1 # 2 # Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. 3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 # 5 # This code is free software; you can redistribute it and/or modify it 6 # under the terms of the GNU General Public License version 2 only, as 7 # published by the Free Software Foundation. 8 # 9 # This code is distributed in the hope that it will be useful, but WITHOUT 10 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 # version 2 for more details (a copy is included in the LICENSE file that 13 # accompanied this code). 14 # 15 # You should have received a copy of the GNU General Public License version 16 # 2 along with this work; if not, write to the Free Software Foundation, 17 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 # 19 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 # or visit www.oracle.com if you need additional information or have any 21 # questions. 22 # 23 24 # @test 25 # @bug 6958869 26 # @summary regression: PKIXValidator fails when multiple trust anchors 27 # have same dn 28 # @modules java.base/sun.security.validator 29 # 30 31 if [ "${TESTSRC}" = "" ] ; then 32 TESTSRC="." 33 fi 34 if [ "${TESTJAVA}" = "" ] ; then 35 JAVAC_CMD=`which javac` 36 TESTJAVA=`dirname $JAVAC_CMD`/.. 37 COMPILEJAVA="${TESTJAVA}" 38 fi 39 40 # set platform-dependent variables 41 OS=`uname -s` 42 case "$OS" in 43 Windows_* ) 44 FS="\\" 45 ;; 46 * ) 47 FS="/" 48 ;; 49 esac 50 51 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit \ 52 -keypass changeit -keystore samedn.jks -keyalg rsa" 53 JAVAC=$COMPILEJAVA${FS}bin${FS}javac 54 JAVA=$TESTJAVA${FS}bin${FS}java 55 56 rm -rf samedn.jks 2> /dev/null 57 58 # 1. Generate 3 aliases in a keystore: ca1, ca2, user. The CAs' startdate 59 # is set to one year ago so that they are expired now 60 61 $KT -genkeypair -alias ca1 -dname CN=CA -keyalg rsa -sigalg md5withrsa -ext bc -startdate -1y 62 $KT -genkeypair -alias ca2 -dname CN=CA -keyalg rsa -sigalg sha1withrsa -ext bc -startdate -1y 63 $KT -genkeypair -alias user -dname CN=User -keyalg rsa 64 65 # 2. Signing: ca -> user 66 67 $KT -certreq -alias user | $KT -gencert -rfc -alias ca1 > samedn1.certs 68 $KT -certreq -alias user | $KT -gencert -rfc -alias ca2 > samedn2.certs 69 70 # 3. Append the ca file 71 72 $KT -export -rfc -alias ca1 >> samedn1.certs 73 $KT -export -rfc -alias ca2 >> samedn2.certs 74 75 # 4. Remove user for cacerts 76 77 $KT -delete -alias user 78 79 # 5. Build and run test. Make sure the CA certs are ignored for validity check. 80 # Check both, one of them might be dropped out of map in old codes. 81 82 EXTRAOPTS="-XaddExports:java.base/sun.security.validator=ALL-UNNAMED" 83 $JAVAC ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} ${EXTRAOPTS} -d . ${TESTSRC}${FS}CertReplace.java 84 $JAVA ${TESTVMOPTS} ${EXTRAOPTS} CertReplace samedn.jks samedn1.certs || exit 1 85 $JAVA ${TESTVMOPTS} ${EXTRAOPTS} CertReplace samedn.jks samedn2.certs || exit 2