Mercurial > hg > icedtea8-forest > jdk
changeset 14928:466b007eedbb
8234728: Some security tests should support TLSv1.3
Summary: Tests were updated to support TLSv1.3 and cipher suite order
Reviewed-by: xuelei, andrew
| author | ssahoo |
|---|---|
| date | Fri, 13 Dec 2019 01:43:14 -0800 |
| parents | b9d3fa975c60 |
| children | 25ef0910e622 |
| files | src/share/classes/sun/security/ssl/CipherSuite.java test/javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java test/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java test/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java test/javax/net/ssl/templates/SSLSocketTemplate.java test/sun/security/ssl/HandshakeHash/DigestBase.java test/sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java test/sun/security/util/HostnameMatcher/NullHostnameCheck.java |
| diffstat | 8 files changed, 479 insertions(+), 126 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/CipherSuite.java Tue Aug 08 21:37:38 2017 +0800 +++ b/src/share/classes/sun/security/ssl/CipherSuite.java Fri Dec 13 01:43:14 2019 -0800 @@ -388,7 +388,7 @@ ProtocolVersion.PROTOCOLS_TO_TLS12, K_DH_ANON, B_RC4_128, M_MD5, H_SHA256), - // weak cipher suites obsoleted in TLS 1.2 [RFC 5246] + // Weak cipher suites obsoleted in TLS 1.2 [RFC 5246] SSL_RSA_WITH_DES_CBC_SHA( 0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA", "TLS_RSA_WITH_DES_CBC_SHA", @@ -410,7 +410,7 @@ ProtocolVersion.PROTOCOLS_TO_11, K_DH_ANON, B_DES, M_SHA, H_NONE), - // weak cipher suites obsoleted in TLS 1.1 [RFC 4346] + // Weak cipher suites obsoleted in TLS 1.1 [RFC 4346] SSL_RSA_EXPORT_WITH_DES40_CBC_SHA( 0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", @@ -442,7 +442,7 @@ ProtocolVersion.PROTOCOLS_TO_10, K_DH_ANON, B_RC4_40, M_MD5, H_NONE), - // no traffic encryption cipher suites + // No traffic encryption cipher suites TLS_RSA_WITH_NULL_SHA256( 0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "", ProtocolVersion.PROTOCOLS_OF_12, @@ -521,7 +521,7 @@ ProtocolVersion.PROTOCOLS_TO_10, K_KRB5_EXPORT, B_RC4_40, M_MD5, H_SHA256), - // Definition of the CipherSuites that are not supported but the names + // Definition of the cipher suites that are not supported but the names // are known. TLS_CHACHA20_POLY1305_SHA256( // TLS 1.3 "TLS_CHACHA20_POLY1305_SHA256", 0x1303), @@ -530,7 +530,7 @@ TLS_AES_128_CCM_8_SHA256( // TLS 1.3 "TLS_AES_128_CCM_8_SHA256", 0x1305), - // remaining unsupported ciphersuites defined in RFC2246. + // Remaining unsupported cipher suites defined in RFC2246. CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006), CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007), CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b), @@ -540,18 +540,18 @@ CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f), CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010), - // SSL 3.0 Fortezza ciphersuites + // SSL 3.0 Fortezza cipher suites CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c), CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d), - // 1024/56 bit exportable ciphersuites from expired internet draft + // 1024/56 bit exportable cipher suites from expired internet draft CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062), CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063), CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064), CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065), CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066), - // Netscape old and new SSL 3.0 FIPS ciphersuites + // Netscape old and new SSL 3.0 FIPS cipher suites // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0), CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1),
