1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 /** 19 * @author Vladimir N. Molotkov 20 * @version $Revision$ 21 */ 22 23 package tests.security.cert; 24 25 import com.android.org.bouncycastle.asn1.ASN1Sequence; 26 import com.android.org.bouncycastle.asn1.x509.GeneralSubtree; 27 import com.android.org.bouncycastle.asn1.x509.NameConstraints; 28 29 import junit.framework.TestCase; 30 31 import org.apache.harmony.security.tests.support.TestCertUtils; 32 import org.apache.harmony.security.tests.support.TestKeyPair; 33 import org.apache.harmony.security.tests.support.cert.TestUtils; 34 35 import java.io.ByteArrayInputStream; 36 import java.io.IOException; 37 import java.math.BigInteger; 38 import java.security.PublicKey; 39 import java.security.cert.CertificateException; 40 import java.security.cert.CertificateFactory; 41 import java.security.cert.TrustAnchor; 42 import java.security.cert.X509Certificate; 43 import java.security.spec.InvalidKeySpecException; 44 import java.util.Arrays; 45 46 import javax.security.auth.x500.X500Principal; 47 48 /** 49 * Unit tests for <code>TrustAnchor</code> 50 */ 51 public class TrustAnchorTest extends TestCase { 52 private static final String keyAlg = "DSA"; 53 // Sample of some valid CA name 54 private static final String validCaNameRfc2253 = 55 "CN=Test CA,"+ 56 "OU=Testing Division,"+ 57 "O=Test It All,"+ 58 "L=Test Town,"+ 59 "ST=Testifornia,"+ 60 "C=Testland"; 61 62 /** 63 * Test #1 for <code>TrustAnchor(String, PublicKey, byte[])</code> constructor<br> 64 * Assertion: creates <code>TrustAnchor</code> instance<br> 65 * Test preconditions: valid parameters passed<br> 66 * Expected: must pass without any exceptions 67 * @throws InvalidKeySpecException 68 */ 69 public final void testTrustAnchorStringPublicKeybyteArray01() 70 throws Exception { 71 72 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 73 74 // sub testcase 1 75 new TrustAnchor(validCaNameRfc2253, pk, getFullEncoding()); 76 // sub testcase 2 77 new TrustAnchor(validCaNameRfc2253, pk, getEncodingPSOnly()); 78 // sub testcase 3 79 new TrustAnchor(validCaNameRfc2253, pk, getEncodingESOnly()); 80 // sub testcase 4 81 new TrustAnchor(validCaNameRfc2253, pk, getEncodingNoMinMax()); 82 } 83 84 /** 85 * Test #2 for <code>TrustAnchor(String, PublicKey, byte[])</code> constructor<br> 86 * Assertion: creates <code>TrustAnchor</code> instance<br> 87 * Test preconditions: <code>null</code> as nameConstraints passed<br> 88 * Expected: must pass without any exceptions 89 * @throws InvalidKeySpecException 90 */ 91 public final void testTrustAnchorStringPublicKeybyteArray02() 92 throws Exception { 93 94 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 95 96 new TrustAnchor(validCaNameRfc2253, pk, null); 97 } 98 99 /** 100 * Test #3 for <code>TrustAnchor(String, PublicKey, byte[])</code> constructor<br> 101 * Assertion: nameConstraints cloned by the constructor<br> 102 * Test preconditions: modify passed nameConstraints<br> 103 * Expected: modification must not change object internal state 104 * @throws InvalidKeySpecException 105 */ 106 public final void testTrustAnchorStringPublicKeybyteArray03() 107 throws Exception { 108 109 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 110 111 byte[] nc = getEncodingPSOnly(); 112 byte[] ncCopy = nc.clone(); 113 // sub testcase 5 - nameConstraints can be null 114 TrustAnchor ta = new TrustAnchor(validCaNameRfc2253, pk, ncCopy); 115 // modify 116 ncCopy[0]=(byte)0; 117 // check that above modification did not change 118 // object internal state 119 assertTrue(Arrays.equals(nc, ta.getNameConstraints())); 120 } 121 122 /** 123 * Test #4 for <code>TrustAnchor(String, PublicKey, byte[])</code> constructor<br> 124 * Assertion: <code>NullPointerException</code> if <code>caName</code> 125 * or <code>caPublicKey</code> parameter is <code>null</code><br> 126 * Test preconditions: pass <code>null</code> as mentioned parameter<br> 127 * Expected: NullPointerException 128 */ 129 public final void testTrustAnchorStringPublicKeybyteArray04() 130 throws Exception { 131 132 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 133 134 // sub testcase 1: 'caName' param is null 135 try { 136 new TrustAnchor((String)null, pk, getEncodingPSOnly()); 137 fail("NullPointerException has not been thrown"); 138 } catch (NullPointerException ok) { 139 } 140 141 // sub testcase 2: 'caPublicKey' param is null 142 try { 143 new TrustAnchor(validCaNameRfc2253, null, getEncodingPSOnly()); 144 fail("NullPointerException has not been thrown"); 145 } catch (NullPointerException ok) { 146 } 147 148 // sub testcase 3: 'caName' and 'caPublicKey' params are null 149 try { 150 new TrustAnchor((String)null, null, getEncodingPSOnly()); 151 fail("NullPointerException has not been thrown"); 152 } catch (NullPointerException ok) { 153 } 154 155 // sub testcase 4: 'caName' param is empty 156 try { 157 new TrustAnchor("", pk, getEncodingPSOnly()); 158 fail("IllegalArgumentException has not been thrown"); 159 } catch (IllegalArgumentException ok) { 160 } 161 162 // sub testcase 5: 'caName' param is incorrect distinguished name 163 try { 164 new TrustAnchor("AID.11.12=A", pk, getEncodingPSOnly()); 165 fail("IllegalArgumentException has not been thrown"); 166 } catch (IllegalArgumentException ok) { 167 } 168 } 169 170 /** 171 * Test #1 for <code>TrustAnchor(X500Principal, PublicKey, byte[])</code> constructor<br> 172 * Assertion: creates <code>TrustAnchor</code> instance<br> 173 * Test preconditions: valid parameters passed<br> 174 * Expected: must pass without any exceptions 175 * @throws InvalidKeySpecException 176 */ 177 public final void testTrustAnchorX500PrincipalPublicKeybyteArray01() 178 throws Exception { 179 180 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 181 182 X500Principal x500p = new X500Principal(validCaNameRfc2253); 183 // sub testcase 1 184 new TrustAnchor(x500p, pk, getFullEncoding()); 185 // sub testcase 2 186 new TrustAnchor(x500p, pk, getEncodingPSOnly()); 187 // sub testcase 3 188 new TrustAnchor(x500p, pk, getEncodingESOnly()); 189 // sub testcase 4 190 new TrustAnchor(x500p, pk, getEncodingNoMinMax()); 191 } 192 193 /** 194 * Test #2 for <code>TrustAnchor(X500Principal, PublicKey, byte[])</code> constructor<br> 195 * Assertion: creates <code>TrustAnchor</code> instance<br> 196 * Test preconditions: <code>null</code> as nameConstraints passed<br> 197 * Expected: must pass without any exceptions 198 * @throws InvalidKeySpecException 199 */ 200 public final void testTrustAnchorX500PrincipalPublicKeybyteArray02() 201 throws Exception { 202 203 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 204 205 X500Principal x500p = new X500Principal(validCaNameRfc2253); 206 207 new TrustAnchor(x500p, pk, null); 208 } 209 210 /** 211 * Test #3 for <code>TrustAnchor(X500Principal, PublicKey, byte[])</code> constructor<br> 212 * Assertion: nameConstraints cloned by the constructor<br> 213 * Test preconditions: modify passed nameConstraints<br> 214 * Expected: modification must not change object internal state 215 * @throws InvalidKeySpecException 216 */ 217 public final void testTrustAnchorX500PrincipalPublicKeybyteArray03() 218 throws Exception { 219 220 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 221 222 byte[] nc = getEncodingPSOnly(); 