archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-20 19:14:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge

Browse source
This commit is contained in:
Jesper Wilhelmsson 2019-06-21 04:16:18 +02:00
commit 86ce4e9448
13 changed files with 335 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.hgtags
View file

@ -565,4 +565,5 @@ b034d2dee5fc93d42a81b65e58ce3f91e42586ff jdk-13+23
22b3b7983adab54e318f75aeb94471f7a4429c1e jdk-14+0 22b3b7983adab54e318f75aeb94471f7a4429c1e jdk-14+0
22b3b7983adab54e318f75aeb94471f7a4429c1e jdk-13+25 22b3b7983adab54e318f75aeb94471f7a4429c1e jdk-13+25
2f4e214781a1d597ed36bf5a36f20928c6c82996 jdk-14+1 2f4e214781a1d597ed36bf5a36f20928c6c82996 jdk-14+1
0692b67f54621991ba7afbf23e55b788f3555e69 jdk-13+26
43627549a488b7d0b4df8fad436e36233df89877 jdk-14+2 43627549a488b7d0b4df8fad436e36233df89877 jdk-14+2

4
make/autoconf/bootcycle-spec.gmk.in
View file

@ -62,3 +62,7 @@ ifeq ($(OPENJDK_TARGET_CPU_BITS), 32)
endif endif
# The bootcycle JVM arguments may differ from the original boot jdk. # The bootcycle JVM arguments may differ from the original boot jdk.
JAVA_FLAGS_BIG := @BOOTCYCLE_JVM_ARGS_BIG@ JAVA_FLAGS_BIG := @BOOTCYCLE_JVM_ARGS_BIG@
# Any CDS settings generated for the bootjdk are invalid in the bootcycle build.
# By filtering out those JVM args, the bootcycle JVM will use its default
# settings for CDS.
JAVA_FLAGS := $(filter-out -XX:SharedArchiveFile% -Xshare%, $(JAVA_FLAGS))

2
src/hotspot/os/linux/perfMemory_linux.cpp
View file

@ -661,7 +661,7 @@ static int get_namespace_pid(int vmid) {
if (fp) { if (fp) {
int pid, nspid; int pid, nspid;
int ret; int ret;
while (!feof(fp)) { while (!feof(fp) && !ferror(fp)) {
ret = fscanf(fp, "NSpid: %d %d", &pid, &nspid); ret = fscanf(fp, "NSpid: %d %d", &pid, &nspid);
if (ret == 1) { if (ret == 1) {
break; break;

7
src/hotspot/share/code/nmethod.cpp
View file

@ -1473,6 +1473,13 @@ oop nmethod::oop_at(int index) const {
return NativeAccess<AS_NO_KEEPALIVE>::oop_load(oop_addr_at(index)); return NativeAccess<AS_NO_KEEPALIVE>::oop_load(oop_addr_at(index));
} }
oop nmethod::oop_at_phantom(int index) const {
if (index == 0) {
return NULL;
}
return NativeAccess<ON_PHANTOM_OOP_REF>::oop_load(oop_addr_at(index));
}
// //
// Notify all classes this nmethod is dependent on that it is no // Notify all classes this nmethod is dependent on that it is no
// longer dependent. This should only be called in two situations. // longer dependent. This should only be called in two situations.

1
src/hotspot/share/code/nmethod.hpp
View file

@ -392,6 +392,7 @@ class nmethod : public CompiledMethod {
// Support for oops in scopes and relocs: // Support for oops in scopes and relocs:
// Note: index 0 is reserved for null. // Note: index 0 is reserved for null.
oop oop_at(int index) const; oop oop_at(int index) const;
oop oop_at_phantom(int index) const; // phantom reference
oop* oop_addr_at(int index) const { // for GC oop* oop_addr_at(int index) const { // for GC
// relocation indexes are biased by 1 (because 0 is reserved) // relocation indexes are biased by 1 (because 0 is reserved)
assert(index > 0 && index <= oops_count(), "must be a valid non-zero index"); assert(index > 0 && index <= oops_count(), "must be a valid non-zero index");

