|
2929
|
1 |
/*
|
|
|
2 |
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
|
|
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
4 |
*
|
|
|
5 |
* This code is free software; you can redistribute it and/or modify it
|
|
|
6 |
* under the terms of the GNU General Public License version 2 only, as
|
|
|
7 |
* published by the Free Software Foundation.
|
|
|
8 |
*
|
|
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
|
13 |
* accompanied this code).
|
|
|
14 |
*
|
|
|
15 |
* You should have received a copy of the GNU General Public License version
|
|
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
18 |
*
|
|
|
19 |
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
|
|
20 |
* CA 95054 USA or visit www.sun.com if you need additional information or
|
|
|
21 |
* have any questions.
|
|
|
22 |
*/
|
|
|
23 |
|
|
|
24 |
/**
|
|
|
25 |
* @test
|
|
|
26 |
*
|
|
|
27 |
* @bug 6845286
|
|
|
28 |
* @summary Add regression test for name constraints
|
|
|
29 |
* @author Xuelei Fan
|
|
|
30 |
*/
|
|
|
31 |
|
|
|
32 |
import java.io.*;
|
|
|
33 |
import java.net.SocketException;
|
|
|
34 |
import java.util.*;
|
|
|
35 |
import java.security.Security;
|
|
|
36 |
import java.security.cert.*;
|
|
|
37 |
import java.security.cert.CertPathValidatorException.BasicReason;
|
|
|
38 |
|
|
|
39 |
public class NameConstraintsWithUnexpectedRID {
|
|
|
40 |
|
|
|
41 |
static String selfSignedCertStr =
|
|
|
42 |
"-----BEGIN CERTIFICATE-----\n" +
|
|
|
43 |
"MIICTjCCAbegAwIBAgIJAIoSzC1A/k4vMA0GCSqGSIb3DQEBBQUAMB8xCzAJBgNV\n" +
|
|
|
44 |
"BAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMB4XDTA5MDUwNzA5MjcxMloXDTMwMDQx\n" +
|
|
|
45 |
"NzA5MjcxMlowHzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGUwgZ8wDQYJ\n" +
|
|
|
46 |
"KoZIhvcNAQEBBQADgY0AMIGJAoGBANXzlv5Fn2cdgBRdEK/37/o8rqQXIRIMZqX6\n" +
|
|
|
47 |
"BPuo46Cdhctv+n3hu5bj/PwgJVbAJcqcQfDudSSF5gwGlRqDX9vekPSS47XZXjOZ\n" +
|
|
|
48 |
"qFcnDoWP0gSQXLYVVtjuItkecTrPyUE5v2lRIAh13MGKOSh3ZsrtFvj7Y5d9EqIP\n" +
|
|
|
49 |
"SLxWWPuHAgMBAAGjgZEwgY4wHQYDVR0OBBYEFFydJvQMB2j4EDHW2bQabNsPUvDt\n" +
|
|
|
50 |
"ME8GA1UdIwRIMEaAFFydJvQMB2j4EDHW2bQabNsPUvDtoSOkITAfMQswCQYDVQQG\n" +
|
|
|
51 |
"EwJVUzEQMA4GA1UEChMHRXhhbXBsZYIJAIoSzC1A/k4vMA8GA1UdEwEB/wQFMAMB\n" +
|
|
|
52 |
"Af8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA4GBAHgoopmZ1Q4qXhMDbbYQ\n" +
|
|
|
53 |
"YCi4Cg6cXPFblx5gzhWu/6l9SkvZbAZiLszgyMq5dGj9WyTtibNEp232dQsKTFu7\n" +
|
|
|
54 |
"3ag0DiFqoQ8btgvbwBlzhnRagoeVFjhuBBQutOScw7x8NCSBkZQow+31127mwu3y\n" +
|
|
|
55 |
"YGYhEmI2dNmgbv1hVYTGmLXW\n" +
|
|
|
56 |
"-----END CERTIFICATE-----";
|
|
|
57 |
|
|
|
58 |
