1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.org.bouncycastle.jce.provider; 18 19import java.io.ByteArrayInputStream; 20import java.io.File; 21import java.io.FileOutputStream; 22import java.io.FileNotFoundException; 23import java.io.InputStream; 24import java.io.IOException; 25import java.math.BigInteger; 26import java.security.cert.CertificateFactory; 27import java.security.cert.Certificate; 28import java.security.cert.X509Certificate; 29import java.security.MessageDigest; 30import java.security.PrivateKey; 31import java.security.PublicKey; 32import java.util.HashSet; 33import java.util.Set; 34import junit.framework.TestCase; 35import com.android.org.bouncycastle.jce.provider.CertBlacklist; 36import com.android.org.bouncycastle.crypto.Digest; 37import com.android.org.bouncycastle.util.encoders.Base64; 38import com.android.org.bouncycastle.util.encoders.Hex; 39 40public class CertBlacklistTest extends TestCase { 41 42 private File tmpFile; 43 44 private Set<String> DEFAULT_PUBKEYS; 45 private Set<String> DEFAULT_SERIALS; 46 47 public static final String TEST_CERT = "" + 48 "MIIDsjCCAxugAwIBAgIJAPLf2gS0zYGUMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYDVQQGEwJVUzET" + 49 "MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEPMA0GA1UEChMGR29v" + 50 "Z2xlMRAwDgYDVQQLEwd0ZXN0aW5nMRYwFAYDVQQDEw1HZXJlbXkgQ29uZHJhMSEwHwYJKoZIhvcN" + 51 "AQkBFhJnY29uZHJhQGdvb2dsZS5jb20wHhcNMTIwNzE0MTc1MjIxWhcNMTIwODEzMTc1MjIxWjCB" + 52 "mDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZp" + 53 "ZXcxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMNR2VyZW15IENv" + 54 "bmRyYTEhMB8GCSqGSIb3DQEJARYSZ2NvbmRyYUBnb29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA" + 55 "A4GNADCBiQKBgQCjGGHATBYlmas+0sEECkno8LZ1KPglb/mfe6VpCT3GhSr+7br7NG/ZwGZnEhLq" + 56 "E7YIH4fxltHmQC3Tz+jM1YN+kMaQgRRjo/LBCJdOKaMwUbkVynAH6OYsKevjrOPk8lfM5SFQzJMG" + 57 "sA9+Tfopr5xg0BwZ1vA/+E3mE7Tr3M2UvwIDAQABo4IBADCB/TAdBgNVHQ4EFgQUhzkS9E6G+x8W" + 58 "L4EsmRjDxu28tHUwgc0GA1UdIwSBxTCBwoAUhzkS9E6G+x8WL4EsmRjDxu28tHWhgZ6kgZswgZgx" + 59 "CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3" + 60 "MQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB3Rlc3RpbmcxFjAUBgNVBAMTDUdlcmVteSBDb25k" + 61 "cmExITAfBgkqhkiG9w0BCQEWEmdjb25kcmFAZ29vZ2xlLmNvbYIJAPLf2gS0zYGUMAwGA1UdEwQF" + 62 "MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYiugFDmbDOQ2U/+mqNt7o8ftlEo9SJrns6O8uTtK6AvR" + 63 "orDrR1AXTXkuxwLSbmVfedMGOZy7Awh7iZa8hw5x9XmUudfNxvmrKVEwGQY2DZ9PXbrnta/dwbhK" + 64 "mWfoepESVbo7CKIhJp8gRW0h1Z55ETXD57aGJRvQS4pxkP8ANhM="; 65 66 public static final String TURKTRUST_1 = "" + 67 "MIIFPTCCBCWgAwIBAgICCCcwDQYJKoZIhvcNAQEFBQAwgawxPTA7BgNVBAMMNFTDnFJLVFJVU1Qg" + 68 "RWxla3Ryb25payBTdW51Y3UgU2VydGlmaWthc8SxIEhpem1ldGxlcmkxCzAJBgNVBAYTAlRSMV4w" + 69 "XAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnE" + 70 "n2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtICAyMDA1MB4XDTExMDgwODA3MDc1MVoXDTIx" + 71 "MDcwNjA3MDc1MVowbjELMAkGA1UEBhMCVFIxDzANBgNVBAgMBkFOS0FSQTEPMA0GA1UEBwwGQU5L" + 72 "QVJBMQwwCgYDVQQKDANFR08xGDAWBgNVBAsMD0VHTyBCSUxHSSBJU0xFTTEVMBMGA1UEAwwMKi5F" + 