1 /* |
|
2 * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. |
|
8 * |
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 * version 2 for more details (a copy is included in the LICENSE file that |
|
13 * accompanied this code). |
|
14 * |
|
15 * You should have received a copy of the GNU General Public License version |
|
16 * 2 along with this work; if not, write to the Free Software Foundation, |
|
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 * |
|
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 * or visit www.oracle.com if you need additional information or have any |
|
21 * questions. |
|
22 */ |
|
23 |
|
24 // |
|
25 // Security properties, once set, cannot revert to unset. To avoid |
|
26 // conflicts with tests running in the same VM isolate this test by |
|
27 // running it in otherVM mode. |
|
28 // |
|
29 |
|
30 /* |
|
31 * @test |
|
32 * @bug 7167988 |
|
33 * @summary PKIX CertPathBuilder in reverse mode doesn't work if more than |
|
34 * one trust anchor is specified |
|
35 * @run main/othervm ReverseBuild |
|
36 */ |
|
37 import java.io.*; |
|
38 import java.util.*; |
|
39 import java.security.cert.*; |
|
40 import java.security.Security; |
|
41 |
|
42 import sun.security.provider.certpath.SunCertPathBuilderParameters; |
|
43 |
|
44 public class ReverseBuild { |
|
45 // Certificate information: |
|
46 // Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org |
|
47 // Validity |
|
48 // Not Before: Dec 8 02:43:36 2008 GMT |
|
49 // Not After : Aug 25 02:43:36 2028 GMT |
|
50 // Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org |
|
51 // X509v3 Subject Key Identifier: |
|
52 // FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 |
|
53 // X509v3 Authority Key Identifier: |
|
54 // keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 |
|
55 // DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org |
|
56 // serial:00 |
|
57 static String NoiceTrusedCertStr = |
|
58 "-----BEGIN CERTIFICATE-----\n" + |
|
59 "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + |
|
60 "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + |
|
61 "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" + |
|
62 "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + |
|
63 "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + |
|
64 "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" + |
|
65 "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" + |
|
66 "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" + |
|
67 "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" + |
|
68 "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" + |
|
69 "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" + |
|
70 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" + |
|
