Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
41161 views
1
/*

2
 * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
//

25
// SunJSSE does not support dynamic system properties, no way to re-use

26
// system properties in samevm/agentvm mode.

27
//

28


29
/* @test

30
 * @bug 6766775

31
 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10

32
 * @run main/othervm DNSIdentities

33
 * @author Xuelei Fan

34
 */

35


36
import java.net.*;

37
import java.util.*;

38
import java.io.*;

39
import javax.net.ssl.*;

40
import java.security.Security;

41
import java.security.KeyStore;

42
import java.security.KeyFactory;

43
import java.security.cert.Certificate;

44
import java.security.cert.CertificateFactory;

45
import java.security.spec.*;

46
import java.security.interfaces.*;

47
import java.math.BigInteger;

48


49
/*

50
 * Certificates and key used in the test.

51
 *

52
 * TLS server certificate:

53
 * server private key:

54
 * -----BEGIN RSA PRIVATE KEY-----

55
 * Proc-Type: 4,ENCRYPTED

56
 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A

57
 *

58
 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e

59
 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI

60
 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n

61
 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb

62
 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP

63
 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz

64
 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF

65
 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J

66
 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa

67
 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH

68
 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT

69
 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q

70
 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==

71
 * -----END RSA PRIVATE KEY-----

72
 *

73
 * -----BEGIN RSA PRIVATE KEY-----

74
 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie

75
 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU

76
 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB

77
 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi

78
 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y

79
 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo

80
 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4

81
 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51

82
 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16

83
 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2

84
 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC

85
 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF

86
 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=

87
 * -----END RSA PRIVATE KEY-----

88
 *

89
 * Private-Key: (1024 bit)

90
 * modulus:

91
 *     00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:

92
 *     d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:

93
 *     1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:

94
 *     ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:

95
 *     7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:

96
 *     9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:

97
 *     d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:

98
 *     7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:

99
 *     30:05:40:2c:4f:ab:d9:74:89

100
 * publicExponent: 65537 (0x10001)

101
 * privateExponent:

102
 *     6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:

103
 *     60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:

104
 *     e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:

105
 *     0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:

106
 *     4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:

107
 *     76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:

108
 *     6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:

109
 *     fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:

110
 *     37:6b:37:59:ed:db:6d:b1

111
 * prime1:

112
 *     00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:

113
 *     ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:

114
 *     89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:

115
 *     c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:

116
 *     d6:11:4c:99:c7

117
 * prime2:

118
 *     00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:

119
 *     97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:

120
 *     31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:

121
 *     3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:

122
 *     e0:e1:84:ff:2f

123
 * exponent1:

124
 *     7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:

125
 *     8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:

126
 *     32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:

127
 *     6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:

128
 *     12:b7:6e:91

129
 * exponent2:

130
 *     00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:

131
 *     d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:

132
 *     0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:

133
 *     98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:

134
 *     19:7b:b0:de:53

135
 * coefficient:

136
 *     71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:

137
 *     cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:

138
 *     90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:

139
 *     06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:

140
 *     12:d7:eb:4f

141
 *

142
 *

143
 * server certificate:

144
 * Data:

145
 *     Version: 3 (0x2)

146
 *     Serial Number: 8 (0x8)

147
 *     Signature Algorithm: md5WithRSAEncryption

148
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

149
 *     Validity

150
 *         Not Before: Dec  8 03:43:04 2008 GMT

151
 *         Not After : Aug 25 03:43:04 2028 GMT

152
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost

153
 *     Subject Public Key Info:

154
 *         Public Key Algorithm: rsaEncryption

155
 *         RSA Public Key: (1024 bit)

156
 *             Modulus (1024 bit):

157
 *                 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:

158
 *                 d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:

159
 *                 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:

160
 *                 ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:

161
 *                 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:

162
 *                 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:

163
 *                 d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:

164
 *                 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:

165
 *                 30:05:40:2c:4f:ab:d9:74:89

166
 *             Exponent: 65537 (0x10001)

167
 *     X509v3 extensions:

