27Ce1E0+agfPphetoRAlS1cezq\n" +
                "Wa7r64Ga0nkj1kwkcRqjgTiJx0NwnUXr78VAXFhVF95+O3lfqhvdtEGtkhDGPg7N\n" +
                "A4IBBgACggEBAMmSHQK0w2i+iqUjOPzn0yNEZrzepLlLeQ1tqtn0xnlv5vBAeefD\n" +
                "Pm9dd3tZOjufVWP7hhEz8xPobb1CS4e3vuQiv5UBfhdPL3f3l9T7JMAKPH6C9Vve\n" +
                "OQXE5eGqbjsySbcmseHoYUt1WCSnSda1opX8zchX04e7DhGfE2/L9flpYEoSt8lI\n" +
                "vMNjgOwvKdW3yvPt1/eBBHYNFG5gWPv/Q5KoyCtHS03uqGm4rNc/wZTIEEfd66C+\n" +
                "QRaUltjOaHmtwOdDHaNqwhYZSVOip+Mo+TfyzHFREcdHLapo7ZXqbdYkRGxRR3d+\n" +
                "3DfHaraJO0OKoYlPkr3JMvM/MSGR9AnZOcejUDBOMB0GA1UdDgQWBBR2Zp73O91F\n" +
                "5TvZcjw/8FQ5hjEmUzAfBgNVHSMEGDAWgBR2Zp73O91F5TvZcjw/8FQ5hjEmUzAM\n" +
                "BgNVHRMEBTADAQH/MAsGCWCGSAFlAwQDAgNHADBEAiBzriYE41M2y9Hy5ppkL0Qn\n" +
                "dIlNc8JhXT/PHW7GDtViagIgMko8Qoj9gDGPK3+O9E8DC3wGiiF9CObM4LN387ok\n" +
                "J+g=\n" +
                "-----END CERTIFICATE-----",
                "MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQDuRsj4UptM3ty0rvoInHVCy49O" +
                "Yjn0y1L2UNvbGM+Nc5qqywUG3Soh6oCbtkXvbIE2+bLizYxdOO0ziz51N44T7Vpt" +
                "l/F84lRiHB8pv0PzHmcUrbf/PLHqq6CN1jisyDC9hnK4rIU/pXBq7R9+k39frntk" +
                "p59z0lsscoDaj45ZT+blI2JhS7wH+ECzJXZHfw9lcXMLB4wfMuYlGbF3s3PyxIUW" +
                "Uv9Npor6pUcNwDJKvzlXv2bcRVrD9J7H8RBnWbmlBaaaRn4scRb8pqwd/iedXE7f" +
                "qWQQ6g9stA2H3PvPIgrOI8B033AyKS2+d/BwYwY9qxILUBEkJgdKKA//sLD7AiEA" +
                "tW2HIYBJTbQ2C9xYKS4DUlGKe4CFr/XoWguyzts+24kCggEAYrbxTpw5FI2vDQBe" +
                "5Q6TlW+YqUPEonAS1t5EGpsYcrssYGcsvz6I2f6D6K5Klv0/wNK4ZxujLLBKQLXY" +
                "sFQfnKwWBqN23MJhMSYXTienWLihaaT1oQsCjB7PZ6SvpagTJfJeY+fMZXBXgu2X" +
                "xn/BmBpIRVtHOOLxEITDG2nOmU0z+JsPtbe8SX5gzJSxMiKU12gAJPLqFS1s0Fp0" +
                "eNLB4sm70tLtycUJG+/8vLTjmbvKpc/2Dku5UOlMVBl9uwntRNPmoHz6YXraEQJU" +
                "tXHs6lmu6+uBmtJ5I9ZMJHEao4E4icdDcJ1F6+/FQFxYVRfefjt5X6ob3bRBrZIQ" +
                "xj4OzQQjAiEAsceWOM8do4etxp2zgnoNXV8PUUyqWhz1+0srcKV7FR4="),
        CA_DSA_1024(
                "DSA",
                // dsaWithSHA1, 1024 bits
                // Validity
                //     Not Before: Apr 24 12:25:43 2020 GMT
                //     Not After : Apr 22 12:25:43 2030 GMT
                // Authority Key Identifier:
                //     E1:3C:01:52:EB:D1:38:F7:CF:F1:E3:5E:DB:54:75:7F:5E:AB:2D:36
                "-----BEGIN CERTIFICATE-----\n" +
                "MIIC9TCCArWgAwIBAgIUd52yKk0OxQuxdaYRAfq5VLuF1ZAwCQYHKoZIzjgEAzAu\n" +
                "MQswCQYDVQQGEwJVUzENMAsGA1UECgwESmF2YTEQMA4GA1UECwwHU3VuSlNTRTAe\n" +
                "Fw0yMDA0MjQxMjI1NDJaFw0zMDA0MjIxMjI1NDJaMC4xCzAJBgNVBAYTAlVTMQ0w\n" +
                "CwYDVQQKDARKYXZhMRAwDgYDVQQLDAdTdW5KU1NFMIIBtjCCASsGByqGSM44BAEw\n" +
                "ggEeAoGBAKgyb2XpANq43T8yBf5v0PTBOddLPxd0f0FotASron5rQr86JjBTfgIW\n" +
                "oE4u7nYlO6bp/M4Dw6qZr+HaDu9taIDOj6LL51eUShVsOgS7XZcUzLT8vPnkEDDo\n" +
                "u326x0B7fuNCbMLm+ipM2d4FhLUTt4Qb5TcY6l7dOGHeWiL7nl43AhUAoGr8DY2m\n" +
                "WHZPHk2XbZ5wpaM2lLcCgYBKiFbFFViH/ylHJRPtYtjtJw4ls1scbVP4TRHnKoZc\n" +
                "HPAird1fDYgGC2b0GQNAMABhI+L+ogxS7qakySpJCheuN25AjiSyilygQdlXoWRt\n" +
                "Mggsh8EQZT7iP4V4e9m3xRHzb5ECvsSTdZB1BQMcC90W2Avq+orqgBnr2in9UEd8\n" +
                "qwOBhAACgYAgVWxjYWlWIv7s4BnNMQoPKppi205f3aC6wv6Rqk4BnYYYrFONEmzQ\n" +
                "hzj6lSXfxLpTu4lg2zNeIraZggoS0ztkbZNNADEmAHx+OLshiJJxu2/KfoopJOZg\n" +
                "8ARmuaKOkWbkW9y4hWhfBlVwZbckG3Eibff0xronIXXy7B7UKaccyqNTMFEwHQYD\n" +
                "VR0OBBYEFOE8AVLr0Tj3z/HjXttUdX9eqy02MB8GA1UdIwQYMBaAFOE8AVLr0Tj3\n" +
                "z/HjXttUdX9eqy02MA8GA1UdEwEB/wQFMAMBAf8wCQYHKoZIzjgEAwMvADAsAhRC\n" +
                "YLduLniBEJ51SfBWIkvNW6OG7QIUSKaTY6rgEFDEMoTqOjFChR22nkk=\n" +
                "-----END CERTIFICATE-----",
                "MIIBSgIBADCCASsGByqGSM44BAEwggEeAoGBAKgyb2XpANq43T8yBf5v0PTBOddL\n" +
                "Pxd0f0FotASron5rQr86JjBTfgIWoE4u7nYlO6bp/M4Dw6qZr+HaDu9taIDOj6LL\n" +
                "51eUShVsOgS7XZcUzLT8vPnkEDDou326x0B7fuNCbMLm+ipM2d4FhLUTt4Qb5TcY\n" +
                "6l7dOGHeWiL7nl43AhUAoGr8DY2mWHZPHk2XbZ5wpaM2lLcCgYBKiFbFFViH/ylH\n" +
                "JRPtYtjtJw4ls1scbVP4TRHnKoZcHPAird1fDYgGC2b0GQNAMABhI+L+ogxS7qak\n" +
                "ySpJCheuN25AjiSyilygQdlXoWRtMggsh8EQZT7iP4V4e9m3xRHzb5ECvsSTdZB1\n" +
                "BQMcC90W2Avq+orqgBnr2in9UEd8qwQWAhQ7rSn+WvIxeuZ/CK4p04eMe5JzpA=="),
        CA_ED25519(
                "EdDSA",
                // ED25519
                // Validity
                //     Not Before: May 24 23:32:35 2020 GMT
                //     Not After : May 22 23:32:35 2030 GMT
                // X509v3 Authority Key Identifier:
                //     keyid:06:76:DB:88:EB:61:55:4C:C9:63:41:C2:A0:A8:57:3F:D7:F1:B8:EC
                "-----BEGIN CERTIFICATE-----\n" +
                "MIIByTCCAXugAwIBAgIUCyxKvhErehsygx50JYArsHby9hAwBQYDK2VwMDsxCzAJ\n" +
                "BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" +
                "U2VyaXZjZTAeFw0yMDA1MjQyMzMyMzVaFw0zMDA1MjIyMzMyMzVaMDsxCzAJBgNV\n" +
                "BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
                "aXZjZTAqMAUGAytlcAMhAKdotuYIkH8PYbopSLbaf1BtqUY2d6AbTgK2prMzQ6B3\n" +
                "o4GQMIGNMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAZ224jrYVVMyWNBwqCo\n" +
                "Vz/X8bjsMB8GA1UdIwQYMBaAFAZ224jrYVVMyWNBwqCoVz/X8bjsMA4GA1UdDwEB\n" +
                "/wQEAwIBhjAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAwYIKwYBBQUHAwgGCCsGAQUF\n" +
                "BwMJMAUGAytlcANBADVAArvME8xFigFhCCCOTBoy/4ldGkDZQ/GT3Q6xnAP558FU\n" +
                "0G32OprKQZP43D9bmFU0LMgCVM9bHWU+bu/10AU=\n" +
                "-----END CERTIFICATE-----",
                "MC4CAQAwBQYDK2VwBCIEII/VYp8nu/eqq2L5y7/3IzavBgis4LWP6Rikv0N8SpgL"),
        CA_ED448(
                "EdDSA",
                // ED448
                // Validity
                //     Not Before: May 24 23:23:43 2020 GMT
                //     Not After : May 22 23:23:43 2030 GMT
                // X509v3 Authority Key Identifier:
                //     keyid:F5:D5:9D:FB:6F:B7:50:29:DF:F0:B8:83:10:5F:9B:C4:A8:1C:E9:F4
                "-----BEGIN CERTIFICATE-----\n" +
                "MIICFDCCAZSgAwIBAgIUKcmLeKilq0LN40sniBJO7F1gb/owBQYDK2VxMDsxCzAJ\n" +
                "BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" +
                "U2VyaXZjZTAeFw0yMDA1MjQyMzIzNDNaFw0zMDA1MjIyMzIzNDNaMDsxCzAJBgNV\n" +
                "BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
                "aXZjZTBDMAUGAytlcQM6APYP8iSXS8xPVDike5RgCByfTtg4GGtpYfoBtt6G5szA\n" +
                "55ExAKjm03wtk29nEPU2mCHF2QgfBzUrgKOBkDCBjTAPBgNVHRMBAf8EBTADAQH/\n" +
                "MB0GA1UdDgQWBBT11Z37b7dQKd/wuIMQX5vEqBzp9DAfBgNVHSMEGDAWgBT11Z37\n" +
                "b7dQKd/wuIMQX5vEqBzp9DAOBgNVHQ8BAf8EBAMCAYYwKgYDVR0lAQH/BCAwHgYI\n" +
                "KwYBBQUHAwMGCCsGAQUFBwMIBggrBgEFBQcDCTAFBgMrZXEDcwAlRXA2gPb52yV3\n" +
                "MKJErjmKlYSFExj5w5jafbbd0QgI1yDs+qSaZLjQ8ljwabmLDg+KR+167m0djQDI\n" +
                "OOoVuL7bgM0RL836KnuuBzm+gTdPp0gCXy3k9lL0KA0V2YLJHXXzu3suu+7rdgoP\n" +
                "plCh2hWdLgA=\n" +
                "-----END CERTIFICATE-----",
                "MEcCAQAwBQYDK2VxBDsEOd6/hRZqkUyTlJSwdN5gO/HnoWYda1fD83YUm5j6m2Bg\n" +
                "hAQi+QadFsQLD7R6PI/4Q0twXqlKnxU5Ug=="),
        EE_ECDSA_SECP256R1(
                "EC",
                // SHA256withECDSA, curve secp256r1
                // Validity
                //     Not Before: May 22 07:18:16 2018 GMT
                //     Not After : May 17 07:18:16 2038 GMT
                // Authority Key Identifier:
                //     60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
                "-----BEGIN CERTIFICATE-----\n" +
                "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
                "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
                "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" +
                "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" +
                "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" +
                "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" +
                "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" +
                "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" +
                "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" +
                "-----END CERTIFICATE-----",
                "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" +
                "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" +
                "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6"),
        EE_ECDSA_SECP384R1(
                "EC",
                // SHA384withECDSA, curve secp384r1
                // Validity
                //     Not Before: Jun 24 08:15:06 2019 GMT
                //     Not After : Jun 19 08:15:06 2039 GMT
                // Authority Key Identifier:
                //     40:2D:AA:EE:66:AA:33:27:AD:9B:5D:52:9B:60:67:6A:2B:AD:52:D2
                "-----BEGIN CERTIFICATE-----\n" +
                "MIICEjCCAZegAwIBAgIUS3F0AqAXWRg07CnbknJzxofyBQMwCgYIKoZIzj0EAwMw\n" +
                "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