71 "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" + |
|
72 "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" + |
|
73 "6Mvf0r1PNTY2hwTJLJmKtg==\n" + |
|
74 "-----END CERTIFICATE-----"; |
|
75 |
|
76 // Certificate information: |
|
77 // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce |
|
78 // Validity |
|
79 // Not Before: Aug 19 01:52:19 2011 GMT |
|
80 // Not After : Jul 29 01:52:19 2032 GMT |
|
81 // Subject: C=US, O=Java, OU=SunJSSE Test Serivce |
|
82 |
|
83 // X509v3 Subject Key Identifier: |
|
84 // B9:7C:D5:D9:DF:A7:4C:03:AE:FD:0E:27:5B:31:95:6C:C7:F3:75:E1 |
|
85 // X509v3 Authority Key Identifier: |
|
86 // keyid:B9:7C:D5:D9:DF:A7:4C:03:AE:FD:0E:27:5B:31:95:6C:C7:F3:75:E1 |
|
87 // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce |
|
88 // serial:00 |
|
89 static String NoiceTrusedCertStr_2nd = |
|
90 "-----BEGIN CERTIFICATE-----\n" + |
|
91 "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + |
|
92 "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + |
|
93 "MTEwODE5MDE1MjE5WhcNMzIwNzI5MDE1MjE5WjA7MQswCQYDVQQGEwJVUzENMAsG\n" + |
|
94 "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" + |
|
95 "KoZIhvcNAQEBBQADgY0AMIGJAoGBAM8orG08DtF98TMSscjGsidd1ZoN4jiDpi8U\n" + |
|
96 "ICz+9dMm1qM1d7O2T+KH3/mxyox7Rc2ZVSCaUD0a3CkhPMnlAx8V4u0H+E9sqso6\n" + |
|
97 "iDW3JpOyzMExvZiRgRG/3nvp55RMIUV4vEHOZ1QbhuqG4ebN0Vz2DkRft7+flthf\n" + |
|
98 "vDld6f5JAgMBAAGjgaUwgaIwHQYDVR0OBBYEFLl81dnfp0wDrv0OJ1sxlWzH83Xh\n" + |
|
99 "MGMGA1UdIwRcMFqAFLl81dnfp0wDrv0OJ1sxlWzH83XhoT+kPTA7MQswCQYDVQQG\n" + |
|
100 "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + |
|
101 "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEE\n" + |
|
102 "BQADgYEALlgaH1gWtoBZ84EW8Hu6YtGLQ/L9zIFmHonUPZwn3Pr//icR9Sqhc3/l\n" + |
|
103 "pVTxOINuFHLRz4BBtEylzRIOPzK3tg8XwuLb1zd0db90x3KBCiAL6E6cklGEPwLe\n" + |
|
104 "XYMHDn9eDsaq861Tzn6ZwzMgw04zotPMoZN0mVd/3Qca8UJFucE=\n" + |
|
105 "-----END CERTIFICATE-----"; |
|
106 |
|
107 |
|
108 // Certificate information: |
|
109 // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce |
|
110 // Validity |
|
111 // Not Before: May 5 02:40:50 2012 GMT |
|
112 // Not After : Apr 15 02:40:50 2033 GMT |
|
113 // Subject: C=US, O=Java, OU=SunJSSE Test Serivce |
|
114 // X509v3 Subject Key Identifier: |
|
115 // DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B |
|
116 // X509v3 Authority Key Identifier: |
|
117 // keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B |
|
118 // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce |
|
119 // serial:00 |
|
120 static String trustedCertStr = |
|
121 "-----BEGIN CERTIFICATE-----\n" + |
|
122 "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJVUzEN\n" + |
|
123 "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + |
|
