1 package tests.security.cert; 2 3 import junit.framework.TestCase; 4 5 import org.apache.harmony.security.tests.support.cert.TestUtils; 6 7 8 import java.io.ByteArrayInputStream; 9 import java.io.IOException; 10 import java.math.BigInteger; 11 import java.security.InvalidKeyException; 12 import java.security.NoSuchAlgorithmException; 13 import java.security.NoSuchProviderException; 14 import java.security.Principal; 15 import java.security.PublicKey; 16 import java.security.SignatureException; 17 import java.security.cert.CRL; 18 import java.security.cert.CRLException; 19 import java.security.cert.Certificate; 20 import java.security.cert.CertificateException; 21 import java.security.cert.CertificateFactory; 22 import java.security.cert.X509CRL; 23 import java.security.cert.X509CRLEntry; 24 import java.security.cert.X509CRLSelector; 25 import java.security.cert.X509Certificate; 26 import java.util.ArrayList; 27 import java.util.Collection; 28 import java.util.Date; 29 import java.util.Set; 30 31 import javax.security.auth.x500.X500Principal; 32 33 import sun.security.util.DerOutputStream; 34 import sun.security.x509.CRLNumberExtension; 35 36 public class X509CRLSelector2Test extends TestCase { 37 38 protected void setUp() throws Exception { 39 super.setUp(); 40 } 41 42 protected void tearDown() throws Exception { 43 super.tearDown(); 44 } 45 46 /** 47 * constructor testing. 48 * 49 */ 50 public void testX509CRLSelector() { 51 X509CRLSelector selector = new X509CRLSelector(); 52 assertNull(selector.getDateAndTime()); 53 assertNull(selector.getCertificateChecking()); 54 assertNull(selector.getIssuerNames()); 55 assertNull(selector.getIssuers()); 56 assertNull(selector.getMaxCRL()); 57 assertNull(selector.getMinCRL()); 58 } 59 60 /** 61 * addIssuer(X500Principal issuer) method testing. Tests if CRLs with 62 * specified issuers match the selector, and if not specified issuer does 63 * not match the selector. 64 */ 65 public void testAddIssuerLjavax_security_auth_x500_X500Principal02() { 66 X509CRLSelector selector = new X509CRLSelector(); 67 X500Principal iss1 = new X500Principal("O=First Org."); 68 X500Principal iss2 = new X500Principal("O=Second Org."); 69 CRL crl1 = new TestCRL(iss1); 70 CRL crl2 = new TestCRL(iss2); 71 72 selector.addIssuer(iss1); 73 assertTrue("The CRL should match the selection criteria.", selector 74 .match(crl1)); 75 assertFalse("The CRL should not match the selection criteria.", 76 selector.match(crl2)); 77 selector.addIssuer(iss2); 78 assertTrue("The CRL should match the selection criteria.", selector 79 .match(crl2)); 80 } 81 82 /** 83 * addIssuerName(String name) method testing. Tests if CRLs with specified 84 * issuers match the selector, and if not specified issuer does not match 85 * the selector. 86 */ 87 public void testAddIssuerNameLjava_lang_String03() { 88 X509CRLSelector selector = new X509CRLSelector(); 89 String iss1 = "O=First Org."; 90 String iss2 = "O=Second Org."; 91 TestCRL crl1 = new TestCRL(new X500Principal(iss1)); 92 TestCRL crl2 = new TestCRL(new X500Principal(iss2)); 93 94 try { 95 selector.addIssuerName(iss1); 96 } catch (IOException e) { 97 e.printStackTrace(); 98 fail("Unexpected IOException was thrown."); 99 } 100 assertTrue("The CRL should match the selection criteria.", selector 101 .match(crl1)); 102 assertFalse("The CRL should not match the selection criteria.", 103 selector.match(crl2)); 104 try { 105 selector.addIssuerName(iss2); 106 } catch (IOException e) { 107 e.printStackTrace(); 108 fail("Unexpected IOException was thrown."); 109 } 110 assertTrue("The CRL should match the selection criteria.", selector 111 .match(crl2)); 112 } 113 114 /** 115 * setIssuerNames(Collection <?