1/* 2 * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24/** 25 * @test 26 * @bug 4458778 27 * @summary verify name constraints check for min and max fields 28 */ 29 30import java.io.ByteArrayOutputStream; 31import java.io.File; 32import java.io.FileInputStream; 33import java.io.InputStream; 34import java.io.IOException; 35 36import java.security.cert.CertificateFactory; 37import java.security.cert.CertPath; 38import java.security.cert.CertPathValidator; 39import java.security.cert.CertPathValidatorException; 40import java.security.cert.CertPathValidatorResult; 41import java.security.cert.PKIXParameters; 42import java.security.cert.TrustAnchor; 43import java.security.cert.X509Certificate; 44 45import java.util.ArrayList; 46import java.util.Collections; 47import java.util.List; 48import java.util.Set; 49 50public final class VerifyNameConstraints { 51 52 private static PKIXParameters params; 53 private static CertPath path; 54 55 public static void main(String[] args) throws Exception { 56 57 String[] certs = { "sun.cer", "sun2labs2.cer", "labs2isrg2.cer" }; 58 try { 59 createPath(certs); 60 validate(path, params); 61 throw new Exception 62 ("CertPath should not have been validated succesfully"); 63 } catch (CertPathValidatorException cve) { 64 System.out.println("Test failed as expected: " + cve); 65 } 66 } 67 68 public static void createPath(String[] certs) throws Exception { 69 TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null); 70 List list = new ArrayList(); 71 for (int i = 1; i < certs.length; i++) { 72 list.add(0, getCertFromFile(certs[i])); 73 } 74 CertificateFactory cf = CertificateFactory.getInstance("X509"); 75 path = cf.generateCertPath(list); 76 77 Set anchors = Collections.singleton(anchor); 78 params = new PKIXParameters(anchors); 79 params.setRevocationEnabled(false); 80 } 81 82 /* 83 * Reads the entire input stream into a byte array. 84 */ 85 private static byte[] getTotalBytes(InputStream is) throws IOException { 86 byte[] buffer = new byte[8192]; 87 ByteArrayOutputStream baos = new ByteArrayOutputStream(2048); 88 int n; 89 baos.reset(); 90 while ((n = is.read(buffer, 0, buffer.length)) != -1) { 91 baos.write(buffer, 0, n); 92 } 93 return baos.toByteArray(); 94 } 95 96 /** 97 * Get a DER-encoded X.509 certificate from a file. 98 * 99 * @param certFilePath path to file containing DER-encoded certificate 100 * @return X509Certificate 101 * @throws IOException on error 102 */ 103 public static X509Certificate getCertFromFile(String certFilePath) 104 throws IOException { 105 X509Certificate cert = null; 106 try { 107 File certFile = new File(System.getProperty("test.src", "."), 108 certFilePath); 109 FileInputStream certFileInputStream = 110 new FileInputStream(certFile); 111 CertificateFactory cf = CertificateFactory.getInstance("X509"); 112 cert = (X509Certificate) 113 cf.generateCertificate(certFileInputStream); 114 } catch (Exception e) { 115 e.printStackTrace(); 116 throw new IOException("Can't construct X509Certificate: " + 117 e.getMessage()); 118 } 119 return cert; 120 } 121 122 /** 123 * Perform a PKIX validation. On success, print the 124 * CertPathValidatorResult on System.out. On failure, 125 * throw an exception. 126 * 127 * @param path CertPath to validate 128 * @param params PKIXParameters to use in validation 129 * @throws Exception on error 130 */ 131 public static void validate(CertPath path, PKIXParameters params) 132 throws Exception { 133 CertPathValidator validator = 134 CertPathValidator.getInstance("PKIX"); 135 CertPathValidatorResult cpvr = validator.validate(path, params); 136 } 137} 138