1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18package tests.security.cert; 19 20import java.io.ByteArrayInputStream; 21import java.io.IOException; 22import java.math.BigInteger; 23import java.security.InvalidAlgorithmParameterException; 24import java.security.InvalidKeyException; 25import java.security.NoSuchAlgorithmException; 26import java.security.NoSuchProviderException; 27import java.security.Principal; 28import java.security.PublicKey; 29import java.security.SignatureException; 30import java.security.cert.CertPath; 31import java.security.cert.CertPathBuilder; 32import java.security.cert.CertPathBuilderException; 33import java.security.cert.CertificateEncodingException; 34import java.security.cert.CertificateException; 35import java.security.cert.CertificateExpiredException; 36import java.security.cert.CertificateFactory; 37import java.security.cert.CertificateNotYetValidException; 38import java.security.cert.CertificateParsingException; 39import java.security.cert.PKIXBuilderParameters; 40import java.security.cert.PKIXCertPathBuilderResult; 41import java.security.cert.TrustAnchor; 42import java.security.cert.X509CertSelector; 43import java.security.cert.X509Certificate; 44import java.util.ArrayList; 45import java.util.Arrays; 46import java.util.Calendar; 47import java.util.Collection; 48import java.util.Collections; 49import java.util.Date; 50import java.util.HashSet; 51import java.util.List; 52import java.util.Set; 53import javax.security.auth.x500.X500Principal; 54 55import junit.framework.TestCase; 56 57import org.apache.harmony.security.tests.support.TestKeyPair; 58import org.apache.harmony.security.tests.support.cert.MyCRL; 59import org.apache.harmony.security.tests.support.cert.TestUtils; 60 61import sun.security.util.ObjectIdentifier; 62import sun.security.util.DerOutputStream; 63 64import sun.security.x509.CertificatePoliciesExtension; 65import sun.security.x509.CertificatePolicyId; 66import sun.security.x509.DNSName; 67import sun.security.x509.EDIPartyName; 68import sun.security.x509.GeneralNames; 69import sun.security.x509.GeneralName; 70import sun.security.x509.GeneralNameInterface; 71import sun.security.x509.IPAddressName; 72import sun.security.x509.OIDName; 73import sun.security.x509.OtherName; 74import sun.security.x509.PolicyInformation; 75import sun.security.x509.PrivateKeyUsageExtension; 76import sun.security.x509.RFC822Name; 77import sun.security.x509.SubjectAlternativeNameExtension; 78import sun.security.x509.URIName; 79import sun.security.x509.X400Address; 80import sun.security.x509.X500Name; 81 82/** 83 * X509CertSelectorTest 84 */ 85public class X509CertSelectorTest extends TestCase { 86 87 byte[][] constraintBytes = new byte[][] { 88 { 89 48, 28, -96, 12, 48, 10, -127, 8, 56, 50, 50, 46, 78, 90 97, 109, 101, -95, 12, 48, 10, -127, 8, 56, 50, 50, 46, 78, 91 97, 109, 101}, 92 { 48, 36, -96, 16, 48, 14, -127, 12, 114, 102, 99, 64, 56, 50, 93 50, 46, 78, 97, 109, 101, -95, 16, 48, 14, -127, 12, 114, 94 102, 99, 64, 56, 50, 50, 46, 78, 97, 109, 101}, 95 { 48, 28, -96, 12, 48, 10, -126, 8, 78, 97, 109, 101, 46, 111, 96 114, 103, -95, 12, 48, 10, -126, 8, 78, 97, 109, 101, 46, 97 111, 114, 103}, 98 { 48, 36, -96, 16, 48, 14, -126, 12, 100, 78, 83, 46, 78, 97, 99 109, 101, 46, 111, 114, 103, -95, 16, 48, 14, -126, 12, 100, 100 78, 83, 46, 78, 97, 109, 101, 46, 111, 114, 103}, 101 { 48, 34, -96, 15, 48, 13, -122, 11, 82, 101, 115, 111, 117, 102 114, 99, 101, 46, 73, 100, -95, 15, 48, 13, -122, 11, 82, 103 101, 115, 111, 117, 114, 99, 101, 46, 73, 100}, 104 { 48, 50, -96, 23, 48, 21, -122, 19, 117, 110, 105, 102, 111, 105 114, 109, 46, 82, 101, 115, 111, 117, 114, 99, 101, 46, 73, 106 100, -95, 23, 48, 21, -122, 19, 117, 110, 105, 102, 111, 107 114, 109, 46, 82, 101, 115, 111, 117, 114, 99, 101, 46, 73, 108 100}, 109 { 48, 20, -96, 8, 48, 6, -121, 4, 1, 1, 1, 1, -95, 8, 48, 6, 110 -121, 4, 1, 1, 1, 1}, 111 { 48, 44, -96, 20, 48, 18, -121, 16, 1, 1, 1, 1, 1, 1, 1, 1, 112 1, 1, 1, 1, 1, 1, 1, 1, -95, 20, 48, 18, -121, 16, 1, 1, 1, 113 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, 114 }; 115 116 /** 117 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[]) 118 */ 119 public void test_addSubjectAlternativeNameLintLbyte_array() throws IOException { 120 // Regression for HARMONY-2487 121 int[] types = { GeneralNameInterface.NAME_ANY, 122 GeneralNameInterface.NAME_RFC822, 123 GeneralNameInterface.NAME_DNS, 124 GeneralNameInterface.NAME_X400, 125 GeneralNameInterface.NAME_DIRECTORY, 126 GeneralNameInterface.NAME_EDI, 127 GeneralNameInterface.NAME_URI, 128 GeneralNameInterface.NAME_IP, 129 GeneralNameInterface.NAME_OID }; 130 for (int i = 0; i < types.length; i++) { 131 try { 132 new X509CertSelector().addSubjectAlternativeName(types[i], 133 (byte[]) null); 134 fail("No expected NullPointerException for type: " + types[i]); 135 } catch (NullPointerException expected) { 136 } 137 } 138 } 139 140 /** 141 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String) 142 */ 143 public void test_addSubjectAlternativeNameLintLjava_lang_String() { 144 // Regression for HARMONY-727 145 int[] types = { GeneralNameInterface.NAME_ANY, 146 // The test was disabled in M: bd7a7c87692d3b5be341fbc5022eaa07611ae751 147 // and was reintroduced after the test was enabled after some 148 // time it wasn't run: 5ef40918006efad4c7194b505c3ad176928711a3 149 // Disabling again for N as it's failing and wasn't being run for M anyway 150 // GeneralNameInterface.NAME_RFC822, 151 GeneralNameInterface.NAME_DNS, 152 GeneralNameInterface.NAME_X400, 153 GeneralNameInterface.NAME_DIRECTORY, 154 GeneralNameInterface.NAME_EDI, 155 GeneralNameInterface.NAME_URI, 156 GeneralNameInterface.NAME_IP, 157 GeneralNameInterface.NAME_OID }; 158 for (int i = 0; i < types.length; i++) { 159 try { 160 new X509CertSelector().addSubjectAlternativeName(types[i], 161 "-0xDFRF"); 162 fail("IOException expected for type: " + types[i]); 163 } catch (IOException expected) { 164 } 165 } 166 } 167 168 /** 169 * java.security.cert.X509CertSelector#addPathToName(int, byte[]) 170 */ 171 public void test_addPathToNameLintLbyte_array() throws IOException { 172 // Regression for HARMONY-2487 173 int[] types = { GeneralNameInterface.NAME_ANY, 174 GeneralNameInterface.NAME_RFC822, 175 GeneralNameInterface.NAME_DNS, 176 GeneralNameInterface.NAME_X400, 177 GeneralNameInterface.NAME_DIRECTORY, 178 GeneralNameInterface.NAME_EDI, 179 GeneralNameInterface.NAME_URI, 180 GeneralNameInterface.NAME_IP, 181 GeneralNameInterface.NAME_OID }; 182 for (int i = 0; i < types.length; i++) { 183 try { 184 new X509CertSelector().addPathToName(types[i], (byte[]) null); 185 fail("No expected NullPointerException for type: " + types[i]); 186 } catch (NullPointerException expected) { 187 } 188 } 189 } 190 191 /** 192 * java.security.cert.X509CertSelector#addPathToName(int, String) 193 */ 194 public void test_addPathToNameLintLjava_lang_String() { 195 // Regression for HARMONY-724 196 for (int type = 0; type <= 8; type++) { 197 try { 198 new X509CertSelector().addPathToName(type, (String) null); 199 fail(); 200 } catch (IOException expected) { 201 } 202 } 203 204 205 } 206 207 /** 208 * java.security.cert.X509CertSelector#X509CertSelector() 209 */ 210 public void test_X509CertSelector() { 211 X509CertSelector selector = new X509CertSelector(); 212 assertEquals(-1, selector.getBasicConstraints()); 213 assertTrue(selector.getMatchAllSubjectAltNames()); 214 } 215 216 /** 217 * java.security.cert.X509CertSelector#clone() 218 */ 219 public void test_clone() throws Exception { 220 X509CertSelector selector = new X509CertSelector(); 221 X509CertSelector selector1 = (X509CertSelector) selector.clone(); 222 223 assertEquals(selector.getMatchAllSubjectAltNames(), selector1.getMatchAllSubjectAltNames()); 224 assertEquals(selector.getAuthorityKeyIdentifier(), selector1.getAuthorityKeyIdentifier()); 225 assertEquals(selector.getBasicConstraints(), selector1.getBasicConstraints()); 226 assertEquals(selector.getCertificate(), selector1.getCertificate()); 227 assertEquals(selector.getCertificateValid(), selector1.getCertificateValid()); 228 assertEquals(selector.getExtendedKeyUsage(), selector1.getExtendedKeyUsage()); 229 assertEquals(selector.getIssuer(), selector1.getIssuer()); 230 assertEquals(selector.getIssuerAsBytes(), selector1.getIssuerAsBytes()); 231 assertEquals(selector.getIssuerAsString(), selector1.getIssuerAsString()); 232 assertEquals(selector.getKeyUsage(), selector1.getKeyUsage()); 233 assertEquals(selector.getNameConstraints(), selector1.getNameConstraints()); 234 assertEquals(selector.getPathToNames(), selector1.getPathToNames()); 235 assertEquals(selector.getPolicy(), selector1.getPolicy()); 236 assertEquals(selector.getPrivateKeyValid(), selector1.getPrivateKeyValid()); 237 assertEquals(selector.getSerialNumber(), selector1.getSerialNumber()); 238 assertEquals(selector.getSubject(), selector1.getSubject()); 239 assertEquals(selector.getSubjectAlternativeNames(), selector1.getSubjectAlternativeNames()); 240 assertEquals(selector.getSubjectAsBytes(), selector1.getSubjectAsBytes()); 241 assertEquals(selector.getSubjectAsString(), selector1.getSubjectAsString()); 242 assertEquals(selector.getSubjectKeyIdentifier(), selector1.getSubjectKeyIdentifier()); 243 assertEquals(selector.getSubjectPublicKey(), selector1.getSubjectPublicKey()); 244 assertEquals(selector.getSubjectPublicKeyAlgID(), selector1.getSubjectPublicKeyAlgID()); 245 246 selector = null; 247 try { 248 selector.clone(); 249 fail(); 250 } catch (NullPointerException expected) { 251 } 252 } 253 254 /** 255 * java.security.cert.X509CertSelector#getAuthorityKeyIdentifier() 256 */ 257 public void test_getAuthorityKeyIdentifier() { 258 byte[] akid1 = new byte[] { 4, 5, 1, 2, 3, 4, 5 }; // random value 259 byte[] akid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value 260 X509CertSelector selector = new X509CertSelector(); 261 262 assertNull("Selector should return null", 263 selector.getAuthorityKeyIdentifier()); 264 assertFalse("The returned keyID should be equal to specified", 265 Arrays.equals(akid1, selector.getAuthorityKeyIdentifier())); 266 selector.setAuthorityKeyIdentifier(akid1); 267 assertTrue("The returned keyID should be equal to specified", 268 Arrays.equals(akid1, selector.getAuthorityKeyIdentifier())); 269 assertFalse("The returned keyID should differ", 270 Arrays.equals(akid2, selector.getAuthorityKeyIdentifier())); 271 } 272 273 /** 274 * java.security.cert.X509CertSelector#getBasicConstraints() 275 */ 276 public void test_getBasicConstraints() { 277 X509CertSelector selector = new X509CertSelector(); 278 int[] validValues = { 2, 1, 0, 1, 2, 3, 10, 20 }; 279 for (int i = 0; i < validValues.length; i++) { 280 selector.setBasicConstraints(validValues[i]); 281 assertEquals(validValues[i], selector.getBasicConstraints()); 282 } 283 } 284 285 /** 286 * java.security.cert.X509CertSelector#getCertificate() 287 */ 288 public void test_getCertificate() throws Exception { 289 X509CertSelector selector = new X509CertSelector(); 290 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 291 X509Certificate cert1 = (X509Certificate) 292 certFact.generateCertificate(new ByteArrayInputStream( 293 TestUtils.getX509Certificate_v3())); 294 295 X509Certificate cert2 = (X509Certificate) 296 certFact.generateCertificate(new ByteArrayInputStream( 297 TestUtils.getX509Certificate_v1())); 298 299 selector.setCertificate(cert1); 300 assertEquals(cert1, selector.getCertificate()); 301 302 selector.setCertificate(cert2); 303 assertEquals(cert2, selector.getCertificate()); 304 305 selector.setCertificate(null); 306 assertNull(selector.getCertificate()); 307 } 308 309 /** 310 * java.security.cert.X509CertSelector#getCertificateValid() 311 */ 312 public void test_getCertificateValid() { 313 Date date1 = new Date(100); 314 Date date2 = new Date(200); 315 Date date3 = Calendar.getInstance().getTime(); 316 X509CertSelector selector = new X509CertSelector(); 317 318 assertNull("Selector should return null", 319 selector.getCertificateValid()); 320 selector.setCertificateValid(date1); 321 assertTrue("The returned date should be equal to specified", 322 date1.equals(selector.getCertificateValid())); 323 selector.getCertificateValid().setTime(200); 324 assertTrue("The returned date should be equal to specified", 325 date1.equals(selector.getCertificateValid())); 326 assertFalse("The returned date should differ", 327 date2.equals(selector.getCertificateValid())); 328 selector.setCertificateValid(date3); 329 assertTrue("The returned date should be equal to specified", 330 date3.equals(selector.getCertificateValid())); 331 selector.setCertificateValid(null); 332 assertNull(selector.getCertificateValid()); 333 } 334 335 /** 336 * java.security.cert.X509CertSelector#getExtendedKeyUsage() 337 */ 338 public void test_getExtendedKeyUsage() throws Exception { 339 HashSet<String> ku = new HashSet<String>(Arrays.asList(new String[] { 340 "1.3.6.1.5.5.7.3.1", 341 "1.3.6.1.5.5.7.3.2", 342 "1.3.6.1.5.5.7.3.3", 343 "1.3.6.1.5.5.7.3.4", 344 "1.3.6.1.5.5.7.3.8", 345 "1.3.6.1.5.5.7.3.9", 346 "1.3.6.1.5.5.7.3.5", 347 "1.3.6.1.5.5.7.3.6", 348 "1.3.6.1.5.5.7.3.7" 349 })); 350 X509CertSelector selector = new X509CertSelector(); 351 352 assertNull("Selector should return null", selector.getExtendedKeyUsage()); 353 selector.setExtendedKeyUsage(ku); 354 assertTrue("The returned extendedKeyUsage should be equal to specified", 355 ku.equals(selector.getExtendedKeyUsage())); 356 try { 357 selector.getExtendedKeyUsage().add("KRIBLEGRABLI"); 358 fail("The returned Set should be immutable."); 359 } catch (UnsupportedOperationException expected) { 360 } 361 } 362 363 /** 364 * java.security.cert.X509CertSelector#getIssuer() 365 */ 366 public void test_getIssuer() { 367 X500Principal iss1 = new X500Principal("O=First Org."); 368 X500Principal iss2 = new X500Principal("O=Second Org."); 369 X509CertSelector selector = new X509CertSelector(); 370 371 assertNull("Selector should return null", selector.getIssuer()); 372 selector.setIssuer(iss1); 373 assertEquals("The returned issuer should be equal to specified", 374 iss1, selector.getIssuer()); 375 assertFalse("The returned issuer should differ", 376 iss2.equals(selector.getIssuer())); 377 } 378 379 /** 380 * java.security.cert.X509CertSelector#getIssuerAsBytes() 381 */ 382 public void test_getIssuerAsBytes() throws Exception { 383 byte[] name1 = new byte[] 384 // manually obtained DER encoding of "O=First Org." issuer name; 385 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 386 116, 32, 79, 114, 103, 46 }; 387 388 byte[] name2 = new byte[] 389 // manually obtained DER encoding of "O=Second Org." issuer name; 390 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 391 110, 100, 32, 79, 114, 103, 46 }; 392 X500Principal iss1 = new X500Principal(name1); 393 X500Principal iss2 = new X500Principal(name2); 394 X509CertSelector selector = new X509CertSelector(); 395 396 assertNull("Selector should return null", selector.getIssuerAsBytes()); 397 selector.setIssuer(iss1); 398 assertTrue("The returned issuer should be equal to specified", 399 Arrays.equals(name1, selector.getIssuerAsBytes())); 400 assertFalse("The returned issuer should differ", name2.equals(selector.getIssuerAsBytes())); 401 selector.setIssuer(iss2); 402 assertTrue("The returned issuer should be equal to specified", 403 Arrays.equals(name2, selector.getIssuerAsBytes())); 404 } 405 406 /** 407 * java.security.cert.X509CertSelector#getIssuerAsString() 408 */ 409 public void test_getIssuerAsString() { 410 String name1 = "O=First Org."; 411 String name2 = "O=Second Org."; 412 X500Principal iss1 = new X500Principal(name1); 413 X500Principal iss2 = new X500Principal(name2); 414 X509CertSelector selector = new X509CertSelector(); 415 416 assertNull("Selector should return null", selector.getIssuerAsString()); 417 selector.setIssuer(iss1); 418 assertEquals("The returned issuer should be equal to specified", name1, 419 selector.getIssuerAsString()); 420 assertFalse("The returned issuer should differ", 421 name2.equals(selector.getIssuerAsString())); 422 selector.setIssuer(iss2); 423 assertEquals("The returned issuer should be equal to specified", name2, 424 selector.getIssuerAsString()); 425 } 426 427 /** 428 * java.security.cert.X509CertSelector#getKeyUsage() 429 */ 430 public void test_getKeyUsage() { 431 boolean[] ku = new boolean[] { true, false, true, false, true, false, 432 true, false, true }; 433 X509CertSelector selector = new X509CertSelector(); 434 435 assertNull("Selector should return null", selector.getKeyUsage()); 436 selector.setKeyUsage(ku); 437 assertTrue("The returned date should be equal to specified", 438 Arrays.equals(ku, selector.getKeyUsage())); 439 boolean[] result = selector.getKeyUsage(); 440 result[0] = !result[0]; 441 assertTrue("The returned keyUsage should be equal to specified", 442 Arrays.equals(ku, selector.getKeyUsage())); 443 } 444 445 /** 446 * java.security.cert.X509CertSelector#getMatchAllSubjectAltNames() 447 */ 448 public void test_getMatchAllSubjectAltNames() { 449 X509CertSelector selector = new X509CertSelector(); 450 assertTrue("The matchAllNames initially should be true", 451 selector.getMatchAllSubjectAltNames()); 452 selector.setMatchAllSubjectAltNames(false); 453 assertFalse("The value should be false", 454 selector.getMatchAllSubjectAltNames()); 455 } 456 457 /** 458 * java.security.cert.X509CertSelector#getNameConstraints() 459 */ 460 public void test_getNameConstraints() throws IOException { 461 462// Used to generate following byte array 463// org.bouncycastle.asn1.x509.GeneralName[] name_constraints = 464// new org.bouncycastle.asn1.x509.GeneralName[] { 465// new org.bouncycastle.asn1.x509.GeneralName(1, "822.Name"), 466// new org.bouncycastle.asn1.x509.GeneralName(1, "rfc@822.Name"), 467// new org.bouncycastle.asn1.x509.GeneralName(2, "Name.org"), 468// new org.bouncycastle.asn1.x509.GeneralName(2, "dNS.Name.org"), 469// 470// new org.bouncycastle.asn1.x509.GeneralName(6, "Resource.Id"), 471// new org.bouncycastle.asn1.x509.GeneralName(6, 472// "uniform.Resource.Id"), 473// new org.bouncycastle.asn1.x509.GeneralName(7, "1.1.1.1"), 474// 475// new org.bouncycastle.asn1.x509.GeneralName(7, 476// new org.bouncycastle.asn1.DEROctetString(new byte[] { 477// 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 })), 478// }; 479// 480// constraintBytes = new byte[name_constraints.length][]; 481// 482// for (int i = 0; i < name_constraints.length; i++) { 483// org.bouncycastle.asn1.x509.GeneralSubtree subtree = 484// new org.bouncycastle.asn1.x509.GeneralSubtree( 485// name_constraints[i]); 486// org.bouncycastle.asn1.x509.GeneralSubtree[] subtrees = 487// new org.bouncycastle.asn1.x509.GeneralSubtree[1]; 488// subtrees[0] = subtree; 489// org.bouncycastle.asn1.x509.NameConstraints constraints = 490// new org.bouncycastle.asn1.x509.NameConstraints( 491// subtrees, subtrees); 492// constraintBytes[i] = constraints.getEncoded(); 493// } 494// System.out.println("XXX"+Arrays.deepToString(constraintBytes)+"XXX"); 495 X509CertSelector selector = new X509CertSelector(); 496 497 for (int i = 0; i < constraintBytes.length; i++) { 498 selector.setNameConstraints(constraintBytes[i]); 499 assertTrue(Arrays.equals(constraintBytes[i], 500 selector.getNameConstraints())); 501 } 502 } 503 504 /** 505 * java.security.cert.X509CertSelector#getPathToNames() 506 */ 507 public void test_getPathToNames() throws Exception { 508 GeneralName san0 = new GeneralName(new OtherName(new ObjectIdentifier("1.2.3.4.5"), 509 new byte[] { 1, 2, 0, 1 })); 510 GeneralName san1 = new GeneralName(new RFC822Name("rfc@822.Name")); 511 GeneralName san2 = new GeneralName(new DNSName("dNSName")); 512 513 // http://b/27197633 (Missing replacement for ORAddress) 514 // GeneralName san3 = new GeneralName(new X400Address((byte[])null)); 515 GeneralName san4 = new GeneralName(new X500Name("O=Organization")); 516 GeneralName san6 = new GeneralName(new URIName("http://uniform.Resource.Id")); 517 GeneralName san7 = new GeneralName(new IPAddressName("1.1.1.1")); 518 GeneralName san8 = new GeneralName(new OIDName("1.2.3.4444.55555")); 519 520 521 GeneralNames sans1 = new GeneralNames(); 522 sans1.add(san0); 523 sans1.add(san1); 524 sans1.add(san2); 525 526 // http://b/27197633 (Missing replacement for ORAddress) 527 // sans1.add(san3); 528 sans1.add(san4); 529 sans1.add(san6); 530 sans1.add(san7); 531 sans1.add(san8); 532 GeneralNames sans2 = new GeneralNames(); 533 sans2.add(san0); 534 535 TestCert cert1 = new TestCert(sans1); 536 TestCert cert2 = new TestCert(sans2); 537 X509CertSelector selector = new X509CertSelector(); 538 selector.setMatchAllSubjectAltNames(true); 539 540 selector.setPathToNames(null); 541 assertTrue("Any certificate should match in the case of null " 542 + "subjectAlternativeNames criteria.", 543 selector.match(cert1) && selector.match(cert2)); 544 545 Collection<List<?