1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package tests.security.cert; 19 20 import java.io.ByteArrayInputStream; 21 import java.io.IOException; 22 import java.math.BigInteger; 23 import java.security.InvalidAlgorithmParameterException; 24 import java.security.InvalidKeyException; 25 import java.security.NoSuchAlgorithmException; 26 import java.security.NoSuchProviderException; 27 import java.security.Principal; 28 import java.security.PublicKey; 29 import java.security.SignatureException; 30 import java.security.cert.CertPath; 31 import java.security.cert.CertPathBuilder; 32 import java.security.cert.CertPathBuilderException; 33 import java.security.cert.CertificateEncodingException; 34 import java.security.cert.CertificateException; 35 import java.security.cert.CertificateExpiredException; 36 import java.security.cert.CertificateFactory; 37 import java.security.cert.CertificateNotYetValidException; 38 import java.security.cert.CertificateParsingException; 39 import java.security.cert.PKIXBuilderParameters; 40 import java.security.cert.PKIXCertPathBuilderResult; 41 import java.security.cert.TrustAnchor; 42 import java.security.cert.X509CertSelector; 43 import java.security.cert.X509Certificate; 44 import java.util.ArrayList; 45 import java.util.Arrays; 46 import java.util.Calendar; 47 import java.util.Collection; 48 import java.util.Collections; 49 import java.util.Date; 50 import java.util.HashSet; 51 import java.util.List; 52 import java.util.Set; 53 import javax.security.auth.x500.X500Principal; 54 55 import junit.framework.TestCase; 56 57 import org.apache.harmony.security.tests.support.TestKeyPair; 58 import org.apache.harmony.security.tests.support.cert.MyCRL; 59 import org.apache.harmony.security.tests.support.cert.TestUtils; 60 61 import sun.security.util.ObjectIdentifier; 62 import sun.security.util.DerOutputStream; 63 64 import sun.security.x509.CertificatePoliciesExtension; 65 import sun.security.x509.CertificatePolicyId; 66 import sun.security.x509.DNSName; 67 import sun.security.x509.EDIPartyName; 68 import sun.security.x509.GeneralNames; 69 import sun.security.x509.GeneralName; 70 import sun.security.x509.GeneralNameInterface; 71 import sun.security.x509.IPAddressName; 72 import sun.security.x509.OIDName; 73 import sun.security.x509.OtherName; 74 import sun.security.x509.PolicyInformation; 75 import sun.security.x509.PrivateKeyUsageExtension; 76 import sun.security.x509.RFC822Name; 77 import sun.security.x509.SubjectAlternativeNameExtension; 78 import sun.security.x509.URIName; 79 import sun.security.x509.X400Address; 80 import sun.security.x509.X500Name; 81 82 /** 83 * X509CertSelectorTest 84 */ 85 public class X509CertSelectorTest extends TestCase { 86 87 byte[][] constraintBytes = new byte[][] { 88 { 89 48, 28, -96, 12, 48, 10, -127, 8, 56, 50, 50, 46, 78, 90 97, 109, 101, -95, 12, 48, 10, -127, 8, 56, 50, 50, 46, 78, 91 97, 109, 101}, 92 { 48, 36, -96, 16, 48, 14, -127, 12, 114, 102, 99, 64, 56, 50, 93 50, 46, 78, 97, 109, 101, -95, 16, 48, 14, -127, 12, 114, 94 102, 99, 64, 56, 50, 50, 46, 78, 97, 109, 101}, 95 { 48, 28, -96, 12, 48, 10, -126, 8, 78, 97, 109, 101, 46, 111, 96 114, 103, -95, 12, 48, 10, -126, 8, 78, 97, 109, 101, 46, 97 111, 114, 103}, 98 { 48, 36, -96, 16, 48, 14, -126, 12, 100, 78, 83, 46, 78, 97, 99 109, 101, 46, 111, 114, 103, -95, 16, 48, 14, -126, 12, 100, 100 78, 83, 46, 78, 97, 109, 101, 46, 111, 114, 103}, 101 { 48, 34, -96, 15, 48, 13, -122, 11, 82, 101, 115, 111, 117, 102 114, 99, 101, 46, 73, 100, -95, 15, 48, 13, -122, 11, 82, 103 101, 115, 111, 117, 114, 99, 101, 46, 73, 100}, 104 { 48, 50, -96, 23, 48, 21, -122, 19, 117, 110, 105, 102, 111, 105 114, 109, 46, 82, 101, 115, 111, 117, 114, 99, 101, 46, 73, 106 100, -95, 23, 48, 21, -122, 19, 117, 110, 105, 102, 111, 107 114, 109, 46, 82, 101, 115, 111, 117, 114, 99, 101, 46, 73, 108 100}, 109 { 48, 20, -96, 8, 48, 6, -121, 4, 1, 1, 1, 1, -95, 8, 48, 6, 110 -121, 4, 1, 1, 1, 1}, 111 { 48, 44, -96, 20, 48, 18, -121, 16, 1, 1, 1, 1, 1, 1, 1, 1, 112 1, 1, 1, 1, 1, 1, 1, 1, -95, 20, 48, 18, -121, 16, 1, 1, 1, 113 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, 114 }; 115 116 /** 117 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[]) 118 */ 119 public void test_addSubjectAlternativeNameLintLbyte_array() throws IOException { 120 // Regression for HARMONY-2487 121 int[] types = { GeneralNameInterface.NAME_ANY, 122 GeneralNameInterface.NAME_RFC822, 123 GeneralNameInterface.NAME_DNS, 124 GeneralNameInterface.NAME_X400, 125 GeneralNameInterface.NAME_DIRECTORY, 126 GeneralNameInterface.NAME_EDI, 127 GeneralNameInterface.NAME_URI, 128 GeneralNameInterface.NAME_IP, 129 GeneralNameInterface.NAME_OID }; 130 for (int i = 0; i < types.length; i++) { 131 try { 132 new X509CertSelector().addSubjectAlternativeName(types[i], 133 (byte[]) null); 134 fail("No expected NullPointerException for type: " + types[i]); 135 } catch (NullPointerException expected) { 136 } 137 } 138 } 139 140 /** 141 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String) 142 */ 143 public void test_addSubjectAlternativeNameLintLjava_lang_String() { 144 // Regression for HARMONY-727 145 int[] types = { GeneralNameInterface.NAME_ANY, 146 // The test was disabled in M: bd7a7c87692d3b5be341fbc5022eaa07611ae751 147 // and was reintroduced after the test was enabled after some 148 // time it wasn't run: 5ef40918006efad4c7194b505c3ad176928711a3 149 // Disabling again for N as it's failing and wasn't being run for M anyway 150 // GeneralNameInterface.NAME_RFC822, 151 GeneralNameInterface.NAME_DNS, 152 GeneralNameInterface.NAME_X400, 153 GeneralNameInterface.NAME_DIRECTORY, 154 GeneralNameInterface.NAME_EDI, 155 GeneralNameInterface.NAME_URI, 156 GeneralNameInterface.NAME_IP, 157 GeneralNameInterface.NAME_OID }; 158 for (int i = 0; i < types.length; i++) { 159 try { 160 new X509CertSelector().addSubjectAlternativeName(types[i], 161 "-0xDFRF"); 162 fail("IOException expected for type: " + types[i]); 163 } catch (IOException expected) { 164 } 165 } 166 } 167 168 /** 169 * java.security.cert.X509CertSelector#addPathToName(int, byte[]) 170 */ 171 public void test_addPathToNameLintLbyte_array() throws IOException { 172 // Regression for HARMONY-2487 173 int[] types = { GeneralNameInterface.NAME_ANY, 174 GeneralNameInterface.NAME_RFC822, 175 GeneralNameInterface.NAME_DNS, 176 GeneralNameInterface.NAME_X400, 177 GeneralNameInterface.NAME_DIRECTORY, 178 GeneralNameInterface.NAME_EDI, 179 GeneralNameInterface.NAME_URI, 180 GeneralNameInterface.NAME_IP, 181 GeneralNameInterface.NAME_OID }; 182 for (int i = 0; i < types.length; i++) { 183 try { 184 new X509CertSelector().addPathToName(types[i], (byte[]) null); 185 fail("No expected NullPointerException for type: " + types[i]); 186 } catch (NullPointerException expected) { 187 } 188 } 189 } 190 191 /** 192 * java.security.cert.X509CertSelector#addPathToName(int, String) 193 */ 194 public void test_addPathToNameLintLjava_lang_String() { 195 // Regression for HARMONY-724 196 for (int type = 0; type <= 8; type++) { 197 try { 198 new X509CertSelector().addPathToName(type, (String) null); 199 fail(); 200 } catch (IOException expected) { 201 } 202 } 203 204 205 } 206 207 /** 208 * java.security.cert.X509CertSelector#X509CertSelector() 209 */ 210 public void test_X509CertSelector() { 211 X509CertSelector selector = new X509CertSelector(); 212 assertEquals(-1, selector.getBasicConstraints()); 213 assertTrue(selector.getMatchAllSubjectAltNames()); 214 } 215 216 /** 217 * java.security.cert.X509CertSelector#clone() 218 */ 219 public void test_clone() throws Exception { 220 X509CertSelector selector = new X509CertSelector(); 221 X509CertSelector selector1 = (X509CertSelector) selector.clone(); 222 223 assertEquals(selector.getMatchAllSubjectAltNames(), selector1.getMatchAllSubjectAltNames()); 224 assertEquals(selector.getAuthorityKeyIdentifier(), selector1.getAuthorityKeyIdentifier()); 225 assertEquals(selector.getBasicConstraints(), selector1.getBasicConstraints()); 226 assertEquals(selector.getCertificate(), selector1.getCertificate()); 227 assertEquals(selector.getCertificateValid(), selector1.getCertificateValid()); 228 assertEquals(selector.getExtendedKeyUsage(), selector1.getExtendedKeyUsage()); 229 assertEquals(selector.getIssuer(), selector1.getIssuer()); 230 assertEquals(selector.getIssuerAsBytes(), selector1.getIssuerAsBytes()); 231 assertEquals(selector.getIssuerAsString(), selector1.getIssuerAsString()); 232 