1/*
2 * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/**
25 * @test
26 * @bug 4459538
27 * @summary make sure a PKIX CertPathBuilder throws an
28 *      InvalidAlgorithmParameterException if the target constraints
29 *      specified in the PKIXBuilderParameters is not an instance of
30 *      X509CertSelector.
31 */
32
33import java.io.File;
34import java.io.FileInputStream;
35import java.io.IOException;
36
37import java.security.InvalidAlgorithmParameterException;
38import java.security.cert.Certificate;
39import java.security.cert.CertificateFactory;
40import java.security.cert.CertPathBuilder;
41import java.security.cert.CertPathBuilderResult;
42import java.security.cert.PKIXBuilderParameters;
43import java.security.cert.TrustAnchor;
44import java.security.cert.X509Certificate;
45import java.security.cert.CertSelector;
46
47import java.util.Collections;
48import java.util.Set;
49
50/**
51 * BuildOddSel tries to perform a simple build of a certification path
52 * using the PKIX algorithm and a bogus target constraints CertSelector
53 * (one that is not an instance of X509CertSelector). On success, it should
54 * throw an InvalidAlgorithmParameterException.
55 *
56 * @author      Steve Hanna
57 * @author      Sean Mullan
58 */
59public final class BuildOddSel {
60
61    private static PKIXBuilderParameters params;
62    private static CertSelector sel;
63
64    public static void main(String[] args) throws Exception {
65
66        try {
67            createParams();
68            build(params);
69            throw new Exception
70                ("CertPath should not have been built successfully");
71        } catch (InvalidAlgorithmParameterException iape) {
72        }
73    }
74
75    /**
76     * CertSelector class that should cause SunCertPathBuilder to
77     * throw an InvalidAlgorithmParameterException.
78     */
79    static class OddSel implements CertSelector {
80        public Object clone() {
81            try {
82                return super.clone();
83            } catch (CloneNotSupportedException e) {
84                throw new UnknownError();
85            }
86        }
87        public boolean match(Certificate cert) {
88            return(false);
89        }
90    }
91
92    public static void createParams() throws Exception {
93        TrustAnchor anchor = new TrustAnchor(getCertFromFile("sun.cer"), null);
94        Set anchors = Collections.singleton(anchor);
95        // Create odd CertSelector
96        sel = new OddSel();
97        params = new PKIXBuilderParameters(anchors, sel);
98        params.setRevocationEnabled(false);
99    }
100
101    /**
102     * Get a DER-encoded X.509 certificate from a file.
103     *
104     * @param certFilePath path to file containing DER-encoded certificate
105     * @return X509Certificate
106     * @throws IOException on error
107     */
108    public static X509Certificate getCertFromFile(String certFilePath)
109        throws IOException {
110            X509Certificate cert = null;
111            try {
112                File certFile = new File(System.getProperty("test.src", "."),
113                    certFilePath);
114                FileInputStream certFileInputStream =
115                    new FileInputStream(certFile);
116                CertificateFactory cf = CertificateFactory.getInstance("X509");
117                cert = (X509Certificate)
118                    cf.generateCertificate(certFileInputStream);
119            } catch (Exception e) {
120                e.printStackTrace();
121                throw new IOException("Can't construct X509Certificate: " +
122                                      e.getMessage());
123            }
124            return cert;
125    }
126
127    /**
128     * Perform a PKIX build.
129     *
130     * @param params PKIXBuilderParameters to use in building
131     * @throws Exception on error
132     */
133    public static void build(PKIXBuilderParameters params)
134        throws Exception {
135        CertPathBuilder builder =
136            CertPathBuilder.getInstance("PKIX");
137        CertPathBuilderResult cpbr = builder.build(params);
138    }
139}
140