infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-03-14 18:03:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

8365072: Refactor tests to use PEM API (Phase 2)

Browse Source 
Reviewed-by: ascarpino
This commit is contained in:
Mikhail Yankelevich 2025-10-22 07:50:38 +00:00
parent eff4b11033
commit 8d9b2fa6af
14 changed files with 560 additions and 647 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
test/jdk/java/security/cert/CertPathBuilder/NoExtensions.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,8 +25,10 @@
* @test
* @bug 4519462
* @summary Verify Sun CertPathBuilder implementation handles certificates with no extensions
* @enablePreview
*/
import java.security.PEMDecoder;
import java.security.cert.X509Certificate;
import java.security.cert.TrustAnchor;
import java.security.cert.CollectionCertStoreParameters;
@ -35,16 +37,15 @@ import java.security.cert.X509CertSelector;
import java.security.cert.CertPathBuilder;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertificateFactory;
import java.security.cert.CRL;
import java.security.cert.CertPath;
import java.util.HashSet;
import java.util.ArrayList;
import java.io.ByteArrayInputStream;
// Test based on user code submitted with bug by daniel.boggs@compass.net
public class NoExtensions {
private static final PEMDecoder pemDecoder = PEMDecoder.of();
public static void main(String[] args) {
try {
NoExtensions certs = new NoExtensions();
@ -92,7 +93,7 @@ public class NoExtensions {
// System.out.println(certPath.toString());
}
private static X509Certificate getTrustedCertificate() throws Exception {
private static X509Certificate getTrustedCertificate() {
String sCert =
"-----BEGIN CERTIFICATE-----\n"
+ "MIIBezCCASWgAwIBAgIQyWD8dLUoqpJFyDxrfRlrsTANBgkqhkiG9w0BAQQFADAW\n"
@ -104,12 +105,10 @@ public class NoExtensions {
+ "AKoAZIoRz7jUqlw19DANBgkqhkiG9w0BAQQFAANBACJxAfP57yqaT9N+nRgAOugM\n"
+ "JG0aN3/peCIvL3p29epRL2xoWFvxpUUlsH2I39OZ6b8+twWCebhkv1I62segXAk=\n"
+ "-----END CERTIFICATE-----";
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bytes = new ByteArrayInputStream(sCert.getBytes());
return (X509Certificate)certFactory.generateCertificate(bytes);
return pemDecoder.decode(sCert, X509Certificate.class);
}
private static X509Certificate getUserCertificate1() throws Exception {
private static X509Certificate getUserCertificate1() {
// this certificate includes an extension
String sCert =
"-----BEGIN CERTIFICATE-----\n"
@ -123,12 +122,10 @@ public class NoExtensions {
+ "CxeUaYlXmvbxVNkxM65Pplsj3h4ntfZaynmlhahH3YsnnA8wk6xPt04LjSId12RB\n"
+ "PeuO\n"
+ "-----END CERTIFICATE-----";
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bytes = new ByteArrayInputStream(sCert.getBytes());
return (X509Certificate)certFactory.generateCertificate(bytes);
return pemDecoder.decode(sCert, X509Certificate.class);
}
private static X509Certificate getUserCertificate2() throws Exception {
private static X509Certificate getUserCertificate2() {
// this certificate does not include any extensions
String sCert =
"-----BEGIN CERTIFICATE-----\n"
@ -140,8 +137,6 @@ public class NoExtensions {
+ "BAUAA0EAQmj9SFHEx66JyAps3ew4pcSS3QvfVZ/6qsNUYCG75rFGcTUPHcXKql9y\n"
+ "qBT83iNLJ//krjw5Ju0WRPg/buHSww==\n"
+ "-----END CERTIFICATE-----";
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bytes = new ByteArrayInputStream(sCert.getBytes());
return (X509Certificate)certFactory.generateCertificate(bytes);
return pemDecoder.decode(sCert, X509Certificate.class);
}
}

98
test/jdk/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -33,18 +33,31 @@
* @summary PIT b61: PKI test suite fails because self signed certificates
* are being rejected
* @modules java.base/sun.security.util
* @enablePreview
* @run main/othervm StatusLoopDependency subca
* @run main/othervm StatusLoopDependency subci
* @run main/othervm StatusLoopDependency alice
* @author Xuelei Fan
*/
import java.io.*;
import java.net.SocketException;
import java.util.*;
import java.security.DEREncodable;
import java.security.PEMDecoder;
import java.security.Security;
import java.security.cert.*;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import sun.security.util.DerInputStream;
/**
@ -183,61 +196,46 @@ public final class StatusLoopDependency {
"N9AvUXxGxU4DruoJuFPcrCI=\n" +
"-----END X509 CRL-----";
private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
private static final PEMDecoder pemDecoder = PEMDecoder.of();
ByteArrayInputStream is =
new ByteArrayInputStream(selfSignedCertStr.getBytes());
Certificate selfSignedCert = cf.generateCertificate(is);
private static Set<TrustAnchor> generateTrustAnchors() {
X509Certificate selfSignedCert = pemDecoder.decode(selfSignedCertStr, X509Certificate.class);
// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)selfSignedCert, null);
new TrustAnchor(selfSignedCert, null);
return Collections.singleton(anchor);
}
private static CertStore generateCertificateStore() throws Exception {
Collection entries = new HashSet();
// generate certificate from certificate string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection<DEREncodable> entries = new HashSet<>();
ByteArrayInputStream is;
is = new ByteArrayInputStream(targetCertStr.getBytes());
Certificate cert = cf.generateCertificate(is);
DEREncodable cert = pemDecoder.decode(targetCertStr, X509Certificate.class);
entries.add(cert);
is = new ByteArrayInputStream(subCaCertStr.getBytes());
cert = cf.generateCertificate(is);
cert = pemDecoder.decode(subCaCertStr, X509Certificate.class);
entries.add(cert);
is = new ByteArrayInputStream(selfSignedCertStr.getBytes());
cert = cf.generateCertificate(is);
cert = pemDecoder.decode(selfSignedCertStr, X509Certificate.class);
entries.add(cert);
is = new ByteArrayInputStream(topCrlIssuerCertStr.getBytes());
cert = cf.generateCertificate(is);
cert = pemDecoder.decode(topCrlIssuerCertStr, X509Certificate.class);
entries.add(cert);
is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
cert = cf.generateCertificate(is);
cert = pemDecoder.decode(subCrlIssuerCertStr, X509Certificate.class);
entries.add(cert);
// generate CRL from CRL string
is = new ByteArrayInputStream(topCrlStr.getBytes());
Collection mixes = cf.generateCRLs(is);
entries.addAll(mixes);
DEREncodable mixes = pemDecoder.decode(topCrlStr, X509CRL.class);
entries.add(mixes);
is = new ByteArrayInputStream(subCrlStr.getBytes());
mixes = cf.generateCRLs(is);
entries.addAll(mixes);
mixes = pemDecoder.decode(subCrlStr, X509CRL.class);
entries.add(mixes);
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(entries));
new CollectionCertStoreParameters(entries));
}
private static X509CertSelector generateSelector(String name)
@ -245,17 +243,16 @@ public final class StatusLoopDependency {
X509CertSelector selector = new X509CertSelector();
// generate certificate from certificate string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = null;
String cert;
if (name.equals("subca")) {
is = new ByteArrayInputStream(subCaCertStr.getBytes());
cert = subCaCertStr;
} else if (name.equals("subci")) {
is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
cert = subCrlIssuerCertStr;
} else {
is = new ByteArrayInputStream(targetCertStr.getBytes());
cert = targetCertStr;
}
X509Certificate target = (X509Certificate)cf.generateCertificate(is);
X509Certificate target = pemDecoder.decode(cert, X509Certificate.class);
byte[] extVal = target.getExtensionValue("2.5.29.14");
if (extVal != null) {
DerInputStream in = new DerInputStream(extVal);
@ -269,21 +266,18 @@ public final class StatusLoopDependency {
return selector;
}
private static boolean match(String name, Certificate cert)
throws Exception {
X509CertSelector selector = new X509CertSelector();
private static boolean match(String name, Certificate cert) {
// generate certificate from certificate string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = null;
String newCert;
if (name.equals("subca")) {
is = new ByteArrayInputStream(subCaCertStr.getBytes());
newCert = subCaCertStr;
} else if (name.equals("subci")) {
is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
newCert = subCrlIssuerCertStr;
} else {
is = new ByteArrayInputStream(targetCertStr.getBytes());
newCert = targetCertStr;
}
X509Certificate target = (X509Certificate)cf.generateCertificate(is);
X509Certificate target = pemDecoder.decode(newCert, X509Certificate.class);
return target.equals(cert);
}

77
test/jdk/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,16 +32,34 @@
*
* @bug 6720721
* @summary CRL check with circular depency support needed
* @enablePreview
* @run main/othervm CircularCRLTwoLevel
* @author Xuelei Fan
*/
import java.io.*;
import java.net.SocketException;
import java.util.*;
import java.security.DEREncodable;
import java.security.PEMDecoder;
import java.security.Security;
import java.security.cert.*;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
public class CircularCRLTwoLevel {
@ -149,25 +167,19 @@ public class CircularCRLTwoLevel {
"ARGr6Qu68MYGtLMC6ZqP3u0=\n" +
"-----END X509 CRL-----";
private static final PEMDecoder pemDecoder = PEMDecoder.of();
private static CertPath generateCertificatePath()
throws CertificateException {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is;
is = new ByteArrayInputStream(targetCertStr.getBytes());
Certificate targetCert = cf.generateCertificate(is);
is = new ByteArrayInputStream(subCaCertStr.getBytes());
Certificate subCaCert = cf.generateCertificate(is);
is = new ByteArrayInputStream(selfSignedCertStr.getBytes());
Certificate selfSignedCert = cf.generateCertificate(is);
Certificate targetCert = pemDecoder.decode(targetCertStr, X509Certificate.class);
Certificate subCaCert = pemDecoder.decode(subCaCertStr, X509Certificate.class);
Certificate selfSignedCert = pemDecoder.decode(selfSignedCertStr, X509Certificate.class);
// generate certification path
List<Certificate> list = Arrays.asList(new Certificate[] {
targetCert, subCaCert, selfSignedCert});
List<Certificate> list = Arrays.asList(targetCert, subCaCert, selfSignedCert);
return cf.generateCertPath(list);
}
@ -175,42 +187,33 @@ public class CircularCRLTwoLevel {
private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is =
new ByteArrayInputStream(selfSignedCertStr.getBytes());
Certificate selfSignedCert = cf.generateCertificate(is);
final X509Certificate selfSignedCert = pemDecoder.decode(selfSignedCertStr, X509Certificate.class);
// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)selfSignedCert, null);
new TrustAnchor(selfSignedCert, null);
return Collections.singleton(anchor);
}
private static CertStore generateCertificateStore() throws Exception {
Collection entries = new HashSet();
Collection<DEREncodable> entries = new HashSet<>();
// generate CRL from CRL string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is =
new ByteArrayInputStream(topCrlStr.getBytes());
Collection mixes = cf.generateCRLs(is);
entries.addAll(mixes);
DEREncodable mixes = pemDecoder.decode(topCrlStr, X509CRL.class);
entries.add(mixes);
is = new ByteArrayInputStream(subCrlStr.getBytes());
mixes = cf.generateCRLs(is);
entries.addAll(mixes);
mixes = pemDecoder.decode(subCrlStr, X509CRL.class);
entries.add(mixes);
// intermediate certs
is = new ByteArrayInputStream(topCrlIssuerCertStr.getBytes());
mixes = cf.generateCertificates(is);
entries.addAll(mixes);
mixes = pemDecoder.decode(topCrlIssuerCertStr, X509Certificate.class);
entries.add(mixes);
is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
mixes = cf.generateCertificates(is);
entries.addAll(mixes);
mixes = pemDecoder.decode(subCrlIssuerCertStr, X509Certificate.class);
entries.add(mixes);
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(entries));

