/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * @author Alexander Y. Kleymenov */ package org.apache.harmony.security.tests.java.security.cert; import java.io.ByteArrayInputStream; import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.cert.CertPath; import java.security.cert.CertificateFactory; import java.security.cert.X509CRL; import java.security.cert.X509Certificate; import java.security.spec.X509EncodedKeySpec; import java.util.Collection; import java.util.Iterator; import java.util.List; import org.apache.harmony.luni.util.Base64; import junit.framework.TestCase; /** * X.509 CertificateFactory provider implementation test.
* See RFC 3280 (http://www.ietf.org/rfc/rfc3280.txt) for * more information on X.509, and * http://www.ietf.org/rfc/rfc2315.txt * for more information on PKCS #7. * The testing data was generated by use of classes from * org.apache.harmony.security.x509 package. */ public class CertificateFactory_ImplTest extends TestCase { /** * Base64 encoded PKCS7 SignedObject containing two X.509 * Certificates and CRLs. */ private static String pkcs7so = "MIIHDwYJKoZIhvcNAQcCoIIHADCCBvwCAQExADALBgkqhkiG9w0BBwGg" + "ggUuMIICkzCCAlOgAwIBAgICAiswCQYHKoZIzjgEAzAdMRswGQYDVQQK" + "ExJDZXJ0aWZpY2F0ZSBJc3N1ZXIwIxcNMDYwOTA1MDk1MzA2WhgSMjMz" + "NjEwMTMwMjUxMjcuODFaMB0xGzAZBgNVBAoTEkNlcnRpZmljYXRlIElz" + "c3VlcjCCAbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu" + "7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeB" + "O4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD" + "9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvM" + "spK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX" + "TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqL" + "VHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4Vrl" + "nwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDyCA7AK6Kep2soxt8tIsWW" + "kafbYdueAkeBNnm46H0OteFa80HMuJjKJ0LjlPrdjFMARKyW/GATtQhg" + "hY/MrINAHmKcX5QjL1DkuJKDNggLHqj5D6efsWmLKwLvmviWLzWtjh7Y" + "GBZeLt0ezu2q49aKcOzkkDsCSsMz09u9284L6qMeMBwwGgYDVR0RAQH/" + "BBAwDoEMcmZjQDgyMi5OYW1lMAkGByqGSM44BAMDLwAwLAIUWo0C+R8P" + "J8LGSLsCRqJ8SOOO0SoCFGvO6mpNdzOKiwlYwfpF/Xyi7s3vMIICkzCC" + "AlOgAwIBAgICAiswCQYHKoZIzjgEAzAdMRswGQYDVQQKExJDZXJ0aWZp" + "Y2F0ZSBJc3N1ZXIwIxcNMDYwOTA1MDk1MzA2WhgSMjMzNjEwMTMwMjUx" + "MjcuODFaMB0xGzAZBgNVBAoTEkNlcnRpZmljYXRlIElzc3VlcjCCAbgw" + "ggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3Ujzv" + "RADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3" + "a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQT" + "WhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvw" + "WBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlX" + "jrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4r" + "s6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtV" + "JWQBTDv+z0kqA4GFAAKBgQDyCA7AK6Kep2soxt8tIsWWkafbYdueAkeB" + "Nnm46H0OteFa80HMuJjKJ0LjlPrdjFMARKyW/GATtQhghY/MrINAHmKc" + "X5QjL1DkuJKDNggLHqj5D6efsWmLKwLvmviWLzWtjh7YGBZeLt0ezu2q" + "49aKcOzkkDsCSsMz09u9284L6qMeMBwwGgYDVR0RAQH/BBAwDoEMcmZj" + "QDgyMi5OYW1lMAkGByqGSM44BAMDLwAwLAIUWo0C+R8PJ8LGSLsCRqJ8" + "SOOO0SoCFGvO6mpNdzOKiwlYwfpF/Xyi7s3voYIBsjCB1jCBlwIBATAJ" + "BgcqhkjOOAQDMBUxEzARBgNVBAoTCkNSTCBJc3N1ZXIXDTA2MDkwNTA5" + "NTMwN1oXDTA2MDkwNTA5NTQ0N1owQTA/AgICKxcNMDYwOTA1MDk1MzA4" + "WjAqMAoGA1UdFQQDCgEBMBwGA1UdGAQVGBMyMDA2MDkwNTA5NTMwNy43" + "MThaoA8wDTALBgNVHRQEBAICEVwwCQYHKoZIzjgEAwMvADAsAhR/l5kI" + "bTkuJe9HjcpZ4Ff4Ifv9xwIUIXBlDKsNFlgYdWWTxzrrJOHyMuUwgdYw" + "gZcCAQEwCQYHKoZIzjgEAzAVMRMwEQYDVQQKEwpDUkwgSXNzdWVyFw0w" + "NjA5MDUwOTUzMDdaFw0wNjA5MDUwOTU0NDdaMEEwPwICAisXDTA2MDkw" + "NTA5NTMwOFowKjAKBgNVHRUEAwoBATAcBgNVHRgEFRgTMjAwNjA5MDUw" + "OTUzMDcuNzE4WqAPMA0wCwYDVR0UBAQCAhFcMAkGByqGSM44BAMDLwAw" + "LAIUf5eZCG05LiXvR43KWeBX+CH7/ccCFCFwZQyrDRZYGHVlk8c66yTh" + "8jLlMQA="; /** * Base64 