TrustAnchor_ImplTest.java revision 561ee011997c6c2f1befbfaa9d5f0a99771c1d63
1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18/** 19* @author Vladimir N. Molotkov 20*/ 21 22package org.apache.harmony.security.tests.java.security.cert; 23 24import java.security.KeyStore; 25import java.security.KeyStoreException; 26import java.security.PublicKey; 27import java.security.cert.TrustAnchor; 28import java.security.cert.X509Certificate; 29import java.security.spec.InvalidKeySpecException; 30import java.util.Arrays; 31 32import javax.security.auth.x500.X500Principal; 33 34import org.apache.harmony.security.tests.support.TestKeyPair; 35import org.apache.harmony.security.tests.support.cert.TestUtils; 36 37import junit.framework.TestCase; 38 39/** 40 * Unit tests for <code>TrustAnchor</code> 41 */ 42public class TrustAnchor_ImplTest extends TestCase { 43 private static final String keyAlg = "DSA"; 44 // Sample of some valid CA name 45 private static final String validCaNameRfc2253 = 46 "CN=Test CA,"+ 47 "OU=Testing Division,"+ 48 "O=Test It All,"+ 49 "L=Test Town,"+ 50 "ST=Testifornia,"+ 51 "C=Testland"; 52 53 /** 54 * Test #1 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> 55 * Assertion: creates <code>TrustAnchor</code> instance<br> 56 * Test preconditions: valid parameters passed<br> 57 * Expected: must pass without any exceptions 58 */ 59 public final void testTrustAnchorX509CertificatebyteArray01() 60 throws KeyStoreException { 61 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 62 if (ks == null) { 63 fail(getName() + ": not performed (could not create test KeyStore)"); 64 } 65 66 String certAlias = "testca1"; 67 // sub testcase 1 68 new TrustAnchor( 69 (X509Certificate)ks.getCertificate(certAlias), 70 getFullEncoding()); 71 // sub testcase 2 72 new TrustAnchor( 73 (X509Certificate)ks.getCertificate(certAlias), 74 getEncodingPSOnly()); 75 // sub testcase 3 76 new TrustAnchor( 77 (X509Certificate)ks.getCertificate(certAlias), 78 getEncodingESOnly()); 79 // sub testcase 4 80 new TrustAnchor( 81 (X509Certificate)ks.getCertificate(certAlias), 82 getEncodingNoMinMax()); 83 } 84 85 /** 86 * Test #2 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> 87 * Assertion: creates <code>TrustAnchor</code> instance<br> 88 * Test preconditions: <code>null</code> as nameConstraints passed<br> 89 * Expected: must pass without any exceptions 90 */ 91 public final void testTrustAnchorX509CertificatebyteArray02() 92 throws KeyStoreException { 93 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 94 if (ks == null) { 95 fail(getName() + ": not performed (could not create test KeyStore)"); 96 } 97 98 String certAlias = "testca1"; 99 new TrustAnchor( 100 (X509Certificate)ks.getCertificate(certAlias), 101 null); 102 } 103 104 /** 105 * Test #3 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> 106 * Assertion: nameConstraints cloned by the constructor<br> 107 * Test preconditions: modify passed nameConstraints<br> 108 * Expected: modification must not change object internal state 109 */ 110 public final void testTrustAnchorX509CertificatebyteArray03() 111 throws KeyStoreException { 112 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 113 if (ks == null) { 114 fail(getName() + ": not performed (could not create test KeyStore)"); 115 } 116 117 