8214339: SSLSocketImpl erroneously wraps SocketException
Reviewed-by: ascarpino, jnimeh
--- a/src/java.base/share/classes/sun/security/ssl/Alert.java Fri Dec 14 17:51:02 2018 -0800
+++ b/src/java.base/share/classes/sun/security/ssl/Alert.java Fri Dec 14 19:39:39 2018 -0800
@@ -122,11 +122,17 @@
reason = (cause != null) ? cause.getMessage() : "";
}
- SSLException ssle = (this == UNEXPECTED_MESSAGE) ?
- new SSLProtocolException(reason) :
- (handshakeOnly ?
- new SSLHandshakeException(reason) :
- new SSLException(reason));
+ SSLException ssle;
+ if ((cause != null) && (cause instanceof IOException)) {
+ ssle = new SSLException(reason);
+ } else if ((this == UNEXPECTED_MESSAGE)) {
+ ssle = new SSLProtocolException(reason);
+ } else if (handshakeOnly) {
+ ssle = new SSLHandshakeException(reason);
+ } else {
+ ssle = new SSLException(reason);
+ }
+
if (cause != null) {
ssle.initCause(cause);
}
--- a/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java Fri Dec 14 17:51:02 2018 -0800
+++ b/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java Fri Dec 14 19:39:39 2018 -0800
@@ -823,8 +823,8 @@
}
if (selectedGroup == null) {
- shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
- new IOException("No common named group"));
+ shc.conContext.fatal(
+ Alert.UNEXPECTED_MESSAGE, "No common named group");
return null; // make the complier happy
}
--- a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java Fri Dec 14 17:51:02 2018 -0800
+++ b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java Fri Dec 14 19:39:39 2018 -0800
@@ -171,7 +171,7 @@
int getIdsEncodedLength() {
int idEncodedLength = 0;
- for(PskIdentity curId : identities) {
+ for (PskIdentity curId : identities) {
idEncodedLength += curId.getEncodedLength();
}
@@ -194,7 +194,7 @@
byte[] buffer = new byte[encodedLength];
ByteBuffer m = ByteBuffer.wrap(buffer);
Record.putInt16(m, idsEncodedLength);
- for(PskIdentity curId : identities) {
+ for (PskIdentity curId : identities) {
curId.writeEncoded(m);
}
Record.putInt16(m, bindersEncodedLength);
@@ -538,12 +538,12 @@
}
SecretKey psk = pskOpt.get();
- SecretKey binderKey = deriveBinderKey(psk, session);
+ SecretKey binderKey = deriveBinderKey(shc, psk, session);
byte[] computedBinder =
- computeBinder(binderKey, session, pskBinderHash);
+ computeBinder(shc, binderKey, session, pskBinderHash);
if (!Arrays.equals(binder, computedBinder)) {
shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
- "Incorect PSK binder value");
+ "Incorect PSK binder value");
}
}
@@ -687,13 +687,14 @@
ageMillis + chc.resumingSession.getTicketAgeAdd();
identities.add(new PskIdentity(chc.pskIdentity, obfuscatedAge));
- SecretKey binderKey = deriveBinderKey(psk, chc.resumingSession);
+ SecretKey binderKey =
+ deriveBinderKey(chc, psk, chc.resumingSession);
ClientHelloMessage clientHello = (ClientHelloMessage)message;
CHPreSharedKeySpec pskPrototype = createPskPrototype(
chc.resumingSession.getSuite().hashAlg.hashLength, identities);
HandshakeHash pskBinderHash = chc.handshakeHash.copy();
- byte[] binder = computeBinder(binderKey, pskBinderHash,
+ byte[] binder = computeBinder(chc, binderKey, pskBinderHash,
chc.resumingSession, chc, clientHello, pskPrototype);
List<byte[]> binders = new ArrayList<>();
@@ -717,7 +718,8 @@
}
}
- private static byte[] computeBinder(SecretKey binderKey,
+ private static byte[] computeBinder(
+ HandshakeContext context, SecretKey binderKey,
SSLSessionImpl session,
HandshakeHash pskBinderHash) throws IOException {
@@ -726,10 +728,11 @@
pskBinderHash.update();
byte[] digest = pskBinderHash.digest();
- return computeBinder(binderKey, session, digest);
+ return computeBinder(context, binderKey, session, digest);
}
- private static byte[] computeBinder(SecretKey binderKey,
+ private static byte[] computeBinder(
+ HandshakeContext context, SecretKey binderKey,
HandshakeHash hash, SSLSessionImpl session,
HandshakeContext ctx, ClientHello.ClientHelloMessage hello,
CHPreSharedKeySpec pskPrototype) throws IOException {
@@ -745,10 +748,11 @@
hash.update();
byte[] digest = hash.digest();
- return computeBinder(binderKey, session, digest);
+ return computeBinder(context, binderKey, session, digest);
}
- private static byte[] computeBinder(SecretKey binderKey,
+ private static byte[] computeBinder(HandshakeContext context,
+ SecretKey binderKey,
SSLSessionImpl session, byte[] digest) throws IOException {
try {
CipherSuite.HashAlg hashAlg = session.getSuite().hashAlg;
@@ -766,15 +770,17 @@
hmac.init(finishedKey);
return hmac.doFinal(digest);
} catch (NoSuchAlgorithmException | InvalidKeyException ex) {
- throw new IOException(ex);
+ context.conContext.fatal(Alert.INTERNAL_ERROR, ex);
+ return null; // fatal() always throws, make the compiler happy.
}
} catch (GeneralSecurityException ex) {
- throw new IOException(ex);
+ context.conContext.fatal(Alert.INTERNAL_ERROR, ex);
+ return null; // fatal() always throws, make the compiler happy.
}
}
- private static SecretKey deriveBinderKey(SecretKey psk,
- SSLSessionImpl session) throws IOException {
+ private static SecretKey deriveBinderKey(HandshakeContext context,
+ SecretKey psk, SSLSessionImpl session) throws IOException {
try {
CipherSuite.HashAlg hashAlg = session.getSuite().hashAlg;
HKDF hkdf = new HKDF(hashAlg.name);
@@ -788,7 +794,8 @@
return hkdf.expand(earlySecret,
hkdfInfo, hashAlg.hashLength, "TlsBinderKey");
} catch (GeneralSecurityException ex) {
- throw new IOException(ex);
+ context.conContext.fatal(Alert.INTERNAL_ERROR, ex);
+ return null; // fatal() always throws, make the compiler happy.
