Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/sun/security/ssl/X509TrustManagerImpl/PKIXExtendedTM.java
41152 views
1
/*

2
 * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
//

25
// SunJSSE does not support dynamic system properties, no way to re-use

26
// system properties in samevm/agentvm mode.

27
//

28


29
/*

30
 * @test

31
 * @bug 6916074 8170131

32
 * @summary Add support for TLS 1.2

33
 * @run main/othervm PKIXExtendedTM 0

34
 * @run main/othervm PKIXExtendedTM 1

35
 * @run main/othervm PKIXExtendedTM 2

36
 * @run main/othervm PKIXExtendedTM 3

37
 */

38


39
import java.net.*;

40
import java.util.*;

41
import java.io.*;

42
import javax.net.ssl.*;

43
import java.security.Security;

44
import java.security.KeyStore;

45
import java.security.KeyFactory;

46
import java.security.cert.Certificate;

47
import java.security.cert.CertificateFactory;

48
import java.security.cert.CertPathValidatorException;

49
import java.security.spec.*;

50
import java.security.interfaces.*;

51
import java.math.BigInteger;

52


53


54
/*

55
 * Certificates and key used in the test.

56
 *

57
 * TLS server certificate:

58
 * server private key:

59
 * -----BEGIN RSA PRIVATE KEY-----

60
 * Proc-Type: 4,ENCRYPTED

61
 * DEK-Info: DES-EDE3-CBC,D9AE407F6D0E389A

62
 *

63
 * WPrA7TFol/cQCcp9oHnXWNpYlvRbbIcQj0m+RKT2Iuzfus+DHt3Zadf8nJpKfX2e

64
 * h2rnhlzCN9M7djRDooZKDOPCsdBn51Au7HlZF3S3Opgo7D8XFM1a8t1Je4ke14oI

65
 * nw6QKYsBblRziPnP2PZ0zvX24nOv7bbY8beynlJHGs00VWSFdoH2DS0aE1p6D+3n

66
 * ptJuJ75dVfZFK4X7162APlNXevX8D6PEQpSiRw1rjjGGcnvQ4HdWk3BxDVDcCNJb

67
 * Y1aGNRxsjTDvPi3R9Qx2M+W03QzEPx4SR3ZHVskeSJHaetM0TM/w/45Paq4GokXP

68
 * ZeTnbEx1xmjkA7h+t4doLL4watx5F6yLsJzu8xB3lt/1EtmkYtLz1t7X4BetPAXz

69
 * zS69X/VwhKfsOI3qXBWuL2oHPyhDmT1gcaUQwEPSV6ogHEEQEDXdiUS8heNK13KF

70
 * TCQYFkETvV2BLxUhV1hypPzRQ6tUpJiAbD5KmoK2lD9slshG2QtvKQq0/bgkDY5J

71
 * LhDHV2dtcZ3kDPkkZXpbcJQvoeH3d09C5sIsuTFo2zgNR6oETHUc5TzP6FY2YYRa

72
 * QcK5HcmtsRRiXFm01ac+aMejJUIujjFt84SiKWT/73vC8AmY4tYcJBLjCg4XIxSH

73
 * fdDFLL1YZENNO5ivlp8mdiHqcawx+36L7DrEZQ8RZt6cqST5t/+XTdM74s6k81GT

74
 * pNsa82P2K2zmIUZ/DL2mKjW1vfRByw1NQFEBkN3vdyZxYfM/JyUzX4hbjXBEkh9Q

75
 * QYrcwLKLjis2QzSvK04B3bvRzRb+4ocWiso8ZPAXAIxZFBWDpTMM2A==

76
 * -----END RSA PRIVATE KEY-----

77
 *

78
 * -----BEGIN RSA PRIVATE KEY-----

79
 * MIICXAIBAAKBgQClrFscN6LdmYktsnm4j9VIpecchBeNaZzGrG358h0fORna03Ie

80
 * buxEzHCk3LoAMPagTz1UemFqzFfQCn+VKBg/mtmU8hvIJIh+/p0PPftXUwizIDPU

81
 * PxdHFNHN6gjYDnVOr77M0uyvqXpJ38LZrLgkQJCmA1Yq0DAFQCxPq9l0iQIDAQAB

82
 * AoGAbqcbg1E1mkR99uOJoNeQYKFOJyGiiXTMnXV1TseC4+PDfQBU7Dax35GcesBi

83
 * CtapIpFKKS5D+ozY6b7ZT8ojxuQ/uHLPAvz0WDR3ds4iRF8tyu71Q1ZHcQsJa17y

84
 * yO7UbkSSKn/Mp9Rb+/dKqftUGNXVFLqgHBOzN2s3We3bbbECQQDYBPKOg3hkaGHo

85
 * OhpHKqtQ6EVkldihG/3i4WejRonelXN+HRh1KrB2HBx0M8D/qAzP1i3rNSlSHer4

86
 * 59YRTJnHAkEAxFX/sVYSn07BHv9Zhn6XXct/Cj43z/tKNbzlNbcxqQwQerw3IH51

87
 * 8UH2YOA+GD3lXbKp+MytoFLWv8zg4YT/LwJAfqan75Z1R6lLffRS49bIiq8jwE16

88
 * rTrUJ+kv8jKxMqc9B3vXkxpsS1M/+4E8bqgAmvpgAb8xcsvHsBd9ErdukQJBAKs2

89
 * j67W75BrPjBI34pQ1LEfp56IGWXOrq1kF8IbCjxv3+MYRT6Z6UJFkpRymNPNDjsC

90
 * dgUYgITiGJHUGXuw3lMCQHEHqo9ZtXz92yFT+VhsNc29B8m/sqUJdtCcMd/jGpAF

91
 * u6GHufjqIZBpQsk63wbwESAPZZ+kk1O1kS5GIRLX608=

92
 * -----END RSA PRIVATE KEY-----

93
 *

94
 * Private-Key: (1024 bit)

95
 * modulus:

96
 *     00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:

97
 *     d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:

98
 *     1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:

99
 *     ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:

100
 *     7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:

101
 *     9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:

102
 *     d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:

103
 *     7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:

104
 *     30:05:40:2c:4f:ab:d9:74:89

105
 * publicExponent: 65537 (0x10001)

106
 * privateExponent:

107
 *     6e:a7:1b:83:51:35:9a:44:7d:f6:e3:89:a0:d7:90:

108
 *     60:a1:4e:27:21:a2:89:74:cc:9d:75:75:4e:c7:82:

