1package libcore.java.security.cert; 2 3import java.io.IOException; 4import java.io.OutputStream; 5import java.net.URI; 6import java.security.KeyStore.PrivateKeyEntry; 7import java.security.cert.CertPathBuilder; 8import java.security.cert.CertPathChecker; 9import java.security.cert.Extension; 10import java.security.cert.PKIXRevocationChecker; 11import java.security.cert.PKIXRevocationChecker.Option; 12import java.security.cert.X509Certificate; 13import java.util.Arrays; 14import java.util.Collections; 15import java.util.Map; 16 17import junit.framework.TestCase; 18import libcore.java.security.TestKeyStore; 19 20public class PKIXRevocationCheckerTest extends TestCase { 21 PKIXRevocationChecker checker; 22 23 PrivateKeyEntry entity; 24 25 PrivateKeyEntry issuer; 26 27 @Override 28 protected void setUp() throws Exception { 29 super.setUp(); 30 31 CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); 32 CertPathChecker rc = cpb.getRevocationChecker(); 33 assertNotNull(rc); 34 assertTrue(rc instanceof PKIXRevocationChecker); 35 checker = (PKIXRevocationChecker) rc; 36 37 TestKeyStore server = TestKeyStore.getServer(); 38 TestKeyStore intermediate = TestKeyStore.getIntermediateCa(); 39 40 entity = server.getPrivateKey("RSA", "RSA"); 41 issuer = intermediate.getPrivateKey("RSA", "RSA"); 42 } 43 44 public void test_Initializes() throws Exception { 45 assertEquals(0, checker.getOcspResponses().size()); 46 assertEquals(0, checker.getOcspExtensions().size()); 47 assertEquals(0, checker.getOptions().size()); 48 assertEquals(0, checker.getSoftFailExceptions().size()); 49 assertNull(checker.getSupportedExtensions()); 50 assertNull(checker.getOcspResponderCert()); 51 assertNull(checker.getOcspResponder()); 52 } 53 54 public void test_CanSetOCSPResponse() throws Exception { 55 byte[] goodOCSPResponse = TestKeyStore.getOCSPResponseForGood(entity, issuer); 56 57 Map<X509Certificate, byte[]> ocspResponses = Collections 58 .singletonMap((X509Certificate) entity.getCertificate(), goodOCSPResponse); 59 checker.setOcspResponses(ocspResponses); 60 61 Map<X509Certificate, byte[]> returnedResponses = checker.getOcspResponses(); 62 assertEquals(1, returnedResponses.size()); 63 byte[] returnedResponse = returnedResponses.get(entity.getCertificate()); 64 assertNotNull(returnedResponse); 65 assertEquals(Arrays.toString(goodOCSPResponse), Arrays.toString(returnedResponse)); 66 } 67 68 public void test_getOcspResponder() throws Exception { 69 URI url = new URI("http://localhost/"); 70 checker.setOcspResponder(url); 71 assertEquals(url, checker.getOcspResponder()); 72 } 73 74 public void test_getOcspResponderCert() throws Exception { 75 checker.setOcspResponderCert((X509Certificate) issuer.getCertificate()); 76 assertEquals((X509Certificate) issuer.getCertificate(), checker.getOcspResponderCert()); 77 } 78 79 public void test_getOptions() throws Exception { 80 checker.setOptions(Collections.singleton(Option.SOFT_FAIL)); 81 assertEquals(Collections.singleton(Option.SOFT_FAIL), checker.getOptions()); 82 } 83 84 public void test_getOcspExtensions() throws Exception { 85 checker.setOcspExtensions(Collections.singletonList(new Extension() { 86 @Override 87 public boolean isCritical() { 88 throw new UnsupportedOperationException(); 89 } 90 91 @Override 92 public byte[] getValue() { 93 throw new UnsupportedOperationException(); 94 } 95 96 @Override 97 public String getId() { 98 return "TestExtension"; 99 } 100 101 @Override 102 public void encode(OutputStream out) throws IOException { 103 throw new UnsupportedOperationException(); 104 } 105 })); 106 assertEquals(1, checker.getOcspExtensions().size()); 107 assertEquals("TestExtension", checker.getOcspExtensions().get(0).getId()); 108 } 109} 110