author | mli |
Thu, 07 Jul 2016 01:31:31 -0700 | |
changeset 39489 | ae846c9286b0 |
parent 36967 | d041d2e80712 |
child 40975 | 680639c9b307 |
permissions | -rw-r--r-- |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
1 |
/* |
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
2 |
* Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
4 |
* |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. Oracle designates this |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
8 |
* particular file as subject to the "Classpath" exception as provided |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
9 |
* by Oracle in the LICENSE file that accompanied this code. |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
10 |
* |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
15 |
* accompanied this code). |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
16 |
* |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
17 |
* You should have received a copy of the GNU General Public License version |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
20 |
* |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
22 |
* or visit www.oracle.com if you need additional information or have any |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
23 |
* questions. |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
24 |
*/ |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
25 |
|
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
26 |
import java.io.ByteArrayInputStream; |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
27 |
import java.io.File; |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
28 |
import java.io.IOException; |
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
29 |
import java.net.InetSocketAddress; |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
30 |
import java.net.Socket; |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
31 |
import java.nio.file.Path; |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
32 |
import java.nio.file.Paths; |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
33 |
import java.security.cert.CertPath; |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
34 |
import java.security.cert.CertPathValidator; |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
35 |
import java.security.cert.CertPathValidatorException; |
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
36 |
import java.security.cert.CertificateException; |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
37 |
import java.security.cert.CertificateFactory; |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
38 |
import java.security.cert.PKIXParameters; |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
39 |
import java.security.cert.TrustAnchor; |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
40 |
import java.security.cert.X509Certificate; |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
41 |
import java.util.ArrayList; |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
42 |
import java.util.Arrays; |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
43 |
import java.util.HashSet; |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
44 |
import java.util.List; |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
45 |
import java.util.Set; |
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
46 |
import java.util.function.Consumer; |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
47 |
|
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
48 |
/* |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
49 |
* @test |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
50 |
* @bug 8134708 |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
51 |
* @summary Check if LDAP resources from CRLDP and AIA extensions can be loaded |
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
52 |
* @run main/othervm ExtensionsWithLDAP CRLDP ldap.host.for.crldp |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
53 |
* @run main/othervm ExtensionsWithLDAP AIA ldap.host.for.aia |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
54 |
*/ |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
55 |
public class ExtensionsWithLDAP { |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
56 |
|
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
57 |
/* |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
58 |
* Certificate: |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
59 |
* Data: |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
60 |
* Version: 3 (0x2) |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
61 |
* Serial Number: 11174053930990688938 (0x9b1236d8f9c1daaa) |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
62 |
* Signature Algorithm: sha512WithRSAEncryption |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
63 |
* Issuer: CN=Root |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
64 |
* Validity |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
65 |
* Not Before: Sep 1 18:03:59 2015 GMT |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
66 |
* Not After : Jan 17 18:03:59 2043 GMT |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
67 |
* Subject: CN=Root |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
68 |
*/ |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
69 |
private static final String CA_CERT = "" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
70 |
+ "-----BEGIN CERTIFICATE-----\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
71 |
+ "MIIC8TCCAdmgAwIBAgIJAJsSNtj5wdqqMA0GCSqGSIb3DQEBDQUAMA8xDTALBgNV\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
72 |
+ "BAMMBFJvb3QwHhcNMTUwOTAxMTgwMzU5WhcNNDMwMTE3MTgwMzU5WjAPMQ0wCwYD\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
73 |
+ "VQQDDARSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvj892vPm\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
