infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-15 21:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property

Browse Source 
Reviewed-by: mullan, weijun
This commit is contained in:
Xue-Lei Andrew Fan 2014-01-13 21:12:58 -08:00
parent 15c7afef94
commit 520ada1ca7
32 changed files with 739 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
jdk/src/share/lib/security/java.security-linux
View File

@ -470,7 +470,7 @@ krb5.kdc.bad.policy = tryLast
# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
#
#
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS) processing

2
jdk/src/share/lib/security/java.security-macosx
View File

@ -471,7 +471,7 @@ krb5.kdc.bad.policy = tryLast
# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
#
#
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS) processing

2
jdk/src/share/lib/security/java.security-solaris
View File

@ -470,7 +470,7 @@ krb5.kdc.bad.policy = tryLast
# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
#
#
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS) processing

2
jdk/src/share/lib/security/java.security-windows
View File

@ -471,7 +471,7 @@ krb5.kdc.bad.policy = tryLast
# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
#
#
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS) processing

12
jdk/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,6 +21,12 @@
* questions.
*/
//
// Security properties, once set, cannot revert to unset. To avoid
// conflicts with tests running in the same VM isolate this test by
// running it in otherVM mode.
//
/**
* @test
* @bug 6852744
@ -234,6 +240,10 @@ public final class DisableRevocation {
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
X509CertSelector selector = generateSelector(args[0]);

12
jdk/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,6 +21,12 @@
* questions.
*/
//
// Security properties, once set, cannot revert to unset. To avoid
// conflicts with tests running in the same VM isolate this test by
// running it in otherVM mode.
//
/**
* @test
* @bug 6852744
@ -277,6 +283,10 @@ public final class KeyUsageMatters {
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
X509CertSelector selector = generateSelector(args[0]);

12
jdk/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,6 +21,12 @@
* questions.
*/
//
// Security properties, once set, cannot revert to unset. To avoid
// conflicts with tests running in the same VM isolate this test by
// running it in otherVM mode.
//
/**
* @test
* @bug 6852744
@ -283,6 +289,10 @@ public final class StatusLoopDependency {
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
X509CertSelector selector = generateSelector(args[0]);

13
jdk/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,12 +21,19 @@
* questions.
*/
//
// Security properties, once set, cannot revert to unset. To avoid
// conflicts with tests running in the same VM isolate this test by
// running it in otherVM mode.
//
/**
* @test
* @bug 5072953
* @summary Verify that the URL for an OCSP responder can be extracted from a
* certificate's AuthorityInfoAccess extension when OCSP certifiate
* validation has been enabled.
* @run main/othervm AIACheck
*/
import java.io.*;
@ -51,6 +58,10 @@ public class AIACheck {
}
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
X509Certificate aiaCert = loadCertificate("AIACert.pem");
X509Certificate rootCert = loadCertificate("RootCert.pem");

20
jdk/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,16 +21,24 @@
* questions.
*/
//
// Security properties, once set, cannot revert to unset. To avoid
// conflicts with tests running in the same VM isolate this test by
// running it in otherVM mode.
//
/**
* @test
* @bug 6383095
* @summary CRL revoked certificate failures masked by OCSP failures
*
* @run main/othervm FailoverToCRL
* @author Xuelei Fan
*/
/*
* Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to
* Dec 1 14:55:35 2028 GMT, please update it with newer certificate if
* expires.
*
* @author Xuelei Fan
*/
/*
@ -229,6 +237,10 @@ public class FailoverToCRL {
}
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
CertPath path = generateCertificatePath();
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore crls = generateCertificateStore();

13
jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,11 +21,18 @@
* questions.
*/
//
// Security properties, once set, cannot revert to unset. To avoid
// conflicts with tests running in the same VM isolate this test by
// running it in otherVM mode.
//
/**
* @test
*
* @bug 6720721
* @summary CRL check with circular depency support needed
* @run main/othervm CircularCRLOneLevel
* @author Xuelei Fan
*/
@ -158,6 +165,10 @@ public class CircularCRLOneLevel {
}
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
CertPath path = generateCertificatePath();
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore crls = generateCertificateStore();