79
test/jdk/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,16 +32,34 @@
*
* @bug 6720721
* @summary CRL check with circular depency support needed
* @enablePreview
* @run main/othervm CircularCRLTwoLevelRevoked
* @author Xuelei Fan
*/
import java.io.*;
import java.net.SocketException;
import java.util.*;
import java.security.DEREncodable;
import java.security.PEMDecoder;
import java.security.Security;
import java.security.cert.*;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
public class CircularCRLTwoLevelRevoked {
@ -150,25 +168,19 @@ public class CircularCRLTwoLevelRevoked {
"ARGr6Qu68MYGtLMC6ZqP3u0=\n" +
"-----END X509 CRL-----";
private static final PEMDecoder pemDecoder = PEMDecoder.of();
private static CertPath generateCertificatePath()
throws CertificateException {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is;
is = new ByteArrayInputStream(targetCertStr.getBytes());
Certificate targetCert = cf.generateCertificate(is);
is = new ByteArrayInputStream(subCaCertStr.getBytes());
Certificate subCaCert = cf.generateCertificate(is);
is = new ByteArrayInputStream(selfSignedCertStr.getBytes());
Certificate selfSignedCert = cf.generateCertificate(is);
Certificate targetCert = pemDecoder.decode(targetCertStr, X509Certificate.class);
Certificate subCaCert = pemDecoder.decode(subCaCertStr, X509Certificate.class);
Certificate selfSignedCert = pemDecoder.decode(selfSignedCertStr, X509Certificate.class);
// generate certification path
List<Certificate> list = Arrays.asList(new Certificate[] {
targetCert, subCaCert, selfSignedCert});
List<Certificate> list = Arrays.asList(targetCert, subCaCert, selfSignedCert);
return cf.generateCertPath(list);
}
@ -176,45 +188,36 @@ public class CircularCRLTwoLevelRevoked {
private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is =
new ByteArrayInputStream(selfSignedCertStr.getBytes());
Certificate selfSignedCert = cf.generateCertificate(is);
final X509Certificate selfSignedCert = pemDecoder.decode(selfSignedCertStr, X509Certificate.class);
// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)selfSignedCert, null);
new TrustAnchor(selfSignedCert, null);
return Collections.singleton(anchor);
}
private static CertStore generateCertificateStore() throws Exception {
Collection entries = new HashSet();
Collection<DEREncodable> entries = new HashSet<>();
// generate CRL from CRL string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is =
new ByteArrayInputStream(topCrlStr.getBytes());
Collection mixes = cf.generateCRLs(is);
entries.addAll(mixes);
DEREncodable mixes = pemDecoder.decode(topCrlStr, X509CRL.class);
entries.add(mixes);
is = new ByteArrayInputStream(subCrlStr.getBytes());
mixes = cf.generateCRLs(is);
entries.addAll(mixes);
mixes = pemDecoder.decode(subCrlStr, X509CRL.class);
entries.add(mixes);
// intermediate certs
is = new ByteArrayInputStream(topCrlIssuerCertStr.getBytes());
mixes = cf.generateCertificates(is);
entries.addAll(mixes);
mixes = pemDecoder.decode(topCrlIssuerCertStr, X509Certificate.class);
entries.add(mixes);
is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
mixes = cf.generateCertificates(is);
entries.addAll(mixes);
mixes = pemDecoder.decode(subCrlIssuerCertStr, X509Certificate.class);
entries.add(mixes);
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(entries));
new CollectionCertStoreParameters(entries));
}
public static void main(String args[]) throws Exception {

