1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18/** 19* @author Alexander Y. Kleymenov 20*/ 21 22package java.security.cert; 23 24import java.io.IOException; 25import java.math.BigInteger; 26import java.security.InvalidKeyException; 27import java.security.NoSuchAlgorithmException; 28import java.security.NoSuchProviderException; 29import java.security.Principal; 30import java.security.PublicKey; 31import java.security.SignatureException; 32import java.security.cert.CertificateEncodingException; 33import java.security.cert.CertificateException; 34import java.security.cert.CertificateExpiredException; 35import java.security.cert.CertificateNotYetValidException; 36import java.security.cert.X509Certificate; 37import java.security.spec.InvalidKeySpecException; 38import java.util.Date; 39import java.util.Set; 40import java.util.HashSet; 41import java.util.Arrays; 42import java.util.ArrayList; 43import java.util.List; 44import java.util.Iterator; 45import java.util.Collection; 46import javax.security.auth.x500.X500Principal; 47 48import org.apache.harmony.security.asn1.ASN1Boolean; 49import org.apache.harmony.security.asn1.ASN1Integer; 50import org.apache.harmony.security.asn1.ASN1OctetString; 51import org.apache.harmony.security.asn1.ASN1Oid; 52import org.apache.harmony.security.asn1.ASN1Sequence; 53import org.apache.harmony.security.asn1.ASN1Type; 54 55import org.apache.harmony.security.tests.support.TestKeyPair; 56import org.apache.harmony.security.x501.Name; 57import org.apache.harmony.security.x509.AlgorithmIdentifier; 58import org.apache.harmony.security.x509.CertificatePolicies; 59import org.apache.harmony.security.x509.EDIPartyName; 60import org.apache.harmony.security.x509.Extension; 61import org.apache.harmony.security.x509.Extensions; 62import org.apache.harmony.security.x509.GeneralName; 63import org.apache.harmony.security.x509.GeneralNames; 64import org.apache.harmony.security.x509.GeneralSubtree; 65import org.apache.harmony.security.x509.GeneralSubtrees; 66import org.apache.harmony.security.x509.NameConstraints; 67import org.apache.harmony.security.x509.ORAddress; 68import org.apache.harmony.security.x509.OtherName; 69import org.apache.harmony.security.x509.PolicyInformation; 70import org.apache.harmony.security.x509.PrivateKeyUsagePeriod; 71import org.apache.harmony.security.x509.SubjectPublicKeyInfo; 72import org.apache.harmony.security.x509.TBSCertificate; 73import org.apache.harmony.security.x509.Validity; 74 75 76 77import junit.framework.Test; 78import junit.framework.TestCase; 79import junit.framework.TestSuite; 80 81/** 82 * X509CertSelectorTest 83 */ 84public class X509CertSelectorTest extends TestCase { 85 86 /** 87 * The abstract class stub implementation. 88 */ 89 private class TestCert extends X509Certificate { 90 91 /* Stuff fields */ 92 protected String equalCriteria = null; // to simplify method equals() 93 protected BigInteger serialNumber = null; 94 protected X500Principal issuer = null; 95 protected X500Principal subject = null; 96 protected byte[] keyIdentifier = null; 97 protected Date date = null; 98 protected Date notBefore = null; 99 protected Date notAfter = null; 100 protected PublicKey key = null; 101 protected boolean[] keyUsage = null; 102 protected List extKeyUsage = null; 103 protected int pathLen = -1; 104 protected GeneralNames sans = null; 105 protected byte[] encoding = null; 106 protected String[] policies = null; 107 protected NameConstraints nameConstraints = null; 108 109 /* Stuff methods */ 110 public TestCert() {} 111 112 public TestCert(GeneralNames sans) { 113 setSubjectAlternativeNames(sans); 114 } 115 116 public TestCert(NameConstraints nameConstraints) { 117 this.nameConstraints = nameConstraints; 118 } 119 120 public TestCert(String equalCriteria) { 121 setEqualCriteria(equalCriteria); 122 } 123 124 public TestCert(String[] policies) { 125 setPolicies(policies); 126 } 127 128 public TestCert(BigInteger serial) { 129 setSerialNumber(serial); 130 } 131 132 public TestCert(X500Principal principal) { 133 setIssuer(principal); 134 setSubject(principal); 135 } 136 137 public TestCert(byte[] array) { 138 setKeyIdentifier(array); 139 } 140 141 public TestCert(Date date) { 142 setDate(date); 143 } 144 145 public TestCert(Date notBefore, Date notAfter) { 146 setPeriod(notBefore, notAfter); 147 } 148 149 public TestCert(PublicKey key) { 150 setPublicKey(key); 151 } 152 153 public TestCert(boolean[] keyUsage) { 154 setKeyUsage(keyUsage); 155 } 156 157 public TestCert(Set extKeyUsage) { 158 setExtendedKeyUsage(extKeyUsage); 159 } 160 161 public TestCert(int pathLen) { 162 this.pathLen = pathLen; 163 } 164 165 public void setPolicies(String[] policies) { 166 this.policies = policies; 167 } 168 169 public void setSubjectAlternativeNames(GeneralNames sans) { 170 this.sans = sans; 171 } 172 173 public void setExtendedKeyUsage(Set extKeyUsage) { 174 this.extKeyUsage = (extKeyUsage == null) 175 ? null 176 : new ArrayList(extKeyUsage); 177 } 178 179 public void setKeyUsage(boolean[] keyUsage) { 180 this.keyUsage = (keyUsage == null) ? null 181 : (boolean[]) keyUsage.clone(); 182 } 183 184 public void setPublicKey(PublicKey key) { 185 this.key = key; 186 } 187 188 public void setPeriod(Date notBefore, Date notAfter) { 189 this.notBefore = notBefore; 190 this.notAfter = notAfter; 191 } 192 193 public void setSerialNumber(BigInteger serial) { 194 this.serialNumber = serial; 195 } 196 197 public void setEqualCriteria(String equalCriteria) { 198 this.equalCriteria = equalCriteria; 199 } 200 201 public void setIssuer(X500Principal issuer) { 202 this.issuer = issuer; 203 } 204 205 public void setSubject(X500Principal subject) { 206 this.subject = subject; 207 } 208 209 public void setKeyIdentifier(byte[] subjectKeyID) { 210 this.keyIdentifier = subjectKeyID.clone(); 211 } 212 213 public void setDate(Date date) { 214 this.date = new Date(date.getTime()); 215 } 216 217 public void setEncoding(byte[] encoding) { 218 this.encoding = encoding; 219 } 220 221 /* Method implementations */ 222 public boolean equals(Object cert) { 223 if (cert == null) { 224 return false; 225 } 226 if ((equalCriteria == null) 227 || (((TestCert)cert).equalCriteria == null)) { 228 return false; 229 } else { 230 return equalCriteria.equals(((TestCert)cert).equalCriteria); 231 } 232 } 233 234 public String toString() { 235 if (equalCriteria != null) { 236 return equalCriteria; 237 } 238 return ""; 239 } 240 241 public void checkValidity() throws CertificateExpiredException, 242 CertificateNotYetValidException {} 243 244 public void checkValidity(Date date) 245 throws CertificateExpiredException, 246 CertificateNotYetValidException { 247 if (this.date == null) { 248 throw new CertificateExpiredException(); 249 } 250 int result = this.date.compareTo(date); 251 if (result > 0) { 252 throw new CertificateExpiredException(); 253 } 254 if (result < 0) { 255 throw new CertificateNotYetValidException(); 256 } 257 } 258 259 public int getVersion() { 260 return 3; 261 } 262 263 public BigInteger getSerialNumber() { 264 return (serialNumber == null) 265 ? new BigInteger("1111") 266 : serialNumber; 267 } 268 269 public Principal getIssuerDN() { 270 return issuer; 271 } 272 273 public X500Principal getIssuerX500Principal() { 274 return issuer; 275 } 276 277 public Principal getSubjectDN() { 278 return subject; 279 } 280 281 public X500Principal getSubjectX500Principal() { 282 return subject; 283 } 284 285 public Date getNotBefore() { 286 return null; 287 } 288 289 public Date getNotAfter() { 290 return null; 291 } 292 293 public byte[] getTBSCertificate() 294 throws CertificateEncodingException 295 { 296 return null; 297 } 298 299 public byte[] getSignature() { 300 return null; 301 } 302 303 public String getSigAlgName() { 304 return null; 305 } 306 307 public String getSigAlgOID() { 308 return null; 309 } 310 311 public byte[] getSigAlgParams() { 312 return null; 313 } 314 315 public boolean[] getIssuerUniqueID() { 316 return null; 317 } 318 319 public boolean[] getSubjectUniqueID() { 320 return null; 321 } 322 323 public boolean[] getKeyUsage() { 324 return keyUsage; 325 } 326 327 public List/*<String>*/ getExtendedKeyUsage() 328 throws CertificateParsingException { 329 return extKeyUsage; 330 } 331 332 public int getBasicConstraints() { 333 return pathLen; 334 } 335 336 public Collection/*<List<?>>*/ getSubjectAlternativeNames() 337 throws CertificateParsingException { 338 return sans.getPairsList(); 339 } 340 341 342 public void verify(PublicKey key) 343 throws CertificateException, NoSuchAlgorithmException, 344 InvalidKeyException, NoSuchProviderException, 345 SignatureException 346 { 347 } 348 349 public void verify(PublicKey key, 350 String sigProvider) 351 throws CertificateException, NoSuchAlgorithmException, 352 InvalidKeyException, NoSuchProviderException, 353 SignatureException 354 { 355 } 356 357 public PublicKey getPublicKey() { 358 return key; 359 } 360 361 public byte[] getEncoded() throws CertificateEncodingException 362 { 363 return encoding; 364 } 365 366 public Set getNonCriticalExtensionOIDs() { 367 return null; 368 } 369 370 public Set getCriticalExtensionOIDs() { 371 return null; 372 } 373 374 public byte[] getExtensionValue(String oid) { 375 if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) { 376 // Extension value is represented as an OctetString 377 return ASN1OctetString.getInstance().encode(keyIdentifier); 378 } 379 if ("2.5.29.16".equals(oid)) { 380 PrivateKeyUsagePeriod pkup = 381 new PrivateKeyUsagePeriod(notBefore, notAfter); 382 byte[] encoded = pkup.getEncoded(); 383 return ASN1OctetString.getInstance().encode(encoded); 384 } 385 if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) { 386 ASN1Oid[] oa = new ASN1Oid[extKeyUsage.size()]; 387 String[] val = new String[extKeyUsage.size()]; 388 Iterator it = extKeyUsage.iterator(); 389 int id = 0; 390 while (it.hasNext()) { 391 oa[id] = ASN1Oid.getInstanceForString(); 392 val[id++] = (String) it.next(); 393 } 394 return ASN1OctetString.getInstance().encode( 395 new ASN1Sequence(oa).encode(val)); 396 } 397 if ("2.5.29.19".equals(oid)) { 398 return ASN1OctetString.getInstance().encode( 399 new ASN1Sequence( 400 new ASN1Type[] { 401 ASN1Boolean.getInstance(), 402 ASN1Integer.getInstance() 403 }).encode( 404 new Object[] { 405 new Boolean(pathLen != -1), 406 BigInteger.valueOf(pathLen). 407 toByteArray() 408 }) 409 ); 410 } 411 if ("2.5.29.17".equals(oid) && (sans != null)) { 412 if (sans.getNames() == null) { 413 return null; 414 } 415 return ASN1OctetString.getInstance().encode( 416 GeneralNames.ASN1.encode(sans)); 417 } 418 if ("2.5.29.32".equals(oid) && (policies != null) 419 && (policies.length > 0)) { 420 // Certificate Policies Extension (as specified in rfc 3280) 421 CertificatePolicies certificatePolicies = 422 new CertificatePolicies(); 423 for (int i=0; i<policies.length; i++) { 424 PolicyInformation policyInformation = 425 new PolicyInformation(policies[i]); 426 certificatePolicies.addPolicyInformation(policyInformation); 427 } 428 return ASN1OctetString.getInstance().encode( 429 certificatePolicies.getEncoded()); 430 } 431 if ("2.5.29.30".equals(oid) && (nameConstraints != null)) { 432 // Name Constraints Extension (as specified in rfc 3280) 433 return ASN1OctetString.getInstance().encode( 434 nameConstraints.getEncoded()); 435 } 436 return null; 437 } 438 439 public boolean hasUnsupportedCriticalExtension() { 440 return false; 441 } 442 } 443 444 /* ********************************************************************** */ 445 /* ************************* Test implementation ************************ */ 446 /* ********************************************************************** */ 447 448 /** 449 * setCertificate(X509Certificate certificate) method testing. 450 * Tests if any certificates match in the case of null criteria, 451 * if [not]proper certificates [do not]match 452 */ 453 public void testSetCertificate() { 454 TestCert cert_1 = new TestCert("same certificate"); 455 TestCert cert_2 = new TestCert("other certificate"); 456 X509CertSelector selector = new X509CertSelector(); 457 458 selector.setCertificate(null); 459 assertTrue("Any certificates should match in the case of null " 460 + "certificateEquals criteria.", 461 selector.match(cert_1) && selector.match(cert_2)); 462 selector.setCertificate(cert_1); 463 assertTrue("The certificate should match the selection criteria.", 464 selector.match(cert_1)); 465 assertFalse("The certificate should not match the selection criteria.", 466 selector.match(cert_2)); 467 selector.setCertificate(cert_2); 468 assertTrue("The certificate should match the selection criteria.", 469 selector.match(cert_2)); 470 } 471 472 /** 473 * getCertificate() method testing. 474 * Tests if the method return null in the case of not specified criteria, 475 * if the returned value [does not]corresponds to [not]specified 476 */ 477 public void testGetCertificate() { 478 TestCert cert_1 = new TestCert("same certificate"); 479 TestCert cert_2 = new TestCert("other certificate"); 480 X509CertSelector selector = new X509CertSelector(); 481 482 assertNull("Selector should return null", selector.getCertificate()); 483 selector.setCertificate(cert_1); 484 assertEquals("The returned certificate should be equal to specified", 485 cert_1, selector.getCertificate()); 486 assertFalse("The returned certificate should differ", 487 cert_2.equals(selector.getCertificate())); 488 } 489 490 /** 491 * setSerialNumber(BigInteger serial) method testing. 