OrderAndDup.java example

Explorer
openjdk-master
/*
 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 * @test
 * @bug 7143872
 * @summary Improve certificate extension processing
 * @modules java.base/sun.security.util
 *          java.base/sun.security.x509
 */
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRLEntry;
import java.util.Date;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
import sun.security.x509.*;

public class OrderAndDup {
    public static void main(String[] args) throws Exception {

        // Generate 20 serial numbers with dup and a special order
        int count = 20;
        BigInteger[] serials = new BigInteger[count];
        for (int i=0; i<count; i++) {
            serials[i] = BigInteger.valueOf(i*7%10);
        }

        // Generates a CRL
        X509CRLEntry[] badCerts = new X509CRLEntry[count];
        for (int i=0; i<count; i++) {
            badCerts[i] = new X509CRLEntryImpl(serials[i],
                    new Date(System.currentTimeMillis()+i*1000));
        }
        X500Name owner = new X500Name("CN=CA");
        X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");
        byte[] data = crl.getEncodedInternal();

        // Check the encoding
        checkData(crl, data, serials);

        // Load a CRL from raw data
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));

        // Check the encoding again
        data = crl2.getEncodedInternal();
        checkData(crl2, data, serials);
    }

    // Check the raw data's ASN.1 structure to see if the revoked certs
    // have the same number and correct order as inserted
    static void checkData(X509CRLImpl c, byte[] data, BigInteger[] expected)
            throws Exception {
        if (c.getRevokedCertificates().size() != expected.length) {
            throw new Exception("Wrong count in CRL object, now " +
                    c.getRevokedCertificates().size());
        }
        DerValue d1 = new DerValue(data);
        // revokedCertificates at 5th place of TBSCertList
        DerValue[] d2 = new DerInputStream(
                d1.data.getSequence(0)[4].toByteArray())
                .getSequence(0);
        if (d2.length != expected.length) {
            throw new Exception("Wrong count in raw data, now " + d2.length);
        }
        for (int i=0; i<d2.length; i++) {
            // Serial is first in revokedCertificates entry
            BigInteger bi = d2[i].data.getBigInteger();
            if (!bi.equals(expected[i])) {
                throw new Exception("Entry at #" + i + " is " + bi
                        + ", should be " + expected[i]);
            }
        }
    }
}