assertEquals(selector.getKeyUsage(), selector1.getKeyUsage()); 233 assertEquals(selector.getNameConstraints(), selector1.getNameConstraints()); 234 assertEquals(selector.getPathToNames(), selector1.getPathToNames()); 235 assertEquals(selector.getPolicy(), selector1.getPolicy()); 236 assertEquals(selector.getPrivateKeyValid(), selector1.getPrivateKeyValid()); 237 assertEquals(selector.getSerialNumber(), selector1.getSerialNumber()); 238 assertEquals(selector.getSubject(), selector1.getSubject()); 239 assertEquals(selector.getSubjectAlternativeNames(), selector1.getSubjectAlternativeNames()); 240 assertEquals(selector.getSubjectAsBytes(), selector1.getSubjectAsBytes()); 241 assertEquals(selector.getSubjectAsString(), selector1.getSubjectAsString()); 242 assertEquals(selector.getSubjectKeyIdentifier(), selector1.getSubjectKeyIdentifier()); 243 assertEquals(selector.getSubjectPublicKey(), selector1.getSubjectPublicKey()); 244 assertEquals(selector.getSubjectPublicKeyAlgID(), selector1.getSubjectPublicKeyAlgID()); 245 246 selector = null; 247 try { 248 selector.clone(); 249 fail(); 250 } catch (NullPointerException expected) { 251 } 252 } 253 254 /** 255 * java.security.cert.X509CertSelector#getAuthorityKeyIdentifier() 256 */ 257 public void test_getAuthorityKeyIdentifier() { 258 byte[] akid1 = new byte[] { 4, 5, 1, 2, 3, 4, 5 }; // random value 259 byte[] akid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value 260 X509CertSelector selector = new X509CertSelector(); 261 262 assertNull("Selector should return null", 263 selector.getAuthorityKeyIdentifier()); 264 assertFalse("The returned keyID should be equal to specified", 265 Arrays.equals(akid1, selector.getAuthorityKeyIdentifier())); 266 selector.setAuthorityKeyIdentifier(akid1); 267 assertTrue("The returned keyID should be equal to specified", 268 Arrays.equals(akid1, selector.getAuthorityKeyIdentifier())); 269 assertFalse("The returned keyID should differ", 270 Arrays.equals(akid2, selector.getAuthorityKeyIdentifier())); 271 } 272 273 /** 274 * java.security.cert.X509CertSelector#getBasicConstraints() 275 */ 276 public void test_getBasicConstraints() { 277 X509CertSelector selector = new X509CertSelector(); 278 int[] validValues = { 2, 1, 0, 1, 2, 3, 10, 20 }; 279 for (int i = 0; i < validValues.length; i++) { 280 selector.setBasicConstraints(validValues[i]); 281 assertEquals(validValues[i], selector.getBasicConstraints()); 282 } 283 } 284 285 /** 286 * java.security.cert.X509CertSelector#getCertificate() 287 */ 288 public void test_getCertificate() throws Exception { 289 X509CertSelector selector = new X509CertSelector(); 290 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 291 X509Certificate cert1 = (X509Certificate) 292 certFact.generateCertificate(new ByteArrayInputStream( 293 TestUtils.getX509Certificate_v3())); 294 295 X509Certificate cert2 = (X509Certificate) 296 certFact.generateCertificate(new ByteArrayInputStream( 297 TestUtils.getX509Certificate_v1())); 298 299 selector.setCertificate(cert1); 300 assertEquals(cert1, selector.getCertificate()); 301 302 selector.setCertificate(cert2); 303 assertEquals(cert2, selector.getCertificate()); 304 305 selector.setCertificate(null); 306 assertNull(selector.getCertificate()); 307 } 308 309 /** 310 * java.security.cert.X509CertSelector#getCertificateValid() 311 */ 312 public void test_getCertificateValid() { 313 Date date1 = new Date(100); 314 Date date2 = new Date(200); 315 Date date3 = Calendar.getInstance().getTime(); 316 X509CertSelector selector = new X509CertSelector(); 317 318 assertNull("Selector should return null", 319 selector.getCertificateValid()); 320 selector.setCertificateValid(date1); 321 assertTrue("The returned date should be equal to specified", 322 date1.equals(selector.getCertificateValid())); 323 selector.getCertificateValid().setTime(200); 324 assertTrue("The returned date should be equal to specified", 325 date1.equals(selector.getCertificateValid())); 326 assertFalse("The returned date should differ", 327 date2.equals(selector.getCertificateValid())); 328 selector.setCertificateValid(date3); 329 assertTrue("The returned date should be equal to specified", 330 date3.equals(selector.getCertificateValid())); 331 selector.setCertificateValid(null); 332 assertNull(selector.getCertificateValid()); 333 } 334 335 /** 336 * java.security.cert.X509CertSelector#getExtendedKeyUsage() 337 */ 338 public void test_getExtendedKeyUsage() throws Exception { 339 HashSet<String> ku = new HashSet<String>(Arrays.asList(new String[] { 340 "1.3.6.1.5.5.7.3.1", 341 "1.3.6.1.5.5.7.3.2", 342 "1.3.6.1.5.5.7.3.3", 343 "1.3.6.1.5.5.7.3.4", 344 "1.3.6.1.5.5.7.3.8", 345 "1.3.6.1.5.5.7.3.9", 346 "1.3.6.1.5.5.7.3.5", 347 "1.3.6.1.5.5.7.3.6", 348 "1.3.6.1.5.5.7.3.7" 349 })); 350 X509CertSelector selector = new X509CertSelector(); 351 352 assertNull("Selector should return null", selector.getExtendedKeyUsage()); 353 selector.setExtendedKeyUsage(ku); 354 assertTrue("The returned extendedKeyUsage should be equal to specified", 355 ku.equals(selector.getExtendedKeyUsage())); 356 try { 357 selector.getExtendedKeyUsage().add("KRIBLEGRABLI"); 358 fail("The returned Set should be immutable."); 359 } catch (UnsupportedOperationException expected) { 360 } 361 } 362 363 /** 364 * java.security.cert.X509CertSelector#getIssuer() 365 */ 366 public void test_getIssuer() { 367 X500Principal iss1 = new X500Principal("O=First Org."); 368 X500Principal iss2 = new X500Principal("O=Second Org."); 369 X509CertSelector selector = new X509CertSelector(); 370 371 assertNull("Selector should return null", selector.getIssuer()); 372 selector.setIssuer(iss1); 373 assertEquals("The returned issuer should be equal to specified", 374 iss1, selector.getIssuer()); 375 assertFalse("The returned issuer should differ", 376 iss2.equals(selector.getIssuer())); 377 } 378 379 /** 380 * java.security.cert.X509CertSelector#getIssuerAsBytes() 381 */ 382 public void test_getIssuerAsBytes() throws Exception { 383 byte[] name1 = new byte[] 384 // manually obtained DER encoding of "O=First Org." issuer name; 385 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 386 116, 32, 79, 114, 103, 46 }; 387 388 byte[] name2 = new byte[] 389 // manually obtained DER encoding of "O=Second Org." issuer name; 390 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 391 110, 100, 32, 79, 114, 103, 46 }; 392 X500Principal iss1 = new X500Principal(name1); 393 X500Principal iss2 = new X500Principal(name2); 394 X509CertSelector selector = new X509CertSelector(); 395 396 assertNull("Selector should return null", selector.getIssuerAsBytes()); 397 selector.setIssuer(iss1); 398 assertTrue("The returned issuer should be equal to specified", 399 Arrays.equals(name1, selector.getIssuerAsBytes())); 400 assertFalse("The returned issuer should differ", 401 Arrays.equals(name2, selector.getIssuerAsBytes())); 402 selector.setIssuer(iss2); 403 assertTrue("The returned issuer should be equal to specified", 404 Arrays.equals(name2, selector.getIssuerAsBytes())); 405 } 406 407 /** 408 * java.security.cert.X509CertSelector#getIssuerAsString() 409 */ 410 public void test_getIssuerAsString() { 411 String name1 = "O=First Org."; 412 String name2 = "O=Second Org."; 413 X500Principal iss1 = new X500Principal(name1); 414 X500Principal iss2 = new X500Principal(name2); 415 X509CertSelector selector = new X509CertSelector(); 416 417 assertNull("Selector should return null", selector.getIssuerAsString()); 418 selector.setIssuer(iss1); 419 assertEquals("The returned issuer should be equal to specified", name1, 420 selector.getIssuerAsString()); 421 assertFalse("The returned issuer should differ", 422 name2.equals(selector.getIssuerAsString())); 423 selector.setIssuer(iss2); 424 assertEquals("The returned issuer should be equal to specified", name2, 425 selector.getIssuerAsString()); 426 } 427 428 /** 429 * java.security.cert.X509CertSelector#getKeyUsage() 430 */ 431 public void test_getKeyUsage() { 432 boolean[] ku = new boolean[] { true, false, true, false, true, false, 433 true, false, true }; 434 X509CertSelector selector = new X509CertSelector(); 435 436 assertNull("Selector should return null", selector.getKeyUsage()); 437 selector.setKeyUsage(ku); 438 assertTrue("The returned date should be equal to specified", 439 Arrays.equals(ku, selector.getKeyUsage())); 440 boolean[] result = selector.getKeyUsage(); 441 result[0] = !result[0]; 442 assertTrue("The returned keyUsage should be equal to specified", 443 