1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18/** 19* @author Alexander Y. Kleymenov 20*/ 21 22package java.security.cert; 23 24import java.io.IOException; 25import java.math.BigInteger; 26import java.security.InvalidKeyException; 27import java.security.NoSuchAlgorithmException; 28import java.security.NoSuchProviderException; 29import java.security.Principal; 30import java.security.PublicKey; 31import java.security.SignatureException; 32import java.security.cert.CRLException; 33import java.security.cert.X509CRLEntry; 34import java.util.ArrayList; 35import java.util.Collection; 36import java.util.Date; 37import java.util.Set; 38import javax.security.auth.x500.X500Principal; 39 40import org.apache.harmony.security.asn1.ASN1Integer; 41import org.apache.harmony.security.asn1.ASN1OctetString; 42 43import junit.framework.Test; 44import junit.framework.TestCase; 45import junit.framework.TestSuite; 46 47/** 48 */ 49 50public class X509CRLSelectorTest extends TestCase { 51 52 /** 53 * The abstract class stub implementation. 54 */ 55 private class TestCRL extends X509CRL { 56 57 private X500Principal principal = null; 58 private BigInteger crlNumber = null; 59 private Date thisUpdate = null; 60 private Date nextUpdate = null; 61 62 public TestCRL(X500Principal principal) { 63 this.principal = principal; 64 } 65 66 public TestCRL(Date thisUpdate, Date nextUpdate) { 67 setUpdateDates(thisUpdate, nextUpdate); 68 } 69 70 public TestCRL(BigInteger crlNumber) { 71 setCrlNumber(crlNumber); 72 } 73 74 public void setUpdateDates(Date thisUpdate, Date nextUpdate) { 75 this.thisUpdate = thisUpdate; 76 this.nextUpdate = nextUpdate; 77 } 78 79 public void setCrlNumber(BigInteger crlNumber) { 80 this.crlNumber = crlNumber; 81 } 82 83 public X500Principal getIssuerX500Principal() { 84 return principal; 85 } 86 87 public String toString() { 88 return null; 89 } 90 91 public boolean isRevoked(Certificate cert) { 92 return true; 93 } 94 95 public Set getNonCriticalExtensionOIDs() { 96 return null; 97 } 98 99 public Set getCriticalExtensionOIDs() { 100 return null; 101 } 102 103 public byte[] getExtensionValue(String oid) { 104 if ("2.5.29.20".equals(oid) && (crlNumber != null)) { 105 return ASN1OctetString.getInstance().encode( 106 ASN1Integer.getInstance().encode( 107 crlNumber.toByteArray())); 108 } 109 return null; 110 } 111 112 public boolean hasUnsupportedCriticalExtension() { 113 return false; 114 } 115 116 public byte[] getEncoded() { 117 return null; 118 } 119 120 public void verify(PublicKey key) 121 throws CRLException, NoSuchAlgorithmException, 122 InvalidKeyException, NoSuchProviderException, 123 SignatureException 124 { 125 } 126 127 public void verify(PublicKey key, String sigProvider) 128 throws CRLException, NoSuchAlgorithmException, 129 InvalidKeyException, NoSuchProviderException, 130 SignatureException 131 { 132 } 133 134 public int getVersion() { 135 return 2; 136 } 137 138 public Principal getIssuerDN() { 139 return null; 140 } 141 142 public Date getThisUpdate() { 143 return thisUpdate; 144 } 145 146 public Date getNextUpdate() { 147 return nextUpdate; 148 } 149 150 public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { 151 return null; 152 } 153 154 public Set getRevokedCertificates() { 155 return null; 156 } 157 158 public byte[] getTBSCertList() { 159 return null; 160 } 161 162 public byte[] getSignature() { 163 return null; 164 } 165 166 public String getSigAlgName() { 167 return null; 168 } 169 170 public String getSigAlgOID() { 171 return null; 172 } 173 174 public byte[] getSigAlgParams() { 175 return null; 176 } 177 } 178 179 /** 180 * setIssuers(Collection <X500Principal> issuers) method testing. 181 * Tests if CRLs with any issuers match the selector in the case of 182 * null issuerNames criteria, if specified issuers match the selector, 183 * and if not specified issuer does not match the selector. 