stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8284047: Harmonize/Standardize the SSLSocket/SSLEngine/SSLSocketSSLEngine test templates

Browse Source 
Reviewed-by: rhalade
This commit is contained in:
Matthew Donovan 2023-03-15 17:39:11 +00:00 committed by Rajan Halade
parent 7ad48ea3ad
commit 824a5e4c60
23 changed files with 1263 additions and 3437 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
test/jdk/javax/net/ssl/ALPN/MyX509ExtendedKeyManager.java
View File

@ -1,138 +0,0 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedKeyManager;
public class MyX509ExtendedKeyManager extends X509ExtendedKeyManager {
static final String ERROR = "ERROR";
X509ExtendedKeyManager akm;
String expectedAP;
boolean doCheck = true;
MyX509ExtendedKeyManager(X509ExtendedKeyManager akm) {
this.akm = akm;
}
public MyX509ExtendedKeyManager(
X509ExtendedKeyManager akm, String expectedAP, boolean doCheck) {
this.akm = akm;
this.expectedAP = expectedAP;
this.doCheck = doCheck;
}
@Override
public String[] getClientAliases(String keyType, Principal[] issuers) {
return akm.getClientAliases(keyType, issuers);
}
@Override
public String chooseClientAlias(String[] keyType, Principal[] issuers,
Socket socket) {
String nap = ((SSLSocket) socket).getHandshakeApplicationProtocol();
checkALPN(nap);
return akm.chooseClientAlias(keyType, issuers, socket);
}
@Override
public String[] getServerAliases(String keyType, Principal[] issuers) {
return akm.getServerAliases(keyType, issuers);
}
@Override
public String chooseServerAlias(String keyType, Principal[] issuers,
Socket socket) {
String nap = ((SSLSocket) socket).getHandshakeApplicationProtocol();
checkALPN(nap);
return akm.chooseServerAlias(keyType, issuers, socket);
}
@Override
public X509Certificate[] getCertificateChain(String alias) {
return akm.getCertificateChain(alias);
}
@Override
public PrivateKey getPrivateKey(String alias) {
return akm.getPrivateKey(alias);
}
@Override
public String chooseEngineClientAlias(String[] keyType, Principal[] issuers,
SSLEngine engine) {
String nap = engine.getHandshakeApplicationProtocol();
checkALPN(nap);
return akm.chooseEngineClientAlias(keyType, issuers, engine);
}
@Override
public String chooseEngineServerAlias(String keyType, Principal[] issuers,
SSLEngine engine) {
String nap = engine.getHandshakeApplicationProtocol();
checkALPN(nap);
return akm.chooseEngineServerAlias(keyType, issuers, engine);
}
private void checkALPN(String ap) {
if (!doCheck) {
System.out.println("Skipping KeyManager checks " +
"because a callback has been registered");
return;
}
if (ERROR.equals(expectedAP)) {
throw new RuntimeException("Should not reach here");
}
System.out.println("Expected ALPN value: " + expectedAP
+ " Got: " + ap);
if (ap == null) {
throw new RuntimeException(
"ALPN should be negotiated, but null was received");
}
if (expectedAP.equals("NONE")) {
if (!ap.isEmpty()) {
throw new RuntimeException("Expected no ALPN value");
} else {
System.out.println("No ALPN value negotiated, as expected");
}
} else if (!expectedAP.equals(ap)) {
throw new RuntimeException(expectedAP
+ " ALPN value not available on negotiated connection");
}
}
}

5
test/jdk/javax/net/ssl/ALPN/SSLEngineAlpnTest.java
View File

@ -28,7 +28,6 @@
* @test
* @bug 8051498 8145849 8170282
* @summary JEP 244: TLS Application-Layer Protocol Negotiation Extension
* @compile MyX509ExtendedKeyManager.java
*
* @run main/othervm SSLEngineAlpnTest h2 UNUSED h2 h2
* @run main/othervm SSLEngineAlpnTest h2 UNUSED h2,http/1.1 h2
@ -237,10 +236,6 @@ public class SSLEngineAlpnTest {
throw new Exception("kms[0] not X509ExtendedKeyManager");
}
kms = new KeyManager[] { new MyX509ExtendedKeyManager(
(X509ExtendedKeyManager) kms[0], expectedAP,
!hasCallback && hasServerAPs) };
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);

283
test/jdk/javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
* @test
* @bug 8051498 8145849 8158978 8170282
* @summary JEP 244: TLS Application-Layer Protocol Negotiation Extension
* @compile MyX509ExtendedKeyManager.java
* @library /javax/net/ssl/templates
*
* @run main/othervm SSLServerSocketAlpnTest h2 UNUSED h2 h2
* @run main/othervm SSLServerSocketAlpnTest h2 UNUSED h2,http/1.1 h2
@ -79,56 +79,18 @@
* This example is based on our standard SSLSocketTemplate.
*/
import java.io.*;
import java.security.KeyStore;
import java.util.Arrays;
import javax.net.ssl.*;
public class SSLServerSocketAlpnTest {
public class SSLServerSocketAlpnTest extends SSLSocketTemplate {
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static boolean separateServerThread = false;
/*
* Where do we find the keystores?
*/
static String pathToStores = "../etc";
static String keyStoreFile = "keystore";
static String trustStoreFile = "truststore";
static String passwd = "passphrase";
static String keyFilename = System.getProperty("test.src", ".") + "/"
+ pathToStores + "/" + keyStoreFile;
static String trustFilename = System.getProperty("test.src", ".") + "/"
+ pathToStores + "/" + trustStoreFile;
private static boolean hasServerAPs; // whether server APs are present
private static boolean hasCallback; // whether a callback is present
/*
* SSLContext
*/
SSLContext mySSLContext = null;
/*
* Is the server ready to serve?
*/
volatile static boolean serverReady = false;
/*
* Turn on SSL debugging?
*/
static boolean debug = false;
static boolean debug = Boolean.getBoolean("test.debug");
static String[] serverAPs;
static String callbackAP;
@ -144,16 +106,8 @@ public class SSLServerSocketAlpnTest {
* smart about it....
*/
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doServerSide() throws Exception {
SSLServerSocketFactory sslssf = mySSLContext.getServerSocketFactory();
SSLServerSocket sslServerSocket
= (SSLServerSocket) sslssf.createServerSocket(serverPort);
@Override
protected void configureServerSocket(SSLServerSocket sslServerSocket) {
sslServerSocket.setNeedClientAuth(true);
SSLParameters sslp = sslServerSocket.getSSLParameters();
@ -178,13 +132,16 @@ public class SSLServerSocketAlpnTest {
sslServerSocket.setSSLParameters(sslp);
serverPort = sslServerSocket.getLocalPort();
}
/*
* Signal Client, we're ready for his connect.
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
serverReady = true;
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
@Override
protected void runServerApplication(SSLSocket sslSocket) throws Exception {
if (sslSocket.getHandshakeApplicationProtocol() != null) {
throw new Exception ("getHandshakeApplicationProtocol() should "
@ -245,26 +202,9 @@ public class SSLServerSocketAlpnTest {
sslSocket.close();
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
SSLSocketFactory sslsf = mySSLContext.getSocketFactory();
SSLSocket sslSocket
= (SSLSocket) sslsf.createSocket("localhost", serverPort);
SSLParameters sslp = sslSocket.getSSLParameters();
@Override
protected void configureClientSocket(SSLSocket socket) {
SSLParameters sslp = socket.getSSLParameters();
/*
* The default ciphersuite ordering from the SSLContext may not
@ -278,7 +218,17 @@ public class SSLServerSocketAlpnTest {
// Set the ALPN selection.
sslp.setApplicationProtocols(clientAPs);
sslSocket.setSSLParameters(sslp);
socket.setSSLParameters(sslp);
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
@Override
protected void runClientApplication(SSLSocket sslSocket) throws Exception {
if (sslSocket.getHandshakeApplicationProtocol() != null) {
throw new Exception ("getHandshakeApplicationProtocol() should "
@ -332,9 +282,6 @@ public class SSLServerSocketAlpnTest {
// use any free port by default
volatile int serverPort = 0;
volatile Exception serverException = null;
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
if (debug) {
@ -351,14 +298,13 @@ public class SSLServerSocketAlpnTest {
clientAPs = convert(args[2]);
expectedAP = args[3];
hasServerAPs = !args[0].equals("UNUSED"); // are server APs being used?
hasCallback = !callbackAP.equals("UNUSED"); // is callback being used?
/*
* Start the tests.
*/
try {
new SSLServerSocketAlpnTest();
new SSLServerSocketAlpnTest().run();
} catch (SSLHandshakeException she) {
if (args[3].equals("ERROR")) {
System.out.println("Caught the expected exception: " + she);
@ -370,40 +316,6 @@ public class SSLServerSocketAlpnTest {
System.out.println("Test Passed.");
}
SSLContext getSSLContext(String keyFilename, String trustFilename)
throws Exception {
SSLContext ctx = SSLContext.getInstance("TLS");
// Keystores
KeyStore keyKS = KeyStore.getInstance("JKS");
keyKS.load(new FileInputStream(keyFilename), passwd.toCharArray());
KeyStore trustKS = KeyStore.getInstance("JKS");
trustKS.load(new FileInputStream(trustFilename), passwd.toCharArray());
// Generate KeyManager and TrustManager
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keyKS, passwd.toCharArray());
KeyManager[] kms = kmf.getKeyManagers();
if (!(kms[0] instanceof X509ExtendedKeyManager)) {
throw new Exception("kms[0] not X509ExtendedKeyManager");
}
kms = new KeyManager[] { new MyX509ExtendedKeyManager(
(X509ExtendedKeyManager) kms[0], expectedAP,
!hasCallback && hasServerAPs) };
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(trustKS);
TrustManager[] tms = tmf.getTrustManagers();
// initial SSLContext
ctx.init(kms, tms, null);
return ctx;
}
/*
* Convert a comma-separated list into an array of strings.
*/
@ -425,143 +337,4 @@ public class SSLServerSocketAlpnTest {
return strings;
}
Thread clientThread = null;
Thread serverThread = null;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
SSLServerSocketAlpnTest() throws Exception {
Exception startException = null;
mySSLContext = getSSLContext(keyFilename, trustFilename);
try {
if (separateServerThread) {
startServer(true);
startClient(false);
} else {
startClient(true);
startServer(false);
}
} catch (Exception e) {
startException = e;
}
/*
* Wait for other side to close down.
*/
if (separateServerThread) {
if (serverThread != null) {
serverThread.join();
}
} else {
if (clientThread != null) {
clientThread.join();
}
}
/*
* When we get here, the test is pretty much over.
* Which side threw the error?
*/
Exception local;
Exception remote;
if (separateServerThread) {
remote = serverException;
local = clientException;
} else {
remote = clientException;
local = serverException;
}
Exception exception = null;
/*
* Check various exception conditions.
*/
if ((local != null) && (remote != null)) {
// If both failed, return the curthread's exception.
local.addSuppressed(remote);
exception = local;
} else if (local != null) {
exception = local;
} else if (remote != null) {
exception = remote;
} else if (startException != null) {
exception = startException;
}
/*
* If there was an exception *AND* a startException,
* output it.
*/
if (exception != null) {
if (exception != startException && startException != null) {
exception.addSuppressed(startException);
}
throw exception;
}
// Fall-through: no exception to throw!
}
void startServer(boolean newThread) throws Exception {
if (newThread) {
serverThread = new Thread() {
@Override
public void run() {
try {
doServerSide();
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died...");
serverReady = true;
serverException = e;
}
}
};
serverThread.start();
} else {
try {
doServerSide();
} catch (Exception e) {
serverException = e;
} finally {
serverReady = true;
}
}
}
void startClient(boolean newThread) throws Exception {
if (newThread) {
clientThread = new Thread() {
@Override
public void run() {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died...");
clientException = e;
}
}
};
clientThread.start();
} else {
try {
doClientSide();
} catch (Exception e) {
clientException = e;
}
}
}
}

273
test/jdk/javax/net/ssl/ALPN/SSLSocketAlpnTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
* @test
* @bug 8051498 8145849 8170282
* @summary JEP 244: TLS Application-Layer Protocol Negotiation Extension
* @compile MyX509ExtendedKeyManager.java
* @library /javax/net/ssl/templates
*
* @run main/othervm SSLSocketAlpnTest h2 UNUSED h2 h2
* @run main/othervm SSLSocketAlpnTest h2 UNUSED h2,http/1.1 h2
@ -78,56 +78,18 @@
* This example is based on our standard SSLSocketTemplate.
*/
import java.io.*;
import java.security.KeyStore;
import java.util.Arrays;
import javax.net.ssl.*;
public class SSLSocketAlpnTest {
public class SSLSocketAlpnTest extends SSLSocketTemplate {
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static boolean separateServerThread = false;
/*
* Where do we find the keystores?
*/
static String pathToStores = "../etc";
static String keyStoreFile = "keystore";
static String trustStoreFile = "truststore";
static String passwd = "passphrase";
static String keyFilename = System.getProperty("test.src", ".") + "/"
+ pathToStores + "/" + keyStoreFile;
static String trustFilename = System.getProperty("test.src", ".") + "/"
+ pathToStores + "/" + trustStoreFile;
private static boolean hasServerAPs; // whether server APs are present
private static boolean hasCallback; // whether a callback is present
/*
* SSLContext
*/
SSLContext mySSLContext = null;
/*
* Is the server ready to serve?
*/
volatile static boolean serverReady = false;
/*
* Turn on SSL debugging?
*/
static boolean debug = false;
static boolean debug = Boolean.getBoolean("test.debug");
static String[] serverAPs;
static String callbackAP;
@ -143,28 +105,20 @@ public class SSLSocketAlpnTest {
* smart about it....
*/
@Override
protected void configureServerSocket(SSLServerSocket socket) {
socket.setNeedClientAuth(true);
}
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doServerSide() throws Exception {
SSLServerSocketFactory sslssf = mySSLContext.getServerSocketFactory();
SSLServerSocket sslServerSocket
= (SSLServerSocket) sslssf.createServerSocket(serverPort);
// for both client/server to call into X509KM
sslServerSocket.setNeedClientAuth(true);
serverPort = sslServerSocket.getLocalPort();
/*
* Signal Client, we're ready for his connect.
*/
serverReady = true;
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
@Override
protected void runServerApplication(SSLSocket sslSocket) throws Exception {
System.out.println("in runServerApplication(SSLSocket)");
SSLParameters sslp = sslSocket.getSSLParameters();
/*
@ -206,6 +160,7 @@ public class SSLSocketAlpnTest {
}
}
System.out.println("server starting handshake");
sslSocket.startHandshake();
if (sslSocket.getHandshakeApplicationProtocol() != null) {
@ -247,18 +202,9 @@ public class SSLSocketAlpnTest {
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
SSLSocketFactory sslsf = mySSLContext.getSocketFactory();
SSLSocket sslSocket
= (SSLSocket) sslsf.createSocket("localhost", serverPort);
@Override
protected void runClientApplication(SSLSocket sslSocket) throws Exception {
System.out.println("in runClientApplication(SSLSocket)");
SSLParameters sslp = sslSocket.getSSLParameters();
@ -281,6 +227,7 @@ public class SSLSocketAlpnTest {
+ "return null before the handshake starts");
}
System.out.println("Client starting handshake");
sslSocket.startHandshake();
if (sslSocket.getHandshakeApplicationProtocol() != null) {
@ -321,16 +268,6 @@ public class SSLSocketAlpnTest {
sslSocket.close();
}
/*
* =============================================================
* The remainder is just support stuff
*/
// use any free port by default
volatile int serverPort = 0;
volatile Exception serverException = null;
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
if (debug) {
@ -347,14 +284,13 @@ public class SSLSocketAlpnTest {
clientAPs = convert(args[2]);
expectedAP = args[3];
hasServerAPs = !args[0].equals("UNUSED"); // are server APs being used?
hasCallback = !callbackAP.equals("UNUSED"); // is callback being used?
/*
* Start the tests.
*/
try {
new SSLSocketAlpnTest();
new SSLSocketAlpnTest().run();
} catch (SSLHandshakeException she) {
if (args[3].equals("ERROR")) {
System.out.println("Caught the expected exception: " + she);
@ -366,40 +302,6 @@ public class SSLSocketAlpnTest {
System.out.println("Test Passed.");
}
SSLContext getSSLContext(String keyFilename, String trustFilename)
throws Exception {
SSLContext ctx = SSLContext.getInstance("TLS");
// Keystores
KeyStore keyKS = KeyStore.getInstance("JKS");
keyKS.load(new FileInputStream(keyFilename), passwd.toCharArray());
KeyStore trustKS = KeyStore.getInstance("JKS");
trustKS.load(new FileInputStream(trustFilename), passwd.toCharArray());
// Generate KeyManager and TrustManager
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keyKS, passwd.toCharArray());
KeyManager[] kms = kmf.getKeyManagers();
if (!(kms[0] instanceof X509ExtendedKeyManager)) {
throw new Exception("kms[0] not X509ExtendedKeyManager");
}
kms = new KeyManager[] { new MyX509ExtendedKeyManager(
(X509ExtendedKeyManager) kms[0], expectedAP,
!hasCallback && hasServerAPs) };
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(trustKS);
TrustManager[] tms = tmf.getTrustManagers();
// initial SSLContext
ctx.init(kms, tms, null);
return ctx;
}
/*
* Convert a comma-separated list into an array of strings.
*/
@ -421,143 +323,4 @@ public class SSLSocketAlpnTest {
return strings;
}
Thread clientThread = null;
Thread serverThread = null;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
SSLSocketAlpnTest() throws Exception {
Exception startException = null;
mySSLContext = getSSLContext(keyFilename, trustFilename);
try {
if (separateServerThread) {
startServer(true);
startClient(false);
} else {
startClient(true);
startServer(false);
}
} catch (Exception e) {
startException = e;
}
/*
* Wait for other side to close down.
*/
if (separateServerThread) {
if (serverThread != null) {
serverThread.join();
}
} else {
if (clientThread != null) {
clientThread.join();
}
}
/*
* When we get here, the test is pretty much over.
* Which side threw the error?
*/
Exception local;
Exception remote;
if (separateServerThread) {
remote = serverException;
local = clientException;
} else {
remote = clientException;
local = serverException;
}
Exception exception = null;
/*
* Check various exception conditions.
*/
if ((local != null) && (remote != null)) {
// If both failed, return the curthread's exception.
local.addSuppressed(remote);
exception = local;
} else if (local != null) {
exception = local;
} else if (remote != null) {
exception = remote;
} else if (startException != null) {
exception = startException;
}
/*
* If there was an exception *AND* a startException,
* output it.
*/
if (exception != null) {
if (exception != startException && startException != null) {
exception.addSuppressed(startException);
}
throw exception;
}
// Fall-through: no exception to throw!
}
void startServer(boolean newThread) throws Exception {
if (newThread) {
serverThread = new Thread() {
@Override
public void run() {
try {
doServerSide();
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died...");
serverReady = true;
serverException = e;
}
}
};
serverThread.start();
} else {
try {
doServerSide();
} catch (Exception e) {
serverException = e;
} finally {
serverReady = true;
}
}
}
void startClient(boolean newThread) throws Exception {
if (newThread) {
clientThread = new Thread() {
@Override
public void run() {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died...");
clientException = e;
}
}
};
clientThread.start();
} else {
try {
doClientSide();
} catch (Exception e) {
clientException = e;
}
}
}
}

