stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8234728: Some security tests should support TLSv1.3

Browse Source 
Tests were updated to support TLSv1.3 and cipher suite order

Reviewed-by: xuelei
This commit is contained in:
Sibabrata Sahoo 2019-12-12 22:47:24 -08:00
parent 4fa827ec92
commit 94e8d6eca4
6 changed files with 615 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/java.base/share/classes/sun/security/ssl/CipherSuite.java
View File

@ -100,7 +100,7 @@ enum CipherSuite {
K_ECDHE_ECDSA, B_CC20_P1305, M_NULL, H_SHA256),
//
// Forward screcy cipher suites.
// Forward secrecy cipher suites.
//
// AES_256(GCM) - ECDHE
@ -271,7 +271,7 @@ enum CipherSuite {
ProtocolVersion.PROTOCOLS_TO_12,
K_DHE_DSS, B_AES_128, M_SHA, H_SHA256),
// AES_256(CBC) - using SHA, not forward screcy
// AES_256(CBC) - using SHA, not forward secrecy
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(
0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "",
ProtocolVersion.PROTOCOLS_TO_12,
@ -281,7 +281,7 @@ enum CipherSuite {
ProtocolVersion.PROTOCOLS_TO_12,
K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256),
// AES_128(CBC) - using SHA, not forward screcy
// AES_128(CBC) - using SHA, not forward secrecy
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(
0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "",
ProtocolVersion.PROTOCOLS_TO_12,
@ -319,13 +319,13 @@ enum CipherSuite {
ProtocolVersion.PROTOCOLS_OF_12,
K_RSA, B_AES_128, M_SHA256, H_SHA256),
// RSA, AES_256(CBC) - using SHA, not forward screcy
// RSA, AES_256(CBC) - using SHA, not forward secrecy
TLS_RSA_WITH_AES_256_CBC_SHA(
0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "",
ProtocolVersion.PROTOCOLS_TO_12,
K_RSA, B_AES_256, M_SHA, H_SHA256),
// RSA, AES_128(CBC) - using SHA, not forward screcy
// RSA, AES_128(CBC) - using SHA, not forward secrecy
TLS_RSA_WITH_AES_128_CBC_SHA(
0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "",
ProtocolVersion.PROTOCOLS_TO_12,
@ -464,7 +464,7 @@ enum CipherSuite {
ProtocolVersion.PROTOCOLS_TO_TLS12,
K_DH_ANON, B_RC4_128, M_MD5, H_SHA256),
// weak cipher suites obsoleted in TLS 1.2 [RFC 5246]
// Weak cipher suites obsoleted in TLS 1.2 [RFC 5246]
SSL_RSA_WITH_DES_CBC_SHA(
0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA",
"TLS_RSA_WITH_DES_CBC_SHA",
@ -486,7 +486,7 @@ enum CipherSuite {
ProtocolVersion.PROTOCOLS_TO_11,
K_DH_ANON, B_DES, M_SHA, H_NONE),
// weak cipher suites obsoleted in TLS 1.1 [RFC 4346]
// Weak cipher suites obsoleted in TLS 1.1 [RFC 4346]
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA(
0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
@ -518,7 +518,7 @@ enum CipherSuite {
ProtocolVersion.PROTOCOLS_TO_10,
K_DH_ANON, B_RC4_40, M_MD5, H_NONE),
// no traffic encryption cipher suites
// No traffic encryption cipher suites
TLS_RSA_WITH_NULL_SHA256(
0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "",
ProtocolVersion.PROTOCOLS_OF_12,
@ -554,14 +554,14 @@ enum CipherSuite {
ProtocolVersion.PROTOCOLS_TO_12,
K_RSA, B_NULL, M_MD5, H_SHA256),
// Definition of the CipherSuites that are not supported but the names
// Definition of the cipher suites that are not supported but the names
// are known.
TLS_AES_128_CCM_SHA256( // TLS 1.3
"TLS_AES_128_CCM_SHA256", 0x1304),
TLS_AES_128_CCM_8_SHA256( // TLS 1.3
"TLS_AES_128_CCM_8_SHA256", 0x1305),
// remaining unsupported ciphersuites defined in RFC2246.
// Remaining unsupported cipher suites defined in RFC2246.
CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006),
CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007),
CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b),
@ -571,18 +571,18 @@ enum CipherSuite {
CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f),
CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010),
// SSL 3.0 Fortezza ciphersuites
// SSL 3.0 Fortezza cipher suites
CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c),
CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d),
// 1024/56 bit exportable ciphersuites from expired internet draft
// 1024/56 bit exportable cipher suites from expired internet draft
CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062),
CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063),
CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064),
CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065),
CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066),
// Netscape old and new SSL 3.0 FIPS ciphersuites
// Netscape old and new SSL 3.0 FIPS cipher suites
// see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0),
CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1),

294
test/jdk/javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,143 +28,179 @@
/*
* @test
* @bug 7174244
* @summary NPE in Krb5ProxyImpl.getServerKeys()
* @ignore the dependent implementation details are changed
* @bug 7174244 8234728
* @summary Test for ciphersuites order
* @run main/othervm CipherSuitesInOrder
*/
import java.util.*;
import javax.net.ssl.*;
import java.security.Security;
public class CipherSuitesInOrder {
// supported ciphersuites
private final static List<String> supportedCipherSuites =
Arrays.<String>asList(
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
"TLS_DH_anon_WITH_AES_256_GCM_SHA384",
"TLS_DH_anon_WITH_AES_128_GCM_SHA256",
"TLS_DH_anon_WITH_AES_256_CBC_SHA256",
"TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
"TLS_DH_anon_WITH_AES_256_CBC_SHA",
"TLS_DH_anon_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
"TLS_DH_anon_WITH_AES_128_CBC_SHA",
"TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_SHA",
"TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDH_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_MD5",
"TLS_ECDH_anon_WITH_RC4_128_SHA",
"SSL_DH_anon_WITH_RC4_128_MD5",
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_DH_anon_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
"TLS_RSA_WITH_NULL_SHA256",
"TLS_ECDHE_ECDSA_WITH_NULL_SHA",
"TLS_ECDHE_RSA_WITH_NULL_SHA",
"SSL_RSA_WITH_NULL_SHA",
"TLS_ECDH_ECDSA_WITH_NULL_SHA",
"TLS_ECDH_RSA_WITH_NULL_SHA",
"TLS_ECDH_anon_WITH_NULL_SHA",
"SSL_RSA_WITH_NULL_MD5",
"TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
"TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
"TLS_KRB5_WITH_RC4_128_SHA",
"TLS_KRB5_WITH_RC4_128_MD5",
"TLS_KRB5_WITH_DES_CBC_SHA",
"TLS_KRB5_WITH_DES_CBC_MD5",
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
"TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
"TLS_KRB5_EXPORT_WITH_RC4_40_MD5"
);
// Supported ciphersuites
private final static List<String> supportedCipherSuites
= Arrays.<String>asList(
// TLS 1.3 cipher suites.
