1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18/** 19 * @author Alexander Y. Kleymenov 20 * @version $Revision$ 21 */ 22 23package org.apache.harmony.tests.javax.security.cert; 24 25import junit.framework.Test; 26import junit.framework.TestCase; 27import junit.framework.TestSuite; 28 29import tests.targets.security.cert.CertificateFactoryTestX509; 30 31import java.io.ByteArrayInputStream; 32import java.io.IOException; 33import java.io.InputStream; 34import java.math.BigInteger; 35import java.security.InvalidKeyException; 36import java.security.NoSuchAlgorithmException; 37import java.security.NoSuchProviderException; 38import java.security.Principal; 39import java.security.Provider; 40import java.security.PublicKey; 41import java.security.Security; 42import java.security.Signature; 43import java.security.SignatureException; 44import java.security.Provider.Service; 45import java.security.cert.CertificateFactory; 46import java.util.Arrays; 47import java.util.Calendar; 48import java.util.Date; 49import java.util.GregorianCalendar; 50import java.util.Set; 51import java.util.logging.Logger; 52 53import javax.security.cert.Certificate; 54import javax.security.cert.CertificateEncodingException; 55import javax.security.cert.CertificateException; 56import javax.security.cert.CertificateExpiredException; 57import javax.security.cert.CertificateNotYetValidException; 58import javax.security.cert.X509Certificate; 59 60import junit.framework.Test; 61import junit.framework.TestCase; 62import junit.framework.TestSuite; 63import tests.targets.security.cert.CertificateFactoryTestX509; 64 65/** 66 */ 67public class X509CertificateTest extends TestCase { 68 69 // Testing data was generated by using of classes 70 // from org.apache.harmony.security.asn1 package encoded 71 // by org.apache.harmony.misc.Base64 class. 72 73 private static String base64cert = "-----BEGIN CERTIFICATE-----\n" 74 + "MIIC+jCCAragAwIBAgICAiswDAYHKoZIzjgEAwEBADAdMRswGQYDVQQKExJDZXJ0a" 75 + "WZpY2F0ZSBJc3N1ZXIwIhgPMTk3MDAxMTIxMzQ2NDBaGA8xOTcwMDEyNDAzMzMyMF" 76 + "owHzEdMBsGA1UEChMUU3ViamVjdCBPcmdhbml6YXRpb24wGTAMBgcqhkjOOAQDAQE" 77 + "AAwkAAQIDBAUGBwiBAgCqggIAVaOCAhQwggIQMA8GA1UdDwEB/wQFAwMBqoAwEgYD" 78 + "VR0TAQH/BAgwBgEB/wIBBTAUBgNVHSABAf8ECjAIMAYGBFUdIAAwZwYDVR0RAQH/B" 79 + "F0wW4EMcmZjQDgyMi5OYW1lggdkTlNOYW1lpBcxFTATBgNVBAoTDE9yZ2FuaXphdG" 80 + "lvboYaaHR0cDovL3VuaWZvcm0uUmVzb3VyY2UuSWSHBP///wCIByoDolyDsgMwDAY" 81 + "DVR0eAQH/BAIwADAMBgNVHSQBAf8EAjAAMIGZBgNVHSUBAf8EgY4wgYsGBFUdJQAG" 82 + "CCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDB" 83 + "AYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUFBw" 84 + "MJBggrBgEFBQgCAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GA1UdNgEB/wQDAgE" 85 + "BMA4GBCpNhgkBAf8EAwEBATBkBgNVHRIEXTBbgQxyZmNAODIyLk5hbWWCB2ROU05h" 86 + "bWWkFzEVMBMGA1UEChMMT3JnYW5pemF0aW9uhhpodHRwOi8vdW5pZm9ybS5SZXNvd" 87 + "XJjZS5JZIcE////AIgHKgOiXIOyAzAJBgNVHR8EAjAAMAoGA1UdIwQDAQEBMAoGA1" 88 + "UdDgQDAQEBMAoGA1UdIQQDAQEBMAwGByqGSM44BAMBAQADMAAwLQIUAL4QvoazNWP" 89 + "7jrj84/GZlhm09DsCFQCBKGKCGbrP64VtUt4JPmLjW1VxQA==\n" 90 + "-----END CERTIFICATE-----"; 91 92 /* 93 * a self-signed certificate 94 */ 95 private static final String selfSignedCert = "-----BEGIN CERTIFICATE-----\n" + 96 "MIIDPzCCAqigAwIBAgIBADANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJBTjEQ" + 97 "MA4GA1UECBMHQW5kcm9pZDEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5k" + 98 "cm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBh" + 99 "bmRyb2lkLmNvbTAeFw0wOTAzMjAxNzAwMDZaFw0xMjAzMTkxNzAwMDZaMHkxCzAJ" + 100 "BgNVBAYTAkFOMRAwDgYDVQQIEwdBbmRyb2lkMRAwDgYDVQQKEwdBbmRyb2lkMRAw" + 101 "DgYDVQQLEwdBbmRyb2lkMRAwDgYDVQQDEwdBbmRyb2lkMSIwIAYJKoZIhvcNAQkB" + 102 "FhNhbmRyb2lkQGFuZHJvaWQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB" + 103 "gQCqQkDtkiEXmV8O5EK4y2Y9YyoWNDx70z4fqD+9muuzJGuM5NovMbxhBycuKHF3" + 104 "WK60iXzrsAYkB1c8VHHbcUEFqz2fBdLKyxy/nYohlo8TYSVpEjt3vfc0sgmp4FKU" + 105 "RDHO2z3rZPHWysV9L9ZvjeQpiwaYipU9epdBmvFmxQmCDQIDAQABo4HWMIHTMB0G" + 106 "A1UdDgQWBBTnm32QKeqQC38IQXZOQSPoQyypAzCBowYDVR0jBIGbMIGYgBTnm32Q" + 107 "KeqQC38IQXZOQSPoQyypA6F9pHsweTELMAkGA1UEBhMCQU4xEDAOBgNVBAgTB0Fu" + 108 "ZHJvaWQxEDAOBgNVBAoTB0FuZHJvaWQxEDAOBgNVBAsTB0FuZHJvaWQxEDAOBgNV" + 109 "BAMTB0FuZHJvaWQxIjAgBgkqhkiG9w0BCQEWE2FuZHJvaWRAYW5kcm9pZC5jb22C" + 110 "AQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAUmDApQu+r5rglS1WF" + 111 "BKXE3R2LasFvbBwdw2E0MAc0TWqLVW91VW4VWMX4r+C+c7rZpYXXtRqFRCuI/czL" + 112 "0e1GaUP/Wa6bXBcm2u7Iv2dVAaAOELmFSVTZeR57Lm9lT9kQLp24kmNndIsiDW3T" + 113 "XZ4pY/k2kxungOKx8b8pGYE9Bw==\n" + 114 "-----END CERTIFICATE-----"; 115 116 private java.security.cert.X509Certificate cert; 117 118 private javax.security.cert.X509Certificate tbt_cert; 119 120 private java.security.cert.X509Certificate javaCert; 121 122 private Provider myProvider; 123 124 private javax.security.cert.X509Certificate javaxCert; 125 126 private java.security.cert.Certificate javaSSCert; 127 128 private Provider mySSProvider; 129 130 private Certificate javaxSSCert; 131 132 @Override 133 protected void setUp() throws Exception { 134 try { 135 ByteArrayInputStream bais = new ByteArrayInputStream(base64cert 136 .getBytes()); 137 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 138 this.cert = (java.security.cert.X509Certificate) cf 139 .generateCertificate(bais); 140 this.tbt_cert = X509Certificate.getInstance(cert.getEncoded()); 141 142 // non self signed cert 143 this.javaCert = (java.security.cert.X509Certificate)cf 144 .generateCertificate(new ByteArrayInputStream(selfSignedCert.getBytes())); 145 this.javaxCert = X509Certificate.getInstance(javaCert.getEncoded()); 146 myProvider = cf.getProvider(); 147 Security.addProvider(myProvider); 148 149 // self signed cert 150 this.javaSSCert = cf.generateCertificate(new ByteArrayInputStream( 151 selfSignedCert.getBytes())); 152 this.javaxSSCert = X509Certificate.getInstance(javaCert 153 .getEncoded()); 154 mySSProvider = cf.getProvider(); 155 Security.addProvider(mySSProvider); 156 157 } catch (java.security.cert.CertificateException e) { 158 // The requested certificate type is not available. 159 // Test pass.. 160 this.cert = null; 161 Logger.global.warning("Error in test setup: Certificate type not supported"); 162 } catch (javax.security.cert.CertificateException e) { 163 // The requested certificate type is not available. 164 // Test pass.. 165 this.cert = null; 166 Logger.global.warning("Error in test setup: Certificate type not supported"); 167 } 168 } 169 170 /** 171 * X509Certificate() constructor testing. 