Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java
41161 views
1
/*

2
 * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
//

25
// Security properties, once set, cannot revert to unset.  To avoid

26
// conflicts with tests running in the same VM isolate this test by

27
// running it in otherVM mode.

28
//

29


30
/**

31
 * @test

32
 *

33
 * @bug 6720721

34
 * @summary CRL check with circular depency support needed

35
 * @run main/othervm CircularCRLTwoLevelRevoked

36
 * @author Xuelei Fan

37
 */

38


39
import java.io.*;

40
import java.net.SocketException;

41
import java.util.*;

42
import java.security.Security;

43
import java.security.cert.*;

44
import java.security.cert.CertPathValidatorException.BasicReason;

45


46
public class CircularCRLTwoLevelRevoked {

47


48
    static String selfSignedCertStr =

49
        "-----BEGIN CERTIFICATE-----\n" +

50
        "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +

51
        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA0MjcwMjI0MzJaFw0zMDA0MDcwMjI0MzJa\n" +

52
        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +

53
        "AQUAA4GNADCBiQKBgQC4OTag24sTxL2tXTNuvpmUEtdxrYAZoFsslFQ60T+WD9wQ\n" +

54
        "Jeiw87FSPsR2vxRuv0j8DNm2a4h7LNNIFcLurfNldbz5pvgZ7VqdbbUMPE9qP85n\n" +

55
        "jgDl4woyRTSUeRI4A7O0CO6NpES21dtbdhroWQrEkHxpnrDPxsxrz5gf2m3gqwID\n" +

56
        "AQABo4GJMIGGMB0GA1UdDgQWBBSCJd0hpl5PdAD9IZS+Hzng4lXLGzBHBgNVHSME\n" +

57
        "QDA+gBSCJd0hpl5PdAD9IZS+Hzng4lXLG6EjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +

58
        "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" +

59
        "DQYJKoZIhvcNAQEEBQADgYEAluy6HIjWcq009lTLmhp+Np6dxU78pInBK8RZkza0\n" +

60
        "484qGaxFGD3UGyZkI5uWmsH2XuMbuox5khfIq6781gmkPBHXBIEtJN8eLusOHEye\n" +

61
        "iE8h7WI+N3qa6Pj56WionMrioqC/3X+b06o147bbhx8U0vkYv/HyPaITOFfMXTdz\n" +

62
        "Vjw=\n" +

63
        "-----END CERTIFICATE-----";

64


65
    static String subCaCertStr =

66
        "-----BEGIN CERTIFICATE-----\n" +

67
        "MIICUDCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +

68
        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA0MjcwMjI0MzRaFw0yOTAxMTIwMjI0MzRa\n" +

69
        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +

70
        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiAJnAQW2ad3ZMKUhSJVZj\n" +

71
        "8pBqxTcHSTwAVguQkDglsN/OIwUpvR5Jgp3lpRWUEt6idEp0FZzORpvtjt3pr5MG\n" +

72
        "Eg2CDptekC5BSPS+fIAIKlncB3HwOiFFhH6b3wTydDCdEd2fvsi4QMOSVrIYMeA8\n" +

73
        "P/mCz6kRhfUQPE0CMmOUewIDAQABo4GJMIGGMB0GA1UdDgQWBBT0/nNP8WpyxmYr\n" +

74
        "IBp4tN8y08jw2jBHBgNVHSMEQDA+gBSCJd0hpl5PdAD9IZS+Hzng4lXLG6EjpCEw\n" +

75
        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +

76
        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADgYEAS9PzI6B39R/U9fRj\n" +

77
        "UExzN1FXNP5awnAPtiv34kSCL6n6MryqkfG+8aaAOdZsSjmTylNFaF7cW/Xp1VBF\n" +

78
        "hq0bg/SbEAbK7+UwL8GSC3crhULHLbh+1iFdVTEwxCw5YmB8ji3BaZ/WKW/PkjCZ\n" +

79
        "7cXP6VDeZMG6oRQ4hbOcixoFPXo=\n" +

80
        "-----END CERTIFICATE-----";

81


82
    // a revoked certificate

83
    static String targetCertStr =

84
        "-----BEGIN CERTIFICATE-----\n" +

85
        "MIICNzCCAaCgAwIBAgIBBDANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" +

86
        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA0MjcwMjI0\n" +

87
        "MzhaFw0yOTAxMTIwMjI0MzhaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +

88
        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVTdXNhbjCBnzANBgkqhkiG\n" +

89
        "9w0BAQEFAAOBjQAwgYkCgYEAyPKlfep+EIIUOpZF3xtYUhAx79qEqe2RPRcH2YeR\n" +

90
        "1ogM8+AZMdcXoiuDl4CFLzQwRv1DSKUZAPdPbROLVDsUn+IGvgn2jnE7ZQEUtQQJ\n" +

91
        "+rorcasE7bo5MBPuno/0oQRi/4MZn6lX3qB13ZUHAvZH96oCF6C3Ro19LAwav1Lo\n" +

92
        "FRcCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBTCUH1tqQk96Pocr8Is\n" +

