John Jiang 06befcd14a 8219723: javax/net/ssl/compatibility/Compatibility.java failed on some SNI cases
Re-generates RSA and ECDSA certificates and set longer validity period

Reviewed-by: xuelei
2019-02-28 13:37:03 +08:00

414 lines
27 KiB
Java

/*
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* The certificates and corresponding private keys used by the test.
* All of certificates uses relative weak key size and hash algorithm, then
* all JDK releases can load them. Accordingly, a custom java.security file is
* provided to make sure such weak key sizes and algorithms are not blocked by
* any JDK build.
*/
public enum Cert {
// This certificate is generated by the below command:
// openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 \
// -pkeyopt rsa_keygen_pubexp:65537 -out key.pem
// openssl req -x509 -new -days 7300 -key key.pem \
// -subj "/CN=RSA-2048-SHA256" -sha256 -out cer.pem
RSA_2048_SHA256(
KeyAlgorithm.RSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIIDFTCCAf2gAwIBAgIUe8nlNUPJa9Iy57Cy5JM49bCzWdkwDQYJKoZIhvcNAQEL\n" +
"BQAwGjEYMBYGA1UEAwwPUlNBLTIwNDgtU0hBMjU2MB4XDTE5MDIyNzA3NDkwMVoX\n" +
"DTM5MDIyMjA3NDkwMVowGjEYMBYGA1UEAwwPUlNBLTIwNDgtU0hBMjU2MIIBIjAN\n" +
"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Clo5Prh1AdHSdM7G85B6K20bjSn\n" +
"bydcWxa7vQDEgFid1Ne8XRbugv5i8I7kGv2sTl99fopHeJcXHJvQGg7KVPgZqH0Z\n" +
"S7ZImlT5f4FYFj8sKnM5wx2P2AxcbO8ktSox0qIgtsHsCd7SusczylqEvSUrcqEe\n" +
"V58LtoWH+trsWoSBDlHRew2eD6ZGyQTM8VFqbt9oF2XXW22JiuP+cSvb+p5qSCy5\n" +
"dGpdPCJpPB/9HpChZl/r+VsqpbHwUPEVu9/FG0SVjpcqvJojYrgglb1PvJxLqceN\n" +
"DPOirwxnnEdiu5j0xC6RhOkbcxTGtS0VgEEC1+HyY+KeauZJOrw2x1ZmxQIDAQAB\n" +
"o1MwUTAdBgNVHQ4EFgQUSSj0EFZWTSFr91nTUE2MrJdrJGowHwYDVR0jBBgwFoAU\n" +
"SSj0EFZWTSFr91nTUE2MrJdrJGowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B\n" +
"AQsFAAOCAQEAW9uuS2ZpG1ytpNA0g20m29R/DVSnygdfp8r/xeaWgdol4H2syPzg\n" +
"xok3PLkxkSpBv6CgIPXBzy/iXSMlkX0mUKEO3aQnJ8MoZ5Tzu3Bkp2fTugRQuTRi\n" +
"iNWQjsMoupsrTXIZhJ64jkDCnlFADPAdvVqQV01yZcKW98sj3TyaT7TJuYX9mU+V\n" +
"OuICkS1LE5NssuyLodxpfqpjBMtVovSKZ57JvO36G6riftnjr3FBf8ukWFK2/UfP\n" +
"DaHyFQ+NewbjPy7N+taFlLHS7ELwZVQQ42t8JeHRuF5IVvlp1UjTgXC5NuhOBwQY\n" +
"2dXFFroT0vXetn7Fr51zENPP3/TGeaoQnw==\n" +
"-----END CERTIFICATE-----",
"308204be020100300d06092a864886f70d0101010500048204a8308204a40201" +
"000282010100d42968e4fae1d4074749d33b1bce41e8adb46e34a76f275c5b16" +
"bbbd00c480589dd4d7bc5d16ee82fe62f08ee41afdac4e5f7d7e8a477897171c" +
"9bd01a0eca54f819a87d194bb6489a54f97f8158163f2c2a7339c31d8fd80c5c" +
"6cef24b52a31d2a220b6c1ec09ded2bac733ca5a84bd252b72a11e579f0bb685" +
"87fadaec5a84810e51d17b0d9e0fa646c904ccf1516a6edf681765d75b6d898a" +
"e3fe712bdbfa9e6a482cb9746a5d3c22693c1ffd1e90a1665febf95b2aa5b1f0" +
"50f115bbdfc51b44958e972abc9a2362b82095bd4fbc9c4ba9c78d0cf3a2af0c" +
"679c4762bb98f4c42e9184e91b7314c6b52d15804102d7e1f263e29e6ae6493a" +