"TLS_AES_256_GCM_SHA384",
"TLS_AES_128_GCM_SHA256",
"TLS_CHACHA20_POLY1305_SHA256",
// Suite B compliant cipher suites, see RFC 6460.
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
// Not suite B, but we want it to position the suite early
//in the list of 1.2 suites.
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
//
// Forward secrecy cipher suites.
//
// AES_256(GCM) - ECDHE
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
// AES_128(GCM) - ECDHE
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
// AES_256(GCM) - DHE
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
// AES_128(GCM) - DHE
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
// AES_256(CBC) - ECDHE
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
// AES_128(CBC) - ECDHE
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
// AES_256(CBC) - DHE
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
// AES_128(CBC) - DHE
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
//
// Not forward secret cipher suites.
//
// AES_256(GCM)
"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
// AES_128(GCM)
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
// AES_256(CBC)
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
// AES_128(CBC)
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
//
// Legacy, used for compatibility
//
// AES_256(CBC) - ECDHE - Using SHA
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
// AES_128(CBC) - ECDHE - using SHA
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
// AES_256(CBC) - DHE - Using SHA
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
// AES_128(CBC) - DHE - using SHA
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
// AES_256(CBC) - using SHA, not forward secrecy
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
// AES_128(CBC) - using SHA, not forward secrecy
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
//
// Deprecated, used for compatibility
//
// RSA, AES_256(GCM)
"TLS_RSA_WITH_AES_256_GCM_SHA384",
// RSA, AES_128(GCM)
"TLS_RSA_WITH_AES_128_GCM_SHA256",
// RSA, AES_256(CBC)
"TLS_RSA_WITH_AES_256_CBC_SHA256",
// RSA, AES_128(CBC)
"TLS_RSA_WITH_AES_128_CBC_SHA256",
// RSA, AES_256(CBC) - using SHA, not forward secrecy
"TLS_RSA_WITH_AES_256_CBC_SHA",
// RSA, AES_128(CBC) - using SHA, not forward secrecy
"TLS_RSA_WITH_AES_128_CBC_SHA",
// 3DES_EDE, forward secrecy.
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
// 3DES_EDE, not forward secrecy.
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
// Renegotiation protection request Signalling
// Cipher Suite Value (SCSV).
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
// Definition of the Cipher Suites that are supported but not
// enabled by default.
"TLS_DH_anon_WITH_AES_256_GCM_SHA384",
"TLS_DH_anon_WITH_AES_128_GCM_SHA256",
"TLS_DH_anon_WITH_AES_256_CBC_SHA256",
"TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
"TLS_DH_anon_WITH_AES_256_CBC_SHA",
"TLS_DH_anon_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
"TLS_DH_anon_WITH_AES_128_CBC_SHA",
"TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
// RC4
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_SHA",
"TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDH_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_RC4_128_MD5",
"TLS_ECDH_anon_WITH_RC4_128_SHA",
"SSL_DH_anon_WITH_RC4_128_MD5",
// Weak cipher suites obsoleted in TLS 1.2 [RFC 5246]
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_DH_anon_WITH_DES_CBC_SHA",
// Weak cipher suites obsoleted in TLS 1.1 [RFC 4346]
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
// No traffic encryption cipher suites
"TLS_RSA_WITH_NULL_SHA256",
"TLS_ECDHE_ECDSA_WITH_NULL_SHA",
"TLS_ECDHE_RSA_WITH_NULL_SHA",
"SSL_RSA_WITH_NULL_SHA",
"TLS_ECDH_ECDSA_WITH_NULL_SHA",
"TLS_ECDH_RSA_WITH_NULL_SHA",
"TLS_ECDH_anon_WITH_NULL_SHA",
"SSL_RSA_WITH_NULL_MD5",
// Definition of the cipher suites that are not supported but the names
// are known.
"TLS_AES_128_CCM_SHA256",
"TLS_AES_128_CCM_8_SHA256"
);
private final static String[] protocols = {
"", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"
"", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"
};
public static void main(String[] args) throws Exception {
// show all of the supported cipher suites
showSuites(supportedCipherSuites.toArray(new String[0]),
"All supported cipher suites");
"All supported cipher suites");
for (String protocol : protocols) {
System.out.println("//");
System.out.println("// " +
"Testing for SSLContext of " + protocol);
System.out.println("// "
+ "Testing for SSLContext of " + protocol);
System.out.println("//");
checkForProtocols(protocol);
}
@ -189,7 +225,6 @@ public class CipherSuitesInOrder {
checkSuites(parameters.getCipherSuites(),
"Supported cipher suites in SSLContext");
//
// Check the cipher suites order of SSLEngine
//
@ -209,34 +244,34 @@ public class CipherSuitesInOrder {
// Check the cipher suites order of SSLSocket
//
SSLSocketFactory factory = context.getSocketFactory();
try (SSLSocket socket = (SSLSocket)factory.createSocket()) {
try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
// check the order of endabled cipher suites
ciphers = socket.getEnabledCipherSuites();
checkSuites(ciphers,
"Enabled cipher suites in SSLSocket");
"Enabled cipher suites in SSLSocket");
// check the order of supported cipher suites
ciphers = socket.getSupportedCipherSuites();
checkSuites(ciphers,
"Supported cipher suites in SSLSocket");
"Supported cipher suites in SSLSocket");
}
//
// Check the cipher suites order of SSLServerSocket
//
SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
try (SSLServerSocket serverSocket =
(SSLServerSocket)serverFactory.createServerSocket()) {
try (SSLServerSocket serverSocket
= (SSLServerSocket) serverFactory.createServerSocket()) {
// check the order of endabled cipher suites
ciphers = serverSocket.getEnabledCipherSuites();
checkSuites(ciphers,
"Enabled cipher suites in SSLServerSocket");
"Enabled cipher suites in SSLServerSocket");
// check the order of supported cipher suites
ciphers = serverSocket.getSupportedCipherSuites();
checkSuites(ciphers,
"Supported cipher suites in SSLServerSocket");
"Supported cipher suites in SSLServerSocket");
}
}
@ -250,7 +285,6 @@ public class CipherSuitesInOrder {
if (index <= loc) {
throw new RuntimeException(suite + " is not in order");
}
loc = index;
}
}

143
test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java Normal file
View File

@ -0,0 +1,143 @@
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.util.Arrays;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
/*
* @test
* @bug 8234728
* @library /javax/net/ssl/templates
* /javax/net/ssl/TLSCommon
* @summary Test TLS ciphersuites order set through System properties
* @ignore Not applicable until the cipher order of system property maintained.
