1/*
2 * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/**
25 * @test
26 * @bug 4458778
27 * @summary verify name constraints check for min and max fields
28 */
29
30import java.io.ByteArrayOutputStream;
31import java.io.File;
32import java.io.FileInputStream;
33import java.io.InputStream;
34import java.io.IOException;
35
36import java.security.cert.CertificateFactory;
37import java.security.cert.CertPath;
38import java.security.cert.CertPathValidator;
39import java.security.cert.CertPathValidatorException;
40import java.security.cert.CertPathValidatorResult;
41import java.security.cert.PKIXParameters;
42import java.security.cert.TrustAnchor;
43import java.security.cert.X509Certificate;
44
45import java.util.ArrayList;
46import java.util.Collections;
47import java.util.List;
48import java.util.Set;
49
50public final class VerifyNameConstraints {
51
52    private static PKIXParameters params;
53    private static CertPath path;
54
55    public static void main(String[] args) throws Exception {
56
57        String[] certs = { "sun.cer", "sun2labs2.cer", "labs2isrg2.cer" };
58        try {
59            createPath(certs);
60            validate(path, params);
61            throw new Exception
62                ("CertPath should not have been validated succesfully");
63        } catch (CertPathValidatorException cve) {
64            System.out.println("Test failed as expected: " + cve);
65        }
66    }
67
68    public static void createPath(String[] certs) throws Exception {
69        TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
70        List list = new ArrayList();
71        for (int i = 1; i < certs.length; i++) {
72            list.add(0, getCertFromFile(certs[i]));
73        }
74        CertificateFactory cf = CertificateFactory.getInstance("X509");
75        path = cf.generateCertPath(list);
76
77        Set anchors = Collections.singleton(anchor);
78        params = new PKIXParameters(anchors);
79        params.setRevocationEnabled(false);
80    }
81
82    /*
83     * Reads the entire input stream into a byte array.
84     */
85    private static byte[] getTotalBytes(InputStream is) throws IOException {
86        byte[] buffer = new byte[8192];
87        ByteArrayOutputStream baos = new ByteArrayOutputStream(2048);
88        int n;
89        baos.reset();
90        while ((n = is.read(buffer, 0, buffer.length)) != -1) {
91            baos.write(buffer, 0, n);
92        }
93        return baos.toByteArray();
94    }
95
96    /**
97     * Get a DER-encoded X.509 certificate from a file.
98     *
99     * @param certFilePath path to file containing DER-encoded certificate
100     * @return X509Certificate
101     * @throws IOException on error
102     */
103    public static X509Certificate getCertFromFile(String certFilePath)
104        throws IOException {
105            X509Certificate cert = null;
106            try {
107                File certFile = new File(System.getProperty("test.src", "."),
108                    certFilePath);
109                FileInputStream certFileInputStream =
110                    new FileInputStream(certFile);
111                CertificateFactory cf = CertificateFactory.getInstance("X509");
112                cert = (X509Certificate)
113                    cf.generateCertificate(certFileInputStream);
114            } catch (Exception e) {
115                e.printStackTrace();
116                throw new IOException("Can't construct X509Certificate: " +
117                                      e.getMessage());
118            }
119            return cert;
120    }
121
122    /**
123     * Perform a PKIX validation. On success, print the
124     * CertPathValidatorResult on System.out. On failure,
125     * throw an exception.
126     *
127     * @param path CertPath to validate
128     * @param params PKIXParameters to use in validation
129     * @throws Exception on error
130     */
131    public static void validate(CertPath path, PKIXParameters params)
132        throws Exception {
133        CertPathValidator validator =
134            CertPathValidator.getInstance("PKIX");
135        CertPathValidatorResult cpvr = validator.validate(path, params);
136    }
137}
138