"bc36c75666c502030100010282010028f1f4f47c16a93cde5d390ee746df2170" +
"a4a9c02fb01c008ef3cc37a5b646aed387083baa1b8adc6d0bdb3138849d006b" +
"ffb1d0820f590e8fbf4db2d3d496e7df19d4929017348ebe7a37cc8bc1dc4944" +
"d4cc781157db32eeefc7763fb756f55699438701d5f3f1b4e9a7182fad5880c8" +
"73a223c61f52ea87c72d7f14511906af61d7fa190b02854471d4bdb77dac34ef" +
"46a3af3f39dff1c8844cad7f74f9936fbcc22bed6b139f47dc215048ddf02f60" +
"a24703b292be106ea4f01ec0839466666d9c3dc8488b353dccdd5f90bd4b5bb9" +
"4493b7da219ec4962fe6a427f6d69e2764065212c5accdbed3aa36a18d540e55" +
"192e63db9f6bdfc90ec52b89714d0102818100f7c35a70ee7d6aabd7feb590f6" +
"30ce9c28299f3431ebcd3c89ec9424cf68c626ee4f6ff0748ffc0ad810a9f6dd" +
"2b203c8fa7f516483545822e6c963b9f6a1687aca663be061aadcca920b09699" +
"bd7d2e8973bafe9ef11e19a27c10befe3e8919c141d04e5aab2990cc061c6798" +
"5d3da742a3c8c62b68a8ccb4af21c1c935bdcd02818100db37101251d805b8d6" +
"12749d8780cce9e4ff8fc58313e4192fbf9018dc2a8875beff70ea2ebaa24058" +
"d3de6eab4be66b0bb81c04f0fa29bad0f787776ed2e6ab7b7d9814ce7721cadd" +
"cc3f500ddfd73ae9def4d92a79e4a1662da16dbfc52d60507308286cf592ed8b" +
"9911089c4ec7dba3fcd64926b55d137d41f6de454694d902818100af6b582077" +
"2ac318d2401bcb7c13886555a64a7b09115be98df9bbd5e827d58c00d4ab7bc2" +
"fba2c706bd9da9146491596f98ca553160ce4ae295ad349fa4dc38c94bb178fc" +
"176d9066faa72ca9c358db572462741e92b6ee0d75ebe15e5f66709ebcfb404e" +
"bfbb1932eaecb7885013f3d5a1e2e83419d0d1c6e7ec6da9096ccd0281810099" +
"81fc922797f3a1d4dec5a4ce8fc66effba6aae7034cca54a8785dbb2c96217ba" +
"315c9bd12f469172e2a2bfb2da8ab769547ae286f157a987cddea2270c2f15e4" +
"7b35b554439e79564a4207c83f7893bbd43277a4c408f370ff012d3e7e506142" +
"d4dae09c3477b83aea6c40305d069d6b3f91bb560ce8e9cdec1478dfe0263902" +
"818002b66c71380142c3e606bfc598b4060f6833ac80e16d08aea40f4837191d" +
"34a3c85b91c3043c6ebb2c651a7fbb89539f5621820f792a5279a947c51f47b7" +
"1b6051c5a81d2d1c30dfa1f93cb57af1d7ee7862e8d90e33bd5c80f14aa9471b" +
"a2ea7aacddbb44d1a5e60f5fac437ca50cd56e237936fd3e9d034efc3e3c6710" +
"4c08"),
// This certificate is generated by the below command:
// openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 \
// -pkeyopt rsa_keygen_pubexp:65537 -out key.pem
// openssl req -x509 -new -days 7300 -key key.pem \
// -subj "/CN=EXAMPLE" -sha256 -out cer.pem
EXAMPLE_RSA_2048_SHA256(
KeyAlgorithm.RSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIIDBTCCAe2gAwIBAgIUD+8I14TmOfEfxtD6hgnhhK8ARCAwDQYJKoZIhvcNAQEL\n" +
"BQAwEjEQMA4GA1UEAwwHRVhBTVBMRTAeFw0xOTAyMjcwODAzNDhaFw0zOTAyMjIw\n" +
"ODAzNDhaMBIxEDAOBgNVBAMMB0VYQU1QTEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" +
"DwAwggEKAoIBAQChKYq85df7kUnf35qAfxW/OnqCgn/5FNwlWAwHLlEiHpK+k7jD\n" +
"8S6LVbw55I/4J3lehIHcIapGdmqh9ijUc2aNxTJ33z+/TTu2n+KlWmGj0G7ovTXk\n" +
"TbWptdgk5ro8DCr8I8YcvwdLekwH4AkRL6jSyiqsqlGZYLIxDd4l0CwSt5orbu/y\n" +
"+2UtM4DEOEswrxdP9UAd+W0On4AWaFIEbfuFaLZXHadvKxidnaCmudOJry6NjFWn\n" +
