|
1 /* |
|
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. |
|
8 * |
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 * version 2 for more details (a copy is included in the LICENSE file that |
|
13 * accompanied this code). |
|
14 * |
|
15 * You should have received a copy of the GNU General Public License version |
|
16 * 2 along with this work; if not, write to the Free Software Foundation, |
|
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 * |
|
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 * or visit www.oracle.com if you need additional information or have any |
|
21 * questions. |
|
22 */ |
|
23 |
|
24 package jdk.test.lib.security; |
|
25 |
|
26 import java.io.ByteArrayInputStream; |
|
27 import java.security.cert.CertPath; |
|
28 import java.security.cert.CertPathValidator; |
|
29 import java.security.cert.CertificateException; |
|
30 import java.security.cert.CertificateFactory; |
|
31 import java.security.cert.PKIXParameters; |
|
32 import java.security.cert.TrustAnchor; |
|
33 import java.security.cert.X509Certificate; |
|
34 import java.util.Collections; |
|
35 import java.util.Date; |
|
36 import java.util.List; |
|
37 |
|
38 // Certificates taken from old ValWithAnchorByName testcase *** |
|
39 public enum TestCertificate { |
|
40 // Subject: CN=SSLCertificate, O=SomeCompany |
|
41 // Issuer: CN=Intermediate CA Cert, O=SomeCompany |
|
42 // Validity: Tue Aug 30 14:37:19 PDT 2016 to Wed Aug 30 14:37:19 PDT 2017 |
|
43 ONE("1000", |
|
44 "CN=SSLCertificate, O=SomeCompany", |
|
45 "CN=Intermediate CA Cert, O=SomeCompany", |
|
46 -1063259762, |
|
47 "-----BEGIN CERTIFICATE-----\n" + |
|
48 "MIIDnTCCAoWgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwNTEUMBIGA1UEChMLU29t\n" + |
|
49 "ZUNvbXBhbnkxHTAbBgNVBAMTFEludGVybWVkaWF0ZSBDQSBDZXJ0MB4XDTE2MDgz\n" + |
|
50 "MDIxMzcxOVoXDTE3MDgzMDIxMzcxOVowLzEUMBIGA1UEChMLU29tZUNvbXBhbnkx\n" + |
|
51 "FzAVBgNVBAMTDlNTTENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\n" + |
|
52 "MIIBCgKCAQEAjgv8KKE4CO0rbCjRLA1hXjRiSq30jeusCJ8frbRG+QOBgQ3j6jgc\n" + |
|
53 "vk5wG1aTu7R4AFn0/HRDMzP9ZbRlZVIbJUTd8YiaNyZeyWapPnxHWrPCd5e1xopk\n" + |
|
54 "ElieDdEH5FiLGtIrWy56CGA1hfQb1vUVYegyeY+TTtMFVHt0PrmMk4ZRgj/GtVNp\n" + |
|
55 "BQQYIzaYAcrcWMeCn30ZrhaGAL1hsdgmEVV1wsTD4JeNMSwLwMYem7fg8ondGZIR\n" + |
|
56 "kZuGtuSdOHu4Xz+mgDNXTeX/Bp/dQFucxCG+FOOM9Hoz72RY2W8YqgL38RlnwYWp\n" + |
|
57 "nUNxhXWFH6vyINRQVEu3IgahR6HXjxM7LwIDAQABo4G8MIG5MBQGA1UdEQQNMAuC\n" + |
|
58 "CWxvY2FsaG9zdDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9s\n" + |
|
59 "b2NhbGhvc3Q6NDIzMzMwHwYDVR0jBBgwFoAUYT525lwHCI4CmuWs8a7poaeKRJ4w\n" + |
|
60 "HQYDVR0OBBYEFCaQnOX4L1ovqyfeKuoay+kI+lXgMA4GA1UdDwEB/wQEAwIFoDAd\n" + |
|
61 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB\n" + |
|
62 "AD8dqQIqFasJcL8lm4mPTsBl0JgNiN8tQcXM7VCvcH+yDvEyh9vudDjuhpSORqPq\n" + |
|
63 "f1o/EvJ+gfs269mBnYQujYRvmSd6EAcBntv5zn6amOh03o6PqTY9KaUC/mL9hB84\n" + |
|
64 "Y5/LYioP16sME7egKnlrGUgKh0ZvGzm7c3SYx3Z5YoeFBOkZajc7Jm+cBw/uBQkF\n" + |
