J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 2002 Sun Microsystems, Inc. All Rights Reserved. |
| 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 | * |
| 5 | * This code is free software; you can redistribute it and/or modify it |
| 6 | * under the terms of the GNU General Public License version 2 only, as |
| 7 | * published by the Free Software Foundation. |
| 8 | * |
| 9 | * This code is distributed in the hope that it will be useful, but WITHOUT |
| 10 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 11 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 12 | * version 2 for more details (a copy is included in the LICENSE file that |
| 13 | * accompanied this code). |
| 14 | * |
| 15 | * You should have received a copy of the GNU General Public License version |
| 16 | * 2 along with this work; if not, write to the Free Software Foundation, |
| 17 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 18 | * |
| 19 | * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
| 20 | * CA 95054 USA or visit www.sun.com if you need additional information or |
| 21 | * have any questions. |
| 22 | */ |
| 23 | |
| 24 | /* |
| 25 | * @test |
| 26 | * @bug 4684810 |
| 27 | * @summary Verify that RFC822 name constraints are checked correctly |
| 28 | */ |
| 29 | |
| 30 | import java.io.ByteArrayOutputStream; |
| 31 | import java.io.File; |
| 32 | import java.io.FileInputStream; |
| 33 | import java.io.InputStream; |
| 34 | import java.io.IOException; |
| 35 | |
| 36 | import java.security.cert.*; |
| 37 | |
| 38 | import java.util.ArrayList; |
| 39 | import java.util.Collections; |
| 40 | import java.util.List; |
| 41 | import java.util.Set; |
| 42 | |
| 43 | /** |
| 44 | * ValidateCertPath performs a simple validation of a certification path. |
| 45 | * On success, it prints the CertPathValidatorResult. On failure, it |
| 46 | * prints the error. |
| 47 | * |
| 48 | * Synopsis: |
| 49 | * <pre> |
| 50 | * ValidateCertPath trustAnchor [certFile ...] |
| 51 | * where each argument is the path to a file that contains a |
| 52 | * certificate. Each certificate should have an issuer equal to |
| 53 | * the subject of the preceding certificate. |
| 54 | *</pre> |
| 55 | * |
| 56 | * @author Steve Hanna |
| 57 | */ |
| 58 | public final class ValidateCertPath { |
| 59 | |
| 60 | private final static String BASE = System.getProperty("test.src", "./"); |
| 61 | |
| 62 | private static CertPath path; |
| 63 | private static PKIXParameters params; |
| 64 | |
| 65 | public static void main(String[] args) throws Exception { |
| 66 | |
| 67 | try { |
| 68 | parseArgs(args); |
| 69 | validate(path, params); |
| 70 | throw new Exception("Successfully validated invalid path."); |
| 71 | } catch (CertPathValidatorException e) { |
| 72 | System.out.println("Path rejected as expected: " + e); |
| 73 | } |
| 74 | } |
| 75 | |
| 76 | /** |
| 77 | * Parse the command line arguments. Populate the static |
| 78 | * class fields based on the values of the arugments. In |
| 79 | * case of bad arguments, print usage and exit. In case of |
| 80 | * other error, throw an exception. |
| 81 | * |
| 82 | * @param args command line arguments |
| 83 | * @throws Exception on error |
| 84 | */ |
| 85 | public static void parseArgs(String[] args) throws Exception { |
| 86 | args = new String[] {"jane2jane.cer", "jane2steve.cer", "steve2tom.cer"}; |
| 87 | |
| 88 | TrustAnchor anchor = new TrustAnchor(getCertFromFile(args[0]), null); |
| 89 | List list = new ArrayList(); |
| 90 | for (int i = 1; i < args.length; i++) { |
| 91 | list.add(0, getCertFromFile(args[i])); |
| 92 | } |
| 93 | CertificateFactory cf = CertificateFactory.getInstance("X509"); |
| 94 | path = cf.generateCertPath(list); |
| 95 | |
| 96 | Set anchors = Collections.singleton(anchor); |
| 97 | params = new PKIXParameters(anchors); |
| 98 | params.setRevocationEnabled(false); |
| 99 | } |
| 100 | |
| 101 | /* |
| 102 | * Reads the entire input stream into a byte array. |
| 103 | */ |
| 104 | private static byte[] getTotalBytes(InputStream is) throws IOException { |
| 105 | byte[] buffer = new byte[8192]; |
| 106 | ByteArrayOutputStream baos = new ByteArrayOutputStream(2048); |
| 107 | int n; |
| 108 | baos.reset(); |
| 109 | while ((n = is.read(buffer, 0, buffer.length)) != -1) { |
| 110 | baos.write(buffer, 0, n); |
| 111 | } |
| 112 | return baos.toByteArray(); |
| 113 | } |
| 114 | |
| 115 | /** |
| 116 | * Get a DER-encoded X.509 certificate from a file. |
| 117 | * |
| 118 | * @param certFilePath path to file containing DER-encoded certificate |
| 119 | * @return X509Certificate |
| 120 | * @throws IOException on error |
| 121 | */ |
| 122 | public static X509Certificate getCertFromFile(String certFilePath) |
| 123 | throws IOException { |
| 124 | X509Certificate cert = null; |
| 125 | try { |
| 126 | File certFile = new File(BASE, certFilePath); |
| 127 | if (!certFile.canRead()) |
| 128 | throw new IOException("File " + |
| 129 | certFile.toString() + |
| 130 | " is not a readable file."); |
| 131 | FileInputStream certFileInputStream = |
| 132 | new FileInputStream(certFile); |
| 133 | CertificateFactory cf = CertificateFactory.getInstance("X509"); |
| 134 | cert = (X509Certificate) |
| 135 | cf.generateCertificate(certFileInputStream); |
| 136 | } catch (Exception e) { |
| 137 | e.printStackTrace(); |
| 138 | throw new IOException("Can't construct X509Certificate: " + |
| 139 | e.getMessage()); |
| 140 | } |
| 141 | return cert; |
| 142 | } |
| 143 | |
| 144 | /** |
| 145 | * Perform a PKIX validation. On success, print the |
| 146 | * CertPathValidatorResult on System.out. On failure, |
| 147 | * throw an exception. |
| 148 | * |
| 149 | * @param path CertPath to validate |
| 150 | * @param params PKIXParameters to use in validation |
| 151 | * @throws Exception on error |
| 152 | */ |
| 153 | public static void validate(CertPath path, PKIXParameters params) |
| 154 | throws Exception { |
| 155 | CertPathValidator validator = |
| 156 | CertPathValidator.getInstance("PKIX"); |
| 157 | CertPathValidatorResult cpvr = validator.validate(path, params); |
| 158 | System.out.println("ValidateCertPath successful."); |
| 159 | } |
| 160 | } |