"+3PmIWNhZJitD0gq8FG3pvY502fLqHX95pigWCkDtrDNiqReXgVvZFWPaSMs065y\n" +
"n2ClShbzTs8pqJp8oBde9Iwi3RKwkew8I2iJAgMBAAGjUzBRMB0GA1UdDgQWBBTL\n" +
"3w5XucuEre5nQiaKnqi4s7ldBjAfBgNVHSMEGDAWgBTL3w5XucuEre5nQiaKnqi4\n" +
"s7ldBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBo51E5U5H7\n" +
"kXkI1LaGDs35dOOtrPQQQ7DzhQACUDfyYB8/BBUlYHPegS2ca/l1mkD2P/GNyZbN\n" +
"r4eRoOujfU59gOwH4+MEs/4zUKicajTGUPCbJ56heipHunHzj+2nj3ok5PI0MoI1\n" +
"soQfRV1FshfWAni7E49L1QI/PQrQ2cPR/1dvkB06JCIn0GoTxd8E76VCJz576xnd\n" +
"XgjiadVbjMYDH9XJEy6eQT6vY5WeGOQC2XwSE3mS6G+Z9jlwIswa8RrKGtKqFGK1\n" +
"6yse9zfJv64X8tQwnrkatCx4shJwDUet6wJQzm0/NMPfquoxz7QHF2NsLlNky+fY\n" +
"fZjMnoO3J1nV\n" +
"-----END CERTIFICATE-----",
"308204bd020100300d06092a864886f70d0101010500048204a7308204a30201" +
"000282010100a1298abce5d7fb9149dfdf9a807f15bf3a7a82827ff914dc2558" +
"0c072e51221e92be93b8c3f12e8b55bc39e48ff827795e8481dc21aa46766aa1" +
"f628d473668dc53277df3fbf4d3bb69fe2a55a61a3d06ee8bd35e44db5a9b5d8" +
"24e6ba3c0c2afc23c61cbf074b7a4c07e009112fa8d2ca2aacaa519960b2310d" +
"de25d02c12b79a2b6eeff2fb652d3380c4384b30af174ff5401df96d0e9f8016" +
"6852046dfb8568b6571da76f2b189d9da0a6b9d389af2e8d8c55a7fb73e62163" +
"616498ad0f482af051b7a6f639d367cba875fde698a0582903b6b0cd8aa45e5e" +
"056f64558f69232cd3ae729f60a54a16f34ecf29a89a7ca0175ef48c22dd12b0" +
"91ec3c236889020301000102820100655c9e60ce62b85b99ce0f71ba2db3fcd1" +
"07ea7baf8776823b8e940a142c7d3c23696fb97eab7b6db11fb07dbbbb0500c5" +
"dcab5c4b642feb1c87ff2d90e97fefdcbe303c9e7870580535ac33f9937d9783" +
"9a281ef41798114448cc74bd5f34fbf8177bebea8de8ffe33ff4bd5f2ccd8ebe" +
"0e7708ac47be54749bd7438b199d2f134b71efc513827f260c0f74f1fc32f45b" +
"e5d510844777fcd2a486bc02c080d120d1c32336000ece743ea755f79f60a44a" +
"5e619ceb1caa873d847715616874d13c2ff1fe9f9f81d8fc83e83fb035bce8d9" +
"ed8f5caa41626d323551311b1d8d8f06785e3700d45e4d771157b22826efe553" +
"7a5892ad3bf3f915ec25342a8c7a3d02818100d19c03d857442bbaedb41b741e" +
"8e93d295940fdfc455898463ad96b0089ee68d90b787848b7aed6bb735c7e4b9" +
"7b22e867000d8e4b4ede4b155c34fd88c10244917912c048d023757bd758a117" +
"764aa80434c5c9636ec125574667ffe01af856f4517d06b6831ad50f16b26bba" +
"67a7125e158988c98b817dbb0928efa00c3ed702818100c4d49f7f3bf36586aa" +
"519bf2841c459c1863e71c08a9111344e51fcf5ff4267420fd9ffc9f72288e44" +
"b56bdae4eaa669e5e350afe4b4402be4af54d5dbc8b5dc5f5b6bb79df4fd17a5" +
"225287947783b5327b5dedf02733fb534514cc05fde1dcfceb8b537ad3c163a8" +
"8f36a60e2fb17fa6d9a0f3fca444f349eed9f07823879f02818100a5e9eb753c" +
"261ec338d23e84dc8718e53036e195cacfb6294fc920a4b83e26da59799c5043" +
"238b789ead784b48b1fa40a0fefebbea4a44548454d730f4256a8921e906f9a2" +
"e8f59851ed741f16f63043ec0865a2720d41df2fc4f01f2ea1ca7ef1a6eae2fc" +
"66ac3f8750fceb9ec1db1203dce25f9ec0c93fdf6371beb31dde430281807852" +
"be59ea4d25504847f13c34948fdd176fe2f4d93a790cbd7e0f8f16ca4ac38cf3" +
"5e5cf11fb93917398c805896353ae164af8b8714c571cfaf7afded086a5c1812" +
