diff --git a/IDE/Android/build.gradle b/IDE/Android/build.gradle index 09988364..ebe620bf 100644 --- a/IDE/Android/build.gradle +++ b/IDE/Android/build.gradle @@ -7,7 +7,7 @@ buildscript { } dependencies { - classpath 'com.android.tools.build:gradle:4.2.2' + classpath 'com.android.tools.build:gradle:7.1.3' // NOTE: Do not place your application dependencies here; they belong // in the individual module build.gradle files diff --git a/IDE/Android/gradle/wrapper/gradle-wrapper.properties b/IDE/Android/gradle/wrapper/gradle-wrapper.properties index 2a5b1bf1..17aae0d9 100644 --- a/IDE/Android/gradle/wrapper/gradle-wrapper.properties +++ b/IDE/Android/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ #Thu Nov 04 15:51:08 MDT 2021 distributionBase=GRADLE_USER_HOME -distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip distributionPath=wrapper/dists zipStorePath=wrapper/dists zipStoreBase=GRADLE_USER_HOME diff --git a/README.md b/README.md index f5f97b21..3465a19f 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,17 @@ # wolfSSL JSSE Provider and JNI Wrapper -This package provides both a wolfSSL Java JSSE provider (**wolfJSSE**), and a -thin JNI-based interface to the native -[wolfSSL embedded SSL/TLS library](https://www.wolfssl.com/products/wolfssl/). -These provide Java applications with SSL/TLS support up to the current -[TLS 1.3](https://www.wolfssl.com/tls13) protocol standard. +This package provides Java support for the +[wolfSSL embedded SSL/TLS library](https://www.wolfssl.com/products/wolfssl/), +giving applications support for SSL/TLS up to the current +[TLS 1.3](https://www.wolfssl.com/tls13) protocol level. +It contains both a wolfSSL **JSSE** (Java Secure Socket Extension) provider, +called **wolfJSSE**, and a thin JNI-based interface that wraps the native C +library. + +wolfSSL also provides a **JCE** (Java Cryptography Extension) provider that +wraps native wolfCrypt. This can be found in a separate repository, located +[here](https://github.com/wolfSSL/wolfcrypt-jni). ## Why use wolfJSSE? @@ -19,10 +25,10 @@ and more! ## User Manual -The wolfSSL JNI/JSSE Manual is available on wolfssl.com: +The wolfSSL JNI/JSSE Manual is available on the wolfSSL website: [wolfSSL JNI Manual](https://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf). -For additional build instructions and more detailed comments, please check +For additional build instructions and more detailed comments, please reference the manual. ## Building @@ -40,11 +46,12 @@ Build targets for ant are : * **ant clean** (cleans all Java artifacts) * **ant cleanjni** (cleans native artifacts) -wolfJSSE currently supports compilation on Linux/Unix and Android. +wolfJSSE currently supports compilation on Linux/Unix, OSX, and Android. -To build wolfJSSE on Linux, first download, compile, and install wolfSSL. -wolfSSL can be downloaded from the wolfSSL download page or cloned from -GitHub. +To build wolfJSSE in Linux/Unix environments, first download, compile, and +install wolfSSL. wolfSSL can be downloaded from the wolfSSL +[download page](https://www.wolfssl.com/download/) or cloned from +[GitHub](https://github.com/wolfssl/wolfssl). ``` $ unzip wolfssl-X.X.X.zip @@ -60,6 +67,7 @@ Then, to build wolfJSSE: $ cd wolfssljni $ ./java.sh $ ant +$ export JUNIT_HOME=/path/to/junit/jars $ ant test ``` @@ -82,7 +90,7 @@ $ ./examples/provider/ClientJSSE.sh Examples of using wolfssljni can be found in the `./examples` subdirectory. See [examples/README.md](./examples/README.md) for more details. -Examples of using wolfJSSE can be found in the `./examples/provider` +Examples of using the wolfJSSE provider can be found in the `./examples/provider` subdirectory. See [examples/provider/README.md](./examples/provider/README.md) for more details. @@ -106,15 +114,15 @@ Android AOSP at the system-level. An example Android Studio application is included in this package, to show users how they could include the wolfSSL native and wolfSSL JNI/JSSE sources -in an Androi Studio application. For more details, see the Android Studio +in an Android Studio application. For more details, see the Android Studio project and README.md located in the [./IDE/Android](./IDE/Android) directory. Using wolfJSSE at the application level will allow developers to register wolfJSSE as a Security provider at the application scope. The application can -they use the Java Security API for SSL/TLS operations which will then use the +use the Java Security API for SSL/TLS operations which will then use the underlying wolfJSSE provider (and subsequently native wolfSSL). -Applications can add the wolfJSSE provider using: +Applications can register the wolfJSSE provider using: ``` import com.wolfssl.provider.jsse.WolfSSLProvider; @@ -122,7 +130,8 @@ import com.wolfssl.provider.jsse.WolfSSLProvider; Security.addProvider(new WolfSSLProvider()); ``` -To instead insert the WolfSSLProvider as the top priority provider: +To instead insert the WolfSSLProvider as the top priority provider, or at +a specified index (note: indexing starts at 1): ``` import com.wolfssl.provider.jsse.WolfSSLProvider; @@ -148,12 +157,38 @@ Additional instructions can be found on the wolfSSL.com website: ## Release Notes -### wolfSSL JNI Release X.X.X (TBD) - -Release X.X.X has bug fixes and new features including: - -* Removal of HC-128 stream cipher support. Native wolfSSL removed HC-128 -support in [PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767) +### wolfSSL JNI Release 1.9.0 (TBD) + +Release 1.9.0 has bug fixes and new features including: + +**JNI and JSSE Changes:** +* Add synchronization to class cleanup/free routines (PR 78) +* Fix JNI native casting to use utintptr\_t instead of intptr\_t (PR 79) +* Add support for newer Java versions (ex: Java 17) (PR 90) +* Remove HC-128 support (PR 94). Native wolfSSL removed with +[PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767) +* Remove RABBIT support (PR 96). Native wolfSSL removed with +[PR #4774](https://github.com/wolfSSL/wolfssl/pull/4767) +* Remove IDEA support (PR 97). Native wolfSSL removed in +[PR #4806](https://github.com/wolfSSL/wolfssl/pull/4806). +* Fix typecasting issues and cleanup for native argument checking (PR 98, 99) +* Add Socket timeout support for native SSL\_connect/write() (PR 95) +* SSLSocket.getSession() now tries to do TLS handshake if not completed (PR 76) +* Fix shutdown/close\_notify alert handling in WolfSSLEngine (PR 83) +* Fix WolfSSLSocket to test if close() called before object init (PR 88) +* Add support for loading default system CA certs on Java 9+ (PR 89) +* Fix timeout behavior with WolfSSLSession.connect() (PR 100) + +**Example Changes:** +* Print wolfJSSE provider info in JSSE ProviderTest (PR 77) +* Add option to ClientJSSE to do one session resumption (PR 80) +* Update example certificates and keys (PR 81) + +**Documentation Changes:** +* Add missing Javadocs, fix warnings on newer Java versions (PR 92) + +**Testing Changes:** +* Update junit dependency to 4.13.2 (PR 91) The wolfSSL JNI Manual is available at: http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build diff --git a/examples/certs/ca-cert.pem b/examples/certs/ca-cert.pem index 5c280581..2c7fc177 100644 --- a/examples/certs/ca-cert.pem +++ b/examples/certs/ca-cert.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 7d:94:70:88:ba:07:42:8d:aa:af:4f:be:c2:1a:48:f0:d1:40:e6:42 + 26:8c:93:f9:f9:f4:1e:b3:01:72:94:55:67:6d:e2:f8:3d:da:e9:f4 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com Validity - Not Before: Dec 20 23:07:24 2021 GMT - Not After : Sep 15 23:07:24 2024 GMT + Not Before: Feb 15 12:50:24 2022 GMT + Not After : Nov 11 12:50:24 2024 GMT Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -38,7 +38,7 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:7D:94:70:88:BA:07:42:8D:AA:AF:4F:BE:C2:1A:48:F0:D1:40:E6:42 + serial:26:8C:93:F9:F9:F4:1E:B3:01:72:94:55:67:6D:E2:F8:3D:DA:E9:F4 X509v3 Basic Constraints: CA:TRUE @@ -47,27 +47,27 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - b0:71:bb:ba:45:5a:80:25:02:a4:7e:88:0b:a9:7b:fd:b0:bb: - f6:46:b5:ba:f4:c7:e3:61:20:8c:03:15:66:f5:e4:54:82:ef: - 13:80:97:22:67:c1:d1:88:5d:e2:2d:57:f6:e0:9f:69:d6:b1: - 5c:b6:e8:e0:98:89:c8:14:12:d6:b6:89:8d:6c:b9:a0:59:4f: - 92:ee:11:53:6b:7d:93:4a:69:0a:85:d9:d5:d2:62:e8:c9:b5: - c6:4e:17:f5:0a:e8:f3:2d:86:61:0b:eb:c4:c4:c6:67:75:ed: - 9a:9f:53:a0:71:1e:a0:90:0d:f9:03:b4:bc:86:19:6e:f0:3b: - 4f:e8:ed:68:f6:e7:23:43:3b:36:83:83:4b:46:a0:9a:01:d0: - c7:85:bb:7d:94:a0:21:3d:7e:3c:6a:3d:81:db:41:7b:46:d8: - 15:62:d5:8f:4d:3d:c0:db:9a:c5:81:a8:ac:da:87:99:c7:dd: - b9:f1:14:af:d1:93:e3:f3:42:d7:a2:04:51:21:54:29:c3:45: - f6:be:5c:fa:cd:db:bf:2f:79:81:42:e5:8f:47:0b:d4:54:01: - b5:c2:4a:46:d6:a8:31:2e:64:80:3f:48:61:91:29:f3:aa:43: - 5c:69:6e:f1:01:b9:df:63:71:3d:b9:5a:fb:36:c0:11:a2:c3: - 30:9d:95:c3 + 62:e4:1b:28:3c:9d:d2:60:a9:55:be:6a:f6:20:f2:da:e8:a1: + 1a:97:b1:90:77:82:ed:c7:77:29:53:33:18:10:62:e0:bd:93: + 1b:d2:d6:a1:80:43:1d:64:f1:42:92:ec:b7:b8:f0:6b:da:59: + 83:f4:b8:87:e6:fc:70:21:ea:62:32:70:68:14:0e:dc:b4:f1: + 66:e2:6e:ab:d2:72:6f:da:df:71:f6:3d:27:97:7d:be:e1:d1: + ac:16:ad:d7:4f:aa:9d:0c:1e:6e:a9:5e:7d:57:5b:3c:c7:6d: + d2:f2:5c:c3:dc:3d:36:99:8e:ab:c0:7f:13:a5:f4:67:8b:e2: + a6:51:31:f1:03:91:00:a8:c4:c5:1d:7f:35:62:b8:1d:a0:a5: + ab:ec:32:68:ee:f3:ca:48:16:9f:f4:1e:7e:ea:fa:b0:86:15: + 52:36:6c:4b:58:44:a7:eb:20:78:6e:7e:e8:00:40:ac:98:d8: + 53:f3:13:4b:b8:98:66:50:63:ed:af:e5:a4:f6:c9:90:1c:84: + 0a:09:45:2f:a1:e1:37:63:b5:43:8c:a0:2e:7f:c4:d4:e1:ae: + b7:b9:45:13:f8:70:d5:79:06:4f:82:83:4b:98:d7:56:47:64: + 9a:6a:6d:8e:7a:9d:ef:83:0f:6b:75:0e:47:22:92:f3:b4:b2: + 84:61:1f:1c -----BEGIN CERTIFICATE----- -MIIE/zCCA+egAwIBAgIUfZRwiLoHQo2qr0++whpI8NFA5kIwDQYJKoZIhvcNAQEL +MIIE/zCCA+egAwIBAgIUJoyT+fn0HrMBcpRVZ23i+D3a6fQwDQYJKoZIhvcNAQEL BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv -bGZzc2wuY29tMB4XDTIxMTIyMDIzMDcyNFoXDTI0MDkxNTIzMDcyNFowgZQxCzAJ +bGZzc2wuY29tMB4XDTIyMDIxNTEyNTAyNFoXDTI0MTExMTEyNTAyNFowgZQxCzAJ BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t @@ -82,12 +82,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU -fZRwiLoHQo2qr0++whpI8NFA5kIwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl +JoyT+fn0HrMBcpRVZ23i+D3a6fQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw -DQYJKoZIhvcNAQELBQADggEBALBxu7pFWoAlAqR+iAupe/2wu/ZGtbr0x+NhIIwD -FWb15FSC7xOAlyJnwdGIXeItV/bgn2nWsVy26OCYicgUEta2iY1suaBZT5LuEVNr -fZNKaQqF2dXSYujJtcZOF/UK6PMthmEL68TExmd17ZqfU6BxHqCQDfkDtLyGGW7w -O0/o7Wj25yNDOzaDg0tGoJoB0MeFu32UoCE9fjxqPYHbQXtG2BVi1Y9NPcDbmsWB -qKzah5nH3bnxFK/Rk+PzQteiBFEhVCnDRfa+XPrN278veYFC5Y9HC9RUAbXCSkbW -qDEuZIA/SGGRKfOqQ1xpbvEBud9jcT25Wvs2wBGiwzCdlcM= +DQYJKoZIhvcNAQELBQADggEBAGLkGyg8ndJgqVW+avYg8trooRqXsZB3gu3HdylT +MxgQYuC9kxvS1qGAQx1k8UKS7Le48GvaWYP0uIfm/HAh6mIycGgUDty08WbibqvS +cm/a33H2PSeXfb7h0awWrddPqp0MHm6pXn1XWzzHbdLyXMPcPTaZjqvAfxOl9GeL +4qZRMfEDkQCoxMUdfzViuB2gpavsMmju88pIFp/0Hn7q+rCGFVI2bEtYRKfrIHhu +fugAQKyY2FPzE0u4mGZQY+2v5aT2yZAchAoJRS+h4TdjtUOMoC5/xNThrre5RRP4 +cNV5Bk+Cg0uY11ZHZJpqbY56ne+DD2t1DkcikvO0soRhHxw= -----END CERTIFICATE----- diff --git a/examples/certs/ca-ecc-cert.pem b/examples/certs/ca-ecc-cert.pem index 326d0396..1d0148d0 100644 --- a/examples/certs/ca-ecc-cert.pem +++ b/examples/certs/ca-ecc-cert.