1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 /** 19 * @author Alexander Y. Kleymenov 20 */ 21 22 package java.security.cert; 23 24 import java.io.IOException; 25 import java.math.BigInteger; 26 import java.security.InvalidKeyException; 27 import java.security.NoSuchAlgorithmException; 28 import java.security.NoSuchProviderException; 29 import java.security.Principal; 30 import java.security.PublicKey; 31 import java.security.SignatureException; 32 import java.security.cert.CertificateEncodingException; 33 import java.security.cert.CertificateException; 34 import java.security.cert.CertificateExpiredException; 35 import java.security.cert.CertificateNotYetValidException; 36 import java.security.cert.X509Certificate; 37 import java.security.spec.InvalidKeySpecException; 38 import java.util.Date; 39 import java.util.Set; 40 import java.util.HashSet; 41 import java.util.Arrays; 42 import java.util.ArrayList; 43 import java.util.List; 44 import java.util.Iterator; 45 import java.util.Collection; 46 import javax.security.auth.x500.X500Principal; 47 48 import org.apache.harmony.security.asn1.ASN1Boolean; 49 import org.apache.harmony.security.asn1.ASN1Integer; 50 import org.apache.harmony.security.asn1.ASN1OctetString; 51 import org.apache.harmony.security.asn1.ASN1Oid; 52 import org.apache.harmony.security.asn1.ASN1Sequence; 53 import org.apache.harmony.security.asn1.ASN1Type; 54 55 import org.apache.harmony.security.tests.support.TestKeyPair; 56 import org.apache.harmony.security.x501.Name; 57 import org.apache.harmony.security.x509.AlgorithmIdentifier; 58 import org.apache.harmony.security.x509.CertificatePolicies; 59 import org.apache.harmony.security.x509.EDIPartyName; 60 import org.apache.harmony.security.x509.Extension; 61 import org.apache.harmony.security.x509.Extensions; 62 import org.apache.harmony.security.x509.GeneralName; 63 import org.apache.harmony.security.x509.GeneralNames; 64 import org.apache.harmony.security.x509.GeneralSubtree; 65 import org.apache.harmony.security.x509.GeneralSubtrees; 66 import org.apache.harmony.security.x509.NameConstraints; 67 import org.apache.harmony.security.x509.ORAddress; 68 import org.apache.harmony.security.x509.OtherName; 69 import org.apache.harmony.security.x509.PolicyInformation; 70 import org.apache.harmony.security.x509.PrivateKeyUsagePeriod; 71 import org.apache.harmony.security.x509.SubjectPublicKeyInfo; 72 import org.apache.harmony.security.x509.TBSCertificate; 73 import org.apache.harmony.security.x509.Validity; 74 75 76 import junit.framework.Test; 77 import junit.framework.TestCase; 78 import junit.framework.TestSuite; 79 80 /** 81 * X509CertSelectorTest 82 */ 83 public class X509CertSelectorTest extends TestCase { 84 85 /** 86 * The abstract class stub implementation. 87 */ 88 private class TestCert extends X509Certificate { 89 90 /* Stuff fields */ 91 protected String equalCriteria = null; // to simplify method equals() 92 protected BigInteger serialNumber = null; 93 protected X500Principal issuer = null; 94 protected X500Principal subject = null; 95 protected byte[] keyIdentifier = null; 96 protected Date date = null; 97 protected Date notBefore = null; 98 protected Date notAfter = null; 99 protected PublicKey key = null; 100 protected boolean[] keyUsage = null; 101 protected List extKeyUsage = null; 102 protected int pathLen = -1; 103 protected GeneralNames sans = null; 104 protected byte[] encoding = null; 105 protected String[] policies = null; 106 protected NameConstraints nameConstraints = null; 107 108 /* Stuff methods */ 109 public TestCert() { 110 } 111 112 public TestCert(GeneralNames sans) { 113 setSubjectAlternativeNames(sans); 114 } 115 116 public TestCert(NameConstraints nameConstraints) { 117 this.nameConstraints = nameConstraints; 118 } 119 120 public TestCert(String equalCriteria) { 121 setEqualCriteria(equalCriteria); 122 } 123 124 public TestCert(String[] policies) { 125 setPolicies(policies); 126 } 127 128 public TestCert(BigInteger serial) { 129 setSerialNumber(serial); 130 } 131 132 public TestCert(X500Principal principal) { 133 setIssuer(principal); 134 setSubject(principal); 135 } 136 137 public TestCert(byte[] array) { 138 setKeyIdentifier(array); 139 } 140 141 public TestCert(Date date) { 142 setDate(date); 143 } 144 145 public TestCert(Date notBefore, Date notAfter) { 146 setPeriod(notBefore, notAfter); 147 } 148 149 public TestCert(PublicKey key) { 150 setPublicKey(key); 151 } 152 153 public TestCert(boolean[] keyUsage) { 154 setKeyUsage(keyUsage); 155 } 156 157 public TestCert(Set extKeyUsage) { 158 setExtendedKeyUsage(extKeyUsage); 159 } 160 161 public TestCert(int pathLen) { 162 this.pathLen = pathLen; 163 } 164 165 public void setPolicies(String[] policies) { 166 this.policies = policies; 167 } 168 169 public void setSubjectAlternativeNames(GeneralNames sans) { 170 this.sans = sans; 171 } 172 173 public void setExtendedKeyUsage(Set extKeyUsage) { 174 this.extKeyUsage = (extKeyUsage == null) 175 ? null 176 : new ArrayList(extKeyUsage); 177 } 178 179 public void setKeyUsage(boolean[] keyUsage) { 180 this.keyUsage = (keyUsage == null) ? null 181 : (boolean[]) keyUsage.clone(); 182 } 183 184 public void setPublicKey(PublicKey key) { 185 this.key = key; 186 } 187 188 public void setPeriod(Date notBefore, Date notAfter) { 189 this.notBefore = notBefore; 190 this.notAfter = notAfter; 191 } 192 193 public void setSerialNumber(BigInteger serial) { 194 this.serialNumber = serial; 195 } 196 197 public void setEqualCriteria(String equalCriteria) { 198 this.equalCriteria = equalCriteria; 199 } 200 201 public void setIssuer(X500Principal issuer) { 202 this.issuer = issuer; 203 } 204 205 public void setSubject(X500Principal subject) { 206 this.subject = subject; 207 } 208 209 public void setKeyIdentifier(byte[] subjectKeyID) { 210 this.keyIdentifier = subjectKeyID.clone(); 211 } 212 213 public void setDate(Date date) { 214 this.date = new Date(date.getTime()); 215 } 216 217 public void setEncoding(byte[] encoding) { 218 this.encoding = encoding; 219 } 220 221 /* Method implementations */ 222 public boolean equals(Object cert) { 223 if (cert == null) { 224 return false; 225 } 226 if ((equalCriteria == null) 227 || (((TestCert) cert).equalCriteria == null)) { 228 return false; 229 } else { 230 return equalCriteria.equals(((TestCert) cert).equalCriteria); 231 } 232 } 233 234 public String toString() { 235 if (equalCriteria != null) { 236 return equalCriteria; 237 } 238 return ""; 239 } 240 241 public void checkValidity() throws CertificateExpiredException, 242 CertificateNotYetValidException { 243 } 244 245 public void checkValidity(Date date) 246 throws CertificateExpiredException, 247 CertificateNotYetValidException { 248 if (this.date == null) { 249 throw new CertificateExpiredException(); 250 } 251 int result = this.date.compareTo(date); 252 if (result > 0) { 253 throw new CertificateExpiredException(); 254 } 255 if (result < 0) { 256 throw new CertificateNotYetValidException(); 257 } 258 } 259 260 public int getVersion() { 261 return 3; 262 } 263 264 public BigInteger getSerialNumber() { 265 return (serialNumber == null) 266 ? new BigInteger("1111") 267 : serialNumber; 268 } 269 270 public Principal getIssuerDN() { 271 return issuer; 272 } 273 274 public X500Principal getIssuerX500Principal() { 275 return issuer; 276 } 277 278 public Principal getSubjectDN() { 279 return subject; 280 } 281 282 public X500Principal getSubjectX500Principal() { 283 return subject; 284 } 285 286 public Date getNotBefore() { 287 return null; 288 } 289 290 public Date getNotAfter() { 291 return null; 292 } 293 294 public byte[] getTBSCertificate() 295 throws CertificateEncodingException { 296 return null; 297 } 298 299 public byte[] getSignature() { 300 return null; 301 } 302 303 public String getSigAlgName() { 304 return null; 305 } 306 307 public String getSigAlgOID() { 308 return null; 309 } 310 311 public byte[] getSigAlgParams() { 312 return null; 313 } 314 315 public boolean[] getIssuerUniqueID() { 316 return null; 317 } 318 319 public boolean[] getSubjectUniqueID() { 320 return null; 321 } 322 323 public boolean[] getKeyUsage() { 324 return keyUsage; 325 } 326 327 public List/*<String>*/ getExtendedKeyUsage() 328 throws CertificateParsingException { 329 return extKeyUsage; 330 } 331 332 public int getBasicConstraints() { 333 return pathLen; 334 } 335 336 public Collection/*<List<?>>*/ getSubjectAlternativeNames() 337 throws CertificateParsingException { 338 return sans.getPairsList(); 339 } 340 341 342 public void verify(PublicKey key) 343 throws CertificateException, NoSuchAlgorithmException, 344 InvalidKeyException, NoSuchProviderException, 345 SignatureException { 346 } 347 348 public void verify(PublicKey key, 349 String sigProvider) 350 throws CertificateException, NoSuchAlgorithmException, 351 InvalidKeyException, NoSuchProviderException, 352 SignatureException { 353 } 354 355 public PublicKey getPublicKey() { 356 return key; 357 } 358 359 public byte[] getEncoded() throws CertificateEncodingException { 360 return encoding; 361 } 362 363 public Set getNonCriticalExtensionOIDs() { 364 return null; 365 } 366 367 public Set getCriticalExtensionOIDs() { 368 return null; 369 } 370 371 public byte[] getExtensionValue(String oid) { 372 if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) { 373 // Extension value is represented as an OctetString 374 return ASN1OctetString.getInstance().encode(keyIdentifier); 375 } 376 if ("2.5.29.16".equals(oid)) { 377 PrivateKeyUsagePeriod pkup = 378 new PrivateKeyUsagePeriod(notBefore, notAfter); 379 byte[] encoded = pkup.getEncoded(); 380 return ASN1OctetString.getInstance().encode(encoded); 381 } 382 if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) { 383 ASN1Oid[] oa = new ASN1Oid[extKeyUsage.size()]; 384 String[] val = new String[extKeyUsage.size()]; 385 Iterator it = extKeyUsage.iterator(); 386 int id = 0; 387 while (it.hasNext()) { 388 oa[id] = ASN1Oid.getInstanceForString(); 389 val[id++] = (String) it.next(); 390 } 391 return ASN1OctetString.getInstance().encode( 392 new ASN1Sequence(oa).encode(val)); 393 } 394 if ("2.5.29.19".equals(oid)) { 395 return ASN1OctetString.getInstance().encode( 396 new ASN1Sequence( 397 new ASN1Type[] { 398 ASN1Boolean.getInstance(), 399 ASN1Integer.getInstance() 400 }).encode( 401 new Object[] { 402 new Boolean(pathLen != -1), 403 BigInteger.valueOf(pathLen). 404 toByteArray() 405 }) 406 ); 407 } 408 if ("2.5.29.17".equals(oid) && (sans != null)) { 409 if (sans.getNames() == null) { 410 return null; 411 } 412 return ASN1OctetString.getInstance().encode( 413 GeneralNames.ASN1.encode(sans)); 414 } 415 if ("2.5.29.32".equals(oid) && (policies != null) 416 && (policies.length > 0)) { 417 // Certificate Policies Extension (as specified in rfc 3280) 418 CertificatePolicies certificatePolicies = 419 new CertificatePolicies(); 420 for (int i = 0; i < policies.length; i++) { 421 PolicyInformation policyInformation = 422 new PolicyInformation(policies[i]); 423 certificatePolicies.addPolicyInformation(policyInformation); 424 } 425 return ASN1OctetString.getInstance().encode( 426 certificatePolicies.getEncoded()); 427 } 428 if ("2.5.29.30".equals(oid) && (nameConstraints != null)) { 429 // Name Constraints Extension (as specified in rfc 3280) 430 return ASN1OctetString.getInstance().encode( 431 nameConstraints.getEncoded()); 432 } 433 return null; 434 } 435 436 public boolean hasUnsupportedCriticalExtension() { 437 return false; 438 } 439 } 440 441 /* ********************************************************************** */ 442 /* ************************* Test implementation ************************ */ 443 /* ********************************************************************** */ 444 445 /** 446 * setCertificate(X509Certificate certificate) method testing. 447 * Tests if any certificates match in the case of null criteria, 448 * if [not]proper certificates [do not]match 449 */ 450 public void testSetCertificate() { 451 TestCert cert_1 = new TestCert("same certificate"); 452 TestCert cert_2 = new TestCert("other certificate"); 453 X509CertSelector selector = new X509CertSelector(); 454 455 selector.setCertificate(null); 456 assertTrue("Any certificates should match in the case of null " 457 + "certificateEquals criteria.", 458 selector.match(cert_1) && selector.match(cert_2)); 459 selector.setCertificate(cert_1); 460 assertTrue("The certificate should match the selection criteria.", 461 selector.match(cert_1)); 462 assertFalse("The certificate should not match the selection criteria.", 463 selector.match(cert_2)); 464 selector.setCertificate(cert_2); 465 assertTrue("The certificate should match the selection criteria.", 466 selector.match(cert_2)); 467 } 468 469 /** 470 * getCertificate() method testing. 471 * Tests if the method return null in the case of not specified criteria, 472 * if the returned value [does not]corresponds to [not]specified 473 */ 474 public void testGetCertificate() { 475 TestCert cert_1 = new TestCert("same certificate"); 476 TestCert cert_2 = new TestCert("other certificate"); 477 X509CertSelector selector = new X509CertSelector(); 478 479 assertNull("Selector should return null", selector.getCertificate()); 480 selector.setCertificate(cert_1); 481 assertEquals("The returned certificate should be equal to specified", 482 cert_1, selector.getCertificate()); 483 assertFalse("The returned certificate should differ", 484 cert_2.equals(selector.getCertificate())); 485 } 486 487 /** 488 * setSerialNumber(BigInteger serial) method testing. 