Path: blob/master/test/jdk/sun/security/x509/X509CRLImpl/OrderAndDup.java
41153 views
/*1* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 714387226* @summary Improve certificate extension processing27* @modules java.base/sun.security.util28* java.base/sun.security.x50929*/30import java.io.ByteArrayInputStream;31import java.math.BigInteger;32import java.security.KeyPairGenerator;33import java.security.cert.CertificateFactory;34import java.security.cert.X509CRLEntry;35import java.util.Date;36import sun.security.util.DerInputStream;37import sun.security.util.DerValue;38import sun.security.x509.*;3940public class OrderAndDup {41public static void main(String[] args) throws Exception {4243// Generate 20 serial numbers with dup and a special order44int count = 20;45BigInteger[] serials = new BigInteger[count];46for (int i=0; i<count; i++) {47serials[i] = BigInteger.valueOf(i*7%10);48}4950// Generates a CRL51X509CRLEntry[] badCerts = new X509CRLEntry[count];52for (int i=0; i<count; i++) {53badCerts[i] = new X509CRLEntryImpl(serials[i],54new Date(System.currentTimeMillis()+i*1000));55}56X500Name owner = new X500Name("CN=CA");57X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);58KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");59crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");60byte[] data = crl.getEncodedInternal();6162// Check the encoding63checkData(crl, data, serials);6465// Load a CRL from raw data66CertificateFactory cf = CertificateFactory.getInstance("X.509");67X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));6869// Check the encoding again70data = crl2.getEncodedInternal();71checkData(crl2, data, serials);72}7374// Check the raw data's ASN.1 structure to see if the revoked certs75// have the same number and correct order as inserted76static void checkData(X509CRLImpl c, byte[] data, BigInteger[] expected)77throws Exception {78if (c.getRevokedCertificates().size() != expected.length) {79throw new Exception("Wrong count in CRL object, now " +80c.getRevokedCertificates().size());81}82DerValue d1 = new DerValue(data);83// revokedCertificates at 5th place of TBSCertList84DerValue[] d2 = new DerInputStream(85d1.data.getSequence(0)[4].toByteArray())86.getSequence(0);87if (d2.length != expected.length) {88throw new Exception("Wrong count in raw data, now " + d2.length);89}90for (int i=0; i<d2.length; i++) {91// Serial is first in revokedCertificates entry92BigInteger bi = d2[i].data.getBigInteger();93if (!bi.equals(expected[i])) {94throw new Exception("Entry at #" + i + " is " + bi95+ ", should be " + expected[i]);96}97}98}99}100101102103