13
jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,11 +21,18 @@
* questions.
*/
//
// Security properties, once set, cannot revert to unset. To avoid
// conflicts with tests running in the same VM isolate this test by
// running it in otherVM mode.
//
/**
* @test
*
* @bug 6720721
* @summary CRL check with circular depency support needed
* @run main/othervm CircularCRLOneLevelRevoked
* @author Xuelei Fan
*/
@ -159,6 +166,10 @@ public class CircularCRLOneLevelRevoked {
}
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
CertPath path = generateCertificatePath();
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore crls = generateCertificateStore();

13
jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,11 +21,18 @@
* questions.
*/
//
// Security properties, once set, cannot revert to unset. To avoid
// conflicts with tests running in the same VM isolate this test by
// running it in otherVM mode.
//
/**
* @test
*
* @bug 6720721
* @summary CRL check with circular depency support needed
* @run main/othervm CircularCRLTwoLevel
* @author Xuelei Fan
*/
@ -210,6 +217,10 @@ public class CircularCRLTwoLevel {
}
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
CertPath path = generateCertificatePath();
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore crls = generateCertificateStore();

13
jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,11 +21,18 @@
* questions.
*/
//
// Security properties, once set, cannot revert to unset. To avoid
// conflicts with tests running in the same VM isolate this test by
// running it in otherVM mode.
//
/**
* @test
*
* @bug 6720721
* @summary CRL check with circular depency support needed
* @run main/othervm CircularCRLTwoLevelRevoked
* @author Xuelei Fan
*/
@ -211,6 +218,10 @@ public class CircularCRLTwoLevelRevoked {
}
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
CertPath path = generateCertificatePath();
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore crls = generateCertificateStore();

6
jdk/test/sun/security/ec/TestEC.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -59,6 +59,10 @@ import java.security.Security;
public class TestEC {
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
ProvidersSnapshot snapshot = ProvidersSnapshot.create();
try {
main0(args);

4
jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
View File

@ -48,6 +48,10 @@ public class ClientJSSEServerJSSE extends PKCS11Test {
}
public void main(Provider p) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
if (p.getService("KeyFactory", "EC") == null) {
System.out.println("Provider does not support EC, skipping");
return;

449
jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java Normal file
View File