encoded PkiPath object containing 2 X.509 certificates. */ private static String pkiPath = "MIIFMDCCApQwggJToAMCAQICAgIrMAkGByqGSM44BAMwHTEbMBkGA1UE" + "ChMSQ2VydGlmaWNhdGUgSXNzdWVyMCMXDTA2MDkwNTExMDAyM1oYEjIz" + "MzYxMDEzMTQwNDE4LjEyWjAdMRswGQYDVQQKExJDZXJ0aWZpY2F0ZSBJ" + "c3N1ZXIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qc" + "Luzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzX" + "gTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7" + "g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSML" + "zLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5" + "V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6" + "i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa" + "5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEA8ggOwCuinqdrKMbfLSLF" + "lpGn22HbngJHgTZ5uOh9DrXhWvNBzLiYyidC45T63YxTAESslvxgE7UI" + "YIWPzKyDQB5inF+UIy9Q5LiSgzYICx6o+Q+nn7FpiysC75r4li81rY4e" + "2BgWXi7dHs7tquPWinDs5JA7AkrDM9PbvdvOC+qjHjAcMBoGA1UdEQEB" + "/wQQMA6BDHJmY0A4MjIuTmFtZTAJBgcqhkjOOAQDAzAAMC0CFQCAUA72" + "3BIXNluugYcScXeb9vx5vAIUYreCA5ljANvzSsD0ofI+xph4//IwggKU" + "MIICU6ADAgECAgICKzAJBgcqhkjOOAQDMB0xGzAZBgNVBAoTEkNlcnRp" + "ZmljYXRlIElzc3VlcjAjFw0wNjA5MDUxMTAwMjNaGBIyMzM2MTAxMzE0" + "MDQxOC4xMlowHTEbMBkGA1UEChMSQ2VydGlmaWNhdGUgSXNzdWVyMIIB" + "uDCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS" + "PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/Jm" + "YLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1" + "VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuE" + "C/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdR" + "WVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOu" + "HiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6A" + "e1UlZAFMO/7PSSoDgYUAAoGBAPIIDsArop6nayjG3y0ixZaRp9th254C" + "R4E2ebjofQ614VrzQcy4mMonQuOU+t2MUwBErJb8YBO1CGCFj8ysg0Ae" + "YpxflCMvUOS4koM2CAseqPkPp5+xaYsrAu+a+JYvNa2OHtgYFl4u3R7O" + "7arj1opw7OSQOwJKwzPT273bzgvqox4wHDAaBgNVHREBAf8EEDAOgQxy" + "ZmNAODIyLk5hbWUwCQYHKoZIzjgEAwMwADAtAhUAgFAO9twSFzZbroGH" + "EnF3m/b8ebwCFGK3ggOZYwDb80rA9KHyPsaYeP/y"; /** * Base64 encoded X.509 CRL. */ private static String x509crl = "MIHWMIGWAgEBMAkGByqGSM44BAMwFTETMBEGA1UEChMKQ1JMIElzc3Vl" + "chcNMDYwOTA1MDk1MzA4WhcNMDYwOTA1MDk1NDQ4WjBAMD4CAgIrFw0w" + "NjA5MDUwOTUzMDhaMCkwCgYDVR0VBAMKAQEwGwYDVR0YBBQYEjIwMDYw" + "OTA1MDk1MzA4Ljg5WqAPMA0wCwYDVR0UBAQCAhFcMAkGByqGSM44BAMD" + "MAAwLQIUJ1KAJumw8mOpGXT/FS5K9WwOBRICFQCR+ez59x9GH3sKoByC" + "IooeR20Q3Q=="; /** * Base64 encoded X.509 Certificate. */ private static String x509cert = "MIICkzCCAlOgAwIBAgICAiswCQYHKoZIzjgEAzAdMRswGQYDVQQKExJD" + "ZXJ0aWZpY2F0ZSBJc3N1ZXIwIxcNMDYwOTA4MDU1NzUxWhgSMjMzNjEx" + "MTAxMTM4NTUuNjJaMB0xGzAZBgNVBAoTEkNlcnRpZmljYXRlIElzc3Vl" + "cjCCAbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn" + "9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4Ad" + "NG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPF" + "HsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5" + "gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9" + "B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyN" + "KOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaS" + "i2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDyCA7AK6Kep2soxt8tIsWWkafb" + "YdueAkeBNnm46H0OteFa80HMuJjKJ0LjlPrdjFMARKyW/GATtQhghY/M" + "rINAHmKcX5QjL1DkuJKDNggLHqj5D6efsWmLKwLvmviWLzWtjh7YGBZe" + "Lt0ezu2q49aKcOzkkDsCSsMz09u9284L6qMeMBwwGgYDVR0RAQH/BBAw" + "DoEMcmZjQDgyMi5OYW1lMAkGByqGSM44BAMDLwAwLAIUO+JWKWai/8Si" + "2oEfhKSobLttYeYCFFO5YVDvtnmVVnvQTtUvrPpsaxJR"; /** * Base64 encoded Private Key used for data signing. * This data is not directly used in the test, but it could be * useful in future in case of implementation of additional * testing data structures. */ private static String b64PrivateKeySpec = "MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s" + "5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7" + "gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P2" + "08UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yy" + "krmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdM" + "Cz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotU" + "fI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWf" + "BpKLZl6Ae1UlZAFMO/7PSSoEFgIUS24w346zv1ic3wsLOHzxQnf9aX0="; /** * Base64 encoded Public Key for signature verification. */ private static String b64PublicKeySpec = "MIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2" + "EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00" + "b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue" + "wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC" + "ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0H" + "gmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o" + "4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL" + "Zl6Ae1UlZAFMO/7PSSoDgYUAAoGBAPIIDsArop6nayjG3y0ixZaRp9th" + "254CR4E2ebjofQ614VrzQcy4mMonQuOU+t2MUwBErJb8YBO1CGCFj8ys" + "g0AeYpxflCMvUOS4koM2CAseqPkPp5+xaYsrAu+a+JYvNa2OHtgYFl4u" + "3R7O7arj1opw7OSQOwJKwzPT273bzgvq"; /** * The name of the algorithm used for Certificate/CRL signing. */ private static String publicKeyAlgorithm = "DSA"; /** * The public key to verify generated Certificates and CRLs. */ private static PublicKey publicKey; static { try { X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec( Base64.decode(b64PublicKeySpec.getBytes("UTF-8"))); KeyFactory keyFactory = KeyFactory.getInstance(publicKeyAlgorithm); publicKey = keyFactory.generatePublic(publicKeySpec); } catch (NoSuchAlgorithmException e) { // provider is not installed, will not verify the generated data publicKey = null; } catch (Exception e) { // problems with a representation of the key e.printStackTrace(); publicKey = null; } } // array contains allowed PEM delimiters private static String[][] good = { { "-----BEGIN\n", "\n-----END" }, { "-----BEGIN-----\n", "\n-----END-----" }, { "-----BEGIN PEM ENCODED DATA STRUCTURE-----\n", "\n-----END-----" }, { "-----BEGIN MEANINGLESS SEPARATOR\n", "\n-----END PEM" }, }; // array contains not allowed PEM delimiters private static String[][] bad = { { "----BEGI\n", "\n-----END" }, { "-----BEGI\n", "\n----END" }, { "-----BEGI\n", "\n-----END" }, { "-----BEGIN\n", "\n-----EN" }, { "-----BEGIN", "\n-----END" }, { "-----BEGIN\n", "-----END" }, }; // array contains bad PEM encoded content. private static String[] bad_content = { "MIIHDwYJ", "ABCD", "\r\n\r\n", "\n\r", "" }; /** * generateCRLs method testing. * Generates CRLs on the base of PKCS7 SignedData Object */ public void testGenerateCRLs() throws Exception { CertificateFactory factory = CertificateFactory.getInstance("X.509"); // Testing the CRLs generation on the base of PKCS7 SignedData object ByteArrayInputStream bais = new ByteArrayInputStream( Base64.decode(pkcs7so.getBytes("UTF-8"))); Collection crls = factory.generateCRLs(bais); assertNotNull("Factory returned null on correct PKCS7 data", crls); assertEquals("The size of collection differs from expected", 2, crls.size()); if (publicKey != null) { // verify the signatures for (Iterator i = crls.iterator(); i.hasNext(); ) { ((X509CRL) i.next()).verify(publicKey); } } } /** * generateCRL/generateCertificate method testing. * Tries to generates single CRL/Certificate * on the base of PKCS7 SignedData Object. */ public void testGenerateCRL() throws Exception { CertificateFactory factory = CertificateFactory.getInstance("X.509"); ByteArrayInputStream bais = new ByteArrayInputStream( Base64.decode(pkcs7so.getBytes("UTF-8"))); try { factory.generateCRL(bais); fail("Expected exception was not thrown"); } catch (Exception e) { } bais = new ByteArrayInputStream(Base64.decode(pkcs7so.getBytes("UTF-8"))); try { factory.generateCertificate(bais); fail("Expected exception was not thrown"); } catch (Exception e) { } } /** * Generates CRLs on the base of PEM encoding. */ public void testGenerateBase64CRL() throws Exception { CertificateFactory factory = CertificateFactory.getInstance("X.509"); ByteArrayInputStream bais; for (int i = 0; i < good.length; i++) { bais = new ByteArrayInputStream( (good[i][0] + x509crl + good[i][1]).getBytes("UTF-8")); X509CRL crl = (X509CRL) factory.generateCRL(bais); assertNotNull("Factory returned null on correct data", crl); if (publicKey != null) { // verify the signatures crl.verify(publicKey); } } for (int i = 0; i < bad_content.length; i++) { bais = new ByteArrayInputStream( (good[0][0] + bad_content[i] + good[0][1]).getBytes("UTF-8")); try { factory.generateCRL(bais); fail("Expected exception was not thrown"); } catch (Exception e) { // e.printStackTrace(); } } for (int i = 0; i < bad.length; i++) { bais = new ByteArrayInputStream( (bad[i][0] + x509crl + bad[i][1]).getBytes("UTF-8")); try { factory.generateCRL(bais); fail("Expected exception was not thrown"); } catch (Exception e) { } } } private void verifyCRLs(Collection crls) throws Exception { if (publicKey != null) { // verify the signatures for (Iterator it = crls.iterator(); it.hasNext(); ) { ((X509CRL) it.next()).verify(publicKey); } } } ; private void verifyCertificates(Collection certs) throws Exception { if (publicKey != null) { // verify the signatures for (Iterator it = certs.iterator(); it.hasNext(); ) { ((X509Certificate) it.next()).verify(publicKey); } } } ; /** * generateCRLs method testing. * Generates CRLs on the base of consequent * PEM X.509(ASN.1)/X.509(ASN.1)/PKCS7 forms. */ public void testGenerateBase64CRLs() throws Exception { CertificateFactory factory = CertificateFactory.getInstance("X.509"); // ------------------------ Test Data ----------------------------- // encoding describing codes int pem_x509 = 0, asn_x509 = 1, pem_pkcs = 2, asn_pkcs = 3, bad = 4, npe_bad = 5, npe_bad2 = 6, num_of_variants = 7; // error code, marks sequences as throwing exceptions int error = 999; // test sequences int[][] sequences = { { pem_x509, pem_x509 }, { pem_x509, asn_x509 }, { pem_x509, asn_x509, pem_x509 }, { asn_x509, asn_x509 }, { asn_x509, pem_x509 }, { asn_x509, pem_x509, asn_x509 }, // -1 means that only 1 (-(-1)) CRL will be generated // on the base of this encodings sequence { -1, pem_x509, pem_pkcs }, { -1, pem_x509, bad }, // {-1/*-error*/, pem_x509, npe_bad2}, // {-1/*-error*/, pem_x509, npe_bad}, { -2, pem_pkcs, pem_x509 }, // 2 CRLs are expected { -2, pem_pkcs, bad }, { -2, pem_pkcs, npe_bad }, { -2, pem_pkcs, npe_bad2 }, { -1, asn_x509, pem_pkcs }, { -1, asn_x509, bad }, // {-1/*-error*/, asn_x509, npe_bad}, // {-1/*-error*/, asn_x509, npe_bad2}, // exception is expected { -error, bad }, { -error, bad, asn_x509 }, { -error, npe_bad }, { -error, npe_bad2 }, }; // actual encodings byte[][] data = new byte[num_of_variants][]; data[pem_x509] = (good[0][0] + x509crl + good[0][1] + "\n").getBytes("UTF-8"); data[asn_x509] = Base64.decode(x509crl.getBytes("UTF-8")); data[pem_pkcs] = (good[0][0] + pkcs7so + good[0][1] + "\n").getBytes("UTF-8"); data[asn_pkcs] = Base64.decode(pkcs7so.getBytes("UTF-8")); data[bad] = new byte[] { 0, 1, 1, 1, 1, 1, 0, 1 }; data[npe_bad] = new byte[] { 0, 1, 1, 1, 1, 1, 1, 0 }; data[npe_bad2] = new byte[] { 48, 0, 3, 4, 5, 6, 7 }; // -------------------------- Test -------------------------------- // Tests CRL generation on the base of sequences of heterogeneous // data format for (int i = 0; i < sequences.length; i++) { // for each of the sequences.. // expected size og generated CRL collection int expected_size = (sequences[i][0] < 0) ? -sequences[i][0] : sequences[i].length; // compute the size of the encoding described by sequence int encoding_size = 0; //System.out.print("Sequence:"); for (int j = 0; j < sequences[i].length; j++) { //System.out.print(" "+sequences[i][j]); if (sequences[i][j] >= 0) { encoding_size += data[sequences[i][j]].length; } } //System.out.println(""); // create the encoding of described sequence byte[] encoding = new byte[encoding_size]; int position = 0; for (int j = 0; j < sequences[i].length; j++) { if (sequences[i][j] >= 0) { System.arraycopy( data[sequences[i][j]], 0, // from encoding, position, // to data[sequences[i][j]].length); // length position += data[sequences[i][j]].length; } } if (expected_size == error) { // exception throwing test try { factory.generateCRLs(new ByteArrayInputStream(encoding)); fail("Expected exception was not thrown"); } catch (Exception e) { } } else { Collection crls = factory.generateCRLs(new ByteArrayInputStream(encoding)); assertNotNull("Factory returned null on correct data", crls); assertEquals("The size of collection differs from expected", expected_size, crls.size()); verifyCRLs(crls); } } } /** * generateCertificates method testing. * Generates Certificates on the base of consequent * PEM X.509(ASN.1)/X.509(ASN.1)/PKCS7 forms. */ public void testGenerateBase64Certificates() throws Exception { CertificateFactory factory = CertificateFactory.getInstance("X.509"); // ------------------------ Test Data ----------------------------- // encoding describing codes int pem_x509 = 0, asn_x509 = 1, pem_pkcs = 2, asn_pkcs = 3, bad = 4, bad1 = 5, bad2 = 6, num_of_variants = 7; // error code, marks sequences as throwing exceptions int error = 999; // test sequences int[][] sequences = { { pem_x509, pem_x509 }, { pem_x509, asn_x509 }, { pem_x509, asn_x509, pem_x509 }, { asn_x509, asn_x509 }, { asn_x509, pem_x509 }, { asn_x509, pem_x509, asn_x509 }, // -1 means that only 1 (-(-1)) Certificate will be generated // on the base of this encodings sequence // {-1/*-error*/, pem_x509, pem_pkcs}, // {-1/*-error*/, pem_x509, bad}, { -2, pem_pkcs, pem_x509 }, // 2 Certificates are expected { -2, pem_pkcs, bad }, { -2, pem_pkcs, bad1 }, { -2, pem_pkcs, bad2 }, // {-1/*-error*/, asn_x509, pem_pkcs}, // {-1/*-error*/, asn_x509, bad}, // {-1/*-error*/, asn_x509, bad1}, // {-1/*-error*/, pem_x509, bad1}, // {-1/*-error*/, asn_x509, bad2}, // {-1/*-error*/, pem_x509, bad2}, // exception is expected { -error, bad }, { -error, bad, asn_x509 }, { -error, bad1 }, { -error, bad2 }, }; // actual encodings byte[][] data = new byte[num_of_variants][]; data[pem_x509] = (good[0][0] + x509cert + good[0][1] + "\n").getBytes("UTF-8"); data[asn_x509] = Base64.decode(x509cert.getBytes("UTF-8")); data[pem_pkcs] = (good[0][0] + pkcs7so + good[0][1] + "\n").getBytes("UTF-8"); data[asn_pkcs] = Base64.decode(pkcs7so.getBytes("UTF-8")); data[bad] = new byte[] { 0, 1, 1, 1, 1, 1, 0, 1 }; data[bad1] = new byte[] { 0, 1, 1, 1, 1, 1, 1, 0 }; data[bad2] = new byte[] { 48, 0, 3, 4, 5, 6, 7 }; // -------------------------- Test -------------------------------- // Tests Certificate generation on the base of sequences of heterogeneous // data format for (int i = 0; i < sequences.length; i++) { // for each of the sequences.. // expected size og generated Certificate collection int expected_size = (sequences[i][0] < 0) ? -sequences[i][0] : sequences[i].length; // compute the size of the encoding described by sequence int encoding_size = 0; //System.out.print("Sequence:"); for (int j = 0; j < sequences[i].length; j++) { //System.out.print(" "+sequences[i][j]); if (sequences[i][j] >= 0) { encoding_size += data[sequences[i][j]].length; } } //System.out.println(""); // create the encoding of described sequence byte[] encoding = new byte[encoding_size]; int position = 0; for (int j = 0; j < sequences[i].length; j++) { if (sequences[i][j] >= 0) { System.arraycopy( data[sequences[i][j]], 0, // from encoding, position, // to data[sequences[i][j]].length); // length position += data[sequences[i][j]].length; } } if (expected_size == error) { // exception throwing test try { factory.generateCertificates(new ByteArrayInputStream(encoding)); fail("Expected exception was not thrown"); } catch (Exception e) { } } else { Collection certs = factory.generateCertificates(new ByteArrayInputStream(encoding)); assertNotNull("Factory returned null on correct data", certs); assertEquals("The size of collection differs from expected", expected_size, certs.size()); verifyCertificates(certs); } } } /** * Generates CRLs/Certificates on the base of PEM PKCS7 encoding. */ public void testGenerateBase64PKCS7() throws Exception { CertificateFactory factory = CertificateFactory.getInstance("X.509"); ByteArrayInputStream