492 * Tests if any certificates match in the case of null criteria, 493 * if [not]proper certificates [do not]match 494 */ 495 public void testSetSerialNumber() { 496 BigInteger ser1 = new BigInteger("10000"); 497 BigInteger ser2 = new BigInteger("10001"); 498 TestCert cert_1 = new TestCert(ser1); 499 TestCert cert_2 = new TestCert(ser2); 500 X509CertSelector selector = new X509CertSelector(); 501 502 selector.setSerialNumber(null); 503 assertTrue("Any certificate should match in the case of null " 504 + "serialNumber criteria.", 505 selector.match(cert_1) && selector.match(cert_2)); 506 selector.setSerialNumber(ser1); 507 assertTrue("The certificate should match the selection criteria.", 508 selector.match(cert_1)); 509 assertFalse("The certificate should not match the selection criteria.", 510 selector.match(cert_2)); 511 selector.setSerialNumber(ser2); 512 assertTrue("The certificate should match the selection criteria.", 513 selector.match(cert_2)); 514 } 515 516 /** 517 * getSerialNumber() method testing. 518 * Tests if the method return null in the case of not specified criteria, 519 * if the returned value [does not]corresponds to [not]specified 520 */ 521 public void testGetSerialNumber() { 522 BigInteger ser1 = new BigInteger("10000"); 523 BigInteger ser2 = new BigInteger("10001"); 524 X509CertSelector selector = new X509CertSelector(); 525 526 assertNull("Selector should return null", selector.getSerialNumber()); 527 selector.setSerialNumber(ser1); 528 assertEquals("The returned serial number should be equal to specified", 529 ser1, selector.getSerialNumber()); 530 assertFalse("The returned serial number should differ", 531 ser2.equals(selector.getSerialNumber())); 532 } 533 534 /** 535 * setIssuer(X500Principal issuer) method testing. 536 * Tests if any certificates match in the case of null criteria, 537 * if [not]proper certificates [do not]match 538 */ 539 public void testSetIssuer1() { 540 X500Principal iss1 = new X500Principal("O=First Org."); 541 X500Principal iss2 = new X500Principal("O=Second Org."); 542 TestCert cert_1 = new TestCert(iss1); 543 TestCert cert_2 = new TestCert(iss2); 544 X509CertSelector selector = new X509CertSelector(); 545 546 selector.setIssuer((X500Principal) null); 547 assertTrue("Any certificates should match " 548 + "in the case of null issuer criteria.", 549 selector.match(cert_1) && selector.match(cert_2)); 550 selector.setIssuer(iss1); 551 assertTrue("The certificate should match the selection criteria.", 552 selector.match(cert_1)); 553 assertFalse("The certificate should not match the selection criteria.", 554 selector.match(cert_2)); 555 selector.setIssuer(iss2); 556 assertTrue("The certificate should match the selection criteria.", 557 selector.match(cert_2)); 558 } 559 560 /** 561 * getIssuer() method testing. 562 * Tests if the method return null in the case of not specified criteria, 563 * if the returned value [does not]corresponds to [not]specified 564 */ 565 public void testGetIssuer() { 566 X500Principal iss1 = new X500Principal("O=First Org."); 567 X500Principal iss2 = new X500Principal("O=Second Org."); 568 X509CertSelector selector = new X509CertSelector(); 569 570 assertNull("Selector should return null", selector.getIssuer()); 571 selector.setIssuer(iss1); 572 assertEquals("The returned issuer should be equal to specified", 573 iss1, selector.getIssuer()); 574 assertFalse("The returned issuer should differ", 575 iss2.equals(selector.getIssuer())); 576 } 577 578 /** 579 * setIssuer(String issuerDN) method testing. 580 * Tests if any certificates match in the case of null criteria, 581 * if [not]proper certificates [do not]match 582 */ 583 public void testSetIssuer2() throws IOException { 584 String name1 = "O=First Org."; 585 String name2 = "O=Second Org."; 586 X500Principal iss1 = new X500Principal(name1); 587 X500Principal iss2 = new X500Principal(name2); 588 TestCert cert_1 = new TestCert(iss1); 589 TestCert cert_2 = new TestCert(iss2); 590 X509CertSelector selector = new X509CertSelector(); 591 592 selector.setIssuer((String) null); 593 assertTrue( 594 "Any certificates should match in the case of null issuer criteria.", 595 selector.match(cert_1) && selector.match(cert_2)); 596 597 selector.setIssuer(name1); 598 assertTrue("The certificate should match the selection criteria.", 599 selector.match(cert_1)); 600 assertFalse("The certificate should not match the selection criteria.", 601 selector.match(cert_2)); 602 selector.setIssuer(name2); 603 assertTrue("The certificate should match the selection criteria.", 604 selector.match(cert_2)); 605 } 606 607 /** 608 * getIssuerAsString() method testing. 609 * Tests if the method return null in the case of not specified criteria, 610 * if the returned value [does not]corresponds to [not]specified 611 */ 612 public void testGetIssuerAsString() { 613 String name1 = "O=First Org."; 614 String name2 = "O=Second Org."; 615 X500Principal iss1 = new X500Principal(name1); 616 X500Principal iss2 = new X500Principal(name2); 617 X509CertSelector selector = new X509CertSelector(); 618 619 assertNull("Selector should return null", selector.getIssuerAsString()); 620 selector.setIssuer(iss1); 621 assertEquals("The returned issuer should be equal to specified", 622 new X500Principal(name1), 623 new X500Principal(selector.getIssuerAsString())); 624 assertFalse("The returned issuer should differ", 625 new X500Principal(name2).equals( 626 new X500Principal(selector.getIssuerAsString()))); 627 selector.setIssuer(iss2); 628 assertEquals("The returned issuer should be equal to specified", 629 new X500Principal(name2), 630 new X500Principal(selector.getIssuerAsString())); 631 } 632 633 /** 634 * setIssuer(byte[] issuerDN) method testing. 635 * Tests if any certificates match in the case of null criteria, 636 * if [not]proper certificates [do not]match 637 */ 638 public void testSetIssuer3() throws IOException { 639 byte[] name1 = new byte[] 640 //manually obtained DER encoding of "O=First Org." issuer name; 641 {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 642 70, 105, 114, 115, 116, 32, 79, 114, 103, 46}; 643 byte[] name2 = new byte[] 644 //manually obtained DER encoding of "O=Second Org." issuer name; 645 {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 646 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46}; 647 X500Principal iss1 = new X500Principal(name1); 648 X500Principal iss2 = new X500Principal(name2); 649 TestCert cert_1 = new TestCert(iss1); 650 TestCert cert_2 = new TestCert(iss2); 651 X509CertSelector selector = new X509CertSelector(); 652 653 selector.setIssuer((byte[]) null); 654 assertTrue( 655 "Any certificates should match in the case of null issuer criteria.", 656 selector.match(cert_1) && selector.match(cert_2)); 657 658 selector.setIssuer(name1); 659 assertTrue("The certificate should match the selection criteria.", 660 selector.match(cert_1)); 661 assertFalse("The certificate should not match the selection criteria.", 662 selector.match(cert_2)); 663 selector.setIssuer(name2); 664 assertTrue("The certificate should match the selection criteria.", 665 selector.match(cert_2)); 666 } 667 668 /** 669 * getIssuerAsBytes() method testing. 670 * Tests if the method return null in the case of not specified criteria, 671 * if the returned value [does not]corresponds to [not]specified 672 */ 673 public void testGetIssuerAsBytes() throws IOException { 674 byte[] name1 = new byte[] 675 //manually obtained DER encoding of "O=First Org." issuer name; 676 {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 677 70, 105, 114, 115, 116, 32, 79, 114, 103, 46}; 678 byte[] name2 = new byte[] 679 //manually obtained DER encoding of "O=Second Org." issuer name; 680 {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 681 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46}; 682 X500Principal iss1 = new X500Principal(name1); 683 X500Principal iss2 = new X500Principal(name2); 684 X509CertSelector selector = new X509CertSelector(); 685 686 assertNull("Selector should return null", selector.getIssuerAsBytes()); 687 688 selector.setIssuer(iss1); 689 assertEquals("The returned issuer should be equal to specified", 690 new X500Principal(name1), new X500Principal(selector 691 .getIssuerAsBytes())); 692 assertFalse("The returned issuer should differ", new X500Principal( 693 name2).equals(new X500Principal(selector.getIssuerAsBytes()))); 694 695 selector.setIssuer(iss2); 696 assertEquals("The returned issuer should be equal to specified", 697 new X500Principal(name2), new X500Principal(selector 698 .getIssuerAsBytes())); 699 } 700 701 /** 702 * setSubject(X500Principal subject) method testing. 703 * Tests if any certificates match in the case of null criteria, 704 * if [not]proper certificates [do not]match 705 */ 706 public void testSetSubject1() { 707 X500Principal sub1 = new X500Principal("O=First Org."); 708 X500Principal sub2 = new X500Principal("O=Second Org."); 709 TestCert cert_1 = new TestCert(sub1); 710 TestCert cert_2 = new TestCert(sub2); 711 X509CertSelector selector = new X509CertSelector(); 712 713 selector.setSubject((X500Principal) null); 714 assertTrue("Any certificates should match " 715 + "in the case of null subjcet criteria.", 716 selector.match(cert_1) && selector.match(cert_2)); 717 selector.setSubject(sub1); 718 assertTrue("The certificate should match the selection criteria.", 719 selector.match(cert_1)); 720 assertFalse("The certificate should not match the selection criteria.", 721 selector.match(cert_2)); 722 selector.setSubject(sub2); 723 assertTrue("The certificate should match the selection criteria.", 724 selector.match(cert_2)); 725 } 726 727 /** 728 * getSubject() method testing. 729 * Tests if the method return null in the case of not specified criteria, 730 * if the returned value [does not]corresponds to [not]specified 731 */ 732 public void testGetSubject() { 733 X500Principal sub1 = new X500Principal("O=First Org."); 734 X500Principal sub2 = new X500Principal("O=Second Org."); 735 X509CertSelector selector = new X509CertSelector(); 736 737 assertNull("Selector should return null", selector.getSubject()); 738 selector.setSubject(sub1); 739 assertEquals("The returned subject should be equal to specified", 740 sub1, selector.getSubject()); 741 assertFalse("The returned subject should differ", 742 sub2.equals(selector.getSubject())); 743 } 744 745 /** 746 * setSubject(String subjectDN) method testing. 747 * Tests if any certificates match in the case of null criteria, 748 * if [not]proper certificates [do not]match 749 */ 750 public void testSetSubject2() throws IOException { 751 String name1 = "O=First Org."; 752 String name2 = "O=Second Org."; 753 X500Principal sub1 = new X500Principal(name1); 754 X500Principal sub2 = new X500Principal(name2); 755 TestCert cert_1 = new TestCert(sub1); 756 TestCert cert_2 = new TestCert(sub2); 757 X509CertSelector selector = new X509CertSelector(); 758 759 selector.setSubject((String) null); 760 assertTrue( 761 "Any certificates should match in the case of null subject criteria.", 762 selector.match(cert_1) && selector.match(cert_2)); 763 764 selector.setSubject(name1); 765 assertTrue("The certificate should match the selection criteria.", 766 selector.match(cert_1)); 767 assertFalse("The certificate should not match the selection criteria.", 768 selector.match(cert_2)); 769 770 selector.setSubject(name2); 771 assertTrue("The certificate should match the selection criteria.", 772 selector.match(cert_2)); 773 } 774 775 /** 776 * getSubjectAsString() method testing. 777 * Tests if the method return null in the case of not specified criteria, 778 * if the returned value [does not]corresponds to [not]specified 779 */ 780 public void testGetSubjectAsString() { 781 String name1 = "O=First Org."; 782 String name2 = "O=Second Org."; 783 X500Principal sub1 = new X500Principal(name1); 784 X500Principal sub2 = new X500Principal(name2); 785 X509CertSelector selector = new X509CertSelector(); 786 787 assertNull("Selector should return null", 788 selector.getSubjectAsString()); 789 selector.setSubject(sub1); 790 assertEquals("The returned subject should be equal to specified", 791 new X500Principal(name1), 792 new X500Principal(selector.getSubjectAsString())); 793 assertFalse("The returned subject should differ", 794 new X500Principal(name2).equals( 795 new X500Principal(selector.getSubjectAsString()))); 796 selector.setSubject(sub2); 797 assertEquals("The returned subject should be equal to specified", 798 new X500Principal(name2), 799 new X500Principal(selector.getSubjectAsString())); 800 } 801 802 /** 803 * setSubject(byte[] subjectDN) method testing. 804 * Tests if any certificates match in the case of null criteria, 805 * if [not]proper certificates [do not]match 806 */ 807 public void testSetSubject3() throws IOException { 808 byte[] name1 = new byte[] 809 //manually obtained DER encoding of "O=First Org." issuer name; 810 {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 811 70, 105, 114, 115, 116, 32, 79, 114, 103, 46}; 812 byte[] name2 = new byte[] 813 //manually obtained DER encoding of "O=Second Org." issuer name; 814 {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 815 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46}; 816 X500Principal sub1 = new X500Principal(name1); 817 X500Principal sub2 = new X500Principal(name2); 818 TestCert cert_1 = new TestCert(sub1); 819 TestCert cert_2 = new TestCert(sub2); 820 X509CertSelector selector = new X509CertSelector(); 821 822 selector.setSubject((byte[]) null); 823 assertTrue( 824 "Any certificates should match in the case of null issuer criteria.", 825 selector.match(cert_1) && selector.match(cert_2)); 826 827 selector.setSubject(name1); 828 assertTrue("The certificate should match the selection criteria.", 829 selector.match(cert_1)); 830 assertFalse("The certificate should not match the selection criteria.", 831 selector.match(cert_2)); 832 833 selector.setSubject(name2); 834 assertTrue("The certificate should match the selection criteria.", 835 selector.match(cert_2)); 836 } 837 838 /** 839 * getSubjectAsBytes() method testing. 