Path: blob/master/test/jdk/java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java
41161 views
/*1* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 4684810 699471726* @summary Verify that RFC822 name constraints are checked correctly27*/2829import java.io.ByteArrayOutputStream;30import java.io.File;31import java.io.FileInputStream;32import java.io.InputStream;33import java.io.IOException;3435import java.security.cert.*;36import java.security.cert.PKIXReason;3738import java.util.ArrayList;39import java.util.Collections;40import java.util.Date;41import java.util.List;42import java.util.Set;4344/**45* ValidateCertPath performs a simple validation of a certification path.46* On success, it prints the CertPathValidatorResult. On failure, it47* prints the error.48*49* Synopsis:50* <pre>51* ValidateCertPath trustAnchor [certFile ...]52* where each argument is the path to a file that contains a53* certificate. Each certificate should have an issuer equal to54* the subject of the preceding certificate.55*</pre>56*57* @author Steve Hanna58*/59public final class ValidateCertPath {6061private final static String BASE = System.getProperty("test.src", "./");6263private static CertPath path;64private static PKIXParameters params;6566public static void main(String[] args) throws Exception {6768try {69parseArgs(args);70validate(path, params);71throw new Exception("Successfully validated invalid path.");72} catch (CertPathValidatorException e) {73if (e.getReason() != PKIXReason.INVALID_NAME) {74throw new Exception("unexpected reason: " + e.getReason());75}76System.out.println("Path rejected as expected: " + e);77}78}7980/**81* Parse the command line arguments. Populate the static82* class fields based on the values of the arugments. In83* case of bad arguments, print usage and exit. In case of84* other error, throw an exception.85*86* @param args command line arguments87* @throws Exception on error88*/89public static void parseArgs(String[] args) throws Exception {90args = new String[] {"jane2jane.cer", "jane2steve.cer", "steve2tom.cer"};9192TrustAnchor anchor = new TrustAnchor(getCertFromFile(args[0]), null);93List<X509Certificate> list = new ArrayList<X509Certificate>();94for (int i = 1; i < args.length; i++) {95list.add(0, getCertFromFile(args[i]));96}97CertificateFactory cf = CertificateFactory.getInstance("X509");98path = cf.generateCertPath(list);99100Set<TrustAnchor> anchors = Collections.singleton(anchor);101params = new PKIXParameters(anchors);102params.setRevocationEnabled(false);103// The certificates expired on 10/22/10, so set the validity date to104// 05/01/2009 to avoid expiration failures105params.setDate(new Date(1243828800000l));106}107108/*109* Reads the entire input stream into a byte array.110*/111private static byte[] getTotalBytes(InputStream is) throws IOException {112byte[] buffer = new byte[8192];113ByteArrayOutputStream baos = new ByteArrayOutputStream(2048);114int n;115baos.reset();116while ((n = is.read(buffer, 0, buffer.length)) != -1) {117baos.write(buffer, 0, n);118}119return baos.toByteArray();120}121122/**123* Get a DER-encoded X.509 certificate from a file.124*125* @param certFilePath path to file containing DER-encoded certificate126* @return X509Certificate127* @throws IOException on error128*/129public static X509Certificate getCertFromFile(String certFilePath)130throws IOException {131X509Certificate cert = null;132try {133File certFile = new File(BASE, certFilePath);134if (!certFile.canRead())135throw new IOException("File " +136certFile.toString() +137" is not a readable file.");138FileInputStream certFileInputStream =139new FileInputStream(certFile);140CertificateFactory cf = CertificateFactory.getInstance("X509");141cert = (X509Certificate)142cf.generateCertificate(certFileInputStream);143} catch (Exception e) {144e.printStackTrace();145throw new IOException("Can't construct X509Certificate: " +146e.getMessage());147}148return cert;149}150151/**152* Perform a PKIX validation. On success, print the153* CertPathValidatorResult on System.out. On failure,154* throw an exception.155*156* @param path CertPath to validate157* @param params PKIXParameters to use in validation158* @throws Exception on error159*/160public static void validate(CertPath path, PKIXParameters params)161throws Exception {162CertPathValidator validator =163CertPathValidator.getInstance("PKIX");164CertPathValidatorResult cpvr = validator.validate(path, params);165System.out.println("ValidateCertPath successful.");166}167}168169170