X509CertSelectorTest.java revision 229e34b182b98e1dba15d3dc6341954986ae2b7a
1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18package tests.security.cert; 19 20import junit.framework.TestCase; 21 22import java.io.ByteArrayInputStream; 23import java.io.IOException; 24import java.math.BigInteger; 25import java.security.InvalidAlgorithmParameterException; 26import java.security.InvalidKeyException; 27import java.security.NoSuchAlgorithmException; 28import java.security.NoSuchProviderException; 29import java.security.Principal; 30import java.security.PublicKey; 31import java.security.SignatureException; 32import java.security.cert.CertPath; 33import java.security.cert.CertPathBuilder; 34import java.security.cert.CertPathBuilderException; 35import java.security.cert.CertificateEncodingException; 36import java.security.cert.CertificateException; 37import java.security.cert.CertificateExpiredException; 38import java.security.cert.CertificateFactory; 39import java.security.cert.CertificateNotYetValidException; 40import java.security.cert.CertificateParsingException; 41import java.security.cert.PKIXBuilderParameters; 42import java.security.cert.PKIXCertPathBuilderResult; 43import java.security.cert.TrustAnchor; 44import java.security.cert.X509CertSelector; 45import java.security.cert.X509Certificate; 46import java.util.ArrayList; 47import java.util.Arrays; 48import java.util.Calendar; 49import java.util.Collection; 50import java.util.Collections; 51import java.util.Date; 52import java.util.HashSet; 53import java.util.Iterator; 54import java.util.List; 55import java.util.Set; 56 57import javax.security.auth.x500.X500Principal; 58 59 60import org.apache.harmony.security.tests.support.cert.MyCRL; 61import org.apache.harmony.security.tests.support.cert.TestUtils; 62import org.apache.harmony.security.tests.support.TestKeyPair; 63import org.apache.harmony.security.asn1.ASN1Boolean; 64import org.apache.harmony.security.asn1.ASN1Integer; 65import org.apache.harmony.security.asn1.ASN1OctetString; 66import org.apache.harmony.security.asn1.ASN1Oid; 67import org.apache.harmony.security.asn1.ASN1Sequence; 68import org.apache.harmony.security.asn1.ASN1Type; 69import org.apache.harmony.security.x501.Name; 70import org.apache.harmony.security.x509.CertificatePolicies; 71import org.apache.harmony.security.x509.GeneralName; 72import org.apache.harmony.security.x509.GeneralNames; 73import org.apache.harmony.security.x509.NameConstraints; 74import org.apache.harmony.security.x509.ORAddress; 75import org.apache.harmony.security.x509.OtherName; 76import org.apache.harmony.security.x509.PolicyInformation; 77import org.apache.harmony.security.x509.PrivateKeyUsagePeriod; 78 79/** 80 * X509CertSelectorTest 81 */ 82public class X509CertSelectorTest extends TestCase { 83 84 byte[][] constraintBytes = new byte[][] { 85 { 86 48, 34, -96, 15, 48, 13, -127, 8, 56, 50, 50, 46, 78, 87 97, 109, 101, -128, 1, 0, -95, 15, 48, 13, -127, 8, 56, 88 50, 50, 46, 78, 97, 109, 101, -128, 1, 0}, 89 { 90 48, 42, -96, 19, 48, 17, -127, 12, 114, 102, 99, 64, 91 56, 50, 50, 46, 78, 97, 109, 101, -128, 1, 0, -95, 19, 92 48, 17, -127, 12, 114, 102, 99, 64, 56, 50, 50, 46, 78, 93 97, 109, 101, -128, 1, 0}, 94 { 95 48, 34, -96, 15, 48, 13, -126, 8, 78, 97, 109, 101, 46, 96 111, 114, 103, -128, 1, 0, -95, 15, 48, 13, -126, 8, 97 78, 97, 109, 101, 46, 111, 114, 103, -128, 1, 0}, 98 { 99 48, 42, -96, 19, 48, 17, -126, 12, 100, 78, 83, 46, 78, 100 97, 109, 101, 46, 111, 114, 103, -128, 1, 0, -95, 19, 101 48, 17, -126, 12, 100, 78, 83, 46, 78, 97, 109, 101, 102 46, 111, 114, 103, -128, 1, 0}, 103 { 104 48, 54, -96, 25, 48, 23, -122, 18, 104, 116, 116, 112, 105 58, 47, 47, 82, 101, 115, 111, 117, 114, 99, 101, 46, 106 73, 100, -128, 1, 0, -95, 25, 48, 23, -122, 18, 104, 107 116, 116, 112, 58, 47, 47, 82, 101, 115, 111, 117, 114, 108 99, 101, 46, 73, 100, -128, 1, 0}, 109 { 110 48, 70, -96, 33, 48, 31, -122, 26, 104, 116, 116, 112, 111 58, 47, 47, 117, 110, 105, 102, 111, 114, 109, 46, 82, 112 101, 115, 111, 117, 114, 99, 101, 46, 73, 100, -128, 1, 113 0, -95, 33, 48, 31, -122, 26, 104, 116, 116, 112, 58, 114 47, 47, 117, 110, 105, 102, 111, 114, 109, 46, 82, 101, 115 115, 111, 117, 114, 99, 101, 46, 73, 100, -128, 1, 0}, 116 { 117 48, 26, -96, 11, 48, 9, -121, 4, 1, 1, 1, 1, -128, 1, 118 0, -95, 11, 48, 9, -121, 4, 1, 1, 1, 1, -128, 1, 0}, 119 { 120 48, 50, -96, 23, 48, 21, -121, 16, 1, 1, 1, 1, 1, 1, 1, 121 1, 1, 1, 1, 1, 1, 1, 1, 1, -128, 1, 0, -95, 23, 48, 21, 122 -121, 16, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 123 1, -128, 1, 0}}; 124 125 /** 126 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[]) 127 */ 128 public void test_addSubjectAlternativeNameLintLbyte_array() throws IOException { 129 // Regression for HARMONY-2487 130 int[] types = { 0, 1, 2, 3, 4, 5, 6, 7, 8 }; 131 for (int i = 0; i < types.length; i++) { 132 try { 133 new X509CertSelector().addSubjectAlternativeName(types[i], 134 (byte[]) null); 135 fail("No expected NullPointerException for type: " + i); 136 } catch (NullPointerException e) { 137 } 138 } 139 } 140 141 /** 142 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String) 143 */ 144 public void test_addSubjectAlternativeNameLintLjava_lang_String() { 145 // Regression for HARMONY-727 146 int[] types = { 0, 2, 3, 4, 5, 6, 7, 8 }; 147 for (int i = 0; i < types.length; i++) { 148 try { 149 new X509CertSelector().addSubjectAlternativeName(types[i], 150 "0xDFRF"); 151 fail("IOException expected"); 152 } catch (IOException e) { 153 } 154 } 155 } 156 157 /** 158 * java.security.cert.X509CertSelector#addPathToName(int, byte[]) 159 */ 160 public void test_addPathToNameLintLbyte_array() throws IOException { 161 // Regression for HARMONY-2487 162 int[] types = { 0, 1, 2, 3, 4, 5, 6, 7, 8 }; 163 for (int i = 0; i < types.length; i++) { 164 try { 165 new X509CertSelector().addPathToName(types[i], (byte[]) null); 166 fail("No expected NullPointerException for type: " + i); 167 } catch (NullPointerException e) { 168 } 169 } 170 } 171 172 /** 173 * java.security.cert.X509CertSelector#addPathToName(int, String) 174 */ 175 public void test_addPathToNameLintLjava_lang_String() { 176 // Regression for HARMONY-724 177 for (int type = 0; type <= 8; type++) { 178 try { 179 new X509CertSelector().addPathToName(type, (String) null); 180 fail("IOException expected!"); 181 } catch (IOException ioe) { 182 // expected 183 } 184 } 185 186 187 } 188 189 /** 190 * java.security.cert.X509CertSelector#X509CertSelector() 191 */ 192 public void test_X509CertSelector() { 193 X509CertSelector selector = null; 194 try { 195 selector = new X509CertSelector(); 196 } catch (Exception e) { 197 fail("Unexpected exception " + e.getMessage()); 198 } 199 assertEquals(-1, selector.getBasicConstraints()); 200 assertTrue(selector.getMatchAllSubjectAltNames()); 201 } 202 203 /** 204 * java.security.cert.X509CertSelector#clone() 205 */ 206 public void test_clone() throws Exception { 207 X509CertSelector selector = new X509CertSelector(); 208 X509CertSelector selector1 = (X509CertSelector) selector.clone(); 209 210 assertEquals(selector.getMatchAllSubjectAltNames(), selector1 211 .getMatchAllSubjectAltNames()); 212 assertEquals(selector.getAuthorityKeyIdentifier(), selector1 213 .getAuthorityKeyIdentifier()); 214 assertEquals(selector.getBasicConstraints(), selector1 215 .getBasicConstraints()); 216 assertEquals(selector.getCertificate(), selector1.getCertificate()); 217 assertEquals(selector.getCertificateValid(), selector1 218 .getCertificateValid()); 219 assertEquals(selector.getExtendedKeyUsage(), selector1 220 .getExtendedKeyUsage()); 221 assertEquals(selector.getIssuer(), selector1.getIssuer()); 222 assertEquals(selector.getIssuerAsBytes(), selector1.getIssuerAsBytes()); 223 assertEquals(selector.getIssuerAsString(), selector1 224 .getIssuerAsString()); 225 assertEquals(selector.getKeyUsage(), selector1.getKeyUsage()); 226 assertEquals(selector.getNameConstraints(), selector1 227 .getNameConstraints()); 228 assertEquals(selector.getPathToNames(), selector1.getPathToNames()); 229 assertEquals(selector.getPolicy(), selector1.getPolicy()); 230 assertEquals(selector.getPrivateKeyValid(), selector1 231 .getPrivateKeyValid()); 232 assertEquals(selector.getSerialNumber(), selector1.getSerialNumber()); 233 assertEquals(selector.getSubject(), selector1.getSubject()); 234 assertEquals(selector.getSubjectAlternativeNames(), selector1 235 .getSubjectAlternativeNames()); 236 assertEquals(selector.getSubjectAsBytes(), selector1 237 .getSubjectAsBytes()); 238 assertEquals(selector.getSubjectAsString(), selector1 239 .getSubjectAsString()); 240 assertEquals(selector.getSubjectKeyIdentifier(), selector1 241 .getSubjectKeyIdentifier()); 242 assertEquals(selector.getSubjectPublicKey(), selector1 243 .getSubjectPublicKey()); 244 assertEquals(selector.getSubjectPublicKeyAlgID(), selector1 245 .getSubjectPublicKeyAlgID()); 246 247 selector = null; 248 try { 249 selector.clone(); 250 fail("NullPointerException expected"); 251 } catch (NullPointerException e) { 252 // expected 253 } 254 } 255 256 /** 257 * java.security.cert.X509CertSelector#getAuthorityKeyIdentifier() 258 */ 259 public void test_getAuthorityKeyIdentifier() { 260 byte[] akid1 = new byte[] { 4, 5, 1, 2, 3, 4, 5 }; // random value 261 byte[] akid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value 262 X509CertSelector selector = new X509CertSelector(); 263 264 assertNull("Selector should return null", selector 265 .getAuthorityKeyIdentifier()); 266 selector.setAuthorityKeyIdentifier(akid1); 267 assertTrue("The returned keyID should be equal to specified", Arrays 