# HG changeset patch # User rhalade # Date 1513135239 28800 # Node ID 472f74fb6c6bee76aa002d0083810f4443d424ac # Parent 971d83666b2366459ca8958354b09fcd6c9f7428 8189131: Open-source the Oracle JDK Root Certificates Summary: Integration for JEP 319: Root Certificates Reviewed-by: mullan, simonis, jnimeh, alanb diff -r 971d83666b23 -r 472f74fb6c6b src/java.base/share/lib/security/cacerts Binary file src/java.base/share/lib/security/cacerts has changed diff -r 971d83666b23 -r 472f74fb6c6b test/jdk/TEST.groups --- a/test/jdk/TEST.groups Tue Dec 12 15:43:48 2017 -0800 +++ b/test/jdk/TEST.groups Tue Dec 12 19:20:39 2017 -0800 @@ -202,6 +202,9 @@ :jdk_security3 \ :jdk_security4 +jdk_security_infra = \ + security/infra/java/security/cert/CertPathValidator/certification + jdk_text = \ java/text \ sun/text diff -r 971d83666b23 -r 472f74fb6c6b test/jdk/lib/security/cacerts/VerifyCACerts.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/lib/security/cacerts/VerifyCACerts.java Tue Dec 12 19:20:39 2017 -0800 @@ -0,0 +1,314 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8189131 + * @requires java.runtime.name ~= "OpenJDK.*" + * @summary Check root CA entries in cacerts file + */ +import java.io.File; +import java.io.FileInputStream; +import java.security.KeyStore; +import java.security.MessageDigest; +import java.security.cert.*; +import java.util.*; + +public class VerifyCACerts { + + private static final String CACERTS + = System.getProperty("java.home") + File.separator + "lib" + + File.separator + "security" + File.separator + "cacerts"; + + private static final String BASE = System.getProperty("test.src", "./"); + + // The numbers of certs now. + private static final int COUNT = 80; + + // map of cert alias to SHA-256 fingerprint + private static final Map FINGERPRINT_MAP + = new HashMap() {{ + put("actalisauthenticationrootca [jdk]", + "55:92:60:84:EC:96:3A:64:B9:6E:2A:BE:01:CE:0B:A8:6A:64:FB:FE:BC:C7:AA:B5:AF:C1:55:B3:7F:D7:60:66"); + put("buypassclass2ca [jdk]", + "9A:11:40:25:19:7C:5B:B9:5D:94:E6:3D:55:CD:43:79:08:47:B6:46:B2:3C:DF:11:AD:A4:A0:0E:FF:15:FB:48"); + put("buypassclass3ca [jdk]", + "ED:F7:EB:BC:A2:7A:2A:38:4D:38:7B:7D:40:10:C6:66:E2:ED:B4:84:3E:4C:29:B4:AE:1D:5B:93:32:E6:B2:4D"); + put("camerfirmachambersca [jdk]", + "06:3E:4A:FA:C4:91:DF:D3:32:F3:08:9B:85:42:E9:46:17:D8:93:D7:FE:94:4E:10:A7:93:7E:E2:9D:96:93:C0"); + put("camerfirmachambersignca [jdk]", + "13:63:35:43:93:34:A7:69:80:16:A0:D3:24:DE:72:28:4E:07:9D:7B:52:20:BB:8F:BD:74:78:16:EE:BE:BA:CA"); + put("camerfirmachamberscommerceca [jdk]", + "0C:25:8A:12:A5:67:4A:EF:25:F2:8B:A7:DC:FA:EC:EE:A3:48:E5:41:E6:F5:CC:4E:E6:3B:71:B3:61:60:6A:C3"); + put("certumca [jdk]", + "D8:E0:FE:BC:1D:B2:E3:8D:00:94:0F:37:D2:7D:41:34:4D:99:3E:73:4B:99:D5:65:6D:97:78:D4:D8:14:36:24"); + put("certumtrustednetworkca [jdk]", + "5C:58:46:8D:55:F5:8E:49:7E:74:39:82:D2:B5:00:10:B6:D1:65:37:4A:CF:83:A7:D4:A3:2D:B7:68:C4:40:8E"); + put("chunghwaepkirootca [jdk]", + "C0:A6:F4:DC:63:A2:4B:FD:CF:54:EF:2A:6A:08:2A:0A:72:DE:35:80:3E:2F:F5:FF:52:7A:E5:D8:72:06:DF:D5"); + put("comodorsaca [jdk]", + "52:F0:E1:C4:E5:8E:C6:29:29:1B:60:31:7F:07:46:71:B8:5D:7E:A8:0D:5B:07:27:34:63:53:4B:32:B4:02:34"); + put("comodoaaaca [jdk]", + "D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4"); + put("comodoeccca [jdk]", + "17:93:92:7A:06:14:54:97:89:AD:CE:2F:8F:34:F7:F0:B6:6D:0F:3A:E3:A3:B8:4D:21:EC:15:DB:BA:4F:AD:C7"); + put("usertrustrsaca [jdk]", + "E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2"); + put("usertrusteccca [jdk]", + "4F:F4:60:D5:4B:9C:86:DA:BF:BC:FC:57:12:E0:40:0D:2B:ED:3F:BC:4D:4F:BD:AA:86:E0:6A:DC:D2:A9:AD:7A"); + put("utnuserfirstobjectca [jdk]", + "6F:FF:78:E4:00:A7:0C:11:01:1C:D8:59:77:C4:59:FB:5A:F9:6A:3D:F0:54:08:20:D0:F4:B8:60:78:75:E5:8F"); + put("utnuserfirstclientauthemailca [jdk]", + "43:F2:57:41:2D:44:0D:62:74:76:97:4F:87:7D:A8:F1:FC:24:44:56:5A:36:7A:E6:0E:DD:C2:7A:41:25:31:AE"); + put("utnuserfirsthardwareca [jdk]", + "6E:A5:47:41:D0:04:66:7E:ED:1B:48:16:63:4A:A3:A7:9E:6E:4B:96:95:0F:82:79:DA:FC:8D:9B:D8:81:21:37"); + put("addtrustclass1ca [jdk]", + "8C:72:09:27:9A:C0:4E:27:5E:16:D0:7F:D3:B7:75:E8:01:54:B5:96:80:46:E3:1F:52:DD:25:76:63:24:E9:A7"); + put("addtrustexternalca [jdk]", + "68:7F:A4:51:38:22:78:FF:F0:C8:B1:1F:8D:43:D5:76:67:1C:6E:B2:BC:EA:B4:13:FB:83:D9:65:D0:6D:2F:F2"); + put("addtrustqualifiedca [jdk]", + "80:95:21:08:05:DB:4B:BC:35:5E:44:28:D8:FD:6E:C2:CD:E3:AB:5F:B9:7A:99:42:98:8E:B8:F4:DC:D0:60:16"); + put("baltimorecybertrustca [jdk]", + "16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB"); + put("baltimorecodesigningca [jdk]", + "A9:15:45:DB:D2:E1:9C:4C:CD:F9:09:AA:71:90:0D:18:C7:35:1C:89:B3:15:F0:F1:3D:05:C1:3A:8F:FB:46:87"); + put("digicertglobalrootca [jdk]", + "43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61"); + put("digicertglobalrootg2 [jdk]", + "CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F"); + put("digicertglobalrootg3 [jdk]", + "31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0"); + put("digicerttrustedrootg4 [jdk]", + "55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88"); + put("digicertassuredidrootca [jdk]", + "3E:90:99:B5:01:5E:8F:48:6C:00:BC:EA:9D:11:1E:E7:21:FA:BA:35:5A:89:BC:F1:DF:69:56:1E:3D:C6:32:5C"); + put("digicertassuredidg2 [jdk]", + "7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85"); + put("digicertassuredidg3 [jdk]", + "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2"); + put("digicerthighassuranceevrootca [jdk]", + "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF"); + put("equifaxsecureca [jdk]", + "08:29:7A:40:47:DB:A2:36:80:C7:31:DB:6E:31:76:53:CA:78:48:E1:BE:BD:3A:0B:01:79:A7:07:F9:2C:F1:78"); + put("equifaxsecureebusinessca1 [jdk]", + "2E:3A:2B:B5:11:25:05:83:6C:A8:96:8B:E2:CB:37:27:CE:9B:56:84:5C:6E:E9:8E:91:85:10:4A:FB:9A:F5:96"); + put("equifaxsecureglobalebusinessca1 [jdk]", + "86:AB:5A:65:71:D3:32:9A:BC:D2:E4:E6:37:66:8B:A8:9C:73:1E:C2:93:B6:CB:A6:0F:71:63:40:A0:91:CE:AE"); + put("geotrustglobalca [jdk]", + "FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A"); + put("geotrustprimaryca [jdk]", + "37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C"); + put("geotrustprimarycag2 [jdk]", + "5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66"); + put("geotrustprimarycag3 [jdk]", + "B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E:E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4"); + put("geotrustuniversalca [jdk]", + "A0:45:9B:9F:63:B2:25:59:F5:FA:5D:4C:6D:B3:F9:F7:2F:F1:93:42:03:35:78:F0:73:BF:1D:1B:46:CB:B9:12"); + put("gtecybertrustglobalca [jdk]", + "A5:31:25:18:8D:21:10:AA:96:4B:02:C7:B7:C6:DA:32:03:17:08:94:E5:FB:71:FF:FB:66:67:D5:E6:81:0A:36"); + put("thawteprimaryrootca [jdk]", + "8D:72:2F:81:A9:C1:13:C0:79:1D:F1:36:A2:96:6D:B2:6C:95:0A:97:1D:B4:6B:41:99:F4:EA:54:B7:8B:FB:9F"); + put("thawteprimaryrootcag2 [jdk]", + "A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57"); + put("thawteprimaryrootcag3 [jdk]", + "4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C"); + put("thawtepremiumserverca [jdk]", + "3F:9F:27:D5:83:20:4B:9E:09:C8:A3:D2:06:6C:4B:57:D3:A2:47:9C:36:93:65:08:80:50:56:98:10:5D:BC:E9"); + put("verisigntsaca [jdk]", + "CB:6B:05:D9:E8:E5:7C:D8:82:B1:0B:4D:B7:0D:E4:BB:1D:E4:2B:A4:8A:7B:D0:31:8B:63:5B:F6:E7:78:1A:9D"); + put("verisignclass1ca [jdk]", + "51:84:7C:8C:BD:2E:9A:72:C9:1E:29:2D:2A:E2:47:D7:DE:1E:3F:D2:70:54:7A:20:EF:7D:61:0F:38:B8:84:2C"); + put("verisignclass1g2ca [jdk]", + "34:1D:E9:8B:13:92:AB:F7:F4:AB:90:A9:60:CF:25:D4:BD:6E:C6:5B:9A:51:CE:6E:D0:67:D0:0E:C7:CE:9B:7F"); + put("verisignclass1g3ca [jdk]", + "CB:B5:AF:18:5E:94:2A:24:02:F9:EA:CB:C0:ED:5B:B8:76:EE:A3:C1:22:36:23:D0:04:47:E4:F3:BA:55:4B:65"); + put("verisignclass2g2ca [jdk]", + "3A:43:E2:20:FE:7F:3E:A9:65:3D:1E:21:74:2E:AC:2B:75:C2:0F:D8:98:03:05:BC:50:2C:AF:8C:2D:9B:41:A1"); + put("verisignclass2g3ca [jdk]", + "92:A9:D9:83:3F:E1:94:4D:B3:66:E8:BF:AE:7A:95:B6:48:0C:2D:6C:6C:2A:1B:E6:5D:42:36:B6:08:FC:A1:BB"); + put("verisignclass3ca [jdk]", + "A4:B6:B3:99:6F:C2:F3:06:B3:FD:86:81:BD:63:41:3D:8C:50:09:CC:4F:A3:29:C2:CC:F0:E2:FA:1B:14:03:05"); + put("verisignclass3g2ca [jdk]", + "83:CE:3C:12:29:68:8A:59:3D:48:5F:81:97:3C:0F:91:95:43:1E:DA:37:CC:5E:36:43:0E:79:C7:A8:88:63:8B"); + put("verisignuniversalrootca [jdk]", + "23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C"); + put("verisignclass3g3ca [jdk]", + "EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44"); + put("verisignclass3g4ca [jdk]", + "69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60:32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79"); + put("verisignclass3g5ca [jdk]", + "9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF"); + put("certplusclass2primaryca [jdk]", + "0F:99:3C:8A:EF:97:BA:AF:56:87:14:0E:D5:9A:D1:82:1B:B4:AF:AC:F0:AA:9A:58:B5:D5:7A:33:8A:3A:FB:CB"); + put("certplusclass3pprimaryca [jdk]", + "CC:C8:94:89:37:1B:AD:11:1C:90:61:9B:EA:24:0A:2E:6D:AD:D9:9F:9F:6E:1D:4D:41:E5:8E:D6:DE:3D:02:85"); + put("keynectisrootca [jdk]", + "42:10:F1:99:49:9A:9A:C3:3C:8D:E0:2B:A6:DB:AA:14:40:8B:DD:8A:6E:32:46:89:C1:92:2D:06:97:15:A3:32"); + put("dtrustclass3ca2 [jdk]", + "49:E7:A4:42:AC:F0:EA:62:87:05:00:54:B5:25:64:B6:50:E4:F4:9E:42:E3:48:D6:AA:38:E0:39:E9:57:B1:C1"); + put("dtrustclass3ca2ev [jdk]", + "EE:C5:49:6B:98:8C:E9:86:25:B9:34:09:2E:EC:29:08:BE:D0:B0:F3:16:C2:D4:73:0C:84:EA:F1:F3:D3:48:81"); + put("identrustdstx3 [jdk]", + "06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39"); + put("identrustpublicca [jdk]", + "30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F"); + put("identrustcommercial [jdk]", + "5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE"); + put("letsencryptisrgx1 [jdk]", + "96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6"); + put("luxtrustglobalrootca [jdk]", + "A1:B2:DB:EB:64:E7:06:C6:16:9E:3C:41:18:B2:3B:AA:09:01:8A:84:27:66:6D:8B:F0:E2:88:91:EC:05:19:50"); + put("quovadisrootca [jdk]", + "A4:5E:DE:3B:BB:F0:9C:8A:E1:5C:72:EF:C0:72:68:D6:93:A2:1C:99:6F:D5:1E:67:CA:07:94:60:FD:6D:88:73"); + put("quovadisrootca1g3 [jdk]", + "8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74"); + put("quovadisrootca2 [jdk]", + "85:A0:DD:7D:D7:20:AD:B7:FF:05:F8:3D:54:2B:20:9D:C7:FF:45:28:F7:D6:77:B1:83:89:FE:A5:E5:C4:9E:86"); + put("quovadisrootca2g3 [jdk]", + "8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40"); + put("quovadisrootca3 [jdk]", + "18:F1:FC:7F:20:5D:F8:AD:DD:EB:7F:E0:07:DD:57:E3:AF:37:5A:9C:4D:8D:73:54:6B:F4:F1:FE:D1:E1:8D:35"); + put("quovadisrootca3g3 [jdk]", + "88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46"); + put("secomscrootca1 [jdk]", + "E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C"); + put("secomscrootca2 [jdk]", + "51:3B:2C:EC:B8:10:D4:CD:E5:DD:85:39:1A:DF:C6:C2:DD:60:D8:7B:B7:36:D2:B5:21:48:4A:A4:7A:0E:BE:F6"); + put("secomevrootca1 [jdk]", + "A2:2D:BA:68:1E:97:37:6E:2D:39:7D:72:8A:AE:3A:9B:62:96:B9:FD:BA:60:BC:2E:11:F6:47:F2:C6:75:FB:37"); + put("swisssigngoldg2ca [jdk]", + "62:DD:0B:E9:B9:F5:0A:16:3E:A0:F8:E7:5C:05:3B:1E:CA:57:EA:55:C8:68:8F:64:7C:68:81:F2:C8:35:7B:95"); + put("swisssignplatinumg2ca [jdk]", + "3B:22:2E:56:67:11:E9:92:30:0D:C0:B1:5A:B9:47:3D:AF:DE:F8:C8:4D:0C:EF:7D:33:17:B4:C1:82:1D:14:36"); + put("swisssignsilverg2ca [jdk]", + "BE:6C:4D:A2:BB:B9:BA:59:B6:F3:93:97:68:37:42:46:C3:C0:05:99:3F:A9:8F:02:0D:1D:ED:BE:D4:8A:81:D5"); + put("soneraclass2ca [jdk]", + "79:08:B4:03:14:C1:38:10:0B:51:8D:07:35:80:7F:FB:FC:F8:51:8A:00:95:33:71:05:BA:38:6B:15:3D:D9:27"); + put("securetrustca [jdk]", + "F1:C1:B5:0A:E5:A2:0D:D8:03:0E:C9:F6:BC:24:82:3D:D3:67:B5:25:57:59:B4:E7:1B:61:FC:E9:F7:37:5D:73"); + put("xrampglobalca [jdk]", + "CE:CD:DC:90:50:99:D8:DA:DF:C5:B1:D2:09:B7:37:CB:E2:C1:8C:FB:2C:10:C0:FF:0B:CF:0D:32:86:FC:1A:A2"); + }}; + + // Ninety days in milliseconds + private static final long NINETY_DAYS = 7776000000L; + + private static boolean atLeastOneFailed = false; + + private static MessageDigest md; + + public static void main(String[] args) throws Exception { + System.out.println("cacerts file: " + CACERTS); + md = MessageDigest.getInstance("SHA-256"); + KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(new FileInputStream(CACERTS), "changeit".toCharArray()); + + // check the count of certs inside + if (ks.size() != COUNT) { + atLeastOneFailed = true; + System.err.println("ERROR: " + ks.size() + " entries, should be " + + COUNT); + } + + // check that all entries in the map are in the keystore + for (String alias : FINGERPRINT_MAP.keySet()) { + if (!ks.isCertificateEntry(alias)) { + atLeastOneFailed = true; + System.err.println("ERROR: " + alias + " is not in cacerts"); + } + } + + // pull all the trusted self-signed CA certs out of the cacerts file + // and verify their signatures + Enumeration aliases = ks.aliases(); + while (aliases.hasMoreElements()) { + String alias = aliases.nextElement(); + System.out.println("\nVerifying " + alias); + if (!ks.isCertificateEntry(alias)) { + atLeastOneFailed = true; + System.err.println("ERROR: " + alias + + " is not a trusted cert entry"); + } + X509Certificate cert = (X509Certificate) ks.getCertificate(alias); + if (!checkFingerprint(alias, cert)) { + atLeastOneFailed = true; + System.err.println("ERROR: " + alias + " SHA-256 fingerprint is incorrect"); + } + // Make sure cert can be self-verified + try { + cert.verify(cert.getPublicKey()); + } catch (Exception e) { + atLeastOneFailed = true; + System.err.println("ERROR: cert cannot be verified:" + + e.getMessage()); + } + + // Make sure cert is not expired or not yet valid + try { + cert.checkValidity(); + } catch (CertificateExpiredException cee) { + atLeastOneFailed = true; + System.err.println("ERROR: cert is expired"); + } catch (CertificateNotYetValidException cne) { + atLeastOneFailed = true; + System.err.println("ERROR: cert is not yet valid"); + } + + // If cert is within 90 days of expiring, mark as failure so + // that cert can be scheduled to be removed/renewed. + Date notAfter = cert.getNotAfter(); + if (notAfter.getTime() - System.currentTimeMillis() < NINETY_DAYS) { + atLeastOneFailed = true; + System.err.println("WARNING: cert will expire within 90 days"); + } + } + + if (atLeastOneFailed) { + throw new Exception("At least one cacert test failed"); + } + } + + private static boolean checkFingerprint(String alias, Certificate cert) + throws Exception { + String fingerprint = FINGERPRINT_MAP.get(alias); + if (fingerprint == null) { + // no entry for alias + return true; + } + System.out.println("Checking fingerprint of " + alias); + byte[] digest = md.digest(cert.getEncoded()); + return fingerprint.equals(toHexString(digest)); + } + + private static String toHexString(byte[] block) { + StringBuilder buf = new StringBuilder(); + int len = block.length; + for (int i = 0; i < len; i++) { + buf.append(String.format("%02X", block[i])); + if (i < len - 1) { + buf.append(":"); + } + } + return buf.toString(); + } +} diff -r 971d83666b23 -r 472f74fb6c6b test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java Tue Dec 12 19:20:39 2017 -0800 @@ -0,0 +1,253 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + /* + * @test + * @bug 8189131 + * @summary Interoperability tests with Actalis CA + * @build ValidatePathWithParams + * @run main/othervm/timeout=180 -Djava.security.debug=certpath ActalisCA OCSP + * @run main/othervm/timeout=180 -Djava.security.debug=certpath ActalisCA CRL + */ + + /* + * Obtain test artifacts for Actalis CA from: + * + * Test web site with *active *TLS Server certificate: + * https://ssltest-a.actalis.it:8443 + * If doesn't work then use certificate of https://www.actalis.it + * + * Test web site with *revoked *TLS Server certificate: + * https://ssltest-r.actalis.it:8444 + * + * Test web site with *expired *TLS Server certificate: + * https://ssltest-e.actalis.it:8445 + */ +public class ActalisCA { + + // Owner: CN=Actalis Extended Validation Server CA G1, + // O=Actalis S.p.A./03358520967, L=Milano, ST=Milano, C=IT + // Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, + // L=Milan, C=IT + private static final String INT_VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIGTDCCBDSgAwIBAgIIMtYr/GdQGsswDQYJKoZIhvcNAQELBQAwazELMAkGA1UE\n" + + "BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w\n" + + "MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290\n" + + "IENBMB4XDTE1MDUxNDA3MDAzOFoXDTMwMDUxNDA3MDAzOFowgYcxCzAJBgNVBAYT\n" + + "AklUMQ8wDQYDVQQIDAZNaWxhbm8xDzANBgNVBAcMBk1pbGFubzEjMCEGA1UECgwa\n" + + "QWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxMTAvBgNVBAMMKEFjdGFsaXMgRXh0\n" + + "ZW5kZWQgVmFsaWRhdGlvbiBTZXJ2ZXIgQ0EgRzEwggEiMA0GCSqGSIb3DQEBAQUA\n" + + "A4IBDwAwggEKAoIBAQD1Ygc1CwmqXqjd3dTEKMLUwGdb/3+00ytg0uBb4RB+89/O\n" + + "4K/STFZcGUjcCq6Job5cmxZBGyRRBYfCEn4vg8onedFztkO0NvD04z4wLFyxjSRT\n" + + "bcMm2d+/Xci5XLA3Q9wG8TGzHTVQKmdvFpQ7b7EsmOc0uXA7w3UGhLjb2EYpu/Id\n" + + "uZ1LUTyEOHc3XHXI3a3udkRBDs/bObTcbte80DPbNetRFB+jHbIw5sH171IeBFGN\n" + + "PB92Iebp01yE8g3X9RqPXrrV7ririEtwFMYp+KgA8BRHxsoNV3xZmhdzJm0AMzC2\n" + + "waLM3H562xPM0UntAYh2pRrAUUtgURRizCT1kr6tAgMBAAGjggHVMIIB0TBBBggr\n" + + "BgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9vY3NwMDUuYWN0YWxpcy5p\n" + + "dC9WQS9BVVRILVJPT1QwHQYDVR0OBBYEFGHB5IYeTW10dLzZlzsxcXjLP5/cMA8G\n" + + "A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbtifN7OHCUyQICNtAw\n" + + "RQYDVR0gBD4wPDA6BgRVHSAAMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vd3d3LmFj\n" + + "dGFsaXMuaXQvYXJlYS1kb3dubG9hZDCB4wYDVR0fBIHbMIHYMIGWoIGToIGQhoGN\n" + + "bGRhcDovL2xkYXAwNS5hY3RhbGlzLml0L2NuJTNkQWN0YWxpcyUyMEF1dGhlbnRp\n" + + "Y2F0aW9uJTIwUm9vdCUyMENBLG8lM2RBY3RhbGlzJTIwUy5wLkEuJTJmMDMzNTg1\n" + + "MjA5NjcsYyUzZElUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5MD2g\n" + + "O6A5hjdodHRwOi8vY3JsMDUuYWN0YWxpcy5pdC9SZXBvc2l0b3J5L0FVVEgtUk9P\n" + + "VC9nZXRMYXN0Q1JMMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEA\n" + + "OD8D2Z2fw76+GIu+mDEgygH/y7F9K4I6rZOc3LqGBecO3C0fGcIuuG7APtxGGk7Y\n" + + "nk97Qt+3pDoek9EP65/1u128pRncZcjEAeMgKb7UuJxwoR6Sj5zhOadotKcCQqmF\n" + + "Si99ExNo6dTq5Eyp1KrqepLmezbO9owx4Q44mtNpfKLMgzDqOn/dwNMo/pGYbMfP\n" + + "DjhxEnta1HXgcEcgCk1Au16xkdzapwY4sXpKuwB24phfWF+cveKAQ0Rncmvrm34i\n" + + "9B6leZUkSHDe4mRkbO5nObhKHYRmVSr0Q/wvGCmTgGTKuw/Gj8+RFb5MEkOKEcJn\n" + + "I32CPohpiW/jlpeLaFBIgJnXuZTxmfTX55sqtXDlKxRxFwq1W3kML4UfGZsgjx1l\n" + + "hX5fQ1QlEZeO9CyPpgGO5Py2KXXKhUxCtF7tawAYimWwslxvPCjHDND/WhM1Fz9e\n" + + "2yqwHcSQAOUVv5mk9uYc6/NSLwLb5in3R728GNEpHHhbx5QZhtdqR8mb56uJUDKI\n" + + "AwnnZckcR+SLGL2Agx7hY7YCMOQhSsO6PA81M/mGW2hGCiZw3GULJe9ejL/vdS0I\n" + + "PWrp7YLnXUa6mtXVSBKGrVrlbpJaN10+fB4Yrlk4O2sF4WNUAHMBn9T+zOXaBAhj\n" + + "vNlMU7+elLkTcKIB7qJJuSZChxzoevM2ciO3BpGuRxg=\n" + + "-----END