Home | History | Annotate | Download | only in cert 
      1 /*
      2  * Licensed to the Apache Software Foundation (ASF) under one or more
      3  * contributor license agreements.  See the NOTICE file distributed with
      4  * this work for additional information regarding copyright ownership.
      5  * The ASF licenses this file to You under the Apache License, Version 2.0
      6  * (the "License"); you may not use this file except in compliance with
      7  * the License.  You may obtain a copy of the License at
      8  *
      9  *     http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  * Unless required by applicable law or agreed to in writing, software
     12  * distributed under the License is distributed on an "AS IS" BASIS,
     13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  * See the License for the specific language governing permissions and
     15  * limitations under the License.
     16  */
     17 
     18 package tests.security.cert;
     19 
     20 import org.apache.harmony.security.tests.support.cert.TestUtils;
     21 
     22 import java.io.ByteArrayInputStream;
     23 import java.math.BigInteger;
     24 import java.security.Principal;
     25 import java.security.PublicKey;
     26 import java.security.cert.CertificateException;
     27 import java.security.cert.CertificateFactory;
     28 import java.security.cert.CertificateParsingException;
     29 import java.security.cert.X509Certificate;
     30 import java.security.cert.X509Extension;
     31 import java.util.Arrays;
     32 import java.util.Collection;
     33 import java.util.Date;
     34 import java.util.List;
     35 import java.util.Set;
     36 
     37 import javax.security.auth.x500.X500Principal;
     38 
     39 public class X509Certificate2Test extends junit.framework.TestCase {
     40 
     41     /**
     42      * Test for X.509 Certificate provider
     43      */
     44     public void test_toString() throws Exception {
     45 
     46         // Regression for HARMONY-3384
     47         CertificateFactory certFact = CertificateFactory.getInstance("X509");
     48         X509Certificate pemCert = (X509Certificate) certFact
     49                 .generateCertificate(new ByteArrayInputStream(TestUtils
     50                         .getX509Certificate_v3()));
     51 
     52         // extension value is empty sequence
     53         byte[] extnValue = pemCert.getExtensionValue("2.5.29.35");
     54         assertTrue(Arrays
     55                 .equals(new byte[] {0x04, 0x02, 0x30, 0x00}, extnValue));
     56         assertNotNull(pemCert.toString());
     57         // End regression for HARMONY-3384
     58     }
     59 
     60     /**
     61      * java.security.cert.X509Certificate#X509Certificate()
     62      */
     63     public void test_X509Certificate() {
     64         MyX509Certificate s = null;
     65         try {
     66             s = new MyX509Certificate();
     67         } catch (Exception e) {
     68             fail("Unexpected exception " + e.getMessage());
     69         }
     70         assertEquals("X.509", s.getType());
     71     }
     72 
     73     public void testAbstractMethods() {
     74         MyX509Certificate s = new MyX509Certificate();
     75         try {
     76             s.checkValidity();
     77             s.checkValidity(new Date());
     78             s.getBasicConstraints();
     79             s.getIssuerDN();
     80             s.getIssuerUniqueID();
     81             s.getKeyUsage();
     82             s.getNotAfter();
     83             s.getNotBefore();
     84             s.getSerialNumber();
     85             s.getSigAlgName();
     86             s.getSigAlgOID();
     87             s.getSigAlgParams();
     88             s.getSignature();
     89             s.getSubjectDN();
     90             s.getSubjectUniqueID();
     91             s.getTBSCertificate();
     92             s.getVersion();
     93         } catch (Exception e) {
     94             fail("Unexpected exception " + e.getMessage());
     95         }
     96     }
     97 
     98     // Base64 encoded form of ASN.1 DER encoded X.509 Certificate
     99     // (see RFC 3280 at http://www.ietf.org/rfc/rfc3280.txt)
    100     // (generated by using of classes from
    101     // org.apache.harmony.security.x509 package)
    102     static String base64cert =
    103         "MIIByzCCATagAwIBAgICAiswCwYJKoZIhvcNAQEFMB0xGzAZBgNVBAoT"
