1/* 2 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24/** 25 * @test 26 * @bug 4442566 7176326 27 * @summary check that we can build and validate a zero-length 28 * certpath when a trust anchor cert satisfies the target constraints 29 */ 30import java.io.ByteArrayInputStream; 31import java.security.cert.*; 32import java.util.Collections; 33 34public class ZeroLengthPath { 35 36 private static final String ANCHOR = 37 "-----BEGIN CERTIFICATE-----\n" + 38 "MIIBFzCBwgIBATANBgkqhkiG9w0BAQQFADAXMRUwEwYDVQQDEwxUcnVzdCBBbmNo\n" + 39 "b3IwHhcNMDIxMTA3MTE1NzAzWhcNMjIxMTA3MTE1NzAzWjAXMRUwEwYDVQQDEwxU\n" + 40 "cnVzdCBBbmNob3IwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA9uCj12hwDgC1n9go\n" + 41 "0ozQAVMM+DfX0vpKOemyGNp+ycSLfAq3pxBcUKbQhjSRL7YjPkEL8XC6pRLwyEoF\n" + 42 "osWweQIDAQABMA0GCSqGSIb3DQEBBAUAA0EAzZta5M1qbbozj7jWnNyTgB4HUpzv\n" + 43 "4eP0VYQb1pQY1/xEMczaRt+RuoIDnHCq5a1vOiwk6ZbdG6GlJKx9lj0oMQ==\n" + 44 "-----END CERTIFICATE-----"; 45 46 47 public static void main(String[] args) throws Exception { 48 49 ByteArrayInputStream is = new ByteArrayInputStream(ANCHOR.getBytes()); 50 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 51 X509Certificate cert = (X509Certificate)cf.generateCertificate(is); 52 53 X509CertSelector xcs = new X509CertSelector(); 54 xcs.setSubject(cert.getSubjectX500Principal().getName()); 55 PKIXBuilderParameters p = new PKIXBuilderParameters 56 (Collections.singleton(new TrustAnchor(cert, null)), xcs); 57 CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); 58 CertPath cp = buildCertPath(cpb, p); 59 validateCertPath(cp, p); 60 } 61 62 private static CertPath buildCertPath(CertPathBuilder cpb, 63 PKIXBuilderParameters params) 64 throws Exception 65 { 66 CertPathBuilderResult res = cpb.build(params); 67 if (res.getCertPath().getCertificates().size() != 0) { 68 throw new Exception("built path is not zero-length"); 69 } 70 return res.getCertPath(); 71 } 72 73 private static void validateCertPath(CertPath cp, PKIXParameters params) 74 throws Exception 75 { 76 CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); 77 CertPathValidatorResult cpvr = cpv.validate(cp, params); 78 } 79} 80