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 2f:c0:2c:fe:1f:6a:5a:0b:dd:f6:08:63:99:42:7e:19:92:fa:dc:32 + 29:bf:2b:cd:bf:55:54:49:85:b3:69:4e:e1:85:37:79:1e:81:f9:c2 Signature Algorithm: ecdsa-with-SHA256 Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com Validity - Not Before: Dec 20 23:07:24 2021 GMT - Not After : Sep 15 23:07:24 2024 GMT + Not Before: Feb 15 12:50:24 2022 GMT + Not After : Nov 11 12:50:24 2024 GMT Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -31,16 +31,16 @@ Certificate: X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:21:00:f2:a0:7a:0f:66:05:ec:81:a2:94:6a:31:e0: - 0d:ee:8f:6a:ed:63:33:0e:27:31:b3:cf:c8:a0:0e:5b:88:51: - fa:02:20:51:0f:26:46:95:37:8e:49:4e:b0:4d:cd:b1:65:fe: - 2d:43:ab:20:c7:83:70:44:11:13:86:a5:9b:3b:34:24:f2 + 30:44:02:20:78:ed:4c:1c:a7:2d:b3:35:0b:1d:46:a3:37:31: + 0b:8a:05:39:c8:28:31:58:35:f1:98:f7:4b:72:c0:4f:e6:7f: + 02:20:02:f2:09:2b:3a:e1:36:92:bf:58:6a:03:12:2d:79:e6: + bd:06:45:61:b9:0e:39:e1:9c:f0:a8:2e:0b:1e:8c:b2 -----BEGIN CERTIFICATE----- -MIIClTCCAjugAwIBAgIUL8As/h9qWgvd9ghjmUJ+GZL63DIwCgYIKoZIzj0EAwIw +MIIClDCCAjugAwIBAgIUKb8rzb9VVEmFs2lO4YU3eR6B+cIwCgYIKoZIzj0EAwIw gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv -bGZzc2wuY29tMB4XDTIxMTIyMDIzMDcyNFoXDTI0MDkxNTIzMDcyNFowgZcxCzAJ +bGZzc2wuY29tMB4XDTIyMDIxNTEyNTAyNFoXDTI0MTExMTEyNTAyNFowgZcxCzAJ BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu @@ -48,6 +48,6 @@ Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAtPZbtYBjkXIuZAx5cBM456t KTiYuhDW6QkqgKkuFyq5ir8zg0bjlQvkd0C1O0NFMw9hU3w3RMHL/IDK6EPqp6Nj MGEwHQYDVR0OBBYEFFaOmsPwQt4YuUVVbvmTz+rD86UhMB8GA1UdIwQYMBaAFFaO msPwQt4YuUVVbvmTz+rD86UhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD -AgGGMAoGCCqGSM49BAMCA0gAMEUCIQDyoHoPZgXsgaKUajHgDe6Pau1jMw4nMbPP -yKAOW4hR+gIgUQ8mRpU3jklOsE3NsWX+LUOrIMeDcEQRE4almzs0JPI= +AgGGMAoGCCqGSM49BAMCA0cAMEQCIHjtTBynLbM1Cx1GozcxC4oFOcgoMVg18Zj3 +S3LAT+Z/AiAC8gkrOuE2kr9YagMSLXnmvQZFYbkOOeGc8KguCx6Msg== -----END CERTIFICATE----- diff --git a/examples/certs/client-cert.der b/examples/certs/client-cert.der index 857b8336..321f5c1a 100644 Binary files a/examples/certs/client-cert.der and b/examples/certs/client-cert.der differ diff --git a/examples/certs/client-cert.pem b/examples/certs/client-cert.pem index 16c2975d..26c73841 100644 --- a/examples/certs/client-cert.pem +++ b/examples/certs/client-cert.pem @@ -2,12 +2,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 53:16:7c:a0:56:50:46:27:82:ed:60:b4:da:33:d8:6a:c0:ea:dc:31 + 01:1a:eb:56:ab:dc:8b:f3:a6:1e:f4:93:60:89:b7:05:07:29:01:2c Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com Validity - Not Before: Dec 20 23:07:24 2021 GMT - Not After : Sep 15 23:07:24 2024 GMT + Not Before: Feb 15 12:50:24 2022 GMT + Not After : Nov 11 12:50:24 2024 GMT Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -38,7 +38,7 @@ Certificate: X509v3 Authority Key Identifier: keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:53:16:7C:A0:56:50:46:27:82:ED:60:B4:DA:33:D8:6A:C0:EA:DC:31 + serial:01:1A:EB:56:AB:DC:8B:F3:A6:1E:F4:93:60:89:B7:05:07:29:01:2C X509v3 Basic Constraints: CA:TRUE @@ -47,27 +47,27 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - b8:e8:e3:2a:48:6c:04:8b:f8:81:14:1a:ce:14:ed:c7:f0:d3: - cb:9a:91:d9:2c:1d:6e:73:36:8f:a3:61:c4:1f:da:d1:4b:b6: - 40:d0:6a:c4:2b:43:c8:2f:fb:ee:5a:c9:41:9d:2b:6f:f3:39: - 67:20:ec:7c:d6:a0:7f:06:79:cd:52:2c:c9:3c:5b:bf:e5:01: - 47:90:f0:82:88:f1:3d:45:25:f4:d1:4b:ec:ac:3f:1b:ce:a1: - 0e:61:a0:29:41:f6:21:0e:9f:73:b3:39:34:c4:1e:55:5f:9f: - e7:42:ca:ab:8f:3c:62:86:26:94:b5:b7:8b:7c:65:4c:3e:b7: - ac:f5:51:0d:a5:14:0f:6f:2b:fe:62:95:26:1e:10:52:ae:44: - 58:95:dc:b4:c4:76:2f:14:28:64:45:aa:94:61:da:1a:d0:cf: - b3:3a:83:c8:66:fb:e8:58:dc:d4:91:4a:9a:e7:c8:b6:ea:f9: - 52:19:b2:3d:5f:95:29:ac:8b:cf:9b:5c:d6:dd:cd:6b:f2:71: - fd:b6:4d:18:98:08:5b:8a:e7:2b:cb:bd:68:97:1c:02:aa:41: - 59:0d:f8:0e:50:d7:48:6f:81:c4:00:70:56:67:64:1a:b3:56: - fc:23:f4:84:49:36:f7:7f:38:94:38:da:40:81:c0:b9:b0:ad: - ea:ce:38:f2 + 64:6d:a6:4a:a8:9f:a7:e9:75:2c:f3:85:3d:3e:af:38:fb:6c: + c7:eb:c7:d0:2b:a2:45:b5:65:be:d0:13:2c:f7:a3:c1:eb:3c: + b1:f8:b8:3d:63:8f:ca:08:4e:65:1d:2c:ce:34:6e:35:96:87: + 93:30:5d:aa:c8:e9:a0:9c:9b:84:78:3a:52:a1:33:48:6e:84: + 66:71:9c:cf:d1:c7:7b:02:4c:e1:49:7c:69:47:fc:b7:01:f9: + a0:39:3b:ab:b9:c6:d9:ca:27:85:f0:5c:b6:a4:e6:dc:f2:52: + fe:44:00:b6:f0:47:f2:6f:3f:d5:0f:ff:31:93:53:88:8c:c7: + fb:56:10:4b:3b:43:e6:8a:9c:b7:b4:9a:dd:5c:e3:cd:9c:bd: + a7:0c:c1:d9:96:f0:93:f3:ab:bd:d2:1e:77:8a:42:cd:0f:fe: + 48:da:57:34:61:46:a3:89:2e:31:d2:4a:d4:43:2f:56:85:44: + 75:ca:6b:36:e2:e8:3a:b2:95:95:3a:28:90:8d:c0:23:fb:3c: + d2:1a:73:6b:ef:fd:d6:1b:eb:6d:67:2a:e1:eb:2a:83:22:ad: + e3:95:19:e5:93:ee:14:dc:b5:7d:e7:cf:89:8c:d7:8f:d2:3f: + 68:7e:a9:74:7c:1b:38:65:f9:28:4d:ff:50:c8:ee:51:3a:8f: + 1d:9e:55:5e -----BEGIN CERTIFICATE----- -MIIFHTCCBAWgAwIBAgIUUxZ8oFZQRieC7WC02jPYasDq3DEwDQYJKoZIhvcNAQEL +MIIFHTCCBAWgAwIBAgIUARrrVqvci/OmHvSTYIm3BQcpASwwDQYJKoZIhvcNAQEL BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsMEFByb2dyYW1t aW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ -ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMTEyMjAyMzA3MjRaFw0yNDA5MTUyMzA3 +ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMjAyMTUxMjUwMjRaFw0yNDExMTExMjUw MjRaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFt bWluZy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B @@ -82,13 +82,13 @@ Ztdohxh+VA1wJ5HHJteFZcAwgd4GA1UdIwSB1jCB04AUM9hFZtdohxh+VA1wJ5HH JteFZcChgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw DgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsM EFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G -CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUUxZ8oFZQRieC7WC02jPYasDq -3DEwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUARrrVqvci/OmHvSTYIm3BQcp +ASwwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB -ALjo4ypIbASL+IEUGs4U7cfw08uakdksHW5zNo+jYcQf2tFLtkDQasQrQ8gv++5a -yUGdK2/zOWcg7HzWoH8Gec1SLMk8W7/lAUeQ8IKI8T1FJfTRS+ysPxvOoQ5hoClB -9iEOn3OzOTTEHlVfn+dCyquPPGKGJpS1t4t8ZUw+t6z1UQ2lFA9vK/5ilSYeEFKu -RFiV3LTEdi8UKGRFqpRh2hrQz7M6g8hm++hY3NSRSprnyLbq+VIZsj1flSmsi8+b -XNbdzWvycf22TRiYCFuK5yvLvWiXHAKqQVkN+A5Q10hvgcQAcFZnZBqzVvwj9IRJ -Nvd/OJQ42kCBwLmwrerOOPI= +AGRtpkqon6fpdSzzhT0+rzj7bMfrx9ArokW1Zb7QEyz3o8HrPLH4uD1jj8oITmUd +LM40bjWWh5MwXarI6aCcm4R4OlKhM0huhGZxnM/Rx3sCTOFJfGlH/LcB+aA5O6u5 +xtnKJ4XwXLak5tzyUv5EALbwR/JvP9UP/zGTU4iMx/tWEEs7Q+aKnLe0mt1c482c +vacMwdmW8JPzq73SHneKQs0P/kjaVzRhRqOJLjHSStRDL1aFRHXKazbi6DqylZU6 +KJCNwCP7PNIac2vv/dYb621nKuHrKoMireOVGeWT7hTctX3nz4mM14/SP2h+qXR8 +Gzhl+ShN/1DI7lE6jx2eVV4= -----END CERTIFICATE----- diff --git a/examples/certs/server-cert.pem b/examples/certs/server-cert.pem index 9e5186ec..75c6f836 100644 --- a/examples/certs/server-cert.pem +++ b/examples/certs/server-cert.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com Validity - Not Before: Dec 20 23:07:25 2021 GMT - Not After : Sep 15 23:07:25 2024 GMT + Not Before: Feb 15 12:50:24 2022 GMT + Not After : Nov 11 12:50:24 2024 GMT Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = Support, CN = www.wolfssl.com, emailAddress = info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,7 +37,7 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:7D:94:70:88:BA:07:42:8D:AA:AF:4F:BE:C2:1A:48:F0:D1:40:E6:42 + serial:26:8C:93:F9:F9:F4:1E:B3:01:72:94:55:67:6D:E2:F8:3D:DA:E9:F4 X509v3 Basic Constraints: CA:TRUE @@ -46,27 +46,27 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 73:59:6f:55:94:e1:38:e7:20:5a:11:46:47:a8:29:11:17:06: - 19:16:78:22:af:54:f8:d9:32:61:26:3f:39:ab:a4:df:ef:ae: - d0:0b:cc:2b:af:95:70:90:97:53:cc:19:6d:f2:4d:4c:fa:e4: - 9d:7c:54:e0:5b:3b:1f:1e:52:46:7f:d9:ba:a0:90:ba:6d:df: - 3d:67:f0:9f:52:44:c3:e1:66:36:dc:61:58:11:ba:4c:0c:c2: - 29:da:f7:13:45:60:b2:11:79:91:ed:7c:9f:b7:7f:5c:e2:29: - c6:1e:bf:78:da:bf:d1:bd:9c:f7:4e:23:e0:c3:ef:6f:b6:67: - 7c:d7:4c:02:d5:bd:67:ee:7e:0c:e3:89:db:79:61:1e:d0:5f: - f5:e8:66:48:3a:55:54:d5:16:12:30:00:c9:86:75:e0:c9:ff: - 38:74:ce:c8:c7:fd:ef:96:d8:55:96:71:35:62:db:34:c5:2f: - 07:84:8a:aa:1b:1e:77:50:0a:20:3b:21:4b:06:14:af:78:11: - a2:41:c6:5d:0c:70:e0:52:b4:9e:4c:86:ab:5b:a3:e0:8f:a2: - c2:1a:69:70:80:3b:bd:50:23:26:72:4f:fa:fd:df:ed:85:32: - 2c:e4:ab:3e:f3:a6:d0:1d:db:33:6b:69:8d:99:b9:b4:34:4b: - 79:a8:16:68 + 4b:88:54:a8:57:f0:62:4d:b3:c5:8c:d2:02:0a:89:19:45:63: + 8e:37:5c:a9:f7:8c:c5:7c:9d:19:b4:5d:b6:a4:29:4d:97:da: + 6e:3c:27:ec:02:5c:fb:e2:93:6f:b6:1a:dc:5e:25:1f:be:ab: + 6f:37:ff:d6:98:67:7c:f7:53:84:3b:e6:f7:22:ef:52:b0:8f: + 9d:4e:2f:41:2a:7d:2f:f8:02:1e:f5:cd:9a:b2:68:68:d6:ef: + ed:6a:96:a0:84:6f:0c:5e:7b:44:f9:6f:d0:00:6f:dd:83:6a: + d9:d9:17:9d:32:9a:ea:4b:87:f9:12:45:3e:b8:de:20:fe:f4: + b8:3f:f4:99:61:a6:2b:97:1b:7c:a0:90:cf:e9:3b:cd:94:ce: + 85:df:fb:6a:2b:67:5b:8c:28:de:e6:0b:4b:68:5b:b3:4a:3e: + 10:3b:0c:d8:c8:f1:3e:3d:cc:2f:16:76:24:43:b6:3b:fd:cf: + 2f:07:0f:15:31:59:5e:cd:84:a9:82:05:1f:0c:97:56:5d:90: + 49:bd:84:47:ec:07:b9:cf:fa:a0:56:9b:ae:e2:a9:96:b2:62: + 02:4a:fa:42:d5:23:dc:1c:6b:5c:41:3d:f2:73:e8:ed:32:93: + cc:f7:02:5a:b4:be:84:ca:73:26:9f:03:2c:b3:74:96:20:7e: + 12:ea:e5:ef -----BEGIN CERTIFICATE----- MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjExMjIw -MjMwNzI1WhcNMjQwOTE1MjMwNzI1WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjIwMjE1 +MTI1MDI0WhcNMjQxMTExMTI1MDI0WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP @@ -80,26 +80,26 @@ BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG -9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFH2UcIi6B0KNqq9PvsIaSPDRQOZCMAwG +9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFCaMk/n59B6zAXKUVWdt4vg92un0MAwG A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l -BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBzWW9V -lOE45yBaEUZHqCkRFwYZFngir1T42TJhJj85q6Tf767QC8wrr5VwkJdTzBlt8k1M -+uSdfFTgWzsfHlJGf9m6oJC6bd89Z/CfUkTD4WY23GFYEbpMDMIp2vcTRWCyEXmR -7Xyft39c4inGHr942r/RvZz3TiPgw+9vtmd810wC1b1n7n4M44nbeWEe0F/16GZI -OlVU1RYSMADJhnXgyf84dM7Ix/3vlthVlnE1Yts0xS8HhIqqGx53UAogOyFLBhSv -eBGiQcZdDHDgUrSeTIarW6Pgj6LCGmlwgDu9UCMmck/6/d/thTIs5Ks+86bQHdsz -a2mNmbm0NEt5qBZo +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBLiFSo +V/BiTbPFjNICCokZRWOON1yp94zFfJ0ZtF22pClNl9puPCfsAlz74pNvthrcXiUf +vqtvN//WmGd891OEO+b3Iu9SsI+dTi9BKn0v+AIe9c2asmho1u/tapaghG8MXntE ++W/QAG/dg2rZ2RedMprqS4f5EkU+uN4g/vS4P/SZYaYrlxt8oJDP6TvNlM6F3/tq +K2dbjCje5gtLaFuzSj4QOwzYyPE+PcwvFnYkQ7Y7/c8vBw8VMVlezYSpggUfDJdW +XZBJvYRH7Ae5z/qgVpuu4qmWsmICSvpC1SPcHGtcQT3yc+jtMpPM9wJatL6EynMm +nwMss3SWIH4S6uXv -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: - 7d:94:70:88:ba:07:42:8d:aa:af:4f:be:c2:1a:48:f0:d1:40:e6:42 + 26:8c:93:f9:f9:f4:1e:b3:01:72:94:55:67:6d:e2:f8:3d:da:e9:f4 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com Validity - Not Before: Dec 20 23:07:24 2021 GMT - Not After : Sep 15 23:07:24 2024 GMT + Not Before: Feb 15 12:50:24 2022 GMT + Not After : Nov 11 12:50:24 2024 GMT Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -130,7 +130,7 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:7D:94:70:88:BA:07:42:8D:AA:AF:4F:BE:C2:1A:48:F0:D1:40:E6:42 + serial:26:8C:93:F9:F9:F4:1E:B3:01:72:94:55:67:6D:E2:F8:3D:DA:E9:F4 X509v3 Basic Constraints: CA:TRUE @@ -139,27 +139,27 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - b0:71:bb:ba:45:5a:80:25:02:a4:7e:88:0b:a9:7b:fd:b0:bb: - f6:46:b5:ba:f4:c7:e3:61:20:8c:03:15:66:f5:e4:54:82:ef: - 13:80:97:22:67:c1:d1:88:5d:e2:2d:57:f6:e0:9f:69:d6:b1: - 5c:b6:e8:e0:98:89:c8:14:12:d6:b6:89:8d:6c:b9:a0:59:4f: - 92:ee:11:53:6b:7d:93:4a:69:0a:85:d9:d5:d2:62:e8:c9:b5: - c6:4e:17:f5:0a:e8:f3:2d:86:61:0b:eb:c4:c4:c6:67:75:ed: - 9a:9f:53:a0:71:1e:a0:90:0d:f9:03:b4:bc:86:19:6e:f0:3b: - 4f:e8:ed:68:f6:e7:23:43:3b:36:83:83:4b:46:a0:9a:01:d0: - c7:85:bb:7d:94:a0:21:3d:7e:3c:6a:3d:81:db:41:7b:46:d8: - 15:62:d5:8f:4d:3d:c0:db:9a:c5:81:a8:ac:da:87:99:c7:dd: - b9:f1:14:af:d1:93:e3:f3:42:d7:a2:04:51:21:54:29:c3:45: - f6:be:5c:fa:cd:db:bf:2f:79:81:42:e5:8f:47:0b:d4:54:01: - b5:c2:4a:46:d6:a8:31:2e:64:80:3f:48:61:91:29:f3:aa:43: - 5c:69:6e:f1:01:b9:df:63:71:3d:b9:5a:fb:36:c0:11:a2:c3: - 30:9d:95:c3 + 62:e4:1b:28:3c:9d:d2:60:a9:55:be:6a:f6:20:f2:da:e8:a1: + 1a:97:b1:90:77:82:ed:c7:77:29:53:33:18:10:62:e0:bd:93: + 1b:d2:d6:a1:80:43:1d:64:f1:42:92:ec:b7:b8:f0:6b:da:59: + 83:f4:b8:87:e6:fc:70:21:ea:62:32:70:68:14:0e:dc:b4:f1: + 66:e2:6e:ab:d2:72:6f:da:df:71:f6:3d:27:97:7d:be:e1:d1: + ac:16:ad:d7:4f:aa:9d:0c:1e:6e:a9:5e:7d:57:5b:3c:c7:6d: + d2:f2:5c:c3:dc:3d:36:99:8e:ab:c0:7f:13:a5:f4:67:8b:e2: + a6:51:31:f1:03:91:00:a8:c4:c5:1d:7f:35:62:b8:1d:a0:a5: + ab:ec:32:68:ee:f3:ca:48:16:9f:f4:1e:7e:ea:fa:b0:86:15: + 52:36:6c:4b:58:44:a7:eb:20:78:6e:7e:e8:00:40:ac:98:d8: + 53:f3:13:4b:b8:98:66:50:63:ed:af:e5:a4:f6:c9:90:1c:84: + 0a:09:45:2f:a1:e1:37:63:b5:43:8c:a0:2e:7f:c4:d4:e1:ae: + b7:b9:45:13:f8:70:d5:79:06:4f:82:83:4b:98:d7:56:47:64: + 9a:6a:6d:8e:7a:9d:ef:83:0f:6b:75:0e:47:22:92:f3:b4:b2: + 84:61:1f:1c -----BEGIN CERTIFICATE----- -MIIE/zCCA+egAwIBAgIUfZRwiLoHQo2qr0++whpI8NFA5kIwDQYJKoZIhvcNAQEL +MIIE/zCCA+egAwIBAgIUJoyT+fn0HrMBcpRVZ23i+D3a6fQwDQYJKoZIhvcNAQEL BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv -bGZzc2wuY29tMB4XDTIxMTIyMDIzMDcyNFoXDTI0MDkxNTIzMDcyNFowgZQxCzAJ +bGZzc2wuY29tMB4XDTIyMDIxNTEyNTAyNFoXDTI0MTExMTEyNTAyNFowgZQxCzAJ BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t @@ -174,12 +174,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU -fZRwiLoHQo2qr0++whpI8NFA5kIwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl +JoyT+fn0HrMBcpRVZ23i+D3a6fQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw -DQYJKoZIhvcNAQELBQADggEBALBxu7pFWoAlAqR+iAupe/2wu/ZGtbr0x+NhIIwD -FWb15FSC7xOAlyJnwdGIXeItV/bgn2nWsVy26OCYicgUEta2iY1suaBZT5LuEVNr -fZNKaQqF2dXSYujJtcZOF/UK6PMthmEL68TExmd17ZqfU6BxHqCQDfkDtLyGGW7w -O0/o7Wj25yNDOzaDg0tGoJoB0MeFu32UoCE9fjxqPYHbQXtG2BVi1Y9NPcDbmsWB -qKzah5nH3bnxFK/Rk+PzQteiBFEhVCnDRfa+XPrN278veYFC5Y9HC9RUAbXCSkbW -qDEuZIA/SGGRKfOqQ1xpbvEBud9jcT25Wvs2wBGiwzCdlcM= +DQYJKoZIhvcNAQELBQADggEBAGLkGyg8ndJgqVW+avYg8trooRqXsZB3gu3HdylT +MxgQYuC9kxvS1qGAQx1k8UKS7Le48GvaWYP0uIfm/HAh6mIycGgUDty08WbibqvS +cm/a33H2PSeXfb7h0awWrddPqp0MHm6pXn1XWzzHbdLyXMPcPTaZjqvAfxOl9GeL +4qZRMfEDkQCoxMUdfzViuB2gpavsMmju88pIFp/0Hn7q+rCGFVI2bEtYRKfrIHhu +fugAQKyY2FPzE0u4mGZQY+2v5aT2yZAchAoJRS+h4TdjtUOMoC5/xNThrre5RRP4 +cNV5Bk+Cg0uY11ZHZJpqbY56ne+DD2t1DkcikvO0soRhHxw= -----END CERTIFICATE----- diff --git a/examples/certs/server-ecc.pem b/examples/certs/server-ecc.pem index 444644b0..24d3d40f 100644 --- a/examples/certs/server-ecc.pem +++ b/examples/certs/server-ecc.pem @@ -5,8 +5,8 @@ Certificate: Signature Algorithm: ecdsa-with-SHA256 Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com Validity - Not Before: Dec 20 23:07:25 2021 GMT - Not After : Sep 15 23:07:25 2024 GMT + Not Before: Feb 15 12:50:24 2022 GMT + Not After : Nov 11 12:50:24 2024 GMT Subject: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey @@ -34,16 +34,16 @@ Certificate: Netscape Cert Type: SSL Server Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:5a:67:b9:ee:02:34:27:1b:d4:c4:35:7b:ed:59: - 8e:63:c4:8a:b7:e9:92:c1:8a:76:b0:8b:cd:24:49:78:ba:ef: - 02:20:29:b8:b6:5f:83:f7:56:6a:f1:4d:d9:9f:52:2a:f9:8f: - 53:14:49:8b:5f:5e:87:af:7f:ca:2e:e0:d8:e7:75:0c + 30:45:02:20:5b:9d:f4:69:17:88:c0:13:34:3d:81:81:dc:fb: + 27:7c:a0:63:00:87:d5:48:e1:9c:57:c9:01:c1:d2:5f:30:58: + 02:21:00:89:93:a5:b6:04:de:4d:3d:98:ed:0b:ce:3a:74:3e: + 6c:f1:80:1f:28:d8:ee:78:af:da:8a:3b:b4:27:38:e2:b1 -----BEGIN CERTIFICATE----- -MIICoDCCAkegAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR +MIICoTCCAkegAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjExMjIw -MjMwNzI1WhcNMjQwOTE1MjMwNzI1WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjIwMjE1 +MTI1MDI0WhcNMjQxMTExMTI1MDI0WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD @@ -51,7 +51,7 @@ QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih f/DPGNqREQI0huggWDMLgDSJ2KOBiTCBhjAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr SiUCI++yiTAwHwYDVR0jBBgwFoAUVo6aw/BC3hi5RVVu+ZPP6sPzpSEwDAYDVR0T AQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEQYJ -YIZIAYb4QgEBBAQDAgZAMAoGCCqGSM49BAMCA0cAMEQCIFpnue4CNCcb1MQ1e+1Z -jmPEirfpksGKdrCLzSRJeLrvAiApuLZfg/dWavFN2Z9SKvmPUxRJi19eh69/yi7g -2Od1DA== +YIZIAYb4QgEBBAQDAgZAMAoGCCqGSM49BAMCA0gAMEUCIFud9GkXiMATND2Bgdz7 +J3ygYwCH1UjhnFfJAcHSXzBYAiEAiZOltgTeTT2Y7QvOOnQ+bPGAHyjY7niv2oo7 +tCc44rE= -----END CERTIFICATE----- diff --git a/examples/provider/ClientJSSE.java b/examples/provider/ClientJSSE.java index 46d8e158..537221f5 100644 --- a/examples/provider/ClientJSSE.java +++ b/examples/provider/ClientJSSE.java @@ -91,7 +91,7 @@ public void run(String[] args) throws Exception { /* cert info */ String clientJKS = "../provider/client.jks"; - String caJKS = "../provider/client.jks"; + String caJKS = "../provider/ca-server.jks"; String clientPswd = "wolfSSL test"; String caPswd = "wolfSSL test"; @@ -140,9 +140,6 @@ public void run(String[] args) throws Exception { cipherList = args[++i]; } else if (arg.equals("-c")) { - if (args.length < i+2) { - printUsage(); - } String[] tmp = args[++i].split(":"); if (tmp.length != 2) { printUsage(); @@ -151,8 +148,6 @@ public void run(String[] args) throws Exception { clientPswd = tmp[1]; } else if (arg.equals("-A")) { - if (args.length < i+2) - printUsage(); String[] tmp = args[++i].split(":"); if (tmp.length != 2) { printUsage(); @@ -351,9 +346,9 @@ private void printUsage() { System.out.println("-setp \tSet enabled protocols " + "e.g \"TLSv1.1 TLSv1.2\""); System.out.println("-c :\tCertificate/key JKS,\t\tdefault " + - "../provider/rsa.jks:wolfSSL test"); + "../provider/client.jks:wolfSSL test"); System.out.println("-A :\tCertificate/key CA JKS file,\tdefault " + - "../provider/cacerts.jks:wolfSSL test"); + "../provider/ca-server.jks:wolfSSL test"); System.out.println("-r Resume session"); System.exit(1); } diff --git a/examples/provider/ClientSSLSocket.java b/examples/provider/ClientSSLSocket.java index 8f724cac..2cb54cbb 100644 --- a/examples/provider/ClientSSLSocket.java +++ b/examples/provider/ClientSSLSocket.java @@ -80,12 +80,17 @@ public static void main(String[] args) { try { - /* load wolfJSSE as provider */ - Security.addProvider(new WolfSSLProvider()); + /* load wolfJSSE as provider as top priority provider */ + Security.insertProviderAt(new WolfSSLProvider(), 1); /* set up key and trust stores */ ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream(keyStorePath), keyStorePass); + + /* NOTE: Some versions of Java/JDK do not have support for EC + * certificate types. If run on one of those versions, this + * example may fail with an ASN no signer error / -188. If that + * is the case, try again using RSA certs and CA certs instead */ ts = KeyStore.getInstance("JKS"); ts.load(new FileInputStream(trustStorePath), trustStorePass); diff --git a/examples/provider/MultiThreadedSSLClient.java b/examples/provider/MultiThreadedSSLClient.java index 526fe7c4..c6b38a66 100644 --- a/examples/provider/MultiThreadedSSLClient.java +++ b/examples/provider/MultiThreadedSSLClient.java @@ -152,7 +152,7 @@ public MultiThreadedSSLClient(String[] args) { Security.addProvider(new WolfSSLProvider()); String clientKS = "./examples/provider/client.jks"; - String clientTS = "./examples/provider/client.jks"; + String clientTS = "./examples/provider/ca-server.jks"; String jkspass = "wolfSSL test"; char[] passArr = jkspass.toCharArray(); diff --git a/examples/provider/MultiThreadedSSLServer.java b/examples/provider/MultiThreadedSSLServer.java index d33fe3e9..ed3b41f8 100644 --- a/examples/provider/MultiThreadedSSLServer.java +++ b/examples/provider/MultiThreadedSSLServer.java @@ -45,8 +45,8 @@ public class MultiThreadedSSLServer { private char[] psw = "wolfSSL test".toCharArray(); - private String serverKS = "./examples/provider/rsa.jks"; - private String serverTS = "./examples/provider/client.jks"; + private String serverKS = "./examples/provider/server.jks"; + private String serverTS = "./examples/provider/ca-client.jks"; private String jsseProv = "wolfJSSE"; int serverPort = 11118; diff --git a/examples/provider/ServerJSSE.java b/examples/provider/ServerJSSE.java index 2850c70b..fd89f626 100644 --- a/examples/provider/ServerJSSE.java +++ b/examples/provider/ServerJSSE.java @@ -61,8 +61,8 @@ public void run(String[] args) { boolean putEnabledProtocols = false; /* set enabled protocols */ /* cert info */ - String serverJKS = "../provider/rsa.jks"; - String caJKS = "../provider/client.jks"; + String serverJKS = "../provider/server.jks"; + String caJKS = "../provider/ca-client.jks"; String serverPswd = "wolfSSL test"; String caPswd = "wolfSSL test"; @@ -119,9 +119,6 @@ public void run(String[] args) { cipherList = args[++i]; } else if (arg.equals("-c")) { - if (args.length < i+2) { - printUsage(); - } String[] tmp = args[++i].split(":"); if (tmp.length != 2) { printUsage(); @@ -130,8 +127,6 @@ public void run(String[] args) { serverPswd = tmp[1]; } else if (arg.equals("-A")) { - if (args.length < i+2) - printUsage(); String[] tmp = args[++i].split(":"); if (tmp.length != 2) { printUsage(); @@ -300,9 +295,9 @@ private void printUsage() { System.out.println("-setp \tSet enabled protocols " + "e.g \"TLSv1.1 TLSv1.2\""); System.out.println("-c :\tCertificate/key JKS,\t\tdefault " + - "../provider/rsa.jks:wolfSSL test"); + "../provider/server.jks:\"wolfSSL test\""); System.out.println("-A :\tCertificate/key CA JKS file,\tdefault " + - "../provider/cacerts.jks:wolfSSL test"); + "../provider/ca-client.jks:\"wolfSSL