| author | alanb |
| Thu, 17 Mar 2016 19:04:16 +0000 | |
| changeset 36511 | 9d0388c6b336 |
| parent 24116 | 9f9b4ba34aad |
| child 40261 | 86a49ba76f52 |
| permissions | -rw-r--r-- |
|
5782
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
1 |
# |
|
23010
6dadb192ad81
8029235: Update copyright year to match last edit in jdk8 jdk repository for 2013
lana
parents:
21342
diff
changeset
|
2 |
# Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. |
|
5782
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
3 |
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
4 |
# |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
5 |
# This code is free software; you can redistribute it and/or modify it |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
6 |
# under the terms of the GNU General Public License version 2 only, as |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
7 |
# published by the Free Software Foundation. |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
8 |
# |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
9 |
# This code is distributed in the hope that it will be useful, but WITHOUT |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
10 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
11 |
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
12 |
# version 2 for more details (a copy is included in the LICENSE file that |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
13 |
# accompanied this code). |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
14 |
# |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
15 |
# You should have received a copy of the GNU General Public License version |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
16 |
# 2 along with this work; if not, write to the Free Software Foundation, |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
17 |
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
18 |
# |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
19 |
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
20 |
# or visit www.oracle.com if you need additional information or have any |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
21 |
# questions. |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
22 |
# |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
23 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
24 |
# @test |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
25 |
# @bug 6958869 |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
26 |
# @summary regression: PKIXValidator fails when multiple trust anchors |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
27 |
# have same dn |
| 36511 | 28 |
# @modules java.base/sun.security.validator |
|
5782
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
29 |
# |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
30 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
31 |
if [ "${TESTSRC}" = "" ] ; then
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
32 |
TESTSRC="." |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
33 |
fi |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
34 |
if [ "${TESTJAVA}" = "" ] ; then
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
35 |
JAVAC_CMD=`which javac` |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
36 |
TESTJAVA=`dirname $JAVAC_CMD`/.. |
|
15254
3997a6f357cb
8005978: shell tests need to use the $COMPILEJDK for javac, jar and other tools
alanb
parents:
14786
diff
changeset
|
37 |
COMPILEJAVA="${TESTJAVA}"
|
|
5782
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
38 |
fi |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
39 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
40 |
# set platform-dependent variables |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
41 |
OS=`uname -s` |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
42 |
case "$OS" in |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
43 |
Windows_* ) |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
44 |
FS="\\" |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
45 |
;; |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
46 |
* ) |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
47 |
FS="/" |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
48 |
;; |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
49 |
esac |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
50 |
|
|
24116
9f9b4ba34aad
8040321: keytool and jarsigner tests doesn't pass though VM tools to tools
weijun
parents:
23010
diff
changeset
|
51 |
KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit \
|
|
21342
7bbb056a1c23
8027026: Change keytool -genkeypair to use -keyalg RSA
weijun
parents:
15254
diff
changeset
|
52 |
-keypass changeit -keystore samedn.jks -keyalg rsa" |
|
15254
3997a6f357cb
8005978: shell tests need to use the $COMPILEJDK for javac, jar and other tools
alanb
parents:
14786
diff
changeset
|
53 |
JAVAC=$COMPILEJAVA${FS}bin${FS}javac
|
|
5782
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
54 |
JAVA=$TESTJAVA${FS}bin${FS}java
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
55 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
56 |
rm -rf samedn.jks 2> /dev/null |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
57 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
58 |
# 1. Generate 3 aliases in a keystore: ca1, ca2, user. The CAs' startdate |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
59 |
# is set to one year ago so that they are expired now |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
60 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
61 |
$KT -genkeypair -alias ca1 -dname CN=CA -keyalg rsa -sigalg md5withrsa -ext bc -startdate -1y |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
62 |
$KT -genkeypair -alias ca2 -dname CN=CA -keyalg rsa -sigalg sha1withrsa -ext bc -startdate -1y |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
63 |
$KT -genkeypair -alias user -dname CN=User -keyalg rsa |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
64 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
65 |
# 2. Signing: ca -> user |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
66 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
67 |
$KT -certreq -alias user | $KT -gencert -rfc -alias ca1 > samedn1.certs |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
68 |
$KT -certreq -alias user | $KT -gencert -rfc -alias ca2 > samedn2.certs |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
69 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
70 |
# 3. Append the ca file |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
71 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
72 |
$KT -export -rfc -alias ca1 >> samedn1.certs |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
73 |
$KT -export -rfc -alias ca2 >> samedn2.certs |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
74 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
75 |
# 4. Remove user for cacerts |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
76 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
77 |
$KT -delete -alias user |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
78 |
|
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
79 |
# 5. Build and run test. Make sure the CA certs are ignored for validity check. |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
80 |
# Check both, one of them might be dropped out of map in old codes. |
|
50575882b36f
6958869: regression: PKIXValidator fails when multiple trust anchors have same dn
weijun
parents:
diff
changeset
|
81 |
|
| 36511 | 82 |
EXTRAOPTS="-XaddExports:java.base/sun.security.validator=ALL-UNNAMED" |
83 |
$JAVAC ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} ${EXTRAOPTS} -d . ${TESTSRC}${FS}CertReplace.java
|
|
84 |
$JAVA ${TESTVMOPTS} ${EXTRAOPTS} CertReplace samedn.jks samedn1.certs || exit 1
|
|
85 |
$JAVA ${TESTVMOPTS} ${EXTRAOPTS} CertReplace samedn.jks samedn2.certs || exit 2
|