1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 /** 19 * @author Alexander Y. Kleymenov 20 * @version $Revision$ 21 */ 22 23 package tests.api.javax.security.cert; 24 25 import dalvik.annotation.BrokenTest; 26 import dalvik.annotation.SideEffect; 27 28 import junit.framework.Test; 29 import junit.framework.TestCase; 30 import junit.framework.TestSuite; 31 32 import tests.targets.security.cert.CertificateFactoryTestX509; 33 34 import java.io.ByteArrayInputStream; 35 import java.io.IOException; 36 import java.io.InputStream; 37 import java.math.BigInteger; 38 import java.security.InvalidKeyException; 39 import java.security.NoSuchAlgorithmException; 40 import java.security.NoSuchProviderException; 41 import java.security.Principal; 42 import java.security.Provider; 43 import java.security.PublicKey; 44 import java.security.Security; 45 import java.security.SignatureException; 46 import java.security.Provider.Service; 47 import java.security.cert.CertificateFactory; 48 import java.util.Arrays; 49 import java.util.Calendar; 50 import java.util.Date; 51 import java.util.GregorianCalendar; 52 import java.util.Set; 53 import java.util.logging.Logger; 54 55 import javax.security.cert.Certificate; 56 import javax.security.cert.CertificateEncodingException; 57 import javax.security.cert.CertificateException; 58 import javax.security.cert.CertificateExpiredException; 59 import javax.security.cert.CertificateNotYetValidException; 60 import javax.security.cert.X509Certificate; 61 62 import junit.framework.Test; 63 import junit.framework.TestCase; 64 import junit.framework.TestSuite; 65 import tests.targets.security.cert.CertificateFactoryTestX509; 66 67 /** 68 */ 69 public class X509CertificateTest extends TestCase { 70 71 // Testing data was generated by using of classes 72 // from org.apache.harmony.security.asn1 package encoded 73 // by org.apache.harmony.misc.Base64 class. 74 75 private static String base64cert = "-----BEGIN CERTIFICATE-----\n" 76 + "MIIC+jCCAragAwIBAgICAiswDAYHKoZIzjgEAwEBADAdMRswGQYDVQQKExJDZXJ0a" 77 + "WZpY2F0ZSBJc3N1ZXIwIhgPMTk3MDAxMTIxMzQ2NDBaGA8xOTcwMDEyNDAzMzMyMF" 78 + "owHzEdMBsGA1UEChMUU3ViamVjdCBPcmdhbml6YXRpb24wGTAMBgcqhkjOOAQDAQE" 79 + "AAwkAAQIDBAUGBwiBAgCqggIAVaOCAhQwggIQMA8GA1UdDwEB/wQFAwMBqoAwEgYD" 80 + "VR0TAQH/BAgwBgEB/wIBBTAUBgNVHSABAf8ECjAIMAYGBFUdIAAwZwYDVR0RAQH/B" 81 + "F0wW4EMcmZjQDgyMi5OYW1lggdkTlNOYW1lpBcxFTATBgNVBAoTDE9yZ2FuaXphdG" 82 + "lvboYaaHR0cDovL3VuaWZvcm0uUmVzb3VyY2UuSWSHBP///wCIByoDolyDsgMwDAY" 83 + "DVR0eAQH/BAIwADAMBgNVHSQBAf8EAjAAMIGZBgNVHSUBAf8EgY4wgYsGBFUdJQAG" 84 + "CCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDB" 85 + "AYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUFBw" 86 + "MJBggrBgEFBQgCAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GA1UdNgEB/wQDAgE" 87 + "BMA4GBCpNhgkBAf8EAwEBATBkBgNVHRIEXTBbgQxyZmNAODIyLk5hbWWCB2ROU05h" 88 + "bWWkFzEVMBMGA1UEChMMT3JnYW5pemF0aW9uhhpodHRwOi8vdW5pZm9ybS5SZXNvd" 89 + "XJjZS5JZIcE////AIgHKgOiXIOyAzAJBgNVHR8EAjAAMAoGA1UdIwQDAQEBMAoGA1" 90 + "UdDgQDAQEBMAoGA1UdIQQDAQEBMAwGByqGSM44BAMBAQADMAAwLQIUAL4QvoazNWP" 91 + "7jrj84/GZlhm09DsCFQCBKGKCGbrP64VtUt4JPmLjW1VxQA==\n" 92 + "-----END CERTIFICATE-----"; 93 94 /* 95 * a self-signed certificate 96 */ 97 private static final String selfSignedCert = "-----BEGIN CERTIFICATE-----\n" + 98 "MIIDPzCCAqigAwIBAgIBADANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJBTjEQ" + 99 "MA4GA1UECBMHQW5kcm9pZDEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5k" + 100 "cm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBh" + 101 "bmRyb2lkLmNvbTAeFw0wOTAzMjAxNzAwMDZaFw0xMjAzMTkxNzAwMDZaMHkxCzAJ" + 102 "BgNVBAYTAkFOMRAwDgYDVQQIEwdBbmRyb2lkMRAwDgYDVQQKEwdBbmRyb2lkMRAw" + 103 "DgYDVQQLEwdBbmRyb2lkMRAwDgYDVQQDEwdBbmRyb2lkMSIwIAYJKoZIhvcNAQkB" + 104 "FhNhbmRyb2lkQGFuZHJvaWQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB" + 105 "gQCqQkDtkiEXmV8O5EK4y2Y9YyoWNDx70z4fqD+9muuzJGuM5NovMbxhBycuKHF3" + 106 "WK60iXzrsAYkB1c8VHHbcUEFqz2fBdLKyxy/nYohlo8TYSVpEjt3vfc0sgmp4FKU" + 107 "RDHO2z3rZPHWysV9L9ZvjeQpiwaYipU9epdBmvFmxQmCDQIDAQABo4HWMIHTMB0G" + 108 "A1UdDgQWBBTnm32QKeqQC38IQXZOQSPoQyypAzCBowYDVR0jBIGbMIGYgBTnm32Q" + 109 "KeqQC38IQXZOQSPoQyypA6F9pHsweTELMAkGA1UEBhMCQU4xEDAOBgNVBAgTB0Fu" + 110 "ZHJvaWQxEDAOBgNVBAoTB0FuZHJvaWQxEDAOBgNVBAsTB0FuZHJvaWQxEDAOBgNV" + 111 "BAMTB0FuZHJvaWQxIjAgBgkqhkiG9w0BCQEWE2FuZHJvaWRAYW5kcm9pZC5jb22C" + 112 "AQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAUmDApQu+r5rglS1WF" + 113 "BKXE3R2LasFvbBwdw2E0MAc0TWqLVW91VW4VWMX4r+C+c7rZpYXXtRqFRCuI/czL" + 114 "0e1GaUP/Wa6bXBcm2u7Iv2dVAaAOELmFSVTZeR57Lm9lT9kQLp24kmNndIsiDW3T" + 115 "XZ4pY/k2kxungOKx8b8pGYE9Bw==\n" + 116 "-----END CERTIFICATE-----"; 117 118 private java.security.cert.X509Certificate cert; 119 120 private javax.security.cert.X509Certificate tbt_cert; 121 122 private java.security.cert.X509Certificate javaCert; 123 124 private Provider myProvider; 125 126 private javax.security.cert.X509Certificate javaxCert; 127 128 private java.security.cert.Certificate javaSSCert; 129 130 private Provider mySSProvider; 131 132 private Certificate javaxSSCert; 133 134 @Override 135 protected void setUp() throws Exception { 136 try { 137 ByteArrayInputStream bais = new ByteArrayInputStream(base64cert 138 .getBytes()); 139 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 140 this.cert = (java.security.cert.X509Certificate) cf 141 .generateCertificate(bais); 142 this.tbt_cert = X509Certificate.getInstance(cert.getEncoded()); 143 144 // non self signed cert 145 this.javaCert = (java.security.cert.X509Certificate)cf 146 .generateCertificate(new ByteArrayInputStream(selfSignedCert.getBytes())); 147 this.javaxCert = X509Certificate.getInstance(javaCert.getEncoded()); 148 myProvider = cf.getProvider(); 149 Security.addProvider(myProvider); 150 151 // self signed cert 152 this.javaSSCert = cf.generateCertificate(new ByteArrayInputStream( 153 selfSignedCert.getBytes())); 154 this.javaxSSCert = X509Certificate.getInstance(javaCert 155 .getEncoded()); 156 mySSProvider = cf.getProvider(); 157 Security.addProvider(mySSProvider); 158 159 } catch (java.security.cert.CertificateException e) { 160 // The requested certificate type is not available. 161 // Test pass.. 162 this.cert = null; 163 Logger.global.warning("Error in test setup: Certificate type not supported"); 164 } catch (javax.security.cert.CertificateException e) { 165 // The requested certificate type is not available. 166 // Test pass.. 167 this.cert = null; 168 Logger.global.warning("Error in test setup: Certificate type not supported"); 169 } 170 } 171 172 /** 173 * X509Certificate() constructor testing. 