73 "R08uR09WLlRSMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5zoj2Bpdl7R1M/zF6Qf" + 74 "4su2F8vDqISKvuTuyJhNAHhFGHCsHjaixGMHspuz0l3V50kq/ECWbN8kKaeTrB112QOrWTU276iu" + 75 "p1Gh+OlEOiR9vlQ4VAP00dWUjD6z9HQFCi8W3EsEtiiHiYOU9BcPpPkaUbECwP4nGVwR8aPwhB5P" + 76 "GBJc98romdvciYkUpSOOwkuSRtooA7tRlLFu72QaNpXN1NueB36I3aajPk0YyiXy2w8XlgK7QI4P" + 77 "SSBnSq+QblFocWVmLhF94je7py6lCnllrIFXpR3FWZLD5GcI6HKlBS78AQ+IMBLFHhsEVw5NQj90" + 78 "chSZClfBWBZzIaV9RwIDAQABo4IBpDCCAaAwHwYDVR0jBBgwFoAUq042AzDS29UKaL6HpVBs/PZw" + 79 "pSUwHQYDVR0OBBYEFGT7G4Y9uEryRIL5Vj3qJsD047M0MA4GA1UdDwEB/wQEAwIBBjBFBgNVHSAE" + 80 "PjA8MDoGCWCGGAMAAwEBATAtMCsGCCsGAQUFBwIBFh9odHRwOi8vd3d3LnR1cmt0cnVzdC5jb20u" + 81 "dHIvc3VlMA8GA1UdEwEB/wQFMAMBAf8wSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL3d3dy50dXJr" + 82 "dHJ1c3QuY29tLnRyL3NpbC9UVVJLVFJVU1RfU1NMX1NJTF9zMi5jcmwwgaoGCCsGAQUFBwEBBIGd" + 83 "MIGaMG4GCCsGAQUFBzAChmJodHRwOi8vd3d3LnR1cmt0cnVzdC5jb20udHIvc2VydGlmaWthbGFy" + 84 "L1RVUktUUlVTVF9FbGVrdHJvbmlrX1N1bnVjdV9TZXJ0aWZpa2FzaV9IaXptZXRsZXJpX3MyLmNy" + 85 "dDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AudHVya3RydXN0LmNvbS50cjANBgkqhkiG9w0BAQUF" + 86 "AAOCAQEAj89QCCyoW0S20EcYDZAnvFLFmougK97Bt68iV1OM622+Cyeyf4Sz+1LBk1f9ni3fGT0Q" + 87 "+RWZJYWq5YuSBiLVgk3NLcxnwe3wmnvErUgq1QDtAaNlBWMEMklOlWGfJ0eWaillUskJbDd4KwgZ" + 88 "HDEj7g/jYEQqU1t0zoJdwM/zNsnLHkhwcWZ5PQnnbpff1Ct/1LH/8pdy2eRDmRmqniLUh8r2lZfJ" + 89 "eudVZG6yIbxsqP3t2JCq5c2P1jDhAGF3g9DiskH0CzsRdbVpoWdr+PY1Xz/19G8XEpX9r+IBJhLd" + 90 "bkpVo0Qh0A10mzFP/GUk5f/8nho2HvLaVMhWv1qKcF8IhQ=="; 91 92 public static final String TURKTRUST_2 = "" + 93 "MIID8DCCAtigAwIBAgICCGQwDQYJKoZIhvcNAQEFBQAwgawxPTA7BgNVBAMMNFTDnFJLVFJVU1Qg" + 94 "RWxla3Ryb25payBTdW51Y3UgU2VydGlmaWthc8SxIEhpem1ldGxlcmkxCzAJBgNVBAYTAlRSMV4w" + 95 "XAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnE" + 96 "n2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtICAyMDA1MB4XDTExMDgwODA3MDc1MVoXDTIx" + 97 "MDgwNTA3MDc1MVowgaMxCzAJBgNVBAYTAlRSMRAwDgYDVQQIEwdMZWZrb3NhMRAwDgYDVQQHEwdM" + 98 "ZWZrb3NhMRwwGgYDVQQKExNLS1RDIE1lcmtleiBCYW5rYXNpMSYwJAYDVQQDEx1lLWlzbGVtLmtr" + 99 "dGNtZXJrZXpiYW5rYXNpLm9yZzEqMCgGCSqGSIb3DQEJARYbaWxldGlAa2t0Y21lcmtlemJhbmth" + 100 "c2kub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1hUpuRFY67NsZ6C9rzRAPCb" + 101 "9RVpi4nZzJIA1TvIfr4hMPM0X5jseMf5GvgJQ+cBMZtooDd7BbZNy2z7O5A+8PYFaMDdokCENx2e" + 102 "PIqAVuO6C5UAqM7J3n6RrhjOvqiw6dTQMbtXhjFao+YMuBVvRuuhGHBDK3Je64T/KLzcmAUlRJEu" + 103 "y+ZMe7AatUaSDr/jy5DMA5xEYOdsnS5Zo30lRG+9vqbxb8CQi+E97sNjY+W4lEgJKQWMNh5rCxo4" + 104 "Hinkm3CKyKX3PAS+DDVI3LQiCiIQUOMA2+1P5aTPTkpqlbjqhbWTWAPWOKCF9d83p3RMXOYt5Gah" + 105 "S8rg5u6+toEC1QIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkq" + 106 "hkiG9w0BAQUFAAOCAQEAwjWz5tsUvYORVW8KJSK/biHFrAnFotMtoTKEewRmnYaYjwXIr1IPaBqh" + 107 "jkGGviLN2eOH/v97Uli6HC4lzhKHfMQUS9KF/f5nGcH8iQBy/gmFsfJQ1KDC6GNM4CfMGIzyxjYh" + 108 "P0VzdUtKX3PAl5EqgMUcdqRDy6Ruz55+JkdvCL1nAC7xH+czJcZVwysTdGfLTCh6VtYPgIkeL6U8" + 109 "3xQAyMuOHm72exJljYFqIsiNvGE0KufCqCuH1PD97IXMrLlwGmKKg5jP349lySBpJjm6RDqCTT+6" + 110 "dUl2jkVbeNmco99Y7AOdtLsOdXBMCo5x8lK8zwQWFrzEms0joHXCpWfGWA=="; 111 112 public static final String ANSSI = "" + 113 "MIIDbDCCAlSgAwIBAgIDAx2nMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNVBAYTAkZSMQ4wDAYDVQQK" + 114 "EwVER1RQRTEsMCoGA1UEAxMjQUMgREdUUEUgU2lnbmF0dXJlIEF1dGhlbnRpZmljYXRpb24wHhcN" + 115 "MTMwNzE4MTAwNTI4WhcNMTQwNzE4MTAwNTI4WjA+MQswCQYDVQQGEwJGUjETMBEGA1UECgwKREcg" + 116 "VHLDqXNvcjEaMBgGA1UEAwwRQUMgREcgVHLDqXNvciBTU0wwggEiMA0GCSqGSIb3DQEBAQUAA4IB" + 117 "DwAwggEKAoIBAQDI0WFSUyY+MmtFkqFjTefoFyDgh9b1C/2YvSIvT8oCH62JWT5rpeTCZwaXbqWc" + 118 "jaNfzggqaFsokqfhBif43HNHNtNJmvKE32VcuLB0SpsLR/1VeTd9F99C1JeHVa+nelumOHEfouX8" + 119 "rRFrxNXNIYTVeiENT8Y2YqRb/XAril9g7i674uFzLiNR/t/N/F8Exujv9U8m8rmgud/+tG9WDRaD" + 120 "Jwoj3ZFCOnL5qLnSUEcS6TzWpozLmC2JVO5GZKGGd7qC9FjdBkVilkbVIEGSrYvz2Uz2v5IGqMBI" + 121 "QaFL/kSYWxGTaedTOk2drFEApp9AEPTfv1NwCWBfegsGQrHUROM3AgMBAAGjZjBkMBIGA1UdEwEB" + 122 "/wQIMAYBAf8CAQQwHQYDVR0OBBYEFAAMW8lJqJW0DtAv5p3Mjogxvh9lMB8GA1UdIwQYMBaAFOnb" + 123 "kI/9W5nkFTvwYlyn5A1Y6IeZMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAtDfG" + 124 "HkHOLW2d9fiMtwtkEwDauISJLJyCjoRmawzmQbIZXq7HaLliVfE0sdfKUm0iQ0im1/CpnJLPoTeK" + 125 "yBHvNu1ubLc2m+9dabAYhF3pVdKC+gNaAzBXZ9Gt0p1CLk1lf8Hg+R10HN2IPCv7V/crz2Ga+c23" + 126 "4P3pfwYW8+Nd7alGCuvqot6UYXOlheF7zWUkHn6z6tvY+9oMDHKSUAthhA/FB50JgJU89zyTv1eg" + 127 "Y3ldKwvYBW3W3yNZdTHbPyNsPJdhqA55mDNsteE5YTp1PyySDb1MSVrbxDEruoH6ZE99Hob4Ih8A" + 128 "mn7MHZatGClECgjXWFZ2Gxa7OUCaQpcH8g=="; 129 130 public CertBlacklistTest() throws IOException { 131 tmpFile = File.createTempFile("test", ""); 132 DEFAULT_PUBKEYS = getDefaultPubkeys(); 133 DEFAULT_SERIALS = getDefaultSerials(); 134 tmpFile.delete(); 135 } 136 137 @Override 138 public void setUp() throws Exception { 139 super.setUp(); 140 tmpFile = File.createTempFile("test", ""); 141 } 142 143 @Override 144 public void tearDown() throws Exception { 145 try { 146 tmpFile.delete(); 147 } finally { 148 super.tearDown(); 149 } 150 } 151 152 private Set<String> getPubkeyBlacklist(String path) throws IOException { 153 // set our blacklist path 154 CertBlacklist bl = new CertBlacklist(path, ""); 155 // call readPubkeyBlacklist 156 Set<byte[]> arr = bl.pubkeyBlacklist; 157 // convert the results to a hashset of strings 158 Set<String> results = new HashSet<String>(); 159 for (byte[] value: arr) { 160 results.add(new String(value)); 161 } 162 return results; 163 } 164 165 private Set<String> getSerialBlacklist(String path) throws IOException { 166 // set our blacklist path 167 CertBlacklist bl = new CertBlacklist("", path); 168 // call readPubkeyBlacklist 169 Set<BigInteger> arr = bl.serialBlacklist; 170 // convert the results to a hashset of strings 171 Set<String> results = new HashSet<String>(); 172 for (BigInteger value: arr) { 173 results.add(value.toString(16)); 174 } 175 return results; 176 } 177 178 private static String getHash(PublicKey publicKey) throws Exception { 179 byte[] encoded = publicKey.getEncoded(); 180 MessageDigest digest = MessageDigest.getInstance("SHA1"); 181 byte[] hexlifiedHash = Hex.encode(digest.digest(encoded)); 