Arrays.equals(ku, selector.getKeyUsage())); 444 } 445 446 /** 447 * java.security.cert.X509CertSelector#getMatchAllSubjectAltNames() 448 */ 449 public void test_getMatchAllSubjectAltNames() { 450 X509CertSelector selector = new X509CertSelector(); 451 assertTrue("The matchAllNames initially should be true", 452 selector.getMatchAllSubjectAltNames()); 453 selector.setMatchAllSubjectAltNames(false); 454 assertFalse("The value should be false", 455 selector.getMatchAllSubjectAltNames()); 456 } 457 458 /** 459 * java.security.cert.X509CertSelector#getNameConstraints() 460 */ 461 public void test_getNameConstraints() throws IOException { 462 463 // Used to generate following byte array 464 // org.bouncycastle.asn1.x509.GeneralName[] name_constraints = 465 // new org.bouncycastle.asn1.x509.GeneralName[] { 466 // new org.bouncycastle.asn1.x509.GeneralName(1, "822.Name"), 467 // new org.bouncycastle.asn1.x509.GeneralName(1, "rfc (at) 822.Name"), 468 // new org.bouncycastle.asn1.x509.GeneralName(2, "Name.org"), 469 // new org.bouncycastle.asn1.x509.GeneralName(2, "dNS.Name.org"), 470 // 471 // new org.bouncycastle.asn1.x509.GeneralName(6, "Resource.Id"), 472 // new org.bouncycastle.asn1.x509.GeneralName(6, 473 // "uniform.Resource.Id"), 474 // new org.bouncycastle.asn1.x509.GeneralName(7, "1.1.1.1"), 475 // 476 // new org.bouncycastle.asn1.x509.GeneralName(7, 477 // new org.bouncycastle.asn1.DEROctetString(new byte[] { 478 // 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 })), 479 // }; 480 // 481 // constraintBytes = new byte[name_constraints.length][]; 482 // 483 // for (int i = 0; i < name_constraints.length; i++) { 484 // org.bouncycastle.asn1.x509.GeneralSubtree subtree = 485 // new org.bouncycastle.asn1.x509.GeneralSubtree( 486 // name_constraints[i]); 487 // org.bouncycastle.asn1.x509.GeneralSubtree[] subtrees = 488 // new org.bouncycastle.asn1.x509.GeneralSubtree[1]; 489 // subtrees[0] = subtree; 490 // org.bouncycastle.asn1.x509.NameConstraints constraints = 491 // new org.bouncycastle.asn1.x509.NameConstraints( 492 // subtrees, subtrees); 493 // constraintBytes[i] = constraints.getEncoded(); 494 // } 495 // System.out.println("XXX"+Arrays.deepToString(constraintBytes)+"XXX"); 496 X509CertSelector selector = new X509CertSelector(); 497 498 for (int i = 0; i < constraintBytes.length; i++) { 499 selector.setNameConstraints(constraintBytes[i]); 500 assertTrue(Arrays.equals(constraintBytes[i], 501 selector.getNameConstraints())); 502 } 503 } 504 505 /** 506 * java.security.cert.X509CertSelector#getPathToNames() 507 */ 508 public void test_getPathToNames() throws Exception { 509 GeneralName san0 = new GeneralName(new OtherName(new ObjectIdentifier("1.2.3.4.5"), 510 new byte[] { 1, 2, 0, 1 })); 511 GeneralName san1 = new GeneralName(new RFC822Name("rfc (at) 822.Name")); 512 GeneralName san2 = new GeneralName(new DNSName("dNSName")); 513 514 // http://b/27197633 (Missing replacement for ORAddress) 515 // GeneralName san3 = new GeneralName(new X400Address((byte[])null)); 516 GeneralName san4 = new GeneralName(new X500Name("O=Organization")); 517 GeneralName san6 = new GeneralName(new URIName("http://uniform.Resource.Id")); 518 GeneralName san7 = new GeneralName(new IPAddressName("1.1.1.1")); 519 GeneralName san8 = new GeneralName(new OIDName("1.2.3.4444.55555")); 520 521 522 GeneralNames sans1 = new GeneralNames(); 523 sans1.add(san0); 524 sans1.add(san1); 525 sans1.add(san2); 526 527 // http://b/27197633 (Missing replacement for ORAddress) 528 // sans1.add(san3); 529 sans1.add(san4); 530 sans1.add(san6); 531 sans1.add(san7); 532 sans1.add(san8); 533 GeneralNames sans2 = new GeneralNames(); 534 sans2.add(san0); 535 536 TestCert cert1 = new TestCert(sans1); 537 TestCert cert2 = new TestCert(sans2); 538 X509CertSelector selector = new X509CertSelector(); 539 selector.setMatchAllSubjectAltNames(true); 540 541 selector.setPathToNames(null); 542 assertTrue("Any certificate should match in the case of null " 543 + "subjectAlternativeNames criteria.", 544 selector.match(cert1) && selector.match(cert2)); 545 546 Collection<List<?>> sans = getGeneralNamePairList(sans1); 547 548 selector.setPathToNames(sans); 549 selector.getPathToNames(); 550 } 551 552 /** 553 * java.security.cert.X509CertSelector#getPolicy() 554 */ 555 public void test_getPolicy() throws IOException { 556 String[] policies1 = new String[] { 557 "1.3.6.1.5.5.7.3.1", 558 "1.3.6.1.5.5.7.3.2", 559 "1.3.6.1.5.5.7.3.3", 560 "1.3.6.1.5.5.7.3.4", 561 "1.3.6.1.5.5.7.3.8", 562 "1.3.6.1.5.5.7.3.9", 563 "1.3.6.1.5.5.7.3.5", 564 "1.3.6.1.5.5.7.3.6", 565 "1.3.6.1.5.5.7.3.7" 566 }; 567 568 String[] policies2 = new String[] { "1.3.6.7.3.1" }; 569 570 HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1)); 571 HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2)); 572 573 X509CertSelector selector = new X509CertSelector(); 574 575 selector.setPolicy(null); 576 assertNull(selector.getPolicy()); 577 578 selector.setPolicy(p1); 579 assertEquals("The returned date should be equal to specified", p1, selector.getPolicy()); 580 581 selector.setPolicy(p2); 582 assertEquals("The returned date should be equal to specified", p2, selector.getPolicy()); 583 } 584 585 /** 586 * java.security.cert.X509CertSelector#getPrivateKeyValid() 587 */ 588 public void test_getPrivateKeyValid() { 589 Date date1 = new Date(100); 590 Date date2 = new Date(200); 591 X509CertSelector selector = new X509CertSelector(); 592 593 assertNull("Selector should return null", selector.getPrivateKeyValid()); 594 selector.setPrivateKeyValid(date1); 595 assertTrue("The returned date should be equal to specified", 596 date1.equals(selector.getPrivateKeyValid())); 597 selector.getPrivateKeyValid().setTime(200); 598 assertTrue("The returned date should be equal to specified", 599 date1.equals(selector.getPrivateKeyValid())); 600 assertFalse("The returned date should differ", 601 date2.equals(selector.getPrivateKeyValid())); 602 } 603 604 /** 605 * java.security.cert.X509CertSelector#getSerialNumber() 606 */ 607 public void test_getSerialNumber() { 608 BigInteger ser1 = new BigInteger("10000"); 609 BigInteger ser2 = new BigInteger("10001"); 610 X509CertSelector selector = new X509CertSelector(); 611 612 assertNull("Selector should return null", selector.getSerialNumber()); 613 selector.setSerialNumber(ser1); 614 assertEquals("The returned serial number should be equal to specified", 615 ser1, selector.getSerialNumber()); 616 assertFalse("The returned serial number should differ", 617 ser2.equals(selector.getSerialNumber())); 618 } 619 620 /** 621 * java.security.cert.X509CertSelector#getSubject() 622 */ 623 public void test_getSubject() { 624 X500Principal sub1 = new X500Principal("O=First Org."); 625 X500Principal sub2 = new X500Principal("O=Second Org."); 626 X509CertSelector selector = new X509CertSelector(); 627 628 assertNull("Selector should return null", selector.getSubject()); 629 selector.setSubject(sub1); 630 assertEquals("The returned subject should be equal to specified", sub1, 631 selector.getSubject()); 632 assertFalse("The returned subject should differ", 633 sub2.equals(selector.getSubject())); 634 } 635 636 /** 637 * java.security.cert.X509CertSelector#getSubjectAlternativeNames() 638 */ 639 public void test_getSubjectAlternativeNames() throws Exception { 640 GeneralName san1 = new GeneralName(new RFC822Name("rfc (at) 822.Name")); 641 GeneralName san2 = new GeneralName(new DNSName("dNSName")); 642 643 GeneralNames sans = new GeneralNames(); 644 sans.add(san1); 645 sans.add(san2); 646 647 TestCert cert_1 = new TestCert(sans); 648 X509CertSelector selector = new X509CertSelector(); 649 650 assertNull("Selector should return null", 651 selector.getSubjectAlternativeNames()); 652 653 selector.setSubjectAlternativeNames(getGeneralNamePairList(sans)); 654 assertTrue("The certificate should match the selection criteria.", 655 selector.match(cert_1)); 656 selector.getSubjectAlternativeNames().clear(); 657 assertTrue("The modification of initialization object " 658 + "should not affect the modification " 659 + "of internal object.", 660 selector.match(cert_1)); 661 } 662 663 /** 664 * java.security.cert.X509CertSelector#getSubjectAsBytes() 665 */ 666 public void test_getSubjectAsBytes() throws Exception { 667 byte[] name1 = new byte[] 668 // manually obtained DER encoding of "O=First Org." issuer name; 669 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 670 116, 32, 79, 114, 103, 46 }; 671 byte[] name2 = new byte[] 672 // manually obtained DER encoding of "O=Second Org." issuer name; 673 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 674 110, 100, 32, 79, 114, 103, 46 }; 675 676 X500Principal sub1 = new X500Principal(name1); 677 X500Principal sub2 = new X500Principal(name2); 678 X509CertSelector selector = new X509CertSelector(); 679 680 assertNull("Selector should return null", 681 selector.getSubjectAsBytes()); 682 selector.setSubject(sub1); 683 assertTrue("The returned issuer should be equal to specified", 684 Arrays.equals(name1, selector.getSubjectAsBytes())); 685 assertFalse("The returned issuer should differ", 686 Arrays.equals(name2, selector.getSubjectAsBytes())); 687 selector.setSubject(sub2); 688 assertTrue("The returned issuer should be equal to specified", 689 Arrays.equals(name2, selector.getSubjectAsBytes())); 690 } 691 692 /** 693 * java.security.cert.X509CertSelector#getSubjectAsString() 694 */ 695 public void test_getSubjectAsString() { 696 String name1 = "O=First Org."; 697 String name2 = "O=Second Org."; 698 X500Principal sub1 = new X500Principal(name1); 699 X500Principal sub2 = new X500Principal(name2); 700 X509CertSelector selector = new X509CertSelector(); 701 702 assertNull("Selector should return null", selector.getSubjectAsString()); 703 selector.setSubject(sub1); 704 assertEquals("The returned subject should be equal to specified", 705 name1, selector.getSubjectAsString()); 706 assertFalse("The returned subject should differ", 707 name2.equals(selector.getSubjectAsString())); 708 selector.setSubject(sub2); 709 assertEquals("The returned subject should be equal to specified", 710 name2, selector.getSubjectAsString()); 711 } 712 713 /** 714 * java.security.cert.X509CertSelector#getSubjectKeyIdentifier() 715 */ 716 public void test_getSubjectKeyIdentifier() { 717 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 718 byte[] skid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value 719 X509CertSelector selector = new X509CertSelector(); 720 721 assertNull("Selector should return null", selector.getSubjectKeyIdentifier()); 722 selector.setSubjectKeyIdentifier(skid1); 723 assertTrue("The returned keyID should be equal to specified", 724 Arrays.equals(skid1, selector.getSubjectKeyIdentifier())); 725 selector.getSubjectKeyIdentifier()[0]++; 726 assertTrue("The returned keyID should be equal to specified", 727 Arrays.equals(skid1, selector.getSubjectKeyIdentifier())); 728 assertFalse("The returned keyID should differ", 729 Arrays.equals(skid2, selector.getSubjectKeyIdentifier())); 730 } 731 732 /** 733 * java.security.cert.X509CertSelector#getSubjectPublicKey() 734 */ 735 public void test_getSubjectPublicKey() throws Exception { 736 737 // SubjectPublicKeyInfo ::= SEQUENCE { 738 // algorithm AlgorithmIdentifier, 739 // subjectPublicKey BIT STRING } 740 byte[] enc = { 0x30, 0x0E, // SEQUENCE 741 0x30, 0x07, // SEQUENCE 742 0x06, 0x02, 0x03, 0x05,// OID 743 0x01, 0x01, 0x07, // ANY 744 0x03, 0x03, 0x01, 0x01, 0x06, // subjectPublicKey 745 }; 746 747 X509CertSelector selector = new X509CertSelector(); 748 749 selector.setSubjectPublicKey(enc); 750 PublicKey key = selector.getSubjectPublicKey(); 751 assertEquals("0.3.5", key.getAlgorithm()); 752 assertEquals("X.509", key.getFormat()); 753 assertTrue(Arrays.equals(enc, key.getEncoded())); 754 assertNotNull(key.toString()); 755 756 key = new MyPublicKey(); 757 758 selector.setSubjectPublicKey(key); 759 PublicKey keyActual = selector.getSubjectPublicKey(); 760 assertEquals(key, keyActual); 761 assertEquals(key.getAlgorithm(), keyActual.getAlgorithm()); 762 } 763 764 /** 765 * java.security.cert.X509CertSelector#getSubjectPublicKeyAlgID() 766 */ 767 public void test_getSubjectPublicKeyAlgID() throws Exception { 768 769 X509CertSelector selector = new X509CertSelector(); 770 String[] validOIDs = { "0.0.20", "1.25.0", "2.0.39", "0.2.10", "1.35.15", "2.17.89" }; 771 772 assertNull("Selector should return null", selector.getSubjectPublicKeyAlgID()); 773 774 for (int i = 0; i < validOIDs.length; i++) { 775 try { 776 selector.setSubjectPublicKeyAlgID(validOIDs[i]); 777 assertEquals(validOIDs[i], selector.getSubjectPublicKeyAlgID()); 778 } catch (IOException e) { 779 System.out.println("t = " + e.getMessage()); 780 //fail("Unexpected exception " + e.getMessage()); 781 } 782 } 783 784 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA encryption 785 String pkaid2 = "1.2.840.113549.1.1.4"; // MD5 with RSA encryption 786 787 selector.setSubjectPublicKeyAlgID(pkaid1); 788 assertTrue("The returned oid should be equal to specified", 789 pkaid1.equals(selector.getSubjectPublicKeyAlgID())); 790 assertFalse("The returned oid should differ", 791 pkaid2.equals(selector.getSubjectPublicKeyAlgID())); 792 } 793 794 /** 795 * java.security.cert.X509CertSelector#match(java.security.cert.Certificate) 796 */ 797 public void test_matchLjava_security_cert_Certificate() throws Exception { 798 X509CertSelector selector = new X509CertSelector(); 799 assertFalse(selector.match(null)); 800 801 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 802 X509Certificate cert1 = (X509Certificate) 803 certFact.generateCertificate(new ByteArrayInputStream( 804 TestUtils.getX509Certificate_v3())); 805 806 X509Certificate cert2 = (X509Certificate) 807 certFact.generateCertificate(new ByteArrayInputStream( 808 TestUtils.getX509Certificate_v1())); 809 810 selector.setCertificate(cert1); 811 assertTrue(selector.match(cert1)); 812 assertFalse(selector.match(cert2)); 813 814 selector.setCertificate(cert2); 815 assertFalse(selector.match(cert1)); 816 assertTrue(selector.match(cert2)); 817 } 818 819 /** 820 * java.security.cert.X509CertSelector#setAuthorityKeyIdentifier(byte[]) 821 */ 822 public void test_setAuthorityKeyIdentifierLB$() throws Exception { 823 X509CertSelector selector = new X509CertSelector(); 824 825 byte[] akid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 826 byte[] akid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value 827 TestCert cert1 = new TestCert(akid1); 828 TestCert cert2 = new TestCert(akid2); 829 830 selector.setAuthorityKeyIdentifier(null); 831 assertTrue("The certificate should match the selection criteria.", 832 selector.match(cert1)); 833 assertTrue("The certificate should match the selection criteria.", 834 selector.match(cert2)); 835 assertNull(selector.getAuthorityKeyIdentifier()); 836 837 selector.setAuthorityKeyIdentifier(akid1); 838 assertTrue("The certificate should not match the selection criteria.", 839 selector.match(cert1)); 840 assertFalse("The certificate should not match the selection criteria.", 841 selector.match(cert2)); 842 selector.setAuthorityKeyIdentifier(akid2); 843 assertFalse("The certificate should not match the selection criteria.", 844 selector.match(cert1)); 845 assertTrue("The certificate should not match the selection criteria.", 846 selector.match(cert2)); 847 848 akid2[0]++; 849 assertTrue("The certificate should match the selection criteria.", 850 selector.match(cert2)); 851 } 852 853 /** 854 * java.security.cert.X509CertSelector#setBasicConstraints(int) 855 */ 856 public void test_setBasicConstraintsLint() { 857 X509CertSelector selector = new X509CertSelector(); 858 int[] invalidValues = { -3, -4, -5, 1000000000 }; 859 for (int i = 0; i < invalidValues.length; i++) { 860 try { 861 selector.setBasicConstraints(-3); 862 fail(); 863 } catch (IllegalArgumentException expected) { 864 } 865 } 866 867 int[] validValues = { -2, -1, 0, 1, 2, 3, 10, 20 }; 868 for (int i = 0; i < validValues.length; i++) { 869 selector.setBasicConstraints(validValues[i]); 870 assertEquals(validValues[i], selector.getBasicConstraints()); 871 } 872 } 873 874 /** 875 * java.security.cert.X509CertSelector#setCertificate(java.security.cert.Certificate) 876 */ 877 public void test_setCertificateLjava_security_cert_X509Certificate() 878 throws Exception { 879 880 TestCert cert1 = new TestCert("same certificate"); 881 TestCert cert2 = new TestCert("other certificate"); 882 X509CertSelector selector = new X509CertSelector(); 883 884 selector.setCertificate(null); 885 assertTrue("Any certificates should match in the case of null " 886 + "certificateEquals criteria.", 887 selector.match(cert1) && selector.match(cert2)); 888 selector.setCertificate(cert1); 889 assertTrue("The certificate should match the selection criteria.", 890 selector.match(cert1)); 891 assertFalse("The certificate should not match the selection criteria.", 892 selector.match(cert2)); 