archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-22 20:14:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)

Browse source 
Reviewed-by: mullan, xuelei, weijun
This commit is contained in:
Jason Uh 2012-08-02 10:40:24 -04:00 committed by Sean Mullan
parent 47403da7be
commit 1bbbba58c1
7 changed files with 493 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

30
jdk/src/share/classes/java/security/cert/Certificate.java
View file

@ -27,6 +27,7 @@ package java.security.cert;
import java.util.Arrays; import java.util.Arrays;
import java.security.Provider;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException; import java.security.NoSuchProviderException;
@ -186,6 +187,35 @@ public abstract class Certificate implements java.io.Serializable {
InvalidKeyException, NoSuchProviderException, InvalidKeyException, NoSuchProviderException,
SignatureException; SignatureException;
/**
* Verifies that this certificate was signed using the
* private key that corresponds to the specified public key.
* This method uses the signature verification engine
* supplied by the specified provider. Note that the specified
* Provider object does not have to be registered in the provider list.
*
* <p> This method was added to version 1.8 of the Java Platform
* Standard Edition. In order to maintain backwards compatibility with
* existing service providers, this method cannot be <code>abstract</code>
* and by default throws an <code>UnsupportedOperationException</code>.
*
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the signature provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception SignatureException on signature errors.
* @exception CertificateException on encoding errors.
* @exception UnsupportedOperationException if the method is not supported
* @since 1.8
*/
public void verify(PublicKey key, Provider sigProvider)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, SignatureException {
throw new UnsupportedOperationException();
}
/** /**
* Returns a string representation of this certificate. * Returns a string representation of this certificate.
* *

29
jdk/src/share/classes/java/security/cert/X509CRL.java
View file

@ -30,6 +30,7 @@ import java.security.NoSuchProviderException;
import java.security.InvalidKeyException; import java.security.InvalidKeyException;
import java.security.SignatureException; import java.security.SignatureException;
import java.security.Principal; import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey; import java.security.PublicKey;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
@ -215,6 +216,34 @@ public abstract class X509CRL extends CRL implements X509Extension {
InvalidKeyException, NoSuchProviderException, InvalidKeyException, NoSuchProviderException,
SignatureException; SignatureException;
/**
* Verifies that this CRL was signed using the
* private key that corresponds to the given public key.
* This method uses the signature verification engine
* supplied by the given provider. Note that the specified Provider object
* does not have to be registered in the provider list.
*
* This method was added to version 1.8 of the Java Platform Standard
* Edition. In order to maintain backwards compatibility with existing
* service providers, this method is not <code>abstract</code>
* and it provides a default implementation.
*
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the signature provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception SignatureException on signature errors.
* @exception CRLException on encoding errors.
* @since 1.8
*/
public void verify(PublicKey key, Provider sigProvider)
throws CRLException, NoSuchAlgorithmException,
InvalidKeyException, SignatureException {
X509CRLImpl.verify(this, key, sigProvider);
}
/** /**
* Gets the <code>version</code> (version number) value from the CRL. * Gets the <code>version</code> (version number) value from the CRL.
* The ASN.1 definition for this is: * The ASN.1 definition for this is:

32
jdk/src/share/classes/java/security/cert/X509Certificate.java
View file

@ -26,8 +26,7 @@
package java.security.cert; package java.security.cert;
import java.math.BigInteger; import java.math.BigInteger;
import java.security.Principal; import java.security.*;
import java.security.PublicKey;
import java.util.Collection; import java.util.Collection;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
@ -640,4 +639,33 @@ implements X509Extension {
throws CertificateParsingException { throws CertificateParsingException {
return X509CertImpl.getIssuerAlternativeNames(this); return X509CertImpl.getIssuerAlternativeNames(this);
} }
/**
* Verifies that this certificate was signed using the
* private key that corresponds to the specified public key.
* This method uses the signature verification engine
* supplied by the specified provider. Note that the specified
* Provider object does not have to be registered in the provider list.
*
* This method was added to version 1.8 of the Java Platform Standard
* Edition. In order to maintain backwards compatibility with existing
* service providers, this method is not <code>abstract</code>
* and it provides a default implementation.
*
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the signature provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception SignatureException on signature errors.
* @exception CertificateException on encoding errors.
* @exception UnsupportedOperationException if the method is not supported
* @since 1.8
*/
public void verify(PublicKey key, Provider sigProvider)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, SignatureException {
X509CertImpl.verify(this, key, sigProvider);
}
} }

