/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * @author Alexander Y. Kleymenov */ package java.security.cert; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Principal; import java.security.PublicKey; import java.security.SignatureException; import java.security.cert.CRLException; import java.security.cert.X509CRLEntry; import java.util.ArrayList; import java.util.Collection; import java.util.Date; import java.util.Set; import javax.security.auth.x500.X500Principal; import org.apache.harmony.security.asn1.ASN1Integer; import org.apache.harmony.security.asn1.ASN1OctetString; import junit.framework.Test; import junit.framework.TestCase; import junit.framework.TestSuite; /** */ public class X509CRLSelectorTest extends TestCase { /** * The abstract class stub implementation. */ private class TestCRL extends X509CRL { private X500Principal principal = null; private BigInteger crlNumber = null; private Date thisUpdate = null; private Date nextUpdate = null; public TestCRL(X500Principal principal) { this.principal = principal; } public TestCRL(Date thisUpdate, Date nextUpdate) { setUpdateDates(thisUpdate, nextUpdate); } public TestCRL(BigInteger crlNumber) { setCrlNumber(crlNumber); } public void setUpdateDates(Date thisUpdate, Date nextUpdate) { this.thisUpdate = thisUpdate; this.nextUpdate = nextUpdate; } public void setCrlNumber(BigInteger crlNumber) { this.crlNumber = crlNumber; } public X500Principal getIssuerX500Principal() { return principal; } public String toString() { return null; } public boolean isRevoked(Certificate cert) { return true; } public Set getNonCriticalExtensionOIDs() { return null; } public Set getCriticalExtensionOIDs() { return null; } public byte[] getExtensionValue(String oid) { if ("2.5.29.20".equals(oid) && (crlNumber != null)) { return ASN1OctetString.getInstance().encode( ASN1Integer.getInstance().encode( crlNumber.toByteArray())); } return null; } public boolean hasUnsupportedCriticalExtension() { return false; } public byte[] getEncoded() { return null; } public void verify(PublicKey key) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { } public void verify(PublicKey key, String sigProvider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { } public int getVersion() { return 2; } public Principal getIssuerDN() { return null; } public Date getThisUpdate() { return thisUpdate; } public Date getNextUpdate() { return nextUpdate; } public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { return null; } public Set getRevokedCertificates() { return null; } public byte[] getTBSCertList() { return null; } public byte[] getSignature() { return null; } public String getSigAlgName() { return null; } public String getSigAlgOID() { return null; } public byte[] getSigAlgParams() { return null; } } /** * setIssuers(Collection issuers) method testing. * Tests if CRLs with any issuers match the selector in the case of * null issuerNames criteria, if specified issuers match the selector, * and if not specified issuer does not match the selector. */ public void testSetIssuers() { X509CRLSelector selector = new X509CRLSelector(); X500Principal iss1 = new X500Principal("O=First Org."); X500Principal iss2 = new X500Principal("O=Second Org."); X500Principal iss3 = new X500Principal("O=Third Org."); TestCRL crl1 = new TestCRL(iss1); TestCRL crl2 = new TestCRL(iss2); TestCRL crl3 = new TestCRL(iss3); selector.setIssuers(null); assertTrue("Any CRL issuers should match in the case of null issuers.", selector.match(crl1) && selector.match(crl2)); ArrayList issuers = new ArrayList(2); issuers.add(iss1); issuers.add(iss2); selector.setIssuers(issuers); assertTrue("The CRL should match the selection criteria.", selector.match(crl1) && selector.match(crl2)); assertFalse("The CRL should not match the selection criteria.", selector.match(crl3)); issuers.add(iss3); assertFalse("The internal issuer collection is not protected " + "against the modifications.", selector.match(crl3)); } /** * setIssuerNames(Collection names) method testing. * Tests if CRLs with any issuers match the selector in the case of * null issuerNames criteria, if specified issuers match the selector, * if not specified issuer does not match the selector, and if the * internal collection