1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package tests.security.cert; 19 20 import junit.framework.TestCase; 21 22 import java.io.ByteArrayInputStream; 23 import java.io.IOException; 24 import java.math.BigInteger; 25 import java.security.InvalidAlgorithmParameterException; 26 import java.security.InvalidKeyException; 27 import java.security.NoSuchAlgorithmException; 28 import java.security.NoSuchProviderException; 29 import java.security.Principal; 30 import java.security.PublicKey; 31 import java.security.SignatureException; 32 import java.security.cert.CertPath; 33 import java.security.cert.CertPathBuilder; 34 import java.security.cert.CertPathBuilderException; 35 import java.security.cert.CertificateEncodingException; 36 import java.security.cert.CertificateException; 37 import java.security.cert.CertificateExpiredException; 38 import java.security.cert.CertificateFactory; 39 import java.security.cert.CertificateNotYetValidException; 40 import java.security.cert.CertificateParsingException; 41 import java.security.cert.PKIXBuilderParameters; 42 import java.security.cert.PKIXCertPathBuilderResult; 43 import java.security.cert.TrustAnchor; 44 import java.security.cert.X509CertSelector; 45 import java.security.cert.X509Certificate; 46 import java.util.ArrayList; 47 import java.util.Arrays; 48 import java.util.Calendar; 49 import java.util.Collection; 50 import java.util.Collections; 51 import java.util.Date; 52 import java.util.HashSet; 53 import java.util.Iterator; 54 import java.util.List; 55 import java.util.Set; 56 57 import javax.security.auth.x500.X500Principal; 58 59 60 import org.apache.harmony.security.tests.support.cert.MyCRL; 61 import org.apache.harmony.security.tests.support.cert.TestUtils; 62 import org.apache.harmony.security.tests.support.TestKeyPair; 63 import org.apache.harmony.security.asn1.ASN1Boolean; 64 import org.apache.harmony.security.asn1.ASN1Integer; 65 import org.apache.harmony.security.asn1.ASN1OctetString; 66 import org.apache.harmony.security.asn1.ASN1Oid; 67 import org.apache.harmony.security.asn1.ASN1Sequence; 68 import org.apache.harmony.security.asn1.ASN1Type; 69 import org.apache.harmony.security.x501.Name; 70 import org.apache.harmony.security.x509.CertificatePolicies; 71 import org.apache.harmony.security.x509.GeneralName; 72 import org.apache.harmony.security.x509.GeneralNames; 73 import org.apache.harmony.security.x509.NameConstraints; 74 import org.apache.harmony.security.x509.ORAddress; 75 import org.apache.harmony.security.x509.OtherName; 76 import org.apache.harmony.security.x509.PolicyInformation; 77 import org.apache.harmony.security.x509.PrivateKeyUsagePeriod; 78 79 /** 80 * X509CertSelectorTest 81 */ 82 public class X509CertSelectorTest extends TestCase { 83 84 byte[][] constraintBytes = new byte[][] { 85 { 86 48, 34, -96, 15, 48, 13, -127, 8, 56, 50, 50, 46, 78, 87 97, 109, 101, -128, 1, 0, -95, 15, 48, 13, -127, 8, 56, 88 50, 50, 46, 78, 97, 109, 101, -128, 1, 0}, 89 { 90 48, 42, -96, 19, 48, 17, -127, 12, 114, 102, 99, 64, 91 56, 50, 50, 46, 78, 97, 109, 101, -128, 1, 0, -95, 19, 92 48, 17, -127, 12, 114, 102, 99, 64, 56, 50, 50, 46, 78, 93 97, 109, 101, -128, 1, 0}, 94 { 95 48, 34, -96, 15, 48, 13, -126, 8, 78, 97, 109, 101, 46, 96 111, 114, 103, -128, 1, 0, -95, 15, 48, 13, -126, 8, 97 78, 97, 109, 101, 46, 111, 114, 103, -128, 1, 0}, 98 { 99 48, 42, -96, 19, 48, 17, -126, 12, 100, 78, 83, 46, 78, 100 97, 109, 101, 46, 111, 114, 103, -128, 1, 0, -95, 19, 101 48, 17, -126, 12, 100, 78, 83, 46, 78, 97, 109, 101, 102 46, 111, 114, 103, -128, 1, 0}, 103 { 104 48, 54, -96, 25, 48, 23, -122, 18, 104, 116, 116, 112, 105 58, 47, 47, 82, 101, 115, 111, 117, 114, 99, 101, 46, 106 73, 100, -128, 1, 0, -95, 25, 48, 23, -122, 18, 104, 107 116, 116, 112, 58, 47, 47, 82, 101, 115, 111, 117, 114, 108 99, 101, 46, 73, 100, -128, 1, 0}, 109 { 110 48, 70, -96, 33, 48, 31, -122, 26, 104, 116, 116, 112, 111 58, 47, 47, 117, 110, 105, 102, 111, 114, 109, 46, 82, 112 101, 115, 111, 117, 114, 99, 101, 46, 73, 100, -128, 1, 113 0, -95, 33, 48, 31, -122, 26, 104, 116, 116, 112, 58, 114 47, 47, 117, 110, 105, 102, 111, 114, 109, 46, 82, 101, 115 115, 111, 117, 114, 99, 101, 46, 73, 100, -128, 1, 0}, 116 { 117 48, 26, -96, 11, 48, 9, -121, 4, 1, 1, 1, 1, -128, 1, 118 0, -95, 11, 48, 9, -121, 4, 1, 1, 1, 1, -128, 1, 0}, 119 { 120 48, 50, -96, 23, 48, 21, -121, 16, 1, 1, 1, 1, 1, 1, 1, 121 1, 1, 1, 1, 1, 1, 1, 1, 1, -128, 1, 0, -95, 23, 48, 21, 122 -121, 16, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 123 1, -128, 1, 0}}; 124 125 /** 126 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[]) 127 */ 128 public void test_addSubjectAlternativeNameLintLbyte_array() throws IOException { 129 // Regression for HARMONY-2487 130 int[] types = { GeneralName.OTHER_NAME, 131 GeneralName.RFC822_NAME, 132 GeneralName.DNS_NAME, 133 GeneralName.X400_ADDR, 134 GeneralName.DIR_NAME, 135 GeneralName.EDIP_NAME, 136 GeneralName.UR_ID, 137 GeneralName.IP_ADDR, 138 GeneralName.REG_ID }; 139 for (int i = 0; i < types.length; i++) { 140 try { 141 new X509CertSelector().addSubjectAlternativeName(types[i], 142 (byte[]) null); 143 fail("No expected NullPointerException for type: " + types[i]); 144 } catch (NullPointerException e) { 145 } 146 } 147 } 148 149 /** 150 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String) 151 */ 152 public void test_addSubjectAlternativeNameLintLjava_lang_String() { 153 // Regression for HARMONY-727 154 int[] types = { GeneralName.OTHER_NAME, 155 // GeneralName.RFC822_NAME, 156 GeneralName.DNS_NAME, 157 GeneralName.X400_ADDR, 158 GeneralName.DIR_NAME, 159 GeneralName.EDIP_NAME, 160 GeneralName.UR_ID, 161 GeneralName.IP_ADDR, 162 GeneralName.REG_ID }; 163 for (int i = 0; i < types.length; i++) { 164 try { 165 new X509CertSelector().addSubjectAlternativeName(types[i], 166 "-0xDFRF"); 167 fail("IOException expected for type: " + types[i]); 168 } catch (IOException e) { 169 } 170 } 171 } 172 173 /** 174 * java.security.cert.X509CertSelector#addPathToName(int, byte[]) 175 */ 176 public void test_addPathToNameLintLbyte_array() throws IOException { 177 // Regression for HARMONY-2487 178 int[] types = { GeneralName.OTHER_NAME, 179 GeneralName.RFC822_NAME, 180 GeneralName.DNS_NAME, 181 GeneralName.X400_ADDR, 182 GeneralName.DIR_NAME, 183 GeneralName.EDIP_NAME, 184 GeneralName.UR_ID, 185 GeneralName.IP_ADDR, 186 GeneralName.REG_ID }; 187 for (int i = 0; i < types.length; i++) { 188 try { 189 new X509CertSelector().addPathToName(types[i], (byte[]) null); 190 fail("No expected NullPointerException for type: " + types[i]); 191 } catch (NullPointerException e) { 192 } 193 } 194 } 195 196 /** 197 * java.security.cert.X509CertSelector#addPathToName(int, String) 198 */ 199 public void test_addPathToNameLintLjava_lang_String() { 200 // Regression for HARMONY-724 201 for (int type = 0; type <= 8; type++) { 202 try { 203 new X509CertSelector().addPathToName(type, (String) null); 204 fail("IOException expected!"); 205 } catch (IOException ioe) { 206 // expected 207 } 208 } 209 210 211 } 212 213 /** 214 * java.security.cert.X509CertSelector#X509CertSelector() 215 */ 216 public void test_X509CertSelector() { 217 X509CertSelector selector = null; 218 try { 219 selector = new X509CertSelector(); 220 } catch (Exception e) { 221 fail("Unexpected exception " + e.getMessage()); 222 } 223 assertEquals(-1, selector.getBasicConstraints()); 224 assertTrue(selector.getMatchAllSubjectAltNames()); 225 } 226 227 /** 228 * java.security.cert.X509CertSelector#clone() 229 */ 230 public void test_clone() throws Exception { 231 X509CertSelector selector = new X509CertSelector(); 232 X509CertSelector selector1 = (X509CertSelector) selector.clone(); 233 234 assertEquals(selector.getMatchAllSubjectAltNames(), selector1 235 .getMatchAllSubjectAltNames()); 236 assertEquals(selector.getAuthorityKeyIdentifier(), selector1 237 .getAuthorityKeyIdentifier()); 238 assertEquals(selector.getBasicConstraints(), selector1 239 .getBasicConstraints()); 240 assertEquals(selector.getCertificate(), selector1.getCertificate()); 241 assertEquals(selector.getCertificateValid(), selector1 242 .getCertificateValid()); 243 assertEquals(selector.getExtendedKeyUsage(), selector1 244 .getExtendedKeyUsage()); 245 assertEquals(selector.getIssuer(), selector1.getIssuer()); 246 assertEquals(selector.getIssuerAsBytes(), selector1.getIssuerAsBytes()); 247 assertEquals(selector.getIssuerAsString(), selector1 248 .getIssuerAsString()); 249 assertEquals(selector.getKeyUsage(), selector1.getKeyUsage()); 250 assertEquals(selector.getNameConstraints(), selector1 251 .getNameConstraints()); 252 assertEquals(selector.getPathToNames(), selector1.getPathToNames()); 253 assertEquals(selector.getPolicy(), selector1.getPolicy()); 254 assertEquals(selector.getPrivateKeyValid(), selector1 255 .getPrivateKeyValid()); 256 assertEquals(selector.getSerialNumber(), selector1.getSerialNumber()); 257 assertEquals(selector.getSubject(), selector1.getSubject()); 258 assertEquals(selector.getSubjectAlternativeNames(), selector1 259 .getSubjectAlternativeNames()); 260 assertEquals(selector.getSubjectAsBytes(), selector1 261 .getSubjectAsBytes()); 262 assertEquals(selector.getSubjectAsString(), selector1 263 .getSubjectAsString()); 264 assertEquals(selector.getSubjectKeyIdentifier(), selector1 265 .getSubjectKeyIdentifier()); 266 assertEquals(selector.getSubjectPublicKey(), selector1 267 .getSubjectPublicKey()); 268 assertEquals(selector.getSubjectPublicKeyAlgID(), selector1 269 .getSubjectPublicKeyAlgID()); 270 271 selector = null; 272 try { 273 selector.clone(); 274 fail("NullPointerException expected"); 275 } catch (NullPointerException e) { 276 // expected 277 } 278 } 279 280 /** 281 * java.security.cert.X509CertSelector#getAuthorityKeyIdentifier() 282 */ 283 public void test_getAuthorityKeyIdentifier() { 284 byte[] akid1 = new byte[] { 4, 5, 1, 2, 3, 4, 5 }; // random value 285 byte[] akid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value 286 X509CertSelector selector = new X509CertSelector(); 287 288 assertNull("Selector should return null", selector 289 .getAuthorityKeyIdentifier()); 290 selector.setAuthorityKeyIdentifier(akid1); 291 assertTrue("The returned keyID should be equal to specified", Arrays 292 .equals(akid1, selector.getAuthorityKeyIdentifier())); 293 assertTrue("The returned keyID should be equal to specified", Arrays 294 .equals(akid1, selector.getAuthorityKeyIdentifier())); 295 assertFalse("The returned keyID should differ", Arrays.equals(akid2, 296 selector.getAuthorityKeyIdentifier())); 297 } 298 299 /** 300 * java.security.cert.X509CertSelector#getBasicConstraints() 301 */ 302 public void test_getBasicConstraints() { 303 X509CertSelector selector = new X509CertSelector(); 304 int[] validValues = { 2, 1, 0, 1, 2, 3, 10, 20 }; 305 for (int i = 0; i < validValues.length; i++) { 306 selector.setBasicConstraints(validValues[i]); 307 assertEquals(validValues[i], selector.getBasicConstraints()); 308 } 309 } 310 311 /** 312 * java.security.cert.X509CertSelector#getCertificate() 313 */ 314 public void test_getCertificate() throws CertificateException { 315 X509CertSelector selector = new X509CertSelector(); 316 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 317 X509Certificate cert1 = (X509Certificate) certFact 318 .generateCertificate(new ByteArrayInputStream(TestUtils 319 .getX509Certificate_v3())); 320 321 X509Certificate cert2 = (X509Certificate) certFact 322 .generateCertificate(new ByteArrayInputStream(TestUtils 323 .getX509Certificate_v1())); 324 325 selector.setCertificate(cert1); 326 assertEquals(cert1, selector.getCertificate()); 327 328 selector.setCertificate(cert2); 329 assertEquals(cert2, selector.getCertificate()); 330 331 selector.setCertificate(null); 332 assertNull(selector.getCertificate()); 333 } 334 335 /** 336 * java.security.cert.X509CertSelector#getCertificateValid() 337 */ 338 public void test_getCertificateValid() { 339 Date date1 = new Date(100); 340 Date date2 = new Date(200); 341 Date date3 = Calendar.getInstance().getTime(); 342 X509CertSelector selector = new X509CertSelector(); 343 344 assertNull("Selector should return null", selector 345 .getCertificateValid()); 346 selector.setCertificateValid(date1); 347 assertTrue("The returned date should be equal to specified", date1 348 .equals(selector.getCertificateValid())); 349 selector.getCertificateValid().setTime(200); 350 assertTrue("The returned date should be equal to specified", date1 351 .equals(selector.getCertificateValid())); 352 assertFalse("The returned date should differ", date2.equals(selector 353 .getCertificateValid())); 354 selector.setCertificateValid(date3); 355 assertTrue("The returned date should be equal to specified", date3 356 .equals(selector.getCertificateValid())); 357 selector.setCertificateValid(null); 358 assertNull(selector.getCertificateValid()); 359 } 360 361 /** 362 * java.security.cert.X509CertSelector#getExtendedKeyUsage() 363 */ 364 public void test_getExtendedKeyUsage() { 365 HashSet<String> ku = new HashSet<String>(Arrays 366 .asList(new String[] { "1.3.6.1.5.5.7.3.1", 367 "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 368 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", 369 "1.3.6.1.5.5.7.3.9", "1.3.6.1.5.5.7.3.5", 370 "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" })); 371 X509CertSelector selector = new X509CertSelector(); 372 373 assertNull("Selector should return null", selector 374 .getExtendedKeyUsage()); 375 try { 376 selector.setExtendedKeyUsage(ku); 377 } catch (IOException e) { 378 fail("Unexpected IOException was thrown."); 379 } 380 assertTrue( 381 "The returned extendedKeyUsage should be equal to specified", 382 ku.equals(selector.getExtendedKeyUsage())); 383 try { 384 selector.getExtendedKeyUsage().add("KRIBLEGRABLI"); 385 fail("The returned Set should be immutable."); 386 } catch (UnsupportedOperationException e) { 387 // expected 388 } 389 } 390 391 /** 392 * java.security.cert.X509CertSelector#getIssuer() 393 */ 394 public void test_getIssuer() { 395 X500Principal iss1 = new X500Principal("O=First Org."); 396 X500Principal iss2 = new X500Principal("O=Second Org."); 397 X509CertSelector selector = new X509CertSelector(); 398 399 assertNull("Selector should return null", selector.getIssuer()); 400 selector.setIssuer(iss1); 401 assertEquals("The returned issuer should be equal to specified", iss1, 402 selector.getIssuer()); 403 assertFalse("The returned issuer should differ", iss2.equals(selector 404 .getIssuer())); 405 } 406 407 /** 408 * java.security.cert.X509CertSelector#getIssuerAsBytes() 409 */ 410 public void test_getIssuerAsBytes() { 411 byte[] name1 = new byte[] 412 // manually obtained DER encoding of "O=First Org." issuer name; 413 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 414 116, 32, 79, 114, 103, 46 }; 415 416 byte[] name2 = new byte[] 417 // manually obtained DER encoding of "O=Second Org." issuer name; 418 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 419 110, 100, 32, 79, 114, 103, 46 }; 420 X500Principal iss1 = new X500Principal(name1); 421 X500Principal iss2 = new X500Principal(name2); 422 X509CertSelector selector = new X509CertSelector(); 423 424 try { 425 assertNull("Selector should return null", selector 426 .getIssuerAsBytes()); 427 selector.setIssuer(iss1); 428 assertTrue("The returned issuer should be equal to specified", 429 Arrays.equals(name1, selector.getIssuerAsBytes())); 430 assertFalse("The returned issuer should differ", name2 431 .equals(selector.getIssuerAsBytes())); 432 selector.setIssuer(iss2); 433 assertTrue("The returned issuer should be equal to specified", 434 Arrays.equals(name2, selector.getIssuerAsBytes())); 435 } catch (IOException e) { 436 fail("Unexpected IOException was thrown."); 437 } 438 } 439 440 /** 441 * java.security.cert.X509CertSelector#getIssuerAsString() 442 */ 443 public void test_getIssuerAsString() { 444 String name1 = "O=First Org."; 445 String name2 = "O=Second Org."; 446 X500Principal iss1 = new X500Principal(name1); 447 X500Principal iss2 = new X500Principal(name2); 448 X509CertSelector selector = new X509CertSelector(); 449 450 assertNull("Selector should return null", selector.getIssuerAsString()); 451 selector.setIssuer(iss1); 452 assertEquals("The returned issuer should be equal to specified", name1, 453 selector.getIssuerAsString()); 454 assertFalse("The returned issuer should differ", name2.equals(selector 455 .getIssuerAsString())); 456 selector.setIssuer(iss2); 457 assertEquals("The returned issuer should be equal to specified", name2, 458 selector.getIssuerAsString()); 459 } 460 461 /** 462 * java.security.cert.X509CertSelector#getKeyUsage() 463 */ 464 public void test_getKeyUsage() { 465 boolean[] ku = new boolean[] { true, false, true, false, true, false, 466 true, false, true }; 467 X509CertSelector selector = new X509CertSelector(); 468 469 assertNull("Selector should return null", selector.getKeyUsage()); 470 selector.setKeyUsage(ku); 471 assertTrue("The returned date should be equal to specified", Arrays 472 .equals(ku, selector.getKeyUsage())); 473 boolean[] result = selector.getKeyUsage(); 474 result[0] = !result[0]; 475 assertTrue("The returned keyUsage should be equal to specified", Arrays 476 .equals(ku, selector.getKeyUsage())); 477 } 478 479 /** 480 * java.security.cert.X509CertSelector#getMatchAllSubjectAltNames() 481 */ 482 public void test_getMatchAllSubjectAltNames() { 483 X509CertSelector selector = new X509CertSelector(); 484 assertTrue("The matchAllNames initially should be true", selector 485 .getMatchAllSubjectAltNames()); 486 selector.setMatchAllSubjectAltNames(false); 487 assertFalse("The value should be false", selector 488 .getMatchAllSubjectAltNames()); 489 } 490 491 /** 492 * java.security.cert.X509CertSelector#getNameConstraints() 493 */ 494 public void test_getNameConstraints() throws IOException { 495 496 // Used to generate following byte array 497 // GeneralName[] name_constraints = new GeneralName[] { 498 // new GeneralName(1, "822.Name"), 499 // new GeneralName(1, "rfc (at) 822.Name"), 500 // new GeneralName(2, "Name.org"), 501 // new GeneralName(2, "dNS.Name.org"), 502 // 503 // new GeneralName(6, "http://Resource.Id"), 504 // new GeneralName(6, "http://uniform.Resource.Id"), 505 // new GeneralName(7, "1.1.1.1"), 506 // 507 // new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 508 // 1, 1, 1, 1, 1 }), }; 509 // 510 // constraintBytes = new byte[name_constraints.length][]; 511 // 512 // for (int i = 0; i < name_constraints.length; i++) { 513 // GeneralSubtree subtree = new GeneralSubtree(name_constraints[i]); 514 // GeneralSubtrees subtrees = new GeneralSubtrees(); 515 // subtrees.addSubtree(subtree); 516 // NameConstraints constraints = new NameConstraints(subtrees, 517 // subtrees); 518 // constraintBytes[i] = constraints.getEncoded(); 519 // } 520 // System.out.println("XXX"+Arrays.deepToString(constraintBytes)+"XXX"); 521 522 X509CertSelector selector = new X509CertSelector(); 523 524 for (int i = 0; i < constraintBytes.length; i++) { 525 selector.setNameConstraints(constraintBytes[i]); 526 assertTrue(Arrays.equals(constraintBytes[i], selector 527 .getNameConstraints())); 528 } 529 } 530 531 /** 532 * java.security.cert.X509CertSelector#getPathToNames() 533 */ 534 public void test_getPathToNames() { 535 try { 536 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", 537 new byte[] { 1, 2, 0, 1 })); 538 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 539 GeneralName san2 = new GeneralName(2, "dNSName"); 540 GeneralName san3 = new GeneralName(new ORAddress()); 541 GeneralName san4 = new GeneralName(new Name("O=Organization")); 542 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 543 GeneralName san7 = new GeneralName(7, "1.1.1.1"); 544 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 545 546 GeneralNames sans1 = new GeneralNames(); 547 sans1.addName(san0); 548 sans1.addName(san1); 549 sans1.addName(san2); 550 sans1.addName(san3); 551 sans1.addName(san4); 552 sans1.addName(san6); 553 sans1.addName(san7); 554 sans1.addName(san8); 555 GeneralNames sans2 = new GeneralNames(); 556 sans2.addName(san0); 557 558 TestCert cert1 = new TestCert(sans1); 559 TestCert cert2 = new TestCert(sans2); 560 X509CertSelector selector = new X509CertSelector(); 561 selector.setMatchAllSubjectAltNames(true); 562 563 selector.setPathToNames(null); 564 assertTrue("Any certificate should match in the case of null " 565 + "subjectAlternativeNames criteria.", selector 566 .match(cert1) 567 && selector.match(cert2)); 568 569 Collection<List<?