1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package tests.security.cert; 19 20 import java.io.ByteArrayInputStream; 21 import java.io.IOException; 22 import java.math.BigInteger; 23 import java.security.InvalidAlgorithmParameterException; 24 import java.security.InvalidKeyException; 25 import java.security.NoSuchAlgorithmException; 26 import java.security.NoSuchProviderException; 27 import java.security.Principal; 28 import java.security.PublicKey; 29 import java.security.SignatureException; 30 import java.security.cert.CertPath; 31 import java.security.cert.CertPathBuilder; 32 import java.security.cert.CertPathBuilderException; 33 import java.security.cert.CertificateEncodingException; 34 import java.security.cert.CertificateException; 35 import java.security.cert.CertificateExpiredException; 36 import java.security.cert.CertificateFactory; 37 import java.security.cert.CertificateNotYetValidException; 38 import java.security.cert.CertificateParsingException; 39 import java.security.cert.PKIXBuilderParameters; 40 import java.security.cert.PKIXCertPathBuilderResult; 41 import java.security.cert.TrustAnchor; 42 import java.security.cert.X509CertSelector; 43 import java.security.cert.X509Certificate; 44 import java.util.ArrayList; 45 import java.util.Arrays; 46 import java.util.Calendar; 47 import java.util.Collection; 48 import java.util.Collections; 49 import java.util.Date; 50 import java.util.HashSet; 51 import java.util.Iterator; 52 import java.util.List; 53 import java.util.Set; 54 import javax.security.auth.x500.X500Principal; 55 import junit.framework.TestCase; 56 import org.apache.harmony.security.asn1.ASN1Boolean; 57 import org.apache.harmony.security.asn1.ASN1Integer; 58 import org.apache.harmony.security.asn1.ASN1OctetString; 59 import org.apache.harmony.security.asn1.ASN1Oid; 60 import org.apache.harmony.security.asn1.ASN1Sequence; 61 import org.apache.harmony.security.asn1.ASN1Type; 62 import org.apache.harmony.security.tests.support.TestKeyPair; 63 import org.apache.harmony.security.tests.support.cert.MyCRL; 64 import org.apache.harmony.security.tests.support.cert.TestUtils; 65 import org.apache.harmony.security.x501.Name; 66 import org.apache.harmony.security.x509.CertificatePolicies; 67 import org.apache.harmony.security.x509.GeneralName; 68 import org.apache.harmony.security.x509.GeneralNames; 69 import org.apache.harmony.security.x509.NameConstraints; 70 import org.apache.harmony.security.x509.ORAddress; 71 import org.apache.harmony.security.x509.OtherName; 72 import org.apache.harmony.security.x509.PolicyInformation; 73 import org.apache.harmony.security.x509.PrivateKeyUsagePeriod; 74 75 /** 76 * X509CertSelectorTest 77 */ 78 public class X509CertSelectorTest extends TestCase { 79 80 byte[][] constraintBytes = new byte[][] { 81 { 82 48, 34, -96, 15, 48, 13, -127, 8, 56, 50, 50, 46, 78, 83 97, 109, 101, -128, 1, 0, -95, 15, 48, 13, -127, 8, 56, 84 50, 50, 46, 78, 97, 109, 101, -128, 1, 0}, 85 { 86 48, 42, -96, 19, 48, 17, -127, 12, 114, 102, 99, 64, 87 56, 50, 50, 46, 78, 97, 109, 101, -128, 1, 0, -95, 19, 88 48, 17, -127, 12, 114, 102, 99, 64, 56, 50, 50, 46, 78, 89 97, 109, 101, -128, 1, 0}, 90 { 91 48, 34, -96, 15, 48, 13, -126, 8, 78, 97, 109, 101, 46, 92 111, 114, 103, -128, 1, 0, -95, 15, 48, 13, -126, 8, 93 78, 97, 109, 101, 46, 111, 114, 103, -128, 1, 0}, 94 { 95 48, 42, -96, 19, 48, 17, -126, 12, 100, 78, 83, 46, 78, 96 97, 109, 101, 46, 111, 114, 103, -128, 1, 0, -95, 19, 97 48, 17, -126, 12, 100, 78, 83, 46, 78, 97, 109, 101, 98 46, 111, 114, 103, -128, 1, 0}, 99 { 100 48, 54, -96, 25, 48, 23, -122, 18, 104, 116, 116, 112, 101 58, 47, 47, 82, 101, 115, 111, 117, 114, 99, 101, 46, 102 73, 100, -128, 1, 0, -95, 25, 48, 23, -122, 18, 104, 103 116, 116, 112, 58, 47, 47, 82, 101, 115, 111, 117, 114, 104 99, 101, 46, 73, 100, -128, 1, 0}, 105 { 106 48, 70, -96, 33, 48, 31, -122, 26, 104, 116, 116, 112, 107 58, 47, 47, 117, 110, 105, 102, 111, 114, 109, 46, 82, 108 101, 115, 111, 117, 114, 99, 101, 46, 73, 100, -128, 1, 109 0, -95, 33, 48, 31, -122, 26, 104, 116, 116, 112, 58, 110 47, 47, 117, 110, 105, 102, 111, 114, 109, 46, 82, 101, 111 115, 111, 117, 114, 99, 101, 46, 73, 100, -128, 1, 0}, 112 { 113 48, 26, -96, 11, 48, 9, -121, 4, 1, 1, 1, 1, -128, 1, 114 0, -95, 11, 48, 9, -121, 4, 1, 1, 1, 1, -128, 1, 0}, 115 { 116 48, 50, -96, 23, 48, 21, -121, 16, 1, 1, 1, 1, 1, 1, 1, 117 1, 1, 1, 1, 1, 1, 1, 1, 1, -128, 1, 0, -95, 23, 48, 21, 118 -121, 16, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 119 1, -128, 1, 0}}; 120 121 /** 122 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[]) 123 */ 124 public void test_addSubjectAlternativeNameLintLbyte_array() throws IOException { 125 // Regression for HARMONY-2487 126 int[] types = { GeneralName.OTHER_NAME, 127 GeneralName.RFC822_NAME, 128 GeneralName.DNS_NAME, 129 GeneralName.X400_ADDR, 130 GeneralName.DIR_NAME, 131 GeneralName.EDIP_NAME, 132 GeneralName.UR_ID, 133 GeneralName.IP_ADDR, 134 GeneralName.REG_ID }; 135 for (int i = 0; i < types.length; i++) { 136 try { 137 new X509CertSelector().addSubjectAlternativeName(types[i], 138 (byte[]) null); 139 fail("No expected NullPointerException for type: " + types[i]); 140 } catch (NullPointerException expected) { 141 } 142 } 143 } 144 145 /** 146 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String) 147 */ 148 public void test_addSubjectAlternativeNameLintLjava_lang_String() { 149 // Regression for HARMONY-727 150 int[] types = { GeneralName.OTHER_NAME, 151 // GeneralName.RFC822_NAME, 152 GeneralName.DNS_NAME, 153 GeneralName.X400_ADDR, 154 GeneralName.DIR_NAME, 155 GeneralName.EDIP_NAME, 156 GeneralName.UR_ID, 157 GeneralName.IP_ADDR, 158 GeneralName.REG_ID }; 159 for (int i = 0; i < types.length; i++) { 160 try { 161 new X509CertSelector().addSubjectAlternativeName(types[i], 162 "-0xDFRF"); 163 fail("IOException expected for type: " + types[i]); 164 } catch (IOException expected) { 165 } 166 } 167 } 168 169 /** 170 * java.security.cert.X509CertSelector#addPathToName(int, byte[]) 171 */ 172 public void test_addPathToNameLintLbyte_array() throws IOException { 173 // Regression for HARMONY-2487 174 int[] types = { GeneralName.OTHER_NAME, 175 GeneralName.RFC822_NAME, 176 GeneralName.DNS_NAME, 177 GeneralName.X400_ADDR, 178 GeneralName.DIR_NAME, 179 GeneralName.EDIP_NAME, 180 GeneralName.UR_ID, 181 GeneralName.IP_ADDR, 182 GeneralName.REG_ID }; 183 for (int i = 0; i < types.length; i++) { 184 try { 185 new X509CertSelector().addPathToName(types[i], (byte[]) null); 186 fail("No expected NullPointerException for type: " + types[i]); 187 } catch (NullPointerException expected) { 188 } 189 } 190 } 191 192 /** 193 * java.security.cert.X509CertSelector#addPathToName(int, String) 194 */ 195 public void test_addPathToNameLintLjava_lang_String() { 196 // Regression for HARMONY-724 197 for (int type = 0; type <= 8; type++) { 198 try { 199 new X509CertSelector().addPathToName(type, (String) null); 200 fail(); 201 } catch (IOException expected) { 202 } 203 } 204 205 206 } 207 208 /** 209 * java.security.cert.X509CertSelector#X509CertSelector() 210 */ 211 public void test_X509CertSelector() { 212 X509CertSelector selector = new X509CertSelector(); 213 assertEquals(-1, selector.getBasicConstraints()); 214 assertTrue(selector.getMatchAllSubjectAltNames()); 215 } 216 217 /** 218 * java.security.cert.X509CertSelector#clone() 219 */ 220 public void test_clone() throws Exception { 221 X509CertSelector selector = new X509CertSelector(); 222 X509CertSelector selector1 = (X509CertSelector) selector.clone(); 223 224 assertEquals(selector.getMatchAllSubjectAltNames(), selector1.getMatchAllSubjectAltNames()); 225 assertEquals(selector.getAuthorityKeyIdentifier(), selector1.getAuthorityKeyIdentifier()); 226 assertEquals(selector.getBasicConstraints(), selector1.getBasicConstraints()); 227 assertEquals(selector.getCertificate(), selector1.getCertificate()); 228 assertEquals(selector.getCertificateValid(), selector1.getCertificateValid()); 229 assertEquals(selector.getExtendedKeyUsage(), selector1.getExtendedKeyUsage()); 230 assertEquals(selector.getIssuer(), selector1.getIssuer()); 231 assertEquals(selector.getIssuerAsBytes(), selector1.getIssuerAsBytes()); 232 assertEquals(selector.getIssuerAsString(), selector1.getIssuerAsString()); 233 assertEquals(selector.getKeyUsage(), selector1.getKeyUsage()); 234 assertEquals(selector.getNameConstraints(), selector1.getNameConstraints()); 235 assertEquals(selector.getPathToNames(), selector1.getPathToNames()); 236 assertEquals(selector.getPolicy(), selector1.getPolicy()); 237 assertEquals(selector.getPrivateKeyValid(), selector1.getPrivateKeyValid()); 238 assertEquals(selector.getSerialNumber(), selector1.getSerialNumber()); 239 assertEquals(selector.getSubject(), selector1.getSubject()); 240 assertEquals(selector.getSubjectAlternativeNames(), selector1.getSubjectAlternativeNames()); 241 assertEquals(selector.getSubjectAsBytes(), selector1.getSubjectAsBytes()); 242 assertEquals(selector.getSubjectAsString(), selector1.getSubjectAsString()); 243 assertEquals(selector.getSubjectKeyIdentifier(), selector1.getSubjectKeyIdentifier()); 244 assertEquals(selector.getSubjectPublicKey(), selector1.getSubjectPublicKey()); 245 