of issuer names is copied during initialization. */ public void testSetIssuerNames() { X509CRLSelector selector = new X509CRLSelector(); String iss1 = "O=First Org."; byte[] iss2 = new byte[] //manually obtained DER encoding of "O=Second Org." issuer name; {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46}; String iss3 = "O=Third Org."; TestCRL crl1 = new TestCRL(new X500Principal(iss1)); TestCRL crl2 = new TestCRL(new X500Principal(iss2)); TestCRL crl3 = new TestCRL(new X500Principal(iss3)); try { selector.setIssuerNames(null); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertTrue("Any CRL issuers should match in the case of null issuers.", selector.match(crl1) && selector.match(crl2)); ArrayList issuers = new ArrayList(2); issuers.add(iss1); issuers.add(iss2); try { selector.setIssuerNames(issuers); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertTrue("The CRL should match the selection criteria.", selector.match(crl1) && selector.match(crl2)); assertFalse("The CRL should not match the selection criteria.", selector.match(crl3)); issuers.add(iss3); assertFalse("The internal issuer collection is not protected " + "against the modifications.", selector.match(crl3)); } /** * addIssuer(X500Principal issuer) method testing. * Tests if CRLs with specified issuers match the selector, * and if not specified issuer does not match the selector. */ public void testAddIssuer() { X509CRLSelector selector = new X509CRLSelector(); X500Principal iss1 = new X500Principal("O=First Org."); X500Principal iss2 = new X500Principal("O=Second Org."); TestCRL crl1 = new TestCRL(iss1); TestCRL crl2 = new TestCRL(iss2); selector.addIssuer(iss1); assertTrue("The CRL should match the selection criteria.", selector.match(crl1)); assertFalse("The CRL should not match the selection criteria.", selector.match(crl2)); selector.addIssuer(iss2); assertTrue("The CRL should match the selection criteria.", selector.match(crl2)); } /** * addIssuerName(String name) method testing. * Tests if CRLs with specified issuers match the selector, * and if not specified issuer does not match the selector. */ public void testAddIssuerName1() { X509CRLSelector selector = new X509CRLSelector(); String iss1 = "O=First Org."; String iss2 = "O=Second Org."; TestCRL crl1 = new TestCRL(new X500Principal(iss1)); TestCRL crl2 = new TestCRL(new X500Principal(iss2)); try { selector.addIssuerName(iss1); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertTrue("The CRL should match the selection criteria.", selector.match(crl1)); assertFalse("The CRL should not match the selection criteria.", selector.match(crl2)); try { selector.addIssuerName(iss2); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertTrue("The CRL should match the selection criteria.", selector.match(crl2)); } /** * addIssuerName(byte[] name) method testing. * Tests if CRLs with specified issuers match the selector, * and if not specified issuer does not match the selector. */ public void testAddIssuerName2() { X509CRLSelector selector = new X509CRLSelector(); byte[] iss1 = new byte[] //manually obtained DER encoding of "O=First Org." issuer name; {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 116, 32, 79, 114, 103, 46}; byte[] iss2 = new byte[] //manually obtained DER encoding of "O=Second Org." issuer name; {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46}; TestCRL crl1 = new TestCRL(new X500Principal(iss1)); TestCRL crl2 = new TestCRL(new X500Principal(iss2)); try { selector.addIssuerName(iss1); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertTrue("The CRL should match the selection criteria.", selector.match(crl1)); assertFalse("The CRL should not match the selection criteria.", selector.match(crl2)); try { selector.addIssuerName(iss2); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertTrue("The CRL should match the selection criteria.", selector.match(crl2)); } /** * setMinCRLNumber(BigInteger minCRL) method testing. * Tests if CRLs with any crl number value match the selector in the case of * null crlNumber criteria, if specified minCRL value matches the selector, * and if CRL with inappropriate crlNumber value does not match the selector. */ public void testSetMinCRLNumber() { X509CRLSelector selector = new X509CRLSelector(); BigInteger minCRL = new BigInteger("10000"); TestCRL crl = new TestCRL(minCRL); selector.setMinCRLNumber(null); assertTrue("Any CRL should match in the case of null minCRLNumber.", selector.match(crl)); selector.setMinCRLNumber(minCRL); assertTrue("The CRL should match the selection criteria.", selector.match(crl)); selector.setMinCRLNumber(new BigInteger("10001")); assertFalse("The CRL should not match the selection criteria.", selector.match(crl)); } /** * setMaxCRLNumber(BigInteger maxCRL) method testing. * Tests if CRLs with any crl number value match the selector in the case of * null crlNumber criteria, if specified maxCRL value matches the selector, * and if CRL with inappropriate crlNumber value does not match the selector. */ public void testSetMaxCRLNumber() { X509CRLSelector selector = new X509CRLSelector(); BigInteger maxCRL = new BigInteger("10000"); TestCRL crl = new TestCRL(maxCRL); selector.setMaxCRLNumber(null); assertTrue("Any CRL should match in the case of null minCRLNumber.", selector.match(crl)); selector.setMaxCRLNumber(maxCRL); assertTrue("The CRL should match the selection criteria.", selector.match(crl)); selector.setMaxCRLNumber(new BigInteger("9999")); assertFalse("The CRL should not match the selection criteria.", selector.match(crl)); } /** * setDateAndTime(Date dateAndTime) method testing. * Tests if CRLs with any update dates match the selector in the case of * null dateAndTime criteria, if correct dates match and incorrect * do not match the selector. */ public void testSetDateAndTime() { X509CRLSelector selector = new X509CRLSelector(); TestCRL crl = new TestCRL(new Date(200), new Date(300)); selector.setDateAndTime(null); assertTrue("Any CRL should match in the case of null dateAndTime.", selector.match(crl)); selector.setDateAndTime(new Date(200)); assertTrue("The CRL should match the selection criteria.", selector.match(crl)); selector.setDateAndTime(new Date(250)); assertTrue("The CRL should match the selection criteria.", selector.match(crl)); selector.setDateAndTime(new Date(300)); assertTrue("The CRL should match the selection criteria.", selector.match(crl)); selector.setDateAndTime(new Date(150)); assertFalse("The CRL should not match the selection criteria.", selector.match(crl)); selector.setDateAndTime(new Date(350)); assertFalse("The CRL should not match the selection criteria.", selector.match(crl)); } /** * getIssuers() method testing. * Tests if the method return null in the case of not specified issuers, * if the returned collection corresponds to the specified issuers and * this collection is unmodifiable. */ public void testGetIssuers() throws Exception { X509CRLSelector selector = new X509CRLSelector(); X500Principal iss1 = new X500Principal("O=First Org."); X500Principal iss2 = new X500Principal("O=Second Org."); X500Principal iss3 = new X500Principal("O=Third Org."); String iss_name_1 = "O=First String DN"; String iss_name_2 = "O=Second String DN"; String iss_name_3 = "O=Third String DN"; assertNull("The collection should be null.", selector.getIssuers()); selector.addIssuerName(iss_name_1); selector.addIssuer(iss1); selector.addIssuerName(iss_name_2); selector.addIssuer(iss2); selector.addIssuerName(iss_name_3); Collection result = selector.getIssuers(); assertEquals("Size does not correspond to expected", 5, result.size()); try { result.add(iss3); fail("The returned collection should be unmodifiable."); } catch (UnsupportedOperationException e) { } assertTrue("The collection should contain the specified DN.", result.contains(iss1)); assertTrue("The collection should contain the specified DN.", result.contains(iss2)); assertTrue("The collection should contain the specified DN.", result.contains(new X500Principal(iss_name_1))); assertTrue("The collection should contain the specified DN.", result.contains(new X500Principal(iss_name_2))); selector.addIssuer(iss3); assertTrue("The collection should contain the specified DN.", result.contains(iss3)); } /** * getIssuerNames() method testing. * Tests if the method return null in the case of not specified issuers, * if the returned collection corresponds to the specified issuers. */ public void testGetIssuerNames() { X509CRLSelector selector = new X509CRLSelector(); byte[] iss1 = new byte[] //manually obtained DER encoding of "O=First Org." issuer name; {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 116, 32, 79, 114, 103, 46}; byte[] iss2 = new byte[] //manually obtained DER encoding of "O=Second Org." issuer name; {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46}; assertNull("The collection should be null.", selector.getIssuerNames()); try { selector.addIssuerName(iss1); selector.addIssuerName(iss2); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } Collection result = selector.getIssuerNames(); assertEquals("The collection should contain all of the specified DNs.", 2, result.size()); } /** * getMinCRL() method testing. * Tests if the method return null in the case of not specified minCRL * criteria, and if the returned value corresponds to the specified one. */ public void testGetMinCRL() { X509CRLSelector selector = new X509CRLSelector(); assertNull("Initially the minCRL should be null.", selector.getMinCRL()); BigInteger minCRL = new BigInteger("10000"); selector.setMinCRLNumber(minCRL); assertTrue("The result should be equal to specified.", minCRL.equals(selector.getMinCRL())); } /** * getMaxCRL() method testing. * Tests if the method return null in the case of not specified maxCRL * criteria, and if the returned value corresponds to the specified one. */ public void testGetMaxCRL() { X509CRLSelector selector = new X509CRLSelector(); assertNull("Initially the maxCRL should be null.", selector.getMaxCRL()); BigInteger maxCRL = new BigInteger("10000"); selector.setMaxCRLNumber(maxCRL); assertTrue("The result should be equal to specified.", maxCRL.equals(selector.getMaxCRL())); } /** * getDateAndTime() method testing. * Tests if the method return null in the case of not specified dateAndTime * criteria, and if the returned value corresponds to the specified one. */ public void testGetDateAndTime() { X509CRLSelector selector = new X509CRLSelector(); assertNull("Initially the dateAndTime criteria should be null.", selector.getDateAndTime()); Date date = new Date(200); selector.setDateAndTime(date); assertTrue("The result should be equal to specified.", date.equals(selector.getDateAndTime())); } /** * match(CRL crl) method testing. * Tests if the null object matches to the selector or not. */ public void testMatch() { X509CRLSelector selector = new X509CRLSelector(); assertFalse("The null object should not match", selector.match((X509CRL) null)); } /** * clone() method testing. * Tests if the selector is cloned correctly: the crl which matche to * the initial selector should match to the clone and the change of clone * should not cause the change of initial selector. */ public void testClone() { X509CRLSelector selector = new X509CRLSelector(); X500Principal iss1 = new X500Principal("O=First Org."); X500Principal iss2 = new X500Principal("O=Second Org."); X500Principal iss3 = new X500Principal("O=Third Org."); BigInteger minCRL = new BigInteger("10000"); BigInteger maxCRL = new BigInteger("10000"); Date date = new Date(200); selector.addIssuer(iss1); selector.addIssuer(iss2); selector.setMinCRLNumber(minCRL); selector.setMaxCRLNumber(maxCRL); selector.setDateAndTime(date); X509CRLSelector clone = (X509CRLSelector) selector.clone(); TestCRL crl = new TestCRL(iss1); crl.setCrlNumber(minCRL); crl.setUpdateDates(new Date(200), new Date(200)); assertTrue("The specified CRL should match the clone selector.", selector.match(crl)); clone.addIssuer(iss3); assertFalse("The changes of the clone selector should not cause " + "the changes of initial object", selector.getIssuerNames().size() == 3); } public void testToString() { X509CRLSelector selector = new X509CRLSelector(); X500Principal iss1 = new X500Principal("O=First Org."); X500Principal iss2 = new X500Principal("O=Second Org."); BigInteger minCRL = new BigInteger("10000"); BigInteger maxCRL = new BigInteger("10000"); Date date = new Date(200); selector.addIssuer(iss1); selector.addIssuer(iss2); selector.setMinCRLNumber(minCRL); selector.setMaxCRLNumber(maxCRL); selector.setDateAndTime(date); assertNotNull("The result should not be null.", selector.toString()); } public static Test suite() { return new TestSuite(X509CRLSelectorTest.class); } }