* @run main/othervm
* -Djdk.tls.client.cipherSuites=TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384
* -Djdk.tls.server.cipherSuites=TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256
* SystemPropCipherSuitesOrder TLSv1.3
* @run main/othervm
* -Djdk.tls.client.cipherSuites=TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384
* SystemPropCipherSuitesOrder TLSv1.3
* @run main/othervm
* -Djdk.tls.server.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384
* SystemPropCipherSuitesOrder TLSv1.3
* @run main/othervm
* -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* SystemPropCipherSuitesOrder TLSv1.2
* @run main/othervm
* -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* SystemPropCipherSuitesOrder TLSv1.2
* @run main/othervm
* -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* SystemPropCipherSuitesOrder TLSv1.2
* @run main/othervm
* -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
* -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
* SystemPropCipherSuitesOrder TLSv1.1
* @run main/othervm
* -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
* SystemPropCipherSuitesOrder TLSv1.1
* @run main/othervm
* -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
* SystemPropCipherSuitesOrder TLSv1.1
* @run main/othervm
* -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
* -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
* SystemPropCipherSuitesOrder TLSv1
* @run main/othervm
* -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
* SystemPropCipherSuitesOrder TLSv1
* @run main/othervm
* -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
* SystemPropCipherSuitesOrder TLSv1
*/
public class SystemPropCipherSuitesOrder extends SSLSocketTemplate {
private final String protocol;
private static String[] servercipherSuites;
private static String[] clientcipherSuites;
public static void main(String[] args) {
servercipherSuites
= toArray(System.getProperty("jdk.tls.server.cipherSuites"));
clientcipherSuites
= toArray(System.getProperty("jdk.tls.client.cipherSuites"));
System.out.printf("SYSTEM PROPERTIES: ServerProp:%s - ClientProp:%s%n",
Arrays.deepToString(servercipherSuites),
Arrays.deepToString(clientcipherSuites));
try {
new SystemPropCipherSuitesOrder(args[0]).run();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private SystemPropCipherSuitesOrder(String protocol) {
this.protocol = protocol;
}
// Servers are configured before clients, increment test case after.
@Override
protected void configureClientSocket(SSLSocket socket) {
socket.setEnabledProtocols(new String[]{protocol});
}
@Override
protected void configureServerSocket(SSLServerSocket serverSocket) {
serverSocket.setEnabledProtocols(new String[]{protocol});
}
protected void runServerApplication(SSLSocket socket) throws Exception {
if (servercipherSuites != null) {
System.out.printf("SERVER: SystemProperty:%s - "
+ "getEnabledCipherSuites:%s%n",
Arrays.deepToString(servercipherSuites),
Arrays.deepToString(socket.getEnabledCipherSuites()));
}
if (servercipherSuites != null && !Arrays.equals(
servercipherSuites, socket.getEnabledCipherSuites())) {
throw new RuntimeException("Unmatched server side CipherSuite order");
}
super.runServerApplication(socket);
}
protected void runClientApplication(SSLSocket socket) throws Exception {
if (clientcipherSuites != null) {
System.out.printf("CLIENT: SystemProperty:%s - "
+ "getEnabledCipherSuites:%s%n",
Arrays.deepToString(clientcipherSuites),
Arrays.deepToString(socket.getEnabledCipherSuites()));
}
if (clientcipherSuites != null && !Arrays.equals(clientcipherSuites,
socket.getEnabledCipherSuites())) {
throw new RuntimeException("Unmatched client side CipherSuite order");
}
super.runClientApplication(socket);
}
private static String[] toArray(String prop) {
return (prop != null) ? prop.split(",") : null;
}
}

185
test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java Normal file
View File

@ -0,0 +1,185 @@
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.util.Arrays;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
/*
* @test
* @bug 8234728
* @library /javax/net/ssl/templates
* /javax/net/ssl/TLSCommon
* @summary Test TLS ciphersuites order.
* Parameter order: <protocol> <client cipher order> <server cipher order>
* @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED default
* @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED default
* @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED UNORDERED
* @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED ORDERED
* @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED default
* @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED default
* @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED UNORDERED
* @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED ORDERED
* @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED default
* @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED default
* @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED UNORDERED
* @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED ORDERED
* @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED default
* @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED default
* @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED UNORDERED
* @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED ORDERED
*/
public class TLSCipherSuitesOrder extends SSLSocketTemplate {
private final String protocol;
private final String[] servercipherSuites;
private final String[] clientcipherSuites;
public static void main(String[] args) {
PROTOCOL protocol = PROTOCOL.valueOf(args[0]);
try {
new TLSCipherSuitesOrder(protocol.getProtocol(),
protocol.getCipherSuite(args[1]),
protocol.getCipherSuite(args[2])).run();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private TLSCipherSuitesOrder(String protocol, String[] clientcipherSuites,
String[] servercipherSuites) {
this.protocol = protocol;
this.clientcipherSuites = clientcipherSuites;
this.servercipherSuites = servercipherSuites;
}
// Servers are configured before clients, increment test case after.
