/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * @author Alexander Y. Kleymenov */ package java.security.cert; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Principal; import java.security.PublicKey; import java.security.SignatureException; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; import java.security.cert.CertificateNotYetValidException; import java.security.cert.X509Certificate; import java.security.spec.InvalidKeySpecException; import java.util.Date; import java.util.Set; import java.util.HashSet; import java.util.Arrays; import java.util.ArrayList; import java.util.List; import java.util.Iterator; import java.util.Collection; import javax.security.auth.x500.X500Principal; import org.apache.harmony.security.asn1.ASN1Boolean; import org.apache.harmony.security.asn1.ASN1Integer; import org.apache.harmony.security.asn1.ASN1OctetString; import org.apache.harmony.security.asn1.ASN1Oid; import org.apache.harmony.security.asn1.ASN1Sequence; import org.apache.harmony.security.asn1.ASN1Type; import org.apache.harmony.security.tests.support.TestKeyPair; import org.apache.harmony.security.x501.Name; import org.apache.harmony.security.x509.AlgorithmIdentifier; import org.apache.harmony.security.x509.CertificatePolicies; import org.apache.harmony.security.x509.EDIPartyName; import org.apache.harmony.security.x509.Extension; import org.apache.harmony.security.x509.Extensions; import org.apache.harmony.security.x509.GeneralName; import org.apache.harmony.security.x509.GeneralNames; import org.apache.harmony.security.x509.GeneralSubtree; import org.apache.harmony.security.x509.GeneralSubtrees; import org.apache.harmony.security.x509.NameConstraints; import org.apache.harmony.security.x509.ORAddress; import org.apache.harmony.security.x509.OtherName; import org.apache.harmony.security.x509.PolicyInformation; import org.apache.harmony.security.x509.PrivateKeyUsagePeriod; import org.apache.harmony.security.x509.SubjectPublicKeyInfo; import org.apache.harmony.security.x509.TBSCertificate; import org.apache.harmony.security.x509.Validity; import junit.framework.Test; import junit.framework.TestCase; import junit.framework.TestSuite; /** * X509CertSelectorTest */ public class X509CertSelectorTest extends TestCase { /** * The abstract class stub implementation. */ private class TestCert extends X509Certificate { /* Stuff fields */ protected String equalCriteria = null; // to simplify method equals() protected BigInteger serialNumber = null; protected X500Principal issuer = null; protected X500Principal subject = null; protected byte[] keyIdentifier = null; protected Date date = null; protected Date notBefore = null; protected Date notAfter = null; protected PublicKey key = null; protected boolean[] keyUsage = null; protected List extKeyUsage = null; protected int pathLen = -1; protected GeneralNames sans = null; protected byte[] encoding = null; protected String[] policies = null; protected NameConstraints nameConstraints = null; /* Stuff methods */ public TestCert() {} public TestCert(GeneralNames sans) { setSubjectAlternativeNames(sans); } public TestCert(NameConstraints nameConstraints) { this.nameConstraints = nameConstraints; } public TestCert(String equalCriteria) { setEqualCriteria(equalCriteria); } public TestCert(String[] policies) { setPolicies(policies); } public TestCert(BigInteger serial) { setSerialNumber(serial); } public TestCert(X500Principal principal) { setIssuer(principal); setSubject(principal); } public TestCert(byte[] array) { setKeyIdentifier(array); } public TestCert(Date date) { setDate(date); } public TestCert(Date notBefore, Date notAfter) { setPeriod(notBefore, notAfter); } public TestCert(PublicKey key) { setPublicKey(key); } public TestCert(boolean[] keyUsage) { setKeyUsage(keyUsage); } public TestCert(Set extKeyUsage) { setExtendedKeyUsage(extKeyUsage); } public TestCert(int pathLen) { this.pathLen = pathLen; } public void setPolicies(String[] policies) { this.policies = policies; } public void setSubjectAlternativeNames(GeneralNames sans) { this.sans = sans; } public void setExtendedKeyUsage(Set extKeyUsage) { this.extKeyUsage = (extKeyUsage == null) ? null : new ArrayList(extKeyUsage); } public void setKeyUsage(boolean[] keyUsage) { this.keyUsage = (keyUsage == null) ? null : (boolean[]) keyUsage.clone(); } public void setPublicKey(PublicKey key) { this.key = key; } public void setPeriod(Date notBefore, Date