840 * Tests if the method return null in the case of not specified criteria, 841 * if the returned value [does not]corresponds to [not]specified 842 */ 843 public void testGetSubjectAsBytes() throws IOException { 844 byte[] name1 = new byte[] 845 //manually obtained DER encoding of "O=First Org." issuer name; 846 {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 847 70, 105, 114, 115, 116, 32, 79, 114, 103, 46}; 848 byte[] name2 = new byte[] 849 //manually obtained DER encoding of "O=Second Org." issuer name; 850 {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 851 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46}; 852 X500Principal sub1 = new X500Principal(name1); 853 X500Principal sub2 = new X500Principal(name2); 854 X509CertSelector selector = new X509CertSelector(); 855 856 assertNull("Selector should return null", selector.getSubjectAsBytes()); 857 selector.setSubject(sub1); 858 859 assertEquals("The returned issuer should be equal to specified", 860 new X500Principal(name1), new X500Principal(selector 861 .getSubjectAsBytes())); 862 assertFalse("The returned issuer should differ", new X500Principal( 863 name2).equals(new X500Principal(selector.getSubjectAsBytes()))); 864 865 selector.setSubject(sub2); 866 assertEquals("The returned issuer should be equal to specified", 867 new X500Principal(name2), new X500Principal(selector 868 .getSubjectAsBytes())); 869 } 870 871 /** 872 * setSubjectKeyIdentifier(byte[] subjectKeyID) method testing. 873 * Tests if any certificates match in the case of null criteria, 874 * if [not]proper certificates [do not]match, and if the initialization 875 * object are copied during the initialization. 876 */ 877 public void testSetSubjectKeyIdentifier() { 878 byte[] skid1 = new byte[] {1, 2, 3, 4, 5}; // random value 879 byte[] skid2 = new byte[] {5, 4, 3, 2, 1}; // random value 880 TestCert cert_1 = new TestCert(skid1); 881 TestCert cert_2 = new TestCert(skid2); 882 X509CertSelector selector = new X509CertSelector(); 883 884 selector.setSubjectKeyIdentifier(null); 885 assertTrue("Any certificate should match in the case of null " 886 + "serialNumber criteria.", 887 selector.match(cert_1) && selector.match(cert_2)); 888 selector.setSubjectKeyIdentifier(skid1); 889 assertTrue("The certificate should match the selection criteria.", 890 selector.match(cert_1)); 891 assertFalse("The certificate should not match the selection criteria.", 892 selector.match(cert_2)); 893 selector.setSubjectKeyIdentifier(skid2); 894 skid2[0] ++; 895 assertTrue("The certificate should match the selection criteria.", 896 selector.match(cert_2)); 897 } 898 899 /** 900 * getSubjectKeyIdentifier() method testing. 901 * Tests if the method return null in the case of not specified criteria, 902 * if the returned value [does not]corresponds to [not]specified 903 * and its modification does not cause the modification of internal object. 904 */ 905 public void testGetSubjectKeyIdentifier() { 906 byte[] skid1 = new byte[] {1, 2, 3, 4, 5}; // random value 907 byte[] skid2 = new byte[] {4, 5, 5, 4, 3, 2, 1}; // random value 908 X509CertSelector selector = new X509CertSelector(); 909 910 assertNull("Selector should return null", 911 selector.getSubjectKeyIdentifier()); 912 selector.setSubjectKeyIdentifier(skid1); 913 assertTrue("The returned keyID should be equal to specified", 914 Arrays.equals(skid1, selector.getSubjectKeyIdentifier())); 915 selector.getSubjectKeyIdentifier()[0] ++; 916 assertTrue("The returned keyID should be equal to specified", 917 Arrays.equals(skid1, selector.getSubjectKeyIdentifier())); 918 assertFalse("The returned keyID should differ", 919 Arrays.equals(skid2, selector.getSubjectKeyIdentifier())); 920 } 921 922 /** 923 * setAuthorityKeyIdentifier(byte[] authorityKeyID) method testing. 924 * Tests if any certificates match in the case of null criteria, 925 * if [not]proper certificates [do not]match, and if the initialization 926 * object are copied during the initialization. 927 */ 928 public void testSetAuthorityKeyIdentifier() { 929 byte[] akid1 = new byte[] {1, 2, 3, 4, 5}; // random value 930 byte[] akid2 = new byte[] {5, 4, 3, 2, 1}; // random value 931 TestCert cert_1 = new TestCert(akid1); 932 TestCert cert_2 = new TestCert(akid2); 933 X509CertSelector selector = new X509CertSelector(); 934 935 selector.setAuthorityKeyIdentifier(null); 936 assertTrue("Any certificate should match in the case of null " 937 + "serialNumber criteria.", 938 selector.match(cert_1) && selector.match(cert_2)); 939 selector.setAuthorityKeyIdentifier(akid1); 940 assertTrue("The certificate should match the selection criteria.", 941 selector.match(cert_1)); 942 assertFalse("The certificate should not match the selection criteria.", 943 selector.match(cert_2)); 944 selector.setAuthorityKeyIdentifier(akid2); 945 akid2[0] ++; 946 assertTrue("The certificate should match the selection criteria.", 947 selector.match(cert_2)); 948 } 949 950 /** 951 * getAuthorityKeyIdentifier() method testing. 952 * Tests if the method return null in the case of not specified criteria, 953 * if the returned value [does not]corresponds to [not]specified 954 * and its modification does not cause the modification of internal object. 955 */ 956 public void testGetAuthorityKeyIdentifier() { 957 byte[] akid1 = new byte[] {4, 5, 1, 2, 3, 4, 5}; // random value 958 byte[] akid2 = new byte[] {4, 5, 5, 4, 3, 2, 1}; // random value 959 X509CertSelector selector = new X509CertSelector(); 960 961 assertNull("Selector should return null", 962 selector.getAuthorityKeyIdentifier()); 963 selector.setAuthorityKeyIdentifier(akid1); 964 assertTrue("The returned keyID should be equal to specified", 965 Arrays.equals(akid1, selector.getAuthorityKeyIdentifier())); 966 selector.getAuthorityKeyIdentifier()[0] ++; 967 assertTrue("The returned keyID should be equal to specified", 968 Arrays.equals(akid1, selector.getAuthorityKeyIdentifier())); 969 assertFalse("The returned keyID should differ", 970 Arrays.equals(akid2, selector.getAuthorityKeyIdentifier())); 971 } 972 973 /** 974 * setCertificateValid(Date certificateValid) method testing. 975 * Tests if any certificates match in the case of null criteria, 976 * if [not]proper certificates [do not]match, and if the initialization 977 * object are copied during the initialization. 978 */ 979 public void testSetCertificateValid() { 980 Date date1 = new Date(100); 981 Date date2 = new Date(200); 982 TestCert cert_1 = new TestCert(date1); 983 TestCert cert_2 = new TestCert(date2); 984 X509CertSelector selector = new X509CertSelector(); 985 986 selector.setCertificateValid(null); 987 assertTrue("Any certificate should match in the case of null " 988 + "serialNumber criteria.", 989 selector.match(cert_1) && selector.match(cert_2)); 990 selector.setCertificateValid(date1); 991 assertTrue("The certificate should match the selection criteria.", 992 selector.match(cert_1)); 993 assertFalse("The certificate should not match the selection criteria.", 994 selector.match(cert_2)); 995 selector.setCertificateValid(date2); 996 date2.setTime(300); 997 assertTrue("The certificate should match the selection criteria.", 998 selector.match(cert_2)); 999 } 1000 1001 /** 1002 * getCertificateValid() method testing. 1003 * Tests if the method return null in the case of not specified criteria, 1004 * if the returned value [does not]corresponds to [not]specified 1005 * and its modification does not cause the modification of internal object. 1006 */ 1007 public void testGetCertificateValid() { 1008 Date date1 = new Date(100); 1009 Date date2 = new Date(200); 1010 X509CertSelector selector = new X509CertSelector(); 1011 1012 assertNull("Selector should return null", 1013 selector.getCertificateValid()); 1014 selector.setCertificateValid(date1); 1015 assertTrue("The returned date should be equal to specified", 1016 date1.equals(selector.getCertificateValid())); 1017 selector.getCertificateValid().setTime(200); 1018 assertTrue("The returned date should be equal to specified", 1019 date1.equals(selector.getCertificateValid())); 1020 assertFalse("The returned date should differ", 1021 date2.equals(selector.getCertificateValid())); 1022 } 1023 1024 /** 1025 * setPrivateKeyValid(Date privateKeyValid) method testing. 1026 * Tests if any certificates match in the case of null criteria, 1027 * if [not]proper certificates [do not]match, and if the initialization 1028 * object are copied during the initialization. 1029 */ 1030 public void testSetPrivateKeyValid() { 1031 Date date1 = new Date(100000000); 1032 Date date2 = new Date(200000000); 1033 Date date3 = new Date(300000000); 1034 Date date4 = new Date(150000000); 1035 Date date5 = new Date(250000000); 1036 TestCert cert_1 = new TestCert(date1, date2); 1037 TestCert cert_2 = new TestCert(date2, date3); 1038 X509CertSelector selector = new X509CertSelector(); 1039 1040 selector.setPrivateKeyValid(null); 1041 assertTrue("Any certificate should match in the case of null " 1042 + "privateKeyValid criteria.", 1043 selector.match(cert_1) && selector.match(cert_2)); 1044 selector.setPrivateKeyValid(date4); 1045 assertTrue("The certificate should match the selection criteria.", 1046 selector.match(cert_1)); 1047 assertFalse("The certificate should not match the selection criteria.", 1048 selector.match(cert_2)); 1049 selector.setPrivateKeyValid(date5); 1050 date5.setTime(date4.getTime()); 1051 assertTrue("The certificate should match the selection criteria.", 1052 selector.match(cert_2)); 1053 } 1054 1055 /** 1056 * getPrivateKeyValid() method testing. 1057 * Tests if the method return null in the case of not specified criteria, 1058 * if the returned value [does not]corresponds to [not]specified 1059 * and its modification does not cause the modification of internal object. 1060 */ 1061 public void testGetPrivateKeyValid() { 1062 Date date1 = new Date(100); 1063 Date date2 = new Date(200); 1064 X509CertSelector selector = new X509CertSelector(); 1065 1066 assertNull("Selector should return null", 1067 selector.getPrivateKeyValid()); 1068 selector.setPrivateKeyValid(date1); 1069 assertTrue("The returned date should be equal to specified", 1070 date1.equals(selector.getPrivateKeyValid())); 1071 selector.getPrivateKeyValid().setTime(200); 1072 assertTrue("The returned date should be equal to specified", 1073 date1.equals(selector.getPrivateKeyValid())); 1074 assertFalse("The returned date should differ", 1075 date2.equals(selector.getPrivateKeyValid())); 1076 } 1077 1078 /** 1079 * setSubjectPublicKeyAlgID(String oid) method testing. 1080 * Tests if any certificates match in the case of null criteria, 1081 * if [not]proper certificates [do not]match 1082 */ 1083 public void testSetSubjectPublicKeyAlgID() throws Exception { 1084 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA (source: http://asn1.elibel.tm.fr) 1085 String pkaid2 = "1.2.840.10040.4.1"; // DSA (source: http://asn1.elibel.tm.fr) 1086 1087 PublicKey pkey1 = new TestKeyPair("RSA").getPublic(); 1088 PublicKey pkey2 = new TestKeyPair("DSA").getPublic(); 1089 1090 TestCert cert_1 = new TestCert(pkey1); 1091 TestCert cert_2 = new TestCert(pkey2); 1092 X509CertSelector selector = new X509CertSelector(); 1093 1094 selector.setSubjectPublicKeyAlgID(null); 1095 assertTrue("Any certificate should match in the case of null " 1096 + "subjectPublicKeyAlgID criteria.", selector.match(cert_1) 1097 && selector.match(cert_2)); 1098 1099 selector.setSubjectPublicKeyAlgID(pkaid1); 1100 assertTrue("The certificate should match the selection criteria.", 1101 selector.match(cert_1)); 1102 assertFalse("The certificate should not match the selection criteria.", 1103 selector.match(cert_2)); 1104 1105 selector.setSubjectPublicKeyAlgID(pkaid2); 1106 assertTrue("The certificate should match the selection criteria.", 1107 selector.match(cert_2)); 1108 } 1109 1110 /** 1111 * @tests java.security.cert.X509CertSelector#setSubjectPublicKeyAlgID(java.lang.String) 1112 */ 1113 public void test_setSubjectPublicKeyAlgIDLjava_lang_String() throws Exception { 1114 //Regression for HARMONY-465 1115 X509CertSelector obj = new X509CertSelector(); 1116 try { 1117 obj.setSubjectPublicKeyAlgID("abc"); 1118 fail("IOException expected"); 1119 } catch (IOException e) { 1120 // expected 1121 } 1122 } 1123 1124 /** 1125 * getSubjectPublicKeyAlgID() method testing. 1126 * Tests if the method return null in the case of not specified criteria, 1127 * if the returned value [does not]corresponds to [not]specified 1128 */ 1129 public void testGetSubjectPublicKeyAlgID() throws IOException { 1130 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr) 1131 String pkaid2 = "1.2.840.113549.1.1.2"; // MD2 with RSA encryption (source: http://asn1.elibel.tm.fr) 1132 X509CertSelector selector = new X509CertSelector(); 1133 1134 assertNull("Selector should return null", 1135 selector.getSubjectPublicKeyAlgID()); 1136 1137 selector.setSubjectPublicKeyAlgID(pkaid1); 1138 assertTrue("The returned oid should be equal to specified", 1139 pkaid1.equals(selector.getSubjectPublicKeyAlgID())); 1140 assertFalse("The returned oid should differ", 1141 pkaid2.equals(selector.getSubjectPublicKeyAlgID())); 1142 } 1143 1144 /** 1145 * setSubjectPublicKey(PublicKey key) method testing. 