static String subCaCertStr =
|
|
|
59 |
"-----BEGIN CERTIFICATE-----\n" +
|
|
|
60 |
"MIICdTCCAd6gAwIBAgIJAL+MYVyy7k5YMA0GCSqGSIb3DQEBBQUAMB8xCzAJBgNV\n" +
|
|
|
61 |
"BAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMB4XDTA5MDUwNzA5MjcxNFoXDTI5MDEy\n" +
|
|
|
62 |
"MjA5MjcxNFowMTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGUxEDAOBgNV\n" +
|
|
|
63 |
"BAsTB0NsYXNzLTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM2mwX8dhP3M\n" +
|
|
|
64 |
"i6ATRsd0wco+c7rsyEbP0CRQunVIP8/kOL8+zyQix+QZquY23tvBCbia424GXDkT\n" +
|
|
|
65 |
"irvK/M4yGzrdS51hA5dlH3SHY3CWOAqEPqKtNLn1My4MWtTiUWbHi0YjFuOv0BXz\n" +
|
|
|
66 |
"x9lTEfMf+3QcOgO5FitcqHIMP4jIlT+lAgMBAAGjgaYwgaMwHQYDVR0OBBYEFJHg\n" +
|
|
|
67 |
"eyEWcjxcAwc01BPQrau/4HJaME8GA1UdIwRIMEaAFFydJvQMB2j4EDHW2bQabNsP\n" +
|
|
|
68 |
"UvDtoSOkITAfMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXhhbXBsZYIJAIoSzC1A\n" +
|
|
|
69 |
"/k4vMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBMGA1UdHgQMMAqhCDAG\n" +
|
|
|
70 |
"iAQqAwQFMA0GCSqGSIb3DQEBBQUAA4GBAI3CDQWZiTlVVVqfCiZwc/yIL7G5bu2g\n" +
|
|
|
71 |
"ccgVz9PyKfTpq8vk59S23TvPwdPt4ZVx4RSoar9ONtbrcLxfP3X6WQ7e9popWNZV\n" +
|
|
|
72 |
"q49YfyU1tD5HFuxj7CAsvfykuRo4ovXaTCVWlTMi7fJJdzU0Eb4xkXXhiWT/RbHG\n" +
|
|
|
73 |
"R7J+8ROMZ+nR\n" +
|
|
|
74 |
"-----END CERTIFICATE-----";
|
|
|
75 |
|
|
|
76 |
static String targetCertStr =
|
|
|
77 |
"-----BEGIN CERTIFICATE-----\n" +
|
|
|
78 |
"MIICTzCCAbigAwIBAgIJAOA8c10w019UMA0GCSqGSIb3DQEBBQUAMDExCzAJBgNV\n" +
|
|
|
79 |
"BAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFzcy0xMB4XDTA5\n" +
|
|
|
80 |
"MDUwNzA5NTg0OVoXDTI5MDEyMjA5NTg0OVowQTELMAkGA1UEBhMCVVMxEDAOBgNV\n" +
|
|
|
81 |
"BAoTB0V4YW1wbGUxEDAOBgNVBAsTB0NsYXNzLTExDjAMBgNVBAMTBUFsaWNlMIGf\n" +
|
|
|
82 |
"MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfekJF8IZeOe3Ff1rexVyx9yTmPSKh\n" +
|
|
|
83 |
"itEW7tW9m8DgqLGDptJLmbexvUCWNkFquQW1J8sjzjqrkIk8amA2SlHQ6Z15RoxC\n" +
|
|
|
84 |
"E19qi5V5ms97X3lyuJcwwtT24J5PBk9ic/V6zclsNXSj/NoqlciKMxyvRy9zWk6Z\n" +
|
|
|
85 |
"W5cVDf7DTzN2cwIDAQABo18wXTALBgNVHQ8EBAMCA+gwDgYDVR0RBAcwBYgDKgME\n" +
|
|
|
86 |
"MB0GA1UdDgQWBBRh8rvMhT17VI+S3pCVzTwQzVMjOTAfBgNVHSMEGDAWgBSR4Hsh\n" +
|
|
|
87 |
"FnI8XAMHNNQT0K2rv+ByWjANBgkqhkiG9w0BAQUFAAOBgQCNDnJ0Jz37+SmO9uRJ\n" +
|
|
|
88 |
"z5Rr15oJAKsde5LGhghHZwTTYInOwGOYAABkWRB7JhUHNjIoQg9veqObSHEgcYMh\n" +
|
|
|
89 |
"ZmO3rklIxyTeoyn86KR49cdvQUoqEhx1jKrEbFBsAwSbJDw//S+wNYgMHYtcynf4\n" +
|
|
|
90 |
"dcVScVdLUDeqE/3f+5yt1JPRuA==\n" +
|
|
|
91 |
"-----END CERTIFICATE-----";
|
|
|
92 |
|
|
|
93 |
private static CertPath generateCertificatePath()
|
|
|
94 |
throws CertificateException {
|
|
|
95 |