"ebeb686d3e56b9051d4c726f091db8897fe7177aefa500c7672a3db370e245de" +
"bbe24160b784f3a2f0b65c4fbd831a7d498e3d70321243acf69fb0e18f630281" +
"8065f0a2f257f8bf1d57e3f1b72c9a664ca92630985ee5ba35438e57a1df67a6" +
"f6b380907f5b7f9bdd2ddc63385615c5ca3c0dcbedfdc3f18433160855824712" +
"eaaeb318774478427dfb58135715cf82730a743dd8448984450905c28a6a97a0" +
"5f4aaad616978c07c5957c4f1945073f333df4337557bd6b754953f71df7a03c" +
"ec"),
// This certificate is generated by the below commands:
// openssl genpkey -genparam -algorithm dsa -pkeyopt dsa_paramgen_bits:2048 \
// -pkeyopt dsa_paramgen_q_bits:256 -out param.pem
// openssl genpkey -paramfile param.pem -out key.pem
// openssl req -x509 -new -key key.pem -days 7300 \
// -subj "/CN=DSA-2048-SHA256" -sha256 -out cer.pem
DSA_2048_SHA256(
KeyAlgorithm.DSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIIEezCCBCCgAwIBAgIUYbBHFrJkO9EokOROEScK0dr3aVowCwYJYIZIAWUDBAMC\n" +
"MBoxGDAWBgNVBAMMD0RTQS0yMDQ4LVNIQTI1NjAeFw0xOTAxMTYwNjA4NTJaFw0z\n" +
"OTAxMTEwNjA4NTJaMBoxGDAWBgNVBAMMD0RTQS0yMDQ4LVNIQTI1NjCCA0cwggI5\n" +
"BgcqhkjOOAQBMIICLAKCAQEAnGTeaC+MitQykXl2UcGtJhkelRhBalZuzR9fh8Xf\n" +
"swSj2auVzhjkQfns6E14X72XLYDwHPQilh4ZSiC1cX7bpvohJ7CjbouGnT78Gwf0\n" +
"pfVMRBRfbNiwBQzFtzehAqlLPXyHWCPxAzW0EgzZh8asIofBEGmGh6sxlpXbEcCS\n" +
"Ra5Q2vdDRVksm4APHKwbS1F6L/0QDvjDAudWyLFdFMSBuoyeFwCf7Gr5lcVi538h\n" +
"MliXSAhJ7SXe4B9K/5/VicuzAffE+EZsZZuJKeQ4oHz8xtycdMcW86Iag1i/POzD\n" +
"0Z7c5p9j1zDgms1ZRSz4fd7YgNGjmmf6dYJlZmCX4w9YiwIhALnVATHxZmk7G1kf\n" +
"LGX7SMeflAhA/D3EPA5QWdgTc0orAoIBAGYTWMnKHBF4oMKUsx6lF6KvSrqFQ0+j\n" +
"mWN1RNAGiVYm/Js9sc7jolZCbVTWM7GblO2DxiKed3FtcL3xw4P6l3GU7kFthsjh\n" +
"bHbMG58s5JVboLX50wZo1uBOb0kRcZYjYTfUwbBYpGNnl7xfQsZ/Bxq/wzyn4gxb\n" +
"+C0pu/vzmko+opKfFr9a2EL+ADvQhPd6y/L0YcpiTihvfXDWu+n3bNlwhUZYevux\n" +
"SPVkQH3h5YEqXePF7UeY506/2sr41/xCbCkuH+Ob77Cy1IjMqr4OpXzj6wCSjlFy\n" +
"Re66yqsjGpuBeTtsn9lKmlFVl4QUdw7XYbRubafNFEdd5IazMflCcgMDggEGAAKC\n" +
"AQEAnF3/TT0nYzfwY6/+lmoqoBtGU4of7RK4U3Jdhf6dj755GwgsPGAz3Rzh/hq/\n" +
"B3fuyrtnE/aU0EK1dtRNqnKeFsMCURBi3sWYYe7vamw5TukFMSUOuH76v75b26c+\n" +
"nTfZF30iDz+66Z5gcOSwhz9aLCnF/wYwijnzagnCF4m0Nhwsjtz4qECMPfL/Rkx8\n" +
"s83tUF53mx5o8WCYMNr4yJGcHEkautvZN05zwoxZTPKZNngWeCUAY07XwOYHTUvx\n" +
"C9Sxiom9k1pZPbHZnGpUx96at2dMoeTeHR6xF/0QpiIb4wLpOg/CRxsopBmhEl0S\n" +
"BEXYNIcrXLwVBLvJD6H44DxRiqNTMFEwHQYDVR0OBBYEFCr6C8Bl7wjz5L3cYMG3\n" +
"/ZFe7Ee0MB8GA1UdIwQYMBaAFCr6C8Bl7wjz5L3cYMG3/ZFe7Ee0MA8GA1UdEwEB\n" +
"/wQFMAMBAf8wCwYJYIZIAWUDBAMCA0gAMEUCIArByiqjCG1ZuOVY91OPa9g8q60y\n" +
"/BSRWRgikEuq3AbgAiEAoZoKXW80FTMxv/9tFy0N7OrUV4rc9+AUBSTuRCuTAk4=\n" +
"-----END CERTIFICATE-----",
"308202640201003082023906072a8648ce3804013082022c02820101009c64de" +
"682f8c8ad43291797651c1ad26191e9518416a566ecd1f5f87c5dfb304a3d9ab" +
"95ce18e441f9ece84d785fbd972d80f01cf422961e194a20b5717edba6fa2127" +
"b0a36e8b869d3efc1b07f4a5f54c44145f6cd8b0050cc5b737a102a94b3d7c87" +
