1#
2# Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
3# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4#
5# This code is free software; you can redistribute it and/or modify it
6# under the terms of the GNU General Public License version 2 only, as
7# published by the Free Software Foundation.
8#
9# This code is distributed in the hope that it will be useful, but WITHOUT
10# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12# version 2 for more details (a copy is included in the LICENSE file that
13# accompanied this code).
14#
15# You should have received a copy of the GNU General Public License version
16# 2 along with this work; if not, write to the Free Software Foundation,
17# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18#
19# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20# or visit www.oracle.com if you need additional information or have any
21# questions.
22#
23
24# @test
25# @bug 6948803
26# @summary CertPath validation regression caused by SHA1 replacement root
27#  and MD2 disable feature
28#
29
30if [ "${TESTSRC}" = "" ] ; then
31  TESTSRC="."
32fi
33if [ "${TESTJAVA}" = "" ] ; then
34  JAVAC_CMD=`which javac`
35  TESTJAVA=`dirname $JAVAC_CMD`/..
36  COMPILEJAVA="${TESTJAVA}"
37fi
38
39# set platform-dependent variables
40OS=`uname -s`
41case "$OS" in
42  Windows_* )
43    FS="\\"
44    ;;
45  * )
46    FS="/"
47    ;;
48esac
49
50KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit \
51    -keypass changeit -keystore certreplace.jks -keyalg rsa"
52JAVAC=$COMPILEJAVA${FS}bin${FS}javac
53JAVA=$TESTJAVA${FS}bin${FS}java
54
55rm -rf certreplace.jks 2> /dev/null
56
57# 1. Generate 3 aliases in a keystore: ca, int, user
58
59$KT -genkeypair -alias ca -dname CN=CA -keyalg rsa -sigalg md2withrsa -ext bc
60$KT -genkeypair -alias int -dname CN=Int -keyalg rsa
61$KT -genkeypair -alias user -dname CN=User -keyalg rsa
62
63# 2. Signing: ca -> int -> user
64
65$KT -certreq -alias int | $KT -gencert -rfc -alias ca -ext bc \
66    | $KT -import -alias int
67$KT -certreq -alias user | $KT -gencert -rfc -alias int \
68    | $KT -import -alias user
69
70# 3. Create the certchain file
71
72$KT -export -alias user -rfc > certreplace.certs
73$KT -export -rfc -alias int >> certreplace.certs
74$KT -export -rfc -alias ca >> certreplace.certs
75
76# 4. Upgrade ca from MD2withRSA to SHA256withRSA, remove other aliases and
77# make this keystore the cacerts file
78
79$KT -selfcert -alias ca
80$KT -delete -alias int
81$KT -delete -alias user
82
83# 5. Build and run test
84
85$JAVAC ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} -d . ${TESTSRC}${FS}CertReplace.java
86$JAVA ${TESTVMOPTS} CertReplace certreplace.jks certreplace.certs
87