1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 /** 19 * @author Vladimir N. Molotkov 20 * @version $Revision$ 21 */ 22 23 package tests.security.cert; 24 25 import junit.framework.TestCase; 26 27 import java.io.ByteArrayInputStream; 28 import java.security.InvalidAlgorithmParameterException; 29 import java.security.InvalidParameterException; 30 import java.security.KeyStore; 31 import java.security.KeyStoreException; 32 import java.security.cert.CertificateFactory; 33 import java.security.cert.PKIXBuilderParameters; 34 import java.security.cert.PKIXParameters; 35 import java.security.cert.TrustAnchor; 36 import java.security.cert.X509CertSelector; 37 import java.security.cert.X509Certificate; 38 import java.util.HashSet; 39 import java.util.Set; 40 41 import org.apache.harmony.security.tests.support.cert.TestUtils; 42 43 /** 44 * Tests for <code>PKIXBuilderParameters</code> fields and methods 45 * 46 */ 47 public class PKIXBuilderParametersTest extends TestCase { 48 String certificate = "-----BEGIN CERTIFICATE-----\n" 49 + "MIICZTCCAdICBQL3AAC2MA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw\n" 50 + "HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl\n" 51 + "IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NzAyMjAwMDAwMDBa\n" 52 + "Fw05ODAyMjAyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv\n" 53 + "cm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMR8wHQYDVQQKExZTdW4gTWljcm9zeXN0\n" 54 + "ZW1zLCBJbmMuMSEwHwYDVQQLExhUZXN0IGFuZCBFdmFsdWF0aW9uIE9ubHkxGjAY\n" 55 + "BgNVBAMTEWFyZ29uLmVuZy5zdW4uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n" 56 + "iQKBgQCofmdY+PiUWN01FOzEewf+GaG+lFf132UpzATmYJkA4AEA/juW7jSi+LJk\n" 57 + "wJKi5GO4RyZoyimAL/5yIWDV6l1KlvxyKslr0REhMBaD/3Z3EsLTTEf5gVrQS6sT\n" 58 + "WMoSZAyzB39kFfsB6oUXNtV8+UKKxSxKbxvhQn267PeCz5VX2QIDAQABMA0GCSqG\n" 59 + "SIb3DQEBAgUAA34AXl3at6luiV/7I9MN5CXYoPJYI8Bcdc1hBagJvTMcmlqL2uOZ\n" 60 + "H9T5hNMEL9Tk6aI7yZPXcw/xI2K6pOR/FrMp0UwJmdxX7ljV6ZtUZf7pY492UqwC\n" 61 + "1777XQ9UEZyrKJvF5ntleeO0ayBqLGVKCWzWZX9YsXCpv47FNLZbupE=\n" 62 + "-----END CERTIFICATE-----\n"; 63 64 String certificate2 = "-----BEGIN CERTIFICATE-----\n" 65 + "MIICZzCCAdCgAwIBAgIBGzANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJVUzEY\n" 66 + "MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT\n" 67 + "A1BLSTEcMBoGA1UEAxMTRG9EIFBLSSBNZWQgUm9vdCBDQTAeFw05ODA4MDMyMjAy\n" 68 + "MjlaFw0wODA4MDQyMjAyMjlaMGExCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMu\n" 69 + "IEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRwwGgYDVQQD\n" 70 + "ExNEb0QgUEtJIE1lZCBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" 71 + "gQDbrM/J9FrJSX+zxFUbsI9Vw5QbguVBIa95rwW/0M8+sM0r5gd+DY6iubm6wnXk\n" 72 + "CSvbfQlFEDSKr4WYeeGp+d9WlDnQdtDFLdA45tCi5SHjnW+hGAmZnld0rz6wQekF\n" 73 + "5xQaa5A6wjhMlLOjbh27zyscrorMJ1O5FBOWnEHcRv6xqQIDAQABoy8wLTAdBgNV\n" 74 + "HQ4EFgQUVrmYR6m9701cHQ3r5kXyG7zsCN0wDAYDVR0TBAUwAwEB/zANBgkqhkiG\n" 75 + "9w0BAQUFAAOBgQDVX1Y0YqC7vekeZjVxtyuC8Mnxbrz6D109AX07LEIRzNYzwZ0w\n" 76 + "MTImSp9sEzWW+3FueBIU7AxGys2O7X0qmN3zgszPfSiocBuQuXIYQctJhKjF5KVc\n" 77 + "VGQRYYlt+myhl2vy6yPzEVCjiKwMEb1Spu0irCf+lFW2hsdjvmSQMtZvOw==\n" 78 + "-----END CERTIFICATE-----\n"; 79 80 /** 81 * Test #1 for <code>PKIXBuilderParameters(Set, CertSelector)</code> 82 * constructor<br> 83 * Assertion: creates an instance of <code>PKIXBuilderParameters</code> 84 * @throws InvalidAlgorithmParameterException 85 */ 86 public final void testPKIXBuilderParametersSetCertSelector01() 87 throws InvalidAlgorithmParameterException { 88 Set<TrustAnchor> taSet = TestUtils.getTrustAnchorSet(); 89 if (taSet == null) { 90 fail(getName() + ": not performed (could not create test TrustAnchor set)"); 91 } 92 // both parameters are valid and non-null 93 PKIXParameters p = 94 new PKIXBuilderParameters(taSet, new X509CertSelector()); 95 assertTrue("instanceOf", p instanceof PKIXBuilderParameters); 96 assertNotNull("certSelector", p.getTargetCertConstraints()); 97 } 98 99 /** 100 * Test #2 for <code>PKIXBuilderParameters(Set, CertSelector)</code> 101 * constructor<br> 102 * Assertion: creates an instance of <code>PKIXBuilderParameters</code> 103 * @throws InvalidAlgorithmParameterException 104 */ 105 public final void testPKIXBuilderParametersSetCertSelector02() 106 throws InvalidAlgorithmParameterException { 107 Set<TrustAnchor> taSet = TestUtils.getTrustAnchorSet(); 108 if (taSet == null) { 109 fail(getName() + ": not performed (could not create test TrustAnchor set)"); 110 } 111 // both parameters are valid but CertSelector is null 112 PKIXParameters p = new PKIXBuilderParameters(taSet, null); 113 assertTrue("instanceOf", p instanceof PKIXBuilderParameters); 114 assertNull("certSelector", p.getTargetCertConstraints()); 115 } 116 117 /** 118 * Test #3 for <code>PKIXBuilderParameters(Set, CertSelector)</code> 119 * constructor<br> 120 * Assertion: ... the <code>Set</code> is copied to protect against 121 * subsequent modifications 122 * @throws InvalidAlgorithmParameterException 123 */ 124 @SuppressWarnings("unchecked") 125 public final void testPKIXBuilderParametersSetCertSelector03() 126 throws InvalidAlgorithmParameterException { 127 Set<TrustAnchor> taSet = TestUtils.getTrustAnchorSet(); 128 if (taSet == null) { 129 fail(getName() + ": not performed (could not create test TrustAnchor set)"); 130 } 131 HashSet<TrustAnchor> originalSet = (HashSet<TrustAnchor>) taSet; 132 HashSet<TrustAnchor> originalSetCopy = (HashSet<TrustAnchor>) originalSet 133 .clone(); 134 // create test object using originalSet 135 PKIXBuilderParameters pp = 136 new PKIXBuilderParameters(originalSetCopy, null); 137 // modify originalSet 138 originalSetCopy.clear(); 139 // check that test object's internal state 140 // has not been affected by the above modification 141 Set returnedSet = pp.getTrustAnchors(); 142 assertEquals(originalSet, returnedSet); 143 } 144 145 /** 146 * Test #4 for <code>PKIXBuilderParameters(Set, CertSelector)</code> 147 * constructor<br> 148 * Assertion: <code>NullPointerException</code> - 149 * if the specified <code>Set</code> is null 150 */ 151 public final void testPKIXBuilderParametersSetCertSelector04() throws Exception { 152 try { 153 // pass null 154 new PKIXBuilderParameters((Set<TrustAnchor>) null, null); 155 fail("NPE expected"); 156 } catch (NullPointerException e) { 157 } 158 } 159 160 /** 161 * Test #5 for <code>PKIXBuilderParameters(Set, CertSelector)</code> 162 * constructor<br> 163 * Assertion: <code>InvalidAlgorithmParameterException</code> - 164 * if the specified <code>Set</code> is empty 165 * (<code>trustAnchors.isEmpty() == true</code>) 166 */ 167 public final void testPKIXBuilderParametersSetCertSelector05() { 168 try { 169 // use empty set 170 new