CERTIFICATE-----"; + + // Owner: OID.1.3.6.1.4.1.311.60.2.1.3=IT, STREET=Via S. Clemente 53, + // OID.2.5.4.15=Private Organization, CN=www.actalis.it, + // SERIALNUMBER=03358520967, O=Actalis S.p.A., L=Ponte San Pietro, ST=Bergamo, C=IT + // Issuer: CN=Actalis Extended Validation Server CA G1, + // O=Actalis S.p.A./03358520967, L=Milano, ST=Milano, C=IT + // Serial number: eeeee6d6463bde2 + // Valid from: Sat Jun 17 05:59:17 PDT 2017 until: Mon Jun 17 05:59:17 PDT 2019 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIHwTCCBqmgAwIBAgIIDu7ubWRjveIwDQYJKoZIhvcNAQELBQAwgYcxCzAJBgNV\n" + + "BAYTAklUMQ8wDQYDVQQIDAZNaWxhbm8xDzANBgNVBAcMBk1pbGFubzEjMCEGA1UE\n" + + "CgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxMTAvBgNVBAMMKEFjdGFsaXMg\n" + + "RXh0ZW5kZWQgVmFsaWRhdGlvbiBTZXJ2ZXIgQ0EgRzEwHhcNMTcwNjE3MTI1OTE3\n" + + "WhcNMTkwNjE3MTI1OTE3WjCB0zELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0Jlcmdh\n" + + "bW8xGTAXBgNVBAcMEFBvbnRlIFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMg\n" + + "Uy5wLkEuMRQwEgYDVQQFEwswMzM1ODUyMDk2NzEXMBUGA1UEAwwOd3d3LmFjdGFs\n" + + "aXMuaXQxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRswGQYDVQQJDBJW\n" + + "aWEgUy4gQ2xlbWVudGUgNTMxEzARBgsrBgEEAYI3PAIBAxMCSVQwggEiMA0GCSqG\n" + + "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwZ3++4pQYGfhXSqin1CKRJ6SOqkTcX3O0\n" + + "6b4jZbSNomyqyn6aHOz6ztOlj++fPzxmIzErEySOTd3G0pr+iwpYQVdeg1Y27KL8\n" + + "OiwwUrlV4ZMa8KKXr4BnWlDbFIo+eIcSew5V7CiodDyxpj9zjqJK497LF1jxgXtr\n" + + "IoMRwrh2Y0NbJCZGUCL30sQr/W4xBnO1+pi2DbCieGe/XoK8yEtx9FdnEFvyT9qn\n" + + "zYyrXvnTvfVSwzwtEIn+akjomI4WfCFLBF0M7v4dAHypfnPAAoW1c0BBqNB32zf0\n" + + "rYwNnD7UwZlcDihEYlgC70Dfy7bPsdq2spmOMk/VUqb3U0LHRVM3AgMBAAGjggPh\n" + + "MIID3TB9BggrBgEFBQcBAQRxMG8wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jYWNlcnQu\n" + + "YWN0YWxpcy5pdC9jZXJ0cy9hY3RhbGlzLWF1dGV2ZzEwMQYIKwYBBQUHMAGGJWh0\n" + + "dHA6Ly9vY3NwMDUuYWN0YWxpcy5pdC9WQS9BVVRIRVYtRzEwHQYDVR0OBBYEFK9y\n" + + "954QoY/5XV6TayD1gWVy0gQOMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUYcHk\n" + + "hh5NbXR0vNmXOzFxeMs/n9wwUAYDVR0gBEkwRzA8BgYrgR8BEQEwMjAwBggrBgEF\n" + + "BQcCARYkaHR0cHM6Ly93d3cuYWN0YWxpcy5pdC9hcmVhLWRvd25sb2FkMAcGBWeB\n" + + "DAEBMIHvBgNVHR8EgecwgeQwgaKggZ+ggZyGgZlsZGFwOi8vbGRhcDA1LmFjdGFs\n" + + "aXMuaXQvY24lM2RBY3RhbGlzJTIwRXh0ZW5kZWQlMjBWYWxpZGF0aW9uJTIwU2Vy\n" + + "dmVyJTIwQ0ElMjBHMSxvJTNkQWN0YWxpcyUyMFMucC5BLi8wMzM1ODUyMDk2Nyxj\n" + + "JTNkSVQ/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwPaA7oDmGN2h0\n" + + "dHA6Ly9jcmwwNS5hY3RhbGlzLml0L1JlcG9zaXRvcnkvQVVUSEVWLUcxL2dldExh\n" + + "c3RDUkwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\n" + + "BQcDAjAZBgNVHREEEjAQgg53d3cuYWN0YWxpcy5pdDCCAX4GCisGAQQB1nkCBAIE\n" + + "ggFuBIIBagFoAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFc\n" + + "tiwHywAABAMARzBFAiEA7GC5/kja3l8cBw1/wBpHl/AKH6eL1MKpmICtf5G09c4C\n" + + "IBM887DQEwD2E4Xx/IP+33NMvUOhSwZ4XODgqFVXsz0wAHYA7ku9t3XOYLrhQmkf\n" + + "q+GeZqMPfl+wctiDAMR7iXqo/csAAAFctiwIqwAABAMARzBFAiEAwwiR95ozXdKs\n" + + "+uULfrzgENbHc2rLgGIac6ZMv0xHDLACIFLQVpvQBRQfys2KVRGHQKGxqAeghQZw\n" + + "9nJL+U5huzfaAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFc\n" + + "tiwMqwAABAMARzBFAiEAifV9ocxbO6b3I22jb2zxBvG2e83hXHitOhYXkHdSmZkC\n" + + "IDJLuPvGOczF9axgphImlUbT9dX3wRpjEi5IeV+pxMiYMA0GCSqGSIb3DQEBCwUA\n" + + "A4IBAQB5U6k1Onv9Y7POHGnUOI0ATHevbpbS/7r68DZQ6cRmDIpsZyjW6PxYs9nc\n" + + "3ob3Pjomm+S7StDl9ehI7rYLlZC52QlXlsq1fzEQ9xSkf+VSD70A91dPIFAdI/jQ\n" + + "aWvIUvQEbhfUZc0ihIple0VyWGH5bza0DLW+C8ttF8KqICUfL8S8mZgjbXvVg2fY\n" + + "HLW9lWR/Pkco2yRc8gZyr9FGkXOcmJ8aFaCuJnGm/IVRCieYp60If4DoAKz49xpF\n" + + "CF6RjOAJ//UGSp/ySjHMmT8PLO7NvhsT4XDDGTSeIYYpO++tbEIcLcjW9m2k5Gnh\n" + + "kmEenr0hdcpeLgsP3Fsy7JxyQNpL\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=Actalis Authentication CA G3, O=Actalis S.p.A./03358520967, L=Milano, ST=Milano, C=IT + // Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT + // SN: 741d584a 72fc06bc + // Valid from: Wed Feb 12 22:32:23 PST 2014 + // Valid till: Mon Feb 12 22:32:23 PST 2024 + private static final String INT_REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIGTTCCBDWgAwIBAgIIdB1YSnL8BrwwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE\n" + + "BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w\n" + + "MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290\n" + + "IENBMB4XDTE0MDIxMzE1MDIyM1oXDTI0MDIxMzE1MDIyM1owezELMAkGA1UEBhMC\n" + + "SVQxDzANBgNVBAgMBk1pbGFubzEPMA0GA1UEBwwGTWlsYW5vMSMwIQYDVQQKDBpB\n" + + "Y3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzElMCMGA1UEAwwcQWN0YWxpcyBBdXRo\n" + + "ZW50aWNhdGlvbiBDQSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" + + "AMzhDjmhNDym6ze3PegbIKmiavXpAjgVCZ344k1DOtdSCV6k3h3rqfHqFn3mrayA\n" + + "btmJ0NeC886WxUUsJwHJ3bOnNBQZIHxLV+1RVD/6TQqb6/bPJu4rDwEfhbJSmErc\n" + + "29wUJWqxXMhSAWTHi3Pq0vrkx59e5KTEyfB2kHo6InlR72sCCRdtCL9aDuDm8nYK\n" + + "pTSAJr36ultwME5NyCNSyN2JIK0wYbEi7MVNbp5KN9MusTp3cOMDoVBreYulmnEu\n" + + "TNazmoAv0K8oLS7iX7c9x+zGjUUAucFEuSlRn3sL6hFAiKjy4PDClvnyqQHBBdZr\n" + + "/3JOxAcgXv7aZ4/STeXeDXsCAwEAAaOCAeMwggHfMEEGCCsGAQUFBwEBBDUwMzAx\n" + + "BggrBgEFBQcwAYYlaHR0cDovL3BvcnRhbC5hY3RhbGlzLml0L1ZBL0FVVEgtUk9P\n" + + "VDAdBgNVHQ4EFgQUqqr9yowdTfEug+EG/PqO6g4jrj0wDwYDVR0TAQH/BAUwAwEB\n" + + "/zAfBgNVHSMEGDAWgBRS2Ig6yJ94Zu2J83s4cJTJAgI20DBUBgNVHSAETTBLMEkG\n" + + "BFUdIAAwQTA/BggrBgEFBQcCARYzaHR0cHM6Ly9wb3J0YWwuYWN0YWxpcy5pdC9S\n" + + "ZXBvc2l0b3J5L1BvbGljeS9TU0wvQ1BTMIHiBgNVHR8EgdowgdcwgZSggZGggY6G\n" + + "gYtsZGFwOi8vbGRhcC5hY3RhbGlzLml0L2NuJTNkQWN0YWxpcyUyMEF1dGhlbnRp\n" + + "Y2F0aW9uJTIwUm9vdCUyMENBLG8lM2RBY3RhbGlzJTIwUy5wLkEuJTJmMDMzNTg1\n" + + "MjA5NjcsYyUzZElUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5MD6g\n" + + "PKA6hjhodHRwOi8vcG9ydGFsLmFjdGFsaXMuaXQvUmVwb3NpdG9yeS9BVVRILVJP\n" + + "T1QvZ2V0TGFzdENSTDAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIB\n" + + "ABP93l+9QBgzHF0Clf3gMAelGqwXT25DwZVFIkBw6YyqOPcaqzw1XKHJJEMQ8xOp\n" + + "8uuiPLP/ObxEXBBvH7ofNW7nRUIzGsuLPhzdfJhdzilCVAvz4WRsX44nWOQS4Qu0\n" + + "npo7dbq/KxFUCUO9yNEJp6YxNloy8XFIlazkHFTKGJqoUpsGoc7B9YmPchhE2FPb\n" + + "OZiOCg4Y2Qp43UJfnENgZ3gJFh16juQE1uS8Q/JJI7ZzJfJ/W0uQoDnCprOPUpLF\n" + + "G03e0asFxwQqhL84Jvf7rJZaWvwydHP4hH47nzpHWEGXwfJLXXoO7LHgqVB7K9Ar\n" + + "Zf3pY0S/3Fs+AN/PrEY3Z3rb7ypQLRiot1oJLl8matiGEF4aFL5DDkr9wfRAZ8S8\n" + + "WT69vN68ENGgEwyeZSlQxn+4g6quHRav0fmF2fGnLaq7tteSPVocT7XaMEpkHqNs\n" + + "x1q/PJbr39s/1QVZtS9CrdoCr0QAnBaX//PPB6ansSLFcvEqM9QcV9xQZex88ToX\n" + + "nk3TcHtA0ezWJlCkg626MhdQZrhHbkauHfIGSOmCkn3zHp0BZQ6Vo7UOdRMT7QS7\n" + + "y7AkET9Qmapwh2CFUdCJSXklVRd+06XhhOB37NQU0pGJQJ3xjEPrILZ8kLhW3Tyq\n" + + "Iv30LW7MXZ4yQn/JHEZbuiOOb4R45hsPZxe6gOq/e+sf\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=ssltest-r.actalis.it, O=Actalis S.p.A., L=Ponte San Pietro, ST=Bergamo, C=IT + // Issuer: CN=Actalis Authentication CA G3, O=Actalis S.p.A./03358520967, L=Milano, ST=Milano, C=IT + // SN: 0455de97 5c71c96f + // Valid from: Thu Jan 28 16:23:52 PST 2016 + // Valid till: Mon Jan 28 16:23:52 PST 2019 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIFmDCCBICgAwIBAgIIBFXel1xxyW8wDQYJKoZIhvcNAQELBQAwezELMAkGA1UE\n" + + "BhMCSVQxDzANBgNVBAgMBk1pbGFubzEPMA0GA1UEBwwGTWlsYW5vMSMwIQYDVQQK\n" + + "DBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzElMCMGA1UEAwwcQWN0YWxpcyBB\n" + + "dXRoZW50aWNhdGlvbiBDQSBHMzAeFw0xNjAxMjkwODUzNTJaFw0xOTAxMjkwODUz\n" + + "NTJaMHIxCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdCZXJnYW1vMRkwFwYDVQQHDBBQ\n" + + "b250ZSBTYW4gUGlldHJvMRcwFQYDVQQKDA5BY3RhbGlzIFMucC5BLjEdMBsGA1UE\n" + + "AwwUc3NsdGVzdC1yLmFjdGFsaXMuaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\n" + + "ggEKAoIBAQClbzoXCvD21FD7Oy/TKZu4fmDFJrISrNfasLlC3krLHkgb1vg23Z1P\n" + + "+7rIymDgrJSzjvYmisl+VM7xXxTsyI2pp9Qp/uzTMAMML9ISd/s0LaMBiNN5iPyj\n" + + "W91gGzGe30Jc319afKwFBaveSv7NO3DWsmHw9koezWkKUug2dnQCVXk1uTSdobnq\n" + + "wOgwxdd86LpZnFLxBIYdU68S4vogAQZjdja/S1+tF6JnfvY6o/xRJmQckVtNmUs6\n" + + "Dj3KoN2o/8BEgSCYcJz8tfoZcVazVkWOp/u6moUnm1/IKSYNgtHnB1ub0fB2AttW\n" + + "Vi7cs3SG/tDMMP8yc1kWScWf8CYj/AI1AgMBAAGjggInMIICIzA/BggrBgEFBQcB\n" + + "AQQzMDEwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwMDMuYWN0YWxpcy5pdC9WQS9B\n" + + "VVRILUczMB0GA1UdDgQWBBRIKN5WmrjivlnT1rDzsH1WZ+PuvTAMBgNVHRMBAf8E\n" + + "AjAAMB8GA1UdIwQYMBaAFKqq/cqMHU3xLoPhBvz6juoOI649MGAGA1UdIARZMFcw\n" + + "SwYGK4EfARQBMEEwPwYIKwYBBQUHAgEWM2h0dHBzOi8vcG9ydGFsLmFjdGFsaXMu\n" + + "aXQvUmVwb3NpdG9yeS9Qb2xpY3kvU1NML0NQUzAIBgZngQwBAgIwgd8GA1UdHwSB\n" + + "1zCB1DCBlKCBkaCBjoaBi2xkYXA6Ly9sZGFwMDMuYWN0YWxpcy5pdC9jbiUzZEFj\n" + + "dGFsaXMlMjBBdXRoZW50aWNhdGlvbiUyMENBJTIwRzMsbyUzZEFjdGFsaXMlMjBT\n" + + "LnAuQS4lMmYwMzM1ODUyMDk2NyxjJTNkSVQ/Y2VydGlmaWNhdGVSZXZvY2F0aW9u\n" + + "TGlzdDtiaW5hcnkwO6A5oDeGNWh0dHA6Ly9jcmwwMy5hY3RhbGlzLml0L1JlcG9z\n" + + "aXRvcnkvQVVUSC1HMy9nZXRMYXN0Q1JMMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE\n" + + "FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0RBBgwFoIUc3NsdGVzdC1yLmFj\n" + + "dGFsaXMuaXQwDQYJKoZIhvcNAQELBQADggEBAHZLND53/CZoMlDtfln0ZByCEhoF\n" + + "/XtA9cYy2azRGgS/VY4WUccvg99MM50cwn5GPRsJpoaFXeDrjV3DkOUK1jERzjx4\n" + + "5y83K/AkCGe7uU17aS+tweETizBAfHNj78oHmZDmkDSEY2STaeuHNDJ9ft0v3QTb\n" + + "VW54R5W3OBU7L/sJoEUdRxzGN7vO82PboGvyApMCWDRLKE7bPP4genQtF3XPcaFl\n" + + "ekuSiEVYS+KnM2v9tCWHqw6x7raWHFB9w1kAKNwv0hbEJkeC+a2bCdPwv8hs//sa\n" + + "gUF4p61mIpf+5qmQ6gcZOClPWyrbYdQdfCvKgbEdKhwB0v5KS0NIRRn41SE=\n" + + "-----END CERTIFICATE-----"; + + public static void main(String[] args) throws Exception { + + ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + boolean ocspEnabled = false; + + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + pathValidator.enableCRLCheck(); + } else { + // OCSP check by default + pathValidator.enableOCSPCheck(); + ocspEnabled = true; + } + + // Validate valid + pathValidator.validate(new String[]{VALID, INT_VALID}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Revoked certificate is using SHA1 signature + if (ocspEnabled) { + // Revoked test certificate is expired + // and backdated revocation check is only possible with OCSP + pathValidator.setValidationDate("July 01, 2016"); + } + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT_REVOKED}, + ValidatePathWithParams.Status.REVOKED, + "Fri Jan 29 01:06:42 PST 2016", System.out); + + // reset validation date back to current date + pathValidator.resetValidationDate(); + } +} diff -r 971d83666b23 -r 472f74fb6c6b test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java Tue Dec 12 19:20:39 2017 -0800 @@ -0,0 +1,291 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + /* + * @test + * @bug 8189131 + * @summary Interoperability tests with Buypass Class 2 and Class 3 CA + * @build ValidatePathWithParams + * @run main/othervm/timeout=180 -Djava.security.debug=certpath BuypassCA OCSP + * @run main/othervm/timeout=180 -Djava.security.debug=certpath BuypassCA CRL + */ + + /* + * Obtain test artifacts for Buypass Class 2 and Class 3 CAs from: + * Class 2: + * https://valid.domainplus.ca22.ssl.buypass.no/CA2Class2 (valid) + * https://revoked.domainplus.ca22.ssl.buypass.no (revoked) + * + * Class3: + * https://valid.business.ca23.ssl.buypass.no (valid) + * https://revoked.business.ca23.ssl.buypass.no (revoked) + */ +public class BuypassCA { + + public static void main(String[] args) throws Exception { + + ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + + boolean ocspEnabled = true; + + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + pathValidator.enableCRLCheck(); + ocspEnabled = false; + } else { + // OCSP check by default + pathValidator.enableOCSPCheck(); + } + + new BuypassClass2().runTest(pathValidator); + new BuypassClass3().runTest(pathValidator, ocspEnabled); + } +} + +class BuypassClass2 { + + // Owner: CN=Buypass Class 2 CA 2, O=Buypass AS-983163327, C=NO + // Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO + private static final String INT_CLASS_2 = "-----BEGIN CERTIFICATE-----\n" + + "MIIFCzCCAvOgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd\n" + + "MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg\n" + + "Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjEwMTYxN1oXDTMwMTAyNjEwMTYxN1ow\n" + + "SzELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0w\n" + + "GwYDVQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMjCCASIwDQYJKoZIhvcNAQEBBQAD\n" + + "ggEPADCCAQoCggEBAJyrZ8aWSw0PkdLsyswzK/Ny/A5/uU6EqQ99c6omDMpI+yNo\n" + + "HjUO42ryrATs4YHla+xj+MieWyvz9HYaCnrGL0CE4oX8M7WzD+g8h6tUCS0AakJx\n" + + "dC5PBocUkjQGZ5ZAoF92ms6C99qfQXhHx7lBP/AZT8sCWP0chOf9/cNxCplspYVJ\n" + + "HkQjKN3VGa+JISavCcBqf33ihbPZ+RaLjOTxoaRaWTvlkFxHqsaZ3AsW71qSJwaE\n" + + "55l9/qH45vn5mPrHQJ8h5LjgQcN5KBmxUMoA2iT/VSLThgcgl+Iklbcv9rs6aaMC\n" + + "JH+zKbub+RyRijmyzD9YBr+ZTaowHvJs9G59uZMCAwEAAaOB9jCB8zAPBgNVHRMB\n" + + "Af8EBTADAQH/MB8GA1UdIwQYMBaAFMmAd+BikoL1RpzzuvdMw964o605MB0GA1Ud\n" + + "DgQWBBSSrWWJsgAPy1ENwSPslE6PwQQ/dzAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0g\n" + + "BAowCDAGBgRVHSAAMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuYnV5cGFz\n" + + "cy5uby9jcmwvQlBDbGFzczJSb290Q0EuY3JsMD4GCCsGAQUFBwEBBDIwMDAuBggr\n" + + "BgEFBQcwAYYiaHR0cDovL29jc3AuYnV5cGFzcy5uby9vY3NwL0JQT2NzcDANBgkq\n" + + "hkiG9w0BAQsFAAOCAgEAq8IVUouNdeHQljyp8xpa9GC7rpSRXGRRTolSXNa9TUfU\n" + + "48Z0Vj3x9jT58I+I8P7fKp+p4Wdu0kcwxOXsooP8hdGLqXY4nV9amkNRiTs99xa3\n" + + "Qu/KdLeAPEeeKztxDCLXGmsC4+1G6DuDrOkwSm9Tm+HxSZRGR4Qo3mU3CCSz37us\n" + + "q7I0mnY4cCeBPQ3zW5J7k7KmMpUlxOPnLpaASY2JhoeiWIWddH6LUsMkZk1jDv+M\n" + + "Hyw2JWZUEUMCZoxLZ7F+4xP7v8wcEtICFo6tZIaawq9p/S6+mJLcoQ7wdQBM0+NA\n" + + "cc1MnSbPz75WP4cFhVf1SFq5gBBMCgzYaw+A9bJxDgqV3IMG6TtWfOWz7KhMV+EL\n" + + "iVp0fXua2GITRwr+htWnID3ShbHOtCMUm9qrqC6aWNPvJqqKLdhgU9bQ/s5o05a0\n" + + "D8NFT07l8yY6+ge+PPHOidnZrTNFIF9dtEdtyXGNrcqhZF0QvqeV1yZ/Kf2+W4pa\n" + + "Wor82CuDZNfcf0lje3guk+oZexxpIO57eGJQh9iGLM5dBeEMF7+f5j/1/rGsf6vA\n" + + "KkudpjiTl1v/GoO2zMDTTQVcjEsLSYSV0+s2p5QTXuAXrL0/ER3KQRvewIAtmzFg\n" + + "IaPy7t2TV0olHISRMvaEz4Guh2biuO/N6SP3pkk3dsMxiEVw7Xc+ouCb03Rz3aA=\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=valid.domainplus.ca22.ssl.buypass.no + // Issuer: CN=Buypass Class 2 CA 2, O=Buypass AS-983163327, C=NO + // Serial number: f0673c7183c95b38c93 + // Valid from: Mon Jan 25 00:20:55 PST 2016 until: Fri Jan 25 14:59:00 PST 2019 + private static final String VALID_CLASS_2 = "-----BEGIN CERTIFICATE-----\n" + + "MIIEgzCCA2ugAwIBAgIKDwZzxxg8lbOMkzANBgkqhkiG9w0BAQsFADBLMQswCQYD\n" + + "VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM\n" + + "FEJ1eXBhc3MgQ2xhc3MgMiBDQSAyMB4XDTE2MDEyNTA4MjA1NVoXDTE5MDEyNTIy\n" + + "NTkwMFowLzEtMCsGA1UEAwwkdmFsaWQuZG9tYWlucGx1cy5jYTIyLnNzbC5idXlw\n" + + "YXNzLm5vMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhA0eVz8ADqx\n" + + "dcrIZUzCf1n+kaBFyEF4WteUMtM4ta7szTm19f1/O4LRwr+pI5qQDgWHnHMX9sit\n" + + "rKOJPfMRgWrViaQ5y9QCZ4h2BIuDe61XVGkEcUiOoNojLRvDrbjpknI69nb1wbjn\n" + + "fpmCQVjYXoandr7RsexdWG4e+s6rk5Jk/zAUzU3Vbi0lmDJ62Dd+Dk3/IVrSebOp\n" + + "eIDniRX4vjIeucnDDTQ1VqSIN+gYNR/bMxXKFbScGAG+BpgZMwetJBJhTi7zlOgR\n" + + "4zAtdvvpJNN1pmNCsmJaM25WQgH6a05cTQtgYN//MKqTDww7z+LfK37mOxh3vBTu\n" + + "TR5S6VxzQQIDAQABo4IBgzCCAX8wCQYDVR0TBAIwADAfBgNVHSMEGDAWgBSSrWWJ\n" + + "sgAPy1ENwSPslE6PwQQ/dzAdBgNVHQ4EFgQUIs9OWkfc6S1c8mbYgi6Ns1kzh0Mw\n" + + "DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAf\n" + + "BgNVHSAEGDAWMAoGCGCEQgEaAQIEMAgGBmeBDAECATA6BgNVHR8EMzAxMC+gLaAr\n" + + "hilodHRwOi8vY3JsLmJ1eXBhc3Mubm8vY3JsL0JQQ2xhc3MyQ0EyLmNybDAvBgNV\n" + + "HREEKDAmgiR2YWxpZC5kb21haW5wbHVzLmNhMjIuc3NsLmJ1eXBhc3Mubm8wdQYI\n" + + "KwYBBQUHAQEEaTBnMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5idXlwYXNzLm5v\n" + + "L29jc3AvQlBPY3NwMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LmJ1eXBhc3Mubm8v\n" + + "Y3J0L0JQQ2xhc3MyQ0EyLmNlcjANBgkqhkiG9w0BAQsFAAOCAQEAjDPxDQnnzH+v\n" + + "Mnj8dRM6NPBVXl4JNofWlwqzYdu+HauFeF3AOZVVyr/YbOR9/ewDrScOvrGohndV\n" + + "7Si0l5hz3fo51Ra81TyR8kWR7nJC2joidT1X4a0hF9zu8CNQNVmkOhoACgeuv42R\n" + + "NDwmj9TfpNRyC4RA7/NzXMeRJYfOrh18S9VHhCzsWScd9td3u7hrhBOPPOql9f2K\n" + + "t9Hcevo+cceE6bGYwbW6xNr3iPOh31shMxgRUMojVamtH70tYMi+0e0lrzXdxgGO\n" + + "ISnXBS2HptakUIxF3feTOjBhhh5vb9RJxfdJA///ggkR3L51MfjrusucpNoz3k3P\n" + + "f5e7ZlSJ6g==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=revoked.domainplus.ca22.ssl.buypass.no + // Issuer: CN=Buypass Class 2 CA 2, O=Buypass AS-983163327, C=NO + // Serial number: f07a517dfc19ea8bf8f + // Valid from: Mon Jan 25 00:22:09 PST 2016 until: Fri Jan 25 14:59:00 PST 2019 + private static final String REVOKED_CLASS_2 = "-----BEGIN CERTIFICATE-----\n" + + "MIIEhzCCA2+gAwIBAgIKDwelF9/Bnqi/jzANBgkqhkiG9w0BAQsFADBLMQswCQYD\n" + + "VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM\n" + + "FEJ1eXBhc3MgQ2xhc3MgMiBDQSAyMB4XDTE2MDEyNTA4MjIwOVoXDTE5MDEyNTIy\n" + + "NTkwMFowMTEvMC0GA1UEAwwmcmV2b2tlZC5kb21haW5wbHVzLmNhMjIuc3NsLmJ1\n" + + "eXBhc3Mubm8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjp/5BLRjH\n" + + "03XNNT2YXqg+txclRaUu88Rjbj4oEudFbkGTl+oBhmXX4QjM4WGvgw1AHW7nePWF\n" + + "/j3aR1kWJCl/ZOe097mb0V0dIwK6u6RVx9ERd4ITa/cmUJjy1+D+vCsT0elJY1vf\n" + + "vbwCdaloS7MZDG3wmJGxrUz7fo7t/JdsW481Ymau3xVTQ+45MusPmOE8RZ6nggIQ\n" + + "dZIA00XPhlQwg5ivuPwtcNNZIkk1fkU+5J+RUOI5qHA9zH2s1Hly6PzTATCxSDSi\n" + + "zqAmBH0ehrWqCWiKH5P3J8dCRA6qa2n5pD71CweLrUsbmztkBHUlYKlZ0fP6bGiI\n" + + "ZDMBLL/aFQybAgMBAAGjggGFMIIBgTAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFJKt\n" + + "ZYmyAA/LUQ3BI+yUTo/BBD93MB0GA1UdDgQWBBQZICByGObE/pJISOcMavbKRl2L\n" + + "+zAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\n" + + "MB8GA1UdIAQYMBYwCgYIYIRCARoBAgQwCAYGZ4EMAQIBMDoGA1UdHwQzMDEwL6At\n" + + "oCuGKWh0dHA6Ly9jcmwuYnV5cGFzcy5uby9jcmwvQlBDbGFzczJDQTIuY3JsMDEG\n" + + "A1UdEQQqMCiCJnJldm9rZWQuZG9tYWlucGx1cy5jYTIyLnNzbC5idXlwYXNzLm5v\n" + + "MHUGCCsGAQUFBwEBBGkwZzAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuYnV5cGFz\n" + + "cy5uby9vY3NwL0JQT2NzcDA1BggrBgEFBQcwAoYpaHR0cDovL2NydC5idXlwYXNz\n" + + "Lm5vL2NydC9CUENsYXNzMkNBMi5jZXIwDQYJKoZIhvcNAQELBQADggEBAAdjMdlP\n" + + "qYNK+YkrqTgQV0dblIazL/cIhMPByjnEkfxew9tDxpcMWafIFKcgM/QxYJG/mzoL\n" + + "sSQ9pzzuGLQX7eAPA3rlWoQBusOeOaC3HQqy73kGStd7H8HPa3m+q47Z6JG0w+Fb\n" + + "rk8odrml+8rAEPLBlldB39xJuNVHjmlyTEDSC4azEXjfV4+kj8uE86sm+AoTt4Ba\n" + + "tEZSbKp70oH63QKBAEHORMM4gXeP+WG276p3kTcL1VUfgQw7vVmGN0C8DjhK4BAC\n" + + "0PUChr8agu0F5YcqpGxjLemMnDrqW+Bi/JYmGhEjWTiLSyYSlvJb1dAFUyPlc958\n" + + "pmOu5xTMEatiPFI=\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator) throws