1 /* 2 * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // This test case relies on updated static security property, no way to re-use 25 // security property in samevm/agentvm mode. 26 27 /** 28 * @test 29 * 30 * @bug 6861062 31 * @summary Disable MD2 support 32 * 33 * @run main/othervm CPBuilder trustAnchor_SHA1withRSA_1024 0 true 34 * @run main/othervm CPBuilder trustAnchor_SHA1withRSA_512 0 true 35 * @run main/othervm CPBuilder intermediate_SHA1withRSA_1024_1024 1 true 36 * @run main/othervm CPBuilder intermediate_SHA1withRSA_1024_512 1 true 37 * @run main/othervm CPBuilder intermediate_SHA1withRSA_512_1024 1 true 38 * @run main/othervm CPBuilder intermediate_SHA1withRSA_512_512 1 true 39 * @run main/othervm CPBuilder intermediate_MD2withRSA_1024_1024 1 false 40 * @run main/othervm CPBuilder intermediate_MD2withRSA_1024_512 1 false 41 * @run main/othervm CPBuilder endentiry_SHA1withRSA_1024_1024 2 true 42 * @run main/othervm CPBuilder endentiry_SHA1withRSA_1024_512 2 true 43 * @run main/othervm CPBuilder endentiry_SHA1withRSA_512_1024 2 true 44 * @run main/othervm CPBuilder endentiry_SHA1withRSA_512_512 2 true 45 * @run main/othervm CPBuilder endentiry_MD2withRSA_1024_1024 2 false 46 * @run main/othervm CPBuilder endentiry_MD2withRSA_1024_512 2 false 47 * 48 * @author Xuelei Fan 49 */ 50 51 import java.io.*; 52 import java.net.SocketException; 53 import java.util.*; 54 import java.security.Security; 55 import java.security.cert.*; 56 57 public class CPBuilder { 58 59 // SHA1withRSA 1024 60 static String trustAnchor_SHA1withRSA_1024 = 61 "-----BEGIN CERTIFICATE-----\n" + 62 "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + 63 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" + 64 "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" + 65 "AQUAA4GNADCBiQKBgQC8UdC863pFk1Rvd7xUYd60+e9KsLhb6SqOfU42ZA715FcH\n" + 66 "E1TRvQPmYzAnHcO04TrWZQtO6E+E2RCmeBnetBvIMVka688QkO14wnrIrf2tRodd\n" + 67 "rZNZEBzkX+zyXCRo9tKEUDFf9Qze7Ilbb+Zzm9CUfu4M1Oz6iQcXRx7aM0jEAQID\n" + 68 "AQABo4GJMIGGMB0GA1UdDgQWBBTn0C+xmZY/BTab4W9gBp3dGa7WgjBHBgNVHSME\n" + 69 "QDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" + 70 "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" + 71 "DQYJKoZIhvcNAQEFBQADgYEAiCXL2Yp4ruyRXAIJ8zBEaPC9oV2agqgbSbly2z8z\n" + 72 "Ik5SeSRysP+GHBpb8uNyANJnQKv+T0GrJiTLMBjKCOiJl6xzk3EZ2wbQB6G/SQ9+\n" + 73 "UWcsXSC8oGSEPpkj5In/9/UbuUIfT9H8jmdyLNKQvlqgq6kyfnskME7ptGgT95Hc\n" + 74 "tas=\n" + 75 "-----END CERTIFICATE-----"; 76 77 // SHA1withRSA 512 78 static String trustAnchor_SHA1withRSA_512 = 79 "-----BEGIN CERTIFICATE-----\n" + 80 "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + 81 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" + 82 "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" + 83 "BQADSwAwSAJBAM0Kn4ieCdCHsrm78ZMMN4jQEEEqACAMKB7O8j9g4gfz2oAfmHwv\n" + 84 "7JH/hZ0Xen1zUmBbwe+e2J5D/4Fisp9Bn98CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" + 85 "g4Kwd47hdNQBp8grZsRJ5XvhvxAwRwYDVR0jBEAwPoAUg4Kwd47hdNQBp8grZsRJ\n" + 86 "5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" + 87 "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAn77b\n" + 88 "FJx+HvyRvjZYCzMjnUct3Ql4iLOkURYDh93J5TXi/l9ajvAMEuwzYj0qZ+Ktm/ia\n" + 89 "U5r+8B9nzx+j2Zh3kw==\n" + 90 "-----END CERTIFICATE-----"; 91 92 // SHA1withRSA 1024 signed with RSA 1024 93 static String intermediate_SHA1withRSA_1024_1024 = 94 "-----BEGIN CERTIFICATE-----\n" + 95 "MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + 96 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDhaFw0yOTA0MjMwMTExNDha\n" + 97 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + 98 "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + 99 "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + 100 "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + 101 "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + 102 "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" + 