56
jdk/src/share/classes/sun/security/x509/X509CRLImpl.java
View file

@ -32,6 +32,7 @@ import java.math.BigInteger;
import java.security.Principal; import java.security.Principal;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.Provider;
import java.security.Signature; import java.security.Signature;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException; import java.security.InvalidKeyException;
@ -398,6 +399,61 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
verifiedProvider = sigProvider; verifiedProvider = sigProvider;
} }
/**
* Verifies that this CRL was signed using the
* private key that corresponds to the given public key,
* and that the signature verification was computed by
* the given provider. Note that the specified Provider object
* does not have to be registered in the provider list.
*
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the signature provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception SignatureException on signature errors.
* @exception CRLException on encoding errors.
*/
public synchronized void verify(PublicKey key, Provider sigProvider)
throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
SignatureException {
if (signedCRL == null) {
throw new CRLException("Uninitialized CRL");
}
Signature sigVerf = null;
if (sigProvider == null) {
sigVerf = Signature.getInstance(sigAlgId.getName());
} else {
sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
}
sigVerf.initVerify(key);
if (tbsCertList == null) {
throw new CRLException("Uninitialized CRL");
}
sigVerf.update(tbsCertList, 0, tbsCertList.length);
if (!sigVerf.verify(signature)) {
throw new SignatureException("Signature does not match.");
}
verifiedPublicKey = key;
}
/**
* This static method is the default implementation of the
* verify(PublicKey key, Provider sigProvider) method in X509CRL.
* Called from java.security.cert.X509CRL.verify(PublicKey key,
* Provider sigProvider)
*/
public static void verify(X509CRL crl, PublicKey key,
Provider sigProvider) throws CRLException,
NoSuchAlgorithmException, InvalidKeyException, SignatureException {
crl.verify(key, sigProvider);
}
/** /**
* Encodes an X.509 CRL, and signs it using the given key. * Encodes an X.509 CRL, and signs it using the given key.
* *

56
jdk/src/share/classes/sun/security/x509/X509CertImpl.java
View file

@ -452,6 +452,62 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
} }
} }
/**
* Throws an exception if the certificate was not signed using the
* verification key provided. This method uses the signature verification
* engine supplied by the specified provider. Note that the specified
* Provider object does not have to be registered in the provider list.
* Successfully verifying a certificate does <em>not</em> indicate that one
* should trust the entity which it represents.
*
* @param key the public key used for verification.
* @param sigProvider the provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception SignatureException on signature errors.
* @exception CertificateException on encoding errors.
*/
public synchronized void verify(PublicKey key, Provider sigProvider)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, SignatureException {
if (signedCert == null) {
throw new CertificateEncodingException("Uninitialized certificate");
}
// Verify the signature ...
Signature sigVerf = null;
if (sigProvider == null) {
sigVerf = Signature.getInstance(algId.getName());
} else {
sigVerf = Signature.getInstance(algId.getName(), sigProvider);
}
sigVerf.initVerify(key);
byte[] rawCert = info.getEncodedInfo();
sigVerf.update(rawCert, 0, rawCert.length);
// verify may throw SignatureException for invalid encodings, etc.
verificationResult = sigVerf.verify(signature);
verifiedPublicKey = key;
if (verificationResult == false) {
throw new SignatureException("Signature does not match.");
}
}
/**
* This static method is the default implementation of the
* verify(PublicKey key, Provider sigProvider) method in X509Certificate.
* Called from java.security.cert.X509Certificate.verify(PublicKey key,
* Provider sigProvider)
*/
public static void verify(X509Certificate cert, PublicKey key,
Provider sigProvider) throws CertificateException,
NoSuchAlgorithmException, InvalidKeyException, SignatureException {
cert.verify(key, sigProvider);
}
/** /**
* Creates an X.509 certificate, and signs it using the given key * Creates an X.509 certificate, and signs it using the given key
* (associating a signature algorithm and an X.500 name). * (associating a signature algorithm and an X.500 name).