1146 * Tests if any certificates match in the case of null criteria, 1147 * if [not]proper certificates [do not]match. 1148 */ 1149 public void testSetSubjectPublicKey1() throws Exception { 1150 PublicKey pkey1 = new TestKeyPair("RSA").getPublic(); 1151 PublicKey pkey2 = new TestKeyPair("DSA").getPublic(); 1152 1153 TestCert cert_1 = new TestCert(pkey1); 1154 TestCert cert_2 = new TestCert(pkey2); 1155 X509CertSelector selector = new X509CertSelector(); 1156 1157 selector.setSubjectPublicKey((PublicKey) null); 1158 assertTrue("Any certificate should match in the case of null " 1159 + "subjectPublicKey criteria.", 1160 selector.match(cert_1) && selector.match(cert_2)); 1161 selector.setSubjectPublicKey(pkey1); 1162 assertTrue("The certificate should match the selection criteria.", 1163 selector.match(cert_1)); 1164 assertFalse("The certificate should not match the selection criteria.", 1165 selector.match(cert_2)); 1166 selector.setSubjectPublicKey(pkey2); 1167 assertTrue("The certificate should match the selection criteria.", 1168 selector.match(cert_2)); 1169 } 1170 1171 /** 1172 * getSubjectPublicKey() method testing. 1173 * Tests if the method return null in the case of not specified criteria, 1174 * if the returned value corresponds to specified 1175 */ 1176 public void testGetSubjectPublicKey1() throws Exception { 1177 1178 PublicKey pkey = new TestKeyPair("RSA").getPublic(); 1179 1180 X509CertSelector selector = new X509CertSelector(); 1181 1182 assertNull("Selector should return null", 1183 selector.getSubjectPublicKey()); 1184 selector.setSubjectPublicKey(pkey); 1185 PublicKey result = selector.getSubjectPublicKey(); 1186 1187 assertEquals("The name of algorithm should be RSA", 1188 result.getAlgorithm(), "RSA"); 1189 } 1190 1191 /** 1192 * setSubjectPublicKey(byte[] key) method testing. 1193 * Tests if any certificates match in the case of null criteria, 1194 * if [not]proper certificates [do not]match, and if the initialization 1195 * object are copied during the initialization. 1196 */ 1197 public void testSetSubjectPublicKey2() throws Exception { 1198 PublicKey pkey1 = new TestKeyPair("RSA").getPublic(); 1199 PublicKey pkey2 = new TestKeyPair("DSA").getPublic(); 1200 1201 byte[] encoding1 = pkey1.getEncoded(); 1202 byte[] encoding2 = pkey2.getEncoded(); 1203 TestCert cert_1 = new TestCert(pkey1); 1204 TestCert cert_2 = new TestCert(pkey2); 1205 X509CertSelector selector = new X509CertSelector(); 1206 1207 selector.setSubjectPublicKey((byte[]) null); 1208 assertTrue("Any certificate should match in the case of null " 1209 + "subjectPublicKey criteria.", selector.match(cert_1) 1210 && selector.match(cert_2)); 1211 1212 selector.setSubjectPublicKey(encoding1); 1213 assertTrue("The certificate should match the selection criteria.", 1214 selector.match(cert_1)); 1215 1216 encoding1[0]++; 1217 assertTrue("The certificate should match the selection criteria.", 1218 selector.match(cert_1)); 1219 assertFalse("The certificate should not match the selection criteria.", 1220 selector.match(cert_2)); 1221 1222 selector.setSubjectPublicKey(encoding2); 1223 assertTrue("The certificate should match the selection criteria.", 1224 selector.match(cert_2)); 1225 } 1226 1227 /** 1228 * getSubjectPublicKey() method testing. 1229 * Tests if the method return null in the case of not specified criteria, 1230 * if the returned value corresponds to specified 1231 */ 1232 public void testGetSubjectPublicKey2() throws Exception { 1233 1234 PublicKey pkey = new TestKeyPair("RSA").getPublic(); 1235 1236 X509CertSelector selector = new X509CertSelector(); 1237 1238 assertNull("Selector should return null", 1239 selector.getSubjectPublicKey()); 1240 1241 selector.setSubjectPublicKey(pkey.getEncoded()); 1242 1243 PublicKey result = selector.getSubjectPublicKey(); 1244 1245 assertEquals("The name of algorithm should be RSA", 1246 result.getAlgorithm(), "RSA"); 1247 } 1248 1249 /** 1250 * setKeyUsage(boolean[] keyUsage) method testing. 1251 * Tests if any certificates match in the case of null criteria, 1252 * if [not]proper certificates [do not]match, and if the initialization 1253 * object are copied during the initialization. Also checks if selector 1254 * matches the certificate which does not have a keyUsage extension. 1255 */ 1256 public void testSetKeyUsage() { 1257 boolean[] ku1 = new boolean[] 1258 {true, true, true, true, true, true, true, true, true}; 1259 // decipherOnly is disallowed 1260 boolean[] ku2 = new boolean[] 1261 {true, true, true, true, true, true, true, true, false}; 1262 TestCert cert_1 = new TestCert(ku1); 1263 TestCert cert_2 = new TestCert(ku2); 1264 TestCert cert_3 = new TestCert((boolean[]) null); 1265 X509CertSelector selector = new X509CertSelector(); 1266 1267 selector.setKeyUsage(null); 1268 assertTrue("Any certificate should match in the case of null " 1269 + "keyUsage criteria.", 1270 selector.match(cert_1) && selector.match(cert_2)); 1271 selector.setKeyUsage(ku1); 1272 assertTrue("The certificate should match the selection criteria.", 1273 selector.match(cert_1)); 1274 assertFalse("The certificate should not match the selection criteria.", 1275 selector.match(cert_2)); 1276 assertTrue("The certificate which does not have a keyUsage extension " 1277 + "implicitly allows all keyUsage values.", 1278 selector.match(cert_3)); 1279 selector.setKeyUsage(ku2); 1280 ku2[0] = !ku2[0]; 1281 assertTrue("The certificate should match the selection criteria.", 1282 selector.match(cert_2)); 1283 } 1284 1285 /** 1286 * getKeyUsage() method testing. 1287 * Tests if the method return null in the case of not specified criteria, 1288 * if the returned value [does not]corresponds to [not]specified 1289 * and its modification does not cause the modification of internal object. 1290 */ 1291 public void testGetKeyUsage() { 1292 boolean[] ku = new boolean[] 1293 {true, false, true, false, true, false, true, false, true}; 1294 X509CertSelector selector = new X509CertSelector(); 1295 1296 assertNull("Selector should return null", selector.getKeyUsage()); 1297 selector.setKeyUsage(ku); 1298 assertTrue("The returned date should be equal to specified", 1299 Arrays.equals(ku, selector.getKeyUsage())); 1300 boolean[] result = selector.getKeyUsage(); 1301 result[0] = !result[0]; 1302 assertTrue("The returned keyUsage should be equal to specified", 1303 Arrays.equals(ku, selector.getKeyUsage())); 1304 } 1305 1306 /** 1307 * setExtendedKeyUsage(Set<String> keyPurposeSet) method testing. 1308 */ 1309 public void testSetExtendedKeyUsage() throws IOException { 1310 HashSet ku1 = new HashSet(Arrays.asList(new String[] { 1311 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 1312 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 1313 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"} 1314 )); 1315 HashSet ku2 = new HashSet(Arrays.asList(new String[] { 1316 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 1317 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 1318 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6"})); 1319 TestCert cert_1 = new TestCert(ku1); 1320 TestCert cert_2 = new TestCert(ku2); 1321 TestCert cert_3 = new TestCert((Set) null); 1322 X509CertSelector selector = new X509CertSelector(); 1323 1324 selector.setExtendedKeyUsage(null); 1325 assertTrue("Any certificate should match in the case of null " 1326 + "extendedKeyUsage criteria.", selector.match(cert_1) 1327 && selector.match(cert_2)); 1328 1329 selector.setExtendedKeyUsage(ku1); 1330 assertTrue("The certificate should match the selection criteria.", 1331 selector.match(cert_1)); 1332 assertFalse("The certificate should not match the selection criteria.", 1333 selector.match(cert_2)); 1334 assertTrue("The certificate which does not have a keyUsage extension " 1335 + "implicitly allows all keyUsage values.", selector 1336 .match(cert_3)); 1337 ku1.remove("1.3.6.1.5.5.7.3.7"); // remove the missing in ku2 keyUsage 1338 assertFalse("The modification of initialization object " 1339 + "should not affect the modification of internal object.", 1340 selector.match(cert_2)); 1341 1342 selector.setExtendedKeyUsage(ku2); 1343 assertTrue("The certificate should match the selection criteria.", 1344 selector.match(cert_2)); 1345 } 1346 1347 /** 1348 * getExtendedKeyUsage() method testing. 1349 */ 1350 public void testGetExtendedKeyUsage() { 1351 HashSet ku = new HashSet(Arrays.asList(new String[] { 1352 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 1353 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 1354 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"} 1355 )); 1356 X509CertSelector selector = new X509CertSelector(); 1357 1358 assertNull("Selector should return null", 1359 selector.getExtendedKeyUsage()); 1360 try { 1361 selector.setExtendedKeyUsage(ku); 1362 } catch (IOException e) { 1363 e.printStackTrace(); 1364 fail("Unexpected IOException was thrown."); 1365 } 1366 assertTrue("The returned extendedKeyUsage should be equal to specified", 1367 ku.equals(selector.getExtendedKeyUsage())); 1368 try { 1369 selector.getExtendedKeyUsage().add("KRIBLE-GRABLI"); 1370 fail("The returned Set should be immutable."); 1371 } catch (UnsupportedOperationException e) { 1372 } 1373 } 1374 1375 /** 1376 * setSubjectAlternativeNames(Collection<List<?>> names) method testing. 1377 */ 1378 public void testSetSubjectAlternativeNames() { 1379 try { 1380 GeneralName san0 = 1381 new GeneralName(new OtherName("1.2.3.4.5", 1382 new byte[] {1, 2, 0, 1})); 1383 GeneralName san1 = new GeneralName(1, "rfc@822.Name"); 1384 GeneralName san2 = new GeneralName(2, "dNSName"); 1385 GeneralName san3 = new GeneralName(new ORAddress()); 1386 GeneralName san4 = new GeneralName(new Name("O=Organization")); 1387 GeneralName san5 = 1388 new GeneralName(new EDIPartyName("assigner", "party")); 1389 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 1390 GeneralName san7 = new GeneralName(7, "1.1.1.1"); 1391 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 1392 1393 GeneralNames sans_1 = new GeneralNames(); 1394 sans_1.addName(san0); 1395 sans_1.addName(san1); 1396 sans_1.addName(san2); 1397 sans_1.addName(san3); 1398 sans_1.addName(san4); 1399 sans_1.addName(san5); 1400 sans_1.addName(san6); 1401 sans_1.addName(san7); 1402 sans_1.addName(san8); 1403 GeneralNames sans_2 = new GeneralNames(); 1404 sans_2.addName(san0); 1405 1406 TestCert cert_1 = new TestCert(sans_1); 1407 TestCert cert_2 = new TestCert(sans_2); 1408 X509CertSelector selector = new X509CertSelector(); 1409 selector.setMatchAllSubjectAltNames(true); 1410 1411 selector.setSubjectAlternativeNames(null); 1412 assertTrue("Any certificate should match in the case of null " 1413 + "subjectAlternativeNames criteria.", 1414 selector.match(cert_1) && selector.match(cert_2)); 1415 1416 Collection sans = sans_1.getPairsList(); 1417 selector.setSubjectAlternativeNames(sans); 1418 assertTrue("The certificate should match the selection criteria.", 1419 selector.match(cert_1)); 1420 assertFalse("The certificate should not match " 1421 + "the selection criteria.", selector.match(cert_2)); 1422 sans.clear(); 1423 assertTrue("The modification of initialization object " 1424 + "should not affect the modification " 1425 + "of internal object.", selector.match(cert_1)); 1426 selector.setSubjectAlternativeNames(sans_2.getPairsList()); 1427 assertTrue("The certificate should match the selection criteria.", 1428 selector.match(cert_2)); 1429 } catch (IOException e) { 1430 e.printStackTrace(); 1431 fail("Unexpected IOException was thrown."); 1432 } 1433 } 1434 1435 /** 1436 * addSubjectAlternativeName(int type, String name) method testing. 1437 */ 1438 public void testAddSubjectAlternativeName1() throws IOException { 1439 String name1 = "rfc@822.Name"; 1440 String name2 = "dNSName"; 1441 String name4 = "O=Organization"; 1442 String name6 = "http://uniform.Resource.Id"; 1443 String name7 = "255.255.255.0"; 1444 String name8 = "1.2.3.4444.55555"; 1445 1446 GeneralName san1 = new GeneralName(1, name1); 1447 GeneralName san2 = new GeneralName(2, name2); 1448 GeneralName san4 = new GeneralName(4, name4); 1449 GeneralName san6 = new GeneralName(6, name6); 1450 GeneralName san7 = new GeneralName(7, name7); 1451 GeneralName san8 = new GeneralName(8, name8); 1452 1453 GeneralNames sans_1 = new GeneralNames(); 1454 sans_1.addName(san1); 1455 sans_1.addName(san2); 1456 sans_1.addName(san4); 1457 sans_1.addName(san6); 1458 sans_1.addName(san7); 1459 sans_1.addName(san8); 1460 GeneralNames sans_2 = new GeneralNames(); 1461 sans_2.addName(san1); 1462 sans_2.addName(san2); 1463 1464 TestCert cert_1 = new TestCert(sans_1); 1465 TestCert cert_2 = new TestCert(sans_2); 1466 X509CertSelector selector = new X509CertSelector(); 1467 selector.setMatchAllSubjectAltNames(true); 1468 1469 try { 1470 selector.addSubjectAlternativeName(1, name1); 1471 } catch (IOException e) { 1472 e.printStackTrace(); 1473 fail("Unexpected IOException was thrown."); 1474 } 1475 assertTrue("The certificate should match the selection criteria.", 1476 selector.match(cert_1)); 1477 assertTrue("The certificate should match the selection criteria.", 1478 selector.match(cert_2)); 1479 1480 try { 1481 selector.addSubjectAlternativeName(2, name2); 1482 } catch (IOException e) { 1483 e.printStackTrace(); 1484 fail("Unexpected IOException was thrown."); 1485 } 1486 assertTrue("The certificate should match the selection criteria.", 1487 selector.match(cert_1)); 1488 assertTrue("The certificate should match the selection criteria.", 1489 selector.match(cert_2)); 1490 1491 try { 1492 selector.addSubjectAlternativeName(4, name4); 1493 } catch (IOException e) { 1494 e.printStackTrace(); 1495 fail("Unexpected IOException was thrown."); 1496 } 1497 assertTrue("The certificate should match the selection criteria.", 1498 selector.match(cert_1)); 1499 assertFalse("The certificate should not match the selection criteria.", 1500 selector.match(cert_2)); 1501 try { 1502 selector.addSubjectAlternativeName(6, name6); 1503 selector.addSubjectAlternativeName(7, name7); 1504 selector.addSubjectAlternativeName(8, name8); 1505 } catch (IOException e) { 1506 e.printStackTrace(); 1507 fail("Unexpected IOException was thrown."); 1508 } 1509 assertTrue("The certificate should match the selection criteria.", 1510 selector.match(cert_1)); 1511 assertFalse("The certificate should not match the selection criteria.", 1512 selector.match(cert_2)); 1513 } 1514 1515 /** 1516 * addSubjectAlternativeName(int type, byte[] name) method testing. 