Exception { + // Validate valid + pathValidator.validate(new String[]{VALID_CLASS_2, INT_CLASS_2}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED_CLASS_2, INT_CLASS_2}, + ValidatePathWithParams.Status.REVOKED, + "Mon Jan 25 00:24:47 PST 2016", System.out); + } +} + +class BuypassClass3 { + + // Owner: CN=Buypass Class 3 CA 2, O=Buypass AS-983163327, C=NO + // Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO + private static final String INT_CLASS_3 = "-----BEGIN CERTIFICATE-----\n" + + "MIIFCzCCAvOgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd\n" + + "MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg\n" + + "Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA5MTYxN1oXDTMwMTAyNjA5MTYxN1ow\n" + + "SzELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0w\n" + + "GwYDVQQDDBRCdXlwYXNzIENsYXNzIDMgQ0EgMjCCASIwDQYJKoZIhvcNAQEBBQAD\n" + + "ggEPADCCAQoCggEBAL1OFdoURRXuCuwTBJpuCKDE8Euzcg0AeCRGq3VdagbChyCE\n" + + "CQ5vYWwmpHCyFl1b+r2KyWdQBBdG+msAcIYZal5cjZzrTWvbkfiAD/OneMjhqYB0\n" + + "pTQIXbTjpPUMOjFM8waNZcqGJqC9H+Z9NkjK5THAK0oOOfKNPHg1MeImbOHVw0fR\n" + + "48WnNrPpnQDt+SbPFSvw+dACDAybx1XgjMPq7pmZDWbkajOz4yCvrgZm6jvAPeT3\n" + + "qkBFh7zOZ3IZVdfmRjVahx0iXp5TJ1SsrRr/uCiae1O+NR//XDG3dl9j17HsFlhY\n" + + "Rl6EvEfVV0OcW94Ret9uBUF73ANZl0b+gwCXnV0CAwEAAaOB9jCB8zAPBgNVHRMB\n" + + "Af8EBTADAQH/MB8GA1UdIwQYMBaAFEe4zf/lb+74suwvTg75JbCOPGvDMB0GA1Ud\n" + + "DgQWBBQiMC7S+/ZLysC4O9IExOly5pebDDAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0g\n" + + "BAowCDAGBgRVHSAAMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuYnV5cGFz\n" + + "cy5uby9jcmwvQlBDbGFzczNSb290Q0EuY3JsMD4GCCsGAQUFBwEBBDIwMDAuBggr\n" + + "BgEFBQcwAYYiaHR0cDovL29jc3AuYnV5cGFzcy5uby9vY3NwL0JQT2NzcDANBgkq\n" + + "hkiG9w0BAQsFAAOCAgEAaOLyxpj2t9k9Rzkxkcj/teTNOWxBLPZDi+eFx3u7laf2\n" + + "mX/ZUSSE4g7OiKnD7ozWk9Qgocn3rBWGDKsp676RwWV97Elofz73Oebei6P3Gg/9\n" + + "CD8y6rf8xHRxru5d1ZQ1NkWdPwYI38jlt3LaDjJKZjJW7pOPIMRvw1Y1AY3mYgCJ\n" + + "Qqpw8jgukHIP0454DPzkUXzg/ZVJG0swmFmjYfARleSPidcs5BJx5ngpcUS4745g\n" + + "mN9PQ578+ROIbML4Jx83myivlyTQSPdYSwzSswb1RVBJmiF9qC0B1hivCrs4BATu\n" + + "YeaPV6CiNDr0jGnbxAskz7QDNR6uJSUKX3L9iY2TB/4/5hJ9TZ/YDI6OEG/wVtBz\n" + + "5FkU0ucztyQa4UG1mXR8Zbs/zt9Fj0Xn8f5IM3dB/s/r8c1AFDIcLRUqP/LkI9Wj\n" + + "XovWr79PEJcIfIln0AfzYfBBxCRE+4QHcVhci6p/mbyl2a+Rf8ZGNTiDLaWSZp5x\n" + + "jqdaq5UQaoZK8XQ+JVR0etep/KPgVMXq5Zv16YEb2vjs//RfxT8psDZLe/37+Bs4\n" + + "AG9sdT/bsH7HDQwodTon/HvMmxt4EiU/1Sjco4Fok9VmSE2UVjIghajbbTSKR3LV\n" + + "UuU19x12fKp+htO8L+wVlGgxXb9WvDBNHCe6RmR4jqavmvrAyCPtrx3cXwqGmXA=\n" + + "-----END CERTIFICATE-----"; + + // Owner: SERIALNUMBER=983163327, CN=valid.business.ca23.ssl.buypass.no, + // O=BUYPASS AS, L=OSLO, OID.2.5.4.17=0484, C=NO + // Issuer: CN=Buypass Class 3 CA 2, O=Buypass AS-983163327, C=NO + // Serial number: 97631b91e98293b35c8 + // Valid from: Fri Feb 06 00:57:04 PST 2015 until: Fri Feb 09 14:59:00 PST 2018 + private static final String VALID_CLASS_3 = "-----BEGIN CERTIFICATE-----\n" + + "MIIE1DCCA7ygAwIBAgIKCXYxuR6YKTs1yDANBgkqhkiG9w0BAQsFADBLMQswCQYD\n" + + "VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM\n" + + "FEJ1eXBhc3MgQ2xhc3MgMyBDQSAyMB4XDTE1MDIwNjA4NTcwNFoXDTE4MDIwOTIy\n" + + "NTkwMFowgYExCzAJBgNVBAYTAk5PMQ0wCwYDVQQRDAQwNDg0MQ0wCwYDVQQHDARP\n" + + "U0xPMRMwEQYDVQQKDApCVVlQQVNTIEFTMSswKQYDVQQDDCJ2YWxpZC5idXNpbmVz\n" + + "cy5jYTIzLnNzbC5idXlwYXNzLm5vMRIwEAYDVQQFEwk5ODMxNjMzMjcwggEiMA0G\n" + + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbahUoF2A7upqIxDQKraZ+aEOzNkHF\n" + + "1fIQEtUMQS1OTB8la7pWsBnv1gk9Ja2ifIrwdSxAjefL3SXR47h4vxUMnufMnkTk\n" + + "PERXft/XR8/jZQZRpznnN/V89ctb8qcVhHCooTIELOBzF9QAmDnawZQogwhDNLNy\n" + + "kLtWsl75X547DS/Z5hsqCqXPyOiFzkHY59uamYu48TF9d7HwQ741H0YhehoxTl/O\n" + + "YqzW2wqYxqhQuCX5IuYER7G/P3G6UAm+VB9aujtWW+TBT9+iWh0aT+C7ezDtREse\n" + + "lwb44svf8S3iW18KlSF8EMT0qwqNpA8njOCQiSgluYD+Uk9E5f8505UzAgMBAAGj\n" + + "ggGBMIIBfTAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFCIwLtL79kvKwLg70gTE6XLm\n" + + "l5sMMB0GA1UdDgQWBBQncKIaP6HdQV8RIBO+dddWDSKvJjAOBgNVHQ8BAf8EBAMC\n" + + "BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIAQYMBYwCgYI\n" + + "YIRCARoBAwQwCAYGZ4EMAQICMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwu\n" + + "YnV5cGFzcy5uby9jcmwvQlBDbGFzczNDQTIuY3JsMC0GA1UdEQQmMCSCInZhbGlk\n" + + "LmJ1c2luZXNzLmNhMjMuc3NsLmJ1eXBhc3Mubm8wdQYIKwYBBQUHAQEEaTBnMC4G\n" + + "CCsGAQUFBzABhiJodHRwOi8vb2NzcC5idXlwYXNzLm5vL29jc3AvQlBPY3NwMDUG\n" + + "CCsGAQUFBzAChilodHRwOi8vY3J0LmJ1eXBhc3Mubm8vY3J0L0JQQ2xhc3MzQ0Ey\n" + + "LmNlcjANBgkqhkiG9w0BAQsFAAOCAQEAqeA3IqMPn/az52twbNnimXIhIb7tWj7U\n" + + "NSBqr+httoQvNo7NbtVCgO/fM3/t0YN7rgZfP07QTn7L7CwoddrgHbnuCuFr9UhD\n" + + "df7cfY3cwDhWx+YKgXTkRZpXXrOPqeY2+9gaJlcQCnw66t5EBa4lSBnN0ZtkB4lT\n" + + "ujFP6BAyzZAjRdXWUidtErDWZri1uLmWAP0kQNez2toOcQ0XpbrbL8+nQtvOVOJv\n" + + "b/c8WoaoC14C32mAeC5bx4dQ3mpf3hQv9man1SPjY/rsDsWWjsaJAijl3YPtP2bU\n" + + "JRCCM7qfZWrY8/uBLG2llfjviKV9I6sT76w7TnawPsz+SkDXFm/nwg==\n" + + "-----END CERTIFICATE-----"; + + // Owner: SERIALNUMBER=983163327, CN=revoked.business.ca23.ssl.buypass.no, + // O=BUYPASS AS, L=OSLO, OID.2.5.4.17=0402, C=NO + // Issuer: CN=Buypass Class 3 CA 2, O=Buypass AS-983163327, C=NO + private static final String REVOKED_CLASS_3 = "-----BEGIN CERTIFICATE-----\n" + + "MIIE2DCCA8CgAwIBAgIKARno/wYhPtNtmjANBgkqhkiG9w0BAQsFADBLMQswCQYD\n" + + "VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM\n" + + "FEJ1eXBhc3MgQ2xhc3MgMyBDQSAyMB4XDTEzMDIwMTA5MTE0NFoXDTE2MDIwMTA5\n" + + "MTE0NFowgYMxCzAJBgNVBAYTAk5PMQ0wCwYDVQQRDAQwNDAyMQ0wCwYDVQQHDARP\n" + + "U0xPMRMwEQYDVQQKDApCVVlQQVNTIEFTMS0wKwYDVQQDDCRyZXZva2VkLmJ1c2lu\n" + + "ZXNzLmNhMjMuc3NsLmJ1eXBhc3Mubm8xEjAQBgNVBAUTCTk4MzE2MzMyNzCCASIw\n" + + "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmBUI0wNCz4kLikR5wog4QTUEmO\n" + + "XoGgjnQv0cKfDogbewK+0ngdyyR8dZOqSauQTGLlPTpo6DEWpD3Jqrr444MV6Vc1\n" + + "AGWnjk3T+KT5tKl6qJOQq17Y+HEnsTEzCo1kieVygpSu7FBa2OnhHNmLWThhGUEi\n" + + "mLqrEyfjMSb9zacvo06Zr7S8BauLRB3aM5BeMVF7Bj/9f/FvnB/y1cRDLG32WRCx\n" + + "K9IAFwCaJkfWsXx+bnaO4uEQwLFZ96p7L5mr+QNvI6QuweIY1hDM3RDM6HQkGTK9\n" + + "8iHSzGBSCGwOM24Ym3XM5vTbiV5uLno+QEYlJL/+qbYvarbO2gPF+6A6M10CAwEA\n" + + "AaOCAYMwggF/MAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUIjAu0vv2S8rAuDvSBMTp\n" + + "cuaXmwwwHQYDVR0OBBYEFNI2C2XKZkNRHZrHLkBhCMeDRN0KMA4GA1UdDwEB/wQE\n" + + "AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0gBBgwFjAK\n" + + "BghghEIBGgEDBDAIBgZngQwBAgIwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2Ny\n" + + "bC5idXlwYXNzLm5vL2NybC9CUENsYXNzM0NBMi5jcmwwLwYDVR0RBCgwJoIkcmV2\n" + + "b2tlZC5idXNpbmVzcy5jYTIzLnNzbC5idXlwYXNzLm5vMHUGCCsGAQUFBwEBBGkw\n" + + "ZzAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuYnV5cGFzcy5uby9vY3NwL0JQT2Nz\n" + + "cDA1BggrBgEFBQcwAoYpaHR0cDovL2NydC5idXlwYXNzLm5vL2NydC9CUENsYXNz\n" + + "M0NBMi5jZXIwDQYJKoZIhvcNAQELBQADggEBAGNQe9cgrw/mN7bChof205NRS+TH\n" + + "A8f0JcKk1KrPYYW+ilyp6j3My26Sm9a4ZyKRhAS8fCxYUXWzfNvJNFYv2ttLuegl\n" + + "SFfeXjSJJZW9+wC5oRLta++62UTTxXp0Zf5UkMsHZCIjvnk0yGWZa0phyRCH89ca\n" + + "4vfRTOGNTNfX3d0jm/+fm70UNYHKZ/VcxVj0vH2Ij/kDUy7r2cw1gQ65RDUotnTu\n" + + "Yt59y3COyMZeYNMcuoss2XWnedFoD7fwCSkNqVbwjCxGVkL1+ivbWhqlCefaniZX\n" + + "Wy35oP1635RSxHbCMU9msmUO7FS8n1VH2edEC797gduK5pn2aBhy/MW0unU=\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) + throws Exception { + // Validate valid + pathValidator.validate(new String[]{VALID_CLASS_3, INT_CLASS_3}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + if (ocspEnabled) { + // Revoked test certificate is expired + // and backdated revocation check is only possible with OCSP + pathValidator.setValidationDate("July 01, 2013"); + } + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED_CLASS_3, INT_CLASS_3}, + ValidatePathWithParams.Status.REVOKED, + "Wed Feb 06 02:56:32 PST 2013", System.out); + } +} diff -r 971d83666b23 -r 472f74fb6c6b test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java Tue Dec 12 19:20:39 2017 -0800 @@ -0,0 +1,674 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + /* + * @test + * @bug 8189131 + * @summary Interoperability tests with Comodo RSA, ECC, userTrust RSA, and + * userTrust ECC CAs + * @build ValidatePathWithParams + * @run main/othervm -Djava.security.debug=certpath ComodoCA OCSP + * @run main/othervm -Djava.security.debug=certpath ComodoCA CRL + */ + + /* + * Obtain TLS test artifacts for Comodo CAs from: + * + * Valid TLS Certificates: + * https://comodorsacertificationauthority-ev.comodoca.com + * https://comodoecccertificationauthority-ev.comodoca.com + * https://usertrustrsacertificationauthority-ev.comodoca.com + * https://usertrustecccertificationauthority-ev.comodoca.com + * + * Revoked TLS Certificates: + * https://comodorsacertificationauthority-ev.comodoca.com:444 + * https://comodoecccertificationauthority-ev.comodoca.com:444 + * https://usertrustrsacertificationauthority-ev.comodoca.com:444 + * https://usertrustecccertificationauthority-ev.comodoca.com:444 + */ +public class ComodoCA { + + public static void main(String[] args) throws Exception { + + ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + pathValidator.enableCRLCheck(); + } else { + // OCSP check by default + pathValidator.enableOCSPCheck(); + } + + new ComodoRSA().runTest(pathValidator); + new ComodoECC().runTest(pathValidator); + new ComodoUserTrustRSA().runTest(pathValidator); + new ComodoUserTrustECC().runTest(pathValidator); + } +} + +class ComodoRSA { + + // Owner: CN=COMODO RSA Extended Validation Secure Server CA, + // O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB + // Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, + // L=Salford, ST=Greater Manchester, C=GB + // Serial number: 6a74380d4ebfed435b5a3f7e16abdd8 + // Valid from: Sat Feb 11 16:00:00 PST 2012 until: Thu Feb 11 15:59:59 PST 2027 + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIGDjCCA/agAwIBAgIQBqdDgNTr/tQ1taP34Wq92DANBgkqhkiG9w0BAQwFADCB\n" + + "hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\n" + + "A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV\n" + + "BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTIwMjEy\n" + + "MDAwMDAwWhcNMjcwMjExMjM1OTU5WjCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgT\n" + + "EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR\n" + + "Q09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQg\n" + + "VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" + + "AQ8AMIIBCgKCAQEAlVbeVLTf1QJJe9FbXKKyHo+cK2JMK40SKPMalaPGEP0p3uGf\n" + + "CzhAk9HvbpUQ/OGQF3cs7nU+e2PsYZJuTzurgElr3wDqAwB/L3XVKC/sVmePgIOj\n" + + "vdwDmZOLlJFWW6G4ajo/Br0OksxgnP214J9mMF/b5pTwlWqvyIqvgNnmiDkBfBzA\n" + + "xSr3e5Wg8narbZtyOTDr0VdVAZ1YEZ18bYSPSeidCfw8/QpKdhQhXBZzQCMZdMO6\n" + + "WAqmli7eNuWf0MLw4eDBYuPCGEUZUaoXHugjddTI0JYT/8ck0YwLJ66eetw6YWNg\n" + + "iJctXQUL5Tvrrs46R3N2qPos3cCHF+msMJn4HwIDAQABo4IBaTCCAWUwHwYDVR0j\n" + + "BBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFDna/8ooFIqodBMI\n" + + "ueQOqdL6fp1pMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMD4G\n" + + "A1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5j\n" + + "b21vZG8uY29tL0NQUzBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9k\n" + + "b2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggr\n" + + "BgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29t\n" + + "L0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz\n" + + "cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAERCnUFRK0iIXZebeV4R\n" + + "AUpSGXtBLMeJPNBy3IX6WK/VJeQT+FhlZ58N/1eLqYVeyqZLsKeyLeCMIs37/3mk\n" + + "jCuN/gI9JN6pXV/kD0fQ22YlPodHDK4ixVAihNftSlka9pOlk7DgG4HyVsTIEFPk\n" + + "1Hax0VtpS3ey4E/EhOfUoFDuPPpE/NBXueEoU/1Tzdy5H3pAvTA/2GzS8+cHnx8i\n" + + "teoiccsq8FZ8/qyo0QYPFBRSTP5kKwxpKrgNUG4+BAe/eiCL+O5lCeHHSQgyPQ0o\n" + + "fkkdt0rvAucNgBfIXOBhYsvss2B5JdoaZXOcOBCgJjqwyBZ9kzEi7nQLiMBciUEA\n" + + "KKlHMd99SUWa9eanRRrSjhMQ34Ovmw2tfn6dNVA0BM7pINae253UqNpktNEvWS5e\n" + + "ojZh1CSggjMziqHRbO9haKPl0latxf1eYusVqHQSTC8xjOnB3xBLAer2VBvNfzu9\n" + + "XJ/B288ByvK6YBIhMe2pZLiySVgXbVrXzYxtvp5/4gJYp9vDLVj2dAZqmvZh+fYA\n" + + "tmnYOosxWd2R5nwnI4fdAw+PKowegwFOAWEMUnNt/AiiuSpm5HZNMaBWm9lTjaK2\n" + + "jwLI5jqmBNFI+8NKAnb9L9K8E7bobTQk+p0pisehKxTxlgBzuRPpwLk6R1YCcYAn\n" + + "pLwltum95OmYdBbxN4SBB7SC\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=COMODO RSA Extended Validation Secure Server CA, + // O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB + // Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, + // L=Salford, ST=Greater Manchester, C=GB + // Serial number: 6a74380d4ebfed435b5a3f7e16abdd8 + // Valid from: Sat Feb 11 16:00:00 PST 2012 until: Thu Feb 11 15:59:59 PST 2027 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIH8jCCBtqgAwIBAgIQcgqiz6QAlFISJPkBqYSxZzANBgkqhkiG9w0BAQsFADCB\n" + + "kjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\n" + + "A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxODA2BgNV\n" + + "BAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVy\n" + + "IENBMB4XDTE3MDYzMDAwMDAwMFoXDTE5MDkyOTIzNTk1OVowggFdMREwDwYDVQQF\n" + + "EwgwNDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0\n" + + "ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExGzAZ\n" + + "BgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEWMBQG\n" + + "A1UECRMNVHJhZmZvcmQgUm9hZDEWMBQGA1UECRMNRXhjaGFuZ2UgUXVheTElMCMG\n" + + "A1UECRMcM3JkIEZsb29yLCAyNiBPZmZpY2UgVmlsbGFnZTEaMBgGA1UEChMRQ09N\n" + + "T0RPIENBIExpbWl0ZWQxGjAYBgNVBAsTEUNPTU9ETyBFViBTR0MgU1NMMTgwNgYD\n" + + "VQQDEy9jb21vZG9yc2FjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWV2LmNvbW9kb2Nh\n" + + "LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAND/eZQBTjpBDsut\n" + + "eKwl+zpTitF8tJzwHAhcQHC2AaLF/GJl1rnjx4OfelMhKhN1Od9KU6onHGOd2w4m\n" + + "D4EiYK9TpXwuwTyzfkCmnkqxZjYK3KAJN013o4L+8y1zsGVUulpN/GfMaxTb4Xdm\n" + + "eSekTP91Phw3xezijBq3sa++1rO5RBaT1IHeHhHviC9WNrG8CIg/j5MyC9i43LZH\n" + + "iRXLER1LzT/MCIRsiG5AEbiYXV5BNd5SiiHtBJ1q0ZJH+AxL2ERaT41VCppboZwT\n" + + "hmJGGoky9FWjp6z8U6Enx0fAMJIZNEzW6LAJFKPEynEU004jFFCEumPUqqCC4ogx\n" + + "ulphY80CAwEAAaOCA3QwggNwMB8GA1UdIwQYMBaAFDna/8ooFIqodBMIueQOqdL6\n" + + "fp1pMB0GA1UdDgQWBBQ+S4ZhIrwOoeGs9BBT4uXq89Ux/jAOBgNVHQ8BAf8EBAMC\n" + + "BaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" + + "TwYDVR0gBEgwRjA7BgwrBgEEAbIxAQIBBQEwKzApBggrBgEFBQcCARYdaHR0cHM6\n" + + "Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwBwYFZ4EMAQEwVgYDVR0fBE8wTTBLoEmg\n" + + "R4ZFaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRXh0ZW5kZWRWYWxp\n" + + "ZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGHBggrBgEFBQcBAQR7MHkwUQYIKwYB\n" + + "BQUHMAKGRWh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUV4dGVuZGVk\n" + + "VmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDov\n" + + "L29jc3AuY29tb2RvY2EuY29tMDoGA1UdEQQzMDGCL2NvbW9kb3JzYWNlcnRpZmlj\n" + + "YXRpb25hdXRob3JpdHktZXYuY29tb2RvY2EuY29tMIIBgAYKKwYBBAHWeQIEAgSC\n" + + "AXAEggFsAWoAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVz5\n" + + "cV7GAAAEAwBHMEUCIQCpgc0Eqw3g4pr+oX88h5xgL1VEAiDpqAhbRtilgYwBbgIg\n" + + "UaIm+n8AHi55nB//Sb4Nz18GYVcfELfpIzRh1vW9HbYAdwBWFAaaL9fC7NP14b1E\n" + + "sj7HRna5vJkRXMDvlJhV1onQ3QAAAVz5cVybAAAEAwBIMEYCIQDdsgC4KZ++OP44\n" + + "X7LbUcNaxe0kFzbctF2L3bnmhp9nXQIhAM0/g+PrZBIBpYlOtzidePi8bBHrLWn2\n" + + "uBiP3pYIntl4AHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFc\n" + + "+XFeoQAABAMASDBGAiEAoySTb/QKw7JwtZtPHnECEMzgENQSFy58Kl+Mvcd3SmcC\n" + + "IQD8cU66Ih3ejvt0OTX+lfxQPKyggQfm4Uk/lwn5LEJXbDANBgkqhkiG9w0BAQsF\n" + + "AAOCAQEAKEaSYWn3Hi8rfJS4cMTJoMkVp2vpPH2dGXySBEy67TEGRw9+f75w3q95\n" + + "r1m3P+xsR6dBoidTq/6wqUYI51lB4Fq9ylh1Stp5Gj54CuyT+S31l7lD7sl0KMsn\n" + + "HDUDQHId7hKeORYpiIZOcrKOglKdi1uiGwDgoiLKh98lUrZA6durrhH+sl69wqp2\n" + + "0XAu+3hurXzCoZFJfyngTO1kt9qcFUAxc5LofIa9QvC6VR7dI4aAh7dUpIRlnjG3\n" + + "jJ1mUMTqWO6TFTtddb+uQjDqNgkYYYNuSax1WMEIZWbIi13EjXK1GPQUXJe6gQin\n" + + "NUq9JH9NPK6m8A1YKT+wgzfTDeaV2Q==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=comodorsacertificationauthority-ev.comodoca.com, + // OU=COMODO EV SGC SSL, O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", + // STREET=Exchange Quay, STREET=Trafford Road, L=Salford, ST=Greater Manchester, + // OID.2.5.4.17=M5 3EQ, C=GB, OID.2.5.4.15=Private Organization, + // OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690 + // Issuer: CN=COMODO RSA Extended Validation Secure Server CA, + // O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB + // Serial number: ff6ecae8c73f9b5ca811a1d2b14768be + // Valid from: Tue Aug 16 17:00:00 PDT 2016 until: Fri Nov 16 15:59:59 PST 2018 