# HG changeset patch # User xuelei # Date 1389676378 28800 # Node ID d72c97c708ae7005c3c6d7c9df7e6a6d22f28f45 # Parent 13f418b13938b28ad522ba43647f5908ff377ef6 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property Reviewed-by: mullan, weijun diff -r 13f418b13938 -r d72c97c708ae jdk/src/share/lib/security/java.security-linux --- a/jdk/src/share/lib/security/java.security-linux Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/src/share/lib/security/java.security-linux Mon Jan 13 21:12:58 2014 -0800 @@ -470,7 +470,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing diff -r 13f418b13938 -r d72c97c708ae jdk/src/share/lib/security/java.security-macosx --- a/jdk/src/share/lib/security/java.security-macosx Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/src/share/lib/security/java.security-macosx Mon Jan 13 21:12:58 2014 -0800 @@ -471,7 +471,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing diff -r 13f418b13938 -r d72c97c708ae jdk/src/share/lib/security/java.security-solaris --- a/jdk/src/share/lib/security/java.security-solaris Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/src/share/lib/security/java.security-solaris Mon Jan 13 21:12:58 2014 -0800 @@ -470,7 +470,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing diff -r 13f418b13938 -r d72c97c708ae jdk/src/share/lib/security/java.security-windows --- a/jdk/src/share/lib/security/java.security-windows Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/src/share/lib/security/java.security-windows Mon Jan 13 21:12:58 2014 -0800 @@ -471,7 +471,7 @@ # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 # # -jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 +jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing diff -r 13f418b13938 -r d72c97c708ae jdk/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java --- a/jdk/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,12 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 6852744 @@ -234,6 +240,10 @@ public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); X509CertSelector selector = generateSelector(args[0]); diff -r 13f418b13938 -r d72c97c708ae jdk/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java --- a/jdk/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,12 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 6852744 @@ -277,6 +283,10 @@ public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); X509CertSelector selector = generateSelector(args[0]); diff -r 13f418b13938 -r d72c97c708ae jdk/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java --- a/jdk/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,12 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 6852744 @@ -283,6 +289,10 @@ public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); X509CertSelector selector = generateSelector(args[0]); diff -r 13f418b13938 -r d72c97c708ae jdk/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java --- a/jdk/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/java/security/cert/CertPathValidator/OCSP/AIACheck.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,12 +21,19 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 5072953 * @summary Verify that the URL for an OCSP responder can be extracted from a * certificate's AuthorityInfoAccess extension when OCSP certifiate * validation has been enabled. + * @run main/othervm AIACheck */ import java.io.*; @@ -51,6 +58,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + X509Certificate aiaCert = loadCertificate("AIACert.pem"); X509Certificate rootCert = loadCertificate("RootCert.pem"); diff -r 13f418b13938 -r d72c97c708ae jdk/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java --- a/jdk/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,16 +21,24 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * @bug 6383095 * @summary CRL revoked certificate failures masked by OCSP failures - * + * @run main/othervm FailoverToCRL + * @author Xuelei Fan + */ + +/* * Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to * Dec 1 14:55:35 2028 GMT, please update it with newer certificate if * expires. - * - * @author Xuelei Fan */ /* @@ -229,6 +237,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore(); diff -r 13f418b13938 -r d72c97c708ae jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java --- a/jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed + * @run main/othervm CircularCRLOneLevel * @author Xuelei Fan */ @@ -158,6 +165,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore(); diff -r 13f418b13938 -r d72c97c708ae jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java --- a/jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed + * @run main/othervm CircularCRLOneLevelRevoked * @author Xuelei Fan */ @@ -159,6 +166,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore(); diff -r 13f418b13938 -r d72c97c708ae jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java --- a/jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed + * @run main/othervm CircularCRLTwoLevel * @author Xuelei Fan */ @@ -210,6 +217,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore(); diff -r 13f418b13938 -r d72c97c708ae jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java --- a/jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /** * @test * * @bug 6720721 * @summary CRL check with circular depency support needed + * @run main/othervm CircularCRLTwoLevelRevoked * @author Xuelei Fan */ @@ -211,6 +218,10 @@ } public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CertPath path = generateCertificatePath(); Set anchors = generateTrustAnchors(); CertStore crls = generateCertificateStore(); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ec/TestEC.java --- a/jdk/test/sun/security/ec/TestEC.