19ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root/* 29ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * Copyright (C) 2012 The Android Open Source Project 39ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * 49ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * Licensed under the Apache License, Version 2.0 (the "License"); 59ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * you may not use this file except in compliance with the License. 69ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * You may obtain a copy of the License at 79ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * 89ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * http://www.apache.org/licenses/LICENSE-2.0 99ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * 109ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * Unless required by applicable law or agreed to in writing, software 119ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * distributed under the License is distributed on an "AS IS" BASIS, 129ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 139ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * See the License for the specific language governing permissions and 149ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * limitations under the License. 159ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root */ 169ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 179ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootpackage libcore.java.security.cert; 189ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 199ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport tests.support.resource.Support_Resources; 209ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 219ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.io.BufferedInputStream; 229ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.io.BufferedReader; 23309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Rootimport java.io.ByteArrayInputStream; 249ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.io.ByteArrayOutputStream; 259ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.io.DataInputStream; 269ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.io.IOException; 279ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.io.InputStream; 289ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.io.InputStreamReader; 29eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Rootimport java.io.ObjectInputStream; 30eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Rootimport java.io.ObjectOutputStream; 319ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.io.PrintStream; 329ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.math.BigInteger; 339ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.KeyFactory; 349ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.KeyPair; 359ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.KeyPairGenerator; 369ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.Principal; 379ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.Provider; 389ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.PublicKey; 399ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.Security; 409ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.SignatureException; 41309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Rootimport java.security.cert.Certificate; 42309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Rootimport java.security.cert.CertificateException; 439ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.cert.CertificateExpiredException; 449ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.cert.CertificateFactory; 459ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.cert.CertificateNotYetValidException; 469ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.cert.CertificateParsingException; 479ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.cert.X509Certificate; 489ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.security.spec.X509EncodedKeySpec; 499ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.text.SimpleDateFormat; 50dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Rootimport java.util.ArrayList; 519ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.util.Arrays; 529ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.util.Calendar; 539ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.util.Collection; 549ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.util.Date; 559ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.util.HashSet; 569ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.util.List; 579ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.util.Locale; 589ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport java.util.Set; 599ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 609ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport javax.security.auth.x500.X500Principal; 619ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 629ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport junit.framework.TestCase; 639ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootimport libcore.java.security.StandardNames; 649ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 659ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Rootpublic class X509CertificateTest extends TestCase { 669ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private Provider[] mX509Providers; 679ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 689ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_RSA = "x509/cert-rsa.der"; 699ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 709ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_DSA = "x509/cert-dsa.der"; 719ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 729ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_EC = "x509/cert-ec.der"; 739ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 749ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_KEYUSAGE_EXTRALONG = "x509/cert-keyUsage-extraLong.der"; 759ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 769ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_EXTENDEDKEYUSAGE = "x509/cert-extendedKeyUsage.der"; 779ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 789ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private final static String CERT_RSA_TBS = "x509/cert-rsa-tbs.der"; 799ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 809ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private final static String CERT_RSA_SIGNATURE = "x509/cert-rsa-sig.der"; 819ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 829ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_USERWITHPATHLEN = "x509/cert-userWithPathLen.der"; 839ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 849ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_CA = "x509/cert-ca.der"; 859ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 869ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_CAWITHPATHLEN = "x509/cert-caWithPathLen.der"; 879ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 889ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_INVALIDIP = "x509/cert-invalidip.der"; 899ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 909ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_IPV6 = "x509/cert-ipv6.der"; 919ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 929ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_ALT_OTHER = "x509/cert-alt-other.der"; 939ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 949ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_ALT_EMAIL = "x509/cert-alt-email.der"; 959ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 969ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_ALT_DNS = "x509/cert-alt-dns.der"; 979ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 989ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_ALT_DIRNAME = "x509/cert-alt-dirname.der"; 999ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 1009ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_ALT_URI = "x509/cert-alt-uri.der"; 1019ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 1029ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_ALT_RID = "x509/cert-alt-rid.der"; 1039ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 1040d7f656d7d7bdb65531cf97d25060a426d03ae76Kenny Root private static final String CERT_ALT_NONE = "x509/cert-alt-none.der"; 1050d7f656d7d7bdb65531cf97d25060a426d03ae76Kenny Root 1069ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static final String CERT_UNSUPPORTED = "x509/cert-unsupported.der"; 1079ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 108a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root private static final String CERT_SIGOPT = "x509/cert-sigopt.der"; 109a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root 110309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root private static final String CERTS_X509_PEM = "x509/certs.pem"; 111309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root 112309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root private static final String CERTS_X509_DER = "x509/certs.der"; 113309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root 114309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root private static final String CERTS_PKCS7_PEM = "x509/certs-pk7.pem"; 115309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root 116309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root private static final String CERTS_PKCS7_DER = "x509/certs-pk7.der"; 117309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root 118eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root /** A list of certs that are all slightly different. */ 119eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root private static final String[] VARIOUS_CERTS = new String[] { 120eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root CERT_RSA, CERT_DSA, CERT_EC, 121eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root }; 122eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root 1239ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private final X509Certificate getCertificate(CertificateFactory f, String name) 1249ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root throws Exception { 1259ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final InputStream is = Support_Resources.getStream(name); 1269ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNotNull("File does not exist: " + name, is); 1279ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 1289ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root return (X509Certificate) f.generateCertificate(is); 1299ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } finally { 1309ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 1319ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root is.close(); 1329ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } catch (IOException ignored) { 1339ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 1349ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 1359ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 1369ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 137309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root private final Collection<? extends X509Certificate> getCertificates(CertificateFactory f, String name) 138309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root throws Exception { 139309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root final InputStream is = Support_Resources.getStream(name); 140309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root assertNotNull("File does not exist: " + name, is); 141309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root try { 142309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root return (Collection<? extends X509Certificate>) f.generateCertificates(is); 143309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root } finally { 144309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root try { 145309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root is.close(); 146309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root } catch (IOException ignored) { 147309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root } 148309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root } 149309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root } 150309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root 1519ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private PublicKey getRsaCertificatePublicKey() throws Exception { 1529ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final InputStream ris = Support_Resources.getStream("x509/cert-rsa-pubkey.der"); 1539ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 1549ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final int size = ris.available(); 1559ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final DataInputStream is = new DataInputStream(ris); 1569ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final byte[] keyBytes = new byte[size]; 1579ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root is.readFully(keyBytes); 1589ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 1599ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final KeyFactory kf = KeyFactory.getInstance("RSA"); 1609ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root return kf.generatePublic(new X509EncodedKeySpec(keyBytes)); 1619ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } finally { 1629ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 1639ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root ris.close(); 1649ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } catch (IOException ignored) { 1659ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 1669ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 1679ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 1689ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 1699ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private Date[] getRsaCertificateDates() throws Exception { 1709ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final InputStream ris = Support_Resources.getStream("x509/cert-rsa-dates.txt"); 1719ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 