1517 */ 1518 public void testAddSubjectAlternativeName2() { 1519 try { 1520 GeneralName san0 = 1521 new GeneralName(new OtherName("1.2.3.4.5", 1522 ASN1Integer.getInstance().encode( 1523 BigInteger.valueOf(55L).toByteArray()) 1524 )); 1525 GeneralName san1 = new GeneralName(1, "rfc@822.Name"); 1526 GeneralName san2 = new GeneralName(2, "dNSName"); 1527 GeneralName san3 = new GeneralName(new ORAddress()); 1528 GeneralName san4 = new GeneralName(new Name("O=Organization")); 1529 GeneralName san5 = 1530 new GeneralName(new EDIPartyName("assigner", "party")); 1531 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 1532 GeneralName san7 = new GeneralName(new byte[] {1, 1, 1, 1}); 1533 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 1534 1535 GeneralNames sans_1 = new GeneralNames(); 1536 sans_1.addName(san0); 1537 sans_1.addName(san1); 1538 sans_1.addName(san2); 1539 sans_1.addName(san3); 1540 sans_1.addName(san4); 1541 sans_1.addName(san5); 1542 sans_1.addName(san6); 1543 sans_1.addName(san7); 1544 sans_1.addName(san8); 1545 GeneralNames sans_2 = new GeneralNames(); 1546 sans_2.addName(san0); 1547 sans_2.addName(san1); 1548 sans_2.addName(san2); 1549 1550 TestCert cert_1 = new TestCert(sans_1); 1551 TestCert cert_2 = new TestCert(sans_2); 1552 X509CertSelector selector = new X509CertSelector(); 1553 selector.setMatchAllSubjectAltNames(true); 1554 1555 selector.addSubjectAlternativeName(0, san0.getEncodedName()); 1556 assertTrue("The certificate should match the selection criteria.", 1557 selector.match(cert_1)); 1558 assertTrue("The certificate should match the selection criteria.", 1559 selector.match(cert_2)); 1560 selector.addSubjectAlternativeName(1, san1.getEncodedName()); 1561 assertTrue("The certificate should match the selection criteria.", 1562 selector.match(cert_1)); 1563 assertTrue("The certificate should match the selection criteria.", 1564 selector.match(cert_2)); 1565 selector.addSubjectAlternativeName(2, san2.getEncodedName()); 1566 assertTrue("The certificate should match the selection criteria.", 1567 selector.match(cert_1)); 1568 assertTrue("The certificate should match the selection criteria.", 1569 selector.match(cert_2)); 1570 selector.addSubjectAlternativeName(3, san3.getEncodedName()); 1571 assertTrue("The certificate should match the selection criteria.", 1572 selector.match(cert_1)); 1573 assertFalse("The certificate should not match the selection criteria.", 1574 selector.match(cert_2)); 1575 selector.addSubjectAlternativeName(4, san4.getEncodedName()); 1576 assertTrue("The certificate should match the selection criteria.", 1577 selector.match(cert_1)); 1578 assertFalse("The certificate should not match " 1579 + "the selection criteria.", selector.match(cert_2)); 1580 selector.addSubjectAlternativeName(5, san5.getEncodedName()); 1581 assertTrue("The certificate should match the selection criteria.", 1582 selector.match(cert_1)); 1583 assertFalse("The certificate should not match " 1584 + "the selection criteria.", selector.match(cert_2)); 1585 selector.addSubjectAlternativeName(6, san6.getEncodedName()); 1586 assertTrue("The certificate should match the selection criteria.", 1587 selector.match(cert_1)); 1588 assertFalse("The certificate should not match " 1589 + "the selection criteria.", selector.match(cert_2)); 1590 selector.addSubjectAlternativeName(7, san7.getEncodedName()); 1591 assertTrue("The certificate should match the selection criteria.", 1592 selector.match(cert_1)); 1593 assertFalse("The certificate should not match " 1594 + "the selection criteria.", selector.match(cert_2)); 1595 byte[] oid = san8.getEncodedName(); 1596 selector.addSubjectAlternativeName(8, oid); 1597 assertTrue("The certificate should match the selection criteria.", 1598 selector.match(cert_1)); 1599 assertFalse("The certificate should not match " 1600 + "the selection criteria.", selector.match(cert_2)); 1601 oid[3] += 1; 1602 assertTrue("The byte array should be cloned to protect against " 1603 + "subsequent modifications.", selector.match(cert_1)); 1604 } catch (IOException e) { 1605 e.printStackTrace(); 1606 fail("Unexpected IOException was thrown."); 1607 } 1608 } 1609 1610 /** 1611 * getSubjectAlternativeNames() method testing. 1612 */ 1613 public void testGetSubjectAlternativeNames() { 1614 try { 1615 GeneralName san1 = new GeneralName(1, "rfc@822.Name"); 1616 GeneralName san2 = new GeneralName(2, "dNSName"); 1617 1618 GeneralNames sans = new GeneralNames(); 1619 sans.addName(san1); 1620 sans.addName(san2); 1621 1622 TestCert cert_1 = new TestCert(sans); 1623 X509CertSelector selector = new X509CertSelector(); 1624 1625 assertNull("Selector should return null", 1626 selector.getSubjectAlternativeNames()); 1627 1628 selector.setSubjectAlternativeNames(sans.getPairsList()); 1629 assertTrue("The certificate should match the selection criteria.", 1630 selector.match(cert_1)); 1631 selector.getSubjectAlternativeNames().clear(); 1632 assertTrue("The modification of initialization object " 1633 + "should not affect the modification " 1634 + "of internal object.", selector.match(cert_1)); 1635 } catch (IOException e) { 1636 e.printStackTrace(); 1637 fail("Unexpected IOException was thrown."); 1638 } 1639 } 1640 1641 /** 1642 * setMatchAllSubjectAltNames(boolean matchAllNames) method testing. 1643 */ 1644 public void testSetMatchAllSubjectAltNames() { 1645 try { 1646 GeneralName san1 = new GeneralName(1, "rfc@822.Name"); 1647 GeneralName san2 = new GeneralName(2, "dNSName"); 1648 1649 GeneralNames sans_1 = new GeneralNames(); 1650 sans_1.addName(san1); 1651 GeneralNames sans_2 = new GeneralNames(); 1652 sans_2.addName(san1); 1653 sans_2.addName(san2); 1654 1655 TestCert cert = new TestCert(sans_1); 1656 X509CertSelector selector = new X509CertSelector(); 1657 selector.setMatchAllSubjectAltNames(true); 1658 1659 selector.setSubjectAlternativeNames(sans_2.getPairsList()); 1660 assertFalse("Only certificate which contain all of the specified " 1661 + "subject alternative names should match.", 1662 selector.match(cert)); 1663 selector.setMatchAllSubjectAltNames(false); 1664 /* 1665 assertTrue("The certificate which contain at least one of the " 1666 + "specified subject alternative names must match.", 1667 selector.match(cert)); 1668 */ 1669 } catch (IOException e) { 1670 e.printStackTrace(); 1671 fail("Unexpected IOException was thrown."); 1672 } 1673 } 1674 1675 /** 1676 * getMatchAllSubjectAltNames() method testing. 1677 */ 1678 public void testGetMatchAllSubjectAltNames() { 1679 X509CertSelector selector = new X509CertSelector(); 1680 assertTrue("The matchAllNames initially should be true", 1681 selector.getMatchAllSubjectAltNames()); 1682 selector.setMatchAllSubjectAltNames(false); 1683 assertFalse("The value should be false", 1684 selector.getMatchAllSubjectAltNames()); 1685 } 1686 1687 /** 1688 * setNameConstraints(byte[] bytes) method testing. 1689 * Constructs the NameConstraints DER structure with 1690 * GeneralNames of types: 1, 2, 6, 7 and set it as a criterion. 1691 */ 1692 public void testSetNameConstraints0() throws IOException { 1693 // Restrictions apply only when the specified name form is present. 1694 // If no name of the type is in the certificate, 1695 // the certificate is acceptable (rfc 3280). 1696 1697 GeneralName [] name_constraints = new GeneralName[] { 1698 new GeneralName(1, "822.Name"), 1699 new GeneralName(1, "rfc@822.Name"), 1700 new GeneralName(2, "Name.org"), 1701 new GeneralName(2, "dNS.Name.org"), 1702 //new GeneralName(4, "O=Organization"), 1703 new GeneralName(6, "http://.Resource.Id"), 1704 new GeneralName(6, "http://uniform.Resource.Id"), 1705 new GeneralName(7, "1.1.1.1"), 1706 // new GeneralName(7, new byte[] {1, 1, 1, 1, 3, 3, 3, 3}), 1707 new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1, 1708 1, 1, 1, 1, 1, 1, 1, 1}), 1709 // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1, 1710 // 1, 1, 1, 1, 1, 1, 1, 1, 1711 // 3, 3, 3, 3, 3, 3, 3, 3, 1712 // 3, 3, 3, 3, 3, 3, 3, 3}) 1713 }; 1714 1715 // names which should match divided from names which should not 1716 // match by null 1717 GeneralName[][] alternative_names = new GeneralName[][] { 1718 { 1719 new GeneralName(1, "rfc@822.Name"), 1720 null, 1721 new GeneralName(1, "rfc@Other.Name") 1722 }, { 1723 new GeneralName(1, "rfc@822.Name"), 1724 null, 1725 new GeneralName(1, "rfc@Other.Name") 1726 }, { 1727 new GeneralName(2, "Name.org"), 1728 new GeneralName(2, "dNS.Name.org"), 1729 null, 1730 new GeneralName(2, "dNS.OtherName.org") 1731 }, { 1732 new GeneralName(2, "dNS.Name.org"), 1733 null, 1734 new GeneralName(2, "Name.org"), 1735 new GeneralName(2, "dNS.OtherName.org") 1736 }, { 1737 1738 // new GeneralName(4, "O=Organization"), 1739 // null, 1740 // new GeneralName(4, "O=OtherOrganization") 1741 //}, { 1742 1743 new GeneralName(6, "http://uniform.Resource.Id/location"), 1744 null, 1745 //new GeneralName(6, "http://Resource.Id") 1746 }, { 1747 new GeneralName(6, "http://uniform.Resource.Id"), 1748 null, 1749 new GeneralName(6, "http://Resource.Id") 1750 }, { 1751 new GeneralName(new byte[] {1, 1, 1, 1}), 1752 null, 1753 new GeneralName(new byte[] {2, 2, 2, 2}) 1754 // }, { 1755 // new GeneralName(7, new byte[] {1, 1, 1, 1}), 1756 // new GeneralName(7, new byte[] {2, 2, 2, 2}), 1757 // new GeneralName(7, new byte[] {3, 3, 3, 3}), 1758 // null, 1759 // new GeneralName(7, new byte[] {4, 4, 4, 4}) 1760 }, { 1761 new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1, 1762 1, 1, 1, 1, 1, 1, 1, 1}), 1763 null, 1764 new GeneralName(new byte[] {2, 2, 2, 2, 2, 2, 2, 2, 1765 2, 2, 2, 2, 2, 2, 2, 2}), 1766 // }, { 1767 // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1, 1768 // 1, 1, 1, 1, 1, 1, 1, 1}), 1769 // new GeneralName(7, new byte[] {2, 2, 2, 2, 2, 2, 2, 2, 1770 // 2, 2, 2, 2, 2, 2, 2, 2}), 1771 // new GeneralName(7, new byte[] {3, 3, 3, 3, 3, 3, 3, 3, 1772 // 3, 3, 3, 3, 3, 3, 3, 3}), 1773 // null, 1774 // new GeneralName(7, new byte[] {4, 4, 4, 4, 4, 4, 4, 4, 1775 // 4, 4, 4, 4, 4, 4, 4, 4}), 1776 } 1777 }; 1778 1779 X509CertSelector selector = new X509CertSelector(); 1780 String subject = "O=Organization"; 1781 X500Principal x500Subject = new X500Principal(subject); 1782 try { 1783 Name nameSubject = new Name(subject); 1784 for (int i=0; i<name_constraints.length; i++) { 1785 // make the subtrees (part of name constraints) 1786 // this subtrees will be used as permited and as excluded 1787 GeneralSubtree subtree = 1788 new GeneralSubtree(name_constraints[i]); 1789 GeneralSubtrees subtrees = new GeneralSubtrees(); 1790 NameConstraints constraints; 1791 subtrees.addSubtree(subtree); 1792 // start the checking for each alt. name corresponding 1793 // to current name_constraints[i] 1794 boolean check_matching = true; 1795 for (int j=0; j<alternative_names[i].length; j++) { 1796 GeneralNames alt_names_extension = new GeneralNames(); 1797 if (alternative_names[i][j] == null) { 1798 // double trick: turn the switch and check that the 1799 // restrictions apply only when the specified name 1800 // form is presented. If no name of the type is in the 1801 // certificate, the certificate is acceptable. 1802 check_matching = false; 1803 } else { 1804 alt_names_extension.addName(alternative_names[i][j]); 1805 } 1806 TestCert certificate = new TestCert(alt_names_extension); 1807 certificate.setSubject(x500Subject); 1808 certificate.setEncoding(getCertEncoding(nameSubject, 1809 alt_names_extension)); 1810 // first check if permited name match 1811 constraints = new NameConstraints(subtrees, null); 1812 selector.setNameConstraints(constraints.getEncoded()); 1813 boolean expected = check_matching 1814 || (alternative_names[i][j] == null); 1815 assertTrue("The method match() for:\n " 1816 + alternative_names[i][j] 1817 + "\nand permited name\n " 1818 + name_constraints[i] 1819 + "\nshould return: "+expected, 1820 selector.match(certificate) == expected); 1821 // second check if excluded name does not match 1822 constraints = (check_matching) 1823 // check for 'Any name matching a 1824 // restriction in the excludedSubtrees 1825 // field is invalid regardless of 1826 // information appearing in the 1827 // permittedSubtrees'. 