@ -0,0 +1,449 @@
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
// This test case relies on static security property, no way to re-use
// security property in samevm/agentvm mode.
/**
* @test
*
* @bug 8030829
* @summary Add MD5 to jdk.certpath.disabledAlgorithms security property
*
* @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_1024 0 true
* @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_512 0 true
* @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_1024 1 true
* @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_512 1 false
* @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_1024 1 false
* @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_512 1 false
* @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_1024 1 false
* @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_512 1 false
* @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_1024 2 true
* @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_512 2 false
* @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_1024 2 false
* @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_512 2 false
* @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_1024 2 false
* @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_512 2 false
*
* @author Xuelei Fan
*/
/*
* The generate.sh was designed to generate MD2 signed certificates. The
* certificates used in this test are generated by an updated generate.sh that
* replacing MD2 with MD5 algorithm.
*/
import java.io.*;
import java.net.SocketException;
import java.util.*;
import java.security.Security;
import java.security.cert.*;
import sun.security.util.DerInputStream;
public class CPBuilderWithMD5 {
// SHA1withRSA 1024
static String trustAnchor_SHA1withRSA_1024 =
"-----BEGIN CERTIFICATE-----\n" +
"MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" +
"MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
"AQUAA4GNADCBiQKBgQDn3JSHACqi/bcohVy7eFqDs3L5ehnXmF9Jrg4rMRUeNrxA\n" +
"61F8bJ9JXx4j8WyqmT0TtokgXuqGxbsXRQVVw4AdXLF2PwCs/y+Y+AwU59uDHA3J\n" +
"AMk4VvjV9MB2Ea6YzuLnbbj/TNrfxB6LZ7KBvh0fYGt2T40yMvOvilU/f6e3zQID\n" +
"AQABo4GJMIGGMB0GA1UdDgQWBBSIxINDFVm8GpUz3v+BbWNmDEKP7TBHBgNVHSME\n" +
"QDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +
"BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" +
"DQYJKoZIhvcNAQEFBQADgYEAt0mYDXTpInrGvEOylIL2gx65A/bpdz9iDQsSs5sZ\n" +
"r3m0v9zJnzR8lRqN4GbaD1vrFdkUrIoObcvXjXitnf5QqDzmc9BbIYj83Ft8QSUj\n" +
"jCMy04EGT/7ATss4SiFEu6sJpmOBjsgH6wYuobR27wl/01XOu2CXUo3OOjgAoPBs\n" +
"QoQ=\n" +
"-----END CERTIFICATE-----";
// SHA1withRSA 512
static String trustAnchor_SHA1withRSA_512 =
"-----BEGIN CERTIFICATE-----\n" +
"MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" +
"MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" +
"BQADSwAwSAJBANLqQkOpH7rBTo/a2ccYjJxvNib/Lxm6UXO1uAd/0AUzPWzJsOpB\n" +
"u2zyD26UYc0GNyXCkWMZ44FrtSQ8VI146j8CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" +
"5PVLxBY//smN31jHb/MAmCEz5NIwRwYDVR0jBEAwPoAU5PVLxBY//smN31jHb/MA\n" +
"mCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" +
"A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAzF9E\n" +
"dXYPLqziCRY45IHCUtxaLjLQmwsjEu91TV4xyuuozGEumcqH7m6Hg6Ohnd1FGfsN\n" +
"X+vt1tdaDIu9+OzGjQ==\n" +
"-----END CERTIFICATE-----";
// SHA1withRSA 1024 signed with RSA 1024
static String intermediate_SHA1withRSA_1024_1024 =
"-----BEGIN CERTIFICATE-----\n" +
"MIICUDCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" +
"MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
"cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" +
"XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" +
"38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" +
"bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" +
"A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" +
"HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
"AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEA0673aIUF2k20jkpR\n" +
"4USN9UkbfX57Uazhl4n765EeAiteWnTzKztISeH1GTrCw7bSl1r07aaflsnbKOHC\n" +
"RrL2RxbxNwQARvuuCxr664vXnsGrt86xA5F2iNF22uDM/5HA5sIfBmEk5xXSLrgH\n" +
"I7jOaYqAA1b8C+4DU2Z5ZgO4LOA=\n" +
"-----END CERTIFICATE-----";
// SHA1withRSA 1024 signed with RSA 512
static String intermediate_SHA1withRSA_1024_512 =
"-----BEGIN CERTIFICATE-----\n" +
"MIICDzCCAbmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" +
"MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
"cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" +
"XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" +
"38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" +
"bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" +
"A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" +
"HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
"AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQAihshnF7RWZ13tUGsH\n" +
"iM4i8HmBjw2+pwW/cs0E8BcycYEy3beWMcL1Np2yfOa/7K5ZvGPhe/piwzTel+Kt\n" +
"5VLm\n" +
"-----END CERTIFICATE-----";
// SHA1withRSA 512 signed with RSA 1024
static String intermediate_SHA1withRSA_512_1024 =
"-----BEGIN CERTIFICATE-----\n" +
"MIICDDCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" +
"MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
"cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" +
"lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" +
"AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" +
"PoAUiMSDQxVZvBqVM97/gW1jZgxCj+2hI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
"VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" +
"CSqGSIb3DQEBBQUAA4GBAAHN8XUTT6asa1MvpfqAvKTH6tNrMOmzoFsUamPxSrUB\n" +
"tnBv/fa/E9+1QvQwl3g6luVXBkQf2/nVD0195IdkEuD/C6psuGKerXmiaRMv5Wcs\n" +
"B+8bTzhNxMzHKPZDJ8Tf/RD3XpPvtxw0T+I5xud68FH/WDhJtu7TiXPAhs7srtHt\n" +
