Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/openjdk-aarch32-jdk8u
 Path: blob/jdk8u272-b10-aarch32-20201026/jdk/test/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java
48803 views
1
/*

2
 * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
//

25
// Security properties, once set, cannot revert to unset.  To avoid

26
// conflicts with tests running in the same VM isolate this test by

27
// running it in otherVM mode.

28
//

29


30
/**

31
 * @test

32
 * @bug 6852744

33
 * @summary PIT b61: PKI test suite fails because self signed certificates

34
 *          are being rejected

35
 * @run main/othervm DisableRevocation subca

36
 * @run main/othervm DisableRevocation subci

37
 * @run main/othervm DisableRevocation alice

38
 * @author Xuelei Fan

39
 */

40


41
import java.io.*;

42
import java.net.SocketException;

43
import java.util.*;

44
import java.security.Security;

45
import java.security.cert.*;

46
import java.security.cert.CertPathValidatorException.BasicReason;

47
import sun.security.util.DerInputStream;

48


49
/**

50
 * A test case helps to ensure that a certification path building process is

51
 * able to identify a self-issued certificate from its issuer when disable

52
 * revocation checking.

53
 */

54
public final class DisableRevocation {

55


56
    // the trust anchor

57
    static String selfSignedCertStr =

58
        "-----BEGIN CERTIFICATE-----\n" +

59
        "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +

60
        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA2MjgxMzMyMThaFw0zMDA2MDgxMzMyMTha\n" +

61
        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +

62
        "AQUAA4GNADCBiQKBgQDInJhXi0655bPXAVkz1n5I6fAcZejzPnOPuwq3hU3OxFw8\n" +

63
        "81Uf6o9oKI1h4w4XAD8u1cUNOgiX+wPwojronlp68bIfO6FVhNf287pLtLhNJo+7\n" +

64
        "m6Qxw3ymFvEKy+PVj20CHSggdKHxUa4MBZBmHMFNBuxfYmjwzn+yTMmCCXOvSwID\n" +

65
        "AQABo4GJMIGGMB0GA1UdDgQWBBSQ52Dpau+gtL+Kc31dusYnKj16ZTBHBgNVHSME\n" +

66
        "QDA+gBSQ52Dpau+gtL+Kc31dusYnKj16ZaEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +

67
        "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYw\n" +

68
        "DQYJKoZIhvcNAQEEBQADgYEAjBt6ea65HCqbGsS2rs/HhlGusYXtThRVC5vwXSey\n" +

69
        "ZFYwSgukuq1KDzckqZFu1meNImEwdZjwxdN0e2p/nVREPC42rZliSj6V1ThayKXj\n" +

70
        "DWEZW1U5aR8T+3NYfDrdKcJGx4Hzfz0qKz1j4ssV1M9ptJxYYv4y2Da+592IN1S9\n" +

71
        "v/E=\n" +

72
        "-----END CERTIFICATE-----";

73


74
    // the sub-ca

75
    static String subCaCertStr =

76
        "-----BEGIN CERTIFICATE-----\n" +

77
        "MIICUDCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +

78
        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA2MjgxMzMyMjRaFw0yOTAzMTUxMzMyMjRa\n" +

79
        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +

80
        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPFv24SK78VI0gWlyIrq/X\n" +

81
        "srl1431K5hJJxMYZtaQunyPmrYg3oI9KvKFykxnR0N4XDPaIi75p9dXGppVu80BA\n" +

82
        "+csvIPBwlBQoNmKDQWTziDOqfK4tE+IMuL/Y7pxnH6CDMY7VGpvatty2zcmH+m/v\n" +

83
        "E/n+HPyeELJQT2rT/3T+7wIDAQABo4GJMIGGMB0GA1UdDgQWBBRidC8Dt3dBzYES\n" +

84
        "KpR2tR560sZ0+zBHBgNVHSMEQDA+gBSQ52Dpau+gtL+Kc31dusYnKj16ZaEjpCEw\n" +

85
        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +

86
        "AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEEBQADgYEAMeMKqrMr5d3eTQsv\n" +

87
        "MYOD15Dl3THQGLAa4ad5Eyq5/1eUeEOpztzCgDfi0iPD8YCubIEVasBTSqTiGXqb\n" +

88
        "RpGuPHOwwfWvHrTeHSludiFBAUiKj7aEV+oQa0FBn4U4TT8HA62HQ93FhzTDI3jP\n" +

89
        "iil34GktVl6gfMKGzUEW/Dh8OM4=\n" +

90
        "-----END CERTIFICATE-----";

91


92
    // a delegated CRL issuer, it's a self-issued certificate of trust anchor

93
    static String topCrlIssuerCertStr =

94
        "-----BEGIN CERTIFICATE-----\n" +

95
        "MIICPjCCAaegAwIBAgIBAjANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +

96
        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA2MjgxMzMyMjNaFw0yOTAzMTUxMzMyMjNa\n" +

97
        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +

98
        "AQUAA4GNADCBiQKBgQC99u93trf+WmpfiqunJy/P31ej1l4rESxft2JSGNjKuLFN\n" +

99
        "/BO3SAugGJSkCARAwXjB0c8eeXhXWhVVWdNpbKepRJTxrjDfnFIavLgtUvmFwn/3\n" +

100
        "hPXe+RQeA8+AJ99Y+o+10kY8JAZLa2j93C2FdmwOjUbo8aIz85yhbiV1tEDjLwID\n" +

101
        "AQABo4GJMIGGMB0GA1UdDgQWBBSyFyA3XWLbdL6W6hksmBn7RKsQmDBHBgNVHSME\n" +

102
        "QDA+gBSQ52Dpau+gtL+Kc31dusYnKj16ZaEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +

103
        "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYw\n" +

104
        "DQYJKoZIhvcNAQEEBQADgYEAHTm8aRTeakgCfEBCgSWK9wvMW1c18ANGMm8OFDBk\n" +

105
        "xabVy9BT0MVFHlaneh89oIxTZN0FMTpg21GZMAvIzhEt7DGdO7HLsW7JniN7/OZ0\n" +

106
        "rACmpK5frmZrLS03zUm8c+rTbazNfYLoZVG3/mDZbKIi+4y8IGnFcgLVsHsYoBNP\n" +

107
        "G0c=\n" +

108
        "-----END CERTIFICATE-----";

109


110
    // a delegated CRL issuer, it's a self-issued certificate of sub-ca

111
    static String subCrlIssuerCertStr =

112
        "-----BEGIN CERTIFICATE-----\n" +

113
        "MIICUDCCAbmgAwIBAgIBBDANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +

114
        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA2MjgxMzMyMjdaFw0yOTAzMTUxMzMyMjda\n" +

115
        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +

116
        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+8AcLJtGAVUWvv3ifcyQw\n" +

117
        "OGqwzcPrBw/XCs6vTMlcdtFzcH1M+Z3/QHN9+5VT1gqeTIZ+b8g9005Og3XKy/HX\n" +

118
        "obXZeLv20VZsr+jm52ySghEYOVCTJ9OyFOAp5adp6nf0cA66Feh3LsmVhpTEcDOG\n" +

119
        "GnyntQm0DBYxRoOT/GBlvQIDAQABo4GJMIGGMB0GA1UdDgQWBBSRWhMuZLQoHSDN\n" +

120
        "xhxr+vdDmfAY8jBHBgNVHSMEQDA+gBSQ52Dpau+gtL+Kc31dusYnKj16ZaEjpCEw\n" +

121
        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +

122
        "AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEEBQADgYEAMIDZLdOLFiPyS1bh\n" +

123
        "Ch4eUYHT+K1WG93skbga3kVYg3GSe+gctwkKwKK13bwfi8zc7wwz6MtmQwEYhppc\n" +

124
        "pKKKEwi5QirBCP54rihLCvRQaj6ZqUJ6VP+zPAqHYMDbzlBbHtVF/1lQUP30I6SV\n" +

125
        "Fu987DvLmZ2GuQA9FKJsnlD9pbU=\n" +

126
        "-----END CERTIFICATE-----";

127


128
    // the target EE certificate

129
    static String targetCertStr =

130
        "-----BEGIN CERTIFICATE-----\n" +

131
        "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" +

132
        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA2MjgxMzMy\n" +

133
        "MzBaFw0yOTAzMTUxMzMyMzBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +

134
        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +

135
        "9w0BAQEFAAOBjQAwgYkCgYEA7wnsvR4XEOfVznf40l8ClLod+7L0y2/+smVV+GM/\n" +

136
        "T1/QF/stajAJxXNy08gK00WKZ6ruTHhR9vh/Z6+EQM2RZDCpU0A7LPa3kLE/XTmS\n" +

137
        "1MLDu8ntkdlpURpvhdDWem+rl2HU5oZgzV8Jkcov9vXuSjqEDfr45FlPuV40T8+7\n" +

138
        "cxsCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSBwsAhi6Z1kriOs3ty\n" +

139
        "uSIujv9a3DAfBgNVHSMEGDAWgBRidC8Dt3dBzYESKpR2tR560sZ0+zANBgkqhkiG\n" +

140
        "9w0BAQQFAAOBgQDEiBqd5AMy2SQopFaS3dYkzj8MHlwtbCSoNVYkOfDnewcatrbk\n" +

141
        "yFcp6FX++PMdOQFHWvvnDdkCUAzZQp8kCkF9tGLVLBtOK7XxQ1us1LZym7kOPzsd\n" +

