From c2a44d740cd009e3c8819509739093f60ed37658 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Tue, 30 May 2023 23:52:28 -0700 Subject: [PATCH 01/17] 8308592: Update CA interop tests --- .../certification/ActalisCA.java | 199 +----- .../certification/BuypassCA.java | 328 ++------- .../certification/ComodoCA.java | 634 ++---------------- .../certification/EntrustCA.java | 312 ++------- .../certification/GlobalSignR6CA.java | 203 +----- .../certification/GoDaddyCA.java | 324 ++------- .../certification/LetsEncryptCA.java | 174 +---- .../certification/QuoVadisCA.java | 481 ++----------- .../certification/SSLCA.java | 481 ++----------- .../certification/TeliaSoneraCA.java | 178 +---- .../certification/ValidatePathWithURL.java | 168 +++++ 11 files changed, 544 insertions(+), 2938 deletions(-) create mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java index cd1db71c418ef..d75bb8bcf769c 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java @@ -22,11 +22,22 @@ */ /* - * @test + * @test id=OCSP * @bug 8189131 * @summary Interoperability tests with Actalis CA - * @build ValidatePathWithParams + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm/timeout=180 -Djava.security.debug=certpath ActalisCA OCSP + */ + +/* + * @test id=CRL + * @bug 8189131 + * @summary Interoperability tests with Actalis CA + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm/timeout=180 -Djava.security.debug=certpath ActalisCA CRL */ @@ -38,180 +49,26 @@ * * Test website with *revoked* TLS Server certificate: * https://ssltest-revoked.actalis.it/ - * - * Test website with *expired* TLS Server certificate: - * https://ssltest-expired.actalis.it/ */ public class ActalisCA { - // Owner: CN=Actalis Organization Validated Server CA G3, O=Actalis S.p.A., - // L=Ponte San Pietro, ST=Bergamo, C=IT - // Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A ./03358520967, - // L=Milan, C=IT - // Serial number: 5c3b3f37adfc28fe0fcfd3abf83f8551 - // Valid from: Mon Jul 06 00:20:55 PDT 2020 until: Sun Sep 22 04:22:02 PDT 2030 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIHdTCCBV2gAwIBAgIQXDs/N638KP4Pz9Or+D+FUTANBgkqhkiG9w0BAQsFADBr\n" + - "MQswCQYDVQQGEwJJVDEOMAwGA1UEBwwFTWlsYW4xIzAhBgNVBAoMGkFjdGFsaXMg\n" + - "Uy5wLkEuLzAzMzU4NTIwOTY3MScwJQYDVQQDDB5BY3RhbGlzIEF1dGhlbnRpY2F0\n" + - "aW9uIFJvb3QgQ0EwHhcNMjAwNzA2MDcyMDU1WhcNMzAwOTIyMTEyMjAyWjCBiTEL\n" + - "MAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNh\n" + - "biBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMTQwMgYDVQQDDCtBY3Rh\n" + - "bGlzIE9yZ2FuaXphdGlvbiBWYWxpZGF0ZWQgU2VydmVyIENBIEczMIICIjANBgkq\n" + - "hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs73Ch+t2owm3ayTkyqy0OPuCTiybxTyS\n" + - "4cU4y0t2RGSwCNjLh/rcutO0yoriZxVtPrNMcIRQ544BQhHFt/ypW7e+t8wWKrHa\n" + - "r3BkKwSUbqNwpDWP1bXs7IJTVhHXWGAm7Ak1FhrrBmtXk8QtdzTzDDuxfFBK7sCL\n" + - "N0Jdqoqb1V1z3wsWqAvr4KlSCFW05Nh4baWm/kXOmb8U+XR6kUmuoVvia3iBhotR\n" + - "TzAHTO9SWWkgjTcir/nhBvyL2RoqkgYyP/k50bznaVOGFnFWzfl0XnrM/salfCBh\n" + - "O0/1vNaoU8elR6AtbdCFAupgQy95GuFIRVS8n/cF0QupfPjUl+kGSLzvGAc+6oNE\n" + - "alpAhKIS/+P0uODzRrS9Eq0WX1iSj6KHtQMNN4ZKsS4nsuvYCahnAc0QwQyoduAW\n" + - "iU/ynhU9WTIEe1VIoEDE79NPOI2/80RqbZqdpAKUaf0FvuqVXhEcjiJJu+d0w9YN\n" + - "b7gurd6xkaSXemW/fP4idBiNkd8aCVAdshGQYn6yh+na0Lu5IG88Z2kSIFcXDtwy\n" + - "zjcxkW86pwkO6GekEomVBNKcv0Cey2Smf8uhpZk15TSCeyFDrZBWH9OsDst/Tnhz\n" + - "pN156Huw3M3RRdEegt33fcyPykgt0HThxrEv9DwOzhs6lCQ5RNQJO7ZvZF1ZiqgT\n" + - "FOJ6vs1xMqECAwEAAaOCAfQwggHwMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw\n" + - "FoAUUtiIOsifeGbtifN7OHCUyQICNtAwQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUF\n" + - "BzABhiVodHRwOi8vb2NzcDA1LmFjdGFsaXMuaXQvVkEvQVVUSC1ST09UMEUGA1Ud\n" + - "IAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hY3RhbGlz\n" + - "Lml0L2FyZWEtZG93bmxvYWQwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB\n" + - "MIHjBgNVHR8EgdswgdgwgZaggZOggZCGgY1sZGFwOi8vbGRhcDA1LmFjdGFsaXMu\n" + - "aXQvY24lM2RBY3RhbGlzJTIwQXV0aGVudGljYXRpb24lMjBSb290JTIwQ0EsbyUz\n" + - "ZEFjdGFsaXMlMjBTLnAuQS4lMmYwMzM1ODUyMDk2NyxjJTNkSVQ/Y2VydGlmaWNh\n" + - "dGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwPaA7oDmGN2h0dHA6Ly9jcmwwNS5hY3Rh\n" + - "bGlzLml0L1JlcG9zaXRvcnkvQVVUSC1ST09UL2dldExhc3RDUkwwHQYDVR0OBBYE\n" + - "FJ+KsbXxsd6C9Cd8vojN3qlDgaNLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B\n" + - "AQsFAAOCAgEAJbygMnKJ5M6byr5Ectq05ODqwNMtky8TEF3O55g6RHhxblf6OegZ\n" + - "4ui4+ElHNOIXjycbeuUGuFA4LScCC9fnI1Rnn8TI2Q7OP5YWifEfnrdp99t/tJzQ\n" + - "hfdi7ZTdRRZZGV9x+grfR/RtjT2C3Lt9X4lcbuSxTea3PHAwwi0A3bYRR1L5ciPm\n" + - "eAnYtG9kpat8/RuC22oxiZZ5FdjU6wrRWkASRLiIwNcFIYfvpUbMWElaCUhqaB2y\n" + - "YvWF8o02pnaYb4bvTCg4cVabVnojUuuXH81LeQhhsSXLwcdwSdew0NL4zCiNCn2Q\n" + - "iDZpz2biCWDggibmWxsUUF6AbqMHnwsdS8vsKXiFQJHeAdNAhA+kwpqYAdhUiCdj\n" + - "RTUdtRNUucLvZEN1OAvVYyog9xYCfhtkqgXQROMANP+Z/+yaZahaP/Vgak/V00se\n" + - "Hdh7F+B6h5HVdwdh+17E2jl+aMTfyvBFcg2H/9Qjyl4TY8NW/6v0DPK52sVt8a35\n" + - "I+7xLGLPohAl4z6pEf2OxgjMNfXXCXS33smRgz1dLQFo8UpAb3rf84zkXaqEI6Qi\n" + - "2P+5pibVFQigRbn4RcE+K2a/nm2M/o+WZTSio+E+YXacnNk71VcO82biOof+jBKT\n" + - "iC3Xi7rAlypmme+QFBw9F1J89ig3smV/HaN8tO0lfTpvm7Zvzd5TkMs=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=ssltest-active.actalis.it, O=Actalis S.p.A., L=Ponte San Pietro, - // ST=Bergamo, C=IT - // Issuer: CN=Actalis Organization Validated Server CA G3, O=Actalis S.p A., - // L=Ponte San Pietro, ST=Bergamo, C=IT - // Serial number: 4a49e2afcd448af3b7f5f14e1cd5954 - // Valid from: Tue Mar 08 08:00:57 PST 2022 until: Wed Mar 08 08:00:57 PST 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIH0jCCBbqgAwIBAgIQBKSeKvzUSK87f18U4c1ZVDANBgkqhkiG9w0BAQsFADCB\n" + - "iTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRl\n" + - "IFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMTQwMgYDVQQDDCtB\n" + - "Y3RhbGlzIE9yZ2FuaXphdGlvbiBWYWxpZGF0ZWQgU2VydmVyIENBIEczMB4XDTIy\n" + - "MDMwODE2MDA1N1oXDTIzMDMwODE2MDA1N1owdzELMAkGA1UEBhMCSVQxEDAOBgNV\n" + - "BAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNhbiBQaWV0cm8xFzAVBgNVBAoM\n" + - "DkFjdGFsaXMgUy5wLkEuMSIwIAYDVQQDDBlzc2x0ZXN0LWFjdGl2ZS5hY3RhbGlz\n" + - "Lml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJnlOatNNth7gfqZ\n" + - "WN8HMfp9qlkDf/YW8ReNXyTtqFEy2xZrVVmAV2XIqL1lJDYJz86mdVsz3AqIMTzo\n" + - "GxPlmn/oEnF0YeRYQ1coKRdwP7hWSwqyMMhh+C7r5zMA9gQQVXV5wWR5U+bgvt23\n" + - "Y/55DOqk3Fp5Odt6Lyu6xA45MwHrj2Gr/nMKe8L7f8UYPWT98MJa1+TXB24yllOw\n" + - "rZE8gZByLBCVzDkVwRwTgu+HgY6zm5sJTvBT4tyJy4QD8u2xLWoZ5sXodrU0Z3Nf\n" + - "xU9keMFp6CIh1t+akqFgpW81b/HWkfUO0+L6PH4hgaSPtiwp2dVFsF9v5p4on9qA\n" + - "2j1d9QIDAQABo4IDRTCCA0EwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSfirG1\n" + - "8bHegvQnfL6Izd6pQ4GjSzB+BggrBgEFBQcBAQRyMHAwOwYIKwYBBQUHMAKGL2h0\n" + - "dHA6Ly9jYWNlcnQuYWN0YWxpcy5pdC9jZXJ0cy9hY3RhbGlzLWF1dGhvdmczMDEG\n" + - "CCsGAQUFBzABhiVodHRwOi8vb2NzcDA5LmFjdGFsaXMuaXQvVkEvQVVUSE9WLUcz\n" + - "MCQGA1UdEQQdMBuCGXNzbHRlc3QtYWN0aXZlLmFjdGFsaXMuaXQwUQYDVR0gBEow\n" + - "SDA8BgYrgR8BFAEwMjAwBggrBgEFBQcCARYkaHR0cHM6Ly93d3cuYWN0YWxpcy5p\n" + - "dC9hcmVhLWRvd25sb2FkMAgGBmeBDAECAjAdBgNVHSUEFjAUBggrBgEFBQcDAgYI\n" + - "KwYBBQUHAwEwSAYDVR0fBEEwPzA9oDugOYY3aHR0cDovL2NybDA5LmFjdGFsaXMu\n" + - "aXQvUmVwb3NpdG9yeS9BVVRIT1YtRzMvZ2V0TGFzdENSTDAdBgNVHQ4EFgQUIbcm\n" + - "54DVM6gC8DYhvnZg8ILaLrAwDgYDVR0PAQH/BAQDAgWgMIIBfQYKKwYBBAHWeQIE\n" + - "AgSCAW0EggFpAWcAdQCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAA\n" + - "AX9qTFEkAAAEAwBGMEQCIFB4RW+Fca/jj96sFg9JtZVe/CAQq74HAezTi2AD07qL\n" + - "AiBej8APns5uKmaHNYbU6lel6kdowIaUY/+iqX82e2KhrAB2AOg+0No+9QY1MudX\n" + - "KLyJa8kD08vREWvs62nhd31tBr1uAAABf2pMUVMAAAQDAEcwRQIgcopYpSUDiQ2C\n" + - "7j06vgbfsn3ux4REvpbrbWatifLtfVMCIQCi96i+4EhAUOw4dumA7hJwlG+qD/+5\n" + - "uSL3aKB9KR7apAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAAB\n" + - "f2pMUYEAAAQDAEcwRQIgdCNjaV7nQcCiVefX28u1vtQMy+rqT4F4i9EVJ2xbqbQC\n" + - "IQCrpcYqt53tX/rSMoGnjFhDGnMhnYyc2AqzpokfhmdcVTANBgkqhkiG9w0BAQsF\n" + - "AAOCAgEAfXISBKP1dZQv1kkWZVDXiVY/fv+068DKq2e8hgBcsN6b9a2rlVfBU2iq\n" + - "W9KqFNET5GDWf1wjM71Itjau8b1A3+apcNdEGQk3eqIOymK5kVtVvAI2ahp4926x\n" + - "Kkt/sexmi1pJGA+eLfTixkCoaESh5P8U7HDW/vUFXm2AtLQih+oT5OVoYt5e9pXr\n" + - "hr8oadm/ZDJxiyDL1vcTIsl2TM4/Fpo2IWxYzUC+YshnuLiRwWI840maJmWFx/lJ\n" + - "Pzdik3P51Uef7VsCSBhTxER09/B4IrEUMDAhVgG5QNbcFSHvnmpV8JLrNuBKUROU\n" + - "xnDsWieKlb5YO6S6PjGOncOrd+k4RCIYRaekSnx52WBKkpqxMEv/rjY1Glx4Cota\n" + - "mpNiYDvZHGzrRQtY2eH17XhFatBxEEbJMA+0QPbFksHcKxAxJgMDncqag4TDq5fT\n" + - "I2NUxqiB51F5w0x+++lyLnUZ+z4BJFZ73VdtfoJ2fsuRhemOoZjHPi/V2exXpAfb\n" + - "pomha3KCrTcuFv1lj8mPx5L4ciNPxuDFgjeXEaTGjS8IvdNoJIrgdHdahMwkwS/y\n" + - "wei7FJ1Ey0maqRUpUlAY6sIQPQ/KDltTuKX/C94C5pYLI0JXCScr5xg6C+r2ckbA\n" + - "rjhpn3C/NptVyZgT8bL4XT5ITrAjwPciBj0yxYzUkrLZO1wKQSQ=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=ssltest-revoked.actalis.it, O=Actalis S.p.A., L=Ponte San Pietro, ST=Bergamo, C=IT - // Issuer: CN=Actalis Organization Validated Server CA G3, O=Actalis S.p.A., - // L=Ponte San Pietro, ST=Bergamo, C=IT - // Serial number: 320955171b78d49507508910da2c5bc4 - // Valid from: Tue Sep 27 03:40:43 PDT 2022 until: Wed Sep 27 03:40:43 PDT 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIH1TCCBb2gAwIBAgIQMglVFxt41JUHUIkQ2ixbxDANBgkqhkiG9w0BAQsFADCB\n" + - "iTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRl\n" + - "IFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMTQwMgYDVQQDDCtB\n" + - "Y3RhbGlzIE9yZ2FuaXphdGlvbiBWYWxpZGF0ZWQgU2VydmVyIENBIEczMB4XDTIy\n" + - "MDkyNzEwNDA0M1oXDTIzMDkyNzEwNDA0M1oweDELMAkGA1UEBhMCSVQxEDAOBgNV\n" + - "BAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNhbiBQaWV0cm8xFzAVBgNVBAoM\n" + - "DkFjdGFsaXMgUy5wLkEuMSMwIQYDVQQDDBpzc2x0ZXN0LXJldm9rZWQuYWN0YWxp\n" + - "cy5pdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKdBnbeFtw/Ejp1U\n" + - "gr86BQ5rqgGXWWXb7fsOhPb5On9RXTojg6oaeIV4GxHsMZhEDKQdcZ6JWAo2dbtp\n" + - "/7ereFEDWG/YJahLHFZ/ihXG4AmfObYEhoGbKitW75fOs/aWC7Veck/sXsw7cjLW\n" + - "GY623ybcF9DBExg3S4uLRaSkv5hXUDu/CzphUgwiEd5YNBZjcryOiS8+Y5EQ+2q+\n" + - "g+tdRG9m5G5YxeHWgQz2HDDwLDsJhWkb8/RsUurU/I+avHPhYk13K5Ysf311gww8\n" + - "bAsplfdJ2gdn8Is+EAEH4GJHqMybC95YDh1w5dY7dk/lIoNX4hYUIQimirIr3OW8\n" + - "Svkj1G8CAwEAAaOCA0cwggNDMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUn4qx\n" + - "tfGx3oL0J3y+iM3eqUOBo0swfgYIKwYBBQUHAQEEcjBwMDsGCCsGAQUFBzAChi9o\n" + - "dHRwOi8vY2FjZXJ0LmFjdGFsaXMuaXQvY2VydHMvYWN0YWxpcy1hdXRob3ZnMzAx\n" + - "BggrBgEFBQcwAYYlaHR0cDovL29jc3AwOS5hY3RhbGlzLml0L1ZBL0FVVEhPVi1H\n" + - "MzAlBgNVHREEHjAcghpzc2x0ZXN0LXJldm9rZWQuYWN0YWxpcy5pdDBRBgNVHSAE\n" + - "SjBIMDwGBiuBHwEUATAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hY3RhbGlz\n" + - "Lml0L2FyZWEtZG93bmxvYWQwCAYGZ4EMAQICMB0GA1UdJQQWMBQGCCsGAQUFBwMC\n" + - "BggrBgEFBQcDATBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsMDkuYWN0YWxp\n" + - "cy5pdC9SZXBvc2l0b3J5L0FVVEhPVi1HMy9nZXRMYXN0Q1JMMB0GA1UdDgQWBBS6\n" + - "o8qJpg3ixoyA2QBayptaTfc+5DAOBgNVHQ8BAf8EBAMCBaAwggF+BgorBgEEAdZ5\n" + - "AgQCBIIBbgSCAWoBaAB2AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKK\n" + - "AAABg36SGRYAAAQDAEcwRQIgDXxSCQGfcIYroxNiDJg08IX38Y9+r5CC6T4NeW14\n" + - "FzgCIQDdEhEYsGIWpwyrnTLr4RFB5CMEq+84dByNT07UYkiVwwB2AHoyjFTYty22\n" + - "IOo44FIe6YQWcDIThU070ivBOlejUutSAAABg36SGTUAAAQDAEcwRQIgL2ig9RrM\n" + - "FPWESGRYGJJJYRHdcayHev66jawrf98saN8CIQD/CInlI3Vo7SBzzN/4uykjYsFZ\n" + - "u9RypT6AYv6AHPlNdQB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kT\n" + - "AAABg36SGU0AAAQDAEcwRQIhAOCD/dOs4HjyC+GQaQRh4U+/mUwWyu+CnlHdebmD\n" + - "hAvFAiAvBE0rbxgm8TpZLG2TaMk3dqZj7Q6FFdLlqTsvwhKa3jANBgkqhkiG9w0B\n" + - "AQsFAAOCAgEAEnPALMVp1pySJgHhugLWAUgiD6stpDWCKfaBxPr+jf34A5wS+m5r\n" + - "2VhYyNQpOwIQB76K2RSJQrdpg7Dg2L6EiUnbbClSTrOkZ4XX5ggBIjldDEx4ZxhI\n" + - "zwSw4KB6+DDAVMwsCL0q0E7AAPOMaZ0RDLteusqQYIYm08TXfJPWD8LjQPt/8Uie\n" + - "LOqm1eLUuwJc+eHFWV+Xr8Uea6SFwqNEj7qPHb2MElctET/MhSIIUKI1ObmrFwyB\n" + - "ElKEPaUh9L0HXpnuD8IWc7tw2mdvnWJhuGG8G6JkasTGvtZ4gKIDBdTrJcuj7MCS\n" + - "amz3ZBCY47tP1ohgImjqwg4ITYjX6UQXgj/nBVDdu+nXkEhx16uPJkTYWaun9Nio\n" + - "8RjYIOxXmDD39QbGUElP0Epsr2wcVT9tIFYMGzUpIO51mCk3Aq1AmiQZwZZhqOIN\n" + - "RDx7lGESPj3IgdVfJi9Ing/OUNtS46Ug9DSuDcGqdY7KnTYEUdWGsUJNtnpjd4lS\n" + - "U6oIAeW1aKuOve6iNg1vsFAN57aJNh1ih3BOup58J9ve42bNlAYWN8wiNxM+Aeba\n" + - "ArUSTnH/QEYCyMRD0XqIREVR9VhNODgSZbL3XedYBAW9wImi1whp+u+8aReXd7lC\n" + - "Q3kD9KRyfZ9Kk05Glf3DsZMWvp1N2ZZWaU2Ms5U3ijUheCiBrqrs8a8=\n" + - "-----END CERTIFICATE-----"; - - public static void main(String[] args) throws Exception { + private static final String VALID = "https://ssltest-active.actalis.it/"; + private static final String REVOKED = "https://ssltest-revoked.actalis.it/"; + private static final String CA_FINGERPRINT = + "55:92:60:84:EC:96:3A:64:B9:6E:2A:BE:01:CE:0B:A8:6A:64:FB:FE:BC:C7:AA:B5:AF:C1:55:B3:7F:D7:60:66"; - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); - } else { - // OCSP check by default - pathValidator.enableOCSPCheck(); - } + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(); - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + validatePathWithURL.enableCRLOnly(); + } else { + // OCSP check by default + validatePathWithURL.enableOCSPOnly(); + } - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Tue Sep 27 03:52:40 PDT 2022", System.out); - } + validatePathWithURL.validateDomain(VALID, false, CA_FINGERPRINT); + validatePathWithURL.validateDomain(REVOKED, true, CA_FINGERPRINT); + } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java index 9ad20271bec41..e98da2f3b9e62 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,46 +22,37 @@ */ /* - * @test + * @test id=OCSP * @bug 8189131 * @summary Interoperability tests with Buypass Class 2 and Class 3 CA - * @build ValidatePathWithParams + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm/timeout=180 -Djava.security.debug=certpath BuypassCA OCSP - * @run main/othervm/timeout=180 -Djava.security.debug=certpath BuypassCA CRL */ - /* - * Obtain test artifacts for Buypass Class 2 and Class 3 CAs from: - * Buypass Class 3 CA 2 - * https://valid.qcevident.ca23.ssl.buypass.no/ - * https://revoked.qcevident.ca23.ssl.buypass.no/ - * https://expired.qcevident.ca23.ssl.buypass.no/ - * https://valid.evident.ca23.ssl.buypass.no/ - * https://revoked.evident.ca23.ssl.buypass.no/ - * https://expired.evident.ca23.ssl.buypass.no/ - * https://valid.businessplus.ca23.ssl.buypass.no - * https://revoked.businessplus.ca23.ssl.buypass.no - * https://expired.businessplus.ca23.ssl.buypass.no - - * Buypass Class 2 CA 2 - * https://valid.business.ca22.ssl.buypass.no - * https://revoked.business.ca22.ssl.buypass.no - * https://expired.business.ca22.ssl.buypass.no - * https://valid.domain.ca22.ssl.buypass.no - * https://revoked.domain.ca22.ssl.buypass.no - * https://expired.domain.ca22.ssl.buypass.no/ +/* + * @test id=CRL + * @bug 8189131 + * @summary Interoperability tests with Buypass Class 2 and Class 3 CA + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL + * @run main/othervm/timeout=180 -Djava.security.debug=certpath BuypassCA CRL */ + +import java.security.cert.CertificateEncodingException; public class BuypassCA { public static void main(String[] args) throws Exception { - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + ValidatePathWithURL pathValidator = new ValidatePathWithURL(); if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); + pathValidator.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPCheck(); + pathValidator.enableOCSPOnly(); } new BuypassClass2().runTest(pathValidator); @@ -70,261 +61,40 @@ public static void main(String[] args) throws Exception { } class BuypassClass2 { - - // Owner: CN=Buypass Class 2 CA 2, O=Buypass AS-983163327, C=NO - // Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO - // Serial number: 1b781c6d5e34ce1f77 - // Valid from: Mon Mar 25 05:17:10 PDT 2019 until: Sat Oct 26 02:16:17 PDT 2030 - private static final String INT_CLASS_2 = "-----BEGIN CERTIFICATE-----\n" + - "MIIFKTCCAxGgAwIBAgIJG3gcbV40zh93MA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV\n" + - "BAYTAk5PMR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4MzE2MzMyNzEgMB4GA1UEAwwX\n" + - "QnV5cGFzcyBDbGFzcyAyIFJvb3QgQ0EwHhcNMTkwMzI1MTIxNzEwWhcNMzAxMDI2\n" + - "MDkxNjE3WjBLMQswCQYDVQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMx\n" + - "NjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3MgQ2xhc3MgMiBDQSAyMIIBIjANBgkqhkiG\n" + - "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKtnxpZLDQ+R0uzKzDMr83L8Dn+5ToSpD31z\n" + - "qiYMykj7I2geNQ7javKsBOzhgeVr7GP4yJ5bK/P0dhoKesYvQITihfwztbMP6DyH\n" + - "q1QJLQBqQnF0Lk8GhxSSNAZnlkCgX3aazoL32p9BeEfHuUE/8BlPywJY/RyE5/39\n" + - "w3EKmWylhUkeRCMo3dUZr4khJq8JwGp/feKFs9n5FouM5PGhpFpZO+WQXEeqxpnc\n" + - "CxbvWpInBoTnmX3+ofjm+fmY+sdAnyHkuOBBw3koGbFQygDaJP9VItOGByCX4iSV\n" + - "ty/2uzppowIkf7Mpu5v5HJGKObLMP1gGv5lNqjAe8mz0bn25kwIDAQABo4IBCzCC\n" + - "AQcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTJgHfgYpKC9Uac87r3TMPe\n" + - "uKOtOTAdBgNVHQ4EFgQUkq1libIAD8tRDcEj7JROj8EEP3cwDgYDVR0PAQH/BAQD\n" + - "AgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjARBgNVHSAECjAIMAYG\n" + - "BFUdIAAwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2NybC5idXlwYXNzLm5vL2Ny\n" + - "bC9CUENsYXNzMlJvb3RDQS5jcmwwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzAB\n" + - "hhdodHRwOi8vb2NzcC5idXlwYXNzLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEApNka\n" + - "48a+qhJXXS9R24p34CWnirlyxPMhxFfQyvPFXnwBQGHvrm7H5KY3/9/etShFXdY/\n" + - "N05Aq6UnE8my8jR4iHMm2e9iEf4v+O2E2JGH/5/H8wup160GBAsp4zAmJIT8KEgh\n" + - "YAA1j+NaClVryZfEaaDfAdF6LbU3cW0ZgooILPMeeCEXso23KsdCD1Q+SMvD6nQJ\n" + - "86iTvzWPY2GFJyEmvG/N2f29nBaHxWwZBwCfWB4Hqsw9wdKfY5M9SE/AGSLZ7LRM\n" + - "BmkkF9nqkWxxISadx12nbxn0LsU2k8Xyt830DqhHGSoYHEC/iGxbU4Bub8NC0uw/\n" + - "QNBj5Gd5cXLFhRUWLLBTq4p6P6kLc7JudpM4FNQ+stWK/eDZylbDLN3iCBRnHH4p\n" + - "qg6HAlWuieiAKVsidBMxPUyDLJ/8Dt+aW8Z3vCNcYC2n7wqrLZz5e4FG+Wn9teFW\n" + - "Rt5pO6ZUZAkDS59ZVojbbjOdQzNw3QHtZl0IMHeNYXJlPIUlHi4hGL3maGZ9sBF+\n" + - "AMfMLDu56+J2DewIuTXPzCeJeSTam/ybNt5FxTznxCSCIDqwmZMy3AQEz9nGSbE8\n" + - "zfwB5VT2ijLB0PpPX4YbLf33Vodf0NAkBUv6N5It30XiTUPhdk+caBYPoljz/J9U\n" + - "15T5+EGHs8ccHQWyYQ6gqYk8o4JgP4rSJqO1sMI=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=valid.domain.ca22.ssl.buypass.no - // Issuer: CN=Buypass Class 2 CA 2, O=Buypass AS-983163327, C=NO - // Serial number: 34e2bff8063debd18d79 - // Valid from: Mon Sep 23 04:12:34 PDT 2019 until: Mon Oct 11 14:59:00 PDT 2021 - private static final String VALID_CLASS_2 = "-----BEGIN CERTIFICATE-----\n" + - "MIIF8jCCBNqgAwIBAgIKNOK/+AY969GNeTANBgkqhkiG9w0BAQsFADBLMQswCQYD\n" + - "VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM\n" + - "FEJ1eXBhc3MgQ2xhc3MgMiBDQSAyMB4XDTE5MDkyMzExMTIzNFoXDTIxMTAxMTIx\n" + - "NTkwMFowKzEpMCcGA1UEAwwgdmFsaWQuZG9tYWluLmNhMjIuc3NsLmJ1eXBhc3Mu\n" + - "bm8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeu/8j7y55R3OucDek\n" + - "gtdoVOEJQb2XaCR4OwiRzn74hLYhKGdFmFwSp+bPCT62NzjdK1urVeKrCQdC1Gkm\n" + - "e7iSOsHHO5aC8oxkgdv8mwEwwvH7xHCcpEVLDlE5Oc0d4cS4QIwFAhNIC77slixL\n" + - "fEdupc5e8FfQf3MlnhX+8gpgRzTx3iw8sb3gUwi3+7PRommHOhC7Ll+iI9LiLODJ\n" + - "qrkHnCbM2HJMK+SGTOQ/whiQwMCnkLaEG0WO1rYc4BGRGfFb8qmQWw/tDKkEey7X\n" + - "nLIFHSC33OiexQshAwRIAE7r1h9gMY1aAAB2Uxwi9/3l6fsd/VPmK7s7lYTBsrpK\n" + - "r4bTAgMBAAGjggL2MIIC8jAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFJKtZYmyAA/L\n" + - "UQ3BI+yUTo/BBD93MB0GA1UdDgQWBBSy+COaEmU2/BeF4g1OglFvAEYkIDAOBgNV\n" + - "HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1Ud\n" + - "IAQYMBYwCgYIYIRCARoBAgQwCAYGZ4EMAQIBMDoGA1UdHwQzMDEwL6AtoCuGKWh0\n" + - "dHA6Ly9jcmwuYnV5cGFzcy5uby9jcmwvQlBDbGFzczJDQTIuY3JsMCsGA1UdEQQk\n" + - "MCKCIHZhbGlkLmRvbWFpbi5jYTIyLnNzbC5idXlwYXNzLm5vMGoGCCsGAQUFBwEB\n" + - "BF4wXDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuYnV5cGFzcy5jb20wNQYIKwYB\n" + - "BQUHMAKGKWh0dHA6Ly9jcnQuYnV5cGFzcy5uby9jcnQvQlBDbGFzczJDQTIuY2Vy\n" + - "MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdwC72d+8H4pxtZOUI5eqkntHOFeV\n" + - "CqtS6BqQlmQ2jh7RhQAAAW1d0tivAAAEAwBIMEYCIQDFRAH98gYpvMMTVa3d5Wcq\n" + - "0tOwpZZyUHiOjUlR3SD14QIhAKZp0cdwFpm+hh0taFVSTmluGsHmXPMCIQq9hLAB\n" + - "VYgyAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFtXdLbFwAA\n" + - "BAMARzBFAiBhr7KQc9yO3zb1iLlE0JW9whR0/bhrPDkk5BYnBKjzFAIhAMMTdHfk\n" + - "1ljso5jKzIUcBpSW0HnTcuKiB3VxGpL7GFVWAHUAb1N2rDHwMRnYmQCkURX/dxUc\n" + - "EdkCwQApBo2yCJo32RMAAAFtXdLYSAAABAMARjBEAiADoZr6Cp5AGM1eT2aUeRaQ\n" + - "kv0vRaegjRGIhKRCvRGyFAIgWLU/7zh28LI8vAyWr8mpDqlUXvF13i3zSD3whq4L\n" + - "Lu4wDQYJKoZIhvcNAQELBQADggEBAJH1RhTuMbhEOYlw+Efbx7PP7EEC/GQ1ijET\n" + - "vZS45jFQyTKhFUcdP2QPAtEVo1nS8PBs0txQJBf0xceWUjer9ruxiAS+JlW21AOi\n" + - "Uq9Kahpj5k63Z7tN8KTeOUE8wZGmHyvVcPP6mkC94RbjYIb4gd13eYxd2Vv1a7YX\n" + - "dNI+J3g7sX5ijssfJxzDd0hORj2584YY2WiKKvIGxwDnLkxk09i3IvjEKsAi4Cgn\n" + - "5798X5sSL1Q9C6gHEWt+cB5UtfILCfbLNRczS9zGku6gjh1c8dB7zc63mn7oCf1C\n" + - "gnQ2xqwbZb3Wau8CPwcMqJWgQZLQFPbZd+4Xo5SDDqYppV4oN2A=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked.domain.ca22.ssl.buypass.no - // Issuer: CN=Buypass Class 2 CA 2, O=Buypass AS-983163327, C=NO - // Serial number: 34e4b97261795f98c495 - // Valid from: Mon Sep 23 04:52:42 PDT 2019 until: Thu Sep 23 14:59:00 PDT 2021 - private static final String REVOKED_CLASS_2 = "-----BEGIN CERTIFICATE-----\n" + - "MIIF9zCCBN+gAwIBAgIKNOS5cmF5X5jElTANBgkqhkiG9w0BAQsFADBLMQswCQYD\n" + - "VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM\n" + - "FEJ1eXBhc3MgQ2xhc3MgMiBDQSAyMB4XDTE5MDkyMzExNTI0MloXDTIxMDkyMzIx\n" + - "NTkwMFowLTErMCkGA1UEAwwicmV2b2tlZC5kb21haW4uY2EyMi5zc2wuYnV5cGFz\n" + - "cy5ubzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOiChajGbQktGjbl\n" + - "k/i5PtqfMN6cMyjJdOirxzXdUG8dT+QErC5zcElCwuyy5MH7DQJRbSYsPxQmr6z5\n" + - "OSheBxX0lPPLjJFfEafBZ+Fw1xmCVy3Xjt3GEl85iqv5y0/E/UlQPc0f7s6WxU0L\n" + - "cItkyN0rWAa+uQY018qDFn+gDYIKWPzTCf5nkXIgob/IgBM1Bj7vSZ/LI1iB+I+G\n" + - "dgLbSGBlJgK6lhCTc1tunZlSbKdPM2Th8Hbl6Uk7WormR/8SrGQA9AAd7BWa43V5\n" + - "HHvf/oArsx0afp3zXNiMw9RgHVHI5uUAzkNnL8NMUpI1sK7/ndTlm0nXsHpPKrPo\n" + - "e+NpKaMCAwEAAaOCAvkwggL1MAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUkq1libIA\n" + - "D8tRDcEj7JROj8EEP3cwHQYDVR0OBBYEFDoBaIahoDhRhA3WVyT/XukqZzmAMA4G\n" + - "A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYD\n" + - "VR0gBBgwFjAKBghghEIBGgECBDAIBgZngQwBAgEwOgYDVR0fBDMwMTAvoC2gK4Yp\n" + - "aHR0cDovL2NybC5idXlwYXNzLm5vL2NybC9CUENsYXNzMkNBMi5jcmwwLQYDVR0R\n" + - "BCYwJIIicmV2b2tlZC5kb21haW4uY2EyMi5zc2wuYnV5cGFzcy5ubzBqBggrBgEF\n" + - "BQcBAQReMFwwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmJ1eXBhc3MuY29tMDUG\n" + - "CCsGAQUFBzAChilodHRwOi8vY3J0LmJ1eXBhc3Mubm8vY3J0L0JQQ2xhc3MyQ0Ey\n" + - "LmNlcjCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYAu9nfvB+KcbWTlCOXqpJ7\n" + - "RzhXlQqrUugakJZkNo4e0YUAAAFtXfeApgAABAMARzBFAiARoEDgK57YWEW2R21d\n" + - "jFMphF5c9PypIwbZFHiWxdyCyAIhALsjjtPGgcrT/7KebYFPuKDyQO6rc8YYvm0z\n" + - "Q+Xt7NhxAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFtXfeD\n" + - "eQAABAMARzBFAiBCXKlCGkqa85QVqMR5dYDDz3F5aQgLXPubrQLX7cAZ0wIhALRr\n" + - "p8F6OfIdccSUhzEcNdtensQ/7zxgn81bUzn1ar9EAHcAb1N2rDHwMRnYmQCkURX/\n" + - "dxUcEdkCwQApBo2yCJo32RMAAAFtXfeBSQAABAMASDBGAiEAyrR31T85HGekHZdD\n" + - "r/m6flxqQaUIGcAJ5WcrBuIBuYkCIQD0rDdm+vM5/lNXIfjjrPLhATFEvrxpXJvu\n" + - "+sW4Ntm94jANBgkqhkiG9w0BAQsFAAOCAQEAjbMEFeNXFy3YQSr8O0+fY7qwaAzk\n" + - "vq65Ef/B2zvqO375+JI21grUikmFUnDiAaM8Y+8PJkOXDiuxR2/XCLsXpxCcPqQh\n" + - "V0MZlqXtjKZjBACILBX7aqGibojJTIlo0Dkd+LfPwswfXscTbb1CUXpUPn7CiUj5\n" + - "0WwfvjjQXny0NAB6WEkBMEBx6/Q75dvltoV9N1BZVer9hov6UTDuSad86faX2QF2\n" + - "aIEjrTJY3m2HqnIYf/lQxuDUDW0h7ddGGsIEBDM8z7M/rvT068ssRqJ8uecGjMaz\n" + - "JElX8VDgMux2kyjTAiAFD5QO+KTfySri9QXptik3wo66zDOmkVES1snvVQ==\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID_CLASS_2, INT_CLASS_2}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED_CLASS_2, INT_CLASS_2}, - ValidatePathWithParams.Status.REVOKED, - "Mon Sep 23 04:53:18 PDT 2019", System.out); + private static final String VALID_BUSINESS = "https://valid.business.ca22.ssl.buypass.no"; + private static final String REVOKED_BUSINESS = "https://revoked.business.ca22.ssl.buypass.no"; + private static final String VALID_DOMAIN = "https://valid.domain.ca22.ssl.buypass.no"; + private static final String REVOKED_DOMAIN = "https://revoked.domain.ca22.ssl.buypass.no"; + private static final String CA_FINGERPRINT = + "9A:11:40:25:19:7C:5B:B9:5D:94:E6:3D:55:CD:43:79:08:47:B6:46:B2:3C:DF:11:AD:A4:A0:0E:FF:15:FB:48"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID_BUSINESS, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED_BUSINESS, true, CA_FINGERPRINT); + + pathValidator.validateDomain(VALID_DOMAIN, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED_DOMAIN, true, CA_FINGERPRINT); } } class BuypassClass3 { - - // Owner: CN=Buypass Class 3 CA 2, O=Buypass AS-983163327, C=NO - // Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO - // Serial number: 1be0dc6a3e7f220475 - // Valid from: Mon Mar 25 05:12:16 PDT 2019 until: Sat Oct 26 01:16:17 PDT 2030 - private static final String INT_CLASS_3 = "-----BEGIN CERTIFICATE-----\n" + - "MIIFKTCCAxGgAwIBAgIJG+Dcaj5/IgR1MA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV\n" + - "BAYTAk5PMR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4MzE2MzMyNzEgMB4GA1UEAwwX\n" + - "QnV5cGFzcyBDbGFzcyAzIFJvb3QgQ0EwHhcNMTkwMzI1MTIxMjE2WhcNMzAxMDI2\n" + - "MDgxNjE3WjBLMQswCQYDVQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMx\n" + - "NjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3MgQ2xhc3MgMyBDQSAyMIIBIjANBgkqhkiG\n" + - "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvU4V2hRFFe4K7BMEmm4IoMTwS7NyDQB4JEar\n" + - "dV1qBsKHIIQJDm9hbCakcLIWXVv6vYrJZ1AEF0b6awBwhhlqXlyNnOtNa9uR+IAP\n" + - "86d4yOGpgHSlNAhdtOOk9Qw6MUzzBo1lyoYmoL0f5n02SMrlMcArSg458o08eDUx\n" + - "4iZs4dXDR9Hjxac2s+mdAO35Js8VK/D50AIMDJvHVeCMw+rumZkNZuRqM7PjIK+u\n" + - "BmbqO8A95PeqQEWHvM5nchlV1+ZGNVqHHSJenlMnVKytGv+4KJp7U741H/9cMbd2\n" + - "X2PXsewWWFhGXoS8R9VXQ5xb3hF6324FQXvcA1mXRv6DAJedXQIDAQABo4IBCzCC\n" + - "AQcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRHuM3/5W/u+LLsL04O+SWw\n" + - "jjxrwzAdBgNVHQ4EFgQUIjAu0vv2S8rAuDvSBMTpcuaXmwwwDgYDVR0PAQH/BAQD\n" + - "AgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjARBgNVHSAECjAIMAYG\n" + - "BFUdIAAwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2NybC5idXlwYXNzLm5vL2Ny\n" + - "bC9CUENsYXNzM1Jvb3RDQS5jcmwwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzAB\n" + - "hhdodHRwOi8vb2NzcC5idXlwYXNzLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAo42Y\n" + - "fp96nUiZbZsqvYBID3Sqtx3jJfU8gNHFeXgkS0pxYHHYUwsVSVRjw+BGVEGUswpF\n" + - "MaYMCZD37ZL0JpvvXWrCDaMb/GqDJAQHLLTyVKPGGGIWCZH/FrhnNvcpt2XXA8lU\n" + - "Ujzp5nZPuqvenzQ/aXHI4sH5sN/QjyKVMSa/6RbWBeQmvIdgyM+0jIR5/r6UGiKM\n" + - "ar55trZgnlIbvQJ/w8QTmI/NwvA5CtRaOslQBxeKoAR0BuA/lRWnocXa/BM5uO6P\n" + - "ULL7ct/uI1bS+YThHXHmFybI6kDf+RhRzWY9165ZP96PBph6smQkxPDAz2b8v+mh\n" + - "LThH+5hkqnoetYfK2MdBYinceGPP3gZ+uBSDDI2o6vdVvdg7G96GP1OEtgTEqZa3\n" + - "glVafckpn/8F5CisypdQuZ5zyy/6SXZCKkPcikR87ysSKnjtteXbxMWVtwkeBALT\n" + - "K7DbJA+5aOCYRNj6CJGULQKiGlC01/ipORKewf5J3yus81lLHzBmgQMA5l9RL8rV\n" + - "6dI246mPpQ+8WDLsDrK3ydSDv5izgdVHzhL0tT2u4vwSq2WUqCgi4xLIA1N/fA2H\n" + - "xEW7zh0X/3YVz++g/6bd7iqRD9nRRZxACekRbza7AqU5xN1UjvVtCJQ9VC74K9KP\n" + - "pBoLWE2Bz5ksL9VUc4kS+WGORvZrSE1EpBq6cHc=\n" + - "-----END CERTIFICATE-----"; - - // Owner: SERIALNUMBER=983163327, CN=valid.businessplus.ca23.ssl.buypass.no, O=BUYPASS AS, - // L=OSLO, OID.2.5.4.17=0484, C=NO - // Issuer: CN=Buypass Class 3 CA 2, O=Buypass AS-983163327, C=NO - // Serial number: 267b7a9f0c3da9b94b39 - // Valid from: Mon Sep 23 04:17:42 PDT 2019 until: Mon Oct 11 14:59:00 PDT 2021 - private static final String VALID_CLASS_3 = "-----BEGIN CERTIFICATE-----\n" + - "MIIGUTCCBTmgAwIBAgIKJnt6nww9qblLOTANBgkqhkiG9w0BAQsFADBLMQswCQYD\n" + - "VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM\n" + - "FEJ1eXBhc3MgQ2xhc3MgMyBDQSAyMB4XDTE5MDkyMzExMTc0MloXDTIxMTAxMTIx\n" + - "NTkwMFowgYUxCzAJBgNVBAYTAk5PMQ0wCwYDVQQRDAQwNDg0MQ0wCwYDVQQHDARP\n" + - "U0xPMRMwEQYDVQQKDApCVVlQQVNTIEFTMS8wLQYDVQQDDCZ2YWxpZC5idXNpbmVz\n" + - "c3BsdXMuY2EyMy5zc2wuYnV5cGFzcy5ubzESMBAGA1UEBRMJOTgzMTYzMzI3MIIB\n" + - "IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqj6dPVIQUULBV/S+u2/Rfko\n" + - "3BljX/KMEAclJHPu6AbJ2Dw5oLqCynOfTwLmGl3IRBQuDUAuoLdaptIhaXR2VTsF\n" + - "8SWdHNXkykC2eD0XkAUdTuKgRm/3U4f0T3XQsjwKOEQGECwGEWJekBL73retSRWe\n" + - "Ccc19NpSKZ5rmRnQSlKLfqUyihmw2xXmIWwEmBq0OOyG8ic3C11Zxh6yUOtlZJqB\n" + - "lWqbAAOK5SXTNV0qozwgkSvtAtJvUo2++rng35Oj8MvjKQjLi92NnSpjbj3rUivW\n" + - "++44X94IgoF9dITkSMnubXhaTLnciM08R8jmCFj877NRrVJRmcJhPfP1yHnR3wID\n" + - "AQABo4IC+jCCAvYwCQYDVR0TBAIwADAfBgNVHSMEGDAWgBQiMC7S+/ZLysC4O9IE\n" + - "xOly5pebDDAdBgNVHQ4EFgQUKJCKAxRR7K6pedVONDSn58EOzQcwDgYDVR0PAQH/\n" + - "BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSAEGDAW\n" + - "MAoGCGCEQgEaAQMEMAgGBmeBDAECAjA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8v\n" + - "Y3JsLmJ1eXBhc3Mubm8vY3JsL0JQQ2xhc3MzQ0EyLmNybDAxBgNVHREEKjAogiZ2\n" + - "YWxpZC5idXNpbmVzc3BsdXMuY2EyMy5zc2wuYnV5cGFzcy5ubzBqBggrBgEFBQcB\n" + - "AQReMFwwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmJ1eXBhc3MuY29tMDUGCCsG\n" + - "AQUFBzAChilodHRwOi8vY3J0LmJ1eXBhc3Mubm8vY3J0L0JQQ2xhc3MzQ0EyLmNl\n" + - "cjCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFmAHYAu9nfvB+KcbWTlCOXqpJ7RzhX\n" + - "lQqrUugakJZkNo4e0YUAAAFtXdd3CgAABAMARzBFAiEA/pTOtw6i2DJS0R56KwVF\n" + - "Huy+LonG7bICWAe1vnCNud4CIE7/KRDu9Jys24rtmLz9yCNYJfZDvooK5PT9+rWR\n" + - "OC4+AHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFtXdd54gAA\n" + - "BAMARjBEAiB09qp4sGA+Kxg823hea3ZyTV7mU1ZQ9j9fqqX8KZ1mpwIgUICM2H0Y\n" + - "8z+V9m+6SutZ5WTD+Arg3K8O6/dvyKu0QmEAdQBvU3asMfAxGdiZAKRRFf93FRwR\n" + - "2QLBACkGjbIImjfZEwAAAW1d13cSAAAEAwBGMEQCIFLqxvNOKVFlTjHPXwk93VeW\n" + - "zCqFtcxJkunD/iiv0Kn9AiBoyvUrjYn4MPTht9zb0OyaSMWb00/HXP/4AVmUzHrz\n" + - "YzANBgkqhkiG9w0BAQsFAAOCAQEAsmQAOn1f1CbvnOpggS2efmy1pQXvvw+YeCYP\n" + - "bElO578h7scn8al4N7huQZ/z14BELe0chGWNA/ReW5nAu3SUOiv+E8/kv9i9Y8ul\n" + - "MJPL62nXW6Z/mkyystuBNtON420iWL/gS/vduxSZE/iBB4znctDpXS917/XWf31Y\n" + - "ZonemF3MSfi/s9V0Ic82ZY/+HZ4NLTDyKRd4kFF58OoH9RZNb6g8MbTp+gPadiUG\n" + - "UcfPGV3yGiugQa7WHTl7QJ9ishyafiZ4hpeKem6TMDEztgGyLIZ4MSxQvoeI2jJP\n" + - "KjHd5fW/HClbEcrN+w0a0MUNMaAOaZfMS7jS6sDpaVL8D0EX5A==\n" + - "-----END CERTIFICATE-----"; - - // Owner: SERIALNUMBER=983163327, CN=revoked.businessplus.ca23.ssl.buypass.no, O=BUYPASS AS, - // L=OSLO, OID.2.5.4.17=0484, C=NO - // Issuer: CN=Buypass Class 3 CA 2, O=Buypass AS-983163327, C=NO - // Serial number: 267cee3fab06c615fb27 - // Valid from: Mon Sep 23 04:56:56 PDT 2019 until: Thu Sep 23 14:59:00 PDT 2021 - private static final String REVOKED_CLASS_3 = "-----BEGIN CERTIFICATE-----\n" + - "MIIGWDCCBUCgAwIBAgIKJnzuP6sGxhX7JzANBgkqhkiG9w0BAQsFADBLMQswCQYD\n" + - "VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM\n" + - "FEJ1eXBhc3MgQ2xhc3MgMyBDQSAyMB4XDTE5MDkyMzExNTY1NloXDTIxMDkyMzIx\n" + - "NTkwMFowgYcxCzAJBgNVBAYTAk5PMQ0wCwYDVQQRDAQwNDg0MQ0wCwYDVQQHDARP\n" + - "U0xPMRMwEQYDVQQKDApCVVlQQVNTIEFTMTEwLwYDVQQDDChyZXZva2VkLmJ1c2lu\n" + - "ZXNzcGx1cy5jYTIzLnNzbC5idXlwYXNzLm5vMRIwEAYDVQQFEwk5ODMxNjMzMjcw\n" + - "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtpNExWd+hjl/ouL/B/pdc\n" + - "InUzEywQO3rzXs3psBdQ1lDhG/9Fcq78uqyri4edtJNDGb1XadktKeRC+NtUqMkE\n" + - "IFOXvaVjLxa61c8K5mh3CVDrAiPyxVcnm8vkuQPMsy1BTOl9TZq9heIukG/lcfzW\n" + - "6tU6mOD9yx1NzXSVN5cvDCbbDnEZiJSuazXI4O02as66SWI27WKsk21+SKCGAtGC\n" + - "kI0PW4FrXm43/jxX1CoImIfTLkDInMq7HHsQRsGQ3OjbJLfRz/2obyjHUU5ki6vd\n" + - "z16mA5ITLFIG36HxbPn337175R9RwOpWkN84xVlL3VQdznCVoiOjzBiOMpdm0Jwp\n" + - "AgMBAAGjggL/MIIC+zAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFCIwLtL79kvKwLg7\n" + - "0gTE6XLml5sMMB0GA1UdDgQWBBSGUQTUB4BilG/EMaHHDAYNPewf8zAOBgNVHQ8B\n" + - "Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIAQY\n" + - "MBYwCgYIYIRCARoBAwQwCAYGZ4EMAQICMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6\n" + - "Ly9jcmwuYnV5cGFzcy5uby9jcmwvQlBDbGFzczNDQTIuY3JsMDMGA1UdEQQsMCqC\n" + - "KHJldm9rZWQuYnVzaW5lc3NwbHVzLmNhMjMuc3NsLmJ1eXBhc3Mubm8wagYIKwYB\n" + - "BQUHAQEEXjBcMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5idXlwYXNzLmNvbTA1\n" + - "BggrBgEFBQcwAoYpaHR0cDovL2NydC5idXlwYXNzLm5vL2NydC9CUENsYXNzM0NB\n" + - "Mi5jZXIwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2ALvZ37wfinG1k5Qjl6qS\n" + - "e0c4V5UKq1LoGpCWZDaOHtGFAAABbV37Y7oAAAQDAEcwRQIgYbaNSR3R5x9p9sYJ\n" + - "UzRDdd/lbELb05u9GqlLtl4M61YCIQCTBecXTbMs4zuG/wu722HZy/XgD6fiQySp\n" + - "FhHDO3CYagB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABbV37\n" + - "Y7wAAAQDAEcwRQIgD8j40M03oLMCg5WmFBN7VL6169F7rKatE12btLQRYtYCIQC0\n" + - "rDhQiZP7j14Y4JqEFQx6UHl3dvxLxZTDW34Z54IUWQB3AG9Tdqwx8DEZ2JkApFEV\n" + - "/3cVHBHZAsEAKQaNsgiaN9kTAAABbV37YOUAAAQDAEgwRgIhANTGHD1g2pbsTtoN\n" + - "CJ2m6nfxm9jB3huftKGDjeo7EyxHAiEA3EYNUc6hr+4Q9lMAphUgpW6oyaNCsIzl\n" + - "izbNhq8dBRYwDQYJKoZIhvcNAQELBQADggEBADUuO4MmYjPkmkik5tjUPiiDDXEQ\n" + - "A41jr72qmdleYdkhnaKAJa8Enn6j/ySRV0enA7yqJeNp1qgPQFvlOh3TqFB3Ae5b\n" + - "XAfL2B7vKbegpjKm8dVH5RurqVm9xZcXb1nbwfu2k3lqqsp/uwqvLBItJDvA8pfi\n" + - "2R46sEtj2gFpAlKFDwepuaklqhrvEoIjIaAL0RrGfKY0oRQw1YMbPNIebsVaWr04\n" + - "rt6tlxrq7PyW1w9Mt3445WA1NzSWc7pAjFLfY6u87QaPHI4ES31H9xxRDsxmr6Y3\n" + - "BJmiWd5uUxev0nVw0saqvlo4yAEBq4rI/DieKcQI4qEI8myzoS0R0azMfLM=\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID_CLASS_3, INT_CLASS_3}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED_CLASS_3, INT_CLASS_3}, - ValidatePathWithParams.Status.REVOKED, - "Mon Sep 23 04:57:31 PDT 2019", System.out); + private static final String VALID_QC = "https://valid.qcevident.ca23.ssl.buypass.no"; + private static final String REVOKED_QC = "https://revoked.qcevident.ca23.ssl.buypass.no"; + private static final String VALID_EVIDENT = "https://valid.evident.ca23.ssl.buypass.no"; + private static final String REVOKED_EVIDENT = "https://revoked.evident.ca23.ssl.buypass.no"; + private static final String VALID_BUSINESSPLUS = "https://valid.businessplus.ca23.ssl.buypass.no"; + private static final String REVOKED_BUSINESSPLUS = "https://revoked.businessplus.ca23.ssl.buypass.no"; + private static final String CA_FINGERPRINT = + "ED:F7:EB:BC:A2:7A:2A:38:4D:38:7B:7D:40:10:C6:66:E2:ED:B4:84:3E:4C:29:B4:AE:1D:5B:93:32:E6:B2:4D"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID_QC, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED_QC, true, CA_FINGERPRINT); + + pathValidator.validateDomain(VALID_EVIDENT, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED_EVIDENT, true, CA_FINGERPRINT); + + pathValidator.validateDomain(VALID_BUSINESSPLUS, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED_BUSINESSPLUS, true, CA_FINGERPRINT); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java index 73d7171b906ac..10ced7221afe2 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,41 +22,39 @@ */ /* - * @test - * @bug 8189131 8231887 + * @test id=OCSP + * @bug 8189131 * @summary Interoperability tests with Comodo RSA, ECC, userTrust RSA, and * userTrust ECC CAs - * @build ValidatePathWithParams + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath ComodoCA OCSP - * @run main/othervm -Djava.security.debug=certpath ComodoCA CRL */ - /* - * Obtain TLS test artifacts for Comodo CAs from: - * - * Valid TLS Certificates: - * https://comodorsacertificationauthority-ev.comodoca.com - * https://comodoecccertificationauthority-ev.comodoca.com - * https://usertrustrsacertificationauthority-ev.comodoca.com - * https://usertrustecccertificationauthority-ev.comodoca.com - * - * Revoked TLS Certificates: - * https://comodorsacertificationauthority-ev.comodoca.com:444 - * https://comodoecccertificationauthority-ev.comodoca.com:444 - * https://usertrustrsacertificationauthority-ev.comodoca.com:444 - * https://usertrustecccertificationauthority-ev.comodoca.com:444 +/* + * @test id=CRL + * @bug 8189131 + * @summary Interoperability tests with Comodo RSA, ECC, userTrust RSA, and + * userTrust ECC CAs + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL + * @run main/othervm -Djava.security.debug=certpath ComodoCA CRL */ + +import java.security.cert.CertificateEncodingException; public class ComodoCA { public static void main(String[] args) throws Exception { - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + ValidatePathWithURL pathValidator = new ValidatePathWithURL(); if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); + pathValidator.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPCheck(); + pathValidator.enableOCSPOnly(); } new ComodoRSA().runTest(pathValidator); @@ -67,577 +65,49 @@ public static void main(String[] args) throws Exception { } class ComodoRSA { - - // Owner: CN=COMODO RSA Extended Validation Secure Server CA, - // O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB - // Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, - // L=Salford, ST=Greater Manchester, C=GB - // Serial number: 6a74380d4ebfed435b5a3f7e16abdd8 - // Valid from: Sat Feb 11 16:00:00 PST 2012 until: Thu Feb 11 15:59:59 PST 2027 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" - + "MIIGDjCCA/agAwIBAgIQBqdDgNTr/tQ1taP34Wq92DANBgkqhkiG9w0BAQwFADCB\n" - + "hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\n" - + "A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV\n" - + "BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTIwMjEy\n" - + "MDAwMDAwWhcNMjcwMjExMjM1OTU5WjCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgT\n" - + "EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR\n" - + "Q09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQg\n" - + "VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" - + "AQ8AMIIBCgKCAQEAlVbeVLTf1QJJe9FbXKKyHo+cK2JMK40SKPMalaPGEP0p3uGf\n" - + "CzhAk9HvbpUQ/OGQF3cs7nU+e2PsYZJuTzurgElr3wDqAwB/L3XVKC/sVmePgIOj\n" - + "vdwDmZOLlJFWW6G4ajo/Br0OksxgnP214J9mMF/b5pTwlWqvyIqvgNnmiDkBfBzA\n" - + "xSr3e5Wg8narbZtyOTDr0VdVAZ1YEZ18bYSPSeidCfw8/QpKdhQhXBZzQCMZdMO6\n" - + "WAqmli7eNuWf0MLw4eDBYuPCGEUZUaoXHugjddTI0JYT/8ck0YwLJ66eetw6YWNg\n" - + "iJctXQUL5Tvrrs46R3N2qPos3cCHF+msMJn4HwIDAQABo4IBaTCCAWUwHwYDVR0j\n" - + "BBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFDna/8ooFIqodBMI\n" - + "ueQOqdL6fp1pMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMD4G\n" - + "A1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5j\n" - + "b21vZG8uY29tL0NQUzBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9k\n" - + "b2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggr\n" - + "BgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29t\n" - + "L0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz\n" - + "cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAERCnUFRK0iIXZebeV4R\n" - + "AUpSGXtBLMeJPNBy3IX6WK/VJeQT+FhlZ58N/1eLqYVeyqZLsKeyLeCMIs37/3mk\n" - + "jCuN/gI9JN6pXV/kD0fQ22YlPodHDK4ixVAihNftSlka9pOlk7DgG4HyVsTIEFPk\n" - + "1Hax0VtpS3ey4E/EhOfUoFDuPPpE/NBXueEoU/1Tzdy5H3pAvTA/2GzS8+cHnx8i\n" - + "teoiccsq8FZ8/qyo0QYPFBRSTP5kKwxpKrgNUG4+BAe/eiCL+O5lCeHHSQgyPQ0o\n" - + "fkkdt0rvAucNgBfIXOBhYsvss2B5JdoaZXOcOBCgJjqwyBZ9kzEi7nQLiMBciUEA\n" - + "KKlHMd99SUWa9eanRRrSjhMQ34Ovmw2tfn6dNVA0BM7pINae253UqNpktNEvWS5e\n" - + "ojZh1CSggjMziqHRbO9haKPl0latxf1eYusVqHQSTC8xjOnB3xBLAer2VBvNfzu9\n" - + "XJ/B288ByvK6YBIhMe2pZLiySVgXbVrXzYxtvp5/4gJYp9vDLVj2dAZqmvZh+fYA\n" - + "tmnYOosxWd2R5nwnI4fdAw+PKowegwFOAWEMUnNt/AiiuSpm5HZNMaBWm9lTjaK2\n" - + "jwLI5jqmBNFI+8NKAnb9L9K8E7bobTQk+p0pisehKxTxlgBzuRPpwLk6R1YCcYAn\n" - + "pLwltum95OmYdBbxN4SBB7SC\n" - + "-----END CERTIFICATE-----"; - - // Owner: CN=comodorsacertificationauthority-ev.comodoca.com, - // O=Sectigo Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, STREET=Trafford Road, - // L=Salford, ST=Manchester, OID.2.5.4.17=M5 3EQ, C=GB, OID.2.5.4.15=Private Organization, - // OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690 - // Issuer: CN=COMODO RSA Extended Validation Secure Server CA, O=COMODO CA Limited, L=Salford, - // ST=Greater Manchester, C=GB - // Serial number: 9eb246629030e0b527ca2f93e5ebf25a - // Valid from: Mon Mar 01 16:00:00 PST 2021 until: Sat Apr 02 16:59:59 PDT 2022 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIHSzCCBjOgAwIBAgIRAJ6yRmKQMOC1J8ovk+Xr8lowDQYJKoZIhvcNAQELBQAw\n" + - "gZIxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO\n" + - "BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTgwNgYD\n" + - "VQQDEy9DT01PRE8gUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZl\n" + - "ciBDQTAeFw0yMTAzMDIwMDAwMDBaFw0yMjA0MDIyMzU5NTlaMIIBNzERMA8GA1UE\n" + - "BRMIMDQwNTg2OTAxEzARBgsrBgEEAYI3PAIBAxMCR0IxHTAbBgNVBA8TFFByaXZh\n" + - "dGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJHQjEPMA0GA1UEERMGTTUgM0VRMRMw\n" + - "EQYDVQQIEwpNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRYwFAYDVQQJEw1U\n" + - "cmFmZm9yZCBSb2FkMRYwFAYDVQQJEw1FeGNoYW5nZSBRdWF5MSUwIwYDVQQJExwz\n" + - "cmQgRmxvb3IsIDI2IE9mZmljZSBWaWxsYWdlMRgwFgYDVQQKEw9TZWN0aWdvIExp\n" + - "bWl0ZWQxODA2BgNVBAMTL2NvbW9kb3JzYWNlcnRpZmljYXRpb25hdXRob3JpdHkt\n" + - "ZXYuY29tb2RvY2EuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n" + - "0P95lAFOOkEOy614rCX7OlOK0Xy0nPAcCFxAcLYBosX8YmXWuePHg596UyEqE3U5\n" + - "30pTqiccY53bDiYPgSJgr1OlfC7BPLN+QKaeSrFmNgrcoAk3TXejgv7zLXOwZVS6\n" + - "Wk38Z8xrFNvhd2Z5J6RM/3U+HDfF7OKMGrexr77Ws7lEFpPUgd4eEe+IL1Y2sbwI\n" + - "iD+PkzIL2LjctkeJFcsRHUvNP8wIhGyIbkARuJhdXkE13lKKIe0EnWrRkkf4DEvY\n" + - "RFpPjVUKmluhnBOGYkYaiTL0VaOnrPxToSfHR8Awkhk0TNbosAkUo8TKcRTTTiMU\n" + - "UIS6Y9SqoILiiDG6WmFjzQIDAQABo4IC8jCCAu4wHwYDVR0jBBgwFoAUOdr/yigU\n" + - "iqh0Ewi55A6p0vp+nWkwHQYDVR0OBBYEFD5LhmEivA6h4az0EFPi5erz1TH+MA4G\n" + - "A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMB\n" + - "BggrBgEFBQcDAjBJBgNVHSAEQjBAMDUGDCsGAQQBsjEBAgEFATAlMCMGCCsGAQUF\n" + - "BwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAHBgVngQwBATBWBgNVHR8ETzBN\n" + - "MEugSaBHhkVodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FFeHRlbmRl\n" + - "ZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYcGCCsGAQUFBwEBBHsweTBR\n" + - "BggrBgEFBQcwAoZFaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRXh0\n" + - "ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhho\n" + - "dHRwOi8vb2NzcC5jb21vZG9jYS5jb20wOgYDVR0RBDMwMYIvY29tb2RvcnNhY2Vy\n" + - "dGlmaWNhdGlvbmF1dGhvcml0eS1ldi5jb21vZG9jYS5jb20wggEEBgorBgEEAdZ5\n" + - "AgQCBIH1BIHyAPAAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAA\n" + - "AXfyqEfyAAAEAwBHMEUCIQDJbHPgbqK21/Nugwl5mgMO81YQSHOm4VcQ8UvOJjnN\n" + - "JQIgWw9fortwJBtv2Mts6xJYr5D6itPpEYP8uegURneBwRsAdgBvU3asMfAxGdiZ\n" + - "AKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXfyqEjyAAAEAwBHMEUCIDifAsuw37D4\n" + - "beHZ9Ed5/Pab0Eg6Cobrh4jv3bjfA6KIAiEAmiA/XD+AccfI85c+C2zH9wNIs+Zm\n" + - "/V/uo/sv0i9eCAYwDQYJKoZIhvcNAQELBQADggEBADRFnOFgb3mzCUpXxiU5/mM5\n" + - "ECRj3NzXKXjcYlSMhVcWA7Eqa5rhJuh11vbPoDQzQcGxntS/zhRwJFRF3hnyFa3m\n" + - "4t+7ZnUaJN+GOMTABh4kYiOSpE9id12URdJzWv2IHg4CU3OLnsBHGh7H9eWfbPvn\n" + - "OW4owV1ChpiEHh40i/NQkTn9JzjlZepI9+EsSdhn2tpis7tko6PX/plgw8bRgm7f\n" + - "ong2QaX/DE6z4VIdomW8TQhB9turhKxwjzPTbtYDQIgZfRP/H1S5jYutqbE5yL5B\n" + - "r+VOiSuB8234P4xWg1IBL2EFbxPdgOSMTWRJutUcj44kJKmwp5GUQtySSccw4gk=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=comodorsacertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL, - // O=Sectigo Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, STREET=Trafford Road, - // L=Salford, OID.2.5.4.17=M5 3EQ, C=GB, OID.2.5.4.15=Private Organization, - // OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690 - // Issuer: CN=COMODO RSA Extended Validation Secure Server CA, O=COMODO CA Limited, L=Salford, - // ST=Greater Manchester, C=GB - // Serial number: a0c7cabcc25ed9358ded02cc1d485545 - // Valid from: Sun Sep 29 17:00:00 PDT 2019 until: Tue Dec 28 15:59:59 PST 2021 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIH0TCCBrmgAwIBAgIRAKDHyrzCXtk1je0CzB1IVUUwDQYJKoZIhvcNAQELBQAw\n" + - "gZIxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO\n" + - "BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTgwNgYD\n" + - "VQQDEy9DT01PRE8gUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZl\n" + - "ciBDQTAeFw0xOTA5MzAwMDAwMDBaFw0yMTEyMjgyMzU5NTlaMIIBPjERMA8GA1UE\n" + - "BRMIMDQwNTg2OTAxEzARBgsrBgEEAYI3PAIBAxMCR0IxHTAbBgNVBA8TFFByaXZh\n" + - "dGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJHQjEPMA0GA1UEERMGTTUgM0VRMRAw\n" + - "DgYDVQQHEwdTYWxmb3JkMRYwFAYDVQQJEw1UcmFmZm9yZCBSb2FkMRYwFAYDVQQJ\n" + - "Ew1FeGNoYW5nZSBRdWF5MSUwIwYDVQQJExwzcmQgRmxvb3IsIDI2IE9mZmljZSBW\n" + - "aWxsYWdlMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxGjAYBgNVBAsTEUNPTU9E\n" + - "TyBFViBTR0MgU1NMMTgwNgYDVQQDEy9jb21vZG9yc2FjZXJ0aWZpY2F0aW9uYXV0\n" + - "aG9yaXR5LWV2LmNvbW9kb2NhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\n" + - "AQoCggEBAND/eZQBTjpBDsuteKwl+zpTitF8tJzwHAhcQHC2AaLF/GJl1rnjx4Of\n" + - "elMhKhN1Od9KU6onHGOd2w4mD4EiYK9TpXwuwTyzfkCmnkqxZjYK3KAJN013o4L+\n" + - "8y1zsGVUulpN/GfMaxTb4XdmeSekTP91Phw3xezijBq3sa++1rO5RBaT1IHeHhHv\n" + - "iC9WNrG8CIg/j5MyC9i43LZHiRXLER1LzT/MCIRsiG5AEbiYXV5BNd5SiiHtBJ1q\n" + - "0ZJH+AxL2ERaT41VCppboZwThmJGGoky9FWjp6z8U6Enx0fAMJIZNEzW6LAJFKPE\n" + - "ynEU004jFFCEumPUqqCC4ogxulphY80CAwEAAaOCA3EwggNtMB8GA1UdIwQYMBaA\n" + - "FDna/8ooFIqodBMIueQOqdL6fp1pMB0GA1UdDgQWBBQ+S4ZhIrwOoeGs9BBT4uXq\n" + - "89Ux/jAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr\n" + - "BgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA7BgwrBgEEAbIxAQIBBQEwKzAp\n" + - "BggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwBwYFZ4EM\n" + - "AQEwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09N\n" + - "T0RPUlNBRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGHBggr\n" + - "BgEFBQcBAQR7MHkwUQYIKwYBBQUHMAKGRWh0dHA6Ly9jcnQuY29tb2RvY2EuY29t\n" + - "L0NPTU9ET1JTQUV4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAk\n" + - "BggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMDoGA1UdEQQzMDGC\n" + - "L2NvbW9kb3JzYWNlcnRpZmljYXRpb25hdXRob3JpdHktZXYuY29tb2RvY2EuY29t\n" + - "MIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdQDuS723dc5guuFCaR+r4Z5mow9+\n" + - "X7By2IMAxHuJeqj9ywAAAW2DAXefAAAEAwBGMEQCIDqP1einOiPHnaG1fOZMDrEc\n" + - "RAxjq3vEl94fp4pkmke7AiBsJOvPE6irgcOO1/lnP7NRuln7iPJjU7T20PEK5/rm\n" + - "KwB2AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABbYMBd0kAAAQD\n" + - "AEcwRQIhALgUI5XxM1NHbJDdr19h2pe3LhzK4tpuB/OQ9BgCyrGXAiBdr6mNCB/G\n" + - "rbdVx0u7iezwC7mq7iaWugR3rrWlSA8fWQB2ALvZ37wfinG1k5Qjl6qSe0c4V5UK\n" + - "q1LoGpCWZDaOHtGFAAABbYMBd1oAAAQDAEcwRQIgXbG32dagMeLhuZb+LSpJO1vI\n" + - "BmxmRnNdiz5FbG9cCbwCIQCr1X9f+ebT5fhlDUNBURUorTtM8QQciBiueBqvHk7+\n" + - "1DANBgkqhkiG9w0BAQsFAAOCAQEAM/A/1dgoc5NP1n+w3SX9qWcN7QT7ExdrnZSl\n" + - "Ygn0PF2fx4gz7cvNKucbpQJNA4C9awGydyYK8/o5KDUXt3K7eb1OAZ/NZBjygsJs\n" + - "ikXvxlBh8oEoqBOfOtr24l0NGUWnP8Qeu/VPcIMER4V8qX+in0pCXkSd67nkp6Bs\n" + - "EcqhDPgmzdSC1gQHsZuBdotG14OfdH1cG1bRK6GadISLG1h8BFukVem42B149v8F\n" + - "MCIUQAYprAVv2WlTZKBx9XzuK6IK3+klHZ07Jfvjvt7PPG5HKSMWBMnMaTHKcyQI\n" + - "G3t91yw7BnNNInZlBSsFtqjbHhDcr7uruZdbi0rerSsi2qDr0w==\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Tue Mar 02 02:51:39 PST 2021", System.out); + private static final String VALID = "https://comodorsacertificationauthority-ev.comodoca.com"; + private static final String REVOKED = "https://comodorsacertificationauthority-ev.comodoca.com:444"; + private static final String CA_FINGERPRINT = + "52:F0:E1:C4:E5:8E:C6:29:29:1B:60:31:7F:07:46:71:B8:5D:7E:A8:0D:5B:07:27:34:63:53:4B:32:B4:02:34"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class ComodoECC { - - // Owner: CN=COMODO ECC Extended Validation Secure Server CA, - // O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB - // Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, - // L=Salford, ST=Greater Manchester, C=GB - // Serial number: 61d4643b412b5d8d715499d8553aa03 - // Valid from: Sun Apr 14 17:00:00 PDT 2013 until: Fri Apr 14 16:59:59 PDT 2028 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" - + "MIIDojCCAyigAwIBAgIQBh1GQ7QStdjXFUmdhVOqAzAKBggqhkjOPQQDAzCBhTEL\n" - + "MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE\n" - + "BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT\n" - + "IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTMwNDE1MDAw\n" - + "MDAwWhcNMjgwNDE0MjM1OTU5WjCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy\n" - + "ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N\n" - + "T0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBFQ0MgRXh0ZW5kZWQgVmFs\n" - + "aWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" - + "QgAEV3AaPyeTQy0aWXXkBJMR42DsJ5pnbliJe7ndaHzCDslVlY8ofpxeFiqluZrK\n" - + "KNcJeBU/Jl1YI9jLMyMZKsfSoaOCAWkwggFlMB8GA1UdIwQYMBaAFHVxpxlIGbyd\n" - + "nepBR9+UxEh3mdN5MB0GA1UdDgQWBBTTTsMZulhZ0Rxgt2FTRzund4/4ijAOBgNV\n" - + "HQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1MDMGBFUd\n" - + "IAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMw\n" - + "TAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RP\n" - + "RUNDQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsG\n" - + "CCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9FQ0NBZGRU\n" - + "cnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29t\n" - + "MAoGCCqGSM49BAMDA2gAMGUCMQDmPWS98nREWdt4xB83r9MVvgG5INpKHi6V1dUY\n" - + "lCqvSvXXjK0QvZSrOB7cj9RavGgCMG2xJNG+SvlTWEYpmK7eXSgmRUgoBDeQ0yDK\n" - + "lnxmeeOBnnCaDIxAcA3aCj2Gtdt3sA==\n" - + "-----END CERTIFICATE-----"; - - // Owner: CN=comodoecccertificationauthority-ev.comodoca.com, O=Sectigo Limited, STREET="3rd Floor, - // 26 Office Village", STREET=Exchange Quay, STREET=Trafford Road, L=Salford, ST=Manchester, OID.2.5.4.17=M5 3EQ, - // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690 - // Issuer: CN=COMODO ECC Extended Validation Secure Server CA, O=COMODO CA Limited, L=Salford, - // ST=Greater Manchester, C=GB - // Serial number: db437a31e5be29a62443e3caa1479001 - // Valid from: Mon Mar 01 16:00:00 PST 2021 until: Sat Apr 02 16:59:59 PDT 2022 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIFvzCCBWWgAwIBAgIRANtDejHlvimmJEPjyqFHkAEwCgYIKoZIzj0EAwIwgZIx\n" + - "CzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNV\n" + - "BAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTgwNgYDVQQD\n" + - "Ey9DT01PRE8gRUNDIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD\n" + - "QTAeFw0yMTAzMDIwMDAwMDBaFw0yMjA0MDIyMzU5NTlaMIIBNzERMA8GA1UEBRMI\n" + - "MDQwNTg2OTAxEzARBgsrBgEEAYI3PAIBAxMCR0IxHTAbBgNVBA8TFFByaXZhdGUg\n" + - "T3JnYW5pemF0aW9uMQswCQYDVQQGEwJHQjEPMA0GA1UEERMGTTUgM0VRMRMwEQYD\n" + - "VQQIEwpNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRYwFAYDVQQJEw1UcmFm\n" + - "Zm9yZCBSb2FkMRYwFAYDVQQJEw1FeGNoYW5nZSBRdWF5MSUwIwYDVQQJExwzcmQg\n" + - "Rmxvb3IsIDI2IE9mZmljZSBWaWxsYWdlMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0\n" + - "ZWQxODA2BgNVBAMTL2NvbW9kb2VjY2NlcnRpZmljYXRpb25hdXRob3JpdHktZXYu\n" + - "Y29tb2RvY2EuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEt26qBS7TRu/y\n" + - "fR+RiqLAzW2C+UspFZlORc4EhLfNYMgFkoZKjEnwJzudH6a+uRPqPOhPgUd6PFfR\n" + - "QFOcLjmhgaOCAvIwggLuMB8GA1UdIwQYMBaAFNNOwxm6WFnRHGC3YVNHO6d3j/iK\n" + - "MB0GA1UdDgQWBBTpZ0tzKscFw6Z3vCEDFzGR5VSkVzAOBgNVHQ8BAf8EBAMCBYAw\n" + - "DAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYD\n" + - "VR0gBEIwQDA1BgwrBgEEAbIxAQIBBQEwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9z\n" + - "ZWN0aWdvLmNvbS9DUFMwBwYFZ4EMAQEwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDov\n" + - "L2NybC5jb21vZG9jYS5jb20vQ09NT0RPRUNDRXh0ZW5kZWRWYWxpZGF0aW9uU2Vj\n" + - "dXJlU2VydmVyQ0EuY3JsMIGHBggrBgEFBQcBAQR7MHkwUQYIKwYBBQUHMAKGRWh0\n" + - "dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET0VDQ0V4dGVuZGVkVmFsaWRhdGlv\n" + - "blNlY3VyZVNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29t\n" + - "b2RvY2EuY29tMDoGA1UdEQQzMDGCL2NvbW9kb2VjY2NlcnRpZmljYXRpb25hdXRo\n" + - "b3JpdHktZXYuY29tb2RvY2EuY29tMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA\n" + - "RqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF38qtH4AAABAMARzBF\n" + - "AiBsKoB1TTfoUYUNqF160/vlOENHyK1zzARcnfGKYURHTwIhANKYWg1CO7jyCPk+\n" + - "IrrLaR+461snNK4LJZXJm4o/9GeeAHYAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQAp\n" + - "Bo2yCJo32RMAAAF38qtJIAAABAMARzBFAiEA1hgxkYZb5Tc9+vQsDnsfXVewClN2\n" + - "7gzwd4hZdqAsOSYCID9CWcBvkKrL44mfe9ky1Z6BnAWHUBMCxTjt8MO/IMZ8MAoG\n" + - "CCqGSM49BAMCA0gAMEUCIBa3sfOiVb0q4LcXU9umKjzVw3Ib8VdiPTtXSnyl0oLb\n" + - "AiEAnpRB53UtLAF7xw98ELmK/LEk1b5KSlqoO8sFHgwQ8vI=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=comodoecccertificationauthority-ev.comodoca.com, OU=COMODO EV SSL, O=Sectigo Limited, - // STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, STREET=Trafford Road, L=Salford, OID.2.5.4.17=M5 3EQ, - // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690 - // Issuer: CN=COMODO ECC Extended Validation Secure Server CA, O=COMODO CA Limited, L=Salford, - // ST=Greater Manchester, C=GB - // Serial number: 7972d9d8472a2d52ad1ee6edfb16cbe1 - // Valid from: Sun Sep 29 17:00:00 PDT 2019 until: Tue Dec 28 15:59:59 PST 2021 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIGPzCCBeWgAwIBAgIQeXLZ2EcqLVKtHubt+xbL4TAKBggqhkjOPQQDAjCBkjEL\n" + - "MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE\n" + - "BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMT\n" + - "L0NPTU9ETyBFQ0MgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\n" + - "MB4XDTE5MDkzMDAwMDAwMFoXDTIxMTIyODIzNTk1OVowggE6MREwDwYDVQQFEwgw\n" + - "NDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0ZSBP\n" + - "cmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExEDAOBgNV\n" + - "BAcTB1NhbGZvcmQxFjAUBgNVBAkTDVRyYWZmb3JkIFJvYWQxFjAUBgNVBAkTDUV4\n" + - "Y2hhbmdlIFF1YXkxJTAjBgNVBAkTHDNyZCBGbG9vciwgMjYgT2ZmaWNlIFZpbGxh\n" + - "Z2UxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEWMBQGA1UECxMNQ09NT0RPIEVW\n" + - "IFNTTDE4MDYGA1UEAxMvY29tb2RvZWNjY2VydGlmaWNhdGlvbmF1dGhvcml0eS1l\n" + - "di5jb21vZG9jYS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS3bqoFLtNG\n" + - "7/J9H5GKosDNbYL5SykVmU5FzgSEt81gyAWShkqMSfAnO50fpr65E+o86E+BR3o8\n" + - "V9FAU5wuOaGBo4IDcDCCA2wwHwYDVR0jBBgwFoAU007DGbpYWdEcYLdhU0c7p3eP\n" + - "+IowHQYDVR0OBBYEFOlnS3MqxwXDpne8IQMXMZHlVKRXMA4GA1UdDwEB/wQEAwIF\n" + - "gDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBP\n" + - "BgNVHSAESDBGMDsGDCsGAQQBsjEBAgEFATArMCkGCCsGAQUFBwIBFh1odHRwczov\n" + - "L3NlY3VyZS5jb21vZG8uY29tL0NQUzAHBgVngQwBATBWBgNVHR8ETzBNMEugSaBH\n" + - "hkVodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9FQ0NFeHRlbmRlZFZhbGlk\n" + - "YXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYcGCCsGAQUFBwEBBHsweTBRBggrBgEF\n" + - "BQcwAoZFaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPRUNDRXh0ZW5kZWRW\n" + - "YWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8v\n" + - "b2NzcC5jb21vZG9jYS5jb20wOgYDVR0RBDMwMYIvY29tb2RvZWNjY2VydGlmaWNh\n" + - "dGlvbmF1dGhvcml0eS1ldi5jb21vZG9jYS5jb20wggF8BgorBgEEAdZ5AgQCBIIB\n" + - "bASCAWgBZgB1AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABbYME\n" + - "EzgAAAQDAEYwRAIgbdo71lBleuJiq+D0ZLp51oVUyWD9EyrtgBSCNwIW4cMCIAqg\n" + - "0VFTWHEmAVjaV23fGj3Ybu3mpSiHr6viGlgA2lYaAHUAVYHUwhaQNgFK6gubVzxT\n" + - "8MDkOHhwJQgXL6OqHQcT0wwAAAFtgwQTKAAABAMARjBEAiBb/gW1RU7kgFBiNpHx\n" + - "LStujKIocyENUTXsMbsac+LktwIgXbEr8vOOCEdBdXQ2F/FKec8ft6gz57mHNmwl\n" + - "pp7phbQAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAW2DBBM6\n" + - "AAAEAwBHMEUCIQDjKN3h86ofR94+JxLFoYuoA+DRtxEY8XGg+NQXlZfUrgIgEoO2\n" + - "ZzKbGfohdwj/WtDwJDRX5pjXF4M0nECiwtYXDIwwCgYIKoZIzj0EAwIDSAAwRQIg\n" + - "AkIRVQBwrElFjrnqk5XPvnlnwkIm1A70ayqOf1FexoQCIQC8tBTn//RCfrhcgTjd\n" + - "ER4wRjFfFoc6lC68OHGVg9CZZg==\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Tue Mar 02 02:53:40 PST 2021", System.out); + private static final String VALID = "https://comodoecccertificationauthority-ev.comodoca.com"; + private static final String REVOKED = "https://comodoecccertificationauthority-ev.comodoca.com:444"; + private static final String CA_FINGERPRINT = + "17:93:92:7A:06:14:54:97:89:AD:CE:2F:8F:34:F7:F0:B6:6D:0F:3A:E3:A3:B8:4D:21:EC:15:DB:BA:4F:AD:C7"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class ComodoUserTrustRSA { - - // Owner: CN=Sectigo RSA Extended Validation Secure Server CA, O=Sectigo Limited, L=Salford, - // ST=Greater Manchester, C=GB - // Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US - // Serial number: 284e39c14b386d889c7299e58cd05a57 - // Valid from: Thu Nov 01 17:00:00 PDT 2018 until: Tue Dec 31 15:59:59 PST 2030 