package libcore.java.security.cert; import java.io.IOException; import java.io.OutputStream; import java.net.URI; import java.security.KeyStore.PrivateKeyEntry; import java.security.cert.CertPathBuilder; import java.security.cert.CertPathChecker; import java.security.cert.Extension; import java.security.cert.PKIXRevocationChecker; import java.security.cert.PKIXRevocationChecker.Option; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Collections; import java.util.Map; import junit.framework.TestCase; import libcore.java.security.TestKeyStore; public class PKIXRevocationCheckerTest extends TestCase { PKIXRevocationChecker checker; PrivateKeyEntry entity; PrivateKeyEntry issuer; @Override protected void setUp() throws Exception { super.setUp(); CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); CertPathChecker rc = cpb.getRevocationChecker(); assertNotNull(rc); assertTrue(rc instanceof PKIXRevocationChecker); checker = (PKIXRevocationChecker) rc; TestKeyStore server = TestKeyStore.getServer(); TestKeyStore intermediate = TestKeyStore.getIntermediateCa(); entity = server.getPrivateKey("RSA", "RSA"); issuer = intermediate.getPrivateKey("RSA", "RSA"); } public void test_Initializes() throws Exception { assertEquals(0, checker.getOcspResponses().size()); assertEquals(0, checker.getOcspExtensions().size()); assertEquals(0, checker.getOptions().size()); assertEquals(0, checker.getSoftFailExceptions().size()); assertNull(checker.getSupportedExtensions()); assertNull(checker.getOcspResponderCert()); assertNull(checker.getOcspResponder()); } public void test_CanSetOCSPResponse() throws Exception { byte[] goodOCSPResponse = TestKeyStore.getOCSPResponseForGood(entity, issuer); Map ocspResponses = Collections .singletonMap((X509Certificate) entity.getCertificate(), goodOCSPResponse); checker.setOcspResponses(ocspResponses); Map returnedResponses = checker.getOcspResponses(); assertEquals(1, returnedResponses.size()); byte[] returnedResponse = returnedResponses.get(entity.getCertificate()); assertNotNull(returnedResponse); assertEquals(Arrays.toString(goodOCSPResponse), Arrays.toString(returnedResponse)); } public void test_getOcspResponder() throws Exception { URI url = new URI("http://localhost/"); checker.setOcspResponder(url); assertEquals(url, checker.getOcspResponder()); } public void test_getOcspResponderCert() throws Exception { checker.setOcspResponderCert((X509Certificate) issuer.getCertificate()); assertEquals((X509Certificate) issuer.getCertificate(), checker.getOcspResponderCert()); } public void test_getOptions() throws Exception { checker.setOptions(Collections.singleton(Option.SOFT_FAIL)); assertEquals(Collections.singleton(Option.SOFT_FAIL), checker.getOptions()); } public void test_getOcspExtensions() throws Exception { checker.setOcspExtensions(Collections.singletonList(new Extension() { @Override public boolean isCritical() { throw new UnsupportedOperationException(); } @Override public byte[] getValue() { throw new UnsupportedOperationException(); } @Override public String getId() { return "TestExtension"; } @Override public void encode(OutputStream out) throws IOException { throw new UnsupportedOperationException(); } })); assertEquals(1, checker.getOcspExtensions().size()); assertEquals("TestExtension", checker.getOcspExtensions().get(0).getId()); } }