174 * {@link X509Certificate#X509Certificate() } 175 */ 176 public void testConstructor() { 177 //Direct constructor, check if it throws an exception 178 X509Certificate cert = new MyCertificate(); 179 } 180 181 /** 182 * getInstance(InputStream inStream) method testing. 183 */ 184 public void testGetInstance1() { 185 if (this.cert == null) { 186 // The requested certificate type is not available. 187 // Test can not be applied. 188 return; 189 } 190 try { 191 ByteArrayInputStream bais = new ByteArrayInputStream(cert 192 .getEncoded()); 193 194 X509Certificate.getInstance(bais); 195 } catch (java.security.cert.CertificateEncodingException e) { 196 fail("Unexpected CertificateEncodingException was thrown."); 197 } catch (CertificateEncodingException e) { 198 fail("Unexpected CertificateEncodingException was thrown."); 199 } catch (CertificateException e) { 200 // The requested certificate type is not available. 201 // Test pass.. 202 } 203 204 // Regression for HARMONY-756 205 try { 206 X509Certificate.getInstance((InputStream) null); 207 fail("No expected CertificateException"); 208 } catch (CertificateException e) { 209 // expected; 210 } 211 } 212 213 /** 214 * getInstance(byte[] certData) method testing. 215 * @throws CertificateEncodingException 216 * @throws java.security.cert.CertificateEncodingException 217 */ 218 public void testGetInstance2() throws java.security.cert.CertificateEncodingException, CertificateEncodingException { 219 boolean certificateException = false; 220 X509Certificate c = null; 221 if (this.cert == null) { 222 // The requested certificate type is not available. 223 // Test can not be applied. 224 return; 225 } 226 try { 227 c = X509Certificate.getInstance(cert.getEncoded()); 228 } catch (java.security.cert.CertificateEncodingException e) { 229 fail("Unexpected CertificateEncodingException was thrown."); 230 } catch (CertificateException e) { 231 // The requested certificate type is not available. 232 // Test pass.. 233 certificateException = true; 234 235 } 236 237 if (! certificateException) { 238 assertNotNull(c); 239 assertTrue(Arrays.equals(c.getEncoded(),cert.getEncoded() )); 240 } 241 242 try { 243 X509Certificate.getInstance(new byte[]{(byte) 1 }); 244 } catch (CertificateException e) { 245 //ok 246 } 247 248 // Regression for HARMONY-756 249 try { 250 X509Certificate.getInstance((byte[]) null); 251 fail("No expected CertificateException"); 252 } catch (CertificateException e) { 253 // expected; 254 } 255 256 } 257 258 /** 259 * checkValidity() method testing. 260 * @throws CertificateNotYetValidException 261 * @throws CertificateExpiredException 262 * @throws java.security.cert.CertificateExpiredException 263 * @throws java.security.cert.CertificateNotYetValidException 264 */ 265 public void testCheckValidity1() throws CertificateExpiredException, CertificateNotYetValidException, java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException { 266 if (this.cert == null) { 267 // The requested certificate type is not available. 268 // Test can not be applied. 