Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/java/security/testlibrary/CertUtils.java
38812 views
/*1* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/**24*25* @author Sean Mullan26* @author Steve Hanna27*28*/29import java.io.ByteArrayInputStream;30import java.io.ByteArrayOutputStream;31import java.io.File;32import java.io.FileInputStream;33import java.io.InputStream;34import java.io.IOException;35import java.security.cert.CertificateException;36import java.security.cert.CertificateFactory;37import java.security.cert.CertPath;38import java.security.cert.CertPathBuilder;39import java.security.cert.CertPathValidator;40import java.security.cert.CertStore;41import java.security.cert.CollectionCertStoreParameters;42import java.security.cert.CRLException;43import java.security.cert.PKIXBuilderParameters;44import java.security.cert.PKIXCertPathBuilderResult;45import java.security.cert.PKIXCertPathValidatorResult;46import java.security.cert.PKIXParameters;47import java.security.cert.X509Certificate;48import java.security.cert.X509CRL;49import java.util.ArrayList;50import java.util.HashSet;51import java.util.List;52import java.util.Set;5354/**55* Static utility methods useful for testing certificate/certpath APIs.56*/57public class CertUtils {5859private CertUtils() {}6061/**62* Get a DER-encoded X.509 certificate from a file.63*64* @param certFilePath path to file containing DER-encoded certificate65* @return the X509Certificate66* @throws CertificateException if the certificate type is not supported67* or cannot be parsed68* @throws IOException if the file cannot be opened69*/70public static X509Certificate getCertFromFile(String certFilePath)71throws CertificateException, IOException {72File certFile = new File(System.getProperty("test.src", "."),73certFilePath);74try (FileInputStream fis = new FileInputStream(certFile)) {75return (X509Certificate)76CertificateFactory.getInstance("X.509")77.generateCertificate(fis);78}79}8081/**82* Get a PEM-encoded X.509 certificate from a string.83*84* @param cert string containing the PEM-encoded certificate85* @return the X509Certificate86* @throws CertificateException if the certificate type is not supported87* or cannot be parsed88*/89public static X509Certificate getCertFromString(String cert)90throws CertificateException {91byte[] certBytes = cert.getBytes();92ByteArrayInputStream bais = new ByteArrayInputStream(certBytes);93return (X509Certificate)94CertificateFactory.getInstance("X.509").generateCertificate(bais);95}9697/**98* Get a DER-encoded X.509 CRL from a file.99*100* @param crlFilePath path to file containing DER-encoded CRL101* @return the X509CRL102* @throws CertificateException if the crl type is not supported103* @throws CRLException if the crl cannot be parsed104* @throws IOException if the file cannot be opened105*/106public static X509CRL getCRLFromFile(String crlFilePath)107throws CertificateException, CRLException, IOException {108File crlFile = new File(System.getProperty("test.src", "."),109crlFilePath);110try (FileInputStream fis = new FileInputStream(crlFile)) {111return (X509CRL)112CertificateFactory.getInstance("X.509").generateCRL(fis);113}114}115116/**117* Get a PEM-encoded X.509 crl from a string.118*119* @param crl string containing the PEM-encoded crl120* @return the X509CRL121* @throws CertificateException if the crl type is not supported122* @throws CRLException if the crl cannot be parsed123*/124public static X509CRL getCRLFromString(String crl)125throws CertificateException, CRLException {126byte[] crlBytes = crl.getBytes();127ByteArrayInputStream bais = new ByteArrayInputStream(crlBytes);128return (X509CRL)129CertificateFactory.getInstance("X.509").generateCRL(bais);130}131132/**133* Read a bunch of certs from files and create a CertPath from them.134*135* @param fileNames an array of <code>String</code>s that are file names136* @throws Exception on error137*/138public static CertPath buildPath(String [] fileNames) throws Exception {139return buildPath("", fileNames);140}141142/**143* Read a bunch of certs from files and create a CertPath from them.144*145* @param relPath relative path containing certs (must end in146* file.separator)147* @param fileNames an array of <code>String</code>s that are file names148* @throws Exception on error149*/150public static CertPath buildPath(String relPath, String [] fileNames)151throws Exception {152List<X509Certificate> list = new ArrayList<X509Certificate>();153for (int i = 0; i < fileNames.length; i++) {154list.add(0, getCertFromFile(relPath + fileNames[i]));155}156CertificateFactory cf = CertificateFactory.getInstance("X509");157return(cf.generateCertPath(list));158}159160161/**162* Read a bunch of certs from files and create a CertStore from them.163*164* @param fileNames an array of <code>String</code>s that are file names165* @return the <code>CertStore</code> created166* @throws Exception on error167*/168public static CertStore createStore(String [] fileNames) throws Exception {169return createStore("", fileNames);170}171172/**173* Read a bunch of certs from files and create a CertStore from them.174*175* @param relPath relative path containing certs (must end in176* file.separator)177* @param fileNames an array of <code>String</code>s that are file names178* @return the <code>CertStore</code> created179* @throws Exception on error180*/181public static CertStore createStore(String relPath, String [] fileNames)182throws Exception {183Set<X509Certificate> certs = new HashSet<X509Certificate>();184for (int i = 0; i < fileNames.length; i++) {185certs.add(getCertFromFile(relPath + fileNames[i]));186}187return CertStore.getInstance("Collection",188new CollectionCertStoreParameters(certs));189}190191/**192* Read a bunch of CRLs from files and create a CertStore from them.193*194* @param fileNames an array of <code>String</code>s that are file names195* @return the <code>CertStore</code> created196* @throws Exception on error197*/198public static CertStore createCRLStore(String [] fileNames)199throws Exception {200return createCRLStore("", fileNames);201}202203/**204* Read a bunch of CRLs from files and create a CertStore from them.205*206* @param relPath relative path containing CRLs (must end in file.separator)207* @param fileNames an array of <code>String</code>s that are file names208* @return the <code>CertStore</code> created209* @throws Exception on error210*/211public static CertStore createCRLStore(String relPath, String [] fileNames)212throws Exception {213Set<X509CRL> crls = new HashSet<X509CRL>();214for (int i = 0; i < fileNames.length; i++) {215crls.add(getCRLFromFile(relPath + fileNames[i]));216}217return CertStore.getInstance("Collection",218new CollectionCertStoreParameters(crls));219}220221/**222* Perform a PKIX path build. On failure, throw an exception.223*224* @param params PKIXBuilderParameters to use in validation225* @throws Exception on error226*/227public static PKIXCertPathBuilderResult build(PKIXBuilderParameters params)228throws Exception {229CertPathBuilder builder =230CertPathBuilder.getInstance("PKIX");231return (PKIXCertPathBuilderResult) builder.build(params);232}233234/**235* Perform a PKIX validation. On failure, throw an exception.236*237* @param path CertPath to validate238* @param params PKIXParameters to use in validation239* @throws Exception on error240*/241public static PKIXCertPathValidatorResult validate242(CertPath path, PKIXParameters params) throws Exception {243CertPathValidator validator =244CertPathValidator.getInstance("PKIX");245return (PKIXCertPathValidatorResult) validator.validate(path, params);246}247248/*249* Reads the entire input stream into a byte array.250*/251private static byte[] getTotalBytes(InputStream is) throws IOException {252byte[] buffer = new byte[8192];253ByteArrayOutputStream baos = new ByteArrayOutputStream(2048);254int n;255baos.reset();256while ((n = is.read(buffer, 0, buffer.length)) != -1) {257baos.write(buffer, 0, n);258}259return baos.toByteArray();260}261}262263264