93
        "tDKMoIRQljAfBgNVHSMEGDAWgBT0/nNP8WpyxmYrIBp4tN8y08jw2jANBgkqhkiG\n" +

94
        "9w0BAQQFAAOBgQB3YXuTA+QfaImQ2aN/e27Nv5a/FMml6y6t0+pzt5hUYG2W0C2f\n" +

95
        "5Hdmf3whNCA7zE5RVDQP0iuGBPgjvrABuN98Vimv2eTV+N5aYTak0Aav/OuR5Lpi\n" +

96
        "tYhXMMg5gSmT+JDARba4CX+Ap1oAaNe9Mtv8L6FWdvBqfzzifDHWavdIWA==\n" +

97
        "-----END CERTIFICATE-----";

98


99
    static String topCrlIssuerCertStr =

100
        "-----BEGIN CERTIFICATE-----\n" +

101
        "MIICKzCCAZSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +

102
        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA0MjcwMjI0MzNaFw0yOTAxMTIwMjI0MzNa\n" +

103
        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +

104
        "AQUAA4GNADCBiQKBgQDMJeBMBybHykI/YpwUJ4O9euqDSLb1kpWpceBS8TVqvgBC\n" +

105
        "SgUJWtFZL0i6bdvF6mMdlbuBkGzhXqHiVAi96/zRLbUC9F8SMEJ6MuD+YhQ0ZFTQ\n" +

106
        "atKy8zf8O9XzztelLJ26Gqb7QPV133WY3haAqHtCXOhEKkCN16NOYNC37DTaJwID\n" +

107
        "AQABo3cwdTAdBgNVHQ4EFgQULXSWzXzUOIpOJpzbSCpW42IJUugwRwYDVR0jBEAw\n" +

108
        "PoAUgiXdIaZeT3QA/SGUvh854OJVyxuhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +

109
        "VQQKEwdFeGFtcGxlggEAMAsGA1UdDwQEAwIBAjANBgkqhkiG9w0BAQQFAAOBgQAY\n" +

110
        "eMnf5AHSNlyUlzXk8o2S0h4gCuvKX6C3kFfKuZcWvFAbx4yQOWLS2s15/nzR4+AP\n" +

111
        "FGX3lgJjROyAh7fGedTQK+NFWwkM2ag1g3hXktnlnT1qHohi0w31nVBJxXEDO/Ck\n" +

112
        "uJTpJGt8XxxbFaw5v7cHy7XuTAeU/sekvjEiNHW00Q==\n" +

113
        "-----END CERTIFICATE-----";

114


115
    static String subCrlIssuerCertStr =

116
        "-----BEGIN CERTIFICATE-----\n" +

117
        "MIICPTCCAaagAwIBAgIBBDANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +

118
        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA0MjcwMjI0MzRaFw0yOTAxMTIwMjI0MzRa\n" +

119
        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +

120
        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWUtDQx2MB/7arDiquMJyd\n" +

121
        "LWwSg6p8sg5z6wKrC1v47MT4DBhFX+0RUgTMUdQgYpgxGpczn+6y4zfV76064S0N\n" +

122
        "4L/IQ+SunTW1w4yRGjB+xkyyJmWAqijG1nr+Dgkv5nxPI+9Er5lHcoVWVMEcvvRm\n" +

123
        "6jIBQdldVlSgv+VgUnFm5wIDAQABo3cwdTAdBgNVHQ4EFgQUkV3Qqtk7gIot9n60\n" +

124
        "jX6dloxrfMEwRwYDVR0jBEAwPoAUgiXdIaZeT3QA/SGUvh854OJVyxuhI6QhMB8x\n" +

125
        "CzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMAsGA1UdDwQEAwIBAjAN\n" +

126
        "BgkqhkiG9w0BAQQFAAOBgQADu4GM8EdmIKhC7FRvk5jF90zfvZ38wbXBzCjKI4jX\n" +

127
        "QJrhne1bfyeNNm5c1w+VKidT+XzBzBGH7ZqYzoZmzRIfcbLKX2brEBKiukeeAyL3\n" +

128
        "bctQtbp19tX+uu2dQberD188AAysKTkHcJUV+rRsTwVJ9vcYKxoRxKk8DhH7ZS3M\n" +

129
        "rg==\n" +

130
        "-----END CERTIFICATE-----";

131


132
    static String topCrlStr =

133
        "-----BEGIN X509 CRL-----\n" +

134
        "MIIBGzCBhQIBATANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQMA4GA1UE\n" +

135
        "ChMHRXhhbXBsZRcNMDkwNDI3MDIzODA0WhcNMjgwNjI2MDIzODA0WjAiMCACAQUX\n" +

136
        "DTA5MDQyNzAyMzgwMFowDDAKBgNVHRUEAwoBBKAOMAwwCgYDVR0UBAMCAQIwDQYJ\n" +

137
        "KoZIhvcNAQEEBQADgYEAoarfzXEtw3ZDi4f9U8eSvRIipHSyxOrJC7HR/hM5VhmY\n" +

138
        "CErChny6x9lBVg9s57tfD/P9PSzBLusCcHwHMAbMOEcTltVVKUWZnnbumpywlYyg\n" +