124 "MTIwNTA1MDI0MDUwWhcNMzMwNDE1MDI0MDUwWjA7MQswCQYDVQQGEwJVUzENMAsG\n" + |
|
125 "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" + |
|
126 "KoZIhvcNAQEBBQADgY0AMIGJAoGBANtiq0AIJK+iVRwFrqcD7fYXTCbMYC5Qz/k6\n" + |
|
127 "AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwvzuURbc9+paOBWeHbN+Sc\n" + |
|
128 "x3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStFhSHXATjtdbskNOAYGLTV\n" + |
|
129 "x8uEy9GbAgMBAAGjgaUwgaIwHQYDVR0OBBYEFN1OjSoRwIMD8Kzror/58n3IaR+b\n" + |
|
130 "MGMGA1UdIwRcMFqAFN1OjSoRwIMD8Kzror/58n3IaR+boT+kPTA7MQswCQYDVQQG\n" + |
|
131 "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + |
|
132 "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC\n" + |
|
133 "BQADgYEAjjkJesQrkbr36N40egybaIxw7RcqT6iy5fkAGS1JYlBDk8uSCK1o6bCH\n" + |
|
134 "ls5EpYcGeEoabSS73WRdkO1lgeyWDduO4ef8cCCSpmpT6/YdZG0QS1PtcREeVig+\n" + |
|
135 "Zr25jNemS4ADHX0aaXP4kiV/G80cR7nX5t5XCUm4bYdbwM07NgI=\n" + |
|
136 "-----END CERTIFICATE-----"; |
|
137 static String trustedPrivateKey = // Private key in the format of PKCS#8 |
|
138 "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANtiq0AIJK+iVRwF\n" + |
|
139 "rqcD7fYXTCbMYC5Qz/k6AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwv\n" + |
|
140 "zuURbc9+paOBWeHbN+Scx3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStF\n" + |
|
141 "hSHXATjtdbskNOAYGLTVx8uEy9GbAgMBAAECgYEA2VjHkIiA0ABjkX+PqKeb+VLb\n" + |
|
142 "fxS7tSca5C8zfdRhLxAWRui0/3ihst0eCJNrBDuxvAOACovsDWyLuaUjtI2v2ysz\n" + |
|
143 "vz6SPyGy82PhQOFzyKQuQ814N6EpothpiZzF0yFchfKIGhUsdY89UrGs9nM7m6NT\n" + |
|
144 "rztYvgIu4avg2VPR2AECQQD+pFAqipR2BplQRIuuRSZfHRxvoEyDjT1xnHJsC6WP\n" + |
|
145 "I5hCLghL91MhQGWbP4EJMKYQOTRVukWlcp2Kycpf+P5hAkEA3I43gmVUAPEdyZdY\n" + |
|
146 "fatW7OaLlbbYJb6qEtpCZ1Rwe/BIvm6H6E3qSi/lpz7Ia7WDulpbF6BawHH3pRFq\n" + |
|
147 "CUY5ewJBAP3pUDqrRpBN0jB0uSeDslhjSciQ+dqvSpZv3rSYBHUvlBJhnkpJiy37\n" + |
|
148 "7ZUZhIxqYxyIPgRBolLwb+FFh7OdL+ECQCtldDic9WVmC+VheRDpCKZ+SlK/8lGi\n" + |
|
149 "7VXeShiIvcU1JysJFoa35fSI7hf1O3wt7+hX5PqGG7Un94EsJwACKEcCQQC1TWt6\n" + |
|
150 "ArKH6tRxKjOxFtqfs8fgEVYUaOr3j1jF4KBUuX2mtQtddZe3VfJ2wPsuKMMxmhkB\n" + |
|
151 "e7xWWZnJsErt2e+E"; |
|
152 |
|
153 // Certificate information: |
|
154 // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce |
|
155 // Validity |
|
156 // Not Before: May 5 02:40:53 2012 GMT |
|
157 // Not After : Jan 21 02:40:53 2032 GMT |
|
158 // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner |
|
159 // X509v3 Subject Key Identifier: |
|
160 // 13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A |
|
161 // X509v3 Authority Key Identifier: |
|
162 // keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B |
|
163 // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce |
|
164 // serial:00 |
|
165 static String caSignerStr = |
|