}
}
@@ -844,7 +851,7 @@
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
- "Resuming session: ", chc.resumingSession);
+ "Resuming session: ", chc.resumingSession);
}
}
}
--- a/src/java.base/share/classes/sun/security/ssl/TransportContext.java Fri Dec 14 17:51:02 2018 -0800
+++ b/src/java.base/share/classes/sun/security/ssl/TransportContext.java Fri Dec 14 19:39:39 2018 -0800
@@ -328,6 +328,8 @@
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.warning("Fatal: input record closure failed", ioe);
}
+
+ closeReason.addSuppressed(ioe);
}
// invalidate the session
@@ -353,6 +355,8 @@
SSLLogger.warning(
"Fatal: failed to send fatal alert " + alert, ioe);
}
+
+ closeReason.addSuppressed(ioe);
}
}
@@ -363,6 +367,8 @@
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.warning("Fatal: output record closure failed", ioe);
}
+
+ closeReason.addSuppressed(ioe);
}
// terminate the handshake context
@@ -377,6 +383,8 @@
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.warning("Fatal: transport closure failed", ioe);
}
+
+ closeReason.addSuppressed(ioe);
} finally {
isBroken = true;
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java Fri Dec 14 19:39:39 2018 -0800
@@ -0,0 +1,518 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+//
+// Please run in othervm mode. SunJSSE does not support dynamic system
+// properties, no way to re-use system properties in samevm/agentvm mode.
+//
+
+import java.io.ByteArrayInputStream;
+import java.security.KeyFactory;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Base64;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+
+/**
+ * SSLContext template to speed up JSSE tests.
+ */
+public interface SSLContextTemplate {
+ /*
+ * Create an instance of SSLContext for client use.
+ */
+ default SSLContext createClientSSLContext() throws Exception {
+ return createSSLContext(trustedCertStrs,
+ endEntityCertStrs, endEntityPrivateKeys,
+ endEntityPrivateKeyAlgs,
+ endEntityPrivateKeyNames,
+ getClientContextParameters());
+ }
+
+ /*
+ * Create an instance of SSLContext for server use.
+ */
+ default SSLContext createServerSSLContext() throws Exception {
+ return createSSLContext(trustedCertStrs,
+ endEntityCertStrs, endEntityPrivateKeys,
+ endEntityPrivateKeyAlgs,
+ endEntityPrivateKeyNames,
+ getServerContextParameters());
+ }
+
+ /*
+ * The parameters used to configure SSLContext.
+ */
+ static final class ContextParameters {
+ final String contextProtocol;
+ final String tmAlgorithm;
+ final String kmAlgorithm;
+
+ ContextParameters(String contextProtocol,
+ String tmAlgorithm, String kmAlgorithm) {
+
+ this.contextProtocol = contextProtocol;
+ this.tmAlgorithm = tmAlgorithm;
+ this.kmAlgorithm = kmAlgorithm;
+ }
+ }
+
+ /*
+ * Get the client side parameters of SSLContext.
+ */
+ default ContextParameters getClientContextParameters() {
+ return new ContextParameters("TLS", "PKIX", "NewSunX509");
+ }
+
+ /*
+ * Get the server side parameters of SSLContext.
+ */
+ default ContextParameters getServerContextParameters() {
+ return new ContextParameters("TLS", "PKIX", "NewSunX509");
+ }
+
+ /*
+ * =======================================
+ * Certificates and keys used in the test.
+ */
+ // Trusted certificates.
+ final static String[] trustedCertStrs = {
+ // SHA256withECDSA, curve prime256v1
+ // Validity
+ // Not Before: May 22 07:18:16 2018 GMT
+ // Not After : May 17 07:18:16 2038 GMT
+ // Subject Key Identifier:
+ // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
+ "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
+ "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" +
