TestUtils.java revision f33eae7e84eb6d3b0f4e86b59605bb3de73009f3
1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18/** 19* @author Vladimir N. Molotkov 20* @version $Revision$ 21*/ 22 23package org.apache.harmony.security.tests.support.cert; 24 25import tests.support.resource.Support_Resources; 26 27import java.io.BufferedInputStream; 28import java.io.ByteArrayInputStream; 29import java.io.IOException; 30import java.math.BigInteger; 31import java.security.InvalidAlgorithmParameterException; 32import java.security.KeyStore; 33import java.security.NoSuchAlgorithmException; 34import java.security.cert.CertPath; 35import java.security.cert.CertPathBuilder; 36import java.security.cert.CertPathBuilderException; 37import java.security.cert.CertPathBuilderResult; 38import java.security.cert.CertPathParameters; 39import java.security.cert.CertPathValidatorException; 40import java.security.cert.CertStore; 41import java.security.cert.Certificate; 42import java.security.cert.CertificateException; 43import java.security.cert.CertificateFactory; 44import java.security.cert.CollectionCertStoreParameters; 45import java.security.cert.PKIXBuilderParameters; 46import java.security.cert.PKIXCertPathBuilderResult; 47import java.security.cert.PKIXCertPathChecker; 48import java.security.cert.PolicyNode; 49import java.security.cert.PolicyQualifierInfo; 50import java.security.cert.TrustAnchor; 51import java.security.cert.X509CertSelector; 52import java.security.cert.X509Certificate; 53import java.util.ArrayList; 54import java.util.Collection; 55import java.util.Collections; 56import java.util.HashSet; 57import java.util.Iterator; 58import java.util.List; 59import java.util.Set; 60 61/** 62 * java.security.cert test utilities 63 * 64 */ 65public class TestUtils { 66 // Certificate type used during testing 67 private static final String certType = "X.509"; 68 // Key store type used during testing 69 private static final String keyStoreType = "BKS"; 70 // The file name prefix to load keystore from 71 private static final String keyStoreFileName = "test." + keyStoreType 72 + ".ks"; 73 // 74 // The file name suffixes to load keystore from 75 // *.ks1 - keystore containing untrusted certificates only 76 // *.ks2 - keystore containing trusted certificates only 77 // *.ks3 - keystore containing both trusted and untrusted certificates 78 // 79 public static final int UNTRUSTED = 1; 80 public static final int TRUSTED = 2; 81 public static final int TRUSTED_AND_UNTRUSTED = 3; 82 // 83 // Common passwords for all test keystores 84 // 85 private final static char[] storepass = 86 new char[] {'s','t','o','r','e','p','w','d'}; 87 88 /** 89 * Creates <code>TrustAnchor</code> instance 90 * constructed using self signed test certificate 91 * 92 * @return <code>TrustAnchor</code> instance 93 */ 94 public static TrustAnchor getTrustAnchor() { 95 CertificateFactory cf = null; 96 try { 97 cf = CertificateFactory.getInstance(certType); 98 } catch (CertificateException e) { 99 // requested cert type is not available in the 100 // default provider package or any of the other provider packages 101 // that were searched 102 throw new RuntimeException(e); 103 } 104 BufferedInputStream bis = null; 105 try { 106 bis = new BufferedInputStream(new ByteArrayInputStream( 107 getEncodedX509Certificate())); 108 X509Certificate c1 = (X509Certificate)cf.generateCertificate(bis); 109 110 return new TrustAnchor(c1, null); 111 } catch (Exception e) { 112 // all failures are fatal 113 throw new RuntimeException(e); 114 } finally { 115 if (bis != null) { 116 try { 117 bis.close() ; 118 } catch (IOException ign) {} 119 } 120 } 121 } 122 123 /** 124 * Creates <code>Set</code> of <code>TrustAnchor</code>s 125 * containing single element (self signed test certificate). 