1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 /** 19 * @author Vladimir N. Molotkov 20 * @version $Revision$ 21 */ 22 23 package tests.security.cert; 24 25 import dalvik.annotation.TestLevel; 26 import dalvik.annotation.TestTargetClass; 27 import dalvik.annotation.TestTargetNew; 28 29 import junit.framework.TestCase; 30 31 import org.apache.harmony.security.tests.support.TestCertUtils; 32 import org.apache.harmony.security.tests.support.TestKeyPair; 33 import org.apache.harmony.security.tests.support.cert.TestUtils; 34 35 import java.io.ByteArrayInputStream; 36 import java.security.PublicKey; 37 import java.security.cert.CertificateException; 38 import java.security.cert.CertificateFactory; 39 import java.security.cert.TrustAnchor; 40 import java.security.cert.X509Certificate; 41 import java.security.spec.InvalidKeySpecException; 42 import java.util.Arrays; 43 44 import javax.security.auth.x500.X500Principal; 45 46 /** 47 * Unit tests for <code>TrustAnchor</code> 48 */ 49 @TestTargetClass(TrustAnchor.class) 50 public class TrustAnchorTest extends TestCase { 51 private static final String keyAlg = "DSA"; 52 // Sample of some valid CA name 53 private static final String validCaNameRfc2253 = 54 "CN=Test CA,"+ 55 "OU=Testing Division,"+ 56 "O=Test It All,"+ 57 "L=Test Town,"+ 58 "ST=Testifornia,"+ 59 "C=Testland"; 60 61 /** 62 * Test #1 for <code>TrustAnchor(String, PublicKey, byte[])</code> constructor<br> 63 * Assertion: creates <code>TrustAnchor</code> instance<br> 64 * Test preconditions: valid parameters passed<br> 65 * Expected: must pass without any exceptions 66 * @throws InvalidKeySpecException 67 */ 68 @TestTargetNew( 69 level = TestLevel.PARTIAL_COMPLETE, 70 notes = "", 71 method = "TrustAnchor", 72 args = {java.lang.String.class, java.security.PublicKey.class, byte[].class} 73 ) 74 public final void testTrustAnchorStringPublicKeybyteArray01() 75 throws Exception { 76 77 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 78 79 // sub testcase 1 80 new TrustAnchor(validCaNameRfc2253, pk, getFullEncoding()); 81 // sub testcase 2 82 new TrustAnchor(validCaNameRfc2253, pk, getEncodingPSOnly()); 83 // sub testcase 3 84 new TrustAnchor(validCaNameRfc2253, pk, getEncodingESOnly()); 85 // sub testcase 4 86 new TrustAnchor(validCaNameRfc2253, pk, getEncodingNoMinMax()); 87 } 88 89 /** 90 * Test #2 for <code>TrustAnchor(String, PublicKey, byte[])</code> constructor<br> 91 * Assertion: creates <code>TrustAnchor</code> instance<br> 92 * Test preconditions: <code>null</code> as nameConstraints passed<br> 93 * Expected: must pass without any exceptions 94 * @throws InvalidKeySpecException 95 */ 96 @TestTargetNew( 97 level = TestLevel.PARTIAL_COMPLETE, 98 notes = "Verifies null as a parameter.", 99 method = "TrustAnchor", 100 args = {java.lang.String.class, java.security.PublicKey.class, byte[].class} 101 ) 102 public final void testTrustAnchorStringPublicKeybyteArray02() 103 throws Exception { 104 105 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 106 107 new TrustAnchor(validCaNameRfc2253, pk, null); 108 } 109 110 /** 111 * Test #3 for <code>TrustAnchor(String, PublicKey, byte[])</code> constructor<br> 112 * Assertion: nameConstraints cloned by the constructor<br> 113 * Test preconditions: modify passed nameConstraints<br> 114 * Expected: modification must not change object internal state 115 * @throws InvalidKeySpecException 116 */ 117 @TestTargetNew( 118 level = TestLevel.PARTIAL_COMPLETE, 119 notes = "Verifies positive case.", 120 method = "TrustAnchor", 121 args = {java.lang.String.class, java.security.PublicKey.class, byte[].class} 122 ) 123 public final void testTrustAnchorStringPublicKeybyteArray03() 124 throws Exception { 125 126 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 127 128 byte[] nc = getEncodingPSOnly(); 129 byte[] ncCopy = nc.clone(); 130 // sub testcase 5 - nameConstraints can be null 131 TrustAnchor ta = new