>> sans = sans1.getPairsList(); 570 571 selector.setPathToNames(sans); 572 selector.getPathToNames(); 573 } catch (IOException e) { 574 e.printStackTrace(); 575 fail("Unexpected IOException was thrown."); 576 } 577 } 578 579 /** 580 * java.security.cert.X509CertSelector#getPolicy() 581 */ 582 public void test_getPolicy() throws IOException { 583 String[] policies1 = new String[] { "1.3.6.1.5.5.7.3.1", 584 "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4", 585 "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", "1.3.6.1.5.5.7.3.5", 586 "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" }; 587 588 String[] policies2 = new String[] { "1.3.6.7.3.1" }; 589 590 HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1)); 591 HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2)); 592 593 X509CertSelector selector = new X509CertSelector(); 594 595 selector.setPolicy(null); 596 assertNull(selector.getPolicy()); 597 598 selector.setPolicy(p1); 599 assertEquals("The returned date should be equal to specified", p1, selector.getPolicy()); 600 601 selector.setPolicy(p2); 602 assertEquals("The returned date should be equal to specified", p2, selector.getPolicy()); 603 } 604 605 /** 606 * java.security.cert.X509CertSelector#getPrivateKeyValid() 607 */ 608 public void test_getPrivateKeyValid() { 609 Date date1 = new Date(100); 610 Date date2 = new Date(200); 611 X509CertSelector selector = new X509CertSelector(); 612 613 assertNull("Selector should return null", selector.getPrivateKeyValid()); 614 selector.setPrivateKeyValid(date1); 615 assertTrue("The returned date should be equal to specified", date1 616 .equals(selector.getPrivateKeyValid())); 617 selector.getPrivateKeyValid().setTime(200); 618 assertTrue("The returned date should be equal to specified", date1 619 .equals(selector.getPrivateKeyValid())); 620 assertFalse("The returned date should differ", date2.equals(selector 621 .getPrivateKeyValid())); 622 } 623 624 /** 625 * java.security.cert.X509CertSelector#getSerialNumber() 626 */ 627 public void test_getSerialNumber() { 628 BigInteger ser1 = new BigInteger("10000"); 629 BigInteger ser2 = new BigInteger("10001"); 630 X509CertSelector selector = new X509CertSelector(); 631 632 assertNull("Selector should return null", selector.getSerialNumber()); 633 selector.setSerialNumber(ser1); 634 assertEquals("The returned serial number should be equal to specified", 635 ser1, selector.getSerialNumber()); 636 assertFalse("The returned serial number should differ", ser2 637 .equals(selector.getSerialNumber())); 638 } 639 640 /** 641 * java.security.cert.X509CertSelector#getSubject() 642 */ 643 public void test_getSubject() { 644 X500Principal sub1 = new X500Principal("O=First Org."); 645 X500Principal sub2 = new X500Principal("O=Second Org."); 646 X509CertSelector selector = new X509CertSelector(); 647 648 assertNull("Selector should return null", selector.getSubject()); 649 selector.setSubject(sub1); 650 assertEquals("The returned subject should be equal to specified", sub1, 651 selector.getSubject()); 652 assertFalse("The returned subject should differ", sub2.equals(selector 653 .getSubject())); 654 } 655 656 /** 657 * java.security.cert.X509CertSelector#getSubjectAlternativeNames() 658 */ 659 public void test_getSubjectAlternativeNames() { 660 try { 661 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 662 GeneralName san2 = new GeneralName(2, "dNSName"); 663 664 GeneralNames sans = new GeneralNames(); 665 sans.addName(san1); 666 sans.addName(san2); 667 668 TestCert cert_1 = new TestCert(sans); 669 X509CertSelector selector = new X509CertSelector(); 670 671 assertNull("Selector should return null", selector 672 .getSubjectAlternativeNames()); 673 674 selector.setSubjectAlternativeNames(sans.getPairsList()); 675 assertTrue("The certificate should match the selection criteria.", 676 selector.match(cert_1)); 677 selector.getSubjectAlternativeNames().clear(); 678 assertTrue("The modification of initialization object " 679 + "should not affect the modification " 680 + "of internal object.", selector.match(cert_1)); 681 } catch (IOException e) { 682 e.printStackTrace(); 683 fail("Unexpected IOException was thrown."); 684 } 685 } 686 687 /** 688 * java.security.cert.X509CertSelector#getSubjectAsBytes() 689 */ 690 public void test_getSubjectAsBytes() { 691 byte[] name1 = new byte[] 692 // manually obtained DER encoding of "O=First Org." issuer name; 693 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 694 116, 32, 79, 114, 103, 46 }; 695 byte[] name2 = new byte[] 696 // manually obtained DER encoding of "O=Second Org." issuer name; 697 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 698 110, 100, 32, 79, 114, 103, 46 }; 699 700 X500Principal sub1 = new X500Principal(name1); 701 X500Principal sub2 = new X500Principal(name2); 702 X509CertSelector selector = new X509CertSelector(); 703 704 try { 705 assertNull("Selector should return null", selector 706 .getSubjectAsBytes()); 707 selector.setSubject(sub1); 708 assertTrue("The returned issuer should be equal to specified", 709 Arrays.equals(name1, selector.getSubjectAsBytes())); 710 assertFalse("The returned issuer should differ", name2 711 .equals(selector.getSubjectAsBytes())); 712 selector.setSubject(sub2); 713 assertTrue("The returned issuer should be equal to specified", 714 Arrays.equals(name2, selector.getSubjectAsBytes())); 715 } catch (IOException e) { 716 fail("Unexpected IOException was thrown."); 717 } 718 } 719 720 /** 721 * java.security.cert.X509CertSelector#getSubjectAsString() 722 */ 723 public void test_getSubjectAsString() { 724 String name1 = "O=First Org."; 725 String name2 = "O=Second Org."; 726 X500Principal sub1 = new X500Principal(name1); 727 X500Principal sub2 = new X500Principal(name2); 728 X509CertSelector selector = new X509CertSelector(); 729 730 assertNull("Selector should return null", selector.getSubjectAsString()); 731 selector.setSubject(sub1); 732 assertEquals("The returned subject should be equal to specified", 733 name1, selector.getSubjectAsString()); 734 assertFalse("The returned subject should differ", name2.equals(selector 735 .getSubjectAsString())); 736 selector.setSubject(sub2); 737 assertEquals("The returned subject should be equal to specified", 738 name2, selector.getSubjectAsString()); 739 } 740 741 /** 742 * java.security.cert.X509CertSelector#getSubjectKeyIdentifier() 743 */ 744 public void test_getSubjectKeyIdentifier() { 745 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 746 byte[] skid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value 747 X509CertSelector selector = new X509CertSelector(); 748 749 assertNull("Selector should return null", selector 750 .getSubjectKeyIdentifier()); 751 selector.setSubjectKeyIdentifier(skid1); 752 assertTrue("The returned keyID should be equal to specified", Arrays 753 .equals(skid1, selector.getSubjectKeyIdentifier())); 754 selector.getSubjectKeyIdentifier()[0]++; 755 assertTrue("The returned keyID should be equal to specified", Arrays 756 .equals(skid1, selector.getSubjectKeyIdentifier())); 757 assertFalse("The returned keyID should differ", Arrays.equals(skid2, 758 selector.getSubjectKeyIdentifier())); 759 } 760 761 /** 762 * java.security.cert.X509CertSelector#getSubjectPublicKey() 763 */ 764 public void test_getSubjectPublicKey() throws Exception { 765 766 // SubjectPublicKeyInfo ::= SEQUENCE { 767 // algorithm AlgorithmIdentifier, 768 // subjectPublicKey BIT STRING } 769 byte[] enc = { 0x30, 0x0E, // SEQUENCE 770 0x30, 0x07, // SEQUENCE 771 0x06, 0x02, 0x03, 0x05,// OID 772 0x01, 0x01, 0x07, // ANY 773 0x03, 0x03, 0x01, 0x01, 0x06, // subjectPublicKey 774 }; 775 776 X509CertSelector selector = new X509CertSelector(); 777 778 selector.setSubjectPublicKey(enc); 779 PublicKey key = selector.getSubjectPublicKey(); 780 assertEquals("0.3.5", key.getAlgorithm()); 781 assertEquals("X.509", key.getFormat()); 782 assertTrue(Arrays.equals(enc, key.getEncoded())); 783 assertNotNull(key.toString()); 784 785 key = new MyPublicKey(); 786 787 selector.setSubjectPublicKey(key); 788 PublicKey keyActual = selector.getSubjectPublicKey(); 789 assertEquals(key, keyActual); 790 assertEquals(key.getAlgorithm(), keyActual.getAlgorithm()); 791 } 792 793 /** 794 * java.security.cert.X509CertSelector#getSubjectPublicKeyAlgID() 795 */ 796 public void test_getSubjectPublicKeyAlgID() { 797 798 X509CertSelector selector = new X509CertSelector(); 799 String[] validOIDs = { "0.0.20", "1.25.0", "2.0.39", "0.2.10", "1.35.15", 800 "2.17.89" }; 801 802 assertNull("Selector