                "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" +
                "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" +
                "dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwdjAQBgcqhkjOPQIB\n" +
                "BgUrgQQAIgNiAARqElz8b6T07eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/w\n" +
                "G8ASSevpgqgpi6EzpBZaaJxE3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEj\n" +
                "iLjYmt3O0pwpklijQjBAMB0GA1UdDgQWBBRALaruZqozJ62bXVKbYGdqK61S0jAf\n" +
                "BgNVHSMEGDAWgBRKS1IUCtHWn/mZdXSTKjRHEhVr9TAKBggqhkjOPQQDAwNpADBm\n" +
                "AjEArVDFKf48xijN6huVUJzKCOP0zlWB5Js+DItIkZmLQuhciPLhLIB/rChf3Y4C\n" +
                "xuP4AjEAmfLhQRI0O3pifpYzYSVh2G7/jHNG4eO+2dvgAcU+Lh2IIj/cpLaPFSvL\n" +
                "J8FXY9Nj\n" +
                "-----END CERTIFICATE-----",
                "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDASuI9EtK29APXPipkc\n" +
                "qDA+qwlewMjv/OcjUJ77kP1Vz62oVF9iY9SRIyFIUju8wt+hZANiAARqElz8b6T0\n" +
                "7eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/wG8ASSevpgqgpi6EzpBZaaJxE\n" +
                "3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEjiLjYmt3O0pwpklg="),
        EE_ECDSA_SECP521R1(
                "EC",
                // SHA512withECDSA, curve secp521r1
                // Validity
                //     Not Before: Jun 24 08:15:06 2019 GMT
                //     Not After : Jun 19 08:15:06 2039 GMT
                // Authority Key Identifier:
                //     7B:AA:79:A4:49:DD:59:34:F0:86:6C:51:C7:30:F4:CE:C5:81:8A:28
                "-----BEGIN CERTIFICATE-----\n" +
                "MIICXDCCAb2gAwIBAgIUck4QTsbHNqUfPxfGPJLYbedFPdswCgYIKoZIzj0EAwQw\n" +
                "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
                "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" +
                "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" +
                "dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwgZswEAYHKoZIzj0C\n" +
                "AQYFK4EEACMDgYYABAGa2zDLhYQHHCLI3YBqFYJTzrnDIjzwXrxhcRTS8DYkcrjZ\n" +
                "+Fih1YyNhix0sdjH+3EqElXAHHuVzn3n3hPOtQCWlQCICkErB34S0cvmtRkeW8Fi\n" +
                "hrR5tvJEzEZjPSgwn81kKyhV2L70je6i7Cw884Va8bODckpgw0vTmbQb7T9dupkv\n" +
                "1aNCMEAwHQYDVR0OBBYEFHuqeaRJ3Vk08IZsUccw9M7FgYooMB8GA1UdIwQYMBaA\n" +
                "FEAivFrtaq2pQJ4cW4pEQML3aym9MAoGCCqGSM49BAMEA4GMADCBiAJCAb33KHdY\n" +
                "WDbusORWoY8Euglpd5zsF15hJsk7wtpD5HST1/NWmdCx405w+TV6a9Gr4VPHeaIQ\n" +
                "99i/+f237ALL5p6IAkIBbwwFL1vt3c/bx+niyuffQPNjly80rdC9puqAqriSiboS\n" +
                "efhxjidJ9HLaIRCMEPyd6vAsC8mO8YvL1uCuEQLsiGM=\n" +
                "-----END CERTIFICATE-----",
                "MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIB8C/2OX2Dt9vFszzV\n" +
                "hcAe0CbkMlvu9uQ/L7Vz88heuIj0rUZIPGshvgIJt1hCMT8HZxYHvDa4lbUvqjFB\n" +
                "+zafvPWhgYkDgYYABAGa2zDLhYQHHCLI3YBqFYJTzrnDIjzwXrxhcRTS8DYkcrjZ\n" +
                "+Fih1YyNhix0sdjH+3EqElXAHHuVzn3n3hPOtQCWlQCICkErB34S0cvmtRkeW8Fi\n" +
                "hrR5tvJEzEZjPSgwn81kKyhV2L70je6i7Cw884Va8bODckpgw0vTmbQb7T9dupkv\n" +
                "1Q=="),
        EE_RSA_2048(
                "RSA",
                // SHA256withRSA, 2048 bits
                // Validity
                //     Not Before: May 22 07:18:16 2018 GMT
                //     Not After : May 17 07:18:16 2038 GMT
                // Authority Key Identifier:
                //     0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C
                "-----BEGIN CERTIFICATE-----\n" +
                "MIIDNjCCAh6gAwIBAgIJAO2+yPcFryUTMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
                "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
                "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYT\n" +
                "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
                "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n" +
                "AQ8AMIIBCgKCAQEAszfBobWfZIp8AgC6PiWDDavP65mSvgCXUGxACbxVNAfkLhNR\n" +
                "QOsHriRB3X1Q3nvO9PetC6wKlvE9jlnDDj7D+1j1r1CHO7ms1fq8rfcQYdkanDtu\n" +
                "4AlHo8v+SSWX16MIXFRYDj2VVHmyPtgbltcg4zGAuwT746FdLI94uXjJjq1IOr/v\n" +
                "0VIlwE5ORWH5Xc+5Tj+oFWK0E4a4GHDgtKKhn2m72hN56/GkPKGkguP5NRS1qYYV\n" +
                "/EFkdyQMOV8J1M7HaicSft4OL6eKjTrgo93+kHk+tv0Dc6cpVBnalX3TorG8QI6B\n" +
                "cHj1XQd78oAlAC+/jF4pc0mwi0un49kdK9gRfQIDAQABoyMwITAfBgNVHSMEGDAW\n" +
                "gBQN3ZPJ/ku9NbfomXiQ+9taPdsVTDANBgkqhkiG9w0BAQsFAAOCAQEApXS0nKwm\n" +
                "Kp8gpmO2yG1rpd1+2wBABiMU4JZaTqmma24DQ3RzyS+V2TeRb29dl5oTUEm98uc0\n" +
                "GPZvhK8z5RFr4YE17dc04nI/VaNDCw4y1NALXGs+AHkjoPjLyGbWpi1S+gfq2sNB\n" +
                "Ekkjp6COb/cb9yiFXOGVls7UOIjnVZVd0r7KaPFjZhYh82/f4PA/A1SnIKd1+nfH\n" +
                "2yk7mSJNC7Z3qIVDL8MM/jBVwiC3uNe5GPB2uwhd7k5LGAVN3j4HQQGB0Sz+VC1h\n" +
                "92oi6xDa+YBva2fvHuCd8P50DDjxmp9CemC7rnZ5j8egj88w14X44Xjb/Fd/ApG9\n" +
                "e57NnbT7KM+Grw==\n" +
                "-----END CERTIFICATE-----",
                "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzN8GhtZ9kinwC\n" +
                "ALo+JYMNq8/rmZK+AJdQbEAJvFU0B+QuE1FA6weuJEHdfVDee870960LrAqW8T2O\n" +
                "WcMOPsP7WPWvUIc7uazV+ryt9xBh2RqcO27gCUejy/5JJZfXowhcVFgOPZVUebI+\n" +
                "2BuW1yDjMYC7BPvjoV0sj3i5eMmOrUg6v+/RUiXATk5FYfldz7lOP6gVYrQThrgY\n" +
                "cOC0oqGfabvaE3nr8aQ8oaSC4/k1FLWphhX8QWR3JAw5XwnUzsdqJxJ+3g4vp4qN\n" +
                "OuCj3f6QeT62/QNzpylUGdqVfdOisbxAjoFwePVdB3vygCUAL7+MXilzSbCLS6fj\n" +
                "2R0r2BF9AgMBAAECggEASIkPkMCuw4WdTT44IwERus3IOIYOs2IP3BgEDyyvm4B6\n" +
                "JP/iihDWKfA4zEl1Gqcni1RXMHswSglXra682J4kui02Ov+vzEeJIY37Ibn2YnP5\n" +
                "ZjRT2s9GtI/S2o4hl8A/mQb2IMViFC+xKehTukhV4j5d6NPKk0XzLR7gcMjnYxwn\n" +
                "l21fS6D2oM1xRG/di7sL+uLF8EXLRzfiWDNi12uQv4nwtxPKvuKhH6yzHt7YqMH0\n" +
                "46pmDKDaxV4w1JdycjCb6NrCJOYZygoQobuZqOQ30UZoZsPJrtovkncFr1e+lNcO\n" +
                "+aWDfOLCtTH046dEQh5oCShyXMybNlry/QHsOtHOwQKBgQDh2iIjs+FPpQy7Z3EX\n" +
                "DGEvHYqPjrYO9an2KSRr1m9gzRlWYxKY46WmPKwjMerYtra0GP+TBHrgxsfO8tD2\n" +
                "wUAII6sd1qup0a/Sutgf2JxVilLykd0+Ge4/Cs51tCdJ8EqDV2B6WhTewOY2EGvg\n" +
                "JiKYkeNwgRX/9M9CFSAMAk0hUQKBgQDLJAartL3DoGUPjYtpJnfgGM23yAGl6G5r\n" +
                "NSXDn80BiYIC1p0bG3N0xm3yAjqOtJAUj9jZbvDNbCe3GJfLARMr23legX4tRrgZ\n" +
                "nEdKnAFKAKL01oM+A5/lHdkwaZI9yyv+hgSVdYzUjB8rDmzeVQzo1BT7vXypt2yV\n" +
                "6O1OnUpCbQKBgA/0rzDChopv6KRcvHqaX0tK1P0rYeVQqb9ATNhpf9jg5Idb3HZ8\n" +
                "rrk91BNwdVz2G5ZBpdynFl9G69rNAMJOCM4KZw5mmh4XOEq09Ivba8AHU7DbaTv3\n" +
                "7QL7KnbaUWRB26HHzIMYVh0el6T+KADf8NXCiMTr+bfpfbL3dxoiF3zhAoGAbCJD\n" +
                "Qse1dBs/cKYCHfkSOsI5T6kx52Tw0jS6Y4X/FOBjyqr/elyEexbdk8PH9Ar931Qr\n" +
                "NKMvn8oA4iA/PRrXX7M2yi3YQrWwbkGYWYjtzrzEAdzmg+5eARKAeJrZ8/bg9l3U\n" +
                "ttKaItJsDPlizn8rngy3FsJpR9aSAMK6/+wOiYkCgYEA1tZkI1rD1W9NYZtbI9BE\n" +
                "qlJVFi2PBOJMKNuWdouPX3HLQ72GJSQff2BFzLTELjweVVJ0SvY4IipzpQOHQOBy\n" +
                "5qh/p6izXJZh3IHtvwVBjHoEVplg1b2+I5e3jDCfqnwcQw82dW5SxOJMg1h/BD0I\n" +
                "qAL3go42DYeYhu/WnECMeis="),
        EE_EC_RSA_SECP256R1(
                "EC",
                // SHA256withRSA, curve secp256r1
                // Validity
                //     Not Before: May 22 07:18:16 2018 GMT
                //     Not After : May 21 07:18:16 2028 GMT
                // Authority Key Identifier:
                //     0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C
                "-----BEGIN CERTIFICATE-----\n" +
                "MIICazCCAVOgAwIBAgIJAO2+yPcFryUUMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
                "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
                "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0yODA1MjEwNzE4MTZaMFUxCzAJBgNVBAYT\n" +
                "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
                "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" +
                "AQcDQgAE59MERNTlVZ1eeps8Z3Oue5ZkgQdPtD+WIE6tj3PbIKpxGPDxvfNP959A\n" +
                "yQjEK/ehWQVrCMmNoEkIzY+IIBgB06MjMCEwHwYDVR0jBBgwFoAUDd2Tyf5LvTW3\n" +
                "6Jl4kPvbWj3bFUwwDQYJKoZIhvcNAQELBQADggEBAFOTVEqs70ykhZiIdrEsF1Ra\n" +
                "I3B2rLvwXZk52uSltk2/bzVvewA577ZCoxQ1pL7ynkisPfBN1uVYtHjM1VA3RC+4\n" +
                "+TAK78dnI7otYjWoHp5rvs4l6c/IbOspS290IlNuDUxMErEm5wxIwj+Aukx/1y68\n" +
                "hOyCvHBLMY2c1LskH1MMBbDuS1aI+lnGpToi+MoYObxGcV458vxuT8+wwV8Fkpvd\n" +
                "ll8IIFmeNPRv+1E+lXbES6CSNCVaZ/lFhPgdgYKleN7sfspiz50DG4dqafuEAaX5\n" +
                "xaK1NWXJxTRz0ROH/IUziyuDW6jphrlgit4+3NCzp6vP9hAJQ8Vhcj0n15BKHIQ=\n" +
                "-----END CERTIFICATE-----",
                "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGVc7hICpmp91jbYe\n" +
                "nrr8nYHD37RZP3VENY+szuA7WjuhRANCAATn0wRE1OVVnV56mzxnc657lmSBB0+0\n" +
                "P5YgTq2Pc9sgqnEY8PG980/3n0DJCMQr96FZBWsIyY2gSQjNj4ggGAHT"),
        EE_DSA_2048(
                "DSA",
                // SHA256withDSA, 2048 bits
                // Validity
                //     Not Before: May 22 07:18:20 2018 GMT