223 byte[] ncCopy = nc.clone(); 224 // sub testcase 5 - nameConstraints can be null 225 TrustAnchor ta = new TrustAnchor(new X500Principal(validCaNameRfc2253), 226 pk, ncCopy); 227 // modify 228 ncCopy[0]=(byte)0; 229 // check that above modification did not change 230 // object internal state 231 assertTrue(Arrays.equals(nc, ta.getNameConstraints())); 232 } 233 234 /** 235 * Test #4 for <code>TrustAnchor(X500Principal, PublicKey, byte[])</code> constructor<br> 236 * Assertion: <code>NullPointerException</code> if <code>caPrincipal</code> 237 * or <code>caPublicKey</code> parameter is <code>null</code><br> 238 * Test preconditions: pass <code>null</code> as mentioned parameter<br> 239 * Expected: NullPointerException 240 * @throws InvalidKeySpecException 241 */ 242 public final void testTrustAnchorX500PrincipalPublicKeybyteArray04() 243 throws Exception { 244 245 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 246 247 X500Principal x500p = new X500Principal(validCaNameRfc2253); 248 // sub testcase 1 249 try { 250 new TrustAnchor((X500Principal)null, 251 pk, getEncodingPSOnly()); 252 fail("NullPointerException has not been thrown"); 253 } catch (NullPointerException ok) { 254 } 255 256 // sub testcase 2 257 try { 258 new TrustAnchor(x500p, null, getEncodingPSOnly()); 259 fail("NullPointerException has not been thrown"); 260 } catch (NullPointerException ok) { 261 } 262 263 // sub testcase 3 264 try { 265 new TrustAnchor((X500Principal)null, null, 266 getEncodingPSOnly()); 267 fail("NullPointerException has not been thrown"); 268 } catch (NullPointerException ok) { 269 } 270 271 } 272 273 /** 274 * Test #1 for <code>TrustAnchor(X509Certificate, byte[])</code> 275 * constructor<br> 276 * Assertion: creates <code>TrustAnchor</code> instance<br> 277 * Test preconditions: valid parameters passed<br> 278 * Expected: must pass without any exceptions 279 */ 280 public final void testTrustAnchorX509CertificatebyteArray01() 281 throws CertificateException { 282 283 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 284 X509Certificate pemCert = (X509Certificate) certFact 285 .generateCertificate(new ByteArrayInputStream(TestUtils 286 .getX509Certificate_v3())); 287 288 // sub testcase 1 289 TrustAnchor ta1 = new TrustAnchor(pemCert, getFullEncoding()); 290 assertNull(ta1.getCA()); 291 assertNull(ta1.getCAName()); 292 assertNull(ta1.getCAPublicKey()); 293 assertTrue(Arrays.equals(getFullEncoding(), ta1.getNameConstraints())); 294 assertEquals(pemCert, ta1.getTrustedCert()); 295 296 // sub testcase 2 297 TrustAnchor ta2 = new TrustAnchor(pemCert, getEncodingPSOnly()); 298 assertNull(ta2.getCA()); 299 assertNull(ta2.getCAName()); 300 assertNull(ta2.getCAPublicKey()); 301 assertTrue(Arrays.equals(getEncodingPSOnly(), ta2.getNameConstraints())); 302 assertEquals(pemCert, ta2.getTrustedCert()); 303 304 // sub testcase 3 305 TrustAnchor ta3 = new TrustAnchor(pemCert, getEncodingESOnly()); 306 assertNull(ta3.getCA()); 307 assertNull(ta3.getCAName()); 308 assertNull(ta3.getCAPublicKey()); 309 assertTrue(Arrays.equals(getEncodingESOnly(), ta3.getNameConstraints())); 310 assertEquals(pemCert, ta3.getTrustedCert()); 311 312 // sub testcase 4 313 TrustAnchor ta4 = new TrustAnchor(pemCert, getEncodingNoMinMax()); 314 assertNull(ta4.getCA()); 315 assertNull(ta4.getCAName()); 316 assertNull(ta4.getCAPublicKey()); 317 assertTrue(Arrays.equals(getEncodingNoMinMax(), ta4 318 .getNameConstraints())); 319 assertEquals(pemCert, ta4.getTrustedCert()); 320 } 321 322 /** 323 * Test #2 for <code>TrustAnchor(X509Certificate, byte[])</code> 324 * constructor<br> 325 * Assertion: creates <code>TrustAnchor</code> instance<br> 326 * Test preconditions: <code>null</code> as X509Certificate passed<br> 327 * Expected: <code>NullPointerException</code> 328 */ 329 public final void testTrustAnchorX509CertificatebyteArray02() 330 throws Exception { 331 332 try { 333 new TrustAnchor(null, getFullEncoding()); 334 fail("NullPointerException expected"); 335 } catch (NullPointerException e) { 336 // expected 337 } 338 } 339 340 /** 341 * Test #3 for <code>TrustAnchor(X509Certificate, byte[])</code> 342 * constructor<br> 343 * Assertion: creates <code>TrustAnchor</code> instance<br> 344 * Test preconditions: <code>null</code> as nameConstraints passed<br> 345 * Expected: must pass without any exceptions 346 */ 347 public final void testTrustAnchorX509CertificatebyteArray03() 348 throws Exception { 349 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 350 X509Certificate pemCert = (X509Certificate) certFact 351 .generateCertificate(new ByteArrayInputStream(TestUtils 352 .getX509Certificate_v3())); 353 354 try { 355 new TrustAnchor(pemCert, null); 356 } catch (Exception e) { 357 fail("Unexpected exeption " + e.getMessage()); 358 } 359 } 360 361 /** 362 * Test #4 for <code>TrustAnchor(X509Certificate, byte[])</code> 363 * constructor<br> 364 * Assertion: creates <code>TrustAnchor</code> instance<br> 365 * Test preconditions: pass not valid name constraints array Expected: 366 * IllegalArgumentException 367 * 368 */ 369 public final void testTrustAnchorX509CertificatebyteArray04() 370 throws Exception { 371 372 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 373 X509Certificate pemCert = (X509Certificate) certFact 374 .generateCertificate(new ByteArrayInputStream(TestUtils 375 .getX509Certificate_v3())); 376 377 try { 378 new TrustAnchor(pemCert, 379 new byte[] { (byte) 1, (byte) 2, (byte) 3 }); 380 fail("IllegalArgumentException expected"); 381 } catch (IllegalArgumentException e) { 382 // expected 383 } 384 } 385 386 /** 387 * Test #5 for <code>TrustAnchor(X509Certificate, byte[])</code> 388 * constructor<br> 389 * Assertion: creates <code>TrustAnchor</code> instance<br> 390 * Test preconditions: both parameters are passed as null<br> 391 * Expected: <code>NullPointerException</code> 392 */ 393 public final void testTrustAnchorX509CertificatebyteArray05() 394 throws Exception { 395 396 try { 397 new TrustAnchor(null, null); 398 fail("NullPointerException expected"); 399 } catch (NullPointerException e) { 400 // expected 401 } 402 } 403 404 /** 405 * Test #1 for <code>getCAPublicKey()</code> method<br> 406 * 407 * Assertion: returns most trusted CA public key</code><br> 408 * Test preconditions: valid name passed to the constructor<br> 409 * Expected: the same name must be returned by the method<br> 410 * 411 */ 412 public final void testGetCAPublicKey01() throws Exception { 413 414 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 415 416 // sub testcase 1 417 TrustAnchor ta = 418 new TrustAnchor(validCaNameRfc2253, pk, null); 419 assertEquals("equals1", pk, ta.getCAPublicKey()); 420 // sub testcase 2 421 X500Principal x500p = new X500Principal(validCaNameRfc2253); 422 ta = new TrustAnchor(x500p, pk, null); 423 assertEquals("equals2", pk, ta.getCAPublicKey()); 424 } 425 426 427 /** 428 * Test #1 for <code>getCAName()</code> method<br> 429 * 430 * Assertion: returns most trusted CA name as <code>String</code><br> 431 * Test preconditions: valid name passed to the constructor<br> 432 * Expected: the same name must be returned by the method<br> 433 * @throws InvalidKeySpecException 434 */ 435 public final void testGetCAName01() throws Exception { 436 437 