Skip to content

8365072: Refactor tests to use PEM API (Phase 2) #27194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 6 commits into from
Closed

8365072: Refactor tests to use PEM API (Phase 2) #27194

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ab69d2d
JDK-8365072: Refactor tests to use PEM API (Phase 2)
myankelev Aug 19, 2025
113cc9b
JDK-8365072: Refactor tests to use PEM API (Phase 2)
myankelev Aug 20, 2025
f0818fa
JDK-8365072: Refactor tests to use PEM API (Phase 2)
myankelev Aug 21, 2025
2e63af8
converted tests: /NoExtensions.java, CPValidatorTrustAnchor.java, Ver…
myankelev Sep 10, 2025
d44cb27
Francesco's comment
myankelev Sep 11, 2025
a3323da
removed pemrecord usage
myankelev Sep 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 11 additions & 16 deletions test/jdk/java/security/cert/CertPathBuilder/NoExtensions.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -25,8 +25,10 @@
* @test
* @bug 4519462
* @summary Verify Sun CertPathBuilder implementation handles certificates with no extensions
* @enablePreview
*/

import java.security.PEMDecoder;
import java.security.cert.X509Certificate;
import java.security.cert.TrustAnchor;
import java.security.cert.CollectionCertStoreParameters;
Expand All @@ -35,16 +37,15 @@
import java.security.cert.CertPathBuilder;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertificateFactory;
import java.security.cert.CRL;
import java.security.cert.CertPath;
import java.util.HashSet;
import java.util.ArrayList;
import java.io.ByteArrayInputStream;

// Test based on user code submitted with bug by daniel.boggs@compass.net
public class NoExtensions {

private static final PEMDecoder pemDecoder = PEMDecoder.of();

public static void main(String[] args) {
try {
NoExtensions certs = new NoExtensions();
Expand Down Expand Up @@ -92,7 +93,7 @@ private void doBuild(X509Certificate userCert) throws Exception {
// System.out.println(certPath.toString());
}

private static X509Certificate getTrustedCertificate() throws Exception {
private static X509Certificate getTrustedCertificate() {
String sCert =
"-----BEGIN CERTIFICATE-----\n"
+ "MIIBezCCASWgAwIBAgIQyWD8dLUoqpJFyDxrfRlrsTANBgkqhkiG9w0BAQQFADAW\n"
Expand All @@ -104,12 +105,10 @@ private static X509Certificate getTrustedCertificate() throws Exception {
+ "AKoAZIoRz7jUqlw19DANBgkqhkiG9w0BAQQFAANBACJxAfP57yqaT9N+nRgAOugM\n"
+ "JG0aN3/peCIvL3p29epRL2xoWFvxpUUlsH2I39OZ6b8+twWCebhkv1I62segXAk=\n"
+ "-----END CERTIFICATE-----";
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bytes = new ByteArrayInputStream(sCert.getBytes());
return (X509Certificate)certFactory.generateCertificate(bytes);
return pemDecoder.decode(sCert, X509Certificate.class);
}

private static X509Certificate getUserCertificate1() throws Exception {
private static X509Certificate getUserCertificate1() {
// this certificate includes an extension
String sCert =
"-----BEGIN CERTIFICATE-----\n"
Expand All @@ -123,12 +122,10 @@ private static X509Certificate getUserCertificate1() throws Exception {
+ "CxeUaYlXmvbxVNkxM65Pplsj3h4ntfZaynmlhahH3YsnnA8wk6xPt04LjSId12RB\n"
+ "PeuO\n"
+ "-----END CERTIFICATE-----";
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bytes = new ByteArrayInputStream(sCert.getBytes());
return (X509Certificate)certFactory.generateCertificate(bytes);
return pemDecoder.decode(sCert, X509Certificate.class);
}

private static X509Certificate getUserCertificate2() throws Exception {
private static X509Certificate getUserCertificate2() {
// this certificate does not include any extensions
String sCert =
"-----BEGIN CERTIFICATE-----\n"
Expand All @@ -140,8 +137,6 @@ private static X509Certificate getUserCertificate2() throws Exception {
+ "BAUAA0EAQmj9SFHEx66JyAps3ew4pcSS3QvfVZ/6qsNUYCG75rFGcTUPHcXKql9y\n"
+ "qBT83iNLJ//krjw5Ju0WRPg/buHSww==\n"
+ "-----END CERTIFICATE-----";
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bytes = new ByteArrayInputStream(sCert.getBytes());
return (X509Certificate)certFactory.generateCertificate(bytes);
return pemDecoder.decode(sCert, X509Certificate.class);
}
}
98 changes: 46 additions & 52 deletions test/jdk/java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -33,18 +33,31 @@
* @summary PIT b61: PKI test suite fails because self signed certificates
* are being rejected
* @modules java.base/sun.security.util
* @enablePreview
* @run main/othervm StatusLoopDependency subca
* @run main/othervm StatusLoopDependency subci
* @run main/othervm StatusLoopDependency alice
* @author Xuelei Fan
*/