bais; for (int i = 0; i < good.length; i++) { bais = new ByteArrayInputStream( (good[i][0] + pkcs7so + good[i][1]).getBytes("UTF-8")); Collection crls = factory.generateCRLs(bais); assertNotNull("Factory returned null on correct PKCS7 data", crls); assertEquals("The size of collection differs from expected", 2, crls.size()); if (publicKey != null) { // verify the signatures for (Iterator it = crls.iterator(); it.hasNext(); ) { ((X509CRL) it.next()).verify(publicKey); } } bais = new ByteArrayInputStream( (good[i][0] + pkcs7so + good[i][1]).getBytes("UTF-8")); Collection certs = factory.generateCertificates(bais); assertNotNull("Factory returned null on correct PKCS7 data", certs); assertEquals("The size of collection differs from expected", 2, certs.size()); if (publicKey != null) { // verify the signatures for (Iterator it = certs.iterator(); it.hasNext(); ) { ((X509Certificate) it.next()).verify(publicKey); } } } for (int i = 0; i < bad_content.length; i++) { bais = new ByteArrayInputStream( (good[0][0] + bad_content[i] + good[0][1]).getBytes("UTF-8")); try { factory.generateCertificates(bais); fail("Expected exception was not thrown"); } catch (Exception e) { } bais = new ByteArrayInputStream( (good[0][0] + bad_content[i] + good[0][1]).getBytes("UTF-8")); try { factory.generateCRLs(bais); fail("Expected exception was not thrown"); } catch (Exception e) { } } for (int i = 0; i < bad.length; i++) { bais = new ByteArrayInputStream( (bad[i][0] + pkcs7so + bad[i][1]).getBytes("UTF-8")); try { factory.generateCRLs(bais); fail("Expected exception was not thrown"); } catch (Exception e) { } bais = new ByteArrayInputStream( (bad[i][0] + pkcs7so + bad[i][1]).getBytes("UTF-8")); try { factory.generateCertificates(bais); fail("Expected exception was not thrown"); } catch (Exception e) { } } } /** * Generates CertPaths on the base of PEM PkiPath/PKCS7 encoding. */ public void testGenerateBase64CertPath() throws Exception { CertificateFactory factory = CertificateFactory.getInstance("X.509"); ByteArrayInputStream bais; List certificates; for (int i = 0; i < good.length; i++) { bais = new ByteArrayInputStream( (good[i][0] + pkiPath + good[i][1]).getBytes("UTF-8")); certificates = factory.generateCertPath(bais).getCertificates(); assertEquals("The size of the list differs from expected", 2, certificates.size()); if (publicKey != null) { // verify the signatures for (Iterator it = certificates.iterator(); it.hasNext(); ) { ((X509Certificate) it.next()).verify(publicKey); } } bais = new ByteArrayInputStream( (good[i][0] + pkiPath + good[i][1]).getBytes("UTF-8")); certificates = factory.generateCertPath(bais, "PkiPath").getCertificates(); assertEquals("The size of the list differs from expected", 2, certificates.size()); if (publicKey != null) { // verify the signatures for (Iterator it = certificates.iterator(); it.hasNext(); ) { ((X509Certificate) it.next()).verify(publicKey); } } bais = new ByteArrayInputStream( (good[i][0] + pkcs7so + good[i][1]).getBytes("UTF-8")); certificates = factory.generateCertPath(bais, "PKCS7").getCertificates(); assertEquals("The size of the list differs from expected", 2, certificates.size()); if (publicKey != null) { // verify the signatures for (Iterator it = certificates.iterator(); it.hasNext(); ) { ((X509Certificate) it.next()).verify(publicKey); } } } // testing