assertEquals(selector.getSubjectPublicKeyAlgID(), selector1.getSubjectPublicKeyAlgID()); 246 247 selector = null; 248 try { 249 selector.clone(); 250 fail(); 251 } catch (NullPointerException expected) { 252 } 253 } 254 255 /** 256 * java.security.cert.X509CertSelector#getAuthorityKeyIdentifier() 257 */ 258 public void test_getAuthorityKeyIdentifier() { 259 byte[] akid1 = new byte[] { 4, 5, 1, 2, 3, 4, 5 }; // random value 260 byte[] akid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value 261 X509CertSelector selector = new X509CertSelector(); 262 263 assertNull("Selector should return null", 264 selector.getAuthorityKeyIdentifier()); 265 assertFalse("The returned keyID should be equal to specified", 266 Arrays.equals(akid1, selector.getAuthorityKeyIdentifier())); 267 selector.setAuthorityKeyIdentifier(akid1); 268 assertTrue("The returned keyID should be equal to specified", 269 Arrays.equals(akid1, selector.getAuthorityKeyIdentifier())); 270 assertFalse("The returned keyID should differ", 271 Arrays.equals(akid2, selector.getAuthorityKeyIdentifier())); 272 } 273 274 /** 275 * java.security.cert.X509CertSelector#getBasicConstraints() 276 */ 277 public void test_getBasicConstraints() { 278 X509CertSelector selector = new X509CertSelector(); 279 int[] validValues = { 2, 1, 0, 1, 2, 3, 10, 20 }; 280 for (int i = 0; i < validValues.length; i++) { 281 selector.setBasicConstraints(validValues[i]); 282 assertEquals(validValues[i], selector.getBasicConstraints()); 283 } 284 } 285 286 /** 287 * java.security.cert.X509CertSelector#getCertificate() 288 */ 289 public void test_getCertificate() throws Exception { 290 X509CertSelector selector = new X509CertSelector(); 291 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 292 X509Certificate cert1 = (X509Certificate) 293 certFact.generateCertificate(new ByteArrayInputStream( 294 TestUtils.getX509Certificate_v3())); 295 296 X509Certificate cert2 = (X509Certificate) 297 certFact.generateCertificate(new ByteArrayInputStream( 298 TestUtils.getX509Certificate_v1())); 299 300 selector.setCertificate(cert1); 301 assertEquals(cert1, selector.getCertificate()); 302 303 selector.setCertificate(cert2); 304 assertEquals(cert2, selector.getCertificate()); 305 306 selector.setCertificate(null); 307 assertNull(selector.getCertificate()); 308 } 309 310 /** 311 * java.security.cert.X509CertSelector#getCertificateValid() 312 */ 313 public void test_getCertificateValid() { 314 Date date1 = new Date(100); 315 Date date2 = new Date(200); 316 Date date3 = Calendar.getInstance().getTime(); 317 X509CertSelector selector = new X509CertSelector(); 318 319 assertNull("Selector should return null", 320 selector.getCertificateValid()); 321 selector.setCertificateValid(date1); 322 assertTrue("The returned date should be equal to specified", 323 date1.equals(selector.getCertificateValid())); 324 selector.getCertificateValid().setTime(200); 325 assertTrue("The returned date should be equal to specified", 326 date1.equals(selector.getCertificateValid())); 327 assertFalse("The returned date should differ", 328 date2.equals(selector.getCertificateValid())); 329 selector.setCertificateValid(date3); 330 assertTrue("The returned date should be equal to specified", 331 date3.equals(selector.getCertificateValid())); 332 selector.setCertificateValid(null); 333 assertNull(selector.getCertificateValid()); 334 } 335 336 /** 337 * java.security.cert.X509CertSelector#getExtendedKeyUsage() 338 */ 339 public void test_getExtendedKeyUsage() throws Exception { 340 HashSet<String> ku = new HashSet<String>(Arrays.asList(new String[] { 341 "1.3.6.1.5.5.7.3.1", 342 "1.3.6.1.5.5.7.3.2", 343 "1.3.6.1.5.5.7.3.3", 344 "1.3.6.1.5.5.7.3.4", 345 "1.3.6.1.5.5.7.3.8", 346 "1.3.6.1.5.5.7.3.9", 347 "1.3.6.1.5.5.7.3.5", 348 "1.3.6.1.5.5.7.3.6", 349 "1.3.6.1.5.5.7.3.7" 350 })); 351 X509CertSelector selector = new X509CertSelector(); 352 353 assertNull("Selector should return null", selector.getExtendedKeyUsage()); 354 selector.setExtendedKeyUsage(ku); 355 assertTrue("The returned extendedKeyUsage should be equal to specified", 356 ku.equals(selector.getExtendedKeyUsage())); 357 try { 358 selector.getExtendedKeyUsage().add("KRIBLEGRABLI"); 359 fail("The returned Set should be immutable."); 360 } catch (UnsupportedOperationException expected) { 361 } 362 } 363 364 /** 365 * java.security.cert.X509CertSelector#getIssuer() 366 */ 367 public void test_getIssuer() { 368 X500Principal iss1 = new X500Principal("O=First Org."); 369 X500Principal iss2 = new X500Principal("O=Second Org."); 370 X509CertSelector selector = new X509CertSelector(); 371 372 assertNull("Selector should return null", selector.getIssuer()); 373 selector.setIssuer(iss1); 374 assertEquals("The returned issuer should be equal to specified", 375 iss1, selector.getIssuer()); 376 assertFalse("The returned issuer should differ", 377 iss2.equals(selector.getIssuer())); 378 } 379 380 /** 381 * java.security.cert.X509CertSelector#getIssuerAsBytes() 382 */ 383 public void test_getIssuerAsBytes() throws Exception { 384 byte[] name1 = new byte[] 385 // manually obtained DER encoding of "O=First Org." issuer name; 386 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 387 116, 32, 79, 114, 103, 46 }; 388 389 byte[] name2 = new byte[] 390 // manually obtained DER encoding of "O=Second Org." issuer name; 391 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 392 110, 100, 32, 79, 114, 103, 46 }; 393 X500Principal iss1 = new X500Principal(name1); 394 X500Principal iss2 = new X500Principal(name2); 395 X509CertSelector selector = new X509CertSelector(); 396 397 assertNull("Selector should return null", selector.getIssuerAsBytes()); 398 selector.setIssuer(iss1); 399 assertTrue("The returned issuer should be equal to specified", 400 Arrays.equals(name1, selector.getIssuerAsBytes())); 401 assertFalse("The returned issuer should differ", name2.equals(selector.getIssuerAsBytes())); 402 selector.setIssuer(iss2); 403 assertTrue("The returned issuer should be equal to specified", 404 Arrays.equals(name2, selector.getIssuerAsBytes())); 405 } 406 407 /** 408 * java.security.cert.X509CertSelector#getIssuerAsString() 409 */ 410 public void test_getIssuerAsString() { 411 String name1 = "O=First Org."; 412 String name2 = "O=Second Org."; 413 X500Principal iss1 = new X500Principal(name1); 414 X500Principal iss2 = new X500Principal(name2); 415 X509CertSelector selector = new X509CertSelector(); 416 417 assertNull("Selector should return null", selector.getIssuerAsString()); 418 selector.setIssuer(iss1); 419 assertEquals("The returned issuer should be equal to specified", name1, 420 selector.getIssuerAsString()); 421 assertFalse("The returned issuer should differ", 422 name2.equals(selector.getIssuerAsString())); 423 selector.setIssuer(iss2); 424 assertEquals("The returned issuer should be equal to specified", name2, 425 selector.getIssuerAsString()); 426 } 427 428 /** 429 * java.security.cert.X509CertSelector#getKeyUsage() 430 */ 431 public void test_getKeyUsage() { 432 boolean[] ku = new boolean[] { true, false, true, false, true, false, 433 true, false, true }; 434 X509CertSelector selector = new X509CertSelector(); 435 436 assertNull("Selector should return null", selector.getKeyUsage()); 437 selector.setKeyUsage(ku); 438 assertTrue("The returned date should be equal to specified", 439 Arrays.equals(ku, selector.getKeyUsage())); 440 boolean[] result = selector.getKeyUsage(); 441 result[0] = !result[0]; 442 assertTrue("The returned keyUsage should be equal to specified", 443 Arrays.equals(ku, selector.getKeyUsage())); 444 } 445 446 /** 447 * java.security.cert.X509CertSelector#getMatchAllSubjectAltNames() 448 */ 449 public void test_getMatchAllSubjectAltNames() { 450 X509CertSelector selector = new X509CertSelector(); 451 assertTrue("The matchAllNames initially should be true", 452 selector.getMatchAllSubjectAltNames()); 453 selector.setMatchAllSubjectAltNames(false); 454 assertFalse("The value should be false", 455 selector.getMatchAllSubjectAltNames()); 456 } 457 458 /** 459 * java.security.cert.X509CertSelector#getNameConstraints() 460 */ 461 public void test_getNameConstraints() throws IOException { 462 463 // Used to generate following byte array 464 // GeneralName[] name_constraints = new GeneralName[] { 465 // new GeneralName(1, "822.Name"), 466 // new GeneralName(1, "rfc (at) 822.Name"), 467 // new GeneralName(2, "Name.org"), 468 // new GeneralName(2, "dNS.Name.org"), 469 // 470 // new GeneralName(6, "http://Resource.Id"), 471 // new GeneralName(6, "http://uniform.Resource.Id"), 472 // new GeneralName(7, "1.1.1.1"), 473 // 474 // new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 475 // 1, 1, 1, 1, 1 }), }; 476 // 477 // constraintBytes = new byte[name_constraints.length][]; 478 // 479 // for (int i = 0; i < name_constraints.length; i++) { 480 // GeneralSubtree subtree = new GeneralSubtree(name_constraints[i]); 481 // GeneralSubtrees subtrees = new GeneralSubtrees(); 482 // subtrees.addSubtree(subtree); 483 // NameConstraints constraints = new NameConstraints(subtrees, 484 // subtrees); 485 // constraintBytes[i] = constraints.getEncoded(); 486 // } 487 // System.out.println("XXX"+Arrays.deepToString(constraintBytes)+"XXX"); 488 489 X509CertSelector selector = new X509CertSelector(); 490 491 for (int i = 0; i < constraintBytes.length; i++) { 492 selector.setNameConstraints(constraintBytes[i]); 493 assertTrue(Arrays.equals(constraintBytes[i], 494 selector.getNameConstraints())); 495 } 496 } 497 498 /** 499 * java.security.cert.X509CertSelector#getPathToNames() 500 */ 501 public void test_getPathToNames() throws Exception { 502 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", 503 new byte[] { 1, 2, 0, 1 })); 504 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 505 GeneralName san2 = new GeneralName(2, "dNSName"); 506 GeneralName san3 = new GeneralName(new ORAddress()); 507 GeneralName san4 = new GeneralName(new Name("O=Organization")); 508 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 509 GeneralName san7 = new GeneralName(7, "1.1.1.1"); 510 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 511 512 GeneralNames sans1 = new GeneralNames(); 513 sans1.addName(san0); 514 sans1.addName(san1); 515 sans1.addName(san2); 516 sans1.addName(san3); 517 sans1.addName(san4); 518 sans1.addName(san6); 519 sans1.addName(san7); 520 sans1.addName(san8); 521 GeneralNames sans2 = new GeneralNames(); 522 sans2.addName(san0); 523 524 TestCert cert1 = new TestCert(sans1); 525 TestCert cert2 = new TestCert(sans2); 526 X509CertSelector selector = new X509CertSelector(); 527 selector.setMatchAllSubjectAltNames(true); 528 529 selector.setPathToNames(null); 530 assertTrue("Any certificate should match in the case of null " 531 + "subjectAlternativeNames criteria.", 532 selector.match(cert1) && selector.match(cert2)); 533 534 Collection<List<?>> sans = sans1.getPairsList(); 535 536 selector.setPathToNames(sans); 537 selector.getPathToNames(); 538 } 539 540 /** 541 * java.security.cert.X509CertSelector#getPolicy() 542 */ 543 public void test_getPolicy() throws IOException { 544 String[] policies1 = new String[] { 545 "1.3.6.1.5.5.7.3.1", 546 "1.3.6.1.5.5.7.3.2", 547 "1.3.6.1.5.5.7.3.3", 548 "1.3.6.1.5.5.7.3.4", 549 "1.3.6.1.5.5.7.3.8", 550 "1.3.6.1.5.5.7.3.9", 551 "1.3.6.1.5.5.7.3.5", 552 "1.3.6.1.5.5.7.3.6", 553 "1.3.6.1.5.5.7.3.7" 554 }; 555 556 String[] policies2 = new String[] { "1.3.6.7.3.1" }; 557 558 HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1)); 559 HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2)); 560 561 X509CertSelector selector = new X509CertSelector(); 562 563 selector.setPolicy(null); 564 assertNull(selector.getPolicy()); 565 566 selector.setPolicy(p1); 567 assertEquals("The returned date should be equal to specified", p1, selector.getPolicy()); 568 569 selector.setPolicy(p2); 570 assertEquals("The returned date should be equal to specified", p2, selector.getPolicy()); 571 } 572 573 /** 574 * java.security.cert.X509CertSelector#getPrivateKeyValid() 575 */ 576 public void test_getPrivateKeyValid() { 577 Date date1 = new Date(100); 578 Date date2 = new Date(200); 579 X509CertSelector selector = new X509CertSelector(); 580 581 assertNull("Selector should return null", selector.getPrivateKeyValid()); 582 selector.setPrivateKeyValid(date1); 583 assertTrue("The returned date should be equal to specified", 584 date1.equals(selector.getPrivateKeyValid())); 585 selector.getPrivateKeyValid().setTime(200); 586 assertTrue("The returned date should be equal to specified", 587 date1.equals(selector.getPrivateKeyValid())); 588 assertFalse("The returned date should differ", 589 date2.equals(selector.getPrivateKeyValid())); 590 } 591 592 /** 593 * java.security.cert.X509CertSelector#getSerialNumber() 594 */ 595 public void test_getSerialNumber() { 596 BigInteger ser1 = new BigInteger("10000"); 597 BigInteger ser2 = new BigInteger("10001"); 598 X509CertSelector selector = new X509CertSelector(); 599 600 assertNull("Selector should return null", selector.getSerialNumber()); 601 selector.setSerialNumber(ser1); 602 assertEquals("The returned serial number should be equal to specified", 603 ser1, selector.getSerialNumber()); 604 assertFalse("The returned serial number should differ", 605 ser2.equals(selector.getSerialNumber())); 606 } 607 608 /** 609 * java.security.cert.X509CertSelector#getSubject() 610 */ 611 public void test_getSubject() { 612 X500Principal sub1 = new X500Principal("O=First Org."); 613 X500Principal sub2 = new X500Principal("O=Second Org."); 614 X509CertSelector selector = new X509CertSelector(); 615 616 assertNull("Selector should return null", selector.getSubject()); 617 selector.setSubject(sub1); 618 assertEquals("The returned subject should be equal to specified", sub1, 619 selector.getSubject()); 620 assertFalse("The returned subject should differ", 621 sub2.equals(selector.getSubject())); 622 } 623 624 /** 625 * java.security.cert.X509CertSelector#getSubjectAlternativeNames() 626 */ 627 public void test_getSubjectAlternativeNames() throws Exception { 628 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 629 GeneralName san2 = new GeneralName(2, "dNSName"); 630 631 GeneralNames sans = new GeneralNames(); 632 sans.addName(san1); 633 sans.addName(san2); 634 635 TestCert cert_1 = new TestCert(sans); 636 X509CertSelector selector = new X509CertSelector(); 637 638 assertNull("Selector should return null", 639 selector.getSubjectAlternativeNames()); 640 641 selector.setSubjectAlternativeNames(sans.getPairsList()); 642 assertTrue("The certificate should match the selection criteria.", 643 selector.match(cert_1)); 644 selector.getSubjectAlternativeNames().clear(); 645 assertTrue("The modification of initialization object " 646 + "should not affect the modification " 647 + "of internal object.", 648 selector.match(cert_1)); 649 } 650 651 /** 652 * java.security.cert.X509CertSelector#getSubjectAsBytes() 653 */ 654 public void test_getSubjectAsBytes() throws Exception { 655 byte[] name1 = new byte[] 656 // manually obtained DER encoding of "O=First Org." issuer name; 657 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 658 116, 32, 79, 114, 103, 46 }; 659 byte[] name2 = new byte[] 660 // manually obtained DER encoding of "O=Second Org." issuer name; 661 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 662 110, 100, 32, 79, 114, 103, 46 }; 663 664 X500Principal sub1 = new X500Principal(name1); 665 X500Principal sub2 = new X500Principal(name2); 666 X509CertSelector selector = new X509CertSelector(); 667 668 assertNull("Selector should return null", 669 selector.getSubjectAsBytes()); 670 selector.setSubject(sub1); 671 assertTrue("The returned issuer should be equal to specified", 672 Arrays.equals(name1, selector.getSubjectAsBytes())); 673 assertFalse("The returned issuer should differ", 674 name2.equals(selector.getSubjectAsBytes())); 675 selector.setSubject(sub2); 676 assertTrue("The returned issuer should be equal to specified", 677 Arrays.equals(name2, selector.getSubjectAsBytes())); 678 } 679 680 /** 681 * java.security.cert.X509CertSelector#getSubjectAsString() 682 */ 683 public void test_getSubjectAsString() { 684 String name1 = "O=First Org."; 685 String name2 = "O=Second Org."; 686 X500Principal sub1 = new X500Principal(name1); 687 X500Principal sub2 = new X500Principal(name2); 688 X509CertSelector selector = new X509CertSelector(); 689 690 assertNull("Selector should return null", selector.getSubjectAsString()); 691 selector.setSubject(sub1); 692 assertEquals("The returned subject should be equal to specified", 693 name1, selector.getSubjectAsString()); 694 assertFalse("The returned subject should differ", 695 name2.equals(selector.getSubjectAsString())); 696 selector.setSubject(sub2); 697 assertEquals("The returned subject should be equal to specified", 698 name2, selector.getSubjectAsString()); 699 } 700 701 /** 702 * java.security.cert.X509CertSelector#getSubjectKeyIdentifier() 703 */ 704 public void test_getSubjectKeyIdentifier() { 705 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 706 byte[] skid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value 707 X509CertSelector selector = new X509CertSelector(); 708 709 assertNull("Selector should return null", selector.getSubjectKeyIdentifier()); 710 selector.setSubjectKeyIdentifier(skid1); 711 assertTrue("The returned keyID should be equal to specified", 712 Arrays.equals(skid1, selector.getSubjectKeyIdentifier())); 713 selector.getSubjectKeyIdentifier()[0]++; 714 assertTrue("The returned keyID should be equal to specified", 715 Arrays.equals(skid1, selector.getSubjectKeyIdentifier())); 716 assertFalse("The returned keyID should differ", 717 Arrays.equals(skid2, selector.getSubjectKeyIdentifier())); 718 } 719 720 /** 721 * java.security.cert.X509CertSelector#getSubjectPublicKey() 722 */ 723 public void test_getSubjectPublicKey() throws Exception { 724 725 // SubjectPublicKeyInfo ::= SEQUENCE { 726 // algorithm AlgorithmIdentifier, 727 // subjectPublicKey BIT STRING } 728 byte[] enc = { 0x30, 0x0E, // SEQUENCE 729 0x30, 0x07, // SEQUENCE 730 0x06, 0x02, 0x03, 0x05,// OID 731 0x01, 0x01, 0x07, // ANY 732 0x03, 0x03, 0x01, 0x01, 0x06, // subjectPublicKey 733 }; 734 735 X509CertSelector selector = new X509CertSelector(); 736 737 selector.setSubjectPublicKey(enc); 738 PublicKey key = selector.getSubjectPublicKey(); 739 assertEquals("0.3.5", key.getAlgorithm()); 740 assertEquals("X.509", key.getFormat()); 741 assertTrue(Arrays.equals(enc, key.getEncoded())); 742 assertNotNull(key.toString()); 743 