|
65 "a9mLEczIvOgkq1wto8vr2ptH1gEuvFRcorN3muvq34bk40G08+AHlP3fCLFpI3FA\n" + |
|
66 "IStJLJZRcO+Ib4sOcKuaBGnuMo/QVOCEMDUs6RgiWtSd93OZKFIUOASVp6YIkcSs\n" + |
|
67 "5/rmc06sICqBjLfPEB68Jjw=\n" + |
|
68 "-----END CERTIFICATE-----"), |
|
69 // Subject: CN=Intermediate CA Cert, O=SomeCompany |
|
70 // Issuer: CN=Root CA Cert, O=SomeCompany |
|
71 // Validity: Sun Aug 07 14:37:19 PDT 2016 to Tue Aug 07 14:37:19 PDT 2018 |
|
72 TWO("64", |
|
73 "CN=Intermediate CA Cert, O=SomeCompany", |
|
74 "CN=Root CA Cert, O=SomeCompany", |
|
75 -927189373, |
|
76 "-----BEGIN CERTIFICATE-----\n" + |
|
77 "MIIDdjCCAl6gAwIBAgIBZDANBgkqhkiG9w0BAQsFADAtMRQwEgYDVQQKEwtTb21l\n" + |
|
78 "Q29tcGFueTEVMBMGA1UEAxMMUm9vdCBDQSBDZXJ0MB4XDTE2MDgwNzIxMzcxOVoX\n" + |
|
79 "DTE4MDgwNzIxMzcxOVowNTEUMBIGA1UEChMLU29tZUNvbXBhbnkxHTAbBgNVBAMT\n" + |
|
80 "FEludGVybWVkaWF0ZSBDQSBDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + |
|
81 "CgKCAQEAnJR5CnE7GKlQjigExSJ6hHu302mc0PcA6TDgsIitPYD/r8RBbBuE51OQ\n" + |
|
82 "7IP7AXmfPUV3/+pO/uxx6mgY5O6XeUl7KadhVPtPcL0BVVevCSOdTMVa3iV4zRpa\n" + |
|
83 "C6Uy2ouUFnafKnDtlbieggyETUoNgVNJYA9L0XNhtSnENoLHC4Pq0v8OsNtsOWFR\n" + |
|
84 "NiMTOA49NNDBw85WgPyFAxjqO4z0J0zxdWq3W4rSMB8xrkulv2Rvj3GcfYJK/ab8\n" + |
|
85 "V1IJ6PMWCpujASY3BzvYPnN7BKuBjbWJPgZdPYfX1cxeG80u0tOuMfWWiNONSMSA\n" + |
|
86 "7m9y304QA0gKqlrFFn9U4hU89kv1IwIDAQABo4GYMIGVMA8GA1UdEwEB/wQFMAMB\n" + |
|
87 "Af8wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0\n" + |
|
88 "OjM5MTM0MB8GA1UdIwQYMBaAFJNMsejEyJUB9tiWycVczvpiMVQZMB0GA1UdDgQW\n" + |
|
89 "BBRhPnbmXAcIjgKa5azxrumhp4pEnjAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN\n" + |
|
90 "AQELBQADggEBAE4nOFdW9OirPnRvxihQXYL9CXLuGQz5tr0XgN8wSY6Un9b6CRiK\n" + |
|
91 "7obgIGimVdhvUC1qdRcwJqgOfJ2/jR5/5Qo0TVp+ww4dHNdUoj73tagJ7jTu0ZMz\n" + |
|
92 "5Zdp0uwd4RD/syvTeVcbPc3m4awtgEvRgzpDMcSeKPZWInlo7fbnowKSAUAfO8de\n" + |
|
93 "0cDkxEBkzPIzGNu256cdLZOqOK9wLJ9mQ0zKgi/2NsldNc2pl/6jkGpA6uL5lJsm\n" + |
|
94 "fo9sDusWNHV1YggqjDQ19hrf40VuuC9GFl/qAW3marMuEzY/NiKVUxty1q1s48SO\n" + |
|
95 "g5LoEPDDkbygOt7ICL3HYG1VufhC1Q2YY9c=\n" + |
|
96 "-----END CERTIFICATE-----"), |
|
97 // Subject: CN=Root CA Cert, O=SomeCompany |
|
98 // Issuer: CN=Root CA Cert, O=SomeCompany |
|
99 // Validity: Fri Jul 08 14:37:18 PDT 2016 to Fri Jun 28 14:37:18 PDT 2019 |
|
100 ROOT_CA("1", |
|
101 "CN=Root CA Cert, O=SomeCompany", |
|
102 "CN=Root CA Cert, O=SomeCompany", |
|
103 -1299818863, |
|
104 "-----BEGIN CERTIFICATE-----\n" + |
|
105 "MIIDODCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAtMRQwEgYDVQQKEwtTb21l\n" + |
|
106 "Q29tcGFueTEVMBMGA1UEAxMMUm9vdCBDQSBDZXJ0MB4XDTE2MDcwODIxMzcxOFoX\n" + |
|
107 "DTE5MDYyODIxMzcxOFowLTEUMBIGA1UEChMLU29tZUNvbXBhbnkxFTATBgNVBAMT\n" + |
|
108 "DFJvb3QgQ0EgQ2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIlN\n" + |
|
109 "M3WYEqkU2elXEZrV9QSDbDKwyaLEHafLFciH8Edoag3q/7jEzFJxI7JZ831tdbWQ\n" + |
|
110 "Bm6Hgo+8pvetOFW1BckL8eIjyOONP2CKfFaeMaozsWi1cgxa+rjpU/Rekc+zBqvv\n" + |
|
