1497b2162a919832889bf73a0b41a06ce001360efGeremy Condra/* 2497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * Copyright (C) 2012 The Android Open Source Project 3497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * 4497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * Licensed under the Apache License, Version 2.0 (the "License"); 5497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * you may not use this file except in compliance with the License. 6497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * You may obtain a copy of the License at 7497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * 8497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * http://www.apache.org/licenses/LICENSE-2.0 9497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * 10497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * Unless required by applicable law or agreed to in writing, software 11497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * distributed under the License is distributed on an "AS IS" BASIS, 12497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * See the License for the specific language governing permissions and 14497b2162a919832889bf73a0b41a06ce001360efGeremy Condra * limitations under the License. 15497b2162a919832889bf73a0b41a06ce001360efGeremy Condra */ 16497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 17497b2162a919832889bf73a0b41a06ce001360efGeremy Condrapackage com.android.org.bouncycastle.jce.provider; 18497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 190dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condraimport java.io.ByteArrayInputStream; 20497b2162a919832889bf73a0b41a06ce001360efGeremy Condraimport java.io.File; 21497b2162a919832889bf73a0b41a06ce001360efGeremy Condraimport java.io.FileOutputStream; 22497b2162a919832889bf73a0b41a06ce001360efGeremy Condraimport java.io.FileNotFoundException; 230dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condraimport java.io.InputStream; 24497b2162a919832889bf73a0b41a06ce001360efGeremy Condraimport java.io.IOException; 25497b2162a919832889bf73a0b41a06ce001360efGeremy Condraimport java.math.BigInteger; 260dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condraimport java.security.cert.CertificateFactory; 270dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condraimport java.security.cert.Certificate; 2895ecd9024afcfa417911e158663ce5f31acbd839Geremy Condraimport java.security.cert.X509Certificate; 290dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condraimport java.security.MessageDigest; 300dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condraimport java.security.PrivateKey; 310dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condraimport java.security.PublicKey; 32497b2162a919832889bf73a0b41a06ce001360efGeremy Condraimport java.util.HashSet; 33497b2162a919832889bf73a0b41a06ce001360efGeremy Condraimport java.util.Set; 34497b2162a919832889bf73a0b41a06ce001360efGeremy Condraimport junit.framework.TestCase; 35497b2162a919832889bf73a0b41a06ce001360efGeremy Condraimport com.android.org.bouncycastle.jce.provider.CertBlacklist; 360dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condraimport com.android.org.bouncycastle.crypto.Digest; 370dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condraimport com.android.org.bouncycastle.util.encoders.Base64; 38497b2162a919832889bf73a0b41a06ce001360efGeremy Condraimport com.android.org.bouncycastle.util.encoders.Hex; 39497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 40497b2162a919832889bf73a0b41a06ce001360efGeremy Condrapublic class CertBlacklistTest extends TestCase { 41497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 42497b2162a919832889bf73a0b41a06ce001360efGeremy Condra private File tmpFile; 43497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 44497b2162a919832889bf73a0b41a06ce001360efGeremy Condra private Set<String> DEFAULT_PUBKEYS; 45497b2162a919832889bf73a0b41a06ce001360efGeremy Condra private Set<String> DEFAULT_SERIALS; 46497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 470dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra public static final String TEST_CERT = "" + 480dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "MIIDsjCCAxugAwIBAgIJAPLf2gS0zYGUMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYDVQQGEwJVUzET" + 490dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEPMA0GA1UEChMGR29v" + 500dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "Z2xlMRAwDgYDVQQLEwd0ZXN0aW5nMRYwFAYDVQQDEw1HZXJlbXkgQ29uZHJhMSEwHwYJKoZIhvcN" + 510dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "AQkBFhJnY29uZHJhQGdvb2dsZS5jb20wHhcNMTIwNzE0MTc1MjIxWhcNMTIwODEzMTc1MjIxWjCB" + 520dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "mDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZp" + 530dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "ZXcxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMNR2VyZW15IENv" + 540dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "bmRyYTEhMB8GCSqGSIb3DQEJARYSZ2NvbmRyYUBnb29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA" + 550dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "A4GNADCBiQKBgQCjGGHATBYlmas+0sEECkno8LZ1KPglb/mfe6VpCT3GhSr+7br7NG/ZwGZnEhLq" + 560dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "E7YIH4fxltHmQC3Tz+jM1YN+kMaQgRRjo/LBCJdOKaMwUbkVynAH6OYsKevjrOPk8lfM5SFQzJMG" + 570dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "sA9+Tfopr5xg0BwZ1vA/+E3mE7Tr3M2UvwIDAQABo4IBADCB/TAdBgNVHQ4EFgQUhzkS9E6G+x8W" + 580dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "L4EsmRjDxu28tHUwgc0GA1UdIwSBxTCBwoAUhzkS9E6G+x8WL4EsmRjDxu28tHWhgZ6kgZswgZgx" + 590dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3" + 600dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "MQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB3Rlc3RpbmcxFjAUBgNVBAMTDUdlcmVteSBDb25k" + 610dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "cmExITAfBgkqhkiG9w0BCQEWEmdjb25kcmFAZ29vZ2xlLmNvbYIJAPLf2gS0zYGUMAwGA1UdEwQF" + 620dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYiugFDmbDOQ2U/+mqNt7o8ftlEo9SJrns6O8uTtK6AvR" + 630dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "orDrR1AXTXkuxwLSbmVfedMGOZy7Awh7iZa8hw5x9XmUudfNxvmrKVEwGQY2DZ9PXbrnta/dwbhK" + 640dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra "mWfoepESVbo7CKIhJp8gRW0h1Z55ETXD57aGJRvQS4pxkP8ANhM="; 650dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra 6695ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra public static final String TURKTRUST_1 = "" + 6795ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "MIIFPTCCBCWgAwIBAgICCCcwDQYJKoZIhvcNAQEFBQAwgawxPTA7BgNVBAMMNFTDnFJLVFJVU1Qg" + 6895ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "RWxla3Ryb25payBTdW51Y3UgU2VydGlmaWthc8SxIEhpem1ldGxlcmkxCzAJBgNVBAYTAlRSMV4w" + 6995ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "XAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnE" + 7095ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "n2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtICAyMDA1MB4XDTExMDgwODA3MDc1MVoXDTIx" + 7195ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "MDcwNjA3MDc1MVowbjELMAkGA1UEBhMCVFIxDzANBgNVBAgMBkFOS0FSQTEPMA0GA1UEBwwGQU5L" + 7295ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "QVJBMQwwCgYDVQQKDANFR08xGDAWBgNVBAsMD0VHTyBCSUxHSSBJU0xFTTEVMBMGA1UEAwwMKi5F" + 7395ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "R08uR09WLlRSMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5zoj2Bpdl7R1M/zF6Qf" + 7495ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "4su2F8vDqISKvuTuyJhNAHhFGHCsHjaixGMHspuz0l3V50kq/ECWbN8kKaeTrB112QOrWTU276iu" + 7595ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "p1Gh+OlEOiR9vlQ4VAP00dWUjD6z9HQFCi8W3EsEtiiHiYOU9BcPpPkaUbECwP4nGVwR8aPwhB5P" + 7695ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "GBJc98romdvciYkUpSOOwkuSRtooA7tRlLFu72QaNpXN1NueB36I3aajPk0YyiXy2w8XlgK7QI4P" + 7795ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "SSBnSq+QblFocWVmLhF94je7py6lCnllrIFXpR3FWZLD5GcI6HKlBS78AQ+IMBLFHhsEVw5NQj90" + 7895ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "chSZClfBWBZzIaV9RwIDAQABo4IBpDCCAaAwHwYDVR0jBBgwFoAUq042AzDS29UKaL6HpVBs/PZw" + 7995ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "pSUwHQYDVR0OBBYEFGT7G4Y9uEryRIL5Vj3qJsD047M0MA4GA1UdDwEB/wQEAwIBBjBFBgNVHSAE" + 8095ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "PjA8MDoGCWCGGAMAAwEBATAtMCsGCCsGAQUFBwIBFh9odHRwOi8vd3d3LnR1cmt0cnVzdC5jb20u" + 8195ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "dHIvc3VlMA8GA1UdEwEB/wQFMAMBAf8wSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL3d3dy50dXJr" + 8295ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "dHJ1c3QuY29tLnRyL3NpbC9UVVJLVFJVU1RfU1NMX1NJTF9zMi5jcmwwgaoGCCsGAQUFBwEBBIGd" + 8395ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "MIGaMG4GCCsGAQUFBzAChmJodHRwOi8vd3d3LnR1cmt0cnVzdC5jb20udHIvc2VydGlmaWthbGFy" + 8495ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "L1RVUktUUlVTVF9FbGVrdHJvbmlrX1N1bnVjdV9TZXJ0aWZpa2FzaV9IaXptZXRsZXJpX3MyLmNy" + 8595ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "dDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AudHVya3RydXN0LmNvbS50cjANBgkqhkiG9w0BAQUF" + 8695ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "AAOCAQEAj89QCCyoW0S20EcYDZAnvFLFmougK97Bt68iV1OM622+Cyeyf4Sz+1LBk1f9ni3fGT0Q" + 8795ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "+RWZJYWq5YuSBiLVgk3NLcxnwe3wmnvErUgq1QDtAaNlBWMEMklOlWGfJ0eWaillUskJbDd4KwgZ" + 8895ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "HDEj7g/jYEQqU1t0zoJdwM/zNsnLHkhwcWZ5PQnnbpff1Ct/1LH/8pdy2eRDmRmqniLUh8r2lZfJ" + 8995ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "eudVZG6yIbxsqP3t2JCq5c2P1jDhAGF3g9DiskH0CzsRdbVpoWdr+PY1Xz/19G8XEpX9r+IBJhLd" + 9095ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "bkpVo0Qh0A10mzFP/GUk5f/8nho2HvLaVMhWv1qKcF8IhQ=="; 9195ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra 9295ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra public static final String