diff -r 8dee5a37bdc7 -r ae846c9286b0 jdk/test/sun/security/x509/URICertStore/ExtensionsWithLDAP.java --- a/jdk/test/sun/security/x509/URICertStore/ExtensionsWithLDAP.java Thu Jul 07 09:51:47 2016 +0200 +++ b/jdk/test/sun/security/x509/URICertStore/ExtensionsWithLDAP.java Thu Jul 07 01:31:31 2016 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,33 +23,34 @@ * questions. */ +import java.io.ByteArrayInputStream; +import java.io.File; import java.io.IOException; -import java.io.StringBufferInputStream; -import java.net.InetAddress; -import java.net.UnknownHostException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; +import java.net.InetSocketAddress; +import java.net.Socket; +import java.nio.file.Path; +import java.nio.file.Paths; import java.security.cert.CertPath; import java.security.cert.CertPathValidator; import java.security.cert.CertPathValidatorException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; -import java.text.DateFormat; -import java.text.ParseException; import java.util.ArrayList; import java.util.Arrays; -import java.util.Date; import java.util.HashSet; import java.util.List; -import java.util.Locale; import java.util.Set; +import java.util.function.Consumer; /* * @test * @bug 8134708 * @summary Check if LDAP resources from CRLDP and AIA extensions can be loaded - * @run main/othervm ExtensionsWithLDAP + * @run main/othervm ExtensionsWithLDAP CRLDP ldap.host.for.crldp + * @run main/othervm ExtensionsWithLDAP AIA ldap.host.for.aia */ public class ExtensionsWithLDAP { @@ -125,29 +126,18 @@ + "hnxn9+e0Ah+t8dS5EKfn44w5bI5PCu2bqxs6RCTxNjcY\n" + "-----END CERTIFICATE-----"; - - private static final String LDAP_HOST_CRLDP = "ldap.host.for.crldp"; - private static final String LDAP_HOST_AIA = "ldap.host.for.aia"; + public static void main(String[] args) throws Exception { + String extension = args[0]; + String targetHost = args[1]; - // a date within the certificates validity period - static final Date validationDate; - static { - try { - validationDate = DateFormat.getDateInstance( - DateFormat.MEDIUM, Locale.US).parse("Sep 02, 2015"); - } catch (ParseException e) { - throw new RuntimeException("Couldn't parse date", e); - } - } - - public static void main(String[] args) throws Exception { // enable CRLDP and AIA extensions System.setProperty("com.sun.security.enableCRLDP", "true"); System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); - // register a local name service - String hostsFileName = System.getProperty("test.src", ".") + "/ExtensionsWithLDAPHosts"; - System.setProperty("jdk.net.hosts.file", hostsFileName); + Path hostsFilePath = Paths.get(System.getProperty("test.src", ".") + + File.separator + extension); + System.setProperty("jdk.net.hosts.file", + hostsFilePath.toFile().getAbsolutePath()); X509Certificate trustedCert = loadCertificate(CA_CERT); X509Certificate eeCert = loadCertificate(EE_CERT); @@ -158,31 +148,29 @@ CertPath cp = (CertPath) CertificateFactory.getInstance("X509") .generateCertPath(Arrays.asList(eeCert)); - PKIXParameters params = new PKIXParameters(trustedCertsSet); - params.setDate(validationDate); - - // certpath validator should try to parse CRLDP and AIA extensions, - // and load CRLs/certs which they point to - // if a local name service catched requests for resolving host names - // which extensions contain, then it means that certpath validator - // tried to load CRLs/certs which they point to - try { - CertPathValidator.getInstance("PKIX").validate(cp, params); + // CertPath validator should try to parse CRLDP and AIA extensions, + // and load CRLs/certs which they point to. + // If proxy server catches requests for resolving host names + // which extensions contain, then it means that CertPath validator + // tried to load CRLs/certs which they point to. + List hosts = new ArrayList<>(); + Consumer socketConsumer = (Socket socket) -> { + InetSocketAddress remoteAddress + = (InetSocketAddress) socket.getRemoteSocketAddress(); + hosts.add(remoteAddress.getHostName()); + }; + try (SocksProxy proxy = SocksProxy.startProxy(socketConsumer)) { + CertPathValidator.getInstance("PKIX").validate(cp, + new PKIXParameters(trustedCertsSet)); throw new RuntimeException("CertPathValidatorException not thrown"); } catch (CertPathValidatorException cpve) { System.out.println("Expected exception: " + cpve); } - // check if it tried to resolve a host name from CRLDP extension - if (!LocalNameService.requestedHosts.contains(LDAP_HOST_CRLDP)) { + if (!hosts.contains(targetHost)) { throw new RuntimeException( - "A hostname from CRLDP extension not requested"); - } - - // check if it tried to resolve a host name from AIA extension - if (!LocalNameService.requestedHosts.contains(LDAP_HOST_AIA)) { - throw new RuntimeException( - "A hostname from AIA extension not requested"); + String.format("The %s from %s extension is not requested", + targetHost, extension)); } System.out.println("Test passed"); @@ -192,15 +180,9 @@ public static X509Certificate loadCertificate(String s) throws IOException, CertificateException { - try (StringBufferInputStream is = new StringBufferInputStream(s)) { + try (ByteArrayInputStream is = new ByteArrayInputStream(s.getBytes())) { return (X509Certificate) CertificateFactory.getInstance("X509") .generateCertificate(is); } } - - // a local name service which log requested host names - public static class LocalNameService { - - static final List requestedHosts = new ArrayList<>(); - } - } +}