489 * Tests if any certificates match in the case of null criteria, 490 * if [not]proper certificates [do not]match 491 */ 492 public void testSetSerialNumber() { 493 BigInteger ser1 = new BigInteger("10000"); 494 BigInteger ser2 = new BigInteger("10001"); 495 TestCert cert_1 = new TestCert(ser1); 496 TestCert cert_2 = new TestCert(ser2); 497 X509CertSelector selector = new X509CertSelector(); 498 499 selector.setSerialNumber(null); 500 assertTrue("Any certificate should match in the case of null " 501 + "serialNumber criteria.", 502 selector.match(cert_1) && selector.match(cert_2)); 503 selector.setSerialNumber(ser1); 504 assertTrue("The certificate should match the selection criteria.", 505 selector.match(cert_1)); 506 assertFalse("The certificate should not match the selection criteria.", 507 selector.match(cert_2)); 508 selector.setSerialNumber(ser2); 509 assertTrue("The certificate should match the selection criteria.", 510 selector.match(cert_2)); 511 } 512 513 /** 514 * getSerialNumber() method testing. 515 * Tests if the method return null in the case of not specified criteria, 516 * if the returned value [does not]corresponds to [not]specified 517 */ 518 public void testGetSerialNumber() { 519 BigInteger ser1 = new BigInteger("10000"); 520 BigInteger ser2 = new BigInteger("10001"); 521 X509CertSelector selector = new X509CertSelector(); 522 523 assertNull("Selector should return null", selector.getSerialNumber()); 524 selector.setSerialNumber(ser1); 525 assertEquals("The returned serial number should be equal to specified", 526 ser1, selector.getSerialNumber()); 527 assertFalse("The returned serial number should differ", 528 ser2.equals(selector.getSerialNumber())); 529 } 530 531 /** 532 * setIssuer(X500Principal issuer) method testing. 533 * Tests if any certificates match in the case of null criteria, 534 * if [not]proper certificates [do not]match 535 */ 536 public void testSetIssuer1() { 537 X500Principal iss1 = new X500Principal("O=First Org."); 538 X500Principal iss2 = new X500Principal("O=Second Org."); 539 TestCert cert_1 = new TestCert(iss1); 540 TestCert cert_2 = new TestCert(iss2); 541 X509CertSelector selector = new X509CertSelector(); 542 543 selector.setIssuer((X500Principal) null); 544 assertTrue("Any certificates should match " 545 + "in the case of null issuer criteria.", 546 selector.match(cert_1) && selector.match(cert_2)); 547 selector.setIssuer(iss1); 548 assertTrue("The certificate should match the selection criteria.", 549 selector.match(cert_1)); 550 assertFalse("The certificate should not match the selection criteria.", 551 selector.match(cert_2)); 552 selector.setIssuer(iss2); 553 assertTrue("The certificate should match the selection criteria.", 554 selector.match(cert_2)); 555 } 556 557 /** 558 * getIssuer() method testing. 559 * Tests if the method return null in the case of not specified criteria, 560 * if the returned value [does not]corresponds to [not]specified 561 */ 562 public void testGetIssuer() { 563 X500Principal iss1 = new X500Principal("O=First Org."); 564 X500Principal iss2 = new X500Principal("O=Second Org."); 565 X509CertSelector selector = new X509CertSelector(); 566 567 assertNull("Selector should return null", selector.getIssuer()); 568 selector.setIssuer(iss1); 569 assertEquals("The returned issuer should be equal to specified", 570 iss1, selector.getIssuer()); 571 assertFalse("The returned issuer should differ", 572 iss2.equals(selector.getIssuer())); 573 } 574 575 /** 576 * setIssuer(String issuerDN) method testing. 577 * Tests if any certificates match in the case of null criteria, 578 * if [not]proper certificates [do not]match 579 */ 580 public void testSetIssuer2() throws IOException { 581 String name1 = "O=First Org."; 582 String name2 = "O=Second Org."; 583 X500Principal iss1 = new X500Principal(name1); 584 X500Principal iss2 = new X500Principal(name2); 585 TestCert cert_1 = new TestCert(iss1); 586 TestCert cert_2 = new TestCert(iss2); 587 X509CertSelector selector = new X509CertSelector(); 588 589 selector.setIssuer((String) null); 590 assertTrue( 591 "Any certificates should match in the case of null issuer criteria.", 592 selector.match(cert_1) && selector.match(cert_2)); 593 594 selector.setIssuer(name1); 595 assertTrue("The certificate should match the selection criteria.", 596 selector.match(cert_1)); 597 assertFalse("The certificate should not match the selection criteria.", 598 selector.match(cert_2)); 599 selector.setIssuer(name2); 600 assertTrue("The certificate should match the selection criteria.", 601 selector.match(cert_2)); 602 } 603 604 /** 605 * getIssuerAsString() method testing. 606 * Tests if the method return null in the case of not specified criteria, 607 * if the returned value [does not]corresponds to [not]specified 608 */ 609 public void testGetIssuerAsString() { 610 String name1 = "O=First Org."; 611 String name2 = "O=Second Org."; 612 X500Principal iss1 = new X500Principal(name1); 613 X500Principal iss2 = new X500Principal(name2); 614 X509CertSelector selector = new X509CertSelector(); 615 616 assertNull("Selector should return null", selector.getIssuerAsString()); 617 selector.setIssuer(iss1); 618 assertEquals("The returned issuer should be equal to specified", 619 new X500Principal(name1), 620 new X500Principal(selector.getIssuerAsString())); 621 assertFalse("The returned issuer should differ", 622 new X500Principal(name2).equals( 623 new X500Principal(selector.getIssuerAsString()))); 624 selector.setIssuer(iss2); 625 assertEquals("The returned issuer should be equal to specified", 626 new X500Principal(name2), 627 new X500Principal(selector.getIssuerAsString())); 628 } 629 630 /** 631 * setIssuer(byte[] issuerDN) method testing. 632 * Tests if any certificates match in the case of null criteria, 633 * if [not]proper certificates [do not]match 634 */ 635 public void testSetIssuer3() throws IOException { 636 byte[] name1 = new byte[] 637 //manually obtained DER encoding of "O=First Org." issuer name; 638 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 639 70, 105, 114, 115, 116, 32, 79, 114, 103, 46 }; 640 byte[] name2 = new byte[] 641 //manually obtained DER encoding of "O=Second Org." issuer name; 642 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 643 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46 }; 644 X500Principal iss1 = new X500Principal(name1); 645 X500Principal iss2 = new X500Principal(name2); 646 TestCert cert_1 = new TestCert(iss1); 647 TestCert cert_2 = new TestCert(iss2); 648 X509CertSelector selector = new X509CertSelector(); 649 650 selector.setIssuer((byte[]) null); 651 assertTrue( 652 "Any certificates should match in the case of null issuer criteria.", 653 selector.match(cert_1) && selector.match(cert_2)); 654 655 selector.setIssuer(name1); 656 assertTrue("The certificate should match the selection criteria.", 657 selector.match(cert_1)); 658 assertFalse("The certificate should not match the selection criteria.", 659 selector.match(cert_2)); 660 selector.setIssuer(name2); 661 assertTrue("The certificate should match the selection criteria.", 662 selector.match(cert_2)); 663 } 664 665 /** 666 * getIssuerAsBytes() method testing. 667 * Tests if the method return null in the case of not specified criteria, 668 * if the returned value [does not]corresponds to [not]specified 669 */ 670 public void testGetIssuerAsBytes() throws IOException { 671 byte[] name1 = new byte[] 672 //manually obtained DER encoding of "O=First Org." issuer name; 673 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 674 70, 105, 114, 115, 116, 32, 79, 114, 103, 46 }; 675 byte[] name2 = new byte[] 676 //manually obtained DER encoding of "O=Second Org." issuer name; 677 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 678 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46 }; 679 X500Principal iss1 = new X500Principal(name1); 680 X500Principal iss2 = new X500Principal(name2); 681 X509CertSelector selector = new X509CertSelector(); 682 683 assertNull("Selector should return null", selector.getIssuerAsBytes()); 684 685 selector.setIssuer(iss1); 686 assertEquals("The returned issuer should be equal to specified", 687 new X500Principal(name1), new X500Principal(selector 688 .getIssuerAsBytes())); 689 assertFalse("The returned issuer should differ", new X500Principal( 690 name2).equals(new X500Principal(selector.getIssuerAsBytes()))); 691 692 selector.setIssuer(iss2); 693 assertEquals("The returned issuer should be equal to specified", 694 new X500Principal(name2), new X500Principal(selector 695 .getIssuerAsBytes())); 696 } 697 698 /** 699 * setSubject(X500Principal subject) method testing. 700 * Tests if any certificates match in the case of null criteria, 701 * if [not]proper certificates [do not]match 702 */ 703 public void testSetSubject1() { 704 X500Principal sub1 = new X500Principal("O=First Org."); 705 X500Principal sub2 = new X500Principal("O=Second Org."); 706 TestCert cert_1 = new TestCert(sub1); 707 TestCert cert_2 = new TestCert(sub2); 708 X509CertSelector selector = new X509CertSelector(); 709 710 selector.setSubject((X500Principal) null); 711 assertTrue("Any certificates should match " 712 + "in the case of null subjcet criteria.", 713 selector.match(cert_1) && selector.match(cert_2)); 714 selector.setSubject(sub1); 715 assertTrue("The certificate should match the selection criteria.", 716 selector.match(cert_1)); 717 assertFalse("The certificate should not match the selection criteria.", 718 selector.match(cert_2)); 719 selector.setSubject(sub2); 720 assertTrue("The certificate should match the selection criteria.", 721 selector.match(cert_2)); 722 } 723 724 /** 725 * getSubject() method testing. 726 * Tests if the method return null in the case of not specified criteria, 727 * if the returned value [does not]corresponds to [not]specified 728 */ 729 public void testGetSubject() { 730 X500Principal sub1 = new X500Principal("O=First Org."); 731 X500Principal sub2 = new X500Principal("O=Second Org."); 732 X509CertSelector selector = new X509CertSelector(); 733 734 assertNull("Selector should return null", selector.getSubject()); 735 selector.setSubject(sub1); 736 assertEquals("The returned subject should be equal to specified", 737 sub1, selector.getSubject()); 738 assertFalse("The returned subject should differ", 739 sub2.equals(selector.getSubject())); 740 } 741 742 /** 743 * setSubject(String subjectDN) method testing. 744 * Tests if any certificates match in the case of null criteria, 745 * if [not]proper certificates [do not]match 746 */ 747 public void testSetSubject2() throws IOException { 748 String name1 = "O=First Org."; 749 String name2 = "O=Second Org."; 750 X500Principal sub1 = new X500Principal(name1); 751 X500Principal sub2 = new X500Principal(name2); 752 TestCert cert_1 = new TestCert(sub1); 753 TestCert cert_2 = new TestCert(sub2); 754 X509CertSelector selector = new X509CertSelector(); 755 756 selector.setSubject((String) null); 757 assertTrue( 758 "Any certificates should match in the case of null subject criteria.", 759 selector.match(cert_1) && selector.match(cert_2)); 760 761 selector.setSubject(name1); 762 assertTrue("The certificate should match the selection criteria.", 763 selector.match(cert_1)); 764 assertFalse("The certificate should not match the selection criteria.", 765 selector.match(cert_2)); 766 767 selector.setSubject(name2); 768 assertTrue("The certificate should match the selection criteria.", 769 selector.match(cert_2)); 770 } 771 772 /** 773 * getSubjectAsString() method testing. 774 * Tests if the method return null in the case of not specified criteria, 775 * if the returned value [does not]corresponds to [not]specified 776 */ 777 public void testGetSubjectAsString() { 778 String name1 = "O=First Org."; 779 String name2 = "O=Second Org."; 780 X500Principal sub1 = new X500Principal(name1); 781 X500Principal sub2 = new X500Principal(name2); 782 X509CertSelector selector = new X509CertSelector(); 783 784 assertNull("Selector should return null", 785 selector.getSubjectAsString()); 786 selector.setSubject(sub1); 787 assertEquals("The returned subject should be equal to specified", 788 new X500Principal(name1), 789 new X500Principal(selector.getSubjectAsString())); 790 assertFalse("The returned subject should differ", 791 new X500Principal(name2).equals( 792 new X500Principal(selector.getSubjectAsString()))); 793 selector.setSubject(sub2); 794 assertEquals("The returned subject should be equal to specified", 795 new X500Principal(name2), 796 new X500Principal(selector.getSubjectAsString())); 797 } 798 799 /** 800 * setSubject(byte[] subjectDN) method testing. 801 * Tests if any certificates match in the case of null criteria, 802 * if [not]proper certificates [do not]match 803 */ 804 public void testSetSubject3() throws IOException { 805 byte[] name1 = new byte[] 806 //manually obtained DER encoding of "O=First Org." issuer name; 807 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 808 70, 105, 114, 115, 116, 32, 79, 114, 103, 46 }; 809 byte[] name2 = new byte[] 810 //manually obtained DER encoding of "O=Second Org." issuer name; 811 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 812 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46 }; 813 X500Principal sub1 = new X500Principal(name1); 814 X500Principal sub2 = new X500Principal(name2); 815 TestCert cert_1 = new TestCert(sub1); 816 TestCert cert_2 = new TestCert(sub2); 817 X509CertSelector selector = new X509CertSelector(); 818 819 selector.setSubject((byte[]) null); 820 assertTrue( 821 "Any certificates should match in the case of null issuer criteria.", 822 selector.match(cert_1) && selector.match(cert_2)); 823 824 selector.setSubject(name1); 825 assertTrue("The certificate should match the selection criteria.", 826 selector.match(cert_1)); 827 assertFalse("The certificate should not match the selection criteria.", 828 selector.match(cert_2)); 829 830 selector.setSubject(name2); 831 assertTrue("The certificate should match the selection criteria.", 832 selector.match(cert_2)); 833 } 834 835 /** 836 * getSubjectAsBytes() method testing. 