744 key = new MyPublicKey(); 745 746 selector.setSubjectPublicKey(key); 747 PublicKey keyActual = selector.getSubjectPublicKey(); 748 assertEquals(key, keyActual); 749 assertEquals(key.getAlgorithm(), keyActual.getAlgorithm()); 750 } 751 752 /** 753 * java.security.cert.X509CertSelector#getSubjectPublicKeyAlgID() 754 */ 755 public void test_getSubjectPublicKeyAlgID() throws Exception { 756 757 X509CertSelector selector = new X509CertSelector(); 758 String[] validOIDs = { "0.0.20", "1.25.0", "2.0.39", "0.2.10", "1.35.15", "2.17.89" }; 759 760 assertNull("Selector should return null", selector.getSubjectPublicKeyAlgID()); 761 762 for (int i = 0; i < validOIDs.length; i++) { 763 try { 764 selector.setSubjectPublicKeyAlgID(validOIDs[i]); 765 assertEquals(validOIDs[i], selector.getSubjectPublicKeyAlgID()); 766 } catch (IOException e) { 767 System.out.println("t = " + e.getMessage()); 768 //fail("Unexpected exception " + e.getMessage()); 769 } 770 } 771 772 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA encryption 773 String pkaid2 = "1.2.840.113549.1.1.4"; // MD5 with RSA encryption 774 775 selector.setSubjectPublicKeyAlgID(pkaid1); 776 assertTrue("The returned oid should be equal to specified", 777 pkaid1.equals(selector.getSubjectPublicKeyAlgID())); 778 assertFalse("The returned oid should differ", 779 pkaid2.equals(selector.getSubjectPublicKeyAlgID())); 780 } 781 782 /** 783 * java.security.cert.X509CertSelector#match(java.security.cert.Certificate) 784 */ 785 public void test_matchLjava_security_cert_Certificate() throws Exception { 786 X509CertSelector selector = new X509CertSelector(); 787 assertFalse(selector.match(null)); 788 789 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 790 X509Certificate cert1 = (X509Certificate) 791 certFact.generateCertificate(new ByteArrayInputStream( 792 TestUtils.getX509Certificate_v3())); 793 794 X509Certificate cert2 = (X509Certificate) 795 certFact.generateCertificate(new ByteArrayInputStream( 796 TestUtils.getX509Certificate_v1())); 797 798 selector.setCertificate(cert1); 799 assertTrue(selector.match(cert1)); 800 assertFalse(selector.match(cert2)); 801 802 selector.setCertificate(cert2); 803 assertFalse(selector.match(cert1)); 804 assertTrue(selector.match(cert2)); 805 } 806 807 /** 808 * java.security.cert.X509CertSelector#setAuthorityKeyIdentifier(byte[]) 809 */ 810 public void test_setAuthorityKeyIdentifierLB$() throws Exception { 811 X509CertSelector selector = new X509CertSelector(); 812 813 byte[] akid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 814 byte[] akid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value 815 TestCert cert1 = new TestCert(akid1); 816 TestCert cert2 = new TestCert(akid2); 817 818 selector.setAuthorityKeyIdentifier(null); 819 assertTrue("The certificate should match the selection criteria.", 820 selector.match(cert1)); 821 assertTrue("The certificate should match the selection criteria.", 822 selector.match(cert2)); 823 assertNull(selector.getAuthorityKeyIdentifier()); 824 825 selector.setAuthorityKeyIdentifier(akid1); 826 assertTrue("The certificate should not match the selection criteria.", 827 selector.match(cert1)); 828 assertFalse("The certificate should not match the selection criteria.", 829 selector.match(cert2)); 830 selector.setAuthorityKeyIdentifier(akid2); 831 assertFalse("The certificate should not match the selection criteria.", 832 selector.match(cert1)); 833 assertTrue("The certificate should not match the selection criteria.", 834 selector.match(cert2)); 835 836 akid2[0]++; 837 assertTrue("The certificate should match the selection criteria.", 838 selector.match(cert2)); 839 } 840 841 /** 842 * java.security.cert.X509CertSelector#setBasicConstraints(int) 843 */ 844 public void test_setBasicConstraintsLint() { 845 X509CertSelector selector = new X509CertSelector(); 846 int[] invalidValues = { -3, -4, -5, 1000000000 }; 847 for (int i = 0; i < invalidValues.length; i++) { 848 try { 849 selector.setBasicConstraints(-3); 850 } catch (IllegalArgumentException expected) { 851 } 852 } 853 854 int[] validValues = { -2, -1, 0, 1, 2, 3, 10, 20 }; 855 for (int i = 0; i < validValues.length; i++) { 856 selector.setBasicConstraints(validValues[i]); 857 assertEquals(validValues[i], selector.getBasicConstraints()); 858 } 859 } 860 861 /** 862 * java.security.cert.X509CertSelector#setCertificate(java.security.cert.Certificate) 863 */ 864 public void test_setCertificateLjava_security_cert_X509Certificate() 865 throws Exception { 866 867 TestCert cert1 = new TestCert("same certificate"); 868 TestCert cert2 = new TestCert("other certificate"); 869 X509CertSelector selector = new X509CertSelector(); 870 871 selector.setCertificate(null); 872 assertTrue("Any certificates should match in the case of null " 873 + "certificateEquals criteria.", 874 selector.match(cert1) && selector.match(cert2)); 875 selector.setCertificate(cert1); 876 assertTrue("The certificate should match the selection criteria.", 877 selector.match(cert1)); 878 assertFalse("The certificate should not match the selection criteria.", 879 selector.match(cert2)); 880 selector.setCertificate(cert2); 881 assertTrue("The certificate should match the selection criteria.", 882 selector.match(cert2)); 883 selector.setCertificate(null); 884 assertNull(selector.getCertificate()); 885 } 886 887 /** 888 * java.security.cert.X509CertSelector#setCertificateValid(java.util.Date) 889 */ 890 public void test_setCertificateValidLjava_util_Date() 891 throws Exception { 892 X509CertSelector selector = new X509CertSelector(); 893 894 Date date1 = new Date(100); 895 Date date2 = new Date(200); 896 TestCert cert1 = new TestCert(date1); 897 TestCert cert2 = new TestCert(date2); 898 899 selector.setCertificateValid(null); 900 assertNull(selector.getCertificateValid()); 901 selector.setCertificateValid(date1); 902 assertTrue("The certificate should match the selection criteria.", 903 selector.match(cert1)); 904 assertFalse("The certificate should not match the selection criteria.", 905 selector.match(cert2)); 906 selector.setCertificateValid(date2); 907 date2.setTime(300); 908 assertTrue("The certificate should match the selection criteria.", 909 selector.match(cert2)); 910 } 911 912 /** 913 * java.security.cert.X509CertSelector#setExtendedKeyUsage(Set<String>) 914 */ 915 public void test_setExtendedKeyUsageLjava_util_Set() throws Exception { 916 HashSet<String> ku1 = new HashSet<String>(Arrays.asList(new String[] { 917 "1.3.6.1.5.5.7.3.1", 918 "1.3.6.1.5.5.7.3.2", 919 "1.3.6.1.5.5.7.3.3", 920 "1.3.6.1.5.5.7.3.4", 921 "1.3.6.1.5.5.7.3.8", 922 "1.3.6.1.5.5.7.3.9", 923 "1.3.6.1.5.5.7.3.5", 924 "1.3.6.1.5.5.7.3.6", 925 "1.3.6.1.5.5.7.3.7" 926 })); 927 HashSet<String> ku2 = new HashSet<String>(Arrays.asList(new String[] { 928 "1.3.6.1.5.5.7.3.1", 929 "1.3.6.1.5.5.7.3.2", 930 "1.3.6.1.5.5.7.3.3", 931 "1.3.6.1.5.5.7.3.4", 932 "1.3.6.1.5.5.7.3.8", 933 "1.3.6.1.5.5.7.3.9", 934 "1.3.6.1.5.5.7.3.5", 935 "1.3.6.1.5.5.7.3.6" 936 })); 937 TestCert cert1 = new TestCert(ku1); 938 TestCert cert2 = new TestCert(ku2); 939 940 X509CertSelector selector = new X509CertSelector(); 941 942 selector.setExtendedKeyUsage(null); 943 assertTrue("Any certificate should match in the case of null " 944 + "extendedKeyUsage criteria.", 945 selector.match(cert1)&& selector.match(cert2)); 946 selector.setExtendedKeyUsage(ku1); 947 assertEquals(ku1, selector.getExtendedKeyUsage()); 948 949 selector.setExtendedKeyUsage(ku2); 950 assertEquals(ku2, selector.getExtendedKeyUsage()); 951 } 952 953 /** 954 * java.security.cert.X509CertSelector#setIssuer(byte[]) 955 */ 956 public void test_setIssuerLB$() throws Exception { 957 byte[] name1 = new byte[] 958 // manually obtained DER encoding of "O=First Org." issuer name; 959 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 960 116, 32, 79, 114, 103, 46 }; 961 byte[] name2 = new byte[] 962 // manually obtained DER encoding of "O=Second Org." issuer name; 963 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 964 110, 100, 32, 79, 114, 103, 46 }; 965 X500Principal iss1 = new X500Principal(name1); 966 X500Principal iss2 = new X500Principal(name2); 967 TestCert cert1 = new TestCert(iss1); 968 TestCert cert2 = new TestCert(iss2); 969 970 X509CertSelector selector = new X509CertSelector(); 971 972 selector.setIssuer((byte[]) null); 973 assertTrue("Any certificates should match " 974 + "in the case of null issuer criteria.", selector.match(cert1) 975 && selector.match(cert2)); 976 selector.setIssuer(name1); 977 assertTrue("The certificate should match the selection criteria.", 978 selector.match(cert1)); 979 assertFalse("The certificate should not match the selection criteria.", 980 selector.match(cert2)); 981 selector.setIssuer(name2); 982 assertTrue("The certificate should match the selection criteria.", 983 selector.match(cert2)); 984 } 985 986 /** 987 * java.security.cert.X509CertSelector#setIssuer(java.lang.String) 988 */ 989 public void test_setIssuerLjava_lang_String() throws Exception { 990 991 String name1 = "O=First Org."; 992 String name2 = "O=Second Org."; 993 X500Principal iss1 = new X500Principal(name1); 994 X500Principal iss2 = new X500Principal(name2); 995 TestCert cert1 = new TestCert(iss1); 996 TestCert cert2 = new TestCert(iss2); 997 998 