109
 *     e3:e3:c3:7d:00:54:ec:36:b1:df:91:9c:7a:c0:62:

110
 *     0a:d6:a9:22:91:4a:29:2e:43:fa:8c:d8:e9:be:d9:

111
 *     4f:ca:23:c6:e4:3f:b8:72:cf:02:fc:f4:58:34:77:

112
 *     76:ce:22:44:5f:2d:ca:ee:f5:43:56:47:71:0b:09:

113
 *     6b:5e:f2:c8:ee:d4:6e:44:92:2a:7f:cc:a7:d4:5b:

114
 *     fb:f7:4a:a9:fb:54:18:d5:d5:14:ba:a0:1c:13:b3:

115
 *     37:6b:37:59:ed:db:6d:b1

116
 * prime1:

117
 *     00:d8:04:f2:8e:83:78:64:68:61:e8:3a:1a:47:2a:

118
 *     ab:50:e8:45:64:95:d8:a1:1b:fd:e2:e1:67:a3:46:

119
 *     89:de:95:73:7e:1d:18:75:2a:b0:76:1c:1c:74:33:

120
 *     c0:ff:a8:0c:cf:d6:2d:eb:35:29:52:1d:ea:f8:e7:

121
 *     d6:11:4c:99:c7

122
 * prime2:

123
 *     00:c4:55:ff:b1:56:12:9f:4e:c1:1e:ff:59:86:7e:

124
 *     97:5d:cb:7f:0a:3e:37:cf:fb:4a:35:bc:e5:35:b7:

125
 *     31:a9:0c:10:7a:bc:37:20:7e:75:f1:41:f6:60:e0:

126
 *     3e:18:3d:e5:5d:b2:a9:f8:cc:ad:a0:52:d6:bf:cc:

127
 *     e0:e1:84:ff:2f

128
 * exponent1:

129
 *     7e:a6:a7:ef:96:75:47:a9:4b:7d:f4:52:e3:d6:c8:

130
 *     8a:af:23:c0:4d:7a:ad:3a:d4:27:e9:2f:f2:32:b1:

131
 *     32:a7:3d:07:7b:d7:93:1a:6c:4b:53:3f:fb:81:3c:

132
 *     6e:a8:00:9a:fa:60:01:bf:31:72:cb:c7:b0:17:7d:

133
 *     12:b7:6e:91

134
 * exponent2:

135
 *     00:ab:36:8f:ae:d6:ef:90:6b:3e:30:48:df:8a:50:

136
 *     d4:b1:1f:a7:9e:88:19:65:ce:ae:ad:64:17:c2:1b:

137
 *     0a:3c:6f:df:e3:18:45:3e:99:e9:42:45:92:94:72:

138
 *     98:d3:cd:0e:3b:02:76:05:18:80:84:e2:18:91:d4:

139
 *     19:7b:b0:de:53

140
 * coefficient:

141
 *     71:07:aa:8f:59:b5:7c:fd:db:21:53:f9:58:6c:35:

142
 *     cd:bd:07:c9:bf:b2:a5:09:76:d0:9c:31:df:e3:1a:

143
 *     90:05:bb:a1:87:b9:f8:ea:21:90:69:42:c9:3a:df:

144
 *     06:f0:11:20:0f:65:9f:a4:93:53:b5:91:2e:46:21:

145
 *     12:d7:eb:4f

146
 *

147
 *

148
 * server certificate:

149
 * Data:

150
 *     Version: 3 (0x2)

151
 *     Serial Number: 8 (0x8)

152
 *     Signature Algorithm: md5WithRSAEncryption

153
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

154
 *     Validity

155
 *         Not Before: Dec  8 03:43:04 2008 GMT

156
 *         Not After : Aug 25 03:43:04 2028 GMT

157
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Server, CN=localhost

158
 *     Subject Public Key Info:

159
 *         Public Key Algorithm: rsaEncryption

160
 *         RSA Public Key: (1024 bit)

161
 *             Modulus (1024 bit):

162
 *                 00:a5:ac:5b:1c:37:a2:dd:99:89:2d:b2:79:b8:8f:

163
 *                 d5:48:a5:e7:1c:84:17:8d:69:9c:c6:ac:6d:f9:f2:

164
 *                 1d:1f:39:19:da:d3:72:1e:6e:ec:44:cc:70:a4:dc:

165
 *                 ba:00:30:f6:a0:4f:3d:54:7a:61:6a:cc:57:d0:0a:

166
 *                 7f:95:28:18:3f:9a:d9:94:f2:1b:c8:24:88:7e:fe:

167
 *                 9d:0f:3d:fb:57:53:08:b3:20:33:d4:3f:17:47:14:

168
 *                 d1:cd:ea:08:d8:0e:75:4e:af:be:cc:d2:ec:af:a9:

169
 *                 7a:49:df:c2:d9:ac:b8:24:40:90:a6:03:56:2a:d0:

170
 *                 30:05:40:2c:4f:ab:d9:74:89

171
 *             Exponent: 65537 (0x10001)

172
 *     X509v3 extensions:

173
 *         X509v3 Basic Constraints:

174
 *             CA:FALSE

175
 *         X509v3 Key Usage:

176
 *             Digital Signature, Non Repudiation, Key Encipherment

177
 *         X509v3 Subject Key Identifier:

178
 *             ED:6E:DB:F4:B5:56:C8:FB:1A:06:61:3F:0F:08:BB:A6:04:D8:16:54

179
 *         X509v3 Authority Key Identifier:

180
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

181
 *

182
 *         X509v3 Subject Alternative Name: critical

183
 *             DNS:localhost

184
 * Signature Algorithm: md5WithRSAEncryption0

185
 *

186
 * -----BEGIN CERTIFICATE-----

187
 * MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

188
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

189
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ

190
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

191
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD

192
 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3

193
 * ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6

194
 * YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS

195
 * 7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw

196
 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV

197
 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh

198
 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac

199
 * PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi

200
 * nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn

201
 * JqCpf5uZGOo=

202
 * -----END CERTIFICATE-----

203
 *

204
 *

205
 * TLS client certificate:

206
 * client private key:

207
 * ----BEGIN RSA PRIVATE KEY-----

208
 * Proc-Type: 4,ENCRYPTED

209
 * DEK-Info: DES-EDE3-CBC,FA2A435CD35A9390

210
 *

211
 * Z+Y2uaETbsUWIyJUyVu1UV2G4rgFYJyACZT6Tp1KjRtxflSh2kXkJ9MpuXMXA0V4

212
 * Yy3fDzPqCL9NJmQAYRlAx/W/+j4F5EyMWDIx8fUxzONRZyoiwF7jLm+KscAfv6Pf

213
 * q7ItWOdj3z7IYrwlB8YIGd3F2cDKT3S+lYRk7rKb/qT7itbuHnY4Ardh3yl+MZak

214
 * jBp+ELUlRsUqSr1V0LoM+0rCCykarpyfhpxEcqsrl0v9Cyi5uhU50/oKv5zql3SH

215
 * l2ImgDjp3batAs8+Bd4NF2aqi0a7Hy44JUHxRm4caZryU/i/D9N1MbuM6882HLat

216
 * 5N0G+NaIUfywa8mjwq2D5aiit18HqKA6XeRRYeJ5Dvu9DCO4GeFSwcUFIBMI0L46

217
 * 7s114+oDodg57pMgITi+04vmUxvqlN9aiyd7f5Fgd7PeHGeOdbMz1NaJLJaPI9++

218
 * NakK8eK9iwT/Gdq0Uap5/CHW7vCT5PO+h3HY0STH0lWStXhdWnFO04zTdywsbSp+

219
 * DLpHeFT66shfeUlxR0PsCbG9vPRt/QmGLeYQZITppWo/ylSq4j+pRIuXvuWHdBRN

220
 * rTZ8QF4Y7AxQUXVz1j1++s6ZMHTzaK2i9HrhmDs1MbJl+QwWre3Xpv3LvTVz3k5U

221
 * wX8kuY1m3STt71QCaRWENq5sRaMImLxZbxc/ivFl9RAzUqo4NCxLod/QgA4iLqtO

222
 * ztnlpzwlC/F8HbQ1oqYWwnZAPhzU/cULtstl+Yrws2c2atO323LbPXZqbASySgig

223
 * sNpFXQMObdfP6LN23bY+1SvtK7V4NUTNhpdIc6INQAQ=

224
 * -----END RSA PRIVATE KEY-----

225
 *

226
 * -----BEGIN RSA PRIVATE KEY-----

227
 * MIICWwIBAAKBgQC78EA2rCZUTvSjWgAvaSFvuXo6k+yi9uGOx2PYLxIwmS6w8o/4

228
 * Jy0keCiE9wG/jUR53TvSVfPOPLJbIX3v/TNKsaP/xsibuQ98QTWX+ds6BWAFFa9Z

229
 * F5KjEK0WHOQHU6+odqJWKpLT+SjgeM9eH0irXBnd4WdDunWN9YKsQ5JEGwIDAQAB

230
 * AoGAEbdqNj0wN85hnWyEi/ObJU8UyKTdL9eaF72QGfcF/fLSxfd3vurihIeXOkGW

231
 * tpn4lIxYcVGM9CognhqgJpl11jFTQzn1KqZ+NEJRKkCHA4hDabKJbSC9fXHvRwrf

232
 * BsFpZqgiNxp3HseUTiwnaUVeyPgMt/jAj5nB5Sib+UyUxrECQQDnNQBiF2aifEg6

233
 * zbJOOC7he5CHAdkFxSxWVFVHL6EfXfqdLVkUohMbgZv+XxyIeU2biOExSg49Kds3

234
 * FOKgTau1AkEA0Bd1haj6QuCo8I0AXm2WO+MMTZMTvtHD/bGjKNM+fT4I8rKYnQRX

235
 * 1acHdqS9Xx2rNJqZgkMmpESIdPR2fc4yjwJALFeM6EMmqvj8/VIf5UJ/Mz14fXwM

236
 * PEARfckUxd9LnnFutCBTWlKvKXJVEZb6KO5ixPaegc57Jp3Vbh3yTN44lQJADD/1

237
 * SSMDaIB1MYP7a5Oj7m6VQNPRq8AJe5vDcRnOae0G9dKRrVyeFxO4GsHj6/+BHp2j

238
 * P8nYMn9eURQ7DXjf/QJAAQzMlWnKGSO8pyTDtnQx3hRMoUkOEhmNq4bQhLkYqtnY

239
 * FcqpUQ2qMjW+NiNWk5HnTrMS3L9EdJobMUzaNZLy4w==

240
 * -----END RSA PRIVATE KEY-----

241
 *

242
 * Private-Key: (1024 bit)

243
 * modulus:

244
 *     00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:

245
 *     21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:

246
 *     12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:

247
 *     01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:

248
 *     7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:

249
 *     35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:

250
 *     ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:

251
 *     28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:

252
 *     75:8d:f5:82:ac:43:92:44:1b

253
 * publicExponent: 65537 (0x10001)

254
 * privateExponent:

255
 *     11:b7:6a:36:3d:30:37:ce:61:9d:6c:84:8b:f3:9b:

256
 *     25:4f:14:c8:a4:dd:2f:d7:9a:17:bd:90:19:f7:05:

257
 *     fd:f2:d2:c5:f7:77:be:ea:e2:84:87:97:3a:41:96:

258
 *     b6:99:f8:94:8c:58:71:51:8c:f4:2a:20:9e:1a:a0:

259
 *     26:99:75:d6:31:53:43:39:f5:2a:a6:7e:34:42:51:

260
 *     2a:40:87:03:88:43:69:b2:89:6d:20:bd:7d:71:ef:

261
 *     47:0a:df:06:c1:69:66:a8:22:37:1a:77:1e:c7:94:

262
 *     4e:2c:27:69:45:5e:c8:f8:0c:b7:f8:c0:8f:99:c1:

263
 *     e5:28:9b:f9:4c:94:c6:b1

264
 * prime1:

265
 *     00:e7:35:00:62:17:66:a2:7c:48:3a:cd:b2:4e:38:

266
 *     2e:e1:7b:90:87:01:d9:05:c5:2c:56:54:55:47:2f:

267
 *     a1:1f:5d:fa:9d:2d:59:14:a2:13:1b:81:9b:fe:5f:

268
 *     1c:88:79:4d:9b:88:e1:31:4a:0e:3d:29:db:37:14:

269
 *     e2:a0:4d:ab:b5

270
 * prime2:

271
 *     00:d0:17:75:85:a8:fa:42:e0:a8:f0:8d:00:5e:6d:

272
 *     96:3b:e3:0c:4d:93:13:be:d1:c3:fd:b1:a3:28:d3:

273
 *     3e:7d:3e:08:f2:b2:98:9d:04:57:d5:a7:07:76:a4:

274
 *     bd:5f:1d:ab:34:9a:99:82:43:26:a4:44:88:74:f4:

275
 *     76:7d:ce:32:8f

276
 * exponent1:

277
 *     2c:57:8c:e8:43:26:aa:f8:fc:fd:52:1f:e5:42:7f:

278
 *     33:3d:78:7d:7c:0c:3c:40:11:7d:c9:14:c5:df:4b:

279
 *     9e:71:6e:b4:20:53:5a:52:af:29:72:55:11:96:fa:

280
 *     28:ee:62:c4:f6:9e:81:ce:7b:26:9d:d5:6e:1d:f2:

281
 *     4c:de:38:95

282
 * exponent2:

283
 *     0c:3f:f5:49:23:03:68:80:75:31:83:fb:6b:93:a3:

284
 *     ee:6e:95:40:d3:d1:ab:c0:09:7b:9b:c3:71:19:ce:

285
 *     69:ed:06:f5:d2:91:ad:5c:9e:17:13:b8:1a:c1:e3:

286
 *     eb:ff:81:1e:9d:a3:3f:c9:d8:32:7f:5e:51:14:3b:

287
 *     0d:78:df:fd

288
 * coefficient:

289
 *     01:0c:cc:95:69:ca:19:23:bc:a7:24:c3:b6:74:31:

290
 *     de:14:4c:a1:49:0e:12:19:8d:ab:86:d0:84:b9:18:

291
 *     aa:d9:d8:15:ca:a9:51:0d:aa:32:35:be:36:23:56:

292
 *     93:91:e7:4e:b3:12:dc:bf:44:74:9a:1b:31:4c:da:

293
 *     35:92:f2:e3

294
 *

295
 * client certificate:

296
 * Data:

297
 *     Version: 3 (0x2)

298
 *     Serial Number: 9 (0x9)

299
 *     Signature Algorithm: md5WithRSAEncryption

300
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

301
 *     Validity

302
 *         Not Before: Dec  8 03:43:24 2008 GMT

303
 *         Not After : Aug 25 03:43:24 2028 GMT

304
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, CN=localhost

305
 *     Subject Public Key Info:

306
 *         Public Key Algorithm: rsaEncryption

307
 *         RSA Public Key: (1024 bit)

308
 *             Modulus (1024 bit):

309
 *                 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:

310
 *                 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:

311
 *                 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:

312
 *                 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:

313
 *                 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:

314
 *                 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:

315
 *                 ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:

316
 *                 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:

317
 *                 75:8d:f5:82:ac:43:92:44:1b

318
 *             Exponent: 65537 (0x10001)

319
 *     X509v3 extensions:

320
 *         X509v3 Basic Constraints:

321
 *             CA:FALSE

322
 *         X509v3 Key Usage:

323
 *             Digital Signature, Non Repudiation, Key Encipherment

324
 *         X509v3 Subject Key Identifier:

325
 *             CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6

326
 *         X509v3 Authority Key Identifier:

327
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

328
 *

329
 *         X509v3 Subject Alternative Name: critical

330
 *             DNS:localhost

331
 * Signature Algorithm: md5WithRSAEncryption

332
 *

333
 * -----BEGIN CERTIFICATE-----

334
 * MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

335
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

336
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ

337
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

338
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD

339
 * VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas

340
 * JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV

341
 * 8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq

342
 * ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw

343
 * CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV

344
 * HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh

345
 * bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F

346
 * HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj

347
 * XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN

348
 * cl/epUcHL7E=

349
 * -----END CERTIFICATE-----

350
 *

351
 *

352
 *

353
 * Trusted CA certificate:

354
 * Certificate:

355
 *   Data:

356
 *     Version: 3 (0x2)

357
 *     Serial Number: 0 (0x0)

358
 *     Signature Algorithm: md5WithRSAEncryption

359
 *     Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org

360
 *     Validity

361
 *         Not Before: Dec  8 02:43:36 2008 GMT

362
 *         Not After : Aug 25 02:43:36 2028 GMT

363
 *     Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org

364
 *     Subject Public Key Info:

365
 *         Public Key Algorithm: rsaEncryption

366
 *         RSA Public Key: (1024 bit)

367
 *             Modulus (1024 bit):

368
 *                 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:

369
 *                 d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:

370
 *                 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:

371
 *                 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:

372
 *                 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:

373
 *                 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:

374
 *                 f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:

375
 *                 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:

376
 *                 89:2a:95:12:4c:d8:09:2a:e9

377
 *             Exponent: 65537 (0x10001)

378
 *     X509v3 extensions:

379
 *         X509v3 Subject Key Identifier:

380
 *             FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

381
 *         X509v3 Authority Key Identifier:

382
 *             keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14

383
 *             DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org

384
 *             serial:00

385
 *

386
 *         X509v3 Basic Constraints:

387
 *             CA:TRUE

388
 *  Signature Algorithm: md5WithRSAEncryption

389
 *

390
 * -----BEGIN CERTIFICATE-----

391
 * MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET

392
 * MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK

393
 * EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ

394
 * BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp

395
 * dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB

396
 * gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX

397
 * 4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj

398
 * 7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G

399
 * A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ

400
 * hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt

401
 * U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw

402
 * DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA

403
 * ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ

404
 * LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P

405
 * 6Mvf0r1PNTY2hwTJLJmKtg==

406
 * -----END CERTIFICATE---

407
 */

408


409


410
public class PKIXExtendedTM {

411


412
    /*

413
     * =============================================================

414
     * Set the various variables needed for the tests, then

415
     * specify what tests to run on each side.

416
     */

417


418
    /*

419
     * Should we run the client or server in a separate thread?

420
     * Both sides can throw exceptions, but do you have a preference

421
     * as to which side should be the main thread.

422
     */

423
    static boolean separateServerThread = true;

424


425
    /*

426
     * Where do we find the keystores?