PKIXBuilderParameters(new HashSet<TrustAnchor>(), null); 171 fail("InvalidAlgorithmParameterException expected"); 172 } catch (InvalidAlgorithmParameterException e) { 173 } 174 } 175 176 /** 177 * Test #1 for <code>PKIXBuilderParameters(KeyStore, CertSelector)</code> 178 * constructor<br> 179 * Assertion: <code>NullPointerException</code> - if the 180 * <code>keystore</code> is <code>null</code> 181 */ 182 public final void testPKIXBuilderParametersKeyStoreCertSelector01() 183 throws Exception { 184 try { 185 new PKIXBuilderParameters((KeyStore) null, new X509CertSelector()); 186 fail("NullPointerException expected"); 187 } catch (NullPointerException e) { 188 // expected 189 } 190 } 191 192 /** 193 * Test #2 for <code>PKIXBuilderParameters(KeyStore, CertSelector)</code> 194 * constructor<br> 195 * Assertion: <code>KeyStoreException</code> - if the 196 * <code>keystore</code> has not been initialized 197 */ 198 public final void testPKIXBuilderParametersKeyStoreCertSelector02() 199 throws Exception { 200 KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType()); 201 try { 202 new PKIXBuilderParameters(keyTest, null); 203 fail("KeyStoreException expected"); 204 } catch (KeyStoreException e) { 205 // expected 206 } 207 } 208 209 /** 210 * Test #3 for <code>PKIXBuilderParameters(KeyStore, CertSelector)</code> 211 * constructor<br> 212 * Assertion: <code>InvalidAlgorithmParameterException</code> - if the 213 * <code>keystore</code> does not contain at least one trusted certificate 214 * entry 215 */ 216 public final void testPKIXBuilderParametersKeyStoreCertSelector03() 217 throws Exception { 218 KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType()); 219 keyTest.load(null, null); 220 try { 221 new PKIXBuilderParameters(keyTest, new X509CertSelector()); 222 fail("InvalidAlgorithmParameterException expected"); 223 } catch (InvalidAlgorithmParameterException e) { 224 // expected 225 } 226 } 227 228 /** 229 * Test #4 for <code>PKIXBuilderParameters(KeyStore, CertSelector)</code> 230 * constructor<br> 231 * Assertion: <code>NullPointerException</code> - 232 * if the <code>keystore</code> is <code>null</code> 233 */ 234 public final void testPKIXBuilderParametersKeyStoreCertSelector04() 235 throws Exception { 236 KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType()); 237 keyTest.load(null, null); 238 239 ByteArrayInputStream certArray = new ByteArrayInputStream(certificate 240 .getBytes()); 241 242 ByteArrayInputStream certArray2 = new ByteArrayInputStream(certificate2 243 .getBytes()); 244 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 245 X509Certificate cert[] = new X509Certificate[2]; 246 cert[0] = (X509Certificate) cf.generateCertificate(certArray); 247 cert[1] = (X509Certificate) cf.generateCertificate(certArray2); 248 249 keyTest.setCertificateEntry("alias1", cert[0]); 250 keyTest.setCertificateEntry("alias2", cert[0]); 251 keyTest.setCertificateEntry("alias3", cert[1]); 252 253 try { 254 PKIXBuilderParameters p = new PKIXBuilderParameters(keyTest, 255 new X509CertSelector()); 256 assertEquals(3, p.getTrustAnchors().size()); 257 assertEquals(5, p.getMaxPathLength()); 258 } catch (Exception e) { 259 fail("Unexpected exception " + e.getMessage()); 260 } 261 } 262 263 /** 264 * Test for <code>getMaxPathLength()</code> 265 */ 266 public final void testGetMaxPathLength() throws Exception { 267 KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType()); 268 keyTest.load(null, null); 269 270 ByteArrayInputStream certArray = new ByteArrayInputStream(certificate 271 .getBytes()); 272 273 ByteArrayInputStream certArray2 = new ByteArrayInputStream(certificate2 274 .getBytes()); 275 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 276 X509Certificate cert[] = new X509Certificate[2]; 277 cert[0] = (X509Certificate) cf.generateCertificate(certArray); 278 cert[1] = (X509Certificate) cf.generateCertificate(certArray2); 279 280 keyTest.setCertificateEntry("alias1", cert[0]); 281 keyTest.setCertificateEntry("alias2", cert[0]); 282 keyTest.setCertificateEntry("alias3", cert[1]); 283 284 PKIXBuilderParameters p = new PKIXBuilderParameters(keyTest, 285 new X509CertSelector()); 286 assertEquals(5, p.getMaxPathLength()); 287 p.setMaxPathLength(10); 288 assertEquals(10, p.getMaxPathLength()); 289 } 290 291 /** 292 * Test for <code>setMaxPathLength()</code> 293 */ 294 public final void testSetMaxPathLength() throws Exception { 295 KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType()); 296 keyTest.load(null, null); 297 298 ByteArrayInputStream certArray = new ByteArrayInputStream(certificate 299 .getBytes()); 300 301 ByteArrayInputStream certArray2 = new ByteArrayInputStream(certificate2 302 .getBytes()); 303 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 304 X509Certificate cert[] = new X509Certificate[2]; 305 cert[0] = (X509Certificate) cf.generateCertificate(certArray); 306 cert[1] = (X509Certificate) cf.generateCertificate(certArray2); 307 308 keyTest.setCertificateEntry("alias1", cert[0]); 309 keyTest.setCertificateEntry("alias2", cert[0]); 310 keyTest.setCertificateEntry("alias3", cert[1]); 311 312 PKIXBuilderParameters p = new PKIXBuilderParameters(keyTest, 313 new X509CertSelector()); 314 315 assertEquals(5, p.getMaxPathLength()); 316 p.setMaxPathLength(10); 317 assertEquals(10, p.getMaxPathLength()); 318 p.setMaxPathLength(0); 319 assertEquals(0, p.getMaxPathLength()); 320 p.setMaxPathLength(-1); 321 assertEquals(-1, p.getMaxPathLength()); 322 323 int[] maxPathLength = {-2, -10, Integer.MIN_VALUE}; 324 for (int i = 0; i < maxPathLength.length; i++) { 325 try { 326 p.setMaxPathLength(maxPathLength[i]); 327 fail("InvalidParameterException expected "); 328 } catch (InvalidParameterException e) { 329 // expected 330 } 331 } 332 } 333 334 /** 335 * Test for <code>toString()</code> 336 */ 337 public final void testToString() throws Exception { 338 KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType()); 339 keyTest.load(null, null); 340 341 ByteArrayInputStream certArray = new ByteArrayInputStream(certificate 342 .getBytes()); 343 344 ByteArrayInputStream certArray2 = new ByteArrayInputStream(certificate2 345 .getBytes()); 346 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 347 X509Certificate cert[] = new X509Certificate[2]; 348 cert[0] = (X509Certificate) cf.generateCertificate(certArray); 349 cert[1] = (X509Certificate) cf.generateCertificate(certArray2); 350 351 keyTest.setCertificateEntry("alias1", cert[0]); 352 keyTest.setCertificateEntry("alias2", cert[0]); 353 keyTest.setCertificateEntry("alias3", cert[1]); 354 355 PKIXBuilderParameters p = new PKIXBuilderParameters(keyTest, 356 new X509CertSelector()); 357 assertNotNull(p.toString()); 358 359 } 360 } 361