String certAlias = "testca1"; 118 byte[] nc = getEncodingPSOnly(); 119 byte[] ncCopy = nc.clone(); 120 // sub testcase 5 - nameConstraints can be null 121 TrustAnchor ta = new TrustAnchor( 122 (X509Certificate)ks.getCertificate(certAlias), 123 ncCopy); 124 // modify 125 ncCopy[0]=(byte)0; 126 // check that above modification did not change 127 // object internal state 128 assertTrue(Arrays.equals(nc, ta.getNameConstraints())); 129 } 130 131 /** 132 * Test #4 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> 133 * Assertion: <code>NullPointerException</code> if <code>X509Certificate</code> 134 * parameter is <code>null</code><br> 135 * Test preconditions: pass <code>null</code> as <code>X509Certificate</code><br> 136 * Expected: NullPointerException 137 */ 138 public final void testTrustAnchorX509CertificatebyteArray04() 139 throws KeyStoreException { 140 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 141 if (ks == null) { 142 fail(getName() + ": not performed (could not create test KeyStore)"); 143 } 144 145 try { 146 new TrustAnchor(null, getFullEncoding()); 147 fail("NullPointerException has not been thrown"); 148 } catch (NullPointerException ok) { 149 } 150 } 151 152 /** 153 * Test #5 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> 154 * Assertion: <code>IllegalArgumentException</code> if nameConstraints 155 * parameter can not be decoded<br> 156 * Test preconditions: pass invalid nameConstraints encoding<br> 157 * Expected: IllegalArgumentException 158 */ 159 public final void testTrustAnchorX509CertificatebyteArray05() 160 throws KeyStoreException { 161 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 162 if (ks == null) { 163 fail(getName() + ": not performed (could not create test KeyStore)"); 164 } 165 166 String certAlias = "testca1"; 167 168 // sub testcase 1: 169 byte [] nameConstraints = getFullEncoding(); 170 // corrupt encoding: 171 // set wrong root seq length 172 nameConstraints[2] = (byte)0x8d; 173 try { 174 new TrustAnchor( 175 (X509Certificate)ks.getCertificate(certAlias), 176 nameConstraints); 177 fail("IllegalArgumentException has not been thrown"); 178 } catch (IllegalArgumentException ok) { 179 } 180 181 // sub testcase 2: 182 nameConstraints = getFullEncoding(); 183 // corrupt encoding: 184 // set wrong root seq length 185 nameConstraints[2] = (byte)0x8b; 186 try { 187 new TrustAnchor( 188 (X509Certificate)ks.getCertificate(certAlias), 189 nameConstraints); 190 fail("IllegalArgumentException has not been thrown"); 191 } catch (IllegalArgumentException ok) { 192 } 193 194 // sub testcase 3: 195 nameConstraints = getFullEncoding(); 196 // corrupt encoding: 197 // remove right class from seq tag 198 nameConstraints[3] &= (byte)0x3f; 199 try { 200 new TrustAnchor( 201 (X509Certificate)ks.getCertificate(certAlias), 202 nameConstraints); 203 fail("IllegalArgumentException has not been thrown"); 204 } catch (IllegalArgumentException ok) { 205 } 206 207 // sub testcase 4: 208 nameConstraints = getEncodingESOnly(); 209 // corrupt encoding: 210 // set wrong tagged value (excludedSubtrees SEQ OF) tag [2] 211 nameConstraints[2] = (byte)0xa2; 212 try { 213 new TrustAnchor( 214 (X509Certificate)ks.getCertificate(certAlias), 215 nameConstraints); 216 fail("IllegalArgumentException has not been thrown"); 217 } catch (IllegalArgumentException ok) { 218 } 219 220 // sub testcase 5: 221 nameConstraints = getEncodingESOnly(); 222 // corrupt encoding: 223 // remove CONSTRUCTED flag from tagged value (excludedSubtrees SEQ OF) tag 224 nameConstraints[2] &= (byte)0xdf; 225 try { 226 new TrustAnchor( 227 (X509Certificate)ks.getCertificate(certAlias), 228 nameConstraints); 229 fail("IllegalArgumentException has not been thrown"); 230 } catch (IllegalArgumentException ok) { 231 } 232 233 // sub testcase 6: 234 nameConstraints = getEncodingESOnly(); 235 // corrupt encoding: 236 // set CONSTRUCTED flag for PROMITIVE tagged value tag 237 // (generalSubtree's 'base' as IA5String) 238 nameConstraints[5] |= (byte)0x20; 239 try { 240 new TrustAnchor( 241 (X509Certificate)ks.getCertificate(certAlias), 242 nameConstraints); 243 fail("IllegalArgumentException has not been thrown"); 244 } catch (IllegalArgumentException ok) { 245 } 246 247 // sub testcase 7: 248 nameConstraints = getEncodingESOnly(); 249 // corrupt encoding: 250 // remove scheme from URI 251 // (generalSubtree's 'base' as IA5String (uniformResourceIdentifier)) 252 nameConstraints[12] = nameConstraints[13] = nameConstraints[14] = 253 (byte)0x6f; 254 try { 255 new TrustAnchor( 256 (X509Certificate)ks.getCertificate(certAlias), 257 nameConstraints); 258 fail("IllegalArgumentException has not been thrown"); 259 } catch (IllegalArgumentException ok) { 260 } 261 } 262 263 /** 264 * Test #6 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> 265 * Assertion: creates <code>TrustAnchor</code> instance<br> 266 * Test preconditions: valid parameters passed (base as OID)<br> 267 * Expected: must pass without any exceptions 268 */ 269 public final void testTrustAnchorX509CertificatebyteArray06() 270 throws KeyStoreException { 271 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 272 if (ks == null) { 273 fail(getName() + ": not performed (could not create test KeyStore)"); 274 } 275 276 String certAlias = "testca1"; 277 byte [] nameConstraints = getEncodingOid(); 278 new TrustAnchor( 279 (X509Certificate)ks.getCertificate(certAlias), 280 nameConstraints); 281 } 282 283 /** 284 * Test #7 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> 285 * Assertion: <code>IllegalArgumentException</code> if nameConstraints 286 * parameter can not be decoded<br> 287 * Test preconditions: pass invalid nameConstraints (OID) encoding<br> 288 * Expected: IllegalArgumentException 289 */ 290 public final void testTrustAnchorX509CertificatebyteArray07() 291 throws KeyStoreException { 292 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 293 if (ks == null) { 294 fail(getName() + ": not performed (could not create test KeyStore)"); 295 } 296 297 String certAlias = "testca1"; 298 byte [] nameConstraints = getEncodingOid(); 299 //corrupt Oid 300 nameConstraints[10]= (byte) 0xFF; 301 try { 302 new TrustAnchor( 303 (X509Certificate)ks.getCertificate(certAlias), 304 nameConstraints); 305 fail("IllegalArgumentException has not been thrown"); 306 } catch (IllegalArgumentException ok) { 307 } 308 } 309 310 /** 311 * Test #8 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> 312 * Assertion: <code>IllegalArgumentException</code> if nameConstraints 313 * parameter can not be decoded<br> 314 * Test preconditions: pass invalid