Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/sun/net/www/protocol/https/HttpsURLConnection/IPAddressDNSIdentities.java
41161 views
1
/*

2
 * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
/* @test

25
 * @bug 6766775

26
 * @library /test/lib

27
 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10

28
 * @run main/othervm IPAddressDNSIdentities

29
 *

30
 *     SunJSSE does not support dynamic system properties, no way to re-use

31
 *     system properties in samevm/agentvm mode.

32
 * @author Xuelei Fan

33
 */

34


35
import java.net.*;

36
import java.util.*;

37
import java.io.*;

38
import javax.net.ssl.*;

39
import java.security.KeyStore;

40
import java.security.KeyFactory;

41
import java.security.cert.Certificate;

42
import java.security.cert.CertificateFactory;

43
import java.security.spec.*;

44
import java.security.interfaces.*;

45
import java.math.BigInteger;

46
import jdk.test.lib.net.URIBuilder;

47


48
/*

49
 * Certificates and key used in the test.

50
 *

51
 * TLS server certificate:

52
 * server private key:

53
 * -----BEGIN RSA PRIVATE KEY-----

54
 * Proc-Type: 4,ENCRYPTED

55
 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A

56
 *

57
 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e

58
 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI

59
 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n

60
 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb

61
 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP

62
 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz

63
 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF

64
 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J

65
 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa

66
 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH

67
 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT

68
 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q

69
 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==

70
 * -----END RSA PRIVATE KEY-----

71
 *

72
 * -----BEGIN RSA PRIVATE KEY-----

73
 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie

74
 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU

75
 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB

76
 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi

77
 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y

78
 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo

79
 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4

80
 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51

81
 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16

82
 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2

83
 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC

84
 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF

85
 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=

86
 * -----END RSA PRIVATE KEY-----

87
 *

88
 * Private-Key: (1024 bit)

89
 * modulus:

90
 *     00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:

91
 *     d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:

92
 *     1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:

93
 *     ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:

94
 *     7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:

95
 *     9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:

96
 *     d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:

97
 *     7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:

98
 *     30:05:40:2c:4f:ab:d9:74:89

99
 * publicExponent: 65537 (0x10001)

100
 * privateExponent:

101
 *     6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:

102
 *     60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:

103
 *     e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:

104
 *     0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:

105
 *     4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:

106
 *     76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:

107
 *     6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:

108
 *     fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:

109
 *     37:6b:37:59:ed:db:6d:b1

110
 * prime1:

111
 *     00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:

112
 *     ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:

113
 *     89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:

114
 *     c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:

115
 *     d6:11:4c:99:c7

116
 * prime2:

117
 *     00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:

118
 *     97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:

119
 *     31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:

120
 *     3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:

121
 *     e0:e1:84:ff:2f

122
 * exponent1:

123
 *     7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:

124
 *     8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:

125
 *     32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:

126
 *     6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:

127
 *     12:b7:6e:91

128
 * exponent2:

129
 *     00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:

130
 *     d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:

131
 *     0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:

132
 *     98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:

133
 *     19:7b:b0:de:53

134
 * coefficient:

135
 *     71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:

136
 *     cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:

137
 *     90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:

138
 *     06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:

139
 *     12:d7:eb:4f

140
 *

141
 *

142
 * server certificate:

143
 * Data:

144
 *     Version: 3 (0x2)

145
 *     Serial Number: 8 (0x8)

146
 *     Signature Algorithm: md5WithRSAEncryption

147
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

148
 *     Validity

149
 *         Not Before: Dec  8 03:43:04 2008 GMT

150
 *         Not After : Aug 25 03:43:04 2028 GMT

151
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost

152
 *     Subject Public Key Info:

153
 *         Public Key Algorithm: rsaEncryption

154
 *         RSA Public Key: (1024 bit)

155
 *             Modulus (1024 bit):

156
 *                 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:

157
 *                 d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:

158
 *                 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:

159
 *                 ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:

160
 *                 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:

161
 *                 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:

162
 *                 d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:

163
 *                 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:

