1# 2# Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. 3# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4# 5# This code is free software; you can redistribute it and/or modify it 6# under the terms of the GNU General Public License version 2 only, as 7# published by the Free Software Foundation. 8# 9# This code is distributed in the hope that it will be useful, but WITHOUT 10# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12# version 2 for more details (a copy is included in the LICENSE file that 13# accompanied this code). 14# 15# You should have received a copy of the GNU General Public License version 16# 2 along with this work; if not, write to the Free Software Foundation, 17# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18# 19# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20# or visit www.oracle.com if you need additional information or have any 21# questions. 22# 23 24# @test 25# @bug 6948803 26# @summary CertPath validation regression caused by SHA1 replacement root 27# and MD2 disable feature 28# 29 30if [ "${TESTSRC}" = "" ] ; then 31 TESTSRC="." 32fi 33if [ "${TESTJAVA}" = "" ] ; then 34 JAVAC_CMD=`which javac` 35 TESTJAVA=`dirname $JAVAC_CMD`/.. 36 COMPILEJAVA="${TESTJAVA}" 37fi 38 39# set platform-dependent variables 40OS=`uname -s` 41case "$OS" in 42 Windows_* ) 43 FS="\\" 44 ;; 45 * ) 46 FS="/" 47 ;; 48esac 49 50KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit \ 51 -keypass changeit -keystore certreplace.jks -keyalg rsa" 52JAVAC=$COMPILEJAVA${FS}bin${FS}javac 53JAVA=$TESTJAVA${FS}bin${FS}java 54 55rm -rf certreplace.jks 2> /dev/null 56 57# 1. Generate 3 aliases in a keystore: ca, int, user 58 59$KT -genkeypair -alias ca -dname CN=CA -keyalg rsa -sigalg md2withrsa -ext bc 60$KT -genkeypair -alias int -dname CN=Int -keyalg rsa 61$KT -genkeypair -alias user -dname CN=User -keyalg rsa 62 63# 2. Signing: ca -> int -> user 64 65$KT -certreq -alias int | $KT -gencert -rfc -alias ca -ext bc \ 66 | $KT -import -alias int 67$KT -certreq -alias user | $KT -gencert -rfc -alias int \ 68 | $KT -import -alias user 69 70# 3. Create the certchain file 71 72$KT -export -alias user -rfc > certreplace.certs 73$KT -export -rfc -alias int >> certreplace.certs 74$KT -export -rfc -alias ca >> certreplace.certs 75 76# 4. Upgrade ca from MD2withRSA to SHA256withRSA, remove other aliases and 77# make this keystore the cacerts file 78 79$KT -selfcert -alias ca 80$KT -delete -alias int 81$KT -delete -alias user 82 83# 5. Build and run test 84 85$JAVAC ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} -d . ${TESTSRC}${FS}CertReplace.java 86$JAVA ${TESTVMOPTS} CertReplace certreplace.jks certreplace.certs 87