"-----END CERTIFICATE-----";
// SHA1withRSA 512 signed with RSA 512
static String intermediate_SHA1withRSA_512_512 =
"-----BEGIN CERTIFICATE-----\n" +
"MIIByzCCAXWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" +
"MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
"cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" +
"lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" +
"AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" +
"PoAU5PVLxBY//smN31jHb/MAmCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
"VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" +
"CSqGSIb3DQEBBQUAA0EASLN+1/pfo+9ty5EaYkoPu4QeYGr+5wmXyDceiaED/Lok\n" +
"RdV0ZH0qwD4kiarlJssNOgMCk+2EzgvXcIhEMDa5hA==\n" +
"-----END CERTIFICATE-----";
// MD5withRSA 1024 signed with RSA 1024
static String intermediate_MD5withRSA_1024_1024 =
"-----BEGIN CERTIFICATE-----\n" +
"MIICUDCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" +
"MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
"cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" +
"XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" +
"38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" +
"bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" +
"A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" +
"HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
"AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADgYEAerx2je3FBVn2eoPs\n" +
"nTzLKILezqCTCO7mXWiyBidRhh4RGdM8JggMN5SRmuwRurxfYFgPfqmAenWtEFqO\n" +
"xZrTXQUvIrrEgpzqkfppFnkCh4kDsX4roD5Nho3J4MTBQkqE0r676Yq6Rp6cywCq\n" +
"CHQQztRGY7n/ZYRNJ3uzvuoT1tk=\n" +
"-----END CERTIFICATE-----";
// MD5withRSA 1024 signed with RSA 512
static String intermediate_MD5withRSA_1024_512 =
"-----BEGIN CERTIFICATE-----\n" +
"MIICDzCCAbmgAwIBAgIBCDANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MTBaFw0zMzA5MTQxMTA5MTBa\n" +
"MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
"cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" +
"XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" +
"38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" +
"bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" +
"A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" +
"HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
"AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADQQA3XGQPNin8cDIsJ4vx\n" +
"tTxUO6XVJoWOdTsjwzlMrPmLvjJNZeXLtQe3pQu0vjgyUpQ59VYLW3qKN/LF3UH0\n" +
"Ep7V\n" +
"-----END CERTIFICATE-----";
// SHA1withRSA 1024 signed with RSA 1024
static String endentiry_SHA1withRSA_1024_1024 =
"-----BEGIN CERTIFICATE-----\n" +
"MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" +
"MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
"cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
"9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" +
"2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" +
"UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" +
"zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" +
"8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" +
"9w0BAQUFAAOBgQB2RkWHOaL4WTOGoeTS4J4o9FW+4UXihbocdI/64rMExERjDkE/\n" +
"Jh31TEmatnP1gPrF1AfmqQPubqVSbRtCHrZF+Ilk6L6YeyRNzKvsLiMUtgrLYLas\n" +
"Vop0DFZxR02xHgaJdoJkcWBjNadb9zG7eZtt8OOOJ4lRwg02aLTy+WDqPA==\n" +
"-----END CERTIFICATE-----";
// SHA1withRSA 1024 signed with RSA 512
static String endentiry_SHA1withRSA_1024_512 =
"-----BEGIN CERTIFICATE-----\n" +
"MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" +
"MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
"cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
"9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" +
"2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" +
"UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" +
"zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" +
"8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" +
"9w0BAQUFAANBAIapvjECUm4YD4O99G0v2SM17cKQzjZtSWkScS7FSk4sxS+dP3hM\n" +
"Qb2UpoRl6CGynhOVVy2G/VJN8BEqOfywj8k=\n" +
"-----END CERTIFICATE-----";
// SHA1withRSA 512 signed with RSA 1024
static String endentiry_SHA1withRSA_512_1024 =
"-----BEGIN CERTIFICATE-----\n" +
"MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" +
"MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
"cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" +
"DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" +
"E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" +
"AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" +
"CLGg2S/eJC7oPwNTeBJDTgOM+OwwDQYJKoZIhvcNAQEFBQADgYEAMd/8XnjRz5jK\n" +
"nbss9DDQQC2mUuCbV/tGdke7eQ1DtBVZLBU6wDgisGr52sUXmyZIPmSVKpQqwCG5\n" +
"8cY5uQhaNwPtPmMMKXzX32zN9NhVkiDNceL+zHs3vdjD1i/QiUTST+NKfLYVb6dF\n" +
"YMG65lxe3gMVxMweiHSZSukmk1k3gUA=\n" +
"-----END CERTIFICATE-----";
// SHA1withRSA 512 signed with RSA 512
static String endentiry_SHA1withRSA_512_512 =
"-----BEGIN CERTIFICATE-----\n" +
"MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" +
"MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
"cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" +
"DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" +
"E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" +
"AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" +
"88OD48Osuh7lJiLnhfMhrySqW8QwDQYJKoZIhvcNAQEFBQADQQB4xFWtC6ijDBIe\n" +
"/Gkf3B9+ycmP52pTPNiPwMS6u1a5vTRXMn5xRDexWfxJKJVZ2s9UR1jheZvWgPC8\n" +
"VUWO8bbG\n" +
"-----END CERTIFICATE-----";
// MD5withRSA 1024 signed with RSA 1024
static String endentiry_MD5withRSA_1024_1024 =
"-----BEGIN CERTIFICATE-----\n" +
"MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" +
"MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
"cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
"9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" +
"2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" +
"UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" +
"zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" +
"8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" +
"9w0BAQQFAAOBgQBCVn9/JQxsRTaKIKSrgB+KtEreat+33k3SXuJICuRxcmvjOXIx\n" +
"wSdq+mRCA+DpIPSNtgnDAUyipnyxRxpdmRRUHuRYpkALq4a5QtTJK0Y/CEMfsd2J\n" +
"Yd2zKcfynDLW6LVeNdtjlY7fTemJnbA/WImNhwyW55V9vbnk3J04EZN8jw==\n" +
"-----END CERTIFICATE-----";
// MD5withRSA 1024 signed with RSA 512
static String endentiry_MD5withRSA_1024_512 =
"-----BEGIN CERTIFICATE-----\n" +
"MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" +
"MTNaFw0zMzA5MTQxMTA5MTNaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
"cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
"9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" +
"2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" +
"UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" +
"zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" +
"8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" +
"9w0BAQQFAANBAAbZwmkqb6sfiiIxuLnj6PjhJsXGfvPomkkbLu5CapAMhen/p6ZG\n" +
"6vh69TbIsBR9UHu7qDyTl5Xax7bmYeW+sDQ=\n" +
"-----END CERTIFICATE-----";
static HashMap<String, String> certmap = new HashMap<String, String>();
static {
certmap.put("trustAnchor_SHA1withRSA_1024",
trustAnchor_SHA1withRSA_1024);
certmap.put("trustAnchor_SHA1withRSA_512",
trustAnchor_SHA1withRSA_512);
certmap.put("intermediate_SHA1withRSA_1024_1024",
intermediate_SHA1withRSA_1024_1024);
certmap.put("intermediate_SHA1withRSA_1024_512",
intermediate_SHA1withRSA_1024_512);
certmap.put("intermediate_SHA1withRSA_512_1024",
intermediate_SHA1withRSA_512_1024);
certmap.put("intermediate_SHA1withRSA_512_512",
intermediate_SHA1withRSA_512_512);
certmap.put("intermediate_MD5withRSA_1024_1024",
intermediate_MD5withRSA_1024_1024);
certmap.put("intermediate_MD5withRSA_1024_512",
intermediate_MD5withRSA_1024_512);
certmap.put("endentiry_SHA1withRSA_1024_1024",
endentiry_SHA1withRSA_1024_1024);
certmap.put("endentiry_SHA1withRSA_1024_512",
endentiry_SHA1withRSA_1024_512);
certmap.put("endentiry_SHA1withRSA_512_1024",
endentiry_SHA1withRSA_512_1024);
certmap.put("endentiry_SHA1withRSA_512_512",
endentiry_SHA1withRSA_512_512);
certmap.put("endentiry_MD5withRSA_1024_1024",
endentiry_MD5withRSA_1024_1024);
certmap.put("endentiry_MD5withRSA_1024_512",
endentiry_MD5withRSA_1024_512);
}
private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
HashSet<TrustAnchor> anchors = new HashSet<TrustAnchor>();
ByteArrayInputStream is =
new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes());
Certificate cert = cf.generateCertificate(is);
TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null);
anchors.add(anchor);
is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes());
cert = cf.generateCertificate(is);
anchor = new TrustAnchor((X509Certificate)cert, null);
anchors.add(anchor);
return anchors;
}
private static CertStore generateCertificateStore() throws Exception {
Collection entries = new HashSet();
// generate certificate from certificate string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (String key : certmap.keySet()) {
String certStr = certmap.get(key);
ByteArrayInputStream is =
new ByteArrayInputStream(certStr.getBytes());;
Certificate cert = cf.generateCertificate(is);
entries.add(cert);
}
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(entries));
}
private static X509CertSelector generateSelector(String name)
throws Exception {
X509CertSelector selector = new X509CertSelector();
String certStr = certmap.get(name);
if (certStr == null) {
return null;
}
// generate certificate from certificate string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
X509Certificate target = (X509Certificate)cf.generateCertificate(is);
selector.setCertificate(target);
return selector;
}
private static boolean match(String name, Certificate cert)
throws Exception {
X509CertSelector selector = new X509CertSelector();
String certStr = certmap.get(name);
if (certStr == null) {
return false;
}
// generate certificate from certificate string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
X509Certificate target = (X509Certificate)cf.generateCertificate(is);
return target.equals(cert);
}
public static void main(String args[]) throws Exception {
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
X509CertSelector selector = generateSelector(args[0]);
if (selector == null) {
// no target certificate, ignore it
return;
}
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore certs = generateCertificateStore();
PKIXBuilderParameters params =
new PKIXBuilderParameters(anchors, selector);
params.addCertStore(certs);
params.setRevocationEnabled(false);
params.setDate(new Date(114, 9, 1)); // 2014-09-01
boolean success = Boolean.valueOf(args[2]);
try {
PKIXCertPathBuilderResult result =
(PKIXCertPathBuilderResult)builder.build(params);
if (!success) {
throw new Exception("expected algorithm disabled exception");
}
int length = Integer.parseInt(args[1]);
List<? extends Certificate> path =
result.getCertPath().getCertificates();
if (length != path.size()) {
throw new Exception("unexpected certification path length");
}
if (!path.isEmpty()) { // the target is not a trust anchor
if (!match(args[0], path.get(0))) {
throw new Exception("unexpected certificate");
}
}
} catch (CertPathBuilderException cpbe) {
if (success) {
throw new Exception("unexpected exception", cpbe);
} else {
System.out.println("Get the expected exception " + cpbe);
}
}
}
}

