Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/provider/certpath/ResponderId/ResponderIdTests.java
38862 views
/*1* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 804632126* @summary OCSP Stapling for TLS (ResponderId tests)27*/2829import java.io.*;30import java.security.cert.*;31import java.security.KeyPair;32import java.security.KeyPairGenerator;33import java.util.AbstractMap;34import java.util.Arrays;35import java.util.Map;36import java.util.List;37import java.util.ArrayList;38import javax.security.auth.x500.X500Principal;39import sun.security.x509.KeyIdentifier;40import sun.security.provider.certpath.ResponderId;4142/*43* NOTE: this test uses Sun private classes which are subject to change.44*/45public class ResponderIdTests {4647private static final boolean debug = true;4849// Source certificate created with the following command:50// keytool -genkeypair -alias test1 -keyalg rsa -keysize 2048 \51// -validity 7300 -keystore test1.jks \52// -dname "CN=SelfSignedResponder, OU=Validation Services, O=FakeCompany"53private static final String RESP_CERT_1 =54"-----BEGIN CERTIFICATE-----\n" +55"MIIDQzCCAiugAwIBAgIEXTqCCjANBgkqhkiG9w0BAQsFADBSMRQwEgYDVQQKEwtG\n" +56"YWtlQ29tcGFueTEcMBoGA1UECxMTVmFsaWRhdGlvbiBTZXJ2aWNlczEcMBoGA1UE\n" +57"AxMTU2VsZlNpZ25lZFJlc3BvbmRlcjAeFw0xNDA4MTcwNDM2MzBaFw0zNDA4MTIw\n" +58"NDM2MzBaMFIxFDASBgNVBAoTC0Zha2VDb21wYW55MRwwGgYDVQQLExNWYWxpZGF0\n" +59"aW9uIFNlcnZpY2VzMRwwGgYDVQQDExNTZWxmU2lnbmVkUmVzcG9uZGVyMIIBIjAN\n" +60"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApt2Cmw2k9tviLxaxE8aWNuoosWKL\n" +61"h+K4mNcDGKSoiChsqRqeJEnOxijDZqyFwfkaXvpAduFqYjz+Lij2HumvAjHDTui6\n" +62"bGcbsndRDPjvVo1S7f1oWsg7oiA8Lzmjl452S7UNBsDX5Dt1e84Xxwi40B1J2y8D\n" +63"FRPfYRWRlC1Z4kzqkBBa7JhANS+W8KDstFZxL4AwWH/byNwB5dl2j04ohg/Ar54e\n" +64"mu08PIH3hmi0pAu5wn9ariA7UA5lFWRJzvgGXV5J+QVEFuvKmeJ/Q6tU5OBJGw98\n" +65"zjd7F5B0iE+rJHTNF1aGaQfIorz04onV2WjH2VZA18AaMwqlY2br1SBdTQIDAQAB\n" +66"oyEwHzAdBgNVHQ4EFgQUG09HasSTYaTIh/CxxV/rcJV1LvowDQYJKoZIhvcNAQEL\n" +67"BQADggEBAIcUomNpZxGkocIzzybLyeyC6vLF1k0/unuPAHZLDP3o2JTstPhLHOCg\n" +68"FYw1VG2i23pjwKK2x/o80tJAOmW6vowbAPnNmtNIYO3gB/ZGiKeORoGKBCRDNvFa\n" +69"6ZrWxwTzT3EpVwRe7ameES0uP8+S4q2P5LhwMIMw7vGHoOQJgkAh/NUiCli1qRnJ\n" +70"FYd6cHMJJK5gF2FqQ7tdbA26pS06bkIEvil2M5wyKKWOydOa/pr1LgMf9KxljJ8J\n" +71"XlAOO/mGZGkYmWnQaQuBIDyWunWYlhsyCXMa8AScgs0uUeQp19tO7R0f03q/JXoZ\n" +72"1At1gZiMS7SdQaRWP5q+FunAeFWjsFE=\n" +73"-----END CERTIFICATE-----";7475private static final String RESP_CERT_1_SUBJ =76"CN=SelfSignedResponder, OU=Validation Services, O=FakeCompany";7778private static X509Certificate cert = null;7980// The expected DER-encoding for a byName ResponderId derived81// from RESP_CERT_182private static final byte[] EXP_NAME_ID_BYTES = {83-95, 84, 48, 82, 49, 20, 48, 18,846, 3, 85, 4, 10, 19, 11, 70,8597, 107, 101, 67, 111, 109, 112, 97,86110, 121, 49, 28, 48, 26, 6, 3,8785, 4, 11, 19, 19, 86, 97, 108,88105, 100, 97, 116, 105, 111, 110, 32,8983, 101, 114, 118, 105, 99, 101, 115,9049, 28, 48, 26, 6, 3, 85, 4,913, 19, 19, 83, 101, 108, 102, 83,92105, 103, 110, 101, 100, 82, 101, 115,93112, 111, 110, 100, 101, 11494};9596// The expected DER-encoding for a byKey ResponderId derived97// from RESP_CERT_198private static final byte[] EXP_KEY_ID_BYTES = {99-94, 22, 4, 20, 27, 79, 71, 106,100-60, -109, 97, -92, -56, -121, -16, -79,101-59, 95, -21, 112, -107, 117, 46, -6102};103104// The DER encoding of a byKey ResponderId, but using an105// incorrect explicit tagging (CONTEXT CONSTRUCTED 3)106private static final byte[] INV_EXPLICIT_TAG_KEY_ID = {107-93, 22, 4, 20, 27, 79, 71, 106,108-60, -109, 97, -92, -56, -121, -16, -79,109-59, 95, -21, 112, -107, 117, 46, -6110};111112// These two ResponderId objects will have objects attached to them113// after the pos_CtorByName and pos_CtorByKeyId tests run. Those114// two tests should always be the first two that run.115public static ResponderId respByName;116public static ResponderId respByKeyId;117118public static void main(String[] args) throws Exception {119List<TestCase> testList = new