12
test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java
View File

@ -37,19 +37,9 @@ import java.security.*;
import java.nio.*;
import java.util.Arrays;
public class HandshakeWithInvalidRecordVersion implements SSLContextTemplate {
public class HandshakeWithInvalidRecordVersion extends SSLContextTemplate {
private static final boolean DEBUG = Boolean.getBoolean("test.debug");
private static final String PATH_TO_STORES = "../etc";
private static final String KEYSTORE_FILE = "keystore";
private static final String TRUSTSTORE_FILE = "truststore";
private static final String KEYSTORE_PATH =
System.getProperty("test.src", "./") + "/" + PATH_TO_STORES +
"/" + KEYSTORE_FILE;
private static final String TRUSTSTORE_PATH =
System.getProperty("test.src", "./") + "/" + PATH_TO_STORES +
"/" + TRUSTSTORE_FILE;
public static void main(String [] args) throws Exception {
var runner = new HandshakeWithInvalidRecordVersion();

170
test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,86 +42,35 @@
* @run main/othervm DisabledShortRSAKeys SunX509 SSLv3
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.*;
import java.security.interfaces.*;
import java.util.Base64;
public class DisabledShortRSAKeys extends SSLSocketTemplate {
/*
* Where do we find the keystores?
*/
// Certificates and key used in the test.
static String trustedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
"MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
"MTEwODE5MDE1MjE5WhcNMzIwNzI5MDE1MjE5WjA7MQswCQYDVQQGEwJVUzENMAsG\n" +
"A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" +
"KoZIhvcNAQEBBQADgY0AMIGJAoGBAM8orG08DtF98TMSscjGsidd1ZoN4jiDpi8U\n" +
"ICz+9dMm1qM1d7O2T+KH3/mxyox7Rc2ZVSCaUD0a3CkhPMnlAx8V4u0H+E9sqso6\n" +
"iDW3JpOyzMExvZiRgRG/3nvp55RMIUV4vEHOZ1QbhuqG4ebN0Vz2DkRft7+flthf\n" +
"vDld6f5JAgMBAAGjgaUwgaIwHQYDVR0OBBYEFLl81dnfp0wDrv0OJ1sxlWzH83Xh\n" +
"MGMGA1UdIwRcMFqAFLl81dnfp0wDrv0OJ1sxlWzH83XhoT+kPTA7MQswCQYDVQQG\n" +
"EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" +
"Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEE\n" +
"BQADgYEALlgaH1gWtoBZ84EW8Hu6YtGLQ/L9zIFmHonUPZwn3Pr//icR9Sqhc3/l\n" +
"pVTxOINuFHLRz4BBtEylzRIOPzK3tg8XwuLb1zd0db90x3KBCiAL6E6cklGEPwLe\n" +
"XYMHDn9eDsaq861Tzn6ZwzMgw04zotPMoZN0mVd/3Qca8UJFucE=\n" +
"-----END CERTIFICATE-----";
static String targetCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIICNDCCAZ2gAwIBAgIBDDANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
"MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
"MTExMTA3MTM1NTUyWhcNMzEwNzI1MTM1NTUyWjBPMQswCQYDVQQGEwJVUzENMAsG\n" +
"A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEjAQBgNV\n" +
"BAMTCWxvY2FsaG9zdDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3Pb49OSPfOD2G\n" +
"HSXFCFx1GJEZfqG9ZUf7xuIi/ra5dLjPGAaoY5QF2QOa8VnOriQCXDfyXHxsuRnE\n" +
"OomxL7EVAgMBAAGjeDB2MAsGA1UdDwQEAwID6DAdBgNVHQ4EFgQUXNCJK3/dtCIc\n" +
"xb+zlA/JINlvs/MwHwYDVR0jBBgwFoAUuXzV2d+nTAOu/Q4nWzGVbMfzdeEwJwYD\n" +
"VR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAzANBgkqhkiG9w0B\n" +
"AQQFAAOBgQB2qIDUxA2caMPpGtUACZAPRUtrGssCINIfItETXJZCx/cRuZ5sP4D9\n" +
"N1acoNDn0hCULe3lhXAeTC9NZ97680yJzregQMV5wATjo1FGsKY30Ma+sc/nfzQW\n" +
"+h/7RhYtoG0OTsiaDCvyhI6swkNJzSzrAccPY4+ZgU8HiDLzZTmM3Q==\n" +
"-----END CERTIFICATE-----";
// Private key in the format of PKCS#8, key size is 512 bits.
static String targetPrivateKey =
"MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAtz2+PTkj3zg9hh0l\n" +
"xQhcdRiRGX6hvWVH+8biIv62uXS4zxgGqGOUBdkDmvFZzq4kAlw38lx8bLkZxDqJ\n" +
"sS+xFQIDAQABAkByx/5Oo2hQ/w2q4L8z+NTRlJ3vdl8iIDtC/4XPnfYfnGptnpG6\n" +
"ZThQRvbMZiai0xHQPQMszvAHjZVme1eDl3EBAiEA3aKJHynPVCEJhpfCLWuMwX5J\n" +
"1LntwJO7NTOyU5m8rPECIQDTpzn5X44r2rzWBDna/Sx7HW9IWCxNgUD2Eyi2nA7W\n" +
"ZQIgJerEorw4aCAuzQPxiGu57PB6GRamAihEAtoRTBQlH0ECIQDN08FgTtnesgCU\n" +
"DFYLLcw1CiHvc7fZw4neBDHCrC8NtQIgA8TOUkGnpCZlQ0KaI8KfKWI+vxFcgFnH\n" +
"3fnqsTgaUs4=";
static char passphrase[] = "passphrase".toCharArray();
/*
* Turn on SSL debugging?
*/
static boolean debug = false;
@Override
protected SSLContext createClientSSLContext() throws Exception {
return generateSSLContext(trustedCertStr, null, null);
private final String enabledProtocol;
private final String tmAlgorithm;
public DisabledShortRSAKeys(String tmAlgorithm, String enabledProtocol) {
this.tmAlgorithm = tmAlgorithm;
this.enabledProtocol = enabledProtocol;
}
@Override
protected SSLContext createServerSSLContext() throws Exception {
return generateSSLContext(null, targetCertStr, targetPrivateKey);
public SSLContext createClientSSLContext() throws Exception {
return createSSLContext(new Cert[]{Cert.CA_RSA_512}, null,
new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509"));
}
@Override
public SSLContext createServerSSLContext() throws Exception {
return createSSLContext(null, new Cert[]{Cert.EE_RSA_512},
new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509"));
}
@Override
@ -159,84 +108,6 @@ public class DisabledShortRSAKeys extends SSLSocketTemplate {
}
}
/*
* =============================================================
* The remainder is just support stuff
*/
private static String tmAlgorithm; // trust manager
private static String enabledProtocol; // the target protocol
private static void parseArguments(String[] args) {
tmAlgorithm = args[0];
enabledProtocol = args[1];
}
private static SSLContext generateSSLContext(String trustedCertStr,
String keyCertStr, String keySpecStr) throws Exception {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// create a key store
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
// import the trused cert
Certificate trusedCert = null;
ByteArrayInputStream is = null;
if (trustedCertStr != null) {
is = new ByteArrayInputStream(trustedCertStr.getBytes());
trusedCert = cf.generateCertificate(is);
is.close();
ks.setCertificateEntry("RSA Export Signer", trusedCert);
}
if (keyCertStr != null) {
// generate the private key.
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(keySpecStr));
KeyFactory kf = KeyFactory.getInstance("RSA");
RSAPrivateKey priKey =
(RSAPrivateKey)kf.generatePrivate(priKeySpec);
// generate certificate chain
is = new ByteArrayInputStream(keyCertStr.getBytes());
Certificate keyCert = cf.generateCertificate(is);
is.close();
Certificate[] chain = null;
if (trusedCert != null) {
chain = new Certificate[2];
chain[0] = keyCert;
chain[1] = trusedCert;
} else {
chain = new Certificate[1];
chain[0] = keyCert;
}
// import the key entry.
ks.setKeyEntry("Whatever", priKey, passphrase, chain);
}
// create SSL context
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlgorithm);
tmf.init(ks);
SSLContext ctx = SSLContext.getInstance("TLS");
if (keyCertStr != null && !keyCertStr.isEmpty()) {
KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
ks = null;
} else {
ctx.init(null, tmf.getTrustManagers(), null);
}
return ctx;
}
public static void main(String[] args) throws Exception {
Security.setProperty("jdk.certpath.disabledAlgorithms",
"RSA keySize < 1024");
@ -247,15 +118,12 @@ public class DisabledShortRSAKeys extends SSLSocketTemplate {
System.setProperty("javax.net.debug", "all");
}
/*
* Get the customized arguments.
*/
parseArguments(args);
String tmAlgorithm = args[0];
String enabledProtocol = args[1];
/*
* Start the tests.
*/
new DisabledShortRSAKeys().run();
new DisabledShortRSAKeys(tmAlgorithm, enabledProtocol).run();
}
}

939
test/jdk/javax/net/ssl/templates/SSLContextTemplate.java
View File

File diff suppressed because it is too large Load Diff

2
test/jdk/javax/net/ssl/templates/SSLEngineTemplate.java
View File

@ -51,7 +51,7 @@ import java.nio.ByteBuffer;
* (wrap/unwrap) pass before any application data is consumed or
* produced.
*/
public class SSLEngineTemplate implements SSLContextTemplate {
public class SSLEngineTemplate extends SSLContextTemplate {
protected final SSLEngine clientEngine; // client Engine
protected final ByteBuffer clientOut; // write side of clientEngine
protected final ByteBuffer clientIn; // read side of clientEngine

532
test/jdk/javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java
View File

@ -1,532 +0,0 @@
/*
* Copyright (c) 2011, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 7105780
* @summary Add SSLSocket client/SSLEngine server to templates directory.
* @run main/othervm SSLSocketSSLEngineTemplate TLSv1
* @run main/othervm SSLSocketSSLEngineTemplate TLSv1.1
* @run main/othervm SSLSocketSSLEngineTemplate TLSv1.2
* @run main/othervm SSLSocketSSLEngineTemplate TLSv1.3
*/
/**
* A SSLSocket/SSLEngine interop test case. This is not the way to
* code SSLEngine-based servers, but works for what we need to do here,
* which is to make sure that SSLEngine/SSLSockets can talk to each other.
* SSLEngines can use direct or indirect buffers, and different code
* is used to get at the buffer contents internally, so we test that here.
*
* The test creates one SSLSocket (client) and one SSLEngine (server).
* The SSLSocket talks to a raw ServerSocket, and the server code
* does the translation between byte [] and ByteBuffers that the SSLEngine
* can use. The "transport" layer consists of a Socket Input/OutputStream
* and two byte buffers for the SSLEngines: think of them
* as directly connected pipes.
*
* Again, this is a *very* simple example: real code will be much more
* involved. For example, different threading and I/O models could be
* used, transport mechanisms could close unexpectedly, and so on.
*
* When this application runs, notice that several messages
* (wrap/unwrap) pass before any application data is consumed or
* produced. (For more information, please see the SSL/TLS
* specifications.) There may several steps for a successful handshake,
* so it's typical to see the following series of operations:
*
* client server message
* ====== ====== =======
* write() ... ClientHello
* ... unwrap() ClientHello
* ... wrap() ServerHello/Certificate
* read() ... ServerHello/Certificate
* write() ... ClientKeyExchange
* write() ... ChangeCipherSpec
* write() ... Finished
* ... unwrap() ClientKeyExchange
* ... unwrap() ChangeCipherSpec
* ... unwrap() Finished
* ... wrap() ChangeCipherSpec
* ... wrap() Finished
* read() ... ChangeCipherSpec
* read() ... Finished
*/
import javax.net.ssl.*;
import javax.net.ssl.SSLEngineResult.*;
import java.io.*;
import java.net.*;
import java.security.*;
import java.nio.*;
public class SSLSocketSSLEngineTemplate {
/*
* Enables logging of the SSL/TLS operations.
*/
private static final boolean logging = true;
/*
* Enables the JSSE system debugging system property:
*
* -Djavax.net.debug=all
*
* This gives a lot of low-level information about operations underway,
* including specific handshake messages, and might be best examined
* after gaining some familiarity with this application.
*/
private static final boolean debug = false;
private final SSLContext sslc;
private SSLEngine serverEngine; // server-side SSLEngine
private SSLSocket clientSocket;
private final byte[] serverMsg =
"Hi there Client, I'm a Server.".getBytes();
private final byte[] clientMsg =
"Hello Server, I'm a Client! Pleased to meet you!".getBytes();
private ByteBuffer serverOut; // write side of serverEngine
private ByteBuffer serverIn; // read side of serverEngine
private volatile Exception clientException;
private volatile Exception serverException;
/*
* For data transport, this example uses local ByteBuffers.
*/
private ByteBuffer cTOs; // "reliable" transport client->server
private ByteBuffer sTOc; // "reliable" transport server->client
/*
* The following is to set up the keystores/trust material.
*/
private static final String pathToStores = "../etc";
private static final String keyStoreFile = "keystore";
private static final String trustStoreFile = "truststore";
private static final String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores
+ "/" + keyStoreFile;
private static final String trustFilename =
System.getProperty("test.src", ".") + "/" + pathToStores
+ "/" + trustStoreFile;
/*
* Main entry point for this test.
*/
public static void main(String args[]) throws Exception {
String protocol = args[0];
// reset security properties to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
Security.setProperty("jdk.certpath.disabledAlgorithms", "");
if (debug) {
System.setProperty("javax.net.debug", "all");
}
/*
* Run the tests with direct and indirect buffers.
*/
SSLSocketSSLEngineTemplate test =
new SSLSocketSSLEngineTemplate(protocol);
log("-------------------------------------");
log("Testing " + protocol + " for direct buffers ...");
test.runTest(true);
log("---------------------------------------");
log("Testing " + protocol + " for indirect buffers ...");
test.runTest(false);
log("Test Passed.");
}
/*
* Create an initialized SSLContext to use for these tests.
*/
public SSLSocketSSLEngineTemplate(String protocol) throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ts = KeyStore.getInstance("JKS");
char[] passphrase = "passphrase".toCharArray();
try (FileInputStream keyFile = new FileInputStream(keyFilename);
FileInputStream trustFile = new FileInputStream(trustFilename)) {
ks.load(keyFile, passphrase);
ts.load(trustFile, passphrase);
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
SSLContext sslCtx = SSLContext.getInstance(protocol);
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
sslc = sslCtx;
}
/*
* Run the test.
*
* Sit in a tight loop, with the server engine calling wrap/unwrap
* regardless of whether data is available or not. We do this until
* we get the application data. Then we shutdown and go to the next one.
*
* The main loop handles all of the I/O phases of the SSLEngine's
* lifetime:
*
* initial handshaking
* application data transfer
* engine closing
*
* One could easily separate these phases into separate
* sections of code.
*/
private void runTest(boolean direct) throws Exception {
clientSocket = null;
boolean serverClose = direct;
// generates the server-side Socket
try (ServerSocket serverSocket = new ServerSocket()) {
serverSocket.setReuseAddress(false);
serverSocket.bind(null);
int port = serverSocket.getLocalPort();
log("Port: " + port);
Thread thread = createClientThread(port, serverClose);
createSSLEngine();
createBuffers(direct);
// server-side socket that will read
try (Socket socket = serverSocket.accept()) {
socket.setSoTimeout(500);
boolean closed = false;
// will try to read one more time in case client message
// is fragmented to multiple pieces
boolean retry = true;
InputStream is = socket.getInputStream();
OutputStream os = socket.getOutputStream();
SSLEngineResult serverResult; // results from last operation
/*
* Examining the SSLEngineResults could be much more involved,
* and may alter the overall flow of the application.
*
* For example, if we received a BUFFER_OVERFLOW when trying
* to write to the output pipe, we could reallocate a larger
* pipe, but instead we wait for the peer to drain it.
*/
byte[] inbound = new byte[8192];
byte[] outbound = new byte[8192];
while (!isEngineClosed(serverEngine)) {
int len;
// Inbound data
log("================");
// Read from the Client side.
try {
len = is.read(inbound);
if (len == -1) {
logSocketStatus(clientSocket);
if (clientSocket.isClosed()
|| clientSocket.isOutputShutdown()) {
log("Client socket was closed or shutdown output");
break;
} else {
throw new Exception("Unexpected EOF");
}
}
cTOs.put(inbound, 0, len);
} catch (SocketTimeoutException ste) {
// swallow. Nothing yet, probably waiting on us.
}
cTOs.flip();
serverResult = serverEngine.unwrap(cTOs, serverIn);
log("server unwrap: ", serverResult);
runDelegatedTasks(serverResult, serverEngine);
cTOs.compact();
// Outbound data
log("----");
serverResult = serverEngine.wrap(serverOut, sTOc);
log("server wrap: ", serverResult);
runDelegatedTasks(serverResult, serverEngine);
sTOc.flip();
if ((len = sTOc.remaining()) != 0) {
sTOc.get(outbound, 0, len);
os.write(outbound, 0, len);
// Give the other side a chance to process
}
sTOc.compact();
if (!closed && (serverOut.remaining() == 0)) {
closed = true;
/*
* We'll alternate initiatating the shutdown.
* When the server initiates, it will take one more
* loop, but tests the orderly shutdown.
*/
if (serverClose) {
serverEngine.closeOutbound();
}
serverIn.flip();
/*
* A sanity check to ensure we got what was sent.
*/
if (serverIn.remaining() != clientMsg.length) {
if (retry &&
serverIn.remaining() < clientMsg.length) {
log("Need to read more from client");
serverIn.compact();
retry = false;
continue;
} else {
throw new Exception(
"Client: Data length error");
}
}
for (int i = 0; i < clientMsg.length; i++) {
if (clientMsg[i] != serverIn.get()) {
throw new Exception(
"Client: Data content error");
}
}
serverIn.compact();
}
}
} catch (Exception e) {
serverException = e;
} finally {
// Wait for the client to join up with us.
if (thread != null) {
thread.join();
}
}
} finally {
if (serverException != null) {
if (clientException != null) {
serverException.addSuppressed(clientException);
}
throw serverException;
}
if (clientException != null) {
if (serverException != null) {
clientException.addSuppressed(serverException);
}
throw clientException;
}
}
}
/*
* Create a client thread which does simple SSLSocket operations.
* We'll write and read one data packet.
*/
private Thread createClientThread(final int port,
final boolean serverClose) throws Exception {
Thread t = new Thread("ClientThread") {
@Override
public void run() {
// client-side socket
try (SSLSocket sslSocket = (SSLSocket)sslc.getSocketFactory().
createSocket("localhost", port)) {
clientSocket = sslSocket;
OutputStream os = sslSocket.getOutputStream();
InputStream is = sslSocket.getInputStream();
// write(byte[]) goes in one shot.
os.write(clientMsg);
byte[] inbound = new byte[2048];
int pos = 0;
int len;
while ((len = is.read(inbound, pos, 2048 - pos)) != -1) {
pos += len;
// Let the client do the closing.
if ((pos == serverMsg.length) && !serverClose) {
sslSocket.close();
break;
}
}
if (pos != serverMsg.length) {
throw new Exception("Client: Data length error");
}
for (int i = 0; i < serverMsg.length; i++) {
if (inbound[i] != serverMsg[i]) {
throw new Exception("Client: Data content error");
}
}
} catch (Exception e) {
clientException = e;
}
}
};
t.start();
return t;
}
/*
* Using the SSLContext created during object creation,
* create/configure the SSLEngines we'll use for this test.
*/
private void createSSLEngine() throws Exception {
/*
* Configure the serverEngine to act as a server in the SSL/TLS
* handshake.
*/
serverEngine = sslc.createSSLEngine();
serverEngine.setUseClientMode(false);
serverEngine.getNeedClientAuth();
}
/*
* Create and size the buffers appropriately.
*/
private void createBuffers(boolean direct) {
SSLSession session = serverEngine.getSession();
int appBufferMax = session.getApplicationBufferSize();
int netBufferMax = session.getPacketBufferSize();
/*
* We'll make the input buffers a bit bigger than the max needed
* size, so that unwrap()s following a successful data transfer
* won't generate BUFFER_OVERFLOWS.
*
* We'll use a mix of direct and indirect ByteBuffers for
* tutorial purposes only. In reality, only use direct
* ByteBuffers when they give a clear performance enhancement.
*/
if (direct) {
serverIn = ByteBuffer.allocateDirect(appBufferMax + 50);
cTOs = ByteBuffer.allocateDirect(netBufferMax);
sTOc = ByteBuffer.allocateDirect(netBufferMax);
} else {
serverIn = ByteBuffer.allocate(appBufferMax + 50);
cTOs = ByteBuffer.allocate(netBufferMax);
sTOc = ByteBuffer.allocate(netBufferMax);
}
serverOut = ByteBuffer.wrap(serverMsg);
}
/*
* If the result indicates that we have outstanding tasks to do,
* go ahead and run them in this thread.
*/
private static void runDelegatedTasks(SSLEngineResult result,
SSLEngine engine) throws Exception {
if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
Runnable runnable;
while ((runnable = engine.getDelegatedTask()) != null) {
log("\trunning delegated task...");
runnable.run();
}
HandshakeStatus hsStatus = engine.getHandshakeStatus();
if (hsStatus == HandshakeStatus.NEED_TASK) {
throw new Exception(
"handshake shouldn't need additional tasks");
}
log("\tnew HandshakeStatus: " + hsStatus);
}
}
private static boolean isEngineClosed(SSLEngine engine) {
return (engine.isOutboundDone() && engine.isInboundDone());
}
private static void logSocketStatus(Socket socket) {
log("##### " + socket + " #####");
log("isBound: " + socket.isBound());
log("isConnected: " + socket.isConnected());
log("isClosed: " + socket.isClosed());
log("isInputShutdown: " + socket.isInputShutdown());
log("isOutputShutdown: " + socket.isOutputShutdown());
}
/*
* Logging code
*/
private static boolean resultOnce = true;
private static void log(String str, SSLEngineResult result) {
if (!logging) {
return;
}
if (resultOnce) {
resultOnce = false;
log("The format of the SSLEngineResult is: \n"
+ "\t\"getStatus() / getHandshakeStatus()\" +\n"
+ "\t\"bytesConsumed() / bytesProduced()\"\n");
}
HandshakeStatus hsStatus = result.getHandshakeStatus();
log(str
+ result.getStatus() + "/" + hsStatus + ", "
+ result.bytesConsumed() + "/" + result.bytesProduced()
+ " bytes");
if (hsStatus == HandshakeStatus.FINISHED) {
log("\t...ready for application data");
}
}
private static void log(String str) {
if (logging) {
if (debug) {
System.err.println(str);
} else {
System.out.println(str);
}
}
}
}

