1 /*
2 * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 // This test case relies on updated static security property, no way to re-use
25 // security property in samevm/agentvm mode.
26
27 /**
28 * @test
29 *
30 * @bug 6861062
31 * @summary Disable MD2 support
32 *
33 * @run main/othervm CPBuilder trustAnchor_SHA1withRSA_1024 0 true
34 * @run main/othervm CPBuilder trustAnchor_SHA1withRSA_512 0 true
35 * @run main/othervm CPBuilder intermediate_SHA1withRSA_1024_1024 1 true
36 * @run main/othervm CPBuilder intermediate_SHA1withRSA_1024_512 1 true
37 * @run main/othervm CPBuilder intermediate_SHA1withRSA_512_1024 1 true
38 * @run main/othervm CPBuilder intermediate_SHA1withRSA_512_512 1 true
39 * @run main/othervm CPBuilder intermediate_MD2withRSA_1024_1024 1 false
40 * @run main/othervm CPBuilder intermediate_MD2withRSA_1024_512 1 false
41 * @run main/othervm CPBuilder endentiry_SHA1withRSA_1024_1024 2 true
42 * @run main/othervm CPBuilder endentiry_SHA1withRSA_1024_512 2 true
43 * @run main/othervm CPBuilder endentiry_SHA1withRSA_512_1024 2 true
44 * @run main/othervm CPBuilder endentiry_SHA1withRSA_512_512 2 true
45 * @run main/othervm CPBuilder endentiry_MD2withRSA_1024_1024 2 false
46 * @run main/othervm CPBuilder endentiry_MD2withRSA_1024_512 2 false
47 *
48 * @author Xuelei Fan
49 */
50
51 import java.io.*;
52 import java.net.SocketException;
53 import java.util.*;
54 import java.security.Security;
55 import java.security.cert.*;
56 import sun.security.util.DerInputStream;
57
58 public class CPBuilder {
59
60 // SHA1withRSA 1024
61 static String trustAnchor_SHA1withRSA_1024 =
62 "-----BEGIN CERTIFICATE-----\n" +
63 "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
64 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" +
65 "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
66 "AQUAA4GNADCBiQKBgQC8UdC863pFk1Rvd7xUYd60+e9KsLhb6SqOfU42ZA715FcH\n" +
67 "E1TRvQPmYzAnHcO04TrWZQtO6E+E2RCmeBnetBvIMVka688QkO14wnrIrf2tRodd\n" +
68 "rZNZEBzkX+zyXCRo9tKEUDFf9Qze7Ilbb+Zzm9CUfu4M1Oz6iQcXRx7aM0jEAQID\n" +
69 "AQABo4GJMIGGMB0GA1UdDgQWBBTn0C+xmZY/BTab4W9gBp3dGa7WgjBHBgNVHSME\n" +
70 "QDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +
71 "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" +
72 "DQYJKoZIhvcNAQEFBQADgYEAiCXL2Yp4ruyRXAIJ8zBEaPC9oV2agqgbSbly2z8z\n" +
73 "Ik5SeSRysP+GHBpb8uNyANJnQKv+T0GrJiTLMBjKCOiJl6xzk3EZ2wbQB6G/SQ9+\n" +
74 "UWcsXSC8oGSEPpkj5In/9/UbuUIfT9H8jmdyLNKQvlqgq6kyfnskME7ptGgT95Hc\n" +
75 "tas=\n" +
76 "-----END CERTIFICATE-----";
77
78 // SHA1withRSA 512
79 static String trustAnchor_SHA1withRSA_512 =
80 "-----BEGIN CERTIFICATE-----\n" +
81 "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
82 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" +
83 "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" +
84 "BQADSwAwSAJBAM0Kn4ieCdCHsrm78ZMMN4jQEEEqACAMKB7O8j9g4gfz2oAfmHwv\n" +
85 "7JH/hZ0Xen1zUmBbwe+e2J5D/4Fisp9Bn98CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" +
86 "g4Kwd47hdNQBp8grZsRJ5XvhvxAwRwYDVR0jBEAwPoAUg4Kwd47hdNQBp8grZsRJ\n" +
87 "5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" +
88 "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAn77b\n" +
89 "FJx+HvyRvjZYCzMjnUct3Ql4iLOkURYDh93J5TXi/l9ajvAMEuwzYj0qZ+Ktm/ia\n" +
90 "U5r+8B9nzx+j2Zh3kw==\n" +
91 "-----END CERTIFICATE-----";
92
93 // SHA1withRSA 1024 signed with RSA 1024
94 static String intermediate_SHA1withRSA_1024_1024 =
95 "-----BEGIN CERTIFICATE-----\n" +
96 "MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
97 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDhaFw0yOTA0MjMwMTExNDha\n" +
98 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
99 "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
100 "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
101 "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
102 "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