                //     Not After : May 17 07:18:20 2038 GMT
                // Authority Key Identifier:
                //     76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53
                "-----BEGIN CERTIFICATE-----\n" +
                "MIIEnDCCBEGgAwIBAgIJAP/jh1qVhNVjMAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" +
                "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" +
                "Y2UwHhcNMTgwNTIyMDcxODIwWhcNMzgwNTE3MDcxODIwWjBVMQswCQYDVQQGEwJV\n" +
                "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Ux\n" +
                "GDAWBgNVBAMMD1JlZ3Jlc3Npb24gVGVzdDCCA0cwggI6BgcqhkjOOAQBMIICLQKC\n" +
                "AQEAmlavgoJrMcjqWRVcDE2dmWAPREgnzQvneEDef68cprDzjSwvOs5QeFyx75ib\n" +
                "ado1e6jO/rW1prCGWHDD1oA/Tn4Pk3vu0nUxzvl1qATc+aJbpUU5Op0bvp6LbCsQ\n" +
                "QslV9FeRh7Eb7bP6gpc/kHCBzEgC1VCK7prccXWy+t6SMOHbND3h+UbckfSaUuaV\n" +
                "sVJNTD1D6GElfRj4Nmz1BGPfSYvKorwNZEU3gXwFgtDoAcGx7tcyClLpDHfqRfw/\n" +
                "7yiqLyeiP7D4hl5lMNouJWDlAdMFp0FMgS3s9VDFinIcr6VtBWMTG7+4+czHAB+3\n" +
                "fvrwlqNzhBn3uFHrekN/w8fNxwIhAJo7Sae1za7IMW0Q6hE5B4b+s2B/FaKPoA4E\n" +
                "jtZu13B9AoIBAQCOZqLMKfvqZWUgT0PQ3QjR7dAFdd06I9Y3+TOQzZk1+j+vw/6E\n" +
                "X4vFItX4gihb/u5Q9CdmpwhVGi7bvo+7+/IKeTgoQ6f5+PSug7SrWWUQ5sPwaZui\n" +
                "zXZJ5nTeZDucFc2yFx0wgnjbPwiUxZklOT7xGiOMtzOTa2koCz5KuIBL+/wPKKxm\n" +
                "ypo9VoY9xfbdU6LMXZv/lpD5XTM9rYHr/vUTNkukvV6Hpm0YMEWhVZKUJiqCqTqG\n" +
                "XHaleOxSw6uQWB/+TznifcC7gB48UOQjCqOKf5VuwQneJLhlhU/jhRV3xtr+hLZa\n" +
                "hW1wYhVi8cjLDrZFKlgEQqhB4crnJU0mJY+tA4IBBQACggEAID0ezl00/X8mv7eb\n" +
                "bzovum1+DEEP7FM57k6HZEG2N3ve4CW+0m9Cd+cWPz8wkZ+M0j/Eqa6F0IdbkXEc\n" +
                "Q7CuzvUyJ57xQ3L/WCgXsiS+Bh8O4Mz7GwW22CGmHqafbVv+hKBfr8MkskO6GJUt\n" +
                "SUF/CVLzB4gMIvZMH26tBP2xK+i7FeEK9kT+nGdzQSZBAhFYpEVCBplHZO24/OYq\n" +
                "1DNoU327nUuXIhmsfA8N0PjiWbIZIjTPwBGr9H0LpATI7DIDNcvRRvtROP+pBU9y\n" +
                "fuykPkptg9C0rCM9t06bukpOSaEz/2VIQdLE8fHYFA6pHZ6CIc2+5cfvMgTPhcjz\n" +
                "W2jCt6MjMCEwHwYDVR0jBBgwFoAUdmae9zvdReU72XI8P/BUOYYxJlMwCwYJYIZI\n" +
                "AWUDBAMCA0gAMEUCIQCeI5fN08b9BpOaHdc3zQNGjp24FOL/RxlBLeBAorswJgIg\n" +
                "JEZ8DhYxQy1O7mmZ2UIT7op6epWMB4dENjs0qWPmcKo=\n" +
                "-----END CERTIFICATE-----",
                "MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQCaVq+CgmsxyOpZFVwMTZ2ZYA9E\n" +
                "SCfNC+d4QN5/rxymsPONLC86zlB4XLHvmJtp2jV7qM7+tbWmsIZYcMPWgD9Ofg+T\n" +
                "e+7SdTHO+XWoBNz5olulRTk6nRu+notsKxBCyVX0V5GHsRvts/qClz+QcIHMSALV\n" +
                "UIrumtxxdbL63pIw4ds0PeH5RtyR9JpS5pWxUk1MPUPoYSV9GPg2bPUEY99Ji8qi\n" +
                "vA1kRTeBfAWC0OgBwbHu1zIKUukMd+pF/D/vKKovJ6I/sPiGXmUw2i4lYOUB0wWn\n" +
                "QUyBLez1UMWKchyvpW0FYxMbv7j5zMcAH7d++vCWo3OEGfe4Uet6Q3/Dx83HAiEA\n" +
                "mjtJp7XNrsgxbRDqETkHhv6zYH8Voo+gDgSO1m7XcH0CggEBAI5moswp++plZSBP\n" +
                "Q9DdCNHt0AV13Toj1jf5M5DNmTX6P6/D/oRfi8Ui1fiCKFv+7lD0J2anCFUaLtu+\n" +
                "j7v78gp5OChDp/n49K6DtKtZZRDmw/Bpm6LNdknmdN5kO5wVzbIXHTCCeNs/CJTF\n" +
                "mSU5PvEaI4y3M5NraSgLPkq4gEv7/A8orGbKmj1Whj3F9t1Tosxdm/+WkPldMz2t\n" +
                "gev+9RM2S6S9XoembRgwRaFVkpQmKoKpOoZcdqV47FLDq5BYH/5POeJ9wLuAHjxQ\n" +
                "5CMKo4p/lW7BCd4kuGWFT+OFFXfG2v6EtlqFbXBiFWLxyMsOtkUqWARCqEHhyucl\n" +
                "TSYlj60EIgIgLfA75+8KcKxdN8mr6gzGjQe7jPFGG42Ejhd7Q2F4wuw="),
        EE_DSA_1024(
                "DSA",
                // dsaWithSHA1, 1024 bits
                // Validity
                //     Not Before: Apr 24 12:25:43 2020 GMT
                //     Not After : Apr 22 12:25:43 2030 GMT
                // Authority Key Identifier:
                //     E1:3C:01:52:EB:D1:38:F7:CF:F1:E3:5E:DB:54:75:7F:5E:AB:2D:36
                "-----BEGIN CERTIFICATE-----\n" +
                "MIIDADCCAr+gAwIBAgIUd2XJ5F2VTbk9a92w/NzLXR5zjUQwCQYHKoZIzjgEAzAu\n" +
                "MQswCQYDVQQGEwJVUzENMAsGA1UECgwESmF2YTEQMA4GA1UECwwHU3VuSlNTRTAe\n" +
                "Fw0yMDA0MjQxMjI1NDNaFw0zMDA0MjIxMjI1NDNaMEgxCzAJBgNVBAYTAlVTMQ0w\n" +
                "CwYDVQQKDARKYXZhMRAwDgYDVQQLDAdTdW5KU1NFMRgwFgYDVQQDDA9SZWdyZXNz\n" +
                "aW9uIFRlc3QwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA7fSkxYISlMJT+i8N5VOb\n" +
                "lHhjrPYAy3oR2/YXQW6T0hCMhm8jmxgk1bDId9ZKHrxsM05EkCtRYaqag4ZZeGde\n" +
                "ywv3IwwYqCQfGtkPwT9QAsdSABYwGOrlhEtZtBG1yQ44c+Rz/Vs+PtkAyZbf5VG1\n" +
                "iSxFb9bI5QFJWJ9a2VpZh58CFQCCGALQoK4MsQP8V72WlB7Bvt9erwKBgQDCxu0G\n" +
                "M2iZr0J8DaAo9/ChS4m7E7h6Jz9KOm2cFhzYGekkUXNzny7nyz6Qpgbuf8KNFKjt\n" +
                "qoUDC8tlcVQAUlTcESC0TZXR3h21hl9wzIBhE+kJ1j8v1KAxfOaJOxObk5QEvIaA\n" +
                "5j+jiHGwRS5tDqywOatz+emwMZv1wKnCNBElNgOBhAACgYBHjuQKucCuuvy/4DpG\n" +
                "rSIzdueK+HrzOW8h2pfvz3lzpsyV6XJPC6we9CjaQjU01VcjwN2PoYtbGyml0pbK\n" +
                "We4sdgn6LDL1aCM/WKRSxGHVTx+wkhKQ719YtiC0T6sA+eLirc6VT3/6+FbQWC+2\n" +
                "bG7N19sGpV/RAXMBpRXUnBJSQaNCMEAwHQYDVR0OBBYEFNNZxyxuQmKvWowofr/S\n" +
                "HdCIS+W8MB8GA1UdIwQYMBaAFOE8AVLr0Tj3z/HjXttUdX9eqy02MAkGByqGSM44\n" +
                "BAMDMAAwLQIUUzzMhZ9St/Vo/YdgNTHdTw4cm14CFQCE6tWG157Wl5YFyYsGHsLY\n" +
                "NN8uCA==\n" +
                "-----END CERTIFICATE-----",
                "MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAO30pMWCEpTCU/ovDeVTm5R4Y6z2\n" +
                "AMt6Edv2F0Fuk9IQjIZvI5sYJNWwyHfWSh68bDNORJArUWGqmoOGWXhnXssL9yMM\n" +
                "GKgkHxrZD8E/UALHUgAWMBjq5YRLWbQRtckOOHPkc/1bPj7ZAMmW3+VRtYksRW/W\n" +
                "yOUBSVifWtlaWYefAhUAghgC0KCuDLED/Fe9lpQewb7fXq8CgYEAwsbtBjNoma9C\n" +
                "fA2gKPfwoUuJuxO4eic/SjptnBYc2BnpJFFzc58u58s+kKYG7n/CjRSo7aqFAwvL\n" +
                "ZXFUAFJU3BEgtE2V0d4dtYZfcMyAYRPpCdY/L9SgMXzmiTsTm5OUBLyGgOY/o4hx\n" +
                "sEUubQ6ssDmrc/npsDGb9cCpwjQRJTYEFgIUNRiLmNzfTYOuVsjkySPzP5gPImM="),
        EE_ED25519(
                "EdDSA",
                // ED25519
                // Validity
                //     Not Before: May 24 23:32:36 2020 GMT
                //     Not After : May 22 23:32:36 2030 GMT
                // X509v3 Authority Key Identifier:
                //     keyid:06:76:DB:88:EB:61:55:4C:C9:63:41:C2:A0:A8:57:3F:D7:F1:B8:EC
                "-----BEGIN CERTIFICATE-----\n" +
                "MIIBlDCCAUagAwIBAgIUFTt/jcgQ65nhTG8LkrWFJhhEGuwwBQYDK2VwMDsxCzAJ\n" +
                "BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" +
                "U2VyaXZjZTAeFw0yMDA1MjQyMzMyMzZaFw0zMDA1MjIyMzMyMzZaMFUxCzAJBgNV\n" +
                "BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
                "aXZjZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MCowBQYDK2VwAyEAGAYQmKb7\n" +
                "WNYpVxIdsc49lI1emNjF06/Jl85zlG0wc9OjQjBAMB0GA1UdDgQWBBQkJ2E4/S8Z\n" +
                "EIM1v9uTc0eYtYNk3zAfBgNVHSMEGDAWgBQGdtuI62FVTMljQcKgqFc/1/G47DAF\n" +
                "BgMrZXADQQCVZnl/AyIEtZ8r45e/hcfxwuezgRX+7e9NHZFV1A/TMGcBRORDfDUi\n" +
                "bbh72K528fjT7P4/WoXvm1zJKOAzUOUL\n" +
                "-----END CERTIFICATE-----",
                "MC4CAQAwBQYDK2VwBCIEIGBmdh4tfc0lng/LWokhfFLlo0ZlmTn2lbI639qou2KP"),
        EE_ED448(
                "EdDSA",
                // ED448
                // Validity
                //     Not Before: May 24 23:23:43 2020 GMT
                //     Not After : May 22 23:23:43 2030 GMT
                // X509v3 Authority Key Identifier:
                //     keyid:F5:D5:9D:FB:6F:B7:50:29:DF:F0:B8:83:10:5F:9B:C4:A8:1C:E9:F4
                "-----BEGIN CERTIFICATE-----\n" +
                "MIIB3zCCAV+gAwIBAgIUNlWzFrH2+BILqM3SNYQjKoY98S8wBQYDK2VxMDsxCzAJ\n" +
                "BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" +
                "U2VyaXZjZTAeFw0yMDA1MjQyMzIzNDNaFw0zMDA1MjIyMzIzNDNaMFUxCzAJBgNV\n" +
                "BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
                "aXZjZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MEMwBQYDK2VxAzoAoIubPNAg\n" +
                "F11u3MQ5d9wujg10+80I0xzYzTqzzXrfJNtw+eU8NbUk86xiCvlMzJRH0Oo3DbY8\n" +
                "NAKAo0IwQDAdBgNVHQ4EFgQUUiI1+qT1x+HsDgfZRIU6hUaAbmUwHwYDVR0jBBgw\n" +
                "FoAU9dWd+2+3UCnf8LiDEF+bxKgc6fQwBQYDK2VxA3MAx8P0mle08s5YDd/p58dt\n" +
                "yORqvDPwo5IYPasqN8Zeen1B9u1xF/kvDGFxCJ6D9Gi4ynnDx0FZFMkA83evZcxJ\n" +
                "+X+swt7FyHwXrdkZcvjRKEcsWhkj+0FlxYF/NZzLTGuGIPYJnRLEwf/zr+5NDxKs\n" +
                "fCoA\n" +
                "-----END CERTIFICATE-----",
                "MEcCAQAwBQYDK2VxBDsEOfbhmUSuKP9WCO7Nr6JxVq5rfJESk1MNMyYhC134SiAP\n" +
                "Suw0Cu7RZVadpfPR7Kiwb2b/JXjMdY1HAA==");
        final String keyAlgo;
        final String certStr;
        final String privKeyStr;
        Cert(String keyAlgo, String certStr, String privKeyStr) {
            this.keyAlgo = keyAlgo;
            this.certStr = certStr;
            this.privKeyStr = privKeyStr;
        }
    }
 }
--- a/test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java
+++ b/test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java
@ -53,7 +53,7 @@ import java.util.Arrays;
 * (wrap/unwrap) pass before any application data is consumed or
 * produced.