> names) method testing. Tests if CRLs with 116 * any issuers match the selector in the case of null issuerNames criteria, 117 * if specified issuers match the selector, if not specified issuer does not 118 * match the selector, and if the internal collection of issuer names is 119 * copied during initialization. 120 */ 121 @SuppressWarnings("unchecked") 122 public void testSetIssuerNamesLjava_util_Collection02() { 123 X509CRLSelector selector = new X509CRLSelector(); 124 String iss1 = "O=First Org."; 125 byte[] iss2 = new byte[] 126 // manually obtained DER encoding of "O=Second Org." issuer name; 127 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 128 110, 100, 32, 79, 114, 103, 46 }; 129 130 String iss3 = "O=Third Org."; 131 TestCRL crl1 = new TestCRL(new X500Principal(iss1)); 132 TestCRL crl2 = new TestCRL(new X500Principal(iss2)); 133 TestCRL crl3 = new TestCRL(new X500Principal(iss3)); 134 135 try { 136 selector.setIssuerNames(null); 137 } catch (IOException e) { 138 e.printStackTrace(); 139 fail("Unexpected IOException was thrown."); 140 } 141 assertTrue("Any CRL issuers should match in the case of null issuers.", 142 selector.match(crl1) && selector.match(crl2)); 143 144 ArrayList issuers = new ArrayList(2); 145 issuers.add(iss1); 146 issuers.add(iss2); 147 try { 148 selector.setIssuerNames(issuers); 149 } catch (IOException e) { 150 e.printStackTrace(); 151 fail("Unexpected IOException was thrown."); 152 } 153 assertTrue("The CRL should match the selection criteria.", selector 154 .match(crl1) 155 && selector.match(crl2)); 156 assertFalse("The CRL should not match the selection criteria.", 157 selector.match(crl3)); 158 issuers.add(iss3); 159 assertFalse("The internal issuer collection is not protected " 160 + "against the modifications.", selector.match(crl3)); 161 } 162 163 /** 164 * setIssuers(Collection <X500Principal> issuers) method testing. Tests if 165 * CRLs with any issuers match the selector in the case of null issuerNames 166 * criteria, if specified issuers match the selector, and if not specified 167 * issuer does not match the selector. 168 */ 169 public void testSetIssuersLjava_util_Collection() { 170 X509CRLSelector selector = new X509CRLSelector(); 171 X500Principal iss1 = new X500Principal("O=First Org."); 172 X500Principal iss2 = new X500Principal("O=Second Org."); 173 X500Principal iss3 = new X500Principal("O=Third Org."); 174 TestCRL crl1 = new TestCRL(iss1); 175 TestCRL crl2 = new TestCRL(iss2); 176 TestCRL crl3 = new TestCRL(iss3); 177 178 selector.setIssuers(null); 179 assertTrue("Any CRL issuers should match in the case of null issuers.", 180 selector.match(crl1) && selector.match(crl2)); 181 182 ArrayList<X500Principal> issuers = new ArrayList<X500Principal>(2); 183 issuers.add(iss1); 184 issuers.add(iss2); 185 selector.setIssuers(issuers); 186 assertTrue("The CRL should match the selection criteria.", selector 187 .match(crl1) 188 && selector.match(crl2)); 189 assertFalse("The CRL should not match the selection criteria.", 190 selector.match(crl3)); 191 issuers.add(iss3); 192 assertFalse("The internal issuer collection is not protected " 193 + "against the modifications.", selector.match(crl3)); 194 } 195 196 /** 197 * addIssuerName(byte[] name) method testing. Tests if CRLs with specified 198 * issuers match the selector, and if not specified issuer does not match 199 * the selector. 