@Override
protected void configureClientSocket(SSLSocket socket) {
socket.setEnabledProtocols(new String[]{protocol});
if (clientcipherSuites != null) {
socket.setEnabledCipherSuites(clientcipherSuites);
}
}
@Override
protected void configureServerSocket(SSLServerSocket serverSocket) {
serverSocket.setEnabledProtocols(new String[]{protocol});
if (servercipherSuites != null) {
serverSocket.setEnabledCipherSuites(servercipherSuites);
}
}
protected void runServerApplication(SSLSocket socket) throws Exception {
if (servercipherSuites != null) {
System.out.printf("SERVER: setEnabledCipherSuites:%s - "
+ "getEnabledCipherSuites:%s%n",
Arrays.deepToString(servercipherSuites),
Arrays.deepToString(socket.getEnabledCipherSuites()));
}
if (servercipherSuites != null && !Arrays.equals(servercipherSuites,
socket.getEnabledCipherSuites())) {
throw new RuntimeException("Unmatched server side CipherSuite order");
}
super.runServerApplication(socket);
}
protected void runClientApplication(SSLSocket socket) throws Exception {
if (clientcipherSuites != null) {
System.out.printf("CLIENT: setEnabledCipherSuites:%s - "
+ "getEnabledCipherSuites:%s%n",
Arrays.deepToString(clientcipherSuites),
Arrays.deepToString(socket.getEnabledCipherSuites()));
}
if (clientcipherSuites != null && !Arrays.equals(
clientcipherSuites, socket.getEnabledCipherSuites())) {
throw new RuntimeException("Unmatched client side CipherSuite order");
}
super.runClientApplication(socket);
}
enum PROTOCOL {
TLSv13("TLSv1.3",
new String[]{
"TLS_AES_256_GCM_SHA384",
"TLS_AES_128_GCM_SHA256",
"TLS_CHACHA20_POLY1305_SHA256"},
new String[]{"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384"}),
TLSv12("TLSv1.2",
new String[]{
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
new String[]{
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}),
TLSv11("TLSv1.1",
new String[]{
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA"},
new String[]{
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA"}),
TLSv1("TLSv1",
new String[]{
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA"},
new String[]{
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA"});
String protocol;
String[] orderedCiphers;
String[] unOrderedCiphers;
private PROTOCOL(String protocol, String[] orderedCiphers,
String[] unOrderedCiphers) {
this.protocol = protocol;
this.orderedCiphers = orderedCiphers;
this.unOrderedCiphers = unOrderedCiphers;
}
public String getProtocol() {
return protocol;
}
public String[] getOrderedCiphers() {
return orderedCiphers;
}
public String[] getUnOrderedCiphers() {
return unOrderedCiphers;
}
public String[] getCipherSuite(String order) {
switch (order) {
case "ORDERED":
return getOrderedCiphers();
case "UNORDERED":
return getUnOrderedCiphers();
default:
return null;
}
}
}
}

6
test/jdk/sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,13 +28,15 @@
/*
* @test
* @bug 8148421 8193683
* @bug 8148421 8193683 8234728
* @summary Transport Layer Security (TLS) Session Hash and Extended
* Master Secret Extension
* @summary Increase the number of clones in the CloneableDigest
* @library /javax/net/ssl/templates
* @compile DigestBase.java
* @run main/othervm HandshakeHashCloneExhaustion
* TLSv1.3 TLS_AES_128_GCM_SHA256
* @run main/othervm HandshakeHashCloneExhaustion
* TLSv1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* @run main/othervm HandshakeHashCloneExhaustion
* TLSv1.1 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

200
