jdk/test/sun/security/x509/URICertStore/ExtensionsWithLDAP.java
author mli
Thu, 07 Jul 2016 01:31:31 -0700
changeset 39489 ae846c9286b0
parent 36967 d041d2e80712
child 40975 680639c9b307
permissions -rw-r--r--
8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577 Summary: Resolving hosts by proxy instead of name service Reviewed-by: mullan Contributed-by: John Jiang <sha.jiang@oracle.com>
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
     1
/*
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
     2
 * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
     3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
     4
 *
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
     5
 * This code is free software; you can redistribute it and/or modify it
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
     6
 * under the terms of the GNU General Public License version 2 only, as
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
     7
 * published by the Free Software Foundation.  Oracle designates this
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
     8
 * particular file as subject to the "Classpath" exception as provided
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
     9
 * by Oracle in the LICENSE file that accompanied this code.
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    10
 *
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    11
 * This code is distributed in the hope that it will be useful, but WITHOUT
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    14
 * version 2 for more details (a copy is included in the LICENSE file that
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    15
 * accompanied this code).
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    16
 *
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    17
 * You should have received a copy of the GNU General Public License version
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    18
 * 2 along with this work; if not, write to the Free Software Foundation,
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    20
 *
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    22
 * or visit www.oracle.com if you need additional information or have any
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    23
 * questions.
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    24
 */
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    25
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
    26
import java.io.ByteArrayInputStream;
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
    27
import java.io.File;
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    28
import java.io.IOException;
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
    29
import java.net.InetSocketAddress;
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
    30
import java.net.Socket;
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
    31
import java.nio.file.Path;
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
    32
import java.nio.file.Paths;
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    33
import java.security.cert.CertPath;
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    34
import java.security.cert.CertPathValidator;
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    35
import java.security.cert.CertPathValidatorException;
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
    36
import java.security.cert.CertificateException;
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
    37
import java.security.cert.CertificateFactory;
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    38
import java.security.cert.PKIXParameters;
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    39
import java.security.cert.TrustAnchor;
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    40
import java.security.cert.X509Certificate;
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    41
import java.util.ArrayList;
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    42
import java.util.Arrays;
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    43
import java.util.HashSet;
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    44
import java.util.List;
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    45
import java.util.Set;
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
    46
import java.util.function.Consumer;
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    47
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    48
/*
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    49
 * @test
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    50
 * @bug 8134708
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    51
 * @summary Check if LDAP resources from CRLDP and AIA extensions can be loaded
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
    52
 * @run main/othervm ExtensionsWithLDAP CRLDP ldap.host.for.crldp
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
    53
 * @run main/othervm ExtensionsWithLDAP AIA ldap.host.for.aia
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    54
 */
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    55
public class ExtensionsWithLDAP {
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    56
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    57
    /*
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    58
     *  Certificate:
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    59
     *  Data:
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    60
     *    Version: 3 (0x2)
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    61
     *    Serial Number: 11174053930990688938 (0x9b1236d8f9c1daaa)
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    62
     *  Signature Algorithm: sha512WithRSAEncryption
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    63
     *    Issuer: CN=Root
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    64
     *    Validity
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    65
     *        Not Before: Sep  1 18:03:59 2015 GMT
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    66
     *        Not After : Jan 17 18:03:59 2043 GMT
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    67
     *    Subject: CN=Root
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    68
     */
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    69
    private static final String CA_CERT = ""
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    70
