Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/java/security/cert/PKIXRevocationChecker/OcspUnauthorized.java
41153 views
1
/*

2
 * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
/**

25
 * @test

26
 * @bug 8023362

27
 * @run main/othervm OcspUnauthorized

28
 * @summary Make sure Ocsp UNAUTHORIZED response is treated as failure when

29
 *          SOFT_FAIL option is set

30
 */

31


32
import java.io.ByteArrayInputStream;

33
import java.security.Security;

34
import java.security.cert.CertPathValidatorException.BasicReason;

35
import java.security.cert.*;

36
import java.security.cert.PKIXRevocationChecker.Option;

37
import java.util.Base64;

38
import java.util.Collections;

39
import java.util.EnumSet;

40


41
public class OcspUnauthorized {

42


43
    private final static String OCSP_RESPONSE = "MAMKAQY=";

44


45
    private final static String EE_CERT =

46
        "MIICADCCAWmgAwIBAgIEOvxUmjANBgkqhkiG9w0BAQQFADAqMQswCQYDVQQGEwJ1czE" +

47
        "MMAoGA1UEChMDc3VuMQ0wCwYDVQQLEwRsYWJzMB4XDTAxMDUxNDIwNDQyMVoXDTI4MD" +

48
        "kyOTIwNDQyMVowOTELMAkGA1UEBhMCdXMxDDAKBgNVBAoTA3N1bjENMAsGA1UECxMEb" +

49
        "GFiczENMAsGA1UECxMEaXNyZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4MmP" +

50
        "GDriFJ+OhDlTuLpHzPy0nawDKyIYUJPZmU9M/pCAUbZewAOyAXGPYVU1og2ZiO9tWBi" +

51
        "ZBeJGoFHEkkhfeqSVb2PsRckiXvPZ3AiSVmdX0uD/a963abmhRMYB1gDO2+jBe3F/DU" +

52
        "pHwpyThchy8tYUMh7Gr7+m/8FwZbdbSpMCAwEAAaMkMCIwDwYDVR0PAQH/BAUDAwekA" +

53
        "DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAME3fmXvES0FVDXSD1iC" +

54
        "TJLf86kUy3H+uMG7h5pOQmcfF1o9PVWlNByVf4r2b4GRgftPQ3Ao0SAvq1aSkW7YpkN" +

55
        "pcartYqNk2E5brPajOC0v+Pkxf/g/pkRTT6Zp+9erGQF4Ta62q0iwOyc3FovSbh0Ph2" +

56
        "WidZRP4qUG5I6JmGkI";

57


58
    private final static String TRUST_ANCHOR =

59
        "MIICIzCCAYygAwIBAgIEOvxT7DANBgkqhkiG9w0BAQQFADAbMQswCQYDVQQGEwJ1czE" +

60
        "MMAoGA1UEChMDc3VuMB4XDTAxMDUxNDIxMDQyOVoXDTI4MDkyOTIxMDQyOVowKjELMA" +

61
        "kGA1UEBhMCdXMxDDAKBgNVBAoTA3N1bjENMAsGA1UECxMEbGFiczCBnzANBgkqhkiG9" +

62
        "w0BAQEFAAOBjQAwgYkCgYEA0/16V87rhznCM0y7IqyGcfQBentG+PglA+1hiqCuQY/A" +

63
        "jFiDKr5N+LpcfU28P41E4M+DSDrMIEe4JchRcXeJY6aIVhpOveVV9mgtBaEKlsScrIJ" +

64
        "zmVqM07PG9JENg2FibECnB5TNUSfVbFKfvtAqaZ7Pc971oZVoIePBWnfKV9kCAwEAAa" +

65
        "NlMGMwPwYDVR0eAQH/BDUwM6AxMC+kKjELMAkGA1UEBhMCdXMxDDAKBgNVBAoTA3N1b" +

66
        "jENMAsGA1UECxMEbGFic4ABAzAPBgNVHQ8BAf8EBQMDB6QAMA8GA1UdEwEB/wQFMAMB" +

67
        "Af8wDQYJKoZIhvcNAQEEBQADgYEAfJ5HWd7K5PmX0+Vbsux4SYhoaejDwwgS43BRNa+" +

68
        "AmFq9LIZ+ZcjBMVte8Y3sJF+nz9+1qBaUhNhbaECCqsgmWSwvI+0kUzJXL89k9AdQ8m" +

69
        "AYf6CB6+kaZQBgrdSdqSGz3tCVa2MIK8wmb0ROM40oJ7vt3qSwgFi3UTltxkFfwQ0=";

70


71
    private static CertificateFactory cf;

72
    private static Base64.Decoder base64Decoder = Base64.getDecoder();

73


74
    public static void main(String[] args) throws Exception {

75
        // EE_CERT is signed with MD5withRSA

76
        Security.setProperty("jdk.certpath.disabledAlgorithms", "");

77
        cf = CertificateFactory.getInstance("X.509");

78
        X509Certificate taCert = getX509Cert(TRUST_ANCHOR);

79
        X509Certificate eeCert = getX509Cert(EE_CERT);

80
        CertPath cp = cf.generateCertPath(Collections.singletonList(eeCert));

81


82
        CertPathValidator cpv = CertPathValidator.getInstance("PKIX");

83
        PKIXRevocationChecker prc =

84
            (PKIXRevocationChecker)cpv.getRevocationChecker();

85
        prc.setOptions(EnumSet.of(Option.SOFT_FAIL, Option.NO_FALLBACK));

86
        byte[] response = base64Decoder.decode(OCSP_RESPONSE);

87


88
        prc.setOcspResponses(Collections.singletonMap(eeCert, response));

89


90
        TrustAnchor ta = new TrustAnchor(taCert, null);

91
        PKIXParameters params = new PKIXParameters(Collections.singleton(ta));

92


93
        params.addCertPathChecker(prc);

94


95
        try {

96
            cpv.validate(cp, params);

97
            throw new Exception("FAILED: expected CertPathValidatorException");

98
        } catch (CertPathValidatorException cpve) {

99
            cpve.printStackTrace();

100
            if (cpve.getReason() != BasicReason.UNSPECIFIED &&

101
                !cpve.getMessage().contains("OCSP response error: UNAUTHORIZED")) {

102
                throw new Exception("FAILED: unexpected " +

103
                                    "CertPathValidatorException reason");

104
            }

105
        }

106
    }

107


108
    private static X509Certificate getX509Cert(String enc) throws Exception {

109
        byte[] bytes = base64Decoder.decode(enc);

110
        ByteArrayInputStream is = new ByteArrayInputStream(bytes);

111
        return (X509Certificate)cf.generateCertificate(is);

112
    }

113
}

114


115