1/*
2 * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/**
25 * @test
26 *
27 * @bug 6845286
28 * @summary Add regression test for name constraints
29 * @author Xuelei Fan
30 */
31
32import java.io.*;
33import java.net.SocketException;
34import java.util.*;
35import java.security.Security;
36import java.security.cert.*;
37import java.security.cert.CertPathValidatorException.BasicReason;
38
39public class NameConstraintsWithUnexpectedRID {
40
41    static String selfSignedCertStr =
42        "-----BEGIN CERTIFICATE-----\n" +
43        "MIICTjCCAbegAwIBAgIJAIoSzC1A/k4vMA0GCSqGSIb3DQEBBQUAMB8xCzAJBgNV\n" +
44        "BAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMB4XDTA5MDUwNzA5MjcxMloXDTMwMDQx\n" +
45        "NzA5MjcxMlowHzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGUwgZ8wDQYJ\n" +
46        "KoZIhvcNAQEBBQADgY0AMIGJAoGBANXzlv5Fn2cdgBRdEK/37/o8rqQXIRIMZqX6\n" +
47        "BPuo46Cdhctv+n3hu5bj/PwgJVbAJcqcQfDudSSF5gwGlRqDX9vekPSS47XZXjOZ\n" +
48        "qFcnDoWP0gSQXLYVVtjuItkecTrPyUE5v2lRIAh13MGKOSh3ZsrtFvj7Y5d9EqIP\n" +
49        "SLxWWPuHAgMBAAGjgZEwgY4wHQYDVR0OBBYEFFydJvQMB2j4EDHW2bQabNsPUvDt\n" +
50        "ME8GA1UdIwRIMEaAFFydJvQMB2j4EDHW2bQabNsPUvDtoSOkITAfMQswCQYDVQQG\n" +
51        "EwJVUzEQMA4GA1UEChMHRXhhbXBsZYIJAIoSzC1A/k4vMA8GA1UdEwEB/wQFMAMB\n" +
52        "Af8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA4GBAHgoopmZ1Q4qXhMDbbYQ\n" +
53        "YCi4Cg6cXPFblx5gzhWu/6l9SkvZbAZiLszgyMq5dGj9WyTtibNEp232dQsKTFu7\n" +
54        "3ag0DiFqoQ8btgvbwBlzhnRagoeVFjhuBBQutOScw7x8NCSBkZQow+31127mwu3y\n" +
55        "YGYhEmI2dNmgbv1hVYTGmLXW\n" +
56        "-----END CERTIFICATE-----";
57
58    static String subCaCertStr =
59        "-----BEGIN CERTIFICATE-----\n" +
60        "MIICdTCCAd6gAwIBAgIJAL+MYVyy7k5YMA0GCSqGSIb3DQEBBQUAMB8xCzAJBgNV\n" +
61        "BAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMB4XDTA5MDUwNzA5MjcxNFoXDTI5MDEy\n" +
62        "MjA5MjcxNFowMTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGUxEDAOBgNV\n" +
63        "BAsTB0NsYXNzLTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM2mwX8dhP3M\n" +
64        "i6ATRsd0wco+c7rsyEbP0CRQunVIP8/kOL8+zyQix+QZquY23tvBCbia424GXDkT\n" +
65        "irvK/M4yGzrdS51hA5dlH3SHY3CWOAqEPqKtNLn1My4MWtTiUWbHi0YjFuOv0BXz\n" +
66        "x9lTEfMf+3QcOgO5FitcqHIMP4jIlT+lAgMBAAGjgaYwgaMwHQYDVR0OBBYEFJHg\n" +
67        "eyEWcjxcAwc01BPQrau/4HJaME8GA1UdIwRIMEaAFFydJvQMB2j4EDHW2bQabNsP\n" +
68        "UvDtoSOkITAfMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXhhbXBsZYIJAIoSzC1A\n" +
69        "/k4vMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBMGA1UdHgQMMAqhCDAG\n" +
70        "iAQqAwQFMA0GCSqGSIb3DQEBBQUAA4GBAI3CDQWZiTlVVVqfCiZwc/yIL7G5bu2g\n" +
71        "ccgVz9PyKfTpq8vk59S23TvPwdPt4ZVx4RSoar9ONtbrcLxfP3X6WQ7e9popWNZV\n" +
72        "q49YfyU1tD5HFuxj7CAsvfykuRo4ovXaTCVWlTMi7fJJdzU0Eb4xkXXhiWT/RbHG\n" +
73        "R7J+8ROMZ+nR\n" +
74        "-----END CERTIFICATE-----";
75
76    static String targetCertStr =
77        "-----BEGIN CERTIFICATE-----\n" +
78        "MIICTzCCAbigAwIBAgIJAOA8c10w019UMA0GCSqGSIb3DQEBBQUAMDExCzAJBgNV\n" +
79        "BAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFzcy0xMB4XDTA5\n" +
80        "MDUwNzA5NTg0OVoXDTI5MDEyMjA5NTg0OVowQTELMAkGA1UEBhMCVVMxEDAOBgNV\n" +
81        "BAoTB0V4YW1wbGUxEDAOBgNVBAsTB0NsYXNzLTExDjAMBgNVBAMTBUFsaWNlMIGf\n" +