import java.io.*;
import java.net.SocketException;
import java.util.*;
import java.security.DEREncodable;
import java.security.PEMDecoder;
import java.security.Security;
import java.security.cert.*;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.CertPathBuilder;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you intentionally list every java.security.cert class used or did the IDE do that? The changes was made with a number of tests and other import paths, but I'm only mentioning it here. Just a suggestion that * looks cleaner.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just removing all wildcard imports, when I touch the file. Was asked to remove several times before and in general wildcard is not the best practice, as this affect compile time, which is important for jtreg tests.

import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;

import sun.security.util.DerInputStream;

/**
Expand Down Expand Up @@ -183,79 +196,63 @@ public final class StatusLoopDependency {
"N9AvUXxGxU4DruoJuFPcrCI=\n" +
"-----END X509 CRL-----";

private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
private static final PEMDecoder pemDecoder = PEMDecoder.of();

ByteArrayInputStream is =
new ByteArrayInputStream(selfSignedCertStr.getBytes());
Certificate selfSignedCert = cf.generateCertificate(is);
private static Set<TrustAnchor> generateTrustAnchors() {
X509Certificate selfSignedCert = pemDecoder.decode(selfSignedCertStr, X509Certificate.class);

// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)selfSignedCert, null);
new TrustAnchor(selfSignedCert, null);

return Collections.singleton(anchor);
}

private static CertStore generateCertificateStore() throws Exception {
Collection entries = new HashSet();

// generate certificate from certificate string
CertificateFactory cf = CertificateFactory.getInstance("X.509");

ByteArrayInputStream is;
Collection<DEREncodable> entries = new HashSet<>();

is = new ByteArrayInputStream(targetCertStr.getBytes());
Certificate cert = cf.generateCertificate(is);
DEREncodable cert = pemDecoder.decode(targetCertStr, X509Certificate.class);
entries.add(cert);

is = new ByteArrayInputStream(subCaCertStr.getBytes());
cert = cf.generateCertificate(is);
cert = pemDecoder.decode(subCaCertStr, X509Certificate.class);
entries.add(cert);

is = new ByteArrayInputStream(selfSignedCertStr.getBytes());
cert = cf.generateCertificate(is);
cert = pemDecoder.decode(selfSignedCertStr, X509Certificate.class);
entries.add(cert);

is = new ByteArrayInputStream(topCrlIssuerCertStr.getBytes());
cert = cf.generateCertificate(is);
cert = pemDecoder.decode(topCrlIssuerCertStr, X509Certificate.class);
entries.add(cert);

is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
cert = cf.generateCertificate(is);
cert = pemDecoder.decode(subCrlIssuerCertStr, X509Certificate.class);
entries.add(cert);

// generate CRL from CRL string
is = new ByteArrayInputStream(topCrlStr.getBytes());
Collection mixes = cf.generateCRLs(is);
entries.addAll(mixes);
DEREncodable mixes = pemDecoder.decode(topCrlStr, X509CRL.class);
entries.add(mixes);

is = new ByteArrayInputStream(subCrlStr.getBytes());
mixes = cf.generateCRLs(is);
entries.addAll(mixes);
mixes = pemDecoder.decode(subCrlStr, X509CRL.class);
entries.add(mixes);

return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(entries));
new CollectionCertStoreParameters(entries));
}

private static X509CertSelector generateSelector(String name)
throws Exception {
X509CertSelector selector = new X509CertSelector();

// generate certificate from certificate string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = null;
String cert;
if (name.equals("subca")) {
is = new ByteArrayInputStream(subCaCertStr.getBytes());
cert = subCaCertStr;
} else if (name.equals("subci")) {
is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
cert = subCrlIssuerCertStr;
} else {
is = new ByteArrayInputStream(targetCertStr.getBytes());
cert = targetCertStr;
}