168
 *         X509v3 Basic Constraints:

169
 *             CA:FALSE

170
 *         X509v3 Key Usage:

171
 *             Digital Signature, Non Repudiation, Key Encipherment

172
 *         X509v3 Subject Key Identifier:

173
 *             ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54

174
 *         X509v3 Authority Key Identifier:

175
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

176
 *

177
 *         X509v3 Subject Alternative Name: critical

178
 *             DNS:localhost

179
 * Signature Algorithm: md5WithRSAEncryption0

180
 *

181
 * -----BEGIN CERTIFICATE-----

182
 * MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

183
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

184
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ

185
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

186
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD

187
 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3

188
 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6

189
 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS

190
 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw

191
 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV

192
 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh

193
 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac

194
 * PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi

195
 * nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn

196
 * JqCpf5uZGOo=

197
 * -----END CERTIFICATE-----

198
 *

199
 *

200
 * TLS client certificate:

201
 * client private key:

202
 * ----BEGIN RSA PRIVATE KEY-----

203
 * Proc-Type: 4,ENCRYPTED

204
 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390

205
 *

206
 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4

207
 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf

208
 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak

209
 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH

210
 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat

211
 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46

212
 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++

213
 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+

214
 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN

215
 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U

216
 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO

217
 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig

218
 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=

219
 * -----END RSA PRIVATE KEY-----

220
 *

221
 * -----BEGIN RSA PRIVATE KEY-----

222
 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4

223
 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z

224
 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB

225
 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW

226
 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf

227
 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6

228
 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3

229
 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX

230
 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM

231
 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1

232
 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j

233
 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY

234
 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==

235
 * -----END RSA PRIVATE KEY-----

236
 *

237
 * Private-Key: (1024 bit)

238
 * modulus:

239
 *     00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:

240
 *     21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:

241
 *     12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:

242
 *     01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:

243
 *     7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:

244
 *     35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:

245
 *     ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:

246
 *     28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:

247
 *     75:8d:f5:82:ac:43:92:44:1b

248
 * publicExponent: 65537 (0x10001)

249
 * privateExponent:

250
 *     11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:

251
 *     25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:

252
 *     fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:

253
 *     b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:

254
 *     26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:

255
 *     2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:

256
 *     47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:

257
 *     4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:

258
 *     e5:28:9b:f9:4c:94:c6:b1

259
 * prime1:

260
 *     00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:

261
 *     2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:

262
 *     a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:

263
 *     1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:

264
 *     e2:a0:4d:ab:b5

265
 * prime2:

266
 *     00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:

267
 *     96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:

268
 *     3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:

269
 *     bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:

270
 *     76:7d:ce:32:8f

271
 * exponent1:

272
 *     2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:

273
 *     33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:

274
 *     9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:

275
 *     28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:

276
 *     4c:de:38:95

277
 * exponent2:

278
 *     0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:

279
 *     ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:

280
 *     69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:

281
 *     eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:

282
 *     0d:78:df:fd

283
 * coefficient:

284
 *     01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:

285
 *     de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:

286
 *     aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:

287
 *     93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:

288
 *     35:92:f2:e3

289
 *

290
 * client certificate:

291
 * Data:

292
 *     Version: 3 (0x2)

293
 *     Serial Number: 9 (0x9)

294
 *     Signature Algorithm: md5WithRSAEncryption

295
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

296
 *     Validity

297
 *         Not Before: Dec  8 03:43:24 2008 GMT

298
 *         Not After : Aug 25 03:43:24 2028 GMT

299
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost

300
 *     Subject Public Key Info:

301
 *         Public Key Algorithm: rsaEncryption

302
 *         RSA Public Key: (1024 bit)

303
 *             Modulus (1024 bit):

304
 *                 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:

305
 *                 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:

306
 *                 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:

307
 *                 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:

308
 *                 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:

309
 *                 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:

310
 *                 ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:

311
 *                 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:

312
 *                 75:8d:f5:82:ac:43:92:44:1b

313
 *             Exponent: 65537 (0x10001)