test/jdk/sun/security/util/HostnameMatcher/NullHostnameCheck.java
View File

@ -39,27 +39,31 @@ import jdk.test.lib.security.SSLContextBuilder;
/*
* @test
* @bug 8211339
* @bug 8211339 8234728
* @summary Verify hostname returns an exception instead of null pointer when
* creating a new engine
* @library /test/lib
* @run main NullHostnameCheck
* @run main NullHostnameCheck TLSv1
* @run main NullHostnameCheck TLSv1.1
* @run main NullHostnameCheck TLSv1.2
* @run main NullHostnameCheck TLSv1.3
*/
public final class NullHostnameCheck {
public static void main(String[] args) throws Exception {
String protocol = args[0];
String password = "123456";
SSLContext serverCtx = SSLContextBuilder.builder()
.keyStore(KeyStoreUtils.loadKeyStoreBase64(
keystoreB64, password))
.kmfPassphrase(password)
.protocol("TLSv1.2")
.protocol(protocol)
.build();
SSLEngine serverEngine = serverCtx.createSSLEngine("localhost", -1);
serverEngine.setUseClientMode(false);
SSLContext clientCtx = SSLContext.getInstance("TLSv1.2");
SSLContext clientCtx = SSLContext.getInstance(protocol);
clientCtx.init(null, new TrustManager[] {
new X509TrustManager() {
@Override
@ -186,94 +190,102 @@ public final class NullHostnameCheck {
}
}
// Base64 of PKCS12 Keystore
static final String keystoreB64 =
"MIIQ6wIBAzCCEKQGCSqGSIb3DQEHAaCCEJUEghCRMIIQjTCCBgEGCSqGSIb3DQEHAa" +
"CCBfIEggXuMIIF6jCCAuwGCyqGSIb3DQEMCgECoIICmzCCApcwKQYKKoZIhvcNAQwB" +
"AzAbBBS7qnTOxJYV5At3migAiNAdPvKd7AIDAMNQBIICaMo0roH1TuZE1ARZtwCOXy" +
"F2sk4DmI6m1/CRdh6NeQzszJZH2701cEm0CES971IwobCNFo0+Er9tk1c+iXmMPJgM" +
"s1l/+7OpQCc/GRl2Nc7lQSj1Yvrq1CIQxC51hSrwNs0N9aCTavjKfJ7jk3k1+MNItU" +
"dMdwuIFK663NEH8Wm0D4njvIA9p3ehOLJWDi0ziFTcySyCbbWAL6HmJhzRlpakPpbp" +
"Ox68wfI2YgDpQwTq580TMEWz+9P1U07VmtfYlu9xjXQT/Ks1xzNrhbOyv+HLoE54qL" +
"RyhL36/fwCzlpCXCYokPUG2uziu8JiQyITYRpVhVcgR5m/rSMhVsj8HwUmIdlK2Irm" +
"kOqG2m6YPKRiq7eeCPskcf2Hh0H3pb6lxagSVQMb+qndIUhCvZoXL/oS2+1ngtMlXh" +
"ezjIEa5s2K+Kk8eV48Ydms5bW8Plqy20+0fgEClABF6QL4We4NaFJdl6DB0+KsxgUd" +
"ZHo4U7f3R6o971mAd/OACs4jzpA0/C3AKCbhBEh/nxnSPoxM0Ty3bLaK8LQnv+B2uo" +
"6TeypsxmGg4/kd6fymzrhWUJAFz7DjkO/32pDUXnUDa6CB+dZdUldPoOpviGl9ITfG" +
"apdnq8+B4y7lg/87OZbr99vyVBWtbATaNof3Y5PuNY5TTQ5y1u4gU+zO9qhRnjxSqb" +
"bXJYhKeOIJmXCgGerV1dFqcWfj163OtjTwwJ5VCrtgolTU+3eodARD86jkp1VRCtQ2" +
"M54zOND9mx9RM2ucOy41mgF2MyKIseN6+3665DtgDbN5H/pmmjR4/GSuuy4eJoGHvY" +
"OPy49P7o8xPjAZBgkqhkiG9w0BCRQxDB4KAG0AeQBrAGUAeTAhBgkqhkiG9w0BCRUx" +
"FAQSVGltZSAxNTQxMTg5MzQ5NTAxMIIC9gYLKoZIhvcNAQwKAQKgggKbMIIClzApBg" +
"oqhkiG9w0BDAEDMBsEFO1oLv/9BmQKRKpeUB/Q5FPzMZaPAgMAw1AEggJoxez71rvm" +
"pCMbF0MH3shCpy2LsHNnkyjQVTKBIqdHFmn1390gqRkUUlvaaLgpjNNFSVY/LMg+gK" +
"JEJW6kClerkFg1/fvMQDBr5ApGbACIWi7fN/qYjED0cY5eypnSKePUzR2uO254Qko4" +
"xc+Enx3+V0/O0eqwlzGq3Pmgq9vfyqPefG562tFQEmHyUMUTLg1m4rtUgG5bvtRIMl" +
"Vd6tgFA3JRb08USaJY3D+FQFb+zm/iIJ1KrHBgtBuJFLfaXqYo/fjjgIv0WiOIQmd1" +
"ygrfRp7AhCvqZu7IzKT3TWggfGHABfjgkRcVmCGsFCf1cXAJVzS1v4N2biY9tB9Q5Y" +
"iWZ0JglMHK+NfJu2+3UthyC3ugDeLTQTSbwfJv3ShcVFo7mVxJz2zPWJtDoXbORczm" +
"0tjMu8KztEpPhwH4nsoXJ60fMUDOAvYwr2t49CBRZ+b9rJB5QWWJ60ZrM5rsfNU5yJ" +
"RJYldqryD/T5UJEqRLK5X9N/DAszDFTDoTVFMwwuBv6yk/v9N999m4X77q75/d1y71" +
"sY9Aaj9gHKLSy1ZCsGoU2nt7A+Z+V9TNcmsM5aT+QpNdKvW99jI1T2XI7kHNJ+D0W3" +
"sD8dXlNA91na7/6HGM5dKQfZdk1zcUYg2lkDpyi3xzO2nzFvCaDfAqQqjuQtiXggWy" +
"RiNk+WC45GuUKP5F6fWWr871RjeVYezj5XoXWJ7x8J85SUMKiuQH3S2tRMcP2RtAS/" +
"D1aXdwuiVfLUMu9113dwpSwwmXcFASrt9VxXPNI8Aztu/YtqkONyQq50NChtYsykGA" +
"4ZUOuazkc1SLmIitNfBB9DFIMCMGCSqGSIb3DQEJFDEWHhQAcwBlAGwAZgBzAGkAZw" +
"BuAGUAZDAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNTQxMTg5MzUzNjg4MIIKhAYJKoZI" +
"hvcNAQcGoIIKdTCCCnECAQAwggpqBgkqhkiG9w0BBwEwKQYKKoZIhvcNAQwBBjAbBB" +
"S3KnmddxJSpicU3Pxyg8+NUl6deAIDAMNQgIIKMA0HSR92DBEs74SvbSTUrLeitduz" +
"wzkxQ2D8jO+eP7dC7L9nVVvfHDcalUfwah7fvriDgPKg/ws7vaPO6c4Q7RdzB3epvK" +
"7LqJlqseW0NxRGJXF9hvDOWk6me+3NyAy791C0R8oF/llujojwoR2Tw6DzTdov9c0p" +
"pwCACNtgeAtz3SEFlc/F4MwZKai0jdpakINJkD5H7Za8nyKu6pIITs1roy3Oq2HA4M" +
"XAnlnWh+8R9mloDBTJJMJYUOsn1VaFrYNFq3kr4oOMNINJvUCZL2LZgl5rmzgWSVs0" +
"VSZa7JUWx49rsrBeCi/SFwW5ryleK5uEtjXjtqjQxCjvLvRYV5HmPfv/ZGCP/vitHX" +
"dQ9gzxO/7RVQoxgE0dSx90jiGOEsmG8N9sDnNyS+GCc7pxJeW6NKc1h5YameCsqUGz" +
"V9FTfz2JdDpaPsGmHtvMTs8n3ncK9FOWeWhoNKhPnoMGHmfJGZgz282aTosggSZgh7" +
"FSvf3KfAmhcCj9+frE90jPvB4W8tPF0YnOrNgvByw2+bj7NCkZ0WBT2WrOSOoS/o2H" +
"zmErCJmyt6Su5sPEeTz+dnU0std6qCjsHtjo8Is8VnVVec2nbpeT+nd3RTCV71dViW" +
"42L3rRYxl80UpsUs3Fh0J+01EZkWmExCSZpYTKgPhYcYSwUrIVx9ukcCdUSpvS07bq" +
"hLfqWOVLfLs00VBr/mFWOqDBfy+qJMXEFYyYDBa/TlrIjzEbF4qKwIJiIxRcqYy0Ta" +
"CnMVvn8HlMeIMPJQaqdfDspxIdSdJWWZVbk9FnEDcMuSg8saON26HwieH+AsdnsZDR" +
"cZ6kT+bMPibCfnKLTmJYM0dq7abhdYj7GYcfRjwCeeK/PSxklqpsJ/1T/FeVweuQXz" +
"bhHatL5z8UmTV3WUE1Ww23K3sR701xh/Tx3HoZPjluSHZFuQCvhkOU6Fj5o7dYjJZc" +
"3l3n8wD3SY04ObfCedHe56NytvbXGp79en8Q6kluThWvS5tuNgR5UhMf5oeVi8H1++" +
"MeuCOz9MJMwBGe0JUkxijdI1YVHvspqXcQhjAL9BBPT/Q+iaQITzqPSVj/fSUbY147" +
"XrAGKS8/9iOV5gTVw2TiW1MKp3ubLjqc1YmIB3TRz+SIlAXg3tD4hl/8DXs0zDFLN0" +
"OJLslwQJNaiV0S0mndsVQ/qXiS0gfZldQcn1NmUCJNiy04aUNWR/wKgyLAk5DNPCjx" +
"RlStSK7RjrgIcyUO+4cf/nfV2ymaaeDtBSwLLhAr2syXlio1fQILIrSlmT2X7i4/7X" +
"1vzN0h78g3+NcWpCs+WnOZ1bu/nzVY7zL8rmHJCeOD37UMgxgW5s3sBvONCpUzyOoe" +
"raTalqk843CE223ovLgh+KRm/JXUlDMtDSpk+02Ve7ZoyqgI8vr6UBwWk6CjUJx21M" +
"ldkh6QZcK+weQg0Ml9t3czrKXlfQl62VIG6aqSRehSEa52k5IWrcVY6yauRfERfi6a" +
"zGSmn5kXlQZSJ1mDuss22Fp12n5Kn0MAwo7XHmnzasaD3rB57A+s/3zkgC0j2t/qYC" +
"VpcTq/7Hh7CirbUzVBaXn9CI5MYcbtL40KEE7/DKsjR0VTUtLRi9PnEX1D4zxWl45Y" +
"WJ0QO4icHmUS+bvz3i/N91kI+XKDjZmktsqpF+JRaooQe2wZsasnsCSm6tEx8rN/Ya" +
"iE3nEUTxeUdHudzT4mldgYL9jlOoubC+DvXilRPRboNRuF9djrfq1p+j4egC4FcjeR" +
"kISHIuVXVwcg6Iz9q5j3IAGBfRhXuZ70qyLMtuts4RE+Xy4SmOPnw2rObNhMcTBs9T" +
"wYIhrzv426xid908L4v3bUunlsCoDP6LzzMdE4g1OhKzralRqoYZcsLN6Jt5f/W8UY" +
"RFauTV8YFV3dBUpp9xhKJlYH+OtJY1gLrT2aaX8b96ruv1JTq1fKCReiB2/0MCPvHd" +
"Yz8+/P7YQTysaoDlTC7prQFvDEcz11D0+SmVi2yxNQZETMaMcX5QdqfO8omTPMtuE5" +
"jKgtBtmjq6GeNNJBSKySWtjp0J7jKMqmk2n9+9/RCv3e4IVEcZDOo71g5omtB5592w" +
"XEQqydg1yH5HFD/B7bgcuFAbr36UMdp6o4M8vek9HsI9K/+Q+2clecOabzNDsS4S8y" +
"vr0Kna4rluHwGT0QUp0SbRQRIKzSm7xye5CTxUrZ8cizQ5hQFBUFMr8OWRm0N1GalY" +
"TfPaGwX0sWdvhX4rrrGXpToRbUUqeSk1suiRMT8s1iluaoCpiN1Kq4cehFdlSpWv9c" +
"74Dktfk+kS8X+vCdoU3voPHiGQbxql0mcdSIboOKdCdzs5krl7GbnJZoYLIYpK/y87" +
"YUbOb1CiivlTNe4+KiamuEg44Y0zZ/Z+yWLb7QkpjoIiDObU/0oJKqHUeYL4ZjReus" +
"U014itt5jBMmVCBlhUWtHTmznJotjl45H6bVAX7cimbdoWDcmzWlgHM5lFP6IH/q+Q" +
"Gsgw+kRfbzX0dnYF0a6d5j02ZgSjJJZpQ5Df+qB9ZKteywXxApcv3FRVuz7A5v7yXR" +
"xUE8TQnLwOZgvwDu/pL90drEf0KXef8G/CEHQPB4HVCDzaUnhfSIUflsjtaFfuFq1U" +
"DHmmt5WrrTkWo5RRMUzWYcYn2QzBvzCRDTWdVTlXAJcYJ+KHeJlyxhlrEDu3ej4WUe" +
"BmkbiTQStUEUpk3IcTbzVLLtfS/pe3m0EmaU6nRkmfLxMfYtnDUgdghMy0Cltc3TKn" +
"9qFrBtY41qf8D5LGSrrmLVC1tnQv+hJC7hwiIQZ/2a5b5Bv67tcdzlEGRNT7uv0ID0" +
"Ig5MyPjvJtppNQfxhPbNbJvxWtmI1NvH4359d0vR/4yzxYq+BpCLpOXw3BreGE55J7" +
"xIvxeRb+Pws7A0xdbKHAwSUsEyPglxAkZCzftZin+MoEw8UnhXYWOPKf+k49TVAq7S" +
"Yi1mJxxzwkSkSw9AdhbalYi1Y17VVfHHcb9Ioh1Jdtq8iNqtO2GG+Gd4yGKaRjnQ03" +
"6YRWyffrMx6Lv/aEecMR1DASDuX0vVjfafKHAp+13VKVGsB6zPbzR4njAXhJxTC9qj" +
