1 /* 2 * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // This test case relies on static security property, no way to re-use 25 // security property in samevm/agentvm mode. 26 27 /** 28 * @test 29 * 30 * @bug 8030829 31 * @summary Add MD5 to jdk.certpath.disabledAlgorithms security property 32 * 33 * @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_1024 0 true 34 * @run main/othervm CPBuilderWithMD5 trustAnchor_SHA1withRSA_512 0 true 35 * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_1024 1 true 36 * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_1024_512 1 false 37 * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_1024 1 false 38 * @run main/othervm CPBuilderWithMD5 intermediate_SHA1withRSA_512_512 1 false 39 * @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_1024 1 false 40 * @run main/othervm CPBuilderWithMD5 intermediate_MD5withRSA_1024_512 1 false 41 * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_1024 2 true 42 * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_1024_512 2 false 43 * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_1024 2 false 44 * @run main/othervm CPBuilderWithMD5 endentiry_SHA1withRSA_512_512 2 false 45 * @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_1024 2 false 46 * @run main/othervm CPBuilderWithMD5 endentiry_MD5withRSA_1024_512 2 false 47 * 48 * @author Xuelei Fan 49 */ 50 51 /* 52 * The generate.sh was designed to generate MD2 signed certificates. The 53 * certificates used in this test are generated by an updated generate.sh that 54 * replacing MD2 with MD5 algorithm. 55 */ 56 import java.io.*; 57 import java.net.SocketException; 58 import java.util.*; 59 import java.security.Security; 60 import java.security.cert.*; 61 62 public class CPBuilderWithMD5 { 63 64 // SHA1withRSA 1024 65 static String trustAnchor_SHA1withRSA_1024 = 66 "-----BEGIN CERTIFICATE-----\n" + 67 "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + 68 "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" + 69 "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" + 70 "AQUAA4GNADCBiQKBgQDn3JSHACqi/bcohVy7eFqDs3L5ehnXmF9Jrg4rMRUeNrxA\n" + 71 "61F8bJ9JXx4j8WyqmT0TtokgXuqGxbsXRQVVw4AdXLF2PwCs/y+Y+AwU59uDHA3J\n" + 72 "AMk4VvjV9MB2Ea6YzuLnbbj/TNrfxB6LZ7KBvh0fYGt2T40yMvOvilU/f6e3zQID\n" + 73 "AQABo4GJMIGGMB0GA1UdDgQWBBSIxINDFVm8GpUz3v+BbWNmDEKP7TBHBgNVHSME\n" + 74 "QDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" + 75 "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" + 76 "DQYJKoZIhvcNAQEFBQADgYEAt0mYDXTpInrGvEOylIL2gx65A/bpdz9iDQsSs5sZ\n" + 77 "r3m0v9zJnzR8lRqN4GbaD1vrFdkUrIoObcvXjXitnf5QqDzmc9BbIYj83Ft8QSUj\n" + 78 "jCMy04EGT/7ATss4SiFEu6sJpmOBjsgH6wYuobR27wl/01XOu2CXUo3OOjgAoPBs\n" + 79 "QoQ=\n" + 80 "-----END CERTIFICATE-----"; 81 82 // SHA1withRSA 512 83 static String trustAnchor_SHA1withRSA_512 = 84 "-----BEGIN CERTIFICATE-----\n" + 85 "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + 86 "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA4NTFaFw0zNDEyMDgxMTA4NTFa\n" + 87 "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" + 88 "BQADSwAwSAJBANLqQkOpH7rBTo/a2ccYjJxvNib/Lxm6UXO1uAd/0AUzPWzJsOpB\n" + 89 "u2zyD26UYc0GNyXCkWMZ44FrtSQ8VI146j8CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" + 90 "5PVLxBY//smN31jHb/MAmCEz5NIwRwYDVR0jBEAwPoAU5PVLxBY//smN31jHb/MA\n" + 91 "mCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" + 92 "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAzF9E\n" + 93 "dXYPLqziCRY45IHCUtxaLjLQmwsjEu91TV4xyuuozGEumcqH7m6Hg6Ohnd1FGfsN\n" + 94 "X+vt1tdaDIu9+OzGjQ==\n" + 95 "-----END CERTIFICATE-----"; 96 97 // SHA1withRSA 1024 signed with RSA 1024 98 static String intermediate_SHA1withRSA_1024_1024 = 99 "-----BEGIN CERTIFICATE-----\n" + 100 "MIICUDCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + 101 "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + 102 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + 103 "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + 104 "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + 105 "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + 106 "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + 107 "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" + 108 "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + 109 "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEA0673aIUF2k20jkpR\n" + 110 "4USN9UkbfX57Uazhl4n765EeAiteWnTzKztISeH1GTrCw7bSl1r07aaflsnbKOHC\n" + 111 "RrL2RxbxNwQARvuuCxr664vXnsGrt86xA5F2iNF22uDM/5HA5sIfBmEk5xXSLrgH\n" + 112 "I7jOaYqAA1b8C+4DU2Z5ZgO4LOA=\n" + 113 "-----END CERTIFICATE-----"; 114 115 // SHA1withRSA 1024 signed with RSA 512 116 static String intermediate_SHA1withRSA_1024_512 = 117 "-----BEGIN CERTIFICATE-----\n" + 118 "MIICDzCCAbmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + 119 "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + 120 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + 121 "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + 122 "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + 123 "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + 124 "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + 125 "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" + 126 "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + 127 "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQAihshnF7RWZ13tUGsH\n" + 128 "iM4i8HmBjw2+pwW/cs0E8BcycYEy3beWMcL1Np2yfOa/7K5ZvGPhe/piwzTel+Kt\n" + 129 "5VLm\n" + 130 "-----END CERTIFICATE-----"; 131 132 // SHA1withRSA 512 signed with RSA 1024 133 static String intermediate_SHA1withRSA_512_1024 = 134 "-----BEGIN CERTIFICATE-----\n" + 135 "MIICDDCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + 136 "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + 137 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + 138 "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" + 139 "lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" + 140 "AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" + 141 "PoAUiMSDQxVZvBqVM97/gW1jZgxCj+2hI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + 142 "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + 143 "CSqGSIb3DQEBBQUAA4GBAAHN8XUTT6asa1MvpfqAvKTH6tNrMOmzoFsUamPxSrUB\n" + 144 "tnBv/fa/E9+1QvQwl3g6luVXBkQf2/nVD0195IdkEuD/C6psuGKerXmiaRMv5Wcs\n" + 145 "B+8bTzhNxMzHKPZDJ8Tf/RD3XpPvtxw0T+I5xud68FH/WDhJtu7TiXPAhs7srtHt\n" + 146 "-----END CERTIFICATE-----"; 147 148 // SHA1withRSA 512 signed with RSA 512 149 static String intermediate_SHA1withRSA_512_512 = 150 "-----BEGIN CERTIFICATE-----\n" + 151 "MIIByzCCAXWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + 152 "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + 153 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + 154 "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK4h/iW3wt+ugR5ObWiFSl394UU/\n" + 155 "lWNm+N6UAgsBRhSzZz/Iof7xZTQI+usNXzOrTnU3+uZsMgokpjkrko1osxUCAwEA\n" + 156 "AaOBiTCBhjAdBgNVHQ4EFgQU88OD48Osuh7lJiLnhfMhrySqW8QwRwYDVR0jBEAw\n" + 157 "PoAU5PVLxBY//smN31jHb/MAmCEz5NKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + 158 "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + 159 "CSqGSIb3DQEBBQUAA0EASLN+1/pfo+9ty5EaYkoPu4QeYGr+5wmXyDceiaED/Lok\n" + 160 "RdV0ZH0qwD4kiarlJssNOgMCk+2EzgvXcIhEMDa5hA==\n" + 161 "-----END CERTIFICATE-----"; 162 163 // MD5withRSA 1024 signed with RSA 1024 164 static String intermediate_MD5withRSA_1024_1024 = 165 "-----BEGIN CERTIFICATE-----\n" + 166 "MIICUDCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" + 167 "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MDlaFw0zMzA5MTQxMTA5MDla\n" + 168 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + 169 "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + 170 "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + 171 "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + 172 "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + 173 "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBSIxINDFVm8GpUz3v+BbWNmDEKP7aEjpCEw\n" + 174 "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + 175 "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADgYEAerx2je3FBVn2eoPs\n" + 176 "nTzLKILezqCTCO7mXWiyBidRhh4RGdM8JggMN5SRmuwRurxfYFgPfqmAenWtEFqO\n" + 177 "xZrTXQUvIrrEgpzqkfppFnkCh4kDsX4roD5Nho3J4MTBQkqE0r676Yq6Rp6cywCq\n" + 178 "CHQQztRGY7n/ZYRNJ3uzvuoT1tk=\n" + 179 "-----END CERTIFICATE-----"; 180 181 // MD5withRSA 1024 signed with RSA 512 182 static String intermediate_MD5withRSA_1024_512 = 183 "-----BEGIN CERTIFICATE-----\n" + 184 "MIICDzCCAbmgAwIBAgIBCDANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" + 185 "MA4GA1UEChMHRXhhbXBsZTAeFw0xMzEyMjgxMTA5MTBaFw0zMzA5MTQxMTA5MTBa\n" + 186 "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + 187 "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/m9wdJT0HR+exquh2Q2Yq\n" + 188 "XvL9HtEsCabCikd0Vjuoi3sZJ/5SBbbHTvh7z7enW0NEpLHQee0ry5FW8mLxDtrR\n" + 189 "38NjE9W7zutucBG5WztwGuvcts13aEw+vH+EwhokJW9PXz9Do+y4PTJo3vdsk7Zs\n" + 190 "bGVY9+YjvlgEaozWXZ1JhQIDAQABo4GJMIGGMB0GA1UdDgQWBBQIsaDZL94kLug/\n" + 191 "A1N4EkNOA4z47DBHBgNVHSMEQDA+gBTk9UvEFj/+yY3fWMdv8wCYITPk0qEjpCEw\n" + 192 "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + 193 "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADQQA3XGQPNin8cDIsJ4vx\n" + 194 "tTxUO6XVJoWOdTsjwzlMrPmLvjJNZeXLtQe3pQu0vjgyUpQ59VYLW3qKN/LF3UH0\n" + 195 "Ep7V\n" + 196 "-----END CERTIFICATE-----"; 197 198 // SHA1withRSA 1024 signed with RSA 1024 199 static String endentiry_SHA1withRSA_1024_1024 = 200 "-----BEGIN CERTIFICATE-----\n" + 201 "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + 202 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + 203 "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + 204 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + 205 "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + 206 "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + 207 "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + 208 "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + 209 "8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" + 210 "9w0BAQUFAAOBgQB2RkWHOaL4WTOGoeTS4J4o9FW+4UXihbocdI/64rMExERjDkE/\n" + 211 "Jh31TEmatnP1gPrF1AfmqQPubqVSbRtCHrZF+Ilk6L6YeyRNzKvsLiMUtgrLYLas\n" + 212 "Vop0DFZxR02xHgaJdoJkcWBjNadb9zG7eZtt8OOOJ4lRwg02aLTy+WDqPA==\n" + 213 "-----END CERTIFICATE-----"; 214 215 // SHA1withRSA 1024 signed with RSA 512 216 static String endentiry_SHA1withRSA_1024_512 = 217 "-----BEGIN CERTIFICATE-----\n" + 218 "MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + 219 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + 220 "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + 221 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + 222 "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + 223 "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + 224 "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + 225 "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + 226 "8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" + 227 "9w0BAQUFAANBAIapvjECUm4YD4O99G0v2SM17cKQzjZtSWkScS7FSk4sxS+dP3hM\n" + 228 "Qb2UpoRl6CGynhOVVy2G/VJN8BEqOfywj8k=\n" + 229 "-----END CERTIFICATE-----"; 230 231 // SHA1withRSA 512 signed with RSA 1024 232 static String endentiry_SHA1withRSA_512_1024 = 233 "-----BEGIN CERTIFICATE-----\n" + 234 "MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + 235 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + 236 "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + 237 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + 238 "DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" + 239 "E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" + 240 "AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" + 241 "CLGg2S/eJC7oPwNTeBJDTgOM+OwwDQYJKoZIhvcNAQEFBQADgYEAMd/8XnjRz5jK\n" + 242 "nbss9DDQQC2mUuCbV/tGdke7eQ1DtBVZLBU6wDgisGr52sUXmyZIPmSVKpQqwCG5\n" + 243 "8cY5uQhaNwPtPmMMKXzX32zN9NhVkiDNceL+zHs3vdjD1i/QiUTST+NKfLYVb6dF\n" + 244 "YMG65lxe3gMVxMweiHSZSukmk1k3gUA=\n" + 245 "-----END CERTIFICATE-----"; 246 247 // SHA1withRSA 512 signed with RSA 512 248 static String