1828 ? new NameConstraints(subtrees, subtrees) 1829 : new NameConstraints(null, subtrees); 1830 selector.setNameConstraints(constraints.getEncoded()); 1831 expected = !check_matching 1832 || (alternative_names[i][j] == null); 1833 assertTrue("The method match() for:\n " 1834 + alternative_names[i][j] 1835 + "\nand excluded name\n " 1836 + name_constraints[i] 1837 + "\nshould return: "+expected, 1838 selector.match(certificate) == expected); 1839 } 1840 } 1841 } catch (IOException e) { 1842 e.printStackTrace(); 1843 fail("Unexpected IOException was thrown."); 1844 } 1845 } 1846 1847 /** 1848 * setNameConstraints(byte[] bytes) method testing. 1849 * Constructs the NameConstraints DER structure with 1850 * GeneralNames of types: 1, 2, 6, 7 and set it as a criterion. 1851 */ 1852 public void testSetNameConstraints1() throws IOException { 1853 1854 GeneralName [] name_constraints = new GeneralName[] { 1855 new GeneralName(1, "822.Name"), 1856 new GeneralName(1, "rfc@822.Name"), 1857 new GeneralName(2, "Name.org"), 1858 new GeneralName(2, "dNS.Name.org"), 1859 new GeneralName(6, "http://.Resource.Id"), 1860 new GeneralName(6, "http://uniform.Resource.Id"), 1861 new GeneralName(7, "1.1.1.1"), 1862 new GeneralName(7, "1.1.1.1/3.3.3.3"), 1863 new GeneralName(7, "0101:0101:0101:0101:0101:0101:0101:0101"), 1864 new GeneralName(7, "0101:0101:0101:0101:0101:0101:0101:0101" 1865 + "/0303:0303:0303:0303:0303:0303:0303:0303"), 1866 }; 1867 1868 // Names which should match divided from names which should not 1869 // match by null. 1870 // Restrictions apply only when the specified name form is present. 1871 // If no name of the type is in the certificate, the certificate 1872 // is acceptable (rfc 3280). This assertion is checked during processing 1873 // of null GeneralName object (it also serves as separator). 1874 GeneralName[][] alternative_names = new GeneralName[][] { 1875 { 1876 new GeneralName(1, "rfc@822.Name"), 1877 null, 1878 new GeneralName(1, "rfc@Other.Name") 1879 }, { 1880 new GeneralName(1, "rfc@822.Name"), 1881 null, 1882 new GeneralName(1, "rfc@Other.Name") 1883 }, { 1884 new GeneralName(2, "Name.org"), 1885 new GeneralName(2, "dNS.Name.org"), 1886 null, 1887 new GeneralName(2, "dNS.OtherName.org") 1888 }, { 1889 new GeneralName(2, "dNS.Name.org"), 1890 null, 1891 new GeneralName(2, "Name.org"), 1892 new GeneralName(2, "dNS.OtherName.org") 1893 }, { 1894 1895 new GeneralName(6, "http://uniform.Resource.Id/location"), 1896 null, 1897 new GeneralName(6, "http://Resource.Id") 1898 }, { 1899 new GeneralName(6, "http://uniform.Resource.Id"), 1900 null, 1901 new GeneralName(6, "http://Resource.Id") 1902 }, { 1903 new GeneralName(new byte[] {1, 1, 1, 1}), 1904 null, 1905 new GeneralName(new byte[] {2, 2, 2, 2}) 1906 }, { 1907 new GeneralName(new byte[] {1, 1, 1, 1}), 1908 new GeneralName(new byte[] {2, 2, 2, 2}), 1909 new GeneralName(new byte[] {3, 3, 3, 3}), 1910 null, 1911 new GeneralName(new byte[] {4, 4, 4, 4}) 1912 }, { 1913 new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1, 1914 1, 1, 1, 1, 1, 1, 1, 1}), 1915 null, 1916 new GeneralName(new byte[] {2, 2, 2, 2, 2, 2, 2, 2, 1917 2, 2, 2, 2, 2, 2, 2, 2}), 1918 }, { 1919 new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1, 1920 1, 1, 1, 1, 1, 1, 1, 1}), 1921 new GeneralName(new byte[] {2, 2, 2, 2, 2, 2, 2, 2, 1922 2, 2, 2, 2, 2, 2, 2, 2}), 1923 new GeneralName(new byte[] {3, 3, 3, 3, 3, 3, 3, 3, 1924 3, 3, 3, 3, 3, 3, 3, 3}), 1925 null, 1926 new GeneralName(new byte[] {4, 4, 4, 4, 4, 4, 4, 4, 1927 4, 4, 4, 4, 4, 4, 4, 4}), 1928 } 1929 }; 1930 1931 X509CertSelector selector = new X509CertSelector(); 1932 String subject = "O=Organization"; 1933 X500Principal x500Subject = new X500Principal(subject); 1934 try { 1935 Name nameSubject = new Name(subject); 1936 for (int i=0; i<name_constraints.length; i++) { 1937 // make the subtrees (part of name constraints) 1938 // this subtrees will be used as permited and as excluded 1939 GeneralSubtree subtree = 1940 new GeneralSubtree(name_constraints[i]); 1941 GeneralSubtrees subtrees = new GeneralSubtrees(); 1942 NameConstraints constraints; 1943 subtrees.addSubtree(subtree); 1944 // start the checking for each alt. name corresponding 1945 // to current name_constraints[i] 1946 boolean check_matching = true; 1947 for (int j=0; j<alternative_names[i].length; j++) { 1948 GeneralNames alt_names_extension = new GeneralNames(); 1949 if (alternative_names[i][j] == null) { 1950 // double trick: turn the switch and check that the 1951 // restrictions apply only when the specified name 1952 // form is presented. If no name of the type is in the 1953 // certificate, the certificate is acceptable. 1954 check_matching = false; 1955 } else { 1956 alt_names_extension.addName(alternative_names[i][j]); 1957 } 1958 TestCert certificate = new TestCert(alt_names_extension); 1959 certificate.setSubject(x500Subject); 1960 certificate.setEncoding(getCertEncoding(nameSubject, 1961 alt_names_extension)); 1962 // first check if permited name match 1963 constraints = new NameConstraints(subtrees, null); 1964 selector.setNameConstraints(constraints.getEncoded()); 1965 boolean expected = check_matching 1966 || (alternative_names[i][j] == null); 1967 assertTrue("The method match() for:\n " 1968 + alternative_names[i][j] 1969 + "\nand permited name\n " 1970 + name_constraints[i] 1971 + "\nshould return: "+expected, 1972 selector.match(certificate) == expected); 1973 // second check if excluded name does not match 1974 constraints = (check_matching) 1975 // check for 'Any name matching a 1976 // restriction in the excludedSubtrees 1977 // field is invalid regardless of 1978 // information appearing in the 1979 // permittedSubtrees'. 1980 ? new NameConstraints(subtrees, subtrees) 1981 : new NameConstraints(null, subtrees); 1982 selector.setNameConstraints(constraints.getEncoded()); 1983 expected = !check_matching 1984 || (alternative_names[i][j] == null); 1985 assertTrue("The method match() for:\n " 1986 + alternative_names[i][j] 1987 + "\nand excluded name\n " 1988 + name_constraints[i] 1989 + "\nshould return: "+expected, 1990 selector.match(certificate) == expected); 1991 } 1992 } 1993 } catch (IOException e) { 1994 e.printStackTrace(); 1995 fail("Unexpected IOException was thrown."); 1996 } 1997 } 1998 1999 /** 2000 * setNameConstraints(byte[] bytes) method testing. 2001 * Constructs the different NameConstraints DER structures with 2002 * GeneralNames of type 4 and checks if the different certificates 2003 * matches or does not. 2004 */ 2005 public void testSetNameConstraints2() { 2006 // As specified in rfc 3280: 2007 // 2008 // Restrictions apply only when the specified name form is present. 2009 // If no name of the type is in the certificate, 2010 // the certificate is acceptable. 2011 // 2012 // Restrictions of the form directoryName MUST be applied to the 2013 // subject field in the certificate and to the subjectAltName 2014 // extensions of type directoryName. 2015 // 2016 // According to p. 4.1.2.4 comparing the encoded forms of the names. 2017 2018 String[][] variants = new String[][] { 2019 // subject Alternative Presented name Absent name 2020 // name name perm(t)/excl(f) perm(f)/excl(t) 2021 {"O=Org", "O=Org", "O=Org", "O=Org2"}, 2022 {"O=Org", "O=Org1", "O=Org", "O=Org2"}, 2023 {"O=Org1", "O=Org", "O=Org", "O=Org2"}, 2024 }; 2025 2026 X509CertSelector selector = new X509CertSelector(); 2027 try { 2028 for (int i=0; i<variants.length; i++) { 2029 // make the names objects 2030 X500Principal subject = new X500Principal(variants[i][0]); 2031 Name subject_name = new Name(variants[i][0]); 2032 GeneralName alt_name = new GeneralName(4, variants[i][1]); 2033 // make the certificate to be checked 2034 GeneralNames alt_names_extension = new GeneralNames(); 2035 alt_names_extension.addName(alt_name); 2036 TestCert certificate = new TestCert(alt_names_extension); 2037 certificate.setSubject(subject); 2038 certificate.setEncoding(getCertEncoding(subject_name, 2039 alt_names_extension)); 2040 // make the subtrees (part of name constraints) 2041 // this subtrees will be used as permited and as excluded 2042 // name which is presented in certificate: 2043 GeneralSubtrees pos_subtrees = new GeneralSubtrees(); 2044 pos_subtrees.addSubtree( 2045 new GeneralSubtree( 2046 new GeneralName(4, variants[i][2]))); 2047 // name which is absent in certificate: 2048 GeneralSubtrees neg_subtrees = new GeneralSubtrees(); 2049 neg_subtrees.addSubtree( 2050 new GeneralSubtree( 2051 new GeneralName(4, variants[i][3]))); 2052 2053 NameConstraints constraints; 2054 // Work with name which is presented in certificate 2055 // first check if certificate with permited name matches: 2056 constraints = new NameConstraints(pos_subtrees, null); 2057 selector.setNameConstraints(constraints.getEncoded()); 2058 assertTrue("The method match() for certificate " 2059 + "with subject:\n " 2060 + variants[i][0] 2061 + "\nand with alternative name:\n " 2062 + variants[i][1] 2063 + "\nand permited name\n " 2064 + variants[i][2] 2065 + "\nshould return true", 2066 selector.match(certificate)); 2067 // second check if certificate with excluded name doesn't match: 2068 constraints = new NameConstraints(pos_subtrees, pos_subtrees); 2069 selector.setNameConstraints(constraints.getEncoded()); 2070 assertTrue("The method match() for certificate " 2071 + "with subject:\n " 2072 + variants[i][0] 2073 + "\nand with alternative name:\n " 2074 + variants[i][1] 2075 + "\nand excluded name\n " 2076 + variants[i][2] 2077 + "\nshould return false", 2078 !selector.match(certificate)); 2079 // Work with name which is not presented in certificate 2080 // first check if the certificate without permited name 2081 // does not match: 2082 constraints = new NameConstraints(neg_subtrees, null); 2083 selector.setNameConstraints(constraints.getEncoded()); 2084 assertTrue("The method match() for certificate " 2085 + "with subject:\n " 2086 + variants[i][0] 2087 + "\nand with alternative name:\n " 2088 + variants[i][1] 2089 + "\nand permited name\n " 2090 + variants[i][3] 2091 + "\nshould return false", 2092 !selector.match(certificate)); 2093 // second check if certificate without excluded name matches: 2094 constraints = new NameConstraints(neg_subtrees, neg_subtrees); 2095 selector.setNameConstraints(constraints.getEncoded()); 2096 assertTrue("The method match() for certificate " 2097 + "with subject:\n " 2098 + variants[i][0] 2099 + "\nand with alternative name:\n " 2100 + variants[i][1] 2101 + "\nand excluded name\n " 2102 + variants[i][3] 2103 + "\nshould return false", 2104 !selector.match(certificate)); 2105 } 2106 } catch (IOException e) { 2107 e.printStackTrace(); 2108 fail("Unexpected IOException was thrown."); 2109 } 2110 } 2111 2112 /** 2113 * Constructs the encoded form of certificate with specified subject field 2114 * of TBSCertificate and specified alternative names. 2115 */ 2116 private byte[] getCertEncoding(Name subject, GeneralNames subjectAltNames) 2117 throws IOException { 2118 // make the TBSCertificate for Certificate 2119 int version = 2; //v3 2120 BigInteger serialNumber = BigInteger.valueOf(555L); 2121 AlgorithmIdentifier signature = new AlgorithmIdentifier("1.2.3.44.555"); 2122 Name issuer = new Name("O=Certificate Issuer"); 2123 Validity validity = new Validity(new Date(100000000), 2124 new Date(200000000)); 2125 SubjectPublicKeyInfo subjectPublicKeyInfo = 2126 new SubjectPublicKeyInfo( 2127 new AlgorithmIdentifier("1.2.840.113549.1.1.2"), 2128 new byte[10]); 2129 boolean[] issuerUniqueID = new boolean[] 2130 {true, false, true, false, true, false, true, false}; 2131 boolean[] subjectUniqueID = new boolean[] 2132 {false, true, false, true, false, true, false, true}; 2133 2134 Extension extension = new Extension("2.5.29.17", 2135 true, subjectAltNames.getEncoded()); 2136 Extensions extensions = new Extensions(); 2137 extensions.addExtension(extension); 2138 2139 TBSCertificate tbsCertificate = new TBSCertificate(version, 2140 serialNumber, signature, issuer, validity, subject, 2141 subjectPublicKeyInfo, issuerUniqueID, subjectUniqueID, 2142 extensions); 2143 2144 // make the Certificate 2145 org.apache.harmony.security.x509.Certificate certificate = 2146 new org.apache.harmony.security.x509.Certificate 2147 (tbsCertificate, signature, new byte[10]); 2148 2149 return certificate.getEncoded(); 2150 } 2151 2152 /** 2153 * getNameConstraints() method testing. 2154 */ 2155 public void testGetNameConstraints() { 2156 } 2157 2158 /** 2159 * setBasicConstraints(int minMaxPathLen) method testing. 2160 */ 2161 public void testSetBasicConstraints() { 2162 try { 2163 new X509CertSelector().setBasicConstraints(-3); 2164 fail("IllegalArgumentException should be thrown."); 2165 } catch (IllegalArgumentException e) { 2166 } 2167 2168 int plen1 = 2; 2169 int plen2 = -1; 2170 TestCert cert_1 = new TestCert(plen1); 2171 TestCert cert_2 = new TestCert(plen2); 2172 X509CertSelector selector = new X509CertSelector(); 2173 2174 selector.setBasicConstraints(-1); 2175 assertTrue("Any certificate should match in the case of -1 " 2176 + "pathLen criteria.", 2177 selector.match(cert_1) && selector.match(cert_2)); 2178 selector.setBasicConstraints(plen1); 2179 assertTrue("The certificate should match the selection criteria.", 2180 selector.match(cert_1)); 2181 assertFalse("The certificate should not match the selection criteria.", 2182 selector.match(cert_2)); 2183 selector.setBasicConstraints(plen2); 2184 assertTrue("The certificate should match the selection criteria.", 2185 selector.match(cert_2)); 2186 } 2187 2188 /** 2189 * getBasicConstraints() method testing. 