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIGNDCCBBygAwIBAgIQKE45wUs4bYiccpnljNBaVzANBgkqhkiG9w0BAQwFADCB\n" + - "iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\n" + - "cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\n" + - "BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx\n" + - "MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBkTELMAkGA1UEBhMCR0IxGzAZBgNV\n" + - "BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE\n" + - "ChMPU2VjdGlnbyBMaW1pdGVkMTkwNwYDVQQDEzBTZWN0aWdvIFJTQSBFeHRlbmRl\n" + - "ZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUA\n" + - "A4IBDwAwggEKAoIBAQCaoslYBiqFev0Yc4TXPa0s9oliMcn9VaENfTUK4GVT7niB\n" + - "QXxC6Mt8kTtvyr5lU92hDQDh2WDPQsZ7oibh75t2kowT3z1S+Sy1GsUDM4NbdOde\n" + - "orcmzFm/b4bwD4G/G+pB4EX1HSfjN9eT0Hje+AGvCrd2MmnxJ+Yymv9BH9OB65jK\n" + - "rUO9Na4iHr48XWBDFvzsPCJ11Uioof6dRBVp+Lauj88Z7k2X8d606HeXn43h6acp\n" + - "LLURWyqXM0CrzedVWBzuXKuBEaqD6w/1VpLJvSU+wl3ScvXSLFp82DSRJVJONXWl\n" + - "dp9gjJioPGRByeZw11k3galbbF5gFK9xSnbDx29LAgMBAAGjggGNMIIBiTAfBgNV\n" + - "HSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQULGn/gMmHkK40\n" + - "4bTnTJOFmUDpp7IwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw\n" + - "HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdIAQzMDEwLwYEVR0g\n" + - "ADAnMCUGCCsGAQUFBwIBFhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMFAGA1Ud\n" + - "HwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RS\n" + - "U0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYI\n" + - "KwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FB\n" + - "ZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0\n" + - "LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAQ4AzPxVypLyy3IjUUmVl7FaxrHsXQq2z\n" + - "Zt2gKnHQShuA+5xpRPNndjvhHk4D08PZXUe6Im7E5knqxtyl5aYdldb+HI/7f+zd\n" + - "W/1ub2N4Vq4ZYUjcZ1ECOFK7Z2zoNicDmU+Fe/TreXPuPsDicTG/tMcWEVM558OQ\n" + - "TJkB2LK3ZhGukWM/RTMRcRdXaXOX8Lh0ylzRO1O0ObXytvOFpkkkD92HGsfS06i7\n" + - "NLDPJEeZXqzHE5Tqj7VSAj+2luwfaXaPLD8lQEVci8xmsPGOn0mXE1ZzsChEPhVq\n" + - "FYQUsbiRJRhidKauhd+G2CkRTcR5fpsuz+iStB9s5Fks9lKoXnn0hv78VYjvR78C\n" + - "Cvj5FW/ounHjWTWMb3il9S5ngbFGcelB1l/MQkR63+1ybdi2OpjNWJCftxOWUpkC\n" + - "xaRdnOnSj7GQY0NLn8Gtq9FcSZydtkVgXpouSFZkXNS/MYwbcCCcRKBbrk8ss0SI\n" + - "Xg1gTURjh9VP1OHm0OktYcUw9e90wHIDn7h0qA+bWOsZquSRzT4s2crF3ZSA3tuV\n" + - "/UJ33mjdVO8wBD8aI5y10QreSPJvZHHNDyCmoyjXvNhR+u3arXUoHWxO+MZBeXbi\n" + - "iF7Nwn/IEmQvWBW8l6D26CXIavcY1kAJcfyzHkrPbLo+fAOa/KFl3lIU+0biEVNk\n" + - "Q9zXE6hC6X4=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=usertrustrsacertificationauthority-ev.comodoca.com, O=Sectigo Limited, STREET="3rd Floor, - // 26 Office Village", STREET=Exchange Quay, STREET=Trafford Road, L=Salford, ST=Manchester, OID.2.5.4.17=M5 3EQ, - // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690 - // Issuer: CN=Sectigo RSA Extended Validation Secure Server CA, O=Sectigo Limited, L=Salford, - // ST=Greater Manchester, C=GB - // Serial number: 4e484426dbfed0c222b2ed152465614a - // Valid from: Mon Mar 01 16:00:00 PST 2021 until: Sat Apr 02 16:59:59 PDT 2022 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIHTzCCBjegAwIBAgIQTkhEJtv+0MIisu0VJGVhSjANBgkqhkiG9w0BAQsFADCB\n" + - "kTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\n" + - "A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTkwNwYDVQQD\n" + - "EzBTZWN0aWdvIFJTQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg\n" + - "Q0EwHhcNMjEwMzAyMDAwMDAwWhcNMjIwNDAyMjM1OTU5WjCCAToxETAPBgNVBAUT\n" + - "CDA0MDU4NjkwMRMwEQYLKwYBBAGCNzwCAQMTAkdCMR0wGwYDVQQPExRQcml2YXRl\n" + - "IE9yZ2FuaXphdGlvbjELMAkGA1UEBhMCR0IxDzANBgNVBBETBk01IDNFUTETMBEG\n" + - "A1UECBMKTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEWMBQGA1UECRMNVHJh\n" + - "ZmZvcmQgUm9hZDEWMBQGA1UECRMNRXhjaGFuZ2UgUXVheTElMCMGA1UECRMcM3Jk\n" + - "IEZsb29yLCAyNiBPZmZpY2UgVmlsbGFnZTEYMBYGA1UEChMPU2VjdGlnbyBMaW1p\n" + - "dGVkMTswOQYDVQQDEzJ1c2VydHJ1c3Ryc2FjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5\n" + - "LWV2LmNvbW9kb2NhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" + - "AJ4f68XomMKS2uudXi7xp0fkRK4Q1pE2bamXB8PTsuyS9rhC8hD2zPr9Gs+NHAR0\n" + - "tG0GSWW1plzbpDFDEsCG+M+7fDl5cc/br8RLn75agZeKngv89y6RQUURxHq6N8hi\n" + - "lcJKHtWj9j6u1HYvu4u3lWWXQNbYnMWVqP1AVPZsGyDmKn/+Mc2ehvPdYSm/jQLr\n" + - "hH8Rudr12ZfKHTE4Xx7g5ZH0u52TEAWjuNCiXkhAYa/uUyEu3e7VlsnvxeqBENPn\n" + - "RwYhfT8mdXV6DvGrnv/NJj/tBTGE5kRbCh4HumY6I3x/XC5UeZE6rT+U6oeRgUOM\n" + - "6d7siAQVOspSqfTzR5HsBlECAwEAAaOCAvUwggLxMB8GA1UdIwQYMBaAFCxp/4DJ\n" + - "h5CuNOG050yThZlA6aeyMB0GA1UdDgQWBBR8+3Lw59S2HtjPs+KZcEJ+67fd/DAO\n" + - "BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD\n" + - "AQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA1BgwrBgEEAbIxAQIBBQEwJTAjBggrBgEF\n" + - "BQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwBwYFZ4EMAQEwVgYDVR0fBE8w\n" + - "TTBLoEmgR4ZFaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBRXh0ZW5k\n" + - "ZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGGBggrBgEFBQcBAQR6MHgw\n" + - "UQYIKwYBBQUHMAKGRWh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQUV4\n" + - "dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYX\n" + - "aHR0cDovL29jc3Auc2VjdGlnby5jb20wPQYDVR0RBDYwNIIydXNlcnRydXN0cnNh\n" + - "Y2VydGlmaWNhdGlvbmF1dGhvcml0eS1ldi5jb21vZG9jYS5jb20wggEFBgorBgEE\n" + - "AdZ5AgQCBIH2BIHzAPEAdwBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5t\n" + - "RwAAAXfyrRCwAAAEAwBIMEYCIQCeOHfnABa6cl0EHTzyMj2t2qBqORBAC16hJIIl\n" + - "Y52W4QIhAKHDk1m9lW0kmcZJWEko3eA9QKJSDLNLpdUoBPzNNc76AHYAb1N2rDHw\n" + - "MRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAF38q0R6wAABAMARzBFAiEAywsh\n" + - "8Ki6fFOExwR6de0qzTmf7bJMuQcY0Ry463/9R44CIDeAcX7Z9S1vlRB9gzVomNIN\n" + - "vkcnUazq7dowPnr5rYMOMA0GCSqGSIb3DQEBCwUAA4IBAQA3a+PBgH1SBVEDpgAN\n" + - "mWaqIQzJzMRfSgvopQ6nC8iD95SfYD/rvic7aOeBLh/5aEs/CknJsg6o0qB3wz1v\n" + - "T5JXd5JldRWw3nP80jkIaYgq97RUIkjcHhuw4hTyQP6wk7XVlPVLvBo9ePWxJjmn\n" + - "whxlSyxQ5A5NdrTqZOJmu9nFr2HXpX75kGwCkUKZI050FAZZydsK3LfMBTqe1Xwi\n" + - "PKyjXDWd40LjOEg31sA43ofO8n2pySP5LG5XAsvoAyPCy3zXhx5cdtmQFLIkntus\n" + - "DCfN+n51HPUo8r4PUhQtOiRUB3K871LTdwyv4/CRXS2fIhtO1pxYNKFOw0yrUf6j\n" + - "ECgk\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=usertrustrsacertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL, O=Sectigo Limited, - // STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, STREET=Trafford Road, L=Salford, ST=Manchester, - // OID.2.5.4.17=M5 3EQ, C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690 - // Issuer: CN=Sectigo RSA Extended Validation Secure Server CA, O=Sectigo Limited, L=Salford, - // ST=Greater Manchester, C=GB - // Serial number: b07fd164b5790c9d5d1fddff5819cdb2 - // Valid from: Sun Sep 29 17:00:00 PDT 2019 until: Tue Dec 28 15:59:59 PST 2021 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIH5TCCBs2gAwIBAgIRALB/0WS1eQydXR/d/1gZzbIwDQYJKoZIhvcNAQELBQAw\n" + - "gZExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO\n" + - "BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE5MDcGA1UE\n" + - "AxMwU2VjdGlnbyBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVy\n" + - "IENBMB4XDTE5MDkzMDAwMDAwMFoXDTIxMTIyODIzNTk1OVowggFWMREwDwYDVQQF\n" + - "EwgwNDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0\n" + - "ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExEzAR\n" + - "BgNVBAgTCk1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxFjAUBgNVBAkTDVRy\n" + - "YWZmb3JkIFJvYWQxFjAUBgNVBAkTDUV4Y2hhbmdlIFF1YXkxJTAjBgNVBAkTHDNy\n" + - "ZCBGbG9vciwgMjYgT2ZmaWNlIFZpbGxhZ2UxGDAWBgNVBAoTD1NlY3RpZ28gTGlt\n" + - "aXRlZDEaMBgGA1UECxMRQ09NT0RPIEVWIFNHQyBTU0wxOzA5BgNVBAMTMnVzZXJ0\n" + - "cnVzdHJzYWNlcnRpZmljYXRpb25hdXRob3JpdHktZXYuY29tb2RvY2EuY29tMIIB\n" + - "IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh/rxeiYwpLa651eLvGnR+RE\n" + - "rhDWkTZtqZcHw9Oy7JL2uELyEPbM+v0az40cBHS0bQZJZbWmXNukMUMSwIb4z7t8\n" + - "OXlxz9uvxEufvlqBl4qeC/z3LpFBRRHEero3yGKVwkoe1aP2Pq7Udi+7i7eVZZdA\n" + - "1ticxZWo/UBU9mwbIOYqf/4xzZ6G891hKb+NAuuEfxG52vXZl8odMThfHuDlkfS7\n" + - "nZMQBaO40KJeSEBhr+5TIS7d7tWWye/F6oEQ0+dHBiF9PyZ1dXoO8aue/80mP+0F\n" + - "MYTmRFsKHge6ZjojfH9cLlR5kTqtP5Tqh5GBQ4zp3uyIBBU6ylKp9PNHkewGUQID\n" + - "AQABo4IDbjCCA2owHwYDVR0jBBgwFoAULGn/gMmHkK404bTnTJOFmUDpp7IwHQYD\n" + - "VR0OBBYEFHz7cvDn1LYe2M+z4plwQn7rt938MA4GA1UdDwEB/wQEAwIFoDAMBgNV\n" + - "HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAE\n" + - "QjBAMDUGDCsGAQQBsjEBAgEFATAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3Rp\n" + - "Z28uY29tL0NQUzAHBgVngQwBATBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3Js\n" + - "LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FFeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVT\n" + - "ZXJ2ZXJDQS5jcmwwgYYGCCsGAQUFBwEBBHoweDBRBggrBgEFBQcwAoZFaHR0cDov\n" + - "L2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBRXh0ZW5kZWRWYWxpZGF0aW9uU2Vj\n" + - "dXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdv\n" + - "LmNvbTA9BgNVHREENjA0gjJ1c2VydHJ1c3Ryc2FjZXJ0aWZpY2F0aW9uYXV0aG9y\n" + - "aXR5LWV2LmNvbW9kb2NhLmNvbTCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYA\n" + - "7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFtgzv54wAABAMARzBF\n" + - "AiB5PmhsK3zU3XdKvyxw/wWHMmLI7apHLa1yKdjkA8H+ggIhALdUx7Tl8aeWhK6z\n" + - "lh+PHvMAdCcAJK6w9qBJGQtSrYO5AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgX\n" + - "L6OqHQcT0wwAAAFtgzv5zgAABAMARjBEAiBumSwAUamibqJXTN2cf/H3mjd0T35/\n" + - "UK9w2hu9gFobxgIgSXTLndHyqFUmcmquu3It0WC1yl6YMceGixbQL1e8BQcAdwC7\n" + - "2d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAW2DO/nXAAAEAwBIMEYC\n" + - "IQDHRs10oYoXE5yq6WsiksjdQsUWZNpbSsrmz0u+KlxTVQIhAJ4rvHItKSeJLkaN\n" + - "S3YpVZnkN8tOwuxPsYeyVx/BtaNpMA0GCSqGSIb3DQEBCwUAA4IBAQAPFIsUFymo\n" + - "VTp0vntHrZpBApBQzDeriQv7Bi7tmou/Ng47RtXW3DjGdrePGSfOdl7h62k8qprU\n" + - "JeLyloDqhvmT/CG/hdwrfZ3Sv3N2xpetGcnW5S3oEi3m+/M1ls9eD+x1vybqV9Kd\n" + - "lcjuV7SYDlbvAS9w7TcygudhdW0cI8XTCvesGKohBkAlqaQ/MWYpt4WvsxHjbWgn\n" + - "5ZlIYR6A1ZFEjADifViH/5AA79lgGhAskkIWPjvRFalEVKTKtjhRK76eCfZs4Frr\n" + - "CEOpon+BeNKk+x/K/r10dSoWe0SV2uGVxTD83zkP++eREwo1hTgn8bXn7ftlnA3j\n" + - "7ml+Usz6udaD\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Tue Mar 02 02:55:42 PST 2021", System.out); + private static final String VALID = "https://usertrustrsacertificationauthority-ev.comodoca.com"; + private static final String REVOKED = "https://usertrustrsacertificationauthority-ev.comodoca.com:444"; + private static final String CA_FINGERPRINT = + "E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class ComodoUserTrustECC { - - // Owner: CN=Sectigo ECC Extended Validation Secure Server CA, O=Sectigo Limited, L=Salford, - // ST=Greater Manchester, C=GB - // Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US - // Serial number: 80f5606d3a162b143adc12fbe8c2066f - // Valid from: Thu Nov 01 17:00:00 PDT 2018 until: Tue Dec 31 15:59:59 PST 2030 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIDyTCCA0+gAwIBAgIRAID1YG06FisUOtwS++jCBm8wCgYIKoZIzj0EAwMwgYgx\n" + - "CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz\n" + - "ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQD\n" + - "EyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MTEw\n" + - "MjAwMDAwMFoXDTMwMTIzMTIzNTk1OVowgZExCzAJBgNVBAYTAkdCMRswGQYDVQQI\n" + - "ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoT\n" + - "D1NlY3RpZ28gTGltaXRlZDE5MDcGA1UEAxMwU2VjdGlnbyBFQ0MgRXh0ZW5kZWQg\n" + - "VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" + - "AQcDQgAEAyJ5Ca9JyXq8bO+krLVWysbtm7fdMSJ54uFD23t0x6JAC4IjxevfQJzW\n" + - "z4T6yY+FybTBqtOa++ijJFnkB5wKy6OCAY0wggGJMB8GA1UdIwQYMBaAFDrhCYbU\n" + - "zxnClnZ0SXbc4DXGY2OaMB0GA1UdDgQWBBTvwSqVDDLa+3Mw3IoT2BVL9xPo+DAO\n" + - "BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr\n" + - "BgEFBQcDAQYIKwYBBQUHAwIwOgYDVR0gBDMwMTAvBgRVHSAAMCcwJQYIKwYBBQUH\n" + - "AgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wUAYDVR0fBEkwRzBFoEOgQYY/\n" + - "aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVDQ0NlcnRpZmljYXRp\n" + - "b25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/BggrBgEFBQcwAoYzaHR0\n" + - "cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVDQ0FkZFRydXN0Q0EuY3J0\n" + - "MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMAoGCCqGSM49\n" + - "BAMDA2gAMGUCMQCjHztBDL90GCRXHlGqm0H7kzP04hd0MxwakKjWzOmstXNFLONj\n" + - "RFa0JqI/iKUJMFcCMCbLgyzcFW7DihtY5XE0XCLCw+git0NjxiFB6FaOFIlyDdqT\n" + - "j+Th+DJ92JLvICVD/g==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=usertrustecccertificationauthority-ev.comodoca.com, O=Sectigo Limited, - // STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, STREET=Trafford Road, L=Salford, - // ST=Manchester, OID.2.5.4.17=M5 3EQ, - // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690 - // Issuer: CN=Sectigo ECC Extended Validation Secure Server CA, O=Sectigo Limited, L=Salford, - // ST=Greater Manchester, C=GB - // Serial number: 9aa5da67480446fd7bf408fd5fdaa1d8 - // Valid from: Mon Mar 01 16:00:00 PST 2021 until: Sat Apr 02 16:59:59 PDT 2022 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIFwTCCBWigAwIBAgIRAJql2mdIBEb9e/QI/V/aodgwCgYIKoZIzj0EAwIwgZEx\n" + - "CzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNV\n" + - "BAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE5MDcGA1UEAxMw\n" + - "U2VjdGlnbyBFQ0MgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\n" + - "MB4XDTIxMDMwMjAwMDAwMFoXDTIyMDQwMjIzNTk1OVowggE6MREwDwYDVQQFEwgw\n" + - "NDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0ZSBP\n" + - "cmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExEzARBgNV\n" + - "BAgTCk1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxFjAUBgNVBAkTDVRyYWZm\n" + - "b3JkIFJvYWQxFjAUBgNVBAkTDUV4Y2hhbmdlIFF1YXkxJTAjBgNVBAkTHDNyZCBG\n" + - "bG9vciwgMjYgT2ZmaWNlIFZpbGxhZ2UxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRl\n" + - "ZDE7MDkGA1UEAxMydXNlcnRydXN0ZWNjY2VydGlmaWNhdGlvbmF1dGhvcml0eS1l\n" + - "di5jb21vZG9jYS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQtMl8R33Za\n" + - "WD6H8BW0+wybBf0+6+L5YYK/eyAVGm6vwjLaQZWlcdFBMKfaP1qTLi0VAabs4baS\n" + - "UkD8wR568pVpo4IC8zCCAu8wHwYDVR0jBBgwFoAU78EqlQwy2vtzMNyKE9gVS/cT\n" + - "6PgwHQYDVR0OBBYEFLOtYfOaIfDHZGubtKNELRR6A2srMA4GA1UdDwEB/wQEAwIH\n" + - "gDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJ\n" + - "BgNVHSAEQjBAMDUGDCsGAQQBsjEBAgEFATAlMCMGCCsGAQUFBwIBFhdodHRwczov\n" + - "L3NlY3RpZ28uY29tL0NQUzAHBgVngQwBATBWBgNVHR8ETzBNMEugSaBHhkVodHRw\n" + - "Oi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29FQ0NFeHRlbmRlZFZhbGlkYXRpb25T\n" + - "ZWN1cmVTZXJ2ZXJDQS5jcmwwgYYGCCsGAQUFBwEBBHoweDBRBggrBgEFBQcwAoZF\n" + - "aHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvRUNDRXh0ZW5kZWRWYWxpZGF0\n" + - "aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5z\n" + - "ZWN0aWdvLmNvbTA9BgNVHREENjA0gjJ1c2VydHJ1c3RlY2NjZXJ0aWZpY2F0aW9u\n" + - "YXV0aG9yaXR5LWV2LmNvbW9kb2NhLmNvbTCCAQMGCisGAQQB1nkCBAIEgfQEgfEA\n" + - "7wB2AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAABd/Kung0AAAQD\n" + - "AEcwRQIhAI16l52NctGAphhc6eh2kK2vO5QYk5nyouL3P6U/gG/dAiBfJRJ+iqE/\n" + - "noco35RpNtlV4GABrwmw1I/1R+L79VzwEAB1AG9Tdqwx8DEZ2JkApFEV/3cVHBHZ\n" + - "AsEAKQaNsgiaN9kTAAABd/KunvwAAAQDAEYwRAIgS+r3C10ua38DPJKvUJvW5bvL\n" + - "SCQ949n3sBJvhV6aXq4CIH/oEGgvJmKtMEjVKUQg8TrZO6LwQ+0sYfL79Qvm8wL3\n" + - "MAoGCCqGSM49BAMCA0cAMEQCID4Q9cc8OQ9tmKnnKZyplPsPipI5apVGkBqFRUSt\n" + - "zzM3AiAw5tw3cv/oabDsYdU+lmp5kZ/S3Z97ANAAaHE0AfXe/Q==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=usertrustecccertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL, - // O=Sectigo Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, STREET=Trafford Road, - // L=Salford, OID.2.5.4.17=M5 3EQ, - // C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690 - // Issuer: CN=Sectigo ECC Extended Validation Secure Server CA, O=Sectigo Limited, L=Salford, - // ST=Greater Manchester, C=GB - // Serial number: 8b72489b7f505a55e2a22659c90ed2ab - // Valid from: Sun Sep 29 17:00:00 PDT 2019 until: Tue Dec 28 15:59:59 PST 2021 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIGRTCCBeugAwIBAgIRAItySJt/UFpV4qImWckO0qswCgYIKoZIzj0EAwIwgZEx\n" + - "CzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNV\n" + - "BAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE5MDcGA1UEAxMw\n" + - "U2VjdGlnbyBFQ0MgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\n" + - "MB4XDTE5MDkzMDAwMDAwMFoXDTIxMTIyODIzNTk1OVowggFBMREwDwYDVQQFEwgw\n" + - "NDA1ODY5MDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0ZSBP\n" + - "cmdhbml6YXRpb24xCzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExEDAOBgNV\n" + - "BAcTB1NhbGZvcmQxFjAUBgNVBAkTDVRyYWZmb3JkIFJvYWQxFjAUBgNVBAkTDUV4\n" + - "Y2hhbmdlIFF1YXkxJTAjBgNVBAkTHDNyZCBGbG9vciwgMjYgT2ZmaWNlIFZpbGxh\n" + - "Z2UxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEaMBgGA1UECxMRQ09NT0RPIEVW\n" + - "IFNHQyBTU0wxOzA5BgNVBAMTMnVzZXJ0cnVzdGVjY2NlcnRpZmljYXRpb25hdXRo\n" + - "b3JpdHktZXYuY29tb2RvY2EuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n" + - "LTJfEd92Wlg+h/AVtPsMmwX9Puvi+WGCv3sgFRpur8Iy2kGVpXHRQTCn2j9aky4t\n" + - "FQGm7OG2klJA/MEeevKVaaOCA28wggNrMB8GA1UdIwQYMBaAFO/BKpUMMtr7czDc\n" + - "ihPYFUv3E+j4MB0GA1UdDgQWBBSzrWHzmiHwx2Rrm7SjRC0UegNrKzAOBgNVHQ8B\n" + - "Af8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n" + - "BQUHAwIwSQYDVR0gBEIwQDA1BgwrBgEEAbIxAQIBBQEwJTAjBggrBgEFBQcCARYX\n" + - "aHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwBwYFZ4EMAQEwVgYDVR0fBE8wTTBLoEmg\n" + - "R4ZFaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvRUNDRXh0ZW5kZWRWYWxp\n" + - "ZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGGBggrBgEFBQcBAQR6MHgwUQYIKwYB\n" + - "BQUHMAKGRWh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb0VDQ0V4dGVuZGVk\n" + - "VmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDov\n" + - "L29jc3Auc2VjdGlnby5jb20wPQYDVR0RBDYwNIIydXNlcnRydXN0ZWNjY2VydGlm\n" + - "aWNhdGlvbmF1dGhvcml0eS1ldi5jb21vZG9jYS5jb20wggF/BgorBgEEAdZ5AgQC\n" + - "BIIBbwSCAWsBaQB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAAB\n" + - "bYL/SJoAAAQDAEcwRQIhAL7EJt/Rgz6NBnx2v8Hevux3Gpcxy64kaeyLVgFeNqFk\n" + - "AiBRf+OWLOtZzEav/oERljrk8hgZB4CR1nj/Tn98cmRrwwB2AFWB1MIWkDYBSuoL\n" + - "m1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABbYL/SIgAAAQDAEcwRQIgVtZZaiBMC2lu\n" + - "atBzUHQmOq4qrUQP7nS83cd3VzPhToECIQDnlpOCdaxJwr8C0MtkvYpKSabwBPFL\n" + - "ASEkwmOpjuQErAB3ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAAB\n" + - "bYL/SJoAAAQDAEgwRgIhAI8OgzP/kzF1bOJRHU2S/ewij/6HpGPy7Mbm7Hyuv3IU\n" + - "AiEAxDmX2FmORlgeerQmQ+ar3D9/TwA9RQckVDu5IrgweREwCgYIKoZIzj0EAwID\n" + - "SAAwRQIhAPwQWGWd3oR7YJ7ngCDQ9TAbdPgND51SiR34WfEgaTQtAiAxD4umKm02\n" + - "59GEMj5NpyF2ZQEq5mEGcjJNojrn+PC4zg==\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Tue Mar 02 02:59:25 PST 2021", System.out); + private static final String VALID = "https://usertrustecccertificationauthority-ev.comodoca.com"; + private static final String REVOKED = "https://usertrustecccertificationauthority-ev.comodoca.com:444"; + private static final String CA_FINGERPRINT = + "4F:F4:60:D5:4B:9C:86:DA:BF:BC:FC:57:12:E0:40:0D:2B:ED:3F:BC:4D:4F:BD:AA:86:E0:6A:DC:D2:A9:AD:7A"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java index 40b01309ccb42..559d5322f371d 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,298 +22,64 @@ */ /* - * @test + * @test id=OCSP * @bug 8195774 8243321 * @summary Interoperability tests with Entrust CAs - * @build ValidatePathWithParams + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath EntrustCA OCSP - * @run main/othervm -Djava.security.debug=certpath EntrustCA CRL */ /* - * Obtain test artifacts for Entrust CA from: - * - * EC CA: - * Valid: https://validec.entrust.net - * Revoked https://revokedec.entrust.net - * - * G4 CA: - * Valid: https://validg4.entrust.net - * Revoked: https://revokedg4.entrust.net + * @test id=CRL + * @bug 8195774 8243321 + * @summary Interoperability tests with Entrust CAs + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL + * @run main/othervm -Djava.security.debug=certpath EntrustCA CRL */ + +import java.security.cert.CertificateEncodingException; public class EntrustCA { public static void main(String[] args) throws Exception { - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); - boolean ocspEnabled = false; + ValidatePathWithURL pathValidator = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); - } else { - // OCSP check by default - pathValidator.enableOCSPCheck(); - ocspEnabled = true; - } + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + pathValidator.enableCRLOnly(); + } else { + // OCSP check by default + pathValidator.enableOCSPOnly(); + } - new Entrust_ECCA().runTest(pathValidator, ocspEnabled); - new Entrust_G4().runTest(pathValidator, ocspEnabled); + new Entrust_ECCA().runTest(pathValidator); + new Entrust_G4().runTest(pathValidator); } } class Entrust_ECCA { - - // Owner: CN=Entrust Certification Authority - L1J, OU="(c) 2016 Entrust, Inc. - for authorized use only", - // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US - // Issuer: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", - // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIID5zCCA2ygAwIBAgIQCoPUgD5+n1EAAAAAUdTB9zAKBggqhkjOPQQDAzCBvzEL\n" + - "MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl\n" + - "ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy\n" + - "IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UE\n" + - "AxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4X\n" + - "DTE2MDQwNTIwMTk1NFoXDTM3MTAwNTIwNDk1NFowgboxCzAJBgNVBAYTAlVTMRYw\n" + - "FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3Qu\n" + - "bmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNiBFbnRydXN0LCBJbmMu\n" + - "IC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2Vy\n" + - "dGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUowdjAQBgcqhkjOPQIBBgUrgQQAIgNi\n" + - "AAT14eFXmpQX/dEf7NAxrMH13n0btz1KKvH2S1rROGPAKex2CY8yxznbffK/MbCk\n" + - "F7ByYXGs1+8kL5xmTysU/c+YmjOZx2mMSAk2DPw30fijJ3tRrwChZ+TBpgtB6+A5\n" + - "MsCjggEuMIIBKjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAz\n" + - "BggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3Qu\n" + - "bmV0MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvZWMx\n" + - "cm9vdC5jcmwwOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEWGmh0dHA6\n" + - "Ly93d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\n" + - "BQcDAjAdBgNVHQ4EFgQUw/lFA77I+Qs8RTXz63Ls5+jrlJswHwYDVR0jBBgwFoAU\n" + - "t2PnGt2N6QimVYOk4GpQQWURQkkwCgYIKoZIzj0EAwMDaQAwZgIxAPnVAOqxKDd7\n" + - "v37EBmpPqWCCWBFPKW6HpRx3GUWc9caeQIw8rO2HXYgf92pb/TsJYAIxAJhI0MpR\n" + - "z5L42xF1R9UIPfQxCMwgsnWBqIqcfMrMO+2DxQy6GIP3cFFj9gRyxguKWw==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=validec.entrust.net, SERIALNUMBER=D15576572, OID.2.5.4.15=Private Organization, O="Entrust, Inc.", - // OID.1.3.6.1.4.1.311.60.2.1.2=Maryland, OID.1.3.6.1.4.1.311.60.2.1.3=US, L=Kanata, ST=Ontario, C=CA - // Issuer: CN=Entrust Certification Authority - L1J, OU="(c) 2016 Entrust, Inc. - for authorized use only", - // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIFrTCCBTKgAwIBAgIQYtgW4DLwh74AAAAAVqBXkTAKBggqhkjOPQQDAjCBujEL\n" + - "MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl\n" + - "ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDE2\n" + - "IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE\n" + - "AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSjAeFw0xODA2\n" + - "MjUxMzE1NTdaFw0xOTA2MjUxMzQ1NTBaMIHJMQswCQYDVQQGEwJDQTEQMA4GA1UE\n" + - "CBMHT250YXJpbzEPMA0GA1UEBxMGS2FuYXRhMRMwEQYLKwYBBAGCNzwCAQMTAlVT\n" + - "MRkwFwYLKwYBBAGCNzwCAQITCE1hcnlsYW5kMRYwFAYDVQQKEw1FbnRydXN0LCBJ\n" + - "bmMuMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjESMBAGA1UEBRMJRDE1\n" + - "NTc2NTcyMRwwGgYDVQQDExN2YWxpZGVjLmVudHJ1c3QubmV0MFkwEwYHKoZIzj0C\n" + - "AQYIKoZIzj0DAQcDQgAEHQe7lUaAUgIwR9EiLJlhkbx+HfSr22M3JvQD6+fnYgqd\n" + - "55e6E1UE45fk92UpqPi1CEbXrdpmWKu1Z470B9cPGaOCAwcwggMDMB4GA1UdEQQX\n" + - "MBWCE3ZhbGlkZWMuZW50cnVzdC5uZXQwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsB\n" + - "aQB1AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZDcxpMkAAAQD\n" + - "AEYwRAIgIb0PwjCcNOchJg8Zywz/0Lwm2vEOJUSao6BqNUIsyaYCIElHHexB06LE\n" + - "yXWDXO7UqOtWT6uqkdJN8V4TzwT9B4o4AHcA3esdK3oNT6Ygi4GtgWhwfi6OnQHV\n" + - "XIiNPRHEzbbsvswAAAFkNzGkvgAABAMASDBGAiEAlxy/kxB9waIifYn+EV550pvA\n" + - "C3jUfS/bjsKbcsBH9cQCIQDSHTJORz6fZu8uLFhpV525pw7iHVh2dSn3gpcteObh\n" + - "DQB3ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABZDcxpTsAAAQD\n" + - "AEgwRgIhAPCBqVqSvAEIXMPloV0tfBEEdjRrAhiG407cPqYwt9AFAiEAuQf4R5os\n" + - "MLkD3XhxvrTDvnD+PUOf8PzPevsWkuxNqcQwDgYDVR0PAQH/BAQDAgeAMB0GA1Ud\n" + - "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBjBggrBgEFBQcBAQRXMFUwIwYIKwYB\n" + - "BQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MC4GCCsGAQUFBzAChiJodHRw\n" + - "Oi8vYWlhLmVudHJ1c3QubmV0L2wxai1lYzEuY2VyMDMGA1UdHwQsMCowKKAmoCSG\n" + - "Imh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxai5jcmwwSgYDVR0gBEMwQTA2\n" + - "BgpghkgBhvpsCgECMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5u\n" + - "ZXQvcnBhMAcGBWeBDAEBMB8GA1UdIwQYMBaAFMP5RQO+yPkLPEU18+ty7Ofo65Sb\n" + - "MB0GA1UdDgQWBBT+J7OhS6gskCanmOGnx10DPSF8ATAJBgNVHRMEAjAAMAoGCCqG\n" + - "SM49BAMCA2kAMGYCMQCQLUQABT74TmdHzAtB97uNF5+Zy15wzkmlKeRSOXCIf2C5\n" + - "YKjsgdkR1OdzZXcpjNgCMQDfWcdPhodNXZC4l1lLPOPaTzPPw6uVqqoITQlc6r1t\n" + - "dRkkD6K9ii/X8EtwoFp7s80=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revokedec.entrust.net, SERIALNUMBER=115868500, OID.2.5.4.15=Private Organization, O="Entrust, Inc.", - // OID.1.3.6.1.4.1.311.60.2.1.2=Texas, OID.1.3.6.1.4.1.311.60.2.1.3=US, L=Kanata, ST=Ontario, C=CA - // Issuer: CN=Entrust Certification Authority - L1J, OU="(c) 2016 Entrust, Inc. - for authorized use only", - // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIGJzCCBaygAwIBAgIRAM0WDfag1taIAAAAAFagJ5gwCgYIKoZIzj0EAwIwgbox\n" + - "CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9T\n" + - "ZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAx\n" + - "NiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNV\n" + - "BAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUowHhcNMTcw\n" + - "NTI0MTcwNzA4WhcNMTkwNTI0MTczNjU1WjCByDELMAkGA1UEBhMCQ0ExEDAOBgNV\n" + - "BAgTB09udGFyaW8xDzANBgNVBAcTBkthbmF0YTETMBEGCysGAQQBgjc8AgEDEwJV\n" + - "UzEWMBQGCysGAQQBgjc8AgECEwVUZXhhczEWMBQGA1UEChMNRW50cnVzdCwgSW5j\n" + - "LjEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xEjAQBgNVBAUTCTExNTg2\n" + - "ODUwMDEeMBwGA1UEAxMVcmV2b2tlZGVjLmVudHJ1c3QubmV0MFkwEwYHKoZIzj0C\n" + - "AQYIKoZIzj0DAQcDQgAEN5MP/59yrs9uwVM/Mrc8IuHonMChAZgN2twwvh8KTnR2\n" + - "3stfem/R+NtLccq+4ds1+8ktnXgP7u1x0as6IJOH1qOCA4EwggN9MCAGA1UdEQQZ\n" + - "MBeCFXJldm9rZWRlYy5lbnRydXN0Lm5ldDCCAfcGCisGAQQB1nkCBAIEggHnBIIB\n" + - "4wHhAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFcO4iiogAA\n" + - "BAMARzBFAiAgHVpryyNVgnsUIihu+5DC2/vuP8Cy5iXq8NhCBXg8UgIhAKi5jImT\n" + - "f1FJksvHboc0EZh9TWhWljVZ6E5jB2CL+qzeAHcAVhQGmi/XwuzT9eG9RLI+x0Z2\n" + - "ubyZEVzA75SYVdaJ0N0AAAFcO4ij9QAABAMASDBGAiEA4B2p2726ISSkKC9WVlzj\n" + - "BVwYZ1Hr7mTjPrFqkoGpEHYCIQC5iuInkJXGBANLTH06BHIQkkr4KnFRl9QBOSw4\n" + - "b+kNqgB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABXDuIpkcA\n" + - "AAQDAEYwRAIgQ9ssw19wIhHWW6IWgwnIyB7e30HacBNX6S1eQ3GUX04CICffGj3A\n" + - "WWmK9lixmk35YklMnSXNqHQezSYRiCYtXxejAHcApLkJkLQYWBSHuxOizGdwCjw1\n" + - "mAT5G9+443fNDsgN3BAAAAFcO4inUwAABAMASDBGAiEA+8T9tpPw/mU/STsNv0oz\n" + - "8Nla21fKlpEOyWqDKWPSUeYCIQCwI5tDyyaJtyFY9/OVqLG+BKPKjscUtTqGJYl4\n" + - "XbOo1jAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF\n" + - "BwMCMGMGCCsGAQUFBwEBBFcwVTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50\n" + - "cnVzdC5uZXQwLgYIKwYBBQUHMAKGImh0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFq\n" + - "LWVjMS5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5l\n" + - "dC9sZXZlbDFqLmNybDBKBgNVHSAEQzBBMDYGCmCGSAGG+mwKAQIwKDAmBggrBgEF\n" + - "BQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwBwYFZ4EMAQEwHwYDVR0j\n" + - "BBgwFoAUw/lFA77I+Qs8RTXz63Ls5+jrlJswHQYDVR0OBBYEFIj28ytR8ulo1p2t\n" + - "ZnBQOLK0rlLUMAkGA1UdEwQCMAAwCgYIKoZIzj0EAwIDaQAwZgIxANzqGRI0en5P\n" + - "gSUDcdwoQSNKrBPBfGz2AQVLHAXsxvIlGhKZAQtM49zxA8AdFy/agwIxAMEjJH6A\n" + - "4UbcGZc40eYu6wUbAxiUDD3gwSElNQ8Z6IhNLPCCdMM6KZORyaagAcXn4A==\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Wed May 24 10:39:28 PDT 2017", System.out); + private static final String VALID = "https://validec.entrust.net"; + private static final String REVOKED = "https://revokedec.entrust.net"; + private static final String CA_FINGERPRINT = + "E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class Entrust_G4 { - - // Owner: CN=Entrust Certification Authority - L1N, OU="(c) 2014 Entrust, Inc. - for authorized use only", - // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US - // Issuer: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", - // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIGMjCCBBqgAwIBAgIRAKvsd/8bQQwHAAAAAFVl2AUwDQYJKoZIhvcNAQELBQAw\n" + - "gb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL\n" + - "Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg\n" + - "MjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw\n" + - "BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0\n" + - "MB4XDTE3MTEyMjIwMDQyMFoXDTMwMTIyMjIwMzQyMFowgboxCzAJBgNVBAYTAlVT\n" + - "MRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1\n" + - "c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNCBFbnRydXN0LCBJ\n" + - "bmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3Qg\n" + - "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMU4wggEiMA0GCSqGSIb3DQEBAQUA\n" + - "A4IBDwAwggEKAoIBAQDcSG+caYQ4xcvf+dt8bgCEHorO0g5j0H1NOtQzRXgUoG8y\n" + - "QuRbJX9swyKqQZbsc18YvTV8OKA/uSNE46Jvq47TFPojWWTVLbNDqpM07e4EFYKs\n" + - "A9NFzAUngijnf3ivnXA6iNPAMXaEhXmhY/YFjk8NoM7Y1PFsA0oj5hamKQ06iO/j\n" + - "gvBScLmnQ1ju9Qj9IGIg18UL5AJNw0frspLUQBYVrLGaqAy5Nl2BUJKaZ4vnSLvP\n" + - "nk6YrB15mo1phHae10Ba4fx7R3z8IZ/hby4OXTy/KZpu107VEQPAwTuDK8ZXxB5y\n" + - "0DSzi4vaw27aLrUsq4aFqUo03gEfC31vWW76TNkFAgMBAAGjggErMIIBJzAOBgNV\n" + - "HQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEF\n" + - "BQcDAQYIKwYBBQUHAwIwOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEW\n" + - "Gmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMDMGCCsGAQUFBwEBBCcwJTAjBggr\n" + - "BgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMAYDVR0fBCkwJzAloCOg\n" + - "IYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nNGNhLmNybDAdBgNVHQ4EFgQU7kfR\n" + - "hXHx/S23P7s+Y1h3F0lADpUwHwYDVR0jBBgwFoAUnzjEViPDOeigcWzoVEzk6Dqx\n" + - "v2cwDQYJKoZIhvcNAQELBQADggIBACMeFFgsWmC7h6D1v8DJUkOpm/m5UhVhO0hb\n" + - "pQMQKMhKkl744Y9SWG4WNmpQy743TTciEJPZFhc7ke2R6VmK8ZJUqro2awOw1RWZ\n" + - "OtHla59Btf1NQd41vOVdU+qFhs8lFfXg9sK7YHTrfxHtMXLoGnkkamK3xJgn7sXa\n" + - "/zUvUDBTpDCXcpO9SyHoKIQswmkIPpRyIdPF4biRdR3N+9MYmlfqN/Nk3OEZ73xZ\n" + - "AUZP6Gu+f9cEiHTA8NdYHCPLJWyFnIHWK+QuTFEnKYnOYxCeroLBNOO64e8JWZ39\n" + - "kZ22BBXhHzqOCCczS7JOJTRF+JgvWuxbFwRstj8qf3fE+JndWmq2FC4hTHtpuK5K\n" + - "ENuiRm5gdkXfsXmB+qB6y5gaajiTIMscGIcZIKTe2YdKrLoicvEz8k+loM7favik\n" + - "vzFioTNTDHYGx3mkfElBE7ycY8n+jZE3QBBv33k28MeQi7XNgEaMc4tYwoZIdE9A\n" + - "xVccXTzEQzka82dOkRB1dU0XZId9XAWv+CtNc2TjF6Wgx2seA/c6H8S0IfgQBIV2\n" + - "8iN2wZns2QFdawkdy3hMUqPnA++kuGhLW3GemsIY5dP/WxY8rd+OfLb/Ks9T1pCd\n" + - "28t7PQRcQsgkYmouzrOW9ASBvYqLLdhl4y+fFXff8RkPIKMNoYP06WJvRKmky9R/\n" + - "41/nXRas\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=validg4.entrust.net, SERIALNUMBER=1913605, OID.2.5.4.15=Private Organization, - // O=Entrust Datacard Limited, OID.1.3.6.1.4.1.311.60.2.1.2=Ontario, OID.1.3.6.1.4.1.311.60.2.1.3=CA, - // L=Ottawa, ST=Ontario, C=CA - // Issuer: CN=Entrust Certification Authority - L1N, OU="(c) 2014 Entrust, Inc. - for authorized use only", - // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US - // Serial number: 83790beb78eeb966007ad3dbf11d570 - // Valid from: Fri May 29 13:29:00 PDT 2020 until: Sun Aug 28 13:34:23 PDT 2022 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIFpjCCBI6gAwIBAgIQCDeQvreO65ZgB609vxHVcDANBgkqhkiG9w0BAQsFADCB\n" + - "ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT\n" + - "H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy\n" + - "MDE0IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG\n" + - "A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxTjAeFw0y\n" + - "MDA1MjkyMDI5MDBaFw0yMjA4MjgyMDM0MjNaMIHRMQswCQYDVQQGEwJDQTEQMA4G\n" + - "A1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMRMwEQYLKwYBBAGCNzwCAQMT\n" + - "AkNBMRgwFgYLKwYBBAGCNzwCAQITB09udGFyaW8xITAfBgNVBAoTGEVudHJ1c3Qg\n" + - "RGF0YWNhcmQgTGltaXRlZDEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24x\n" + - "EDAOBgNVBAUTBzE5MTM2MDUxHDAaBgNVBAMTE3ZhbGlkZzQuZW50cnVzdC5uZXQw\n" + - "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC508f77Kp/kfbqs9DHfa+V\n" + - "977gsVzI78TzfN4tF3ujwnPgd9mzLArM71VJvceOJUto7ywRasxmFxOLHf7WN2Kg\n" + - "U1yk/Kp9WUNfjmjIkI+JfCTkaz1RztpW85GNN9SL/W2yFIxv0ijAiGoQeC7J80Ni\n" + - "+y31Q5+M0oPMzngBOtD8LpyVt+/lSwUvxwhlChu7LWpIFmBUriILkvh11vxaItZV\n" + - "Jm4g8amE33/eXPFjZxB4ABQpBMC4QVg10UP+DpimZuJa6oQZfoNUjDF2yKlyrA+z\n" + - "s3kK8SXzJhE5LQxBp158jAoCVZuER08cumw3wvXI5NGzkzDxpTGacDO0bDo2ULpN\n" + - "AgMBAAGjggGNMIIBiTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH\n" + - "AwIGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOA38RC6Sv6hMUgY\n" + - "eLACjvqO13vsMB8GA1UdIwQYMBaAFO5H0YVx8f0ttz+7PmNYdxdJQA6VMGgGCCsG\n" + - "AQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQw\n" + - "MwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFuLWNoYWluMjU2\n" + - "LmNlcjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xl\n" + - "dmVsMW4uY3JsMB4GA1UdEQQXMBWCE3ZhbGlkZzQuZW50cnVzdC5uZXQwSwYDVR0g\n" + - "BEQwQjA3BgpghkgBhvpsCgECMCkwJwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3LmVu\n" + - "dHJ1c3QubmV0L3JwYTAHBgVngQwBATANBgkqhkiG9w0BAQsFAAOCAQEAOExxxxEk\n" + - "iAZZ4RJSWwI/CBQYAlUmd2wb/SBk9eYNAu/UL0XiAbwbOjH2dV6JHwAdwn0eoPR1\n" + - "KK/E1/OVoVibVBdxLMISPqdodRgHps6kGCOJxS8Zz8d3AEvx27EQ/Hg/EwIJZsUK\n" + - "dyb48V6a3XzExqLiwGu9oI9Ozm3/mo11ixmhvSFXH+FZf93qvvCSO+XTGGrLv5ja\n" + - "Tkazn/HgnwUBHd1TiO0jLhAdc+rZyd/SDjXMAXsa99zVfc2MY0Mb8+MohNHOwqYg\n" + - "tuYuirvtt9P0oteauL+iEBCRcqsmJaHGeaEyJH2QMxC5W22KpW245eHisW7rMoGQ\n" + - "9nbGmfe97p7bHQ==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revokedg4.entrust.net, SERIALNUMBER=1913605, OID.2.5.4.15=Private Organization, - // O=Entrust Datacard Limited, OID.1.3.6.1.4.1.311.60.2.1.2=Ontario, OID.1.3.6.1.4.1.311.60.2.1.3=CA, - // L=Ottawa, ST=Ontario, C=CA - // Issuer: CN=Entrust Certification Authority - L1N, OU="(c) 2014 Entrust, Inc. - for authorized use only", - // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US - // Serial number: 24c5f46412b9dcc242a93017176979d6 - // Valid from: Fri May 29 13:36:00 PDT 2020 until: Sun Aug 28 13:40:43 PDT 2022 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIFqjCCBJKgAwIBAgIQJMX0ZBK53MJCqTAXF2l51jANBgkqhkiG9w0BAQsFADCB\n" + - "ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT\n" + - "H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy\n" + - "MDE0IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG\n" + - "A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxTjAeFw0y\n" + - "MDA1MjkyMDM2MDBaFw0yMjA4MjgyMDQwNDNaMIHTMQswCQYDVQQGEwJDQTEQMA4G\n" + - "A1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMRMwEQYLKwYBBAGCNzwCAQMT\n" + - "AkNBMRgwFgYLKwYBBAGCNzwCAQITB09udGFyaW8xITAfBgNVBAoTGEVudHJ1c3Qg\n" + - "RGF0YWNhcmQgTGltaXRlZDEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24x\n" + - "EDAOBgNVBAUTBzE5MTM2MDUxHjAcBgNVBAMTFXJldm9rZWRnNC5lbnRydXN0Lm5l\n" + - "dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN6Bvaj7EG752e15UQH9\n" + - "4o8+660Gi3caUAAu45vZebO7EfRgrz0zyalpiexmQzocGn6Zog2yVqmMZjrMY11a\n" + - "q96s0pzVKImnA/787G7J5lRncP+PM6/WGtUUGS2hHiifoW5Ya/kcI1uk6EDT0leb\n" + - "HIedOiwcfDkq38g5ckuWNae24DAD8AM9XBJXMuNbuiqo03wMlDL3Jif8wNQfpmPD\n" + - "b+KR6IwGJdYwLBMoMcPmZF0rykW3YTO2NTDGCwvT8zzvjIKp8caRkI6pfkKmc89U\n" + - "Nvgbk/d9JEsgQLbYmRKVnhtnt756U7v3+0kZITxzfsBvQZ6zC7X4FAcTN1302RGn\n" + - "NGsCAwEAAaOCAY8wggGLMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF\n" + - "BQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQULjRc9DEsa0kD\n" + - "uhKNo6cCqQ+mPjgwHwYDVR0jBBgwFoAU7kfRhXHx/S23P7s+Y1h3F0lADpUwaAYI\n" + - "KwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5l\n" + - "dDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMW4tY2hhaW4y\n" + - "NTYuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQv\n" + - "bGV2ZWwxbi5jcmwwIAYDVR0RBBkwF4IVcmV2b2tlZGc0LmVudHJ1c3QubmV0MEsG\n" + - "A1UdIAREMEIwNwYKYIZIAYb6bAoBAjApMCcGCCsGAQUFBwIBFhtodHRwczovL3d3\n" + - "dy5lbnRydXN0Lm5ldC9ycGEwBwYFZ4EMAQEwDQYJKoZIhvcNAQELBQADggEBAGab\n" + - "wtgpooQW3YL2Cqk9RDJFbNct5BSbzgY9qN1TOe4L7gbjV0BJBCcsHOCjvbgEuzME\n" + - "FC/kAmBu7eMnKVAqCCsWaI8XV7xB7P/BqHpvf9LI/GyHg4wCYdxgFGBXHOjlSy+8\n" + - "YWRM5UnFUknqbj1B4u2/U+U3X66QXi+MWrmBdjpcMahpY5zP1Bh90OmIc8DY4arf\n" + - "widObgJe2H/VFScudLf5JMpBso2v772GYTRr5Tqqq3ouS9WvDf0NBvoStt1oiUMP\n" + - "oowesfNiaYa/rZzWRlhYNs089KUeLhjOZswtIY5LCyy+Wt3CHgXljGEQFgi7p59s\n" + - "gk0aMRYM9Gri26VbD5A=\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Fri May 29 13:42:13 PDT 2020", System.out); + private static final String VALID = "https://validg4.entrust.net"; + private static final String REVOKED = "https://revokedg4.entrust.net"; + private static final String CA_FINGERPRINT = + "DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java index 244ef26c2ca85..5b604e0bd0b78 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,191 +22,44 @@ */ /* - * @test + * @test id=OCSP * @bug 8216577 8249176 * @summary Interoperability tests with GlobalSign R6 CA - * @build ValidatePathWithParams + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath GlobalSignR6CA OCSP - * @run main/othervm -Djava.security.debug=certpath GlobalSignR6CA CRL */ - /* - * - * Obtain TLS test artifacts for GlobalSign R6 CA from: - * - * Valid TLS Certificates: - * https://valid.r6.roots.globalsign.com/ - * - * Revoked TLS Certificates: - * https://revoked.r6.roots.globalsign.com/ +/* + * @test id=CRL + * @bug 8216577 8249176 + * @summary Interoperability tests with GlobalSign R6 CA + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL + * @run main/othervm -Djava.security.debug=certpath GlobalSignR6CA CRL */ public class GlobalSignR6CA { - // Owner: CN=GlobalSign Atlas R6 EV TLS CA 2020, O=GlobalSign nv-sa, C=BE - // Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6 - // Serial number: 7803182afbecd89eb19309bb4a25bdaa - // Valid from: Mon Jul 27 17:00:00 PDT 2020 until: Sat Jul 27 17:00:00 PDT 2030 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIGwDCCBKigAwIBAgIQeAMYKvvs2J6xkwm7SiW9qjANBgkqhkiG9w0BAQwFADBM\n" + - "MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xv\n" + - "YmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0yMDA3MjgwMDAwMDBaFw0z\n" + - "MDA3MjgwMDAwMDBaMFUxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu\n" + - "IG52LXNhMSswKQYDVQQDEyJHbG9iYWxTaWduIEF0bGFzIFI2IEVWIFRMUyBDQSAy\n" + - "MDIwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtQ8IiN2Ukq/Clynv\n" + - "HhqugFQg5SXIyVO4ZRnxo0hNnaek78LRn4Bkaqcwv6Ls0Ftn4bK2zvBaS1zsfUTA\n" + - "vfup/s86zHCRvOqAL8zO/WiMV1G5ikHSlD6RtpIOHRX4y0oIGW59ADY0ANwDeDWL\n" + - "x/RgSltuQIqeGXwZnyZFwWtxVkSE4p5tn2Lb6USzwcD22taiXmeYsPMWfJfmWPRj\n" + - "ZuYBgxn6tvUVRO+ZzAUKEEaJK/LVLieAVEmfR6anEJ/gWczxz12Lwu6qF5ov0OQt\n" + - "AP0rfruyje/EJt6xHjpJ2OgDzCWYstXOpRPDHYS3klpaRbowAlpJdYMRAqY5CNiP\n" + - "RAx3wvsWCVI5UkzKVD6RuHHVpfzfdKAfsjHa/aSunHtTpE+NUf3Q/3qHXW5cyDnP\n" + - "Jt6VTVVVevjTquwH1xrUigukDbeopV1owsqIA5aw2io7RbBorwPBA0veinHN4vP9\n" + - "X8jbTiIiLjlfJOnHZe7pIhb3T9WCqhwwsBNPQpKizGHCj5kL2UJe7N5u4RywFOZE\n" + - "l5mbTX4zO6Vj3WM9ZVbZgXVNwEjS5mYq/rvC1yr9obNUJ8br6JAd2ZBnzhA5Zn4s\n" + - "bIP99TlUBZWczw+vPM7g1S4e4cyd+8CULVhVs87QlyvwWnRbH7fXZo8xLzhzMCjB\n" + - "8Y0cNdL1S6QKrrhC6Pf6tV/JU20CAwEAAaOCAZMwggGPMA4GA1UdDwEB/wQEAwIB\n" + - "hjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB\n" + - "/wIBADAdBgNVHQ4EFgQUhNwhC8eoXXKXhId+8tW2+nFWTvswHwYDVR0jBBgwFoAU\n" + - "rmwFo5MT4qLn4tcc1sfwf8hnU6AwewYIKwYBBQUHAQEEbzBtMC4GCCsGAQUFBzAB\n" + - "hiJodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vcm9vdHI2MDsGCCsGAQUFBzAC\n" + - "hi9odHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9yb290LXI2LmNy\n" + - "dDA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jv\n" + - "b3QtcjYuY3JsMFUGA1UdIAROMEwwQQYJKwYBBAGgMgEBMDQwMgYIKwYBBQUHAgEW\n" + - "Jmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAcGBWeBDAEB\n" + - "MA0GCSqGSIb3DQEBDAUAA4ICAQBD+97H2N1BgiliKQFrb+jcWjkmPP8cdF/eiBW1\n" + - "cEzOOhsuVqxbyIk8qdw3UueHSDjqWUjHYoo8TV3DLqUXmIy1Ks3MkESsFKeLpEbk\n" + - "VMZga0lbDnqqRc5a2yzrXmwVYDeWVeD20s5vPoKCnFzmcR+2v9TKD4bI6XWVl84q\n" + - "GzfFRVdY9f8KN+7891+47ZhptvxtNqJKVI2O+EAP/PvTpwes983LkFzsev4/+Qxs\n" + - "EszD7/pE+Byj3t9CMat2XoX0jfJjbEXgewFb/gCwHvqNKLNWrYfE9qN8b6qm4xQk\n" + - "qGQKTrFKsBJx4TU+h10qXDhpmOBswiJqoG16XCV32oSn0JUYvXVAvP6YjueOv/jr\n" + - "0ZMTWGh8wCz6v3XBaXR0rxDAz9GImpU+xPx2XjuHac7OnYbN+i8p7cJPUxABjHiA\n" + - "LWXIZtCn5ziCfvYC6+SCp8x9TPJzAIfJ4NKv/8SpvvzuchVkAQqlQaGFBEdkX84R\n" + - "I/WYYG+2BliFIpbQnfljYWCURbfsYz7+Zxb94+4yzva49p8T6lALoK3s2kqIVLKN\n" + - "s6qAnk/qX6JihkaR3W+iViHMC5tqQX/pd8QIXccF3PA2OdeNGU4iUNZqUbYB4VZd\n" + - "AaOaeaUl0LwAta6DB5w344eUIqDgaitSwQZBnxppmwL3tGzP1ero2e2RvBmphbxI\n" + - "atIdxA==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=valid.r6.roots.globalsign.com, - // O=GMO GlobalSign LTD, STREET="Springfield House, Sandling Road", OID.2.5.4.17=ME14 2LP, L=Maidstone, ST=Kent, - // C=GB, SERIALNUMBER=04705639, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB - // Issuer: CN=GlobalSign Atlas R6 EV TLS CA 2020, O=GlobalSign nv-sa, C=BE - // Serial number: 1aff2829dd8bf07aa65a7b3c920ca4b - // Valid from: Thu Aug 27 00:20:06 PDT 2020 until: Tue Sep 28 00:20:06 PDT 2021 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIHyjCCBbKgAwIBAgIQAa/ygp3YvweqZaezySDKSzANBgkqhkiG9w0BAQsFADBV\n" + - "MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTErMCkGA1UE\n" + - "AxMiR2xvYmFsU2lnbiBBdGxhcyBSNiBFViBUTFMgQ0EgMjAyMDAeFw0yMDA4Mjcw\n" + - "NzIwMDZaFw0yMTA5MjgwNzIwMDZaMIH6MRMwEQYLKwYBBAGCNzwCAQMTAkdCMR0w\n" + - "GwYDVQQPDBRQcml2YXRlIE9yZ2FuaXphdGlvbjERMA8GA1UEBRMIMDQ3MDU2Mzkx\n" + - "CzAJBgNVBAYTAkdCMQ0wCwYDVQQIDARLZW50MRIwEAYDVQQHDAlNYWlkc3RvbmUx\n" + - "ETAPBgNVBBEMCE1FMTQgMkxQMSkwJwYDVQQJDCBTcHJpbmdmaWVsZCBIb3VzZSwg\n" + - "U2FuZGxpbmcgUm9hZDEbMBkGA1UECgwSR01PIEdsb2JhbFNpZ24gTFREMSYwJAYD\n" + - "VQQDDB12YWxpZC5yNi5yb290cy5nbG9iYWxzaWduLmNvbTCCASIwDQYJKoZIhvcN\n" + - "AQEBBQADggEPADCCAQoCggEBAMOxbh7fZVLUB06xxNBePa9vpOuAS5km1w8ngsTu\n" + - "SvH1LZnPFd4nu40fi8bPbHd4J2oRWZ28f7LKVQgBupn9knrTQxfTV361WpmwqCcH\n" + - "MxornKyHx4t5uGrtTtX2fYoNQQk330dIKAfKpUrOiaDybB7irG2JEHdGD3Iv7ud8\n" + - "FXfXgXte26mUDX3XeCvE0pbuNKpTKApqOeojlVR6TCNB1n6KGYLMIz/1ow6XBZ64\n" + - "1zKG/9o0gSHelkUHGmGLzOAE5YpkhwzhpND9opycnfieHuy5BcoBIpeMqGNwOsGu\n" + - "p+nhFz+N8mPjSjZEf0qx+FLF2cBmNFknJJCdnV7OYfKZHE0CAwEAAaOCAu4wggLq\n" + - "MCgGA1UdEQQhMB+CHXZhbGlkLnI2LnJvb3RzLmdsb2JhbHNpZ24uY29tMA4GA1Ud\n" + - "DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0O\n" + - "BBYEFLZolpEC8/bF44e/gnh4StQ9+URwMFUGA1UdIAROMEwwBwYFZ4EMAQEwQQYJ\n" + - "KwYBBAGgMgEBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24u\n" + - "Y29tL3JlcG9zaXRvcnkvMAwGA1UdEwEB/wQCMAAwgZoGCCsGAQUFBwEBBIGNMIGK\n" + - "MD4GCCsGAQUFBzABhjJodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9jYS9nc2F0\n" + - "bGFzcjZldnRsc2NhMjAyMDBIBggrBgEFBQcwAoY8aHR0cDovL3NlY3VyZS5nbG9i\n" + - "YWxzaWduLmNvbS9jYWNlcnQvZ3NhdGxhc3I2ZXZ0bHNjYTIwMjAuY3J0MB8GA1Ud\n" + - "IwQYMBaAFITcIQvHqF1yl4SHfvLVtvpxVk77MEYGA1UdHwQ/MD0wO6A5oDeGNWh0\n" + - "dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vY2EvZ3NhdGxhc3I2ZXZ0bHNjYTIwMjAu\n" + - "Y3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAfT7y+I//iFVoJMLAyp5SiXkr\n" + - "xQ54CX8uapdomX4i8NcAAAF0Lsm7CwAABAMARzBFAiB0fLxAlPzkPxZOVj7c8OFc\n" + - "YwycekW0Mo+sRm/BQYoeOgIhAK2lNW7ebraH//ZlLQD7dyzWCO+kgmkQo+mqdm1x\n" + - "4P15AHUAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAF0Lsm7JAAA\n" + - "BAMARjBEAiALOZvdNiA9q1Ysr7ejTGdivUqNJNm9KftmGXwHFGwf2QIgDodNLmbZ\n" + - "JFGt8l5ul0fHw2Gn8KqhRUW6CMRT58svhcswDQYJKoZIhvcNAQELBQADggIBAByb\n" + - "hoL/sArmkNjTFiEEBocMfb+brgRQdb08NKC1BDxGnfIFjUmOFzI2SVgtBmcoF8FI\n" + - "0WyXQv6ZxVE01DFZpeZpsJJYfBAjg9NR4/B7UjajvOJwQNpaciAGQ0ZzTu+SmHja\n" + - "jIiC2KqiA7Me2MoUne6hhxZ3dXEneIml8hnbTf2mjSBCVpQqyf2goslhGduPitI6\n" + - "guTtVD2PVaNCVkjlRn4Euspl2JjQWzGcEruqGyQN+Bu4yt1hsD4Jj6V9Hmzo8Vrd\n" + - "5LUxFPRGIgCUDiiwnENVsQB/D24y3IapPkojujrvsVsmQN42GIgOY5tLK/8cCziD\n" + - "vf0GzZnmL1D2ezi3TaBj+XBWFcAyF2Y9AnVRmC9CrVcp6EX0KhD4g9ZgbpJZpVlk\n" + - "G3xfOiZWTeqLnQhCMXcdcutWIwXAX5gueyF1t545vECCE4PeGZNAeWqdbrj7xaS8\n" + - "3rKQdgwF9r6p7F5HHwEVCckhovEYU4DNFzYb9n/YmC3hmskFB1keTYqydKUYEGZ5\n" + - "fvLvsjRj9xwOCqIs5j1vuKw2CaqmHxrfYaDMMSZPq/iYrOWrf72wZIvtnAHePt3X\n" + - "atQMqNbDMQrjul31ljDP9CIbbtuZSkSACyMxiC10l4uTTLQiTxtZPkwIazOjnbBe\n" + - "A4fruOEQ2k1gu5oFgqmo+xuclOKNjwd/RkK4FXnD\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked.r6.roots.globalsign.com, - // O=GMO GlobalSign LTD, STREET="Springfield House, Sandling Road", OID.2.5.4.17=ME14 2LP, L=Maidstone, ST=Kent, - // C=GB, SERIALNUMBER=04705639, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB - // Issuer: CN=GlobalSign Atlas R6 EV TLS CA 2020, O=GlobalSign nv-sa, C=BE - // Serial number: 1df30d84796ac20c47da63b8e681e8f - // Valid from: Thu Aug 27 00:37:53 PDT 2020 until: Tue Sep 28 00:37:53 PDT 2021 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIHzzCCBbegAwIBAgIQAd8w2EeWrCDEfaY7jmgejzANBgkqhkiG9w0BAQsFADBV\n" + - "MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTErMCkGA1UE\n" + - "AxMiR2xvYmFsU2lnbiBBdGxhcyBSNiBFViBUTFMgQ0EgMjAyMDAeFw0yMDA4Mjcw\n" + - "NzM3NTNaFw0yMTA5MjgwNzM3NTNaMIH8MRMwEQYLKwYBBAGCNzwCAQMTAkdCMR0w\n" + - "GwYDVQQPDBRQcml2YXRlIE9yZ2FuaXphdGlvbjERMA8GA1UEBRMIMDQ3MDU2Mzkx\n" + - "CzAJBgNVBAYTAkdCMQ0wCwYDVQQIDARLZW50MRIwEAYDVQQHDAlNYWlkc3RvbmUx\n" + - "ETAPBgNVBBEMCE1FMTQgMkxQMSkwJwYDVQQJDCBTcHJpbmdmaWVsZCBIb3VzZSwg\n" + - "U2FuZGxpbmcgUm9hZDEbMBkGA1UECgwSR01PIEdsb2JhbFNpZ24gTFREMSgwJgYD\n" + - "VQQDDB9yZXZva2VkLnI2LnJvb3RzLmdsb2JhbHNpZ24uY29tMIIBIjANBgkqhkiG\n" + - "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaNcp7bzmm02Z0S92ZzJ/ul3uQWz3EnBORcI\n" + - "RuEzm0HY4t0n9DGnxpxOi/aWGX/Vj7qZC4m3G7uCE7dMy6CfXTwh4UZ+nPVijImo\n" + - "q/msJzmju/pk8HVeOEhk88yvwfzmzYLjoQagmHnDUSQULEmNWihejIh4B61qx4SI\n" + - "UoBPoBgqDfZW27HkJeqNAO6rljZTZwLenJesm2QMjebYaKxQBi3fLy0Lua2sxTik\n" + - "fbT3swEPN9xxvMomtNNM2tJwdExL2RpO8dObUe37ep6roG7gWh8NYDKMo6j9Rn9e\n" + - "f0S9jwkcRM2kZSHR09HSu8ULBgP+KYa8DDpOyt+HO+2G57MhbQIDAQABo4IC8TCC\n" + - "Au0wKgYDVR0RBCMwIYIfcmV2b2tlZC5yNi5yb290cy5nbG9iYWxzaWduLmNvbTAO\n" + - "BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G\n" + - "A1UdDgQWBBTa1/37G4T022LEW3WwIVV99qtjsjBVBgNVHSAETjBMMAcGBWeBDAEB\n" + - "MEEGCSsGAQQBoDIBATA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxz\n" + - "aWduLmNvbS9yZXBvc2l0b3J5LzAMBgNVHRMBAf8EAjAAMIGaBggrBgEFBQcBAQSB\n" + - "jTCBijA+BggrBgEFBQcwAYYyaHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vY2Ev\n" + - "Z3NhdGxhc3I2ZXZ0bHNjYTIwMjAwSAYIKwYBBQUHMAKGPGh0dHA6Ly9zZWN1cmUu\n" + - "Z2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzYXRsYXNyNmV2dGxzY2EyMDIwLmNydDAf\n" + - "BgNVHSMEGDAWgBSE3CELx6hdcpeEh37y1bb6cVZO+zBGBgNVHR8EPzA9MDugOaA3\n" + - "hjVodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2NhL2dzYXRsYXNyNmV2dGxzY2Ey\n" + - "MDIwLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AG9Tdqwx8DEZ2JkApFEV\n" + - "/3cVHBHZAsEAKQaNsgiaN9kTAAABdC7aAfUAAAQDAEcwRQIgHIAHHw/Y/VKaaHhy\n" + - "rZ/cMinivfZ4lUq2ejV7FRPbT8ECIQD3RoE13/MBVMVBLCQ2ErKsB5+7F31dX/tv\n" + - "Z/muQi5UrQB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAABdC7a\n" + - "AegAAAQDAEcwRQIhALl0LXt6pFqS0cHF/XkxSfDJJdhppR2eSlcMFpZY0q1PAiBJ\n" + - "YkKHqq/YD0gwtZAUEPSk54G1cLxFoUiounjya1XTRzANBgkqhkiG9w0BAQsFAAOC\n" + - "AgEAdeQotBhB7bn+CztQmF13rdBphHrGkkyHC3hL1bxkmHJcrLQ5ochqPvgdgAVq\n" + - "DXcV8zSyNwVxW6REi+uYzcsOPKo/llmgF7Psqn1t/EDcutWlykh8UwE5UaLJ2EWD\n" + - "HnIu06n47lWtAwlNMXJ/ce0oVjqsgY52Y1u54e8wFXt6lsSw02tzIC6eo1BFKxQ3\n" + - "lDKYVXgg0OvMG/C2rvH/EIq5r+st49rNGWfcWRoHsDUruChZOHwJ9PrXKBLB/QVd\n" + - "4uw2V/0ipOETDudly7yLodXP8quhet4bCEO9gweXppL/MikLrE5xt46HW1/6w+jF\n" + - "wKCHWlq4ViswlaQ8q0oY/97o2udnuDQaNdrLgW3VofMeBIMNPBgkLDicOH6bLwNf\n" + - "lV68qi1ZBxBuOdoOqQyZ9RU9d3EL50XEJ4MtUvjJRAT5EWdFaB8SGGZbD5fyza8c\n" + - "KmeO5tkZWYecLd8CKqwKcW7umPflEwOzw60Cxg6eyBYA8Jfagpbdb/kXsF6Ov8IW\n" + - "vxNdHCnXnR3oBWm2uHddESO2zGF1ZfOb0O3cHHG5nCgVkWW68VpgX/LaN90u6Dzw\n" + - "diJX7esZV5ZaniqD+flWldgAdcfeXlJ5b7I7GnFr61ycmZT/qupagUS1WDq/zfct\n" + - "QcB4QmnAzGe6kcqiDOSyIYWpiw09jha63KpJtJDWRemrlQI=\n" + - "-----END CERTIFICATE-----"; - - public static void main(String[] args) throws Exception { + private static final String VALID = "https://valid.r6.roots.globalsign.com/"; + private static final String REVOKED = "https://revoked.r6.roots.globalsign.com/"; + private static final String CA_FINGERPRINT = + "2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69"; - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); - } else { - // OCSP check by default - pathValidator.enableOCSPCheck(); - } + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(); - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + validatePathWithURL.enableCRLOnly(); + } else { + // OCSP check by default + validatePathWithURL.enableOCSPOnly(); + } - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Thu Aug 27 00:38:11 PDT 2020", System.out); - } + validatePathWithURL.validateDomain(VALID, false, CA_FINGERPRINT); + validatePathWithURL.validateDomain(REVOKED, true, CA_FINGERPRINT); + } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java index e8971b987ca32..f9e53f7cbb8c8 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,41 +21,52 @@ * questions. */ - /* - * @test + * @test id=OCSP * @bug 8196141 * @summary Interoperability tests with GoDaddy/Starfield CA - * @build ValidatePathWithParams + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath GoDaddyCA OCSP + */ + +/* + * @test id=CRL + * @bug 8196141 + * @summary Interoperability tests with GoDaddy/Starfield CA + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath GoDaddyCA CRL */ +import java.security.cert.CertificateEncodingException; + /* * Obtain test artifacts for GoDaddy/Starfield CAs from: * * Go Daddy Root Certificate Authority - G2: - * valid: https://valid.gdig2.catest.godaddy.com/ + * valid: * expired: https://expired.gdig2.catest.godaddy.com/ - * revoked: https://revoked.gdig2.catest.godaddy.com/ + * revoked: * * Starfield Root Certificate Authority - G2: - * valid: https://valid.sfig2.catest.starfieldtech.com/ + * valid: * expired: https://expired.sfig2.catest.starfieldtech.com/ - * revoked: https://revoked.sfig2.catest.starfieldtech.com/ + * revoked: */ public class GoDaddyCA { public static void main(String[] args) throws Exception { - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + ValidatePathWithURL pathValidator = new ValidatePathWithURL(); if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - // CRL check - pathValidator.enableCRLCheck(); + pathValidator.