nameConstraints encodings<br> 315 * Expected: IllegalArgumentException 316 */ 317 public final void testTrustAnchorX509CertificatebyteArray08() 318 throws KeyStoreException { 319 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 320 if (ks == null) { 321 fail(getName() + ": not performed (could not create test KeyStore)"); 322 } 323 324 String certAlias = "testca1"; 325 // GeneralName tags for this test (1,2 and 3 are omitted) 326 byte[] generalNameTag = new byte[] { 327 (byte)0xa0,(byte)0xa4,(byte)0xa5, 328 (byte)0x86,(byte)0x87,(byte)0x88 329 }; 330 // wrong (for above tags) nameConstraints encoding 331 byte[] wrongEncoding = new byte[] { 332 (byte)0x30,(byte)0x0c, // sequence + length 333 (byte)0xa1,(byte)0x0a, // excluded subtrees, tag, len 334 (byte)0x30,(byte)0x08, // sequence of, tag, len 335 (byte)0xa0, // element 6 - tag identifying GeneralName choice 336 (byte)0x03, // GeneralName length 337 (byte)0x01,(byte)0x01,(byte)0xff, // wrong GeneralName for any choice 338 (byte)0x80,(byte)0x01,(byte)0x00 // minimum 339 }; 340 for (int i=0; i<generalNameTag.length; i++) { 341 wrongEncoding[6] = generalNameTag[i]; 342 try { 343 new TrustAnchor( 344 (X509Certificate)ks.getCertificate(certAlias), 345 wrongEncoding); 346 fail("IllegalArgumentException has not been thrown for tag " + 347 (generalNameTag[i]&0xff)); 348 } catch (IllegalArgumentException ok) { 349 } 350 } 351 } 352 353 /** 354 * Test #9 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> 355 * Assertion: <code>IllegalArgumentException</code> if nameConstraints 356 * parameter can not be decoded<br> 357 * Test preconditions: pass valid and then invalid nameConstraints encodings 358 * (GeneralName choice is [0] OtherName)<br> 359 * Expected: no exception for valid encoding and IllegalArgumentException for invalid 360 * @throws KeyStoreException 361 */ 362 public final void testTrustAnchorX509CertificatebyteArray09() 363 throws KeyStoreException { 364 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 365 if (ks == null) { 366 fail(getName() + ": not performed (could not create test KeyStore)"); 367 } 368 369 String certAlias = "testca1"; 370 byte[] encoding = new byte[] { 371 (byte)0x30,(byte)0x13,(byte)0xa1,(byte)0x11, 372 (byte)0x30,(byte)0x0f,(byte)0xa0,(byte)0x0a, 373 (byte)0x06,(byte)0x03,(byte)0x00,(byte)0x01,(byte)0x02, 374 (byte)0xA0,(byte)0x03,1,1,(byte)0xff, 375 (byte)0x80,(byte)0x01,(byte)0x00 376 }; 377 try { 378 new TrustAnchor( 379 (X509Certificate)ks.getCertificate(certAlias), encoding); 380 } catch (IllegalArgumentException failed) { 381 fail("valid encoding not accepted"); 382 } 383 // now corrupt encoding: set OtherName value tag to 1 (must be 0) 384 encoding[13] = 1; 385 try { 386 new TrustAnchor( 387 (X509Certificate)ks.getCertificate(certAlias), encoding); 388 fail("invalid encoding accepted"); 389 } catch (IllegalArgumentException ok) { 390 } 391 } 392 393 /** 394 * Test for <code>getNameConstraints()</code> method<br> 395 * Assertion: returns <code>nameConstraints</code> der encoding<br> 396 * Test preconditions: valid nameConstraints parameter passed (not null)<br> 397 * Expected: encoding passed to the ctor must match returned one<br> 398 * Assertion: returns new <code>nameConstraints</code> der encoding each time<br> 399 * Test preconditions: valid