tchekai704
/
src-openjdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
openjdk源码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
70 MiB
Tree: ab005f776c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ab005f776c'
${ noResults }
src-openjdk/test/java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java

169 lines
6.0 KiB
Raw Normal View History Unescape

openjdk-8u322
1 year ago
/*
* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 4684810 6994717
* @summary Verify that RFC822 name constraints are checked correctly
*/
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.IOException;
import java.security.cert.*;
import java.security.cert.PKIXReason;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
/**
* ValidateCertPath performs a simple validation of a certification path.
* On success, it prints the CertPathValidatorResult. On failure, it
* prints the error.
*
* Synopsis:
* <pre>
* ValidateCertPath trustAnchor [certFile ...]
* where each argument is the path to a file that contains a
* certificate. Each certificate should have an issuer equal to
* the subject of the preceding certificate.
*</pre>
*
* @author Steve Hanna
*/
public final class ValidateCertPath {
private final static String BASE = System.getProperty("test.src", "./");
private static CertPath path;
private static PKIXParameters params;
public static void main(String[] args) throws Exception {
try {
parseArgs(args);
validate(path, params);
throw new Exception("Successfully validated invalid path.");
} catch (CertPathValidatorException e) {
if (e.getReason() != PKIXReason.INVALID_NAME) {
throw new Exception("unexpected reason: " + e.getReason());
}
System.out.println("Path rejected as expected: " + e);
}
}
/**
* Parse the command line arguments. Populate the static
* class fields based on the values of the arugments. In
* case of bad arguments, print usage and exit. In case of
* other error, throw an exception.
*
* @param args command line arguments
* @throws Exception on error
*/
public static void parseArgs(String[] args) throws Exception {
args = new String[] {"jane2jane.cer", "jane2steve.cer", "steve2tom.cer"};
TrustAnchor anchor = new TrustAnchor(getCertFromFile(args[0]), null);
List<X509Certificate> list = new ArrayList<X509Certificate>();
for (int i = 1; i < args.length; i++) {
list.add(0, getCertFromFile(args[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set<TrustAnchor> anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
// The certificates expired on 10/22/10, so set the validity date to
// 05/01/2009 to avoid expiration failures
params.setDate(new Date(1243828800000l));
}
/*
* Reads the entire input stream into a byte array.
*/
private static byte[] getTotalBytes(InputStream is) throws IOException {
byte[] buffer = new byte[8192];
ByteArrayOutputStream baos = new ByteArrayOutputStream(2048);
int n;
baos.reset();
while ((n = is.read(buffer, 0, buffer.length)) != -1) {
baos.write(buffer, 0, n);
}
return baos.toByteArray();
}
/**
* Get a DER-encoded X.509 certificate from a file.
*
* @param certFilePath path to file containing DER-encoded certificate
* @return X509Certificate
* @throws IOException on error
*/
public static X509Certificate getCertFromFile(String certFilePath)
throws IOException {
X509Certificate cert = null;
try {
File certFile = new File(BASE, certFilePath);
if (!certFile.canRead())
throw new IOException("File " +
certFile.toString() +
" is not a readable file.");
FileInputStream certFileInputStream =
new FileInputStream(certFile);
CertificateFactory cf = CertificateFactory.getInstance("X509");
cert = (X509Certificate)
cf.generateCertificate(certFileInputStream);
} catch (Exception e) {
e.printStackTrace();
throw new IOException("Can't construct X509Certificate: " +
e.getMessage());
}
return cert;
}
/**
* Perform a PKIX validation. On success, print the
* CertPathValidatorResult on System.out. On failure,
* throw an exception.
*
* @param path CertPath to validate
* @param params PKIXParameters to use in validation
* @throws Exception on error
*/
public static void validate(CertPath path, PKIXParameters params)
throws Exception {
CertPathValidator validator =
CertPathValidator.getInstance("PKIX");
CertPathValidatorResult cpvr = validator.validate(path, params);
System.out.println("ValidateCertPath successful.");
}
}