>> sans = getGeneralNamePairList(sans1); 546 547 selector.setPathToNames(sans); 548 selector.getPathToNames(); 549 } 550 551 /** 552 * java.security.cert.X509CertSelector#getPolicy() 553 */ 554 public void test_getPolicy() throws IOException { 555 String[] policies1 = new String[] { 556 "1.3.6.1.5.5.7.3.1", 557 "1.3.6.1.5.5.7.3.2", 558 "1.3.6.1.5.5.7.3.3", 559 "1.3.6.1.5.5.7.3.4", 560 "1.3.6.1.5.5.7.3.8", 561 "1.3.6.1.5.5.7.3.9", 562 "1.3.6.1.5.5.7.3.5", 563 "1.3.6.1.5.5.7.3.6", 564 "1.3.6.1.5.5.7.3.7" 565 }; 566 567 String[] policies2 = new String[] { "1.3.6.7.3.1" }; 568 569 HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1)); 570 HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2)); 571 572 X509CertSelector selector = new X509CertSelector(); 573 574 selector.setPolicy(null); 575 assertNull(selector.getPolicy()); 576 577 selector.setPolicy(p1); 578 assertEquals("The returned date should be equal to specified", p1, selector.getPolicy()); 579 580 selector.setPolicy(p2); 581 assertEquals("The returned date should be equal to specified", p2, selector.getPolicy()); 582 } 583 584 /** 585 * java.security.cert.X509CertSelector#getPrivateKeyValid() 586 */ 587 public void test_getPrivateKeyValid() { 588 Date date1 = new Date(100); 589 Date date2 = new Date(200); 590 X509CertSelector selector = new X509CertSelector(); 591 592 assertNull("Selector should return null", selector.getPrivateKeyValid()); 593 selector.setPrivateKeyValid(date1); 594 assertTrue("The returned date should be equal to specified", 595 date1.equals(selector.getPrivateKeyValid())); 596 selector.getPrivateKeyValid().setTime(200); 597 assertTrue("The returned date should be equal to specified", 598 date1.equals(selector.getPrivateKeyValid())); 599 assertFalse("The returned date should differ", 600 date2.equals(selector.getPrivateKeyValid())); 601 } 602 603 /** 604 * java.security.cert.X509CertSelector#getSerialNumber() 605 */ 606 public void test_getSerialNumber() { 607 BigInteger ser1 = new BigInteger("10000"); 608 BigInteger ser2 = new BigInteger("10001"); 609 X509CertSelector selector = new X509CertSelector(); 610 611 assertNull("Selector should return null", selector.getSerialNumber()); 612 selector.setSerialNumber(ser1); 613 assertEquals("The returned serial number should be equal to specified", 614 ser1, selector.getSerialNumber()); 615 assertFalse("The returned serial number should differ", 616 ser2.equals(selector.getSerialNumber())); 617 } 618 619 /** 620 * java.security.cert.X509CertSelector#getSubject() 621 */ 622 public void test_getSubject() { 623 X500Principal sub1 = new X500Principal("O=First Org."); 624 X500Principal sub2 = new X500Principal("O=Second Org."); 625 X509CertSelector selector = new X509CertSelector(); 626 627 assertNull("Selector should return null", selector.getSubject()); 628 selector.setSubject(sub1); 629 assertEquals("The returned subject should be equal to specified", sub1, 630 selector.getSubject()); 631 assertFalse("The returned subject should differ", 632 sub2.equals(selector.getSubject())); 633 } 634 635 /** 636 * java.security.cert.X509CertSelector#getSubjectAlternativeNames() 637 */ 638 public void test_getSubjectAlternativeNames() throws Exception { 639 GeneralName san1 = new GeneralName(new RFC822Name("rfc@822.Name")); 640 GeneralName san2 = new GeneralName(new DNSName("dNSName")); 641 642 GeneralNames sans = new GeneralNames(); 643 sans.add(san1); 644 sans.add(san2); 645 646 TestCert cert_1 = new TestCert(sans); 647 X509CertSelector selector = new X509CertSelector(); 648 649 assertNull("Selector should return null", 650 selector.getSubjectAlternativeNames()); 651 652 selector.setSubjectAlternativeNames(getGeneralNamePairList(sans)); 653 assertTrue("The certificate should match the selection criteria.", 654 selector.match(cert_1)); 655 selector.getSubjectAlternativeNames().clear(); 656 assertTrue("The modification of initialization object " 657 + "should not affect the modification " 658 + "of internal object.", 659 selector.match(cert_1)); 660 } 661 662 /** 663 * java.security.cert.X509CertSelector#getSubjectAsBytes() 664 */ 665 public void test_getSubjectAsBytes() throws Exception { 666 byte[] name1 = new byte[] 667 // manually obtained DER encoding of "O=First Org." issuer name; 668 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 669 116, 32, 79, 114, 103, 46 }; 670 byte[] name2 = new byte[] 671 // manually obtained DER encoding of "O=Second Org." issuer name; 672 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 673 110, 100, 32, 79, 114, 103, 46 }; 674 675 X500Principal sub1 = new X500Principal(name1); 676 X500Principal sub2 = new X500Principal(name2); 677 X509CertSelector selector = new X509CertSelector(); 678 679 assertNull("Selector should return null", 680 selector.getSubjectAsBytes()); 681 selector.setSubject(sub1); 682 assertTrue("The returned issuer should be equal to specified", 683 Arrays.equals(name1, selector.getSubjectAsBytes())); 684 assertFalse("The returned issuer should differ", 685 name2.equals(selector.getSubjectAsBytes())); 686 selector.setSubject(sub2); 687 assertTrue("The returned issuer should be equal to specified", 688 Arrays.equals(name2, selector.getSubjectAsBytes())); 689 } 690 691 /** 692 * java.security.cert.X509CertSelector#getSubjectAsString() 693 */ 694 public void test_getSubjectAsString() { 695 String name1 = "O=First Org."; 696 String name2 = "O=Second Org."; 697 X500Principal sub1 = new X500Principal(name1); 698 X500Principal sub2 = new X500Principal(name2); 699 X509CertSelector selector = new X509CertSelector(); 700 701 assertNull("Selector should return null", selector.getSubjectAsString()); 702 selector.setSubject(sub1); 703 assertEquals("The returned subject should be equal to specified", 704 name1, selector.getSubjectAsString()); 705 assertFalse("The returned subject should differ", 706 name2.equals(selector.getSubjectAsString())); 707 selector.setSubject(sub2); 708 assertEquals("The returned subject should be equal to specified", 709 name2, selector.getSubjectAsString()); 710 } 711 712 /** 713 * java.security.cert.X509CertSelector#getSubjectKeyIdentifier() 714 */ 715 public void test_getSubjectKeyIdentifier() { 716 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 717 byte[] skid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value 718 X509CertSelector selector = new X509CertSelector(); 719 720 assertNull("Selector should return null", selector.getSubjectKeyIdentifier()); 721 selector.setSubjectKeyIdentifier(skid1); 722 assertTrue("The returned keyID should be equal to specified", 723 Arrays.equals(skid1, selector.getSubjectKeyIdentifier())); 724 selector.getSubjectKeyIdentifier()[0]++; 725 assertTrue("The returned keyID should be equal to specified", 726 Arrays.equals(skid1, selector.getSubjectKeyIdentifier())); 727 assertFalse("The returned keyID should differ", 728 Arrays.equals(skid2, selector.getSubjectKeyIdentifier())); 729 } 730 731 /** 732 * java.security.cert.X509CertSelector#getSubjectPublicKey() 733 */ 734 public void test_getSubjectPublicKey() throws Exception { 735 736 // SubjectPublicKeyInfo ::= SEQUENCE { 737 // algorithm AlgorithmIdentifier, 738 // subjectPublicKey BIT STRING } 739 byte[] enc = { 0x30, 0x0E, // SEQUENCE 740 0x30, 0x07, // SEQUENCE 741 0x06, 0x02, 0x03, 0x05,// OID 742 0x01, 0x01, 0x07, // ANY 743 0x03, 0x03, 0x01, 0x01, 0x06, // subjectPublicKey 744 }; 745 746 X509CertSelector selector = new X509CertSelector(); 747 748 selector.setSubjectPublicKey(enc); 749 PublicKey key = selector.getSubjectPublicKey(); 750 assertEquals("0.3.5", key.getAlgorithm()); 751 assertEquals("X.509", key.getFormat()); 752 assertTrue(Arrays.equals(enc, key.getEncoded())); 753 assertNotNull(key.toString()); 754 755 key = new MyPublicKey(); 756 757 selector.setSubjectPublicKey(key); 758 PublicKey keyActual = selector.getSubjectPublicKey(); 759 assertEquals(key, keyActual); 760 assertEquals(key.getAlgorithm(), keyActual.getAlgorithm()); 761 } 762 763 /** 764 * java.security.cert.X509CertSelector#getSubjectPublicKeyAlgID() 765 */ 766 public void test_getSubjectPublicKeyAlgID() throws Exception { 767 768 X509CertSelector selector = new X509CertSelector(); 769 String[] validOIDs = { "0.0.20", "1.25.0", "2.0.39", "0.2.10", "1.35.15", "2.17.89" }; 770 771 assertNull("Selector should return null", selector.getSubjectPublicKeyAlgID()); 