    104             + "EkNlcnRpZmljYXRlIElzc3VlcjAeFw0wNjA0MjYwNjI4MjJaFw0zMzAz"
    105             + "MDExNjQ0MDlaMB0xGzAZBgNVBAoTEkNlcnRpZmljYXRlIElzc3VlcjCB"
    106             + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAkLGLsPdSPDMyP1OUOKu"
    107             + "U3cvbNK5RGaQ3bXc5aDjvApx43BcaoXgt6YD/5yXz0OsIooj5yA37bY"
    108             + "JGcVrvFD5FMPdDd3vjNPQOep0MzG4CdbkaZde5SigPabOMQYS4oUyLBx"
    109             + "W3LGG0mUODe5AGGqtqXU0GlKg4K2je6cCtookCUCAwEAAaMeMBwwGgYD"
    110             + "VR0RAQH/BBAwDoEMcmZjQDgyMi5OYW1lMAsGCSqGSIb3DQEBBQOBgQBZ"
    111             + "pVXj01dOpqnZErUQb50j8lJD1dIaz1eJTvJCSadj7ziV1VtnnapI07c"
    112             + "XEa7ONzcHQTYTG10poHfOK/a0BaULF3GlctDESilwQYbW5BdfpAlZpbH"
    113             + "AFLcUDh6Eq50kc0A/anh/j3mgBNuvbIMo7hHNnZB6k/prswm2BszyLD"
    114             + "yw==";
    115     static String base64certCorrect =
    116         "-----BEGIN CERTIFICATE-----\n"
    117         + "MIIC+jCCAragAwIBAgICAiswDAYHKoZIzjgEAwEBADAdMRswGQYDVQQKExJDZXJ0a"
    118         + "WZpY2F0ZSBJc3N1ZXIwIhgPMTk3MDAxMTIxMzQ2NDBaGA8xOTcwMDEyNDAzMzMyMF"
    119         + "owHzEdMBsGA1UEChMUU3ViamVjdCBPcmdhbml6YXRpb24wGTAMBgcqhkjOOAQDAQE"
    120         + "AAwkAAQIDBAUGBwiBAgCqggIAVaOCAhQwggIQMA8GA1UdDwEB/wQFAwMBqoAwEgYD"
    121         + "VR0TAQH/BAgwBgEB/wIBBTAUBgNVHSABAf8ECjAIMAYGBFUdIAAwZwYDVR0RAQH/B"
    122         + "F0wW4EMcmZjQDgyMi5OYW1lggdkTlNOYW1lpBcxFTATBgNVBAoTDE9yZ2FuaXphdG"
    123         + "lvboYaaHR0cDovL3VuaWZvcm0uUmVzb3VyY2UuSWSHBP///wCIByoDolyDsgMwDAY"
    124         + "DVR0eAQH/BAIwADAMBgNVHSQBAf8EAjAAMIGZBgNVHSUBAf8EgY4wgYsGBFUdJQAG"
    125         + "CCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDB"
    126         + "AYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUFBw"
    127         + "MJBggrBgEFBQgCAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GA1UdNgEB/wQDAgE"
    128         + "BMA4GBCpNhgkBAf8EAwEBATBkBgNVHRIEXTBbgQxyZmNAODIyLk5hbWWCB2ROU05h"
    129         + "bWWkFzEVMBMGA1UEChMMT3JnYW5pemF0aW9uhhpodHRwOi8vdW5pZm9ybS5SZXNvd"
    130         + "XJjZS5JZIcE////AIgHKgOiXIOyAzAJBgNVHR8EAjAAMAoGA1UdIwQDAQEBMAoGA1"
    131         + "UdDgQDAQEBMAoGA1UdIQQDAQEBMAwGByqGSM44BAMBAQADMAAwLQIUAL4QvoazNWP"
    132         + "7jrj84/GZlhm09DsCFQCBKGKCGbrP64VtUt4JPmLjW1VxQA==\n"
    133         + "-----END CERTIFICATE-----";
    134 
    135     private X509Certificate cert;
    136 
    137     static String base64certTampered = "-----BEGIN CERTIFICATE-----\n"
    138         + "MIIC+jCCAragAwIBAgICAiswDAYHKoZIzjgEAwEBADAdMRswGQYDVQQKExJDZXJ0a"
    139         + "WZpY2F0ZSBJc3N1ZXIwIhgPMTk3MDAxMTIxMzQ2NDBaGA8xOTcwMDEyNDAzMzMyMF"
    140         + "owHzEdMBsGA1UEChMUU3ViamVjdCBPcmdhbml6YXRpb24wGTAMBgcqhkjOOAQDAQE"
    141         + "AAwkAAQIDBAUGBwiBAgCqggIAVaOCAhQwggIQMA8GA1UdDwEB/wQFAwMBqoAwEgYD"
    142         + "VR0TAQH/BAgwBgEB/wIBBTAUBgNVHSABAf8ECjAIMAyGBFUdIAAwZwYDVR0RAQH/B"
    143         + "F0wW4EMcmZjQDgyMi5OYW1lggdkTlNOYW1lpBcxFTATBgNVBAoTDE9yZ2FuaXphdG"
    144         + "lvboYaaHR0cDovL3VuaWZvcm0uUmVzb3VyY2UuSWSHBP///wCIByoDolyDsgMwDAY"
    145         + "DVR0eAQH/BAIwADAMBgNVHSQBAf8EAjAAMIGZBgNVHSUBAf8EgY4wgYsGBFUdJQAG"
    146         + "CCsGAQUFBwMBBggrBgEFBQcDAQYIKxYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDB"
    147         + "AYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUFBw"
    148         + "MJBggrBgEFBQgCAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GA1UdNgEB/wQDAgE"
    149         + "BMA4GBCpNhgkBAf8EAwEBATBkBgNVHRIEXTBbgQxyZmNAODIyLk5hbWWCB2ROU05h"
    150         + "bWWkFzEVMBMGA1UEChMMT3JnYW5pemF0aW9uhhpodHRwOi8vdW5pZm9ybS5SZXNvd"
    151         + "XJjZS5JZIcE////AIgHKgOiXIOyAzAJBgNVHR8EAjAAMAoGA1UdIwQDAQEBMAoGA1"
    152         + "UdDgQDAQEBMAoGA1UdIQQDAQEBMAwHByqGSM44BAMBAQADMAAwLQIUAL4QvoazNWP"
    153         + "7jrj84/GZlhm09DsCFQCBKGKCGbrP64VtUt4JPmLjW1VxQA==\n"
    154         + "-----END CERTIFICATE-----";
    155 
    156     // Base64 encoded form of ASN.1 DER encoded X.509 CRL
    157     // (see RFC 3280 at http://www.ietf.org/rfc/rfc3280.txt)
    158     // (generated by using of classes from
    159     // org.apache.harmony.security.x509 package)
    160     static String base64crl =
    161         "MIHXMIGXAgEBMAkGByqGSM44BAMwFTETMBEGA1UEChMKQ1JMIElzc3Vl"
    162             + "chcNMDYwNDI3MDYxMzQ1WhcNMDYwNDI3MDYxNTI1WjBBMD8CAgIrFw0w"
    163             + "NjA0MjcwNjEzNDZaMCowCgYDVR0VBAMKAQEwHAYDVR0YBBUYEzIwMDYw"