184 */ 185 public void testSetIssuers() { 186 X509CRLSelector selector = new X509CRLSelector(); 187 X500Principal iss1 = new X500Principal("O=First Org."); 188 X500Principal iss2 = new X500Principal("O=Second Org."); 189 X500Principal iss3 = new X500Principal("O=Third Org."); 190 TestCRL crl1 = new TestCRL(iss1); 191 TestCRL crl2 = new TestCRL(iss2); 192 TestCRL crl3 = new TestCRL(iss3); 193 194 selector.setIssuers(null); 195 assertTrue("Any CRL issuers should match in the case of null issuers.", 196 selector.match(crl1) && selector.match(crl2)); 197 198 ArrayList issuers = new ArrayList(2); 199 issuers.add(iss1); 200 issuers.add(iss2); 201 selector.setIssuers(issuers); 202 assertTrue("The CRL should match the selection criteria.", 203 selector.match(crl1) && selector.match(crl2)); 204 assertFalse("The CRL should not match the selection criteria.", 205 selector.match(crl3)); 206 issuers.add(iss3); 207 assertFalse("The internal issuer collection is not protected " 208 + "against the modifications.", selector.match(crl3)); 209 } 210 211 /** 212 * setIssuerNames(Collection <?> names) method testing. 213 * Tests if CRLs with any issuers match the selector in the case of 214 * null issuerNames criteria, if specified issuers match the selector, 215 * if not specified issuer does not match the selector, and if the 216 * internal collection of issuer names is copied during initialization. 217 */ 218 public void testSetIssuerNames() { 219 X509CRLSelector selector = new X509CRLSelector(); 220 String iss1 = "O=First Org."; 221 byte[] iss2 = new byte[] 222 //manually obtained DER encoding of "O=Second Org." issuer name; 223 {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 224 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46}; 225 String iss3 = "O=Third Org."; 226 TestCRL crl1 = new TestCRL(new X500Principal(iss1)); 227 TestCRL crl2 = new TestCRL(new X500Principal(iss2)); 228 TestCRL crl3 = new TestCRL(new X500Principal(iss3)); 229 230 try { 231 selector.setIssuerNames(null); 232 } catch (IOException e) { 233 e.printStackTrace(); 234 fail("Unexpected IOException was thrown."); 235 } 236 assertTrue("Any CRL issuers should match in the case of null issuers.", 237 selector.match(crl1) && selector.match(crl2)); 238 239 ArrayList issuers = new ArrayList(2); 240 issuers.add(iss1); 241 issuers.add(iss2); 242 try { 243 selector.setIssuerNames(issuers); 244 } catch (IOException e) { 245 e.printStackTrace(); 246 fail("Unexpected IOException was thrown."); 247 } 248 assertTrue("The CRL should match the selection criteria.", 249 selector.match(crl1) && selector.match(crl2)); 250 assertFalse("The CRL should not match the selection criteria.", 251 selector.match(crl3)); 252 issuers.add(iss3); 253 assertFalse("The internal issuer collection is not protected " 254 + "against the modifications.", selector.match(crl3)); 255 } 256 257 /** 258 * addIssuer(X500Principal issuer) method testing. 259 * Tests if CRLs with specified issuers match the selector, 260 * and if not specified issuer does not match the selector. 261 */ 262 public void testAddIssuer() { 263 X509CRLSelector selector = new X509CRLSelector(); 264 X500Principal iss1 = new X500Principal("O=First Org."); 265 X500Principal iss2 = new X500Principal("O=Second Org."); 266 TestCRL crl1 = new TestCRL(iss1); 267 TestCRL crl2 = new TestCRL(iss2); 268 269 selector.addIssuer(iss1); 270 assertTrue("The CRL should match the selection criteria.", 271 selector.match(crl1)); 272 assertFalse("The CRL should not match the selection criteria.", 273 selector.match(crl2)); 274 selector.addIssuer(iss2); 275 assertTrue("The CRL should match the selection criteria.", 276 selector.match(crl2)); 277 } 278 279 /** 280 * addIssuerName(String name) method testing. 281 * Tests if CRLs with specified issuers match the selector, 282 * and if not specified issuer does not match the selector. 