|
1 /* |
|
2 * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. |
|
8 * |
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 * version 2 for more details (a copy is included in the LICENSE file that |
|
13 * accompanied this code). |
|
14 * |
|
15 * You should have received a copy of the GNU General Public License version |
|
16 * 2 along with this work; if not, write to the Free Software Foundation, |
|
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 * |
|
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 * or visit www.oracle.com if you need additional information or have any |
|
21 * questions. |
|
22 */ |
|
23 |
|
24 |
|
25 /** |
|
26 * @test |
|
27 * @bug 8021804 |
|
28 * @summary CertPath should validate even if the validity period of the |
|
29 * root cert does not include the validity period of a subordinate |
|
30 * cert. |
|
31 */ |
|
32 |
|
33 import java.io.ByteArrayInputStream; |
|
34 import java.security.cert.*; |
|
35 import java.util.ArrayList; |
|
36 import java.util.Date; |
|
37 import java.util.HashSet; |
|
38 import java.util.Set; |
|
39 |
|
40 public class Validity { |
|
41 |
|
42 /* |
|
43 * Subject: OU=TestOrg, CN=TestCA |
|
44 * Issuer: OU=TestOrg, CN=TestCA |
|
45 * Validity |
|
46 * Not Before: Feb 26 21:33:55 2014 GMT |
|
47 Not After : Feb 26 21:33:55 2024 GMT |
|
48 * Version 1 |
|
49 */ |
|
50 static String CACertStr = |
|
51 "-----BEGIN CERTIFICATE-----\n" + |
|
52 "MIIBvTCCASYCCQCQRiTo4lBCFjANBgkqhkiG9w0BAQUFADAjMRAwDgYDVQQLDAdU\n" + |
|
53 "ZXN0T3JnMQ8wDQYDVQQDDAZUZXN0Q0EwHhcNMTQwMjI2MjEzMzU1WhcNMjQwMjI2\n" + |
|
54 "MjEzMzU1WjAjMRAwDgYDVQQLDAdUZXN0T3JnMQ8wDQYDVQQDDAZUZXN0Q0EwgZ8w\n" + |
|
55 "DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOtKS4ZrsM3ansd61ZxitcrN0w184I+A\n" + |
|
56 "z0kyrSP1eMtlam+cC2U91NpTz11FYV4XUfBhqqxaXW043AWTUer8pS90Pt4sCrUX\n" + |
|
57 "COx1+QA1M3ZhbZ4sTM7XQ90JbGaBJ/sEza9mlQP7hQ2yQO/hATKbP6J5qvgG2sT2\n" + |
|
58 "S2WYjEgwNwmFAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAQ/CXEpnx2WY4LJtv4jwE\n" + |
|
59 "4jIVirur3pdzV5oBhPyqqHMsyhQBkukCfX7uD7L5wN1+xuM81DfANpIxlnUfybp5\n" + |
|
60 "CpjcmktLpmyK4kJ6XnSd2blbLOIpsr9x6FqxPxpVDlyw/ySHYrIG/GZdsLHgmzGn\n" + |
|
61 "B06jeYzH8OLf879VxAxSsPc=\n" + |
|
62 "-----END CERTIFICATE-----"; |
|
63 |
|
64 /* |
|
65 * Subject: OU=TestOrg, CN=TestEE0 |
|
66 * Issuer: OU=TestOrg, CN=TestCA |
|
67 * Validity |
|
68 * Not Before: Feb 26 22:55:12 2014 GMT |
|
69 * Not After : Feb 25 22:55:12 2025 GMT |
|
70 * Version 1 |
|
71 */ |
|
72 static String EECertStr = |
|
73 "-----BEGIN CERTIFICATE-----\n" + |
|
74 "MIIBtjCCAR8CAQQwDQYJKoZIhvcNAQEFBQAwIzEQMA4GA1UECwwHVGVzdE9yZzEP\n" + |
|
75 "MA0GA1UEAwwGVGVzdENBMB4XDTE0MDIyNjIyNTUxMloXDTI1MDIyNTIyNTUxMlow\n" + |
|
76 "JDEQMA4GA1UECwwHVGVzdE9yZzEQMA4GA1UEAwwHVGVzdEVFMDCBnzANBgkqhkiG\n" + |
|
77 "9w0BAQEFAAOBjQAwgYkCgYEAt8xz9W3ruCTHjSOtTX6cxsUZ0nRP6EavEfzgcOYh\n" + |
|
78 "CXGA0gr+viSHq3c2vQBxiRny2hm5rLcqpPo+2OxZtw/ajxfyrV6d/r8YyQLBvyl3\n" + |
|
79 "xdCZdOkG1DCM1oFAQDaSRt9wN5Zm5kyg7uMig5Y4L45fP9Yee4x6Xyh36qYbsR89\n" + |
|
80 "rFMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQDZrPqSo08va1m9TOWOztTuWilGdjK/\n" + |
|
81 "2Ed2WXg8utIpy6uAV+NaOYtHQ7ULQBVRNmwg9nKghbVbh+E/xpoihjl1x7OXass4\n" + |
|
82 "TbwXA5GKFIFpNtDvATQ/QQZoCuCzw1FW/mH0Q7UEQ/9/iJdDad6ebkapeMwtj/8B\n" + |
|
83 "s2IZV7s85CEOXw==\n" + |
|
84 "-----END CERTIFICATE-----"; |
|
85 |
|
86 public static void main(String[] args) throws Exception { |
|
87 |
|
88 String[] certStrs = {EECertStr}; |
|
89 String[] trustedCertStrs = {CACertStr}; |
|
90 runTest(certStrs, trustedCertStrs); |
|
91 |
|
92 System.out.println("Test passed."); |
|
93 } |
|
94 |
|
95 private static void runTest(String[] certStrs, |
|
96 String[] trustedCertStrs) |
|
97 throws Exception { |
|
98 |
|
99 CertificateFactory cf = CertificateFactory.getInstance("X509"); |
|
100 |
|
101 // Generate the CertPath from the certs named in certStrs |
|
102 ArrayList<X509Certificate> certs = new ArrayList<>(); |
|
103 for (String certStr : certStrs) { |
|
104 certs.add(generateCert(certStr, cf)); |
|
105 } |
|
106 CertPath cp = cf.generateCertPath(certs); |
|
107 |
|
108 // Generate the set of Trust Anchors from the certs named in |
|
109 // trustedCertStrs |
|
110 Set<TrustAnchor> trustAnchors = new HashSet<>(); |
|
111 for (String trustedCertStr : trustedCertStrs) { |
|
112 TrustAnchor ta = new TrustAnchor(generateCert(trustedCertStr, cf), |
|
113 null); |
|
114 trustAnchors.add(ta); |
|
115 } |
|
116 PKIXParameters params = new PKIXParameters(trustAnchors); |
|
117 params.setDate(new Date(114, 3, 1)); // 2014-03-01 |
|
118 params.setRevocationEnabled(false); |
|
119 |
|
120 // Attempt to validate the CertPath. If no exception thrown, successful. |
|
121 CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); |
|
122 cpv.validate(cp, params); |
|
123 System.out.println("CertPath validation successful."); |
|
124 } |
|
125 |
|
126 private static X509Certificate generateCert(String certStr, |
|
127 CertificateFactory cf) |
|
128 throws Exception { |
|
129 ByteArrayInputStream stream |
|
130 = new ByteArrayInputStream(certStr.getBytes()); |
|
131 return (X509Certificate) cf.generateCertificate(stream); |
|
132 |
|
133 } |
|
134 } |