--- a/test/javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java Tue Aug 08 21:37:38 2017 +0800 +++ b/test/javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java Fri Dec 13 01:43:14 2019 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,21 +28,21 @@ /* * @test - * @bug 7174244 - * @summary NPE in Krb5ProxyImpl.getServerKeys() - * @ignore the dependent implementation details are changed + * @bug 7174244 8234728 + * @summary Test for ciphersuites order * @run main/othervm CipherSuitesInOrder */ import java.util.*; import javax.net.ssl.*; -import java.security.Security; public class CipherSuitesInOrder { - // supported ciphersuites - private final static List<String> supportedCipherSuites = - Arrays.<String>asList( + // Supported ciphersuites + private final static List<String> supportedCipherSuites + = Arrays.<String>asList( + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", @@ -152,19 +152,19 @@ ); private final static String[] protocols = { - "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" + "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" }; public static void main(String[] args) throws Exception { // show all of the supported cipher suites showSuites(supportedCipherSuites.toArray(new String[0]), - "All supported cipher suites"); + "All supported cipher suites"); for (String protocol : protocols) { System.out.println("//"); - System.out.println("// " + - "Testing for SSLContext of " + protocol); + System.out.println("// " + + "Testing for SSLContext of " + protocol); System.out.println("//"); checkForProtocols(protocol); } @@ -189,7 +189,6 @@ checkSuites(parameters.getCipherSuites(), "Supported cipher suites in SSLContext"); - // // Check the cipher suites order of SSLEngine // @@ -209,34 +208,34 @@ // Check the cipher suites order of SSLSocket // SSLSocketFactory factory = context.getSocketFactory(); - try (SSLSocket socket = (SSLSocket)factory.createSocket()) { + try (SSLSocket socket = (SSLSocket) factory.createSocket()) { // check the order of endabled cipher suites ciphers = socket.getEnabledCipherSuites(); checkSuites(ciphers, - "Enabled cipher suites in SSLSocket"); + "Enabled cipher suites in SSLSocket"); // check the order of supported cipher suites ciphers = socket.getSupportedCipherSuites(); checkSuites(ciphers, - "Supported cipher suites in SSLSocket"); + "Supported cipher suites in SSLSocket"); } // // Check the cipher suites order of SSLServerSocket // SSLServerSocketFactory serverFactory = context.getServerSocketFactory(); - try (SSLServerSocket serverSocket = - (SSLServerSocket)serverFactory.createServerSocket()) { + try (SSLServerSocket serverSocket + = (SSLServerSocket) serverFactory.createServerSocket()) { // check the order of endabled cipher suites ciphers = serverSocket.getEnabledCipherSuites(); checkSuites(ciphers, - "Enabled cipher suites in SSLServerSocket"); + "Enabled cipher suites in SSLServerSocket"); // check the order of supported cipher suites ciphers = serverSocket.getSupportedCipherSuites(); checkSuites(ciphers, - "Supported cipher suites in SSLServerSocket"); + "Supported cipher suites in SSLServerSocket"); } } @@ -250,7 +249,6 @@ if (index <= loc) { throw new RuntimeException(suite + " is not in order"); } - loc = index; } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java Fri Dec 13 01:43:14 2019 -0800 @@ -0,0 +1,146 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +import java.util.Arrays; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLSocket; + +/* + * @test + * @bug 8234728 + * @library /javax/net/ssl/templates + * /javax/net/ssl/TLSCommon + * @summary Test TLS ciphersuites order set through System properties + * @ignore Not applicable until the cipher order of system property maintained. + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384 + * -Djdk.tls.server.cipherSuites=TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256 + * -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3" + * SystemPropCipherSuitesOrder TLSv1.3 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384 + * -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3" + * SystemPropCipherSuitesOrder TLSv1.3 + * @run main/othervm + * -Djdk.tls.server.