837 * Tests if the method return null in the case of not specified criteria, 838 * if the returned value [does not]corresponds to [not]specified 839 */ 840 public void testGetSubjectAsBytes() throws IOException { 841 byte[] name1 = new byte[] 842 //manually obtained DER encoding of "O=First Org." issuer name; 843 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 844 70, 105, 114, 115, 116, 32, 79, 114, 103, 46 }; 845 byte[] name2 = new byte[] 846 //manually obtained DER encoding of "O=Second Org." issuer name; 847 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 848 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46 }; 849 X500Principal sub1 = new X500Principal(name1); 850 X500Principal sub2 = new X500Principal(name2); 851 X509CertSelector selector = new X509CertSelector(); 852 853 assertNull("Selector should return null", selector.getSubjectAsBytes()); 854 selector.setSubject(sub1); 855 856 assertEquals("The returned issuer should be equal to specified", 857 new X500Principal(name1), new X500Principal(selector 858 .getSubjectAsBytes())); 859 assertFalse("The returned issuer should differ", new X500Principal( 860 name2).equals(new X500Principal(selector.getSubjectAsBytes()))); 861 862 selector.setSubject(sub2); 863 assertEquals("The returned issuer should be equal to specified", 864 new X500Principal(name2), new X500Principal(selector 865 .getSubjectAsBytes())); 866 } 867 868 /** 869 * setSubjectKeyIdentifier(byte[] subjectKeyID) method testing. 870 * Tests if any certificates match in the case of null criteria, 871 * if [not]proper certificates [do not]match, and if the initialization 872 * object are copied during the initialization. 873 */ 874 public void testSetSubjectKeyIdentifier() { 875 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 876 byte[] skid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value 877 TestCert cert_1 = new TestCert(skid1); 878 TestCert cert_2 = new TestCert(skid2); 879 X509CertSelector selector = new X509CertSelector(); 880 881 selector.setSubjectKeyIdentifier(null); 882 assertTrue("Any certificate should match in the case of null " 883 + "serialNumber criteria.", 884 selector.match(cert_1) && selector.match(cert_2)); 885 selector.setSubjectKeyIdentifier(skid1); 886 assertTrue("The certificate should match the selection criteria.", 887 selector.match(cert_1)); 888 assertFalse("The certificate should not match the selection criteria.", 889 selector.match(cert_2)); 890 selector.setSubjectKeyIdentifier(skid2); 891 skid2[0]++; 892 assertTrue("The certificate should match the selection criteria.", 893 selector.match(cert_2)); 894 } 895 896 /** 897 * getSubjectKeyIdentifier() method testing. 898 * Tests if the method return null in the case of not specified criteria, 899 * if the returned value [does not]corresponds to [not]specified 900 * and its modification does not cause the modification of internal object. 901 */ 902 public void testGetSubjectKeyIdentifier() { 903 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 904 byte[] skid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value 905 X509CertSelector selector = new X509CertSelector(); 906 907 assertNull("Selector should return null", 908 selector.getSubjectKeyIdentifier()); 909 selector.setSubjectKeyIdentifier(skid1); 910 assertTrue("The returned keyID should be equal to specified", 911 Arrays.equals(skid1, selector.getSubjectKeyIdentifier())); 912 selector.getSubjectKeyIdentifier()[0]++; 913 assertTrue("The returned keyID should be equal to specified", 914 Arrays.equals(skid1, selector.getSubjectKeyIdentifier())); 915 assertFalse("The returned keyID should differ", 916 Arrays.equals(skid2, selector.getSubjectKeyIdentifier())); 917 } 918 919 /** 920 * setAuthorityKeyIdentifier(byte[] authorityKeyID) method testing. 921 * Tests if any certificates match in the case of null criteria, 922 * if [not]proper certificates [do not]match, and if the initialization 923 * object are copied during the initialization. 924 */ 925 public void testSetAuthorityKeyIdentifier() { 926 byte[] akid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 927 byte[] akid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value 928 TestCert cert_1 = new TestCert(akid1); 929 TestCert cert_2 = new TestCert(akid2); 930 X509CertSelector selector = new X509CertSelector(); 931 932 selector.setAuthorityKeyIdentifier(null); 933 assertTrue("Any certificate should match in the case of null " 934 + "serialNumber criteria.", 935 selector.match(cert_1) && selector.match(cert_2)); 936 selector.setAuthorityKeyIdentifier(akid1); 937 assertTrue("The certificate should match the selection criteria.", 938 selector.match(cert_1)); 939 assertFalse("The certificate should not match the selection criteria.", 940 selector.match(cert_2)); 941 selector.setAuthorityKeyIdentifier(akid2); 942 akid2[0]++; 943 assertTrue("The certificate should match the selection criteria.", 944 selector.match(cert_2)); 945 } 946 947 /** 948 * getAuthorityKeyIdentifier() method testing. 949 * Tests if the method return null in the case of not specified criteria, 950 * if the returned value [does not]corresponds to [not]specified 951 * and its modification does not cause the modification of internal object. 952 */ 953 public void testGetAuthorityKeyIdentifier() { 954 byte[] akid1 = new byte[] { 4, 5, 1, 2, 3, 4, 5 }; // random value 955 byte[] akid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value 956 X509CertSelector selector = new X509CertSelector(); 957 958 assertNull("Selector should return null", 959 selector.getAuthorityKeyIdentifier()); 960 selector.setAuthorityKeyIdentifier(akid1); 961 assertTrue("The returned keyID should be equal to specified", 962 Arrays.equals(akid1, selector.getAuthorityKeyIdentifier())); 963 selector.getAuthorityKeyIdentifier()[0]++; 964 assertTrue("The returned keyID should be equal to specified", 965 Arrays.equals(akid1, selector.getAuthorityKeyIdentifier())); 966 assertFalse("The returned keyID should differ", 967 Arrays.equals(akid2, selector.getAuthorityKeyIdentifier())); 968 } 969 970 /** 971 * setCertificateValid(Date certificateValid) method testing. 972 * Tests if any certificates match in the case of null criteria, 973 * if [not]proper certificates [do not]match, and if the initialization 974 * object are copied during the initialization. 975 */ 976 public void testSetCertificateValid() { 977 Date date1 = new Date(100); 978 Date date2 = new Date(200); 979 TestCert cert_1 = new TestCert(date1); 980 TestCert cert_2 = new TestCert(date2); 981 X509CertSelector selector = new X509CertSelector(); 982 983 selector.setCertificateValid(null); 984 assertTrue("Any certificate should match in the case of null " 985 + "serialNumber criteria.", 986 selector.match(cert_1) && selector.match(cert_2)); 987 selector.setCertificateValid(date1); 988 assertTrue("The certificate should match the selection criteria.", 989 selector.match(cert_1)); 990 assertFalse("The certificate should not match the selection criteria.", 991 selector.match(cert_2)); 992 selector.setCertificateValid(date2); 993 date2.setTime(300); 994 assertTrue("The certificate should match the selection criteria.", 995 selector.match(cert_2)); 996 } 997 998 /** 999 * getCertificateValid() method testing. 1000 * Tests if the method return null in the case of not specified criteria, 1001 * if the returned value [does not]corresponds to [not]specified 1002 * and its modification does not cause the modification of internal object. 1003 */ 1004 public void testGetCertificateValid() { 1005 Date date1 = new Date(100); 1006 Date date2 = new Date(200); 1007 X509CertSelector selector = new X509CertSelector(); 1008 1009 assertNull("Selector should return null", 1010 selector.getCertificateValid()); 1011 selector.setCertificateValid(date1); 1012 assertTrue("The returned date should be equal to specified", 1013 date1.equals(selector.getCertificateValid())); 1014 selector.getCertificateValid().setTime(200); 1015 assertTrue("The returned date should be equal to specified", 1016 date1.equals(selector.getCertificateValid())); 1017 assertFalse("The returned date should differ", 1018 date2.equals(selector.getCertificateValid())); 1019 } 1020 1021 /** 1022 * setPrivateKeyValid(Date privateKeyValid) method testing. 1023 * Tests if any certificates match in the case of null criteria, 1024 * if [not]proper certificates [do not]match, and if the initialization 1025 * object are copied during the initialization. 1026 */ 1027 public void testSetPrivateKeyValid() { 1028 Date date1 = new Date(100000000); 1029 Date date2 = new Date(200000000); 1030 Date date3 = new Date(300000000); 1031 Date date4 = new Date(150000000); 1032 Date date5 = new Date(250000000); 1033 TestCert cert_1 = new TestCert(date1, date2); 1034 TestCert cert_2 = new TestCert(date2, date3); 1035 X509CertSelector selector = new X509CertSelector(); 1036 1037 selector.setPrivateKeyValid(null); 1038 assertTrue("Any certificate should match in the case of null " 1039 + "privateKeyValid criteria.", 1040 selector.match(cert_1) && selector.match(cert_2)); 1041 selector.setPrivateKeyValid(date4); 1042 assertTrue("The certificate should match the selection criteria.", 1043 selector.match(cert_1)); 1044 assertFalse("The certificate should not match the selection criteria.", 1045 selector.match(cert_2)); 1046 selector.setPrivateKeyValid(date5); 1047 date5.setTime(date4.getTime()); 1048 assertTrue("The certificate should match the selection criteria.", 1049 selector.match(cert_2)); 1050 } 1051 1052 /** 1053 * getPrivateKeyValid() method testing. 1054 * Tests if the method return null in the case of not specified criteria, 1055 * if the returned value [does not]corresponds to [not]specified 1056 * and its modification does not cause the modification of internal object. 1057 */ 1058 public void testGetPrivateKeyValid() { 1059 Date date1 = new Date(100); 1060 Date date2 = new Date(200); 1061 X509CertSelector selector = new X509CertSelector(); 1062 1063 assertNull("Selector should return null", 1064 selector.getPrivateKeyValid()); 1065 selector.setPrivateKeyValid(date1); 1066 assertTrue("The returned date should be equal to specified", 1067 date1.equals(selector.getPrivateKeyValid())); 1068 selector.getPrivateKeyValid().setTime(200); 1069 assertTrue("The returned date should be equal to specified", 1070 date1.equals(selector.getPrivateKeyValid())); 1071 assertFalse("The returned date should differ", 1072 date2.equals(selector.getPrivateKeyValid())); 1073 } 1074 1075 /** 1076 * setSubjectPublicKeyAlgID(String oid) method testing. 1077 * Tests if any certificates match in the case of null criteria, 1078 * if [not]proper certificates [do not]match 1079 */ 1080 public void testSetSubjectPublicKeyAlgID() throws Exception { 1081 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA (source: http://asn1.elibel.tm.fr) 1082 String pkaid2 = "1.2.840.10040.4.1"; // DSA (source: http://asn1.elibel.tm.fr) 1083 1084 PublicKey pkey1 = new TestKeyPair("RSA").getPublic(); 1085 PublicKey pkey2 = new TestKeyPair("DSA").getPublic(); 1086 1087 TestCert cert_1 = new TestCert(pkey1); 1088 TestCert cert_2 = new TestCert(pkey2); 1089 X509CertSelector selector = new X509CertSelector(); 1090 1091 selector.setSubjectPublicKeyAlgID(null); 1092 assertTrue("Any certificate should match in the case of null " 1093 + "subjectPublicKeyAlgID criteria.", selector.match(cert_1) 1094 && selector.match(cert_2)); 1095 1096 selector.setSubjectPublicKeyAlgID(pkaid1); 1097 assertTrue("The certificate should match the selection criteria.", 1098 selector.match(cert_1)); 1099 assertFalse("The certificate should not match the selection criteria.", 1100 selector.match(cert_2)); 1101 1102 selector.setSubjectPublicKeyAlgID(pkaid2); 1103 assertTrue("The certificate should match the selection criteria.", 1104 selector.match(cert_2)); 1105 } 1106 1107 /** 1108 * @tests java.security.cert.X509CertSelector#setSubjectPublicKeyAlgID(java.lang.String) 1109 */ 1110 public void test_setSubjectPublicKeyAlgIDLjava_lang_String() throws Exception { 1111 //Regression for HARMONY-465 1112 X509CertSelector obj = new X509CertSelector(); 1113 try { 1114 obj.setSubjectPublicKeyAlgID("abc"); 1115 fail("IOException expected"); 1116 } catch (IOException e) { 1117 // expected 1118 } 1119 } 1120 1121 /** 1122 * getSubjectPublicKeyAlgID() method testing. 1123 * Tests if the method return null in the case of not specified criteria, 1124 * if the returned value [does not]corresponds to [not]specified 1125 */ 1126 public void testGetSubjectPublicKeyAlgID() throws IOException { 1127 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr) 1128 String pkaid2 = "1.2.840.113549.1.1.2"; // MD2 with RSA encryption (source: http://asn1.elibel.tm.fr) 1129 X509CertSelector selector = new X509CertSelector(); 1130 1131 assertNull("Selector should return null", 1132 selector.getSubjectPublicKeyAlgID()); 1133 1134 selector.setSubjectPublicKeyAlgID(pkaid1); 1135 assertTrue("The returned oid should be equal to specified", 1136 pkaid1.equals(selector.getSubjectPublicKeyAlgID())); 1137 assertFalse("The returned oid should differ", 1138 pkaid2.equals(selector.getSubjectPublicKeyAlgID())); 1139 } 1140 1141 /** 1142 * setSubjectPublicKey(PublicKey key) method testing. 