269 return; 270 } 271 Date date = new Date(); 272 Date nb_date = tbt_cert.getNotBefore(); 273 Date na_date = tbt_cert.getNotAfter(); 274 try { 275 tbt_cert.checkValidity(); 276 assertFalse("CertificateExpiredException expected", date 277 .compareTo(na_date) > 0); 278 assertFalse("CertificateNotYetValidException expected", date 279 .compareTo(nb_date) < 0); 280 } catch (CertificateExpiredException e) { 281 assertTrue("Unexpected CertificateExpiredException was thrown", 282 date.compareTo(na_date) > 0); 283 } catch (CertificateNotYetValidException e) { 284 assertTrue("Unexpected CertificateNotYetValidException was thrown", 285 date.compareTo(nb_date) < 0); 286 } 287 288 try { 289 tbt_cert.checkValidity(); 290 } catch (CertificateExpiredException e) { 291 // ok 292 } 293 294 try { 295 cert.checkValidity(); 296 } catch (java.security.cert.CertificateExpiredException e) { 297 // ok 298 } 299 300 } 301 302 /** 303 * checkValidity(Date date) method testing. 304 * @throws CertificateNotYetValidException 305 * @throws CertificateExpiredException 306 */ 307 public void testCheckValidity2() throws CertificateNotYetValidException, CertificateExpiredException { 308 if (this.cert == null) { 309 // The requested certificate type is not available. 310 // Test can not be applied. 311 return; 312 } 313 Date[] date = new Date[8]; 314 Calendar calendar = Calendar.getInstance(); 315 for (int i = 0; i < date.length; i++) { 316 calendar.set(i * 500, Calendar.JANUARY, 1); 317 date[i] = calendar.getTime(); 318 } 319 Date nb_date = tbt_cert.getNotBefore(); 320 Date na_date = tbt_cert.getNotAfter(); 321 for (int i = 0; i < date.length; i++) { 322 try { 323 tbt_cert.checkValidity(date[i]); 324 assertFalse("CertificateExpiredException expected", date[i] 325 .compareTo(na_date) > 0); 326 assertFalse("CertificateNotYetValidException expected", date[i] 327 .compareTo(nb_date) < 0); 328 } catch (CertificateExpiredException e) { 329 assertTrue("Unexpected CertificateExpiredException was thrown", 330 date[i].compareTo(na_date) > 0); 331 } catch (CertificateNotYetValidException e) { 332 assertTrue("Unexpected CertificateNotYetValidException " 333 + "was thrown", date[i].compareTo(nb_date) < 0); 334 } 335 } 336 337 Calendar calendarNow = Calendar.getInstance(); 338 339 try { 340 tbt_cert.checkValidity(calendarNow.getTime()); 341 } catch (CertificateExpiredException e) { 342 //ok 343 } 344 345 Calendar calendarPast = GregorianCalendar.getInstance(); 346 calendarPast.clear(); 347 348 try { 349 tbt_cert.checkValidity(calendarPast.getTime()); 350 } catch (CertificateNotYetValidException e) { 351 //ok 352 } 353 354 } 355 356 /** 357 * getVersion() method testing. 358 */ 359 public void testGetVersion() { 360 if (this.cert == null) { 361 // The requested certificate type is not available. 362 // Test can not be applied. 363 return; 364 } 365 assertEquals("The version is not correct.", tbt_cert.getVersion(), 2); 366 } 367 368 /** 369 * getSerialNumber() method testing. 370 */ 371 public void testGetSerialNumber() { 372 if (this.cert == null) { 373 // The requested certificate type is not available. 374 // Test can not be applied. 375 return; 376 } 377 assertEquals("The serial number is not correct.", tbt_cert 378 .getSerialNumber(), cert.getSerialNumber()); 379 } 380 381 /** 382 * getIssuerDN() method testing. 383 */ 384 public void testGetIssuerDN() { 385 if (this.cert == null) { 386 // The requested certificate type is not available. 387 // Test can not be applied. 