1729ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root // notBefore=Dec 26 00:19:14 2012 GMT 173e4a3071d6f5b8ef0f9d86463524491ce0091c62aNeil Fuller final SimpleDateFormat sdf = 174e4a3071d6f5b8ef0f9d86463524491ce0091c62aNeil Fuller new SimpleDateFormat("MMM dd HH:mm:ss yyyy zzz", Locale.US); 1759ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 1769ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final BufferedReader buf = new BufferedReader(new InputStreamReader(ris)); 1779ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root String line = buf.readLine(); 1789ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root int index = line.indexOf('='); 1799ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("notBefore", line.substring(0, index)); 1809ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final Date startDate = sdf.parse(line.substring(index + 1)); 1819ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 1829ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root line = buf.readLine(); 1839ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root index = line.indexOf('='); 1849ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("notAfter", line.substring(0, index)); 1859ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final Date endDate = sdf.parse(line.substring(index + 1)); 1869ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 1879ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(startDate.before(endDate)); 1889ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(endDate.after(startDate)); 1899ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 1909ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root return new Date[] { startDate, endDate }; 1919ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } finally { 1929ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 1939ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root ris.close(); 1949ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } catch (IOException ignored) { 1959ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 1969ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 1979ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 1989ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 1999ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private BigInteger getRsaCertificateSerial() throws Exception { 2009ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final InputStream ris = Support_Resources.getStream("x509/cert-rsa-serial.txt"); 2019ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 2029ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final BufferedReader buf = new BufferedReader(new InputStreamReader(ris)); 2039ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 2049ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root String line = buf.readLine(); 2059ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root int index = line.indexOf('='); 2069ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("serial", line.substring(0, index)); 2079ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 2089ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root return new BigInteger(line.substring(index + 1), 16); 2099ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } finally { 2109ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 2119ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root ris.close(); 2129ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } catch (IOException ignored) { 2139ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 2149ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 2159ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 2169ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 2179ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private byte[] getResourceAsBytes(String name) throws Exception { 2189ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final InputStream ris = Support_Resources.getStream(name); 2199ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 2209ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root DataInputStream dis = new DataInputStream(ris); 2219ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root byte[] buf = new byte[ris.available()]; 2229ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root dis.readFully(buf); 2239ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root return buf; 2249ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } finally { 2259ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 2269ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root ris.close(); 2279ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } catch (IOException ignored) { 2289ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 2299ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 2309ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 2319ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 2329ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private byte[] getRsaCertificateSignature() throws Exception { 2339ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root return getResourceAsBytes(CERT_RSA_SIGNATURE); 2349ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 2359ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 2369ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private byte[] getRsaCertificateTbs() throws Exception { 2379ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root return getResourceAsBytes(CERT_RSA_TBS); 2389ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 2399ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 2409ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root public void test_Provider() throws Exception { 2419ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final ByteArrayOutputStream errBuffer = new ByteArrayOutputStream(); 2429ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root PrintStream out = new PrintStream(errBuffer); 2439ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 2449ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root for (Provider p : mX509Providers) { 2459ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 2469ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root CertificateFactory f = CertificateFactory.getInstance("X.509", p); 2479ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getPublicKey(f); 2489ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getType(f); 2499ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root check_equals(f); 2509ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root check_toString(f); 2519ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root check_hashCode(f); 2529ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root checkValidity(f); 2539ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getVersion(f); 2549ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSerialNumber(f); 2559ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getIssuerDN(f); 2569ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getIssuerX500Principal(f); 2579ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectDN(f); 2589ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectUniqueID(f); 2599ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectX500Principal(f); 2609ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getNotBeforeAndNotAfterDates(f); 2619ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSigAlgName(f); 2629ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSigAlgOID(f); 2639ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSigAlgParams(f); 2649ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getIssuerUniqueID(f); 2659ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectUniqueID(f); 2669ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getKeyUsage(f); 2679ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getExtendedKeyUsage(f); 2689ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getBasicConstraints(f); 2699ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectAlternativeNames(f); 2709ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectAlternativeNames_IPV6(f); 2719ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectAlternativeNames_InvalidIP(f); 2729ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectAlternativeNames_Other(f); 2739ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectAlternativeNames_Email(f); 2749ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectAlternativeNames_DNS(f); 2759ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectAlternativeNames_DirName(f); 2769ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectAlternativeNames_URI(f); 2779ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSubjectAlternativeNames_RID(f); 2780d7f656d7d7bdb65531cf97d25060a426d03ae76Kenny Root getSubjectAlternativeNames_None(f); 2799ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getIssuerAlternativeNames(f); 2809ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getTBSCertificate(f); 2819ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getSignature(f); 2829ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root hasUnsupportedCriticalExtension(f); 2839ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root getEncoded(f); 2849ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root verify(f); 285e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root generateCertificate_PEM_TrailingData(f); 286e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root generateCertificate_DER_TrailingData(f); 287309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root generateCertificates_X509_PEM(f); 288309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root generateCertificates_X509_DER(f); 289309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root generateCertificates_PKCS7_PEM(f); 290309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root generateCertificates_PKCS7_DER(f); 291309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root generateCertificates_Empty(f); 292e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root generateCertificates_X509_PEM_TrailingData(f); 293e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root generateCertificates_X509_DER_TrailingData(f); 294e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root generateCertificates_PKCS7_PEM_TrailingData(f); 295e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root generateCertificates_PKCS7_DER_TrailingData(f); 296eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root test_Serialization(f); 297bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root test_UnknownUnmappedKeyOID(f); 2989ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } catch (Throwable e) { 2999ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root out.append("Error encountered checking " + p.getName() + "\n"); 3009ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root e.printStackTrace(out); 3019ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3029ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3039ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3049ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root out.flush(); 3059ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root if (errBuffer.size() > 0) { 3069ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n"); 3079ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3089ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3099ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3109ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getPublicKey(CertificateFactory f) throws Exception { 3119ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 3129ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root PublicKey expected = getRsaCertificatePublicKey(); 3139ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3149ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root PublicKey actual = c.getPublicKey(); 3159ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(expected, actual); 3169ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(Arrays.toString(expected.getEncoded()), 3179ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Arrays.toString(actual.getEncoded())); 3189ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3199ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3209ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getType(CertificateFactory f) throws Exception { 3219ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 3229ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("X.509", c.getType()); 3239ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3249ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3259ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void verify(CertificateFactory f) throws Exception { 3269ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 3279ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root PublicKey signer = getRsaCertificatePublicKey(); 3289ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3299ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root c.verify(signer); 3309ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3319ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); 3329ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root KeyPair pair = kpg.generateKeyPair(); 3339ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root PublicKey invalidKey = pair.getPublic(); 3349ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3359ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 3369ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root c.verify(invalidKey); 3379ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root fail("RSA signature should not verify"); 3389ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } catch (SignatureException expected) { 3399ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3409ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3419ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Provider[] providers = Security.getProviders("Signature." + c.getSigAlgName()); 3429ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root for (Provider p : providers) { 3434789598724fbf13a5d2e205c939358d9d87f6aefAlex Klyubin // Do not test AndroidKeyStore Provider. It does not accept vanilla public keys for 3444789598724fbf13a5d2e205c939358d9d87f6aefAlex Klyubin // signature verification. It's OKish not to test here because it's tested by 3454789598724fbf13a5d2e205c939358d9d87f6aefAlex Klyubin // cts/tests/tests/keystore. 