1143 * Tests if any certificates match in the case of null criteria, 1144 * if [not]proper certificates [do not]match. 1145 */ 1146 public void testSetSubjectPublicKey1() throws Exception { 1147 PublicKey pkey1 = new TestKeyPair("RSA").getPublic(); 1148 PublicKey pkey2 = new TestKeyPair("DSA").getPublic(); 1149 1150 TestCert cert_1 = new TestCert(pkey1); 1151 TestCert cert_2 = new TestCert(pkey2); 1152 X509CertSelector selector = new X509CertSelector(); 1153 1154 selector.setSubjectPublicKey((PublicKey) null); 1155 assertTrue("Any certificate should match in the case of null " 1156 + "subjectPublicKey criteria.", 1157 selector.match(cert_1) && selector.match(cert_2)); 1158 selector.setSubjectPublicKey(pkey1); 1159 assertTrue("The certificate should match the selection criteria.", 1160 selector.match(cert_1)); 1161 assertFalse("The certificate should not match the selection criteria.", 1162 selector.match(cert_2)); 1163 selector.setSubjectPublicKey(pkey2); 1164 assertTrue("The certificate should match the selection criteria.", 1165 selector.match(cert_2)); 1166 } 1167 1168 /** 1169 * getSubjectPublicKey() method testing. 1170 * Tests if the method return null in the case of not specified criteria, 1171 * if the returned value corresponds to specified 1172 */ 1173 public void testGetSubjectPublicKey1() throws Exception { 1174 1175 PublicKey pkey = new TestKeyPair("RSA").getPublic(); 1176 1177 X509CertSelector selector = new X509CertSelector(); 1178 1179 assertNull("Selector should return null", 1180 selector.getSubjectPublicKey()); 1181 selector.setSubjectPublicKey(pkey); 1182 PublicKey result = selector.getSubjectPublicKey(); 1183 1184 assertEquals("The name of algorithm should be RSA", 1185 result.getAlgorithm(), "RSA"); 1186 } 1187 1188 /** 1189 * setSubjectPublicKey(byte[] key) method testing. 1190 * Tests if any certificates match in the case of null criteria, 1191 * if [not]proper certificates [do not]match, and if the initialization 1192 * object are copied during the initialization. 1193 */ 1194 public void testSetSubjectPublicKey2() throws Exception { 1195 PublicKey pkey1 = new TestKeyPair("RSA").getPublic(); 1196 PublicKey pkey2 = new TestKeyPair("DSA").getPublic(); 1197 1198 byte[] encoding1 = pkey1.getEncoded(); 1199 byte[] encoding2 = pkey2.getEncoded(); 1200 TestCert cert_1 = new TestCert(pkey1); 1201 TestCert cert_2 = new TestCert(pkey2); 1202 X509CertSelector selector = new X509CertSelector(); 1203 1204 selector.setSubjectPublicKey((byte[]) null); 1205 assertTrue("Any certificate should match in the case of null " 1206 + "subjectPublicKey criteria.", selector.match(cert_1) 1207 && selector.match(cert_2)); 1208 1209 selector.setSubjectPublicKey(encoding1); 1210 assertTrue("The certificate should match the selection criteria.", 1211 selector.match(cert_1)); 1212 1213 encoding1[0]++; 1214 assertTrue("The certificate should match the selection criteria.", 1215 selector.match(cert_1)); 1216 assertFalse("The certificate should not match the selection criteria.", 1217 selector.match(cert_2)); 1218 1219 selector.setSubjectPublicKey(encoding2); 1220 assertTrue("The certificate should match the selection criteria.", 1221 selector.match(cert_2)); 1222 } 1223 1224 /** 1225 * getSubjectPublicKey() method testing. 1226 * Tests if the method return null in the case of not specified criteria, 1227 * if the returned value corresponds to specified 1228 */ 1229 public void testGetSubjectPublicKey2() throws Exception { 1230 1231 PublicKey pkey = new TestKeyPair("RSA").getPublic(); 1232 1233 X509CertSelector selector = new X509CertSelector(); 1234 1235 assertNull("Selector should return null", 1236 selector.getSubjectPublicKey()); 1237 1238 selector.setSubjectPublicKey(pkey.getEncoded()); 1239 1240 PublicKey result = selector.getSubjectPublicKey(); 1241 1242 assertEquals("The name of algorithm should be RSA", 1243 result.getAlgorithm(), "RSA"); 1244 } 1245 1246 /** 1247 * setKeyUsage(boolean[] keyUsage) method testing. 1248 * Tests if any certificates match in the case of null criteria, 1249 * if [not]proper certificates [do not]match, and if the initialization 1250 * object are copied during the initialization. Also checks if selector 1251 * matches the certificate which does not have a keyUsage extension. 1252 */ 1253 public void testSetKeyUsage() { 1254 boolean[] ku1 = new boolean[] 1255 { true, true, true, true, true, true, true, true, true }; 1256 // decipherOnly is disallowed 1257 boolean[] ku2 = new boolean[] 1258 { true, true, true, true, true, true, true, true, false }; 1259 TestCert cert_1 = new TestCert(ku1); 1260 TestCert cert_2 = new TestCert(ku2); 1261 TestCert cert_3 = new TestCert((boolean[]) null); 1262 X509CertSelector selector = new X509CertSelector(); 1263 1264 selector.setKeyUsage(null); 1265 assertTrue("Any certificate should match in the case of null " 1266 + "keyUsage criteria.", 1267 selector.match(cert_1) && selector.match(cert_2)); 1268 selector.setKeyUsage(ku1); 1269 assertTrue("The certificate should match the selection criteria.", 1270 selector.match(cert_1)); 1271 assertFalse("The certificate should not match the selection criteria.", 1272 selector.match(cert_2)); 1273 assertTrue("The certificate which does not have a keyUsage extension " 1274 + "implicitly allows all keyUsage values.", 1275 selector.match(cert_3)); 1276 selector.setKeyUsage(ku2); 1277 ku2[0] = !ku2[0]; 1278 assertTrue("The certificate should match the selection criteria.", 1279 selector.match(cert_2)); 1280 } 1281 1282 /** 1283 * getKeyUsage() method testing. 1284 * Tests if the method return null in the case of not specified criteria, 1285 * if the returned value [does not]corresponds to [not]specified 1286 * and its modification does not cause the modification of internal object. 1287 */ 1288 public void testGetKeyUsage() { 1289 boolean[] ku = new boolean[] 1290 { true, false, true, false, true, false, true, false, true }; 1291 X509CertSelector selector = new X509CertSelector(); 1292 1293 assertNull("Selector should return null", selector.getKeyUsage()); 1294 selector.setKeyUsage(ku); 1295 assertTrue("The returned date should be equal to specified", 1296 Arrays.equals(ku, selector.getKeyUsage())); 1297 boolean[] result = selector.getKeyUsage(); 1298 result[0] = !result[0]; 1299 assertTrue("The returned keyUsage should be equal to specified", 1300 Arrays.equals(ku, selector.getKeyUsage())); 1301 } 1302 1303 /** 1304 * setExtendedKeyUsage(Set<String> keyPurposeSet) method testing. 1305 */ 1306 public void testSetExtendedKeyUsage() throws IOException { 1307 HashSet ku1 = new HashSet(Arrays.asList(new String[] { 1308 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 1309 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 1310 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" } 1311 )); 1312 HashSet ku2 = new HashSet(Arrays.asList(new String[] { 1313 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 1314 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 1315 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6" })); 1316 TestCert cert_1 = new TestCert(ku1); 1317 TestCert cert_2 = new TestCert(ku2); 1318 TestCert cert_3 = new TestCert((Set) null); 1319 X509CertSelector selector = new X509CertSelector(); 1320 1321 selector.setExtendedKeyUsage(null); 1322 assertTrue("Any certificate should match in the case of null " 1323 + "extendedKeyUsage criteria.", selector.match(cert_1) 1324 && selector.match(cert_2)); 1325 1326 selector.setExtendedKeyUsage(ku1); 1327 assertTrue("The certificate should match the selection criteria.", 1328 selector.match(cert_1)); 1329 assertFalse("The certificate should not match the selection criteria.", 1330 selector.match(cert_2)); 1331 assertTrue("The certificate which does not have a keyUsage extension " 1332 + "implicitly allows all keyUsage values.", selector 1333 .match(cert_3)); 1334 ku1.remove("1.3.6.1.5.5.7.3.7"); // remove the missing in ku2 keyUsage 1335 assertFalse("The modification of initialization object " 1336 + "should not affect the modification of internal object.", 1337 selector.match(cert_2)); 1338 1339 selector.setExtendedKeyUsage(ku2); 1340 assertTrue("The certificate should match the selection criteria.", 1341 selector.match(cert_2)); 1342 } 1343 1344 /** 1345 * getExtendedKeyUsage() method testing. 1346 */ 1347 public void testGetExtendedKeyUsage() { 1348 HashSet ku = new HashSet(Arrays.asList(new String[] { 1349 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 1350 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 1351 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" } 1352 )); 1353 X509CertSelector selector = new X509CertSelector(); 1354 1355 assertNull("Selector should return null", 1356 selector.getExtendedKeyUsage()); 1357 try { 1358 selector.setExtendedKeyUsage(ku); 1359 } catch (IOException e) { 1360 e.printStackTrace(); 1361 fail("Unexpected IOException was thrown."); 1362 } 1363 assertTrue("The returned extendedKeyUsage should be equal to specified", 1364 ku.equals(selector.getExtendedKeyUsage())); 1365 try { 1366 selector.getExtendedKeyUsage().add("KRIBLE-GRABLI"); 1367 fail("The returned Set should be immutable."); 1368 } catch (UnsupportedOperationException e) { 1369 } 1370 } 1371 1372 /** 1373 * setSubjectAlternativeNames(Collection<List<?>> names) method testing. 1374 */ 1375 public void testSetSubjectAlternativeNames() { 1376 try { 1377 GeneralName san0 = 1378 new GeneralName(new OtherName("1.2.3.4.5", 1379 new byte[] { 1, 2, 0, 1 })); 1380 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 1381 GeneralName san2 = new GeneralName(2, "dNSName"); 1382 GeneralName san3 = new GeneralName(new ORAddress()); 1383 GeneralName san4 = new GeneralName(new Name("O=Organization")); 1384 GeneralName san5 = 1385 new GeneralName(new EDIPartyName("assigner", "party")); 1386 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 1387 GeneralName san7 = new GeneralName(7, "1.1.1.1"); 1388 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 1389 1390 GeneralNames sans_1 = new GeneralNames(); 1391 sans_1.addName(san0); 1392 sans_1.addName(san1); 1393 sans_1.addName(san2); 1394 sans_1.addName(san3); 1395 sans_1.addName(san4); 1396 sans_1.addName(san5); 1397 sans_1.addName(san6); 1398 sans_1.addName(san7); 1399 sans_1.addName(san8); 1400 GeneralNames sans_2 = new GeneralNames(); 1401 sans_2.addName(san0); 1402 1403 TestCert cert_1 = new TestCert(sans_1); 1404 TestCert cert_2 = new TestCert(sans_2); 1405 X509CertSelector selector = new X509CertSelector(); 1406 selector.setMatchAllSubjectAltNames(true); 1407 1408 selector.setSubjectAlternativeNames(null); 1409 assertTrue("Any certificate should match in the case of null " 1410 + "subjectAlternativeNames criteria.", 1411 selector.match(cert_1) && selector.match(cert_2)); 1412 1413 Collection sans = sans_1.getPairsList(); 1414 selector.setSubjectAlternativeNames(sans); 1415 assertTrue("The certificate should match the selection criteria.", 1416 selector.match(cert_1)); 1417 assertFalse("The certificate should not match " 1418 + "the selection criteria.", selector.match(cert_2)); 1419 sans.clear(); 1420 assertTrue("The modification of initialization object " 1421 + "should not affect the modification " 1422 + "of internal object.", selector.match(cert_1)); 1423 selector.setSubjectAlternativeNames(sans_2.getPairsList()); 1424 assertTrue("The certificate should match the selection criteria.", 1425 selector.match(cert_2)); 1426 } catch (IOException e) { 1427 e.printStackTrace(); 1428 fail("Unexpected IOException was thrown."); 1429 } 1430 } 1431 1432 /** 1433 * addSubjectAlternativeName(int type, String name) method testing. 1434 */ 1435 public void testAddSubjectAlternativeName1() throws IOException { 1436 String name1 = "rfc (at) 822.Name"; 1437 String name2 = "dNSName"; 1438 String name4 = "O=Organization"; 1439 String name6 = "http://uniform.Resource.Id"; 1440 String name7 = "255.255.255.0"; 1441 String name8 = "1.2.3.4444.55555"; 1442 1443 GeneralName san1 = new GeneralName(1, name1); 1444 GeneralName san2 = new GeneralName(2, name2); 1445 GeneralName san4 = new GeneralName(4, name4); 1446 GeneralName san6 = new GeneralName(6, name6); 1447 GeneralName san7 = new GeneralName(7, name7); 1448 GeneralName san8 = new GeneralName(8, name8); 1449 1450 GeneralNames sans_1 = new GeneralNames(); 1451 sans_1.addName(san1); 1452 sans_1.addName(san2); 1453 sans_1.addName(san4); 1454 sans_1.addName(san6); 1455 sans_1.addName(san7); 1456 sans_1.addName(san8); 1457 GeneralNames sans_2 = new GeneralNames(); 1458 sans_2.addName(san1); 1459 sans_2.addName(san2); 1460 1461 TestCert cert_1 = new TestCert(sans_1); 1462 TestCert cert_2 = new TestCert(sans_2); 1463 X509CertSelector selector = new X509CertSelector(); 1464 selector.setMatchAllSubjectAltNames(true); 1465 1466 try { 1467 selector.addSubjectAlternativeName(1, name1); 1468 } catch (IOException e) { 1469 e.printStackTrace(); 1470 fail("Unexpected IOException was thrown."); 1471 } 1472 assertTrue("The certificate should match the selection criteria.", 1473 selector.match(cert_1)); 1474 assertTrue("The certificate should match the selection criteria.", 1475 selector.match(cert_2)); 1476 1477 try { 1478 selector.addSubjectAlternativeName(2, name2); 1479 } catch (IOException e) { 1480 e.printStackTrace(); 1481 fail("Unexpected IOException was thrown."); 1482 } 1483 assertTrue("The certificate should match the selection criteria.", 1484 selector.match(cert_1)); 1485 assertTrue("The certificate should match the selection criteria.", 1486 selector.match(cert_2)); 1487 1488 try { 1489 selector.addSubjectAlternativeName(4, name4); 1490 } catch (IOException e) { 1491 e.printStackTrace(); 1492 fail("Unexpected IOException was thrown."); 1493 } 1494 assertTrue("The certificate should match the selection criteria.", 1495 selector.match(cert_1)); 1496 assertFalse("The certificate should not match the selection criteria.", 1497 selector.match(cert_2)); 1498 try { 1499 selector.addSubjectAlternativeName(6, name6); 1500 selector.addSubjectAlternativeName(7, name7); 1501 selector.addSubjectAlternativeName(8, name8); 1502 } catch (IOException e) { 1503 e.printStackTrace(); 1504 fail("Unexpected IOException was thrown."); 1505 } 1506 assertTrue("The certificate should match the selection criteria.", 1507 selector.match(cert_1)); 1508 assertFalse("The certificate should not match the selection criteria.", 1509 selector.match(cert_2)); 1510 } 1511 1512 /** 1513 * addSubjectAlternativeName(int type, byte[] name) method testing. 