182 return new String(hexlifiedHash); 183 } 184 185 private Set<String> getDefaultPubkeys() throws IOException { 186 return getPubkeyBlacklist(""); 187 } 188 189 private Set<String> getDefaultSerials() throws IOException { 190 return getSerialBlacklist(""); 191 } 192 193 private Set<String> getCurrentPubkeyBlacklist() throws IOException { 194 return getPubkeyBlacklist(tmpFile.getCanonicalPath()); 195 } 196 197 private Set<String> getCurrentSerialBlacklist() throws IOException { 198 return getSerialBlacklist(tmpFile.getCanonicalPath()); 199 } 200 201 private void blacklistToFile(String blacklist) throws IOException { 202 FileOutputStream out = new FileOutputStream(tmpFile); 203 out.write(blacklist.toString().getBytes()); 204 out.close(); 205 } 206 207 private void writeBlacklist(HashSet<String> values) throws IOException { 208 StringBuilder result = new StringBuilder(); 209 // join the values into a string 210 for (String value : values) { 211 if (result.length() != 0) { 212 result.append(","); 213 } 214 result.append(value); 215 } 216 blacklistToFile(result.toString()); 217 } 218 219 private static PublicKey createPublicKey(String cert) throws Exception { 220 byte[] derCert = Base64.decode(cert.getBytes()); 221 InputStream istream = new ByteArrayInputStream(derCert); 222 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 223 return cf.generateCertificate(istream).getPublicKey(); 224 } 225 226 private static BigInteger createSerialNumber(String cert) throws Exception { 227 byte[] derCert = Base64.decode(cert.getBytes()); 228 InputStream istream = new ByteArrayInputStream(derCert); 229 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 230 X509Certificate xCert = (X509Certificate)cf.generateCertificate(istream); 231 return xCert.getSerialNumber(); 232 } 233 234 public void testPubkeyBlacklistLegit() throws Exception { 235 // build the blacklist 236 HashSet<String> bl = new HashSet<String>(); 237 bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccc"); 238 // write the blacklist 239 writeBlacklist(bl); 240 // add the default pubkeys into the bl 241 bl.addAll(DEFAULT_PUBKEYS); 242 // do the test 243 assertEquals(bl, getCurrentPubkeyBlacklist()); 244 } 245 246 public void testLegitPubkeyIsntBlacklisted() throws Exception { 247 // build the public key 248 PublicKey pk = createPublicKey(TEST_CERT); 249 // write that to the test blacklist 250 writeBlacklist(new HashSet<String>()); 251 // set our blacklist path 252 CertBlacklist bl = new CertBlacklist(tmpFile.getCanonicalPath(), ""); 253 // check to make sure it isn't blacklisted 254 assertEquals(bl.isPublicKeyBlackListed(pk), false); 255 } 256 257 public void testPubkeyIsBlacklisted() throws Exception { 258 // build the public key 259 PublicKey pk = createPublicKey(TEST_CERT); 260 // get its hash 261 String hash = getHash(pk); 262 // write that to the test blacklist 263 HashSet<String> testBlackList = new HashSet<String>(); 264 testBlackList.add(hash); 265 writeBlacklist(testBlackList); 266 // set our blacklist path 267 CertBlacklist bl = new