3464789598724fbf13a5d2e205c939358d9d87f6aefAlex Klyubin if (p.getName().startsWith("AndroidKeyStore")) { 3474789598724fbf13a5d2e205c939358d9d87f6aefAlex Klyubin continue; 3484789598724fbf13a5d2e205c939358d9d87f6aefAlex Klyubin } 3494789598724fbf13a5d2e205c939358d9d87f6aefAlex Klyubin 3509ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root c.verify(signer, p.getName()); 3519ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3529ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 3539ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root c.verify(invalidKey, p.getName()); 3549ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root fail("RSA signature should not verify"); 3559ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } catch (SignatureException expected) { 3569ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3579ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3589ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3599ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3609ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void check_equals(CertificateFactory f) throws Exception { 3619ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c1 = getCertificate(f, CERT_RSA); 3629ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c2 = getCertificate(f, CERT_RSA); 3639ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3649ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(c1, c2); 3659ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3669ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c3 = getCertificate(f, CERT_DSA); 3679ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertFalse(c1.equals(c3)); 3689ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertFalse(c3.equals(c1)); 3699ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3709ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3719ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void check_toString(CertificateFactory f) throws Exception { 3729ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c1 = getCertificate(f, CERT_RSA); 3739ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3749ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root String output1 = c1.toString(); 3759ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNotNull(output1); 3769ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(output1.length() > 0); 3779ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3789ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c2 = getCertificate(f, CERT_RSA); 3799ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(c1.toString(), c2.toString()); 3809ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3819ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c3 = getCertificate(f, CERT_DSA); 3829ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertFalse(c3.toString().equals(c1.toString())); 3839ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3849ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3859ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void check_hashCode(CertificateFactory f) throws Exception { 3869ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c1 = getCertificate(f, CERT_RSA); 3879ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c2 = getCertificate(f, CERT_RSA); 3889ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3899ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(c1.hashCode(), c2.hashCode()); 3909ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3919ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c3 = getCertificate(f, CERT_DSA); 3929ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertFalse(c3.hashCode() == c1.hashCode()); 3939ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 3949ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 3959ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void checkValidity(CertificateFactory f) throws Exception { 3969ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 3979ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Calendar cal = Calendar.getInstance(); 3989ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Date[] dates = getRsaCertificateDates(); 3999ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4009ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* 4019ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * The certificate validity periods in the test certificate MUST lie 4029ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * within the tested period. The API doesn't appear to allow any other 4039ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * way to test this code path as an unprivileged user. 4049ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root */ 4059ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Date now = new Date(); 4069ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(now.after(dates[0])); 4079ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(now.before(dates[1])); 4089ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4099ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* This assumes the script makes a long-lived cert. */ 4109ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root c.checkValidity(); 4119ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4129ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* A day after the start date. */ 4139ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root cal.setTime(dates[0]); 4149ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root cal.add(Calendar.DAY_OF_MONTH, 1); 4159ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root c.checkValidity(cal.getTime()); 4169ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4179ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* A second before the start date. */ 4189ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root cal.setTime(dates[1]); 4199ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root cal.add(Calendar.SECOND, -1); 4209ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root c.checkValidity(cal.getTime()); 4219ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4229ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 4239ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root cal.setTime(dates[0]); 4249ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root cal.add(Calendar.SECOND, -1); 4259ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root c.checkValidity(cal.getTime()); 4269ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root fail(); 4279ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } catch (CertificateNotYetValidException expected) { 4289ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 4299ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4309ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 4319ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root cal.setTime(dates[0]); 4329ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root cal.add(Calendar.MONTH, -6); 4339ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root c.checkValidity(cal.getTime()); 4349ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root fail(); 4359ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } catch (CertificateNotYetValidException expected) { 4369ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 4379ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4389ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 4399ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root cal.setTime(dates[1]); 4409ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root cal.add(Calendar.SECOND, 1); 4419ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root c.checkValidity(cal.getTime()); 4429ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root fail(); 4439ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } catch (CertificateExpiredException expected) { 4449ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 4459ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4469ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root try { 4479ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root cal.setTime(dates[1]); 4489ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root cal.add(Calendar.YEAR, 1); 4499ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root c.checkValidity(cal.getTime()); 4509ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root fail(); 4519ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } catch (CertificateExpiredException expected) { 4529ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 4539ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 4549ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4559ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getVersion(CertificateFactory f) throws Exception { 4569ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 4579ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(3, c.getVersion()); 4589ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 4599ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4609ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSerialNumber(CertificateFactory f) throws Exception { 4619ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 4629ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root BigInteger actual = getRsaCertificateSerial(); 4639ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4649ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(actual, c.getSerialNumber()); 4659ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 4669ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4679ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getIssuerDN(CertificateFactory f) throws Exception { 4689ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 4699ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4709ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Principal princ = c.getIssuerDN(); 4719ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root if (StandardNames.IS_RI) { 4729ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("OU=NetOps, O=Genius.com Inc, L=San Mateo, ST=California, C=US", 4739ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName()); 4749ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } else { 4759ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root if ("BC".equals(f.getProvider().getName())) { 4769ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root // TODO: is it acceptable to have this in reverse order? 4779ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(f.getProvider().getName(), 4789ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root "C=US,ST=California,L=San Mateo,O=Genius.com Inc,OU=NetOps", 4799ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName()); 4809ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } else { 4819ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("OU=NetOps,O=Genius.com Inc,L=San Mateo,ST=California,C=US", 4829ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName()); 4839ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 4849ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 4859ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4869ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c2 = getCertificate(f, CERT_RSA); 4879ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(princ, c2.getIssuerDN()); 4889ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 4899ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4909ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getIssuerX500Principal(CertificateFactory f) throws Exception { 4919ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 4929ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 4939ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final byte[] expected = new byte[] { 4949ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x30, 0x60, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 4959ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 4969ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x13, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 4979ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x53, 4989ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x61, 0x6e, 0x20, 0x4d, 0x61, 0x74, 0x65, 0x6f, 0x31, 0x17, 0x30, 0x15, 4999ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x47, 0x65, 0x6e, 0x69, 0x75, 5009ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x0f, 0x30, 5019ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x06, 0x4e, 0x65, 0x74, 0x4f, 5029ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x70, 0x73 5039ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root }; 5049ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X500Principal princ = c.getIssuerX500Principal(); 5059ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(Arrays.toString(expected), 5069ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Arrays.toString(princ.getEncoded())); 5079ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("OU=NetOps,O=Genius.com Inc,L=San Mateo,ST=California,C=US", 5089ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName()); 5099ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("ou=netops,o=genius.com inc,l=san mateo,st=california,c=us", 5109ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName(X500Principal.CANONICAL)); 5119ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("OU=NetOps, O=Genius.com Inc, L=San Mateo, ST=California, C=US", 5129ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName(X500Principal.RFC1779)); 5139ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("OU=NetOps,O=Genius.com Inc,L=San Mateo,ST=California,C=US", 5149ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName(X500Principal.RFC2253)); 5159ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5169ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c2 = getCertificate(f, CERT_RSA); 5179ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(princ, c2.getIssuerX500Principal()); 5189ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 5199ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5209ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSubjectDN(CertificateFactory f) throws Exception { 5219ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 5229ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5239ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Principal princ = c.getSubjectDN(); 5249ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root if (StandardNames.IS_RI) { 5259ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("OU=NetOps, O=Genius.com Inc, L=San Mateo, ST=California, C=US", 5269ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName()); 5279ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } else { 5289ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root if ("BC".equals(f.getProvider().getName())) { 5299ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root // TODO: is it acceptable to have this in reverse order? 