268 .equals(akid1, selector.getAuthorityKeyIdentifier())); 269 assertTrue("The returned keyID should be equal to specified", Arrays 270 .equals(akid1, selector.getAuthorityKeyIdentifier())); 271 assertFalse("The returned keyID should differ", Arrays.equals(akid2, 272 selector.getAuthorityKeyIdentifier())); 273 } 274 275 /** 276 * java.security.cert.X509CertSelector#getBasicConstraints() 277 */ 278 public void test_getBasicConstraints() { 279 X509CertSelector selector = new X509CertSelector(); 280 int[] validValues = { 2, 1, 0, 1, 2, 3, 10, 20 }; 281 for (int i = 0; i < validValues.length; i++) { 282 selector.setBasicConstraints(validValues[i]); 283 assertEquals(validValues[i], selector.getBasicConstraints()); 284 } 285 } 286 287 /** 288 * java.security.cert.X509CertSelector#getCertificate() 289 */ 290 public void test_getCertificate() throws CertificateException { 291 X509CertSelector selector = new X509CertSelector(); 292 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 293 X509Certificate cert1 = (X509Certificate) certFact 294 .generateCertificate(new ByteArrayInputStream(TestUtils 295 .getX509Certificate_v3())); 296 297 X509Certificate cert2 = (X509Certificate) certFact 298 .generateCertificate(new ByteArrayInputStream(TestUtils 299 .getX509Certificate_v1())); 300 301 selector.setCertificate(cert1); 302 assertEquals(cert1, selector.getCertificate()); 303 304 selector.setCertificate(cert2); 305 assertEquals(cert2, selector.getCertificate()); 306 307 selector.setCertificate(null); 308 assertNull(selector.getCertificate()); 309 } 310 311 /** 312 * java.security.cert.X509CertSelector#getCertificateValid() 313 */ 314 public void test_getCertificateValid() { 315 Date date1 = new Date(100); 316 Date date2 = new Date(200); 317 Date date3 = Calendar.getInstance().getTime(); 318 X509CertSelector selector = new X509CertSelector(); 319 320 assertNull("Selector should return null", selector 321 .getCertificateValid()); 322 selector.setCertificateValid(date1); 323 assertTrue("The returned date should be equal to specified", date1 324 .equals(selector.getCertificateValid())); 325 selector.getCertificateValid().setTime(200); 326 assertTrue("The returned date should be equal to specified", date1 327 .equals(selector.getCertificateValid())); 328 assertFalse("The returned date should differ", date2.equals(selector 329 .getCertificateValid())); 330 selector.setCertificateValid(date3); 331 assertTrue("The returned date should be equal to specified", date3 332 .equals(selector.getCertificateValid())); 333 selector.setCertificateValid(null); 334 assertNull(selector.getCertificateValid()); 335 } 336 337 /** 338 * java.security.cert.X509CertSelector#getExtendedKeyUsage() 339 */ 340 public void test_getExtendedKeyUsage() { 341 HashSet<String> ku = new HashSet<String>(Arrays 342 .asList(new String[] { "1.3.6.1.5.5.7.3.1", 343 "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 344 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", 345 "1.3.6.1.5.5.7.3.9", "1.3.6.1.5.5.7.3.5", 346 "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" })); 347 X509CertSelector selector = new X509CertSelector(); 348 349 assertNull("Selector should return null", selector 350 .getExtendedKeyUsage()); 351 try { 352 selector.setExtendedKeyUsage(ku); 353 } catch (IOException e) { 354 fail("Unexpected IOException was thrown."); 355 } 356 assertTrue( 357 "The returned extendedKeyUsage should be equal to specified", 358 ku.equals(selector.getExtendedKeyUsage())); 359 try { 360 selector.getExtendedKeyUsage().add("KRIBLEGRABLI"); 361 fail("The returned Set should be immutable."); 362 } catch (UnsupportedOperationException e) { 363 // expected 364 } 365 } 366 367 /** 368 * java.security.cert.X509CertSelector#getIssuer() 369 */ 370 public void test_getIssuer() { 371 X500Principal iss1 = new X500Principal("O=First Org."); 372 X500Principal iss2 = new X500Principal("O=Second Org."); 373 X509CertSelector selector = new X509CertSelector(); 374 375 assertNull("Selector should return null", selector.getIssuer()); 376 selector.setIssuer(iss1); 377 assertEquals("The returned issuer should be equal to specified", iss1, 378 selector.getIssuer()); 379 assertFalse("The returned issuer should differ", iss2.equals(selector 380 .getIssuer())); 381 } 382 383 /** 384 * java.security.cert.X509CertSelector#getIssuerAsBytes() 385 */ 386 public void test_getIssuerAsBytes() { 387 byte[] name1 = new byte[] 388 // manually obtained DER encoding of "O=First Org." issuer name; 389 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 390 116, 32, 79, 114, 103, 46 }; 391 392 byte[] name2 = new byte[] 393 // manually obtained DER encoding of "O=Second Org." issuer name; 394 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 395 110, 100, 32, 79, 114, 103, 46 }; 396 X500Principal iss1 = new X500Principal(name1); 397 X500Principal iss2 = new X500Principal(name2); 398 X509CertSelector selector = new X509CertSelector(); 399 400 try { 401 assertNull("Selector should return null", selector 402 .getIssuerAsBytes()); 403 selector.setIssuer(iss1); 404 assertTrue("The returned issuer should be equal to specified", 405 Arrays.equals(name1, selector.getIssuerAsBytes())); 406 assertFalse("The returned issuer should differ", name2 407 .equals(selector.getIssuerAsBytes())); 408 selector.setIssuer(iss2); 409 assertTrue("The returned issuer should be equal to specified", 410 Arrays.equals(name2, selector.getIssuerAsBytes())); 411 } catch (IOException e) { 412 fail("Unexpected IOException was thrown."); 413 } 414 } 415 416 /** 417 * java.security.cert.X509CertSelector#getIssuerAsString() 418 */ 419 public void test_getIssuerAsString() { 420 String name1 = "O=First Org."; 421 String name2 = "O=Second Org."; 422 X500Principal iss1 = new X500Principal(name1); 423 X500Principal iss2 = new X500Principal(name2); 424 X509CertSelector selector = new X509CertSelector(); 425 426 assertNull("Selector should return null", selector.getIssuerAsString()); 427 selector.setIssuer(iss1); 428 assertEquals("The returned issuer should be equal to specified", name1, 429 selector.getIssuerAsString()); 430 assertFalse("The returned issuer should differ", name2.equals(selector 431 .getIssuerAsString())); 432 selector.setIssuer(iss2); 433 assertEquals("The returned issuer should be equal to specified", name2, 434 selector.getIssuerAsString()); 435 } 436 437 /** 438 * java.security.cert.X509CertSelector#getKeyUsage() 439 */ 440 public void test_getKeyUsage() { 441 boolean[] ku = new boolean[] { true, false, true, false, true, false, 442 true, false, true }; 443 X509CertSelector selector = new X509CertSelector(); 444 445 assertNull("Selector should return null", selector.getKeyUsage()); 446 selector.setKeyUsage(ku); 447 assertTrue("The returned date should be equal to specified", Arrays 448 .equals(ku, selector.getKeyUsage())); 449 boolean[] result = selector.getKeyUsage(); 450 result[0] = !result[0]; 451 assertTrue("The returned keyUsage should be equal to specified", Arrays 452 .equals(ku, selector.getKeyUsage())); 453 } 454 455 /** 456 * java.security.cert.X509CertSelector#getMatchAllSubjectAltNames() 457 */ 458 public void test_getMatchAllSubjectAltNames() { 459 X509CertSelector selector = new X509CertSelector(); 460 assertTrue("The matchAllNames initially should be true", selector 461 .getMatchAllSubjectAltNames()); 462 selector.setMatchAllSubjectAltNames(false); 463 assertFalse("The value should be false", selector 464 .getMatchAllSubjectAltNames()); 465 } 466 467 /** 468 * java.security.cert.X509CertSelector#getNameConstraints() 469 */ 470 public void test_getNameConstraints() throws IOException { 471 472// Used to generate following byte array 473// GeneralName[] name_constraints = new GeneralName[] { 474// new GeneralName(1, "822.Name"), 475// new GeneralName(1, "rfc@822.Name"), 476// new GeneralName(2, "Name.org"), 477// new GeneralName(2, "dNS.Name.org"), 478// 479// new GeneralName(6, "http://Resource.Id"), 480// new GeneralName(6, "http://uniform.Resource.Id"), 481// new GeneralName(7, "1.1.1.1"), 482// 483// new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 484// 1, 1, 1, 1, 1 }), }; 485// 486// constraintBytes = new byte[name_constraints.length][]; 487// 488// for (int i = 0; i < name_constraints.length; i++) { 489// GeneralSubtree subtree = new GeneralSubtree(name_constraints[i]); 490// GeneralSubtrees subtrees = new GeneralSubtrees(); 491// subtrees.addSubtree(subtree); 492// NameConstraints constraints = new NameConstraints(subtrees, 493// subtrees); 494// constraintBytes[i] = constraints.getEncoded(); 495// } 496// System.out.println("XXX"+Arrays.deepToString(constraintBytes)+"XXX"); 497 498 X509CertSelector selector = new X509CertSelector(); 499 500 for (int i = 0; i < constraintBytes.length; i++) { 501 selector.setNameConstraints(constraintBytes[i]); 502 assertTrue(Arrays.equals(constraintBytes[i], selector 503 .getNameConstraints())); 504 } 505 } 506 507 /** 508 * java.security.cert.X509CertSelector#getPathToNames() 509 */ 510 public void test_getPathToNames() { 511 try { 512 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", 513 new byte[] { 1, 2, 0, 1 })); 514 GeneralName san1 = new GeneralName(1, "rfc@822.Name"); 515 GeneralName san2 = new GeneralName(2, "dNSName"); 516 GeneralName san3 = new GeneralName(new ORAddress()); 517 GeneralName san4 = new GeneralName(new Name("O=Organization")); 518 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 519 GeneralName san7 = new GeneralName(7, "1.1.1.1"); 520 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 521 522 GeneralNames sans1 = new GeneralNames(); 523 sans1.addName(san0); 524 sans1.addName(san1); 525 sans1.addName(san2); 526 sans1.addName(san3); 527 sans1.addName(san4); 528 sans1.addName(san6); 529 sans1.addName(san7); 530 sans1.addName(san8); 531 GeneralNames sans2 = new GeneralNames(); 532 sans2.addName(san0); 533 534 TestCert cert1 = new TestCert(sans1); 535 TestCert cert2 = new TestCert(sans2); 536 X509CertSelector selector = new X509CertSelector(); 537 selector.setMatchAllSubjectAltNames(true); 538 539 selector.setPathToNames(null); 540 assertTrue("Any certificate should match in the case of null " 541 + "subjectAlternativeNames criteria.", selector 542 .match(cert1) 543 && selector.match(cert2)); 544 545 Collection<List<?