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 438 439 // sub testcase 1 440 TrustAnchor ta = 441 new TrustAnchor(validCaNameRfc2253, pk, null); 442 assertEquals("equals1", validCaNameRfc2253, ta.getCAName()); 443 // sub testcase 2 444 X500Principal x500p = new X500Principal(validCaNameRfc2253); 445 ta = new TrustAnchor(x500p, pk, null); 446 assertEquals("equals2", validCaNameRfc2253, ta.getCAName()); 447 } 448 449 /** 450 * Test #2 for <code>getCAName()</code> method<br> 451 * 452 * Assertion: returns ... <code>null</code> if <code>TrustAnchor</code> 453 * was not specified as trusted certificate<br> 454 * Test preconditions: test object is not specified as trusted certificate<br> 455 * Expected: <code>null</code> as return value<br> 456 * @throws InvalidKeySpecException 457 */ 458 public final void testGetTrustedCer02() throws Exception { 459 460 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 461 462 // sub testcase 1 463 TrustAnchor ta = 464 new TrustAnchor(validCaNameRfc2253, pk, null); 465 assertNull("null1", ta.getTrustedCert()); 466 // sub testcase 2 467 X500Principal x500p = new X500Principal(validCaNameRfc2253); 468 ta = new TrustAnchor(x500p, pk, null); 469 assertNull("null2", ta.getTrustedCert()); 470 471 X509Certificate cert = new TestCertUtils.TestX509Certificate(x500p, x500p); 472 TrustAnchor ta2 = new TrustAnchor(cert, null); 473 assertSame(cert, ta2.getTrustedCert()); 474 } 475 476 /** 477 * Test #1 for <code>getNameConstraints()</code> method<br> 478 * 479 * Assertion: Returns the name constraints parameter.<br> 480 * Test preconditions: valid parameters are passed to the constructors<br> 481 * Expected: the valid parameters must be returned by the method<br> 482 */ 483 public final void testGetNameConstraints01() throws Exception { 484 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 485 TrustAnchor ta1 = new TrustAnchor(validCaNameRfc2253, pk, 486 getFullEncoding()); 487 assertTrue(Arrays.equals(getFullEncoding(), ta1.getNameConstraints())); 488 489 X500Principal x500p = new X500Principal(validCaNameRfc2253); 490 TrustAnchor ta2 = new TrustAnchor(x500p, pk, getEncodingNoMinMax()); 491 assertTrue(Arrays.equals(getEncodingNoMinMax(), ta2 492 .getNameConstraints())); 493 494 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 495 X509Certificate pemCert = (X509Certificate) certFact 496 .generateCertificate(new ByteArrayInputStream(TestUtils 497 .getX509Certificate_v3())); 498 499 TrustAnchor ta3 = new TrustAnchor(pemCert, getEncodingPSOnly()); 500 assertTrue(Arrays.equals(getEncodingPSOnly(), ta3.getNameConstraints())); 501 } 502 503 /** 504 * Test #2 for <code>getNameConstraints()</code> method<br> 505 * 506 * Assertion: Returns the name constraints parameter.<br> 507 * Test preconditions: null parameters are passed to the constructors<br> 508 * Expected: the null parameters must be returned by the method<br> 509 */ 510 public final void testGetNameConstraints02() throws Exception { 511 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 512 TrustAnchor ta1 = new TrustAnchor(validCaNameRfc2253, pk, null); 513 assertNull(ta1.getNameConstraints()); 514 515 X500Principal x500p = new X500Principal(validCaNameRfc2253); 516 TrustAnchor ta2 = new TrustAnchor(x500p, pk, null); 517 assertNull(ta2.getNameConstraints()); 518 519 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 520 X509Certificate pemCert = (X509Certificate) certFact 521 .generateCertificate(new ByteArrayInputStream(TestUtils 522 .getX509Certificate_v3())); 523 524 TrustAnchor ta3 = new TrustAnchor(pemCert, null); 525 assertNull(ta3.getNameConstraints()); 526 } 527 528 /** 529 * Test #1 for <code>toString()</code> method<br> 530 * 531 * Assertion: returns a formatted string describing the TrustAnchor<br> 532 * Test preconditions: valid parameters are passed to the constructors<br> 533 * Expected: not null string<br> 534 */ 535 public final void testToString() throws Exception { 536 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 537 TrustAnchor ta1 = new TrustAnchor(validCaNameRfc2253, pk, 538 getFullEncoding()); 539 assertNotNull(ta1.toString()); 540 541 X500Principal x500p = new X500Principal(validCaNameRfc2253); 542 TrustAnchor ta2 = new TrustAnchor(x500p, pk, getEncodingNoMinMax()); 543 assertNotNull(ta2.toString()); 544 545 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 546 X509Certificate pemCert = (X509Certificate) certFact 547 .generateCertificate(new ByteArrayInputStream(TestUtils 548 .getX509Certificate_v3())); 549 550 TrustAnchor ta3 = new TrustAnchor(pemCert, getEncodingPSOnly()); 551 assertNotNull(ta3.toString()); 552 } 553 554 /** 555 * Test #1 for <code>getCA()</code> method<br> 556 * 557 * Assertion: returns most trusted CA<br> 558 * Test preconditions: valid CA or CA name passed to the constructor<br> 559 * Expected: the same CA ot the CA with the same name must be returned 560 * by the method<br> 561 * @throws InvalidKeySpecException 562 */ 563 public final void testGetCA01() throws Exception { 564 565 PublicKey pk = new TestKeyPair(keyAlg).getPublic(); 566 567 // sub testcase 1 568 TrustAnchor ta = 569 new TrustAnchor(validCaNameRfc2253, pk, null); 570 X500Principal ca = ta.getCA(); 571 assertEquals("equals1", validCaNameRfc2253, ca.getName()); 572 // sub testcase 2 573 X500Principal x500p = new X500Principal(validCaNameRfc2253); 574 ta = new TrustAnchor(x500p, pk, null); 575 assertEquals("equals2", x500p, ta.getCA()); 576 } 577 578 // 579 // Private stuff 580 // 581 582 /* 583 * The following methods return valid DER encoding 584 * for the following ASN.1 definition (as specified in RFC 3280 - 585 * Internet X.509 Public Key Infrastructure. 586 * Certificate and Certificate Revocation List (CRL) Profile. 587 * http://www.ietf.org/rfc/rfc3280.txt): 588 * 589 * NameConstraints ::= SEQUENCE { 590 * permittedSubtrees [0] GeneralSubtrees OPTIONAL, 591 * excludedSubtrees [1] GeneralSubtrees OPTIONAL } 592 * 593 * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree 594 * 595 * GeneralSubtree ::= SEQUENCE { 596 * base GeneralName, 597 * minimum [0] BaseDistance DEFAULT 0, 598 * maximum [1] BaseDistance OPTIONAL } 599 * 600 * BaseDistance ::= INTEGER (0..MAX) 601 * 602 * GeneralName ::= CHOICE { 603 * otherName [0] OtherName, 604 * rfc822Name [1] IA5String, 605 * dNSName [2] IA5String, 606 * x400Address [3] ORAddress, 607 * directoryName [4] Name, 608 * ediPartyName [5] EDIPartyName, 609 * uniformResourceIdentifier [6] IA5String, 610 * iPAddress [7] OCTET STRING, 611 * registeredID [8] OBJECT IDENTIFIER} 612 */ 613 614 // 615 // Full NameConstraints encoding 616 // Used to generate following byte array 617 // org.bouncycastle.asn1.x509.GeneralName[] excluded_names = 618 // new org.bouncycastle.asn1.x509.GeneralName[] { 619 // new org.bouncycastle.asn1.x509.GeneralName(6, "foo.com"), 620 // new org.bouncycastle.asn1.x509.GeneralName(6, "bar.com"), 621 // new org.bouncycastle.asn1.x509.GeneralName(6, "muu"), 622 // }; 623 // org.bouncycastle.asn1.x509.GeneralName[] permitted_names = 624 // new org.bouncycastle.asn1.x509.GeneralName[] { 625 // new org.bouncycastle.asn1.x509.GeneralName(6, "foo.co.uk"), 626 // new org.bouncycastle.asn1.x509.GeneralName(6, "bar.co.uk"), 627 // new org.bouncycastle.asn1.x509.GeneralName(6, "muuu"), 628 // }; 629 // 630 // org.bouncycastle.asn1.x509.GeneralSubtree[] excluded_subtrees = 631 // new org.bouncycastle.asn1.x509.GeneralSubtree[excluded_names.length]; 632 // for (int i = 0; i < excluded_names.length; i++) { 633 // excluded_subtrees[i] = new org.bouncycastle.asn1.x509.GeneralSubtree( 634 // excluded_names[i], new BigInteger("0"), new BigInteger("1")); 635 // } 636 // org.bouncycastle.asn1.x509.GeneralSubtree[] permitted_subtrees = 637 // new org.bouncycastle.asn1.x509.GeneralSubtree[permitted_names.length]; 638 // for (int i = 0; i < permitted_names.length; i++) { 639 // permitted_subtrees[i] = new org.bouncycastle.asn1.x509.GeneralSubtree( 640 // permitted_names[i], new BigInteger("0"), new BigInteger("1")); 641 // } 642 // org.bouncycastle.asn1.x509.NameConstraints constraints = 643 // new org.bouncycastle.asn1.x509.NameConstraints( 644 // permitted_subtrees, excluded_subtrees); 645 // try { 646 // System.out.println("XXX"+Arrays.toString(constraints.getEncoded())+"XXX"); 647 // } catch (IOException e) { 648 // throw new IllegalStateException(e); 649 // } 650 // 651 // @return Full NameConstraints encoding 652 // with all OPTIONAL values presented. 653 // 654 private static final byte[] getFullEncoding() { 655 // DO NOT MODIFY! 656 return new byte[] { 657 48, 85, -96, 43, 48, 14, -122, 9, 102, 111, 111, 46, 99, 111, 46, 658 117, 107, -127, 1, 1, 48, 14, -122, 9, 98, 97, 114, 46, 99, 111, 659 46, 117, 107, -127, 1, 1, 48, 9, -122, 4, 109, 117, 117, 117, 660 -127, 1, 1, -95, 38, 48, 12, -122, 7, 102, 111, 111, 46, 99, 111, 661 109, -127, 1, 1, 48, 12, -122, 7, 98, 97, 114, 46, 99, 111, 109, 662 -127, 1, 1, 48, 8, -122, 3, 109, 117, 117, -127, 1, 1 663 }; 664 } 665 666 // 667 // NameConstraints encoding without excludedSubtrees 668 // Used to generate following byte array 669 // org.bouncycastle.asn1.x509.GeneralName[] permitted_names = 670 // new org.bouncycastle.asn1.x509.GeneralName[] { 671 // new org.bouncycastle.asn1.x509.GeneralName(6, "foo.co.uk"), 672 // new org.bouncycastle.asn1.x509.GeneralName(6, "bar.co.uk"), 673 // new org.bouncycastle.asn1.x509.GeneralName(6, "muuu"), 674 // }; 675 // 676 // org.bouncycastle.asn1.x509.GeneralSubtree[] permitted_subtrees = 677 // new org.bouncycastle.asn1.x509.GeneralSubtree[permitted_names.length]; 678 // for (int i = 0; i < permitted_names.length; i++) { 679 // permitted_subtrees[i] = new org.bouncycastle.asn1.x509.GeneralSubtree( 680 // permitted_names[i], new BigInteger("0"), new BigInteger("1")); 681 // } 682 // org.bouncycastle.asn1.x509.NameConstraints constraints = 683 // new org.bouncycastle.asn1.x509.NameConstraints( 684 // permitted_subtrees, null); 685 // try { 686 // System.out.println("XXX"+Arrays.toString(constraints.getEncoded())+"XXX"); 687 // } catch (IOException e) { 688 // throw new IllegalStateException(e); 689 // } 690 // 691 // @return NameConstraints encoding with 692 // permittedSubtrees only; all OPTIONAL 693 // values in permittedSubtrees are presented. 694 // 695 private static final byte[] getEncodingPSOnly() { 696 // DO NOT MODIFY! 697 return new byte[] { 698 48, 45, -96, 43, 48, 14, -122, 9, 102, 111, 111, 46, 99, 111, 699 46, 117, 107, -127, 1, 1, 48, 14, -122, 9, 98, 97, 114, 46, 99, 700 111, 46, 117, 107, -127, 1, 1, 48, 9, -122, 4, 109, 117, 117, 701 117, -127, 1, 1 702 }; 703 } 704 705 // 706 // NameConstraints encoding without permittedSubtrees 707 // Used to generate following byte array 708 // org.bouncycastle.asn1.x509.GeneralName[] excluded_names = 709 // new org.bouncycastle.asn1.x509.GeneralName[] { 710 // new org.bouncycastle.asn1.x509.GeneralName(6, "foo.com"), 711 // new org.bouncycastle.asn1.x509.GeneralName(6, "bar.com"), 