 */
-public class AlpnGreaseTest implements SSLContextTemplate {
+public class AlpnGreaseTest extends SSLContextTemplate {
    private final SSLEngine clientEngine;     // client Engine
    private final ByteBuffer clientOut;       // write side of clientEngine
--- a/test/jdk/sun/security/ssl/CipherSuite/DisabledCurve.java
+++ b/test/jdk/sun/security/ssl/CipherSuite/DisabledCurve.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -48,21 +48,23 @@ public class DisabledCurve extends SSLSocketTemplate {
            { { "TLSv1.2" }, { "TLSv1.2" } }, { { "TLSv1.1" }, { "TLSv1.1" } },
            { { "TLSv1" }, { "TLSv1" } } };
    @Override
    protected SSLContext createClientSSLContext() throws Exception {
        return createSSLContext(
-                new SSLSocketTemplate.Cert[] {
+                new SSLContextTemplate.Cert[] {
-                        SSLSocketTemplate.Cert.CA_ECDSA_SECP384R1 },
+                        SSLContextTemplate.Cert.CA_ECDSA_SECP384R1 },
-                new SSLSocketTemplate.Cert[] {
+                new SSLContextTemplate.Cert[] {
-                        SSLSocketTemplate.Cert.EE_ECDSA_SECP384R1 },
+                        SSLContextTemplate.Cert.EE_ECDSA_SECP384R1 },
                getClientContextParameters());
    }
    @Override
    protected SSLContext createServerSSLContext() throws Exception {
        return createSSLContext(
-                new SSLSocketTemplate.Cert[] {
+                new SSLContextTemplate.Cert[] {
-                        SSLSocketTemplate.Cert.CA_ECDSA_SECP384R1 },
+                        SSLContextTemplate.Cert.CA_ECDSA_SECP384R1 },
-                new SSLSocketTemplate.Cert[] {
+                new SSLContextTemplate.Cert[] {
-                        SSLSocketTemplate.Cert.EE_ECDSA_SECP384R1 },
+                        SSLContextTemplate.Cert.EE_ECDSA_SECP384R1 },
                getServerContextParameters());
    }
--- a/test/jdk/sun/security/ssl/CipherSuite/RestrictSignatureScheme.java
+++ b/test/jdk/sun/security/ssl/CipherSuite/RestrictSignatureScheme.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -28,21 +28,12 @@
 * @summary Restrict signature algorithms and named groups
 * @run main/othervm RestrictSignatureScheme
 */
-import java.io.ByteArrayInputStream;
+
 import java.security.KeyFactory;
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.Security;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.Arrays;
 import java.util.Base64;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLServerSocket;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.SSLException;
 public class RestrictSignatureScheme extends SSLSocketTemplate {
@ -58,16 +49,20 @@ public class RestrictSignatureScheme extends SSLSocketTemplate {
    private final SSLContext context;
    RestrictSignatureScheme() throws Exception {
-        this.context = createSSLContext();
+        this.context = createSSLContext(
                new Cert[]{Cert.EE_RSASSA_PSS},
                new Cert[]{Cert.EE_RSASSA_PSS},
                new ContextParameters("TLS", "PKIX", "NewSunX509")
        );
    }
    @Override
-    protected SSLContext createClientSSLContext() throws Exception {
+    public SSLContext createClientSSLContext() throws Exception {
        return context;
    }
    @Override
-    protected SSLContext createServerSSLContext() throws Exception {
+    public SSLContext createServerSSLContext() throws Exception {
        return context;
    }
@ -117,116 +112,4 @@ public class RestrictSignatureScheme extends SSLSocketTemplate {
            throw new Exception("The test case should be disabled");
        }
    }
    private static final String trustedCertStr =
        /**
        * Signature Algorithm: rsassaPss
        * Issuer: CN = localhost
        * Validity Not Before: Jun 6 07:11:00 2018 GMT
        * Not After : Jun 1 07:11:00 2038 GMT
        * Subject: CN = localhost
        * Public Key Algorithm: rsassaPss
        */
       "-----BEGIN CERTIFICATE-----\n"
       + "MIIDZjCCAh2gAwIBAgIUHxwPs3eAgJ057nJwiLgWZWeNqdgwPgYJKoZIhvcNAQEK\n"
       + "MDGgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogQC\n"
       + "AgDeMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xODA2MDYwNzExMDBaFw0zODA2\n"
       + "MDEwNzExMDBaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASAwCwYJKoZIhvcNAQEK\n"
       + "A4IBDwAwggEKAoIBAQCl8r4Qrg27BYUO/1Va2Ix8QPGzN/lvzmKvP5Ff26ovNW4v\n"
       + "RUx68HzAhhiWtcl+PwLSbJqJreEkTlle7PnRAypby3fO7ZAK0Y3YiHquaBg7d+7Y\n"
       + "FhhHwv8gG0lZcyA0BkXFJHqdq76qar0xHC6DVezXm0K3mcceymGtFR9BzWmAj+7D\n"
       + "YsSwvtTQ7WNoQmf0cdDMSM71IwaTwIwvT2wzX1vv5hcdDyXdr64WFqWSA9sNJ2K6\n"
       + "arxaaU1klwKSgDokF6njafWQ4UxdR67d5W1MYoiioDs2Yy3utsMpO2OUzZVBZNdT\n"
       + "gkr1jsJhIurpz/5K51lwJIRQBezEFSb+60AFVoMJAgMBAAGjUDBOMB0GA1UdDgQW\n"
       + "BBQfFit5ilWJmZgCX4QY0HsaI9iIDDAfBgNVHSMEGDAWgBQfFit5ilWJmZgCX4QY\n"
       + "0HsaI9iIDDAMBgNVHRMEBTADAQH/MD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZIAWUD\n"
       + "BAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3gOCAQEAa4yUQ3gh\n"
       + "d1YWPdEa1sv2hdkhtenw6m5yxbmaQl2+nIKSpk4RfpXC7K1EYwBF8TdfFbD8hGGh\n"
       + "5n81BT0/dn1R9SRGCv7KTxx4lfQt31frlsw/tVciwyXQtcUZ6DqfnLP0/aRVLNgx\n"
       + "zaP542JUHFYLTC3EGz2zUgv70ZUTlIsPG3/p8YO1iXdnYGQyzOuQPUBpI7nS7UtR\n"
       + "Ug8VE9ACpBxxI3qChMahFZGHlXCCSjSmxpQa6UO4SQl8q5tPNnqdzWwvAW8qkCy4\n"
       + "6barRQ4sMcGayhHh/uSTx7bcl0FMJpcI1ygbw7/Pc03zKtw0gMTBMns7q4yXjb/u\n"
       + "ef47nW0t+LRAAg==\n"
       + "-----END CERTIFICATE-----\n";
    private static final String keyCertStr = trustedCertStr;
    private static final String privateKey =
        "MIIEuwIBADALBgkqhkiG9w0BAQoEggSnMIIEowIBAAKCAQEApfK+EK4NuwWFDv9V\n"
        + "WtiMfEDxszf5b85irz+RX9uqLzVuL0VMevB8wIYYlrXJfj8C0myaia3hJE5ZXuz5\n"
        + "0QMqW8t3zu2QCtGN2Ih6rmgYO3fu2BYYR8L/IBtJWXMgNAZFxSR6nau+qmq9MRwu\n"
        + "g1Xs15tCt5nHHsphrRUfQc1pgI/uw2LEsL7U0O1jaEJn9HHQzEjO9SMGk8CML09s\n"
        + "M19b7+YXHQ8l3a+uFhalkgPbDSdiumq8WmlNZJcCkoA6JBep42n1kOFMXUeu3eVt\n"
        + "TGKIoqA7NmMt7rbDKTtjlM2VQWTXU4JK9Y7CYSLq6c/+SudZcCSEUAXsxBUm/utA\n"
        + "BVaDCQIDAQABAoIBAAc4vRS0vlw5LUUtz2UYr2Ro3xvRf8Vh0eGWfpkRUiKjzJu6\n"
        + "BE4FUSh/rWpBlvcrfs/xcfgz3OxbjIAZB/YUkS9Vd21F4VLXM7kMl2onlYZg/b/h\n"
        + "lkTpM3kONu7xl6Er9LVTlRJveuinpHwSoeONRbVMSGb9BjFM1VtW4/lVGxZBG05D\n"
        + "y9i/o4vCZqULn9cAumOwicKuCyTcS58XcMJ+puSPfRA71PYLxqFkASAoJsUwCXpo\n"
        + "gs39lLsIFgrfO8mBO1ux/SE+QaRc+9XqFSHHKD1XqF/9zSYBgWjE910EcpdYEdZx\n"
        + "GEkwea7Fn4brO5OpIrHY/45naqbUOBzv6gufMAECgYEAz7PHCdcrQvmOb8EiNbQH\n"
        + "uvSimwObWJFeN1ykp6mfRbSnkXw7p8+M4Tc8HFi8QLpoq63Ev2AwoaQCQvHbFC2Y\n"
        + "1Cz0EkC0aOp+tZP7U2AUBdkcDesZAJQTad0zV6KesyIUXdxZXDG8JJ1XSNWfTJV4\n"
        + "QD+BjLZ0jiAyCIfVYvWQqYkCgYEAzIln1nKTixLMPr5CldSmR7ZarEtPJU+hHwVg\n"
        + "dV/Lc6d2Yy9JgunOXRo4BXB1TEo8JFbK3HBQH6tS8li4qDr7WK5wyYfh8qb4WZyu\n"
        + "lc562f2WVYntcN8/Ojb+Vyrt7lk9sq/8KoVHxEAWd6mqL9VTPYuAu1Vw9fTGIZfB\n"
        + "lDeELYECgYAvdzU4UXzofGGJtohb332YwwlaBZP9xJLUcg6K5l+orWVSASMc8XiP\n"
        + "i3DoRXsYC8GZ4kdBOPlEJ1gA9oaLcPQpIPDSLwlLpLM6Scw4vI822uvnXl/DWxOo\n"
        + "sM1n7Jj59QLUhGPDhvYpI+/rjC4wcUQe4qR3hMbUKBVnD6u7RsU9iQKBgQCQ17VK\n"
        + "7bSCRfuRaxaoGADww7gOTv5rQ6qr1xjpxb7D1hFGR9Rc+smCsPB/GZZXQjK44SWj\n"
        + "WX3ED4Ubzaxmpe4cbNu+O5XMSmWQwB36RFBHUwdE5/nXdqDFzu/qNqJrqZLBmVKP\n"
        + "ofaiiWffsaytVvotmT6+atElvAMbAua42V+nAQKBgHtIn3mYMHLriYGhQzpkFEA2\n"
        + "8YcAMlKppueOMAKVy8nLu2r3MidmLAhMiKJQKG45I3Yg0/t/25tXLiOPJlwrOebh\n"
        + "xQqUBI/JUOIpGAEnr48jhOXnCS+i+z294G5U/RgjXrlR4bCPvrtCmwzWwe0h79w2\n"
        + "Q2hO5ZTW6UD9CVA85whf";
    private static SSLContext createSSLContext() throws Exception {
        // Generate certificate from cert string
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        // Create a key store
        KeyStore ts = KeyStore.getInstance("PKCS12");
        KeyStore ks = KeyStore.getInstance("PKCS12");
        ts.load(null, null);
        ks.load(null, null);
        char passphrase[] = "passphrase".toCharArray();
        // Import the trusted cert
        ts.setCertificateEntry("trusted-cert-RSASSA-PSS",
                cf.generateCertificate(new ByteArrayInputStream(
                        trustedCertStr.getBytes())));
        boolean hasKeyMaterials = keyCertStr != null && privateKey != null;
        if (hasKeyMaterials) {
            // Generate the private key.
            PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
                    Base64.getMimeDecoder().decode(privateKey));
            KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS");
            PrivateKey priKey = kf.generatePrivate(priKeySpec);
            // Generate certificate chain
            Certificate keyCert = cf.generateCertificate(
                    new ByteArrayInputStream(keyCertStr.getBytes()));
            Certificate[] chain = new Certificate[]{keyCert};
            // Import the key entry.
            ks.setKeyEntry("cert-RSASSA-PSS", priKey, passphrase, chain);
        }
        // Create SSL context
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
        tmf.init(ts);
        SSLContext context = SSLContext.getInstance("TLS");
        if (hasKeyMaterials) {
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
            kmf.init(ks, passphrase);
            context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
        } else {
            context.init(null, tmf.getTrustManagers(), null);
        }
        return context;
    }
 }
--- a/test/jdk/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java
+++ b/test/jdk/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java
@ -30,7 +30,7 @@
 * @test
 * @bug 7031830
 * @summary bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine
- * @library /test/lib
+ * @library /test/lib /javax/net/ssl/templates
 * @run main/othervm SSLEngineBadBufferArrayAccess
 */
@ -82,19 +82,19 @@ import javax.net.ssl.*;
 import javax.net.ssl.SSLEngineResult.*;
 import java.io.*;
 import java.net.*;
 import java.security.*;
 import java.nio.*;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
 import jdk.test.lib.security.SecurityUtils;
-public class SSLEngineBadBufferArrayAccess {
+public class SSLEngineBadBufferArrayAccess extends SSLContextTemplate {
    /*
     * Enables logging of the SSL/TLS operations.
     */
-    private static boolean logging = true;
+    private final static boolean logging = Boolean.parseBoolean(
            System.getProperty("test.logging", "true"));
    /*
     * Enables the JSSE system debugging system property:
@ -105,8 +105,9 @@ public class SSLEngineBadBufferArrayAccess {
     * including specific handshake messages, and might be best examined
     * after gaining some familiarity with this application.
     */
-    private static boolean debug = false;
+    private final static boolean debug = Boolean.getBoolean("test.debug");
-    private SSLContext sslc;
+    private final String PROTOCOL;
    private SSLEngine serverEngine;     // server-side SSLEngine
    private final byte[] serverMsg = "Hi there Client, I'm a Server".getBytes();
@ -124,20 +125,6 @@ public class SSLEngineBadBufferArrayAccess {
    private ByteBuffer cTOs;            // "reliable" transport client->server
    private ByteBuffer sTOc;            // "reliable" transport server->client
    /*
     * The following is to set up the keystores/trust material.
     */
    private static final String pathToStores = "../../../../javax/net/ssl/etc";
    private static final String keyStoreFile = "keystore";
    private static final String trustStoreFile = "truststore";
    private static final String passwd = "passphrase";
    private static String keyFilename =
            System.getProperty("test.src", ".") + "/" + pathToStores
            + "/" + keyStoreFile;
    private static String trustFilename =
            System.getProperty("test.src", ".") + "/" + pathToStores
            + "/" + trustStoreFile;
    /*
     * Is the server ready to serve?
     */
@ -156,7 +143,7 @@ public class SSLEngineBadBufferArrayAccess {
    /*
     * Main entry point for this test.
     */
-    public static void main(String args[]) throws Exception {
+    public static void main(String[] args) throws Exception {
        if (debug) {
            System.setProperty("javax.net.debug", "all");
        }
@ -165,7 +152,7 @@ public class SSLEngineBadBufferArrayAccess {
        SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1");
        String [] protocols = new String [] {
-            "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" };
+            "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
        for (String protocol : protocols) {
            /*
@ -184,32 +171,18 @@ public class SSLEngineBadBufferArrayAccess {
    /*
     * Create an initialized SSLContext to use for these tests.
     */
-    public SSLEngineBadBufferArrayAccess(String protocol) throws Exception {
+    public SSLEngineBadBufferArrayAccess(String protocol) {
        PROTOCOL = protocol;
    }
-        KeyStore ks = KeyStore.getInstance("JKS");
+    @Override
-        KeyStore ts = KeyStore.getInstance("JKS");
+    protected ContextParameters getServerContextParameters() {
        return new ContextParameters(PROTOCOL, "PKIX", "NewSunX509");
    }
-        char[] passphrase = "passphrase".toCharArray();
+    @Override
-
+    protected ContextParameters getClientContextParameters() {
-        try (FileInputStream fis = new FileInputStream(keyFilename)) {
+        return new ContextParameters(PROTOCOL, "PKIX", "NewSunX509");
            ks.load(fis, passphrase);
        }
        try (FileInputStream fis = new FileInputStream(trustFilename)) {
            ts.load(fis, passphrase);
        }
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(ks, passphrase);
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(ts);
        SSLContext sslCtx = SSLContext.getInstance(protocol);
        sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
        sslc = sslCtx;
    }
    /*
@ -232,6 +205,7 @@ public class SSLEngineBadBufferArrayAccess {
    private void runTest(boolean direct) throws Exception {
        boolean serverClose = direct;
        System.out.println("Running test serverClose = " + serverClose);
        ServerSocket serverSocket = new ServerSocket(0);
        serverPort = serverSocket.getLocalPort();
@ -244,7 +218,7 @@ public class SSLEngineBadBufferArrayAccess {
        Socket socket;
        try {
            serverSocket.setSoTimeout(30000);
-            socket = (Socket) serverSocket.accept();
+            socket = serverSocket.accept();
        } catch (SocketTimeoutException ste) {
            serverSocket.close();
@ -327,7 +301,7 @@ public class SSLEngineBadBufferArrayAccess {
        byte[] outbound = new byte[8192];
        while (!isEngineClosed(serverEngine)) {
-            int len = 0;
+            int len;
            // Inbound data
            log("================");
@ -336,7 +310,14 @@ public class SSLEngineBadBufferArrayAccess {
            try {
                len = is.read(inbound);
                if (len == -1) {
-                    throw new Exception("Unexpected EOF");
+                    logSocketStatus(socket);
                    if (socket.isClosed()
                            || socket.isOutputShutdown()) {
                        log("Client socket was closed or shutdown output");
                        break;
                    } else {
                        throw new Exception("Unexpected EOF");
                    }
                }
                cTOs.put(inbound, 0, len);
            } catch (SocketTimeoutException ste) {
@ -372,16 +353,13 @@ public class SSLEngineBadBufferArrayAccess {
                closed = true;
                /*
-                 * We'll alternate initiatating the shutdown.
+                 * We'll alternate initiating the shutdown.
                 * When the server initiates, it will take one more
                 * loop, but tests the orderly shutdown.
                 */
                if (serverClose) {
                    serverEngine.closeOutbound();
                }
            }
            if (closed && isEngineClosed(serverEngine)) {
                serverIn.flip();
                /*
@ -403,6 +381,7 @@ public class SSLEngineBadBufferArrayAccess {
                    }
                }
                serverIn.compact();
                break;
            }
        }
    }
@ -450,7 +429,7 @@ public class SSLEngineBadBufferArrayAccess {
            return;
        }
-        SSLSocketFactory sslsf = sslc.getSocketFactory();
+        SSLSocketFactory sslsf = createClientSSLContext().getSocketFactory();
        try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) {
            try {
                sslSocket.connect(
@ -492,6 +471,7 @@ public class SSLEngineBadBufferArrayAccess {
        InputStream is = sslSocket.getInputStream();
        // write(byte[]) goes in one shot.
        System.out.println("writing message to server.");
        os.write(clientMsg);
        byte[] inbound = new byte[2048];
@ -499,14 +479,16 @@ public class SSLEngineBadBufferArrayAccess {
        int len;
        while ((len = is.read(inbound, pos, 2048 - pos)) != -1) {
            System.out.printf("Client read %d bytes. Waiting for %d from server.%n", len, serverMsg.length);
            pos += len;
            // Let the client do the closing.
            if ((pos == serverMsg.length) && !serverClose) {
                System.out.println("Closing the socket");
                sslSocket.close();
                break;
            }
        }
-
+        System.out.println("Read everything we're going to, I guess.");
        if (pos != serverMsg.length) {
            throw new Exception("Client:  Data length error");
        }
@ -527,7 +509,7 @@ public class SSLEngineBadBufferArrayAccess {
         * Configure the serverEngine to act as a server in the SSL/TLS
         * handshake.
         */
-        serverEngine = sslc.createSSLEngine();
+        serverEngine = createServerSSLContext().createSSLEngine();
        serverEngine.setUseClientMode(false);
        serverEngine.getNeedClientAuth();
    }
@ -589,6 +571,15 @@ public class SSLEngineBadBufferArrayAccess {
        return (engine.isOutboundDone() && engine.isInboundDone());
    }
    private static void logSocketStatus(Socket socket) {
        log("##### " + socket + " #####");
        log("isBound: " + socket.isBound());
        log("isConnected: " + socket.isConnected());
        log("isClosed: " + socket.isClosed());
        log("isInputShutdown: " + socket.isInputShutdown());
        log("isOutputShutdown: " + socket.isOutputShutdown());
    }
    /*
     * Logging code
     */
--- a/test/jdk/sun/security/ssl/SSLSessionImpl/InvalidateSession.java
+++ b/test/jdk/sun/security/ssl/SSLSessionImpl/InvalidateSession.java
@ -37,7 +37,7 @@ import java.util.*;
 import jdk.test.lib.security.SecurityUtils;
-public class InvalidateSession implements SSLContextTemplate {
+public class InvalidateSession extends SSLContextTemplate {
    static ServerSocketFactory serverSsf = null;
    static SSLSocketFactory clientSsf = null;
--- a/test/jdk/sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java
+++ b/test/jdk/sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java
@ -34,7 +34,7 @@
 import javax.net.ssl.*;
 import java.net.InetAddress;
-public class ClientSocketCloseHang implements SSLContextTemplate {
+public class ClientSocketCloseHang extends SSLContextTemplate {
    public static void main(String[] args) throws Exception {
        System.setProperty("jdk.tls.client.protocols", args[0]);
--- a/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java
+++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java
@ -1,147 +0,0 @@
 /*
 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
 //
 // Please run in othervm mode.  SunJSSE does not support dynamic system
 // properties, no way to re-use system properties in samevm/agentvm mode.