empty PkiPath structure (ASN.1 such as 0x30, 0x00) bais = new ByteArrayInputStream( (good[0][0] + "MAB=" + good[0][1]).getBytes("UTF-8")); // "MABCDEFG" assertEquals("The size of the list differs from expected", 0, factory.generateCertPath(bais, "PkiPath") .getCertificates().size()); // testing with bad PEM content for (int i = 0; i < bad_content.length; i++) { bais = new ByteArrayInputStream( (good[0][0] + bad_content[i] + good[0][1]).getBytes("UTF-8")); try { factory.generateCertPath(bais); fail("Expected exception was not thrown"); } catch (Exception e) { } bais = new ByteArrayInputStream( (good[0][0] + bad_content[i] + good[0][1]).getBytes("UTF-8")); try { factory.generateCertPath(bais, "PkiPath"); fail("Expected exception was not thrown"); } catch (Exception e) { } bais = new ByteArrayInputStream( (good[0][0] + bad_content[i] + good[0][1]).getBytes("UTF-8")); try { factory.generateCertPath(bais, "PKCS7"); fail("Expected exception was not thrown"); } catch (Exception e) { } } for (int i = 0; i < bad.length; i++) { bais = new ByteArrayInputStream( (bad[i][0] + pkiPath + bad[i][1]).getBytes("UTF-8")); try { factory.generateCertPath(bais); fail("Expected exception was not thrown"); } catch (Exception e) { } bais = new ByteArrayInputStream( (bad[i][0] + pkiPath + bad[i][1]).getBytes("UTF-8")); try { factory.generateCertPath(bais, "PkiPath"); fail("Expected exception was not thrown"); } catch (Exception e) { } bais = new ByteArrayInputStream( (bad[i][0] + pkcs7so + bad[i][1]).getBytes("UTF-8")); try { factory.generateCertPath(bais, "PKCS7"); fail("Expected exception was not thrown"); } catch (Exception e) { } } } /** * generateCertificates method testing. */ public void testGenerateCertificates() throws Exception { CertificateFactory factory = CertificateFactory.getInstance("X.509"); // Testing the Certificates generation // on the base of PKCS7 SignedData object ByteArrayInputStream bais = new ByteArrayInputStream( Base64.decode(pkcs7so.getBytes("UTF-8"))); Collection certs = factory.generateCertificates(bais); assertNotNull("Factory returned null on correct PKCS7 data", certs); assertEquals("The size of collection differs from expected", 2, certs.size()); if (publicKey != null) { // verify the signatures for (Iterator i = certs.iterator(); i.hasNext(); ) { ((X509Certificate) i.next()).verify(publicKey); } } } /** * generateCertificates method testing. */ public void testGenerateCertPath() throws Exception { CertificateFactory factory = CertificateFactory.getInstance("X.509"); // Testing the CertPath generation // on the base of PKCS7 SignedData object ByteArrayInputStream bais = new ByteArrayInputStream( Base64.decode(pkcs7so.getBytes("UTF-8"))); Collection certPath = factory.generateCertPath(bais, "PKCS7").getCertificates(); assertEquals("The size of collection differs from expected", 2, certPath.size()); if (publicKey != null) { // verify the signatures for (Iterator i = certPath.iterator(); i.hasNext(); ) { ((X509Certificate) i.next()).verify(publicKey); } } // testing empty PkiPath structure (ASN.1 such as 0x30, 0x00) bais = new ByteArrayInputStream(new byte[] { (byte) 0x30, 0x00 }); assertEquals("The size of the list differs from expected", 0, factory.generateCertPath(bais, "PkiPath") .getCertificates().size()); } }