+ "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" +
+ "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" +
+ "LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" +
+ "A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" +
+ "MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" +
+ "6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" +
+ "2YEHlSQUAbwwqCDEVB5KxaqP\n" +
+ "-----END CERTIFICATE-----",
+ // -----BEGIN PRIVATE KEY-----
+ // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd
+ // XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd
+ // LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp
+ // -----END PRIVATE KEY-----
+
+ // SHA256withRSA, 2048 bits
+ // Validity
+ // Not Before: May 22 07:18:16 2018 GMT
+ // Not After : May 17 07:18:16 2038 GMT
+ // Subject Key Identifier:
+ // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIIDSTCCAjGgAwIBAgIJAI4ZF3iy8zG+MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
+ "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
+ "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYT\n" +
+ "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
+ "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpMcY7aWieXDEM1/YJf\n" +
+ "JW27b4nRIFZyEYhEloyGsKTuQiiQjc8cqRZFNXe2vwziDB4IyTEl0Hjl5QF6ZaQE\n" +
+ "huPzzwvQm1pv64KrRXrmj3FisQK8B5OWLty9xp6xDqsaMRoyObLK+oIb20T5fSlE\n" +
+ "evmo1vYjnh8CX0Yzx5Gr5ye6YSEHQvYOWEws8ad17OlyToR2KMeC8w4qo6rs59pW\n" +
+ "g7Mxn9vo22ImDzrtAbTbXbCias3xlE0Bp0h5luyf+5U4UgksoL9B9r2oP4GrLNEV\n" +
+ "oJk57t8lwaR0upiv3CnS8LcJELpegZub5ggqLY8ZPYFQPjlK6IzLOm6rXPgZiZ3m\n" +
+ "RL0CAwEAAaNQME4wHQYDVR0OBBYEFA3dk8n+S701t+iZeJD721o92xVMMB8GA1Ud\n" +
+ "IwQYMBaAFA3dk8n+S701t+iZeJD721o92xVMMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" +
+ "hvcNAQELBQADggEBAJTRC3rKUUhVH07/1+stUungSYgpM08dY4utJq0BDk36BbmO\n" +
+ "0AnLDMbkwFdHEoqF6hQIfpm7SQTmXk0Fss6Eejm8ynYr6+EXiRAsaXOGOBCzF918\n" +
+ "/RuKOzqABfgSU4UBKECLM5bMfQTL60qx+HdbdVIpnikHZOFfmjCDVxoHsGyXc1LW\n" +
+ "Jhkht8IGOgc4PMGvyzTtRFjz01kvrVQZ75aN2E0GQv6dCxaEY0i3ypSzjUWAKqDh\n" +
+ "3e2OLwUSvumcdaxyCdZAOUsN6pDBQ+8VRG7KxnlRlY1SMEk46QgQYLbPDe/+W/yH\n" +
+ "ca4PejicPeh+9xRAwoTpiE2gulfT7Lm+fVM7Ruc=\n" +
+ "-----END CERTIFICATE-----",
+
+ // -----BEGIN PRIVATE KEY-----
+ // MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6THGO2lonlwxD
+ // Nf2CXyVtu2+J0SBWchGIRJaMhrCk7kIokI3PHKkWRTV3tr8M4gweCMkxJdB45eUB
+ // emWkBIbj888L0Jtab+uCq0V65o9xYrECvAeTli7cvcaesQ6rGjEaMjmyyvqCG9tE
+ // +X0pRHr5qNb2I54fAl9GM8eRq+cnumEhB0L2DlhMLPGndezpck6EdijHgvMOKqOq
+ // 7OfaVoOzMZ/b6NtiJg867QG0212womrN8ZRNAadIeZbsn/uVOFIJLKC/Qfa9qD+B
+ // qyzRFaCZOe7fJcGkdLqYr9wp0vC3CRC6XoGbm+YIKi2PGT2BUD45SuiMyzpuq1z4
+ // GYmd5kS9AgMBAAECggEAFHSoU2MuWwJ+2jJnb5U66t2V1bAcuOE1g5zkWvG/G5z9
+ // rq6Qo5kmB8f5ovdx6tw3MGUOklLwnRXBG3RxDJ1iokz3AvkY1clMNsDPlDsUrQKF
+ // JSO4QUBQTPSZhnsyfR8XHSU+qJ8Y+ohMfzpVv95BEoCzebtXdVgxVegBlcEmVHo2
+ // kMmkRN+bYNsr8eb2r+b0EpyumS39ZgKYh09+cFb78y3T6IFMGcVJTP6nlGBFkmA/
+ // 25pYeCF2tSki08qtMJZQAvKfw0Kviibk7ZxRbJqmc7B1yfnOEHP6ftjuvKl2+RP/
+ // +5P5f8CfIP6gtA0LwSzAqQX/hfIKrGV5j0pCqrD0kQKBgQDeNR6Xi4sXVq79lihO
+ // a1bSeV7r8yoQrS8x951uO+ox+UIZ1MsAULadl7zB/P0er92p198I9M/0Jth3KBuS
+ // zj45mucvpiiGvmQlMKMEfNq4nN7WHOu55kufPswQB2mR4J3xmwI+4fM/nl1zc82h
+ // De8JSazRldJXNhfx0RGFPmgzbwKBgQDWoVXrXLbCAn41oVnWB8vwY9wjt92ztDqJ
+ // HMFA/SUohjePep9UDq6ooHyAf/Lz6oE5NgeVpPfTDkgvrCFVKnaWdwALbYoKXT2W
+ // 9FlyJox6eQzrtHAacj3HJooXWuXlphKSizntfxj3LtMR9BmrmRJOfK+SxNOVJzW2
+ // +MowT20EkwKBgHmpB8jdZBgxI7o//m2BI5Y1UZ1KE5vx1kc7VXzHXSBjYqeV9FeF
+ // 2ZZLP9POWh/1Fh4pzTmwIDODGT2UPhSQy0zq3O0fwkyT7WzXRknsuiwd53u/dejg
