--- old/test/jdk/sun/security/ssl/StatusStapling/java.base/sun/security/ssl/CertStatusReqItemV2Tests.java 2018-05-11 15:11:56.317705700 -0700 +++ /dev/null 2018-05-11 10:42:23.849000000 -0700 @@ -1,455 +0,0 @@ -/* - * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.ssl; - -import java.security.cert.*; -import java.util.*; -import java.nio.ByteBuffer; -import javax.net.ssl.SSLException; -import javax.security.auth.x500.X500Principal; -import sun.security.provider.certpath.ResponderId; -import sun.security.provider.certpath.OCSPNonceExtension; - -/* - * Checks that the hash value for a certificate's issuer name is generated - * correctly. Requires any certificate that is not self-signed. - * - * NOTE: this test uses Sun private classes which are subject to change. - */ -public class CertStatusReqItemV2Tests { - - private static final boolean debug = false; - - private static final byte[] DEF_CSRIV2_OCSP_MULTI_BYTES = { - 2, 0, 4, 0, 0, 0, 0 - }; - - private static final byte[] DEF_CSRIV2_OCSP_BYTES = { - 1, 0, 4, 0, 0, 0, 0 - }; - - // This is a CSRIV2 (ocsp_multi) that has a single - // responder ID and no extensions. - private static final byte[] CSRIV2_1RID = { - 2, 0, 32, 0, 28, 0, 26, -95, - 24, 48, 22, 49, 20, 48, 18, 6, - 3, 85, 4, 3, 19, 11, 79, 67, - 83, 80, 32, 83, 105, 103, 110, 101, - 114, 0 , 0 - }; - - // This is a CSRIV2 (ocsp_multi) that has a single - // responder ID and no extensions. The request_length - // field is too short in this case. - private static final byte[] CSRIV2_LENGTH_TOO_SHORT = { - 2, 0, 27, 0, 28, 0, 26, -95, - 24, 48, 22, 49, 20, 48, 18, 6, - 3, 85, 4, 3, 19, 11, 79, 67, - 83, 80, 32, 83, 105, 103, 110, 101, - 114, 0 , 0 - }; - - // This is a CSRIV2 (ocsp_multi) that has a single - // responder ID and no extensions. The request_length - // field is too long in this case. - private static final byte[] CSRIV2_LENGTH_TOO_LONG = { - 2, 0, 54, 0, 28, 0, 26, -95, - 24, 48, 22, 49, 20, 48, 18, 6, - 3, 85, 4, 3, 19, 11, 79, 67, - 83, 80, 32, 83, 105, 103, 110, 101, - 114, 0 , 0 - }; - - // A CSRIV2 (ocsp) with one Responder ID (byName: CN=OCSP Signer) - // and a nonce extension (32 bytes). - private static final byte[] CSRIV2_OCSP_1RID_1EXT = { - 1, 0, 83, 0, 28, 0, 26, -95, - 24, 48, 22, 49, 20, 48, 18, 6, - 3, 85, 4, 3, 19, 11, 79, 67, - 83, 80, 32, 83, 105, 103, 110, 101, - 114, 0, 51, 48, 49, 48, 47, 6, - 9, 43, 6, 1, 5, 5, 7, 48, - 1, 2, 4, 34, 4, 32, -34, -83, - -66, -17, -34, -83, -66, -17, -34, -83, - -66, -17, -34, -83, -66, -17, -34, -83, - -66, -17, -34, -83, -66, -17, -34, -83, - -66, -17, -34, -83, -66, -17 - }; - - public static void main(String[] args) throws Exception { - Map testList = - new LinkedHashMap() {{ - put("CTOR (Default)", testCtorTypeStatReq); - put("CTOR (Byte array)", testCtorByteArray); - put("CTOR (invalid lengths)", testCtorInvalidLengths); - }}; - - TestUtils.runTests(testList); - } - - public static final TestCase testCtorTypeStatReq = new TestCase() { - @Override - public Map.Entry runTest() { - Boolean pass = Boolean.FALSE; - String message = null; - try { - // Attempt to create CSRIv2 objects using null pointers - // for either parameter. In either case NPE should be thrown - CertStatusReqItemV2 csriNull; - try { - csriNull = new CertStatusReqItemV2(null, - new OCSPStatusRequest()); - throw new RuntimeException("Did not catch expected NPE " + - "for null status_type parameter"); - } catch (NullPointerException npe) { } - - try { - csriNull = new CertStatusReqItemV2(StatusRequestType.OCSP, - null); - throw new RuntimeException("Did not