Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/sun/security/x509/X509CertImpl/V3Certificate.java
41153 views
1
/*

2
 * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
/*

25
 * @test

26
 * @bug 8049237 8242151

27
 * @modules java.base/sun.security.x509

28
 *          java.base/sun.security.util

29
 *          jdk.crypto.ec

30
 * @summary This test generates V3 certificate with all the supported

31
 * extensions. Writes back the generated certificate in to a file and checks for

32
 * equality with the original certificate.

33
 */

34


35
import java.io.File;

36
import java.io.FileInputStream;

37
import java.io.FileOutputStream;

38
import java.io.IOException;

39
import java.io.InputStream;

40
import java.io.OutputStream;

41
import java.io.PrintWriter;

42
import java.security.InvalidKeyException;

43
import java.security.KeyPair;

44
import java.security.KeyPairGenerator;

45
import java.security.MessageDigest;

46
import java.security.NoSuchAlgorithmException;

47
import java.security.NoSuchProviderException;

48
import java.security.PrivateKey;

49
import java.security.PublicKey;

50
import java.security.Signature;

51
import java.security.SignatureException;

52
import java.security.cert.CertificateException;

53
import java.security.cert.CertificateFactory;

54
import java.security.cert.X509Certificate;

55
import java.util.Base64;

56
import java.util.Calendar;

57
import java.util.Date;

58
import java.util.TimeZone;

59
import sun.security.util.BitArray;

60
import sun.security.util.ObjectIdentifier;

61
import sun.security.x509.*;

62


63
import static java.lang.System.out;

64


65
public class V3Certificate {

66


67
    public static final String V3_FILE = "certV3";

68
    public static final String V3_B64_FILE = "certV3.b64";

69


70
    public static void main(String[] args) throws IOException,

71
            NoSuchAlgorithmException, InvalidKeyException, CertificateException,

72
            NoSuchProviderException, SignatureException {

73


74
        boolean success = true;

75


76
        success &= test("RSA", "SHA256withRSA", 2048);

77
        success &= test("DSA", "SHA256withDSA", 2048);

78
        success &= test("EC", "SHA256withECDSA", 384);

79


80
        if (!success) {

81
            throw new RuntimeException("At least one test case failed");

82
        }

83
    }

84


85
    public static boolean test(String algorithm, String sigAlg, int keyLength)

86
            throws IOException,

87
            NoSuchAlgorithmException,

88
            InvalidKeyException,

89
            CertificateException,

90
            NoSuchProviderException,

91
            SignatureException {

92


93
        byte[] issuerId = {1, 2, 3, 4, 5};

94
        byte[] subjectId = {6, 7, 8, 9, 10};

95
        boolean testResult = true;

96


97
        // Subject and Issuer

98
        X500Name subject = new X500Name("test", "Oracle", "Santa Clara",

99
                "US");

100
        X500Name issuer = subject;

101


102
        // Generate keys and sign

103
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);

104
        keyGen.initialize(keyLength);

105
        KeyPair pair = keyGen.generateKeyPair();

106
        PublicKey publicKey = pair.getPublic();

107
        PrivateKey privateKey = pair.getPrivate();

108
        MessageDigest md = MessageDigest.getInstance("SHA");

109
        byte[] keyId = md.digest(publicKey.getEncoded());

110


111
        Signature signature = Signature.getInstance(sigAlg);

112
        signature.initSign(privateKey);

113


114
        // Validity interval

115
        Date firstDate = new Date();

116
        Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("PST"));

117
        cal.set(2014, 03, 10, 12, 30, 30);

118
        Date lastDate = cal.getTime();

119
        CertificateValidity interval = new CertificateValidity(firstDate,

120
                lastDate);

121


122
        // Certificate Info

123
        X509CertInfo cert = new X509CertInfo();

124


125
        cert.set(X509CertInfo.VERSION,

126
                new CertificateVersion(CertificateVersion.V3));

127
        cert.set(X509CertInfo.SERIAL_NUMBER,

128
                new CertificateSerialNumber((int) (firstDate.getTime() / 1000)));

129
        cert.set(X509CertInfo.ALGORITHM_ID,

130
                new CertificateAlgorithmId(AlgorithmId.get(sigAlg)));

131
        cert.set(X509CertInfo.SUBJECT, subject);

132
        cert.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));

133
        cert.set(X509CertInfo.VALIDITY, interval);

134
        cert.set(X509CertInfo.ISSUER, issuer);

135


136
        cert.set(X509CertInfo.ISSUER_ID,

137
                new UniqueIdentity(

138
                        new BitArray(issuerId.length * 8 - 2, issuerId)));

139
        cert.set(X509CertInfo.SUBJECT_ID, new UniqueIdentity(subjectId));

140


141
        // Create Extensions

142
        CertificateExtensions exts = new CertificateExtensions();

143


144
        GeneralNameInterface mailInf = new RFC822Name("[email protected]");

145
        GeneralName mail = new GeneralName(mailInf);

146
        GeneralNameInterface dnsInf = new DNSName("Oracle.com");

147
        GeneralName dns = new GeneralName(dnsInf);

148
        GeneralNameInterface uriInf = new URIName("http://www.Oracle.com");

149
        GeneralName uri = new GeneralName(uriInf);

150


151
        // localhost

152
        byte[] address = new byte[]{127, 0, 0, 1};