13
jdk/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,15 +21,23 @@
* questions.
*/
//
// Security properties, once set, cannot revert to unset. To avoid
// conflicts with tests running in the same VM isolate this test by
// running it in otherVM mode.
//
/*
* @test
* @bug 7167988
* @summary PKIX CertPathBuilder in reverse mode doesn't work if more than
* one trust anchor is specified
* @run main/othervm ReverseBuild
*/
import java.io.*;
import java.util.*;
import java.security.cert.*;
import java.security.Security;
import sun.security.provider.certpath.SunCertPathBuilderParameters;
@ -279,6 +287,9 @@ public class ReverseBuild {
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");

15
jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,13 +23,15 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 7113275
* @summary compatibility issue with MD2 trust anchor and old X509TrustManager
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @run main/othervm MD2InTrustAnchor PKIX TLSv1.1
* @run main/othervm MD2InTrustAnchor SunX509 TLSv1.1
* @run main/othervm MD2InTrustAnchor PKIX TLSv1.2
@ -40,6 +42,7 @@ import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
@ -283,6 +286,10 @@ public class MD2InTrustAnchor {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
if (debug)
System.setProperty("javax.net.debug", "all");

14
jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,13 +23,15 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 7113275
* @summary compatibility issue with MD2 trust anchor and old X509TrustManager
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @run main/othervm TrustTrustedCert PKIX TLSv1.1
* @run main/othervm TrustTrustedCert SunX509 TLSv1.1
* @run main/othervm TrustTrustedCert PKIX TLSv1.2
@ -336,6 +338,10 @@ public class TrustTrustedCert {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
if (debug)
System.setProperty("javax.net.debug", "all");

13
jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,11 +21,18 @@
* questions.
*/
//
// Security properties, once set, cannot revert to unset. To avoid
// conflicts with tests running in the same VM isolate this test by
// running it in otherVM mode.
//
/*
* @test
* @bug 6302644
* @summary X509KeyManager implementation for NewSunX509 doesn't return most
* preferable key
* @run main/othervm PreferredKey
*/
import java.io.*;
import java.net.*;
@ -49,6 +56,10 @@ public class PreferredKey {
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
KeyStore ks;
KeyManagerFactory kmf;
X509KeyManager km;

15
jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,14 +21,16 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 7166570
* @summary JSSE certificate validation has started to fail for
* certificate chains
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @run main/othervm BasicConstraints PKIX
* @run main/othervm BasicConstraints SunX509
*/
@ -37,6 +39,7 @@ import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.*;
@ -454,6 +457,10 @@ public class BasicConstraints {
volatile Exception clientException = null;
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
if (debug)
System.setProperty("javax.net.debug", "all");