375
test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,6 +30,7 @@
* @test
* @bug 7068321
* @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
* @enablePreview
* @run main/othervm SSLSocketSNISensitive PKIX www.example.com
* @run main/othervm SSLSocketSNISensitive SunX509 www.example.com
* @run main/othervm SSLSocketSNISensitive PKIX www.example.net
@ -38,19 +39,31 @@
* @run main/othervm SSLSocketSNISensitive SunX509 www.invalid.com
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PEMDecoder;
import java.security.PEMEncoder;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.*;
import java.security.interfaces.*;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
// Note: this test case works only on TLS 1.2 and prior versions because of
// the use of MD5withRSA signed certificate.
@ -74,159 +87,167 @@ public class SSLSocketSNISensitive {
*/
// Certificates and key used in the test.
static String trustedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
"MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
"MTIwNDE3MTIwNjA3WhcNMzMwMzI4MTIwNjA3WjA7MQswCQYDVQQGEwJVUzENMAsG\n" +
"A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" +
"KoZIhvcNAQEBBQADgY0AMIGJAoGBANY+7Enp+1S566kLcKk+qe4Ki6BxaHGZ+v7r\n" +
"vLksx9IQZCbAEf4YLbrZhKzKD3SPIJXyxPFwknAknIh3Knk8mViOZks7T8L3GnJr\n" +
"TBaVvDyTzDJum/QYiahfO2qpfN/Oya2UILmqsBAeLyWpzbQsAyWBXfoUtkOUgnzK\n" +
"fk6QAKYrAgMBAAGjgaUwgaIwHQYDVR0OBBYEFEtmQi7jT1ijXOafPsfkrLwSVu9e\n" +
"MGMGA1UdIwRcMFqAFEtmQi7jT1ijXOafPsfkrLwSVu9eoT+kPTA7MQswCQYDVQQG\n" +
"EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" +
"Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEE\n" +
"BQADgYEAkKWxMc4+ODk5WwLXXweB8/IKfVfrizNn0KLEgsZ6xNXFIXDpiPGAFcgl\n" +
"MzFO424JgyvUulsUc/X16Cnuwwntkk6KUG7vEV7h4o9sAV7Cax3gfQE/EZFb4ybn\n" +
"aBm1UsujMKd/ovqbbbxJbmOWzCeo0QfIGleDEyh3NBBZ0i11Kiw=\n" +
"-----END CERTIFICATE-----";
"-----BEGIN CERTIFICATE-----\n" +
"MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
"MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
"MTIwNDE3MTIwNjA3WhcNMzMwMzI4MTIwNjA3WjA7MQswCQYDVQQGEwJVUzENMAsG\n" +
"A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" +
"KoZIhvcNAQEBBQADgY0AMIGJAoGBANY+7Enp+1S566kLcKk+qe4Ki6BxaHGZ+v7r\n" +
"vLksx9IQZCbAEf4YLbrZhKzKD3SPIJXyxPFwknAknIh3Knk8mViOZks7T8L3GnJr\n" +
"TBaVvDyTzDJum/QYiahfO2qpfN/Oya2UILmqsBAeLyWpzbQsAyWBXfoUtkOUgnzK\n" +
"fk6QAKYrAgMBAAGjgaUwgaIwHQYDVR0OBBYEFEtmQi7jT1ijXOafPsfkrLwSVu9e\n" +
"MGMGA1UdIwRcMFqAFEtmQi7jT1ijXOafPsfkrLwSVu9eoT+kPTA7MQswCQYDVQQG\n" +
"EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" +
"Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEE\n" +
"BQADgYEAkKWxMc4+ODk5WwLXXweB8/IKfVfrizNn0KLEgsZ6xNXFIXDpiPGAFcgl\n" +
"MzFO424JgyvUulsUc/X16Cnuwwntkk6KUG7vEV7h4o9sAV7Cax3gfQE/EZFb4ybn\n" +
"aBm1UsujMKd/ovqbbbxJbmOWzCeo0QfIGleDEyh3NBBZ0i11Kiw=\n" +
"-----END CERTIFICATE-----";
// web server certificate, www.example.com
static String targetCertStr_A =
"-----BEGIN CERTIFICATE-----\n" +
"MIICVTCCAb6gAwIBAgIBAjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
"MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
"MTIwNDE3MTIwNjA4WhcNMzIwMTAzMTIwNjA4WjBVMQswCQYDVQQGEwJVUzENMAsG\n" +
"A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxGDAWBgNV\n" +
"BAMTD3d3dy5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" +
"4zFp3PZNzsd3ZwG6FNNWO9eSN+UBymlf8oCwpKJM2tIinmMWvWIXnlx/2UXIfSAq\n" +
"QEG3aXkAFyEiGGpQlBbqcfrESsHsiz2pnnm5dG2v/eS0Bwz1jmcuNmwnh3UQw2Vl\n" +
"+BLk8ukdrLjiCT8jARiHExYf1Xg+wUqQ9y8NV26hdaUCAwEAAaNPME0wCwYDVR0P\n" +
"BAQDAgPoMB0GA1UdDgQWBBQwtx+gqzn2w4y82brXlp7tqBYEZDAfBgNVHSMEGDAW\n" +
"gBRLZkIu409Yo1zmnz7H5Ky8ElbvXjANBgkqhkiG9w0BAQQFAAOBgQAJWo8B6Ud+\n" +
"/OU+UcZLihlfMX02OSlK2ZB7mfqpj2G3JT9yb0A+VbY3uuajmaYYIIxl3kXGz/n8\n" +
"M2Q/Ux/MDxG+IFKHC26Kuj4dAQgzjq2pILVPTE2QnaQTNCsgVZtTaC47SG9FRSoC\n" +
"qvnIvn/oTpKSqus76I1cR4joDtiV2OEuVw==\n" +
"-----END CERTIFICATE-----";
"-----BEGIN CERTIFICATE-----\n" +
"MIICVTCCAb6gAwIBAgIBAjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
"MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
"MTIwNDE3MTIwNjA4WhcNMzIwMTAzMTIwNjA4WjBVMQswCQYDVQQGEwJVUzENMAsG\n" +
"A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxGDAWBgNV\n" +
"BAMTD3d3dy5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" +
"4zFp3PZNzsd3ZwG6FNNWO9eSN+UBymlf8oCwpKJM2tIinmMWvWIXnlx/2UXIfSAq\n" +
"QEG3aXkAFyEiGGpQlBbqcfrESsHsiz2pnnm5dG2v/eS0Bwz1jmcuNmwnh3UQw2Vl\n" +
"+BLk8ukdrLjiCT8jARiHExYf1Xg+wUqQ9y8NV26hdaUCAwEAAaNPME0wCwYDVR0P\n" +
"BAQDAgPoMB0GA1UdDgQWBBQwtx+gqzn2w4y82brXlp7tqBYEZDAfBgNVHSMEGDAW\n" +
"gBRLZkIu409Yo1zmnz7H5Ky8ElbvXjANBgkqhkiG9w0BAQQFAAOBgQAJWo8B6Ud+\n" +
"/OU+UcZLihlfMX02OSlK2ZB7mfqpj2G3JT9yb0A+VbY3uuajmaYYIIxl3kXGz/n8\n" +
"M2Q/Ux/MDxG+IFKHC26Kuj4dAQgzjq2pILVPTE2QnaQTNCsgVZtTaC47SG9FRSoC\n" +
"qvnIvn/oTpKSqus76I1cR4joDtiV2OEuVw==\n" +
"-----END CERTIFICATE-----";
// Private key in the format of PKCS#8
static String targetPrivateKey_A =
"MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOMxadz2Tc7Hd2cB\n" +
"uhTTVjvXkjflAcppX/KAsKSiTNrSIp5jFr1iF55cf9lFyH0gKkBBt2l5ABchIhhq\n" +
"UJQW6nH6xErB7Is9qZ55uXRtr/3ktAcM9Y5nLjZsJ4d1EMNlZfgS5PLpHay44gk/\n" +
"IwEYhxMWH9V4PsFKkPcvDVduoXWlAgMBAAECgYAqX2nuIyXp3fvgA0twXOYlbRRB\n" +
"Rn3qAXM6qFPJsNeCrFR2k+aG1cev6nKR1FkLNTeMGnWZv06MAcr5IML8i7WXyG4C\n" +
"LY/C0gedn94FDKFlln+bTENwQTGjn4lKysDA+IuNpasTeMCajbic+dPByhIdTOjZ\n" +
"iMCyxbLfpk40zQopVQJBAPyfGmkeHB3GjdbdgujWCGKb2UxBa4O8dy3O4l2yizTn\n" +
"uUqMGcwGY4ciNSVvZQ7jKo4vDmkSuYib4/woPChaNfMCQQDmO0BQuSWYGNtSwV35\n" +
"lafZfX1dNCLKm1iNA6A12evXgvQiE9WT4mqionig0VZW16HtiY4/BkHOcos/K9Um\n" +
"ARQHAkA8mkaRtSF1my5nv1gqVz5Hua+VdZQ/VDUbDiiL5cszc+ulkJqXsWirAG/T\n" +
"fTe3LJQG7A7+8fkEZrF4yoY0AAA1AkEAotokezULj5N9iAL5SzL9wIzQYV4ggfny\n" +
"YATBjXXxKccakwQ+ndWZIiMUeoS4ssLialhTgucVI0fIkU2a/r/ifwJAc6e+5Pvh\n" +
"MghQj/U788Od/v6rgqz/NGsduZ7uilCMcWiwA73OR2MHMH/OIuoofuEPrfuV9isV\n" +
"xVXhgpKfP/pdOA==";
"-----BEGIN PRIVATE KEY-----\n" +
"MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOMxadz2Tc7Hd2cB\n" +
"uhTTVjvXkjflAcppX/KAsKSiTNrSIp5jFr1iF55cf9lFyH0gKkBBt2l5ABchIhhq\n" +
"UJQW6nH6xErB7Is9qZ55uXRtr/3ktAcM9Y5nLjZsJ4d1EMNlZfgS5PLpHay44gk/\n" +
"IwEYhxMWH9V4PsFKkPcvDVduoXWlAgMBAAECgYAqX2nuIyXp3fvgA0twXOYlbRRB\n" +
"Rn3qAXM6qFPJsNeCrFR2k+aG1cev6nKR1FkLNTeMGnWZv06MAcr5IML8i7WXyG4C\n" +
"LY/C0gedn94FDKFlln+bTENwQTGjn4lKysDA+IuNpasTeMCajbic+dPByhIdTOjZ\n" +
"iMCyxbLfpk40zQopVQJBAPyfGmkeHB3GjdbdgujWCGKb2UxBa4O8dy3O4l2yizTn\n" +
"uUqMGcwGY4ciNSVvZQ7jKo4vDmkSuYib4/woPChaNfMCQQDmO0BQuSWYGNtSwV35\n" +
"lafZfX1dNCLKm1iNA6A12evXgvQiE9WT4mqionig0VZW16HtiY4/BkHOcos/K9Um\n" +
"ARQHAkA8mkaRtSF1my5nv1gqVz5Hua+VdZQ/VDUbDiiL5cszc+ulkJqXsWirAG/T\n" +
"fTe3LJQG7A7+8fkEZrF4yoY0AAA1AkEAotokezULj5N9iAL5SzL9wIzQYV4ggfny\n" +
"YATBjXXxKccakwQ+ndWZIiMUeoS4ssLialhTgucVI0fIkU2a/r/ifwJAc6e+5Pvh\n" +
"MghQj/U788Od/v6rgqz/NGsduZ7uilCMcWiwA73OR2MHMH/OIuoofuEPrfuV9isV\n" +
"xVXhgpKfP/pdOA==\n" +
"-----END PRIVATE KEY-----";
// web server certificate, www.example.net
static String targetCertStr_B =
"-----BEGIN CERTIFICATE-----\n" +
"MIICVTCCAb6gAwIBAgIBBDANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
"MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
"MTIwNDE3MTIwNjA5WhcNMzIwMTAzMTIwNjA5WjBVMQswCQYDVQQGEwJVUzENMAsG\n" +
"A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxGDAWBgNV\n" +
"BAMTD3d3dy5leGFtcGxlLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" +
"2VlzF1fvWYczDChrUeJiLJ1M/dIShCaOTfYGiXfQGEZCAWTacUclwr+rVMnZ75/c\n" +
"wwg5pNdXRijxMil8DBTS1gFcIFQhosLHvzIAe6ULlg/xB+/L6KBz+NTWfo/2KF6t\n" +
"xatmcToNrCcwi7eUOfbzQje65Tizs56jJYem2m7Rk0ECAwEAAaNPME0wCwYDVR0P\n" +
"BAQDAgPoMB0GA1UdDgQWBBQT/FR0cAWcZQ7h0X79KGki34OSQjAfBgNVHSMEGDAW\n" +
"gBRLZkIu409Yo1zmnz7H5Ky8ElbvXjANBgkqhkiG9w0BAQQFAAOBgQB67cPIT6fz\n" +
"6Ws8fBpYgW2ad4ci66i1WduBD9CpGFE+jRK2feRj6hvYBXocKj0AMWUFIEB2E3hA\n" +
"oIjxcf1GxIpHVl9DjlhxqXbA0Ktl7/NGNRlDSLTizOTl3FB1mMTlOGvXDVmpcFhl\n" +
"HuoP1hYvhTsBwPx5igGNchuPtDIUzL2mXw==\n" +
"-----END CERTIFICATE-----";
"-----BEGIN CERTIFICATE-----\n" +
"MIICVTCCAb6gAwIBAgIBBDANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
"MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
"MTIwNDE3MTIwNjA5WhcNMzIwMTAzMTIwNjA5WjBVMQswCQYDVQQGEwJVUzENMAsG\n" +
"A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxGDAWBgNV\n" +
"BAMTD3d3dy5leGFtcGxlLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" +
"2VlzF1fvWYczDChrUeJiLJ1M/dIShCaOTfYGiXfQGEZCAWTacUclwr+rVMnZ75/c\n" +
"wwg5pNdXRijxMil8DBTS1gFcIFQhosLHvzIAe6ULlg/xB+/L6KBz+NTWfo/2KF6t\n" +
"xatmcToNrCcwi7eUOfbzQje65Tizs56jJYem2m7Rk0ECAwEAAaNPME0wCwYDVR0P\n" +
"BAQDAgPoMB0GA1UdDgQWBBQT/FR0cAWcZQ7h0X79KGki34OSQjAfBgNVHSMEGDAW\n" +
"gBRLZkIu409Yo1zmnz7H5Ky8ElbvXjANBgkqhkiG9w0BAQQFAAOBgQB67cPIT6fz\n" +
"6Ws8fBpYgW2ad4ci66i1WduBD9CpGFE+jRK2feRj6hvYBXocKj0AMWUFIEB2E3hA\n" +
"oIjxcf1GxIpHVl9DjlhxqXbA0Ktl7/NGNRlDSLTizOTl3FB1mMTlOGvXDVmpcFhl\n" +
"HuoP1hYvhTsBwPx5igGNchuPtDIUzL2mXw==\n" +
"-----END CERTIFICATE-----";
static String targetPrivateKey_B =
"MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANlZcxdX71mHMwwo\n" +
"a1HiYiydTP3SEoQmjk32Bol30BhGQgFk2nFHJcK/q1TJ2e+f3MMIOaTXV0Yo8TIp\n" +
"fAwU0tYBXCBUIaLCx78yAHulC5YP8Qfvy+igc/jU1n6P9ihercWrZnE6DawnMIu3\n" +
"lDn280I3uuU4s7OeoyWHptpu0ZNBAgMBAAECgYEAl19H26sfhD+32rDPxZCgBShs\n" +
"dZ33zVe45i0Bcn4iTLWpxKTDyf7eGps4rO2DvfKdYqt40ggzvSZIjUH9JcDe8GmG\n" +
"d3m0ILB7pg4jsFlpyeHpTO8grPLxA1G9s3o0DoFpz/rooqgFfe/DrRDmRoOSkgfV\n" +
"/gseIbgJHRO/Ctyvdh0CQQD6uFd0HxhH1jl/JzvPzIH4LSnPcdEh9zsMEb6uzh75\n" +
"9qL+IHD5N2I/pYZTKqDFIwhJf701+LKag55AX/zrDt7rAkEA3e00AbnwanDMa6Wj\n" +
"+gFekUQveSVra38LiihzCkyVvQpFjbiF1rUhSNQ0dpU5/hmrYF0C6H9VXAesfkUY\n" +
"WhpDgwJAYjgZOop77piDycZK7isFt32p5XSHIzFBVocVFlH1XKM8UyXOXDNQL/Le\n" +
"XnJSrSf+NRzvuNcG0PVC56Ey6brXpQJAY4M4vcltt5zq3R5CQBmbGRJ1IyKXX3Vx\n" +
"bDslEqoyvri7ZYgnY5aG3UxiVgYmIf3KrgQnCLAIS6MZQumiuMxsFwJAK5pEG063\n" +
"9ngUof4fDMvZphqZjZR1zMKz/V/9ge0DWBINaqFgsgebNu+MyImsC8C6WKjGmV/2\n" +
"f1MY0D7sC2vU/Q==";
"-----BEGIN PRIVATE KEY-----\n" +
"MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANlZcxdX71mHMwwo\n" +
"a1HiYiydTP3SEoQmjk32Bol30BhGQgFk2nFHJcK/q1TJ2e+f3MMIOaTXV0Yo8TIp\n" +
"fAwU0tYBXCBUIaLCx78yAHulC5YP8Qfvy+igc/jU1n6P9ihercWrZnE6DawnMIu3\n" +
"lDn280I3uuU4s7OeoyWHptpu0ZNBAgMBAAECgYEAl19H26sfhD+32rDPxZCgBShs\n" +
"dZ33zVe45i0Bcn4iTLWpxKTDyf7eGps4rO2DvfKdYqt40ggzvSZIjUH9JcDe8GmG\n" +
"d3m0ILB7pg4jsFlpyeHpTO8grPLxA1G9s3o0DoFpz/rooqgFfe/DrRDmRoOSkgfV\n" +
"/gseIbgJHRO/Ctyvdh0CQQD6uFd0HxhH1jl/JzvPzIH4LSnPcdEh9zsMEb6uzh75\n" +
"9qL+IHD5N2I/pYZTKqDFIwhJf701+LKag55AX/zrDt7rAkEA3e00AbnwanDMa6Wj\n" +
"+gFekUQveSVra38LiihzCkyVvQpFjbiF1rUhSNQ0dpU5/hmrYF0C6H9VXAesfkUY\n" +
"WhpDgwJAYjgZOop77piDycZK7isFt32p5XSHIzFBVocVFlH1XKM8UyXOXDNQL/Le\n" +
"XnJSrSf+NRzvuNcG0PVC56Ey6brXpQJAY4M4vcltt5zq3R5CQBmbGRJ1IyKXX3Vx\n" +
"bDslEqoyvri7ZYgnY5aG3UxiVgYmIf3KrgQnCLAIS6MZQumiuMxsFwJAK5pEG063\n" +
"9ngUof4fDMvZphqZjZR1zMKz/V/9ge0DWBINaqFgsgebNu+MyImsC8C6WKjGmV/2\n" +
"f1MY0D7sC2vU/Q==\n" +
"-----END PRIVATE KEY-----";
// web server certificate, www.invalid.com
static String targetCertStr_C =
"-----BEGIN CERTIFICATE-----\n" +