5309ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(f.getProvider().getName(), 5319ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root "C=US,ST=California,L=San Mateo,O=Genius.com Inc,OU=NetOps", 5329ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName()); 5339ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } else { 5349ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("OU=NetOps,O=Genius.com Inc,L=San Mateo,ST=California,C=US", 5359ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName()); 5369ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 5379ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 5389ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5399ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c2 = getCertificate(f, CERT_RSA); 5409ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(princ, c2.getSubjectDN()); 5419ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 5429ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5439ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSubjectUniqueID(CertificateFactory f) throws Exception { 5449ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* This certificate has no unique ID. */ 5459ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 5469ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNull(c.getSubjectUniqueID()); 5479ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5489ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root // TODO: generate certificate that has a SubjectUniqueID field. 5499ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 5509ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5519ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getIssuerUniqueID(CertificateFactory f) throws Exception { 5529ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* This certificate has no unique ID. */ 5539ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 5549ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNull(c.getIssuerUniqueID()); 5559ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5569ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root // TODO: generate certificate that has a IssuerUniqueID field. 5579ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 5589ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5599ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSubjectX500Principal(CertificateFactory f) throws Exception { 5609ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 5619ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5629ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final byte[] expected = new byte[] { 5639ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x30, 0x60, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 5649ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 5659ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x13, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 5669ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x53, 5679ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x61, 0x6e, 0x20, 0x4d, 0x61, 0x74, 0x65, 0x6f, 0x31, 0x17, 0x30, 0x15, 5689ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x47, 0x65, 0x6e, 0x69, 0x75, 5699ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x0f, 0x30, 5709ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x06, 0x4e, 0x65, 0x74, 0x4f, 5719ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x70, 0x73 5729ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root }; 5739ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X500Principal princ = c.getSubjectX500Principal(); 5749ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(Arrays.toString(expected), 5759ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Arrays.toString(princ.getEncoded())); 5769ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("OU=NetOps,O=Genius.com Inc,L=San Mateo,ST=California,C=US", 5779ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName()); 5789ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("ou=netops,o=genius.com inc,l=san mateo,st=california,c=us", 5799ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName(X500Principal.CANONICAL)); 5809ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("OU=NetOps, O=Genius.com Inc, L=San Mateo, ST=California, C=US", 5819ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName(X500Principal.RFC1779)); 5829ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("OU=NetOps,O=Genius.com Inc,L=San Mateo,ST=California,C=US", 5839ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root princ.getName(X500Principal.RFC2253)); 5849ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5859ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c2 = getCertificate(f, CERT_RSA); 5869ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(princ, c2.getSubjectX500Principal()); 5879ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 5889ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5899ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static void assertDateEquals(Date date1, Date date2) throws Exception { 5909ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root SimpleDateFormat formatter = new SimpleDateFormat("dd MMM yyyy HH:mm:ss"); 5919ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5929ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root String result1 = formatter.format(date1); 5939ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root String result2 = formatter.format(date2); 5949ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5959ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(result1, result2); 5969ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 5979ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 5989ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getNotBeforeAndNotAfterDates(CertificateFactory f) throws Exception { 5999ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 6009ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Date[] dates = getRsaCertificateDates(); 6019ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 6029ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertDateEquals(dates[0], c.getNotBefore()); 6039ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertDateEquals(dates[1], c.getNotAfter()); 6049ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6059ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 6069ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSigAlgName(CertificateFactory f) throws Exception { 6079ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 6089ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* The test certificate is sha1WithRSAEncryption */ 6099ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 6109ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("SHA1WITHRSA", c.getSigAlgName().toUpperCase(Locale.US)); 6119ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6129ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 6139ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 6149ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* The test certificate is sha1WithRSAEncryption */ 6159ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_DSA); 6169ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("SHA1WITHDSA", c.getSigAlgName().toUpperCase(Locale.US)); 6179ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6189ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 6199ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 6209ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* The test certificate is sha1WithRSAEncryption */ 6219ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_EC); 62259bfac2da38e56ca76d0d402c32632d1c13a6ab5Kenny Root assertEquals("SHA1WITHECDSA", c.getSigAlgName().toUpperCase(Locale.US)); 6239ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6249ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6259ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 6269ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSigAlgOID(CertificateFactory f) throws Exception { 6279ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 6289ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* The test certificate is sha1WithRSAEncryption */ 6299ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 6309ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("1.2.840.113549.1.1.5", c.getSigAlgOID()); 6319ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6329ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 6339ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 6349ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* The test certificate is sha1WithRSAEncryption */ 6359ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_DSA); 6369ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("1.2.840.10040.4.3", c.getSigAlgOID()); 6379ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6389ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 6399ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 6409ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* The test certificate is sha1WithRSAEncryption */ 6419ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_EC); 6429ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("1.2.840.10045.4.1", c.getSigAlgOID()); 6439ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6449ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6459ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 6469ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSigAlgParams(CertificateFactory f) throws Exception { 6479ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 6489ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 649a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root // RI appears to disagree 650a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root if (StandardNames.IS_RI) { 6519ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNull(f.getProvider().getName(), c.getSigAlgParams()); 652a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root } else { 653a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root assertNotNull(f.getProvider().getName(), c.getSigAlgParams()); 6549ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6559ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6569ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 6579ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 6589ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_DSA); 6599ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNull(f.getProvider().getName(), c.getSigAlgParams()); 6609ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6619ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 6629ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 6639ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_EC); 6649ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNull(f.getProvider().getName(), c.getSigAlgParams()); 6659ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 666a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root 667a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root { 668a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root X509Certificate c = getCertificate(f, CERT_SIGOPT); 669a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root 670a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root /* SEQUENCE, INTEGER 1 */ 671a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root final byte[] expected = new byte[] { 672a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root /* SEQUENCE, constructed, len=5 */ 673a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root (byte) 0x30, (byte) 0x05, 674a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root /* Type=2, constructed, context-specific, len=3 */ 675a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root (byte) 0xA2, (byte) 0x03, 676a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root /* INTEGER, len=1, value=1 */ 677a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root (byte) 0x02, (byte) 0x01, (byte) 0x01, 678a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root }; 679a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root 680a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root final byte[] params = c.getSigAlgParams(); 681a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root assertNotNull(f.getProvider().getName(), params); 682a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root assertEquals(Arrays.toString(expected), Arrays.toString(params)); 683a698d224635ccfe3f141ccf627221271aa53bf69Kenny Root } 6849ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 6859ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 6869ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getKeyUsage(CertificateFactory f) throws Exception { 6879ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 6889ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* The test certificate is sha1WithRSAEncryption */ 6899ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 6909ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root boolean[] expected = new boolean[] { 6919ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* digitalSignature (0) */ 6929ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* nonRepudiation (1) */ 6939ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* keyEncipherment (2) */ 6949ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* dataEncipherment (3) */ 6959ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* keyAgreement (4) */ 6969ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* keyCertSign (5) */ 6979ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* cRLSign (6) */ 6989ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* encipherOnly (7) */ 6999ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* decipherOnly (8) */ 7009ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root }; 7019ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(Arrays.toString(expected), Arrays.toString(c.getKeyUsage())); 7029ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 7039ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 7049ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 7059ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* The test certificate is sha1WithRSAEncryption */ 7069ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_DSA); 7079ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root boolean[] expected = new boolean[] { 7089ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* digitalSignature (0) */ 7099ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* nonRepudiation (1) */ 7109ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* keyEncipherment (2) */ 7119ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* dataEncipherment (3) */ 7129ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* keyAgreement (4) */ 7139ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* keyCertSign (5) */ 7149ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* cRLSign (6) */ 7159ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* encipherOnly (7) */ 7169ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* decipherOnly (8) */ 7179ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root }; 7189ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root boolean[] actual = c.getKeyUsage(); 7199ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(9, actual.length); 7209ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(Arrays.toString(expected), Arrays.toString(actual)); 7219ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 7229ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 7239ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 7249ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* The test certificate is sha1WithRSAEncryption */ 7259ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_EC); 7269ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root boolean[] expected = new boolean[] { 7279ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* digitalSignature (0) */ 7289ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* nonRepudiation (1) */ 7299ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* keyEncipherment (2) */ 7309ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* dataEncipherment (3) */ 7319ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* keyAgreement (4) */ 7329ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* keyCertSign (5) */ 7339ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* cRLSign (6) */ 7349ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root false, /* encipherOnly (7) */ 7359ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* decipherOnly (8) */ 7369ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root }; 7379ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root boolean[] actual = c.getKeyUsage(); 7389ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(9, actual.length); 7399ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(Arrays.toString(expected), Arrays.toString(actual)); 7409ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 7419ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 7429ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 7439ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* All the bits are set in addition to some extra ones. */ 7449ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_KEYUSAGE_EXTRALONG); 7459ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root boolean[] expected = new boolean[] { 7469ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* digitalSignature (0) */ 7479ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* nonRepudiation (1) */ 7489ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* keyEncipherment (2) */ 7499ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* dataEncipherment (3) */ 7509ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* keyAgreement (4) */ 7519ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* keyCertSign (5) */ 7529ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* cRLSign (6) */ 7539ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* encipherOnly (7) */ 7549ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* decipherOnly (8) */ 7559ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* ????? (9) */ 7569ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root true, /* ????? (10) */ 7579ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root }; 7589ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root boolean[] actual = c.getKeyUsage(); 7599ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(11, actual.length); 7609ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(Arrays.toString(expected), Arrays.toString(actual)); 7619ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 7629ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 7639ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 7649ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getExtendedKeyUsage(CertificateFactory f) throws Exception { 7659ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 7669ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* No ExtendedKeyUsage section */ 7679ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final X509Certificate c = getCertificate(f, CERT_RSA); 7689ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root List<String> actual = c.getExtendedKeyUsage(); 7699ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNull(actual); 7709ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 7719ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 7729ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 7739ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* ExtendedKeyUsage section with one entry of OID 1.2.3.4 */ 7749ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final X509Certificate c = getCertificate(f, CERT_EXTENDEDKEYUSAGE); 7759ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root List<String> actual = c.getExtendedKeyUsage(); 7769ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNotNull(actual); 7779ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(1, actual.size()); 7789ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("1.2.3.4", actual.get(0)); 7799ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 7809ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 7819ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 7829ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getBasicConstraints(CertificateFactory f) throws Exception { 7839ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* Non-CA cert with no pathLenConstraint */ 7849ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 7859ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final X509Certificate c = getCertificate(f, CERT_RSA); 7869ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(f.getProvider().getName(), -1, c.getBasicConstraints()); 7879ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 7889ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 7899ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* Non-CA cert with pathLenConstraint */ 7909ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 7919ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final X509Certificate c = getCertificate(f, CERT_USERWITHPATHLEN); 7929ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(f.getProvider().getName(), -1, c.getBasicConstraints()); 7939ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 7949ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 7959ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* CA cert with no pathLenConstraint */ 7969ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 7979ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final X509Certificate c = getCertificate(f, CERT_CA); 7989ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(f.getProvider().getName(), Integer.MAX_VALUE, c.getBasicConstraints()); 7999ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 8009ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 8019ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* CA cert with pathLenConstraint=10 */ 8029ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root { 8039ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final X509Certificate c = getCertificate(f, CERT_CAWITHPATHLEN); 8049ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(f.getProvider().getName(), 10, c.getBasicConstraints()); 8059ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 8069ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 8079ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 8089ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /** Encoding of: OID:1.2.3.4, UTF8:test1 */ 8099ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private static byte[] getOIDTestBytes() { 8109ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root if (StandardNames.IS_RI) { 8119ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root return new byte[] { 0x30, 0x10, 0x06, 0x03, 0x2a, 0x03, 0x04, (byte) 0xa0, 8129ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 0x09, (byte) 0xa0, 0x07, 0x0c, 0x05, 0x74, 0x65, 0x73, 0x74, 0x31 }; 8139ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } else { 8149ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root return new byte[] { (byte) 0xa0, 0x0e, 0x06, 0x03, 0x2a, 0x03, 0x04, 8159ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root (byte) 0xa0, 0x07, 0x0c, 0x05, 0x74, 0x65, 0x73, 0x74, 0x31 }; 8169ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 8179ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 8189ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 8199ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSubjectAlternativeNames(CertificateFactory f) throws Exception { 8209ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 82128d504c4188a5d25a7209e4d1c131e0afffa1fcfKenny Root Collection<List<?>> col = c.getSubjectAlternativeNames(); 8229ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 823d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom checkAlternativeNames(f, col); 8249ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 8259ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 826d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom private void checkAlternativeNames(CertificateFactory f, Collection<List<?>> col) throws Exception { 8279ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNotNull(col); 8289ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 829dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root /* Check to see that the Collection is unmodifiable. */ 830dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root { 831dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root try { 832dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root col.add(new ArrayList<Object>()); 833dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root fail("should be an unmodifiable list"); 834dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root } catch (UnsupportedOperationException expected) { 835dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root } 836dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root } 837dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root 8389ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* 8399ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * There should be 9 types of alternative names in this test 8409ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root * certificate. 8419ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root */ 8429ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root boolean[] typesFound = new boolean[9]; 8439ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 8449ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root for (List<?> item : col) { 845dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root /* Check to see that the List is unmodifiable. */ 846dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root { 847dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root try { 848dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root item.remove(0); 849dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root fail("should be an unmodifiable list"); 850dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root } catch (UnsupportedOperationException expected) { 851dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root } 852dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root } 853dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root 8549ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(0) instanceof Integer); 8559ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root int type = (Integer) item.get(0); 8569ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root typesFound[type] = true; 8579ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 8589ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root switch (type) { 8599ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root case 0: /* OtherName */ 8609ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final byte[] der = getOIDTestBytes(); 8619ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(Arrays.toString(der), Arrays.toString((byte[]) item.get(1))); 8629ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root break; 8639ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root case 1: /* rfc822Name: IA5String */ 8649ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("x509@example.com", (String) item.get(1)); 8659ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root break; 8669ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root case 2: /* dNSName: IA5String */ 8679ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("x509.example.com", (String) item.get(1)); 8689ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root break; 8699ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root case 3: /* x400Address: ORAddress */ 8709ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("UNSUPPORTED", (String) item.get(1)); 8719ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root break; 8729ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root case 4: /* directoryName: Name */ 873d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom if ("BC".equals(f.getProvider().getName())) { 874d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom // Bouncycastle doesn't parse T61String as UTF-8 like the RI, libcore, or OpenSSL. 