X509CertSelector selector = new X509CertSelector(); 999 1000 selector.setIssuer((String) null); 1001 assertTrue("Any certificates should match " 1002 + "in the case of null issuer criteria.", 1003 selector.match(cert1) && selector.match(cert2)); 1004 selector.setIssuer(name1); 1005 assertTrue("The certificate should match the selection criteria.", 1006 selector.match(cert1)); 1007 assertFalse("The certificate should not match the selection criteria.", 1008 selector.match(cert2)); 1009 selector.setIssuer(name2); 1010 assertTrue("The certificate should match the selection criteria.", 1011 selector.match(cert2)); 1012 } 1013 1014 /** 1015 * java.security.cert.X509CertSelector#setIssuer(javax.security.auth.x500.X500Principal) 1016 */ 1017 public void test_setIssuerLjavax_security_auth_x500_X500Principal() 1018 throws Exception { 1019 X500Principal iss1 = new X500Principal("O=First Org."); 1020 X500Principal iss2 = new X500Principal("O=Second Org."); 1021 TestCert cert1 = new TestCert(iss1); 1022 TestCert cert2 = new TestCert(iss2); 1023 X509CertSelector selector = new X509CertSelector(); 1024 1025 selector.setIssuer((X500Principal) null); 1026 assertTrue("Any certificates should match " 1027 + "in the case of null issuer criteria.", 1028 selector.match(cert1) && selector.match(cert2)); 1029 selector.setIssuer(iss1); 1030 assertTrue("The certificate should match the selection criteria.", 1031 selector.match(cert1)); 1032 assertFalse("The certificate should not match the selection criteria.", 1033 selector.match(cert2)); 1034 selector.setIssuer(iss2); 1035 assertTrue("The certificate should match the selection criteria.", 1036 selector.match(cert2)); 1037 } 1038 1039 /** 1040 * java.security.cert.X509CertSelector#setKeyUsage(boolean) 1041 */ 1042 public void test_setKeyUsageZ() throws Exception { 1043 boolean[] ku1 = new boolean[] { true, true, true, true, true, true, 1044 true, true, true }; 1045 // decipherOnly is disallowed 1046 boolean[] ku2 = new boolean[] { true, true, true, true, true, true, 1047 true, true, false }; 1048 TestCert cert1 = new TestCert(ku1); 1049 TestCert cert2 = new TestCert(ku2); 1050 TestCert cert3 = new TestCert((boolean[]) null); 1051 1052 X509CertSelector selector = new X509CertSelector(); 1053 1054 selector.setKeyUsage(null); 1055 assertTrue("Any certificate should match in the case of null keyUsage criteria.", 1056 selector.match(cert1) && selector.match(cert2)); 1057 selector.setKeyUsage(ku1); 1058 assertTrue("The certificate should match the selection criteria.", 1059 selector.match(cert1)); 1060 assertFalse("The certificate should not match the selection criteria.", 1061 selector.match(cert2)); 1062 assertTrue("The certificate which does not have a keyUsage extension " 1063 + "implicitly allows all keyUsage values.", 1064 selector.match(cert3)); 1065 selector.setKeyUsage(ku2); 1066 ku2[0] = !ku2[0]; 1067 assertTrue("The certificate should match the selection criteria.", 1068 selector.match(cert2)); 1069 } 1070 1071 /** 1072 * java.security.cert.X509CertSelector#setMatchAllSubjectAltNames(boolean) 1073 */ 1074 public void test_setMatchAllSubjectAltNamesZ() { 1075 TestCert cert = new TestCert(); 1076 X509CertSelector selector = new X509CertSelector(); 1077 1078 assertTrue(selector.match(cert)); 1079 1080 assertFalse(selector.match(null)); 1081 } 1082 1083 /** 1084 * java.security.cert.X509CertSelector#setNameConstraints(byte[] 1085 * bytes) 1086 */ 1087 public void test_setNameConstraintsLB$() throws IOException { 1088 // GeneralName[] name_constraints = new GeneralName[] { 1089 // new GeneralName(1, "822.Name"), 1090 // new GeneralName(1, "rfc (at) 822.Name"), 1091 // new GeneralName(2, "Name.org"), 1092 // new GeneralName(2, "dNS.Name.org"), 1093 // 1094 // new GeneralName(6, "http://Resource.Id"), 1095 // new GeneralName(6, "http://uniform.Resource.Id"), 1096 // new GeneralName(7, "1.1.1.1"), 1097 // 1098 // new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1099 // 1, 1, 1, 1, 1 }), }; 1100 // 1101 // for (int i = 0; i < name_constraints.length; i++) { 1102 // GeneralSubtree subtree = new GeneralSubtree(name_constraints[i]); 1103 // GeneralSubtrees subtrees = new GeneralSubtrees(); 1104 // subtrees.addSubtree(subtree); 1105 // NameConstraints constraints = new NameConstraints(subtrees, 1106 // subtrees); 1107 // } 1108 X509CertSelector selector = new X509CertSelector(); 1109 1110 for (int i = 0; i < constraintBytes.length; i++) { 1111 selector.setNameConstraints(constraintBytes[i]); 1112 assertTrue(Arrays.equals(constraintBytes[i], selector.getNameConstraints())); 1113 } 1114 } 1115 1116 /** 1117 * java.security.cert.X509CertSelector#setPathToNames(Collection<List<?>>) 1118 */ 1119 public void test_setPathToNamesLjava_util_Collection() throws Exception { 1120 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", 1121 new byte[] { 1, 2, 0, 1 })); 1122 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 1123 GeneralName san2 = new GeneralName(2, "dNSName"); 1124 GeneralName san3 = new GeneralName(new ORAddress()); 1125 GeneralName san4 = new GeneralName(new Name("O=Organization")); 1126 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 1127 GeneralName san7 = new GeneralName(7, "1.1.1.1"); 1128 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 1129 1130 GeneralNames sans1 = new GeneralNames(); 1131 sans1.addName(san0); 1132 sans1.addName(san1); 1133 sans1.addName(san2); 1134 sans1.addName(san3); 1135 sans1.addName(san4); 1136 sans1.addName(san6); 1137 sans1.addName(san7); 1138 sans1.addName(san8); 1139 GeneralNames sans2 = new GeneralNames(); 1140 sans2.addName(san0); 1141 1142 TestCert cert1 = new TestCert(sans1); 1143 TestCert cert2 = new TestCert(sans2); 1144 X509CertSelector selector = new X509CertSelector(); 1145 selector.setMatchAllSubjectAltNames(true); 1146 1147 selector.setPathToNames(null); 1148 assertTrue("Any certificate should match in the case of null " 1149 + "subjectAlternativeNames criteria.", 1150 selector.match(cert1) && selector.match(cert2)); 1151 1152 Collection<List<?>> sans = sans1.getPairsList(); 1153 1154 selector.setPathToNames(sans); 1155 selector.getPathToNames(); 1156 } 1157 1158 /** 1159 * java.security.cert.X509CertSelector#setPolicy(Set<String>) 1160 */ 1161 public void test_setPolicyLjava_util_Set() throws IOException { 1162 String[] policies1 = new String[] { 1163 "1.3.6.1.5.5.7.3.1", 1164 "1.3.6.1.5.5.7.3.2", 1165 "1.3.6.1.5.5.7.3.3", 1166 "1.3.6.1.5.5.7.3.4", 1167 "1.3.6.1.5.5.7.3.8", 1168 "1.3.6.1.5.5.7.3.9", 1169 "1.3.6.1.5.5.7.3.5", 1170 "1.3.6.1.5.5.7.3.6", 1171 "1.3.6.1.5.5.7.3.7" 1172 }; 1173 1174 String[] policies2 = new String[] { "1.3.6.7.3.1" }; 1175 1176 HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1)); 1177 HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2)); 1178 1179 X509CertSelector selector = new X509CertSelector(); 1180 1181 TestCert cert1 = new TestCert(policies1); 1182 TestCert cert2 = new TestCert(policies2); 1183 1184 selector.setPolicy(null); 1185 assertTrue("Any certificate should match in the case of null " 1186 + "privateKeyValid criteria.", 1187 selector.match(cert1) && selector.match(cert2)); 1188 1189 selector.setPolicy(p1); 1190 assertTrue("The certificate should match the selection criteria.", 1191 selector.match(cert1)); 1192 assertFalse("The certificate should not match the selection criteria.", 1193 selector.match(cert2)); 1194 1195 selector.setPolicy(p2); 1196 assertFalse("The certificate should not match the selection criteria.", 1197 selector.match(cert1)); 1198 assertTrue("The certificate should match the selection criteria.", 1199 selector.match(cert2)); 1200 } 1201 1202 /** 1203 * java.security.cert.X509CertSelector#setPrivateKeyValid(java.util.Date) 1204 */ 1205 public void test_setPrivateKeyValidLjava_util_Date() 1206 throws Exception { 1207 Date date1 = new Date(100000000); 1208 Date date2 = new Date(200000000); 1209 Date date3 = new Date(300000000); 1210 Date date4 = new Date(150000000); 1211 Date date5 = new Date(250000000); 1212 TestCert cert1 = new TestCert(date1, date2); 1213 TestCert cert2 = new TestCert(date2, date3); 1214 1215 X509CertSelector selector = new X509CertSelector(); 1216 1217 selector.setPrivateKeyValid(null); 1218 assertTrue("Any certificate should match in the case of null " 1219 + "privateKeyValid criteria.", 1220 selector.match(cert1) && selector.match(cert2)); 1221 selector.setPrivateKeyValid(date4); 1222 assertTrue("The certificate should match the selection criteria.", 1223 selector.match(cert1)); 1224 assertFalse("The certificate should not match the selection criteria.", 1225 selector.match(cert2)); 1226 selector.setPrivateKeyValid(date5); 1227 date5.setTime(date4.getTime()); 1228 assertTrue("The certificate should match the selection criteria.", 1229 selector.match(cert2)); 1230 } 1231 1232 /** 1233 * java.security.cert.X509CertSelector#setSerialNumber(java.math.BigInteger) 1234 */ 1235 public void test_setSerialNumberLjava_math_BigInteger() 1236 throws Exception { 1237 BigInteger ser1 = new BigInteger("10000"); 1238 BigInteger ser2 = new BigInteger("10001"); 1239 TestCert cert1 = new TestCert(ser1); 1240 TestCert cert2 = new TestCert(ser2); 1241 X509CertSelector selector = new X509CertSelector(); 1242 1243 selector.setSerialNumber(null); 