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPCheck(); + pathValidator.enableOCSPOnly(); } new GoDaddyGdig2().runTest(pathValidator); @@ -64,283 +75,26 @@ public static void main(String[] args) throws Exception { } class GoDaddyGdig2 { - - // Owner: CN=Go Daddy Secure Certificate Authority - G2, - // OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", - // L=Scottsdale, ST=Arizona, C=US - // Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", - // L=Scottsdale, ST=Arizona, C=US - private static final String INT = "-----BEGIN CERTIFICATE-----\n" - + "MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx\n" - + "EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT\n" - + "EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp\n" - + "ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3\n" - + "MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH\n" - + "EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UE\n" - + "CxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQD\n" - + "EypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi\n" - + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzD\n" - + "BNliF44v/z5lz4/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOv\n" - + "K/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23e\n" - + "cSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HY\n" - + "pDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7n\n" - + "eTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMB\n" - + "AAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" - + "HQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv\n" - + "9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v\n" - + "b2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5n\n" - + "b2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEG\n" - + "CCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv\n" - + "MA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz\n" - + "91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2\n" - + "RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawi\n" - + "DsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11\n" - + "GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x\n" - + "LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB\n" - + "-----END CERTIFICATE-----"; - - // 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private - // Organization/serialNumber=5510922, C=US, ST=Arizona, L=Scottsdale, O=GoDaddy INC., CN=valid.gdig2.catest.godaddy.com - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIHbzCCBlegAwIBAgIIC3Go9uPeseowDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV\n" + - "BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow\n" + - "GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz\n" + - "LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1\n" + - "cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTcwOTE1MjMyMzAyWhcN\n" + - "MTkwOTE1MjMyMzAyWjCB1TETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQB\n" + - "gjc8AgECEwhEZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24x\n" + - "EDAOBgNVBAUTBzU1MTA5MjIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25h\n" + - "MRMwEQYDVQQHEwpTY290dHNkYWxlMRUwEwYDVQQKEwxHb0RhZGR5IElOQy4xJzAl\n" + - "BgNVBAMTHnZhbGlkLmdkaWcyLmNhdGVzdC5nb2RhZGR5LmNvbTCCASIwDQYJKoZI\n" + - "hvcNAQEBBQADggEPADCCAQoCggEBAO3xTbLfdIHiG1MIsBCz0oIg5vBxlzZyK5Rw\n" + - "DM6A/TWUDelFWyYj6fZDXYyHby4nAK9ibfhiT2f+q+5lEslye5Mt9gC39pZbpHE2\n" + - "eyJgmtNgmPGq15pf/87JE697BRwp9CWJP3yNYeamFl/F2THZOqlXCiSRbIGZ5TsZ\n" + - "sVb1vjFPmh249Ujw1zSThY9hA669Cyp3xb4iTowjCqdNYqbn22Jbk0SEXPYzLMf0\n" + - "mlY8xZ/e/8NxzJgev3N1LR3bPEijLYDZeZJ6WKc75pqNvgo8A+dEeX9bxFkCnstY\n" + - "6Iq0HTJua0TTD6V585YXNm4Z5OxjBE5kPkkFfwW0bb5dRZp86HUCAwEAAaOCA2Aw\n" + - "ggNcMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\n" + - "MA4GA1UdDwEB/wQEAwIFoDA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdv\n" + - "ZGFkZHkuY29tL2dkaWcyczMtOS5jcmwwXAYDVR0gBFUwUzBIBgtghkgBhv1tAQcX\n" + - "AzA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29t\n" + - "L3JlcG9zaXRvcnkvMAcGBWeBDAEBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcw\n" + - "AYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8v\n" + - "Y2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8G\n" + - "A1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOME0GA1UdEQRGMESCHnZhbGlk\n" + - "LmdkaWcyLmNhdGVzdC5nb2RhZGR5LmNvbYIid3d3LnZhbGlkLmdkaWcyLmNhdGVz\n" + - "dC5nb2RhZGR5LmNvbTAdBgNVHQ4EFgQUKSs41O+5SnkjAEaNyHk6sxq5sn8wggF/\n" + - "BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB3AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFc\n" + - "wO+UmFXWidDdAAABXofbjGMAAAQDAEgwRgIhAPZEqPZAlYpSTx+R/+7mOUa+BcBz\n" + - "U1JHZDpcy98am0glAiEA1u2FxjgAa4L5HVGYV2LSQZIltGRJ8mBT8V0JVsdm3dsA\n" + - "dgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAV6H25ASAAAEAwBH\n" + - "MEUCIQCFowkRXyR8gkX8cL7RbPSwiKCHy/1I1WVzpinmrHlZFQIgE5nShGeK7cqT\n" + - "j2C9FfrPc/Axe3/pzAFxD/BNQD1RO5sAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb\n" + - "37jjd80OyA3cEAAAAV6H25GdAAAEAwBHMEUCIBQrE+FqILUhI0wdp2X+lf/e3UG1\n" + - "gyxHmSVeN2+CkrXPAiEA1mIIVmLNURGyI8wnZ5KRnBPOKYM2MC54RJ8CFrEHIz4w\n" + - "DQYJKoZIhvcNAQELBQADggEBADInvf3eS6SgQ1qxPx4RT2hPeU5frlWJWcOWUdZB\n" + - "6mVNcmUQMkYnjkg8+PQ782HGP0DvAfcIRDhSfXdIqzEk8MPUq1XHEOfwRzLpTiCN\n" + - "FQDQIt1LXnzESCUurJS8r4mxgaVLAwHFytOTDrQn0Xfs93dm0tnRGAg7iBg+N33V\n" + - "zOR4aqojdDUWa1Rr4WFqZMkZIxzREQCYC8HXSYqLA1oPuoMMog8dId7XSalBmGJ4\n" + - "KQVsZ0/Hpi0y9k/Zw5obGcEYJWMbuU1iaEkvdtXOiXEQfJ1WS+Yy55J4GSjpIiop\n" + - "qDZD88xA9r7ttzM/khao7jfIpVWG2HuX0JlHWdh3y9aegiw=\n" + - "-----END CERTIFICATE-----"; - - // 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private - // Organization/serialNumber=5510922, C=US, ST=Arizona, L=Scottsdale, O=GoDaddy INC., CN=revoked.gdig2.catest.godaddy.com - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIHdDCCBlygAwIBAgIIEBJV3vmogM8wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV\n" + - "BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow\n" + - "GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz\n" + - "LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1\n" + - "cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTcwOTE1MjMyMzAzWhcN\n" + - "MTkwOTE1MjMyMzAzWjCB1zETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQB\n" + - "gjc8AgECEwhEZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24x\n" + - "EDAOBgNVBAUTBzU1MTA5MjIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25h\n" + - "MRMwEQYDVQQHEwpTY290dHNkYWxlMRUwEwYDVQQKEwxHb0RhZGR5IElOQy4xKTAn\n" + - "BgNVBAMTIHJldm9rZWQuZ2RpZzIuY2F0ZXN0LmdvZGFkZHkuY29tMIIBIjANBgkq\n" + - "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCuBsAR2XGf05mYOuag+0aS4lBuLO5/f\n" + - "kEO7KNo7BcdY7J78yXYRYW0jGnV29bjrQZJfu5yv5bU+OjTIDVbCWZAwtBXEKrJj\n" + - "riIOUXi3hXphtlyMMAaiXQoA84jwS634DsD0w6XUUP2Lem8jC3RudjvmkDQHoY3M\n" + - "uhhS7jLxKnYKnXbLwlqxpdwmEgbqIb5DN5snLAyinTkALLVWZ6RneIuSjhKWbuef\n" + - "cEKFScHm6SFsKraltV/T17SWi6zQd/AypKA8JeWXD9WZcsSR9z/41VMJbvTeuP+d\n" + - "ZBA4dqPsBTl4N4i54rNEyzMyxDwdvIGrJJ+FVRMKoYjuUi5wY9zO4QIDAQABo4ID\n" + - "YzCCA18wDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH\n" + - "AwIwDgYDVR0PAQH/BAQDAgWgMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9jcmwu\n" + - "Z29kYWRkeS5jb20vZ2RpZzJzMy05LmNybDBcBgNVHSAEVTBTMEgGC2CGSAGG/W0B\n" + - "BxcDMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j\n" + - "b20vcmVwb3NpdG9yeS8wBwYFZ4EMAQEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUF\n" + - "BzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6\n" + - "Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQw\n" + - "HwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wUQYDVR0RBEowSIIgcmV2\n" + - "b2tlZC5nZGlnMi5jYXRlc3QuZ29kYWRkeS5jb22CJHd3dy5yZXZva2VkLmdkaWcy\n" + - "LmNhdGVzdC5nb2RhZGR5LmNvbTAdBgNVHQ4EFgQUCJELlWq8+ntmR5JTjmZMG+HI\n" + - "e5EwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1AFYUBpov18Ls0/XhvUSyPsdG\n" + - "drm8mRFcwO+UmFXWidDdAAABXofbk3cAAAQDAEYwRAIgHo8UllsN8FcaF16xx7kT\n" + - "vQU1wM7qUKnhN38/z8dU4QUCIFrzGJyajoVPQ2fzOTb9ygzA7T3wqsnT3ML5/KJ6\n" + - "+6+CAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFeh9uXHQAA\n" + - "BAMARzBFAiEA5DENZZT7SBxNRvo9yFHNNeWqH2d4uqGUwc1rKILrMGsCIHZ3N4dZ\n" + - "zv/J+7fbLP1nrAmdUT92ow1bhtMPuq2PfXsAAHcApLkJkLQYWBSHuxOizGdwCjw1\n" + - "mAT5G9+443fNDsgN3BAAAAFeh9uYjAAABAMASDBGAiEAyY8ylnGHiH5L3yXE7BsH\n" + - "v75ja2RtuuYbMADAlDK/ZDoCIQDwuCq3x+egpB/GISxTnwkrDwhNhhIJNyk5F4j1\n" + - "/J8A0DANBgkqhkiG9w0BAQsFAAOCAQEAMGot6gBZ77HIDMb1n/HPrKdSHN0ngq7Z\n" + - "rhrkgbp+mH1Cs1lZA3qldMDxKXgNiodFqU/e4VewasQ9tJMmDXrTZIHualJGmIvq\n" + - "ISvV0ZUfSW/sJmo0ZDw8iBM993LDkA4wSc6SunhjOwu3LBfl9aKkeq6IhUEAG8X7\n" + - "54oO4iApt+APLMyeV9lZ/T7MGVbAjwdm+T1RMa/Ca99BahaRWN7hiM+zS3Ly+l6G\n" + - "7kqAkBFuJWbbZImADZ2RPldY6hBzTk6MT2hLCV40UD8JqwJo+qq7nGfJdTaFyZI6\n" + - "nJvrVATO7jL64YFP3xlVi8EQaCeKdZdn+BCCNA/ja0mWMj8EU9Islg==\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, null, System.out); + private static final String VALID = "https://valid.gdig2.catest.godaddy.com/"; + private static final String REVOKED = "https://revoked.gdig2.catest.godaddy.com/"; + private static final String CA_FINGERPRINT = + "45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class GoDaddySfig2 { - - // Owner: CN=Starfield Secure Certificate Authority - G2, - // OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", - // L=Scottsdale, ST=Arizona, C=US - // Issuer: CN=Starfield Root Certificate Authority - G2, - // O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US - private static final String INT = "-----BEGIN CERTIFICATE-----\n" - + "MIIFADCCA+igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx\n" - + "EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT\n" - + "HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs\n" - + "ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAw\n" - + "MFoXDTMxMDUwMzA3MDAwMFowgcYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6\n" - + "b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj\n" - + "aG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydHMuc3RhcmZpZWxk\n" - + "dGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNVBAMTK1N0YXJmaWVsZCBTZWN1cmUg\n" - + "Q2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" - + "DwAwggEKAoIBAQDlkGZL7PlGcakgg77pbL9KyUhpgXVObST2yxcT+LBxWYR6ayuF\n" - + "pDS1FuXLzOlBcCykLtb6Mn3hqN6UEKwxwcDYav9ZJ6t21vwLdGu4p64/xFT0tDFE\n" - + "3ZNWjKRMXpuJyySDm+JXfbfYEh/JhW300YDxUJuHrtQLEAX7J7oobRfpDtZNuTlV\n" - + "Bv8KJAV+L8YdcmzUiymMV33a2etmGtNPp99/UsQwxaXJDgLFU793OGgGJMNmyDd+\n" - + "MB5FcSM1/5DYKp2N57CSTTx/KgqT3M0WRmX3YISLdkuRJ3MUkuDq7o8W6o0OPnYX\n" - + "v32JgIBEQ+ct4EMJddo26K3biTr1XRKOIwSDAgMBAAGjggEsMIIBKDAPBgNVHRMB\n" - + "Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUJUWBaFAmOD07LSy+\n" - + "zWrZtj2zZmMwHwYDVR0jBBgwFoAUfAwyH6fZMH/EfWijYqihzqsHWycwOgYIKwYB\n" - + "BQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFyZmllbGR0ZWNo\n" - + "LmNvbS8wOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zdGFyZmllbGR0ZWNo\n" - + "LmNvbS9zZnJvb3QtZzIuY3JsMEwGA1UdIARFMEMwQQYEVR0gADA5MDcGCCsGAQUF\n" - + "BwIBFitodHRwczovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkv\n" - + "MA0GCSqGSIb3DQEBCwUAA4IBAQBWZcr+8z8KqJOLGMfeQ2kTNCC+Tl94qGuc22pN\n" - + "QdvBE+zcMQAiXvcAngzgNGU0+bE6TkjIEoGIXFs+CFN69xpk37hQYcxTUUApS8L0\n" - + "rjpf5MqtJsxOYUPl/VemN3DOQyuwlMOS6eFfqhBJt2nk4NAfZKQrzR9voPiEJBjO\n" - + "eT2pkb9UGBOJmVQRDVXFJgt5T1ocbvlj2xSApAer+rKluYjdkf5lO6Sjeb6JTeHQ\n" - + "sPTIFwwKlhR8Cbds4cLYVdQYoKpBaXAko7nv6VrcPuuUSvC33l8Odvr7+2kDRUBQ\n" - + "7nIMpBKGgc0T0U7EPMpODdIm8QC3tKai4W56gf0wrHofx1l7\n" - + "-----END CERTIFICATE-----"; - - // 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Arizona/businessCategory=Private - // Organization/serialNumber=R17247416, C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, LLC, - // CN=valid.sfig2.catest.starfieldtech.com - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIHuzCCBqOgAwIBAgIIaZoUcUIjkGwwDQYJKoZIhvcNAQELBQAwgcYxCzAJBgNV\n" + - "BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUw\n" + - "IwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypo\n" + - "dHRwOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNV\n" + - "BAMTK1N0YXJmaWVsZCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIw\n" + - "HhcNMTcwOTE3MDM0ODAxWhcNMTkwOTE3MDM0ODAxWjCB6zETMBEGCysGAQQBgjc8\n" + - "AgEDEwJVUzEYMBYGCysGAQQBgjc8AgECEwdBcml6b25hMR0wGwYDVQQPExRQcml2\n" + - "YXRlIE9yZ2FuaXphdGlvbjESMBAGA1UEBRMJUjE3MjQ3NDE2MQswCQYDVQQGEwJV\n" + - "UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEkMCIGA1UE\n" + - "ChMbU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgTExDMS0wKwYDVQQDEyR2YWxpZC5z\n" + - "ZmlnMi5jYXRlc3Quc3RhcmZpZWxkdGVjaC5jb20wggEiMA0GCSqGSIb3DQEBAQUA\n" + - "A4IBDwAwggEKAoIBAQDVxhI45IQtNrJuun7HU8v2CKg/h/euysft2VrRsaGSMAln\n" + - "V6TtpWj2UGm7OmzE2NNzOhD9JJQSc1W6aHEsCTVJ148sgldFFmP39cboBFoLCFlJ\n" + - "DxsVGeyKu+KlDKq7Vp2+ty3TeFNOBXEVtEc8SsC8mVjsk2VWW7X/fCVFYEzzyPUI\n" + - "sJPWahNOW2wVxNWKeW5jwzeNMOFVQiT9+YpZVQnV06uK3rPd9tVYU5SfdfPVpScY\n" + - "/O/tyZyflTGuXZ+YXn1CYRsOq3VypVFfhXunV5prQ/vTnyjddVWce1wwoUT5DvFO\n" + - "/0vcWolHktiOAJkmAiGRfHvjhxW8mkjKqaMnstKRAgMBAAGjggOEMIIDgDAMBgNV\n" + - "HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8B\n" + - "Af8EBAMCBaAwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zdGFyZmllbGR0\n" + - "ZWNoLmNvbS9zZmlnMnMzLTEuY3JsMGIGA1UdIARbMFkwTgYLYIZIAYb9bgEHFwMw\n" + - "PzA9BggrBgEFBQcCARYxaHR0cDovL2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNo\n" + - "LmNvbS9yZXBvc2l0b3J5LzAHBgVngQwBATCBggYIKwYBBQUHAQEEdjB0MCoGCCsG\n" + - "AQUFBzABhh5odHRwOi8vb2NzcC5zdGFyZmllbGR0ZWNoLmNvbS8wRgYIKwYBBQUH\n" + - "MAKGOmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3Np\n" + - "dG9yeS9zZmlnMi5jcnQwHwYDVR0jBBgwFoAUJUWBaFAmOD07LSy+zWrZtj2zZmMw\n" + - "WQYDVR0RBFIwUIIkdmFsaWQuc2ZpZzIuY2F0ZXN0LnN0YXJmaWVsZHRlY2guY29t\n" + - "gih3d3cudmFsaWQuc2ZpZzIuY2F0ZXN0LnN0YXJmaWVsZHRlY2guY29tMB0GA1Ud\n" + - "DgQWBBTxiYdHMn55sMWTFgp7xif7ludWTjCCAX4GCisGAQQB1nkCBAIEggFuBIIB\n" + - "agFoAHcAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFejfR7OAAA\n" + - "BAMASDBGAiEA/s7a5OGhtaCutT1l4KNE7dUbM3WGUExG/ZJ+Y6IH3nUCIQCvpVJf\n" + - "Y0XBInIUv391hNzSEhv6nvIBEjZtKdvGcP8/5QB2AO5Lvbd1zmC64UJpH6vhnmaj\n" + - "D35fsHLYgwDEe4l6qP3LAAABXo30fxEAAAQDAEcwRQIhANqG9yfi3ax0pTnwr4Ti\n" + - "wVfUrZclJDS06ePkTHppLkLTAiBTRKkVf1df4Irvmd7neT1wdS2fhDxmnVIYAN5J\n" + - "6tOGDQB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABXo30gFsA\n" + - "AAQDAEYwRAIgb8Xc54M+QD4wfSWLj5Ae/wrSEgRp7Kbf4Lf4vT4W0usCIGAShkJI\n" + - "CRxoudQDRxooNJhfXgsTB8QhwFC9PUPo3ZV+MA0GCSqGSIb3DQEBCwUAA4IBAQBt\n" + - "TqvwxqrkPYm/ssbN9cpVWlrQPw3DblsAEV6gnrrTJMd7HB042H3HLUiitddRjO40\n" + - "0EJM/tUOSGcWfqnJHWFDKoWzdrF5lHAzSRkMjdXgY9TTN5K5tUMEpfRjtink/zoY\n" + - "pNyc5ua4SXn94KfMZcOYGRvUM+0q6vLRBBMH541E3M6q6JbEBqZJFY8gBWwYqHH0\n" + - "xNGahm5++v4trFFCJzSfvfV1v+rnqy8tRivi7ZFLXWCcSyAqMH+T9Q36lKeFtaw4\n" + - "Sapf+dh2yrd2IBLW5eaAD13nCAjO/W0GuC7zw4+4mhW5+DTVJXrCkK5XddkVLhML\n" + - "k5pMoIv5EsFIm0Cs+DfF\n" + - "-----END CERTIFICATE-----"; - - // 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Arizona/businessCategory=Private - // Organization/serialNumber=R17247416, C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, LLC, - // CN=revoked.sfig2.catest.starfieldtech.com - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIHwTCCBqmgAwIBAgIJAPc1qVz+WDxpMA0GCSqGSIb3DQEBCwUAMIHGMQswCQYD\n" + - "VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEl\n" + - "MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMq\n" + - "aHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYD\n" + - "VQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcy\n" + - "MB4XDTE3MDkxOTEzMDkwMVoXDTE5MDkxOTEzMDkwMVowge0xEzARBgsrBgEEAYI3\n" + - "PAIBAxMCVVMxGDAWBgsrBgEEAYI3PAIBAhMHQXJpem9uYTEdMBsGA1UEDxMUUHJp\n" + - "dmF0ZSBPcmdhbml6YXRpb24xEjAQBgNVBAUTCVIxNzI0NzQxNjELMAkGA1UEBhMC\n" + - "VVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJDAiBgNV\n" + - "BAoTG1N0YXJmaWVsZCBUZWNobm9sb2dpZXMsIExMQzEvMC0GA1UEAxMmcmV2b2tl\n" + - "ZC5zZmlnMi5jYXRlc3Quc3RhcmZpZWxkdGVjaC5jb20wggEiMA0GCSqGSIb3DQEB\n" + - "AQUAA4IBDwAwggEKAoIBAQCWsAZC9goWW6yzg9HiLjCG4Gv2PCHlUIQGqyhc1y9a\n" + - "YZVXUI27/NhHjNNMTwP9TKmncrxnGaTZ9+ZCS1JlSgsNYQcLKKZW+SiEOzwpOfwV\n" + - "dOCSWrt/EDyJHktx3VIbfi+mD7dvzH3B/iGxMrmdCGIy3xiVAc7MkfsWzcLlPUP3\n" + - "oUpPBYyzWqZ2tVsBDigoirERFqZNfHZ7ZNMnn8FcmAt7udKjAAewNRlwzR7ZVp5s\n" + - "f5pbnRlRikF30msSHVJoPBICEYmzCxUI+zFlDBjf4vlJojwV0/Rfq85it2yhN/MV\n" + - "we2IBC+z9FAAogYo+JFw7Uxq8nsLCKX1tTPsqxGXWNonAgMBAAGjggOHMIIDgzAM\n" + - "BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNV\n" + - "HQ8BAf8EBAMCBaAwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zdGFyZmll\n" + - "bGR0ZWNoLmNvbS9zZmlnMnMzLTEuY3JsMGIGA1UdIARbMFkwTgYLYIZIAYb9bgEH\n" + - "FwMwPzA9BggrBgEFBQcCARYxaHR0cDovL2NlcnRpZmljYXRlcy5zdGFyZmllbGR0\n" + - "ZWNoLmNvbS9yZXBvc2l0b3J5LzAHBgVngQwBATCBggYIKwYBBQUHAQEEdjB0MCoG\n" + - "CCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFyZmllbGR0ZWNoLmNvbS8wRgYIKwYB\n" + - "BQUHMAKGOmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVw\n" + - "b3NpdG9yeS9zZmlnMi5jcnQwHwYDVR0jBBgwFoAUJUWBaFAmOD07LSy+zWrZtj2z\n" + - "ZmMwXQYDVR0RBFYwVIImcmV2b2tlZC5zZmlnMi5jYXRlc3Quc3RhcmZpZWxkdGVj\n" + - "aC5jb22CKnd3dy5yZXZva2VkLnNmaWcyLmNhdGVzdC5zdGFyZmllbGR0ZWNoLmNv\n" + - "bTAdBgNVHQ4EFgQU9hCSl7QoQ8KdsGgwMDwlvSurKNcwggF9BgorBgEEAdZ5AgQC\n" + - "BIIBbQSCAWkBZwB1AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAAB\n" + - "XppC0cEAAAQDAEYwRAIgIO8sIG88JlA73P2myZ7EshemxaR8qBgf3wlYZpg5aZEC\n" + - "IGtlcUL7Il1uOLN0LTAzNTQ7pfb7oFYbr0R4LWe2ZvBIAHYA7ku9t3XOYLrhQmkf\n" + - "q+GeZqMPfl+wctiDAMR7iXqo/csAAAFemkLVbwAABAMARzBFAiEAmWkzcotxZSwb\n" + - "xPS3MG13TVXGu2+MiXXjOIf42DR8zJQCIBL4cSOJh+LX5kpPub6KOiEOn7TVE1Zv\n" + - "IQUxuf+vyAD4AHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFe\n" + - "mkLXRQAABAMARzBFAiBX8foh/KrYr34O2c9cH6uyWW2XjBHNLsYX1mr+8VuNaAIh\n" + - "AObDQwpDYh/bNp6k547gDxnR73LeU3kvl1Y76GjgxLAhMA0GCSqGSIb3DQEBCwUA\n" + - "A4IBAQDJ5vlagzOH8/ORUMgT33muSDFXCe5el/sQzVg8dridw9qjnxOpkGibdCiT\n" + - "b9Il1bdi7UnG8MlA3XpDjGgp6J/mUTijD9WcFx4lp5JnPaIbShHWCyIlRVZJzrZc\n" + - "UYhR56xXOKDYKYOIvM6qTqegXyEynJrIVTArMk7jQf0oNQLLHzXE1fVS1zut0H5l\n" + - "GE+TBgjasMEa1o1e/H/heSytb2zFNsZr8oxojzGBmlKyfCoIIcCv3PxX2ur57zJE\n" + - "9ADWoYK/7gYVba0JmLV4nQltDPp06nOYT9imxBWTrFahgPx1jOQDLgIpitkjyCy4\n" + - "xpmxUk8L6yc3O3aSD9OU/fzk/t/d\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, null, System.out); + private static final String VALID = "https://valid.sfig2.catest.starfieldtech.com/"; + private static final String REVOKED = "https://revoked.sfig2.catest.starfieldtech.com/"; + private static final String CA_FINGERPRINT = + "2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java index d97342ae8d230..0cd5876b7d8b5 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,160 +21,38 @@ * questions. */ - /* +import java.security.Security; + +/* * @test * @bug 8189131 - * @summary Interoperability tests with Let's Encrypt CA - * @build ValidatePathWithParams - * @run main/othervm -Djava.security.debug=certpath LetsEncryptCA OCSP - * @run main/othervm -Djava.security.debug=certpath LetsEncryptCA CRL - */ - - /* - * Obtain TLS test artifacts for Let's Encrypt CA from: - * - * Valid TLS Certificates: - * https://valid-isrgrootx1.letsencrypt.org/ - * - * Revoked TLS Certificates: - * https://revoked-isrgrootx1.letsencrypt.org/ - * - * Test artifacts don't have CRLs listed and intermediate cert doesn't have OCSP. + * @summary Interoperability tests with Let's Encrypt CA using OCSP and CRL + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL + * @run main/othervm -Djava.security.debug=certpath LetsEncryptCA DEFAULT */ public class LetsEncryptCA { - // Owner: CN=R3, O=Let's Encrypt, C=US - // Issuer: CN=ISRG Root X1, O=Internet Security Research Group, C=US - // Serial number: 912b084acf0c18a753f6d62e25a75f5a - // Valid from: Thu Sep 03 17:00:00 PDT 2020 until: Mon Sep 15 09:00:00 PDT 2025 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\n" + - "TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n" + - "cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\n" + - "WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\n" + - "RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + - "AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\n" + - "R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\n" + - "sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\n" + - "NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\n" + - "Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n" + - "/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\n" + - "AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\n" + - "Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\n" + - "FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw\n" + - "AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw\n" + - "Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB\n" + - "gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W\n" + - "PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl\n" + - "ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz\n" + - "CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm\n" + - "lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4\n" + - "avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2\n" + - "yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O\n" + - "yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids\n" + - "hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+\n" + - "HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv\n" + - "MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX\n" + - "nLRbwHOoq7hHwg==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=valid-isrgrootx1.letsencrypt.org - // Issuer: CN=R3, O=Let's Encrypt, C=US - // Serial number: 46326744d1c2f3feeca7148ed59353144a6 - // Valid from: Wed Jun 02 08:00:18 PDT 2021 until: Tue Aug 31 08:00:18 PDT 2021 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIFSDCCBDCgAwIBAgISBGMmdE0cLz/uynFI7Vk1MUSmMA0GCSqGSIb3DQEBCwUA\n" + - "MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\n" + - "EwJSMzAeFw0yMTA2MDIxNTAwMThaFw0yMTA4MzExNTAwMThaMCsxKTAnBgNVBAMT\n" + - "IHZhbGlkLWlzcmdyb290eDEubGV0c2VuY3J5cHQub3JnMIIBIjANBgkqhkiG9w0B\n" + - "AQEFAAOCAQ8AMIIBCgKCAQEAmdx7jlaUZ0MgEvqzYWXItAFxVAOmR3KF+79vU195\n" + - "O5X54Go1+GU+eyFAeTqr6W1gC/MIrSA9LO4neJUx5AWCYaLq7IE7/YnmXTT6BB0x\n" + - "WFN3V1OJg9bAqpcEclQp6fbQS6DjdQvUUaEvVIwPzaen6Hmtw6LuHOYOdLk4fUSm\n" + - "zadWiyNlMm0/ts+MLHY5iQd9ypGhJED7KBDQ4d4wvyMYo/MYKOUQ+dTXcIegh7p4\n" + - "0OVtbrkdCuGJL+cEw1IUtSNQD+MnvUIu1je7Yb6iZ6Qd3iopNLykHYZb8YemakGX\n" + - "SDdC54yi35NU+Y+l23vycbVmRd8vK1sizhjRSE+ufmEqXQIDAQABo4ICXTCCAlkw\n" + - "DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM\n" + - "BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR300bKVFG2auzS0mO4+E57SN6QLzAfBgNV\n" + - "HSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYI\n" + - "KwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0\n" + - "cDovL3IzLmkubGVuY3Iub3JnLzArBgNVHREEJDAigiB2YWxpZC1pc3Jncm9vdHgx\n" + - "LmxldHNlbmNyeXB0Lm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf\n" + - "EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC\n" + - "AQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/f\n" + - "DC8gC8xO8WTjAAABec10PpUAAAQDAEgwRgIhAPDWvnP5mA0RhPa9oiTlE21Ppcez\n" + - "eF1+wU0MeoQcjq/7AiEAsox8kMGpWXq0ZVPweTpw1So/sNOZTsSPyBUdbLwjf+MA\n" + - "dwBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXnNdD7rAAAEAwBI\n" + - "MEYCIQCYBSmmb5P+DZGANyYTPHlEbmqOBkEOblkEHq5Lf+wtkQIhAO2HhwOm3wns\n" + - "ZTsXjUCcfQA0lKBI2TKkg9tJKFs3uuKDMA0GCSqGSIb3DQEBCwUAA4IBAQBJJ47x\n" + - "ZhKN3QRBYVROpoYDSh0a/JW7zPGRCxK5fnDY9UT8m4gEh3yhDTkycX+vo8TReK6W\n" + - "fEYareTSTq71MYgtKDYEARm10DuL7Vdig9Tf5DpjXLHaba+wqPz24lwhiJgoKRRr\n" + - "8by3wXPFCGSuQyDo1ZUNrAJVYKO4hPMob1ZE8z9IYW63GvzBjEla/HxoVa9iTkv+\n" + - "31rsKzpSbMJpnQ7WcgkUPdpoDo4JElGCyf7VZHNicumipAiCmKu0Q6TRCPOXxlKE\n" + - "/BIyDey3rXVw3wzOlxmVF6t/V3vGtbgVvN/feUe/ytyv4vLfRR4udi2XxWt3x1la\n" + - "7R3zuWdRQhh21p1H\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked-isrgrootx1.letsencrypt.org - // Issuer: CN=R3, O=Let's Encrypt, C=US - // Serial number: 4f1333011635d76d6356c5f1fb8a7273617 - // Valid from: Fri Jun 25 08:18:10 PDT 2021 until: Thu Sep 23 08:18:09 PDT 2021 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIFSTCCBDGgAwIBAgISBPEzMBFjXXbWNWxfH7inJzYXMA0GCSqGSIb3DQEBCwUA\n" + - "MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\n" + - "EwJSMzAeFw0yMTA2MjUxNTE4MTBaFw0yMTA5MjMxNTE4MDlaMC0xKzApBgNVBAMT\n" + - "InJldm9rZWQtaXNyZ3Jvb3R4MS5sZXRzZW5jcnlwdC5vcmcwggEiMA0GCSqGSIb3\n" + - "DQEBAQUAA4IBDwAwggEKAoIBAQCkCp4fq7FnN5lfAWX0vhCcyC5WO9TuU6ckuYYj\n" + - "8/wQ8GQ/FIl+vXCAmHIfIX14irQN8TISeVdMOP0C7sa73d3GSawX7qMaRhddXn7V\n" + - "EL+4CbHQ6qit5YkakwhHz9tKbYX16wPj+inn22kJVwi8iLbhYB9WWSvv7OyiNSHv\n" + - "nmlYUkMv8+9UhgPT4yCKF1OEI5ajUOuecjOKc+EzsT/JqPRErvBOIKn3PRn4h8UM\n" + - "0BJDrDtZMpkvD4/lyRs3g/BLsf3DQjlEgKit0hvc72yyhiDbKd41EmBoQC5rNF7o\n" + - "B0CnBXhDLHbC/YRunVrYGsF0h2J9hw4055BdaXbS2BJnPEFnAgMBAAGjggJcMIIC\n" + - "WDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\n" + - "MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJBkf3Z/ICoCTUx3JCgrBeoMyedQMB8G\n" + - "A1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAh\n" + - "BggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZo\n" + - "dHRwOi8vcjMuaS5sZW5jci5vcmcvMC0GA1UdEQQmMCSCInJldm9rZWQtaXNyZ3Jv\n" + - "b3R4MS5sZXRzZW5jcnlwdC5vcmcwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYB\n" + - "BAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5v\n" + - "cmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQCUILwejtWNbIhzH4KLIiwN0dpN\n" + - "XmxPlD1h204vWE2iwgAAAXpD9t6nAAAEAwBGMEQCIHwF9NcPqsovYp56lhqFkWYj\n" + - "QCATATrLzzxgUoLDYRwgAiBBecqe5Ub32I+q9oqH1nbK/s8QadcafIL3bkrRVbFB\n" + - "TAB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAABekP23sYAAAQD\n" + - "AEcwRQIgGli/1mmKKnZ0uxDIX7ySqAyD2C7FTf+y3py2S0Xcv4YCIQCZve3cqKZ2\n" + - "lrEyyaMeLZA+PIxUMniHx3gDkro0sKLzOzANBgkqhkiG9w0BAQsFAAOCAQEAle42\n" + - "p58OTusm7DAOcdK4ld+pJu2bz9F940Wrnql08rciRjGIVpp5PhMNFm9AOaptKPNY\n" + - "h62V2GEOVaLxmvr9/8EDFcCCPAGV1DNYrG9aTKaiXk7IzO4UxKbzox4iUcuop/zB\n" + - "uofxT8uBLmT4XYZrQXXKj1KdfJGzgeoXqBv5PPCiP3hmBQixoJnSKImnUIXWh4O8\n" + - "kBtmgII5ug0q+jI3LvpJuv7xQsaNYFBcmFiQQ7YRt4W99GMdbYGjhzT8iBDEH7nG\n" + - "MsqWuwB5TN5vIuw2aWxcfaqKayq7UPA4rJePWdD/5RzKlQKLQx0BA3AL+3Nnj1fT\n" + - "NEKwCWWylIND6z/9Xw==\n" + - "-----END CERTIFICATE-----"; - - public static void main(String[] args) throws Exception { - - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); - pathValidator.enableCRLCheck(); - - // Validate int, EE certs don't have CRLs - pathValidator.validate(new String[]{INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); + private static final String VALID = "https://valid-isrgrootx1.letsencrypt.org/"; + private static final String REVOKED = "https://revoked-isrgrootx1.letsencrypt.org/"; + private static final String CA_FINGERPRINT = + "96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6"; - return; - } + public static void main(String[] args) throws Exception { - // OCSP check by default - // intermediate cert R3 doesn't specify OCSP responder - ValidatePathWithParams pathValidator = new ValidatePathWithParams(new String[]{INT}); - pathValidator.enableOCSPCheck(); + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(); - // Validate valid - pathValidator.validate(new String[]{VALID}, - ValidatePathWithParams.Status.GOOD, null, System.out); + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + validatePathWithURL.enableCRLOnly(); + } if (args.length >= 1 && "OCSP".equalsIgnoreCase(args[0])){ + validatePathWithURL.enableOCSPOnly(); + } else { + // EE certs don't have CRLs, intermediate cert doesn't specify OCSP responder + validatePathWithURL.enableOCSPAndCRL(); + } - // Validate Revoked - pathValidator.validate(new String[]{REVOKED}, - ValidatePathWithParams.Status.REVOKED, - "Fri Jun 25 09:18:12 PDT 2021", System.out); - } + validatePathWithURL.validateDomain(VALID, false, CA_FINGERPRINT); + validatePathWithURL.validateDomain(REVOKED, true, CA_FINGERPRINT); + } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java index e171bafe1ada2..a3cb72a05185d 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,15 +22,27 @@ */ /* - * @test - * @bug 8189131 8207059 - * @key intermittent - * @summary Interoperability tests with QuoVadis Root CA1, CA2, and CA3 G3 CAs - * @build ValidatePathWithParams + * @test id=OCSP + * @bug 8189131 + * @summary Interoperability tests with QuoVadis Root CA1, CA2, and CA3 G3 CAs using OCSP + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath QuoVadisCA OCSP + */ + +/* + * @test id=CRL + * @bug 8189131 + * @summary Interoperability tests with QuoVadis Root CA1, CA2, and CA3 G3 CAs using CRL + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath QuoVadisCA CRL */ +import java.security.cert.CertificateEncodingException; + /* * Obtain TLS test artifacts for QuoVadis CAs from: * @@ -38,16 +50,15 @@ * */ public class QuoVadisCA { - public static void main(String[] args) throws Exception { - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + ValidatePathWithURL pathValidator = new ValidatePathWithURL(); if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); + pathValidator.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPCheck(); + pathValidator.enableOCSPOnly(); } new RootCA1G3().runTest(pathValidator); @@ -57,439 +68,37 @@ public static void main(String[] args) throws Exception { } class RootCA1G3 { - - // Owner: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US - // Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM - // Serial number: 2837d5c3c2b57294becf99afe8bbdcd1bb0b20f1 - // Valid from: Wed Jan 06 12:50:51 PST 2021 until: Sat Jan 04 12:50:51 PST 2031 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIFgDCCA2igAwIBAgIUKDfVw8K1cpS+z5mv6Lvc0bsLIPEwDQYJKoZIhvcNAQEL\n" + - "BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc\n" + - "BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0yMTAxMDYyMDUwNTFaFw0z\n" + - "MTAxMDQyMDUwNTFaMFkxCzAJBgNVBAYTAlVTMRYwFAYDVQQKDA1EaWdpQ2VydCwg\n" + - "SW5jMTIwMAYDVQQDDClEaWdpQ2VydCBRdW9WYWRpcyBUTFMgSUNBIFFWIFJvb3Qg\n" + - "Q0EgMSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALMrbkb9kz/4\n" + - "y00r7tfK+uDRomMNd5iCDVMWOvSx1VygKoBn3aavw7gq9Vfb2fIMIWkWG0GMxWbG\n" + - "cx3wDHLWemd7yl9MxRUTGXkvH6/dNEavAQhUTL9TSf/N2e8f7q2dRDNYT7lXi/vR\n" + - "fTBiYlY7BLNha8C3sPHsKduaJN32cjdjVFH51rFDRdhUXlo2hhOjgB6bqoqs75A3\n" + - "Y3w88AdbMkapT63oGsCDO6N/uX2Mo9GSWREvlxHiXSMFf5qFw41vn5QIa5ADL1MP\n" + - "CzlLmJSHXE138H1+cG5IutD7tIieKjo/t+66PGMo8xicj3yUd8rHEmBqClG4Ty3d\n" + - "fF+bETFjLIUCAwEAAaOCAU8wggFLMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0j\n" + - "BBgwFoAUo5fW816iEOGrRZ88F2Q87gFwnMwwdAYIKwYBBQUHAQEEaDBmMDgGCCsG\n" + - "AQUFBzAChixodHRwOi8vdHJ1c3QucXVvdmFkaXNnbG9iYWwuY29tL3F2cmNhMWcz\n" + - "LmNydDAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AucXVvdmFkaXNnbG9iYWwuY29t\n" + - "MBMGA1UdIAQMMAowCAYGZ4EMAQICMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF\n" + - "BQcDATA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFs\n" + - "LmNvbS9xdnJjYTFnMy5jcmwwHQYDVR0OBBYEFJkRfemwrS1iWnDTPI2HIK3a2i5B\n" + - "MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAb6tTptzzi4ssb+jA\n" + - "n2O2vAjAo7ydlfN9v+QH0ZuGHlUc9bm8dpNpBo9yt6fWHIprGLJjVOF7HwVDQcJD\n" + - "DhX4638Q7ETDrbTVQ4/edX6Yesq6C1G8Pza1LwStXD/jCQHFvWbPud86V0ikS4rS\n" + - "qlmu3fzUrGZ2/Q+n5jrnRqM5IS8TXYcnzLD3azH1+aZjkwQt9HP4IuvAe/Bg9aWE\n" + - "XeDmksbg0SqQInrWn+BVYtD+hCZNz8K0GnKKpx3Q9VxzRv+BMbO5e9iqK1Hcj5Wv\n" + - "ZXvU45j2r5y9WML4fc8CvphzbF6ezr1e51i+yabNmfld33gRX48V5oNk16wX32ed\n" + - "kQ83sKNomQm1dXURWK8aSDcZFAvJQ8vKTLIE9wiQmtjfSGoJzQhKLaN+egrp4L9y\n" + - "fjpFIeK4zgAH39P4s4kaPWTdfXe2n6P5o7Xolp4R22SVkI76d8d+5Iv7Rtqd+mqI\n" + - "y1hkwyTBbOBLtyF7yMtJQewkkZ0MWxkPvWg193RbYVRx8w1EycnxMgNwy2sJw7MR\n" + - "XM6Mihkw910BkvlbsFUXw4uSvRkkRWSBWVrkM5hvZGtbIJkqrdnj55RSk4DLOOT/\n" + - "LUyji/KpgD7YCi7emFA4tH6OpkNrjUJ3gdRnD4GwQj/87tYeoQWZ6uCl0MHDUCmw\n" + - "73bpxSkjPrYbmKo9mGEAMhW1ZxY=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=quovadis-root-ca-1-g3.chain-demos.digicert.com, O="DigiCert, Inc.", - // L=Lehi, ST=Utah, C=US - // Issuer: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US - // Serial number: a94cc08600f5fe5d3f0659bfcfec6f0 - // Valid from: Fri Mar 04 16:00:00 PST 2022 until: Wed Apr 05 16:59:59 PDT 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIG/DCCBeSgAwIBAgIQCpTMCGAPX+XT8GWb/P7G8DANBgkqhkiG9w0BAQsFADBZ\n" + - "MQswCQYDVQQGEwJVUzEWMBQGA1UECgwNRGlnaUNlcnQsIEluYzEyMDAGA1UEAwwp\n" + - "RGlnaUNlcnQgUXVvVmFkaXMgVExTIElDQSBRViBSb290IENBIDEgRzMwHhcNMjIw\n" + - "MzA1MDAwMDAwWhcNMjMwNDA1MjM1OTU5WjB9MQswCQYDVQQGEwJVUzENMAsGA1UE\n" + - "CBMEVXRhaDENMAsGA1UEBxMETGVoaTEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4x\n" + - "NzA1BgNVBAMTLnF1b3ZhZGlzLXJvb3QtY2EtMS1nMy5jaGFpbi1kZW1vcy5kaWdp\n" + - "Y2VydC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3HrwaCagg\n" + - "6bxmgEC+neLN/ShfNYuOMQ2Slk5q/zDUhQRpNQnh3nUwoRSWRvwGxDFsRj++LECF\n" + - "TMdfzIu+0rlFzGqd3B5mlRsJrcycy/+ILwGNtIooUSU7pvJAVgLZ5N1SSVZoY+i3\n" + - "bqLiMmv2/JfouT1SQB3U0tGmS+QKyBtVyKPVeuAhnLdyw90UiB7Gu9qXQpCawac8\n" + - "pXPQLFzyEP7VJO0wDXanXvi6YPuIhh4m+j2YVCd9d2zI3y3kOrkuaUY5UCBvMG/b\n" + - "Pc7/5pBsqf+E+7RHF24JAR2aqXzARWt2MzRiwpE/DJDfu097IUtR5aEdCRIKw/b4\n" + - "GcHEbVaE3c8RAgMBAAGjggOaMIIDljAfBgNVHSMEGDAWgBSZEX3psK0tYlpw0zyN\n" + - "hyCt2touQTAdBgNVHQ4EFgQUsG1/1d7ATEocqm82IRByZD/1qQIwOQYDVR0RBDIw\n" + - "MIIucXVvdmFkaXMtcm9vdC1jYS0xLWczLmNoYWluLWRlbW9zLmRpZ2ljZXJ0LmNv\n" + - "bTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\n" + - "MIGXBgNVHR8EgY8wgYwwRKBCoECGPmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E\n" + - "aWdpQ2VydFF1b1ZhZGlzVExTSUNBUVZSb290Q0ExRzMuY3JsMESgQqBAhj5odHRw\n" + - "Oi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRRdW9WYWRpc1RMU0lDQVFWUm9v\n" + - "dENBMUczLmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhto\n" + - "dHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggr\n" + - "BgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFo\n" + - "dHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRRdW9WYWRpc1RMU0lD\n" + - "QVFWUm9vdENBMUczLmNydDAJBgNVHRMEAjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0E\n" + - "ggFpAWcAdgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAX9cPNEg\n" + - "AAAEAwBHMEUCIEcb3zz7lhKT26HkZpFPF9e7AsHY4HR3pO5LJ5+b2iDGAiEAjEHh\n" + - "4H3Vl+j95X65uBdkODnqjlxRc6OrqCRor71nKTYAdQA1zxkbv7FsV78PrUxtQsu7\n" + - "ticgJlHqP+Eq76gDwzvWTAAAAX9cPNEMAAAEAwBGMEQCIBbRZ9t9oUODHhZfa7n3\n" + - "0lGGmEpnZP9dZw375SuVX6OjAiBbfpZesx7GgSNygEF+zkBAXx+AFJF5GoGiOjFX\n" + - "0ykjDAB2ALNzdwfhhFD4Y4bWBancEQlKeS2xZwwLh9zwAw55NqWaAAABf1w80SoA\n" + - "AAQDAEcwRQIgfSXjtjuKjFiVYwdlitFNgTTSc7uP9hyazlrCKO9GsaYCIQCKimXl\n" + - "j4LjJ4BlG9H1J+V747tuf7ONnAzkCPsa2ymOuzANBgkqhkiG9w0BAQsFAAOCAQEA\n" + - "b9havJS9egan+4dgMhI6gDt6rjdWRniyi7kXv7/vWJXOxR1xl2d/WYDLsfp3BbqW\n" + - "YuKQwB5tTH1hEoNhQIyGnuE1Y1ZgtX24rSVfTCkU/3dnTZaIhaZgFHyftAum7xSI\n" + - "Qzu7pwih+PXrGNXupsnZ+VUE7a7zHyRDajixhSp7dZS4zLoDTxeyKX0MDmo4e8Mi\n" + - "HNYVASYcrdld90jVJaeI/V3EkJAX7/Eyo9JqzivEwGM0e0JhCLekcVSzhjGoAlbQ\n" + - "tIzCIaeVUlWKKiNXSKr1WD4oCD3ky4Y5VekTGzyUf/0LYzV+Y7p8epc5vTWKwYx/\n" + - "vQwJ4RsgFit+c84mSg4qug==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=quovadis-root-ca-1-g3-revoked.chain-demos.digicert.com, - // O="DigiCert, Inc.", L=Lehi, ST=Utah, C=US - // Issuer: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US - // Serial number: e7eff4cdd14ebed1daa7bb7e07300ed - // Valid from: Fri Mar 04 16:00:00 PST 2022 until: Wed Apr 05 16:59:59 PDT 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIHDjCCBfagAwIBAgIQDn7/TN0U6+0dqnu34HMA7TANBgkqhkiG9w0BAQsFADBZ\n" + - "MQswCQYDVQQGEwJVUzEWMBQGA1UECgwNRGlnaUNlcnQsIEluYzEyMDAGA1UEAwwp\n" + - "RGlnaUNlcnQgUXVvVmFkaXMgVExTIElDQSBRViBSb290IENBIDEgRzMwHhcNMjIw\n" + - "MzA1MDAwMDAwWhcNMjMwNDA1MjM1OTU5WjCBhTELMAkGA1UEBhMCVVMxDTALBgNV\n" + - "BAgTBFV0YWgxDTALBgNVBAcTBExlaGkxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMu\n" + - "MT8wPQYDVQQDEzZxdW92YWRpcy1yb290LWNhLTEtZzMtcmV2b2tlZC5jaGFpbi1k\n" + - "ZW1vcy5kaWdpY2VydC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" + - "AQDCQQ2S25TEDDGHa/zvFUex4mD7pUAS7g80g8mQVII2v9Cg6F2tIEbay/IDhV3D\n" + - "NtxJcaqiMpT9oMA5jhMSOqcoq8QFzdqugtIvxQ3obrIZysxjjluB2b1T5UhlnND1\n" + - "ShXlSWRhwkCN8qfO+VJ8wrpVH45mj+DsiSLWrY8Vw4q+gcJgoUV0Vj87m1H93JTf\n" + - "pF68NjljUOOTTXZSzsvTRpDsnOizbVeyZoRawRP8D4UbxA8P28Q5W7a/uZSnUkfo\n" + - "1U1QFDd/ii/PCt6TVGYCNUehb8eSrEyjAtIZ/ricIVkKxcqzQ3Tuq7HefH/KiAqD\n" + - "GWr0NfO1JhX5ILmDZcosdsW1AgMBAAGjggOjMIIDnzAfBgNVHSMEGDAWgBSZEX3p\n" + - "sK0tYlpw0zyNhyCt2touQTAdBgNVHQ4EFgQUK6amWfyhRxRpr+fT1tpYV14n2wgw\n" + - "QQYDVR0RBDowOII2cXVvdmFkaXMtcm9vdC1jYS0xLWczLXJldm9rZWQuY2hhaW4t\n" + - "ZGVtb3MuZGlnaWNlcnQuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr\n" + - "BgEFBQcDAQYIKwYBBQUHAwIwgZcGA1UdHwSBjzCBjDBEoEKgQIY+aHR0cDovL2Ny\n" + - "bDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0UXVvVmFkaXNUTFNJQ0FRVlJvb3RDQTFH\n" + - "My5jcmwwRKBCoECGPmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFF1\n" + - "b1ZhZGlzVExTSUNBUVZSb290Q0ExRzMuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQIC\n" + - "MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCBgwYI\n" + - "KwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j\n" + - "b20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp\n" + - "Q2VydFF1b1ZhZGlzVExTSUNBUVZSb290Q0ExRzMuY3J0MAkGA1UdEwQCMAAwggF+\n" + - "BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs\n" + - "62nhd31tBr1uAAABf1xeMeAAAAQDAEgwRgIhALuEk3mDbnEEkboc95mrKMgibE0K\n" + - "0QAWMu1gI/teH06xAiEA7dbuLv66ScQkOq0zbfnUM8ih1Bw+Wb29jQRyTEXCaxEA\n" + - "dgA1zxkbv7FsV78PrUxtQsu7ticgJlHqP+Eq76gDwzvWTAAAAX9cXjIwAAAEAwBH\n" + - "MEUCIBvEfG23Yewp6oXQJExXQ+Am7z4i0X5NqSz8ohAXT3NiAiEAhDjy2H2Z5CV5\n" + - "gZ8TACTVgNyvEIH0cS4DjH6/ILknLDEAdQCzc3cH4YRQ+GOG1gWp3BEJSnktsWcM\n" + - "C4fc8AMOeTalmgAAAX9cXjJBAAAEAwBGMEQCIGuxWoTPcFYQlVF9q/F1JbaZj/VT\n" + - "O6Oa8ionxCC/8aqrAiAUCUoDcwphZ25ZFC+xGiP0kUiWgUwuQH7lBpTgoZp/BjAN\n" + - "BgkqhkiG9w0BAQsFAAOCAQEAFrVjcQxq81PXEgHCf48+FOle8kUpJGxpH1n1Sp0p\n" + - "V95wrXj47oT1Vt9WqXPrNDfDkxwAvvXrCMXjHEg2YN0FCEanVec8GciuRRRtXrOE\n" + - "QOXAqGv5j+KG7bEvMNUFS90fesxfxVAQkr1zIT70nMAOKV1NOyQ/q8bZ+jehcRZB\n" + - "wUKrCWAzvOw4DPytrDcQmflvQN+Bw92T3uDuoYT/oBcobpVfKpfuW/+ZxxXTIp4L\n" + - "sixlx82SZNTo6e3LOqsgZnR6TFyRJ63sK65M+W0d55bHvleUAHRCOiGhhgqE/cby\n" + - "z50hDzJMLnjskMSpkxMoeSeutAS2e7oIvA//7C37LrQccQ==\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) - throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Tue Mar 08 11:22:28 PST 2022", System.out); + private static final String VALID = "https://quovadis-root-ca-1-g3.chain-demos.digicert.com/"; + private static final String REVOKED = "https://quovadis-root-ca-1-g3-revoked.chain-demos.digicert.com/"; + private static final String CA_FINGERPRINT = + "8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class RootCA2G3 { - - // Owner: CN=DigiCert QV EV TLS ICA G1, O="DigiCert, Inc.", C=US - // Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM - // Serial number: 65e9bcd53e791df22dffeb5ecc2bc7a5588d0883 - // Valid from: Mon Mar 16 12:39:42 PDT 2020 until: Thu Mar 14 12:39:42 PDT 2030 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIFbzCCA1egAwIBAgIUZem81T55HfIt/+tezCvHpViNCIMwDQYJKoZIhvcNAQEL\n" + - "BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc\n" + - "BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0yMDAzMTYxOTM5NDJaFw0z\n" + - "MDAzMTQxOTM5NDJaMEoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKDA5EaWdpQ2VydCwg\n" + - "SW5jLjEiMCAGA1UEAwwZRGlnaUNlcnQgUVYgRVYgVExTIElDQSBHMTCCASIwDQYJ\n" + - "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhwn6I+pGrJsnisnzP7EU5cFN9UT5XF\n" + - "auA13F3jHeUUZmBOcMSOJEhx/e7oeVScTnmKpe7t7uey7lIIC9DWFmP8klbtLBgL\n" + - "0jY4MPlCkVyxUIhZ73EHCPqDCX9bo+rMB6C758/tKZOPcoWRixQypPwoC4cXNOOk\n" + - "ntqFPRxFSZoBdTDNlAmkAQJCRsXGCEC5pZ0JqzGcAA0/Pw1fB8lSPAti3trubYmd\n" + - "aaPFAKzGK7vsexxpuSUKO0opNkFWbLdHZ8jkr86R80oo1vhURJXWNeMS74ws5nbt\n" + - "Ll9sJTDW33MQPS0/JO3xYI7bQcW3K1sPSERa4BahqgOJvEXMk1eWRcUCAwEAAaOC\n" + - "AU0wggFJMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAU7edvdlq/YOxJ\n" + - "W8ald7tyFnGbxD0wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8v\n" + - "b2NzcC5xdW92YWRpc2dsb2JhbC5jb20wSwYDVR0gBEQwQjAHBgVngQwBATA3Bglg\n" + - "hkgBhv1sAgEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29t\n" + - "L0NQUzAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwOwYDVR0fBDQwMjAw\n" + - "oC6gLIYqaHR0cDovL2NybC5xdW92YWRpc2dsb2JhbC5jb20vcXZyY2EyZzMuY3Js\n" + - "MB0GA1UdDgQWBBQTL6fobnFR9uIMmEeDnn+deHk08zAOBgNVHQ8BAf8EBAMCAYYw\n" + - "DQYJKoZIhvcNAQELBQADggIBAEoOxze3kgnR39LX8M63EjiNxx0LThZHROqYqev6\n" + - "5ox/c5NNitk8/ODA8osdPpvnUBAlmE0+gqBvnTBRPVrJFd9bOr5BK8z6Os9/U0ed\n" + - "c3UINkWLS05B7ChC9s6Zw1Vd/WlW08TQJ80GpvAIbEKcg8EO/DXPniHxC4cMtv1T\n" + - "jtNeh98XiVgQXHL1FY+u/l413J8C4utKi4ZOQeCJDqvlSDzRsOi+tHsXrCJxnMWN\n" + - "2QBgMGgdPW37zwf0EffoH0Gee3pTgg7I5SzmvBq0t5xRDfv4N0OdM/sN1mc5f3o7\n" + - "0YCd9WXhyDCV5W2O8QIbrd42CK5k1rlM6gXwOyDmYY5CVAl1QeXEeRfDk/zNjU/1\n" + - "+LnH/Dv88VcZhODYq+VGbyM8bpNr0v95PY3yaH4kzpWGqWAN5i9LosfcaqRPmyL4\n" + - "PcKTQwcA9AVTjITExFua/QtGrXLPvMVxR248G9IQpJMxP3JEGkjlKCenmc29r2u1\n" + - "KE4TeCs2xxjR1PusTfX91bBW3YAoAPDTRQKZjolegLUY44j3uKSzAdhMEbZQhovH\n" + - "Lraqx1WjTayTuq1Vuakcia5shmgFVSNcE+NVgLEIe32oTOm/G6Kd1lcm9C4Ph1Cg\n" + - "nfDuqohZrk76kJTk8poAY5aFCQHhVzbpSw3zooMGjjvWnkG+/DC6SZM8rKoOdKiB\n" + - "cy+N\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=quovadis-root-ca-2-g3.chain-demos.digicert.com, O="DigiCert, - // Inc.", L=Lehi, ST=Utah, C=US, SERIALNUMBER=5299537-0142, OID.1.3.6.1.4 - // 1.311.60.2.1.2=Utah, OID.1.3.6.1.4.1.311.60.2.1.3=US, - // OID.2.5.4 .15=Private Organization - // Issuer: CN=DigiCert QV EV TLS ICA G1, O="DigiCert, Inc.", C=US - // Serial number: 9c5e9d5f169d3a59e64db208d3e849d - // Valid from: Wed Feb 02 16:00:00 PST 2022 until: Mon Mar 06 15:59:59 PST 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIHNDCCBhygAwIBAgIQCcXp1fFp06WeZNsgjT6EnTANBgkqhkiG9w0BAQsFADBK\n" + - "MQswCQYDVQQGEwJVUzEXMBUGA1UECgwORGlnaUNlcnQsIEluYy4xIjAgBgNVBAMM\n" + - "GURpZ2lDZXJ0IFFWIEVWIFRMUyBJQ0EgRzEwHhcNMjIwMjAzMDAwMDAwWhcNMjMw\n" + - "MzA2MjM1OTU5WjCB3zEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEzAR\n" + - "BgsrBgEEAYI3PAIBAxMCVVMxFTATBgsrBgEEAYI3PAIBAhMEVXRhaDEVMBMGA1UE\n" + - "BRMMNTI5OTUzNy0wMTQyMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDENMAsG\n" + - "A1UEBxMETGVoaTEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNzA1BgNVBAMTLnF1\n" + - "b3ZhZGlzLXJvb3QtY2EtMi1nMy5jaGFpbi1kZW1vcy5kaWdpY2VydC5jb20wggEi\n" + - "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfknHK7boXh9ysZ0FLDQKEyT2x\n" + - "Swtyecb5kkVgJU75XpXccV724mntCu5hpZ7Yt4tOmDZvbpYcqWbhIJgxGFNLyPdB\n" + - "Fn8jgZ4N0WoD7u295HI9izEmbM0XrO2rvHUc6ZhFFyx0jhvJPf/k9QbQB4TwKZri\n" + - "Iuf1E1Ek70DkTWAg6OrPHMe2ER3aSz2S2rNkMSopURvZuabzPovsGaz+XEZNfE4N\n" + - "UfkBLa0DUjFCamOMZKIfkzxpH/NhQcigGnZgxiyUb6KRhu9ydpWeOvOHwPWwR/fV\n" + - "7WT+X1DUHojoXeCk2RtIRMihDWPd+lqiUppM8IlEW/gxWbK1wP41qioiK9j5AgMB\n" + - "AAGjggN+MIIDejAfBgNVHSMEGDAWgBQTL6fobnFR9uIMmEeDnn+deHk08zAdBgNV\n" + - "HQ4EFgQUtAEN4g3bzwES6MoOINihiZQrt+owOQYDVR0RBDIwMIIucXVvdmFkaXMt\n" + - "cm9vdC1jYS0yLWczLmNoYWluLWRlbW9zLmRpZ2ljZXJ0LmNvbTAOBgNVHQ8BAf8E\n" + - "BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIw\n" + - "N6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFFWRVZUTFNJ\n" + - "Q0FHMS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2Vy\n" + - "dFFWRVZUTFNJQ0FHMS5jcmwwSgYDVR0gBEMwQTALBglghkgBhv1sAgEwMgYFZ4EM\n" + - "AQEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYG\n" + - "CCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu\n" + - "Y29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln\n" + - "aUNlcnRRVkVWVExTSUNBRzEuY3J0MAwGA1UdEwEB/wQCMAAwggF9BgorBgEEAdZ5\n" + - "AgQCBIIBbQSCAWkBZwB2AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1u\n" + - "AAABfsHcGW0AAAQDAEcwRQIgSMSWvB5/8sf6CAZYojDI+t3bmcVHtIJT3T+Z3TcZ\n" + - "MFMCIQD5Qyb6jwHOAscsPeID156bUZIw+PeB652u+Q8gTU8C5gB1ADXPGRu/sWxX\n" + - "vw+tTG1Cy7u2JyAmUeo/4SrvqAPDO9ZMAAABfsHcGUcAAAQDAEYwRAIgL68Riq9a\n" + - "l17hobjQopbfzvcQi4KT1+DlqO2dAeCuF80CIAy19t3bAxcJRmbXWo9J2dGc7WuE\n" + - "r+bLfnQoerq9KB1bAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoA\n" + - "AAF+wdwZZAAABAMARzBFAiEA4vYazXAaD1BfJ8MqEmrfxeTIDQ6LZkmqfh8xEnVz\n" + - "8VYCIF/RgfyBhOeH40wfgwpFTa+Y+t7EWg0PtjC4IaIFTKYKMA0GCSqGSIb3DQEB\n" + - "CwUAA4IBAQC5KLlms/+5XcCIEFBpQSwT7VoRcqnrVWlhya+9ClA98LYuDUeHcHt6\n" + - "lHvfjEEmy2s2GoKHK/JxXzftBau5LbDWlvQ6EF+22fnaVDsKIwNgYwbhJb+6zr8t\n" + - "LOFS6Y51YSlRrDUvy94S3PE7N8D3wyKq18IhXOI1WUeR0bKHLlXtl+ZjKMIMkd/l\n" + - "YtLnnskRCQa0P/HLwQYLUpgiNGVZJQbjrWsVzcw12mR/gza1KjR02STJRGZad7L0\n" + - "Oz48CRhm94iaEjFcVKT3vcDUrtCKpkmhBACcdA3NNqDq10i/SLspOeDLSESkkJKF\n" + - "w8w3YCqXjZn5JyV3sVHYNezNKtLdCxn4\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=quovadis-root-ca-2-g3-revoked.chain-demos.digicert.com, - // O="DigiCert, Inc.", L=Lehi, ST=Utah, C=US, SERIALNUMBER=5299537-0142, - // OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Utah, - // OID.1.3.6.1.4.1.311.60.2.1.3=US - // Issuer: CN=DigiCert QV EV TLS ICA G1, O="DigiCert, Inc.", C=US - // Serial number: 3f84605850df3ac98fcc15adec269f8 - // Valid from: Sun Apr 17 17:00:00 PDT 2022 until: Fri May 19 16:59:59 PDT 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIHQDCCBiigAwIBAgIQA/hGBYUN86yY/MFa3sJp+DANBgkqhkiG9w0BAQsFADBK\n" + - "MQswCQYDVQQGEwJVUzEXMBUGA1UECgwORGlnaUNlcnQsIEluYy4xIjAgBgNVBAMM\n" + - "GURpZ2lDZXJ0IFFWIEVWIFRMUyBJQ0EgRzEwHhcNMjIwNDE4MDAwMDAwWhcNMjMw\n" + - "NTE5MjM1OTU5WjCB5zETMBEGCysGAQQBgjc8AgEDEwJVUzEVMBMGCysGAQQBgjc8\n" + - "AgECEwRVdGFoMR0wGwYDVQQPDBRQcml2YXRlIE9yZ2FuaXphdGlvbjEVMBMGA1UE\n" + - "BRMMNTI5OTUzNy0wMTQyMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDENMAsG\n" + - "A1UEBxMETGVoaTEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xPzA9BgNVBAMTNnF1\n" + - "b3ZhZGlzLXJvb3QtY2EtMi1nMy1yZXZva2VkLmNoYWluLWRlbW9zLmRpZ2ljZXJ0\n" + - "LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANfUkoe8l/AFhMH5\n" + - "NtRR2Ztx4xVINz1celdjQE7xgjyHoQY6EMhuI+tvTpwJr9wJEFl7YBiIUFUgJZo6\n" + - "lCLZtXI5t6rN0PhI+F03vGj5ukOkBBcsNVuKPJjud78sHL7u4w7RL3agrQIG7sff\n" + - "bQK4qieUDPxiE8TO8mIzUKnIvYeNA8aJe4zxWf6Mn64WvnudsxYFgMDL4L0ryYKy\n" + - "Ls53Co0OweOl4qnNSne8eIGfb6UaUBQvWbnVfRSHzf+skrF1qstWlFhUsqR07HtF\n" + - "6BqVrAsRA8tmXisyXrMp9jTcIsG7LXVLOqxN07mAvpateExZs3WWRhfQl4Z+HpHD\n" + - "80WbTI0CAwEAAaOCA4IwggN+MB8GA1UdIwQYMBaAFBMvp+hucVH24gyYR4Oef514\n" + - "eTTzMB0GA1UdDgQWBBSTXYbD9dwCDxIH/aN5vIr02uLz5DBBBgNVHREEOjA4gjZx\n" + - "dW92YWRpcy1yb290LWNhLTItZzMtcmV2b2tlZC5jaGFpbi1kZW1vcy5kaWdpY2Vy\n" + - "dC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\n" + - "BQcDAjB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20v\n" + - "RGlnaUNlcnRRVkVWVExTSUNBRzEuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdp\n" + - "Y2VydC5jb20vRGlnaUNlcnRRVkVWVExTSUNBRzEuY3JsMEoGA1UdIARDMEEwCwYJ\n" + - "YIZIAYb9bAIBMDIGBWeBDAEBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGln\n" + - "aWNlcnQuY29tL0NQUzB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6\n" + - "Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMu\n" + - "ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0UVZFVlRMU0lDQUcxLmNydDAJBgNVHRMEAjAA\n" + - "MIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQDoPtDaPvUGNTLnVyi8iWvJA9PL\n" + - "0RFr7Otp4Xd9bQa9bgAAAYA+bejFAAAEAwBGMEQCIFDhmaB4BXmOw2SKONPFBU8t\n" + - "qXb7DXeG6JHGcONDqITjAiAqozEj7/1ULu6t/uzfwOSgC7xEmUsLGzQVnaOF9m3s\n" + - "swB1ADXPGRu/sWxXvw+tTG1Cy7u2JyAmUeo/4SrvqAPDO9ZMAAABgD5t6QkAAAQD\n" + - "AEYwRAIgfVEs7Ph+wOpoCGl4woa3aUWH1COGx1SwvHZ8lH21xfsCIBI1IpR6goya\n" + - "iz47tT/Uz+26RnkHiAApYsdMOPyevkzhAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFn\n" + - "DAuH3PADDnk2pZoAAAGAPm3pPgAABAMARzBFAiAKBon1PVoqJAF49jMQd2c222TK\n" + - "sWkL5sLFqLVZj2vOugIhAODd/OUy236+9alC2U5nxl1oej9fOF4por2OZMFQfpFF\n" + - "MA0GCSqGSIb3DQEBCwUAA4IBAQAyrJzyOiRAETfoYddTmRmbnFNuHx4YAkkdxn2d\n" + - "BXdy4jPn0kTtDo4592KnbTdieSCWghmEmcEY1sQXdX6iqKwzmp408jfUDohl5evV\n" + - "oZrum3P3zgLRz1qswFM5a2HteWzCWWi/n6d6nKXj6PGGVAMQfk1s6PaWhYBuiaag\n" + - "myYss/LTPzaLGUfFzlt/HfomiD+BNuBOVa+pPrmTWhex+e02z95n6RPYCiazuZNZ\n" + - "xiarN83pRNu/fIjVXw2jENg7+kaC1wwLqET0x6/EJa6YI3Xa7Aumb8Pp2r2UZ5Tr\n" + - "7BUhmiRLkvw/9SI8ceXNSwuTTGK2fKHm2/CWqI0cS3zWk3dC\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) - throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Mon Apr 18 14:07:46 PDT 2022", System.out); + private static final String VALID = "https://quovadis-root-ca-2-g3.chain-demos.digicert.com"; + private static final String REVOKED = "https://quovadis-root-ca-2-g3-revoked.chain-demos.digicert.com"; + private static final String CA_FINGERPRINT = + "8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class RootCA3G3 { - - // Owner: CN=DigiCert QuoVadis TLS ICA QV Root CA 3 G3, O="DigiCert, Inc", C=US - // Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM - // Serial number: 427dd33a8ff51d8152e813c7dec93ba76312a7d8 - // Valid from: Wed Jan 06 12:55:40 PST 2021 until: Sat Jan 04 12:55:40 PST 2031 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIFgDCCA2igAwIBAgIUQn3TOo/1HYFS6BPH3sk7p2MSp9gwDQYJKoZIhvcNAQEL\n" + - "BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc\n" + - "BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0yMTAxMDYyMDU1NDBaFw0z\n" + - "MTAxMDQyMDU1NDBaMFkxCzAJBgNVBAYTAlVTMRYwFAYDVQQKDA1EaWdpQ2VydCwg\n" + - "SW5jMTIwMAYDVQQDDClEaWdpQ2VydCBRdW9WYWRpcyBUTFMgSUNBIFFWIFJvb3Qg\n" + - "Q0EgMyBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxNTdqnFD+A\n" + - "MhketYfVfVUWQKPkVEuyYj7Y2uwXBMRP4RStO4CoQih+hX/h94vRlObOIsqcNnyC\n" + - "ElwBnLbmusaWYLYnDEWoROL8uN0pkWk0asfhhEsXTkAJ6FLHUD85WBkED4gIVWPi\n" + - "Sp4AOwiA+/zpbwgVAgdjJTO3jjMsp4F1lBrdViYSwoPRACH1ZMjJG572oXTpZkQX\n" + - "uWmEKLUOnik1i5cbqGLnwXiDvTAhxit7aBlj/C5IDvONWVQL34ZTYppvo8S3Hhy9\n" + - "xX0S4HCpTpeBe3mas7VOrjsXNlEoFvejrxcQ+fB/gUf6fLUPxUhcPtm8keBPQuxc\n" + - "qP12/+KG0WECAwEAAaOCAU8wggFLMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0j\n" + - "BBgwFoAUxhfQvKjqAkPyGwaZXSuQILnXnOQwdAYIKwYBBQUHAQEEaDBmMDgGCCsG\n" + - "AQUFBzAChixodHRwOi8vdHJ1c3QucXVvdmFkaXNnbG9iYWwuY29tL3F2cmNhM2cz\n" + - "LmNydDAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AucXVvdmFkaXNnbG9iYWwuY29t\n" + - "MBMGA1UdIAQMMAowCAYGZ4EMAQICMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF\n" + - "BQcDATA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFs\n" + - "LmNvbS9xdnJjYTNnMy5jcmwwHQYDVR0OBBYEFDNm+y+RBcyzYlLvzTz1fhzOpxeW\n" + - "MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAY0ZuDgyM4I4MO9ll\n" + - "D8qFUPQ8xtcGOuJgSRhDS2onIJ0M8yOGOYJCobIEGIgqyx94kI/n/1Xw+Wvsnhwb\n" + - "OYOtVedx6VGDu6IuSKTVgPPhzwKP5ZA7wtmgKR8+W4E3DM1VerA9Po9ycDK9qCdl\n" + - "K4tuF37grKEzlQKovG+kn0z+Zi0D/E1kN1Q8YmX35HHRenJWKEnAL9QROh0X9jFi\n" + - "SlsHPrxWC3adOdAW+B+kVG0cM2nurd0Ic2YkiLKOOaSd5hbCQY/fCZwohtest+ZU\n" + - "Ajyd+FVzSNvEFrwPzZwKfcdemvD4kew8lx5sG6BUL4GkFWnotxSr+F9Huwgj4pC+\n" + - "cxE2841a/9r/gliuwDM/8jkt16epFAdw0fXemyM8FdHJDnB++3d8SyjOOQ8j+VHW\n" + - "31NWx27sORa5CgRchlldXWDzIIEwbc82a1OAfGUmNAsdEHjMl1HMcZHbjCmdSdsw\n" + - "fmyldZrj2YmvOI5ZlE9z4vzi35KyqlxWCtu9O/SJq/rBvYS0TPmm8HbhJQbeMe6p\n" + - "vJGrxcb1muSBANn9T9wvukjiNNw32ciSDCjZ0h4N+CGxbzoZtgIAQ29IunYdnJix\n" + - "ZiP+ED6xvwgVRBkDSgWD2W/hex/+z4fNmGQJDcri51/tZCqHHv2Y7XReuf4Fk+nP\n" + - "l8Sd/Kpqwde/sJkoqwDcBSJygh0=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=quovadis-root-ca-3-g3.chain-demos.digicert.com, O="DigiCert, Inc.", - // L=Lehi, ST=Utah, C=US - // Issuer: CN=DigiCert QuoVadis TLS ICA QV Root CA 3 G3, O="DigiCert, Inc", C=US - // Serial number: f27ee3fad1d754ae78d7866da0a4f6f - // Valid from: Fri Mar 04 16:00:00 PST 2022 until: Wed Apr 05 16:59:59 PDT 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIG/jCCBeagAwIBAgIQDyfuP60ddUrnjXhm2gpPbzANBgkqhkiG9w0BAQsFADBZ\n" + - "MQswCQYDVQQGEwJVUzEWMBQGA1UECgwNRGlnaUNlcnQsIEluYzEyMDAGA1UEAwwp\n" + - "RGlnaUNlcnQgUXVvVmFkaXMgVExTIElDQSBRViBSb290IENBIDMgRzMwHhcNMjIw\n" + - "MzA1MDAwMDAwWhcNMjMwNDA1MjM1OTU5WjB9MQswCQYDVQQGEwJVUzENMAsGA1UE\n" + - "CBMEVXRhaDENMAsGA1UEBxMETGVoaTEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4x\n" + - "NzA1BgNVBAMTLnF1b3ZhZGlzLXJvb3QtY2EtMy1nMy5jaGFpbi1kZW1vcy5kaWdp\n" + - "Y2VydC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOZpBBS8yo\n" + - "ioVgFUQDCVcnkHTL4/PfaPKGK1owE0+mKz1AXmYX1rzFfp6gFqjbZeclhWCKoINE\n" + - "OrZ2+1mGp75+nCP89NgoGzPgjYLVsM97gN2Y36/jXu8TwsZdYfBw9gxL+YApvq2r\n" + - "NbPfxXaYfWdq8bz0RzqXRgS8BqKi1q8tKyahx5EJ3fCpozY9NPvCnipwbWXL9evF\n" + - "Oak3c5Ip2YME4mHh8PujrznCVBte7KGLDn2KwbOUbh5SKKBL32vzTPOERWEDMbAu\n" + - "3XqQh/cc4LTp32Lf/XkfnUOSbzNh+Te8ZjeDzI+SYNg9bleKpPxLSkBZyurs4mCD\n" + - "92L8BXPlMaGjAgMBAAGjggOcMIIDmDAfBgNVHSMEGDAWgBQzZvsvkQXMs2JS7808\n" + - "9X4czqcXljAdBgNVHQ4EFgQUnf71SuL2Z73DAgGKgO7UVFDBIkgwOQYDVR0RBDIw\n" + - "MIIucXVvdmFkaXMtcm9vdC1jYS0zLWczLmNoYWluLWRlbW9zLmRpZ2ljZXJ0LmNv\n" + - "bTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\n" + - "MIGXBgNVHR8EgY8wgYwwRKBCoECGPmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E\n" + - "aWdpQ2VydFF1b1ZhZGlzVExTSUNBUVZSb290Q0EzRzMuY3JsMESgQqBAhj5odHRw\n" + - "Oi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRRdW9WYWRpc1RMU0lDQVFWUm9v\n" + - "dENBM0czLmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhto\n" + - "dHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggr\n" + - "BgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFo\n" + - "dHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRRdW9WYWRpc1RMU0lD\n" + - "QVFWUm9vdENBM0czLmNydDAJBgNVHRMEAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8E\n" + - "ggFrAWkAdwDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAX9cGyUR\n" + - "AAAEAwBIMEYCIQDjpwE/uiXodkY8Cx3ecooM7gxZp+Qi3aQSIi3SWam6YwIhAPqz\n" + - "8AdaOw+FTZApiEiO2PXww8Y98YtivwXay8v/ZFxrAHYANc8ZG7+xbFe/D61MbULL\n" + - "u7YnICZR6j/hKu+oA8M71kwAAAF/XBsk5gAABAMARzBFAiEA4v9FfzFKPr8hPM1O\n" + - "jPSlboD96ufdyFBy9KmD8pFcI6ECIBY6pcURmWtsE/G2jQgC+qvueJqSycNP2qTM\n" + - "iJ3pO/U1AHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAF/XBsl\n" + - "BwAABAMARzBFAiEAsHzOaXv9OIo4RvaKUEscoLpnM98C+4hc6v4Z26d41aICIC2o\n" + - "aTrc5JsqgDhJXp7UArQPziUqDso967W2mrLa0nLdMA0GCSqGSIb3DQEBCwUAA4IB\n" + - "AQC2CaUwlIb+uKsELGw5U2KV0q8uMp/nBIyFaW/HNOJUf8j1keaf31WWBAFfUQVY\n" + - "pzFRUnRmNTtGxCvzyY1YhoQSwswGghz8ZCSQPWCST/Tl8kKuVFas8wSUXaEV23t4\n" + - "G0pfIlXL2oIuJwREjzv54SK7xsQ4whco0nw8DvLt+/5us4t96u8r1EuBKkF45ngz\n" + - "t77MTqpa0nvWUT7q9POT7xwQNui7P0j5t7prVX/fBKm5EfK1Jdi1Toj9+VxTIWYk\n" + - "splUCXw7zxaA3nlrncAmnHxZEY8sQjpGY1OGY0udd+m5bldJNbRTA1Q+VoPVMiU6\n" + - "osdBQGUbbWrqm1fnoFW1VvUt\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=quovadis-root-ca-3-g3-revoked.chain-demos.digicert.com, - // O="DigiCert, Inc.", L=Lehi, ST=Utah, C=US - // Issuer: CN=DigiCert QuoVadis TLS ICA QV Root CA 3 G3, O="DigiCert, Inc", C=US - // Serial number: aafa7cafda91796626f5fc8bcb38702 - // Valid from: Fri Mar 04 16:00:00 PST 2022 until: Wed Apr 05 16:59:59 PDT 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIHDTCCBfWgAwIBAgIQCq+nyv2pF5Zib1/IvLOHAjANBgkqhkiG9w0BAQsFADBZ\n" + - "MQswCQYDVQQGEwJVUzEWMBQGA1UECgwNRGlnaUNlcnQsIEluYzEyMDAGA1UEAwwp\n" + - "RGlnaUNlcnQgUXVvVmFkaXMgVExTIElDQSBRViBSb290IENBIDMgRzMwHhcNMjIw\n" + - "MzA1MDAwMDAwWhcNMjMwNDA1MjM1OTU5WjCBhTELMAkGA1UEBhMCVVMxDTALBgNV\n" + - "BAgTBFV0YWgxDTALBgNVBAcTBExlaGkxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMu\n" + - "MT8wPQYDVQQDEzZxdW92YWRpcy1yb290LWNhLTMtZzMtcmV2b2tlZC5jaGFpbi1k\n" + - "ZW1vcy5kaWdpY2VydC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" + - "AQDofDJ1xHHWMhbWwU7e4cY3u2NjvE4ur/A0Y13UK53zoH8qDunV6ORAXQ+zSpev\n" + - "kPlnIbdjYOK1v5RJn2ZRgCafj8Bc/9GnfQ1uE7P9dRkC9ZQwvb6Eh6f4RT7gaOPX\n" + - "UXSXwtr96xdXDvtlJqWx13YQPnSGXUNNT1NH8bs2Myr9j+I5bUcUGsKsGheZoib3\n" + - "6IFINss+ouOhZ+HP6ganS5cQVsUGk5u6BT6oH9VgwfVMjpDqmRkwc6UJmiij/Nz4\n" + - "NOLOx2tivUjhk0eTPUaErUqYipGBSuwww6Linc/0IAIxGJ2k0J3Qz9PthJzG0P47\n" + - "J5U5ej6FimnRS6Rrk5Ywk2HNAgMBAAGjggOiMIIDnjAfBgNVHSMEGDAWgBQzZvsv\n" + - "kQXMs2JS78089X4czqcXljAdBgNVHQ4EFgQU9qXify+xtHlQIniZABL1pv7gcb4w\n" + - "QQYDVR0RBDowOII2cXVvdmFkaXMtcm9vdC1jYS0zLWczLXJldm9rZWQuY2hhaW4t\n" + - "ZGVtb3MuZGlnaWNlcnQuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr\n" + - "BgEFBQcDAQYIKwYBBQUHAwIwgZcGA1UdHwSBjzCBjDBEoEKgQIY+aHR0cDovL2Ny\n" + - "bDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0UXVvVmFkaXNUTFNJQ0FRVlJvb3RDQTNH\n" + - "My5jcmwwRKBCoECGPmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFF1\n" + - "b1ZhZGlzVExTSUNBUVZSb290Q0EzRzMuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQIC\n" + - "MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCBgwYI\n" + - "KwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j\n" + - "b20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp\n" + - "Q2VydFF1b1ZhZGlzVExTSUNBUVZSb290Q0EzRzMuY3J0MAkGA1UdEwQCMAAwggF9\n" + - "BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1AOg+0No+9QY1MudXKLyJa8kD08vREWvs\n" + - "62nhd31tBr1uAAABf1wc0LIAAAQDAEYwRAIgdmF6UFe2jgbM3FjYRMmcNaXfpleT\n" + - "E8hmYfmAVy5lSoUCIDPCV27IP9wpdGoxnnCMBwuekg6E4SB0lj49+o9OHHjDAHUA\n" + - "Nc8ZG7+xbFe/D61MbULLu7YnICZR6j/hKu+oA8M71kwAAAF/XBzQ0QAABAMARjBE\n" + - "AiBO6vYHFci7OWvqDHRlgTn+Q6zNG/LysZEOlrO4W8ZZ2gIgDY5+qjlar3esPN0b\n" + - "JUR5vfITl7UiZoqINJSm1gZ4Nm4AdwCzc3cH4YRQ+GOG1gWp3BEJSnktsWcMC4fc\n" + - "8AMOeTalmgAAAX9cHNDdAAAEAwBIMEYCIQCB52OPhdnYybsWzmkdSGSbgQVmS0V7\n" + - "ZumbThJSJwpuiwIhAP+JRx+Eu3MYRp5iyLb+xlWqghMnDnF9aCfm1VuW4aDuMA0G\n" + - "CSqGSIb3DQEBCwUAA4IBAQBO/4LljBpMGYYxBang12UIQ+FIjxAfKqqIklSa+du2\n" + - "ea0VHqaRrdfh/aTxzb0WaU++bgQN+MeHmQdvwYSgAyU/lY7mIvDTNxFOO6IG2vfR\n" + - "+JAUnS9iVUQ1rXHU72cxUsne5aRyLQ0W/2Zayx85O6/C9gIUJgJVRuk0dTPZ6tnq\n" + - "FoW1S4GwqEpzTuJU8rP5IvMYoYo8jItpjzS0W90gtDvev/XBRs1ig28Ky7ZS5AtQ\n" + - "S2Q6Ikg9YzegE9YNj2wqdZnEneoce0G1InysM/geY1BZ57G9RAUZkzWVTJRLJgbg\n" + - "2nWSqpQJ765gg9JdsRo+zqj1kUBbUYoTSlaAJG6ucrlB\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) - throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Tue Mar 08 11:23:06 PST 2022", System.out); + private static final String VALID = "https://quovadis-root-ca-3-g3.chain-demos.digicert.com"; + private static final String REVOKED = "https://quovadis-root-ca-3-g3-revoked.chain-demos.digicert.com"; + private static final String CA_FINGERPRINT = + "88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java index dd0b982f58bdf..c5d7bb871c061 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,469 +22,80 @@ */ /* - * @test + * @test id=OCSP * @bug 8243320 8256895 * @summary Interoperability tests with SSL.com's RSA, EV RSA, and ECC CA - * @build ValidatePathWithParams + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath SSLCA OCSP - * @run main/othervm -Djava.security.debug=certpath SSLCA CRL */ /* - * Obtain TLS test artifacts for SSL.com CAs from: - * - * SSL.com RSA CA - * Valid - https://test-dv-rsa.ssl.com - * Revoked - https://revoked-rsa-dv.ssl.com/ - * SSL.com EV RSA CA - * Valid - https://test-ev-rsa.ssl.com - * Revoked - https://revoked-rsa-ev.ssl.com/ - * SSL.com ECC CA - * Valid - https://test-dv-ecc.ssl.com - * Revoked - https://revoked-ecc-dv.ssl.com/ + * @test id=CRL + * @bug 8243320 8256895 + * @summary Interoperability tests with SSL.com's RSA, EV RSA, and ECC CA + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL + * @run main/othervm -Djava.security.debug=certpath SSLCA CRL */ + +import java.security.cert.CertificateEncodingException; + public class SSLCA { public static void main(String[] args) throws Exception { System.setProperty("jdk.security.certpath.ocspNonce", "true"); - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); - boolean ocspEnabled = false; + + ValidatePathWithURL pathValidator = new ValidatePathWithURL(); if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); + pathValidator.