875d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom byte[] bytes = "CN=∆ƒ,OU=Über Frîends,O=Awesome Dudes,C=US".getBytes("UTF-8"); 876d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom String string = new String(bytes, 0); 877d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom assertEquals(string, (String) item.get(1)); 878d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom } else { 879d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom assertEquals("CN=∆ƒ,OU=Über Frîends,O=Awesome Dudes,C=US", (String) item.get(1)); 880d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom } 8819ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root break; 8829ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root case 5: /* ediPartyName */ 8839ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("UNSUPPORTED", Arrays.toString((byte[]) item.get(1))); 8849ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root break; 8859ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root case 6: /* uniformResourceIdentifier: IA5String */ 8869ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("http://www.example.com/?q=awesomeness", (String) item.get(1)); 8879ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root break; 8889ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root case 7: /* iPAddress */ 8899ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("192.168.0.1", (String) item.get(1)); 8909ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root break; 8919ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root case 8: 8929ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("1.2.3.4", (String) item.get(1)); 8939ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root break; 8949ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 8959ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 8969ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 8979ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Set<Integer> missing = new HashSet<Integer>(); 8989ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root for (int i = 0; i < typesFound.length; i++) { 8999ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root if (!typesFound[i]) { 9009ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root missing.add(i); 9019ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 9029ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 9039ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9049ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root // TODO: fix X.400 names and ediPartyName 9059ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root missing.remove(3); 9069ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root missing.remove(5); 9079ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9089ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root if (!missing.isEmpty()) { 9099ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root fail("Missing types: " + Arrays.toString(missing.toArray(new Integer[missing.size()]))); 9109ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 9119ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 9129ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9139ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSubjectAlternativeNames_IPV6(CertificateFactory f) throws Exception { 9149ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_IPV6); 9159ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Collection<List<?>> col = c.getSubjectAlternativeNames(); 9169ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9179ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNotNull(f.getProvider().getName(), col); 9189ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9199ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(1, col.size()); 9209ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root List<?> item = col.iterator().next(); 9219ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9229ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(0) instanceof Integer); 9239ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(7 == (Integer) item.get(0)); 9249ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9259ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(1) instanceof String); 9269ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root // RI doesn't apply all the IPv6 shortening rules 9279ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root if (StandardNames.IS_RI) { 9289ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("2001:db8:0:0:0:ff00:42:8329", (String) item.get(1)); 9299ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } else { 9309ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("2001:db8::ff00:42:8329", (String) item.get(1)); 9319ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 9329ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 9339ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9349ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSubjectAlternativeNames_InvalidIP(CertificateFactory f) throws Exception { 9359ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_INVALIDIP); 9363b14c4bd5c7ce28ed3485bd24285c58424c074afKenny Root Collection<List<?>> col = c.getSubjectAlternativeNames(); 9379ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNull(col); 9389ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 9399ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9409ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSubjectAlternativeNames_Other(CertificateFactory f) throws Exception { 9419ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_ALT_OTHER); 9429ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Collection<List<?>> col = c.getSubjectAlternativeNames(); 9439ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9449ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNotNull(f.getProvider().getName(), col); 9459ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9469ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(1, col.size()); 9479ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root List<?> item = col.iterator().next(); 9489ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9499ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(0) instanceof Integer); 9509ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(0 == (Integer) item.get(0)); 9519ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9529ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root /* OID:1.2.3.4, UTF8:test1 */ 9539ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root final byte[] der = getOIDTestBytes(); 954dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root final byte[] actual = (byte[]) item.get(1); 955dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root assertEquals(Arrays.toString(der), Arrays.toString(actual)); 956dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root 957dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root /* Make sure the byte[] array isn't modified by our test. */ 958dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root { 959dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root actual[0] ^= (byte) 0xFF; 960dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root byte[] actual2 = (byte[]) c.getSubjectAlternativeNames().iterator().next().get(1); 961dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root 962dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root if (!StandardNames.IS_RI) { 963dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root assertEquals(Arrays.toString(der), Arrays.toString(actual2)); 964dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root } else { 965dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root /* RI is broken here. */ 966dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root assertEquals(Arrays.toString(actual), Arrays.toString(actual2)); 967dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root } 968dd94f8009771072a170cdba3fc582c63aaaa5387Kenny Root } 9699ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 9709ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9719ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSubjectAlternativeNames_Email(CertificateFactory f) throws Exception { 9729ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_ALT_EMAIL); 9739ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Collection<List<?>> col = c.getSubjectAlternativeNames(); 9749ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9759ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNotNull(f.getProvider().getName(), col); 9769ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9779ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(1, col.size()); 9789ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root List<?> item = col.iterator().next(); 9799ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9809ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(0) instanceof Integer); 9819ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(1 == (Integer) item.get(0)); 9829ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9839ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(1) instanceof String); 9849ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("x509@example.com", (String) item.get(1)); 9859ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 9869ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9879ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSubjectAlternativeNames_DNS(CertificateFactory f) throws Exception { 9889ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_ALT_DNS); 9899ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Collection<List<?>> col = c.getSubjectAlternativeNames(); 9909ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9919ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNotNull(f.getProvider().getName(), col); 9929ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9939ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(1, col.size()); 9949ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root List<?> item = col.iterator().next(); 9959ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9969ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(0) instanceof Integer); 9979ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(2 == (Integer) item.get(0)); 9989ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 9999ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(1) instanceof String); 10009ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("x509.example.com", (String) item.get(1)); 10019ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 10029ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10039ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSubjectAlternativeNames_DirName(CertificateFactory f) throws Exception { 10049ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_ALT_DIRNAME); 100528d504c4188a5d25a7209e4d1c131e0afffa1fcfKenny Root Collection<List<?>> col = c.getSubjectAlternativeNames(); 10069ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10079ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNotNull(f.getProvider().getName(), col); 10089ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10099ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(1, col.size()); 10109ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root List<?> item = col.iterator().next(); 10119ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10129ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(0) instanceof Integer); 10139ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(String.valueOf((Integer) item.get(0)), 4 == (Integer) item.get(0)); 10149ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10159ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(1) instanceof String); 1016d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom if ("BC".equals(f.getProvider().getName())) { 1017d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom // Bouncycastle doesn't parse T61String as UTF-8 like the RI, libcore, or OpenSSL. 1018d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom byte[] bytes = "CN=∆ƒ,OU=Über Frîends,O=Awesome Dudes,C=US".getBytes("UTF-8"); 1019d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom String string = new String(bytes, 0); 1020d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom assertEquals(string, (String) item.get(1)); 1021d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom } else { 1022d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom assertEquals("CN=∆ƒ,OU=Über Frîends,O=Awesome Dudes,C=US", (String) item.get(1)); 1023d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom } 10249ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 10259ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10269ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSubjectAlternativeNames_URI(CertificateFactory f) throws Exception { 10279ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_ALT_URI); 10289ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Collection<List<?>> col = c.getSubjectAlternativeNames(); 10299ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10309ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNotNull(f.getProvider().getName(), col); 10319ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10329ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(1, col.size()); 10339ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root List<?