CertPathValidator/targetConstraints/ValidateTargetConstraints.java

0N/A/*
2362N/A * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A/**
0N/A * @test
0N/A * @bug 4459538
0N/A * @summary make sure that target constraints are processed correctly
0N/A *      by a PKIX CertPathValidator
0N/A */
0N/A
0N/Aimport java.io.File;
0N/Aimport java.io.FileInputStream;
0N/Aimport java.io.IOException;
0N/A
0N/Aimport java.math.BigInteger;
0N/A
0N/Aimport java.security.cert.CertificateFactory;
0N/Aimport java.security.cert.CertPath;
0N/Aimport java.security.cert.CertPathValidator;
0N/Aimport java.security.cert.CertPathValidatorException;
0N/Aimport java.security.cert.CertPathValidatorResult;
0N/Aimport java.security.cert.PKIXParameters;
0N/Aimport java.security.cert.TrustAnchor;
0N/Aimport java.security.cert.X509Certificate;
0N/Aimport java.security.cert.X509CertSelector;
0N/A
0N/Aimport java.util.ArrayList;
0N/Aimport java.util.Collections;
0N/Aimport java.util.List;
0N/Aimport java.util.Set;
0N/A
0N/A/**
0N/A * ValidateTargetConstraints performs a simple validation of a certification
0N/A * path, but adds a requirement that the serial number of the last
0N/A * certificate match an arbitrarily chosen number. This should cause the
0N/A * validation to fail.
0N/A *
0N/A * @author      Steve Hanna
0N/A * @author      Sean Mullan
0N/A */
0N/Apublic final class ValidateTargetConstraints {
0N/A
0N/A    private static CertPath path;
0N/A    private static PKIXParameters params;
0N/A
0N/A    public static void main(String[] args) throws Exception {
0N/A
0N/A        String[] certs = { "sun.cer", "sun2labs1.cer" };
0N/A
0N/A        try {
0N/A            createPath(certs);
0N/A            validate(path, params);
0N/A            throw new Exception
0N/A                ("CertPath should not have been validated succesfully");
0N/A        } catch (CertPathValidatorException cpve) {
0N/A            System.out.println("Test failed as expected: " + cpve);
0N/A        }
0N/A    }
0N/A
0N/A    public static void createPath(String[] certs) throws Exception {
0N/A        TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
0N/A        List list = new ArrayList();
0N/A        for (int i = 1; i < certs.length; i++) {
0N/A            list.add(0, getCertFromFile(certs[i]));
0N/A        }
0N/A        CertificateFactory cf = CertificateFactory.getInstance("X509");
0N/A        path = cf.generateCertPath(list);
0N/A
0N/A        Set anchors = Collections.singleton(anchor);
0N/A        params = new PKIXParameters(anchors);
0N/A        params.setRevocationEnabled(false);
0N/A        X509CertSelector sel = new X509CertSelector();
0N/A        sel.setSerialNumber(new BigInteger("1427"));
0N/A        params.setTargetCertConstraints(sel);
0N/A    }
0N/A
0N/A    /**
0N/A     * Get a DER-encoded X.509 certificate from a file.
0N/A     *
0N/A     * @param certFilePath path to file containing DER-encoded certificate
0N/A     * @return X509Certificate
0N/A     * @throws IOException on error
0N/A     */
0N/A    public static X509Certificate getCertFromFile(String certFilePath)
0N/A        throws IOException {
0N/A            X509Certificate cert = null;
0N/A            try {
0N/A                File certFile = new File(System.getProperty("test.src", "."),
0N/A                    certFilePath);
0N/A                FileInputStream certFileInputStream =
0N/A                    new FileInputStream(certFile);
0N/A                CertificateFactory cf = CertificateFactory.getInstance("X509");
0N/A                cert = (X509Certificate)
0N/A                    cf.generateCertificate(certFileInputStream);
0N/A            } catch (Exception e) {
0N/A                e.printStackTrace();
0N/A                throw new IOException("Can't construct X509Certificate: " +
0N/A                                      e.getMessage());
0N/A            }
0N/A            return cert;
0N/A    }
0N/A
0N/A    /**
0N/A     * Perform a PKIX validation.
0N/A     *
0N/A     * @param path CertPath to validate
0N/A     * @param params PKIXParameters to use in validation
0N/A     * @throws Exception on error
0N/A     */
0N/A    public static void validate(CertPath path, PKIXParameters params)
0N/A        throws Exception {
0N/A        CertPathValidator validator =
0N/A            CertPathValidator.getInstance("PKIX");
0N/A        CertPathValidatorResult cpvr = validator.validate(path, params);
0N/A    }
0N/A}