126 * @return Returns <code>Set</code> of <code>TrustAnchor</code>s 127 */ 128 public static Set<TrustAnchor> getTrustAnchorSet() { 129 TrustAnchor ta = getTrustAnchor(); 130 if (ta == null) { 131 return null; 132 } 133 HashSet<TrustAnchor> set = new HashSet<TrustAnchor>(); 134 if (!set.add(ta)) { 135 throw new RuntimeException("Could not create trust anchor set"); 136 } 137 return set; 138 } 139 140 /** 141 * Creates test <code>KeyStore</code> instance 142 * 143 * @param initialize 144 * Do not initialize returned <code>KeyStore</code> if false 145 * 146 * @param testKeyStoreType 147 * this parameter ignored if <code>initialize</code> is false; 148 * The following types supported:<br> 149 * 1 - <code>KeyStore</code> with untrusted certificates only<br> 150 * 2 - <code>KeyStore</code> with trusted certificates only<br> 151 * 3 - <code>KeyStore</code> with both trusted and untrusted certificates 152 * 153 * @return Returns test <code>KeyStore</code> instance 154 */ 155 public static KeyStore getKeyStore(boolean initialize, 156 int testKeyStoreType) { 157 BufferedInputStream bis = null; 158 try { 159 KeyStore ks = KeyStore.getInstance(keyStoreType); 160 if (initialize) { 161 String fileName = keyStoreFileName + testKeyStoreType; 162 ks.load(Support_Resources.getResourceStream(fileName), 163 storepass); 164 } 165 return ks; 166 } catch (Exception e) { 167 throw new RuntimeException(e); 168 } finally { 169 if (initialize && bis != null) { 170 try { 171 bis.close(); 172 } catch (IOException ign) {} 173 } 174 } 175 } 176 177 /** 178 * Creates <code>List</code> of <code>CollectionCertStores</code> 179 * 180 * @return The list created 181 * 182 * @throws InvalidAlgorithmParameterException 183 * @throws NoSuchAlgorithmException 184 */ 185 public static List<CertStore> getCollectionCertStoresList() 186 throws InvalidAlgorithmParameterException, 187 NoSuchAlgorithmException { 188 CertStore cs = CertStore.getInstance("Collection", 189 new CollectionCertStoreParameters()); 190 ArrayList<CertStore> l = new ArrayList<CertStore>(); 191 if (!l.add(cs)) { 192 throw new RuntimeException("Could not create cert stores list"); 193 } 194 return l; 195 } 196 197 /** 198 * Creates stub implementation of the <code>PKIXCertPathChecker</code> 199 * 200 * @return Stub implementation of the <code>PKIXCertPathChecker</code> 201 */ 202 public static PKIXCertPathChecker getTestCertPathChecker() { 203 // stub implementation for testing purposes only 204 return new PKIXCertPathChecker() { 205 private boolean forward = false; 206 207 208 @SuppressWarnings({"unused", "unchecked"}) 209 public void check(Certificate arg0, Collection arg1) 210 throws CertPathValidatorException { 211 } 212 213 public Set<String> getSupportedExtensions() { 214 return null; 215 } 216 217 @SuppressWarnings("unused") 218 public void init(boolean arg0) throws CertPathValidatorException { 219 forward = arg0; 220 } 221 222 public boolean isForwardCheckingSupported() { 223 // just to check this checker state 224 return forward; 225 } 226 }; 227 } 228 229 /** 230 * Creates policy tree stub containing two <code>PolicyNode</code>s 231 * for testing purposes 232 * 233 * @return root <code>PolicyNode</code> of the policy tree 234 */ 235 public static PolicyNode getPolicyTree() { 236 return new