Home | History | Annotate | Download | only in provider
      1 /*
      2  * Copyright (C) 2012 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 package com.android.org.bouncycastle.jce.provider;
     18 
     19 import java.io.ByteArrayInputStream;
     20 import java.io.File;
     21 import java.io.FileOutputStream;
     22 import java.io.FileNotFoundException;
     23 import java.io.InputStream;
     24 import java.io.IOException;
     25 import java.math.BigInteger;
     26 import java.security.cert.CertificateFactory;
     27 import java.security.cert.Certificate;
     28 import java.security.cert.X509Certificate;
     29 import java.security.MessageDigest;
     30 import java.security.PrivateKey;
     31 import java.security.PublicKey;
     32 import java.util.HashSet;
     33 import java.util.Set;
     34 import junit.framework.TestCase;
     35 import com.android.org.bouncycastle.jce.provider.CertBlacklist;
     36 import com.android.org.bouncycastle.crypto.Digest;
     37 import com.android.org.bouncycastle.util.encoders.Base64;
     38 import com.android.org.bouncycastle.util.encoders.Hex;
     39 
     40 public class CertBlacklistTest extends TestCase {
     41 
     42     private File tmpFile;
     43 
     44     private Set<String> DEFAULT_PUBKEYS;
     45     private Set<String> DEFAULT_SERIALS;
     46 
     47     public static final String TEST_CERT = "" +
     48                     "MIIDsjCCAxugAwIBAgIJAPLf2gS0zYGUMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYDVQQGEwJVUzET" +
     49                     "MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEPMA0GA1UEChMGR29v" +
     50                     "Z2xlMRAwDgYDVQQLEwd0ZXN0aW5nMRYwFAYDVQQDEw1HZXJlbXkgQ29uZHJhMSEwHwYJKoZIhvcN" +
     51                     "AQkBFhJnY29uZHJhQGdvb2dsZS5jb20wHhcNMTIwNzE0MTc1MjIxWhcNMTIwODEzMTc1MjIxWjCB" +
     52                     "mDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZp" +
     53                     "ZXcxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMNR2VyZW15IENv" +
     54                     "bmRyYTEhMB8GCSqGSIb3DQEJARYSZ2NvbmRyYUBnb29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA" +
     55                     "A4GNADCBiQKBgQCjGGHATBYlmas+0sEECkno8LZ1KPglb/mfe6VpCT3GhSr+7br7NG/ZwGZnEhLq" +
     56                     "E7YIH4fxltHmQC3Tz+jM1YN+kMaQgRRjo/LBCJdOKaMwUbkVynAH6OYsKevjrOPk8lfM5SFQzJMG" +
     57                     "sA9+Tfopr5xg0BwZ1vA/+E3mE7Tr3M2UvwIDAQABo4IBADCB/TAdBgNVHQ4EFgQUhzkS9E6G+x8W" +
     58                     "L4EsmRjDxu28tHUwgc0GA1UdIwSBxTCBwoAUhzkS9E6G+x8WL4EsmRjDxu28tHWhgZ6kgZswgZgx" +
     59                     "CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3" +
     60                     "MQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB3Rlc3RpbmcxFjAUBgNVBAMTDUdlcmVteSBDb25k" +
     61                     "cmExITAfBgkqhkiG9w0BCQEWEmdjb25kcmFAZ29vZ2xlLmNvbYIJAPLf2gS0zYGUMAwGA1UdEwQF" +
     62                     "MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYiugFDmbDOQ2U/+mqNt7o8ftlEo9SJrns6O8uTtK6AvR" +
     63                     "orDrR1AXTXkuxwLSbmVfedMGOZy7Awh7iZa8hw5x9XmUudfNxvmrKVEwGQY2DZ9PXbrnta/dwbhK" +
     64                     "mWfoepESVbo7CKIhJp8gRW0h1Z55ETXD57aGJRvQS4pxkP8ANhM=";
     65 
     66     public static final String TURKTRUST_1 = "" +
     67                     "MIIFPTCCBCWgAwIBAgICCCcwDQYJKoZIhvcNAQEFBQAwgawxPTA7BgNVBAMMNFTDnFJLVFJVU1Qg" +
     68                     "RWxla3Ryb25payBTdW51Y3UgU2VydGlmaWthc8SxIEhpem1ldGxlcmkxCzAJBgNVBAYTAlRSMV4w" +
     69                     "XAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnE" +
     70                     "n2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtICAyMDA1MB4XDTExMDgwODA3MDc1MVoXDTIx" +