TrustAnchor(validCaNameRfc2253, pk, ncCopy); 132 // modify 133 ncCopy[0]=(byte)0; 134 // check that above modification did not change 135 // object internal state 136 assertTrue(Arrays.equals(nc, ta.getNameConstraints())); 137 } 138 139 /** 140 * Test #4 for <code>TrustAnchor(String, PublicKey, byte[])</code> constructor<br> 141 * Assertion: <code>NullPointerException</code> if <code>caName</code> 142 * or <code>caPublicKey</code> parameter is <code>null</code><br> 143 * Test preconditions: pass <code>null</code> as mentioned parameter<br> 144 * Expected: NullPointerException 145 */ 146 @TestTargetNew( 147 level = TestLevel.PARTIAL_COMPLETE, 148 notes = "Verifies exceptions.", 149 method = "TrustAnchor", 150 args = {java.lang.String.class, java.security.PublicKey.class, byte[].class} 151 ) 152 public final void testTrustAnchorStringPublicKeybyteArray04() 153 throws Exception { 154 155 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 156 157 // sub testcase 1: 'caName' param is null 158 try { 159 new TrustAnchor((String)null, pk, getEncodingPSOnly()); 160 fail("NullPointerException has not been thrown"); 161 } catch (NullPointerException ok) { 162 } 163 164 // sub testcase 2: 'caPublicKey' param is null 165 try { 166 new TrustAnchor(validCaNameRfc2253, null, getEncodingPSOnly()); 167 fail("NullPointerException has not been thrown"); 168 } catch (NullPointerException ok) { 169 } 170 171 // sub testcase 3: 'caName' and 'caPublicKey' params are null 172 try { 173 new TrustAnchor((String)null, null, getEncodingPSOnly()); 174 fail("NullPointerException has not been thrown"); 175 } catch (NullPointerException ok) { 176 } 177 178 // sub testcase 4: 'caName' param is empty 179 try { 180 new TrustAnchor("", pk, getEncodingPSOnly()); 181 fail("IllegalArgumentException has not been thrown"); 182 } catch (IllegalArgumentException ok) { 183 } 184 185 // sub testcase 5: 'caName' param is incorrect distinguished name 186 try { 187 new TrustAnchor("AID.11.12=A", pk, getEncodingPSOnly()); 188 fail("IllegalArgumentException has not been thrown"); 189 } catch (IllegalArgumentException ok) { 190 } 191 } 192 193 /** 194 * Test #1 for <code>TrustAnchor(X500Principal, PublicKey, byte[])</code> constructor<br> 195 * Assertion: creates <code>TrustAnchor</code> instance<br> 196 * Test preconditions: valid parameters passed<br> 197 * Expected: must pass without any exceptions 198 * @throws InvalidKeySpecException 199 */ 200 @TestTargetNew( 201 level = TestLevel.PARTIAL_COMPLETE, 202 notes = "Verifies positive case.", 203 method = "TrustAnchor", 204 args = {javax.security.auth.x500.X500Principal.class, java.security.PublicKey.class, byte[].class} 205 ) 206 public final void testTrustAnchorX500PrincipalPublicKeybyteArray01() 207 throws Exception { 208 209 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 210 211 X500Principal x500p = new X500Principal(validCaNameRfc2253); 212 // sub testcase 1 213 new TrustAnchor(x500p, pk, getFullEncoding()); 214 // sub testcase 2 215 new TrustAnchor(x500p, pk, getEncodingPSOnly()); 216 // sub testcase 3 217 new TrustAnchor(x500p, pk, getEncodingESOnly()); 218 // sub testcase 4 219 new TrustAnchor(x500p, pk, getEncodingNoMinMax()); 220 } 221 222 /** 223 * Test #2 for <code>TrustAnchor(X500Principal, PublicKey, byte[])</code> constructor<br> 224 * Assertion: creates <code>TrustAnchor</code> instance<br> 225 * Test preconditions: <code>null</code> as nameConstraints passed<br> 226 * Expected: must pass without any exceptions 227 * @throws InvalidKeySpecException 228 */ 229 @TestTargetNew( 230 level = TestLevel.PARTIAL_COMPLETE, 231 notes = "Verifies null as a parameter.", 232 method = "TrustAnchor", 233 args = {javax.security.auth.x500.X500Principal.class, java.security.PublicKey.class, byte[].class} 234 ) 235 public final void testTrustAnchorX500PrincipalPublicKeybyteArray02() 236 throws Exception { 237 238 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 