PolicyNode() { 237 final PolicyNode parent = this; 238 public int getDepth() { 239 // parent 240 return 0; 241 } 242 243 public boolean isCritical() { 244 return false; 245 } 246 247 public String getValidPolicy() { 248 return null; 249 } 250 251 public PolicyNode getParent() { 252 return null; 253 } 254 255 public Iterator<PolicyNode> getChildren() { 256 PolicyNode child = new PolicyNode() { 257 public int getDepth() { 258 // child 259 return 1; 260 } 261 262 public boolean isCritical() { 263 return false; 264 } 265 266 public String getValidPolicy() { 267 return null; 268 } 269 270 public PolicyNode getParent() { 271 return parent; 272 } 273 274 public Iterator<PolicyNode> getChildren() { 275 return null; 276 } 277 278 public Set<String> getExpectedPolicies() { 279 return null; 280 } 281 282 public Set<? extends PolicyQualifierInfo> getPolicyQualifiers() { 283 return null; 284 } 285 }; 286 HashSet<PolicyNode> s = new HashSet<PolicyNode>(); 287 s.add(child); 288 return s.iterator(); 289 } 290 291 public Set<String> getExpectedPolicies() { 292 return null; 293 } 294 295 public Set<? extends PolicyQualifierInfo> getPolicyQualifiers() { 296 return null; 297 } 298 }; 299 } 300 // X.509 encoded certificate 301 private static final String ENCODED_X509_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n" 302 + "MIIDHTCCAtsCBEFT72swCwYHKoZIzjgEAwUAMHQxCzAJBgNVBAYTAlJVMQwwCgYDVQQIEwNOU08x\n" 303 + "FDASBgNVBAcTC05vdm9zaWJpcnNrMQ4wDAYDVQQKEwVJbnRlbDEVMBMGA1UECxMMRFJMIFNlY3Vy\n" 304 + "aXR5MRowGAYDVQQDExFWbGFkaW1pciBNb2xvdGtvdjAeFw0wNDA5MjQwOTU2NTlaFw0wNjA1MTcw\n" 305 + "OTU2NTlaMHQxCzAJBgNVBAYTAlJVMQwwCgYDVQQIEwNOU08xFDASBgNVBAcTC05vdm9zaWJpcnNr\n" 306 + "MQ4wDAYDVQQKEwVJbnRlbDEVMBMGA1UECxMMRFJMIFNlY3VyaXR5MRowGAYDVQQDExFWbGFkaW1p\n" 307 + "ciBNb2xvdGtvdjCCAbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3Ujzv\n" 308 + "RADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7\n" 309 + "qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8V\n" 310 + "IwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrU\n" 311 + "WU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEk\n" 312 + "O8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDiNmj9jgWu1ILYqYWcUhNN\n" 313 + "8CjjRitf80yWP/s/565wZz3anb2w72jum63mdShDko9eOOOd1hiVuiBnNhSL7D6JfIYBJvNXr1av\n" 314 + "Gw583BBv12OBgg0eAW/GRWBn2Ak2JjsoBc5x2c1HAEufakep7T6RoC+n3lqbKPKyHWVdfqQ9KTAL\n" 315 + "BgcqhkjOOAQDBQADLwAwLAIUaRS3C9dXcMbrOAhmidFBr7oMvH0CFEC3LUwfLJX5gY8P6uxpkPx3\n" 316 + "JDSM\n" + "-----END CERTIFICATE-----\n"; 317 318 public static byte[] getEncodedX509Certificate() { 319 return ENCODED_X509_CERTIFICATE.getBytes(); 320 } 321 322 /** 323 * Returns X.509 certificate encoding corresponding to version v1. 324 * 325 * Certificate encoding was created by hands according to X.509 Certificate 326 * ASN.1 notation. The certificate encoding has the following encoded 327 * field values:<br> 328 * - version: 1<br> 329 * - serialNumber: 5<br> 330 * - issuer: CN=Z<br> 331 * - notBefore: 13 Dec 1999 14:15:16<br> 332 * - notAfter: 01 Jan 2000 00:00:00<br> 333 * - subject: CN=Y<br> 334 * 335 * @return X.509 certificate encoding corresponding to version v1. 