CertificateListTest.java revision e98fbf8686c5289bf03fe5c3de7ff82d3a77104d
1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18/** 19* @author Alexander Y. Kleymenov 20*/ 21 22package org.apache.harmony.security.tests.x509; 23 24 25import java.io.ByteArrayInputStream; 26import java.io.IOException; 27import java.math.BigInteger; 28import java.security.cert.CertificateFactory; 29import java.security.cert.X509CRL; 30import java.security.cert.X509CRLEntry; 31import java.util.Arrays; 32import java.util.Date; 33import java.util.List; 34import java.util.Set; 35 36import junit.framework.Test; 37import junit.framework.TestCase; 38import junit.framework.TestSuite; 39 40import org.apache.harmony.security.asn1.ASN1GeneralizedTime; 41import org.apache.harmony.security.asn1.ASN1Integer; 42import org.apache.harmony.security.x501.Name; 43import org.apache.harmony.security.x509.AlgorithmIdentifier; 44import org.apache.harmony.security.x509.CertificateList; 45import org.apache.harmony.security.x509.Extension; 46import org.apache.harmony.security.x509.Extensions; 47import org.apache.harmony.security.x509.GeneralName; 48import org.apache.harmony.security.x509.GeneralNames; 49import org.apache.harmony.security.x509.TBSCertList; 50 51/** 52 * CertificateListTest 53 */ 54public class CertificateListTest extends TestCase { 55 56 // OID was taken from http://oid.elibel.tm.fr 57 private static String algOID = "1.2.840.10040.4.3"; 58 //private static String algName = "SHA1withDSA"; 59 private static byte[] algParams = {1, 1, 0}; // DER boolean false encoding 60 private static AlgorithmIdentifier signature; 61 private static byte[] signatureValue = new byte[10]; 62 static { 63 signature = new AlgorithmIdentifier(algOID, algParams); 64 } 65 private static String issuerName = "O=Certificate Issuer"; 66 private static Date thisUpdate = new Date(); 67 private static Date nextUpdate; 68 static { 69 nextUpdate = new Date(thisUpdate.getTime()+100000); 70 } 71 private static Extension crlEntryExtension; 72 static { 73 // Invalidity Date Extension (rfc 3280) 74 crlEntryExtension = new Extension("2.5.29.24", 75 ASN1GeneralizedTime.getInstance().encode(new Date())); 76 } 77 private static Extensions crlEntryExtensions = new Extensions(); 78 static { 79 //* 80 crlEntryExtensions.addExtension(crlEntryExtension); 81 // add the Certificate Issuer Extension to check if implementation 82 // support indirect CRLs. As says rfc 3280 (p.62): 83 // "If used by conforming CRL issuers, this extension MUST always be 84 // critical. If an implementation ignored this extension it could not 85 // correctly attribute CRL entries to certificates. This specification 86 // RECOMMENDS that implementations recognize this extension." 87 try { 88 crlEntryExtensions.addExtension( 89 new Extension("2.5.29.29", true, 90 //* 91 //ASN1OctetString.getInstance().encode( 92 GeneralNames.ASN1.encode( 93 new GeneralNames(Arrays.asList( 94 new GeneralName[] { 95 new GeneralName(new Name("O=Cert Organization"))//new GeneralName(4, "O=Organization") 96 }) 97 ) 98 ) 99 //) 100 //*/ 101 ) 102 ); 103 } catch (Exception e) { 104 e.printStackTrace(); 105 } 106 //*/ 107 } 108 private static Date revocationDate = new Date(); 109 private static List revokedCertificates = Arrays.asList( 110 new TBSCertList.RevokedCertificate[] { 111 new TBSCertList.RevokedCertificate(BigInteger.valueOf(555), 112 revocationDate, null),//crlEntryExtensions), 113 new TBSCertList.RevokedCertificate(BigInteger.valueOf(666), 114 revocationDate, crlEntryExtensions), 115 new TBSCertList.RevokedCertificate(BigInteger.valueOf(777), 116 