772 773 for (int i = 0; i < validOIDs.length; i++) { 774 try { 775 selector.setSubjectPublicKeyAlgID(validOIDs[i]); 776 assertEquals(validOIDs[i], selector.getSubjectPublicKeyAlgID()); 777 } catch (IOException e) { 778 System.out.println("t = " + e.getMessage()); 779 //fail("Unexpected exception " + e.getMessage()); 780 } 781 } 782 783 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA encryption 784 String pkaid2 = "1.2.840.113549.1.1.4"; // MD5 with RSA encryption 785 786 selector.setSubjectPublicKeyAlgID(pkaid1); 787 assertTrue("The returned oid should be equal to specified", 788 pkaid1.equals(selector.getSubjectPublicKeyAlgID())); 789 assertFalse("The returned oid should differ", 790 pkaid2.equals(selector.getSubjectPublicKeyAlgID())); 791 } 792 793 /** 794 * java.security.cert.X509CertSelector#match(java.security.cert.Certificate) 795 */ 796 public void test_matchLjava_security_cert_Certificate() throws Exception { 797 X509CertSelector selector = new X509CertSelector(); 798 assertFalse(selector.match(null)); 799 800 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 801 X509Certificate cert1 = (X509Certificate) 802 certFact.generateCertificate(new ByteArrayInputStream( 803 TestUtils.getX509Certificate_v3())); 804 805 X509Certificate cert2 = (X509Certificate) 806 certFact.generateCertificate(new ByteArrayInputStream( 807 TestUtils.getX509Certificate_v1())); 808 809 selector.setCertificate(cert1); 810 assertTrue(selector.match(cert1)); 811 assertFalse(selector.match(cert2)); 812 813 selector.setCertificate(cert2); 814 assertFalse(selector.match(cert1)); 815 assertTrue(selector.match(cert2)); 816 } 817 818 /** 819 * java.security.cert.X509CertSelector#setAuthorityKeyIdentifier(byte[]) 820 */ 821 public void test_setAuthorityKeyIdentifierLB$() throws Exception { 822 X509CertSelector selector = new X509CertSelector(); 823 824 byte[] akid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 825 byte[] akid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value 826 TestCert cert1 = new TestCert(akid1); 827 TestCert cert2 = new TestCert(akid2); 828 829 selector.setAuthorityKeyIdentifier(null); 830 assertTrue("The certificate should match the selection criteria.", 831 selector.match(cert1)); 832 assertTrue("The certificate should match the selection criteria.", 833 selector.match(cert2)); 834 assertNull(selector.getAuthorityKeyIdentifier()); 835 836 selector.setAuthorityKeyIdentifier(akid1); 837 assertTrue("The certificate should not match the selection criteria.", 838 selector.match(cert1)); 839 assertFalse("The certificate should not match the selection criteria.", 840 selector.match(cert2)); 841 selector.setAuthorityKeyIdentifier(akid2); 842 assertFalse("The certificate should not match the selection criteria.", 843 selector.match(cert1)); 844 assertTrue("The certificate should not match the selection criteria.", 845 selector.match(cert2)); 846 847 akid2[0]++; 848 assertTrue("The certificate should match the selection criteria.", 849 selector.match(cert2)); 850 } 851 852 /** 853 * java.security.cert.X509CertSelector#setBasicConstraints(int) 854 */ 855 public void test_setBasicConstraintsLint() { 856 X509CertSelector selector = new X509CertSelector(); 857 int[] invalidValues = { -3, -4, -5, 1000000000 }; 858 for (int i = 0; i < invalidValues.length; i++) { 859 try { 860 selector.setBasicConstraints(-3); 861 } catch (IllegalArgumentException expected) { 862 } 863 } 864 865 int[] validValues = { -2, -1, 0, 1, 2, 3, 10, 20 }; 866 for (int i = 0; i < validValues.length; i++) { 867 selector.setBasicConstraints(validValues[i]); 868 assertEquals(validValues[i], selector.getBasicConstraints()); 869 } 870 } 871 872 /** 873 * java.security.cert.X509CertSelector#setCertificate(java.security.cert.Certificate) 874 */ 875 public void test_setCertificateLjava_security_cert_X509Certificate() 876 throws Exception { 877 878 TestCert cert1 = new TestCert("same certificate"); 879 TestCert cert2 = new TestCert("other certificate"); 880 X509CertSelector selector = new X509CertSelector(); 881 882 selector.setCertificate(null); 883 assertTrue("Any certificates should match in the case of null " 884 + "certificateEquals criteria.", 885 selector.match(cert1) && selector.match(cert2)); 886 selector.setCertificate(cert1); 887 assertTrue("The certificate should match the selection criteria.", 888 selector.match(cert1)); 889 assertFalse("The certificate should not match the selection criteria.", 890 selector.match(cert2)); 891 selector.setCertificate(cert2); 892 assertTrue("The certificate should match the selection criteria.", 893 selector.match(cert2)); 894 selector.setCertificate(null); 895 assertNull(selector.getCertificate()); 896 } 897 898 /** 899 * java.security.cert.X509CertSelector#setCertificateValid(java.util.Date) 900 */ 901 public void test_setCertificateValidLjava_util_Date() 902 throws Exception { 903 X509CertSelector selector = new X509CertSelector(); 904 905 Date date1 = new Date(100); 906 Date date2 = new Date(200); 907 TestCert cert1 = new TestCert(date1); 908 TestCert cert2 = new TestCert(date2); 909 910 selector.setCertificateValid(null); 911 assertNull(selector.getCertificateValid()); 912 selector.setCertificateValid(date1); 913 assertTrue("The certificate should match the selection criteria.", 914 selector.match(cert1)); 915 assertFalse("The certificate should not match the selection criteria.", 916 selector.match(cert2)); 917 selector.setCertificateValid(date2); 918 date2.setTime(300); 919 assertTrue("The certificate should match the selection criteria.", 920 selector.match(cert2)); 921 } 922 923 /** 924 * java.security.cert.X509CertSelector#setExtendedKeyUsage(Set<String>) 925 */ 926 public void test_setExtendedKeyUsageLjava_util_Set() throws Exception { 927 HashSet<String> ku1 = new HashSet<String>(Arrays.asList(new String[] { 928 "1.3.6.1.5.5.7.3.1", 929 "1.3.6.1.5.5.7.3.2", 930 "1.3.6.1.5.5.7.3.3", 931 "1.3.6.1.5.5.7.3.4", 932 "1.3.6.1.5.5.7.3.8", 933 "1.3.6.1.5.5.7.3.9", 934 "1.3.6.1.5.5.7.3.5", 935 "1.3.6.1.5.5.7.3.6", 936 "1.3.6.1.5.5.7.3.7" 937 })); 938 HashSet<String> ku2 = new HashSet<String>(Arrays.asList(new String[] { 939 "1.3.6.1.5.5.7.3.1", 940 "1.3.6.1.5.5.7.3.2", 941 "1.3.6.1.5.5.7.3.3", 942 "1.3.6.1.5.5.7.3.4", 943 "1.3.6.1.5.5.7.3.8", 944 "1.3.6.1.5.5.7.3.9", 945 "1.3.6.1.5.5.7.3.5", 946 "1.3.6.1.5.5.7.3.6" 947 })); 948 TestCert cert1 = new TestCert(ku1); 949 TestCert cert2 = new TestCert(ku2); 950 951 X509CertSelector selector = new X509CertSelector(); 952 953 selector.setExtendedKeyUsage(null); 954 assertTrue("Any certificate should match in the case of null " 955 + "extendedKeyUsage criteria.", 956 selector.match(cert1)&& selector.match(cert2)); 957 selector.setExtendedKeyUsage(ku1); 958 assertEquals(ku1, selector.getExtendedKeyUsage()); 959 960 selector.setExtendedKeyUsage(ku2); 961 assertEquals(ku2, selector.getExtendedKeyUsage()); 962 } 963 964 /** 965 * java.security.cert.X509CertSelector#setIssuer(byte[]) 966 */ 967 public void test_setIssuerLB$() throws Exception { 968 byte[] name1 = new byte[] 969 // manually obtained DER encoding of "O=First Org." issuer name; 970 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 971 116, 32, 79, 114, 103, 46 }; 972 byte[] name2 = new byte[] 973 // manually obtained DER encoding of "O=Second Org." issuer name; 974 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 975 110, 100, 32, 79, 114, 103, 46 }; 976 X500Principal iss1 = new X500Principal(name1); 977 X500Principal iss2 = new X500Principal(name2); 978 TestCert cert1 = new TestCert(iss1); 979 TestCert cert2 = new TestCert(iss2); 980 981 X509CertSelector selector = new X509CertSelector(); 982 983 selector.setIssuer((byte[]) null); 984 assertTrue("Any certificates should match " 985 + "in the case of null issuer criteria.", selector.match(cert1) 986 && selector.match(cert2)); 987 selector.setIssuer(name1); 988 assertTrue("The certificate should match the selection criteria.", 989 selector.match(cert1)); 990 assertFalse("The certificate should not match the selection criteria.", 991 selector.match(cert2)); 992 selector.setIssuer(name2); 993 assertTrue("The certificate should match the selection criteria.", 994 selector.match(cert2)); 995 } 996 997 /** 998 * java.security.cert.X509CertSelector#setIssuer(java.lang.String) 999 */ 1000 public void test_setIssuerLjava_lang_String() throws Exception { 1001 1002 String name1 = "O=First Org."; 1003 String name2 = "O=Second Org."; 1004 X500Principal iss1 = new X500Principal(name1); 1005 X500Principal iss2 = new X500Principal(name2); 1006 TestCert cert1 = new TestCert(iss1); 1007 TestCert cert2 = new TestCert(iss2); 1008 1009 X509CertSelector selector = new X509CertSelector(); 1010 1011 selector.setIssuer((String) null); 1012 assertTrue("Any certificates should match " 1013 + "in the case of null issuer criteria.", 1014 selector.match(cert1) && selector.match(cert2)); 1015 selector.setIssuer(name1); 1016 assertTrue("The certificate should match the selection criteria.", 1017 selector.match(cert1)); 1018 assertFalse("The certificate should not match the selection criteria.", 1019 selector.match(cert2)); 1020 selector.setIssuer(name2); 1021 assertTrue("The certificate should match the selection criteria.", 1022 selector.match(cert2)); 1023 } 1024 1025 /** 1026 * java.security.cert.X509CertSelector#setIssuer(javax.security.auth.x500.X500Principal) 1027 */ 1028 public void test_setIssuerLjavax_security_auth_x500_X500Principal() 1029 throws Exception { 1030 X500Principal iss1 = new X500Principal("O=First Org."); 1031 X500Principal iss2 = new X500Principal("O=Second Org."); 1032 TestCert cert1 = new TestCert(iss1); 1033 TestCert cert2 = new TestCert(iss2); 1034 X509CertSelector selector = new