139
        "oKLrE9+yCOkYUOpiRlz43/3vkEL5hjIKMcDSZnPKBZi1h16Yj2hPe9GMibNip54=\n" +

140
        "-----END X509 CRL-----";

141


142
    static String subCrlStr =

143
        "-----BEGIN X509 CRL-----\n" +

144
        "MIIBLTCBlwIBATANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQMA4GA1UE\n" +

145
        "ChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMRcNMDkwNDI3MDIzODA0WhcNMjgw\n" +

146
        "NjI2MDIzODA0WjAiMCACAQQXDTA5MDQyNzAyMzgwMVowDDAKBgNVHRUEAwoBBKAO\n" +

147
        "MAwwCgYDVR0UBAMCAQIwDQYJKoZIhvcNAQEEBQADgYEAeS+POqYEIHIIJcsLxuUr\n" +

148
        "aJFzQ/ujH0QmnyMNEL3Uavyq4VQuAahF+w6aTPb5UBzms0uX8NAvD2vNoUJvmJOX\n" +

149
        "nGKuq4Q1DFj82E7/9d25nXdWGOmFvFCRVO+St2Xe5n8CJuZNBiz388FDSIOiFSCa\n" +

150
        "ARGr6Qu68MYGtLMC6ZqP3u0=\n" +

151
        "-----END X509 CRL-----";

152


153
    private static CertPath generateCertificatePath()

154
            throws CertificateException {

155
        // generate certificate from cert strings

156
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

157


158
        ByteArrayInputStream is;

159


160
        is = new ByteArrayInputStream(targetCertStr.getBytes());

161
        Certificate targetCert = cf.generateCertificate(is);

162


163
        is = new ByteArrayInputStream(subCaCertStr.getBytes());

164
        Certificate subCaCert = cf.generateCertificate(is);

165


166
        is = new ByteArrayInputStream(selfSignedCertStr.getBytes());

167
        Certificate selfSignedCert = cf.generateCertificate(is);

168


169
        // generate certification path

170
        List<Certificate> list = Arrays.asList(new Certificate[] {

171
                        targetCert, subCaCert, selfSignedCert});

172


173
        return cf.generateCertPath(list);

174
    }

175


176
    private static Set<TrustAnchor> generateTrustAnchors()

177
            throws CertificateException {

178
        // generate certificate from cert string

179
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

180


181
        ByteArrayInputStream is =

182
                    new ByteArrayInputStream(selfSignedCertStr.getBytes());

183
        Certificate selfSignedCert = cf.generateCertificate(is);

184


185
        // generate a trust anchor

186
        TrustAnchor anchor =

187
            new TrustAnchor((X509Certificate)selfSignedCert, null);

188


189
        return Collections.singleton(anchor);

190
    }

191


192
    private static CertStore generateCertificateStore() throws Exception {

193
        Collection entries = new HashSet();

194


195
        // generate CRL from CRL string

196
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

197


198
        ByteArrayInputStream is =

199
                    new ByteArrayInputStream(topCrlStr.getBytes());

200
        Collection mixes = cf.generateCRLs(is);

201
        entries.addAll(mixes);

202


203
        is = new ByteArrayInputStream(subCrlStr.getBytes());

204
        mixes = cf.generateCRLs(is);

205
        entries.addAll(mixes);

206


207
        // intermediate certs

208
        is = new ByteArrayInputStream(topCrlIssuerCertStr.getBytes());

209
        mixes = cf.generateCertificates(is);

210
        entries.addAll(mixes);

211


212
        is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());

213
        mixes = cf.generateCertificates(is);

214
        entries.addAll(mixes);

215


216
        return CertStore.getInstance("Collection",

217
                            new CollectionCertStoreParameters(entries));

218
    }

219


220
    public static void main(String args[]) throws Exception {

221
        // MD5 is used in this test case, don't disable MD5 algorithm.

222
        Security.setProperty(

223
                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");

224


225
        CertPath path = generateCertificatePath();

226
        Set<TrustAnchor> anchors = generateTrustAnchors();

227
        CertStore crls = generateCertificateStore();

228


229
        PKIXParameters params = new PKIXParameters(anchors);

230


231
        // add the CRL store

232
        params.addCertStore(crls);

233


234
        // Activate certificate revocation checking

235
        params.setRevocationEnabled(true);

236


237
        // set the validation time

238
        params.setDate(new Date(109, 5, 1));   // 2009-05-01

239


240
        // disable OCSP checker

241
        Security.setProperty("ocsp.enable", "false");

242


243
        // enable CRL checker

244
        System.setProperty("com.sun.security.enableCRLDP", "true");

245


246
        CertPathValidator validator = CertPathValidator.getInstance("PKIX");

247


248
        try {

249
            validator.validate(path, params);

250
            throw new Exception("unexpected status, should be REVOKED");

251
        } catch (CertPathValidatorException cpve) {

252
            if (cpve.getReason() != BasicReason.REVOKED) {

253
                throw new Exception(

254
                    "unexpect exception, should be a REVOKED CPVE", cpve);

255
            }

256
        }

257
    }

258
}

259


260