// generate certificate from cert strings
|
|
|
96 |
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
|
|
97 |
|
|
|
98 |
ByteArrayInputStream is;
|
|
|
99 |
|
|
|
100 |
is = new ByteArrayInputStream(targetCertStr.getBytes());
|
|
|
101 |
Certificate targetCert = cf.generateCertificate(is);
|
|
|
102 |
|
|
|
103 |
is = new ByteArrayInputStream(subCaCertStr.getBytes());
|
|
|
104 |
Certificate subCaCert = cf.generateCertificate(is);
|
|
|
105 |
|
|
|
106 |
is = new ByteArrayInputStream(selfSignedCertStr.getBytes());
|
|
|
107 |
Certificate selfSignedCert = cf.generateCertificate(is);
|
|
|
108 |
|
|
|
109 |
// generate certification path
|
|
|
110 |
List<Certificate> list = Arrays.asList(new Certificate[] {
|
|
|
111 |
targetCert, subCaCert, selfSignedCert});
|
|
|
112 |
|
|
|
113 |
return cf.generateCertPath(list);
|
|
|
114 |
}
|
|
|
115 |
|
|
|
116 |
private static Set<TrustAnchor> generateTrustAnchors()
|
|
|
117 |
throws CertificateException {
|
|
|
118 |
// generate certificate from cert string
|
|
|
119 |
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
|
|
120 |
|
|
|
121 |
ByteArrayInputStream is =
|
|
|
122 |
new ByteArrayInputStream(selfSignedCertStr.getBytes());
|
|
|
123 |
Certificate selfSignedCert = cf.generateCertificate(is);
|
|
|
124 |
|
|
|
125 |
// generate a trust anchor
|
|
|
126 |
TrustAnchor anchor =
|
|
|
127 |
new TrustAnchor((X509Certificate)selfSignedCert, null);
|
|
|
128 |
|
|
|
129 |
return Collections.singleton(anchor);
|
|
|
130 |
}
|
|
|
131 |
|
|
|
132 |
public static void main(String args[]) throws Exception {
|
|
|
133 |
CertPath path = generateCertificatePath();
|
|
|
134 |
Set<TrustAnchor> anchors = generateTrustAnchors();
|
|
|
135 |
|
|
|
136 |
PKIXParameters params = new PKIXParameters(anchors);
|
|
|
137 |
|
|
|
138 |
// disable certificate revocation checking
|
|
|
139 |
params.setRevocationEnabled(false);
|
|
|
140 |
|
|
|
141 |
// set the validation time
|
|
|
142 |
params.setDate(new Date(109, 5, 8)); // 2009-05-01
|
|
|
143 |
|
|
|
144 |
// disable OCSP checker
|
|
|
145 |
Security.setProperty("ocsp.enable", "false");
|
|
|
146 |
|
|
|
147 |
// disable CRL checker
|
|
|
148 |
System.setProperty("com.sun.security.enableCRLDP", "false");
|
|
|
149 |
|
|
|
150 |
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
|
|
|
151 |
|
|
|
152 |
try {
|
|
|
153 |
validator.validate(path, params);
|
|
|
154 |
throw new Exception("Should thrown UnsupportedOperationException");
|
|
|
155 |
} catch (UnsupportedOperationException uoe) {
|
|
|
156 |
// that is the expected exception.
|
|
|
157 |
}
|
|
|
158 |
}
|
|
|
159 |
}
|