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384 + * -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3" + * SystemPropCipherSuitesOrder TLSv1.3 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * SystemPropCipherSuitesOrder TLSv1.2 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * SystemPropCipherSuitesOrder TLSv1.2 + * @run main/othervm + * -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * SystemPropCipherSuitesOrder TLSv1.2 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * SystemPropCipherSuitesOrder TLSv1.1 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * SystemPropCipherSuitesOrder TLSv1.1 + * @run main/othervm + * -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * SystemPropCipherSuitesOrder TLSv1.1 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * SystemPropCipherSuitesOrder TLSv1 + * @run main/othervm + * -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * SystemPropCipherSuitesOrder TLSv1 + * @run main/othervm + * -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + * SystemPropCipherSuitesOrder TLSv1 + */ +public class SystemPropCipherSuitesOrder extends SSLSocketTemplate { + + private final String protocol; + private static String[] servercipherSuites; + private static String[] clientcipherSuites; + + public static void main(String[] args) { + servercipherSuites + = toArray(System.getProperty("jdk.tls.server.cipherSuites")); + clientcipherSuites + = toArray(System.getProperty("jdk.tls.client.cipherSuites")); + System.out.printf("SYSTEM PROPERTIES: ServerProp:%s - ClientProp:%s%n", + Arrays.deepToString(servercipherSuites), + Arrays.deepToString(clientcipherSuites)); + + try { + new SystemPropCipherSuitesOrder(args[0]).run(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + private SystemPropCipherSuitesOrder(String protocol) { + this.protocol = protocol; + } + + // Servers are configured before clients, increment test case after. + @Override + protected void configureClientSocket(SSLSocket socket) { + socket.setEnabledProtocols(new String[]{protocol}); + } + + @Override + protected void configureServerSocket(SSLServerSocket serverSocket) { + serverSocket.setEnabledProtocols(new String[]{protocol}); + } + + protected void runServerApplication(SSLSocket socket) throws Exception { + if (servercipherSuites != null) { + System.out.printf("SERVER: SystemProperty:%s - " + + "getEnabledCipherSuites:%s%n", + Arrays.deepToString(servercipherSuites), + Arrays.deepToString(socket.getEnabledCipherSuites())); + } + if (servercipherSuites != null && !Arrays.equals( + servercipherSuites, socket.getEnabledCipherSuites())) { + throw new RuntimeException("Unmatched server side CipherSuite order"); + } + super.runServerApplication(socket); + } + + protected void runClientApplication(SSLSocket socket) throws Exception { + if (clientcipherSuites != null) { + System.out.printf("CLIENT: SystemProperty:%s - " + + "getEnabledCipherSuites:%s%n", + Arrays.deepToString(clientcipherSuites), + Arrays.deepToString(socket.getEnabledCipherSuites())); + } + if (clientcipherSuites != null && !Arrays.equals(clientcipherSuites, + socket.getEnabledCipherSuites())) { + throw new RuntimeException("Unmatched client side CipherSuite order"); + } + super.runClientApplication(socket); + } + + private static String[] toArray(String prop) { + return (prop != null) ? prop.split(",") : null; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java Fri Dec 13 01:43:14 2019 -0800 @@ -0,0 +1,184 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +import java.util.Arrays; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLSocket; + +/* + * @test + * @bug 8234728 + * @library /javax/net/ssl/templates + * /javax/net/ssl/TLSCommon + * @summary Test TLS ciphersuites order. + * Parameter order: <protocol> <client cipher order> <server cipher order> + * @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED UNORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED ORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED UNORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED ORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED UNORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED ORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED default + * @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED UNORDERED + * @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED ORDERED + */ +public class TLSCipherSuitesOrder extends SSLSocketTemplate { + + private final String protocol; + private final String[] servercipherSuites; + private final String[] clientcipherSuites; + + public static void main(String[] args) { + PROTOCOL protocol = PROTOCOL.valueOf(args[0]); + try { + new TLSCipherSuitesOrder(protocol.getProtocol(), + protocol.getCipherSuite(args[1]), + protocol.getCipherSuite(args[2])).run(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + private TLSCipherSuitesOrder(String protocol, String[] clientcipherSuites, + String[] servercipherSuites) { + this.protocol = protocol; + this.clientcipherSuites = clientcipherSuites; + this.servercipherSuites = servercipherSuites; + } + + // Servers are configured before clients, increment test case after. + @Override + protected void configureClientSocket(SSLSocket socket) { + socket.setEnabledProtocols(new String[]{protocol}); + if (clientcipherSuites != null) { + socket.setEnabledCipherSuites(clientcipherSuites); + } + } + + @Override + protected void configureServerSocket(SSLServerSocket serverSocket) { + serverSocket.setEnabledProtocols(new String[]{protocol}); + if (servercipherSuites != null) { + serverSocket.setEnabledCipherSuites(servercipherSuites); + } + } + + protected void runServerApplication(SSLSocket socket) throws Exception { + if (servercipherSuites != null) { + System.out.printf("SERVER: setEnabledCipherSuites:%s - " + + "getEnabledCipherSuites:%s%n", + Arrays.deepToString(servercipherSuites), + Arrays.deepToString(socket.getEnabledCipherSuites())); + } + if (servercipherSuites != null && !Arrays.equals(servercipherSuites, + socket.getEnabledCipherSuites())) { + throw new RuntimeException("Unmatched server side CipherSuite order"); + } + super.runServerApplication(socket); + } + + protected void runClientApplication(SSLSocket socket) throws Exception { + if (clientcipherSuites != null) { + System.out.printf("CLIENT: setEnabledCipherSuites:%s - " + + "getEnabledCipherSuites:%s%n", + Arrays.deepToString(clientcipherSuites), + Arrays.deepToString(socket.getEnabledCipherSuites())); + } + if (clientcipherSuites != null && !Arrays.equals( + clientcipherSuites, socket.getEnabledCipherSuites())) { + throw new RuntimeException("Unmatched client side CipherSuite order"); + } + super.runClientApplication(socket); + } + + enum PROTOCOL { + TLSv13("TLSv1.3", + new String[]{ + "TLS_AES_256_GCM_SHA384", + "TLS_AES_128_GCM_SHA256"}, + new String[]{ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384"}), + TLSv12("TLSv1.2", + new String[]{ + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, + new String[]{ + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}), + TLSv11("TLSv1.1", + new String[]{ + "TLS_RSA_WITH_AES_256_CBC_SHA", + "TLS_RSA_WITH_AES_128_CBC_SHA"}, + new String[]{ + "TLS_RSA_WITH_AES_128_CBC_SHA", + "TLS_RSA_WITH_AES_256_CBC_SHA"}), + TLSv1("TLSv1", + new String[]{ + "TLS_RSA_WITH_AES_256_CBC_SHA", + "TLS_RSA_WITH_AES_128_CBC_SHA"}, + new String[]{ + "TLS_RSA_WITH_AES_128_CBC_SHA", + "TLS_RSA_WITH_AES_256_CBC_SHA"}); + + String protocol; + String[] orderedCiphers; + String[] unOrderedCiphers; + + private PROTOCOL(String protocol, String[] orderedCiphers, + String[] unOrderedCiphers) { + this.protocol = protocol; + this.orderedCiphers = orderedCiphers; + this.unOrderedCiphers = unOrderedCiphers; + } + + public String getProtocol() { + return protocol; + } + + public String[] getOrderedCiphers() { + return orderedCiphers; + } + + public String[] getUnOrderedCiphers() { + return unOrderedCiphers; + } + + public String[] getCipherSuite(String order) { + switch (order) { + case "ORDERED": + return getOrderedCiphers(); + case "UNORDERED": + return getUnOrderedCiphers(); + default: + return null; + } + } + } +}