1514 */ 1515 public void testAddSubjectAlternativeName2() { 1516 try { 1517 GeneralName san0 = 1518 new GeneralName(new OtherName("1.2.3.4.5", 1519 ASN1Integer.getInstance().encode( 1520 BigInteger.valueOf(55L).toByteArray()) 1521 )); 1522 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 1523 GeneralName san2 = new GeneralName(2, "dNSName"); 1524 GeneralName san3 = new GeneralName(new ORAddress()); 1525 GeneralName san4 = new GeneralName(new Name("O=Organization")); 1526 GeneralName san5 = 1527 new GeneralName(new EDIPartyName("assigner", "party")); 1528 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); 1529 GeneralName san7 = new GeneralName(new byte[] { 1, 1, 1, 1 }); 1530 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); 1531 1532 GeneralNames sans_1 = new GeneralNames(); 1533 sans_1.addName(san0); 1534 sans_1.addName(san1); 1535 sans_1.addName(san2); 1536 sans_1.addName(san3); 1537 sans_1.addName(san4); 1538 sans_1.addName(san5); 1539 sans_1.addName(san6); 1540 sans_1.addName(san7); 1541 sans_1.addName(san8); 1542 GeneralNames sans_2 = new GeneralNames(); 1543 sans_2.addName(san0); 1544 sans_2.addName(san1); 1545 sans_2.addName(san2); 1546 1547 TestCert cert_1 = new TestCert(sans_1); 1548 TestCert cert_2 = new TestCert(sans_2); 1549 X509CertSelector selector = new X509CertSelector(); 1550 selector.setMatchAllSubjectAltNames(true); 1551 1552 selector.addSubjectAlternativeName(0, san0.getEncodedName()); 1553 assertTrue("The certificate should match the selection criteria.", 1554 selector.match(cert_1)); 1555 assertTrue("The certificate should match the selection criteria.", 1556 selector.match(cert_2)); 1557 selector.addSubjectAlternativeName(1, san1.getEncodedName()); 1558 assertTrue("The certificate should match the selection criteria.", 1559 selector.match(cert_1)); 1560 assertTrue("The certificate should match the selection criteria.", 1561 selector.match(cert_2)); 1562 selector.addSubjectAlternativeName(2, san2.getEncodedName()); 1563 assertTrue("The certificate should match the selection criteria.", 1564 selector.match(cert_1)); 1565 assertTrue("The certificate should match the selection criteria.", 1566 selector.match(cert_2)); 1567 selector.addSubjectAlternativeName(3, san3.getEncodedName()); 1568 assertTrue("The certificate should match the selection criteria.", 1569 selector.match(cert_1)); 1570 assertFalse("The certificate should not match the selection criteria.", 1571 selector.match(cert_2)); 1572 selector.addSubjectAlternativeName(4, san4.getEncodedName()); 1573 assertTrue("The certificate should match the selection criteria.", 1574 selector.match(cert_1)); 1575 assertFalse("The certificate should not match " 1576 + "the selection criteria.", selector.match(cert_2)); 1577 selector.addSubjectAlternativeName(5, san5.getEncodedName()); 1578 assertTrue("The certificate should match the selection criteria.", 1579 selector.match(cert_1)); 1580 assertFalse("The certificate should not match " 1581 + "the selection criteria.", selector.match(cert_2)); 1582 selector.addSubjectAlternativeName(6, san6.getEncodedName()); 1583 assertTrue("The certificate should match the selection criteria.", 1584 selector.match(cert_1)); 1585 assertFalse("The certificate should not match " 1586 + "the selection criteria.", selector.match(cert_2)); 1587 selector.addSubjectAlternativeName(7, san7.getEncodedName()); 1588 assertTrue("The certificate should match the selection criteria.", 1589 selector.match(cert_1)); 1590 assertFalse("The certificate should not match " 1591 + "the selection criteria.", selector.match(cert_2)); 1592 byte[] oid = san8.getEncodedName(); 1593 selector.addSubjectAlternativeName(8, oid); 1594 assertTrue("The certificate should match the selection criteria.", 1595 selector.match(cert_1)); 1596 assertFalse("The certificate should not match " 1597 + "the selection criteria.", selector.match(cert_2)); 1598 oid[3] += 1; 1599 assertTrue("The byte array should be cloned to protect against " 1600 + "subsequent modifications.", selector.match(cert_1)); 1601 } catch (IOException e) { 1602 e.printStackTrace(); 1603 fail("Unexpected IOException was thrown."); 1604 } 1605 } 1606 1607 /** 1608 * getSubjectAlternativeNames() method testing. 1609 */ 1610 public void testGetSubjectAlternativeNames() { 1611 try { 1612 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 1613 GeneralName san2 = new GeneralName(2, "dNSName"); 1614 1615 GeneralNames sans = new GeneralNames(); 1616 sans.addName(san1); 1617 sans.addName(san2); 1618 1619 TestCert cert_1 = new TestCert(sans); 1620 X509CertSelector selector = new X509CertSelector(); 1621 1622 assertNull("Selector should return null", 1623 selector.getSubjectAlternativeNames()); 1624 1625 selector.setSubjectAlternativeNames(sans.getPairsList()); 1626 assertTrue("The certificate should match the selection criteria.", 1627 selector.match(cert_1)); 1628 selector.getSubjectAlternativeNames().clear(); 1629 assertTrue("The modification of initialization object " 1630 + "should not affect the modification " 1631 + "of internal object.", selector.match(cert_1)); 1632 } catch (IOException e) { 1633 e.printStackTrace(); 1634 fail("Unexpected IOException was thrown."); 1635 } 1636 } 1637 1638 /** 1639 * setMatchAllSubjectAltNames(boolean matchAllNames) method testing. 1640 */ 1641 public void testSetMatchAllSubjectAltNames() { 1642 try { 1643 GeneralName san1 = new GeneralName(1, "rfc (at) 822.Name"); 1644 GeneralName san2 = new GeneralName(2, "dNSName"); 1645 1646 GeneralNames sans_1 = new GeneralNames(); 1647 sans_1.addName(san1); 1648 GeneralNames sans_2 = new GeneralNames(); 1649 sans_2.addName(san1); 1650 sans_2.addName(san2); 1651 1652 TestCert cert = new TestCert(sans_1); 1653 X509CertSelector selector = new X509CertSelector(); 1654 selector.setMatchAllSubjectAltNames(true); 1655 1656 selector.setSubjectAlternativeNames(sans_2.getPairsList()); 1657 assertFalse("Only certificate which contain all of the specified " 1658 + "subject alternative names should match.", 1659 selector.match(cert)); 1660 selector.setMatchAllSubjectAltNames(false); 1661 /* 1662 assertTrue("The certificate which contain at least one of the " 1663 + "specified subject alternative names must match.", 1664 selector.match(cert)); 1665 */ 1666 } catch (IOException e) { 1667 e.printStackTrace(); 1668 fail("Unexpected IOException was thrown."); 1669 } 1670 } 1671 1672 /** 1673 * getMatchAllSubjectAltNames() method testing. 1674 */ 1675 public void testGetMatchAllSubjectAltNames() { 1676 X509CertSelector selector = new X509CertSelector(); 1677 assertTrue("The matchAllNames initially should be true", 1678 selector.getMatchAllSubjectAltNames()); 1679 selector.setMatchAllSubjectAltNames(false); 1680 assertFalse("The value should be false", 1681 selector.getMatchAllSubjectAltNames()); 1682 } 1683 1684 /** 1685 * setNameConstraints(byte[] bytes) method testing. 1686 * Constructs the NameConstraints DER structure with 1687 * GeneralNames of types: 1, 2, 6, 7 and set it as a criterion. 1688 */ 1689 public void testSetNameConstraints0() throws IOException { 1690 // Restrictions apply only when the specified name form is present. 1691 // If no name of the type is in the certificate, 1692 // the certificate is acceptable (rfc 3280). 1693 1694 GeneralName[] name_constraints = new GeneralName[] { 1695 new GeneralName(1, "822.Name"), 1696 new GeneralName(1, "rfc (at) 822.Name"), 1697 new GeneralName(2, "Name.org"), 1698 new GeneralName(2, "dNS.Name.org"), 1699 //new GeneralName(4, "O=Organization"), 1700 new GeneralName(6, "http://.Resource.Id"), 1701 new GeneralName(6, "http://uniform.Resource.Id"), 1702 new GeneralName(7, "1.1.1.1"), 1703 // new GeneralName(7, new byte[] {1, 1, 1, 1, 3, 3, 3, 3}), 1704 new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1705 1, 1, 1, 1, 1, 1, 1, 1 }), 1706 // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1, 1707 // 1, 1, 1, 1, 1, 1, 1, 1, 1708 // 3, 3, 3, 3, 3, 3, 3, 3, 1709 // 3, 3, 3, 3, 3, 3, 3, 3}) 1710 }; 1711 1712 // names which should match divided from names which should not 1713 // match by null 1714 GeneralName[][] alternative_names = new GeneralName[][] { 1715 { 1716 new GeneralName(1, "rfc (at) 822.Name"), 1717 null, 1718 new GeneralName(1, "rfc (at) Other.Name") 1719 }, { 1720 new GeneralName(1, "rfc (at) 822.Name"), 1721 null, 1722 new GeneralName(1, "rfc (at) Other.Name") 1723 }, { 1724 new GeneralName(2, "Name.org"), 1725 new GeneralName(2, "dNS.Name.org"), 1726 null, 1727 new GeneralName(2, "dNS.OtherName.org") 1728 }, { 1729 new GeneralName(2, "dNS.Name.org"), 1730 null, 1731 new GeneralName(2, "Name.org"), 1732 new GeneralName(2, "dNS.OtherName.org") 1733 }, { 1734 1735 // new GeneralName(4, "O=Organization"), 1736 // null, 1737 // new GeneralName(4, "O=OtherOrganization") 1738 //}, { 1739 1740 new GeneralName(6, "http://uniform.Resource.Id/location"), 1741 null, 1742 //new GeneralName(6, "http://Resource.Id") 1743 }, { 1744 new GeneralName(6, "http://uniform.Resource.Id"), 1745 null, 1746 new GeneralName(6, "http://Resource.Id") 1747 }, { 1748 new GeneralName(new byte[] { 1, 1, 1, 1 }), 1749 null, 1750 new GeneralName(new byte[] { 2, 2, 2, 2 }) 1751 // }, { 1752 // new GeneralName(7, new byte[] {1, 1, 1, 1}), 1753 // new GeneralName(7, new byte[] {2, 2, 2, 2}), 1754 // new GeneralName(7, new byte[] {3, 3, 3, 3}), 1755 // null, 1756 // new GeneralName(7, new byte[] {4, 4, 4, 4}) 1757 }, { 1758 new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1759 1, 1, 1, 1, 1, 1, 1, 1 }), 1760 null, 1761 new GeneralName(new byte[] { 2, 2, 2, 2, 2, 2, 2, 2, 1762 2, 2, 2, 2, 2, 2, 2, 2 }), 1763 // }, { 1764 // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1, 1765 // 1, 1, 1, 1, 1, 1, 1, 1}), 1766 // new GeneralName(7, new byte[] {2, 2, 2, 2, 2, 2, 2, 2, 1767 // 2, 2, 2, 2, 2, 2, 2, 2}), 1768 // new GeneralName(7, new byte[] {3, 3, 3, 3, 3, 3, 3, 3, 1769 // 3, 3, 3, 3, 3, 3, 3, 3}), 1770 // null, 1771 // new GeneralName(7, new byte[] {4, 4, 4, 4, 4, 4, 4, 4, 1772 // 4, 4, 4, 4, 4, 4, 4, 4}), 1773 } 1774 }; 1775 1776 X509CertSelector selector = new X509CertSelector(); 1777 String subject = "O=Organization"; 1778 X500Principal x500Subject = new X500Principal(subject); 1779 try { 1780 Name nameSubject = new Name(subject); 1781 for (int i = 0; i < name_constraints.length; i++) { 1782 // make the subtrees (part of name constraints) 1783 // this subtrees will be used as permited and as excluded 1784 GeneralSubtree subtree = 1785 new GeneralSubtree(name_constraints[i]); 1786 GeneralSubtrees subtrees = new GeneralSubtrees(); 1787 NameConstraints constraints; 1788 subtrees.addSubtree(subtree); 1789 // start the checking for each alt. name corresponding 1790 // to current name_constraints[i] 1791 boolean check_matching = true; 1792 for (int j = 0; j < alternative_names[i].length; j++) { 1793 GeneralNames alt_names_extension = new GeneralNames(); 1794 if (alternative_names[i][j] == null) { 1795 // double trick: turn the switch and check that the 1796 // restrictions apply only when the specified name 1797 // form is presented. If no name of the type is in the 1798 // certificate, the certificate is acceptable. 1799 check_matching = false; 1800 } else { 1801 alt_names_extension.addName(alternative_names[i][j]); 1802 } 1803 TestCert certificate = new TestCert(alt_names_extension); 1804 certificate.setSubject(x500Subject); 1805 certificate.setEncoding(getCertEncoding(nameSubject, 1806 alt_names_extension)); 1807 // first check if permited name match 1808 constraints = new NameConstraints(subtrees, null); 1809 selector.setNameConstraints(constraints.getEncoded()); 1810 boolean expected = check_matching 1811 || (alternative_names[i][j] == null); 1812 assertTrue("The method match() for:\n " 1813 + alternative_names[i][j] 1814 + "\nand permited name\n " 1815 + name_constraints[i] 1816 + "\nshould return: " + expected, 1817 selector.match(certificate) == expected); 1818 // second check if excluded name does not match 1819 constraints = (check_matching) 1820 // check for 'Any name matching a 1821 // restriction in the excludedSubtrees 1822 // field is invalid regardless of 1823 // information appearing in the 1824 // permittedSubtrees'. 