1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18/** 19* @author Vladimir N. Molotkov 20*/ 21 22package org.apache.harmony.security.tests.java.security.cert; 23 24import java.security.InvalidAlgorithmParameterException; 25import java.security.KeyStore; 26import java.security.KeyStoreException; 27import java.security.NoSuchAlgorithmException; 28import java.security.cert.CertPathParameters; 29import java.security.cert.CertStore; 30import java.security.cert.CollectionCertStoreParameters; 31import java.security.cert.PKIXCertPathChecker; 32import java.security.cert.PKIXParameters; 33import java.security.cert.X509CertSelector; 34import java.util.ArrayList; 35import java.util.Date; 36import java.util.HashSet; 37import java.util.List; 38import java.util.Set; 39 40import org.apache.harmony.security.tests.support.cert.TestUtils; 41 42import junit.framework.TestCase; 43 44/** 45 * Tests for <code>PKIXParameters</code> fields and methods 46 * 47 */ 48public class PKIXParameters_ImplTest extends TestCase { 49 50 /** 51 * Test #1 for <code>PKIXParameters(KeyStore)</code> constructor<br> 52 * Assertion: Creates an instance of <code>PKIXParameters</code> 53 * that populates the set of most-trusted CAs from the trusted 54 * certificate entries contained in the specified <code>KeyStore</code> 55 * @throws InvalidAlgorithmParameterException 56 * @throws KeyStoreException 57 */ 58 public final void testPKIXParametersKeyStore01() throws Exception { 59 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 60 if (ks == null) { 61 fail(getName() + ": not performed (could not create test KeyStore)"); 62 } 63 64 // use valid parameter - KeyStore containing 65 // only trusted X.509 certificates 66 CertPathParameters cpp = new PKIXParameters(ks); 67 assertTrue(cpp instanceof PKIXParameters); 68 } 69 70 /** 71 * Test #2 for <code>PKIXParameters(KeyStore)</code> constructor<br> 72 * Assertion: Only keystore entries that contain trusted 73 * <code>X509Certificates</code> are considered; all other 74 * certificate types are ignored 75 * @throws InvalidAlgorithmParameterException 76 * @throws KeyStoreException 77 */ 78 public final void testPKIXParametersKeyStore02() throws Exception { 79 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED_AND_UNTRUSTED); 80 if (ks == null) { 81 fail(getName() + ": not performed (could not create test KeyStore)"); 82 } 83 84 // use valid parameter - KeyStore containing 85 // both trusted and untrusted X.509 certificates 86 PKIXParameters cpp = new PKIXParameters(ks); 87 assertEquals("size", 1, cpp.getTrustAnchors().size()); 88 } 89 90 /** 91 * Test #4 for <code>PKIXParameters(KeyStore)</code> constructor<br> 92 * Assertion: <code>KeyStoreException</code> - 93 * if the <code>keystore</code> has not been initialized 94 */ 95 public final void testPKIXParametersKeyStore04() throws Exception { 96 KeyStore ks = TestUtils.getKeyStore(false, 0); 97 if (ks == null) { 98 fail(getName() + ": not performed (could not create test KeyStore)"); 99 } 100 101 try { 102 // pass not initialized KeyStore 103 new PKIXParameters(ks); 104 fail("KeyStoreException expected"); 105 } catch (KeyStoreException e) { 106 } 107 } 108 109 /** 110 * Test #5 for <code>PKIXParameters(KeyStore)</code> constructor<br> 111 * Assertion: <code>InvalidAlgorithmParameterException</code> - 112 * if the <code>keystore</code> does not contain at least one 113 * trusted certificate entry 114 */ 115 public final void testPKIXParametersKeyStore05() throws Exception { 116 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.UNTRUSTED); 117 if (ks == null) { 118 fail(getName() + ": not performed (could not create test KeyStore)"); 119 } 120 121 try { 122 // pass KeyStore that does not contain trusted certificates 123 new PKIXParameters(ks); 124 fail("InvalidAlgorithmParameterException expected"); 125 } catch (InvalidAlgorithmParameterException e) { 126 } 127 } 128 129 /** 130 * Test #5 for <code>setTrustAnchors(Set)</code> method<br> 131 * Assertion: <code>Set</code> is copied to protect against 132 * subsequent modifications 133 * @throws InvalidAlgorithmParameterException 134 * @throws KeyStoreException 135 */ 136 public final void testSetTrustAnchors05() throws Exception { 137 // use several trusted certs in this test 138 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 139 if (ks == null) { 140 fail(getName() + ": not performed (could not create test KeyStore)"); 141 } 142 143 PKIXParameters p = new PKIXParameters(ks); 144 // prepare new Set 145 HashSet newSet = new HashSet(p.getTrustAnchors()); 146 HashSet newSetCopy = (HashSet)newSet.clone(); 147 // set new Set 148 p.setTrustAnchors(newSetCopy); 149 // modify set - remove one element 150 