"MIICVTCCAb6gAwIBAgIBAzANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
"MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
"MTIwNDE3MTIwNjA5WhcNMzIwMTAzMTIwNjA5WjBVMQswCQYDVQQGEwJVUzENMAsG\n" +
"A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxGDAWBgNV\n" +
"BAMTD3d3dy5pbnZhbGlkLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" +
"q6MyQwzCr2nJ41l0frmHL0qULSyW51MhevBC+1W28i0LE/efrmpwV3LdnlQEGFak\n" +
"DLDwtnff3iru8dSMcA7KdWVkivsE7ZTP+qFDaWBAy7XXiSsv6yZ2Nh4jJb0YcD28\n" +
"45zk2nAl5Az1/PuoTi1vpQxzFZKuBm1HGgz3MEZvBvMCAwEAAaNPME0wCwYDVR0P\n" +
"BAQDAgPoMB0GA1UdDgQWBBRRMifrND015Nm8N6gV5X7cg1YjjjAfBgNVHSMEGDAW\n" +
"gBRLZkIu409Yo1zmnz7H5Ky8ElbvXjANBgkqhkiG9w0BAQQFAAOBgQBjkUO6Ri/B\n" +
"uDC2gDMIyL5+NTe/1dPPQYM4HhCNa/KQYvU5lzCKO9Vpa+i+nyrUNNXUu8Tkyq4Y\n" +
"A+aGSm6+FT/i9rFwkYUdorBtD3KfQiwTIWrVERXBkWI5iZNaVZhx0TFy4vUpf65d\n" +
"QtwkbHpC66fdKc2EdLXkuY9KkmtZZJJ7YA==\n" +
"-----END CERTIFICATE-----";
"-----BEGIN CERTIFICATE-----\n" +
"MIICVTCCAb6gAwIBAgIBAzANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
"MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
"MTIwNDE3MTIwNjA5WhcNMzIwMTAzMTIwNjA5WjBVMQswCQYDVQQGEwJVUzENMAsG\n" +
"A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxGDAWBgNV\n" +
"BAMTD3d3dy5pbnZhbGlkLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" +
"q6MyQwzCr2nJ41l0frmHL0qULSyW51MhevBC+1W28i0LE/efrmpwV3LdnlQEGFak\n" +
"DLDwtnff3iru8dSMcA7KdWVkivsE7ZTP+qFDaWBAy7XXiSsv6yZ2Nh4jJb0YcD28\n" +
"45zk2nAl5Az1/PuoTi1vpQxzFZKuBm1HGgz3MEZvBvMCAwEAAaNPME0wCwYDVR0P\n" +
"BAQDAgPoMB0GA1UdDgQWBBRRMifrND015Nm8N6gV5X7cg1YjjjAfBgNVHSMEGDAW\n" +
"gBRLZkIu409Yo1zmnz7H5Ky8ElbvXjANBgkqhkiG9w0BAQQFAAOBgQBjkUO6Ri/B\n" +
"uDC2gDMIyL5+NTe/1dPPQYM4HhCNa/KQYvU5lzCKO9Vpa+i+nyrUNNXUu8Tkyq4Y\n" +
"A+aGSm6+FT/i9rFwkYUdorBtD3KfQiwTIWrVERXBkWI5iZNaVZhx0TFy4vUpf65d\n" +
"QtwkbHpC66fdKc2EdLXkuY9KkmtZZJJ7YA==\n" +
"-----END CERTIFICATE-----";
static String targetPrivateKey_C =
"MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKujMkMMwq9pyeNZ\n" +
"dH65hy9KlC0sludTIXrwQvtVtvItCxP3n65qcFdy3Z5UBBhWpAyw8LZ3394q7vHU\n" +
"jHAOynVlZIr7BO2Uz/qhQ2lgQMu114krL+smdjYeIyW9GHA9vOOc5NpwJeQM9fz7\n" +
"qE4tb6UMcxWSrgZtRxoM9zBGbwbzAgMBAAECgYASJDK40Y12Wvki1Z6xkkyOnBRj\n" +
"XfYpRykfxGtgA2RN3qLwHlk7Zzaul46DIKA6LlYynTUkJDF+Ww1cdDnP0lBlwcmM\n" +
"iD0ck3zYyYBLhQHuVbkK3SYE+ANRhM0icvvqANP2at/U4awQcPNEae/KCiecLNu3\n" +
"CJGqyhPDdrEAqPuJGQJBAN46pQC6l3yrcSYE2s53jSmsm2HVVOFlFXjU6k/RMTxG\n" +
"FfDJtGUAOQ37rPQ06ugr/gjLAmmPp+FXozaBdA32D80CQQDFuGRgv3WYqbglIcRL\n" +
"JRs6xlj9w1F97s/aiUenuwhIPNiUoRbV7mnNuZ/sGF0svOVE7SazRjuFX6UqL9Y9\n" +
"HzG/AkEA170pCI8cl4w8eUNHRB9trGKEKjMXhwVCFh7lJf2ZBcGodSzr8w2HVhrZ\n" +
"Ke7hiemDYffrbJ1oxmv05+o+x3r0lQJBAL6adVm2+FyFMFnLZXmzeb59O4jWY5bt\n" +
"Qz6/HG6bpO5OidMuP99YCHMkQQDOs/PO3Y5GuAoW6IY4n/Y9S2B80+0CQBl1/H9/\n" +
"0n/vrb6vW6Azds49tuS82RFAnOhtwTyBEajs08WF8rZQ3WD2RHJnH0+jjfL0anIp\n" +
"dQBSeNN7s7b6rRk=";
"-----BEGIN PRIVATE KEY-----\n" +
"MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKujMkMMwq9pyeNZ\n" +
"dH65hy9KlC0sludTIXrwQvtVtvItCxP3n65qcFdy3Z5UBBhWpAyw8LZ3394q7vHU\n" +
"jHAOynVlZIr7BO2Uz/qhQ2lgQMu114krL+smdjYeIyW9GHA9vOOc5NpwJeQM9fz7\n" +
"qE4tb6UMcxWSrgZtRxoM9zBGbwbzAgMBAAECgYASJDK40Y12Wvki1Z6xkkyOnBRj\n" +
"XfYpRykfxGtgA2RN3qLwHlk7Zzaul46DIKA6LlYynTUkJDF+Ww1cdDnP0lBlwcmM\n" +
"iD0ck3zYyYBLhQHuVbkK3SYE+ANRhM0icvvqANP2at/U4awQcPNEae/KCiecLNu3\n" +
"CJGqyhPDdrEAqPuJGQJBAN46pQC6l3yrcSYE2s53jSmsm2HVVOFlFXjU6k/RMTxG\n" +
"FfDJtGUAOQ37rPQ06ugr/gjLAmmPp+FXozaBdA32D80CQQDFuGRgv3WYqbglIcRL\n" +
"JRs6xlj9w1F97s/aiUenuwhIPNiUoRbV7mnNuZ/sGF0svOVE7SazRjuFX6UqL9Y9\n" +
"HzG/AkEA170pCI8cl4w8eUNHRB9trGKEKjMXhwVCFh7lJf2ZBcGodSzr8w2HVhrZ\n" +
"Ke7hiemDYffrbJ1oxmv05+o+x3r0lQJBAL6adVm2+FyFMFnLZXmzeb59O4jWY5bt\n" +
"Qz6/HG6bpO5OidMuP99YCHMkQQDOs/PO3Y5GuAoW6IY4n/Y9S2B80+0CQBl1/H9/\n" +
"0n/vrb6vW6Azds49tuS82RFAnOhtwTyBEajs08WF8rZQ3WD2RHJnH0+jjfL0anIp\n" +
"dQBSeNN7s7b6rRk=\n" +
"-----END PRIVATE KEY-----";
// This is a certificate for client
static String targetCertStr_D=
"-----BEGIN CERTIFICATE-----\n" +
"MIICVDCCAb2gAwIBAgIBBTANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
"MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
"MTIwNDE3MTIwNjEwWhcNMzIwMTAzMTIwNjEwWjBUMQswCQYDVQQGEwJVUzENMAsG\n" +
"A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxFzAVBgNV\n" +
"BAMTDkludGVyT3AgVGVzdGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDo\n" +
"Q/KoAIAC2ljFfW2KwjnxTzi4NQJeUuk2seqKpsAY8x4O5dvixzUl6142zmljapqi\n" +
"bJloQVpfB+CEc5/l4h5gzGRVzkuqP1oPzDrpZ5GsvmvuHenV/TzCIgX1cLETzQVt\n" +
"6Rk06okoBPnw3hDJEJiEc1Rv7HCE8p/p+SaiHrskwwIDAQABo08wTTALBgNVHQ8E\n" +
"BAMCA+gwHQYDVR0OBBYEFPr91O33RIGfFSqza2AwQIgE4QswMB8GA1UdIwQYMBaA\n" +
"FEtmQi7jT1ijXOafPsfkrLwSVu9eMA0GCSqGSIb3DQEBBAUAA4GBANIDFYgAhoj3\n" +
"B8u1YpqeoEp2Lt9TwrYBshaIrbmBPCwCGio0JIsoov3n8BCSg5F+8MnOtPl+TjeO\n" +
"0Ug+7guPdCk/wg8YNxLHgSsQlpcNJDjWiErqmUPVrg5BPPQb65qMund6KTmMN0y6\n" +
"4EbSmxRpZO/N0/5oK4umTk0EeXKNekBj\n" +
"-----END CERTIFICATE-----";
static String targetCertStr_D =
"-----BEGIN CERTIFICATE-----\n" +
"MIICVDCCAb2gAwIBAgIBBTANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
"MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
"MTIwNDE3MTIwNjEwWhcNMzIwMTAzMTIwNjEwWjBUMQswCQYDVQQGEwJVUzENMAsG\n" +
"A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxFzAVBgNV\n" +
"BAMTDkludGVyT3AgVGVzdGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDo\n" +
"Q/KoAIAC2ljFfW2KwjnxTzi4NQJeUuk2seqKpsAY8x4O5dvixzUl6142zmljapqi\n" +
"bJloQVpfB+CEc5/l4h5gzGRVzkuqP1oPzDrpZ5GsvmvuHenV/TzCIgX1cLETzQVt\n" +
"6Rk06okoBPnw3hDJEJiEc1Rv7HCE8p/p+SaiHrskwwIDAQABo08wTTALBgNVHQ8E\n" +
"BAMCA+gwHQYDVR0OBBYEFPr91O33RIGfFSqza2AwQIgE4QswMB8GA1UdIwQYMBaA\n" +
"FEtmQi7jT1ijXOafPsfkrLwSVu9eMA0GCSqGSIb3DQEBBAUAA4GBANIDFYgAhoj3\n" +
"B8u1YpqeoEp2Lt9TwrYBshaIrbmBPCwCGio0JIsoov3n8BCSg5F+8MnOtPl+TjeO\n" +
"0Ug+7guPdCk/wg8YNxLHgSsQlpcNJDjWiErqmUPVrg5BPPQb65qMund6KTmMN0y6\n" +
"4EbSmxRpZO/N0/5oK4umTk0EeXKNekBj\n" +
"-----END CERTIFICATE-----";
static String targetPrivateKey_D =
"MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAOhD8qgAgALaWMV9\n" +
"bYrCOfFPOLg1Al5S6Tax6oqmwBjzHg7l2+LHNSXrXjbOaWNqmqJsmWhBWl8H4IRz\n" +
"n+XiHmDMZFXOS6o/Wg/MOulnkay+a+4d6dX9PMIiBfVwsRPNBW3pGTTqiSgE+fDe\n" +
"EMkQmIRzVG/scITyn+n5JqIeuyTDAgMBAAECgYBw37yIKp4LRONJLnhSq6sO+0n8\n" +
"Mz6waiiN/Q6XTQwj09pysQAYCGlqwSRrDAqpVsBJWO+Ae+oYLrLMi4hUZnwN75v3\n" +
"pe1nXlrD11RmPLXwBxqFxNSvAs2FgLHZEtwHI7Bn8KybT/8bGkQ8csLceInYtMDD\n" +
"MuTyy2KRk/pj60zIKQJBAPgebQiAH6viFQ88AwHaNvQhlUfwmSC1i6f8LVoeqaHC\n" +
"lnP0LJBwlyDeeEInhHrCR2ibnCB6I/Pig+49XQgabK8CQQDvpJwuGEbsOO+3rkJJ\n" +
"OpOw4toG0QJZdRnT6l8I6BlboQRZSfFh+lGGahvFXkxc4KdUpJ7QPtXU7HHk6Huk\n" +
"8RYtAkA9CW8VGj+wTuuTVdX/jKjcIa7RhbSFwWNbrcOSWdys+Gt+luCnn6rt4QyA\n" +
"aaxDbquWZkFgE+voQR7nap0KM0XtAkAznd0WAJymHM1lXt9gLoHJQ9N6TGKZKiPa\n" +
"BU1a+cMcfV4WbVrUo7oTnZ9Fr73681iXXq3mZOJh7lvJ1llreZIxAkBEnbiTgEf4\n" +
"tvku68jHcRbRPmdS7CBSWNEBaHLOm4pUSTcxVTKKMHw7vmM5/UYUxJ8QNKCYxn6O\n" +
"+vtiBwBawwzN";
"-----BEGIN PRIVATE KEY-----\n" +
"MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAOhD8qgAgALaWMV9\n" +
"bYrCOfFPOLg1Al5S6Tax6oqmwBjzHg7l2+LHNSXrXjbOaWNqmqJsmWhBWl8H4IRz\n" +
"n+XiHmDMZFXOS6o/Wg/MOulnkay+a+4d6dX9PMIiBfVwsRPNBW3pGTTqiSgE+fDe\n" +
"EMkQmIRzVG/scITyn+n5JqIeuyTDAgMBAAECgYBw37yIKp4LRONJLnhSq6sO+0n8\n" +
"Mz6waiiN/Q6XTQwj09pysQAYCGlqwSRrDAqpVsBJWO+Ae+oYLrLMi4hUZnwN75v3\n" +
"pe1nXlrD11RmPLXwBxqFxNSvAs2FgLHZEtwHI7Bn8KybT/8bGkQ8csLceInYtMDD\n" +
"MuTyy2KRk/pj60zIKQJBAPgebQiAH6viFQ88AwHaNvQhlUfwmSC1i6f8LVoeqaHC\n" +
"lnP0LJBwlyDeeEInhHrCR2ibnCB6I/Pig+49XQgabK8CQQDvpJwuGEbsOO+3rkJJ\n" +
"OpOw4toG0QJZdRnT6l8I6BlboQRZSfFh+lGGahvFXkxc4KdUpJ7QPtXU7HHk6Huk\n" +
"8RYtAkA9CW8VGj+wTuuTVdX/jKjcIa7RhbSFwWNbrcOSWdys+Gt+luCnn6rt4QyA\n" +
"aaxDbquWZkFgE+voQR7nap0KM0XtAkAznd0WAJymHM1lXt9gLoHJQ9N6TGKZKiPa\n" +
"BU1a+cMcfV4WbVrUo7oTnZ9Fr73681iXXq3mZOJh7lvJ1llreZIxAkBEnbiTgEf4\n" +
"tvku68jHcRbRPmdS7CBSWNEBaHLOm4pUSTcxVTKKMHw7vmM5/UYUxJ8QNKCYxn6O\n" +
"+vtiBwBawwzN\n" +
"-----END PRIVATE KEY-----";
static String[] serverCerts = {targetCertStr_A,
targetCertStr_B, targetCertStr_C};
@ -235,7 +256,7 @@ public class SSLSocketSNISensitive {
static String[] clientCerts = {targetCertStr_D};
static String[] clientKeys = {targetPrivateKey_D};
static char passphrase[] = "passphrase".toCharArray();
static char[] passphrase = "passphrase".toCharArray();
/*
* Is the server ready to serve?
@ -245,7 +266,7 @@ public class SSLSocketSNISensitive {
/*
* Turn on SSL debugging?
*/
static boolean debug = false;
static boolean debug = Boolean.getBoolean("test.debug");
/*
* Define the server side of the test.
@ -362,19 +383,16 @@ public class SSLSocketSNISensitive {
private static SSLContext generateSSLContext(boolean isClient)
throws Exception {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
final PEMDecoder pemDecoder = PEMDecoder.of();
// create a key store
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
// import the trused cert
ByteArrayInputStream is =
new ByteArrayInputStream(trustedCertStr.getBytes());
Certificate trusedCert = cf.generateCertificate(is);
is.close();
// generate certificate from cert string
Certificate trusedCert = pemDecoder.decode(trustedCertStr, X509Certificate.class);
// import the trused cert
ks.setCertificateEntry("RSA Export Signer", trusedCert);
String[] certStrs = null;
@ -390,17 +408,14 @@ public class SSLSocketSNISensitive {
for (int i = 0; i < certStrs.length; i++) {
// generate the private key.
String keySpecStr = keyStrs[i];
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(keySpecStr));
PKCS8EncodedKeySpec priKeySpec = pemDecoder.decode(keySpecStr, PKCS8EncodedKeySpec.class);
KeyFactory kf = KeyFactory.getInstance("RSA");
RSAPrivateKey priKey =
(RSAPrivateKey)kf.generatePrivate(priKeySpec);
// generate certificate chain
String keyCertStr = certStrs[i];
is = new ByteArrayInputStream(keyCertStr.getBytes());
Certificate keyCert = cf.generateCertificate(is);
is.close();
Certificate keyCert = pemDecoder.decode(keyCertStr, X509Certificate.class);
Certificate[] chain = new Certificate[2];
chain[0] = keyCert;
@ -521,22 +536,20 @@ public class SSLSocketSNISensitive {
void startServer(boolean newThread) throws Exception {
if (newThread) {
serverThread = new Thread() {
public void run() {
try {
doServerSide();
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died, because of " + e);
serverReady = true;
serverException = e;
}
serverThread = new Thread(() -> {
try {
doServerSide();
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died, because of " + e);
serverReady = true;
serverException = e;
}
};
});
serverThread.start();
} else {
try {
@ -551,19 +564,17 @@ public class SSLSocketSNISensitive {
void startClient(boolean newThread) throws Exception {
if (newThread) {
clientThread = new Thread() {
public void run() {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died, because of " + e);
clientException = e;
}
clientThread = new Thread(() -> {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died, because of " + e);
clientException = e;
}
};
});
clientThread.start();
} else {
try {