172 * {@link X509Certificate#X509Certificate() } 173 */ 174 public void testConstructor() { 175 //Direct constructor, check if it throws an exception 176 X509Certificate cert = new MyCertificate(); 177 } 178 179 /** 180 * getInstance(InputStream inStream) method testing. 181 */ 182 public void testGetInstance1() { 183 if (this.cert == null) { 184 // The requested certificate type is not available. 185 // Test can not be applied. 186 return; 187 } 188 try { 189 ByteArrayInputStream bais = new ByteArrayInputStream(cert 190 .getEncoded()); 191 192 X509Certificate.getInstance(bais); 193 } catch (java.security.cert.CertificateEncodingException e) { 194 fail("Unexpected CertificateEncodingException was thrown."); 195 } catch (CertificateEncodingException e) { 196 fail("Unexpected CertificateEncodingException was thrown."); 197 } catch (CertificateException e) { 198 // The requested certificate type is not available. 199 // Test pass.. 200 } 201 202 // Regression for HARMONY-756 203 try { 204 X509Certificate.getInstance((InputStream) null); 205 fail("No expected CertificateException"); 206 } catch (CertificateException e) { 207 // expected; 208 } 209 } 210 211 /** 212 * getInstance(byte[] certData) method testing. 213 * @throws CertificateEncodingException 214 * @throws java.security.cert.CertificateEncodingException 215 */ 216 public void testGetInstance2() throws java.security.cert.CertificateEncodingException, CertificateEncodingException { 217 boolean certificateException = false; 218 X509Certificate c = null; 219 if (this.cert == null) { 220 // The requested certificate type is not available. 221 // Test can not be applied. 222 return; 223 } 224 try { 225 c = X509Certificate.getInstance(cert.getEncoded()); 226 } catch (java.security.cert.CertificateEncodingException e) { 227 fail("Unexpected CertificateEncodingException was thrown."); 228 } catch (CertificateException e) { 229 // The requested certificate type is not available. 230 // Test pass.. 231 certificateException = true; 232 233 } 234 235 if (! certificateException) { 236 assertNotNull(c); 237 assertTrue(Arrays.equals(c.getEncoded(),cert.getEncoded() )); 238 } 239 240 try { 241 X509Certificate.getInstance(new byte[]{(byte) 1 }); 242 } catch (CertificateException e) { 243 //ok 244 } 245 246 // Regression for HARMONY-756 247 try { 248 X509Certificate.getInstance((byte[]) null); 249 fail("No expected CertificateException"); 250 } catch (CertificateException e) { 251 // expected; 252 } 253 254 } 255 256 /** 257 * checkValidity() method testing. 258 * @throws CertificateNotYetValidException 259 * @throws CertificateExpiredException 260 * @throws java.security.cert.CertificateExpiredException 261 * @throws java.security.cert.CertificateNotYetValidException 262 */ 263 public void testCheckValidity1() throws CertificateExpiredException, CertificateNotYetValidException, java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException { 264 if (this.cert == null) { 265 // The requested certificate type is not available. 266 // Test can not be applied. 