740
test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,27 +34,17 @@
* @run main/othervm SSLSocketTemplate
*/
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.IOException;
import java.io.OutputStream;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketTimeoutException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.KeyFactory;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
@ -66,7 +56,7 @@ import java.util.concurrent.TimeUnit;
* test/jdk/sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java
* test/jdk/sun/net/www/protocol/https/HttpsClient/ServerIdentityTest.java
*/
public class SSLSocketTemplate {
public class SSLSocketTemplate extends SSLContextTemplate {
/*
* ==================
@ -128,53 +118,6 @@ public class SSLSocketTemplate {
// blank
}
/*
* Create an instance of SSLContext for client use.
*/
protected SSLContext createClientSSLContext() throws Exception {
return createSSLContext(TRUSTED_CERTS, END_ENTITY_CERTS,
getClientContextParameters());
}
/*
* Create an instance of SSLContext for server use.
*/
protected SSLContext createServerSSLContext() throws Exception {
return createSSLContext(TRUSTED_CERTS, END_ENTITY_CERTS,
getServerContextParameters());
}
/*
* The parameters used to configure SSLContext.
*/
protected static final class ContextParameters {
final String contextProtocol;
final String tmAlgorithm;
final String kmAlgorithm;
ContextParameters(String contextProtocol,
String tmAlgorithm, String kmAlgorithm) {
this.contextProtocol = contextProtocol;
this.tmAlgorithm = tmAlgorithm;
this.kmAlgorithm = kmAlgorithm;
}
}
/*
* Get the client side parameters of SSLContext.
*/
protected ContextParameters getClientContextParameters() {
return new ContextParameters("TLS", "PKIX", "NewSunX509");
}
/*
* Get the server side parameters of SSLContext.
*/
protected ContextParameters getServerContextParameters() {
return new ContextParameters("TLS", "PKIX", "NewSunX509");
}
/*
* Does the client side use customized connection other than
* explicit Socket.connect(), for example, URL.openConnection()?
@ -360,114 +303,6 @@ public class SSLSocketTemplate {
}
}
/*
* =============================================
* Stuffs to customize the SSLContext instances.
*/
/*
* =======================================
* Certificates and keys used in the test.
*/
// Trusted certificates.
protected final static Cert[] TRUSTED_CERTS = {
Cert.CA_ECDSA_SECP256R1,
Cert.CA_RSA_2048,
Cert.CA_DSA_2048 };
// End entity certificate.
protected final static Cert[] END_ENTITY_CERTS = {
Cert.EE_ECDSA_SECP256R1,
Cert.EE_RSA_2048,
Cert.EE_EC_RSA_SECP256R1,
Cert.EE_DSA_2048 };
/*
* Create an instance of SSLContext with the specified trust/key materials.
*/
public static SSLContext createSSLContext(
Cert[] trustedCerts,
Cert[] endEntityCerts,
ContextParameters params) throws Exception {
KeyStore ts = null; // trust store
KeyStore ks = null; // key store
char passphrase[] = "passphrase".toCharArray();
// Generate certificate from cert string.
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// Import the trused certs.
ByteArrayInputStream is;
if (trustedCerts != null && trustedCerts.length != 0) {
ts = KeyStore.getInstance("JKS");
ts.load(null, null);
Certificate[] trustedCert = new Certificate[trustedCerts.length];
for (int i = 0; i < trustedCerts.length; i++) {
is = new ByteArrayInputStream(trustedCerts[i].certStr.getBytes());
try {
trustedCert[i] = cf.generateCertificate(is);
} finally {
is.close();
}
ts.setCertificateEntry(
"trusted-cert-" + trustedCerts[i].name(), trustedCert[i]);
}
}
// Import the key materials.
if (endEntityCerts != null && endEntityCerts.length != 0) {
ks = KeyStore.getInstance("JKS");
ks.load(null, null);
for (int i = 0; i < endEntityCerts.length; i++) {
// generate the private key.
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(endEntityCerts[i].privKeyStr));
KeyFactory kf =
KeyFactory.getInstance(
endEntityCerts[i].keyAlgo);
PrivateKey priKey = kf.generatePrivate(priKeySpec);
// generate certificate chain
is = new ByteArrayInputStream(
endEntityCerts[i].certStr.getBytes());
Certificate keyCert = null;
try {
keyCert = cf.generateCertificate(is);
} finally {
is.close();
}
Certificate[] chain = new Certificate[] { keyCert };
// import the key entry.
ks.setKeyEntry("cert-" + endEntityCerts[i].name(),
priKey, passphrase, chain);
}
}
// Create an SSLContext object.
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(params.tmAlgorithm);
tmf.init(ts);
SSLContext context = SSLContext.getInstance(params.contextProtocol);
if (endEntityCerts != null && endEntityCerts.length != 0 && ks != null) {
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(params.kmAlgorithm);
kmf.init(ks, passphrase);
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
} else {
context.init(null, tmf.getTrustManagers(), null);
}
return context;
}
/*
* =================================================
* Stuffs to boot up the client-server mode testing.
@ -597,7 +432,7 @@ public class SSLSocketTemplate {
}
}
private void startClient(boolean newThread) throws Exception {
private void startClient(boolean newThread) {
if (newThread) {
clientThread = new Thread() {
@Override
@ -629,573 +464,4 @@ public class SSLSocketTemplate {
cause.printStackTrace(System.out);
}
public static enum Cert {
CA_ECDSA_SECP256R1(
"EC",
// SHA256withECDSA, curve secp256r1
// Validity
// Not Before: May 22 07:18:16 2018 GMT
// Not After : May 17 07:18:16 2038 GMT
// Subject Key Identifier:
// 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
"-----BEGIN CERTIFICATE-----\n" +
"MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
"ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" +
"MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" +
"MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" +
"LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" +
"A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" +
"MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" +
"6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" +
"2YEHlSQUAbwwqCDEVB5KxaqP\n" +
"-----END CERTIFICATE-----",
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd\n" +
"XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd\n" +
"LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp"),
CA_ECDSA_SECP384R1(
"EC",
// SHA384withECDSA, curve secp384r1
// Validity
// Not Before: Jun 24 08:15:06 2019 GMT
// Not After : Jun 19 08:15:06 2039 GMT
// Subject Key Identifier:
// 0a:93:a9:a0:bf:e7:d5:48:9d:4f:89:15:c6:51:98:80:05:51:4e:4e
"-----BEGIN CERTIFICATE-----\n" +
"MIICCDCCAY6gAwIBAgIUCpOpoL/n1UidT4kVxlGYgAVRTk4wCgYIKoZIzj0EAwMw\n" +
"OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
"VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" +
"MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" +
"dCBTZXJpdmNlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENVQN1wXWFdgC6u/dDdiC\n" +
"y+WtMTF66oL/0BSm+1ZqsogamzCryawOcHgiuXgWzx5CQ3LuOC+tDFyXpGfHuCvb\n" +
"dkzxPrP5n9NrR8/uRPe5l1KOUbchviU8z9cTP+LZxnZDo1MwUTAdBgNVHQ4EFgQU\n" +
"SktSFArR1p/5mXV0kyo0RxIVa/UwHwYDVR0jBBgwFoAUSktSFArR1p/5mXV0kyo0\n" +
"RxIVa/UwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjBZvoNmq3/v\n" +
"RD2gBTyvxjS9h0rsMRLHDnvul/KWngytwGPTOBo0Y8ixQXSjdKoc3rkCMQDkiNgx\n" +
"IDxuHedmrLQKIPnVcthTmwv7//jHiqGoKofwChMo2a1P+DQdhszmeHD/ARQ=\n" +
"-----END CERTIFICATE-----",
"MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDChlbt0NF8oIKODSxn2\n" +
"WXCXuJm3z78LRkzYQS3Nx5NMjei5ytkFZz4qvD4XXMWlTEyhZANiAAQ1VA3XBdYV\n" +
"2ALq790N2ILL5a0xMXrqgv/QFKb7VmqyiBqbMKvJrA5weCK5eBbPHkJDcu44L60M\n" +
"XJekZ8e4K9t2TPE+s/mf02tHz+5E97mXUo5RtyG+JTzP1xM/4tnGdkM="),
CA_ECDSA_SECP521R1(
"EC",
// SHA512withECDSA, curve secp521r1
// Validity
// Not Before: Jun 24 08:15:06 2019 GMT
// Not After : Jun 19 08:15:06 2039 GMT
// Subject Key Identifier:
// 25:ca:68:76:6d:29:17:9b:71:78:45:2d:d4:c6:e4:5d:fe:25:ff:90
"-----BEGIN CERTIFICATE-----\n" +
"MIICUzCCAbSgAwIBAgIUJcpodm0pF5txeEUt1MbkXf4l/5AwCgYIKoZIzj0EAwQw\n" +
"OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
"VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" +
"MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" +
"dCBTZXJpdmNlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAmFD5VmB2MdyJ6k+E\n" +
"eP4JncrE65ySL07gVmFwnr8otOt3NtRAyzmviMNNXXjo5R5NqNjKP4pr92JjT0sO\n" +
"D65yngkBtH151Ev/fiKPLxkXL9GzfKdWHVhDX7Zg6DUydzukzZV2/dIyloAIqwlz\n" +
"QVKJqT7RypDufdng8hnE9YfKo6ypZiujUzBRMB0GA1UdDgQWBBRAIrxa7WqtqUCe\n" +
"HFuKREDC92spvTAfBgNVHSMEGDAWgBRAIrxa7WqtqUCeHFuKREDC92spvTAPBgNV\n" +
"HRMBAf8EBTADAQH/MAoGCCqGSM49BAMEA4GMADCBiAJCAe22iirZnODCmlpxcv57\n" +
"3g5BEE60C+dtYmTqR4DtFyDaTRQ5CFf4ZxvQPIbD+SXi5Cbrl6qtrZG0cjUihPkC\n" +
"Hi1hAkIAiEcO7nMPgQLny+GrciojfN+bZXME/dPz6KHBm/89f8Me+jawVnv6y+df\n" +
"2Sbafh1KV6ntWQtB4bK3MXV8Ym9Eg1I=\n" +
"-----END CERTIFICATE-----",
"MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAV8dZszV6+nLw3LeA\n" +
"Q+qLJLGaqyjlsQkaopCPcmoRdy1HX6AzB/YnKsPkHp/9DQN6A2JgUhFG5B0XvKSk\n" +
"BqNNuSGhgYkDgYYABACYUPlWYHYx3InqT4R4/gmdysTrnJIvTuBWYXCevyi063c2\n" +
"1EDLOa+Iw01deOjlHk2o2Mo/imv3YmNPSw4PrnKeCQG0fXnUS/9+Io8vGRcv0bN8\n" +
"p1YdWENftmDoNTJ3O6TNlXb90jKWgAirCXNBUompPtHKkO592eDyGcT1h8qjrKlm\n" +
"Kw=="),
CA_RSA_2048(
"RSA",
// SHA256withRSA, 2048 bits
// Validity
// Not Before: May 22 07:18:16 2018 GMT
// Not After : May 17 07:18:16 2038 GMT
// Subject Key Identifier:
// 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C
"-----BEGIN CERTIFICATE-----\n" +
"MIIDSTCCAjGgAwIBAgIJAI4ZF3iy8zG+MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
"BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
"aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYT\n" +
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
"ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpMcY7aWieXDEM1/YJf\n" +
"JW27b4nRIFZyEYhEloyGsKTuQiiQjc8cqRZFNXe2vwziDB4IyTEl0Hjl5QF6ZaQE\n" +
"huPzzwvQm1pv64KrRXrmj3FisQK8B5OWLty9xp6xDqsaMRoyObLK+oIb20T5fSlE\n" +
"evmo1vYjnh8CX0Yzx5Gr5ye6YSEHQvYOWEws8ad17OlyToR2KMeC8w4qo6rs59pW\n" +
"g7Mxn9vo22ImDzrtAbTbXbCias3xlE0Bp0h5luyf+5U4UgksoL9B9r2oP4GrLNEV\n" +
"oJk57t8lwaR0upiv3CnS8LcJELpegZub5ggqLY8ZPYFQPjlK6IzLOm6rXPgZiZ3m\n" +
"RL0CAwEAAaNQME4wHQYDVR0OBBYEFA3dk8n+S701t+iZeJD721o92xVMMB8GA1Ud\n" +
"IwQYMBaAFA3dk8n+S701t+iZeJD721o92xVMMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" +
"hvcNAQELBQADggEBAJTRC3rKUUhVH07/1+stUungSYgpM08dY4utJq0BDk36BbmO\n" +
"0AnLDMbkwFdHEoqF6hQIfpm7SQTmXk0Fss6Eejm8ynYr6+EXiRAsaXOGOBCzF918\n" +
"/RuKOzqABfgSU4UBKECLM5bMfQTL60qx+HdbdVIpnikHZOFfmjCDVxoHsGyXc1LW\n" +
"Jhkht8IGOgc4PMGvyzTtRFjz01kvrVQZ75aN2E0GQv6dCxaEY0i3ypSzjUWAKqDh\n" +
"3e2OLwUSvumcdaxyCdZAOUsN6pDBQ+8VRG7KxnlRlY1SMEk46QgQYLbPDe/+W/yH\n" +
"ca4PejicPeh+9xRAwoTpiE2gulfT7Lm+fVM7Ruc=\n" +
"-----END CERTIFICATE-----",
"MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6THGO2lonlwxD\n" +
"Nf2CXyVtu2+J0SBWchGIRJaMhrCk7kIokI3PHKkWRTV3tr8M4gweCMkxJdB45eUB\n" +
"emWkBIbj888L0Jtab+uCq0V65o9xYrECvAeTli7cvcaesQ6rGjEaMjmyyvqCG9tE\n" +
"+X0pRHr5qNb2I54fAl9GM8eRq+cnumEhB0L2DlhMLPGndezpck6EdijHgvMOKqOq\n" +
"7OfaVoOzMZ/b6NtiJg867QG0212womrN8ZRNAadIeZbsn/uVOFIJLKC/Qfa9qD+B\n" +
"qyzRFaCZOe7fJcGkdLqYr9wp0vC3CRC6XoGbm+YIKi2PGT2BUD45SuiMyzpuq1z4\n" +
"GYmd5kS9AgMBAAECggEAFHSoU2MuWwJ+2jJnb5U66t2V1bAcuOE1g5zkWvG/G5z9\n" +
"rq6Qo5kmB8f5ovdx6tw3MGUOklLwnRXBG3RxDJ1iokz3AvkY1clMNsDPlDsUrQKF\n" +
"JSO4QUBQTPSZhnsyfR8XHSU+qJ8Y+ohMfzpVv95BEoCzebtXdVgxVegBlcEmVHo2\n" +
"kMmkRN+bYNsr8eb2r+b0EpyumS39ZgKYh09+cFb78y3T6IFMGcVJTP6nlGBFkmA/\n" +
"25pYeCF2tSki08qtMJZQAvKfw0Kviibk7ZxRbJqmc7B1yfnOEHP6ftjuvKl2+RP/\n" +
"+5P5f8CfIP6gtA0LwSzAqQX/hfIKrGV5j0pCqrD0kQKBgQDeNR6Xi4sXVq79lihO\n" +
"a1bSeV7r8yoQrS8x951uO+ox+UIZ1MsAULadl7zB/P0er92p198I9M/0Jth3KBuS\n" +
"zj45mucvpiiGvmQlMKMEfNq4nN7WHOu55kufPswQB2mR4J3xmwI+4fM/nl1zc82h\n" +
"De8JSazRldJXNhfx0RGFPmgzbwKBgQDWoVXrXLbCAn41oVnWB8vwY9wjt92ztDqJ\n" +
"HMFA/SUohjePep9UDq6ooHyAf/Lz6oE5NgeVpPfTDkgvrCFVKnaWdwALbYoKXT2W\n" +