        + "-----BEGIN CERTIFICATE-----\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    71
        + "MIIC8TCCAdmgAwIBAgIJAJsSNtj5wdqqMA0GCSqGSIb3DQEBDQUAMA8xDTALBgNV\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    72
        + "BAMMBFJvb3QwHhcNMTUwOTAxMTgwMzU5WhcNNDMwMTE3MTgwMzU5WjAPMQ0wCwYD\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    73
        + "VQQDDARSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvj892vPm\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    74
        + "bB++x9QqqyBveP+ZqQ2B1stV7vh5JmDnOTevkZUOcemp3SXu/esNLSbpL+fARYXH\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    75
        + "V5ubnrfip6RbvcxPfVIIDJrRTLIIsU6W7M6/LJLbLkEVGy4ZV4IHkOw9W2O92rcv\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    76
        + "BkoqhzZnOTGR6uT3rRcKx4RevEKBKhZO+OPPf//lnckOybmYL7t7yQrajzHro76b\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    77
        + "QTXYjAUq/DKhglXfC7vF/JzlAvG2IunGmIfjGcnuDo/9X3Bxef/q5TxCS35fvb7t\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    78
        + "svC+g2QhTcBkQh4uNW2jSjlTIVp1uErCfP5aCjLaez5mqmb1hxPIlcvsNR23HwU6\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    79
        + "bQO7z7NBo9Do6QIDAQABo1AwTjAdBgNVHQ4EFgQUmLZNOBBkqdYoElyxklPYHmAb\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    80
        + "QXIwHwYDVR0jBBgwFoAUmLZNOBBkqdYoElyxklPYHmAbQXIwDAYDVR0TBAUwAwEB\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    81
        + "/zANBgkqhkiG9w0BAQ0FAAOCAQEAYV4fOhDi5q7+XNXCxO8Eil2frR9jqdP4LaQp\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    82
        + "3L0evW0gvPX68s2WmkPWzIu4TJcpdGFQqxyQFSXuKBXjthyiln77QItGTHWeafES\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    83
        + "q5ESrKdSaJZq1bTIrrReCIP74f+fY/F4Tnb3dCqzaljXfzpdbeRsIW6gF71xcOUQ\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    84
        + "nnPEjGVPLUegN+Wn/jQpeLxxIB7FmNXncdRUfMfZ43xVSKuMCy1UUYqJqTa/pXZj\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    85
        + "jCMeRPThRjRqHlJ69jStfWUQATbLyj9KN09rUaJxzmUSt61UqJi7sjcGySaCjAJc\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    86
        + "IcCdVmX/DmRLsdv8W36O3MgrvpT1zR3kaAlv2d8HppnBqcL3xg==\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    87
        + "-----END CERTIFICATE-----";
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    88
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    89
    /*
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    90
     *  Certificate:
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    91
     *  Data:
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    92
     *    Version: 3 (0x2)
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    93
     *    Serial Number: 7 (0x7)
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    94
     *  Signature Algorithm: sha512WithRSAEncryption
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    95
     *    Issuer: CN=Root
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    96
     *    Validity
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    97
     *       Not Before: Sep  1 18:03:59 2015 GMT
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    98
     *       Not After : Jan 17 18:03:59 2043 GMT
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
    99
     *    Subject: CN=EE
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   100
     *    ...
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   101
     *  X509v3 extensions:
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   102
     *       X509v3 CRL Distribution Points:
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   103
     *           Full Name:
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   104
     *             URI:ldap://ldap.host.for.crldp/main.crl
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   105
     *       Authority Information Access:
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   106
     *           CA Issuers - URI:ldap://ldap.host.for.aia/dc=Root?cACertificate
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   107
     */
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   108
    private static final String EE_CERT = ""
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   109
        + "-----BEGIN CERTIFICATE-----\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   110
        + "MIIDHTCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQ0FADAPMQ0wCwYDVQQDDARSb290\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   111
        + "MB4XDTE1MDkwMTE4MDM1OVoXDTQzMDExNzE4MDM1OVowDTELMAkGA1UEAwwCRUUw\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   112
        + "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpyz97liuWPDYcLH9TX8Bi\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   113
        + "T78olCmAfmevvch6ncXUVuCzbdaKuKXwn4EVbDszsVJLoK5zdtP+X3iDhutj+IgK\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   114
        + "mLhuczF3M9VIcWr+JJUyTH4+3h/RT8cjCDZOmk9iXkb5ifruVsLqzb9g+Vp140Oz\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   115
        + "7leikne7KmclHvTfvFd0WDI7Gb9vo4f5rT717BXJ/n+M6pNk8DLpLiEu6eziYvXR\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   116
        + "v5x+t5Go3x0eCXdaxEQUf2j876Wfr2qHRJK7lDfFe1DDsMg/KpKGiILYZ+g2qtVM\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   117
        + "ZSxtp5BZEtfB5qV/IE5kWO+mCIAGpXSZIdbERR6pZUq8GLEe1T9e+sO6H24w2F19\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   118
        + "AgMBAAGjgYUwgYIwNAYDVR0fBC0wKzApoCegJYYjbGRhcDovL2xkYXAuaG9zdC5m\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   119
        + "b3IuY3JsZHAvbWFpbi5jcmwwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzAChi5s\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   120
        + "ZGFwOi8vbGRhcC5ob3N0LmZvci5haWEvZGM9Um9vdD9jQUNlcnRpZmljYXRlMA0G\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   121
        + "CSqGSIb3DQEBDQUAA4IBAQBWDfZHpuUx0yn5d3+BuztFqoks1MkGdk+USlH0TB1/\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   122
        + "gWWBd+4S4PCKlpSur0gj2rMW4fP5HQfNlHci8JV8/bG4KuKRAXW56dg1818Hl3pc\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   123
        + "iIrUSRn8uUjH3p9qb+Rb/u3mmVQRyJjN2t/zceNsO8/+Dd808OB9aEwGs8lMT0nn\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   124
        + "ZYaaAqYz1GIY/Ecyx1vfEZEQ1ljo6i/r70C3igbypBUShxSiGsleiVTLOGNA+MN1\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   125
        + "/a/Qh0bkaQyTGqK3bwvzzMeQVqWu2EWTBD/PmND5ExkpRICdv8LBVXfLnpoBr4lL\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   126