153


154
        GeneralNameInterface ipInf = new IPAddressName(address);

155
        GeneralName ip = new GeneralName(ipInf);

156


157
        GeneralNameInterface oidInf =

158
                new OIDName(ObjectIdentifier.of("1.2.3.4"));

159
        GeneralName oid = new GeneralName(oidInf);

160


161
        SubjectAlternativeNameExtension subjectName

162
                = new SubjectAlternativeNameExtension();

163
        IssuerAlternativeNameExtension issuerName

164
                = new IssuerAlternativeNameExtension();

165


166
        GeneralNames subjectNames

167
                = (GeneralNames) subjectName.

168
                get(SubjectAlternativeNameExtension.SUBJECT_NAME);

169


170
        GeneralNames issuerNames

171
                = (GeneralNames) issuerName.

172
                get(IssuerAlternativeNameExtension.ISSUER_NAME);

173


174
        subjectNames.add(mail);

175
        subjectNames.add(dns);

176
        subjectNames.add(uri);

177


178
        issuerNames.add(ip);

179
        issuerNames.add(oid);

180


181
        cal.set(2000, 11, 15, 12, 30, 30);

182
        lastDate = cal.getTime();

183
        PrivateKeyUsageExtension pkusage

184
                = new PrivateKeyUsageExtension(firstDate, lastDate);

185


186
        KeyUsageExtension usage = new KeyUsageExtension();

187
        usage.set(KeyUsageExtension.CRL_SIGN, true);

188
        usage.set(KeyUsageExtension.DIGITAL_SIGNATURE, true);

189
        usage.set(KeyUsageExtension.NON_REPUDIATION, true);

190


191
        KeyIdentifier kid = new KeyIdentifier(keyId);

192
        SerialNumber sn = new SerialNumber(42);

193
        AuthorityKeyIdentifierExtension aki

194
                = new AuthorityKeyIdentifierExtension(kid, subjectNames, sn);

195


196
        SubjectKeyIdentifierExtension ski

197
                = new SubjectKeyIdentifierExtension(keyId);

198


199
        BasicConstraintsExtension cons

200
                = new BasicConstraintsExtension(true, 10);

201


202
        PolicyConstraintsExtension pce = new PolicyConstraintsExtension(2, 4);

203


204
        exts.set(SubjectAlternativeNameExtension.NAME, subjectName);

205
        exts.set(IssuerAlternativeNameExtension.NAME, issuerName);

206
        exts.set(PrivateKeyUsageExtension.NAME, pkusage);

207
        exts.set(KeyUsageExtension.NAME, usage);

208
        exts.set(AuthorityKeyIdentifierExtension.NAME, aki);

209
        exts.set(SubjectKeyIdentifierExtension.NAME, ski);

210
        exts.set(BasicConstraintsExtension.NAME, cons);

211
        exts.set(PolicyConstraintsExtension.NAME, pce);

212
        cert.set(X509CertInfo.EXTENSIONS, exts);

213


214
        // Generate and sign X509CertImpl

215
        X509CertImpl crt = new X509CertImpl(cert);

216
        crt.sign(privateKey, sigAlg);

217
        crt.verify(publicKey);

218


219
        try (FileOutputStream fos = new FileOutputStream(new File(V3_FILE));

220
                FileOutputStream fos_b64

221
                = new FileOutputStream(new File(V3_B64_FILE));

222
                PrintWriter pw = new PrintWriter(fos_b64)) {

223
            crt.encode((OutputStream) fos);

224
            fos.flush();

225


226
            // Certificate boundaries/

227
            pw.println("-----BEGIN CERTIFICATE-----");

228
            pw.flush();

229
            fos_b64.write(Base64.getMimeEncoder().encode(crt.getEncoded()));

230
            fos_b64.flush();

231
            pw.println("-----END CERTIFICATE-----");

232
        }

233


234
        out.println("*** Certificate ***");

235
        out.println(crt);

236
        out.println("*** End Certificate ***");

237


238
        X509Certificate x2 = generateCertificate(V3_FILE);

239
        if (!x2.equals(crt)) {

240
            out.println("*** Certificate mismatch ***");

241
            testResult = false;

242
        }

243


244
        X509Certificate x3 = generateCertificate(V3_B64_FILE);

245
        if (!x3.equals(crt)) {

246
            out.println("*** Certificate mismatch ***");

247
            testResult = false;

248
        }

249


250
        return testResult;

251
    }

252


253
    static X509Certificate generateCertificate(String certFile) {

254
        try (InputStream inStrm = new FileInputStream(certFile)) {

255
            CertificateFactory cf = CertificateFactory.getInstance("X509");

256
            X509Certificate x2

257
                    = (X509Certificate) cf.generateCertificate(inStrm);

258
            return x2;

259
        } catch (CertificateException | IOException e) {

260
            throw new RuntimeException("Exception while "

261
                    + "genrating certificate for " + certFile, e);

262
        }

263
    }

264
}

265


266