166 "-----BEGIN CERTIFICATE-----\n" + |
|
167 "MIICqDCCAhGgAwIBAgIBAjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + |
|
168 "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + |
|
169 "MTIwNTA1MDI0MDUzWhcNMzIwMTIxMDI0MDUzWjBOMQswCQYDVQQGEwJVUzENMAsG\n" + |
|
170 "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAPBgNV\n" + |
|
171 "BAMTCGNhc2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+x8+o7oM0\n" + |
|
172 "ct/LZmZLXBL4CQ8jrULD5P7NtEW0hg/zxBFZfBHf+44Oo2eMPYZj+7xaREOH5BmV\n" + |
|
173 "KRYlzRtONAaC5Ng4Mrm5UKNPcMIIUjUOvm7vWM4oSTMSfoEcSX+vp99uUAkw3w7Z\n" + |
|
174 "+frYDm1M4At/j0b+lLij71GFN2L8drpgPQIDAQABo4GoMIGlMB0GA1UdDgQWBBQT\n" + |
|
175 "B+ARB9vrMyOHMdDbfhZWvhGQCjBjBgNVHSMEXDBagBTdTo0qEcCDA/Cs66K/+fJ9\n" + |
|
176 "yGkfm6E/pD0wOzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsT\n" + |
|
177 "FFN1bkpTU0UgVGVzdCBTZXJpdmNlggEAMBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYD\n" + |
|
178 "VR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBAI+LXA/UCPkTANablUkt80JNPWsl\n" + |
|
179 "pS4XLNgPxWaN0bkRDs5oI4ooWAz1rwpeJ/nfetOvWlpmrVjSeovBFja5Hl+dUHTf\n" + |
|
180 "VfuyzkxXbhuNiJIpo1mVBpNsjwu9YRxuwX6UA2LTUQpgvtVJEE012x3zRvxBCbu2\n" + |
|
181 "Y/v1R5fZ4c+hXDfC\n" + |
|
182 "-----END CERTIFICATE-----"; |
|
183 static String caSignerPrivateKey = // Private key in the format of PKCS#8 |
|
184 "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL7Hz6jugzRy38tm\n" + |
|
185 "ZktcEvgJDyOtQsPk/s20RbSGD/PEEVl8Ed/7jg6jZ4w9hmP7vFpEQ4fkGZUpFiXN\n" + |
|
186 "G040BoLk2DgyublQo09wwghSNQ6+bu9YzihJMxJ+gRxJf6+n325QCTDfDtn5+tgO\n" + |
|
187 "bUzgC3+PRv6UuKPvUYU3Yvx2umA9AgMBAAECgYBYvu30cW8LONyt62Zua9hPFTe7\n" + |
|
188 "qt9B7QYyfkdmoG5PQMepTrOp84SzfoOukvgvDm0huFuJnSvhXQl2cCDhkgXskvFj\n" + |
|
189 "Hh7KBCFViVXokGdq5YoS0/KYMyQV0TZfJUvILBl51uc4/siQ2tClC/N4sa+1JhgW\n" + |
|
190 "a6dFGfRjiUKSSlmMwQJBAPWpIz3Q/c+DYMvoQr5OD8EaYwYIevlTdXb97RnJJh2b\n" + |
|
191 "UnhB9jrqesJiHYVzPmP0ukyPOXOwlp2T5Am4Kw0LFOkCQQDGz150NoHOp28Mvyc4\n" + |
|
192 "CTqz/zYzUhy2eCJESl196uyP4N65Y01VYQ3JDww4DlsXiU17tVSbgA9TCcfTYOzy\n" + |
|
193 "vyw1AkARUky+1hafZCcWGZljK8PmnMKwsTZikCTvL/Zg5BMA8Wu+OQBwpQnk3OAy\n" + |
|
194 "Aa87gw0DyvGFG8Vy9POWT9sRP1/JAkBqP0hrMvYMSs6+MSn0eHo2151PsAJIQcuO\n" + |
|
195 "U2/Da1khSzu8N6WMi2GiobgV/RYRbf9KrY2ZzMZjykZQYOxAjopBAkEAghCu38cN\n" + |
|
196 "aOsW6ueo24uzsWI1FTdE+qWNVEi3RSP120xXBCyhaBjIq4WVSlJK9K2aBaJpit3j\n" + |
|
197 "iQ5tl6zrLlxQhg=="; |
|
198 |
|
199 // Certificate information: |
|
200 // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner |
|
201 // Validity |
|
202 // Not Before: May 5 02:40:57 2012 GMT |
|
203 // Not After : Jan 21 02:40:57 2032 GMT |
|
204 // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer |
|
205 // X509v3 Subject Key Identifier: |
|