153
jdk/test/sun/security/x509/X509CRLImpl/Verify.java Normal file
View file

@ -0,0 +1,153 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7026347
* @summary X509CRL should have verify(PublicKey key, Provider sigProvider)
*/
import java.io.ByteArrayInputStream;
import java.security.*;
import java.security.cert.*;
public class Verify {
static String selfSignedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA0MjcwMjI0MzJaFw0zMDA0MDcwMjI0MzJa\n" +
"MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
"AQUAA4GNADCBiQKBgQC4OTag24sTxL2tXTNuvpmUEtdxrYAZoFsslFQ60T+WD9wQ\n" +
"Jeiw87FSPsR2vxRuv0j8DNm2a4h7LNNIFcLurfNldbz5pvgZ7VqdbbUMPE9qP85n\n" +
"jgDl4woyRTSUeRI4A7O0CO6NpES21dtbdhroWQrEkHxpnrDPxsxrz5gf2m3gqwID\n" +
"AQABo4GJMIGGMB0GA1UdDgQWBBSCJd0hpl5PdAD9IZS+Hzng4lXLGzBHBgNVHSME\n" +
"QDA+gBSCJd0hpl5PdAD9IZS+Hzng4lXLG6EjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +
"BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" +
"DQYJKoZIhvcNAQEEBQADgYEAluy6HIjWcq009lTLmhp+Np6dxU78pInBK8RZkza0\n" +
"484qGaxFGD3UGyZkI5uWmsH2XuMbuox5khfIq6781gmkPBHXBIEtJN8eLusOHEye\n" +
"iE8h7WI+N3qa6Pj56WionMrioqC/3X+b06o147bbhx8U0vkYv/HyPaITOFfMXTdz\n" +
"Vjw=\n" +
"-----END CERTIFICATE-----";
static String crlIssuerCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIICKzCCAZSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA0MjcwMjI0MzNaFw0yOTAxMTIwMjI0MzNa\n" +
"MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
"AQUAA4GNADCBiQKBgQDMJeBMBybHykI/YpwUJ4O9euqDSLb1kpWpceBS8TVqvgBC\n" +
"SgUJWtFZL0i6bdvF6mMdlbuBkGzhXqHiVAi96/zRLbUC9F8SMEJ6MuD+YhQ0ZFTQ\n" +
"atKy8zf8O9XzztelLJ26Gqb7QPV133WY3haAqHtCXOhEKkCN16NOYNC37DTaJwID\n" +
"AQABo3cwdTAdBgNVHQ4EFgQULXSWzXzUOIpOJpzbSCpW42IJUugwRwYDVR0jBEAw\n" +
"PoAUgiXdIaZeT3QA/SGUvh854OJVyxuhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
"VQQKEwdFeGFtcGxlggEAMAsGA1UdDwQEAwIBAjANBgkqhkiG9w0BAQQFAAOBgQAY\n" +
"eMnf5AHSNlyUlzXk8o2S0h4gCuvKX6C3kFfKuZcWvFAbx4yQOWLS2s15/nzR4+AP\n" +
"FGX3lgJjROyAh7fGedTQK+NFWwkM2ag1g3hXktnlnT1qHohi0w31nVBJxXEDO/Ck\n" +
"uJTpJGt8XxxbFaw5v7cHy7XuTAeU/sekvjEiNHW00Q==\n" +
"-----END CERTIFICATE-----";
static String crlStr =
"-----BEGIN X509 CRL-----\n" +
"MIIBGzCBhQIBATANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQMA4GA1UE\n" +
"ChMHRXhhbXBsZRcNMDkwNDI3MDIzODA0WhcNMjgwNjI2MDIzODA0WjAiMCACAQUX\n" +
"DTA5MDQyNzAyMzgwMFowDDAKBgNVHRUEAwoBBKAOMAwwCgYDVR0UBAMCAQIwDQYJ\n" +
"KoZIhvcNAQEEBQADgYEAoarfzXEtw3ZDi4f9U8eSvRIipHSyxOrJC7HR/hM5VhmY\n" +