336 */ 337 public static byte[] getX509Certificate_v1() { 338 return new byte[] { 339 // Certificate: SEQUENCE 340 0x30, 0x6B, 341 342 // 343 // TBSCertificate: SEQUENCE { 344 // 345 0x30, 0x5C, 346 347 // version: [0] EXPLICIT Version DEFAULT v1 348 (byte) 0xA0, 0x03, 0x02, 0x01, 0x00, 349 350 // serialNumber: CertificateSerialNumber 351 0x02, 0x01, 0x05, 352 353 // signature: AlgorithmIdentifier 354 0x30, 0x07, // SEQUENCE 355 0x06, 0x02, 0x03, 0x05,//OID 356 0x01, 0x01, 0x07, //ANY 357 358 //issuer: Name 359 0x30, 0x0C, 0x31, 0x0A, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 360 0x13, 0x01, 0x5A, // CN=Z 361 362 //validity: Validity 363 0x30, 0x1E, // SEQUENCE 364 // notBefore: UTCTime 365 0x17, 0x0D, 0x39, 0x39, 0x31, 0x32, 0x31, 0x33, 0x31, 0x34, 0x31, 366 0x35, 0x31, 0x36, 0x5A, // 13 Dec 1999 14:15:16 367 // notAfter: UTCTime 368 0x17, 0x0D, 0x30, 0x30, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 369 0x30, 0x30, 0x30, 0x5A, // 01 Jan 2000 00:00:00 370 371 //subject: Name 372 0x30, 0x0C, 0x31, 0x0A, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 373 0x13, 0x01, 0x59, // CN=Y 374 //SubjectPublicKeyInfo ::= SEQUENCE { 375 // algorithm AlgorithmIdentifier, 376 // subjectPublicKey BIT STRING } 377 0x30, 0x0D, // SEQUENCE 378 0x30, 0x07, // SEQUENCE 379 0x06, 0x02, 0x03, 0x05,//OID 380 0x01, 0x01, 0x07, //ANY 381 0x03, 0x02, 0x00, 0x01, // subjectPublicKey 382 383 // issuerUniqueID - missed 384 // subjectUniqueID - missed 385 // extensions - missed 386 387 // } end TBSCertificate 388 389 // 390 // signatureAlgorithm: AlgorithmIdentifier 391 // 392 0x30, 0x07, // SEQUENCE 393 0x06, 0x02, 0x03, 0x05,//OID 394 0x01, 0x01, 0x07, //ANY 395 396 // 397 // signature: BIT STRING 398 // 399 0x03, 0x02, 0x00, 0x01 }; 400 } 401 402 /** 403 * Returns X.509 certificate encoding corresponding to version v3. 404 * 405 * Certificate encoding was created by hands according to X.509 Certificate 406 * ASN.1 notation. The certificate encoding has the following encoded 407 * field values:<br> 408 * - version: 3<br> 409 * - serialNumber: 5<br> 410 * - issuer: CN=Z<br> 411 * - notBefore: 13 Dec 1999 14:15:16<br> 412 * - notAfter: 01 Jan 2000 00:00:00<br> 413 * - subject: CN=Y<br> 414 * - extensions: 415 * 1) AuthorityKeyIdentifier(OID=2.5.29.35): no values in it(empty sequence) 416 * 417 * @return X.509 certificate encoding corresponding to version v3. 418 */ 419 public static byte[] getX509Certificate_v3() { 420 return new byte[] { 421 // Certificate: SEQUENCE 422 0x30, 0x7D, 423 424 // 425 // TBSCertificate: SEQUENCE { 426 // 427 0x30, 0x6E, 428 429 // version: [0] EXPLICIT Version DEFAULT v1 430 (byte) 0xA0, 0x03, 0x02, 0x01, 0x02, 431 432 // serialNumber: CertificateSerialNumber 433 0x02, 0x01, 0x05, 434 435 // signature: AlgorithmIdentifier 436 0x30, 0x07, // SEQUENCE 437 0x06, 0x02, 0x03, 0x05,//OID 438 0x01, 0x01, 0x07, //ANY 439 440 //issuer: Name 441 0x30, 0x0C, 0x31, 0x0A, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 442 0x13, 0x01, 0x5A, // CN=Z 443 444 //validity: Validity 445 0x30, 0x1E, // SEQUENCE 446 // notBefore: UTCTime 447 0x17, 0x0D, 0x39, 0x39, 0x31, 0x32, 0x31, 0x33, 0x31, 0x34, 0x31, 448 0x35, 0x31, 0x36, 0x5A, // 13 Dec 1999 14:15:16 449 // notAfter: UTCTime 450 0x17, 0x0D, 0x30, 0x30, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 451 0x30, 0x30, 0x30, 0x5A, // 01 Jan 2000 00:00:00 452 453 //subject: Name 454 0x30, 0x0C, 0x31, 0x0A, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 455 0x13, 0x01, 0x59, // CN=Y 456 //SubjectPublicKeyInfo ::= SEQUENCE { 457 // algorithm AlgorithmIdentifier, 458 // subjectPublicKey BIT STRING } 459 0x30, 0x0D, // SEQUENCE 460 0x30, 0x07, // SEQUENCE 461 0x06, 0x02, 0x03, 0x05,//OID 462 0x01, 0x01, 0x07, //ANY 463 0x03, 0x02, 0x00, 0x01, // subjectPublicKey 464 465 // issuerUniqueID - missed 466 // subjectUniqueID - missed 467 // extensions : [3] EXPLICIT Extensions OPTIONAL 