1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package tests.security.cert; 19 20 import org.apache.harmony.security.tests.support.cert.TestUtils; 21 22 import java.io.ByteArrayInputStream; 23 import java.math.BigInteger; 24 import java.security.Principal; 25 import java.security.PublicKey; 26 import java.security.cert.CertificateException; 27 import java.security.cert.CertificateFactory; 28 import java.security.cert.CertificateParsingException; 29 import java.security.cert.X509Certificate; 30 import java.security.cert.X509Extension; 31 import java.util.Arrays; 32 import java.util.Collection; 33 import java.util.Date; 34 import java.util.List; 35 import java.util.Set; 36 37 import javax.security.auth.x500.X500Principal; 38 39 public class X509Certificate2Test extends junit.framework.TestCase { 40 41 /** 42 * Test for X.509 Certificate provider 43 */ 44 public void test_toString() throws Exception { 45 46 // Regression for HARMONY-3384 47 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 48 X509Certificate pemCert = (X509Certificate) certFact 49 .generateCertificate(new ByteArrayInputStream(TestUtils 50 .getX509Certificate_v3())); 51 52 // extension value is empty sequence 53 byte[] extnValue = pemCert.getExtensionValue("2.5.29.35"); 54 assertTrue(Arrays 55 .equals(new byte[] {0x04, 0x02, 0x30, 0x00}, extnValue)); 56 assertNotNull(pemCert.toString()); 57 // End regression for HARMONY-3384 58 } 59 60 /** 61 * java.security.cert.X509Certificate#X509Certificate() 62 */ 63 public void test_X509Certificate() { 64 MyX509Certificate s = null; 65 try { 66 s = new MyX509Certificate(); 67 } catch (Exception e) { 68 fail("Unexpected exception " + e.getMessage()); 69 } 70 assertEquals("X.509", s.getType()); 71 } 72 73 public void testAbstractMethods() { 74 MyX509Certificate s = new MyX509Certificate(); 75 try { 76 s.checkValidity(); 77 s.checkValidity(new Date()); 78 s.getBasicConstraints(); 79 s.getIssuerDN(); 80 s.getIssuerUniqueID(); 81 s.getKeyUsage(); 82 s.getNotAfter(); 83 s.getNotBefore(); 84 s.getSerialNumber(); 85 s.getSigAlgName(); 86 s.getSigAlgOID(); 87 s.getSigAlgParams(); 88 s.getSignature(); 89 s.getSubjectDN(); 90 s.getSubjectUniqueID(); 91 s.getTBSCertificate(); 92 s.getVersion(); 93 } catch (Exception e) { 94 fail("Unexpected exception " + e.getMessage()); 95 } 96 } 97 98 // Base64 encoded form of ASN.1 DER encoded X.509 Certificate 99 // (see RFC 3280 at http://www.ietf.org/rfc/rfc3280.txt) 100 // (generated by using of classes from 101 // org.apache.harmony.security.x509 package) 102 static String base64cert = 103 "MIIByzCCATagAwIBAgICAiswCwYJKoZIhvcNAQEFMB0xGzAZBgNVBAoT" 104 + "EkNlcnRpZmljYXRlIElzc3VlcjAeFw0wNjA0MjYwNjI4MjJaFw0zMzAz" 105 + "MDExNjQ0MDlaMB0xGzAZBgNVBAoTEkNlcnRpZmljYXRlIElzc3VlcjCB" 106 + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAkLGLsPdSPDMyP1OUOKu" 107 + "U3cvbNK5RGaQ3bXc5aDjvApx43BcaoXgt6YD/5yXz0OsIooj5yA37bY" 108 + "JGcVrvFD5FMPdDd3vjNPQOep0MzG4CdbkaZde5SigPabOMQYS4oUyLBx" 109 + "W3LGG0mUODe5AGGqtqXU0GlKg4K2je6cCtookCUCAwEAAaMeMBwwGgYD" 110 + "VR0RAQH/BBAwDoEMcmZjQDgyMi5OYW1lMAsGCSqGSIb3DQEBBQOBgQBZ" 