3
test/jdk/javax/net/ssl/interop/ClientHelloBufferUnderflowException.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,6 +30,7 @@
* @test
* @bug 8215790 8219389
* @summary Verify exception
* @enablePreview
* @library /test/lib
* @modules java.base/sun.security.util
* @run main/othervm ClientHelloBufferUnderflowException

3
test/jdk/javax/net/ssl/interop/ClientHelloChromeInterOp.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,6 +30,7 @@
* @test
* @bug 8169362
* @summary Interop automated testing with Chrome
* @enablePreview
* @library /test/lib
* @modules jdk.crypto.ec
* java.base/sun.security.util

69
test/jdk/javax/net/ssl/interop/ClientHelloInterOp.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,17 +21,22 @@
* questions.
*/
import javax.net.ssl.*;
import javax.net.ssl.SSLEngineResult.*;
import java.io.*;
import java.nio.*;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import java.nio.ByteBuffer;
import java.security.KeyStore;
import java.security.PEMDecoder;
import java.security.PEMRecord;
import java.security.PrivateKey;
import java.security.KeyFactory;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.*;
import java.util.Base64;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
public abstract class ClientHelloInterOp {
@ -138,13 +143,16 @@ public abstract class ClientHelloInterOp {
//
// EC private key related to cert endEntityCertStrs[0].
//
"-----BEGIN PRIVATE KEY-----\n" +
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgA3pmS+OrIjGyUv2F\n" +
"K/PkyayJIePM2RTFYxNoQqmJGnihRANCAASHi9c1QnNQurh7t8A68XRaJZTpyWU4\n" +
"Ay6zUapMW9ydE84KGXyy5my+Sw7QKlmoveGNeZVf12nUVX+tQEYujVob",
"Ay6zUapMW9ydE84KGXyy5my+Sw7QKlmoveGNeZVf12nUVX+tQEYujVob\n" +
"-----END PRIVATE KEY-----",
//
// RSA private key related to cert endEntityCertStrs[1].
//
"-----BEGIN PRIVATE KEY-----\n" +
"MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfq0lpd8nYH8AW\n" +
"8RL62e57JA9I0AFW72d8x1T40Q9qYn4UftwQXxnVKmvW+VCA3MKkNRWt+eZPvmsJ\n" +
"qmDPmV0D37L7eF19TIeNkHPN/H7oYdcsHi7p5TY0BNru+pIs1twtx9nv9CaQWqDg\n" +
@ -170,8 +178,9 @@ public abstract class ClientHelloInterOp {
"sZ2JRtyK3OV9RtL/MYmYzPLqm1Ah02+GXLVNnvKWmwKBgE8Ble8CzrXYuuPdGxXz\n" +
"BZU6HnXQrmTUcgeze0tj8SDHzCfsGsaG6pHrVNkT7CKsRuCHTZLM0kXmUijLFKuP\n" +
"5xyE257z4IbbEbs+tcbB3p28n4/47MzZkSR3kt8+FrsEMZq5oOHbFTGzgp9dhZCC\n" +
"dKUqlw5BPHdbxoWB/JpSHGCV"
};
"dKUqlw5BPHdbxoWB/JpSHGCV\n" +
"-----END PRIVATE KEY-----"
};
// Private key names of endEntityPrivateKeys.
private final static String[] endEntityPrivateKeyNames = {
@ -179,6 +188,8 @@ public abstract class ClientHelloInterOp {
"RSA"
};
private static final PEMDecoder pemDecoder = PEMDecoder.of();
/*
* Run the test case.
*/
@ -251,13 +262,9 @@ public abstract class ClientHelloInterOp {
KeyStore ts = null; // trust store
KeyStore ks = null; // key store
char passphrase[] = "passphrase".toCharArray();
// Generate certificate from cert string.
CertificateFactory cf = CertificateFactory.getInstance("X.509");
char[] passphrase = "passphrase".toCharArray();
// Import the trused certs.
ByteArrayInputStream is;
if (trustedMaterials != null && trustedMaterials.length != 0) {
ts = KeyStore.getInstance("JKS");
ts.load(null, null);
@ -266,13 +273,8 @@ public abstract class ClientHelloInterOp {
new Certificate[trustedMaterials.length];
for (int i = 0; i < trustedMaterials.length; i++) {
String trustedCertStr = trustedMaterials[i];
is = new ByteArrayInputStream(trustedCertStr.getBytes());
try {
trustedCert[i] = cf.generateCertificate(is);
} finally {
is.close();
}
// Generate certificate from cert string.
trustedCert[i] = pemDecoder.decode(trustedCertStr, X509Certificate.class);
ts.setCertificateEntry("trusted-cert-" + i, trustedCert[i]);
}
@ -295,21 +297,14 @@ public abstract class ClientHelloInterOp {
String keyCertStr = keyMaterialCerts[i];
// generate the private key.
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(keyMaterialKeys[i]));
KeyFactory kf =
KeyFactory.getInstance(keyMaterialKeyAlgs[i]);
PrivateKey priKey = kf.generatePrivate(priKeySpec);
PrivateKey priKey = switch (keyMaterialKeyAlgs[i]) {
case "RSA" -> pemDecoder.decode(keyMaterialKeys[i], RSAPrivateKey.class);
case "EC" -> pemDecoder.decode(keyMaterialKeys[i], ECPrivateKey.class);
default -> pemDecoder.decode(keyMaterialKeys[i], PrivateKey.class);
};
// generate certificate chain
is = new ByteArrayInputStream(keyCertStr.getBytes());
Certificate keyCert = null;
try {
keyCert = cf.generateCertificate(is);
} finally {
is.close();
}
Certificate keyCert = pemDecoder.decode(keyCertStr, X509Certificate.class);
Certificate[] chain = new Certificate[] { keyCert };
// import the key entry.