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ec/TestEC.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -59,6 +59,10 @@ public class TestEC { public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + ProvidersSnapshot snapshot = ProvidersSnapshot.create(); try { main0(args); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java --- a/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Mon Jan 13 21:12:58 2014 -0800 @@ -48,6 +48,10 @@ } public void main(Provider p) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (p.getService("KeyFactory", "EC") == null) { System.out.println("Provider does not support EC, skipping"); return; diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java Mon Jan 13 21:12:58 2014 -0800 @@ -0,0 +1,449 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// This test case relies on static security property, no way to re-use +// security property in samevm/agentvm mode. + +/** + * @test + * + * @bug 8030829 + * @summary Add MD5 to jdk.certpath.disabledAlgorithms security property + * + * @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_1024 0 true + * @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_512 0 true + * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_1024 1 true + * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_512 1 false + * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_1024 1 false + * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_512 1 false + * @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_1024 1 false + * @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_512 1 false + * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_1024 2 true + * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_512 2 false + * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_1024 2 false + * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_512 2 false + * @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_1024 2 false + * @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_512 2 false + * + * @author Xuelei Fan + */ + +/* + * The generate.sh was designed to generate MD2 signed certificates. The + * certificates used in this test are generated by an updated generate.sh that + * replacing MD2 with MD5 algorithm. + */ +import java.io.*; +import java.net.SocketException; +import java.util.*; +import java.security.Security; +import java.security.cert.*; +import sun.security.util.DerInputStream; + +public class CPBuilderWithMD5 { + + // SHA1withRSA 1024 + static String trustAnchor_SHA1withRSA_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" + + "AQUAA4GNADCBiQKBgQDn3JSHACqi/bcohVy7eFqDs3L5ehnXmF9Jrg4rMRUeNrxA\n" + + "61F8bJ9JXx4j8WyqmT0TtokgXuqGxbsXRQVVw4AdXLF2PwCs/y+Y+AwU59uDHA3J\n" + + "AMk4VvjV9MB2Ea6YzuLnbbj/TNrfxB6LZ7KBvh0fYGt2T40yMvOvilU/f6e3zQID\n" + + "AQABo4GJMIGGMB0GA1UdDgQWBBSIxINDFVm8GpUz3v+BbWNmDEKP7TBHBgNVHSME\n" + + "QDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" + + "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" + + "DQYJKoZIhvcNAQEFBQADgYEAt0mYDXTpInrGvEOylIL2gx65A/bpdz9iDQsSs5sZ\n" + + "r3m0v9zJnzR8lRqN4GbaD1vrFdkUrIoObcvXjXitnf5QqDzmc9BbIYj83Ft8QSUj\n" + + "jCMy04EGT/7ATss4SiFEu6sJpmOBjsgH6wYuobR27wl/01XOu2CXUo3OOjgAoPBs\n" + + "QoQ=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 + static String trustAnchor_SHA1withRSA_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" + + "BQADSwAwSAJBANLqQkOpH7rBTo/a2ccYjJxvNib/Lxm6UXO1uAd/0AUzPWzJsOpB\n" + + "u2zyD26UYc0GNyXCkWMZ44FrtSQ8VI146j8CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" + + "5PVLxBY//smN31jHb/MAmCEz5NIwRwYDVR0jBEAwPoAU5PVLxBY//smN31jHb/MA\n" + + "mCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" + + "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAzF9E\n" + + "dXYPLqziCRY45IHCUtxaLjLQmwsjEu91TV4xyuuozGEumcqH7m6Hg6Ohnd1FGfsN\n" + + "X+vt1tdaDIu9+OzGjQ==\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 1024 + static String intermediate_SHA1withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICUDCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + + "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + + "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + + "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + + "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEA0673aIUF2k20jkpR\n" + + "4USN9UkbfX57Uazhl4n765EeAiteWnTzKztISeH1GTrCw7bSl1r07aaflsnbKOHC\n" + + "RrL2RxbxNwQARvuuCxr664vXnsGrt86xA5F2iNF22uDM/5HA5sIfBmEk5xXSLrgH\n" + + "I7jOaYqAA1b8C+4DU2Z5ZgO4LOA=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 