+ // iEL2NPAJvulZ2+AuiHo5Z99LK8tMeidV46xoJDDUIMgTG+UQHNGhK5gNAoGAZn/S
+ // Cn7SgMC0CWSvBHnguULXZO9wH1wZAFYNLL44OqwuaIUFBh2k578M9kkke7woTmwx
+ // HxQTjmWpr6qimIuY6q6WBN8hJ2Xz/d1fwhYKzIp20zHuv5KDUlJjbFfqpsuy3u1C
+ // kts5zwI7pr1ObRbDGVyOdKcu7HI3QtR5qqyjwaUCgYABo7Wq6oHva/9V34+G3Goh
+ // 63bYGUnRw2l5BD11yhQv8XzGGZFqZVincD8gltNThB0Dc/BI+qu3ky4YdgdZJZ7K
+ // z51GQGtaHEbrHS5caV79yQ8QGY5mUVH3E+VXSxuIqb6pZq2DH4sTAEFHyncddmOH
+ // zoXBInYwRG9KE/Bw5elhUw==
+ // -----END PRIVATE KEY-----
+
+
+ // SHA256withDSA, 2048 bits
+ // Validity
+ // Not Before: May 22 07:18:18 2018 GMT
+ // Not After : May 17 07:18:18 2038 GMT
+ // Subject Key Identifier:
+ // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIIErjCCBFSgAwIBAgIJAOktYLNCbr02MAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" +
+ "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" +
+ "Y2UwHhcNMTgwNTIyMDcxODE4WhcNMzgwNTE3MDcxODE4WjA7MQswCQYDVQQGEwJV\n" +
+ "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Uw\n" +
+ "ggNHMIICOQYHKoZIzjgEATCCAiwCggEBAO5GyPhSm0ze3LSu+gicdULLj05iOfTL\n" +
+ "UvZQ29sYz41zmqrLBQbdKiHqgJu2Re9sgTb5suLNjF047TOLPnU3jhPtWm2X8Xzi\n" +
+ "VGIcHym/Q/MeZxStt/88seqroI3WOKzIML2GcrishT+lcGrtH36Tf1+ue2Snn3PS\n" +
+ "WyxygNqPjllP5uUjYmFLvAf4QLMldkd/D2VxcwsHjB8y5iUZsXezc/LEhRZS/02m\n" +
+ "ivqlRw3AMkq/OVe/ZtxFWsP0nsfxEGdZuaUFpppGfixxFvymrB3+J51cTt+pZBDq\n" +
+ "D2y0DYfc+88iCs4jwHTfcDIpLb538HBjBj2rEgtQESQmB0ooD/+wsPsCIQC1bYch\n" +
+ "gElNtDYL3FgpLgNSUYp7gIWv9ehaC7LO2z7biQKCAQBitvFOnDkUja8NAF7lDpOV\n" +
+ "b5ipQ8SicBLW3kQamxhyuyxgZyy/PojZ/oPorkqW/T/A0rhnG6MssEpAtdiwVB+c\n" +
+ "rBYGo3bcwmExJhdOJ6dYuKFppPWhCwKMHs9npK+lqBMl8l5j58xlcFeC7ZfGf8GY\n" +
+ "GkhFW0c44vEQhMMbac6ZTTP4mw+1t7xJfmDMlLEyIpTXaAAk8uoVLWzQWnR40sHi\n" +
+ "ybvS0u3JxQkb7/y8tOOZu8qlz/YOS7lQ6UxUGX27Ce1E0+agfPphetoRAlS1cezq\n" +
+ "Wa7r64Ga0nkj1kwkcRqjgTiJx0NwnUXr78VAXFhVF95+O3lfqhvdtEGtkhDGPg7N\n" +
+ "A4IBBgACggEBAMmSHQK0w2i+iqUjOPzn0yNEZrzepLlLeQ1tqtn0xnlv5vBAeefD\n" +
+ "Pm9dd3tZOjufVWP7hhEz8xPobb1CS4e3vuQiv5UBfhdPL3f3l9T7JMAKPH6C9Vve\n" +
+ "OQXE5eGqbjsySbcmseHoYUt1WCSnSda1opX8zchX04e7DhGfE2/L9flpYEoSt8lI\n" +
+ "vMNjgOwvKdW3yvPt1/eBBHYNFG5gWPv/Q5KoyCtHS03uqGm4rNc/wZTIEEfd66C+\n" +
+ "QRaUltjOaHmtwOdDHaNqwhYZSVOip+Mo+TfyzHFREcdHLapo7ZXqbdYkRGxRR3d+\n" +
+ "3DfHaraJO0OKoYlPkr3JMvM/MSGR9AnZOcejUDBOMB0GA1UdDgQWBBR2Zp73O91F\n" +
+ "5TvZcjw/8FQ5hjEmUzAfBgNVHSMEGDAWgBR2Zp73O91F5TvZcjw/8FQ5hjEmUzAM\n" +
+ "BgNVHRMEBTADAQH/MAsGCWCGSAFlAwQDAgNHADBEAiBzriYE41M2y9Hy5ppkL0Qn\n" +
+ "dIlNc8JhXT/PHW7GDtViagIgMko8Qoj9gDGPK3+O9E8DC3wGiiF9CObM4LN387ok\n" +
+ "J+g=\n" +
+ "-----END CERTIFICATE-----"
+ // -----BEGIN PRIVATE KEY-----
+ // MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQDuRsj4UptM3ty0rvoInHVCy49O
+ // Yjn0y1L2UNvbGM+Nc5qqywUG3Soh6oCbtkXvbIE2+bLizYxdOO0ziz51N44T7Vpt
+ // l/F84lRiHB8pv0PzHmcUrbf/PLHqq6CN1jisyDC9hnK4rIU/pXBq7R9+k39frntk
+ // p59z0lsscoDaj45ZT+blI2JhS7wH+ECzJXZHfw9lcXMLB4wfMuYlGbF3s3PyxIUW
+ // Uv9Npor6pUcNwDJKvzlXv2bcRVrD9J7H8RBnWbmlBaaaRn4scRb8pqwd/iedXE7f
+ // qWQQ6g9stA2H3PvPIgrOI8B033AyKS2+d/BwYwY9qxILUBEkJgdKKA//sLD7AiEA
+ // tW2HIYBJTbQ2C9xYKS4DUlGKe4CFr/XoWguyzts+24kCggEAYrbxTpw5FI2vDQBe
+ // 5Q6TlW+YqUPEonAS1t5EGpsYcrssYGcsvz6I2f6D6K5Klv0/wNK4ZxujLLBKQLXY
+ // sFQfnKwWBqN23MJhMSYXTienWLihaaT1oQsCjB7PZ6SvpagTJfJeY+fMZXBXgu2X
+ // xn/BmBpIRVtHOOLxEITDG2nOmU0z+JsPtbe8SX5gzJSxMiKU12gAJPLqFS1s0Fp0
+ // eNLB4sm70tLtycUJG+/8vLTjmbvKpc/2Dku5UOlMVBl9uwntRNPmoHz6YXraEQJU
+ // tXHs6lmu6+uBmtJ5I9ZMJHEao4E4icdDcJ1F6+/FQFxYVRfefjt5X6ob3bRBrZIQ
+ // xj4OzQQjAiEAsceWOM8do4etxp2zgnoNXV8PUUyqWhz1+0srcKV7FR4=
+ // -----END PRIVATE KEY-----
+ };
+
+ // End entity certificate.