endentiry_SHA1withRSA_512_512 = 249 "-----BEGIN CERTIFICATE-----\n" + 250 "MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + 251 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + 252 "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + 253 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + 254 "DQEBAQUAA0sAMEgCQQCngiNTE+qngHcfj2jUpdc82gCw+TFRjR7oMSdp7b/3NwpD\n" + 255 "E+11z9WspoXTDzvbKcGUH9svFl691NyY0ZUmf+4RAgMBAAGjTzBNMAsGA1UdDwQE\n" + 256 "AwID6DAdBgNVHQ4EFgQUK+oVsFTQbz08evgQZ5Sd82c2y4UwHwYDVR0jBBgwFoAU\n" + 257 "88OD48Osuh7lJiLnhfMhrySqW8QwDQYJKoZIhvcNAQEFBQADQQB4xFWtC6ijDBIe\n" + 258 "/Gkf3B9+ycmP52pTPNiPwMS6u1a5vTRXMn5xRDexWfxJKJVZ2s9UR1jheZvWgPC8\n" + 259 "VUWO8bbG\n" + 260 "-----END CERTIFICATE-----"; 261 262 // MD5withRSA 1024 signed with RSA 1024 263 static String endentiry_MD5withRSA_1024_1024 = 264 "-----BEGIN CERTIFICATE-----\n" + 265 "MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" + 266 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + 267 "MTJaFw0zMzA5MTQxMTA5MTJaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + 268 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + 269 "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + 270 "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + 271 "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + 272 "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + 273 "8e7JW1tPUDAfBgNVHSMEGDAWgBQIsaDZL94kLug/A1N4EkNOA4z47DANBgkqhkiG\n" + 274 "9w0BAQQFAAOBgQBCVn9/JQxsRTaKIKSrgB+KtEreat+33k3SXuJICuRxcmvjOXIx\n" + 275 "wSdq+mRCA+DpIPSNtgnDAUyipnyxRxpdmRRUHuRYpkALq4a5QtTJK0Y/CEMfsd2J\n" + 276 "Yd2zKcfynDLW6LVeNdtjlY7fTemJnbA/WImNhwyW55V9vbnk3J04EZN8jw==\n" + 277 "-----END CERTIFICATE-----"; 278 279 // MD5withRSA 1024 signed with RSA 512 280 static String endentiry_MD5withRSA_1024_512 = 281 "-----BEGIN CERTIFICATE-----\n" + 282 "MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJVUzEQ\n" + 283 "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0xMzEyMjgxMTA5\n" + 284 "MTNaFw0zMzA5MTQxMTA5MTNaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + 285 "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + 286 "9w0BAQEFAAOBjQAwgYkCgYEAvktJqK4/SvQrTyGgV8tM6zP/K5xQP1pFRipRKS8i\n" + 287 "2yaXdlW4jQBZWVXdfEsm8YwGwtXFKIlleALmgJcLldPwNm0qaKixL4mRJVMm4bXM\n" + 288 "UXCfmr+Im1SpA4Yum4VFCfIJ1kkeQkXqc57sCSfS+rFnC+1kSNa9wj+Mc4+5FR4k\n" + 289 "zqUCAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBRDzLh/sWyTsdq1KKnG\n" + 290 "8e7JW1tPUDAfBgNVHSMEGDAWgBTzw4Pjw6y6HuUmIueF8yGvJKpbxDANBgkqhkiG\n" + 291 "9w0BAQQFAANBAAbZwmkqb6sfiiIxuLnj6PjhJsXGfvPomkkbLu5CapAMhen/p6ZG\n" + 292 "6vh69TbIsBR9UHu7qDyTl5Xax7bmYeW+sDQ=\n" + 293 "-----END CERTIFICATE-----"; 294 295 static HashMap<String, String> certmap = new HashMap<String, String>(); 296 static { 297 certmap.put("trustAnchor_SHA1withRSA_1024", 298 trustAnchor_SHA1withRSA_1024); 299 certmap.put("trustAnchor_SHA1withRSA_512", 300 trustAnchor_SHA1withRSA_512); 301 certmap.put("intermediate_SHA1withRSA_1024_1024", 302 intermediate_SHA1withRSA_1024_1024); 303 certmap.put("intermediate_SHA1withRSA_1024_512", 304 intermediate_SHA1withRSA_1024_512); 305 certmap.put("intermediate_SHA1withRSA_512_1024", 306 intermediate_SHA1withRSA_512_1024); 307 certmap.put("intermediate_SHA1withRSA_512_512", 308 intermediate_SHA1withRSA_512_512); 309 certmap.put("intermediate_MD5withRSA_1024_1024", 310 intermediate_MD5withRSA_1024_1024); 311 certmap.put("intermediate_MD5withRSA_1024_512", 312 intermediate_MD5withRSA_1024_512); 313 certmap.put("endentiry_SHA1withRSA_1024_1024", 314 endentiry_SHA1withRSA_1024_1024); 315 certmap.put("endentiry_SHA1withRSA_1024_512", 316 endentiry_SHA1withRSA_1024_512); 317 certmap.put("endentiry_SHA1withRSA_512_1024", 318 endentiry_SHA1withRSA_512_1024); 319 certmap.put("endentiry_SHA1withRSA_512_512", 320 endentiry_SHA1withRSA_512_512); 321 certmap.put("endentiry_MD5withRSA_1024_1024", 322 endentiry_MD5withRSA_1024_1024); 323 certmap.put("endentiry_MD5withRSA_1024_512", 324 endentiry_MD5withRSA_1024_512); 325 } 