1244 assertTrue("Any certificate should match in the case of null " 1245 + "serialNumber criteria.", 1246 selector.match(cert1) && selector.match(cert2)); 1247 selector.setSerialNumber(ser1); 1248 assertTrue("The certificate should match the selection criteria.", 1249 selector.match(cert1)); 1250 assertFalse("The certificate should not match the selection criteria.", 1251 selector.match(cert2)); 1252 selector.setSerialNumber(ser2); 1253 assertTrue("The certificate should match the selection criteria.", 1254 selector.match(cert2)); 1255 } 1256 1257 /** 1258 * java.security.cert.X509CertSelector#setSubject(byte[]) 1259 */ 1260 public void test_setSubjectLB$() throws Exception { 1261 byte[] name1 = new byte[] 1262 // manually obtained DER encoding of "O=First Org." issuer name; 1263 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 1264 116, 32, 79, 114, 103, 46 }; 1265 byte[] name2 = new byte[] 1266 // manually obtained DER encoding of "O=Second Org." issuer name; 1267 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 1268 110, 100, 32, 79, 114, 103, 46 }; 1269 X500Principal sub1 = new X500Principal(name1); 1270 X500Principal sub2 = new X500Principal(name2); 1271 TestCert cert1 = new TestCert(sub1); 1272 TestCert cert2 = new TestCert(sub2); 1273 1274 X509CertSelector selector = new X509CertSelector(); 1275 1276 selector.setSubject((byte[]) null); 1277 assertTrue("Any certificates should match " 1278 + "in the case of null issuer criteria.", 1279 selector.match(cert1) && selector.match(cert2)); 1280 selector.setSubject(name1); 1281 assertTrue("The certificate should match the selection criteria.", 1282 selector.match(cert1)); 1283 assertFalse("The certificate should not match the selection criteria.", 1284 selector.match(cert2)); 1285 selector.setSubject(name2); 1286 assertTrue("The certificate should match the selection criteria.", 1287 selector.match(cert2)); 1288 } 1289 1290 /** 1291 * java.security.cert.X509CertSelector#setSubject(java.lang.String) 1292 */ 1293 public void test_setSubjectLjava_lang_String() throws Exception { 1294 String name1 = "O=First Org."; 1295 String name2 = "O=Second Org."; 1296 X500Principal sub1 = new X500Principal(name1); 1297 X500Principal sub2 = new X500Principal(name2); 1298 TestCert cert1 = new TestCert(sub1); 1299 TestCert cert2 = new TestCert(sub2); 1300 X509CertSelector selector = new X509CertSelector(); 1301 1302 selector.setSubject((String) null); 1303 assertTrue("Any certificates should match " 1304 + "in the case of null subject criteria.", 1305 selector.match(cert1) && selector.match(cert2)); 1306 selector.setSubject(name1); 1307 assertTrue("The certificate should match the selection criteria.", 1308 selector.match(cert1)); 1309 assertFalse("The certificate should not match the selection criteria.", 1310 selector.match(cert2)); 1311 selector.setSubject(name2); 1312 assertTrue("The certificate should match the selection criteria.", 1313 selector.match(cert2)); 1314 } 1315 1316 /** 1317 * java.security.cert.X509CertSelector#setSubject(javax.security.auth.x500.X500Principal) 1318 */ 1319 public void test_setSubjectLjavax_security_auth_x500_X500Principal() 1320 throws Exception { 1321 X500Principal sub1 = new X500Principal("O=First Org."); 1322 X500Principal sub2 = new X500Principal("O=Second Org."); 1323 TestCert cert1 = new TestCert(sub1); 1324 TestCert cert2 = new TestCert(sub2); 1325 X509CertSelector selector = new X509CertSelector(); 1326 1327 selector.setSubject((X500Principal) null); 1328 assertTrue("Any certificates should match " 1329 + "in the case of null subjcet criteria.", 1330 selector.match(cert1) && selector.match(cert2)); 1331 selector.setSubject(sub1); 1332 assertTrue("The certificate should match the selection criteria.", 1333 selector.match(cert1)); 1334 assertFalse("The certificate should not match the selection criteria.", 1335 selector.match(cert2)); 1336 selector.setSubject(sub2); 1337 assertTrue("The certificate should match the selection criteria.", 1338 selector.match(cert2)); 1339 } 1340 1341 /** 1342 * java.security.cert.X509CertSelector#setSubjectAlternativeNames(Collection<List<?>>) 1343 */ 1344 public void test_setSubjectAlternativeNamesLjava_util_Collection() throws Exception { 1345 1346 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", 1347 new byte[] { 1, 2, 0, 1 })); 1348 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 1349 GeneralName san2 = new GeneralName(2, "dNSName"); 1350 GeneralName san3 = new GeneralName(new ORAddress()); 1351 GeneralName san4 = new GeneralName(new Name("O=Organization")); 1352 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 1353 GeneralName san7 = new GeneralName(7, "1.1.1.1"); 1354 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 1355 1356 GeneralNames sans1 = new GeneralNames(); 1357 sans1.addName(san0); 1358 sans1.addName(san1); 1359 sans1.addName(san2); 1360 sans1.addName(san3); 1361 sans1.addName(san4); 1362 sans1.addName(san6); 1363 sans1.addName(san7); 1364 sans1.addName(san8); 1365 GeneralNames sans2 = new GeneralNames(); 1366 sans2.addName(san0); 1367 1368 TestCert cert1 = new TestCert(sans1); 1369 TestCert cert2 = new TestCert(sans2); 1370 X509CertSelector selector = new X509CertSelector(); 1371 selector.setMatchAllSubjectAltNames(true); 1372 1373 selector.setSubjectAlternativeNames(null); 1374 assertTrue("Any certificate should match in the case of null " 1375 + "subjectAlternativeNames criteria.", 1376 selector.match(cert1) && selector.match(cert2)); 1377 1378 Collection<List<?>> sans = sans1.getPairsList(); 1379 1380 selector.setSubjectAlternativeNames(sans); 1381 1382 selector.getSubjectAlternativeNames(); 1383 } 1384 1385 /** 1386 * java.security.cert.X509CertSelector#setSubjectKeyIdentifier(byte[]) 1387 */ 1388 public void test_setSubjectKeyIdentifierLB$() throws Exception { 1389 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 1390 byte[] skid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value 1391 TestCert cert1 = new TestCert(skid1); 1392 TestCert cert2 = new TestCert(skid2); 1393 X509CertSelector selector = new X509CertSelector(); 1394 1395 selector.setSubjectKeyIdentifier(null); 1396 assertTrue("Any certificate should match in the case of null " 1397 + "serialNumber criteria.", 1398 selector.match(cert1) && selector.match(cert2)); 1399 selector.setSubjectKeyIdentifier(skid1); 1400 assertTrue("The certificate should match the selection criteria.", 1401 selector.match(cert1)); 1402 assertFalse("The certificate should not match the selection criteria.", 1403 selector.match(cert2)); 1404 selector.setSubjectKeyIdentifier(skid2); 1405 skid2[0]++; 1406 assertTrue("The certificate should match the selection criteria.", 1407 selector.match(cert2)); 1408 } 1409 1410 /** 1411 * java.security.cert.X509CertSelector#setSubjectPublicKey(byte[]) 1412 */ 1413 public void test_setSubjectPublicKeyLB$() throws Exception { 1414 1415 //SubjectPublicKeyInfo ::= SEQUENCE { 1416 // algorithm AlgorithmIdentifier, 1417 // subjectPublicKey BIT STRING } 1418 byte[] enc = { 0x30, 0x0E, // SEQUENCE 1419 0x30, 0x07, // SEQUENCE 1420 0x06, 0x02, 0x03, 0x05,//OID 1421 0x01, 0x01, 0x07, //ANY 1422 0x03, 0x03, 0x01, 0x01, 0x06, // subjectPublicKey 1423 }; 1424 1425 X509CertSelector selector = new X509CertSelector(); 1426 1427 selector.setSubjectPublicKey(enc); 1428 PublicKey key = selector.getSubjectPublicKey(); 1429 assertEquals("0.3.5", key.getAlgorithm()); 1430 assertEquals("X.509", key.getFormat()); 1431 assertTrue(Arrays.equals(enc, key.getEncoded())); 1432 assertNotNull(key.toString()); 1433 } 1434 1435 /** 1436 * java.security.cert.X509CertSelector#setSubjectPublicKey(java.security.PublicKey key) 1437 */ 1438 public void test_setSubjectPublicKeyLjava_security_PublicKey() 1439 throws Exception { 1440 PublicKey pkey1 = new TestKeyPair("RSA").getPublic(); 1441 PublicKey pkey2 = new TestKeyPair("DSA").getPublic(); 1442 1443 TestCert cert1 = new TestCert(pkey1); 1444 TestCert cert2 = new TestCert(pkey2); 1445 X509CertSelector selector = new X509CertSelector(); 1446 1447 selector.setSubjectPublicKey((PublicKey) null); 1448 assertTrue("Any certificate should match in the case of null " 1449 + "subjectPublicKey criteria.", 1450 selector.match(cert1) && selector.match(cert2)); 1451 selector.setSubjectPublicKey(pkey1); 1452 assertTrue("The certificate should match the selection criteria.", 1453 selector.match(cert1)); 1454 assertFalse("The certificate should not match the selection criteria.", 1455 selector.match(cert2)); 1456 selector.setSubjectPublicKey(pkey2); 1457 assertTrue("The certificate should match the selection criteria.", 1458 selector.match(cert2)); 1459 } 1460 1461 /** 1462 * java.security.cert.X509CertSelector#setSubjectPublicKeyAlgID(java.lang.String) 1463 */ 1464 public void test_setSubjectPublicKeyAlgIDLjava_lang_String() throws Exception { 1465 1466 X509CertSelector selector = new X509CertSelector(); 1467 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA (source: 1468 // http://asn1.elibel.tm.fr) 1469 String pkaid2 = "1.2.840.10040.4.1"; // DSA (source: 1470 // http://asn1.elibel.tm.fr) 1471 PublicKey pkey1 = new TestKeyPair("RSA").getPublic();; 1472 PublicKey pkey2 = new TestKeyPair("DSA").getPublic();; 1473 1474 TestCert cert1 = new TestCert(pkey1); 