TURKTRUST_2 = "" + 9395ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "MIID8DCCAtigAwIBAgICCGQwDQYJKoZIhvcNAQEFBQAwgawxPTA7BgNVBAMMNFTDnFJLVFJVU1Qg" + 9495ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "RWxla3Ryb25payBTdW51Y3UgU2VydGlmaWthc8SxIEhpem1ldGxlcmkxCzAJBgNVBAYTAlRSMV4w" + 9595ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "XAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnE" + 9695ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "n2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtICAyMDA1MB4XDTExMDgwODA3MDc1MVoXDTIx" + 9795ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "MDgwNTA3MDc1MVowgaMxCzAJBgNVBAYTAlRSMRAwDgYDVQQIEwdMZWZrb3NhMRAwDgYDVQQHEwdM" + 9895ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "ZWZrb3NhMRwwGgYDVQQKExNLS1RDIE1lcmtleiBCYW5rYXNpMSYwJAYDVQQDEx1lLWlzbGVtLmtr" + 9995ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "dGNtZXJrZXpiYW5rYXNpLm9yZzEqMCgGCSqGSIb3DQEJARYbaWxldGlAa2t0Y21lcmtlemJhbmth" + 10095ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "c2kub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1hUpuRFY67NsZ6C9rzRAPCb" + 10195ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "9RVpi4nZzJIA1TvIfr4hMPM0X5jseMf5GvgJQ+cBMZtooDd7BbZNy2z7O5A+8PYFaMDdokCENx2e" + 10295ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "PIqAVuO6C5UAqM7J3n6RrhjOvqiw6dTQMbtXhjFao+YMuBVvRuuhGHBDK3Je64T/KLzcmAUlRJEu" + 10395ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "y+ZMe7AatUaSDr/jy5DMA5xEYOdsnS5Zo30lRG+9vqbxb8CQi+E97sNjY+W4lEgJKQWMNh5rCxo4" + 10495ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "Hinkm3CKyKX3PAS+DDVI3LQiCiIQUOMA2+1P5aTPTkpqlbjqhbWTWAPWOKCF9d83p3RMXOYt5Gah" + 10595ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "S8rg5u6+toEC1QIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkq" + 10695ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "hkiG9w0BAQUFAAOCAQEAwjWz5tsUvYORVW8KJSK/biHFrAnFotMtoTKEewRmnYaYjwXIr1IPaBqh" + 10795ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "jkGGviLN2eOH/v97Uli6HC4lzhKHfMQUS9KF/f5nGcH8iQBy/gmFsfJQ1KDC6GNM4CfMGIzyxjYh" + 10895ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "P0VzdUtKX3PAl5EqgMUcdqRDy6Ruz55+JkdvCL1nAC7xH+czJcZVwysTdGfLTCh6VtYPgIkeL6U8" + 10995ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "3xQAyMuOHm72exJljYFqIsiNvGE0KufCqCuH1PD97IXMrLlwGmKKg5jP349lySBpJjm6RDqCTT+6" + 11095ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra "dUl2jkVbeNmco99Y7AOdtLsOdXBMCo5x8lK8zwQWFrzEms0joHXCpWfGWA=="; 11195ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra 112497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public CertBlacklistTest() throws IOException { 113497b2162a919832889bf73a0b41a06ce001360efGeremy Condra tmpFile = File.createTempFile("test", ""); 114497b2162a919832889bf73a0b41a06ce001360efGeremy Condra DEFAULT_PUBKEYS = getDefaultPubkeys(); 115497b2162a919832889bf73a0b41a06ce001360efGeremy Condra DEFAULT_SERIALS = getDefaultSerials(); 116497b2162a919832889bf73a0b41a06ce001360efGeremy Condra tmpFile.delete(); 117497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 118497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 119497b2162a919832889bf73a0b41a06ce001360efGeremy Condra @Override 120497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void setUp() throws Exception { 121497b2162a919832889bf73a0b41a06ce001360efGeremy Condra super.setUp(); 122497b2162a919832889bf73a0b41a06ce001360efGeremy Condra tmpFile = File.createTempFile("test", ""); 123497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 124497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 125497b2162a919832889bf73a0b41a06ce001360efGeremy Condra @Override 126497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void tearDown() throws Exception { 127497b2162a919832889bf73a0b41a06ce001360efGeremy Condra try { 128497b2162a919832889bf73a0b41a06ce001360efGeremy Condra tmpFile.delete(); 129497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } finally { 130497b2162a919832889bf73a0b41a06ce001360efGeremy Condra super.tearDown(); 131497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 132497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 133497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 134497b2162a919832889bf73a0b41a06ce001360efGeremy Condra private Set<String> getPubkeyBlacklist(String path) throws IOException { 135497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // set our blacklist path 136497b2162a919832889bf73a0b41a06ce001360efGeremy Condra CertBlacklist bl = new CertBlacklist(path, CertBlacklist.DEFAULT_SERIAL_BLACKLIST_PATH); 137497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // call readPubkeyBlacklist 138497b2162a919832889bf73a0b41a06ce001360efGeremy Condra Set<byte[]> arr = bl.pubkeyBlacklist; 139497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // convert the results to a hashset of strings 140497b2162a919832889bf73a0b41a06ce001360efGeremy Condra Set<String> results = new HashSet<String>(); 141497b2162a919832889bf73a0b41a06ce001360efGeremy