468 (byte) 0xA3, 0x10, 469 // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 470 0x30, 0x0E, 471 // Extension ::= SEQUENCE { 472 // extnID OBJECT IDENTIFIER, 473 // critical BOOLEAN DEFAULT FALSE, 474 // extnValue OCTET STRING } 475 476 // 1) AuthorityKeyIdentifier extension (see HARMONY-3384) 477 0x30, 0x0C, 478 0x06, 0x03, 0x55, 0x1D, 0x23, // OID = 2.5.29.35 479 0x01, 0x01, 0x00, // critical = FALSE 480 0x04, 0x02, 0x30, 0x00, // extnValue: MUST be empty sequence 481 // missed: keyIdentifier 482 // missed: authorityCertIssuer 483 // missed" authorityCertSerialNumber 484 485 // } end TBSCertificate 486 487 // 488 // signatureAlgorithm: AlgorithmIdentifier 489 // 490 0x30, 0x07, // SEQUENCE 491 0x06, 0x02, 0x03, 0x05,//OID 492 0x01, 0x01, 0x07, //ANY 493 494 // 495 // signature: BIT STRING 496 // 497 0x03, 0x02, 0x00, 0x01 }; 498 } 499 500 /** 501 * Returns X.509 CRL encoding corresponding to version v1. 502 * 503 * CRL encoding was created by hands according to X.509 CRL ASN.1 504 * notation. The CRL encoding has the following encoded field values:<br> 505 * - version: 1<br> 506 * - issuer: CN=Z<br> 507 * - thisUpdate: 01 Jan 2001 01:02:03<br> 508 * 509 * @return X.509 CRL encoding corresponding to version v1. 510 */ 511 public static byte[] getX509CRL_v1() { 512 return new byte[] { 513 //CertificateList: SEQUENCE 514 0x30, 0x35, 515 516 // TBSCertList: SEQUENCE 517 0x30, 0x27, 518 // Version: INTEGER OPTIONAL 519 // 0x02, 0x01, 0x01, - missed here cause it is v1 520 // signature: AlgorithmIdentifier 521 0x30, 0x06, // SEQUENCE 522 0x06, 0x01, 0x01, // OID 523 0x01, 0x01, 0x11, // ANY 524 // issuer: Name 525 0x30, 0x0C, 0x31, 0x0A, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 526 0x03, 0x13, 0x01, 0x5A, // CN=Z 527 // thisUpdate: ChoiceOfTime 528 // GeneralizedTime: 01 Jan 2001 01:02:03 529 0x18, 0x0F, 0x32, 0x30, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 530 0x30, 0x31, 0x30, 0x32, 0x30, 0x33, 0x5A, 531 532 // nextUpdate - missed 533 // revokedCertificates - missed 534 // crlExtensions - missed 535 536 // signatureAlgorithm: AlgorithmIdentifier 537 0x30, 0x06, // SEQUENCE 538 0x06, 0x01, 0x01, //OID 539 0x01, 0x01, 0x11, //ANY 540 // signature: BIT STRING 541 0x03, 0x02, 0x00, 0x01 }; 542 } 543 //-------------------------------------------------------------------------- 544 545 // Second example 546 /** 547 * Certificate: 548 * <pre> 549 Data: 550 Version: 3 (0x2) 551 Serial Number: 0 (0x0) 552 Signature Algorithm: sha1WithRSAEncryption 553 Issuer: C=AN, ST=Android, O=Android, OU=Android, CN=Android/emailAddress=android 554 Validity 555 Not Before: Dec 9 16:35:30 2008 GMT 556 Not After : Dec 9 16:35:30 2011 GMT 557 Subject: C=AN, ST=Android, O=Android, OU=Android, CN=Android/emailAddress=android 558 Subject Public Key Info: 559 Public Key Algorithm: rsaEncryption 560 RSA Public Key: (1024 bit) 561 Modulus (1024 bit): 562 00:c5:fb:5e:68:37:82:1d:58:ed:cb:31:8c:08:7f: 563 51:31:4c:68:40:8c:4d:07:a1:0e:18:36:02:6b:89: 564 92:c1:cf:88:1e:cf:00:22:00:8c:37:e8:6a:76:94: 565 71:53:81:78:e1:48:94:fa:16:61:93:eb:a0:ee:62: 566 9d:6a:d2:2c:b8:77:9d:c9:36:d5:d9:1c:eb:26:3c: 567 43:66:4d:7b:1c:1d:c7:a1:37:66:e2:84:54:d3:ed: 568 21:dd:01:1c:ec:9b:0c:1e:35:e9:37:15:9d:2b:78: 569 a8:3b:11:3a:ee:c2:de:55:44:4c:bd:40:8d:e5:52: 570 b0:fc:53:33:73:4a:e5:d0:df 571 Exponent: 65537 (0x10001) 572 X509v3 extensions: 573 X509v3 Subject Key Identifier: 574 4B:E3:22:14:AD:0A:14:46:B7:52:31:8B:AB:9E:5A:62:F3:98:37:80 575 X509v3 Authority Key Identifier: 576 