     71                     "MDcwNjA3MDc1MVowbjELMAkGA1UEBhMCVFIxDzANBgNVBAgMBkFOS0FSQTEPMA0GA1UEBwwGQU5L" +
     72                     "QVJBMQwwCgYDVQQKDANFR08xGDAWBgNVBAsMD0VHTyBCSUxHSSBJU0xFTTEVMBMGA1UEAwwMKi5F" +
     73                     "R08uR09WLlRSMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5zoj2Bpdl7R1M/zF6Qf" +
     74                     "4su2F8vDqISKvuTuyJhNAHhFGHCsHjaixGMHspuz0l3V50kq/ECWbN8kKaeTrB112QOrWTU276iu" +
     75                     "p1Gh+OlEOiR9vlQ4VAP00dWUjD6z9HQFCi8W3EsEtiiHiYOU9BcPpPkaUbECwP4nGVwR8aPwhB5P" +
     76                     "GBJc98romdvciYkUpSOOwkuSRtooA7tRlLFu72QaNpXN1NueB36I3aajPk0YyiXy2w8XlgK7QI4P" +
     77                     "SSBnSq+QblFocWVmLhF94je7py6lCnllrIFXpR3FWZLD5GcI6HKlBS78AQ+IMBLFHhsEVw5NQj90" +
     78                     "chSZClfBWBZzIaV9RwIDAQABo4IBpDCCAaAwHwYDVR0jBBgwFoAUq042AzDS29UKaL6HpVBs/PZw" +
     79                     "pSUwHQYDVR0OBBYEFGT7G4Y9uEryRIL5Vj3qJsD047M0MA4GA1UdDwEB/wQEAwIBBjBFBgNVHSAE" +
     80                     "PjA8MDoGCWCGGAMAAwEBATAtMCsGCCsGAQUFBwIBFh9odHRwOi8vd3d3LnR1cmt0cnVzdC5jb20u" +
     81                     "dHIvc3VlMA8GA1UdEwEB/wQFMAMBAf8wSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL3d3dy50dXJr" +
     82                     "dHJ1c3QuY29tLnRyL3NpbC9UVVJLVFJVU1RfU1NMX1NJTF9zMi5jcmwwgaoGCCsGAQUFBwEBBIGd" +
     83                     "MIGaMG4GCCsGAQUFBzAChmJodHRwOi8vd3d3LnR1cmt0cnVzdC5jb20udHIvc2VydGlmaWthbGFy" +
     84                     "L1RVUktUUlVTVF9FbGVrdHJvbmlrX1N1bnVjdV9TZXJ0aWZpa2FzaV9IaXptZXRsZXJpX3MyLmNy" +
     85                     "dDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AudHVya3RydXN0LmNvbS50cjANBgkqhkiG9w0BAQUF" +
     86                     "AAOCAQEAj89QCCyoW0S20EcYDZAnvFLFmougK97Bt68iV1OM622+Cyeyf4Sz+1LBk1f9ni3fGT0Q" +
     87                     "+RWZJYWq5YuSBiLVgk3NLcxnwe3wmnvErUgq1QDtAaNlBWMEMklOlWGfJ0eWaillUskJbDd4KwgZ" +
     88                     "HDEj7g/jYEQqU1t0zoJdwM/zNsnLHkhwcWZ5PQnnbpff1Ct/1LH/8pdy2eRDmRmqniLUh8r2lZfJ" +
     89                     "eudVZG6yIbxsqP3t2JCq5c2P1jDhAGF3g9DiskH0CzsRdbVpoWdr+PY1Xz/19G8XEpX9r+IBJhLd" +
     90                     "bkpVo0Qh0A10mzFP/GUk5f/8nho2HvLaVMhWv1qKcF8IhQ==";
     91 
     92     public static final String TURKTRUST_2 = "" +
     93                     "MIID8DCCAtigAwIBAgICCGQwDQYJKoZIhvcNAQEFBQAwgawxPTA7BgNVBAMMNFTDnFJLVFJVU1Qg" +
     94                     "RWxla3Ryb25payBTdW51Y3UgU2VydGlmaWthc8SxIEhpem1ldGxlcmkxCzAJBgNVBAYTAlRSMV4w" +
     95                     "XAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnE" +
     96                     "n2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtICAyMDA1MB4XDTExMDgwODA3MDc1MVoXDTIx" +
     97                     "MDgwNTA3MDc1MVowgaMxCzAJBgNVBAYTAlRSMRAwDgYDVQQIEwdMZWZrb3NhMRAwDgYDVQQHEwdM" +
     98                     "ZWZrb3NhMRwwGgYDVQQKExNLS1RDIE1lcmtleiBCYW5rYXNpMSYwJAYDVQQDEx1lLWlzbGVtLmtr" +
     99                     "dGNtZXJrZXpiYW5rYXNpLm9yZzEqMCgGCSqGSIb3DQEJARYbaWxldGlAa2t0Y21lcmtlemJhbmth" +
    100                     "c2kub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1hUpuRFY67NsZ6C9rzRAPCb" +
    101                     "9RVpi4nZzJIA1TvIfr4hMPM0X5jseMf5GvgJQ+cBMZtooDd7BbZNy2z7O5A+8PYFaMDdokCENx2e" +
    102                     "PIqAVuO6C5UAqM7J3n6RrhjOvqiw6dTQMbtXhjFao+YMuBVvRuuhGHBDK3Je64T/KLzcmAUlRJEu" +
    103                     "y+ZMe7AatUaSDr/jy5DMA5xEYOdsnS5Zo30lRG+9vqbxb8CQi+E97sNjY+W4lEgJKQWMNh5rCxo4" +
    104                     "Hinkm3CKyKX3PAS+DDVI3LQiCiIQUOMA2+1P5aTPTkpqlbjqhbWTWAPWOKCF9d83p3RMXOYt5Gah" +
    105                     "S8rg5u6+toEC1QIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkq" +