314
 *     X509v3 extensions:

315
 *         X509v3 Basic Constraints:

316
 *             CA:FALSE

317
 *         X509v3 Key Usage:

318
 *             Digital Signature, Non Repudiation, Key Encipherment

319
 *         X509v3 Subject Key Identifier:

320
 *             CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6

321
 *         X509v3 Authority Key Identifier:

322
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

323
 *

324
 *         X509v3 Subject Alternative Name: critical

325
 *             DNS:localhost

326
 * Signature Algorithm: md5WithRSAEncryption

327
 *

328
 * -----BEGIN CERTIFICATE-----

329
 * MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

330
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

331
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ

332
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

333
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD

334
 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas

335
 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV

336
 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq

337
 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw

338
 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV

339
 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh

340
 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F

341
 * HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj

342
 * XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN

343
 * cl/epUcHL7E=

344
 * -----END CERTIFICATE-----

345
 *

346
 *

347
 *

348
 * Trusted CA certificate:

349
 * Certificate:

350
 *   Data:

351
 *     Version: 3 (0x2)

352
 *     Serial Number: 0 (0x0)

353
 *     Signature Algorithm: md5WithRSAEncryption

354
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

355
 *     Validity

356
 *         Not Before: Dec  8 02:43:36 2008 GMT

357
 *         Not After : Aug 25 02:43:36 2028 GMT

358
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org

359
 *     Subject Public Key Info:

360
 *         Public Key Algorithm: rsaEncryption

361
 *         RSA Public Key: (1024 bit)

362
 *             Modulus (1024 bit):

363
 *                 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:

364
 *                 d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:

365
 *                 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:

366
 *                 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:

367
 *                 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:

368
 *                 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:

369
 *                 f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:

370
 *                 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:

371
 *                 89:2a:95:12:4c:d8:09:2a:e9

372
 *             Exponent: 65537 (0x10001)

373
 *     X509v3 extensions:

374
 *         X509v3 Subject Key Identifier:

375
 *             FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

376
 *         X509v3 Authority Key Identifier:

377
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

378
 *             DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org

379
 *             serial:00

380
 *

381
 *         X509v3 Basic Constraints:

382
 *             CA:TRUE

383
 *  Signature Algorithm: md5WithRSAEncryption

384
 *

385
 * -----BEGIN CERTIFICATE-----

386
 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

387
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

388
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ

389
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

390
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB

391
 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX

392
 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj

393
 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G

394
 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ

395
 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt

396
 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw

397
 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA

398
 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ

399
 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P

400
 * 6Mvf0r1PNTY2hwTJLJmKtg==

401
 * -----END CERTIFICATE---

402
 */

403


404


405
public class DNSIdentities {

406
    static Map cookies;

407
    ServerSocket ss;

408


409
    /*

410
     * =============================================================

411
     * Set the various variables needed for the tests, then

412
     * specify what tests to run on each side.

413
     */

414


415
    /*

416
     * Should we run the client or server in a separate thread?

417
     * Both sides can throw exceptions, but do you have a preference

418
     * as to which side should be the main thread.

419
     */

420
    static boolean separateServerThread = true;

421


422
    /*

423
     * Where do we find the keystores?

424
     */

425
    static String trusedCertStr =

426
        "-----BEGIN CERTIFICATE-----\n" +

427
        "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

428
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

429
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" +

430
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

431
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +

432
        "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" +

433
        "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" +

434
        "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" +

435
        "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" +

436
        "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" +

437
        "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" +

438
        "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" +

439
        "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" +

440
        "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" +

441
        "6Mvf0r1PNTY2hwTJLJmKtg==\n" +

442
        "-----END CERTIFICATE-----";

443


444
    static String serverCertStr =

445
        "-----BEGIN CERTIFICATE-----\n" +

446
        "MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

447
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

448
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ\n" +

449
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

450
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" +

451
        "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" +

452
        "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" +

453
        "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" +

454
        "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" +

455
        "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" +

456
        "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" +

457
        "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac\n" +

458
        "PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi\n" +

459
        "nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn\n" +

460
        "JqCpf5uZGOo=\n" +

461
        "-----END CERTIFICATE-----";