206 // 39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8 |
|
207 // X509v3 Authority Key Identifier: |
|
208 // keyid:13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A |
|
209 // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce |
|
210 // serial:02 |
|
211 static String certIssuerStr = |
|
212 "-----BEGIN CERTIFICATE-----\n" + |
|
213 "MIICvjCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJVUzEN\n" + |
|
214 "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAP\n" + |
|
215 "BgNVBAMTCGNhc2lnbmVyMB4XDTEyMDUwNTAyNDA1N1oXDTMyMDEyMTAyNDA1N1ow\n" + |
|
216 "UDELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0Ug\n" + |
|
217 "VGVzdCBTZXJpdmNlMRMwEQYDVQQDEwpjZXJ0aXNzdWVyMIGfMA0GCSqGSIb3DQEB\n" + |
|
218 "AQUAA4GNADCBiQKBgQCyz55zinU6kNL/LeiTNiBI0QWYmDG0YTotuC4D75liBNqs\n" + |
|
219 "7Mmladsh2mTtQUAwmuGaGzaZV25a+cUax0DXZoyBwdbTI09u1bUYsZcaUUKbPoCC\n" + |
|
220 "HH26e4jLFL4olW13Sv4ZAd57tIYevMw+Fp5f4fLPFGegCJTFlv2Qjpmic/cuvQID\n" + |
|
221 "AQABo4GpMIGmMB0GA1UdDgQWBBQ5DsYzsVC8cwcx5dgE97uXVc+byDBjBgNVHSME\n" + |
|
222 "XDBagBQTB+ARB9vrMyOHMdDbfhZWvhGQCqE/pD0wOzELMAkGA1UEBhMCVVMxDTAL\n" + |
|
223 "BgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0UgVGVzdCBTZXJpdmNlggECMBMG\n" + |
|
224 "A1UdEwEB/wQJMAcBAf8CAgQAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOB\n" + |
|
225 "gQCQTagenCdClT98C+oTJGJrw/dUBD9K3tE6ZJKPMc/2bUia8G5ei1C0eXj4mWG2\n" + |
|
226 "lu9umR6C90/A6qB050QB2h50qtqxSrkpu+ym1yypauZpg7U3nUY9wZWJNI1vqrQZ\n" + |
|
227 "pqUMRcXY3iQIVKx+Qj+4/Za1wwFQzpEoGmqRW31V1SdMEw==\n" + |
|
228 "-----END CERTIFICATE-----"; |
|
229 static String certIssuerPrivateKey = // Private key in the format of PKCS#8 |
|
230 "MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBALLPnnOKdTqQ0v8t\n" + |
|
231 "6JM2IEjRBZiYMbRhOi24LgPvmWIE2qzsyaVp2yHaZO1BQDCa4ZobNplXblr5xRrH\n" + |
|
232 "QNdmjIHB1tMjT27VtRixlxpRQps+gIIcfbp7iMsUviiVbXdK/hkB3nu0hh68zD4W\n" + |
|
233 "nl/h8s8UZ6AIlMWW/ZCOmaJz9y69AgMBAAECgYEAjtew2tgm4gxDojqIauF4VPM1\n" + |
|
234 "pzsdqd1p3pAdomNLgrQiBLZ8N7oiph6TNb1EjA+OXc+ThFgF/oM9ZDD8qZZwcvjN\n" + |
|
235 "qDZlpTkFs2TaGcyEZfUaMB45NHVs6Nn+pSkagSNwwy3xeyAct7sQEzGNTDlEwVv5\n" + |
|
236 "7V9LQutQtBd6xT48KzkCQQDpNRfv2OFNG/6GtzJoO68oJhpnpl2MsYNi4ntRkre/\n" + |
|
237 "6uXpiCYaDskcrPMRwOOs0m7mxG+Ev+uKnLnSoEMm1GCbAkEAxEmDtiD0Psb8Z9BL\n" + |
|
238 "ZRb83Jqho3xe2MCAh3xUfz9b/Mhae9dZ44o4OCgQZuwvW1mczF0NtpgZl93BmYa2\n" + |
|
239 "hTwHhwJBAKHrEj6ep/fA6x0gD2idoATRR94VfbiU+7NpqtO9ecVP0+gsdr/66hn1\n" + |
|
240 "3yLBeZLh3MxvMTrLgkAQh1i9m0JXjOcCQQClLXAHHegrw+u3uNMZeKTFR+Lp3sk6\n" + |
|
241 "AZSnbvr0Me9I45kxSeG81x3ENALJecvIRbrrRws5MvmmkNhQR8rkh8WVAkEAk6b+\n" + |
|
242 "aVtmBgUaTS5+FFlHGHJY9HFrfT1a1C/dwyMuqlmbC3YsBmZaMOlKli5TXNybLff8\n" + |
|
243 "5KMeGEpXMzgC7AscGA=="; |
|
244 |
|
245 // Certificate information: |
|
