Mercurial > hg > icedtea9-forest > jdk

view test/sun/security/x509/X509CRLImpl/Verify.java @ 5860:b0bfa441d70f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider) Reviewed-by: mullan, xuelei, weijun Contributed-by: jason.uh@oracle.com
author mullan
date Thu, 02 Aug 2012 10:40:24 -0400
parents
children
line wrap: on
line source

/*
 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 * @test
 * @bug 7026347
 * @summary X509CRL should have verify(PublicKey key, Provider sigProvider)
 */

import java.io.ByteArrayInputStream;
import java.security.*;
import java.security.cert.*;

public class Verify {

    static String selfSignedCertStr =
        "-----BEGIN CERTIFICATE-----\n" +
        "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +
        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA0MjcwMjI0MzJaFw0zMDA0MDcwMjI0MzJa\n" +
        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
        "AQUAA4GNADCBiQKBgQC4OTag24sTxL2tXTNuvpmUEtdxrYAZoFsslFQ60T+WD9wQ\n" +
        "Jeiw87FSPsR2vxRuv0j8DNm2a4h7LNNIFcLurfNldbz5pvgZ7VqdbbUMPE9qP85n\n" +
        "jgDl4woyRTSUeRI4A7O0CO6NpES21dtbdhroWQrEkHxpnrDPxsxrz5gf2m3gqwID\n" +
        "AQABo4GJMIGGMB0GA1UdDgQWBBSCJd0hpl5PdAD9IZS+Hzng4lXLGzBHBgNVHSME\n" +
        "QDA+gBSCJd0hpl5PdAD9IZS+Hzng4lXLG6EjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +
        "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" +
        "DQYJKoZIhvcNAQEEBQADgYEAluy6HIjWcq009lTLmhp+Np6dxU78pInBK8RZkza0\n" +
        "484qGaxFGD3UGyZkI5uWmsH2XuMbuox5khfIq6781gmkPBHXBIEtJN8eLusOHEye\n" +
        "iE8h7WI+N3qa6Pj56WionMrioqC/3X+b06o147bbhx8U0vkYv/HyPaITOFfMXTdz\n" +
        "Vjw=\n" +
        "-----END CERTIFICATE-----";

    static String crlIssuerCertStr =
        "-----BEGIN CERTIFICATE-----\n" +
        "MIICKzCCAZSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +
        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA0MjcwMjI0MzNaFw0yOTAxMTIwMjI0MzNa\n" +
        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
        "AQUAA4GNADCBiQKBgQDMJeBMBybHykI/YpwUJ4O9euqDSLb1kpWpceBS8TVqvgBC\n" +
        "SgUJWtFZL0i6bdvF6mMdlbuBkGzhXqHiVAi96/zRLbUC9F8SMEJ6MuD+YhQ0ZFTQ\n" +
        "atKy8zf8O9XzztelLJ26Gqb7QPV133WY3haAqHtCXOhEKkCN16NOYNC37DTaJwID\n" +
        "AQABo3cwdTAdBgNVHQ4EFgQULXSWzXzUOIpOJpzbSCpW42IJUugwRwYDVR0jBEAw\n" +
        "PoAUgiXdIaZeT3QA/SGUvh854OJVyxuhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
        "VQQKEwdFeGFtcGxlggEAMAsGA1UdDwQEAwIBAjANBgkqhkiG9w0BAQQFAAOBgQAY\n" +
        "eMnf5AHSNlyUlzXk8o2S0h4gCuvKX6C3kFfKuZcWvFAbx4yQOWLS2s15/nzR4+AP\n" +
        "FGX3lgJjROyAh7fGedTQK+NFWwkM2ag1g3hXktnlnT1qHohi0w31nVBJxXEDO/Ck\n" +
        "uJTpJGt8XxxbFaw5v7cHy7XuTAeU/sekvjEiNHW00Q==\n" +
        "-----END CERTIFICATE-----";

    static String crlStr =
        "-----BEGIN X509 CRL-----\n" +
        "MIIBGzCBhQIBATANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQMA4GA1UE\n" +
        "ChMHRXhhbXBsZRcNMDkwNDI3MDIzODA0WhcNMjgwNjI2MDIzODA0WjAiMCACAQUX\n" +
        "DTA5MDQyNzAyMzgwMFowDDAKBgNVHRUEAwoBBKAOMAwwCgYDVR0UBAMCAQIwDQYJ\n" +
        "KoZIhvcNAQEEBQADgYEAoarfzXEtw3ZDi4f9U8eSvRIipHSyxOrJC7HR/hM5VhmY\n" +
        "CErChny6x9lBVg9s57tfD/P9PSzBLusCcHwHMAbMOEcTltVVKUWZnnbumpywlYyg\n" +
        "oKLrE9+yCOkYUOpiRlz43/3vkEL5hjIKMcDSZnPKBZi1h16Yj2hPe9GMibNip54=\n" +
        "-----END X509 CRL-----";

    private static X509CRL crl;
    private static PublicKey selfSignedCertPubKey;
    private static PublicKey crlIssuerCertPubKey;

    public static void main(String[] args) throws Exception {
        setup();

        /*
         * Verify CRL with its own public key.
         * Should pass.
         */
        verifyCRL(crlIssuerCertPubKey, "SunRsaSign");

        /*
         * Try to verify CRL with a provider that does not have a Signature
         * implementation.
         * Should fail with NoSuchAlgorithmException.
         */
        try {
            verifyCRL(crlIssuerCertPubKey, "SunPCSC");
            throw new RuntimeException("Didn't catch the exception properly");
        } catch (NoSuchAlgorithmException e) {
            System.out.println("Caught the correct exception.");
        }

        /*
         * Try to verify CRL with a provider that has a Signature implementation
         * but not of the right algorithm (MD5withRSA).
         * Should fail with NoSuchAlgorithmException.
         */
        try {
            verifyCRL(crlIssuerCertPubKey, "SUN");
            throw new RuntimeException("Didn't catch the exception properly");
        } catch (NoSuchAlgorithmException e) {
            System.out.println("Caught the correct exception.");
        }

        /*
         * Try to verify CRL with the wrong public key.
         * Should fail with SignatureException.
         */
        try {
            verifyCRL(selfSignedCertPubKey, "SunRsaSign");
            throw new RuntimeException("Didn't catch the exception properly");
        } catch (SignatureException e) {
            System.out.println("Caught the correct exception.");
        }
    }

    private static void setup() throws CertificateException, CRLException {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");

        /* Create CRL */
        ByteArrayInputStream inputStream =
                new ByteArrayInputStream(crlStr.getBytes());
        crl = (X509CRL)cf.generateCRL(inputStream);

        /* Get public key of the CRL issuer cert */
        inputStream = new ByteArrayInputStream(crlIssuerCertStr.getBytes());
        X509Certificate cert
                = (X509Certificate)cf.generateCertificate(inputStream);
        crlIssuerCertPubKey = cert.getPublicKey();

        /* Get public key of the self-signed Cert */
        inputStream = new ByteArrayInputStream(selfSignedCertStr.getBytes());
        selfSignedCertPubKey = cf.generateCertificate(inputStream).getPublicKey();
    }

    private static void verifyCRL(PublicKey key, String providerName)
            throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
            SignatureException {
        Provider provider = Security.getProvider(providerName);
        crl.verify(key, provider);
    }
}