nameConstraints parameter passed (not null)<br> 400 * Expected: must return new reference each time called 401 */ 402 public final void testGetNameConstraints() 403 throws KeyStoreException { 404 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 405 if (ks == null) { 406 fail(getName() + ": not performed (could not create test KeyStore)"); 407 } 408 409 String certAlias = "testca1"; 410 byte[] nc = getFullEncoding(); 411 // sub testcase 1 412 TrustAnchor ta = new TrustAnchor( 413 (X509Certificate)ks.getCertificate(certAlias), nc); 414 byte[] ncRet = ta.getNameConstraints(); 415 // assert 1 416 assertTrue(Arrays.equals(nc, ncRet)); 417 assertNotSame(nc, ncRet); 418 // assert 2 419 assertNotSame(ncRet, ta.getNameConstraints()); 420 } 421 422 /** 423 * Test #2 for <code>getCAName()</code> method<br> 424 * 425 * Assertion: returns ... <code>null</code> if <code>TrustAnchor</code> 426 * was not specified as public key and CA name or CA principal pair<br> 427 * Test preconditions: test object is not specified as public key 428 * and CA name or CA principal pair<br> 429 * Expected: <code>null</code> as return value<br> 430 * @throws KeyStoreException 431 * 432 */ 433 public final void testGetCAPublicKey02() 434 throws InvalidKeySpecException, KeyStoreException { 435 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 436 if (ks == null) { 437 fail(getName() + ": not performed (could not create test KeyStore)"); 438 } 439 440 TrustAnchor ta = new TrustAnchor( 441 (X509Certificate)ks.getCertificate("testca1"), 442 null); 443 assertNull(ta.getCAPublicKey()); 444 } 445 446 /** 447 * Test #2 for <code>getCAName()</code> method<br> 448 * 449 * Assertion: returns ... <code>null</code> if <code>TrustAnchor</code> 450 * was not specified as public key and CA name or CA principal pair<br> 451 * Test preconditions: test object is not specified as public key 452 * and CA name or CA principal pair<br> 453 * Expected: <code>null</code> as return value<br> 454 * @throws KeyStoreException 455 */ 456 public final void testGetCAName02() 457 throws KeyStoreException { 458 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 459 if (ks == null) { 460 fail(getName() + ": not performed (could not create test KeyStore)"); 461 } 462 463 TrustAnchor ta = new TrustAnchor( 464 (X509Certificate)ks.getCertificate("testca1"), 465 null); 466 assertNull(ta.getCAName()); 467 } 468 469 /** 470 * Test #1 for <code>getCAName()</code> method<br> 471 * 472 * Assertion: returns most trusted CA certificate<br> 473 * Test preconditions: valid certificate passed to the constructor<br> 474 * Expected: the same certificate must be returned by the method<br> 475 * @throws KeyStoreException 476 * 477 */ 478 public final void testGetTrustedCert01() 479 throws KeyStoreException { 480 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 481 if (ks == null) { 482 fail(getName() + ": not performed (could not create test KeyStore)"); 483 } 484 485 X509Certificate cert = 486 (X509Certificate)ks.getCertificate("testca1"); 487 TrustAnchor ta = new TrustAnchor(cert, null); 488 assertEquals(cert, ta.getTrustedCert()); 489 } 490 491 /** 492 * Test #2 for <code>getCA()</code> method<br> 493 * 494 * Assertion: returns ... <code>null</code> if <code>TrustAnchor</code> 495 * was not specified as public