test\""); System.exit(1); } diff --git a/examples/provider/ThreadedSSLSocketClientServer.java b/examples/provider/ThreadedSSLSocketClientServer.java index 4e8768fd..dd0cbe9e 100644 --- a/examples/provider/ThreadedSSLSocketClientServer.java +++ b/examples/provider/ThreadedSSLSocketClientServer.java @@ -151,9 +151,9 @@ public ThreadedSSLSocketClientServer(String[] args) { Security.addProvider(new WolfSSLProvider()); String serverKS = "./examples/provider/server.jks"; - String serverTS = "./examples/provider/client.jks"; + String serverTS = "./examples/provider/ca-client.jks"; String clientKS = "./examples/provider/client.jks"; - String clientTS = "./examples/provider/client.jks"; + String clientTS = "./examples/provider/ca-server.jks"; String pass = "wolfSSL test"; ServerThread server = new ServerThread( diff --git a/examples/provider/all.jks b/examples/provider/all.jks index 0d883257..8773fb85 100644 Binary files a/examples/provider/all.jks and b/examples/provider/all.jks differ diff --git a/examples/provider/all_mixed.jks b/examples/provider/all_mixed.jks index 82785820..706db398 100644 Binary files a/examples/provider/all_mixed.jks and b/examples/provider/all_mixed.jks differ diff --git a/examples/provider/ca-client.jks b/examples/provider/ca-client.jks new file mode 100644 index 00000000..7f864944 Binary files /dev/null and b/examples/provider/ca-client.jks differ diff --git a/examples/provider/ca-server.jks b/examples/provider/ca-server.jks new file mode 100644 index 00000000..e4673d73 Binary files /dev/null and b/examples/provider/ca-server.jks differ diff --git a/examples/provider/cacerts.jks b/examples/provider/cacerts.jks index 136a4b4c..bc321130 100644 Binary files a/examples/provider/cacerts.jks and b/examples/provider/cacerts.jks differ diff --git a/examples/provider/client-ecc.jks b/examples/provider/client-ecc.jks new file mode 100644 index 00000000..8419abbe Binary files /dev/null and b/examples/provider/client-ecc.jks differ diff --git a/examples/provider/client-rsa-1024.jks b/examples/provider/client-rsa-1024.jks new file mode 100644 index 00000000..b9a3447a Binary files /dev/null and b/examples/provider/client-rsa-1024.jks differ diff --git a/examples/provider/client-rsa.jks b/examples/provider/client-rsa.jks new file mode 100644 index 00000000..14328f23 Binary files /dev/null and b/examples/provider/client-rsa.jks differ diff --git a/examples/provider/client.jks b/examples/provider/client.jks index c5610ba5..d0477348 100644 Binary files a/examples/provider/client.jks and b/examples/provider/client.jks differ diff --git a/examples/provider/convert-to-bks.sh b/examples/provider/convert-to-bks.sh index 96a932d3..e3a33305 100755 --- a/examples/provider/convert-to-bks.sh +++ b/examples/provider/convert-to-bks.sh @@ -11,23 +11,42 @@ keytool -importkeystore -srckeystore ${1}.jks -destkeystore ${1}.bks -srcstorety } -rm -f server.bks &> /dev/null -convert "server" +rm -f all.bks &> /dev/null +convert "all" + +rm -f all_mixed.bks &> /dev/null +convert "all_mixed" rm -f client.bks &> /dev/null convert "client" -rm -f rsa.bks &> /dev/null -convert "rsa" +rm -f client-rsa-1024.bks &> /dev/null +convert "client-rsa-1024" -rm -f all.bks &> /dev/null -convert "all" +rm -f client-rsa.bks &> /dev/null +convert "client-rsa" -rm -f all_mixed.bks &> /dev/null -convert "all_mixed" +rm -f client-ecc.bks &> /dev/null +convert "client-ecc" + +rm -f server.bks &> /dev/null +convert "server" + +rm -f server-rsa-1024.bks &> /dev/null +convert "server-rsa-1024" + +rm -f server-rsa.bks &> /dev/null +convert "server-rsa" + +rm -f server-ecc.bks &> /dev/null +convert "server-ecc" rm -f cacerts.bks &> /dev/null convert "cacerts" -rm -f ecc.bks &> /dev/null -convert "ecc" +rm -f ca-client.bks &> /dev/null +convert "ca-client" + +rm -f ca-server.bks &> /dev/null +convert "ca-server" + diff --git a/examples/provider/ecc.jks b/examples/provider/ecc.jks deleted file mode 100644 index 9c94c3c1..00000000 Binary files a/examples/provider/ecc.jks and /dev/null differ diff --git a/examples/provider/rsa.jks b/examples/provider/rsa.jks deleted file mode 100644 index a37c5123..00000000 Binary files a/examples/provider/rsa.jks and /dev/null differ diff --git a/examples/provider/server-ecc.jks b/examples/provider/server-ecc.jks new file mode 100644 index 00000000..77cda05e Binary files /dev/null and b/examples/provider/server-ecc.jks differ diff --git a/examples/provider/server-rsa-1024.jks b/examples/provider/server-rsa-1024.jks new file mode 100644 index 00000000..316805ce Binary files /dev/null and b/examples/provider/server-rsa-1024.jks differ diff --git a/examples/provider/server-rsa.jks b/examples/provider/server-rsa.jks new file mode 100644 index 00000000..fdae9ffa Binary files /dev/null and b/examples/provider/server-rsa.jks differ diff --git a/examples/provider/server.jks b/examples/provider/server.jks index 8d893956..b5f1268c 100644 Binary files a/examples/provider/server.jks and b/examples/provider/server.jks differ diff --git a/examples/provider/update-jks.sh b/examples/provider/update-jks.sh index 3ab26d1a..9c0a6403 100755 --- a/examples/provider/update-jks.sh +++ b/examples/provider/update-jks.sh @@ -1,5 +1,30 @@ -# Used to update all of the JKS stores +# Example KeyStore Update Script +# +# This script is Used to update all example JKS stores, using example +# certificates found in wolfSSL proper. +# +# Java KeyStores which this script creates includes: +# +# all.jks All certs +# all_mixed.jks All certs, mixed order +# client.jks RSA 2048-bit and ECC client certs +# client-rsa-1024.jks RSA 1024-bit only client cert +# client-rsa.jks RSA 2048-bit only client cert +# client-ecc.jks ECC only client cert +# server.jks RSA 2048-bit and ECC server certs +# server-rsa-1024.jks RSA 1024-bit only server cert +# server-rsa.jks RSA 2048-bit only server cert +# server-ecc.jks ECC only server cert +# cacerts.jks All CA certs (RSA, ECC, 1024, 2048, etc) +# ca-client.jks CA certs used to verify client certs +# ca-server.jks CA certs used to verify server certs +# +# NOTE: Keystores generated by this script are generated in JKS format, +# instead of the newer/better PKCS#12 format. The newer format would +# be preferred, but older versions of keytool do not support PKCS#12 +# format. This would cause test failures in those older environments. + printf "Removing and updating JKS stores\n" if [ -z "$1" ]; then printf "\tNo directory to certs provided\n" @@ -10,7 +35,7 @@ CERT_LOCATION=$1 # keystore-name , cert file , alias , password add_cert() { - keytool -import -keystore "$1" -file "$CERT_LOCATION/$2" -alias "$3" -noprompt -trustcacerts -storepass "$4" + keytool -import -keystore "$1" -file "$CERT_LOCATION/$2" -alias "$3" -noprompt -trustcacerts -deststoretype JKS -storepass "$4" if [ $? -ne 0 ]; then printf "fail" exit 1 @@ -20,13 +45,16 @@ add_cert() { # keystore-name , cert file , key file , alias , password add_cert_key() { openssl pkcs12 -export -in "$CERT_LOCATION/$2" -inkey "$CERT_LOCATION/$3" -out tmp.p12 -passin pass:"$5" -passout pass:"$5" -name "$4" &> /dev/null - keytool -importkeystore -deststorepass "$5" -destkeystore "$1" -srckeystore tmp.p12 -srcstoretype PKCS12 -srcstorepass "$5" -alias "$4" &> /dev/null + keytool -importkeystore -deststorepass "$5" -destkeystore "$1" -deststoretype JKS -srckeystore tmp.p12 -srcstoretype PKCS12 -srcstorepass "$5" -alias "$4" &> /dev/null if [ $? -ne 0 ]; then printf "fail" exit 1 fi rm tmp.p12 } + +#################### KEYSTORES WITH ALL CERTS #################### + printf "\tCreating all.jks ..." rm all.jks &> /dev/null add_cert_key "all.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test" @@ -40,53 +68,100 @@ add_cert_key "all.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL add_cert_key "all.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test" printf "done\n" +printf "\tCreating all_mixed.jks ..." +rm all_mixed.jks &> /dev/null +add_cert_key "all_mixed.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test" +add_cert_key "all_mixed.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test" +add_cert_key "all_mixed.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test" +add_cert_key "all_mixed.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test" +add_cert_key "all_mixed.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test" +add_cert_key "all_mixed.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test" +add_cert_key "all_mixed.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test" +add_cert_key "all_mixed.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test" +printf "done\n" + +#################### CLIENT KEYSTORES #################### + +# Client cert: both RSA 2048-bit and ECC printf "\tCreating client.jks ..." rm client.jks &> /dev/null add_cert_key "client.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test" -add_cert_key "client.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test" add_cert_key "client.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test" -add_cert_key "client.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test" -add_cert_key "client.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test" -add_cert_key "client.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test" printf "done\n" +# Client cert: RSA, 1024-bit only +printf "\tCreating client-rsa-1024.jks ..." +rm client-rsa-1024.jks &> /dev/null +add_cert_key "client-rsa-1024.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-rsa-1024" "wolfSSL test" +printf "done\n" + +# Client cert: RSA 2048-bit only +printf "\tCreating client-rsa.jks ..." +rm client-rsa.jks &> /dev/null +add_cert_key "client-rsa.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfSSL test" +printf "done\n" + +# Client cert: ECC only +printf "\tCreating client-ecc.jks ..." +rm client-ecc.jks &> /dev/null +add_cert_key "client-ecc.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test" +printf "done\n" + +#################### SERVER KEYSTORES #################### + +# Server cert: both RSA 2048-bit and ECC printf "\tCreating server.jks ..." rm server.jks &> /dev/null add_cert_key "server.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test" -add_cert_key "server.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test" add_cert_key "server.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test" -add_cert_key "server.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test" -add_cert_key "server.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test" -add_cert_key "server.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test" printf "done\n" -printf "\tCreating rsa.jks ..." -rm rsa.jks &> /dev/null -add_cert_key "rsa.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test" -add_cert_key "rsa.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test" -add_cert_key "rsa.