267 return; 268 } 269 Date date = new Date(); 270 Date nb_date = tbt_cert.getNotBefore(); 271 Date na_date = tbt_cert.getNotAfter(); 272 try { 273 tbt_cert.checkValidity(); 274 assertFalse("CertificateExpiredException expected", date 275 .compareTo(na_date) > 0); 276 assertFalse("CertificateNotYetValidException expected", date 277 .compareTo(nb_date) < 0); 278 } catch (CertificateExpiredException e) { 279 assertTrue("Unexpected CertificateExpiredException was thrown", 280 date.compareTo(na_date) > 0); 281 } catch (CertificateNotYetValidException e) { 282 assertTrue("Unexpected CertificateNotYetValidException was thrown", 283 date.compareTo(nb_date) < 0); 284 } 285 286 try { 287 tbt_cert.checkValidity(); 288 } catch (CertificateExpiredException e) { 289 // ok 290 } 291 292 try { 293 cert.checkValidity(); 294 } catch (java.security.cert.CertificateExpiredException e) { 295 // ok 296 } 297 298 } 299 300 /** 301 * checkValidity(Date date) method testing. 302 * @throws CertificateNotYetValidException 303 * @throws CertificateExpiredException 304 */ 305 public void testCheckValidity2() throws CertificateNotYetValidException, CertificateExpiredException { 306 if (this.cert == null) { 307 // The requested certificate type is not available. 308 // Test can not be applied. 309 return; 310 } 311 Date[] date = new Date[8]; 312 Calendar calendar = Calendar.getInstance(); 313 for (int i = 0; i < date.length; i++) { 314 calendar.set(i * 500, Calendar.JANUARY, 1); 315 date[i] = calendar.getTime(); 316 } 317 Date nb_date = tbt_cert.getNotBefore(); 318 Date na_date = tbt_cert.getNotAfter(); 319 for (int i = 0; i < date.length; i++) { 320 try { 321 tbt_cert.checkValidity(date[i]); 322 assertFalse("CertificateExpiredException expected", date[i] 323 .compareTo(na_date) > 0); 324 assertFalse("CertificateNotYetValidException expected", date[i] 325 .compareTo(nb_date) < 0); 326 } catch (CertificateExpiredException e) { 327 assertTrue("Unexpected CertificateExpiredException was thrown", 328 date[i].compareTo(na_date) > 0); 329 } catch (CertificateNotYetValidException e) { 330 assertTrue("Unexpected CertificateNotYetValidException " 331 + "was thrown", date[i].compareTo(nb_date) < 0); 332 } 333 } 334 335 Calendar calendarNow = Calendar.getInstance(); 336 337 try { 338 tbt_cert.checkValidity(calendarNow.getTime()); 339 } catch (CertificateExpiredException e) { 340 //ok 341 } 342 343 Calendar calendarPast = GregorianCalendar.getInstance(); 344 calendarPast.clear(); 345 346 try { 347 tbt_cert.checkValidity(calendarPast.getTime()); 348 } catch (CertificateNotYetValidException e) { 349 //ok 350 } 351 352 } 353 354 /** 355 * getVersion() method testing. 356 */ 357 public void testGetVersion() { 358 if (this.cert == null) { 359 // The requested certificate type is not available. 360 // Test can not be applied. 361 return; 362 } 363 assertEquals("The version is not correct.", tbt_cert.getVersion(), 2); 364 } 365 366 /** 367 * getSerialNumber() method testing. 368 */ 369 public void testGetSerialNumber() { 370 if (this.cert == null) { 371 // The requested certificate type is not available. 372 // Test can not be applied. 373 return; 374 } 375 assertEquals("The serial number is not correct.", tbt_cert 376 .getSerialNumber(), cert.getSerialNumber()); 377 } 378 379 /** 380 * getIssuerDN() method testing. 381 */ 382 public void testGetIssuerDN() { 383 if (this.cert == null) { 384 // The requested certificate type is not available. 385 // Test can not be applied. 386 Logger.global.warning("testGetIssuerDN: error in test setup."); 387 } 388 assertEquals("The issuer DN is not correct.", tbt_cert.getIssuerDN(), 389 cert.getIssuerDN()); 390 } 391 392 /** 393 * getSubjectDN() method testing. 