key and CA name or CA principal pair<br> 496 * Test preconditions: test object is not specified as public key 497 * and CA name or CA principal pair<br> 498 * Expected: <code>null</code> as return value<br> 499 * @throws KeyStoreException 500 */ 501 public final void testGetCA02() 502 throws KeyStoreException { 503 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 504 if (ks == null) { 505 fail(getName() + ": not performed (could not create test KeyStore)"); 506 } 507 508 TrustAnchor ta = new TrustAnchor( 509 (X509Certificate)ks.getCertificate("testca1"), 510 null); 511 assertNull(ta.getCA()); 512 } 513 514 /** 515 * Test for <code>toString()</code> method<br> 516 * 517 * Assertion: returns string representation of this <code>TrustAnchor</code> 518 * Test preconditions: several valid test objects created<br> 519 * Expected: method returns not <code>null</code> in all cases<br> 520 */ 521 public final void testToString() throws Exception { 522 523 KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); 524 if (ks == null) { 525 fail(getName() + ": not performed (could not create test KeyStore)"); 526 } 527 528 String certAlias = "test"; 529 530 // sub testcase 1 531 TrustAnchor ta = new TrustAnchor( 532 (X509Certificate)ks.getCertificate(certAlias), 533 getFullEncoding()); 534 535 assertNotNull("#1", ta.toString()); 536 537 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 538 539 540 // sub testcase 2 541 ta = new TrustAnchor(validCaNameRfc2253, pk, getEncodingESOnly()); 542 543 assertNotNull("#2", ta.toString()); 544 545 // sub testcase 3 546 X500Principal x500p = new X500Principal(validCaNameRfc2253); 547 ta = new TrustAnchor(x500p, pk, getEncodingNoMinMax()); 548 549 assertNotNull("#3", ta.toString()); 550 551 // sub testcase 4 552 ta = new TrustAnchor(x500p, pk, null); 553 assertNotNull("#4", ta.toString()); 554 } 555 556 // 557 // Private stuff 558 // 559 560 /* 561 * The following methods return valid DER encoding 562 * for the following ASN.1 definition (as specified in RFC 3280 - 563 * Internet X.509 Public Key Infrastructure. 564 * Certificate and Certificate Revocation List (CRL) Profile. 565 * http://www.ietf.org/rfc/rfc3280.txt): 566 * 567 * NameConstraints ::= SEQUENCE { 568 * permittedSubtrees [0] GeneralSubtrees OPTIONAL, 569 * excludedSubtrees [1] GeneralSubtrees OPTIONAL } 570 * 571 * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree 572 * 573 * GeneralSubtree ::= SEQUENCE { 574 * base GeneralName, 575 * minimum [0] BaseDistance DEFAULT 0, 576 * maximum [1] BaseDistance OPTIONAL } 577 * 578 * BaseDistance ::= INTEGER (0..MAX) 579 * 580 * GeneralName ::= CHOICE { 581 * otherName [0] OtherName, 582 * rfc822Name [1] IA5String, 583 * dNSName [2] IA5String, 584 * x400Address [3] ORAddress, 585 * directoryName [4] Name, 586 * ediPartyName [5] EDIPartyName, 587 * uniformResourceIdentifier [6] IA5String, 588 * iPAddress [7] OCTET STRING, 589 * registeredID [8] OBJECT IDENTIFIER} 590 */ 591 592 // 593 // Full NameConstraints encoding 594 // (generated by own encoder class created during test development) 595 // 596 // @return Full NameConstraints encoding 597 // with all OPTIONAL values presented. 598 // 599 private static final byte[] getFullEncoding() { 600 // DO NOT MODIFY! 