jdk-sandbox: jdk/test/sun/security/validator/samedn.sh@3ee2f6e24dbb (annotated)

5782 50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	1	#
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	2	# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	3	# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	4	#
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	5	# This code is free software; you can redistribute it and/or modify it
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	6	# under the terms of the GNU General Public License version 2 only, as
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	7	# published by the Free Software Foundation.
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	8	#
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	9	# This code is distributed in the hope that it will be useful, but WITHOUT
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	10	# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	11	# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	12	# version 2 for more details (a copy is included in the LICENSE file that
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	13	# accompanied this code).
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	14	#
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	15	# You should have received a copy of the GNU General Public License version
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	16	# 2 along with this work; if not, write to the Free Software Foundation,
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	17	# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	18	#
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	19	# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	20	# or visit www.oracle.com if you need additional information or have any
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	21	# questions.
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	22	#
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	23
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	24	# @test
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	25	# @bug 6958869
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	26	# @summary regression: PKIXValidator fails when multiple trust anchors
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	27	# have same dn
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	28	#
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	29
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	30	if [ "${TESTSRC}" = "" ] ; then
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	31	TESTSRC="."
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	32	fi
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	33	if [ "${TESTJAVA}" = "" ] ; then
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	34	JAVAC_CMD=`which javac`
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	35	TESTJAVA=`dirname $JAVAC_CMD`/..
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	36	fi
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	37
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	38	# set platform-dependent variables
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	39	OS=`uname -s`
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	40	case "$OS" in
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	41	Windows_* )
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	42	FS="\\"
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	43	;;
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	44	* )
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	45	FS="/"
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	46	;;
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	47	esac
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	48
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	49	KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit \
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	50	-keypass changeit -keystore samedn.jks"
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	51	JAVAC=$TESTJAVA${FS}bin${FS}javac
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	52	JAVA=$TESTJAVA${FS}bin${FS}java
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	53
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	54	rm -rf samedn.jks 2> /dev/null
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	55
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	56	# 1. Generate 3 aliases in a keystore: ca1, ca2, user. The CAs' startdate
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	57	# is set to one year ago so that they are expired now
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	58
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	59	$KT -genkeypair -alias ca1 -dname CN=CA -keyalg rsa -sigalg md5withrsa -ext bc -startdate -1y
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	60	$KT -genkeypair -alias ca2 -dname CN=CA -keyalg rsa -sigalg sha1withrsa -ext bc -startdate -1y
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	61	$KT -genkeypair -alias user -dname CN=User -keyalg rsa
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	62
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	63	# 2. Signing: ca -> user
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	64
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	65	$KT -certreq -alias user \| $KT -gencert -rfc -alias ca1 > samedn1.certs
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	66	$KT -certreq -alias user \| $KT -gencert -rfc -alias ca2 > samedn2.certs
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	67
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	68	# 3. Append the ca file
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	69
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	70	$KT -export -rfc -alias ca1 >> samedn1.certs
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	71	$KT -export -rfc -alias ca2 >> samedn2.certs
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	72
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	73	# 4. Remove user for cacerts
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	74
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	75	$KT -delete -alias user
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	76
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	77	# 5. Build and run test. Make sure the CA certs are ignored for validity check.
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	78	# Check both, one of them might be dropped out of map in old codes.
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	79
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	80	$JAVAC -d . ${TESTSRC}${FS}CertReplace.java
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	81	$JAVA CertReplace samedn.jks samedn1.certs \|\| exit 1
50575882b36f 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn weijun parents: diff changeset	82	$JAVA CertReplace samedn.jks samedn2.certs \|\| exit 2

author	chegar
	Wed, 29 Aug 2012 14:05:37 +0100
changeset 14215	3ee2f6e24dbb
parent 5782	50575882b36f
child 14786	a9f61e0cbe61
permissions	-rw-r--r--