14
jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,21 +21,23 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 6916074
* @summary Add support for TLS 1.2
* @run main/othervm PKIXExtendedTM
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
@ -791,6 +793,10 @@ public class PKIXExtendedTM {
volatile Exception clientException = null;
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
if (debug)
System.setProperty("javax.net.debug", "all");

15
jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,15 +21,17 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 6822460
* @summary support self-issued certificate
* @run main/othervm SelfIssuedCert PKIX
* @run main/othervm SelfIssuedCert SunX509
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @author Xuelei Fan
*/
@ -37,6 +39,7 @@ import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
@ -302,6 +305,10 @@ public class SelfIssuedCert {
volatile Exception clientException = null;
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
if (debug)
System.setProperty("javax.net.debug", "all");

15
jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,20 +21,23 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 6916074
* @summary Add support for TLS 1.2
* @run main/othervm SunX509ExtendedTM
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
@ -792,6 +795,10 @@ public class SunX509ExtendedTM {
volatile Exception clientException = null;
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
if (debug)
System.setProperty("javax.net.debug", "all");

20
jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,18 +21,21 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 6668231
* @summary Presence of a critical subjectAltName causes JSSE's SunX509 to
* fail trusted checks
* @run main/othervm CriticalSubjectAltName
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
*
* @author Xuelei Fan
*
*/
/*
* This test depends on binary keystore, crisubn.jks and trusted.jks. Because
* JAVA keytool cannot generate X509 certificate with SubjectAltName extension,
* the certificates are generated with openssl toolkits and then imported into
@ -47,6 +50,7 @@
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
import java.security.Security;
import java.security.cert.Certificate;
public class CriticalSubjectAltName implements HostnameVerifier {
@ -154,6 +158,10 @@ public class CriticalSubjectAltName implements HostnameVerifier {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;

7
jdk/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -44,6 +44,7 @@ import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
@ -431,6 +432,10 @@ public class SSLSocketSNISensitive {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
if (debug)
System.setProperty("javax.net.debug", "all");

15
jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,15 +23,16 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 4873188
* @summary Support TLS 1.1
* @run main/othervm EmptyCertificateAuthorities
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
*
* @author Xuelei Fan
*/
@ -228,6 +229,10 @@ public class EmptyCertificateAuthorities {
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores +
"/" + keyStoreFile;

7
jdk/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,10 +28,15 @@
* @author Andreas Sterbenz
* @run main/othervm/timeout=300 ClientJSSEServerJSSE
*/
import java.security.Security;
public class ClientJSSEServerJSSE {
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
CipherTest.main(new JSSEFactory(), args);
}

15
jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,13 +21,15 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/* @test
* @bug 6766775
* @summary X509 certificate hostname checking is broken in JDK1.6.0_10
* @run main/othervm DNSIdentities
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @author Xuelei Fan
*/
@ -35,6 +37,7 @@ import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
@ -743,6 +746,10 @@ public class DNSIdentities {
volatile Exception clientException = null;
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
if (debug)
System.setProperty("javax.net.debug", "all");

15
jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,13 +21,15 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/* @test
* @summary X509 certificate hostname checking is broken in JDK1.6.0_10
* @bug 6766775
* @run main/othervm IPAddressIPIdentities
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @author Xuelei Fan
*/
@ -35,6 +37,7 @@ import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
@ -744,6 +747,10 @@ public class IPAddressIPIdentities {
volatile Exception clientException = null;
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
if (debug)
System.setProperty("javax.net.debug", "all");

15
jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,13 +21,15 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/* @test
* @summary X509 certificate hostname checking is broken in JDK1.6.0_10
* @bug 6766775
* @run main/othervm IPIdentities
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @author Xuelei Fan
*/
@ -35,6 +37,7 @@ import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
@ -743,6 +746,10 @@ public class IPIdentities {
volatile Exception clientException = null;
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
if (debug)
System.setProperty("javax.net.debug", "all");

15
jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,13 +21,15 @@
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/* @test
* @bug 6766775
* @summary X509 certificate hostname checking is broken in JDK1.6.0_10
* @run main/othervm Identities
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @author Xuelei Fan
*/
@ -35,6 +37,7 @@ import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
@ -743,6 +746,10 @@ public class Identities {
volatile Exception clientException = null;
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
if (debug)
System.setProperty("javax.net.debug", "all");