164
 *                 30:05:40:2c:4f:ab:d9:74:89

165
 *             Exponent: 65537 (0x10001)

166
 *     X509v3 extensions:

167
 *         X509v3 Basic Constraints:

168
 *             CA:FALSE

169
 *         X509v3 Key Usage:

170
 *             Digital Signature, Non Repudiation, Key Encipherment

171
 *         X509v3 Subject Key Identifier:

172
 *             ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54

173
 *         X509v3 Authority Key Identifier:

174
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

175
 *

176
 *         X509v3 Subject Alternative Name: critical

177
 *             DNS:localhost

178
 * Signature Algorithm: md5WithRSAEncryption0

179
 *

180
 * -----BEGIN CERTIFICATE-----

181
 * MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

182
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

183
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ

184
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

185
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD

186
 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3

187
 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6

188
 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS

189
 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw

190
 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV

191
 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh

192
 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac

193
 * PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi

194
 * nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn

195
 * JqCpf5uZGOo=

196
 * -----END CERTIFICATE-----

197
 *

198
 *

199
 * TLS client certificate:

200
 * client private key:

201
 * ----BEGIN RSA PRIVATE KEY-----

202
 * Proc-Type: 4,ENCRYPTED

203
 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390

204
 *

205
 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4

206
 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf

207
 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak

208
 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH

209
 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat

210
 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46

211
 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++

212
 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+

213
 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN

214
 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U

215
 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO

216
 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig

217
 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=

218
 * -----END RSA PRIVATE KEY-----

219
 *

220
 * -----BEGIN RSA PRIVATE KEY-----

221
 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4

222
 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z

223
 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB

224
 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW

225
 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf

226
 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6

227
 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3

228
 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX

229
 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM

230
 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1

231
 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j

232
 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY

233
 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==

234
 * -----END RSA PRIVATE KEY-----

235
 *

236
 * Private-Key: (1024 bit)

237
 * modulus:

238
 *     00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:

239
 *     21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:

240
 *     12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:

241
 *     01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:

242
 *     7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:

243
 *     35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:

244
 *     ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:

245
 *     28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:

246
 *     75:8d:f5:82:ac:43:92:44:1b

247
 * publicExponent: 65537 (0x10001)

248
 * privateExponent:

249
 *     11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:

250
 *     25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:

251
 *     fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:

252
 *     b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:

253
 *     26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:

254
 *     2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:

255
 *     47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:

256
 *     4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:

257
 *     e5:28:9b:f9:4c:94:c6:b1

258
 * prime1:

259
 *     00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:

260
 *     2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:

261
 *     a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:

262
 *     1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:

263
 *     e2:a0:4d:ab:b5

264
 * prime2:

265
 *     00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:

266
 *     96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:

267
 *     3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:

268
 *     bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:

269
 *     76:7d:ce:32:8f

270
 * exponent1:

271
 *     2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:

272
 *     33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:

273
 *     9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:

274
 *     28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:

275
 *     4c:de:38:95

276
 * exponent2:

277
 *     0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:

278
 *     ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:

279
 *     69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:

280
 *     eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:

281
 *     0d:78:df:fd

282
 * coefficient:

283
 *     01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:

284
 *     de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:

285
 *     aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:

286
 *     93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:

287
 *     35:92:f2:e3

288
 *

289
 * client certificate:

290
 * Data:

291
 *     Version: 3 (0x2)

292
 *     Serial Number: 9 (0x9)

293
 *     Signature Algorithm: md5WithRSAEncryption

294
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

295
 *     Validity

296
 *         Not Before: Dec  8 03:43:24 2008 GMT

297
 *         Not After : Aug 25 03:43:24 2028 GMT

298
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost

299
 *     Subject Public Key Info:

300
 *         Public Key Algorithm: rsaEncryption

301
 *         RSA Public Key: (1024 bit)

302
 *             Modulus (1024 bit):

303
 *                 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:

304
 *                 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:

305
 *                 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:

306
 *                 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:

307
 *                 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:

308
 *                 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:

309
 *                 ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:

310
 *                 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:

311
 *                 75:8d:f5:82:ac:43:92:44:1b

312
 *             Exponent: 65537 (0x10001)

313
 *     X509v3 extensions:

314
 *         X509v3 Basic Constraints:

315
 *             CA:FALSE

316
 *         X509v3 Key Usage:

317
 *             Digital Signature, Non Repudiation, Key Encipherment

318
 *         X509v3 Subject Key Identifier:

319
 *             CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6

320
 *         X509v3 Authority Key Identifier:

321
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

322
 *

323
 *         X509v3 Subject Alternative Name: critical

324
 *             DNS:localhost

325
 * Signature Algorithm: md5WithRSAEncryption

326
 *

327
 * -----BEGIN CERTIFICATE-----

328
 * MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

329
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

330
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ

331
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

332
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD

333
 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas

334
 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV

335
 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq

336
 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw

337
 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV

338
 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh

339
 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F

340
 * HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj

341
 * XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN

342
 * cl/epUcHL7E=

343
 * -----END CERTIFICATE-----

344
 *

345
 *

346
 *

347
 * Trusted CA certificate:

348
 * Certificate:

349
 *   Data:

350
 *     Version: 3 (0x2)

351
 *     Serial Number: 0 (0x0)

352
 *     Signature Algorithm: md5WithRSAEncryption

353
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

354
 *     Validity

355
 *         Not Before: Dec  8 02:43:36 2008 GMT

356
 *         Not After : Aug 25 02:43:36 2028 GMT

357
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org

358
 *     Subject Public Key Info:

359
 *         Public Key Algorithm: rsaEncryption

360
 *         RSA Public Key: (1024 bit)

361
 *             Modulus (1024 bit):

362
 *                 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:

363
 *                 d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:

364
 *                 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:

365
 *                 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:

366
 *                 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:

367
 *                 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:

368
 *                 f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:

369
 *                 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:

370
 *                 89:2a:95:12:4c:d8:09:2a:e9

371
 *             Exponent: 65537 (0x10001)

372
 *     X509v3 extensions:

373
 *         X509v3 Subject Key Identifier:

374
 *             FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

375
 *         X509v3 Authority Key Identifier:

376
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

377
 *             DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org

378
 *             serial:00

379
 *

380
 *         X509v3 Basic Constraints:

381
 *             CA:TRUE

382
 *  Signature Algorithm: md5WithRSAEncryption

383
 *

384
 * -----BEGIN CERTIFICATE-----

385
 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

386
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

387
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ

388
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

389
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB

390
 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX

391
 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj

392
 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G

393
 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ

394
 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt

395
 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw

396
 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA

397
 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ

398
 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P

399
 * 6Mvf0r1PNTY2hwTJLJmKtg==

400
 * -----END CERTIFICATE---

401
 */

402


403


404
public class IPAddressDNSIdentities {

405
    static Map cookies;

406
    ServerSocket ss;

407


408
    /*

409
     * =============================================================

410
     * Set the various variables needed for the tests, then

411
     * specify what tests to run on each side.

412
     */

413


414
    /*

415
     * Should we run the client or server in a separate thread?

416
     * Both sides can throw exceptions, but do you have a preference

417
     * as to which side should be the main thread.

418
     */

419
    static boolean separateServerThread = true;

420


421
    /*

422
     * Where do we find the keystores?

423
     */

424
    static String trusedCertStr =

425
        "-----BEGIN CERTIFICATE-----\n" +

426
        "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

427
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

428
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" +

429
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

430
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +

431
        "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" +

432
        "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" +

433
        "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" +

434
        "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" +

435
        "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" +

436
        "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" +

437
        "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" +

438
        "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" +

439
        "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" +

440
        "6Mvf0r1PNTY2hwTJLJmKtg==\n" +

441
        "-----END CERTIFICATE-----";

442


443
    static String serverCertStr =

444
        "-----BEGIN CERTIFICATE-----\n" +

445
        "MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

446
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

447
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ\n" +

448
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

449
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" +

450
        "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" +

451
        "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" +

452
        "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" +

453
        "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" +

454
        "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" +

455
        "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" +

456
        "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac\n" +

457
        "PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi\n" +

458
        "nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn\n" +

459
        "JqCpf5uZGOo=\n" +

460
        "-----END CERTIFICATE-----";