103 "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + 104 "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEAHze3wAcIe84zNOoN\n" + 105 "P8l9EmlVVoU30z3LB3hxq3m/dC/4gE5Z9Z8EG1wJw4qaxlTZ4dif12nbTTdofVhb\n" + 106 "Bd4syjo6fcUA4q7sfg9TFpoHQ+Ap7PgjK99moMKdMy50Xy8s6FPvaVkF89s66Z6y\n" + 107 "e4q7TSwe6QevGOZaL5N/iy2XGEs=\n" + 108 "-----END CERTIFICATE-----"; 109 110 // SHA1withRSA 1024 signed with RSA 512 111 static String intermediate_SHA1withRSA_1024_512 = 112 "-----BEGIN CERTIFICATE-----\n" + 113 "MIICDzCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + 114 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + 115 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + 116 "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + 117 "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + 118 "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + 119 "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + 120 "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" + 121 "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + 122 "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQCYNmdkONfuk07XjRze\n" + 123 "WQyq2cfdae4uIdyUfa2rpgYMtSXuQW3/XrQGiz4G6WBXA2wo7folOOpAKYgvHPrm\n" + 124 "w6Dd\n" + 125 "-----END CERTIFICATE-----"; 126 127 // SHA1withRSA 512 signed with RSA 1024 128 static String intermediate_SHA1withRSA_512_1024 = 129 "-----BEGIN CERTIFICATE-----\n" + 130 "MIICDDCCAXWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + 131 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + 132 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + 133 "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" + 134 "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" + 135 "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" + 136 "PoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + 137 "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + 138 "CSqGSIb3DQEBBQUAA4GBAE2VOlw5ySLT3gUzKCYEga4QPaSrf6lHHPi2g48LscEY\n" + 139 "h9qQXh4nuIVugReBIEf6N49RdT+M2cgRJo4sZ3ukYLGQzxNuttL5nPSuuvrAR1oG\n" + 140 "LUyzOWcUpKHbVHi6zlTt79RvTKZvLcduLutmtPtLJcM9PdiAI1wEooSgxTwZtB/Z\n" + 141 "-----END CERTIFICATE-----"; 142 143 // SHA1withRSA 512 signed with RSA 512 144 static String intermediate_SHA1withRSA_512_512 = 145 "-----BEGIN CERTIFICATE-----\n" + 146 "MIIByzCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + 147 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + 148 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + 149 "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" + 150 "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" + 151 "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" + 152 "PoAUg4Kwd47hdNQBp8grZsRJ5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + 153 "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + 154 "CSqGSIb3DQEBBQUAA0EAoCf0Zu559qcB4xPpzqkVsYiyW49S4Yc0mmQXb1yoQgLx\n" + 155 "O+DCkjG5d14+t1MsnkhB2izoQUMxQ3vDc1YnA/tEpw==\n" + 156 "-----END CERTIFICATE-----"; 157 158 // MD2withRSA 1024 signed with RSA 1024 159 static String intermediate_MD2withRSA_1024_1024 = 160 "-----BEGIN CERTIFICATE-----\n" + 161 "MIICUDCCAbmgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" + 162 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + 163 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + 164 "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + 165 "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + 166 "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + 167 "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + 168 "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" + 169 "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + 170 "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEAPtEjwbWuC5kc4DPc\n" + 171 "Ttf/wdbD8ZCdAWzcc3XF9q1TlvwVMNk6mbfM05y6ZVsztKTkwZ4EcvFu/yIqw1EB\n" + 172 "E1zlXQCaWXT3/ZMbqYZV4+mx+RUl8spUCb1tda25jnTg3mTOzB1iztm4gy903EMd\n" + 173 "m8omKDKeCgcw5dR4ITQYvyxe1as=\n" + 174 "-----END CERTIFICATE-----"; 175 176 // MD2withRSA 1024 signed with RSA 512 177 static String intermediate_MD2withRSA_1024_512 = 178 "-----BEGIN CERTIFICATE-----\n" + 179 "MIICDzCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" + 180 "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + 181 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + 182 "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + 183 "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + 184 "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + 185 "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + 186 "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" + 187 "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + 188 "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADQQBHok1v6xymtpB7N9xy\n" + 189 "0OmDT27uhmzlP0eOzJvXVxj3Oi9TLQJgCUJ9122MzfRAs1E1uJTtvuu+UmI80NQx\n" + 190 "KQdp\n" + 191 "-----END CERTIFICATE-----"; 192 193 // SHA1withRSA 1024 signed with RSA 1024 194 static String endentiry_SHA1withRSA_1024_1024 = 195 "-----BEGIN CERTIFICATE-----\n" + 196 "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + 197 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + 198 "NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + 199 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + 200 "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" + 201 "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" + 202 "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" + 203 "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" + 204 "OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG\n" + 205 "9w0BAQUFAAOBgQAOfIeasDg91CR3jGfuAEVKwncM1OPFmniAUcdPm74cCAyJ90Me\n" + 206 "dhUElWPGoAuXGfiyZlOlGUYWqEroe/dnkmnotJjLWR+MA4ZyX3O1YI8T4W3deWcC\n" + 207 "J4WMCF7mp17SaYYKX9F0AxwNJFpUkbB41IkTxPr0MmzB1871/pbY8dLAvA==\n" + 208 "-----END CERTIFICATE-----"; 209 210 // SHA1withRSA 1024 signed with RSA 512 211 static String endentiry_SHA1withRSA_1024_512 = 212 "-----BEGIN CERTIFICATE-----\n" + 213 "MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + 214 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + 215 "NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + 216 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + 217 "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" + 218 "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" + 219 "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" + 220 "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" + 221 "OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG\n" + 222 "9w0BAQUFAANBADV6X+ea0ftEKXy7yKNAbdIp35893T6AVwbdclomPkeOs86OtoTG\n" + 223 "1BIzWSK9QE7W6Wbf63e2RdcqoLK+DxsuwUg=\n" + 224 "-----END CERTIFICATE-----"; 225 226 // SHA1withRSA 512 signed with RSA 1024 227 static String endentiry_SHA1withRSA_512_1024 = 228 "-----BEGIN CERTIFICATE-----\n" + 229 "MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + 230 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + 231 "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + 232 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + 233 "DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo\n" + 234 "uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE\n" + 235 "AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU\n" + 236 "31g/ZkU6aXFAJVKhrrv0ebfAgeYwDQYJKoZIhvcNAQEFBQADgYEAUyW8PrEdbzLu\n" + 237 "B+h6UemBOJ024rYq90hJE/5wUEKPvxZ9vPEUgl+io6cGhL3cLfxfh6z5xtEGp4Tb\n" + 238 "NB0Ye3Qi01FBiNDY8s3rQRrmel6VysU8u+0Oi2jmQY6vZXn/zXN5rrTLITCaSicG\n" + 239 "dOMv1xLM83Ee432WWlDwKOUxhzDGpWc=\n" + 240 "-----END CERTIFICATE-----"; 241 242 // SHA1withRSA 512 signed with RSA 512 243 static String endentiry_SHA1withRSA_512_512 = 244 "-----BEGIN CERTIFICATE-----\n" + 245 "MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + 246 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + 247 "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + 248 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + 249 "DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo\n" + 250 "uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE\n" + 251 "AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU\n" + 252 "N0CHiTYPtjyvpP2a6y6mhsZ6U40wDQYJKoZIhvcNAQEFBQADQQBG4grtrVEHick0\n" + 253 "z/6Lcl/MGyHT0c8KTXE0AMVXG1NRjAicAmYno/yDaJ9OmfymObKZKV9fF7yCW/N/\n" + 254 "TMU6m7N0\n" + 255 "-----END CERTIFICATE-----"; 256 257 // MD2withRSA 1024 signed with RSA 1024 258 static String endentiry_MD2withRSA_1024_1024 = 259 "-----BEGIN CERTIFICATE-----\n" + 260 "MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ\n" + 261 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + 262 "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + 263 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + 264 "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" + 265 "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" + 266 "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" + 267 "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" + 268 "OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG\n" + 269 "9w0BAQIFAAOBgQBxKsFf8NNQcXjDoKJJSG4Rk6ikcrhiGYuUI32+XHvs6hnav1Zc\n" + 270 "aJUpy7J4gMj/MnysMh/4AF9+m6zEEjuisXKUbYZhgtJxz+ukGSo163mJ8QJiAlRb\n" + 271 "Iwsy81r08mlSCR6jx2YhDAUxJIPC92R5Vb4CEutB7tWTwwz7vIHq330erA==\n" + 272 "-----END CERTIFICATE-----"; 273 274 // MD2withRSA 1024 signed with RSA 512 275 static String endentiry_MD2withRSA_1024_512 = 276 "-----BEGIN CERTIFICATE-----\n" + 277 "MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ\n" + 278 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + 279 "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + 280 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + 281 "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" + 282 "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" + 283 "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" + 284 "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" + 285 "OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG\n" + 286 "9w0BAQIFAANBAIX63Ypi9P71RnC/pcMbhD+wekRFsTzU593X3MC7tyBJtEXwvAZG\n" + 287 "iMxXF5A+ohlr7/CrkV7ZTL8PLxnJdY5Y8rQ=\n" + 288 "-----END CERTIFICATE-----"; 289 290 static HashMap<String, String> certmap = new HashMap<String, String>(); 291 static { 292 certmap.put("trustAnchor_SHA1withRSA_1024", 293 trustAnchor_SHA1withRSA_1024); 294 certmap.put("trustAnchor_SHA1withRSA_512", 295 trustAnchor_SHA1withRSA_512); 296 certmap.put("intermediate_SHA1withRSA_1024_1024", 297 intermediate_SHA1withRSA_1024_1024); 298 certmap.put("intermediate_SHA1withRSA_1024_512", 299 intermediate_SHA1withRSA_1024_512); 300 certmap.put("intermediate_SHA1withRSA_512_1024", 301 intermediate_SHA1withRSA_512_1024); 302 certmap.put("intermediate_SHA1withRSA_512_512", 303 intermediate_SHA1withRSA_512_512); 304 certmap.put("intermediate_MD2withRSA_1024_1024", 305 intermediate_MD2withRSA_1024_1024); 306 certmap.put("intermediate_MD2withRSA_1024_512", 307 intermediate_MD2withRSA_1024_512); 308 certmap.put("endentiry_SHA1withRSA_1024_1024", 309 endentiry_SHA1withRSA_1024_1024); 310 certmap.put("endentiry_SHA1withRSA_1024_512", 311 endentiry_SHA1withRSA_1024_512); 312 certmap.put("endentiry_SHA1withRSA_512_1024", 313 endentiry_SHA1withRSA_512_1024); 314 certmap.put("endentiry_SHA1withRSA_512_512", 315 endentiry_SHA1withRSA_512_512); 316 certmap.put("endentiry_MD2withRSA_1024_1024", 317 endentiry_MD2withRSA_1024_1024); 318 certmap.put("endentiry_MD2withRSA_1024_512", 319 endentiry_MD2withRSA_1024_512); 320 } 321 generateTrustAnchors()322 private static Set<TrustAnchor> generateTrustAnchors() 323 throws CertificateException { 324 // generate certificate from cert string 325 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 326 HashSet<TrustAnchor> anchors = new HashSet<TrustAnchor>(); 