59
test/jdk/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorTrustAnchor.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,19 +31,35 @@
* @summary Disable MD2 support
* new CertPathValidatorException.BasicReason enum constant for
* constrained algorithm
* @enablePreview
* @run main/othervm CPValidatorTrustAnchor
* @author Xuelei Fan
*/
import java.io.*;
import java.net.SocketException;
import java.util.*;
import java.io.ByteArrayInputStream;
import java.security.PEMDecoder;
import java.security.Security;
import java.security.cert.*;
import java.security.cert.CertPathValidatorException.*;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
public class CPValidatorTrustAnchor {
private static final PEMDecoder pemDecoder = java.security.PEMDecoder.of();
static String selfSignedCertStr = null;
// SHA1withRSA 1024
@ -104,33 +120,26 @@ public class CPValidatorTrustAnchor {
private static CertPath generateCertificatePath()
throws CertificateException {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is;
is = new ByteArrayInputStream(selfSignedCertStr.getBytes());
Certificate selfSignedCert = cf.generateCertificate(is);
// generate certificate from cert strings
Certificate selfSignedCert = pemDecoder.decode(selfSignedCertStr, X509Certificate.class);
// generate certification path
List<Certificate> list = Arrays.asList(new Certificate[] {
selfSignedCert});
List<Certificate> list = Collections.singletonList(selfSignedCert);
return cf.generateCertPath(list);
}
private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
private static Set<TrustAnchor> generateTrustAnchors() {
ByteArrayInputStream is =
new ByteArrayInputStream(selfSignedCertStr.getBytes());
Certificate selfSignedCert = cf.generateCertificate(is);
// generate certificate from cert string
X509Certificate selfSignedCert = pemDecoder.decode(selfSignedCertStr, X509Certificate.class);
// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)selfSignedCert, null);
new TrustAnchor(selfSignedCert, null);
return Collections.singleton(anchor);
}
@ -164,7 +173,7 @@ public class CPValidatorTrustAnchor {
}
private static void validate(String trustAnchor)
throws CertPathValidatorException, Exception {
throws Exception {
selfSignedCertStr = trustAnchor;
CertPath path = generateCertificatePath();
@ -176,7 +185,11 @@ public class CPValidatorTrustAnchor {
params.setRevocationEnabled(false);
// set the validation time
params.setDate(new Date(109, 9, 1)); // 2009-09-01
final Calendar calendar = Calendar.getInstance();
calendar.set(Calendar.YEAR, 2009);
calendar.set(Calendar.MONTH, 9);
calendar.set(Calendar.DATE, 1);
params.setDate(calendar.getTime()); // 2009-09-01
CertPathValidator validator = CertPathValidator.getInstance("PKIX");

33
test/jdk/sun/security/rsa/InvalidBitString.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,15 +23,15 @@
/* @test
* @summary Validation of signatures succeed when it should fail
* @enablePreview
* @bug 6896700
*/
import java.io.InputStream;
import java.io.ByteArrayInputStream;
import java.security.PEMDecoder;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
public class InvalidBitString {
@ -87,16 +87,16 @@ public class InvalidBitString {
"ZAM6mgkuSY7/vdnsiJtU\n" +
"-----END CERTIFICATE-----\n";
public static void main(String args[]) throws Exception {
Certificate signer = generate(signerCertStr);
public static void main(String[] args) throws Exception {
final PEMDecoder pemDecoder = PEMDecoder.of();
Certificate signer = pemDecoder.decode(signerCertStr, X509Certificate.class);
// the valid certificate
Certificate normal = generate(normalCertStr);
Certificate normal = pemDecoder.decode(normalCertStr, X509Certificate.class);
// the invalid certificate with extra signature bits
Certificate longer = generate(longerCertStr);
Certificate longer = pemDecoder.decode(longerCertStr, X509Certificate.class);
// the invalid certificate without enough signature bits
Certificate shorter = generate(shorterCertStr);
Certificate shorter = pemDecoder.decode(shorterCertStr, X509Certificate.class);
if (!test(normal, signer, " normal", true) ||
!test(longer, signer, " longer", false) ||
@ -105,19 +105,6 @@ public class InvalidBitString {
}
}
private static Certificate generate(String certStr) throws Exception {
InputStream is = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
is = new ByteArrayInputStream(certStr.getBytes());
return cf.generateCertificate(is);
} finally {
if (is != null) {
is.close();
}
}
}
private static boolean test(Certificate target, Certificate signer,
String title, boolean expected) throws Exception {
System.out.print("Checking " + title + ": expected: " +

86
test/jdk/sun/security/ssl/ClientHandshaker/RSAExport.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,6 +27,7 @@
/*
* @test
* @bug 6690018
* @enablePreview
* @summary RSAClientKeyExchange NullPointerException
* @run main/othervm RSAExport
*/
@ -197,17 +198,24 @@
*
*/
import java.io.*;
import java.net.*;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PEMDecoder;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.*;
import java.security.interfaces.*;
import javax.net.ssl.*;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.RSAPrivateKeySpec;
public class RSAExport {
@ -312,7 +320,7 @@ public class RSAExport {
/*
* Turn on SSL debugging?
*/
static boolean debug = false;
static boolean debug = Boolean.getBoolean("test.debug");
/*
* If the client or server is doing some kind of object creation
@ -386,7 +394,7 @@ public class RSAExport {
// Enable RSA_EXPORT cipher suites only.
try {
String enabledSuites[] = {
String[] enabledSuites = {
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"};
sslSocket.setEnabledCipherSuites(enabledSuites);
@ -471,22 +479,20 @@ public class RSAExport {
void startServer(boolean newThread) throws Exception {
if (newThread) {
serverThread = new Thread() {
public void run() {
try {
doServerSide();
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died..." + e);
serverReady = true;
serverException = e;
}
serverThread = new Thread(() -> {
try {
doServerSide();
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died..." + e);
serverReady = true;
serverException = e;
}
};
});
serverThread.start();
} else {
doServerSide();
@ -495,19 +501,17 @@ public class RSAExport {
void startClient(boolean newThread) throws Exception {
if (newThread) {
clientThread = new Thread() {
public void run() {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died...");
clientException = e;
}
clientThread = new Thread(() -> {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died...");
clientException = e;
}
};
});
clientThread.start();
} else {
doClientSide();
@ -517,11 +521,10 @@ public class RSAExport {
// Get the SSL context
private SSLContext getSSLContext(boolean authnRequired) throws Exception {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is =
new ByteArrayInputStream(trusedCertStr.getBytes());
Certificate trustedCert = cf.generateCertificate(is);
final PEMDecoder pemDecoder = PEMDecoder.of();
Certificate trustedCert = pemDecoder.decode(trusedCertStr, X509Certificate.class);
// create a key store
KeyStore ks = KeyStore.getInstance("JKS");
@ -540,8 +543,7 @@ public class RSAExport {
(RSAPrivateKey)kf.generatePrivate(priKeySpec);
// generate certificate chain
is = new ByteArrayInputStream(serverCertStr.getBytes());
Certificate serverCert = cf.generateCertificate(is);
Certificate serverCert = pemDecoder.decode(serverCertStr, X509Certificate.class);
Certificate[] chain = new Certificate[2];
chain[0] = serverCert;