    106                     "hkiG9w0BAQUFAAOCAQEAwjWz5tsUvYORVW8KJSK/biHFrAnFotMtoTKEewRmnYaYjwXIr1IPaBqh" +
    107                     "jkGGviLN2eOH/v97Uli6HC4lzhKHfMQUS9KF/f5nGcH8iQBy/gmFsfJQ1KDC6GNM4CfMGIzyxjYh" +
    108                     "P0VzdUtKX3PAl5EqgMUcdqRDy6Ruz55+JkdvCL1nAC7xH+czJcZVwysTdGfLTCh6VtYPgIkeL6U8" +
    109                     "3xQAyMuOHm72exJljYFqIsiNvGE0KufCqCuH1PD97IXMrLlwGmKKg5jP349lySBpJjm6RDqCTT+6" +
    110                     "dUl2jkVbeNmco99Y7AOdtLsOdXBMCo5x8lK8zwQWFrzEms0joHXCpWfGWA==";
    111 
    112     public CertBlacklistTest() throws IOException {
    113         tmpFile = File.createTempFile("test", "");
    114         DEFAULT_PUBKEYS = getDefaultPubkeys();
    115         DEFAULT_SERIALS = getDefaultSerials();
    116         tmpFile.delete();
    117     }
    118 
    119     @Override
    120     public void setUp() throws Exception {
    121         super.setUp();
    122         tmpFile = File.createTempFile("test", "");
    123     }
    124 
    125     @Override
    126     public void tearDown() throws Exception {
    127         try {
    128             tmpFile.delete();
    129         } finally {
    130             super.tearDown();
    131         }
    132     }
    133 
    134     private Set<String> getPubkeyBlacklist(String path) throws IOException {
    135         // set our blacklist path
    136         CertBlacklist bl = new CertBlacklist(path, CertBlacklist.DEFAULT_SERIAL_BLACKLIST_PATH);
    137         // call readPubkeyBlacklist
    138         Set<byte[]> arr = bl.pubkeyBlacklist;
    139         // convert the results to a hashset of strings
    140         Set<String> results = new HashSet<String>();
    141         for (byte[] value: arr) {
    142             results.add(new String(value));
    143         }
    144         return results;
    145     }
    146 
    147     private Set<String> getSerialBlacklist(String path) throws IOException {
    148         // set our blacklist path
    149         CertBlacklist bl = new CertBlacklist(CertBlacklist.DEFAULT_PUBKEY_BLACKLIST_PATH, path);
    150         // call readPubkeyBlacklist
    151         Set<BigInteger> arr = bl.serialBlacklist;
    152         // convert the results to a hashset of strings
    153         Set<String> results = new HashSet<String>();
    154         for (BigInteger value: arr) {
    155             results.add(value.toString(16));
    156         }
    157         return results;
    158     }
    159 
    160     private static String getHash(PublicKey publicKey) throws Exception {
    161         byte[] encoded = publicKey.getEncoded();
    162         MessageDigest digest = MessageDigest.getInstance("SHA1");
    163         byte[] hexlifiedHash = Hex.encode(digest.digest(encoded));
    164         return new String(hexlifiedHash);
    165     }
    166 
    167     private Set<String> getDefaultPubkeys() throws IOException {
    168         return getPubkeyBlacklist("");
    169     }
    170 
    171     private Set<String> getDefaultSerials() throws IOException {
    172         return getSerialBlacklist("");
    173     }
    174 
    175     private Set<String> getCurrentPubkeyBlacklist() throws IOException {
    176         return getPubkeyBlacklist(tmpFile.getCanonicalPath());
    177     }
    178 
    179     private Set<String> getCurrentSerialBlacklist() throws IOException {
    180         return getSerialBlacklist(tmpFile.getCanonicalPath());
    181     }
    182 
    183     private void blacklistToFile(String blacklist) throws IOException {
    184         FileOutputStream out = new FileOutputStream(tmpFile);
    185         out.write(blacklist.toString().getBytes());
    186         out.close();
    187     }
    188 