keyid:4B:E3:22:14:AD:0A:14:46:B7:52:31:8B:AB:9E:5A:62:F3:98:37:80 577 DirName:/C=AN/ST=Android/O=Android/OU=Android/CN=Android/emailAddress=android 578 serial:00 579 580 X509v3 Basic Constraints: 581 CA:TRUE 582 Signature Algorithm: sha1WithRSAEncryption 583 72:4f:12:8a:4e:61:b2:9a:ba:58:17:0b:55:96:f5:66:1c:a8: 584 ba:d1:0f:8b:9b:2d:ab:a8:00:ac:7f:99:7d:f6:0f:d7:85:eb: 585 75:4b:e5:42:37:71:46:b1:4a:b0:1b:17:e4:f9:7c:9f:bd:20: 586 75:35:9f:27:8e:07:95:e8:34:bd:ab:e4:10:5f:a3:7b:4c:56: 587 69:d4:d0:f1:e9:74:15:2d:7f:77:f0:38:77:eb:8a:99:f3:a9: 588 88:f0:63:58:07:b9:5a:61:f8:ff:11:e7:06:a1:d1:f8:85:fb: 589 99:1c:f5:cb:77:86:36:cd:43:37:99:09:c2:9a:d8:f2:28:05: 590 06:0c 591 592 * </pre> 593 */ 594 public static final String rootCert = "-----BEGIN CERTIFICATE-----\n" + 595 "MIIDGzCCAoSgAwIBAgIBADANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJBTjEQ\n" + 596 "MA4GA1UECBMHQW5kcm9pZDEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5k\n" + 597 "cm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEWMBQGCSqGSIb3DQEJARYHYW5kcm9pZDAe\n" + 598 "Fw0wODEyMDkxNjM1MzBaFw0xMTEyMDkxNjM1MzBaMG0xCzAJBgNVBAYTAkFOMRAw\n" + 599 "DgYDVQQIEwdBbmRyb2lkMRAwDgYDVQQKEwdBbmRyb2lkMRAwDgYDVQQLEwdBbmRy\n" + 600 "b2lkMRAwDgYDVQQDEwdBbmRyb2lkMRYwFAYJKoZIhvcNAQkBFgdhbmRyb2lkMIGf\n" + 601 "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+15oN4IdWO3LMYwIf1ExTGhAjE0H\n" + 602 "oQ4YNgJriZLBz4gezwAiAIw36Gp2lHFTgXjhSJT6FmGT66DuYp1q0iy4d53JNtXZ\n" + 603 "HOsmPENmTXscHcehN2bihFTT7SHdARzsmwweNek3FZ0reKg7ETruwt5VREy9QI3l\n" + 604 "UrD8UzNzSuXQ3wIDAQABo4HKMIHHMB0GA1UdDgQWBBRL4yIUrQoURrdSMYurnlpi\n" + 605 "85g3gDCBlwYDVR0jBIGPMIGMgBRL4yIUrQoURrdSMYurnlpi85g3gKFxpG8wbTEL\n" + 606 "MAkGA1UEBhMCQU4xEDAOBgNVBAgTB0FuZHJvaWQxEDAOBgNVBAoTB0FuZHJvaWQx\n" + 607 "EDAOBgNVBAsTB0FuZHJvaWQxEDAOBgNVBAMTB0FuZHJvaWQxFjAUBgkqhkiG9w0B\n" + 608 "CQEWB2FuZHJvaWSCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBy\n" + 609 "TxKKTmGymrpYFwtVlvVmHKi60Q+Lmy2rqACsf5l99g/Xhet1S+VCN3FGsUqwGxfk\n" + 610 "+XyfvSB1NZ8njgeV6DS9q+QQX6N7TFZp1NDx6XQVLX938Dh364qZ86mI8GNYB7la\n" + 611 "Yfj/EecGodH4hfuZHPXLd4Y2zUM3mQnCmtjyKAUGDA==\n" + 612 "-----END CERTIFICATE-----"; 613 614 public static final String rootPrivateKey = 615 "-----BEGIN RSA PRIVATE KEY-----\n" + 616 "Proc-Type: 4,ENCRYPTED\n" + 617 "DEK-Info: DES-EDE3-CBC,D9682F66FDA316E5\n" + 618 "\n" + 619 "8lGaQPlUZ/iHhdldB//xfNUrZ3RAkBthzKg+n9HBJsjztXXAZ40NGYZmgvpgnfmr\n" + 620 "7ZJxHxYHFc3GAmBBk9v+/dA8E5yWJa71roffWMQUuFNfGzHhGTOxvNC04W7yAajs\n" + 621 "CPuyI+xnAAo73F7NVTiqX3NVgu4bB8RVxJyToMe4M289oh93YvxWQ4buVTf0ErJ8\n" + 622 "Yc8+0ugpfXjGfRhL36qj6B1CcV7NMdXAVExrGlTf0TWT9wVbiROk4XaoaFuWh17h\n" + 623 "11NEDjsKQ8T4M9kRdC+tKfST8sLik1Pq6jRLIKeX8GQd7tV1IWVZ3KcQBJwu9zLq\n" + 624 "Hi0GTSF7IWCdwXjDyniMQiSbkmHNP+OnVyhaqew5Ooh0uOEQq/KWFewXg7B3VMr0\n" + 625 "l6U8sBX9ODGeW0wVdNopvl17udCkV0xm3S+MRZDnZiTlAXwKx/a/gyf5R5XYp3S0\n" + 626 "0eqrfy2o6Ax4hRkwcNJ2KMeLQNIiYYWKABQj5/i4TYZV6npCIXOnQEkXa9DmqyUE\n" + 627 "qB7eFj5FcXeqQ8ERmsLveWArsLDn2NNPdv5EaKIs2lrvwoKYeYF7hrKNpifq+QqS\n" + 628 "u1kN+KHjibcF42EAUozNVmkHsW8VqlywAs4MsMwxU0D57cVGWycuSedraKhc0D6j\n" + 629 "a4pQOWWY3ZMLoAA1ZmHG9cjDPqcJt0rqk5AhSBRmGVUccfkP7dk9KyJQizro87LI\n" + 630 "u7zWwMIqTfmlhyfAP0AWjrt/bMN9heGByVA55xkyCdSEVaC5gsIfmGpNy4u+wbZ9\n" + 631 "rSWVuTfAbjW0n0FW+CDS1LgdjXNkeAP2Uvc1QgVRCPdA23WniLFFJQ==\n" + 632 "-----END RSA PRIVATE KEY-----"; 633 634 /** 635 * Certificate: 636 * <pre> 637 Data: 638 Version: 3 (0x2) 639 Serial Number: 1 (0x1) 640 Signature Algorithm: sha1WithRSAEncryption 641 Issuer: C=AN, ST=Android, O=Android, OU=Android, CN=Android/emailAddress=android 