| author | chegar |
| Wed, 29 Aug 2012 14:05:37 +0100 | |
| changeset 14215 | 3ee2f6e24dbb |
| parent 5782 | 50575882b36f |
| permissions | -rw-r--r-- |
|
5613
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
1 |
/* |
|
5782
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
2 |
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. |
|
5613
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
4 |
* |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
8 |
* |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
13 |
* accompanied this code). |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
14 |
* |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
15 |
* You should have received a copy of the GNU General Public License version |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
18 |
* |
|
5782
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
20 |
* or visit www.oracle.com if you need additional information or have any |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
21 |
* questions. |
|
5613
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
22 |
*/ |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
23 |
|
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
24 |
/* |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
25 |
* This test is called by certreplace.sh |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
26 |
*/ |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
27 |
|
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
28 |
import java.io.FileInputStream; |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
29 |
import java.security.KeyStore; |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
30 |
import java.security.cert.Certificate; |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
31 |
import java.security.cert.CertificateFactory; |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
32 |
import java.security.cert.X509Certificate; |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
33 |
import java.util.Arrays; |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
34 |
import java.util.ArrayList; |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
35 |
import java.util.List; |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
36 |
import sun.security.validator.Validator; |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
37 |
|
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
38 |
public class CertReplace {
|
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
39 |
|
|
5782
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
40 |
/** |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
41 |
* @param args {cacerts keystore, cert chain}
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
42 |
*/ |
|
5613
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
43 |
public static void main(String[] args) throws Exception {
|
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
44 |
|
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
45 |
KeyStore ks = KeyStore.getInstance("JKS");
|
|
5782
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
46 |
ks.load(new FileInputStream(args[0]), "changeit".toCharArray()); |
|
5613
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
47 |
Validator v = Validator.getInstance |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
48 |
(Validator.TYPE_PKIX, Validator.VAR_GENERIC, ks); |
|
5782
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
49 |
X509Certificate[] chain = createPath(args[1]); |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
50 |
System.out.println("Chain: ");
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
51 |
for (X509Certificate c: v.validate(chain)) {
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
52 |
System.out.println(" " + c.getSubjectX500Principal() +
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
53 |
" issued by " + c.getIssuerX500Principal()); |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
54 |
} |
|
5613
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
55 |
} |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
56 |
|
|
5782
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
57 |
public static X509Certificate[] createPath(String chain) throws Exception {
|
|
5613
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
58 |
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
59 |
List list = new ArrayList(); |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
60 |
for (Certificate c: cf.generateCertificates( |
|
5782
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
5613
diff
changeset
|
61 |
new FileInputStream(chain))) {
|
|
5613
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
62 |
list.add((X509Certificate)c); |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
63 |
} |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
64 |
return (X509Certificate[]) list.toArray(new X509Certificate[0]); |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
65 |
} |
|
1146efa21514
6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature
weijun
parents:
diff
changeset
|
66 |
} |