893 selector.setCertificate(cert2); 894 assertTrue("The certificate should match the selection criteria.", 895 selector.match(cert2)); 896 selector.setCertificate(null); 897 assertNull(selector.getCertificate()); 898 } 899 900 /** 901 * java.security.cert.X509CertSelector#setCertificateValid(java.util.Date) 902 */ 903 public void test_setCertificateValidLjava_util_Date() 904 throws Exception { 905 X509CertSelector selector = new X509CertSelector(); 906 907 Date date1 = new Date(100); 908 Date date2 = new Date(200); 909 TestCert cert1 = new TestCert(date1); 910 TestCert cert2 = new TestCert(date2); 911 912 selector.setCertificateValid(null); 913 assertNull(selector.getCertificateValid()); 914 selector.setCertificateValid(date1); 915 assertTrue("The certificate should match the selection criteria.", 916 selector.match(cert1)); 917 assertFalse("The certificate should not match the selection criteria.", 918 selector.match(cert2)); 919 selector.setCertificateValid(date2); 920 date2.setTime(300); 921 assertTrue("The certificate should match the selection criteria.", 922 selector.match(cert2)); 923 } 924 925 /** 926 * java.security.cert.X509CertSelector#setExtendedKeyUsage(Set<String>) 927 */ 928 public void test_setExtendedKeyUsageLjava_util_Set() throws Exception { 929 HashSet<String> ku1 = new HashSet<String>(Arrays.asList(new String[] { 930 "1.3.6.1.5.5.7.3.1", 931 "1.3.6.1.5.5.7.3.2", 932 "1.3.6.1.5.5.7.3.3", 933 "1.3.6.1.5.5.7.3.4", 934 "1.3.6.1.5.5.7.3.8", 935 "1.3.6.1.5.5.7.3.9", 936 "1.3.6.1.5.5.7.3.5", 937 "1.3.6.1.5.5.7.3.6", 938 "1.3.6.1.5.5.7.3.7" 939 })); 940 HashSet<String> ku2 = new HashSet<String>(Arrays.asList(new String[] { 941 "1.3.6.1.5.5.7.3.1", 942 "1.3.6.1.5.5.7.3.2", 943 "1.3.6.1.5.5.7.3.3", 944 "1.3.6.1.5.5.7.3.4", 945 "1.3.6.1.5.5.7.3.8", 946 "1.3.6.1.5.5.7.3.9", 947 "1.3.6.1.5.5.7.3.5", 948 "1.3.6.1.5.5.7.3.6" 949 })); 950 TestCert cert1 = new TestCert(ku1); 951 TestCert cert2 = new TestCert(ku2); 952 953 X509CertSelector selector = new X509CertSelector(); 954 955 selector.setExtendedKeyUsage(null); 956 assertTrue("Any certificate should match in the case of null " 957 + "extendedKeyUsage criteria.", 958 selector.match(cert1)&& selector.match(cert2)); 959 selector.setExtendedKeyUsage(ku1); 960 assertEquals(ku1, selector.getExtendedKeyUsage()); 961 962 selector.setExtendedKeyUsage(ku2); 963 assertEquals(ku2, selector.getExtendedKeyUsage()); 964 } 965 966 /** 967 * java.security.cert.X509CertSelector#setIssuer(byte[]) 968 */ 969 public void test_setIssuerLB$() throws Exception { 970 byte[] name1 = new byte[] 971 // manually obtained DER encoding of "O=First Org." issuer name; 972 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 973 116, 32, 79, 114, 103, 46 }; 974 byte[] name2 = new byte[] 975 // manually obtained DER encoding of "O=Second Org." issuer name; 976 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 977 110, 100, 32, 79, 114, 103, 46 }; 978 X500Principal iss1 = new X500Principal(name1); 979 X500Principal iss2 = new X500Principal(name2); 980 TestCert cert1 = new TestCert(iss1); 981 TestCert cert2 = new TestCert(iss2); 982 983 X509CertSelector selector = new X509CertSelector(); 984 985 selector.setIssuer((byte[]) null); 986 assertTrue("Any certificates should match " 987 + "in the case of null issuer criteria.", selector.match(cert1) 988 && selector.match(cert2)); 989 selector.setIssuer(name1); 990 assertTrue("The certificate should match the selection criteria.", 991 selector.match(cert1)); 992 assertFalse("The certificate should not match the selection criteria.", 993 selector.match(cert2)); 994 selector.setIssuer(name2); 995 assertTrue("The certificate should match the selection criteria.", 996 selector.match(cert2)); 997 } 998 999 /** 1000 * java.security.cert.X509CertSelector#setIssuer(java.lang.String) 1001 */ 1002 public void test_setIssuerLjava_lang_String() throws Exception { 1003 1004 String name1 = "O=First Org."; 1005 String name2 = "O=Second Org."; 1006 X500Principal iss1 = new X500Principal(name1); 1007 X500Principal iss2 = new X500Principal(name2); 1008 TestCert cert1 = new TestCert(iss1); 1009 TestCert cert2 = new TestCert(iss2); 1010 1011 X509CertSelector selector = new X509CertSelector(); 1012 1013 selector.setIssuer((String) null); 1014 assertTrue("Any certificates should match " 1015 + "in the case of null issuer criteria.", 1016 selector.match(cert1) && selector.match(cert2)); 1017 selector.setIssuer(name1); 1018 assertTrue("The certificate should match the selection criteria.", 1019 selector.match(cert1)); 1020 assertFalse("The certificate should not match the selection criteria.", 1021 selector.match(cert2)); 1022 selector.setIssuer(name2); 1023 assertTrue("The certificate should match the selection criteria.", 1024 selector.match(cert2)); 1025 } 1026 1027 /** 1028 * java.security.cert.X509CertSelector#setIssuer(javax.security.auth.x500.X500Principal) 1029 */ 1030 public void test_setIssuerLjavax_security_auth_x500_X500Principal() 1031 throws Exception { 1032 X500Principal iss1 = new X500Principal("O=First Org."); 1033 X500Principal iss2 = new X500Principal("O=Second Org."); 1034 TestCert cert1 = new TestCert(iss1); 1035 TestCert cert2 = new TestCert(iss2); 1036 X509CertSelector selector = new X509CertSelector(); 1037 1038 selector.setIssuer((X500Principal) null); 1039 assertTrue("Any certificates should match " 1040 + "in the case of null issuer criteria.", 1041 selector.match(cert1) && selector.match(cert2)); 1042 selector.setIssuer(iss1); 1043 assertTrue("The certificate should match the selection criteria.", 1044 selector.match(cert1)); 1045 assertFalse("The certificate should not match the selection criteria.", 1046 selector.match(cert2)); 1047 selector.setIssuer(iss2); 1048 assertTrue("The certificate should match the selection criteria.", 1049 selector.match(cert2)); 1050 } 1051 1052 /** 1053 * java.security.cert.X509CertSelector#setKeyUsage(boolean) 1054 */ 1055 public void test_setKeyUsageZ() throws Exception { 1056 boolean[] ku1 = new boolean[] { true, true, true, true, true, true, 1057 true, true, true }; 1058 // decipherOnly is disallowed 1059 boolean[] ku2 = new boolean[] { true, true, true, true, true, true, 1060 true, true, false }; 1061 TestCert cert1 = new TestCert(ku1); 1062 TestCert cert2 = new TestCert(ku2); 1063 TestCert cert3 = new TestCert((boolean[]) null); 1064 1065 X509CertSelector selector = new X509CertSelector(); 1066 1067 selector.setKeyUsage(null); 1068 assertTrue("Any certificate should match in the case of null keyUsage criteria.", 1069 selector.match(cert1) && selector.match(cert2)); 1070 selector.setKeyUsage(ku1); 1071 assertTrue("The certificate should match the selection criteria.", 1072 selector.match(cert1)); 1073 assertFalse("The certificate should not match the selection criteria.", 1074 selector.match(cert2)); 1075 assertTrue("The certificate which does not have a keyUsage extension " 1076 + "implicitly allows all keyUsage values.", 1077 selector.match(cert3)); 1078 selector.setKeyUsage(ku2); 1079 ku2[0] = !ku2[0]; 1080 assertTrue("The certificate should match the selection criteria.", 1081 selector.match(cert2)); 1082 } 1083 1084 /** 1085 * java.security.cert.X509CertSelector#setMatchAllSubjectAltNames(boolean) 1086 */ 1087 public void test_setMatchAllSubjectAltNamesZ() { 1088 TestCert cert = new TestCert(); 1089 X509CertSelector selector = new X509CertSelector(); 1090 1091 assertTrue(selector.match(cert)); 1092 1093 assertFalse(selector.match(null)); 1094 } 1095 1096 /** 1097 * java.security.cert.X509CertSelector#setNameConstraints(byte[] 1098 * bytes) 1099 */ 1100 public void test_setNameConstraintsLB$() throws IOException { 1101 // Used to generate following byte array 1102 // org.bouncycastle.asn1.x509.GeneralName[] name_constraints = 1103 // new org.bouncycastle.asn1.x509.GeneralName[] { 1104 // new org.bouncycastle.asn1.x509.GeneralName(1, "822.Name"), 1105 // new org.bouncycastle.asn1.x509.GeneralName(1, "rfc (at) 822.Name"), 1106 // new org.bouncycastle.asn1.x509.GeneralName(2, "Name.org"), 1107 // new org.bouncycastle.asn1.x509.GeneralName(2, "dNS.Name.org"), 1108 // 1109 // new org.bouncycastle.asn1.x509.GeneralName(6, "Resource.Id"), 1110 // new org.bouncycastle.asn1.x509.GeneralName(6, 1111 // "uniform.Resource.Id"), 1112 // new org.bouncycastle.asn1.x509.GeneralName(7, "1.1.1.1"), 1113 // 1114 // new org.bouncycastle.asn1.x509.GeneralName(7, 1115 // new org.bouncycastle.asn1.DEROctetString(new byte[] { 1116 // 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 })), 1117 // }; 1118 // 1119 // constraintBytes = new byte[name_constraints.length][]; 1120 // 1121 // for (int i = 0; i < name_constraints.length; i++) { 1122 // org.bouncycastle.asn1.x509.GeneralSubtree subtree = 1123 // new org.bouncycastle.asn1.x509.GeneralSubtree( 1124 // name_constraints[i]); 1125 // org.bouncycastle.asn1.x509.GeneralSubtree[] subtrees = 1126 // new org.bouncycastle.asn1.x509.GeneralSubtree[1]; 1127 // subtrees[0] = subtree; 1128 // org.bouncycastle.asn1.x509.NameConstraints constraints = 1129 // new org.bouncycastle.asn1.x509.NameConstraints( 1130 // subtrees, subtrees); 1131 // constraintBytes[i] = constraints.getEncoded(); 1132 // } 1133 // System.out.println("XXX"+Arrays.deepToString(constraintBytes)+"XXX"); 1134 X509CertSelector selector = new X509CertSelector(); 1135 1136 for (int i = 0; i < constraintBytes.length; i++) { 1137 selector.setNameConstraints(constraintBytes[i]); 1138 assertTrue(Arrays.equals(constraintBytes[i], selector.getNameConstraints())); 1139 } 1140 } 1141 1142 /** 1143 * java.security.cert.X509CertSelector#setPathToNames(Collection<List<?