X509Certificate target = (X509Certificate)cf.generateCertificate(is);
X509Certificate target = pemDecoder.decode(cert, X509Certificate.class);
byte[] extVal = target.getExtensionValue("2.5.29.14");
if (extVal != null) {
DerInputStream in = new DerInputStream(extVal);
Expand All @@ -269,21 +266,18 @@ private static X509CertSelector generateSelector(String name)
return selector;
}

private static boolean match(String name, Certificate cert)
throws Exception {
X509CertSelector selector = new X509CertSelector();
private static boolean match(String name, Certificate cert) {

// generate certificate from certificate string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = null;
String newCert;
if (name.equals("subca")) {
is = new ByteArrayInputStream(subCaCertStr.getBytes());
newCert = subCaCertStr;
} else if (name.equals("subci")) {
is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
newCert = subCrlIssuerCertStr;
} else {
is = new ByteArrayInputStream(targetCertStr.getBytes());
newCert = targetCertStr;
}
X509Certificate target = (X509Certificate)cf.generateCertificate(is);
X509Certificate target = pemDecoder.decode(newCert, X509Certificate.class);

return target.equals(cert);
}
Expand Down
77 changes: 40 additions & 37 deletions test/jdk/java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -32,16 +32,34 @@
*
* @bug 6720721
* @summary CRL check with circular depency support needed
* @enablePreview
* @run main/othervm CircularCRLTwoLevel
* @author Xuelei Fan
*/

import java.io.*;
import java.net.SocketException;
import java.util.*;
import java.security.DEREncodable;
import java.security.PEMDecoder;
import java.security.Security;
import java.security.cert.*;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

public class CircularCRLTwoLevel {

Expand Down Expand Up @@ -149,68 +167,53 @@ public class CircularCRLTwoLevel {
"ARGr6Qu68MYGtLMC6ZqP3u0=\n" +
"-----END X509 CRL-----";

private static final PEMDecoder pemDecoder = PEMDecoder.of();

private static CertPath generateCertificatePath()
throws CertificateException {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");

ByteArrayInputStream is;

is = new ByteArrayInputStream(targetCertStr.getBytes());
Certificate targetCert = cf.generateCertificate(is);

is = new ByteArrayInputStream(subCaCertStr.getBytes());
Certificate subCaCert = cf.generateCertificate(is);

is = new ByteArrayInputStream(selfSignedCertStr.getBytes());
Certificate selfSignedCert = cf.generateCertificate(is);
Certificate targetCert = pemDecoder.decode(targetCertStr, X509Certificate.class);
Certificate subCaCert = pemDecoder.decode(subCaCertStr, X509Certificate.class);
Certificate selfSignedCert = pemDecoder.decode(selfSignedCertStr, X509Certificate.class);

// generate certification path
List<Certificate> list = Arrays.asList(new Certificate[] {
targetCert, subCaCert, selfSignedCert});
List<Certificate> list = Arrays.asList(targetCert, subCaCert, selfSignedCert);

return cf.generateCertPath(list);
}

private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");

ByteArrayInputStream is =
new ByteArrayInputStream(selfSignedCertStr.getBytes());
Certificate selfSignedCert = cf.generateCertificate(is);
final X509Certificate selfSignedCert = pemDecoder.decode(selfSignedCertStr, X509Certificate.class);

// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)selfSignedCert, null);
new TrustAnchor(selfSignedCert, null);

return Collections.singleton(anchor);
}

private static CertStore generateCertificateStore() throws Exception {
Collection entries = new HashSet();
Collection<DEREncodable> entries = new HashSet<>();

// generate CRL from CRL string
CertificateFactory cf = CertificateFactory.getInstance("X.509");

ByteArrayInputStream is =
new ByteArrayInputStream(topCrlStr.getBytes());
Collection mixes = cf.generateCRLs(is);
entries.addAll(mixes);
DEREncodable mixes = pemDecoder.decode(topCrlStr, X509CRL.class);
entries.add(mixes);

is = new ByteArrayInputStream(subCrlStr.getBytes());
mixes = cf.generateCRLs(is);
entries.addAll(mixes);
mixes = pemDecoder.decode(subCrlStr, X509CRL.class);
entries.add(mixes);

// intermediate certs
is = new ByteArrayInputStream(topCrlIssuerCertStr.getBytes());
mixes = cf.generateCertificates(is);
entries.addAll(mixes);
mixes = pemDecoder.decode(topCrlIssuerCertStr, X509Certificate.class);
entries.add(mixes);

is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
mixes = cf.generateCertificates(is);
entries.addAll(mixes);
mixes = pemDecoder.decode(subCrlIssuerCertStr, X509Certificate.class);
entries.add(mixes);

return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(entries));
Expand Down
Loading