246 // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer |
|
247 // Validity |
|
248 // Not Before: May 5 02:41:01 2012 GMT |
|
249 // Not After : Jan 21 02:41:01 2032 GMT |
|
250 // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=localhost |
|
251 // X509v3 Subject Key Identifier: |
|
252 // AD:C0:2C:4C:E4:C2:2E:A1:BB:5D:92:BE:66:E0:4E:E0:0D:2F:11:EF |
|
253 // X509v3 Authority Key Identifier: |
|
254 // keyid:39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8 |
|
255 static String targetCertStr = |
|
256 "-----BEGIN CERTIFICATE-----\n" + |
|
257 "MIICjTCCAfagAwIBAgIBBDANBgkqhkiG9w0BAQQFADBQMQswCQYDVQQGEwJVUzEN\n" + |
|
258 "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEzAR\n" + |
|
259 "BgNVBAMTCmNlcnRpc3N1ZXIwHhcNMTIwNTA1MDI0MTAxWhcNMzIwMTIxMDI0MTAx\n" + |
|
260 "WjBPMQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNT\n" + |
|
261 "RSBUZXN0IFNlcml2Y2UxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B\n" + |
|
262 "AQEFAAOBjQAwgYkCgYEAvwaUd7wmBSKqycEstYLWD26vkU08DM39EtaT8wL9HnQ0\n" + |
|
263 "fgPblwBFI4zdLa2cuYXRZcFUb04N8nrkcpR0D6kkE+AlFAoRWrrZF80B7JTbtEK4\n" + |
|
264 "1PIeurihXvUT+4MpzGLOojIihMfvM4ufelblD56SInso4WFHm7t4qCln88J1gjkC\n" + |
|
265 "AwEAAaN4MHYwCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBStwCxM5MIuobtdkr5m4E7g\n" + |
|
266 "DS8R7zAfBgNVHSMEGDAWgBQ5DsYzsVC8cwcx5dgE97uXVc+byDAnBgNVHSUEIDAe\n" + |
|
267 "BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBAUAA4GB\n" + |
|
268 "AGfwcfdvEG/nSCiAn2MGbYHp34mgF3OA1SJLWUW0LvWJhwm2cn4AXlSoyvbwrkaB\n" + |
|
269 "IDDCwhJvvc0vUyL2kTx7sqVaFTq3mDs+ktlB/FfH0Pb+i8FE+g+7T42Iw/j0qxHL\n" + |
|
270 "YmgbrjBQf5WYN1AvBE/rrPt9aOtS3UsqtVGW574b0shW\n" + |
|
271 "-----END CERTIFICATE-----"; |
|
272 static String targetPrivateKey = // Private key in the format of PKCS#8 |
|
273 "MIICdAIBADANBgkqhkiG9w0BAQEFAASCAl4wggJaAgEAAoGBAL8GlHe8JgUiqsnB\n" + |
|
274 "LLWC1g9ur5FNPAzN/RLWk/MC/R50NH4D25cARSOM3S2tnLmF0WXBVG9ODfJ65HKU\n" + |
|
275 "dA+pJBPgJRQKEVq62RfNAeyU27RCuNTyHrq4oV71E/uDKcxizqIyIoTH7zOLn3pW\n" + |
|
276 "5Q+ekiJ7KOFhR5u7eKgpZ/PCdYI5AgMBAAECf3CscOYvFD3zNMnMJ5LomVqA7w3F\n" + |
|
277 "gKYM2jlCWAH+wU41PMEXhW6Lujw92jgXL1o+lERwxFzirVdZJWZwKgUSvzP1G0h3\n" + |
|
278 "fkucq1/UWnToK+8NSXNM/yS8hXbBgSEoJo5f7LKcIi1Ev6doBVofMxs+njzyWKbM\n" + |
|
279 "Nb7rOLHadghoon0CQQDgQzbzzSN8Dc1YmmylhI5v+0sQRHH0DL7D24k4Weh4vInG\n" + |
|
280 "EAbt4x8M7ZKEo8/dv0s4hbmNmAnJl93/RRxIyEqLAkEA2g87DiswSQam2pZ8GlrO\n" + |
|
281 "+w4Qg9mH8uxx8ou2rl0XlHzH1XiTNbkjfY0EZoL7L31BHFk9n11Fb2P85g6ws+Hy\n" + |
|
282 "ywJAM/xgyLNM/nzUlS128geAXUULaYH0SHaL4isJ7B4rXZGW/mrIsGxtzjlkNYsj\n" + |
|
283 "rGujrD6TfNc5rZmexIXowJZtcQJBAIww+pCzZ4mrgx5JXWQ8OZHiiu+ZrPOa2+9J\n" + |
|
284 "r5sOMpi+WGN/73S8oHqZbNjTINZ5OqEVJq8MchWZPQBTNXuQql0CQHEjUzzkCQa3\n" + |
|
