1 /* 2 * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 import java.io.ByteArrayInputStream; 24 import java.security.cert.CertPath; 25 import java.security.cert.Certificate; 26 import java.security.cert.CertificateFactory; 27 import java.util.ArrayList; 28 import java.util.Arrays; 29 import java.util.Base64; 30 import java.util.List; 31 32 /* 33 * @test 34 * @bug 8074931 35 * @summary CertPathEncodingTest tests the ability of the CertPath and 36 * CertificateFactory to encode and decode CertPaths. 37 */ 38 public final class CertPathEncodingTest { 39 /* 40 Certificate: 41 Data: 42 Version: 3 (0x2) 43 Serial Number: 935438132 (0x37c1a734) 44 Signature Algorithm: dsaWithSHA1 45 Issuer: C=us, O=sun, OU=east, OU=bcn, CN=yassir 46 Validity 47 Not Before: Aug 23 19:55:32 1999 GMT 48 Not After : Aug 22 19:55:32 2000 GMT 49 Subject: C=us, O=sun, OU=east, OU=bcn 50 Subject Public Key Info: 51 Public Key Algorithm: dsaEncryption 52 pub: 53 63:47:4f:f6:29:e5:98:a2:21:fd:da:97:9e:3f:ca: 54 b0:17:49:8d:8a:a7:06:0d:a6:78:97:39:59:33:72: 55 a2:a5:74:d5:3a:ef:e6:7c:07:d7:8e:8e:d1:66:73: 56 99:14:04:96:f5:31:d6:72:ee:d2:53:f8:90:b5:f3: 57 c3:f1:64:ba:1a:9e:c0:0a:da:92:48:c5:d3:84:7e: 58 48:09:66:d9:51:ba:74:56:5a:77:8a:8c:9a:9c:f6: 59 84:12:61:12:51:dc:c6:4f:84:94:ec:cb:78:51:83: 60 8c:20:8a:53:7b:d2:b6:36:df:50:35:95:1f:cb:50: 61 55:8b:3f:fb:e2:77:cb 62 P: 63 00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec: 64 e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6: 65 51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf: 66 c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34: 67 6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b: 68 10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7: 69 c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35: 70 54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef: 71 f2:22:03:19:9d:d1:48:01:c7 72 Q: 73 00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb: 74 84:0b:f0:58:1c:f5 75 G: 76 00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8: 77 57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d: 78 07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10: 79 81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09: 80 32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3: 81 ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62: 82 f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89: 83 a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55: 84 25:64:01:4c:3b:fe:cf:49:2a 85 X509v3 extensions: 86 X509v3 Key Usage: critical 87 Digital Signature, Key Encipherment, Certificate Sign 88 Signature Algorithm: dsaWithSHA1 89 r: 90 52:80:52:2b:2c:3d:02:66:58:b4:dc:ef:52:26:70: 91 1b:53:ca:b3:7d 92 s: 93 62:03:b2:ab:3e:18:2a:66:09:b6:ce:d4:05:a5:8e: 94 a5:7a:0d:55:67 95 */ 96 private static final String cert1 = 97 "-----BEGIN CERTIFICATE-----\n" + 98 "MIICzTCCAougAwIBAgIEN8GnNDALBgcqhkjOOAQDBQAwSTELMAkGA1UEBhMCdXMx\n" + 99 "DDAKBgNVBAoTA3N1bjENMAsGA1UECxMEZWFzdDEMMAoGA1UECxMDYmNuMQ8wDQYD\n" + 100 "VQQDEwZ5YXNzaXIwHhcNOTkwODIzMTk1NTMyWhcNMDAwODIyMTk1NTMyWjA4MQsw\n" + 101 "CQYDVQQGEwJ1czEMMAoGA1UEChMDc3VuMQ0wCwYDVQQLEwRlYXN0MQwwCgYDVQQL\n" + 102 "EwNiY24wggG1MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR\n" + 103 "t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ\n" + 104 "UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu\n" + 105 "K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9\n" + 106 "3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW\n" + 107 "E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ\n" + 108 "iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBggACf2NHT/Yp5ZiiIf3al54/yrAX\n" + 109 "SY2KpwYNpniXOVkzcqKldNU67+Z8B9eOjtFmc5kUBJb1MdZy7tJT+JC188PxZLoa\n" + 