111 + "pVXj01dOpqnZErUQb50j8lJD1dIaz1eJTvJCSadj7ziV1VtnnapI07c" 112 + "XEa7ONzcHQTYTG10poHfOK/a0BaULF3GlctDESilwQYbW5BdfpAlZpbH" 113 + "AFLcUDh6Eq50kc0A/anh/j3mgBNuvbIMo7hHNnZB6k/prswm2BszyLD" 114 + "yw=="; 115 static String base64certCorrect = 116 "-----BEGIN CERTIFICATE-----\n" 117 + "MIIC+jCCAragAwIBAgICAiswDAYHKoZIzjgEAwEBADAdMRswGQYDVQQKExJDZXJ0a" 118 + "WZpY2F0ZSBJc3N1ZXIwIhgPMTk3MDAxMTIxMzQ2NDBaGA8xOTcwMDEyNDAzMzMyMF" 119 + "owHzEdMBsGA1UEChMUU3ViamVjdCBPcmdhbml6YXRpb24wGTAMBgcqhkjOOAQDAQE" 120 + "AAwkAAQIDBAUGBwiBAgCqggIAVaOCAhQwggIQMA8GA1UdDwEB/wQFAwMBqoAwEgYD" 121 + "VR0TAQH/BAgwBgEB/wIBBTAUBgNVHSABAf8ECjAIMAYGBFUdIAAwZwYDVR0RAQH/B" 122 + "F0wW4EMcmZjQDgyMi5OYW1lggdkTlNOYW1lpBcxFTATBgNVBAoTDE9yZ2FuaXphdG" 123 + "lvboYaaHR0cDovL3VuaWZvcm0uUmVzb3VyY2UuSWSHBP///wCIByoDolyDsgMwDAY" 124 + "DVR0eAQH/BAIwADAMBgNVHSQBAf8EAjAAMIGZBgNVHSUBAf8EgY4wgYsGBFUdJQAG" 125 + "CCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDB" 126 + "AYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUFBw" 127 + "MJBggrBgEFBQgCAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GA1UdNgEB/wQDAgE" 128 + "BMA4GBCpNhgkBAf8EAwEBATBkBgNVHRIEXTBbgQxyZmNAODIyLk5hbWWCB2ROU05h" 129 + "bWWkFzEVMBMGA1UEChMMT3JnYW5pemF0aW9uhhpodHRwOi8vdW5pZm9ybS5SZXNvd" 130 + "XJjZS5JZIcE////AIgHKgOiXIOyAzAJBgNVHR8EAjAAMAoGA1UdIwQDAQEBMAoGA1" 131 + "UdDgQDAQEBMAoGA1UdIQQDAQEBMAwGByqGSM44BAMBAQADMAAwLQIUAL4QvoazNWP" 132 + "7jrj84/GZlhm09DsCFQCBKGKCGbrP64VtUt4JPmLjW1VxQA==\n" 133 + "-----END CERTIFICATE-----"; 134 135 private X509Certificate cert; 136 137 static String base64certTampered = "-----BEGIN CERTIFICATE-----\n" 138 + "MIIC+jCCAragAwIBAgICAiswDAYHKoZIzjgEAwEBADAdMRswGQYDVQQKExJDZXJ0a" 139 + "WZpY2F0ZSBJc3N1ZXIwIhgPMTk3MDAxMTIxMzQ2NDBaGA8xOTcwMDEyNDAzMzMyMF" 140 + "owHzEdMBsGA1UEChMUU3ViamVjdCBPcmdhbml6YXRpb24wGTAMBgcqhkjOOAQDAQE" 141 + "AAwkAAQIDBAUGBwiBAgCqggIAVaOCAhQwggIQMA8GA1UdDwEB/wQFAwMBqoAwEgYD" 142 + "VR0TAQH/BAgwBgEB/wIBBTAUBgNVHSABAf8ECjAIMAyGBFUdIAAwZwYDVR0RAQH/B" 143 + "F0wW4EMcmZjQDgyMi5OYW1lggdkTlNOYW1lpBcxFTATBgNVBAoTDE9yZ2FuaXphdG" 144 + "lvboYaaHR0cDovL3VuaWZvcm0uUmVzb3VyY2UuSWSHBP///wCIByoDolyDsgMwDAY" 145 + "DVR0eAQH/BAIwADAMBgNVHSQBAf8EAjAAMIGZBgNVHSUBAf8EgY4wgYsGBFUdJQAG" 146 + "CCsGAQUFBwMBBggrBgEFBQcDAQYIKxYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDB" 147 + "AYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUFBw" 148 + "MJBggrBgEFBQgCAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GA1UdNgEB/wQDAgE" 149 + "BMA4GBCpNhgkBAf8EAwEBATBkBgNVHRIEXTBbgQxyZmNAODIyLk5hbWWCB2ROU05h" 150 + "bWWkFzEVMBMGA1UEChMMT3JnYW5pemF0aW9uhhpodHRwOi8vdW5pZm9ybS5SZXNvd" 151 + "XJjZS5JZIcE////AIgHKgOiXIOyAzAJBgNVHR8EAjAAMAoGA1UdIwQDAQEBMAoGA1" 152 + "UdDgQDAQEBMAoGA1UdIQQDAQEBMAwHByqGSM44BAMBAQADMAAwLQIUAL4QvoazNWP" 153 + "7jrj84/GZlhm09DsCFQCBKGKCGbrP64VtUt4JPmLjW1VxQA==\n" 154 + "-----END CERTIFICATE-----"; 155 156 // Base64 encoded form of ASN.1 DER encoded X.509 CRL 157 // (see RFC 3280 at http://www.ietf.org/rfc/rfc3280.txt) 158 // (generated by using of classes from 159 // org.apache.harmony.security.x509 package) 160 