285 "j6JTa2KAdqyvLOx0XF9zcc1gA069uNQI2gPUHS8V215z57f/gMGnDNhVfLs/vMKz\n" + |
|
286 "sFkVZ3zg7As="; |
|
287 |
|
288 |
|
289 public static void main(String args[]) throws Exception { |
|
290 // MD5 is used in this test case, don't disable MD5 algorithm. |
|
291 Security.setProperty( |
|
292 "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); |
|
293 |
|
294 // generate certificate from cert string |
|
295 CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
|
296 |
|
297 // create a set of trust anchors |
|
298 LinkedHashSet<TrustAnchor> trustAnchors = new LinkedHashSet<>(); |
|
299 |
|
300 ByteArrayInputStream is = |
|
301 new ByteArrayInputStream(NoiceTrusedCertStr.getBytes()); |
|
302 Certificate trustedCert = cf.generateCertificate(is); |
|
303 is.close(); |
|
304 TrustAnchor anchor = |
|
305 new TrustAnchor((X509Certificate)trustedCert, null); |
|
306 trustAnchors.add(anchor); |
|
307 |
|
308 is = new ByteArrayInputStream(trustedCertStr.getBytes()); |
|
309 trustedCert = cf.generateCertificate(is); |
|
310 is.close(); |
|
311 anchor = new TrustAnchor((X509Certificate)trustedCert, null); |
|
312 trustAnchors.add(anchor); |
|
313 |
|
314 is = new ByteArrayInputStream(NoiceTrusedCertStr_2nd.getBytes()); |
|
315 trustedCert = cf.generateCertificate(is); |
|
316 is.close(); |
|
317 anchor = new TrustAnchor((X509Certificate)trustedCert, null); |
|
318 trustAnchors.add(anchor); |
|
319 |
|
320 // create a list of certificates |
|
321 List<Certificate> chainList = new ArrayList<>(); |
|
322 |
|
323 is = new ByteArrayInputStream(targetCertStr.getBytes()); |
|
324 Certificate cert = cf.generateCertificate(is); |
|
325 is.close(); |
|
326 chainList.add(cert); |
|
327 |
|
328 is = new ByteArrayInputStream(certIssuerStr.getBytes()); |
|
329 cert = cf.generateCertificate(is); |
|
330 is.close(); |
|
331 chainList.add(cert); |
|
332 |
|
333 is = new ByteArrayInputStream(caSignerStr.getBytes()); |
|
334 cert = cf.generateCertificate(is); |
|
335 is.close(); |
|
336 chainList.add(cert); |
|
337 |
|
338 // create a certificate selector |
|
339 X509CertSelector xcs = new X509CertSelector(); |
|
340 X509Certificate eeCert = (X509Certificate)chainList.get(0); |
|
341 xcs.setSubject(eeCert.getSubjectX500Principal()); |
|
342 |
|
343 // reverse build |
|
344 SunCertPathBuilderParameters params = |
|
345 new SunCertPathBuilderParameters(trustAnchors, xcs); |
|
346 params.setBuildForward(false); |
|
347 params.setRevocationEnabled(false); |
|
348 |
|
349 CollectionCertStoreParameters ccsp = |
|
350 new CollectionCertStoreParameters(chainList); |
|
351 params.addCertStore(CertStore.getInstance("Collection", ccsp)); |
|
352 |
|
353 CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); |
|
354 CertPathBuilderResult res = cpb.build(params); |
|
355 } |
|
356 } |
|