    189     private void writeBlacklist(HashSet<String> values) throws IOException {
    190         StringBuilder result = new StringBuilder();
    191         // join the values into a string
    192         for (String value : values) {
    193             if (result.length() != 0) {
    194                 result.append(",");
    195             }
    196             result.append(value);
    197         }
    198         blacklistToFile(result.toString());
    199     }
    200 
    201     private static PublicKey createPublicKey(String cert) throws Exception {
    202         byte[] derCert = Base64.decode(cert.getBytes());
    203         InputStream istream = new ByteArrayInputStream(derCert);
    204         CertificateFactory cf = CertificateFactory.getInstance("X.509");
    205         return cf.generateCertificate(istream).getPublicKey();
    206     }
    207 
    208     private static BigInteger createSerialNumber(String cert) throws Exception {
    209         byte[] derCert = Base64.decode(cert.getBytes());
    210         InputStream istream = new ByteArrayInputStream(derCert);
    211         CertificateFactory cf = CertificateFactory.getInstance("X.509");
    212         X509Certificate xCert = (X509Certificate)cf.generateCertificate(istream);
    213         return xCert.getSerialNumber();
    214     }
    215 
    216     public void testPubkeyBlacklistLegit() throws Exception {
    217         // build the blacklist
    218         HashSet<String> bl = new HashSet<String>();
    219         bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccc");
    220         // write the blacklist
    221         writeBlacklist(bl);
    222         // add the default pubkeys into the bl
    223         bl.addAll(DEFAULT_PUBKEYS);
    224         // do the test
    225         assertEquals(bl, getCurrentPubkeyBlacklist());
    226     }
    227 
    228     public void testLegitPubkeyIsntBlacklisted() throws Exception {
    229         // build the public key
    230         PublicKey pk = createPublicKey(TEST_CERT);
    231         // write that to the test blacklist
    232         writeBlacklist(new HashSet<String>());
    233         // set our blacklist path
    234         CertBlacklist bl = new CertBlacklist(tmpFile.getCanonicalPath(),
    235                                              CertBlacklist.DEFAULT_SERIAL_BLACKLIST_PATH);
    236         // check to make sure it isn't blacklisted
    237         assertEquals(bl.isPublicKeyBlackListed(pk), false);
    238     }
    239 
    240     public void testPubkeyIsBlacklisted() throws Exception {
    241         // build the public key
    242         PublicKey pk = createPublicKey(TEST_CERT);
    243         // get its hash
    244         String hash = getHash(pk);
    245         // write that to the test blacklist
    246         HashSet<String> testBlackList = new HashSet<String>();
    247         testBlackList.add(hash);
    248         writeBlacklist(testBlackList);
    249         // set our blacklist path
    250         CertBlacklist bl = new CertBlacklist(tmpFile.getCanonicalPath(),
    251                                              CertBlacklist.DEFAULT_SERIAL_BLACKLIST_PATH);
    252         // check to make sure it isn't blacklited
    253         assertTrue(bl.isPublicKeyBlackListed(pk));
    254     }
    255 
    256     public void testSerialBlacklistLegit() throws IOException {
    257         // build the blacklist
    258         HashSet<String> bl = new HashSet<String>();
    259         bl.add("22e514121e61c643b1e9b06bd4b9f7d0");
    260         // write the blacklist
    261         writeBlacklist(bl);
    262         // add the default serials into the bl