283 */ 284 public void testAddIssuerName1() { 285 X509CRLSelector selector = new X509CRLSelector(); 286 String iss1 = "O=First Org."; 287 String iss2 = "O=Second Org."; 288 TestCRL crl1 = new TestCRL(new X500Principal(iss1)); 289 TestCRL crl2 = new TestCRL(new X500Principal(iss2)); 290 291 try { 292 selector.addIssuerName(iss1); 293 } catch (IOException e) { 294 e.printStackTrace(); 295 fail("Unexpected IOException was thrown."); 296 } 297 assertTrue("The CRL should match the selection criteria.", 298 selector.match(crl1)); 299 assertFalse("The CRL should not match the selection criteria.", 300 selector.match(crl2)); 301 try { 302 selector.addIssuerName(iss2); 303 } catch (IOException e) { 304 e.printStackTrace(); 305 fail("Unexpected IOException was thrown."); 306 } 307 assertTrue("The CRL should match the selection criteria.", 308 selector.match(crl2)); 309 } 310 311 /** 312 * addIssuerName(byte[] name) method testing. 313 * Tests if CRLs with specified issuers match the selector, 314 * and if not specified issuer does not match the selector. 315 */ 316 public void testAddIssuerName2() { 317 X509CRLSelector selector = new X509CRLSelector(); 318 byte[] iss1 = new byte[] 319 //manually obtained DER encoding of "O=First Org." issuer name; 320 {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 321 70, 105, 114, 115, 116, 32, 79, 114, 103, 46}; 322 byte[] iss2 = new byte[] 323 //manually obtained DER encoding of "O=Second Org." issuer name; 324 {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 325 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46}; 326 TestCRL crl1 = new TestCRL(new X500Principal(iss1)); 327 TestCRL crl2 = new TestCRL(new X500Principal(iss2)); 328 329 try { 330 selector.addIssuerName(iss1); 331 } catch (IOException e) { 332 e.printStackTrace(); 333 fail("Unexpected IOException was thrown."); 334 } 335 assertTrue("The CRL should match the selection criteria.", 336 selector.match(crl1)); 337 assertFalse("The CRL should not match the selection criteria.", 338 selector.match(crl2)); 339 try { 340 selector.addIssuerName(iss2); 341 } catch (IOException e) { 342 e.printStackTrace(); 343 fail("Unexpected IOException was thrown."); 344 } 345 assertTrue("The CRL should match the selection criteria.", 346 selector.match(crl2)); 347 } 348 349 /** 350 * setMinCRLNumber(BigInteger minCRL) method testing. 351 * Tests if CRLs with any crl number value match the selector in the case of 352 * null crlNumber criteria, if specified minCRL value matches the selector, 353 * and if CRL with inappropriate crlNumber value does not match the selector. 354 */ 355 public void testSetMinCRLNumber() { 356 X509CRLSelector selector = new X509CRLSelector(); 357 BigInteger minCRL = new BigInteger("10000"); 358 TestCRL crl = new TestCRL(minCRL); 359 360 selector.setMinCRLNumber(null); 361 assertTrue("Any CRL should match in the case of null minCRLNumber.", 362 selector.match(crl)); 363 selector.setMinCRLNumber(minCRL); 364 assertTrue("The CRL should match the selection criteria.", 365 selector.match(crl)); 366 selector.setMinCRLNumber(new BigInteger("10001")); 367 assertFalse("The CRL should not match the selection criteria.", 368 selector.match(crl)); 369 } 370 371 /** 372 * setMaxCRLNumber(BigInteger maxCRL) method testing. 373 * Tests if CRLs with any crl number value match the selector in the case of 374 * null crlNumber criteria, if specified maxCRL value matches the selector, 375 * and if CRL with inappropriate crlNumber value does not match the selector. 376 */ 377 public void testSetMaxCRLNumber() { 378 X509CRLSelector selector = new X509CRLSelector(); 379 BigInteger maxCRL = new BigInteger("10000"); 380 TestCRL crl = new TestCRL(maxCRL); 381 382 selector.setMaxCRLNumber(null); 383 assertTrue("Any CRL should match in the case of null minCRLNumber.", 384 selector.match(crl)); 385 selector.setMaxCRLNumber(maxCRL); 386 assertTrue("The CRL should match the selection criteria.", 387 selector.match(crl)); 388 selector.setMaxCRLNumber(new BigInteger("9999")); 389 assertFalse("The CRL should not match the selection criteria.", 390 selector.match(crl)); 391 } 392 393 /** 394 * setDateAndTime(Date dateAndTime) method testing. 