"CErChny6x9lBVg9s57tfD/P9PSzBLusCcHwHMAbMOEcTltVVKUWZnnbumpywlYyg\n" +
"oKLrE9+yCOkYUOpiRlz43/3vkEL5hjIKMcDSZnPKBZi1h16Yj2hPe9GMibNip54=\n" +
"-----END X509 CRL-----";
private static X509CRL crl;
private static PublicKey selfSignedCertPubKey;
private static PublicKey crlIssuerCertPubKey;
public static void main(String[] args) throws Exception {
setup();
/*
* Verify CRL with its own public key.
* Should pass.
*/
verifyCRL(crlIssuerCertPubKey, "SunRsaSign");
/*
* Try to verify CRL with a provider that does not have a Signature
* implementation.
* Should fail with NoSuchAlgorithmException.
*/
try {
verifyCRL(crlIssuerCertPubKey, "SunPCSC");
throw new RuntimeException("Didn't catch the exception properly");
} catch (NoSuchAlgorithmException e) {
System.out.println("Caught the correct exception.");
}
/*
* Try to verify CRL with a provider that has a Signature implementation
* but not of the right algorithm (MD5withRSA).
* Should fail with NoSuchAlgorithmException.
*/
try {
verifyCRL(crlIssuerCertPubKey, "SUN");
throw new RuntimeException("Didn't catch the exception properly");
} catch (NoSuchAlgorithmException e) {
System.out.println("Caught the correct exception.");
}
/*
* Try to verify CRL with the wrong public key.
* Should fail with SignatureException.
*/
try {
verifyCRL(selfSignedCertPubKey, "SunRsaSign");
throw new RuntimeException("Didn't catch the exception properly");
} catch (SignatureException e) {
System.out.println("Caught the correct exception.");
}
}
private static void setup() throws CertificateException, CRLException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
/* Create CRL */
ByteArrayInputStream inputStream =
new ByteArrayInputStream(crlStr.getBytes());
crl = (X509CRL)cf.generateCRL(inputStream);
/* Get public key of the CRL issuer cert */
inputStream = new ByteArrayInputStream(crlIssuerCertStr.getBytes());
X509Certificate cert
= (X509Certificate)cf.generateCertificate(inputStream);
crlIssuerCertPubKey = cert.getPublicKey();
/* Get public key of the self-signed Cert */
inputStream = new ByteArrayInputStream(selfSignedCertStr.getBytes());
selfSignedCertPubKey = cf.generateCertificate(inputStream).getPublicKey();
}
private static void verifyCRL(PublicKey key, String providerName)
throws CRLException, NoSuchAlgorithmException, InvalidKeyException,
SignatureException {
Provider provider = Security.getProvider(providerName);
crl.verify(key, provider);
}
}

