0N/A/*
2362N/A * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A/**
0N/A * @test
0N/A * @bug 5072953
0N/A * @summary Verify that the URL for an OCSP responder can be extracted from a
0N/A * certificate's AuthorityInfoAccess extension when OCSP certifiate
0N/A * validation has been enabled.
0N/A */
0N/A
0N/Aimport java.io.*;
0N/Aimport java.net.SocketException;
0N/Aimport java.util.*;
0N/Aimport java.security.Security;
0N/Aimport java.security.cert.*;
0N/A
0N/Apublic class AIACheck {
0N/A
0N/A private final static File baseDir =
0N/A new File(System.getProperty("test.src", "."));
0N/A
0N/A private static X509Certificate loadCertificate(String name)
0N/A throws Exception
0N/A {
0N/A File certFile = new File(baseDir, name);
0N/A InputStream in = new FileInputStream(certFile);
0N/A CertificateFactory cf = CertificateFactory.getInstance("X.509");
0N/A X509Certificate cert = (X509Certificate)cf.generateCertificate(in);
0N/A return cert;
0N/A }
0N/A
0N/A public static void main(String args[]) throws Exception {
0N/A X509Certificate aiaCert = loadCertificate("AIACert.pem");
0N/A X509Certificate rootCert = loadCertificate("RootCert.pem");
0N/A
0N/A List<X509Certificate> list =
0N/A //Arrays.asList(new X509Certificate[] {aiaCert, rootCert});
0N/A Arrays.asList(new X509Certificate[] {aiaCert});
0N/A CertificateFactory cf = CertificateFactory.getInstance("X.509");
0N/A CertPath path = cf.generateCertPath(list);
0N/A
0N/A TrustAnchor anchor = new TrustAnchor(rootCert, null);
0N/A Set<TrustAnchor> anchors = Collections.singleton(anchor);
0N/A
0N/A PKIXParameters params = new PKIXParameters(anchors);
0N/A // Activate certificate revocation checking
0N/A params.setRevocationEnabled(true);
0N/A
0N/A // Activate OCSP
0N/A Security.setProperty("ocsp.enable", "true");
0N/A
0N/A // Ensure that the ocsp.responderURL property is not set.
0N/A if (Security.getProperty("ocsp.responderURL") != null) {
0N/A throw new
0N/A Exception("The ocsp.responderURL property must not be set");
0N/A }
0N/A
0N/A CertPathValidator validator = CertPathValidator.getInstance("PKIX");
0N/A
0N/A try {
0N/A validator.validate(path, params);
0N/A throw new Exception("Successfully validated an invalid path");
0N/A
0N/A } catch (CertPathValidatorException e ) {
0N/A if (! (e.getCause() instanceof SocketException)) {
0N/A throw e;
0N/A }
0N/A
0N/A // Success - client located OCSP responder in AIA extension
0N/A // and attempted to connect.
0N/A System.out.println("Extracted the URL of the OCSP responder from " +
0N/A "the certificate's AuthorityInfoAccess extension.");
0N/A }
0N/A }
0N/A}