394 */ 395 public void testGetSubjectDN() { 396 if (this.cert == null) { 397 // The requested certificate type is not available. 398 // Test can not be applied. 399 return; 400 } 401 assertEquals("The subject DN is not correct.", tbt_cert.getSubjectDN(), 402 cert.getSubjectDN()); 403 } 404 405 /** 406 * getNotBefore() method testing. 407 */ 408 public void testGetNotBefore() { 409 if (this.cert == null) { 410 // The requested certificate type is not available. 411 // Test can not be applied. 412 return; 413 } 414 assertEquals("The NotBefore date is not correct.", tbt_cert 415 .getNotBefore(), cert.getNotBefore()); 416 } 417 418 /** 419 * getNotAfter() method testing. 420 */ 421 public void testGetNotAfter() { 422 if (this.cert == null) { 423 // The requested certificate type is not available. 424 // Test can not be applied. 425 return; 426 } 427 assertEquals("The NotAfter date is not correct.", tbt_cert 428 .getNotAfter(), cert.getNotAfter()); 429 } 430 431 /** 432 * getSigAlgName() method testing. 433 */ 434 public void testGetSigAlgName() { 435 if (this.cert == null) { 436 // The requested certificate type is not available. 437 // Test can not be applied. 438 return; 439 } 440 assertEquals("The name of signature algorithm is not correct.", 441 tbt_cert.getSigAlgName(), cert.getSigAlgName()); 442 } 443 444 /** 445 * getSigAlgOID() method testing. 446 */ 447 public void testGetSigAlgOID() { 448 if (this.cert == null) { 449 // The requested certificate type is not available. 450 // Test can not be applied. 451 return; 452 } 453 assertEquals("The name of OID of signature algorithm is not correct.", 454 tbt_cert.getSigAlgOID(), cert.getSigAlgOID()); 455 } 456 457 /** 458 * getSigAlgParams() method testing. 459 */ 460 public void testGetSigAlgParams() { 461 if (this.cert == null) { 462 // The requested certificate type is not available. 463 // Test can not be applied. 464 return; 465 } 466 assertTrue("The byte array with encoded algorithm parameters " 467 + "is not correct.", Arrays.equals(tbt_cert.getSigAlgParams(), 468 cert.getSigAlgParams())); 469 } 470 471 /** 472 * The stub class used for testing of non abstract methods. 473 */ 474 private class MyCertificate extends X509Certificate { 475 476 public MyCertificate() { 477 super(); 478 } 479 480 @Override 481 public void checkValidity() throws CertificateExpiredException, 482 CertificateNotYetValidException { 483 } 484 485 @Override 486 public void checkValidity(Date arg0) 487 throws CertificateExpiredException, 488 CertificateNotYetValidException { 489 } 490 491 @Override 492 public Principal getIssuerDN() { 493 return null; 494 } 495 496 @Override 497 public Date getNotAfter() { 498 return null; 499 } 500 501 @Override 502 public Date getNotBefore() { 503 return null; 504 } 505 506 @Override 507 public BigInteger getSerialNumber() { 508 return null; 509 } 510 511 @Override 512 public String getSigAlgName() { 513 return null; 514 } 515 516 @Override 517 public String getSigAlgOID() { 518 return null; 519 } 520 521 @Override 522 public byte[] getSigAlgParams() { 523 return null; 524 } 525 526 @Override 527 public Principal getSubjectDN() { 528 return null; 529 } 530 531 @Override 532 public int getVersion() { 533 return 0; 534 } 535 536 @Override 537 public byte[] getEncoded() throws CertificateEncodingException { 538 return null; 539 } 540 541 @Override 