4
src/hotspot/share/jvmci/jvmciCompilerToVM.cpp
View file

@ -2416,7 +2416,7 @@ C2V_VMENTRY_0(jlong, translate, (JNIEnv* env, jobject, jobject obj_handle))
if (peerEnv->is_hotspot()) { if (peerEnv->is_hotspot()) {
// Only the mirror in the HotSpot heap is accessible // Only the mirror in the HotSpot heap is accessible
// through JVMCINMethodData // through JVMCINMethodData
oop nmethod_mirror = data->get_nmethod_mirror(nm); oop nmethod_mirror = data->get_nmethod_mirror(nm, /* phantom_ref */ true);
if (nmethod_mirror != NULL) { if (nmethod_mirror != NULL) {
result = HotSpotJVMCI::wrap(nmethod_mirror); result = HotSpotJVMCI::wrap(nmethod_mirror);
} }
@ -2443,7 +2443,7 @@ C2V_VMENTRY_0(jlong, translate, (JNIEnv* env, jobject, jobject obj_handle))
if (data == NULL) { if (data == NULL) {
JVMCI_THROW_MSG_0(IllegalArgumentException, "Cannot set HotSpotNmethod mirror for default nmethod"); JVMCI_THROW_MSG_0(IllegalArgumentException, "Cannot set HotSpotNmethod mirror for default nmethod");
} }
if (data->get_nmethod_mirror(nm) != NULL) { if (data->get_nmethod_mirror(nm, /* phantom_ref */ false) != NULL) {
JVMCI_THROW_MSG_0(IllegalArgumentException, "Cannot overwrite existing HotSpotNmethod mirror for nmethod"); JVMCI_THROW_MSG_0(IllegalArgumentException, "Cannot overwrite existing HotSpotNmethod mirror for nmethod");
} }
oop nmethod_mirror = HotSpotJVMCI::resolve(result); oop nmethod_mirror = HotSpotJVMCI::resolve(result);

14
src/hotspot/share/jvmci/jvmciRuntime.cpp
View file

@ -700,11 +700,15 @@ void JVMCINMethodData::add_failed_speculation(nmethod* nm, jlong speculation) {
FailedSpeculation::add_failed_speculation(nm, _failed_speculations, data, length); FailedSpeculation::add_failed_speculation(nm, _failed_speculations, data, length);
} }
oop JVMCINMethodData::get_nmethod_mirror(nmethod* nm) { oop JVMCINMethodData::get_nmethod_mirror(nmethod* nm, bool phantom_ref) {
if (_nmethod_mirror_index == -1) { if (_nmethod_mirror_index == -1) {
return NULL; return NULL;
} }
return nm->oop_at(_nmethod_mirror_index); if (phantom_ref) {
return nm->oop_at_phantom(_nmethod_mirror_index);
} else {
return nm->oop_at(_nmethod_mirror_index);
}
} }
void JVMCINMethodData::set_nmethod_mirror(nmethod* nm, oop new_mirror) { void JVMCINMethodData::set_nmethod_mirror(nmethod* nm, oop new_mirror) {
@ -728,7 +732,7 @@ void JVMCINMethodData::clear_nmethod_mirror(nmethod* nm) {
} }
void JVMCINMethodData::invalidate_nmethod_mirror(nmethod* nm) { void JVMCINMethodData::invalidate_nmethod_mirror(nmethod* nm) {
oop nmethod_mirror = get_nmethod_mirror(nm); oop nmethod_mirror = get_nmethod_mirror(nm, /* phantom_ref */ true);
if (nmethod_mirror == NULL) { if (nmethod_mirror == NULL) {
return; return;
} }
@ -1530,7 +1534,7 @@ JVMCI::CodeInstallResult JVMCIRuntime::register_method(JVMCIEnv* JVMCIENV,
JVMCINMethodData* data = nm->jvmci_nmethod_data(); JVMCINMethodData* data = nm->jvmci_nmethod_data();
assert(data != NULL, "must be"); assert(data != NULL, "must be");
if (install_default) { if (install_default) {
assert(!nmethod_mirror.is_hotspot() || data->get_nmethod_mirror(nm) == NULL, "must be"); assert(!nmethod_mirror.is_hotspot() || data->get_nmethod_mirror(nm, /* phantom_ref */ false) == NULL, "must be");
if (entry_bci == InvocationEntryBci) { if (entry_bci == InvocationEntryBci) {
if (TieredCompilation) { if (TieredCompilation) {
// If there is an old version we're done with it // If there is an old version we're done with it
@ -1565,7 +1569,7 @@ JVMCI::CodeInstallResult JVMCIRuntime::register_method(JVMCIEnv* JVMCIENV,
InstanceKlass::cast(method->method_holder())->add_osr_nmethod(nm); InstanceKlass::cast(method->method_holder())->add_osr_nmethod(nm);
} }
} else { } else {
assert(!nmethod_mirror.is_hotspot() || data->get_nmethod_mirror(nm) == HotSpotJVMCI::resolve(nmethod_mirror), "must be"); assert(!nmethod_mirror.is_hotspot() || data->get_nmethod_mirror(nm, /* phantom_ref */ false) == HotSpotJVMCI::resolve(nmethod_mirror), "must be");
} }
nm->make_in_use(); nm->make_in_use();
} }