1475 TestCert cert2 = new TestCert(pkey2); 1476 1477 selector.setSubjectPublicKeyAlgID(null); 1478 assertTrue("Any certificate should match in the case of null " 1479 + "subjectPublicKeyAlgID criteria.", 1480 selector.match(cert1) && selector.match(cert2)); 1481 1482 String[] validOIDs = { 1483 "0.0.20", 1484 "1.25.0", 1485 "2.0.39", 1486 "0.2.10", 1487 "1.35.15", 1488 "2.17.89", 1489 "2.5.29.16", 1490 "2.5.29.17", 1491 "2.5.29.30", 1492 "2.5.29.32", 1493 "2.5.29.37" 1494 }; 1495 1496 for (int i = 0; i < validOIDs.length; i++) { 1497 selector.setSubjectPublicKeyAlgID(validOIDs[i]); 1498 assertEquals(validOIDs[i], selector.getSubjectPublicKeyAlgID()); 1499 } 1500 1501 String[] invalidOIDs = { "0.20", "1.25", "2.39", "3.10" }; 1502 for (int i = 0; i < invalidOIDs.length; i++) { 1503 try { 1504 selector.setSubjectPublicKeyAlgID(invalidOIDs[i]); 1505 fail("IOException wasn't thrown for " + invalidOIDs[i]); 1506 } catch (IOException expected) { 1507 } 1508 } 1509 1510 selector.setSubjectPublicKeyAlgID(pkaid1); 1511 assertTrue("The certificate should match the selection criteria.", 1512 selector.match(cert1)); 1513 assertFalse("The certificate should not match the selection criteria.", 1514 selector.match(cert2)); 1515 selector.setSubjectPublicKeyAlgID(pkaid2); 1516 assertTrue("The certificate should match the selection criteria.", 1517 selector.match(cert2)); 1518 } 1519 1520 /** 1521 * java.security.cert.X509CertSelector#toString() 1522 */ 1523 public void test_toString() { 1524 X509CertSelector selector = new X509CertSelector(); 1525 assertNotNull(selector.toString()); 1526 } 1527 1528 public class MyPublicKey implements PublicKey { 1529 private static final long serialVersionUID = 2899528375354645752L; 1530 1531 public MyPublicKey() { 1532 super(); 1533 } 1534 1535 public String getAlgorithm() { 1536 return "PublicKey"; 1537 } 1538 1539 public String getFormat() { 1540 return "Format"; 1541 } 1542 1543 public byte[] getEncoded() { 1544 return new byte[0]; 1545 } 1546 1547 public long getSerVerUID() { 1548 return serialVersionUID; 1549 } 1550 } 1551 1552 private class TestCert extends X509Certificate { 1553 1554 private static final long serialVersionUID = 176676115254260405L; 1555 1556 /* Stuff fields */ 1557 protected String equalCriteria = null; // to simplify method equals() 1558 1559 protected BigInteger serialNumber = null; 1560 1561 protected X500Principal issuer = null; 1562 1563 protected X500Principal subject = null; 1564 1565 protected byte[] keyIdentifier = null; 1566 1567 protected Date date = null; 1568 1569 protected Date notBefore = null; 1570 1571 protected Date notAfter = null; 1572 1573 protected PublicKey key = null; 1574 1575 protected boolean[] keyUsage = null; 1576 1577 protected List<String> extKeyUsage = null; 1578 1579 protected int pathLen = 1; 1580 1581 protected GeneralNames sans = null; 1582 1583 protected byte[] encoding = null; 1584 1585 protected String[] policies = null; 1586 1587 protected Collection<List<?>> collection = null; 1588 1589 protected NameConstraints nameConstraints = null; 1590 1591 /* Stuff methods */ 1592 public TestCert() { 1593 } 1594 1595 public TestCert(GeneralNames sans) { 1596 setSubjectAlternativeNames(sans); 1597 } 1598 1599 public TestCert(NameConstraints nameConstraints) { 1600 this.nameConstraints = nameConstraints; 1601 } 1602 1603 public TestCert(Collection<List<?>> collection) { 1604 setCollection(collection); 1605 } 1606 1607 public TestCert(String equalCriteria) { 1608 setEqualCriteria(equalCriteria); 1609 } 1610 1611 public TestCert(String[] policies) { 1612 setPolicies(policies); 1613 } 1614 1615 public TestCert(BigInteger serial) { 1616 setSerialNumber(serial); 1617 } 1618 1619 public TestCert(X500Principal principal) { 1620 setIssuer(principal); 1621 setSubject(principal); 1622 } 1623 1624 public TestCert(byte[] array) { 1625 setKeyIdentifier(array); 1626 } 1627 1628 public TestCert(Date date) { 1629 setDate(date); 1630 } 1631 1632 public TestCert(Date notBefore, Date notAfter) { 1633 setPeriod(notBefore, notAfter); 1634 } 1635 1636 public TestCert(PublicKey key) { 1637 setPublicKey(key); 1638 } 1639 1640 public TestCert(boolean[] keyUsage) { 1641 setKeyUsage(keyUsage); 1642 } 1643 1644 public TestCert(Set<String> extKeyUsage) { 1645 setExtendedKeyUsage(extKeyUsage); 1646 } 1647 1648 public TestCert(int pathLen) { 1649 this.pathLen = pathLen; 1650 } 1651 1652 public void setSubjectAlternativeNames(GeneralNames sans) { 1653 this.sans = sans; 1654 } 1655 1656 public void setCollection(Collection<List<?>> collection) { 1657 this.collection = collection; 1658 } 1659 1660 public void setPolicies(String[] policies) { 1661 this.policies = policies; 1662 } 1663 1664 public void setExtendedKeyUsage(Set<String> extKeyUsage) { 1665 this.extKeyUsage = (extKeyUsage == null) ? null : new ArrayList<String>(extKeyUsage); 1666 } 1667 1668 public void setKeyUsage(boolean[] keyUsage) { 1669 this.keyUsage = (keyUsage == null) ? null : (boolean[]) keyUsage.clone(); 1670 } 1671 1672 public void setPublicKey(PublicKey key) { 1673 this.key = key; 1674 } 1675 1676 public void setPeriod(Date notBefore, Date notAfter) { 1677 this.notBefore = notBefore; 1678 this.notAfter = notAfter; 1679 } 1680 1681 public void setSerialNumber(BigInteger serial) { 1682 this.serialNumber = serial; 1683 } 1684 1685 public void setEqualCriteria(String equalCriteria) { 1686 this.equalCriteria = equalCriteria; 1687 } 1688 1689 public void setIssuer(X500Principal issuer) { 1690 this.issuer = issuer; 1691 } 1692 1693 public void setSubject(X500Principal subject) { 1694 this.subject = subject; 1695 } 1696 1697 public void setKeyIdentifier(byte[] subjectKeyID) { 1698 this.keyIdentifier = (byte[]) subjectKeyID.clone(); 1699 } 1700 1701 public void setDate(Date date) { 1702 this.date = new Date(date.getTime()); 1703 } 1704 1705 public void setEncoding(byte[] encoding) { 1706 this.encoding = encoding; 1707 } 1708 1709 /* Method implementations */ 1710 public boolean equals(Object cert) { 1711 if (cert == null) { 1712 return false; 1713 } 1714 if ((equalCriteria == null) 1715 || (((TestCert) cert).equalCriteria == null)) { 1716 return false; 1717 } else { 1718 return equalCriteria.equals(((TestCert) cert).equalCriteria); 1719 } 1720 } 1721 1722 public String toString() { 1723 if (equalCriteria != null) { 1724 return equalCriteria; 1725 } 1726 return ""; 1727 } 1728 1729 public void checkValidity() throws CertificateExpiredException, 1730 CertificateNotYetValidException { 1731 } 1732 1733 public void checkValidity(Date date) 1734 throws CertificateExpiredException, 1735 CertificateNotYetValidException { 1736 if (this.date == null) { 1737 throw new CertificateExpiredException(); 1738 } 1739 int result = this.date.compareTo(date); 1740 if (result > 0) { 1741 throw new CertificateExpiredException(); 1742 } 1743 if (result < 0) { 1744 throw new CertificateNotYetValidException(); 1745 } 1746 } 1747 1748 public int getVersion() { 1749 return 3; 1750 } 1751 1752 public BigInteger getSerialNumber() { 1753 return (serialNumber == null) ? new BigInteger("1111") 1754 : serialNumber; 1755 } 1756 1757 public Principal getIssuerDN() { 1758 return issuer; 1759 } 1760 1761 public X500Principal getIssuerX500Principal() { 1762 return issuer; 1763 } 1764 1765 public Principal getSubjectDN() { 1766 return subject; 1767 } 1768 1769 public X500Principal getSubjectX500Principal() { 1770 return subject; 1771 } 1772 1773 public Date getNotBefore() { 1774 return null; 1775 } 1776 1777 public Date getNotAfter() { 1778 return null; 1779 } 1780 1781 public byte[] getTBSCertificate() throws CertificateEncodingException { 1782 return null; 1783 } 1784 1785 public byte[] getSignature() { 1786 return null; 1787 } 1788 1789 public String getSigAlgName() { 1790 return null; 1791 } 1792 1793 public String getSigAlgOID() { 1794 return null; 1795 } 1796 1797 public byte[] getSigAlgParams() { 1798 return null; 1799 } 1800 1801 public boolean[] getIssuerUniqueID() { 1802 return null; 1803 } 1804 1805 public boolean[] getSubjectUniqueID() { 1806 return null; 1807 } 1808 1809 public boolean[] getKeyUsage() { 1810 return keyUsage; 1811 } 1812 1813 public List<String> getExtendedKeyUsage() 1814 throws CertificateParsingException { 1815 return extKeyUsage; 1816 } 1817 1818 public int getBasicConstraints() { 1819 return pathLen; 1820 } 1821 1822 public void verify(PublicKey key) throws CertificateException, 1823 NoSuchAlgorithmException, InvalidKeyException, 1824 NoSuchProviderException, SignatureException { 1825 } 1826 1827 public void verify(PublicKey key, String sigProvider) 1828 throws CertificateException, NoSuchAlgorithmException, 1829 InvalidKeyException, NoSuchProviderException, 1830 SignatureException { 1831 } 1832 1833 public PublicKey getPublicKey() { 1834 return key; 1835 } 1836 1837 public byte[] getEncoded() throws CertificateEncodingException { 1838 return encoding; 1839 } 1840 1841 public Set<String> getNonCriticalExtensionOIDs() { 1842 return null; 1843 } 1844 1845 public Set<String> getCriticalExtensionOIDs() { 1846 return null; 1847 } 1848 1849 public byte[] getExtensionValue(String oid) { 1850 1851 if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) { 1852 // Extension value is represented as an OctetString 