>> sans = sans1.getPairsList(); 546 547 selector.setPathToNames(sans); 548 selector.getPathToNames(); 549 } catch (IOException e) { 550 e.printStackTrace(); 551 fail("Unexpected IOException was thrown."); 552 } 553 } 554 555 /** 556 * java.security.cert.X509CertSelector#getPolicy() 557 */ 558 public void test_getPolicy() throws IOException { 559 String[] policies1 = new String[] { "1.3.6.1.5.5.7.3.1", 560 "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4", 561 "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", "1.3.6.1.5.5.7.3.5", 562 "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" }; 563 564 String[] policies2 = new String[] { "1.3.6.7.3.1" }; 565 566 HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1)); 567 HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2)); 568 569 X509CertSelector selector = new X509CertSelector(); 570 571 selector.setPolicy(null); 572 assertNull(selector.getPolicy()); 573 574 selector.setPolicy(p1); 575 assertEquals("The returned date should be equal to specified", p1, selector.getPolicy()); 576 577 selector.setPolicy(p2); 578 assertEquals("The returned date should be equal to specified", p2, selector.getPolicy()); 579 } 580 581 /** 582 * java.security.cert.X509CertSelector#getPrivateKeyValid() 583 */ 584 public void test_getPrivateKeyValid() { 585 Date date1 = new Date(100); 586 Date date2 = new Date(200); 587 X509CertSelector selector = new X509CertSelector(); 588 589 assertNull("Selector should return null", selector.getPrivateKeyValid()); 590 selector.setPrivateKeyValid(date1); 591 assertTrue("The returned date should be equal to specified", date1 592 .equals(selector.getPrivateKeyValid())); 593 selector.getPrivateKeyValid().setTime(200); 594 assertTrue("The returned date should be equal to specified", date1 595 .equals(selector.getPrivateKeyValid())); 596 assertFalse("The returned date should differ", date2.equals(selector 597 .getPrivateKeyValid())); 598 } 599 600 /** 601 * java.security.cert.X509CertSelector#getSerialNumber() 602 */ 603 public void test_getSerialNumber() { 604 BigInteger ser1 = new BigInteger("10000"); 605 BigInteger ser2 = new BigInteger("10001"); 606 X509CertSelector selector = new X509CertSelector(); 607 608 assertNull("Selector should return null", selector.getSerialNumber()); 609 selector.setSerialNumber(ser1); 610 assertEquals("The returned serial number should be equal to specified", 611 ser1, selector.getSerialNumber()); 612 assertFalse("The returned serial number should differ", ser2 613 .equals(selector.getSerialNumber())); 614 } 615 616 /** 617 * java.security.cert.X509CertSelector#getSubject() 618 */ 619 public void test_getSubject() { 620 X500Principal sub1 = new X500Principal("O=First Org."); 621 X500Principal sub2 = new X500Principal("O=Second Org."); 622 X509CertSelector selector = new X509CertSelector(); 623 624 assertNull("Selector should return null", selector.getSubject()); 625 selector.setSubject(sub1); 626 assertEquals("The returned subject should be equal to specified", sub1, 627 selector.getSubject()); 628 assertFalse("The returned subject should differ", sub2.equals(selector 629 .getSubject())); 630 } 631 632 /** 633 * java.security.cert.X509CertSelector#getSubjectAlternativeNames() 634 */ 635 public void test_getSubjectAlternativeNames() { 636 try { 637 GeneralName san1 = new GeneralName(1, "rfc@822.Name"); 638 GeneralName san2 = new GeneralName(2, "dNSName"); 639 640 GeneralNames sans = new GeneralNames(); 641 sans.addName(san1); 642 sans.addName(san2); 643 644 TestCert cert_1 = new TestCert(sans); 645 X509CertSelector selector = new X509CertSelector(); 646 647 assertNull("Selector should return null", selector 648 .getSubjectAlternativeNames()); 649 650 selector.setSubjectAlternativeNames(sans.getPairsList()); 651 assertTrue("The certificate should match the selection criteria.", 652 selector.match(cert_1)); 653 selector.getSubjectAlternativeNames().clear(); 654 assertTrue("The modification of initialization object " 655 + "should not affect the modification " 656 + "of internal object.", selector.match(cert_1)); 657 } catch (IOException e) { 658 e.printStackTrace(); 659 fail("Unexpected IOException was thrown."); 660 } 661 } 662 663 /** 664 * java.security.cert.X509CertSelector#getSubjectAsBytes() 665 */ 666 public void test_getSubjectAsBytes() { 667 byte[] name1 = new byte[] 668 // manually obtained DER encoding of "O=First Org." issuer name; 669 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 670 116, 32, 79, 114, 103, 46 }; 671 byte[] name2 = new byte[] 672 // manually obtained DER encoding of "O=Second Org." issuer name; 673 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 674 110, 100, 32, 79, 114, 103, 46 }; 675 676 X500Principal sub1 = new X500Principal(name1); 677 X500Principal sub2 = new X500Principal(name2); 678 X509CertSelector selector = new X509CertSelector(); 679 680 try { 681 assertNull("Selector should return null", selector 682 .getSubjectAsBytes()); 683 selector.setSubject(sub1); 684 assertTrue("The returned issuer should be equal to specified", 685 Arrays.equals(name1, selector.getSubjectAsBytes())); 686 assertFalse("The returned issuer should differ", name2 687 .equals(selector.getSubjectAsBytes())); 688 selector.setSubject(sub2); 689 assertTrue("The returned issuer should be equal to specified", 690 Arrays.equals(name2, selector.getSubjectAsBytes())); 691 } catch (IOException e) { 692 fail("Unexpected IOException was thrown."); 693 } 694 } 695 696 /** 697 * java.security.cert.X509CertSelector#getSubjectAsString() 698 */ 699 public void test_getSubjectAsString() { 700 String name1 = "O=First Org."; 701 String name2 = "O=Second Org."; 702 X500Principal sub1 = new X500Principal(name1); 703 X500Principal sub2 = new X500Principal(name2); 704 X509CertSelector selector = new X509CertSelector(); 705 706 assertNull("Selector should return null", selector.getSubjectAsString()); 707 selector.setSubject(sub1); 708 assertEquals("The returned subject should be equal to specified", 709 name1, selector.getSubjectAsString()); 710 assertFalse("The returned subject should differ", name2.equals(selector 711 .getSubjectAsString())); 712 selector.setSubject(sub2); 713 assertEquals("The returned subject should be equal to specified", 714 name2, selector.getSubjectAsString()); 715 } 716 717 /** 718 * java.security.cert.X509CertSelector#getSubjectKeyIdentifier() 719 */ 720 public void test_getSubjectKeyIdentifier() { 721 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 722 byte[] skid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value 723 X509CertSelector selector = new X509CertSelector(); 724 725 assertNull("Selector should return null", selector 726 .getSubjectKeyIdentifier()); 727 selector.setSubjectKeyIdentifier(skid1); 728 assertTrue("The returned keyID should be equal to specified", Arrays 729 .equals(skid1, selector.getSubjectKeyIdentifier())); 730 selector.getSubjectKeyIdentifier()[0]++; 731 assertTrue("The returned keyID should be equal to specified", Arrays 732 .equals(skid1, selector.getSubjectKeyIdentifier())); 733 assertFalse("The returned keyID should differ", Arrays.equals(skid2, 734 selector.getSubjectKeyIdentifier())); 735 } 736 737 /** 738 * java.security.cert.X509CertSelector#getSubjectPublicKey() 739 */ 740 public void test_getSubjectPublicKey() throws Exception { 741 742 // SubjectPublicKeyInfo ::= SEQUENCE { 743 // algorithm AlgorithmIdentifier, 744 // subjectPublicKey BIT STRING } 745 byte[] enc = { 0x30, 0x0E, // SEQUENCE 746 0x30, 0x07, // SEQUENCE 747 0x06, 0x02, 0x03, 0x05,// OID 748 0x01, 0x01, 0x07, // ANY 749 0x03, 0x03, 0x01, 0x01, 0x06, // subjectPublicKey 750 }; 751 752 X509CertSelector selector = new X509CertSelector(); 753 754 selector.setSubjectPublicKey(enc); 755 PublicKey key = selector.getSubjectPublicKey(); 756 assertEquals("0.3.5", key.getAlgorithm()); 757 assertEquals("X.509", key.getFormat()); 758 assertTrue(Arrays.equals(enc, key.getEncoded())); 759 assertNotNull(key.toString()); 760 761 key = new MyPublicKey(); 762 763 selector.setSubjectPublicKey(key); 764 PublicKey keyActual = selector.getSubjectPublicKey(); 765 assertEquals(key, keyActual); 766 assertEquals(key.getAlgorithm(), keyActual.getAlgorithm()); 767 } 768 769 /** 770 * java.security.cert.X509CertSelector#getSubjectPublicKeyAlgID() 771 */ 772 public void test_getSubjectPublicKeyAlgID() { 773 774 X509CertSelector selector = new X509CertSelector(); 775 String[] validOIDs = { "0.0.20", "1.25.0", "2.0.39", "0.2.10", "1.35.15", 776 "2.17.89" }; 777 778 assertNull("Selector should return null", selector 779 .getSubjectPublicKeyAlgID()); 780 781 for (int i = 0; i < validOIDs.length; i++) { 782 try { 783 selector.setSubjectPublicKeyAlgID(validOIDs[i]); 784 assertEquals(validOIDs[i], selector.getSubjectPublicKeyAlgID()); 785 } catch (IOException e) { 786 System.out.println("t = " + e.getMessage()); 787 //fail("Unexpected exception " + e.getMessage()); 788 } 789 } 790 791 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA encryption 792 String pkaid2 = "1.2.840.113549.1.1.4"; // MD5 with RSA encryption 793 794 try { 795 selector.setSubjectPublicKeyAlgID(pkaid1); 796 } catch (IOException e) { 797 fail("Unexpected IOException was thrown."); 798 } 799 assertTrue("The returned oid should be equal to specified", pkaid1 800 .equals(selector.getSubjectPublicKeyAlgID())); 801 assertFalse("The returned oid should differ", pkaid2.equals(selector 802 .getSubjectPublicKeyAlgID())); 803 } 804 805 /** 806 * java.security.cert.X509CertSelector#match(java.security.cert.Certificate) 807 */ 808 public void test_matchLjava_security_cert_Certificate() 809 throws CertificateException { 810 X509CertSelector selector = new X509CertSelector(); 811 assertFalse(selector.match(null)); 812 813 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 814 X509Certificate cert1 = (X509Certificate) certFact 815 .generateCertificate(new ByteArrayInputStream(TestUtils 816 .getX509Certificate_v3())); 817 818 X509Certificate cert2 = (X509Certificate) certFact 819 .generateCertificate(new ByteArrayInputStream(TestUtils 820 .getX509Certificate_v1())); 821 822 selector.setCertificate(cert1); 823 assertTrue(selector.match(cert1)); 824 assertFalse(selector.match(cert2)); 825 826 selector.setCertificate(cert2); 827 assertFalse(selector.match(cert1)); 828 assertTrue(selector.match(cert2)); 829 } 830 831 /** 832 * java.security.cert.X509CertSelector#setAuthorityKeyIdentifier(byte[]) 833 */ 834 public void test_setAuthorityKeyIdentifierLB$() throws CertificateException { 835 X509CertSelector selector = new X509CertSelector(); 836 837 byte[] akid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 838 byte[] akid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value 839 TestCert cert1 = new TestCert(akid1); 840 TestCert cert2 = new TestCert(akid2); 841 842 selector.setAuthorityKeyIdentifier(null); 843 assertTrue("The certificate should match the selection criteria.", 844 selector.match(cert1)); 845 assertTrue("The certificate should match the selection criteria.", 846 selector.match(cert2)); 847 assertNull(selector.getAuthorityKeyIdentifier()); 848 849 selector.setAuthorityKeyIdentifier(akid1); 850 assertTrue("The certificate should not match the selection criteria.", 851 selector.match(cert1)); 852 assertFalse("The certificate should not match the selection criteria.", 853 selector.match(cert2)); 854 selector.setAuthorityKeyIdentifier(akid2); 855 assertFalse("The certificate should not match the selection criteria.", 856 selector.match(cert1)); 857 assertTrue("The certificate should not match the selection criteria.", 858 selector.match(cert2)); 859 860 akid2[0]++; 861 assertTrue("The certificate should match the selection criteria.", 862 selector.match(cert2)); 863 } 864 865 /** 866 * java.security.cert.X509CertSelector#setBasicConstraints(int) 867 */ 868 public void test_setBasicConstraintsLint() { 869 X509CertSelector selector = new X509CertSelector(); 870 int[] invalidValues = { -3, -4, -5, 1000000000 }; 871 for (int i = 0; i < invalidValues.length; i++) { 872 try { 873 selector.setBasicConstraints(-3); 874 fail("IllegalArgumentException expected"); 875 } catch (IllegalArgumentException e) { 876 // expected 877 } 878 } 879 880 int[] validValues = { -2, -1, 0, 1, 2, 3, 10, 20 }; 881 for (int i = 0; i < validValues.length; i++) { 882 selector.setBasicConstraints(validValues[i]); 883 assertEquals(validValues[i], selector.getBasicConstraints()); 884 } 885 } 886 887 /** 888 * java.security.cert.X509CertSelector#setCertificate(java.security.cert.Certificate) 889 */ 890 public void test_setCertificateLjava_security_cert_X509Certificate() 891 throws CertificateException { 892 893 TestCert cert1 = new TestCert("same certificate"); 894 TestCert cert2 = new TestCert("other certificate"); 895 X509CertSelector selector = new X509CertSelector(); 896 897 selector.setCertificate(null); 898 assertTrue("Any certificates should match in the case of null " 899 + "certificateEquals criteria.", selector.match(cert1) 900 && selector.match(cert2)); 901 selector.setCertificate(cert1); 902 assertTrue("The certificate should match the selection criteria.", 903 selector.match(cert1)); 904 assertFalse("The certificate should not match the selection criteria.", 905 selector.match(cert2)); 906 selector.setCertificate(cert2); 907 assertTrue("The certificate should match the selection criteria.", 908 selector.match(cert2)); 909 selector.setCertificate(null); 910 assertNull(selector.getCertificate()); 911 } 912 913 /** 914 * java.security.cert.X509CertSelector#setCertificateValid(java.util.Date) 915 */ 916 public void test_setCertificateValidLjava_util_Date() 917 throws CertificateException { 918 X509CertSelector selector = new X509CertSelector(); 919 920 Date date1 = new Date(100); 921 Date date2 = new Date(200); 922 TestCert cert1 = new TestCert(date1); 923 TestCert cert2 = new TestCert(date2); 924 925 selector.setCertificateValid(null); 926 assertNull(selector.getCertificateValid()); 927 selector.setCertificateValid(date1); 928 assertTrue("The certificate should match the selection criteria.", 929 selector.match(cert1)); 930 assertFalse("The certificate should not match the selection criteria.", 931 selector.match(cert2)); 932 selector.setCertificateValid(date2); 933 date2.setTime(300); 934 assertTrue("The certificate should match the selection criteria.", 935 selector.match(cert2)); 936 } 937 938 /** 939 * java.security.cert.X509CertSelector#setExtendedKeyUsage(Set<String>) 940 */ 941 public void test_setExtendedKeyUsageLjava_util_Set() 942 throws CertificateException { 943 HashSet<String> ku1 = new HashSet<String>(Arrays 944 .asList(new String[] { "1.3.6.1.5.5.7.3.1", 945 "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 946 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", 947 "1.3.6.1.5.5.7.3.9", "1.3.6.1.5.5.7.3.5", 948 "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" })); 949 HashSet<String> ku2 = new HashSet<String>(Arrays.asList(new String[] { 950 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 951 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 952 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6" })); 953 TestCert cert1 = new TestCert(ku1); 954 TestCert cert2 = new TestCert(ku2); 955 956 X509CertSelector selector = new X509CertSelector(); 957 958 try { 959 selector.setExtendedKeyUsage(null); 960 } catch (IOException e) { 961 fail("Unexpected IOException was thrown."); 962 } 963 assertTrue("Any certificate should match in the case of null " 964 + "extendedKeyUsage criteria.", selector.match(cert1) 965 && selector.match(cert2)); 966 try { 967 selector.setExtendedKeyUsage(ku1); 968 } catch (IOException e) { 969 fail("Unexpected IOException was thrown."); 970 } 971 assertEquals(ku1, selector.getExtendedKeyUsage()); 972 973 try { 974 selector.setExtendedKeyUsage(ku2); 975 } catch (IOException e) { 976 fail("Unexpected IOException was thrown."); 977 } 978 assertEquals(ku2, selector.getExtendedKeyUsage()); 979 } 980 981 /** 982 * java.security.cert.X509CertSelector#setIssuer(byte[]) 983 */ 984 public void test_setIssuerLB$() throws CertificateException { 985 byte[] name1 = new byte[] 986 // manually obtained DER encoding of "O=First Org." issuer name; 987 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 988 116, 32, 79, 114, 103, 46 }; 989 byte[] name2 = new byte[] 990 // manually obtained DER encoding of "O=Second Org." issuer name; 991 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 992 110, 100, 32, 79, 114, 103, 46 }; 993 X500Principal iss1 = new X500Principal(name1); 994 X500Principal iss2 = new X500Principal(name2); 995 TestCert cert1 = new TestCert(iss1); 996 TestCert cert2 = new TestCert(iss2); 997 998 X509CertSelector selector = new X509CertSelector(); 999 1000 try { 1001 selector.setIssuer((byte[]) null); 1002 } catch (IOException e) { 1003 fail("Unexpected IOException was thrown."); 1004 } 1005 assertTrue("Any certificates should match " 1006 + "in the case of null issuer criteria.", selector.match(cert1) 1007 && selector.match(cert2)); 1008 try { 1009 selector.setIssuer(name1); 1010 } catch (IOException e) { 1011 fail("Unexpected IOException was thrown."); 1012 } 1013 assertTrue("The certificate should match the selection criteria.", 1014 selector.match(cert1)); 1015 assertFalse("The certificate should not match the selection criteria.", 1016 selector.match(cert2)); 1017 try { 1018 selector.setIssuer(name2); 1019 } catch (IOException e) { 1020 fail("Unexpected IOException was thrown."); 1021 } 1022 assertTrue("The certificate should match the selection criteria.", 1023 selector.match(cert2)); 1024 } 1025 1026 /** 1027 * java.security.cert.X509CertSelector#setIssuer(java.lang.String) 1028 */ 1029 public void test_setIssuerLjava_lang_String() throws CertificateException { 1030 1031 String name1 = "O=First Org."; 1032 String name2 = "O=Second Org."; 1033 X500Principal iss1 = new X500Principal(name1); 1034 X500Principal iss2 = new X500Principal(name2); 1035 TestCert cert1 = new TestCert(iss1); 1036 TestCert cert2 = new TestCert(iss2); 1037 1038 X509CertSelector selector = new X509CertSelector(); 1039 1040 try { 1041 selector.setIssuer((String) null); 1042 } catch (IOException e) { 1043 fail("Unexpected IOException was thrown."); 1044 } 1045 assertTrue("Any certificates should match " 1046 + "in the case of null issuer criteria.", selector.match(cert1) 1047 && selector.match(cert2)); 1048 try { 1049 selector.setIssuer(name1); 1050 } catch (IOException e) { 1051 fail("Unexpected IOException was thrown."); 1052 } 