2
src/hotspot/share/jvmci/jvmciRuntime.hpp
View file

@ -74,7 +74,7 @@ public:
void invalidate_nmethod_mirror(nmethod* nm); void invalidate_nmethod_mirror(nmethod* nm);
// Gets the mirror from nm's oops table. // Gets the mirror from nm's oops table.
oop get_nmethod_mirror(nmethod* nm); oop get_nmethod_mirror(nmethod* nm, bool phantom_ref);
// Sets the mirror in nm's oops table. // Sets the mirror in nm's oops table.
void set_nmethod_mirror(nmethod* nm, oop mirror); void set_nmethod_mirror(nmethod* nm, oop mirror);

34
src/java.base/share/classes/sun/security/ssl/SignatureScheme.java
View file

@ -39,6 +39,7 @@ import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import sun.security.ssl.NamedGroup.NamedGroupType; import sun.security.ssl.NamedGroup.NamedGroupType;
import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
import sun.security.ssl.X509Authentication.X509Possession; import sun.security.ssl.X509Authentication.X509Possession;
import sun.security.util.KeyUtil; import sun.security.util.KeyUtil;
import sun.security.util.SignatureUtil; import sun.security.util.SignatureUtil;
@ -440,6 +441,39 @@ enum SignatureScheme {
ss.namedGroup == NamedGroup.valueOf(params)) { ss.namedGroup == NamedGroup.valueOf(params)) {
return ss; return ss;
} }
if (SSLLogger.isOn &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore the signature algorithm (" + ss +
"), unsupported EC parameter spec: " + params);
}
} else if ("EC".equals(ss.keyAlgorithm)) {
// Must be a legacy signature algorithm, which does not
// specify the associated named groups. The connection
// cannot be established if the peer cannot recognize
// the named group used for the signature. RFC 8446
// does not define countermeasures for the corner cases.
// In order to mitigate the impact, we choose to check
// against the local supported named groups. The risk
// should be minimal as applications should not use
// unsupported named groups for its certificates.
ECParameterSpec params =
x509Possession.getECParameterSpec();
if (params != null) {
NamedGroup keyGroup = NamedGroup.valueOf(params);
if (keyGroup != null &&
SupportedGroups.isSupported(keyGroup)) {
return ss;
}
}
if (SSLLogger.isOn &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore the legacy signature algorithm (" + ss +
"), unsupported EC parameter spec: " + params);
}
} else { } else {
return ss; return ss;
} }

17
src/java.base/share/classes/sun/security/ssl/X509Authentication.java
View file

