New jdk/test/sun/security/validator/samedn.sh

   1 #
   2 # Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
   3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4 #
   5 # This code is free software; you can redistribute it and/or modify it
   6 # under the terms of the GNU General Public License version 2 only, as
   7 # published by the Free Software Foundation.
   8 #
   9 # This code is distributed in the hope that it will be useful, but WITHOUT
  10 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11 # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12 # version 2 for more details (a copy is included in the LICENSE file that
  13 # accompanied this code).
  14 #
  15 # You should have received a copy of the GNU General Public License version
  16 # 2 along with this work; if not, write to the Free Software Foundation,
  17 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18 #
  19 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20 # or visit www.oracle.com if you need additional information or have any
  21 # questions.
  22 #
  23 
  24 # @test
  25 # @bug 6958869
  26 # @summary regression: PKIXValidator fails when multiple trust anchors
  27 # have same dn
  28 # @modules java.base/sun.security.validator
  29 #
  30 
  31 if [ "${TESTSRC}" = "" ] ; then
  32   TESTSRC="."
  33 fi
  34 if [ "${TESTJAVA}" = "" ] ; then
  35   JAVAC_CMD=`which javac`
  36   TESTJAVA=`dirname $JAVAC_CMD`/..
  37   COMPILEJAVA="${TESTJAVA}"
  38 fi
  39 
  40 # set platform-dependent variables
  41 OS=`uname -s`
  42 case "$OS" in
  43   Windows_* )
  44     FS="\\"
  45     ;;
  46   * )
  47     FS="/"
  48     ;;
  49 esac
  50 
  51 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit \
  52     -keypass changeit -keystore samedn.jks -keyalg rsa"
  53 JAVAC=$COMPILEJAVA${FS}bin${FS}javac
  54 JAVA=$TESTJAVA${FS}bin${FS}java
  55 
  56 rm -rf samedn.jks 2> /dev/null
  57 
  58 # 1. Generate 3 aliases in a keystore: ca1, ca2, user. The CAs' startdate
  59 # is set to one year ago so that they are expired now
  60 
  61 $KT -genkeypair -alias ca1 -dname CN=CA -keyalg rsa -sigalg md5withrsa -ext bc -startdate -1y
  62 $KT -genkeypair -alias ca2 -dname CN=CA -keyalg rsa -sigalg sha1withrsa -ext bc -startdate -1y
  63 $KT -genkeypair -alias user -dname CN=User -keyalg rsa
  64 
  65 # 2. Signing: ca -> user
  66 
  67 $KT -certreq -alias user | $KT -gencert -rfc -alias ca1 > samedn1.certs
  68 $KT -certreq -alias user | $KT -gencert -rfc -alias ca2 > samedn2.certs
  69 
  70 # 3. Append the ca file
  71 
  72 $KT -export -rfc -alias ca1 >> samedn1.certs
  73 $KT -export -rfc -alias ca2 >> samedn2.certs
  74 
  75 # 4. Remove user for cacerts
  76 
  77 $KT -delete -alias user
  78 
  79 # 5. Build and run test. Make sure the CA certs are ignored for validity check.
  80 # Check both, one of them might be dropped out of map in old codes.
  81 
  82 EXTRAOPTS="--add-exports java.base/sun.security.validator=ALL-UNNAMED"
  83 $JAVAC ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} ${EXTRAOPTS} -d . ${TESTSRC}${FS}CertReplace.java
  84 $JAVA ${TESTVMOPTS} ${EXTRAOPTS} CertReplace samedn.jks samedn1.certs || exit 1
  85 $JAVA ${TESTVMOPTS} ${EXTRAOPTS} CertReplace samedn.jks samedn2.certs || exit 2