103 "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" +
104 "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
105 "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEAHze3wAcIe84zNOoN\n" +
106 "P8l9EmlVVoU30z3LB3hxq3m/dC/4gE5Z9Z8EG1wJw4qaxlTZ4dif12nbTTdofVhb\n" +
107 "Bd4syjo6fcUA4q7sfg9TFpoHQ+Ap7PgjK99moMKdMy50Xy8s6FPvaVkF89s66Z6y\n" +
108 "e4q7TSwe6QevGOZaL5N/iy2XGEs=\n" +
109 "-----END CERTIFICATE-----";
110
111 // SHA1withRSA 1024 signed with RSA 512
112 static String intermediate_SHA1withRSA_1024_512 =
113 "-----BEGIN CERTIFICATE-----\n" +
114 "MIICDzCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
115 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
116 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
117 "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
118 "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
119 "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
120 "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
121 "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" +
122 "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
123 "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQCYNmdkONfuk07XjRze\n" +
124 "WQyq2cfdae4uIdyUfa2rpgYMtSXuQW3/XrQGiz4G6WBXA2wo7folOOpAKYgvHPrm\n" +
125 "w6Dd\n" +
126 "-----END CERTIFICATE-----";
127
128 // SHA1withRSA 512 signed with RSA 1024
129 static String intermediate_SHA1withRSA_512_1024 =
130 "-----BEGIN CERTIFICATE-----\n" +
131 "MIICDDCCAXWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
132 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
133 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
134 "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" +
135 "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" +
136 "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" +
137 "PoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
138 "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" +
139 "CSqGSIb3DQEBBQUAA4GBAE2VOlw5ySLT3gUzKCYEga4QPaSrf6lHHPi2g48LscEY\n" +
140 "h9qQXh4nuIVugReBIEf6N49RdT+M2cgRJo4sZ3ukYLGQzxNuttL5nPSuuvrAR1oG\n" +
141 "LUyzOWcUpKHbVHi6zlTt79RvTKZvLcduLutmtPtLJcM9PdiAI1wEooSgxTwZtB/Z\n" +
142 "-----END CERTIFICATE-----";
143
144 // SHA1withRSA 512 signed with RSA 512
145 static String intermediate_SHA1withRSA_512_512 =
146 "-----BEGIN CERTIFICATE-----\n" +
147 "MIIByzCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
148 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
149 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
150 "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" +
151 "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" +
152 "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" +
153 "PoAUg4Kwd47hdNQBp8grZsRJ5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
154 "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" +
155 "CSqGSIb3DQEBBQUAA0EAoCf0Zu559qcB4xPpzqkVsYiyW49S4Yc0mmQXb1yoQgLx\n" +
156 "O+DCkjG5d14+t1MsnkhB2izoQUMxQ3vDc1YnA/tEpw==\n" +
157 "-----END CERTIFICATE-----";
158
159 // MD2withRSA 1024 signed with RSA 1024
160 static String intermediate_MD2withRSA_1024_1024 =
161 "-----BEGIN CERTIFICATE-----\n" +
162 "MIICUDCCAbmgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" +
163 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
164 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
165 "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
166 "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
167 "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
168 "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
169 "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" +
170 "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
171 "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEAPtEjwbWuC5kc4DPc\n" +
172 "Ttf/wdbD8ZCdAWzcc3XF9q1TlvwVMNk6mbfM05y6ZVsztKTkwZ4EcvFu/yIqw1EB\n" +