Condra for (byte[] value: arr) { 142d1725822187cb9bbe4d93fe39135b17ecb3130eeGeremy Condra results.add(new String(value)); 143497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 144497b2162a919832889bf73a0b41a06ce001360efGeremy Condra return results; 145497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 146497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 147497b2162a919832889bf73a0b41a06ce001360efGeremy Condra private Set<String> getSerialBlacklist(String path) throws IOException { 148497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // set our blacklist path 149497b2162a919832889bf73a0b41a06ce001360efGeremy Condra CertBlacklist bl = new CertBlacklist(CertBlacklist.DEFAULT_PUBKEY_BLACKLIST_PATH, path); 150497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // call readPubkeyBlacklist 151497b2162a919832889bf73a0b41a06ce001360efGeremy Condra Set<BigInteger> arr = bl.serialBlacklist; 152497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // convert the results to a hashset of strings 153497b2162a919832889bf73a0b41a06ce001360efGeremy Condra Set<String> results = new HashSet<String>(); 154497b2162a919832889bf73a0b41a06ce001360efGeremy Condra for (BigInteger value: arr) { 155497b2162a919832889bf73a0b41a06ce001360efGeremy Condra results.add(value.toString(16)); 156497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 157497b2162a919832889bf73a0b41a06ce001360efGeremy Condra return results; 158497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 159497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 1600858ead74da4538c13fe0ebbbde5bc9c0586cd1dGeremy Condra private static String getHash(PublicKey publicKey) throws Exception { 1610dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra byte[] encoded = publicKey.getEncoded(); 1620dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra MessageDigest digest = MessageDigest.getInstance("SHA1"); 1630dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra byte[] hexlifiedHash = Hex.encode(digest.digest(encoded)); 1640dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra return new String(hexlifiedHash); 1650dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra } 1660dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra 167497b2162a919832889bf73a0b41a06ce001360efGeremy Condra private Set<String> getDefaultPubkeys() throws IOException { 168497b2162a919832889bf73a0b41a06ce001360efGeremy Condra return getPubkeyBlacklist(""); 169497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 170497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 171497b2162a919832889bf73a0b41a06ce001360efGeremy Condra private Set<String> getDefaultSerials() throws IOException { 172497b2162a919832889bf73a0b41a06ce001360efGeremy Condra return getSerialBlacklist(""); 173497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 174497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 175497b2162a919832889bf73a0b41a06ce001360efGeremy Condra private Set<String> getCurrentPubkeyBlacklist() throws IOException { 176497b2162a919832889bf73a0b41a06ce001360efGeremy Condra return getPubkeyBlacklist(tmpFile.getCanonicalPath()); 177497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 178497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 179497b2162a919832889bf73a0b41a06ce001360efGeremy Condra private Set<String> getCurrentSerialBlacklist() throws IOException { 180497b2162a919832889bf73a0b41a06ce001360efGeremy Condra return getSerialBlacklist(tmpFile.getCanonicalPath()); 181497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 182497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 183497b2162a919832889bf73a0b41a06ce001360efGeremy Condra private void blacklistToFile(String blacklist) throws IOException { 184497b2162a919832889bf73a0b41a06ce001360efGeremy Condra FileOutputStream out = new FileOutputStream(tmpFile); 185497b2162a919832889bf73a0b41a06ce001360efGeremy Condra out.write(blacklist.toString().getBytes()); 186497b2162a919832889bf73a0b41a06ce001360efGeremy Condra out.close(); 187497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 188497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 189497b2162a919832889bf73a0b41a06ce001360efGeremy Condra private void writeBlacklist(HashSet<String> values) throws IOException { 190497b2162a919832889bf73a0b41a06ce001360efGeremy Condra StringBuilder result = new StringBuilder(); 191497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // join the values into a string 192497b2162a919832889bf73a0b41a06ce001360efGeremy Condra for (String value : values) { 193497b2162a919832889bf73a0b41a06ce001360efGeremy Condra if (result.length() != 0) { 194497b2162a919832889bf73a0b41a06ce001360efGeremy Condra result.append(","); 195497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 196497b2162a919832889bf73a0b41a06ce001360efGeremy Condra result.append(value); 197497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 198497b2162a919832889bf73a0b41a06ce001360efGeremy Condra blacklistToFile(result.toString()); 