static String base64crl = 161 "MIHXMIGXAgEBMAkGByqGSM44BAMwFTETMBEGA1UEChMKQ1JMIElzc3Vl" 162 + "chcNMDYwNDI3MDYxMzQ1WhcNMDYwNDI3MDYxNTI1WjBBMD8CAgIrFw0w" 163 + "NjA0MjcwNjEzNDZaMCowCgYDVR0VBAMKAQEwHAYDVR0YBBUYEzIwMDYw" 164 + "NDI3MDYxMzQ1LjQ2OFqgDzANMAsGA1UdFAQEBAQEBDAJBgcqhkjOOAQD" 165 + "AzAAMC0CFQCk0t0DTyu82QpajbBlxX9uXvUDSgIUSBN4g+xTEeexs/0k" 166 + "9AkjBhjF0Es="; 167 168 // has stub implementation for abstract methods 169 private static class MyX509Certificate extends X509Certificate implements 170 X509Extension { 171 172 private static final long serialVersionUID = -7196694072296607007L; 173 174 public void checkValidity() { 175 } 176 177 public void checkValidity(Date date) { 178 } 179 180 public int getVersion() { 181 return 3; 182 } 183 184 public BigInteger getSerialNumber() { 185 return null; 186 } 187 188 public Principal getIssuerDN() { 189 return null; 190 } 191 192 public Principal getSubjectDN() { 193 return null; 194 } 195 196 public Date getNotBefore() { 197 return null; 198 } 199 200 public Date getNotAfter() { 201 return null; 202 } 203 204 public byte[] getTBSCertificate() { 205 return null; 206 } 207 208 public byte[] getSignature() { 209 return null; 210 } 211 212 public String getSigAlgName() { 213 return null; 214 } 215 216 public String getSigAlgOID() { 217 return null; 218 } 219 220 public byte[] getSigAlgParams() { 221 return null; 222 } 223 224 public boolean[] getIssuerUniqueID() { 225 return null; 226 } 227 228 public boolean[] getSubjectUniqueID() { 229 return null; 230 } 231 232 public boolean[] getKeyUsage() { 233 return null; 234 } 235 236 public int getBasicConstraints() { 237 return 0; 238 } 239 240 public void verify(PublicKey key) { 241 } 242 243 public void verify(PublicKey key, String sigProvider) { 244 } 245 246 public String toString() { 247 return ""; 248 } 249 250 public PublicKey getPublicKey() { 251 return null; 252 } 253 254 public byte[] getEncoded() { 255 return null; 256 } 257 258 public Set<String> getNonCriticalExtensionOIDs() { 259 return null; 260 } 261 262 public Set<String> getCriticalExtensionOIDs() { 263 return null; 264 } 265 266 public byte[] getExtensionValue(String oid) { 267 return null; 268 } 269 270 public boolean hasUnsupportedCriticalExtension() { 271 return false; 272 } 273 } 274 275 /** 276 * java.security.cert.X509Certificate#getType() 277 */ 278 public void testGetType() { 279 assertEquals("X.509", new MyX509Certificate().getType()); 280 } 281 282 /** 283 * java.security.cert.X509Certificate#getIssuerX500Principal() 284 */ 285 public void testGetIssuerX500Principal() { 286 // return valid encoding 287 MyX509Certificate cert = new MyX509Certificate() { 288 private static final long serialVersionUID = 638659908323741165L; 289 290 public byte[] getEncoded() { 291 return TestUtils.getX509Certificate_v1(); 292 } 293 }; 294 295 assertEquals(new X500Principal("CN=Z"), cert.getIssuerX500Principal()); 296 } 297 298 /** 299 * java.security.cert.X509Certificate#getSubjectX500Principal() 300 */ 301 public void testGetSubjectX500Principal() { 302 // return valid encoding 