212
test/jdk/sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,20 +31,33 @@
* @bug 7166570
* @summary JSSE certificate validation has started to fail for
* certificate chains
* @enablePreview
* @run main/othervm BasicConstraints PKIX
* @run main/othervm BasicConstraints SunX509
*/
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PEMDecoder;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.*;
import java.security.spec.*;
import java.security.interfaces.*;
import java.util.Base64;
import java.util.Arrays;
public class BasicConstraints {
@ -96,33 +109,6 @@ public class BasicConstraints {
"cwIDUWqQda62xV7ChkTh7ia3uvBXob2iiB0aI3gVTTqDfK9F5XXtW4BXfqx0hvwB\n" +
"6JzgmNyDQos=\n" +
"-----END CERTIFICATE-----";
static String trustedPrivateKey = // Private key in the format of PKCS#8
"MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDUJ3hT/9jY/i8i\n" +
"70EEaL6mbrhhdg/Ys1E0r97n+dZaY0olqkIBhh1r8UkKWtvOkj8WBFQ0sz0HhSjT\n" +
"rkVEisGLW+7zPJiDBPtQrRawvCDpnzUofnQ98zQKUTHji1OqhxgNzsKCy9vIh5Mh\n" +
"tX0CdGUScEDXlYUkAkxMKCVo2V5dRn34D+1rNGEeWxGnQ5vyPi0IwlpEOkYxhPLV\n" +
"dsb5aoLzBc/rdrrdzCM+svm7O38LhbVuA0F9NHAgdJRKE2F91ztkk1KvY0U9zCh1\n" +
"3u5WV7kl481qDujKGM4UURoEarbV2Xr+jNVGSpJZYCLU/sxFrL15iPeYtmJlovo2\n" +
"VbFed/NXAgMBAAECggEAUZvlQ5q1VbNhenTCc+m+/NK2hncd3WQNJtFIU7/dXuO2\n" +
"0ApQXbmzc6RbTmppB2tmbRe5NJSGM3BbpiHxb05Y6TyyDEsQ98Vgz0Xl5pJXrsaZ\n" +
"cjxChtoY+KcHI9qikoRpElaoqBu3LcpJJLxlnB4eCxu3NbbEgneH1fvTeCO1kvcp\n" +
"i3DDdyfY7WB9RW1yWAveiuqvtnbsPfJJLKEhFvZL2ArYCRTm/oIw64yukNe/QLR5\n" +
"bGzEJMT2ZNQMld1f+CW9tOrUKrnnPCGfMa351T5we+8B6sujWfftPutgEVx5TmHs\n" +
"AOW1SntMapbgg46K9EC/C5YQa5D1aNOH9ZTEMkgUMQKBgQDrpPQIHFozeeyZ0iiq\n" +
"HtReLPcqpkwr/9ELc3SjgUypSvpu0l/m++um0yLinlXMn25km/BP6Mv3t/+1uzAc\n" +
"qpopkcyek8X1hzNRhDkWuMv4KDOKk5c6qLx8FGSm6q8PYm5KbsiyeCM7CJoeoqJ5\n" +
"74IZjOIw7UrYLckCb6W8xGQLIwKBgQDmew3vGRR3JmCCSumtJQOqhF6bBYrNb6Qc\n" +
"r4vrng+QhNIquwGqHKPorAI1J8J1jOS+dkDWTxSz2xQKQ83nsOspzVPskpDh5mWL\n" +
"gGk5QCkX87jFsXfhvZFLksZMbIdpWze997Zs2fe/PWfPaH6o3erqo2zAhQV0eA9q\n" +
"C7tfImREPQKBgQDi2Xq/8CN52M9IScQx+dnyC5Gqckt0NCKXxn8sBIa7l129oDMI\n" +
"187FXA8CYPEyOu14V5KiKvdos66s0daAUlB04lI8+v+g3ZYuzH50/FQHwxPTPUBi\n" +
"DRzeyncXJWiAA/8vErWM8hDgfOh5w5Fsl4EEfdcmyNm7gWA4Qyknr1ysRwKBgQDC\n" +
"JSPepUy09VHUTxA59nT5HRmoEeoTFRizxTfi2LkZrphuwCotxoRXiRUu+3f1lyJU\n" +
"Qb5qCCFTQ5bE8squgTwGcVxhajC66V3ePePlAuPatkWN2ek28X1DoLaDR+Rk3h69\n" +
"Wb2EQbNMl4grkUUoMA8jaVhBb4vhyQSK+qjyAUFerQKBgQDXZPuflfsjH/d/O2yw\n" +
"qZbssKe9AKORjv795teblAc3vmsSlNwwVnPdS2aq1LHyoNbetc/OaZV151hTQ/9z\n" +
"bsA48oOojgrDD07Ovg3uDcNEIufxR0aGeSSvqhElp1r7wAYj8bAr6W/RH6MS16WW\n" +
"dRd+PH6hsap8BD2RlVCnrT3vIQ==";
// Certificate information:
// Issuer: C=US, O=Java, OU=SunJSSE Test Serivce
@ -156,33 +142,6 @@ public class BasicConstraints {
"P0QqaqP+xJIY+sRrzdckxSfS9AOOrJk2VXY8qEoxCN4wCvHJWuHEAF/Lm65d/hq3\n" +
"2Uh8P+QHLeuEwF8RoTpjiGM9dXvaqcQz7w5G\n" +
"-----END CERTIFICATE-----";
static String caSignerPrivateKey = // Private key in the format of PKCS#8
"MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDAvGeLKlW1ljae\n" +
"eu8NvDCjfW5BNK2c0C4ry7Is+1mM4PC7FA4bRpMaQHKIjLsZ5D1hoA9183cv3p1a\n" +
"P75/ZYMOyx1id/hXmbd3jp8BR0wbvrKxa53+4lO0S5AL5dOpU2AVhcdeQ7+DwoL6\n" +
"iAuHqNcABg3CijrIcFeZHcPMwaZMd9YxJG6YrnNHMWjbXTGKpma02NMB1UnRxsdN\n" +
"phqfRt2gkUs18l6697sSJ7eblvSWEWw1Bmtrg9No28UUsiF8q0m9i/G0QzYOrS6v\n" +
"ghum5bpHAixxfA9Z/ozHrN8gf8gNDTRnG6phDwVb1Uj9nO2f9yTArx7Kz5EtRNmD\n" +
"x9SNMS9rAgMBAAECggEAZk6cF/8s5+sIqy9OXdgbaW1XbT1tOuQ23gCOX9o8Os/c\n" +
"eTG4GzpnM3QqV9l8J85D1uKD0nSeO8bLd/CGSlG0M9IVkwNjy/xIqyoFtUQHXmLn\n" +
"r84UXAv/qqDBoc8pf6RGSKZuodcMfgBuTlaQ6D3zgou0GiQN9//KP/jQyouwnr3A\n" +
"LyXQekxriwPuSYAPak8s5XLfugOebbSRm2UdGEgX3yrT9FVu9rtgeMKdRaCOU8T4\n" +
"G2UdpGaiDfm5yrR+2XEIv4oaH3WFxmmfQCxVcOFJ1iRvfKBbLb1UCgtJuCBD067y\n" +
"dq5PrwUTeAvd7hwZd0lxCSnWY7VvYFNr7iJfyElowQKBgQD8eosot+Th03hpkYDs\n" +
"BIVsw7oqhJmcrPV1bSZ+aQwqqrOGypNmb7nLGTC8Cj1sT+EzfGs7GqxiLOEn4NXr\n" +
"TYV//RUPBSEXVp2y+2dot1a9oq0BJ8FwGTYL0qSwJrIXJfkQFrYhVVz3JLIWJbwV\n" +
"cy4YCQr094BhXTS7joJOUDRsYwKBgQDDbI3Lv+bBK8lLfIBll1RY1k5Gqy/H+qxp\n" +
"sMN8FmadmIGzHhe9xml6b5EfAZphAUF4vZJhQXloT5Wm+NNIAf6X6dRjvzyw7N9B\n" +
"d48EFJF4ChqNGBocsQRNr2wPRzQ+k2caw9YyYMIjbhktDzO1U/FJGYW6/Vgr2v4K\n" +
"siROnXfLWQKBgBOVAZQP5z2opC8z7NbhZuPPrnG7xRpEw+jupUyqoxnwEWqD7bjF\n" +
"M5jQBFqhRLBQ5buTi9GSuQoIRxJLuuu8IH2TyH1YvX9M5YBLRXL2vVCJ/HcZeURT\n" +
"gECcfs92wNtQw6d+y3N8ZnB4tSNIm/Th8RJGKUZkp91lWECvxeWDDP3XAoGASfNq\n" +
"NRAJYlAPfGFAtTDu2i8+r79X9XUGiXg6gVp4umpbqkxY75eFkq9lWzZgFRVEkUwr\n" +
"eGIubyquluDSEw2uKg5yMMzNSqZYVY3IsOKXqbUpFvtn5jOWTU90tNNdEdD100sI\n" +
"Y0f6Ly4amNKH3rZFOERQNtJn6zCTsbh3xMgR7QECgYBhQTqxLU5eIu38MKobzRue\n" +
"RoUkMcoY3DePkKPSYjilFhkUDozIXf/xUGnB8kERZKO+44wUkuPGljiFL1/P/RO9\n" +
"zhHAV94Kw2ddtfxy05GVtUZ99miBmsMb2m8vumGJqfR8h2xpfc1Ra0zfrsPgLNru\n" +
"xDTDW+bNbM7XyPvg9mOf7Q==";
// Certificate information:
// Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner
@ -216,33 +175,6 @@ public class BasicConstraints {
"zr4da2aIg9CKrH2QWoMkDfRKkJvrU3/VhVfVWpNbXFE2xZXftQl3hpFCJ3FkpciA\n" +
"l3hKeq4byY3LXxhAClHpk1KkXJkMnQdOfA5aGekj/Cjuaz1/iKYAG2vRq7YcuM/o\n" +
"-----END CERTIFICATE-----";
static String certIssuerPrivateKey = // Private key in the format of PKCS#8
"MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC1lDVpzmzwbKOL\n" +
"yFWkjPjqtX9xLMq7SVqobvhBv+VChMGGjQbNQPbtczOcXNOcuMFyXxY++eXY7c37\n" +
"MzhbdZHv4Y4aWEn+A3EiX2/fTAbxx165qxKiHbD2EmlKk/Q6yIvi9M9EXXr/viEC\n" +
"Y4/Sdtd4KYtfETa0FpfF5/ZpZMYQo8I9RqBQOmhfvXL1l/Lodla5elZtvIUyp5k2\n" +
"nRQe58AxeP5hrilbIgfmEySf9mOkaTalRf2epBE/wRNA7Qi5Sr2O4pY2x3PPdmMy\n" +
"NL4cZaOJTgdyeDYbEMSW6vpiJW26ma/qeFgPIXZ8COFJZLSOEu310M4QOdSR1Y2c\n" +
"l3/V2E0VAgMBAAECggEBAJjfVrjl2kHwtSCSYchQB6FTfSBDnctgTrtP8iMo9FO0\n" +
"gVpOkVNtRndTbjhOzro7smIgPBJ5QlIIpErBLMmTinJza7gybNk2/KD7yKwuzgnw\n" +
"2IdoyB9E8B+8EHmBZzW2ck953KaqLUvzPsdMG2IOPAomr/gx/eRQwScVzBefiEGo\n" +
"sN+rGfUt/RNAHwWje1KuNDj21S84agQhN6hdYUnIMsvJLu/9mOwUb9ff+AzTUfFr\n" +
"zyx2MJL4Cx59DkUUMESCfinlHUc21llQjFWmX/zOoGY0X0qV/YM/GRsv1ZDFHw9o\n" +
"hQ6m8Ov7D9wB3TKZBI97sCyggjBfSeuYQlNbs99KWQECgYEA7IKNL0ME7FuIrKYu\n" +
"FCQ/Duz1N3oQXLzrTGKUSU1qSbrU2Jwk4SfJ8ZYCW1TP6vZkaQsTXmXun3yyCAqZ\n" +
"hcOtDBhI+b7Wpmmyf6nb83oYJtzHMRQZ5qS+9vOBfV9Uf1za8XI4p90EqkFHByCF\n" +
"tHfjVbjK39zN4CvaO3tqpOaYtL0CgYEAxIrTAhGWy9nBsxf8QeqDou0rV5Cw50Kl\n" +
"kQsE7KLmjvrMaFFpUc5lgWoC+pm/69VpNBUuN/38YozwxVjVi/nMJuuK150mhdWI\n" +
"B28FI7ORnFmVeSvTrP4mBX1ct2Tny9zpchXn3rpHR5NZUs7oBhjudHSfRMrHxeBs\n" +
"Kv2pr2s6uzkCgYAtrEh3iAm7WzHZpX3ghd9nknsIa5odTp5h8eeRAFI2Ss4vxneY\n" +
"w4ZMERwDZy1/wnVBk9H5uNWMFxiKVQGww0j3vPjawe/R0zeVT8gaDMn9N0WARNF7\n" +
"qPT3265196LptZTSa6xlPllYR6LfzXgEkeJk+3qyIIHheJZ8RikiDyYOQQKBgQC/\n" +
"rxlegiMNC4KDldf7vanGxAKqcz5lPbXWQOX7mGC+f9HNx+Cs3VxYHDltiXgJnOju\n" +
"191s1HRK9WR5REt5KhY2uzB9WxJQItJ5VYiwqhhQYXqLY/gdVv1kC0DayDndtMWk\n" +
"88JhklGkeAv83DikgbpGr9sJr6+oyFkWkLDmmfD82QKBgQCMgkZJzrdSNNlB0n5x\n" +
"xC3MzlsQ5aBJuUctnMfuyDi+11yLAuP1oLzGEJ7qEfFoGRO0V8zJWmHAfNhmVYEX\n" +
"ow5g0WbPT16GoRCiOAzq+ewH+TEELMF6HWqnDuTnCg28Jg0dw2kdVTqeyzKOQlLG\n" +
"ua9c2DY3PUTXQPNqLVhz+XxZKA==";
// Certificate information:
// Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer
@ -277,6 +209,7 @@ public class BasicConstraints {
"u/inkyf8NcG7zLBJJyuKfUXO/OzGPD5QMviVc+PCGTY=\n" +
"-----END CERTIFICATE-----";
static String serverPrivateKey = // Private key in the format of PKCS#8
"-----BEGIN PRIVATE KEY-----\n" +
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCaDgoxN2UQQero\n" +
"oBQ4JlQP1BFaZEtIkdIU2VJs4whz85J0LSB/68iEOS5e8wCz9wiQWr4isor7sl3e\n" +
"B2dnLGY28BthOTw2j/CYw/dRqyDbPZniooB233uLGarKjqQWXpRFQi6bgEQmNqWe\n" +
@ -302,7 +235,8 @@ public class BasicConstraints {
"/RiupLD4/awmf21ytpfHcmOWCcdQoE4WC69a6VyVAoGAboeogM5/TRKj80rXfUH2\n" +
"lFZzgX246XGwNyOVVgOuv/Oxa61b5FeeCpnFQcjpZmC5vd63X3w7oYSDe2wUt+Wh\n" +
"LhYunmcCEj+yb3of33loQb/FM2OLW9UoQakB7ewio9vtw+BAnWxnHFkEaqdxMXpy\n" +
"TiSXLpQ1Q9GvDpzngDzJzzY=";
"TiSXLpQ1Q9GvDpzngDzJzzY=\n" +
"-----END PRIVATE KEY-----";
// Certificate information:
// Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer
@ -337,6 +271,7 @@ public class BasicConstraints {
"tL85OZz8ov7d2jVet/w7FD4M5XfcogsNtpX4kaMsctyvQbDYRA==\n" +
"-----END CERTIFICATE-----";
static String clientPrivateKey = // Private key in the format of PKCS#8
"-----BEGIN PRIVATE KEY-----\n" +
"MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFwNzVfqQ58J0I\n" +
"FxUO1ng7XE3uKg0FfbQ4/XEWRakF6PeAt9JZLl83R++tW2QfOAxEldKiyJOv5/g/\n" +
"UjrIO0j3u7noxtuK6Yf1aTwDaz16PI8cIfylvvMtKWDYoBVGQ4vphAwDhoMqmgG2\n" +
@ -362,9 +297,10 @@ public class BasicConstraints {
"cWJdYS5BrwEUen8vaQt1LhgS6lOqYsjysCxkYm078QKBgEJuq4RzecgiGx8srWDb\n" +
"pQKpxrdEt82Y7OXLVj+W9vixcW/xUYhDYGsfdUigZoOjo4nV8KVmMbuI48PIYwnw\n" +
"haLwWrBWlki4x9MRwuZUdewOYoo7hDZToZmIDescdiwv8CA/Dg9kOX3YYLPW+cWl\n" +
"i1pnyMPaloBOhz3Y07sWXxCz";
"i1pnyMPaloBOhz3Y07sWXxCz\n" +
"-----END PRIVATE KEY-----";
static char passphrase[] = "passphrase".toCharArray();
static char[] passphrase = "passphrase".toCharArray();
/*
* Is the server ready to serve?
@ -374,7 +310,7 @@ public class BasicConstraints {
/*
* Turn on SSL debugging?
*/
static boolean debug = false;
static boolean debug = Boolean.getBoolean("test.debug");
/*
* Define the server side of the test.
@ -447,48 +383,39 @@ public class BasicConstraints {
// get the ssl context
private static SSLContext getSSLContext(boolean isServer) throws Exception {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
final PEMDecoder pemDecoder = PEMDecoder.of();
// create a key store
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
// import the trused cert
ByteArrayInputStream is =
new ByteArrayInputStream(trusedCertStr.getBytes());
Certificate trusedCert = cf.generateCertificate(is);
is.close();
// generate certificate from cert string
Certificate trusedCert = pemDecoder.decode(trusedCertStr, X509Certificate.class);
// import the trused cert
ks.setCertificateEntry("SunJSSE Test Serivce", trusedCert);
// import the certificate chain and key
Certificate[] chain = new Certificate[3];
is = new ByteArrayInputStream(caSignerStr.getBytes());
Certificate caSignerCert = cf.generateCertificate(is);
is.close();
Certificate caSignerCert =pemDecoder.decode(caSignerStr, X509Certificate.class);
chain[2] = caSignerCert;
is = new ByteArrayInputStream(certIssuerStr.getBytes());
Certificate certIssuerCert = cf.generateCertificate(is);
is.close();
Certificate certIssuerCert =pemDecoder.decode(certIssuerStr, X509Certificate.class);
chain[1] = certIssuerCert;
PKCS8EncodedKeySpec priKeySpec = null;
PKCS8EncodedKeySpec priKeySpec;
Certificate keyCert;
if (isServer) {
priKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(serverPrivateKey));
is = new ByteArrayInputStream(serverCertStr.getBytes());
priKeySpec =pemDecoder.decode(serverPrivateKey, PKCS8EncodedKeySpec.class);
keyCert = pemDecoder.decode(serverCertStr, X509Certificate.class);
} else {
priKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(clientPrivateKey));
is = new ByteArrayInputStream(clientCertStr.getBytes());
priKeySpec = pemDecoder.decode(clientPrivateKey, PKCS8EncodedKeySpec.class);
keyCert = pemDecoder.decode(clientCertStr, X509Certificate.class);
}
KeyFactory kf = KeyFactory.getInstance("RSA");
RSAPrivateKey priKey = (RSAPrivateKey)kf.generatePrivate(priKeySpec);
Certificate keyCert = cf.generateCertificate(is);
is.close();
chain[0] = keyCert;
ks.setKeyEntry("End Entity", priKey, passphrase, chain);
@ -496,7 +423,8 @@ public class BasicConstraints {
// check the certification path
PKIXParameters paras = new PKIXParameters(ks);
paras.setRevocationEnabled(false);
CertPath path = cf.generateCertPath(Arrays.asList(chain));
CertPath path = CertificateFactory.getInstance("X.509")
.generateCertPath(Arrays.asList(chain));
CertPathValidator cv = CertPathValidator.getInstance("PKIX");
cv.validate(path, paras);
@ -531,7 +459,7 @@ public class BasicConstraints {
volatile Exception serverException = null;
volatile Exception clientException = null;
public static void main(String args[]) throws Exception {
public static void main(String[] args) throws Exception {
if (debug)
System.setProperty("javax.net.debug", "all");
@ -586,22 +514,20 @@ public class BasicConstraints {
void startServer(boolean newThread) throws Exception {
if (newThread) {
serverThread = new Thread() {
public void run() {
try {
doServerSide();
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died...");
serverReady = true;
serverException = e;
}
serverThread = new Thread(() -> {
try {
doServerSide();
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died...");
serverReady = true;
serverException = e;
}
};
});
serverThread.start();
} else {
doServerSide();
@ -610,19 +536,17 @@ public class BasicConstraints {
void startClient(boolean newThread) throws Exception {
if (newThread) {
clientThread = new Thread() {
public void run() {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died...");
clientException = e;
}
clientThread = new Thread(() -> {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died...");
clientException = e;
}
};
});
clientThread.start();
} else {
doClientSide();