139
jdk/test/sun/security/x509/X509CertImpl/Verify.java Normal file
View file

@ -0,0 +1,139 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7026347
* @summary Certificate should have
* verify(PublicKey key, Provider sigProvider)
*/
import java.io.ByteArrayInputStream;
import java.security.*;
import java.security.cert.*;
public class Verify {
static String selfSignedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA0MjcwMjI0MzJaFw0zMDA0MDcwMjI0MzJa\n" +
"MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
"AQUAA4GNADCBiQKBgQC4OTag24sTxL2tXTNuvpmUEtdxrYAZoFsslFQ60T+WD9wQ\n" +
"Jeiw87FSPsR2vxRuv0j8DNm2a4h7LNNIFcLurfNldbz5pvgZ7VqdbbUMPE9qP85n\n" +
"jgDl4woyRTSUeRI4A7O0CO6NpES21dtbdhroWQrEkHxpnrDPxsxrz5gf2m3gqwID\n" +
"AQABo4GJMIGGMB0GA1UdDgQWBBSCJd0hpl5PdAD9IZS+Hzng4lXLGzBHBgNVHSME\n" +
"QDA+gBSCJd0hpl5PdAD9IZS+Hzng4lXLG6EjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +
"BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" +
"DQYJKoZIhvcNAQEEBQADgYEAluy6HIjWcq009lTLmhp+Np6dxU78pInBK8RZkza0\n" +
"484qGaxFGD3UGyZkI5uWmsH2XuMbuox5khfIq6781gmkPBHXBIEtJN8eLusOHEye\n" +
"iE8h7WI+N3qa6Pj56WionMrioqC/3X+b06o147bbhx8U0vkYv/HyPaITOFfMXTdz\n" +
"Vjw=\n" +
"-----END CERTIFICATE-----";
static String crlIssuerCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIICKzCCAZSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ\n" +
"MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA0MjcwMjI0MzNaFw0yOTAxMTIwMjI0MzNa\n" +
"MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
"AQUAA4GNADCBiQKBgQDMJeBMBybHykI/YpwUJ4O9euqDSLb1kpWpceBS8TVqvgBC\n" +
"SgUJWtFZL0i6bdvF6mMdlbuBkGzhXqHiVAi96/zRLbUC9F8SMEJ6MuD+YhQ0ZFTQ\n" +
"atKy8zf8O9XzztelLJ26Gqb7QPV133WY3haAqHtCXOhEKkCN16NOYNC37DTaJwID\n" +
"AQABo3cwdTAdBgNVHQ4EFgQULXSWzXzUOIpOJpzbSCpW42IJUugwRwYDVR0jBEAw\n" +
"PoAUgiXdIaZeT3QA/SGUvh854OJVyxuhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
"VQQKEwdFeGFtcGxlggEAMAsGA1UdDwQEAwIBAjANBgkqhkiG9w0BAQQFAAOBgQAY\n" +
"eMnf5AHSNlyUlzXk8o2S0h4gCuvKX6C3kFfKuZcWvFAbx4yQOWLS2s15/nzR4+AP\n" +
"FGX3lgJjROyAh7fGedTQK+NFWwkM2ag1g3hXktnlnT1qHohi0w31nVBJxXEDO/Ck\n" +
"uJTpJGt8XxxbFaw5v7cHy7XuTAeU/sekvjEiNHW00Q==\n" +
"-----END CERTIFICATE-----";
private static X509Certificate cert;
private static PublicKey selfSignedCertPubKey;
private static PublicKey crlIssuerCertPubKey;
public static void main(String[] args) throws Exception {
setup();
/*
* Verify certificate with its own public key.
* Should pass.
*/
verifyCert(selfSignedCertPubKey,"SunRsaSign");
/*
* Try to verify certificate with a provider that does not have a
* Signature implementation.
* Should fail with NoSuchAlgorithmException.
*/
try {
verifyCert(selfSignedCertPubKey, "SunPCSC");
throw new RuntimeException("Didn't catch the exception properly");
} catch (NoSuchAlgorithmException e) {
System.out.println("Caught the correct exception.");
}
/*
* Try to verify certificate with a provider that has a Signature
* implementation but not of the right algorithm (MD5withRSA).
* Should fail with NoSuchAlgorithmException.
*/
try {
verifyCert(selfSignedCertPubKey, "SUN");
throw new RuntimeException("Didn't catch the exception properly");
} catch (NoSuchAlgorithmException e) {
System.out.println("Caught the correct exception.");
}
/*
* Try to verify certificate with the wrong public key.
* Should fail with SignatureException.
*/
try {
verifyCert(crlIssuerCertPubKey, "SunRsaSign");
throw new RuntimeException("Didn't catch the exception properly");
} catch (SignatureException e) {
System.out.println("Caught the correct exception.");
}
}
private static void setup() throws CertificateException, CRLException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
/* Get public key of the CRL issuer cert */
ByteArrayInputStream inputStream
= new ByteArrayInputStream(crlIssuerCertStr.getBytes());
cert = (X509Certificate)cf.generateCertificate(inputStream);
crlIssuerCertPubKey = cert.getPublicKey();
/* Get public key of the self-signed Cert */
inputStream = new ByteArrayInputStream(selfSignedCertStr.getBytes());
selfSignedCertPubKey = cf.generateCertificate(inputStream).getPublicKey();
}
private static void verifyCert(PublicKey key, String providerName)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, SignatureException {
Provider provider = Security.getProvider(providerName);
cert.verify(key, provider);
}
}