 //
 /*
 * @test
 * @bug 8209333
 * @summary Socket reset issue for TLS 1.3 socket close
 * @library /javax/net/ssl/templates
 * @run main/othervm SSLSocketBruceForceClose
 */
 import javax.net.ssl.*;
 import java.io.*;
 import java.net.InetAddress;
 public class SSLSocketBruceForceClose implements SSLContextTemplate {
    public static void main(String[] args) throws Exception {
        for (int i = 0; i<= 10; i++) {
            System.err.println("===================================");
            System.err.println("loop " + i);
            System.err.println("===================================");
            new SSLSocketBruceForceClose().test();
        }
    }
    private void test() throws Exception {
        SSLServerSocket listenSocket = null;
        SSLSocket serverSocket = null;
        ClientSocket clientSocket = null;
        try {
            SSLServerSocketFactory serversocketfactory =
                    createServerSSLContext().getServerSocketFactory();
            listenSocket =
                    (SSLServerSocket)serversocketfactory.createServerSocket(0);
            listenSocket.setNeedClientAuth(false);
            listenSocket.setEnableSessionCreation(true);
            listenSocket.setUseClientMode(false);
            System.err.println("Starting client");
            clientSocket = new ClientSocket(listenSocket.getLocalPort());
            clientSocket.start();
            System.err.println("Accepting client requests");
            serverSocket = (SSLSocket) listenSocket.accept();
            System.err.println("Reading data from client");
            BufferedReader serverReader = new BufferedReader(
                    new InputStreamReader(serverSocket.getInputStream()));
            String data = serverReader.readLine();
            System.err.println("Received data from client: " + data);
            System.err.println("Reading more data from client");
            data = serverReader.readLine();
            System.err.println("Received data from client: " + data);
        } finally {
            if (listenSocket != null) {
                listenSocket.close();
            }
            if (serverSocket != null) {
                serverSocket.close();
            }
        }
        if (clientSocket != null && clientSocket.clientException != null) {
            throw clientSocket.clientException;
        }
    }
    private class ClientSocket extends Thread{
        int serverPort = 0;
        Exception clientException;
        public ClientSocket(int serverPort) {
            this.serverPort = serverPort;
        }
        @Override
        public void run() {
            SSLSocket clientSocket = null;
            String clientData = "Hi, I am client";
            try {
                System.err.println(
                        "Connecting to server at port " + serverPort);
                SSLSocketFactory sslSocketFactory =
                        createClientSSLContext().getSocketFactory();
                clientSocket = (SSLSocket)sslSocketFactory.createSocket(
                        InetAddress.getLocalHost(), serverPort);
                clientSocket.setSoLinger(true, 3);
                clientSocket.setSoTimeout(1000);
                System.err.println("Sending data to server ...");
                BufferedWriter os = new BufferedWriter(
                        new OutputStreamWriter(clientSocket.getOutputStream()));
                os.write(clientData, 0, clientData.length());
                os.newLine();
                os.flush();
                System.err.println("Sending more data to server ...");
                os.write(clientData, 0, clientData.length());
                os.newLine();
                os.flush();
            } catch (Exception e) {
                clientException = e;
            } finally {
                if (clientSocket != null) {
                    try{
                        clientSocket.close();
                        System.err.println("client socket closed");
                    } catch (IOException ioe) {
                        clientException = ioe;
                    }
                }
            }
        }
    }
 }
--- a/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketBruteForceClose.java
+++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketBruteForceClose.java
@ -0,0 +1,102 @@
 /*
 * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
 //
 // Please run in othervm mode.  SunJSSE does not support dynamic system
 // properties, no way to re-use system properties in samevm/agentvm mode.
 //
 /*
 * @test
 * @bug 8209333
 * @summary Socket reset issue for TLS 1.3 socket close
 * @library /javax/net/ssl/templates
 * @run main/othervm SSLSocketBruteForceClose
 */
 import javax.net.ssl.*;
 import java.io.*;
 import java.net.SocketException;
 public class SSLSocketBruteForceClose extends SSLSocketTemplate {
    public static void main(String[] args) throws Exception {
        for (int i = 0; i<= 10; i++) {
            System.err.println("===================================");
            System.err.println("loop " + i);
            System.err.println("===================================");
            new SSLSocketBruteForceClose().run();
        }
    }
    @Override
    protected void configureServerSocket(SSLServerSocket socket) {
        socket.setNeedClientAuth(false);
        socket.setEnableSessionCreation(true);
        socket.setUseClientMode(false);
    }
    @Override
    protected void runServerApplication(SSLSocket socket) throws Exception {
        System.err.println("Reading data from client");
        BufferedReader serverReader = new BufferedReader(
                new InputStreamReader(socket.getInputStream()));
        String data = serverReader.readLine();
        System.err.println("Received data from client: " + data);
        System.err.println("Reading more data from client");
        data = serverReader.readLine();
        System.err.println("Received data from client: " + data);
    }
    @Override
    protected void configureClientSocket(SSLSocket socket) {
        try {
            socket.setSoLinger(true, 3);
            socket.setSoTimeout(1000);
        } catch (SocketException exc) {
            throw new RuntimeException("Could not configure client socket", exc);
        }
    }
    @Override
    protected void runClientApplication(SSLSocket socket) throws Exception {
        String clientData = "Hi, I am client";
        System.err.println("Sending data to server ...");
        BufferedWriter os = new BufferedWriter(
                new OutputStreamWriter(socket.getOutputStream()));
        os.write(clientData, 0, clientData.length());
        os.newLine();
        os.flush();
        System.err.println("Sending more data to server ...");
        os.write(clientData, 0, clientData.length());
        os.newLine();
        os.flush();
        socket.close();
        System.err.println("client socket closed");
    }
 }
--- a/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketClose.java
+++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketClose.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -37,123 +37,79 @@
 import javax.net.ssl.*;
 import java.io.*;
 import java.net.InetAddress;
 import java.net.SocketException;
-public class SSLSocketClose implements SSLContextTemplate {
+public class SSLSocketClose extends SSLSocketTemplate {
    public static void main(String[] args) throws Exception {
        for (int i = 0; i<= 10; i++) {
-            System.err.println("===================================");
+            System.out.println("===================================");
-            System.err.println("loop " + i);
+            System.out.println("loop " + i);
-            System.err.println("===================================");
+            System.out.println("===================================");
-            new SSLSocketClose().test();
+            new SSLSocketClose().run();
        }
    }
-    private void test() throws Exception {
+    @Override
-        SSLServerSocket listenSocket = null;
+    protected void configureServerSocket(SSLServerSocket socket) {
-        SSLSocket serverSocket = null;
+        socket.setNeedClientAuth(false);
-        ClientSocket clientSocket = null;
+        socket.setEnableSessionCreation(true);
        socket.setUseClientMode(false);
    }
    @Override
    protected void runServerApplication(SSLSocket socket) throws Exception {
        System.out.println("Reading data from client");
        BufferedReader serverReader = new BufferedReader(
                new InputStreamReader(socket.getInputStream()));
        String data = serverReader.readLine();
        System.out.println("Received data from client: " + data);
        System.out.println("Sending data to client ...");
        String serverData = "Hi, I am server";
        BufferedWriter os = new BufferedWriter(
                new OutputStreamWriter(socket.getOutputStream()));
        os.write(serverData, 0, serverData.length());
        os.newLine();
        os.flush();
        System.out.println("Reading more data from client");
        data = serverReader.readLine();
        System.out.println("Received data from client: " + data);
    }
    @Override
    protected void configureClientSocket(SSLSocket socket) {
        try {
-            SSLServerSocketFactory serversocketfactory =
+            socket.setSoLinger(true, 3);
-                    createServerSSLContext().getServerSocketFactory();
+        } catch (SocketException e) {
-            listenSocket =
+            throw new RuntimeException("Could not configure client socket", e);
                    (SSLServerSocket)serversocketfactory.createServerSocket(0);
            listenSocket.setNeedClientAuth(false);
            listenSocket.setEnableSessionCreation(true);
            listenSocket.setUseClientMode(false);
            System.err.println("Starting client");
            clientSocket = new ClientSocket(listenSocket.getLocalPort());
            clientSocket.start();
            System.err.println("Accepting client requests");
            serverSocket = (SSLSocket) listenSocket.accept();
            System.err.println("Reading data from client");
            BufferedReader serverReader = new BufferedReader(
                    new InputStreamReader(serverSocket.getInputStream()));
            String data = serverReader.readLine();
            System.err.println("Received data from client: " + data);
            System.err.println("Sending data to client ...");
            String serverData = "Hi, I am server";
            BufferedWriter os = new BufferedWriter(
                    new OutputStreamWriter(serverSocket.getOutputStream()));
            os.write(serverData, 0, serverData.length());
            os.newLine();
            os.flush();
            System.err.println("Reading more data from client");
            data = serverReader.readLine();
            System.err.println("Received data from client: " + data);
        } finally {
            if (listenSocket != null) {
                listenSocket.close();
            }
            if (serverSocket != null) {
                serverSocket.close();
            }
        }
        if (clientSocket != null && clientSocket.clientException != null) {
            throw clientSocket.clientException;
        }
    }
-    private class ClientSocket extends Thread{
+    @Override
-        int serverPort = 0;
+    protected void runClientApplication(SSLSocket socket) throws Exception {
-        Exception clientException;
+        String clientData = "Hi, I am client";
        System.out.println("Sending data to server ...");
-        public ClientSocket(int serverPort) {
+        BufferedWriter os = new BufferedWriter(
-            this.serverPort = serverPort;
+                new OutputStreamWriter(socket.getOutputStream()));
-        }
+        os.write(clientData, 0, clientData.length());
        os.newLine();
        os.flush();
-        @Override
+        System.out.println("Reading data from server");
-        public void run() {
+        BufferedReader is = new BufferedReader(
-            SSLSocket clientSocket = null;
+                new InputStreamReader(socket.getInputStream()));
-            String clientData = "Hi, I am client";
+        String data = is.readLine();
-            try {
+        System.out.println("Received Data from server: " + data);
                System.err.println(
                        "Connecting to server at port " + serverPort);
                SSLSocketFactory sslSocketFactory =
                        createClientSSLContext().getSocketFactory();
                clientSocket = (SSLSocket)sslSocketFactory.createSocket(
                        InetAddress.getLocalHost(), serverPort);
                clientSocket.setSoLinger(true, 3);
-                System.err.println("Sending data to server ...");
+        System.out.println("Sending more data to server ...");
        os.write(clientData, 0, clientData.length());
        os.newLine();
        os.flush();
-                BufferedWriter os = new BufferedWriter(
+        socket.close();
                        new OutputStreamWriter(clientSocket.getOutputStream()));
                os.write(clientData, 0, clientData.length());
                os.newLine();
                os.flush();
                System.err.println("Reading data from server");
                BufferedReader is = new BufferedReader(
                        new InputStreamReader(clientSocket.getInputStream()));
                String data = is.readLine();
                System.err.println("Received Data from server: " + data);
                System.err.println("Sending more data to server ...");
                os.write(clientData, 0, clientData.length());
                os.newLine();
                os.flush();
            } catch (Exception e) {
                clientException = e;
            } finally {
                if (clientSocket != null) {
                    try{
                        clientSocket.close();
                        System.err.println("client socket closed");
                    } catch (IOException ioe) {