"9FlyJox6eQzrtHAacj3HJooXWuXlphKSizntfxj3LtMR9BmrmRJOfK+SxNOVJzW2\n" +
"+MowT20EkwKBgHmpB8jdZBgxI7o//m2BI5Y1UZ1KE5vx1kc7VXzHXSBjYqeV9FeF\n" +
"2ZZLP9POWh/1Fh4pzTmwIDODGT2UPhSQy0zq3O0fwkyT7WzXRknsuiwd53u/dejg\n" +
"iEL2NPAJvulZ2+AuiHo5Z99LK8tMeidV46xoJDDUIMgTG+UQHNGhK5gNAoGAZn/S\n" +
"Cn7SgMC0CWSvBHnguULXZO9wH1wZAFYNLL44OqwuaIUFBh2k578M9kkke7woTmwx\n" +
"HxQTjmWpr6qimIuY6q6WBN8hJ2Xz/d1fwhYKzIp20zHuv5KDUlJjbFfqpsuy3u1C\n" +
"kts5zwI7pr1ObRbDGVyOdKcu7HI3QtR5qqyjwaUCgYABo7Wq6oHva/9V34+G3Goh\n" +
"63bYGUnRw2l5BD11yhQv8XzGGZFqZVincD8gltNThB0Dc/BI+qu3ky4YdgdZJZ7K\n" +
"z51GQGtaHEbrHS5caV79yQ8QGY5mUVH3E+VXSxuIqb6pZq2DH4sTAEFHyncddmOH\n" +
"zoXBInYwRG9KE/Bw5elhUw=="),
CA_DSA_2048(
"DSA",
// SHA256withDSA, 2048 bits
// Validity
// Not Before: May 22 07:18:18 2018 GMT
// Not After : May 17 07:18:18 2038 GMT
// Subject Key Identifier:
// 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53
"-----BEGIN CERTIFICATE-----\n" +
"MIIErjCCBFSgAwIBAgIJAOktYLNCbr02MAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" +
"EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" +
"Y2UwHhcNMTgwNTIyMDcxODE4WhcNMzgwNTE3MDcxODE4WjA7MQswCQYDVQQGEwJV\n" +
"UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Uw\n" +
"ggNHMIICOQYHKoZIzjgEATCCAiwCggEBAO5GyPhSm0ze3LSu+gicdULLj05iOfTL\n" +
"UvZQ29sYz41zmqrLBQbdKiHqgJu2Re9sgTb5suLNjF047TOLPnU3jhPtWm2X8Xzi\n" +
"VGIcHym/Q/MeZxStt/88seqroI3WOKzIML2GcrishT+lcGrtH36Tf1+ue2Snn3PS\n" +
"WyxygNqPjllP5uUjYmFLvAf4QLMldkd/D2VxcwsHjB8y5iUZsXezc/LEhRZS/02m\n" +
"ivqlRw3AMkq/OVe/ZtxFWsP0nsfxEGdZuaUFpppGfixxFvymrB3+J51cTt+pZBDq\n" +
"D2y0DYfc+88iCs4jwHTfcDIpLb538HBjBj2rEgtQESQmB0ooD/+wsPsCIQC1bYch\n" +
"gElNtDYL3FgpLgNSUYp7gIWv9ehaC7LO2z7biQKCAQBitvFOnDkUja8NAF7lDpOV\n" +
"b5ipQ8SicBLW3kQamxhyuyxgZyy/PojZ/oPorkqW/T/A0rhnG6MssEpAtdiwVB+c\n" +
"rBYGo3bcwmExJhdOJ6dYuKFppPWhCwKMHs9npK+lqBMl8l5j58xlcFeC7ZfGf8GY\n" +
"GkhFW0c44vEQhMMbac6ZTTP4mw+1t7xJfmDMlLEyIpTXaAAk8uoVLWzQWnR40sHi\n" +
"ybvS0u3JxQkb7/y8tOOZu8qlz/YOS7lQ6UxUGX27Ce1E0+agfPphetoRAlS1cezq\n" +
"Wa7r64Ga0nkj1kwkcRqjgTiJx0NwnUXr78VAXFhVF95+O3lfqhvdtEGtkhDGPg7N\n" +
"A4IBBgACggEBAMmSHQK0w2i+iqUjOPzn0yNEZrzepLlLeQ1tqtn0xnlv5vBAeefD\n" +
"Pm9dd3tZOjufVWP7hhEz8xPobb1CS4e3vuQiv5UBfhdPL3f3l9T7JMAKPH6C9Vve\n" +
"OQXE5eGqbjsySbcmseHoYUt1WCSnSda1opX8zchX04e7DhGfE2/L9flpYEoSt8lI\n" +
"vMNjgOwvKdW3yvPt1/eBBHYNFG5gWPv/Q5KoyCtHS03uqGm4rNc/wZTIEEfd66C+\n" +
"QRaUltjOaHmtwOdDHaNqwhYZSVOip+Mo+TfyzHFREcdHLapo7ZXqbdYkRGxRR3d+\n" +
"3DfHaraJO0OKoYlPkr3JMvM/MSGR9AnZOcejUDBOMB0GA1UdDgQWBBR2Zp73O91F\n" +
"5TvZcjw/8FQ5hjEmUzAfBgNVHSMEGDAWgBR2Zp73O91F5TvZcjw/8FQ5hjEmUzAM\n" +
"BgNVHRMEBTADAQH/MAsGCWCGSAFlAwQDAgNHADBEAiBzriYE41M2y9Hy5ppkL0Qn\n" +
"dIlNc8JhXT/PHW7GDtViagIgMko8Qoj9gDGPK3+O9E8DC3wGiiF9CObM4LN387ok\n" +
"J+g=\n" +
"-----END CERTIFICATE-----",
"MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQDuRsj4UptM3ty0rvoInHVCy49O" +
"Yjn0y1L2UNvbGM+Nc5qqywUG3Soh6oCbtkXvbIE2+bLizYxdOO0ziz51N44T7Vpt" +
"l/F84lRiHB8pv0PzHmcUrbf/PLHqq6CN1jisyDC9hnK4rIU/pXBq7R9+k39frntk" +
"p59z0lsscoDaj45ZT+blI2JhS7wH+ECzJXZHfw9lcXMLB4wfMuYlGbF3s3PyxIUW" +
"Uv9Npor6pUcNwDJKvzlXv2bcRVrD9J7H8RBnWbmlBaaaRn4scRb8pqwd/iedXE7f" +
"qWQQ6g9stA2H3PvPIgrOI8B033AyKS2+d/BwYwY9qxILUBEkJgdKKA//sLD7AiEA" +
"tW2HIYBJTbQ2C9xYKS4DUlGKe4CFr/XoWguyzts+24kCggEAYrbxTpw5FI2vDQBe" +
"5Q6TlW+YqUPEonAS1t5EGpsYcrssYGcsvz6I2f6D6K5Klv0/wNK4ZxujLLBKQLXY" +
"sFQfnKwWBqN23MJhMSYXTienWLihaaT1oQsCjB7PZ6SvpagTJfJeY+fMZXBXgu2X" +
"xn/BmBpIRVtHOOLxEITDG2nOmU0z+JsPtbe8SX5gzJSxMiKU12gAJPLqFS1s0Fp0" +
"eNLB4sm70tLtycUJG+/8vLTjmbvKpc/2Dku5UOlMVBl9uwntRNPmoHz6YXraEQJU" +
"tXHs6lmu6+uBmtJ5I9ZMJHEao4E4icdDcJ1F6+/FQFxYVRfefjt5X6ob3bRBrZIQ" +
"xj4OzQQjAiEAsceWOM8do4etxp2zgnoNXV8PUUyqWhz1+0srcKV7FR4="),
CA_DSA_1024(
"DSA",
// dsaWithSHA1, 1024 bits
// Validity
// Not Before: Apr 24 12:25:43 2020 GMT
// Not After : Apr 22 12:25:43 2030 GMT
// Authority Key Identifier:
// E1:3C:01:52:EB:D1:38:F7:CF:F1:E3:5E:DB:54:75:7F:5E:AB:2D:36
"-----BEGIN CERTIFICATE-----\n" +
"MIIC9TCCArWgAwIBAgIUd52yKk0OxQuxdaYRAfq5VLuF1ZAwCQYHKoZIzjgEAzAu\n" +
"MQswCQYDVQQGEwJVUzENMAsGA1UECgwESmF2YTEQMA4GA1UECwwHU3VuSlNTRTAe\n" +
"Fw0yMDA0MjQxMjI1NDJaFw0zMDA0MjIxMjI1NDJaMC4xCzAJBgNVBAYTAlVTMQ0w\n" +
"CwYDVQQKDARKYXZhMRAwDgYDVQQLDAdTdW5KU1NFMIIBtjCCASsGByqGSM44BAEw\n" +
"ggEeAoGBAKgyb2XpANq43T8yBf5v0PTBOddLPxd0f0FotASron5rQr86JjBTfgIW\n" +
"oE4u7nYlO6bp/M4Dw6qZr+HaDu9taIDOj6LL51eUShVsOgS7XZcUzLT8vPnkEDDo\n" +
"u326x0B7fuNCbMLm+ipM2d4FhLUTt4Qb5TcY6l7dOGHeWiL7nl43AhUAoGr8DY2m\n" +
"WHZPHk2XbZ5wpaM2lLcCgYBKiFbFFViH/ylHJRPtYtjtJw4ls1scbVP4TRHnKoZc\n" +
"HPAird1fDYgGC2b0GQNAMABhI+L+ogxS7qakySpJCheuN25AjiSyilygQdlXoWRt\n" +
"Mggsh8EQZT7iP4V4e9m3xRHzb5ECvsSTdZB1BQMcC90W2Avq+orqgBnr2in9UEd8\n" +
"qwOBhAACgYAgVWxjYWlWIv7s4BnNMQoPKppi205f3aC6wv6Rqk4BnYYYrFONEmzQ\n" +
"hzj6lSXfxLpTu4lg2zNeIraZggoS0ztkbZNNADEmAHx+OLshiJJxu2/KfoopJOZg\n" +
"8ARmuaKOkWbkW9y4hWhfBlVwZbckG3Eibff0xronIXXy7B7UKaccyqNTMFEwHQYD\n" +
"VR0OBBYEFOE8AVLr0Tj3z/HjXttUdX9eqy02MB8GA1UdIwQYMBaAFOE8AVLr0Tj3\n" +
"z/HjXttUdX9eqy02MA8GA1UdEwEB/wQFMAMBAf8wCQYHKoZIzjgEAwMvADAsAhRC\n" +
"YLduLniBEJ51SfBWIkvNW6OG7QIUSKaTY6rgEFDEMoTqOjFChR22nkk=\n" +
"-----END CERTIFICATE-----",
"MIIBSgIBADCCASsGByqGSM44BAEwggEeAoGBAKgyb2XpANq43T8yBf5v0PTBOddL\n" +
"Pxd0f0FotASron5rQr86JjBTfgIWoE4u7nYlO6bp/M4Dw6qZr+HaDu9taIDOj6LL\n" +
"51eUShVsOgS7XZcUzLT8vPnkEDDou326x0B7fuNCbMLm+ipM2d4FhLUTt4Qb5TcY\n" +
"6l7dOGHeWiL7nl43AhUAoGr8DY2mWHZPHk2XbZ5wpaM2lLcCgYBKiFbFFViH/ylH\n" +
"JRPtYtjtJw4ls1scbVP4TRHnKoZcHPAird1fDYgGC2b0GQNAMABhI+L+ogxS7qak\n" +
"ySpJCheuN25AjiSyilygQdlXoWRtMggsh8EQZT7iP4V4e9m3xRHzb5ECvsSTdZB1\n" +
"BQMcC90W2Avq+orqgBnr2in9UEd8qwQWAhQ7rSn+WvIxeuZ/CK4p04eMe5JzpA=="),
CA_ED25519(
"EdDSA",
// ED25519
// Validity
// Not Before: May 24 23:32:35 2020 GMT
// Not After : May 22 23:32:35 2030 GMT
// X509v3 Authority Key Identifier:
// keyid:06:76:DB:88:EB:61:55:4C:C9:63:41:C2:A0:A8:57:3F:D7:F1:B8:EC
"-----BEGIN CERTIFICATE-----\n" +
"MIIByTCCAXugAwIBAgIUCyxKvhErehsygx50JYArsHby9hAwBQYDK2VwMDsxCzAJ\n" +
"BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" +
"U2VyaXZjZTAeFw0yMDA1MjQyMzMyMzVaFw0zMDA1MjIyMzMyMzVaMDsxCzAJBgNV\n" +
"BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
"aXZjZTAqMAUGAytlcAMhAKdotuYIkH8PYbopSLbaf1BtqUY2d6AbTgK2prMzQ6B3\n" +
"o4GQMIGNMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAZ224jrYVVMyWNBwqCo\n" +
"Vz/X8bjsMB8GA1UdIwQYMBaAFAZ224jrYVVMyWNBwqCoVz/X8bjsMA4GA1UdDwEB\n" +
"/wQEAwIBhjAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAwYIKwYBBQUHAwgGCCsGAQUF\n" +
"BwMJMAUGAytlcANBADVAArvME8xFigFhCCCOTBoy/4ldGkDZQ/GT3Q6xnAP558FU\n" +
"0G32OprKQZP43D9bmFU0LMgCVM9bHWU+bu/10AU=\n" +
"-----END CERTIFICATE-----",
"MC4CAQAwBQYDK2VwBCIEII/VYp8nu/eqq2L5y7/3IzavBgis4LWP6Rikv0N8SpgL"),
CA_ED448(
"EdDSA",
// ED448
// Validity
// Not Before: May 24 23:23:43 2020 GMT
// Not After : May 22 23:23:43 2030 GMT
// X509v3 Authority Key Identifier:
// keyid:F5:D5:9D:FB:6F:B7:50:29:DF:F0:B8:83:10:5F:9B:C4:A8:1C:E9:F4
"-----BEGIN CERTIFICATE-----\n" +
"MIICFDCCAZSgAwIBAgIUKcmLeKilq0LN40sniBJO7F1gb/owBQYDK2VxMDsxCzAJ\n" +
"BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" +
"U2VyaXZjZTAeFw0yMDA1MjQyMzIzNDNaFw0zMDA1MjIyMzIzNDNaMDsxCzAJBgNV\n" +
"BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
"aXZjZTBDMAUGAytlcQM6APYP8iSXS8xPVDike5RgCByfTtg4GGtpYfoBtt6G5szA\n" +
"55ExAKjm03wtk29nEPU2mCHF2QgfBzUrgKOBkDCBjTAPBgNVHRMBAf8EBTADAQH/\n" +
"MB0GA1UdDgQWBBT11Z37b7dQKd/wuIMQX5vEqBzp9DAfBgNVHSMEGDAWgBT11Z37\n" +
"b7dQKd/wuIMQX5vEqBzp9DAOBgNVHQ8BAf8EBAMCAYYwKgYDVR0lAQH/BCAwHgYI\n" +
"KwYBBQUHAwMGCCsGAQUFBwMIBggrBgEFBQcDCTAFBgMrZXEDcwAlRXA2gPb52yV3\n" +
"MKJErjmKlYSFExj5w5jafbbd0QgI1yDs+qSaZLjQ8ljwabmLDg+KR+167m0djQDI\n" +
"OOoVuL7bgM0RL836KnuuBzm+gTdPp0gCXy3k9lL0KA0V2YLJHXXzu3suu+7rdgoP\n" +
"plCh2hWdLgA=\n" +
"-----END CERTIFICATE-----",
"MEcCAQAwBQYDK2VxBDsEOd6/hRZqkUyTlJSwdN5gO/HnoWYda1fD83YUm5j6m2Bg\n" +
"hAQi+QadFsQLD7R6PI/4Q0twXqlKnxU5Ug=="),
EE_ECDSA_SECP256R1(
"EC",
// SHA256withECDSA, curve secp256r1
// Validity
// Not Before: May 22 07:18:16 2018 GMT
// Not After : May 17 07:18:16 2038 GMT
// Authority Key Identifier:
// 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
"-----BEGIN CERTIFICATE-----\n" +
"MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
"ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" +
"MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" +
"MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" +
"QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" +
"xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" +
"SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" +
"1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" +
"-----END CERTIFICATE-----",
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" +
"JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" +
"59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6"),
EE_ECDSA_SECP384R1(
"EC",
// SHA384withECDSA, curve secp384r1
// Validity
// Not Before: Jun 24 08:15:06 2019 GMT
// Not After : Jun 19 08:15:06 2039 GMT
// Authority Key Identifier:
// 40:2D:AA:EE:66:AA:33:27:AD:9B:5D:52:9B:60:67:6A:2B:AD:52:D2
"-----BEGIN CERTIFICATE-----\n" +
"MIICEjCCAZegAwIBAgIUS3F0AqAXWRg07CnbknJzxofyBQMwCgYIKoZIzj0EAwMw\n" +
"OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
"VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" +
"MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" +
"dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwdjAQBgcqhkjOPQIB\n" +
"BgUrgQQAIgNiAARqElz8b6T07eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/w\n" +
"G8ASSevpgqgpi6EzpBZaaJxE3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEj\n" +
"iLjYmt3O0pwpklijQjBAMB0GA1UdDgQWBBRALaruZqozJ62bXVKbYGdqK61S0jAf\n" +
"BgNVHSMEGDAWgBRKS1IUCtHWn/mZdXSTKjRHEhVr9TAKBggqhkjOPQQDAwNpADBm\n" +
"AjEArVDFKf48xijN6huVUJzKCOP0zlWB5Js+DItIkZmLQuhciPLhLIB/rChf3Y4C\n" +
"xuP4AjEAmfLhQRI0O3pifpYzYSVh2G7/jHNG4eO+2dvgAcU+Lh2IIj/cpLaPFSvL\n" +
"J8FXY9Nj\n" +
"-----END CERTIFICATE-----",
"MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDASuI9EtK29APXPipkc\n" +
"qDA+qwlewMjv/OcjUJ77kP1Vz62oVF9iY9SRIyFIUju8wt+hZANiAARqElz8b6T0\n" +
"7eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/wG8ASSevpgqgpi6EzpBZaaJxE\n" +
"3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEjiLjYmt3O0pwpklg="),
EE_ECDSA_SECP521R1(
"EC",
// SHA512withECDSA, curve secp521r1
// Validity
// Not Before: Jun 24 08:15:06 2019 GMT
// Not After : Jun 19 08:15:06 2039 GMT
// Authority Key Identifier:
// 7B:AA:79:A4:49:DD:59:34:F0:86:6C:51:C7:30:F4:CE:C5:81:8A:28
"-----BEGIN CERTIFICATE-----\n" +
"MIICXDCCAb2gAwIBAgIUck4QTsbHNqUfPxfGPJLYbedFPdswCgYIKoZIzj0EAwQw\n" +
"OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
"VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" +
"MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" +
"dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwgZswEAYHKoZIzj0C\n" +
"AQYFK4EEACMDgYYABAGa2zDLhYQHHCLI3YBqFYJTzrnDIjzwXrxhcRTS8DYkcrjZ\n" +
"+Fih1YyNhix0sdjH+3EqElXAHHuVzn3n3hPOtQCWlQCICkErB34S0cvmtRkeW8Fi\n" +
"hrR5tvJEzEZjPSgwn81kKyhV2L70je6i7Cw884Va8bODckpgw0vTmbQb7T9dupkv\n" +
"1aNCMEAwHQYDVR0OBBYEFHuqeaRJ3Vk08IZsUccw9M7FgYooMB8GA1UdIwQYMBaA\n" +
"FEAivFrtaq2pQJ4cW4pEQML3aym9MAoGCCqGSM49BAMEA4GMADCBiAJCAb33KHdY\n" +
"WDbusORWoY8Euglpd5zsF15hJsk7wtpD5HST1/NWmdCx405w+TV6a9Gr4VPHeaIQ\n" +
"99i/+f237ALL5p6IAkIBbwwFL1vt3c/bx+niyuffQPNjly80rdC9puqAqriSiboS\n" +
"efhxjidJ9HLaIRCMEPyd6vAsC8mO8YvL1uCuEQLsiGM=\n" +
"-----END CERTIFICATE-----",
"MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIB8C/2OX2Dt9vFszzV\n" +
"hcAe0CbkMlvu9uQ/L7Vz88heuIj0rUZIPGshvgIJt1hCMT8HZxYHvDa4lbUvqjFB\n" +
"+zafvPWhgYkDgYYABAGa2zDLhYQHHCLI3YBqFYJTzrnDIjzwXrxhcRTS8DYkcrjZ\n" +
"+Fih1YyNhix0sdjH+3EqElXAHHuVzn3n3hPOtQCWlQCICkErB34S0cvmtRkeW8Fi\n" +
"hrR5tvJEzEZjPSgwn81kKyhV2L70je6i7Cw884Va8bODckpgw0vTmbQb7T9dupkv\n" +
"1Q=="),
EE_RSA_2048(
"RSA",
// SHA256withRSA, 2048 bits
// Validity
// Not Before: May 22 07:18:16 2018 GMT
// Not After : May 17 07:18:16 2038 GMT
