Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/x509/X509CertImpl/V3Certificate.java
38854 views
/*1* Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import java.io.File;24import java.io.FileInputStream;25import java.io.FileOutputStream;26import java.io.IOException;27import java.io.InputStream;28import java.io.OutputStream;29import java.io.PrintWriter;30import static java.lang.System.out;31import java.security.InvalidKeyException;32import java.security.KeyPair;33import java.security.KeyPairGenerator;34import java.security.MessageDigest;35import java.security.NoSuchAlgorithmException;36import java.security.NoSuchProviderException;37import java.security.PrivateKey;38import java.security.PublicKey;39import java.security.Signature;40import java.security.SignatureException;41import java.security.cert.CertificateException;42import java.security.cert.CertificateFactory;43import java.security.cert.X509Certificate;44import java.util.Calendar;45import java.util.Date;46import java.util.TimeZone;47import sun.misc.BASE64Encoder;48import sun.security.util.BitArray;49import sun.security.util.ObjectIdentifier;50import sun.security.x509.*;5152/**53* @test54* @bug 804923755* @summary This test generates V3 certificate with all the supported56* extensions. Writes back the generated certificate in to a file and checks for57* equality with the original certificate.58*/59public class V3Certificate {6061public static final String V3_FILE = "certV3";62public static final String V3_B64_FILE = "certV3.b64";6364public static void main(String[] args) throws IOException,65NoSuchAlgorithmException, InvalidKeyException, CertificateException,66NoSuchProviderException, SignatureException {6768boolean success = true;6970success &= test("RSA", "SHA256withRSA", 2048);71success &= test("DSA", "SHA256withDSA", 2048);72success &= test("EC", "SHA256withECDSA", 384);7374if (!success) {75throw new RuntimeException("At least one test case failed");76}77}7879public static boolean test(String algorithm, String sigAlg, int keyLength)80throws IOException,81NoSuchAlgorithmException,82InvalidKeyException,83CertificateException,84NoSuchProviderException,85SignatureException {8687byte[] issuerId = {1, 2, 3, 4, 5};88byte[] subjectId = {6, 7, 8, 9, 10};89boolean testResult = true;9091// Subject and Issuer92X500Name subject = new X500Name("test", "Oracle", "Santa Clara",93"US");94X500Name issuer = subject;9596// Generate keys and sign97KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);98keyGen.initialize(keyLength);99KeyPair pair = keyGen.generateKeyPair();100PublicKey publicKey = pair.getPublic();101PrivateKey privateKey = pair.getPrivate();102MessageDigest md = MessageDigest.getInstance("SHA");103byte[] keyId = md.digest(publicKey.getEncoded());104105Signature signature = Signature.getInstance(sigAlg);106signature.initSign(privateKey);107108// Validity interval109Date firstDate = new Date();110Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("PST"));111cal.set(2014, 03, 10, 12, 30, 30);112Date lastDate = cal.getTime();113CertificateValidity interval = new CertificateValidity(firstDate,114lastDate);115116// Certificate Info117X509CertInfo cert = new X509CertInfo();118119cert.set(X509CertInfo.VERSION,120new CertificateVersion(CertificateVersion.V3));121cert.set(X509CertInfo.SERIAL_NUMBER,122new CertificateSerialNumber((int) (firstDate.getTime() / 1000)));123cert.set(X509CertInfo.ALGORITHM_ID,124new CertificateAlgorithmId(AlgorithmId.get(sigAlg)));125cert.set(X509CertInfo.SUBJECT, subject);126cert.