1 /* 2 * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 7026347 27 * @summary Certificate should have 28 * verify(PublicKey key, Provider sigProvider) 29 */ 30 31 import java.io.ByteArrayInputStream; 32 import java.security.*; 33 import java.security.cert.*; 34 35 public class Verify { 36 37 static String selfSignedCertStr = 38 "-----BEGIN CERTIFICATE-----\n" + 39 "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" + 40 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA0MjcwMjI0MzJaFw0zMDA0MDcwMjI0MzJa\n" + 41 "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" + 42 "AQUAA4GNADCBiQKBgQC4OTag24sTxL2tXTNuvpmUEtdxrYAZoFsslFQ60T+WD9wQ\n" + 43 "Jeiw87FSPsR2vxRuv0j8DNm2a4h7LNNIFcLurfNldbz5pvgZ7VqdbbUMPE9qP85n\n" + 44 "jgDl4woyRTSUeRI4A7O0CO6NpES21dtbdhroWQrEkHxpnrDPxsxrz5gf2m3gqwID\n" + 45 "AQABo4GJMIGGMB0GA1UdDgQWBBSCJd0hpl5PdAD9IZS+Hzng4lXLGzBHBgNVHSME\n" + 46 "QDA+gBSCJd0hpl5PdAD9IZS+Hzng4lXLG6EjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" + 47 "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" + 48 "DQYJKoZIhvcNAQEEBQADgYEAluy6HIjWcq009lTLmhp+Np6dxU78pInBK8RZkza0\n" + 49 "484qGaxFGD3UGyZkI5uWmsH2XuMbuox5khfIq6781gmkPBHXBIEtJN8eLusOHEye\n" + 50 "iE8h7WI+N3qa6Pj56WionMrioqC/3X+b06o147bbhx8U0vkYv/HyPaITOFfMXTdz\n" + 51 "Vjw=\n" + 52 "-----END CERTIFICATE-----"; 53 54 static String crlIssuerCertStr = 55 "-----BEGIN CERTIFICATE-----\n" + 56 "MIICKzCCAZSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" + 57 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA0MjcwMjI0MzNaFw0yOTAxMTIwMjI0MzNa\n" + 58 "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" + 59 "AQUAA4GNADCBiQKBgQDMJeBMBybHykI/YpwUJ4O9euqDSLb1kpWpceBS8TVqvgBC\n" + 60 "SgUJWtFZL0i6bdvF6mMdlbuBkGzhXqHiVAi96/zRLbUC9F8SMEJ6MuD+YhQ0ZFTQ\n" + 61 "atKy8zf8O9XzztelLJ26Gqb7QPV133WY3haAqHtCXOhEKkCN16NOYNC37DTaJwID\n" + 62 "AQABo3cwdTAdBgNVHQ4EFgQULXSWzXzUOIpOJpzbSCpW42IJUugwRwYDVR0jBEAw\n" + 63 "PoAUgiXdIaZeT3QA/SGUvh854OJVyxuhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + 64 "VQQKEwdFeGFtcGxlggEAMAsGA1UdDwQEAwIBAjANBgkqhkiG9w0BAQQFAAOBgQAY\n" + 65 "eMnf5AHSNlyUlzXk8o2S0h4gCuvKX6C3kFfKuZcWvFAbx4yQOWLS2s15/nzR4+AP\n" + 66 "FGX3lgJjROyAh7fGedTQK+NFWwkM2ag1g3hXktnlnT1qHohi0w31nVBJxXEDO/Ck\n" + 67 "uJTpJGt8XxxbFaw5v7cHy7XuTAeU/sekvjEiNHW00Q==\n" + 68 "-----END CERTIFICATE-----"; 69 70 private static X509Certificate cert; 71 private static PublicKey selfSignedCertPubKey; 72 private static PublicKey crlIssuerCertPubKey; 73 main(String[] args)74 public static void main(String[] args) throws Exception { 75 setup(); 76 77 /* 78 * Verify certificate with its own public key. 79 * Should pass. 80 */ 81 verifyCert(selfSignedCertPubKey,"SunRsaSign"); 82 83 /* 84 * Try to verify certificate with a provider that does not have a 85 * Signature implementation. 86 * Should fail with NoSuchAlgorithmException. 87 */ 88 try { 89 verifyCert(selfSignedCertPubKey, "SunJCE"); 90 throw new RuntimeException("Didn't catch the exception properly"); 91 } catch (NoSuchAlgorithmException e) { 92 System.out.println("Caught the correct exception."); 93 } 94 95 /* 96 * Try to verify certificate with a provider that has a Signature 97 * implementation but not of the right algorithm (MD5withRSA). 98 * Should fail with NoSuchAlgorithmException. 99 */ 100 try { 101 verifyCert(selfSignedCertPubKey, "SUN"); 102 throw new RuntimeException("Didn't catch the exception properly"); 103 } catch (NoSuchAlgorithmException e) { 104 System.out.println("Caught the correct exception."); 105 } 106 107 /* 108 * Try to verify certificate with the wrong public key. 109 * Should fail with SignatureException. 110 */ 111 try { 112 verifyCert(crlIssuerCertPubKey, "SunRsaSign"); 113 throw new RuntimeException("Didn't catch the exception properly"); 114 } catch (SignatureException e) { 115 System.out.println("Caught the correct exception."); 116 } 117 } 118 setup()119 private static void setup() throws CertificateException, CRLException { 120 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 121 122 /* Get public key of the CRL issuer cert */ 123 ByteArrayInputStream inputStream 124 = new ByteArrayInputStream(crlIssuerCertStr.getBytes()); 125 cert = (X509Certificate)cf.generateCertificate(inputStream); 126 crlIssuerCertPubKey = cert.getPublicKey(); 127 128 /* Get public key of the self-signed Cert */ 129 inputStream = new ByteArrayInputStream(selfSignedCertStr.getBytes()); 130 selfSignedCertPubKey = cf.generateCertificate(inputStream).getPublicKey(); 131 } 132 verifyCert(PublicKey key, String providerName)133 private static void verifyCert(PublicKey key, String providerName) 134 throws CertificateException, NoSuchAlgorithmException, 135 InvalidKeyException, SignatureException { 136 Provider provider = Security.getProvider(providerName); 137 if (provider == null) { 138 throw new RuntimeException("Provider " + providerName 139 + " not found."); 140 } 141 cert.verify(key, provider); 142 } 143 } 144