200 */ 201 public void testAddIssuerName$B() { 202 X509CRLSelector selector = new X509CRLSelector(); 203 byte[] iss1 = new byte[] 204 // manually obtained DER encoding of "O=First Org." issuer name; 205 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 206 116, 32, 79, 114, 103, 46 }; 207 byte[] iss2 = new byte[] 208 // manually obtained DER encoding of "O=Second Org." issuer name; 209 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 210 110, 100, 32, 79, 114, 103, 46 }; 211 TestCRL crl1 = new TestCRL(new X500Principal(iss1)); 212 TestCRL crl2 = new TestCRL(new X500Principal(iss2)); 213 214 try { 215 selector.addIssuerName(iss1); 216 } catch (IOException e) { 217 e.printStackTrace(); 218 fail("Unexpected IOException was thrown."); 219 } 220 assertTrue("The CRL should match the selection criteria.", selector 221 .match(crl1)); 222 assertFalse("The CRL should not match the selection criteria.", 223 selector.match(crl2)); 224 try { 225 selector.addIssuerName(iss2); 226 } catch (IOException e) { 227 e.printStackTrace(); 228 fail("Unexpected IOException was thrown."); 229 } 230 assertTrue("The CRL should match the selection criteria.", selector 231 .match(crl2)); 232 } 233 234 /** 235 * setMinCRLNumber(BigInteger minCRL) method testing. Tests if CRLs with any 236 * crl number value match the selector in the case of null crlNumber 237 * criteria, if specified minCRL value matches the selector, and if CRL with 238 * inappropriate crlNumber value does not match the selector. 239 */ 240 public void testSetMinCRLNumberLjava_math_BigInteger() { 241 X509CRLSelector selector = new X509CRLSelector(); 242 BigInteger minCRL = new BigInteger("10000"); 243 CRL crl = new TestCRL(minCRL); 244 245 selector.setMinCRLNumber(null); 246 assertTrue("Any CRL should match in the case of null minCRLNumber.", 247 selector.match(crl)); 248 selector.setMinCRLNumber(minCRL); 249 assertTrue("The CRL should match the selection criteria.", selector 250 .match(crl)); 251 selector.setMinCRLNumber(new BigInteger("10001")); 252 assertFalse("The CRL should not match the selection criteria.", 253 selector.match(crl)); 254 } 255 256 /** 257 * setMaxCRLNumber(BigInteger maxCRL) method testing. Tests if CRLs with any 258 * crl number value match the selector in the case of null crlNumber 259 * criteria, if specified maxCRL value matches the selector, and if CRL with 260 * inappropriate crlNumber value does not match the selector. 261 */ 262 public void testSetMaxCRLNumberLjava_math_BigInteger() { 263 X509CRLSelector selector = new X509CRLSelector(); 264 BigInteger maxCRL = new BigInteger("10000"); 265 TestCRL crl = new TestCRL(maxCRL); 266 267 selector.setMaxCRLNumber(null); 268 assertTrue("Any CRL should match in the case of null minCRLNumber.", 269 selector.match(crl)); 270 selector.setMaxCRLNumber(maxCRL); 271 assertTrue("The CRL should match the selection criteria.", selector 272 .match(crl)); 273 selector.setMaxCRLNumber(new BigInteger("9999")); 274 assertFalse("The CRL should not match the selection criteria.", 275 selector.match(crl)); 276 } 277 278 /** 279 * setDateAndTime(Date dateAndTime) method testing. Tests if CRLs with any 280 * update dates match the selector in the case of null dateAndTime criteria, 281 * if correct dates match and incorrect do not match the selector. 