                        clientException = ioe;
                    }
                }
            }
        }
    }
 }
--- a/test/jdk/sun/security/ssl/SSLSocketImpl/SocketExceptionForSocketIssues.java
+++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SocketExceptionForSocketIssues.java
@ -37,126 +37,84 @@
 import javax.net.ssl.*;
 import java.io.*;
 import java.net.*;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
-public class SocketExceptionForSocketIssues implements SSLContextTemplate {
+public class SocketExceptionForSocketIssues extends SSLSocketTemplate {
    private final CountDownLatch waitForClient = new CountDownLatch(1);
    public static void main(String[] args) throws Exception {
-        System.err.println("===================================");
+        System.out.println("===================================");
-        new SocketExceptionForSocketIssues().test();
+        new SocketExceptionForSocketIssues().run();
    }
-    private void test() throws Exception {
+    @Override
-        SSLServerSocket listenSocket = null;
+    protected void configureServerSocket(SSLServerSocket socket) {
-        SSLSocket serverSocket = null;
+        socket.setNeedClientAuth(false);
-        ClientSocket clientSocket = null;
+        socket.setEnableSessionCreation(true);
        socket.setUseClientMode(false);
    }
    @Override
    protected void runServerApplication(SSLSocket socket) throws Exception {
        try {
-            SSLServerSocketFactory serversocketfactory =
+            if (!waitForClient.await(5, TimeUnit.SECONDS)) {
-                    createServerSSLContext().getServerSocketFactory();
+                throw new RuntimeException("Client didn't complete within 5 seconds.");
            listenSocket =
                    (SSLServerSocket)serversocketfactory.createServerSocket(0);
            listenSocket.setNeedClientAuth(false);
            listenSocket.setEnableSessionCreation(true);
            listenSocket.setUseClientMode(false);
            System.err.println("Starting client");
            clientSocket = new ClientSocket(listenSocket.getLocalPort());
            clientSocket.start();
            System.err.println("Accepting client requests");
            serverSocket = (SSLSocket)listenSocket.accept();
            if (!clientSocket.isDone) {
                System.err.println("Waiting 3 seconds for client ");
                Thread.sleep(3000);
            }
-            System.err.println("Sending data to client ...");
+            System.out.println("Sending data to client ...");
            String serverData = "Hi, I am server";
            BufferedWriter os = new BufferedWriter(
-                    new OutputStreamWriter(serverSocket.getOutputStream()));
+                    new OutputStreamWriter(socket.getOutputStream()));
            os.write(serverData, 0, serverData.length());
            os.newLine();
            os.flush();
-        } catch (SSLProtocolException | SSLHandshakeException sslhe) {
+            throw new RuntimeException("The expected SocketException was not thrown.");
            throw sslhe;
        } catch (SocketException se) {
            // the expected exception, ignore it
-            System.err.println("server exception: " + se);
+            System.out.println("Caught expected SocketException: " + se);
        } finally {
            if (listenSocket != null) {
                listenSocket.close();
            }
            if (serverSocket != null) {
                serverSocket.close();
            }
        }
        if (clientSocket != null && clientSocket.clientException != null) {
            throw clientSocket.clientException;
        }
    }
-
+    @Override
-
+    protected void configureClientSocket(SSLSocket socket) {
-    private class ClientSocket extends Thread{
+        try {
-        boolean isDone = false;
+            socket.setSoLinger(true, 3);
-        int serverPort = 0;
+            socket.setSoTimeout(100);
-        Exception clientException;
+        } catch (SocketException exc) {
-
+            throw new RuntimeException("Could not configure client socket.", exc);
        public ClientSocket(int serverPort) {
            this.serverPort = serverPort;
        }
    }
-        @Override
+    @Override
-        public void run() {
+    protected void runClientApplication(SSLSocket socket) throws Exception {
-            SSLSocket clientSocket = null;
+        try {
            String clientData = "Hi, I am client";
-            try {
+            BufferedWriter os = new BufferedWriter(
-                System.err.println(
+                    new OutputStreamWriter(socket.getOutputStream()));
-                        "Connecting to server at port " + serverPort);
+            os.write(clientData, 0, clientData.length());
-                SSLSocketFactory sslSocketFactory =
+            os.newLine();
-                        createClientSSLContext().getSocketFactory();
+            os.flush();
                clientSocket = (SSLSocket)sslSocketFactory.createSocket(
                        InetAddress.getLocalHost(), serverPort);
                clientSocket.setSoLinger(true, 3);
                clientSocket.setSoTimeout(100);
            System.out.println("Reading data from server");
            BufferedReader is = new BufferedReader(
                    new InputStreamReader(socket.getInputStream()));
            String data = is.readLine();
            System.out.println("Received Data from server: " + data);
-                System.err.println("Sending data to server ...");
+            throw new RuntimeException("The expected client exception was not thrown.");
-                BufferedWriter os = new BufferedWriter(
+        } catch (SSLProtocolException | SSLHandshakeException sslhe) {
-                        new OutputStreamWriter(clientSocket.getOutputStream()));
+            System.err.println("Client had unexpected SSL exception: " + sslhe);
-                os.write(clientData, 0, clientData.length());
+            throw sslhe;
                os.newLine();
                os.flush();
-                System.err.println("Reading data from server");
+        } catch (SSLException | SocketTimeoutException ssle) {
-                BufferedReader is = new BufferedReader(
+            // the expected exception, ignore it
-                        new InputStreamReader(clientSocket.getInputStream()));
+            System.out.println("Caught expected client exception: " + ssle);
                String data = is.readLine();
                System.err.println("Received Data from server: " + data);
            } catch (SSLProtocolException | SSLHandshakeException sslhe) {
                clientException = sslhe;
                System.err.println("unexpected client exception: " + sslhe);
            } catch (SSLException | SocketTimeoutException ssle) {
                // the expected exception, ignore it
                System.err.println("expected client exception: " + ssle);
            } catch (Exception e) {
                clientException = e;
                System.err.println("unexpected client exception: " + e);
            } finally {
                if (clientSocket != null) {
                    try {
                        clientSocket.close();
                        System.err.println("client socket closed");
                    } catch (IOException ioe) {
                        clientException = ioe;
                    }
                }
-                isDone = true;
+        } finally {
-            }
+            waitForClient.countDown();
        }
    }
 }
--- a/test/jdk/sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java
+++ b/test/jdk/sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java
@ -61,115 +61,7 @@ public class SigAlgosExtTestWithTLS12 extends SSLEngineTemplate {
    private static final boolean EXPECT_FAIL
            = Boolean.getBoolean("test.expectFail");
    private static final String[] CA_CERTS = new String[] {
            // SHA256withECDSA, curve secp256r1
            // Validity
            //     Not Before: May 22 07:18:16 2018 GMT
            //     Not After : May 17 07:18:16 2038 GMT
            // Subject Key Identifier:
            //     60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
            "-----BEGIN CERTIFICATE-----\n" +
            "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
            "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
            "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" +
            "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" +
            "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" +
            "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" +
            "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" +
            "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" +
            "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" +
            "2YEHlSQUAbwwqCDEVB5KxaqP\n" +
            "-----END CERTIFICATE-----",
            // SHA384withECDSA, curve secp384r1
            // Validity
            //     Not Before: Jun 24 08:15:06 2019 GMT
            //     Not After : Jun 19 08:15:06 2039 GMT
            // Subject Key Identifier:
            //     0a:93:a9:a0:bf:e7:d5:48:9d:4f:89:15:c6:51:98:80:05:51:4e:4e
            "-----BEGIN CERTIFICATE-----\n" +
            "MIICCDCCAY6gAwIBAgIUCpOpoL/n1UidT4kVxlGYgAVRTk4wCgYIKoZIzj0EAwMw\n" +
            "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
            "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" +
            "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" +
            "dCBTZXJpdmNlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENVQN1wXWFdgC6u/dDdiC\n" +
            "y+WtMTF66oL/0BSm+1ZqsogamzCryawOcHgiuXgWzx5CQ3LuOC+tDFyXpGfHuCvb\n" +
            "dkzxPrP5n9NrR8/uRPe5l1KOUbchviU8z9cTP+LZxnZDo1MwUTAdBgNVHQ4EFgQU\n" +
            "SktSFArR1p/5mXV0kyo0RxIVa/UwHwYDVR0jBBgwFoAUSktSFArR1p/5mXV0kyo0\n" +
            "RxIVa/UwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjBZvoNmq3/v\n" +
            "RD2gBTyvxjS9h0rsMRLHDnvul/KWngytwGPTOBo0Y8ixQXSjdKoc3rkCMQDkiNgx\n" +
            "IDxuHedmrLQKIPnVcthTmwv7//jHiqGoKofwChMo2a1P+DQdhszmeHD/ARQ=\n" +
            "-----END CERTIFICATE-----"
    };
    private static final String[] EE_CERTS = new String[] {
            // SHA256withECDSA, curve secp256r1
            // Validity
            //     Not Before: May 22 07:18:16 2018 GMT
            //     Not After : May 17 07:18:16 2038 GMT
            // Authority Key Identifier:
            //     60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
            "-----BEGIN CERTIFICATE-----\n" +
            "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
            "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
            "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" +
            "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" +
            "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" +
            "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" +
            "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" +
            "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" +
            "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" +
            "-----END CERTIFICATE-----",
            // SHA384withECDSA, curve secp384r1
            // Validity
            //     Not Before: Jun 24 08:15:06 2019 GMT
            //     Not After : Jun 19 08:15:06 2039 GMT
            // Authority Key Identifier:
            //     40:2D:AA:EE:66:AA:33:27:AD:9B:5D:52:9B:60:67:6A:2B:AD:52:D2
            "-----BEGIN CERTIFICATE-----\n" +
            "MIICEjCCAZegAwIBAgIUS3F0AqAXWRg07CnbknJzxofyBQMwCgYIKoZIzj0EAwMw\n" +
            "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
            "VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" +
            "MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" +
            "dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwdjAQBgcqhkjOPQIB\n" +
            "BgUrgQQAIgNiAARqElz8b6T07eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/w\n" +
            "G8ASSevpgqgpi6EzpBZaaJxE3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEj\n" +
            "iLjYmt3O0pwpklijQjBAMB0GA1UdDgQWBBRALaruZqozJ62bXVKbYGdqK61S0jAf\n" +
            "BgNVHSMEGDAWgBRKS1IUCtHWn/mZdXSTKjRHEhVr9TAKBggqhkjOPQQDAwNpADBm\n" +
            "AjEArVDFKf48xijN6huVUJzKCOP0zlWB5Js+DItIkZmLQuhciPLhLIB/rChf3Y4C\n" +
            "xuP4AjEAmfLhQRI0O3pifpYzYSVh2G7/jHNG4eO+2dvgAcU+Lh2IIj/cpLaPFSvL\n" +
            "J8FXY9Nj\n" +
            "-----END CERTIFICATE-----"
    };
    private static final String[] EE_KEYS = new String[] {
            "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" +
            "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" +
            "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6",
            "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDASuI9EtK29APXPipkc\n" +
            "qDA+qwlewMjv/OcjUJ77kP1Vz62oVF9iY9SRIyFIUju8wt+hZANiAARqElz8b6T0\n" +
            "7eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/wG8ASSevpgqgpi6EzpBZaaJxE\n" +
            "3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEjiLjYmt3O0pwpklg="
    };
    private static final String[] EE_ALGS = new String[] {
            "EC",
            "EC"
    };
    private static final String[] EE_ALIASES = new String[] {
            "EC-SHA256",
            "EC-SHA384"
    };
    private static final Map<Integer, String> SIG_SCHEMES_MAP = Map.of(
            0x0403, "ecdsa_secp256r1_sha256",
            0x0503, "ecdsa_secp384r1_sha384");
    private static final int TLS_HS_CLI_HELLO = 1;
    private static final int TLS_HS_CERT_REQ = 13;
    private static final int HELLO_EXT_SIG_ALGS = 13;
    public SigAlgosExtTestWithTLS12() throws Exception {
        super();
@ -178,36 +70,31 @@ public class SigAlgosExtTestWithTLS12 extends SSLEngineTemplate {
    /*
     * Create an instance of KeyManager for client use.