    263         bl.addAll(DEFAULT_SERIALS);
    264         // do the test
    265         assertEquals(bl, getCurrentSerialBlacklist());
    266     }
    267 
    268     public void testPubkeyBlacklistMultipleLegit() throws IOException {
    269         // build the blacklist
    270         HashSet<String> bl = new HashSet<String>();
    271         bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccc");
    272         bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccd");
    273         // write the blacklist
    274         writeBlacklist(bl);
    275         // add the default pubkeys into the bl
    276         bl.addAll(DEFAULT_PUBKEYS);
    277         // do the test
    278         assertEquals(bl, getCurrentPubkeyBlacklist());
    279     }
    280 
    281     public void testSerialBlacklistMultipleLegit() throws IOException {
    282         // build the blacklist
    283         HashSet<String> bl = new HashSet<String>();
    284         bl.add("22e514121e61c643b1e9b06bd4b9f7d0");
    285         bl.add("22e514121e61c643b1e9b06bd4b9f7d1");
    286         // write the blacklist
    287         writeBlacklist(bl);
    288         // add the default serials into the bl
    289         bl.addAll(DEFAULT_SERIALS);
    290         // do the test
    291         assertEquals(bl, getCurrentSerialBlacklist());
    292     }
    293 
    294     public void testPubkeyBlacklistMultipleBad() throws IOException {
    295         // build the blacklist
    296         HashSet<String> bl = new HashSet<String>();
    297         bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccc");
    298         bl.add("");
    299         bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccd");
    300         // write the blacklist
    301         writeBlacklist(bl);
    302         // add the default pubkeys into the bl
    303         bl.addAll(DEFAULT_PUBKEYS);
    304         // remove the bad one
    305         bl.remove("");
    306         // do the test- results should be all but the bad one are handled
    307         assertEquals(bl, getCurrentPubkeyBlacklist());
    308     }
    309 
    310     public void testSerialBlacklistMultipleBad() throws IOException {
    311         // build the blacklist
    312         HashSet<String> bl = new HashSet<String>();
    313         bl.add("22e514121e61c643b1e9b06bd4b9f7d0");
    314         bl.add("");
    315         bl.add("22e514121e61c643b1e9b06bd4b9f7d1");
    316         // write the blacklist
    317         writeBlacklist(bl);
    318         // add the default serials into the bl
    319         bl.addAll(DEFAULT_SERIALS);
    320         // remove the bad one
    321         bl.remove("");
    322         // do the test- results should be all but the bad one are handled
    323         assertEquals(bl, getCurrentSerialBlacklist());
    324     }
    325 
    326     public void testPubkeyBlacklistDoesntExist() throws IOException {
    327         assertEquals(DEFAULT_PUBKEYS, getCurrentPubkeyBlacklist());
    328     }
    329 
    330     public void testSerialBlacklistDoesntExist() throws IOException {
    331         assertEquals(DEFAULT_SERIALS, getCurrentSerialBlacklist());
    332     }
    333 
    334     public void testPubkeyBlacklistNotHexValues() throws IOException {
    335         // build the blacklist
    336         HashSet<String> bl = new HashSet<String>();
    337         bl.add("ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ");
    338         // write the blacklist
    339         writeBlacklist(bl);
    340         // do the test
    341         assertEquals(DEFAULT_PUBKEYS, getCurrentPubkeyBlacklist());
    342     }
    343 
    344     public void testSerialBlacklistNotHexValues() throws IOException {