461


462
    static String clientCertStr =

463
        "-----BEGIN CERTIFICATE-----\n" +

464
        "MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

465
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

466
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ\n" +

467
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

468
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" +

469
        "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" +

470
        "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" +

471
        "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" +

472
        "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" +

473
        "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" +

474
        "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" +

475
        "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F\n" +

476
        "HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj\n" +

477
        "XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN\n" +

478
        "cl/epUcHL7E=\n" +

479
        "-----END CERTIFICATE-----";

480


481
    static byte serverPrivateExponent[] = {

482
        (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83,

483
        (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44,

484
        (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89,

485
        (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60,

486
        (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21,

487
        (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc,

488
        (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e,

489
        (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3,

490
        (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54,

491
        (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf,

492
        (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0,

493
        (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9,

494
        (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29,

495
        (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c,

496
        (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9,

497
        (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6,

498
        (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72,

499
        (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4,

500
        (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76,

501
        (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f,

502
        (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5,

503
        (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71,

504
        (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e,

505
        (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4,

506
        (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a,

507
        (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4,

508
        (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a,

509
        (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18,

510
        (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba,

511
        (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3,

512
        (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59,

513
        (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1

514
    };

515


516
    static byte serverModulus[] = {

517
        (byte)0x00,

518
        (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c,

519
        (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99,

520
        (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79,

521
        (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48,

522
        (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84,

523
        (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c,

524
        (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9,

525
        (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39,

526
        (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72,

527
        (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44,

528
        (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc,

529
        (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6,

530
        (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54,

531
        (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc,

532
        (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f,

533
        (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f,

534
        (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2,

535
        (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88,

536
        (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f,

537
        (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53,

538
        (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33,

539
        (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47,

540
        (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea,

541
        (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75,

542
        (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc,

543
        (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9,

544
        (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2,

545
        (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24,

546
        (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03,

547
        (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30,

548
        (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f,

549
        (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89

550
    };

551


552
    static byte clientPrivateExponent[] = {

553
        (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36,

554
        (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce,

555
        (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84,

556
        (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25,

557
        (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4,

558
        (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a,

559
        (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19,

560
        (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2,

561
        (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77,

562
        (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84,

563
        (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41,

564
        (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8,

565
        (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71,

566
        (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a,

567
        (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0,

568
        (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6,

569
        (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39,

570
        (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e,

571
        (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a,

572
        (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88,

573
        (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89,

574
        (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d,

575
        (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a,

576
        (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69,

577
        (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37,

578
        (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7,

579
        (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27,

580
        (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8,

581
        (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8,

582
        (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1,

583
        (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9,

584
        (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1

585
    };

586


587
    static byte clientModulus[] = {

588
        (byte)0x00,

589
        (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36,

590
        (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e,

591
        (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00,

592
        (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f,

593
        (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93,

594
        (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1,

595
        (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8,

596
        (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99,

597
        (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f,

598
        (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24,

599
        (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7,

600
        (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44,

601
        (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2,

602
        (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c,

603
        (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d,

604
        (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a,

605
        (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6,

606
        (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f,

607
        (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97,

608
        (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05,

609
        (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf,

610
        (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3,

611
        (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c,

612
        (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf,

613
        (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56,

614
        (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9,

615
        (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf,

616
        (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab,

617
        (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1,

618
        (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75,

619
        (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac,

620
        (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b

621
    };

622


623
    static char passphrase[] = "passphrase".toCharArray();

624


625
    /*

626
     * Is the server ready to serve?

627
     */

628
    volatile static boolean serverReady = false;

629


630
    /*

631
     * Is the connection ready to close?

632
     */

633
    volatile static boolean closeReady = false;

634


635
    /*

636
     * Turn on SSL debugging?

637
     */

638
    static boolean debug = false;

639


640
    private SSLServerSocket sslServerSocket = null;

641


642
    /*

643
     * Define the server side of the test.