@ -69,7 +69,7 @@ enum X509Authentication implements SSLAuthentication {
final String keyType; final String keyType;
final SSLPossessionGenerator possessionGenerator; final SSLPossessionGenerator possessionGenerator;
X509Authentication(String keyType, private X509Authentication(String keyType,
SSLPossessionGenerator possessionGenerator) { SSLPossessionGenerator possessionGenerator) {
this.keyType = keyType; this.keyType = keyType;
this.possessionGenerator = possessionGenerator; this.possessionGenerator = possessionGenerator;
@ -326,10 +326,12 @@ enum X509Authentication implements SSLAuthentication {
return null; return null;
} }
// For ECC certs, check whether we support the EC domain // For TLS 1.2 and prior versions, the public key of a EC cert
// parameters. If the client sent a SupportedEllipticCurves // MUST use a curve and point format supported by the client.
// ClientHello extension, check against that too. // But for TLS 1.3, signature algorithms are negotiated
if (keyType.equals("EC")) { // independently via the "signature_algorithms" extension.
if (!shc.negotiatedProtocol.useTLS13PlusSpec() &&
keyType.equals("EC")) {
if (!(serverPublicKey instanceof ECPublicKey)) { if (!(serverPublicKey instanceof ECPublicKey)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.warning(serverAlias + SSLLogger.warning(serverAlias +
@ -339,8 +341,9 @@ enum X509Authentication implements SSLAuthentication {
} }
// For ECC certs, check whether we support the EC domain // For ECC certs, check whether we support the EC domain
// parameters. If the client sent a SupportedEllipticCurves // parameters. If the client sent a supported_groups
// ClientHello extension, check against that too. // ClientHello extension, check against that too for
// TLS 1.2 and prior versions.
ECParameterSpec params = ECParameterSpec params =
((ECPublicKey)serverPublicKey).getParams(); ((ECPublicKey)serverPublicKey).getParams();
NamedGroup namedGroup = NamedGroup.valueOf(params); NamedGroup namedGroup = NamedGroup.valueOf(params);

6
src/jdk.compiler/share/classes/com/sun/tools/javac/resources/javac.properties
View file

@ -80,11 +80,11 @@ javac.opt.encoding=\
javac.opt.profile=\ javac.opt.profile=\
Check that API used is available in the specified profile Check that API used is available in the specified profile
javac.opt.target=\ javac.opt.target=\
Generate class files for specific VM version. Supported versions: {0} Generate class files suitable for the specified Java SE release. Supported releases: {0}
javac.opt.release=\ javac.opt.release=\
Compile for a specific release. Supported releases: {0} Compile for the specified Java SE release. Supported releases: {0}
javac.opt.source=\ javac.opt.source=\
Provide source compatibility with specified release. Supported releases: {0} Provide source compatibility with the specified Java SE release. Supported releases: {0}
javac.opt.Werror=\ javac.opt.Werror=\
Terminate compilation if warnings occur Terminate compilation if warnings occur
javac.opt.A=\ javac.opt.A=\

