1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18/** 19 * @author Alexander Y. Kleymenov 20 */ 21 22package java.security.cert; 23 24import java.io.IOException; 25import java.math.BigInteger; 26import java.security.InvalidKeyException; 27import java.security.NoSuchAlgorithmException; 28import java.security.NoSuchProviderException; 29import java.security.Principal; 30import java.security.PublicKey; 31import java.security.SignatureException; 32import java.security.cert.CRLException; 33import java.security.cert.X509CRLEntry; 34import java.util.ArrayList; 35import java.util.Collection; 36import java.util.Date; 37import java.util.Set; 38import javax.security.auth.x500.X500Principal; 39 40import org.apache.harmony.security.asn1.ASN1Integer; 41import org.apache.harmony.security.asn1.ASN1OctetString; 42 43import junit.framework.Test; 44import junit.framework.TestCase; 45import junit.framework.TestSuite; 46 47/** 48 */ 49 50public class X509CRLSelectorTest extends TestCase { 51 52 /** 53 * The abstract class stub implementation. 54 */ 55 private class TestCRL extends X509CRL { 56 57 private X500Principal principal = null; 58 private BigInteger crlNumber = null; 59 private Date thisUpdate = null; 60 private Date nextUpdate = null; 61 62 public TestCRL(X500Principal principal) { 63 this.principal = principal; 64 } 65 66 public TestCRL(Date thisUpdate, Date nextUpdate) { 67 setUpdateDates(thisUpdate, nextUpdate); 68 } 69 70 public TestCRL(BigInteger crlNumber) { 71 setCrlNumber(crlNumber); 72 } 73 74 public void setUpdateDates(Date thisUpdate, Date nextUpdate) { 75 this.thisUpdate = thisUpdate; 76 this.nextUpdate = nextUpdate; 77 } 78 79 public void setCrlNumber(BigInteger crlNumber) { 80 this.crlNumber = crlNumber; 81 } 82 83 public X500Principal getIssuerX500Principal() { 84 return principal; 85 } 86 87 public String toString() { 88 return null; 89 } 90 91 public boolean isRevoked(Certificate cert) { 92 return true; 93 } 94 95 public Set getNonCriticalExtensionOIDs() { 96 return null; 97 } 98 99 public Set getCriticalExtensionOIDs() { 100 return null; 101 } 102 103 public byte[] getExtensionValue(String oid) { 104 if ("2.5.29.20".equals(oid) && (crlNumber != null)) { 105 return ASN1OctetString.getInstance().encode( 106 ASN1Integer.getInstance().encode( 107 crlNumber.toByteArray())); 108 } 109 return null; 110 } 111 112 public boolean hasUnsupportedCriticalExtension() { 113 return false; 114 } 115 116 public byte[] getEncoded() { 117 return null; 118 } 119 120 public void verify(PublicKey key) 121 throws CRLException, NoSuchAlgorithmException, 122 InvalidKeyException, NoSuchProviderException, 123 SignatureException { 124 } 125 126 public void verify(PublicKey key, String sigProvider) 127 throws CRLException, NoSuchAlgorithmException, 128 InvalidKeyException, NoSuchProviderException, 129 SignatureException { 130 } 131 132 public int getVersion() { 133 return 2; 134 } 135 136 public Principal getIssuerDN() { 137 return null; 138 } 139 140 public Date getThisUpdate() { 141 return thisUpdate; 142 } 143 144 public Date getNextUpdate() { 145 return nextUpdate; 146 } 147 148 public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { 149 return null; 150 } 151 152 public Set getRevokedCertificates() { 153 return null; 154 } 155 156 public byte[] getTBSCertList() { 157 return null; 158 } 159 160 public byte[] getSignature() { 161 return null; 162 } 163 164 public String getSigAlgName() { 165 return null; 166 } 167 168 public String getSigAlgOID() { 169 return null; 170 } 171 172 public byte[] getSigAlgParams() { 173 return null; 174 } 175 } 176 177 /** 178 * setIssuers(Collection <X500Principal> issuers) method testing. 179 * Tests if CRLs with any issuers match the selector in the case of 180 * null issuerNames criteria, if specified issuers match the selector, 181 * and if not specified issuer does not match the selector. 