1 /* 2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 package jdk.test.lib.security; 25 26 import java.io.ByteArrayInputStream; 27 import java.security.cert.CertPath; 28 import java.security.cert.CertPathValidator; 29 import java.security.cert.CertificateException; 30 import java.security.cert.CertificateFactory; 31 import java.security.cert.PKIXParameters; 32 import java.security.cert.TrustAnchor; 33 import java.security.cert.X509Certificate; 34 import java.util.Collections; 35 import java.util.Date; 36 import java.util.List; 37 38 // Certificates taken from old ValWithAnchorByName testcase *** 39 public enum TestCertificate { 40 // Subject: CN=SSLCertificate, O=SomeCompany 41 // Issuer: CN=Intermediate CA Cert, O=SomeCompany 42 // Validity: Tue Aug 30 14:37:19 PDT 2016 to Wed Aug 30 14:37:19 PDT 2017 43 ONE("1000", 44 "CN=SSLCertificate, O=SomeCompany", 45 "CN=Intermediate CA Cert, O=SomeCompany", 46 -1063259762, 47 "-----BEGIN CERTIFICATE-----\n" + 48 "MIIDnTCCAoWgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwNTEUMBIGA1UEChMLU29t\n" + 49 "ZUNvbXBhbnkxHTAbBgNVBAMTFEludGVybWVkaWF0ZSBDQSBDZXJ0MB4XDTE2MDgz\n" + 50 "MDIxMzcxOVoXDTE3MDgzMDIxMzcxOVowLzEUMBIGA1UEChMLU29tZUNvbXBhbnkx\n" + 51 "FzAVBgNVBAMTDlNTTENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\n" + 52 "MIIBCgKCAQEAjgv8KKE4CO0rbCjRLA1hXjRiSq30jeusCJ8frbRG+QOBgQ3j6jgc\n" + 53 "vk5wG1aTu7R4AFn0/HRDMzP9ZbRlZVIbJUTd8YiaNyZeyWapPnxHWrPCd5e1xopk\n" + 54 "ElieDdEH5FiLGtIrWy56CGA1hfQb1vUVYegyeY+TTtMFVHt0PrmMk4ZRgj/GtVNp\n" + 55 "BQQYIzaYAcrcWMeCn30ZrhaGAL1hsdgmEVV1wsTD4JeNMSwLwMYem7fg8ondGZIR\n" + 56 "kZuGtuSdOHu4Xz+mgDNXTeX/Bp/dQFucxCG+FOOM9Hoz72RY2W8YqgL38RlnwYWp\n" + 57 "nUNxhXWFH6vyINRQVEu3IgahR6HXjxM7LwIDAQABo4G8MIG5MBQGA1UdEQQNMAuC\n" + 58 "CWxvY2FsaG9zdDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9s\n" + 59 "b2NhbGhvc3Q6NDIzMzMwHwYDVR0jBBgwFoAUYT525lwHCI4CmuWs8a7poaeKRJ4w\n" + 60 "HQYDVR0OBBYEFCaQnOX4L1ovqyfeKuoay+kI+lXgMA4GA1UdDwEB/wQEAwIFoDAd\n" + 61 "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB\n" + 62 "AD8dqQIqFasJcL8lm4mPTsBl0JgNiN8tQcXM7VCvcH+yDvEyh9vudDjuhpSORqPq\n" + 63 "f1o/EvJ+gfs269mBnYQujYRvmSd6EAcBntv5zn6amOh03o6PqTY9KaUC/mL9hB84\n" + 64 "Y5/LYioP16sME7egKnlrGUgKh0ZvGzm7c3SYx3Z5YoeFBOkZajc7Jm+cBw/uBQkF\n" + 65 "a9mLEczIvOgkq1wto8vr2ptH1gEuvFRcorN3muvq34bk40G08+AHlP3fCLFpI3FA\n" + 66 "IStJLJZRcO+Ib4sOcKuaBGnuMo/QVOCEMDUs6RgiWtSd93OZKFIUOASVp6YIkcSs\n" + 67 "5/rmc06sICqBjLfPEB68Jjw=\n" + 68 "-----END CERTIFICATE-----"), 69 // Subject: CN=Intermediate CA Cert, O=SomeCompany 70 // Issuer: CN=Root CA Cert, O=SomeCompany 71 // Validity: Sun Aug 07 14:37:19 PDT 2016 to Tue Aug 07 14:37:19 PDT 2018 72 TWO("64", 73 "CN=Intermediate CA Cert, O=SomeCompany", 74 "CN=Root CA Cert, O=SomeCompany", 75 -927189373, 76 "-----BEGIN CERTIFICATE-----\n" + 77 "MIIDdjCCAl6gAwIBAgIBZDANBgkqhkiG9w0BAQsFADAtMRQwEgYDVQQKEwtTb21l\n" + 78 "Q29tcGFueTEVMBMGA1UEAxMMUm9vdCBDQSBDZXJ0MB4XDTE2MDgwNzIxMzcxOVoX\n" + 79 "DTE4MDgwNzIxMzcxOVowNTEUMBIGA1UEChMLU29tZUNvbXBhbnkxHTAbBgNVBAMT\n" + 80 "FEludGVybWVkaWF0ZSBDQSBDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 81 "CgKCAQEAnJR5CnE7GKlQjigExSJ6hHu302mc0PcA6TDgsIitPYD/r8RBbBuE51OQ\n" + 82 "7IP7AXmfPUV3/+pO/uxx6mgY5O6XeUl7KadhVPtPcL0BVVevCSOdTMVa3iV4zRpa\n" + 83 "C6Uy2ouUFnafKnDtlbieggyETUoNgVNJYA9L0XNhtSnENoLHC4Pq0v8OsNtsOWFR\n" + 84 "NiMTOA49NNDBw85WgPyFAxjqO4z0J0zxdWq3W4rSMB8xrkulv2Rvj3GcfYJK/ab8\n" + 85 "V1IJ6PMWCpujASY3BzvYPnN7BKuBjbWJPgZdPYfX1cxeG80u0tOuMfWWiNONSMSA\n" + 86 "7m9y304QA0gKqlrFFn9U4hU89kv1IwIDAQABo4GYMIGVMA8GA1UdEwEB/wQFMAMB\n" + 87 "Af8wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0\n" + 88 "OjM5MTM0MB8GA1UdIwQYMBaAFJNMsejEyJUB9tiWycVczvpiMVQZMB0GA1UdDgQW\n" + 89 "BBRhPnbmXAcIjgKa5azxrumhp4pEnjAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN\n" + 90 "AQELBQADggEBAE4nOFdW9OirPnRvxihQXYL9CXLuGQz5tr0XgN8wSY6Un9b6CRiK\n" + 91 "7obgIGimVdhvUC1qdRcwJqgOfJ2/jR5/5Qo0TVp+ww4dHNdUoj73tagJ7jTu0ZMz\n" + 92 "5Zdp0uwd4RD/syvTeVcbPc3m4awtgEvRgzpDMcSeKPZWInlo7fbnowKSAUAfO8de\n" + 93 "0cDkxEBkzPIzGNu256cdLZOqOK9wLJ9mQ0zKgi/2NsldNc2pl/6jkGpA6uL5lJsm\n" + 94 "fo9sDusWNHV1YggqjDQ19hrf40VuuC9GFl/qAW3marMuEzY/NiKVUxty1q1s48SO\n" + 95 "g5LoEPDDkbygOt7ICL3HYG1VufhC1Q2YY9c=\n" + 96 "-----END CERTIFICATE-----"), 97 // Subject: CN=Root CA Cert, O=SomeCompany 98 // Issuer: CN=Root CA Cert, O=SomeCompany 99 // Validity: Fri Jul 08 14:37:18 PDT 2016 to Fri Jun 28 14:37:18 PDT 2019 100 ROOT_CA("1", 101 "CN=Root CA Cert, O=SomeCompany", 102 "CN=Root CA Cert, O=SomeCompany", 103 -1299818863, 104 "-----BEGIN CERTIFICATE-----\n" + 105 "MIIDODCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAtMRQwEgYDVQQKEwtTb21l\n" + 106 "Q29tcGFueTEVMBMGA1UEAxMMUm9vdCBDQSBDZXJ0MB4XDTE2MDcwODIxMzcxOFoX\n" + 107 "DTE5MDYyODIxMzcxOFowLTEUMBIGA1UEChMLU29tZUNvbXBhbnkxFTATBgNVBAMT\n" + 108 "DFJvb3QgQ0EgQ2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIlN\n" + 109 "M3WYEqkU2elXEZrV9QSDbDKwyaLEHafLFciH8Edoag3q/7jEzFJxI7JZ831tdbWQ\n" + 110 "Bm6Hgo+8pvetOFW1BckL8eIjyOONP2CKfFaeMaozsWi1cgxa+rjpU/Rekc+zBqvv\n" + 111 "y4Sr97TwT6nQiLlgjC1nCfR1SVpO51qoDChS7n785rsKEZxw/p+kkVWSZffU7zN9\n" + 112 "c645cPg//L/kjiyeKMkaquGQOYS68gQgy8YZXQv1E3l/8e8Ci1s1DYA5wpCbaBqg\n" + 113 "Tw84Rr4zlUEQBgXzQlRt+mPzeaDpdG1EeGkXrcdkZ+0EMELoOVXOEn6VNsz6vT3I\n" + 114 "KrnvQBSnN06xq/iWwC0CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME\n" + 115 "GDAWgBSTTLHoxMiVAfbYlsnFXM76YjFUGTAdBgNVHQ4EFgQUk0yx6MTIlQH22JbJ\n" + 116 "xVzO+mIxVBkwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAAi+Nl\n" + 117 "sxP9t2IhiZIHRJGSBZuQlXIjwYIwbq3ZWc/ApZ+0oxtl7DYQi5uRNt8/opcGNCHc\n" + 118 "IY0fG93SbkDubXbxPYBW6D/RUjbz59ZryaP5ym55p1MjHTOqy+AM8g41xNTJikc3\n" + 119 "UUFXXnckeFbawijCsb7vf71owzKuxgBXi9n1rmXXtncKoA/LrUVXoUlKefdgDnsU\n" + 120 "sl3Q29eibE3HSqziMMoAOLm0jjekFGWIgLeTtyRYR1d0dNaUwsHTrQpPjxxUTn1x\n" + 121 "sAPpXKfzPnsYAZeeiaaE75GwbWlHzrNinvxdZQd0zctpfBJfVqD/+lWANlw+rOaK\n" + 122 "J2GyCaJINsyaI/I2\n" + 123 "-----END CERTIFICATE-----"); 124 125 public String serialNumber; 126 public String algorithm; 127 public String subject; 128 public String issuer; 129 public String keyType; 130 public long certId; 131 public int keyLength; 132 public String encoded; 133 134 TestCertificate(String serialNumber, String subject, String issuer, 135 long certId, String encoded) { 136 this.serialNumber = serialNumber; 137 this.subject = subject; 138 this.issuer = issuer; 139 this.algorithm = "SHA256withRSA"; 140 this.encoded = encoded; 141 this.certId = certId; 142 this.keyType = "RSA"; 143 this.keyLength = 2048; 144 } 145 146 public X509Certificate generate(CertificateFactory cf) throws CertificateException { 147 ByteArrayInputStream is = new ByteArrayInputStream(encoded.getBytes()); 148 return (X509Certificate) cf.generateCertificate(is); 149 } 150 151 public static void generateChain(boolean selfSignedTest) throws Exception { 152 // Do path validation as if it is always Tue, 06 Sep 2016 22:12:21 GMT 153 // This value is within the lifetimes of all certificates. 154 Date testDate = new Date(1473199941000L); 155 156 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 157 X509Certificate c1 = TestCertificate.ONE.generate(cf); 158 X509Certificate c2 = TestCertificate.TWO.generate(cf); 159 X509Certificate ca = TestCertificate.ROOT_CA.generate(cf); 160 161 TrustAnchor ta = new TrustAnchor(ca, null); 162 CertPathValidator validator = CertPathValidator.getInstance("PKIX"); 163 164 PKIXParameters params = new PKIXParameters(Collections.singleton(ta)); 165 params.setRevocationEnabled(false); 166 params.setDate(testDate); 167 if (!selfSignedTest) { 168 CertPath path = cf.generateCertPath(List.of(c1, c2)); 169 validator.validate(path, params); 170 } else { 171 CertPath path = cf.generateCertPath(List.of(ca)); 172 validator.validate(path, params); 173 } 174 } 175 }