462


463
    static String clientCertStr =

464
        "-----BEGIN CERTIFICATE-----\n" +

465
        "MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

466
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

467
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ\n" +

468
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

469
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" +

470
        "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" +

471
        "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" +

472
        "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" +

473
        "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" +

474
        "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" +

475
        "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" +

476
        "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F\n" +

477
        "HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj\n" +

478
        "XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN\n" +

479
        "cl/epUcHL7E=\n" +

480
        "-----END CERTIFICATE-----";

481


482
    static byte serverPrivateExponent[] = {

483
        (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83,

484
        (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44,

485
        (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89,

486
        (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60,

487
        (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21,

488
        (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc,

489
        (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e,

490
        (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3,

491
        (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54,

492
        (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf,

493
        (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0,

494
        (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9,

495
        (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29,

496
        (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c,

497
        (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9,

498
        (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6,

499
        (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72,

500
        (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4,

501
        (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76,

502
        (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f,

503
        (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5,

504
        (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71,

505
        (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e,

506
        (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4,

507
        (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a,

508
        (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4,

509
        (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a,

510
        (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18,

511
        (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba,

512
        (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3,

513
        (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59,

514
        (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1

515
    };

516


517
    static byte serverModulus[] = {

518
        (byte)0x00,

519
        (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c,

520
        (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99,

521
        (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79,

522
        (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48,

523
        (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84,

524
        (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c,

525
        (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9,

526
        (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39,

527
        (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72,

528
        (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44,

529
        (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc,

530
        (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6,

531
        (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54,

532
        (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc,

533
        (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f,

534
        (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f,

535
        (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2,

536
        (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88,

537
        (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f,

538
        (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53,

539
        (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33,

540
        (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47,

541
        (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea,

542
        (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75,

543
        (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc,

544
        (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9,

545
        (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2,

546
        (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24,

547
        (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03,

548
        (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30,

549
        (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f,

550
        (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89

551
    };

552


553
    static byte clientPrivateExponent[] = {

554
        (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36,

555
        (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce,

556
        (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84,

557
        (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25,

558
        (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4,

559
        (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a,

560
        (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19,

561
        (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2,

562
        (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77,

563
        (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84,

564
        (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41,

565
        (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8,

566
        (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71,

567
        (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a,

568
        (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0,

569
        (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6,

570
        (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39,

571
        (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e,

572
        (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a,

573
        (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88,

574
        (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89,

575
        (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d,

576
        (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a,

577
        (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69,

578
        (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37,

579
        (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7,

580
        (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27,

581
        (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8,

582
        (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8,

583
        (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1,

584
        (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9,

585
        (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1

586
    };

587


588
    static byte clientModulus[] = {

589
        (byte)0x00,

590
        (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36,

591
        (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e,

592
        (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00,

593
        (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f,

594
        (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93,

595
        (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1,

596
        (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8,

597
        (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99,

598
        (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f,

599
        (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24,

600
        (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7,

601
        (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44,

602
        (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2,

603
        (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c,

604
        (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d,

605
        (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a,

606
        (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6,

607
        (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f,

608
        (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97,

609
        (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05,

610
        (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf,

611
        (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3,

612
        (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c,

613
        (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf,

614
        (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56,

615
        (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9,

616
        (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf,

617
        (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab,

618
        (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1,

619
        (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75,

620
        (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac,

621
        (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b

622
    };

623


624
    static char passphrase[] = "passphrase".toCharArray();

625


626
    /*

627
     * Is the server ready to serve?

628
     */

629
    volatile static boolean serverReady = false;

630


631
    /*

632
     * Is the connection ready to close?

633
     */

634
    volatile static boolean closeReady = false;

635


636
    /*

637
     * Turn on SSL debugging?

