/* * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @bug 6299163 * @summary Test to compare java.security.CodeSource * Instructions to re-create the used certs file. * - Generate a self-signed certificate with basicConstraints=CA:TRUE * - Copy the generated certificate 2 times into a newly created certs file. */ import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; import java.net.URL; import java.security.CodeSigner; import java.security.CodeSource; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.util.ArrayList; import java.util.List; public class CertsMatch { public static void main(String[] args) throws Exception { File certsFile = new File(System.getProperty("test.src", "."), "certs"); CertificateFactory cf = CertificateFactory.getInstance("X.509"); try (FileInputStream fis = new FileInputStream(certsFile); BufferedInputStream bis = new BufferedInputStream(fis)) { ArrayList certs1 = new ArrayList(); ArrayList certs2 = new ArrayList(); // read the first cert Certificate cert = cf.generateCertificate(bis); certs1.add(cert); certs2.add(cert); // read the second cert cert = cf.generateCertificate(bis); certs2.add(cert); URL location = certsFile.toURI().toURL(); CodeSource cs0 = new CodeSource(location, (Certificate[]) null); CodeSource cs1 = new CodeSource(location, (Certificate[]) certs1.toArray(new Certificate[certs1.size()])); CodeSource cs2 = new CodeSource(location, (Certificate[]) certs2.toArray(new Certificate[certs2.size()])); if (!cs0.implies(cs1) || !cs1.implies(cs2)) { throw new Exception("The implies method is not working correctly"); } if (cs0.equals(cs1) || cs1.equals(cs0) || cs2.equals(cs1) || cs1.equals(cs2)) { throw new Exception("The equals method is not working correctly"); } if (verifySigner(cs0.getCodeSigners(), null)) { throw new RuntimeException("CodeSource.getCodeSigners() should be null"); } if (!((verifySigner(cs1.getCodeSigners(), certs1)) && (verifySigner(cs2.getCodeSigners(), certs2)))) { throw new RuntimeException("Mismatched CodeSigners certificate"); } } } private static boolean verifySigner(CodeSigner[] css, List certs) { if (css == null || certs == null) { return false; } if (css.length < 1 || certs.size() < 1) { return false; } boolean result = true; for (CodeSigner cs : css) { result &= cs.getSignerCertPath().getCertificates().equals(certs); } return result; } }