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test" +# Server cert: RSA, 1024-bit only +printf "\tCreating server-rsa-1024.jks ..." +rm server-rsa-1024.jks &> /dev/null +add_cert_key "server-rsa-1024.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test" +printf "done\n" + +# Server cert: RSA, 2048-bit only +printf "\tCreating server-rsa.jks ..." +rm server-rsa.jks &> /dev/null +add_cert_key "server-rsa.jks" "/server-cert.pem" "/server-key.pem" "server-rsa" "wolfSSL test" printf "done\n" -printf "\tCreating ecc.jks ..." -rm ecc.jks &> /dev/null -add_cert_key "ecc.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test" -add_cert_key "ecc.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test" +# Server cert: ECC only +printf "\tCreating server-ecc.jks ..." +rm server-ecc.jks &> /dev/null +add_cert_key "server-ecc.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test" printf "done\n" +#################### CA CERT KEYSTORES ################### + +# Contains all CA certs (RSA and ECC), verifies both client and server certs printf "\tCreating cacerts.jks ..." rm cacerts.jks &> /dev/null add_cert_key "cacerts.jks" "/ca-cert.pem" "/ca-key.pem" "cacert" "wolfSSL test" +add_cert_key "cacerts.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfSSL test" +add_cert_key "cacerts.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test" +add_cert_key "cacerts.jks" "/ca-cert.pem" "/ca-key.pem" "ca-rsa" "wolfSSL test" +add_cert_key "cacerts.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test" +add_cert_key "cacerts.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test" printf "done\n" -printf "\tCreating all_mixed.jks ..." -rm all_mixed.jks &> /dev/null -add_cert_key "all_mixed.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test" -add_cert_key "all_mixed.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test" -add_cert_key "all_mixed.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test" -add_cert_key "all_mixed.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test" -add_cert_key "all_mixed.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test" -add_cert_key "all_mixed.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test" -add_cert_key "all_mixed.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test" -add_cert_key "all_mixed.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test" +# Contains CA certs used to verify client certs: +# client-cert.pem verifies itself (self signed) +# client-ecc-cert.pem verifies itself (self signed) +printf "\tCreating ca-client.jks ..." +rm ca-client.jks &> /dev/null +add_cert_key "ca-client.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfSSL test" +add_cert_key "ca-client.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test" +printf "done\n" + +# Contains CA certs used to verify server certs: +# ca-cert.pem verifies server-cert.pem +# ca-ecc-cert.pem verifies server-ecc.pem +printf "\tCreating ca-server.jks ..." +rm ca-server.jks &> /dev/null +add_cert_key "ca-server.jks" "/ca-cert.pem" "/ca-key.pem" "ca-rsa" "wolfSSL test" +add_cert_key "ca-server.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test" printf "done\n" diff --git a/java.sh b/java.sh index 28b663c1..4498b228 100755 --- a/java.sh +++ b/java.sh @@ -21,7 +21,7 @@ if [ "$OS" == "Darwin" ] ; then echo " Detected Darwin/OSX host OS" javaHome=`/usr/libexec/java_home` javaIncludes="-I$javaHome/include -I$javaHome/include/darwin -I$WOLFSSL_INSTALL_DIR/include" - javaLibs="-dynamiclib -framework JavaVM" + javaLibs="-dynamiclib" jniLibName="libwolfssljni.jnilib" cflags="-DHAVE_ECC" elif [ "$OS" == "Linux" ] ; then @@ -44,6 +44,9 @@ else echo 'Unknown host OS!' exit fi +echo " $OS $ARCH" + +echo " Java Home = $javaHome" # create /lib directory if doesn't exist if [ ! -d ./lib ] diff --git a/native/com_wolfssl_WolfSSLCertificate.c b/native/com_wolfssl_WolfSSLCertificate.c index 3feda055..5200831e 100644 --- a/native/com_wolfssl_WolfSSLCertificate.c +++ b/native/com_wolfssl_WolfSSLCertificate.c @@ -418,12 +418,13 @@ JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1signatu return (*jenv)->NewStringUTF(jenv, oid); } -JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1print +JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1print (JNIEnv* jenv, jclass jcl, jlong x509Ptr) { WOLFSSL_BIO* bio; - jstring ret = NULL; + int sz = 0; const char* mem = NULL; + jbyteArray memArr = NULL; WOLFSSL_X509* x509 = (WOLFSSL_X509*)(uintptr_t)x509Ptr; (void)jcl; @@ -441,12 +442,25 @@ JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1print return NULL; } - wolfSSL_BIO_get_mem_data(bio, &mem); - if (mem != NULL) { - ret = (*jenv)->NewStringUTF(jenv, mem); + sz = wolfSSL_BIO_get_mem_data(bio, &mem); + if (sz > 0 && mem != NULL) { + + memArr = (*jenv)->NewByteArray(jenv, sz); + if (memArr == NULL) { + wolfSSL_BIO_free(bio); + return NULL; + } + + (*jenv)->SetByteArrayRegion(jenv, memArr, 0, sz, (jbyte*)mem); + if ((*jenv)->ExceptionOccurred(jenv)) { + /* failed to set byte region */ + (*jenv)->DeleteLocalRef(jenv, memArr); + wolfSSL_BIO_free(bio); + return NULL; + } } wolfSSL_BIO_free(bio); - return ret; + return memArr; } JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1isCA diff --git a/native/com_wolfssl_WolfSSLCertificate.h b/native/com_wolfssl_WolfSSLCertificate.h index 38a79287..ac0ffe3f 100644 --- a/native/com_wolfssl_WolfSSLCertificate.h +++ b/native/com_wolfssl_WolfSSLCertificate.h @@ -90,9 +90,9 @@ JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1signatu /* * Class: com_wolfssl_WolfSSLCertificate * Method: X509_print - * Signature: (J)Ljava/lang/String; + * Signature: (J)[B */ -JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1print +JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1print (JNIEnv *, jclass, jlong); /* diff --git a/native/com_wolfssl_WolfSSLSession.c b/native/com_wolfssl_WolfSSLSession.c index 967f9cc8..269483aa 100644 --- a/native/com_wolfssl_WolfSSLSession.c +++ b/native/com_wolfssl_WolfSSLSession.c @@ -2789,8 +2789,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setEccSignCtx void* eccSignCtx; internCtx* myCtx; -#endif WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr; +#endif /* find exception class in case we need it */ excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException"); @@ -2851,6 +2851,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setEccSignCtx wolfSSL_SetEccSignCtx(ssl, myCtx); #else + (void)jcl; + (void)sslPtr; (*jenv)->ThrowNew(jenv, excClass, "wolfSSL not compiled with PK Callbacks and/or ECC"); return; @@ -2866,8 +2868,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setEccVerifyCtx void* eccVerifyCtx; internCtx* myCtx; -#endif WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr; +#endif /* find exception class in case we need it */ excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException"); @@ -2928,6 +2930,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setEccVerifyCtx wolfSSL_SetEccVerifyCtx(ssl, myCtx); #else + (void)jcl; + (void)sslPtr; (*jenv)->ThrowNew(jenv, excClass, "wolfSSL not compiled with PK Callbacks and/or ECC"); return; @@ -2943,8 +2947,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setEccSharedSecretCtx void* eccSharedSecretCtx; internCtx* myCtx; -#endif WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr; +#endif /* find exception class in case we need it */ excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException"); @@ -3005,6 +3009,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setEccSharedSecretCtx wolfSSL_SetEccSharedSecretCtx(ssl, myCtx); #else + (void)jcl; + (void)sslPtr; (*jenv)->ThrowNew(jenv, excClass, "wolfSSL not compiled with PK Callbacks and/or ECC"); return; @@ -3020,8 +3026,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaSignCtx void* rsaSignCtx; internCtx* myCtx; -#endif WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr; +#endif /* find exception class in case we need it */ excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException"); @@ -3082,6 +3088,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaSignCtx wolfSSL_SetRsaSignCtx(ssl, myCtx); #else + (void)jcl; + (void)sslPtr; (*jenv)->ThrowNew(jenv, excClass, "wolfSSL not compiled with PK Callbacks and/or RSA support"); return; @@ -3097,8 +3105,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaVerifyCtx void* rsaVerifyCtx; internCtx* myCtx; -#endif WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr; +#endif /* find exception class in case we need it */ excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException"); @@ -3159,6 +3167,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaVerifyCtx wolfSSL_SetRsaVerifyCtx(ssl, myCtx); #else + (void)jcl; + (void)sslPtr; (*jenv)->ThrowNew(jenv, excClass, "wolfSSL not compiled with PK Callbacks and/or RSA support"); return; @@ -3174,8 +3184,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaEncCtx void* rsaEncCtx; internCtx* myCtx; -#endif WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr; +#endif /* find exception class in case we need it */ excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException"); @@ -3237,6 +3247,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaEncCtx wolfSSL_SetRsaEncCtx(ssl, myCtx); #else + (void)jcl; + (void)sslPtr; (*jenv)->ThrowNew(jenv, excClass, "wolfSSL not compiled with PK Callbacks and/or RSA support"); return; @@ -3252,8 +3264,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaDecCtx void* rsaDecCtx; internCtx* myCtx; -#endif WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr; +#endif /* find exception class in case we need it */ excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException"); @@ -3314,6 +3326,8 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setRsaDecCtx wolfSSL_SetRsaDecCtx(ssl, myCtx); #else + (void)jcl; + (void)sslPtr; (*jenv)->ThrowNew(jenv, excClass, "wolfSSL not compiled with PK Callbacks and/or RSA support"); return; diff --git a/src/java/com/wolfssl/WolfSSLCertificate.java b/src/java/com/wolfssl/WolfSSLCertificate.java index 8d9b3ff5..3dbea23d 100644 --- a/src/java/com/wolfssl/WolfSSLCertificate.java +++ b/src/java/com/wolfssl/WolfSSLCertificate.java @@ -25,6 +25,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.ByteArrayInputStream; +import java.nio.charset.Charset; import java.math.BigInteger; import java.text.ParseException; import java.text.SimpleDateFormat; @@ -62,7 +63,7 @@ public class WolfSSLCertificate { static native byte[] X509_get_signature(long x509); static native String X509_get_signature_type(long x509); static native String X509_get_signature_OID(long x509); - static native String X509_print(long x509); + static native byte[] X509_print(long x509); static native int X509_get_isCA(long x509); static native String X509_get_subject_name(long x509); static native String X509_get_issuer_name(long x509); @@ -600,7 +601,20 @@ public X509Certificate getX509Certificate() @Override