173 "E1zlXQCaWXT3/ZMbqYZV4+mx+RUl8spUCb1tda25jnTg3mTOzB1iztm4gy903EMd\n" +
174 "m8omKDKeCgcw5dR4ITQYvyxe1as=\n" +
175 "-----END CERTIFICATE-----";
176
177 // MD2withRSA 1024 signed with RSA 512
178 static String intermediate_MD2withRSA_1024_512 =
179 "-----BEGIN CERTIFICATE-----\n" +
180 "MIICDzCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" +
181 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
182 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
183 "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
184 "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
185 "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
186 "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
187 "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" +
188 "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
189 "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADQQBHok1v6xymtpB7N9xy\n" +
190 "0OmDT27uhmzlP0eOzJvXVxj3Oi9TLQJgCUJ9122MzfRAs1E1uJTtvuu+UmI80NQx\n" +
191 "KQdp\n" +
192 "-----END CERTIFICATE-----";
193
194 // SHA1withRSA 1024 signed with RSA 1024
195 static String endentiry_SHA1withRSA_1024_1024 =
196 "-----BEGIN CERTIFICATE-----\n" +
197 "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
198 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
199 "NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
200 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
201 "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" +
202 "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" +
203 "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" +
204 "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" +
205 "OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG\n" +
206 "9w0BAQUFAAOBgQAOfIeasDg91CR3jGfuAEVKwncM1OPFmniAUcdPm74cCAyJ90Me\n" +
207 "dhUElWPGoAuXGfiyZlOlGUYWqEroe/dnkmnotJjLWR+MA4ZyX3O1YI8T4W3deWcC\n" +
208 "J4WMCF7mp17SaYYKX9F0AxwNJFpUkbB41IkTxPr0MmzB1871/pbY8dLAvA==\n" +
209 "-----END CERTIFICATE-----";
210
211 // SHA1withRSA 1024 signed with RSA 512
212 static String endentiry_SHA1withRSA_1024_512 =
213 "-----BEGIN CERTIFICATE-----\n" +
214 "MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
215 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
216 "NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
217 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
218 "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" +
219 "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" +
220 "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" +
221 "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" +
222 "OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG\n" +
223 "9w0BAQUFAANBADV6X+ea0ftEKXy7yKNAbdIp35893T6AVwbdclomPkeOs86OtoTG\n" +
224 "1BIzWSK9QE7W6Wbf63e2RdcqoLK+DxsuwUg=\n" +
225 "-----END CERTIFICATE-----";
226
227 // SHA1withRSA 512 signed with RSA 1024
228 static String endentiry_SHA1withRSA_512_1024 =
229 "-----BEGIN CERTIFICATE-----\n" +
230 "MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
231 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
232 "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
233 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" +
234 "DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo\n" +
235 "uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE\n" +
236 "AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU\n" +
237 "31g/ZkU6aXFAJVKhrrv0ebfAgeYwDQYJKoZIhvcNAQEFBQADgYEAUyW8PrEdbzLu\n" +
238 "B+h6UemBOJ024rYq90hJE/5wUEKPvxZ9vPEUgl+io6cGhL3cLfxfh6z5xtEGp4Tb\n" +
239 "NB0Ye3Qi01FBiNDY8s3rQRrmel6VysU8u+0Oi2jmQY6vZXn/zXN5rrTLITCaSicG\n" +
240 "dOMv1xLM83Ee432WWlDwKOUxhzDGpWc=\n" +
241 "-----END CERTIFICATE-----";
242
243 // SHA1withRSA 512 signed with RSA 512
244 static String endentiry_SHA1withRSA_512_512 =
245 "-----BEGIN CERTIFICATE-----\n" +
246 "MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