1825 ? new NameConstraints(subtrees, subtrees) 1826 : new NameConstraints(null, subtrees); 1827 selector.setNameConstraints(constraints.getEncoded()); 1828 expected = !check_matching 1829 || (alternative_names[i][j] == null); 1830 assertTrue("The method match() for:\n " 1831 + alternative_names[i][j] 1832 + "\nand excluded name\n " 1833 + name_constraints[i] 1834 + "\nshould return: " + expected, 1835 selector.match(certificate) == expected); 1836 } 1837 } 1838 } catch (IOException e) { 1839 e.printStackTrace(); 1840 fail("Unexpected IOException was thrown."); 1841 } 1842 } 1843 1844 /** 1845 * setNameConstraints(byte[] bytes) method testing. 1846 * Constructs the NameConstraints DER structure with 1847 * GeneralNames of types: 1, 2, 6, 7 and set it as a criterion. 1848 */ 1849 public void testSetNameConstraints1() throws IOException { 1850 1851 GeneralName[] name_constraints = new GeneralName[] { 1852 new GeneralName(1, "822.Name"), 1853 new GeneralName(1, "rfc (at) 822.Name"), 1854 new GeneralName(2, "Name.org"), 1855 new GeneralName(2, "dNS.Name.org"), 1856 new GeneralName(6, "http://.Resource.Id"), 1857 new GeneralName(6, "http://uniform.Resource.Id"), 1858 new GeneralName(7, "1.1.1.1"), 1859 new GeneralName(7, "1.1.1.1/3.3.3.3"), 1860 new GeneralName(7, "0101:0101:0101:0101:0101:0101:0101:0101"), 1861 new GeneralName(7, "0101:0101:0101:0101:0101:0101:0101:0101" 1862 + "/0303:0303:0303:0303:0303:0303:0303:0303"), 1863 }; 1864 1865 // Names which should match divided from names which should not 1866 // match by null. 1867 // Restrictions apply only when the specified name form is present. 1868 // If no name of the type is in the certificate, the certificate 1869 // is acceptable (rfc 3280). This assertion is checked during processing 1870 // of null GeneralName object (it also serves as separator). 1871 GeneralName[][] alternative_names = new GeneralName[][] { 1872 { 1873 new GeneralName(1, "rfc (at) 822.Name"), 1874 null, 1875 new GeneralName(1, "rfc (at) Other.Name") 1876 }, { 1877 new GeneralName(1, "rfc (at) 822.Name"), 1878 null, 1879 new GeneralName(1, "rfc (at) Other.Name") 1880 }, { 1881 new GeneralName(2, "Name.org"), 1882 new GeneralName(2, "dNS.Name.org"), 1883 null, 1884 new GeneralName(2, "dNS.OtherName.org") 1885 }, { 1886 new GeneralName(2, "dNS.Name.org"), 1887 null, 1888 new GeneralName(2, "Name.org"), 1889 new GeneralName(2, "dNS.OtherName.org") 1890 }, { 1891 1892 new GeneralName(6, "http://uniform.Resource.Id/location"), 1893 null, 1894 new GeneralName(6, "http://Resource.Id") 1895 }, { 1896 new GeneralName(6, "http://uniform.Resource.Id"), 1897 null, 1898 new GeneralName(6, "http://Resource.Id") 1899 }, { 1900 new GeneralName(new byte[] { 1, 1, 1, 1 }), 1901 null, 1902 new GeneralName(new byte[] { 2, 2, 2, 2 }) 1903 }, { 1904 new GeneralName(new byte[] { 1, 1, 1, 1 }), 1905 new GeneralName(new byte[] { 2, 2, 2, 2 }), 1906 new GeneralName(new byte[] { 3, 3, 3, 3 }), 1907 null, 1908 new GeneralName(new byte[] { 4, 4, 4, 4 }) 1909 }, { 1910 new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1911 1, 1, 1, 1, 1, 1, 1, 1 }), 1912 null, 1913 new GeneralName(new byte[] { 2, 2, 2, 2, 2, 2, 2, 2, 1914 2, 2, 2, 2, 2, 2, 2, 2 }), 1915 }, { 1916 new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1917 1, 1, 1, 1, 1, 1, 1, 1 }), 1918 new GeneralName(new byte[] { 2, 2, 2, 2, 2, 2, 2, 2, 1919 2, 2, 2, 2, 2, 2, 2, 2 }), 1920 new GeneralName(new byte[] { 3, 3, 3, 3, 3, 3, 3, 3, 1921 3, 3, 3, 3, 3, 3, 3, 3 }), 1922 null, 1923 new GeneralName(new byte[] { 4, 4, 4, 4, 4, 4, 4, 4, 1924 4, 4, 4, 4, 4, 4, 4, 4 }), 1925 } 1926 }; 1927 1928 X509CertSelector selector = new X509CertSelector(); 1929 String subject = "O=Organization"; 1930 X500Principal x500Subject = new X500Principal(subject); 1931 try { 1932 Name nameSubject = new Name(subject); 1933 for (int i = 0; i < name_constraints.length; i++) { 1934 // make the subtrees (part of name constraints) 1935 // this subtrees will be used as permited and as excluded 1936 GeneralSubtree subtree = 1937 new GeneralSubtree(name_constraints[i]); 1938 GeneralSubtrees subtrees = new GeneralSubtrees(); 1939 NameConstraints constraints; 1940 subtrees.addSubtree(subtree); 1941 // start the checking for each alt. name corresponding 1942 // to current name_constraints[i] 1943 boolean check_matching = true; 1944 for (int j = 0; j < alternative_names[i].length; j++) { 1945 GeneralNames alt_names_extension = new GeneralNames(); 1946 if (alternative_names[i][j] == null) { 1947 // double trick: turn the switch and check that the 1948 // restrictions apply only when the specified name 1949 // form is presented. If no name of the type is in the 1950 // certificate, the certificate is acceptable. 1951 check_matching = false; 1952 } else { 1953 alt_names_extension.addName(alternative_names[i][j]); 1954 } 1955 TestCert certificate = new TestCert(alt_names_extension); 1956 certificate.setSubject(x500Subject); 1957 certificate.setEncoding(getCertEncoding(nameSubject, 1958 alt_names_extension)); 1959 // first check if permited name match 1960 constraints = new NameConstraints(subtrees, null); 1961 selector.setNameConstraints(constraints.getEncoded()); 1962 boolean expected = check_matching 1963 || (alternative_names[i][j] == null); 1964 assertTrue("The method match() for:\n " 1965 + alternative_names[i][j] 1966 + "\nand permited name\n " 1967 + name_constraints[i] 1968 + "\nshould return: " + expected, 1969 selector.match(certificate) == expected); 1970 // second check if excluded name does not match 1971 constraints = (check_matching) 1972 // check for 'Any name matching a 1973 // restriction in the excludedSubtrees 1974 // field is invalid regardless of 1975 // information appearing in the 1976 // permittedSubtrees'. 1977 ? new NameConstraints(subtrees, subtrees) 1978 : new NameConstraints(null, subtrees); 1979 selector.setNameConstraints(constraints.getEncoded()); 1980 expected = !check_matching 1981 || (alternative_names[i][j] == null); 1982 assertTrue("The method match() for:\n " 1983 + alternative_names[i][j] 1984 + "\nand excluded name\n " 1985 + name_constraints[i] 1986 + "\nshould return: " + expected, 1987 selector.match(certificate) == expected); 1988 } 1989 } 1990 } catch (IOException e) { 1991 e.printStackTrace(); 1992 fail("Unexpected IOException was thrown."); 1993 } 1994 } 1995 1996 /** 1997 * setNameConstraints(byte[] bytes) method testing. 1998 * Constructs the different NameConstraints DER structures with 1999 * GeneralNames of type 4 and checks if the different certificates 2000 * matches or does not. 2001 */ 2002 public void testSetNameConstraints2() { 2003 // As specified in rfc 3280: 2004 // 2005 // Restrictions apply only when the specified name form is present. 2006 // If no name of the type is in the certificate, 2007 // the certificate is acceptable. 2008 // 2009 // Restrictions of the form directoryName MUST be applied to the 2010 // subject field in the certificate and to the subjectAltName 2011 // extensions of type directoryName. 2012 // 2013 // According to p. 4.1.2.4 comparing the encoded forms of the names. 2014 2015 String[][] variants = new String[][] { 2016 // subject Alternative Presented name Absent name 2017 // name name perm(t)/excl(f) perm(f)/excl(t) 2018 { "O=Org", "O=Org", "O=Org", "O=Org2" }, 2019 { "O=Org", "O=Org1", "O=Org", "O=Org2" }, 2020 { "O=Org1", "O=Org", "O=Org", "O=Org2" }, 2021 }; 2022 2023 X509CertSelector selector = new X509CertSelector(); 2024 try { 2025 for (int i = 0; i < variants.length; i++) { 2026 // make the names objects 2027 X500Principal subject = new X500Principal(variants[i][0]); 2028 Name subject_name = new Name(variants[i][0]); 2029 GeneralName alt_name = new GeneralName(4, variants[i][1]); 2030 // make the certificate to be checked 2031 GeneralNames alt_names_extension = new GeneralNames(); 2032 alt_names_extension.addName(alt_name); 2033 TestCert certificate = new TestCert(alt_names_extension); 2034 certificate.setSubject(subject); 2035 certificate.setEncoding(getCertEncoding(subject_name, 2036 alt_names_extension)); 2037 // make the subtrees (part of name constraints) 2038 // this subtrees will be used as permited and as excluded 2039 // name which is presented in certificate: 2040 GeneralSubtrees pos_subtrees = new GeneralSubtrees(); 2041 pos_subtrees.addSubtree( 2042 new GeneralSubtree( 2043 new GeneralName(4, variants[i][2]))); 2044 // name which is absent in certificate: 2045 GeneralSubtrees neg_subtrees = new GeneralSubtrees(); 2046 neg_subtrees.addSubtree( 2047 new GeneralSubtree( 2048 new GeneralName(4, variants[i][3]))); 2049 2050 NameConstraints constraints; 2051 // Work with name which is presented in certificate 2052 // first check if certificate with permited name matches: 2053 constraints = new NameConstraints(pos_subtrees, null); 2054 selector.setNameConstraints(constraints.getEncoded()); 2055 assertTrue("The method match() for certificate " 2056 + "with subject:\n " 2057 + variants[i][0] 2058 + "\nand with alternative name:\n " 2059 + variants[i][1] 2060 + "\nand permited name\n " 2061 + variants[i][2] 2062 + "\nshould return true", 2063 selector.match(certificate)); 2064 // second check if certificate with excluded name doesn't match: 2065 constraints = new NameConstraints(pos_subtrees, pos_subtrees); 2066 selector.setNameConstraints(constraints.getEncoded()); 2067 assertTrue("The method match() for certificate " 2068 + "with subject:\n " 2069 + variants[i][0] 2070 + "\nand with alternative name:\n " 2071 + variants[i][1] 2072 + "\nand excluded name\n " 2073 + variants[i][2] 2074 + "\nshould return false", 2075 !selector.match(certificate)); 2076 // Work with name which is not presented in certificate 2077 // first check if the certificate without permited name 2078 // does not match: 2079 constraints = new NameConstraints(neg_subtrees, null); 2080 selector.setNameConstraints(constraints.getEncoded()); 2081 assertTrue("The method match() for certificate " 2082 + "with subject:\n " 2083 + variants[i][0] 2084 + "\nand with alternative name:\n " 2085 + variants[i][1] 2086 + "\nand permited name\n " 2087 + variants[i][3] 2088 + "\nshould return false", 2089 !selector.match(certificate)); 2090 // second check if certificate without excluded name matches: 2091 constraints = new NameConstraints(neg_subtrees, neg_subtrees); 2092 selector.setNameConstraints(constraints.getEncoded()); 2093 assertTrue("The method match() for certificate " 2094 + "with subject:\n " 2095 + variants[i][0] 2096 + "\nand with alternative name:\n " 2097 + variants[i][1] 2098 + "\nand excluded name\n " 2099 + variants[i][3] 2100 + "\nshould return false", 2101 !selector.match(certificate)); 2102 } 2103 } catch (IOException e) { 2104 e.printStackTrace(); 2105 fail("Unexpected IOException was thrown."); 2106 } 2107 } 2108 2109 /** 2110 * Constructs the encoded form of certificate with specified subject field 2111 * of TBSCertificate and specified alternative names. 2112 */ 2113 private byte[] getCertEncoding(Name subject, GeneralNames subjectAltNames) 2114 throws IOException { 2115 // make the TBSCertificate for Certificate 2116 int version = 2; //v3 2117 BigInteger serialNumber = BigInteger.valueOf(555L); 2118 AlgorithmIdentifier signature = new AlgorithmIdentifier("1.2.3.44.555"); 2119 Name issuer = new Name("O=Certificate Issuer"); 2120 Validity validity = new Validity(new Date(100000000), 2121 new Date(200000000)); 2122 SubjectPublicKeyInfo subjectPublicKeyInfo = 2123 new SubjectPublicKeyInfo( 2124 new AlgorithmIdentifier("1.2.840.113549.1.1.2"), 2125 new byte[10]); 2126 boolean[] issuerUniqueID = new boolean[] 2127 { true, false, true, false, true, false, true, false }; 2128 boolean[] subjectUniqueID = new boolean[] 2129 { false, true, false, true, false, true, false, true }; 2130 2131 Extension extension = new Extension("2.5.29.17", 2132 true, subjectAltNames.getEncoded()); 2133 Extensions extensions = new Extensions(); 2134 extensions.addExtension(extension); 2135 2136 TBSCertificate tbsCertificate = new TBSCertificate(version, 2137 serialNumber, signature, issuer, validity, subject, 2138 subjectPublicKeyInfo, issuerUniqueID, subjectUniqueID, 2139 extensions); 2140 2141 // make the Certificate 2142 org.apache.harmony.security.x509.Certificate certificate = 2143 new org.apache.harmony.security.x509.Certificate 2144 (tbsCertificate, signature, new byte[10]); 2145 2146 return certificate.getEncoded(); 2147 } 2148 2149 /** 2150 * getNameConstraints() method testing. 2151 */ 2152 public void testGetNameConstraints() { 2153 } 2154 2155 /** 2156 * setBasicConstraints(int minMaxPathLen) method testing. 2157 */ 2158 public void testSetBasicConstraints() { 2159 try { 2160 new X509CertSelector().setBasicConstraints(-3); 2161 fail("IllegalArgumentException should be thrown."); 2162 } catch (IllegalArgumentException e) { 2163 } 2164 2165 int plen1 = 2; 2166 int plen2 = -1; 2167 TestCert cert_1 = new TestCert(plen1); 2168 TestCert cert_2 = new TestCert(plen2); 2169 X509CertSelector selector = new X509CertSelector(); 2170 2171 selector.setBasicConstraints(-1); 2172 assertTrue("Any certificate should match in the case of -1 " 2173 + "pathLen criteria.", 2174 selector.match(cert_1) && selector.match(cert_2)); 2175 selector.setBasicConstraints(plen1); 2176 assertTrue("The certificate should match the selection criteria.", 2177 selector.match(cert_1)); 2178 assertFalse("The certificate should not match the selection criteria.", 2179 selector.match(cert_2)); 2180 selector.setBasicConstraints(plen2); 2181 assertTrue("The certificate should match the selection criteria.", 2182 selector.match(cert_2)); 2183 } 2184 2185 /** 2186 * getBasicConstraints() method testing. 