X509CertSelector(); 1035 1036 selector.setIssuer((X500Principal) null); 1037 assertTrue("Any certificates should match " 1038 + "in the case of null issuer criteria.", 1039 selector.match(cert1) && selector.match(cert2)); 1040 selector.setIssuer(iss1); 1041 assertTrue("The certificate should match the selection criteria.", 1042 selector.match(cert1)); 1043 assertFalse("The certificate should not match the selection criteria.", 1044 selector.match(cert2)); 1045 selector.setIssuer(iss2); 1046 assertTrue("The certificate should match the selection criteria.", 1047 selector.match(cert2)); 1048 } 1049 1050 /** 1051 * java.security.cert.X509CertSelector#setKeyUsage(boolean) 1052 */ 1053 public void test_setKeyUsageZ() throws Exception { 1054 boolean[] ku1 = new boolean[] { true, true, true, true, true, true, 1055 true, true, true }; 1056 // decipherOnly is disallowed 1057 boolean[] ku2 = new boolean[] { true, true, true, true, true, true, 1058 true, true, false }; 1059 TestCert cert1 = new TestCert(ku1); 1060 TestCert cert2 = new TestCert(ku2); 1061 TestCert cert3 = new TestCert((boolean[]) null); 1062 1063 X509CertSelector selector = new X509CertSelector(); 1064 1065 selector.setKeyUsage(null); 1066 assertTrue("Any certificate should match in the case of null keyUsage criteria.", 1067 selector.match(cert1) && selector.match(cert2)); 1068 selector.setKeyUsage(ku1); 1069 assertTrue("The certificate should match the selection criteria.", 1070 selector.match(cert1)); 1071 assertFalse("The certificate should not match the selection criteria.", 1072 selector.match(cert2)); 1073 assertTrue("The certificate which does not have a keyUsage extension " 1074 + "implicitly allows all keyUsage values.", 1075 selector.match(cert3)); 1076 selector.setKeyUsage(ku2); 1077 ku2[0] = !ku2[0]; 1078 assertTrue("The certificate should match the selection criteria.", 1079 selector.match(cert2)); 1080 } 1081 1082 /** 1083 * java.security.cert.X509CertSelector#setMatchAllSubjectAltNames(boolean) 1084 */ 1085 public void test_setMatchAllSubjectAltNamesZ() { 1086 TestCert cert = new TestCert(); 1087 X509CertSelector selector = new X509CertSelector(); 1088 1089 assertTrue(selector.match(cert)); 1090 1091 assertFalse(selector.match(null)); 1092 } 1093 1094 /** 1095 * java.security.cert.X509CertSelector#setNameConstraints(byte[] 1096 * bytes) 1097 */ 1098 public void test_setNameConstraintsLB$() throws IOException { 1099 // Used to generate following byte array 1100// org.bouncycastle.asn1.x509.GeneralName[] name_constraints = 1101// new org.bouncycastle.asn1.x509.GeneralName[] { 1102// new org.bouncycastle.asn1.x509.GeneralName(1, "822.Name"), 1103// new org.bouncycastle.asn1.x509.GeneralName(1, "rfc@822.Name"), 1104// new org.bouncycastle.asn1.x509.GeneralName(2, "Name.org"), 1105// new org.bouncycastle.asn1.x509.GeneralName(2, "dNS.Name.org"), 1106// 1107// new org.bouncycastle.asn1.x509.GeneralName(6, "Resource.Id"), 1108// new org.bouncycastle.asn1.x509.GeneralName(6, 1109// "uniform.Resource.Id"), 1110// new org.bouncycastle.asn1.x509.GeneralName(7, "1.1.1.1"), 1111// 1112// new org.bouncycastle.asn1.x509.GeneralName(7, 1113// new org.bouncycastle.asn1.DEROctetString(new byte[] { 1114// 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 })), 1115// }; 1116// 1117// constraintBytes = new byte[name_constraints.length][]; 1118// 1119// for (int i = 0; i < name_constraints.length; i++) { 1120// org.bouncycastle.asn1.x509.GeneralSubtree subtree = 1121// new org.bouncycastle.asn1.x509.GeneralSubtree( 1122// name_constraints[i]); 1123// org.bouncycastle.asn1.x509.GeneralSubtree[] subtrees = 1124// new org.bouncycastle.asn1.x509.GeneralSubtree[1]; 1125// subtrees[0] = subtree; 1126// org.bouncycastle.asn1.x509.NameConstraints constraints = 1127// new org.bouncycastle.asn1.x509.NameConstraints( 1128// subtrees, subtrees); 1129// constraintBytes[i] = constraints.getEncoded(); 1130// } 1131// System.out.println("XXX"+Arrays.deepToString(constraintBytes)+"XXX"); 1132 X509CertSelector selector = new X509CertSelector(); 1133 1134 for (int i = 0; i < constraintBytes.length; i++) { 1135 selector.setNameConstraints(constraintBytes[i]); 1136 assertTrue(Arrays.equals(constraintBytes[i], selector.getNameConstraints())); 1137 } 1138 } 1139 1140 /** 1141 * java.security.cert.X509CertSelector#setPathToNames(Collection<List<?>>) 1142 */ 1143 public void test_setPathToNamesLjava_util_Collection() throws Exception { 1144 GeneralName san0 = new GeneralName(new OtherName(new ObjectIdentifier("1.2.3.4.5"), 1145 new byte[] { 1, 2, 0, 1 })); 1146 GeneralName san1 = new GeneralName(new RFC822Name("rfc@822.Name")); 1147 GeneralName san2 = new GeneralName(new DNSName("dNSName")); 1148 1149 // http://b/27197633 (Missing replacement for ORAddress) 1150 // GeneralName san3 = new GeneralName(new X400Address(new byte[8])); 1151 GeneralName san4 = new GeneralName(new X500Name("O=Organization")); 1152 GeneralName san6 = new GeneralName(new URIName("http://uniform.Resource.Id")); 1153 GeneralName san7 = new GeneralName(new IPAddressName("1.1.1.1")); 1154 GeneralName san8 = new GeneralName(new OIDName("1.2.3.4444.55555")); 1155 1156 GeneralNames sans1 = new GeneralNames(); 1157 sans1.add(san0); 1158 sans1.add(san1); 1159 sans1.add(san2); 1160 1161 // http://b/27197633 (Missing replacement for ORAddress) 1162 // sans1.add(san3); 1163 sans1.add(san4); 1164 sans1.add(san6); 1165 sans1.add(san7); 1166 sans1.add(san8); 1167 GeneralNames sans2 = new GeneralNames(); 1168 sans2.add(san0); 1169 1170 TestCert cert1 = new TestCert(sans1); 1171 TestCert cert2 = new TestCert(sans2); 1172 X509CertSelector selector = new X509CertSelector(); 1173 selector.setMatchAllSubjectAltNames(true); 1174 1175 selector.setPathToNames(null); 1176 assertTrue("Any certificate should match in the case of null " 1177 + "subjectAlternativeNames criteria.", 1178 selector.match(cert1) && selector.match(cert2)); 1179 1180 Collection<List<?>> sans = getGeneralNamePairList(sans1); 1181 1182 selector.setPathToNames(sans); 1183 selector.getPathToNames(); 1184 } 1185 1186 /** 1187 * java.security.cert.X509CertSelector#setPolicy(Set<String>) 1188 */ 1189 public void test_setPolicyLjava_util_Set() throws IOException { 1190 String[] policies1 = new String[] { 1191 "1.3.6.1.5.5.7.3.1", 1192 "1.3.6.1.5.5.7.3.2", 1193 "1.3.6.1.5.5.7.3.3", 1194 "1.3.6.1.5.5.7.3.4", 1195 "1.3.6.1.5.5.7.3.8", 1196 "1.3.6.1.5.5.7.3.9", 1197 "1.3.6.1.5.5.7.3.5", 1198 "1.3.6.1.5.5.7.3.6", 1199 "1.3.6.1.5.5.7.3.7" 1200 }; 1201 1202 String[] policies2 = new String[] { "1.3.6.7.3.1" }; 1203 1204 HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1)); 1205 HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2)); 1206 1207 X509CertSelector selector = new X509CertSelector(); 1208 1209 TestCert cert1 = new TestCert(policies1); 1210 TestCert cert2 = new TestCert(policies2); 1211 1212 selector.setPolicy(null); 1213 assertTrue("Any certificate should match in the case of null " 1214 + "privateKeyValid criteria.", 1215 selector.match(cert1) && selector.match(cert2)); 1216 1217 selector.setPolicy(p1); 1218 assertTrue("The certificate should match the selection criteria.", 1219 selector.match(cert1)); 1220 assertFalse("The certificate should not match the selection criteria.", 1221 selector.match(cert2)); 1222 1223 selector.setPolicy(p2); 1224 assertFalse("The certificate should not match the selection criteria.", 1225 selector.match(cert1)); 1226 assertTrue("The certificate should match the selection criteria.", 1227 selector.match(cert2)); 1228 } 1229 1230 /** 1231 * java.security.cert.X509CertSelector#setPrivateKeyValid(java.util.Date) 1232 */ 1233 public void test_setPrivateKeyValidLjava_util_Date() 1234 throws Exception { 1235 Date date1 = new Date(100000000); 1236 Date date2 = new Date(200000000); 1237 Date date3 = new Date(300000000); 1238 Date date4 = new Date(150000000); 1239 Date date5 = new Date(250000000); 1240 TestCert cert1 = new TestCert(date1, date2); 1241 TestCert cert2 = new TestCert(date2, date3); 1242 1243 X509CertSelector selector = new X509CertSelector(); 1244 1245 selector.setPrivateKeyValid(null); 1246 assertTrue("Any certificate should match in the case of null " 1247 + "privateKeyValid criteria.", 1248 selector.match(cert1) && selector.match(cert2)); 1249 selector.setPrivateKeyValid(date4); 1250 assertTrue("The certificate should match the selection criteria.", 1251 selector.match(cert1)); 1252 assertFalse("The certificate should not match the selection criteria.", 1253 selector.match(cert2)); 1254 selector.setPrivateKeyValid(date5); 1255 date5.setTime(date4.getTime()); 1256 assertTrue("The certificate should match the selection criteria.", 1257 selector.match(cert2)); 1258 } 1259 1260 /** 1261 * java.security.cert.X509CertSelector#setSerialNumber(java.math.BigInteger) 1262 */ 1263 public void test_setSerialNumberLjava_math_BigInteger() 1264 throws Exception { 1265 BigInteger ser1 = new BigInteger("10000"); 1266 BigInteger ser2 = new BigInteger("10001"); 1267 TestCert cert1 = new TestCert(ser1); 1268 TestCert cert2 = new TestCert(ser2); 1269 X509CertSelector selector = new X509CertSelector(); 1270 1271 selector.setSerialNumber(null); 1272 assertTrue("Any certificate should match in the case of null " 1273 + "serialNumber criteria.", 1274 selector.match(cert1) && selector.match(cert2)); 1275 selector.setSerialNumber(ser1); 1276 assertTrue("The certificate should match the selection criteria.", 1277 selector.match(cert1)); 1278 assertFalse("The certificate should not match the selection criteria.", 1279 selector.match(cert2)); 1280 selector.setSerialNumber(ser2); 1281 assertTrue("The certificate should match the selection criteria.", 1282 selector.match(cert2)); 1283 } 1284 1285 /** 1286 * java.security.cert.X509CertSelector#setSubject(byte[]) 1287 */ 1288 public void test_setSubjectLB$() throws Exception { 1289 byte[] name1 = new byte[] 1290 // manually obtained DER encoding of "O=First Org." issuer name; 1291 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 1292 116, 32, 79, 114, 103, 46 }; 1293 byte[] name2 = new byte[] 1294 // manually obtained DER encoding of "O=Second Org." issuer name; 1295 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 1296 110, 100, 32, 79, 114, 103, 46 }; 1297 X500Principal sub1 = new X500Principal(name1); 1298 X500Principal sub2 = new X500Principal(name2); 1299 TestCert cert1 = new TestCert(sub1); 1300 TestCert cert2 = new TestCert(sub2); 1301 1302 X509CertSelector selector = new X509CertSelector(); 1303 1304 selector.setSubject((byte[]) null); 1305 assertTrue("Any certificates should match " 1306 + "in the case of null issuer criteria.", 1307 selector.match(cert1) && selector.match(cert2)); 1308 selector.setSubject(name1); 1309 assertTrue("The certificate should match the selection criteria.", 1310 selector.match(cert1)); 1311 assertFalse("The certificate should not match the selection criteria.", 1312 selector.match(cert2)); 1313 selector.setSubject(name2); 1314 assertTrue("The certificate should match the selection criteria.", 1315 selector.match(cert2)); 1316 } 1317 1318 /** 1319 * java.security.cert.X509CertSelector#setSubject(java.lang.String) 1320 */ 1321 public void test_setSubjectLjava_lang_String() throws Exception { 1322 String name1 = "O=First Org."; 1323 String name2 = "O=Second Org."; 1324 X500Principal sub1 = new X500Principal(name1); 1325 X500Principal sub2 = new X500Principal(name2); 1326 TestCert cert1 = new TestCert(sub1); 1327 TestCert cert2 = new TestCert(sub2); 1328 X509CertSelector selector = new X509CertSelector(); 1329 1330 selector.setSubject((String) null); 1331 assertTrue("Any certificates should match " 1332 + "in the case of null subject criteria.", 1333 selector.match(cert1) && selector.match(cert2)); 1334 selector.setSubject(name1); 1335 assertTrue("The certificate should match the selection criteria.", 1336 selector.match(cert1)); 1337 assertFalse("The certificate should not match the selection criteria.", 1338 selector.match(cert2)); 1339 selector.setSubject(name2); 1340 assertTrue("The certificate should match the selection criteria.", 1341 selector.match(cert2)); 1342 } 1343 1344 /** 1345 * java.security.cert.X509CertSelector#setSubject(javax.security.auth.x500.X500Principal) 1346 */ 1347 public void test_setSubjectLjavax_security_auth_x500_X500Principal() 1348 throws Exception { 1349 X500Principal sub1 = new X500Principal("O=First Org."); 1350 X500Principal sub2 = new X500Principal("O=Second Org."); 1351 TestCert cert1 = new TestCert(sub1); 1352 TestCert cert2 = new TestCert(sub2); 1353 X509CertSelector selector = new X509CertSelector(); 1354 1355 selector.setSubject((X500Principal) null); 1356 assertTrue("Any certificates should match " 1357 + "in the case of null subjcet criteria.", 1358 selector.match(cert1) && selector.match(cert2)); 1359 selector.setSubject(sub1); 1360 assertTrue("The certificate should match the selection criteria.", 1361 selector.match(cert1)); 1362 assertFalse("The certificate should not match the selection criteria.", 1363 selector.match(cert2)); 1364 selector.setSubject(sub2); 1365 assertTrue("The certificate should match the selection criteria.", 1366 selector.match(cert2)); 1367 } 1368 1369 /** 1370 * java.security.cert.X509CertSelector#setSubjectAlternativeNames(Collection<List<?>>) 1371 */ 1372 public void test_setSubjectAlternativeNamesLjava_util_Collection() throws Exception { 1373 1374 GeneralName san0 = new GeneralName(new OtherName(new ObjectIdentifier("1.2.3.4.5"), 1375 new byte[] { 1, 2, 0, 1 })); 1376 GeneralName san1 = new GeneralName(new RFC822Name("rfc@822.Name")); 1377 GeneralName san2 = new GeneralName(new DNSName("dNSName")); 1378 1379 // http://b/27197633 (Missing replacement for ORAddress) 1380 // GeneralName san3 = new GeneralName(new X400Address((byte[])null)); 1381 GeneralName san4 = new GeneralName(new X500Name("O=Organization")); 1382 GeneralName san6 = new GeneralName(new URIName("http://uniform.Resource.Id")); 1383 GeneralName san7 = new GeneralName(new IPAddressName("1.1.1.1")); 1384 GeneralName san8 = new GeneralName(new OIDName("1.2.3.4444.55555")); 1385 1386 GeneralNames sans1 = new GeneralNames(); 1387 sans1.add(san0); 1388 sans1.add(san1); 1389 sans1.add(san2); 1390 1391 // http://b/27197633 (Missing replacement for ORAddress) 1392 // sans1.add(san3); 1393 sans1.add(san4); 1394 sans1.add(san6); 1395 sans1.add(san7); 1396 sans1.add(san8); 1397 GeneralNames sans2 = new GeneralNames(); 1398 sans2.add(san0); 1399 1400 TestCert cert1 = new TestCert(sans1); 1401 TestCert cert2 = new TestCert(sans2); 1402 X509CertSelector selector = new X509CertSelector(); 1403 selector.setMatchAllSubjectAltNames(true); 1404 1405 selector.setSubjectAlternativeNames(null); 1406 assertTrue("Any certificate should match in the case of null " 1407 + "subjectAlternativeNames criteria.", 1408 selector.match(cert1) && selector.match(cert2)); 1409 1410 Collection<List<?>> sans; 1411 sans = getGeneralNamePairList(sans1); 1412 1413 selector.setSubjectAlternativeNames(sans); 1414 1415 selector.getSubjectAlternativeNames(); 1416 } 1417 1418 /** 1419 * java.security.cert.X509CertSelector#setSubjectKeyIdentifier(byte[]) 1420 */ 1421 public void test_setSubjectKeyIdentifierLB$() throws Exception { 1422 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 1423 byte[] skid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value 1424 TestCert cert1 = new TestCert(skid1); 1425 TestCert cert2 = new TestCert(skid2); 1426 X509CertSelector selector = new X509CertSelector(); 1427 1428 selector.setSubjectKeyIdentifier(null); 1429 assertTrue("Any certificate should match in the case of null " 1430 + "serialNumber criteria.", 1431 selector.match(cert1) && selector.match(cert2)); 1432 selector.setSubjectKeyIdentifier(skid1); 1433 assertTrue("The certificate should match the selection criteria.", 1434 selector.match(cert1)); 1435 assertFalse("The certificate should not match the selection criteria.", 1436 selector.match(cert2)); 1437 selector.setSubjectKeyIdentifier(skid2); 1438 skid2[0]++; 1439 assertTrue("The certificate should match the selection criteria.", 1440 selector.match(cert2)); 1441 } 1442 1443 /** 1444 * java.security.cert.X509CertSelector#setSubjectPublicKey(byte[]) 1445 */ 1446 public void test_setSubjectPublicKeyLB$() throws Exception { 1447 1448 //SubjectPublicKeyInfo ::= SEQUENCE { 1449 // algorithm AlgorithmIdentifier, 1450 // subjectPublicKey BIT STRING } 1451 byte[] enc = { 0x30, 0x0E, // SEQUENCE 1452 0x30, 0x07, // SEQUENCE 1453 0x06, 0x02, 0x03, 0x05,//OID 1454 0x01, 0x01, 0x07, //ANY 1455 0x03, 0x03, 0x01, 0x01, 0x06, // subjectPublicKey 1456 }; 1457 1458 X509CertSelector selector = new X509CertSelector(); 1459 1460 selector.setSubjectPublicKey(enc); 1461 PublicKey key = selector.getSubjectPublicKey(); 1462 assertEquals("0.3.5", key.getAlgorithm()); 1463 assertEquals("X.509", key.getFormat()); 1464 assertTrue(Arrays.equals(enc, key.getEncoded())); 1465 assertNotNull(key.toString()); 1466 } 1467 1468 /** 1469 * java.security.cert.X509CertSelector#setSubjectPublicKey(java.security.PublicKey key) 1470 */ 1471 public void test_setSubjectPublicKeyLjava_security_PublicKey() 1472 throws Exception { 1473 PublicKey pkey1 = new TestKeyPair("RSA").getPublic(); 1474 PublicKey pkey2 = new TestKeyPair("DSA").getPublic(); 1475 1476 TestCert cert1 = new TestCert(pkey1); 1477 TestCert cert2 = new TestCert(pkey2); 1478 X509CertSelector selector = new X509CertSelector(); 1479 1480 selector.setSubjectPublicKey((PublicKey) null); 1481 assertTrue("Any certificate should match in the case of null " 1482 + "subjectPublicKey criteria.", 1483 selector.match(cert1) && selector.match(cert2)); 1484 selector.setSubjectPublicKey(pkey1); 1485 assertTrue("The certificate should match the selection criteria.", 1486 selector.match(cert1)); 1487 assertFalse("The certificate should not match the selection criteria.", 1488 selector.match(cert2)); 1489 selector.setSubjectPublicKey(pkey2); 1490 assertTrue("The certificate should match the selection criteria.", 1491 selector.match(cert2)); 1492 } 1493 1494 /** 1495 * java.security.cert.X509CertSelector#setSubjectPublicKeyAlgID(java.lang.String) 1496 */ 1497 public void test_setSubjectPublicKeyAlgIDLjava_lang_String() throws Exception { 1498 1499 X509CertSelector selector = new X509CertSelector(); 1500 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA (source: 1501 // http://asn1.elibel.tm.fr) 1502 String pkaid2 = "1.2.840.10040.4.1"; // DSA (source: 1503 // http://asn1.elibel.tm.fr) 1504 PublicKey pkey1 = new TestKeyPair("RSA").getPublic();; 1505 PublicKey pkey2 = new TestKeyPair("DSA").getPublic();; 1506 1507 TestCert cert1 = new TestCert(pkey1); 1508 TestCert cert2 = new TestCert(pkey2); 1509 1510 selector.setSubjectPublicKeyAlgID(null); 1511 assertTrue("Any certificate should match in the case of null " 1512 + "subjectPublicKeyAlgID criteria.", 1513 selector.match(cert1) && selector.match(cert2)); 1514 1515 String[] validOIDs = { 1516 "0.0.20", 1517 "1.25.0", 1518 "2.0.39", 1519 "0.2.10", 1520 "1.35.15", 1521 "2.17.89", 1522 "2.5.29.16", 1523 "2.5.29.17", 1524 "2.5.29.30", 1525 "2.5.29.32", 1526 "2.5.29.37" 1527 }; 1528 1529 for (int i = 0; i < validOIDs.length; i++) { 1530 selector.setSubjectPublicKeyAlgID(validOIDs[i]); 1531 assertEquals(validOIDs[i], selector.getSubjectPublicKeyAlgID()); 1532 } 1533 1534 String[] invalidOIDs = { "3.20", "1.40", "3.10" }; 1535 for (int i = 0; i < invalidOIDs.length; i++) { 1536 try { 1537 selector.setSubjectPublicKeyAlgID(invalidOIDs[i]); 