247 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
248 "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
249 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" +
250 "DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo\n" +
251 "uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE\n" +
252 "AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU\n" +
253 "N0CHiTYPtjyvpP2a6y6mhsZ6U40wDQYJKoZIhvcNAQEFBQADQQBG4grtrVEHick0\n" +
254 "z/6Lcl/MGyHT0c8KTXE0AMVXG1NRjAicAmYno/yDaJ9OmfymObKZKV9fF7yCW/N/\n" +
255 "TMU6m7N0\n" +
256 "-----END CERTIFICATE-----";
257
258 // MD2withRSA 1024 signed with RSA 1024
259 static String endentiry_MD2withRSA_1024_1024 =
260 "-----BEGIN CERTIFICATE-----\n" +
261 "MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ\n" +
262 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
263 "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
264 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
265 "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" +
266 "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" +
267 "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" +
268 "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" +
269 "OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG\n" +
270 "9w0BAQIFAAOBgQBxKsFf8NNQcXjDoKJJSG4Rk6ikcrhiGYuUI32+XHvs6hnav1Zc\n" +
271 "aJUpy7J4gMj/MnysMh/4AF9+m6zEEjuisXKUbYZhgtJxz+ukGSo163mJ8QJiAlRb\n" +
272 "Iwsy81r08mlSCR6jx2YhDAUxJIPC92R5Vb4CEutB7tWTwwz7vIHq330erA==\n" +
273 "-----END CERTIFICATE-----";
274
275 // MD2withRSA 1024 signed with RSA 512
276 static String endentiry_MD2withRSA_1024_512 =
277 "-----BEGIN CERTIFICATE-----\n" +
278 "MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ\n" +
279 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
280 "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
281 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
282 "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" +
283 "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" +
284 "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" +
285 "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" +
286 "OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG\n" +
287 "9w0BAQIFAANBAIX63Ypi9P71RnC/pcMbhD+wekRFsTzU593X3MC7tyBJtEXwvAZG\n" +
288 "iMxXF5A+ohlr7/CrkV7ZTL8PLxnJdY5Y8rQ=\n" +
289 "-----END CERTIFICATE-----";
290
291 static HashMap<String, String> certmap = new HashMap<String, String>();
292 static {
293 certmap.put("trustAnchor_SHA1withRSA_1024",
294 trustAnchor_SHA1withRSA_1024);
295 certmap.put("trustAnchor_SHA1withRSA_512",
296 trustAnchor_SHA1withRSA_512);
297 certmap.put("intermediate_SHA1withRSA_1024_1024",
298 intermediate_SHA1withRSA_1024_1024);
299 certmap.put("intermediate_SHA1withRSA_1024_512",
300 intermediate_SHA1withRSA_1024_512);
301 certmap.put("intermediate_SHA1withRSA_512_1024",
302 intermediate_SHA1withRSA_512_1024);
303 certmap.put("intermediate_SHA1withRSA_512_512",
304 intermediate_SHA1withRSA_512_512);
305 certmap.put("intermediate_MD2withRSA_1024_1024",
306 intermediate_MD2withRSA_1024_1024);
307 certmap.put("intermediate_MD2withRSA_1024_512",
308 intermediate_MD2withRSA_1024_512);
309 certmap.put("endentiry_SHA1withRSA_1024_1024",
310 endentiry_SHA1withRSA_1024_1024);
311 certmap.put("endentiry_SHA1withRSA_1024_512",
312 endentiry_SHA1withRSA_1024_512);
313 certmap.put("endentiry_SHA1withRSA_512_1024",
314 endentiry_SHA1withRSA_512_1024);
315 certmap.put("endentiry_SHA1withRSA_512_512",
316 endentiry_SHA1withRSA_512_512);
317 certmap.put("endentiry_MD2withRSA_1024_1024",
318 endentiry_MD2withRSA_1024_1024);
319 certmap.put("endentiry_MD2withRSA_1024_512",
320 endentiry_MD2withRSA_1024_512);
321 }
322
323 private static Set<TrustAnchor> generateTrustAnchors()
324 throws CertificateException {
325 // generate certificate from cert string
326 CertificateFactory cf = CertificateFactory.getInstance("X.509");