> item = col.iterator().next(); 10349ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10359ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(0) instanceof Integer); 10369ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(6 == (Integer) item.get(0)); 10379ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10389ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(1) instanceof String); 10399ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("http://www.example.com/?q=awesomeness", (String) item.get(1)); 10409ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 10419ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10429ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSubjectAlternativeNames_RID(CertificateFactory f) throws Exception { 10439ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_ALT_RID); 10449ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Collection<List<?>> col = c.getSubjectAlternativeNames(); 10459ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10469ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertNotNull(f.getProvider().getName(), col); 10479ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10489ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(1, col.size()); 10499ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root List<?> item = col.iterator().next(); 10509ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10519ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(0) instanceof Integer); 10529ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(8 == (Integer) item.get(0)); 10539ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10549ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(item.get(1) instanceof String); 10559ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals("1.2.3.4", (String) item.get(1)); 10569ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 10579ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10580d7f656d7d7bdb65531cf97d25060a426d03ae76Kenny Root private void getSubjectAlternativeNames_None(CertificateFactory f) throws Exception { 10590d7f656d7d7bdb65531cf97d25060a426d03ae76Kenny Root X509Certificate c = getCertificate(f, CERT_ALT_NONE); 10600d7f656d7d7bdb65531cf97d25060a426d03ae76Kenny Root Collection<List<?>> col = c.getSubjectAlternativeNames(); 10610d7f656d7d7bdb65531cf97d25060a426d03ae76Kenny Root assertNull(col); 10620d7f656d7d7bdb65531cf97d25060a426d03ae76Kenny Root } 10630d7f656d7d7bdb65531cf97d25060a426d03ae76Kenny Root 10649ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getIssuerAlternativeNames(CertificateFactory f) throws Exception { 10659ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 1066b08a5d625a515dc56eb6a02afa2504f09dffe810Kenny Root Collection<List<?>> col = c.getIssuerAlternativeNames(); 10679ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 1068d025181464bba4d7006e730d521c4acb319264cdBrian Carlstrom checkAlternativeNames(f, col); 10699ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 10709ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10719ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getSignature(CertificateFactory f) throws Exception { 10729ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 10739ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10749ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(Arrays.toString(getRsaCertificateSignature()), 10759ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Arrays.toString(c.getSignature())); 10769ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 10779ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10789ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getTBSCertificate(CertificateFactory f) throws Exception { 10799ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 10809ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10819ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(Arrays.toString(getRsaCertificateTbs()), 10829ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root Arrays.toString(c.getTBSCertificate())); 10839ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 10849ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10859ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void hasUnsupportedCriticalExtension(CertificateFactory f) throws Exception { 10869ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 10879ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertFalse(c.hasUnsupportedCriticalExtension()); 10889ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10899ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate unsupported = getCertificate(f, CERT_UNSUPPORTED); 10909ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertTrue(unsupported.hasUnsupportedCriticalExtension()); 10919ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 10929ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10939ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root private void getEncoded(CertificateFactory f) throws Exception { 10949ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root X509Certificate c = getCertificate(f, CERT_RSA); 10959ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10969ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root byte[] cBytes = getResourceAsBytes(CERT_RSA); 10979ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 10989ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root assertEquals(Arrays.toString(cBytes), Arrays.toString(c.getEncoded())); 10999ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 11009ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 1101e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root private void generateCertificate_PEM_TrailingData(CertificateFactory f) throws Exception { 1102e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root byte[] certsBytes = getResourceAsBytes(CERTS_X509_PEM); 1103e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root byte[] certsTwice = new byte[certsBytes.length * 2]; 1104e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root System.arraycopy(certsBytes, 0, certsTwice, 0, certsBytes.length); 1105e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root System.arraycopy(certsBytes, 0, certsTwice, certsBytes.length, certsBytes.length); 1106e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root ByteArrayInputStream bais = new ByteArrayInputStream(certsTwice); 1107e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1108e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(certsBytes.length * 2, bais.available()); 1109e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root X509Certificate cert1 = (X509Certificate) f.generateCertificate(bais); 1110e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root // TODO: If we had a single PEM certificate, we could know exact bytes. 1111e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertTrue(certsBytes.length < bais.available()); 1112e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1113e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1114e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root private void generateCertificate_DER_TrailingData(CertificateFactory f) throws Exception { 1115e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root byte[] cert1Bytes = getResourceAsBytes(CERT_RSA); 1116e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root byte[] cert1WithTrailing = new byte[cert1Bytes.length * 2]; 1117e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root System.arraycopy(cert1Bytes, 0, cert1WithTrailing, 0, cert1Bytes.length); 1118e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root System.arraycopy(cert1Bytes, 0, cert1WithTrailing, cert1Bytes.length, cert1Bytes.length); 1119e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root ByteArrayInputStream bais = new ByteArrayInputStream(cert1WithTrailing); 1120e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1121e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(cert1Bytes.length * 2, bais.available()); 1122e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root X509Certificate cert1 = (X509Certificate) f.generateCertificate(bais); 1123e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(cert1Bytes.length, bais.available()); 1124e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1125e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1126309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root private void generateCertificates_X509_DER(CertificateFactory f) throws Exception { 1127309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root /* DER-encoded list of certificates */ 1128309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root Collection<? extends X509Certificate> certs = getCertificates(f, CERTS_X509_DER); 1129309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root assertNotNull(certs); 1130309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root assertEquals(2, certs.size()); 1131309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root } 1132309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root 1133309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root private void generateCertificates_X509_PEM(CertificateFactory f) throws Exception { 1134309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root /* PEM-encoded list of certificates */ 1135309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root Collection<? extends X509Certificate> certs = getCertificates(f, CERTS_X509_PEM); 1136309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root assertNotNull(certs); 1137309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root assertEquals(2, certs.size()); 1138309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root } 1139309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root 1140309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root private void generateCertificates_PKCS7_PEM(CertificateFactory f) throws Exception { 1141309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root /* PEM-encoded PKCS7 bag of certificates */ 1142309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root Collection<? extends X509Certificate> certs = getCertificates(f, CERTS_PKCS7_PEM); 1143309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root assertNotNull(certs); 1144309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root if ("BC".equals(f.getProvider().getName())) { 1145309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root // Bouncycastle is broken 1146309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root assertEquals(0, certs.size()); 1147309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root } else { 1148309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root assertEquals(2, certs.size()); 1149309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root } 1150309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root } 1151309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root 1152309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root private void generateCertificates_PKCS7_DER(CertificateFactory f) throws Exception { 1153309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root /* DER-encoded PKCS7 bag of certificates */ 1154309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root Collection<? extends X509Certificate> certs = getCertificates(f, CERTS_PKCS7_DER); 1155309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root assertNotNull(certs); 1156309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root assertEquals(2, certs.size()); 1157309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root } 1158309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root 1159309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root private void generateCertificates_Empty(CertificateFactory f) throws Exception { 1160309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root final InputStream is = new ByteArrayInputStream(new byte[0]); 1161309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root 11623b0aee6ea60c14ba1e1e876b511dceb55131770dKenny Root final Collection<? extends Certificate> certs = f.generateCertificates(is); 1163e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1164309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root assertNotNull(certs); 1165309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root assertEquals(0, certs.size()); 1166309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root } 1167309e456e6f3b603b50806a24c56abd9fdb3bd7a9Kenny Root 1168e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root private void generateCertificates_X509_PEM_TrailingData(CertificateFactory f) throws Exception { 1169e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root byte[] certBytes = getResourceAsBytes(CERTS_X509_PEM); 1170e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root byte[] certsPlusExtra = new byte[certBytes.length + 4096]; 1171e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root System.arraycopy(certBytes, 0, certsPlusExtra, 0, certBytes.length); 1172e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root ByteArrayInputStream bais = new ByteArrayInputStream(certsPlusExtra); 1173e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1174e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(certsPlusExtra.length, bais.available()); 1175e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1176e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root // RI is broken 1177e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root try { 1178e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root Collection<? extends X509Certificate> certs = (Collection<? extends X509Certificate>) 1179e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root f.generateCertificates(bais); 1180e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root if (StandardNames.IS_RI) { 1181bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root return; 1182e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1183e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } catch (CertificateParsingException e) { 1184e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root if (StandardNames.IS_RI) { 1185e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root