equal
deleted
inserted
replaced
1 /* |
1 /* |
2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. |
7 * published by the Free Software Foundation. |
22 */ |
22 */ |
23 |
23 |
24 /** |
24 /** |
25 * @test |
25 * @test |
26 * @bug 8023362 |
26 * @bug 8023362 |
|
27 * @run main/othervm OcspUnauthorized |
27 * @summary Make sure Ocsp UNAUTHORIZED response is treated as failure when |
28 * @summary Make sure Ocsp UNAUTHORIZED response is treated as failure when |
28 * SOFT_FAIL option is set |
29 * SOFT_FAIL option is set |
29 */ |
30 */ |
30 |
31 |
31 import java.io.ByteArrayInputStream; |
32 import java.io.ByteArrayInputStream; |
|
33 import java.security.Security; |
|
34 import java.security.cert.CertPathValidatorException.BasicReason; |
32 import java.security.cert.*; |
35 import java.security.cert.*; |
33 import java.security.cert.PKIXRevocationChecker.Option; |
36 import java.security.cert.PKIXRevocationChecker.Option; |
34 import java.util.Base64; |
37 import java.util.Base64; |
35 import java.util.Collections; |
38 import java.util.Collections; |
36 import java.util.EnumSet; |
39 import java.util.EnumSet; |
67 |
70 |
68 private static CertificateFactory cf; |
71 private static CertificateFactory cf; |
69 private static Base64.Decoder base64Decoder = Base64.getDecoder(); |
72 private static Base64.Decoder base64Decoder = Base64.getDecoder(); |
70 |
73 |
71 public static void main(String[] args) throws Exception { |
74 public static void main(String[] args) throws Exception { |
|
75 // EE_CERT is signed with MD5withRSA |
|
76 Security.setProperty("jdk.certpath.disabledAlgorithms", ""); |
72 cf = CertificateFactory.getInstance("X.509"); |
77 cf = CertificateFactory.getInstance("X.509"); |
73 X509Certificate taCert = getX509Cert(TRUST_ANCHOR); |
78 X509Certificate taCert = getX509Cert(TRUST_ANCHOR); |
74 X509Certificate eeCert = getX509Cert(EE_CERT); |
79 X509Certificate eeCert = getX509Cert(EE_CERT); |
75 CertPath cp = cf.generateCertPath(Collections.singletonList(eeCert)); |
80 CertPath cp = cf.generateCertPath(Collections.singletonList(eeCert)); |
76 |
81 |
90 try { |
95 try { |
91 cpv.validate(cp, params); |
96 cpv.validate(cp, params); |
92 throw new Exception("FAILED: expected CertPathValidatorException"); |
97 throw new Exception("FAILED: expected CertPathValidatorException"); |
93 } catch (CertPathValidatorException cpve) { |
98 } catch (CertPathValidatorException cpve) { |
94 cpve.printStackTrace(); |
99 cpve.printStackTrace(); |
|
100 if (cpve.getReason() != BasicReason.UNSPECIFIED && |
|
101 !cpve.getMessage().contains("OCSP response error: UNAUTHORIZED")) { |
|
102 throw new Exception("FAILED: unexpected " + |
|
103 "CertPathValidatorException reason"); |
|
104 } |
95 } |
105 } |
96 } |
106 } |
97 |
107 |
98 private static X509Certificate getX509Cert(String enc) throws Exception { |
108 private static X509Certificate getX509Cert(String enc) throws Exception { |
99 byte[] bytes = base64Decoder.decode(enc); |
109 byte[] bytes = base64Decoder.decode(enc); |