// Authority Key Identifier:
// 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C
"-----BEGIN CERTIFICATE-----\n" +
"MIIDNjCCAh6gAwIBAgIJAO2+yPcFryUTMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
"BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
"aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYT\n" +
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
"ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n" +
"AQ8AMIIBCgKCAQEAszfBobWfZIp8AgC6PiWDDavP65mSvgCXUGxACbxVNAfkLhNR\n" +
"QOsHriRB3X1Q3nvO9PetC6wKlvE9jlnDDj7D+1j1r1CHO7ms1fq8rfcQYdkanDtu\n" +
"4AlHo8v+SSWX16MIXFRYDj2VVHmyPtgbltcg4zGAuwT746FdLI94uXjJjq1IOr/v\n" +
"0VIlwE5ORWH5Xc+5Tj+oFWK0E4a4GHDgtKKhn2m72hN56/GkPKGkguP5NRS1qYYV\n" +
"/EFkdyQMOV8J1M7HaicSft4OL6eKjTrgo93+kHk+tv0Dc6cpVBnalX3TorG8QI6B\n" +
"cHj1XQd78oAlAC+/jF4pc0mwi0un49kdK9gRfQIDAQABoyMwITAfBgNVHSMEGDAW\n" +
"gBQN3ZPJ/ku9NbfomXiQ+9taPdsVTDANBgkqhkiG9w0BAQsFAAOCAQEApXS0nKwm\n" +
"Kp8gpmO2yG1rpd1+2wBABiMU4JZaTqmma24DQ3RzyS+V2TeRb29dl5oTUEm98uc0\n" +
"GPZvhK8z5RFr4YE17dc04nI/VaNDCw4y1NALXGs+AHkjoPjLyGbWpi1S+gfq2sNB\n" +
"Ekkjp6COb/cb9yiFXOGVls7UOIjnVZVd0r7KaPFjZhYh82/f4PA/A1SnIKd1+nfH\n" +
"2yk7mSJNC7Z3qIVDL8MM/jBVwiC3uNe5GPB2uwhd7k5LGAVN3j4HQQGB0Sz+VC1h\n" +
"92oi6xDa+YBva2fvHuCd8P50DDjxmp9CemC7rnZ5j8egj88w14X44Xjb/Fd/ApG9\n" +
"e57NnbT7KM+Grw==\n" +
"-----END CERTIFICATE-----",
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzN8GhtZ9kinwC\n" +
"ALo+JYMNq8/rmZK+AJdQbEAJvFU0B+QuE1FA6weuJEHdfVDee870960LrAqW8T2O\n" +
"WcMOPsP7WPWvUIc7uazV+ryt9xBh2RqcO27gCUejy/5JJZfXowhcVFgOPZVUebI+\n" +
"2BuW1yDjMYC7BPvjoV0sj3i5eMmOrUg6v+/RUiXATk5FYfldz7lOP6gVYrQThrgY\n" +
"cOC0oqGfabvaE3nr8aQ8oaSC4/k1FLWphhX8QWR3JAw5XwnUzsdqJxJ+3g4vp4qN\n" +
"OuCj3f6QeT62/QNzpylUGdqVfdOisbxAjoFwePVdB3vygCUAL7+MXilzSbCLS6fj\n" +
"2R0r2BF9AgMBAAECggEASIkPkMCuw4WdTT44IwERus3IOIYOs2IP3BgEDyyvm4B6\n" +
"JP/iihDWKfA4zEl1Gqcni1RXMHswSglXra682J4kui02Ov+vzEeJIY37Ibn2YnP5\n" +
"ZjRT2s9GtI/S2o4hl8A/mQb2IMViFC+xKehTukhV4j5d6NPKk0XzLR7gcMjnYxwn\n" +
"l21fS6D2oM1xRG/di7sL+uLF8EXLRzfiWDNi12uQv4nwtxPKvuKhH6yzHt7YqMH0\n" +
"46pmDKDaxV4w1JdycjCb6NrCJOYZygoQobuZqOQ30UZoZsPJrtovkncFr1e+lNcO\n" +
"+aWDfOLCtTH046dEQh5oCShyXMybNlry/QHsOtHOwQKBgQDh2iIjs+FPpQy7Z3EX\n" +
"DGEvHYqPjrYO9an2KSRr1m9gzRlWYxKY46WmPKwjMerYtra0GP+TBHrgxsfO8tD2\n" +
"wUAII6sd1qup0a/Sutgf2JxVilLykd0+Ge4/Cs51tCdJ8EqDV2B6WhTewOY2EGvg\n" +
"JiKYkeNwgRX/9M9CFSAMAk0hUQKBgQDLJAartL3DoGUPjYtpJnfgGM23yAGl6G5r\n" +
"NSXDn80BiYIC1p0bG3N0xm3yAjqOtJAUj9jZbvDNbCe3GJfLARMr23legX4tRrgZ\n" +
"nEdKnAFKAKL01oM+A5/lHdkwaZI9yyv+hgSVdYzUjB8rDmzeVQzo1BT7vXypt2yV\n" +
"6O1OnUpCbQKBgA/0rzDChopv6KRcvHqaX0tK1P0rYeVQqb9ATNhpf9jg5Idb3HZ8\n" +
"rrk91BNwdVz2G5ZBpdynFl9G69rNAMJOCM4KZw5mmh4XOEq09Ivba8AHU7DbaTv3\n" +
"7QL7KnbaUWRB26HHzIMYVh0el6T+KADf8NXCiMTr+bfpfbL3dxoiF3zhAoGAbCJD\n" +
"Qse1dBs/cKYCHfkSOsI5T6kx52Tw0jS6Y4X/FOBjyqr/elyEexbdk8PH9Ar931Qr\n" +
"NKMvn8oA4iA/PRrXX7M2yi3YQrWwbkGYWYjtzrzEAdzmg+5eARKAeJrZ8/bg9l3U\n" +
"ttKaItJsDPlizn8rngy3FsJpR9aSAMK6/+wOiYkCgYEA1tZkI1rD1W9NYZtbI9BE\n" +
"qlJVFi2PBOJMKNuWdouPX3HLQ72GJSQff2BFzLTELjweVVJ0SvY4IipzpQOHQOBy\n" +
"5qh/p6izXJZh3IHtvwVBjHoEVplg1b2+I5e3jDCfqnwcQw82dW5SxOJMg1h/BD0I\n" +
"qAL3go42DYeYhu/WnECMeis="),
EE_EC_RSA_SECP256R1(
"EC",
// SHA256withRSA, curve secp256r1
// Validity
// Not Before: May 22 07:18:16 2018 GMT
// Not After : May 21 07:18:16 2028 GMT
// Authority Key Identifier:
// 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C
"-----BEGIN CERTIFICATE-----\n" +
"MIICazCCAVOgAwIBAgIJAO2+yPcFryUUMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
"BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
"aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0yODA1MjEwNzE4MTZaMFUxCzAJBgNVBAYT\n" +
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
"ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" +
"AQcDQgAE59MERNTlVZ1eeps8Z3Oue5ZkgQdPtD+WIE6tj3PbIKpxGPDxvfNP959A\n" +
"yQjEK/ehWQVrCMmNoEkIzY+IIBgB06MjMCEwHwYDVR0jBBgwFoAUDd2Tyf5LvTW3\n" +
"6Jl4kPvbWj3bFUwwDQYJKoZIhvcNAQELBQADggEBAFOTVEqs70ykhZiIdrEsF1Ra\n" +
"I3B2rLvwXZk52uSltk2/bzVvewA577ZCoxQ1pL7ynkisPfBN1uVYtHjM1VA3RC+4\n" +
"+TAK78dnI7otYjWoHp5rvs4l6c/IbOspS290IlNuDUxMErEm5wxIwj+Aukx/1y68\n" +
"hOyCvHBLMY2c1LskH1MMBbDuS1aI+lnGpToi+MoYObxGcV458vxuT8+wwV8Fkpvd\n" +
"ll8IIFmeNPRv+1E+lXbES6CSNCVaZ/lFhPgdgYKleN7sfspiz50DG4dqafuEAaX5\n" +
"xaK1NWXJxTRz0ROH/IUziyuDW6jphrlgit4+3NCzp6vP9hAJQ8Vhcj0n15BKHIQ=\n" +
"-----END CERTIFICATE-----",
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGVc7hICpmp91jbYe\n" +
"nrr8nYHD37RZP3VENY+szuA7WjuhRANCAATn0wRE1OVVnV56mzxnc657lmSBB0+0\n" +
"P5YgTq2Pc9sgqnEY8PG980/3n0DJCMQr96FZBWsIyY2gSQjNj4ggGAHT"),
EE_DSA_2048(
"DSA",
// SHA256withDSA, 2048 bits
// Validity
// Not Before: May 22 07:18:20 2018 GMT
// Not After : May 17 07:18:20 2038 GMT
// Authority Key Identifier:
// 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53
"-----BEGIN CERTIFICATE-----\n" +
"MIIEnDCCBEGgAwIBAgIJAP/jh1qVhNVjMAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" +
"EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" +
"Y2UwHhcNMTgwNTIyMDcxODIwWhcNMzgwNTE3MDcxODIwWjBVMQswCQYDVQQGEwJV\n" +
"UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Ux\n" +
"GDAWBgNVBAMMD1JlZ3Jlc3Npb24gVGVzdDCCA0cwggI6BgcqhkjOOAQBMIICLQKC\n" +
"AQEAmlavgoJrMcjqWRVcDE2dmWAPREgnzQvneEDef68cprDzjSwvOs5QeFyx75ib\n" +
"ado1e6jO/rW1prCGWHDD1oA/Tn4Pk3vu0nUxzvl1qATc+aJbpUU5Op0bvp6LbCsQ\n" +
"QslV9FeRh7Eb7bP6gpc/kHCBzEgC1VCK7prccXWy+t6SMOHbND3h+UbckfSaUuaV\n" +
"sVJNTD1D6GElfRj4Nmz1BGPfSYvKorwNZEU3gXwFgtDoAcGx7tcyClLpDHfqRfw/\n" +
"7yiqLyeiP7D4hl5lMNouJWDlAdMFp0FMgS3s9VDFinIcr6VtBWMTG7+4+czHAB+3\n" +
"fvrwlqNzhBn3uFHrekN/w8fNxwIhAJo7Sae1za7IMW0Q6hE5B4b+s2B/FaKPoA4E\n" +
"jtZu13B9AoIBAQCOZqLMKfvqZWUgT0PQ3QjR7dAFdd06I9Y3+TOQzZk1+j+vw/6E\n" +
"X4vFItX4gihb/u5Q9CdmpwhVGi7bvo+7+/IKeTgoQ6f5+PSug7SrWWUQ5sPwaZui\n" +
"zXZJ5nTeZDucFc2yFx0wgnjbPwiUxZklOT7xGiOMtzOTa2koCz5KuIBL+/wPKKxm\n" +
"ypo9VoY9xfbdU6LMXZv/lpD5XTM9rYHr/vUTNkukvV6Hpm0YMEWhVZKUJiqCqTqG\n" +
"XHaleOxSw6uQWB/+TznifcC7gB48UOQjCqOKf5VuwQneJLhlhU/jhRV3xtr+hLZa\n" +
"hW1wYhVi8cjLDrZFKlgEQqhB4crnJU0mJY+tA4IBBQACggEAID0ezl00/X8mv7eb\n" +
"bzovum1+DEEP7FM57k6HZEG2N3ve4CW+0m9Cd+cWPz8wkZ+M0j/Eqa6F0IdbkXEc\n" +
"Q7CuzvUyJ57xQ3L/WCgXsiS+Bh8O4Mz7GwW22CGmHqafbVv+hKBfr8MkskO6GJUt\n" +
"SUF/CVLzB4gMIvZMH26tBP2xK+i7FeEK9kT+nGdzQSZBAhFYpEVCBplHZO24/OYq\n" +
"1DNoU327nUuXIhmsfA8N0PjiWbIZIjTPwBGr9H0LpATI7DIDNcvRRvtROP+pBU9y\n" +
"fuykPkptg9C0rCM9t06bukpOSaEz/2VIQdLE8fHYFA6pHZ6CIc2+5cfvMgTPhcjz\n" +
"W2jCt6MjMCEwHwYDVR0jBBgwFoAUdmae9zvdReU72XI8P/BUOYYxJlMwCwYJYIZI\n" +
"AWUDBAMCA0gAMEUCIQCeI5fN08b9BpOaHdc3zQNGjp24FOL/RxlBLeBAorswJgIg\n" +
"JEZ8DhYxQy1O7mmZ2UIT7op6epWMB4dENjs0qWPmcKo=\n" +
"-----END CERTIFICATE-----",
"MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQCaVq+CgmsxyOpZFVwMTZ2ZYA9E\n" +
"SCfNC+d4QN5/rxymsPONLC86zlB4XLHvmJtp2jV7qM7+tbWmsIZYcMPWgD9Ofg+T\n" +
"e+7SdTHO+XWoBNz5olulRTk6nRu+notsKxBCyVX0V5GHsRvts/qClz+QcIHMSALV\n" +
"UIrumtxxdbL63pIw4ds0PeH5RtyR9JpS5pWxUk1MPUPoYSV9GPg2bPUEY99Ji8qi\n" +
"vA1kRTeBfAWC0OgBwbHu1zIKUukMd+pF/D/vKKovJ6I/sPiGXmUw2i4lYOUB0wWn\n" +
"QUyBLez1UMWKchyvpW0FYxMbv7j5zMcAH7d++vCWo3OEGfe4Uet6Q3/Dx83HAiEA\n" +
"mjtJp7XNrsgxbRDqETkHhv6zYH8Voo+gDgSO1m7XcH0CggEBAI5moswp++plZSBP\n" +
"Q9DdCNHt0AV13Toj1jf5M5DNmTX6P6/D/oRfi8Ui1fiCKFv+7lD0J2anCFUaLtu+\n" +
"j7v78gp5OChDp/n49K6DtKtZZRDmw/Bpm6LNdknmdN5kO5wVzbIXHTCCeNs/CJTF\n" +
"mSU5PvEaI4y3M5NraSgLPkq4gEv7/A8orGbKmj1Whj3F9t1Tosxdm/+WkPldMz2t\n" +
"gev+9RM2S6S9XoembRgwRaFVkpQmKoKpOoZcdqV47FLDq5BYH/5POeJ9wLuAHjxQ\n" +
"5CMKo4p/lW7BCd4kuGWFT+OFFXfG2v6EtlqFbXBiFWLxyMsOtkUqWARCqEHhyucl\n" +
"TSYlj60EIgIgLfA75+8KcKxdN8mr6gzGjQe7jPFGG42Ejhd7Q2F4wuw="),
EE_DSA_1024(
"DSA",
// dsaWithSHA1, 1024 bits
// Validity
// Not Before: Apr 24 12:25:43 2020 GMT
// Not After : Apr 22 12:25:43 2030 GMT
// Authority Key Identifier:
// E1:3C:01:52:EB:D1:38:F7:CF:F1:E3:5E:DB:54:75:7F:5E:AB:2D:36
"-----BEGIN CERTIFICATE-----\n" +
"MIIDADCCAr+gAwIBAgIUd2XJ5F2VTbk9a92w/NzLXR5zjUQwCQYHKoZIzjgEAzAu\n" +
"MQswCQYDVQQGEwJVUzENMAsGA1UECgwESmF2YTEQMA4GA1UECwwHU3VuSlNTRTAe\n" +
"Fw0yMDA0MjQxMjI1NDNaFw0zMDA0MjIxMjI1NDNaMEgxCzAJBgNVBAYTAlVTMQ0w\n" +
"CwYDVQQKDARKYXZhMRAwDgYDVQQLDAdTdW5KU1NFMRgwFgYDVQQDDA9SZWdyZXNz\n" +
"aW9uIFRlc3QwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA7fSkxYISlMJT+i8N5VOb\n" +
"lHhjrPYAy3oR2/YXQW6T0hCMhm8jmxgk1bDId9ZKHrxsM05EkCtRYaqag4ZZeGde\n" +
"ywv3IwwYqCQfGtkPwT9QAsdSABYwGOrlhEtZtBG1yQ44c+Rz/Vs+PtkAyZbf5VG1\n" +
"iSxFb9bI5QFJWJ9a2VpZh58CFQCCGALQoK4MsQP8V72WlB7Bvt9erwKBgQDCxu0G\n" +
"M2iZr0J8DaAo9/ChS4m7E7h6Jz9KOm2cFhzYGekkUXNzny7nyz6Qpgbuf8KNFKjt\n" +
"qoUDC8tlcVQAUlTcESC0TZXR3h21hl9wzIBhE+kJ1j8v1KAxfOaJOxObk5QEvIaA\n" +
"5j+jiHGwRS5tDqywOatz+emwMZv1wKnCNBElNgOBhAACgYBHjuQKucCuuvy/4DpG\n" +
"rSIzdueK+HrzOW8h2pfvz3lzpsyV6XJPC6we9CjaQjU01VcjwN2PoYtbGyml0pbK\n" +
"We4sdgn6LDL1aCM/WKRSxGHVTx+wkhKQ719YtiC0T6sA+eLirc6VT3/6+FbQWC+2\n" +
"bG7N19sGpV/RAXMBpRXUnBJSQaNCMEAwHQYDVR0OBBYEFNNZxyxuQmKvWowofr/S\n" +
"HdCIS+W8MB8GA1UdIwQYMBaAFOE8AVLr0Tj3z/HjXttUdX9eqy02MAkGByqGSM44\n" +
"BAMDMAAwLQIUUzzMhZ9St/Vo/YdgNTHdTw4cm14CFQCE6tWG157Wl5YFyYsGHsLY\n" +
"NN8uCA==\n" +
"-----END CERTIFICATE-----",
"MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAO30pMWCEpTCU/ovDeVTm5R4Y6z2\n" +
"AMt6Edv2F0Fuk9IQjIZvI5sYJNWwyHfWSh68bDNORJArUWGqmoOGWXhnXssL9yMM\n" +
"GKgkHxrZD8E/UALHUgAWMBjq5YRLWbQRtckOOHPkc/1bPj7ZAMmW3+VRtYksRW/W\n" +
"yOUBSVifWtlaWYefAhUAghgC0KCuDLED/Fe9lpQewb7fXq8CgYEAwsbtBjNoma9C\n" +
"fA2gKPfwoUuJuxO4eic/SjptnBYc2BnpJFFzc58u58s+kKYG7n/CjRSo7aqFAwvL\n" +
"ZXFUAFJU3BEgtE2V0d4dtYZfcMyAYRPpCdY/L9SgMXzmiTsTm5OUBLyGgOY/o4hx\n" +
"sEUubQ6ssDmrc/npsDGb9cCpwjQRJTYEFgIUNRiLmNzfTYOuVsjkySPzP5gPImM="),
EE_ED25519(
"EdDSA",
// ED25519
// Validity
// Not Before: May 24 23:32:36 2020 GMT
// Not After : May 22 23:32:36 2030 GMT
// X509v3 Authority Key Identifier:
// keyid:06:76:DB:88:EB:61:55:4C:C9:63:41:C2:A0:A8:57:3F:D7:F1:B8:EC
"-----BEGIN CERTIFICATE-----\n" +
"MIIBlDCCAUagAwIBAgIUFTt/jcgQ65nhTG8LkrWFJhhEGuwwBQYDK2VwMDsxCzAJ\n" +
"BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" +
"U2VyaXZjZTAeFw0yMDA1MjQyMzMyMzZaFw0zMDA1MjIyMzMyMzZaMFUxCzAJBgNV\n" +
"BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
"aXZjZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MCowBQYDK2VwAyEAGAYQmKb7\n" +
"WNYpVxIdsc49lI1emNjF06/Jl85zlG0wc9OjQjBAMB0GA1UdDgQWBBQkJ2E4/S8Z\n" +
"EIM1v9uTc0eYtYNk3zAfBgNVHSMEGDAWgBQGdtuI62FVTMljQcKgqFc/1/G47DAF\n" +
"BgMrZXADQQCVZnl/AyIEtZ8r45e/hcfxwuezgRX+7e9NHZFV1A/TMGcBRORDfDUi\n" +
"bbh72K528fjT7P4/WoXvm1zJKOAzUOUL\n" +
"-----END CERTIFICATE-----",
"MC4CAQAwBQYDK2VwBCIEIGBmdh4tfc0lng/LWokhfFLlo0ZlmTn2lbI639qou2KP"),
EE_ED448(
"EdDSA",
// ED448
// Validity
// Not Before: May 24 23:23:43 2020 GMT
// Not After : May 22 23:23:43 2030 GMT
// X509v3 Authority Key Identifier:
// keyid:F5:D5:9D:FB:6F:B7:50:29:DF:F0:B8:83:10:5F:9B:C4:A8:1C:E9:F4
"-----BEGIN CERTIFICATE-----\n" +
"MIIB3zCCAV+gAwIBAgIUNlWzFrH2+BILqM3SNYQjKoY98S8wBQYDK2VxMDsxCzAJ\n" +
"BgNVBAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3Qg\n" +
"U2VyaXZjZTAeFw0yMDA1MjQyMzIzNDNaFw0zMDA1MjIyMzIzNDNaMFUxCzAJBgNV\n" +
"BAYTAlVTMQ0wCwYDVQQKDARqYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
"aXZjZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MEMwBQYDK2VxAzoAoIubPNAg\n" +
"F11u3MQ5d9wujg10+80I0xzYzTqzzXrfJNtw+eU8NbUk86xiCvlMzJRH0Oo3DbY8\n" +
"NAKAo0IwQDAdBgNVHQ4EFgQUUiI1+qT1x+HsDgfZRIU6hUaAbmUwHwYDVR0jBBgw\n" +
"FoAU9dWd+2+3UCnf8LiDEF+bxKgc6fQwBQYDK2VxA3MAx8P0mle08s5YDd/p58dt\n" +
"yORqvDPwo5IYPasqN8Zeen1B9u1xF/kvDGFxCJ6D9Gi4ynnDx0FZFMkA83evZcxJ\n" +
"+X+swt7FyHwXrdkZcvjRKEcsWhkj+0FlxYF/NZzLTGuGIPYJnRLEwf/zr+5NDxKs\n" +
"fCoA\n" +
"-----END CERTIFICATE-----",
"MEcCAQAwBQYDK2VxBDsEOfbhmUSuKP9WCO7Nr6JxVq5rfJESk1MNMyYhC134SiAP\n" +
"Suw0Cu7RZVadpfPR7Kiwb2b/JXjMdY1HAA==");
final String keyAlgo;
final String certStr;
final String privKeyStr;
Cert(String keyAlgo, String certStr, String privKeyStr) {
this.keyAlgo = keyAlgo;
this.certStr = certStr;
this.privKeyStr = privKeyStr;
}
}
}