+ final static String[] endEntityCertStrs = {
+ // SHA256withECDSA, curve prime256v1
+ // Validity
+ // Not Before: May 22 07:18:16 2018 GMT
+ // Not After : May 17 07:18:16 2038 GMT
+ // Authority Key Identifier:
+ // 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
+ "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
+ "ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" +
+ "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" +
+ "MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" +
+ "QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" +
+ "xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" +
+ "SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" +
+ "1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" +
+ "-----END CERTIFICATE-----",
+
+ // SHA256withRSA, 2048 bits
+ // Validity
+ // Not Before: May 22 07:18:16 2018 GMT
+ // Not After : May 17 07:18:16 2038 GMT
+ // Authority Key Identifier:
+ // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIIDNjCCAh6gAwIBAgIJAO2+yPcFryUTMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
+ "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
+ "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYT\n" +
+ "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
+ "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n" +
+ "AQ8AMIIBCgKCAQEAszfBobWfZIp8AgC6PiWDDavP65mSvgCXUGxACbxVNAfkLhNR\n" +
+ "QOsHriRB3X1Q3nvO9PetC6wKlvE9jlnDDj7D+1j1r1CHO7ms1fq8rfcQYdkanDtu\n" +
+ "4AlHo8v+SSWX16MIXFRYDj2VVHmyPtgbltcg4zGAuwT746FdLI94uXjJjq1IOr/v\n" +
+ "0VIlwE5ORWH5Xc+5Tj+oFWK0E4a4GHDgtKKhn2m72hN56/GkPKGkguP5NRS1qYYV\n" +
+ "/EFkdyQMOV8J1M7HaicSft4OL6eKjTrgo93+kHk+tv0Dc6cpVBnalX3TorG8QI6B\n" +
+ "cHj1XQd78oAlAC+/jF4pc0mwi0un49kdK9gRfQIDAQABoyMwITAfBgNVHSMEGDAW\n" +
+ "gBQN3ZPJ/ku9NbfomXiQ+9taPdsVTDANBgkqhkiG9w0BAQsFAAOCAQEApXS0nKwm\n" +
+ "Kp8gpmO2yG1rpd1+2wBABiMU4JZaTqmma24DQ3RzyS+V2TeRb29dl5oTUEm98uc0\n" +
+ "GPZvhK8z5RFr4YE17dc04nI/VaNDCw4y1NALXGs+AHkjoPjLyGbWpi1S+gfq2sNB\n" +
+ "Ekkjp6COb/cb9yiFXOGVls7UOIjnVZVd0r7KaPFjZhYh82/f4PA/A1SnIKd1+nfH\n" +
+ "2yk7mSJNC7Z3qIVDL8MM/jBVwiC3uNe5GPB2uwhd7k5LGAVN3j4HQQGB0Sz+VC1h\n" +
+ "92oi6xDa+YBva2fvHuCd8P50DDjxmp9CemC7rnZ5j8egj88w14X44Xjb/Fd/ApG9\n" +
+ "e57NnbT7KM+Grw==\n" +
+ "-----END CERTIFICATE-----",
+
+ // SHA256withRSA, curv prime256v1
+ // Validity
+ // Not Before: May 22 07:18:16 2018 GMT
+ // Not After : May 21 07:18:16 2028 GMT
+ // Authority Key Identifier:
+ // 0D:DD:93:C9:FE:4B:BD:35:B7:E8:99:78:90:FB:DB:5A:3D:DB:15:4C
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIICazCCAVOgAwIBAgIJAO2+yPcFryUUMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" +
+ "BAYTAlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2Vy\n" +
+ "aXZjZTAeFw0xODA1MjIwNzE4MTZaFw0yODA1MjEwNzE4MTZaMFUxCzAJBgNVBAYT\n" +
+ "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
+ "ZTEYMBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" +
+ "AQcDQgAE59MERNTlVZ1eeps8Z3Oue5ZkgQdPtD+WIE6tj3PbIKpxGPDxvfNP959A\n" +
+ "yQjEK/ehWQVrCMmNoEkIzY+IIBgB06MjMCEwHwYDVR0jBBgwFoAUDd2Tyf5LvTW3\n" +
+ "6Jl4kPvbWj3bFUwwDQYJKoZIhvcNAQELBQADggEBAFOTVEqs70ykhZiIdrEsF1Ra\n" +
+ "I3B2rLvwXZk52uSltk2/bzVvewA577ZCoxQ1pL7ynkisPfBN1uVYtHjM1VA3RC+4\n" +
+ "+TAK78dnI7otYjWoHp5rvs4l6c/IbOspS290IlNuDUxMErEm5wxIwj+Aukx/1y68\n" +
+ "hOyCvHBLMY2c1LskH1MMBbDuS1aI+lnGpToi+MoYObxGcV458vxuT8+wwV8Fkpvd\n" +
+ "ll8IIFmeNPRv+1E+lXbES6CSNCVaZ/lFhPgdgYKleN7sfspiz50DG4dqafuEAaX5\n" +
+ "xaK1NWXJxTRz0ROH/IUziyuDW6jphrlgit4+3NCzp6vP9hAJQ8Vhcj0n15BKHIQ=\n" +
+ "-----END CERTIFICATE-----",
+
+ // SHA256withDSA, 2048 bits
+ // Validity
+ // Not Before: May 22 07:18:20 2018 GMT
+ // Not After : May 17 07:18:20 2038 GMT
+ // Authority Key Identifier:
+ // 76:66:9E:F7:3B:DD:45:E5:3B:D9:72:3C:3F:F0:54:39:86:31:26:53
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIIEnDCCBEGgAwIBAgIJAP/jh1qVhNVjMAsGCWCGSAFlAwQDAjA7MQswCQYDVQQG\n" +
+ "EwJVUzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2\n" +
+ "Y2UwHhcNMTgwNTIyMDcxODIwWhcNMzgwNTE3MDcxODIwWjBVMQswCQYDVQQGEwJV\n" +