74
test/hotspot/jtreg/ProblemList-aot.txt Normal file
View file

@ -0,0 +1,74 @@
#
# Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
#############################################################################
#
# List of quarantined tests for testing with AOT.
#
#############################################################################
serviceability/sa/CDSJMapClstats.java 8216181 generic-all
serviceability/sa/ClhsdbAttach.java 8216181 generic-all
serviceability/sa/ClhsdbCDSCore.java 8216181 generic-all
serviceability/sa/ClhsdbCDSJstackPrintAll.java 8216181 generic-all
serviceability/sa/ClhsdbField.java 8216181 generic-all
serviceability/sa/ClhsdbFindPC.java 8216181 generic-all
serviceability/sa/ClhsdbFlags.java 8216181 generic-all
serviceability/sa/ClhsdbInspect.java 8216181 generic-all
serviceability/sa/ClhsdbJdis.java 8216181 generic-all
serviceability/sa/ClhsdbJhisto.java 8216181 generic-all
serviceability/sa/ClhsdbJstack.java 8216181 generic-all
serviceability/sa/ClhsdbLongConstant.java 8216181 generic-all
serviceability/sa/ClhsdbPmap.java 8216181 generic-all
serviceability/sa/ClhsdbPrintAll.java 8216181 generic-all
serviceability/sa/ClhsdbPrintAs.java 8216181 generic-all
serviceability/sa/ClhsdbPrintStatics.java 8216181 generic-all
serviceability/sa/ClhsdbPstack.java 8216181 generic-all
serviceability/sa/ClhsdbRegionDetailsScanOopsForG1.java 8216181 generic-all
serviceability/sa/ClhsdbScanOops.java 8216181 generic-all
serviceability/sa/ClhsdbSource.java 8216181 generic-all
serviceability/sa/ClhsdbThread.java 8216181 generic-all
serviceability/sa/ClhsdbVmStructsDump.java 8216181 generic-all
serviceability/sa/ClhsdbWhere.java 8216181 generic-all
serviceability/sa/DeadlockDetectionTest.java 8216181 generic-all
serviceability/sa/JhsdbThreadInfoTest.java 8216181 generic-all
serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java 8216181 generic-all
serviceability/sa/sadebugd/SADebugDTest.java 8216181 generic-all
serviceability/sa/TestClassDump.java 8216181 generic-all
serviceability/sa/TestClhsdbJstackLock.java 8216181 generic-all
serviceability/sa/TestCpoolForInvokeDynamic.java 8216181 generic-all
serviceability/sa/TestDefaultMethods.java 8216181 generic-all
serviceability/sa/TestG1HeapRegion.java 8216181 generic-all
serviceability/sa/TestHeapDumpForInvokeDynamic.java 8216181 generic-all
serviceability/sa/TestHeapDumpForLargeArray.java 8216181 generic-all
serviceability/sa/TestInstanceKlassSizeForInterface.java 8216181 generic-all
serviceability/sa/TestInstanceKlassSize.java 8216181 generic-all
serviceability/sa/TestIntConstant.java 8216181 generic-all
serviceability/sa/TestJhsdbJstackLock.java 8216181 generic-all
serviceability/sa/TestJhsdbJstackMixed.java 8216181 generic-all
serviceability/sa/TestJmapCore.java 8216181 generic-all
serviceability/sa/TestJmapCoreMetaspace.java 8216181 generic-all
serviceability/sa/TestPrintMdo.java 8216181 generic-all
serviceability/sa/TestRevPtrsForInvokeDynamic.java 8216181 generic-all
serviceability/sa/TestType.java 8216181 generic-all
serviceability/sa/TestUniverse.java 8216181 generic-all

188
test/jdk/sun/security/ssl/SignatureScheme/Tls13NamedGroups.java Normal file
View file