239 240 X500Principal x500p = new X500Principal(validCaNameRfc2253); 241 242 new TrustAnchor(x500p, pk, null); 243 } 244 245 /** 246 * Test #3 for <code>TrustAnchor(X500Principal, PublicKey, byte[])</code> constructor<br> 247 * Assertion: nameConstraints cloned by the constructor<br> 248 * Test preconditions: modify passed nameConstraints<br> 249 * Expected: modification must not change object internal state 250 * @throws InvalidKeySpecException 251 */ 252 @TestTargetNew( 253 level = TestLevel.PARTIAL_COMPLETE, 254 notes = "Verifies TrustAnchor with copied byte array.", 255 method = "TrustAnchor", 256 args = {javax.security.auth.x500.X500Principal.class, java.security.PublicKey.class, byte[].class} 257 ) 258 public final void testTrustAnchorX500PrincipalPublicKeybyteArray03() 259 throws Exception { 260 261 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 262 263 byte[] nc = getEncodingPSOnly(); 264 byte[] ncCopy = nc.clone(); 265 // sub testcase 5 - nameConstraints can be null 266 TrustAnchor ta = new TrustAnchor(new X500Principal(validCaNameRfc2253), 267 pk, ncCopy); 268 // modify 269 ncCopy[0]=(byte)0; 270 // check that above modification did not change 271 // object internal state 272 assertTrue(Arrays.equals(nc, ta.getNameConstraints())); 273 } 274 275 /** 276 * Test #4 for <code>TrustAnchor(X500Principal, PublicKey, byte[])</code> constructor<br> 277 * Assertion: <code>NullPointerException</code> if <code>caPrincipal</code> 278 * or <code>caPublicKey</code> parameter is <code>null</code><br> 279 * Test preconditions: pass <code>null</code> as mentioned parameter<br> 280 * Expected: NullPointerException 281 * @throws InvalidKeySpecException 282 */ 283 @TestTargetNew( 284 level = TestLevel.PARTIAL_COMPLETE, 285 notes = "Verifies NullPointerException.", 286 method = "TrustAnchor", 287 args = {javax.security.auth.x500.X500Principal.class, java.security.PublicKey.class, byte[].class} 288 ) 289 public final void testTrustAnchorX500PrincipalPublicKeybyteArray04() 290 throws Exception { 291 292 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 293 294 X500Principal x500p = new X500Principal(validCaNameRfc2253); 295 // sub testcase 1 296 try { 297 new TrustAnchor((X500Principal)null, 298 pk, getEncodingPSOnly()); 299 fail("NullPointerException has not been thrown"); 300 } catch (NullPointerException ok) { 301 } 302 303 // sub testcase 2 304 try { 305 new TrustAnchor(x500p, null, getEncodingPSOnly()); 306 fail("NullPointerException has not been thrown"); 307 } catch (NullPointerException ok) { 308 } 309 310 // sub testcase 3 311 try { 312 new TrustAnchor((X500Principal)null, null, 313 getEncodingPSOnly()); 314 fail("NullPointerException has not been thrown"); 315 } catch (NullPointerException ok) { 316 } 317 318 } 319 320 /** 321 * Test #1 for <code>TrustAnchor(X509Certificate, byte[])</code> 322 * constructor<br> 323 * Assertion: creates <code>TrustAnchor</code> instance<br> 324 * Test preconditions: valid parameters passed<br> 325 * Expected: must pass without any exceptions 326 */ 327 @TestTargetNew( 328 level = TestLevel.PARTIAL_COMPLETE, 329 notes = "Verifies positive case.", 330 method = "TrustAnchor", 331 args = {java.security.cert.X509Certificate.class, byte[].class} 332 ) 333 public final void testTrustAnchorX509CertificatebyteArray01() 334 throws CertificateException { 335 336 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 337 X509Certificate pemCert = (X509Certificate) certFact 338 .generateCertificate(new ByteArrayInputStream(TestUtils 339 .getX509Certificate_v3())); 340 341 // sub testcase 1 342 TrustAnchor ta1 = new TrustAnchor(pemCert, getFullEncoding()); 343 assertNull(ta1.getCA()); 344 assertNull(ta1.getCAName()); 345 assertNull(ta1.getCAPublicKey()); 346 assertTrue(Arrays.equals(getFullEncoding(), ta1.getNameConstraints())); 347 assertEquals(pemCert, ta1.getTrustedCert()); 348 349 // sub testcase 