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIIGzCCBwOgAwIBAgIRAP9uyujHP5tcqBGh0rFHaL4wDQYJKoZIhvcNAQELBQAw\n" + + "gZIxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO\n" + + "BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTgwNgYD\n" + + "VQQDEy9DT01PRE8gUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZl\n" + + "ciBDQTAeFw0xNjA4MTcwMDAwMDBaFw0xODExMTYyMzU5NTlaMIIBXTERMA8GA1UE\n" + + "BRMIMDQwNTg2OTAxEzARBgsrBgEEAYI3PAIBAxMCR0IxHTAbBgNVBA8TFFByaXZh\n" + + "dGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJHQjEPMA0GA1UEERMGTTUgM0VRMRsw\n" + + "GQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxFjAU\n" + + "BgNVBAkTDVRyYWZmb3JkIFJvYWQxFjAUBgNVBAkTDUV4Y2hhbmdlIFF1YXkxJTAj\n" + + "BgNVBAkTHDNyZCBGbG9vciwgMjYgT2ZmaWNlIFZpbGxhZ2UxGjAYBgNVBAoTEUNP\n" + + "TU9ETyBDQSBMaW1pdGVkMRowGAYDVQQLExFDT01PRE8gRVYgU0dDIFNTTDE4MDYG\n" + + "A1UEAxMvY29tb2RvcnNhY2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5jb21vZG9j\n" + + "YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ/3mUAU46QQ7L\n" + + "rXisJfs6U4rRfLSc8BwIXEBwtgGixfxiZda548eDn3pTISoTdTnfSlOqJxxjndsO\n" + + "Jg+BImCvU6V8LsE8s35App5KsWY2CtygCTdNd6OC/vMtc7BlVLpaTfxnzGsU2+F3\n" + + "ZnknpEz/dT4cN8Xs4owat7GvvtazuUQWk9SB3h4R74gvVjaxvAiIP4+TMgvYuNy2\n" + + "R4kVyxEdS80/zAiEbIhuQBG4mF1eQTXeUooh7QSdatGSR/gMS9hEWk+NVQqaW6Gc\n" + + "E4ZiRhqJMvRVo6es/FOhJ8dHwDCSGTRM1uiwCRSjxMpxFNNOIxRQhLpj1KqgguKI\n" + + "MbpaYWPNAgMBAAGjggOcMIIDmDAfBgNVHSMEGDAWgBQ52v/KKBSKqHQTCLnkDqnS\n" + + "+n6daTAdBgNVHQ4EFgQUPkuGYSK8DqHhrPQQU+Ll6vPVMf4wDgYDVR0PAQH/BAQD\n" + + "AgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\n" + + "MEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQUBMCswKQYIKwYBBQUHAgEWHWh0dHBz\n" + + "Oi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6\n" + + "Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUV4dGVuZGVkVmFsaWRhdGlvblNl\n" + + "Y3VyZVNlcnZlckNBLmNybDCBhwYIKwYBBQUHAQEEezB5MFEGCCsGAQUFBzAChkVo\n" + + "dHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FFeHRlbmRlZFZhbGlkYXRp\n" + + "b25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNv\n" + + "bW9kb2NhLmNvbTBvBgNVHREEaDBmgi9jb21vZG9yc2FjZXJ0aWZpY2F0aW9uYXV0\n" + + "aG9yaXR5LWV2LmNvbW9kb2NhLmNvbYIzd3d3LmNvbW9kb3JzYWNlcnRpZmljYXRp\n" + + "b25hdXRob3JpdHktZXYuY29tb2RvY2EuY29tMIIBfAYKKwYBBAHWeQIEAgSCAWwE\n" + + "ggFoAWYAdQBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVaYyfL5\n" + + "AAAEAwBGMEQCIBW1F2heN1IccknFpDVED66I/tb4BpkqWLwqzn5dwWQXAiAzSPv7\n" + + "1zuXUelPvK6l1gOLB/6VlD7gwVGg7M3B1+Vt7wB1AFYUBpov18Ls0/XhvUSyPsdG\n" + + "drm8mRFcwO+UmFXWidDdAAABVpjJ8k0AAAQDAEYwRAIgfTjxLr4edpWLyOGi32TW\n" + + "48I3c0YWQMM5qsMe7zDzdrACIBng0I2+XksdOXoz5CKMAZGYict+TnZ/p7sRPAYo\n" + + "dl05AHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFWmMnyzgAA\n" + + "BAMARzBFAiBiTeFCsfBnC4gKolnPUpL5S0eEkb0esucY40qhPqUnDgIhAOZrZz3G\n" + + "fLtEq73nEdAfvocUQC7IdMTEJRceb25Pk5J/MA0GCSqGSIb3DQEBCwUAA4IBAQBB\n" + + "YldVJKeAwqpPejxa0h3n3G8WefmAJXJtBcMKMDZ8thofgOyVDnVTkNVtY5UwwV8D\n" + + "a0bt0UhCzr88v7BrZ8PNci3qiTQgGz9q27s4x64og47sGREoil/0h3xdZ8cWVsAa\n" + + "i/aIHD0frCktX/PUZClpAuTQwJgKHurl1Apn1+RVZ3gozebOOopXmopscgp3FQV0\n" + + "RqBVietPoq6koeaJKf2ux102yW/Ef4RxXLJOLZ7ynV4tbIGyz4q+RhXbDknNrUcZ\n" + + "ugRTCaWUQ3cxtFQjA6MvY4G4eTycyiQTf/qFH5D7mrqY9ZLUuwH3AgLx49UZvQMk\n" + + "03iaUVSV6CNAsQVv4S5p\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator) throws Exception { + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Fri Jun 30 07:20:56 PDT 2017", System.out); + } +} + +class ComodoECC { + + // Owner: CN=COMODO ECC Extended Validation Secure Server CA, + // O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB + // Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, + // L=Salford, ST=Greater Manchester, C=GB + // Serial number: 61d4643b412b5d8d715499d8553aa03 + // Valid from: Sun Apr 14 17:00:00 PDT 2013 until: Fri Apr 14 16:59:59 PDT 2028 + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIDojCCAyigAwIBAgIQBh1GQ7QStdjXFUmdhVOqAzAKBggqhkjOPQQDAzCBhTEL\n" + + "MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE\n" + + "BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT\n" + + "IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTMwNDE1MDAw\n" + + "MDAwWhcNMjgwNDE0MjM1OTU5WjCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy\n" + + "ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N\n" + + "T0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBFQ0MgRXh0ZW5kZWQgVmFs\n" + + "aWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" + + "QgAEV3AaPyeTQy0aWXXkBJMR42DsJ5pnbliJe7ndaHzCDslVlY8ofpxeFiqluZrK\n" + + "KNcJeBU/Jl1YI9jLMyMZKsfSoaOCAWkwggFlMB8GA1UdIwQYMBaAFHVxpxlIGbyd\n" + + "nepBR9+UxEh3mdN5MB0GA1UdDgQWBBTTTsMZulhZ0Rxgt2FTRzund4/4ijAOBgNV\n" + + "HQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1MDMGBFUd\n" + + "IAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMw\n" + + "TAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RP\n" + + "RUNDQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsG\n" + + "CCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9FQ0NBZGRU\n" + + "cnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29t\n" + + "MAoGCCqGSM49BAMDA2gAMGUCMQDmPWS98nREWdt4xB83r9MVvgG5INpKHi6V1dUY\n" + + "lCqvSvXXjK0QvZSrOB7cj9RavGgCMG2xJNG+SvlTWEYpmK7eXSgmRUgoBDeQ0yDK\n" + + "lnxmeeOBnnCaDIxAcA3aCj2Gtdt3sA==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=comodoecccertificationauthority-ev.comodoca.com, OU=COMODO EV SSL, + // O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, + // STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ, + // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, + // SERIALNUMBER=04058690 + // Issuer: CN=COMODO ECC Extended Validation Secure Server CA, O=COMODO CA Limited, + // L=Salford, ST=Greater Manchester, C=GB + // Serial number: 414e5d66ec7d15ca504213f2811d57af + // Valid from: Mon Jul 03 17:00:00 PDT 2017 until: Thu Oct 03 16:59:59 PDT 2019 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIGYDCCBgWgAwIBAgIQQU5dZux9FcpQQhPygR1XrzAKBggqhkjOPQQDAjCBkjEL\n" + + "MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE\n" + + "BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMT\n" + + "L0NPTU9ETyBFQ0MgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\n" + + "MB4XDTE3MDcwNDAwMDAwMFoXDTE5MTAwMzIzNTk1OVowggFZMREwDwYDVQQFEwgw\n" + + "NDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0ZSBP\n" + + "cmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExGzAZBgNV\n" + + "BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEWMBQGA1UE\n" + + "CRMNVHJhZmZvcmQgUm9hZDEWMBQGA1UECRMNRXhjaGFuZ2UgUXVheTElMCMGA1UE\n" + + "CRMcM3JkIEZsb29yLCAyNiBPZmZpY2UgVmlsbGFnZTEaMBgGA1UEChMRQ09NT0RP\n" + + "IENBIExpbWl0ZWQxFjAUBgNVBAsTDUNPTU9ETyBFViBTU0wxODA2BgNVBAMTL2Nv\n" + + "bW9kb2VjY2NlcnRpZmljYXRpb25hdXRob3JpdHktZXYuY29tb2RvY2EuY29tMFkw\n" + + "EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEt26qBS7TRu/yfR+RiqLAzW2C+UspFZlO\n" + + "Rc4EhLfNYMgFkoZKjEnwJzudH6a+uRPqPOhPgUd6PFfRQFOcLjmhgaOCA3EwggNt\n" + + "MB8GA1UdIwQYMBaAFNNOwxm6WFnRHGC3YVNHO6d3j/iKMB0GA1UdDgQWBBTpZ0tz\n" + + "KscFw6Z3vCEDFzGR5VSkVzAOBgNVHQ8BAf8EBAMCBYAwDAYDVR0TAQH/BAIwADAd\n" + + "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA7BgwrBgEE\n" + + "AbIxAQIBBQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv\n" + + "bS9DUFMwBwYFZ4EMAQEwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5jb21v\n" + + "ZG9jYS5jb20vQ09NT0RPRUNDRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVy\n" + + "Q0EuY3JsMIGHBggrBgEFBQcBAQR7MHkwUQYIKwYBBQUHMAKGRWh0dHA6Ly9jcnQu\n" + + "Y29tb2RvY2EuY29tL0NPTU9ET0VDQ0V4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNl\n" + + "cnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29t\n" + + "MDoGA1UdEQQzMDGCL2NvbW9kb2VjY2NlcnRpZmljYXRpb25hdXRob3JpdHktZXYu\n" + + "Y29tb2RvY2EuY29tMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgCkuQmQtBhY\n" + + "FIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAV0NLqsqAAAEAwBHMEUCIAz9Jjq3\n" + + "qLUd/a2PYZnLGsEG/MrL7vab5rmGBg8RGAJxAiEA7JJnar07NIjCLLO77xJ3UFcu\n" + + "UMM3M8JgGC8wbuRwxbUAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ\n" + + "3QAAAV0NLqjmAAAEAwBHMEUCIHRvPWKr7vPMBWx1gLPkt8inPINWPNSoax178e5A\n" + + "D0cPAiEAvRL/VP4DLiyHvcU9AOqTzQXGuWCzswWKG59hSm7gS4kAdQDuS723dc5g\n" + + "uuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAV0NLqsDAAAEAwBGMEQCIFALT043\n" + + "X5IffLsxIAGXTrWgkZHf12QKgrYKXVB629eOAiAIeci2xi3fUW6mU8tT4LwyjowV\n" + + "DkrSCw1ZMo0JApsfzTAKBggqhkjOPQQDAgNJADBGAiEA7HUxjwx0MBC+4PuPx4Z1\n" + + "WpKz7jdHOMTh1sdaoVV5hNoCIQDrnjBFUopXHTvm/rj+aMFIeYejggPqv14KJOqT\n" + + "gym+uA==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=comodoecccertificationauthority-ev.comodoca.com, OU=COMODO EV SSL, + // O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, + // STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ, + // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, + // SERIALNUMBER=04058690 + // Issuer: CN=COMODO ECC Extended Validation Secure Server CA, O=COMODO CA Limited, + // L=Salford, ST=Greater Manchester, C=GB + // Serial number: 6923086d88824ee9800742fcb82fdaa + // Valid from: Tue Aug 16 17:00:00 PDT 2016 until: Fri Nov 16 15:59:59 PST 2018 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIGizCCBjGgAwIBAgIQBpIwhtiIJO6YAHQvy4L9qjAKBggqhkjOPQQDAjCBkjEL\n" + + "MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE\n" + + "BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMT\n" + + "L0NPTU9ETyBFQ0MgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\n" + + "MB4XDTE2MDgxNzAwMDAwMFoXDTE4MTExNjIzNTk1OVowggFZMREwDwYDVQQFEwgw\n" + + "NDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0ZSBP\n" + + "cmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExGzAZBgNV\n" + + "BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEWMBQGA1UE\n" + + "CRMNVHJhZmZvcmQgUm9hZDEWMBQGA1UECRMNRXhjaGFuZ2UgUXVheTElMCMGA1UE\n" + + "CRMcM3JkIEZsb29yLCAyNiBPZmZpY2UgVmlsbGFnZTEaMBgGA1UEChMRQ09NT0RP\n" + + "IENBIExpbWl0ZWQxFjAUBgNVBAsTDUNPTU9ETyBFViBTU0wxODA2BgNVBAMTL2Nv\n" + + "bW9kb2VjY2NlcnRpZmljYXRpb25hdXRob3JpdHktZXYuY29tb2RvY2EuY29tMFkw\n" + + "EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEt26qBS7TRu/yfR+RiqLAzW2C+UspFZlO\n" + + "Rc4EhLfNYMgFkoZKjEnwJzudH6a+uRPqPOhPgUd6PFfRQFOcLjmhgaOCA50wggOZ\n" + + "MB8GA1UdIwQYMBaAFNNOwxm6WFnRHGC3YVNHO6d3j/iKMB0GA1UdDgQWBBTpZ0tz\n" + + "KscFw6Z3vCEDFzGR5VSkVzAOBgNVHQ8BAf8EBAMCBYAwDAYDVR0TAQH/BAIwADAd\n" + + "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwRgYDVR0gBD8wPTA7BgwrBgEE\n" + + "AbIxAQIBBQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv\n" + + "bS9DUFMwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5jb21vZG9jYS5jb20v\n" + + "Q09NT0RPRUNDRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGH\n" + + "BggrBgEFBQcBAQR7MHkwUQYIKwYBBQUHMAKGRWh0dHA6Ly9jcnQuY29tb2RvY2Eu\n" + + "Y29tL0NPTU9ET0VDQ0V4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy\n" + + "dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMG8GA1UdEQRo\n" + + "MGaCL2NvbW9kb2VjY2NlcnRpZmljYXRpb25hdXRob3JpdHktZXYuY29tb2RvY2Eu\n" + + "Y29tgjN3d3cuY29tb2RvZWNjY2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5jb21v\n" + + "ZG9jYS5jb20wggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB3AGj2mPgfZIK+Oozu\n" + + "uSgdTPxxUV1nk9RE0QpnrLtPT/vEAAABVpjKocAAAAQDAEgwRgIhAKIobm0UJdom\n" + + "Hrg1HZv6ESYoYQtlqBj5bR5Ge8RGF+7pAiEAupYu0q3X27KNIsrQpmSzfiEsCQWY\n" + + "C97ToQgEhbBNZUYAdQBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAA\n" + + "AVaYyqEdAAAEAwBGMEQCIEWbMoAJpig9oTbuW2R1x/sZwDbt0Z1iUhkbEwqhkRWu\n" + + "AiByCmEY/MEtEmVcsu3uMXtJ/SMBo1JcfFCHbPf5VleQpAB1AO5Lvbd1zmC64UJp\n" + + "H6vhnmajD35fsHLYgwDEe4l6qP3LAAABVpjKoaYAAAQDAEYwRAIgVB/p/u8amjg4\n" + + "Qlq0rKv4oYYqIVKL/kFtpeH3Lm4hpnwCIDYdBZBo2cpF+KjKDn68kqFysy7MbP9r\n" + + "h/zPjAm72GeRMAoGCCqGSM49BAMCA0gAMEUCIHL5pdruv0yoFggKHPN7PXT4BfRr\n" + + "1ksLXKgF/xANjsuFAiEA9bt7u96U5OrAzJBgSkJFmNE20vEdwoQDL+99JeX4bAc=\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator) throws Exception { + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Tue Jul 04 03:34:40 PDT 2017", System.out); + } +} + +class ComodoUserTrustRSA { + + // Owner: CN=USERTrust RSA Extended Validation Secure Server CA, + // O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US + // Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, + // L=Jersey City, ST=New Jersey, C=US + // Serial number: f6bb751efa7d2e8368e606407334f83 + // Valid from: Sat Feb 11 16:00:00 PST 2012 until: Thu Feb 11 15:59:59 PST 2027 + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIGGTCCBAGgAwIBAgIQD2u3Ue+n0ug2jmBkBzNPgzANBgkqhkiG9w0BAQwFADCB\n" + + "iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\n" + + "cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\n" + + "BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTIw\n" + + "MjEyMDAwMDAwWhcNMjcwMjExMjM1OTU5WjCBlTELMAkGA1UEBhMCVVMxEzARBgNV\n" + + "BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU\n" + + "aGUgVVNFUlRSVVNUIE5ldHdvcmsxOzA5BgNVBAMTMlVTRVJUcnVzdCBSU0EgRXh0\n" + + "ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0B\n" + + "AQEFAAOCAQ8AMIIBCgKCAQEAlJwjjGNzAgMFwLu05RnhYFJS1PpbcyPH6VZOij+z\n" + + "PyvCILGvwXC8A+EgBthY080+kIlSxrNyOdnrUfNj8IsBtBlmtOF9nMWgD0Cb4HB1\n" + + "Y/tCNas8IHMtKr6eI4nJa4NjPhTcST+GtC8r+bVGHk0QpX4LbT+Z8WeE7pXIOUGs\n" + + "9j66/hsMwgnBxkQ9xXN0jhTFITUZfnCuM0vOo5hRYlCNtwD8iaHJPaKxYe6qHSKH\n" + + "WCBK7GUQiQRngry+YKLx3YtC3k/NQIyhaTLY/gUFi57kPcpZoa0h3RGfS9MpPFoe\n" + + "mk3rGH3jwjVFxR1ep1FtP/kprzLaR1UL81gxENhWvZEWXQIDAQABo4IBbjCCAWow\n" + + "HwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFC+BT+Jm\n" + + "+rxov5lDhFKJIDqC86SlMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/\n" + + "AgEAMDoGA1UdIAQzMDEwLwYEVR0gADAnMCUGCCsGAQUFBwIBFhlodHRwczovL2Nw\n" + + "cy51c2VydHJ1c3QuY29tMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNl\n" + + "cnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNy\n" + + "bDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRy\n" + + "dXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZ\n" + + "aHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAa2bX\n" + + "Xf22zjY/QLzzdZwJ9JO86qH/czwCFPK4o9Cb7rixQL9S7zHw1dm3n/+Lx5kT9lqx\n" + + "wB0dqoZ8o0XwFgVcksGz7QRhEBjrB0nSUNYG8kuFaMxRWa9ze6Ovov44WDrq1uyF\n" + + "npi3eeQiwMr3xHmY76b1NX0WqvlTTFw4L5DrcIohBz1zKVkRp7LH/s5vxjDECM+/\n" + + "erdy1WTILNFv09gwz4iFyfu/WmYYNUKlQJaSoUqja/KHcqY8zYKKjq5o982Ji3Ti\n" + + "/Odkx1NJA1Yf5ivDxxRFQmij6knL1pi1wgQxGjd67V3/+HfHF7MCRWk8mXnT32B9\n" + + "1Hk3jm10GL0R6y/XFsLhv0mGkmKD1vTP7vz1hdMLlVgxEs1k5dLMybtjUJ3LuENz\n" + + "avmZ/G/vOi284ZRo/gA/YjT5CeeWgI11IHbpRDAqKy4BWhmtIi11u12i9ftPxxrD\n" + + "/VwHtC0hTTOBnYgbJAK9ZLvaJUBU22EimU4Jv3ELkeV7SWedbAdfjXolI1mCcAbq\n" + + "RgzRC+RaTloSmO2dWicDBW7KlRHmKZXrkDUAExSBY/1j9HmNcYzWv4NCTtK7t0en\n" + + "gsE/OP2b7zHrHWtC/F1JwOCrH1JkbPA7c/6nNJVY2AscGM16pIU89OL0Ez1PyZYG\n" + + "4fokbdNREXoShKClNIPbB5iY+WdSzb9CKLyb96g=\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=usertrustrsacertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL, + // O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, + // STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ, + // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, + // SERIALNUMBER=04058690 + // Issuer: CN=USERTrust RSA Extended Validation Secure Server CA, O=The USERTRUST Network, + // L=Jersey City, ST=New Jersey, C=US + // Serial number: ffcada019c9fb1155a32300083cb99c9 + // Valid from: Mon Jul 03 17:00:00 PDT 2017 until: Thu Oct 03 16:59:59 PDT 2019 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIIATCCBumgAwIBAgIRAP/K2gGcn7EVWjIwAIPLmckwDQYJKoZIhvcNAQELBQAw\n" + + "gZUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK\n" + + "ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMTswOQYD\n" + + "VQQDEzJVU0VSVHJ1c3QgUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNl\n" + + "cnZlciBDQTAeFw0xNzA3MDQwMDAwMDBaFw0xOTEwMDMyMzU5NTlaMIIBYDERMA8G\n" + + "A1UEBRMIMDQwNTg2OTAxEzARBgsrBgEEAYI3PAIBAxMCR0IxHTAbBgNVBA8TFFBy\n" + + "aXZhdGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJHQjEPMA0GA1UEERMGTTUgM0VR\n" + + "MRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQx\n" + + "FjAUBgNVBAkTDVRyYWZmb3JkIFJvYWQxFjAUBgNVBAkTDUV4Y2hhbmdlIFF1YXkx\n" + + "JTAjBgNVBAkTHDNyZCBGbG9vciwgMjYgT2ZmaWNlIFZpbGxhZ2UxGjAYBgNVBAoT\n" + + "EUNPTU9ETyBDQSBMaW1pdGVkMRowGAYDVQQLExFDT01PRE8gRVYgU0dDIFNTTDE7\n" + + "MDkGA1UEAxMydXNlcnRydXN0cnNhY2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5j\n" + + "b21vZG9jYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeH+vF\n" + + "6JjCktrrnV4u8adH5ESuENaRNm2plwfD07Lskva4QvIQ9sz6/RrPjRwEdLRtBkll\n" + + "taZc26QxQxLAhvjPu3w5eXHP26/ES5++WoGXip4L/PcukUFFEcR6ujfIYpXCSh7V\n" + + "o/Y+rtR2L7uLt5Vll0DW2JzFlaj9QFT2bBsg5ip//jHNnobz3WEpv40C64R/Ebna\n" + + "9dmXyh0xOF8e4OWR9LudkxAFo7jQol5IQGGv7lMhLt3u1ZbJ78XqgRDT50cGIX0/\n" + + "JnV1eg7xq57/zSY/7QUxhOZEWwoeB7pmOiN8f1wuVHmROq0/lOqHkYFDjOne7IgE\n" + + "FTrKUqn080eR7AZRAgMBAAGjggN8MIIDeDAfBgNVHSMEGDAWgBQvgU/iZvq8aL+Z\n" + + "Q4RSiSA6gvOkpTAdBgNVHQ4EFgQUfPty8OfUth7Yz7PimXBCfuu33fwwDgYDVR0P\n" + + "AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\n" + + "AQUFBwMCMEsGA1UdIAREMEIwNwYMKwYBBAGyMQECAQUBMCcwJQYIKwYBBQUHAgEW\n" + + "GWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wBwYFZ4EMAQEwWgYDVR0fBFMwUTBP\n" + + "oE2gS4ZJaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdFJTQUV4dGVu\n" + + "ZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBjQYIKwYBBQUHAQEEgYAw\n" + + "fjBVBggrBgEFBQcwAoZJaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVz\n" + + "dFJTQUV4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAlBggrBgEF\n" + + "BQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTA9BgNVHREENjA0gjJ1c2Vy\n" + + "dHJ1c3Ryc2FjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWV2LmNvbW9kb2NhLmNvbTCC\n" + + "AX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5\n" + + "G9+443fNDsgN3BAAAAFdDU2iYQAABAMARzBFAiB0o4GnVHD8MeVQ32D0XYu+EQQW\n" + + "jvN78rmCfk0OEBxyFAIhAKgyctIn0IaDJiZzsrtAiqEnkcMtuh8o+R0Rqw1ygAjk\n" + + "AHcAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFdDU2gFgAABAMA\n" + + "SDBGAiEA7mcmZ8H5uHuNCdI0CVxsqDZQcZX/gVk94KckePkzQoACIQCHwm5hcvNC\n" + + "M8vNmFkboQN79DglRctHrlh143A6mUTk8QB2AO5Lvbd1zmC64UJpH6vhnmajD35f\n" + + "sHLYgwDEe4l6qP3LAAABXQ1NojoAAAQDAEcwRQIhAPqwijgE0Fr6uJ+yF+TvyXco\n" + + "Hduv9h7R5WWwJfghXiMyAiBB4+fJm4rIcOnJBZmOqFnRpIjPN0jwDqJT0nDHxaXA\n" + + "nDANBgkqhkiG9w0BAQsFAAOCAQEACXitF1bTEvV1HX11WrT/XuoMhsoPK4TS16rs\n" + + "FqztV4iXKlA1/h5qbsjYY1gVrM+/6kQkmEs5qrxsek2WNxY80NO3WAzroRJ3H9Sd\n" + + "mPn0No2P8LZ5Fs5hvaD/PfWO5xxey80c3kGyvWOej90P3IrL/1RiULyh95TrXBjI\n" + + "ddCBsZ28904wsQUrPBPMpiu0DKl1HR/em9WkcipMi+onJxxFWjucssz5PW/BzGYF\n" + + "jfWLDEI0tN5L4CWV3iVXFXOURY1Mwhtsey9jvlEyxSsys55QdKF40yGgtV9VC+os\n" + + "7hJP33+qA0cvCTaRytiPP6z/l2G/KSIXTyv6SxzGhsTFfzLAOg==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=usertrustrsacertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL, + // O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, + // STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ, + // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, + // SERIALNUMBER=04058690 + // Issuer: CN=USERTrust RSA Extended Validation Secure Server CA, O=The USERTRUST Network, + // L=Jersey City, ST=New Jersey, C=US + // Serial number: 643d7e2b0112d51a05a4efb266ebd70d + // Valid from: Tue Aug 16 17:00:00 PDT 2016 until: Fri Nov 16 15:59:59 PST 2018 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIILjCCBxagAwIBAgIQZD1+KwES1RoFpO+yZuvXDTANBgkqhkiG9w0BAQsFADCB\n" + + "lTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\n" + + "cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxOzA5BgNV\n" + + "BAMTMlVTRVJUcnVzdCBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2Vy\n" + + "dmVyIENBMB4XDTE2MDgxNzAwMDAwMFoXDTE4MTExNjIzNTk1OVowggFgMREwDwYD\n" + + "VQQFEwgwNDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJp\n" + + "dmF0ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVEx\n" + + "GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEW\n" + + "MBQGA1UECRMNVHJhZmZvcmQgUm9hZDEWMBQGA1UECRMNRXhjaGFuZ2UgUXVheTEl\n" + + "MCMGA1UECRMcM3JkIEZsb29yLCAyNiBPZmZpY2UgVmlsbGFnZTEaMBgGA1UEChMR\n" + + "Q09NT0RPIENBIExpbWl0ZWQxGjAYBgNVBAsTEUNPTU9ETyBFViBTR0MgU1NMMTsw\n" + + "OQYDVQQDEzJ1c2VydHJ1c3Ryc2FjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWV2LmNv\n" + + "bW9kb2NhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ4f68Xo\n" + + "mMKS2uudXi7xp0fkRK4Q1pE2bamXB8PTsuyS9rhC8hD2zPr9Gs+NHAR0tG0GSWW1\n" + + "plzbpDFDEsCG+M+7fDl5cc/br8RLn75agZeKngv89y6RQUURxHq6N8hilcJKHtWj\n" + + "9j6u1HYvu4u3lWWXQNbYnMWVqP1AVPZsGyDmKn/+Mc2ehvPdYSm/jQLrhH8Rudr1\n" + + "2ZfKHTE4Xx7g5ZH0u52TEAWjuNCiXkhAYa/uUyEu3e7VlsnvxeqBENPnRwYhfT8m\n" + + "dXV6DvGrnv/NJj/tBTGE5kRbCh4HumY6I3x/XC5UeZE6rT+U6oeRgUOM6d7siAQV\n" + + "OspSqfTzR5HsBlECAwEAAaOCA6owggOmMB8GA1UdIwQYMBaAFC+BT+Jm+rxov5lD\n" + + "hFKJIDqC86SlMB0GA1UdDgQWBBR8+3Lw59S2HtjPs+KZcEJ+67fd/DAOBgNVHQ8B\n" + + "Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n" + + "BQUHAwIwQgYDVR0gBDswOTA3BgwrBgEEAbIxAQIBBQEwJzAlBggrBgEFBQcCARYZ\n" + + "aHR0cHM6Ly9jcHMudXNlcnRydXN0LmNvbTBaBgNVHR8EUzBRME+gTaBLhklodHRw\n" + + "Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBRXh0ZW5kZWRWYWxpZGF0\n" + + "aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGNBggrBgEFBQcBAQSBgDB+MFUGCCsGAQUF\n" + + "BzAChklodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBRXh0ZW5k\n" + + "ZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRw\n" + + "Oi8vb2NzcC51c2VydHJ1c3QuY29tMHUGA1UdEQRuMGyCMnVzZXJ0cnVzdHJzYWNl\n" + + "cnRpZmljYXRpb25hdXRob3JpdHktZXYuY29tb2RvY2EuY29tgjZ3d3cudXNlcnRy\n" + + "dXN0cnNhY2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5jb21vZG9jYS5jb20wggF+\n" + + "BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE\n" + + "0QpnrLtPT/vEAAABVpjLYnEAAAQDAEcwRQIhAL6/noD1PEwlZBByj9MKJSXPrEpW\n" + + "jpL335zhD+hrmvuqAiBizohmz9W29E8DoEuhca5PzKL8lSl5DpAOUGjMN0ihmgB2\n" + + "AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABVpjLYOgAAAQDAEcw\n" + + "RQIhAIRRWFG7M/XEgivLEdgEHWVNN7hk2QdVTvjr1DfRV2c3AiADq0LWpJ3dV7Je\n" + + "2Z3zKvqJEmRFNj5Pn9TwsIcEe1iNNgB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLY\n" + + "gwDEe4l6qP3LAAABVpjLYZ8AAAQDAEcwRQIge8b8UhHJWJ8/XWGIg6rQpaVXGP6q\n" + + "evL01KFNB28t8VQCIQCzddHCr/LLTVE+dB4kZHxuW5pOB+AtZlrAAQcuLoEauDAN\n" + + "BgkqhkiG9w0BAQsFAAOCAQEAPYqfbjlMjMJ2CEoIOUih/1BBnzXXkmmqXsXFI9gJ\n" + + "/tV1u4OzYOXHwOPhy/1JHv5dtNDSzyoeagYcjxEpl64kAJHrtzYwFlrqCU1xSIwd\n" + + "qrfmupyc5JwRqGE0Q01lryCxflUikh/pyDBtsxED4r+Topb+QwVZCzIMtOr49/S9\n" + + "GHA7HJo6nwSoV6rfrnLDCtcJN4ezEzOs7MOOq9K1MiAoAOXa/maelXwqbNGVpN2p\n" + + "HihRuBRDqusdS8zNGPxhvbviCDf8mJRvFoPgk/5o6mxf6bKfjmtkWOxMApvJU3Nd\n" + + "ib1aMX9KArEiNFwHFxOSYmE8c8x/zhLlk1btOo7gQrVNyw==\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator) throws Exception { + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Tue Jul 04 04:09:55 PDT 2017", System.out); + } +} + +class ComodoUserTrustECC { + + // Owner: CN=USERTrust ECC Extended Validation Secure Server CA, O=The USERTRUST Network, + // L=Jersey City, ST=New Jersey, C=US + // Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, + // L=Jersey City, ST=New Jersey, C=US + // Serial number: 3d09b24f5c08a7ce8eb85a51d3c1aa52 + // Valid from: Sun Apr 14 17:00:00 PDT 2013 until: Fri Apr 14 16:59:59 PDT 2028 + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIDwTCCA0igAwIBAgIQPQmyT1wIp86OuFpR08GqUjAKBggqhkjOPQQDAzCBiDEL\n" + + "MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl\n" + + "eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT\n" + + "JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTMwNDE1\n" + + "MDAwMDAwWhcNMjgwNDE0MjM1OTU5WjCBlTELMAkGA1UEBhMCVVMxEzARBgNVBAgT\n" + + "Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg\n" + + "VVNFUlRSVVNUIE5ldHdvcmsxOzA5BgNVBAMTMlVTRVJUcnVzdCBFQ0MgRXh0ZW5k\n" + + "ZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMFkwEwYHKoZIzj0CAQYIKoZI\n" + + "zj0DAQcDQgAEkSRGk0F0N82ZCZ+kVZ/StqVUiWRirw1ebViS06+j+HgS9xZKRGh7\n" + + "bqSas/gNMyg1LZusGu5IvEmXmNC5hzOT06OCAYMwggF/MB8GA1UdIwQYMBaAFDrh\n" + + "CYbUzxnClnZ0SXbc4DXGY2OaMB0GA1UdDgQWBBQqnFr5TqEw2kBLK+lL8fWc3AL5\n" + + "LjAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADA/BgNVHSAEODA2\n" + + "MDQGBFUdIAAwLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9jcHMudHJ1c3QtcHJvdmlk\n" + + "ZXIuY29tMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly9jcmwudHJ1c3QtcHJvdmlk\n" + + "ZXIuY29tL1VTRVJUcnVzdEVDQ0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMIGA\n" + + "BggrBgEFBQcBAQR0MHIwRAYIKwYBBQUHMAKGOGh0dHA6Ly9jcnQudHJ1c3QtcHJv\n" + + "dmlkZXIuY29tL1VTRVJUcnVzdEVDQ0FkZFRydXN0Q0EuY3J0MCoGCCsGAQUFBzAB\n" + + "hh5odHRwOi8vb2NzcC50cnVzdC1wcm92aWRlci5jb20wCgYIKoZIzj0EAwMDZwAw\n" + + "ZAIwSzIqrW8TN9/aCfkhUtz0t8IIK+Z46z3wm+crwjThpQ/VoPgTNbvP/lGTi1xR\n" + + "qJvLAjBFa27l4uqeAQZHNJnIx1Mu9OXzoJelx1cYP7ToQUms/g+PK77yImJcXUU3\n" + + "s1rWGRU=\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=usertrustecccertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL, + // O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, + // STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ, + // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, + // SERIALNUMBER=04058690 + // Issuer: CN=USERTrust ECC Extended Validation Secure Server CA, O=The USERTRUST Network, + // L=Jersey City, ST=New Jersey, C=US + // Serial number: 9bd0c93cac9ca2edc1a7dd923316b3c6 + // Valid from: Mon Jul 03 17:00:00 PDT 2017 until: Thu Oct 03 16:59:59 PDT 2019 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIGhzCCBi2gAwIBAgIRAJvQyTysnKLtwafdkjMWs8YwCgYIKoZIzj0EAwIwgZUx\n" + + "CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz\n" + + "ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMTswOQYDVQQD\n" + + "EzJVU0VSVHJ1c3QgRUNDIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZl\n" + + "ciBDQTAeFw0xNzA3MDQwMDAwMDBaFw0xOTEwMDMyMzU5NTlaMIIBYDERMA8GA1UE\n" + + "BRMIMDQwNTg2OTAxEzARBgsrBgEEAYI3PAIBAxMCR0IxHTAbBgNVBA8TFFByaXZh\n" + + "dGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJHQjEPMA0GA1UEERMGTTUgM0VRMRsw\n" + + "GQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxFjAU\n" + + "BgNVBAkTDVRyYWZmb3JkIFJvYWQxFjAUBgNVBAkTDUV4Y2hhbmdlIFF1YXkxJTAj\n" + + "BgNVBAkTHDNyZCBGbG9vciwgMjYgT2ZmaWNlIFZpbGxhZ2UxGjAYBgNVBAoTEUNP\n" + + "TU9ETyBDQSBMaW1pdGVkMRowGAYDVQQLExFDT01PRE8gRVYgU0dDIFNTTDE7MDkG\n" + + "A1UEAxMydXNlcnRydXN0ZWNjY2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5jb21v\n" + + "ZG9jYS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQtMl8R33ZaWD6H8BW0\n" + + "+wybBf0+6+L5YYK/eyAVGm6vwjLaQZWlcdFBMKfaP1qTLi0VAabs4baSUkD8wR56\n" + + "8pVpo4IDjjCCA4owHwYDVR0jBBgwFoAUKpxa+U6hMNpASyvpS/H1nNwC+S4wHQYD\n" + + "VR0OBBYEFLOtYfOaIfDHZGubtKNELRR6A2srMA4GA1UdDwEB/wQEAwIFgDAMBgNV\n" + + "HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBQBgNVHSAE\n" + + "STBHMDwGDCsGAQQBsjEBAgEFATAsMCoGCCsGAQUFBwIBFh5odHRwczovL2Nwcy50\n" + + "cnVzdC1wcm92aWRlci5jb20wBwYFZ4EMAQEwXwYDVR0fBFgwVjBUoFKgUIZOaHR0\n" + + "cDovL2NybC50cnVzdC1wcm92aWRlci5jb20vVVNFUlRydXN0RUNDRXh0ZW5kZWRW\n" + + "YWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGYBggrBgEFBQcBAQSBizCBiDBa\n" + + "BggrBgEFBQcwAoZOaHR0cDovL2NydC50cnVzdC1wcm92aWRlci5jb20vVVNFUlRy\n" + + "dXN0RUNDRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCoGCCsG\n" + + "AQUFBzABhh5odHRwOi8vb2NzcC50cnVzdC1wcm92aWRlci5jb20wPQYDVR0RBDYw\n" + + "NIIydXNlcnRydXN0ZWNjY2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5jb21vZG9j\n" + + "YS5jb20wggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AKS5CZC0GFgUh7sTosxn\n" + + "cAo8NZgE+RvfuON3zQ7IDdwQAAABXQ0/jQ0AAAQDAEYwRAIgPbaNWgoi6OfyNwL2\n" + + "+jiySsoLrkx+0d4NJE1WnZQcfzwCICW4yvsXaMxoOXpQp3EPgrYk5Ajfvy/dY3Ui\n" + + "0/dbQtHxAHYAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFdDT+K\n" + + "xwAABAMARzBFAiB3GQasrX+akoHX02ZvXCcvhWCqv6qQOhLCUqflPoRbuAIhALwe\n" + + "hrQo8S1Tm5vbMcxGiViq5ZcawxENWhxZ9hS0BZweAHUA7ku9t3XOYLrhQmkfq+Ge\n" + + "ZqMPfl+wctiDAMR7iXqo/csAAAFdDT+M4AAABAMARjBEAiAjvp8w/fdTVW1VGE0T\n" + + "I0YcCIXTYFDgzUMsEUiKHANAgwIgETQUcac7Hiis2fgQ+GdGF9yuh+xMo2Z8QXNu\n" + + "1Cknf+8wCgYIKoZIzj0EAwIDSAAwRQIgQ5UiUI7xodmmMYNs3CmqlZHw/04BQRAR\n" + + "4gRm7blZSIMCIQDHvIWTaPzSO6vwVzs6wSD6FqebLiFxoddC6aZG8Nm0wQ==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=usertrustecccertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL, + // O=COMODO CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, + // STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ, + // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, + // SERIALNUMBER=04058690 + // Issuer: CN=USERTrust ECC Extended Validation Secure Server CA, O=The USERTRUST Network, + // L=Jersey City, ST=New Jersey, C=US + // Serial number: 4a2545ad661540057c81281ff8c101b9 + // Valid from: Tue Aug 16 17:00:00 PDT 2016 until: Fri Nov 16 15:59:59 PST 2018 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIGtzCCBlygAwIBAgIQSiVFrWYVQAV8gSgf+MEBuTAKBggqhkjOPQQDAjCBlTEL\n" + + "MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl\n" + + "eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxOzA5BgNVBAMT\n" + + "MlVTRVJUcnVzdCBFQ0MgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVy\n" + + "IENBMB4XDTE2MDgxNzAwMDAwMFoXDTE4MTExNjIzNTk1OVowggFgMREwDwYDVQQF\n" + + "EwgwNDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0\n" + + "ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExGzAZ\n" + + "BgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEWMBQG\n" + + "A1UECRMNVHJhZmZvcmQgUm9hZDEWMBQGA1UECRMNRXhjaGFuZ2UgUXVheTElMCMG\n" + + "A1UECRMcM3JkIEZsb29yLCAyNiBPZmZpY2UgVmlsbGFnZTEaMBgGA1UEChMRQ09N\n" + + "T0RPIENBIExpbWl0ZWQxGjAYBgNVBAsTEUNPTU9ETyBFViBTR0MgU1NMMTswOQYD\n" + + "VQQDEzJ1c2VydHJ1c3RlY2NjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWV2LmNvbW9k\n" + + "b2NhLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC0yXxHfdlpYPofwFbT7\n" + + "DJsF/T7r4vlhgr97IBUabq/CMtpBlaVx0UEwp9o/WpMuLRUBpuzhtpJSQPzBHnry\n" + + "lWmjggO+MIIDujAfBgNVHSMEGDAWgBQqnFr5TqEw2kBLK+lL8fWc3AL5LjAdBgNV\n" + + "HQ4EFgQUs61h85oh8Mdka5u0o0QtFHoDayswDgYDVR0PAQH/BAQDAgWAMAwGA1Ud\n" + + "EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEcGA1UdIARA\n" + + "MD4wPAYMKwYBBAGyMQECAQUBMCwwKgYIKwYBBQUHAgEWHmh0dHBzOi8vY3BzLnRy\n" + + "dXN0LXByb3ZpZGVyLmNvbTBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vY3JsLnRy\n" + + "dXN0LXByb3ZpZGVyLmNvbS9VU0VSVHJ1c3RFQ0NFeHRlbmRlZFZhbGlkYXRpb25T\n" + + "ZWN1cmVTZXJ2ZXJDQS5jcmwwgZgGCCsGAQUFBwEBBIGLMIGIMFoGCCsGAQUFBzAC\n" + + "hk5odHRwOi8vY3J0LnRydXN0LXByb3ZpZGVyLmNvbS9VU0VSVHJ1c3RFQ0NFeHRl\n" + + "bmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwKgYIKwYBBQUHMAGGHmh0\n" + + "dHA6Ly9vY3NwLnRydXN0LXByb3ZpZGVyLmNvbTB1BgNVHREEbjBsgjJ1c2VydHJ1\n" + + "c3RlY2NjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWV2LmNvbW9kb2NhLmNvbYI2d3d3\n" + + "LnVzZXJ0cnVzdGVjY2NlcnRpZmljYXRpb25hdXRob3JpdHktZXYuY29tb2RvY2Eu\n" + + "Y29tMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdQBo9pj4H2SCvjqM7rkoHUz8\n" + + "cVFdZ5PURNEKZ6y7T0/7xAAAAVaYy/EsAAAEAwBGMEQCIATN694opYRAY9yCNZXZ\n" + + "TBJapGSqKHg1GBtlifmy+WB+AiACeljNAF3VK9Ma1bbJiRtB9ZRAN7mPbzaC3wha\n" + + "+5riaAB2AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABVpjL8F8A\n" + + "AAQDAEcwRQIgLq1mfWnNQWNTtQYtNCWm8wUm1Jez6AqfzmFLKJc4NC8CIQCsaHIH\n" + + "b/nKPPyKL9hxi2o5n0K3DpnHFv5V+0dtTBjOCgB2AO5Lvbd1zmC64UJpH6vhnmaj\n" + + "D35fsHLYgwDEe4l6qP3LAAABVpjL8RMAAAQDAEcwRQIhAOR5Hx0Mq6iX7lE6mfIR\n" + + "efJknMqXCnjcDsvzk6ZiXwSQAiB31TTkVHIVyscNYsup34Vcid7nWMuZiLjEElBo\n" + + "vYYh3jAKBggqhkjOPQQDAgNJADBGAiEA0CZ8Utr9boJ2y9mfVkOv2US4Nk9oWT/y\n" + + "P5YGb+ox/EICIQCBHZdD3tPNJ5BDkIdUCjnaFkNsHJchsU8e5a+1CV4knQ==\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator) throws Exception { + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Tue Jul 04 03:51:20 PDT 2017", System.out); + } +} diff -r 971d83666b23 -r 472f74fb6c6b test/jdk/security/infra/java/security/cert/CertPathValidator/certification/DTrustCA.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/DTrustCA.java Tue Dec 12 19:20:39 2017 -0800 @@ -0,0 +1,280 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + /* + * @test + * @bug 8189131 + * @summary Interoperability tests with "D-Trust Root Class 3 CA 2 2009" and + * "D-Trust Root Class 3 CA 2 EV 2009" CAs + * @build ValidatePathWithParams + * @run main/othervm -Djava.security.debug=certpath DTrustCA OCSP + * @run main/othervm -Djava.security.debug=certpath DTrustCA CRL + */ +public class DTrustCA { + + public static void main(String[] args) throws Exception { + + ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + + boolean ocspEnabled = true; + + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + pathValidator.enableCRLCheck(); + ocspEnabled = false; + } else { + // OCSP check by default + pathValidator.enableOCSPCheck(); + } + + new RootClass3CA2().runTest(pathValidator, ocspEnabled); + new RootClass3CA2EV().runTest(pathValidator, ocspEnabled); + } +} + +class RootClass3CA2 { + + // Owner: CN=D-TRUST SSL Class 3 CA 1 2009, O=D-Trust GmbH, C=DE + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIFMjCCBBqgAwIBAgIDCZBjMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF\n" + + "MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD\n" + + "bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMTIxMjQ2NTVaFw0yOTExMDUwODM1NTha\n" + + "MEwxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJjAkBgNVBAMM\n" + + "HUQtVFJVU1QgU1NMIENsYXNzIDMgQ0EgMSAyMDA5MIIBIjANBgkqhkiG9w0BAQEF\n" + + "AAOCAQ8AMIIBCgKCAQEAoal0SyLSijE0JkuhHJmOCbmQznyxuSY7DaEwhUsdUpI+\n" + + "2llkDLz6s9BWQe1zCVXDhrt3qz5U5H4h6jxm5Ec+ZbFiU3Gv2yxpI5cRPrqj9mJU\n" + + "1CGgy1+29khuUnoopzSq66HPuGZGh06I7bJkXTQ7AQ92z1MdL2wATj1UWdNid3sQ\n" + + "NiWIm+69nURHY6tmCNenNcG6aV4qjHMUPsjpCRabNY9nUO12rsmiDW2mbAC3gcxQ\n" + + "lqLgLYur9HvB8cW0xu2JZ/B3PXmNphVuWskp3Y1u0SvIYzuEsE7lWDbBmtWZtabB\n" + + "hzThkDQvd+3keQ1sU/beq1NeXfgKzQ5G+4Ql2PUY/wIDAQABo4ICGjCCAhYwHwYD\n" + + "VR0jBBgwFoAU/doUxJ8w3iG9HkI5/KtjI0ng8YQwRAYIKwYBBQUHAQEEODA2MDQG\n" + + "CCsGAQUFBzABhihodHRwOi8vcm9vdC1jMy1jYTItMjAwOS5vY3NwLmQtdHJ1c3Qu\n" + + "bmV0MF8GA1UdIARYMFYwVAYEVR0gADBMMEoGCCsGAQUFBwIBFj5odHRwOi8vd3d3\n" + + "LmQtdHJ1c3QubmV0L2ludGVybmV0L2ZpbGVzL0QtVFJVU1RfUm9vdF9QS0lfQ1BT\n" + + "LnBkZjAzBgNVHREELDAqgRBpbmZvQGQtdHJ1c3QubmV0hhZodHRwOi8vd3d3LmQt\n" + + "dHJ1c3QubmV0MIHTBgNVHR8EgcswgcgwgYCgfqB8hnpsZGFwOi8vZGlyZWN0b3J5\n" + + "LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El\n" + + "MjAyJTIwMjAwOSxPPUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZv\n" + + "Y2F0aW9ubGlzdDBDoEGgP4Y9aHR0cDovL3d3dy5kLXRydXN0Lm5ldC9jcmwvZC10\n" + + "cnVzdF9yb290X2NsYXNzXzNfY2FfMl8yMDA5LmNybDAdBgNVHQ4EFgQUUBkylJrE\n" + + "tQRNVtDAgyHVNVWwsXowDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C\n" + + "AQAwDQYJKoZIhvcNAQELBQADggEBABM5QRHX/yInsmZLWVlvmWmKb3c4IB3hAIVR\n" + + "sAGhkvQJ/RD1GZjZUBBYMWkD1P37fTQxlqTOe3NecVvElkYZuCq7HSM6o7awzb3m\n" + + "yLn1kN+hDCsxX0EYbVSNjEjkW3QEkqJH9owH4qeMDxf7tfXB7BVKO+rarYPa2PR8\n" + + "Wz2KhjFDmAeFg2J89YcpeJJEEJXoweAkgJEEwwEIfJ2yLjYo78RD0Rvij/+zkfj9\n" + + "+dSvTiZTuqicyo37qNoYHgchuqXnKodhWkW89oo2NKhfeNHHbqvXEJmx0PbI6YyQ\n" + + "50GnYECZRHNKhgbPEtNy/QetU53aWlTlvu4NIwLW5XVsrxlQ2Zw=\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=certdemo-ov-valid.ssl.d-trust.net, O=D-Trust GmbH, OU=IT, + // L=Berlin, ST=Berlin, C=DE, SERIALNUMBER=DTRWS354803406304201, DNQ=7223150018 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIF1jCCBL6gAwIBAgIDD07RMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkRF\n" + + "MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJjAkBgNVBAMMHUQtVFJVU1QgU1NMIENs\n" + + "YXNzIDMgQ0EgMSAyMDA5MB4XDTEyMTIxMTEwMTgzN1oXDTE1MTIyMTExMTgwOVow\n" + + "gbMxEzARBgNVBC4TCjcyMjMxNTAwMTgxHTAbBgNVBAUTFERUUldTMzU0ODAzNDA2\n" + + "MzA0MjAxMQswCQYDVQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZC\n" + + "ZXJsaW4xCzAJBgNVBAsMAklUMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV\n" + + "BAMMIWNlcnRkZW1vLW92LXZhbGlkLnNzbC5kLXRydXN0Lm5ldDCCASIwDQYJKoZI\n" + + "hvcNAQEBBQADggEPADCCAQoCggEBAMbo9ih0Bo4zKaKwl+mClCxhedC3YOpBzrun\n" + + "zbqYJuy6vbHuZdMtU3nO7ziTPbnoVFboKmyEtAMwJ+qudHdWaa/nA4Hlhmg5+CWZ\n" + + "OolX3VmMlrZ+LpaeajduOgDa7DQDcixZ+ndd24Xc/u9L83CH7ziQDs4XNJxx63Wf\n" + + "lSMKBKkmvry7CfCXcsR4dYW8tTBm1PESJZVNqOKkOiwHwMA69knpXwghmDbKgZro\n" + + "01chjeyYb39ZhwHNWlxh5rgd2HZpgrl8kUY3yV9PrQcjFPbKT6ZgHfRiHlax4vbX\n" + + "qiHHcHRr7iVPruyCf0DU3BqhDVUhnrJ+vqTyg+m/OJduznF2nXcCAwEAAaOCAlcw\n" + + "ggJTMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBRQ\n" + + "GTKUmsS1BE1W0MCDIdU1VbCxejBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGG\n" + + "J2h0dHA6Ly9zc2wtYzMtY2ExLTIwMDkub2NzcC5kLXRydXN0Lm5ldDBmBgNVHSAE\n" + + "XzBdMFsGCysGAQQBpTQCgUgBMEwwSgYIKwYBBQUHAgEWPmh0dHA6Ly93d3cuZC10\n" + + "cnVzdC5uZXQvaW50ZXJuZXQvZmlsZXMvRC1UUlVTVF9Sb290X1BLSV9DUFMucGRm\n" + + "MIHRBgNVHR8EgckwgcYwgcOggcCggb2GeWxkYXA6Ly9kaXJlY3RvcnkuZC10cnVz\n" + + "dC5uZXQvQ049RC1UUlVTVCUyMFNTTCUyMENsYXNzJTIwMyUyMENBJTIwMSUyMDIw\n" + + "MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxp\n" + + "c3SGQGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfc3NsX2NsYXNz\n" + + "XzNfY2FfMV8yMDA5LmRlci5jcmwwMwYDVR0SBCwwKoEQaW5mb0BkLXRydXN0Lm5l\n" + + "dIYWaHR0cDovL3d3dy5kLXRydXN0Lm5ldDAdBgNVHQ4EFgQUHjGMR/EdDBRf+Ejf\n" + + "WW5a8beoBrwwDgYDVR0PAQH/BAQDAgSwMCwGA1UdEQQlMCOCIWNlcnRkZW1vLW92\n" + + "LXZhbGlkLnNzbC5kLXRydXN0Lm5ldDANBgkqhkiG9w0BAQsFAAOCAQEAGN4yxyF3\n" + + "sszODgDSkCNX1s4R874jmBmMYy4Af9/kwKNp2GtqPPhnDu8VFtq0bqs1e06XZ4/W\n" + + "6pUPRZIlynjPASkQl+aJGzyZlaH+K0Al80M/7FRRmLCW9Do/RszRihdhcjeyG+Bi\n" + + "2k+A35aVqKMAWzoH4M7TCPg4+ECltaFgJ+25loXl3j0yiP/DmBwATO80Nx78ILl5\n" + + "D6cDyftMKUwdKKlUsB2RMOJsVBcotBMGTB1i/YoSKIu6t7QnoVFMHEia2wZegPCj\n" + + "hBKhLf/Zde/VrSN3IIft93XRabqXWqjpDCvpb/b06/0o5aZIycrj+Kya54dsdXMO\n" + + "FRy9N0HZYzvt9g==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=certdemo-ov-revoked.ssl.d-trust.net, O=D-Trust