CertBlacklist(tmpFile.getCanonicalPath(), ""); 268 // check to make sure it isn't blacklited 269 assertTrue(bl.isPublicKeyBlackListed(pk)); 270 } 271 272 public void testSerialBlacklistLegit() throws IOException { 273 // build the blacklist 274 HashSet<String> bl = new HashSet<String>(); 275 bl.add("22e514121e61c643b1e9b06bd4b9f7d0"); 276 // write the blacklist 277 writeBlacklist(bl); 278 // add the default serials into the bl 279 bl.addAll(DEFAULT_SERIALS); 280 // do the test 281 assertEquals(bl, getCurrentSerialBlacklist()); 282 } 283 284 public void testPubkeyBlacklistMultipleLegit() throws IOException { 285 // build the blacklist 286 HashSet<String> bl = new HashSet<String>(); 287 bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccc"); 288 bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccd"); 289 // write the blacklist 290 writeBlacklist(bl); 291 // add the default pubkeys into the bl 292 bl.addAll(DEFAULT_PUBKEYS); 293 // do the test 294 assertEquals(bl, getCurrentPubkeyBlacklist()); 295 } 296 297 public void testSerialBlacklistMultipleLegit() throws IOException { 298 // build the blacklist 299 HashSet<String> bl = new HashSet<String>(); 300 bl.add("22e514121e61c643b1e9b06bd4b9f7d0"); 301 bl.add("22e514121e61c643b1e9b06bd4b9f7d1"); 302 // write the blacklist 303 writeBlacklist(bl); 304 // add the default serials into the bl 305 bl.addAll(DEFAULT_SERIALS); 306 // do the test 307 assertEquals(bl, getCurrentSerialBlacklist()); 308 } 309 310 public void testPubkeyBlacklistMultipleBad() throws IOException { 311 // build the blacklist 312 HashSet<String> bl = new HashSet<String>(); 313 bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccc"); 314 bl.add(""); 315 bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccd"); 316 // write the blacklist 317 writeBlacklist(bl); 318 // add the default pubkeys into the bl 319 bl.addAll(DEFAULT_PUBKEYS); 320 // remove the bad one 321 bl.remove(""); 322 // do the test- results should be all but the bad one are handled 323 assertEquals(bl, getCurrentPubkeyBlacklist()); 324 } 325 326 public void testSerialBlacklistMultipleBad() throws IOException { 327 // build the blacklist 328 HashSet<String> bl = new HashSet<String>(); 329 bl.add("22e514121e61c643b1e9b06bd4b9f7d0"); 330 bl.add(""); 331 bl.add("22e514121e61c643b1e9b06bd4b9f7d1"); 332 // write the blacklist 333 writeBlacklist(bl); 334 // add the default serials into the bl 335 bl.addAll(DEFAULT_SERIALS); 336 // remove the bad one 337 bl.remove(""); 338 // do the test- results should be all but the bad one are handled 339 assertEquals(bl, getCurrentSerialBlacklist()); 340 } 341 342 public void testPubkeyBlacklistDoesntExist() throws IOException { 343 assertEquals(DEFAULT_PUBKEYS, getCurrentPubkeyBlacklist()); 344 } 345 346 public void testSerialBlacklistDoesntExist() throws IOException { 347 assertEquals(DEFAULT_SERIALS, getCurrentSerialBlacklist()); 348 } 349 350 public void testPubkeyBlacklistNotHexValues() throws IOException { 351 // build the blacklist 352 HashSet<String> bl = new HashSet<String>(); 353 