"5823f10335b4120cd987c6ac2287c110698687ab319695db11c09245ae50daf7" +
"4345592c9b800f1cac1b4b517a2ffd100ef8c302e756c8b15d14c481ba8c9e17" +
"009fec6af995c562e77f21325897480849ed25dee01f4aff9fd589cbb301f7c4" +
"f8466c659b8929e438a07cfcc6dc9c74c716f3a21a8358bf3cecc3d19edce69f" +
"63d730e09acd59452cf87dded880d1a39a67fa758265666097e30f588b022100" +
"b9d50131f166693b1b591f2c65fb48c79f940840fc3dc43c0e5059d813734a2b" +
"02820100661358c9ca1c1178a0c294b31ea517a2af4aba85434fa399637544d0" +
"06895626fc9b3db1cee3a256426d54d633b19b94ed83c6229e77716d70bdf1c3" +
"83fa977194ee416d86c8e16c76cc1b9f2ce4955ba0b5f9d30668d6e04e6f4911" +
"7196236137d4c1b058a4636797bc5f42c67f071abfc33ca7e20c5bf82d29bbfb" +
"f39a4a3ea2929f16bf5ad842fe003bd084f77acbf2f461ca624e286f7d70d6bb" +
"e9f76cd9708546587afbb148f564407de1e5812a5de3c5ed4798e74ebfdacaf8" +
"d7fc426c292e1fe39befb0b2d488ccaabe0ea57ce3eb00928e517245eebacaab" +
"231a9b81793b6c9fd94a9a5155978414770ed761b46e6da7cd14475de486b331" +
"f942720304220220509dd213cc9769e93825063a4a60500f67c4b979f6504b2f" +
"ccdbefb3ab8fe6da"),
// This certificate is generated by the below commands:
// openssl genpkey -genparam -algorithm dsa -pkeyopt dsa_paramgen_bits:2048 \
// -pkeyopt dsa_paramgen_q_bits:256 -out param.pem
// openssl genpkey -paramfile param.pem -out key.pem
// openssl req -x509 -new -key key.pem -days 7300 \
// -subj "/CN=EXAMPLE" -sha256 -out cer.pem
EXAMPLE_DSA_2048_SHA256(
KeyAlgorithm.DSA,
"-----BEGIN CERTIFICATE-----\n" +
"MIIEaTCCBA+gAwIBAgIUckU2myqkWak+Svv0FFJX91vv1jMwCwYJYIZIAWUDBAMC\n" +
"MBIxEDAOBgNVBAMMB0VYQU1QTEUwHhcNMTkwMTE2MDYwODUzWhcNMzkwMTExMDYw\n" +
"ODUzWjASMRAwDgYDVQQDDAdFWEFNUExFMIIDRjCCAjkGByqGSM44BAEwggIsAoIB\n" +
"AQDGmXUxMKzLIVUQUy4lu4fbnv8fRXtWIbv1jxWATCNFiFt4cUxrr7GVC16MGrgm\n" +
"FtMIHXWwFlq2wTL0RhVp2WPIPQzxCwQFivQjpdewVCB1BoJ1ozlvQjU4hri5Ymdt\n" +
"ebe90uT8NsvrQrSKYCl+/pPNiZKT8oX1aKzRYPQLn0bVXUicWlACoLfHGM4irjEC\n" +
"4JezC/tdLleeNYNpy2/dKYu/atyN/u0d+dPRLWBCw6/qCRn1yRAv04GC3WYBlSXz\n" +
"f9OKlCH5kfm9sLyatz/RWDqOb/YWW2Rk7UTKAnoTAyB+I9yUXg6Gad2csNkxXv55\n" +
"9oJAhdhsOS5cdBoqlZEahIFBAiEAjiMCVBGpnAxjb2dXM/Eec7EfThflQXbl33Zn\n" +
"Uq3AAsUCggEAaBNP9Uttfs1eV/38aurLd3T1OiM0CF7DPxE0qpSM9dQz9cKZajIE\n" +
"lsVTGOLBC5/+VSat9t1VG+JoyvSspkvk97/mxx0WCz/QAYTdwCXVuMuSv+EqeOMP\n" +
"lCxEdbOS8pfD8shOK+pnDSHMJvURYxB+fJkHHeXfwesH3632Vq0GlJ8PgXH5NLHM\n" +
"MWv7oZjyZMnGWDq2taJcZZG5ETNda2fATNCF9Al430MUxie2Sp50vA1KEtyUqMu+\n" +
"CLpyOynPHi96TWHNfD23TmKFVN9Uh2nUNIpUk8NMKBwg2O7FvvNnKfbl44ikuCnc\n" +
"06U7SdF3y8NRdwyayMI3BkOsV8mkoMwUgAOCAQUAAoIBADK2c1Gl3+6zrFU8Uhro\n" +
"5lFnDy3UYXINpdtWR/8T0FJ6YMax70VCkyxucq3AUnmq9AQtFijjmXDnxzD5g7IS\n" +
"zOU/28Kg1Mmw26uzrpUZPiixNU7v/xzE37M0Ig3VCEQ9mw57/yv8gwZurHtsokGt\n" +
"k0lzH/krhYPCOpskg6NulGq5lGsnNVdPkSkiAWZFHTysgKgxvMUxXj0bUm4ZyNw6\n" +
"Lp2bFHKbmSeTy3OLo/Kvd7BIjhV+Bi5LFh7h8spf6SC7qyEm0X7Keu+61xkFHU8a\n" +
"aghnGQYwuzpTp+hsbAJdHwVLw9ElqEoaVp3rAmxtsdzqhZSxcMZoypbjEJpiZ1/v\n" +