388 Logger.global.warning("testGetIssuerDN: error in test setup."); 389 } 390 assertEquals("The issuer DN is not correct.", tbt_cert.getIssuerDN(), 391 cert.getIssuerDN()); 392 } 393 394 /** 395 * getSubjectDN() method testing. 396 */ 397 public void testGetSubjectDN() { 398 if (this.cert == null) { 399 // The requested certificate type is not available. 400 // Test can not be applied. 401 return; 402 } 403 assertEquals("The subject DN is not correct.", tbt_cert.getSubjectDN(), 404 cert.getSubjectDN()); 405 } 406 407 /** 408 * getNotBefore() method testing. 409 */ 410 public void testGetNotBefore() { 411 if (this.cert == null) { 412 // The requested certificate type is not available. 413 // Test can not be applied. 414 return; 415 } 416 assertEquals("The NotBefore date is not correct.", tbt_cert 417 .getNotBefore(), cert.getNotBefore()); 418 } 419 420 /** 421 * getNotAfter() method testing. 422 */ 423 public void testGetNotAfter() { 424 if (this.cert == null) { 425 // The requested certificate type is not available. 426 // Test can not be applied. 427 return; 428 } 429 assertEquals("The NotAfter date is not correct.", tbt_cert 430 .getNotAfter(), cert.getNotAfter()); 431 } 432 433 /** 434 * getSigAlgName() method testing. 435 */ 436 public void testGetSigAlgName() { 437 if (this.cert == null) { 438 // The requested certificate type is not available. 439 // Test can not be applied. 440 return; 441 } 442 assertEquals("The name of signature algorithm is not correct.", 443 tbt_cert.getSigAlgName(), cert.getSigAlgName()); 444 } 445 446 /** 447 * getSigAlgOID() method testing. 448 */ 449 public void testGetSigAlgOID() { 450 if (this.cert == null) { 451 // The requested certificate type is not available. 452 // Test can not be applied. 453 return; 454 } 455 assertEquals("The name of OID of signature algorithm is not correct.", 456 tbt_cert.getSigAlgOID(), cert.getSigAlgOID()); 457 } 458 459 /** 460 * getSigAlgParams() method testing. 461 */ 462 public void testGetSigAlgParams() { 463 if (this.cert == null) { 464 // The requested certificate type is not available. 465 // Test can not be applied. 466 return; 467 } 468 assertTrue("The byte array with encoded algorithm parameters " 469 + "is not correct.", Arrays.equals(tbt_cert.getSigAlgParams(), 470 cert.getSigAlgParams())); 471 } 472 473 /** 474 * The stub class used for testing of non abstract methods. 475 */ 476 private class MyCertificate extends X509Certificate { 477 478 public MyCertificate() { 479 super(); 480 } 481 482 @Override 483 public void checkValidity() throws CertificateExpiredException, 484 CertificateNotYetValidException { 485 } 486 487 @Override 488 public void checkValidity(Date arg0) 489 throws CertificateExpiredException, 490 CertificateNotYetValidException { 491 } 492 493 @Override 494 public Principal getIssuerDN() { 495 return null; 496 } 497 498 @Override 499 public Date getNotAfter() { 500 return null; 501 } 502 503 @Override 504 public Date getNotBefore() { 505 return null; 506 } 507 508 @Override 509 public BigInteger getSerialNumber() { 510 return null; 511 } 512 513 @Override 514 public String getSigAlgName() { 515 return null; 516 } 517 518 @Override 519 public String getSigAlgOID() { 520 return null; 521 } 522 523 @Override 524 public byte[] getSigAlgParams() { 525 return null; 526 } 527 528 @Override 529 public Principal getSubjectDN() { 530 return null; 531 } 532 533 @Override 534 