327 328 ByteArrayInputStream is = 329 new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes()); 330 Certificate cert = cf.generateCertificate(is); 331 TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null); 332 anchors.add(anchor); 333 334 is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes()); 335 cert = cf.generateCertificate(is); 336 anchor = new TrustAnchor((X509Certificate)cert, null); 337 anchors.add(anchor); 338 339 return anchors; 340 } 341 generateCertificateStore()342 private static CertStore generateCertificateStore() throws Exception { 343 Collection entries = new HashSet(); 344 345 // generate certificate from certificate string 346 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 347 348 for (String key : certmap.keySet()) { 349 String certStr = certmap.get(key); 350 ByteArrayInputStream is = 351 new ByteArrayInputStream(certStr.getBytes());; 352 Certificate cert = cf.generateCertificate(is); 353 entries.add(cert); 354 } 355 356 return CertStore.getInstance("Collection", 357 new CollectionCertStoreParameters(entries)); 358 } 359 generateSelector(String name)360 private static X509CertSelector generateSelector(String name) 361 throws Exception { 362 X509CertSelector selector = new X509CertSelector(); 363 364 String certStr = certmap.get(name); 365 if (certStr == null) { 366 return null; 367 } 368 369 // generate certificate from certificate string 370 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 371 ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); 372 X509Certificate target = (X509Certificate)cf.generateCertificate(is); 373 374 selector.setCertificate(target); 375 376 return selector; 377 } 378 match(String name, Certificate cert)379 private static boolean match(String name, Certificate cert) 380 throws Exception { 381 X509CertSelector selector = new X509CertSelector(); 382 383 String certStr = certmap.get(name); 384 if (certStr == null) { 385 return false; 386 } 387 388 // generate certificate from certificate string 389 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 390 ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); 391 X509Certificate target = (X509Certificate)cf.generateCertificate(is); 392 393 return target.equals(cert); 394 } 395 main(String args[])396 public static void main(String args[]) throws Exception { 397 // reset the security property to make sure that the algorithms 398 // and keys used in this test are not disabled. 399 Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); 400 401 CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); 402 403 X509CertSelector selector = generateSelector(args[0]); 404 if (selector == null) { 405 // no target certificate, ignore it 406 return; 407 } 408 409 Set<TrustAnchor> anchors = generateTrustAnchors(); 410 CertStore certs = generateCertificateStore(); 411 412 PKIXBuilderParameters params = 413 new PKIXBuilderParameters(anchors, selector); 414 params.addCertStore(certs); 415 params.setRevocationEnabled(false); 416 params.setDate(new Date(109, 9, 1)); // 2009-09-01 417 418 boolean success = Boolean.valueOf(args[2]); 419 try { 420 PKIXCertPathBuilderResult result = 421 (PKIXCertPathBuilderResult)builder.build(params); 422 if (!success) { 423 throw new Exception("expected algorithm disabled exception"); 424 } 425 426 int length = Integer.parseInt(args[1]); 427 List<? extends Certificate> path = 428 result.getCertPath().getCertificates(); 429 if (length != path.size()) { 430 throw new Exception("unexpected certification path length"); 431 } 432 433 if (!path.isEmpty()) { // the target is not a trust anchor 434 if (!match(args[0], path.get(0))) { 435 throw new Exception("unexpected certificate"); 436 } 437 } 438 } catch (CertPathBuilderException cpbe) { 439 if (success) { 440 throw new Exception("unexpected exception"); 441 } else { 442 System.out.println("Get the expected exception " + cpbe); 443 } 444 } 445 } 446 447 } 448