GmbH, OU=IT, + // L=Berlin, ST=Berlin, C=DE, DNQ=5562882417 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIFuzCCBKOgAwIBAgIDExFnMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkRF\n" + + "MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJjAkBgNVBAMMHUQtVFJVU1QgU1NMIENs\n" + + "YXNzIDMgQ0EgMSAyMDA5MB4XDTE0MDYyNjE2MTg1NloXDTE1MDYyOTE2MTg1Nlow\n" + + "gZYxEzARBgNVBC4TCjU1NjI4ODI0MTcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC\n" + + "ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjELMAkGA1UECxMCSVQxFTATBgNVBAoTDEQt\n" + + "VHJ1c3QgR21iSDEsMCoGA1UEAxMjY2VydGRlbW8tb3YtcmV2b2tlZC5zc2wuZC10\n" + + "cnVzdC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtdH2wqHgG\n" + + "tqlekrfRQzJuhMzRllfYcmmsxr7jsnwgPe0+zib+GeTDm9U5+XKjT1uYETL501ov\n" + + "HfKsZ/aK+k58iFF5evEtdHic/2v868uwxcm/Kcn+zt2uX9QvfSUzJPQkW/Ynu3w2\n" + + "IhuBNBlFAJgxjYr2xMUmDrVDx1/ZfBc0ddyo87MccLZOdmqLhef8bJQ+3q6DA+Z1\n" + + "bGk1wHl9KgFNtOjlKws5nKzCzyugy+MhLo+4wPxi0UhUA7QA7fk7lWBwJ9fZRTT/\n" + + "cKfP4lUucXdQBS2ZhvpEZggjjBDhTHtZLwdfEUlf1GZ+GwD8IB9whlwqT2cS9WUR\n" + + "XI9b14TJM2zfAgMBAAGjggJZMIICVTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n" + + "BQUHAwIwHwYDVR0jBBgwFoAUUBkylJrEtQRNVtDAgyHVNVWwsXowQwYIKwYBBQUH\n" + + "AQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vc3NsLWMzLWNhMS0yMDA5Lm9jc3Au\n" + + "ZC10cnVzdC5uZXQwZgYDVR0gBF8wXTBbBgsrBgEEAaU0AoFIATBMMEoGCCsGAQUF\n" + + "BwIBFj5odHRwOi8vd3d3LmQtdHJ1c3QubmV0L2ludGVybmV0L2ZpbGVzL0QtVFJV\n" + + "U1RfUm9vdF9QS0lfQ1BTLnBkZjCB0QYDVR0fBIHJMIHGMIHDoIHAoIG9hnlsZGFw\n" + + "Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBTU0wlMjBDbGFz\n" + + "cyUyMDMlMjBDQSUyMDElMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0\n" + + "aWZpY2F0ZXJldm9jYXRpb25saXN0hkBodHRwOi8vY3JsLmQtdHJ1c3QubmV0L2Ny\n" + + "bC9kLXRydXN0X3NzbF9jbGFzc18zX2NhXzFfMjAwOS5kZXIuY3JsMDMGA1UdEgQs\n" + + "MCqBEGluZm9AZC10cnVzdC5uZXSGFmh0dHA6Ly93d3cuZC10cnVzdC5uZXQwHQYD\n" + + "VR0OBBYEFC4+5qwI2S+t/TaZ/kMADTR7FjdOMA4GA1UdDwEB/wQEAwIEsDAuBgNV\n" + + "HREEJzAlgiNjZXJ0ZGVtby1vdi1yZXZva2VkLnNzbC5kLXRydXN0Lm5ldDANBgkq\n" + + "hkiG9w0BAQsFAAOCAQEAO3sbXee7GbEyXSRZOgwk2LloPNIFriFGP8WAWnsaf056\n" + + "jxHRnjjPQRyqhBmGQAGwrEp3a3uF+6gbM2XuoKPjNFqjqnQNR2+lVRs8pVTTjJ+r\n" + + "SekcOUbCx6nIe98OBheAljAxfeal3e8bBrP3VA+QvOscaLJiC1ZsGfqvrGYJDt6b\n" + + "UFMKbNuwDcfpKkrB0AyW0NvYALwgTPr+SgbxB0Xrp0W+dg6XfHmpuRSSPUkZqzEY\n" + + "uPTmIgs7qCtVEIpV91gDFBDNfr4QbFVCNvDmMIZNMnXUEmTW81N1KUVTNdz8k5TY\n" + + "HO/7TeeAi2u0m3ERrLXE9SKtNwUMJujEOQ/UmQkIQw==\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) + throws Exception { + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + if (ocspEnabled) { + // Test certificates are expired in 2015 + // and backdated revocation check is only possible with OCSP + pathValidator.setValidationDate("Jan 01, 2015"); + } + + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Thu Jun 26 09:28:39 PDT 2014", System.out); + + // reset validation date back to current date + pathValidator.resetValidationDate(); + } +} + +class RootClass3CA2EV { + + // Owner: CN=D-TRUST SSL Class 3 CA 1 EV 2009, O=D-Trust GmbH, C=DE + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIFRTCCBC2gAwIBAgIDCZBkMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF\n" + + "MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD\n" + + "bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMTIxMjUyNDNaFw0yOTExMDUwODUw\n" + + "NDZaME8xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKTAnBgNV\n" + + "BAMMIEQtVFJVU1QgU1NMIENsYXNzIDMgQ0EgMSBFViAyMDA5MIIBIjANBgkqhkiG\n" + + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygp+ZziakFyPq80fk1QIT9UCcPy0R3UIyq56\n" + + "hXA6lhgfs1l9R9wRM9/DIVX2olb0gHCXdpnHRm+jwzeL3dHJO8Im5Om/c24ZfSVE\n" + + "zBcgKxS5X7X5e7oCYb9tozd9xs04WqYd5kWrvCJsSQf5gtv5gAeJt+QiU7dtXs3A\n" + + "YDflWv4g9eEaDExxM0VQmceEAo5qc7I7dk5ry356G14zQmr29cxie6YS0kH+7qn5\n" + + "g+c21M01sENle0tBPxIfkv+nV95Ih3JkpHSPm/wgFKfCtwRtG+5VehUoMEpgfi0X\n" + + "fmVkag558aQpaaeQCtYZnXuq6g1D1LAcjIqMpOP4wNRp1ldLzQIDAQABo4ICJzCC\n" + + "AiMwHwYDVR0jBBgwFoAU05SKTGITKhkuzK9yin0215oc3GcwRwYIKwYBBQUHAQEE\n" + + "OzA5MDcGCCsGAQUFBzABhitodHRwOi8vcm9vdC1jMy1jYTItZXYtMjAwOS5vY3Nw\n" + + "LmQtdHJ1c3QubmV0MF8GA1UdIARYMFYwVAYEVR0gADBMMEoGCCsGAQUFBwIBFj5o\n" + + "dHRwOi8vd3d3LmQtdHJ1c3QubmV0L2ludGVybmV0L2ZpbGVzL0QtVFJVU1RfUm9v\n" + + "dF9QS0lfQ1BTLnBkZjAzBgNVHREELDAqgRBpbmZvQGQtdHJ1c3QubmV0hhZodHRw\n" + + "Oi8vd3d3LmQtdHJ1c3QubmV0MIHdBgNVHR8EgdUwgdIwgYeggYSggYGGf2xkYXA6\n" + + "Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049RC1UUlVTVCUyMFJvb3QlMjBDbGFz\n" + + "cyUyMDMlMjBDQSUyMDIlMjBFViUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURF\n" + + "P2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwRqBEoEKGQGh0dHA6Ly93d3cuZC10\n" + + "cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfZXZfMjAwOS5j\n" + + "cmwwHQYDVR0OBBYEFKztpZ16orZD8RiKJWpsscyo8lrUMA4GA1UdDwEB/wQEAwIB\n" + + "BjASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQA6I3sGyvb4\n" + + "MdTyEZFBBWBN/5Kx1SVkkPsll8DvgosJiuuK4I7mD6FFKDjKgogr407EoDSS2t1+\n" + + "pSmQCb0rNXoJT3YIlpZGqPYU2rcwrelabJQZWAfoRnbkDx2aqofhp5u45dyQpM2t\n" + + "R93/oA36iuHYc9Ewq8CaLGolrpT138RD7i4nN7sZFuFH0IseNz0+EZm88NHi9WeJ\n" + + "UyshWFKBKARi+589Y4P/G2XnbckxFKUxa7uEroZcMwvKBy469K0Au0zVTxs1zNtf\n" + + "Ol3QkNgPwzOPeHhOnpzcenyPgNEm+HQ0FPTnB4HeKBqTeLpkM7h4gq5MZ2TPmfuX\n" + + "KDz3AHrWLLdH\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=certdemo-ev-revoked.ssl.d-trust.net, O=D-Trust GmbH, OU=IT, + // STREET=Berlin, OID.2.5.4.17=10969, L=Berlin, ST=Berlin, C=DE, + // SERIALNUMBER=HRB74346, OID.2.5.4.15=Private Organization, + // OID.1.3.6.1.4.1.311.60.2.1.1=Berlin, OID.1.3.6.1.4.1.311.60.2.1.2=Berlin, + // OID.1.3.6.1.4.1.311.60.2.1.3=DE, DNQ=4028175542 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIGZDCCBUygAwIBAgIDExFtMA0GCSqGSIb3DQEBCwUAME8xCzAJBgNVBAYTAkRF\n" + + "MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKTAnBgNVBAMMIEQtVFJVU1QgU1NMIENs\n" + + "YXNzIDMgQ0EgMSBFViAyMDA5MB4XDTE0MDYyNjE2NDMyOFoXDTE1MDYyOTE2NDMy\n" + + "OFowggEwMRMwEQYDVQQuEwo0MDI4MTc1NTQyMRMwEQYLKwYBBAGCNzwCAQMMAkRF\n" + + "MRcwFQYLKwYBBAGCNzwCAQIMBkJlcmxpbjEXMBUGCysGAQQBgjc8AgEBDAZCZXJs\n" + + "aW4xHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMREwDwYDVQQFEwhIUkI3\n" + + "NDM0NjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVy\n" + + "bGluMQ4wDAYDVQQRDAUxMDk2OTEPMA0GA1UECRMGQmVybGluMQswCQYDVQQLEwJJ\n" + + "VDEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSwwKgYDVQQDEyNjZXJ0ZGVtby1ldi1y\n" + + "ZXZva2VkLnNzbC5kLXRydXN0Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\n" + + "AQoCggEBAMjX4zZxaSl+7eLXXVyO1HzQTymgsI4WlMpVMczyA21kXnx4iBZ9JeHW\n" + + "W3Jv4SxxqtHut98eCq30r7yniCy7zGX35iuSy2zMf0u0tRraP5b2c590UMRgKOSU\n" + + "DvahC+SlyJWGimt2Dtej2T1kcQvhUmonUkIimQOpM0MOIFxB5d494TzkQAYOV6yb\n" + + "AHoIsMWMeMm24Rr6o8QnJqhb9A13keYRK8t0u7F5+fvONlFT2YnjbCoRlxa48i1b\n" + + "PZwtE/NZ4bpZmv765tyfl9R5FatANnuja04Dd9StbTbjDezYzilF4qpSWtSKwmEl\n" + + "J6fRxJ1kNAEThyzNZMnFjh8htZ7PL18CAwEAAaOCAmQwggJgMB0GA1UdJQQWMBQG\n" + + "CCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBSs7aWdeqK2Q/EYiiVqbLHM\n" + + "qPJa1DBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9zc2wtYzMt\n" + + "Y2ExLWV2LTIwMDkub2NzcC5kLXRydXN0Lm5ldDBmBgNVHSAEXzBdMFsGCysGAQQB\n" + + "pTQCgUoBMEwwSgYIKwYBBQUHAgEWPmh0dHA6Ly93d3cuZC10cnVzdC5uZXQvaW50\n" + + "ZXJuZXQvZmlsZXMvRC1UUlVTVF9Sb290X1BLSV9DUFMucGRmMIHZBgNVHR8EgdEw\n" + + "gc4wgcuggciggcWGfmxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049RC1U\n" + + "UlVTVCUyMFNTTCUyMENsYXNzJTIwMyUyMENBJTIwMSUyMEVWJTIwMjAwOSxPPUQt\n" + + "VHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdIZDaHR0\n" + + "cDovL2NybC5kLXRydXN0Lm5ldC9jcmwvZC10cnVzdF9zc2xfY2xhc3NfM19jYV8x\n" + + "X2V2XzIwMDkuZGVyLmNybDAzBgNVHRIELDAqgRBpbmZvQGQtdHJ1c3QubmV0hhZo\n" + + "dHRwOi8vd3d3LmQtdHJ1c3QubmV0MB0GA1UdDgQWBBTFei056yoNM1HWYbBCixQw\n" + + "wXnf0TAOBgNVHQ8BAf8EBAMCBLAwLgYDVR0RBCcwJYIjY2VydGRlbW8tZXYtcmV2\n" + + "b2tlZC5zc2wuZC10cnVzdC5uZXQwDQYJKoZIhvcNAQELBQADggEBALv0OA+x401T\n" + + "CvGQL1Ah7rclRgtxT3UjmphiLs9EE1YbweIUrN3R4tZuryyv9xslAoLCfMrHUe+f\n" + + "jv1hsKqw+gGlrA8d5VnAqKfUR+KCiZivdlQ2sl4PDTZWpUQYlBnjQrD8h6UrcgTA\n" + + "g1zUpDnioAKAQSWWxHVpcOX0IXCl3RgRz0GqUIZQ0Q8ZwYbIDEI+JzDEJgKkTzet\n" + + "uzin8P54PjuJO801gENp43z++xHVuBcEWkU0TMDbmdL9vPZqnxsaoL5e/llGzor5\n" + + "6JbU6Fc0MkuziaLPUsIxVVx3ZhZ6UFdv34swKyq6ycvKW2fgccwsQCFMrVjIo6HR\n" + + "qiZC9Z+23vM=\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) + throws Exception { + // Validate valid + // Valid cert received as test artifact was revoked so remove test + + // Validate Revoked + if (ocspEnabled) { + // Revoked certificates are expired in 2015 + // and backdated revocation check is only possible with OCSP + pathValidator.setValidationDate("Jan 01, 2015"); + } + + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Thu Jun 26 09:45:14 PDT 2014", System.out); + + // reset validation date back to current date + pathValidator.resetValidationDate(); + } +} diff -r 971d83666b23 -r 472f74fb6c6b test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java Tue Dec 12 19:20:39 2017 -0800 @@ -0,0 +1,181 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + /* + * @test + * @bug 8189131 + * @summary Interoperability tests with Let's Encrypt CA + * @build ValidatePathWithParams + * @run main/othervm -Djava.security.debug=certpath LetsEncryptCA OCSP + * @run main/othervm -Djava.security.debug=certpath LetsEncryptCA CRL + */ + + /* + * "Lets Encrypt Authority X1" intermediate CA is retired. + * Test certs should be chained through "Lets Encrypt Authority X3" CA. + * + * Obtain TLS test artifacts for Let's Encrypt CA from: + * + * Valid TLS Certificates: + * https://valid-isrgrootx1.letsencrypt.org/ + * + * Revoked TLS Certificates: + * https://revoked-isrgrootx1.letsencrypt.org/ + * + * Test artifacts don't have CRLs listed. + */ +public class LetsEncryptCA { + + // Owner: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US + // Issuer: CN=ISRG Root X1, O=Internet Security Research Group, C=US + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAw\n" + + "TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n" + + "cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1\n" + + "WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\n" + + "RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEi\n" + + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX\n" + + "NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf\n" + + "89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl\n" + + "Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc\n" + + "Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz\n" + + "uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB\n" + + "AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU\n" + + "BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB\n" + + "FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo\n" + + "SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js\n" + + "LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF\n" + + "BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG\n" + + "AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD\n" + + "VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB\n" + + "ABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGx\n" + + "A/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRM\n" + + "UM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2\n" + + "DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1\n" + + "eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOu\n" + + "OsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vw\n" + + "p7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY\n" + + "2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0\n" + + "ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKR\n" + + "PB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5b\n" + + "rUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=valid-isrgrootx1.letsencrypt.org + // Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US + // Serial number: 36916d6db9151ad4428d458a32eae518671 + // Valid from: Wed Nov 08 07:00:24 PST 2017 until: Tue Feb 06 07:00:24 PST 2018 + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIFIzCCBAugAwIBAgISA2kW1tuRUa1EKNRYoy6uUYZxMA0GCSqGSIb3DQEBCwUA\n" + + "MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD\n" + + "ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzExMDgxNTAwMjRaFw0x\n" + + "ODAyMDYxNTAwMjRaMCsxKTAnBgNVBAMTIHZhbGlkLWlzcmdyb290eDEubGV0c2Vu\n" + + "Y3J5cHQub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyugIOCxl\n" + + "4p0Rrs4aggnzKGYezhMyyvqlBgVBkf3DJV5uHbz/B/CxcoFo2rZzIetJEsb7Qnt1\n" + + "U8L2O5BKnBeOsI5eFv6WUAQs96VayQ09+xCV3jSNjVpbmKKp1TNWboF/V+EDFq6f\n" + + "fxK9h+b88RhBn4gfe+BorPnVTmZZQHgcZCjMGyzlXt68r45dXmZOuh0855Y7z6Et\n" + + "wCHTT8k/7VC0DTIs0+veKv+yblUqwGD0htdOh7POkQGfBeJ432FsCCcLCDjg2Jj2\n" + + "oYQNpLao55ZnVJGXfP8dJpHqJvuEQVuNT1TbHTs4x7IMftqGcPuhXKhA5FCVf0Hb\n" + + "osbVmZ/b2b/WswIDAQABo4ICIDCCAhwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW\n" + + "MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQZ\n" + + "Mod3QzNPUL56tDMtELpCiwkQOTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv\n" + + "86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmlu\n" + + "dC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0Lmlu\n" + + "dC14My5sZXRzZW5jcnlwdC5vcmcvMCsGA1UdEQQkMCKCIHZhbGlkLWlzcmdyb290\n" + + "eDEubGV0c2VuY3J5cHQub3JnMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsr\n" + + "BgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlw\n" + + "dC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25s\n" + + "eSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4g\n" + + "YWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQg\n" + + "aHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQEL\n" + + "BQADggEBAFBiwKeCZfIh8a7x0Y5QEqGwejil/BY6MOVuIU9FRIJKmhJGdh6lI6ln\n" + + "zlBbMZBAjZ+TqDxU0pvM1AsRDyCqt8GbCAC2xQsGyATLdCjedLQ7U7ORm7pBZdbe\n" + + "cT7h9Sblj53o5MKa1yFeS89WGjI4UueUemGxp7EQjat0NeAvbnpU+YmuevNYKX2M\n" + + "kK33reMC+rgD+wKet1CXcB/ZYl3fDzVH3SwkT/bKW5bsuwxBuD2noScnKCitRgiv\n" + + "Ew7YjwqNOm2naki/xr2sfJirR+lJtZ9KC3H8xWeEHrD8Cf7pnmMYqV59uR+hJwMP\n" + + "YsjjDbDFCmNN9FBqDwvXs7g86ttkdC8=\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=revoked-isrgrootx1.letsencrypt.org + // Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US + // Serial number: 3ddd39c0755648d6687a5d8ded37775657e + // Valid from: Wed Nov 08 07:00:32 PST 2017 until: Tue Feb 06 07:00:32 PST 2018 + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIFJzCCBA+gAwIBAgISA93TnAdVZI1mh6XY3tN3dWV+MA0GCSqGSIb3DQEBCwUA\n" + + "MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD\n" + + "ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzExMDgxNTAwMzJaFw0x\n" + + "ODAyMDYxNTAwMzJaMC0xKzApBgNVBAMTInJldm9rZWQtaXNyZ3Jvb3R4MS5sZXRz\n" + + "ZW5jcnlwdC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5qlZ0\n" + + "jslNLn/1uICdZPwflcvsoA2S2Nk+O7cPNew+KQmSIf+LK9AbaWHCkABKx1GdMtfN\n" + + "4Q/nKBtzqZ5jX1V1XbPqPd1eeyJo0rNaDFk/gEUHw/zIYi1AtsxVHztMqOXRcsw+\n" + + "6QHRKU2XFVsfSctMv+MKnMTEJZARyhr5ur9bQ4/LmxPMhrlHAst97hiSsXKXeyMK\n" + + "DWPHmUDn1vz/1mwLMaeYYmuhuRP5HNwYq+LdYvjMV580i6LHY72TwQCfVgOHfqI0\n" + + "larISk2p4q6DmTEEiAzJB3yEYaxDn0kEXbKhL9efDC+eirVFa0ta2OnH87s9L8z9\n" + + "fm9JIiSFM9ATQ16/AgMBAAGjggIiMIICHjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l\n" + + "BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE\n" + + "FP64lxiV8KwkkzoNaM7iuwX8UBG/MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZF\n" + + "Ze/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3Au\n" + + "aW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQu\n" + + "aW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLQYDVR0RBCYwJIIicmV2b2tlZC1pc3Jn\n" + + "cm9vdHgxLmxldHNlbmNyeXB0Lm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB\n" + + "5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2Vu\n" + + "Y3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5\n" + + "IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5\n" + + "IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5k\n" + + "IGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3\n" + + "DQEBCwUAA4IBAQCBiokogdgIZxwuPSr43S4GZ9FwrpZNMHADMEZB8ykuotJBGyr1\n" + + "QLWDVeoAJ8OIi1AzjcdwKFQks/MKUJwxJ9hYmm9aM14d5lMKGTyoLSI/Z/Vrpx8w\n" + + "0GpktSK0WfPeLBHuSpMdrIMWyziSu/bdZtiOIIvMasFwyRhDgII++CIdsnboWXF+\n" + + "DZcwy0Yd6XzirXuwENwaWrkrbZPr/JB0xLFmydqXAnA1VFTudwL87q4CTlEo8EiD\n" + + "ucKZ/vAhD+ip3/kQFXg90om+9TdHo8D8GxTC1CLZteJt+nqWFRj0e/7eCXIZuUBE\n" + + "aSsFCd5RNTHs6tioN9vYJqLojObgF75MgIAC\n" + + "-----END CERTIFICATE-----"; + + public static void main(String[] args) throws Exception { + + ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + pathValidator.enableCRLCheck(); + + // Validate int, EE certs don't have CRLs + pathValidator.validate(new String[]{INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + return; + } else { + // OCSP check by default + pathValidator.enableOCSPCheck(); + } + + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Wed Nov 08 08:00:35 PST 2017", System.out); + + } +} diff -r 971d83666b23 -r 472f74fb6c6b test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java Tue Dec 12 19:20:39 2017 -0800 @@ -0,0 +1,473 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + /* + * @test + * @bug 8189131 + * @summary Interoperability tests with QuoVadis Root CA1, CA2, and CA3 CAs + * @build ValidatePathWithParams + * @run main/othervm -Djava.security.debug=certpath QuoVadisCA OCSP + * @run main/othervm -Djava.security.debug=certpath QuoVadisCA CRL + */ + + /* + * Obtain TLS test artifacts for QuoVadis CAs from: + * + * Valid TLS Certificates: + * CA1: https://qvica1g3-v.quovadisglobal.com + * CA2: https://qvsslicag3-v.quovadisglobal.com + * CA2 EV: https://evsslicag3-v.quovadisglobal.com + * CA3: https://qvica3g3-v.quovadisglobal.com + * + * Revoked TLS Certificates: + * CA1: https://qvica1g3-r.quovadisglobal.com + * CA2: https://qvsslicag3-r.quovadisglobal.com + * CA2 EV: https://evsslicag3-r.quovadisglobal.com + * CA3: https://qvica3g3-r.quovadisglobal.com + */ +public class QuoVadisCA { + + public static void main(String[] args) throws Exception { + + ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + + boolean ocspEnabled = true; + + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + pathValidator.enableCRLCheck(); + ocspEnabled = false; + } else { + // OCSP check by default + pathValidator.enableOCSPCheck(); + } + + new RootCA1().runTest(pathValidator, ocspEnabled); + new RootCA2().runTest(pathValidator, ocspEnabled); + new RootCA3().runTest(pathValidator, ocspEnabled); + } +} + +class RootCA1 { + + // Owner: CN=QuoVadis Issuing CA 1 G3, O=QuoVadis Limited, C=BM + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIGFTCCA/2gAwIBAgIUPybG62jqpxKYOV5MlXAGPJYDy9MwDQYJKoZIhvcNAQEL\n" + + "BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc\n" + + "BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjExMDYxNjA5NTJaFw0y\n" + + "MjExMDYxNjA5NTJaMEsxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM\n" + + "aW1pdGVkMSEwHwYDVQQDExhRdW9WYWRpcyBJc3N1aW5nIENBIDEgRzMwggIiMA0G\n" + + "CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2Ud42yCfjYm4WlQ+nhTpZ9aPp0r8a\n" + + "yz+kKpPxc8ZWvEi7HDPhr7f5nWnEruHE0HbH8WyFGE+sICF788VpZLbFhL4wbIWV\n" + + "tHIrYan7+yL2yoNbHUBgeWxa48P96WxrW34K/OyQkJoSvY4iNk4BGI0wOYD9wsl9\n" + + "6wIaQFNu25Wsv0CcDSsyNjw8O8Ib6dmS6iib+KnZlKJnYqSTrzbnzf/2CU+Wb9V0\n" + + "yExk7shcfDpqxo9yyyEBPP1GUEb5SSr9qXYP2d4UsrRIgzKpD5feqdjk6ZGA4xeM\n" + + "JHo6GLjddNvVvopaKaLrDzlOXgqgbMIPQu+xkzpKW3IJOylxN55oVuH25MwbS9IL\n" + + "kDMv//kdiTUl1wXERZiUmcBdpWt9D9liyVxe5+HeI5VlhDuHsxDoPFmoOGTa6brX\n" + + "PXlNc0xji+grBQjIRNs43T5+GyYzCyjzG3dSb0BTYGLnfUAEQ1+MCC3K33DKL/me\n" + + "iUrWNclh85BQQigJr5HNLym3+J6Jf0OCnq4VmD1OFrhZrui02Xmz/hOECK2Mciga\n" + + "DxRgXBKjLebV0RW3j6libuPiKbxSinfqNqf2Q9eCfKrzgWQkuCHZvkt0Cqgzjbm1\n" + + "n5xu9zXR8YG5/680Nyb3tywUb6FhA8l1L/KLoK79RGjKgPotCog6Ykvy/667jlyo\n" + + "ZII0YUf6S3uyeQIDAQABo4HzMIHwMBIGA1UdEwEB/wQIMAYBAf8CAQEwEQYDVR0g\n" + + "BAowCDAGBgRVHSAAMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDov\n" + + "L29jc3AucXVvdmFkaXNnbG9iYWwuY29tMA4GA1UdDwEB/wQEAwIBBjAfBgNVHSME\n" + + "GDAWgBSjl9bzXqIQ4atFnzwXZDzuAXCczDA7BgNVHR8ENDAyMDCgLqAshipodHRw\n" + + "Oi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdnJjYTFnMy5jcmwwHQYDVR0OBBYE\n" + + "FF0EGBL7w+p4fbRXCaH+bf6Cn2TNMA0GCSqGSIb3DQEBCwUAA4ICAQAF6qNCo3LP\n" + + "Qk8jthU1aiuo5WW9jQC+PqWeyVe4JjHK+5PRM+BtoErOItfZyPqoIBMedC/Ya9L1\n" + + "Sv0gncvifjtTD3jIBz0FVCbIMJLRp63b4qtmAGuB00XTXgCFcYoiIq5kyNedJnLe\n" + + "IxMqb0xx8IAqvP9kfEVNdGfvYraSswiGXADftZ3yM24zIc3Ysewi3JeTbzDhEGfb\n" + + "yv9eBplkfKfcoKyOds4sLcxj1QpUxcXgjX1mKTbfOSD5ac/Cjrz6Kqnl2+PNrc5N\n" + + "kXBVKhcCAjpqX5OyI86IUg9XY8i7Lz+tXzAQhllh+rPyTyAmieGf2iV9wrl//OZB\n" + + "l2nXwbgfA7QwQ2VdsmGJfW3a7Zc13GCNx0M2RUGJKLMJOavY72d41wAYPQ46AXls\n" + + "Ic7RJi6EWmwLi6lvw4kKFfWZ0c6vIJur1hLUUmLOt0UBZ226eIREVpmFbDGOLzfl\n" + + "gU0xKhqmU0aIOORzBGDfOrnctvaXORNNhCZ78zS96Egzu2w2OC47Zry7k+EOatzA\n" + + "5zrdJJM3UP7aMSNPvEygbcFUw2I04vpxUuPYTwCtogqNMHqFbCjLM9YxhzsGMdh/\n" + + "9aD1krboaSXUjrS9cOr5P2A9kFHCMsXBaDoaijQXNeyhu+oCeYsdv4S3djFwDW3+\n" + + "iPLo51aqZGsTZ1S22vYdkp+QFByLtArVMQ==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=qvica1g3-v.quovadisglobal.com, O=QuoVadis Limited, L=Hamilton, + // ST=Pembroke, C=BM + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIF9DCCA9ygAwIBAgIUGug3BoLw4/auIdDQ0mHS6QnPHB8wDQYJKoZIhvcNAQEL\n" + + "BQAwSzELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxITAf\n" + + "BgNVBAMTGFF1b1ZhZGlzIElzc3VpbmcgQ0EgMSBHMzAeFw0xNDExMTQxNDA1MDda\n" + + "Fw0xNzExMTQxNDA0NTFaMHYxCzAJBgNVBAYTAkJNMREwDwYDVQQIEwhQZW1icm9r\n" + + "ZTERMA8GA1UEBxMISGFtaWx0b24xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQx\n" + + "JjAkBgNVBAMTHXF2aWNhMWczLXYucXVvdmFkaXNnbG9iYWwuY29tMIIBIjANBgkq\n" + + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHoNPHE0C/tEwI5jeYvKJdo5SXSccB/c\n" + + "nCHJVs/4i9F8oRmPqNiFMD99UVylk4nn8iqi8MoxrFAhqtmplPslgRDLwyLMmnGO\n" + + "1cNoPKGMKxQq9EerBgSk4wqeSsSH+7qnZhCamIlvEm0PUaEH8rcjXokTs0fyjadF\n" + + "UmVwcmSZdmnNjseOMgm+G6C8tEPHRQl/Oezy6DzS9PQVLUFCBSyOaAgDnr4EvwGE\n" + + "u2fd3m+ys80XXGq4eLy1MmuC7U+bIQuupuydk/S7kVh7Rl+5nT1eTv0LEOj5gYFc\n" + + "C5SBnhiLibuRTOr+LsC9HpvN4vnoCaOogWxDQj/f1KRn45PNJncsbwIDAQABo4IB\n" + + "ozCCAZ8wdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5x\n" + + "dW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92\n" + + "YWRpc2dsb2JhbC5jb20vcXZpY2ExZzMuY3J0MCgGA1UdEQQhMB+CHXF2aWNhMWcz\n" + + "LXYucXVvdmFkaXNnbG9iYWwuY29tMFEGA1UdIARKMEgwRgYMKwYBBAG+WAACZAEB\n" + + "MDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL3Jl\n" + + "cG9zaXRvcnkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\n" + + "BgEFBQcDAjAfBgNVHSMEGDAWgBRdBBgS+8PqeH20Vwmh/m3+gp9kzTA7BgNVHR8E\n" + + "NDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmljYTFn\n" + + "My5jcmwwHQYDVR0OBBYEFJO98+S7NZMTz2JRogpUwLuxjTa0MA0GCSqGSIb3DQEB\n" + + "CwUAA4ICAQCq1O/BnzpQjbTbmEob/bWH/p92ZYRV0Lr01CdYkRXl4XKL2ZLusel6\n" + + "126AIvAK51o65wiGVaLGs49AKXOjcaAnTfwoFembqFRlBiGFSOdglTIsZUGdmhtP\n" + + "x1meetkOY8bY79viGkVCufAVq0hAF+AYh4nYM+/n7IijIcM5uhzIDb2Vw8+wKPTB\n" + + "7k2K/e1GGwbqrIAkjrZ6kpRg632RkbR18anaDVOgXuKzmZMRbIAii/N+lo7u3DhC\n" + + "5mJEIjP4cQXd569AfKQzvBO+syGDAJyX5PbTrd59IXZ+EjiisIq/DNQi6QalWMfS\n" + + "BnK97nUzH/BjAofMaUufbB8dxg+RT0QC/Yl1lmlA3CYmr6YWn06DiAuWL14ZFFwh\n" + + "2HQ7juU9oQ1I/HTfhVBoTzuKGCW1ZNXA64IdKlBsYp8NO9xKjBWIxwU/+S/IgoQP\n" + + "aTNkY4Mc353bdLi9082JwaiQ9B5eH0V9pZ17OSRU44o2TeDDT85sjF+krqCnnolR\n" + + "3lk7iqYDRHsvgqJqtkhhX/boF3wJAnKqaZ6j97PVqV75kwAak7XaH7C50RsPQGk2\n" + + "j5OFa6ioobW7tN5PfWAZPMZn98yX2Wh8Z95aGhdsHSJHsrlcUiWa+X2D1kF/dOKd\n" + + "R8rPqdPIPjUglrXS4yP+cJHx6fCJxW7me1R60lpuL6JNvHp54u7GGA==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=qvica1g3-r.quovadisglobal.com, O=QuoVadis Limited, L=Hamilton, + // ST=Pembroke, C=BM + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIF9DCCA9ygAwIBAgIUBAG4l0ZPYhEdLJSMWYCr7LHngvswDQYJKoZIhvcNAQEL\n" + + "BQAwSzELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxITAf\n" + + "BgNVBAMTGFF1b1ZhZGlzIElzc3VpbmcgQ0EgMSBHMzAeFw0xMjExMTQxMzQ4MDda\n" + + "Fw0xNDExMTQxMzQ4MDdaMHYxCzAJBgNVBAYTAkJNMREwDwYDVQQIEwhQZW1icm9r\n" + + "ZTERMA8GA1UEBxMISGFtaWx0b24xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQx\n" + + "JjAkBgNVBAMTHXF2aWNhMWczLXIucXVvdmFkaXNnbG9iYWwuY29tMIIBIjANBgkq\n" + + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlof1qJLTiqI7bf0IU7zOxy0HqjIn0pW\n" + + "lNIEVAjQRR1jnfpsMapicIGZfnnNaYpwdsIjGPwpvWXGA+30ezJNGfWMjhb/tiis\n" + + "qjrHdwXAob5MyXOXP5ZS8K34GwKeL45oJZZG0cf2FSta9/CSsRC9wnDUp/kA+VkH\n" + + "n5vlg7VpUExYO0CBXe4C4ehnvCZHjW5nqpVpm993f9i8E0W3vHPxjGuyuqVEEfma\n" + + "WfOV78+HF4hxALnr+73mp0i6Do2oa/v85mZzyKeBm2YHhwdQ6CC7UZtABlHyWuz9\n" + + "h/ocTGbX92rbUaW6icu9bKQkQ9jsomnQkU5b8CWseo2O0NXBevvCowIDAQABo4IB\n" + + "ozCCAZ8wdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5x\n" + + "dW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92\n" + + "YWRpc2dsb2JhbC5jb20vcXZpY2ExZzMuY3J0MCgGA1UdEQQhMB+CHXF2aWNhMWcz\n" + + "LXIucXVvdmFkaXNnbG9iYWwuY29tMFEGA1UdIARKMEgwRgYMKwYBBAG+WAACZAEB\n" + + "MDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL3Jl\n" + + "cG9zaXRvcnkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\n" + + "BgEFBQcDAjAfBgNVHSMEGDAWgBRdBBgS+8PqeH20Vwmh/m3+gp9kzTA7BgNVHR8E\n" + + "NDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmljYTFn\n" + + "My5jcmwwHQYDVR0OBBYEFNrefqnat67/DMlw0Z/xdQ478leyMA0GCSqGSIb3DQEB\n" + + "CwUAA4ICAQBG1TxJNbWzG4ShZefK4wEdScBzxSB7StYO3mmIP2D3LTlEk+zWjDVP\n" + + "ERPL41Si92asMHvMai7GcFT82XyHxsQGZIPcgIm+rC2NiSPDx2Vd6lkMaO8J9mrU\n" + + "3Z4Ks3G5HmszQ/gXRT3DCoNng+k+JqdZjrvMcsGTH+AzRdoinwOi+QnpphAcZRhS\n" + + "Io8C7w9osUPYFdDaE3Io+oYr2mWJg4n+FGsjxunQgIhLiiNaVF8zHxER7gW0YsCW\n" + + "vw1jX0dmfQZSdo2ybVeHuznUxtUWRHJ/nv6v2B2anUsVEbPyrpQ3i9+BzWaYolPU\n" + + "ZYxfMHBQ7HvncRP6rgrHF4x+iOnIxWsErYdEj5nQJkptYbVl41VzO6xMP7WvXFPa\n" + + "dqxwihqILRmAZrI9p/6k/HqV9xMPKprUhnWDGQ/bYnPKyXoTx6uwamaonX4DpW83\n" + + "b3CJTvBHwKh5eJQoBykAkakPdrmbOhe4/XWnDqQVUgJNmEvkg33AexviJo4mW3HG\n" + + "K2MdM60GRIC3Lcnd+Q8SnSCCxp+YtuE/C3Fu8VI/8vz9MC159GGtDzyC7OeKPCpU\n" + + "7H1X0X/OhBkiv7anK/oIhtSw+4DrM2eaVjdWkEa+di2jvI/2us8TXxO1LL+eeSxT\n" + + "E+LbdNO0jSp8azw2Aw4zL+Q41Fzt7OlH7mTkw1mxLF3aWsUNUz/p4w==\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) + throws Exception { + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + if (ocspEnabled) { + // Revoked certificates are expired in Nov 2014 + // and backdated revocation check is only possible with OCSP + pathValidator.setValidationDate("Jan 01, 2014"); + } + + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Thu Jan 03 23:47:34 PST 2013", System.out); + + // reset validation date back to current date + pathValidator.resetValidationDate(); + } +} + +class RootCA2 { + + // Owner: CN=QuoVadis Global SSL ICA G3, O=QuoVadis Limited, C=BM + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIGFzCCA/+gAwIBAgIUftbnnMmtgcTIGT75XUQodw40ExcwDQYJKoZIhvcNAQEL\n" + + "BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc\n" + + "BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjExMDYxNDUwMThaFw0y\n" + + "MjExMDYxNDUwMThaME0xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM\n" + + "aW1pdGVkMSMwIQYDVQQDExpRdW9WYWRpcyBHbG9iYWwgU1NMIElDQSBHMzCCAiIw\n" + + "DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANf8Od17be6c6lTGJDhEXpmkTs4y\n" + + "Q39Rr5VJyBeWCg06nSS71s6xF3sZvKcV0MbXlXCYM2ZX7cNTbJ81gs7uDsKFp+vK\n" + + "EymiKyEiI2SImOtECNnSg+RVR4np/xz/UlC0yFUisH75cZsJ8T1pkGMfiEouR0EM\n" + + "7O0uFgoboRfUP582TTWy0F7ynSA6YfGKnKj0OFwZJmGHVkLs1VevWjhj3R1fsPan\n" + + "H05P5moePFnpQdj1FofoSxUHZ0c7VB+sUimboHm/uHNY1LOsk77qiSuVC5/yrdg3\n" + + "2EEfP/mxJYT4r/5UiD7VahySzeZHzZ2OibQm2AfgfMN3l57lCM3/WPQBhMAPS1jz\n" + + "kE+7MjajM2f0aZctimW4Hasrj8AQnfAdHqZehbhtXaAlffNEzCdpNK584oCTVR7N\n" + + "UR9iZFx83ruTqpo+GcLP/iSYqhM4g7fy45sNhU+IS+ca03zbxTl3TTlkofXunI5B\n" + + "xxE30eGSQpDZ5+iUJcEOAuVKrlYocFbB3KF45hwcbzPWQ1DcO2jFAapOtQzeS+MZ\n" + + "yZzT2YseJ8hQHKu8YrXZWwKaNfyl8kFkHUBDICowNEoZvBwRCQp8sgqL6YRZy0uD\n" + + "JGxmnC2e0BVKSjcIvmq/CRWH7yiTk9eWm73xrsg9iIyD/kwJEnLyIk8tR5V8p/hc\n" + + "1H2AjDrZH12PsZ45AgMBAAGjgfMwgfAwEgYDVR0TAQH/BAgwBgEB/wIBATARBgNV\n" + + "HSAECjAIMAYGBFUdIAAwOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRw\n" + + "Oi8vb2NzcC5xdW92YWRpc2dsb2JhbC5jb20wDgYDVR0PAQH/BAQDAgEGMB8GA1Ud\n" + + "IwQYMBaAFO3nb3Zav2DsSVvGpXe7chZxm8Q9MDsGA1UdHwQ0MDIwMKAuoCyGKmh0\n" + + "dHA6Ly9jcmwucXVvdmFkaXNnbG9iYWwuY29tL3F2cmNhMmczLmNybDAdBgNVHQ4E\n" + + "FgQUsxKJtalLNbwVAPCA6dh4h/ETfHYwDQYJKoZIhvcNAQELBQADggIBAFGm1Fqp\n" + + "RMiKr7a6h707M+km36PVXZnX1NZocCn36MrfRvphotbOCDm+GmRkar9ZMGhc8c/A\n" + + "Vn7JSCjwF9jNOFIOUyNLq0w4luk+Pt2YFDbgF8IDdx53xIo8Gv05e9xpTvQYaIto\n" + + "qeHbQjGXfSGc91olfX6JUwZlxxbhdJH+rxTFAg0jcbqToJoScWTfXSr1QRcNbSTs\n" + + "Y4CPG6oULsnhVvrzgldGSK+DxFi2OKcDsOKkV7W4IGg8Do2L/M588AfBnV8ERzpl\n" + + "qgMBBQxC2+0N6RdFHbmZt0HQE/NIg1s0xcjGx1XW3YTOfje31rmAXKHOehm4Bu48\n" + + "gr8gePq5cdQ2W9tA0Dnytb9wzH2SyPPIXRI7yNxaX9H8wYeDeeiKSSmQtfh1v5cV\n" + + "7RXvm8F6hLJkkco/HOW3dAUwZFcKsUH+1eUJKLN18eDGwB8yGawjHvOKqcfg5Lf/\n" + + "TvC7hgcx7pDYaCCaqHaekgUwXbB2Enzqr1fdwoU1c01W5YuQAtAx5wk1bf34Yq/J\n" + + "ph7wNXGvo88N0/EfP9AdVGmJzy7VuRXeVAOyjKAIeADMlwpjBRhcbs9m3dkqvoMb\n" + + "SXKJxv/hFmNgEOvOlaFsXX1dbKg1v+C1AzKAFdiuAIa62JzASiEhigqNSdqdTsOh\n" + + "8W8hdONuKKpe9zKedhBFAvuxhDgKmnySglYc\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=qvsslicag3-v.quovadisglobal.com, O=QuoVadis Limited, L=Hamilton, + // ST=Pembroke, C=BM + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIF+DCCA+CgAwIBAgIUE3XHqPhbZc2CY3aRtVHRlQwm3tcwDQYJKoZIhvcNAQEL\n" + + "BQAwTTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxIzAh\n" + + "BgNVBAMTGlF1b1ZhZGlzIEdsb2JhbCBTU0wgSUNBIEczMB4XDTE0MTExNDE0MDUz\n" + + "MVoXDTE3MTExNDE0MDUxM1oweDELMAkGA1UEBhMCQk0xETAPBgNVBAgTCFBlbWJy\n" + + "b2tlMREwDwYDVQQHEwhIYW1pbHRvbjEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRl\n" + + "ZDEoMCYGA1UEAxMfcXZzc2xpY2FnMy12LnF1b3ZhZGlzZ2xvYmFsLmNvbTCCASIw\n" + + "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK621GAU2/hywjuxi2Q9rCMncWIY\n" + + "FbDngS69N6+qe9NUktfs/Rlh+jKUDHyf27G79xYGmDGZ0NTYI7tUyOvRanaq8ngd\n" + + "NkZI4DS/Au2vpwuXucrtm3V/XRcsWHAsyevVzfiqfZzu+vU7/2KT/k7sByRzED4x\n" + + "B4tMGaodvzIAzhFAmnmVXSUw7zvU07G/6/mfwYy9gwegJwVby/ZPWXefzHbLGDUz\n" + + "xtO/6Ow9e5T2hedpo3IgfKptkzy0kA501DNaTMulW1gJwB+1duJ9OxZOAVgGCANX\n" + + "IzWvgbONLEdkYGK+K8EAuMaa57WlG0wBZ9Y62iuvgw4XRd90/PS2RAFf/DsCAwEA\n" + + "AaOCAaMwggGfMHMGCCsGAQUFBwEBBGcwZTAqBggrBgEFBQcwAYYeaHR0cDovL29j\n" + + "c3AucXVvdmFkaXNnbG9iYWwuY29tMDcGCCsGAQUFBzAChitodHRwOi8vdHJ1c3Qu\n" + + "cXVvdmFkaXNnbG9iYWwuY29tL3F2c3NsZzMuY3J0MCoGA1UdEQQjMCGCH3F2c3Ns\n" + + "aWNhZzMtdi5xdW92YWRpc2dsb2JhbC5jb20wUQYDVR0gBEowSDBGBgwrBgEEAb5Y\n" + + "AAJkAQEwNjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5xdW92YWRpc2dsb2JhbC5j\n" + + "b20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH\n" + + "AwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFLMSibWpSzW8FQDwgOnYeIfxE3x2MDoG\n" + + "A1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwucXVvdmFkaXNnbG9iYWwuY29tL3F2\n" + + "c3NsZzMuY3JsMB0GA1UdDgQWBBSSYP84MQGz6cU/fyXfebv/8zn93TANBgkqhkiG\n" + + "9w0BAQsFAAOCAgEAbqX71QIeoOJ36Aoiwg+oEwdDSRzXkR05kZU2y9qOCArrkgSj\n" + + "ycdIRQFjHYNAWJrPP17PErk6+6NDWiwxLXbeHaY7pFIDCsgcCTWpixVlpVPKKxAE\n" + + "uaomHo5K2AWWkJYNNPSLF411CmyN4eJjYQVrkCfJwFSUrQml8pFDedNDNuTaDsZo\n" + + "klvUDYWM18gFrAbNF4Wi+dvj3qPOpTVyrTk2oBXtVUesNu4JF/O6li10YJ+kdox+\n" + + "DUeq4Gk4B8zoWRTKa9Pp/RALI8TeNcfjBKbPtuXyfly1Cm8AXoQA5sus2SMMPQXE\n" + + "S1+IsdnnKb60pT1EOX571SIBKV16xpRpbC3mDU6IG/+Sjm0TJxwSGbBO5bX69+bq\n" + + "F8Im1QAKqVSYCtoypvieG3iGqHmj4SAaSqdmDDzmOPEtgX63ZmYVs+ey6tN+VThi\n" + + "eaLRs+pHeBLMhh7Npt85c+xqRlIFBp0e84EzST0oE7pjuZcFFWstFXD2Pt1JQfXo\n" + + "9szkw6EMhYbrgNqsh8lxkg8cZKHnP8KGLefyHajp3EIfC2MX7nUOeNmNoCxdsfBW\n" + + "lmzRbv7H7eeAmQYHmxUaRnDMGR6QVX8/NrF1w0hqLkIpDj+29Mvv/Gp2azJrvqrL\n" + + "w2bJ2mPD8rzBDmEFY317RWc8VBd8ZUxO/dYPWqsXNwBTdPMRQpYcN55po3g=\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=qvsslicag3-r.quovadisglobal.com, O=QuoVadis Limited, L=Hamilton, + // ST=Pembroke, C=BM + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIF+DCCA+CgAwIBAgIUMJWFWsVjz9o3zQoG9bZ/IsdRWDkwDQYJKoZIhvcNAQEL\n" + + "BQAwTTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxIzAh\n" + + "BgNVBAMTGlF1b1ZhZGlzIEdsb2JhbCBTU0wgSUNBIEczMB4XDTEyMTExNDEzMTI1\n" + + "NFoXDTE0MTExNDEzMTI1NFoweDELMAkGA1UEBhMCQk0xETAPBgNVBAgTCFBlbWJy\n" + + "b2tlMREwDwYDVQQHEwhIYW1pbHRvbjEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRl\n" + + "ZDEoMCYGA1UEAxMfcXZzc2xpY2FnMy1yLnF1b3ZhZGlzZ2xvYmFsLmNvbTCCASIw\n" + + "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALlwpCyabhrQYeRzEn0O7S505Fv4\n" + + "ScJlJRHskcyZHBt0vt2tsDJNh2xJKJpnXzW14oGh+xrccEGeUw77qeFgfy+LTIHD\n" + + "YDkYVHVhfs4NJD5wdyWL9Fn3A7pMFpapPBPJdsAAwByfzYFjRJsPHMSlGcroyGNm\n" + + "+LquU5r965afaRkWQzZy+lY+OHO19Jis8EfUusYj2fQ3SXB8tBwFylDTnbCoM1HZ\n" + + "BlbksbtLjFYKtyaNeQuoA7NnB3Q9XEONNK9KZ0S87KIqEKjIWK7ThO6lvhMQy2Zk\n" + + "k+UVXVLpop7+Nkz3Fn08pE4OMfLjn1KVnk5l40WGabinfE6hz4vk0XREaKcCAwEA\n" + + "AaOCAaMwggGfMHMGCCsGAQUFBwEBBGcwZTAqBggrBgEFBQcwAYYeaHR0cDovL29j\n" + + "c3AucXVvdmFkaXNnbG9iYWwuY29tMDcGCCsGAQUFBzAChitodHRwOi8vdHJ1c3Qu\n" + + "cXVvdmFkaXNnbG9iYWwuY29tL3F2c3NsZzMuY3J0MCoGA1UdEQQjMCGCH3F2c3Ns\n" + + "aWNhZzMtci5xdW92YWRpc2dsb2JhbC5jb20wUQYDVR0gBEowSDBGBgwrBgEEAb5Y\n" + + "AAJkAQEwNjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5xdW92YWRpc2dsb2JhbC5j\n" + + "b20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH\n" + + "AwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFLMSibWpSzW8FQDwgOnYeIfxE3x2MDoG\n" + + "A1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwucXVvdmFkaXNnbG9iYWwuY29tL3F2\n" + + "c3NsZzMuY3JsMB0GA1UdDgQWBBSS2t3Itp/XsAppEeGyH+Ew8vEQ0zANBgkqhkiG\n" + + "9w0BAQsFAAOCAgEAo8MJ2ek95Cs3chn1ecEMdGkUANnCBmgdvQjFt6XVLzYWs37n\n" + + "j6Ac/nGj+Tzb30nTVdE2laRuTeLuGfYmd1AdBLHuRhWYG6A6jnlzqhmDRL3fvRYk\n" + + "wjeWQn6Kx/lOoWC1xOa2EJYOWDr/rUY2PKo9rSVdGKmU6NFI/+FOFLaUD8tU77Qq\n" + + "p9rfOYJwekckA2I2891lTRbnJfQhPD8mQjttd+nS46RwZxxAI5Pr6Jcr+BG3ARP5\n" + + "oM/ifTCLXCc4L/0nozUDSweU17TCuFXWGEpIXbOVmE3kpmHaVe1FRQ0PUr2XHCbJ\n" + + "H1vumQcJmOaUxiB4EzP+M+HnKg6rwhWlfgQEAnCcKkMF5ei1NAaHCwhRMC7ijJFA\n" + + "Wt7s0/PpP2tChU7uXctMk2d36Dpibyn6Rc5a/QJX444ZRFEGrSe4nO/MXt3iEcat\n" + + "fgYHOWoBunLIm7x/fd611xvyhifjqKVCPpqodpwFrXOlCQhXehhRvJSPDXWgDJeR\n" + + "cDLLIcit4Sn1uyebQcZafaxgYPWpaYHFd7dzkO+kTVqOVAm7LukC5QQ9qFY1z7a5\n" + + "IDUAFtEYg/c4XxX+pReOxydnnHeYZBrfRTTxOfMrg6dxsb1QcOeElXHgXRpHyiMh\n" + + "XYsZWE2WHT7of4wMfNzCUrVSN0tCGDRW0MI48RM4BYbRnz3YNKafjnszeXI=\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) + throws Exception { + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + if (ocspEnabled) { + // Revoked certificates are expired in Nov 2014 + // and backdated revocation check is only possible with OCSP + pathValidator.setValidationDate("Jan 01, 2014"); + } + + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Fri Jan 04 03:49:46 PST 2013", System.out); + + // reset validation date back to current date + pathValidator.resetValidationDate(); + } +} + +class RootCA3 { + + // wner: CN=QuoVadis Issuing CA 3 G3, O=QuoVadis Limited, C=BM + private static final String INT = "-----BEGIN