PKIXParameters_ImplTest.java revision 561ee011997c6c2f1befbfaa9d5f0a99771c1d63 
1/*
2 *  Licensed to the Apache Software Foundation (ASF) under one or more
3 *  contributor license agreements.  See the NOTICE file distributed with
4 *  this work for additional information regarding copyright ownership.
5 *  The ASF licenses this file to You under the Apache License, Version 2.0
6 *  (the "License"); you may not use this file except in compliance with
7 *  the License.  You may obtain a copy of the License at
8 *
9 *     http://www.apache.org/licenses/LICENSE-2.0
10 *
11 *  Unless required by applicable law or agreed to in writing, software
12 *  distributed under the License is distributed on an "AS IS" BASIS,
13 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 *  See the License for the specific language governing permissions and
15 *  limitations under the License.
16 */
17
18/**
19* @author Vladimir N. Molotkov
20*/
21
22package org.apache.harmony.security.tests.java.security.cert;
23
24import java.security.InvalidAlgorithmParameterException;
25import java.security.KeyStore;
26import java.security.KeyStoreException;
27import java.security.NoSuchAlgorithmException;
28import java.security.cert.CertPathParameters;
29import java.security.cert.CertStore;
30import java.security.cert.CollectionCertStoreParameters;
31import java.security.cert.PKIXCertPathChecker;
32import java.security.cert.PKIXParameters;
33import java.security.cert.X509CertSelector;
34import java.util.ArrayList;
35import java.util.Date;
36import java.util.HashSet;
37import java.util.List;
38import java.util.Set;
39
40import org.apache.harmony.security.tests.support.cert.TestUtils;
41
42import junit.framework.TestCase;
43
44/**
45 * Tests for <code>PKIXParameters</code> fields and methods
46 *
47 */
48public class PKIXParameters_ImplTest extends TestCase {
49
50    /**
51     * Test #1 for <code>PKIXParameters(KeyStore)</code> constructor<br>
52     * Assertion: Creates an instance of <code>PKIXParameters</code>
53     * that populates the set of most-trusted CAs from the trusted
54     * certificate entries contained in the specified <code>KeyStore</code>
55     * @throws InvalidAlgorithmParameterException
56     * @throws KeyStoreException
57     */
58    public final void testPKIXParametersKeyStore01() throws Exception {
59        KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
60        if (ks == null) {
61            fail(getName() + ": not performed (could not create test KeyStore)");
62        }
63
64        // use valid parameter - KeyStore containing
65        // only trusted X.509 certificates
66        CertPathParameters cpp = new PKIXParameters(ks);
67        assertTrue(cpp instanceof PKIXParameters);
68    }
69
70    /**
71     * Test #2 for <code>PKIXParameters(KeyStore)</code> constructor<br>
72     * Assertion: Only keystore entries that contain trusted
73     * <code>X509Certificates</code> are considered; all other
74     * certificate types are ignored
75     * @throws InvalidAlgorithmParameterException
76     * @throws KeyStoreException
77     */
78    public final void testPKIXParametersKeyStore02() throws Exception {
79        KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED_AND_UNTRUSTED);
80        if (ks == null) {
81            fail(getName() + ": not performed (could not create test KeyStore)");
82        }
83
84        // use valid parameter - KeyStore containing
85        // both trusted and untrusted X.509 certificates
86        PKIXParameters cpp = new PKIXParameters(ks);
87        assertEquals("size", 1, cpp.getTrustAnchors().size());
88    }
89
90    /**
91     * Test #4 for <code>PKIXParameters(KeyStore)</code> constructor<br>
92     * Assertion: <code>KeyStoreException</code> -
93     * if the <code>keystore</code> has not been initialized
94     */
95    public final void testPKIXParametersKeyStore04() throws Exception {
96        KeyStore ks = TestUtils.getKeyStore(false, 0);
97        if (ks == null) {
98            fail(getName() + ": not performed (could not create test KeyStore)");
99        }
100
101        try {
102            // pass not initialized KeyStore
103            new PKIXParameters(ks);
104            fail("KeyStoreException expected");
105        } catch (KeyStoreException e) {
106        }
107    }
108
109    /**
110     * Test #5 for <code>PKIXParameters(KeyStore)</code> constructor<br>
111     * Assertion: <code>InvalidAlgorithmParameterException</code> -
112     * if the <code>keystore</code> does not contain at least one
113     * trusted certificate entry
114     */
115    public final void testPKIXParametersKeyStore05() throws Exception {
116        KeyStore ks = TestUtils.getKeyStore(true, TestUtils.UNTRUSTED);
117        if (ks == null) {
118            fail(getName() + ": not performed (could not create test KeyStore)");
119        }
120
121        try {
122            // pass KeyStore that does not contain trusted certificates
123            new PKIXParameters(ks);
124            fail("InvalidAlgorithmParameterException expected");
125        } catch (InvalidAlgorithmParameterException e) {
126        }
127    }
128
129    /**
130     * Test #5 for <code>setTrustAnchors(Set)</code> method<br>
131     * Assertion: <code>Set</code> is copied to protect against
132     * subsequent modifications
133     * @throws InvalidAlgorithmParameterException
134     * @throws KeyStoreException
135     */
136    public final void testSetTrustAnchors05() throws Exception {
137        // use several trusted certs in this test
138        KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
139        if (ks == null) {
140            fail(getName() + ": not performed (could not create test KeyStore)");
141        }
142
143        PKIXParameters p = new PKIXParameters(ks);