110 "nsAK2pJIxdOEfkgJZtlRunRWWneKjJqc9oQSYRJR3MZPhJTsy3hRg4wgilN70rY2\n" + 111 "31A1lR/LUFWLP/vid8ujEzARMA8GA1UdDwEB/wQFAwMHpAAwCwYHKoZIzjgEAwUA\n" + 112 "Ay8AMCwCFFKAUissPQJmWLTc71ImcBtTyrN9AhRiA7KrPhgqZgm2ztQFpY6leg1V\n" + 113 "Zw==\n" + 114 "-----END CERTIFICATE-----\n" + 115 ""; 116 117 /* 118 Certificate: 119 Data: 120 Version: 3 (0x2) 121 Serial Number: 935095671 (0x37bc6d77) 122 Signature Algorithm: dsaWithSHA1 123 Issuer: C=us, O=sun, OU=east, OU=bcn, CN=yassir 124 Validity 125 Not Before: Aug 19 20:47:51 1999 GMT 126 Not After : Aug 18 20:47:51 2000 GMT 127 Subject: C=us, O=sun, OU=east, OU=bcn, CN=yassir 128 Subject Public Key Info: 129 Public Key Algorithm: dsaEncryption 130 pub: 131 0a:cc:a4:ec:d6:88:45:c2:24:6b:0d:78:f1:82:f3: 132 5e:3e:31:5d:fb:64:d5:06:5e:39:16:f1:0a:85:d1: 133 ff:d1:a4:74:c5:e6:b0:ba:93:1c:ee:69:51:be:3b: 134 a6:66:44:50:b4:f0:5e:0e:dd:9f:08:71:fe:a1:91: 135 2e:d4:9e:6b:b2:c0:82:3c:91:6c:18:b0:d9:bc:a3: 136 48:91:3f:8b:59:01:61:00:02:ab:22:31:bc:7c:6c: 137 0d:9f:ed:be:33:e6:5c:44:9e:62:30:95:f8:6d:22: 138 d7:e5:85:4c:b0:98:6e:ad:cc:ca:3b:ad:cb:fa:f7: 139 9f:37:13:f7:ca:e2:22:ba 140 P: 141 00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec: 142 e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6: 143 51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf: 144 c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34: 145 6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b: 146 10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7: 147 c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35: 148 54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef: 149 f2:22:03:19:9d:d1:48:01:c7 150 Q: 151 00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb: 152 84:0b:f0:58:1c:f5 153 G: 154 00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8: 155 57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d: 156 07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10: 157 81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09: 158 32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3: 159 ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62: 160 f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89: 161 a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55: 162 25:64:01:4c:3b:fe:cf:49:2a 163 X509v3 extensions: 164 X509v3 Key Usage: critical 165 Digital Signature, Key Encipherment, Certificate Sign 166 X509v3 Basic Constraints: critical 167 CA:TRUE, pathlen:5 168 Signature Algorithm: dsaWithSHA1 169 r: 170 2f:88:46:37:94:92:b2:02:07:5b:8d:76:e5:81:23: 171 85:7f:bc:8d:b9 172 s: 173 00:8b:d7:41:fa:11:c7:ab:27:92:5d:0a:03:98:56: 174 36:42:5f:f5:1f:9d 175 */ 176 private static final String cert2 = 177 "-----BEGIN CERTIFICATE-----\n" + 178 "MIIC9TCCArKgAwIBAgIEN7xtdzALBgcqhkjOOAQDBQAwSTELMAkGA1UEBhMCdXMx\n" + 179 "DDAKBgNVBAoTA3N1bjENMAsGA1UECxMEZWFzdDEMMAoGA1UECxMDYmNuMQ8wDQYD\n" + 180 "VQQDEwZ5YXNzaXIwHhcNOTkwODE5MjA0NzUxWhcNMDAwODE4MjA0NzUxWjBJMQsw\n" + 181 "CQYDVQQGEwJ1czEMMAoGA1UEChMDc3VuMQ0wCwYDVQQLEwRlYXN0MQwwCgYDVQQL\n" + 182 "EwNiY24xDzANBgNVBAMTBnlhc3NpcjCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9\n" + 183 "f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2\n" + 184 "y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD\n" + 185 "9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLr\n" + 186 "hAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrU\n" + 187 "WU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6\n" + 188 "ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKB\n" + 189 "gArMpOzWiEXCJGsNePGC814+MV37ZNUGXjkW8QqF0f/RpHTF5rC6kxzuaVG+O6Zm\n" + 190 "RFC08F4O3Z8Icf6hkS7UnmuywII8kWwYsNm8o0iRP4tZAWEAAqsiMbx8bA2f7b4z\n" + 191 "5lxEnmIwlfhtItflhUywmG6tzMo7rcv69583E/fK4iK6oycwJTAPBgNVHQ8BAf8E\n" + 192 "BQMDB6QAMBIGA1UdEwEB/wQIMAYBAf8CAQUwCwYHKoZIzjgEAwUAAzAAMC0CFC+I\n" + 193 "RjeUkrICB1uNduWBI4V/vI25AhUAi9dB+hHHqyeSXQoDmFY2Ql/1H50=\n" + 194 "-----END CERTIFICATE-----\n" + 195 ""; 196 197 private static final String pkcs7path = 198 "MIIF9QYJKoZIhvcNAQcCoIIF5jCCBeICAQExADALBgkqhkiG9w0BBwGgggXKMIICzTCCAougAwIB\n" + 199 "AgIEN8GnNDALBgcqhkjOOAQDBQAwSTELMAkGA1UEBhMCdXMxDDAKBgNVBAoTA3N1bjENMAsGA1UE\n" + 200 "CxMEZWFzdDEMMAoGA1UECxMDYmNuMQ8wDQYDVQQDEwZ5YXNzaXIwHhcNOTkwODIzMTk1NTMyWhcN\n" + 201 "MDAwODIyMTk1NTMyWjA4MQswCQYDVQQGEwJ1czEMMAoGA1UEChMDc3VuMQ0wCwYDVQQLEwRlYXN0\n" + 202 "MQwwCgYDVQQLEwNiY24wggG1MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR\n" + 203 "t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQ\n" + 204 "IsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCX\n" + 205 "YFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZ\n" + 206 "V4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7\n" + 207 "YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBggACf2NHT/Yp5ZiiIf3al54/\n" + 208 "yrAXSY2KpwYNpniXOVkzcqKldNU67+Z8B9eOjtFmc5kUBJb1MdZy7tJT+JC188PxZLoansAK2pJI\n" + 209 "xdOEfkgJZtlRunRWWneKjJqc9oQSYRJR3MZPhJTsy3hRg4wgilN70rY231A1lR/LUFWLP/vid8uj\n" + 210 "EzARMA8GA1UdDwEB/wQFAwMHpAAwCwYHKoZIzjgEAwUAAy8AMCwCFFKAUissPQJmWLTc71ImcBtT\n" + 211 "yrN9AhRiA7KrPhgqZgm2ztQFpY6leg1VZzCCAvUwggKyoAMCAQICBDe8bXcwCwYHKoZIzjgEAwUA\n" + 212 "MEkxCzAJBgNVBAYTAnVzMQwwCgYDVQQKEwNzdW4xDTALBgNVBAsTBGVhc3QxDDAKBgNVBAsTA2Jj\n" + 213 "bjEPMA0GA1UEAxMGeWFzc2lyMB4XDTk5MDgxOTIwNDc1MVoXDTAwMDgxODIwNDc1MVowSTELMAkG\n" + 214 "A1UEBhMCdXMxDDAKBgNVBAoTA3N1bjENMAsGA1UECxMEZWFzdDEMMAoGA1UECxMDYmNuMQ8wDQYD\n" + 215 "VQQDEwZ5YXNzaXIwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I8\n" + 216 "70QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJP\n" + 217 "u6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCP\n" + 218 "FSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV466\n" + 219 "1FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoB\n" + 220 "JDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYAKzKTs1ohFwiRrDXjxgvNe\n" + 221 "PjFd+2TVBl45FvEKhdH/0aR0xeawupMc7mlRvjumZkRQtPBeDt2fCHH+oZEu1J5rssCCPJFsGLDZ\n" + 222 "vKNIkT+LWQFhAAKrIjG8fGwNn+2+M+ZcRJ5iMJX4bSLX5YVMsJhurczKO63L+vefNxP3yuIiuqMn\n" + 223 "MCUwDwYDVR0PAQH/BAUDAwekADASBgNVHRMBAf8ECDAGAQH/AgEFMAsGByqGSM44BAMFAAMwADAt\n" + 224 "AhQviEY3lJKyAgdbjXblgSOFf7yNuQIVAIvXQfoRx6snkl0KA5hWNkJf9R+dMQA=\n" + 225 ""; 226 227 // Runs test of CertPath encoding and decoding. 228 public static void main(String[] args) throws Exception { 229 // Make the CertPath whose encoded form has already been stored 230 CertificateFactory certFac = CertificateFactory.getInstance("X509"); 231 232 final List<Certificate> certs = new ArrayList<>(); 233 certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert1.getBytes()))); 234 certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert2.getBytes()))); 235 236 CertPath cp = certFac.generateCertPath(certs); 237 238 // Get the encoded form of the CertPath we made 239 byte[] encoded = cp.getEncoded("PKCS7"); 240 241 // check if it matches the encoded value 242 if (!Arrays.equals(encoded, Base64.getMimeDecoder().decode(pkcs7path.getBytes()))) { 243 throw new RuntimeException("PKCS#7 encoding doesn't match stored value"); 244 } 245 246 // Generate a CertPath from the encoded value and check if it equals 247 // the CertPath generated from the certificates 248 CertPath decodedCP = certFac.generateCertPath(new ByteArrayInputStream(encoded), "PKCS7"); 249 if (!decodedCP.equals(cp)) { 250 throw new RuntimeException("CertPath decoded from PKCS#7 isn't equal to original"); 251 } 252 } 253 }