395 * Tests if CRLs with any update dates match the selector in the case of 396 * null dateAndTime criteria, if correct dates match and incorrect 397 * do not match the selector. 398 */ 399 public void testSetDateAndTime() { 400 X509CRLSelector selector = new X509CRLSelector(); 401 TestCRL crl = new TestCRL(new Date(200), new Date(300)); 402 selector.setDateAndTime(null); 403 assertTrue("Any CRL should match in the case of null dateAndTime.", 404 selector.match(crl)); 405 selector.setDateAndTime(new Date(200)); 406 assertTrue("The CRL should match the selection criteria.", 407 selector.match(crl)); 408 selector.setDateAndTime(new Date(250)); 409 assertTrue("The CRL should match the selection criteria.", 410 selector.match(crl)); 411 selector.setDateAndTime(new Date(300)); 412 assertTrue("The CRL should match the selection criteria.", 413 selector.match(crl)); 414 selector.setDateAndTime(new Date(150)); 415 assertFalse("The CRL should not match the selection criteria.", 416 selector.match(crl)); 417 selector.setDateAndTime(new Date(350)); 418 assertFalse("The CRL should not match the selection criteria.", 419 selector.match(crl)); 420 } 421 422 /** 423 * getIssuers() method testing. 424 * Tests if the method return null in the case of not specified issuers, 425 * if the returned collection corresponds to the specified issuers and 426 * this collection is unmodifiable. 427 */ 428 public void testGetIssuers() throws Exception { 429 X509CRLSelector selector = new X509CRLSelector(); 430 X500Principal iss1 = new X500Principal("O=First Org."); 431 X500Principal iss2 = new X500Principal("O=Second Org."); 432 X500Principal iss3 = new X500Principal("O=Third Org."); 433 String iss_name_1 = "O=First String DN"; 434 String iss_name_2 = "O=Second String DN"; 435 String iss_name_3 = "O=Third String DN"; 436 assertNull("The collection should be null.", 437 selector.getIssuers()); 438 selector.addIssuerName(iss_name_1); 439 selector.addIssuer(iss1); 440 selector.addIssuerName(iss_name_2); 441 selector.addIssuer(iss2); 442 selector.addIssuerName(iss_name_3); 443 444 Collection result = selector.getIssuers(); 445 assertEquals("Size does not correspond to expected", 446 5, result.size()); 447 try { 448 result.add(iss3); 449 fail("The returned collection should be unmodifiable."); 450 } catch (UnsupportedOperationException e) { 451 } 452 assertTrue("The collection should contain the specified DN.", 453 result.contains(iss1)); 454 assertTrue("The collection should contain the specified DN.", 455 result.contains(iss2)); 456 assertTrue("The collection should contain the specified DN.", 457 result.contains(new X500Principal(iss_name_1))); 458 assertTrue("The collection should contain the specified DN.", 459 result.contains(new X500Principal(iss_name_2))); 460 selector.addIssuer(iss3); 461 assertTrue("The collection should contain the specified DN.", 462 result.contains(iss3)); 463 } 464 465 /** 466 * getIssuerNames() method testing. 467 * Tests if the method return null in the case of not specified issuers, 468 * if the returned collection corresponds to the specified issuers. 469 */ 470 public void testGetIssuerNames() { 471 X509CRLSelector selector = new X509CRLSelector(); 472 byte[] iss1 = new byte[] 473 //manually obtained DER encoding of "O=First Org." issuer name; 474 {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 475 70, 105, 114, 115, 116, 32, 79, 114, 103, 46}; 476 byte[] iss2 = new byte[] 477 //manually obtained DER encoding of "O=Second Org." issuer name; 478 {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 479 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46}; 480 assertNull("The collection should be null.", 481 selector.getIssuerNames()); 482 try { 483 selector.addIssuerName(iss1); 484 selector.addIssuerName(iss2); 485 } catch (IOException e) { 486 e.printStackTrace(); 487 fail("Unexpected IOException was thrown."); 488 } 489 Collection result = selector.getIssuerNames(); 490 assertEquals("The collection should contain all of the specified DNs.", 491 2, result.size()); 492 } 493 494 /** 495 * getMinCRL() method testing. 