199497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 200497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 2010858ead74da4538c13fe0ebbbde5bc9c0586cd1dGeremy Condra private static PublicKey createPublicKey(String cert) throws Exception { 2020dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra byte[] derCert = Base64.decode(cert.getBytes()); 2030dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra InputStream istream = new ByteArrayInputStream(derCert); 2040dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra CertificateFactory cf = CertificateFactory.getInstance("X.509"); 2050dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra return cf.generateCertificate(istream).getPublicKey(); 2060dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra } 2070dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra 2080858ead74da4538c13fe0ebbbde5bc9c0586cd1dGeremy Condra private static BigInteger createSerialNumber(String cert) throws Exception { 20995ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra byte[] derCert = Base64.decode(cert.getBytes()); 21095ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra InputStream istream = new ByteArrayInputStream(derCert); 21195ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra CertificateFactory cf = CertificateFactory.getInstance("X.509"); 21295ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra X509Certificate xCert = (X509Certificate)cf.generateCertificate(istream); 21395ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra return xCert.getSerialNumber(); 21495ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra } 21595ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra 2160dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra public void testPubkeyBlacklistLegit() throws Exception { 217497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // build the blacklist 218497b2162a919832889bf73a0b41a06ce001360efGeremy Condra HashSet<String> bl = new HashSet<String>(); 219497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccc"); 220497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // write the blacklist 221497b2162a919832889bf73a0b41a06ce001360efGeremy Condra writeBlacklist(bl); 222497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // add the default pubkeys into the bl 223497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.addAll(DEFAULT_PUBKEYS); 224497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // do the test 225497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(bl, getCurrentPubkeyBlacklist()); 226497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 227497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 2280dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra public void testLegitPubkeyIsntBlacklisted() throws Exception { 2290dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra // build the public key 2300dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra PublicKey pk = createPublicKey(TEST_CERT); 2310dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra // write that to the test blacklist 2320dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra writeBlacklist(new HashSet<String>()); 2330dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra // set our blacklist path 2340dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra CertBlacklist bl = new CertBlacklist(tmpFile.getCanonicalPath(), 2350dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra CertBlacklist.DEFAULT_SERIAL_BLACKLIST_PATH); 2360dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra // check to make sure it isn't blacklisted 2370dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra assertEquals(bl.isPublicKeyBlackListed(pk), false); 2380dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra } 2390dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra 2400dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra public void testPubkeyIsBlacklisted() throws Exception { 2410dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra // build the public key 2420dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra PublicKey pk = createPublicKey(TEST_CERT); 2430dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra // get its hash 2440dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra String hash = getHash(pk); 2450dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra // write that to the test blacklist 2460dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra HashSet<String> testBlackList = new HashSet<String>(); 2470dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra testBlackList.add(hash); 2480dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra writeBlacklist(testBlackList); 2490dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra // set our blacklist path 2500dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra CertBlacklist bl = new CertBlacklist(tmpFile.getCanonicalPath(), 2510dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra CertBlacklist.DEFAULT_SERIAL_BLACKLIST_PATH); 2520dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra // check to make sure it isn't blacklited 2530dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra assertTrue(bl.isPublicKeyBlackListed(pk)); 2540dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra } 2550dc81a43663d3e66da8750b69ff2aa78eec461f9Geremy Condra 256497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void testSerialBlacklistLegit() throws IOException { 257497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // build the blacklist 258497b2162a919832889bf73a0b41a06ce001360efGeremy Condra HashSet<String> bl = new HashSet<String>(); 259497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("22e514121e61c643b1e9b06bd4b9f7d0"); 260497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // write the blacklist 261497b2162a919832889bf73a0b41a06ce001360efGeremy Condra writeBlacklist(bl); 262497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // add the default serials into the bl 263497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.addAll(DEFAULT_SERIALS); 264497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // do the test 265497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(bl, getCurrentSerialBlacklist()); 266497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 267497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 268497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void testPubkeyBlacklistMultipleLegit() throws IOException { 269497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // build the blacklist 270497b2162a919832889bf73a0b41a06ce001360efGeremy Condra HashSet<String> bl = new HashSet<String>(); 271497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccc"); 272497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccd"); 273497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // write the blacklist 274497b2162a919832889bf73a0b41a06ce001360efGeremy Condra writeBlacklist(bl); 275497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // add the default pubkeys into the bl 276497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.addAll(DEFAULT_PUBKEYS); 277497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // do the test 278497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(bl, getCurrentPubkeyBlacklist()); 279497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 280497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 281497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void testSerialBlacklistMultipleLegit() throws IOException { 282497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // build the blacklist 283497b2162a919832889bf73a0b41a06ce001360efGeremy Condra HashSet<String> bl = new HashSet<String>(); 284497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("22e514121e61c643b1e9b06bd4b9f7d0"); 285497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("22e514121e61c643b1e9b06bd4b9f7d1"); 286497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // write the blacklist 287497b2162a919832889bf73a0b41a06ce001360efGeremy Condra writeBlacklist(bl); 288497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // add the default serials into the bl 289497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.addAll(DEFAULT_SERIALS); 290497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // do the test 291497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(bl, getCurrentSerialBlacklist()); 292497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 293497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 294497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void testPubkeyBlacklistMultipleBad() throws IOException { 295497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // build the blacklist 296497b2162a919832889bf73a0b41a06ce001360efGeremy Condra HashSet<String> bl = new HashSet<String>(); 297497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccc"); 298497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add(""); 299497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccd"); 300497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // write the blacklist 301497b2162a919832889bf73a0b41a06ce001360efGeremy Condra writeBlacklist(bl); 302497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // add the default pubkeys into the bl 303497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.addAll(DEFAULT_PUBKEYS); 304497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // remove the bad one 305497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.remove(""); 306497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // do the test- results should be all but the bad one are handled 307497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(bl, getCurrentPubkeyBlacklist()); 308497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 309497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 310497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void testSerialBlacklistMultipleBad() throws