+ "UzENMAsGA1UECgwESmF2YTEdMBsGA1UECwwUU3VuSlNTRSBUZXN0IFNlcml2Y2Ux\n" +
+ "GDAWBgNVBAMMD1JlZ3Jlc3Npb24gVGVzdDCCA0cwggI6BgcqhkjOOAQBMIICLQKC\n" +
+ "AQEAmlavgoJrMcjqWRVcDE2dmWAPREgnzQvneEDef68cprDzjSwvOs5QeFyx75ib\n" +
+ "ado1e6jO/rW1prCGWHDD1oA/Tn4Pk3vu0nUxzvl1qATc+aJbpUU5Op0bvp6LbCsQ\n" +
+ "QslV9FeRh7Eb7bP6gpc/kHCBzEgC1VCK7prccXWy+t6SMOHbND3h+UbckfSaUuaV\n" +
+ "sVJNTD1D6GElfRj4Nmz1BGPfSYvKorwNZEU3gXwFgtDoAcGx7tcyClLpDHfqRfw/\n" +
+ "7yiqLyeiP7D4hl5lMNouJWDlAdMFp0FMgS3s9VDFinIcr6VtBWMTG7+4+czHAB+3\n" +
+ "fvrwlqNzhBn3uFHrekN/w8fNxwIhAJo7Sae1za7IMW0Q6hE5B4b+s2B/FaKPoA4E\n" +
+ "jtZu13B9AoIBAQCOZqLMKfvqZWUgT0PQ3QjR7dAFdd06I9Y3+TOQzZk1+j+vw/6E\n" +
+ "X4vFItX4gihb/u5Q9CdmpwhVGi7bvo+7+/IKeTgoQ6f5+PSug7SrWWUQ5sPwaZui\n" +
+ "zXZJ5nTeZDucFc2yFx0wgnjbPwiUxZklOT7xGiOMtzOTa2koCz5KuIBL+/wPKKxm\n" +
+ "ypo9VoY9xfbdU6LMXZv/lpD5XTM9rYHr/vUTNkukvV6Hpm0YMEWhVZKUJiqCqTqG\n" +
+ "XHaleOxSw6uQWB/+TznifcC7gB48UOQjCqOKf5VuwQneJLhlhU/jhRV3xtr+hLZa\n" +
+ "hW1wYhVi8cjLDrZFKlgEQqhB4crnJU0mJY+tA4IBBQACggEAID0ezl00/X8mv7eb\n" +
+ "bzovum1+DEEP7FM57k6HZEG2N3ve4CW+0m9Cd+cWPz8wkZ+M0j/Eqa6F0IdbkXEc\n" +
+ "Q7CuzvUyJ57xQ3L/WCgXsiS+Bh8O4Mz7GwW22CGmHqafbVv+hKBfr8MkskO6GJUt\n" +
+ "SUF/CVLzB4gMIvZMH26tBP2xK+i7FeEK9kT+nGdzQSZBAhFYpEVCBplHZO24/OYq\n" +
+ "1DNoU327nUuXIhmsfA8N0PjiWbIZIjTPwBGr9H0LpATI7DIDNcvRRvtROP+pBU9y\n" +
+ "fuykPkptg9C0rCM9t06bukpOSaEz/2VIQdLE8fHYFA6pHZ6CIc2+5cfvMgTPhcjz\n" +
+ "W2jCt6MjMCEwHwYDVR0jBBgwFoAUdmae9zvdReU72XI8P/BUOYYxJlMwCwYJYIZI\n" +
+ "AWUDBAMCA0gAMEUCIQCeI5fN08b9BpOaHdc3zQNGjp24FOL/RxlBLeBAorswJgIg\n" +
+ "JEZ8DhYxQy1O7mmZ2UIT7op6epWMB4dENjs0qWPmcKo=\n" +
+ "-----END CERTIFICATE-----"
+ };
+
+ // Private key in the format of PKCS#8.
+ final static String[] endEntityPrivateKeys = {
+ //
+ // EC private key related to cert endEntityCertStrs[0].
+ //
+ "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" +
+ "JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" +
+ "59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6",
+
+ //
+ // RSA private key related to cert endEntityCertStrs[1].
+ //
+ "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzN8GhtZ9kinwC\n" +
+ "ALo+JYMNq8/rmZK+AJdQbEAJvFU0B+QuE1FA6weuJEHdfVDee870960LrAqW8T2O\n" +
+ "WcMOPsP7WPWvUIc7uazV+ryt9xBh2RqcO27gCUejy/5JJZfXowhcVFgOPZVUebI+\n" +
+ "2BuW1yDjMYC7BPvjoV0sj3i5eMmOrUg6v+/RUiXATk5FYfldz7lOP6gVYrQThrgY\n" +
+ "cOC0oqGfabvaE3nr8aQ8oaSC4/k1FLWphhX8QWR3JAw5XwnUzsdqJxJ+3g4vp4qN\n" +
+ "OuCj3f6QeT62/QNzpylUGdqVfdOisbxAjoFwePVdB3vygCUAL7+MXilzSbCLS6fj\n" +
+ "2R0r2BF9AgMBAAECggEASIkPkMCuw4WdTT44IwERus3IOIYOs2IP3BgEDyyvm4B6\n" +
+ "JP/iihDWKfA4zEl1Gqcni1RXMHswSglXra682J4kui02Ov+vzEeJIY37Ibn2YnP5\n" +
+ "ZjRT2s9GtI/S2o4hl8A/mQb2IMViFC+xKehTukhV4j5d6NPKk0XzLR7gcMjnYxwn\n" +
+ "l21fS6D2oM1xRG/di7sL+uLF8EXLRzfiWDNi12uQv4nwtxPKvuKhH6yzHt7YqMH0\n" +
+ "46pmDKDaxV4w1JdycjCb6NrCJOYZygoQobuZqOQ30UZoZsPJrtovkncFr1e+lNcO\n" +
+ "+aWDfOLCtTH046dEQh5oCShyXMybNlry/QHsOtHOwQKBgQDh2iIjs+FPpQy7Z3EX\n" +
+ "DGEvHYqPjrYO9an2KSRr1m9gzRlWYxKY46WmPKwjMerYtra0GP+TBHrgxsfO8tD2\n" +
+ "wUAII6sd1qup0a/Sutgf2JxVilLykd0+Ge4/Cs51tCdJ8EqDV2B6WhTewOY2EGvg\n" +
+ "JiKYkeNwgRX/9M9CFSAMAk0hUQKBgQDLJAartL3DoGUPjYtpJnfgGM23yAGl6G5r\n" +
+ "NSXDn80BiYIC1p0bG3N0xm3yAjqOtJAUj9jZbvDNbCe3GJfLARMr23legX4tRrgZ\n" +
+ "nEdKnAFKAKL01oM+A5/lHdkwaZI9yyv+hgSVdYzUjB8rDmzeVQzo1BT7vXypt2yV\n" +
+ "6O1OnUpCbQKBgA/0rzDChopv6KRcvHqaX0tK1P0rYeVQqb9ATNhpf9jg5Idb3HZ8\n" +
+ "rrk91BNwdVz2G5ZBpdynFl9G69rNAMJOCM4KZw5mmh4XOEq09Ivba8AHU7DbaTv3\n" +
+ "7QL7KnbaUWRB26HHzIMYVh0el6T+KADf8NXCiMTr+bfpfbL3dxoiF3zhAoGAbCJD\n" +
+ "Qse1dBs/cKYCHfkSOsI5T6kx52Tw0jS6Y4X/FOBjyqr/elyEexbdk8PH9Ar931Qr\n" +
+ "NKMvn8oA4iA/PRrXX7M2yi3YQrWwbkGYWYjtzrzEAdzmg+5eARKAeJrZ8/bg9l3U\n" +
+ "ttKaItJsDPlizn8rngy3FsJpR9aSAMK6/+wOiYkCgYEA1tZkI1rD1W9NYZtbI9BE\n" +
+ "qlJVFi2PBOJMKNuWdouPX3HLQ72GJSQff2BFzLTELjweVVJ0SvY4IipzpQOHQOBy\n" +
+ "5qh/p6izXJZh3IHtvwVBjHoEVplg1b2+I5e3jDCfqnwcQw82dW5SxOJMg1h/BD0I\n" +
+ "qAL3go42DYeYhu/WnECMeis=",
+
+ //
+ // EC private key related to cert endEntityCertStrs[2].