182 */ 183 public void testSetIssuers() { 184 X509CRLSelector selector = new X509CRLSelector(); 185 X500Principal iss1 = new X500Principal("O=First Org."); 186 X500Principal iss2 = new X500Principal("O=Second Org."); 187 X500Principal iss3 = new X500Principal("O=Third Org."); 188 TestCRL crl1 = new TestCRL(iss1); 189 TestCRL crl2 = new TestCRL(iss2); 190 TestCRL crl3 = new TestCRL(iss3); 191 192 selector.setIssuers(null); 193 assertTrue("Any CRL issuers should match in the case of null issuers.", 194 selector.match(crl1) && selector.match(crl2)); 195 196 ArrayList issuers = new ArrayList(2); 197 issuers.add(iss1); 198 issuers.add(iss2); 199 selector.setIssuers(issuers); 200 assertTrue("The CRL should match the selection criteria.", 201 selector.match(crl1) && selector.match(crl2)); 202 assertFalse("The CRL should not match the selection criteria.", 203 selector.match(crl3)); 204 issuers.add(iss3); 205 assertFalse("The internal issuer collection is not protected " 206 + "against the modifications.", selector.match(crl3)); 207 } 208 209 /** 210 * setIssuerNames(Collection <?> names) method testing. 211 * Tests if CRLs with any issuers match the selector in the case of 212 * null issuerNames criteria, if specified issuers match the selector, 213 * if not specified issuer does not match the selector, and if the 214 * internal collection of issuer names is copied during initialization. 215 */ 216 public void testSetIssuerNames() { 217 X509CRLSelector selector = new X509CRLSelector(); 218 String iss1 = "O=First Org."; 219 byte[] iss2 = new byte[] 220 //manually obtained DER encoding of "O=Second Org." issuer name; 221 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 222 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46 }; 223 String iss3 = "O=Third Org."; 224 TestCRL crl1 = new TestCRL(new X500Principal(iss1)); 225 TestCRL crl2 = new TestCRL(new X500Principal(iss2)); 226 TestCRL crl3 = new TestCRL(new X500Principal(iss3)); 227 228 try { 229 selector.setIssuerNames(null); 230 } catch (IOException e) { 231 e.printStackTrace(); 232 fail("Unexpected IOException was thrown."); 233 } 234 assertTrue("Any CRL issuers should match in the case of null issuers.", 235 selector.match(crl1) && selector.match(crl2)); 236 237 ArrayList issuers = new ArrayList(2); 238 issuers.add(iss1); 239 issuers.add(iss2); 240 try { 241 selector.setIssuerNames(issuers); 242 } catch (IOException e) { 243 e.printStackTrace(); 244 fail("Unexpected IOException was thrown."); 245 } 246 assertTrue("The CRL should match the selection criteria.", 247 selector.match(crl1) && selector.match(crl2)); 248 assertFalse("The CRL should not match the selection criteria.", 249 selector.match(crl3)); 250 issuers.add(iss3); 251 assertFalse("The internal issuer collection is not protected " 252 + "against the modifications.", selector.match(crl3)); 253 } 254 255 /** 256 * addIssuer(X500Principal issuer) method testing. 257 * Tests if CRLs with specified issuers match the selector, 258 * and if not specified issuer does not match the selector. 259 */ 260 public void testAddIssuer() { 261 X509CRLSelector selector = new X509CRLSelector(); 262 X500Principal iss1 = new X500Principal("O=First Org."); 263 X500Principal iss2 = new X500Principal("O=Second Org."); 264 TestCRL crl1 = new TestCRL(iss1); 265 TestCRL crl2 = new TestCRL(iss2); 266 267 selector.addIssuer(iss1); 268 assertTrue("The CRL should match the selection criteria.", 269 selector.match(crl1)); 270 assertFalse("The CRL should not match the selection criteria.", 271 selector.match(crl2)); 272 selector.addIssuer(iss2); 273 assertTrue("The CRL should match the selection criteria.", 274 selector.match(crl2)); 275 } 276 277 /** 278 * addIssuerName(String name) method testing. 279 * Tests if CRLs with specified issuers match the selector, 280 * and if not specified issuer does not match the selector. 