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPCheck(); - ocspEnabled = true; + pathValidator.enableOCSPOnly(); } - new SSLCA_RSA().runTest(pathValidator, ocspEnabled); - new SSLCA_EV_RSA().runTest(pathValidator, ocspEnabled); - new SSLCA_ECC().runTest(pathValidator, ocspEnabled); + new SSLCA_RSA().runTest(pathValidator); + new SSLCA_EV_RSA().runTest(pathValidator); + new SSLCA_ECC().runTest(pathValidator); } } class SSLCA_RSA { - - // Owner: CN=SSL.com RSA SSL subCA, O=SSL Corporation, L=Houston, ST=Texas, C=US - // Issuer: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US - // Serial number: 997ed109d1f07fc - // Valid from: Fri Feb 12 10:48:52 PST 2016 until: Wed Feb 12 10:48:52 PST 2031 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIGbzCCBFegAwIBAgIICZftEJ0fB/wwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE\n" + - "BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK\n" + - "DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp\n" + - "Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTg0ODUyWhcNMzEwMjEyMTg0\n" + - "ODUyWjBpMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv\n" + - "dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjEeMBwGA1UEAwwVU1NMLmNv\n" + - "bSBSU0EgU1NMIHN1YkNBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n" + - "hPYpOunhcxiF6xNzl6Tsm/Q89rnu2jVTXTBOZPaBkSD1Ic4lm7qkYwlZ/UgV5nn1\n" + - "5ohhceYDC2AlR9RvGbP+26qrNcuE0XOdHJOB4SoY4d6OqLAQ6ZB0LdERK1Saa5lp\n" + - "QlqHE8936dpr3hGWyqMb2LsdUuhQIzwNkLU/n9HO35irKCbKgS3FeejqkdqK5l6B\n" + - "b11693o4bz9UZCUdBcQ/Xz06tA5cfnHvYkmmjxhj1lLTKwkQhWuIDrpbwWLO0QVO\n" + - "c29s9ieomRKm8sYMyiBG4QqRQ/+bXwp48cF0qAByGWD6b8/gG4Xq1IBgO5p+aWFS\n" + - "0mszkk5rsh4b3XbTHohP3oWQIOV20WWdtVWXiQuBB8RocAl0Ga//b+epiGgME5JX\n" + - "LWXD1aDg/xHy8MUsaMlh6jDfVIFepkPnkwXDpR/n36hpgKa9dErMkgbYeEaPanLH\n" + - "Yd0kv4xQ36PlMMs9WhoDErGcEG9KxAXN4Axr5wl6PTDn/lXcUFvQoIq/5CSP+Kt5\n" + - "jq9tK/gRrAc4AWqRugDvQPYUm00Rqzj5Oxm5NVQYDzbyoA66CD68LETuVrfa9GuW\n" + - "9MAZRO6CDzonAezIdNHsslDb1H8VN/k0zMxjI+0ub4IAmc3I5GfZtvYcpjtMj8L4\n" + - "2TDS34/COov/Pf2HZ/XXGlzjZ7WPmLl4fdB6hhjs2BsCAwEAAaOCAQYwggECMDAG\n" + - "CCsGAQUFBwEBBCQwIjAgBggrBgEFBQcwAYYUaHR0cDovL29jc3BzLnNzbC5jb20w\n" + - "HQYDVR0OBBYEFCYUfuDc16b34tQEJ99h8cLs5zLKMA8GA1UdEwEB/wQFMAMBAf8w\n" + - "HwYDVR0jBBgwFoAU3QQJB6L1en1SUxKSle44gCUNplkwEQYDVR0gBAowCDAGBgRV\n" + - "HSAAMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmxzLnNzbC5jb20vc3NsLmNv\n" + - "bS1yc2EtUm9vdENBLmNybDAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYB\n" + - "BQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4ICAQAi6e/iSV5DEqDO6XjQ\n" + - "SIIzXgc255yv6Oc2sqZnvRyVBHtHvo62jMoHY3Xunc/EofbeS4aHdYBvgkn6CNTj\n" + - "VkCU+psWwcT3Pg83uP4k4Thu7bXvrClfS+XBlbJiCF/PSJxLrKnxRn+XIGiYl62H\n" + - "glBhq9K8/fZrI2Qh1mZJmWE0FlxEDCb4i8SBNi8lmDogaFi8/yl32Z9ahmhxcLit\n" + - "DU/XyKA0yOqvIrOGKH95v+/l8fQkzE1VEFvj+iyv4TXd7mRZDOsfqfIDZhrpou02\n" + - "kXH/hcXlrR++t8kjj9wt8HHQ+FkryWI6bU3KPRJR6N8EH2EHi23Rp8/kyMs+gwaz\n" + - "zMqnkNPbMME723rXk6/85sjOUaZCmhmRIx9rgqIWQesU962J0FruGOOasLT7WbZi\n" + - "FsmSblmpjUAo49sIRi7X493qegyCEAa412ynybhQ7LVsTLEPxVbdmGVih3jVTif/\n" + - "Nztr2Isaaz4LpMEo4mGCiGxec5mKr1w8AE9n6D91CvxR5/zL1VU1JCVC7sAtkdki\n" + - "vnN1/6jEKFJvlUr5/FX04JXeomIjXTI8ciruZ6HIkbtJup1n9Zxvmr9JQcFTsP2c\n" + - "bRbjaT7JD6MBidAWRCJWClR/5etTZwWwWrRCrzvIHC7WO6rCzwu69a+l7ofCKlWs\n" + - "y702dmPTKEdEfwhgLx0LxJr/Aw==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=test-dv-rsa.ssl.com - // Issuer: CN=SSL.com RSA SSL subCA, O=SSL Corporation, L=Houston, ST=Texas, C=US - // Serial number: 4ceada4ade82a6ccd0b2ae32c0dbfd62 - // Valid from: Fri Jun 28 07:06:50 PDT 2019 until: Sun Jun 27 07:06:50 PDT 2021 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIHTjCCBTagAwIBAgIQTOraSt6CpszQsq4ywNv9YjANBgkqhkiG9w0BAQsFADBp\n" + - "MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24x\n" + - "GDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjEeMBwGA1UEAwwVU1NMLmNvbSBSU0Eg\n" + - "U1NMIHN1YkNBMB4XDTE5MDYyODE0MDY1MFoXDTIxMDYyNzE0MDY1MFowHjEcMBoG\n" + - "A1UEAwwTdGVzdC1kdi1yc2Euc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" + - "ADCCAQoCggEBAKlOrYr8fnHN8REfJDwgsBhJvnsU4beQIYYaOAzR8pmo8eq1U/K0\n" + - "uwRrgJ5K61V78zBO5qmZNiivBobViftObWrq2H6QhQsYdMYXld3SEnEotIIriRHY\n" + - "2PcqlgnFYXkqI0ZKs4kNs+j3GS0IwncJJwKtypmtLTCLK5J/kG7qB2MNfXZTIzKI\n" + - "iZza4RUM1j67Hv3fPJzNEJ9urfjaI4xcRh5airlzBWOBU9pW87P7BgQN7cNzJQji\n" + - "4DSvb1pSXv8sBbZk5fmG+81PyUxcfqj7Dbih0J1Aoq0YysHugsrK/kLz+CvqL9B2\n" + - "a1JMZfob9jzcA7XPjpggLc3az2Wvv3XKqokCAwEAAaOCAzswggM3MB8GA1UdIwQY\n" + - "MBaAFCYUfuDc16b34tQEJ99h8cLs5zLKMHwGCCsGAQUFBwEBBHAwbjBKBggrBgEF\n" + - "BQcwAoY+aHR0cDovL3d3dy5zc2wuY29tL3JlcG9zaXRvcnkvU1NMY29tLVN1YkNB\n" + - "LVNTTC1SU0EtNDA5Ni1SMS5jcnQwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3Nwcy5z\n" + - "c2wuY29tMDcGA1UdEQQwMC6CE3Rlc3QtZHYtcnNhLnNzbC5jb22CF3d3dy50ZXN0\n" + - "LWR2LXJzYS5zc2wuY29tMFEGA1UdIARKMEgwCAYGZ4EMAQIBMDwGDCsGAQQBgqkw\n" + - "AQMBATAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy5zc2wuY29tL3JlcG9zaXRv\n" + - "cnkwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMDoGA1UdHwQzMDEwL6At\n" + - "oCuGKWh0dHA6Ly9jcmxzLnNzbC5jb20vU1NMY29tUlNBU1NMc3ViQ0EuY3JsMB0G\n" + - "A1UdDgQWBBQD/cmwQI853u0mOlmCjNRsAZOlEDAOBgNVHQ8BAf8EBAMCBaAwggF+\n" + - "BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLY\n" + - "gwDEe4l6qP3LAAABa55yL0QAAAQDAEcwRQIgWo8UQY3EYwyzkGLBLS0Zxu7oMmB7\n" + - "dnpzsEcoexWzZrQCIQCR6FkAe5ns84x2phRkn6nV7a0anjnxjpJUNeCfc3/pxAB2\n" + - "AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABa55yLzsAAAQDAEcw\n" + - "RQIhAKhGKQIpSd59tJm/Yac7Xo05u93CWbnDwoDgSMS+HBs5AiAfOSOc3BzY/2MF\n" + - "AM4GWrkK5Ehs9JMafo/+VBM0OrwVKQB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1\n" + - "YMG06v9eoIMPAAABa55yL4IAAAQDAEcwRQIhANcF26iGoUuzZL6rGKduPtyyYusf\n" + - "03lBKSyvxabB9WuvAiBNbxR210L+JP89s/ONw53lYVr+1m/c3u9/9Wpu7c3n5jAN\n" + - "BgkqhkiG9w0BAQsFAAOCAgEACX2CbVM8MCIJ+2Wsap1v6VU2kpCS/FBIsLSTWNEf\n" + - "dREv1nh93qQ2CPIxj5kP/0EOUfq7tmQCJHMODVgz3iHrdxRB1E58nXHlZ6vUdrCo\n" + - "pD9d6Cp+AwvrOdv6MndVJgel9tVOAqAUblwdLzPNQHEcXoKnFEVv2SVQCmAYLlkP\n" + - "xX2RS73gseiit4QnVZOWi/wDhqMm7/iq8n7rL/f7+ly2+7e3LVjxd24HZkgxNgbn\n" + - "JDjYvIla+EvyrY8514Ru3Pf1UICY03VpYjE8R7SxrqcvOLtwvOVew6TuCUl6RNpl\n" + - "xeC9Oa1dgf+QRXN7LvmBXUP2nOCnwJE1ENvThPLw9BXLatVJgkA/v/mYWE5VjzIL\n" + - "hboPH2fNWemUv5QMzxUkqhgHgrhr8wnhI6xYIYciGDbmmfnItHex7bxktT7axoCD\n" + - "3dTQQe01YfK/LlkHtnBmJf/t0F33m8KXcQ51fic/TR2U5Tampxp2kdFdTyvRRqMl\n" + - "igqo3EhiPmB9bKsnXDA2AnvdjZT9uFwbUu5lNxjiMQcSZikjQAjJPgjCZ9BQOGbL\n" + - "eqgZcw2CxWMxFSTLL3TIBlNL/0GpRlTvr3IGyvHEr7EESXKD+Ar8XW+4VlMc1s8F\n" + - "cdtnus71s7wm+JUSXcM0WJUkRUvWqHlPi3Ucfe7k6x6BG9Mb42ECjorefPXvFu7v\n" + - "OT4=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked-rsa-dv.ssl.com - // Issuer: CN=SSL.com RSA SSL subCA, O=SSL Corporation, L=Houston, ST=Texas, C=US - // Serial number: 3f527e677d00558272ac90d1620b67f4 - // Valid from: Fri Jun 28 07:13:48 PDT 2019 until: Sun Jun 27 07:13:48 PDT 2021 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIHVzCCBT+gAwIBAgIQP1J+Z30AVYJyrJDRYgtn9DANBgkqhkiG9w0BAQsFADBp\n" + - "MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24x\n" + - "GDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjEeMBwGA1UEAwwVU1NMLmNvbSBSU0Eg\n" + - "U1NMIHN1YkNBMB4XDTE5MDYyODE0MTM0OFoXDTIxMDYyNzE0MTM0OFowITEfMB0G\n" + - "A1UEAwwWcmV2b2tlZC1yc2EtZHYuc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD\n" + - "ggEPADCCAQoCggEBAMKtMVeo+fMoeu1nLrcwxNAdfUysNKEhNZbMUOu9pzCChEvJ\n" + - "QHUicdrIZYl9m59uKUMh3Dj2nJLZ3a0pP4iWKcOEfCVMtA83/GDJl/BVj3XFbsMl\n" + - "+HSIu7R0vQM4enOztLabnOzvE4pQOFUp8u5SKO+hmB0zQ1iWkevYjJOf5DBZ7Zsa\n" + - "uF4qy9JqSF07gj/7FNqmqnfy6Z8yc8WAMjoUJrVrvmHQZeX/bCWxczFhYmAtYlwO\n" + - "7a914VP79b3Jq60HbLbYBdILnuU1Uu5L/JbG+hm/fH2meY30aWUaKcGY04ej6xuM\n" + - "hWsLhOrmcl3P7/E5UUojaR1Zvdtsn7jkQ8Y3iOsCAwEAAaOCA0EwggM9MB8GA1Ud\n" + - "IwQYMBaAFCYUfuDc16b34tQEJ99h8cLs5zLKMHwGCCsGAQUFBwEBBHAwbjBKBggr\n" + - "BgEFBQcwAoY+aHR0cDovL3d3dy5zc2wuY29tL3JlcG9zaXRvcnkvU1NMY29tLVN1\n" + - "YkNBLVNTTC1SU0EtNDA5Ni1SMS5jcnQwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3Nw\n" + - "cy5zc2wuY29tMD0GA1UdEQQ2MDSCFnJldm9rZWQtcnNhLWR2LnNzbC5jb22CGnd3\n" + - "dy5yZXZva2VkLXJzYS1kdi5zc2wuY29tMFEGA1UdIARKMEgwCAYGZ4EMAQIBMDwG\n" + - "DCsGAQQBgqkwAQMBATAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy5zc2wuY29t\n" + - "L3JlcG9zaXRvcnkwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMDoGA1Ud\n" + - "HwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmxzLnNzbC5jb20vU1NMY29tUlNBU1NMc3Vi\n" + - "Q0EuY3JsMB0GA1UdDgQWBBSTrHG0Sh+8BEp+oP+avIGAtSdyajAOBgNVHQ8BAf8E\n" + - "BAMCBaAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AESUZS6w7s6vxEAH2Kj+\n" + - "KMDa5oK+2MsxtT/TM5a1toGoAAABa554kQsAAAQDAEcwRQIhAIfU+5HWDnqZdlMN\n" + - "Z+CEkBE8wBFUWzG0ixSQ5S1Tryt4AiAQevLU7OF3N90zIt2QpwVAIGve5lBElhMH\n" + - "fRqXTkeZZwB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABa554\n" + - "jJQAAAQDAEcwRQIhAPd8mNiDFHA74Bl16nwOPehQZmiFltzCYDsd0uHv5qCfAiB+\n" + - "S43G7Yhq62Ofma6wXsag+UEl/tttzfbfASGz1WPBOQB2AKS5CZC0GFgUh7sTosxn\n" + - "cAo8NZgE+RvfuON3zQ7IDdwQAAABa554kDoAAAQDAEcwRQIgUs8O4gQ34Sp0K4Dn\n" + - "Wh7FRFJWwZ6cGYvqmKT+UyCeVisCIQDl0AYXsn4ILMafvmJwnXlcduZ3z6P0jwGK\n" + - "Cjh26ETDFzANBgkqhkiG9w0BAQsFAAOCAgEAAtTlh2YMwe6E0+EWKU3H79NmgLjK\n" + - "xoR3VtT56ILRt0qJuJ+z1iqq/IxZBe7wnUUWU46SWmBfDEQcGI7Hdomr67QBZNZz\n" + - "+wvnatMzrCPM7jPsb05Motz99NSk6yzQzR2c030sy1d78mRKJ/4wpidNDHpjuYL9\n" + - "cBp2gKf2/RxU74+BhugCjLqB1gojGO0CT1/g5a1QMtqRMM0EPrJrrtcEM0zG48yI\n" + - "P3b57Nl2ZbshRvY9bVi3of2SaPFQgu99/zAlerPUThz4O2CskOgKt77y6KOgCbBp\n" + - "7fQF6vh/aOm0Xba2Z0CtB+uVN2g4+LwyuovOy+JyjGKv7GxRKEQmGZsRLDVpxOs5\n" + - "W47K+iuOEhTRWRkStfuk2LcCLwTrgxHv2/Wo+80ME/7wxGKs1IzlkcFtFLhaeN4p\n" + - "QsmADpcyBfeWmvTdKgaVBOE2F/nenIiKpo+0jcoMAW6JgMD+otn8gofBq+Za1N4X\n" + - "xckvLWbMDAj4lELBHXu7gLHHLJCL9GGPD5HKjH/RyLtKKaRgT/AV6jl/woKTAzGF\n" + - "SPqgNQsu+sCdUbO0nDONkXDxhfan8XNrd32KMPGucJySiyjpHkurobMuGbs/LQzd\n" + - "JLTSTIIIPpEHBk7PHRGPSFewIhi0aDhupgZLU9UGrLRw/xV/KlGqTcGFWBvvOC+I\n" + - "CSZFRr0hWBv/dfw=\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Fri Jun 28 07:25:02 PDT 2019", System.out); + private static final String VALID = "https://test-dv-rsa.ssl.com"; + private static final String REVOKED = "https://revoked-rsa-dv.ssl.com"; + private static final String CA_FINGERPRINT = + "85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class SSLCA_EV_RSA { - - // Owner: CN=SSL.com EV SSL Intermediate CA RSA R3, O=SSL Corp, L=Houston, ST=Texas, C=US - // Issuer: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US - // Serial number: 56b629cd34bc78f6 - // Valid from: Wed May 31 11:14:37 PDT 2017 until: Fri May 30 11:14:37 PDT 2042 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIG4DCCBMigAwIBAgIQA6P00GAwUqM3zjgKiDAxjDANBgkqhkiG9w0BAQsFADCB\n" + - "gjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9u\n" + - "MRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNzA1BgNVBAMMLlNTTC5jb20gRVYg\n" + - "Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EgUjIwHhcNMTkwMzI2MTc0\n" + - "NjUzWhcNMzQwMzIyMTc0NjUzWjByMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4\n" + - "YXMxEDAOBgNVBAcMB0hvdXN0b24xETAPBgNVBAoMCFNTTCBDb3JwMS4wLAYDVQQD\n" + - "DCVTU0wuY29tIEVWIFNTTCBJbnRlcm1lZGlhdGUgQ0EgUlNBIFIzMIICIjANBgkq\n" + - "hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkby+CNUTyO0wakMc6VeJxQLGcTtfwJG6\n" + - "W9MYhMBWW22YUMtfCL7at/ey89eCc0cNy9uekJqitJe78Ion5qHBLfSpahYWttzr\n" + - "LflXkdlPz6xsZuw7F/tp6oYrcUpRIX92ci0EhORtb5xoX7rwzrBnG2Jv7fPn8JGj\n" + - "wmvYPS0meVkuKGtdR/s3dkl0tDraq2xti8cN7W9VawzLDL9yNyEw2GWAp3M5Uqex\n" + - "Yjh9HY5w/4bgk7K0KSw+2njaXCEa2MugM6txHDKjocVFBe7G8JPMKkCcbbrgZo/q\n" + - "ygTnIY8q7B1XQG2wrdsu4LTo9ijIYmoZHBAKN/XCdPecQYF9cHrv6NjVUcMrNmHT\n" + - "B43NrIvrXmm3lZJU4PZNUhb7YrDtpN+rV6zSaKAu/EArGDzYv8iHKT2E+wjhwqOC\n" + - "WnXv1qSa//xvN6RSoDMpj7q7iTxfdrQqRFsr70hyPrUmnoJLrBBg1+IqFTkaNtuk\n" + - "misP4Bd0zeqkEuxYCmhKcCTM2iS9RMCIot5HI5qeAcVs63WzM+ax0zbHK1F9AIOG\n" + - "gwrVRrdwXRSXO4TlvamsL6klJMnjSCs7E1l8xeE403nZPp4RGr5ZQFrhfdG9nL7w\n" + - "66osGX+dGHGZkFjASS3Bw0RCiz4oCJxFGE+FAD7pJaV8GP6XTkaZp9n1ooYzCC48\n" + - "vq0OtfRS62MCAwEAAaOCAV8wggFbMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0j\n" + - "BBgwFoAU+WC71OPVNPa49QaAJadz20ZpqJ4wfAYIKwYBBQUHAQEEcDBuMEoGCCsG\n" + - "AQUFBzAChj5odHRwOi8vd3d3LnNzbC5jb20vcmVwb3NpdG9yeS9TU0xjb20tUm9v\n" + - "dENBLUVWLVJTQS00MDk2LVIyLmNydDAgBggrBgEFBQcwAYYUaHR0cDovL29jc3Bz\n" + - "LnNzbC5jb20wEQYDVR0gBAowCDAGBgRVHSAAMB0GA1UdJQQWMBQGCCsGAQUFBwMC\n" + - "BggrBgEFBQcDATBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY3Jscy5zc2wuY29t\n" + - "L1NTTGNvbS1Sb290Q0EtRVYtUlNBLTQwOTYtUjIuY3JsMB0GA1UdDgQWBBS/wVqH\n" + - "/yj6QT39t0/kHa+gYVgpvTAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD\n" + - "ggIBAAoTAGRea1Lg+Rlvnhj6lHbvhn9mjUlXZuI1b4d4jDDk5X29gNKhW7Rg97Qt\n" + - "oBoJaLb9gZkJ2MkUbCE1x2jIghjLmmFvaIq+nAZEMtWWEi0ycqQm8rVUHioZ2Mfn\n" + - "2SoFtQeY+5MFLO9l8IeDaNZ+LV3su8YTsh/453vExhiNhPVEqLyGlkkW0B2gNW8z\n" + - "bsRy6L5QW0cZ4gZrY86MvHB0Gl299mTJ4jcgic+Oalbz9SZJ+EiW/aUDSpZ2zawi\n" + - "ackPWmAbk0y0gouOymrwOJZTuq+AJEJ6M+WSVdknwE7YwDpVMszHXS38BS1A5N1i\n" + - "rzW3BcARHbtCb00vEy2mzW5JPM2LjkzfgJ0lBiyDCE3ZeBeUtKmcdFUFrHwHl3gV\n" + - "aRipD+xMa1hGOTh33eMzwWoRxvk6o7y73Sy6XBfycN+8LhXUZT0X8STmWtBtLSMp\n" + - "blWMjuuFyUVQvIj05N7hORY/LhdQhEx8kVwS5RkLVSpRnohdk+nI69yIA7EwZKlw\n" + - "kKEsDqlVOeDYWVWQANDC55kJ7nOyJbqtGJqImwWXdQcf37fi80cf+mKOYs5vNmkx\n" + - "D9bwFWsKnP71x0liSlv8z79vRAo8FJwTgXRNO1c0ACf0rXEJy3GRAXRWiTvuGahR\n" + - "JVM3Jnn0G6o3+vTfwa7CKR/9Jc4t25iRU3xmSgiusg4u8i5x\n" + - "-----END CERTIFICATE-----"; - - // Owner: OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Nevada, STREET=3100 Richmond Ave, - // OID.2.5.4.15=Private Organization, OID.2.5.4.17=77098, CN=test-ev-rsa.ssl.com, SERIALNUMBER=NV20081614243, - // O=SSL Corp, L=Houston, ST=Texas, C=US - // Issuer: CN=SSL.com EV SSL Intermediate CA RSA R3, O=SSL Corp, L=Houston, ST=Texas, C=US - // Serial number: 558089b221d7cd9c7a4bc4a7fd7e2969 - // Valid from: Mon Jul 01 13:28:01 PDT 2019 until: Wed Jun 30 13:28:01 PDT 2021 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIISTCCBjGgAwIBAgIQVYCJsiHXzZx6S8Sn/X4paTANBgkqhkiG9w0BAQsFADBy\n" + - "MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24x\n" + - "ETAPBgNVBAoMCFNTTCBDb3JwMS4wLAYDVQQDDCVTU0wuY29tIEVWIFNTTCBJbnRl\n" + - "cm1lZGlhdGUgQ0EgUlNBIFIzMB4XDTE5MDcwMTIwMjgwMVoXDTIxMDYzMDIwMjgw\n" + - "MVowgfExCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91\n" + - "c3RvbjERMA8GA1UECgwIU1NMIENvcnAxFjAUBgNVBAUTDU5WMjAwODE2MTQyNDMx\n" + - "HDAaBgNVBAMME3Rlc3QtZXYtcnNhLnNzbC5jb20xDjAMBgNVBBEMBTc3MDk4MR0w\n" + - "GwYDVQQPDBRQcml2YXRlIE9yZ2FuaXphdGlvbjEaMBgGA1UECQwRMzEwMCBSaWNo\n" + - "bW9uZCBBdmUxFzAVBgsrBgEEAYI3PAIBAgwGTmV2YWRhMRMwEQYLKwYBBAGCNzwC\n" + - "AQMTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmMOHfREGN48\n" + - "nlgxYiF0EJsytoM98UAslRRlGHJyZw3SLcPx9u/I82h0KKjLtnY3/o62mCoEZYlc\n" + - "1UKKEIi3NgByU8yJ0yynm3I0LJHEZqOKoahtzwP787/OtqsSsWeblrTnfxVO7G1J\n" + - "bPYrPtNuQ9ZnmByyhA+hlTIY48kJh5WtmBeftBSynuKCgpVnkv2y2LKZJc4t6JQX\n" + - "XO6Geev8LPUd2uPVjatZv0se2YKdixFQQKwWcLJV5LZqjZDhZtPomCN0sp+wle4p\n" + - "rRTZPSWRB98mI1X+UBTFGFKS9cxzO2NwmVcbgN2WYR+FpWbatoS/RThGC7mKQB7i\n" + - "5BEQHNZMawIDAQABo4IDWTCCA1UwHwYDVR0jBBgwFoAUv8Fah/8o+kE9/bdP5B2v\n" + - "oGFYKb0wfwYIKwYBBQUHAQEEczBxME0GCCsGAQUFBzAChkFodHRwOi8vd3d3LnNz\n" + - "bC5jb20vcmVwb3NpdG9yeS9TU0xjb20tU3ViQ0EtRVYtU1NMLVJTQS00MDk2LVIz\n" + - "LmNydDAgBggrBgEFBQcwAYYUaHR0cDovL29jc3BzLnNzbC5jb20wNwYDVR0RBDAw\n" + - "LoITdGVzdC1ldi1yc2Euc3NsLmNvbYIXd3d3LnRlc3QtZXYtcnNhLnNzbC5jb20w\n" + - "XwYDVR0gBFgwVjAHBgVngQwBATANBgsqhGgBhvZ3AgUBATA8BgwrBgEEAYKpMAED\n" + - "AQQwLDAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cuc3NsLmNvbS9yZXBvc2l0b3J5\n" + - "MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATBIBgNVHR8EQTA/MD2gO6A5\n" + - "hjdodHRwOi8vY3Jscy5zc2wuY29tL1NTTGNvbS1TdWJDQS1FVi1TU0wtUlNBLTQw\n" + - "OTYtUjMuY3JsMB0GA1UdDgQWBBTIDVTF3DDhdwudatuodPyHe1jcOzAOBgNVHQ8B\n" + - "Af8EBAMCBaAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1AG9Tdqwx8DEZ2JkA\n" + - "pFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABa69CQcUAAAQDAEYwRAIgEYzpfp8v+gG3\n" + - "S9cgZIuFCKPeoSM85gag8/iBJhNIb9oCIDcq+2Pi8+E3LAVmZfgcMhg30t821LNn\n" + - "PWATU5+gAmmzAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFr\n" + - "r0JCCQAABAMARjBEAiAzeyNw/2osk+xktY8VpFTsROj7jRODS2G3G2MDV6ZmMwIg\n" + - "bwuFbNxSEqUfKhveZJVVLYzZtzXcjkhflaazupumZrkAdwC72d+8H4pxtZOUI5eq\n" + - "kntHOFeVCqtS6BqQlmQ2jh7RhQAAAWuvQkGUAAAEAwBIMEYCIQCEfoPIKoy0Rv/d\n" + - "DXOVm0FzKDH2zWHN/oQZ/7gwd21hvAIhAL2gDESf+tcjCkbjdj9NpDa/fVWO9VZD\n" + - "uPPnAZ6jf2G3MA0GCSqGSIb3DQEBCwUAA4ICAQAcYH/+o9N0E3H9h0GfohGElfRw\n" + - "XPUnQI3/CZwuG0ShCbpVspvUkuR/P0Hjr9XgDVy39R9SOaEDK3/coG8/Ry56Lrm0\n" + - "17v+yeEzAVK51eQeinHoCYc9TIwmyrwt36JE/zIwnDB623Y4ccxYN5LZxjVx668/\n" + - "xj3JffaY5185qPjAqkjLUzj9TeeAJk/ws1YXbQJvO4CZV2QXrishC+dEoqvfOe/u\n" + - "sMHcMJy+cFrPhe4cC7s9fHeYTpF36yvfWrgjGwDki/9zgRhOvDuM72dIMkrcHkZi\n" + - "OvZMgyoXz/Nw3D514K9BSt6xRB2qGzI8fx0EOGzEEjX1Zdie2uVDy9aC8k8TjQAM\n" + - "v/YT7Bggpv300hWvBGw0QT8l7Nk1PZFBagAhqRCKRsR1pUZ8CyZzwNkNyUSYV4Or\n" + - "n0vYwVEgpMeSMu/ObWwWPM7QKSNcSSIV5lxmsZX+wS76OpDMHm27P94RTEePF4sG\n" + - "QmvY6hgHSlREJUL0vyGGY2Rbm3cL3zaM4qTquN18v61uUVKakELYIcRZwVTyBj5M\n" + - "KxOkjGXnLYpDOLFHD4WB1q7J+SorG43V+nbmTEN5fshGUjjWoz5ykfErnyJa1+Py\n" + - "FXWoPFb425DelhuDe94btROuJELRfzhqDXoKrhDgSQGV2qM3sk6uIPOaoH4N31ko\n" + - "C41bezSdJ5r4mif8iA==\n" + - "-----END CERTIFICATE-----"; - - // Owner: OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Nevada, STREET=3100 Richmond Ave, - // OID.2.5.4.15=Private Organization, OID.2.5.4.17=77098, CN=revoked-rsa-ev.ssl.com, SERIALNUMBER=NV20081614243, - // O=SSL Corp, L=Houston, ST=Texas, C=US - // Issuer: CN=SSL.com EV SSL Intermediate CA RSA R3, O=SSL Corp, L=Houston, ST=Texas, C=US - // Serial number: 1ea7f53492bded2d425135bdf525889f - // Valid from: Mon Jul 01 13:29:02 PDT 2019 until: Wed Jun 30 13:29:02 PDT 2021 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIIUzCCBjugAwIBAgIQHqf1NJK97S1CUTW99SWInzANBgkqhkiG9w0BAQsFADBy\n" + - "MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24x\n" + - "ETAPBgNVBAoMCFNTTCBDb3JwMS4wLAYDVQQDDCVTU0wuY29tIEVWIFNTTCBJbnRl\n" + - "cm1lZGlhdGUgQ0EgUlNBIFIzMB4XDTE5MDcwMTIwMjkwMloXDTIxMDYzMDIwMjkw\n" + - "MlowgfQxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91\n" + - "c3RvbjERMA8GA1UECgwIU1NMIENvcnAxFjAUBgNVBAUTDU5WMjAwODE2MTQyNDMx\n" + - "HzAdBgNVBAMMFnJldm9rZWQtcnNhLWV2LnNzbC5jb20xDjAMBgNVBBEMBTc3MDk4\n" + - "MR0wGwYDVQQPDBRQcml2YXRlIE9yZ2FuaXphdGlvbjEaMBgGA1UECQwRMzEwMCBS\n" + - "aWNobW9uZCBBdmUxFzAVBgsrBgEEAYI3PAIBAgwGTmV2YWRhMRMwEQYLKwYBBAGC\n" + - "NzwCAQMTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqZwW2n7\n" + - "Ot8ujRGyCkzf/FqkiIi6+mq7QXlBMsZVNmLcWzatoS9K8WOviU+lmYpdV3rkrX1v\n" + - "e/FZBwtBR/x1FRN3CPoGcO0Yu6CZjknHtyyNQ36mwUy7UW+rQKYjDfU4aXme4bP8\n" + - "Dk2rUYQtM/xpYHKDk9x7Vg4zAmk+L0LQmSU0103DRuANnxOszEK196UbLE4W+2+i\n" + - "Xat40jHW3KU2PxVfCajgB1mdrDt2b5j/qDAL+Wo2DzCtE62UPJvI6UyEqJ24jinS\n" + - "A4l4NgkMPDMWNU5QIkV/EhQvZMUKCvNUv+Gsq8pcOeDXxKpBIe/KoQSMH18mym1U\n" + - "vIaTjAzDDsWjqwIDAQABo4IDYDCCA1wwHwYDVR0jBBgwFoAUv8Fah/8o+kE9/bdP\n" + - "5B2voGFYKb0wfwYIKwYBBQUHAQEEczBxME0GCCsGAQUFBzAChkFodHRwOi8vd3d3\n" + - "LnNzbC5jb20vcmVwb3NpdG9yeS9TU0xjb20tU3ViQ0EtRVYtU1NMLVJTQS00MDk2\n" + - "LVIzLmNydDAgBggrBgEFBQcwAYYUaHR0cDovL29jc3BzLnNzbC5jb20wPQYDVR0R\n" + - "BDYwNIIWcmV2b2tlZC1yc2EtZXYuc3NsLmNvbYIad3d3LnJldm9rZWQtcnNhLWV2\n" + - "LnNzbC5jb20wXwYDVR0gBFgwVjAHBgVngQwBATANBgsqhGgBhvZ3AgUBATA8Bgwr\n" + - "BgEEAYKpMAEDAQQwLDAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cuc3NsLmNvbS9y\n" + - "ZXBvc2l0b3J5MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATBIBgNVHR8E\n" + - "QTA/MD2gO6A5hjdodHRwOi8vY3Jscy5zc2wuY29tL1NTTGNvbS1TdWJDQS1FVi1T\n" + - "U0wtUlNBLTQwOTYtUjMuY3JsMB0GA1UdDgQWBBQnclOL04VraXmRZEkhwgMbajmy\n" + - "YTAOBgNVHQ8BAf8EBAMCBaAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB3AG9T\n" + - "dqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABa69DLjEAAAQDAEgwRgIh\n" + - "AMd3B9Gt/hpTCZ+2xsOTTKBaDjh+EsMcKuwZkEpO6UN0AiEA8yiZ9ZIrCOUxsdQp\n" + - "FJi+MtsNQxvgu8igdv+l34jHZA0AdgCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDB\n" + - "tOr/XqCDDwAAAWuvQy52AAAEAwBHMEUCIQCFPALMZd6xk4NgYuTXoJGo/FRX0Wub\n" + - "VWSgTZQwld5fTQIgDDp8vajs+7R7XyKOv41xP26NQ3zR4EegwOGeb0paiIIAdQC7\n" + - "2d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWuvQy4MAAAEAwBGMEQC\n" + - "IGFiEQ8fMrjm1bV/mbT35bvJWf4mUbb92/NkHkQvHcaQAiBcS4CclZmzQLj4w6CV\n" + - "JsLf1P6+OhCDtvxWZdndGwJRczANBgkqhkiG9w0BAQsFAAOCAgEAFwE/RMAk871D\n" + - "acLlB0Jb29+WBmCgIu1pA+bh5/lMxn5KoPxkbHPFVHlfenDgZHUNU6DKH4HdCUG7\n" + - "GSAyajLiYRkcrDtBfp5MtNUAqnOJbh2NWiJ3FgSdAjfeSXPhhGfQ3U+0YCWarBfO\n" + - "xZ49eyhTzhHMoW+caJV3jC442Ebzh2X243MwcxqIkjgzWs6duiHnpHfT9gZBl3ou\n" + - "eu85LVFwzxNdrrAx1yG9PA05wCsYYlzwx7fC8ycfbvs+2ORIztiEScyr9VCg5sho\n" + - "YGuBFuP38sWRwiV5K7+EqpGjY+4R3BLWol7lzWsqWJC1J4zkd6Df5reSGBt0wlbx\n" + - "7MdUTXzHMtP8NDIYpdMBrPbkzOKIDzO6bDMsBWWFz7rWCmxUI6sSf0yknPtmBgCd\n" + - "rJAq25V/DqSRGrkaY4Dx1CPGtwYN34fCDLxKeN69rG5mkR2w7HRR5eMXek6oi3Pr\n" + - "hQrKt5NgrYjO6HJ6ABI5xoDM9doXy9BYbz5RX43RTU399aIqyXZh0d3W0rr7wggt\n" + - "+PFRU1OJqhpPQgKsB5zFT3G2HgVBD0hawHS+0Hu+CHpngiDziH+eyvTk3tdhIq2x\n" + - "oDZXs7SSZK6hf/im+7OFSkROy6CwhAn3nxRI9lpag1tTgF4kVSctBv+301ev0twX\n" + - "0w6RymKcvEbcuSDHkzOYWxc1cqwOxjA=\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Mon Jul 01 20:53:13 PDT 2019", System.out); + private static final String VALID = "https://test-ev-rsa.ssl.com"; + private static final String REVOKED = "https://revoked-rsa-ev.ssl.com"; + private static final String CA_FINGERPRINT = + "2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class SSLCA_ECC { - - // Owner: CN=SSL.com SSL Intermediate CA ECC R2, O=SSL Corp, L=Houston, ST=Texas, C=US - // Issuer: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US - // Serial number: 75e6dfcbc1685ba8 - // Valid from: Fri Feb 12 10:14:03 PST 2016 until: Tue Feb 12 10:14:03 PST 2041 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIDejCCAv+gAwIBAgIQHNcSEt4VENkSgtozEEoQLzAKBggqhkjOPQQDAzB8MQsw\n" + - "CQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24xGDAW\n" + - "BgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBSb290IENl\n" + - "cnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzAeFw0xOTAzMDcxOTQyNDJaFw0zNDAz\n" + - "MDMxOTQyNDJaMG8xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UE\n" + - "BwwHSG91c3RvbjERMA8GA1UECgwIU1NMIENvcnAxKzApBgNVBAMMIlNTTC5jb20g\n" + - "U1NMIEludGVybWVkaWF0ZSBDQSBFQ0MgUjIwdjAQBgcqhkjOPQIBBgUrgQQAIgNi\n" + - "AASEOWn30uEYKDLFu4sCjFQ1VupFaeMtQjqVWyWSA7+KFljnsVaFQ2hgs4cQk1f/\n" + - "RQ2INSwdVCYU0i5qsbom20rigUhDh9dM/r6bEZ75eFE899kSCI14xqThYVLPdLEl\n" + - "+dyjggFRMIIBTTASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFILRhXMw\n" + - "5zUE044CkvvlpNHEIejNMHgGCCsGAQUFBwEBBGwwajBGBggrBgEFBQcwAoY6aHR0\n" + - "cDovL3d3dy5zc2wuY29tL3JlcG9zaXRvcnkvU1NMY29tLVJvb3RDQS1FQ0MtMzg0\n" + - "LVIxLmNydDAgBggrBgEFBQcwAYYUaHR0cDovL29jc3BzLnNzbC5jb20wEQYDVR0g\n" + - "BAowCDAGBgRVHSAAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATA7BgNV\n" + - "HR8ENDAyMDCgLqAshipodHRwOi8vY3Jscy5zc2wuY29tL3NzbC5jb20tZWNjLVJv\n" + - "b3RDQS5jcmwwHQYDVR0OBBYEFA10Zgpen+Is7NXCXSUEf3Uyuv99MA4GA1UdDwEB\n" + - "/wQEAwIBhjAKBggqhkjOPQQDAwNpADBmAjEAxYt6Ylk/N8Fch/3fgKYKwI5A011Q\n" + - "MKW0h3F9JW/NX/F7oYtWrxljheH8n2BrkDybAjEAlCxkLE0vQTYcFzrR24oogyw6\n" + - "VkgTm92+jiqJTO5SSA9QUa092S5cTKiHkH2cOM6m\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=test-dv-ecc.ssl.com - // Issuer: CN=SSL.com SSL Intermediate CA ECC R2, O=SSL Corp, L=Houston, ST=Texas, C=US - // Serial number: 1bfbd8e4bea894f3d1887c50e7d366d7 - // Valid from: Fri Jun 28 06:58:27 PDT 2019 until: Sun Jun 27 06:58:27 PDT 2021 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIE9TCCBHqgAwIBAgIQG/vY5L6olPPRiHxQ59Nm1zAKBggqhkjOPQQDAzBvMQsw\n" + - "CQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24xETAP\n" + - "BgNVBAoMCFNTTCBDb3JwMSswKQYDVQQDDCJTU0wuY29tIFNTTCBJbnRlcm1lZGlh\n" + - "dGUgQ0EgRUNDIFIyMB4XDTE5MDYyODEzNTgyN1oXDTIxMDYyNzEzNTgyN1owHjEc\n" + - "MBoGA1UEAwwTdGVzdC1kdi1lY2Muc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49\n" + - "AwEHA0IABJ5u0b8BID+8+TKxn+os0rdwvWB7mUJ4lcCthTADMhnr1VUWBbmBEelB\n" + - "666WbvbVXooPMUbhE5JvhXCTDyI7RRmjggNHMIIDQzAfBgNVHSMEGDAWgBQNdGYK\n" + - "Xp/iLOzVwl0lBH91Mrr/fTB7BggrBgEFBQcBAQRvMG0wSQYIKwYBBQUHMAKGPWh0\n" + - "dHA6Ly93d3cuc3NsLmNvbS9yZXBvc2l0b3J5L1NTTGNvbS1TdWJDQS1TU0wtRUND\n" + - "LTM4NC1SMi5jcnQwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3Nwcy5zc2wuY29tMDcG\n" + - "A1UdEQQwMC6CE3Rlc3QtZHYtZWNjLnNzbC5jb22CF3d3dy50ZXN0LWR2LWVjYy5z\n" + - "c2wuY29tMFEGA1UdIARKMEgwCAYGZ4EMAQIBMDwGDCsGAQQBgqkwAQMBATAsMCoG\n" + - "CCsGAQUFBwIBFh5odHRwczovL3d3dy5zc2wuY29tL3JlcG9zaXRvcnkwHQYDVR0l\n" + - "BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6\n" + - "Ly9jcmxzLnNzbC5jb20vU1NMY29tLVN1YkNBLVNTTC1FQ0MtMzg0LVIyLmNybDAd\n" + - "BgNVHQ4EFgQUGCTbprTbVmmNOgJjUgiHonbu8b8wDgYDVR0PAQH/BAQDAgeAMIIB\n" + - "gQYKKwYBBAHWeQIEAgSCAXEEggFtAWsAdwCHdb/nWXz4jEOZX73zbv9WjUdWNv9K\n" + - "tWDBtOr/XqCDDwAAAWueaoEnAAAEAwBIMEYCIQCdy3N9w0pem1XShE/rkVSpHxQb\n" + - "8QdUu3E6R+oncxOGXgIhAJoWg2gJYc9DWDl5ImnrqsmVS6OPgSQRvDsjRIN9gH7a\n" + - "AHcAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFrnmqArQAABAMA\n" + - "SDBGAiEAs2yfi9e1h6dTQbe4WPd7+5qf7kvP7Vr2k0nAtBS1IgECIQCQYL9he9J4\n" + - "Bh5cpQezTVPgLAOGcf5xIcCrBs1QJe66/AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4\n" + - "cCUIFy+jqh0HE9MMAAABa55qgaEAAAQDAEgwRgIhAI/27txsvzpbBXkMICi/UOzE\n" + - "t8uZidbF9KSwmGRPT/6gAiEAhm/VeWHDeWK8gFMU+f0/x4jK7UbzySGBvPzbPpNd\n" + - "EDwwCgYIKoZIzj0EAwMDaQAwZgIxAJKn8Hr68Z/2rA+VHfZo8eeIFaZ3nvSvQO92\n" + - "1Byl6cPAm8DsdCnYT16uNSL8Zb5IQAIxAOFLsqPDCSAYkpgutAnVgwI+c549SIRU\n" + - "k8ol+wUx6zgMmt8VHYagyj6IO0GRDjm/eA==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked-ecc-dv.ssl.com - // Issuer: CN=SSL.com SSL Intermediate CA ECC R2, O=SSL Corp, L=Houston, ST=Texas, C=US - // Serial number: 423c2b57dfa379d0c45ffceb6284ed99 - // Valid from: Fri Jun 28 07:09:30 PDT 2019 until: Sun Jun 27 07:09:30 PDT 2021 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIE+TCCBH+gAwIBAgIQQjwrV9+jedDEX/zrYoTtmTAKBggqhkjOPQQDAzBvMQsw\n" + - "CQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24xETAP\n" + - "BgNVBAoMCFNTTCBDb3JwMSswKQYDVQQDDCJTU0wuY29tIFNTTCBJbnRlcm1lZGlh\n" + - "dGUgQ0EgRUNDIFIyMB4XDTE5MDYyODE0MDkzMFoXDTIxMDYyNzE0MDkzMFowITEf\n" + - "MB0GA1UEAwwWcmV2b2tlZC1lY2MtZHYuc3NsLmNvbTBZMBMGByqGSM49AgEGCCqG\n" + - "SM49AwEHA0IABH4nWtnAwPIdcQOSNI72IJJ/I1ZL2XQUAfa3ox5taFQQAalng6N9\n" + - "Od9t9de1vIMDzUvs5sMWw4YrqAlywFKMraajggNJMIIDRTAfBgNVHSMEGDAWgBQN\n" + - "dGYKXp/iLOzVwl0lBH91Mrr/fTB7BggrBgEFBQcBAQRvMG0wSQYIKwYBBQUHMAKG\n" + - "PWh0dHA6Ly93d3cuc3NsLmNvbS9yZXBvc2l0b3J5L1NTTGNvbS1TdWJDQS1TU0wt\n" + - "RUNDLTM4NC1SMi5jcnQwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3Nwcy5zc2wuY29t\n" + - "MD0GA1UdEQQ2MDSCFnJldm9rZWQtZWNjLWR2LnNzbC5jb22CGnd3dy5yZXZva2Vk\n" + - "LWVjYy1kdi5zc2wuY29tMFEGA1UdIARKMEgwCAYGZ4EMAQIBMDwGDCsGAQQBgqkw\n" + - "AQMBATAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy5zc2wuY29tL3JlcG9zaXRv\n" + - "cnkwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMEQGA1UdHwQ9MDswOaA3\n" + - "oDWGM2h0dHA6Ly9jcmxzLnNzbC5jb20vU1NMY29tLVN1YkNBLVNTTC1FQ0MtMzg0\n" + - "LVIyLmNybDAdBgNVHQ4EFgQUY7q+xN9nV1nPQ/dJ5rUC8OKgaoMwDgYDVR0PAQH/\n" + - "BAQDAgeAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdQBElGUusO7Or8RAB9io\n" + - "/ijA2uaCvtjLMbU/0zOWtbaBqAAAAWuedJ/tAAAEAwBGMEQCIGPBF546Tn/lzB22\n" + - "ICpFLOWOIyIOPwL9S4ikS8Vt1aFTAiBe8mp/WCJnV7WxMIVWEUSLVOYn7erwyu6D\n" + - "hWNIST4W8wB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABa550\n" + - "oQEAAAQDAEcwRQIhAJ3nwLI7kLP2SKicFKuJoqRYKE/FR2Ff65WL+iWxm/6nAiAJ\n" + - "cd9EKnBETwM9qQfKoSSs2oTQL4QjSKJZi/sPfKQaagB2ALvZ37wfinG1k5Qjl6qS\n" + - "e0c4V5UKq1LoGpCWZDaOHtGFAAABa550oH4AAAQDAEcwRQIhAIo6k5BMSFN3FnD4\n" + - "UFbyJJG/Bujh+OFTYzVM8vuIBoU0AiAhBe+air4wHvd68ykK6xOPv9Qshje9F6LC\n" + - "gxTqbMOEkDAKBggqhkjOPQQDAwNoADBlAjEAyayBtbcCQB0fE+cCc7OHLuNvb9tl\n" + - "uiHWy/Ika6IA72WJLLmED971ik08OMa2mGt4AjAklxdElQ5Z/nSeJ2CNEwD7pcYz\n" + - "468kkrMoGU2lk3QmwcXZscPIoh4Pwew6QteY4J0=\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Fri Jun 28 07:59:20 PDT 2019", System.out); + private static final String VALID = "https://test-dv-ecc.ssl.com"; + private static final String REVOKED = "https://revoked-ecc-dv.ssl.com"; + private static final String CA_FINGERPRINT = + "34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java index 3dc0c94abc266..9691b0e9c993a 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,174 +22,44 @@ */ /* - * @test + * @test id=OCSP * @bug 8210432 - * @summary Interoperability tests with TeliaSonera Root CA v1 - * @build ValidatePathWithParams - * @run main/othervm -Djava.security.debug=certpath TeliaSoneraCA OCSP - * @run main/othervm -Djava.security.debug=certpath TeliaSoneraCA CRL + * @summary Interoperability tests with TeliaSonera Root CA v1 using OCSP + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL + * @run main/othervm TeliaSoneraCA OCSP */ /* - * Obtain TLS test artifacts for TeliaSonera Root CA v1 from: - * - * Valid TLS Certificates: - * https://juolukka.cover.sonera.net:10443/ - * - * Revoked TLS Certificates: - * https://juolukka.cover.sonera.net:10444/ + * @test id=CRL + * @bug 8210432 + * @summary Interoperability tests with TeliaSonera Root CA v1 using CRL + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL + * @run main/othervm TeliaSoneraCA CRL */ -public class TeliaSoneraCA { - // Owner: CN=TeliaSonera Server CA v2, O=TeliaSonera, C=FI - // Issuer: CN=TeliaSonera Root CA v1, O=TeliaSonera - private static final String INT = "-----BEGIN CERTIFICATE-----\n" - + "MIIHHjCCBQagAwIBAgIQTEYq9tv794BPhMF8/qlytjANBgkqhkiG9w0BAQsFADA3\n" - + "MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9v\n" - + "dCBDQSB2MTAeFw0xNDEwMTYwODA5NTdaFw0zMjEwMTYwNTA0MDBaMEYxCzAJBgNV\n" - + "BAYTAkZJMRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEhMB8GA1UEAwwYVGVsaWFTb25l\n" - + "cmEgU2VydmVyIENBIHYyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n" - + "rwQN5rfRLbVAiYWLJF9SI4YLm8oqrtf8OjGybgoLyiMIo8nhY/atuGRFWCQNOnUK\n" - + "caZn29C360PlC5yYrsrSHuouROisqHSJcgA7HvV+37Rcry7daeDj6rfyx4yI5dmj\n" - + "LwHkK0j1NzhX1JxFDgPeLNuebgzv/j8OfRhYK/BttpystC4Zgm3gZheKDjYsDS5D\n" - + "gjffuOysP3vewrcuw0EIZFx+HawuwNBLq4tMf4VSitYDHJSLIM2TeXZGGY5slTbT\n" - + "yLnrU5mIzG9WKqxyy7qHuFw1JtlAXkCLmUEVaF9M+dRPiGIjlDrpBgbDD9mT2CSk\n" - + "V/XG1696/voY5xB8KNIC1cOSmSO7kdJyR5tWiDIJiwMXrTwG+kZiqlbcKDsZeJ9p\n" - + "5bZxXO0pEpde3wgEYRvFr5Cx4vcz4h5pom9coJOCW9tqXU43KcueTrt4Ks9f92q1\n" - + "ehjyEnCh0BCdrjUOXsUtFosm9qxJnDwVlThYhS9EHuCTNBgj1Yxj6A+8fwwJP9DN\n" - + "CbWQx5afT+h+9FNDNRC/nEcesP1Yh9s15Se270pQW0CejUNziYG7Dft7T+PVH/fU\n" - + "zaWU8g0tJjtuQgiCWVqw4WkUmYY2S0R89zAotcpz2mvNO8ma2iJbubHi3c0ULfHH\n" - + "nkWKsdpzZmK4N0Wi6/V5yWdmL5RFkFecL8r7+9OtCB0CAwEAAaOCAhUwggIRMIGK\n" - + "BggrBgEFBQcBAQR+MHwwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnRydXN0LnRl\n" - + "bGlhc29uZXJhLmNvbTBLBggrBgEFBQcwAoY/aHR0cDovL3JlcG9zaXRvcnkudHJ1\n" - + "c3QudGVsaWFzb25lcmEuY29tL3RlbGlhc29uZXJhcm9vdGNhdjEuY2VyMBIGA1Ud\n" - + "EwEB/wQIMAYBAf8CAQAwVQYDVR0gBE4wTDBKBgwrBgEEAYIPAgMBAQIwOjA4Bggr\n" - + "BgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlhc29uZXJhLmNv\n" - + "bS9DUFMwDgYDVR0PAQH/BAQDAgEGMIHGBgNVHR8Egb4wgbswQKA+oDyGOmh0dHA6\n" - + "Ly9jcmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2\n" - + "MS5jcmwwd6B1oHOGcWxkYXA6Ly9jcmwtMS50cnVzdC50ZWxpYXNvbmVyYS5jb20v\n" - + "Y249VGVsaWFTb25lcmElMjBSb290JTIwQ0ElMjB2MSxvPVRlbGlhU29uZXJhP2Nl\n" - + "cnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q7YmluYXJ5MB0GA1UdDgQWBBQvSTwpT9cH\n" - + "JfnGjNVk9WY9EoMilTAfBgNVHSMEGDAWgBTwj1k4ALP1j5qWDNXr+nuqF+gTEjAN\n" - + "BgkqhkiG9w0BAQsFAAOCAgEAg9EVFW6ioZ2ctrX8KqvW9XPYZR01yNgqlO7pwBWf\n" - + "HzuBCbUdyVzumfQnU24Sce92oMtEfyuxIOmhvoXU7LpnYlH3Q29UGP5dL0D3edGz\n" - + "HeU6Tf8bkcOEHtnTrkd+y+rfFSDWYl9r1y993NAcrBHhroQCE53mlrO7TjXa3zDq\n" - + "6LGR8T8VgvGw0IBz6mzAks0wMYB0b4uREPmWXi+m+RqG3lnpl+eBzz6YVLkxIYMq\n" - + "QIXJIBsu4/ybmadsfdql6E8Lo3dKVD4UG10mtd+iPbJiBiW/a9VbEe3NVKIv4H2y\n" - + "HqYcxDXAeUI66E3K2cjCmKoQaa0Ywt02ikZFd0v1OWNPS7YWbEJWkVR1PcPMESK9\n" - + "6HKI4xhG2tJesmXjQ8q8aSx2u79Zts3ewjKqTmurf6FXW3u9TpSCUe6Drr/3X7Ve\n" - + "nBy4M0sLwCecD/L9gjTa+EItQTYzCkpxiMO49tQdX/BpwgWju4Kg3qkaBNTzvSlk\n" - + "gdnRJqCUkVuzwK4yBqUoyRz3prlhvvRGdZJKf6IXRDhncpey5pm0PQYQ4cArx7Go\n" - + "AaAKz0ZTHOKjnM2KIdUhBJQybL7oPklSfkeMWoUoYED6R4YMTt/JXX4ixEb5DgDJ\n" - + "0F+bNcF7qGrJTkTx0Ccy4BuuY05hJckd72E7WdmjN7DDeosghgWZNV/6D7N5tfxo\n" - + "nlU=\n" - + "-----END CERTIFICATE-----"; - - // Owner: CN=juolukka.cover.sonera.net, OU=security, O=Telia Finland Oyj, L=helsinki, C=FI - // Issuer: CN=TeliaSonera Server CA v2, O=TeliaSonera, C=FI - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIHiDCCBXCgAwIBAgIPAWOq14hk136UDQY3WSjLMA0GCSqGSIb3DQEBCwUAMEYx\n" + - "CzAJBgNVBAYTAkZJMRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEhMB8GA1UEAwwYVGVs\n" + - "aWFTb25lcmEgU2VydmVyIENBIHYyMB4XDTE4MDUyOTA3NDA0MVoXDTE5MDUyOTA3\n" + - "NDA0MVowczELMAkGA1UEBhMCRkkxETAPBgNVBAcMCGhlbHNpbmtpMRowGAYDVQQK\n" + - "DBFUZWxpYSBGaW5sYW5kIE95ajERMA8GA1UECwwIc2VjdXJpdHkxIjAgBgNVBAMM\n" + - "GWp1b2x1a2thLmNvdmVyLnNvbmVyYS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" + - "DwAwggEKAoIBAQDLks9F8ZUqV9G4jn3fY234OX09Dmqqtuk0qAmjWpF0JAn2o64t\n" + - "whVxFLx9e2IwUPTQgyo6FwRsiT19m99BhgxYnJOxVRwURxSL3mqlV9gX4oFMmT4O\n" + - "EOYEjaJXi8ne1pJX80y2hVQ48XqgODnKdKZVwa5YoeWZQJiaq+C5JkMDN8qzpiyQ\n" + - "X3EfJspLkKy2E+UVxWmfnyf0v70ES9TQ8qgxwvsf7LRZ8Jixq7TTO5VbqWsdBvJC\n" + - "9Zm2aBOYJ7ptSZQ5YDfeUJG2c9S/zFmngoPnTrvAZwUeU3YTrbdZQy899ZOatWac\n" + - "6lHUYU2EagEmbj/jtIvJ6wMbzhleIXRQFWibAgMBAAGjggNEMIIDQDAfBgNVHSME\n" + - "GDAWgBQvSTwpT9cHJfnGjNVk9WY9EoMilTAdBgNVHQ4EFgQUbMozh4osL4gFJvb5\n" + - "baELpQSKEhIwDgYDVR0PAQH/BAQDAgSwME4GA1UdIARHMEUwQwYGZ4EMAQICMDkw\n" + - "NwYIKwYBBQUHAgEWK2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlhc29uZXJh\n" + - "LmNvbS9DUFMwJAYDVR0RBB0wG4IZanVvbHVra2EuY292ZXIuc29uZXJhLm5ldDBN\n" + - "BgNVHR8ERjBEMEKgQKA+hjxodHRwOi8vY3JsLTMudHJ1c3QudGVsaWFzb25lcmEu\n" + - "Y29tL3RlbGlhc29uZXJhc2VydmVyY2F2Mi5jcmwwHQYDVR0lBBYwFAYIKwYBBQUH\n" + - "AwIGCCsGAQUFBwMBMIGGBggrBgEFBQcBAQR6MHgwJwYIKwYBBQUHMAGGG2h0dHA6\n" + - "Ly9vY3NwLnRydXN0LnRlbGlhLmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL3JlcG9z\n" + - "aXRvcnkudHJ1c3QudGVsaWFzb25lcmEuY29tL3RlbGlhc29uZXJhc2VydmVyY2F2\n" + - "Mi5jZXIwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AG9Tdqwx8DEZ2JkApFEV\n" + - "/3cVHBHZAsEAKQaNsgiaN9kTAAABY6rXpS0AAAQDAEcwRQIgfMLEFYxQcncL3am/\n" + - "W2x7DMZ1+Vh1tDLw/0qIQB40VBQCIQC1eyF8Q6CcQs+gIgzpy7OiZSosSlykyOgW\n" + - "qHkj/0UPygB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABY6rX\n" + - "pLEAAAQDAEgwRgIhAJxveFVsFrfttSJIxHsMPAvvevptaV2CxsGwubAi8wDDAiEA\n" + - "jNbbYfUiYtmQ5v4yc6T+GcixztNIlMzQ7OTK+u9zqSoAdgBVgdTCFpA2AUrqC5tX\n" + - "PFPwwOQ4eHAlCBcvo6odBxPTDAAAAWOq16YXAAAEAwBHMEUCIQCCkCL2zn/AoMVI\n" + - "BdsoJelUBLsAnQ+GlIafiyZYcCwhBAIgdsFM05eNmL5hfn3+WtfgmipwcK1qp7kO\n" + - "ONzO69aqrnEwDQYJKoZIhvcNAQELBQADggIBAIl5UWSwCXF85+2lU6t89K7I4TvZ\n" + - "Ggof0NLngea9qxBq00opfnl9i2LPRnsjh9s3iA29i2daTEuJn3qt3Ygcm27Jd7WM\n" + - "5StcxQ483GAaL5s5m2QqkZB8eLfez3tIyCMGCAyixBDNRNPVI4xZr6sSOenWtipo\n" + - "gMt+/gvRIMdMT79IXPFz4W9RWCwnfJNOlfH2OkS3KZYaPSaEvs6sfMW1DDZosrBy\n" + - "6F+DITPLllOVSE4+PTxvXLKVy+srFwF1VocQXKkWMHQ7AfWNnOGzb7B1qg7gsw0n\n" + - "axqinyCjkhMpHpcVtmD9Pi15HLFDIy9yI2S+FHJQfhUSmM/LdCWzQpnee6/Wo+uw\n" + - "p0Jg2v6v9GGaqfpuiVJPFN9dOv3OjMU7DL5lgMRWFRo2T8+wBHXDyBhT0W0y5kRJ\n" + - "eWA7t6CnkziHuaOihZAHUH3nn5exjqUFVS0ThbF6hxN7HAlq/xIbTKlZjkLlc14W\n" + - "fB8vkxJyy/tgBZ4dCj9Y1Y32d4eFT5JZJgqgkN59SmX56BswNXncGrk/vWZFFx+g\n" + - "9dgb8QSe8KseD1iSLc7SsqVDv8NPYdaI3eZ90W8Wv0/CDls321O6UbAmURzQwFGB\n" + - "w8WnteoVBi6Wf6M1TxIfJsXBYeIN0BB6AYc8cmZIOtx2C8aH4JJT45MyFnBv3ac5\n" + - "Ahs9pGn/+K+5yb2e\n" + - "-----END CERTIFICATE-----"; +public class TeliaSoneraCA { - // Owner: CN=juolukka.cover.sonera.net, OU=Security, O=TeliaSonera Finland, L=Helsinki, C=FI - // Issuer: CN=TeliaSonera Server CA v2, O=TeliaSonera, C=FI - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIGEDCCA/igAwIBAgIRAKWJTjs6v04ZTyb2wJxfnJswDQYJKoZIhvcNAQELBQAw\n" + - "RjELMAkGA1UEBhMCRkkxFDASBgNVBAoMC1RlbGlhU29uZXJhMSEwHwYDVQQDDBhU\n" + - "ZWxpYVNvbmVyYSBTZXJ2ZXIgQ0EgdjIwHhcNMTYxMjIzMDcwMTQ2WhcNMTkxMjIz\n" + - "MDcwMTQ2WjB1MQswCQYDVQQGEwJGSTERMA8GA1UEBwwISGVsc2lua2kxHDAaBgNV\n" + - "BAoME1RlbGlhU29uZXJhIEZpbmxhbmQxETAPBgNVBAsMCFNlY3VyaXR5MSIwIAYD\n" + - "VQQDDBlqdW9sdWtrYS5jb3Zlci5zb25lcmEubmV0MIIBIjANBgkqhkiG9w0BAQEF\n" + - "AAOCAQ8AMIIBCgKCAQEAt2u92TgTFdm1OEfmWFPe+ESBi+2ox4y1EDoin8RydMyO\n" + - "DI6+0HHnKfDZa1YViI5b6MLJKWIAyUszAg5hc0S3upElfSsBvUW6zuQTxMi2vTYE\n" + - "4tcqwIEyCUaiv4wC+DuO5CyGR32yR6HB/W5Ny200dPs2SO03ESEJ+LH4Tw5AI8JJ\n" + - "UZHW+lA+yUHnlc3q47svpbspjt0C/THyukd1hbXTBB0mPXqPux+ClvtZBWUJb7ti\n" + - "1cPfcCNd79KRObzcgxqcOIaUFz4LjjKezhzVSL7tJOANOHZ09qDeOAkk/X9POx4h\n" + - "a5XyWfH1zaQ0QlZ2mKBeHebCIJkgTZZVipagRVOgcwIDAQABo4IByDCCAcQwgY0G\n" + - "CCsGAQUFBwEBBIGAMH4wLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnRydXN0LnRl\n" + - "bGlhc29uZXJhLmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL3JlcG9zaXRvcnkudHJ1\n" + - "c3QudGVsaWFzb25lcmEuY29tL3RlbGlhc29uZXJhc2VydmVyY2F2Mi5jZXIwHwYD\n" + - "VR0jBBgwFoAUL0k8KU/XByX5xozVZPVmPRKDIpUwTgYDVR0gBEcwRTBDBgZngQwB\n" + - "AgIwOTA3BggrBgEFBQcCARYraHR0cDovL3JlcG9zaXRvcnkudHJ1c3QudGVsaWFz\n" + - "b25lcmEuY29tL0NQUzBNBgNVHR8ERjBEMEKgQKA+hjxodHRwOi8vY3JsLTMudHJ1\n" + - "c3QudGVsaWFzb25lcmEuY29tL3RlbGlhc29uZXJhc2VydmVyY2F2Mi5jcmwwHQYD\n" + - "VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIEsDAkBgNV\n" + - "HREEHTAbghlqdW9sdWtrYS5jb3Zlci5zb25lcmEubmV0MB0GA1UdDgQWBBSa+vJH\n" + - "I6Lt9Aqw5ondhoZu4/IJezANBgkqhkiG9w0BAQsFAAOCAgEASRK1l1MZb/IRlyi+\n" + - "XjfZcxJdFuNzW2kpZstW6Ni2XiD3p7aROBfDFtu7GajzZHb6p76auDb4NwJgeE/3\n" + - "6gnXoIK00HwpF2RAhxDpkF8r3q0jSqGhSv/xz9Nx7JBzgqfSw3Ha4ohioIed3uc+\n" + - "nMDyvVenio4GYgtxIIubSybCxMv/lBA/S4daIVCYK3VOoBbM2F36ecAKvRU5vIWM\n" + - "urXsfANL3u4qgJpaM0DclzFsOkVsRPffzToko/Nr6pGXYjt47IzTRlwLMnLehoZW\n" + - "ZZMGMVVOlR7XGf81UjWB6OsKeoQ4FWgcb/rIJcZusm+LqvnsCHuC3gtuC2nGA7lr\n" + - "fseUlG7QZN9/QfUIyvL69wAzeVj1cUcd7GHcAH9DyZJfI8orv4PyUvitDdgISkFu\n" + - "GZ562O7cGmCv00/6I4t0z9wZal8a5lRDoKXAYy+u/adrO1JjLwi11y/DTw9LQ7sJ\n" + - "gVP/v2GsI0ajF9A6z33UHN9uxXZVmQNvOiMkcJiGLovFgu5zxoAg2W3pHjbBbeL8\n" + - "v5MPqgsKafgzaSRtXBBvaISHi9hhRR8v/qSwO3NyLm8uAhQD4x+OPHrmQ/s16j45\n" + - "Ib53UHj1k6byXGUqDgzFBsmEPV6Shf2C4/HcRHpAX8wQx3xVwDtRzDpNUR6vnNfi\n" + - "PwzRU1xsQKd8llmgl4l+fYV0tBA=\n" + - "-----END CERTIFICATE-----"; + private static final String VALID = "https://juolukka.cover.sonera.net:10443/"; + private static final String REVOKED = "https://juolukka.cover.sonera.net:10444/"; + private static final String CA_FINGERPRINT = + "DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89"; public static void main(String[] args) throws Exception { - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(); if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); + validatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPCheck(); + validatePathWithURL.enableOCSPOnly(); } - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Thu Dec 22 23:14:55 PST 2016", System.out); - - // reset validation date back to current date - pathValidator.resetValidationDate(); + validatePathWithURL.validateDomain(VALID, false, CA_FINGERPRINT); + validatePathWithURL.validateDomain(REVOKED, true, CA_FINGERPRINT); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java new file mode 100644 index 0000000000000..1feabb3cde500 --- /dev/null +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java @@ -0,0 +1,168 @@ +/* + * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jtreg.SkippedException; + +import javax.net.ssl.*; +import java.io.IOException; +import java.net.URL; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.Security; +import java.security.cert.*; +import java.util.HexFormat; + +public class ValidatePathWithURL { + private static MessageDigest md; + private static final HexFormat HEX = HexFormat.ofDelimiter(":").withUpperCase(); + + public ValidatePathWithURL() throws NoSuchAlgorithmException { + System.setProperty("com.sun.net.ssl.checkRevocation", "true"); + Security.setProperty("ssl.TrustManagerFactory.algorithm", "SunPKIX"); + + // some test sites don't have correct hostname specified in test certificate + HttpsURLConnection.setDefaultHostnameVerifier(new CustomHostnameVerifier()); + + md = MessageDigest.getInstance("SHA-256"); + } + + public void enableOCSPOnly() { + System.setProperty("com.sun.security.enableCRLDP", "false"); + Security.setProperty("ocsp.enable", "true"); + } + + public void enableCRLOnly() { + System.setProperty("com.sun.security.enableCRLDP", "true"); + } + + public void enableOCSPAndCRL() { + System.setProperty("com.sun.security.enableCRLDP", "true"); + Security.setProperty("ocsp.enable", "true"); + } + + public void validateDomain(final String testURL, + final boolean revokedCert, + final String fingerPrint) throws CertificateEncodingException { + System.out.println(); + System.out.println("===== Validate " + testURL + "====="); + if (!validateDomainCertChain(testURL, revokedCert, fingerPrint)) { + throw new RuntimeException("Failed to validate " + testURL); + } + System.out.println("======> SUCCESS"); + } + + private boolean validateDomainCertChain(final String testURL, + final boolean revokedCert, + final String fingerPrint) + throws CertificateEncodingException { + HttpsURLConnection httpsURLConnection = null; + try { + URL url = new URL(testURL); + httpsURLConnection = (HttpsURLConnection) url.openConnection(); + httpsURLConnection.setInstanceFollowRedirects(false); + httpsURLConnection.connect(); + + // certain that test certificate anchors to trusted CA for VALID certificate + // if the connection is successful + /*Certificate[] chain = + httpsURLConnection.getSSLSession().get().getPeerCertificates(); + httpsURLConnection.disconnect(); + X509Certificate rootCert = null; + + // fail if there is no intermediate CA + if (chain.length < 3) { + throw new RuntimeException("Cert chain too short " + chain.length); + } else { + System.out.println("Finding root certificate..." + chain.length); + for (Certificate cert: chain){ + if(cert instanceof X509Certificate) { + X509Certificate certificate = (X509Certificate) cert; + System.out.println("Checking: " + certificate.getSubjectX500Principal()); + System.out.println("Checking2: " + certificate.getIssuerX500Principal()); + if (certificate.getSubjectX500Principal().equals(certificate.getIssuerX500Principal())) { + rootCert = certificate; + break; + } + } else { + throw new RuntimeException("Certificate not X509"); + } + } + } + + if (rootCert == null){ + throw new RuntimeException("Root CA not found in the chain"); + } + + // validate root CA serial number + System.out.println("Found root CA: " + rootCert.getSubjectX500Principal()); + byte[] digest = md.digest(rootCert.getEncoded()); + if(!fingerPrint.equals(HEX.formatHex(digest))) { + System.out.println("Expected fingerprint: " + fingerPrint); + System.out.println("Actual fingerprint: " + HEX.formatHex(digest)); + throw new RuntimeException("Root CA serial doesn't match"); + }*/ + } catch (SSLHandshakeException e) { + System.out.println("SSLHandshakeException: " + e.getMessage()); + Throwable cause = e.getCause(); + + while (cause != null) { + if (cause instanceof CertPathValidatorException cpve) { + if (cpve.getReason() == CertPathValidatorException.BasicReason.REVOKED + || cpve.getCause() instanceof CertificateRevokedException) { + System.out.println("Certificate is revoked"); + if (revokedCert) { + return true; + } + } else if (cpve.getReason() == CertPathValidatorException.BasicReason.EXPIRED + || cpve.getCause() instanceof CertificateExpiredException) { + System.out.println("Certificate is expired"); + throw new SkippedException("Certificate is expired, skip the test"); + } + break; + } + cause = cause.getCause(); + } + + throw new RuntimeException("Unknown exception", e); + } catch (SSLException e) { + // thrown if root CA is not included in cacerts + throw new RuntimeException(e); + } catch (IOException e) { + throw new SkippedException("Network setup issue, skip this test", e); + } finally { + if(httpsURLConnection != null) { + httpsURLConnection.disconnect(); + } + } + + return !revokedCert; + } + + private class CustomHostnameVerifier implements HostnameVerifier { + @Override + public boolean verify(String hostname, SSLSession session) { + // Allow any hostname + return true; + } + } +} From efbe0793d4cd67e0f4cade8d576447985034b974 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Wed, 31 May 2023 11:01:37 -0700 Subject: [PATCH 02/17] 8308592: Update CA interop tests --- .../certification/AmazonCA.java | 496 ++------------ .../certification/GoogleCA.java | 607 ++---------------- .../certification/MicrosoftTLS.java | 327 +--------- .../certification/TWCAGlobalCA.java | 176 +---- 4 files changed, 168 insertions(+), 1438 deletions(-) diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java index 3232be7b170d4..9be497eaf1cd6 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,480 +22,96 @@ */ /* - * @test + * @test id=OCSP * @bug 8233223 * @summary Interoperability tests with Amazon's CA1, CA2, CA3, and CA4 - * @build ValidatePathWithParams + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath AmazonCA OCSP + */ + +/* + * @test id=CRL + * @bug 8233223 + * @summary Interoperability tests with Amazon's CA1, CA2, CA3, and CA4 + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath AmazonCA CRL */ +import java.security.cert.CertificateEncodingException; + /* * Obtain TLS test artifacts for Amazon CAs from: * - * Amazon Root CA 1 - * Valid - https://good.sca1a.amazontrust.com/ - * Revoked - https://revoked.sca1a.amazontrust.com/ - * Amazon Root CA 2 - * Valid - https://good.sca2a.amazontrust.com/ - * Revoked - https://revoked.sca2a.amazontrust.com/ - * Amazon Root CA 3 - * Valid - https://good.sca3a.amazontrust.com/ - * Revoked - https://revoked.sca3a.amazontrust.com/ - * Amazon Root CA 4 - * Valid - https://good.sca4a.amazontrust.com/ - * Revoked - https://revoked.sca4a.amazontrust.com/ + * https://www.amazontrust.com/repository/ */ public class AmazonCA { public static void main(String[] args) throws Exception { - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); - boolean ocspEnabled = false; + ValidatePathWithURL pathValidator = new ValidatePathWithURL(); if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); + pathValidator.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPCheck(); - ocspEnabled = true; + pathValidator.enableOCSPOnly(); } - new AmazonCA_1().runTest(pathValidator, ocspEnabled); - new AmazonCA_2().runTest(pathValidator, ocspEnabled); - new AmazonCA_3().runTest(pathValidator, ocspEnabled); - new AmazonCA_4().runTest(pathValidator, ocspEnabled); + new AmazonCA_1().runTest(pathValidator); + new AmazonCA_2().runTest(pathValidator); + new AmazonCA_3().runTest(pathValidator); + new AmazonCA_4().runTest(pathValidator); } } class AmazonCA_1 { - - // Owner: CN=Amazon, OU=Server CA 1A, O=Amazon, C=US - // Issuer: CN=Amazon Root CA 1, O=Amazon, C=US - // Serial number: 67f9457508c648c09ca652e71791830e72592 - // Valid from: Wed Oct 21 17:00:00 PDT 2015 until: Sat Oct 18 17:00:00 PDT 2025 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIERzCCAy+gAwIBAgITBn+UV1CMZIwJymUucXkYMOclkjANBgkqhkiG9w0BAQsF\n" + - "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\n" + - "b24gUm9vdCBDQSAxMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjEL\n" + - "MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENB\n" + - "IDFBMQ8wDQYDVQQDEwZBbWF6b24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + - "AoIBAQCeQM3XCsIZunv8bSJxOqkc/ed87uL76FDB7teBNThDRB+1J7aITuadbNfH\n" + - "5ZfZykrdZ1qQLKxP6DwHOmJr9u2b4IxjUX9qUMuq4B02ghD2g6yU3YivEosZ7fpo\n" + - "srD2TBN29JpgPGrOrpOE+ArZuIpBjdKFinemu6fTDD0NCeQlfyHXd1NOYyfYRLTa\n" + - "xlpDqr/2M41BgSkWQfSPHHyRWNQgWBiGsIQaS8TK0g8OWi1ov78+2K9DWT+AHgXW\n" + - "AanjZK91GfygPXJYSlAGxSiBAwH/KhAMifhaoFYAbH0Yuohmd85B45G2xVsop4TM\n" + - "Dsl007U7qnS7sdJ4jYGzEvva/a95AgMBAAGjggE5MIIBNTASBgNVHRMBAf8ECDAG\n" + - "AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUYtRCXoZwdWqQvMa40k1g\n" + - "wjS6UTowHwYDVR0jBBgwFoAUhBjMhTTsvAyUlC4IWZzHshBOCggwewYIKwYBBQUH\n" + - "AQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5yb290Y2ExLmFtYXpvbnRy\n" + - "dXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5yb290Y2ExLmFtYXpvbnRy\n" + - "dXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3Js\n" + - "LnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTEuY3JsMBEGA1UdIAQKMAgw\n" + - "BgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEAMHbSWHRFMzGNIE0qhN6gnRahTrTU\n" + - "CDPwe7l9/q0IA+QBlrpUHnlAreetYeH1jB8uF3qXXzy22gpBU7NqulTkqSPByT1J\n" + - "xOhpT2FpO5R3VAdMPdWfSEgtrED0jkmyUQrR1T+/A+nBLdJZeQcl+OqLgeY790JM\n" + - "JJTsJnnI6FBWeTGhcDI4Y+n3KS3QCVePeWI7jx1dhrHcXH+QDX8Ywe31hV7YENdr\n" + - "HDpUXrjK6eHN8gazy8G6pndXHFwHp4auiZbJbYAk/q1peOTRagD2JojcLkm+i3cD\n" + - "843t4By6YT/PVlePU2PCWejkrJQnKQAPOov7IA8kuO2RDWuzE/zF6Hotdg==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=good.sca1a.amazontrust.com - // Issuer: CN=Amazon, OU=Server CA 1A, O=Amazon, C=US - // Serial number: 75a5dd4b767bedc94a4239da65ed9dfef8218 - // Valid from: Fri Dec 17 12:21:50 PST 2021 until: Tue Jan 17 12:21:50 PST 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIEIDCCAwigAwIBAgITB1pd1LdnvtyUpCOdpl7Z3++CGDANBgkqhkiG9w0BAQsF\n" + - "ADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2\n" + - "ZXIgQ0EgMUExDzANBgNVBAMTBkFtYXpvbjAeFw0yMTEyMTcyMDIxNTBaFw0yMzAx\n" + - "MTcyMDIxNTBaMCUxIzAhBgNVBAMTGmdvb2Quc2NhMWEuYW1hem9udHJ1c3QuY29t\n" + - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5SadXE1HIzUp4ob40roo\n" + - "qBiJy57vLcZklkWoxRU2JtIauuZUl8fLT/KOjzW71fqMMTxnvEbtKtRtZKDFjrg7\n" + - "uPf8Q1J9tqxme6iFlrBlou+moQQ7Spi3H9q7v08vX19XIREGIwHbicbxVujdeA0w\n" + - "G0fGMlw+Gs8GNiBQplr+oXC7i2CoPmwnR/T8iHjCEznKQIMxiZL4gOHLwh4EKdBA\n" + - "auirpTq0iXUtC2BcM/w1Zx1UTLu0idmclcxVSYE8hXfV8e7JGpNI1gCqkgrskof3\n" + - "A6CMCIH/D1VETFtGKn+gGWenWwnELmKuvHObQGXmcwOV3aXBdNFTmfzcshwqm/mE\n" + - "zQIDAQABo4IBJjCCASIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBTURzXdgGMB\n" + - "tNyiP16WXB1oM2qqmzAfBgNVHSMEGDAWgBRi1EJehnB1apC8xrjSTWDCNLpROjAd\n" + - "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYIKwYBBQUHAQEEaTBnMC0G\n" + - "CCsGAQUFBzABhiFodHRwOi8vb2NzcC5zY2ExYS5hbWF6b250cnVzdC5jb20wNgYI\n" + - "KwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2NhMWEuYW1hem9udHJ1c3QuY29tL3NjYTFh\n" + - "LmNlcjAlBgNVHREEHjAcghpnb29kLnNjYTFhLmFtYXpvbnRydXN0LmNvbTATBgNV\n" + - "HSAEDDAKMAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAVNyn7lB3IOstAJj+\n" + - "avkPfojb+QaUpFjnkKyb7c5kUBEWaaEl27W58OLoIHoEJvfOypv2bTq1fuIx9P88\n" + - "1HP7DrI7vBtfnAgyIjF2mzL6Jyt7buR7u/cXTO0fsl/uk3wfrJBl860/Nab+WYoj\n" + - "pvJm0b75WVnU30Khy/xrhNfN2nvCJ5VMoHqV6KnKrMjA5KpdeTvVaIgyxtV6B8vY\n" + - "VsBbtzJ6n8mN7N8YkEkHV6TG7l+FVPHQdJFtD/qhTd5C4uu4XUehxOta894hLy6z\n" + - "8Mv9BGtmwyUIEd0KQQdkXrWx/iAq6zo0imAeN/s8tjqAzxnw6M5F9cDqjqkYqgXZ\n" + - "eIkPBA==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked.sca1a.amazontrust.com - // Issuer: CN=Amazon, OU=Server CA 1A, O=Amazon, C=US - // Serial number: 75a5de4434092b2cd6ed81eb5e6248e1e5f2a - // Valid from: Fri Dec 17 12:25:17 PST 2021 until: Tue Jan 17 12:25:17 PST 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIEJjCCAw6gAwIBAgITB1pd5ENAkrLNbtgeteYkjh5fKjANBgkqhkiG9w0BAQsF\n" + - "ADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2\n" + - "ZXIgQ0EgMUExDzANBgNVBAMTBkFtYXpvbjAeFw0yMTEyMTcyMDI1MTdaFw0yMzAx\n" + - "MTcyMDI1MTdaMCgxJjAkBgNVBAMTHXJldm9rZWQuc2NhMWEuYW1hem9udHJ1c3Qu\n" + - "Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYk4ZkF9yJgRa0fL\n" + - "96gmxwlJlyvsQmqumxUGw0u1L+nDgGMFD1bHILOw2AO+feNy8kuTnJVb+zN+2f6l\n" + - "rMGM1sGKh8W/ZRIdvmcdeZ2kEDyxLotMRXDQ6hJXDj30DSAYNkdqairJItdcev8+\n" + - "t9LRRNRQwL0sXf5FITQPBnlVCrF9Q42p9hhYUhvsS8jSWPIvUbZajOXKs6AfxyPV\n" + - "2Q7TybgnRlawznXxflPzXRMpCSQZ9WdI/kYbFOjDNtYA05EI4d8IYm+C5U1eJT30\n" + - "dKFeU0xzFsrPirzifFMPIhXKxS5rUELuFRUq4sFTN28Sj7Ij/rr+O9Im8jJZq0lo\n" + - "bqLoQwIDAQABo4IBKTCCASUwDgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRugPQP\n" + - "CWEwQp0pw2dEMw/gT7F4gzAfBgNVHSMEGDAWgBRi1EJehnB1apC8xrjSTWDCNLpR\n" + - "OjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYIKwYBBQUHAQEEaTBn\n" + - "MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5zY2ExYS5hbWF6b250cnVzdC5jb20w\n" + - "NgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2NhMWEuYW1hem9udHJ1c3QuY29tL3Nj\n" + - "YTFhLmNlcjAoBgNVHREEITAfgh1yZXZva2VkLnNjYTFhLmFtYXpvbnRydXN0LmNv\n" + - "bTATBgNVHSAEDDAKMAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAQF9QvedW\n" + - "gqD5LPsZ5cg+DkGFBVqhWgsvp8so4gmKHklSHvisEek/Yfi7tvHCUAP2P0MuV/49\n" + - "O2A+1tXQL1+hVM1auSfDOQdUy4xsKSWV+PofQe82iz+6dwRf+HNgOtyNcQ6aGD3t\n" + - "87DXnJPkBTEPHGxDkjnOwurSffaV1m00bxfb6T1Txvyjs9ClnZf68Jv6oj+2rbs1\n" + - "+TqKXP0Ma3AgXB37Cq2ozYzpAxy9GBIKIahGX2d2qsuZ2aj6XwJwUayIuU0WTOHK\n" + - "eeXvKS2uvY9UaIvTeepSWXyAbBMKagQhgAtf3X6ILodQi5Gk7lCuY48oArKziTgN\n" + - "vB7mK7JqaM2P4g==\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { - // EE certificates don't have CRLDP extension - if (!ocspEnabled){ - pathValidator.validate(new String[]{INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - return; - } - - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Fri Dec 17 12:28:05 PST 2021", System.out); + private static final String VALID = "https://valid.rootca1.demo.amazontrust.com/"; + private static final String REVOKED = "https://revoked.rootca1.demo.amazontrust.com/"; + private static final String CA_FINGERPRINT = + "8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class AmazonCA_2 { - - // Owner: CN=Amazon, OU=Server CA 2A, O=Amazon, C=US - // Issuer: CN=Amazon Root CA 2, O=Amazon, C=US - // Serial number: 67f945755f187a91f8163f3e624620177ff38 - // Valid from: Wed Oct 21 17:00:00 PDT 2015 until: Sat Oct 18 17:00:00 PDT 2025 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIGRzCCBC+gAwIBAgITBn+UV1Xxh6kfgWPz5iRiAXf/ODANBgkqhkiG9w0BAQwF\n" + - "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\n" + - "b24gUm9vdCBDQSAyMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjEL\n" + - "MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENB\n" + - "IDJBMQ8wDQYDVQQDEwZBbWF6b24wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\n" + - "AoICAQC0P8hSLewmrZ41CCPBQytZs5NBFMq5ztbnMf+kZUp9S25LPfjNW3zgC/6E\n" + - "qCTWNVMMHhq7ez9IQJk48qbfBTLlZkuKnUWbA9vowrDfcxUN0mRE4B/TJbveXyTf\n" + - "vE91iDlqDrERecE9D8sdjzURrtHTp27lZdRkXFvfEVCq4hl3sHkzjodisaQthLp1\n" + - "gLsiA7vKt+8zcL4Aeq52UyYb8r4/jdZ3KaQp8O/T4VwDCRKm8ey3kttpJWaflci7\n" + - "eRzNjY7gE3NMANVXCeQwOBfH2GjINFCObmPsqiBuoAnsv2k5aQLNoU1OZk08ClXm\n" + - "mEZ2rI5qZUTX1HuefBJnpMkPugFCw8afaHnB13SkLE7wxX8SZRdDIe5WiwyDL1tR\n" + - "2+8lpz4JsMoFopHmD3GaHyjbN+hkOqHgLltwewOsiyM0u3CZphypN2KeD+1FLjnY\n" + - "TgdIAd1FRgK2ZXDDrEdjnsSEfShKf0l4mFPSBs9E3U6sLmubDRXKLLLpa/dF4eKu\n" + - "LEKS1bXYT28iM6D5gSCnzho5G4d18jQD/slmc5XmRo5Pig0RyBwDaLuxeIZuiJ0A\n" + - "J6YFhffbrLYF5dEQl0cU+t3VBK5u/o1WkWXsZawU038lWn/AXerodT/pAcrtWA4E\n" + - "NQEN09WEKMhZVPhqdwhF/Gusr04mQtKt7T2v6UMQvtVglv5E7wIDAQABo4IBOTCC\n" + - "ATUwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYE\n" + - "FNpDStD8AcBLv1gnjHbNCoHzlC70MB8GA1UdIwQYMBaAFLAM8Eww9AVYAkj9M+VS\n" + - "r0uE42ZSMHsGCCsGAQUFBwEBBG8wbTAvBggrBgEFBQcwAYYjaHR0cDovL29jc3Au\n" + - "cm9vdGNhMi5hbWF6b250cnVzdC5jb20wOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcnQu\n" + - "cm9vdGNhMi5hbWF6b250cnVzdC5jb20vcm9vdGNhMi5jZXIwPwYDVR0fBDgwNjA0\n" + - "oDKgMIYuaHR0cDovL2NybC5yb290Y2EyLmFtYXpvbnRydXN0LmNvbS9yb290Y2Ey\n" + - "LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggIBAEO5W+iF\n" + - "yChjDyyrmiwFupVWQ0Xy2ReFNQiZq7XKVHvsLQe01moSLnxcBxioOPBKt1KkZO7w\n" + - "Gcbmke0+7AxLaG/F5NPnzRtK1/pRhXQ0XdU8pVh/1/h4GoqRlZ/eN0JDarUhZPkV\n" + - "kSr96LUYDTxcsAidF7zkzWfmtcJg/Aw8mi14xKVEa6aVyKu54c8kKkdlt0WaigOv\n" + - "Z/xYhxp24AfoFKaIraDNdsD8q2N7eDYeN4WGLzNSlil+iFjzflI9mq1hTuI/ZNjV\n" + - "rbvob6FUQ8Cc524gMjbpZCNuZ1gfXzwwhGp0AnQF6CJsWF9uwPpZEVFnnnfiWH3M\n" + - "oup41EvBhqaAqOlny0sm5pI82nRUCAE3DLkJ1+eAtdQaYblZQkQrRyTuPmJEm+5y\n" + - "QwdDVw6uHc5OsSj/tyhh8zJ2Xq3zgh3dMONGjJEysxGaCoIb+61PWwMy2dIarVwI\n" + - "r+c+AY+3PrhgBspNdWZ87JzNHii7ksdjUSVGTTy1vGXgPYrv0lp0IMnKaZP58xiw\n" + - "rDx7uTlQuPVWNOZvCaT3ZcoxTsNKNscIUe+WJjWx5hdzpv/oksDPY5ltZ0j3hlDS\n" + - "D+Itk95/cNJVRM/0HpxI1SX9MTZtOSJoEDdUtOpVaOuBAvEK4gvTzdt0r5L+fuI6\n" + - "o5LAuRo/LO1xVRH49KFRoaznzU3Ch9+kbPb3\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=good.sca2a.amazontrust.com - // Issuer: CN=Amazon, OU=Server CA 2A, O=Amazon, C=US - // Serial number: 75a5dd7d82269ed466af69794f34050bdffa2 - // Valid from: Fri Dec 17 12:22:32 PST 2021 until: Tue Jan 17 12:22:32 PST 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIGIDCCBAigAwIBAgITB1pd19giae1GavaXlPNAUL3/ojANBgkqhkiG9w0BAQwF\n" + - "ADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2\n" + - "ZXIgQ0EgMkExDzANBgNVBAMTBkFtYXpvbjAeFw0yMTEyMTcyMDIyMzJaFw0yMzAx\n" + - "MTcyMDIyMzJaMCUxIzAhBgNVBAMTGmdvb2Quc2NhMmEuYW1hem9udHJ1c3QuY29t\n" + - "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsCQonlc6fSTDJbH2y6wC\n" + - "mLeTD3noluSM4LPO53RgLTUvNqrxh/iy9jDGgYP2xN8GGngRI8C65jZqGpJb0Hcp\n" + - "ADYssYKWcTR5OH8rUVsJ6DkJLx0AUOG+iJcCaqPudkw7WBReFEok7E058gCTbXps\n" + - "kNRT3w92CzzXa+49yxaAP0I6AQ9BqZP6gbAR1hmd9BDMCdak1JIswGVC3wGAKJFi\n" + - "c3FS3YeY7VyuXofeEwutvMH4Iag9DZU2puqskrGSmtrVju8CY6w1E/cmBWD9kfpu\n" + - "Qet2LBZuzmws8XhCjU5cHOeA8pg2m7ZnyNBeZajg4hrbPq8ACjjDmEHiDgazoOGN\n" + - "1mV1BXZ2qonK+zJAMqE/L0czEPjdROaF786pPY5Cpi1Rzk0R3KKjGhSHgzfCa2eX\n" + - "cQjBtA7AxLkK+1cI18hYg+okaV+EBrkxXGzeyTjvWbliotIQ9utabXGqJvJtIDeX\n" + - "OQSdSXlBKgwGTE5/Ju8/6NkJgSMEku/Q9SYvfkzPXrj5VAHgPz4KhholeC4A4hRd\n" + - "Y3Xtr/U5Xr3fTzLdOcLDKYW4/OGCl8byjwx8bqO7q8YmgDg572Go3gUbNmlm2QN+\n" + - "NaXhBhPrl4KoHzawApTcod3adhSQziIMGjKYoKhV+ZGNoaLe7IUX0jyX3zygRS6k\n" + - "n6yeyeh1unDfqSvne9+hDEsCAwEAAaOCASYwggEiMA4GA1UdDwEB/wQEAwIFoDAd\n" + - "BgNVHQ4EFgQU71fB1r7/l2pFd0ydSNEiGaD+9uIwHwYDVR0jBBgwFoAU2kNK0PwB\n" + - "wEu/WCeMds0KgfOULvQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUG\n" + - "CCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Auc2NhMmEuYW1h\n" + - "em9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnNjYTJhLmFtYXpv\n" + - "bnRydXN0LmNvbS9zY2EyYS5jZXIwJQYDVR0RBB4wHIIaZ29vZC5zY2EyYS5hbWF6\n" + - "b250cnVzdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwDQYJKoZIhvcNAQEMBQAD\n" + - "ggIBAKULtBRmu4CtBTfBG6hXkBdFGneJlomw02h8dj7xkXof+DoLYtkuJ6XRp89f\n" + - "9UgYJMBjwKaAFjZzcVYvTd8YKdXzCXy4phxuHTfaV6ZH0WyvOlcTXsfdhJA4oD1G\n" + - "prB4/PaymwSbv8ZQAE3eg1hytLLlR9+YUS0HfpwaH/PIa0TzKG8Vuu5zKGSlJjeh\n" + - "Thp/uMBC4twM558Jv2sxoUA5HjgPUyZW7r2eLFbOM1H4oR1US5zFYgzrEK1W12DO\n" + - "t65mI2YHbDepm5FoizwWYe4uaDCqWjCgzQw8pMGoiDABMaoNQ83Zi8r2sLGibAlb\n" + - "cVLcjsORsF6TNmYTW1KDT/9hXlOaAhFwfAwKg6cZw51WEg51sPdi5USk/oszavc5\n" + - "Ft/IZaWSfkA1Xm0EyFwOwCOvGJIb9PWv5PfGZz4xnZlWhp6LfN31e3TagTUbzLVX\n" + - "XwbDI1cofCl18z6pidXXCASBCAajQ8N4GxNP6qqX9ou0yOBEXxwVqIJLcu3tueCI\n" + - "3Cb3rWfbybAVhuuP2ERKHJMY8XDCt0O/g8Kj6O69NABOWvNkU3ARzszGzgBfv4IR\n" + - "jJJEskjxX7Q085iXlaRX/mu+TpTkqK1ZbpBB1Z2PeVMujP+qsWSWGTZBXuI8eqyU\n" + - "dhq+VlyoVtWeMqKYMtakCJxnhwMZnn0sTzZk/Yno+k9Jn0Rk\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked.sca2a.amazontrust.com - // Issuer: CN=Amazon, OU=Server CA 2A, O=Amazon, C=US - // Serial number: 75a5df2d3387cfe5fd4cad9ff00f8c882b98d - // Valid from: Fri Dec 17 12:28:31 PST 2021 until: Tue Jan 17 12:28:31 PST 