+ //
+ "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGVc7hICpmp91jbYe\n" +
+ "nrr8nYHD37RZP3VENY+szuA7WjuhRANCAATn0wRE1OVVnV56mzxnc657lmSBB0+0\n" +
+ "P5YgTq2Pc9sgqnEY8PG980/3n0DJCMQr96FZBWsIyY2gSQjNj4ggGAHT",
+
+ //
+ // DSA private key related to cert endEntityCertStrs[3].
+ //
+ "MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQCaVq+CgmsxyOpZFVwMTZ2ZYA9E\n" +
+ "SCfNC+d4QN5/rxymsPONLC86zlB4XLHvmJtp2jV7qM7+tbWmsIZYcMPWgD9Ofg+T\n" +
+ "e+7SdTHO+XWoBNz5olulRTk6nRu+notsKxBCyVX0V5GHsRvts/qClz+QcIHMSALV\n" +
+ "UIrumtxxdbL63pIw4ds0PeH5RtyR9JpS5pWxUk1MPUPoYSV9GPg2bPUEY99Ji8qi\n" +
+ "vA1kRTeBfAWC0OgBwbHu1zIKUukMd+pF/D/vKKovJ6I/sPiGXmUw2i4lYOUB0wWn\n" +
+ "QUyBLez1UMWKchyvpW0FYxMbv7j5zMcAH7d++vCWo3OEGfe4Uet6Q3/Dx83HAiEA\n" +
+ "mjtJp7XNrsgxbRDqETkHhv6zYH8Voo+gDgSO1m7XcH0CggEBAI5moswp++plZSBP\n" +
+ "Q9DdCNHt0AV13Toj1jf5M5DNmTX6P6/D/oRfi8Ui1fiCKFv+7lD0J2anCFUaLtu+\n" +
+ "j7v78gp5OChDp/n49K6DtKtZZRDmw/Bpm6LNdknmdN5kO5wVzbIXHTCCeNs/CJTF\n" +
+ "mSU5PvEaI4y3M5NraSgLPkq4gEv7/A8orGbKmj1Whj3F9t1Tosxdm/+WkPldMz2t\n" +
+ "gev+9RM2S6S9XoembRgwRaFVkpQmKoKpOoZcdqV47FLDq5BYH/5POeJ9wLuAHjxQ\n" +
+ "5CMKo4p/lW7BCd4kuGWFT+OFFXfG2v6EtlqFbXBiFWLxyMsOtkUqWARCqEHhyucl\n" +
+ "TSYlj60EIgIgLfA75+8KcKxdN8mr6gzGjQe7jPFGG42Ejhd7Q2F4wuw="
+ };
+
+ // Private key algorithm of endEntityPrivateKeys.
+ final static String[] endEntityPrivateKeyAlgs = {
+ "EC",
+ "RSA",
+ "EC",
+ "DSA",
+ };
+
+ // Private key names of endEntityPrivateKeys.
+ static final String[] endEntityPrivateKeyNames = {
+ "ecdsa",
+ "rsa",
+ "ec-rsa",
+ "dsa",
+ };
+
+ /*
+ * Create an instance of SSLContext with the specified trust/key materials.
+ */
+ private SSLContext createSSLContext(
+ String[] trustedMaterials,
+ String[] keyMaterialCerts,
+ String[] keyMaterialKeys,
+ String[] keyMaterialKeyAlgs,
+ String[] keyMaterialKeyNames,
+ ContextParameters params) throws Exception {
+
+ KeyStore ts = null; // trust store
+ KeyStore ks = null; // key store
+ char passphrase[] = "passphrase".toCharArray();
+
+ // Generate certificate from cert string.
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+ // Import the trused certs.
+ ByteArrayInputStream is;
+ if (trustedMaterials != null && trustedMaterials.length != 0) {
+ ts = KeyStore.getInstance("JKS");
+ ts.load(null, null);
+
+ Certificate[] trustedCert =
+ new Certificate[trustedMaterials.length];
+ for (int i = 0; i < trustedMaterials.length; i++) {
+ String trustedCertStr = trustedMaterials[i];
+
+ is = new ByteArrayInputStream(trustedCertStr.getBytes());
+ try {
+ trustedCert[i] = cf.generateCertificate(is);
+ } finally {
+ is.close();
+ }
+
+ ts.setCertificateEntry("trusted-cert-" + i, trustedCert[i]);
+ }
+ }
+
+ // Import the key materials.
+ //
+ // Note that certification pathes bigger than one are not supported yet.
+ boolean hasKeyMaterials =
+ (keyMaterialCerts != null) && (keyMaterialCerts.length != 0) &&
+ (keyMaterialKeys != null) && (keyMaterialKeys.length != 0) &&
+ (keyMaterialKeyAlgs != null) && (keyMaterialKeyAlgs.length != 0) &&
+ (keyMaterialCerts.length == keyMaterialKeys.length) &&
+ (keyMaterialCerts.length == keyMaterialKeyAlgs.length);
+ if (hasKeyMaterials) {
+ ks = KeyStore.getInstance("JKS");
+ ks.load(null, null);
+
+ for (int i = 0; i < keyMaterialCerts.length; i++) {
+ String keyCertStr = keyMaterialCerts[i];
+
+ // generate the private key.
+ PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
+ Base64.getMimeDecoder().decode(keyMaterialKeys[i]));
+ KeyFactory kf =
+ KeyFactory.getInstance(keyMaterialKeyAlgs[i]);
+ PrivateKey priKey = kf.generatePrivate(priKeySpec);
+
+ // generate certificate chain
+ is = new ByteArrayInputStream(keyCertStr.getBytes());
+ Certificate keyCert = null;
+ try {
+ keyCert = cf.generateCertificate(is);
+ } finally {
+ is.close();
+ }
+
+ Certificate[] chain = new Certificate[] { keyCert };
+
+ // import the key entry.
+ ks.setKeyEntry("cert-" + keyMaterialKeyNames[i],
+ priKey, passphrase, chain);
+ }
+ }
+
+ // Create an SSLContext object.
+ TrustManagerFactory tmf =
+ TrustManagerFactory.getInstance(params.tmAlgorithm);
+ tmf.init(ts);
+
+ SSLContext context = SSLContext.getInstance(params.contextProtocol);
+ if (hasKeyMaterials && ks != null) {
+ KeyManagerFactory kmf =
+ KeyManagerFactory.getInstance(params.kmAlgorithm);
+ kmf.init(ks, passphrase);
+
+ context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+ } else {
+ context.init(null, tmf.getTrustManagers(), null);
+ }
+
+ return context;
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/ssl/SSLSocketImpl/SSLExceptionForIOIssue.java Fri Dec 14 19:39:39 2018 -0800
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+//
+// Please run in othervm mode. SunJSSE does not support dynamic system
+// properties, no way to re-use system properties in samevm/agentvm mode.
+//
+
+/*
+ * @test
+ * @bug 8214339
+ * @summary SSLSocketImpl erroneously wraps SocketException
+ * @library /javax/net/ssl/templates
+ * @run main/othervm SSLExceptionForIOIssue
+ */
+
+import javax.net.ssl.*;
+import java.io.*;
+import java.net.InetAddress;
+
+public class SSLExceptionForIOIssue implements SSLContextTemplate {
+
+ public static void main(String[] args) throws Exception {
+ System.err.println("===================================");
+ new SSLExceptionForIOIssue().test();
+ }
+
+ private void test() throws Exception {
+ SSLServerSocket listenSocket = null;
+ SSLSocket serverSocket = null;
+ ClientSocket clientSocket = null;
+ try {
+ SSLServerSocketFactory serversocketfactory =
+ createServerSSLContext().getServerSocketFactory();
+ listenSocket =
+ (SSLServerSocket)serversocketfactory.createServerSocket(0);
+ listenSocket.setNeedClientAuth(false);
+ listenSocket.setEnableSessionCreation(true);
+ listenSocket.setUseClientMode(false);
+
+ System.err.println("Starting client");
+ clientSocket = new ClientSocket(listenSocket.getLocalPort());
+ clientSocket.start();
+
+ System.err.println("Accepting client requests");
+ serverSocket = (SSLSocket)listenSocket.accept();
+
+ if (!clientSocket.isDone) {
+ System.err.println("Waiting 3 seconds for client ");
+ Thread.sleep(3000);
+ }
+
+ System.err.println("Sending data to client ...");
+ String serverData = "Hi, I am server";
+ BufferedWriter os = new BufferedWriter(
+ new OutputStreamWriter(serverSocket.getOutputStream()));
+ os.write(serverData, 0, serverData.length());
+ os.newLine();
+ os.flush();
+ } catch (SSLProtocolException | SSLHandshakeException sslhe) {
+ throw sslhe;
+ } catch (SSLException ssle) {
+ // the expected exception, ignore it
+ System.err.println("server exception: " + ssle);
+ } finally {
+ if (listenSocket != null) {
+ listenSocket.close();
+ }
+
+ if (serverSocket != null) {
+ serverSocket.close();
+ }
+ }
+
+ if (clientSocket != null && clientSocket.clientException != null) {
+ throw clientSocket.clientException;
+ }
+ }
+
+
+
+ private class ClientSocket extends Thread{
+ boolean isDone = false;
+ int serverPort = 0;
+ Exception clientException;
+
+ public ClientSocket(int serverPort) {
+ this.serverPort = serverPort;
+ }
+
+ @Override
+ public void run() {
+ SSLSocket clientSocket = null;
+ String clientData = "Hi, I am client";
+ try {
+ System.err.println(
+ "Connecting to server at port " + serverPort);
+ SSLSocketFactory sslSocketFactory =
+ createClientSSLContext().getSocketFactory();
+ clientSocket = (SSLSocket)sslSocketFactory.createSocket(
+ InetAddress.getLocalHost(), serverPort);
+ clientSocket.setSoLinger(true, 3);
+ clientSocket.setSoTimeout(100);
+
+
+ System.err.println("Sending data to server ...");
+
+ BufferedWriter os = new BufferedWriter(
+ new OutputStreamWriter(clientSocket.getOutputStream()));
+ os.write(clientData, 0, clientData.length());
+ os.newLine();
+ os.flush();
+
+ System.err.println("Reading data from server");
+ BufferedReader is = new BufferedReader(
+ new InputStreamReader(clientSocket.getInputStream()));
+ String data = is.readLine();
+ System.err.println("Received Data from server: " + data);
+ } catch (SSLProtocolException | SSLHandshakeException sslhe) {
+ clientException = sslhe;
+ System.err.println("unexpected client exception: " + sslhe);
+ } catch (SSLException ssle) {
+ // the expected exception, ignore it
+ System.err.println("expected client exception: " + ssle);
+ } catch (Exception e) {
+ clientException = e;
+ System.err.println("unexpected client exception: " + e);
+ } finally {
+ if (clientSocket != null) {
+ try {
+ clientSocket.close();
+ System.err.println("client socket closed");
+ } catch (IOException ioe) {
+ clientException = ioe;
+ }
+ }
+
+ isDone = true;
+ }
+ }
+ }
+}