712 // new org.bouncycastle.asn1.x509.GeneralName(6, "muu"), 713 // }; 714 // 715 // org.bouncycastle.asn1.x509.GeneralSubtree[] excluded_subtrees = 716 // new org.bouncycastle.asn1.x509.GeneralSubtree[excluded_names.length]; 717 // for (int i = 0; i < excluded_names.length; i++) { 718 // excluded_subtrees[i] = new org.bouncycastle.asn1.x509.GeneralSubtree( 719 // excluded_names[i], new BigInteger("0"), new BigInteger("1")); 720 // } 721 // org.bouncycastle.asn1.x509.NameConstraints constraints = 722 // new org.bouncycastle.asn1.x509.NameConstraints( 723 // null, excluded_subtrees); 724 // try { 725 // System.out.println("XXX"+Arrays.toString(constraints.getEncoded())+"XXX"); 726 // } catch (IOException e) { 727 // throw new IllegalStateException(e); 728 // } 729 // 730 // @return NameConstraints encoding with 731 // excludedSubtrees only; all OPTIONAL 732 // values in excludedSubtrees are presented. 733 // 734 private static final byte[] getEncodingESOnly() { 735 // DO NOT MODIFY! 736 return new byte[] { 737 48, 40, -95, 38, 48, 12, -122, 7, 102, 111, 111, 46, 99, 111, 738 109, -127, 1, 1, 48, 12, -122, 7, 98, 97, 114, 46, 99, 111, 109, 739 -127, 1, 1, 48, 8, -122, 3, 109, 117, 117, -127, 1, 1 740 }; 741 } 742 743 // 744 // NameConstraints full encoding with all (OPTIONAL) 745 // minimum/maximum GeneralSubtree fields OMITTED 746 // Used to generate following byte array 747 // org.bouncycastle.asn1.x509.GeneralName[] excluded_names = 748 // new org.bouncycastle.asn1.x509.GeneralName[] { 749 // new org.bouncycastle.asn1.x509.GeneralName(6, "foo.com"), 750 // new org.bouncycastle.asn1.x509.GeneralName(6, "bar.com"), 751 // new org.bouncycastle.asn1.x509.GeneralName(6, "muu"), 752 // }; 753 // org.bouncycastle.asn1.x509.GeneralName[] permitted_names = 754 // new org.bouncycastle.asn1.x509.GeneralName[] { 755 // new org.bouncycastle.asn1.x509.GeneralName(6, "foo.co.uk"), 756 // new org.bouncycastle.asn1.x509.GeneralName(6, "bar.co.uk"), 757 // new org.bouncycastle.asn1.x509.GeneralName(6, "muuu"), 758 // }; 759 // 760 // org.bouncycastle.asn1.x509.GeneralSubtree[] excluded_subtrees = 761 // new org.bouncycastle.asn1.x509.GeneralSubtree[excluded_names.length]; 762 // for (int i = 0; i < excluded_names.length; i++) { 763 // excluded_subtrees[i] = new org.bouncycastle.asn1.x509.GeneralSubtree( 764 // excluded_names[i]); 765 // } 766 // org.bouncycastle.asn1.x509.GeneralSubtree[] permitted_subtrees = 767 // new org.bouncycastle.asn1.x509.GeneralSubtree[permitted_names.length]; 768 // for (int i = 0; i < permitted_names.length; i++) { 769 // permitted_subtrees[i] = new org.bouncycastle.asn1.x509.GeneralSubtree( 770 // permitted_names[i]); 771 // } 772 // org.bouncycastle.asn1.x509.NameConstraints constraints = 773 // new org.bouncycastle.asn1.x509.NameConstraints( 774 // permitted_subtrees, excluded_subtrees); 775 // try { 776 // System.out.println("XXX"+Arrays.toString(constraints.getEncoded())+"XXX"); 777 // } catch (IOException e) { 778 // throw new IllegalStateException(e); 779 // } 780 // 781 // @return Full NameConstraints encoding 782 // with all (OPTIONAL) minimum/maximum 783 // GeneralSubtree fields OMITTED 784 // 785 private static final byte[] getEncodingNoMinMax() { 786 // DO NOT MODIFY! 787 return new byte[] { 788 48, 67, -96, 34, 48, 11, -122, 9, 102, 111, 111, 46, 99, 111, 789 46, 117, 107, 48, 11, -122, 9, 98, 97, 114, 46, 99, 111, 46, 790 117, 107, 48, 6, -122, 4, 109, 117, 117, 117, -95, 29, 48, 9, 791 -122, 7, 102, 111, 111, 46, 99, 111, 109, 48, 9, -122, 7, 98, 792 97, 114, 46, 99, 111, 109, 48, 5, -122, 3, 109, 117, 117 793 }; 794 } 795 } 796