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIGJjCCBA6gAwIBAgITB1pd8tM4fP5f1MrZ/wD4yIK5jTANBgkqhkiG9w0BAQwF\n" + - "ADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2\n" + - "ZXIgQ0EgMkExDzANBgNVBAMTBkFtYXpvbjAeFw0yMTEyMTcyMDI4MzFaFw0yMzAx\n" + - "MTcyMDI4MzFaMCgxJjAkBgNVBAMTHXJldm9rZWQuc2NhMmEuYW1hem9udHJ1c3Qu\n" + - "Y29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu/9+ky4Z5U24pBYd\n" + - "6xyb1BGQHTXS5nW8QjLWx+xaunRitgIBB8ZZ8OzUmH2mp2S/9Vq1nqii9TvuzA9K\n" + - "JJQZLK8K+OJX/ZwFdSxTgLcyeJ9cCswj/C3SBA1NopZ3DmEWeXlh7aZhl8IXB6kp\n" + - "zI87Tg72F2JJokWNPYdx7xXhf/WVeDeNRkz1iE5UTwL+qaNuzT7S8BdnFWqa3l4a\n" + - "Q1J/YVww0XRhsYJulNVGhoKNf71q8KWw8hJ/zgMxrBFywu7d3OBw6NX3bowZ+jMQ\n" + - "apJEWiwUYOjH3XcOO6TiChwQMypBrcbGgrD/msTlvIBinHwpWaAgX0kT80+wH1Bq\n" + - "mw72fEjeE/Y6EL6WIUr1HQdLhvBDxtPgxnAaxptmg126cF4jV/e+D+IGf6qpN1gR\n" + - "JQC/0+AnASAJ0cGKjSODbl5miqtc0kFSReMsOJeT7gdoPCMg4gWyo62GSvdaAA0I\n" + - "DA8a0HWLAzXU7SwbytTUTYeVI8QeNm2ZGKvMoHDWSDz69V6gGmNl/YSvyJ2zPOZL\n" + - "8oRKRUCOA2LPdK0s7nebe0EBXF09FzzE4HdegRe7r86t6FE400W4wxwJjvjdHXcF\n" + - "s9fI+mgofMvVuK2u3wTdHOrEbfm1GXmj3BlFBORUI11A7K0lmIA02M2jkAN13foe\n" + - "rFLYg+28UjT4aN62zkynKD1iNwkCAwEAAaOCASkwggElMA4GA1UdDwEB/wQEAwIF\n" + - "oDAdBgNVHQ4EFgQUOzuuTB9A8p71qwA3qxqOABf69nkwHwYDVR0jBBgwFoAU2kNK\n" + - "0PwBwEu/WCeMds0KgfOULvQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\n" + - "MHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Auc2NhMmEu\n" + - "YW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnNjYTJhLmFt\n" + - "YXpvbnRydXN0LmNvbS9zY2EyYS5jZXIwKAYDVR0RBCEwH4IdcmV2b2tlZC5zY2Ey\n" + - "YS5hbWF6b250cnVzdC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwDQYJKoZIhvcN\n" + - "AQEMBQADggIBALAPC6I/k/WqJ8dxt7yhhSKA5RyGjd16kh+zq57Cjy0Wmj3BtSFJ\n" + - "l0652ULeHZDjhtEAEMFlWdxuuUJ82UhzPzujeVv5e8CLROYWp52Jb9CFPTwF54ow\n" + - "0a6recetYvOHBTeQ0cmo3nY6Z8eHDRUdk/aGQku1cesntFOIWm+EDj7SDYnUm3Ub\n" + - "ECdMv8entU5yjo/herVNMT6GGnKfjRxM0FWJWoHKKC/EPIka34VN6LOZO4Ftl9wI\n" + - "Ms7w3EgweEqLOyaGSAFwzrcQwKkPBm8fW5CefDtB64CtC8NUuo+XOQ2/JlRnWGLk\n" + - "CHxesJBUNk5c/IBDPLmyrKCLbGUqwsehQGQdSrLIH0857pTJi30D+/KDvgQynaay\n" + - "zPWLrSJvXUOQ9Vir+RQtbiMOqUDXX15Vty2mxLqjos1zCAxgrorZ7H2OSBZIWYzE\n" + - "8UgF1/vOlAtMjYyLLgb2UyqAY2HybKjtYYAyV/oIPjVRXygaOGkDZseqqXuslq5I\n" + - "ZSDU5hF6Hy6D6gsCVdshswwuRg39248M79qsMDw0Xa7xGcwqdfwTHv4Rb3G/kTrA\n" + - "8iR2YP/RdABKkTkUKRXs0kYPFoJ0wQPDD5slkLjdZNeezoNrw1rWEEUh1iildiRA\n" + - "i1p+pwXSyZ+m5Gv0/W84DDhLmAdvFov5muga8UccNbHuObtt1vHIhHe1\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { - // EE certificates don't have CRLDP extension - if (!ocspEnabled){ - pathValidator.validate(new String[]{INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - return; - } - - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Fri Dec 17 12:29:36 PST 2021", System.out); + private static final String VALID = "https://valid.rootca2.demo.amazontrust.com/"; + private static final String REVOKED = "https://revoked.rootca2.demo.amazontrust.com/"; + private static final String CA_FINGERPRINT = + "1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class AmazonCA_3 { - - // Owner: CN=Amazon, OU=Server CA 3A, O=Amazon, C=US - // Issuer: CN=Amazon Root CA 3, O=Amazon, C=US - // Serial number: 67f945758fe55b9ee3f75831d47f07d226c8a - // Valid from: Wed Oct 21 17:00:00 PDT 2015 until: Sat Oct 18 17:00:00 PDT 2025 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIICuzCCAmGgAwIBAgITBn+UV1j+VbnuP3WDHUfwfSJsijAKBggqhkjOPQQDAjA5\n" + - "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g\n" + - "Um9vdCBDQSAzMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjELMAkG\n" + - "A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENBIDNB\n" + - "MQ8wDQYDVQQDEwZBbWF6b24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATYcYsK\n" + - "mYdR0Gj8Xz45E/lfcTTnXhg2EtAIYBIHyXv/ZQyyyCas1aptX/I5T1coT6XK181g\n" + - "nB8hADuKfWlNoIYRo4IBOTCCATUwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8B\n" + - "Af8EBAMCAYYwHQYDVR0OBBYEFATc4JXl6LlrlKHvjFsxHhN+VZfaMB8GA1UdIwQY\n" + - "MBaAFKu229cGnjesMIYHkXDHnMQZsXjAMHsGCCsGAQUFBwEBBG8wbTAvBggrBgEF\n" + - "BQcwAYYjaHR0cDovL29jc3Aucm9vdGNhMy5hbWF6b250cnVzdC5jb20wOgYIKwYB\n" + - "BQUHMAKGLmh0dHA6Ly9jcnQucm9vdGNhMy5hbWF6b250cnVzdC5jb20vcm9vdGNh\n" + - "My5jZXIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5yb290Y2EzLmFtYXpv\n" + - "bnRydXN0LmNvbS9yb290Y2EzLmNybDARBgNVHSAECjAIMAYGBFUdIAAwCgYIKoZI\n" + - "zj0EAwIDSAAwRQIgOl/vux0qfxNm05W3eofa9lKwz6oKvdu6g6Sc0UlwgRcCIQCS\n" + - "WSQ6F6JHLoeOWLyFFF658eNKEKbkEGMHz34gLX/N3g==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=good.sca3a.amazontrust.com - // Issuer: CN=Amazon, OU=Server CA 3A, O=Amazon, C=US - // Serial number: 75a5dd9ec12f37f4bbed4bada4b75164a642f - // Valid from: Fri Dec 17 12:23:00 PST 2021 until: Tue Jan 17 12:23:00 PST 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIClDCCAjqgAwIBAgITB1pd2ewS839LvtS62kt1FkpkLzAKBggqhkjOPQQDAjBG\n" + - "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg\n" + - "Q0EgM0ExDzANBgNVBAMTBkFtYXpvbjAeFw0yMTEyMTcyMDIzMDBaFw0yMzAxMTcy\n" + - "MDIzMDBaMCUxIzAhBgNVBAMTGmdvb2Quc2NhM2EuYW1hem9udHJ1c3QuY29tMFkw\n" + - "EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE275wkVMovF+U/fRduMcuthD8AYpYTUgc\n" + - "qoEHEccF6eZYzoGlufHJCwtLHXk9qXeXtjZV8N90ksYahFV+oGFcpaOCASYwggEi\n" + - "MA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUS8gTB11XA49gH4IGAD6p3UilrIMw\n" + - "HwYDVR0jBBgwFoAUBNzgleXouWuUoe+MWzEeE35Vl9owHQYDVR0lBBYwFAYIKwYB\n" + - "BQUHAwEGCCsGAQUFBwMCMHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0\n" + - "cDovL29jc3Auc2NhM2EuYW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipodHRw\n" + - "Oi8vY3J0LnNjYTNhLmFtYXpvbnRydXN0LmNvbS9zY2EzYS5jZXIwJQYDVR0RBB4w\n" + - "HIIaZ29vZC5zY2EzYS5hbWF6b250cnVzdC5jb20wEwYDVR0gBAwwCjAIBgZngQwB\n" + - "AgEwCgYIKoZIzj0EAwIDSAAwRQIgRRteTEwQoqw95mKff0ydDMD1+YQbcN6QLw/a\n" + - "NwDti9ICIQDYMNw6u0d5gaZZo/zizl1JRVAuSxoO5lNOrleaEOkImA==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked.sca3a.amazontrust.com - // Issuer: CN=Amazon, OU=Server CA 3A, O=Amazon, C=US - // Serial number: 75a5df9c88c0613777baba663000de147a26b - // Valid from: Fri Dec 17 12:30:04 PST 2021 until: Tue Jan 17 12:30:04 PST 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIICmzCCAkCgAwIBAgITB1pd+ciMBhN3e6umYwAN4UeiazAKBggqhkjOPQQDAjBG\n" + - "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg\n" + - "Q0EgM0ExDzANBgNVBAMTBkFtYXpvbjAeFw0yMTEyMTcyMDMwMDRaFw0yMzAxMTcy\n" + - "MDMwMDRaMCgxJjAkBgNVBAMTHXJldm9rZWQuc2NhM2EuYW1hem9udHJ1c3QuY29t\n" + - "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbppBP3Dj0qoRHMB9VMTXhw2Fg8ef\n" + - "o32r/Mu3IzT8T6kWCk3UqVDL3UIn3qVZLCW1nJfVc1d1EeSDvyjCL3u3f6OCASkw\n" + - "ggElMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUv8lJ3W7O74zVj+0zhD4+rrqZ\n" + - "yvMwHwYDVR0jBBgwFoAUBNzgleXouWuUoe+MWzEeE35Vl9owHQYDVR0lBBYwFAYI\n" + - "KwYBBQUHAwEGCCsGAQUFBwMCMHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYh\n" + - "aHR0cDovL29jc3Auc2NhM2EuYW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipo\n" + - "dHRwOi8vY3J0LnNjYTNhLmFtYXpvbnRydXN0LmNvbS9zY2EzYS5jZXIwKAYDVR0R\n" + - "BCEwH4IdcmV2b2tlZC5zY2EzYS5hbWF6b250cnVzdC5jb20wEwYDVR0gBAwwCjAI\n" + - "BgZngQwBAgEwCgYIKoZIzj0EAwIDSQAwRgIhAKrA0fOK4NKDKHTY8ESeVW3D/7NH\n" + - "tbNdfcIXolAoFfmFAiEAylAsKdND8c4w69jlFTId0X8F/mrXzKfLFCQ+b/7jTto=\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { - // EE certificates don't have CRLDP extension - if (!ocspEnabled){ - pathValidator.validate(new String[]{INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - return; - } - - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Fri Dec 17 12:30:37 PST 2021", System.out); + private static final String VALID = "https://valid.rootca3.demo.amazontrust.com/"; + private static final String REVOKED = "https://revoked.rootca3.demo.amazontrust.com/"; + private static final String CA_FINGERPRINT = + "18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class AmazonCA_4 { - - // Owner: CN=Amazon, OU=Server CA 4A, O=Amazon, C=US - // Issuer: CN=Amazon Root CA 4, O=Amazon, C=US - // Serial number: 67f94575a8862a9072e3239c37ceba1274e18 - // Valid from: Wed Oct 21 17:00:00 PDT 2015 until: Sat Oct 18 17:00:00 PDT 2025 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIC+TCCAn6gAwIBAgITBn+UV1qIYqkHLjI5w3zroSdOGDAKBggqhkjOPQQDAzA5\n" + - "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g\n" + - "Um9vdCBDQSA0MB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjELMAkG\n" + - "A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENBIDRB\n" + - "MQ8wDQYDVQQDEwZBbWF6b24wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASRP0kIW0Ha\n" + - "7+ORvEVhIS5gIgkH66X5W9vBRTX14oG/1elIyI6LbFZ+E5KAufL0XoWJGI1WbPRm\n" + - "HW246FKSzF0wOEZZyxEROz6tuaVsnXRHRE76roS/Wr064uJpKH+Lv+SjggE5MIIB\n" + - "NTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU\n" + - "pSHN2+tTIZmqytlnQpQlsnv0wuMwHwYDVR0jBBgwFoAU0+zHOmVuzOHadppW+5zz\n" + - "hm1X5YEwewYIKwYBBQUHAQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5y\n" + - "b290Y2E0LmFtYXpvbnRydXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5y\n" + - "b290Y2E0LmFtYXpvbnRydXN0LmNvbS9yb290Y2E0LmNlcjA/BgNVHR8EODA2MDSg\n" + - "MqAwhi5odHRwOi8vY3JsLnJvb3RjYTQuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTQu\n" + - "Y3JsMBEGA1UdIAQKMAgwBgYEVR0gADAKBggqhkjOPQQDAwNpADBmAjEA59RAOBaj\n" + - "uh0rT/OOTWPEv6TBnb9XEadburBaXb8SSrR8il+NdkfS9WXRAzbwrG7LAjEA3ukD\n" + - "1HrQq+WXHBM5sIuViJI/Zh7MOjsc159Q+dn36PBqLRq03AXqE/lRjnv8C5nj\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=good.sca4a.amazontrust.com - // Issuer: CN=Amazon, OU=Server CA 4A, O=Amazon, C=US - // Serial number: 75a5ddc1a4ea5a18110454883269df9409bf5 - // Valid from: Fri Dec 17 12:23:29 PST 2021 until: Tue Jan 17 12:23:29 PST 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIC0TCCAlegAwIBAgITB1pd3BpOpaGBEEVIgyad+UCb9TAKBggqhkjOPQQDAzBG\n" + - "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg\n" + - "Q0EgNEExDzANBgNVBAMTBkFtYXpvbjAeFw0yMTEyMTcyMDIzMjlaFw0yMzAxMTcy\n" + - "MDIzMjlaMCUxIzAhBgNVBAMTGmdvb2Quc2NhNGEuYW1hem9udHJ1c3QuY29tMHYw\n" + - "EAYHKoZIzj0CAQYFK4EEACIDYgAE7VpccYyJsD19xB1owlNs9PGkXkjptJZK6eFY\n" + - "q9Tc+CZLaOAhi47uuWsPwyIYB3vEIUXoWWKTvgycHhsmVQDQ2hLYMS+h9tQgnqVN\n" + - "TDYpEnnBa6AUbTKXtJDLG+z+7Kd7o4IBJjCCASIwDgYDVR0PAQH/BAQDAgeAMB0G\n" + - "A1UdDgQWBBRHzxN3jV4vU1PEmHmTqB8YXXoMYDAfBgNVHSMEGDAWgBSlIc3b61Mh\n" + - "marK2WdClCWye/TC4zAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYI\n" + - "KwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5zY2E0YS5hbWF6\n" + - "b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2NhNGEuYW1hem9u\n" + - "dHJ1c3QuY29tL3NjYTRhLmNlcjAlBgNVHREEHjAcghpnb29kLnNjYTRhLmFtYXpv\n" + - "bnRydXN0LmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATAKBggqhkjOPQQDAwNoADBl\n" + - "AjEAyHMRGLsUVEufoih22dPfO5LrLpO4/2VzeNBbUvP/mOcwvMrrq1yQjot3CTdm\n" + - "ZwnRAjAj2zmAM5asBZwuEN1pbEFgHdojio0O4oYvUsdMooLOKJsBD7hmgAdhpObO\n" + - "Xv0oNIE=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked.sca4a.amazontrust.com - // Issuer: CN=Amazon, OU=Server CA 4A, O=Amazon, C=US - // Serial number: 75a5e0442d0fed2b11850ed6746a2200bb4af - // Valid from: Fri Dec 17 12:32:23 PST 2021 until: Tue Jan 17 12:32:23 PST 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIC1zCCAl2gAwIBAgITB1peBELQ/tKxGFDtZ0aiIAu0rzAKBggqhkjOPQQDAzBG\n" + - "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg\n" + - "Q0EgNEExDzANBgNVBAMTBkFtYXpvbjAeFw0yMTEyMTcyMDMyMjNaFw0yMzAxMTcy\n" + - "MDMyMjNaMCgxJjAkBgNVBAMTHXJldm9rZWQuc2NhNGEuYW1hem9udHJ1c3QuY29t\n" + - "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqxQKCDKJYXzA0uR3jyfk/ZRyPAJolRNI\n" + - "xI3+vlQW7SqVs+MziCLFPuU68kf74a5/YFWK/bRdXrVue4IMbM8TKO2FwXIHn/Iw\n" + - "udkJIG+CdqnL4IlH+tFf+l47vRzMS0TQo4IBKTCCASUwDgYDVR0PAQH/BAQDAgeA\n" + - "MB0GA1UdDgQWBBR04rEvUxTzLh0OGHyMgrYanP7lqzAfBgNVHSMEGDAWgBSlIc3b\n" + - "61MhmarK2WdClCWye/TC4zAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" + - "dQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5zY2E0YS5h\n" + - "bWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2NhNGEuYW1h\n" + - "em9udHJ1c3QuY29tL3NjYTRhLmNlcjAoBgNVHREEITAfgh1yZXZva2VkLnNjYTRh\n" + - "LmFtYXpvbnRydXN0LmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATAKBggqhkjOPQQD\n" + - "AwNoADBlAjEAgOyeHMBYmO9rfMgCnV4oOQ5PcjSAgotYwEGqFHA5+TuIPBTcdFar\n" + - "J1j1JY+EirQ3AjAuGMJdyiQfAVi1n5wT1/2nIOIEGtV2/9CrNmhmjIzKrfu+HUUk\n" + - "bduxD7hNhott7NE=\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator, boolean ocspEnabled) throws Exception { - // EE certificates don't have CRLDP extension - if (!ocspEnabled){ - pathValidator.validate(new String[]{INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - return; - } - - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Fri Dec 17 12:32:59 PST 2021", System.out); + private static final String VALID = "https://valid.rootca4.demo.amazontrust.com/"; + private static final String REVOKED = "https://revoked.rootca4.demo.amazontrust.com/"; + private static final String CA_FINGERPRINT = + "E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java index 95ac059de03dd..d09edde279a44 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java @@ -22,14 +22,27 @@ */ /* - * @test + * @test id=OCSP * @bug 8307134 * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates - * @build ValidatePathWithParams + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath GoogleCA OCSP + */ + +/* + * @test id=CRL + * @bug 8307134 + * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath GoogleCA CRL */ +import java.security.cert.CertificateEncodingException; + /* * Obtain TLS test artifacts for Google CAs from: * @@ -39,15 +52,13 @@ public class GoogleCA { public static void main(String[] args) throws Exception { - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); - boolean ocspEnabled = false; + ValidatePathWithURL pathValidator = new ValidatePathWithURL(); if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); + pathValidator.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPCheck(); - ocspEnabled = true; + pathValidator.enableOCSPOnly(); } new GoogleGSR4().runTest(pathValidator); @@ -59,563 +70,61 @@ public static void main(String[] args) throws Exception { } class GoogleGSR4 { - - // Owner: CN=GTS CA 2D4, O=Google Trust Services LLC, C=US - // Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 - // Serial number: 21668f1cd0a2a8f847d8aad34 - // Valid from: Tue Oct 04 17:00:42 PDT 2022 until: Wed Sep 29 17:00:42 PDT 2027 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIDBDCCAqugAwIBAgINAhZo8c0KKo+EfYqtNDAKBggqhkjOPQQDAjBQMSQwIgYD\n" + - "VQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2Jh\n" + - "bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMjIxMDA1MDAwMDQyWhcNMjcw\n" + - "OTMwMDAwMDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0\n" + - "IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDJENDBZMBMGByqGSM49AgEG\n" + - "CCqGSM49AwEHA0IABPQdCdV61990MPueGTVpXAjRmp2JIxt0Yuy59RZYT/XKg1lN\n" + - "gpRc0eh/bHtpehigtqe+llKTiVEkMhSMURoQQsOjggFyMIIBbjAOBgNVHQ8BAf8E\n" + - "BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n" + - "MAYBAf8CAQAwHQYDVR0OBBYEFKiI2Yo5rGXVgks3qJVsZUPNRAHgMB8GA1UdIwQY\n" + - "MBaAFFSwe61FuOJAf/sKbvu+M8k8o4TVMGYGCCsGAQUFBwEBBFowWDAlBggrBgEF\n" + - "BQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyNDAvBggrBgEFBQcwAoYjaHR0\n" + - "cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3NyNC5kZXIwMgYDVR0fBCswKTAnoCWg\n" + - "I4YhaHR0cDovL2NybC5wa2kuZ29vZy9nc3I0L2dzcjQuY3JsME0GA1UdIARGMEQw\n" + - "CAYGZ4EMAQIBMDgGCisGAQQB1nkCBQMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9w\n" + - "a2kuZ29vZy9yZXBvc2l0b3J5LzAKBggqhkjOPQQDAgNHADBEAiBi+ikli1YBHQGs\n" + - "b5mnyBo5mydw04o386BPgaPpiBzgagIgbcpwQJCalLIekv8XRMoWFr3nV5XJfWRU\n" + - "5QPpOX0rXbg=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=good.gsr4.demo.pki.goog - // Issuer: CN=GTS CA 2D4, O=Google Trust Services LLC, C=US - // Serial number: 4c435754ee6e013c10efaff908a58cbb - // Valid from: Mon Mar 27 12:41:45 PDT 2023 until: Sun Jun 25 12:41:44 PDT 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIEsTCCBFegAwIBAgIQTENXVO5uATwQ76/5CKWMuzAKBggqhkjOPQQDAjBGMQsw\n" + - "CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzET\n" + - "MBEGA1UEAxMKR1RTIENBIDJENDAeFw0yMzAzMjcxOTQxNDVaFw0yMzA2MjUxOTQx\n" + - "NDRaMCIxIDAeBgNVBAMTF2dvb2QuZ3NyNC5kZW1vLnBraS5nb29nMIIBIjANBgkq\n" + - "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymtcnnxJ8pSF4YJUKTWKcHbRw28ShLzo\n" + - "KVTRPUsRrZZDqyDx296k3e0D04kBhcvEduxtEabCe89m06SH7L+bGVi25j35AXwn\n" + - "6aziLs/EV4BRy9ACfYipeT5PnQbaMmVe65q/RYKmWqD/z0SEh2uMFxRVl1CBmS/J\n" + - "owbNUlrEEDiYkE/nGfCmacpW0QZ7kxGjSR34mCSDugIYE/HME3ZVcZOVf2LT0lBA\n" + - "DhQtZI6cXy2lO8Ro/dUtcZKjo8iu0xW1pQeiJq9+CGp62MJFmpl+EfzP/B8aXQiF\n" + - "+m44LJJgAjiShAwVo9HbJUYv0dqCS9G22FL43xXqAdDlWZeuZyg7bQIDAQABo4IC\n" + - "fjCCAnowDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1Ud\n" + - "EwEB/wQCMAAwHQYDVR0OBBYEFKMuYkTnbWyrTBfBqbNNe91z3GPjMB8GA1UdIwQY\n" + - "MBaAFKiI2Yo5rGXVgks3qJVsZUPNRAHgMHgGCCsGAQUFBwEBBGwwajA1BggrBgEF\n" + - "BQcwAYYpaHR0cDovL29jc3AucGtpLmdvb2cvcy9ndHMyZDQvS2tnczU5VFFIelkw\n" + - "MQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBvL2NlcnRzL2d0czJkNC5k\n" + - "ZXIwIgYDVR0RBBswGYIXZ29vZC5nc3I0LmRlbW8ucGtpLmdvb2cwIQYDVR0gBBow\n" + - "GDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGgL6AthitodHRw\n" + - "Oi8vY3Jscy5wa2kuZ29vZy9ndHMyZDQvSUlXMzNMVUVwV3cuY3JsMIIBBAYKKwYB\n" + - "BAHWeQIEAgSB9QSB8gDwAHcA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0G\n" + - "vW4AAAGHJM62ygAABAMASDBGAiEAkeiqmfYYCVEmGA12/RJUZPdmxRP2ZXF0Xm30\n" + - "Oz+q2tgCIQCgSYqT/6RH+PCOauOVW4uaoshT+HfqurghVCzwGgBFvwB1ALc++yTf\n" + - "nE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhyTOttoAAAQDAEYwRAIgBXao\n" + - "3Pry1nCHu3bngW3q3CHSLzmNHmO4cXMSdN2sAOkCIDE5DUyok3TRsOIHu1QTB0R2\n" + - "UxPeFm9KS73TBT8JEZykMAoGCCqGSM49BAMCA0gAMEUCIG1m91VOq3tghyLPA6YR\n" + - "/Pkq+gQylyM8wGJgnRMRE0lhAiEAxBgYXImtVqbfymq2MYwhV9KmG9gPIfqN6qWi\n" + - "lzblUM0=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked.gsr4.demo.pki.goog - // Issuer: CN=GTS CA 2D4, O=Google Trust Services LLC, C=US - // Serial number: 1f9bd55e26716b3710b2614cec6fff02 - // Valid from: Mon Mar 27 12:48:37 PDT 2023 until: Sun Jun 25 12:48:36 PDT 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIEtzCCBFygAwIBAgIQH5vVXiZxazcQsmFM7G//AjAKBggqhkjOPQQDAjBGMQsw\n" + - "CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzET\n" + - "MBEGA1UEAxMKR1RTIENBIDJENDAeFw0yMzAzMjcxOTQ4MzdaFw0yMzA2MjUxOTQ4\n" + - "MzZaMCUxIzAhBgNVBAMTGnJldm9rZWQuZ3NyNC5kZW1vLnBraS5nb29nMIIBIjAN\n" + - "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVuoZ/bS9c2WSQ8W1FjPEsdGoANj\n" + - "PqKaPwdyUhnko9ayyGGi5hHLYqir2tiNjfO8i5e3ybe6CIaybY37SQebquV+rioH\n" + - "O9BS75GgtYXCaMK/8prya9RiaUjy7kecvpKtJNiaXrLJy8Vzq9g39n9hiXJYMGkc\n" + - "fCWYjWd5jU4pAsYTslmuIYoIZuwRRX34iET6Brs3ijykcmYtG5F90wqFlvRxRh0x\n" + - "vD0EeTOLGZSDQMYxlhfrqG449I10iTHusSxI2AXB6k7N2UXMJ44D7Z3RWkv1ItsY\n" + - "eKVXQyLAYd8YYTFNdGa75SoRr+ChFbLCgSUMg188T/SS013bH/XSHpCbQQIDAQAB\n" + - "o4ICgDCCAnwwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwG\n" + - "A1UdEwEB/wQCMAAwHQYDVR0OBBYEFLXeKzKKPx+Vs7YEKdmz9Vur9BZiMB8GA1Ud\n" + - "IwQYMBaAFKiI2Yo5rGXVgks3qJVsZUPNRAHgMHgGCCsGAQUFBwEBBGwwajA1Bggr\n" + - "BgEFBQcwAYYpaHR0cDovL29jc3AucGtpLmdvb2cvcy9ndHMyZDQvaG5fZHY1dHlS\n" + - "SVkwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBvL2NlcnRzL2d0czJk\n" + - "NC5kZXIwJQYDVR0RBB4wHIIacmV2b2tlZC5nc3I0LmRlbW8ucGtpLmdvb2cwIQYD\n" + - "VR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGgL6At\n" + - "hitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMyZDQvSUlXMzNMVUVwV3cuY3JsMIIB\n" + - "AwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvS\n" + - "K8E6V6NS61IAAAGHJNUx1gAABAMARzBFAiEAj/RgXx1ScnsOf9R9N3eyPMJtH33C\n" + - "mOrRCOodG8QXmE0CIHwNJC5E53BVmfMzZwJH9f2BiUx31SGHWFvG283zVtX/AHUA\n" + - "6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGHJNUxnAAABAMARjBE\n" + - "AiAI7pcrKatsz0G4QYPKmS74VQVEgnHqgKSoqv0ghTJXTgIgPyoYubz4MEHYirBu\n" + - "69BLC2jioXr8+wS7MK1IPqjdH44wCgYIKoZIzj0EAwIDSQAwRgIhAI4NdZ5JwTuW\n" + - "P+RH2bsAc5xrb804G9mOc3WMRVxTUKesAiEA/jHMJ2YdPv0WXKjKY7nUyFjUPdin\n" + - "BHRHfBeltynaFzU=\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Mon Mar 27 13:49:33 PDT 2023", System.out); + private static final String VALID = "https://good.gsr4.demo.pki.goog/"; + private static final String REVOKED = "https://revoked.gsr4.demo.pki.goog/"; + private static final String CA_FINGERPRINT = + "BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class GoogleGTSR1 { - - // Owner: CN=GTS CA 1D4, O=Google Trust Services LLC, C=US - // Issuer: CN=GTS Root R1, O=Google Trust Services LLC, C=US - // Serial number: 2008eb2023336658b64cddb9b - // Valid from: Wed Aug 12 17:00:42 PDT 2020 until: Wed Sep 29 17:00:42 PDT 2027 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIFjDCCA3SgAwIBAgINAgCOsgIzNmWLZM3bmzANBgkqhkiG9w0BAQsFADBHMQsw\n" + - "CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU\n" + - "MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAw\n" + - "MDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp\n" + - "Y2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFENDCCASIwDQYJKoZIhvcNAQEBBQAD\n" + - "ggEPADCCAQoCggEBAKvAqqPCE27l0w9zC8dTPIE89bA+xTmDaG7y7VfQ4c+mOWhl\n" + - "UebUQpK0yv2r678RJExK0HWDjeq+nLIHN1Em5j6rARZixmyRSjhIR0KOQPGBMUld\n" + - "saztIIJ7O0g/82qj/vGDl//3t4tTqxiRhLQnTLXJdeB+2DhkdU6IIgx6wN7E5NcU\n" + - "H3Rcsejcqj8p5Sj19vBm6i1FhqLGymhMFroWVUGO3xtIH91dsgy4eFKcfKVLWK3o\n" + - "2190Q0Lm/SiKmLbRJ5Au4y1euFJm2JM9eB84Fkqa3ivrXWUeVtye0CQdKvsY2Fka\n" + - "zvxtxvusLJzLWYHk55zcRAacDA2SeEtBbQfD1qsCAwEAAaOCAXYwggFyMA4GA1Ud\n" + - "DwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0T\n" + - "AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUJeIYDrJXkZQq5dRdhpCD3lOzuJIwHwYD\n" + - "VR0jBBgwFoAU5K8rJnEaK0gnhS9SZizv8IkTcT4waAYIKwYBBQUHAQEEXDBaMCYG\n" + - "CCsGAQUFBzABhhpodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHNyMTAwBggrBgEFBQcw\n" + - "AoYkaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzcjEuZGVyMDQGA1UdHwQt\n" + - "MCswKaAnoCWGI2h0dHA6Ly9jcmwucGtpLmdvb2cvZ3RzcjEvZ3RzcjEuY3JsME0G\n" + - "A1UdIARGMEQwCAYGZ4EMAQIBMDgGCisGAQQB1nkCBQMwKjAoBggrBgEFBQcCARYc\n" + - "aHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAgEA\n" + - "IVToy24jwXUr0rAPc924vuSVbKQuYw3nLflLfLh5AYWEeVl/Du18QAWUMdcJ6o/q\n" + - "FZbhXkBH0PNcw97thaf2BeoDYY9Ck/b+UGluhx06zd4EBf7H9P84nnrwpR+4GBDZ\n" + - "K+Xh3I0tqJy2rgOqNDflr5IMQ8ZTWA3yltakzSBKZ6XpF0PpqyCRvp/NCGv2KX2T\n" + - "uPCJvscp1/m2pVTtyBjYPRQ+QuCQGAJKjtN7R5DFrfTqMWvYgVlpCJBkwlu7+7KY\n" + - "3cTIfzE7cmALskMKNLuDz+RzCcsYTsVaU7Vp3xL60OYhqFkuAOOxDZ6pHOj9+OJm\n" + - "YgPmOT4X3+7L51fXJyRH9KfLRP6nT31D5nmsGAOgZ26/8T9hsBW1uo9ju5fZLZXV\n" + - "VS5H0HyIBMEKyGMIPhFWrlt/hFS28N1zaKI0ZBGD3gYgDLbiDT9fGXstpk+Fmc4o\n" + - "lVlWPzXe81vdoEnFbr5M272HdgJWo+WhT9BYM0Ji+wdVmnRffXgloEoluTNcWzc4\n" + - "1dFpgJu8fF3LG0gl2ibSYiCi9a6hvU0TppjJyIWXhkJTcMJlPrWx1VytEUGrX2l0\n" + - "JDwRjW/656r0KVB02xHRKvm2ZKI03TglLIpmVCK3kBKkKNpBNkFt8rhafcCKOb9J\n" + - "x/9tpNFlQTl7B39rJlJWkR17QnZqVptFePFORoZmFzM=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=good.gtsr1.demo.pki.goog - // Issuer: CN=GTS CA 1D4, O=Google Trust Services LLC, C=US - // Serial number: 19c08d5cde41fc84108f54c8d2a1aeca - // Valid from: Mon Mar 27 12:33:43 PDT 2023 until: Sun Jun 25 12:33:42 PDT 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIFcjCCBFqgAwIBAgIQGcCNXN5B/IQQj1TI0qGuyjANBgkqhkiG9w0BAQsFADBG\n" + - "MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM\n" + - "QzETMBEGA1UEAxMKR1RTIENBIDFENDAeFw0yMzAzMjcxOTMzNDNaFw0yMzA2MjUx\n" + - "OTMzNDJaMCMxITAfBgNVBAMTGGdvb2QuZ3RzcjEuZGVtby5wa2kuZ29vZzCCASIw\n" + - "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkOYhMM6kQMlep+l2/l5KTC1ow8\n" + - "nXHwXQzugR2Js302pM3p2UCfnfhlK0a9UUSVtAZa8ydVUyVRF9LzW1rOIK8UdlEj\n" + - "O6qAvPnPw8laY7rCPWRPibxu0OqL/5sYD+a4hQ7GhVsYDXXxnWQvLV5mppRlYF/8\n" + - "80ugGggRb+U3y6V84f1JnwSMvZFULe19BOeV5qWAHHFfgy0zePzcDMy8AqxaVBOb\n" + - "FVSsbdql2gnRyC4WZ9D5lc8vwS84KrJbce2+VtrpcKVALtyVA0Zzor2lr2wOVc4i\n" + - "OOwMNk9948eStAjOV8N4B1h9D/pd+cFSWfgXufr5ZClwijLr3zLvZxDGI6ECAwEA\n" + - "AaOCAn0wggJ5MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAM\n" + - "BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSTKR+0ebWnH3uGz5qju5/LpkCjYzAfBgNV\n" + - "HSMEGDAWgBQl4hgOsleRlCrl1F2GkIPeU7O4kjB4BggrBgEFBQcBAQRsMGowNQYI\n" + - "KwYBBQUHMAGGKWh0dHA6Ly9vY3NwLnBraS5nb29nL3MvZ3RzMWQ0L3B6OThKdFZT\n" + - "RnRjMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMx\n" + - "ZDQuZGVyMCMGA1UdEQQcMBqCGGdvb2QuZ3RzcjEuZGVtby5wa2kuZ29vZzAhBgNV\n" + - "HSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAvoC2G\n" + - "K2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFkNC92My1EUW1sYi1ZWS5jcmwwggEC\n" + - "BgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSe\n" + - "HQmBJe20mQAAAYckx1OMAAAEAwBGMEQCICQ4Do1cKFsqmm/swKZkdM/qGluDbctL\n" + - "tIgp0YnoZTlEAiByAeAEaVQiU27AnpUerimnjPnThQq26vqvnWdstb0mwgB1AK33\n" + - "vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhyTHU7UAAAQDAEYwRAIg\n" + - "WAIAOov42kcgOj0rYO3qb4/HTsW3o69x4IKd8ycsaVkCICIQUaeKwNp4aW/civO9\n" + - "No/v5Ner5bmlwheqFAJcR/HCMA0GCSqGSIb3DQEBCwUAA4IBAQBEKKdwuzuAhdir\n" + - "3hbPQIosD6H9vatr8tExWCDmw+PHOoiWIUTBu5fVZPQ27EgehTIA6kNhQj2g7fkF\n" + - "Bd5zAl4k7WdsDZCeOHml6XXQZHvc+p4DYBKTTt3h81lsMLw8aWCOaiSmrQ0hZS/E\n" + - "iuaqvlOFpOTd0x+MN2qcU14hi8SKxBgpraqR/s7OCwUFltxcPq0GAybzDGc9lgB+\n" + - "Jt56QviN641s7hxThyGhFIHSePgWuwbT1grJKQiSW35yI4PJO90HoCpd2MLrC5Ic\n" + - "B89ykY8mQcx+naGPZQdwdpx9GvKwSZdn+cq3kZwD66iXnwhqmiEdq4eBZr8ygSya\n" + - "lnGV2OW+\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked.gtsr1.demo.pki.goog - // Issuer: CN=GTS CA 1D4, O=Google Trust Services LLC, C=US - // Serial number: c414c34e6c2cc66c102b8d3502be3bb4 - // Valid from: Mon Mar 27 12:42:39 PDT 2023 until: Sun Jun 25 12:42:38 PDT 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIFfDCCBGSgAwIBAgIRAMQUw05sLMZsECuNNQK+O7QwDQYJKoZIhvcNAQELBQAw\n" + - "RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM\n" + - "TEMxEzARBgNVBAMTCkdUUyBDQSAxRDQwHhcNMjMwMzI3MTk0MjM5WhcNMjMwNjI1\n" + - "MTk0MjM4WjAmMSQwIgYDVQQDExtyZXZva2VkLmd0c3IxLmRlbW8ucGtpLmdvb2cw\n" + - "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOeL80aphh8K8Cz41Sl2Cv\n" + - "cI3Elrrm/2sQH5Q0nxNuoZcxTGk3hD75Ntf6eqgclUQXJDEGbfoo3q7kYIQPXEIy\n" + - "+AuiMTd80ZRHuPBp8ci/wkh6N7B9mE/rjzJz77QgJluykoXRx9SiDyE4Yn9sRbBH\n" + - "jNm/KBv8wMV6hzJZYaALyDpGVNuAx9cHE91LaSvamPiccJn4wb9zDtyFduS3yYbz\n" + - "FREt960j420TeHjeWFkuXXVQMnPeRAWugclhJKzLz1U1gm5PWGxThMgVIy0v8v63\n" + - "3qFT09I4avi0AzBaRtINCaS39Mo2AoX1jZNjFDNLzRO1fSSJpzJmWyXJ2jRI7MwF\n" + - "AgMBAAGjggKDMIICfzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH\n" + - "AwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUCuJDEKGIdbWqxyVFZmIZoyQZ4T4w\n" + - "HwYDVR0jBBgwFoAUJeIYDrJXkZQq5dRdhpCD3lOzuJIweAYIKwYBBQUHAQEEbDBq\n" + - "MDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFkNC9rb2Zm\n" + - "cmFBODZBdzAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMv\n" + - "Z3RzMWQ0LmRlcjAmBgNVHREEHzAdghtyZXZva2VkLmd0c3IxLmRlbW8ucGtpLmdv\n" + - "b2cwIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAz\n" + - "MDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxZDQvODJFckFFQVVsR1ku\n" + - "Y3JsMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYArfe++nz/EMiLnT2cHj4YarRn\n" + - "KV3PsQwkyoWGNOvcgooAAAGHJM+cawAABAMARzBFAiB568monxGD3NiHsqNmsy+t\n" + - "IL4kCc71UNCCJthgnlL7HgIhAKSYf7P7CFO2wWdAt8LBMrsLoip9lytrinj0JR8R\n" + - "CYK9AHcAtz77JN+cTbp18jnFulj0bF38Qs96nzXEnh0JgSXttJkAAAGHJM+cZAAA\n" + - "BAMASDBGAiEAj8nBf1ihput8Gb8qCqVgvqAxPv9t4xLVhWg3tqv8gGMCIQDPiNbu\n" + - "vsyOi9nE6pDm86nggExXRa13wwCtr2wjAn5IpDANBgkqhkiG9w0BAQsFAAOCAQEA\n" + - "ezldM/NCUH58eXPZnbPaMMKrT5oNBxv+hypDy96+PyAqKtbC2bK+7sobGMZkfpG5\n" + - "8dW0mFmfazzjgbZUj54ZVHG4KaHeit8Nq1s07wh2Jo1c2JQdKxEXAOItax/IOfEd\n" + - "tqSg8AwSmhogQeiA7EXRspw4dYXL5uP/8jPPqByMI3PRmm3y7wyQLKNlNAfSgn7m\n" + - "wkrZxMRAENML4JND5UKxg7zo9e/Wvf4UPtEVVZaEj6ZxOe4JljvErCtayaw03t5p\n" + - "I18IAhXRpqm8JG1UGWjn49O8vkjB0bf/7iVXXI4rg6gGVia+HFuxKVGk5OQzo4Qd\n" + - "wBl6yOc8tpUH3phFPYbiMg==\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Mon Mar 27 13:43:25 PDT 2023", System.out); + private static final String VALID = "https://good.gtsr1.demo.pki.goog/"; + private static final String REVOKED = "https://revoked.gtsr1.demo.pki.goog/"; + private static final String CA_FINGERPRINT = + "D9:47:43:2A:BD:E7:B7:FA:90:FC:2E:6B:59:10:1B:12:80:E0:E1:C7:E4:E4:0F:A3:C6:88:7F:FF:57:A7:F4:CF"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class GoogleGTSR2 { - - // Owner: CN=GTS CA 1D8, O=Google Trust Services LLC, C=US - // Issuer: CN=GTS Root R2, O=Google Trust Services LLC, C=US - // Serial number: 219c15ac025a1b0a5c1d9d501 - // Valid from: Tue Oct 04 17:00:42 PDT 2022 until: Wed Sep 29 17:00:42 PDT 2027 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIFjDCCA3SgAwIBAgINAhnBWsAlobClwdnVATANBgkqhkiG9w0BAQsFADBHMQsw\n" + - "CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU\n" + - "MBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMjIxMDA1MDAwMDQyWhcNMjcwOTMwMDAw\n" + - "MDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp\n" + - "Y2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFEODCCASIwDQYJKoZIhvcNAQEBBQAD\n" + - "ggEPADCCAQoCggEBAKgpBAgi9bhOp5nCIELI/W+1rMoxNH3isu2LuDI3pPEPYJ0o\n" + - "YDxXB1zKHvUqn1VWDlF+K4vLPzjTRv2MUw8fHH9IAd/Rx+mrUHUxffTPU5O41tPj\n" + - "OdzFRO+FOr5RqZfbtXWbEUNyv7wyyCYr9gaDvDeQgDnHTfHAafdoDracNLm2LS3r\n" + - "8iznvJltsboRm+fBwTH99nHciN/h/hHEWlRriUGZ+Cz+5YVB9Tm4gAOByyYYbAa4\n" + - "ES0PhzkIUHaq+56cTDVhK0DM5ZtnZJqV8amhBFssswPttAXT9pNCzoDLCtxeZ2Lw\n" + - "r7bcaGaDcuDmv4j8zAw3BOR73O0Xk1VcBYPBBUcCAwEAAaOCAXYwggFyMA4GA1Ud\n" + - "DwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0T\n" + - "AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUkPhQ+ueQJcnkJ30S3UdY53QPtmowHwYD\n" + - "VR0jBBgwFoAUu//KjiOfT5nK2+JopqUVJxce2Q4waAYIKwYBBQUHAQEEXDBaMCYG\n" + - "CCsGAQUFBzABhhpodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHNyMjAwBggrBgEFBQcw\n" + - "AoYkaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzcjIuZGVyMDQGA1UdHwQt\n" + - "MCswKaAnoCWGI2h0dHA6Ly9jcmwucGtpLmdvb2cvZ3RzcjIvZ3RzcjIuY3JsME0G\n" + - "A1UdIARGMEQwCAYGZ4EMAQIBMDgGCisGAQQB1nkCBQMwKjAoBggrBgEFBQcCARYc\n" + - "aHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAgEA\n" + - "q3rJUW9syti3qkV5WNXCpJj2WoCptfxOdIrojT4Q1CIGzruFu4GXB8pfkJu7iU8k\n" + - "Aklel6RCn7MG/aI12ndmvUsW86e6UJDWEMz1CsQPA92AOsktAVXiGVDx3RAiPfP2\n" + - "9W9yNwlImSVZhGNQISC0SueK7QOv+mHHWE/7G0G0/YqAxMbVZzyrPYHfPUh0SD1g\n" + - "k7qYjq9hGJB7w7cfepZ2iPdKzlj/4aFOe04gho1zHMLJYIs03nb6uWg0AwX55SSu\n" + - "KvehoYs1ItHdEV1J2XfATZpCn6jMTEB/JYERbXW0VWLUhdaZORtaayQoU5YXbgvg\n" + - "bsPgqdIsPaxs/Chrp6zIKvs503YYcvs0GQSUQ1MFAWc+Loc39669T7WnL8Uu2yCO\n" + - "RxjFp3+fhTVA5UYwL1vy4wPnNUoa4+CA6JypT6ODUWcXZa8pWOdyHpbg0IeL389D\n" + - "s67kirG8/eKQxFzckbhL5AD8BJS3wkF7O7A8Gd+2VvSWhmEQzzOBHcvT/lqrCSe0\n" + - "7R7CV/Pw4E9C2GBLGfw8opxGXrdfJRjU6nHf5c+tC4xIjH/i3PQjaIFLG3D60mav\n" + - "0nkS92iorZl2dCiHTKxaD/J4B6VV03lpEcUdVg4WeGAmTClsXUnMOjCnlVYMLg9v\n" + - "URq0LbylxbGBelBrCNyqBS5UO6+9F4/Yi4vzoIvvbJ0=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=good.gtsr2.demo.pki.goog - // Issuer: CN=GTS CA 1D8, O=Google Trust Services LLC, C=US - // Serial number: 428fe99edb0df46e1008e4452f6cbfd2 - // Valid from: Mon Mar 27 12:52:12 PDT 2023 until: Sun Jun 25 12:52:11 PDT 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIFdDCCBFygAwIBAgIQQo/pntsN9G4QCORFL2y/0jANBgkqhkiG9w0BAQsFADBG\n" + - "MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM\n" + - "QzETMBEGA1UEAxMKR1RTIENBIDFEODAeFw0yMzAzMjcxOTUyMTJaFw0yMzA2MjUx\n" + - "OTUyMTFaMCMxITAfBgNVBAMTGGdvb2QuZ3RzcjIuZGVtby5wa2kuZ29vZzCCASIw\n" + - "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMaC0h20vohsggOQ0XGL5ca3Gqyf\n" + - "2n44PhYBrhzPpbq9/Mk9BKYYFy9osH0HwTFkYRYnI5fDeK6s/7svufiEwH8LtXK7\n" + - "A3juxf3k65cJ8M5bbBwDDW7Prgp86ueUd6pzqv23rLPc9Kv6vvtNYzgaTd4COU38\n" + - "3zFnuudAh8gvEbIQD+Nqis+kc4kEO3JfZBlAF883YRQZRpm6c4bWxKm1Atco53/6\n" + - "fYOota/XUgdJ8zQWOH1f9iaKX3kiDn76djxT9v/8MrcK2gRkHJJDo72HtCPuhdt8\n" + - "UkVLX4C3KF6eSUrgZ1gxA92ikAWxI4tn5D70yEffH0A7by0/b/C6uPMvXCECAwEA\n" + - "AaOCAn8wggJ7MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAM\n" + - "BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTegr5Cc+1LmL/c1H3sXVKufKZE8DAfBgNV\n" + - "HSMEGDAWgBSQ+FD655AlyeQnfRLdR1jndA+2ajB4BggrBgEFBQcBAQRsMGowNQYI\n" + - "KwYBBQUHMAGGKWh0dHA6Ly9vY3NwLnBraS5nb29nL3MvZ3RzMWQ4L0FoZFdDWF9D\n" + - "QUJFMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMx\n" + - "ZDguZGVyMCMGA1UdEQQcMBqCGGdvb2QuZ3RzcjIuZGVtby5wa2kuZ29vZzAhBgNV\n" + - "HSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAvoC2G\n" + - "K2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFkOC8tME5ITHA5Y0w5US5jcmwwggEE\n" + - "BgorBgEEAdZ5AgQCBIH1BIHyAPAAdgB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9Ir\n" + - "wTpXo1LrUgAAAYck2PpFAAAEAwBHMEUCIAznUI2WdAkwXBvnx0a8Io6hnZReoXsd\n" + - "Y+o+xpXqZsbbAiEAw/i7jWA43QWEMZz265nflCNxAS1W+s7nsZaKL512/S8AdgDo\n" + - "PtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAYck2PoBAAAEAwBHMEUC\n" + - "IHWqRE57W1pJJJAXrxFNMrjEO3f0YejAfi47mdyS1zJYAiEA4ye+achvGTYIMRnl\n" + - "jwBlTsYQQYt7KAVt2VAGMRB4H8kwDQYJKoZIhvcNAQELBQADggEBAGf9hz7NJRow\n" + - "veCSrfeVav2tDkx8s9VU7VD+lApip1mdqOGsqkCkeaA5hsGfhqleQFwsOAjduBFA\n" + - "nSV6KgiqFsgHSuS9zuSp2aVe8xhxq6mpr4LngkeUDc32mB9tW9AMaiYp8UeYyFGq\n" + - "hvjUb7/H2wFlT6qO+Qp/+hmfulKqNnrSzpZLIl+x2EBn3L6CFe5xaKzNaANgbShI\n" + - "cQsyKdaUrSAzNJZWnHwaAyQ1msqqXXoVzKmjAGMgZrXZNxv8Lh9V1v+F9WHDIjeQ\n" + - "TtahntIgq38eGtZAnyjdrUtfQwBlQI3zaE0n7n6Fq8ocglJE5woRlL/eTmSKiZr9\n" + - "rrEY0sJ0fCw=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked.gtsr2.demo.pki.goog - // Issuer: CN=GTS CA 1D8, O=Google Trust Services LLC, C=US - // Serial number: df9af5c19e9dbdf6107cb03548ffbd06 - // Valid from: Mon Mar 27 12:45:09 PDT 2023 until: Sun Jun 25 12:45:08 PDT 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIFejCCBGKgAwIBAgIRAN+a9cGenb32EHywNUj/vQYwDQYJKoZIhvcNAQELBQAw\n" + - "RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM\n" + - "TEMxEzARBgNVBAMTCkdUUyBDQSAxRDgwHhcNMjMwMzI3MTk0NTA5WhcNMjMwNjI1\n" + - "MTk0NTA4WjAmMSQwIgYDVQQDExtyZXZva2VkLmd0c3IyLmRlbW8ucGtpLmdvb2cw\n" + - "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFJUSh0aOOjj6BXJqBFDOD\n" + - "GFjnr1VKDfWYdGWfB3QNhcbjz7qJRLeZDSYQZ3H2D5pkOQhl6xYLOZ1L0v+0TWW9\n" + - "5lCXQ476jdZXzPlOC29gYFX4VzS9w92ochg0dUhHdzKcWsqBjqChZdudGydYfwNS\n" + - "edZIhd4AcamVsXbCqAhS01Evo2hiBRlmMgryR9Ok2xRqbJiyvd8awhBIB4L0vMN+\n" + - "CgMpWMgaV1nn+LjEa3bHisyNVsRLdDZXY6Bgq3hUQ9jQWJdK/vGxHqunqC5ByrqG\n" + - "iN+4/+kK/PS8okkpAEAOXFoohogb6BQASMRgO/l50Mz8B24NGgWVLlWdaNysgU8f\n" + - "AgMBAAGjggKBMIICfTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH\n" + - "AwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUh/wMqf9pabUzGDoQvsyHVaT1rjAw\n" + - "HwYDVR0jBBgwFoAUkPhQ+ueQJcnkJ30S3UdY53QPtmoweAYIKwYBBQUHAQEEbDBq\n" + - "MDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFkOC9CdWF6\n" + - "OFdQMnoybzAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMv\n" + - "Z3RzMWQ4LmRlcjAmBgNVHREEHzAdghtyZXZva2VkLmd0c3IyLmRlbW8ucGtpLmdv\n" + - "b2cwIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAz\n" + - "MDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxZDgvLTBOSExwOWNMOVEu\n" + - "Y3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAejKMVNi3LbYg6jjgUh7phBZw\n" + - "MhOFTTvSK8E6V6NS61IAAAGHJNGpywAABAMARzBFAiEApXndD34BJ3oOCLvGoa5f\n" + - "Xu0P6t4yf1pdCQONuLTSrX4CIDMp1N5/VKjClXqE/t2xux3mvJH2ceVECID4B69v\n" + - "WfOhAHUA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGHJNGphwAA\n" + - "BAMARjBEAiBa5aSnTCc2ceQj/asKFYRRGbwzXTnaDbvNMMeB4ogEXAIgZykyJVPh\n" + - "4Sfkroi8tvV6dwxexp0dT2EXHAmr+/GzZU0wDQYJKoZIhvcNAQELBQADggEBAHVn\n" + - "uWbk/OaljXKeyhlDCgdvnzJGCFQXwGyIJzNDkCs8k3iA1iwJKArvpkczxnCBxCPE\n" + - "imW2MHWCayT9JXKuO4ppU0oTh6GYvRV6DV1OkuWXsna7+dGf3+tkm9k0wauI6J8X\n" + - "H1T8Dq3W0+S+8UNSftduYSR1wTcN15OxIzlZ/FrV3LLRDxH2RKSsXfXBLgP1befh\n" + - "m+8SPQTpZ5NdMl7my0gmVgNF5ZIbFiHYzJkF2vS4iXJCI6fTWyoA1u/7jQyHdLOy\n" + - "pY0s6gKWEwwtpYC1lWI6ek/wLfuNrJbiRRiRs8e3HHQymn8K3T1PM+7n8huDy95b\n" + - "f1EgLMjvEtx6xpIqrqg=\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Mon Mar 27 13:45:40 PDT 2023", System.out); + private static final String VALID = "https://good.gtsr2.demo.pki.goog/"; + private static final String REVOKED = "https://revoked.gtsr2.demo.pki.goog/"; + private static final String CA_FINGERPRINT = + "8D:25:CD:97:22:9D:BF:70:35:6B:DA:4E:B3:CC:73:40:31:E2:4C:F0:0F:AF:CF:D3:2D:C7:6E:B5:84:1C:7E:A8"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class GoogleGTSR3 { - - // Owner: CN=GTS CA 2D3, O=Google Trust Services LLC, C=US - // Issuer: CN=GTS Root R3, O=Google Trust Services LLC, C=US - // Serial number: 21668d8d65bc4320e5b8e5e76 - // Valid from: Tue Oct 04 17:00:42 PDT 2022 until: Wed Sep 29 17:00:42 PDT 2027 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIDIDCCAqagAwIBAgINAhZo2NZbxDIOW45edjAKBggqhkjOPQQDAzBHMQswCQYD\n" + - "VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG\n" + - "A1UEAxMLR1RTIFJvb3QgUjMwHhcNMjIxMDA1MDAwMDQyWhcNMjcwOTMwMDAwMDQy\n" + - "WjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz\n" + - "IExMQzETMBEGA1UEAxMKR1RTIENBIDJEMzBZMBMGByqGSM49AgEGCCqGSM49AwEH\n" + - "A0IABGQQXn8LoR0OtyBn+KkEav3utA7WFBgWEb/8bXVlW6xJLTZJIC04lsNmNKWJ\n" + - "P/fwHYfrZcx1o4vvOUTO9OD/7pijggF2MIIBcjAOBgNVHQ8BAf8EBAMCAYYwHQYD\n" + - "VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAw\n" + - "HQYDVR0OBBYEFL+pU78badiFKTSaaUPL1nrUmf9tMB8GA1UdIwQYMBaAFMHxJrqg\n" + - "La6Fgc/T8SoSvbgKZ/28MGgGCCsGAQUFBwEBBFwwWjAmBggrBgEFBQcwAYYaaHR0\n" + - "cDovL29jc3AucGtpLmdvb2cvZ3RzcjMwMAYIKwYBBQUHMAKGJGh0dHA6Ly9wa2ku\n" + - "Z29vZy9yZXBvL2NlcnRzL2d0c3IzLmRlcjA0BgNVHR8ELTArMCmgJ6AlhiNodHRw\n" + - "Oi8vY3JsLnBraS5nb29nL2d0c3IzL2d0c3IzLmNybDBNBgNVHSAERjBEMAgGBmeB\n" + - "DAECATA4BgorBgEEAdZ5AgUDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdv\n" + - "b2cvcmVwb3NpdG9yeS8wCgYIKoZIzj0EAwMDaAAwZQIxAO3wG4U11INX3hl2UyCn\n" + - "0A/upBaO+BBzX1OiQx7UfmMXc65kqkdIcNzZc6G6EWnNVAIwBG0LuIKWXfYc+Wbk\n" + - "STfMvwatUvd6QjdIKsYF0e8Hiaav+hLI0DzOuJcDPFtfYIyY\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=good.gtsr3.demo.pki.goog - // Issuer: CN=GTS CA 2D3, O=Google Trust Services LLC, C=US - // Serial number: 7d08ad6716e51d1210bfc149e3d0af19 - // Valid from: Mon Mar 27 12:37:41 PDT 2023 until: Sun Jun 25 12:37:40 PDT 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIEszCCBFmgAwIBAgIQfQitZxblHRIQv8FJ49CvGTAKBggqhkjOPQQDAjBGMQsw\n" + - "CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzET\n" + - "MBEGA1UEAxMKR1RTIENBIDJEMzAeFw0yMzAzMjcxOTM3NDFaFw0yMzA2MjUxOTM3\n" + - "NDBaMCMxITAfBgNVBAMTGGdvb2QuZ3RzcjMuZGVtby5wa2kuZ29vZzCCASIwDQYJ\n" + - "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7R40feuILVPC65FhoVh3kZ8mJuEKpJ\n" + - "SiSB9gbKRkaKBr4kHOm7+sa0RkAm3Zgbomd2JGiJbYYcQ4lY8MMlXruFLLY+0AMf\n" + - "Pf5mQbn6i+oSyfaNwV0Hk1q1MhZL5WSKLywXS0NVw50JGQw/SiIRhmR22DdOtxuh\n" + - "VC7ZOebYTbHzTBSYTxvoyJZ0bGUQMWQ0rI2lzOp+2kqSTDMmRejXUNm14ZrsdXUb\n" + - "F8nOunZpT5ppESFvsK7TFrWJlAFHNVxJjPkNaRyfIaR7G+hORoV5tHGaNeTzmFkO\n" + - "3ySGcRlvL41IWqBN4LwLiS6QN+Je7nIBDojEPTBVhPCzP++1uLKEKusCAwEAAaOC\n" + - "An8wggJ7MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNV\n" + - "HRMBAf8EAjAAMB0GA1UdDgQWBBRRhq17jer1cVfi0eFV+LIwk+Lk8jAfBgNVHSME\n" + - "GDAWgBS/qVO/G2nYhSk0mmlDy9Z61Jn/bTB4BggrBgEFBQcBAQRsMGowNQYIKwYB\n" + - "BQUHMAGGKWh0dHA6Ly9vY3NwLnBraS5nb29nL3MvZ3RzMmQzL09KOENlY2cwdWNV\n" + - "MDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMyZDMu\n" + - "ZGVyMCMGA1UdEQQcMBqCGGdvb2QuZ3RzcjMuZGVtby5wa2kuZ29vZzAhBgNVHSAE\n" + - "GjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAvoC2GK2h0\n" + - "dHA6Ly9jcmxzLnBraS5nb29nL2d0czJkMy9WREItNVdJSTVRSS5jcmwwggEEBgor\n" + - "BgEEAdZ5AgQCBIH1BIHyAPAAdgDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9\n" + - "bQa9bgAAAYckzOfmAAAEAwBHMEUCIF0wxIlFnHLMan20Gtbnia+mzuA1Re0dhoIS\n" + - "wOAO7aC4AiEA7cYfSflOAA0DLxHsHAXpVs2LuLYlq34bSxbyUa85UyYAdgCzc3cH\n" + - "4YRQ+GOG1gWp3BEJSnktsWcMC4fc8AMOeTalmgAAAYckzOf5AAAEAwBHMEUCICza\n" + - "2nef9GWr9tF/ZXxhMYP15JQsdWPWmpQkdS/xUBWyAiEAs9AaeMarT7EaBVoSatAT\n" + - "Poj6cOhdvF/uDOHigyQdVd8wCgYIKoZIzj0EAwIDSAAwRQIhALv6jaEFgAIe3NbX\n" + - "87YEjhMMymK7wl435DQD9syoOEx2AiBbcYXr6nLNWA1pPoRiA1WvHgTVJFWftpYt\n" + - "e8CkUXnIxA==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked.gtsr3.demo.pki.goog - // Issuer: CN=GTS CA 2D3, O=Google Trust Services LLC, C=US - // Serial number: 7ffa6a827df64c6010ebc47b5ca3eda7 - // Valid from: Mon Mar 27 12:45:58 PDT 2023 until: Sun Jun 25 12:45:57 PDT 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIEuTCCBF+gAwIBAgIQf/pqgn32TGAQ68R7XKPtpzAKBggqhkjOPQQDAjBGMQsw\n" + - "CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzET\n" + - "MBEGA1UEAxMKR1RTIENBIDJEMzAeFw0yMzAzMjcxOTQ1NThaFw0yMzA2MjUxOTQ1\n" + - "NTdaMCYxJDAiBgNVBAMTG3Jldm9rZWQuZ3RzcjMuZGVtby5wa2kuZ29vZzCCASIw\n" + - "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKpn78KglifqiS3f5hPLH64og4aH\n" + - "7a1tDBza2ebTLYB74i1u65EIENCyzvz6OYvh8kKzhqZMPFbORd8OCESzebjv/Dc2\n" + - "BJJV498N3BfSZYWN+baVxKuOZ4HWXV5NyP85rEvbcaAWcmqvh++G88FOCTQvYd4D\n" + - "/RKgAMptDjM+4X6V2NIRXcmOZJWZ2iItao76FARvbKH0D2UJLG4ENdOznRonnItP\n" + - "74UEVfNCb/i7I+NMJYTuDA4/rr+AS6pttvsVM9pqWkIJqOloEVNcCyyr1buflfJO\n" + - "j4A8Nz9fTUffpfApQnPi394iUcdCVyCrcjB2ta2eMR/3AyhiSXOmxcGjUcECAwEA\n" + - "AaOCAoIwggJ+MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAM\n" + - "BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSg57WFIkW4b1eTcWX+qZsN+JEewTAfBgNV\n" + - "HSMEGDAWgBS/qVO/G2nYhSk0mmlDy9Z61Jn/bTB4BggrBgEFBQcBAQRsMGowNQYI\n" + - "KwYBBQUHMAGGKWh0dHA6Ly9vY3NwLnBraS5nb29nL3MvZ3RzMmQzL1pEZWExWTdT\n" + - "SlBZMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMy\n" + - "ZDMuZGVyMCYGA1UdEQQfMB2CG3Jldm9rZWQuZ3RzcjMuZGVtby5wa2kuZ29vZzAh\n" + - "BgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAv\n" + - "oC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czJkMy9WREItNVdJSTVRSS5jcmww\n" + - "ggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr\n" + - "7Otp4Xd9bQa9bgAAAYck00MJAAAEAwBGMEQCIALwbMReWy/zrvUwV1G5XOxN8koN\n" + - "VJ1pp7s1d7ClE9ebAiBYWwJeccnfHLIh9AJTdeuN+R/pDzEudVBSC2rIdo3HhgB3\n" + - "ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhyTTQzMAAAQDAEgw\n" + - "RgIhAOEO0oyiRgMNDdWvRTobr7sex2SUFsjpKmwenYAULrRiAiEA6uKFK1sbnJ1J\n" + - "lW8Tw2G4jGpEFIc4C9duRbU6DIbGnckwCgYIKoZIzj0EAwIDSAAwRQIgN3byD4lu\n" + - "a8A0hzUR1OnPoXSyfus6HOhmBozH6coY9MICIQDsT5jj5GKVtxtlcki5iE08K70Z\n" + - "gt/tkcE1Fkk4RsZORA==\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Mon Mar 27 13:47:24 PDT 2023", System.out); + private static final String VALID = "https://good.gtsr3.demo.pki.goog/"; + private static final String REVOKED = "https://revoked.gtsr3.demo.pki.goog/"; + private static final String CA_FINGERPRINT = + "34:D8:A7:3E:E2:08:D9:BC:DB:0D:95:65:20:93:4B:4E:40:E6:94:82:59:6E:8B:6F:73:C8:42:6B:01:0A:6F:48"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class GoogleGTSR4 { - - // Owner: CN=GTS CA 2P2, O=Google Trust Services LLC, C=US - // Issuer: CN=GTS Root R4, O=Google Trust Services LLC, C=US - // Serial number: 2166825e1700440612491f540 - // Valid from: Tue Oct 04 17:00:42 PDT 2022 until: Wed Sep 29 17:00:42 PDT 2027 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIDITCCAqagAwIBAgINAhZoJeFwBEBhJJH1QDAKBggqhkjOPQQDAzBHMQswCQYD\n" + - "VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG\n" + - "A1UEAxMLR1RTIFJvb3QgUjQwHhcNMjIxMDA1MDAwMDQyWhcNMjcwOTMwMDAwMDQy\n" + - "WjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz\n" + - "IExMQzETMBEGA1UEAxMKR1RTIENBIDJQMjBZMBMGByqGSM49AgEGCCqGSM49AwEH\n" + - "A0IABKdQkzjAHqOUsb/TkH7cz5lRtD374tNZ8rYrCUb1mxypE+VmCb1Jgzq+93tR\n" + - "dE78GRzPI4+q6raha1TEyWgoniOjggF2MIIBcjAOBgNVHQ8BAf8EBAMCAYYwHQYD\n" + - "VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAw\n" + - "HQYDVR0OBBYEFIcjqVBIDgeJVApxMPYz0gpH9p2sMB8GA1UdIwQYMBaAFIBM1ut0\n" + - "/0k2o9XY/LU+xWrwlB2MMGgGCCsGAQUFBwEBBFwwWjAmBggrBgEFBQcwAYYaaHR0\n" + - "cDovL29jc3AucGtpLmdvb2cvZ3RzcjQwMAYIKwYBBQUHMAKGJGh0dHA6Ly9wa2ku\n" + - "Z29vZy9yZXBvL2NlcnRzL2d0c3I0LmRlcjA0BgNVHR8ELTArMCmgJ6AlhiNodHRw\n" + - "Oi8vY3JsLnBraS5nb29nL2d0c3I0L2d0c3I0LmNybDBNBgNVHSAERjBEMAgGBmeB\n" + - "DAECATA4BgorBgEEAdZ5AgUDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdv\n" + - "b2cvcmVwb3NpdG9yeS8wCgYIKoZIzj0EAwMDaQAwZgIxAMnbIiQb5fsdexUuVGoB\n" + - "MVwsDPGd7VC13Y0OBezt7FqFHDwqm8nnVdV/FkNyXNv9/AIxAN51NGqMcbexMOYK\n" + - "pLC0zXfjNwvqBsZhmzCCQIM6MVyBID0rjjxPu7laIaHqAu6T5Q==\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=good.gtsr4.demo.pki.goog - // Issuer: CN=GTS CA 2P2, O=Google Trust Services LLC, C=US - // Serial number: 743c4f78750e30f0d407a19254ba96a - // Valid from: Mon Mar 27 12:40:42 PDT 2023 until: Sun Jun 25 12:40:41 PDT 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIEsTCCBFegAwIBAgIQB0PE94dQ4w8NQHoZJUupajAKBggqhkjOPQQDAjBGMQsw\n" + - "CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzET\n" + - "MBEGA1UEAxMKR1RTIENBIDJQMjAeFw0yMzAzMjcxOTQwNDJaFw0yMzA2MjUxOTQw\n" + - "NDFaMCMxITAfBgNVBAMTGGdvb2QuZ3RzcjQuZGVtby5wa2kuZ29vZzCCASIwDQYJ\n" + - "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOdkWBg3i5CxzH1dvlBoWHtIUyk78OAA\n" + - "bZdq7pKWB8i8C9Rf089uQ+7jQWOmqCNxU+OXdjumPfk/4MQvvtkmaqKi7HCN1bvQ\n" + - "0CrW7Zhi5jx11QuzEEZVdvXcchzmodp9GSl9t6zK/ItNiIYVisH9dqRWrZ/KZnO+\n" + - "y13dlr5UXAXVvNKx1L4TjhGlam7IEJdrAjkLJk4wXAFhv9HaPNJnjj0306xNm2h+\n" + - "VzldpMPlaXGN9JcGQdMVFpa9f0AI/r7SF7I2EDXaIKFToJ4jQurEGc3oxayiv9wB\n" + - "QapXqSTbPztb5SPGdX1yawDeigNHf10tDqFzCpfI/AwLxagpA2YyyXMCAwEAAaOC\n" + - "An0wggJ5MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNV\n" + - "HRMBAf8EAjAAMB0GA1UdDgQWBBTZs4UFHCFLlXnJswubCMxEhtgPmjAfBgNVHSME\n" + - "GDAWgBSHI6lQSA4HiVQKcTD2M9IKR/adrDB4BggrBgEFBQcBAQRsMGowNQYIKwYB\n" + - "BQUHMAGGKWh0dHA6Ly9vY3NwLnBraS5nb29nL3MvZ3RzMnAyL3dKWTY1eFNLQUNB\n" + - "MDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMycDIu\n" + - "ZGVyMCMGA1UdEQQcMBqCGGdvb2QuZ3RzcjQuZGVtby5wa2kuZ29vZzAhBgNVHSAE\n" + - "GjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAvoC2GK2h0\n" + - "dHA6Ly9jcmxzLnBraS5nb29nL2d0czJwMi94NWswT2ZlZ0o4OC5jcmwwggECBgor\n" + - "BgEEAdZ5AgQCBIHzBIHwAO4AdQDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9\n" + - "bQa9bgAAAYckzdBSAAAEAwBGMEQCICpm7XEQds5Pzk59Qhhlx3PjipAEVzxVJB3H\n" + - "UmmGlHYKAiBG39UauHNNQDMYK2PEnILbFI0AvVWpCBUck4CHbs+9xAB1AHoyjFTY\n" + - "ty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhyTN0JoAAAQDAEYwRAIgekoP\n" + - "yJFspEfqvzW/pzVtRn8oz1L/PBzw2NYRPFdDkRUCIG1uIaGUA7uqiILD6vvp/1VD\n" + - "XriEIH8/qz/3qWqxsZanMAoGCCqGSM49BAMCA0gAMEUCIQCnpyh5H9Hn+f8nOFZp\n" + - "wz7p+x5pmMVvPzah1g+EmoFO/wIgStidgVhudT/vpM2OH/oN30Na+EJJDqWxousN\n" + - "6t9L8FQ=\n" + - "-----END CERTIFICATE-----"; - - // Owner: CN=revoked.gtsr4.demo.pki.goog - // Issuer: CN=GTS CA 2P2, O=Google Trust Services LLC, C=US - // Serial number: 6b2d650d4bc3bd3f11a595bf05187915 - // Valid from: Mon Mar 27 12:47:43 PDT 2023 until: Sun Jun 25 12:47:42 PDT 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIEuDCCBF6gAwIBAgIQay1lDUvDvT8RpZW/BRh5FTAKBggqhkjOPQQDAjBGMQsw\n" + - "CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzET\n" + - "MBEGA1UEAxMKR1RTIENBIDJQMjAeFw0yMzAzMjcxOTQ3NDNaFw0yMzA2MjUxOTQ3\n" + - "NDJaMCYxJDAiBgNVBAMTG3Jldm9rZWQuZ3RzcjQuZGVtby5wa2kuZ29vZzCCASIw\n" + - "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOEKoC1Zv/m2G8DrGkOgLq5TPSeC\n" + - "X3cClcI6s4JS5Cld2DKX7m4P8rXAxJyVHvlmkxZQoD6Y7JxsavlJ/Yw0qdqkNLTv\n" + - "kviEiLNYEn8Qu0SoRLNanzoFUINZkAZ4/0Lfvsrl9tTigLsCJ4jQauemGmGcmKUy\n" + - "qsKisfrMC0ZG9EP9WRjc9WF13Jqe55+gZ7LqaAAoPVR/7J6T1VAKteaYaXrORtVF\n" + - "uMeinE4c9YuxRCLa+3X1qqc3HAsvZEBOdb35fC0cN/ILktCQpq1Fj+QD4jfR6bVQ\n" + - "E8eA6Jy+5qHSg2VjAm6wNLd5QkfE7D8uC9sYs638r48ahcXhy3zwpzGhuH0CAwEA\n" + - "AaOCAoEwggJ9MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAM\n" + - "BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQl5Uh4jTR3l8PkcLdBwtwQXkUzBjAfBgNV\n" + - "HSMEGDAWgBSHI6lQSA4HiVQKcTD2M9IKR/adrDB4BggrBgEFBQcBAQRsMGowNQYI\n" + - "KwYBBQUHMAGGKWh0dHA6Ly9vY3NwLnBraS5nb29nL3MvZ3RzMnAyL3h5WmtBTEE3\n" + - "aGY0MDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMy\n" + - "cDIuZGVyMCYGA1UdEQQfMB2CG3Jldm9rZWQuZ3RzcjQuZGVtby5wa2kuZ29vZzAh\n" + - "BgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAv\n" + - "oC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czJwMi9sU1htaTNxZWRoYy5jcmww\n" + - "ggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgCt9776fP8QyIudPZwePhhqtGcpXc+x\n" + - "DCTKhYY069yCigAAAYck1BYGAAAEAwBHMEUCIGM5ykDTU3mqgLIk+fPmVn6JGUXB\n" + - "W4xouGUA1iiNs7G0AiEAtuWnV/J5llcxB7ZTwkCb6cviyv4Z6O396ZGW8GsrqAQA\n" + - "dQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYck1BYIAAAEAwBG\n" + - "MEQCIHcK1H025GIv8klzQGSZAL9NnuH5EzeGra0jRRg5RM4UAiAQaJyJDBkJRL/C\n" + - "F9WCg9Lmp8bdsXkG5WPreI24ansAPTAKBggqhkjOPQQDAgNIADBFAiBehPLU7raP\n" + - "509khaP9yiKiL3mbygtfQo4MDpBnd2RI6wIhAOdlQythGgU+nOENodsB+wUOQXOb\n" + - "akcBOxrDWfyhxmpk\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Mon Mar 27 13:48:18 PDT 2023", System.out); + private static final String VALID = "https://good.gtsr4.demo.pki.goog/"; + private static final String REVOKED = "https://revoked.gtsr4.demo.pki.goog/"; + private static final String CA_FINGERPRINT = + "34:9D:FA:40:58:C5:E2:63:12:3B:39:8A:E7:95:57:3C:4E:13:13:C8:3F:E6:8F:93:55:6C:D5:E8:03:1B:3C:7D"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java index e21aad61b8364..a71beb68e4c95 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java @@ -22,36 +22,37 @@ */ /* - * @test + * @test id=OCSP * @bug 8304760 * @summary Interoperability tests with Microsoft TLS root CAs - * @build ValidatePathWithParams + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath MicrosoftTLS OCSP - * @run main/othervm -Djava.security.debug=certpath MicrosoftTLS CRL */ /* - * Microsoft ECC Root Certificate Authority 2017: - * Valid: http://acteccroot2017.pki.microsoft.com/ - * Revoked: http://rvkeccroot2017.pki.microsoft.com/ - * Expired: http://expeccroot2017.pki.microsoft.com/ - * - * Microsoft RSA Root Certificate Authority 2017: - * Valid: http://actrsaroot2017.pki.microsoft.com/ - * Revoked: http://rvkrsaroot2017.pki.microsoft.com/ - * Expired: http://exprsaroot2017.pki.microsoft.com/ + * @test id=CRL + * @bug 8304760 + * @summary Interoperability tests with Microsoft TLS root CAs + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL + * @run main/othervm -Djava.security.debug=certpath MicrosoftTLS CRL */ + +import java.security.cert.CertificateEncodingException; public class MicrosoftTLS { public static void main(String[] args) throws Exception { - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + ValidatePathWithURL pathValidator = new ValidatePathWithURL(); if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); + pathValidator.