1/* 2 * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 25/** 26 * @test 27 * @bug 8021804 28 * @summary CertPath should validate even if the validity period of the 29 * root cert does not include the validity period of a subordinate 30 * cert. 31 */ 32 33import java.io.ByteArrayInputStream; 34import java.security.cert.*; 35import java.util.ArrayList; 36import java.util.Date; 37import java.util.HashSet; 38import java.util.Set; 39 40public class Validity { 41 42 /* 43 * Subject: OU=TestOrg, CN=TestCA 44 * Issuer: OU=TestOrg, CN=TestCA 45 * Validity 46 * Not Before: Feb 26 21:33:55 2014 GMT 47 Not After : Feb 26 21:33:55 2024 GMT 48 * Version 1 49 */ 50 static String CACertStr = 51 "-----BEGIN CERTIFICATE-----\n" + 52 "MIIBvTCCASYCCQCQRiTo4lBCFjANBgkqhkiG9w0BAQUFADAjMRAwDgYDVQQLDAdU\n" + 53 "ZXN0T3JnMQ8wDQYDVQQDDAZUZXN0Q0EwHhcNMTQwMjI2MjEzMzU1WhcNMjQwMjI2\n" + 54 "MjEzMzU1WjAjMRAwDgYDVQQLDAdUZXN0T3JnMQ8wDQYDVQQDDAZUZXN0Q0EwgZ8w\n" + 55 "DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOtKS4ZrsM3ansd61ZxitcrN0w184I+A\n" + 56 "z0kyrSP1eMtlam+cC2U91NpTz11FYV4XUfBhqqxaXW043AWTUer8pS90Pt4sCrUX\n" + 57 "COx1+QA1M3ZhbZ4sTM7XQ90JbGaBJ/sEza9mlQP7hQ2yQO/hATKbP6J5qvgG2sT2\n" + 58 "S2WYjEgwNwmFAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAQ/CXEpnx2WY4LJtv4jwE\n" + 59 "4jIVirur3pdzV5oBhPyqqHMsyhQBkukCfX7uD7L5wN1+xuM81DfANpIxlnUfybp5\n" + 60 "CpjcmktLpmyK4kJ6XnSd2blbLOIpsr9x6FqxPxpVDlyw/ySHYrIG/GZdsLHgmzGn\n" + 61 "B06jeYzH8OLf879VxAxSsPc=\n" + 62 "-----END CERTIFICATE-----"; 63 64 /* 65 * Subject: OU=TestOrg, CN=TestEE0 66 * Issuer: OU=TestOrg, CN=TestCA 67 * Validity 68 * Not Before: Feb 26 22:55:12 2014 GMT 69 * Not After : Feb 25 22:55:12 2025 GMT 70 * Version 1 71 */ 72 static String EECertStr = 73 "-----BEGIN CERTIFICATE-----\n" + 74 "MIIBtjCCAR8CAQQwDQYJKoZIhvcNAQEFBQAwIzEQMA4GA1UECwwHVGVzdE9yZzEP\n" + 75 "MA0GA1UEAwwGVGVzdENBMB4XDTE0MDIyNjIyNTUxMloXDTI1MDIyNTIyNTUxMlow\n" + 76 "JDEQMA4GA1UECwwHVGVzdE9yZzEQMA4GA1UEAwwHVGVzdEVFMDCBnzANBgkqhkiG\n" + 77 "9w0BAQEFAAOBjQAwgYkCgYEAt8xz9W3ruCTHjSOtTX6cxsUZ0nRP6EavEfzgcOYh\n" + 78 "CXGA0gr+viSHq3c2vQBxiRny2hm5rLcqpPo+2OxZtw/ajxfyrV6d/r8YyQLBvyl3\n" + 79 "xdCZdOkG1DCM1oFAQDaSRt9wN5Zm5kyg7uMig5Y4L45fP9Yee4x6Xyh36qYbsR89\n" + 80 "rFMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQDZrPqSo08va1m9TOWOztTuWilGdjK/\n" + 81 "2Ed2WXg8utIpy6uAV+NaOYtHQ7ULQBVRNmwg9nKghbVbh+E/xpoihjl1x7OXass4\n" + 82 "TbwXA5GKFIFpNtDvATQ/QQZoCuCzw1FW/mH0Q7UEQ/9/iJdDad6ebkapeMwtj/8B\n" + 83 "s2IZV7s85CEOXw==\n" + 84 "-----END CERTIFICATE-----"; 85 86 public static void main(String[] args) throws Exception { 87 88 String[] certStrs = {EECertStr}; 89 String[] trustedCertStrs = {CACertStr}; 90 runTest(certStrs, trustedCertStrs); 91 92 System.out.println("Test passed."); 93 } 94 95 private static void runTest(String[] certStrs, 96 String[] trustedCertStrs) 97 throws Exception { 98 99 CertificateFactory cf = CertificateFactory.getInstance("X509"); 100 101 // Generate the CertPath from the certs named in certStrs 102 ArrayList<X509Certificate> certs = new ArrayList<>(); 103 for (String certStr : certStrs) { 104 certs.add(generateCert(certStr, cf)); 105 } 106 CertPath cp = cf.generateCertPath(certs); 107 108 // Generate the set of Trust Anchors from the certs named in 109 // trustedCertStrs 110 Set<TrustAnchor> trustAnchors = new HashSet<>(); 111 for (String trustedCertStr : trustedCertStrs) { 112 TrustAnchor ta = new TrustAnchor(generateCert(trustedCertStr, cf), 113 null); 114 trustAnchors.add(ta); 115 } 116 PKIXParameters params = new PKIXParameters(trustAnchors); 117 params.setDate(new Date(114, 3, 1)); // 2014-03-01 118 params.setRevocationEnabled(false); 119 120 // Attempt to validate the CertPath. If no exception thrown, successful. 121 CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); 122 cpv.validate(cp, params); 123 System.out.println("CertPath validation successful."); 124 } 125 126 private static X509Certificate generateCert(String certStr, 127 CertificateFactory cf) 128 throws Exception { 129 ByteArrayInputStream stream 130 = new ByteArrayInputStream(certStr.getBytes()); 131 return (X509Certificate) cf.generateCertificate(stream); 132 133 } 134} 135