2 350 TrustAnchor ta2 = new TrustAnchor(pemCert, getEncodingPSOnly()); 351 assertNull(ta2.getCA()); 352 assertNull(ta2.getCAName()); 353 assertNull(ta2.getCAPublicKey()); 354 assertTrue(Arrays.equals(getEncodingPSOnly(), ta2.getNameConstraints())); 355 assertEquals(pemCert, ta2.getTrustedCert()); 356 357 // sub testcase 3 358 TrustAnchor ta3 = new TrustAnchor(pemCert, getEncodingESOnly()); 359 assertNull(ta3.getCA()); 360 assertNull(ta3.getCAName()); 361 assertNull(ta3.getCAPublicKey()); 362 assertTrue(Arrays.equals(getEncodingESOnly(), ta3.getNameConstraints())); 363 assertEquals(pemCert, ta3.getTrustedCert()); 364 365 // sub testcase 4 366 TrustAnchor ta4 = new TrustAnchor(pemCert, getEncodingNoMinMax()); 367 assertNull(ta4.getCA()); 368 assertNull(ta4.getCAName()); 369 assertNull(ta4.getCAPublicKey()); 370 assertTrue(Arrays.equals(getEncodingNoMinMax(), ta4 371 .getNameConstraints())); 372 assertEquals(pemCert, ta4.getTrustedCert()); 373 } 374 375 /** 376 * Test #2 for <code>TrustAnchor(X509Certificate, byte[])</code> 377 * constructor<br> 378 * Assertion: creates <code>TrustAnchor</code> instance<br> 379 * Test preconditions: <code>null</code> as X509Certificate passed<br> 380 * Expected: <code>NullPointerException</code> 381 */ 382 @TestTargetNew( 383 level = TestLevel.PARTIAL_COMPLETE, 384 notes = "Verifies NullPointerException.", 385 method = "TrustAnchor", 386 args = {java.security.cert.X509Certificate.class, byte[].class} 387 ) 388 public final void testTrustAnchorX509CertificatebyteArray02() 389 throws Exception { 390 391 try { 392 new TrustAnchor(null, getFullEncoding()); 393 fail("NullPointerException expected"); 394 } catch (NullPointerException e) { 395 // expected 396 } 397 } 398 399 /** 400 * Test #3 for <code>TrustAnchor(X509Certificate, byte[])</code> 401 * constructor<br> 402 * Assertion: creates <code>TrustAnchor</code> instance<br> 403 * Test preconditions: <code>null</code> as nameConstraints passed<br> 404 * Expected: must pass without any exceptions 405 */ 406 @TestTargetNew( 407 level = TestLevel.PARTIAL_COMPLETE, 408 notes = "Verifies constructor with null as nameConstraints parameter.", 409 method = "TrustAnchor", 410 args = {java.security.cert.X509Certificate.class, byte[].class} 411 ) 412 public final void testTrustAnchorX509CertificatebyteArray03() 413 throws Exception { 414 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 415 X509Certificate pemCert = (X509Certificate) certFact 416 .generateCertificate(new ByteArrayInputStream(TestUtils 417 .getX509Certificate_v3())); 418 419 try { 420 new TrustAnchor(pemCert, null); 421 } catch (Exception e) { 422 fail("Unexpected exeption " + e.getMessage()); 423 } 424 } 425 426 /** 427 * Test #4 for <code>TrustAnchor(X509Certificate, byte[])</code> 428 * constructor<br> 429 * Assertion: creates <code>TrustAnchor</code> instance<br> 430 * Test preconditions: pass not valid name constraints array Expected: 431 * IllegalArgumentException 432 * 433 */ 434 @TestTargetNew( 435 level = TestLevel.PARTIAL_COMPLETE, 436 notes = "Verifies IllegalArgumentException.", 437 method = "TrustAnchor", 438 args = {java.security.cert.X509Certificate.class, byte[].class} 439 ) 440 public final void testTrustAnchorX509CertificatebyteArray04() 441 throws Exception { 442 443 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 444 X509Certificate pemCert = (X509Certificate) certFact 445 .generateCertificate(new ByteArrayInputStream(TestUtils 446 .getX509Certificate_v3())); 447 448 try { 449 new TrustAnchor(pemCert, 450 new byte[] { (byte) 1, (byte) 2, (byte) 3 }); 451 fail("IllegalArgumentException expected"); 452 } catch (IllegalArgumentException e) { 453 // expected 454 } 455 } 456 457 /** 458 * Test #5 for <code>TrustAnchor(X509Certificate, byte[])</code> 459 * constructor<br> 460 * Assertion: creates <code>TrustAnchor</code> instance<br> 461 * Test preconditions: both parameters are passed as