IOException { 311497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // build the blacklist 312497b2162a919832889bf73a0b41a06ce001360efGeremy Condra HashSet<String> bl = new HashSet<String>(); 313497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("22e514121e61c643b1e9b06bd4b9f7d0"); 314497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add(""); 315497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("22e514121e61c643b1e9b06bd4b9f7d1"); 316497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // write the blacklist 317497b2162a919832889bf73a0b41a06ce001360efGeremy Condra writeBlacklist(bl); 318497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // add the default serials into the bl 319497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.addAll(DEFAULT_SERIALS); 320497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // remove the bad one 321497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.remove(""); 322497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // do the test- results should be all but the bad one are handled 323497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(bl, getCurrentSerialBlacklist()); 324497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 325497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 326497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void testPubkeyBlacklistDoesntExist() throws IOException { 327497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(DEFAULT_PUBKEYS, getCurrentPubkeyBlacklist()); 328497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 329497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 330497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void testSerialBlacklistDoesntExist() throws IOException { 331497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(DEFAULT_SERIALS, getCurrentSerialBlacklist()); 332497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 333497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 334497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void testPubkeyBlacklistNotHexValues() throws IOException { 335497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // build the blacklist 336497b2162a919832889bf73a0b41a06ce001360efGeremy Condra HashSet<String> bl = new HashSet<String>(); 337497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"); 338497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // write the blacklist 339497b2162a919832889bf73a0b41a06ce001360efGeremy Condra writeBlacklist(bl); 340497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // do the test 341497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(DEFAULT_PUBKEYS, getCurrentPubkeyBlacklist()); 342497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 343497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 344497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void testSerialBlacklistNotHexValues() throws IOException { 345497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // build the blacklist 346497b2162a919832889bf73a0b41a06ce001360efGeremy Condra HashSet<String> bl = new HashSet<String>(); 347497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"); 348497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // write the blacklist 349497b2162a919832889bf73a0b41a06ce001360efGeremy Condra writeBlacklist(bl); 350497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // do the test 351497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(DEFAULT_SERIALS, getCurrentSerialBlacklist()); 352497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 353497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 354497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void testPubkeyBlacklistIncorrectLength() throws IOException { 355497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // build the blacklist 356497b2162a919832889bf73a0b41a06ce001360efGeremy Condra HashSet<String> bl = new HashSet<String>(); 357497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091cc"); 358497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // write the blacklist 359497b2162a919832889bf73a0b41a06ce001360efGeremy Condra writeBlacklist(bl); 360497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // do the test 361497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(DEFAULT_PUBKEYS, getCurrentPubkeyBlacklist()); 362497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 363497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 364497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void testSerialBlacklistZero() throws IOException { 365497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // build the blacklist 366497b2162a919832889bf73a0b41a06ce001360efGeremy Condra HashSet<String> bl = new HashSet<String>(); 367497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("0"); 368497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // write the blacklist 369497b2162a919832889bf73a0b41a06ce001360efGeremy Condra writeBlacklist(bl); 