bl.add("ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"); 354 // write the blacklist 355 writeBlacklist(bl); 356 // do the test 357 assertEquals(DEFAULT_PUBKEYS, getCurrentPubkeyBlacklist()); 358 } 359 360 public void testSerialBlacklistNotHexValues() throws IOException { 361 // build the blacklist 362 HashSet<String> bl = new HashSet<String>(); 363 bl.add("ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"); 364 // write the blacklist 365 writeBlacklist(bl); 366 // do the test 367 assertEquals(DEFAULT_SERIALS, getCurrentSerialBlacklist()); 368 } 369 370 public void testPubkeyBlacklistIncorrectLength() throws IOException { 371 // build the blacklist 372 HashSet<String> bl = new HashSet<String>(); 373 bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091cc"); 374 // write the blacklist 375 writeBlacklist(bl); 376 // do the test 377 assertEquals(DEFAULT_PUBKEYS, getCurrentPubkeyBlacklist()); 378 } 379 380 public void testSerialBlacklistZero() throws IOException { 381 // build the blacklist 382 HashSet<String> bl = new HashSet<String>(); 383 bl.add("0"); 384 // write the blacklist 385 writeBlacklist(bl); 386 // add the default serials 387 bl.addAll(DEFAULT_SERIALS); 388 // do the test 389 assertEquals(bl, getCurrentSerialBlacklist()); 390 } 391 392 public void testSerialBlacklistNegative() throws IOException { 393 // build the blacklist 394 HashSet<String> bl = new HashSet<String>(); 395 bl.add("-1"); 396 // write the blacklist 397 writeBlacklist(bl); 398 // add the default serials 399 bl.addAll(DEFAULT_SERIALS); 400 // do the test 401 assertEquals(bl, getCurrentSerialBlacklist()); 402 } 403 404 public void testTurkTrustIntermediate1PubkeyBlacklist() throws Exception { 405 // build the public key 406 PublicKey pk = createPublicKey(TURKTRUST_1); 407 // write that to the test blacklist 408 writeBlacklist(new HashSet<String>()); 409 // set our blacklist path 410 CertBlacklist bl = new CertBlacklist(); 411 // check to make sure it isn't blacklisted 412 assertEquals(bl.isPublicKeyBlackListed(pk), true); 413 } 414 415 public void testTurkTrustIntermediate2PubkeyBlacklist() throws Exception { 416 // build the public key 417 PublicKey pk = createPublicKey(TURKTRUST_2); 418 // set our blacklist path 419 CertBlacklist bl = new CertBlacklist(); 420 // check to make sure it isn't blacklisted 421 assertEquals(bl.isPublicKeyBlackListed(pk), true); 422 } 423 424 public void testANSSIIntermediatePubkeyBlacklist() throws Exception { 425 // build the public key 426 PublicKey pk = createPublicKey(ANSSI); 427 // set our blacklist path 428 CertBlacklist bl = new CertBlacklist(); 429 // check to make sure it isn't blacklisted 430 assertEquals(bl.isPublicKeyBlackListed(pk), true); 431 } 432 433 private static void printHash(String cert) throws Exception { 434 System.out.println("CERTIFICATE PUBLIC KEY HASH: " + getHash(createPublicKey(cert))); 435 } 436 437 private static void printSerial(String cert) throws Exception { 438 System.out.println("CERTIFICATE SERIAL NUMBER: " + createSerialNumber(cert).toString(16)); 439 } 440} 441