null<br> 462 * Expected: <code>NullPointerException</code> 463 */ 464 @TestTargetNew( 465 level = TestLevel.PARTIAL_COMPLETE, 466 notes = "Verifies NullPointerException.", 467 method = "TrustAnchor", 468 args = {java.security.cert.X509Certificate.class, byte[].class} 469 ) 470 public final void testTrustAnchorX509CertificatebyteArray05() 471 throws Exception { 472 473 try { 474 new TrustAnchor(null, null); 475 fail("NullPointerException expected"); 476 } catch (NullPointerException e) { 477 // expected 478 } 479 } 480 481 /** 482 * Test #1 for <code>getCAPublicKey()</code> method<br> 483 * 484 * Assertion: returns most trusted CA public key</code><br> 485 * Test preconditions: valid name passed to the constructor<br> 486 * Expected: the same name must be returned by the method<br> 487 * 488 */ 489 @TestTargetNew( 490 level = TestLevel.COMPLETE, 491 notes = "", 492 method = "getCAPublicKey", 493 args = {} 494 ) 495 public final void testGetCAPublicKey01() throws Exception { 496 497 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 498 499 // sub testcase 1 500 TrustAnchor ta = 501 new TrustAnchor(validCaNameRfc2253, pk, null); 502 assertEquals("equals1", pk, ta.getCAPublicKey()); 503 // sub testcase 2 504 X500Principal x500p = new X500Principal(validCaNameRfc2253); 505 ta = new TrustAnchor(x500p, pk, null); 506 assertEquals("equals2", pk, ta.getCAPublicKey()); 507 } 508 509 510 /** 511 * Test #1 for <code>getCAName()</code> method<br> 512 * 513 * Assertion: returns most trusted CA name as <code>String</code><br> 514 * Test preconditions: valid name passed to the constructor<br> 515 * Expected: the same name must be returned by the method<br> 516 * @throws InvalidKeySpecException 517 */ 518 @TestTargetNew( 519 level = TestLevel.COMPLETE, 520 notes = "", 521 method = "getCAName", 522 args = {} 523 ) 524 public final void testGetCAName01() throws Exception { 525 526 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 527 528 // sub testcase 1 529 TrustAnchor ta = 530 new TrustAnchor(validCaNameRfc2253, pk, null); 531 assertEquals("equals1", validCaNameRfc2253, ta.getCAName()); 532 // sub testcase 2 533 X500Principal x500p = new X500Principal(validCaNameRfc2253); 534 ta = new TrustAnchor(x500p, pk, null); 535 assertEquals("equals2", validCaNameRfc2253, ta.getCAName()); 536 } 537 538 /** 539 * Test #2 for <code>getCAName()</code> method<br> 540 * 541 * Assertion: returns ... <code>null</code> if <code>TrustAnchor</code> 542 * was not specified as trusted certificate<br> 543 * Test preconditions: test object is not specified as trusted certificate<br> 544 * Expected: <code>null</code> as return value<br> 545 * @throws InvalidKeySpecException 546 */ 547 @TestTargetNew( 548 level = TestLevel.COMPLETE, 549 method = "getTrustedCert", 550 args = {} 551 ) 552 public final void testGetTrustedCer02() throws Exception { 553 554 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 555 556 // sub testcase 1 557 TrustAnchor ta = 558 new TrustAnchor(validCaNameRfc2253, pk, null); 559 assertNull("null1", ta.getTrustedCert()); 560 // sub testcase 2 561 X500Principal x500p = new X500Principal(validCaNameRfc2253); 562 ta = new TrustAnchor(x500p, pk, null); 563 assertNull("null2", ta.getTrustedCert()); 564 565 X509Certificate cert = new TestCertUtils.TestX509Certificate(x500p, x500p); 566 TrustAnchor ta2 = new TrustAnchor(cert, null); 567 assertSame(cert, ta2.getTrustedCert()); 568 } 569 570 /** 571 * Test #1 for <code>getNameConstraints()</code> method<br> 572 * 573 * Assertion: Returns the name constraints parameter.