2
test/jdk/sun/security/ssl/ALPN/AlpnGreaseTest.java
View File

@ -53,7 +53,7 @@ import java.util.Arrays;
* (wrap/unwrap) pass before any application data is consumed or
* produced.
*/
public class AlpnGreaseTest implements SSLContextTemplate {
public class AlpnGreaseTest extends SSLContextTemplate {
private final SSLEngine clientEngine; // client Engine
private final ByteBuffer clientOut; // write side of clientEngine

20
test/jdk/sun/security/ssl/CipherSuite/DisabledCurve.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -48,21 +48,23 @@ public class DisabledCurve extends SSLSocketTemplate {
{ { "TLSv1.2" }, { "TLSv1.2" } }, { { "TLSv1.1" }, { "TLSv1.1" } },
{ { "TLSv1" }, { "TLSv1" } } };
@Override
protected SSLContext createClientSSLContext() throws Exception {
return createSSLContext(
new SSLSocketTemplate.Cert[] {
SSLSocketTemplate.Cert.CA_ECDSA_SECP384R1 },
new SSLSocketTemplate.Cert[] {
SSLSocketTemplate.Cert.EE_ECDSA_SECP384R1 },
new SSLContextTemplate.Cert[] {
SSLContextTemplate.Cert.CA_ECDSA_SECP384R1 },
new SSLContextTemplate.Cert[] {
SSLContextTemplate.Cert.EE_ECDSA_SECP384R1 },
getClientContextParameters());
}
@Override
protected SSLContext createServerSSLContext() throws Exception {
return createSSLContext(
new SSLSocketTemplate.Cert[] {
SSLSocketTemplate.Cert.CA_ECDSA_SECP384R1 },
new SSLSocketTemplate.Cert[] {
SSLSocketTemplate.Cert.EE_ECDSA_SECP384R1 },
new SSLContextTemplate.Cert[] {
SSLContextTemplate.Cert.CA_ECDSA_SECP384R1 },
new SSLContextTemplate.Cert[] {
SSLContextTemplate.Cert.EE_ECDSA_SECP384R1 },
getServerContextParameters());
}

135
test/jdk/sun/security/ssl/CipherSuite/RestrictSignatureScheme.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,21 +28,12 @@
* @summary Restrict signature algorithms and named groups
* @run main/othervm RestrictSignatureScheme
*/
import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import java.util.Base64;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.SSLException;
public class RestrictSignatureScheme extends SSLSocketTemplate {
@ -58,16 +49,20 @@ public class RestrictSignatureScheme extends SSLSocketTemplate {
private final SSLContext context;
RestrictSignatureScheme() throws Exception {
this.context = createSSLContext();
this.context = createSSLContext(
new Cert[]{Cert.EE_RSASSA_PSS},
new Cert[]{Cert.EE_RSASSA_PSS},
new ContextParameters("TLS", "PKIX", "NewSunX509")
);
}
@Override
protected SSLContext createClientSSLContext() throws Exception {
public SSLContext createClientSSLContext() throws Exception {
return context;
}
@Override
protected SSLContext createServerSSLContext() throws Exception {
public SSLContext createServerSSLContext() throws Exception {
return context;
}
@ -117,116 +112,4 @@ public class RestrictSignatureScheme extends SSLSocketTemplate {
throw new Exception("The test case should be disabled");
}
}
private static final String trustedCertStr =
/**
* Signature Algorithm: rsassaPss
* Issuer: CN = localhost
* Validity Not Before: Jun 6 07:11:00 2018 GMT
* Not After : Jun 1 07:11:00 2038 GMT
* Subject: CN = localhost
* Public Key Algorithm: rsassaPss
*/
"-----BEGIN CERTIFICATE-----\n"
+ "MIIDZjCCAh2gAwIBAgIUHxwPs3eAgJ057nJwiLgWZWeNqdgwPgYJKoZIhvcNAQEK\n"
+ "MDGgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogQC\n"
+ "AgDeMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xODA2MDYwNzExMDBaFw0zODA2\n"
+ "MDEwNzExMDBaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASAwCwYJKoZIhvcNAQEK\n"
+ "A4IBDwAwggEKAoIBAQCl8r4Qrg27BYUO/1Va2Ix8QPGzN/lvzmKvP5Ff26ovNW4v\n"
+ "RUx68HzAhhiWtcl+PwLSbJqJreEkTlle7PnRAypby3fO7ZAK0Y3YiHquaBg7d+7Y\n"
+ "FhhHwv8gG0lZcyA0BkXFJHqdq76qar0xHC6DVezXm0K3mcceymGtFR9BzWmAj+7D\n"
+ "YsSwvtTQ7WNoQmf0cdDMSM71IwaTwIwvT2wzX1vv5hcdDyXdr64WFqWSA9sNJ2K6\n"
+ "arxaaU1klwKSgDokF6njafWQ4UxdR67d5W1MYoiioDs2Yy3utsMpO2OUzZVBZNdT\n"
+ "gkr1jsJhIurpz/5K51lwJIRQBezEFSb+60AFVoMJAgMBAAGjUDBOMB0GA1UdDgQW\n"
+ "BBQfFit5ilWJmZgCX4QY0HsaI9iIDDAfBgNVHSMEGDAWgBQfFit5ilWJmZgCX4QY\n"
+ "0HsaI9iIDDAMBgNVHRMEBTADAQH/MD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZIAWUD\n"
+ "BAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3gOCAQEAa4yUQ3gh\n"
+ "d1YWPdEa1sv2hdkhtenw6m5yxbmaQl2+nIKSpk4RfpXC7K1EYwBF8TdfFbD8hGGh\n"
+ "5n81BT0/dn1R9SRGCv7KTxx4lfQt31frlsw/tVciwyXQtcUZ6DqfnLP0/aRVLNgx\n"
+ "zaP542JUHFYLTC3EGz2zUgv70ZUTlIsPG3/p8YO1iXdnYGQyzOuQPUBpI7nS7UtR\n"
+ "Ug8VE9ACpBxxI3qChMahFZGHlXCCSjSmxpQa6UO4SQl8q5tPNnqdzWwvAW8qkCy4\n"
+ "6barRQ4sMcGayhHh/uSTx7bcl0FMJpcI1ygbw7/Pc03zKtw0gMTBMns7q4yXjb/u\n"
+ "ef47nW0t+LRAAg==\n"
+ "-----END CERTIFICATE-----\n";
private static final String keyCertStr = trustedCertStr;
private static final String privateKey =
"MIIEuwIBADALBgkqhkiG9w0BAQoEggSnMIIEowIBAAKCAQEApfK+EK4NuwWFDv9V\n"
+ "WtiMfEDxszf5b85irz+RX9uqLzVuL0VMevB8wIYYlrXJfj8C0myaia3hJE5ZXuz5\n"
+ "0QMqW8t3zu2QCtGN2Ih6rmgYO3fu2BYYR8L/IBtJWXMgNAZFxSR6nau+qmq9MRwu\n"
+ "g1Xs15tCt5nHHsphrRUfQc1pgI/uw2LEsL7U0O1jaEJn9HHQzEjO9SMGk8CML09s\n"
+ "M19b7+YXHQ8l3a+uFhalkgPbDSdiumq8WmlNZJcCkoA6JBep42n1kOFMXUeu3eVt\n"
+ "TGKIoqA7NmMt7rbDKTtjlM2VQWTXU4JK9Y7CYSLq6c/+SudZcCSEUAXsxBUm/utA\n"
+ "BVaDCQIDAQABAoIBAAc4vRS0vlw5LUUtz2UYr2Ro3xvRf8Vh0eGWfpkRUiKjzJu6\n"
+ "BE4FUSh/rWpBlvcrfs/xcfgz3OxbjIAZB/YUkS9Vd21F4VLXM7kMl2onlYZg/b/h\n"
+ "lkTpM3kONu7xl6Er9LVTlRJveuinpHwSoeONRbVMSGb9BjFM1VtW4/lVGxZBG05D\n"
+ "y9i/o4vCZqULn9cAumOwicKuCyTcS58XcMJ+puSPfRA71PYLxqFkASAoJsUwCXpo\n"
+ "gs39lLsIFgrfO8mBO1ux/SE+QaRc+9XqFSHHKD1XqF/9zSYBgWjE910EcpdYEdZx\n"
+ "GEkwea7Fn4brO5OpIrHY/45naqbUOBzv6gufMAECgYEAz7PHCdcrQvmOb8EiNbQH\n"
+ "uvSimwObWJFeN1ykp6mfRbSnkXw7p8+M4Tc8HFi8QLpoq63Ev2AwoaQCQvHbFC2Y\n"
+ "1Cz0EkC0aOp+tZP7U2AUBdkcDesZAJQTad0zV6KesyIUXdxZXDG8JJ1XSNWfTJV4\n"
+ "QD+BjLZ0jiAyCIfVYvWQqYkCgYEAzIln1nKTixLMPr5CldSmR7ZarEtPJU+hHwVg\n"
+ "dV/Lc6d2Yy9JgunOXRo4BXB1TEo8JFbK3HBQH6tS8li4qDr7WK5wyYfh8qb4WZyu\n"
+ "lc562f2WVYntcN8/Ojb+Vyrt7lk9sq/8KoVHxEAWd6mqL9VTPYuAu1Vw9fTGIZfB\n"
+ "lDeELYECgYAvdzU4UXzofGGJtohb332YwwlaBZP9xJLUcg6K5l+orWVSASMc8XiP\n"
+ "i3DoRXsYC8GZ4kdBOPlEJ1gA9oaLcPQpIPDSLwlLpLM6Scw4vI822uvnXl/DWxOo\n"
+ "sM1n7Jj59QLUhGPDhvYpI+/rjC4wcUQe4qR3hMbUKBVnD6u7RsU9iQKBgQCQ17VK\n"
+ "7bSCRfuRaxaoGADww7gOTv5rQ6qr1xjpxb7D1hFGR9Rc+smCsPB/GZZXQjK44SWj\n"
+ "WX3ED4Ubzaxmpe4cbNu+O5XMSmWQwB36RFBHUwdE5/nXdqDFzu/qNqJrqZLBmVKP\n"
+ "ofaiiWffsaytVvotmT6+atElvAMbAua42V+nAQKBgHtIn3mYMHLriYGhQzpkFEA2\n"
+ "8YcAMlKppueOMAKVy8nLu2r3MidmLAhMiKJQKG45I3Yg0/t/25tXLiOPJlwrOebh\n"
+ "xQqUBI/JUOIpGAEnr48jhOXnCS+i+z294G5U/RgjXrlR4bCPvrtCmwzWwe0h79w2\n"
+ "Q2hO5ZTW6UD9CVA85whf";
private static SSLContext createSSLContext() throws Exception {
// Generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// Create a key store
KeyStore ts = KeyStore.getInstance("PKCS12");
KeyStore ks = KeyStore.getInstance("PKCS12");
ts.load(null, null);
ks.load(null, null);
char passphrase[] = "passphrase".toCharArray();
// Import the trusted cert
ts.setCertificateEntry("trusted-cert-RSASSA-PSS",
cf.generateCertificate(new ByteArrayInputStream(
trustedCertStr.getBytes())));
boolean hasKeyMaterials = keyCertStr != null && privateKey != null;
if (hasKeyMaterials) {
// Generate the private key.
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(privateKey));
KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS");
PrivateKey priKey = kf.generatePrivate(priKeySpec);
// Generate certificate chain
Certificate keyCert = cf.generateCertificate(
new ByteArrayInputStream(keyCertStr.getBytes()));
Certificate[] chain = new Certificate[]{keyCert};
// Import the key entry.
ks.setKeyEntry("cert-RSASSA-PSS", priKey, passphrase, chain);
}
// Create SSL context
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(ts);
SSLContext context = SSLContext.getInstance("TLS");
if (hasKeyMaterials) {
KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
kmf.init(ks, passphrase);
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
} else {
context.init(null, tmf.getTrustManagers(), null);
}
return context;
}
}