282 */ 283 public void testSetDateAndTimeLjava_util_Date() { 284 X509CRLSelector selector = new X509CRLSelector(); 285 TestCRL crl = new TestCRL(new Date(200), new Date(300)); 286 selector.setDateAndTime(null); 287 assertTrue("Any CRL should match in the case of null dateAndTime.", 288 selector.match(crl)); 289 selector.setDateAndTime(new Date(200)); 290 assertTrue("The CRL should match the selection criteria.", selector 291 .match(crl)); 292 selector.setDateAndTime(new Date(250)); 293 assertTrue("The CRL should match the selection criteria.", selector 294 .match(crl)); 295 selector.setDateAndTime(new Date(300)); 296 assertTrue("The CRL should match the selection criteria.", selector 297 .match(crl)); 298 selector.setDateAndTime(new Date(150)); 299 assertFalse("The CRL should not match the selection criteria.", 300 selector.match(crl)); 301 selector.setDateAndTime(new Date(350)); 302 assertFalse("The CRL should not match the selection criteria.", 303 selector.match(crl)); 304 } 305 306 /** 307 * setCertificateChecking(X509Certificate) method testing. 308 */ 309 public void testSetCertificateCheckingLjava_X509Certificate() 310 throws CertificateException { 311 X509CRLSelector selector = new X509CRLSelector(); 312 313 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 314 X509Certificate cert = (X509Certificate) certFact 315 .generateCertificate(new ByteArrayInputStream(TestUtils 316 .getX509Certificate_v3())); 317 318 TestCRL crl = new TestCRL(); 319 selector.setCertificateChecking(cert); 320 assertTrue("The CRL should match the selection criteria.", selector 321 .match(crl)); 322 assertEquals(cert, selector.getCertificateChecking()); 323 324 selector.setCertificateChecking(null); 325 assertTrue("The CRL should match the selection criteria.", selector 326 .match(crl)); 327 assertNull(selector.getCertificateChecking()); 328 } 329 330 /** 331 * getIssuers() method testing. Tests if the method return null in the case 332 * of not specified issuers, if the returned collection corresponds to the 333 * specified issuers and this collection is unmodifiable. 334 */ 335 public void testGetIssuers() { 336 X509CRLSelector selector = new X509CRLSelector(); 337 X500Principal iss1 = new X500Principal("O=First Org."); 338 X500Principal iss2 = new X500Principal("O=Second Org."); 339 X500Principal iss3 = new X500Principal("O=Third Org."); 340 assertNull("The collection should be null.", selector.getIssuers()); 341 selector.addIssuer(iss1); 342 selector.addIssuer(iss2); 343 Collection<X500Principal> result = selector.getIssuers(); 344 try { 345 result.add(iss3); 346 fail("The returned collection should be unmodifiable."); 347 } catch (UnsupportedOperationException e) { 348 } 349 assertTrue("The collection should contain the specified DN.", result 350 .contains(iss2)); 351 } 352 353 /** 354 * getIssuerNames() method testing. Tests if the method return null in the 355 * case of not specified issuers, if the returned collection corresponds to 356 * the specified issuers. 357 */ 358 public void testGetIssuerNames() { 359 X509CRLSelector selector = new X509CRLSelector(); 360 byte[] iss1 = new byte[] 361 // manually obtained DER encoding of "O=First Org." issuer name; 362 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 363 116, 32, 79, 114, 103, 46 }; 364 byte[] iss2 = new byte[] 365 // manually obtained DER encoding of "O=Second Org." issuer name; 366 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 367 110, 100, 32, 79, 114, 103, 46 }; 368 assertNull("The collection should be null.", selector.getIssuerNames()); 369 try { 370 selector.addIssuerName(iss1); 371 selector.addIssuerName(iss2); 372 } catch (IOException e) { 373 e.printStackTrace(); 374 fail("Unexpected IOException was thrown."); 375 } 376 Collection<Object> result = selector.getIssuerNames(); 377 assertEquals("The collection should contain all of the specified DNs.", 378 2, result.size()); 379 } 380 381 /** 382 * getMinCRL() method testing. Tests if the method return null in the case 383 * of not specified minCRL criteria, and if the returned value corresponds 384 * to the specified one. 385 */ 386 public void testGetMinCRL() { 387 