111 "y4Sr97TwT6nQiLlgjC1nCfR1SVpO51qoDChS7n785rsKEZxw/p+kkVWSZffU7zN9\n" + |
|
112 "c645cPg//L/kjiyeKMkaquGQOYS68gQgy8YZXQv1E3l/8e8Ci1s1DYA5wpCbaBqg\n" + |
|
113 "Tw84Rr4zlUEQBgXzQlRt+mPzeaDpdG1EeGkXrcdkZ+0EMELoOVXOEn6VNsz6vT3I\n" + |
|
114 "KrnvQBSnN06xq/iWwC0CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME\n" + |
|
115 "GDAWgBSTTLHoxMiVAfbYlsnFXM76YjFUGTAdBgNVHQ4EFgQUk0yx6MTIlQH22JbJ\n" + |
|
116 "xVzO+mIxVBkwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAAi+Nl\n" + |
|
117 "sxP9t2IhiZIHRJGSBZuQlXIjwYIwbq3ZWc/ApZ+0oxtl7DYQi5uRNt8/opcGNCHc\n" + |
|
118 "IY0fG93SbkDubXbxPYBW6D/RUjbz59ZryaP5ym55p1MjHTOqy+AM8g41xNTJikc3\n" + |
|
119 "UUFXXnckeFbawijCsb7vf71owzKuxgBXi9n1rmXXtncKoA/LrUVXoUlKefdgDnsU\n" + |
|
120 "sl3Q29eibE3HSqziMMoAOLm0jjekFGWIgLeTtyRYR1d0dNaUwsHTrQpPjxxUTn1x\n" + |
|
121 "sAPpXKfzPnsYAZeeiaaE75GwbWlHzrNinvxdZQd0zctpfBJfVqD/+lWANlw+rOaK\n" + |
|
122 "J2GyCaJINsyaI/I2\n" + |
|
123 "-----END CERTIFICATE-----"); |
|
124 |
|
125 public String serialNumber; |
|
126 public String algorithm; |
|
127 public String subject; |
|
128 public String issuer; |
|
129 public String keyType; |
|
130 public long certId; |
|
131 public int keyLength; |
|
132 public String encoded; |
|
133 |
|
134 TestCertificate(String serialNumber, String subject, String issuer, |
|
135 long certId, String encoded) { |
|
136 this.serialNumber = serialNumber; |
|
137 this.subject = subject; |
|
138 this.issuer = issuer; |
|
139 this.algorithm = "SHA256withRSA"; |
|
140 this.encoded = encoded; |
|
141 this.certId = certId; |
|
142 this.keyType = "RSA"; |
|
143 this.keyLength = 2048; |
|
144 } |
|
145 |
|
146 public X509Certificate generate(CertificateFactory cf) throws CertificateException { |
|
147 ByteArrayInputStream is = new ByteArrayInputStream(encoded.getBytes()); |
|
148 return (X509Certificate) cf.generateCertificate(is); |
|
149 } |
|
150 |
|
151 public static void generateChain(boolean selfSignedTest) throws Exception { |
|
152 // Do path validation as if it is always Tue, 06 Sep 2016 22:12:21 GMT |
|
153 // This value is within the lifetimes of all certificates. |
|
154 Date testDate = new Date(1473199941000L); |
|
155 |
|
156 CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
|
157 X509Certificate c1 = TestCertificate.ONE.generate(cf); |
|
158 X509Certificate c2 = TestCertificate.TWO.generate(cf); |
|
159 X509Certificate ca = TestCertificate.ROOT_CA.generate(cf); |
|
160 |
|
161 TrustAnchor ta = new TrustAnchor(ca, null); |
|
162 CertPathValidator validator = CertPathValidator.getInstance("PKIX"); |
|
163 |
|
164 PKIXParameters params = new PKIXParameters(Collections.singleton(ta)); |
|
165 params.setRevocationEnabled(false); |
|
166 params.setDate(testDate); |
|
167 if (!selfSignedTest) { |
|
168 CertPath path = cf.generateCertPath(List.of(c1, c2)); |
|
169 validator.validate(path, params); |
|
170 } else { |
|
171 CertPath path = cf.generateCertPath(List.of(ca)); |
|
172 validator.validate(path, params); |
|
173 } |
|
174 } |
|
175 } |