1053 assertTrue("The certificate should match the selection criteria.", 1054 selector.match(cert1)); 1055 assertFalse("The certificate should not match the selection criteria.", 1056 selector.match(cert2)); 1057 try { 1058 selector.setIssuer(name2); 1059 } catch (IOException e) { 1060 fail("Unexpected IOException was thrown."); 1061 } 1062 assertTrue("The certificate should match the selection criteria.", 1063 selector.match(cert2)); 1064 } 1065 1066 /** 1067 * java.security.cert.X509CertSelector#setIssuer(javax.security.auth.x500.X500Principal) 1068 */ 1069 public void test_setIssuerLjavax_security_auth_x500_X500Principal() 1070 throws CertificateException { 1071 X500Principal iss1 = new X500Principal("O=First Org."); 1072 X500Principal iss2 = new X500Principal("O=Second Org."); 1073 TestCert cert1 = new TestCert(iss1); 1074 TestCert cert2 = new TestCert(iss2); 1075 X509CertSelector selector = new X509CertSelector(); 1076 1077 selector.setIssuer((X500Principal) null); 1078 assertTrue("Any certificates should match " 1079 + "in the case of null issuer criteria.", selector.match(cert1) 1080 && selector.match(cert2)); 1081 selector.setIssuer(iss1); 1082 assertTrue("The certificate should match the selection criteria.", 1083 selector.match(cert1)); 1084 assertFalse("The certificate should not match the selection criteria.", 1085 selector.match(cert2)); 1086 selector.setIssuer(iss2); 1087 assertTrue("The certificate should match the selection criteria.", 1088 selector.match(cert2)); 1089 } 1090 1091 /** 1092 * java.security.cert.X509CertSelector#setKeyUsage(boolean) 1093 */ 1094 public void test_setKeyUsageZ() throws CertificateException { 1095 boolean[] ku1 = new boolean[] { true, true, true, true, true, true, 1096 true, true, true }; 1097 // decipherOnly is disallowed 1098 boolean[] ku2 = new boolean[] { true, true, true, true, true, true, 1099 true, true, false }; 1100 TestCert cert1 = new TestCert(ku1); 1101 TestCert cert2 = new TestCert(ku2); 1102 TestCert cert3 = new TestCert((boolean[]) null); 1103 1104 X509CertSelector selector = new X509CertSelector(); 1105 1106 selector.setKeyUsage(null); 1107 assertTrue("Any certificate should match in the case of null " 1108 + "keyUsage criteria.", selector.match(cert1) 1109 && selector.match(cert2)); 1110 selector.setKeyUsage(ku1); 1111 assertTrue("The certificate should match the selection criteria.", 1112 selector.match(cert1)); 1113 assertFalse("The certificate should not match the selection criteria.", 1114 selector.match(cert2)); 1115 assertTrue("The certificate which does not have a keyUsage extension " 1116 + "implicitly allows all keyUsage values.", selector 1117 .match(cert3)); 1118 selector.setKeyUsage(ku2); 1119 ku2[0] = !ku2[0]; 1120 assertTrue("The certificate should match the selection criteria.", 1121 selector.match(cert2)); 1122 } 1123 1124 /** 1125 * java.security.cert.X509CertSelector#setMatchAllSubjectAltNames(boolean) 1126 */ 1127 public void test_setMatchAllSubjectAltNamesZ() { 1128 TestCert cert = new TestCert(); 1129 X509CertSelector selector = new X509CertSelector(); 1130 1131 assertTrue(selector.match(cert)); 1132 1133 assertFalse(selector.match(null)); 1134 } 1135 1136 /** 1137 * java.security.cert.X509CertSelector#setNameConstraints(byte[] 1138 * bytes) 1139 */ 1140 public void test_setNameConstraintsLB$() throws IOException { 1141// GeneralName[] name_constraints = new GeneralName[] { 1142// new GeneralName(1, "822.Name"), 1143// new GeneralName(1, "rfc@822.Name"), 1144// new GeneralName(2, "Name.org"), 1145// new GeneralName(2, "dNS.Name.org"), 1146// 1147// new GeneralName(6, "http://Resource.Id"), 1148// new GeneralName(6, "http://uniform.Resource.Id"), 1149// new GeneralName(7, "1.1.1.1"), 1150// 1151// new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1152// 1, 1, 1, 1, 1 }), }; 1153// 1154// for (int i = 0; i < name_constraints.length; i++) { 1155// GeneralSubtree subtree = new GeneralSubtree(name_constraints[i]); 1156// GeneralSubtrees subtrees = new GeneralSubtrees(); 1157// subtrees.addSubtree(subtree); 1158// NameConstraints constraints = new NameConstraints(subtrees, 1159// subtrees); 1160// } 1161 X509CertSelector selector = new X509CertSelector(); 1162 1163 for (int i = 0; i < constraintBytes.length; i++) { 1164 selector.setNameConstraints(constraintBytes[i]); 1165 assertTrue(Arrays.equals(constraintBytes[i], selector 1166 .getNameConstraints())); 1167 } 1168 } 1169 1170 /** 1171 * java.security.cert.X509CertSelector#setPathToNames(Collection<List<?>>) 1172 */ 1173 public void test_setPathToNamesLjava_util_Collection() { 1174 try { 1175 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", 1176 new byte[] { 1, 2, 0, 1 })); 1177 GeneralName san1 = new GeneralName(1, "rfc@822.Name"); 1178 GeneralName san2 = new GeneralName(2, "dNSName"); 1179 GeneralName san3 = new GeneralName(new ORAddress()); 1180 GeneralName san4 = new GeneralName(new Name("O=Organization")); 1181 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 1182 GeneralName san7 = new GeneralName(7, "1.1.1.1"); 1183 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 1184 1185 GeneralNames sans1 = new GeneralNames(); 1186 sans1.addName(san0); 1187 sans1.addName(san1); 1188 sans1.addName(san2); 1189 sans1.addName(san3); 1190 sans1.addName(san4); 1191 sans1.addName(san6); 1192 sans1.addName(san7); 1193 sans1.addName(san8); 1194 GeneralNames sans2 = new GeneralNames(); 1195 sans2.addName(san0); 1196 1197 TestCert cert1 = new TestCert(sans1); 1198 TestCert cert2 = new TestCert(sans2); 1199 X509CertSelector selector = new X509CertSelector(); 1200 selector.setMatchAllSubjectAltNames(true); 1201 1202 selector.setPathToNames(null); 1203 assertTrue("Any certificate should match in the case of null " 1204 + "subjectAlternativeNames criteria.", selector 1205 .match(cert1) 1206 && selector.match(cert2)); 1207 1208 Collection<List<?>> sans = sans1.getPairsList(); 1209 1210 selector.setPathToNames(sans); 1211 selector.getPathToNames(); 1212 } catch (IOException e) { 1213 e.printStackTrace(); 1214 fail("Unexpected IOException was thrown."); 1215 } 1216 } 1217 1218 /** 1219 * java.security.cert.X509CertSelector#setPolicy(Set<String>) 1220 */ 1221 public void test_setPolicyLjava_util_Set() throws IOException { 1222 String[] policies1 = new String[] { "1.3.6.1.5.5.7.3.1", 1223 "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4", 1224 "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", "1.3.6.1.5.5.7.3.5", 1225 "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" }; 1226 1227 String[] policies2 = new String[] { "1.3.6.7.3.1" }; 1228 1229 HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1)); 1230 HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2)); 1231 1232 X509CertSelector selector = new X509CertSelector(); 1233 1234 TestCert cert1 = new TestCert(policies1); 1235 TestCert cert2 = new TestCert(policies2); 1236 1237 selector.setPolicy(null); 1238 assertTrue("Any certificate should match in the case of null " 1239 + "privateKeyValid criteria.", selector.match(cert1) 1240 && selector.match(cert2)); 1241 1242 selector.setPolicy(p1); 1243 assertTrue("The certificate should match the selection criteria.", 1244 selector.match(cert1)); 1245 assertFalse("The certificate should not match the selection criteria.", 1246 selector.match(cert2)); 1247 1248 selector.setPolicy(p2); 1249 assertFalse("The certificate should not match the selection criteria.", 1250 selector.match(cert1)); 1251 assertTrue("The certificate should match the selection criteria.", 1252 selector.match(cert2)); 1253 } 1254 1255 /** 1256 * java.security.cert.X509CertSelector#setPrivateKeyValid(java.util.Date) 1257 */ 1258 public void test_setPrivateKeyValidLjava_util_Date() 1259 throws CertificateException { 1260 Date date1 = new Date(100000000); 1261 Date date2 = new Date(200000000); 1262 Date date3 = new Date(300000000); 1263 Date date4 = new Date(150000000); 1264 Date date5 = new Date(250000000); 1265 TestCert cert1 = new TestCert(date1, date2); 1266 TestCert cert2 = new TestCert(date2, date3); 1267 1268 X509CertSelector selector = new X509CertSelector(); 1269 1270 selector.setPrivateKeyValid(null); 1271 assertTrue("Any certificate should match in the case of null " 1272 + "privateKeyValid criteria.", selector.match(cert1) 1273 && selector.match(cert2)); 1274 selector.setPrivateKeyValid(date4); 1275 assertTrue("The certificate should match the selection criteria.", 1276 selector.match(cert1)); 1277 assertFalse("The certificate should not match the selection criteria.", 1278 selector.match(cert2)); 1279 selector.setPrivateKeyValid(date5); 1280 date5.setTime(date4.getTime()); 1281 assertTrue("The certificate should match the selection criteria.", 1282 selector.match(cert2)); 1283 } 1284 1285 /** 1286 * java.security.cert.X509CertSelector#setSerialNumber(java.math.BigInteger) 1287 */ 1288 public void test_setSerialNumberLjava_math_BigInteger() 1289 throws CertificateException { 1290 BigInteger ser1 = new BigInteger("10000"); 1291 BigInteger ser2 = new BigInteger("10001"); 1292 TestCert cert1 = new TestCert(ser1); 1293 TestCert cert2 = new TestCert(ser2); 1294 X509CertSelector selector = new X509CertSelector(); 1295 1296 selector.setSerialNumber(null); 1297 assertTrue("Any certificate should match in the case of null " 1298 + "serialNumber criteria.", selector.match(cert1) 1299 && selector.match(cert2)); 1300 selector.setSerialNumber(ser1); 1301 assertTrue("The certificate should match the selection criteria.", 1302 selector.match(cert1)); 1303 assertFalse("The certificate should not match the selection criteria.", 1304 selector.match(cert2)); 