2187 */ 2188 public void testGetBasicConstraints() { 2189 int plen1 = 2; 2190 int plen2 = -1; 2191 X509CertSelector selector = new X509CertSelector(); 2192 2193 assertEquals("Selector should return -1", 2194 selector.getBasicConstraints(), -1); 2195 selector.setBasicConstraints(plen1); 2196 assertEquals("The returned value should be equal to specified", 2197 plen1, selector.getBasicConstraints()); 2198 assertFalse("The returned value should differ", 2199 plen2 == selector.getBasicConstraints()); 2200 } 2201 2202 /** 2203 * setPolicy(Set<String> certPolicySet) method testing. 2204 */ 2205 public void testSetPolicy() { 2206 String[] policies_1 = new String[] { 2207 "0.0.0.0.0.0", 2208 "1.1.1.1.1.1", 2209 }; 2210 String[] policies_2 = new String[] { 2211 "0.0.0.0.0.0", 2212 "1.1.1.1.1.1", 2213 "2.2.2.2.2.2" 2214 }; 2215 String[] policies_3 = new String[] { 2216 "2.2.2.2.2.2" 2217 }; 2218 String[] policies_4 = new String[] { }; 2219 X509CertSelector selector = new X509CertSelector(); 2220 HashSet set = new HashSet(Arrays.asList(policies_1)); 2221 try { 2222 selector.setPolicy(set); 2223 } catch (IOException e) { 2224 e.printStackTrace(); 2225 fail("Unexpected IOException was thrown."); 2226 } 2227 TestCert cert_1 = new TestCert(policies_1); 2228 TestCert cert_2 = new TestCert(policies_2); 2229 TestCert cert_3 = new TestCert(policies_3); 2230 TestCert cert_4 = new TestCert(policies_4); 2231 assertTrue("The certificate should match the specified criteria", 2232 selector.match(cert_1)); 2233 assertTrue("The certificate should match the specified criteria", 2234 selector.match(cert_2)); 2235 assertFalse("The certificate should not match the specified criteria", 2236 selector.match(cert_3)); 2237 assertFalse("The certificate should not match the specified criteria", 2238 selector.match(cert_4)); 2239 set.add("2.2.2.2.2.2"); 2240 assertFalse("The modification of the set should not cause the " 2241 + "modification of internal object", 2242 selector.match(cert_3)); 2243 set = new HashSet(); 2244 try { 2245 selector.setPolicy(set); 2246 } catch (IOException e) { 2247 e.printStackTrace(); 2248 fail("Unexpected IOException was thrown."); 2249 } 2250 assertTrue("The certificate should match the specified criteria", 2251 selector.match(cert_1)); 2252 assertTrue("The certificate should match the specified criteria", 2253 selector.match(cert_2)); 2254 assertTrue("The certificate should match the specified criteria", 2255 selector.match(cert_3)); 2256 assertFalse("The certificate should not match the specified criteria", 2257 selector.match(cert_4)); 2258 set.add("2.2.2.2.2.2"); 2259 try { 2260 selector.setPolicy(set); 2261 } catch (IOException e) { 2262 e.printStackTrace(); 2263 fail("Unexpected IOException was thrown."); 2264 } 2265 assertFalse("The certificate should not match the specified criteria", 2266 selector.match(cert_1)); 2267 assertTrue("The certificate should match the specified criteria", 2268 selector.match(cert_2)); 2269 assertTrue("The certificate should match the specified criteria", 2270 selector.match(cert_3)); 2271 assertFalse("The certificate should not match the specified criteria", 2272 selector.match(cert_4)); 2273 } 2274 2275 /** 2276 * getPolicy() method testing. 2277 */ 2278 public void testGetPolicy() { 2279 String[] policies = new String[] { 2280 "0.0.0.0.0.0", 2281 "1.1.1.1.1.1", 2282 "2.2.2.2.2.2" 2283 }; 2284 X509CertSelector selector = new X509CertSelector(); 2285 HashSet set = new HashSet(Arrays.asList(policies)); 2286 try { 2287 selector.setPolicy(set); 2288 } catch (IOException e) { 2289 e.printStackTrace(); 2290 fail("Unexpected IOException was thrown."); 2291 } 2292 Set result = selector.getPolicy(); 2293 try { 2294 result.remove(policies[0]); 2295 fail("An immutable set should be returned."); 2296 } catch (UnsupportedOperationException e) { 2297 } 2298 if (result.size() != 3) { 2299 fail("The size of returned set differs from specified."); 2300 } 2301 for (int i = 0; i < policies.length; i++) { 2302 if (!result.contains(policies[i])) { 2303 fail("The set does not have specified policy."); 2304 } 2305 } 2306 } 2307 2308 /** 2309 * setPathToNames(Collection<List<?>> names) method testing. 2310 */ 2311 public void testSetPathToNames() { 2312 try { 2313 GeneralName[] names = new GeneralName[] { 2314 new GeneralName(1, "rfc (at) 822.Name"), 2315 new GeneralName(1, "rfc (at) 822.AnotherName"), 2316 new GeneralName(2, "dNSName"), 2317 new GeneralName(2, "AnotherdNSName"), 2318 new GeneralName(4, "O=Organization"), 2319 new GeneralName(4, "O=Another Organization"), 2320 new GeneralName(6, "http://uniform.Resource.Id"), 2321 new GeneralName(6, "http://another.uniform.Resource.Id"), 2322 new GeneralName(7, "1.1.1.1"), 2323 new GeneralName(7, "2.2.2.2") 2324 }; 2325 2326 X509CertSelector selector = new X509CertSelector(); 2327 2328 TestCert cert; 2329 GeneralSubtrees subtrees; 2330 NameConstraints constraints; 2331 for (int i = 0; i < names.length; i += 2) { 2332 // Set up the pathToNames criterion 2333 ArrayList pathToNames = new ArrayList(); 2334 pathToNames.add(names[i].getAsList()); 2335 selector.setPathToNames(pathToNames); 2336 2337 // Construct the subtrees without the current name 2338 subtrees = new GeneralSubtrees(); 2339 for (int j = 0; j < names.length; j++) { 2340 if (i != j && i + 1 != j) { 2341 subtrees.addSubtree(new GeneralSubtree(names[j])); 2342 } 2343 } 2344 constraints = new NameConstraints(subtrees, null); 2345 cert = new TestCert(constraints); 2346 assertTrue("The Name Constraints Extension of the " 2347 + "certificate does not contain the names " 2348 + "of such type so method match() should " 2349 + "return true.", selector.match(cert)); 2350 2351 constraints = new NameConstraints(subtrees, subtrees); 2352 cert = new TestCert(constraints); 2353 assertTrue("The Name Constraints Extension of the " 2354 + "certificate does not contain the names " 2355 + "of such type so method match() should " 2356 + "return true.", selector.match(cert)); 2357 2358 constraints = new NameConstraints(null, subtrees); 2359 cert = new TestCert(constraints); 2360 assertTrue("The Name Constraints Extension of the " 2361 + "certificate does not contain the names " 2362 + "of such type so method match() should " 2363 + "return true.", selector.match(cert)); 2364 2365 subtrees.addSubtree(new GeneralSubtree(names[i + 1])); 2366 2367 constraints = new NameConstraints(subtrees, null); 2368 cert = new TestCert(constraints); 2369 assertFalse("The Name Constraints Extension of the " 2370 + "certificate does not contain the name " 2371 + "as a permitted name so method match() " 2372 + "should return false", selector.match(cert)); 2373 2374 constraints = new NameConstraints(subtrees, subtrees); 2375 cert = new TestCert(constraints); 2376 assertFalse("The Name Constraints Extension of the " 2377 + "certificate does not contain the name " 2378 + "as an excluded name but it does not " 2379 + "contain this name as a permitted so match()" 2380 + "should return false", selector.match(cert)); 2381 2382 constraints = new NameConstraints(null, subtrees); 2383 cert = new TestCert(constraints); 2384 assertTrue("The Name Constraints Extension of the " 2385 + "certificate does not contain the name " 2386 + "as an excluded name so method match() " 2387 + "should return true", selector.match(cert)); 2388 2389 subtrees.addSubtree(new GeneralSubtree(names[i])); 2390 2391 constraints = new NameConstraints(subtrees, null); 2392 cert = new TestCert(constraints); 2393 assertTrue("The Name Constraints Extension of the " 2394 + "certificate contains the name " 2395 + "as a permitted name so method match() " 2396 + "should return true", selector.match(cert)); 2397 2398 constraints = new NameConstraints(subtrees, subtrees); 2399 cert = new TestCert(constraints); 2400 assertFalse("The Name Constraints Extension of the " 2401 + "certificate contains the name " 2402 + "as an excluded name so method match() " 2403 + "should return false", selector.match(cert)); 2404 2405 constraints = new NameConstraints(null, subtrees); 2406 cert = new TestCert(constraints); 2407 assertFalse("The Name Constraints Extension of the " 2408 + "certificate contains the name " 2409 + "as an excluded name so method match() " 2410 + "should return false", selector.match(cert)); 2411 2412 pathToNames.clear(); 2413 assertFalse("The modification of initialization parameter " 2414 + "should not cause the modification of " 2415 + "internal object ", selector.match(cert)); 2416 } 2417 } catch (IOException e) { 2418 e.printStackTrace(); 2419 fail("Unexpected IOException was thrown."); 2420 } 2421 } 2422 2423 /** 2424 * addPathToName(int type, String name) method testing. 2425 */ 2426 public void testAddPathToName1() { 2427 try { 2428 int[] types = new int[] { 1, 1, 2, 2, 4, 4, 6, 6, 7, 7 }; 2429 String[] names = new String[] { 2430 "rfc (at) 822.Name", 2431 "rfc (at) 822.AnotherName", 2432 "dNSName", 2433 "AnotherdNSName", 2434 "O=Organization", 2435 "O=Another Organization", 2436 "http://uniform.Resource.Id", 2437 "http://another.uniform.Resource.Id", 2438 "1.1.1.1", 2439 "2.2.2.2" 2440 }; 2441 2442 X509CertSelector selector = new X509CertSelector(); 2443 2444 TestCert cert; 2445 GeneralSubtrees subtrees; 2446 NameConstraints constraints; 2447 for (int i = 0; i < names.length - 2; i += 2) { 2448 // Set up the pathToNames criterion 2449 selector.addPathToName(types[i], names[i]); 2450 2451 // Construct the subtrees without the current name 2452 subtrees = new GeneralSubtrees(); 2453 for (int j = i + 2; j < names.length; j++) { 2454 if (i != j && i + 1 != j) { 2455 subtrees.addSubtree( 2456 new GeneralSubtree( 2457 new GeneralName(types[j], names[j]))); 2458 } 2459 } 2460 constraints = new NameConstraints(subtrees, null); 2461 cert = new TestCert(constraints); 2462 assertTrue("The Name Constraints Extension of the " 2463 + "certificate does not contain the names " 2464 + "of such type so method match() should " 2465 + "return true.", selector.match(cert)); 2466 2467 constraints = new NameConstraints(subtrees, subtrees); 2468 cert = new TestCert(constraints); 2469 assertTrue("The Name Constraints Extension of the " 2470 + "certificate does not contain the names " 2471 + "of such type so method match() should " 2472 + "return true.", selector.match(cert)); 2473 2474 constraints = new NameConstraints(null, subtrees); 2475 cert = new TestCert(constraints); 2476 assertTrue("The Name Constraints Extension of the " 2477 + "certificate does not contain the names " 2478 + "of such type so method match() should " 2479 + "return true.", selector.match(cert)); 2480 2481 subtrees.addSubtree( 2482 new GeneralSubtree( 2483 new GeneralName(types[i + 1], names[i + 1]))); 2484 2485 constraints = new NameConstraints(subtrees, null); 2486 cert = new TestCert(constraints); 2487 assertFalse("The Name Constraints Extension of the " 2488 + "certificate does not contain the name " 2489 + "as a permitted name so method match() " 2490 + "should return false", selector.match(cert)); 2491 2492 constraints = new NameConstraints(subtrees, subtrees); 2493 cert = new TestCert(constraints); 2494 assertFalse("The Name Constraints Extension of the " 2495 + "certificate does not contain the name " 2496 + "as an excluded name but it does not " 2497 + "contain this name as a permitted so match()" 2498 + "should return false", selector.match(cert)); 2499 2500 constraints = new NameConstraints(null, subtrees); 2501 cert = new TestCert(constraints); 2502 assertTrue("The Name Constraints Extension of the " 2503 + "certificate does not contain the name " 2504 + "as an excluded name so method match() " 2505 + "should return true", selector.match(cert)); 2506 2507 subtrees.addSubtree( 2508 new GeneralSubtree( 2509 new GeneralName(types[i], names[i]))); 2510 2511 constraints = new NameConstraints(subtrees, null); 2512 cert = new TestCert(constraints); 2513 assertTrue("The Name Constraints Extension of the " 2514 + "certificate contains the name " 2515 + "as a permitted name so method match() " 2516 + "should return true", selector.match(cert)); 2517 2518 constraints = new NameConstraints(subtrees, subtrees); 2519 cert = new TestCert(constraints); 2520 assertFalse("The Name Constraints Extension of the " 2521 + "certificate contains the name " 2522 + "as an excluded name so method match() " 2523 + "should return false", selector.match(cert)); 2524 2525 constraints = new NameConstraints(null, subtrees); 2526 cert = new TestCert(constraints); 2527 assertFalse("The Name Constraints Extension of the " 2528 + "certificate contains the name " 2529 + "as an excluded name so method match() " 2530 + "should return false", selector.match(cert)); 2531 } 2532 } catch (IOException e) { 2533 e.printStackTrace(); 2534 fail("Unexpected IOException was thrown."); 2535 } 2536 } 2537 2538 /** 2539 * addPathToName(int type, byte[] name) method testing. 