1
/*
2
 * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24

25
/**
26
 * @test
27
 * @bug 8021804
28
 * @summary CertPath should validate even if the validity period of the
29
 *          root cert does not include the validity period of a subordinate
30
 *          cert.
31
 */
32

33
import java.io.ByteArrayInputStream;
34
import java.security.cert.*;
35
import java.util.ArrayList;
36
import java.util.Date;
37
import java.util.HashSet;
38
import java.util.Set;
39

40
public class Validity {
41

42
    /*
43
     * Subject: OU=TestOrg, CN=TestCA
44
     * Issuer: OU=TestOrg, CN=TestCA
45
     * Validity
46
     *     Not Before: Feb 26 21:33:55 2014 GMT
47
           Not After : Feb 26 21:33:55 2024 GMT
48
     * Version 1
49
     */
50
    static String CACertStr =
51
        "-----BEGIN CERTIFICATE-----\n" +
52
        "MIIBvTCCASYCCQCQRiTo4lBCFjANBgkqhkiG9w0BAQUFADAjMRAwDgYDVQQLDAdU\n" +
53
        "ZXN0T3JnMQ8wDQYDVQQDDAZUZXN0Q0EwHhcNMTQwMjI2MjEzMzU1WhcNMjQwMjI2\n" +
54
        "MjEzMzU1WjAjMRAwDgYDVQQLDAdUZXN0T3JnMQ8wDQYDVQQDDAZUZXN0Q0EwgZ8w\n" +
55
        "DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOtKS4ZrsM3ansd61ZxitcrN0w184I+A\n" +
56
        "z0kyrSP1eMtlam+cC2U91NpTz11FYV4XUfBhqqxaXW043AWTUer8pS90Pt4sCrUX\n" +
57
        "COx1+QA1M3ZhbZ4sTM7XQ90JbGaBJ/sEza9mlQP7hQ2yQO/hATKbP6J5qvgG2sT2\n" +
58
        "S2WYjEgwNwmFAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAQ/CXEpnx2WY4LJtv4jwE\n" +
59
        "4jIVirur3pdzV5oBhPyqqHMsyhQBkukCfX7uD7L5wN1+xuM81DfANpIxlnUfybp5\n" +
60
        "CpjcmktLpmyK4kJ6XnSd2blbLOIpsr9x6FqxPxpVDlyw/ySHYrIG/GZdsLHgmzGn\n" +
61
        "B06jeYzH8OLf879VxAxSsPc=\n" +
62
        "-----END CERTIFICATE-----";
63

64
    /*
65
     * Subject: OU=TestOrg, CN=TestEE0
66
     * Issuer: OU=TestOrg, CN=TestCA
67
     * Validity
68
     *     Not Before: Feb 26 22:55:12 2014 GMT
69
     *     Not After : Feb 25 22:55:12 2025 GMT
70
     * Version 1
71
     */
72
    static String EECertStr =
73
        "-----BEGIN CERTIFICATE-----\n" +
74
        "MIIBtjCCAR8CAQQwDQYJKoZIhvcNAQEFBQAwIzEQMA4GA1UECwwHVGVzdE9yZzEP\n" +
75
        "MA0GA1UEAwwGVGVzdENBMB4XDTE0MDIyNjIyNTUxMloXDTI1MDIyNTIyNTUxMlow\n" +
76
        "JDEQMA4GA1UECwwHVGVzdE9yZzEQMA4GA1UEAwwHVGVzdEVFMDCBnzANBgkqhkiG\n" +
77
        "9w0BAQEFAAOBjQAwgYkCgYEAt8xz9W3ruCTHjSOtTX6cxsUZ0nRP6EavEfzgcOYh\n" +
78
        "CXGA0gr+viSHq3c2vQBxiRny2hm5rLcqpPo+2OxZtw/ajxfyrV6d/r8YyQLBvyl3\n" +
79
        "xdCZdOkG1DCM1oFAQDaSRt9wN5Zm5kyg7uMig5Y4L45fP9Yee4x6Xyh36qYbsR89\n" +
80
        "rFMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQDZrPqSo08va1m9TOWOztTuWilGdjK/\n" +
81
        "2Ed2WXg8utIpy6uAV+NaOYtHQ7ULQBVRNmwg9nKghbVbh+E/xpoihjl1x7OXass4\n" +
82
        "TbwXA5GKFIFpNtDvATQ/QQZoCuCzw1FW/mH0Q7UEQ/9/iJdDad6ebkapeMwtj/8B\n" +
83
        "s2IZV7s85CEOXw==\n" +
84
        "-----END CERTIFICATE-----";
85

86
    public static void main(String[] args) throws Exception {
87

88
        String[] certStrs = {EECertStr};
89
        String[] trustedCertStrs = {CACertStr};
90
        runTest(certStrs, trustedCertStrs);
91

92
        System.out.println("Test passed.");
93
    }
94

95
    private static void runTest(String[] certStrs,
96
                                String[] trustedCertStrs)
97
            throws Exception {
98

99
        CertificateFactory cf = CertificateFactory.getInstance("X509");
100

101
        // Generate the CertPath from the certs named in certStrs
102
        ArrayList<X509Certificate> certs = new ArrayList<>();
103
        for (String certStr : certStrs) {
104
            certs.add(generateCert(certStr, cf));
105
        }
106
        CertPath cp = cf.generateCertPath(certs);
107

108
        // Generate the set of Trust Anchors from the certs named in
109
        // trustedCertStrs
110
        Set<TrustAnchor> trustAnchors = new HashSet<>();
111
        for (String trustedCertStr : trustedCertStrs) {
112
            TrustAnchor ta = new TrustAnchor(generateCert(trustedCertStr, cf),
113
                                             null);
114
            trustAnchors.add(ta);
115
        }
116
        PKIXParameters params = new PKIXParameters(trustAnchors);
117
        params.setDate(new Date(114, 3, 1));   // 2014-03-01
118
        params.setRevocationEnabled(false);
119

120
        // Attempt to validate the CertPath. If no exception thrown, successful.
121
        CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
122
        cpv.validate(cp, params);
123
        System.out.println("CertPath validation successful.");
124
    }
125

126
    private static X509Certificate generateCert(String certStr,
127
                                                CertificateFactory cf)
128
            throws Exception {
129
        ByteArrayInputStream stream
130
                = new ByteArrayInputStream(certStr.getBytes());
131
        return (X509Certificate) cf.generateCertificate(stream);
132

133
    }
134
}
135

136