return; 1186e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1187e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root throw e; 1188e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1189e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1190e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root // Bouncycastle is broken 1191e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root if ("BC".equals(f.getProvider().getName())) { 1192e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(0, bais.available()); 1193e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } else { 1194e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(4096, bais.available()); 1195e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1196e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1197e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1198e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root private void generateCertificates_X509_DER_TrailingData(CertificateFactory f) throws Exception { 1199e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root byte[] certBytes = getResourceAsBytes(CERTS_X509_DER); 1200e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root byte[] certsPlusExtra = new byte[certBytes.length + 4096]; 1201e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root System.arraycopy(certBytes, 0, certsPlusExtra, 0, certBytes.length); 1202e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root ByteArrayInputStream bais = new ByteArrayInputStream(certsPlusExtra); 1203e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1204e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(certsPlusExtra.length, bais.available()); 1205e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1206e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root // RI is broken 1207e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root try { 1208e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root Collection<? extends X509Certificate> certs = (Collection<? extends X509Certificate>) 1209e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root f.generateCertificates(bais); 1210e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root if (StandardNames.IS_RI) { 1211bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root return; 1212e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1213e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } catch (CertificateParsingException e) { 1214e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root if (StandardNames.IS_RI) { 1215e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root return; 1216e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1217e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root throw e; 1218e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1219e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1220e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root // Bouncycastle is broken 1221e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root if ("BC".equals(f.getProvider().getName())) { 1222e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(0, bais.available()); 1223e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } else { 1224e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(4096, bais.available()); 1225e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1226e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1227e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1228e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root private void generateCertificates_PKCS7_PEM_TrailingData(CertificateFactory f) throws Exception { 1229e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root byte[] certBytes = getResourceAsBytes(CERTS_PKCS7_PEM); 1230e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root byte[] certsPlusExtra = new byte[certBytes.length + 4096]; 1231e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root System.arraycopy(certBytes, 0, certsPlusExtra, 0, certBytes.length); 1232e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root ByteArrayInputStream bais = new ByteArrayInputStream(certsPlusExtra); 1233e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1234e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(certsPlusExtra.length, bais.available()); 1235e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root Collection<? extends X509Certificate> certs = (Collection<? extends X509Certificate>) 1236e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root f.generateCertificates(bais); 1237e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1238e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root // Bouncycastle is broken 1239e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root if ("BC".equals(f.getProvider().getName())) { 1240e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(0, bais.available()); 1241e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } else { 1242e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(4096, bais.available()); 1243e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1244e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1245e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1246e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root private void generateCertificates_PKCS7_DER_TrailingData(CertificateFactory f) throws Exception { 1247e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root byte[] certBytes = getResourceAsBytes(CERTS_PKCS7_DER); 1248e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root byte[] certsPlusExtra = new byte[certBytes.length + 4096]; 1249e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root System.arraycopy(certBytes, 0, certsPlusExtra, 0, certBytes.length); 1250e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root ByteArrayInputStream bais = new ByteArrayInputStream(certsPlusExtra); 1251e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1252e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root assertEquals(certsPlusExtra.length, bais.available()); 1253e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root Collection<? extends X509Certificate> certs = (Collection<? extends X509Certificate>) 1254e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root f.generateCertificates(bais); 1255e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1256bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root assertEquals(4096, bais.available()); 1257e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root } 1258e4905fecbdadb33b24f0e9b76f30d15a8d8dbc5bKenny Root 1259eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root private void test_Serialization(CertificateFactory f) throws Exception { 1260eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root for (String certName : VARIOUS_CERTS) { 1261eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root X509Certificate expected = getCertificate(f, certName); 1262eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root 1263eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root ByteArrayOutputStream baos = new ByteArrayOutputStream(); 1264eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root ObjectOutputStream oos = new ObjectOutputStream(baos); 1265eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root try { 1266eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root oos.writeObject(expected); 1267eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root } finally { 1268eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root oos.close(); 1269eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root } 1270eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root 1271eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root byte[] certBytes = baos.toByteArray(); 1272eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root 1273eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root ByteArrayInputStream bais = new ByteArrayInputStream(certBytes); 1274eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root try { 1275eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root ObjectInputStream ois = new ObjectInputStream(bais); 1276eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root 1277eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root X509Certificate actual = (X509Certificate) ois.readObject(); 1278eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root 1279eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root assertEquals(certName, expected, actual); 1280eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root } finally { 1281eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root bais.close(); 1282eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root } 1283eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root } 1284eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root } 1285eedd8375f1710162ba9f7b4cd92020c047a87856Kenny Root 1286bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root private void test_UnknownUnmappedKeyOID(CertificateFactory f) throws Exception { 1287bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root byte[] certBytes = generateFakeOidCertificate(); 1288bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root 1289bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root { 1290bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root X509Certificate cert = (X509Certificate) f 1291bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root .generateCertificate(new ByteArrayInputStream(certBytes)); 1292bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root assertEquals(FakeOidProvider.SIGALG_OID, cert.getSigAlgOID()); 1293bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root assertEquals(FakeOidProvider.SIGALG_OID, cert.getSigAlgName()); 1294bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } 1295bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } 1296bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root 1297bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root private byte[] generateFakeOidCertificate() throws IOException { 1298bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root byte[] certBytes; 1299bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root 1300bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root // Read in the original cert. 1301bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root { 1302bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root InputStream is = null; 1303bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root try { 1304bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root is = Support_Resources.getStream(CERT_RSA); 1305bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root 1306bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root ByteArrayOutputStream baos = new ByteArrayOutputStream(); 1307bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root byte[] buffer = new byte[2048]; 1308bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root int numRead; 1309bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root while ((numRead = is.read(buffer, 0, buffer.length)) != -1) { 1310bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root baos.write(buffer, 0, numRead); 1311bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } 1312bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root certBytes = baos.toByteArray(); 1313bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } finally { 1314bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root if (is != null) { 1315bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root try { 1316bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root is.close(); 1317bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } catch (IOException ignored) { 1318bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } 1319bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } 1320bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } 1321bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } 1322bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root 1323bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root // Fix the OID for the certificate. 1324bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root { 1325bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root int numFixed = 0; 1326bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root for (int i = 0; i < certBytes.length - 5; i++) { 1327bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root if (certBytes[i] == (byte) 0x2A && certBytes[i + 1] == (byte) 0x86 1328bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root && certBytes[i + 2] == (byte) 0x48 && certBytes[i + 3] == (byte) 0x86 1329bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root && certBytes[i + 4] == (byte) 0xF7) { 1330bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root certBytes[i + 1] = (byte) 0xFF; 1331bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root certBytes[i + 2] = (byte) 0xFF; 1332bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root certBytes[i + 3] = (byte) 0xFF; 1333bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root i += 4; 1334bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root numFixed++; 1335bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } 1336bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } 1337bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root assertEquals(3, numFixed); 1338bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } 1339bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root return certBytes; 1340bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root } 1341bf1ac91052d6481f670f45aac3c93347b2390d4fKenny Root 13429ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root @Override 13439ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root protected void setUp() throws Exception { 13449ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root super.setUp(); 13459ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root 13469ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root mX509Providers = Security.getProviders("CertificateFactory.X509"); 13479ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root } 13489ca3d0733e7f93c140fdc693ffb0aaaa21de7a19Kenny Root} 1349