638
     */

639
    static boolean debug = false;

640


641
    private SSLServerSocket sslServerSocket = null;

642


643
    /*

644
     * Define the server side of the test.

645
     *

646
     * If the server prematurely exits, serverReady will be set to true

647
     * to avoid infinite hangs.

648
     */

649
    void doServerSide() throws Exception {

650
        SSLContext context = getSSLContext(trusedCertStr, serverCertStr,

651
            serverModulus, serverPrivateExponent, passphrase);

652
        SSLServerSocketFactory sslssf = context.getServerSocketFactory();

653


654
        // doClientSide() connects to "localhost"

655
        InetAddress localHost = InetAddress.getByName("localhost");

656
        InetSocketAddress address = new InetSocketAddress(localHost, serverPort);

657


658
        sslServerSocket =

659
            (SSLServerSocket) sslssf.createServerSocket();

660
        sslServerSocket.bind(address);

661
        serverPort = sslServerSocket.getLocalPort();

662


663
        /*

664
         * Signal Client, we're ready for his connect.

665
         */

666
        serverReady = true;

667


668
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();

669
        sslSocket.setNeedClientAuth(true);

670


671
        PrintStream out =

672
                new PrintStream(sslSocket.getOutputStream());

673


674
        try {

675
            // ignore request data

676


677
            // send the response

678
            out.print("HTTP/1.1 200 OK\r\n");

679
            out.print("Content-Type: text/html; charset=iso-8859-1\r\n");

680
            out.print("Content-Length: "+ 9 +"\r\n");

681
            out.print("\r\n");

682
            out.print("Testing\r\n");

683
            out.flush();

684
        } finally {

685
            // close the socket

686
            while (!closeReady) {

687
                Thread.sleep(50);

688
            }

689


690
            System.out.println("Server closing socket");

691
            sslSocket.close();

692
            serverReady = false;

693
        }

694


695
    }

696


697
    /*

698
     * Define the client side of the test.

699
     *

700
     * If the server prematurely exits, serverReady will be set to true

701
     * to avoid infinite hangs.

702
     */

703
    void doClientSide() throws Exception {

704
        SSLContext reservedSSLContext = SSLContext.getDefault();

705
        try {

706
            SSLContext context = getSSLContext(trusedCertStr, clientCertStr,

707
                clientModulus, clientPrivateExponent, passphrase);

708


709
            SSLContext.setDefault(context);

710


711
            /*

712
             * Wait for server to get started.

713
             */

714
            while (!serverReady) {

715
                Thread.sleep(50);

716
            }

717


718
            HttpsURLConnection http = null;

719


720
            /* establish http connection to server */

721
            URL url = new URL("https://localhost:" + serverPort+"/");

722
            System.out.println("url is "+url.toString());

723


724
            try {

725
                http = (HttpsURLConnection)url.openConnection(Proxy.NO_PROXY);

726


727
                int respCode = http.getResponseCode();

728
                System.out.println("respCode = "+respCode);

729
            } finally {

730
                if (http != null) {

731
                    http.disconnect();

732
                }

733
                closeReady = true;

734
            }

735
        } finally {

736
            SSLContext.setDefault(reservedSSLContext);

737
        }

738
    }

739


740
    /*

741
     * =============================================================

742
     * The remainder is just support stuff

743
     */

744


745
    // use any free port by default

746
    volatile int serverPort = 0;

747


748
    volatile Exception serverException = null;

749
    volatile Exception clientException = null;

750


751
    public static void main(String args[]) throws Exception {

752
        // MD5 is used in this test case, don't disable MD5 algorithm.

753
        Security.setProperty("jdk.certpath.disabledAlgorithms",

754
                "MD2, RSA keySize < 1024");

755
        Security.setProperty("jdk.tls.disabledAlgorithms",

756
                "SSLv3, RC4, DH keySize < 768");

757


758
        if (debug)

759
            System.setProperty("javax.net.debug", "all");

760


761
        /*

762
         * Start the tests.