327 HashSet<TrustAnchor> anchors = new HashSet<TrustAnchor>();
328
329 ByteArrayInputStream is =
330 new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes());
331 Certificate cert = cf.generateCertificate(is);
332 TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null);
333 anchors.add(anchor);
334
335 is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes());
336 cert = cf.generateCertificate(is);
337 anchor = new TrustAnchor((X509Certificate)cert, null);
338 anchors.add(anchor);
339
340 return anchors;
341 }
342
343 private static CertStore generateCertificateStore() throws Exception {
344 Collection entries = new HashSet();
345
346 // generate certificate from certificate string
347 CertificateFactory cf = CertificateFactory.getInstance("X.509");
348
349 for (String key : certmap.keySet()) {
350 String certStr = certmap.get(key);
351 ByteArrayInputStream is =
352 new ByteArrayInputStream(certStr.getBytes());;
353 Certificate cert = cf.generateCertificate(is);
354 entries.add(cert);
355 }
356
357 return CertStore.getInstance("Collection",
358 new CollectionCertStoreParameters(entries));
359 }
360
361 private static X509CertSelector generateSelector(String name)
362 throws Exception {
363 X509CertSelector selector = new X509CertSelector();
364
365 String certStr = certmap.get(name);
366 if (certStr == null) {
367 return null;
368 }
369
370 // generate certificate from certificate string
371 CertificateFactory cf = CertificateFactory.getInstance("X.509");
372 ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
373 X509Certificate target = (X509Certificate)cf.generateCertificate(is);
374
375 selector.setCertificate(target);
376
377 return selector;
378 }
379
380 private static boolean match(String name, Certificate cert)
381 throws Exception {
382 X509CertSelector selector = new X509CertSelector();
383
384 String certStr = certmap.get(name);
385 if (certStr == null) {
386 return false;
387 }
388
389 // generate certificate from certificate string
390 CertificateFactory cf = CertificateFactory.getInstance("X.509");
391 ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
392 X509Certificate target = (X509Certificate)cf.generateCertificate(is);
393
394 return target.equals(cert);
395 }
396
397 public static void main(String args[]) throws Exception {
398 // reset the security property to make sure that the algorithms
399 // and keys used in this test are not disabled.
400 Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
401
402 CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
403
404 X509CertSelector selector = generateSelector(args[0]);
405 if (selector == null) {
406 // no target certificate, ignore it
407 return;
408 }
409
410 Set<TrustAnchor> anchors = generateTrustAnchors();
411 CertStore certs = generateCertificateStore();
412
413 PKIXBuilderParameters params =
414 new PKIXBuilderParameters(anchors, selector);
415 params.addCertStore(certs);
416 params.setRevocationEnabled(false);
417 params.setDate(new Date(109, 9, 1)); // 2009-09-01
418
419 boolean success = Boolean.valueOf(args[2]);
420 try {
421 PKIXCertPathBuilderResult result =
422 (PKIXCertPathBuilderResult)builder.build(params);
423 if (!success) {
424 throw new Exception("expected algorithm disabled exception");
425 }
426
427 int length = Integer.parseInt(args[1]);
428 List<? extends Certificate> path =
429 result.getCertPath().getCertificates();
430 if (length != path.size()) {
431 throw new Exception("unexpected certification path length");
432 }
433
434 if (!path.isEmpty()) { // the target is not a trust anchor
435 if (!match(args[0], path.get(0))) {
436 throw new Exception("unexpected certificate");
437 }
438 }
439 } catch (CertPathBuilderException cpbe) {
440 if (success) {
441 throw new Exception("unexpected exception");
442 } else {
443 System.out.println("Get the expected exception " + cpbe);
444 }
445 }
446 }
447
448 }