assertTrue("modified", newSetCopy.remove(newSetCopy.iterator().next())); 151 // check that set maintained internally has 152 // not been changed by the above modification 153 assertEquals("isCopied", newSet, p.getTrustAnchors()); 154 } 155 156 /** 157 * Test #1 for <code>clone()</code> method<br> 158 * Assertion: Makes a copy of this <code>PKIXParameters</code> object 159 * @throws KeyStoreException 160 * @throws InvalidAlgorithmParameterException 161 * @throws NoSuchAlgorithmException 162 */ 163 public final void testClone01() throws Exception { 164 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 165 if (ks == null) { 166 fail(getName() + ": not performed (could not create test KeyStore)"); 167 } 168 169 PKIXParameters p1 = new PKIXParameters(ks); 170 // set to some non-default values 171 p1.setPolicyQualifiersRejected(false); 172 p1.setAnyPolicyInhibited(true); 173 p1.setExplicitPolicyRequired(true); 174 p1.setPolicyMappingInhibited(true); 175 p1.setRevocationEnabled(false); 176 177 String sigProviderName = "Some Provider"; 178 p1.setSigProvider(sigProviderName); 179 180 X509CertSelector x509cs = new X509CertSelector(); 181 p1.setTargetCertConstraints(x509cs); 182 183 p1.setCertStores(TestUtils.getCollectionCertStoresList()); 184 185 PKIXCertPathChecker cpc = TestUtils.getTestCertPathChecker(); 186 List l = new ArrayList(); 187 assertTrue("addedOk", l.add(cpc)); 188 p1.setCertPathCheckers(l); 189 190 p1.setDate(new Date(555L)); 191 192 Set s = new HashSet(); 193 s.add("1.2.3.4.5.6.7"); 194 s.add("1.2.3.4.5.6.8"); 195 p1.setInitialPolicies(s); 196 197 // TrustAnchors already set 198 199 PKIXParameters p2 = (PKIXParameters)p1.clone(); 200 201 // check that objects match 202 assertEquals("check1", p1.getPolicyQualifiersRejected(), 203 p2.getPolicyQualifiersRejected()); 204 assertEquals("check2", p1.isAnyPolicyInhibited(), 205 p2.isAnyPolicyInhibited()); 206 assertEquals("check3", p1.isExplicitPolicyRequired(), 207 p2.isExplicitPolicyRequired()); 208 assertEquals("check4", p1.isPolicyMappingInhibited(), 209 p2.isPolicyMappingInhibited()); 210 assertEquals("check5", p1.isRevocationEnabled(), 211 p2.isRevocationEnabled()); 212 assertEquals("check6", p1.getSigProvider(), p2.getSigProvider()); 213 214 // just check that not null 215 assertNotNull("check7", p2.getTargetCertConstraints()); 216 217 assertEquals("check8", p1.getCertStores(), p2.getCertStores()); 218 219 // just check that not empty 220 assertFalse("check9", p2.getCertPathCheckers().isEmpty()); 221 222 assertEquals("check10", p1.getDate(), p2.getDate()); 223 assertEquals("check11", p1.getInitialPolicies(), 224 p2.getInitialPolicies()); 225 assertEquals("check12", p1.getTrustAnchors(), p2.getTrustAnchors()); 226 } 227 228 /** 229 * Test #2 for <code>clone()</code> method<br> 230 * Assertion: Changes to the copy will not affect 231 * the original and vice versa 232 * @throws KeyStoreException 233 * @throws InvalidAlgorithmParameterException 234 * @throws NoSuchAlgorithmException 235 */ 236 public final void testClone02() throws Exception { 237 PKIXParameters[] p = new PKIXParameters[2]; 238 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 239 if (ks == null) { 240 fail(getName() + ": not performed (could not create test KeyStore)"); 241 } 242 243 for (int i = 0; i<p.length; i++) { 244 p[i] = new PKIXParameters(ks); 245 246 p[i].setCertStores(TestUtils.getCollectionCertStoresList()); 247 248 PKIXCertPathChecker cpc = TestUtils.getTestCertPathChecker(); 249 List l = new ArrayList(); 250 assertTrue("addedOk", l.add(cpc)); 251 p[i].setCertPathCheckers(l); 252 253 p[i].setDate(new Date(555L)); 254 255 p[(i == 0 ? 1 : 0)] = (PKIXParameters)p[i].clone(); 256 257 // modify the first object (original or copy) 258 p[1].addCertStore(CertStore.getInstance("Collection", 259 new CollectionCertStoreParameters())); 260 p[1].addCertPathChecker(TestUtils.getTestCertPathChecker()); 261 // check that the second object has not been affected by 262 // above modification 263 assertTrue("certStores["+i+"]", 264 p[0].getCertStores().size() == 1); 265 assertTrue("certPathCheckers["+i+"]", 266 p[0].getCertPathCheckers().size() == 1); 267 } 268 } 269 270 /** 271 * Test for <code>toString()</code> method<br> 272 * Assertion: Returns a formatted string describing the parameters 273 * @throws InvalidAlgorithmParameterException 274 * @throws KeyStoreException 275 */ 276 public final void testToString() throws Exception { 277 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED_AND_UNTRUSTED); 278 if (ks == null) { 279 fail(getName() + ": not performed (could not create test KeyStore)"); 280 } 281 282 PKIXParameters p = new PKIXParameters(ks); 283 assertNotNull(p.toString()); 284 } 285 286} 287