601 return new byte[] { 602 (byte)0x30,(byte)0x81,(byte)0x8c,(byte)0xa0, 603 (byte)0x44,(byte)0x30,(byte)0x16,(byte)0x86, 604 (byte)0x0e,(byte)0x66,(byte)0x69,(byte)0x6c, 605 (byte)0x65,(byte)0x3a,(byte)0x2f,(byte)0x2f, 606 (byte)0x66,(byte)0x6f,(byte)0x6f,(byte)0x2e, 607 (byte)0x63,(byte)0x6f,(byte)0x6d,(byte)0x80, 608 (byte)0x01,(byte)0x00,(byte)0x81,(byte)0x01, 609 (byte)0x01,(byte)0x30,(byte)0x16,(byte)0x86, 610 (byte)0x0e,(byte)0x66,(byte)0x69,(byte)0x6c, 611 (byte)0x65,(byte)0x3a,(byte)0x2f,(byte)0x2f, 612 (byte)0x62,(byte)0x61,(byte)0x72,(byte)0x2e, 613 (byte)0x63,(byte)0x6f,(byte)0x6d,(byte)0x80, 614 (byte)0x01,(byte)0x00,(byte)0x81,(byte)0x01, 615 (byte)0x01,(byte)0x30,(byte)0x12,(byte)0x86, 616 (byte)0x0a,(byte)0x66,(byte)0x69,(byte)0x6c, 617 (byte)0x65,(byte)0x3a,(byte)0x2f,(byte)0x2f, 618 (byte)0x6d,(byte)0x75,(byte)0x75,(byte)0x80, 619 (byte)0x01,(byte)0x00,(byte)0x81,(byte)0x01, 620 (byte)0x01,(byte)0xa1,(byte)0x44,(byte)0x30, 621 (byte)0x16,(byte)0x86,(byte)0x0e,(byte)0x68, 622 (byte)0x74,(byte)0x74,(byte)0x70,(byte)0x3a, 623 (byte)0x2f,(byte)0x2f,(byte)0x66,(byte)0x6f, 624 (byte)0x6f,(byte)0x2e,(byte)0x63,(byte)0x6f, 625 (byte)0x6d,(byte)0x80,(byte)0x01,(byte)0x00, 626 (byte)0x81,(byte)0x01,(byte)0x01,(byte)0x30, 627 (byte)0x16,(byte)0x86,(byte)0x0e,(byte)0x68, 628 (byte)0x74,(byte)0x74,(byte)0x70,(byte)0x3a, 629 (byte)0x2f,(byte)0x2f,(byte)0x62,(byte)0x61, 630 (byte)0x72,(byte)0x2e,(byte)0x63,(byte)0x6f, 631 (byte)0x6d,(byte)0x80,(byte)0x01,(byte)0x00, 632 (byte)0x81,(byte)0x01,(byte)0x01,(byte)0x30, 633 (byte)0x12,(byte)0x86,(byte)0x0a,(byte)0x68, 634 (byte)0x74,(byte)0x74,(byte)0x70,(byte)0x3a, 635 (byte)0x2f,(byte)0x2f,(byte)0x6d,(byte)0x75, 636 (byte)0x75,(byte)0x80,(byte)0x01,(byte)0x00, 637 (byte)0x81,(byte)0x01,(byte)0x01 638 }; 639 } 640 641 // 642 // NameConstraints encoding without excludedSubtrees 643 // (generated by own encoder class created during test development) 644 // 645 // @return NameConstraints encoding with 646 // permittedSubtrees only; all OPTIONAL 647 // values in permittedSubtrees are presented. 648 // 649 private static final byte[] getEncodingPSOnly() { 650 // DO NOT MODIFY! 651 return new byte[] { 652 (byte)0x30,(byte)0x46,(byte)0xa0,(byte)0x44, 653 (byte)0x30,(byte)0x16,(byte)0x86,(byte)0x0e, 654 (byte)0x66,(byte)0x69,(byte)0x6c,(byte)0x65, 655 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x66, 656 (byte)0x6f,(byte)0x6f,(byte)0x2e,(byte)0x63, 657 (byte)0x6f,(byte)0x6d,(byte)0x80,(byte)0x01, 658 (byte)0x00,(byte)0x81,(byte)0x01,(byte)0x01, 659 (byte)0x30,(byte)0x16,(byte)0x86,(byte)0x0e, 660 (byte)0x66,(byte)0x69,(byte)0x6c,(byte)0x65, 661 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x62, 662 (byte)0x61,(byte)0x72,(byte)0x2e,(byte)0x63, 663 (byte)0x6f,(byte)0x6d,(byte)0x80,(byte)0x01, 664 (byte)0x00,(byte)0x81,(byte)0x01,(byte)0x01, 665 (byte)0x30,(byte)0x12,(byte)0x86,(byte)0x0a, 666 (byte)0x66,(byte)0x69,(byte)0x6c,(byte)0x65, 667 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x6d, 668 (byte)0x75,(byte)0x75,(byte)0x80,(byte)0x01, 669 (byte)0x00,(byte)0x81,(byte)0x01,(byte)0x01, 670 }; 671 } 672 673 // 674 // NameConstraints encoding without permittedSubtrees 675 // (generated by own encoder class created during test development) 676 // 677 // @return NameConstraints encoding with 678 // excludedSubtrees only; all OPTIONAL 679 // values in excludedSubtrees are presented. 