326 generateTrustAnchors()327 private static Set<TrustAnchor> generateTrustAnchors() 328 throws CertificateException { 329 // generate certificate from cert string 330 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 331 HashSet<TrustAnchor> anchors = new HashSet<TrustAnchor>(); 332 333 ByteArrayInputStream is = 334 new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes()); 335 Certificate cert = cf.generateCertificate(is); 336 TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null); 337 anchors.add(anchor); 338 339 is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes()); 340 cert = cf.generateCertificate(is); 341 anchor = new TrustAnchor((X509Certificate)cert, null); 342 anchors.add(anchor); 343 344 return anchors; 345 } 346 generateCertificateStore()347 private static CertStore generateCertificateStore() throws Exception { 348 Collection entries = new HashSet(); 349 350 // generate certificate from certificate string 351 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 352 353 for (String key : certmap.keySet()) { 354 String certStr = certmap.get(key); 355 ByteArrayInputStream is = 356 new ByteArrayInputStream(certStr.getBytes());; 357 Certificate cert = cf.generateCertificate(is); 358 entries.add(cert); 359 } 360 361 return CertStore.getInstance("Collection", 362 new CollectionCertStoreParameters(entries)); 363 } 364 generateSelector(String name)365 private static X509CertSelector generateSelector(String name) 366 throws Exception { 367 X509CertSelector selector = new X509CertSelector(); 368 369 String certStr = certmap.get(name); 370 if (certStr == null) { 371 return null; 372 } 373 374 // generate certificate from certificate string 375 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 376 ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); 377 X509Certificate target = (X509Certificate)cf.generateCertificate(is); 378 379 selector.setCertificate(target); 380 381 return selector; 382 } 383 match(String name, Certificate cert)384 private static boolean match(String name, Certificate cert) 385 throws Exception { 386 X509CertSelector selector = new X509CertSelector(); 387 388 String certStr = certmap.get(name); 389 if (certStr == null) { 390 return false; 391 } 392 393 // generate certificate from certificate string 394 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 395 ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); 396 X509Certificate target = (X509Certificate)cf.generateCertificate(is); 397 398 return target.equals(cert); 399 } 400 main(String args[])401 public static void main(String args[]) throws Exception { 402 CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); 403 404 X509CertSelector selector = generateSelector(args[0]); 405 if (selector == null) { 406 // no target certificate, ignore it 407 return; 408 } 409 410 Set<TrustAnchor> anchors = generateTrustAnchors(); 411 CertStore certs = generateCertificateStore(); 412 413 PKIXBuilderParameters params = 414 new PKIXBuilderParameters(anchors, selector); 415 params.addCertStore(certs); 416 params.setRevocationEnabled(false); 417 params.setDate(new Date(114, 9, 1)); // 2014-09-01 418 419 boolean success = Boolean.valueOf(args[2]); 420 try { 421 PKIXCertPathBuilderResult result = 422 (PKIXCertPathBuilderResult)builder.build(params); 423 if (!success) { 424 throw new Exception("expected algorithm disabled exception"); 425 } 426 427 int length = Integer.parseInt(args[1]); 428 List<? extends Certificate> path = 429 result.getCertPath().getCertificates(); 430 if (length != path.size()) { 431 throw new Exception("unexpected certification path length"); 432 } 433 434 if (!path.isEmpty()) { // the target is not a trust anchor 435 if (!match(args[0], path.get(0))) { 436 throw new Exception("unexpected certificate"); 437 } 438 } 439 } catch (CertPathBuilderException cpbe) { 440 if (success) { 441 throw new Exception("unexpected exception", cpbe); 442 } else { 443 System.out.println("Get the expected exception " + cpbe); 444 } 445 } 446 } 447 448 } 449