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPCheck(); + pathValidator.enableOCSPOnly(); } new MicrosoftECCTLS().runTest(pathValidator); @@ -60,289 +61,25 @@ public static void main(String[] args) throws Exception { } class MicrosoftECCTLS { - - // Owner: CN=Microsoft ECC TLS Issuing AOC CA 01, O=Microsoft Corporation, C=US - // Issuer: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft - // Corporation, C=US - // Serial number: 33000000282bfd23e7d1add707000000000028 - // Valid from: Thu Jun 24 12:58:36 PDT 2021 until: Wed Jun 24 12:58:36 PDT 2026 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIESTCCA8+gAwIBAgITMwAAACgr/SPn0a3XBwAAAAAAKDAKBggqhkjOPQQDAzBl\n" + - "MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw\n" + - "NAYDVQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5\n" + - "IDIwMTcwHhcNMjEwNjI0MTk1ODM2WhcNMjYwNjI0MTk1ODM2WjBbMQswCQYDVQQG\n" + - "EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSwwKgYDVQQDEyNN\n" + - "aWNyb3NvZnQgRUNDIFRMUyBJc3N1aW5nIEFPQyBDQSAwMTB2MBAGByqGSM49AgEG\n" + - "BSuBBAAiA2IABMBXcHExvrYrhw7v30oPR4aBaMne5o0FtTtbMV7iqVhTJDQSWDEJ\n" + - "hr528nyS6jcLLu9pLXQMJYxVd7bz4wWXgVtZnnbQ7trAAIPWVh5B6f5eJf5OQ7w7\n" + - "AwJgz3snP5Hx16OCAkkwggJFMA4GA1UdDwEB/wQEAwIBhjAQBgkrBgEEAYI3FQEE\n" + - "AwIBADAdBgNVHQ4EFgQUMVu5zlEbfNGqA8Dr7TZdwp3TieEwHQYDVR0lBBYwFAYI\n" + - "KwYBBQUHAwEGCCsGAQUFBwMCMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMBIG\n" + - "A1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUyMuZcnBSDPjmvrIEVykqz0IQ\n" + - "7TUwcAYDVR0fBGkwZzBloGOgYYZfaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br\n" + - "aW9wcy9jcmwvTWljcm9zb2Z0JTIwRUNDJTIwUm9vdCUyMENlcnRpZmljYXRlJTIw\n" + - "QXV0aG9yaXR5JTIwMjAxNy5jcmwwga4GCCsGAQUFBwEBBIGhMIGeMG0GCCsGAQUF\n" + - "BzAChmFodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY3Jv\n" + - "c29mdCUyMEVDQyUyMFJvb3QlMjBDZXJ0aWZpY2F0ZSUyMEF1dGhvcml0eSUyMDIw\n" + - "MTcuY3J0MC0GCCsGAQUFBzABhiFodHRwOi8vb25lb2NzcC5taWNyb3NvZnQuY29t\n" + - "L29jc3AwcAYDVR0gBGkwZzAIBgZngQwBAgEwCAYGZ4EMAQICMFEGDCsGAQQBgjdM\n" + - "g30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtp\n" + - "b3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wCgYIKoZIzj0EAwMDaAAwZQIxANmPydUj\n" + - "lgj/2K77UnMeMkSGIgXzOhcTsixzZL+NmTR1Bq2hSPeA6Y3mn3lMlwxZmAIwIio6\n" + - "KrgItH4YmLWKd8QClIrE9QjbDlR7oFqaU3J34bWbMlAEjRARdZhhQlNwdORe\n" + - "-----END CERTIFICATE-----"; - - // Owner: O=Microsoft Corporation, L=Redmond, ST=Washington, C=US - // Issuer: CN=Microsoft ECC TLS Issuing AOC CA 01, O=Microsoft Corporation, C=US - // Serial number: 3300000154e1c6007ee3d5c903000000000154 - // Valid from: Fri Oct 14 13:44:52 PDT 2022 until: Mon Oct 09 13:44:52 PDT 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIF3zCCBWSgAwIBAgITMwAAAVThxgB+49XJAwAAAAABVDAKBggqhkjOPQQDAzBb\n" + - "MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSww\n" + - "KgYDVQQDEyNNaWNyb3NvZnQgRUNDIFRMUyBJc3N1aW5nIEFPQyBDQSAwMTAeFw0y\n" + - "MjEwMTQyMDQ0NTJaFw0yMzEwMDkyMDQ0NTJaMFQxCzAJBgNVBAYTAlVTMRMwEQYD\n" + - "VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy\n" + - "b3NvZnQgQ29ycG9yYXRpb24wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARk86yqvyiv\n" + - "jH2Frg2l6bmh1f0CqiKAEHdA2S2vTQhR4CtvFArkrPdqcKrhAAfQSgnC8KJQ08gl\n" + - "QvjK55202ib55YX3h+96IW6fQOkE18cvPwqkD3DVQuROouLaL1r70NWjggPvMIID\n" + - "6zCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYA6D7Q2j71BjUy51covIlryQPT\n" + - "y9ERa+zraeF3fW0GvW4AAAGD2EdUigAABAMARzBFAiEA6rbt+9QhpuqX36PnuckO\n" + - "fR0Wu/8z3Yry9fdFKvJDCEUCIGBz901b4ZGEjCaSJdlZVr29v2td4crPa9I6S97i\n" + - "nShAAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGD2EdU/wAA\n" + - "BAMARzBFAiBIvnSKGeCIWOlZowi7s7ZdwmyGhv2waJWSdewUSS6UOAIhALJhPQ19\n" + - "nmjjTwWB9sgCIF7RZbd2xwBd1hno06MQMSqTAHcAejKMVNi3LbYg6jjgUh7phBZw\n" + - "MhOFTTvSK8E6V6NS61IAAAGD2EdUxwAABAMASDBGAiEArrc6Fu74KTj/z4lGCK9A\n" + - "O6UkhLpKnXdxEHilY7ghcZICIQCUjkvK4wehX1qEonjQoBkBJxLCus6y8WbkoxCe\n" + - "jHu2HTAbBgkrBgEEAYI3FQoEDjAMMAoGCCsGAQUFBwMBMDwGCSsGAQQBgjcVBwQv\n" + - "MC0GJSsGAQQBgjcVCIe91xuB5+tGgoGdLo7QDIfw2h1dgbXdUIWf/XUCAWQCAR0w\n" + - "gaYGCCsGAQUFBwEBBIGZMIGWMGUGCCsGAQUFBzAChllodHRwOi8vd3d3Lm1pY3Jv\n" + - "c29mdC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMEVDQyUyMFRMUyUyMElz\n" + - "c3VpbmclMjBBT0MlMjBDQSUyMDAxLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29u\n" + - "ZW9jc3AubWljcm9zb2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBTVpTA+3jWCa1okX5Ri\n" + - "HnuY2/b+IzAOBgNVHQ8BAf8EBAMCB4AwKwYDVR0RBCQwIoIgYWN0ZWNjcm9vdDIw\n" + - "MTcucGtpLm1pY3Jvc29mdC5jb20waAYDVR0fBGEwXzBdoFugWYZXaHR0cDovL3d3\n" + - "dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwRUNDJTIwVExT\n" + - "JTIwSXNzdWluZyUyMEFPQyUyMENBJTIwMDEuY3JsMGYGA1UdIARfMF0wUQYMKwYB\n" + - "BAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNv\n" + - "bS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTAIBgZngQwBAgIwHwYDVR0jBBgw\n" + - "FoAUMVu5zlEbfNGqA8Dr7TZdwp3TieEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYI\n" + - "KoZIzj0EAwMDaQAwZgIxAOKV8s3SpXVd6zho8zQa4uGXkxPVocYo410FdTwu0lw7\n" + - "G/MQPhLmj4DNsQJ/nYzDcwIxAMw7iZExsY9Is66/EaAty4rA+yuliwCag88VnDRH\n" + - "9cjiongZgpddIYS8xf76B2pi/Q==\n" + - "-----END CERTIFICATE-----"; - - // Owner: O=Microsoft Corporation, L=Redmond, ST=Washington, C=US - // Issuer: CN=Microsoft ECC TLS Issuing AOC CA 01, O=Microsoft Corporation, C=US - // Serial number: 3300000155ea28117be8708034000000000155 - // Valid from: Fri Oct 14 13:50:39 PDT 2022 until: Mon Oct 09 13:50:39 PDT 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIF3TCCBWOgAwIBAgITMwAAAVXqKBF76HCANAAAAAABVTAKBggqhkjOPQQDAzBb\n" + - "MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSww\n" + - "KgYDVQQDEyNNaWNyb3NvZnQgRUNDIFRMUyBJc3N1aW5nIEFPQyBDQSAwMTAeFw0y\n" + - "MjEwMTQyMDUwMzlaFw0yMzEwMDkyMDUwMzlaMFQxCzAJBgNVBAYTAlVTMRMwEQYD\n" + - "VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy\n" + - "b3NvZnQgQ29ycG9yYXRpb24wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARbimHzMojc\n" + - "ilBoJCu+adc99oS855DwGTmkKofXfEf6Ej6G9v6Zg1Y2a1wqs5Wd3IcqQONeqKK8\n" + - "EGxUL7DBpf1dBDsRpWSfenYIRtAzs/JznW0dfGPgnY0kGi4g52JegCOjggPuMIID\n" + - "6jCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUArfe++nz/EMiLnT2cHj4YarRn\n" + - "KV3PsQwkyoWGNOvcgooAAAGD2EyY+gAABAMARjBEAiBnysZazdmXKeL4CnYkJxI2\n" + - "g5juWT5jQfBi5Nxfc3zc9gIgGSGTTGw+E0864BRuAJjhFRF+j5keQ7Rik+PhGnd1\n" + - "P1gAdgB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYPYTJjXAAAE\n" + - "AwBHMEUCIQDmYqZ1fw/8X2lBl51TknJ8t8sRz4fEFkayqFrmNug1WQIgELQm99K3\n" + - "QH+Rr8rk9x6835NjXBBAyrrI2B8XLiELITUAdwCzc3cH4YRQ+GOG1gWp3BEJSnkt\n" + - "sWcMC4fc8AMOeTalmgAAAYPYTJkaAAAEAwBIMEYCIQD+jnAFon/1Bobh3R4wzym7\n" + - "yiDQ35ZUeRcfFes1IvgyvgIhAPILSf2w3HW7YmbthAVT4P13G+8xFIVlYihgVegU\n" + - "cJy8MBsGCSsGAQQBgjcVCgQOMAwwCgYIKwYBBQUHAwEwPAYJKwYBBAGCNxUHBC8w\n" + - "LQYlKwYBBAGCNxUIh73XG4Hn60aCgZ0ujtAMh/DaHV2Btd1QhZ/9dQIBZAIBHTCB\n" + - "pgYIKwYBBQUHAQEEgZkwgZYwZQYIKwYBBQUHMAKGWWh0dHA6Ly93d3cubWljcm9z\n" + - "b2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwRUNDJTIwVExTJTIwSXNz\n" + - "dWluZyUyMEFPQyUyMENBJTIwMDEuY3J0MC0GCCsGAQUFBzABhiFodHRwOi8vb25l\n" + - "b2NzcC5taWNyb3NvZnQuY29tL29jc3AwHQYDVR0OBBYEFN3cgtHESQ8o7thvaL42\n" + - "bD7mpfktMA4GA1UdDwEB/wQEAwIHgDArBgNVHREEJDAigiBydmtlY2Nyb290MjAx\n" + - "Ny5wa2kubWljcm9zb2Z0LmNvbTBoBgNVHR8EYTBfMF2gW6BZhldodHRwOi8vd3d3\n" + - "Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBFQ0MlMjBUTFMl\n" + - "MjBJc3N1aW5nJTIwQU9DJTIwQ0ElMjAwMS5jcmwwZgYDVR0gBF8wXTBRBgwrBgEE\n" + - "AYI3TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29t\n" + - "L3BraW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMAgGBmeBDAECAjAfBgNVHSMEGDAW\n" + - "gBQxW7nOURt80aoDwOvtNl3CndOJ4TATBgNVHSUEDDAKBggrBgEFBQcDATAKBggq\n" + - "hkjOPQQDAwNoADBlAjBBhbuh/iukcibeEh/Op3RfNf6jUSyza4lZvsJsRiEVwySa\n" + - "ofmg8OvBO2l2+9MjoCUCMQCoiyS1tDgtjW9gguKDgPXypURpL27KfnCzwx6ar2LN\n" + - "gCZ/soGnLsgPIscuNH/BK20=\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Fri Oct 14 15:46:18 PDT 2022", System.out); + private static final String VALID = "https://acteccroot2017.pki.microsoft.com/"; + private static final String REVOKED = "https://rvkeccroot2017.pki.microsoft.com/"; + private static final String CA_FINGERPRINT = + "35:8D:F3:9D:76:4A:F9:E1:B7:66:E9:C9:72:DF:35:2E:E1:5C:FA:C2:27:AF:6A:D1:D7:0E:8E:4A:6E:DC:BA:02"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } class MicrosoftRSATLS { - - // Owner: CN=Microsoft RSA TLS Issuing AOC CA 01, O=Microsoft Corporation, C=US - // Issuer: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft - // Corporation, C=US - // Serial number: 330000002ffaf06f6697e2469c00000000002f - // Valid from: Thu Jun 24 13:57:35 PDT 2021 until: Wed Jun 24 13:57:35 PDT 2026 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIHmDCCBYCgAwIBAgITMwAAAC/68G9ml+JGnAAAAAAALzANBgkqhkiG9w0BAQwF\n" + - "ADBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u\n" + - "MTYwNAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9y\n" + - "aXR5IDIwMTcwHhcNMjEwNjI0MjA1NzM1WhcNMjYwNjI0MjA1NzM1WjBbMQswCQYD\n" + - "VQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSwwKgYDVQQD\n" + - "EyNNaWNyb3NvZnQgUlNBIFRMUyBJc3N1aW5nIEFPQyBDQSAwMTCCAiIwDQYJKoZI\n" + - "hvcNAQEBBQADggIPADCCAgoCggIBAKAYz8zB6I+LeiWYURf1QUaISydvRgxWfcc6\n" + - "UvEiwvryj2UsRfFuREo2ErLTvP9qQ9E0YBTyWEqI2TXn4jo2uZ2cpGODiQQWlixe\n" + - "aAFcYgSqLzidFXj401vzQsz4E0zylD/ZeY+xkQ6xrdg5312x2u2Ap7AWLzqolZHZ\n" + - "gR0aicn9gcO6M4qn6Uuge8mOve1N7U6j8ebhSiw0KlkzY9ha1Kvrez+NXQdeLC+V\n" + - "PDWPPPlBWeysTnIM6dusbV1v2/C7Ooz9TuGb8wiXRriPpI7+igSIPqBebF00rHGJ\n" + - "Dmx9eN3g78VF9JpTrrRkV8alpMYVZKAh9IzMp9NWVZsw5wgZaX2W05SaXkSHP3zR\n" + - "OBANhKzwkBkCcDMbmF1LFOk+wgkcEtFlKEnfgvOQVHTp02gTzyhSxstw0buon4Cy\n" + - "ZAm1L+6bJJ+puNL8HuLTJxq1mqiaY0T50olJeySSX5uJBo/l29Pz+0WjANnhRLVq\n" + - "e5xdxPV11QGHDxnvsXaMgC4y/5sLo5v4UEZT+4VDcKiRHReusJD+kUt92FSYqWTK\n" + - "xs6zwuxf25as/rJbZT99o9QVFLfHEs6DgHKNIqQuVxZxH0T3M6XqfmnRTo1FrD8i\n" + - "p/93Q4zQta5S9whe/sAxpizwyMw/9fhBDHGVHfgFV1C0EP9zxkyHEya0CGAMhbzp\n" + - "+0Y/ZYxrAgMBAAGjggJJMIICRTAOBgNVHQ8BAf8EBAMCAYYwEAYJKwYBBAGCNxUB\n" + - "BAMCAQAwHQYDVR0OBBYEFOtMMXw9PzK4g9fF23va5HjanBRXMB0GA1UdJQQWMBQG\n" + - "CCsGAQUFBwMBBggrBgEFBQcDAjAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAS\n" + - "BgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFAnLWX+GsnCPGsM548DZ6b+7\n" + - "TbIjMHAGA1UdHwRpMGcwZaBjoGGGX2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9w\n" + - "a2lvcHMvY3JsL01pY3Jvc29mdCUyMFJTQSUyMFJvb3QlMjBDZXJ0aWZpY2F0ZSUy\n" + - "MEF1dGhvcml0eSUyMDIwMTcuY3JsMIGuBggrBgEFBQcBAQSBoTCBnjBtBggrBgEF\n" + - "BQcwAoZhaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNy\n" + - "b3NvZnQlMjBSU0ElMjBSb290JTIwQ2VydGlmaWNhdGUlMjBBdXRob3JpdHklMjAy\n" + - "MDE3LmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9zb2Z0LmNv\n" + - "bS9vY3NwMHAGA1UdIARpMGcwCAYGZ4EMAQIBMAgGBmeBDAECAjBRBgwrBgEEAYI3\n" + - "TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br\n" + - "aW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMA0GCSqGSIb3DQEBDAUAA4ICAQAkucWk\n" + - "Mrgs2ahYrG7y4sY2yZno4f9TGyk7p+Srg4Yz/g7LmVeyOob9o579Omw9AiyeDK8Y\n" + - "/dXnTTof+sKJrlNTpIzyEBkzCiGGkWtp7x2yxLCm12L65wtmD/6OAV9Bm1kOhf3p\n" + - "7v+d3gtFt7cw46W35lr+fguy62s7uuytTV9hfhQ0pp2E2E9F6B7U71jR4bC+6zGq\n" + - "+34AmqTirjKHwXOhWDRDpEJIkaFAh+qdz/nqJktZj3n5GdC94jfWrMUJjClGjlc4\n" + - "+Ws3AxN46oFpx8oIXDG9wIPfFhUf0SdnCYJL8TD5+qBNp0H5q/V2R31Wi8rijHGQ\n" + - "4CxHqzP5VJbjgvRQgxAp39BrmLQ+JSvf9e5VqQqaH4NYgpB1WObq12B73BJHjBOv\n" + - "pRrULFjPqDW8sPRBzBTRXkXOPEdZbzQj6O/CWEFsg6ilO4thk3n3drb9FEJjVh9u\n" + - "GtRXV6Ea5bNaPvJppZNXb7M9mORk3mddx/K1FgOETQE3quh+mU4ojbSRUWMVmjcb\n" + - "6bKF5oQd+Q0do4yaEIfH1oVnIas/FIE/xu3Z4fvBs0qdiNLCeNT6uS26vqD2PEvV\n" + - "lFWb683Do3Ls59MMCxhy6Erb7kFQgu1oUWXGFhbMQkeLN4TXGi6X3loXYfING9om\n" + - "nWa/udxvPRwAZmcHU2l2W8cwVXiy6uucsh3kPQ==\n" + - "-----END CERTIFICATE-----"; - - // Owner: O=Microsoft Corporation, L=Redmond, ST=Washington, C=US - // Issuer: CN=Microsoft RSA TLS Issuing AOC CA 01, O=Microsoft Corporation, C=US - // Serial number: 330000014a3b44c12636e54b9f00000000014a - // Valid from: Fri Oct 14 13:55:34 PDT 2022 until: Mon Oct 09 13:55:34 PDT 2023 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIILDCCBhSgAwIBAgITMwAAAUo7RMEmNuVLnwAAAAABSjANBgkqhkiG9w0BAQwF\n" + - "ADBbMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u\n" + - "MSwwKgYDVQQDEyNNaWNyb3NvZnQgUlNBIFRMUyBJc3N1aW5nIEFPQyBDQSAwMTAe\n" + - "Fw0yMjEwMTQyMDU1MzRaFw0yMzEwMDkyMDU1MzRaMFQxCzAJBgNVBAYTAlVTMRMw\n" + - "EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN\n" + - "aWNyb3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + - "AoIBAQDTo/3ysrrKP2eOLQ8JUFhQT09HJM1lUr0nH7RiP4VAKFrGFMIQSCsq17y7\n" + - "PuTHxW53Fvxb5s/EKZobzhlgv4rHQxvoMuGWRBgJN6KfspQAuFnUVG+3y70fHy/O\n" + - "PiVUJdfTupsys/fjzERqzx6FZoU1RzQ08na36SicSOQmj5svtHHxL8ZibDD48Xzp\n" + - "oIEBh2uUDhevkZedBmqlIdAhNgKXqf2lieLjWXZQLzUyXHikQJxNFOHFVjBqH3pu\n" + - "pYt2XD78bS/xeKRbGLw52+o3/u4eaPyiJoG0GaVSG2HRGcplu7Auk6ycD3htispr\n" + - "dviXfHa3tW1hO52PrQBOWvpsP3jdAgMBAAGjggPuMIID6jCCAX4GCisGAQQB1nkC\n" + - "BAIEggFuBIIBagFoAHUA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4A\n" + - "AAGD2FEl4wAABAMARjBEAiBStVFeTYxl3DxgsM2z7VsvWZ5n7V0SXjnNdgFfmjfL\n" + - "twIgQ6Xfm7oJQDMyBIuPVF0qxLr+EqZ71HDHz5n6g60orlcAdgB6MoxU2LcttiDq\n" + - "OOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYPYUSX8AAAEAwBHMEUCIFbeyJxWClLT\n" + - "C1YjUizDHmL5TeKFluRsL0of3NXn7LXuAiEAoZLtiZOie9QLWA66IN3NO8F4VE72\n" + - "m4hZyo0tcJ2FrDkAdwCzc3cH4YRQ+GOG1gWp3BEJSnktsWcMC4fc8AMOeTalmgAA\n" + - "AYPYUSZUAAAEAwBIMEYCIQD7nnuRlDX0iUH+vfbl3aKgn6siy8fL5Dl6HczdPXgD\n" + - "2AIhAJE6xuIKnLOC/BqVG8DydYmhM17TTSK3T98pBtvU9SDcMBsGCSsGAQQBgjcV\n" + - "CgQOMAwwCgYIKwYBBQUHAwEwPAYJKwYBBAGCNxUHBC8wLQYlKwYBBAGCNxUIh73X\n" + - "G4Hn60aCgZ0ujtAMh/DaHV2Btd1QhZ/9dQIBZAIBHTCBpgYIKwYBBQUHAQEEgZkw\n" + - "gZYwZQYIKwYBBQUHMAKGWWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv\n" + - "Y2VydHMvTWljcm9zb2Z0JTIwUlNBJTIwVExTJTIwSXNzdWluZyUyMEFPQyUyMENB\n" + - "JTIwMDEuY3J0MC0GCCsGAQUFBzABhiFodHRwOi8vb25lb2NzcC5taWNyb3NvZnQu\n" + - "Y29tL29jc3AwHQYDVR0OBBYEFJ+DafMSR5RMWJrM6iGS024FVuBYMA4GA1UdDwEB\n" + - "/wQEAwIEsDArBgNVHREEJDAigiBhY3Ryc2Fyb290MjAxNy5wa2kubWljcm9zb2Z0\n" + - "LmNvbTBoBgNVHR8EYTBfMF2gW6BZhldodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20v\n" + - "cGtpb3BzL2NybC9NaWNyb3NvZnQlMjBSU0ElMjBUTFMlMjBJc3N1aW5nJTIwQU9D\n" + - "JTIwQ0ElMjAwMS5jcmwwZgYDVR0gBF8wXTBRBgwrBgEEAYI3TIN9AQEwQTA/Bggr\n" + - "BgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2NzL1Jl\n" + - "cG9zaXRvcnkuaHRtMAgGBmeBDAECAjAfBgNVHSMEGDAWgBTrTDF8PT8yuIPXxdt7\n" + - "2uR42pwUVzATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQwFAAOCAgEA\n" + - "j80IEKdsV/mWM5LwiS12qjOFzukGhpaFgM4XVQV9QJ/oEwworf7KEFfp4YlrSbtw\n" + - "Wwrh06LESleEfCqY+pbYHUx6ox4LvI5EYu23+YINSdhkTaITFZ1DDrYEHX08r26I\n" + - "rdaTkUOLzP9CRuSw1tbcf0gsj/Dqr8ec3usktccOE6QFbCA9yCsKOr6WdPc4h3PV\n" + - "WKHnpf4n46fZ+N+d7+eAOUZSjqsw/5i6/yiQ0Vx6rBMSKmEzkZx72Xkh9IowCeZJ\n" + - "w/gstrzKepSljWUuNi2iXJB2OuIqydFodLXFc9eeH8MXShDqwFF77nf3R3jMAhvI\n" + - "6fHnEz7+UqhMuyiAU5TfSjC1WyeqHhDZawWPumFyXEh0XX1eUphfoN3bApbZJhEE\n" + - "tyhcz44mGawrjSpxlJGgE5TmKJ+CC73TcBC5Ehelo+Is1gzbbVQCu6gMZQyYS8qf\n" + - "kg+JqJAOfx+YFn4bPAio8uF6XpcvMkcd9dyEYi2Q9zMhnQoOjLWj0pPSQaCBmmbI\n" + - "ougVo16GCOdcOG9+c6dBjbHseaQY0a95ZirtNLbutIvmvMIysvAHMC3NkunnD0cQ\n" + - "BxF47+meDc80QJGCaNlJ8E1SlUbEtRfVNsbcw1skO3hAsYAIA8M//BW7XcKRDvLn\n" + - "nPrC+5fWtDzmXgUE/Sve3rCr/AfBiBrLERcJHxYy41U=\n" + - "-----END CERTIFICATE-----"; - - // Owner: O=Microsoft Corporation, L=Redmond, ST=Washington, C=US - // Issuer: CN=Microsoft RSA TLS Issuing AOC CA 01, O=Microsoft Corporation, C=US - // Serial number: 330000014b4c2b0b9955688feb00000000014b - // Valid from: Fri Oct 14 13:56:58 PDT 2022 until: Mon Oct 09 13:56:58 PDT 2023 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIIKjCCBhKgAwIBAgITMwAAAUtMKwuZVWiP6wAAAAABSzANBgkqhkiG9w0BAQwF\n" + - "ADBbMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u\n" + - "MSwwKgYDVQQDEyNNaWNyb3NvZnQgUlNBIFRMUyBJc3N1aW5nIEFPQyBDQSAwMTAe\n" + - "Fw0yMjEwMTQyMDU2NThaFw0yMzEwMDkyMDU2NThaMFQxCzAJBgNVBAYTAlVTMRMw\n" + - "EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN\n" + - "aWNyb3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + - "AoIBAQD2UxPzrv61IqG8jCFPWM3KeQpBeBlxh3mzvWVFmo340r0J1C3uLaUTPYLo\n" + - "P+Xndq2GqYLlm/5FEY7ynU1as57SH0tHbKCIYYJezn/ZJHUYcOY80uGKpP3bdbRq\n" + - "W51Xo7/gzTrXFJ2Nrn05d9mKBq+Oxs71+Nj7QuzjHYAF0n8OWNwZCBOBdAX3EDVQ\n" + - "4HBMSkIzriodM0FD2zkT8RIvZ7WbpLxvZXqWbynAeLirTRYE2lY9UalxrP+wCef9\n" + - "DARxcpEgF30nwRnALfOhnuOhdrtdLYhArfQMyDcvJnDyzCWEZCaPNtBhdsziJjf9\n" + - "A8R4/qdnlQE4/24O9MXQja5dwyyRAgMBAAGjggPsMIID6DCCAXwGCisGAQQB1nkC\n" + - "BAIEggFsBIIBaAFmAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4A\n" + - "AAGD2FJirgAABAMARzBFAiBct8qI4aiBtisWWMKAtwCueQWAnFtxcrGBiZjwctiB\n" + - "pwIhAPasvYgCS4Rbhb6p2//TCeq0P2H3jUftmi0afwhJYXLaAHUAs3N3B+GEUPhj\n" + - "htYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGD2FJjIwAABAMARjBEAiBjbry24wGs\n" + - "tpzJFzxWAk7h3IHMKiY1KxIieJMBe7k1dQIgPvDrVgOiUeWlYJmDSdRafTVZHfQg\n" + - "bODj86WqyB5ndt4AdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAA\n" + - "AYPYUmLUAAAEAwBGMEQCIHlmAPOJT2CSJPnupJqbiUOE8nukIuNxaayaEROQQC16\n" + - "AiBufiWDUp9FNjGdZVhjX3t/Bh3iSNrMJD22k5BcNzUbIjAbBgkrBgEEAYI3FQoE\n" + - "DjAMMAoGCCsGAQUFBwMBMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIe91xuB\n" + - "5+tGgoGdLo7QDIfw2h1dgbXdUIWf/XUCAWQCAR0wgaYGCCsGAQUFBwEBBIGZMIGW\n" + - "MGUGCCsGAQUFBzAChllodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2Nl\n" + - "cnRzL01pY3Jvc29mdCUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBBT0MlMjBDQSUy\n" + - "MDAxLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9zb2Z0LmNv\n" + - "bS9vY3NwMB0GA1UdDgQWBBQVaBKJl3UpdKhMrW9owCC3eUdMWzAOBgNVHQ8BAf8E\n" + - "BAMCBLAwKwYDVR0RBCQwIoIgcnZrcnNhcm9vdDIwMTcucGtpLm1pY3Jvc29mdC5j\n" + - "b20waAYDVR0fBGEwXzBdoFugWYZXaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br\n" + - "aW9wcy9jcmwvTWljcm9zb2Z0JTIwUlNBJTIwVExTJTIwSXNzdWluZyUyMEFPQyUy\n" + - "MENBJTIwMDEuY3JsMGYGA1UdIARfMF0wUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYB\n" + - "BQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBv\n" + - "c2l0b3J5Lmh0bTAIBgZngQwBAgIwHwYDVR0jBBgwFoAU60wxfD0/MriD18Xbe9rk\n" + - "eNqcFFcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEMBQADggIBAFHb\n" + - "lQDG/Jk+kOLRWlZiya00OkZiXrueh4NgfwybZAx3O344+FzP4TsneUys16GO7Pti\n" + - "UTKkxF42INw/3TAC4iOMg4RS4dm+Fn1G7xM59lwqnZLn48a6jORKwZIG0H/2Fevr\n" + - "bGn3ZcTw+NP02OA7X1/ewRfljDZfHNmzdVTSVlqzhliv2cRuZyk7lf1LoIXBTz3Y\n" + - "6ofOjgsP05XEZmMxMwM40FVeslTfuu301plj5KuHpQfbSny0VES3DQnZi+gHX+Zn\n" + - "XuIYQL9stePqQr1GJBqAHM4sRgUCnW5t8efIYDMpYhQynXbniowLGbXOa0OP1IFG\n" + - "oGmhPRonR1aJ2eFBfe0pnc4WO5qdiXQp/XWWYmUJaD7SdGDQF7wH9BUJdldIk6uI\n" + - "SGTh4YD2VAXAGH4e9wHI5t9Lyah/VeBoLU1j3SsJfL6XfcWCwFG2sdqFFQHcONBl\n" + - "ApIjebH4RlOGiRRRJ5/Wz9Wk850mEvF16UlB1MUpLiKU63/nJvuR1TvOisAUl+5L\n" + - "oAfBFVkX4IGJU+9tc4VXYvTpd24xLHk/o6Fnl23D6zWlsZKldNxYPhiriXN9Duvb\n" + - "6xmaQX4gua6jmTFUhKDyyVJpW1A4GjuenPYsCmabzydiAeMIQirCCLSTqXrSw1YL\n" + - "2+608l1nqYy1JOrSq/zFp3c5buSFbjj7jVJB5LEh\n" + - "-----END CERTIFICATE-----"; - - public void runTest(ValidatePathWithParams pathValidator) throws Exception { - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Fri Oct 14 15:46:18 PDT 2022", System.out); + private static final String VALID = "https://actrsaroot2017.pki.microsoft.com/"; + private static final String REVOKED = "https://rvkrsaroot2017.pki.microsoft.com/"; + private static final String CA_FINGERPRINT = + "C7:41:F7:0F:4B:2A:8D:88:BF:2E:71:C1:41:22:EF:53:EF:10:EB:A0:CF:A5:E6:4C:FA:20:F4:18:85:30:73:E0"; + + public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { + pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); + pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java index 48c4d77a6ba24..8686a340784a1 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java @@ -22,11 +22,22 @@ */ /* - * @test + * @test id=OCSP * @bug 8305975 * @summary Interoperability tests with TWCA Global Root CA from TAIWAN-CA - * @build ValidatePathWithParams + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath TWCAGlobalCA OCSP + */ + +/* + * @test id=CRL + * @bug 8305975 + * @summary Interoperability tests with TWCA Global Root CA from TAIWAN-CA + * @library /test/lib + * @build jtreg.SkippedException + * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath TWCAGlobalCA CRL */ @@ -41,166 +52,23 @@ */ public class TWCAGlobalCA { - // Owner: CN=TWCA Global EVSSL Certification Authority, OU=Global EVSSL Sub-CA, O=TAIWAN-CA, C=TW - // Issuer: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW - // Serial number: 40013304f70000000000000cc042cd6d - // Valid from: Thu Aug 23 02:53:30 PDT 2012 until: Fri Aug 23 08:59:59 PDT 2030 - private static final String INT = "-----BEGIN CERTIFICATE-----\n" + - "MIIFdzCCA1+gAwIBAgIQQAEzBPcAAAAAAAAMwELNbTANBgkqhkiG9w0BAQsFADBR\n" + - "MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290\n" + - "IENBMRwwGgYDVQQDExNUV0NBIEdsb2JhbCBSb290IENBMB4XDTEyMDgyMzA5NTMz\n" + - "MFoXDTMwMDgyMzE1NTk1OVowczELMAkGA1UEBhMCVFcxEjAQBgNVBAoTCVRBSVdB\n" + - "Ti1DQTEcMBoGA1UECxMTR2xvYmFsIEVWU1NMIFN1Yi1DQTEyMDAGA1UEAxMpVFdD\n" + - "QSBHbG9iYWwgRVZTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqG\n" + - "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MIaeq4wMnTjA5C2LsR6HJUj6rZbs8Nmq\n" + - "sSqFoqu6LwjrMbzkAg274EL6913MQ6eOy6VUDRzqAfgBEYcwFofe/w8nC7Q6Nrzz\n" + - "xTkl9lovXLJIm0CI44Qk2IhiCkoYaPlIoqexqnm3Fc2QRdRNeLk2pU/s86DpGrwT\n" + - "BqRRRkziBlhcgo7K5Z9ihf+c82DT31iIUIi2nr0ES1eaRR7zpKrzJPZ8foNxRPwT\n" + - "2D0tJWQJ4hNzbFGSKsSzshdwQ/p4JP9AEjK2eeXXbEePt0/JarwBjO2Lwign38/g\n" + - "0ZiP3uE47bItxZhgXlnR5L/0bhJitE6U1xgVFbbrQnG2B2kZxVKxAgMBAAGjggEn\n" + - "MIIBIzAfBgNVHSMEGDAWgBRI283ejulJclqI6LHYPQezuWtmUDAdBgNVHQ4EFgQU\n" + - "br2hK87kwtUodFy92YxvBHIqBt4wDgYDVR0PAQH/BAQDAgEGMDgGA1UdIAQxMC8w\n" + - "LQYEVR0gADAlMCMGCCsGAQUFBwIBFhdodHRwOi8vd3d3LnR3Y2EuY29tLnR3LzBJ\n" + - "BgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vUm9vdENBLnR3Y2EuY29tLnR3L1RXQ0FS\n" + - "Q0EvZ2xvYmFsX3Jldm9rZV80MDk2LmNybDASBgNVHRMBAf8ECDAGAQH/AgEAMDgG\n" + - "CCsGAQUFBwEBBCwwKjAoBggrBgEFBQcwAYYcaHR0cDovL1Jvb3RPY3NwLnR3Y2Eu\n" + - "Y29tLnR3LzANBgkqhkiG9w0BAQsFAAOCAgEAaOmLaZ2+WN2EtB6feuSV5KnL88ck\n" + - "I9jsUTB4YtKsv0ViORkeBMCQur5OoAgRE9VYdRVlWHN0zJAX232fdoZmnajl8gtj\n" + - "u0AOOyDDJ7Vlh38rDMRlX/u+MS2DFcsq5Vd3EMwJsWWFR9D3Dcey+Tu9uEmEdqeB\n" + - "+Erd4YjCeV9PyOW3SzPQ47RdW6XYmHArPh65/LcmSxTn/lxQy/NEBGGWqhm6s6n1\n" + - "49mPq4MtQcMLo/NBI+8jv7BVjnThbbEh2edHHxMNiAd5kLZFDCyJuFkoezjWL4AH\n" + - "ratXdoHtqvqtPoy97LyGrLrJeh+0hkO9u8QOt2gF7BEhNfid7o5dnsPRk+8l77Hn\n" + - "T1dvBs++M0r0QG4AWMSMj9uUn6rhl4FGTvAsyB1fA8p/xCLoIEetIpKRP3BD+ve2\n" + - "eYjWPorR/0W77iMTeoQEeuxDIxi2J/U9QLKKvzzqBy1TYrqqPe5YxqHLNAcfHZvo\n" + - "BTPPbtP0WAiXrJiELTYcqFXETvQcGw0XjoUZNvJE8RD7vssSNT17RKU8iBRX7CbL\n" + - "AB3T8gYykPMJTUqQSmdgEdVRBcqRMMdU+XRAEoU/Mz5oHAkm3ZNTDNwsEp2Dg1/b\n" + - "qzfPMhg4/3/YyWzGrzNeCSWZkjYImAzLCvN0D5rbdVHEmFIrEJt+igocGozroq5x\n" + - "DT5KhixlrqexzWE=\n" + - "-----END CERTIFICATE-----"; - - // Owner: OID.2.5.4.17=100, STREET="10F.,NO.85,Yanping S. Rd.,Taipei City 100,Taiwan (R.O.C)", - // SERIALNUMBER=70759028, OID.1.3.6.1.4.1.311.60.2.1.3=TW, OID.1.3.6.1.4.1.311.60.2.1.2=Taiwan, - // OID.1.3.6.1.4.1.311.60.2.1.1=Taipei, OID.2.5.4.15=Private Organization, - // CN=evssldemo6.twca.com.tw, O=TAIWAN-CA INC., L=Taipei, ST=Taiwan, C=TW - // Issuer: CN=TWCA Global EVSSL Certification Authority, OU=Global EVSSL Sub-CA, - // O=TAIWAN-CA, C=TW - // Serial number: 47e70000001258ff71d89af7f0353fef - // Valid from: Thu Mar 02 00:49:56 PST 2023 until: Sun Mar 31 08:59:59 PDT 2024 - private static final String VALID = "-----BEGIN CERTIFICATE-----\n" + - "MIIH7zCCBtegAwIBAgIQR+cAAAASWP9x2Jr38DU/7zANBgkqhkiG9w0BAQsFADBz\n" + - "MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRwwGgYDVQQLExNHbG9i\n" + - "YWwgRVZTU0wgU3ViLUNBMTIwMAYDVQQDEylUV0NBIEdsb2JhbCBFVlNTTCBDZXJ0\n" + - "aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0yMzAzMDIwODQ5NTZaFw0yNDAzMzExNTU5\n" + - "NTlaMIIBMzELMAkGA1UEBhMCVFcxDzANBgNVBAgTBlRhaXdhbjEPMA0GA1UEBxMG\n" + - "VGFpcGVpMRcwFQYDVQQKEw5UQUlXQU4tQ0EgSU5DLjEfMB0GA1UEAxMWZXZzc2xk\n" + - "ZW1vNi50d2NhLmNvbS50dzEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24x\n" + - "FzAVBgsrBgEEAYI3PAIBARMGVGFpcGVpMRcwFQYLKwYBBAGCNzwCAQITBlRhaXdh\n" + - "bjETMBEGCysGAQQBgjc8AgEDEwJUVzERMA8GA1UEBRMINzA3NTkwMjgxQTA/BgNV\n" + - "BAkTODEwRi4sTk8uODUsWWFucGluZyBTLiBSZC4sVGFpcGVpIENpdHkgMTAwLFRh\n" + - "aXdhbiAoUi5PLkMpMQwwCgYDVQQREwMxMDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" + - "DwAwggEKAoIBAQDEgj/jtcAtGPkiBilLajzHIqfiAxpwwnKhdHwyOnqfcqur1p2R\n" + - "Cxl0Q8jYGmY8ZUq7716XnIGN3bn3Wu10BvmHi07h8f54/G/K7xBKjkasAh44zW1P\n" + - "hgdaxH0huRvoQOoSRCitew8YpMN4B++uOQ8yu2pWDGDdQHW4VaWt/e+QtZbQtp/b\n" + - "7vUWgcuhxDStj97B8Dcb5PY+sbLy6dfDiXnTaSpuWhjKmEcpknagGyn4uCFBSppZ\n" + - "/PYcTsg+Nk8Ae/SDMpc7XWBCjmxMG2GI0IVW4un9UOuElYgWVjMWnBAiGMDkVMEQ\n" + - "jLRxEYOh+NJ3izMyD/ufLrA/YwJMI1LgFcOJAgMBAAGjggO7MIIDtzAfBgNVHSME\n" + - "GDAWgBRuvaErzuTC1Sh0XL3ZjG8EcioG3jAdBgNVHQ4EFgQUg4msPcTFvDjwluRf\n" + - "inEn9qMC7OYwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3NzbHNlcnZlci50d2Nh\n" + - "LmNvbS50dy9zc2xzZXJ2ZXIvR2xvYmFsRVZTU0xfUmV2b2tlXzIwMTIuY3JsMCEG\n" + - "A1UdEQQaMBiCFmV2c3NsZGVtbzYudHdjYS5jb20udHcwfwYIKwYBBQUHAQEEczBx\n" + - "MEQGCCsGAQUFBzAChjhodHRwOi8vc3Nsc2VydmVyLnR3Y2EuY29tLnR3L2NhY2Vy\n" + - "dC9HbG9iYWxFdnNzbF8yMDEyLnA3YjApBggrBgEFBQcwAYYdaHR0cDovL2V2c3Ns\n" + - "b2NzcC50d2NhLmNvbS50dy8wSAYDVR0gBEEwPzA0BgwrBgEEAYK/JQEBFgMwJDAi\n" + - "BggrBgEFBQcCARYWaHR0cDovL3d3dy50d2NhLmNvbS50dzAHBgVngQwBATAJBgNV\n" + - "HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n" + - "BQUHAwIwggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB2AEiw42vapkc0D+VqAvqd\n" + - "MOscUgHLVt0sgdm7v6s52IRzAAABhqGDiCYAAAQDAEcwRQIgd7uqvHdSTSXqNPWs\n" + - "OQeCeT2vuKY3vj8jRcoJ9IIohqgCIQCtQfZ0lfZ1Y1GmwCTDc5NM++5mgp+ZpNWu\n" + - "F9OKsWoCPQB2AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABhqGD\n" + - "iJYAAAQDAEcwRQIgIHKa+XeYyDURUq9AVYEntGS5oJitKyWZjSOlpD+udZgCIQC/\n" + - "oVPtjJpcXP4OScYFsNWMPKUtZOO5mY5y7V65S84DrQB2ADtTd3U+LbmAToswWwb+\n" + - "QDtn2E/D9Me9AA0tcm/h+tQXAAABhqGDh8YAAAQDAEcwRQIgYT7aPr9YCtF5TCTp\n" + - "NICK9c5eiL6Ku/y9wM6ARgG2k1UCIQDomqlwGur+AMI4YIc1SNqyNVCyxgP1DxXP\n" + - "FYkX6BX17gB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABhqGD\n" + - "iKkAAAQDAEcwRQIhAKTMliyTn48vvP9hN8jucD6rGZwRCqQI6suE6ADpN7bNAiB3\n" + - "zFZFdH8eJRn3RXjD/mzbmF201sNLitp9SOYAazubljANBgkqhkiG9w0BAQsFAAOC\n" + - "AQEAOOtzqtRFvxlJro61O0dEkDottToFh88vib3N3AofS5uW0nDpoS0L27XR8IDd\n" + - "2NfN+2XKAQXdz2BqHnjW1nAMXUx4TAMi4jG8XpOkvpSDXbjghD5EB10FyAzCuGmv\n" + - "mKxkVOU1DzL0kSLLQjLaJ57WUYsoE97f5O6rY9jlJpid32o1WgM1oZsBjPhO8Kiy\n" + - "KJ5zZHppolGPtuFYMUcatiqv//pH/5piwtlYSkbwMj5nYidSrSBciBzO53HFk1pE\n" + - "TABXFcoK3gmhWM04lysmJMwAzRUbNQVizpGDICbRjCOVnwCbutnSnka8pDHkq4Zy\n" + - "BrUeZe2xJe8jWvukwqvNzIIvwg==\n" + - "-----END CERTIFICATE-----"; - - // Owner: OID.2.5.4.17=100, STREET="10F.,NO.85,Yanping S. Rd.,Taipei City 100,Taiwan (R.O.C)", - // SERIALNUMBER=70759028, OID.1.3.6.1.4.1.311.60.2.1.3=TW, OID.1.3.6.1.4.1.311.60.2.1.2=Taiwan, - // OID.1.3.6.1.4.1.311.60.2.1.1=Taipei, OID.2.5.4.15=Private Organization, - // CN=evssldemo7.twca.com.tw, O=TAIWAN-CA INC., L=Taipei, ST=Taiwan, C=TW - // Issuer: CN=TWCA Global EVSSL Certification Authority, OU=Global EVSSL Sub-CA, - // O=TAIWAN-CA, C=TW - // Serial number: 47e70000001258f036a5b513091ccb2e - // Valid from: Tue Feb 07 02:03:08 PST 2023 until: Thu Mar 07 07:59:59 PST 2024 - private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" + - "MIIHdjCCBl6gAwIBAgIQR+cAAAASWPA2pbUTCRzLLjANBgkqhkiG9w0BAQsFADBz\n" + - "MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRwwGgYDVQQLExNHbG9i\n" + - "YWwgRVZTU0wgU3ViLUNBMTIwMAYDVQQDEylUV0NBIEdsb2JhbCBFVlNTTCBDZXJ0\n" + - "aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0yMzAyMDcxMDAzMDhaFw0yNDAzMDcxNTU5\n" + - "NTlaMIIBMzELMAkGA1UEBhMCVFcxDzANBgNVBAgTBlRhaXdhbjEPMA0GA1UEBxMG\n" + - "VGFpcGVpMRcwFQYDVQQKEw5UQUlXQU4tQ0EgSU5DLjEfMB0GA1UEAxMWZXZzc2xk\n" + - "ZW1vNy50d2NhLmNvbS50dzEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24x\n" + - "FzAVBgsrBgEEAYI3PAIBARMGVGFpcGVpMRcwFQYLKwYBBAGCNzwCAQITBlRhaXdh\n" + - "bjETMBEGCysGAQQBgjc8AgEDEwJUVzERMA8GA1UEBRMINzA3NTkwMjgxQTA/BgNV\n" + - "BAkTODEwRi4sTk8uODUsWWFucGluZyBTLiBSZC4sVGFpcGVpIENpdHkgMTAwLFRh\n" + - "aXdhbiAoUi5PLkMpMQwwCgYDVQQREwMxMDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" + - "DwAwggEKAoIBAQDSX3co7XUdwxv8OEj7Mipq0Ot+1w+VYTFlPvdnryrv9st7ERLb\n" + - "+xJPJo7swgqbHeHKWlwYu4lkzJq6s3nAOkuYIP/O3uVmGDiilLSAVkukz9MooyjB\n" + - "466eArXY1VT9vpXVNmSLunAp5RU8H+2WWOUMmtJx/oYojqEbtWqnltlErvEjb2TM\n" + - "vR16d/vXI6QtMc+IV3nZ0SVdetH2E7ZvpP5mZqVSHNnOnVjqdd69hAJ4SJgG9lCM\n" + - "87ysm6UaJxQbEGxc6YkwrUNVet1tx2hBWltTyRw3oOBCBUwrPUTx7/pFh7yhci6p\n" + - "AhHp1j0OzAmZHOFTM+qO1L1vlmguO8zW0zWtAgMBAAGjggNCMIIDPjAfBgNVHSME\n" + - "GDAWgBRuvaErzuTC1Sh0XL3ZjG8EcioG3jAdBgNVHQ4EFgQUvvbgZHRNPdmGlxQS\n" + - "fcTzM2A14EkwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3NzbHNlcnZlci50d2Nh\n" + - "LmNvbS50dy9zc2xzZXJ2ZXIvR2xvYmFsRVZTU0xfUmV2b2tlXzIwMTIuY3JsMCEG\n" + - "A1UdEQQaMBiCFmV2c3NsZGVtbzcudHdjYS5jb20udHcwfwYIKwYBBQUHAQEEczBx\n" + - "MEQGCCsGAQUFBzAChjhodHRwOi8vc3Nsc2VydmVyLnR3Y2EuY29tLnR3L2NhY2Vy\n" + - "dC9HbG9iYWxFdnNzbF8yMDEyLnA3YjApBggrBgEFBQcwAYYdaHR0cDovL2V2c3Ns\n" + - "b2NzcC50d2NhLmNvbS50dy8wSAYDVR0gBEEwPzA0BgwrBgEEAYK/JQEBFgMwJDAi\n" + - "BggrBgEFBQcCARYWaHR0cDovL3d3dy50d2NhLmNvbS50dzAHBgVngQwBATAJBgNV\n" + - "HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n" + - "BQUHAwIwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AFWB1MIWkDYBSuoLm1c8\n" + - "U/DA5Dh4cCUIFy+jqh0HE9MMAAABhitUR1YAAAQDAEcwRQIhANv7DhQm67R1Ilmg\n" + - "k5StrFQ1dqyELzZTAT3on84g0G/vAiAttP+EWWmztK2luQ7SxvQsmExDh/qGiZHq\n" + - "NAd2a8dUIgB1AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABhitU\n" + - "RycAAAQDAEYwRAIgcU5n4DJaGWvTr3wZug59ItynMgCZ5z0ZVrZr2KwV70wCIHEv\n" + - "DAwNBLGsdj5IX/4E5hnzJvS7WroSLnRB6OW931JbAHYAdv+IPwq2+5VRwmHM9Ye6\n" + - "NLSkzbsp3GhCCp/mZ0xaOnQAAAGGK1RKDwAABAMARzBFAiBvlIvOnE8PhYJQueMh\n" + - "AOCwgREvnAsk3Edt59lcuqPrrQIhAOSRb3UmBYkHQ6k5pUJva0Mgk0GmnLR0de0s\n" + - "VxW3TTASMA0GCSqGSIb3DQEBCwUAA4IBAQAQB7oaouXBI6VpLzL+kzOZXSTbSClv\n" + - "LS33DTEBI3A8LTXHbFq6c4/ZdqieUzy42Kd0i9e3hI1hwQYPgEwxpROOcldX72r0\n" + - "EUTh0L+XrxN3YEgod6aCsjIiJlWYy6J2ZXVURnk/iWYAwYLa0JmmBGuWFjEnq4lO\n" + - "xL1C3M2mYAEC+Beb7Xyq1rcu97p4P8igJYM+VfwXNwYYRCXUr9f4ESD7t5vXlYoE\n" + - "c4m5KiBQD9XtZS77QRon9JCQklxTvMkxuLwWvSdzicEUzWeFp+kN/fcXL2SVsb17\n" + - "xDPMMsMMh7L/f+uMWDYZ+wH17LYQxOLi7VXT3fv8nl2X2iD3d4CCh0Tu\n" + - "-----END CERTIFICATE-----"; + private static final String VALID = "https://evssldemo6.twca.com.tw"; + private static final String REVOKED = "https://evssldemo7.twca.com.tw"; + private static final String CA_FINGERPRINT = + "59:76:90:07:F7:68:5D:0F:CD:50:87:2F:9F:95:D5:75:5A:5B:2B:45:7D:81:F3:69:2B:61:0A:98:67:2F:0E:1B"; public static void main(String[] args) throws Exception { - ValidatePathWithParams pathValidator = new ValidatePathWithParams(null); + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(); if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLCheck(); + validatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPCheck(); + validatePathWithURL.enableOCSPOnly(); } - // Validate valid - pathValidator.validate(new String[]{VALID, INT}, - ValidatePathWithParams.Status.GOOD, null, System.out); - - // Validate Revoked - pathValidator.validate(new String[]{REVOKED, INT}, - ValidatePathWithParams.Status.REVOKED, - "Thu Mar 23 17:30:19 PDT 2023", System.out); + validatePathWithURL.validateDomain(VALID, false, CA_FINGERPRINT); + validatePathWithURL.validateDomain(REVOKED, true, CA_FINGERPRINT); } } From 5885e35213e2fd2d1f9d39c04a3b3d8a40c34fe2 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Wed, 31 May 2023 13:47:37 -0700 Subject: [PATCH 03/17] 8308592: verify inter CA --- .../certification/ActalisCA.java | 25 ++---- .../certification/BuypassCA.java | 45 +++++----- .../certification/ValidatePathWithURL.java | 87 ++++++++++--------- 3 files changed, 74 insertions(+), 83 deletions(-) diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java index d75bb8bcf769c..540009de5c161 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java @@ -41,34 +41,23 @@ * @run main/othervm/timeout=180 -Djava.security.debug=certpath ActalisCA CRL */ - /* - * Obtain test artifacts for Actalis CA from: - * - * Test website with *active* TLS Server certificate: - * https://ssltest-active.actalis.it/ - * - * Test website with *revoked* TLS Server certificate: - * https://ssltest-revoked.actalis.it/ - */ public class ActalisCA { - private static final String VALID = "https://ssltest-active.actalis.it/"; private static final String REVOKED = "https://ssltest-revoked.actalis.it/"; - private static final String CA_FINGERPRINT = - "55:92:60:84:EC:96:3A:64:B9:6E:2A:BE:01:CE:0B:A8:6A:64:FB:FE:BC:C7:AA:B5:AF:C1:55:B3:7F:D7:60:66"; + private static final String CA_ALIAS = "actalisauthenticationrootca [jdk]"; public static void main(String[] args) throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - validatePathWithURL.enableCRLOnly(); + ValidatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - validatePathWithURL.enableOCSPOnly(); + ValidatePathWithURL.enableOCSPOnly(); } - validatePathWithURL.validateDomain(VALID, false, CA_FINGERPRINT); - validatePathWithURL.validateDomain(REVOKED, true, CA_FINGERPRINT); + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java index e98da2f3b9e62..f4c200070cf6a 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java @@ -41,22 +41,19 @@ * @run main/othervm/timeout=180 -Djava.security.debug=certpath BuypassCA CRL */ -import java.security.cert.CertificateEncodingException; public class BuypassCA { public static void main(String[] args) throws Exception { - ValidatePathWithURL pathValidator = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLOnly(); + ValidatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPOnly(); + ValidatePathWithURL.enableOCSPOnly(); } - new BuypassClass2().runTest(pathValidator); - new BuypassClass3().runTest(pathValidator); + new BuypassClass2().runTest(); + new BuypassClass3().runTest(); } } @@ -65,15 +62,16 @@ class BuypassClass2 { private static final String REVOKED_BUSINESS = "https://revoked.business.ca22.ssl.buypass.no"; private static final String VALID_DOMAIN = "https://valid.domain.ca22.ssl.buypass.no"; private static final String REVOKED_DOMAIN = "https://revoked.domain.ca22.ssl.buypass.no"; - private static final String CA_FINGERPRINT = - "9A:11:40:25:19:7C:5B:B9:5D:94:E6:3D:55:CD:43:79:08:47:B6:46:B2:3C:DF:11:AD:A4:A0:0E:FF:15:FB:48"; + private static final String CA_ALIAS = "buypassclass2ca [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID_BUSINESS, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED_BUSINESS, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID_BUSINESS, false); + validatePathWithURL.validateDomain(REVOKED_BUSINESS, true); - pathValidator.validateDomain(VALID_DOMAIN, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED_DOMAIN, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID_DOMAIN, false); + validatePathWithURL.validateDomain(REVOKED_DOMAIN, true); } } @@ -84,17 +82,18 @@ class BuypassClass3 { private static final String REVOKED_EVIDENT = "https://revoked.evident.ca23.ssl.buypass.no"; private static final String VALID_BUSINESSPLUS = "https://valid.businessplus.ca23.ssl.buypass.no"; private static final String REVOKED_BUSINESSPLUS = "https://revoked.businessplus.ca23.ssl.buypass.no"; - private static final String CA_FINGERPRINT = - "ED:F7:EB:BC:A2:7A:2A:38:4D:38:7B:7D:40:10:C6:66:E2:ED:B4:84:3E:4C:29:B4:AE:1D:5B:93:32:E6:B2:4D"; + private static final String CA_ALIAS = "buypassclass3ca [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID_QC, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED_QC, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID_QC, false); + validatePathWithURL.validateDomain(REVOKED_QC, true); - pathValidator.validateDomain(VALID_EVIDENT, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED_EVIDENT, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID_EVIDENT, false); + validatePathWithURL.validateDomain(REVOKED_EVIDENT, true); - pathValidator.validateDomain(VALID_BUSINESSPLUS, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED_BUSINESSPLUS, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID_BUSINESSPLUS, false); + validatePathWithURL.validateDomain(REVOKED_BUSINESSPLUS, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java index 1feabb3cde500..e772e3f286105 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java @@ -24,57 +24,69 @@ import jtreg.SkippedException; import javax.net.ssl.*; +import javax.security.auth.x500.X500Principal; +import java.io.FileInputStream; import java.io.IOException; import java.net.URL; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.Security; +import java.security.*; import java.security.cert.*; -import java.util.HexFormat; +import java.security.cert.Certificate; public class ValidatePathWithURL { - private static MessageDigest md; - private static final HexFormat HEX = HexFormat.ofDelimiter(":").withUpperCase(); - public ValidatePathWithURL() throws NoSuchAlgorithmException { + private final X509Certificate rootCertificate; + private final X500Principal rootPrincipal; + + public ValidatePathWithURL(String caAlias) throws Exception { System.setProperty("com.sun.net.ssl.checkRevocation", "true"); Security.setProperty("ssl.TrustManagerFactory.algorithm", "SunPKIX"); // some test sites don't have correct hostname specified in test certificate HttpsURLConnection.setDefaultHostnameVerifier(new CustomHostnameVerifier()); - md = MessageDigest.getInstance("SHA-256"); + String FS = System.getProperty("file.separator"); + String CACERTS_STORE = + System.getProperty("test.jdk") + FS + "lib" + FS + "security" + FS + "cacerts"; + + KeyStore cacerts = KeyStore.getInstance("PKCS12"); + try (FileInputStream fis = new FileInputStream(CACERTS_STORE)) { + cacerts.load(fis, null); + } + + rootCertificate = (X509Certificate) cacerts.getCertificate(caAlias); + rootPrincipal = rootCertificate.getSubjectX500Principal(); } - public void enableOCSPOnly() { + public static void enableOCSPOnly() { System.setProperty("com.sun.security.enableCRLDP", "false"); Security.setProperty("ocsp.enable", "true"); } - public void enableCRLOnly() { + public static void enableCRLOnly() { System.setProperty("com.sun.security.enableCRLDP", "true"); } - public void enableOCSPAndCRL() { + public static void enableOCSPAndCRL() { System.setProperty("com.sun.security.enableCRLDP", "true"); Security.setProperty("ocsp.enable", "true"); } public void validateDomain(final String testURL, - final boolean revokedCert, - final String fingerPrint) throws CertificateEncodingException { + final boolean revokedCert) + throws CertificateException, NoSuchAlgorithmException, SignatureException, + InvalidKeyException, NoSuchProviderException { System.out.println(); System.out.println("===== Validate " + testURL + "====="); - if (!validateDomainCertChain(testURL, revokedCert, fingerPrint)) { + if (!validateDomainCertChain(testURL, revokedCert)) { throw new RuntimeException("Failed to validate " + testURL); } System.out.println("======> SUCCESS"); } private boolean validateDomainCertChain(final String testURL, - final boolean revokedCert, - final String fingerPrint) - throws CertificateEncodingException { + final boolean revokedCert) + throws CertificateException, NoSuchAlgorithmException, SignatureException, + InvalidKeyException, NoSuchProviderException { HttpsURLConnection httpsURLConnection = null; try { URL url = new URL(testURL); @@ -84,43 +96,34 @@ private boolean validateDomainCertChain(final String testURL, // certain that test certificate anchors to trusted CA for VALID certificate // if the connection is successful - /*Certificate[] chain = - httpsURLConnection.getSSLSession().get().getPeerCertificates(); + Certificate[] chain = httpsURLConnection.getServerCertificates(); httpsURLConnection.disconnect(); - X509Certificate rootCert = null; + X509Certificate interCert = null; - // fail if there is no intermediate CA - if (chain.length < 3) { + // fail if there is no intermediate CA or self-signed + if (chain.length < 2) { throw new RuntimeException("Cert chain too short " + chain.length); } else { - System.out.println("Finding root certificate..." + chain.length); + System.out.println("Finding intermediate certificate issued by CA"); for (Certificate cert: chain){ - if(cert instanceof X509Certificate) { - X509Certificate certificate = (X509Certificate) cert; + if(cert instanceof X509Certificate certificate) { System.out.println("Checking: " + certificate.getSubjectX500Principal()); - System.out.println("Checking2: " + certificate.getIssuerX500Principal()); - if (certificate.getSubjectX500Principal().equals(certificate.getIssuerX500Principal())) { - rootCert = certificate; + if (certificate.getIssuerX500Principal().equals(rootPrincipal)){ + interCert = certificate; break; } - } else { - throw new RuntimeException("Certificate not X509"); } } } - if (rootCert == null){ - throw new RuntimeException("Root CA not found in the chain"); + if (interCert == null){ + throw new RuntimeException("Intermediate Root CA not found in the chain"); } - // validate root CA serial number - System.out.println("Found root CA: " + rootCert.getSubjectX500Principal()); - byte[] digest = md.digest(rootCert.getEncoded()); - if(!fingerPrint.equals(HEX.formatHex(digest))) { - System.out.println("Expected fingerprint: " + fingerPrint); - System.out.println("Actual fingerprint: " + HEX.formatHex(digest)); - throw new RuntimeException("Root CA serial doesn't match"); - }*/ + // validate intermediate CA signed by root CA under test + System.out.println("Found intermediate root CA: " + interCert.getSubjectX500Principal()); + interCert.verify(rootCertificate.getPublicKey()); + System.out.println("Verified: Intermediate CA signed by test root CA"); } catch (SSLHandshakeException e) { System.out.println("SSLHandshakeException: " + e.getMessage()); Throwable cause = e.getCause(); @@ -143,7 +146,7 @@ private boolean validateDomainCertChain(final String testURL, cause = cause.getCause(); } - throw new RuntimeException("Unknown exception", e); + throw new RuntimeException("Unhandled exception", e); } catch (SSLException e) { // thrown if root CA is not included in cacerts throw new RuntimeException(e); @@ -158,7 +161,7 @@ private boolean validateDomainCertChain(final String testURL, return !revokedCert; } - private class CustomHostnameVerifier implements HostnameVerifier { + private static class CustomHostnameVerifier implements HostnameVerifier { @Override public boolean verify(String hostname, SSLSession session) { // Allow any hostname From c607a04dc76cb51cb5aa783f475ecaeed12fb138 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Wed, 31 May 2023 15:30:07 -0700 Subject: [PATCH 04/17] 8308592: update other tests --- .../certification/AmazonCA.java | 58 ++++++++------- .../certification/ComodoCA.java | 59 +++++++-------- .../certification/EntrustCA.java | 40 +++++----- .../certification/GlobalSignR6CA.java | 25 +++---- .../certification/GoDaddyCA.java | 48 ++++-------- .../certification/GoogleCA.java | 73 ++++++++++--------- .../certification/LetsEncryptCA.java | 19 ++--- .../certification/MicrosoftTLS.java | 33 ++++----- .../certification/QuoVadisCA.java | 47 ++++++------ .../certification/SSLCA.java | 49 ++++++------- .../certification/TWCAGlobalCA.java | 24 ++---- .../certification/TeliaSoneraCA.java | 15 ++-- .../certification/ValidatePathWithURL.java | 2 + 13 files changed, 231 insertions(+), 261 deletions(-) diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java index 9be497eaf1cd6..d012309e2722e 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java @@ -52,66 +52,68 @@ public class AmazonCA { public static void main(String[] args) throws Exception { - ValidatePathWithURL pathValidator = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLOnly(); + ValidatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPOnly(); + ValidatePathWithURL.enableOCSPOnly(); } - new AmazonCA_1().runTest(pathValidator); - new AmazonCA_2().runTest(pathValidator); - new AmazonCA_3().runTest(pathValidator); - new AmazonCA_4().runTest(pathValidator); + new AmazonCA_1().runTest(); + new AmazonCA_2().runTest(); + new AmazonCA_3().runTest(); + new AmazonCA_4().runTest(); } } class AmazonCA_1 { private static final String VALID = "https://valid.rootca1.demo.amazontrust.com/"; private static final String REVOKED = "https://revoked.rootca1.demo.amazontrust.com/"; - private static final String CA_FINGERPRINT = - "8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E"; + private static final String CA_ALIAS = "amazonrootca1 [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class AmazonCA_2 { private static final String VALID = "https://valid.rootca2.demo.amazontrust.com/"; private static final String REVOKED = "https://revoked.rootca2.demo.amazontrust.com/"; - private static final String CA_FINGERPRINT = - "1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4"; + private static final String CA_ALIAS = "amazonrootca2 [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class AmazonCA_3 { private static final String VALID = "https://valid.rootca3.demo.amazontrust.com/"; private static final String REVOKED = "https://revoked.rootca3.demo.amazontrust.com/"; - private static final String CA_FINGERPRINT = - "18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4"; + private static final String CA_ALIAS = "amazonrootca3 [jdk]"; - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class AmazonCA_4 { private static final String VALID = "https://valid.rootca4.demo.amazontrust.com/"; private static final String REVOKED = "https://revoked.rootca4.demo.amazontrust.com/"; - private static final String CA_FINGERPRINT = - "E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92"; + private static final String CA_ALIAS = "amazonrootca4 [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java index 10ced7221afe2..7adf5efa3ffc9 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java @@ -43,71 +43,72 @@ * @run main/othervm -Djava.security.debug=certpath ComodoCA CRL */ -import java.security.cert.CertificateEncodingException; public class ComodoCA { public static void main(String[] args) throws Exception { - ValidatePathWithURL pathValidator = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLOnly(); + ValidatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPOnly(); + ValidatePathWithURL.enableOCSPOnly(); } - new ComodoRSA().runTest(pathValidator); - new ComodoECC().runTest(pathValidator); - new ComodoUserTrustRSA().runTest(pathValidator); - new ComodoUserTrustECC().runTest(pathValidator); + new ComodoRSA().runTest(); + new ComodoECC().runTest(); + new ComodoUserTrustRSA().runTest(); + new ComodoUserTrustECC().runTest(); } } class ComodoRSA { private static final String VALID = "https://comodorsacertificationauthority-ev.comodoca.com"; private static final String REVOKED = "https://comodorsacertificationauthority-ev.comodoca.com:444"; - private static final String CA_FINGERPRINT = - "52:F0:E1:C4:E5:8E:C6:29:29:1B:60:31:7F:07:46:71:B8:5D:7E:A8:0D:5B:07:27:34:63:53:4B:32:B4:02:34"; + private static final String CA_ALIAS = "comodorsaca [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class ComodoECC { private static final String VALID = "https://comodoecccertificationauthority-ev.comodoca.com"; private static final String REVOKED = "https://comodoecccertificationauthority-ev.comodoca.com:444"; - private static final String CA_FINGERPRINT = - "17:93:92:7A:06:14:54:97:89:AD:CE:2F:8F:34:F7:F0:B6:6D:0F:3A:E3:A3:B8:4D:21:EC:15:DB:BA:4F:AD:C7"; + private static final String CA_ALIAS = "comodoeccca [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class ComodoUserTrustRSA { private static final String VALID = "https://usertrustrsacertificationauthority-ev.comodoca.com"; private static final String REVOKED = "https://usertrustrsacertificationauthority-ev.comodoca.com:444"; - private static final String CA_FINGERPRINT = - "E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2"; + private static final String CA_ALIAS = "usertrustrsaca [jdk]"; - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class ComodoUserTrustECC { private static final String VALID = "https://usertrustecccertificationauthority-ev.comodoca.com"; private static final String REVOKED = "https://usertrustecccertificationauthority-ev.comodoca.com:444"; - private static final String CA_FINGERPRINT = - "4F:F4:60:D5:4B:9C:86:DA:BF:BC:FC:57:12:E0:40:0D:2B:ED:3F:BC:4D:4F:BD:AA:86:E0:6A:DC:D2:A9:AD:7A"; + private static final String CA_ALIAS = "usertrusteccca [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java index 559d5322f371d..3b29553096912 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java @@ -46,40 +46,40 @@ public class EntrustCA { public static void main(String[] args) throws Exception { - ValidatePathWithURL pathValidator = new ValidatePathWithURL(); + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + ValidatePathWithURL.enableCRLOnly(); + } else { + // OCSP check by default + ValidatePathWithURL.enableOCSPOnly(); + } - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLOnly(); - } else { - // OCSP check by default - pathValidator.enableOCSPOnly(); - } - - new Entrust_ECCA().runTest(pathValidator); - new Entrust_G4().runTest(pathValidator); + new Entrust_ECCA().runTest(); + new Entrust_G4().runTest(); } } class Entrust_ECCA { private static final String VALID = "https://validec.entrust.net"; private static final String REVOKED = "https://revokedec.entrust.net"; - private static final String CA_FINGERPRINT = - "E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2"; + private static final String CA_ALIAS = "entrustrootcaec1 [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class Entrust_G4 { private static final String VALID = "https://validg4.entrust.net"; private static final String REVOKED = "https://revokedg4.entrust.net"; - private static final String CA_FINGERPRINT = - "DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88"; + private static final String CA_ALIAS = "entrustrootcag4 [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java index 5b604e0bd0b78..34c61822371b2 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java @@ -44,22 +44,21 @@ public class GlobalSignR6CA { private static final String VALID = "https://valid.r6.roots.globalsign.com/"; private static final String REVOKED = "https://revoked.r6.roots.globalsign.com/"; - private static final String CA_FINGERPRINT = - "2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69"; + private static final String CA_ALIAS = "globalsignrootcar6 [jdk]"; - public static void main(String[] args) throws Exception { + public static void main(String[] args) throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(); + if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { + ValidatePathWithURL.enableCRLOnly(); + } else { + // OCSP check by default + ValidatePathWithURL.enableOCSPOnly(); + } - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - validatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - validatePathWithURL.enableOCSPOnly(); - } + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - validatePathWithURL.validateDomain(VALID, false, CA_FINGERPRINT); - validatePathWithURL.validateDomain(REVOKED, true, CA_FINGERPRINT); - } + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); + } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java index f9e53f7cbb8c8..f6b92611d2a08 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java @@ -40,61 +40,45 @@ * @build ValidatePathWithURL * @run main/othervm -Djava.security.debug=certpath GoDaddyCA CRL */ - -import java.security.cert.CertificateEncodingException; - -/* - * Obtain test artifacts for GoDaddy/Starfield CAs from: - * - * Go Daddy Root Certificate Authority - G2: - * valid: - * expired: https://expired.gdig2.catest.godaddy.com/ - * revoked: - * - * Starfield Root Certificate Authority - G2: - * valid: - * expired: https://expired.sfig2.catest.starfieldtech.com/ - * revoked: - */ public class GoDaddyCA { public static void main(String[] args) throws Exception { - ValidatePathWithURL pathValidator = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLOnly(); + ValidatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPOnly(); + ValidatePathWithURL.enableOCSPOnly(); } - new GoDaddyGdig2().runTest(pathValidator); - new GoDaddySfig2().runTest(pathValidator); + new GoDaddyGdig2().runTest(); + new GoDaddySfig2().runTest(); } } class GoDaddyGdig2 { private static final String VALID = "https://valid.gdig2.catest.godaddy.com/"; private static final String REVOKED = "https://revoked.gdig2.catest.godaddy.com/"; - private static final String CA_FINGERPRINT = - "45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA"; + private static final String CA_ALIAS = "godaddyrootg2ca [jdk]"; - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class GoDaddySfig2 { private static final String VALID = "https://valid.sfig2.catest.starfieldtech.com/"; private static final String REVOKED = "https://revoked.sfig2.catest.starfieldtech.com/"; - private static final String CA_FINGERPRINT = - "2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5"; + private static final String CA_ALIAS = "starfieldrootg2ca [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java index d09edde279a44..91cdf453bf60b 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java @@ -41,8 +41,6 @@ * @run main/othervm -Djava.security.debug=certpath GoogleCA CRL */ -import java.security.cert.CertificateEncodingException; - /* * Obtain TLS test artifacts for Google CAs from: * @@ -52,79 +50,82 @@ public class GoogleCA { public static void main(String[] args) throws Exception { - ValidatePathWithURL pathValidator = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLOnly(); + ValidatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPOnly(); + ValidatePathWithURL.enableOCSPOnly(); } - new GoogleGSR4().runTest(pathValidator); - new GoogleGTSR1().runTest(pathValidator); - new GoogleGTSR2().runTest(pathValidator); - new GoogleGTSR3().runTest(pathValidator); - new GoogleGTSR4().runTest(pathValidator); + new GoogleGSR4().runTest(); + new GoogleGTSR1().runTest(); + new GoogleGTSR2().runTest(); + new GoogleGTSR3().runTest(); + new GoogleGTSR4().runTest(); } } class GoogleGSR4 { private static final String VALID = "https://good.gsr4.demo.pki.goog/"; private static final String REVOKED = "https://revoked.gsr4.demo.pki.goog/"; - private static final String CA_FINGERPRINT = - "BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C"; + private static final String CA_ALIAS = "globalsigneccrootcar4 [jdk]"; - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class GoogleGTSR1 { private static final String VALID = "https://good.gtsr1.demo.pki.goog/"; private static final String REVOKED = "https://revoked.gtsr1.demo.pki.goog/"; - private static final String CA_FINGERPRINT = - "D9:47:43:2A:BD:E7:B7:FA:90:FC:2E:6B:59:10:1B:12:80:E0:E1:C7:E4:E4:0F:A3:C6:88:7F:FF:57:A7:F4:CF"; + private static final String CA_ALIAS = "gtsrootcar1 [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class GoogleGTSR2 { private static final String VALID = "https://good.gtsr2.demo.pki.goog/"; private static final String REVOKED = "https://revoked.gtsr2.demo.pki.goog/"; - private static final String CA_FINGERPRINT = - "8D:25:CD:97:22:9D:BF:70:35:6B:DA:4E:B3:CC:73:40:31:E2:4C:F0:0F:AF:CF:D3:2D:C7:6E:B5:84:1C:7E:A8"; + private static final String CA_ALIAS = "gtsrootcar2 [jdk]"; - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class GoogleGTSR3 { private static final String VALID = "https://good.gtsr3.demo.pki.goog/"; private static final String REVOKED = "https://revoked.gtsr3.demo.pki.goog/"; - private static final String CA_FINGERPRINT = - "34:D8:A7:3E:E2:08:D9:BC:DB:0D:95:65:20:93:4B:4E:40:E6:94:82:59:6E:8B:6F:73:C8:42:6B:01:0A:6F:48"; + private static final String CA_ALIAS = "gtsrootecccar3 [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class GoogleGTSR4 { private static final String VALID = "https://good.gtsr4.demo.pki.goog/"; private static final String REVOKED = "https://revoked.gtsr4.demo.pki.goog/"; - private static final String CA_FINGERPRINT = - "34:9D:FA:40:58:C5:E2:63:12:3B:39:8A:E7:95:57:3C:4E:13:13:C8:3F:E6:8F:93:55:6C:D5:E8:03:1B:3C:7D"; + private static final String CA_ALIAS = "gtsrootecccar4 [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java index 0cd5876b7d8b5..d8fd35b0e33b0 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java @@ -21,8 +21,6 @@ * questions. */ -import java.security.Security; - /* * @test * @bug 8189131 @@ -36,23 +34,22 @@ public class LetsEncryptCA { private static final String VALID = "https://valid-isrgrootx1.letsencrypt.org/"; private static final String REVOKED = "https://revoked-isrgrootx1.letsencrypt.org/"; - private static final String CA_FINGERPRINT = - "96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6"; + private static final String CA_ALIAS = "letsencryptisrgx1 [jdk]"; public static void main(String[] args) throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - validatePathWithURL.enableCRLOnly(); + ValidatePathWithURL.enableCRLOnly(); } if (args.length >= 1 && "OCSP".equalsIgnoreCase(args[0])){ - validatePathWithURL.enableOCSPOnly(); + ValidatePathWithURL.enableOCSPOnly(); } else { // EE certs don't have CRLs, intermediate cert doesn't specify OCSP responder - validatePathWithURL.enableOCSPAndCRL(); + ValidatePathWithURL.enableOCSPAndCRL(); } - validatePathWithURL.validateDomain(VALID, false, CA_FINGERPRINT); - validatePathWithURL.validateDomain(REVOKED, true, CA_FINGERPRINT); + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java index a71beb68e4c95..3a4c582be7de9 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java @@ -41,45 +41,44 @@ * @run main/othervm -Djava.security.debug=certpath MicrosoftTLS CRL */ -import java.security.cert.CertificateEncodingException; public class MicrosoftTLS { public static void main(String[] args) throws Exception { - ValidatePathWithURL pathValidator = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLOnly(); + ValidatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPOnly(); + ValidatePathWithURL.enableOCSPOnly(); } - new MicrosoftECCTLS().runTest(pathValidator); - new MicrosoftRSATLS().runTest(pathValidator); + new MicrosoftECCTLS().runTest(); + new MicrosoftRSATLS().runTest(); } } class MicrosoftECCTLS { private static final String VALID = "https://acteccroot2017.pki.microsoft.com/"; private static final String REVOKED = "https://rvkeccroot2017.pki.microsoft.com/"; - private static final String CA_FINGERPRINT = - "35:8D:F3:9D:76:4A:F9:E1:B7:66:E9:C9:72:DF:35:2E:E1:5C:FA:C2:27:AF:6A:D1:D7:0E:8E:4A:6E:DC:BA:02"; + private static final String CA_ALIAS = "microsoftecc2017 [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class MicrosoftRSATLS { private static final String VALID = "https://actrsaroot2017.pki.microsoft.com/"; private static final String REVOKED = "https://rvkrsaroot2017.pki.microsoft.com/"; - private static final String CA_FINGERPRINT = - "C7:41:F7:0F:4B:2A:8D:88:BF:2E:71:C1:41:22:EF:53:EF:10:EB:A0:CF:A5:E6:4C:FA:20:F4:18:85:30:73:E0"; + private static final String CA_ALIAS = "microsoftrsa2017 [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java index a3cb72a05185d..3a75035760ab4 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java @@ -41,8 +41,6 @@ * @run main/othervm -Djava.security.debug=certpath QuoVadisCA CRL */ -import java.security.cert.CertificateEncodingException; - /* * Obtain TLS test artifacts for QuoVadis CAs from: * @@ -52,53 +50,54 @@ public class QuoVadisCA { public static void main(String[] args) throws Exception { - ValidatePathWithURL pathValidator = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLOnly(); + ValidatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPOnly(); + ValidatePathWithURL.enableOCSPOnly(); } - new RootCA1G3().runTest(pathValidator); - new RootCA2G3().runTest(pathValidator); - new RootCA3G3().runTest(pathValidator); + new RootCA1G3().runTest(); + new RootCA2G3().runTest(); + new RootCA3G3().runTest(); } } class RootCA1G3 { private static final String VALID = "https://quovadis-root-ca-1-g3.chain-demos.digicert.com/"; private static final String REVOKED = "https://quovadis-root-ca-1-g3-revoked.chain-demos.digicert.com/"; - private static final String CA_FINGERPRINT = - "8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74"; + private static final String CA_ALIAS = "quovadisrootca1g3 [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class RootCA2G3 { private static final String VALID = "https://quovadis-root-ca-2-g3.chain-demos.digicert.com"; private static final String REVOKED = "https://quovadis-root-ca-2-g3-revoked.chain-demos.digicert.com"; - private static final String CA_FINGERPRINT = - "8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40"; + private static final String CA_ALIAS = "quovadisrootca2g3 [jdk]"; - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class RootCA3G3 { private static final String VALID = "https://quovadis-root-ca-3-g3.chain-demos.digicert.com"; private static final String REVOKED = "https://quovadis-root-ca-3-g3-revoked.chain-demos.digicert.com"; - private static final String CA_FINGERPRINT = - "88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46"; + private static final String CA_ALIAS = "quovadisrootca3g3 [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java index c5d7bb871c061..9efc6f67389e9 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java @@ -41,61 +41,58 @@ * @run main/othervm -Djava.security.debug=certpath SSLCA CRL */ -import java.security.cert.CertificateEncodingException; - public class SSLCA { public static void main(String[] args) throws Exception { - System.setProperty("jdk.security.certpath.ocspNonce", "true"); - - ValidatePathWithURL pathValidator = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - pathValidator.enableCRLOnly(); + ValidatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - pathValidator.enableOCSPOnly(); + ValidatePathWithURL.enableOCSPOnly(); } - new SSLCA_RSA().runTest(pathValidator); - new SSLCA_EV_RSA().runTest(pathValidator); - new SSLCA_ECC().runTest(pathValidator); + new SSLCA_RSA().runTest(); + new SSLCA_EV_RSA().runTest(); + new SSLCA_ECC().runTest(); } } class SSLCA_RSA { private static final String VALID = "https://test-dv-rsa.ssl.com"; private static final String REVOKED = "https://revoked-rsa-dv.ssl.com"; - private static final String CA_FINGERPRINT = - "85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69"; + private static final String CA_ALIAS = "sslrootrsaca [jdk]"; - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class SSLCA_EV_RSA { private static final String VALID = "https://test-ev-rsa.ssl.com"; private static final String REVOKED = "https://revoked-rsa-ev.ssl.com"; - private static final String CA_FINGERPRINT = - "2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C"; + private static final String CA_ALIAS = "sslrootevrsaca [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } class SSLCA_ECC { private static final String VALID = "https://test-dv-ecc.ssl.com"; private static final String REVOKED = "https://revoked-ecc-dv.ssl.com"; - private static final String CA_FINGERPRINT = - "34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65"; + private static final String CA_ALIAS = "sslrooteccca [jdk]"; + + public void runTest() throws Exception { + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - public void runTest(ValidatePathWithURL pathValidator) throws CertificateEncodingException { - pathValidator.validateDomain(VALID, false, CA_FINGERPRINT); - pathValidator.validateDomain(REVOKED, true, CA_FINGERPRINT); + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java index 8686a340784a1..b477299b15625 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java @@ -41,34 +41,24 @@ * @run main/othervm -Djava.security.debug=certpath TWCAGlobalCA CRL */ -/* - * Obtain TLS test artifacts for TWCA Global Root CA from: - * - * Valid TLS Certificates: - * https://evssldemo6.twca.com.tw - * - * Revoked TLS Certificates: - * https://evssldemo7.twca.com.tw - */ public class TWCAGlobalCA { private static final String VALID = "https://evssldemo6.twca.com.tw"; private static final String REVOKED = "https://evssldemo7.twca.com.tw"; - private static final String CA_FINGERPRINT = - "59:76:90:07:F7:68:5D:0F:CD:50:87:2F:9F:95:D5:75:5A:5B:2B:45:7D:81:F3:69:2B:61:0A:98:67:2F:0E:1B"; + private static final String CA_ALIAS = "twcaglobalrootca [jdk]"; public static void main(String[] args) throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - validatePathWithURL.enableCRLOnly(); + ValidatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - validatePathWithURL.enableOCSPOnly(); + ValidatePathWithURL.enableOCSPOnly(); } - validatePathWithURL.validateDomain(VALID, false, CA_FINGERPRINT); - validatePathWithURL.validateDomain(REVOKED, true, CA_FINGERPRINT); + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java index 9691b0e9c993a..54162733932b4 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java @@ -45,21 +45,20 @@ public class TeliaSoneraCA { private static final String VALID = "https://juolukka.cover.sonera.net:10443/"; private static final String REVOKED = "https://juolukka.cover.sonera.net:10444/"; - private static final String CA_FINGERPRINT = - "DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89"; + private static final String CA_ALIAS = "teliasonerarootcav1 [jdk]"; public static void main(String[] args) throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(); - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - validatePathWithURL.enableCRLOnly(); + ValidatePathWithURL.enableCRLOnly(); } else { // OCSP check by default - validatePathWithURL.enableOCSPOnly(); + ValidatePathWithURL.enableOCSPOnly(); } - validatePathWithURL.validateDomain(VALID, false, CA_FINGERPRINT); - validatePathWithURL.validateDomain(REVOKED, true, CA_FINGERPRINT); + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + + validatePathWithURL.validateDomain(VALID, false); + validatePathWithURL.validateDomain(REVOKED, true); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java index e772e3f286105..d0ab1e77f94c0 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java @@ -108,6 +108,7 @@ private boolean validateDomainCertChain(final String testURL, for (Certificate cert: chain){ if(cert instanceof X509Certificate certificate) { System.out.println("Checking: " + certificate.getSubjectX500Principal()); + System.out.println("Issuer: " + certificate.getIssuerX500Principal()); if (certificate.getIssuerX500Principal().equals(rootPrincipal)){ interCert = certificate; break; @@ -122,6 +123,7 @@ private boolean validateDomainCertChain(final String testURL, // validate intermediate CA signed by root CA under test System.out.println("Found intermediate root CA: " + interCert.getSubjectX500Principal()); + System.out.println("intermediate CA Issuer: " + interCert.getIssuerX500Principal()); interCert.verify(rootCertificate.getPublicKey()); System.out.println("Verified: Intermediate CA signed by test root CA"); } catch (SSLHandshakeException e) { From 71811873d94eea6fc9cefddf3e3c51bc4c437a52 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Wed, 31 May 2023 15:41:22 -0700 Subject: [PATCH 05/17] 8308592: remove unused imports --- .../security/cert/CertPathValidator/certification/AmazonCA.java | 2 -- .../cert/CertPathValidator/certification/EntrustCA.java | 1 - 2 files changed, 3 deletions(-) diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java index d012309e2722e..7f135fa6b8823 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java @@ -41,8 +41,6 @@ * @run main/othervm -Djava.security.debug=certpath AmazonCA CRL */ -import java.security.cert.CertificateEncodingException; - /* * Obtain TLS test artifacts for Amazon CAs from: * diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java index 3b29553096912..b4b8d7458a548 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java @@ -41,7 +41,6 @@ * @run main/othervm -Djava.security.debug=certpath EntrustCA CRL */ -import java.security.cert.CertificateEncodingException; public class EntrustCA { public static void main(String[] args) throws Exception { From ca76cf3d03ccb932432a6dc27f187501cfbd067a Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Thu, 1 Jun 2023 13:02:18 -0700 Subject: [PATCH 06/17] 8308592: Framework for CA interoperability testing --- .../certification/ActalisCA.java | 26 ++--- .../certification/AmazonCA.java | 77 +++---------- .../certification/BuypassCA.java | 63 +++-------- .../certification/CAInterop.java | 61 +++++++++++ .../certification/ComodoCA.java | 84 ++++---------- .../certification/EntrustCA.java | 46 +++----- .../certification/GlobalSignR6CA.java | 21 +--- .../certification/GoDaddyCA.java | 49 +++------ .../certification/GoogleCA.java | 103 +++++------------- .../certification/LetsEncryptCA.java | 21 +--- .../certification/MicrosoftTLS.java | 42 ++----- .../certification/QuoVadisCA.java | 59 +++------- .../certification/SSLCA.java | 59 +++------- .../certification/TWCAGlobalCA.java | 20 +--- .../certification/TeliaSoneraCA.java | 20 +--- .../certification/ValidatePathWithURL.java | 89 +++++++++------ 16 files changed, 289 insertions(+), 551 deletions(-) create mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java index 540009de5c161..37daa188aa7b8 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java @@ -42,22 +42,12 @@ */ public class ActalisCA { - private static final String VALID = "https://ssltest-active.actalis.it/"; - private static final String REVOKED = "https://ssltest-revoked.actalis.it/"; - private static final String CA_ALIAS = "actalisauthenticationrootca [jdk]"; + public static void main(String[] args) throws Exception { + CAInterop caInterop = new CAInterop(args[0]); - public static void main(String[] args) throws Exception { - - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } - - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} + // CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT + caInterop.validate("actalisauthenticationrootca [jdk]", + "https://ssltest-active.actalis.it/", + "https://ssltest-revoked.actalis.it/"); + } +} \ No newline at end of file diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java index 7f135fa6b8823..d72894308981b 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java @@ -47,71 +47,28 @@ * https://www.amazontrust.com/repository/ */ public class AmazonCA { - public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } - - new AmazonCA_1().runTest(); - new AmazonCA_2().runTest(); - new AmazonCA_3().runTest(); - new AmazonCA_4().runTest(); - } -} - -class AmazonCA_1 { - private static final String VALID = "https://valid.rootca1.demo.amazontrust.com/"; - private static final String REVOKED = "https://revoked.rootca1.demo.amazontrust.com/"; - private static final String CA_ALIAS = "amazonrootca1 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class AmazonCA_2 { - private static final String VALID = "https://valid.rootca2.demo.amazontrust.com/"; - private static final String REVOKED = "https://revoked.rootca2.demo.amazontrust.com/"; - private static final String CA_ALIAS = "amazonrootca2 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} + CAInterop caInterop = new CAInterop(args[0]); -class AmazonCA_3 { - private static final String VALID = "https://valid.rootca3.demo.amazontrust.com/"; - private static final String REVOKED = "https://revoked.rootca3.demo.amazontrust.com/"; - private static final String CA_ALIAS = "amazonrootca3 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} + // CN=Amazon Root CA 1, O=Amazon, C=US + caInterop.validate("amazonrootca1 [jdk]", + "https://valid.rootca1.demo.amazontrust.com/", + "https://revoked.rootca1.demo.amazontrust.com/"); -class AmazonCA_4 { - private static final String VALID = "https://valid.rootca4.demo.amazontrust.com/"; - private static final String REVOKED = "https://revoked.rootca4.demo.amazontrust.com/"; - private static final String CA_ALIAS = "amazonrootca4 [jdk]"; + // CN=Amazon Root CA 2, O=Amazon, C=US + caInterop.validate("amazonrootca2 [jdk]", + "https://valid.rootca2.demo.amazontrust.com/", + "https://revoked.rootca2.demo.amazontrust.com/"); - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + // CN=Amazon Root CA 3, O=Amazon, C=US + caInterop.validate("amazonrootca3 [jdk]", + "https://valid.rootca3.demo.amazontrust.com/", + "https://revoked.rootca3.demo.amazontrust.com/"); - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); + // CN=Amazon Root CA 4, O=Amazon, C=US + caInterop.validate("amazonrootca4 [jdk]", + "https://valid.rootca4.demo.amazontrust.com/", + "https://revoked.rootca4.demo.amazontrust.com/"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java index f4c200070cf6a..e055cc7800ed3 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java @@ -45,55 +45,28 @@ public class BuypassCA { public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } + CAInterop caInterop = new CAInterop(args[0]); - new BuypassClass2().runTest(); - new BuypassClass3().runTest(); - } -} - -class BuypassClass2 { - private static final String VALID_BUSINESS = "https://valid.business.ca22.ssl.buypass.no"; - private static final String REVOKED_BUSINESS = "https://revoked.business.ca22.ssl.buypass.no"; - private static final String VALID_DOMAIN = "https://valid.domain.ca22.ssl.buypass.no"; - private static final String REVOKED_DOMAIN = "https://revoked.domain.ca22.ssl.buypass.no"; - private static final String CA_ALIAS = "buypassclass2ca [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID_BUSINESS, false); - validatePathWithURL.validateDomain(REVOKED_BUSINESS, true); - - validatePathWithURL.validateDomain(VALID_DOMAIN, false); - validatePathWithURL.validateDomain(REVOKED_DOMAIN, true); - } -} - -class BuypassClass3 { - private static final String VALID_QC = "https://valid.qcevident.ca23.ssl.buypass.no"; - private static final String REVOKED_QC = "https://revoked.qcevident.ca23.ssl.buypass.no"; - private static final String VALID_EVIDENT = "https://valid.evident.ca23.ssl.buypass.no"; - private static final String REVOKED_EVIDENT = "https://revoked.evident.ca23.ssl.buypass.no"; - private static final String VALID_BUSINESSPLUS = "https://valid.businessplus.ca23.ssl.buypass.no"; - private static final String REVOKED_BUSINESSPLUS = "https://revoked.businessplus.ca23.ssl.buypass.no"; - private static final String CA_ALIAS = "buypassclass3ca [jdk]"; + // CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO + caInterop.validate("buypassclass2ca [jdk]", + "https://valid.business.ca22.ssl.buypass.no", + "https://revoked.business.ca22.ssl.buypass.no"); - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + caInterop.validate("buypassclass2ca [jdk]", + "https://valid.domain.ca22.ssl.buypass.no", + "https://revoked.domain.ca22.ssl.buypass.no"); - validatePathWithURL.validateDomain(VALID_QC, false); - validatePathWithURL.validateDomain(REVOKED_QC, true); + // CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO + caInterop.validate("buypassclass3ca [jdk]", + "https://valid.qcevident.ca23.ssl.buypass.no", + "https://revoked.qcevident.ca23.ssl.buypass.no"); - validatePathWithURL.validateDomain(VALID_EVIDENT, false); - validatePathWithURL.validateDomain(REVOKED_EVIDENT, true); + caInterop.validate("buypassclass3ca [jdk]", + "https://valid.evident.ca23.ssl.buypass.no", + "https://revoked.evident.ca23.ssl.buypass.no"); - validatePathWithURL.validateDomain(VALID_BUSINESSPLUS, false); - validatePathWithURL.validateDomain(REVOKED_BUSINESSPLUS, true); + caInterop.validate("buypassclass3ca [jdk]", + "https://valid.businessplus.ca23.ssl.buypass.n", + "https://revoked.businessplus.ca23.ssl.buypass.no"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java new file mode 100644 index 0000000000000..7f8352347be14 --- /dev/null +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +public final class CAInterop { + /** + * Constructor for interoperability test with third party CA. + * @param revocationMode revocation checking mode to use + */ + public CAInterop(String revocationMode){ + if ("CRL".equalsIgnoreCase(revocationMode)) { + ValidatePathWithURL.enableCRLOnly(); + } if ("OCSP".equalsIgnoreCase(revocationMode)) { + ValidatePathWithURL.enableOCSPOnly(); + }else { + // OCSP and CRL check by default + ValidatePathWithURL.enableOCSPAndCRL(); + } + } + + /** + * Validates provided URLs using HttpsURLConnection making sure they + * anchor to the root CA found in cacerts using provided alias. + * @param caAlias CA alis from cacerts file + * @param validCert valid test URL + * @param revokedCert revoked test URL + * @throws Exception thrown when certificate can't be validated as valid or revoked + */ + public void validate(String caAlias, + String validCert, + String revokedCert) throws Exception { + + ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(caAlias); + + if (validCert != null) { + validatePathWithURL.validateDomain(validCert, false); + } + + if (revokedCert != null) { + validatePathWithURL.validateDomain(revokedCert, true); + } + } +} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java index 7adf5efa3ffc9..954aa3b625fac 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java @@ -47,68 +47,26 @@ public class ComodoCA { public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } - - new ComodoRSA().runTest(); - new ComodoECC().runTest(); - new ComodoUserTrustRSA().runTest(); - new ComodoUserTrustECC().runTest(); - } -} - -class ComodoRSA { - private static final String VALID = "https://comodorsacertificationauthority-ev.comodoca.com"; - private static final String REVOKED = "https://comodorsacertificationauthority-ev.comodoca.com:444"; - private static final String CA_ALIAS = "comodorsaca [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class ComodoECC { - private static final String VALID = "https://comodoecccertificationauthority-ev.comodoca.com"; - private static final String REVOKED = "https://comodoecccertificationauthority-ev.comodoca.com:444"; - private static final String CA_ALIAS = "comodoeccca [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class ComodoUserTrustRSA { - private static final String VALID = "https://usertrustrsacertificationauthority-ev.comodoca.com"; - private static final String REVOKED = "https://usertrustrsacertificationauthority-ev.comodoca.com:444"; - private static final String CA_ALIAS = "usertrustrsaca [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class ComodoUserTrustECC { - private static final String VALID = "https://usertrustecccertificationauthority-ev.comodoca.com"; - private static final String REVOKED = "https://usertrustecccertificationauthority-ev.comodoca.com:444"; - private static final String CA_ALIAS = "usertrusteccca [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); + CAInterop caInterop = new CAInterop(args[0]); + + // CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB + caInterop.validate("comodorsaca [jdk]", + "https://comodorsacertificationauthority-ev.comodoca.com", + "https://comodorsacertificationauthority-ev.comodoca.com:444"); + + // CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB + caInterop.validate("comodoeccca [jdk]", + "https://comodoecccertificationauthority-ev.comodoca.com", + "https://comodoecccertificationauthority-ev.comodoca.com:444"); + + // CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US + caInterop.validate("usertrustrsaca [jdk]", + "https://usertrustrsacertificationauthority-ev.comodoca.com", + "https://usertrustrsacertificationauthority-ev.comodoca.com:444"); + + // CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US + caInterop.validate("usertrusteccca [jdk]", + "https://usertrustecccertificationauthority-ev.comodoca.com", + "https://usertrustecccertificationauthority-ev.comodoca.com:444"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java index b4b8d7458a548..2614a85909344 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java @@ -45,40 +45,20 @@ public class EntrustCA { public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } + CAInterop caInterop = new CAInterop(args[0]); - new Entrust_ECCA().runTest(); - new Entrust_G4().runTest(); - } -} - -class Entrust_ECCA { - private static final String VALID = "https://validec.entrust.net"; - private static final String REVOKED = "https://revokedec.entrust.net"; - private static final String CA_ALIAS = "entrustrootcaec1 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class Entrust_G4 { - private static final String VALID = "https://validg4.entrust.net"; - private static final String REVOKED = "https://revokedg4.entrust.net"; - private static final String CA_ALIAS = "entrustrootcag4 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + // CN=Entrust Root Certification Authority - EC1, + // OU="(c) 2012 Entrust, Inc. - for authorized use only", + // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US + caInterop.validate("entrustrootcaec1 [jdk]", + "https://validec.entrust.net", + "https://revokedec.entrust.net"); - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); + // CN=Entrust Root Certification Authority - G4, + // OU="(c) 2015 Entrust, Inc. - for authorized use only", + // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US + caInterop.validate("entrustrootcag4 [jdk]", + "https://validg4.entrust.net", + "https://revokedg4.entrust.net"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java index 34c61822371b2..0038580be970d 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java @@ -41,24 +41,13 @@ * @run main/othervm -Djava.security.debug=certpath GlobalSignR6CA CRL */ public class GlobalSignR6CA { - - private static final String VALID = "https://valid.r6.roots.globalsign.com/"; - private static final String REVOKED = "https://revoked.r6.roots.globalsign.com/"; - private static final String CA_ALIAS = "globalsignrootcar6 [jdk]"; - public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } + CAInterop caInterop = new CAInterop(args[0]); - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); + // CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6 + caInterop.validate("globalsignrootcar6 [jdk]", + "https://valid.r6.roots.globalsign.com", + "https://revoked.r6.roots.globalsign.com"); } } - diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java index f6b92611d2a08..bc6662875911e 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java @@ -44,41 +44,18 @@ public class GoDaddyCA { public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } - - new GoDaddyGdig2().runTest(); - new GoDaddySfig2().runTest(); - } -} - -class GoDaddyGdig2 { - private static final String VALID = "https://valid.gdig2.catest.godaddy.com/"; - private static final String REVOKED = "https://revoked.gdig2.catest.godaddy.com/"; - private static final String CA_ALIAS = "godaddyrootg2ca [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); + CAInterop caInterop = new CAInterop(args[0]); + + // CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", + // L=Scottsdale, ST=Arizona, C=US + caInterop.validate("godaddyrootg2ca [jdk]", + "https://valid.gdig2.catest.godaddy.com", + "https://revoked.gdig2.catest.godaddy.com"); + + // CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", + // L=Scottsdale, ST=Arizona, C=US + caInterop.validate("starfieldrootg2ca [jdk]", + "https://valid.sfig2.catest.starfieldtech.com", + "https://revoked.sfig2.catest.starfieldtech.com"); } } - -class GoDaddySfig2 { - private static final String VALID = "https://valid.sfig2.catest.starfieldtech.com/"; - private static final String REVOKED = "https://revoked.sfig2.catest.starfieldtech.com/"; - private static final String CA_ALIAS = "starfieldrootg2ca [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java index 91cdf453bf60b..04f8628d56916 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java @@ -50,82 +50,31 @@ public class GoogleCA { public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } - - new GoogleGSR4().runTest(); - new GoogleGTSR1().runTest(); - new GoogleGTSR2().runTest(); - new GoogleGTSR3().runTest(); - new GoogleGTSR4().runTest(); - } -} - -class GoogleGSR4 { - private static final String VALID = "https://good.gsr4.demo.pki.goog/"; - private static final String REVOKED = "https://revoked.gsr4.demo.pki.goog/"; - private static final String CA_ALIAS = "globalsigneccrootcar4 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class GoogleGTSR1 { - private static final String VALID = "https://good.gtsr1.demo.pki.goog/"; - private static final String REVOKED = "https://revoked.gtsr1.demo.pki.goog/"; - private static final String CA_ALIAS = "gtsrootcar1 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class GoogleGTSR2 { - private static final String VALID = "https://good.gtsr2.demo.pki.goog/"; - private static final String REVOKED = "https://revoked.gtsr2.demo.pki.goog/"; - private static final String CA_ALIAS = "gtsrootcar2 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class GoogleGTSR3 { - private static final String VALID = "https://good.gtsr3.demo.pki.goog/"; - private static final String REVOKED = "https://revoked.gtsr3.demo.pki.goog/"; - private static final String CA_ALIAS = "gtsrootecccar3 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class GoogleGTSR4 { - private static final String VALID = "https://good.gtsr4.demo.pki.goog/"; - private static final String REVOKED = "https://revoked.gtsr4.demo.pki.goog/"; - private static final String CA_ALIAS = "gtsrootecccar4 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); + CAInterop caInterop = new CAInterop(args[0]); + + // CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 + caInterop.validate("globalsigneccrootcar4 [jdk]", + "https://good.gsr4.demo.pki.goog", + "https://revoked.gsr4.demo.pki.goog"); + + // CN=GTS Root R1, O=Google Trust Services LLC, C=US + caInterop.validate("gtsrootcar1 [jdk]", + "https://good.gtsr1.demo.pki.goog", + "https://revoked.gtsr1.demo.pki.goog"); + + // CN=GTS Root R2, O=Google Trust Services LLC, C=US + caInterop.validate("gtsrootcar2 [jdk]", + "https://good.gtsr2.demo.pki.goog", + "https://revoked.gtsr2.demo.pki.goog"); + + // CN=GTS Root R3, O=Google Trust Services LLC, C=US + caInterop.validate("gtsrootecccar3 [jdk]", + "https://good.gtsr3.demo.pki.goog", + "https://revoked.gtsr3.demo.pki.goog"); + + // CN=GTS Root R4, O=Google Trust Services LLC, C=US + caInterop.validate("gtsrootecccar4 [jdk]", + "https://good.gtsr4.demo.pki.goog", + "https://revoked.gtsr4.demo.pki.goog"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java index d8fd35b0e33b0..748664bb9960b 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java @@ -32,24 +32,13 @@ */ public class LetsEncryptCA { - private static final String VALID = "https://valid-isrgrootx1.letsencrypt.org/"; - private static final String REVOKED = "https://revoked-isrgrootx1.letsencrypt.org/"; - private static final String CA_ALIAS = "letsencryptisrgx1 [jdk]"; - public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } if (args.length >= 1 && "OCSP".equalsIgnoreCase(args[0])){ - ValidatePathWithURL.enableOCSPOnly(); - } else { - // EE certs don't have CRLs, intermediate cert doesn't specify OCSP responder - ValidatePathWithURL.enableOCSPAndCRL(); - } - - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + CAInterop caInterop = new CAInterop(args[0]); - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); + // CN=ISRG Root X1, O=Internet Security Research Group, C=US + caInterop.validate("letsencryptisrgx1 [jdk]", + "https://valid-isrgrootx1.letsencrypt.org", + "https://revoked-isrgrootx1.letsencrypt.org"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java index 3a4c582be7de9..bb9593c54be3a 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java @@ -45,40 +45,16 @@ public class MicrosoftTLS { public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } + CAInterop caInterop = new CAInterop(args[0]); - new MicrosoftECCTLS().runTest(); - new MicrosoftRSATLS().runTest(); - } -} - -class MicrosoftECCTLS { - private static final String VALID = "https://acteccroot2017.pki.microsoft.com/"; - private static final String REVOKED = "https://rvkeccroot2017.pki.microsoft.com/"; - private static final String CA_ALIAS = "microsoftecc2017 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class MicrosoftRSATLS { - private static final String VALID = "https://actrsaroot2017.pki.microsoft.com/"; - private static final String REVOKED = "https://rvkrsaroot2017.pki.microsoft.com/"; - private static final String CA_ALIAS = "microsoftrsa2017 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + // CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US + caInterop.validate("microsoftecc2017 [jdk]", + "https://acteccroot2017.pki.microsoft.com", + "https://rvkeccroot2017.pki.microsoft.com"); - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); + // CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US + caInterop.validate("microsoftrsa2017 [jdk]", + "https://actrsaroot2017.pki.microsoft.com", + "https://rvkrsaroot2017.pki.microsoft.com"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java index 3a75035760ab4..c7284a78b726d 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java @@ -50,54 +50,21 @@ public class QuoVadisCA { public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } + CAInterop caInterop = new CAInterop(args[0]); - new RootCA1G3().runTest(); - new RootCA2G3().runTest(); - new RootCA3G3().runTest(); - } -} - -class RootCA1G3 { - private static final String VALID = "https://quovadis-root-ca-1-g3.chain-demos.digicert.com/"; - private static final String REVOKED = "https://quovadis-root-ca-1-g3-revoked.chain-demos.digicert.com/"; - private static final String CA_ALIAS = "quovadisrootca1g3 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class RootCA2G3 { - private static final String VALID = "https://quovadis-root-ca-2-g3.chain-demos.digicert.com"; - private static final String REVOKED = "https://quovadis-root-ca-2-g3-revoked.chain-demos.digicert.com"; - private static final String CA_ALIAS = "quovadisrootca2g3 [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class RootCA3G3 { - private static final String VALID = "https://quovadis-root-ca-3-g3.chain-demos.digicert.com"; - private static final String REVOKED = "https://quovadis-root-ca-3-g3-revoked.chain-demos.digicert.com"; - private static final String CA_ALIAS = "quovadisrootca3g3 [jdk]"; + // CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM + caInterop.validate("quovadisrootca1g3 [jdk]", + "https://quovadis-root-ca-1-g3.chain-demos.digicert.com", + "https://quovadis-root-ca-1-g3-revoked.chain-demos.digicert.com"); - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + // CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM + caInterop.validate("quovadisrootca2g3 [jdk]", + "https://quovadis-root-ca-2-g3.chain-demos.digicert.com", + "https://quovadis-root-ca-2-g3-revoked.chain-demos.digicert.com"); - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); + // CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM + caInterop.validate("quovadisrootca3g3 [jdk]", + "https://quovadis-root-ca-3-g3.chain-demos.digicert.com", + "https://quovadis-root-ca-3-g3-revoked.chain-demos.digicert.com"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java index 9efc6f67389e9..ee431e765b311 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java @@ -45,54 +45,21 @@ public class SSLCA { public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } + CAInterop caInterop = new CAInterop(args[0]); - new SSLCA_RSA().runTest(); - new SSLCA_EV_RSA().runTest(); - new SSLCA_ECC().runTest(); - } -} - -class SSLCA_RSA { - private static final String VALID = "https://test-dv-rsa.ssl.com"; - private static final String REVOKED = "https://revoked-rsa-dv.ssl.com"; - private static final String CA_ALIAS = "sslrootrsaca [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class SSLCA_EV_RSA { - private static final String VALID = "https://test-ev-rsa.ssl.com"; - private static final String REVOKED = "https://revoked-rsa-ev.ssl.com"; - private static final String CA_ALIAS = "sslrootevrsaca [jdk]"; - - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); - - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); - } -} - -class SSLCA_ECC { - private static final String VALID = "https://test-dv-ecc.ssl.com"; - private static final String REVOKED = "https://revoked-ecc-dv.ssl.com"; - private static final String CA_ALIAS = "sslrooteccca [jdk]"; + // CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US + caInterop.validate("sslrootrsaca [jdk]", + "https://test-dv-rsa.ssl.com", + "https://revoked-rsa-dv.ssl.com"); - public void runTest() throws Exception { - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + // CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US + caInterop.validate("sslrootevrsaca [jdk]", + "https://test-ev-rsa.ssl.com", + "https://revoked-rsa-ev.ssl.com"); - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); + // CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US + caInterop.validate("sslrooteccca [jdk]", + "https://test-dv-ecc.ssl.com", + "https://revoked-ecc-dv.ssl.com"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java index b477299b15625..2b5ed7a9b2235 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java @@ -42,23 +42,13 @@ */ public class TWCAGlobalCA { - - private static final String VALID = "https://evssldemo6.twca.com.tw"; - private static final String REVOKED = "https://evssldemo7.twca.com.tw"; - private static final String CA_ALIAS = "twcaglobalrootca [jdk]"; - public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } - - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + CAInterop caInterop = new CAInterop(args[0]); - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); + // CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW + caInterop.validate("twcaglobalrootca [jdk]", + "hhttps://evssldemo6.twca.com.tw", + "https://evssldemo7.twca.com.tw"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java index 54162733932b4..45f53d6382a63 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java @@ -42,23 +42,13 @@ */ public class TeliaSoneraCA { - - private static final String VALID = "https://juolukka.cover.sonera.net:10443/"; - private static final String REVOKED = "https://juolukka.cover.sonera.net:10444/"; - private static final String CA_ALIAS = "teliasonerarootcav1 [jdk]"; - public static void main(String[] args) throws Exception { - if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) { - ValidatePathWithURL.enableCRLOnly(); - } else { - // OCSP check by default - ValidatePathWithURL.enableOCSPOnly(); - } - - ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(CA_ALIAS); + CAInterop caInterop = new CAInterop(args[0]); - validatePathWithURL.validateDomain(VALID, false); - validatePathWithURL.validateDomain(REVOKED, true); + // CN=TeliaSonera Root CA v1, O=TeliaSonera + caInterop.validate("teliasonerarootcav1 [jdk]", + "https://juolukka.cover.sonera.net:10443", + "https://juolukka.cover.sonera.net:10444"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java index d0ab1e77f94c0..3f7891251515d 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java @@ -37,6 +37,12 @@ public class ValidatePathWithURL { private final X509Certificate rootCertificate; private final X500Principal rootPrincipal; + /** + * Enables the certificate revocation checking and loads the certificate from + * cacerts file for give caAlias + * @param caAlias CA alias for CA certificate in cacerts file + * @throws Exception when fails to get CA certificate from cacerts file + */ public ValidatePathWithURL(String caAlias) throws Exception { System.setProperty("com.sun.net.ssl.checkRevocation", "true"); Security.setProperty("ssl.TrustManagerFactory.algorithm", "SunPKIX"); @@ -57,24 +63,40 @@ public ValidatePathWithURL(String caAlias) throws Exception { rootPrincipal = rootCertificate.getSubjectX500Principal(); } + /** + * Enable revocation checking using OCSP and disables CRL check + */ public static void enableOCSPOnly() { System.setProperty("com.sun.security.enableCRLDP", "false"); Security.setProperty("ocsp.enable", "true"); } + /** + * Enable revocation checking using CRL + */ public static void enableCRLOnly() { System.setProperty("com.sun.security.enableCRLDP", "true"); } + /** + * Enable revocation checking using OCSP or CRL + */ public static void enableOCSPAndCRL() { System.setProperty("com.sun.security.enableCRLDP", "true"); Security.setProperty("ocsp.enable", "true"); } + /** + * Validates end entity certificate used in provided test URL using + * HttpsURLConnection. Validation is skipped on network error or if + * the certificate is expired. + * @param testURL URL to validate + * @param revokedCert if true then validate is REVOKED certificate + * @throws Exception on failure to validate certificate + */ public void validateDomain(final String testURL, final boolean revokedCert) - throws CertificateException, NoSuchAlgorithmException, SignatureException, - InvalidKeyException, NoSuchProviderException { + throws Exception { System.out.println(); System.out.println("===== Validate " + testURL + "====="); if (!validateDomainCertChain(testURL, revokedCert)) { @@ -85,8 +107,7 @@ public void validateDomain(final String testURL, private boolean validateDomainCertChain(final String testURL, final boolean revokedCert) - throws CertificateException, NoSuchAlgorithmException, SignatureException, - InvalidKeyException, NoSuchProviderException { + throws Exception { HttpsURLConnection httpsURLConnection = null; try { URL url = new URL(testURL); @@ -98,34 +119,7 @@ private boolean validateDomainCertChain(final String testURL, // if the connection is successful Certificate[] chain = httpsURLConnection.getServerCertificates(); httpsURLConnection.disconnect(); - X509Certificate interCert = null; - - // fail if there is no intermediate CA or self-signed - if (chain.length < 2) { - throw new RuntimeException("Cert chain too short " + chain.length); - } else { - System.out.println("Finding intermediate certificate issued by CA"); - for (Certificate cert: chain){ - if(cert instanceof X509Certificate certificate) { - System.out.println("Checking: " + certificate.getSubjectX500Principal()); - System.out.println("Issuer: " + certificate.getIssuerX500Principal()); - if (certificate.getIssuerX500Principal().equals(rootPrincipal)){ - interCert = certificate; - break; - } - } - } - } - - if (interCert == null){ - throw new RuntimeException("Intermediate Root CA not found in the chain"); - } - - // validate intermediate CA signed by root CA under test - System.out.println("Found intermediate root CA: " + interCert.getSubjectX500Principal()); - System.out.println("intermediate CA Issuer: " + interCert.getIssuerX500Principal()); - interCert.verify(rootCertificate.getPublicKey()); - System.out.println("Verified: Intermediate CA signed by test root CA"); + validateAnchor(chain); } catch (SSLHandshakeException e) { System.out.println("SSLHandshakeException: " + e.getMessage()); Throwable cause = e.getCause(); @@ -163,6 +157,37 @@ private boolean validateDomainCertChain(final String testURL, return !revokedCert; } + private void validateAnchor(Certificate[] chain) throws Exception { + X509Certificate interCert = null; + + // fail if there is no intermediate CA or self-signed + if (chain.length < 2) { + throw new RuntimeException("Cert chain too short " + chain.length); + } else { + System.out.println("Finding intermediate certificate issued by CA"); + for (Certificate cert: chain){ + if(cert instanceof X509Certificate certificate) { + System.out.println("Checking: " + certificate.getSubjectX500Principal()); + System.out.println("Issuer: " + certificate.getIssuerX500Principal()); + if (certificate.getIssuerX500Principal().equals(rootPrincipal)){ + interCert = certificate; + break; + } + } + } + } + + if (interCert == null){ + throw new RuntimeException("Intermediate Root CA not found in the chain"); + } + + // validate intermediate CA signed by root CA under test + System.out.println("Found intermediate root CA: " + interCert.getSubjectX500Principal()); + System.out.println("intermediate CA Issuer: " + interCert.getIssuerX500Principal()); + interCert.verify(rootCertificate.getPublicKey()); + System.out.println("Verified: Intermediate CA signed by test root CA"); + } + private static class CustomHostnameVerifier implements HostnameVerifier { @Override public boolean verify(String hostname, SSLSession session) { From 8a919ded11c27e8d811753c53c096419a9798d82 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Thu, 1 Jun 2023 13:08:52 -0700 Subject: [PATCH 07/17] minor cleanup --- .../certification/ActalisCA.java | 2 +- .../certification/CAInterop.java | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java index 37daa188aa7b8..fbdde464771a9 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java @@ -50,4 +50,4 @@ public static void main(String[] args) throws Exception { "https://ssltest-active.actalis.it/", "https://ssltest-revoked.actalis.it/"); } -} \ No newline at end of file +} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java index 7f8352347be14..964c0d253619f 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java @@ -40,22 +40,22 @@ public CAInterop(String revocationMode){ * Validates provided URLs using HttpsURLConnection making sure they * anchor to the root CA found in cacerts using provided alias. * @param caAlias CA alis from cacerts file - * @param validCert valid test URL - * @param revokedCert revoked test URL + * @param validCertURL valid test URL + * @param revokedCertURL revoked test URL * @throws Exception thrown when certificate can't be validated as valid or revoked */ public void validate(String caAlias, - String validCert, - String revokedCert) throws Exception { + String validCertURL, + String revokedCertURL) throws Exception { ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(caAlias); - if (validCert != null) { - validatePathWithURL.validateDomain(validCert, false); + if (validCertURL != null) { + validatePathWithURL.validateDomain(validCertURL, false); } - if (revokedCert != null) { - validatePathWithURL.validateDomain(revokedCert, true); + if (revokedCertURL != null) { + validatePathWithURL.validateDomain(revokedCertURL, true); } } } From 9d42b5947c3d4fed9d130a90db193f20ed9b3748 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Thu, 1 Jun 2023 13:53:33 -0700 Subject: [PATCH 08/17] Address review comments --- .../certification/ActalisCA.java | 8 +++----- .../certification/AmazonCA.java | 6 ++---- .../certification/BuypassCA.java | 6 ++---- .../certification/CAInterop.java | 17 ++++++++++------- .../certification/ComodoCA.java | 6 ++---- .../certification/EntrustCA.java | 6 ++---- .../certification/GlobalSignR6CA.java | 6 ++---- .../certification/GoDaddyCA.java | 6 ++---- .../certification/GoogleCA.java | 6 ++---- .../certification/LetsEncryptCA.java | 3 +-- .../certification/MicrosoftTLS.java | 6 ++---- .../certification/QuoVadisCA.java | 6 ++---- .../certification/SSLCA.java | 6 ++---- .../certification/TWCAGlobalCA.java | 6 ++---- .../certification/TeliaSoneraCA.java | 6 ++---- .../certification/ValidatePathWithURL.java | 19 +++++++++++++------ 16 files changed, 51 insertions(+), 68 deletions(-) diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java index fbdde464771a9..a2a636eb74718 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java @@ -21,13 +21,12 @@ * questions. */ - /* +/* * @test id=OCSP * @bug 8189131 * @summary Interoperability tests with Actalis CA * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm/timeout=180 -Djava.security.debug=certpath ActalisCA OCSP */ @@ -36,8 +35,7 @@ * @bug 8189131 * @summary Interoperability tests with Actalis CA * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm/timeout=180 -Djava.security.debug=certpath ActalisCA CRL */ diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java index d72894308981b..6f96b44325719 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java @@ -26,8 +26,7 @@ * @bug 8233223 * @summary Interoperability tests with Amazon's CA1, CA2, CA3, and CA4 * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath AmazonCA OCSP */ @@ -36,8 +35,7 @@ * @bug 8233223 * @summary Interoperability tests with Amazon's CA1, CA2, CA3, and CA4 * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath AmazonCA CRL */ diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java index e055cc7800ed3..f0af336f1a84e 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java @@ -26,8 +26,7 @@ * @bug 8189131 * @summary Interoperability tests with Buypass Class 2 and Class 3 CA * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm/timeout=180 -Djava.security.debug=certpath BuypassCA OCSP */ @@ -36,8 +35,7 @@ * @bug 8189131 * @summary Interoperability tests with Buypass Class 2 and Class 3 CA * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm/timeout=180 -Djava.security.debug=certpath BuypassCA CRL */ diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java index 964c0d253619f..277ba51e43c18 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java @@ -23,14 +23,16 @@ public final class CAInterop { /** * Constructor for interoperability test with third party CA. + * * @param revocationMode revocation checking mode to use */ - public CAInterop(String revocationMode){ + public CAInterop(String revocationMode) { if ("CRL".equalsIgnoreCase(revocationMode)) { ValidatePathWithURL.enableCRLOnly(); - } if ("OCSP".equalsIgnoreCase(revocationMode)) { + } + if ("OCSP".equalsIgnoreCase(revocationMode)) { ValidatePathWithURL.enableOCSPOnly(); - }else { + } else { // OCSP and CRL check by default ValidatePathWithURL.enableOCSPAndCRL(); } @@ -39,14 +41,15 @@ public CAInterop(String revocationMode){ /** * Validates provided URLs using HttpsURLConnection making sure they * anchor to the root CA found in cacerts using provided alias. - * @param caAlias CA alis from cacerts file - * @param validCertURL valid test URL + * + * @param caAlias CA alis from cacerts file + * @param validCertURL valid test URL * @param revokedCertURL revoked test URL * @throws Exception thrown when certificate can't be validated as valid or revoked */ public void validate(String caAlias, - String validCertURL, - String revokedCertURL) throws Exception { + String validCertURL, + String revokedCertURL) throws Exception { ValidatePathWithURL validatePathWithURL = new ValidatePathWithURL(caAlias); diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java index 954aa3b625fac..f9aa44dbd9a2f 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java @@ -27,8 +27,7 @@ * @summary Interoperability tests with Comodo RSA, ECC, userTrust RSA, and * userTrust ECC CAs * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath ComodoCA OCSP */ @@ -38,8 +37,7 @@ * @summary Interoperability tests with Comodo RSA, ECC, userTrust RSA, and * userTrust ECC CAs * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath ComodoCA CRL */ diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java index 2614a85909344..a80ff2962f25c 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java @@ -26,8 +26,7 @@ * @bug 8195774 8243321 * @summary Interoperability tests with Entrust CAs * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath EntrustCA OCSP */ @@ -36,8 +35,7 @@ * @bug 8195774 8243321 * @summary Interoperability tests with Entrust CAs * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath EntrustCA CRL */ diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java index 0038580be970d..73411c5da1b8d 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java @@ -26,8 +26,7 @@ * @bug 8216577 8249176 * @summary Interoperability tests with GlobalSign R6 CA * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath GlobalSignR6CA OCSP */ @@ -36,8 +35,7 @@ * @bug 8216577 8249176 * @summary Interoperability tests with GlobalSign R6 CA * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath GlobalSignR6CA CRL */ public class GlobalSignR6CA { diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java index bc6662875911e..32363e70c1052 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java @@ -26,8 +26,7 @@ * @bug 8196141 * @summary Interoperability tests with GoDaddy/Starfield CA * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath GoDaddyCA OCSP */ @@ -36,8 +35,7 @@ * @bug 8196141 * @summary Interoperability tests with GoDaddy/Starfield CA * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath GoDaddyCA CRL */ public class GoDaddyCA { diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java index 04f8628d56916..f0d3c86dcbc6d 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java @@ -26,8 +26,7 @@ * @bug 8307134 * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath GoogleCA OCSP */ @@ -36,8 +35,7 @@ * @bug 8307134 * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath GoogleCA CRL */ diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java index 748664bb9960b..a31bfdc415f06 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java @@ -26,8 +26,7 @@ * @bug 8189131 * @summary Interoperability tests with Let's Encrypt CA using OCSP and CRL * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath LetsEncryptCA DEFAULT */ public class LetsEncryptCA { diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java index bb9593c54be3a..6b07b6dfdf584 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java @@ -26,8 +26,7 @@ * @bug 8304760 * @summary Interoperability tests with Microsoft TLS root CAs * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath MicrosoftTLS OCSP */ @@ -36,8 +35,7 @@ * @bug 8304760 * @summary Interoperability tests with Microsoft TLS root CAs * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath MicrosoftTLS CRL */ diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java index c7284a78b726d..700d46eb9b681 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java @@ -26,8 +26,7 @@ * @bug 8189131 * @summary Interoperability tests with QuoVadis Root CA1, CA2, and CA3 G3 CAs using OCSP * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath QuoVadisCA OCSP */ @@ -36,8 +35,7 @@ * @bug 8189131 * @summary Interoperability tests with QuoVadis Root CA1, CA2, and CA3 G3 CAs using CRL * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath QuoVadisCA CRL */ diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java index ee431e765b311..7a9f0a96f462b 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java @@ -26,8 +26,7 @@ * @bug 8243320 8256895 * @summary Interoperability tests with SSL.com's RSA, EV RSA, and ECC CA * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath SSLCA OCSP */ @@ -36,8 +35,7 @@ * @bug 8243320 8256895 * @summary Interoperability tests with SSL.com's RSA, EV RSA, and ECC CA * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath SSLCA CRL */ diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java index 2b5ed7a9b2235..ebd99b27eacfd 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java @@ -26,8 +26,7 @@ * @bug 8305975 * @summary Interoperability tests with TWCA Global Root CA from TAIWAN-CA * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath TWCAGlobalCA OCSP */ @@ -36,8 +35,7 @@ * @bug 8305975 * @summary Interoperability tests with TWCA Global Root CA from TAIWAN-CA * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm -Djava.security.debug=certpath TWCAGlobalCA CRL */ diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java index 45f53d6382a63..f02da503f46d2 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java @@ -26,8 +26,7 @@ * @bug 8210432 * @summary Interoperability tests with TeliaSonera Root CA v1 using OCSP * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm TeliaSoneraCA OCSP */ @@ -36,8 +35,7 @@ * @bug 8210432 * @summary Interoperability tests with TeliaSonera Root CA v1 using CRL * @library /test/lib - * @build jtreg.SkippedException - * @build ValidatePathWithURL + * @build jtreg.SkippedException ValidatePathWithURL CAInterop * @run main/othervm TeliaSoneraCA CRL */ diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java index 3f7891251515d..1144c65f95a09 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java @@ -40,6 +40,7 @@ public class ValidatePathWithURL { /** * Enables the certificate revocation checking and loads the certificate from * cacerts file for give caAlias + * * @param caAlias CA alias for CA certificate in cacerts file * @throws Exception when fails to get CA certificate from cacerts file */ @@ -90,7 +91,8 @@ public static void enableOCSPAndCRL() { * Validates end entity certificate used in provided test URL using * HttpsURLConnection. Validation is skipped on network error or if * the certificate is expired. - * @param testURL URL to validate + * + * @param testURL URL to validate * @param revokedCert if true then validate is REVOKED certificate * @throws Exception on failure to validate certificate */ @@ -129,6 +131,11 @@ private boolean validateDomainCertChain(final String testURL, if (cpve.getReason() == CertPathValidatorException.BasicReason.REVOKED || cpve.getCause() instanceof CertificateRevokedException) { System.out.println("Certificate is revoked"); + + // We can validate anchor for revoked certificates as well + Certificate[] chain = cpve.getCertPath().getCertificates().toArray(new Certificate[0]); + validateAnchor(chain); + if (revokedCert) { return true; } @@ -149,7 +156,7 @@ private boolean validateDomainCertChain(final String testURL, } catch (IOException e) { throw new SkippedException("Network setup issue, skip this test", e); } finally { - if(httpsURLConnection != null) { + if (httpsURLConnection != null) { httpsURLConnection.disconnect(); } } @@ -165,11 +172,11 @@ private void validateAnchor(Certificate[] chain) throws Exception { throw new RuntimeException("Cert chain too short " + chain.length); } else { System.out.println("Finding intermediate certificate issued by CA"); - for (Certificate cert: chain){ - if(cert instanceof X509Certificate certificate) { + for (Certificate cert : chain) { + if (cert instanceof X509Certificate certificate) { System.out.println("Checking: " + certificate.getSubjectX500Principal()); System.out.println("Issuer: " + certificate.getIssuerX500Principal()); - if (certificate.getIssuerX500Principal().equals(rootPrincipal)){ + if (certificate.getIssuerX500Principal().equals(rootPrincipal)) { interCert = certificate; break; } @@ -177,7 +184,7 @@ private void validateAnchor(Certificate[] chain) throws Exception { } } - if (interCert == null){ + if (interCert == null) { throw new RuntimeException("Intermediate Root CA not found in the chain"); } From e64e32fa5b7996a6cdf74d7e7ed4cea8a22d06eb Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Thu, 1 Jun 2023 14:41:25 -0700 Subject: [PATCH 09/17] Fix typos and reformat code --- .../certification/ActalisCA.java | 4 ++-- .../certification/AmazonCA.java | 16 ++++++++-------- .../certification/BuypassCA.java | 4 ++-- .../certification/ComodoCA.java | 2 +- .../certification/GlobalSignR6CA.java | 2 +- .../certification/LetsEncryptCA.java | 14 +++++++------- .../certification/TWCAGlobalCA.java | 2 +- 7 files changed, 22 insertions(+), 22 deletions(-) diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java index a2a636eb74718..b0c09fdd08142 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java @@ -45,7 +45,7 @@ public static void main(String[] args) throws Exception { // CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT caInterop.validate("actalisauthenticationrootca [jdk]", - "https://ssltest-active.actalis.it/", - "https://ssltest-revoked.actalis.it/"); + "https://ssltest-active.actalis.it", + "https://ssltest-revoked.actalis.it"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java index 6f96b44325719..0fa1f1154c735 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java @@ -51,22 +51,22 @@ public static void main(String[] args) throws Exception { // CN=Amazon Root CA 1, O=Amazon, C=US caInterop.validate("amazonrootca1 [jdk]", - "https://valid.rootca1.demo.amazontrust.com/", - "https://revoked.rootca1.demo.amazontrust.com/"); + "https://valid.rootca1.demo.amazontrust.com", + "https://revoked.rootca1.demo.amazontrust.com"); // CN=Amazon Root CA 2, O=Amazon, C=US caInterop.validate("amazonrootca2 [jdk]", - "https://valid.rootca2.demo.amazontrust.com/", - "https://revoked.rootca2.demo.amazontrust.com/"); + "https://valid.rootca2.demo.amazontrust.com", + "https://revoked.rootca2.demo.amazontrust.com"); // CN=Amazon Root CA 3, O=Amazon, C=US caInterop.validate("amazonrootca3 [jdk]", - "https://valid.rootca3.demo.amazontrust.com/", - "https://revoked.rootca3.demo.amazontrust.com/"); + "https://valid.rootca3.demo.amazontrust.com", + "https://revoked.rootca3.demo.amazontrust.com"); // CN=Amazon Root CA 4, O=Amazon, C=US caInterop.validate("amazonrootca4 [jdk]", - "https://valid.rootca4.demo.amazontrust.com/", - "https://revoked.rootca4.demo.amazontrust.com/"); + "https://valid.rootca4.demo.amazontrust.com", + "https://revoked.rootca4.demo.amazontrust.com"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java index f0af336f1a84e..86b8764b7ebcc 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java @@ -21,7 +21,7 @@ * questions. */ - /* +/* * @test id=OCSP * @bug 8189131 * @summary Interoperability tests with Buypass Class 2 and Class 3 CA @@ -64,7 +64,7 @@ public static void main(String[] args) throws Exception { "https://revoked.evident.ca23.ssl.buypass.no"); caInterop.validate("buypassclass3ca [jdk]", - "https://valid.businessplus.ca23.ssl.buypass.n", + "https://valid.businessplus.ca23.ssl.buypass.no", "https://revoked.businessplus.ca23.ssl.buypass.no"); } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java index f9aa44dbd9a2f..ecebfaea23225 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java @@ -21,7 +21,7 @@ * questions. */ - /* +/* * @test id=OCSP * @bug 8189131 * @summary Interoperability tests with Comodo RSA, ECC, userTrust RSA, and diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java index 73411c5da1b8d..1e19742c555a0 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java @@ -21,7 +21,7 @@ * questions. */ - /* +/* * @test id=OCSP * @bug 8216577 8249176 * @summary Interoperability tests with GlobalSign R6 CA diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java index a31bfdc415f06..d590623c4a48d 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java @@ -31,13 +31,13 @@ */ public class LetsEncryptCA { - public static void main(String[] args) throws Exception { + public static void main(String[] args) throws Exception { - CAInterop caInterop = new CAInterop(args[0]); + CAInterop caInterop = new CAInterop(args[0]); - // CN=ISRG Root X1, O=Internet Security Research Group, C=US - caInterop.validate("letsencryptisrgx1 [jdk]", - "https://valid-isrgrootx1.letsencrypt.org", - "https://revoked-isrgrootx1.letsencrypt.org"); - } + // CN=ISRG Root X1, O=Internet Security Research Group, C=US + caInterop.validate("letsencryptisrgx1 [jdk]", + "https://valid-isrgrootx1.letsencrypt.org", + "https://revoked-isrgrootx1.letsencrypt.org"); + } } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java index ebd99b27eacfd..42aa63bb97576 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java @@ -46,7 +46,7 @@ public static void main(String[] args) throws Exception { // CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW caInterop.validate("twcaglobalrootca [jdk]", - "hhttps://evssldemo6.twca.com.tw", + "https://evssldemo6.twca.com.tw", "https://evssldemo7.twca.com.tw"); } } From 1ced572fc17f195d8e9c2725286a97804d72d307 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Fri, 2 Jun 2023 11:20:38 -0700 Subject: [PATCH 10/17] Enable OCSP logging --- .../cert/CertPathValidator/certification/ActalisCA.java | 2 +- .../cert/CertPathValidator/certification/AmazonCA.java | 2 +- .../cert/CertPathValidator/certification/BuypassCA.java | 2 +- .../cert/CertPathValidator/certification/ComodoCA.java | 2 +- .../cert/CertPathValidator/certification/EntrustCA.java | 2 +- .../cert/CertPathValidator/certification/GlobalSignR6CA.java | 2 +- .../cert/CertPathValidator/certification/GoDaddyCA.java | 2 +- .../cert/CertPathValidator/certification/GoogleCA.java | 2 +- .../cert/CertPathValidator/certification/LetsEncryptCA.java | 2 +- .../cert/CertPathValidator/certification/MicrosoftTLS.java | 2 +- .../cert/CertPathValidator/certification/QuoVadisCA.java | 2 +- .../security/cert/CertPathValidator/certification/SSLCA.java | 2 +- .../cert/CertPathValidator/certification/TWCAGlobalCA.java | 2 +- .../cert/CertPathValidator/certification/TeliaSoneraCA.java | 4 ++-- 14 files changed, 15 insertions(+), 15 deletions(-) diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java index b0c09fdd08142..ee9c0dac5e292 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with Actalis CA * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm/timeout=180 -Djava.security.debug=certpath ActalisCA OCSP + * @run main/othervm/timeout=180 -Djava.security.debug=certpath,ocsp ActalisCA OCSP */ /* diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java index 0fa1f1154c735..54e355b3e3a7c 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with Amazon's CA1, CA2, CA3, and CA4 * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath AmazonCA OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp AmazonCA OCSP */ /* diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java index 86b8764b7ebcc..23066b6395b2c 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with Buypass Class 2 and Class 3 CA * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm/timeout=180 -Djava.security.debug=certpath BuypassCA OCSP + * @run main/othervm/timeout=180 -Djava.security.debug=certpath,ocsp BuypassCA OCSP */ /* diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java index ecebfaea23225..1f34edffd416a 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java @@ -28,7 +28,7 @@ * userTrust ECC CAs * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath ComodoCA OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp ComodoCA OCSP */ /* diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java index a80ff2962f25c..0c57d262debb2 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with Entrust CAs * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath EntrustCA OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp EntrustCA OCSP */ /* diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java index 1e19742c555a0..ca1c6e708c7a7 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with GlobalSign R6 CA * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath GlobalSignR6CA OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp GlobalSignR6CA OCSP */ /* diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java index 32363e70c1052..69fa18eb8d95c 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with GoDaddy/Starfield CA * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath GoDaddyCA OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp GoDaddyCA OCSP */ /* diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java index f0d3c86dcbc6d..7b219b296d52e 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath GoogleCA OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp GoogleCA OCSP */ /* diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java index d590623c4a48d..bfaf5b33b7fef 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with Let's Encrypt CA using OCSP and CRL * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath LetsEncryptCA DEFAULT + * @run main/othervm -Djava.security.debug=certpath,ocsp LetsEncryptCA DEFAULT */ public class LetsEncryptCA { diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java index 6b07b6dfdf584..a687291e9648c 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with Microsoft TLS root CAs * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath MicrosoftTLS OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp MicrosoftTLS OCSP */ /* diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java index 700d46eb9b681..e898a22c3d46d 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with QuoVadis Root CA1, CA2, and CA3 G3 CAs using OCSP * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath QuoVadisCA OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp QuoVadisCA OCSP */ /* diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java index 7a9f0a96f462b..e109771d395be 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with SSL.com's RSA, EV RSA, and ECC CA * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath SSLCA OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp SSLCA OCSP */ /* diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java index 42aa63bb97576..73de4f330a9af 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with TWCA Global Root CA from TAIWAN-CA * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath TWCAGlobalCA OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp TWCAGlobalCA OCSP */ /* diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java index f02da503f46d2..8d1b0fe91b371 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with TeliaSonera Root CA v1 using OCSP * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm TeliaSoneraCA OCSP + * @run main/othervm Djava.security.debug=certpath,ocsp TeliaSoneraCA OCSP */ /* @@ -36,7 +36,7 @@ * @summary Interoperability tests with TeliaSonera Root CA v1 using CRL * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm TeliaSoneraCA CRL + * @run main/othervm Djava.security.debug=certpath TeliaSoneraCA CRL */ public class TeliaSoneraCA { From 58022a6cab7a770fc7212a87ae1f8f8c9eb1c922 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Fri, 2 Jun 2023 11:46:09 -0700 Subject: [PATCH 11/17] fix typo in TeliaSoneraCA --- .../cert/CertPathValidator/certification/TeliaSoneraCA.