1538 fail("IOException wasn't thrown for " + invalidOIDs[i]); 1539 } catch (IOException expected) { 1540 } 1541 } 1542 1543 selector.setSubjectPublicKeyAlgID(pkaid1); 1544 assertTrue("The certificate should match the selection criteria.", 1545 selector.match(cert1)); 1546 assertFalse("The certificate should not match the selection criteria.", 1547 selector.match(cert2)); 1548 selector.setSubjectPublicKeyAlgID(pkaid2); 1549 assertTrue("The certificate should match the selection criteria.", 1550 selector.match(cert2)); 1551 } 1552 1553 /** 1554 * java.security.cert.X509CertSelector#toString() 1555 */ 1556 public void test_toString() { 1557 X509CertSelector selector = new X509CertSelector(); 1558 assertNotNull(selector.toString()); 1559 } 1560 1561 public class MyPublicKey implements PublicKey { 1562 private static final long serialVersionUID = 2899528375354645752L; 1563 1564 public MyPublicKey() { 1565 super(); 1566 } 1567 1568 public String getAlgorithm() { 1569 return "PublicKey"; 1570 } 1571 1572 public String getFormat() { 1573 return "Format"; 1574 } 1575 1576 public byte[] getEncoded() { 1577 return new byte[0]; 1578 } 1579 1580 public long getSerVerUID() { 1581 return serialVersionUID; 1582 } 1583 } 1584 1585 private class TestCert extends X509Certificate { 1586 1587 private static final long serialVersionUID = 176676115254260405L; 1588 1589 /* Stuff fields */ 1590 protected String equalCriteria = null; // to simplify method equals() 1591 1592 protected BigInteger serialNumber = null; 1593 1594 protected X500Principal issuer = null; 1595 1596 protected X500Principal subject = null; 1597 1598 protected byte[] keyIdentifier = null; 1599 1600 protected Date date = null; 1601 1602 protected Date notBefore = null; 1603 1604 protected Date notAfter = null; 1605 1606 protected PublicKey key = null; 1607 1608 protected boolean[] keyUsage = null; 1609 1610 protected List<String> extKeyUsage = null; 1611 1612 protected int pathLen = 1; 1613 1614 protected GeneralNames sans = null; 1615 1616 protected byte[] encoding = null; 1617 1618 protected String[] policies = null; 1619 1620 protected Collection<List<?>> collection = null; 1621 1622 /* Stuff methods */ 1623 public TestCert() { 1624 } 1625 1626 public TestCert(GeneralNames sans) { 1627 setSubjectAlternativeNames(sans); 1628 } 1629 1630 public TestCert(Collection<List<?>> collection) { 1631 setCollection(collection); 1632 } 1633 1634 public TestCert(String equalCriteria) { 1635 setEqualCriteria(equalCriteria); 1636 } 1637 1638 public TestCert(String[] policies) { 1639 setPolicies(policies); 1640 } 1641 1642 public TestCert(BigInteger serial) { 1643 setSerialNumber(serial); 1644 } 1645 1646 public TestCert(X500Principal principal) { 1647 setIssuer(principal); 1648 setSubject(principal); 1649 } 1650 1651 public TestCert(byte[] array) { 1652 setKeyIdentifier(array); 1653 } 1654 1655 public TestCert(Date date) { 1656 setDate(date); 1657 } 1658 1659 public TestCert(Date notBefore, Date notAfter) { 1660 setPeriod(notBefore, notAfter); 1661 } 1662 1663 public TestCert(PublicKey key) { 1664 setPublicKey(key); 1665 } 1666 1667 public TestCert(boolean[] keyUsage) { 1668 setKeyUsage(keyUsage); 1669 } 1670 1671 public TestCert(Set<String> extKeyUsage) { 1672 setExtendedKeyUsage(extKeyUsage); 1673 } 1674 1675 public TestCert(int pathLen) { 1676 this.pathLen = pathLen; 1677 } 1678 1679 public void setSubjectAlternativeNames(GeneralNames sans) { 1680 this.sans = sans; 1681 } 1682 1683 public void setCollection(Collection<List<?>> collection) { 1684 this.collection = collection; 1685 } 1686 1687 public void setPolicies(String[] policies) { 1688 this.policies = policies; 1689 } 1690 1691 public void setExtendedKeyUsage(Set<String> extKeyUsage) { 1692 this.extKeyUsage = (extKeyUsage == null) ? null : new ArrayList<String>(extKeyUsage); 1693 } 1694 1695 public void setKeyUsage(boolean[] keyUsage) { 1696 this.keyUsage = (keyUsage == null) ? null : (boolean[]) keyUsage.clone(); 1697 } 1698 1699 public void setPublicKey(PublicKey key) { 1700 this.key = key; 1701 } 1702 1703 public void setPeriod(Date notBefore, Date notAfter) { 1704 this.notBefore = notBefore; 1705 this.notAfter = notAfter; 1706 } 1707 1708 public void setSerialNumber(BigInteger serial) { 1709 this.serialNumber = serial; 1710 } 1711 1712 public void setEqualCriteria(String equalCriteria) { 1713 this.equalCriteria = equalCriteria; 1714 } 1715 1716 public void setIssuer(X500Principal issuer) { 1717 this.issuer = issuer; 1718 } 1719 1720 public void setSubject(X500Principal subject) { 1721 this.subject = subject; 1722 } 1723 1724 public void setKeyIdentifier(byte[] subjectKeyID) { 1725 this.keyIdentifier = (byte[]) subjectKeyID.clone(); 1726 } 1727 1728 public void setDate(Date date) { 1729 this.date = new Date(date.getTime()); 1730 } 1731 1732 public void setEncoding(byte[] encoding) { 1733 this.encoding = encoding; 1734 } 1735 1736 /* Method implementations */ 1737 public boolean equals(Object cert) { 1738 if (cert == null) { 1739 return false; 1740 } 1741 if ((equalCriteria == null) 1742 || (((TestCert) cert).equalCriteria == null)) { 1743 return false; 1744 } else { 1745 return equalCriteria.equals(((TestCert) cert).equalCriteria); 1746 } 1747 } 1748 1749 public String toString() { 1750 if (equalCriteria != null) { 1751 return equalCriteria; 1752 } 1753 return ""; 1754 } 1755 1756 public void checkValidity() throws CertificateExpiredException, 1757 CertificateNotYetValidException { 1758 } 1759 1760 public void checkValidity(Date date) 1761 throws CertificateExpiredException, 1762 CertificateNotYetValidException { 1763 if (this.date == null) { 1764 throw new CertificateExpiredException(); 1765 } 1766 int result = this.date.compareTo(date); 1767 if (result > 0) { 1768 throw new CertificateExpiredException(); 1769 } 1770 if (result < 0) { 1771 throw new CertificateNotYetValidException(); 1772 } 1773 } 1774 1775 public int getVersion() { 1776 return 3; 1777 } 1778 1779 public BigInteger getSerialNumber() { 1780 return (serialNumber == null) ? new BigInteger("1111") 1781 : serialNumber; 1782 } 1783 1784 public Principal getIssuerDN() { 1785 return issuer; 1786 } 1787 1788 public X500Principal getIssuerX500Principal() { 1789 return issuer; 1790 } 1791 1792 public Principal getSubjectDN() { 1793 return subject; 1794 } 1795 1796 public X500Principal getSubjectX500Principal() { 1797 return subject; 1798 } 1799 1800 public Date getNotBefore() { 1801 return null; 1802 } 1803 1804 public Date getNotAfter() { 1805 return null; 1806 } 1807 1808 public byte[] getTBSCertificate() throws CertificateEncodingException { 1809 return null; 1810 } 1811 1812 public byte[] getSignature() { 1813 return null; 1814 } 1815 1816 public String getSigAlgName() { 1817 return null; 1818 } 1819 1820 public String getSigAlgOID() { 1821 return null; 1822 } 1823 1824 public byte[] getSigAlgParams() { 1825 return null; 1826 } 1827 1828 public boolean[] getIssuerUniqueID() { 1829 return null; 1830 } 1831 1832 public boolean[] getSubjectUniqueID() { 1833 return null; 1834 } 1835 1836 public boolean[] getKeyUsage() { 1837 return keyUsage; 1838 } 1839 1840 public List<String> getExtendedKeyUsage() 1841 throws CertificateParsingException { 1842 return extKeyUsage; 1843 } 1844 1845 public int getBasicConstraints() { 1846 return pathLen; 1847 } 1848 1849 public void verify(PublicKey key) throws CertificateException, 1850 NoSuchAlgorithmException, InvalidKeyException, 1851 NoSuchProviderException, SignatureException { 1852 } 1853 1854 public void verify(PublicKey key, String sigProvider) 1855 throws CertificateException, NoSuchAlgorithmException, 1856 InvalidKeyException, NoSuchProviderException, 1857 SignatureException { 1858 } 1859 1860 public PublicKey getPublicKey() { 1861 return key; 1862 } 1863 1864 public byte[] getEncoded() throws CertificateEncodingException { 1865 return encoding; 1866 } 1867 1868 public Set<String> getNonCriticalExtensionOIDs() { 1869 return null; 1870 } 1871 1872 public Set<String> getCriticalExtensionOIDs() { 1873 return null; 1874 } 1875 1876 public byte[] getExtensionValue (String oid) { 1877 if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) { 1878 try { 1879 DerOutputStream out = new DerOutputStream(); 1880 out.putOctetString(keyIdentifier); 1881 return out.toByteArray(); 1882 } catch (IOException e) { 1883 throw new IllegalStateException("Unexpected IOException" , e); 1884 } 1885 } 1886 if ("2.5.29.16".equals(oid)) { 1887 try { 1888 DerOutputStream outputStream = new DerOutputStream(); 1889 outputStream.putOctetString(new PrivateKeyUsageExtension(notBefore, notAfter).getExtensionValue()); 1890 return outputStream.toByteArray(); 1891 } catch (IOException e) { 1892 throw new IllegalStateException("Unexpected IOException", e); 1893 } 1894 } 1895 if ("2.5.29.17".equals(oid) && (sans != null)) { 1896 if (sans.names() == null) { 1897 return null; 1898 } 1899 try { 1900 DerOutputStream outputStream = new DerOutputStream(); 1901 outputStream.putOctetString(new SubjectAlternativeNameExtension(sans).getExtensionValue()); 1902 return outputStream.toByteArray(); 1903 } catch (IOException e) { 1904 throw new IllegalStateException("Unexpected IOException", e); 1905 } 1906 } 1907 if ("2.5.29.32".equals(oid) && (policies != null) 1908 && (policies.length > 0)) { 1909 try { 1910 List<PolicyInformation> policyInformations = new ArrayList(); 1911 1912 for (String p : policies) { 1913 policyInformations.add(new PolicyInformation(new CertificatePolicyId(new ObjectIdentifier(p)), Collections.EMPTY_SET)); 1914 } 1915 DerOutputStream outputStream = new DerOutputStream(); 1916 outputStream.putOctetString(new CertificatePoliciesExtension(policyInformations).getExtensionValue()); 1917 return