"fQCjUzBRMB0GA1UdDgQWBBRTPXqHl7VKr5U94p9c882ge9DOXzAfBgNVHSMEGDAW\n" +
"gBRTPXqHl7VKr5U94p9c882ge9DOXzAPBgNVHRMBAf8EBTADAQH/MAsGCWCGSAFl\n" +
"AwQDAgNHADBEAiAOQxtKiMImXKWQvUKZxoUc+chXRxAj3UD3Zj7RksPF2AIgf8HG\n" +
"hOnr3hzIej3Da2Ty9RTittcgZ14boraO/Vlx9Jo=\n" +
"-----END CERTIFICATE-----",
"308202640201003082023906072a8648ce3804013082022c0282010100c69975" +
"3130accb215510532e25bb87db9eff1f457b5621bbf58f15804c2345885b7871" +
"4c6bafb1950b5e8c1ab82616d3081d75b0165ab6c132f4461569d963c83d0cf1" +
"0b04058af423a5d7b0542075068275a3396f42353886b8b962676d79b7bdd2e4" +
"fc36cbeb42b48a60297efe93cd899293f285f568acd160f40b9f46d55d489c5a" +
"5002a0b7c718ce22ae3102e097b30bfb5d2e579e358369cb6fdd298bbf6adc8d" +
"feed1df9d3d12d6042c3afea0919f5c9102fd38182dd66019525f37fd38a9421" +
"f991f9bdb0bc9ab73fd1583a8e6ff6165b6464ed44ca027a1303207e23dc945e" +
"0e8669dd9cb0d9315efe79f6824085d86c392e5c741a2a95911a848141022100" +
"8e23025411a99c0c636f675733f11e73b11f4e17e54176e5df766752adc002c5" +
"0282010068134ff54b6d7ecd5e57fdfc6aeacb7774f53a2334085ec33f1134aa" +
"948cf5d433f5c2996a320496c55318e2c10b9ffe5526adf6dd551be268caf4ac" +
"a64be4f7bfe6c71d160b3fd00184ddc025d5b8cb92bfe12a78e30f942c4475b3" +
"92f297c3f2c84e2bea670d21cc26f51163107e7c99071de5dfc1eb07dfadf656" +
"ad06949f0f8171f934b1cc316bfba198f264c9c6583ab6b5a25c6591b911335d" +
"6b67c04cd085f40978df4314c627b64a9e74bc0d4a12dc94a8cbbe08ba723b29" +
"cf1e2f7a4d61cd7c3db74e628554df548769d4348a5493c34c281c20d8eec5be" +
"f36729f6e5e388a4b829dcd3a53b49d177cbc351770c9ac8c2370643ac57c9a4" +
"a0cc1480042202201ba738489c54dddd5ffbf0009ef9d11851182235a251a410" +
"4a6354181ecd0348"),
// This certificate is generated by the below commands:
// openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 \
// -pkeyopt ec_param_enc:named_curve -out key.pem
// openssl req -x509 -new -days 7300 -key key.pem \
// -subj "/CN=ECDSA-SECP256-SHA256" -sha256 -out cer.pem
ECDSA_PRIME256V1_SHA256(
KeyAlgorithm.EC,
"-----BEGIN CERTIFICATE-----\n" +
"MIIBkzCCATmgAwIBAgIUVW+Rj8muf1DO8yUB9NSEDkD8oYowCgYIKoZIzj0EAwIw\n" +
"HzEdMBsGA1UEAwwURUNEU0EtU0VDUDI1Ni1TSEEyNTYwHhcNMTkwMjI3MTEwNzA0\n" +
"WhcNMzkwMjIyMTEwNzA0WjAfMR0wGwYDVQQDDBRFQ0RTQS1TRUNQMjU2LVNIQTI1\n" +
"NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJPHqflVA59hR/sBM64OOY2/PTTx\n" +
"kZZhKcVV8vEkWRWvDV2u2F+lbRQoEoe8bwfGgQgGJIdc+dz9/TVAaYlitaKjUzBR\n" +
"MB0GA1UdDgQWBBRS9gbMeeA7j7QdipPufKn3jI3hKTAfBgNVHSMEGDAWgBRS9gbM\n" +
"eeA7j7QdipPufKn3jI3hKTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gA\n" +
"MEUCIDH0b3EewcoZUeSo0c2pNSWGCeRlZI49dASDbZ3A0jdTAiEAy/dM9LwYvyLl\n" +
"yuWq4yTouCdzfQwR9QXg3ohRMhnASlg=\n" +
"-----END CERTIFICATE-----",
"308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02" +
"01010420ae670b91bae99a9752f2b7e26ab9c0e98636f0b0040d78f2ea4081f8" +
"e57c72e0a1440342000493c7a9f955039f6147fb0133ae0e398dbf3d34f19196" +
"6129c555f2f1245915af0d5daed85fa56d14281287bc6f07c681080624875cf9" +
