author | xuelei |
Wed, 19 Jun 2019 21:49:33 -0700 | |
changeset 55452 | 1170b6d92d1c |
permissions | -rw-r--r-- |
55452
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
1 |
/* |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
2 |
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
4 |
* |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. Oracle designates this |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
8 |
* particular file as subject to the "Classpath" exception as provided |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
9 |
* by Oracle in the LICENSE file that accompanied this code. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
10 |
* |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
15 |
* accompanied this code). |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
16 |
* |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
17 |
* You should have received a copy of the GNU General Public License version |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
20 |
* |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
22 |
* or visit www.oracle.com if you need additional information or have any |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
23 |
* questions. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
24 |
*/ |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
25 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
26 |
// |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
27 |
// SunJSSE does not support dynamic system properties, no way to re-use |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
28 |
// system properties in samevm/agentvm mode. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
29 |
// |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
30 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
31 |
/* |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
32 |
* @test |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
33 |
* @bug 8225766 |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
34 |
* @summary Curve in certificate should not affect signature scheme |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
35 |
* when using TLSv1.3 |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
36 |
* @library /javax/net/ssl/templates |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
37 |
* @run main/othervm Tls13NamedGroups |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
38 |
*/ |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
39 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
40 |
import java.net.*; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
41 |
import java.io.*; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
42 |
import javax.net.ssl.*; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
43 |
import java.security.*; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
44 |
import java.security.cert.*; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
45 |
import java.security.spec.*; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
46 |
import java.security.interfaces.*; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
47 |
import java.util.Base64; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
48 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
49 |
public class Tls13NamedGroups extends SSLSocketTemplate { |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
50 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
51 |
public static void main(String[] args) throws Exception { |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
52 |
// Limit the supported named group to secp521r1. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
53 |
System.setProperty("jdk.tls.namedGroups", "secp521r1"); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
54 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
55 |
new Tls13NamedGroups().run(); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
56 |
} |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
57 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
58 |
@Override |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
59 |
protected SSLContext createServerSSLContext() throws Exception { |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
60 |
return generateSSLContext(); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
61 |
} |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
62 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
63 |
@Override |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
64 |
protected void configureServerSocket(SSLServerSocket socket) { |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
65 |
socket.setNeedClientAuth(true); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
66 |
} |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
67 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
68 |
@Override |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
69 |
protected SSLContext createClientSSLContext() throws Exception { |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
70 |
return generateSSLContext(); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
71 |
} |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
72 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
73 |
/* |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
74 |
* ============================================================= |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
75 |
* The remainder is just support stuff |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
76 |
*/ |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
77 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
78 |
// Certificates and key used in the test. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
79 |
// |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
80 |
// Trusted Certificate. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
81 |
static String trustedCertStr = |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
82 |
// SHA256withECDSA, curve prime256v1 |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
83 |
// Validity |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
84 |
// Not Before: May 22 07:18:16 2018 GMT |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
85 |
// Not After : May 17 07:18:16 2038 GMT |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
86 |
// Subject Key Identifier: |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
87 |
// 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
88 |
"-----BEGIN CERTIFICATE-----\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
89 |
"MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
90 |
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
91 |
"ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
92 |
"MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
93 |
"MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
94 |
"LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
95 |
"A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
96 |
"MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
97 |
"6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
98 |
"2YEHlSQUAbwwqCDEVB5KxaqP\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
99 |
"-----END CERTIFICATE-----"; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
100 |
// -----BEGIN PRIVATE KEY----- |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
101 |
// MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
102 |
// XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
103 |
// LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
104 |
// -----END PRIVATE KEY----- |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
105 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
106 |
// End entity certificate. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
107 |
static String targetCertStr = |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
108 |
// SHA256withECDSA, curve prime256v1 |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
109 |
// Validity |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
110 |
// Not Before: May 22 07:18:16 2018 GMT |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
111 |
// Not After : May 17 07:18:16 2038 GMT |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
112 |
// Authority Key Identifier: |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
113 |
// 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86 |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
114 |
"-----BEGIN CERTIFICATE-----\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
115 |
"MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
116 |
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
117 |
"ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
118 |
"MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
119 |
"MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
120 |
"QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
121 |
"xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
122 |
"SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
123 |
"1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
124 |
"-----END CERTIFICATE-----"; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
125 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
126 |
// Private key in the format of PKCS#8. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
127 |
static String targetPrivateKey = |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
128 |
// |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
129 |
// EC private key related to cert endEntityCertStrs[0]. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
130 |
// |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
131 |
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
132 |
"JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" + |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
133 |
"59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6"; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
134 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
135 |
static char passphrase[] = "passphrase".toCharArray(); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
136 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
137 |
// Create the SSLContext instance. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
138 |
private static SSLContext generateSSLContext() throws Exception { |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
139 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
140 |
// generate certificate from cert string |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
141 |
CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
142 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
143 |
// create a key store |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
144 |
KeyStore ks = KeyStore.getInstance("JKS"); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
145 |
ks.load(null, null); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
146 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
147 |
// import the trused cert |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
148 |
X509Certificate trusedCert = null; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
149 |
ByteArrayInputStream is = |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
150 |
new ByteArrayInputStream(trustedCertStr.getBytes()); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
151 |
trusedCert = (X509Certificate)cf.generateCertificate(is); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
152 |
is.close(); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
153 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
154 |
ks.setCertificateEntry("Trusted EC Signer", trusedCert); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
155 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
156 |
// generate the private key. |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
157 |
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
158 |
Base64.getMimeDecoder().decode(targetPrivateKey)); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
159 |
KeyFactory kf = KeyFactory.getInstance("EC"); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
160 |
ECPrivateKey priKey = |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
161 |
(ECPrivateKey)kf.generatePrivate(priKeySpec); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
162 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
163 |
// generate certificate chain |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
164 |
is = new ByteArrayInputStream(targetCertStr.getBytes()); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
165 |
X509Certificate keyCert = (X509Certificate)cf.generateCertificate(is); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
166 |
is.close(); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
167 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
168 |
X509Certificate[] chain = new X509Certificate[2]; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
169 |
chain[0] = keyCert; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
170 |
chain[1] = trusedCert; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
171 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
172 |
// import the key entry and the chain |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
173 |
ks.setKeyEntry("TheKey", priKey, passphrase, chain); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
174 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
175 |
// create SSL context |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
176 |
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
177 |
tmf.init(ks); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
178 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
179 |
KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509"); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
180 |
kmf.init(ks, passphrase); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
181 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
182 |
SSLContext ctx = SSLContext.getInstance("TLSv1.3"); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
183 |
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
184 |
ks = null; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
185 |
|
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
186 |
return ctx; |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
187 |
} |
1170b6d92d1c
8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
xuelei
parents:
diff
changeset
|
188 |
} |