644
     *

645
     * If the server prematurely exits, serverReady will be set to true

646
     * to avoid infinite hangs.

647
     */

648
    void doServerSide() throws Exception {

649
        SSLContext context = getSSLContext(trusedCertStr, serverCertStr,

650
            serverModulus, serverPrivateExponent, passphrase);

651
        SSLServerSocketFactory sslssf = context.getServerSocketFactory();

652


653
        // doClientSide() connects to the loopback address

654
        InetAddress loopback = InetAddress.getLoopbackAddress();

655
        InetSocketAddress address = new InetSocketAddress(loopback, serverPort);

656


657
        sslServerSocket =

658
            (SSLServerSocket) sslssf.createServerSocket();

659
        sslServerSocket.bind(address);

660
        serverPort = sslServerSocket.getLocalPort();

661


662
        /*

663
         * Signal Client, we're ready for his connect.

664
         */

665
        serverReady = true;

666


667
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();

668
        sslSocket.setNeedClientAuth(true);

669


670
        PrintStream out =

671
                new PrintStream(sslSocket.getOutputStream());

672


673
        try {

674
            // ignore request data

675


676
            // send the response

677
            out.print("HTTP/1.1 200 OK\r\n");

678
            out.print("Content-Type: text/html; charset=iso-8859-1\r\n");

679
            out.print("Content-Length: "+ 9 +"\r\n");

680
            out.print("\r\n");

681
            out.print("Testing\r\n");

682
            out.flush();

683
        } finally {

684
            // close the socket

685
            while (!closeReady) {

686
                Thread.sleep(50);

687
            }

688


689
            System.out.println("Server closing socket");

690
            sslSocket.close();

691
            serverReady = false;

692
        }

693


694
    }

695


696
    /*

697
     * Define the client side of the test.

698
     *

699
     * If the server prematurely exits, serverReady will be set to true

700
     * to avoid infinite hangs.

701
     */

702
    void doClientSide() throws Exception {

703
        SSLContext reservedSSLContext = SSLContext.getDefault();

704
        try {

705
            SSLContext context = getSSLContext(trusedCertStr, clientCertStr,

706
                clientModulus, clientPrivateExponent, passphrase);

707


708
            SSLContext.setDefault(context);

709


710
            /*

711
             * Wait for server to get started.

712
             */

713
            while (!serverReady) {

714
                Thread.sleep(50);

715
            }

716


717
            HttpsURLConnection http = null;

718


719
            /* establish http connection to server */

720
            URL url = URIBuilder.newBuilder()

721
                .scheme("https")

722
                .loopback()

723
                .port(serverPort)

724
                .path("/")

725
                .toURL();

726
            System.out.println("url is "+url.toString());

727


728
            try {

729
                http = (HttpsURLConnection)url.openConnection(Proxy.NO_PROXY);

730


731
                int respCode = http.getResponseCode();

732
                System.out.println("respCode = " + respCode);

733


734
                throw new Exception("Unexpectly found " +

735
                        "subject alternative name matching IP address");

736
            } catch (SSLHandshakeException sslhe) {

737
                // no subject alternative names matching IP address 127.0.0.1

738
                // found that's the expected exception, ignore it.

739
            } catch (IOException ioe) {

740
                // HttpsClient may throw IOE during checking URL spoofing,

741
                // that's the expected exception, ignore it.

742
            } finally {

743
                if (http != null) {

744
                    http.disconnect();

745
                }

746
                closeReady = true;

747
            }

748
        } finally {

749
            SSLContext.setDefault(reservedSSLContext);

750
        }

751
    }

752


753
    /*

754
     * =============================================================

755
     * The remainder is just support stuff

756
     */

757


758
    // use any free port by default

759
    volatile int serverPort = 0;

760


761
    volatile Exception serverException = null;

762
    volatile Exception clientException = null;

763


764
    public static void main(String args[]) throws Exception {

765
        if (debug)

766
            System.setProperty("javax.net.debug", "all");

767


768
        /*

769
         * Start the tests.