ArrayList<>();120121testList.add(pos_CtorByName);122testList.add(pos_CtorByKeyId);123testList.add(pos_CtorByEncoding);124testList.add(neg_CtorByEncoding);125testList.add(pos_Equality);126testList.add(pos_GetEncoded);127testList.add(pos_GetRespName);128testList.add(pos_GetRespKeyId);129130// Load the certificate object we can use for subsequent tests131CertificateFactory cf = CertificateFactory.getInstance("X.509");132cert = (X509Certificate)cf.generateCertificate(133new ByteArrayInputStream(RESP_CERT_1.getBytes()));134135System.out.println("============ Tests ============");136int testNo = 0;137int numberFailed = 0;138Map.Entry<Boolean, String> result;139for (TestCase test : testList) {140System.out.println("Test " + ++testNo + ": " + test.getName());141result = test.runTest();142System.out.print("Result: " + (result.getKey() ? "PASS" : "FAIL"));143System.out.println(" " +144(result.getValue() != null ? result.getValue() : ""));145System.out.println("-------------------------------------------");146if (!result.getKey()) {147numberFailed++;148}149}150System.out.println("End Results: " + (testList.size() - numberFailed) +151" Passed" + ", " + numberFailed + " Failed.");152if (numberFailed > 0) {153throw new RuntimeException(154"One or more tests failed, see test output for details");155}156}157158private static void dumpHexBytes(byte[] data) {159if (data != null) {160for (int i = 0; i < data.length; i++) {161if (i % 16 == 0 && i != 0) {162System.out.print("\n");163}164System.out.print(String.format("%02X ", data[i]));165}166System.out.print("\n");167}168}169170public interface TestCase {171String getName();172Map.Entry<Boolean, String> runTest();173}174175public static final TestCase pos_CtorByName = new TestCase() {176@Override177public String getName() {178return "CTOR Test (by-name)";179}180181@Override182public Map.Entry<Boolean, String> runTest() {183Boolean pass = Boolean.FALSE;184String message = null;185try {186respByName = new ResponderId(cert.getSubjectX500Principal());187pass = Boolean.TRUE;188} catch (Exception e) {189e.printStackTrace(System.out);190message = e.getClass().getName();191}192193return new AbstractMap.SimpleEntry<>(pass, message);194}195};196197public static final TestCase pos_CtorByKeyId = new TestCase() {198@Override199public String getName() {200return "CTOR Test (by-keyID)";201}202203@Override204public Map.Entry<Boolean, String> runTest() {205Boolean pass = Boolean.FALSE;206String message = null;207try {208respByKeyId = new ResponderId(cert.getPublicKey());209pass = Boolean.TRUE;210} catch (Exception e) {211e.printStackTrace(System.out);212message = e.getClass().getName();213}214215return new AbstractMap.SimpleEntry<>(pass, message);216}217};218219public static final TestCase pos_CtorByEncoding = new TestCase() {220@Override221public String getName() {222return "CTOR Test (encoded bytes)";223}224225@Override226public Map.Entry<Boolean, String> runTest() {227Boolean pass = Boolean.FALSE;228String message = null;229try {230ResponderId ridByNameBytes = new ResponderId(EXP_NAME_ID_BYTES);231ResponderId ridByKeyIdBytes = new ResponderId(EXP_KEY_ID_BYTES);232233if (!ridByNameBytes.equals(respByName)) {234throw new RuntimeException(235"Equals failed: respNameFromBytes vs. respByName");236} else if (!ridByKeyIdBytes.equals(respByKeyId)) {237throw new RuntimeException(238"Equals failed: respKeyFromBytes vs. respByKeyId");239}240pass = Boolean.TRUE;241} catch (Exception e) {242e.printStackTrace(System.out);243message = e.getClass().getName();244}245246return new AbstractMap.SimpleEntry<>(pass, message);247}248};249250public static final TestCase neg_CtorByEncoding = new TestCase() {251@Override252public String getName() {253return "CTOR Test (by encoding, unknown explicit tag)";254}255256@Override257public Map.Entry<Boolean, String> runTest() {258Boolean pass = Boolean.FALSE;259String message = null;260try {261ResponderId ridByKeyIdBytes =262new ResponderId(INV_EXPLICIT_TAG_KEY_ID);263throw new RuntimeException("Expected IOException not thrown");264} catch (IOException ioe) {265// Make sure it's the IOException we're looking for266if (ioe.getMessage().contains("Invalid ResponderId content")) {267pass = Boolean.TRUE;268} else {269ioe.printStackTrace(System.out);270message = ioe.getClass().getName();271}272} catch (Exception e) {273e.printStackTrace(System.out);274message = e.getClass().getName();275}276277return new AbstractMap.SimpleEntry<>(pass, message);278}279};280281282public static final TestCase pos_Equality = new TestCase() {283@Override284public String getName() {285return "Simple Equality Test";286}287288@Override289public Map.Entry<Boolean, String> runTest() {290Boolean pass = Boolean.FALSE;291String message = null;292293try {294// byName ResponderId equality test295ResponderId compName =296new ResponderId(new X500Principal(RESP_CERT_1_SUBJ));297if (!respByName.equals(compName)) {298message = "ResponderId mismatch in byName comparison";299} else if (respByKeyId.equals(compName)) {300message = "Invalid ResponderId match in byKeyId comparison";301} else {302pass = Boolean.TRUE;303}304} catch (Exception e) {305e.printStackTrace(System.out);306message = e.getClass().getName();307}308309return new AbstractMap.SimpleEntry<>(pass, message);310}311};312313public static final TestCase pos_GetEncoded = new TestCase() {314@Override315public String getName() {316return "Get Encoded Value";317}318319@Override320public Map.Entry<Boolean, String> runTest() {321Boolean pass = Boolean.FALSE;322String message = null;323324try {325// Pull out byName and byKey encodings, they should match326// the expected values327if (!Arrays.equals(respByName.getEncoded(), EXP_NAME_ID_BYTES)) {328message = "ResponderId byName encoding did not " +329"match expected value";330} else if (!Arrays.equals(respByKeyId.getEncoded(), EXP_KEY_ID_BYTES)) {331message = "ResponderId byKeyId encoding did not " +332"match expected value";333} else {334pass = Boolean.TRUE;335}336} catch (Exception e) {337e.printStackTrace(System.out);338message = e.getClass().getName();339}340341return new AbstractMap.SimpleEntry<>(pass, message);342}343};344345public static final TestCase pos_GetRespName = new TestCase() {346@Override347public String getName() {348return "Get Underlying Responder Name";349}350351@Override352public Map.Entry<Boolean, String> runTest() {353Boolean pass = Boolean.FALSE;354String message = null;355356try {357// Test methods for pulling out the underlying358// X500Principal object359X500Principal testPrincipal =360new X500Principal(RESP_CERT_1_SUBJ);361if (!respByName.getResponderName().equals(testPrincipal)) {362message = "ResponderId Name did not match expected value";363} else if (respByKeyId.getResponderName() != null) {364message = "Non-null responder name returned from " +365"ResponderId constructed byKey";366} else {367pass = Boolean.TRUE;368}369} catch (Exception e) {370e.printStackTrace(System.out);371message = e.getClass().getName();372}373374return new AbstractMap.SimpleEntry<>(pass, message);375}376};377378public static final TestCase pos_GetRespKeyId = new TestCase() {379@Override380public String getName() {381return "Get Underlying Responder Key ID";382}383384@Override385public Map.Entry<Boolean, String> runTest() {386Boolean pass = Boolean.FALSE;387String message = null;388389try {390// Test methods for pulling out the underlying391// KeyIdentifier object. Note: There is a minute chance that392// an RSA public key, once hashed into a key ID might collide393// with the one extracted from the certificate used to create394// respByKeyId. This is so unlikely to happen it is considered395// virtually impossible.396KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");397kpg.initialize(2048);398KeyPair rsaKey = kpg.generateKeyPair();399KeyIdentifier testKeyId = new KeyIdentifier(rsaKey.getPublic());400401if (respByKeyId.getKeyIdentifier().equals(testKeyId)) {402message = "Unexpected match in ResponderId Key ID";403} else if (respByName.getKeyIdentifier() != null) {404message = "Non-null key ID returned from " +405"ResponderId constructed byName";406} else {407pass = Boolean.TRUE;408}409} catch (Exception e) {410e.printStackTrace(System.out);411message = e.getClass().getName();412}413414return new AbstractMap.SimpleEntry<>(pass, message);415}416};417418}419420421