<br> 574 * Test preconditions: valid parameters are passed to the constructors<br> 575 * Expected: the valid parameters must be returned by the method<br> 576 */ 577 @TestTargetNew( 578 level = TestLevel.PARTIAL_COMPLETE, 579 notes = "Verifies positive case.", 580 method = "getNameConstraints", 581 args = {} 582 ) 583 public final void testGetNameConstraints01() throws Exception { 584 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 585 TrustAnchor ta1 = new TrustAnchor(validCaNameRfc2253, pk, 586 getFullEncoding()); 587 assertTrue(Arrays.equals(getFullEncoding(), ta1.getNameConstraints())); 588 589 X500Principal x500p = new X500Principal(validCaNameRfc2253); 590 TrustAnchor ta2 = new TrustAnchor(x500p, pk, getEncodingNoMinMax()); 591 assertTrue(Arrays.equals(getEncodingNoMinMax(), ta2 592 .getNameConstraints())); 593 594 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 595 X509Certificate pemCert = (X509Certificate) certFact 596 .generateCertificate(new ByteArrayInputStream(TestUtils 597 .getX509Certificate_v3())); 598 599 TrustAnchor ta3 = new TrustAnchor(pemCert, getEncodingPSOnly()); 600 assertTrue(Arrays.equals(getEncodingPSOnly(), ta3.getNameConstraints())); 601 } 602 603 /** 604 * Test #2 for <code>getNameConstraints()</code> method<br> 605 * 606 * Assertion: Returns the name constraints parameter.<br> 607 * Test preconditions: null parameters are passed to the constructors<br> 608 * Expected: the null parameters must be returned by the method<br> 609 */ 610 @TestTargetNew( 611 level = TestLevel.PARTIAL_COMPLETE, 612 notes = "Verifies that getNameConstraints returns null.", 613 method = "getNameConstraints", 614 args = {} 615 ) 616 public final void testGetNameConstraints02() throws Exception { 617 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 618 TrustAnchor ta1 = new TrustAnchor(validCaNameRfc2253, pk, null); 619 assertNull(ta1.getNameConstraints()); 620 621 X500Principal x500p = new X500Principal(validCaNameRfc2253); 622 TrustAnchor ta2 = new TrustAnchor(x500p, pk, null); 623 assertNull(ta2.getNameConstraints()); 624 625 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 626 X509Certificate pemCert = (X509Certificate) certFact 627 .generateCertificate(new ByteArrayInputStream(TestUtils 628 .getX509Certificate_v3())); 629 630 TrustAnchor ta3 = new TrustAnchor(pemCert, null); 631 assertNull(ta3.getNameConstraints()); 632 } 633 634 /** 635 * Test #1 for <code>toString()</code> method<br> 636 * 637 * Assertion: returns a formatted string describing the TrustAnchor<br> 638 * Test preconditions: valid parameters are passed to the constructors<br> 639 * Expected: not null string<br> 640 */ 641 @TestTargetNew( 642 level = TestLevel.COMPLETE, 643 notes = "", 644 method = "toString", 645 args = {} 646 ) 647 public final void testToString() throws Exception { 648 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 649 TrustAnchor ta1 = new TrustAnchor(validCaNameRfc2253, pk, 650 getFullEncoding()); 651 assertNotNull(ta1.toString()); 652 653 X500Principal x500p = new X500Principal(validCaNameRfc2253); 654 TrustAnchor ta2 = new TrustAnchor(x500p, pk, getEncodingNoMinMax()); 655 assertNotNull(ta2.toString()); 656 657 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 658 X509Certificate pemCert = (X509Certificate) certFact 659 .generateCertificate(new ByteArrayInputStream(TestUtils 660 .getX509Certificate_v3())); 661 662 TrustAnchor ta3 = new TrustAnchor(pemCert, getEncodingPSOnly()); 663 assertNotNull(ta3.toString()); 664 } 665 666 /** 667 * Test #1 for <code>getCA()</code> method<br> 668 * 669 * Assertion: returns most trusted CA<br> 670 * Test preconditions: valid CA or CA name passed to the constructor<br> 671 * Expected: the same CA ot the CA with the same name must be returned 672 * by the method<br> 673 * @throws InvalidKeySpecException 674 */ 675 @TestTargetNew( 676 level = TestLevel.COMPLETE, 677 notes = "", 678 method = "getCA", 679 args = {} 680 ) 681 public final void testGetCA01() throws Exception { 682 683 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 684 685 // sub testcase 1 686 TrustAnchor ta = 687 new TrustAnchor(validCaNameRfc2253, pk, null); 688 X500Principal ca = ta.getCA(); 689 assertEquals("equals1", validCaNameRfc2253, ca.getName()); 690 // sub testcase 2 691 X500Principal x500p = new X500Principal(validCaNameRfc2253); 692 ta = new TrustAnchor(x500p, pk, null); 693 assertEquals("equals2", x500p, ta.getCA()); 694 } 695 696 // 697 // Private stuff 698 // 699 700 /* 701 * The following methods return valid DER encoding 702 * for the following ASN.1 definition (as specified in RFC 3280 - 703 * Internet X.509 Public Key Infrastructure. 