Backport a6be9076351b591cbc0860b1ba8f3c56319f4ffe

duke · duke · commit 765d9130e0b4 · 2025-01-20T09:04:44.000Z
diff --git a/test/jdk/sun/security/x509/DNSName/LeadingPeriod.java b/test/jdk/sun/security/x509/DNSName/LeadingPeriod.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2023, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,7 @@
  * @bug 8311546
  * @summary Adopt de-facto standards on x509 Name Constraints with leading dot. Certs
  * can be generated by running generate-certs.sh
- * @library /test/lib
- * @modules java.base/sun.security.x509
+ * @run main LeadingPeriod
  */
 
 import java.io.*;
@@ -38,75 +37,33 @@
 
 public class LeadingPeriod {
 
-    private static CertPath makeCertPath(String targetCertStr,
-        PKIXParameters params) throws CertificateException {
-        // generate certificate from cert strings
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-
-        ByteArrayInputStream is;
-
-        is = new ByteArrayInputStream(targetCertStr.getBytes());
-        Certificate targetCert = cf.generateCertificate(is);
-        // set validity date so that validation won't fail when cert expires
-        params.setDate(((X509Certificate)targetCert).getNotBefore());
-
-        // generate certification path
-        List<Certificate> list = List.of(targetCert);
-
-        return cf.generateCertPath(list);
+    public static void main(String[] args) throws Exception {
+        String certs = System.getProperty("test.src", "./") + "/certs/";
+        validate(certs + "withoutLeadingPeriod");
+        validate(certs + "withLeadingPeriod");
     }
 
-    private static PKIXParameters genParams(String caStr) throws Exception {
-        // generate certificate from cert string
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-
-        ByteArrayInputStream is = new ByteArrayInputStream(caStr.getBytes());
-        Certificate selfSignedCert = cf.generateCertificate(is);
+    public static void validate(String certPath) throws Exception {
+        byte[] targetCertBytes = Files.readAllBytes(Paths.get(certPath + "/leaf.pem"));
+        byte[] caCertBytes = Files.readAllBytes(Paths.get(certPath + "/ca.pem"));
 
-        // generate a trust anchor
-        TrustAnchor anchor = new TrustAnchor((X509Certificate) selfSignedCert, null);
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        Certificate caCert = cf.generateCertificate(new ByteArrayInputStream(caCertBytes));
+        Certificate targetCert = cf.generateCertificate(new ByteArrayInputStream(targetCertBytes));
 
-        Set<TrustAnchor> anchors = Collections.singleton(anchor);
+        TrustAnchor anchor = new TrustAnchor((X509Certificate) caCert, null);
 
-        PKIXParameters params = new PKIXParameters(anchors);
+        PKIXParameters params = new PKIXParameters(Collections.singleton(anchor));
 
-        // disable certificate revocation checking
+        // Disable certificate revocation checking
         params.setRevocationEnabled(false);
 
-        return params;
-    }
+        // Set validity date, so that validation won't fail when cert expires
+        params.setDate(((X509Certificate)targetCert).getNotBefore());
 
-    public static void main(String[] args) throws Exception {
+        CertPath path = cf.generateCertPath(List.of(targetCert, caCert));
 
         CertPathValidator validator = CertPathValidator.getInstance("PKIX");
-
-        // Load certs with a NameConstraint where DNS value does not begin with a period
-        Path targetFromCAWithoutPeriodPath = Paths.get(System.getProperty(
-            "test.src", "./") + "/certs/withoutLeadingPeriod/leaf.pem");
-        String targetFromCAWithoutPeriod = Files.readString(targetFromCAWithoutPeriodPath);
-
-        Path caWithoutLeadingPeriodPath = Paths.get(System.getProperty(
-            "test.src", "./") + "/certs/withoutLeadingPeriod/ca.pem");
-        String caWithoutLeadingPeriod = Files.readString(caWithoutLeadingPeriodPath);
-
-        PKIXParameters paramsForCAWithoutLeadingPeriod = genParams(caWithoutLeadingPeriod);
-        CertPath pathWithoutLeadingPeriod = makeCertPath(
-            targetFromCAWithoutPeriod, paramsForCAWithoutLeadingPeriod);
-
-        validator.validate(pathWithoutLeadingPeriod, paramsForCAWithoutLeadingPeriod);
-
-        // Load certificates with a NameConstraint where the DNS value does begin with a period
-        Path targetFromCAWithPeriodPath = Paths.get(System.getProperty(
-            "test.src", "./") + "/certs/withLeadingPeriod/leaf.pem");
-        String targetFromCAWithPeriod = Files.readString(targetFromCAWithPeriodPath);
-
-        Path caWithLeadingPeriodPath = Paths.get(System.getProperty(
-            "test.src", "./") + "/certs/withLeadingPeriod/ca.pem");
-        String caWithLeadingPeriod = Files.readString(caWithLeadingPeriodPath);
-
-        PKIXParameters paramsForCAWithLeadingPeriod = genParams(caWithLeadingPeriod);
-        CertPath pathWithLeadingPeriod = makeCertPath(targetFromCAWithPeriod, paramsForCAWithLeadingPeriod);
-
-        validator.validate(pathWithLeadingPeriod, paramsForCAWithLeadingPeriod);
+        validator.validate(path, params);
     }
 }