281 */ 282 public void testAddIssuerName1() { 283 X509CRLSelector selector = new X509CRLSelector(); 284 String iss1 = "O=First Org."; 285 String iss2 = "O=Second Org."; 286 TestCRL crl1 = new TestCRL(new X500Principal(iss1)); 287 TestCRL crl2 = new TestCRL(new X500Principal(iss2)); 288 289 try { 290 selector.addIssuerName(iss1); 291 } catch (IOException e) { 292 e.printStackTrace(); 293 fail("Unexpected IOException was thrown."); 294 } 295 assertTrue("The CRL should match the selection criteria.", 296 selector.match(crl1)); 297 assertFalse("The CRL should not match the selection criteria.", 298 selector.match(crl2)); 299 try { 300 selector.addIssuerName(iss2); 301 } catch (IOException e) { 302 e.printStackTrace(); 303 fail("Unexpected IOException was thrown."); 304 } 305 assertTrue("The CRL should match the selection criteria.", 306 selector.match(crl2)); 307 } 308 309 /** 310 * addIssuerName(byte[] name) method testing. 311 * Tests if CRLs with specified issuers match the selector, 312 * and if not specified issuer does not match the selector. 313 */ 314 public void testAddIssuerName2() { 315 X509CRLSelector selector = new X509CRLSelector(); 316 byte[] iss1 = new byte[] 317 //manually obtained DER encoding of "O=First Org." issuer name; 318 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 319 70, 105, 114, 115, 116, 32, 79, 114, 103, 46 }; 320 byte[] iss2 = new byte[] 321 //manually obtained DER encoding of "O=Second Org." issuer name; 322 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 323 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46 }; 324 TestCRL crl1 = new TestCRL(new X500Principal(iss1)); 325 TestCRL crl2 = new TestCRL(new X500Principal(iss2)); 326 327 try { 328 selector.addIssuerName(iss1); 329 } catch (IOException e) { 330 e.printStackTrace(); 331 fail("Unexpected IOException was thrown."); 332 } 333 assertTrue("The CRL should match the selection criteria.", 334 selector.match(crl1)); 335 assertFalse("The CRL should not match the selection criteria.", 336 selector.match(crl2)); 337 try { 338 selector.addIssuerName(iss2); 339 } catch (IOException e) { 340 e.printStackTrace(); 341 fail("Unexpected IOException was thrown."); 342 } 343 assertTrue("The CRL should match the selection criteria.", 344 selector.match(crl2)); 345 } 346 347 /** 348 * setMinCRLNumber(BigInteger minCRL) method testing. 349 * Tests if CRLs with any crl number value match the selector in the case of 350 * null crlNumber criteria, if specified minCRL value matches the selector, 351 * and if CRL with inappropriate crlNumber value does not match the selector. 352 */ 353 public void testSetMinCRLNumber() { 354 X509CRLSelector selector = new X509CRLSelector(); 355 BigInteger minCRL = new BigInteger("10000"); 356 TestCRL crl = new TestCRL(minCRL); 357 358 selector.setMinCRLNumber(null); 359 assertTrue("Any CRL should match in the case of null minCRLNumber.", 360 selector.match(crl)); 361 selector.setMinCRLNumber(minCRL); 362 assertTrue("The CRL should match the selection criteria.", 363 selector.match(crl)); 364 selector.setMinCRLNumber(new BigInteger("10001")); 365 assertFalse("The CRL should not match the selection criteria.", 366 selector.match(crl)); 367 } 368 369 /** 370 * setMaxCRLNumber(BigInteger maxCRL) method testing. 371 * Tests if CRLs with any crl number value match the selector in the case of 372 * null crlNumber criteria, if specified maxCRL value matches the selector, 373 * and if CRL with inappropriate crlNumber value does not match the selector. 374 */ 375 public void testSetMaxCRLNumber() { 376 X509CRLSelector selector = new X509CRLSelector(); 377 BigInteger maxCRL = new BigInteger("10000"); 378 TestCRL crl = new TestCRL(maxCRL); 379 380 selector.setMaxCRLNumber(null); 381 assertTrue("Any CRL should match in the case of null minCRLNumber.", 382 selector.match(crl)); 383 selector.setMaxCRLNumber(maxCRL); 384 assertTrue("The CRL should match the selection criteria.", 385 selector.match(crl)); 386 selector.setMaxCRLNumber(new BigInteger("9999")); 387 assertFalse("The CRL should not match the selection criteria.", 388 selector.match(crl)); 389 } 390 391 /** 392 * setDateAndTime(Date dateAndTime) method testing. 