ReadCertificates.java revision 4479:cb83fe13af98 
1/*
2 * Copyright (c) 2006, 2007, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/**
25 * @test
26 * @bug 6405536 6414980
27 * @summary Make sure that we can parse certificates using various named curves
28 *   and verify their signatures
29 * @author Andreas Sterbenz
30 * @library ..
31 * @library ../../../../java/security/testlibrary
32 */
33
34import java.io.*;
35import java.util.*;
36
37import java.security.cert.*;
38import java.security.*;
39import java.security.interfaces.*;
40
41import javax.security.auth.x500.X500Principal;
42
43public class ReadCertificates extends PKCS11Test {
44
45    private static CertificateFactory factory;
46
47    private static SecureRandom random;
48
49    private static Collection<X509Certificate> readCertificates(File file) throws Exception {
50        System.out.println("Loading " + file.getName() + "...");
51        InputStream in = new FileInputStream(file);
52        Collection<X509Certificate> certs = (Collection<X509Certificate>)factory.generateCertificates(in);
53        in.close();
54        return certs;
55    }
56
57    public static void main(String[] args) throws Exception {
58        main(new ReadCertificates());
59    }
60
61    public void main(Provider p) throws Exception {
62        if (p.getService("Signature", "SHA1withECDSA") == null) {
63            System.out.println("Provider does not support ECDSA, skipping...");
64            return;
65        }
66        Providers.setAt(p, 1);
67
68        random = new SecureRandom();
69        factory = CertificateFactory.getInstance("X.509");
70        try {
71            // clear certificate cache in from a previous run with a different
72            // provider (undocumented hack for the Sun provider)
73            factory.generateCertificate(null);
74        } catch (CertificateException e) {
75            // ignore
76        }
77        Map<X500Principal,X509Certificate> certs = new LinkedHashMap<X500Principal,X509Certificate>();
78
79        File dir = new File(BASE, "certs");
80        File closedDir = new File(CLOSED_BASE, "certs");
81        File[] files = concat(dir.listFiles(), closedDir.listFiles());
82        Arrays.sort(files);
83        for (File file : files) {
84            if (file.isFile() == false) {
85                continue;
86            }
87            Collection<X509Certificate> certList = readCertificates(file);
88            for (X509Certificate cert : certList) {
89                X509Certificate old = certs.put(cert.getSubjectX500Principal(), cert);
90                if (old != null) {
91                    System.out.println("Duplicate subject:");
92                    System.out.println("Old Certificate: " + old);
93                    System.out.println("New Certificate: " + cert);
94                    throw new Exception(file.getPath());
95                }
96            }
97        }
98        System.out.println("OK: " + certs.size() + " certificates.");
99
100        for (X509Certificate cert : certs.values()) {
101            X509Certificate issuer = certs.get(cert.getIssuerX500Principal());
102            System.out.println("Verifying " + cert.getSubjectX500Principal() + "...");
103            PublicKey key = issuer.getPublicKey();
104            // First try the provider under test (if it does not support the
105            // necessary algorithm then try any registered provider).
106            try {
107                cert.verify(key, p.getName());
108            } catch (NoSuchAlgorithmException e) {
109                System.out.println("Warning: " + e.getMessage() +
110                ". Trying another provider...");
111                cert.verify(key);
112            }
113        }
114
115        // try some random invalid signatures to make sure we get the correct
116        // error
117        System.out.println("Checking incorrect signatures...");
118        List<X509Certificate> certList = new ArrayList<X509Certificate>(certs.values());
119        for (int i = 0; i < 20; i++) {
120            X509Certificate cert, signer;
121            do {
122                cert = getRandomCert(certList);
123                signer = getRandomCert(certList);
124            } while (cert.getIssuerX500Principal().equals(signer.getSubjectX500Principal()));
125            try {
126                cert.verify(signer.getPublicKey());
127                throw new Exception("Verified invalid signature");
128            } catch (SignatureException e) {
129                System.out.println("OK: " + e);
130            } catch (InvalidKeyException e) {
131                System.out.println("OK: " + e);
132            }
133        }
134
135        Security.removeProvider(p.getName());
136        System.out.println("OK");
137    }
138
139    private static X509Certificate getRandomCert(List<X509Certificate> certs) {
140        int n = random.nextInt(certs.size());
141        return certs.get(n);
142    }
143
144}
145