notAfter) { this.notBefore = notBefore; this.notAfter = notAfter; } public void setSerialNumber(BigInteger serial) { this.serialNumber = serial; } public void setEqualCriteria(String equalCriteria) { this.equalCriteria = equalCriteria; } public void setIssuer(X500Principal issuer) { this.issuer = issuer; } public void setSubject(X500Principal subject) { this.subject = subject; } public void setKeyIdentifier(byte[] subjectKeyID) { this.keyIdentifier = subjectKeyID.clone(); } public void setDate(Date date) { this.date = new Date(date.getTime()); } public void setEncoding(byte[] encoding) { this.encoding = encoding; } /* Method implementations */ public boolean equals(Object cert) { if (cert == null) { return false; } if ((equalCriteria == null) || (((TestCert)cert).equalCriteria == null)) { return false; } else { return equalCriteria.equals(((TestCert)cert).equalCriteria); } } public String toString() { if (equalCriteria != null) { return equalCriteria; } return ""; } public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {} public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (this.date == null) { throw new CertificateExpiredException(); } int result = this.date.compareTo(date); if (result > 0) { throw new CertificateExpiredException(); } if (result < 0) { throw new CertificateNotYetValidException(); } } public int getVersion() { return 3; } public BigInteger getSerialNumber() { return (serialNumber == null) ? new BigInteger("1111") : serialNumber; } public Principal getIssuerDN() { return issuer; } public X500Principal getIssuerX500Principal() { return issuer; } public Principal getSubjectDN() { return subject; } public X500Principal getSubjectX500Principal() { return subject; } public Date getNotBefore() { return null; } public Date getNotAfter() { return null; } public byte[] getTBSCertificate() throws CertificateEncodingException { return null; } public byte[] getSignature() { return null; } public String getSigAlgName() { return null; } public String getSigAlgOID() { return null; } public byte[] getSigAlgParams() { return null; } public boolean[] getIssuerUniqueID() { return null; } public boolean[] getSubjectUniqueID() { return null; } public boolean[] getKeyUsage() { return keyUsage; } public List/**/ getExtendedKeyUsage() throws CertificateParsingException { return extKeyUsage; } public int getBasicConstraints() { return pathLen; } public Collection/*>*/ getSubjectAlternativeNames() throws CertificateParsingException { return sans.getPairsList(); } public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { } public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { } public PublicKey getPublicKey() { return key; } public byte[] getEncoded() throws CertificateEncodingException { return encoding; } public Set getNonCriticalExtensionOIDs() { return null; } public Set getCriticalExtensionOIDs() { return null; } public byte[] getExtensionValue(String oid) { if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) { // Extension value is represented as an OctetString return ASN1OctetString.getInstance().encode(keyIdentifier); } if ("2.5.29.16".equals(oid)) { PrivateKeyUsagePeriod pkup = new PrivateKeyUsagePeriod(notBefore, notAfter); byte[] encoded = pkup.getEncoded(); return ASN1OctetString.getInstance().encode(encoded); } if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) { ASN1Oid[] oa = new ASN1Oid[extKeyUsage.size()]; String[] val = new String[extKeyUsage.size()]; Iterator it = extKeyUsage.iterator(); int id = 0; while (it.hasNext()) { oa[id] = ASN1Oid.getInstanceForString(); val[id++] = (String) it.next(); } return ASN1OctetString.getInstance().encode( new ASN1Sequence(oa).encode(val)); } if ("2.5.29.19".equals(oid)) { return ASN1OctetString.getInstance().encode( new ASN1Sequence( new ASN1Type[] { ASN1Boolean.getInstance(), ASN1Integer.getInstance() }).encode( new Object[] { new Boolean(pathLen != -1), BigInteger.valueOf(pathLen). toByteArray() }) ); } if ("2.5.29.17".equals(oid) && (sans != null)) { if (sans.getNames() == null) { return null; } return ASN1OctetString.getInstance().encode( GeneralNames.ASN1.encode(sans)); } if ("2.5.29.32".equals(oid) && (policies != null) && (policies.length > 0)) { // Certificate Policies Extension (as specified in rfc 3280) CertificatePolicies certificatePolicies = new CertificatePolicies(); for (int i=0; i keyPurposeSet) method testing. */ public void testSetExtendedKeyUsage() throws