diff -r d66b18f52418 -r fe4b337b636e jdk/test/sun/security/provider/certpath/PKIXCertPathValidator/Validity.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/provider/certpath/PKIXCertPathValidator/Validity.java Wed Mar 12 08:55:35 2014 -0700 @@ -0,0 +1,134 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + +/** + * @test + * @bug 8021804 + * @summary CertPath should validate even if the validity period of the + * root cert does not include the validity period of a subordinate + * cert. + */ + +import java.io.ByteArrayInputStream; +import java.security.cert.*; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashSet; +import java.util.Set; + +public class Validity { + + /* + * Subject: OU=TestOrg, CN=TestCA + * Issuer: OU=TestOrg, CN=TestCA + * Validity + * Not Before: Feb 26 21:33:55 2014 GMT + Not After : Feb 26 21:33:55 2024 GMT + * Version 1 + */ + static String CACertStr = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBvTCCASYCCQCQRiTo4lBCFjANBgkqhkiG9w0BAQUFADAjMRAwDgYDVQQLDAdU\n" + + "ZXN0T3JnMQ8wDQYDVQQDDAZUZXN0Q0EwHhcNMTQwMjI2MjEzMzU1WhcNMjQwMjI2\n" + + "MjEzMzU1WjAjMRAwDgYDVQQLDAdUZXN0T3JnMQ8wDQYDVQQDDAZUZXN0Q0EwgZ8w\n" + + "DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOtKS4ZrsM3ansd61ZxitcrN0w184I+A\n" + + "z0kyrSP1eMtlam+cC2U91NpTz11FYV4XUfBhqqxaXW043AWTUer8pS90Pt4sCrUX\n" + + "COx1+QA1M3ZhbZ4sTM7XQ90JbGaBJ/sEza9mlQP7hQ2yQO/hATKbP6J5qvgG2sT2\n" + + "S2WYjEgwNwmFAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAQ/CXEpnx2WY4LJtv4jwE\n" + + "4jIVirur3pdzV5oBhPyqqHMsyhQBkukCfX7uD7L5wN1+xuM81DfANpIxlnUfybp5\n" + + "CpjcmktLpmyK4kJ6XnSd2blbLOIpsr9x6FqxPxpVDlyw/ySHYrIG/GZdsLHgmzGn\n" + + "B06jeYzH8OLf879VxAxSsPc=\n" + + "-----END CERTIFICATE-----"; + + /* + * Subject: OU=TestOrg, CN=TestEE0 + * Issuer: OU=TestOrg, CN=TestCA + * Validity + * Not Before: Feb 26 22:55:12 2014 GMT + * Not After : Feb 25 22:55:12 2025 GMT + * Version 1 + */ + static String EECertStr = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBtjCCAR8CAQQwDQYJKoZIhvcNAQEFBQAwIzEQMA4GA1UECwwHVGVzdE9yZzEP\n" + + "MA0GA1UEAwwGVGVzdENBMB4XDTE0MDIyNjIyNTUxMloXDTI1MDIyNTIyNTUxMlow\n" + + "JDEQMA4GA1UECwwHVGVzdE9yZzEQMA4GA1UEAwwHVGVzdEVFMDCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAt8xz9W3ruCTHjSOtTX6cxsUZ0nRP6EavEfzgcOYh\n" + + "CXGA0gr+viSHq3c2vQBxiRny2hm5rLcqpPo+2OxZtw/ajxfyrV6d/r8YyQLBvyl3\n" + + "xdCZdOkG1DCM1oFAQDaSRt9wN5Zm5kyg7uMig5Y4L45fP9Yee4x6Xyh36qYbsR89\n" + + "rFMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQDZrPqSo08va1m9TOWOztTuWilGdjK/\n" + + "2Ed2WXg8utIpy6uAV+NaOYtHQ7ULQBVRNmwg9nKghbVbh+E/xpoihjl1x7OXass4\n" + + "TbwXA5GKFIFpNtDvATQ/QQZoCuCzw1FW/mH0Q7UEQ/9/iJdDad6ebkapeMwtj/8B\n" + + "s2IZV7s85CEOXw==\n" + + "-----END CERTIFICATE-----"; + + public static void main(String[] args) throws Exception { + + String[] certStrs = {EECertStr}; + String[] trustedCertStrs = {CACertStr}; + runTest(certStrs, trustedCertStrs); + + System.out.println("Test passed."); + } + + private static void runTest(String[] certStrs, + String[] trustedCertStrs) + throws Exception { + + CertificateFactory cf = CertificateFactory.getInstance("X509"); + + // Generate the CertPath from the certs named in certStrs + ArrayList certs = new ArrayList<>(); + for (String certStr : certStrs) { + certs.add(generateCert(certStr, cf)); + } + CertPath cp = cf.generateCertPath(certs); + + // Generate the set of Trust Anchors from the certs named in + // trustedCertStrs + Set trustAnchors = new HashSet<>(); + for (String trustedCertStr : trustedCertStrs) { + TrustAnchor ta = new TrustAnchor(generateCert(trustedCertStr, cf), + null); + trustAnchors.add(ta); + } + PKIXParameters params = new PKIXParameters(trustAnchors); + params.setDate(new Date(114, 3, 1)); // 2014-03-01 + params.setRevocationEnabled(false); + + // Attempt to validate the CertPath. If no exception thrown, successful. + CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); + cpv.validate(cp, params); + System.out.println("CertPath validation successful."); + } + + private static X509Certificate generateCert(String certStr, + CertificateFactory cf) + throws Exception { + ByteArrayInputStream stream + = new ByteArrayInputStream(certStr.getBytes()); + return (X509Certificate) cf.generateCertificate(stream); + + } +}