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));127cert.set(X509CertInfo.VALIDITY, interval);128cert.set(X509CertInfo.ISSUER, issuer);129130cert.set(X509CertInfo.ISSUER_ID,131new UniqueIdentity(132new BitArray(issuerId.length * 8 - 2, issuerId)));133cert.set(X509CertInfo.SUBJECT_ID, new UniqueIdentity(subjectId));134135// Create Extensions136CertificateExtensions exts = new CertificateExtensions();137138GeneralNameInterface mailInf = new RFC822Name("[email protected]");139GeneralName mail = new GeneralName(mailInf);140GeneralNameInterface dnsInf = new DNSName("Oracle.com");141GeneralName dns = new GeneralName(dnsInf);142GeneralNameInterface uriInf = new URIName("http://www.Oracle.com");143GeneralName uri = new GeneralName(uriInf);144145// localhost146byte[] address = new byte[]{127, 0, 0, 1};147148GeneralNameInterface ipInf = new IPAddressName(address);149GeneralName ip = new GeneralName(ipInf);150int[] oidData = new int[]{1, 2, 3, 4};151152GeneralNameInterface oidInf = new OIDName(new ObjectIdentifier(oidData));153GeneralName oid = new GeneralName(oidInf);154155SubjectAlternativeNameExtension subjectName156= new SubjectAlternativeNameExtension();157IssuerAlternativeNameExtension issuerName158= new IssuerAlternativeNameExtension();159160GeneralNames subjectNames161= (GeneralNames) subjectName.162get(SubjectAlternativeNameExtension.SUBJECT_NAME);163164GeneralNames issuerNames165= (GeneralNames) issuerName.166get(IssuerAlternativeNameExtension.ISSUER_NAME);167168subjectNames.add(mail);169subjectNames.add(dns);170subjectNames.add(uri);171172issuerNames.add(ip);173issuerNames.add(oid);174175cal.set(2000, 11, 15, 12, 30, 30);176lastDate = cal.getTime();177PrivateKeyUsageExtension pkusage178= new PrivateKeyUsageExtension(firstDate, lastDate);179180KeyUsageExtension usage = new KeyUsageExtension();181usage.set(KeyUsageExtension.CRL_SIGN, true);182usage.set(KeyUsageExtension.DIGITAL_SIGNATURE, true);183usage.set(KeyUsageExtension.NON_REPUDIATION, true);184185KeyIdentifier kid = new KeyIdentifier(keyId);186SerialNumber sn = new SerialNumber(42);187AuthorityKeyIdentifierExtension aki188= new AuthorityKeyIdentifierExtension(kid, subjectNames, sn);189190SubjectKeyIdentifierExtension ski191= new SubjectKeyIdentifierExtension(keyId);192193BasicConstraintsExtension cons194= new BasicConstraintsExtension(true, 10);195196PolicyConstraintsExtension pce = new PolicyConstraintsExtension(2, 4);197198exts.set(SubjectAlternativeNameExtension.NAME, subjectName);199exts.set(IssuerAlternativeNameExtension.NAME, issuerName);200exts.set(PrivateKeyUsageExtension.NAME, pkusage);201exts.set(KeyUsageExtension.NAME, usage);202exts.set(AuthorityKeyIdentifierExtension.NAME, aki);203exts.set(SubjectKeyIdentifierExtension.NAME, ski);204exts.set(BasicConstraintsExtension.NAME, cons);205exts.set(PolicyConstraintsExtension.NAME, pce);206cert.set(X509CertInfo.EXTENSIONS, exts);207208// Generate and sign X509CertImpl209X509CertImpl crt = new X509CertImpl(cert);210crt.sign(privateKey, sigAlg);211crt.verify(publicKey);212213try (FileOutputStream fos = new FileOutputStream(new File(V3_FILE));214FileOutputStream fos_b64215= new FileOutputStream(new File(V3_B64_FILE));216PrintWriter pw = new PrintWriter(fos_b64)) {217crt.encode((OutputStream) fos);218fos.flush();219220// Certificate boundaries/221pw.println("-----BEGIN CERTIFICATE-----");222pw.flush();223new BASE64Encoder().encodeBuffer(crt.getEncoded(), fos_b64);224fos_b64.flush();225pw.println("-----END CERTIFICATE-----");226}227228out.println("*** Certificate ***");229out.println(crt);230out.println("*** End Certificate ***");231232X509Certificate x2 = generateCertificate(V3_FILE);233if (!x2.equals(crt)) {234out.println("*** Certificate mismatch ***");235testResult = false;236}237238X509Certificate x3 = generateCertificate(V3_B64_FILE);239if (!x3.equals(crt)) {240out.println("*** Certificate mismatch ***");241testResult = false;242}243244return testResult;245}246247static X509Certificate generateCertificate(String certFile) {248try (InputStream inStrm = new FileInputStream(certFile)) {249CertificateFactory cf = CertificateFactory.getInstance("X509");250X509Certificate x2251= (X509Certificate) cf.generateCertificate(inStrm);252return x2;253} catch (CertificateException | IOException e) {254throw new RuntimeException("Exception while "255+ "genrating certificate for " + certFile, e);256}257}258}259260261