IOException { HashSet ku1 = new HashSet(Arrays.asList(new String[] { "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"} )); HashSet ku2 = new HashSet(Arrays.asList(new String[] { "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6"})); TestCert cert_1 = new TestCert(ku1); TestCert cert_2 = new TestCert(ku2); TestCert cert_3 = new TestCert((Set) null); X509CertSelector selector = new X509CertSelector(); selector.setExtendedKeyUsage(null); assertTrue("Any certificate should match in the case of null " + "extendedKeyUsage criteria.", selector.match(cert_1) && selector.match(cert_2)); selector.setExtendedKeyUsage(ku1); assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertFalse("The certificate should not match the selection criteria.", selector.match(cert_2)); assertTrue("The certificate which does not have a keyUsage extension " + "implicitly allows all keyUsage values.", selector .match(cert_3)); ku1.remove("1.3.6.1.5.5.7.3.7"); // remove the missing in ku2 keyUsage assertFalse("The modification of initialization object " + "should not affect the modification of internal object.", selector.match(cert_2)); selector.setExtendedKeyUsage(ku2); assertTrue("The certificate should match the selection criteria.", selector.match(cert_2)); } /** * getExtendedKeyUsage() method testing. */ public void testGetExtendedKeyUsage() { HashSet ku = new HashSet(Arrays.asList(new String[] { "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"} )); X509CertSelector selector = new X509CertSelector(); assertNull("Selector should return null", selector.getExtendedKeyUsage()); try { selector.setExtendedKeyUsage(ku); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertTrue("The returned extendedKeyUsage should be equal to specified", ku.equals(selector.getExtendedKeyUsage())); try { selector.getExtendedKeyUsage().add("KRIBLE-GRABLI"); fail("The returned Set should be immutable."); } catch (UnsupportedOperationException e) { } } /** * setSubjectAlternativeNames(Collection> names) method testing. */ public void testSetSubjectAlternativeNames() { try { GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] {1, 2, 0, 1})); GeneralName san1 = new GeneralName(1, "rfc@822.Name"); GeneralName san2 = new GeneralName(2, "dNSName"); GeneralName san3 = new GeneralName(new ORAddress()); GeneralName san4 = new GeneralName(new Name("O=Organization")); GeneralName san5 = new GeneralName(new EDIPartyName("assigner", "party")); GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); GeneralName san7 = new GeneralName(7, "1.1.1.1"); GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); GeneralNames sans_1 = new GeneralNames(); sans_1.addName(san0); sans_1.addName(san1); sans_1.addName(san2); sans_1.addName(san3); sans_1.addName(san4); sans_1.addName(san5); sans_1.addName(san6); sans_1.addName(san7); sans_1.addName(san8); GeneralNames sans_2 = new GeneralNames(); sans_2.addName(san0); TestCert cert_1 = new TestCert(sans_1); TestCert cert_2 = new TestCert(sans_2); X509CertSelector selector = new X509CertSelector(); selector.setMatchAllSubjectAltNames(true); selector.setSubjectAlternativeNames(null); assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert_1) && selector.match(cert_2)); Collection sans = sans_1.getPairsList(); selector.setSubjectAlternativeNames(sans); assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertFalse("The certificate should not match " + "the selection criteria.", selector.match(cert_2)); sans.clear(); assertTrue("The modification of initialization object " + "should not affect the modification " + "of internal object.", selector.match(cert_1)); selector.setSubjectAlternativeNames(sans_2.getPairsList()); assertTrue("The certificate should match the selection criteria.", selector.match(cert_2)); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } } /** * addSubjectAlternativeName(int type, String name) method testing. */ public void testAddSubjectAlternativeName1() throws IOException { String name1 = "rfc@822.Name"; String name2 = "dNSName"; String name4 = "O=Organization"; String name6 = "http://uniform.Resource.Id"; String name7 = "255.255.255.0"; String name8 = "1.2.3.4444.55555"; GeneralName san1 = new GeneralName(1, name1); GeneralName san2 = new GeneralName(2, name2); GeneralName san4 = new GeneralName(4, name4); GeneralName san6 = new GeneralName(6, name6); GeneralName san7 = new GeneralName(7, name7); GeneralName san8 = new GeneralName(8, name8); GeneralNames sans_1 = new GeneralNames(); sans_1.addName(san1); sans_1.addName(san2); sans_1.addName(san4); sans_1.addName(san6); sans_1.addName(san7); sans_1.addName(san8); GeneralNames sans_2 = new GeneralNames(); sans_2.addName(san1); sans_2.addName(san2); TestCert cert_1 = new TestCert(sans_1); TestCert cert_2 = new TestCert(sans_2); X509CertSelector selector = new X509CertSelector(); selector.setMatchAllSubjectAltNames(true); try { selector.addSubjectAlternativeName(1, name1); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertTrue("The certificate should match the selection criteria.", selector.match(cert_2)); try { selector.addSubjectAlternativeName(2, name2); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertTrue("The certificate should match the selection criteria.", selector.match(cert_2)); try { selector.addSubjectAlternativeName(4, name4); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertFalse("The certificate should not match the selection criteria.", selector.match(cert_2)); try { selector.addSubjectAlternativeName(6, name6); selector.addSubjectAlternativeName(7, name7); selector.addSubjectAlternativeName(8, name8); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertFalse("The certificate should not match the selection criteria.", selector.match(cert_2)); } /** * addSubjectAlternativeName(int type, byte[] name) method testing. */ public void testAddSubjectAlternativeName2() { try { GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", ASN1Integer.getInstance().encode( BigInteger.valueOf(55L).toByteArray()) )); GeneralName san1 = new GeneralName(1, "rfc@822.Name"); GeneralName san2 = new GeneralName(2, "dNSName"); GeneralName san3 = new GeneralName(new ORAddress()); GeneralName san4 = new GeneralName(new Name("O=Organization")); GeneralName san5 = new GeneralName(new EDIPartyName("assigner", "party")); GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); GeneralName san7 = new GeneralName(new byte[] {1, 1, 1, 1}); GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); GeneralNames sans_1 = new GeneralNames(); sans_1.addName(san0); sans_1.addName(san1); sans_1.addName(san2); sans_1.addName(san3); sans_1.addName(san4); sans_1.addName(san5); sans_1.addName(san6); sans_1.addName(san7); sans_1.addName(san8); GeneralNames sans_2 = new GeneralNames(); sans_2.addName(san0); sans_2.addName(san1); sans_2.addName(san2); TestCert cert_1 = new TestCert(sans_1); TestCert cert_2 = new TestCert(sans_2); X509CertSelector selector = new X509CertSelector(); selector.setMatchAllSubjectAltNames(true); selector.addSubjectAlternativeName(0, san0.getEncodedName()); assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertTrue("The certificate should match the selection criteria.", selector.match(cert_2)); selector.addSubjectAlternativeName(1, san1.getEncodedName()); assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertTrue("The certificate should match the selection criteria.", selector.match(cert_2)); selector.addSubjectAlternativeName(2, san2.getEncodedName()); assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertTrue("The certificate should match the selection criteria.", selector.match(cert_2)); selector.addSubjectAlternativeName(3, san3.getEncodedName()); assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertFalse("The certificate should not match the selection criteria.", selector.match(cert_2)); selector.addSubjectAlternativeName(4, san4.getEncodedName()); assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertFalse("The certificate should not match " + "the selection criteria.", selector.match(cert_2)); selector.addSubjectAlternativeName(5, san5.getEncodedName()); assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertFalse("The certificate should not match " + "the selection criteria.", selector.match(cert_2)); selector.addSubjectAlternativeName(6, san6.getEncodedName()); assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertFalse("The certificate should not match " + "the selection criteria.", selector.match(cert_2)); selector.addSubjectAlternativeName(7, san7.getEncodedName()); assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertFalse("The certificate should not match " + "the selection criteria.", selector.match(cert_2)); byte[] oid = san8.getEncodedName(); selector.addSubjectAlternativeName(8, oid); assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); assertFalse("The