1853 return ASN1OctetString.getInstance().encode(keyIdentifier); 1854 } 1855 if ("2.5.29.16".equals(oid)) { 1856 PrivateKeyUsagePeriod pkup = new PrivateKeyUsagePeriod( 1857 notBefore, notAfter); 1858 byte[] encoded = pkup.getEncoded(); 1859 return ASN1OctetString.getInstance().encode(encoded); 1860 } 1861 if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) { 1862 ASN1Oid[] oa = new ASN1Oid[extKeyUsage.size()]; 1863 String[] val = new String[extKeyUsage.size()]; 1864 Iterator it = extKeyUsage.iterator(); 1865 int id = 0; 1866 while (it.hasNext()) { 1867 oa[id] = ASN1Oid.getInstanceForString(); 1868 val[id++] = (String) it.next(); 1869 } 1870 return ASN1OctetString.getInstance().encode( 1871 new ASN1Sequence(oa).encode(val)); 1872 } 1873 if ("2.5.29.19".equals(oid)) { 1874 return ASN1OctetString.getInstance().encode( 1875 new ASN1Sequence(new ASN1Type[] { 1876 ASN1Boolean.getInstance(), 1877 ASN1Integer.getInstance() }) 1878 .encode(new Object[] { 1879 new Boolean(pathLen != 1), 1880 BigInteger.valueOf(pathLen).toByteArray() })); 1881 } 1882 if ("2.5.29.17".equals(oid) && (sans != null)) { 1883 if (sans.getNames() == null) { 1884 return null; 1885 } 1886 return ASN1OctetString.getInstance().encode( 1887 GeneralNames.ASN1.encode(sans)); 1888 } 1889 if ("2.5.29.32".equals(oid) && (policies != null) 1890 && (policies.length > 0)) { 1891 // Certificate Policies Extension (as specified in rfc 3280) 1892 CertificatePolicies certificatePolicies = new CertificatePolicies(); 1893 for (int i = 0; i < policies.length; i++) { 1894 PolicyInformation policyInformation = new PolicyInformation( 1895 policies[i]); 1896 certificatePolicies.addPolicyInformation(policyInformation); 1897 } 1898 return ASN1OctetString.getInstance().encode( 1899 certificatePolicies.getEncoded()); 1900 } 1901 if ("2.5.29.30".equals(oid) && (nameConstraints != null)) { // 1902 // Name 1903 // Constraints 1904 // Extension 1905 // (as 1906 // specified 1907 // in 1908 // rfc 1909 // 3280) 1910 return ASN1OctetString.getInstance().encode( 1911 nameConstraints.getEncoded()); 1912 } 1913 1914 return null; 1915 } 1916 1917 public boolean hasUnsupportedCriticalExtension() { 1918 return false; 1919 } 1920 1921 } 1922 1923 public X509Certificate rootCertificate; 1924 1925 public X509Certificate endCertificate; 1926 1927 public MyCRL crl; 1928 1929 private X509CertSelector theCertSelector; 1930 1931 private CertPathBuilder builder; 1932 1933 private void setupEnvironment() throws Exception { 1934 // create certificates and CRLs 1935 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 1936 ByteArrayInputStream bi = new ByteArrayInputStream(TestUtils.rootCert.getBytes()); 1937 rootCertificate = (X509Certificate) cf.generateCertificate(bi); 1938 bi = new ByteArrayInputStream(TestUtils.endCert.getBytes()); 1939 endCertificate = (X509Certificate) cf.generateCertificate(bi); 1940 1941 BigInteger revokedSerialNumber = BigInteger.valueOf(1); 1942 crl = new MyCRL("X.509"); 1943 // X509CRL rootCRL = X509CRL; 1944 // X509CRL interCRL = X509CRLExample.createCRL(interCert, 1945 // interPair.getPrivate(), 1946 // revokedSerialNumber); 1947 1948 // create CertStore to support path building 1949 List<Object> list = new ArrayList<Object>(); 1950 1951 list.add(rootCertificate); 1952 list.add(endCertificate); 1953 1954 // CollectionCertStoreParameters params = new CollectionCertStoreParameters(list); 1955 // CertStore store = CertStore.getInstance("Collection", params); 1956 // 1957 theCertSelector = new X509CertSelector(); 1958 theCertSelector.setCertificate(endCertificate); 1959 theCertSelector.setIssuer(endCertificate.getIssuerX500Principal().getEncoded()); 1960 1961 // build the path 1962 builder = CertPathBuilder.getInstance("PKIX"); 1963 1964 } 1965 1966 private CertPath buildCertPath() throws InvalidAlgorithmParameterException { 1967 PKIXCertPathBuilderResult result = null; 1968 PKIXBuilderParameters buildParams = new PKIXBuilderParameters( 1969 Collections.singleton(new TrustAnchor(rootCertificate, null)), 1970 theCertSelector); 1971 try { 1972 result = (PKIXCertPathBuilderResult) builder.build(buildParams); 1973 } catch(CertPathBuilderException e) { 1974 return null; 1975 } 1976 return result.getCertPath(); 1977 } 1978 1979 /** 1980 * java.security.cert.X509CertSelector#addPathToName(int, byte[]) 1981 */ 1982 public void test_addPathToNameLintLbyte_array2() throws Exception { 1983 TestUtils.initCertPathSSCertChain(); 1984 setupEnvironment(); 1985 byte[] bytes, bytesName; 1986 // GeneralName name = new GeneralName(1, "822.Name"); 1987 // bytes = name.getEncoded(); 1988 // bytesName = name.getEncodedName(); 1989 bytes = new byte[] {-127, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 1990 bytesName = new byte[] {22, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 1991 bytes[bytes.length-3] = (byte) 200; 1992 1993 try { 1994 theCertSelector.addPathToName(1, bytes); 1995 } catch (IOException e) { 1996 // ok 1997 } 1998 1999 theCertSelector.setPathToNames(null); 2000 2001 theCertSelector.addPathToName(1, bytesName); 2002 assertNotNull(theCertSelector.getPathToNames()); 2003 CertPath p = buildCertPath(); 2004 assertNull(p); 2005 2006 theCertSelector.setPathToNames(null); 2007 2008 // name = new GeneralName(new Name("O=Android")); 2009 // theCertSelector.addPathToName(4, endCertificate.getSubjectDN().getName()); 2010 theCertSelector.addPathToName(4, TestUtils.rootCertificateSS.getIssuerX500Principal().getEncoded()); 2011 assertNotNull(theCertSelector.getPathToNames()); 2012 p = TestUtils.buildCertPathSSCertChain(); 2013 assertNotNull(p); 2014 } 2015 2016 /** 2017 * java.security.cert.X509CertSelector#addPathToName(int, String) 2018 */ 2019 public void test_addPathToNameLintLjava_lang_String2() throws Exception { 2020 setupEnvironment(); 2021 byte[] bytes, bytesName; 2022 // GeneralName name = new GeneralName(1, "822.Name"); 2023 // bytes = name.getEncoded(); 2024 // bytesName = name.getEncodedName(); 2025 bytes = new byte[] {-127, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2026 bytesName = new byte[] {22, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2027 assertNotNull(bytes); 2028 byte[] b = new byte[bytes.length]; 2029 b = bytes; 2030 b[bytes.length-3] = (byte) 200; 2031 2032 try { 2033 theCertSelector.addPathToName(1, new String(b)); 2034 } catch (IOException e) { 2035 // ok 2036 } 2037 2038 theCertSelector.setPathToNames(null); 2039 2040 theCertSelector.addPathToName(1, new String(bytesName)); 2041 assertNotNull(theCertSelector.getPathToNames()); 2042 2043 CertPath p = buildCertPath(); 2044 assertNull(p); 2045 2046 theCertSelector.setPathToNames(null); 2047 theCertSelector.addPathToName(1, rootCertificate.getIssuerX500Principal().getName()); 2048 assertNotNull(theCertSelector.getPathToNames()); 2049 //p = buildCertPath(); 2050 //assertNotNull(p); 2051 } 2052 2053 /** 2054 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[]) 2055 */ 2056 public void test_addSubjectAlternativeNameLintLbyte_array2() 2057 throws Exception { 2058 2059 2060 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", 2061 new byte[] {1, 2, 0, 1})); 2062 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 2063 GeneralName san2 = new GeneralName(2, "dNSName"); 2064 2065 GeneralNames sans1 = new GeneralNames(); 2066 sans1.addName(san0); 2067 sans1.addName(san1); 2068 sans1.addName(san2); 2069 2070 X509CertSelector selector = new X509CertSelector(); 2071 2072 selector.addSubjectAlternativeName(0, san0.getEncodedName()); 2073 selector.addSubjectAlternativeName(1, san1.getEncodedName()); 2074 selector.addSubjectAlternativeName(2, san2.getEncodedName()); 2075 2076 GeneralNames sans2 = new GeneralNames(); 2077 sans2.addName(san0); 2078 2079 TestCert cert1 = new TestCert(sans1); 2080 TestCert cert2 = new TestCert(sans2); 2081 2082 assertTrue(selector.match(cert1)); 2083 assertFalse(selector.match(cert2)); 2084 2085 selector.setSubjectAlternativeNames(null); 2086 2087 GeneralName name = new GeneralName(new Name("O=Android")); 2088 try { 2089 selector.addSubjectAlternativeName(0, name.getEncodedName()); 2090 } catch (IOException e) { 2091 // ok 2092 } 2093 2094 } 2095 2096 /** 2097 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String) 2098 */ 2099 public void test_addSubjectAlternativeNameLintLjava_lang_String2() throws Exception{ 2100 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 2101 GeneralName san2 = new GeneralName(2, "dNSName"); 2102 2103 GeneralNames sans1 = new GeneralNames(); 2104 sans1.addName(san6); 2105 sans1.addName(san2); 2106 2107 X509CertSelector selector = new X509CertSelector(); 2108 2109 selector.addSubjectAlternativeName(6, "http://uniform.Resource.Id"); 2110 selector.addSubjectAlternativeName(2, "dNSName"); 2111 2112 GeneralNames sans2 = new GeneralNames(); 2113 sans2.addName(san2); 2114 2115 TestCert cert1 = new TestCert(sans1); 2116 TestCert cert2 = new TestCert(sans2); 2117 2118 assertTrue(selector.match(cert1)); 2119 assertFalse(selector.match(cert2)); 2120 2121 selector.setSubjectAlternativeNames(null); 2122 2123 GeneralName name = new GeneralName(new Name("O=Android")); 2124 try { 2125 selector.addSubjectAlternativeName(0, (name.toString())); 2126 } catch (IOException e) { 2127 // ok 2128 } 2129 2130 } 2131 } 2132