"dcfdfd3540698962b5a2"),
// This certificate is generated by the below commands:
// openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 \
// -pkeyopt ec_param_enc:named_curve -out key.pem
// openssl req -x509 -new -days 7300 -key key.pem \
// -subj "/CN=EXAMPLE" -sha256 -out cer.pem
EXAMPLE_ECDSA_PRIME256V1_SHA256(
KeyAlgorithm.EC,
"-----BEGIN CERTIFICATE-----\n" +
"MIIBeTCCAR+gAwIBAgIUH6kQ0NfopvszxUwZ58KhMicqgCwwCgYIKoZIzj0EAwIw\n" +
"EjEQMA4GA1UEAwwHRVhBTVBMRTAeFw0xOTAyMjcxMTA5MTJaFw0zOTAyMjIxMTA5\n" +
"MTJaMBIxEDAOBgNVBAMMB0VYQU1QTEUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\n" +
"AASbW2bDwNxTHAzN7aW/OD/ywfa0A4bPKF3Qw4U4nLFBHhbbEmDrIkRWqU56UUDt\n" +
"fnTZnBCJtm4sH8o9D1D9UZVFo1MwUTAdBgNVHQ4EFgQUEEpzWKgPritmUQNEcQhz\n" +
"bB+5KuUwHwYDVR0jBBgwFoAUEEpzWKgPritmUQNEcQhzbB+5KuUwDwYDVR0TAQH/\n" +
"BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiBjeGB0oc6t2fWOaviIMfqRqta64nl6\n" +
"Gj8I/JfDH97P1wIhAJ5IC9cxVTiPL/QTxUxRRlTYUboL/+ck1XR9JbZjd/ar\n" +
"-----END CERTIFICATE-----",
"308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02" +
"010104205dfd6695d259d4047433c0b4520bedcf95130c5c08ba149caddad70d" +
"b3b66c1ba144034200049b5b66c3c0dc531c0ccdeda5bf383ff2c1f6b40386cf" +
"285dd0c385389cb1411e16db1260eb224456a94e7a5140ed7e74d99c1089b66e" +
"2c1fca3d0f50fd519545"),
// This certificate is generated by the below commands:
// openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 \
// -pkeyopt ec_param_enc:named_curve -out key.pem
// openssl req -new -key key.pem \
// -subj "/CN=EC-RSA-SECP256-SHA256" -sha256 -out csr.pem
// openssl x509 -req -CAcreateserial -days 7300 -in csr.pem -sha256 \
// -CA CA.cer -CAkey CA.key -out cer.pem
// Actually the CA is RSA_2048_SHA256
EC_RSA_PRIME256V1_SHA256(
KeyAlgorithm.EC,
"-----BEGIN CERTIFICATE-----\n" +
"MIIB9TCB3gIUWuMp26pvpTFO08C+ev6W8ZRDwqAwDQYJKoZIhvcNAQELBQAwGjEY\n" +
"MBYGA1UEAwwPUlNBLTIwNDgtU0hBMjU2MB4XDTE5MDIyNzA3NTUwMFoXDTM5MDIy\n" +
"MjA3NTUwMFowIDEeMBwGA1UEAwwVRUMtUlNBLVNFQ1AyNTYtU0hBMjU2MFkwEwYH\n" +
"KoZIzj0CAQYIKoZIzj0DAQcDQgAEgCoIan3yAA4KVwAO4qrMFF1alcYFzywPHerI\n" +
"eje3eQVhFaTecnbm0rTJE66JF8HeNuefd61+v1FqWo95aJ1l9zANBgkqhkiG9w0B\n" +
"AQsFAAOCAQEAJIgHTHyPJ5X44JR5ee3N2sYA8C9KGf2YFq/yPQ+pYYIk2gNKqMTH\n" +
"IgHzEqpeb1KC8i+F57xD8qL76QZ7YGVueKoU0o2XYO8Fj4Kug9B48uYvw4J025Bf\n" +
"emxVzuDwgPNAeQwzfoR4NpMKV6TjA7c1VVNUwnse7jHyzqkQLlNors62U+O2MI/t\n" +
"4RM6PDLWuGm9eDZAtifxdjjME9efEXOVi2y/9YAr7hOJKn3r1ie1Txo1N3LXTsLg\n" +
"Y0GlCcOiDGD5So6jSn4hY2CyeeEtTOZkloT/2Slpz9MbLzlav8hqnNQDbuSCFnyn\n" +
"fQh6yysvdeRm6Yx8bNkA/pxz/Y21fXVWMg==\n" +
"-----END CERTIFICATE-----",
"308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02" +
"0101042079433b715d94d8de6b423f55ef05c911613dc708339391339bef6ca3" +
"c14b419ca14403420004802a086a7df2000e0a57000ee2aacc145d5a95c605cf" +
"2c0f1deac87a37b779056115a4de7276e6d2b4c913ae8917c1de36e79f77ad7e" +