680 // 681 private static final byte[] getEncodingESOnly() { 682 // DO NOT MODIFY! 683 return new byte[] { 684 (byte)0x30,(byte)0x46,(byte)0xa1,(byte)0x44, 685 (byte)0x30,(byte)0x16,(byte)0x86,(byte)0x0e, 686 (byte)0x68,(byte)0x74,(byte)0x74,(byte)0x70, // http 687 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x66, // ://f 688 (byte)0x6f,(byte)0x6f,(byte)0x2e,(byte)0x63, // oo.c 689 (byte)0x6f,(byte)0x6d,(byte)0x80,(byte)0x01, // om 690 (byte)0x00,(byte)0x81,(byte)0x01,(byte)0x01, 691 (byte)0x30,(byte)0x16,(byte)0x86,(byte)0x0e, 692 (byte)0x68,(byte)0x74,(byte)0x74,(byte)0x70, 693 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x62, 694 (byte)0x61,(byte)0x72,(byte)0x2e,(byte)0x63, 695 (byte)0x6f,(byte)0x6d,(byte)0x80,(byte)0x01, 696 (byte)0x00,(byte)0x81,(byte)0x01,(byte)0x01, 697 (byte)0x30,(byte)0x12,(byte)0x86,(byte)0x0a, 698 (byte)0x68,(byte)0x74,(byte)0x74,(byte)0x70, 699 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x6d, 700 (byte)0x75,(byte)0x75,(byte)0x80,(byte)0x01, 701 (byte)0x00,(byte)0x81,(byte)0x01,(byte)0x01, 702 }; 703 } 704 705 // 706 // NameConstraints full encoding with all (OPTIONAL) 707 // minimum/maximum GeneralSubtree fields OMITTED 708 // (generated by own encoder class created during test development) 709 // 710 // @return Full NameConstraints encoding 711 // with all (OPTIONAL) minimum/maximum 712 // GeneralSubtree fields OMITTED 713 // 714 private static final byte[] getEncodingNoMinMax() { 715 // DO NOT MODIFY! 716 return new byte[] { 717 (byte)0x30,(byte)0x68,(byte)0xa0,(byte)0x32, 718 (byte)0x30,(byte)0x10,(byte)0x86,(byte)0x0e, 719 (byte)0x66,(byte)0x69,(byte)0x6c,(byte)0x65, 720 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x66, 721 (byte)0x6f,(byte)0x6f,(byte)0x2e,(byte)0x63, 722 (byte)0x6f,(byte)0x6d,(byte)0x30,(byte)0x10, 723 (byte)0x86,(byte)0x0e,(byte)0x66,(byte)0x69, 724 (byte)0x6c,(byte)0x65,(byte)0x3a,(byte)0x2f, 725 (byte)0x2f,(byte)0x62,(byte)0x61,(byte)0x72, 726 (byte)0x2e,(byte)0x63,(byte)0x6f,(byte)0x6d, 727 (byte)0x30,(byte)0x0c,(byte)0x86,(byte)0x0a, 728 (byte)0x66,(byte)0x69,(byte)0x6c,(byte)0x65, 729 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x6d, 730 (byte)0x75,(byte)0x75,(byte)0xa1,(byte)0x32, 731 (byte)0x30,(byte)0x10,(byte)0x86,(byte)0x0e, 732 (byte)0x68,(byte)0x74,(byte)0x74,(byte)0x70, 733 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x66, 734 (byte)0x6f,(byte)0x6f,(byte)0x2e,(byte)0x63, 735 (byte)0x6f,(byte)0x6d,(byte)0x30,(byte)0x10, 736 (byte)0x86,(byte)0x0e,(byte)0x68,(byte)0x74, 737 (byte)0x74,(byte)0x70,(byte)0x3a,(byte)0x2f, 738 (byte)0x2f,(byte)0x62,(byte)0x61,(byte)0x72, 739 (byte)0x2e,(byte)0x63,(byte)0x6f,(byte)0x6d, 740 (byte)0x30,(byte)0x0c,(byte)0x86,(byte)0x0a, 741 (byte)0x68,(byte)0x74,(byte)0x74,(byte)0x70, 742 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x6d, 743 (byte)0x75,(byte)0x75, 744 }; 745 } 746 747 // Returns OID encoding 748 // (generated by own encoder class created during test development) 749 private static final byte[] getEncodingOid() { 750 // DO NOT MODIFY! 751 return new byte[] { 752 (byte) 0x30, (byte) 0x09, (byte) 0xA0, (byte) 0x07, 753 (byte) 0x30, (byte) 0x05, (byte) 0x88, (byte) 0x03, 754 (byte) 0x2A, (byte) 0x03, (byte) 0x04 755 }; 756 } 757} 758