2190 */ 2191 public void testGetBasicConstraints() { 2192 int plen1 = 2; 2193 int plen2 = -1; 2194 X509CertSelector selector = new X509CertSelector(); 2195 2196 assertEquals("Selector should return -1", 2197 selector.getBasicConstraints(), -1); 2198 selector.setBasicConstraints(plen1); 2199 assertEquals("The returned value should be equal to specified", 2200 plen1, selector.getBasicConstraints()); 2201 assertFalse("The returned value should differ", 2202 plen2 == selector.getBasicConstraints()); 2203 } 2204 2205 /** 2206 * setPolicy(Set<String> certPolicySet) method testing. 2207 */ 2208 public void testSetPolicy() { 2209 String[] policies_1 = new String[] { 2210 "0.0.0.0.0.0", 2211 "1.1.1.1.1.1", 2212 }; 2213 String[] policies_2 = new String[] { 2214 "0.0.0.0.0.0", 2215 "1.1.1.1.1.1", 2216 "2.2.2.2.2.2" 2217 }; 2218 String[] policies_3 = new String[] { 2219 "2.2.2.2.2.2" 2220 }; 2221 String[] policies_4 = new String[] {}; 2222 X509CertSelector selector = new X509CertSelector(); 2223 HashSet set = new HashSet(Arrays.asList(policies_1)); 2224 try { 2225 selector.setPolicy(set); 2226 } catch (IOException e) { 2227 e.printStackTrace(); 2228 fail("Unexpected IOException was thrown."); 2229 } 2230 TestCert cert_1 = new TestCert(policies_1); 2231 TestCert cert_2 = new TestCert(policies_2); 2232 TestCert cert_3 = new TestCert(policies_3); 2233 TestCert cert_4 = new TestCert(policies_4); 2234 assertTrue("The certificate should match the specified criteria", 2235 selector.match(cert_1)); 2236 assertTrue("The certificate should match the specified criteria", 2237 selector.match(cert_2)); 2238 assertFalse("The certificate should not match the specified criteria", 2239 selector.match(cert_3)); 2240 assertFalse("The certificate should not match the specified criteria", 2241 selector.match(cert_4)); 2242 set.add("2.2.2.2.2.2"); 2243 assertFalse("The modification of the set should not cause the " 2244 + "modification of internal object", 2245 selector.match(cert_3)); 2246 set = new HashSet(); 2247 try { 2248 selector.setPolicy(set); 2249 } catch (IOException e) { 2250 e.printStackTrace(); 2251 fail("Unexpected IOException was thrown."); 2252 } 2253 assertTrue("The certificate should match the specified criteria", 2254 selector.match(cert_1)); 2255 assertTrue("The certificate should match the specified criteria", 2256 selector.match(cert_2)); 2257 assertTrue("The certificate should match the specified criteria", 2258 selector.match(cert_3)); 2259 assertFalse("The certificate should not match the specified criteria", 2260 selector.match(cert_4)); 2261 set.add("2.2.2.2.2.2"); 2262 try { 2263 selector.setPolicy(set); 2264 } catch (IOException e) { 2265 e.printStackTrace(); 2266 fail("Unexpected IOException was thrown."); 2267 } 2268 assertFalse("The certificate should not match the specified criteria", 2269 selector.match(cert_1)); 2270 assertTrue("The certificate should match the specified criteria", 2271 selector.match(cert_2)); 2272 assertTrue("The certificate should match the specified criteria", 2273 selector.match(cert_3)); 2274 assertFalse("The certificate should not match the specified criteria", 2275 selector.match(cert_4)); 2276 } 2277 2278 /** 2279 * getPolicy() method testing. 2280 */ 2281 public void testGetPolicy() { 2282 String[] policies = new String[] { 2283 "0.0.0.0.0.0", 2284 "1.1.1.1.1.1", 2285 "2.2.2.2.2.2" 2286 }; 2287 X509CertSelector selector = new X509CertSelector(); 2288 HashSet set = new HashSet(Arrays.asList(policies)); 2289 try { 2290 selector.setPolicy(set); 2291 } catch (IOException e) { 2292 e.printStackTrace(); 2293 fail("Unexpected IOException was thrown."); 2294 } 2295 Set result = selector.getPolicy(); 2296 try { 2297 result.remove(policies[0]); 2298 fail("An immutable set should be returned."); 2299 } catch (UnsupportedOperationException e) { 2300 } 2301 if (result.size() != 3) { 2302 fail("The size of returned set differs from specified."); 2303 } 2304 for (int i=0; i<policies.length; i++) { 2305 if (!result.contains(policies[i])) { 2306 fail("The set does not have specified policy."); 2307 } 2308 } 2309 } 2310 2311 /** 2312 * setPathToNames(Collection<List<?>> names) method testing. 2313 */ 2314 public void testSetPathToNames() { 2315 try { 2316 GeneralName[] names = new GeneralName[] { 2317 new GeneralName(1, "rfc@822.Name"), 2318 new GeneralName(1, "rfc@822.AnotherName"), 2319 new GeneralName(2, "dNSName"), 2320 new GeneralName(2, "AnotherdNSName"), 2321 new GeneralName(4, "O=Organization"), 2322 new GeneralName(4, "O=Another Organization"), 2323 new GeneralName(6, "http://uniform.Resource.Id"), 2324 new GeneralName(6, "http://another.uniform.Resource.Id"), 2325 new GeneralName(7, "1.1.1.1"), 2326 new GeneralName(7, "2.2.2.2") 2327 }; 2328 2329 X509CertSelector selector = new X509CertSelector(); 2330 2331 TestCert cert; 2332 GeneralSubtrees subtrees; 2333 NameConstraints constraints; 2334 for (int i=0; i<names.length; i+=2) { 2335 // Set up the pathToNames criterion 2336 ArrayList pathToNames = new ArrayList(); 2337 pathToNames.add(names[i].getAsList()); 2338 selector.setPathToNames(pathToNames); 2339 2340 // Construct the subtrees without the current name 2341 subtrees = new GeneralSubtrees(); 2342 for (int j=0; j<names.length; j++) { 2343 if (i != j && i+1 != j) { 2344 subtrees.addSubtree(new GeneralSubtree(names[j])); 2345 } 2346 } 2347 constraints = new NameConstraints(subtrees, null); 2348 cert = new TestCert(constraints); 2349 assertTrue("The Name Constraints Extension of the " 2350 + "certificate does not contain the names " 2351 + "of such type so method match() should " 2352 + "return true.", selector.match(cert)); 2353 2354 constraints = new NameConstraints(subtrees, subtrees); 2355 cert = new TestCert(constraints); 2356 assertTrue("The Name Constraints Extension of the " 2357 + "certificate does not contain the names " 2358 + "of such type so method match() should " 2359 + "return true.", selector.match(cert)); 2360 2361 constraints = new NameConstraints(null, subtrees); 2362 cert = new TestCert(constraints); 2363 assertTrue("The Name Constraints Extension of the " 2364 + "certificate does not contain the names " 2365 + "of such type so method match() should " 2366 + "return true.", selector.match(cert)); 2367 2368 subtrees.addSubtree(new GeneralSubtree(names[i+1])); 2369 2370 constraints = new NameConstraints(subtrees, null); 2371 cert = new TestCert(constraints); 2372 assertFalse("The Name Constraints Extension of the " 2373 + "certificate does not contain the name " 2374 + "as a permitted name so method match() " 2375 + "should return false", selector.match(cert)); 2376 2377 constraints = new NameConstraints(subtrees, subtrees); 2378 cert = new TestCert(constraints); 2379 assertFalse("The Name Constraints Extension of the " 2380 + "certificate does not contain the name " 2381 + "as an excluded name but it does not " 2382 + "contain this name as a permitted so match()" 2383 + "should return false", selector.match(cert)); 2384 2385 constraints = new NameConstraints(null, subtrees); 2386 cert = new TestCert(constraints); 2387 assertTrue("The Name Constraints Extension of the " 2388 + "certificate does not contain the name " 2389 + "as an excluded name so method match() " 2390 + "should return true", selector.match(cert)); 2391 2392 subtrees.addSubtree(new GeneralSubtree(names[i])); 2393 2394 constraints = new NameConstraints(subtrees, null); 2395 cert = new TestCert(constraints); 2396 assertTrue("The Name Constraints Extension of the " 2397 + "certificate contains the name " 2398 + "as a permitted name so method match() " 2399 + "should return true", selector.match(cert)); 2400 2401 constraints = new NameConstraints(subtrees, subtrees); 2402 cert = new TestCert(constraints); 2403 assertFalse("The Name Constraints Extension of the " 2404 + "certificate contains the name " 2405 + "as an excluded name so method match() " 2406 + "should return false", selector.match(cert)); 2407 2408 constraints = new NameConstraints(null, subtrees); 2409 cert = new TestCert(constraints); 2410 assertFalse("The Name Constraints Extension of the " 2411 + "certificate contains the name " 2412 + "as an excluded name so method match() " 2413 + "should return false", selector.match(cert)); 2414 2415 pathToNames.clear(); 2416 assertFalse("The modification of initialization parameter " 2417 + "should not cause the modification of " 2418 + "internal object ", selector.match(cert)); 2419 } 2420 } catch (IOException e) { 2421 e.printStackTrace(); 2422 fail("Unexpected IOException was thrown."); 2423 } 2424 } 2425 2426 /** 2427 * addPathToName(int type, String name) method testing. 2428 */ 2429 public void testAddPathToName1() { 2430 try { 2431 int[] types = new int[] {1, 1, 2, 2, 4, 4, 6, 6, 7, 7}; 2432 String[] names = new String[] { 2433 "rfc@822.Name", 2434 "rfc@822.AnotherName", 2435 "dNSName", 2436 "AnotherdNSName", 2437 "O=Organization", 2438 "O=Another Organization", 2439 "http://uniform.Resource.Id", 2440 "http://another.uniform.Resource.Id", 2441 "1.1.1.1", 2442 "2.2.2.2" 2443 }; 2444 2445 X509CertSelector selector = new X509CertSelector(); 2446 2447 TestCert cert; 2448 GeneralSubtrees subtrees; 2449 NameConstraints constraints; 2450 for (int i=0; i<names.length-2; i+=2) { 2451 // Set up the pathToNames criterion 2452 selector.addPathToName(types[i], names[i]); 2453 2454 // Construct the subtrees without the current name 2455 subtrees = new GeneralSubtrees(); 2456 for (int j=i+2; j<names.length; j++) { 2457 if (i != j && i+1 != j) { 2458 subtrees.addSubtree( 2459 new GeneralSubtree( 2460 new GeneralName(types[j], names[j]))); 2461 } 2462 } 2463 constraints = new NameConstraints(subtrees, null); 2464 cert = new TestCert(constraints); 2465 assertTrue("The Name Constraints Extension of the " 2466 + "certificate does not contain the names " 2467 + "of such type so method match() should " 2468 + "return true.", selector.match(cert)); 2469 2470 constraints = new NameConstraints(subtrees, subtrees); 2471 cert = new TestCert(constraints); 2472 assertTrue("The Name Constraints Extension of the " 2473 + "certificate does not contain the names " 2474 + "of such type so method match() should " 2475 + "return true.", selector.match(cert)); 2476 2477 constraints = new NameConstraints(null, subtrees); 2478 cert = new TestCert(constraints); 2479 assertTrue("The Name Constraints Extension of the " 2480 + "certificate does not contain the names " 2481 + "of such type so method match() should " 2482 + "return true.", selector.match(cert)); 2483 2484 subtrees.addSubtree( 2485 new GeneralSubtree( 2486 new GeneralName(types[i+1], names[i+1]))); 2487 2488 constraints = new NameConstraints(subtrees, null); 2489 cert = new TestCert(constraints); 2490 assertFalse("The Name Constraints Extension of the " 2491 + "certificate does not contain the name " 2492 + "as a permitted name so method match() " 2493 + "should return false", selector.match(cert)); 2494 2495 constraints = new NameConstraints(subtrees, subtrees); 2496 cert = new TestCert(constraints); 2497 assertFalse("The Name Constraints Extension of the " 2498 + "certificate does not contain the name " 2499 + "as an excluded name but it does not " 2500 + "contain this name as a permitted so match()" 2501 + "should return false", selector.match(cert)); 2502 2503 constraints = new NameConstraints(null, subtrees); 2504 cert = new TestCert(constraints); 2505 assertTrue("The Name Constraints Extension of the " 2506 + "certificate does not contain the name " 2507 + "as an excluded name so method match() " 2508 + "should return true", selector.match(cert)); 2509 2510 subtrees.addSubtree( 2511 new GeneralSubtree( 2512 new GeneralName(types[i], names[i]))); 2513 2514 constraints = new NameConstraints(subtrees, null); 2515 cert = new TestCert(constraints); 2516 assertTrue("The Name Constraints Extension of the " 2517 + "certificate contains the name " 2518 + "as a permitted name so method match() " 2519 + "should return true", selector.match(cert)); 2520 2521 constraints = new NameConstraints(subtrees, subtrees); 2522 cert = new TestCert(constraints); 2523 assertFalse("The Name Constraints Extension of the " 2524 + "certificate contains the name " 2525 + "as an excluded name so method match() " 2526 + "should return false", selector.match(cert)); 2527 2528 constraints = new NameConstraints(null, subtrees); 2529 cert = new TestCert(constraints); 2530 assertFalse("The Name Constraints Extension of the " 2531 + "certificate contains the name " 2532 + "as an excluded name so method match() " 2533 + "should return false", selector.match(cert)); 2534 } 2535 } catch (IOException e) { 2536 e.printStackTrace(); 2537 fail("Unexpected IOException was thrown."); 2538 } 2539 } 2540 2541 /** 2542 * addPathToName(int type, byte[] name) method testing. 