outputStream.toByteArray(); 1918 } catch (IOException e) { 1919 throw new IllegalStateException("Unexpected IOException", e); 1920 } 1921 } 1922 1923 if ("2.5.29.30".equals(oid)) { 1924 throw new IllegalStateException("2.5.29.30"); 1925 } 1926 1927 if ("2.5.29.19".equals(oid)) { 1928 throw new IllegalStateException("2.5.29.30"); 1929 } 1930 1931 if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) { 1932 throw new IllegalStateException("2.5.29.37"); 1933 } 1934 return null; 1935 } 1936 1937 public boolean hasUnsupportedCriticalExtension() { 1938 return false; 1939 } 1940 1941 } 1942 1943 public X509Certificate rootCertificate; 1944 1945 public X509Certificate endCertificate; 1946 1947 public MyCRL crl; 1948 1949 private X509CertSelector theCertSelector; 1950 1951 private CertPathBuilder builder; 1952 1953 private void setupEnvironment() throws Exception { 1954 // create certificates and CRLs 1955 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 1956 ByteArrayInputStream bi = new ByteArrayInputStream(TestUtils.rootCert.getBytes()); 1957 rootCertificate = (X509Certificate) cf.generateCertificate(bi); 1958 bi = new ByteArrayInputStream(TestUtils.endCert.getBytes()); 1959 endCertificate = (X509Certificate) cf.generateCertificate(bi); 1960 1961 BigInteger revokedSerialNumber = BigInteger.valueOf(1); 1962 crl = new MyCRL("X.509"); 1963// X509CRL rootCRL = X509CRL; 1964// X509CRL interCRL = X509CRLExample.createCRL(interCert, 1965// interPair.getPrivate(), 1966// revokedSerialNumber); 1967 1968 // create CertStore to support path building 1969 List<Object> list = new ArrayList<Object>(); 1970 1971 list.add(rootCertificate); 1972 list.add(endCertificate); 1973 1974// CollectionCertStoreParameters params = new CollectionCertStoreParameters(list); 1975// CertStore store = CertStore.getInstance("Collection", params); 1976// 1977 theCertSelector = new X509CertSelector(); 1978 theCertSelector.setCertificate(endCertificate); 1979 theCertSelector.setIssuer(endCertificate.getIssuerX500Principal().getEncoded()); 1980 1981 // build the path 1982 builder = CertPathBuilder.getInstance("PKIX"); 1983 1984 } 1985 1986 private CertPath buildCertPath() throws InvalidAlgorithmParameterException { 1987 PKIXCertPathBuilderResult result = null; 1988 PKIXBuilderParameters buildParams = new PKIXBuilderParameters( 1989 Collections.singleton(new TrustAnchor(rootCertificate, null)), 1990 theCertSelector); 1991 try { 1992 result = (PKIXCertPathBuilderResult) builder.build(buildParams); 1993 } catch(CertPathBuilderException e) { 1994 return null; 1995 } 1996 return result.getCertPath(); 1997 } 1998 1999 /** 2000 * java.security.cert.X509CertSelector#addPathToName(int, byte[]) 2001 */ 2002 public void test_addPathToNameLintLbyte_array2() throws Exception { 2003 TestUtils.initCertPathSSCertChain(); 2004 setupEnvironment(); 2005 byte[] bytes, bytesName; 2006 // GeneralName name = new GeneralName(1, "822.Name"); 2007 // bytes = name.getEncoded(); 2008 // bytesName = name.getEncodedName(); 2009 bytes = new byte[] {-127, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2010 bytesName = new byte[] {22, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2011 bytes[bytes.length-3] = (byte) 200; 2012 2013 try { 2014 theCertSelector.addPathToName(1, bytes); 2015 } catch (IOException e) { 2016 // ok 2017 } 2018 2019 theCertSelector.setPathToNames(null); 2020 2021 theCertSelector.addPathToName(1, bytesName); 2022 assertNotNull(theCertSelector.getPathToNames()); 2023 CertPath p = buildCertPath(); 2024 assertNull(p); 2025 2026 theCertSelector.setPathToNames(null); 2027 2028// name = new GeneralName(new Name("O=Android")); 2029// theCertSelector.addPathToName(4, endCertificate.getSubjectDN().getName()); 2030 theCertSelector.addPathToName(4, TestUtils.rootCertificateSS.getIssuerX500Principal().getEncoded()); 2031 assertNotNull(theCertSelector.getPathToNames()); 2032 p = TestUtils.buildCertPathSSCertChain(); 2033 assertNotNull(p); 2034 } 2035 2036 /** 2037 * java.security.cert.X509CertSelector#addPathToName(int, String) 2038 */ 2039 public void test_addPathToNameLintLjava_lang_String2() throws Exception { 2040 setupEnvironment(); 2041 byte[] bytes, bytesName; 2042 // GeneralName name = new GeneralName(1, "822.Name"); 2043 // bytes = name.getEncoded(); 2044 // bytesName = name.getEncodedName(); 2045 bytes = new byte[] {-127, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2046 bytesName = new byte[] {22, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2047 assertNotNull(bytes); 2048 byte[] b = new byte[bytes.length]; 2049 b = bytes; 2050 b[bytes.length-3] = (byte) 200; 2051 2052 try { 2053 theCertSelector.addPathToName(1, new String(b)); 2054 } catch (IOException e) { 2055 // ok 2056 } 2057 2058 theCertSelector.setPathToNames(null); 2059 2060 theCertSelector.addPathToName(1, new String(bytesName)); 2061 assertNotNull(theCertSelector.getPathToNames()); 2062 2063 CertPath p = buildCertPath(); 2064 assertNull(p); 2065 2066 theCertSelector.setPathToNames(null); 2067 theCertSelector.addPathToName(1, rootCertificate.getIssuerX500Principal().getName()); 2068 assertNotNull(theCertSelector.getPathToNames()); 2069 //p = buildCertPath(); 2070 //assertNotNull(p); 2071 } 2072 2073 /** 2074 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[]) 2075 */ 2076 public void test_addSubjectAlternativeNameLintLbyte_array2() 2077 throws Exception { 2078 2079 2080 GeneralName san0 = new GeneralName(new OtherName(new ObjectIdentifier("1.2.3.4.5"), 2081 new byte[] {1, 2, 0, 1})); 2082 GeneralName san1 = new GeneralName(new RFC822Name("rfc@822.Name")); 2083 GeneralName san2 = new GeneralName(new DNSName("dNSName")); 2084 2085 GeneralNames sans1 = new GeneralNames(); 2086 sans1.add(san0); 2087 sans1.add(san1); 2088 sans1.add(san2); 2089 2090 X509CertSelector selector = new X509CertSelector(); 2091 2092 DerOutputStream out0 = new DerOutputStream(); 2093 san0.getName().encode(out0); 2094 selector.addSubjectAlternativeName(0, out0.toByteArray()); 2095 2096 DerOutputStream out1 = new DerOutputStream(); 2097 san1.getName().encode(out1); 2098 selector.addSubjectAlternativeName(1, out1.toByteArray()); 2099 2100 DerOutputStream out2 = new DerOutputStream(); 2101 san2.getName().encode(out2); 2102 selector.addSubjectAlternativeName(2, out2.toByteArray()); 2103 2104 GeneralNames sans2 = new GeneralNames(); 2105 sans2.add(san0); 2106 2107 TestCert cert1 = new TestCert(sans1); 2108 TestCert cert2 = new TestCert(sans2); 2109 2110 assertTrue(selector.match(cert1)); 2111 assertFalse(selector.match(cert2)); 2112 2113 selector.setSubjectAlternativeNames(null); 2114 2115 GeneralName name = new GeneralName(new X500Name("O=Android")); 2116 try (DerOutputStream outputStream = new DerOutputStream()){ 2117 name.encode(outputStream); 2118 selector.addSubjectAlternativeName(0, outputStream.toByteArray()); 2119 } catch (IOException e) { 2120 // ok 2121 } 2122 } 2123 2124 /** 2125 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String) 2126 */ 2127 public void test_addSubjectAlternativeNameLintLjava_lang_String2() throws Exception{ 2128 GeneralName san6 = new GeneralName(new URIName("http://uniform.Resource.Id")); 2129 GeneralName san2 = new GeneralName(new DNSName("dNSName")); 2130 2131 GeneralNames sans1 = new GeneralNames(); 2132 sans1.add(san6); 2133 sans1.add(san2); 2134 2135 X509CertSelector selector = new X509CertSelector(); 2136 2137 selector.addSubjectAlternativeName(6, "http://uniform.Resource.Id"); 2138 selector.addSubjectAlternativeName(2, "dNSName"); 2139 2140 GeneralNames sans2 = new GeneralNames(); 2141 sans2.add(san2); 2142 2143 TestCert cert1 = new TestCert(sans1); 2144 TestCert cert2 = new TestCert(sans2); 2145 2146 assertTrue(selector.match(cert1)); 2147 assertFalse(selector.match(cert2)); 2148 2149 selector.setSubjectAlternativeNames(null); 2150 2151 GeneralName name = new GeneralName(new X500Name("O=Android")); 2152 try { 2153 selector.addSubjectAlternativeName(0, (name.toString())); 2154 } catch (IOException e) { 2155 // ok 2156 } 2157 } 2158 2159 Collection<List<?>> getGeneralNamePairList(GeneralNames generalNames) 2160 throws IOException { 2161 Collection<List<?>> sans = new ArrayList<>(); 2162 for (GeneralName gn : generalNames.names()) { 2163 ArrayList<Object> gnList = new ArrayList<>(); 2164 gnList.add(gn.getType()); 2165 switch (gn.getType()) { 2166 case GeneralNameInterface.NAME_ANY: 2167 try (DerOutputStream outputStream = new DerOutputStream()) { 2168 gn.getName().encode(outputStream); 2169 gnList.add(outputStream.toByteArray()); 2170 } 2171 break; 2172 2173 case GeneralNameInterface.NAME_RFC822: 2174 gnList.add(((RFC822Name) gn.getName()).getName()); 2175 break; 2176 2177 case GeneralNameInterface.NAME_DNS: 2178 gnList.add(((DNSName) gn.getName()).getName()); 2179 break; 2180 2181 case GeneralNameInterface.NAME_X400: 2182 try (DerOutputStream outputStream = new DerOutputStream()) { 2183 gn.getName().encode(outputStream); 2184 gnList.add(outputStream.toByteArray()); 2185 } 2186 break; 2187 2188 case GeneralNameInterface.NAME_URI: 2189 gnList.add(((URIName) gn.getName()).getName()); 2190 break; 2191 2192 case GeneralNameInterface.NAME_IP: 2193 gnList.add(((IPAddressName) gn.getName()).getName()); 2194 break; 2195 2196 case GeneralNameInterface.NAME_OID: 2197 gnList.add(((OIDName) gn.getName()).getOID().toString()); 2198 break; 2199 2200 case GeneralNameInterface.NAME_DIRECTORY: 2201 gnList.add(((X500Name) gn.getName()).getName()); 2202 break; 2203 2204 case GeneralNameInterface.NAME_EDI: 2205 gnList.add(((EDIPartyName) gn.getName()).getPartyName()); 2206 break; 2207 2208 default: 2209 throw new IOException("Unrecognized GeneralName tag, (" 2210 + gn.getType() + ")"); 2211 } 2212 sans.add(gnList); 2213 } 2214 return sans; 2215 } 2216} 2217