74 |
+ "bB++x9QqqyBveP+ZqQ2B1stV7vh5JmDnOTevkZUOcemp3SXu/esNLSbpL+fARYXH\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
75 |
+ "V5ubnrfip6RbvcxPfVIIDJrRTLIIsU6W7M6/LJLbLkEVGy4ZV4IHkOw9W2O92rcv\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
76 |
+ "BkoqhzZnOTGR6uT3rRcKx4RevEKBKhZO+OPPf//lnckOybmYL7t7yQrajzHro76b\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
77 |
+ "QTXYjAUq/DKhglXfC7vF/JzlAvG2IunGmIfjGcnuDo/9X3Bxef/q5TxCS35fvb7t\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
78 |
+ "svC+g2QhTcBkQh4uNW2jSjlTIVp1uErCfP5aCjLaez5mqmb1hxPIlcvsNR23HwU6\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
79 |
+ "bQO7z7NBo9Do6QIDAQABo1AwTjAdBgNVHQ4EFgQUmLZNOBBkqdYoElyxklPYHmAb\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
80 |
+ "QXIwHwYDVR0jBBgwFoAUmLZNOBBkqdYoElyxklPYHmAbQXIwDAYDVR0TBAUwAwEB\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
81 |
+ "/zANBgkqhkiG9w0BAQ0FAAOCAQEAYV4fOhDi5q7+XNXCxO8Eil2frR9jqdP4LaQp\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
82 |
+ "3L0evW0gvPX68s2WmkPWzIu4TJcpdGFQqxyQFSXuKBXjthyiln77QItGTHWeafES\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
83 |
+ "q5ESrKdSaJZq1bTIrrReCIP74f+fY/F4Tnb3dCqzaljXfzpdbeRsIW6gF71xcOUQ\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
84 |
+ "nnPEjGVPLUegN+Wn/jQpeLxxIB7FmNXncdRUfMfZ43xVSKuMCy1UUYqJqTa/pXZj\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
85 |
+ "jCMeRPThRjRqHlJ69jStfWUQATbLyj9KN09rUaJxzmUSt61UqJi7sjcGySaCjAJc\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
86 |
+ "IcCdVmX/DmRLsdv8W36O3MgrvpT1zR3kaAlv2d8HppnBqcL3xg==\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
87 |
+ "-----END CERTIFICATE-----"; |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
88 |
|
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
89 |
/* |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
90 |
* Certificate: |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
91 |
* Data: |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
92 |
* Version: 3 (0x2) |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
93 |
* Serial Number: 7 (0x7) |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
94 |
* Signature Algorithm: sha512WithRSAEncryption |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
95 |
* Issuer: CN=Root |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
96 |
* Validity |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
97 |
* Not Before: Sep 1 18:03:59 2015 GMT |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
98 |
* Not After : Jan 17 18:03:59 2043 GMT |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
99 |
* Subject: CN=EE |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
100 |
* ... |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
101 |
* X509v3 extensions: |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
102 |
* X509v3 CRL Distribution Points: |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
103 |
* Full Name: |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
104 |
* URI:ldap://ldap.host.for.crldp/main.crl |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
105 |
* Authority Information Access: |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
106 |
* CA Issuers - URI:ldap://ldap.host.for.aia/dc=Root?cACertificate |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
107 |
*/ |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
108 |
private static final String EE_CERT = "" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
109 |
+ "-----BEGIN CERTIFICATE-----\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
110 |
+ "MIIDHTCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQ0FADAPMQ0wCwYDVQQDDARSb290\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
111 |
+ "MB4XDTE1MDkwMTE4MDM1OVoXDTQzMDExNzE4MDM1OVowDTELMAkGA1UEAwwCRUUw\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
112 |
+ "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpyz97liuWPDYcLH9TX8Bi\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
113 |
+ "T78olCmAfmevvch6ncXUVuCzbdaKuKXwn4EVbDszsVJLoK5zdtP+X3iDhutj+IgK\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
114 |
+ "mLhuczF3M9VIcWr+JJUyTH4+3h/RT8cjCDZOmk9iXkb5ifruVsLqzb9g+Vp140Oz\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
115 |
+ "7leikne7KmclHvTfvFd0WDI7Gb9vo4f5rT717BXJ/n+M6pNk8DLpLiEu6eziYvXR\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
116 |
+ "v5x+t5Go3x0eCXdaxEQUf2j876Wfr2qHRJK7lDfFe1DDsMg/KpKGiILYZ+g2qtVM\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
117 |
+ "ZSxtp5BZEtfB5qV/IE5kWO+mCIAGpXSZIdbERR6pZUq8GLEe1T9e+sO6H24w2F19\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
118 |
+ "AgMBAAGjgYUwgYIwNAYDVR0fBC0wKzApoCegJYYjbGRhcDovL2xkYXAuaG9zdC5m\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
119 |
+ "b3IuY3JsZHAvbWFpbi5jcmwwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzAChi5s\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
120 |
+ "ZGFwOi8vbGRhcC5ob3N0LmZvci5haWEvZGM9Um9vdD9jQUNlcnRpZmljYXRlMA0G\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
121 |
+ "CSqGSIb3DQEBDQUAA4IBAQBWDfZHpuUx0yn5d3+BuztFqoks1MkGdk+USlH0TB1/\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
122 |
+ "gWWBd+4S4PCKlpSur0gj2rMW4fP5HQfNlHci8JV8/bG4KuKRAXW56dg1818Hl3pc\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
123 |
+ "iIrUSRn8uUjH3p9qb+Rb/u3mmVQRyJjN2t/zceNsO8/+Dd808OB9aEwGs8lMT0nn\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
124 |
+ "ZYaaAqYz1GIY/Ecyx1vfEZEQ1ljo6i/r70C3igbypBUShxSiGsleiVTLOGNA+MN1\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
125 |
+ "/a/Qh0bkaQyTGqK3bwvzzMeQVqWu2EWTBD/PmND5ExkpRICdv8LBVXfLnpoBr4lL\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
126 |
+ "hnxn9+e0Ah+t8dS5EKfn44w5bI5PCu2bqxs6RCTxNjcY\n" |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
127 |