     */
-    public KeyManager createClientKeyManager() throws Exception {
+    @Override
-        return SSLContextTemplate.createKeyManager(
+    protected KeyManager createClientKeyManager() throws Exception {
-                EE_CERTS,
+        return createKeyManager(
-                EE_KEYS,
+                new Cert[]{Cert.EE_ECDSA_SECP256R1, Cert.EE_ECDSA_SECP384R1},
-                EE_ALGS,
+                getClientContextParameters());
                EE_ALIASES,
                getServerContextParameters());
    }
    @Override
    public TrustManager createClientTrustManager() throws Exception {
-        return SSLContextTemplate.createTrustManager(
+        return createTrustManager(
-                CA_CERTS,
+                new Cert[]{Cert.CA_ECDSA_SECP256R1, Cert.CA_ECDSA_SECP384R1},
                getServerContextParameters());
    }
    @Override
    public KeyManager createServerKeyManager() throws Exception {
-        return SSLContextTemplate.createKeyManager(
+        return createKeyManager(
-                EE_CERTS,
+                new Cert[]{Cert.EE_ECDSA_SECP256R1, Cert.EE_ECDSA_SECP384R1},
                EE_KEYS,
                EE_ALGS,
                EE_ALIASES,
                getServerContextParameters());
    }
    @Override
    public TrustManager createServerTrustManager() throws Exception {
-        return SSLContextTemplate.createTrustManager(
+        return createTrustManager(
-                CA_CERTS,
+                new Cert[]{Cert.CA_ECDSA_SECP256R1, Cert.CA_ECDSA_SECP384R1},
                getServerContextParameters());
    }
--- a/test/jdk/sun/security/ssl/SignatureScheme/Tls13NamedGroups.java
+++ b/test/jdk/sun/security/ssl/SignatureScheme/Tls13NamedGroups.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -37,14 +37,7 @@
 * @run main/othervm Tls13NamedGroups
 */
 import java.net.*;
 import java.io.*;
 import javax.net.ssl.*;
 import java.security.*;
 import java.security.cert.*;
 import java.security.spec.*;
 import java.security.interfaces.*;
 import java.util.Base64;
 public class Tls13NamedGroups extends SSLSocketTemplate {
@ -56,8 +49,10 @@ public class Tls13NamedGroups extends SSLSocketTemplate {
    }
    @Override
-    protected SSLContext createServerSSLContext() throws Exception {
+    public SSLContext createServerSSLContext() throws Exception {
-        return generateSSLContext();
+        return createSSLContext(new Cert[]{Cert.CA_ECDSA_SECP256R1},
                new Cert[]{Cert.EE_ECDSA_SECP256R1},
                new ContextParameters("TLSv1.3", "PKIX", "NewSunX509"));
    }
    @Override
@ -66,123 +61,9 @@ public class Tls13NamedGroups extends SSLSocketTemplate {
    }
    @Override
-    protected SSLContext createClientSSLContext() throws Exception {
+    public SSLContext createClientSSLContext() throws Exception {
-        return generateSSLContext();
+        return createSSLContext(new Cert[]{Cert.CA_ECDSA_SECP256R1},
-    }
+                new Cert[]{Cert.EE_ECDSA_SECP256R1},
-
+                new ContextParameters("TLSv1.3", "PKIX", "NewSunX509"));
    /*
     * =============================================================
     * The remainder is just support stuff
     */
    // Certificates and key used in the test.
    //
    // Trusted Certificate.
    static String trustedCertStr =
        // SHA256withECDSA, curve prime256v1
        // Validity
        //     Not Before: May 22 07:18:16 2018 GMT
        //     Not After : May 17 07:18:16 2038 GMT
        // Subject Key Identifier:
        //     60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
        "-----BEGIN CERTIFICATE-----\n" +
        "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
        "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
        "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" +
        "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" +
        "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" +
        "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" +
        "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" +
        "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" +
        "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" +
        "2YEHlSQUAbwwqCDEVB5KxaqP\n" +
        "-----END CERTIFICATE-----";
        // -----BEGIN PRIVATE KEY-----
        // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd
        // XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd
        // LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp
        // -----END PRIVATE KEY-----
    // End entity certificate.
    static String targetCertStr =
        // SHA256withECDSA, curve prime256v1
        // Validity
        //     Not Before: May 22 07:18:16 2018 GMT
        //     Not After : May 17 07:18:16 2038 GMT
        // Authority Key Identifier:
        //     60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
        "-----BEGIN CERTIFICATE-----\n" +
        "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
        "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
        "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" +
        "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" +
        "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" +
        "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" +
        "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" +
        "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" +
        "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" +
        "-----END CERTIFICATE-----";
    // Private key in the format of PKCS#8.
    static String targetPrivateKey =
        //
        // EC private key related to cert endEntityCertStrs[0].
        //
        "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" +
        "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" +
        "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6";
    static char passphrase[] = "passphrase".toCharArray();
    // Create the SSLContext instance.
    private static SSLContext generateSSLContext() throws Exception {
        // generate certificate from cert string
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        // create a key store
        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(null, null);
        // import the trused cert
        X509Certificate trusedCert = null;
        ByteArrayInputStream is =
                new ByteArrayInputStream(trustedCertStr.getBytes());
        trusedCert = (X509Certificate)cf.generateCertificate(is);
        is.close();
        ks.setCertificateEntry("Trusted EC Signer", trusedCert);
        // generate the private key.
        PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
                            Base64.getMimeDecoder().decode(targetPrivateKey));
        KeyFactory kf = KeyFactory.getInstance("EC");
        ECPrivateKey priKey =
                (ECPrivateKey)kf.generatePrivate(priKeySpec);
        // generate certificate chain
        is = new ByteArrayInputStream(targetCertStr.getBytes());
        X509Certificate keyCert = (X509Certificate)cf.generateCertificate(is);
        is.close();
        X509Certificate[] chain = new X509Certificate[2];
        chain[0] = keyCert;
        chain[1] = trusedCert;
        // import the key entry and the chain
        ks.setKeyEntry("TheKey", priKey, passphrase, chain);
        // create SSL context
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
        tmf.init(ks);
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
        kmf.init(ks, passphrase);
        SSLContext ctx = SSLContext.getInstance("TLSv1.3");
        ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
        ks = null;
        return ctx;
    }
 }
--- a/test/jdk/sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java
+++ b/test/jdk/sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -32,18 +32,17 @@
 import javax.net.ssl.*;
 import javax.security.auth.x500.X500Principal;
 import java.io.*;
 import java.net.InetAddress;
 import java.net.Socket;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
-import java.util.Arrays;
+import java.util.concurrent.CyclicBarrier;
 /**
 * Check if the connection can be established if the client or server trusts
 * more CAs such that it exceeds the size limit of the certificate_authorities
 * extension (2^16).
 */
-public class TooManyCAs implements SSLContextTemplate {
+public class TooManyCAs extends SSLSocketTemplate {
    private static final String[][][] protocols = {
            {{"TLSv1.3"}, {"TLSv1.3"}},
@ -55,44 +54,54 @@ public class TooManyCAs implements SSLContextTemplate {
    private final String[] serverProtocols;
    private final boolean needClientAuth;
    /*
     * Used to synchronize client and server; there were intermittent
     * failures on Windows due to the connection being killed.
     */
    private final CyclicBarrier barrier = new CyclicBarrier(2);
    TooManyCAs(int index, boolean needClientAuth) {
        this.clientProtocols = protocols[index][0];
        this.serverProtocols = protocols[index][1];
        this.needClientAuth = needClientAuth;
        System.out.printf("Testing%n\tclient protocols: %s%n\t" +
                "server protocols: %s%n\tneed client auth: %s%n",
                String.join(", ", clientProtocols),
                String.join(", ", serverProtocols),
                needClientAuth);
    }
-    // Servers are configured before clients, increment test case after.
+    @Override
-    void configureClientSocket(SSLSocket clientSocket) {
+    protected void configureClientSocket(SSLSocket clientSocket) {
-        System.err.print("Setting client protocol(s): ");
+        System.out.println("Setting client protocol(s): "
-        Arrays.stream(clientProtocols).forEachOrdered(System.err::print);
+                + String.join(",", clientProtocols));
        System.err.println();
        clientSocket.setEnabledProtocols(clientProtocols);
    }
-    void configureServerSocket(SSLServerSocket serverSocket) {
+    @Override
-        System.err.print("Setting server protocol(s): ");
+    protected void configureServerSocket(SSLServerSocket serverSocket) {
-        Arrays.stream(serverProtocols).forEachOrdered(System.err::print);
+        serverSocket.setNeedClientAuth(needClientAuth);
-        System.err.println();
+        serverSocket.setEnableSessionCreation(true);
        serverSocket.setUseClientMode(false);
        System.out.println("Setting server protocol(s): "
                + String.join(",", serverProtocols));
        serverSocket.setEnabledProtocols(serverProtocols);
        if (needClientAuth) {
            serverSocket.setNeedClientAuth(true);
        }
    }
    @Override
-    public TrustManager createClientTrustManager() throws Exception {
+    protected TrustManager createClientTrustManager() throws Exception {
-        TrustManager trustManager =
+        TrustManager trustManager = super.createClientTrustManager();
                SSLContextTemplate.super.createClientTrustManager();
        return new BogusX509TrustManager(
                (X509TrustManager)trustManager);
    }
    @Override
-    public TrustManager createServerTrustManager() throws Exception {
+    protected TrustManager createServerTrustManager() throws Exception {
-        TrustManager trustManager =
+        TrustManager trustManager = super.createServerTrustManager();
                SSLContextTemplate.super.createServerTrustManager();
        return new BogusX509TrustManager(
                (X509TrustManager)trustManager);
    }
@ -107,104 +116,42 @@ public class TooManyCAs implements SSLContextTemplate {
        }
    }
-    private void run() throws Exception {
+    @Override
-        SSLServerSocket listenSocket = null;
+    protected void runServerApplication(SSLSocket socket) throws Exception {
        SSLSocket serverSocket = null;
        ClientSocket clientSocket = null;
        try {
-            SSLServerSocketFactory serversocketfactory =
+            System.out.println("Sending data to client ...");
                    createServerSSLContext().getServerSocketFactory();
            listenSocket =
                    (SSLServerSocket)serversocketfactory.createServerSocket(0);
            listenSocket.setNeedClientAuth(false);
            listenSocket.setEnableSessionCreation(true);
            listenSocket.setUseClientMode(false);
            configureServerSocket(listenSocket);
            System.err.println("Starting client");
            clientSocket = new ClientSocket(listenSocket.getLocalPort());
            clientSocket.start();
            System.err.println("Accepting client requests");
            serverSocket = (SSLSocket)listenSocket.accept();
            if (!clientSocket.isDone) {
                System.err.println("Waiting 3 seconds for client ");
                Thread.sleep(3000);
            }
            System.err.println("Sending data to client ...");
            String serverData = "Hi, I am server";
            BufferedWriter os = new BufferedWriter(
-                    new OutputStreamWriter(serverSocket.getOutputStream()));
+                    new OutputStreamWriter(socket.getOutputStream()));
            os.write(serverData, 0, serverData.length());
            os.newLine();
            os.flush();
        } finally {
-            if (listenSocket != null) {
+            barrier.await();
-                listenSocket.close();
+            System.out.println("Server done");
            }
            if (serverSocket != null) {
                serverSocket.close();
            }
        }
        if (clientSocket != null && clientSocket.clientException != null) {
            throw clientSocket.clientException;
        }
    }
-    private class ClientSocket extends Thread{
+    @Override
-        boolean isDone = false;
+    protected void runClientApplication(SSLSocket socket) throws Exception {
-        int serverPort = 0;
+        try {
        Exception clientException;
        public ClientSocket(int serverPort) {
            this.serverPort = serverPort;
        }
        @Override
        public void run() {
            SSLSocket clientSocket = null;
            String clientData = "Hi, I am client";
-            try {
+            System.out.println("Sending data to server ...");
                System.err.println(
                        "Connecting to server at port " + serverPort);
                SSLSocketFactory sslSocketFactory =
                        createClientSSLContext().getSocketFactory();
                clientSocket = (SSLSocket)sslSocketFactory.createSocket(
                        InetAddress.getLocalHost(), serverPort);
                configureClientSocket(clientSocket);
-                System.err.println("Sending data to server ...");
+            BufferedWriter os = new BufferedWriter(
                    new OutputStreamWriter(socket.getOutputStream()));
            os.write(clientData, 0, clientData.length());
            os.newLine();
            os.flush();
-                BufferedWriter os = new BufferedWriter(
+            System.out.println("Reading data from server");
-                        new OutputStreamWriter(clientSocket.getOutputStream()));
+            BufferedReader is = new BufferedReader(
-                os.write(clientData, 0, clientData.length());
+                    new InputStreamReader(socket.getInputStream()));
-                os.newLine();
+            String data = is.readLine();
-                os.flush();
+            System.out.println("Received Data from server: " + data);
-
+        } finally {
-                System.err.println("Reading data from server");
+            barrier.await();
-                BufferedReader is = new BufferedReader(
+            System.out.println("client done.");
                        new InputStreamReader(clientSocket.getInputStream()));
                String data = is.readLine();
                System.err.println("Received Data from server: " + data);
            } catch (Exception e) {
                clientException = e;
                System.err.println("unexpected client exception: " + e);
            } finally {
                if (clientSocket != null) {
                    try {
                        clientSocket.close();
                        System.err.println("client socket closed");
                    } catch (IOException ioe) {
                        clientException = ioe;
                    }
                }
                isDone = true;
            }
        }
    }
@ -273,7 +220,7 @@ public class TooManyCAs implements SSLContextTemplate {
            for (int i = 0; i < duplicated; i++) {
                System.arraycopy(trustedCerts, 0,
                    returnedCAs,
-                    i * trustedCerts.length + 0, trustedCerts.length);
+                    i * trustedCerts.length, trustedCerts.length);
            }
            return returnedCAs;