Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/x509/X509CRLImpl/OrderAndDup.java
38853 views
/*1* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 714387226* @summary Improve certificate extension processing27*/28import java.io.ByteArrayInputStream;29import java.math.BigInteger;30import java.security.KeyPairGenerator;31import java.security.cert.CertificateFactory;32import java.security.cert.X509CRLEntry;33import java.util.Date;34import sun.security.util.DerInputStream;35import sun.security.util.DerValue;36import sun.security.x509.*;3738public class OrderAndDup {39public static void main(String[] args) throws Exception {4041// Generate 20 serial numbers with dup and a special order42int count = 20;43BigInteger[] serials = new BigInteger[count];44for (int i=0; i<count; i++) {45serials[i] = BigInteger.valueOf(i*7%10);46}4748// Generates a CRL49X509CRLEntry[] badCerts = new X509CRLEntry[count];50for (int i=0; i<count; i++) {51badCerts[i] = new X509CRLEntryImpl(serials[i],52new Date(System.currentTimeMillis()+i*1000));53}54X500Name owner = new X500Name("CN=CA");55X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);56KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");57crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");58byte[] data = crl.getEncodedInternal();5960// Check the encoding61checkData(crl, data, serials);6263// Load a CRL from raw data64CertificateFactory cf = CertificateFactory.getInstance("X.509");65X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));6667// Check the encoding again68data = crl2.getEncodedInternal();69checkData(crl2, data, serials);70}7172// Check the raw data's ASN.1 structure to see if the revoked certs73// have the same number and correct order as inserted74static void checkData(X509CRLImpl c, byte[] data, BigInteger[] expected)75throws Exception {76if (c.getRevokedCertificates().size() != expected.length) {77throw new Exception("Wrong count in CRL object, now " +78c.getRevokedCertificates().size());79}80DerValue d1 = new DerValue(data);81// revokedCertificates at 5th place of TBSCertList82DerValue[] d2 = new DerInputStream(83d1.data.getSequence(0)[4].toByteArray())84.getSequence(0);85if (d2.length != expected.length) {86throw new Exception("Wrong count in raw data, now " + d2.length);87}88for (int i=0; i<d2.length; i++) {89// Serial is first in revokedCertificates entry90BigInteger bi = d2[i].data.getBigInteger();91if (!bi.equals(expected[i])) {92throw new Exception("Entry at #" + i + " is " + bi93+ ", should be " + expected[i]);94}95}96}97}9899100101