    164             + "NDI3MDYxMzQ1LjQ2OFqgDzANMAsGA1UdFAQEBAQEBDAJBgcqhkjOOAQD"
    165             + "AzAAMC0CFQCk0t0DTyu82QpajbBlxX9uXvUDSgIUSBN4g+xTEeexs/0k"
    166             + "9AkjBhjF0Es=";
    167 
    168     // has stub implementation for abstract methods
    169     private static class MyX509Certificate extends X509Certificate implements
    170             X509Extension {
    171 
    172         private static final long serialVersionUID = -7196694072296607007L;
    173 
    174         public void checkValidity() {
    175         }
    176 
    177         public void checkValidity(Date date) {
    178         }
    179 
    180         public int getVersion() {
    181             return 3;
    182         }
    183 
    184         public BigInteger getSerialNumber() {
    185             return null;
    186         }
    187 
    188         public Principal getIssuerDN() {
    189             return null;
    190         }
    191 
    192         public Principal getSubjectDN() {
    193             return null;
    194         }
    195 
    196         public Date getNotBefore() {
    197             return null;
    198         }
    199 
    200         public Date getNotAfter() {
    201             return null;
    202         }
    203 
    204         public byte[] getTBSCertificate() {
    205             return null;
    206         }
    207 
    208         public byte[] getSignature() {
    209             return null;
    210         }
    211 
    212         public String getSigAlgName() {
    213             return null;
    214         }
    215 
    216         public String getSigAlgOID() {
    217             return null;
    218         }
    219 
    220         public byte[] getSigAlgParams() {
    221             return null;
    222         }
    223 
    224         public boolean[] getIssuerUniqueID() {
    225             return null;
    226         }
    227 
    228         public boolean[] getSubjectUniqueID() {
    229             return null;
    230         }
    231 
    232         public boolean[] getKeyUsage() {
    233             return null;
    234         }
    235 
    236         public int getBasicConstraints() {
    237             return 0;
    238         }
    239 
    240         public void verify(PublicKey key) {
    241         }
    242 
    243         public void verify(PublicKey key, String sigProvider) {
    244         }
    245 
    246         public String toString() {
    247             return "";
    248         }
    249 
    250         public PublicKey getPublicKey() {
    251             return null;
    252         }
    253 
    254         public byte[] getEncoded() {
    255             return null;
    256         }
    257 
    258         public Set<String> getNonCriticalExtensionOIDs() {
    259             return null;
    260         }
    261 
    262         public Set<String> getCriticalExtensionOIDs() {
    263             return null;
    264         }
    265 
    266         public byte[] getExtensionValue(String oid) {
    267             return null;
    268         }
    269 
    270         public boolean hasUnsupportedCriticalExtension() {
    271             return false;
    272         }
    273     }
    274 
    275     /**
    276      * java.security.cert.X509Certificate#getType()
    277      */
    278     public void testGetType() {
    279         assertEquals("X.509", new MyX509Certificate().getType());
    280     }
    281 
    282     /**
    283      * java.security.cert.X509Certificate#getIssuerX500Principal()
    284      */
    285     public void testGetIssuerX500Principal() {
    286         // return valid encoding
    287         MyX509Certificate cert = new MyX509Certificate() {
    288             private static final long serialVersionUID = 638659908323741165L;
    289 
    290             public byte[] getEncoded() {
    291                 return TestUtils.getX509Certificate_v1();
    292             }
    293         };
    294 
    295         assertEquals(new X500Principal("CN=Z"), cert.getIssuerX500Principal());
    296     }
    297 
    298     /**
    299      * java.security.cert.X509Certificate#getSubjectX500Principal()
    300      */
    301     public void testGetSubjectX500Principal() {
    302         // return valid encoding
    303         MyX509Certificate cert = new MyX509Certificate() {
    304             private static final long serialVersionUID = -3625913637413840694L;