142
        "G93Dcf0U1JRO77juc61Br5paAy8Bok18Y/MeG7uKgB2MAEJYKhGKbCrfMw==\n" +

143
        "-----END CERTIFICATE-----";

144


145
    private static Set<TrustAnchor> generateTrustAnchors()

146
            throws CertificateException {

147
        // generate certificate from cert string

148
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

149


150
        ByteArrayInputStream is =

151
                    new ByteArrayInputStream(selfSignedCertStr.getBytes());

152
        Certificate selfSignedCert = cf.generateCertificate(is);

153


154
        // generate a trust anchor

155
        TrustAnchor anchor =

156
            new TrustAnchor((X509Certificate)selfSignedCert, null);

157


158
        return Collections.singleton(anchor);

159
    }

160


161
    private static CertStore generateCertificateStore() throws Exception {

162
        Collection entries = new HashSet();

163


164
        // generate certificate from certificate string

165
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

166


167
        ByteArrayInputStream is;

168


169
        is = new ByteArrayInputStream(targetCertStr.getBytes());

170
        Certificate cert = cf.generateCertificate(is);

171
        entries.add(cert);

172


173
        is = new ByteArrayInputStream(subCaCertStr.getBytes());

174
        cert = cf.generateCertificate(is);

175
        entries.add(cert);

176


177
        is = new ByteArrayInputStream(selfSignedCertStr.getBytes());

178
        cert = cf.generateCertificate(is);

179
        entries.add(cert);

180


181
        is = new ByteArrayInputStream(topCrlIssuerCertStr.getBytes());

182
        cert = cf.generateCertificate(is);

183
        entries.add(cert);

184


185
        is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());

186
        cert = cf.generateCertificate(is);

187
        entries.add(cert);

188


189
        return CertStore.getInstance("Collection",

190
                            new CollectionCertStoreParameters(entries));

191
    }

192


193
    private static X509CertSelector generateSelector(String name)

194
                throws Exception {

195
        X509CertSelector selector = new X509CertSelector();

196


197
        // generate certificate from certificate string

198
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

199
        ByteArrayInputStream is = null;

200
        if (name.equals("subca")) {

201
            is = new ByteArrayInputStream(subCaCertStr.getBytes());

202
        } else if (name.equals("subci")) {

203
            is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());

204
        } else {

205
            is = new ByteArrayInputStream(targetCertStr.getBytes());

206
        }

207


208
        X509Certificate target = (X509Certificate)cf.generateCertificate(is);

209
        byte[] extVal = target.getExtensionValue("2.5.29.14");

210
        if (extVal != null) {

211
            DerInputStream in = new DerInputStream(extVal);

212
            byte[] subjectKID = in.getOctetString();

213
            selector.setSubjectKeyIdentifier(subjectKID);

214
        } else {

215
            // unlikely to happen.

216
            throw new Exception("unexpected certificate: no SKID extension");

217
        }

218


219
        return selector;

220
    }

221


222
    private static boolean match(String name, Certificate cert)

223
                throws Exception {

224
        X509CertSelector selector = new X509CertSelector();

225


226
        // generate certificate from certificate string

227
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

228
        ByteArrayInputStream is = null;

229
        if (name.equals("subca")) {

230
            is = new ByteArrayInputStream(subCaCertStr.getBytes());

231
        } else if (name.equals("subci")) {

232
            is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());

233
        } else {

234
            is = new ByteArrayInputStream(targetCertStr.getBytes());

235
        }

236
        X509Certificate target = (X509Certificate)cf.generateCertificate(is);

237


238
        return target.equals(cert);

239
    }

240


241


242
    public static void main(String[] args) throws Exception {

243
        // MD5 is used in this test case, don't disable MD5 algorithm.

244
        Security.setProperty(

245
                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");

246


247
        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");

248


249
        X509CertSelector selector = generateSelector(args[0]);

250


251
        Set<TrustAnchor> anchors = generateTrustAnchors();

252
        CertStore certs = generateCertificateStore();

253


254


255
        PKIXBuilderParameters params =

256
                new PKIXBuilderParameters(anchors, selector);

257
        params.addCertStore(certs);

258
        params.setRevocationEnabled(false);

259
        params.setDate(new Date(109, 7, 1));   // 2009-07-01

260
        Security.setProperty("ocsp.enable", "false");

261
        System.setProperty("com.sun.security.enableCRLDP", "false");

262


263
        PKIXCertPathBuilderResult result =

264
                (PKIXCertPathBuilderResult)builder.build(params);

265


266
        if (!match(args[0], result.getCertPath().getCertificates().get(0))) {

267
            throw new Exception("unexpected certificate");

268
        }

269
    }

270
}

271


272