public String toString() { - return X509_print(this.x509Ptr); + + byte[] x509Text; + + if (this.active == false) { + return super.toString(); + } + + x509Text = X509_print(this.x509Ptr); + if (x509Text != null) { + /* let Java do the modified UTF-8 conversion */ + return new String(x509Text, Charset.forName("UTF-8")); + } + + return super.toString(); } /** diff --git a/src/java/com/wolfssl/WolfSSLCustomUser.java b/src/java/com/wolfssl/WolfSSLCustomUser.java index 3ae33d73..91683bf4 100644 --- a/src/java/com/wolfssl/WolfSSLCustomUser.java +++ b/src/java/com/wolfssl/WolfSSLCustomUser.java @@ -37,6 +37,9 @@ public class WolfSSLCustomUser { /** Mask of options to set for the associated WOLFSSL_CTX */ public long noOptions; + /** Default WolfSSLCustomUser constructor */ + public WolfSSLCustomUser() { } + /** * callback for getting Context attributes before creating context, * TLS protocol and Cipher list diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java b/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java index f82af250..e86bfac4 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java @@ -63,6 +63,7 @@ public class WolfSSLAuthStore { private WolfSSLSessionContext clientCtx = null; /** + * Protected constructor to create new WolfSSLAuthStore * @param keyman key manager to use * @param trustman trust manager to use * @param random secure random @@ -189,6 +190,7 @@ private void initSecureRandom(SecureRandom random) { /** + * Get X509KeyManager for this object * @return get the key manager used */ protected X509KeyManager getX509KeyManager() { @@ -196,6 +198,7 @@ protected X509KeyManager getX509KeyManager() { } /** + * Get X509TrustManager for this object * @return get the trust manager used */ protected X509TrustManager getX509TrustManager() { @@ -203,6 +206,7 @@ protected X509TrustManager getX509TrustManager() { } /** + * Get the SecureRandom for this object * @return get secure random */ protected SecureRandom getSecureRandom() { @@ -210,6 +214,7 @@ protected SecureRandom getSecureRandom() { } /** + * Get protocol version set * @return get the current protocol version set */ protected TLS_VERSION getProtocolVersion() { @@ -217,6 +222,7 @@ protected TLS_VERSION getProtocolVersion() { } /** + * Set certificate alias * @param in alias to set for certificate used */ protected void setCertAlias(String in) { @@ -224,6 +230,7 @@ protected void setCertAlias(String in) { } /** + * Get certificate alias * @return alias name */ protected String getCertAlias() { diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java index 4ce2c466..0024d9ee 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java @@ -171,6 +171,8 @@ private void LoadTrustedRootCerts() { * If tm is not an instance of WolfSSLTrustX509, simply return * here since we do not need to interface with native verification */ if (!(tm instanceof com.wolfssl.provider.jsse.WolfSSLTrustX509)) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Deferring verification to checkClientTrusted/ServerTrusted()"); return; } diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java b/src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java index 8c950af7..a46c475e 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java @@ -30,6 +30,9 @@ */ public class WolfSSLDebug { + /** Default WolfSSLDebug constructor */ + public WolfSSLDebug() { } + /** * boolean to check if debug mode is on */ diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java index ef691c75..b4eae4a1 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java @@ -470,11 +470,19 @@ private void setLocalAuth() { X509TrustManager tm = authStore.getX509TrustManager(); if (tm instanceof com.wolfssl.provider.jsse.WolfSSLTrustX509) { /* use internal peer verification logic */ + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "X509TrustManager is of type WolfSSLTrustX509"); + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Using native internal peer verification logic"); this.ssl.setVerify(mask, null); } else { /* not our own TrustManager, set up callback so JSSE can use * TrustManager.checkClientTrusted/checkServerTrusted() */ + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "X509TrustManager is not of type WolfSSLTrustX509"); + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Using checkClientTrusted/ServerTrusted() for verification"); wicb = new WolfSSLInternalVerifyCb(authStore.getX509TrustManager(), this.clientMode); this.ssl.setVerify(WolfSSL.SSL_VERIFY_PEER, wicb); diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java b/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java index a1359f29..9a147b44 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java @@ -84,6 +84,8 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) { } else { WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "NOTE: Native wolfSSL peer verification failed"); + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + " Continuing with X509TrustManager verification"); } try { @@ -94,6 +96,8 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) { } catch (WolfSSLException e) { /* failed to get certs from native, give app null array */ + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Failed to get certs from x509StorePtr, certs = null"); certs = null; } @@ -103,9 +107,13 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) { x509certs = new X509Certificate[certs.length]; for (int i = 0; i < certs.length; i++) { x509certs[i] = certs[i].getX509Certificate(); + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Peer cert: " + x509certs[i].getSubjectDN().getName()); } } catch (CertificateException | IOException ce) { /* failed to get cert array, give app null array */ + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Failed to get X509Certificate[] array, set to null"); x509certs = null; } @@ -120,6 +128,8 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) { } else if (sigType.contains("ED25519")) { authType = "ED25519"; } + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Auth type: " + authType); /* Free native WolfSSLCertificate memory. At this * point x509certs[] is all Java managed memory now. */ @@ -132,15 +142,23 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) { /* poll TrustManager for cert verification, should throw * CertificateException if verification fails */ if (clientMode) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Calling TrustManager.checkServerTrusted()"); tm.checkServerTrusted(x509certs, authType); } else { + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "Calling TrustManager.checkClientTrusted()"); tm.checkClientTrusted(x509certs, authType); } } catch (Exception e) { /* TrustManager rejected certificate, not valid */ + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "TrustManager rejected certificates, verification failed"); return 0; } + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, + "TrustManager verification successful"); /* continue handshake, verification succeeded */ return 1; } diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java b/src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java index 34f5bacb..beb00886 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java @@ -38,6 +38,9 @@ public class WolfSSLKeyManager extends KeyManagerFactorySpi { private char[] pswd; private KeyStore store; + /** Default WolfSSLKeyManager constructor */ + public WolfSSLKeyManager() { } + @Override protected void engineInit(KeyStore store, char[] password) throws KeyStoreException, NoSuchAlgorithmException, diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java index 02c20188..c5c3c267 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java @@ -34,6 +34,9 @@ public class WolfSSLParametersHelper private static Method getServerNames = null; private static Method setServerNames = null; + /** Default WolfSSLParametersHelper constructor */ + public WolfSSLParametersHelper() { } + /* Runs upon class initialization to detect if this version of Java * has SSLParameters methods that older versions may not have */ static diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java b/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java index 48530065..2e202af0 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java @@ -42,6 +42,10 @@ public final class WolfSSLProvider extends Provider { * Inner callback class for wolfCrypt FIPS 140-2/3 errors */ public class JSSEFIPSErrorCallback implements WolfSSLFIPSErrorCallback { + + /** Default JSSEFIPSErrorCallback constructor */ + public JSSEFIPSErrorCallback() { } + /** * wolfCrypt FIPS 140-2/3 error callback. * Called when FIPS integrity test fails diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java index 08025cae..e2d1945f 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLTrustManager.java @@ -51,6 +51,9 @@ public class WolfSSLTrustManager extends TrustManagerFactorySpi { private KeyStore store; + /** Default WolfSSLTrustManager constructor */ + public WolfSSLTrustManager() { } + /* Initialize TrustManager. Attempts to load CA certifciates as trusted * roots into wolfSSL from user-provided KeyStore. If KeyStore is null, * we attempt to load default system CA certificates in the following diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java index df30091e..04c30826 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java @@ -567,7 +567,7 @@ public byte[] getExtensionValue(String oid) { } - @SuppressWarnings("deprecation") + @SuppressWarnings("removal") @Override public void finalize() throws Throwable { try { diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java b/src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java index d553d5db..c81d388a 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java @@ -207,6 +207,7 @@ public PublicKey getPublicKey() { } @Override + @SuppressWarnings("removal") public void finalize() throws Throwable { super.finalize(); this.cert.free(); diff --git a/src/java/com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java b/src/java/com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java index a9d59c08..7e8287a3 100644 --- a/src/java/com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java +++ b/src/java/com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java @@ -40,6 +40,9 @@ */ public class WolfSSLJDK8Helper { + /** Default WolfSSLJDK8Helper constructor */ + public WolfSSLJDK8Helper() { } + /** * Call SSLParameters.setServerNames() to set SNI server names from * WolfSSLParameters into SSLParameters. diff --git a/src/java/com/wolfssl/wolfcrypt/ECC.java b/src/java/com/wolfssl/wolfcrypt/ECC.java index 2c2822d6..e94bb1b9 100644 --- a/src/java/com/wolfssl/wolfcrypt/ECC.java +++ b/src/java/com/wolfssl/wolfcrypt/ECC.java @@ -33,6 +33,9 @@ */ public class ECC { + /** Default ECC constructor */ + public ECC() { } + /** * ECC verify. Wraps native wc_ecc_verify_hash() to verify ECDSA * signature against known hash value. diff --git a/src/java/com/wolfssl/wolfcrypt/RSA.java b/src/java/com/wolfssl/wolfcrypt/RSA.java index 788d9262..1077d80b 100644 --- a/src/java/com/wolfssl/wolfcrypt/RSA.java +++ b/src/java/com/wolfssl/wolfcrypt/RSA.java @@ -33,6 +33,9 @@ */ public class RSA { + /** Default RSA constructor */ + public RSA() { } + /** * RSA sign, wraps native wolfCrypt operation. * diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLKeyX509Test.