427
     */

428
    static String trusedCertStr =

429
        "-----BEGIN CERTIFICATE-----\n" +

430
        "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

431
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

432
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" +

433
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

434
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +

435
        "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" +

436
        "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" +

437
        "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" +

438
        "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" +

439
        "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" +

440
        "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" +

441
        "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" +

442
        "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" +

443
        "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" +

444
        "6Mvf0r1PNTY2hwTJLJmKtg==\n" +

445
        "-----END CERTIFICATE-----";

446


447
    static String serverCertStr =

448
        "-----BEGIN CERTIFICATE-----\n" +

449
        "MIICpDCCAg2gAwIBAgIBCDANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

450
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

451
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMDRaFw0yODA4MjUwMzQzMDRaMHIxCzAJ\n" +

452
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

453
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtU2VydmVyMRIwEAYD\n" +

454
        "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWsWxw3\n" +

455
        "ot2ZiS2yebiP1Uil5xyEF41pnMasbfnyHR85GdrTch5u7ETMcKTcugAw9qBPPVR6\n" +

456
        "YWrMV9AKf5UoGD+a2ZTyG8gkiH7+nQ89+1dTCLMgM9Q/F0cU0c3qCNgOdU6vvszS\n" +

457
        "7K+peknfwtmsuCRAkKYDVirQMAVALE+r2XSJAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" +

458
        "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTtbtv0tVbI+xoGYT8PCLumBNgWVDAfBgNV\n" +

459
        "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" +

460
        "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAoqVTciHtcvsUj+YaTct8tUh3aTCsKsac\n" +

461
        "PHhfQ+ObjiXSgxsKYTX7ym/wk/wvlbUcbqLKxsu7qrcJitH+H9heV1hEHEu65Uoi\n" +

462
        "nRugFruyOrwvAylV8Cm2af7ddilmYJ+sdJA6N2M3xJRxR0G2LFHEXDNEjYReyexn\n" +

463
        "JqCpf5uZGOo=\n" +

464
        "-----END CERTIFICATE-----";

465


466
    static String clientCertStr =

467
        "-----BEGIN CERTIFICATE-----\n" +

468
        "MIICpDCCAg2gAwIBAgIBCTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +

469
        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +

470
        "EwhTb21lLU9yZzAeFw0wODEyMDgwMzQzMjRaFw0yODA4MjUwMzQzMjRaMHIxCzAJ\n" +

471
        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +

472
        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" +

473
        "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" +

474
        "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" +

475
        "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" +

476
        "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjczBxMAkGA1UdEwQCMAAw\n" +

477
        "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" +

478
        "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDAXBgNVHREBAf8EDTALgglsb2Nh\n" +

479
        "bGhvc3QwDQYJKoZIhvcNAQEEBQADgYEAm25gJyqW1JznQ1EyOtTGswBVwfgBOf+F\n" +

480
        "HJuBTcflYQLbTD/AETPQJGvZU9tdhuLtbG3OPhR7vSY8zeAbfM3dbH7QFr3r47Gj\n" +

481
        "XEH7qM/MX+Z3ifVaC4MeJmrYQkYFSuKeyyKpdRVX4w4nnFHF6OsNASsYrMW6LpxN\n" +

482
        "cl/epUcHL7E=\n" +

483
        "-----END CERTIFICATE-----";

484


485
    static byte serverPrivateExponent[] = {

486
        (byte)0x6e, (byte)0xa7, (byte)0x1b, (byte)0x83,

487
        (byte)0x51, (byte)0x35, (byte)0x9a, (byte)0x44,

488
        (byte)0x7d, (byte)0xf6, (byte)0xe3, (byte)0x89,

489
        (byte)0xa0, (byte)0xd7, (byte)0x90, (byte)0x60,

490
        (byte)0xa1, (byte)0x4e, (byte)0x27, (byte)0x21,

491
        (byte)0xa2, (byte)0x89, (byte)0x74, (byte)0xcc,

492
        (byte)0x9d, (byte)0x75, (byte)0x75, (byte)0x4e,

493
        (byte)0xc7, (byte)0x82, (byte)0xe3, (byte)0xe3,

494
        (byte)0xc3, (byte)0x7d, (byte)0x00, (byte)0x54,

495
        (byte)0xec, (byte)0x36, (byte)0xb1, (byte)0xdf,

496
        (byte)0x91, (byte)0x9c, (byte)0x7a, (byte)0xc0,

497
        (byte)0x62, (byte)0x0a, (byte)0xd6, (byte)0xa9,

498
        (byte)0x22, (byte)0x91, (byte)0x4a, (byte)0x29,

499
        (byte)0x2e, (byte)0x43, (byte)0xfa, (byte)0x8c,

500
        (byte)0xd8, (byte)0xe9, (byte)0xbe, (byte)0xd9,

501
        (byte)0x4f, (byte)0xca, (byte)0x23, (byte)0xc6,

502
        (byte)0xe4, (byte)0x3f, (byte)0xb8, (byte)0x72,

503
        (byte)0xcf, (byte)0x02, (byte)0xfc, (byte)0xf4,

504
        (byte)0x58, (byte)0x34, (byte)0x77, (byte)0x76,

505
        (byte)0xce, (byte)0x22, (byte)0x44, (byte)0x5f,

506
        (byte)0x2d, (byte)0xca, (byte)0xee, (byte)0xf5,

507
        (byte)0x43, (byte)0x56, (byte)0x47, (byte)0x71,

508
        (byte)0x0b, (byte)0x09, (byte)0x6b, (byte)0x5e,

509
        (byte)0xf2, (byte)0xc8, (byte)0xee, (byte)0xd4,

510
        (byte)0x6e, (byte)0x44, (byte)0x92, (byte)0x2a,

511
        (byte)0x7f, (byte)0xcc, (byte)0xa7, (byte)0xd4,

512
        (byte)0x5b, (byte)0xfb, (byte)0xf7, (byte)0x4a,

513
        (byte)0xa9, (byte)0xfb, (byte)0x54, (byte)0x18,

514
        (byte)0xd5, (byte)0xd5, (byte)0x14, (byte)0xba,

515
        (byte)0xa0, (byte)0x1c, (byte)0x13, (byte)0xb3,

516
        (byte)0x37, (byte)0x6b, (byte)0x37, (byte)0x59,

517
        (byte)0xed, (byte)0xdb, (byte)0x6d, (byte)0xb1

518
    };