certificate should not match " + "the selection criteria.", selector.match(cert_2)); oid[3] += 1; assertTrue("The byte array should be cloned to protect against " + "subsequent modifications.", selector.match(cert_1)); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } } /** * getSubjectAlternativeNames() method testing. */ public void testGetSubjectAlternativeNames() { try { GeneralName san1 = new GeneralName(1, "rfc@822.Name"); GeneralName san2 = new GeneralName(2, "dNSName"); GeneralNames sans = new GeneralNames(); sans.addName(san1); sans.addName(san2); TestCert cert_1 = new TestCert(sans); X509CertSelector selector = new X509CertSelector(); assertNull("Selector should return null", selector.getSubjectAlternativeNames()); selector.setSubjectAlternativeNames(sans.getPairsList()); assertTrue("The certificate should match the selection criteria.", selector.match(cert_1)); selector.getSubjectAlternativeNames().clear(); assertTrue("The modification of initialization object " + "should not affect the modification " + "of internal object.", selector.match(cert_1)); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } } /** * setMatchAllSubjectAltNames(boolean matchAllNames) method testing. */ public void testSetMatchAllSubjectAltNames() { try { GeneralName san1 = new GeneralName(1, "rfc@822.Name"); GeneralName san2 = new GeneralName(2, "dNSName"); GeneralNames sans_1 = new GeneralNames(); sans_1.addName(san1); GeneralNames sans_2 = new GeneralNames(); sans_2.addName(san1); sans_2.addName(san2); TestCert cert = new TestCert(sans_1); X509CertSelector selector = new X509CertSelector(); selector.setMatchAllSubjectAltNames(true); selector.setSubjectAlternativeNames(sans_2.getPairsList()); assertFalse("Only certificate which contain all of the specified " + "subject alternative names should match.", selector.match(cert)); selector.setMatchAllSubjectAltNames(false); /* assertTrue("The certificate which contain at least one of the " + "specified subject alternative names must match.", selector.match(cert)); */ } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } } /** * getMatchAllSubjectAltNames() method testing. */ public void testGetMatchAllSubjectAltNames() { X509CertSelector selector = new X509CertSelector(); assertTrue("The matchAllNames initially should be true", selector.getMatchAllSubjectAltNames()); selector.setMatchAllSubjectAltNames(false); assertFalse("The value should be false", selector.getMatchAllSubjectAltNames()); } /** * setNameConstraints(byte[] bytes) method testing. * Constructs the NameConstraints DER structure with * GeneralNames of types: 1, 2, 6, 7 and set it as a criterion. */ public void testSetNameConstraints0() throws IOException { // Restrictions apply only when the specified name form is present. // If no name of the type is in the certificate, // the certificate is acceptable (rfc 3280). GeneralName [] name_constraints = new GeneralName[] { new GeneralName(1, "822.Name"), new GeneralName(1, "rfc@822.Name"), new GeneralName(2, "Name.org"), new GeneralName(2, "dNS.Name.org"), //new GeneralName(4, "O=Organization"), new GeneralName(6, "http://.Resource.Id"), new GeneralName(6, "http://uniform.Resource.Id"), new GeneralName(7, "1.1.1.1"), // new GeneralName(7, new byte[] {1, 1, 1, 1, 3, 3, 3, 3}), new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}), // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1, // 1, 1, 1, 1, 1, 1, 1, 1, // 3, 3, 3, 3, 3, 3, 3, 3, // 3, 3, 3, 3, 3, 3, 3, 3}) }; // names which should match divided from names which should not // match by null GeneralName[][] alternative_names = new GeneralName[][] { { new GeneralName(1, "rfc@822.Name"), null, new GeneralName(1, "rfc@Other.Name") }, { new GeneralName(1, "rfc@822.Name"), null, new GeneralName(1, "rfc@Other.Name") }, { new GeneralName(2, "Name.org"), new GeneralName(2, "dNS.Name.org"), null, new GeneralName(2, "dNS.OtherName.org") }, { new GeneralName(2, "dNS.Name.org"), null, new GeneralName(2, "Name.org"), new GeneralName(2, "dNS.OtherName.org") }, { // new GeneralName(4, "O=Organization"), // null, // new GeneralName(4, "O=OtherOrganization") //}, { new GeneralName(6, "http://uniform.Resource.Id/location"), null, //new GeneralName(6, "http://Resource.Id") }, { new GeneralName(6, "http://uniform.Resource.Id"), null, new GeneralName(6, "http://Resource.Id") }, { new GeneralName(new byte[] {1, 1, 1, 1}), null, new