+ "-----END CERTIFICATE-----"; |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
128 |
|
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
129 |
public static void main(String[] args) throws Exception { |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
130 |
String extension = args[0]; |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
131 |
String targetHost = args[1]; |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
132 |
|
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
133 |
// enable CRLDP and AIA extensions |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
134 |
System.setProperty("com.sun.security.enableCRLDP", "true"); |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
135 |
System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
136 |
|
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
137 |
Path hostsFilePath = Paths.get(System.getProperty("test.src", ".") |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
138 |
+ File.separator + extension); |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
139 |
System.setProperty("jdk.net.hosts.file", |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
140 |
hostsFilePath.toFile().getAbsolutePath()); |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
141 |
|
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
142 |
X509Certificate trustedCert = loadCertificate(CA_CERT); |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
143 |
X509Certificate eeCert = loadCertificate(EE_CERT); |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
144 |
|
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
145 |
Set<TrustAnchor> trustedCertsSet = new HashSet<>(); |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
146 |
trustedCertsSet.add(new TrustAnchor(trustedCert, null)); |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
147 |
|
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
148 |
CertPath cp = (CertPath) CertificateFactory.getInstance("X509") |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
149 |
.generateCertPath(Arrays.asList(eeCert)); |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
150 |
|
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
151 |
// CertPath validator should try to parse CRLDP and AIA extensions, |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
152 |
// and load CRLs/certs which they point to. |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
153 |
// If proxy server catches requests for resolving host names |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
154 |
// which extensions contain, then it means that CertPath validator |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
155 |
// tried to load CRLs/certs which they point to. |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
156 |
List<String> hosts = new ArrayList<>(); |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
157 |
Consumer<Socket> socketConsumer = (Socket socket) -> { |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
158 |
InetSocketAddress remoteAddress |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
159 |
= (InetSocketAddress) socket.getRemoteSocketAddress(); |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
160 |
hosts.add(remoteAddress.getHostName()); |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
161 |
}; |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
162 |
try (SocksProxy proxy = SocksProxy.startProxy(socketConsumer)) { |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
163 |
CertPathValidator.getInstance("PKIX").validate(cp, |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
164 |
new PKIXParameters(trustedCertsSet)); |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
165 |
throw new RuntimeException("CertPathValidatorException not thrown"); |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
166 |
} catch (CertPathValidatorException cpve) { |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
167 |
System.out.println("Expected exception: " + cpve); |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
168 |
} |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
169 |
|
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
170 |
if (!hosts.contains(targetHost)) { |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
171 |
throw new RuntimeException( |
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
172 |
String.format("The %s from %s extension is not requested", |
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
173 |
targetHost, extension)); |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
174 |
} |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
175 |
|
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
176 |
System.out.println("Test passed"); |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
177 |
} |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
178 |
|
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
179 |
// load a X509 certificate |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
180 |
public static X509Certificate loadCertificate(String s) |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
181 |
throws IOException, CertificateException { |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
182 |
|
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
183 |
try (ByteArrayInputStream is = new ByteArrayInputStream(s.getBytes())) { |
32502
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
184 |
return (X509Certificate) CertificateFactory.getInstance("X509") |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
185 |
.generateCertificate(is); |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
186 |
} |
03f7450aec42
8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff
changeset
|
187 |
} |
39489
ae846c9286b0
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents:
36967
diff
changeset
|
188 |
} |