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLKeyX509Test.java index 522f0188..753c93d0 100644 --- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLKeyX509Test.java +++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLKeyX509Test.java @@ -162,7 +162,7 @@ public void testgetServerAliases() { } /* should be no ECC keys in RSA key store */ - list = tf.createKeyManager("SunX509", tf.rsaJKS, provider); + list = tf.createKeyManager("SunX509", tf.serverRSAJKS, provider); km = (X509KeyManager) list[0]; alias = km.getServerAliases("EC", null); if (alias != null) { diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLServerSocketTest.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLServerSocketTest.java index 8b424c3e..36bf6dcd 100644 --- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLServerSocketTest.java +++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLServerSocketTest.java @@ -486,9 +486,9 @@ public Void call() throws Exception { ss.close(); /* fail case, incorrect root CA loaded to verify client cert. - * caJKS does not verify clientJKS (client cert is self-signed) */ + * caServerJKS does not verify clientJKS (client cert is self-signed) */ this.ctx = tf.createSSLContext("TLSv1.2", ctxProvider, - tf.createTrustManager("SunX509", tf.caJKS, ctxProvider), + tf.createTrustManager("SunX509", tf.caServerJKS, ctxProvider), tf.createKeyManager("SunX509", tf.clientJKS, ctxProvider)); ss = (SSLServerSocket)ctx.getServerSocketFactory() @@ -548,7 +548,7 @@ pass with setNeedClientAuth(false) */ /* client has correct CA to authenticate server */ SSLContext cliCtx = tf.createSSLContext("TLSv1.2", ctxProvider, - tf.createTrustManager("SunX509", tf.clientJKS, ctxProvider), + tf.createTrustManager("SunX509", tf.caServerJKS, ctxProvider), tf.createKeyManager("SunX509", tf.clientJKS, ctxProvider)); ss = (SSLServerSocket)srvCtx.getServerSocketFactory() diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLSocketTest.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLSocketTest.java index 3b13cd07..477a458a 100644 --- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLSocketTest.java +++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLSocketTest.java @@ -1123,7 +1123,7 @@ pass with setNeedClientAuth(false) */ /* client has correct CA to authenticate server */ SSLContext cliCtx = tf.createSSLContext("TLSv1.2", ctxProvider, - tf.createTrustManager("SunX509", tf.clientJKS, ctxProvider), + tf.createTrustManager("SunX509", tf.caServerJKS, ctxProvider), tf.createKeyManager("SunX509", tf.clientJKS, ctxProvider)); ss = (SSLServerSocket)srvCtx.getServerSocketFactory() diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLTestFactory.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLTestFactory.java index 1c9e13e2..7ed29bba 100644 --- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLTestFactory.java +++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLTestFactory.java @@ -58,27 +58,59 @@ */ class WolfSSLTestFactory { + protected String allJKS; + protected String allMixedJKS; protected String clientJKS; + protected String clientRSA1024JKS; + protected String clientRSAJKS; + protected String clientECCJKS; protected String serverJKS; - protected String allJKS; - protected String mixedJKS; + protected String serverRSA1024JKS; + protected String serverRSAJKS; + protected String serverECCJKS; protected String caJKS; - protected String rsaJKS; + protected String caClientJKS; + protected String caServerJKS; + protected String googleCACert; protected String exampleComCert; + protected final static char[] jksPass = "wolfSSL test".toCharArray(); protected String keyStoreType = "JKS"; private boolean extraDebug = false; protected WolfSSLTestFactory() throws WolfSSLException { - serverJKS = "examples/provider/server.jks"; - clientJKS = "examples/provider/client.jks"; - allJKS = "examples/provider/all.jks"; - mixedJKS = "examples/provider/all_mixed.jks"; - caJKS = "examples/provider/cacerts.jks"; - rsaJKS = "examples/provider/rsa.jks"; - googleCACert = "examples/certs/ca-google-root.der"; - exampleComCert = "examples/certs/example-com.der"; + /* wolfJSSE example Java KeyStore files, containing: + * all.jks All certs + * all_mixed.jks All certs, mixed order + * client.jks RSA 2048-bit and ECC client certs + * client-rsa-1024.jks RSA 1024-bit only client cert + * client-rsa.jks RSA 2048-bit only client cert + * client-ecc.jks ECC only client cert + * server.jks RSA 2048-bit and ECC server certs + * server-rsa-1024.jks RSA 1024-bit only server cert + * server-rsa.jks RSA 2048-bit only server cert + * server-ecc.jks ECC only server cert + * cacerts.jks All CA certs (RSA, ECC, 1024, 2048, etc) + * ca-client.jks CA certs used to verify client certs + * ca-server.jks CA certs used to verify server certs */ + allJKS = "examples/provider/all.jks"; + allMixedJKS = "examples/provider/all_mixed.jks"; + clientJKS = "examples/provider/client.jks"; + clientRSA1024JKS = "examples/provider/client-rsa-1024.jks"; + clientRSAJKS = "examples/provider/client-rsa.jks"; + clientECCJKS = "examples/provider/client-ecc.jks"; + serverJKS = "examples/provider/server.jks"; + serverRSA1024JKS = "examples/provider/server-rsa-1024.jks"; + serverRSAJKS = "examples/provider/server-rsa.jks"; + serverECCJKS = "examples/provider/server-ecc.jks"; + caJKS = "examples/provider/cacerts.jks"; + caClientJKS = "examples/provider/ca-client.jks"; + caServerJKS = "examples/provider/ca-server.jks"; + + /* External CA certificate files */ + googleCACert = "examples/certs/ca-google-root.der"; + exampleComCert = "examples/certs/example-com.der"; /* test if running from IDE directory */ File f = new File(serverJKS); @@ -99,12 +131,20 @@ protected WolfSSLTestFactory() throws WolfSSLException { } private void setPaths(String in) { - serverJKS = in.concat(serverJKS); - clientJKS = in.concat(clientJKS); allJKS = in.concat(allJKS); - mixedJKS = in.concat(mixedJKS); + allMixedJKS = in.concat(allMixedJKS); + clientJKS = in.concat(clientJKS); + clientRSA1024JKS = in.concat(clientRSA1024JKS); + clientRSAJKS = in.concat(clientRSAJKS); + clientECCJKS = in.concat(clientECCJKS); + serverJKS = in.concat(serverJKS); + serverRSA1024JKS = in.concat(serverRSA1024JKS); + serverRSAJKS = in.concat(serverRSAJKS); + serverECCJKS = in.concat(serverECCJKS); caJKS = in.concat(caJKS); - rsaJKS = in.concat(rsaJKS); + caClientJKS = in.concat(caClientJKS); + caServerJKS = in.concat(caServerJKS); + googleCACert = in.concat(googleCACert); exampleComCert = in.concat(exampleComCert); } @@ -126,12 +166,19 @@ private boolean isAndroidFile() { File f; if (isAndroid()) { - serverJKS = "examples/provider/server.bks"; - clientJKS = "examples/provider/client.bks"; - allJKS = "examples/provider/all.bks"; - mixedJKS = "examples/provider/all_mixed.bks"; - caJKS = "examples/provider/cacerts.bks"; - rsaJKS = "examples/provider/rsa.bks"; + allJKS = "examples/provider/all.bks"; + allMixedJKS = "examples/provider/all_mixed.bks"; + clientJKS = "examples/provider/client.bks"; + clientRSA1024JKS = "examples/provider/client-rsa-1024.bks"; + clientRSAJKS = "examples/provider/client-rsa.bks"; + clientECCJKS = "examples/provider/client-ecc.bks"; + serverJKS = "examples/provider/server.bks"; + serverRSA1024JKS = "examples/provider/server-rsa-1024.bks"; + serverRSAJKS = "examples/provider/server-rsa.bks"; + serverECCJKS = "examples/provider/server-ecc.bks"; + caJKS = "examples/provider/cacerts.bks"; + caClientJKS = "examples/provider/ca-client.bks"; + caServerJKS = "examples/provider/ca-server.bks"; keyStoreType = "BKS"; } diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLTrustX509Test.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLTrustX509Test.java index 32e8ef44..beda22e6 100644 --- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLTrustX509Test.java +++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLTrustX509Test.java @@ -78,11 +78,13 @@ public void testCAParsing() TrustManager[] tm; X509TrustManager x509tm; X509Certificate cas[]; + + String OU[] = { "OU=Programming-2048", "OU=Support", + "OU=Support_1024", "OU=Consulting", "OU=Development", + "OU=Fast", "OU=Consulting_1024", "OU=Programming-1024", "OU=ECC" }; + int i = 0; - int expected = 9; - String OU[] = { "OU=ECC", "OU=Programming-2048", "OU=Support", - "OU=Support_1024", "OU=Consulting", "OU=Development", "OU=Fast", - "OU=Consulting_1024", "OU=Programming-1024" }; + int expected = OU.length; System.out.print("\tTesting parse all.jks"); @@ -92,10 +94,11 @@ public void testCAParsing() return; } - /* wolfSSL only returns a list of CA's, server-ecc basic constraint is set - * to false so it is not added as a CA */ + /* wolfSSL only returns a list of CA's, server-ecc basic constraint is + * set to false so it is not added as a CA */ if (this.provider != null && this.provider.equals("wolfJSSE")) { - expected = 8; /* one less than SunJSSE because of server-ecc */ + /* one less than SunJSSE because of server-ecc */ + expected = expected - 1; } tm = tf.createTrustManager("SunX509", tf.allJKS, provider); @@ -120,6 +123,8 @@ public void testCAParsing() for (String x: OU) { if (this.provider != null && provider.equals("wolfJSSE") && x.equals("OU=ECC")) { + /* skip checking ECC certs, since not all Java versions + * support them */ continue; } @@ -139,10 +144,11 @@ public void testServerParsing() TrustManager[] tm; X509TrustManager x509tm; X509Certificate cas[]; + + String OU[] = { "OU=Support", "OU=ECC" }; + int i = 0; - int expected = 6; - String OU[] = { "OU=Programming-2048", "OU=Fast", "OU=Support", - "OU=ECC", "OU=Programming-1024", "OU=Support_1024" }; + int expected = OU.length; System.out.print("\tTesting parsing server.jks"); @@ -152,10 +158,11 @@ public void testServerParsing() return; } - /* wolfSSL only returns a list of CA's, server-ecc basic constraint is set - * to false so it is not added as a CA */ + /* wolfSSL only returns a list of CA's, server-ecc basic constraint is + * set to false so it is not added as a CA */ if (this.provider != null && this.provider.equals("wolfJSSE")) { - expected = expected-1; /* one less than SunJSSE because of server-ecc */ + /* one less than SunJSSE because of server-ecc */ + expected = expected - 1; } tm = tf.createTrustManager("SunX509", tf.serverJKS, provider); @@ -200,12 +207,13 @@ public void testCAParsingMixed() TrustManager[] tm; X509TrustManager x509tm; X509Certificate cas[]; + + String