2543 */ 2544 public void testAddPathToName2() { 2545 try { 2546 int[] types = new int[] {1, 1, 2, 2, 4, 4, 6, 6, 7, 7}; 2547 byte[][] names = new byte[][] { 2548 new GeneralName(1, "rfc@822.Name").getEncodedName(), 2549 new GeneralName(1, "rfc@822.AnotherName").getEncodedName(), 2550 new GeneralName(2, "dNSName").getEncodedName(), 2551 new GeneralName(2, "AnotherdNSName").getEncodedName(), 2552 new GeneralName(4, "O=Organization").getEncodedName(), 2553 new GeneralName(4, "O=Another Organization").getEncodedName(), 2554 new GeneralName(6, "http://uniform.Resource.Id") 2555 .getEncodedName(), 2556 new GeneralName(6, "http://another.uniform.Resource.Id") 2557 .getEncodedName(), 2558 new GeneralName(7, "1.1.1.1").getEncodedName(), 2559 new GeneralName(7, "2.2.2.2").getEncodedName() 2560 }; 2561 2562 X509CertSelector selector = new X509CertSelector(); 2563 2564 TestCert cert; 2565 GeneralSubtrees subtrees; 2566 NameConstraints constraints; 2567 for (int i=0; i<names.length-2; i+=2) { 2568 // Set up the pathToNames criterion 2569 selector.addPathToName(types[i], names[i]); 2570 2571 // Construct the subtrees without the current name 2572 subtrees = new GeneralSubtrees(); 2573 for (int j=i+2; j<names.length; j++) { 2574 if (i != j && i+1 != j) { 2575 subtrees.addSubtree( 2576 new GeneralSubtree( 2577 new GeneralName(types[j], names[j]))); 2578 } 2579 } 2580 constraints = new NameConstraints(subtrees, null); 2581 cert = new TestCert(constraints); 2582 assertTrue("The Name Constraints Extension of the " 2583 + "certificate does not contain the names " 2584 + "of such type so method match() should " 2585 + "return true.", selector.match(cert)); 2586 2587 constraints = new NameConstraints(subtrees, subtrees); 2588 cert = new TestCert(constraints); 2589 assertTrue("The Name Constraints Extension of the " 2590 + "certificate does not contain the names " 2591 + "of such type so method match() should " 2592 + "return true.", selector.match(cert)); 2593 2594 constraints = new NameConstraints(null, subtrees); 2595 cert = new TestCert(constraints); 2596 assertTrue("The Name Constraints Extension of the " 2597 + "certificate does not contain the names " 2598 + "of such type so method match() should " 2599 + "return true.", selector.match(cert)); 2600 2601 subtrees.addSubtree( 2602 new GeneralSubtree( 2603 new GeneralName(types[i+1], names[i+1]))); 2604 2605 constraints = new NameConstraints(subtrees, null); 2606 cert = new TestCert(constraints); 2607 assertFalse("The Name Constraints Extension of the " 2608 + "certificate does not contain the name " 2609 + "as a permitted name so method match() " 2610 + "should return false", selector.match(cert)); 2611 2612 constraints = new NameConstraints(subtrees, subtrees); 2613 cert = new TestCert(constraints); 2614 assertFalse("The Name Constraints Extension of the " 2615 + "certificate does not contain the name " 2616 + "as an excluded name but it does not " 2617 + "contain this name as a permitted so match()" 2618 + "should return false", selector.match(cert)); 2619 2620 constraints = new NameConstraints(null, subtrees); 2621 cert = new TestCert(constraints); 2622 assertTrue("The Name Constraints Extension of the " 2623 + "certificate does not contain the name " 2624 + "as an excluded name so method match() " 2625 + "should return true", selector.match(cert)); 2626 2627 subtrees.addSubtree( 2628 new GeneralSubtree( 2629 new GeneralName(types[i], names[i]))); 2630 2631 constraints = new NameConstraints(subtrees, null); 2632 cert = new TestCert(constraints); 2633 assertTrue("The Name Constraints Extension of the " 2634 + "certificate contains the name " 2635 + "as a permitted name so method match() " 2636 + "should return true", selector.match(cert)); 2637 2638 constraints = new NameConstraints(subtrees, subtrees); 2639 cert = new TestCert(constraints); 2640 assertFalse("The Name Constraints Extension of the " 2641 + "certificate contains the name " 2642 + "as an excluded name so method match() " 2643 + "should return false", selector.match(cert)); 2644 2645 constraints = new NameConstraints(null, subtrees); 2646 cert = new TestCert(constraints); 2647 assertFalse("The Name Constraints Extension of the " 2648 + "certificate contains the name " 2649 + "as an excluded name so method match() " 2650 + "should return false", selector.match(cert)); 2651 } 2652 } catch (IOException e) { 2653 e.printStackTrace(); 2654 fail("Unexpected IOException was thrown."); 2655 } 2656 } 2657 2658 /** 2659 * getPathToNames() method testing. 2660 */ 2661 public void testGetPathToNames() { 2662 try { 2663 byte[] encoding = 2664 new GeneralName(1, "rfc@822.Name").getEncodedName(); 2665 2666 X509CertSelector selector = new X509CertSelector(); 2667 2668 selector.addPathToName(1, encoding); 2669 encoding[0]++; 2670 Collection coll = selector.getPathToNames(); 2671 Iterator it = coll.iterator(); 2672 List list = (List) it.next(); 2673 Object result = list.get(1); 2674 if ((result instanceof byte[]) 2675 && (encoding[0] == ((byte[])result)[0])) { 2676 fail("Deep copy should be performed on pathToNames."); 2677 } 2678 } catch (IOException e) { 2679 e.printStackTrace(); 2680 fail("Unexpected IOException was thrown."); 2681 } 2682 } 2683 2684 /** 2685 * toString() method testing. 2686 */ 2687 public void testToString() throws Exception { 2688 BigInteger serial = new BigInteger("10000"); 2689 X500Principal issuer = new X500Principal("O=Issuer Org."); 2690 X500Principal subject = new X500Principal("O=Subject Org."); 2691 byte[] subject_auth_KeyID = new byte[] {1, 2, 3, 4, 5}; 2692 Date certValid = new Date(2000000000); 2693 Date[] privateKeyValid = new Date[] { 2694 new Date(100000000L), 2695 new Date(200000000L), 2696 new Date(300000000L) 2697 }; 2698 String pkAlgID = "1.2.840.113549.1.1.4"; // MD5 with RSA encryption (source: http://asn1.elibel.tm.fr) 2699 PublicKey pkey; 2700 2701 pkey = new TestKeyPair("RSA").getPublic(); 2702 2703 boolean[] keyUsage = new boolean[] 2704 {true, true, true, true, true, true, true, true, false}; 2705 // OID values was taken from rfc 3280 2706 HashSet extKeyUsage = new HashSet(Arrays.asList(new String[] { 2707 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 2708 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 2709 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"} 2710 )); 2711 GeneralNames subjectAltNames = new GeneralNames(Arrays.asList( 2712 new GeneralName[] { 2713 new GeneralName(1, "rfc@822.Name"), 2714 new GeneralName(2, "dNSName"), 2715 new GeneralName(6, "http://uniform.Resource.Id"), 2716 new GeneralName(7, "1.1.1.1") 2717 } 2718 )); 2719 String[] policies = new String[] { 2720 "0.0.0.0.0.0", 2721 "1.1.1.1.1.1", 2722 }; 2723 TestCert cert = new TestCert("certificate equality criteria"); 2724 2725 X509CertSelector selector = new X509CertSelector(); 2726 selector.setCertificate(cert); 2727 selector.setSerialNumber(serial); 2728 selector.setIssuer(issuer); 2729 selector.setSubject(subject); 2730 selector.setSubjectKeyIdentifier(subject_auth_KeyID); 2731 selector.setAuthorityKeyIdentifier(subject_auth_KeyID); 2732 selector.setCertificateValid(certValid); 2733 selector.setPrivateKeyValid(privateKeyValid[1]); 2734 selector.setSubjectPublicKey(pkey); 2735 selector.setSubjectPublicKeyAlgID(pkAlgID); 2736 selector.setKeyUsage(keyUsage); 2737 selector.setExtendedKeyUsage(extKeyUsage); 2738 selector.setSubjectAlternativeNames(subjectAltNames.getPairsList()); 2739 selector.setMatchAllSubjectAltNames(true); 2740 selector.setPolicy(new HashSet(Arrays.asList(policies))); 2741 2742 assertNotNull("The result should not be null.", 2743 selector.toString()); 2744 } 2745 2746 /** 2747 * match(Certificate cert) method testing. 2748 * Tests if the null object matches to the selector or does not, 2749 * and if the certificate conforming to the multiple matching criteria 2750 * matches or does not.. 2751 */ 2752 public void testMatch() throws Exception { 2753 BigInteger serial = new BigInteger("10000"); 2754 X500Principal issuer = new X500Principal("O=Issuer Org."); 2755 X500Principal subject = new X500Principal("O=Subject Org."); 2756 byte[] subject_auth_KeyID = new byte[] {1, 2, 3, 4, 5}; // random value 2757 Date certValid = new Date(2000000000); 2758 Date[] privateKeyValid = new Date[] { 2759 new Date(100000000L), 2760 new Date(200000000L), 2761 new Date(300000000L) 2762 }; 2763 String pkAlgID = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr) 2764 PublicKey pkey; 2765 2766 pkey = new TestKeyPair("RSA").getPublic(); 2767 2768 boolean[] keyUsage = new boolean[] 2769 {true, true, true, true, true, true, true, true, false}; 2770 // OID values was taken from rfc 3280 2771 HashSet extKeyUsage = new HashSet(Arrays.asList(new String[] { 2772 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 2773 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 2774 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"} 2775 )); 2776 GeneralNames subjectAltNames = new GeneralNames(Arrays.asList( 2777 new GeneralName[] { 2778 new GeneralName(1, "rfc@822.Name"), 2779 new GeneralName(2, "dNSName"), 2780 new GeneralName(6, "http://uniform.Resource.Id"), 2781 new GeneralName(7, "1.1.1.1") 2782 } 2783 )); 2784 String[] policies = new String[] { 2785 "0.0.0.0.0.0", 2786 "1.1.1.1.1.1", 2787 }; 2788 2789 TestCert cert = new TestCert("certificate equality criteria"); 2790 cert.setSerialNumber(serial); 2791 cert.setIssuer(issuer); 2792 cert.setSubject(subject); 2793 cert.setKeyIdentifier(subject_auth_KeyID); 2794 cert.setDate(certValid); 2795 cert.setPeriod(privateKeyValid[0], privateKeyValid[2]); 2796 cert.setPublicKey(pkey); 2797 cert.setKeyUsage(keyUsage); 2798 cert.setExtendedKeyUsage(extKeyUsage); 2799 cert.setSubjectAlternativeNames(subjectAltNames); 2800 cert.setPolicies(policies); 2801 2802 X509CertSelector selector = new X509CertSelector(); 2803 selector.setCertificate(cert); 2804 selector.setSerialNumber(serial); 2805 selector.setIssuer(issuer); 2806 selector.setSubject(subject); 2807 selector.setSubjectKeyIdentifier(subject_auth_KeyID); 2808 selector.setAuthorityKeyIdentifier(subject_auth_KeyID); 2809 selector.setCertificateValid(certValid); 2810 selector.setPrivateKeyValid(privateKeyValid[1]); 2811 selector.setSubjectPublicKey(pkey); 2812 selector.setSubjectPublicKeyAlgID(pkAlgID); 2813 selector.setKeyUsage(keyUsage); 2814 selector.setExtendedKeyUsage(extKeyUsage); 2815 selector.setSubjectAlternativeNames(subjectAltNames.getPairsList()); 2816 selector.setMatchAllSubjectAltNames(true); 2817 selector.setPolicy(new HashSet(Arrays.asList(policies))); 2818 2819 assertFalse("The null object should not match", 2820 selector.match((X509Certificate) null)); 2821 assertTrue("The certificate should match the selector", 2822 selector.match(cert)); 2823 } 2824 2825 /** 2826 * @tests java.security.cert.X509CertSelector#match(java.security.cert.Certificate) 2827 */ 2828 public void test_matchLjava_security_cert_Certificate() { 2829 2830 // Regression for HARMONY-186 2831 TestCert cert = new TestCert(); 2832 cert.setKeyUsage(new boolean[] { true, false, true, false, false, 2833 false, false, false, false }); 2834 2835 X509CertSelector certSelector = new X509CertSelector(); 2836 2837 certSelector.setKeyUsage(new boolean[] { true, false, true }); 2838 assertTrue("Assert 1: ", certSelector.match(cert)); 2839 2840 certSelector.setKeyUsage(new boolean[] { true, true, true }); 2841 assertFalse("Assert 2: ", certSelector.match(cert)); 2842 } 2843 2844 /** 2845 * clone() method testing. 2846 */ 2847 public void testClone() throws Exception { 2848 BigInteger serial = new BigInteger("10000"); 2849 X500Principal issuer = new X500Principal("O=Issuer Org."); 2850 X500Principal subject = new X500Principal("O=Subject Org."); 2851 byte[] subject_auth_KeyID = new byte[] {1, 2, 3, 4, 5}; // random value 2852 Date certValid = new Date(2000000000); 2853 Date[] privateKeyValid = new Date[] { 2854 new Date(100000000L), 2855 new Date(200000000L), 2856 new Date(300000000L) 2857 }; 2858 String pkAlgID = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr) 2859 PublicKey pkey; 2860 2861 pkey = new TestKeyPair("RSA").getPublic(); 2862 2863 boolean[] keyUsage = new boolean[] 2864 {true, true, true, true, true, true, true, true, false}; 2865 // OID values was taken from rfc 3280 2866 HashSet extKeyUsage = new HashSet(Arrays.asList(new String[] { 2867 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 2868 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 2869 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"} 2870 )); 2871 GeneralNames subjectAltNames = new GeneralNames(Arrays.asList( 2872 new GeneralName[] { 2873 new GeneralName(1, "rfc@822.Name"), 2874 new GeneralName(2, "dNSName"), 2875 new GeneralName(6, "http://uniform.Resource.Id"), 2876 new GeneralName(7, "1.1.1.1") 2877 } 2878 )); 2879 String[] policies = new String[] { 2880 "0.0.0.0.0.0", 2881 "1.1.1.1.1.1", 2882 }; 2883 2884 TestCert cert = new TestCert("certificate equality criteria"); 2885 cert.setSerialNumber(serial); 2886 cert.setIssuer(issuer); 2887 cert.setSubject(subject); 2888 cert.setKeyIdentifier(subject_auth_KeyID); 2889 cert.setDate(certValid); 2890 cert.setPeriod(privateKeyValid[0], privateKeyValid[2]); 2891 cert.setPublicKey(pkey); 2892 cert.setKeyUsage(keyUsage); 2893 cert.setExtendedKeyUsage(extKeyUsage); 2894 cert.setSubjectAlternativeNames(subjectAltNames); 2895 cert.setPolicies(policies); 2896 2897 X509CertSelector selector = new X509CertSelector(); 2898 selector.setCertificate(cert); 2899 selector.setSerialNumber(serial); 2900 selector.setIssuer(issuer); 2901 selector.setSubject(subject); 2902 selector.setSubjectKeyIdentifier(subject_auth_KeyID); 2903 selector.setAuthorityKeyIdentifier(subject_auth_KeyID); 2904 selector.setCertificateValid(certValid); 2905 selector.setPrivateKeyValid(privateKeyValid[1]); 2906 selector.setSubjectPublicKey(pkey); 2907 selector.setSubjectPublicKeyAlgID(pkAlgID); 2908 selector.setKeyUsage(keyUsage); 2909 selector.setExtendedKeyUsage(extKeyUsage); 2910 selector.setSubjectAlternativeNames(subjectAltNames.getPairsList()); 2911 selector.setMatchAllSubjectAltNames(true); 2912 selector.setPolicy(new HashSet(Arrays.asList(policies))); 2913 2914 assertTrue("The certificate should match the selector", 2915 ((X509CertSelector)selector.clone()).match(cert)); 2916 } 2917 2918 2919 public static Test suite() { 2920 return new TestSuite(X509CertSelectorTest.class); 2921 } 2922 2923} 2924