X509CRLSelector selector = new X509CRLSelector(); 388 assertNull("Initially the minCRL should be null.", selector.getMinCRL()); 389 BigInteger minCRL = new BigInteger("10000"); 390 selector.setMinCRLNumber(minCRL); 391 assertTrue("The result should be equal to specified.", minCRL 392 .equals(selector.getMinCRL())); 393 } 394 395 /** 396 * getMaxCRL() method testing. Tests if the method return null in the case 397 * of not specified maxCRL criteria, and if the returned value corresponds 398 * to the specified one. 399 */ 400 public void testGetMaxCRL() { 401 X509CRLSelector selector = new X509CRLSelector(); 402 assertNull("Initially the maxCRL should be null.", selector.getMaxCRL()); 403 BigInteger maxCRL = new BigInteger("10000"); 404 selector.setMaxCRLNumber(maxCRL); 405 assertTrue("The result should be equal to specified.", maxCRL 406 .equals(selector.getMaxCRL())); 407 } 408 409 /** 410 * getDateAndTime() method testing. Tests if the method return null in the 411 * case of not specified dateAndTime criteria, and if the returned value 412 * corresponds to the specified one. 413 */ 414 public void testGetDateAndTime() { 415 X509CRLSelector selector = new X509CRLSelector(); 416 assertNull("Initially the dateAndTime criteria should be null.", 417 selector.getDateAndTime()); 418 Date date = new Date(200); 419 selector.setDateAndTime(date); 420 assertTrue("The result should be equal to specified.", date 421 .equals(selector.getDateAndTime())); 422 } 423 424 /** 425 * getCertificateChecking() method testing. 426 */ 427 public void testGetCertificateCheckingLjava_X509Certificate() 428 throws CertificateException { 429 X509CRLSelector selector = new X509CRLSelector(); 430 431 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 432 X509Certificate cert = (X509Certificate) certFact 433 .generateCertificate(new ByteArrayInputStream(TestUtils 434 .getX509Certificate_v3())); 435 436 selector.setCertificateChecking(cert); 437 assertEquals(cert, selector.getCertificateChecking()); 438 439 selector.setCertificateChecking(null); 440 assertNull(selector.getCertificateChecking()); 441 } 442 443 /** 444 * match(CRL crl) method testing. Tests if the null object matches to the 445 * selector or not. 446 */ 447 public void testMatchLjava_security_cert_X509CRL() { 448 X509CRLSelector selector = new X509CRLSelector(); 449 assertFalse("The null object should not match", selector 450 .match((X509CRL) null)); 451 } 452 453 /** 454 * clone() method testing. Tests if the selector is cloned correctly: the 455 * crl which matche to the initial selector should match to the clone and 456 * the change of clone should not cause the change of initial selector. 457 */ 458 public void testClone() { 459 X509CRLSelector selector = new X509CRLSelector(); 460 X500Principal iss1 = new X500Principal("O=First Org."); 461 X500Principal iss2 = new X500Principal("O=Second Org."); 462 X500Principal iss3 = new X500Principal("O=Third Org."); 463 BigInteger minCRL = new BigInteger("10000"); 464 BigInteger maxCRL = new BigInteger("10000"); 465 Date date = new Date(200); 466 467 selector.addIssuer(iss1); 468 selector.addIssuer(iss2); 469 selector.setMinCRLNumber(minCRL); 470 selector.setMaxCRLNumber(maxCRL); 471 selector.setDateAndTime(date); 472 473 X509CRLSelector clone = (X509CRLSelector) selector.clone(); 474 TestCRL crl = new TestCRL(iss1); 475 crl.setCrlNumber(minCRL); 476 crl.setUpdateDates(new Date(200), new Date(200)); 477 assertTrue("The specified CRL should match the clone selector.", 478 selector.match(crl)); 479 480 clone.addIssuer(iss3); 481 assertFalse("The changes of the clone selector should not cause " 482 + "the changes of initial object", selector.getIssuerNames() 483 .size() == 3); 484 } 485 public void testToString() { 486 X509CRLSelector selector = new X509CRLSelector(); 487 X500Principal iss1 = new X500Principal("O=First Org."); 488 X500Principal iss2 = new X500Principal("O=Second Org."); 489 BigInteger minCRL = new BigInteger("10000"); 490 BigInteger maxCRL = new BigInteger("10000"); 491 Date date = new Date(200); 492 493 selector.addIssuer(iss1); 494 selector.addIssuer(iss2); 495 selector.setMinCRLNumber(minCRL); 496 selector.setMaxCRLNumber(maxCRL); 497 selector.setDateAndTime(date); 498 499 assertNotNull("The result should not be null.", selector.toString()); 500 } 501 502 /** 503 * The abstract class stub implementation. 504 */ 505 private class TestCRL extends X509CRL { 506 507 private X500Principal principal = null; 508 509 private BigInteger crlNumber = null; 510 511 private Date thisUpdate = null; 512 513 private Date nextUpdate = null; 514 515 public TestCRL() { 516 } 517 518 public TestCRL(X500Principal principal) { 519 this.principal = principal; 520 } 521 522 public TestCRL(Date thisUpdate, Date nextUpdate) { 523 setUpdateDates(thisUpdate, nextUpdate); 524 } 525 526 public TestCRL(BigInteger crlNumber) { 527 setCrlNumber(crlNumber); 528 } 529 530 public void setUpdateDates(Date thisUpdate, Date nextUpdate) { 531 this.thisUpdate = thisUpdate; 532 this.nextUpdate = nextUpdate; 533 } 534 535 public void setCrlNumber(BigInteger crlNumber) { 536 this.crlNumber = crlNumber; 537 } 538 539 public X500Principal getIssuerX500Principal() { 540 return principal; 541 } 542 543 public String toString() { 544 return null; 545 } 546 547 public boolean isRevoked(Certificate cert) { 548 return true; 549 } 550 551 public Set<String> getNonCriticalExtensionOIDs() { 552 return null; 553 } 554 555 public Set<String> getCriticalExtensionOIDs() { 556 return null; 557 } 558 559 public byte[] getExtensionValue(String oid) { 560 if ("2.5.29.20".equals(oid) && (crlNumber != null)) { 561 DerOutputStream out = new DerOutputStream(); 562 try { 563 out.putOctetString((new CRLNumberExtension(crlNumber)).getExtensionValue()); 564 } catch (IOException e) { 565 throw new IllegalStateException("Unexpected IOException" , e); 566 } 567 return out.toByteArray(); 568 } 569 return null; 570 } 571 572 public boolean hasUnsupportedCriticalExtension() { 573 return false; 574 } 575 576 public byte[] getEncoded() { 577 return null; 578 } 579 580 @SuppressWarnings("unused") 581 public void verify(PublicKey key) throws CRLException, 582 NoSuchAlgorithmException, InvalidKeyException, 583 NoSuchProviderException, SignatureException { 584 } 585 586 @SuppressWarnings("unused") 587 public void verify(PublicKey key, String sigProvider) 588 throws CRLException, NoSuchAlgorithmException, 589 InvalidKeyException, NoSuchProviderException, 590 SignatureException { 591 } 592 593 public int getVersion() { 594 return 2; 595 } 596 597 public Principal getIssuerDN() { 598 return null; 599 } 600 601 public Date getThisUpdate() { 602 return thisUpdate; 603 } 604 605 public Date getNextUpdate() { 606 return nextUpdate; 607 } 608 609 public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { 610 return null; 611 } 612 613 public Set<X509CRLEntry> getRevokedCertificates() { 614 return null; 615 } 616 617 public byte[] getTBSCertList() { 618 return null; 619 } 620 621 public byte[] getSignature() { 622 return null; 623 } 624 625 public String getSigAlgName() { 626 return null; 627 } 628 629 public String getSigAlgOID() { 630 return null; 631 } 632 633 public byte[] getSigAlgParams() { 634 return null; 635 } 636 } 637 } 638