393 * Tests if CRLs with any update dates match the selector in the case of 394 * null dateAndTime criteria, if correct dates match and incorrect 395 * do not match the selector. 396 */ 397 public void testSetDateAndTime() { 398 X509CRLSelector selector = new X509CRLSelector(); 399 TestCRL crl = new TestCRL(new Date(200), new Date(300)); 400 selector.setDateAndTime(null); 401 assertTrue("Any CRL should match in the case of null dateAndTime.", 402 selector.match(crl)); 403 selector.setDateAndTime(new Date(200)); 404 assertTrue("The CRL should match the selection criteria.", 405 selector.match(crl)); 406 selector.setDateAndTime(new Date(250)); 407 assertTrue("The CRL should match the selection criteria.", 408 selector.match(crl)); 409 selector.setDateAndTime(new Date(300)); 410 assertTrue("The CRL should match the selection criteria.", 411 selector.match(crl)); 412 selector.setDateAndTime(new Date(150)); 413 assertFalse("The CRL should not match the selection criteria.", 414 selector.match(crl)); 415 selector.setDateAndTime(new Date(350)); 416 assertFalse("The CRL should not match the selection criteria.", 417 selector.match(crl)); 418 } 419 420 /** 421 * getIssuers() method testing. 422 * Tests if the method return null in the case of not specified issuers, 423 * if the returned collection corresponds to the specified issuers and 424 * this collection is unmodifiable. 425 */ 426 public void testGetIssuers() throws Exception { 427 X509CRLSelector selector = new X509CRLSelector(); 428 X500Principal iss1 = new X500Principal("O=First Org."); 429 X500Principal iss2 = new X500Principal("O=Second Org."); 430 X500Principal iss3 = new X500Principal("O=Third Org."); 431 String iss_name_1 = "O=First String DN"; 432 String iss_name_2 = "O=Second String DN"; 433 String iss_name_3 = "O=Third String DN"; 434 assertNull("The collection should be null.", 435 selector.getIssuers()); 436 selector.addIssuerName(iss_name_1); 437 selector.addIssuer(iss1); 438 selector.addIssuerName(iss_name_2); 439 selector.addIssuer(iss2); 440 selector.addIssuerName(iss_name_3); 441 442 Collection result = selector.getIssuers(); 443 assertEquals("Size does not correspond to expected", 444 5, result.size()); 445 try { 446 result.add(iss3); 447 fail("The returned collection should be unmodifiable."); 448 } catch (UnsupportedOperationException e) { 449 } 450 assertTrue("The collection should contain the specified DN.", 451 result.contains(iss1)); 452 assertTrue("The collection should contain the specified DN.", 453 result.contains(iss2)); 454 assertTrue("The collection should contain the specified DN.", 455 result.contains(new X500Principal(iss_name_1))); 456 assertTrue("The collection should contain the specified DN.", 457 result.contains(new X500Principal(iss_name_2))); 458 selector.addIssuer(iss3); 459 assertTrue("The collection should contain the specified DN.", 460 result.contains(iss3)); 461 } 462 463 /** 464 * getIssuerNames() method testing. 465 * Tests if the method return null in the case of not specified issuers, 466 * if the returned collection corresponds to the specified issuers. 467 */ 468 public void testGetIssuerNames() { 469 X509CRLSelector selector = new X509CRLSelector(); 470 byte[] iss1 = new byte[] 471 //manually obtained DER encoding of "O=First Org." issuer name; 472 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 473 70, 105, 114, 115, 116, 32, 79, 114, 103, 46 }; 474 byte[] iss2 = new byte[] 475 //manually obtained DER encoding of "O=Second Org." issuer name; 476 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 477 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46 }; 478 assertNull("The collection should be null.", 479 selector.getIssuerNames()); 480 try { 481 selector.addIssuerName(iss1); 482 selector.addIssuerName(iss2); 483 } catch (IOException e) { 484 e.printStackTrace(); 485 fail("Unexpected IOException was thrown."); 486 } 487 Collection result = selector.getIssuerNames(); 488 assertEquals("The collection should contain all of the specified DNs.", 489 2, result.size()); 490 } 491 492 /** 493 * getMinCRL() method testing. 