should return null", selector 803 .getSubjectPublicKeyAlgID()); 804 805 for (int i = 0; i < validOIDs.length; i++) { 806 try { 807 selector.setSubjectPublicKeyAlgID(validOIDs[i]); 808 assertEquals(validOIDs[i], selector.getSubjectPublicKeyAlgID()); 809 } catch (IOException e) { 810 System.out.println("t = " + e.getMessage()); 811 //fail("Unexpected exception " + e.getMessage()); 812 } 813 } 814 815 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA encryption 816 String pkaid2 = "1.2.840.113549.1.1.4"; // MD5 with RSA encryption 817 818 try { 819 selector.setSubjectPublicKeyAlgID(pkaid1); 820 } catch (IOException e) { 821 fail("Unexpected IOException was thrown."); 822 } 823 assertTrue("The returned oid should be equal to specified", pkaid1 824 .equals(selector.getSubjectPublicKeyAlgID())); 825 assertFalse("The returned oid should differ", pkaid2.equals(selector 826 .getSubjectPublicKeyAlgID())); 827 } 828 829 /** 830 * java.security.cert.X509CertSelector#match(java.security.cert.Certificate) 831 */ 832 public void test_matchLjava_security_cert_Certificate() 833 throws CertificateException { 834 X509CertSelector selector = new X509CertSelector(); 835 assertFalse(selector.match(null)); 836 837 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 838 X509Certificate cert1 = (X509Certificate) certFact 839 .generateCertificate(new ByteArrayInputStream(TestUtils 840 .getX509Certificate_v3())); 841 842 X509Certificate cert2 = (X509Certificate) certFact 843 .generateCertificate(new ByteArrayInputStream(TestUtils 844 .getX509Certificate_v1())); 845 846 selector.setCertificate(cert1); 847 assertTrue(selector.match(cert1)); 848 assertFalse(selector.match(cert2)); 849 850 selector.setCertificate(cert2); 851 assertFalse(selector.match(cert1)); 852 assertTrue(selector.match(cert2)); 853 } 854 855 /** 856 * java.security.cert.X509CertSelector#setAuthorityKeyIdentifier(byte[]) 857 */ 858 public void test_setAuthorityKeyIdentifierLB$() throws CertificateException { 859 X509CertSelector selector = new X509CertSelector(); 860 861 byte[] akid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 862 byte[] akid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value 863 TestCert cert1 = new TestCert(akid1); 864 TestCert cert2 = new TestCert(akid2); 865 866 selector.setAuthorityKeyIdentifier(null); 867 assertTrue("The certificate should match the selection criteria.", 868 selector.match(cert1)); 869 assertTrue("The certificate should match the selection criteria.", 870 selector.match(cert2)); 871 assertNull(selector.getAuthorityKeyIdentifier()); 872 873 selector.setAuthorityKeyIdentifier(akid1); 874 assertTrue("The certificate should not match the selection criteria.", 875 selector.match(cert1)); 876 assertFalse("The certificate should not match the selection criteria.", 877 selector.match(cert2)); 878 selector.setAuthorityKeyIdentifier(akid2); 879 assertFalse("The certificate should not match the selection criteria.", 880 selector.match(cert1)); 881 assertTrue("The certificate should not match the selection criteria.", 882 selector.match(cert2)); 883 884 akid2[0]++; 885 assertTrue("The certificate should match the selection criteria.", 886 selector.match(cert2)); 887 } 888 889 /** 890 * java.security.cert.X509CertSelector#setBasicConstraints(int) 891 */ 892 public void test_setBasicConstraintsLint() { 893 X509CertSelector selector = new X509CertSelector(); 894 int[] invalidValues = { -3, -4, -5, 1000000000 }; 895 for (int i = 0; i < invalidValues.length; i++) { 896 try { 897 selector.setBasicConstraints(-3); 898 fail("IllegalArgumentException expected"); 899 } catch (IllegalArgumentException e) { 900 // expected 901 } 902 } 903 904 int[] validValues = { -2, -1, 0, 1, 2, 3, 10, 20 }; 905 for (int i = 0; i < validValues.length; i++) { 906 selector.setBasicConstraints(validValues[i]); 907 assertEquals(validValues[i], selector.getBasicConstraints()); 908 } 909 } 910 911 /** 912 * java.security.cert.X509CertSelector#setCertificate(java.security.cert.Certificate) 913 */ 914 public void test_setCertificateLjava_security_cert_X509Certificate() 915 throws CertificateException { 916 917 TestCert cert1 = new TestCert("same certificate"); 918 TestCert cert2 = new TestCert("other certificate"); 919 X509CertSelector selector = new X509CertSelector(); 920 921 selector.setCertificate(null); 922 assertTrue("Any certificates should match in the case of null " 923 + "certificateEquals criteria.", selector.match(cert1) 924 && selector.match(cert2)); 925 selector.setCertificate(cert1); 926 assertTrue("The certificate should match the selection criteria.", 927 selector.match(cert1)); 928 assertFalse("The certificate should not match the selection criteria.", 929 selector.match(cert2)); 930 selector.setCertificate(cert2); 931 assertTrue("The certificate should match the selection criteria.", 932 selector.match(cert2)); 933 selector.setCertificate(null); 934 assertNull(selector.getCertificate()); 935 } 936 937 /** 938 * java.security.cert.X509CertSelector#setCertificateValid(java.util.Date) 939 */ 940 public void test_setCertificateValidLjava_util_Date() 941 throws CertificateException { 942 X509CertSelector selector = new X509CertSelector(); 943 944 Date date1 = new Date(100); 945 Date date2 = new Date(200); 946 TestCert cert1 = new TestCert(date1); 947 TestCert cert2 = new TestCert(date2); 948 949 selector.setCertificateValid(null); 950 assertNull(selector.getCertificateValid()); 951 selector.setCertificateValid(date1); 952 assertTrue("The certificate should match the selection criteria.", 953 selector.match(cert1)); 954 assertFalse("The certificate should not match the selection criteria.", 955 selector.match(cert2)); 956 selector.setCertificateValid(date2); 957 date2.setTime(300); 958 assertTrue("The certificate should match the selection criteria.", 959 selector.match(cert2)); 960 } 961 962 /** 963 * java.security.cert.X509CertSelector#setExtendedKeyUsage(Set<String>) 964 */ 965 public void test_setExtendedKeyUsageLjava_util_Set() 966 throws CertificateException { 967 HashSet<String> ku1 = new HashSet<String>(Arrays 968 .asList(new String[] { "1.3.6.1.5.5.7.3.1", 969 "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 970 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", 971 "1.3.6.1.5.5.7.3.9", "1.3.6.1.5.5.7.3.5", 972 "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" })); 973 HashSet<String> ku2 = new HashSet<String>(Arrays.asList(new String[] { 974 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 975 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 976 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6" })); 977 TestCert cert1 = new TestCert(ku1); 978 TestCert cert2 = new TestCert(ku2); 979 980 X509CertSelector selector = new X509CertSelector(); 981 982 try { 983 selector.setExtendedKeyUsage(null); 984 } catch (IOException e) { 985 fail("Unexpected IOException was thrown."); 986 } 987 assertTrue("Any certificate should match in the case of null " 988 + "extendedKeyUsage criteria.", selector.match(cert1) 989 && selector.match(cert2)); 990 try { 991 selector.setExtendedKeyUsage(ku1); 992 } catch (IOException e) { 993 fail("Unexpected IOException was thrown."); 994 } 995 assertEquals(ku1, selector.getExtendedKeyUsage()); 996 997 try { 998 selector.setExtendedKeyUsage(ku2); 999 } catch (IOException e) { 1000 fail("Unexpected IOException was thrown."); 1001 } 1002 assertEquals(ku2, selector.getExtendedKeyUsage()); 1003 } 1004 1005 /** 1006 * java.security.cert.X509CertSelector#setIssuer(byte[]) 1007 */ 1008 public void test_setIssuerLB$() throws CertificateException { 1009 byte[] name1 = new byte[] 1010 // manually obtained DER encoding of "O=First Org." issuer name; 1011 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 1012 116, 32, 79, 114, 103, 46 }; 1013 byte[] name2 = new byte[] 1014 // manually obtained DER encoding of "O=Second Org." issuer name; 1015 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 1016 110, 100, 32, 79, 114, 103, 46 }; 1017 X500Principal iss1 = new X500Principal(name1); 1018 X500Principal iss2 = new X500Principal(name2); 1019 TestCert cert1 = new TestCert(iss1); 1020 TestCert cert2 = new TestCert(iss2); 1021 1022 X509CertSelector selector = new X509CertSelector(); 1023 1024 try { 1025 selector.setIssuer((byte[]) null); 1026 } catch (IOException e) { 1027 fail("Unexpected IOException was thrown."); 1028 } 1029 assertTrue("Any certificates should match " 1030 + "in the case of null issuer criteria.", selector.match(cert1) 1031 && selector.match(cert2)); 1032 try { 1033 selector.setIssuer(name1); 1034 } catch (IOException e) { 1035 fail("Unexpected IOException was thrown."); 1036 } 1037 assertTrue("The certificate should match the selection criteria.", 1038 selector.match(cert1)); 1039 assertFalse("The certificate should not match the selection criteria.", 1040 selector.match(cert2)); 1041 try { 1042 selector.setIssuer(name2); 1043 } catch (IOException e) { 1044 fail("Unexpected IOException was thrown."); 1045 } 1046 assertTrue("The certificate should match the selection criteria.", 1047 selector.match(cert2)); 1048 } 1049 1050 /** 1051 * java.security.cert.X509CertSelector#setIssuer(java.lang.String) 1052 */ 1053 public void test_setIssuerLjava_lang_String() throws CertificateException { 1054 1055 String name1 = "O=First Org."; 1056 String name2 = "O=Second Org."; 1057 X500Principal iss1 = new X500Principal(name1); 1058 X500Principal iss2 = new X500Principal(name2); 1059 TestCert cert1 = new TestCert(iss1); 1060 TestCert cert2 = new TestCert(iss2); 1061 1062 X509CertSelector selector = new X509CertSelector(); 1063 1064 try { 1065 selector.setIssuer((String) null); 1066 } catch (IOException e) { 1067 