50
test/jdk/sun/security/ssl/X509TrustManagerImpl/ComodoHacker.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,21 +25,18 @@
* @test
* @bug 7123519
* @summary Problem with java/classes_security
* @enablePreview
* @run main/othervm ComodoHacker PKIX
* @run main/othervm ComodoHacker SunX509
*/
import java.net.*;
import java.util.*;
import java.io.*;
import javax.net.ssl.*;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.security.KeyStore;
import java.security.PEMDecoder;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import java.security.spec.*;
import java.security.interfaces.*;
public class ComodoHacker {
// DigiNotar Root CA, untrusted root certificate
@ -213,6 +210,8 @@ public class ComodoHacker {
"baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
"-----END CERTIFICATE-----";
private static final PEMDecoder pemDecoder = PEMDecoder.of();
private static String tmAlgorithm; // trust manager
public static void main(String args[]) throws Exception {
@ -253,19 +252,15 @@ public class ComodoHacker {
}
private static X509TrustManager getTrustManager() throws Exception {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// create a key store
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
// generate certificate from cert string
Certificate trustedCert = pemDecoder.decode(trustedCertStr, X509Certificate.class);
// import the trusted cert
try (ByteArrayInputStream is =
new ByteArrayInputStream(trustedCertStr.getBytes())) {
Certificate trustedCert = cf.generateCertificate(is);
ks.setCertificateEntry("RSA Export Signer", trustedCert);
}
ks.setCertificateEntry("RSA Export Signer", trustedCert);
// create the trust manager
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlgorithm);
@ -276,28 +271,11 @@ public class ComodoHacker {
private static X509Certificate[] getFraudulentChain() throws Exception {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate[] chain = new X509Certificate[4];
try (ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes())) {
chain[0] = (X509Certificate)cf.generateCertificate(is);
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(intermediateCertStr.getBytes())) {
chain[1] = (X509Certificate)cf.generateCertificate(is);
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(compromisedCertStr.getBytes())) {
chain[2] = (X509Certificate)cf.generateCertificate(is);
}
try (ByteArrayInputStream is =
new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
chain[3] = (X509Certificate)cf.generateCertificate(is);
}
chain[0] = pemDecoder.decode(targetCertStr, X509Certificate.class);
chain[1] = pemDecoder.decode(intermediateCertStr, X509Certificate.class);
chain[2] = pemDecoder.decode(compromisedCertStr, X509Certificate.class);
chain[3] = pemDecoder.decode(untrustedCrossCertStr, X509Certificate.class);
return chain;
}

36
test/jdk/sun/security/x509/X509CRLImpl/Verify.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,11 +25,19 @@
* @test
* @bug 7026347
* @summary X509CRL should have verify(PublicKey key, Provider sigProvider)
* @enablePreview
*/
import java.io.ByteArrayInputStream;
import java.security.*;
import java.security.cert.*;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PEMDecoder;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
public class Verify {
@ -144,23 +152,21 @@ public class Verify {
}
}
private static void setup() throws CertificateException, CRLException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
private static void setup() {
final PEMDecoder pemDecoder = PEMDecoder.of();
/* Create CRL */
ByteArrayInputStream inputStream =
new ByteArrayInputStream(crlStr.getBytes());
crl = (X509CRL)cf.generateCRL(inputStream);
crl = pemDecoder.decode(crlStr, X509CRL.class);
/* Get public key of the CRL issuer cert */
inputStream = new ByteArrayInputStream(crlIssuerCertStr.getBytes());
X509Certificate cert
= (X509Certificate)cf.generateCertificate(inputStream);
crlIssuerCertPubKey = cert.getPublicKey();
crlIssuerCertPubKey = pemDecoder.decode(crlIssuerCertStr, X509Certificate.class)
.getPublicKey();
/* Get public key of the self-signed Cert */
inputStream = new ByteArrayInputStream(selfSignedCertStr.getBytes());
selfSignedCertPubKey = cf.generateCertificate(inputStream).getPublicKey();
selfSignedCertPubKey = pemDecoder.decode(selfSignedCertStr, X509Certificate.class)
.getPublicKey();
}
private static void verifyCRL(PublicKey key, String providerName)