519


520
    static byte serverModulus[] = {

521
        (byte)0x00,

522
        (byte)0xa5, (byte)0xac, (byte)0x5b, (byte)0x1c,

523
        (byte)0x37, (byte)0xa2, (byte)0xdd, (byte)0x99,

524
        (byte)0x89, (byte)0x2d, (byte)0xb2, (byte)0x79,

525
        (byte)0xb8, (byte)0x8f, (byte)0xd5, (byte)0x48,

526
        (byte)0xa5, (byte)0xe7, (byte)0x1c, (byte)0x84,

527
        (byte)0x17, (byte)0x8d, (byte)0x69, (byte)0x9c,

528
        (byte)0xc6, (byte)0xac, (byte)0x6d, (byte)0xf9,

529
        (byte)0xf2, (byte)0x1d, (byte)0x1f, (byte)0x39,

530
        (byte)0x19, (byte)0xda, (byte)0xd3, (byte)0x72,

531
        (byte)0x1e, (byte)0x6e, (byte)0xec, (byte)0x44,

532
        (byte)0xcc, (byte)0x70, (byte)0xa4, (byte)0xdc,

533
        (byte)0xba, (byte)0x00, (byte)0x30, (byte)0xf6,

534
        (byte)0xa0, (byte)0x4f, (byte)0x3d, (byte)0x54,

535
        (byte)0x7a, (byte)0x61, (byte)0x6a, (byte)0xcc,

536
        (byte)0x57, (byte)0xd0, (byte)0x0a, (byte)0x7f,

537
        (byte)0x95, (byte)0x28, (byte)0x18, (byte)0x3f,

538
        (byte)0x9a, (byte)0xd9, (byte)0x94, (byte)0xf2,

539
        (byte)0x1b, (byte)0xc8, (byte)0x24, (byte)0x88,

540
        (byte)0x7e, (byte)0xfe, (byte)0x9d, (byte)0x0f,

541
        (byte)0x3d, (byte)0xfb, (byte)0x57, (byte)0x53,

542
        (byte)0x08, (byte)0xb3, (byte)0x20, (byte)0x33,

543
        (byte)0xd4, (byte)0x3f, (byte)0x17, (byte)0x47,

544
        (byte)0x14, (byte)0xd1, (byte)0xcd, (byte)0xea,

545
        (byte)0x08, (byte)0xd8, (byte)0x0e, (byte)0x75,

546
        (byte)0x4e, (byte)0xaf, (byte)0xbe, (byte)0xcc,

547
        (byte)0xd2, (byte)0xec, (byte)0xaf, (byte)0xa9,

548
        (byte)0x7a, (byte)0x49, (byte)0xdf, (byte)0xc2,

549
        (byte)0xd9, (byte)0xac, (byte)0xb8, (byte)0x24,

550
        (byte)0x40, (byte)0x90, (byte)0xa6, (byte)0x03,

551
        (byte)0x56, (byte)0x2a, (byte)0xd0, (byte)0x30,

552
        (byte)0x05, (byte)0x40, (byte)0x2c, (byte)0x4f,

553
        (byte)0xab, (byte)0xd9, (byte)0x74, (byte)0x89

554
    };

555


556
    static byte clientPrivateExponent[] = {

557
        (byte)0x11, (byte)0xb7, (byte)0x6a, (byte)0x36,

558
        (byte)0x3d, (byte)0x30, (byte)0x37, (byte)0xce,

559
        (byte)0x61, (byte)0x9d, (byte)0x6c, (byte)0x84,

560
        (byte)0x8b, (byte)0xf3, (byte)0x9b, (byte)0x25,

561
        (byte)0x4f, (byte)0x14, (byte)0xc8, (byte)0xa4,

562
        (byte)0xdd, (byte)0x2f, (byte)0xd7, (byte)0x9a,

563
        (byte)0x17, (byte)0xbd, (byte)0x90, (byte)0x19,

564
        (byte)0xf7, (byte)0x05, (byte)0xfd, (byte)0xf2,

565
        (byte)0xd2, (byte)0xc5, (byte)0xf7, (byte)0x77,

566
        (byte)0xbe, (byte)0xea, (byte)0xe2, (byte)0x84,

567
        (byte)0x87, (byte)0x97, (byte)0x3a, (byte)0x41,

568
        (byte)0x96, (byte)0xb6, (byte)0x99, (byte)0xf8,

569
        (byte)0x94, (byte)0x8c, (byte)0x58, (byte)0x71,

570
        (byte)0x51, (byte)0x8c, (byte)0xf4, (byte)0x2a,

571
        (byte)0x20, (byte)0x9e, (byte)0x1a, (byte)0xa0,

572
        (byte)0x26, (byte)0x99, (byte)0x75, (byte)0xd6,

573
        (byte)0x31, (byte)0x53, (byte)0x43, (byte)0x39,

574
        (byte)0xf5, (byte)0x2a, (byte)0xa6, (byte)0x7e,

575
        (byte)0x34, (byte)0x42, (byte)0x51, (byte)0x2a,

576
        (byte)0x40, (byte)0x87, (byte)0x03, (byte)0x88,

577
        (byte)0x43, (byte)0x69, (byte)0xb2, (byte)0x89,

578
        (byte)0x6d, (byte)0x20, (byte)0xbd, (byte)0x7d,

579
        (byte)0x71, (byte)0xef, (byte)0x47, (byte)0x0a,

580
        (byte)0xdf, (byte)0x06, (byte)0xc1, (byte)0x69,

581
        (byte)0x66, (byte)0xa8, (byte)0x22, (byte)0x37,

582
        (byte)0x1a, (byte)0x77, (byte)0x1e, (byte)0xc7,

583
        (byte)0x94, (byte)0x4e, (byte)0x2c, (byte)0x27,

584
        (byte)0x69, (byte)0x45, (byte)0x5e, (byte)0xc8,

585
        (byte)0xf8, (byte)0x0c, (byte)0xb7, (byte)0xf8,

586
        (byte)0xc0, (byte)0x8f, (byte)0x99, (byte)0xc1,

587
        (byte)0xe5, (byte)0x28, (byte)0x9b, (byte)0xf9,

588
        (byte)0x4c, (byte)0x94, (byte)0xc6, (byte)0xb1

589
    };