public int getVersion() { 535 return 0; 536 } 537 538 @Override 539 public byte[] getEncoded() throws CertificateEncodingException { 540 return null; 541 } 542 543 @Override 544 public PublicKey getPublicKey() { 545 return null; 546 } 547 548 @Override 549 public String toString() { 550 return null; 551 } 552 553 @Override 554 public void verify(PublicKey key) throws CertificateException, 555 NoSuchAlgorithmException, InvalidKeyException, 556 NoSuchProviderException, SignatureException { 557 } 558 559 @Override 560 public void verify(PublicKey key, String sigProvider) 561 throws CertificateException, NoSuchAlgorithmException, 562 InvalidKeyException, NoSuchProviderException, 563 SignatureException { 564 } 565 } 566 567 public class MyModifiablePublicKey implements PublicKey { 568 569 private PublicKey key; 570 private boolean modifiedAlgo; 571 private String algo; 572 private String format; 573 private boolean modifiedFormat; 574 private boolean modifiedEncoding; 575 private byte[] encoding; 576 577 public MyModifiablePublicKey(PublicKey k) { 578 super(); 579 this.key = k; 580 } 581 582 public String getAlgorithm() { 583 if (modifiedAlgo) { 584 return algo; 585 } else { 586 return key.getAlgorithm(); 587 } 588 } 589 590 public String getFormat() { 591 if (modifiedFormat) { 592 return this.format; 593 } else { 594 return key.getFormat(); 595 } 596 597 } 598 599 public byte[] getEncoded() { 600 if (modifiedEncoding) { 601 return this.encoding; 602 } else { 603 return key.getEncoded(); 604 } 605 606 } 607 608 public long getSerVerUID() { 609 return key.serialVersionUID; 610 } 611 612 public void setAlgorithm(String myAlgo) { 613 modifiedAlgo = true; 614 this.algo = myAlgo; 615 } 616 617 public void setFormat(String myFormat) { 618 modifiedFormat = true; 619 format = myFormat; 620 } 621 622 public void setEncoding(byte[] myEncoded) { 623 modifiedEncoding = true; 624 encoding = myEncoded; 625 } 626 } 627 628 /** 629 * @throws CertificateEncodingException 630 * {@link Certificate#getEncoded()} 631 */ 632 public void testGetEncoded() 633 throws CertificateEncodingException, java.security.cert.CertificateException { 634 // cert = DER encoding of the ASN1.0 structure 635 assertTrue(Arrays.equals(cert.getEncoded(), tbt_cert.getEncoded())); 636 assertFalse(Arrays.equals(javaxCert.getEncoded(), tbt_cert.getEncoded())); 637 } 638 639 /** 640 * {@link Certificate#getPublicKey()} 641 */ 642 public void testGetPublicKey() { 643 PublicKey key = javaxCert.getPublicKey(); 644 assertNotNull(key); 645 assertEquals(javaxCert.getPublicKey(), javaCert.getPublicKey()); 646 assertEquals(key.getAlgorithm(),"RSA"); 647 648 key = javaxSSCert.getPublicKey(); 649 assertNotNull(key); 650 assertEquals(key.getAlgorithm(),"RSA"); 651 652 //assertTrue(mySSProvider.containsKey(key)); 653 654 } 655 656 /** 657 * @throws SignatureException 658 * @throws NoSuchProviderException 659 * @throws NoSuchAlgorithmException 660 * @throws InvalidKeyException 661 * @throws CertificateException 662 * {@link Certificate#verify(PublicKey)} 663 */ 664 @SideEffect("Destroys MD5 provider, hurts succeeding tests") 665 public void testVerifyPublicKey() throws InvalidKeyException, 666 NoSuchAlgorithmException, NoSuchProviderException, 667 SignatureException, CertificateException { 668 669 // Preconditions 670 