        + "hnxn9+e0Ah+t8dS5EKfn44w5bI5PCu2bqxs6RCTxNjcY\n"
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   127
        + "-----END CERTIFICATE-----";
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   128
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   129
    public static void main(String[] args) throws Exception {
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   130
        String extension = args[0];
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   131
        String targetHost = args[1];
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   132
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   133
        // enable CRLDP and AIA extensions
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   134
        System.setProperty("com.sun.security.enableCRLDP", "true");
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   135
        System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   136
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   137
        Path hostsFilePath = Paths.get(System.getProperty("test.src", ".")
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   138
                + File.separator + extension);
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   139
        System.setProperty("jdk.net.hosts.file",
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   140
                hostsFilePath.toFile().getAbsolutePath());
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   141
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   142
        X509Certificate trustedCert = loadCertificate(CA_CERT);
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   143
        X509Certificate eeCert = loadCertificate(EE_CERT);
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   144
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   145
        Set<TrustAnchor> trustedCertsSet = new HashSet<>();
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   146
        trustedCertsSet.add(new TrustAnchor(trustedCert, null));
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   147
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   148
        CertPath cp = (CertPath) CertificateFactory.getInstance("X509")
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   149
                .generateCertPath(Arrays.asList(eeCert));
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   150
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   151
        // CertPath validator should try to parse CRLDP and AIA extensions,
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   152
        // and load CRLs/certs which they point to.
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   153
        // If proxy server catches requests for resolving host names
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   154
        // which extensions contain, then it means that CertPath validator
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   155
        // tried to load CRLs/certs which they point to.
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   156
        List<String> hosts = new ArrayList<>();
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   157
        Consumer<Socket> socketConsumer = (Socket socket) -> {
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   158
            InetSocketAddress remoteAddress
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   159
                    = (InetSocketAddress) socket.getRemoteSocketAddress();
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   160
            hosts.add(remoteAddress.getHostName());
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   161
        };
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   162
        try (SocksProxy proxy = SocksProxy.startProxy(socketConsumer)) {
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   163
            CertPathValidator.getInstance("PKIX").validate(cp,
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   164
                    new PKIXParameters(trustedCertsSet));
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   165
            throw new RuntimeException("CertPathValidatorException not thrown");
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   166
        } catch (CertPathValidatorException cpve) {
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   167
            System.out.println("Expected exception: " + cpve);
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   168
        }
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   169
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   170
        if (!hosts.contains(targetHost)) {
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   171
            throw new RuntimeException(
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   172
                    String.format("The %s from %s extension is not requested",
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   173
                            targetHost, extension));
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   174
        }
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   175
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   176
        System.out.println("Test passed");
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   177
    }
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   178
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   179
    // load a X509 certificate
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   180
    public static X509Certificate loadCertificate(String s)
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   181
            throws IOException, CertificateException {
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   182
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   183
        try (ByteArrayInputStream is = new ByteArrayInputStream(s.getBytes())) {
32502
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   184
            return (X509Certificate) CertificateFactory.getInstance("X509")
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   185
                    .generateCertificate(is);
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   186
        }
03f7450aec42 8134708: Certpath validation fails to load certs and CRLs if AIA and CRLDP extensions point to LDAP resources
asmotrak
parents:
diff changeset
   187
    }
39489
ae846c9286b0 8157667: sun/security/x509/URICertStore/ExtensionsWithLDAP.java has to be updated due to JDK-8134577
mli
parents: 36967
diff changeset
   188
}