fail("Unexpected IOException was thrown."); 1068 } 1069 assertTrue("Any certificates should match " 1070 + "in the case of null issuer criteria.", selector.match(cert1) 1071 && selector.match(cert2)); 1072 try { 1073 selector.setIssuer(name1); 1074 } catch (IOException e) { 1075 fail("Unexpected IOException was thrown."); 1076 } 1077 assertTrue("The certificate should match the selection criteria.", 1078 selector.match(cert1)); 1079 assertFalse("The certificate should not match the selection criteria.", 1080 selector.match(cert2)); 1081 try { 1082 selector.setIssuer(name2); 1083 } catch (IOException e) { 1084 fail("Unexpected IOException was thrown."); 1085 } 1086 assertTrue("The certificate should match the selection criteria.", 1087 selector.match(cert2)); 1088 } 1089 1090 /** 1091 * java.security.cert.X509CertSelector#setIssuer(javax.security.auth.x500.X500Principal) 1092 */ 1093 public void test_setIssuerLjavax_security_auth_x500_X500Principal() 1094 throws CertificateException { 1095 X500Principal iss1 = new X500Principal("O=First Org."); 1096 X500Principal iss2 = new X500Principal("O=Second Org."); 1097 TestCert cert1 = new TestCert(iss1); 1098 TestCert cert2 = new TestCert(iss2); 1099 X509CertSelector selector = new X509CertSelector(); 1100 1101 selector.setIssuer((X500Principal) null); 1102 assertTrue("Any certificates should match " 1103 + "in the case of null issuer criteria.", selector.match(cert1) 1104 && selector.match(cert2)); 1105 selector.setIssuer(iss1); 1106 assertTrue("The certificate should match the selection criteria.", 1107 selector.match(cert1)); 1108 assertFalse("The certificate should not match the selection criteria.", 1109 selector.match(cert2)); 1110 selector.setIssuer(iss2); 1111 assertTrue("The certificate should match the selection criteria.", 1112 selector.match(cert2)); 1113 } 1114 1115 /** 1116 * java.security.cert.X509CertSelector#setKeyUsage(boolean) 1117 */ 1118 public void test_setKeyUsageZ() throws CertificateException { 1119 boolean[] ku1 = new boolean[] { true, true, true, true, true, true, 1120 true, true, true }; 1121 // decipherOnly is disallowed 1122 boolean[] ku2 = new boolean[] { true, true, true, true, true, true, 1123 true, true, false }; 1124 TestCert cert1 = new TestCert(ku1); 1125 TestCert cert2 = new TestCert(ku2); 1126 TestCert cert3 = new TestCert((boolean[]) null); 1127 1128 X509CertSelector selector = new X509CertSelector(); 1129 1130 selector.setKeyUsage(null); 1131 assertTrue("Any certificate should match in the case of null " 1132 + "keyUsage criteria.", selector.match(cert1) 1133 && selector.match(cert2)); 1134 selector.setKeyUsage(ku1); 1135 assertTrue("The certificate should match the selection criteria.", 1136 selector.match(cert1)); 1137 assertFalse("The certificate should not match the selection criteria.", 1138 selector.match(cert2)); 1139 assertTrue("The certificate which does not have a keyUsage extension " 1140 + "implicitly allows all keyUsage values.", selector 1141 .match(cert3)); 1142 selector.setKeyUsage(ku2); 1143 ku2[0] = !ku2[0]; 1144 assertTrue("The certificate should match the selection criteria.", 1145 selector.match(cert2)); 1146 } 1147 1148 /** 1149 * java.security.cert.X509CertSelector#setMatchAllSubjectAltNames(boolean) 1150 */ 1151 public void test_setMatchAllSubjectAltNamesZ() { 1152 TestCert cert = new TestCert(); 1153 X509CertSelector selector = new X509CertSelector(); 1154 1155 assertTrue(selector.match(cert)); 1156 1157 assertFalse(selector.match(null)); 1158 } 1159 1160 /** 1161 * java.security.cert.X509CertSelector#setNameConstraints(byte[] 1162 * bytes) 1163 */ 1164 public void test_setNameConstraintsLB$() throws IOException { 1165 // GeneralName[] name_constraints = new GeneralName[] { 1166 // new GeneralName(1, "822.Name"), 1167 // new GeneralName(1, "rfc (at) 822.Name"), 1168 // new GeneralName(2, "Name.org"), 1169 // new GeneralName(2, "dNS.Name.org"), 1170 // 1171 // new GeneralName(6, "http://Resource.Id"), 1172 // new GeneralName(6, "http://uniform.Resource.Id"), 1173 // new GeneralName(7, "1.1.1.1"), 1174 // 1175 // new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1176 // 1, 1, 1, 1, 1 }), }; 1177 // 1178 // for (int i = 0; i < name_constraints.length; i++) { 1179 // GeneralSubtree subtree = new GeneralSubtree(name_constraints[i]); 1180 // GeneralSubtrees subtrees = new GeneralSubtrees(); 1181 // subtrees.addSubtree(subtree); 1182 // NameConstraints constraints = new NameConstraints(subtrees, 1183 // subtrees); 1184 // } 1185 X509CertSelector selector = new X509CertSelector(); 1186 1187 for (int i = 0; i < constraintBytes.length; i++) { 1188 selector.setNameConstraints(constraintBytes[i]); 1189 assertTrue(Arrays.equals(constraintBytes[i], selector 1190 .getNameConstraints())); 1191 } 1192 } 1193 1194 /** 1195 * java.security.cert.X509CertSelector#setPathToNames(Collection<List<?>>) 1196 */ 1197 public void test_setPathToNamesLjava_util_Collection() { 1198 try { 1199 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", 1200 new byte[] { 1, 2, 0, 1 })); 1201 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 1202 GeneralName san2 = new GeneralName(2, "dNSName"); 1203 GeneralName san3 = new GeneralName(new ORAddress()); 1204 GeneralName san4 = new GeneralName(new Name("O=Organization")); 1205 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 1206 GeneralName san7 = new GeneralName(7, "1.1.1.1"); 1207 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 1208 1209 GeneralNames sans1 = new GeneralNames(); 1210 sans1.addName(san0); 1211 sans1.addName(san1); 1212 sans1.addName(san2); 1213 sans1.addName(san3); 1214 sans1.addName(san4); 1215 sans1.addName(san6); 1216 sans1.addName(san7); 1217 sans1.addName(san8); 1218 GeneralNames sans2 = new GeneralNames(); 1219 sans2.addName(san0); 1220 1221 TestCert cert1 = new TestCert(sans1); 1222 TestCert cert2 = new TestCert(sans2); 1223 X509CertSelector selector = new X509CertSelector(); 1224 selector.setMatchAllSubjectAltNames(true); 1225 1226 selector.setPathToNames(null); 1227 assertTrue("Any certificate should match in the case of null " 1228 + "subjectAlternativeNames criteria.", selector 1229 .match(cert1) 1230 && selector.match(cert2)); 1231 1232 Collection<List<?>> sans = sans1.getPairsList(); 1233 1234 selector.setPathToNames(sans); 1235 selector.getPathToNames(); 1236 } catch (IOException e) { 1237 e.printStackTrace(); 1238 fail("Unexpected IOException was thrown."); 1239 } 1240 } 1241 1242 /** 1243 * java.security.cert.X509CertSelector#setPolicy(Set<String>) 1244 */ 1245 public void test_setPolicyLjava_util_Set() throws IOException { 1246 String[] policies1 = new String[] { "1.3.6.1.5.5.7.3.1", 1247 "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4", 1248 "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", "1.3.6.1.5.5.7.3.5", 1249 "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" }; 1250 1251 String[] policies2 = new String[] { "1.3.6.7.3.1" }; 1252 1253 HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1)); 1254 HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2)); 1255 1256 X509CertSelector selector = new X509CertSelector(); 1257 1258 TestCert cert1 = new TestCert(policies1); 1259 TestCert cert2 = new TestCert(policies2); 1260 1261 selector.setPolicy(null); 1262 assertTrue("Any certificate should match in the case of null " 1263 + "privateKeyValid criteria.", selector.match(cert1) 1264 && selector.match(cert2)); 1265 1266 selector.setPolicy(p1); 1267 assertTrue("The certificate should match the selection criteria.", 1268 selector.match(cert1)); 1269 assertFalse("The certificate should not match the selection criteria.", 1270 selector.match(cert2)); 1271 1272 selector.setPolicy(p2); 1273 assertFalse("The certificate should not match the selection criteria.", 1274 selector.match(cert1)); 1275 assertTrue("The certificate should match the selection criteria.", 1276 selector.match(cert2)); 1277 } 1278 1279 /** 1280 * java.security.cert.X509CertSelector#setPrivateKeyValid(java.util.Date) 1281 */ 1282 public void test_setPrivateKeyValidLjava_util_Date() 1283 throws CertificateException { 1284 Date date1 = new Date(100000000); 1285 Date date2 = new Date(200000000); 1286 Date date3 = new Date(300000000); 1287 Date date4 = new Date(150000000); 1288 Date date5 = new Date(250000000); 1289 TestCert cert1 = new TestCert(date1, date2); 1290 TestCert cert2 = new TestCert(date2, date3); 1291 1292 X509CertSelector selector = new X509CertSelector(); 1293 1294 selector.setPrivateKeyValid(null); 1295 assertTrue("Any certificate should match in the case of null " 1296 + "privateKeyValid criteria.", selector.match(cert1) 1297 && selector.match(cert2)); 1298 selector.setPrivateKeyValid(date4); 1299 assertTrue("The certificate should match the selection criteria.", 1300 selector.match(cert1)); 1301 assertFalse("The certificate should not match the selection criteria.", 1302 selector.match(cert2)); 1303 selector.setPrivateKeyValid(date5); 1304 date5.setTime(date4.getTime()); 1305 assertTrue("The certificate should match the selection criteria.", 1306 selector.match(cert2)); 1307 } 1308 1309 /** 1310 * java.security.cert.X509CertSelector#setSerialNumber(java.math.BigInteger) 1311 */ 1312 public void test_setSerialNumberLjava_math_BigInteger() 1313 throws CertificateException { 1314 BigInteger ser1 = new BigInteger("10000"); 1315 BigInteger ser2 = new BigInteger("10001"); 1316 TestCert cert1 = new TestCert(ser1); 1317 TestCert cert2 = new TestCert(ser2); 1318 X509CertSelector selector = new X509CertSelector(); 1319 1320 selector.setSerialNumber(null); 1321 assertTrue("Any certificate should match in the case of null " 1322 + "serialNumber criteria.", selector.match(cert1) 1323 && selector.match(cert2)); 1324 selector.setSerialNumber(ser1); 1325 assertTrue("The certificate should match the selection criteria.", 1326 selector.match(cert1)); 1327 assertFalse("The certificate should not match the selection criteria.", 1328 selector.match(cert2)); 1329 selector.setSerialNumber(ser2); 1330 assertTrue("The certificate should match the selection criteria.", 1331 selector.match(cert2)); 1332 } 1333 1334 /** 1335 * java.security.cert.X509CertSelector#setSubject(byte[]) 1336 */ 1337 public void test_setSubjectLB$() throws CertificateException { 1338 byte[] name1 = new byte[] 1339 // manually obtained DER encoding of "O=First Org." issuer name; 1340 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 1341 116, 32, 79, 114, 103, 46 }; 1342 byte[] name2 = new byte[] 1343 // manually obtained DER encoding of "O=Second Org." issuer name; 1344 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 1345 110, 100, 32, 79, 114, 103, 46 }; 1346 X500Principal sub1 = new X500Principal(name1); 1347 X500Principal sub2 = new X500Principal(name2); 1348 TestCert cert1 = new TestCert(sub1); 1349 TestCert cert2 = new TestCert(sub2); 1350 1351 X509CertSelector selector = new X509CertSelector(); 1352 1353 try { 1354 selector.setSubject((byte[]) null); 1355 } catch (IOException e) { 1356 fail("Unexpected IOException was thrown."); 1357 } 1358 assertTrue("Any certificates should match " 1359 + "in the case of null issuer criteria.", selector.match(cert1) 1360 && selector.match(cert2)); 1361 try { 1362 selector.setSubject(name1); 1363 } catch (IOException e) { 1364 fail("Unexpected IOException was thrown."); 1365 } 1366 assertTrue("The certificate should match the selection criteria.", 1367 selector.match(cert1)); 1368 assertFalse("The certificate should not match the selection criteria.", 1369 selector.match(cert2)); 1370 try { 1371 selector.setSubject(name2); 1372 } catch (IOException e) { 1373 fail("Unexpected IOException was thrown."); 1374 } 1375 assertTrue("The certificate should match the selection criteria.", 1376 selector.match(cert2)); 1377 } 1378 1379 /** 1380 * java.security.cert.X509CertSelector#setSubject(java.lang.String) 1381 */ 1382 public void test_setSubjectLjava_lang_String() throws CertificateException { 1383 String name1 = "O=First Org."; 1384 String name2 = "O=Second Org."; 1385 X500Principal sub1 = new X500Principal(name1); 1386 X500Principal sub2 = new X500Principal(name2); 1387 TestCert cert1 = new TestCert(sub1); 1388 TestCert cert2 = new TestCert(sub2); 1389 X509CertSelector selector = new X509CertSelector(); 1390 1391 try { 1392 selector.setSubject((String) null); 1393 } catch (IOException e) { 1394 fail("Unexpected IOException was thrown."); 1395 } 1396 assertTrue("Any certificates should match " 1397 + "in the case of null subject criteria.", selector 1398 .match(cert1) 1399 && selector.match(cert2)); 1400 try { 1401 selector.setSubject(name1); 1402 } catch (IOException e) { 1403 fail("Unexpected IOException was thrown."); 1404 } 1405 assertTrue("The certificate should match the selection criteria.", 1406 selector.match(cert1)); 1407 assertFalse("The certificate should not match the selection criteria.", 1408 selector.match(cert2)); 1409 try { 1410 selector.setSubject(name2); 1411 } catch (IOException e) { 1412 fail("Unexpected IOException was thrown."); 1413 } 1414 assertTrue("The certificate should match the selection criteria.", 1415 selector.match(cert2)); 1416 } 1417 1418 /** 1419 * java.security.cert.X509CertSelector#setSubject(javax.security.auth.x500.X500Principal) 1420 */ 1421 public void test_setSubjectLjavax_security_auth_x500_X500Principal() 1422 throws CertificateException { 1423 X500Principal sub1 = new X500Principal("O=First Org."); 1424 X500Principal sub2 = new X500Principal("O=Second Org."); 1425 TestCert cert1 = new TestCert(sub1); 1426 TestCert cert2 = new TestCert(sub2); 1427 X509CertSelector selector = new X509CertSelector(); 1428 1429 selector.setSubject((X500Principal) null); 1430 assertTrue("Any certificates should match " 1431 + "in the case of null subjcet criteria.", selector 1432 .match(cert1) 1433 && selector.match(cert2)); 1434 selector.setSubject(sub1); 1435 assertTrue("The certificate should match the selection criteria.", 1436 selector.match(cert1)); 1437 assertFalse("The certificate should not match the selection criteria.", 1438 selector.match(cert2)); 1439 selector.setSubject(sub2); 1440 assertTrue("The certificate should match the selection criteria.", 1441 selector.match(cert2)); 1442 } 1443 1444 /** 1445 * java.security.cert.X509CertSelector#setSubjectAlternativeNames(Collection<List<?>>) 1446 */ 1447 public void test_setSubjectAlternativeNamesLjava_util_Collection() { 1448 1449 try { 1450 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", 1451 new byte[] { 1, 2, 0, 1 })); 1452 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 1453 GeneralName san2 = new GeneralName(2, "dNSName"); 1454 GeneralName san3 = new GeneralName(new ORAddress()); 1455 GeneralName san4 = new GeneralName(new Name("O=Organization")); 1456 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 1457 GeneralName san7 = new GeneralName(7, "1.1.1.1"); 1458 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 1459 1460 GeneralNames sans1 = new GeneralNames(); 1461 sans1.addName(san0); 1462 sans1.addName(san1); 1463 sans1.addName(san2); 1464 sans1.addName(san3); 1465 sans1.addName(san4); 1466 sans1.addName(san6); 1467 sans1.addName(san7); 1468 sans1.addName(san8); 1469 GeneralNames sans2 = new GeneralNames(); 1470 sans2.addName(san0); 1471 1472 TestCert cert1 = new TestCert(sans1); 1473 TestCert cert2 = new TestCert(sans2); 1474 X509CertSelector selector = new X509CertSelector(); 1475 selector.setMatchAllSubjectAltNames(true); 1476 1477 selector.setSubjectAlternativeNames(null); 1478 assertTrue("Any certificate should match in the case of null " 1479 + "subjectAlternativeNames criteria.", selector 1480 .match(cert1) 1481 && selector.match(cert2)); 1482 1483 Collection<List<?>> sans = sans1.getPairsList(); 1484 1485 selector.setSubjectAlternativeNames(sans); 1486 1487 selector.getSubjectAlternativeNames(); 1488 } catch (IOException e) { 1489 e.printStackTrace(); 1490 fail("Unexpected IOException was thrown."); 1491 } 1492 } 1493 1494 /** 1495 * java.security.cert.X509CertSelector#setSubjectKeyIdentifier(byte[]) 1496 */ 1497 public void test_setSubjectKeyIdentifierLB$() throws CertificateException { 1498 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 1499 byte[] skid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value 1500 TestCert cert1 = new TestCert(skid1); 1501 TestCert cert2 = new TestCert(skid2); 1502 X509CertSelector selector = new X509CertSelector(); 1503 1504 selector.setSubjectKeyIdentifier(null); 1505 assertTrue("Any certificate should match in the case of null " 1506 + "serialNumber criteria.", selector.match(cert1) 1507 && selector.match(cert2)); 1508 selector.setSubjectKeyIdentifier(skid1); 1509 assertTrue("The certificate should match the selection criteria.", 1510 selector.match(cert1)); 1511 assertFalse("The certificate should not match the selection criteria.", 1512 selector.match(cert2)); 1513 selector.setSubjectKeyIdentifier(skid2); 1514 skid2[0]++; 1515 assertTrue("The certificate should match the selection criteria.", 1516 selector.match(cert2)); 1517 } 1518 1519 /** 1520 * java.security.cert.X509CertSelector#setSubjectPublicKey(byte[]) 1521 */ 1522 public void test_setSubjectPublicKeyLB$() throws Exception { 1523 1524 //SubjectPublicKeyInfo ::= SEQUENCE { 1525 // algorithm AlgorithmIdentifier, 1526 // subjectPublicKey BIT STRING } 1527 byte[] enc = { 0x30, 0x0E, // SEQUENCE 1528 0x30, 0x07, // SEQUENCE 1529 0x06, 0x02, 0x03, 0x05,//OID 1530 0x01, 0x01, 0x07, //ANY 1531 0x03, 0x03, 0x01, 0x01, 0x06, // subjectPublicKey 1532 }; 1533 1534 X509CertSelector selector = new X509CertSelector(); 1535 1536 selector.setSubjectPublicKey(enc); 1537 PublicKey key = selector.getSubjectPublicKey(); 1538 assertEquals("0.3.5", key.getAlgorithm()); 1539 assertEquals("X.509", key.getFormat()); 1540 assertTrue(Arrays.equals(enc, key.getEncoded())); 1541 assertNotNull(key.toString()); 1542 } 1543 1544 /** 1545 * java.security.cert.X509CertSelector#setSubjectPublicKey(java.security.PublicKey key) 1546 */ 1547 public void test_setSubjectPublicKeyLjava_security_PublicKey() 1548 throws CertificateException { 1549 PublicKey pkey1 = null; 1550 PublicKey pkey2 = null; 1551 try { 1552 pkey1 = new TestKeyPair("RSA").getPublic(); 1553 pkey2 = new TestKeyPair("DSA").getPublic(); 1554 } catch (Exception e) { 1555 fail("Unexpected Exception was thrown: " + e.getMessage()); 1556 } 1557 1558 TestCert cert1 = new TestCert(pkey1); 1559 TestCert cert2 = new TestCert(pkey2); 1560 X509CertSelector selector = new X509CertSelector(); 1561 1562 selector.setSubjectPublicKey((PublicKey) null); 1563 assertTrue("Any certificate should match in the case of null " 1564 + "subjectPublicKey criteria.", selector.match(cert1) 1565 && selector.match(cert2)); 1566 selector.setSubjectPublicKey(pkey1); 1567 assertTrue("The certificate should match the selection criteria.", 1568 selector.match(cert1)); 1569 assertFalse("The certificate should not match the selection criteria.", 1570 selector.match(cert2)); 1571 selector.setSubjectPublicKey(pkey2); 1572 assertTrue("The certificate should match the selection criteria.", 1573 selector.match(cert2)); 1574 } 1575 1576 /** 1577 * java.security.cert.X509CertSelector#setSubjectPublicKeyAlgID(java.lang.String) 1578 */ 1579 public void test_setSubjectPublicKeyAlgIDLjava_lang_String() 1580 throws CertificateException { 1581 1582 X509CertSelector selector = new X509CertSelector(); 1583 