"RbG2ISl4xrgAy/gBCKqN+UaVGVYe5DdA22XOOfNkgRrfoqcdgajzp4v6hqr3kPh997" +
"89Ayxcov6OopEUBuy6wuPO2ezXRMw8snABq6YDlf36l2jugHbqUUOiiQ4jIPgZAp/S" +
"r+4i6wyH+wOIjn1pBn9GgqypWCjyj/uTIMiXiMe5TDzp7U9pJ7e/hWUGzm6wWuDQWB" +
"zLwAJNRtaaGV0UraI4ubOJVsvGym0PJ8elxCUgKo6cePkhwrVPcNKA19HgVj/3g0pa" +
"ZwYt5Yw2Gdydm0zadva7K/oVgVKRDmkQbwlavySW0xqU8Pul/V/HUSd32/4cpOmmol" +
"OjMo1vyn/iSMylG0s2SzTjZ4LlcwhaxjoIVpXo6MwPMh/vdlgQyZ/bjO9PMr9TYW6J" +
"aF2PnIKsRkzYfcn6xcQwPjAhMAkGBSsOAwIaBQAEFLddLgmJBuufBBi+JoHCaLDeTK" +
"RvBBTQP0GN26PaNdjOaE/AzK7bbhZGNAIDAYag";
// Base64 of PKCS12 Keystore
/*
* Certificate
* "signature algorithm": "SHA384withRSA",
* "issuer" : "CN=test, OU=test, O=test, L=test, ST=test, C=test",
* "not before" : "2019-12-05 12:43:23.000 IST",
* "not after" : "2049-11-27 12:43:23.000 IST",
* "subject" : "CN=test, OU=test, O=test, L=test, ST=test, C=test",
* "subject public key" : "RSA",
*/
static final String keystoreB64 =
"MIIQZwIBAzCCECAGCSqGSIb3DQEHAaCCEBEEghANMIIQCTCCCeUGCSqGSIb3DQEHA"
+ "aCCCdYEggnSMIIJzjCCCcoGCyqGSIb3DQEMCgECoIIJezCCCXcwKQYKKoZIhvcNAQ"
+ "wBAzAbBBSaZBiYmowTxFT4KJxZhMHTVOC9OQIDAMNQBIIJSBnoVGtJKPsoiSU095y"
+ "50x27NJQd727oJwMXqA8kdxCcE1tBowtO8P44ctSEvwJQlB7dR9PxHB6LcfCdMfpa"
+ "GObVCH1/6jHzhRolI9JMAfXlvliAHKZSjuQd2USw1Y65/+0VYvKslXGU4hWhGQWh2"
+ "ksUCBIIcC2A3sA3afF/JPrlfLCEbzYpcfAsv+Z7wEEr6YD11HIHfbOgu2/HU6phL2"
+ "RMJDK9iLgP9mu6FzRFk+93BSguWXfbeJyPlzA8dcTzkXDyfVDx4Wd+UExWq0fx179"
+ "b74MWkwEk76TowEkcGkrnugwOKnqBmyvmBkbl1827+ChZprZ3zGw69IkuRsdDSYGb"
+ "IWVAB/psB0zX3TvsKHcraZm34oNJdSNpYrS0OWA8lSm5NdcfTzi6WLxWwxz55PvZg"
+ "OP3pVyXmtAalyBujs6AOsLkJIMLGvWAYeD+72ook8fqpW7s5e/HA7MshXrlMMflpD"
+ "m708kK5VnfdgzQsAGr6YfOYOKnyhoqskmzDYccuSz59owKiuGMgHpum0zVE8yyVwb"
+ "esXfP3v7eiPuGvsxzq5DE6jaY4F+GoxdLbL4jDWocnWiZewnuYxQwd1vKIKTww/TG"
+ "8RObPUEB38+/LNpgb7+5Oap45rujygiPFWD9+mTzKkLGkM6ItRo4qOwtKAqbjPIVk"
+ "MDCovcr2TCrZfE8ZbQnU/q2LR5eC6ZpOMFNRZggm92n0+FmDuEKjR7lu2mQF4IDan"
+ "SiYgS1+nBhfG9pcNP3yCpwoBHIImtZX5GObKqgvMqQ746KXhv40xwnNqXGypBNKYN"
+ "jRJQmG2/m++2A6DUo+xCTNbD7g0pQbNOjKsGVMXUBTyDiyGqSUHH2EDxe37wcPVih"
+ "ezcv5L1X48y3tSVD9czhjCDJ54sd0B3+LoEXs5/0xYmMvQ74zUx6iwE87FZ/duMbs"
+ "N3dDWvIgqgjaoGnfRLy4lRRxYhn2/r1lesQtzNlZ3YkHZKmpgQkLm+yChFqxi7qm+"
+ "ec/y+GSTm+ascK1ju1NG3f/SUdl7KqZ/J7DnDfQwyg7jiY+QOcr7UNRSeddQozxu7"
+ "j07y/wiGX4z3+JSGBlnlWtOyLo5YERbheVHh1LfCSM4KQDcjxUnIlmsCqILwDYbVm"
+ "aNJ3crkU22I5IVFcoF30v7gvMj4VFXcBYPCSJrkqNIIgZs6YPYwht3akquIz2ovXV"
+ "CqD3TH527dBRAgpeZNs3/L8xCaYiHNUKXv9CRaHVQMTKk9zi3CTJoKo5TCsWR8l9h"
+ "cJpcQnmNs5Jv9Jnq/zoet230r3iHkiGNAoXTlekqSER7vBVLHwPY7rogXP6WyAi67"
+ "AYK/B5iVQcplEHs3n+MeZJgj9C7S0Zslxmym0mWw7l+4YjvyX+RGJVUvk+3TkWO8E"
+ "WHKOX1+hQH9RBbcNqH4FeRZrh3P8wZQDMFfcr3vD0tLAnuqdMy+qAPA+kKWpu5K0D"
+ "0W/ifEizq4Zf8VyzYU6UZaAQbloJadSkruXIwvUpHBZ+M8MHQ2AmRNd0vwyTBlhOI"
+ "CzWU5E5OXtW/f5jA/ugl7PSqjwe5IYTsZaYstKqqZJMIPTzB/IxPtzVyoN15fG9GR"
+ "kk43U6HPS9SdeVTGVmNLn6SM8keLo1yUh5BZ0J0b+K/7C1GfJeNxcv0lGpkrh5wWc"
+ "ABzJ86+3daky6+aR6ldY2CF7mr/dcc3MnjgDNnx86wYIysC3HOkhgyIXD28+O1aTY"
+ "oAvlmidNC9wb2/JJk7cHQatL02LG4/ql5GQ+dS1wOU7S1MVVGYDlZ7uiFmKPqC1Tv"
+ "qVxQnBqPnggKSLWucVKFcjsvXKasMvRl99f4Y7qRAjgM6EHa7rNyWIflRe6ZLNBlj"
+ "16mW293a4FL1jTosNlZoCN8xb1zDdb/NCISqkX6/sq7wDOn4t+m+78ckof4GNmTOM"
+ "WSaRDJIuLM9c1stLHpcyif37oZum86FnB9Zw9qlQGdgLYnRPeZXV1rZuC1L9fugCN"
+ "M4WcUQ20fmPOgyO4RGLsxCbZZJBJj0y7CAMthepMnzaEO9Z2O9BFaM4zpL2ng7GvO"
+ "a26DQiHO5RFVjUpslUdmPuX7U5xkRfjJ025pqTvHVLfzWmsU53ZbkgiJ/0xxa1Emd"
+ "5y0X2keTVfm7q5duNVVN1A6r50++RANI7NJaSLFTMm8Y5P79g4o7UmtCLSesUdTsF"
+ "8swVR5slE3O7ErNr3drLfYVEF9FaB7vcuMDqxCNuahX8TCMJg0vqpO8+EXRNkieb9"