763
         */

764
        new DNSIdentities();

765
    }

766


767
    Thread clientThread = null;

768
    Thread serverThread = null;

769
    /*

770
     * Primary constructor, used to drive remainder of the test.

771
     *

772
     * Fork off the other side, then do your work.

773
     */

774
    DNSIdentities() throws Exception {

775
        if (separateServerThread) {

776
            startServer(true);

777
            startClient(false);

778
        } else {

779
            startClient(true);

780
            startServer(false);

781
        }

782


783
        /*

784
         * Wait for other side to close down.

785
         */

786
        if (separateServerThread) {

787
            serverThread.join();

788
        } else {

789
            clientThread.join();

790
        }

791


792
        /*

793
         * When we get here, the test is pretty much over.

794
         *

795
         * If the main thread excepted, that propagates back

796
         * immediately.  If the other thread threw an exception, we

797
         * should report back.

798
         */

799
        if (serverException != null)

800
            throw serverException;

801
        if (clientException != null)

802
            throw clientException;

803
    }

804


805
    void startServer(boolean newThread) throws Exception {

806
        if (newThread) {

807
            serverThread = new Thread() {

808
                public void run() {

809
                    try {

810
                        doServerSide();

811
                    } catch (Exception e) {

812
                        /*

813
                         * Our server thread just died.

814
                         *

815
                         * Release the client, if not active already...

816
                         */

817
                        System.err.println("Server died...");

818
                        serverReady = true;

819
                        serverException = e;

820
                    }

821
                }

822
            };

823
            serverThread.start();

824
        } else {

825
            doServerSide();

826
        }

827
    }

828


829
    void startClient(boolean newThread) throws Exception {

830
        if (newThread) {

831
            clientThread = new Thread() {

832
                public void run() {

833
                    try {

834
                        doClientSide();

835
                    } catch (Exception e) {

836
                        /*

837
                         * Our client thread just died.

838
                         */

839
                        System.err.println("Client died...");

840
                        clientException = e;

841
                    }

842
                }

843
            };

844
            clientThread.start();

845
        } else {

846
            doClientSide();

847
        }

848
    }

849


850
    // get the ssl context

851
    private static SSLContext getSSLContext(String trusedCertStr,

852
            String keyCertStr, byte[] modulus,

853
            byte[] privateExponent, char[] passphrase) throws Exception {

854


855
        // generate certificate from cert string

856
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

857


858
        ByteArrayInputStream is =

859
                    new ByteArrayInputStream(trusedCertStr.getBytes());

860
        Certificate trusedCert = cf.generateCertificate(is);

861
        is.close();

862


863
        // create a key store

864
        KeyStore ks = KeyStore.getInstance("JKS");

865
        ks.load(null, null);

866


867
        // import the trused cert

868
        ks.setCertificateEntry("RSA Export Signer", trusedCert);

869


870
        if (keyCertStr != null) {

871
            // generate the private key.

872
            RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(

873
                                            new BigInteger(modulus),

874
                                            new BigInteger(privateExponent));

875
            KeyFactory kf = KeyFactory.getInstance("RSA");

876
            RSAPrivateKey priKey =

877
                    (RSAPrivateKey)kf.generatePrivate(priKeySpec);

878


879
            // generate certificate chain

880
            is = new ByteArrayInputStream(keyCertStr.getBytes());

881
            Certificate keyCert = cf.generateCertificate(is);

882
            is.close();

883


884
            Certificate[] chain = new Certificate[2];

885
            chain[0] = keyCert;

886
            chain[1] = trusedCert;

887


888
            // import the key entry.

889
            ks.setKeyEntry("Whatever", priKey, passphrase, chain);

890
        }

891


892
        // create SSL context

893
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");

894
        tmf.init(ks);

895


896
        SSLContext ctx = SSLContext.getInstance("TLS");

897


898
        if (keyCertStr != null) {

899
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

900
            kmf.init(ks, passphrase);

901


902
            ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

903
        } else {

904
            ctx.init(null, tmf.getTrustManagers(), null);

905
        }

906


907
        return ctx;

908
    }

909


910
}

911


912