704 * Certificate and Certificate Revocation List (CRL) Profile. 705 * http://www.ietf.org/rfc/rfc3280.txt): 706 * 707 * NameConstraints ::= SEQUENCE { 708 * permittedSubtrees [0] GeneralSubtrees OPTIONAL, 709 * excludedSubtrees [1] GeneralSubtrees OPTIONAL } 710 * 711 * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree 712 * 713 * GeneralSubtree ::= SEQUENCE { 714 * base GeneralName, 715 * minimum [0] BaseDistance DEFAULT 0, 716 * maximum [1] BaseDistance OPTIONAL } 717 * 718 * BaseDistance ::= INTEGER (0..MAX) 719 * 720 * GeneralName ::= CHOICE { 721 * otherName [0] OtherName, 722 * rfc822Name [1] IA5String, 723 * dNSName [2] IA5String, 724 * x400Address [3] ORAddress, 725 * directoryName [4] Name, 726 * ediPartyName [5] EDIPartyName, 727 * uniformResourceIdentifier [6] IA5String, 728 * iPAddress [7] OCTET STRING, 729 * registeredID [8] OBJECT IDENTIFIER} 730 */ 731 732 // 733 // Full NameConstraints encoding 734 // (generated by own encoder class created during test development) 735 // 736 // @return Full NameConstraints encoding 737 // with all OPTIONAL values presented. 738 // 739 private static final byte[] getFullEncoding() { 740 // DO NOT MODIFY! 741 return new byte[] { 742 (byte)0x30,(byte)0x81,(byte)0x8c,(byte)0xa0, 743 (byte)0x44,(byte)0x30,(byte)0x16,(byte)0x86, 744 (byte)0x0e,(byte)0x66,(byte)0x69,(byte)0x6c, 745 (byte)0x65,(byte)0x3a,(byte)0x2f,(byte)0x2f, 746 (byte)0x66,(byte)0x6f,(byte)0x6f,(byte)0x2e, 747 (byte)0x63,(byte)0x6f,(byte)0x6d,(byte)0x80, 748 (byte)0x01,(byte)0x00,(byte)0x81,(byte)0x01, 749 (byte)0x01,(byte)0x30,(byte)0x16,(byte)0x86, 750 (byte)0x0e,(byte)0x66,(byte)0x69,(byte)0x6c, 751 (byte)0x65,(byte)0x3a,(byte)0x2f,(byte)0x2f, 752 (byte)0x62,(byte)0x61,(byte)0x72,(byte)0x2e, 753 (byte)0x63,(byte)0x6f,(byte)0x6d,(byte)0x80, 754 (byte)0x01,(byte)0x00,(byte)0x81,(byte)0x01, 755 (byte)0x01,(byte)0x30,(byte)0x12,(byte)0x86, 756 (byte)0x0a,(byte)0x66,(byte)0x69,(byte)0x6c, 757 (byte)0x65,(byte)0x3a,(byte)0x2f,(byte)0x2f, 758 (byte)0x6d,(byte)0x75,(byte)0x75,(byte)0x80, 759 (byte)0x01,(byte)0x00,(byte)0x81,(byte)0x01, 760 (byte)0x01,(byte)0xa1,(byte)0x44,(byte)0x30, 761 (byte)0x16,(byte)0x86,(byte)0x0e,(byte)0x68, 762 (byte)0x74,(byte)0x74,(byte)0x70,(byte)0x3a, 763 (byte)0x2f,(byte)0x2f,(byte)0x66,(byte)0x6f, 764 (byte)0x6f,(byte)0x2e,(byte)0x63,(byte)0x6f, 765 (byte)0x6d,(byte)0x80,(byte)0x01,(byte)0x00, 766 (byte)0x81,(byte)0x01,(byte)0x01,(byte)0x30, 767 (byte)0x16,(byte)0x86,(byte)0x0e,(byte)0x68, 768 (byte)0x74,(byte)0x74,(byte)0x70,(byte)0x3a, 769 (byte)0x2f,(byte)0x2f,(byte)0x62,(byte)0x61, 770 (byte)0x72,(byte)0x2e,(byte)0x63,(byte)0x6f, 771 (byte)0x6d,(byte)0x80,(byte)0x01,(byte)0x00, 772 (byte)0x81,(byte)0x01,(byte)0x01,(byte)0x30, 773 (byte)0x12,(byte)0x86,(byte)0x0a,(byte)0x68, 774 (byte)0x74,(byte)0x74,(byte)0x70,(byte)0x3a, 775 (byte)0x2f,(byte)0x2f,(byte)0x6d,(byte)0x75, 776 (byte)0x75,(byte)0x80,(byte)0x01,(byte)0x00, 777 (byte)0x81,(byte)0x01,(byte)0x01 778 }; 779 } 780 781 // 782 // NameConstraints encoding without excludedSubtrees 783 // (generated by own encoder class created during test development) 784 // 785 // @return NameConstraints encoding with 786 // permittedSubtrees only; all OPTIONAL 787 // values in permittedSubtrees are presented. 788 // 789 private static final byte[] getEncodingPSOnly() { 790 // DO NOT MODIFY! 