J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 2001 Sun Microsystems, Inc. All Rights Reserved. |
| 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 | * |
| 5 | * This code is free software; you can redistribute it and/or modify it |
| 6 | * under the terms of the GNU General Public License version 2 only, as |
| 7 | * published by the Free Software Foundation. |
| 8 | * |
| 9 | * This code is distributed in the hope that it will be useful, but WITHOUT |
| 10 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 11 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 12 | * version 2 for more details (a copy is included in the LICENSE file that |
| 13 | * accompanied this code). |
| 14 | * |
| 15 | * You should have received a copy of the GNU General Public License version |
| 16 | * 2 along with this work; if not, write to the Free Software Foundation, |
| 17 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 18 | * |
| 19 | * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
| 20 | * CA 95054 USA or visit www.sun.com if you need additional information or |
| 21 | * have any questions. |
| 22 | */ |
| 23 | |
| 24 | /** |
| 25 | * @test |
| 26 | * @bug 4459538 |
| 27 | * @summary make sure that target constraints are processed correctly |
| 28 | * by a PKIX CertPathValidator |
| 29 | */ |
| 30 | |
| 31 | import java.io.File; |
| 32 | import java.io.FileInputStream; |
| 33 | import java.io.IOException; |
| 34 | |
| 35 | import java.math.BigInteger; |
| 36 | |
| 37 | import java.security.cert.CertificateFactory; |
| 38 | import java.security.cert.CertPath; |
| 39 | import java.security.cert.CertPathValidator; |
| 40 | import java.security.cert.CertPathValidatorException; |
| 41 | import java.security.cert.CertPathValidatorResult; |
| 42 | import java.security.cert.PKIXParameters; |
| 43 | import java.security.cert.TrustAnchor; |
| 44 | import java.security.cert.X509Certificate; |
| 45 | import java.security.cert.X509CertSelector; |
| 46 | |
| 47 | import java.util.ArrayList; |
| 48 | import java.util.Collections; |
| 49 | import java.util.List; |
| 50 | import java.util.Set; |
| 51 | |
| 52 | /** |
| 53 | * ValidateTargetConstraints performs a simple validation of a certification |
| 54 | * path, but adds a requirement that the serial number of the last |
| 55 | * certificate match an arbitrarily chosen number. This should cause the |
| 56 | * validation to fail. |
| 57 | * |
| 58 | * @author Steve Hanna |
| 59 | * @author Sean Mullan |
| 60 | */ |
| 61 | public final class ValidateTargetConstraints { |
| 62 | |
| 63 | private static CertPath path; |
| 64 | private static PKIXParameters params; |
| 65 | |
| 66 | public static void main(String[] args) throws Exception { |
| 67 | |
| 68 | String[] certs = { "sun.cer", "sun2labs1.cer" }; |
| 69 | |
| 70 | try { |
| 71 | createPath(certs); |
| 72 | validate(path, params); |
| 73 | throw new Exception |
| 74 | ("CertPath should not have been validated succesfully"); |
| 75 | } catch (CertPathValidatorException cpve) { |
| 76 | System.out.println("Test failed as expected: " + cpve); |
| 77 | } |
| 78 | } |
| 79 | |
| 80 | public static void createPath(String[] certs) throws Exception { |
| 81 | TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); |
| 82 | List list = new ArrayList(); |
| 83 | for (int i = 1; i < certs.length; i++) { |
| 84 | list.add(0, getCertFromFile(certs[i])); |
| 85 | } |
| 86 | CertificateFactory cf = CertificateFactory.getInstance("X509"); |
| 87 | path = cf.generateCertPath(list); |
| 88 | |
| 89 | Set anchors = Collections.singleton(anchor); |
| 90 | params = new PKIXParameters(anchors); |
| 91 | params.setRevocationEnabled(false); |
| 92 | X509CertSelector sel = new X509CertSelector(); |
| 93 | sel.setSerialNumber(new BigInteger("1427")); |
| 94 | params.setTargetCertConstraints(sel); |
| 95 | } |
| 96 | |
| 97 | /** |
| 98 | * Get a DER-encoded X.509 certificate from a file. |
| 99 | * |
| 100 | * @param certFilePath path to file containing DER-encoded certificate |
| 101 | * @return X509Certificate |
| 102 | * @throws IOException on error |
| 103 | */ |
| 104 | public static X509Certificate getCertFromFile(String certFilePath) |
| 105 | throws IOException { |
| 106 | X509Certificate cert = null; |
| 107 | try { |
| 108 | File certFile = new File(System.getProperty("test.src", "."), |
| 109 | certFilePath); |
| 110 | FileInputStream certFileInputStream = |
| 111 | new FileInputStream(certFile); |
| 112 | CertificateFactory cf = CertificateFactory.getInstance("X509"); |
| 113 | cert = (X509Certificate) |
| 114 | cf.generateCertificate(certFileInputStream); |
| 115 | } catch (Exception e) { |
| 116 | e.printStackTrace(); |
| 117 | throw new IOException("Can't construct X509Certificate: " + |
| 118 | e.getMessage()); |
| 119 | } |
| 120 | return cert; |
| 121 | } |
| 122 | |
| 123 | /** |
| 124 | * Perform a PKIX validation. |
| 125 | * |
| 126 | * @param path CertPath to validate |
| 127 | * @param params PKIXParameters to use in validation |
| 128 | * @throws Exception on error |
| 129 | */ |
| 130 | public static void validate(CertPath path, PKIXParameters params) |
| 131 | throws Exception { |
| 132 | CertPathValidator validator = |
| 133 | CertPathValidator.getInstance("PKIX"); |
| 134 | CertPathValidatorResult cpvr = validator.validate(path, params); |
| 135 | } |
| 136 | } |