2540 */ 2541 public void testAddPathToName2() { 2542 try { 2543 int[] types = new int[] { 1, 1, 2, 2, 4, 4, 6, 6, 7, 7 }; 2544 byte[][] names = new byte[][] { 2545 new GeneralName(1, "rfc (at) 822.Name").getEncodedName(), 2546 new GeneralName(1, "rfc (at) 822.AnotherName").getEncodedName(), 2547 new GeneralName(2, "dNSName").getEncodedName(), 2548 new GeneralName(2, "AnotherdNSName").getEncodedName(), 2549 new GeneralName(4, "O=Organization").getEncodedName(), 2550 new GeneralName(4, "O=Another Organization").getEncodedName(), 2551 new GeneralName(6, "http://uniform.Resource.Id") 2552 .getEncodedName(), 2553 new GeneralName(6, "http://another.uniform.Resource.Id") 2554 .getEncodedName(), 2555 new GeneralName(7, "1.1.1.1").getEncodedName(), 2556 new GeneralName(7, "2.2.2.2").getEncodedName() 2557 }; 2558 2559 X509CertSelector selector = new X509CertSelector(); 2560 2561 TestCert cert; 2562 GeneralSubtrees subtrees; 2563 NameConstraints constraints; 2564 for (int i = 0; i < names.length - 2; i += 2) { 2565 // Set up the pathToNames criterion 2566 selector.addPathToName(types[i], names[i]); 2567 2568 // Construct the subtrees without the current name 2569 subtrees = new GeneralSubtrees(); 2570 for (int j = i + 2; j < names.length; j++) { 2571 if (i != j && i + 1 != j) { 2572 subtrees.addSubtree( 2573 new GeneralSubtree( 2574 new GeneralName(types[j], names[j]))); 2575 } 2576 } 2577 constraints = new NameConstraints(subtrees, null); 2578 cert = new TestCert(constraints); 2579 assertTrue("The Name Constraints Extension of the " 2580 + "certificate does not contain the names " 2581 + "of such type so method match() should " 2582 + "return true.", selector.match(cert)); 2583 2584 constraints = new NameConstraints(subtrees, subtrees); 2585 cert = new TestCert(constraints); 2586 assertTrue("The Name Constraints Extension of the " 2587 + "certificate does not contain the names " 2588 + "of such type so method match() should " 2589 + "return true.", selector.match(cert)); 2590 2591 constraints = new NameConstraints(null, subtrees); 2592 cert = new TestCert(constraints); 2593 assertTrue("The Name Constraints Extension of the " 2594 + "certificate does not contain the names " 2595 + "of such type so method match() should " 2596 + "return true.", selector.match(cert)); 2597 2598 subtrees.addSubtree( 2599 new GeneralSubtree( 2600 new GeneralName(types[i + 1], names[i + 1]))); 2601 2602 constraints = new NameConstraints(subtrees, null); 2603 cert = new TestCert(constraints); 2604 assertFalse("The Name Constraints Extension of the " 2605 + "certificate does not contain the name " 2606 + "as a permitted name so method match() " 2607 + "should return false", selector.match(cert)); 2608 2609 constraints = new NameConstraints(subtrees, subtrees); 2610 cert = new TestCert(constraints); 2611 assertFalse("The Name Constraints Extension of the " 2612 + "certificate does not contain the name " 2613 + "as an excluded name but it does not " 2614 + "contain this name as a permitted so match()" 2615 + "should return false", selector.match(cert)); 2616 2617 constraints = new NameConstraints(null, subtrees); 2618 cert = new TestCert(constraints); 2619 assertTrue("The Name Constraints Extension of the " 2620 + "certificate does not contain the name " 2621 + "as an excluded name so method match() " 2622 + "should return true", selector.match(cert)); 2623 2624 subtrees.addSubtree( 2625 new GeneralSubtree( 2626 new GeneralName(types[i], names[i]))); 2627 2628 constraints = new NameConstraints(subtrees, null); 2629 cert = new TestCert(constraints); 2630 assertTrue("The Name Constraints Extension of the " 2631 + "certificate contains the name " 2632 + "as a permitted name so method match() " 2633 + "should return true", selector.match(cert)); 2634 2635 constraints = new NameConstraints(subtrees, subtrees); 2636 cert = new TestCert(constraints); 2637 assertFalse("The Name Constraints Extension of the " 2638 + "certificate contains the name " 2639 + "as an excluded name so method match() " 2640 + "should return false", selector.match(cert)); 2641 2642 constraints = new NameConstraints(null, subtrees); 2643 cert = new TestCert(constraints); 2644 assertFalse("The Name Constraints Extension of the " 2645 + "certificate contains the name " 2646 + "as an excluded name so method match() " 2647 + "should return false", selector.match(cert)); 2648 } 2649 } catch (IOException e) { 2650 e.printStackTrace(); 2651 fail("Unexpected IOException was thrown."); 2652 } 2653 } 2654 2655 /** 2656 * getPathToNames() method testing. 2657 */ 2658 public void testGetPathToNames() { 2659 try { 2660 byte[] encoding = 2661 new GeneralName(1, "rfc (at) 822.Name").getEncodedName(); 2662 2663 X509CertSelector selector = new X509CertSelector(); 2664 2665 selector.addPathToName(1, encoding); 2666 encoding[0]++; 2667 Collection coll = selector.getPathToNames(); 2668 Iterator it = coll.iterator(); 2669 List list = (List) it.next(); 2670 Object result = list.get(1); 2671 if ((result instanceof byte[]) 2672 && (encoding[0] == ((byte[]) result)[0])) { 2673 fail("Deep copy should be performed on pathToNames."); 2674 } 2675 } catch (IOException e) { 2676 e.printStackTrace(); 2677 fail("Unexpected IOException was thrown."); 2678 } 2679 } 2680 2681 /** 2682 * toString() method testing. 2683 */ 2684 public void testToString() throws Exception { 2685 BigInteger serial = new BigInteger("10000"); 2686 X500Principal issuer = new X500Principal("O=Issuer Org."); 2687 X500Principal subject = new X500Principal("O=Subject Org."); 2688 byte[] subject_auth_KeyID = new byte[] { 1, 2, 3, 4, 5 }; 2689 Date certValid = new Date(2000000000); 2690 Date[] privateKeyValid = new Date[] { 2691 new Date(100000000L), 2692 new Date(200000000L), 2693 new Date(300000000L) 2694 }; 2695 String pkAlgID = "1.2.840.113549.1.1.4"; // MD5 with RSA encryption (source: http://asn1.elibel.tm.fr) 2696 PublicKey pkey; 2697 2698 pkey = new TestKeyPair("RSA").getPublic(); 2699 2700 boolean[] keyUsage = new boolean[] 2701 { true, true, true, true, true, true, true, true, false }; 2702 // OID values was taken from rfc 3280 2703 HashSet extKeyUsage = new HashSet(Arrays.asList(new String[] { 2704 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 2705 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 2706 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" } 2707 )); 2708 GeneralNames subjectAltNames = new GeneralNames(Arrays.asList( 2709 new GeneralName[] { 2710 new GeneralName(1, "rfc (at) 822.Name"), 2711 new GeneralName(2, "dNSName"), 2712 new GeneralName(6, "http://uniform.Resource.Id"), 2713 new GeneralName(7, "1.1.1.1") 2714 } 2715 )); 2716 String[] policies = new String[] { 2717 "0.0.0.0.0.0", 2718 "1.1.1.1.1.1", 2719 }; 2720 TestCert cert = new TestCert("certificate equality criteria"); 2721 2722 X509CertSelector selector = new X509CertSelector(); 2723 selector.setCertificate(cert); 2724 selector.setSerialNumber(serial); 2725 selector.setIssuer(issuer); 2726 selector.setSubject(subject); 2727 selector.setSubjectKeyIdentifier(subject_auth_KeyID); 2728 selector.setAuthorityKeyIdentifier(subject_auth_KeyID); 2729 selector.setCertificateValid(certValid); 2730 selector.setPrivateKeyValid(privateKeyValid[1]); 2731 selector.setSubjectPublicKey(pkey); 2732 selector.setSubjectPublicKeyAlgID(pkAlgID); 2733 selector.setKeyUsage(keyUsage); 2734 selector.setExtendedKeyUsage(extKeyUsage); 2735 selector.setSubjectAlternativeNames(subjectAltNames.getPairsList()); 2736 selector.setMatchAllSubjectAltNames(true); 2737 selector.setPolicy(new HashSet(Arrays.asList(policies))); 2738 2739 assertNotNull("The result should not be null.", 2740 selector.toString()); 2741 } 2742 2743 /** 2744 * match(Certificate cert) method testing. 2745 * Tests if the null object matches to the selector or does not, 2746 * and if the certificate conforming to the multiple matching criteria 2747 * matches or does not.. 2748 */ 2749 public void testMatch() throws Exception { 2750 BigInteger serial = new BigInteger("10000"); 2751 X500Principal issuer = new X500Principal("O=Issuer Org."); 2752 X500Principal subject = new X500Principal("O=Subject Org."); 2753 byte[] subject_auth_KeyID = new byte[] { 1, 2, 3, 4, 5 }; // random value 2754 Date certValid = new Date(2000000000); 2755 Date[] privateKeyValid = new Date[] { 2756 new Date(100000000L), 2757 new Date(200000000L), 2758 new Date(300000000L) 2759 }; 2760 String pkAlgID = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr) 2761 PublicKey pkey; 2762 2763 pkey = new TestKeyPair("RSA").getPublic(); 2764 2765 boolean[] keyUsage = new boolean[] 2766 { true, true, true, true, true, true, true, true, false }; 2767 // OID values was taken from rfc 3280 2768 HashSet extKeyUsage = new HashSet(Arrays.asList(new String[] { 2769 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 2770 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 2771 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" } 2772 )); 2773 GeneralNames subjectAltNames = new GeneralNames(Arrays.asList( 2774 new GeneralName[] { 2775 new GeneralName(1, "rfc (at) 822.Name"), 2776 new GeneralName(2, "dNSName"), 2777 new GeneralName(6, "http://uniform.Resource.Id"), 2778 new GeneralName(7, "1.1.1.1") 2779 } 2780 )); 2781 String[] policies = new String[] { 2782 "0.0.0.0.0.0", 2783 "1.1.1.1.1.1", 2784 }; 2785 2786 TestCert cert = new TestCert("certificate equality criteria"); 2787 cert.setSerialNumber(serial); 2788 cert.setIssuer(issuer); 2789 cert.setSubject(subject); 2790 cert.setKeyIdentifier(subject_auth_KeyID); 2791 cert.setDate(certValid); 2792 cert.setPeriod(privateKeyValid[0], privateKeyValid[2]); 2793 cert.setPublicKey(pkey); 2794 cert.setKeyUsage(keyUsage); 2795 cert.setExtendedKeyUsage(extKeyUsage); 2796 cert.setSubjectAlternativeNames(subjectAltNames); 2797 cert.setPolicies(policies); 2798 2799 X509CertSelector selector = new X509CertSelector(); 2800 selector.setCertificate(cert); 2801 selector.setSerialNumber(serial); 2802 selector.setIssuer(issuer); 2803 selector.setSubject(subject); 2804 selector.setSubjectKeyIdentifier(subject_auth_KeyID); 2805 selector.setAuthorityKeyIdentifier(subject_auth_KeyID); 2806 selector.setCertificateValid(certValid); 2807 selector.setPrivateKeyValid(privateKeyValid[1]); 2808 selector.setSubjectPublicKey(pkey); 2809 selector.setSubjectPublicKeyAlgID(pkAlgID); 2810 selector.setKeyUsage(keyUsage); 2811 selector.setExtendedKeyUsage(extKeyUsage); 2812 selector.setSubjectAlternativeNames(subjectAltNames.getPairsList()); 2813 selector.setMatchAllSubjectAltNames(true); 2814 selector.setPolicy(new HashSet(Arrays.asList(policies))); 2815 2816 assertFalse("The null object should not match", 2817 selector.match((X509Certificate) null)); 2818 assertTrue("The certificate should match the selector", 2819 selector.match(cert)); 2820 } 2821 2822 /** 2823 * @tests java.security.cert.X509CertSelector#match(java.security.cert.Certificate) 2824 */ 2825 public void test_matchLjava_security_cert_Certificate() { 2826 2827 // Regression for HARMONY-186 2828 TestCert cert = new TestCert(); 2829 cert.setKeyUsage(new boolean[] { true, false, true, false, false, 2830 false, false, false, false }); 2831 2832 X509CertSelector certSelector = new X509CertSelector(); 2833 2834 certSelector.setKeyUsage(new boolean[] { true, false, true }); 2835 assertTrue("Assert 1: ", certSelector.match(cert)); 2836 2837 certSelector.setKeyUsage(new boolean[] { true, true, true }); 2838 assertFalse("Assert 2: ", certSelector.match(cert)); 2839 } 2840 2841 /** 2842 * clone() method testing. 2843 */ 2844 public void testClone() throws Exception { 2845 BigInteger serial = new BigInteger("10000"); 2846 X500Principal issuer = new X500Principal("O=Issuer Org."); 2847 X500Principal subject = new X500Principal("O=Subject Org."); 2848 byte[] subject_auth_KeyID = new byte[] { 1, 2, 3, 4, 5 }; // random value 2849 Date certValid = new Date(2000000000); 2850 Date[] privateKeyValid = new Date[] { 2851 new Date(100000000L), 2852 new Date(200000000L), 2853 new Date(300000000L) 2854 }; 2855 String pkAlgID = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr) 2856 PublicKey pkey; 2857 2858 pkey = new TestKeyPair("RSA").getPublic(); 2859 2860 boolean[] keyUsage = new boolean[] 2861 { true, true, true, true, true, true, true, true, false }; 2862 // OID values was taken from rfc 3280 2863 HashSet extKeyUsage = new HashSet(Arrays.asList(new String[] { 2864 "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 2865 "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 2866 "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7" } 2867 )); 2868 GeneralNames subjectAltNames = new GeneralNames(Arrays.asList( 2869 new GeneralName[] { 2870 new GeneralName(1, "rfc (at) 822.Name"), 2871 new GeneralName(2, "dNSName"), 2872 new GeneralName(6, "http://uniform.Resource.Id"), 2873 new GeneralName(7, "1.1.1.1") 2874 } 2875 )); 2876 String[] policies = new String[] { 2877 "0.0.0.0.0.0", 2878 "1.1.1.1.1.1", 2879 }; 2880 2881 TestCert cert = new TestCert("certificate equality criteria"); 2882 cert.setSerialNumber(serial); 2883 cert.setIssuer(issuer); 2884 cert.setSubject(subject); 2885 cert.setKeyIdentifier(subject_auth_KeyID); 2886 cert.setDate(certValid); 2887 cert.setPeriod(privateKeyValid[0], privateKeyValid[2]); 2888 cert.setPublicKey(pkey); 2889 cert.setKeyUsage(keyUsage); 2890 cert.setExtendedKeyUsage(extKeyUsage); 2891 cert.setSubjectAlternativeNames(subjectAltNames); 2892 cert.setPolicies(policies); 2893 2894 X509CertSelector selector = new X509CertSelector(); 2895 selector.setCertificate(cert); 2896 selector.setSerialNumber(serial); 2897 selector.setIssuer(issuer); 2898 selector.setSubject(subject); 2899 selector.setSubjectKeyIdentifier(subject_auth_KeyID); 2900 selector.setAuthorityKeyIdentifier(subject_auth_KeyID); 2901 selector.setCertificateValid(certValid); 2902 selector.setPrivateKeyValid(privateKeyValid[1]); 2903 selector.setSubjectPublicKey(pkey); 2904 selector.setSubjectPublicKeyAlgID(pkAlgID); 2905 selector.setKeyUsage(keyUsage); 2906 selector.setExtendedKeyUsage(extKeyUsage); 2907 selector.setSubjectAlternativeNames(subjectAltNames.getPairsList()); 2908 selector.setMatchAllSubjectAltNames(true); 2909 selector.setPolicy(new HashSet(Arrays.asList(policies))); 2910 2911 assertTrue("The certificate should match the selector", 2912 ((X509CertSelector) selector.clone()).match(cert)); 2913 } 2914 2915 2916 public static Test suite() { 2917 return new TestSuite(X509CertSelectorTest.class); 2918 } 2919 2920 } 2921
