1/*
2 * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/**
25 * @test
26 * @bug 4459538
27 * @summary make sure that target constraints are processed correctly
28 *      by a PKIX CertPathValidator
29 */
30
31import java.io.File;
32import java.io.FileInputStream;
33import java.io.IOException;
34
35import java.math.BigInteger;
36
37import java.security.cert.CertificateFactory;
38import java.security.cert.CertPath;
39import java.security.cert.CertPathValidator;
40import java.security.cert.CertPathValidatorException;
41import java.security.cert.CertPathValidatorResult;
42import java.security.cert.PKIXParameters;
43import java.security.cert.TrustAnchor;
44import java.security.cert.X509Certificate;
45import java.security.cert.X509CertSelector;
46
47import java.util.ArrayList;
48import java.util.Collections;
49import java.util.List;
50import java.util.Set;
51
52/**
53 * ValidateTargetConstraints performs a simple validation of a certification
54 * path, but adds a requirement that the serial number of the last
55 * certificate match an arbitrarily chosen number. This should cause the
56 * validation to fail.
57 *
58 * @author      Steve Hanna
59 * @author      Sean Mullan
60 */
61public final class ValidateTargetConstraints {
62
63    private static CertPath path;
64    private static PKIXParameters params;
65
66    public static void main(String[] args) throws Exception {
67
68        String[] certs = { "sun.cer", "sun2labs1.cer" };
69
70        try {
71            createPath(certs);
72            validate(path, params);
73            throw new Exception
74                ("CertPath should not have been validated succesfully");
75        } catch (CertPathValidatorException cpve) {
76            System.out.println("Test failed as expected: " + cpve);
77        }
78    }
79
80    public static void createPath(String[] certs) throws Exception {
81        TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
82        List list = new ArrayList();
83        for (int i = 1; i < certs.length; i++) {
84            list.add(0, getCertFromFile(certs[i]));
85        }
86        CertificateFactory cf = CertificateFactory.getInstance("X509");
87        path = cf.generateCertPath(list);
88
89        Set anchors = Collections.singleton(anchor);
90        params = new PKIXParameters(anchors);
91        params.setRevocationEnabled(false);
92        X509CertSelector sel = new X509CertSelector();
93        sel.setSerialNumber(new BigInteger("1427"));
94        params.setTargetCertConstraints(sel);
95    }
96
97    /**
98     * Get a DER-encoded X.509 certificate from a file.
99     *
100     * @param certFilePath path to file containing DER-encoded certificate
101     * @return X509Certificate
102     * @throws IOException on error
103     */
104    public static X509Certificate getCertFromFile(String certFilePath)
105        throws IOException {
106            X509Certificate cert = null;
107            try {
108                File certFile = new File(System.getProperty("test.src", "."),
109                    certFilePath);
110                FileInputStream certFileInputStream =
111                    new FileInputStream(certFile);
112                CertificateFactory cf = CertificateFactory.getInstance("X509");
113                cert = (X509Certificate)
114                    cf.generateCertificate(certFileInputStream);
115            } catch (Exception e) {
116                e.printStackTrace();
117                throw new IOException("Can't construct X509Certificate: " +
118                                      e.getMessage());
119            }
120            return cert;
121    }
122
123    /**
124     * Perform a PKIX validation.
125     *
126     * @param path CertPath to validate
127     * @param params PKIXParameters to use in validation
128     * @throws Exception on error
129     */
130    public static void validate(CertPath path, PKIXParameters params)
131        throws Exception {
132        CertPathValidator validator =
133            CertPathValidator.getInstance("PKIX");
134        CertPathValidatorResult cpvr = validator.validate(path, params);
135    }
136}
137