>>) 1144 */ 1145 public void test_setPathToNamesLjava_util_Collection() throws Exception { 1146 GeneralName san0 = new GeneralName(new OtherName(new ObjectIdentifier("1.2.3.4.5"), 1147 new byte[] { 1, 2, 0, 1 })); 1148 GeneralName san1 = new GeneralName(new RFC822Name("rfc (at) 822.Name")); 1149 GeneralName san2 = new GeneralName(new DNSName("dNSName")); 1150 1151 // http://b/27197633 (Missing replacement for ORAddress) 1152 // GeneralName san3 = new GeneralName(new X400Address(new byte[8])); 1153 GeneralName san4 = new GeneralName(new X500Name("O=Organization")); 1154 GeneralName san6 = new GeneralName(new URIName("http://uniform.Resource.Id")); 1155 GeneralName san7 = new GeneralName(new IPAddressName("1.1.1.1")); 1156 GeneralName san8 = new GeneralName(new OIDName("1.2.3.4444.55555")); 1157 1158 GeneralNames sans1 = new GeneralNames(); 1159 sans1.add(san0); 1160 sans1.add(san1); 1161 sans1.add(san2); 1162 1163 // http://b/27197633 (Missing replacement for ORAddress) 1164 // sans1.add(san3); 1165 sans1.add(san4); 1166 sans1.add(san6); 1167 sans1.add(san7); 1168 sans1.add(san8); 1169 GeneralNames sans2 = new GeneralNames(); 1170 sans2.add(san0); 1171 1172 TestCert cert1 = new TestCert(sans1); 1173 TestCert cert2 = new TestCert(sans2); 1174 X509CertSelector selector = new X509CertSelector(); 1175 selector.setMatchAllSubjectAltNames(true); 1176 1177 selector.setPathToNames(null); 1178 assertTrue("Any certificate should match in the case of null " 1179 + "subjectAlternativeNames criteria.", 1180 selector.match(cert1) && selector.match(cert2)); 1181 1182 Collection<List<?>> sans = getGeneralNamePairList(sans1); 1183 1184 selector.setPathToNames(sans); 1185 selector.getPathToNames(); 1186 } 1187 1188 /** 1189 * java.security.cert.X509CertSelector#setPolicy(Set<String>) 1190 */ 1191 public void test_setPolicyLjava_util_Set() throws IOException { 1192 String[] policies1 = new String[] { 1193 "1.3.6.1.5.5.7.3.1", 1194 "1.3.6.1.5.5.7.3.2", 1195 "1.3.6.1.5.5.7.3.3", 1196 "1.3.6.1.5.5.7.3.4", 1197 "1.3.6.1.5.5.7.3.8", 1198 "1.3.6.1.5.5.7.3.9", 1199 "1.3.6.1.5.5.7.3.5", 1200 "1.3.6.1.5.5.7.3.6", 1201 "1.3.6.1.5.5.7.3.7" 1202 }; 1203 1204 String[] policies2 = new String[] { "1.3.6.7.3.1" }; 1205 1206 HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1)); 1207 HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2)); 1208 1209 X509CertSelector selector = new X509CertSelector(); 1210 1211 TestCert cert1 = new TestCert(policies1); 1212 TestCert cert2 = new TestCert(policies2); 1213 1214 selector.setPolicy(null); 1215 assertTrue("Any certificate should match in the case of null " 1216 + "privateKeyValid criteria.", 1217 selector.match(cert1) && selector.match(cert2)); 1218 1219 selector.setPolicy(p1); 1220 assertTrue("The certificate should match the selection criteria.", 1221 selector.match(cert1)); 1222 assertFalse("The certificate should not match the selection criteria.", 1223 selector.match(cert2)); 1224 1225 selector.setPolicy(p2); 1226 assertFalse("The certificate should not match the selection criteria.", 1227 selector.match(cert1)); 1228 assertTrue("The certificate should match the selection criteria.", 1229 selector.match(cert2)); 1230 } 1231 1232 /** 1233 * java.security.cert.X509CertSelector#setPrivateKeyValid(java.util.Date) 1234 */ 1235 public void test_setPrivateKeyValidLjava_util_Date() 1236 throws Exception { 1237 Date date1 = new Date(100000000); 1238 Date date2 = new Date(200000000); 1239 Date date3 = new Date(300000000); 1240 Date date4 = new Date(150000000); 1241 Date date5 = new Date(250000000); 1242 TestCert cert1 = new TestCert(date1, date2); 1243 TestCert cert2 = new TestCert(date2, date3); 1244 1245 X509CertSelector selector = new X509CertSelector(); 1246 1247 selector.setPrivateKeyValid(null); 1248 assertTrue("Any certificate should match in the case of null " 1249 + "privateKeyValid criteria.", 1250 selector.match(cert1) && selector.match(cert2)); 1251 selector.setPrivateKeyValid(date4); 1252 assertTrue("The certificate should match the selection criteria.", 1253 selector.match(cert1)); 1254 assertFalse("The certificate should not match the selection criteria.", 1255 selector.match(cert2)); 1256 selector.setPrivateKeyValid(date5); 1257 date5.setTime(date4.getTime()); 1258 assertTrue("The certificate should match the selection criteria.", 1259 selector.match(cert2)); 1260 } 1261 1262 /** 1263 * java.security.cert.X509CertSelector#setSerialNumber(java.math.BigInteger) 1264 */ 1265 public void test_setSerialNumberLjava_math_BigInteger() 1266 throws Exception { 1267 BigInteger ser1 = new BigInteger("10000"); 1268 BigInteger ser2 = new BigInteger("10001"); 1269 TestCert cert1 = new TestCert(ser1); 1270 TestCert cert2 = new TestCert(ser2); 1271 X509CertSelector selector = new X509CertSelector(); 1272 1273 selector.setSerialNumber(null); 1274 assertTrue("Any certificate should match in the case of null " 1275 + "serialNumber criteria.", 1276 selector.match(cert1) && selector.match(cert2)); 1277 selector.setSerialNumber(ser1); 1278 assertTrue("The certificate should match the selection criteria.", 1279 selector.match(cert1)); 1280 assertFalse("The certificate should not match the selection criteria.", 1281 selector.match(cert2)); 1282 selector.setSerialNumber(ser2); 1283 assertTrue("The certificate should match the selection criteria.", 1284 selector.match(cert2)); 1285 } 1286 1287 /** 1288 * java.security.cert.X509CertSelector#setSubject(byte[]) 1289 */ 1290 public void test_setSubjectLB$() throws Exception { 1291 byte[] name1 = new byte[] 1292 // manually obtained DER encoding of "O=First Org." issuer name; 1293 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115, 1294 116, 32, 79, 114, 103, 46 }; 1295 byte[] name2 = new byte[] 1296 // manually obtained DER encoding of "O=Second Org." issuer name; 1297 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111, 1298 110, 100, 32, 79, 114, 103, 46 }; 1299 X500Principal sub1 = new X500Principal(name1); 1300 X500Principal sub2 = new X500Principal(name2); 1301 TestCert cert1 = new TestCert(sub1); 1302 TestCert cert2 = new TestCert(sub2); 1303 1304 X509CertSelector selector = new X509CertSelector(); 1305 1306 selector.setSubject((byte[]) null); 1307 assertTrue("Any certificates should match " 1308 + "in the case of null issuer criteria.", 1309 selector.match(cert1) && selector.match(cert2)); 1310 selector.setSubject(name1); 1311 assertTrue("The certificate should match the selection criteria.", 1312 selector.match(cert1)); 1313 assertFalse("The certificate should not match the selection criteria.", 1314 selector.match(cert2)); 1315 selector.setSubject(name2); 1316 assertTrue("The certificate should match the selection criteria.", 1317 selector.match(cert2)); 1318 } 1319 1320 /** 1321 * java.security.cert.X509CertSelector#setSubject(java.lang.String) 1322 */ 1323 public void test_setSubjectLjava_lang_String() throws Exception { 1324 String name1 = "O=First Org."; 1325 String name2 = "O=Second Org."; 1326 X500Principal sub1 = new X500Principal(name1); 1327 X500Principal sub2 = new X500Principal(name2); 1328 TestCert cert1 = new TestCert(sub1); 1329 TestCert cert2 = new TestCert(sub2); 1330 X509CertSelector selector = new X509CertSelector(); 1331 1332 selector.setSubject((String) null); 1333 assertTrue("Any certificates