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA (source: 1584 // http://asn1.elibel.tm.fr) 1585 String pkaid2 = "1.2.840.10040.4.1"; // DSA (source: 1586 // http://asn1.elibel.tm.fr) 1587 PublicKey pkey1; 1588 PublicKey pkey2; 1589 try { 1590 pkey1 = new TestKeyPair("RSA").getPublic(); 1591 pkey2 = new TestKeyPair("DSA").getPublic(); 1592 } catch (Exception e) { 1593 e.printStackTrace(); 1594 fail("Unexpected Exception was thrown: " + e.getMessage()); 1595 return; 1596 } 1597 TestCert cert1 = new TestCert(pkey1); 1598 TestCert cert2 = new TestCert(pkey2); 1599 1600 try { 1601 selector.setSubjectPublicKeyAlgID(null); 1602 } catch (IOException e) { 1603 1604 fail("Unexpected IOException was thrown."); 1605 } 1606 assertTrue("Any certificate should match in the case of null " 1607 + "subjectPublicKeyAlgID criteria.", selector.match(cert1) 1608 && selector.match(cert2)); 1609 1610 String[] validOIDs = { "0.0.20", "1.25.0", "2.0.39", "0.2.10", "1.35.15", 1611 "2.17.89", "2.5.29.16", "2.5.29.17", "2.5.29.30", "2.5.29.32", 1612 "2.5.29.37" }; 1613 1614 for (int i = 0; i < validOIDs.length; i++) { 1615 try { 1616 selector.setSubjectPublicKeyAlgID(validOIDs[i]); 1617 assertEquals(validOIDs[i], selector.getSubjectPublicKeyAlgID()); 1618 } catch (IOException e) { 1619 fail("Unexpected exception " + e.getMessage()); 1620 } 1621 } 1622 1623 String[] invalidOIDs = { "0.20", "1.25", "2.39", "3.10"}; 1624 for (int i = 0; i < invalidOIDs.length; i++) { 1625 try { 1626 selector.setSubjectPublicKeyAlgID(invalidOIDs[i]); 1627 fail("IOException wasn't thrown for " + invalidOIDs[i]); 1628 } catch (IOException e) { 1629 } 1630 } 1631 1632 try { 1633 selector.setSubjectPublicKeyAlgID(pkaid1); 1634 } catch (IOException e) { 1635 fail("Unexpected IOException was thrown."); 1636 } 1637 assertTrue("The certificate should match the selection criteria.", 1638 selector.match(cert1)); 1639 assertFalse("The certificate should not match the selection criteria.", 1640 selector.match(cert2)); 1641 try { 1642 selector.setSubjectPublicKeyAlgID(pkaid2); 1643 } catch (IOException e) { 1644 fail("Unexpected IOException was thrown."); 1645 } 1646 assertTrue("The certificate should match the selection criteria.", 1647 selector.match(cert2)); 1648 } 1649 1650 /** 1651 * java.security.cert.X509CertSelector#toString() 1652 */ 1653 public void test_toString() { 1654 X509CertSelector selector = new X509CertSelector(); 1655 assertNotNull(selector.toString()); 1656 } 1657 1658 public class MyPublicKey implements PublicKey { 1659 private static final long serialVersionUID = 2899528375354645752L; 1660 1661 public MyPublicKey() { 1662 super(); 1663 } 1664 1665 public String getAlgorithm() { 1666 return "PublicKey"; 1667 } 1668 1669 public String getFormat() { 1670 return "Format"; 1671 } 1672 1673 public byte[] getEncoded() { 1674 return new byte[0]; 1675 } 1676 1677 public long getSerVerUID() { 1678 return serialVersionUID; 1679 } 1680 } 1681 1682 private class TestCert extends X509Certificate { 1683 1684 private static final long serialVersionUID = 176676115254260405L; 1685 1686 /* Stuff fields */ 1687 protected String equalCriteria = null; // to simplify method equals() 1688 1689 protected BigInteger serialNumber = null; 1690 1691 protected X500Principal issuer = null; 1692 1693 protected X500Principal subject = null; 1694 1695 protected byte[] keyIdentifier = null; 1696 1697 protected Date date = null; 1698 1699 protected Date notBefore = null; 1700 1701 protected Date notAfter = null; 1702 1703 protected PublicKey key = null; 1704 1705 protected boolean[] keyUsage = null; 1706 1707 protected List<String> extKeyUsage = null; 1708 1709 protected int pathLen = 1; 1710 1711 protected GeneralNames sans = null; 1712 1713 protected byte[] encoding = null; 1714 1715 protected String[] policies = null; 1716 1717 protected Collection<List<?>> collection = null; 1718 1719 protected NameConstraints nameConstraints = null; 1720 1721 /* Stuff methods */ 1722 public TestCert() { 1723 } 1724 1725 public TestCert(GeneralNames sans) { 1726 setSubjectAlternativeNames(sans); 1727 } 1728 1729 public TestCert(NameConstraints nameConstraints) { 1730 this.nameConstraints = nameConstraints; 1731 } 1732 1733 public TestCert(Collection<List<?>> collection) { 1734 setCollection(collection); 1735 } 1736 1737 public TestCert(String equalCriteria) { 1738 setEqualCriteria(equalCriteria); 1739 } 1740 1741 public TestCert(String[] policies) { 1742 setPolicies(policies); 1743 } 1744 1745 public TestCert(BigInteger serial) { 1746 setSerialNumber(serial); 1747 } 1748 1749 public TestCert(X500Principal principal) { 1750 setIssuer(principal); 1751 setSubject(principal); 1752 } 1753 1754 public TestCert(byte[] array) { 1755 setKeyIdentifier(array); 1756 } 1757 1758 public TestCert(Date date) { 1759 setDate(date); 1760 } 1761 1762 public TestCert(Date notBefore, Date notAfter) { 1763 setPeriod(notBefore, notAfter); 1764 } 1765 1766 public TestCert(PublicKey key) { 1767 setPublicKey(key); 1768 } 1769 1770 public TestCert(boolean[] keyUsage) { 1771 setKeyUsage(keyUsage); 1772 } 1773 1774 public TestCert(Set<String> extKeyUsage) { 1775 setExtendedKeyUsage(extKeyUsage); 1776 } 1777 1778 public TestCert(int pathLen) { 1779 this.pathLen = pathLen; 1780 } 1781 1782 public void setSubjectAlternativeNames(GeneralNames sans) { 1783 this.sans = sans; 1784 } 1785 1786 public void setCollection(Collection<List<?>> collection) { 1787 this.collection = collection; 1788 } 1789 1790 public void setPolicies(String[] policies) { 1791 this.policies = policies; 1792 } 1793 1794 public void setExtendedKeyUsage(Set<String> extKeyUsage) { 1795 this.extKeyUsage = (extKeyUsage == null) ? null : new ArrayList<String>( 1796 extKeyUsage); 1797 } 1798 1799 public void setKeyUsage(boolean[] keyUsage) { 1800 this.keyUsage = (keyUsage == null) ? null : (boolean[]) keyUsage 1801 .clone(); 1802 } 1803 1804 public void setPublicKey(PublicKey key) { 1805 this.key = key; 1806 } 1807 1808 public void setPeriod(Date notBefore, Date notAfter) { 1809 this.notBefore = notBefore; 1810 this.notAfter = notAfter; 1811 } 1812 1813 public void setSerialNumber(BigInteger serial) { 1814 this.serialNumber = serial; 1815 } 1816 1817 public void setEqualCriteria(String equalCriteria) { 1818 this.equalCriteria = equalCriteria; 1819 } 1820 1821 public void setIssuer(X500Principal issuer) { 1822 this.issuer = issuer; 1823 } 1824 1825 public void setSubject(X500Principal subject) { 1826 this.subject = subject; 1827 } 1828 1829 public void setKeyIdentifier(byte[] subjectKeyID) { 1830 this.keyIdentifier = (byte[]) subjectKeyID.clone(); 1831 } 1832 1833 public void setDate(Date date) { 1834 this.date = new Date(date.getTime()); 1835 } 1836 1837 public void setEncoding(byte[] encoding) { 1838 this.encoding = encoding; 1839 } 1840 1841 /* Method implementations */ 1842 public boolean equals(Object cert) { 1843 if (cert == null) { 1844 return false; 1845 } 1846 if ((equalCriteria == null) 1847 || (((TestCert) cert).equalCriteria == null)) { 1848 return false; 1849 } else { 1850 return equalCriteria.equals(((TestCert) cert).equalCriteria); 1851 } 1852 } 1853 1854 public String toString() { 1855 if (equalCriteria != null) { 1856 return equalCriteria; 1857 } 1858 return ""; 1859 } 1860 1861 public void checkValidity() throws CertificateExpiredException, 1862 CertificateNotYetValidException { 1863 } 1864 1865 public void checkValidity(Date date) 1866 throws CertificateExpiredException, 1867 CertificateNotYetValidException { 1868 if (this.date == null) { 1869 throw new CertificateExpiredException(); 1870 } 1871 int result = this.date.compareTo(date); 1872 if (result > 0) { 1873 throw new CertificateExpiredException(); 1874 } 1875 if (result < 0) { 1876 throw new CertificateNotYetValidException(); 1877 } 1878 } 1879 1880 public int getVersion() { 1881 return 3; 1882 } 1883 1884 public BigInteger getSerialNumber() { 1885 return (serialNumber == null) ? new BigInteger("1111") 1886 : serialNumber; 1887 } 1888 1889 public Principal getIssuerDN() { 1890 return issuer; 1891 } 1892 1893 public X500Principal getIssuerX500Principal() { 1894 return issuer; 1895 } 1896 1897 public Principal getSubjectDN() { 1898 return subject; 1899 } 1900 1901 public X500Principal getSubjectX500Principal() { 1902 return subject; 1903 } 1904 1905 public Date getNotBefore() { 1906 return null; 1907 } 1908 1909 public Date getNotAfter() { 1910 return null; 1911 } 1912 1913 public byte[] getTBSCertificate() throws CertificateEncodingException { 1914 return null; 1915 } 1916 1917 public byte[] getSignature() { 1918 return null; 1919 } 1920 1921 public String getSigAlgName() { 1922 return null; 1923 } 1924 1925 public String getSigAlgOID() { 1926 return null; 1927 } 1928 1929 public byte[] getSigAlgParams() { 1930 return null; 1931 } 1932 1933 public boolean[] getIssuerUniqueID() { 1934 return null; 1935 } 1936 1937 public boolean[] getSubjectUniqueID() { 1938 return null; 1939 } 1940 1941 public boolean[] getKeyUsage() { 1942 return keyUsage; 1943 } 1944 1945 public List<String> getExtendedKeyUsage() 1946 throws CertificateParsingException { 1947 return extKeyUsage; 1948 } 1949 1950 public int getBasicConstraints() { 1951 return pathLen; 1952 } 1953 1954 public void verify(PublicKey key) throws CertificateException, 1955 NoSuchAlgorithmException, InvalidKeyException, 1956 NoSuchProviderException, SignatureException { 1957 } 1958 1959 public void verify(PublicKey key, String sigProvider) 1960 throws CertificateException, NoSuchAlgorithmException, 1961 InvalidKeyException, NoSuchProviderException, 1962 SignatureException { 1963 } 1964 1965 public PublicKey getPublicKey() { 1966 return key; 1967 } 1968 1969 public