catch expected NPE " + - "for null StatusRequest parameter"); - } catch (NullPointerException npe) { } - - // Create an "ocsp_multi" type request using a default - // (no Responder IDs, no Extensions) OCSPStatusRequest - CertStatusReqItemV2 csriMulti = - new CertStatusReqItemV2(StatusRequestType.OCSP_MULTI, - new OCSPStatusRequest()); - HandshakeOutStream hsout = new HandshakeOutStream(null); - csriMulti.send(hsout); - TestUtils.valueCheck(DEF_CSRIV2_OCSP_MULTI_BYTES, - hsout.toByteArray()); - hsout.reset(); - - // Create an "ocsp" type request using a default - // (no Responder IDs, no Extensions) OCSPStatusRequest - CertStatusReqItemV2 csriSingle = - new CertStatusReqItemV2(StatusRequestType.OCSP, - new OCSPStatusRequest(new LinkedList<>(), - new LinkedList<>())); - csriSingle.send(hsout); - TestUtils.valueCheck(DEF_CSRIV2_OCSP_BYTES, - hsout.toByteArray()); - - // Create the CertStatusRequestItemV2 with a user-defined - // StatusRequestType value - CertStatusReqItemV2 csriNine = - new CertStatusReqItemV2(StatusRequestType.get(9), - new OCSPStatusRequest(null, null)); - if (csriNine.getType().id != 9) { - throw new RuntimeException("Expected status_type = 9, " + - "got " + csriNine.getType().id); - } else { - StatusRequest sr = csriNine.getRequest(); - if (!(sr instanceof OCSPStatusRequest)) { - throw new RuntimeException("Expected " + - "OCSPStatusRequest, got " + - sr.getClass().getName()); - } - } - - // Create the CertStatusRequestItemV2 with a StatusRequest - // that does not match the status_type argument. - // We expect IllegalArgumentException in this case. - try { - CertStatusReqItemV2 csriBadSR = new CertStatusReqItemV2( - StatusRequestType.OCSP_MULTI, - new BogusStatusRequest()); - throw new RuntimeException("Constructor accepted a " + - "StatusRequest that is inconsistent with " + - "the status_type"); - } catch (IllegalArgumentException iae) { - // The expected result...nothing to do here - } - - pass = Boolean.TRUE; - } catch (Exception e) { - e.printStackTrace(System.out); - message = e.getClass().getName(); - } - - return new AbstractMap.SimpleEntry<>(pass, message); - } - }; - - // Test the constructor form that takes the data from a byte array - public static final TestCase testCtorByteArray = new TestCase() { - @Override - public Map.Entry runTest() { - Boolean pass = Boolean.FALSE; - String message = null; - try { - StatusRequestType sType; - StatusRequest sReq; - ResponderId checkRid = - new ResponderId(new X500Principal("CN=OCSP Signer")); - Extension checkExt = new OCSPNonceExtension(32); - - CertStatusReqItemV2 csriv = - new CertStatusReqItemV2(CSRIV2_OCSP_1RID_1EXT); - sType = csriv.getType(); - if (sType != StatusRequestType.OCSP) { - throw new RuntimeException("Unexpected StatusRequestType " + - sType.getClass().getName()); - } - - sReq = csriv.getRequest(); - if (sReq instanceof OCSPStatusRequest) { - OCSPStatusRequest osr = (OCSPStatusRequest)sReq; - List ridList = osr.getResponderIds(); - List extList = osr.getExtensions(); - - if (ridList.size() != 1 || !ridList.contains(checkRid)) { - throw new RuntimeException("Responder list mismatch"); - } else if (extList.size() != 1 || - !extList.get(0).getId().equals(checkExt.getId())) { - throw new RuntimeException("Extension list mismatch"); - } - } else { - throw new RuntimeException("Expected OCSPStatusRequest " + - "from decoded bytes, got " + - sReq.getClass().getName()); - } - - // Create a CSRIV2 out of random data. A non-OCSP/OCSP_MULTI - // type will be forcibly set and the outer length field will - // be correct. - // The