590


591
    static byte clientModulus[] = {

592
        (byte)0x00,

593
        (byte)0xbb, (byte)0xf0, (byte)0x40, (byte)0x36,

594
        (byte)0xac, (byte)0x26, (byte)0x54, (byte)0x4e,

595
        (byte)0xf4, (byte)0xa3, (byte)0x5a, (byte)0x00,

596
        (byte)0x2f, (byte)0x69, (byte)0x21, (byte)0x6f,

597
        (byte)0xb9, (byte)0x7a, (byte)0x3a, (byte)0x93,

598
        (byte)0xec, (byte)0xa2, (byte)0xf6, (byte)0xe1,

599
        (byte)0x8e, (byte)0xc7, (byte)0x63, (byte)0xd8,

600
        (byte)0x2f, (byte)0x12, (byte)0x30, (byte)0x99,

601
        (byte)0x2e, (byte)0xb0, (byte)0xf2, (byte)0x8f,

602
        (byte)0xf8, (byte)0x27, (byte)0x2d, (byte)0x24,

603
        (byte)0x78, (byte)0x28, (byte)0x84, (byte)0xf7,

604
        (byte)0x01, (byte)0xbf, (byte)0x8d, (byte)0x44,

605
        (byte)0x79, (byte)0xdd, (byte)0x3b, (byte)0xd2,

606
        (byte)0x55, (byte)0xf3, (byte)0xce, (byte)0x3c,

607
        (byte)0xb2, (byte)0x5b, (byte)0x21, (byte)0x7d,

608
        (byte)0xef, (byte)0xfd, (byte)0x33, (byte)0x4a,

609
        (byte)0xb1, (byte)0xa3, (byte)0xff, (byte)0xc6,

610
        (byte)0xc8, (byte)0x9b, (byte)0xb9, (byte)0x0f,

611
        (byte)0x7c, (byte)0x41, (byte)0x35, (byte)0x97,

612
        (byte)0xf9, (byte)0xdb, (byte)0x3a, (byte)0x05,

613
        (byte)0x60, (byte)0x05, (byte)0x15, (byte)0xaf,

614
        (byte)0x59, (byte)0x17, (byte)0x92, (byte)0xa3,

615
        (byte)0x10, (byte)0xad, (byte)0x16, (byte)0x1c,

616
        (byte)0xe4, (byte)0x07, (byte)0x53, (byte)0xaf,

617
        (byte)0xa8, (byte)0x76, (byte)0xa2, (byte)0x56,

618
        (byte)0x2a, (byte)0x92, (byte)0xd3, (byte)0xf9,

619
        (byte)0x28, (byte)0xe0, (byte)0x78, (byte)0xcf,

620
        (byte)0x5e, (byte)0x1f, (byte)0x48, (byte)0xab,

621
        (byte)0x5c, (byte)0x19, (byte)0xdd, (byte)0xe1,

622
        (byte)0x67, (byte)0x43, (byte)0xba, (byte)0x75,

623
        (byte)0x8d, (byte)0xf5, (byte)0x82, (byte)0xac,

624
        (byte)0x43, (byte)0x92, (byte)0x44, (byte)0x1b

625
    };

626


627
    static char passphrase[] = "passphrase".toCharArray();

628


629
    /*

630
     * Is the server ready to serve?

631
     */

632
    volatile static boolean serverReady = false;

633


634
    /*

635
     * Turn on SSL debugging?

636
     */

637
    static boolean debug = false;

638


639
    /*

640
     * Define the server side of the test.

641
     *

642
     * If the server prematurely exits, serverReady will be set to true

643
     * to avoid infinite hangs.

644
     */

645
    void doServerSide() throws Exception {

646
        SSLContext context = getSSLContext(trusedCertStr, serverCertStr,

647
            serverModulus, serverPrivateExponent, passphrase);

648
        SSLServerSocketFactory sslssf = context.getServerSocketFactory();

649


650
        SSLServerSocket sslServerSocket =

651
            (SSLServerSocket) sslssf.createServerSocket(serverPort);

652
        serverPort = sslServerSocket.getLocalPort();

653


654
        // enable endpoint identification

655
        // ignore, we may test the feature when known how to parse client

656
        // hostname

657
        //SSLParameters params = sslServerSocket.getSSLParameters();

658
        //params.setEndpointIdentificationAlgorithm("HTTPS");

659
        //sslServerSocket.setSSLParameters(params);

660


661
        /*

662
         * Signal Client, we're ready for his connect.

663
         */

664
        serverReady = true;

665


666
        SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();

667
        sslSocket.setNeedClientAuth(true);

668


669
        InputStream sslIS = sslSocket.getInputStream();

670
        OutputStream sslOS = sslSocket.getOutputStream();

671


672
        sslIS.read();

673
        sslOS.write(85);

674
        sslOS.flush();

675


676
        sslSocket.close();

677


678
    }

679


680
    /*

681
     * Define the client side of the test.

682
     *

683
     * If the server prematurely exits, serverReady will be set to true

684
     * to avoid infinite hangs.

685
     */

686
    void doClientSide() throws Exception {

687
        /*

688
         * Wait for server to get started.

689
         */

690
        while (!serverReady) {

691
            Thread.sleep(50);

692
        }

693


694
        SSLContext context = getSSLContext(trusedCertStr, clientCertStr,

695
            clientModulus, clientPrivateExponent, passphrase);

696


697
        SSLSocketFactory sslsf = context.getSocketFactory();

698
        SSLSocket sslSocket = (SSLSocket)

699
            sslsf.createSocket("localhost", serverPort);

700


701
        // enable endpoint identification

702
        SSLParameters params = sslSocket.getSSLParameters();

703
        params.setEndpointIdentificationAlgorithm("HTTPS");

704
        sslSocket.setSSLParameters(params);

705


706
        InputStream sslIS = sslSocket.getInputStream();

707
        OutputStream sslOS = sslSocket.getOutputStream();

708


709
        sslOS.write(280);

710
        sslOS.flush();

711
        sslIS.read();

712


713
        sslSocket.close();

714


715
    }

716


717
    // get the ssl context

718
    private static SSLContext getSSLContext(String trusedCertStr,

719
            String keyCertStr, byte[] modulus,

720
            byte[] privateExponent, char[] passphrase) throws Exception {

721


722
        // generate certificate from cert string

723
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

724


725
        ByteArrayInputStream is =

726
                    new ByteArrayInputStream(trusedCertStr.getBytes());

727
        Certificate trusedCert = cf.generateCertificate(is);

728
        is.close();

729


730
        // create a key store

731
        KeyStore ks = KeyStore.getInstance("JKS");

732
        ks.load(null, null);

733


734
        // import the trused cert

735
        ks.setCertificateEntry("RSA Export Signer", trusedCert);

736


737
        if (keyCertStr != null) {

738
            // generate the private key.