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java index 8d1b0fe91b371..4c4f6aa0234dd 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java @@ -27,7 +27,7 @@ * @summary Interoperability tests with TeliaSonera Root CA v1 using OCSP * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm Djava.security.debug=certpath,ocsp TeliaSoneraCA OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp TeliaSoneraCA OCSP */ /* @@ -36,7 +36,7 @@ * @summary Interoperability tests with TeliaSonera Root CA v1 using CRL * @library /test/lib * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm Djava.security.debug=certpath TeliaSoneraCA CRL + * @run main/othervm -Djava.security.debug=certpath TeliaSoneraCA CRL */ public class TeliaSoneraCA { From 0061d7a5980926ccc28883e0f13bb18e8f5d117a Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Wed, 13 Sep 2023 11:17:05 -0700 Subject: [PATCH 12/17] Correct CRL checking --- .../certification/CAInterop.java | 5 ++-- .../certification/ValidatePathWithURL.java | 24 +++++++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java index 277ba51e43c18..9475e9f9d8e76 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java @@ -29,13 +29,14 @@ public final class CAInterop { public CAInterop(String revocationMode) { if ("CRL".equalsIgnoreCase(revocationMode)) { ValidatePathWithURL.enableCRLOnly(); - } - if ("OCSP".equalsIgnoreCase(revocationMode)) { + } else if ("OCSP".equalsIgnoreCase(revocationMode)) { ValidatePathWithURL.enableOCSPOnly(); } else { // OCSP and CRL check by default ValidatePathWithURL.enableOCSPAndCRL(); } + + ValidatePathWithURL.logRevocationSettings(); } /** diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java index 1144c65f95a09..5d18b599c6510 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java @@ -77,6 +77,7 @@ public static void enableOCSPOnly() { */ public static void enableCRLOnly() { System.setProperty("com.sun.security.enableCRLDP", "true"); + Security.setProperty("ocsp.enable", "false"); } /** @@ -87,6 +88,29 @@ public static void enableOCSPAndCRL() { Security.setProperty("ocsp.enable", "true"); } + /** + * Logs revocation settings + */ + public static void logRevocationSettings() { + System.out.println("====================================================="); + System.out.println("CONFIGURATION"); + System.out.println("====================================================="); + System.out.println("http.proxyHost :" + System.getProperty("http.proxyHost")); + System.out.println("http.proxyPort :" + System.getProperty("http.proxyPort")); + System.out.println("https.proxyHost :" + System.getProperty("https.proxyHost")); + System.out.println("https.proxyPort :" + System.getProperty("https.proxyPort")); + System.out.println("https.socksProxyHost :" + + System.getProperty("https.socksProxyHost")); + System.out.println("https.socksProxyPort :" + + System.getProperty("https.socksProxyPort")); + System.out.println("jdk.certpath.disabledAlgorithms :" + + Security.getProperty("jdk.certpath.disabledAlgorithms")); + System.out.println("com.sun.security.enableCRLDP :" + + System.getProperty("com.sun.security.enableCRLDP")); + System.out.println("ocsp.enable :" + Security.getProperty("ocsp.enable")); + System.out.println("====================================================="); + } + /** * Validates end entity certificate used in provided test URL using * HttpsURLConnection. Validation is skipped on network error or if From 25c947c0cca87c96bd32e271aeccb6905addf187 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Wed, 13 Sep 2023 13:17:12 -0700 Subject: [PATCH 13/17] Consolidate CA tests --- .../certification/ActalisCA.java | 51 ------ .../certification/AmazonCA.java | 72 -------- .../certification/BuypassCA.java | 70 ------- .../certification/CAInterop.java | 172 +++++++++++++++++- .../certification/GlobalSignR6CA.java | 51 ------ .../certification/LetsEncryptCA.java | 43 ----- 6 files changed, 171 insertions(+), 288 deletions(-) delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java deleted file mode 100644 index ee9c0dac5e292..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8189131 - * @summary Interoperability tests with Actalis CA - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm/timeout=180 -Djava.security.debug=certpath,ocsp ActalisCA OCSP - */ - -/* - * @test id=CRL - * @bug 8189131 - * @summary Interoperability tests with Actalis CA - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm/timeout=180 -Djava.security.debug=certpath ActalisCA CRL - */ - -public class ActalisCA { - public static void main(String[] args) throws Exception { - CAInterop caInterop = new CAInterop(args[0]); - - // CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT - caInterop.validate("actalisauthenticationrootca [jdk]", - "https://ssltest-active.actalis.it", - "https://ssltest-revoked.actalis.it"); - } -} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java deleted file mode 100644 index 54e355b3e3a7c..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8233223 - * @summary Interoperability tests with Amazon's CA1, CA2, CA3, and CA4 - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath,ocsp AmazonCA OCSP - */ - -/* - * @test id=CRL - * @bug 8233223 - * @summary Interoperability tests with Amazon's CA1, CA2, CA3, and CA4 - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath AmazonCA CRL - */ - -/* - * Obtain TLS test artifacts for Amazon CAs from: - * - * https://www.amazontrust.com/repository/ - */ -public class AmazonCA { - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=Amazon Root CA 1, O=Amazon, C=US - caInterop.validate("amazonrootca1 [jdk]", - "https://valid.rootca1.demo.amazontrust.com", - "https://revoked.rootca1.demo.amazontrust.com"); - - // CN=Amazon Root CA 2, O=Amazon, C=US - caInterop.validate("amazonrootca2 [jdk]", - "https://valid.rootca2.demo.amazontrust.com", - "https://revoked.rootca2.demo.amazontrust.com"); - - // CN=Amazon Root CA 3, O=Amazon, C=US - caInterop.validate("amazonrootca3 [jdk]", - "https://valid.rootca3.demo.amazontrust.com", - "https://revoked.rootca3.demo.amazontrust.com"); - - // CN=Amazon Root CA 4, O=Amazon, C=US - caInterop.validate("amazonrootca4 [jdk]", - "https://valid.rootca4.demo.amazontrust.com", - "https://revoked.rootca4.demo.amazontrust.com"); - } -} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java deleted file mode 100644 index 23066b6395b2c..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8189131 - * @summary Interoperability tests with Buypass Class 2 and Class 3 CA - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm/timeout=180 -Djava.security.debug=certpath,ocsp BuypassCA OCSP - */ - -/* - * @test id=CRL - * @bug 8189131 - * @summary Interoperability tests with Buypass Class 2 and Class 3 CA - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm/timeout=180 -Djava.security.debug=certpath BuypassCA CRL - */ - -public class BuypassCA { - - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO - caInterop.validate("buypassclass2ca [jdk]", - "https://valid.business.ca22.ssl.buypass.no", - "https://revoked.business.ca22.ssl.buypass.no"); - - caInterop.validate("buypassclass2ca [jdk]", - "https://valid.domain.ca22.ssl.buypass.no", - "https://revoked.domain.ca22.ssl.buypass.no"); - - // CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO - caInterop.validate("buypassclass3ca [jdk]", - "https://valid.qcevident.ca23.ssl.buypass.no", - "https://revoked.qcevident.ca23.ssl.buypass.no"); - - caInterop.validate("buypassclass3ca [jdk]", - "https://valid.evident.ca23.ssl.buypass.no", - "https://revoked.evident.ca23.ssl.buypass.no"); - - caInterop.validate("buypassclass3ca [jdk]", - "https://valid.businessplus.ca23.ssl.buypass.no", - "https://revoked.businessplus.ca23.ssl.buypass.no"); - } -} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java index 9475e9f9d8e76..b73085e3b8cae 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java @@ -20,7 +20,177 @@ * or visit www.oracle.com if you need additional information or have any * questions. */ -public final class CAInterop { + +/* + * @test id=actalisauthenticationrootca + * @bug 8189131 + * @summary Interoperability tests with Actalis CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp + * CAInterop actalisauthenticationrootca OCSP + * @run main/othervm/timeout=180 -Djava.security.debug=certpath,ocsp + * CAInterop actalisauthenticationrootca CRL + */ + +/* + * @test id=amazonrootca1 + * @bug 8233223 + * @summary Interoperability tests with Amazon's CA1 + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop amazonrootca1 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop amazonrootca1 CRL + */ + +/* + * @test id=amazonrootca2 + * @bug 8233223 + * @summary Interoperability tests with Amazon's CA2 + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop amazonrootca2 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop amazonrootca2 CRL + */ + +/* + * @test id=amazonrootca3 + * @bug 8233223 + * @summary Interoperability tests with Amazon's CA3 + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop amazonrootca3 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop amazonrootca3 CRL + */ + +/* + * @test id=amazonrootca4 + * @bug 8233223 + * @summary Interoperability tests with Amazon's CA4 + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop amazonrootca4 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop amazonrootca4 CRL + */ + +/* + * @test id=buypassclass2ca + * @bug 8189131 + * @summary Interoperability tests with Buypass Class 2 CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop buypassclass2ca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop buypassclass2ca CRL + */ + +/* + * @test id=buypassclass3ca + * @bug 8189131 + * @summary Interoperability tests with Buypass Class 3 CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop buypassclass3ca OCSP + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop buypassclass3ca CRL + */ + +/* + * @test id=letsencryptisrgx1 + * @bug 8189131 + * @summary Interoperability tests with Let's Encrypt CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop letsencryptisrgx1 DEFAULT + */ + +/* + * @test id=globalsignrootcar6 + * @bug 8216577 + * @summary Interoperability tests with GlobalSign R6 CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop globalsignrootcar6 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop globalsignrootcar6 CRL + */ +public class CAInterop { + + /** + * Returns the test configuration for CA + * + * @param alias from the cacerts file without [jdk] + * @return CATestTuple + */ + private CATestTuple getTestURLs(String alias) { + return switch (alias) { + case "actalisauthenticationrootca" -> + new CATestTuple("https://ssltest-active.actalis.it", + "https://ssltest-revoked.actalis.it"); + + case "amazonrootca1" -> + new CATestTuple("https://valid.rootca1.demo.amazontrust.com", + "https://revoked.rootca1.demo.amazontrust.com"); + case "amazonrootca2" -> + new CATestTuple("https://valid.rootca2.demo.amazontrust.com", + "https://revoked.rootca2.demo.amazontrust.com"); + case "amazonrootca3" -> + new CATestTuple("https://valid.rootca3.demo.amazontrust.com", + "https://revoked.rootca3.demo.amazontrust.com"); + case "amazonrootca4" -> + new CATestTuple("https://valid.rootca4.demo.amazontrust.com", + "https://revoked.rootca4.demo.amazontrust.com"); + + case "buypassclass2ca" -> + new CATestTuple("https://valid.business.ca22.ssl.buypass.no", + "https://revoked.business.ca22.ssl.buypass.no"); + case "buypassclass3ca" -> + new CATestTuple("https://valid.qcevident.ca23.ssl.buypass.no", + "https://revoked.qcevident.ca23.ssl.buypass.no"); + + case "letsencryptisrgx1" -> + new CATestTuple("https://valid-isrgrootx1.letsencrypt.org", + "https://revoked-isrgrootx1.letsencrypt.org"); + + case "globalsignrootcar6" -> + new CATestTuple("https://valid.r6.roots.globalsign.com", + "https://revoked.r6.roots.globalsign.com"); + + default -> throw new RuntimeException("No test setup found for: " + alias); + }; + } + + public static void main(String[] args) throws Exception { + if (args.length < 2) { + throw new RuntimeException("Run as: CAInterop "); + } + + String caAlias = args[0]; + + CAInterop caInterop = new CAInterop(args[1]); + CATestTuple caTestTuple = caInterop.getTestURLs(caAlias); + + caInterop.validate(caAlias + " [jdk]", + caTestTuple.getVALID_URL(), + caTestTuple.getREVOKED_URL()); + } + + static class CATestTuple { + final String VALID_URL; + final String REVOKED_URL; + + public CATestTuple(String validURL, + String revokedURL) { + VALID_URL = validURL; + REVOKED_URL = revokedURL; + } + + public String getVALID_URL() { + return VALID_URL; + } + + public String getREVOKED_URL() { + return REVOKED_URL; + } + } + /** * Constructor for interoperability test with third party CA. * diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java deleted file mode 100644 index ca1c6e708c7a7..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8216577 8249176 - * @summary Interoperability tests with GlobalSign R6 CA - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath,ocsp GlobalSignR6CA OCSP - */ - -/* - * @test id=CRL - * @bug 8216577 8249176 - * @summary Interoperability tests with GlobalSign R6 CA - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath GlobalSignR6CA CRL - */ -public class GlobalSignR6CA { - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6 - caInterop.validate("globalsignrootcar6 [jdk]", - "https://valid.r6.roots.globalsign.com", - "https://revoked.r6.roots.globalsign.com"); - } -} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java deleted file mode 100644 index bfaf5b33b7fef..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 8189131 - * @summary Interoperability tests with Let's Encrypt CA using OCSP and CRL - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath,ocsp LetsEncryptCA DEFAULT - */ -public class LetsEncryptCA { - - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=ISRG Root X1, O=Internet Security Research Group, C=US - caInterop.validate("letsencryptisrgx1 [jdk]", - "https://valid-isrgrootx1.letsencrypt.org", - "https://revoked-isrgrootx1.letsencrypt.org"); - } -} From cec62b7b4d759ab00a60265f6071d511261ab0f6 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Wed, 13 Sep 2023 13:59:40 -0700 Subject: [PATCH 14/17] Consolidate CA tests#2 --- .../certification/CAInterop.java | 94 +++++++++++++++++++ .../{CertignaRoots.java => CertignaCA.java} | 91 ++---------------- .../certification/ComodoCA.java | 70 -------------- .../certification/EntrustCA.java | 62 ------------ 4 files changed, 101 insertions(+), 216 deletions(-) rename test/jdk/security/infra/java/security/cert/CertPathValidator/certification/{CertignaRoots.java => CertignaCA.java} (74%) delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java index b73085e3b8cae..6fe1765a94c63 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java @@ -93,6 +93,46 @@ * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop buypassclass3ca CRL */ +/* + * @test id=comodorsaca + * @bug 8189131 + * @summary Interoperability tests with Comodo RSA CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop comodorsaca OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop comodorsaca CRL + */ + +/* + * @test id=comodoeccca + * @bug 8189131 + * @summary Interoperability tests with Comodo ECC CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop comodoeccca OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop comodoeccca CRL + */ + +/* + * @test id=usertrustrsaca + * @bug 8189131 + * @summary Interoperability tests with Comodo userTrust RSA CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop usertrustrsaca OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop usertrustrsaca CRL + */ + +/* + * @test id=usertrusteccca + * @bug 8189131 + * @summary Interoperability tests with Comodo userTrust ECC CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop usertrusteccca OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop usertrusteccca CRL + */ + /* * @test id=letsencryptisrgx1 * @bug 8189131 @@ -111,6 +151,36 @@ * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop globalsignrootcar6 OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop globalsignrootcar6 CRL */ + +/* + * @test id=entrustrootcaec1 + * @bug 8195774 + * @summary Interoperability tests with Entrust CAs + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop entrustrootcaec1 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop entrustrootcaec1 CRL + */ + +/* + * @test id=entrustrootcag4 + * @bug 8243321 + * @summary Interoperability tests with Entrust CAs + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop entrustrootcag4 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop entrustrootcag4 CRL + */ + +/* + * @test id=certignarootca + * @bug 8314960 + * @summary Interoperability tests with Certigna Root CAs from Dhimyotis + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop certignarootca OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop certignarootca CRL + */ public class CAInterop { /** @@ -145,6 +215,19 @@ private CATestTuple getTestURLs(String alias) { new CATestTuple("https://valid.qcevident.ca23.ssl.buypass.no", "https://revoked.qcevident.ca23.ssl.buypass.no"); + case "comodorsaca" -> + new CATestTuple("https://comodorsacertificationauthority-ev.comodoca.com", + "https://comodorsacertificationauthority-ev.comodoca.com:444"); + case "comodoeccca" -> + new CATestTuple("https://comodoecccertificationauthority-ev.comodoca.com", + "https://comodoecccertificationauthority-ev.comodoca.com:444"); + case "usertrustrsaca" -> + new CATestTuple("https://usertrustrsacertificationauthority-ev.comodoca.com", + "https://usertrustrsacertificationauthority-ev.comodoca.com:444"); + case "usertrusteccca" -> + new CATestTuple("https://usertrustecccertificationauthority-ev.comodoca.com", + "https://usertrustecccertificationauthority-ev.comodoca.com:444"); + case "letsencryptisrgx1" -> new CATestTuple("https://valid-isrgrootx1.letsencrypt.org", "https://revoked-isrgrootx1.letsencrypt.org"); @@ -153,6 +236,17 @@ private CATestTuple getTestURLs(String alias) { new CATestTuple("https://valid.r6.roots.globalsign.com", "https://revoked.r6.roots.globalsign.com"); + case "entrustrootcaec1" -> + new CATestTuple("https://validec.entrust.net", + "https://revokedec.entrust.net"); + case "entrustrootcag4" -> + new CATestTuple("https://validg4.entrust.net", + "https://revokedg4.entrust.net"); + + case "certignarootca" -> + new CATestTuple("https://valid.servicesca.dhimyotis.com", + "https://revoked.servicesca.dhimyotis.com"); + default -> throw new RuntimeException("No test setup found for: " + alias); }; } diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CertignaRoots.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java similarity index 74% rename from test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CertignaRoots.java rename to test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java index 92744eac3d066..c4ad450efbf5a 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CertignaRoots.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java @@ -23,70 +23,13 @@ /* * @test - * @bug 8245654 8314960 + * @bug 8245654 * @summary Interoperability tests with Certigna Root CAs from Dhimyotis * @build ValidatePathWithParams - * @run main/othervm -Djava.security.debug=certpath CertignaRoots OCSP - * @run main/othervm -Djava.security.debug=certpath CertignaRoots CRL + * @run main/othervm -Djava.security.debug=certpath CertignaCA OCSP + * @run main/othervm -Djava.security.debug=certpath CertignaCA CRL */ - -/* - * Obtain TLS test artifacts for Certigna Root CAs from: - * - * Valid TLS Certificates: - * https://valid.servicesca.dhimyotis.com/ - * - * Revoked TLS Certificates: - * https://revoked.servicesca.dhimyotis.com/ - */ -public class CertignaRoots { - - // Owner: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, - // OU=0002 48146308100036, O=DHIMYOTIS, C=FR - // Issuer: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR - // Serial number: fd30cf04344fc38dd90c4e70753d0623 - // Valid from: Wed Nov 25 03:37:21 PST 2015 until: Fri Jun 03 04:37:21 PDT 2033 - private static final String INT_CERTIGNA_ROOT_CA = "-----BEGIN CERTIFICATE-----\n" + - "MIIHETCCBPmgAwIBAgIRAP0wzwQ0T8ON2QxOcHU9BiMwDQYJKoZIhvcNAQELBQAw\n" + - "WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw\n" + - "MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x\n" + - "NTExMjUxMTM3MjFaFw0zMzA2MDMxMTM3MjFaMH0xCzAJBgNVBAYTAkZSMRIwEAYD\n" + - "VQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxHTAb\n" + - "BgNVBGEMFE5UUkZSLTQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQQDDBRDZXJ0aWduYSBT\n" + - "ZXJ2aWNlcyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALPM+7Lp\n" + - "WBz9wFcPaTc3xnB+5g0XrnptB0EPPfrR04vO52Ykm4ky1d4ZLd10tbM1fa1RqNSO\n" + - "VWWg93O4pL7zCFKlz6JV74ZZVhHpEAwzBwv2oPnxvVbxtSN67xsSY66ahUYxjzs8\n" + - "+3FhmsiRxqwnTYvK2u70uglUvRisOKyTL/M6JnrC4y8tlmoz7OSa5BmBMVplJFQt\n" + - "vmON6N9aHLvYMz+EyJPCbXL6pELxeHjFT5QmIaRamsr2DOTaCjtBZKI1Wnh3X7ln\n" + - "bjM8MESJiV2t7E9tIQNG0Z/HI3tO4aaUMum3KysY5sC8v3vi7rryGidgzHQhrtP0\n" + - "ZXWW5UH/k7umLS/P/XXWnCFpc2Lxa1uDGfc2im7xibRoPP+JNZszN76euFlls6jy\n" + - "EXAiwnVr14tVVTewLK0OWs5SJHpEKp8PGMZRDj59EmMvokWwzL6QzNZ6vVAp00oO\n" + - "m05sbspNY9+MFqGKKUsKvhFGEa4XmRNxDe6KswLcjPZB+NKHZ0QWFd4ip5C5XmEK\n" + - "/8qIPjwVr9dah9+oiHGGO8Wx7gJAMF5DTmkvW7GhqCKj1LmHnabjzc8av6kxWVQZ\n" + - "i/C7HCm9i/W4wio+JA2EAFLqNL3GPNbK9kau4yPhQt/c7zxzo0OHnlsV4THCG7oO\n" + - "Cd3cfCiyfQcb3FBt6OSpaKRZxjCLBwP00r0fAgMBAAGjggGtMIIBqTASBgNVHRMB\n" + - "Af8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrOyGj0s3HLh/\n" + - "FxsZ0K7oTuM0XBIwHwYDVR0jBBgwFoAUGIdW4G537iQ1PE5zmh/W4eJ5fiswSQYD\n" + - "VR0gBEIwQDA+BgoqgXoBgTECAAEBMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3\n" + - "LmNlcnRpZ25hLmZyL2F1dG9yaXRlcy8wgYgGCCsGAQUFBwEBBHwwejA6BggrBgEF\n" + - "BQcwAoYuaHR0cDovL2F1dG9yaXRlLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNh\n" + - "LmRlcjA8BggrBgEFBQcwAoYwaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v\n" + - "Y2VydGlnbmFyb290Y2EuZGVyMG0GA1UdHwRmMGQwL6AtoCuGKWh0dHA6Ly9jcmwu\n" + - "Y2VydGlnbmEuZnIvY2VydGlnbmFyb290Y2EuY3JsMDGgL6AthitodHRwOi8vY3Js\n" + - "LmRoaW15b3Rpcy5jb20vY2VydGlnbmFyb290Y2EuY3JsMA0GCSqGSIb3DQEBCwUA\n" + - "A4ICAQCI5QbprXJ93L+JWHYpUTinXAMSvXMx2dmNm4mIiJRAbGnBOoEYx7M61fbL\n" + - "L5EJIYZhw8jLmeYVFuMao5OJLwda+RMmVzE7lyTGsY64IDKdwogByNCqbKzrlhnU\n" + - "8myyMNB0BDs2jgwQe2Dj9v+MddeHr7sDqvs7R1tSS5hoASLtdQhO7oxUzr3m7M8q\n" + - "+lh4jszli+cjfiPUVS2ADFu4ccQIh4OsIX6SWdU+8R+c/fn0FV6ip4SAVbNyCToz\n" + - "0ZbZKO8YTJgORxRmvrop9dPyuLWjaRrZ0LMx4a3EM3sQDPDqmsG0lHtfFj2PiJvq\n" + - "4lEYA+gDiLKODI+3DJMqo559m3QSS52DsShomHX/Txd0lJoZwepCE6X4KkG9FHjV\n" + - "WXyLgYFwCOcn+hkLhdpblms0wtjeSPITGOioSkefzhleJnDgJ9X4M3svd0HLTpJi\n" + - "lC1DmDZgdrXWITVdOoCogr2LFKNiGd0tbpKG533eKpfBALlm+afc6j73p1KhJEAn\n" + - "AfydDZqBRqv6+HHYplNDn/K2I1CZdkwaGrx3HOR/voGUi1sUI+hYbsPAFu8ZxrhD\n" + - "9UiysmLCfEUhqkbojony+L2mKsoLqyd24emQzn7GgMa7emlWX2jQUTwrD4SliZ2u\n" + - "OetVaZX5RLyqJWs4Igo/xye0xtMQN8INJ4hSZvnMQ1qFtuSRcQ==\n" + - "-----END CERTIFICATE-----"; - +public class CertignaCA { // Owner: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, // OU=0002 48146308100036, O=DHIMYOTIS, C=FR // Issuer: CN=Certigna, O=Dhimyotis, C=FR @@ -242,26 +185,6 @@ public static void main(String[] args) throws Exception { // OCSP check by default boolean ocspEnabled = args.length < 1 || !"CRL".equalsIgnoreCase(args[0]); - // CN=Certigna - new CertignaCAs().runTest(ocspEnabled, - VALID, - REVOKED, - INT_CERTIGNA); - - // CN=Certigna Root CA - new CertignaCAs().runTest(ocspEnabled, - VALID, - REVOKED, - INT_CERTIGNA_ROOT_CA); - } -} - -class CertignaCAs { - public void runTest(boolean ocspEnabled, - final String VALID, - final String REVOKED, - final String INT_CERT) throws Exception { - ValidatePathWithParams pathValidator; String[] validChainToValidate; String[] revChainToValidate; @@ -270,11 +193,11 @@ public void runTest(boolean ocspEnabled, pathValidator = new ValidatePathWithParams(null); pathValidator.enableCRLCheck(); - validChainToValidate = new String[]{VALID, INT_CERT}; - revChainToValidate = new String[]{REVOKED, INT_CERT}; + validChainToValidate = new String[]{VALID, INT_CERTIGNA}; + revChainToValidate = new String[]{REVOKED, INT_CERTIGNA}; } else { // int certificate doesn't specify OCSP responder - pathValidator = new ValidatePathWithParams(new String[]{INT_CERT}); + pathValidator = new ValidatePathWithParams(new String[]{INT_CERTIGNA}); pathValidator.enableOCSPCheck(); validChainToValidate = new String[]{VALID}; diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java deleted file mode 100644 index 1f34edffd416a..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8189131 - * @summary Interoperability tests with Comodo RSA, ECC, userTrust RSA, and - * userTrust ECC CAs - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath,ocsp ComodoCA OCSP - */ - -/* - * @test id=CRL - * @bug 8189131 - * @summary Interoperability tests with Comodo RSA, ECC, userTrust RSA, and - * userTrust ECC CAs - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath ComodoCA CRL - */ - -public class ComodoCA { - - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB - caInterop.validate("comodorsaca [jdk]", - "https://comodorsacertificationauthority-ev.comodoca.com", - "https://comodorsacertificationauthority-ev.comodoca.com:444"); - - // CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB - caInterop.validate("comodoeccca [jdk]", - "https://comodoecccertificationauthority-ev.comodoca.com", - "https://comodoecccertificationauthority-ev.comodoca.com:444"); - - // CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US - caInterop.validate("usertrustrsaca [jdk]", - "https://usertrustrsacertificationauthority-ev.comodoca.com", - "https://usertrustrsacertificationauthority-ev.comodoca.com:444"); - - // CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US - caInterop.validate("usertrusteccca [jdk]", - "https://usertrustecccertificationauthority-ev.comodoca.com", - "https://usertrustecccertificationauthority-ev.comodoca.com:444"); - } -} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java deleted file mode 100644 index 0c57d262debb2..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8195774 8243321 - * @summary Interoperability tests with Entrust CAs - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath,ocsp EntrustCA OCSP - */ - -/* - * @test id=CRL - * @bug 8195774 8243321 - * @summary Interoperability tests with Entrust CAs - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath EntrustCA CRL - */ - -public class EntrustCA { - - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=Entrust Root Certification Authority - EC1, - // OU="(c) 2012 Entrust, Inc. - for authorized use only", - // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US - caInterop.validate("entrustrootcaec1 [jdk]", - "https://validec.entrust.net", - "https://revokedec.entrust.net"); - - // CN=Entrust Root Certification Authority - G4, - // OU="(c) 2015 Entrust, Inc. - for authorized use only", - // OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US - caInterop.validate("entrustrootcag4 [jdk]", - "https://validg4.entrust.net", - "https://revokedg4.entrust.net"); - } -} From 4acdda6ad92ab0a5acf3a07d1fdd92c704604259 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Fri, 15 Sep 2023 10:22:56 -0700 Subject: [PATCH 15/17] Consolidate CA tests#3 --- .../certification/CAInterop.java | 278 ++++++++++++++++-- .../certification/CertignaCA.java | 6 +- .../certification/GoDaddyCA.java | 59 ---- .../certification/GoogleCA.java | 78 ----- .../certification/MicrosoftTLS.java | 58 ---- .../certification/QuoVadisCA.java | 68 ----- .../certification/SSLCA.java | 63 ---- .../certification/TWCAGlobalCA.java | 52 ---- .../certification/TeliaSoneraCA.java | 52 ---- 9 files changed, 260 insertions(+), 454 deletions(-) delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java delete mode 100644 test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java index 6fe1765a94c63..2cf9ae88397ab 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java @@ -172,6 +172,176 @@ * @run main/othervm -Djava.security.debug=certpath CAInterop entrustrootcag4 CRL */ +/* + * @test id=godaddyrootg2ca + * @bug 8196141 + * @summary Interoperability tests with GoDaddy CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop godaddyrootg2ca OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop godaddyrootg2ca CRL + */ + +/* + * @test id=starfieldrootg2ca + * @bug 8196141 + * @summary Interoperability tests with Starfield CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop starfieldrootg2ca OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop starfieldrootg2ca CRL + */ + +/* + * @test id=globalsigneccrootcar4 + * @bug 8307134 + * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop globalsigneccrootcar4 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop globalsigneccrootcar4 CRL + */ + +/* + * @test id=gtsrootcar1 + * @bug 8307134 + * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop gtsrootcar1 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop gtsrootcar1 CRL + */ + +/* + * @test id=gtsrootcar2 + * @bug 8307134 + * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop gtsrootcar2 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop gtsrootcar2 CRL + */ + +/* + * @test id=gtsrootecccar3 + * @bug 8307134 + * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop gtsrootecccar3 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop gtsrootecccar3 CRL + */ + +/* + * @test id=gtsrootecccar4 + * @bug 8307134 + * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop gtsrootecccar4 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop gtsrootecccar4 CRL + */ + +/* + * @test id=microsoftecc2017 + * @bug 8304760 + * @summary Interoperability tests with Microsoft TLS root CAs + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop microsoftecc2017 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop microsoftecc2017 CRL + */ + +/* + * @test id=microsoftrsa2017 + * @bug 8304760 + * @summary Interoperability tests with Microsoft TLS root CAs + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop microsoftrsa2017 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop microsoftrsa2017 CRL + */ + +/* + * @test id=quovadisrootca1g3 + * @bug 8189131 + * @summary Interoperability tests with QuoVadis Root CA1 G3 CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop quovadisrootca1g3 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop quovadisrootca1g3 CRL + */ + +/* + * @test id=quovadisrootca2g3 + * @bug 8189131 + * @summary Interoperability tests with QuoVadis Root CA2 G3 CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop quovadisrootca2g3 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop quovadisrootca2g3 CRL + */ + +/* + * @test id=quovadisrootca3g3 + * @bug 8189131 + * @summary Interoperability tests with QuoVadis Root CA3 G3 CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop quovadisrootca3g3 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop quovadisrootca3g3 CRL + */ + +/* + * @test id=sslrootrsaca + * @bug 8243320 + * @summary Interoperability tests with SSL.com's RSA CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop sslrootrsaca OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop sslrootrsaca CRL + */ + +/* + * @test id=sslrootevrsaca + * @bug 8243320 + * @summary Interoperability tests with SSL.com's EV RSA CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop sslrootevrsaca OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop sslrootevrsaca CRL + */ + +/* + * @test id=sslrooteccca + * @bug 8243320 + * @summary Interoperability tests with SSL.com's ECC CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop sslrooteccca OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop sslrooteccca CRL + */ + +/* + * @test id=teliasonerarootcav1 + * @bug 8210432 + * @summary Interoperability tests with TeliaSonera Root CA v1 + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop teliasonerarootcav1 OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop teliasonerarootcav1 CRL + */ + +/* + * @test id=twcaglobalrootca + * @bug 8305975 + * @summary Interoperability tests with TWCA Global Root CA from TAIWAN-CA + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop twcaglobalrootca OCSP + * @run main/othervm -Djava.security.debug=certpath CAInterop twcaglobalrootca CRL + */ + /* * @test id=certignarootca * @bug 8314960 @@ -181,70 +351,132 @@ * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop certignarootca OCSP * @run main/othervm -Djava.security.debug=certpath CAInterop certignarootca CRL */ + +/** + * Collection of certificate validation tests for interoperability with external CAs + */ public class CAInterop { /** * Returns the test configuration for CA * * @param alias from the cacerts file without [jdk] - * @return CATestTuple + * @return CATestURLs */ - private CATestTuple getTestURLs(String alias) { + private CATestURLs getTestURLs(String alias) { return switch (alias) { case "actalisauthenticationrootca" -> - new CATestTuple("https://ssltest-active.actalis.it", + new CATestURLs("https://ssltest-active.actalis.it", "https://ssltest-revoked.actalis.it"); case "amazonrootca1" -> - new CATestTuple("https://valid.rootca1.demo.amazontrust.com", + new CATestURLs("https://valid.rootca1.demo.amazontrust.com", "https://revoked.rootca1.demo.amazontrust.com"); case "amazonrootca2" -> - new CATestTuple("https://valid.rootca2.demo.amazontrust.com", + new CATestURLs("https://valid.rootca2.demo.amazontrust.com", "https://revoked.rootca2.demo.amazontrust.com"); case "amazonrootca3" -> - new CATestTuple("https://valid.rootca3.demo.amazontrust.com", + new CATestURLs("https://valid.rootca3.demo.amazontrust.com", "https://revoked.rootca3.demo.amazontrust.com"); case "amazonrootca4" -> - new CATestTuple("https://valid.rootca4.demo.amazontrust.com", + new CATestURLs("https://valid.rootca4.demo.amazontrust.com", "https://revoked.rootca4.demo.amazontrust.com"); case "buypassclass2ca" -> - new CATestTuple("https://valid.business.ca22.ssl.buypass.no", + new CATestURLs("https://valid.business.ca22.ssl.buypass.no", "https://revoked.business.ca22.ssl.buypass.no"); case "buypassclass3ca" -> - new CATestTuple("https://valid.qcevident.ca23.ssl.buypass.no", + new CATestURLs("https://valid.qcevident.ca23.ssl.buypass.no", "https://revoked.qcevident.ca23.ssl.buypass.no"); case "comodorsaca" -> - new CATestTuple("https://comodorsacertificationauthority-ev.comodoca.com", + new CATestURLs("https://comodorsacertificationauthority-ev.comodoca.com", "https://comodorsacertificationauthority-ev.comodoca.com:444"); case "comodoeccca" -> - new CATestTuple("https://comodoecccertificationauthority-ev.comodoca.com", + new CATestURLs("https://comodoecccertificationauthority-ev.comodoca.com", "https://comodoecccertificationauthority-ev.comodoca.com:444"); case "usertrustrsaca" -> - new CATestTuple("https://usertrustrsacertificationauthority-ev.comodoca.com", + new CATestURLs("https://usertrustrsacertificationauthority-ev.comodoca.com", "https://usertrustrsacertificationauthority-ev.comodoca.com:444"); case "usertrusteccca" -> - new CATestTuple("https://usertrustecccertificationauthority-ev.comodoca.com", + new CATestURLs("https://usertrustecccertificationauthority-ev.comodoca.com", "https://usertrustecccertificationauthority-ev.comodoca.com:444"); case "letsencryptisrgx1" -> - new CATestTuple("https://valid-isrgrootx1.letsencrypt.org", + new CATestURLs("https://valid-isrgrootx1.letsencrypt.org", "https://revoked-isrgrootx1.letsencrypt.org"); case "globalsignrootcar6" -> - new CATestTuple("https://valid.r6.roots.globalsign.com", + new CATestURLs("https://valid.r6.roots.globalsign.com", "https://revoked.r6.roots.globalsign.com"); case "entrustrootcaec1" -> - new CATestTuple("https://validec.entrust.net", + new CATestURLs("https://validec.entrust.net", "https://revokedec.entrust.net"); case "entrustrootcag4" -> - new CATestTuple("https://validg4.entrust.net", + new CATestURLs("https://validg4.entrust.net", "https://revokedg4.entrust.net"); + case "godaddyrootg2ca" -> + new CATestURLs("https://valid.gdig2.catest.godaddy.com", + "https://revoked.gdig2.catest.godaddy.com"); + case "starfieldrootg2ca" -> + new CATestURLs("https://valid.sfig2.catest.starfieldtech.com", + "https://revoked.sfig2.catest.starfieldtech.com"); + + case "globalsigneccrootcar4" -> + new CATestURLs("https://good.gsr4.demo.pki.goog", + "https://revoked.gsr4.demo.pki.goog"); + case "gtsrootcar1" -> + new CATestURLs("https://good.gtsr1.demo.pki.goog", + "https://revoked.gtsr1.demo.pki.goog"); + case "gtsrootcar2" -> + new CATestURLs("https://good.gtsr2.demo.pki.goog", + "https://revoked.gtsr2.demo.pki.goog"); + case "gtsrootecccar3" -> + new CATestURLs("https://good.gtsr3.demo.pki.goog", + "https://revoked.gtsr3.demo.pki.goog"); + case "gtsrootecccar4" -> + new CATestURLs("https://good.gtsr4.demo.pki.goog", + "https://revoked.gtsr4.demo.pki.goog"); + + case "microsoftecc2017" -> + new CATestURLs("https://acteccroot2017.pki.microsoft.com", + "https://rvkeccroot2017.pki.microsoft.com"); + case "microsoftrsa2017" -> + new CATestURLs("https://actrsaroot2017.pki.microsoft.com", + "https://rvkrsaroot2017.pki.microsoft.com"); + + case "quovadisrootca1g3" -> + new CATestURLs("https://quovadis-root-ca-1-g3.chain-demos.digicert.com", + "https://quovadis-root-ca-1-g3-revoked.chain-demos.digicert.com"); + case "quovadisrootca2g3" -> + new CATestURLs("https://quovadis-root-ca-2-g3.chain-demos.digicert.com", + "https://quovadis-root-ca-2-g3-revoked.chain-demos.digicert.com"); + case "quovadisrootca3g3" -> + new CATestURLs("https://quovadis-root-ca-3-g3.chain-demos.digicert.com", + "https://quovadis-root-ca-3-g3-revoked.chain-demos.digicert.com"); + + case "sslrootrsaca" -> + new CATestURLs("https://test-dv-rsa.ssl.com", + "https://revoked-rsa-dv.ssl.com"); + case "sslrootevrsaca" -> + new CATestURLs("https://test-ev-rsa.ssl.com", + "https://revoked-rsa-ev.ssl.com"); + case "sslrooteccca" -> + new CATestURLs("https://test-dv-ecc.ssl.com", + "https://revoked-ecc-dv.ssl.com"); + + case "teliasonerarootcav1" -> + new CATestURLs("https://juolukka.cover.sonera.net:10443", + "https://juolukka.cover.sonera.net:10444"); + + case "twcaglobalrootca" -> + new CATestURLs("https://evssldemo6.twca.com.tw", + "https://evssldemo7.twca.com.tw"); + case "certignarootca" -> - new CATestTuple("https://valid.servicesca.dhimyotis.com", + new CATestURLs("https://valid.servicesca.dhimyotis.com", "https://revoked.servicesca.dhimyotis.com"); default -> throw new RuntimeException("No test setup found for: " + alias); @@ -259,18 +491,18 @@ public static void main(String[] args) throws Exception { String caAlias = args[0]; CAInterop caInterop = new CAInterop(args[1]); - CATestTuple caTestTuple = caInterop.getTestURLs(caAlias); + CATestURLs caTestURLs = caInterop.getTestURLs(caAlias); caInterop.validate(caAlias + " [jdk]", - caTestTuple.getVALID_URL(), - caTestTuple.getREVOKED_URL()); + caTestURLs.getVALID_URL(), + caTestURLs.getREVOKED_URL()); } - static class CATestTuple { + static class CATestURLs { final String VALID_URL; final String REVOKED_URL; - public CATestTuple(String validURL, + public CATestURLs(String validURL, String revokedURL) { VALID_URL = validURL; REVOKED_URL = revokedURL; diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java index c4ad450efbf5a..f1dd2d6229a47 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java @@ -23,7 +23,7 @@ /* * @test - * @bug 8245654 + * @bug 8245654 8256895 * @summary Interoperability tests with Certigna Root CAs from Dhimyotis * @build ValidatePathWithParams * @run main/othervm -Djava.security.debug=certpath CertignaCA OCSP @@ -182,6 +182,10 @@ public class CertignaCA { "-----END CERTIFICATE-----"; public static void main(String[] args) throws Exception { + + // Added to test for JDK-8256895 + System.setProperty("jdk.security.certpath.ocspNonce", "true"); + // OCSP check by default boolean ocspEnabled = args.length < 1 || !"CRL".equalsIgnoreCase(args[0]); diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java deleted file mode 100644 index 69fa18eb8d95c..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8196141 - * @summary Interoperability tests with GoDaddy/Starfield CA - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath,ocsp GoDaddyCA OCSP - */ - -/* - * @test id=CRL - * @bug 8196141 - * @summary Interoperability tests with GoDaddy/Starfield CA - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath GoDaddyCA CRL - */ -public class GoDaddyCA { - - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", - // L=Scottsdale, ST=Arizona, C=US - caInterop.validate("godaddyrootg2ca [jdk]", - "https://valid.gdig2.catest.godaddy.com", - "https://revoked.gdig2.catest.godaddy.com"); - - // CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", - // L=Scottsdale, ST=Arizona, C=US - caInterop.validate("starfieldrootg2ca [jdk]", - "https://valid.sfig2.catest.starfieldtech.com", - "https://revoked.sfig2.catest.starfieldtech.com"); - } -} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java deleted file mode 100644 index 7b219b296d52e..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/GoogleCA.java +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8307134 - * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath,ocsp GoogleCA OCSP - */ - -/* - * @test id=CRL - * @bug 8307134 - * @summary Interoperability tests with Google's GlobalSign R4 and GTS Root certificates - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath GoogleCA CRL - */ - -/* - * Obtain TLS test artifacts for Google CAs from: - * - * https://pki.goog/repository/ - */ -public class GoogleCA { - - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 - caInterop.validate("globalsigneccrootcar4 [jdk]", - "https://good.gsr4.demo.pki.goog", - "https://revoked.gsr4.demo.pki.goog"); - - // CN=GTS Root R1, O=Google Trust Services LLC, C=US - caInterop.validate("gtsrootcar1 [jdk]", - "https://good.gtsr1.demo.pki.goog", - "https://revoked.gtsr1.demo.pki.goog"); - - // CN=GTS Root R2, O=Google Trust Services LLC, C=US - caInterop.validate("gtsrootcar2 [jdk]", - "https://good.gtsr2.demo.pki.goog", - "https://revoked.gtsr2.demo.pki.goog"); - - // CN=GTS Root R3, O=Google Trust Services LLC, C=US - caInterop.validate("gtsrootecccar3 [jdk]", - "https://good.gtsr3.demo.pki.goog", - "https://revoked.gtsr3.demo.pki.goog"); - - // CN=GTS Root R4, O=Google Trust Services LLC, C=US - caInterop.validate("gtsrootecccar4 [jdk]", - "https://good.gtsr4.demo.pki.goog", - "https://revoked.gtsr4.demo.pki.goog"); - } -} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java deleted file mode 100644 index a687291e9648c..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/MicrosoftTLS.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8304760 - * @summary Interoperability tests with Microsoft TLS root CAs - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath,ocsp MicrosoftTLS OCSP - */ - -/* - * @test id=CRL - * @bug 8304760 - * @summary Interoperability tests with Microsoft TLS root CAs - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath MicrosoftTLS CRL - */ - -public class MicrosoftTLS { - - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US - caInterop.validate("microsoftecc2017 [jdk]", - "https://acteccroot2017.pki.microsoft.com", - "https://rvkeccroot2017.pki.microsoft.com"); - - // CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US - caInterop.validate("microsoftrsa2017 [jdk]", - "https://actrsaroot2017.pki.microsoft.com", - "https://rvkrsaroot2017.pki.microsoft.com"); - } -} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java deleted file mode 100644 index e898a22c3d46d..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8189131 - * @summary Interoperability tests with QuoVadis Root CA1, CA2, and CA3 G3 CAs using OCSP - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath,ocsp QuoVadisCA OCSP - */ - -/* - * @test id=CRL - * @bug 8189131 - * @summary Interoperability tests with QuoVadis Root CA1, CA2, and CA3 G3 CAs using CRL - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath QuoVadisCA CRL - */ - -/* - * Obtain TLS test artifacts for QuoVadis CAs from: - * - * https://www.quovadisglobal.com/download-roots-crl/ - * - */ -public class QuoVadisCA { - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM - caInterop.validate("quovadisrootca1g3 [jdk]", - "https://quovadis-root-ca-1-g3.chain-demos.digicert.com", - "https://quovadis-root-ca-1-g3-revoked.chain-demos.digicert.com"); - - // CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM - caInterop.validate("quovadisrootca2g3 [jdk]", - "https://quovadis-root-ca-2-g3.chain-demos.digicert.com", - "https://quovadis-root-ca-2-g3-revoked.chain-demos.digicert.com"); - - // CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM - caInterop.validate("quovadisrootca3g3 [jdk]", - "https://quovadis-root-ca-3-g3.chain-demos.digicert.com", - "https://quovadis-root-ca-3-g3-revoked.chain-demos.digicert.com"); - } -} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java deleted file mode 100644 index e109771d395be..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SSLCA.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8243320 8256895 - * @summary Interoperability tests with SSL.com's RSA, EV RSA, and ECC CA - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath,ocsp SSLCA OCSP - */ - -/* - * @test id=CRL - * @bug 8243320 8256895 - * @summary Interoperability tests with SSL.com's RSA, EV RSA, and ECC CA - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath SSLCA CRL - */ - -public class SSLCA { - - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US - caInterop.validate("sslrootrsaca [jdk]", - "https://test-dv-rsa.ssl.com", - "https://revoked-rsa-dv.ssl.com"); - - // CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US - caInterop.validate("sslrootevrsaca [jdk]", - "https://test-ev-rsa.ssl.com", - "https://revoked-rsa-ev.ssl.com"); - - // CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US - caInterop.validate("sslrooteccca [jdk]", - "https://test-dv-ecc.ssl.com", - "https://revoked-ecc-dv.ssl.com"); - } -} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java deleted file mode 100644 index 73de4f330a9af..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TWCAGlobalCA.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8305975 - * @summary Interoperability tests with TWCA Global Root CA from TAIWAN-CA - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath,ocsp TWCAGlobalCA OCSP - */ - -/* - * @test id=CRL - * @bug 8305975 - * @summary Interoperability tests with TWCA Global Root CA from TAIWAN-CA - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath TWCAGlobalCA CRL - */ - -public class TWCAGlobalCA { - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW - caInterop.validate("twcaglobalrootca [jdk]", - "https://evssldemo6.twca.com.tw", - "https://evssldemo7.twca.com.tw"); - } -} diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java deleted file mode 100644 index 4c4f6aa0234dd..0000000000000 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test id=OCSP - * @bug 8210432 - * @summary Interoperability tests with TeliaSonera Root CA v1 using OCSP - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath,ocsp TeliaSoneraCA OCSP - */ - -/* - * @test id=CRL - * @bug 8210432 - * @summary Interoperability tests with TeliaSonera Root CA v1 using CRL - * @library /test/lib - * @build jtreg.SkippedException ValidatePathWithURL CAInterop - * @run main/othervm -Djava.security.debug=certpath TeliaSoneraCA CRL - */ - -public class TeliaSoneraCA { - public static void main(String[] args) throws Exception { - - CAInterop caInterop = new CAInterop(args[0]); - - // CN=TeliaSonera Root CA v1, O=TeliaSonera - caInterop.validate("teliasonerarootcav1 [jdk]", - "https://juolukka.cover.sonera.net:10443", - "https://juolukka.cover.sonera.net:10444"); - } -} From 72621998b115955e34a5a6b14142b7f0c1ac4a97 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Fri, 15 Sep 2023 13:22:07 -0700 Subject: [PATCH 16/17] Add SSL.com tests to ProblemList --- test/jdk/ProblemList.txt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test/jdk/ProblemList.txt b/test/jdk/ProblemList.txt index 3428cd56b4735..de68c6622ab83 100644 --- a/test/jdk/ProblemList.txt +++ b/test/jdk/ProblemList.txt @@ -616,6 +616,11 @@ sun/security/pkcs11/rsa/TestKeyPairGenerator.java 8295343 linux-al sun/security/pkcs11/rsa/TestKeyFactory.java 8295343 linux-all sun/security/pkcs11/KeyStore/Basic.java 8295343 linux-all +# jdk_security_infra +security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrootrsaca 8316381 generic-all +security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrootevrsaca 8316381 generic-all +security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrooteccca 8316381 generic-all + ############################################################################ # jdk_sound From b3bb1d24d7785ce3461291d0b4da24b450dea9c1 Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Mon, 18 Sep 2023 13:36:30 -0700 Subject: [PATCH 17/17] Remove SSL root CA from ProblemList --- test/jdk/ProblemList.txt | 5 ----- 1 file changed, 5 deletions(-) diff --git a/test/jdk/ProblemList.txt b/test/jdk/ProblemList.txt index aeedfa5ba7633..4d0ae5ed38bfa 100644 --- a/test/jdk/ProblemList.txt +++ b/test/jdk/ProblemList.txt @@ -622,11 +622,6 @@ sun/security/pkcs11/rsa/TestKeyPairGenerator.java 8295343 linux-al sun/security/pkcs11/rsa/TestKeyFactory.java 8295343 linux-all sun/security/pkcs11/KeyStore/Basic.java 8295343 linux-all -# jdk_security_infra -security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrootrsaca 8316381 generic-all -security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrootevrsaca 8316381 generic-all -security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrooteccca 8316381 generic-all - ############################################################################ # jdk_sound