+ "KSgcLD5WRjzGm7e/B5uACxWc50iY6lYvIVW5Itot95OHWZ5xdq3a3fIIb4MDQ2/nx"
+ "lozhRHaHTBI9GAwy1/XcDJWMr+tI9rLGCB7hX8dVqNtYO93/oF3gvBiiNSw5qmUQ2"
+ "qxepZEih5KfhHAVq44RbQMiBA5E2bVBisuNTPUAaA/Fzzsvky8vBq/M5usy8+RXj6"
+ "m+mSZCUPpSTTunIUnu0bRLb2inccthEielCThk1FLKQCLSpsAo1h7kzuNJIeeJSCM"
+ "cWXpZEURziXwE5KCl3jcY+dOLLMEI05F/UyRwZ/k1a2qW78Bc3DivIh2w/4ZBAS9q"
+ "hERIY52y8VcnJ/+/7u45bnpIjkJShZTM1qmzgDCHQa/G5OpnqtI2nDPSNzOpTWA47"
+ "6+AH0ZQoUKxHt6MJP3QLpnrw6xPSE2gR19KRvFZr0NtGJ+SPy418eFYMtJgPvOyI4"
+ "XwYYCLrmMCkSGrqfbhwKK6rgYMVDg0fsBT1OAZGKD8QM51hXFt8p0HQS0UuddwCTA"
+ "/KwyIt6Iw7Leb70yoTEJz3CVU4X4faohXV48gNtZhquawRDvqyBSFS5F8M4s/pJZK"
+ "C5UY3MXifF1+LhSXjdQK7RwNs9XcCbIy+6Fi2wAKDX9MasXnzfzFVuQq1XtMoPVVS"
+ "9gSqWXGbYuadDIto3gGIKUt3BT9nj/B0J/ENqlSsGsT0+fiya+p5thXOkI8r7X82P"
+ "SxV0048QnP7cbuDG97AjOOAcEMsBdCrF3jWGYNd1nK7eKQ8DCrXEKoQhY0IY2sHpU"
+ "5Cu24KW9M1RwIb/XtOEBun89edaKhfk1uDLlvgQ4huYDmfcu4Ebh6DRbHzwSNMK17"
+ "qDgp8/mbAui0ATZBW7bTQNw3WMS0ltbdCj0ki28Udg1udYY6r6wwWkXE/mccgbXz0"
+ "L3g72JfEIO/A56+rFubofZCHuf5AVkDE8MBcGCSqGSIb3DQEJFDEKHggAdABlAHMA"
+ "dDAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNTc1NTMwMDAzMjk3MIIGHAYJKoZIhvcNA"
+ "QcGoIIGDTCCBgkCAQAwggYCBgkqhkiG9w0BBwEwKQYKKoZIhvcNAQwBBjAbBBRZLo"
+ "kYmrJuiANzYxRFL9HmSVKYhQIDAMNQgIIFyPEfYqIJqAd13B5D4EFLs7VrUNaWoeO"
+ "XNRVl5da6N7gMlG5gVpPRjRUCHyaBB066ZdGEquwkidgCdIAfIolcnyGv7a7PZvZM"
+ "bJ8AUXjkf9q7zp0Uwc0k4zQ3Nmev5QxSx+f33J+AOQT4T1CRMxwpNOwrtzRoNVZFD"
+ "oTCnxHBdTvmbCcuMsHYZQk+vLQpud4dI1AKccExjOc86ZAne2Df37LHB/2gxElSOn"
+ "G9VkdIlKHLPbrk4JNcNSZs3VOOi3tEwAlBx9Xllg95aH3ziBPYKgk/u6M567tEnoH"
+ "PDiss9+WeNJP9Tgsc6WPu33GTNxtxSLx4mffR3x0upSbFvhIP4t07aCtOZVwD/Hdw"
+ "VmptatFvVSMiQSM1vf89zjAvdK3UFXTr/jDze4tF35y/UTlor8sbINQy3dZCEpCim"
+ "G1MfDdSG+K5BZoHTny5bG2YM8a9EHtmZfq4i3GJE85M652UVlVDgDnk+PhgyIFWuJ"
+ "6KFgWjUWio6RRhRvcTCJbk5soV+IFa4BppNMako9W8B2UvqIIV2XrxvFEh4QFkpsW"
+ "13qEUGp33qUkAPhuz/NJ4InVh29CGSBnoWprIL/dKwdbTGudlrjnMs6pwURmlWVcJ"
+ "FuPJFsBpyCQEeAtKS7TXaVJOTkfHdX4tYgN5SxEA0EGoddrKgWu48Dj1u2oC7ruZ9"
+ "6J0zznFIr4FzBobv/woWx66EnCWyQLqjSCxipYeer+7ARDmHwgyj+CvgMsfkLa1VL"
+ "LhFDDj0Efdt9IdKj4Nnhh+r9WkNsr+HGiwSgCDn/Hk1AWSvlxxsqFrUBCi6NMSG2l"
+ "sM4MzCTrT47dJDPS0go0jIS5E4o3Hc/GMUlhaQaQX8iYaZQk4k1/OsRDoui+FuViU"
+ "wIVuAne6AQhgy+9KMzmcgByFxAAoo5b0fDy/PgSG+C3wSs6brFmJIOw1exUIf2E/m"
+ "9ATce4vT3CYKLvhk6dmHDK5jSvTrBU4njGVEW8DlW+GSf8jqABDW/PcAf0Y6T0hqv"
+ "zTuWlpxv2O3QLeVbDTrIEe1bgRz8HaaiHznXe8oUbCC1xw5FaSAjXJLX0mlKtQ48z"
+ "xdimSM7B4Pa6iz2q0m8PRzPaad+VyqD3xp53FaR3K9vNT0PXQwJIDZzxl3gYFisbN"
+ "1KxUDtppnkrBwQx9iPH7zQvbNTQiyoUYnF4sAkECIduh/K+ZIAM8zGJH7NTNIrkK/"
+ "piehq5/fVAXCr/tdSWeg88gsn0HjNRChuqYz1yFBaQvgMLQ7h/C7k0GP/l2pcUxr8"
+ "/zDkFr1FFiUN9e2E0nlCO/FUxFZ3PO25D0ZrjAN7h4WLCybClC+Fdy+RhLAtK7Vuz"
+ "zHwBMPNMMvlreXrSv/EE/37oN5OqA8YrDlPpiDuETS6xPkwkJti/ifrwzvakhBUbB"
+ "dVd0De2QNctDQBnCFVb1lybbUtSF1Ol5Klcjt7UhFyq0ZkoVXhP2YqEJ7yLOaIKCk"
+ "AdjOwCtb01L83/LhounfQLxIG8S2SQwMyxYua6k9BpQLJA36y2uu4+3OZIO4JRura"
+ "drfjN6hGkGam8EvxM8UwrC//TDOHJUEy3IgNV4B4EJWs9lFTL9PO+kBlRFSeL5Son"
+ "jLB/qZC+i8ssJ8oFkIrl+X7rRcooosbVaNvFIR2FpGCdx8bGoFV6pkfwpJ0hO4dOP"
+ "nzFm24vBa6UrftojK/z234/h3W0yZScR5CvoSoU+tn1+3G3Q6a4+hdMwF6WjyO3Ne"
+ "xfMRSvMkAqOqHiptdnz7QDQ7LgGIF6igtGEIpKo4urPAg+RnwqKG6NIYOA32QmU35"
+ "B4+EJhhYZNINZm0NR5ZM0t9BpUiv6DGl8yZiRX1x4Nu35CLlAT8hWSqgMpb8mw5SQ"
+ "rQ4dNggVaJ9lO1j1G4hV6umuyX6L1wtOyeQ9aNg3hIZGLPe4pkzahqI2KKlPWpksm"
+ "MJVIi5WmlvEmFC/UkkUUICjo3KzKPHq7bYmdmDDNLwf9jOeAfq/UNxu4nO8wPjAhM"
+ "AkGBSsOAwIaBQAEFJrJtKCo0WZ7ewFOiudk30HHA6e0BBRXe6IQoFcDFIzKAyXokh"
+ "y3daZV4AIDAYag";
}