constructor should create a StatusRequestType object - // and an UnknownStatusRequest object consisting of the - // data segment. - byte[] junkData = new byte[48]; - Random r = new Random(System.currentTimeMillis()); - r.nextBytes(junkData); - junkData[0] = 7; // status_type = 7 - junkData[1] = 0; - junkData[2] = 45; // request_length = 45 - csriv = new CertStatusReqItemV2(junkData); - - sType = csriv.getType(); - sReq = csriv.getRequest(); - if (sType.id != junkData[0]) { - throw new RuntimeException("StatusRequestType mismatch: " + - "expected 7, got " + sType.id); - } - if (sReq instanceof UnknownStatusRequest) { - // Verify the underlying StatusRequest bytes have been - // preserved correctly. - HandshakeOutStream hsout = new HandshakeOutStream(null); - sReq.send(hsout); - byte[] srDataOut = hsout.toByteArray(); - TestUtils.valueCheck(srDataOut, junkData, 0, 3, - srDataOut.length); - } else { - throw new RuntimeException("StatusRequest mismatch: " + - "expected UnknownStatusRequest, got " + - sReq.getClass().getName()); - } - - // Test the parsing of the default OCSP/OCSP_MULTI extensions - // and make sure the underlying StatusRequestType and - // StatusRequest objects are correct. - csriv = new CertStatusReqItemV2(DEF_CSRIV2_OCSP_MULTI_BYTES); - sType = csriv.getType(); - sReq = csriv.getRequest(); - if (sType != StatusRequestType.OCSP_MULTI) { - throw new RuntimeException("StatusRequestType mismatch: " + - "expected OCSP_MULTI (2), got " + sType.id); - } - if (!(sReq instanceof OCSPStatusRequest)) { - throw new RuntimeException("StatusRequest mismatch: " + - "expected OCSPStatusRequest, got " + - sReq.getClass().getName()); - } - - csriv = new CertStatusReqItemV2(DEF_CSRIV2_OCSP_BYTES); - sType = csriv.getType(); - sReq = csriv.getRequest(); - if (sType != StatusRequestType.OCSP) { - throw new RuntimeException("StatusRequestType mismatch: " + - "expected OCSP (1), got " + sType.id); - } - if (!(sReq instanceof OCSPStatusRequest)) { - throw new RuntimeException("StatusRequest mismatch: " + - "expected OCSPStatusRequest, got " + - sReq.getClass().getName()); - } - - pass = Boolean.TRUE; - } catch (Exception e) { - e.printStackTrace(System.out); - message = e.getClass().getName(); - } - - return new AbstractMap.SimpleEntry<>(pass, message); - } - }; - - public static final TestCase testCtorInvalidLengths = new TestCase() { - @Override - public Map.Entry runTest() { - Boolean pass = Boolean.FALSE; - String message = null; - try { - try { - CertStatusReqItemV2 csriTooShort = - new CertStatusReqItemV2(CSRIV2_LENGTH_TOO_SHORT); - throw new RuntimeException("Expected exception not thrown"); - } catch (SSLException ssle) { } - - try { - CertStatusReqItemV2 csriTooLong = - new CertStatusReqItemV2(CSRIV2_LENGTH_TOO_LONG); - throw new RuntimeException("Expected exception not thrown"); - } catch (SSLException ssle) { } - - pass = Boolean.TRUE; - } catch (Exception e) { - e.printStackTrace(System.out); - message = e.getClass().getName(); - } - - return new AbstractMap.SimpleEntry<>(pass, message); - } - }; - - // Test the constructor form that takes the data from HandshakeInputStream - public static final TestCase testCtorInputStream = new TestCase() { - @Override - public Map.Entry runTest() { - Boolean pass = Boolean.FALSE; - String message = null; - try { - StatusRequestType sType; - StatusRequest sReq; - ResponderId checkRid = - new ResponderId(new X500Principal("CN=OCSP Signer")); - Extension checkExt = new OCSPNonceExtension(32); - - HandshakeInStream hsis = new