82        "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfekJF8IZeOe3Ff1rexVyx9yTmPSKh\n" +
83        "itEW7tW9m8DgqLGDptJLmbexvUCWNkFquQW1J8sjzjqrkIk8amA2SlHQ6Z15RoxC\n" +
84        "E19qi5V5ms97X3lyuJcwwtT24J5PBk9ic/V6zclsNXSj/NoqlciKMxyvRy9zWk6Z\n" +
85        "W5cVDf7DTzN2cwIDAQABo18wXTALBgNVHQ8EBAMCA+gwDgYDVR0RBAcwBYgDKgME\n" +
86        "MB0GA1UdDgQWBBRh8rvMhT17VI+S3pCVzTwQzVMjOTAfBgNVHSMEGDAWgBSR4Hsh\n" +
87        "FnI8XAMHNNQT0K2rv+ByWjANBgkqhkiG9w0BAQUFAAOBgQCNDnJ0Jz37+SmO9uRJ\n" +
88        "z5Rr15oJAKsde5LGhghHZwTTYInOwGOYAABkWRB7JhUHNjIoQg9veqObSHEgcYMh\n" +
89        "ZmO3rklIxyTeoyn86KR49cdvQUoqEhx1jKrEbFBsAwSbJDw//S+wNYgMHYtcynf4\n" +
90        "dcVScVdLUDeqE/3f+5yt1JPRuA==\n" +
91        "-----END CERTIFICATE-----";
92
93    private static CertPath generateCertificatePath()
94            throws CertificateException {
95        // generate certificate from cert strings
96        CertificateFactory cf = CertificateFactory.getInstance("X.509");
97
98        ByteArrayInputStream is;
99
100        is = new ByteArrayInputStream(targetCertStr.getBytes());
101        Certificate targetCert = cf.generateCertificate(is);
102
103        is = new ByteArrayInputStream(subCaCertStr.getBytes());
104        Certificate subCaCert = cf.generateCertificate(is);
105
106        is = new ByteArrayInputStream(selfSignedCertStr.getBytes());
107        Certificate selfSignedCert = cf.generateCertificate(is);
108
109        // generate certification path
110        List<Certificate> list = Arrays.asList(new Certificate[] {
111                        targetCert, subCaCert, selfSignedCert});
112
113        return cf.generateCertPath(list);
114    }
115
116    private static Set<TrustAnchor> generateTrustAnchors()
117            throws CertificateException {
118        // generate certificate from cert string
119        CertificateFactory cf = CertificateFactory.getInstance("X.509");
120
121        ByteArrayInputStream is =
122                    new ByteArrayInputStream(selfSignedCertStr.getBytes());
123        Certificate selfSignedCert = cf.generateCertificate(is);
124
125        // generate a trust anchor
126        TrustAnchor anchor =
127            new TrustAnchor((X509Certificate)selfSignedCert, null);
128
129        return Collections.singleton(anchor);
130    }
131
132    public static void main(String args[]) throws Exception {
133        CertPath path = generateCertificatePath();
134        Set<TrustAnchor> anchors = generateTrustAnchors();
135
136        PKIXParameters params = new PKIXParameters(anchors);
137
138        // disable certificate revocation checking
139        params.setRevocationEnabled(false);
140
141        // set the validation time
142        params.setDate(new Date(109, 5, 8));   // 2009-05-01
143
144        // disable OCSP checker
145        Security.setProperty("ocsp.enable", "false");
146
147        // disable CRL checker
148        System.setProperty("com.sun.security.enableCRLDP", "false");
149
150        CertPathValidator validator = CertPathValidator.getInstance("PKIX");
151
152        try {
153            validator.validate(path, params);
154            throw new Exception("Should thrown UnsupportedOperationException");
155        } catch (UnsupportedOperationException uoe) {
156            // that is the expected exception.
157        }
158    }
159}
160