542 public PublicKey getPublicKey() { 543 return null; 544 } 545 546 @Override 547 public String toString() { 548 return null; 549 } 550 551 @Override 552 public void verify(PublicKey key) throws CertificateException, 553 NoSuchAlgorithmException, InvalidKeyException, 554 NoSuchProviderException, SignatureException { 555 } 556 557 @Override 558 public void verify(PublicKey key, String sigProvider) 559 throws CertificateException, NoSuchAlgorithmException, 560 InvalidKeyException, NoSuchProviderException, 561 SignatureException { 562 } 563 } 564 565 public class MyModifiablePublicKey implements PublicKey { 566 567 private PublicKey key; 568 private boolean modifiedAlgo; 569 private String algo; 570 private String format; 571 private boolean modifiedFormat; 572 private boolean modifiedEncoding; 573 private byte[] encoding; 574 575 public MyModifiablePublicKey(PublicKey k) { 576 super(); 577 this.key = k; 578 } 579 580 public String getAlgorithm() { 581 if (modifiedAlgo) { 582 return algo; 583 } else { 584 return key.getAlgorithm(); 585 } 586 } 587 588 public String getFormat() { 589 if (modifiedFormat) { 590 return this.format; 591 } else { 592 return key.getFormat(); 593 } 594 595 } 596 597 public byte[] getEncoded() { 598 if (modifiedEncoding) { 599 return this.encoding; 600 } else { 601 return key.getEncoded(); 602 } 603 604 } 605 606 public long getSerVerUID() { 607 return key.serialVersionUID; 608 } 609 610 public void setAlgorithm(String myAlgo) { 611 modifiedAlgo = true; 612 this.algo = myAlgo; 613 } 614 615 public void setFormat(String myFormat) { 616 modifiedFormat = true; 617 format = myFormat; 618 } 619 620 public void setEncoding(byte[] myEncoded) { 621 modifiedEncoding = true; 622 encoding = myEncoded; 623 } 624 } 625 626 /** 627 * @throws CertificateEncodingException 628 * {@link Certificate#getEncoded()} 629 */ 630 public void testGetEncoded() 631 throws CertificateEncodingException, java.security.cert.CertificateException { 632 // cert = DER encoding of the ASN1.0 structure 633 assertTrue(Arrays.equals(cert.getEncoded(), tbt_cert.getEncoded())); 634 assertFalse(Arrays.equals(javaxCert.getEncoded(), tbt_cert.getEncoded())); 635 } 636 637 /** 638 * {@link Certificate#getPublicKey()} 639 */ 640 public void testGetPublicKey() { 641 PublicKey key = javaxCert.getPublicKey(); 642 assertNotNull(key); 643 assertEquals(javaxCert.getPublicKey(), javaCert.getPublicKey()); 644 assertEquals(key.getAlgorithm(),"RSA"); 645 646 key = javaxSSCert.getPublicKey(); 647 assertNotNull(key); 648 assertEquals(key.getAlgorithm(),"RSA"); 649 650 //assertTrue(mySSProvider.containsKey(key)); 651 652 } 653 654 /** 655 * @throws SignatureException 656 * @throws NoSuchProviderException 657 * @throws NoSuchAlgorithmException 658 * @throws InvalidKeyException 659 * @throws CertificateException 660 * {@link Certificate#verify(PublicKey)} 661 */ 662 // Side Effect: Destroys MD5 provider, hurts succeeding tests 663 public void testVerifyPublicKey() throws InvalidKeyException, 664 NoSuchAlgorithmException, NoSuchProviderException, 665 SignatureException, CertificateException { 666 667 // Preconditions 668 assertNotNull(javaxCert.getPublicKey()); 669 assertNotNull(javaxSSCert.getPublicKey()); 670 //precondition for self signed certificates 671 /*assertEquals(((X509Certificate) javaxSSCert).getIssuerDN().getName(), 