OU[] = { "OU=Consulting", "OU=Programming-2048", "OU=Fast", + "OU=Support", "OU=Programming-1024", "OU=Consulting_1024", + "OU=Support_1024", "OU=ECC" }; + int i = 0, j; - int expected = 8; - String OU[] = { "OU=Consulting", "Programming-2048", "OU=Fast", - "OU=Support", "OU=ECC", "OU=Programming-1024", "OU=Consulting_1024", - "OU=Support_1024", - }; + int expected = OU.length; System.out.print("\tTesting parse all_mixed.jks"); @@ -214,13 +222,14 @@ public void testCAParsingMixed() pass("\t... skipped"); return; } - /* wolfSSL only returns a list of CA's, server-ecc basic constraint is set - * to false so it is not added as a CA */ + /* wolfSSL only returns a list of CA's, server-ecc basic constraint is + * set to false so it is not added as a CA */ if (this.provider != null && this.provider.equals("wolfJSSE")) { - expected = 7; /* one less than SunJSSE because of server-ecc */ + /* one less than SunJSSE because of server-ecc */ + expected = expected - 1; } - tm = tf.createTrustManager("SunX509", tf.mixedJKS, provider); + tm = tf.createTrustManager("SunX509", tf.allMixedJKS, provider); if (tm == null) { error("\t... failed"); fail("failed to create trustmanager"); @@ -242,6 +251,8 @@ public void testCAParsingMixed() for (j = 0; j < OU.length && i < cas.length; j++) { if (this.provider != null && provider.equals("wolfJSSE") && OU[j].equals("OU=ECC")) { + /* skip checking ECC certs, since not all Java versions + * support them */ continue; } diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java index 5b37140c..7efc7dc9 100644 --- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java +++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java @@ -396,14 +396,19 @@ public void testGetters() { int ret, i; String[] ciphers; String certType; - SSLContext ctx; + SSLContext ctxClient; + SSLContext ctxServer; System.out.print("\tTesting x509 getters"); - ctx = tf.createSSLContext("TLS", provider, - tf.createTrustManager("SunX509", tf.rsaJKS, provider), - tf.createKeyManager("SunX509", tf.rsaJKS, provider)); - server = ctx.createSSLEngine(); - client = ctx.createSSLEngine("wolfSSL client test", 11111); + ctxClient = tf.createSSLContext("TLS", provider, + tf.createTrustManager("SunX509", tf.caServerJKS, provider), + tf.createKeyManager("SunX509", tf.clientRSAJKS, provider)); + ctxServer = tf.createSSLContext("TLS", provider, + tf.createTrustManager("SunX509", tf.caClientJKS, provider), + tf.createKeyManager("SunX509", tf.serverRSAJKS, provider)); + + server = ctxServer.createSSLEngine(); + client = ctxClient.createSSLEngine("wolfSSL client test", 11111); /* make connection using RSA certificate */ server.setUseClientMode(false); diff --git a/src/test/com/wolfssl/test/WolfSSLCertificateTest.java b/src/test/com/wolfssl/test/WolfSSLCertificateTest.java index 30e1118a..2c96287c 100644 --- a/src/test/com/wolfssl/test/WolfSSLCertificateTest.java +++ b/src/test/com/wolfssl/test/WolfSSLCertificateTest.java @@ -194,10 +194,10 @@ public void test_WolfSSLCertificate_new_pemFile() { public void test_getSerial() { byte[] expected = new byte[]{ - (byte)0x53, (byte)0x16, (byte)0x7c, (byte)0xa0, (byte)0x56, - (byte)0x50, (byte)0x46, (byte)0x27, (byte)0x82, (byte)0xed, - (byte)0x60, (byte)0xb4, (byte)0xda, (byte)0x33, (byte)0xd8, - (byte)0x6a, (byte)0xc0, (byte)0xea, (byte)0xdc, (byte)0x31 + (byte)0x01, (byte)0x1a, (byte)0xeb, (byte)0x56, (byte)0xab, + (byte)0xdc, (byte)0x8b, (byte)0xf3, (byte)0xa6, (byte)0x1e, + (byte)0xf4, (byte)0x93, (byte)0x60, (byte)0x89, (byte)0xb7, + (byte)0x05, (byte)0x07, (byte)0x29, (byte)0x01, (byte)0x2c }; byte[] serial; int i; @@ -217,7 +217,7 @@ public void test_getSerial() { @SuppressWarnings("deprecation") public void test_notBefore() { Date date = cert.notBefore(); - Date expected = new Date("Dec 20 23:07:24 2021 GMT"); + Date expected = new Date("Feb 15 12:50:24 2022 GMT"); System.out.print("\t\tnotBefore"); if (date.compareTo(expected) != 0) { System.out.println("\t\t... failed"); @@ -230,7 +230,7 @@ public void test_notBefore() { @SuppressWarnings("deprecation") public void test_notAfter() { Date date = cert.notAfter(); - Date expected = new Date("Sep 15 23:07:24 2024 GMT"); + Date expected = new Date("Nov 11 12:50:24 2024 GMT"); System.out.print("\t\tnotAfter"); if (date.compareTo(expected) != 0) { System.out.println("\t\t... failed"); @@ -253,70 +253,49 @@ public void test_getVersion() { public void test_getSignature() { byte[] sig = cert.getSignature(); byte[] expected = new byte[] { - (byte)0xB8, (byte)0xE8, (byte)0xE3, (byte)0x2A, - (byte)0x48, (byte)0x6C, (byte)0x04, (byte)0x8B, - (byte)0xF8, (byte)0x81, (byte)0x14, (byte)0x1A, - (byte)0xCE, (byte)0x14, (byte)0xED, (byte)0xC7, - (byte)0xF0, (byte)0xD3, (byte)0xCB, (byte)0x9A, - (byte)0x91, (byte)0xD9, (byte)0x2C, (byte)0x1D, - (byte)0x6E, (byte)0x73, (byte)0x36, (byte)0x8F, - (byte)0xA3, (byte)0x61, (byte)0xC4, (byte)0x1F, - (byte)0xDA, (byte)0xD1, (byte)0x4B, (byte)0xB6, - (byte)0x40, (byte)0xD0, (byte)0x6A, (byte)0xC4, - (byte)0x2B, (byte)0x43, (byte)0xC8, (byte)0x2F, - (byte)0xFB, (byte)0xEE, (byte)0x5A, (byte)0xC9, - (byte)0x41, (byte)0x9D, (byte)0x2B, (byte)0x6F, - (byte)0xF3, (byte)0x39, (byte)0x67, (byte)0x20, - (byte)0xEC, (byte)0x7C, (byte)0xD6, (byte)0xA0, - (byte)0x7F, (byte)0x06, (byte)0x79, (byte)0xCD, - (byte)0x52, (byte)0x2C, (byte)0xC9, (byte)0x3C, - (byte)0x5B, (byte)0xBF, (byte)0xE5, (byte)0x01, - (byte)0x47, (byte)0x90, (byte)0xF0, (byte)0x82, - (byte)0x88, (byte)0xF1, (byte)0x3D, (byte)0x45, - (byte)0x25, (byte)0xF4, (byte)0xD1, (byte)0x4B, - (byte)0xEC, (byte)0xAC, (byte)0x3F, (byte)0x1B, - (byte)0xCE, (byte)0xA1, (byte)0x0E, (byte)0x61, - (byte)0xA0, (byte)0x29, (byte)0x41, (byte)0xF6, - (byte)0x21, (byte)0x0E, (byte)0x9F, (byte)0x73, - (byte)0xB3, (byte)0x39, (byte)0x34, (byte)0xC4, - (byte)0x1E, (byte)0x55, (byte)0x5F, (byte)0x9F, - (byte)0xE7, (byte)0x42, (byte)0xCA, (byte)0xAB, - (byte)0x8F, (byte)0x3C, (byte)0x62, (byte)0x86, - (byte)0x26, (byte)0x94, (byte)0xB5, (byte)0xB7, - (byte)0x8B, (byte)0x7C, (byte)0x65, (byte)0x4C, - (byte)0x3E, (byte)0xB7, (byte)0xAC, (byte)0xF5, - (byte)0x51, (byte)0x0D, (byte)0xA5, (byte)0x14, - (byte)0x0F, (byte)0x6F, (byte)0x2B, (byte)0xFE, - (byte)0x62, (byte)0x95, (byte)0x26, (byte)0x1E, - (byte)0x10, (byte)0x52, (byte)0xAE, (byte)0x44, - (byte)0x58, (byte)0x95, (byte)0xDC, (byte)0xB4, - (byte)0xC4, (byte)0x76, (byte)0x2F, (byte)0x14, - (byte)0x28, (byte)0x64, (byte)0x45, (byte)0xAA, - (byte)0x94, (byte)0x61, (byte)0xDA, (byte)0x1A, - (byte)0xD0, (byte)0xCF, (byte)0xB3, (byte)0x3A, - (byte)0x83, (byte)0xC8, (byte)0x66, (byte)0xFB, - (byte)0xE8, (byte)0x58, (byte)0xDC, (byte)0xD4, - (byte)0x91, (byte)0x4A, (byte)0x9A, (byte)0xE7, - (byte)0xC8, (byte)0xB6, (byte)0xEA, (byte)0xF9, - (byte)0x52, (byte)0x19, (byte)0xB2, (byte)0x3D, - (byte)0x5F, (byte)0x95, (byte)0x29, (byte)0xAC, - (byte)0x8B, (byte)0xCF, (byte)0x9B, (byte)0x5C, - (byte)0xD6, (byte)0xDD, (byte)0xCD, (byte)0x6B, - (byte)0xF2, (byte)0x71, (byte)0xFD, (byte)0xB6, - (byte)0x4D, (byte)0x18, (byte)0x98, (byte)0x08, - (byte)0x5B, (byte)0x8A, (byte)0xE7, (byte)0x2B, - (byte)0xCB, (byte)0xBD, (byte)0x68, (byte)0x97, - (byte)0x1C, (byte)0x02, (byte)0xAA, (byte)0x41, - (byte)0x59, (byte)0x0D, (byte)0xF8, (byte)0x0E, - (byte)0x50, (byte)0xD7, (byte)0x48, (byte)0x6F, - (byte)0x81, (byte)0xC4, (byte)0x00, (byte)0x70, - (byte)0x56, (byte)0x67, (byte)0x64, (byte)0x1A, - (byte)0xB3, (byte)0x56, (byte)0xFC, (byte)0x23, - (byte)0xF4, (byte)0x84, (byte)0x49, (byte)0x36, - (byte)0xF7, (byte)0x7F, (byte)0x38, (byte)0x94, - (byte)0x38, (byte)0xDA, (byte)0x40, (byte)0x81, - (byte)0xC0, (byte)0xB9, (byte)0xB0, (byte)0xAD, - (byte)0xEA, (byte)0xCE, (byte)0x38, (byte)0xF2 + (byte)0x64, (byte)0x6d, (byte)0xa6, (byte)0x4a, (byte)0xa8, (byte)0x9f, + (byte)0xa7, (byte)0xe9, (byte)0x75, (byte)0x2c, (byte)0xf3, (byte)0x85, + (byte)0x3d, (byte)0x3e, (byte)0xaf, (byte)0x38, (byte)0xfb, (byte)0x6c, + (byte)0xc7, (byte)0xeb, (byte)0xc7, (byte)0xd0, (byte)0x2b, (byte)0xa2, + (byte)0x45, (byte)0xb5, (byte)0x65, (byte)0xbe, (byte)0xd0, (byte)0x13, + (byte)0x2c, (byte)0xf7, (byte)0xa3, (byte)0xc1, (byte)0xeb, (byte)0x3c, + (byte)0xb1, (byte)0xf8, (byte)0xb8, (byte)0x3d, (byte)0x63, (byte)0x8f, + (byte)0xca, (byte)0x08, (byte)0x4e, (byte)0x65, (byte)0x1d, (byte)0x2c, + (byte)0xce, (byte)0x34, (byte)0x6e, (byte)0x35, (byte)0x96, (byte)0x87, + (byte)0x93, (byte)0x30, (byte)0x5d, (byte)0xaa, (byte)0xc8, (byte)0xe9, + (byte)0xa0, (byte)0x9c, (byte)0x9b, (byte)0x84, (byte)0x78, (byte)0x3a, + (byte)0x52, (byte)0xa1, (byte)0x33, (byte)0x48, (byte)0x6e, (byte)0x84, + (byte)0x66, (byte)0x71, (byte)0x9c, (byte)0xcf, (byte)0xd1, (byte)0xc7, + (byte)0x7b, (byte)0x02, (byte)0x4c, (byte)0xe1, (byte)0x49, (byte)0x7c, + (byte)0x69, (byte)0x47, (byte)0xfc, (byte)0xb7, (byte)0x01, (byte)0xf9, + (byte)0xa0, (byte)0x39, (byte)0x3b, (byte)0xab, (byte)0xb9, (byte)0xc6, + (byte)0xd9, (byte)0xca, (byte)0x27, (byte)0x85, (byte)0xf0, (byte)0x5c, + (byte)0xb6, (byte)0xa4, (byte)0xe6, (byte)0xdc, (byte)0xf2, (byte)0x52, + (byte)0xfe, (byte)0x44, (byte)0x00, (byte)0xb6, (byte)0xf0, (byte)0x47, + (byte)0xf2, (byte)0x6f, (byte)0x3f, (byte)0xd5, (byte)0x0f, (byte)0xff, + (byte)0x31, (byte)0x93, (byte)0x53, (byte)0x88, (byte)0x8c, (byte)0xc7, + (byte)0xfb, (byte)0x56, (byte)0x10, (byte)0x4b, (byte)0x3b, (byte)0x43, + (byte)0xe6, (byte)0x8a, (byte)0x9c, (byte)0xb7, (byte)0xb4, (byte)0x9a, + (byte)0xdd, (byte)0x5c, (byte)0xe3, (byte)0xcd, (byte)0x9c, (byte)0xbd, + (byte)0xa7, (byte)0x0c, (byte)0xc1, (byte)0xd9, (byte)0x96, (byte)0xf0, + (byte)0x93, (byte)0xf3, (byte)0xab, (byte)0xbd, (byte)0xd2, (byte)0x1e, + (byte)0x77, (byte)0x8a, (byte)0x42, (byte)0xcd, (byte)0x0f, (byte)0xfe, + (byte)0x48, (byte)0xda, (byte)0x57, (byte)0x34, (byte)0x61, (byte)0x46, + (byte)0xa3, (byte)0x89, (byte)0x2e, (byte)0x31, (byte)0xd2, (byte)0x4a, + (byte)0xd4, (byte)0x43, (byte)0x2f, (byte)0x56, (byte)0x85, (byte)0x44, + (byte)0x75, (byte)0xca, (byte)0x6b, (byte)0x36, (byte)0xe2, (byte)0xe8, + (byte)0x3a, (byte)0xb2, (byte)0x95, (byte)0x95, (byte)0x3a, (byte)0x28, + (byte)0x90, (byte)0x8d, (byte)0xc0, (byte)0x23, (byte)0xfb, (byte)0x3c, + (byte)0xd2, (byte)0x1a, (byte)0x73, (byte)0x6b, (byte)0xef, (byte)0xfd, + (byte)0xd6, (byte)0x1b, (byte)0xeb, (byte)0x6d, (byte)0x67, (byte)0x2a, + (byte)0xe1, (byte)0xeb, (byte)0x2a, (byte)0x83, (byte)0x22, (byte)0xad, + (byte)0xe3, (byte)0x95, (byte)0x19, (byte)0xe5, (byte)0x93, (byte)0xee, + (byte)0x14, (byte)0xdc, (byte)0xb5, (byte)0x7d, (byte)0xe7, (byte)0xcf, + (byte)0x89, (byte)0x8c, (byte)0xd7, (byte)0x8f, (byte)0xd2, (byte)0x3f, + (byte)0x68, (byte)0x7e, (byte)0xa9, (byte)0x74, (byte)0x7c, (byte)0x1b, + (byte)0x38, (byte)0x65, (byte)0xf9, (byte)0x28, (byte)0x4d, (byte)0xff, + (byte)0x50, (byte)0xc8, (byte)0xee, (byte)0x51, (byte)0x3a, (byte)0x8f, + (byte)0x1d, (byte)0x9e, (byte)0x55, (byte)0x5e }; int i; System.out.print("\t\tgetSignature");