"bf516a5a8f79689d65"),
// This certificate is generated by the below commands:
// openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 \
// -pkeyopt ec_param_enc:named_curve -out key.pem
// openssl req -new -key key.pem -subj "/CN=EXAMPLE" -sha256 -out csr.pem
// openssl x509 -req -CAcreateserial -days 7300 -in csr.pem -sha256 \
// -CA CA.cer -CAkey CA.key -out cer.pem
// Actually the CA is EXAMPLE_RSA_2048_SHA256
EXAMPLE_EC_RSA_PRIME256V1_SHA256(
KeyAlgorithm.EC,
"-----BEGIN CERTIFICATE-----\n" +
"MIIB3zCByAIUWm9wgVB1TgdT5lpGNNkWBzuclKQwDQYJKoZIhvcNAQELBQAwEjEQ\n" +
"MA4GA1UEAwwHRVhBTVBMRTAeFw0xOTAyMjcwODA0MTNaFw0zOTAyMjIwODA0MTNa\n" +
"MBIxEDAOBgNVBAMMB0VYQU1QTEUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASp\n" +
"6YAqTEEjuMlG+vKl8XPo2T2wgqY6t+j1R5ySC0YiGesfrwVLTM4V+Ey9PKHoEIVK\n" +
"kWNUF5Sb2JdrYIuzb5WdMA0GCSqGSIb3DQEBCwUAA4IBAQBPrIScxw5Nx4DhT5GL\n" +
"ngyNBOun0yAwqrxQ3LPheMuN7CH4qehFPDx8MHhmFFjEIDKVRbEEgxiCJAgca7qD\n" +
"uLCfESM8KU4bkV4Pjx7/OEQZ3AkQ0UwDvDr/DypPg7TLLyF979OQo+fEaqWKH8Q4\n" +
"8Ot8+VUFuwpYhHQlkoPnwFKIuCfDGwYmmHP2btlZ5qBuDDzdo1JVGF8pJ943cfA8\n" +
"zRBJGKw8MMJXlfk3yiDSKMji0106SFuGwFJfkrdUnZ+hpeJ7rrrqW7jwLIil8PKf\n" +
"Z41UjYM4Ut/6O5SFqueBsC6yxfzrJbd8UZ7ZkfagWMr/AXLK1Sm3ICSPHsQW30mH\n" +
"uX+T\n" +
"-----END CERTIFICATE-----",
"308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02" +
"01010420f1f944e1fc4bd7013b157db5fed23b84a4a1cd3d1a22f40746353185" +
"c0d8684da14403420004a9e9802a4c4123b8c946faf2a5f173e8d93db082a63a" +
"b7e8f5479c920b462219eb1faf054b4cce15f84cbd3ca1e810854a9163541794" +
"9bd8976b608bb36f959d");
public final KeyAlgorithm keyAlgorithm;
public final String certMaterials;
public final String privKeyMaterials;
private Cert(
KeyAlgorithm keyAlgorithm,
String certMaterials,
String privKeyMaterials) {
this.keyAlgorithm = keyAlgorithm;
this.certMaterials = certMaterials;
this.privKeyMaterials = privKeyMaterials;
}
// Two certificates (mainCert and exampleCert) are selected to respect the
// specified cipher suite. SNI-associated cases specify exampleCert as desired.
public static Cert[] getCerts(CipherSuite cipherSuite) {
Cert mainCert = Cert.ECDSA_PRIME256V1_SHA256;
Cert exampleCert = Cert.EXAMPLE_ECDSA_PRIME256V1_SHA256;
if (cipherSuite.keyExAlgorithm == KeyExAlgorithm.ECDHE_RSA
|| cipherSuite.keyExAlgorithm == KeyExAlgorithm.DHE_RSA
|| cipherSuite.keyExAlgorithm == KeyExAlgorithm.RSA) {
mainCert = Cert.RSA_2048_SHA256;
exampleCert = Cert.EXAMPLE_RSA_2048_SHA256;
} else if (cipherSuite.keyExAlgorithm == KeyExAlgorithm.ECDH_RSA) {
mainCert = Cert.EC_RSA_PRIME256V1_SHA256;
exampleCert = Cert.EXAMPLE_EC_RSA_PRIME256V1_SHA256;
} else if (cipherSuite.keyExAlgorithm == KeyExAlgorithm.DHE_DSS) {
mainCert = Cert.DSA_2048_SHA256;
exampleCert = Cert.EXAMPLE_DSA_2048_SHA256;
}
System.out.printf("mainCert=%s, exampleCert=%s%n",
mainCert, exampleCert);
return new Cert[] { mainCert, exampleCert };
}
}