HandshakeInStream(); - hsis.incomingRecord(ByteBuffer.wrap(CSRIV2_OCSP_1RID_1EXT)); - CertStatusReqItemV2 csriv = new CertStatusReqItemV2(hsis); - sType = csriv.getType(); - if (sType != StatusRequestType.OCSP) { - throw new RuntimeException("Unexpected StatusRequestType " + - sType.getClass().getName()); - } - - sReq = csriv.getRequest(); - if (sReq instanceof OCSPStatusRequest) { - OCSPStatusRequest osr = (OCSPStatusRequest)sReq; - List ridList = osr.getResponderIds(); - List extList = osr.getExtensions(); - - if (ridList.size() != 1 || !ridList.contains(checkRid)) { - throw new RuntimeException("Responder list mismatch"); - } else if (extList.size() != 1 || - !extList.get(0).getId().equals(checkExt.getId())) { - throw new RuntimeException("Extension list mismatch"); - } - } else { - throw new RuntimeException("Expected OCSPStatusRequest " + - "from decoded bytes, got " + - sReq.getClass().getName()); - } - - // Create a CSRIV2 out of random data. A non-OCSP/OCSP_MULTI - // type will be forcibly set and the outer length field will - // be correct. - // The constructor should create a StatusRequestType object - // and an UnknownStatusRequest object consisting of the - // data segment. - byte[] junkData = new byte[48]; - Random r = new Random(System.currentTimeMillis()); - r.nextBytes(junkData); - junkData[0] = 7; // status_type = 7 - junkData[1] = 0; - junkData[2] = 45; // request_length = 45 - hsis = new HandshakeInStream(); - hsis.incomingRecord(ByteBuffer.wrap(junkData)); - csriv = new CertStatusReqItemV2(hsis); - - sType = csriv.getType(); - sReq = csriv.getRequest(); - if (sType.id != junkData[0]) { - throw new RuntimeException("StatusRequestType mismatch: " + - "expected 7, got " + sType.id); - } - if (sReq instanceof UnknownStatusRequest) { - // Verify the underlying StatusRequest bytes have been - // preserved correctly. - HandshakeOutStream hsout = new HandshakeOutStream(null); - sReq.send(hsout); - byte[] srDataOut = hsout.toByteArray(); - TestUtils.valueCheck(srDataOut, junkData, 0, 3, - srDataOut.length); - } else { - throw new RuntimeException("StatusRequest mismatch: " + - "expected UnknownStatusRequest, got " + - sReq.getClass().getName()); - } - - // Test the parsing of the default OCSP/OCSP_MULTI extensions - // and make sure the underlying StatusRequestType and - // StatusRequest objects are correct. - hsis = new HandshakeInStream(); - hsis.incomingRecord( - ByteBuffer.wrap(DEF_CSRIV2_OCSP_MULTI_BYTES)); - csriv = new CertStatusReqItemV2(hsis); - sType = csriv.getType(); - sReq = csriv.getRequest(); - if (sType != StatusRequestType.OCSP_MULTI) { - throw new RuntimeException("StatusRequestType mismatch: " + - "expected OCSP_MULTI (2), got " + sType.id); - } - if (!(sReq instanceof OCSPStatusRequest)) { - throw new RuntimeException("StatusRequest mismatch: " + - "expected OCSPStatusRequest, got " + - sReq.getClass().getName()); - } - - hsis = new HandshakeInStream(); - hsis.incomingRecord(ByteBuffer.wrap(DEF_CSRIV2_OCSP_BYTES)); - csriv = new CertStatusReqItemV2(hsis); - sType = csriv.getType(); - sReq = csriv.getRequest(); - if (sType != StatusRequestType.OCSP) { - throw new RuntimeException("StatusRequestType mismatch: " + - "expected OCSP (1), got " + sType.id); - } - if (!(sReq instanceof OCSPStatusRequest)) { - throw new RuntimeException("StatusRequest mismatch: " + - "expected OCSPStatusRequest, got " + - sReq.getClass().getName()); - } - - pass = Boolean.TRUE; - } catch (Exception e) { - e.printStackTrace(System.out); - message = e.getClass().getName(); - } - - return new AbstractMap.SimpleEntry<>(pass, message); - } - }; -}