144        // prepare new Set
145        HashSet newSet = new HashSet(p.getTrustAnchors());
146        HashSet newSetCopy = (HashSet)newSet.clone();
147        // set new Set
148        p.setTrustAnchors(newSetCopy);
149        // modify set - remove one element
150        assertTrue("modified", newSetCopy.remove(newSetCopy.iterator().next()));
151        // check that set maintained internally has
152        // not been changed by the above modification
153        assertEquals("isCopied", newSet, p.getTrustAnchors());
154    }
155
156    /**
157     * Test #1 for <code>clone()</code> method<br>
158     * Assertion: Makes a copy of this <code>PKIXParameters</code> object
159     * @throws KeyStoreException
160     * @throws InvalidAlgorithmParameterException
161     * @throws NoSuchAlgorithmException
162     */
163    public final void testClone01() throws Exception {
164        KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
165        if (ks == null) {
166            fail(getName() + ": not performed (could not create test KeyStore)");
167        }
168
169        PKIXParameters p1 = new PKIXParameters(ks);
170        // set to some non-default values
171        p1.setPolicyQualifiersRejected(false);
172        p1.setAnyPolicyInhibited(true);
173        p1.setExplicitPolicyRequired(true);
174        p1.setPolicyMappingInhibited(true);
175        p1.setRevocationEnabled(false);
176
177        String sigProviderName = "Some Provider";
178        p1.setSigProvider(sigProviderName);
179
180        X509CertSelector x509cs = new X509CertSelector();
181        p1.setTargetCertConstraints(x509cs);
182
183        p1.setCertStores(TestUtils.getCollectionCertStoresList());
184
185        PKIXCertPathChecker cpc = TestUtils.getTestCertPathChecker();
186        List l = new ArrayList();
187        assertTrue("addedOk", l.add(cpc));
188        p1.setCertPathCheckers(l);
189
190        p1.setDate(new Date(555L));
191
192        Set s = new HashSet();
193        s.add("1.2.3.4.5.6.7");
194        s.add("1.2.3.4.5.6.8");
195        p1.setInitialPolicies(s);
196
197        // TrustAnchors already set
198
199        PKIXParameters p2 = (PKIXParameters)p1.clone();
200
201        // check that objects match
202        assertEquals("check1", p1.getPolicyQualifiersRejected(),
203                p2.getPolicyQualifiersRejected());
204        assertEquals("check2", p1.isAnyPolicyInhibited(),
205                p2.isAnyPolicyInhibited());
206        assertEquals("check3", p1.isExplicitPolicyRequired(),
207                p2.isExplicitPolicyRequired());
208        assertEquals("check4", p1.isPolicyMappingInhibited(),
209                p2.isPolicyMappingInhibited());
210        assertEquals("check5", p1.isRevocationEnabled(),
211                p2.isRevocationEnabled());
212        assertEquals("check6", p1.getSigProvider(), p2.getSigProvider());
213
214        // just check that not null
215        assertNotNull("check7", p2.getTargetCertConstraints());
216
217        assertEquals("check8", p1.getCertStores(), p2.getCertStores());
218
219        // just check that not empty
220        assertFalse("check9", p2.getCertPathCheckers().isEmpty());
221
222        assertEquals("check10", p1.getDate(), p2.getDate());
223        assertEquals("check11", p1.getInitialPolicies(),
224                p2.getInitialPolicies());
225        assertEquals("check12", p1.getTrustAnchors(), p2.getTrustAnchors());
226    }
227
228    /**
229     * Test #2 for <code>clone()</code> method<br>
230     * Assertion: Changes to the copy will not affect
231     * the original and vice versa
232     * @throws KeyStoreException
233     * @throws InvalidAlgorithmParameterException
234     * @throws NoSuchAlgorithmException
235     */
236    public final void testClone02() throws Exception {
237        PKIXParameters[] p = new PKIXParameters[2];
238        KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
239        if (ks == null) {
240            fail(getName() + ": not performed (could not create test KeyStore)");
241        }
242
243        for (int i = 0; i<p.length; i++) {
244            p[i] = new PKIXParameters(ks);
245
246            p[i].setCertStores(TestUtils.getCollectionCertStoresList());
247
248            PKIXCertPathChecker cpc = TestUtils.getTestCertPathChecker();
249            List l = new ArrayList();
250            assertTrue("addedOk", l.add(cpc));
251            p[i].setCertPathCheckers(l);
252
253            p[i].setDate(new Date(555L));
254
255            p[(i == 0 ? 1 : 0)] = (PKIXParameters)p[i].clone();
256
257            // modify the first object (original or copy)
258            p[1].addCertStore(CertStore.getInstance("Collection",
259                    new CollectionCertStoreParameters()));
260            p[1].addCertPathChecker(TestUtils.getTestCertPathChecker());
261            // check that the second object has not been affected by
262            // above modification
263            assertTrue("certStores["+i+"]",
264                    p[0].getCertStores().size() == 1);
265            assertTrue("certPathCheckers["+i+"]",
266                    p[0].getCertPathCheckers().size() == 1);
267        }
268    }
269
270    /**
271     * Test for <code>toString()</code> method<br>
272     * Assertion: Returns a formatted string describing the parameters
273     * @throws InvalidAlgorithmParameterException
274     * @throws KeyStoreException
275     */
276    public final void testToString() throws Exception {
277        KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED_AND_UNTRUSTED);
278        if (ks == null) {
279            fail(getName() + ": not performed (could not create test KeyStore)");
280        }
281
282        PKIXParameters p = new PKIXParameters(ks);
283        assertNotNull(p.toString());
284    }
285
286}
287