1305 selector.setSerialNumber(ser2); 1306 assertTrue("The certificate should match the selection criteria.", 1307 selector.match(cert2)); 1308 } 1309 1310 /** 1311 * java.security.cert.X509CertSelector#setSubject(byte[]) 1312 */ 1313 public void test_setSubjectLB$() throws CertificateException { 1314 byte[] name1 = new byte[] 1315 // manually obtained DER encoding of "O=First Org." issuer name; 1316 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 1317 116, 32, 79, 114, 103, 46 }; 1318 byte[] name2 = new byte[] 1319 // manually obtained DER encoding of "O=Second Org." issuer name; 1320 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 1321 110, 100, 32, 79, 114, 103, 46 }; 1322 X500Principal sub1 = new X500Principal(name1); 1323 X500Principal sub2 = new X500Principal(name2); 1324 TestCert cert1 = new TestCert(sub1); 1325 TestCert cert2 = new TestCert(sub2); 1326 1327 X509CertSelector selector = new X509CertSelector(); 1328 1329 try { 1330 selector.setSubject((byte[]) null); 1331 } catch (IOException e) { 1332 fail("Unexpected IOException was thrown."); 1333 } 1334 assertTrue("Any certificates should match " 1335 + "in the case of null issuer criteria.", selector.match(cert1) 1336 && selector.match(cert2)); 1337 try { 1338 selector.setSubject(name1); 1339 } catch (IOException e) { 1340 fail("Unexpected IOException was thrown."); 1341 } 1342 assertTrue("The certificate should match the selection criteria.", 1343 selector.match(cert1)); 1344 assertFalse("The certificate should not match the selection criteria.", 1345 selector.match(cert2)); 1346 try { 1347 selector.setSubject(name2); 1348 } catch (IOException e) { 1349 fail("Unexpected IOException was thrown."); 1350 } 1351 assertTrue("The certificate should match the selection criteria.", 1352 selector.match(cert2)); 1353 } 1354 1355 /** 1356 * java.security.cert.X509CertSelector#setSubject(java.lang.String) 1357 */ 1358 public void test_setSubjectLjava_lang_String() throws CertificateException { 1359 String name1 = "O=First Org."; 1360 String name2 = "O=Second Org."; 1361 X500Principal sub1 = new X500Principal(name1); 1362 X500Principal sub2 = new X500Principal(name2); 1363 TestCert cert1 = new TestCert(sub1); 1364 TestCert cert2 = new TestCert(sub2); 1365 X509CertSelector selector = new X509CertSelector(); 1366 1367 try { 1368 selector.setSubject((String) null); 1369 } catch (IOException e) { 1370 fail("Unexpected IOException was thrown."); 1371 } 1372 assertTrue("Any certificates should match " 1373 + "in the case of null subject criteria.", selector 1374 .match(cert1) 1375 && selector.match(cert2)); 1376 try { 1377 selector.setSubject(name1); 1378 } catch (IOException e) { 1379 fail("Unexpected IOException was thrown."); 1380 } 1381 assertTrue("The certificate should match the selection criteria.", 1382 selector.match(cert1)); 1383 assertFalse("The certificate should not match the selection criteria.", 1384 selector.match(cert2)); 1385 try { 1386 selector.setSubject(name2); 1387 } catch (IOException e) { 1388 fail("Unexpected IOException was thrown."); 1389 } 1390 assertTrue("The certificate should match the selection criteria.", 1391 selector.match(cert2)); 1392 } 1393 1394 /** 1395 * java.security.cert.X509CertSelector#setSubject(javax.security.auth.x500.X500Principal) 1396 */ 1397 public void test_setSubjectLjavax_security_auth_x500_X500Principal() 1398 throws CertificateException { 1399 X500Principal sub1 = new X500Principal("O=First Org."); 1400 X500Principal sub2 = new X500Principal("O=Second Org."); 1401 TestCert cert1 = new TestCert(sub1); 1402 TestCert cert2 = new TestCert(sub2); 1403 X509CertSelector selector = new X509CertSelector(); 1404 1405 selector.setSubject((X500Principal) null); 1406 assertTrue("Any certificates should match " 1407 + "in the case of null subjcet criteria.", selector 1408 .match(cert1) 1409 && selector.match(cert2)); 1410 selector.setSubject(sub1); 1411 assertTrue("The certificate should match the selection criteria.", 1412 selector.match(cert1)); 1413 assertFalse("The certificate should not match the selection criteria.", 1414 selector.match(cert2)); 1415 selector.setSubject(sub2); 1416 assertTrue("The certificate should match the selection criteria.", 1417 selector.match(cert2)); 1418 } 1419 1420 /** 1421 * java.security.cert.X509CertSelector#setSubjectAlternativeNames(Collection<List<?>>) 1422 */ 1423 public void test_setSubjectAlternativeNamesLjava_util_Collection() { 1424 1425 try { 1426 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", 1427 new byte[] { 1, 2, 0, 1 })); 1428 GeneralName san1 = new GeneralName(1, "rfc@822.Name"); 1429 GeneralName san2 = new GeneralName(2, "dNSName"); 1430 GeneralName san3 = new GeneralName(new ORAddress()); 1431 GeneralName san4 = new GeneralName(new Name("O=Organization")); 1432 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 1433 GeneralName san7 = new GeneralName(7, "1.1.1.1"); 1434 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 1435 1436 GeneralNames sans1 = new GeneralNames(); 1437 sans1.addName(san0); 1438 sans1.addName(san1); 1439 sans1.addName(san2); 1440 sans1.addName(san3); 1441 sans1.addName(san4); 1442 sans1.addName(san6); 1443 sans1.addName(san7); 1444 sans1.addName(san8); 1445 GeneralNames sans2 = new GeneralNames(); 1446 sans2.addName(san0); 1447 1448 TestCert cert1 = new TestCert(sans1); 1449 TestCert cert2 = new TestCert(sans2); 1450 X509CertSelector selector = new X509CertSelector(); 1451 selector.setMatchAllSubjectAltNames(true); 1452 1453 selector.setSubjectAlternativeNames(null); 1454 assertTrue("Any certificate should match in the case of null " 1455 + "subjectAlternativeNames criteria.", selector 1456 .match(cert1) 1457 && selector.match(cert2)); 1458 1459 Collection<List<?>> sans = sans1.getPairsList(); 1460 1461 selector.setSubjectAlternativeNames(sans); 1462 1463 selector.getSubjectAlternativeNames(); 1464 } catch (IOException e) { 1465 e.printStackTrace(); 1466 fail("Unexpected IOException was thrown."); 1467 } 1468 } 1469 1470 /** 1471 * java.security.cert.X509CertSelector#setSubjectKeyIdentifier(byte[]) 1472 */ 1473 public void test_setSubjectKeyIdentifierLB$() throws CertificateException { 1474 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 1475 byte[] skid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value 1476 TestCert cert1 = new TestCert(skid1); 1477 TestCert cert2 = new TestCert(skid2); 1478 X509CertSelector selector = new X509CertSelector(); 1479 1480 selector.setSubjectKeyIdentifier(null); 1481 assertTrue("Any certificate should match in the case of null " 1482 + "serialNumber criteria.", selector.match(cert1) 1483 && selector.match(cert2)); 1484 selector.setSubjectKeyIdentifier(skid1); 1485 assertTrue("The certificate should match the selection criteria.", 1486 selector.match(cert1)); 1487 assertFalse("The certificate should not match the selection criteria.", 1488 selector.match(cert2)); 1489 selector.setSubjectKeyIdentifier(skid2); 1490 skid2[0]++; 1491 assertTrue("The certificate should match the selection criteria.", 1492 selector.match(cert2)); 1493 } 1494 1495 /** 1496 * java.security.cert.X509CertSelector#setSubjectPublicKey(byte[]) 1497 */ 1498 public void test_setSubjectPublicKeyLB$() throws Exception { 1499 1500 //SubjectPublicKeyInfo ::= SEQUENCE { 1501 // algorithm AlgorithmIdentifier, 1502 // subjectPublicKey BIT STRING } 1503 byte[] enc = { 0x30, 0x0E, // SEQUENCE 1504 0x30, 0x07, // SEQUENCE 1505 0x06, 0x02, 0x03, 0x05,//OID 1506 0x01, 0x01, 0x07, //ANY 1507 0x03, 0x03, 0x01, 0x01, 0x06, // subjectPublicKey 1508 }; 1509 1510 X509CertSelector selector = new X509CertSelector(); 1511 1512 selector.setSubjectPublicKey(enc); 1513 PublicKey key = selector.getSubjectPublicKey(); 1514 assertEquals("0.3.5", key.getAlgorithm()); 1515 assertEquals("X.509", key.getFormat()); 1516 assertTrue(Arrays.equals(enc, key.getEncoded())); 1517 assertNotNull(key.toString()); 1518 } 1519 1520 /** 1521 * java.security.cert.X509CertSelector#setSubjectPublicKey(java.security.PublicKey key) 1522 */ 1523 public void test_setSubjectPublicKeyLjava_security_PublicKey() 1524 throws CertificateException { 1525 PublicKey pkey1 = null; 1526 PublicKey pkey2 = null; 1527 try { 1528 pkey1 = new TestKeyPair("RSA").getPublic(); 1529 pkey2 = new TestKeyPair("DSA").getPublic(); 1530 } catch (Exception e) { 1531 fail("Unexpected Exception was thrown: " + e.getMessage()); 1532 } 1533 1534 TestCert cert1 = new TestCert(pkey1); 1535 TestCert cert2 = new TestCert(pkey2); 1536 X509CertSelector selector = new X509CertSelector(); 1537 1538 selector.setSubjectPublicKey((PublicKey) null); 1539 assertTrue("Any certificate should match in the case of null " 1540 + "subjectPublicKey criteria.", selector.match(cert1) 1541 && selector.match(cert2)); 1542 selector.setSubjectPublicKey(pkey1); 1543 assertTrue("The certificate should match the selection criteria.", 1544 selector.match(cert1)); 1545 assertFalse("The certificate should not match the selection criteria.", 1546 selector.match(cert2)); 1547 selector.setSubjectPublicKey(pkey2); 1548 assertTrue("The certificate should match the selection criteria.", 1549 selector.match(cert2)); 1550 } 1551 1552 /** 1553 * java.security.cert.X509CertSelector#setSubjectPublicKeyAlgID(java.lang.String) 1554 */ 1555 public void test_setSubjectPublicKeyAlgIDLjava_lang_String() 1556 throws CertificateException { 1557 1558 X509CertSelector selector = new X509CertSelector(); 1559 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA (source: 1560 // http://asn1.elibel.tm.fr) 1561 String pkaid2 = "1.2.840.10040.4.1"; // DSA (source: 1562 // http://asn1.elibel.tm.fr) 1563 PublicKey pkey1; 1564 PublicKey pkey2; 1565 try { 1566 pkey1 = new TestKeyPair("RSA").getPublic(); 1567 pkey2 = new TestKeyPair("DSA").getPublic(); 1568 } catch (Exception e) { 1569 e.printStackTrace(); 1570 fail("Unexpected Exception was thrown: " + e.getMessage()); 1571 return; 1572 } 1573 TestCert cert1 = new TestCert(pkey1); 1574 TestCert cert2 = new TestCert(pkey2); 1575 1576 try { 1577 selector.setSubjectPublicKeyAlgID(null); 1578 } catch (IOException e) { 1579 1580 fail("Unexpected IOException was thrown."); 1581 } 1582 assertTrue("Any certificate should match in the case of null " 1583 + "subjectPublicKeyAlgID criteria.", selector.match(cert1) 1584 && selector.match(cert2)); 1585 1586 String[] validOIDs = { "0.0.20", "1.25.0", "2.0.39", "0.2.10", "1.35.15", 1587 "2.17.89", "2.5.29.16", "2.5.29.17", "2.5.29.30", "2.5.29.32", 1588 "2.5.29.37" }; 1589 1590 for (int i = 0; i < validOIDs.length; i++) { 1591 try { 1592 selector.setSubjectPublicKeyAlgID(validOIDs[i]); 1593 assertEquals(validOIDs[i], selector.getSubjectPublicKeyAlgID()); 1594 } catch (IOException e) { 1595 fail("Unexpected exception " + e.getMessage()); 1596 } 1597 } 1598 1599 String[] invalidOIDs = { "0.20", "1.25", "2.39", "3.10"}; 1600 for (int i = 0; i < invalidOIDs.length; i++) { 1601 try { 1602 selector.setSubjectPublicKeyAlgID(invalidOIDs[i]); 1603 fail("IOException wasn't thrown for " + invalidOIDs[i]); 1604 } catch (IOException e) { 1605 } 1606 } 1607 1608 try { 1609 selector.setSubjectPublicKeyAlgID(pkaid1); 1610 } catch (IOException e) { 1611 fail("Unexpected IOException was thrown."); 1612 } 1613 assertTrue("The certificate should match the selection criteria.", 1614 selector.match(cert1)); 1615 assertFalse("The certificate should not match the selection criteria.", 1616 selector.match(cert2)); 1617 try { 1618 selector.setSubjectPublicKeyAlgID(pkaid2); 1619 } catch (IOException e) { 1620 fail("Unexpected IOException was thrown."); 1621 } 1622 assertTrue("The certificate should match the selection criteria.", 1623 selector.match(cert2)); 1624 } 1625 1626 /** 1627 * java.security.cert.X509CertSelector#toString() 1628 */ 1629 public void test_toString() { 1630 X509CertSelector selector = new X509CertSelector(); 1631 assertNotNull(selector.toString()); 1632 } 1633 1634 public class MyPublicKey implements PublicKey { 1635 private static final long serialVersionUID = 2899528375354645752L; 1636 1637 public MyPublicKey() { 1638 super(); 1639 } 1640 1641 public String getAlgorithm() { 1642 return "PublicKey"; 1643 } 1644 1645 public String getFormat() { 1646 return "Format"; 1647 } 1648 1649 public byte[] getEncoded() { 1650 return new byte[0]; 1651 } 1652 1653 public long getSerVerUID() { 1654 return serialVersionUID; 1655 } 1656 } 1657 1658 private class TestCert extends X509Certificate { 1659 1660 private static final long serialVersionUID = 176676115254260405L; 1661 1662 /* Stuff fields */ 1663 protected String equalCriteria = null; // to simplify method equals() 1664 1665 protected BigInteger serialNumber = null; 1666 1667 protected X500Principal issuer = null; 1668 1669 protected X500Principal subject = null; 1670 1671 protected byte[] keyIdentifier = null; 1672 1673 protected Date date = null; 1674 1675 protected Date notBefore = null; 1676 1677 protected Date notAfter = null; 1678 1679 protected PublicKey key = null; 1680 1681 protected boolean[] keyUsage = null; 1682 1683 protected List<String> extKeyUsage = null; 1684 1685 protected int pathLen = 1; 1686 1687 protected GeneralNames sans = null; 1688 1689 protected byte[] encoding = null; 1690 1691 protected String[] policies = null; 1692 1693 protected Collection<List<?>> collection = null; 1694 1695 protected NameConstraints nameConstraints = null; 1696 1697 /* Stuff methods */ 1698 public TestCert() { 1699 } 1700 1701 public TestCert(GeneralNames sans) { 1702 setSubjectAlternativeNames(sans); 1703 } 1704 1705 public TestCert(NameConstraints nameConstraints) { 1706 this.nameConstraints = nameConstraints; 1707 } 1708 1709 public TestCert(Collection<List<?>> collection) { 1710 setCollection(collection); 1711 } 1712 1713 public TestCert(String equalCriteria) { 1714 setEqualCriteria(equalCriteria); 1715 } 1716 1717 public TestCert(String[] policies) { 1718 setPolicies(policies); 1719 } 1720 1721 public TestCert(BigInteger serial) { 1722 setSerialNumber(serial); 1723 } 1724 1725 public TestCert(X500Principal principal) { 1726 setIssuer(principal); 1727 setSubject(principal); 1728 } 1729 1730 public TestCert(byte[] array) { 1731 setKeyIdentifier(array); 1732 } 1733 1734 public TestCert(Date date) { 1735 setDate(date); 1736 } 1737 1738 public TestCert(Date notBefore, Date notAfter) { 1739 setPeriod(notBefore, notAfter); 1740 } 1741 1742 public TestCert(PublicKey key) { 1743 setPublicKey(key); 1744 } 1745 1746 public TestCert(boolean[] keyUsage) { 1747 setKeyUsage(keyUsage); 1748 } 1749 1750 public TestCert(Set<String> extKeyUsage) { 1751 setExtendedKeyUsage(extKeyUsage); 1752 } 1753 1754 public TestCert(int pathLen) { 1755 this.pathLen = pathLen; 1756 } 1757 1758 public void setSubjectAlternativeNames(GeneralNames sans) { 1759 this.sans = sans; 1760 } 1761 1762 public void setCollection(Collection<List<?>> collection) { 1763 this.collection = collection; 1764 } 1765 1766 public void setPolicies(String[] policies) { 1767 this.policies = policies; 1768 } 1769 1770 public void setExtendedKeyUsage(Set<String> extKeyUsage) { 1771 this.extKeyUsage = (extKeyUsage == null) ? null : new ArrayList<String>( 1772 extKeyUsage); 1773 } 1774 1775 public void setKeyUsage(boolean[] keyUsage) { 1776 this.keyUsage = (keyUsage == null) ? null : (boolean[]) keyUsage 1777 .clone(); 1778 } 1779 1780 public void setPublicKey(PublicKey key) { 1781 this.key = key; 1782 } 1783 1784 public void setPeriod(Date notBefore, Date notAfter) { 1785 this.notBefore = notBefore; 1786 this.notAfter = notAfter; 1787 } 1788 1789 public void setSerialNumber(BigInteger serial) { 1790 this.serialNumber = serial; 1791 } 1792 1793 public void setEqualCriteria(String equalCriteria) { 1794 this.equalCriteria = equalCriteria; 1795 } 1796 1797 public void setIssuer(X500Principal issuer) { 1798 this.issuer = issuer; 1799 } 1800 1801 public void setSubject(X500Principal subject) { 1802 this.subject = subject; 1803 } 1804 1805 public void setKeyIdentifier(byte[] subjectKeyID) { 1806 this.keyIdentifier = (byte[]) subjectKeyID.clone(); 1807 } 1808 1809 public void setDate(Date date) { 1810 this.date = new Date(date.getTime()); 1811 } 1812 1813 public void setEncoding(byte[] encoding) { 1814 this.encoding = encoding; 1815 } 1816 1817 /* Method implementations */ 1818 public boolean equals(Object cert) { 1819 if (cert == null) { 1820 return false; 1821 } 1822 if ((equalCriteria == null) 1823 || (((TestCert) cert).equalCriteria == null)) { 1824 return false; 1825 } else { 1826 return equalCriteria.equals(((TestCert) cert).equalCriteria); 1827 } 1828 } 1829 1830 public String toString() { 1831 if (equalCriteria != null) { 1832 return equalCriteria; 1833 } 1834 return ""; 1835 } 1836 1837 public void checkValidity() throws CertificateExpiredException, 1838 CertificateNotYetValidException { 1839 } 1840 1841 public void checkValidity(Date date) 1842 throws CertificateExpiredException, 1843 CertificateNotYetValidException { 1844 if (this.date == null) { 1845 throw new CertificateExpiredException(); 1846 } 1847 int result = this.date.compareTo(date); 1848 if (result > 0) { 1849 throw new CertificateExpiredException(); 1850 } 1851 if (result < 0) { 1852 throw new CertificateNotYetValidException(); 1853 } 1854 } 1855 1856 public int getVersion() { 1857 return 3; 1858 } 1859 1860 public BigInteger getSerialNumber() { 1861 return (serialNumber == null) ? new BigInteger("1111") 1862 : serialNumber; 1863 } 1864 1865 public Principal getIssuerDN() { 1866 return issuer; 1867 } 1868 1869 public X500Principal getIssuerX500Principal() { 1870 return issuer; 1871 } 1872 1873 public Principal getSubjectDN() { 1874 return subject; 1875 } 1876 1877 public X500Principal getSubjectX500Principal() { 1878 return subject; 1879 } 1880 1881 public Date getNotBefore() { 1882 return null; 1883 } 1884 1885 public Date getNotAfter() { 1886 return null; 1887 } 1888 1889 public byte[] getTBSCertificate() throws CertificateEncodingException { 1890 return null; 1891 } 1892 1893 public byte[] getSignature() { 1894 return null; 1895 } 1896 1897 public String getSigAlgName() { 1898 return null; 1899 } 1900 1901 public String getSigAlgOID() { 1902 return null; 1903 } 1904 1905 public byte[] getSigAlgParams() { 1906 return null; 1907 } 1908 1909 public boolean[] getIssuerUniqueID() { 1910 return null; 1911 } 1912 1913 public boolean[] getSubjectUniqueID() { 1914 return null; 1915 } 1916 1917 public boolean[] getKeyUsage() { 1918 return keyUsage; 1919 } 1920 1921 public List<String> getExtendedKeyUsage() 1922 throws CertificateParsingException { 1923 return extKeyUsage; 1924 } 1925 1926 public int getBasicConstraints() { 1927 return pathLen; 1928 } 1929 1930 public void verify(PublicKey key) throws CertificateException, 1931 NoSuchAlgorithmException, InvalidKeyException, 1932 NoSuchProviderException, SignatureException { 1933 } 1934 1935 public void verify(PublicKey key, String sigProvider) 1936 throws CertificateException, NoSuchAlgorithmException, 1937 InvalidKeyException, NoSuchProviderException, 1938 SignatureException { 1939 } 1940 1941 public PublicKey getPublicKey() { 1942 return key; 1943 } 1944 1945 public byte[] getEncoded() throws CertificateEncodingException { 1946 return encoding; 1947 } 1948 1949 public Set<String> getNonCriticalExtensionOIDs() { 1950 return null; 1951 } 1952 1953 public Set<String> getCriticalExtensionOIDs() { 1954 return null; 1955 } 1956 1957 public byte[] getExtensionValue(String oid) { 1958 1959 if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) { 1960 // Extension value is represented as an OctetString 1961 return ASN1OctetString.getInstance().encode(keyIdentifier); 1962 } 1963 if ("2.5.29.16".equals(oid)) { 1964 PrivateKeyUsagePeriod pkup = new PrivateKeyUsagePeriod( 1965 notBefore, notAfter); 1966 byte[] encoded = pkup.getEncoded(); 1967 return ASN1OctetString.getInstance().encode(encoded); 1968 } 1969 if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) { 1970 ASN1Oid[] oa = new ASN1Oid[extKeyUsage.size()]; 1971 String[] val = new String[extKeyUsage.size()]; 1972 Iterator it = extKeyUsage.iterator(); 1973 int id = 0; 1974 while (it.hasNext()) { 1975 oa[id] = ASN1Oid.getInstanceForString(); 1976 val[id++] = (String) it.next(); 1977 } 1978 return ASN1OctetString.getInstance().encode( 1979 new ASN1Sequence(oa).encode(val)); 1980 } 1981 if ("2.5.29.19".equals(oid)) { 1982 return ASN1OctetString.getInstance().encode( 1983 new ASN1Sequence(new ASN1Type[] { 1984 ASN1Boolean.getInstance(), 1985 ASN1Integer.getInstance() }) 1986 .encode(new Object[] { 1987 new Boolean(pathLen != 1), 1988 BigInteger.valueOf(pathLen) 1989 .toByteArray() })); 1990 } 1991 if ("2.5.29.17".equals(oid) && (sans != null)) { 1992 if (sans.getNames() == null) { 1993 return null; 1994 } 1995 return ASN1OctetString.getInstance().encode( 1996 GeneralNames.ASN1.encode(sans)); 1997 } 1998 if ("2.5.29.32".equals(oid) && (policies != null) 1999 && (policies.length > 0)) { 2000 // Certificate Policies Extension (as specified in rfc 3280) 2001 CertificatePolicies certificatePolicies = new CertificatePolicies(); 2002 for (int i = 0; i < policies.length; i++) { 2003 PolicyInformation policyInformation = new PolicyInformation( 2004 policies[i]); 2005 certificatePolicies.addPolicyInformation(policyInformation); 2006 } 2007 return ASN1OctetString.getInstance().encode( 2008 certificatePolicies.getEncoded()); 2009 } 2010 if ("2.5.29.30".equals(oid) && (nameConstraints != null)) { // 2011 // Name 2012 // Constraints 2013 // Extension 2014 // (as 2015 // specified 2016 // in 2017 // rfc 2018 // 3280) 2019 return ASN1OctetString.getInstance().encode( 2020 nameConstraints.getEncoded()); 2021 } 2022 2023 return null; 2024 } 2025 2026 public boolean hasUnsupportedCriticalExtension() { 2027 return false; 2028 } 2029 2030 } 2031 2032 public X509Certificate rootCertificate; 2033 2034 public X509Certificate endCertificate; 2035 2036 public MyCRL crl; 2037 2038 private X509CertSelector theCertSelector; 2039 2040 private CertPathBuilder builder; 2041 2042 private void setupEnvironment() throws Exception { 2043 // create certificates and CRLs 2044 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 2045 ByteArrayInputStream bi = new ByteArrayInputStream(TestUtils.rootCert.getBytes()); 2046 rootCertificate = (X509Certificate) cf.generateCertificate(bi); 2047 bi = new ByteArrayInputStream(TestUtils.endCert.getBytes()); 2048 endCertificate = (X509Certificate) cf.generateCertificate(bi); 2049 2050 BigInteger revokedSerialNumber = BigInteger.valueOf(1); 2051 crl = new MyCRL("X.509"); 2052// X509CRL rootCRL = X509CRL; 2053// X509CRL interCRL = X509CRLExample.createCRL(interCert, interPair 2054// .getPrivate(), revokedSerialNumber); 2055 2056 // create CertStore to support path building 2057 List<Object> list = new ArrayList<Object>(); 2058 2059 list.add(rootCertificate); 2060 list.add(endCertificate); 2061 2062// CollectionCertStoreParameters params = new CollectionCertStoreParameters( 2063// list); 2064// CertStore store = CertStore.getInstance("Collection", params); 2065// 2066 theCertSelector = new X509CertSelector(); 2067 theCertSelector.setCertificate(endCertificate); 2068 theCertSelector.setIssuer(endCertificate.getIssuerX500Principal() 2069 .getEncoded()); 2070 2071 // build the path 2072 builder = CertPathBuilder.getInstance("PKIX"); 2073 2074 } 2075 2076 private CertPath buildCertPath() throws InvalidAlgorithmParameterException { 2077 PKIXCertPathBuilderResult result = null; 2078 PKIXBuilderParameters buildParams = new PKIXBuilderParameters( 2079 Collections.singleton(new TrustAnchor(rootCertificate, null)), 2080 theCertSelector); 2081 try { 2082 result = (PKIXCertPathBuilderResult) builder 2083 .build(buildParams); 2084 } catch(CertPathBuilderException e) { 2085 return null; 2086 } 2087 return result.getCertPath(); 2088 } 2089 2090 /** 2091 * java.security.cert.X509CertSelector#addPathToName(int, byte[]) 2092 */ 2093 public void test_addPathToNameLintLbyte_array2() throws Exception { 2094 TestUtils.initCertPathSSCertChain(); 2095 setupEnvironment(); 2096 byte[] bytes, bytesName; 2097 // GeneralName name = new GeneralName(1, "822.Name"); 2098 // bytes = name.getEncoded(); 2099 // bytesName = name.getEncodedName(); 2100 bytes = new byte[] {-127, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2101 bytesName = new byte[] {22, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2102 bytes[bytes.length-3] = (byte) 200; 2103 2104 try { 2105 theCertSelector.addPathToName(1, bytes); 2106 } catch (IOException e) { 2107 // ok 2108 } 2109 2110 theCertSelector.setPathToNames(null); 2111 2112 theCertSelector.addPathToName(1, bytesName); 2113 assertNotNull(theCertSelector.getPathToNames()); 2114 CertPath p = buildCertPath(); 2115 assertNull(p); 2116 2117 theCertSelector.setPathToNames(null); 2118 2119// name = new GeneralName(new Name("O=Android")); 2120// theCertSelector.addPathToName(4, endCertificate.getSubjectDN().getName()); 2121 theCertSelector.addPathToName(4, TestUtils.rootCertificateSS.getIssuerX500Principal().getEncoded()); 2122 assertNotNull(theCertSelector.getPathToNames()); 2123 p = TestUtils.buildCertPathSSCertChain(); 2124 assertNotNull(p); 2125 } 2126 2127 /** 2128 * java.security.cert.X509CertSelector#addPathToName(int, String) 2129 */ 2130 public void test_addPathToNameLintLjava_lang_String2() throws Exception { 2131 setupEnvironment(); 2132 byte[] bytes, bytesName; 2133 // GeneralName name = new GeneralName(1, "822.Name"); 2134 // bytes = name.getEncoded(); 2135 // bytesName = name.getEncodedName(); 2136 bytes = new byte[] {-127, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2137 bytesName = new byte[] {22, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2138 assertNotNull(bytes); 2139 byte[] b = new byte[bytes.length]; 2140 b = bytes; 2141 b[bytes.length-3] = (byte) 200; 2142 2143 try { 2144 theCertSelector.addPathToName(1, new String(b)); 2145 } catch (IOException e) { 2146 // ok 2147 } 2148 2149 theCertSelector.setPathToNames(null); 2150 2151 theCertSelector.addPathToName(1, new String(bytesName)); 2152 assertNotNull(theCertSelector.getPathToNames()); 2153 2154 CertPath p = buildCertPath(); 2155 assertNull(p); 2156 2157 theCertSelector.setPathToNames(null); 2158 theCertSelector.addPathToName(1, rootCertificate.getIssuerX500Principal().getName()); 2159 assertNotNull(theCertSelector.getPathToNames()); 2160 //p = buildCertPath(); 2161 //assertNotNull(p); 2162 } 2163 2164 /** 2165 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[]) 2166 */ 2167 public void test_addSubjectAlternativeNameLintLbyte_array2() 2168 throws Exception { 2169 2170 2171 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", 2172 new byte[] {1, 2, 0, 1})); 2173 GeneralName san1 = new GeneralName(1, "rfc@822.Name"); 2174 GeneralName san2 = new GeneralName(2, "dNSName"); 2175 2176 GeneralNames sans1 = new GeneralNames(); 2177 sans1.addName(san0); 2178 sans1.addName(san1); 2179 sans1.addName(san2); 2180 2181 X509CertSelector selector = new X509CertSelector(); 2182 2183 selector.addSubjectAlternativeName(0, san0.getEncodedName()); 2184 selector.addSubjectAlternativeName(1, san1.getEncodedName()); 2185 selector.addSubjectAlternativeName(2, san2.getEncodedName()); 2186 2187 GeneralNames sans2 = new GeneralNames(); 2188 sans2.addName(san0); 2189 2190 TestCert cert1 = new TestCert(sans1); 2191 TestCert cert2 = new TestCert(sans2); 2192 2193 assertTrue(selector.match(cert1)); 2194 assertFalse(selector.match(cert2)); 2195 2196 selector.setSubjectAlternativeNames(null); 2197 2198 GeneralName name = new GeneralName(new Name("O=Android")); 2199 try { 2200 selector.addSubjectAlternativeName(0, name.getEncodedName()); 2201 } catch (IOException e) { 2202 // ok 2203 } 2204 2205 } 2206 2207 /** 2208 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String) 2209 */ 2210 public void test_addSubjectAlternativeNameLintLjava_lang_String2() throws Exception{ 2211 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 2212 GeneralName san2 = new GeneralName(2, "dNSName"); 2213 2214 GeneralNames sans1 = new GeneralNames(); 2215 sans1.addName(san6); 2216 sans1.addName(san2); 2217 2218 X509CertSelector selector = new X509CertSelector(); 2219 2220 selector.addSubjectAlternativeName(6, "http://uniform.Resource.Id"); 2221 selector.addSubjectAlternativeName(2, "dNSName"); 2222 2223 GeneralNames sans2 = new GeneralNames(); 2224 sans2.addName(san2); 2225 2226 TestCert cert1 = new TestCert(sans1); 2227 TestCert cert2 = new TestCert(sans2); 2228 2229 assertTrue(selector.match(cert1)); 2230 assertFalse(selector.match(cert2)); 2231 2232 selector.setSubjectAlternativeNames(null); 2233 2234 GeneralName name = new GeneralName(new Name("O=Android")); 2235 try { 2236 selector.addSubjectAlternativeName(0, (name.toString())); 2237 } catch (IOException e) { 2238 // ok 2239 } 2240 2241 } 2242} 2243