672 ((X509Certificate) javaxSSCert).getSubjectDN());*/ 673 674 // must always evaluate true for self signed 675 // here not self signed: 676 try { 677 javaxCert.verify(javaxCert.getPublicKey()); 678 } catch (SignatureException e) { 679 // ok 680 } 681 682 PublicKey k = javaxCert.getPublicKey(); 683 684 MyModifiablePublicKey changedEncoding = new MyModifiablePublicKey(k); 685 changedEncoding 686 .setEncoding(new byte[javaxCert.getEncoded().length - 1]); 687 688 try { 689 javaxCert.verify(tbt_cert.getPublicKey()); 690 } catch (InvalidKeyException e) { 691 // ok 692 } 693 694 695 try { 696 javaxCert.verify(null); 697 } catch (Exception e) { 698 // ok 699 } 700 701 try { 702 javaxCert.verify(changedEncoding); 703 fail("Exception expected"); 704 } catch (Exception e) { 705 // ok 706 } 707 708 // following test doesn't work because the algorithm is derived from 709 // somewhere else. 710 711 // MyModifiablePublicKey changedAlgo = new MyModifiablePublicKey(k); 712 // changedAlgo.setAlgorithm("MD5withBla"); 713 714 // try { 715 // javaxCert.verify(changedAlgo); 716 // fail("Exception expected"); 717 // } catch (SignatureException e) { 718 // // ok 719 // } 720 721 // Security.removeProvider(mySSProvider.getName()); 722 723 // try { 724 // javaxSSCert.verify(javaxSSCert.getPublicKey()); 725 // } catch (NoSuchProviderException e) { 726 // // ok 727 // } 728 729 // Security.addProvider(mySSProvider); 730 731 // must always evaluate true for self signed 732 // javaxSSCert.verify(javaxSSCert.getPublicKey()); 733 } 734 735 /** 736 * @throws SignatureException 737 * @throws NoSuchProviderException 738 * @throws NoSuchAlgorithmException 739 * @throws java.security.cert.CertificateException 740 * @throws InvalidKeyException 741 * @throws IOException 742 * @throws CertificateException 743 * {@link Certificate#verify(PublicKey, String)} 744 */ 745 public void testVerifyPublicKeyString() throws Exception { 746 747 try { 748 javaxCert.verify(javaxCert.getPublicKey(), myProvider.getName()); 749 } catch (NoSuchAlgorithmException e) { 750 // ok 751 } 752 753 // myProvider.getService(type, algorithm) 754 // Keep track of the original position so the provider can be 755 // reinserted in the same spot later. 756 Provider[] providers = Security.getProviders(); 757 int i = 0; 758 for (; i < providers.length; i++) { 759 if (providers[i] == myProvider) { 760 break; 761 } 762 } 763 764 Security.removeProvider(myProvider.getName()); 765 try { 766 javaxCert.verify(javaxCert.getPublicKey(), myProvider.getName()); 767 } catch (NoSuchProviderException e) { 768 // ok 769 } 770 771 // Note: The position is 1-based, that is, 1 is most preferred, 772 // followed by 2, and so on 773 Security.insertProviderAt(myProvider, i + 1); 774 775 // Find the Provider which offers MD5withRSA for the certificate's 776 // public key. 777 Signature signature = Signature.getInstance("MD5withRSA"); 778 signature.initVerify(javaxSSCert.getPublicKey()); 779 Provider provider = signature.getProvider(); 780 781 // self signed cert: should verify with provider 782 try { 783 javaxSSCert.verify(javaxSSCert.getPublicKey(), 784 provider.getName()); 785 } catch (SignatureException e) { 786 fail("blu"); 787 } 788 789 } 790 791 public static Test suite() { 792 return new TestSuite(X509CertificateTest.class); 793 } 794} 795