512 + static String intermediate_SHA1withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDzCCAbmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + + "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + + "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + + "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + + "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQAihshnF7RWZ13tUGsH\n" + + "iM4i8HmBjw2+pwW/cs0E8BcycYEy3beWMcL1Np2yfOa/7K5ZvGPhe/piwzTel+Kt\n" + + "5VLm\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 1024 + static String intermediate_SHA1withRSA_512_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDDCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" + + "lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" + + "AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" + + "PoAUiMSDQxVZvBqVM97/gW1jZgxCj+2hI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + + "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + + "CSqGSIb3DQEBBQUAA4GBAAHN8XUTT6asa1MvpfqAvKTH6tNrMOmzoFsUamPxSrUB\n" + + "tnBv/fa/E9+1QvQwl3g6luVXBkQf2/nVD0195IdkEuD/C6psuGKerXmiaRMv5Wcs\n" + + "B+8bTzhNxMzHKPZDJ8Tf/RD3XpPvtxw0T+I5xud68FH/WDhJtu7TiXPAhs7srtHt\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 512 + static String intermediate_SHA1withRSA_512_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIByzCCAXWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" + + "lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" + + "AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" + + "PoAU5PVLxBY//smN31jHb/MAmCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + + "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + + "CSqGSIb3DQEBBQUAA0EASLN+1/pfo+9ty5EaYkoPu4QeYGr+5wmXyDceiaED/Lok\n" + + "RdV0ZH0qwD4kiarlJssNOgMCk+2EzgvXcIhEMDa5hA==\n" + + "-----END CERTIFICATE-----"; + + // MD5withRSA 1024 signed with RSA 1024 + static String intermediate_MD5withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICUDCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + + "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + + "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + + "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + + "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADgYEAerx2je3FBVn2eoPs\n" + + "nTzLKILezqCTCO7mXWiyBidRhh4RGdM8JggMN5SRmuwRurxfYFgPfqmAenWtEFqO\n" + + "xZrTXQUvIrrEgpzqkfppFnkCh4kDsX4roD5Nho3J4MTBQkqE0r676Yq6Rp6cywCq\n" + + "CHQQztRGY7n/ZYRNJ3uzvuoT1tk=\n" + + "-----END CERTIFICATE-----"; + + // MD5withRSA 1024 signed with RSA 512 + static String intermediate_MD5withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDzCCAbmgAwIBAgIBCDANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MTBaFw0zMzA5MTQxMTA5MTBa\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + + "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + + "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + + "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + + "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADQQA3XGQPNin8cDIsJ4vx\n" + + "tTxUO6XVJoWOdTsjwzlMrPmLvjJNZeXLtQe3pQu0vjgyUpQ59VYLW3qKN/LF3UH0\n" + + "Ep7V\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 1024 + static String endentiry_SHA1withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + + "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + + "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + + "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + + "8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" + + "9w0BAQUFAAOBgQB2RkWHOaL4WTOGoeTS4J4o9FW+4UXihbocdI/64rMExERjDkE/\n" + + "Jh31TEmatnP1gPrF1AfmqQPubqVSbRtCHrZF+Ilk6L6YeyRNzKvsLiMUtgrLYLas\n" + + "Vop0DFZxR02xHgaJdoJkcWBjNadb9zG7eZtt8OOOJ4lRwg02aLTy+WDqPA==\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 512 + static String endentiry_SHA1withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + + "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + + "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + + "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + + "8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" + + "9w0BAQUFAANBAIapvjECUm4YD4O99G0v2SM17cKQzjZtSWkScS7FSk4sxS+dP3hM\n" + + "Qb2UpoRl6CGynhOVVy2G/VJN8BEqOfywj8k=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 1024 + static String endentiry_SHA1withRSA_512_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + + "DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" + + "E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" + + "AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" + + "CLGg2S/eJC7oPwNTeBJDTgOM+OwwDQYJKoZIhvcNAQEFBQADgYEAMd/8XnjRz5jK\n" + + "nbss9DDQQC2mUuCbV/tGdke7eQ1DtBVZLBU6wDgisGr52sUXmyZIPmSVKpQqwCG5\n" + + "8cY5uQhaNwPtPmMMKXzX32zN9NhVkiDNceL+zHs3vdjD1i/QiUTST+NKfLYVb6dF\n" + + "YMG65lxe3gMVxMweiHSZSukmk1k3gUA=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 512 + static String endentiry_SHA1withRSA_512_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + + "DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" + + "E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" + + "AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" + + "88OD48Osuh7lJiLnhfMhrySqW8QwDQYJKoZIhvcNAQEFBQADQQB4xFWtC6ijDBIe\n" + + "/Gkf3B9+ycmP52pTPNiPwMS6u1a5vTRXMn5xRDexWfxJKJVZ2s9UR1jheZvWgPC8\n" + + "VUWO8bbG\n" + + "-----END CERTIFICATE-----"; + + // MD5withRSA 1024 signed with RSA 1024 + static String endentiry_MD5withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + + "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + + "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + + "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + + "8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" + + "9w0BAQQFAAOBgQBCVn9/JQxsRTaKIKSrgB+KtEreat+33k3SXuJICuRxcmvjOXIx\n" + + "wSdq+mRCA+DpIPSNtgnDAUyipnyxRxpdmRRUHuRYpkALq4a5QtTJK0Y/CEMfsd2J\n" + + "Yd2zKcfynDLW6LVeNdtjlY7fTemJnbA/WImNhwyW55V9vbnk3J04EZN8jw==\n" + + "-----END CERTIFICATE-----"; + + // MD5withRSA 1024 signed with RSA 512 + static String endentiry_MD5withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + + "MTNaFw0zMzA5MTQxMTA5MTNaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + + "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + + "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + + "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + + "8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" + + "9w0BAQQFAANBAAbZwmkqb6sfiiIxuLnj6PjhJsXGfvPomkkbLu5CapAMhen/p6ZG\n" + + "6vh69TbIsBR9UHu7qDyTl5Xax7bmYeW+sDQ=\n" + + "-----END CERTIFICATE-----"; + + static HashMap certmap = new HashMap(); + static { + certmap.put("trustAnchor_SHA1withRSA_1024", + trustAnchor_SHA1withRSA_1024); + certmap.put("trustAnchor_SHA1withRSA_512", + trustAnchor_SHA1withRSA_512); + certmap.put("intermediate_SHA1withRSA_1024_1024", + intermediate_SHA1withRSA_1024_1024); + certmap.put("intermediate_SHA1withRSA_1024_512", + intermediate_SHA1withRSA_1024_512); + certmap.put("intermediate_SHA1withRSA_512_1024", + intermediate_SHA1withRSA_512_1024); + certmap.put("intermediate_SHA1withRSA_512_512", + intermediate_SHA1withRSA_512_512); + certmap.put("intermediate_MD5withRSA_1024_1024", + intermediate_MD5withRSA_1024_1024); + certmap.put("intermediate_MD5withRSA_1024_512", + intermediate_MD5withRSA_1024_512); + certmap.put("endentiry_SHA1withRSA_1024_1024", + endentiry_SHA1withRSA_1024_1024); + certmap.put("endentiry_SHA1withRSA_1024_512", + endentiry_SHA1withRSA_1024_512); + certmap.put("endentiry_SHA1withRSA_512_1024", + endentiry_SHA1withRSA_512_1024); + certmap.put("endentiry_SHA1withRSA_512_512", + endentiry_SHA1withRSA_512_512); + certmap.put("endentiry_MD5withRSA_1024_1024", + endentiry_MD5withRSA_1024_1024); + certmap.put("endentiry_MD5withRSA_1024_512", + endentiry_MD5withRSA_1024_512); + } + + private static Set generateTrustAnchors() + throws CertificateException { + // generate certificate from cert string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + HashSet anchors = new HashSet(); + + ByteArrayInputStream is = + new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes()); + Certificate cert = cf.generateCertificate(is); + TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null); + anchors.add(anchor); + + is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes()); + cert = cf.generateCertificate(is); + anchor = new TrustAnchor((X509Certificate)cert, null); + anchors.add(anchor); + + return anchors; + } + + private static CertStore generateCertificateStore() throws Exception { + Collection entries = new HashSet(); + + // generate certificate from certificate string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + for (String key : certmap.keySet()) { + String certStr = certmap.get(key); + ByteArrayInputStream is = + new ByteArrayInputStream(certStr.getBytes());; + Certificate cert = cf.generateCertificate(is); + entries.add(cert); + } + + return CertStore.getInstance("Collection", + new CollectionCertStoreParameters(entries)); + } + + private static X509CertSelector generateSelector(String name) + throws Exception { + X509CertSelector selector = new X509CertSelector(); + + String certStr = certmap.get(name); + if (certStr == null) { + return null; + } + + // generate certificate from certificate string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); + X509Certificate target = (X509Certificate)cf.generateCertificate(is); + + selector.setCertificate(target); + + return selector; + } + + private static boolean match(String name, Certificate cert) + throws Exception { + X509CertSelector selector = new X509CertSelector(); + + String certStr = certmap.get(name); + if (certStr == null) { + return false; + } + + // generate certificate from certificate string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); + X509Certificate target = (X509Certificate)cf.generateCertificate(is); + + return target.equals(cert); + } + + public static void main(String args[]) throws Exception { + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); + + X509CertSelector selector = generateSelector(args[0]); + if (selector == null) { + // no target certificate, ignore it + return; + } + + Set anchors = generateTrustAnchors(); + CertStore certs = generateCertificateStore(); + + PKIXBuilderParameters params = + new PKIXBuilderParameters(anchors, selector); + params.addCertStore(certs); + params.setRevocationEnabled(false); + params.setDate(new Date(114, 9, 1)); // 2014-09-01 + + boolean success = Boolean.valueOf(args[2]); + try { + PKIXCertPathBuilderResult result = + (PKIXCertPathBuilderResult)builder.build(params); + if (!success) { + throw new Exception("expected algorithm disabled exception"); + } + + int length = Integer.parseInt(args[1]); + List path = + result.getCertPath().getCertificates(); + if (length != path.size()) { + throw new Exception("unexpected certification path length"); + } + + if (!path.isEmpty()) { // the target is not a trust anchor + if (!match(args[0], path.get(0))) { + throw new Exception("unexpected certificate"); + } + } + } catch (CertPathBuilderException cpbe) { + if (success) { + throw new Exception("unexpected exception", cpbe); + } else { + System.out.println("Get the expected exception " + cpbe); + } + } + } + +} diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java --- a/jdk/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,15 +21,23 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /* * @test * @bug 7167988 * @summary PKIX CertPathBuilder in reverse mode doesn't work if more than * one trust anchor is specified + * @run main/othervm ReverseBuild */ import java.io.*; import java.util.*; import java.security.cert.*; +import java.security.Security; import sun.security.provider.certpath.SunCertPathBuilderParameters; @@ -279,6 +287,9 @@ public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); // generate certificate from cert string CertificateFactory cf = CertificateFactory.getInstance("X.509"); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java --- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/MD2InTrustAnchor.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,13 +23,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 7113275 * @summary compatibility issue with MD2 trust anchor and old X509TrustManager - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @run main/othervm MD2InTrustAnchor PKIX TLSv1.1 * @run main/othervm MD2InTrustAnchor SunX509 TLSv1.1 * @run main/othervm MD2InTrustAnchor PKIX TLSv1.2 @@ -40,6 +42,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -283,6 +286,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all"); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java --- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/TrustTrustedCert.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,13 +23,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 7113275 * @summary compatibility issue with MD2 trust anchor and old X509TrustManager - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @run main/othervm TrustTrustedCert PKIX TLSv1.1 * @run main/othervm TrustTrustedCert SunX509 TLSv1.1 * @run main/othervm TrustTrustedCert PKIX TLSv1.2 @@ -336,6 +338,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all"); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java --- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509KeyManager/PreferredKey.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,11 +21,18 @@ * questions. */ +// +// Security properties, once set, cannot revert to unset. To avoid +// conflicts with tests running in the same VM isolate this test by +// running it in otherVM mode. +// + /* * @test * @bug 6302644 * @summary X509KeyManager implementation for NewSunX509 doesn't return most * preferable key + * @run main/othervm PreferredKey */ import java.io.*; import java.net.*; @@ -49,6 +56,10 @@ public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + KeyStore ks; KeyManagerFactory kmf; X509KeyManager km; diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java --- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/BasicConstraints.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,14 +21,16 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 7166570 * @summary JSSE certificate validation has started to fail for * certificate chains - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @run main/othervm BasicConstraints PKIX * @run main/othervm BasicConstraints SunX509 */ @@ -37,6 +39,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.*; @@ -454,6 +457,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all"); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java --- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,21 +21,23 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// /* * @test * @bug 6916074 * @summary Add support for TLS 1.2 * @run main/othervm PKIXExtendedTM - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. */ import java.net.