revocationDate, null),//crlEntryExtensions) 117 }); 118 private static Extensions crlExtensions = new Extensions( 119 Arrays.asList(new Extension[] { 120 new Extension("2.5.29.20", // CRL Number Extension (rfc 3280) 121 ASN1Integer.getInstance().encode( 122 BigInteger.valueOf(4444).toByteArray())), 123 })); 124 125 private CertificateList certificateList; 126 private TBSCertList tbscertlist; 127 private byte[] encoding; 128 129 protected void setUp() throws java.lang.Exception { 130 try { 131 Name issuer = new Name(issuerName); 132 133 tbscertlist = 134 new TBSCertList(2, signature, issuer, thisUpdate, 135 nextUpdate, revokedCertificates, crlExtensions); 136 137 certificateList = 138 new CertificateList(tbscertlist, signature, signatureValue); 139 140 encoding = CertificateList.ASN1.encode(certificateList); 141 142 certificateList = (CertificateList) 143 CertificateList.ASN1.decode(encoding); 144 145 } catch (IOException e) { 146 e.printStackTrace(); 147 fail("Unexpected IOException was thrown: "+e.getMessage()); 148 } 149 } 150 151 152 /** 153 * CertificateList(TBSCertList tbsCertList, AlgorithmIdentifier 154 * signatureAlgorithm, byte[] signatureValue) method testing. 155 */ 156 public void testCertificateList() { 157 try { 158 AlgorithmIdentifier signature = 159 new AlgorithmIdentifier(algOID, algParams); 160 Name issuer = new Name(issuerName); 161 TBSCertList tbscl = 162 new TBSCertList(signature, issuer, thisUpdate); 163 CertificateList cl = 164 new CertificateList(tbscl, signature, new byte[] {0}); 165 166 byte[] encoding = CertificateList.ASN1.encode(cl); 167 CertificateList.ASN1.decode(encoding); 168 169 tbscl = new TBSCertList(2, signature, issuer, thisUpdate, 170 nextUpdate, revokedCertificates, crlExtensions); 171 172 cl = new CertificateList(tbscl, signature, new byte[] {0}); 173 174 encoding = CertificateList.ASN1.encode(cl); 175 CertificateList.ASN1.decode(encoding); 176 177 } catch (IOException e) { 178 e.printStackTrace(); 179 fail("Unexpected IOException was thrown: "+e.getMessage()); 180 } 181 } 182 183 /** 184 * getTbsCertList() method testing. 185 */ 186 public void testGetTbsCertList() { 187 assertTrue("Returned tbsCertList value is incorrect", 188 tbscertlist.equals(certificateList.getTbsCertList())); 189 } 190 191 /** 192 * getSignatureAlgorithm() method testing. 193 */ 194 public void testGetSignatureAlgorithm() { 195 assertTrue("Returned signatureAlgorithm value is incorrect", 196 signature.equals(certificateList.getSignatureAlgorithm())); 197 } 198 199 /** 200 * getSignatureValue() method testing. 201 */ 202 public void testGetSignatureValue() { 203 assertTrue("Returned signatureAlgorithm value is incorrect", 204 Arrays.equals(signatureValue, certificateList.getSignatureValue())); 205 } 206 207 public void testSupportIndirectCRLs() throws Exception { 208 X509CRL crl = (X509CRL) 209 CertificateFactory.getInstance("X.509").generateCRL( 210 new ByteArrayInputStream(encoding)); 211 Set rcerts = crl.getRevokedCertificates(); 212 System.out.println(">> rcerts:"+rcerts); 213 214 System.out.println("}>> "+ rcerts.toArray()[0]); 215 System.out.println("}>> "+((X509CRLEntry) rcerts.toArray()[0]).getCertificateIssuer()); 216 System.out.println("}>> "+((X509CRLEntry) rcerts.toArray()[1]).getCertificateIssuer()); 217 System.out.println("}>> "+((X509CRLEntry) rcerts.toArray()[2]).getCertificateIssuer()); 218 System.out.println(">> "+crl.getRevokedCertificate( 219 BigInteger.valueOf(555)).getCertificateIssuer()); 220 } 221 222 public static Test suite() { 223 return new TestSuite(CertificateListTest.class); 224 } 225 226} 227