CERTIFICATE-----\n" + + "MIIGFTCCA/2gAwIBAgIUHZxbikClihb+1PM2ck0SDEZ8/dIwDQYJKoZIhvcNAQEL\n" + + "BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc\n" + + "BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjExMDYxODM5MDVaFw0y\n" + + "MjExMDYxODM5MDVaMEsxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM\n" + + "aW1pdGVkMSEwHwYDVQQDExhRdW9WYWRpcyBJc3N1aW5nIENBIDMgRzMwggIiMA0G\n" + + "CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCs6x3rpBdA1tTXgPYNjL1MKHuoDyb9\n" + + "d4mxxk41t5Cvo3BnS0/cBlRIl91oqu3Iv9goVCMStla+GW9iRdX/53jYM1rXePDa\n" + + "OnE/MJNLcVjmABZmEUtpzxUYLftwGEg1w/Wgi6z68vqZn7vbHJtFV8inlMIsdBVY\n" + + "o3VmU9h+pGZU8JrF8x8U3voX4vm56OBCAM/1osUGXsVL2AY3z2Gjyb1Hv6fqHma7\n" + + "PWrWV1hYS/EAnRUPO8iQqJwrbT/j7Mlo3khULV+T02M+oqs1ckIihl38n1eGvYcp\n" + + "z40cceA2Ej5aglyF9i+ypA4XnxKF3f+6vvEYRPCMQB8Hiwuyy6naj6lPoLZ+nolT\n" + + "t++xSkZ5imAoTXewA9JxyGCdiO9G4sZFIy4jjW7HBmKx6pZy3wWf48eawXPIpjop\n" + + "EC+Kayf3foeyq40CAOjysVkblhUBawvVjAqKJ5aoKD4Ghnv02jdVvI4W7ME/fYYb\n" + + "gm+XD7KJv4gHks+SIV93eXiUhYHvofJ3AG/1kp1p4tvIKCUtm2LCihmp53n9uLGA\n" + + "NvizEnkuQmwlXtqOquKDluwSpHVFPxePMdRICUOnoZBdHv6f3LQCOU7AczRJYh8+\n" + + "WYSKQy675/Itucgd+ABfY1H07F4FisCP75j8YknBdv4nfQsb0RcTg2P89dJNwAhL\n" + + "rpk452WD4LuvsQIDAQABo4HzMIHwMBIGA1UdEwEB/wQIMAYBAf8CAQEwEQYDVR0g\n" + + "BAowCDAGBgRVHSAAMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDov\n" + + "L29jc3AucXVvdmFkaXNnbG9iYWwuY29tMA4GA1UdDwEB/wQEAwIBBjAfBgNVHSME\n" + + "GDAWgBTGF9C8qOoCQ/IbBpldK5Agudec5DA7BgNVHR8ENDAyMDCgLqAshipodHRw\n" + + "Oi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdnJjYTNnMy5jcmwwHQYDVR0OBBYE\n" + + "FBPyQfSNOURHBZ37q8ZaNQwelu9eMA0GCSqGSIb3DQEBCwUAA4ICAQAsbJU89ZB9\n" + + "1XVlOLmw8MaoWwOgI3DwM/g30YyIV1SERtDMKDOUnLVGTORTGv7Y8X789nGkMbKq\n" + + "OEEa9Hty4jwyTnt2OISpCAb4GwBtH+FxNcLkJwZU2qtpTX8zDndofE/JLGo0rte5\n" + + "bKchF2JTg+oby/Wpu2IO0CMd1phou3LLi8sWQGcY/f5vk+MUDnskH6NRXte4m8HW\n" + + "FtYb7nOgLzY5FOJDtQuUFFioNoQzUHuj3SpUjIBxXf4VRFXz+FKIQ4jqzD/SnHG6\n" + + "/7g/28x66LNpYjvaQ0T45EqxqPDCztfJO67GsNLXeSKq+BteqXcnKI77ZkqmwnWl\n" + + "cYt5qek0GBYRYVOM8dUIvDryWHZIEqbeI0DAu06dyPuvIJNQ6WweqxJ+hH++BqGh\n" + + "P4bViNNuP/Lqarb1RP7JiJW3wlyIUDD34JLzkusBgU++ptdYg1o0VnEB8KWDG8Of\n" + + "cABL+TMoUldUp9DFFgFJIfnPX5XjXyG9mw2wwiUvClo93qFvC8+rhEGeZFd29rKi\n" + + "dmmCc8FaCfBV9XdHHx/0ORTQp3HxnRDDiz+MN7p1Y4SXbHE3XXyQAUVTISGpPe3X\n" + + "TUhmoARNmBBPALDm3EAvEBikTUMBFGR63wtu0pjA2cF5nvOyY8mBSsNk0R6+ZJSl\n" + + "Cok3lH5oBM2H+KBk+sNZIBQ8BHcgbwlghg==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=qvica3g3-v.quovadisglobal.com, O=QuoVadis Limited, L=Hamilton, + // ST=Pembroke, C=BM + private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + + "MIIF9DCCA9ygAwIBAgIUTkK7g7zoijtiLY/YV9ASX+pEsx0wDQYJKoZIhvcNAQEL\n" + + "BQAwSzELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxITAf\n" + + "BgNVBAMTGFF1b1ZhZGlzIElzc3VpbmcgQ0EgMyBHMzAeFw0xNDExMTQxNDA1NTJa\n" + + "Fw0xNzExMTQxNDA1MzhaMHYxCzAJBgNVBAYTAkJNMREwDwYDVQQIEwhQZW1icm9r\n" + + "ZTERMA8GA1UEBxMISGFtaWx0b24xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQx\n" + + "JjAkBgNVBAMTHXF2aWNhM2czLXYucXVvdmFkaXNnbG9iYWwuY29tMIIBIjANBgkq\n" + + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosZjGbZtvAM45zdlTtT+uL12F5nebQrE\n" + + "F9Fb8z1uhRJKgXAfjlfsMIjv7Xc7F80Li39yO0CmWHTMJS41auktW8IGVEkVV2og\n" + + "EL7SKLjtgDJ1I3HAX02hfuOW0b/jkfPEcqTeZVE5Xew/HTAuTJMTqCEHM5hFieWL\n" + + "tADPm7kANu5q6HaFXndKN/k1ozZXQn9YNTpDvvH6oD0Kqn/Peezi+C+6asTMSCk0\n" + + "Xoi2TBHNi9dl2tfb6hu+T5VFwFsC9dGqYt07V8TbvKRAVV0MC8DnXnS89quFVmPS\n" + + "I3ZSKeU4dlp8FzmTrd5nk3y9GL8GTkCsSN3RZbeAbLCpzcG5weS3GQIDAQABo4IB\n" + + "ozCCAZ8wdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5x\n" + + "dW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92\n" + + "YWRpc2dsb2JhbC5jb20vcXZpY2EzZzMuY3J0MCgGA1UdEQQhMB+CHXF2aWNhM2cz\n" + + "LXYucXVvdmFkaXNnbG9iYWwuY29tMFEGA1UdIARKMEgwRgYMKwYBBAG+WAACZAEB\n" + + "MDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL3Jl\n" + + "cG9zaXRvcnkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\n" + + "BgEFBQcDAjAfBgNVHSMEGDAWgBQT8kH0jTlERwWd+6vGWjUMHpbvXjA7BgNVHR8E\n" + + "NDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmljYTNn\n" + + "My5jcmwwHQYDVR0OBBYEFINCE86z3wESNeL4rz3eiaYA5LIWMA0GCSqGSIb3DQEB\n" + + "CwUAA4ICAQBPe+Y5xDGZLYaVNOxxiyqFZrntGJGGQW1w4GtEfkH9oD8WGs5kBhMM\n" + + "/XPGqw2FzzrvA5GfSdh+EMuXUfJY933AxwPcNfwGHzYGAHIDFsW17y5ZdKfBMN4Y\n" + + "82e13iSfHQrbI0P6l8IIExfCw4HC8PxuEalg6H9fj9/1Q7mzdpwT3uG/HP6Dr2z+\n" + + "PGYFMaH77MsOjfANT8UIdo5SAyXiJI5Y0cyKjuXhR6eJEKwNfri27UaV5cJJuV7I\n" + + "fRcjb0h0Grr6gpKFb7JnhDZVGR3fDHTzuybuCqZk9TYKQ2sn1YfBFDqDpWODpykt\n" + + "vyFO7eugpvSUgdTKRMPCtyppYgo2RwIsMmLrU4wPzdnPi8oo+cM0f5zXrmrkOLY0\n" + + "PZo+K8QT/SrNT+9yZnHupLy01aYGJ4RJ047Wthr7a9S6i6DxbQ+ps4Ajh0X1bvOK\n" + + "KCEKq5aoivYQMLn8pjudiMjbnKU4mgpmZK15D6lLmAprW3L6F8AEBJsK1BunPWhJ\n" + + "nkQUyBnFgq2epmDfZ4f6SztNoLfDbatYNRb2KJfW1lks7UHDjuZ4PM20KkmmFJEE\n" + + "LKR76WJzKi/+aks/csdFD7+/TMXrkY+JWlT4mCoHR1ol0m3DiqApKvRFZkMARfJq\n" + + "npjt2cXyzDnguyQuLrHhdkKW+/LYeNckmVX+cPIxShLbuVhqMgdnWg==\n" + + "-----END CERTIFICATE-----"; + + // Owner: CN=qvica3g3-r.quovadisglobal.com, O=QuoVadis Limited, L=Hamilton, + // ST=Pembroke, C=BM + private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + + "MIIF9DCCA9ygAwIBAgIUSTXTLsMPxg4n9YY6GASBcJsgcaEwDQYJKoZIhvcNAQEL\n" + + "BQAwSzELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxITAf\n" + + "BgNVBAMTGFF1b1ZhZGlzIElzc3VpbmcgQ0EgMyBHMzAeFw0xMjExMTQxMzQ4MTda\n" + + "Fw0xNDExMTQxMzQ4MTdaMHYxCzAJBgNVBAYTAkJNMREwDwYDVQQIEwhQZW1icm9r\n" + + "ZTERMA8GA1UEBxMISGFtaWx0b24xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQx\n" + + "JjAkBgNVBAMTHXF2aWNhM2czLXIucXVvdmFkaXNnbG9iYWwuY29tMIIBIjANBgkq\n" + + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaZUVAvasDtoFhZqL2fH+rI/IKeY0zj7\n" + + "hGuYpLlT32JZX8cmkWUywZt6VxA8A5o82Ay0xT9vHy4MPnmmZExEvmkaECBmOh6+\n" + + "WzWydYGKeeheUERJ1hLj2T7MKz/CCFY6NxD9XzvYOyhDpCUQKCOx4LMn0nMFrXrS\n" + + "6IVirDUmH26dpl3IfsdVXyn6N3wLSNf+UX7in/PXsfD/A6RVtqYsfx4fxFJIPIhv\n" + + "XG/cDOVIyfq6Oo1hthzGm8cnOSjvK/UfQV5iVBK68rqoGG+r9uBG9BfZtd7o0wrf\n" + + "SSJkJAPJVpWTLvnD8RYpJIBz01vNgEOCEgF54bvjhBOjx15mrH7roQIDAQABo4IB\n" + + "ozCCAZ8wdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5x\n" + + "dW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92\n" + + "YWRpc2dsb2JhbC5jb20vcXZpY2EzZzMuY3J0MCgGA1UdEQQhMB+CHXF2aWNhM2cz\n" + + "LXIucXVvdmFkaXNnbG9iYWwuY29tMFEGA1UdIARKMEgwRgYMKwYBBAG+WAACZAEB\n" + + "MDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL3Jl\n" + + "cG9zaXRvcnkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\n" + + "BgEFBQcDAjAfBgNVHSMEGDAWgBQT8kH0jTlERwWd+6vGWjUMHpbvXjA7BgNVHR8E\n" + + "NDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdmljYTNn\n" + + "My5jcmwwHQYDVR0OBBYEFLnaKDrPemoRtOZaUReSV5rWp3OoMA0GCSqGSIb3DQEB\n" + + "CwUAA4ICAQA+B+R1TDmE4jC6itHBMPgqRoETJxtTdKyp6/egk5My4MATXRCSrStA\n" + + "gp1c86hljmlN2gq05HKlAz9cC4W80pypJGfEbhYIi9B4Jxdo6zJNJqcFz3zj/otx\n" + + "hvZ2nOO5qqEupAP8aHju0LhUlkcFQlbqaA+IiuQUh0VFQxk8LwkKEA8oIib7wLie\n" + + "P1zBMXeRyDM5CnFWQmIFKXR4+9f51Dfv40Gy2RKQT7I8oXuADhrG9iXFJPXz4yYK\n" + + "LazlDjnn0wv4vB9BmlcVdM2HPYqIPdvWBtPxT9vpNYHnB9Dq/zGqKJNUh8I4jB9k\n" + + "8iQYJgoj62mQW2o1fObkVwrGgglAyzUzUzJfJyy9OEECjLY5o/9TJAKBAnewJ5B9\n" + + "PagYo+klH937s2MOLqzl/uvbjXUBBvql1UU/lb8tSK9xCaXMEDhgiVricr13k32y\n" + + "XmUcA/im96CI5cF5i4xHMnqprzPehFB/Mmi6g2tpiE0bmLkYj7MMJcmtUowa3FqA\n" + + "QHtqKrK8wOfHep6qPx6VMD6Ypaf6yq66/kkSg05i6VO7V371UTibHeVLTr7LPRQJ\n" + + "Emp8k/6qCXOtf5OdXwHBIDqvszf8ry85Rl3q813TntF0pPRvqLEYadC4Bwq7Snf+\n" + + "PR0MPNhuwZBCmxZcyZqhVG2PyvvEmhPxhEdbO5DWUFwUP17WHNlgeQ==\n" + + "-----END CERTIFICATE-----"; + + public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) + throws Exception { + // Validate valid + pathValidator.validate(new String[]{VALID, INT}, + ValidatePathWithParams.Status.GOOD, null, System.out); + + // Validate Revoked + if (ocspEnabled) { + // Revoked certificates are expired in Nov 2014 + // and backdated revocation check is only possible with OCSP + pathValidator.setValidationDate("Jan 01, 2014"); + } + + pathValidator.validate(new String[]{REVOKED, INT}, + ValidatePathWithParams.Status.REVOKED, + "Thu Jan 03 23:47:02 PST 2013", System.out); + + // reset validation date back to current date + pathValidator.resetValidationDate(); + } +} diff -r 971d83666b23 -r 472f74fb6c6b test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java Tue Dec 12 19:20:39 2017 -0800 @@ -0,0 +1,354 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.ByteArrayInputStream; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.PrintStream; +import java.net.URI; +import java.net.URISyntaxException; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.Security; +import java.security.cert.CertPath; +import java.security.cert.CertPathValidator; +import java.security.cert.CertPathValidatorException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateFactory; +import java.security.cert.CertificateRevokedException; +import java.security.cert.PKIXParameters; +import java.security.cert.PKIXRevocationChecker; +import java.security.cert.X509Certificate; +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Date; +import java.util.EnumSet; +import java.util.Locale; + +/** + * Utility class to validate certificate path. It supports OCSP and/or CRL + * validation. + */ +public class ValidatePathWithParams { + + private static final String FS = System.getProperty("file.separator"); + private static final String CACERTS_STORE = System.getProperty("test.jdk") + + FS + "lib" + FS + "security" + FS + "cacerts"; + + private final String[] trustedRootCerts; + + // use this for expired cert validation + private Date validationDate = null; + + // expected certificate status + private Status expectedStatus = Status.UNKNOWN; + private Date expectedRevDate = null; + + private final CertPathValidator certPathValidator; + private final PKIXRevocationChecker certPathChecker; + private final CertificateFactory cf; + + /** + * Possible status values supported for EE certificate + */ + public static enum Status { + UNKNOWN, GOOD, REVOKED, EXPIRED; + } + + /** + * Constructor + * + * @param additionalTrustRoots trusted root certificates + * @throws IOException + * @throws CertificateException + * @throws NoSuchAlgorithmException + */ + public ValidatePathWithParams(String[] additionalTrustRoots) + throws IOException, CertificateException, NoSuchAlgorithmException { + + cf = CertificateFactory.getInstance("X509"); + certPathValidator = CertPathValidator.getInstance("PKIX"); + certPathChecker + = (PKIXRevocationChecker) certPathValidator.getRevocationChecker(); + + if ((additionalTrustRoots == null) || (additionalTrustRoots[0] == null)) { + trustedRootCerts = null; + } else { + trustedRootCerts = additionalTrustRoots.clone(); + } + } + + /** + * Validate certificates + * + * @param certsToValidate Certificates to validate + * @param st expected certificate status + * @param revDate if revoked, expected revocation date + * @param out PrintStream to log messages + * @throws IOException + * @throws CertificateException + * @throws InvalidAlgorithmParameterException + * @throws ParseException + * @throws NoSuchAlgorithmException + * @throws KeyStoreException + */ + public void validate(String[] certsToValidate, + Status st, + String revDate, + PrintStream out) + throws IOException, CertificateException, + InvalidAlgorithmParameterException, ParseException, + NoSuchAlgorithmException, KeyStoreException { + + expectedStatus = st; + if (expectedStatus == Status.REVOKED) { + if (revDate != null) { + expectedRevDate = new SimpleDateFormat("EEE MMM dd HH:mm:ss Z yyyy", + Locale.US).parse(revDate); + } + } + + Status certStatus = null; + Date revocationDate = null; + + logSettings(out); + + try { + doCertPathValidate(certsToValidate, out); + certStatus = Status.GOOD; + } catch (IOException ioe) { + // Some machines don't have network setup correctly to be able to + // reach outside world, skip such failures + out.println("WARNING: Network setup issue, skip this test"); + ioe.printStackTrace(System.err); + return; + } catch (CertPathValidatorException cpve) { + out.println("Received exception: " + cpve); + + if (cpve.getCause() instanceof IOException) { + out.println("WARNING: CertPathValidatorException caused by IO" + + " error, skip this test"); + return; + } + + if (cpve.getReason() == CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED) { + out.println("WARNING: CertPathValidatorException caused by" + + " restricted algorithm, skip this test"); + return; + } + + if (cpve.getReason() == CertPathValidatorException.BasicReason.REVOKED + || cpve.getCause() instanceof CertificateRevokedException) { + certStatus = Status.REVOKED; + if (cpve.getCause() instanceof CertificateRevokedException) { + CertificateRevokedException cre + = (CertificateRevokedException) cpve.getCause(); + revocationDate = cre.getRevocationDate(); + } + } else if (cpve.getReason() == CertPathValidatorException.BasicReason.EXPIRED + || cpve.getCause() instanceof CertificateExpiredException) { + certStatus = Status.EXPIRED; + } else { + throw new RuntimeException( + "TEST FAILED: couldn't determine EE certificate status"); + } + } + + out.println("Expected Certificate status: " + expectedStatus); + out.println("Certificate status after validation: " + certStatus.name()); + + // Don't want test to fail in case certificate is expired when not expected + // Simply skip the test. + if (expectedStatus != Status.EXPIRED && certStatus == Status.EXPIRED) { + out.println("WARNING: Certificate expired, skip the test"); + return; + } + + if (certStatus != expectedStatus) { + throw new RuntimeException( + "TEST FAILED: unexpected status of EE certificate"); + } + + if (certStatus == Status.REVOKED) { + // Check revocation date + if (revocationDate != null) { + out.println( + "Certificate revocation date:" + revocationDate.toString()); + if (expectedRevDate != null) { + out.println( + "Expected revocation date:" + expectedRevDate.toString()); + if (!expectedRevDate.equals(revocationDate)) { + throw new RuntimeException( + "TEST FAILED: unexpected revocation date"); + } + } + } else { + throw new RuntimeException("TEST FAILED: no revocation date"); + } + } + } + + private void logSettings(PrintStream out) { + out.println(); + out.println("====================================================="); + out.println("CONFIGURATION"); + out.println("====================================================="); + out.println("http.proxyHost :" + System.getProperty("http.proxyHost")); + out.println("http.proxyPort :" + System.getProperty("http.proxyPort")); + out.println("https.proxyHost :" + System.getProperty("https.proxyHost")); + out.println("https.proxyPort :" + System.getProperty("https.proxyPort")); + out.println("https.socksProxyHost :" + + System.getProperty("https.socksProxyHost")); + out.println("https.socksProxyPort :" + + System.getProperty("https.socksProxyPort")); + out.println("jdk.certpath.disabledAlgorithms :" + + Security.getProperty("jdk.certpath.disabledAlgorithms")); + out.println("Revocation options :" + certPathChecker.getOptions()); + out.println("OCSP responder set :" + certPathChecker.getOcspResponder()); + out.println("Trusted root set: " + (trustedRootCerts != null)); + + if (validationDate != null) { + out.println("Validation Date:" + validationDate.toString()); + } + out.println("Expected EE Status:" + expectedStatus.name()); + if (expectedStatus == Status.REVOKED && expectedRevDate != null) { + out.println( + "Expected EE Revocation Date:" + expectedRevDate.toString()); + } + out.println("====================================================="); + } + + private void doCertPathValidate(String[] certsToValidate, PrintStream out) + throws IOException, CertificateException, + InvalidAlgorithmParameterException, ParseException, + NoSuchAlgorithmException, CertPathValidatorException, KeyStoreException { + + if (certsToValidate == null) { + throw new RuntimeException("Require atleast one cert to validate"); + } + + // Generate CertPath with certsToValidate + ArrayList certs = new ArrayList(); + for (String cert : certsToValidate) { + if (cert != null) { + certs.add(getCertificate(cert)); + } + } + CertPath certPath = (CertPath) cf.generateCertPath(certs); + + // Set cacerts as anchor + KeyStore cacerts = KeyStore.getInstance("JKS"); + try (FileInputStream fis = new FileInputStream(CACERTS_STORE)) { + cacerts.load(fis, "changeit".toCharArray()); + } catch (IOException | NoSuchAlgorithmException | CertificateException ex) { + throw new RuntimeException(ex); + } + + // Set additional trust certificates + if (trustedRootCerts != null) { + for (int i = 0; i < trustedRootCerts.length; i++) { + X509Certificate rootCACert = getCertificate(trustedRootCerts[i]); + cacerts.setCertificateEntry("tempca" + i, rootCACert); + } + } + + PKIXParameters params; + params = new PKIXParameters(cacerts); + params.addCertPathChecker(certPathChecker); + + // Set backdated validation if requested, if null, current date is set + params.setDate(validationDate); + + // Validate + certPathValidator.validate(certPath, params); + out.println("Successful CertPath validation"); + } + + private X509Certificate getCertificate(String encodedCert) + throws IOException, CertificateException { + ByteArrayInputStream is + = new ByteArrayInputStream(encodedCert.getBytes()); + X509Certificate cert = (X509Certificate) cf.generateCertificate(is); + return cert; + } + + /** + * Set list of disabled algorithms + * + * @param algos algorithms to disable + */ + public static void setDisabledAlgorithms(String algos) { + Security.setProperty("jdk.certpath.disabledAlgorithms", algos); + } + + /** + * Enable OCSP only revocation checks, treat network error as success + */ + public void enableOCSPCheck() { + // OCSP is by default, disable fallback to CRL + certPathChecker.setOptions(EnumSet.of( + PKIXRevocationChecker.Option.NO_FALLBACK)); + } + + /** + * Enable CRL only revocation check, treat network error as success + */ + public void enableCRLCheck() { + certPathChecker.setOptions(EnumSet.of( + PKIXRevocationChecker.Option.PREFER_CRLS, + PKIXRevocationChecker.Option.NO_FALLBACK)); + } + + /** + * Overrides OCSP responder URL in AIA extension of certificate + * + * @param url OCSP responder + * @throws URISyntaxException + */ + public void setOCSPResponderURL(String url) throws URISyntaxException { + certPathChecker.setOcspResponder(new URI(url)); + } + + /** + * Set validation date for EE certificate + * + * @param vDate string formatted date + * @throws ParseException if vDate is incorrect + */ + public void setValidationDate(String vDate) throws ParseException { + validationDate = DateFormat.getDateInstance(DateFormat.MEDIUM, + Locale.US).parse(vDate); + } + + /** + * Reset validation date for EE certificate to current date + */ + public void resetValidationDate() { + validationDate = null; + } +}