--- a/test/javax/net/ssl/templates/SSLSocketTemplate.java Tue Aug 08 21:37:38 2017 +0800 +++ b/test/javax/net/ssl/templates/SSLSocketTemplate.java Fri Dec 13 01:43:14 2019 -0800 @@ -188,10 +188,15 @@ } /* + * Configure the client side socket. + */ + protected void configureClientSocket(SSLSocket socket) { + } + + /* * Configure the server side socket. */ protected void configureServerSocket(SSLServerSocket socket) { - } /* @@ -316,6 +321,7 @@ try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) { try { + configureClientSocket(sslSocket); sslSocket.connect( new InetSocketAddress("localhost", serverPort), 15000); } catch (IOException ioe) {
--- a/test/sun/security/ssl/HandshakeHash/DigestBase.java Tue Aug 08 21:37:38 2017 +0800 +++ b/test/sun/security/ssl/HandshakeHash/DigestBase.java Fri Dec 13 01:43:14 2019 -0800 @@ -51,6 +51,11 @@ digest.reset(); } + @Override + protected int engineGetDigestLength() { + return digest.getDigestLength(); + } + public static final class MD5 extends DigestBase { public MD5() throws Exception { super("MD5", "SUN");
--- a/test/sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java Tue Aug 08 21:37:38 2017 +0800 +++ b/test/sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java Fri Dec 13 01:43:14 2019 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,12 +28,14 @@ /* * @test - * @bug 8148421 8193683 + * @bug 8148421 8193683 8234728 * @summary Transport Layer Security (TLS) Session Hash and Extended * Master Secret Extension * @summary Increase the number of clones in the CloneableDigest * @library /javax/net/ssl/templates * @compile DigestBase.java + * @run main/othervm -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3" + * HandshakeHashCloneExhaustion TLSv1.3 TLS_AES_128_GCM_SHA256 * @run main/othervm HandshakeHashCloneExhaustion * TLSv1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * @run main/othervm HandshakeHashCloneExhaustion
--- a/test/sun/security/util/HostnameMatcher/NullHostnameCheck.java Tue Aug 08 21:37:38 2017 +0800 +++ b/test/sun/security/util/HostnameMatcher/NullHostnameCheck.java Fri Dec 13 01:43:14 2019 -0800 @@ -39,16 +39,20 @@ /* * @test - * @bug 8211339 + * @bug 8211339 8234728 * @summary Verify hostname returns an exception instead of null pointer when * creating a new engine - * @run main NullHostnameCheck + * @run main NullHostnameCheck TLSv1 + * @run main NullHostnameCheck TLSv1.1 + * @run main NullHostnameCheck TLSv1.2 + * @run main NullHostnameCheck TLSv1.3 */ public final class NullHostnameCheck { public static void main(String[] args) throws Exception { + String protocol = args[0]; KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load( new ByteArrayInputStream(Base64.getDecoder(). @@ -57,12 +61,12 @@ KeyManagerFactory kmf = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, "123456".toCharArray()); - SSLContext serverCtx = SSLContext.getInstance("TLSv1.2"); + SSLContext serverCtx = SSLContext.getInstance(protocol); serverCtx.init(kmf.getKeyManagers(), null, null); SSLEngine serverEngine = serverCtx.createSSLEngine("localhost", -1); serverEngine.setUseClientMode(false); - SSLContext clientCtx = SSLContext.getInstance("TLSv1.2"); + SSLContext clientCtx = SSLContext.getInstance(protocol); clientCtx.init(null, new TrustManager[] { new X509TrustManager() { @Override @@ -189,94 +193,102 @@ } } -// Base64 of PKCS12 Keystore -static final String keystoreB64 = - "MIIQ6wIBAzCCEKQGCSqGSIb3DQEHAaCCEJUEghCRMIIQjTCCBgEGCSqGSIb3DQEHAa" + - "CCBfIEggXuMIIF6jCCAuwGCyqGSIb3DQEMCgECoIICmzCCApcwKQYKKoZIhvcNAQwB" + - "AzAbBBS7qnTOxJYV5At3migAiNAdPvKd7AIDAMNQBIICaMo0roH1TuZE1ARZtwCOXy" + - "F2sk4DmI6m1/CRdh6NeQzszJZH2701cEm0CES971IwobCNFo0+Er9tk1c+iXmMPJgM" + - "s1l/+7OpQCc/GRl2Nc7lQSj1Yvrq1CIQxC51hSrwNs0N9aCTavjKfJ7jk3k1+MNItU" + - "dMdwuIFK663NEH8Wm0D4njvIA9p3ehOLJWDi0ziFTcySyCbbWAL6HmJhzRlpakPpbp" + - "Ox68wfI2YgDpQwTq580TMEWz+9P1U07VmtfYlu9xjXQT/Ks1xzNrhbOyv+HLoE54qL" + - "RyhL36/fwCzlpCXCYokPUG2uziu8JiQyITYRpVhVcgR5m/rSMhVsj8HwUmIdlK2Irm" + - "kOqG2m6YPKRiq7eeCPskcf2Hh0H3pb6lxagSVQMb+qndIUhCvZoXL/oS2+1ngtMlXh" + - "ezjIEa5s2K+Kk8eV48Ydms5bW8Plqy20+0fgEClABF6QL4We4NaFJdl6DB0+KsxgUd" + - "ZHo4U7f3R6o971mAd/OACs4jzpA0/C3AKCbhBEh/nxnSPoxM0Ty3bLaK8LQnv+B2uo" + - "6TeypsxmGg4/kd6fymzrhWUJAFz7DjkO/32pDUXnUDa6CB+dZdUldPoOpviGl9ITfG" + - "apdnq8+B4y7lg/87OZbr99vyVBWtbATaNof3Y5PuNY5TTQ5y1u4gU+zO9qhRnjxSqb" + - "bXJYhKeOIJmXCgGerV1dFqcWfj163OtjTwwJ5VCrtgolTU+3eodARD86jkp1VRCtQ2" + - "M54zOND9mx9RM2ucOy41mgF2MyKIseN6+3665DtgDbN5H/pmmjR4/GSuuy4eJoGHvY" + - "OPy49P7o8xPjAZBgkqhkiG9w0BCRQxDB4KAG0AeQBrAGUAeTAhBgkqhkiG9w0BCRUx" + - "FAQSVGltZSAxNTQxMTg5MzQ5NTAxMIIC9gYLKoZIhvcNAQwKAQKgggKbMIIClzApBg" + - "oqhkiG9w0BDAEDMBsEFO1oLv/9BmQKRKpeUB/Q5FPzMZaPAgMAw1AEggJoxez71rvm" + - "pCMbF0MH3shCpy2LsHNnkyjQVTKBIqdHFmn1390gqRkUUlvaaLgpjNNFSVY/LMg+gK" + - "JEJW6kClerkFg1/fvMQDBr5ApGbACIWi7fN/qYjED0cY5eypnSKePUzR2uO254Qko4" + - "xc+Enx3+V0/O0eqwlzGq3Pmgq9vfyqPefG562tFQEmHyUMUTLg1m4rtUgG5bvtRIMl" + - "Vd6tgFA3JRb08USaJY3D+FQFb+zm/iIJ1KrHBgtBuJFLfaXqYo/fjjgIv0WiOIQmd1" + - "ygrfRp7AhCvqZu7IzKT3TWggfGHABfjgkRcVmCGsFCf1cXAJVzS1v4N2biY9tB9Q5Y" + - "iWZ0JglMHK+NfJu2+3UthyC3ugDeLTQTSbwfJv3ShcVFo7mVxJz2zPWJtDoXbORczm" + - "0tjMu8KztEpPhwH4nsoXJ60fMUDOAvYwr2t49CBRZ+b9rJB5QWWJ60ZrM5rsfNU5yJ" + - "RJYldqryD/T5UJEqRLK5X9N/DAszDFTDoTVFMwwuBv6yk/v9N999m4X77q75/d1y71" + - "sY9Aaj9gHKLSy1ZCsGoU2nt7A+Z+V9TNcmsM5aT+QpNdKvW99jI1T2XI7kHNJ+D0W3" + - "sD8dXlNA91na7/6HGM5dKQfZdk1zcUYg2lkDpyi3xzO2nzFvCaDfAqQqjuQtiXggWy" + - "RiNk+WC45GuUKP5F6fWWr871RjeVYezj5XoXWJ7x8J85SUMKiuQH3S2tRMcP2RtAS/" + - "D1aXdwuiVfLUMu9113dwpSwwmXcFASrt9VxXPNI8Aztu/YtqkONyQq50NChtYsykGA" + - "4ZUOuazkc1SLmIitNfBB9DFIMCMGCSqGSIb3DQEJFDEWHhQAcwBlAGwAZgBzAGkAZw" + - "BuAGUAZDAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNTQxMTg5MzUzNjg4MIIKhAYJKoZI" + - "hvcNAQcGoIIKdTCCCnECAQAwggpqBgkqhkiG9w0BBwEwKQYKKoZIhvcNAQwBBjAbBB" + - "S3KnmddxJSpicU3Pxyg8+NUl6deAIDAMNQgIIKMA0HSR92DBEs74SvbSTUrLeitduz" + - "wzkxQ2D8jO+eP7dC7L9nVVvfHDcalUfwah7fvriDgPKg/ws7vaPO6c4Q7RdzB3epvK" + - "7LqJlqseW0NxRGJXF9hvDOWk6me+3NyAy791C0R8oF/llujojwoR2Tw6DzTdov9c0p" + - "pwCACNtgeAtz3SEFlc/F4MwZKai0jdpakINJkD5H7Za8nyKu6pIITs1roy3Oq2HA4M" + - "XAnlnWh+8R9mloDBTJJMJYUOsn1VaFrYNFq3kr4oOMNINJvUCZL2LZgl5rmzgWSVs0" + - "VSZa7JUWx49rsrBeCi/SFwW5ryleK5uEtjXjtqjQxCjvLvRYV5HmPfv/ZGCP/vitHX" + - "dQ9gzxO/7RVQoxgE0dSx90jiGOEsmG8N9sDnNyS+GCc7pxJeW6NKc1h5YameCsqUGz" + - "V9FTfz2JdDpaPsGmHtvMTs8n3ncK9FOWeWhoNKhPnoMGHmfJGZgz282aTosggSZgh7" + - "FSvf3KfAmhcCj9+frE90jPvB4W8tPF0YnOrNgvByw2+bj7NCkZ0WBT2WrOSOoS/o2H" + - "zmErCJmyt6Su5sPEeTz+dnU0std6qCjsHtjo8Is8VnVVec2nbpeT+nd3RTCV71dViW" + - "42L3rRYxl80UpsUs3Fh0J+01EZkWmExCSZpYTKgPhYcYSwUrIVx9ukcCdUSpvS07bq" + - "hLfqWOVLfLs00VBr/mFWOqDBfy+qJMXEFYyYDBa/TlrIjzEbF4qKwIJiIxRcqYy0Ta" + - "CnMVvn8HlMeIMPJQaqdfDspxIdSdJWWZVbk9FnEDcMuSg8saON26HwieH+AsdnsZDR" + - "cZ6kT+bMPibCfnKLTmJYM0dq7abhdYj7GYcfRjwCeeK/PSxklqpsJ/1T/FeVweuQXz" + - "bhHatL5z8UmTV3WUE1Ww23K3sR701xh/Tx3HoZPjluSHZFuQCvhkOU6Fj5o7dYjJZc" + - "3l3n8wD3SY04ObfCedHe56NytvbXGp79en8Q6kluThWvS5tuNgR5UhMf5oeVi8H1++" + - "MeuCOz9MJMwBGe0JUkxijdI1YVHvspqXcQhjAL9BBPT/Q+iaQITzqPSVj/fSUbY147" + - "XrAGKS8/9iOV5gTVw2TiW1MKp3ubLjqc1YmIB3TRz+SIlAXg3tD4hl/8DXs0zDFLN0" + - "OJLslwQJNaiV0S0mndsVQ/qXiS0gfZldQcn1NmUCJNiy04aUNWR/wKgyLAk5DNPCjx" + - "RlStSK7RjrgIcyUO+4cf/nfV2ymaaeDtBSwLLhAr2syXlio1fQILIrSlmT2X7i4/7X" + - "1vzN0h78g3+NcWpCs+WnOZ1bu/nzVY7zL8rmHJCeOD37UMgxgW5s3sBvONCpUzyOoe" + - "raTalqk843CE223ovLgh+KRm/JXUlDMtDSpk+02Ve7ZoyqgI8vr6UBwWk6CjUJx21M" + - "ldkh6QZcK+weQg0Ml9t3czrKXlfQl62VIG6aqSRehSEa52k5IWrcVY6yauRfERfi6a" + - "zGSmn5kXlQZSJ1mDuss22Fp12n5Kn0MAwo7XHmnzasaD3rB57A+s/3zkgC0j2t/qYC" + - "VpcTq/7Hh7CirbUzVBaXn9CI5MYcbtL40KEE7/DKsjR0VTUtLRi9PnEX1D4zxWl45Y" + - "WJ0QO4icHmUS+bvz3i/N91kI+XKDjZmktsqpF+JRaooQe2wZsasnsCSm6tEx8rN/Ya" + - "iE3nEUTxeUdHudzT4mldgYL9jlOoubC+DvXilRPRboNRuF9djrfq1p+j4egC4FcjeR" + - "kISHIuVXVwcg6Iz9q5j3IAGBfRhXuZ70qyLMtuts4RE+Xy4SmOPnw2rObNhMcTBs9T" + - "wYIhrzv426xid908L4v3bUunlsCoDP6LzzMdE4g1OhKzralRqoYZcsLN6Jt5f/W8UY" + - "RFauTV8YFV3dBUpp9xhKJlYH+OtJY1gLrT2aaX8b96ruv1JTq1fKCReiB2/0MCPvHd" + - "Yz8+/P7YQTysaoDlTC7prQFvDEcz11D0+SmVi2yxNQZETMaMcX5QdqfO8omTPMtuE5" + - "jKgtBtmjq6GeNNJBSKySWtjp0J7jKMqmk2n9+9/RCv3e4IVEcZDOo71g5omtB5592w" + - "XEQqydg1yH5HFD/B7bgcuFAbr36UMdp6o4M8vek9HsI9K/+Q+2clecOabzNDsS4S8y" + - "vr0Kna4rluHwGT0QUp0SbRQRIKzSm7xye5CTxUrZ8cizQ5hQFBUFMr8OWRm0N1GalY" + - "TfPaGwX0sWdvhX4rrrGXpToRbUUqeSk1suiRMT8s1iluaoCpiN1Kq4cehFdlSpWv9c" + - "74Dktfk+kS8X+vCdoU3voPHiGQbxql0mcdSIboOKdCdzs5krl7GbnJZoYLIYpK/y87" + - "YUbOb1CiivlTNe4+KiamuEg44Y0zZ/Z+yWLb7QkpjoIiDObU/0oJKqHUeYL4ZjReus" + - "U014itt5jBMmVCBlhUWtHTmznJotjl45H6bVAX7cimbdoWDcmzWlgHM5lFP6IH/q+Q" + - "Gsgw+kRfbzX0dnYF0a6d5j02ZgSjJJZpQ5Df+qB9ZKteywXxApcv3FRVuz7A5v7yXR" + - "xUE8TQnLwOZgvwDu/pL90drEf0KXef8G/CEHQPB4HVCDzaUnhfSIUflsjtaFfuFq1U" + - "DHmmt5WrrTkWo5RRMUzWYcYn2QzBvzCRDTWdVTlXAJcYJ+KHeJlyxhlrEDu3ej4WUe" + - "BmkbiTQStUEUpk3IcTbzVLLtfS/pe3m0EmaU6nRkmfLxMfYtnDUgdghMy0Cltc3TKn" + - "9qFrBtY41qf8D5LGSrrmLVC1tnQv+hJC7hwiIQZ/2a5b5Bv67tcdzlEGRNT7uv0ID0" + - "Ig5MyPjvJtppNQfxhPbNbJvxWtmI1NvH4359d0vR/4yzxYq+BpCLpOXw3BreGE55J7" + - "xIvxeRb+Pws7A0xdbKHAwSUsEyPglxAkZCzftZin+MoEw8UnhXYWOPKf+k49TVAq7S" + - "Yi1mJxxzwkSkSw9AdhbalYi1Y17VVfHHcb9Ioh1Jdtq8iNqtO2GG+Gd4yGKaRjnQ03" + - "6YRWyffrMx6Lv/aEecMR1DASDuX0vVjfafKHAp+13VKVGsB6zPbzR4njAXhJxTC9qj" + - "RbG2ISl4xrgAy/gBCKqN+UaVGVYe5DdA22XOOfNkgRrfoqcdgajzp4v6hqr3kPh997" + - "89Ayxcov6OopEUBuy6wuPO2ezXRMw8snABq6YDlf36l2jugHbqUUOiiQ4jIPgZAp/S" + - "r+4i6wyH+wOIjn1pBn9GgqypWCjyj/uTIMiXiMe5TDzp7U9pJ7e/hWUGzm6wWuDQWB" + - "zLwAJNRtaaGV0UraI4ubOJVsvGym0PJ8elxCUgKo6cePkhwrVPcNKA19HgVj/3g0pa" + - "ZwYt5Yw2Gdydm0zadva7K/oVgVKRDmkQbwlavySW0xqU8Pul/V/HUSd32/4cpOmmol" + - "OjMo1vyn/iSMylG0s2SzTjZ4LlcwhaxjoIVpXo6MwPMh/vdlgQyZ/bjO9PMr9TYW6J" + - "aF2PnIKsRkzYfcn6xcQwPjAhMAkGBSsOAwIaBQAEFLddLgmJBuufBBi+JoHCaLDeTK" + - "RvBBTQP0GN26PaNdjOaE/AzK7bbhZGNAIDAYag"; + // Base64 of PKCS12 Keystore + /* + * Certificate + * "signature algorithm": "SHA384withRSA", + * "issuer" : "CN=test, OU=test, O=test, L=test, ST=test, C=test", + * "not before" : "2019-12-05 12:43:23.000 IST", + * "not after" : "2049-11-27 12:43:23.000 IST", + * "subject" : "CN=test, OU=test, O=test, L=test, ST=test, C=test", + * "subject public key" : "RSA", + */ + static final String keystoreB64 = + "MIIQZwIBAzCCECAGCSqGSIb3DQEHAaCCEBEEghANMIIQCTCCCeUGCSqGSIb3DQEHA" + + "aCCCdYEggnSMIIJzjCCCcoGCyqGSIb3DQEMCgECoIIJezCCCXcwKQYKKoZIhvcNAQ" + + "wBAzAbBBSaZBiYmowTxFT4KJxZhMHTVOC9OQIDAMNQBIIJSBnoVGtJKPsoiSU095y" + + "50x27NJQd727oJwMXqA8kdxCcE1tBowtO8P44ctSEvwJQlB7dR9PxHB6LcfCdMfpa" + + "GObVCH1/6jHzhRolI9JMAfXlvliAHKZSjuQd2USw1Y65/+0VYvKslXGU4hWhGQWh2" + + "ksUCBIIcC2A3sA3afF/JPrlfLCEbzYpcfAsv+Z7wEEr6YD11HIHfbOgu2/HU6phL2" + + "RMJDK9iLgP9mu6FzRFk+93BSguWXfbeJyPlzA8dcTzkXDyfVDx4Wd+UExWq0fx179" + + "b74MWkwEk76TowEkcGkrnugwOKnqBmyvmBkbl1827+ChZprZ3zGw69IkuRsdDSYGb" + + "IWVAB/psB0zX3TvsKHcraZm34oNJdSNpYrS0OWA8lSm5NdcfTzi6WLxWwxz55PvZg" + + "OP3pVyXmtAalyBujs6AOsLkJIMLGvWAYeD+72ook8fqpW7s5e/HA7MshXrlMMflpD" + + "m708kK5VnfdgzQsAGr6YfOYOKnyhoqskmzDYccuSz59owKiuGMgHpum0zVE8yyVwb" + + "esXfP3v7eiPuGvsxzq5DE6jaY4F+GoxdLbL4jDWocnWiZewnuYxQwd1vKIKTww/TG" + + "8RObPUEB38+/LNpgb7+5Oap45rujygiPFWD9+mTzKkLGkM6ItRo4qOwtKAqbjPIVk" + + "MDCovcr2TCrZfE8ZbQnU/q2LR5eC6ZpOMFNRZggm92n0+FmDuEKjR7lu2mQF4IDan" + + "SiYgS1+nBhfG9pcNP3yCpwoBHIImtZX5GObKqgvMqQ746KXhv40xwnNqXGypBNKYN" + + "jRJQmG2/m++2A6DUo+xCTNbD7g0pQbNOjKsGVMXUBTyDiyGqSUHH2EDxe37wcPVih" + + "ezcv5L1X48y3tSVD9czhjCDJ54sd0B3+LoEXs5/0xYmMvQ74zUx6iwE87FZ/duMbs" + + "N3dDWvIgqgjaoGnfRLy4lRRxYhn2/r1lesQtzNlZ3YkHZKmpgQkLm+yChFqxi7qm+" + + "ec/y+GSTm+ascK1ju1NG3f/SUdl7KqZ/J7DnDfQwyg7jiY+QOcr7UNRSeddQozxu7" + + "j07y/wiGX4z3+JSGBlnlWtOyLo5YERbheVHh1LfCSM4KQDcjxUnIlmsCqILwDYbVm" + + "aNJ3crkU22I5IVFcoF30v7gvMj4VFXcBYPCSJrkqNIIgZs6YPYwht3akquIz2ovXV" + + "CqD3TH527dBRAgpeZNs3/L8xCaYiHNUKXv9CRaHVQMTKk9zi3CTJoKo5TCsWR8l9h" + + "cJpcQnmNs5Jv9Jnq/zoet230r3iHkiGNAoXTlekqSER7vBVLHwPY7rogXP6WyAi67" + + "AYK/B5iVQcplEHs3n+MeZJgj9C7S0Zslxmym0mWw7l+4YjvyX+RGJVUvk+3TkWO8E" + + "WHKOX1+hQH9RBbcNqH4FeRZrh3P8wZQDMFfcr3vD0tLAnuqdMy+qAPA+kKWpu5K0D" + + "0W/ifEizq4Zf8VyzYU6UZaAQbloJadSkruXIwvUpHBZ+M8MHQ2AmRNd0vwyTBlhOI" + + "CzWU5E5OXtW/f5jA/ugl7PSqjwe5IYTsZaYstKqqZJMIPTzB/IxPtzVyoN15fG9GR" + + "kk43U6HPS9SdeVTGVmNLn6SM8keLo1yUh5BZ0J0b+K/7C1GfJeNxcv0lGpkrh5wWc" + + "ABzJ86+3daky6+aR6ldY2CF7mr/dcc3MnjgDNnx86wYIysC3HOkhgyIXD28+O1aTY" + + "oAvlmidNC9wb2/JJk7cHQatL02LG4/ql5GQ+dS1wOU7S1MVVGYDlZ7uiFmKPqC1Tv" + + "qVxQnBqPnggKSLWucVKFcjsvXKasMvRl99f4Y7qRAjgM6EHa7rNyWIflRe6ZLNBlj" + + "16mW293a4FL1jTosNlZoCN8xb1zDdb/NCISqkX6/sq7wDOn4t+m+78ckof4GNmTOM" + + "WSaRDJIuLM9c1stLHpcyif37oZum86FnB9Zw9qlQGdgLYnRPeZXV1rZuC1L9fugCN" + + "M4WcUQ20fmPOgyO4RGLsxCbZZJBJj0y7CAMthepMnzaEO9Z2O9BFaM4zpL2ng7GvO" + + "a26DQiHO5RFVjUpslUdmPuX7U5xkRfjJ025pqTvHVLfzWmsU53ZbkgiJ/0xxa1Emd" + + "5y0X2keTVfm7q5duNVVN1A6r50++RANI7NJaSLFTMm8Y5P79g4o7UmtCLSesUdTsF" + + "8swVR5slE3O7ErNr3drLfYVEF9FaB7vcuMDqxCNuahX8TCMJg0vqpO8+EXRNkieb9" + + "KSgcLD5WRjzGm7e/B5uACxWc50iY6lYvIVW5Itot95OHWZ5xdq3a3fIIb4MDQ2/nx" + + "lozhRHaHTBI9GAwy1/XcDJWMr+tI9rLGCB7hX8dVqNtYO93/oF3gvBiiNSw5qmUQ2" + + "qxepZEih5KfhHAVq44RbQMiBA5E2bVBisuNTPUAaA/Fzzsvky8vBq/M5usy8+RXj6" + + "m+mSZCUPpSTTunIUnu0bRLb2inccthEielCThk1FLKQCLSpsAo1h7kzuNJIeeJSCM" + + "cWXpZEURziXwE5KCl3jcY+dOLLMEI05F/UyRwZ/k1a2qW78Bc3DivIh2w/4ZBAS9q" + + "hERIY52y8VcnJ/+/7u45bnpIjkJShZTM1qmzgDCHQa/G5OpnqtI2nDPSNzOpTWA47" + + "6+AH0ZQoUKxHt6MJP3QLpnrw6xPSE2gR19KRvFZr0NtGJ+SPy418eFYMtJgPvOyI4" + + "XwYYCLrmMCkSGrqfbhwKK6rgYMVDg0fsBT1OAZGKD8QM51hXFt8p0HQS0UuddwCTA" + + "/KwyIt6Iw7Leb70yoTEJz3CVU4X4faohXV48gNtZhquawRDvqyBSFS5F8M4s/pJZK" + + "C5UY3MXifF1+LhSXjdQK7RwNs9XcCbIy+6Fi2wAKDX9MasXnzfzFVuQq1XtMoPVVS" + + "9gSqWXGbYuadDIto3gGIKUt3BT9nj/B0J/ENqlSsGsT0+fiya+p5thXOkI8r7X82P" + + "SxV0048QnP7cbuDG97AjOOAcEMsBdCrF3jWGYNd1nK7eKQ8DCrXEKoQhY0IY2sHpU" + + "5Cu24KW9M1RwIb/XtOEBun89edaKhfk1uDLlvgQ4huYDmfcu4Ebh6DRbHzwSNMK17" + + "qDgp8/mbAui0ATZBW7bTQNw3WMS0ltbdCj0ki28Udg1udYY6r6wwWkXE/mccgbXz0" + + "L3g72JfEIO/A56+rFubofZCHuf5AVkDE8MBcGCSqGSIb3DQEJFDEKHggAdABlAHMA" + + "dDAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNTc1NTMwMDAzMjk3MIIGHAYJKoZIhvcNA" + + "QcGoIIGDTCCBgkCAQAwggYCBgkqhkiG9w0BBwEwKQYKKoZIhvcNAQwBBjAbBBRZLo" + + "kYmrJuiANzYxRFL9HmSVKYhQIDAMNQgIIFyPEfYqIJqAd13B5D4EFLs7VrUNaWoeO" + + "XNRVl5da6N7gMlG5gVpPRjRUCHyaBB066ZdGEquwkidgCdIAfIolcnyGv7a7PZvZM" + + "bJ8AUXjkf9q7zp0Uwc0k4zQ3Nmev5QxSx+f33J+AOQT4T1CRMxwpNOwrtzRoNVZFD" + + "oTCnxHBdTvmbCcuMsHYZQk+vLQpud4dI1AKccExjOc86ZAne2Df37LHB/2gxElSOn" + + "G9VkdIlKHLPbrk4JNcNSZs3VOOi3tEwAlBx9Xllg95aH3ziBPYKgk/u6M567tEnoH" + + "PDiss9+WeNJP9Tgsc6WPu33GTNxtxSLx4mffR3x0upSbFvhIP4t07aCtOZVwD/Hdw" + + "VmptatFvVSMiQSM1vf89zjAvdK3UFXTr/jDze4tF35y/UTlor8sbINQy3dZCEpCim" + + "G1MfDdSG+K5BZoHTny5bG2YM8a9EHtmZfq4i3GJE85M652UVlVDgDnk+PhgyIFWuJ" + + "6KFgWjUWio6RRhRvcTCJbk5soV+IFa4BppNMako9W8B2UvqIIV2XrxvFEh4QFkpsW" + + "13qEUGp33qUkAPhuz/NJ4InVh29CGSBnoWprIL/dKwdbTGudlrjnMs6pwURmlWVcJ" + + "FuPJFsBpyCQEeAtKS7TXaVJOTkfHdX4tYgN5SxEA0EGoddrKgWu48Dj1u2oC7ruZ9" + + "6J0zznFIr4FzBobv/woWx66EnCWyQLqjSCxipYeer+7ARDmHwgyj+CvgMsfkLa1VL" + + "LhFDDj0Efdt9IdKj4Nnhh+r9WkNsr+HGiwSgCDn/Hk1AWSvlxxsqFrUBCi6NMSG2l" + + "sM4MzCTrT47dJDPS0go0jIS5E4o3Hc/GMUlhaQaQX8iYaZQk4k1/OsRDoui+FuViU" + + "wIVuAne6AQhgy+9KMzmcgByFxAAoo5b0fDy/PgSG+C3wSs6brFmJIOw1exUIf2E/m" + + "9ATce4vT3CYKLvhk6dmHDK5jSvTrBU4njGVEW8DlW+GSf8jqABDW/PcAf0Y6T0hqv" + + "zTuWlpxv2O3QLeVbDTrIEe1bgRz8HaaiHznXe8oUbCC1xw5FaSAjXJLX0mlKtQ48z" + + "xdimSM7B4Pa6iz2q0m8PRzPaad+VyqD3xp53FaR3K9vNT0PXQwJIDZzxl3gYFisbN" + + "1KxUDtppnkrBwQx9iPH7zQvbNTQiyoUYnF4sAkECIduh/K+ZIAM8zGJH7NTNIrkK/" + + "piehq5/fVAXCr/tdSWeg88gsn0HjNRChuqYz1yFBaQvgMLQ7h/C7k0GP/l2pcUxr8" + + "/zDkFr1FFiUN9e2E0nlCO/FUxFZ3PO25D0ZrjAN7h4WLCybClC+Fdy+RhLAtK7Vuz" + + "zHwBMPNMMvlreXrSv/EE/37oN5OqA8YrDlPpiDuETS6xPkwkJti/ifrwzvakhBUbB" + + "dVd0De2QNctDQBnCFVb1lybbUtSF1Ol5Klcjt7UhFyq0ZkoVXhP2YqEJ7yLOaIKCk" + + "AdjOwCtb01L83/LhounfQLxIG8S2SQwMyxYua6k9BpQLJA36y2uu4+3OZIO4JRura" + + "drfjN6hGkGam8EvxM8UwrC//TDOHJUEy3IgNV4B4EJWs9lFTL9PO+kBlRFSeL5Son" + + "jLB/qZC+i8ssJ8oFkIrl+X7rRcooosbVaNvFIR2FpGCdx8bGoFV6pkfwpJ0hO4dOP" + + "nzFm24vBa6UrftojK/z234/h3W0yZScR5CvoSoU+tn1+3G3Q6a4+hdMwF6WjyO3Ne" + + "xfMRSvMkAqOqHiptdnz7QDQ7LgGIF6igtGEIpKo4urPAg+RnwqKG6NIYOA32QmU35" + + "B4+EJhhYZNINZm0NR5ZM0t9BpUiv6DGl8yZiRX1x4Nu35CLlAT8hWSqgMpb8mw5SQ" + + "rQ4dNggVaJ9lO1j1G4hV6umuyX6L1wtOyeQ9aNg3hIZGLPe4pkzahqI2KKlPWpksm" + + "MJVIi5WmlvEmFC/UkkUUICjo3KzKPHq7bYmdmDDNLwf9jOeAfq/UNxu4nO8wPjAhM" + + "AkGBSsOAwIaBQAEFJrJtKCo0WZ7ewFOiudk30HHA6e0BBRXe6IQoFcDFIzKAyXokh" + + "y3daZV4AIDAYag"; }