byte[] getEncoded() throws CertificateEncodingException { 1970 return encoding; 1971 } 1972 1973 public Set<String> getNonCriticalExtensionOIDs() { 1974 return null; 1975 } 1976 1977 public Set<String> getCriticalExtensionOIDs() { 1978 return null; 1979 } 1980 1981 public byte[] getExtensionValue(String oid) { 1982 1983 if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) { 1984 // Extension value is represented as an OctetString 1985 return ASN1OctetString.getInstance().encode(keyIdentifier); 1986 } 1987 if ("2.5.29.16".equals(oid)) { 1988 PrivateKeyUsagePeriod pkup = new PrivateKeyUsagePeriod( 1989 notBefore, notAfter); 1990 byte[] encoded = pkup.getEncoded(); 1991 return ASN1OctetString.getInstance().encode(encoded); 1992 } 1993 if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) { 1994 ASN1Oid[] oa = new ASN1Oid[extKeyUsage.size()]; 1995 String[] val = new String[extKeyUsage.size()]; 1996 Iterator it = extKeyUsage.iterator(); 1997 int id = 0; 1998 while (it.hasNext()) { 1999 oa[id] = ASN1Oid.getInstanceForString(); 2000 val[id++] = (String) it.next(); 2001 } 2002 return ASN1OctetString.getInstance().encode( 2003 new ASN1Sequence(oa).encode(val)); 2004 } 2005 if ("2.5.29.19".equals(oid)) { 2006 return ASN1OctetString.getInstance().encode( 2007 new ASN1Sequence(new ASN1Type[] { 2008 ASN1Boolean.getInstance(), 2009 ASN1Integer.getInstance() }) 2010 .encode(new Object[] { 2011 new Boolean(pathLen != 1), 2012 BigInteger.valueOf(pathLen) 2013 .toByteArray() })); 2014 } 2015 if ("2.5.29.17".equals(oid) && (sans != null)) { 2016 if (sans.getNames() == null) { 2017 return null; 2018 } 2019 return ASN1OctetString.getInstance().encode( 2020 GeneralNames.ASN1.encode(sans)); 2021 } 2022 if ("2.5.29.32".equals(oid) && (policies != null) 2023 && (policies.length > 0)) { 2024 // Certificate Policies Extension (as specified in rfc 3280) 2025 CertificatePolicies certificatePolicies = new CertificatePolicies(); 2026 for (int i = 0; i < policies.length; i++) { 2027 PolicyInformation policyInformation = new PolicyInformation( 2028 policies[i]); 2029 certificatePolicies.addPolicyInformation(policyInformation); 2030 } 2031 return ASN1OctetString.getInstance().encode( 2032 certificatePolicies.getEncoded()); 2033 } 2034 if ("2.5.29.30".equals(oid) && (nameConstraints != null)) { // 2035 // Name 2036 // Constraints 2037 // Extension 2038 // (as 2039 // specified 2040 // in 2041 // rfc 2042 // 3280) 2043 return ASN1OctetString.getInstance().encode( 2044 nameConstraints.getEncoded()); 2045 } 2046 2047 return null; 2048 } 2049 2050 public boolean hasUnsupportedCriticalExtension() { 2051 return false; 2052 } 2053 2054 } 2055 2056 public X509Certificate rootCertificate; 2057 2058 public X509Certificate endCertificate; 2059 2060 public MyCRL crl; 2061 2062 private X509CertSelector theCertSelector; 2063 2064 private CertPathBuilder builder; 2065 2066 private void setupEnvironment() throws Exception { 2067 // create certificates and CRLs 2068 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 2069 ByteArrayInputStream bi = new ByteArrayInputStream(TestUtils.rootCert.getBytes()); 2070 rootCertificate = (X509Certificate) cf.generateCertificate(bi); 2071 bi = new ByteArrayInputStream(TestUtils.endCert.getBytes()); 2072 endCertificate = (X509Certificate) cf.generateCertificate(bi); 2073 2074 BigInteger revokedSerialNumber = BigInteger.valueOf(1); 2075 crl = new MyCRL("X.509"); 2076 // X509CRL rootCRL = X509CRL; 2077 // X509CRL interCRL = X509CRLExample.createCRL(interCert, interPair 2078 // .getPrivate(), revokedSerialNumber); 2079 2080 // create CertStore to support path building 2081 List<Object> list = new ArrayList<Object>(); 2082 2083 list.add(rootCertificate); 2084 list.add(endCertificate); 2085 2086 // CollectionCertStoreParameters params = new CollectionCertStoreParameters( 2087 // list); 2088 // CertStore store = CertStore.getInstance("Collection", params); 2089 // 2090 theCertSelector = new X509CertSelector(); 2091 theCertSelector.setCertificate(endCertificate); 2092 theCertSelector.setIssuer(endCertificate.getIssuerX500Principal() 2093 .getEncoded()); 2094 2095 // build the path 2096 builder = CertPathBuilder.getInstance("PKIX"); 2097 2098 } 2099 2100 private CertPath buildCertPath() throws InvalidAlgorithmParameterException { 2101 PKIXCertPathBuilderResult result = null; 2102 PKIXBuilderParameters buildParams = new PKIXBuilderParameters( 2103 Collections.singleton(new TrustAnchor(rootCertificate, null)), 2104 theCertSelector); 2105 try { 2106 result = (PKIXCertPathBuilderResult) builder 2107 .build(buildParams); 2108 } catch(CertPathBuilderException e) { 2109 return null; 2110 } 2111 return result.getCertPath(); 2112 } 2113 2114 /** 2115 * java.security.cert.X509CertSelector#addPathToName(int, byte[]) 2116 */ 2117 public void test_addPathToNameLintLbyte_array2() throws Exception { 2118 TestUtils.initCertPathSSCertChain(); 2119 setupEnvironment(); 2120 byte[] bytes, bytesName; 2121 // GeneralName name = new GeneralName(1, "822.Name"); 2122 // bytes = name.getEncoded(); 2123 // bytesName = name.getEncodedName(); 2124 bytes = new byte[] {-127, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2125 bytesName = new byte[] {22, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2126 bytes[bytes.length-3] = (byte) 200; 2127 2128 try { 2129 theCertSelector.addPathToName(1, bytes); 2130 } catch (IOException e) { 2131 // ok 2132 } 2133 2134 theCertSelector.setPathToNames(null); 2135 2136 theCertSelector.addPathToName(1, bytesName); 2137 assertNotNull(theCertSelector.getPathToNames()); 2138 CertPath p = buildCertPath(); 2139 assertNull(p); 2140 2141 theCertSelector.setPathToNames(null); 2142 2143 // name = new GeneralName(new Name("O=Android")); 2144 // theCertSelector.addPathToName(4, endCertificate.getSubjectDN().getName()); 2145 theCertSelector.addPathToName(4, TestUtils.rootCertificateSS.getIssuerX500Principal().getEncoded()); 2146 assertNotNull(theCertSelector.getPathToNames()); 2147 p = TestUtils.buildCertPathSSCertChain(); 2148 assertNotNull(p); 2149 } 2150 2151 /** 2152 * java.security.cert.X509CertSelector#addPathToName(int, String) 2153 */ 2154 public void test_addPathToNameLintLjava_lang_String2() throws Exception { 2155 setupEnvironment(); 2156 byte[] bytes, bytesName; 2157 // GeneralName name = new GeneralName(1, "822.Name"); 2158 // bytes = name.getEncoded(); 2159 // bytesName = name.getEncodedName(); 2160 bytes = new byte[] {-127, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2161 bytesName = new byte[] {22, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2162 assertNotNull(bytes); 2163 byte[] b = new byte[bytes.length]; 2164 b = bytes; 2165 b[bytes.length-3] = (byte) 200; 2166 2167 try { 2168 theCertSelector.addPathToName(1, new String(b)); 2169 } catch (IOException e) { 2170 // ok 2171 } 2172 2173 theCertSelector.setPathToNames(null); 2174 2175 theCertSelector.addPathToName(1, new String(bytesName)); 2176 assertNotNull(theCertSelector.getPathToNames()); 2177 2178 CertPath p = buildCertPath(); 2179 assertNull(p); 2180 2181 theCertSelector.setPathToNames(null); 2182 theCertSelector.addPathToName(1, rootCertificate.getIssuerX500Principal().getName()); 2183 assertNotNull(theCertSelector.getPathToNames()); 2184 //p = buildCertPath(); 2185 //assertNotNull(p); 2186 } 2187 2188 /** 2189 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[]) 2190 */ 2191 public void test_addSubjectAlternativeNameLintLbyte_array2() 2192 throws Exception { 2193 2194 2195 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", 2196 new byte[] {1, 2, 0, 1})); 2197 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 2198 GeneralName san2 = new GeneralName(2, "dNSName"); 2199 2200 GeneralNames sans1 = new GeneralNames(); 2201 sans1.addName(san0); 2202 sans1.addName(san1); 2203 sans1.addName(san2); 2204 2205 X509CertSelector selector = new X509CertSelector(); 2206 2207 selector.addSubjectAlternativeName(0, san0.getEncodedName()); 2208 selector.addSubjectAlternativeName(1, san1.getEncodedName()); 2209 selector.addSubjectAlternativeName(2, san2.getEncodedName()); 2210 2211 GeneralNames sans2 = new GeneralNames(); 2212 sans2.addName(san0); 2213 2214 TestCert cert1 = new TestCert(sans1); 2215 TestCert cert2 = new TestCert(sans2); 2216 2217 assertTrue(selector.match(cert1)); 2218 assertFalse(selector.match(cert2)); 2219 2220 selector.setSubjectAlternativeNames(null); 2221 2222 GeneralName name = new GeneralName(new Name("O=Android")); 2223 try { 2224 selector.addSubjectAlternativeName(0, name.getEncodedName()); 2225 } catch (IOException e) { 2226 // ok 2227 } 2228 2229 } 2230 2231 /** 2232 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String) 2233 */ 2234 public void test_addSubjectAlternativeNameLintLjava_lang_String2() throws Exception{ 2235 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 2236 GeneralName san2 = new GeneralName(2, "dNSName"); 2237 2238 GeneralNames sans1 = new GeneralNames(); 2239 sans1.addName(san6); 2240 sans1.addName(san2); 2241 2242 X509CertSelector selector = new X509CertSelector(); 2243 2244 selector.addSubjectAlternativeName(6, "http://uniform.Resource.Id"); 2245 selector.addSubjectAlternativeName(2, "dNSName"); 2246 2247 GeneralNames sans2 = new GeneralNames(); 2248 sans2.addName(san2); 2249 2250 TestCert cert1 = new TestCert(sans1); 2251 TestCert cert2 = new TestCert(sans2); 2252 2253 assertTrue(selector.match(cert1)); 2254 assertFalse(selector.match(cert2)); 2255 2256 selector.setSubjectAlternativeNames(null); 2257 2258 GeneralName name = new GeneralName(new Name("O=Android")); 2259 try { 2260 selector.addSubjectAlternativeName(0, (name.toString())); 2261 } catch (IOException e) { 2262 // ok 2263 } 2264 2265 } 2266 } 2267