494 * Tests if the method return null in the case of not specified minCRL 495 * criteria, and if the returned value corresponds to the specified one. 496 */ 497 public void testGetMinCRL() { 498 X509CRLSelector selector = new X509CRLSelector(); 499 assertNull("Initially the minCRL should be null.", 500 selector.getMinCRL()); 501 BigInteger minCRL = new BigInteger("10000"); 502 selector.setMinCRLNumber(minCRL); 503 assertTrue("The result should be equal to specified.", 504 minCRL.equals(selector.getMinCRL())); 505 } 506 507 /** 508 * getMaxCRL() method testing. 509 * Tests if the method return null in the case of not specified maxCRL 510 * criteria, and if the returned value corresponds to the specified one. 511 */ 512 public void testGetMaxCRL() { 513 X509CRLSelector selector = new X509CRLSelector(); 514 assertNull("Initially the maxCRL should be null.", 515 selector.getMaxCRL()); 516 BigInteger maxCRL = new BigInteger("10000"); 517 selector.setMaxCRLNumber(maxCRL); 518 assertTrue("The result should be equal to specified.", 519 maxCRL.equals(selector.getMaxCRL())); 520 } 521 522 /** 523 * getDateAndTime() method testing. 524 * Tests if the method return null in the case of not specified dateAndTime 525 * criteria, and if the returned value corresponds to the specified one. 526 */ 527 public void testGetDateAndTime() { 528 X509CRLSelector selector = new X509CRLSelector(); 529 assertNull("Initially the dateAndTime criteria should be null.", 530 selector.getDateAndTime()); 531 Date date = new Date(200); 532 selector.setDateAndTime(date); 533 assertTrue("The result should be equal to specified.", 534 date.equals(selector.getDateAndTime())); 535 } 536 537 /** 538 * match(CRL crl) method testing. 539 * Tests if the null object matches to the selector or not. 540 */ 541 public void testMatch() { 542 X509CRLSelector selector = new X509CRLSelector(); 543 assertFalse("The null object should not match", 544 selector.match((X509CRL) null)); 545 } 546 547 /** 548 * clone() method testing. 549 * Tests if the selector is cloned correctly: the crl which matche to 550 * the initial selector should match to the clone and the change of clone 551 * should not cause the change of initial selector. 552 */ 553 public void testClone() { 554 X509CRLSelector selector = new X509CRLSelector(); 555 X500Principal iss1 = new X500Principal("O=First Org."); 556 X500Principal iss2 = new X500Principal("O=Second Org."); 557 X500Principal iss3 = new X500Principal("O=Third Org."); 558 BigInteger minCRL = new BigInteger("10000"); 559 BigInteger maxCRL = new BigInteger("10000"); 560 Date date = new Date(200); 561 562 selector.addIssuer(iss1); 563 selector.addIssuer(iss2); 564 selector.setMinCRLNumber(minCRL); 565 selector.setMaxCRLNumber(maxCRL); 566 selector.setDateAndTime(date); 567 568 X509CRLSelector clone = (X509CRLSelector) selector.clone(); 569 TestCRL crl = new TestCRL(iss1); 570 crl.setCrlNumber(minCRL); 571 crl.setUpdateDates(new Date(200), new Date(200)); 572 assertTrue("The specified CRL should match the clone selector.", 573 selector.match(crl)); 574 575 clone.addIssuer(iss3); 576 assertFalse("The changes of the clone selector should not cause " 577 + "the changes of initial object", 578 selector.getIssuerNames().size() == 3); 579 } 580 581 public void testToString() { 582 X509CRLSelector selector = new X509CRLSelector(); 583 X500Principal iss1 = new X500Principal("O=First Org."); 584 X500Principal iss2 = new X500Principal("O=Second Org."); 585 BigInteger minCRL = new BigInteger("10000"); 586 BigInteger maxCRL = new BigInteger("10000"); 587 Date date = new Date(200); 588 589 selector.addIssuer(iss1); 590 selector.addIssuer(iss2); 591 selector.setMinCRLNumber(minCRL); 592 selector.setMaxCRLNumber(maxCRL); 593 selector.setDateAndTime(date); 594 595 assertNotNull("The result should not be null.", selector.toString()); 596 } 597 598 public static Test suite() { 599 return new TestSuite(X509CRLSelectorTest.class); 600 } 601 602} 603