391N/A/*
2362N/A * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
391N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
391N/A *
391N/A * This code is free software; you can redistribute it and/or modify it
391N/A * under the terms of the GNU General Public License version 2 only, as
391N/A * published by the Free Software Foundation.
391N/A *
391N/A * This code is distributed in the hope that it will be useful, but WITHOUT
391N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
391N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
391N/A * version 2 for more details (a copy is included in the LICENSE file that
391N/A * accompanied this code).
391N/A *
391N/A * You should have received a copy of the GNU General Public License version
391N/A * 2 along with this work; if not, write to the Free Software Foundation,
391N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
391N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
391N/A */
391N/A
5870N/A// This test case relies on updated static security property, no way to re-use
5870N/A// security property in samevm/agentvm mode.
5870N/A
391N/A/**
391N/A * @test
391N/A * @bug 6714842
391N/A * @library ../../../testlibrary
391N/A * @build CertUtils
5870N/A * @run main/othervm BuildEEBasicConstraints
391N/A * @summary make sure a PKIX CertPathBuilder builds a path to an
391N/A * end entity certificate when the setBasicConstraints method of the
391N/A * X509CertSelector of the targetConstraints PKIXBuilderParameters
391N/A * parameter is set to -2.
391N/A */
391N/A
5870N/Aimport java.security.Security;
391N/Aimport java.security.cert.Certificate;
391N/Aimport java.security.cert.CertPath;
391N/Aimport java.security.cert.CertStore;
391N/Aimport java.security.cert.CollectionCertStoreParameters;
391N/Aimport java.security.cert.PKIXBuilderParameters;
391N/Aimport java.security.cert.PKIXCertPathBuilderResult;
391N/Aimport java.security.cert.TrustAnchor;
391N/Aimport java.security.cert.X509Certificate;
391N/Aimport java.security.cert.X509CertSelector;
391N/Aimport java.util.ArrayList;
391N/Aimport java.util.Collections;
391N/Aimport java.util.List;
391N/A
391N/Apublic final class BuildEEBasicConstraints {
391N/A
391N/A public static void main(String[] args) throws Exception {
5870N/A // reset the security property to make sure that the algorithms
5870N/A // and keys used in this test are not disabled.
5870N/A Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
391N/A
391N/A X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
391N/A TrustAnchor anchor = new TrustAnchor
391N/A (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
391N/A X509CertSelector sel = new X509CertSelector();
391N/A sel.setBasicConstraints(-2);
391N/A PKIXBuilderParameters params = new PKIXBuilderParameters
391N/A (Collections.singleton(anchor), sel);
391N/A params.setRevocationEnabled(false);
391N/A X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
391N/A X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
391N/A ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
391N/A certs.add(caCert);
391N/A certs.add(eeCert);
391N/A CollectionCertStoreParameters ccsp =
391N/A new CollectionCertStoreParameters(certs);
391N/A CertStore cs = CertStore.getInstance("Collection", ccsp);
391N/A params.addCertStore(cs);
391N/A PKIXCertPathBuilderResult res = CertUtils.build(params);
391N/A CertPath cp = res.getCertPath();
391N/A // check that first certificate is an EE cert
391N/A List<? extends Certificate> certList = cp.getCertificates();
391N/A X509Certificate cert = (X509Certificate) certList.get(0);
391N/A if (cert.getBasicConstraints() != -1) {
391N/A throw new Exception("Target certificate is not an EE certificate");
391N/A }
391N/A }
391N/A}