    345         // build the blacklist
    346         HashSet<String> bl = new HashSet<String>();
    347         bl.add("ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ");
    348         // write the blacklist
    349         writeBlacklist(bl);
    350         // do the test
    351         assertEquals(DEFAULT_SERIALS, getCurrentSerialBlacklist());
    352     }
    353 
    354     public void testPubkeyBlacklistIncorrectLength() throws IOException {
    355         // build the blacklist
    356         HashSet<String> bl = new HashSet<String>();
    357         bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091cc");
    358         // write the blacklist
    359         writeBlacklist(bl);
    360         // do the test
    361         assertEquals(DEFAULT_PUBKEYS, getCurrentPubkeyBlacklist());
    362     }
    363 
    364     public void testSerialBlacklistZero() throws IOException {
    365         // build the blacklist
    366         HashSet<String> bl = new HashSet<String>();
    367         bl.add("0");
    368         // write the blacklist
    369         writeBlacklist(bl);
    370         // add the default serials
    371         bl.addAll(DEFAULT_SERIALS);
    372         // do the test
    373         assertEquals(bl, getCurrentSerialBlacklist());
    374     }
    375 
    376     public void testSerialBlacklistNegative() throws IOException {
    377         // build the blacklist
    378         HashSet<String> bl = new HashSet<String>();
    379         bl.add("-1");
    380         // write the blacklist
    381         writeBlacklist(bl);
    382         // add the default serials
    383         bl.addAll(DEFAULT_SERIALS);
    384         // do the test
    385         assertEquals(bl, getCurrentSerialBlacklist());
    386     }
    387 
    388     public void testTurkTrustIntermediate1SerialBlacklist() throws Exception {
    389         CertBlacklist bl = new CertBlacklist();
    390         assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(TURKTRUST_1)), true);
    391     }
    392 
    393     public void testTurkTrustIntermediate1PubkeyBlacklist() throws Exception {
    394         // build the public key
    395         PublicKey pk = createPublicKey(TURKTRUST_1);
    396         // write that to the test blacklist
    397         writeBlacklist(new HashSet<String>());
    398         // set our blacklist path
    399         CertBlacklist bl = new CertBlacklist();
    400         // check to make sure it isn't blacklisted
    401         assertEquals(bl.isPublicKeyBlackListed(pk), true);
    402     }
    403 
    404     public void testTurkTrustIntermediate2SerialBlacklist() throws Exception {
    405         CertBlacklist bl = new CertBlacklist();
    406         assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(TURKTRUST_2)), true);
    407     }
    408 
    409     public void testTurkTrustIntermediate2PubkeyBlacklist() throws Exception {
    410         // build the public key
    411         PublicKey pk = createPublicKey(TURKTRUST_2);
    412         // set our blacklist path
    413         CertBlacklist bl = new CertBlacklist();
    414         // check to make sure it isn't blacklisted
    415         assertEquals(bl.isPublicKeyBlackListed(pk), true);
    416     }
    417 
    418     private static void printHash(String cert) throws Exception {
    419         System.out.println("CERTIFICATE PUBLIC KEY HASH: " + getHash(createPublicKey(cert)));
    420     }
    421 
    422     private static void printSerial(String cert) throws Exception {
    423         System.out.println("CERTIFICATE SERIAL NUMBER: " + createSerialNumber(cert).toString(16));
    424     }
    425 }
    426