@ -0,0 +1,188 @@
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
//
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
//
/*
* @test
* @bug 8225766
* @summary Curve in certificate should not affect signature scheme
* when using TLSv1.3
* @library /javax/net/ssl/templates
* @run main/othervm Tls13NamedGroups
*/
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.*;
import java.security.cert.*;
import java.security.spec.*;
import java.security.interfaces.*;
import java.util.Base64;
public class Tls13NamedGroups extends SSLSocketTemplate {
public static void main(String[] args) throws Exception {
// Limit the supported named group to secp521r1.
System.setProperty("jdk.tls.namedGroups", "secp521r1");
new Tls13NamedGroups().run();
}
@Override
protected SSLContext createServerSSLContext() throws Exception {
return generateSSLContext();
}
@Override
protected void configureServerSocket(SSLServerSocket socket) {
socket.setNeedClientAuth(true);
}
@Override
protected SSLContext createClientSSLContext() throws Exception {
return generateSSLContext();
}
/*
* =============================================================
* The remainder is just support stuff
*/
// Certificates and key used in the test.
//
// Trusted Certificate.
static String trustedCertStr =
// SHA256withECDSA, curve prime256v1
// Validity
// Not Before: May 22 07:18:16 2018 GMT
// Not After : May 17 07:18:16 2038 GMT
// Subject Key Identifier:
// 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
"-----BEGIN CERTIFICATE-----\n" +
"MIIBvjCCAWOgAwIBAgIJAIvFG6GbTroCMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
"ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMDsxCzAJBgNVBAYTAlVT\n" +
"MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" +
"MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBz1WeVb6gM2mh85z3QlvaB/l11b5h0v\n" +
"LIzmkC3DKlVukZT+ltH2Eq1oEkpXuf7QmbM0ibrUgtjsWH3mULfmcWmjUDBOMB0G\n" +
"A1UdDgQWBBRgz71z//oaMNKk7NNJcUbvGjWghjAfBgNVHSMEGDAWgBRgz71z//oa\n" +
"MNKk7NNJcUbvGjWghjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCG\n" +
"6wluh1r2/T6L31mZXRKf9JxeSf9pIzoLj+8xQeUChQIhAJ09wAi1kV8yePLh2FD9\n" +
"2YEHlSQUAbwwqCDEVB5KxaqP\n" +
"-----END CERTIFICATE-----";
// -----BEGIN PRIVATE KEY-----
// MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/HcHdoLJCdq3haVd
// XZTSKP00YzM3xX97l98vGL/RI1KhRANCAAQc9VnlW+oDNpofOc90Jb2gf5ddW+Yd
// LyyM5pAtwypVbpGU/pbR9hKtaBJKV7n+0JmzNIm61ILY7Fh95lC35nFp
// -----END PRIVATE KEY-----
// End entity certificate.
static String targetCertStr =
// SHA256withECDSA, curve prime256v1
// Validity
// Not Before: May 22 07:18:16 2018 GMT
// Not After : May 17 07:18:16 2038 GMT
// Authority Key Identifier:
// 60:CF:BD:73:FF:FA:1A:30:D2:A4:EC:D3:49:71:46:EF:1A:35:A0:86
"-----BEGIN CERTIFICATE-----\n" +
"MIIBqjCCAVCgAwIBAgIJAPLY8qZjgNRAMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" +
"AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" +
"ZTAeFw0xODA1MjIwNzE4MTZaFw0zODA1MTcwNzE4MTZaMFUxCzAJBgNVBAYTAlVT\n" +
"MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEY\n" +
"MBYGA1UEAwwPUmVncmVzc2lvbiBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" +
"QgAEb+9n05qfXnfHUb0xtQJNS4JeSi6IjOfW5NqchvKnfJey9VkJzR7QHLuOESdf\n" +
"xlR7q8YIWgih3iWLGfB+wxHiOqMjMCEwHwYDVR0jBBgwFoAUYM+9c//6GjDSpOzT\n" +
"SXFG7xo1oIYwCgYIKoZIzj0EAwIDSAAwRQIgWpRegWXMheiD3qFdd8kMdrkLxRbq\n" +
"1zj8nQMEwFTUjjQCIQDRIrAjZX+YXHN9b0SoWWLPUq0HmiFIi8RwMnO//wJIGQ==\n" +
"-----END CERTIFICATE-----";
// Private key in the format of PKCS#8.
static String targetPrivateKey =
//
// EC private key related to cert endEntityCertStrs[0].
//
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgn5K03bpTLjEtFQRa\n" +
"JUtx22gtmGEvvSUSQdimhGthdtihRANCAARv72fTmp9ed8dRvTG1Ak1Lgl5KLoiM\n" +
"59bk2pyG8qd8l7L1WQnNHtAcu44RJ1/GVHurxghaCKHeJYsZ8H7DEeI6";
static char passphrase[] = "passphrase".toCharArray();
// Create the SSLContext instance.
private static SSLContext generateSSLContext() throws Exception {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// create a key store
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
// import the trused cert
X509Certificate trusedCert = null;
ByteArrayInputStream is =
new ByteArrayInputStream(trustedCertStr.getBytes());
trusedCert = (X509Certificate)cf.generateCertificate(is);
is.close();
ks.setCertificateEntry("Trusted EC Signer", trusedCert);
// generate the private key.
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(targetPrivateKey));
KeyFactory kf = KeyFactory.getInstance("EC");
ECPrivateKey priKey =
(ECPrivateKey)kf.generatePrivate(priKeySpec);
// generate certificate chain
is = new ByteArrayInputStream(targetCertStr.getBytes());
X509Certificate keyCert = (X509Certificate)cf.generateCertificate(is);
is.close();
X509Certificate[] chain = new X509Certificate[2];
chain[0] = keyCert;
chain[1] = trusedCert;
// import the key entry and the chain
ks.setKeyEntry("TheKey", priKey, passphrase, chain);
// create SSL context
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(ks);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
kmf.init(ks, passphrase);
SSLContext ctx = SSLContext.getInstance("TLSv1.3");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
ks = null;
return ctx;
}
}