496 * Tests if the method return null in the case of not specified minCRL 497 * criteria, and if the returned value corresponds to the specified one. 498 */ 499 public void testGetMinCRL() { 500 X509CRLSelector selector = new X509CRLSelector(); 501 assertNull("Initially the minCRL should be null.", 502 selector.getMinCRL()); 503 BigInteger minCRL = new BigInteger("10000"); 504 selector.setMinCRLNumber(minCRL); 505 assertTrue("The result should be equal to specified.", 506 minCRL.equals(selector.getMinCRL())); 507 } 508 509 /** 510 * getMaxCRL() method testing. 511 * Tests if the method return null in the case of not specified maxCRL 512 * criteria, and if the returned value corresponds to the specified one. 513 */ 514 public void testGetMaxCRL() { 515 X509CRLSelector selector = new X509CRLSelector(); 516 assertNull("Initially the maxCRL should be null.", 517 selector.getMaxCRL()); 518 BigInteger maxCRL = new BigInteger("10000"); 519 selector.setMaxCRLNumber(maxCRL); 520 assertTrue("The result should be equal to specified.", 521 maxCRL.equals(selector.getMaxCRL())); 522 } 523 524 /** 525 * getDateAndTime() method testing. 526 * Tests if the method return null in the case of not specified dateAndTime 527 * criteria, and if the returned value corresponds to the specified one. 528 */ 529 public void testGetDateAndTime() { 530 X509CRLSelector selector = new X509CRLSelector(); 531 assertNull("Initially the dateAndTime criteria should be null.", 532 selector.getDateAndTime()); 533 Date date = new Date(200); 534 selector.setDateAndTime(date); 535 assertTrue("The result should be equal to specified.", 536 date.equals(selector.getDateAndTime())); 537 } 538 539 /** 540 * match(CRL crl) method testing. 541 * Tests if the null object matches to the selector or not. 542 */ 543 public void testMatch() { 544 X509CRLSelector selector = new X509CRLSelector(); 545 assertFalse("The null object should not match", 546 selector.match((X509CRL) null)); 547 } 548 549 /** 550 * clone() method testing. 551 * Tests if the selector is cloned correctly: the crl which matche to 552 * the initial selector should match to the clone and the change of clone 553 * should not cause the change of initial selector. 554 */ 555 public void testClone() { 556 X509CRLSelector selector = new X509CRLSelector(); 557 X500Principal iss1 = new X500Principal("O=First Org."); 558 X500Principal iss2 = new X500Principal("O=Second Org."); 559 X500Principal iss3 = new X500Principal("O=Third Org."); 560 BigInteger minCRL = new BigInteger("10000"); 561 BigInteger maxCRL = new BigInteger("10000"); 562 Date date = new Date(200); 563 564 selector.addIssuer(iss1); 565 selector.addIssuer(iss2); 566 selector.setMinCRLNumber(minCRL); 567 selector.setMaxCRLNumber(maxCRL); 568 selector.setDateAndTime(date); 569 570 X509CRLSelector clone = (X509CRLSelector) selector.clone(); 571 TestCRL crl = new TestCRL(iss1); 572 crl.setCrlNumber(minCRL); 573 crl.setUpdateDates(new Date(200), new Date(200)); 574 assertTrue("The specified CRL should match the clone selector.", 575 selector.match(crl)); 576 577 clone.addIssuer(iss3); 578 assertFalse("The changes of the clone selector should not cause " 579 + "the changes of initial object", 580 selector.getIssuerNames().size() == 3); 581 } 582 583 public void testToString() { 584 X509CRLSelector selector = new X509CRLSelector(); 585 X500Principal iss1 = new X500Principal("O=First Org."); 586 X500Principal iss2 = new X500Principal("O=Second Org."); 587 BigInteger minCRL = new BigInteger("10000"); 588 BigInteger maxCRL = new BigInteger("10000"); 589 Date date = new Date(200); 590 591 selector.addIssuer(iss1); 592 selector.addIssuer(iss2); 593 selector.setMinCRLNumber(minCRL); 594 selector.setMaxCRLNumber(maxCRL); 595 selector.setDateAndTime(date); 596 597 assertNotNull("The result should not be null.", selector.toString()); 598 } 599 600 public static Test suite() { 601 return new TestSuite(X509CRLSelectorTest.class); 602 } 603 604} 605