97
test/jdk/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java
View File

@ -30,7 +30,7 @@
* @test
* @bug 7031830
* @summary bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine
* @library /test/lib
* @library /test/lib /javax/net/ssl/templates
* @run main/othervm SSLEngineBadBufferArrayAccess
*/
@ -82,19 +82,19 @@ import javax.net.ssl.*;
import javax.net.ssl.SSLEngineResult.*;
import java.io.*;
import java.net.*;
import java.security.*;
import java.nio.*;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import jdk.test.lib.security.SecurityUtils;
public class SSLEngineBadBufferArrayAccess {
public class SSLEngineBadBufferArrayAccess extends SSLContextTemplate {
/*
* Enables logging of the SSL/TLS operations.
*/
private static boolean logging = true;
private final static boolean logging = Boolean.parseBoolean(
System.getProperty("test.logging", "true"));
/*
* Enables the JSSE system debugging system property:
@ -105,8 +105,9 @@ public class SSLEngineBadBufferArrayAccess {
* including specific handshake messages, and might be best examined
* after gaining some familiarity with this application.
*/
private static boolean debug = false;
private SSLContext sslc;
private final static boolean debug = Boolean.getBoolean("test.debug");
private final String PROTOCOL;
private SSLEngine serverEngine; // server-side SSLEngine
private final byte[] serverMsg = "Hi there Client, I'm a Server".getBytes();
@ -124,20 +125,6 @@ public class SSLEngineBadBufferArrayAccess {
private ByteBuffer cTOs; // "reliable" transport client->server
private ByteBuffer sTOc; // "reliable" transport server->client
/*
* The following is to set up the keystores/trust material.
*/
private static final String pathToStores = "../../../../javax/net/ssl/etc";
private static final String keyStoreFile = "keystore";
private static final String trustStoreFile = "truststore";
private static final String passwd = "passphrase";
private static String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores
+ "/" + keyStoreFile;
private static String trustFilename =
System.getProperty("test.src", ".") + "/" + pathToStores
+ "/" + trustStoreFile;
/*
* Is the server ready to serve?
*/
@ -156,7 +143,7 @@ public class SSLEngineBadBufferArrayAccess {
/*
* Main entry point for this test.
*/
public static void main(String args[]) throws Exception {
public static void main(String[] args) throws Exception {
if (debug) {
System.setProperty("javax.net.debug", "all");
}
@ -165,7 +152,7 @@ public class SSLEngineBadBufferArrayAccess {
SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1");
String [] protocols = new String [] {
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" };
"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
for (String protocol : protocols) {
/*
@ -184,32 +171,18 @@ public class SSLEngineBadBufferArrayAccess {
/*
* Create an initialized SSLContext to use for these tests.
*/
public SSLEngineBadBufferArrayAccess(String protocol) throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ts = KeyStore.getInstance("JKS");
char[] passphrase = "passphrase".toCharArray();
try (FileInputStream fis = new FileInputStream(keyFilename)) {
ks.load(fis, passphrase);
public SSLEngineBadBufferArrayAccess(String protocol) {
PROTOCOL = protocol;
}
try (FileInputStream fis = new FileInputStream(trustFilename)) {
ts.load(fis, passphrase);
@Override
protected ContextParameters getServerContextParameters() {
return new ContextParameters(PROTOCOL, "PKIX", "NewSunX509");
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
SSLContext sslCtx = SSLContext.getInstance(protocol);
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
sslc = sslCtx;
@Override
protected ContextParameters getClientContextParameters() {
return new ContextParameters(PROTOCOL, "PKIX", "NewSunX509");
}
/*
@ -232,6 +205,7 @@ public class SSLEngineBadBufferArrayAccess {
private void runTest(boolean direct) throws Exception {
boolean serverClose = direct;
System.out.println("Running test serverClose = " + serverClose);
ServerSocket serverSocket = new ServerSocket(0);
serverPort = serverSocket.getLocalPort();
@ -244,7 +218,7 @@ public class SSLEngineBadBufferArrayAccess {
Socket socket;
try {
serverSocket.setSoTimeout(30000);
socket = (Socket) serverSocket.accept();
socket = serverSocket.accept();
} catch (SocketTimeoutException ste) {
serverSocket.close();
@ -327,7 +301,7 @@ public class SSLEngineBadBufferArrayAccess {
byte[] outbound = new byte[8192];
while (!isEngineClosed(serverEngine)) {
int len = 0;
int len;
// Inbound data
log("================");
@ -336,8 +310,15 @@ public class SSLEngineBadBufferArrayAccess {
try {
len = is.read(inbound);
if (len == -1) {
logSocketStatus(socket);
if (socket.isClosed()
|| socket.isOutputShutdown()) {
log("Client socket was closed or shutdown output");
break;
} else {
throw new Exception("Unexpected EOF");
}
}
cTOs.put(inbound, 0, len);
} catch (SocketTimeoutException ste) {
// swallow. Nothing yet, probably waiting on us.
@ -372,16 +353,13 @@ public class SSLEngineBadBufferArrayAccess {
closed = true;
/*
* We'll alternate initiatating the shutdown.
* We'll alternate initiating the shutdown.
* When the server initiates, it will take one more
* loop, but tests the orderly shutdown.
*/
if (serverClose) {
serverEngine.closeOutbound();
}
}
if (closed && isEngineClosed(serverEngine)) {
serverIn.flip();
/*
@ -403,6 +381,7 @@ public class SSLEngineBadBufferArrayAccess {
}
}
serverIn.compact();
break;
}
}
}
@ -450,7 +429,7 @@ public class SSLEngineBadBufferArrayAccess {
return;
}
SSLSocketFactory sslsf = sslc.getSocketFactory();
SSLSocketFactory sslsf = createClientSSLContext().getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) {
try {
sslSocket.connect(
@ -492,6 +471,7 @@ public class SSLEngineBadBufferArrayAccess {
InputStream is = sslSocket.getInputStream();
// write(byte[]) goes in one shot.
System.out.println("writing message to server.");
os.write(clientMsg);
byte[] inbound = new byte[2048];
@ -499,14 +479,16 @@ public class SSLEngineBadBufferArrayAccess {
int len;
while ((len = is.read(inbound, pos, 2048 - pos)) != -1) {
System.out.printf("Client read %d bytes. Waiting for %d from server.%n", len, serverMsg.length);
pos += len;
// Let the client do the closing.
if ((pos == serverMsg.length) && !serverClose) {
System.out.println("Closing the socket");
sslSocket.close();
break;
}
}
System.out.println("Read everything we're going to, I guess.");
if (pos != serverMsg.length) {
throw new Exception("Client: Data length error");
}
@ -527,7 +509,7 @@ public class SSLEngineBadBufferArrayAccess {
* Configure the serverEngine to act as a server in the SSL/TLS
* handshake.
*/
serverEngine = sslc.createSSLEngine();
serverEngine = createServerSSLContext().createSSLEngine();
serverEngine.setUseClientMode(false);
serverEngine.getNeedClientAuth();
}
@ -589,6 +571,15 @@ public class SSLEngineBadBufferArrayAccess {
return (engine.isOutboundDone() && engine.isInboundDone());
}
private static void logSocketStatus(Socket socket) {
log("##### " + socket + " #####");
log("isBound: " + socket.isBound());
log("isConnected: " + socket.isConnected());
log("isClosed: " + socket.isClosed());
log("isInputShutdown: " + socket.isInputShutdown());
log("isOutputShutdown: " + socket.isOutputShutdown());
}
/*
* Logging code
*/

2
test/jdk/sun/security/ssl/SSLSessionImpl/InvalidateSession.java
View File

@ -37,7 +37,7 @@ import java.util.*;
import jdk.test.lib.security.SecurityUtils;
public class InvalidateSession implements SSLContextTemplate {
public class InvalidateSession extends SSLContextTemplate {
static ServerSocketFactory serverSsf = null;
static SSLSocketFactory clientSsf = null;

2
test/jdk/sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java
View File

@ -34,7 +34,7 @@
import javax.net.ssl.*;
import java.net.InetAddress;
public class ClientSocketCloseHang implements SSLContextTemplate {
public class ClientSocketCloseHang extends SSLContextTemplate {
public static void main(String[] args) throws Exception {
System.setProperty("jdk.tls.client.protocols", args[0]);

147
test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java
View File

@ -1,147 +0,0 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
//
// Please run in othervm mode. SunJSSE does not support dynamic system
// properties, no way to re-use system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 8209333
* @summary Socket reset issue for TLS 1.3 socket close
* @library /javax/net/ssl/templates
* @run main/othervm SSLSocketBruceForceClose
*/
import javax.net.ssl.*;
import java.io.*;
import java.net.InetAddress;
public class SSLSocketBruceForceClose implements SSLContextTemplate {
public static void main(String[] args) throws Exception {
for (int i = 0; i<= 10; i++) {
System.err.println("===================================");
System.err.println("loop " + i);
System.err.println("===================================");
new SSLSocketBruceForceClose().test();
}
}
private void test() throws Exception {
SSLServerSocket listenSocket = null;
SSLSocket serverSocket = null;
ClientSocket clientSocket = null;
try {
SSLServerSocketFactory serversocketfactory =
createServerSSLContext().getServerSocketFactory();
listenSocket =
(SSLServerSocket)serversocketfactory.createServerSocket(0);
listenSocket.setNeedClientAuth(false);
listenSocket.setEnableSessionCreation(true);
listenSocket.setUseClientMode(false);
System.err.println("Starting client");
clientSocket = new ClientSocket(listenSocket.getLocalPort());
clientSocket.start();
System.err.println("Accepting client requests");
serverSocket = (SSLSocket) listenSocket.accept();
System.err.println("Reading data from client");
BufferedReader serverReader = new BufferedReader(
new InputStreamReader(serverSocket.getInputStream()));
String data = serverReader.readLine();
System.err.println("Received data from client: " + data);
System.err.println("Reading more data from client");
data = serverReader.readLine();
System.err.println("Received data from client: " + data);
} finally {
if (listenSocket != null) {
listenSocket.close();
}
if (serverSocket != null) {
serverSocket.close();
}
}
if (clientSocket != null && clientSocket.clientException != null) {
throw clientSocket.clientException;
}
}
private class ClientSocket extends Thread{
int serverPort = 0;
Exception clientException;
public ClientSocket(int serverPort) {
this.serverPort = serverPort;
}
@Override
public void run() {
SSLSocket clientSocket = null;
String clientData = "Hi, I am client";
try {
System.err.println(
"Connecting to server at port " + serverPort);
SSLSocketFactory sslSocketFactory =
createClientSSLContext().getSocketFactory();
clientSocket = (SSLSocket)sslSocketFactory.createSocket(
InetAddress.getLocalHost(), serverPort);
clientSocket.setSoLinger(true, 3);
clientSocket.setSoTimeout(1000);
System.err.println("Sending data to server ...");
BufferedWriter os = new BufferedWriter(
new OutputStreamWriter(clientSocket.getOutputStream()));
os.write(clientData, 0, clientData.length());
os.newLine();
os.flush();
System.err.println("Sending more data to server ...");
os.write(clientData, 0, clientData.length());
os.newLine();
os.flush();
} catch (Exception e) {
clientException = e;
} finally {
if (clientSocket != null) {
try{
clientSocket.close();
System.err.println("client socket closed");
} catch (IOException ioe) {
clientException = ioe;
}
}
}
}
}
}

102
test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketBruteForceClose.java Normal file
View File

@ -0,0 +1,102 @@
/*
* Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
//
// Please run in othervm mode. SunJSSE does not support dynamic system
// properties, no way to re-use system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 8209333
* @summary Socket reset issue for TLS 1.3 socket close
* @library /javax/net/ssl/templates
* @run main/othervm SSLSocketBruteForceClose
*/
import javax.net.ssl.*;
import java.io.*;
import java.net.SocketException;
public class SSLSocketBruteForceClose extends SSLSocketTemplate {
public static void main(String[] args) throws Exception {
for (int i = 0; i<= 10; i++) {
System.err.println("===================================");
System.err.println("loop " + i);
System.err.println("===================================");
new SSLSocketBruteForceClose().run();
}
}
@Override
protected void configureServerSocket(SSLServerSocket socket) {
socket.setNeedClientAuth(false);
socket.setEnableSessionCreation(true);
socket.setUseClientMode(false);
}
@Override
protected void runServerApplication(SSLSocket socket) throws Exception {
System.err.println("Reading data from client");
BufferedReader serverReader = new BufferedReader(
new InputStreamReader(socket.getInputStream()));
String data = serverReader.readLine();
System.err.println("Received data from client: " + data);
System.err.println("Reading more data from client");
data = serverReader.readLine();
System.err.println("Received data from client: " + data);
}
@Override
protected void configureClientSocket(SSLSocket socket) {
try {
socket.setSoLinger(true, 3);
socket.setSoTimeout(1000);
} catch (SocketException exc) {
throw new RuntimeException("Could not configure client socket", exc);
}
}
@Override
protected void runClientApplication(SSLSocket socket) throws Exception {
String clientData = "Hi, I am client";
System.err.println("Sending data to server ...");
BufferedWriter os = new BufferedWriter(
new OutputStreamWriter(socket.getOutputStream()));
os.write(clientData, 0, clientData.length());
os.newLine();
os.flush();
System.err.println("Sending more data to server ...");
os.write(clientData, 0, clientData.length());
os.newLine();
os.flush();
socket.close();
System.err.println("client socket closed");
}
}

122
test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketClose.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -37,123 +37,79 @@
import javax.net.ssl.*;
import java.io.*;
import java.net.InetAddress;
import java.net.SocketException;
public class SSLSocketClose implements SSLContextTemplate {
public class SSLSocketClose extends SSLSocketTemplate {
public static void main(String[] args) throws Exception {
for (int i = 0; i<= 10; i++) {
System.err.println("===================================");
System.err.println("loop " + i);
System.err.println("===================================");
new SSLSocketClose().test();
System.out.println("===================================");
System.out.println("loop " + i);
System.out.println("===================================");
new SSLSocketClose().run();
}
}
private void test() throws Exception {
SSLServerSocket listenSocket = null;
SSLSocket serverSocket = null;
ClientSocket clientSocket = null;
try {
SSLServerSocketFactory serversocketfactory =
createServerSSLContext().getServerSocketFactory();
listenSocket =
(SSLServerSocket)serversocketfactory.createServerSocket(0);
listenSocket.setNeedClientAuth(false);
listenSocket.setEnableSessionCreation(true);
listenSocket.setUseClientMode(false);
@Override
protected void configureServerSocket(SSLServerSocket socket) {
socket.setNeedClientAuth(false);
socket.setEnableSessionCreation(true);
socket.setUseClientMode(false);
}
System.err.println("Starting client");
clientSocket = new ClientSocket(listenSocket.getLocalPort());
clientSocket.start();
System.err.println("Accepting client requests");
serverSocket = (SSLSocket) listenSocket.accept();
System.err.println("Reading data from client");
@Override
protected void runServerApplication(SSLSocket socket) throws Exception {
System.out.println("Reading data from client");
BufferedReader serverReader = new BufferedReader(
new InputStreamReader(serverSocket.getInputStream()));
new InputStreamReader(socket.getInputStream()));
String data = serverReader.readLine();
System.err.println("Received data from client: " + data);
System.out.println("Received data from client: " + data);
System.err.println("Sending data to client ...");
System.out.println("Sending data to client ...");
String serverData = "Hi, I am server";
BufferedWriter os = new BufferedWriter(
new OutputStreamWriter(serverSocket.getOutputStream()));
new OutputStreamWriter(socket.getOutputStream()));
os.write(serverData, 0, serverData.length());
os.newLine();
os.flush();
System.err.println("Reading more data from client");
System.out.println("Reading more data from client");
data = serverReader.readLine();
System.err.println("Received data from client: " + data);
} finally {
if (listenSocket != null) {
listenSocket.close();
}
if (serverSocket != null) {
serverSocket.close();
}
}
if (clientSocket != null && clientSocket.clientException != null) {
throw clientSocket.clientException;
}
}
private class ClientSocket extends Thread{
int serverPort = 0;
Exception clientException;
public ClientSocket(int serverPort) {
this.serverPort = serverPort;
System.out.println("Received data from client: " + data);
}
@Override
public void run() {
SSLSocket clientSocket = null;
String clientData = "Hi, I am client";
protected void configureClientSocket(SSLSocket socket) {
try {
System.err.println(
"Connecting to server at port " + serverPort);
SSLSocketFactory sslSocketFactory =
createClientSSLContext().getSocketFactory();
clientSocket = (SSLSocket)sslSocketFactory.createSocket(
InetAddress.getLocalHost(), serverPort);
clientSocket.setSoLinger(true, 3);
socket.setSoLinger(true, 3);
} catch (SocketException e) {
throw new RuntimeException("Could not configure client socket", e);
}
}
System.err.println("Sending data to server ...");
@Override
protected void runClientApplication(SSLSocket socket) throws Exception {
String clientData = "Hi, I am client";
System.out.println("Sending data to server ...");
BufferedWriter os = new BufferedWriter(
new OutputStreamWriter(clientSocket.getOutputStream()));
new OutputStreamWriter(socket.getOutputStream()));
os.write(clientData, 0, clientData.length());
os.newLine();
os.flush();
System.err.println("Reading data from server");
System.out.println("Reading data from server");
BufferedReader is = new BufferedReader(
new InputStreamReader(clientSocket.getInputStream()));
new InputStreamReader(socket.getInputStream()));
String data = is.readLine();
System.err.println("Received Data from server: " + data);
System.out.println("Received Data from server: " + data);
System.err.println("Sending more data to server ...");
System.out.println("Sending more data to server ...");
os.write(clientData, 0, clientData.length());
os.newLine();
os.flush();
} catch (Exception e) {
clientException = e;
} finally {
if (clientSocket != null) {
try{
clientSocket.close();
System.err.println("client socket closed");
} catch (IOException ioe) {
clientException = ioe;
}
}
}
}
socket.close();
}
}

160
test/jdk/sun/security/ssl/SSLSocketImpl/SocketExceptionForSocketIssues.java
View File

@ -37,126 +37,84 @@
import javax.net.ssl.*;
import java.io.*;
import java.net.*;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
public class SocketExceptionForSocketIssues implements SSLContextTemplate {
public class SocketExceptionForSocketIssues extends SSLSocketTemplate {
private final CountDownLatch waitForClient = new CountDownLatch(1);
public static void main(String[] args) throws Exception {
System.err.println("===================================");
new SocketExceptionForSocketIssues().test();
}
private void test() throws Exception {
SSLServerSocket listenSocket = null;
SSLSocket serverSocket = null;
ClientSocket clientSocket = null;
try {
SSLServerSocketFactory serversocketfactory =
createServerSSLContext().getServerSocketFactory();
listenSocket =
(SSLServerSocket)serversocketfactory.createServerSocket(0);
listenSocket.setNeedClientAuth(false);
listenSocket.setEnableSessionCreation(true);
listenSocket.setUseClientMode(false);
System.err.println("Starting client");
clientSocket = new ClientSocket(listenSocket.getLocalPort());
clientSocket.start();
System.err.println("Accepting client requests");
serverSocket = (SSLSocket)listenSocket.accept();
if (!clientSocket.isDone) {
System.err.println("Waiting 3 seconds for client ");
Thread.sleep(3000);
}
System.err.println("Sending data to client ...");
String serverData = "Hi, I am server";
BufferedWriter os = new BufferedWriter(
new OutputStreamWriter(serverSocket.getOutputStream()));
os.write(serverData, 0, serverData.length());
os.newLine();
os.flush();
} catch (SSLProtocolException | SSLHandshakeException sslhe) {
throw sslhe;
} catch (SocketException se) {
// the expected exception, ignore it
System.err.println("server exception: " + se);
} finally {
if (listenSocket != null) {
listenSocket.close();
}
if (serverSocket != null) {
serverSocket.close();
}
}
if (clientSocket != null && clientSocket.clientException != null) {
throw clientSocket.clientException;
}
}
private class ClientSocket extends Thread{
boolean isDone = false;
int serverPort = 0;
Exception clientException;
public ClientSocket(int serverPort) {
this.serverPort = serverPort;
System.out.println("===================================");
new SocketExceptionForSocketIssues().run();
}
@Override
public void run() {
SSLSocket clientSocket = null;
String clientData = "Hi, I am client";
protected void configureServerSocket(SSLServerSocket socket) {
socket.setNeedClientAuth(false);
socket.setEnableSessionCreation(true);
socket.setUseClientMode(false);
}
@Override
protected void runServerApplication(SSLSocket socket) throws Exception {
try {
System.err.println(
"Connecting to server at port " + serverPort);
SSLSocketFactory sslSocketFactory =
createClientSSLContext().getSocketFactory();
clientSocket = (SSLSocket)sslSocketFactory.createSocket(
InetAddress.getLocalHost(), serverPort);
clientSocket.setSoLinger(true, 3);
clientSocket.setSoTimeout(100);
System.err.println("Sending data to server ...");
if (!waitForClient.await(5, TimeUnit.SECONDS)) {
throw new RuntimeException("Client didn't complete within 5 seconds.");
}
System.out.println("Sending data to client ...");
String serverData = "Hi, I am server";
BufferedWriter os = new BufferedWriter(
new OutputStreamWriter(clientSocket.getOutputStream()));
new OutputStreamWriter(socket.getOutputStream()));
os.write(serverData, 0, serverData.length());
os.newLine();
os.flush();
throw new RuntimeException("The expected SocketException was not thrown.");
} catch (SocketException se) {
// the expected exception, ignore it
System.out.println("Caught expected SocketException: " + se);
}
}
@Override
protected void configureClientSocket(SSLSocket socket) {
try {
socket.setSoLinger(true, 3);
socket.setSoTimeout(100);
} catch (SocketException exc) {
throw new RuntimeException("Could not configure client socket.", exc);
}
}
@Override
protected void runClientApplication(SSLSocket socket) throws Exception {
try {
String clientData = "Hi, I am client";
BufferedWriter os = new BufferedWriter(
new OutputStreamWriter(socket.getOutputStream()));
os.write(clientData, 0, clientData.length());
os.newLine();
os.flush();
System.err.println("Reading data from server");
System.out.println("Reading data from server");
BufferedReader is = new BufferedReader(
new InputStreamReader(clientSocket.getInputStream()));
new InputStreamReader(socket.getInputStream()));
String data = is.readLine();
System.err.println("Received Data from server: " + data);
System.out.println("Received Data from server: " + data);
throw new RuntimeException("The expected client exception was not thrown.");
} catch (SSLProtocolException | SSLHandshakeException sslhe) {
clientException = sslhe;
System.err.println("unexpected client exception: " + sslhe);
System.err.println("Client had unexpected SSL exception: " + sslhe);
throw sslhe;
} catch (SSLException | SocketTimeoutException ssle) {
// the expected exception, ignore it
System.err.println("expected client exception: " + ssle);
} catch (Exception e) {
clientException = e;
System.err.println("unexpected client exception: " + e);
} finally {
if (clientSocket != null) {
try {
clientSocket.close();
System.err.println("client socket closed");
} catch (IOException ioe) {
clientException = ioe;
}
}
System.out.println("Caught expected client exception: " + ssle);
isDone = true;
}
} finally {
waitForClient.countDown();
}
}
}