    305 
    306             public byte[] getEncoded() {
    307                 return TestUtils.getX509Certificate_v1();
    308             }
    309         };
    310 
    311         assertEquals(new X500Principal("CN=Y"), cert.getSubjectX500Principal());
    312     }
    313 
    314     /**
    315      * @throws CertificateException
    316      * java.security.cert.X509Certificate#getExtendedKeyUsage()
    317      */
    318     public void testGetExtendedKeyUsage() throws CertificateException {
    319         assertNull(new MyX509Certificate().getExtendedKeyUsage());
    320 
    321         List<String> l = cert.getExtendedKeyUsage();
    322         assertNotNull(l);
    323 
    324         try {
    325             l.clear();
    326         } catch (Exception e) {
    327             // ok
    328         }
    329 
    330         try {
    331             l.add("Test");
    332         } catch (Exception e) {
    333             // ok
    334         }
    335 
    336         try {
    337             if (l.size() > 0) {
    338                 l.remove(0);
    339             }
    340         } catch (Exception e) {
    341             // ok
    342         }
    343 
    344     }
    345 
    346     /**
    347      * java.security.cert.X509Certificate#getSubjectAlternativeNames()
    348      */
    349     public void testGetSubjectAlternativeNames()
    350             throws CertificateParsingException {
    351 
    352         assertNull(new MyX509Certificate().getSubjectAlternativeNames());
    353 
    354         Collection<List<?>> coll = cert.getSubjectAlternativeNames();
    355         //getSubjectAlternativeNames method is not supported
    356         assertNotNull(coll);
    357 
    358         try {
    359             coll.clear();
    360         } catch (Exception e) {
    361             // ok
    362         }
    363 
    364         try {
    365             if (coll.size() > 0) {
    366                 coll.remove(0);
    367             }
    368         } catch (Exception e) {
    369             // ok
    370         }
    371 
    372         assertTrue(coll.size() < 10);
    373 
    374     }
    375 
    376     /**
    377      * java.security.cert.X509Certificate#getIssuerAlternativeNames()
    378      */
    379     public void testGetIssuerAlternativeNames()
    380             throws CertificateParsingException {
    381 
    382         assertNull(new MyX509Certificate().getIssuerAlternativeNames());
    383 
    384         Collection<List<?>> coll = cert.getIssuerAlternativeNames();
    385         // getIssuerAlternativeNames returns null.
    386         assertNotNull(coll);
    387 
    388         try {
    389             coll.clear();
    390         } catch (Exception e) {
    391             // ok
    392         }
    393 
    394         try {
    395             if (coll.size() > 0) {
    396                 coll.remove(0);
    397             }
    398         } catch (Exception e) {
    399             // ok
    400         }
    401 
    402         assertTrue(coll.size() < 10);
    403     }
    404 
    405     public void testCerficateException() {
    406         try {
    407             CertificateFactory cf = CertificateFactory.getInstance("X.509");
    408             ByteArrayInputStream bais = new ByteArrayInputStream(
    409                     base64certTampered.getBytes());
    410             cert = (X509Certificate) cf.generateCertificate(bais);
    411         } catch (CertificateException e) {
    412             // ok
    413         }
    414 
    415         try {
    416             CertificateFactory cf = CertificateFactory.getInstance("X.509");
    417             ByteArrayInputStream bais = new ByteArrayInputStream(base64cert
    418                     .getBytes());
    419             cert = (X509Certificate) cf.generateCertificate(bais);
    420         } catch (CertificateException e) {
    421             // ok
    422         }
    423     }
    424 
    425     public void setUp() throws Exception {
    426         super.setUp();
    427         CertificateFactory cf = CertificateFactory.getInstance("X.509");
    428         ByteArrayInputStream bais = new ByteArrayInputStream(base64certCorrect
    429                 .getBytes());
    430         cert = (X509Certificate) cf.generateCertificate(bais);
    431         assertNotNull(cert);
    432     }
    433 }
    434