370497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // add the default serials 371497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.addAll(DEFAULT_SERIALS); 372497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // do the test 373497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(bl, getCurrentSerialBlacklist()); 374497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 375497b2162a919832889bf73a0b41a06ce001360efGeremy Condra 376497b2162a919832889bf73a0b41a06ce001360efGeremy Condra public void testSerialBlacklistNegative() throws IOException { 377497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // build the blacklist 378497b2162a919832889bf73a0b41a06ce001360efGeremy Condra HashSet<String> bl = new HashSet<String>(); 379497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.add("-1"); 380497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // write the blacklist 381497b2162a919832889bf73a0b41a06ce001360efGeremy Condra writeBlacklist(bl); 382497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // add the default serials 383497b2162a919832889bf73a0b41a06ce001360efGeremy Condra bl.addAll(DEFAULT_SERIALS); 384497b2162a919832889bf73a0b41a06ce001360efGeremy Condra // do the test 385497b2162a919832889bf73a0b41a06ce001360efGeremy Condra assertEquals(bl, getCurrentSerialBlacklist()); 386497b2162a919832889bf73a0b41a06ce001360efGeremy Condra } 38795ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra 38895ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra public void testTurkTrustIntermediate1SerialBlacklist() throws Exception { 38995ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra CertBlacklist bl = new CertBlacklist(); 39095ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(TURKTRUST_1)), true); 39195ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra } 39295ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra 39395ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra public void testTurkTrustIntermediate1PubkeyBlacklist() throws Exception { 39495ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra // build the public key 39595ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra PublicKey pk = createPublicKey(TURKTRUST_1); 39695ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra // write that to the test blacklist 39795ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra writeBlacklist(new HashSet<String>()); 39895ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra // set our blacklist path 39995ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra CertBlacklist bl = new CertBlacklist(); 40095ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra // check to make sure it isn't blacklisted 40195ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra assertEquals(bl.isPublicKeyBlackListed(pk), true); 40295ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra } 40395ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra 40495ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra public void testTurkTrustIntermediate2SerialBlacklist() throws Exception { 40595ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra CertBlacklist bl = new CertBlacklist(); 40695ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(TURKTRUST_2)), true); 40795ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra } 40895ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra 40995ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra public void testTurkTrustIntermediate2PubkeyBlacklist() throws Exception { 41095ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra // build the public key 41195ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra PublicKey pk = createPublicKey(TURKTRUST_2); 41295ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra // set our blacklist path 41395ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra CertBlacklist bl = new CertBlacklist(); 41495ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra // check to make sure it isn't blacklisted 41595ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra assertEquals(bl.isPublicKeyBlackListed(pk), true); 41695ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra } 41795ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra 4180858ead74da4538c13fe0ebbbde5bc9c0586cd1dGeremy Condra private static void printHash(String cert) throws Exception { 41995ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra System.out.println("CERTIFICATE PUBLIC KEY HASH: " + getHash(createPublicKey(cert))); 42095ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra } 42195ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra 4220858ead74da4538c13fe0ebbbde5bc9c0586cd1dGeremy Condra private static void printSerial(String cert) throws Exception { 42395ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra System.out.println("CERTIFICATE SERIAL NUMBER: " + createSerialNumber(cert).toString(16)); 42495ecd9024afcfa417911e158663ce5f31acbd839Geremy Condra } 425497b2162a919832889bf73a0b41a06ce001360efGeremy Condra} 426