assertNotNull(javaxCert.getPublicKey()); 671 assertNotNull(javaxSSCert.getPublicKey()); 672 //precondition for self signed certificates 673 /*assertEquals(((X509Certificate) javaxSSCert).getIssuerDN().getName(), 674 ((X509Certificate) javaxSSCert).getSubjectDN());*/ 675 676 // must always evaluate true for self signed 677 // here not self signed: 678 try { 679 javaxCert.verify(javaxCert.getPublicKey()); 680 } catch (SignatureException e) { 681 // ok 682 } 683 684 PublicKey k = javaxCert.getPublicKey(); 685 686 MyModifiablePublicKey changedEncoding = new MyModifiablePublicKey(k); 687 changedEncoding 688 .setEncoding(new byte[javaxCert.getEncoded().length - 1]); 689 690 try { 691 javaxCert.verify(tbt_cert.getPublicKey()); 692 } catch (InvalidKeyException e) { 693 // ok 694 } 695 696 697 try { 698 javaxCert.verify(null); 699 } catch (Exception e) { 700 // ok 701 } 702 703 try { 704 javaxCert.verify(changedEncoding); 705 fail("Exception expected"); 706 } catch (Exception e) { 707 // ok 708 } 709 710 // following test doesn't work because the algorithm is derived from 711 // somewhere else. 712 713 // MyModifiablePublicKey changedAlgo = new MyModifiablePublicKey(k); 714 // changedAlgo.setAlgorithm("MD5withBla"); 715 716 // try { 717 // javaxCert.verify(changedAlgo); 718 // fail("Exception expected"); 719 // } catch (SignatureException e) { 720 // // ok 721 // } 722 723 // Security.removeProvider(mySSProvider.getName()); 724 725 // try { 726 // javaxSSCert.verify(javaxSSCert.getPublicKey()); 727 // } catch (NoSuchProviderException e) { 728 // // ok 729 // } 730 731 // Security.addProvider(mySSProvider); 732 733 // must always evaluate true for self signed 734 // javaxSSCert.verify(javaxSSCert.getPublicKey()); 735 } 736 737 /** 738 * @throws SignatureException 739 * @throws NoSuchProviderException 740 * @throws NoSuchAlgorithmException 741 * @throws java.security.cert.CertificateException 742 * @throws InvalidKeyException 743 * @throws IOException 744 * @throws CertificateException 745 * {@link Certificate#verify(PublicKey, String)} 746 */ 747 @SideEffect("Destroys MD5 provider, hurts succeeding tests") 748 public void testVerifyPublicKeyString() throws InvalidKeyException, 749 java.security.cert.CertificateException, NoSuchAlgorithmException, 750 NoSuchProviderException, SignatureException, IOException, 751 CertificateException { 752 753 try { 754 javaxCert.verify(javaxCert.getPublicKey(), myProvider.getName()); 755 } catch (NoSuchAlgorithmException e) { 756 // ok 757 } 758 759 // myProvider.getService(type, algorithm) 760 761 Security.removeProvider(myProvider.getName()); 762 try { 763 javaxCert.verify(javaxCert.getPublicKey(), myProvider.getName()); 764 } catch (NoSuchProviderException e) { 765 // ok 766 } 767 Security.addProvider(myProvider); 768 769 Provider[] providers = Security.getProviders("Signature.MD5withRSA"); 770 if (providers == null || providers.length == 0) { 771 fail("no Provider for Signature.MD5withRSA"); 772 return; 773 } 774 775 // self signed cert: should verify with provider 776 try { 777 javaxSSCert.verify(javaxSSCert.getPublicKey(), 778 providers[0].getName()); 779 } catch (SignatureException e) { 780 fail("blu"); 781 } 782 783 } 784 785 public static Test suite() { 786 return new TestSuite(X509CertificateTest.class); 787 } 788 } 789