739
            RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(

740
                                            new BigInteger(modulus),

741
                                            new BigInteger(privateExponent));

742
            KeyFactory kf = KeyFactory.getInstance("RSA");

743
            RSAPrivateKey priKey =

744
                    (RSAPrivateKey)kf.generatePrivate(priKeySpec);

745


746
            // generate certificate chain

747
            is = new ByteArrayInputStream(keyCertStr.getBytes());

748
            Certificate keyCert = cf.generateCertificate(is);

749
            is.close();

750


751
            Certificate[] chain = new Certificate[2];

752
            chain[0] = keyCert;

753
            chain[1] = trusedCert;

754


755
            // import the key entry.

756
            ks.setKeyEntry("Whatever", priKey, passphrase, chain);

757
        }

758


759
        // create SSL context

760
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");

761
        tmf.init(ks);

762


763
        TrustManager tms[] = tmf.getTrustManagers();

764
        if (tms == null || tms.length == 0) {

765
            throw new Exception("unexpected trust manager implementation");

766
        } else {

767
           if (!(tms[0] instanceof X509ExtendedTrustManager)) {

768
               throw new Exception("unexpected trust manager implementation: "

769
                                + tms[0].getClass().getCanonicalName());

770
           }

771
        }

772


773


774
        SSLContext ctx = SSLContext.getInstance("TLS");

775


776
        if (keyCertStr != null) {

777
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

778
            kmf.init(ks, passphrase);

779


780
            ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

781
        } else {

782
            ctx.init(null, tmf.getTrustManagers(), null);

783
        }

784


785
        return ctx;

786
    }

787


788
    /*

789
     * =============================================================

790
     * The remainder is just support stuff

791
     */

792


793
    // use any free port by default

794
    volatile int serverPort = 0;

795


796
    volatile Exception serverException = null;

797
    volatile Exception clientException = null;

798


799
    static class Test {

800
        String tlsDisAlgs;

801
        String certPathDisAlgs;

802
        boolean fail;

803
        Test(String tlsDisAlgs, String certPathDisAlgs, boolean fail) {

804
            this.tlsDisAlgs = tlsDisAlgs;

805
            this.certPathDisAlgs = certPathDisAlgs;

806
            this.fail = fail;

807
        }

808
    }

809


810
    static Test[] tests = {

811
        // MD5 is used in this test case, don't disable MD5 algorithm.

812
        new Test(

813
            "SSLv3, RC4, DH keySize < 768",

814
            "MD2, RSA keySize < 1024",

815
            false),

816
        // Disable MD5 but only if cert chains back to public root CA, should

817
        // pass because the MD5 cert in this test case is issued by test CA

818
        new Test(

819
            "SSLv3, RC4, DH keySize < 768",

820
            "MD2, MD5 jdkCA, RSA keySize < 1024",

821
            false),

822
        // Disable MD5 alg via TLS property and expect failure

823
        new Test(

824
            "SSLv3, MD5, RC4, DH keySize < 768",

825
            "MD2, RSA keySize < 1024",

826
            true),

827
        // Disable MD5 alg via certpath property and expect failure

828
        new Test(

829
            "SSLv3, RC4, DH keySize < 768",

830
            "MD2, MD5, RSA keySize < 1024",

831
            true),

832
    };

833


834
    public static void main(String args[]) throws Exception {

835
        if (args.length != 1) {

836
            throw new Exception("Incorrect number of arguments");

837
        }

838
        Test test = tests[Integer.parseInt(args[0])];

839
        Security.setProperty("jdk.tls.disabledAlgorithms", test.tlsDisAlgs);

840
        Security.setProperty("jdk.certpath.disabledAlgorithms",

841
                             test.certPathDisAlgs);

842


843
        if (debug) {

844
            System.setProperty("javax.net.debug", "all");

845
        }

846


847
        /*

848
         * Start the tests.

849
         */

850
        try {

851
            new PKIXExtendedTM();

852
            if (test.fail) {

853
                throw new Exception("Expected MD5 certificate to be blocked");

854
            }

855
        } catch (Exception e) {

856
            if (test.fail) {

857
                // find expected cause

858
                boolean correctReason = false;

859
                Throwable cause = e.getCause();

860
                while (cause != null) {

861
                    if (cause instanceof CertPathValidatorException) {

862
                        CertPathValidatorException cpve =

863
                            (CertPathValidatorException)cause;

864
                        if (cpve.getReason() == CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED) {

865
                            correctReason = true;

866
                            break;

867
                        }

868
                    }

869
                    cause = cause.getCause();

870
                }

871
                if (!correctReason) {

872
                    throw new Exception("Unexpected exception", e);

873
                }

874
            } else {

875
                throw e;

876
            }

877
        }

878
    }

879


880
    Thread clientThread = null;

881
    Thread serverThread = null;

882
    /*

883
     * Primary constructor, used to drive remainder of the test.

884
     *

885
     * Fork off the other side, then do your work.

886
     */

887
    PKIXExtendedTM() throws Exception {

888
        if (separateServerThread) {

889
            startServer(true);

890
            startClient(false);

891
        } else {

892
            startClient(true);

893
            startServer(false);

894
        }

895


896
        /*

897
         * Wait for other side to close down.

898
         */

899
        if (separateServerThread) {

900
            serverThread.join();

901
        } else {

902
            clientThread.join();

903
        }

904


905
        /*

906
         * When we get here, the test is pretty much over.

907
         *

908
         * If the main thread excepted, that propagates back

909
         * immediately.  If the other thread threw an exception, we

910
         * should report back.

911
         */

912
        if (serverException != null)

913
            throw serverException;

914
        if (clientException != null)

915
            throw clientException;

916
    }

917


918
    void startServer(boolean newThread) throws Exception {

919
        if (newThread) {

920
            serverThread = new Thread() {

921
                public void run() {

922
                    try {

923
                        doServerSide();

924
                    } catch (Exception e) {

925
                        /*

926
                         * Our server thread just died.

927
                         *

928
                         * Release the client, if not active already...

929
                         */

930
                        System.err.println("Server died...");

931
                        serverReady = true;

932
                        serverException = e;

933
                    }

934
                }

935
            };

936
            serverThread.start();

937
        } else {

938
            doServerSide();

939
        }

940
    }

941


942
    void startClient(boolean newThread) throws Exception {

943
        if (newThread) {

944
            clientThread = new Thread() {

945
                public void run() {

946
                    try {

947
                        doClientSide();

948
                    } catch (Exception e) {

949
                        /*

950
                         * Our client thread just died.

951
                         */

952
                        System.err.println("Client died...");

953
                        clientException = e;

954
                    }

955
                }

956
            };

957
            clientThread.start();

958
        } else {

959
            doClientSide();

960
        }

961
    }

962


963
}

964


965