*; import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -791,6 +793,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all"); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java --- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,15 +21,17 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 6822460 * @summary support self-issued certificate * @run main/othervm SelfIssuedCert PKIX * @run main/othervm SelfIssuedCert SunX509 - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -37,6 +39,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -302,6 +305,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all"); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java --- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,20 +21,23 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 6916074 * @summary Add support for TLS 1.2 * @run main/othervm SunX509ExtendedTM - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. */ import java.net.*; import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -792,6 +795,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all"); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java --- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,18 +21,21 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 6668231 * @summary Presence of a critical subjectAltName causes JSSE's SunX509 to * fail trusted checks * @run main/othervm CriticalSubjectAltName - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. - * * @author Xuelei Fan - * + */ + +/* * This test depends on binary keystore, crisubn.jks and trusted.jks. Because * JAVA keytool cannot generate X509 certificate with SubjectAltName extension, * the certificates are generated with openssl toolkits and then imported into @@ -47,6 +50,7 @@ import java.io.*; import java.net.*; import javax.net.ssl.*; +import java.security.Security; import java.security.cert.Certificate; public class CriticalSubjectAltName implements HostnameVerifier { @@ -154,6 +158,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + keyStoreFile; diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java --- a/jdk/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/javax/net/ssl/ServerName/SSLSocketSNISensitive.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -44,6 +44,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -431,6 +432,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all"); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java --- a/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,15 +23,16 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 4873188 * @summary Support TLS 1.1 * @run main/othervm EmptyCertificateAuthorities - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. - * * @author Xuelei Fan */ @@ -228,6 +229,10 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + keyStoreFile; diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java --- a/jdk/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,10 +28,15 @@ * @author Andreas Sterbenz * @run main/othervm/timeout=300 ClientJSSEServerJSSE */ +import java.security.Security; public class ClientJSSEServerJSSE { public static void main(String[] args) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + CipherTest.main(new JSSEFactory(), args); } diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,13 +21,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* @test * @bug 6766775 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @run main/othervm DNSIdentities - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -35,6 +37,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -743,6 +746,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all"); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,13 +21,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* @test * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @bug 6766775 * @run main/othervm IPAddressIPIdentities - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -35,6 +37,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -744,6 +747,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all"); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,13 +21,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* @test * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @bug 6766775 * @run main/othervm IPIdentities - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -35,6 +37,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -743,6 +746,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all"); diff -r 13f418b13938 -r d72c97c708ae jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java Mon Jan 13 20:56:18 2014 -0800 +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java Mon Jan 13 21:12:58 2014 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,13 +21,15 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* @test * @bug 6766775 * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @run main/othervm Identities - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -35,6 +37,7 @@ import java.util.*; import java.io.*; import javax.net.ssl.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -743,6 +746,10 @@ volatile Exception clientException = null; public static void main(String args[]) throws Exception { + // MD5 is used in this test case, don't disable MD5 algorithm. + Security.setProperty( + "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + if (debug) System.setProperty("javax.net.debug", "all");