642 Validity 643 Not Before: Dec 9 16:40:35 2008 GMT 644 Not After : Dec 9 16:40:35 2009 GMT 645 Subject: C=AN, ST=Android, L=Android, O=Android, OU=Android, CN=Android Certificate/emailAddress=android 646 Subject Public Key Info: 647 Public Key Algorithm: rsaEncryption 648 RSA Public Key: (1024 bit) 649 Modulus (1024 bit): 650 00:b8:e3:de:c7:a9:40:47:2c:2a:6f:f5:2a:f4:cd: 651 f2:2d:40:fa:15:3f:1c:37:66:73:a5:67:4d:5b:a0: 652 b6:b1:dd:dc:bf:01:c7:e2:c1:48:1a:8f:1c:ce:ec: 653 b0:a2:55:29:9a:1b:3a:6e:cc:7b:d7:65:ae:0b:05: 654 34:03:8a:af:db:f0:dc:01:80:92:03:b4:13:e5:d6: 655 fd:79:66:7f:c3:1a:62:d5:5e:3d:c0:19:a4:42:15: 656 47:19:e6:f0:c8:b7:e2:7b:82:a2:c7:3d:df:ac:8c: 657 d5:bc:39:b8:e5:93:ac:3f:af:30:b7:cc:00:a8:00: 658 f3:38:23:b0:97:0e:92:b1:1b 659 Exponent: 65537 (0x10001) 660 X509v3 extensions: 661 X509v3 Basic Constraints: 662 CA:FALSE 663 Netscape Comment: 664 OpenSSL Generated Certificate 665 X509v3 Subject Key Identifier: 666 88:4D:EC:16:26:A7:76:F5:26:43:BC:34:99:DF:D5:EA:7B:F8:5F:DE 667 X509v3 Authority Key Identifier: 668 keyid:4B:E3:22:14:AD:0A:14:46:B7:52:31:8B:AB:9E:5A:62:F3:98:37:80 669 670 Signature Algorithm: sha1WithRSAEncryption 671 55:73:95:e6:4c:40:fc:fd:52:8a:5f:83:15:49:73:ca:f3:d8: 672 5f:bb:d6:f5:2e:90:e6:7f:c3:7d:4d:27:d3:45:c6:53:9b:aa: 673 e3:32:99:40:b3:a9:d3:14:7d:d5:e6:a7:70:95:30:6e:dc:8c: 674 7b:48:e1:98:d1:65:7a:eb:bf:b0:5c:cd:c2:eb:31:5e:b6:e9: 675 df:56:95:bc:eb:79:74:27:5b:6d:c8:55:63:09:d3:f9:e2:40: 676 ba:b4:a2:c7:2c:cb:b1:3a:c2:d8:0c:21:31:ee:68:7e:97:ce: 677 98:22:2e:c6:cf:f0:1a:11:04:ca:9a:06:de:98:48:85:ac:6c: 678 6f:98 679 * </pre> 680 */ 681 public static final String endCert = 682 "-----BEGIN CERTIFICATE-----\n" + 683 "MIIC6jCCAlOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJBTjEQ\n" + 684 "MA4GA1UECBMHQW5kcm9pZDEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5k\n" + 685 "cm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEWMBQGCSqGSIb3DQEJARYHYW5kcm9pZDAe\n" + 686 "Fw0wODEyMDkxNjQwMzVaFw0wOTEyMDkxNjQwMzVaMIGLMQswCQYDVQQGEwJBTjEQ\n" + 687 "MA4GA1UECBMHQW5kcm9pZDEQMA4GA1UEBxMHQW5kcm9pZDEQMA4GA1UEChMHQW5k\n" + 688 "cm9pZDEQMA4GA1UECxMHQW5kcm9pZDEcMBoGA1UEAxMTQW5kcm9pZCBDZXJ0aWZp\n" + 689 "Y2F0ZTEWMBQGCSqGSIb3DQEJARYHYW5kcm9pZDCBnzANBgkqhkiG9w0BAQEFAAOB\n" + 690 "jQAwgYkCgYEAuOPex6lARywqb/Uq9M3yLUD6FT8cN2ZzpWdNW6C2sd3cvwHH4sFI\n" + 691 "Go8czuywolUpmhs6bsx712WuCwU0A4qv2/DcAYCSA7QT5db9eWZ/wxpi1V49wBmk\n" + 692 "QhVHGebwyLfie4Kixz3frIzVvDm45ZOsP68wt8wAqADzOCOwlw6SsRsCAwEAAaN7\n" + 693 "MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg\n" + 694 "Q2VydGlmaWNhdGUwHQYDVR0OBBYEFIhN7BYmp3b1JkO8NJnf1ep7+F/eMB8GA1Ud\n" + 695 "IwQYMBaAFEvjIhStChRGt1Ixi6ueWmLzmDeAMA0GCSqGSIb3DQEBBQUAA4GBAFVz\n" + 696 "leZMQPz9UopfgxVJc8rz2F+71vUukOZ/w31NJ9NFxlObquMymUCzqdMUfdXmp3CV\n" + 697 "MG7cjHtI4ZjRZXrrv7BczcLrMV626d9WlbzreXQnW23IVWMJ0/niQLq0oscsy7E6\n" + 698 "wtgMITHuaH6XzpgiLsbP8BoRBMqaBt6YSIWsbG+Y\n" + 699 "-----END CERTIFICATE-----"; 700 701 public static final String endPrivateKey = 702 "-----BEGIN RSA PRIVATE KEY-----\n" + 703 "Proc-Type: 4,ENCRYPTED\n" + 704 "DEK-Info: DES-EDE3-CBC,E20AAB000D1D90B1\n" + 705 "\n" + 706 "cWrCb6eHuwb6/gnbX12Va47qSpFW0j99Lq2eEj0fqLdlwA6+KvD3/U+Nj4ldaAQ4\n" + 707 "rYryQv0MJu/kT9z/mJbBI4NwunX/9vXttyuh8s07sv8AqdHCylYR9miz61Q0LkLR\n" + 708 "9H9D8NWMgMnuVhlj+NUXlkF+Jfriu5xkIqeYDhN8c3/AMawQoNdW/pWmgz0BfFIP\n" + 709 "DUxszfXHx5mfSMoRdC2YZGlFdsONSO7s14Ayz8+pKD0PzSARXtTEJ5+mELCnhFsw\n" + 710 "R7zYYwD+9WjL702bjYQxwRS5Sk1Z/VAxLFfjdtlUFSi6VLGIG+jUnM1RF91KtJY1\n" + 711 "bJOQrlHw9/wyH75y9sXUrVpil4qH9shILHgu4A0VaL7IpIFjWS9vPY7SvwqRlbk7\n" + 712 "QPhxoIpiNzjzjEa7PG6nSqy8mRzJP0OLWzRUoMWJn6ntf+oj7CzaaIgFrrwRGOCQ\n" + 713 "BYibTTMZ/paxKDvZ9Lcl8a6uRvi2II2/F63bPcTcILsKDsBdQp93Evanw1QKXdGi\n" + 714 "jb4b0Y1LYZM0jl7z2TSBZ27HyHKp4jMQP9q9mujEKInjzSB+gsRGfP6++OilrR2U\n" + 715 "Y7kN2o/ufnPHltel0pUWOHr45IyK8zowgXWtKVl9U+VRwr2thGbdqkRGk55KjJK4\n" + 716 "Q+OfwvIKHgvn/4cN/BGIA/52eyY//bTFk6ePGY2vlQK4mvB7MeSxtxoCGxdCYQru\n" + 717 "wI28rOHyQ1cdx141yxlKVSIcxBVZHm8sfh9PHeKMKuaOgc8kfx+Qh8IghFHyJ+yg\n" + 718 "PboNF9/PiM/glaaBzY2OKTYQKY6LiTetZiI6RdLE7Y+SFwG7Wwo5dg==\n" + 719 "-----END RSA PRIVATE KEY-----"; 720 721 /** 722 * a self signed certificate 723 */ 724 public static X509Certificate rootCertificateSS; 725 726 public static X509Certificate endCertificate; 727 728 public static MyCRL crl; 729 730 public static X509CertSelector theCertSelector; 731 732 public static CertPathBuilder builder; 733 private static CertStore store; 734 735 public static void initCertPathSSCertChain() throws CertificateException, 736 InvalidAlgorithmParameterException, NoSuchAlgorithmException, 737 IOException { 738 // create certificates and CRLs 739 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 740 ByteArrayInputStream bi = new ByteArrayInputStream(rootCert.getBytes()); 741 rootCertificateSS = (X509Certificate) cf.generateCertificate(bi); 742 bi = new ByteArrayInputStream(endCert.getBytes()); 743 endCertificate = (X509Certificate) cf.generateCertificate(bi); 744 745 BigInteger revokedSerialNumber = BigInteger.valueOf(1); 746 crl = new MyCRL("X.509"); 747// X509CRL rootCRL = X509CRL; 748// X509CRL interCRL = X509CRLExample.createCRL(interCert, interPair 749// .getPrivate(), revokedSerialNumber); 750 751 // create CertStore to support path building 752 List<Object> list = new ArrayList<Object>(); 753 754 list.add(rootCertificateSS); 755 list.add(endCertificate); 756 757 CollectionCertStoreParameters params = new CollectionCertStoreParameters( 758 list); 759 store = CertStore.getInstance("Collection", params); 760 761 theCertSelector = new X509CertSelector(); 762 theCertSelector.setCertificate(endCertificate); 763 theCertSelector.setIssuer(endCertificate.getIssuerX500Principal() 764 .getEncoded()); 765 766 // build the path 767 builder = CertPathBuilder.getInstance("PKIX"); 768 769 } 770 771 public static CertPathBuilder getCertPathBuilder() { 772 if (builder == null) { 773 throw new RuntimeException( 774 "Call initCertPathSSCertChain prior to buildCertPath"); 775 } 776 return builder; 777 } 778 779 public static CertPath buildCertPathSSCertChain() 780 throws InvalidAlgorithmParameterException { 781 782 CertPathBuilderResult result; 783 CertPathParameters buildParams = getCertPathParameters(); 784 try { 785 result = builder.build(buildParams); 786 } catch (CertPathBuilderException e) { 787 return null; 788 } 789 return result.getCertPath(); 790 } 791 792 public static CertPathParameters getCertPathParameters() 793 throws InvalidAlgorithmParameterException { 794 if ((rootCertificateSS == null) || (theCertSelector == null) 795 || (builder == null)) { 796 throw new RuntimeException( 797 "Call initCertPathSSCertChain prior to buildCertPath"); 798 } 799 PKIXCertPathBuilderResult result = null; 800 PKIXBuilderParameters buildParams = new PKIXBuilderParameters( 801 Collections.singleton(new TrustAnchor(rootCertificateSS, null)), 802 theCertSelector); 803 804 buildParams.addCertStore(store); 805 buildParams.setRevocationEnabled(false); 806 807 return buildParams; 808 809 } 810} 811