135
test/jdk/sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java
View File

@ -61,115 +61,7 @@ public class SigAlgosExtTestWithTLS12 extends SSLEngineTemplate {
private static final boolean EXPECT_FAIL
= Boolean.getBoolean("test.expectFail");
private static final String[] CA_CERTS = new String[] {
// SHA256withECDSA, curve secp256r1
// Validity
// Not Before: May 22 07:18:16 2018 GMT
// Not After : May 17 07:18:16 2038 GMT
// Subject Key Identifier:
// 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
"-----BEGIN CERTIFICATE-----\n" +
"MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
"ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" +
"MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" +
"MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" +
"LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" +
"A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" +
"MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" +
"6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" +
"2YEHlSQUAbwwqCDEVB5KxaqP\n" +
"-----END CERTIFICATE-----",
// SHA384withECDSA, curve secp384r1
// Validity
// Not Before: Jun 24 08:15:06 2019 GMT
// Not After : Jun 19 08:15:06 2039 GMT
// Subject Key Identifier:
// 0a:93:a9:a0:bf:e7:d5:48:9d:4f:89:15:c6:51:98:80:05:51:4e:4e
"-----BEGIN CERTIFICATE-----\n" +
"MIICCDCCAY6gAwIBAgIUCpOpoL/n1UidT4kVxlGYgAVRTk4wCgYIKoZIzj0EAwMw\n" +
"OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
"VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowOzEL\n" +
"MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" +
"dCBTZXJpdmNlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENVQN1wXWFdgC6u/dDdiC\n" +
"y+WtMTF66oL/0BSm+1ZqsogamzCryawOcHgiuXgWzx5CQ3LuOC+tDFyXpGfHuCvb\n" +
"dkzxPrP5n9NrR8/uRPe5l1KOUbchviU8z9cTP+LZxnZDo1MwUTAdBgNVHQ4EFgQU\n" +
"SktSFArR1p/5mXV0kyo0RxIVa/UwHwYDVR0jBBgwFoAUSktSFArR1p/5mXV0kyo0\n" +
"RxIVa/UwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjBZvoNmq3/v\n" +
"RD2gBTyvxjS9h0rsMRLHDnvul/KWngytwGPTOBo0Y8ixQXSjdKoc3rkCMQDkiNgx\n" +
"IDxuHedmrLQKIPnVcthTmwv7//jHiqGoKofwChMo2a1P+DQdhszmeHD/ARQ=\n" +
"-----END CERTIFICATE-----"
};
private static final String[] EE_CERTS = new String[] {
// SHA256withECDSA, curve secp256r1
// Validity
// Not Before: May 22 07:18:16 2018 GMT
// Not After : May 17 07:18:16 2038 GMT
// Authority Key Identifier:
// 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
"-----BEGIN CERTIFICATE-----\n" +
"MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
"ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" +
"MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" +
"MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" +
"QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" +
"xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" +
"SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" +
"1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" +
"-----END CERTIFICATE-----",
// SHA384withECDSA, curve secp384r1
// Validity
// Not Before: Jun 24 08:15:06 2019 GMT
// Not After : Jun 19 08:15:06 2039 GMT
// Authority Key Identifier:
// 40:2D:AA:EE:66:AA:33:27:AD:9B:5D:52:9B:60:67:6A:2B:AD:52:D2
"-----BEGIN CERTIFICATE-----\n" +
"MIICEjCCAZegAwIBAgIUS3F0AqAXWRg07CnbknJzxofyBQMwCgYIKoZIzj0EAwMw\n" +
"OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
"VGVzdCBTZXJpdmNlMB4XDTE5MDYyNDA4MTUwNloXDTM5MDYxOTA4MTUwNlowVTEL\n" +
"MAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0UgVGVz\n" +
"dCBTZXJpdmNlMRgwFgYDVQQDDA9SZWdyZXNzaW9uIFRlc3QwdjAQBgcqhkjOPQIB\n" +
"BgUrgQQAIgNiAARqElz8b6T07eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/w\n" +
"G8ASSevpgqgpi6EzpBZaaJxE3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEj\n" +
"iLjYmt3O0pwpklijQjBAMB0GA1UdDgQWBBRALaruZqozJ62bXVKbYGdqK61S0jAf\n" +
"BgNVHSMEGDAWgBRKS1IUCtHWn/mZdXSTKjRHEhVr9TAKBggqhkjOPQQDAwNpADBm\n" +
"AjEArVDFKf48xijN6huVUJzKCOP0zlWB5Js+DItIkZmLQuhciPLhLIB/rChf3Y4C\n" +
"xuP4AjEAmfLhQRI0O3pifpYzYSVh2G7/jHNG4eO+2dvgAcU+Lh2IIj/cpLaPFSvL\n" +
"J8FXY9Nj\n" +
"-----END CERTIFICATE-----"
};
private static final String[] EE_KEYS = new String[] {
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" +
"JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" +
"59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6",
"MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDASuI9EtK29APXPipkc\n" +
"qDA+qwlewMjv/OcjUJ77kP1Vz62oVF9iY9SRIyFIUju8wt+hZANiAARqElz8b6T0\n" +
"7eyKomIinhztV3/3XBk9bKGtJ0W+JOltjuhMmP/wG8ASSevpgqgpi6EzpBZaaJxE\n" +
"3zNfkNnxXOZmQi2Ypd1uK0zRdbEOKg0XOcTTZwEjiLjYmt3O0pwpklg="
};
private static final String[] EE_ALGS = new String[] {
"EC",
"EC"
};
private static final String[] EE_ALIASES = new String[] {
"EC-SHA256",
"EC-SHA384"
};
private static final Map<Integer, String> SIG_SCHEMES_MAP = Map.of(
0x0403, "ecdsa_secp256r1_sha256",
0x0503, "ecdsa_secp384r1_sha384");
private static final int TLS_HS_CLI_HELLO = 1;
private static final int TLS_HS_CERT_REQ = 13;
private static final int HELLO_EXT_SIG_ALGS = 13;
public SigAlgosExtTestWithTLS12() throws Exception {
super();
@ -178,36 +70,31 @@ public class SigAlgosExtTestWithTLS12 extends SSLEngineTemplate {
/*
* Create an instance of KeyManager for client use.
*/
public KeyManager createClientKeyManager() throws Exception {
return SSLContextTemplate.createKeyManager(
EE_CERTS,
EE_KEYS,
EE_ALGS,
EE_ALIASES,
getServerContextParameters());
@Override
protected KeyManager createClientKeyManager() throws Exception {
return createKeyManager(
new Cert[]{Cert.EE_ECDSA_SECP256R1, Cert.EE_ECDSA_SECP384R1},
getClientContextParameters());
}
@Override
public TrustManager createClientTrustManager() throws Exception {
return SSLContextTemplate.createTrustManager(
CA_CERTS,
return createTrustManager(
new Cert[]{Cert.CA_ECDSA_SECP256R1, Cert.CA_ECDSA_SECP384R1},
getServerContextParameters());
}
@Override
public KeyManager createServerKeyManager() throws Exception {
return SSLContextTemplate.createKeyManager(
EE_CERTS,
EE_KEYS,
EE_ALGS,
EE_ALIASES,
return createKeyManager(
new Cert[]{Cert.EE_ECDSA_SECP256R1, Cert.EE_ECDSA_SECP384R1},
getServerContextParameters());
}
@Override
public TrustManager createServerTrustManager() throws Exception {
return SSLContextTemplate.createTrustManager(
CA_CERTS,
return createTrustManager(
new Cert[]{Cert.CA_ECDSA_SECP256R1, Cert.CA_ECDSA_SECP384R1},
getServerContextParameters());
}

137
test/jdk/sun/security/ssl/SignatureScheme/Tls13NamedGroups.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -37,14 +37,7 @@
* @run main/othervm Tls13NamedGroups
*/
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.*;
import java.security.cert.*;
import java.security.spec.*;
import java.security.interfaces.*;
import java.util.Base64;
public class Tls13NamedGroups extends SSLSocketTemplate {
@ -56,8 +49,10 @@ public class Tls13NamedGroups extends SSLSocketTemplate {
}
@Override
protected SSLContext createServerSSLContext() throws Exception {
return generateSSLContext();
public SSLContext createServerSSLContext() throws Exception {
return createSSLContext(new Cert[]{Cert.CA_ECDSA_SECP256R1},
new Cert[]{Cert.EE_ECDSA_SECP256R1},
new ContextParameters("TLSv1.3", "PKIX", "NewSunX509"));
}
@Override
@ -66,123 +61,9 @@ public class Tls13NamedGroups extends SSLSocketTemplate {
}
@Override
protected SSLContext createClientSSLContext() throws Exception {
return generateSSLContext();
}
/*
* =============================================================
* The remainder is just support stuff
*/
// Certificates and key used in the test.
//
// Trusted Certificate.
static String trustedCertStr =
// SHA256withECDSA, curve prime256v1
// Validity
// Not Before: May 22 07:18:16 2018 GMT
// Not After : May 17 07:18:16 2038 GMT
// Subject Key Identifier:
// 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
"-----BEGIN CERTIFICATE-----\n" +
"MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
"ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" +
"MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" +
"MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" +
"LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" +
"A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" +
"MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" +
"6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" +
"2YEHlSQUAbwwqCDEVB5KxaqP\n" +
"-----END CERTIFICATE-----";
// -----BEGIN PRIVATE KEY-----
// MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd
// XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd
// LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp
// -----END PRIVATE KEY-----
// End entity certificate.
static String targetCertStr =
// SHA256withECDSA, curve prime256v1
// Validity
// Not Before: May 22 07:18:16 2018 GMT
// Not After : May 17 07:18:16 2038 GMT
// Authority Key Identifier:
// 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
"-----BEGIN CERTIFICATE-----\n" +
"MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
"ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" +
"MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" +
"MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" +
"QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" +
"xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" +
"SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" +
"1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" +
"-----END CERTIFICATE-----";
// Private key in the format of PKCS#8.
static String targetPrivateKey =
//
// EC private key related to cert endEntityCertStrs[0].
//
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" +
"JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" +
"59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6";
static char passphrase[] = "passphrase".toCharArray();
// Create the SSLContext instance.
private static SSLContext generateSSLContext() throws Exception {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// create a key store
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
// import the trused cert
X509Certificate trusedCert = null;
ByteArrayInputStream is =
new ByteArrayInputStream(trustedCertStr.getBytes());
trusedCert = (X509Certificate)cf.generateCertificate(is);
is.close();
ks.setCertificateEntry("Trusted EC Signer", trusedCert);
// generate the private key.
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(targetPrivateKey));
KeyFactory kf = KeyFactory.getInstance("EC");
ECPrivateKey priKey =
(ECPrivateKey)kf.generatePrivate(priKeySpec);
// generate certificate chain
is = new ByteArrayInputStream(targetCertStr.getBytes());
X509Certificate keyCert = (X509Certificate)cf.generateCertificate(is);
is.close();
X509Certificate[] chain = new X509Certificate[2];
chain[0] = keyCert;
chain[1] = trusedCert;
// import the key entry and the chain
ks.setKeyEntry("TheKey", priKey, passphrase, chain);
// create SSL context
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(ks);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
kmf.init(ks, passphrase);
SSLContext ctx = SSLContext.getInstance("TLSv1.3");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
ks = null;
return ctx;
public SSLContext createClientSSLContext() throws Exception {
return createSSLContext(new Cert[]{Cert.CA_ECDSA_SECP256R1},
new Cert[]{Cert.EE_ECDSA_SECP256R1},
new ContextParameters("TLSv1.3", "PKIX", "NewSunX509"));
}
}

147
test/jdk/sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,18 +32,17 @@
import javax.net.ssl.*;
import javax.security.auth.x500.X500Principal;
import java.io.*;
import java.net.InetAddress;
import java.net.Socket;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.concurrent.CyclicBarrier;
/**
* Check if the connection can be established if the client or server trusts
* more CAs such that it exceeds the size limit of the certificate_authorities
* extension (2^16).
*/
public class TooManyCAs implements SSLContextTemplate {
public class TooManyCAs extends SSLSocketTemplate {
private static final String[][][] protocols = {
{{"TLSv1.3"}, {"TLSv1.3"}},
@ -55,44 +54,54 @@ public class TooManyCAs implements SSLContextTemplate {
private final String[] serverProtocols;
private final boolean needClientAuth;
/*
* Used to synchronize client and server; there were intermittent
* failures on Windows due to the connection being killed.
*/
private final CyclicBarrier barrier = new CyclicBarrier(2);
TooManyCAs(int index, boolean needClientAuth) {
this.clientProtocols = protocols[index][0];
this.serverProtocols = protocols[index][1];
this.needClientAuth = needClientAuth;
System.out.printf("Testing%n\tclient protocols: %s%n\t" +
"server protocols: %s%n\tneed client auth: %s%n",
String.join(", ", clientProtocols),
String.join(", ", serverProtocols),
needClientAuth);
}
// Servers are configured before clients, increment test case after.
void configureClientSocket(SSLSocket clientSocket) {
System.err.print("Setting client protocol(s): ");
Arrays.stream(clientProtocols).forEachOrdered(System.err::print);
System.err.println();
@Override
protected void configureClientSocket(SSLSocket clientSocket) {
System.out.println("Setting client protocol(s): "
+ String.join(",", clientProtocols));
clientSocket.setEnabledProtocols(clientProtocols);
}
void configureServerSocket(SSLServerSocket serverSocket) {
System.err.print("Setting server protocol(s): ");
Arrays.stream(serverProtocols).forEachOrdered(System.err::print);
System.err.println();
@Override
protected void configureServerSocket(SSLServerSocket serverSocket) {
serverSocket.setNeedClientAuth(needClientAuth);
serverSocket.setEnableSessionCreation(true);
serverSocket.setUseClientMode(false);
System.out.println("Setting server protocol(s): "
+ String.join(",", serverProtocols));
serverSocket.setEnabledProtocols(serverProtocols);
if (needClientAuth) {
serverSocket.setNeedClientAuth(true);
}
}
@Override
public TrustManager createClientTrustManager() throws Exception {
TrustManager trustManager =
SSLContextTemplate.super.createClientTrustManager();
protected TrustManager createClientTrustManager() throws Exception {
TrustManager trustManager = super.createClientTrustManager();
return new BogusX509TrustManager(
(X509TrustManager)trustManager);
}
@Override
public TrustManager createServerTrustManager() throws Exception {
TrustManager trustManager =
SSLContextTemplate.super.createServerTrustManager();
protected TrustManager createServerTrustManager() throws Exception {
TrustManager trustManager = super.createServerTrustManager();
return new BogusX509TrustManager(
(X509TrustManager)trustManager);
}
@ -107,104 +116,42 @@ public class TooManyCAs implements SSLContextTemplate {
}
}
private void run() throws Exception {
SSLServerSocket listenSocket = null;
SSLSocket serverSocket = null;
ClientSocket clientSocket = null;
@Override
protected void runServerApplication(SSLSocket socket) throws Exception {
try {
SSLServerSocketFactory serversocketfactory =
createServerSSLContext().getServerSocketFactory();
listenSocket =
(SSLServerSocket)serversocketfactory.createServerSocket(0);
listenSocket.setNeedClientAuth(false);
listenSocket.setEnableSessionCreation(true);
listenSocket.setUseClientMode(false);
configureServerSocket(listenSocket);
System.err.println("Starting client");
clientSocket = new ClientSocket(listenSocket.getLocalPort());
clientSocket.start();
System.err.println("Accepting client requests");
serverSocket = (SSLSocket)listenSocket.accept();
if (!clientSocket.isDone) {
System.err.println("Waiting 3 seconds for client ");
Thread.sleep(3000);
}
System.err.println("Sending data to client ...");
System.out.println("Sending data to client ...");
String serverData = "Hi, I am server";
BufferedWriter os = new BufferedWriter(
new OutputStreamWriter(serverSocket.getOutputStream()));
new OutputStreamWriter(socket.getOutputStream()));
os.write(serverData, 0, serverData.length());
os.newLine();
os.flush();
} finally {
if (listenSocket != null) {
listenSocket.close();
barrier.await();
System.out.println("Server done");
}
if (serverSocket != null) {
serverSocket.close();
}
}
if (clientSocket != null && clientSocket.clientException != null) {
throw clientSocket.clientException;
}
}
private class ClientSocket extends Thread{
boolean isDone = false;
int serverPort = 0;
Exception clientException;
public ClientSocket(int serverPort) {
this.serverPort = serverPort;
}
@Override
public void run() {
SSLSocket clientSocket = null;
String clientData = "Hi, I am client";
protected void runClientApplication(SSLSocket socket) throws Exception {
try {
System.err.println(
"Connecting to server at port " + serverPort);
SSLSocketFactory sslSocketFactory =
createClientSSLContext().getSocketFactory();
clientSocket = (SSLSocket)sslSocketFactory.createSocket(
InetAddress.getLocalHost(), serverPort);
configureClientSocket(clientSocket);
System.err.println("Sending data to server ...");
String clientData = "Hi, I am client";
System.out.println("Sending data to server ...");
BufferedWriter os = new BufferedWriter(
new OutputStreamWriter(clientSocket.getOutputStream()));
new OutputStreamWriter(socket.getOutputStream()));
os.write(clientData, 0, clientData.length());
os.newLine();
os.flush();
System.err.println("Reading data from server");
System.out.println("Reading data from server");
BufferedReader is = new BufferedReader(
new InputStreamReader(clientSocket.getInputStream()));
new InputStreamReader(socket.getInputStream()));
String data = is.readLine();
System.err.println("Received Data from server: " + data);
} catch (Exception e) {
clientException = e;
System.err.println("unexpected client exception: " + e);
System.out.println("Received Data from server: " + data);
} finally {
if (clientSocket != null) {
try {
clientSocket.close();
System.err.println("client socket closed");
} catch (IOException ioe) {
clientException = ioe;
}
}
isDone = true;
}
barrier.await();
System.out.println("client done.");
}
}
@ -273,7 +220,7 @@ public class TooManyCAs implements SSLContextTemplate {
for (int i = 0; i < duplicated; i++) {
System.arraycopy(trustedCerts, 0,
returnedCAs,
i * trustedCerts.length + 0, trustedCerts.length);
i * trustedCerts.length, trustedCerts.length);
}
return returnedCAs;