791 return new byte[] { 792 (byte)0x30,(byte)0x46,(byte)0xa0,(byte)0x44, 793 (byte)0x30,(byte)0x16,(byte)0x86,(byte)0x0e, 794 (byte)0x66,(byte)0x69,(byte)0x6c,(byte)0x65, 795 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x66, 796 (byte)0x6f,(byte)0x6f,(byte)0x2e,(byte)0x63, 797 (byte)0x6f,(byte)0x6d,(byte)0x80,(byte)0x01, 798 (byte)0x00,(byte)0x81,(byte)0x01,(byte)0x01, 799 (byte)0x30,(byte)0x16,(byte)0x86,(byte)0x0e, 800 (byte)0x66,(byte)0x69,(byte)0x6c,(byte)0x65, 801 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x62, 802 (byte)0x61,(byte)0x72,(byte)0x2e,(byte)0x63, 803 (byte)0x6f,(byte)0x6d,(byte)0x80,(byte)0x01, 804 (byte)0x00,(byte)0x81,(byte)0x01,(byte)0x01, 805 (byte)0x30,(byte)0x12,(byte)0x86,(byte)0x0a, 806 (byte)0x66,(byte)0x69,(byte)0x6c,(byte)0x65, 807 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x6d, 808 (byte)0x75,(byte)0x75,(byte)0x80,(byte)0x01, 809 (byte)0x00,(byte)0x81,(byte)0x01,(byte)0x01, 810 }; 811 } 812 813 // 814 // NameConstraints encoding without permittedSubtrees 815 // (generated by own encoder class created during test development) 816 // 817 // @return NameConstraints encoding with 818 // excludedSubtrees only; all OPTIONAL 819 // values in excludedSubtrees are presented. 820 // 821 private static final byte[] getEncodingESOnly() { 822 // DO NOT MODIFY! 823 return new byte[] { 824 (byte)0x30,(byte)0x46,(byte)0xa1,(byte)0x44, 825 (byte)0x30,(byte)0x16,(byte)0x86,(byte)0x0e, 826 (byte)0x68,(byte)0x74,(byte)0x74,(byte)0x70, // http 827 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x66, // ://f 828 (byte)0x6f,(byte)0x6f,(byte)0x2e,(byte)0x63, // oo.c 829 (byte)0x6f,(byte)0x6d,(byte)0x80,(byte)0x01, // om 830 (byte)0x00,(byte)0x81,(byte)0x01,(byte)0x01, 831 (byte)0x30,(byte)0x16,(byte)0x86,(byte)0x0e, 832 (byte)0x68,(byte)0x74,(byte)0x74,(byte)0x70, 833 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x62, 834 (byte)0x61,(byte)0x72,(byte)0x2e,(byte)0x63, 835 (byte)0x6f,(byte)0x6d,(byte)0x80,(byte)0x01, 836 (byte)0x00,(byte)0x81,(byte)0x01,(byte)0x01, 837 (byte)0x30,(byte)0x12,(byte)0x86,(byte)0x0a, 838 (byte)0x68,(byte)0x74,(byte)0x74,(byte)0x70, 839 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x6d, 840 (byte)0x75,(byte)0x75,(byte)0x80,(byte)0x01, 841 (byte)0x00,(byte)0x81,(byte)0x01,(byte)0x01, 842 }; 843 } 844 845 // 846 // NameConstraints full encoding with all (OPTIONAL) 847 // minimum/maximum GeneralSubtree fields OMITTED 848 // (generated by own encoder class created during test development) 849 // 850 // @return Full NameConstraints encoding 851 // with all (OPTIONAL) minimum/maximum 852 // GeneralSubtree fields OMITTED 853 // 854 private static final byte[] getEncodingNoMinMax() { 855 // DO NOT MODIFY! 856 return new byte[] { 857 (byte)0x30,(byte)0x68,(byte)0xa0,(byte)0x32, 858 (byte)0x30,(byte)0x10,(byte)0x86,(byte)0x0e, 859 (byte)0x66,(byte)0x69,(byte)0x6c,(byte)0x65, 860 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x66, 861 (byte)0x6f,(byte)0x6f,(byte)0x2e,(byte)0x63, 862 (byte)0x6f,(byte)0x6d,(byte)0x30,(byte)0x10, 863 (byte)0x86,(byte)0x0e,(byte)0x66,(byte)0x69, 864 (byte)0x6c,(byte)0x65,(byte)0x3a,(byte)0x2f, 865 (byte)0x2f,(byte)0x62,(byte)0x61,(byte)0x72, 866 (byte)0x2e,(byte)0x63,(byte)0x6f,(byte)0x6d, 867 (byte)0x30,(byte)0x0c,(byte)0x86,(byte)0x0a, 868 (byte)0x66,(byte)0x69,(byte)0x6c,(byte)0x65, 869 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x6d, 870 (byte)0x75,(byte)0x75,(byte)0xa1,(byte)0x32, 871 (byte)0x30,(byte)0x10,(byte)0x86,(byte)0x0e, 872 (byte)0x68,(byte)0x74,(byte)0x74,(byte)0x70, 873 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x66, 874 (byte)0x6f,(byte)0x6f,(byte)0x2e,(byte)0x63, 875 (byte)0x6f,(byte)0x6d,(byte)0x30,(byte)0x10, 876 (byte)0x86,(byte)0x0e,(byte)0x68,(byte)0x74, 877 (byte)0x74,(byte)0x70,(byte)0x3a,(byte)0x2f, 878 (byte)0x2f,(byte)0x62,(byte)0x61,(byte)0x72, 879 (byte)0x2e,(byte)0x63,(byte)0x6f,(byte)0x6d, 880 (byte)0x30,(byte)0x0c,(byte)0x86,(byte)0x0a, 881 (byte)0x68,(byte)0x74,(byte)0x74,(byte)0x70, 882 (byte)0x3a,(byte)0x2f,(byte)0x2f,(byte)0x6d, 883 (byte)0x75,(byte)0x75, 884 }; 885 } 886 887 } 888