GeneralName(new byte[] {2, 2, 2, 2}) // }, { // new GeneralName(7, new byte[] {1, 1, 1, 1}), // new GeneralName(7, new byte[] {2, 2, 2, 2}), // new GeneralName(7, new byte[] {3, 3, 3, 3}), // null, // new GeneralName(7, new byte[] {4, 4, 4, 4}) }, { new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}), null, new GeneralName(new byte[] {2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2}), // }, { // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1, // 1, 1, 1, 1, 1, 1, 1, 1}), // new GeneralName(7, new byte[] {2, 2, 2, 2, 2, 2, 2, 2, // 2, 2, 2, 2, 2, 2, 2, 2}), // new GeneralName(7, new byte[] {3, 3, 3, 3, 3, 3, 3, 3, // 3, 3, 3, 3, 3, 3, 3, 3}), // null, // new GeneralName(7, new byte[] {4, 4, 4, 4, 4, 4, 4, 4, // 4, 4, 4, 4, 4, 4, 4, 4}), } }; X509CertSelector selector = new X509CertSelector(); String subject = "O=Organization"; X500Principal x500Subject = new X500Principal(subject); try { Name nameSubject = new Name(subject); for (int i=0; i certPolicySet) method testing. */ public void testSetPolicy() { String[] policies_1 = new String[] { "0.0.0.0.0.0", "1.1.1.1.1.1", }; String[] policies_2 = new String[] { "0.0.0.0.0.0", "1.1.1.1.1.1", "2.2.2.2.2.2" }; String[] policies_3 = new String[] { "2.2.2.2.2.2" }; String[] policies_4 = new String[] {}; X509CertSelector selector = new X509CertSelector(); HashSet set = new HashSet(Arrays.asList(policies_1)); try { selector.setPolicy(set); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } TestCert cert_1 = new TestCert(policies_1); TestCert cert_2 = new TestCert(policies_2); TestCert cert_3 = new TestCert(policies_3); TestCert cert_4 = new TestCert(policies_4); assertTrue("The certificate should match the specified criteria", selector.match(cert_1)); assertTrue("The certificate should match the specified criteria", selector.match(cert_2)); assertFalse("The certificate should not match the specified criteria", selector.match(cert_3)); assertFalse("The certificate should not match the specified criteria", selector.match(cert_4)); set.add("2.2.2.2.2.2"); assertFalse("The modification of the set should not cause the " + "modification of internal object", selector.match(cert_3)); set = new HashSet(); try { selector.setPolicy(set); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertTrue("The certificate should match the specified criteria", selector.match(cert_1)); assertTrue("The certificate should match the specified criteria", selector.match(cert_2)); assertTrue("The certificate should match the specified criteria", selector.match(cert_3)); assertFalse("The certificate should not match the specified criteria", selector.match(cert_4)); set.add("2.2.2.2.2.2"); try { selector.setPolicy(set); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } assertFalse("The certificate should not match the specified criteria", selector.match(cert_1)); assertTrue("The certificate should match the specified criteria", selector.match(cert_2)); assertTrue("The certificate should match the specified criteria", selector.match(cert_3)); assertFalse("The certificate should not match the specified criteria", selector.match(cert_4)); } /** * getPolicy() method testing. */ public void testGetPolicy() { String[] policies = new String[] { "0.0.0.0.0.0", "1.1.1.1.1.1", "2.2.2.2.2.2" }; X509CertSelector selector = new X509CertSelector(); HashSet set = new HashSet(Arrays.asList(policies)); try { selector.setPolicy(set); } catch (IOException e) { e.printStackTrace(); fail("Unexpected IOException was thrown."); } Set result = selector.getPolicy(); try { result.remove(policies[0]); fail("An immutable set should be returned."); } catch (UnsupportedOperationException e) { } if (result.size() != 3) { fail("The size of returned set differs from specified."); } for (int i=0; i> names) method testing. */ public void testSetPathToNames() { try { GeneralName[] names = new GeneralName[] { new GeneralName(1, "rfc@822.Name"), new GeneralName(1, "rfc@822.AnotherName"), new GeneralName(2, "dNSName"), new GeneralName(2, "AnotherdNSName"), new GeneralName(4, "O=Organization"), new GeneralName(4, "O=Another Organization"), new GeneralName(6, "http://uniform.Resource.Id"), new GeneralName(6, "http://another.uniform.Resource.Id"), new GeneralName(7, "1.1.1.1"), new GeneralName(7, "2.2.2.2") }; X509CertSelector selector = new X509CertSelector(); TestCert cert; GeneralSubtrees subtrees; NameConstraints constraints; for (int i=0; i