303 MyX509Certificate cert = new MyX509Certificate() { 304 private static final long serialVersionUID = -3625913637413840694L; 305 306 public byte[] getEncoded() { 307 return TestUtils.getX509Certificate_v1(); 308 } 309 }; 310 311 assertEquals(new X500Principal("CN=Y"), cert.getSubjectX500Principal()); 312 } 313 314 /** 315 * @throws CertificateException 316 * java.security.cert.X509Certificate#getExtendedKeyUsage() 317 */ 318 public void testGetExtendedKeyUsage() throws CertificateException { 319 assertNull(new MyX509Certificate().getExtendedKeyUsage()); 320 321 List<String> l = cert.getExtendedKeyUsage(); 322 assertNotNull(l); 323 324 try { 325 l.clear(); 326 } catch (Exception e) { 327 // ok 328 } 329 330 try { 331 l.add("Test"); 332 } catch (Exception e) { 333 // ok 334 } 335 336 try { 337 if (l.size() > 0) { 338 l.remove(0); 339 } 340 } catch (Exception e) { 341 // ok 342 } 343 344 } 345 346 /** 347 * java.security.cert.X509Certificate#getSubjectAlternativeNames() 348 */ 349 public void testGetSubjectAlternativeNames() 350 throws CertificateParsingException { 351 352 assertNull(new MyX509Certificate().getSubjectAlternativeNames()); 353 354 Collection<List<?>> coll = cert.getSubjectAlternativeNames(); 355 //getSubjectAlternativeNames method is not supported 356 assertNotNull(coll); 357 358 try { 359 coll.clear(); 360 } catch (Exception e) { 361 // ok 362 } 363 364 try { 365 if (coll.size() > 0) { 366 coll.remove(0); 367 } 368 } catch (Exception e) { 369 // ok 370 } 371 372 assertTrue(coll.size() < 10); 373 374 } 375 376 /** 377 * java.security.cert.X509Certificate#getIssuerAlternativeNames() 378 */ 379 public void testGetIssuerAlternativeNames() 380 throws CertificateParsingException { 381 382 assertNull(new MyX509Certificate().getIssuerAlternativeNames()); 383 384 Collection<List<?>> coll = cert.getIssuerAlternativeNames(); 385 // getIssuerAlternativeNames returns null. 386 assertNotNull(coll); 387 388 try { 389 coll.clear(); 390 } catch (Exception e) { 391 // ok 392 } 393 394 try { 395 if (coll.size() > 0) { 396 coll.remove(0); 397 } 398 } catch (Exception e) { 399 // ok 400 } 401 402 assertTrue(coll.size() < 10); 403 } 404 405 public void testCerficateException() { 406 try { 407 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 408 ByteArrayInputStream bais = new ByteArrayInputStream( 409 base64certTampered.getBytes()); 410 cert = (X509Certificate) cf.generateCertificate(bais); 411 } catch (CertificateException e) { 412 // ok 413 } 414 415 try { 416 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 417 ByteArrayInputStream bais = new ByteArrayInputStream(base64cert 418 .getBytes()); 419 cert = (X509Certificate) cf.generateCertificate(bais); 420 } catch (CertificateException e) { 421 // ok 422 } 423 } 424 425 public void setUp() throws Exception { 426 super.setUp(); 427 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 428 ByteArrayInputStream bais = new ByteArrayInputStream(base64certCorrect 429 .getBytes()); 430 cert = (X509Certificate) cf.generateCertificate(bais); 431 assertNotNull(cert); 432 } 433 } 434