770
         */

771
        new IPAddressDNSIdentities();

772
    }

773


774
    Thread clientThread = null;

775
    Thread serverThread = null;

776
    /*

777
     * Primary constructor, used to drive remainder of the test.

778
     *

779
     * Fork off the other side, then do your work.

780
     */

781
    IPAddressDNSIdentities() throws Exception {

782
        if (separateServerThread) {

783
            startServer(true);

784
            startClient(false);

785
        } else {

786
            startClient(true);

787
            startServer(false);

788
        }

789


790
        /*

791
         * Wait for other side to close down.

792
         */

793
        if (separateServerThread) {

794
            serverThread.join();

795
        } else {

796
            clientThread.join();

797
        }

798


799
        /*

800
         * When we get here, the test is pretty much over.

801
         *

802
         * If the main thread excepted, that propagates back

803
         * immediately.  If the other thread threw an exception, we

804
         * should report back.

805
         */

806
        if (serverException != null)

807
            throw serverException;

808
        if (clientException != null)

809
            throw clientException;

810
    }

811


812
    void startServer(boolean newThread) throws Exception {

813
        if (newThread) {

814
            serverThread = new Thread() {

815
                public void run() {

816
                    try {

817
                        doServerSide();

818
                    } catch (Exception e) {

819
                        /*

820
                         * Our server thread just died.

821
                         *

822
                         * Release the client, if not active already...

823
                         */

824
                        System.err.println("Server died...");

825
                        serverReady = true;

826
                        serverException = e;

827
                    }

828
                }

829
            };

830
            serverThread.start();

831
        } else {

832
            doServerSide();

833
        }

834
    }

835


836
    void startClient(boolean newThread) throws Exception {

837
        if (newThread) {

838
            clientThread = new Thread() {

839
                public void run() {

840
                    try {

841
                        doClientSide();

842
                    } catch (Exception e) {

843
                        /*

844
                         * Our client thread just died.

845
                         */

846
                        System.err.println("Client died...");

847
                        clientException = e;

848
                    }

849
                }

850
            };

851
            clientThread.start();

852
        } else {

853
            doClientSide();

854
        }

855
    }

856


857
    // get the ssl context

858
    private static SSLContext getSSLContext(String trusedCertStr,

859
            String keyCertStr, byte[] modulus,

860
            byte[] privateExponent, char[] passphrase) throws Exception {

861


862
        // generate certificate from cert string

863
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

864


865
        ByteArrayInputStream is =

866
                    new ByteArrayInputStream(trusedCertStr.getBytes());

867
        Certificate trusedCert = cf.generateCertificate(is);

868
        is.close();

869


870
        // create a key store

871
        KeyStore ks = KeyStore.getInstance("JKS");

872
        ks.load(null, null);

873


874
        // import the trused cert

875
        ks.setCertificateEntry("RSA Export Signer", trusedCert);

876


877
        if (keyCertStr != null) {

878
            // generate the private key.

879
            RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(

880
                                            new BigInteger(modulus),

881
                                            new BigInteger(privateExponent));

882
            KeyFactory kf = KeyFactory.getInstance("RSA");

883
            RSAPrivateKey priKey =

884
                    (RSAPrivateKey)kf.generatePrivate(priKeySpec);

885


886
            // generate certificate chain

887
            is = new ByteArrayInputStream(keyCertStr.getBytes());

888
            Certificate keyCert = cf.generateCertificate(is);

889
            is.close();

890


891
            Certificate[] chain = new Certificate[2];

892
            chain[0] = keyCert;

893
            chain[1] = trusedCert;

894


895
            // import the key entry.

896
            ks.setKeyEntry("Whatever", priKey, passphrase, chain);

897
        }

898


899
        // create SSL context

900
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");

901
        tmf.init(ks);

902


903
        SSLContext ctx = SSLContext.getInstance("TLS");

904


905
        if (keyCertStr != null) {

906
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

907
            kmf.init(ks, passphrase);

908


909
            ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

910
        } else {

911
            ctx.init(null, tmf.getTrustManagers(), null);

912
        }

913


914
        return ctx;

915
    }

916


917
}

918


919