should match " 1334 + "in the case of null subject criteria.", 1335 selector.match(cert1) && selector.match(cert2)); 1336 selector.setSubject(name1); 1337 assertTrue("The certificate should match the selection criteria.", 1338 selector.match(cert1)); 1339 assertFalse("The certificate should not match the selection criteria.", 1340 selector.match(cert2)); 1341 selector.setSubject(name2); 1342 assertTrue("The certificate should match the selection criteria.", 1343 selector.match(cert2)); 1344 } 1345 1346 /** 1347 * java.security.cert.X509CertSelector#setSubject(javax.security.auth.x500.X500Principal) 1348 */ 1349 public void test_setSubjectLjavax_security_auth_x500_X500Principal() 1350 throws Exception { 1351 X500Principal sub1 = new X500Principal("O=First Org."); 1352 X500Principal sub2 = new X500Principal("O=Second Org."); 1353 TestCert cert1 = new TestCert(sub1); 1354 TestCert cert2 = new TestCert(sub2); 1355 X509CertSelector selector = new X509CertSelector(); 1356 1357 selector.setSubject((X500Principal) null); 1358 assertTrue("Any certificates should match " 1359 + "in the case of null subjcet criteria.", 1360 selector.match(cert1) && selector.match(cert2)); 1361 selector.setSubject(sub1); 1362 assertTrue("The certificate should match the selection criteria.", 1363 selector.match(cert1)); 1364 assertFalse("The certificate should not match the selection criteria.", 1365 selector.match(cert2)); 1366 selector.setSubject(sub2); 1367 assertTrue("The certificate should match the selection criteria.", 1368 selector.match(cert2)); 1369 } 1370 1371 /** 1372 * java.security.cert.X509CertSelector#setSubjectAlternativeNames(Collection<List<?>>) 1373 */ 1374 public void test_setSubjectAlternativeNamesLjava_util_Collection() throws Exception { 1375 1376 GeneralName san0 = new GeneralName(new OtherName(new ObjectIdentifier("1.2.3.4.5"), 1377 new byte[] { 1, 2, 0, 1 })); 1378 GeneralName san1 = new GeneralName(new RFC822Name("rfc (at) 822.Name")); 1379 GeneralName san2 = new GeneralName(new DNSName("dNSName")); 1380 1381 // http://b/27197633 (Missing replacement for ORAddress) 1382 // GeneralName san3 = new GeneralName(new X400Address((byte[])null)); 1383 GeneralName san4 = new GeneralName(new X500Name("O=Organization")); 1384 GeneralName san6 = new GeneralName(new URIName("http://uniform.Resource.Id")); 1385 GeneralName san7 = new GeneralName(new IPAddressName("1.1.1.1")); 1386 GeneralName san8 = new GeneralName(new OIDName("1.2.3.4444.55555")); 1387 1388 GeneralNames sans1 = new GeneralNames(); 1389 sans1.add(san0); 1390 sans1.add(san1); 1391 sans1.add(san2); 1392 1393 // http://b/27197633 (Missing replacement for ORAddress) 1394 // sans1.add(san3); 1395 sans1.add(san4); 1396 sans1.add(san6); 1397 sans1.add(san7); 1398 sans1.add(san8); 1399 GeneralNames sans2 = new GeneralNames(); 1400 sans2.add(san0); 1401 1402 TestCert cert1 = new TestCert(sans1); 1403 TestCert cert2 = new TestCert(sans2); 1404 X509CertSelector selector = new X509CertSelector(); 1405 selector.setMatchAllSubjectAltNames(true); 1406 1407 selector.setSubjectAlternativeNames(null); 1408 assertTrue("Any certificate should match in the case of null " 1409 + "subjectAlternativeNames criteria.", 1410 selector.match(cert1) && selector.match(cert2)); 1411 1412 Collection<List<?>> sans; 1413 sans = getGeneralNamePairList(sans1); 1414 1415 selector.setSubjectAlternativeNames(sans); 1416 1417 selector.getSubjectAlternativeNames(); 1418 } 1419 1420 /** 1421 * java.security.cert.X509CertSelector#setSubjectKeyIdentifier(byte[]) 1422 */ 1423 public void test_setSubjectKeyIdentifierLB$() throws Exception { 1424 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value 1425 byte[] skid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value 1426 TestCert cert1 = new TestCert(skid1); 1427 TestCert cert2 = new TestCert(skid2); 1428 X509CertSelector selector = new X509CertSelector(); 1429 1430 selector.setSubjectKeyIdentifier(null); 1431 assertTrue("Any certificate should match in the case of null " 1432 + "serialNumber criteria.", 1433 selector.match(cert1) && selector.match(cert2)); 1434 selector.setSubjectKeyIdentifier(skid1); 1435 assertTrue("The certificate should match the selection criteria.", 1436 selector.match(cert1)); 1437 assertFalse("The certificate should not match the selection criteria.", 1438 selector.match(cert2)); 1439 selector.setSubjectKeyIdentifier(skid2); 1440 skid2[0]++; 1441 assertTrue("The certificate should match the selection criteria.", 1442 selector.match(cert2)); 1443 } 1444 1445 /** 1446 * java.security.cert.X509CertSelector#setSubjectPublicKey(byte[]) 1447 */ 1448 public void test_setSubjectPublicKeyLB$() throws Exception { 1449 1450 //SubjectPublicKeyInfo ::= SEQUENCE { 1451 // algorithm AlgorithmIdentifier, 1452 // subjectPublicKey BIT STRING } 1453 byte[] enc = { 0x30, 0x0E, // SEQUENCE 1454 0x30, 0x07, // SEQUENCE 1455 0x06, 0x02, 0x03, 0x05,//OID 1456 0x01, 0x01, 0x07, //ANY 1457 0x03, 0x03, 0x01, 0x01, 0x06, // subjectPublicKey 1458 }; 1459 1460 X509CertSelector selector = new X509CertSelector(); 1461 1462 selector.setSubjectPublicKey(enc); 1463 PublicKey key = selector.getSubjectPublicKey(); 1464 assertEquals("0.3.5", key.getAlgorithm()); 1465 assertEquals("X.509", key.getFormat()); 1466 assertTrue(Arrays.equals(enc, key.getEncoded())); 1467 assertNotNull(key.toString()); 1468 } 1469 1470 /** 1471 * java.security.cert.X509CertSelector#setSubjectPublicKey(java.security.PublicKey key) 1472 */ 1473 public void test_setSubjectPublicKeyLjava_security_PublicKey() 1474 throws Exception { 1475 PublicKey pkey1 = new TestKeyPair("RSA").getPublic(); 1476 PublicKey pkey2 = new TestKeyPair("DSA").getPublic(); 1477 1478 TestCert cert1 = new TestCert(pkey1); 1479 TestCert cert2 = new TestCert(pkey2); 1480 X509CertSelector selector = new X509CertSelector(); 1481 1482 selector.setSubjectPublicKey((PublicKey) null); 1483 assertTrue("Any certificate should match in the case of null " 1484 + "subjectPublicKey criteria.", 1485 selector.match(cert1) && selector.match(cert2)); 1486 selector.setSubjectPublicKey(pkey1); 1487 assertTrue("The certificate should match the selection criteria.", 1488 selector.match(cert1)); 1489 assertFalse("The certificate should not match the selection criteria.", 1490 selector.match(cert2)); 1491 selector.setSubjectPublicKey(pkey2); 1492 assertTrue("The certificate should match the selection criteria.", 1493 selector.match(cert2)); 1494 } 1495 1496 /** 1497 * java.security.cert.X509CertSelector#setSubjectPublicKeyAlgID(java.lang.String) 1498 */ 1499 public void test_setSubjectPublicKeyAlgIDLjava_lang_String() throws Exception { 1500 1501 X509CertSelector selector = new X509CertSelector(); 1502 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA (source: 1503 // http://asn1.elibel.tm.fr) 1504 String pkaid2 = "1.2.840.10040.4.1"; // DSA (source: 1505 // http://asn1.elibel.tm.fr) 1506 PublicKey pkey1 = new TestKeyPair("RSA").getPublic();; 1507 PublicKey pkey2 = new TestKeyPair("DSA").getPublic();; 1508 1509 TestCert cert1 = new TestCert(pkey1); 1510 TestCert cert2 = new TestCert(pkey2); 1511 1512 selector.setSubjectPublicKeyAlgID(null); 1513 assertTrue("Any certificate should match in the case of null " 1514 + "subjectPublicKeyAlgID criteria.", 1515 selector.match(cert1) && selector.match(cert2)); 1516 1517 String[] validOIDs = { 1518 "0.0.20", 1519 "1.25.0", 1520 "2.0.39", 1521 "0.2.10", 1522 "1.35.15", 1523 "2.17.89", 1524 "2.5.29.16", 1525 "2.5.29.17", 1526 "2.5.29.30", 1527 "2.5.29.32", 1528 "2.5.29.37" 1529 }; 1530 1531 for (int i = 0; i < validOIDs.length; i++) { 1532 selector.setSubjectPublicKeyAlgID(validOIDs[i]); 1533 assertEquals(validOIDs[i], selector.getSubjectPublicKeyAlgID()); 1534 } 1535 1536 String[] invalidOIDs = { "3.20", "1.40", "3.10" }; 1537 for (int i = 0; i < invalidOIDs.length; i++) { 1538 try { 1539 selector.setSubjectPublicKeyAlgID(invalidOIDs[i]); 1540 fail("IOException wasn't thrown for " + invalidOIDs[i]); 1541 } catch (IOException expected) { 1542 } 1543 } 1544 1545 selector.setSubjectPublicKeyAlgID(pkaid1); 1546 assertTrue("The certificate should match the selection criteria.", 1547 selector.match(cert1)); 1548 assertFalse("The certificate should not match the selection criteria.", 1549 selector.match(cert2)); 1550 selector.setSubjectPublicKeyAlgID(pkaid2); 1551 assertTrue("The certificate should match the selection criteria.", 1552 selector.match(cert2)); 1553 } 1554 1555 /** 1556 * java.security.cert.X509CertSelector#toString() 1557 */ 1558 public void test_toString() { 1559 X509CertSelector selector = new X509CertSelector(); 1560 assertNotNull(selector.toString()); 1561 } 1562 1563 public class MyPublicKey implements PublicKey { 1564 private static final long serialVersionUID = 2899528375354645752L; 1565 1566 public MyPublicKey() { 1567 super(); 1568 } 1569 1570 public String getAlgorithm() { 1571 return "PublicKey"; 1572 } 1573 1574 public String getFormat() { 1575 return "Format"; 1576 } 1577 1578 public byte[] getEncoded() { 1579 return new byte[0]; 1580 } 1581 1582 public long getSerVerUID() { 1583 return serialVersionUID; 1584 } 1585 } 1586 1587 private class TestCert extends X509Certificate { 1588 1589 private static final long serialVersionUID = 176676115254260405L; 1590 1591 /* Stuff fields */ 1592 protected String equalCriteria = null; // to simplify method equals() 1593 1594 protected BigInteger serialNumber = null; 1595 1596 protected X500Principal issuer = null; 1597 1598 protected X500Principal subject = null; 1599 1600 protected byte[] keyIdentifier = null; 1601 1602 protected Date date = null; 1603 1604 protected Date notBefore = null; 1605 1606 protected Date notAfter = null; 1607 1608 protected PublicKey key = null; 1609 1610 protected boolean[] keyUsage = null; 1611 1612 protected List<String> extKeyUsage = null; 1613 1614 protected int pathLen = 1; 1615 1616 protected GeneralNames sans = null; 1617 1618 protected byte[] encoding = null; 1619 1620 protected String[] policies = null; 1621 1622 protected Collection<List<?>> collection = null; 1623 1624 /* Stuff methods */ 1625 public TestCert() { 1626 } 1627 1628 public TestCert(GeneralNames sans) { 1629 setSubjectAlternativeNames(sans); 1630 } 1631 1632 public TestCert(Collection<List<?>> collection) { 1633 setCollection(collection); 1634 } 1635 1636 public TestCert(String equalCriteria) { 1637 setEqualCriteria(equalCriteria); 1638 } 1639 1640 public TestCert(String[] policies) { 1641 setPolicies(policies); 1642 } 1643 1644 public TestCert(BigInteger serial) { 1645 setSerialNumber(serial); 1646 } 1647 1648 public TestCert(X500Principal principal) { 1649 setIssuer(principal); 1650 setSubject(principal); 1651 } 1652 1653 public TestCert(byte[] array) { 1654 setKeyIdentifier(array); 1655 } 1656 1657 public TestCert(Date date) { 1658 setDate(date); 1659 } 1660 1661 public TestCert(Date notBefore, Date notAfter) { 1662 setPeriod(notBefore, notAfter); 1663 } 1664 1665 public TestCert(PublicKey key) { 1666 setPublicKey(key); 1667 } 1668 1669 public TestCert(boolean[] keyUsage) { 1670 setKeyUsage(keyUsage); 1671 } 1672 1673 public TestCert(Set<String> extKeyUsage) { 1674 setExtendedKeyUsage(extKeyUsage); 1675 } 1676 1677 public TestCert(int pathLen) { 1678 this.pathLen = pathLen; 1679 } 1680 1681 public void setSubjectAlternativeNames(GeneralNames sans) { 1682 this.sans = sans; 1683 } 1684 1685 public void setCollection(Collection<List<?>> collection) { 1686 this.collection = collection; 1687 } 1688 1689 public void setPolicies(String[] policies) { 1690 this.policies = policies; 1691 } 1692 1693 public void setExtendedKeyUsage(Set<String> extKeyUsage) { 1694 this.extKeyUsage = (extKeyUsage == null) ? null : new ArrayList<String>(extKeyUsage); 1695 } 1696 1697 public void setKeyUsage(boolean[] keyUsage) { 1698 this.keyUsage = (keyUsage == null) ? null : (boolean[]) keyUsage.clone(); 1699 } 1700 1701 public void setPublicKey(PublicKey key) { 1702 this.key = key; 1703 } 1704 1705 public void setPeriod(Date notBefore, Date notAfter) { 1706 this.notBefore = notBefore; 1707 this.notAfter = notAfter; 1708 } 1709 1710 public void setSerialNumber(BigInteger serial) { 1711 this.serialNumber = serial; 1712 } 1713 1714 public void setEqualCriteria(String equalCriteria) { 1715 this.equalCriteria = equalCriteria; 1716 } 1717 1718 public void setIssuer(X500Principal issuer) { 1719 this.issuer = issuer; 1720 } 1721 1722 public void setSubject(X500Principal subject) { 1723 this.subject = subject; 1724 } 1725 1726 public void setKeyIdentifier(byte[] subjectKeyID) { 1727 this.keyIdentifier = (byte[]) subjectKeyID.clone(); 1728 } 1729 1730 public void setDate(Date date) { 1731 this.date = new Date(date.getTime()); 1732 } 1733 1734 public void setEncoding(byte[] encoding) { 1735 this.encoding = encoding; 1736 } 1737 1738 /* Method implementations */ 1739 public boolean equals(Object cert) { 1740 if (cert == null) { 1741 return false; 1742 } 1743 if ((equalCriteria == null) 1744 || (((TestCert) cert).equalCriteria == null)) { 1745 return false; 1746 } else { 1747 return equalCriteria.equals(((TestCert) cert).equalCriteria); 1748 } 1749 } 1750 1751 public String toString() { 1752 if (equalCriteria != null) { 1753 return equalCriteria; 1754 } 1755 return ""; 1756 } 1757 1758 public void checkValidity() throws CertificateExpiredException, 1759 CertificateNotYetValidException { 1760 } 1761 1762 public void checkValidity(Date date) 1763 throws CertificateExpiredException, 1764 CertificateNotYetValidException { 1765 if (this.date == null) { 1766 throw new CertificateExpiredException(); 1767 } 1768 int result = this.date.compareTo(date); 1769 if (result > 0) { 1770 throw new CertificateExpiredException(); 1771 } 1772 if (result < 0) { 1773 throw new CertificateNotYetValidException(); 1774 } 1775 } 1776 1777 public int getVersion() { 1778 return 3; 1779 } 1780 1781 public BigInteger getSerialNumber() { 1782 return (serialNumber == null) ? new BigInteger("1111") 1783 : serialNumber; 1784 } 1785 1786 public Principal getIssuerDN() { 1787 return issuer; 1788 } 1789 1790 public X500Principal getIssuerX500Principal() { 1791 return issuer; 1792 } 1793 1794 public Principal getSubjectDN() { 1795 return subject; 1796 } 1797 1798 public X500Principal getSubjectX500Principal() { 1799 return subject; 1800 } 1801 1802 public Date getNotBefore() { 1803 return null; 1804 } 1805 1806 public Date getNotAfter() { 1807 return null; 1808 } 1809 1810 public byte[] getTBSCertificate() throws CertificateEncodingException { 1811 return null; 1812 } 1813 1814 public byte[] getSignature() { 1815 return null; 1816 } 1817 1818 public String getSigAlgName() { 1819 return null; 1820 } 1821 1822 public String getSigAlgOID() { 1823 return null; 1824 } 1825 1826 public byte[] getSigAlgParams() { 1827 return null; 1828 } 1829 1830 public boolean[] getIssuerUniqueID() { 1831 return null; 1832 } 1833 1834 public boolean[] getSubjectUniqueID() { 1835 return null; 1836 } 1837 1838 public boolean[] getKeyUsage() { 1839 return keyUsage; 1840 } 1841 1842 public List<String> getExtendedKeyUsage() 1843 throws CertificateParsingException { 1844 return extKeyUsage; 1845 } 1846 1847 public int getBasicConstraints() { 1848 return pathLen; 1849 } 1850 1851 public void verify(PublicKey key) throws CertificateException, 1852 NoSuchAlgorithmException, InvalidKeyException, 1853 NoSuchProviderException, SignatureException { 1854 } 1855 1856 public void verify(PublicKey key, String sigProvider) 1857 throws CertificateException, NoSuchAlgorithmException, 1858 InvalidKeyException, NoSuchProviderException, 1859 SignatureException { 1860 } 1861 1862 public PublicKey getPublicKey() { 1863 return key; 1864 } 1865 1866 public byte[] getEncoded() throws CertificateEncodingException { 1867 return encoding; 1868 } 1869 1870 public Set<String> getNonCriticalExtensionOIDs() { 1871 return null; 1872 } 1873 1874 public Set<String> getCriticalExtensionOIDs() { 1875 return null; 1876 } 1877 1878 public byte[] getExtensionValue (String oid) { 1879 if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) { 1880 try { 1881 DerOutputStream out = new DerOutputStream(); 1882 out.putOctetString(keyIdentifier); 1883 return out.toByteArray(); 1884 } catch (IOException e) { 1885 throw new IllegalStateException("Unexpected IOException" , e); 1886 } 1887 } 1888 if ("2.5.29.16".equals(oid)) { 1889 try { 1890 DerOutputStream outputStream = new DerOutputStream(); 1891 outputStream.putOctetString(new PrivateKeyUsageExtension(notBefore, notAfter).getExtensionValue()); 1892 return outputStream.toByteArray(); 1893 } catch (IOException e) { 1894 throw new IllegalStateException("Unexpected IOException", e); 1895 } 1896 } 1897 if ("2.5.29.17".equals(oid) && (sans != null)) { 1898 if (sans.names() == null) { 1899 return null; 1900 } 1901 try { 1902 DerOutputStream outputStream = new DerOutputStream(); 1903 outputStream.putOctetString(new SubjectAlternativeNameExtension(sans).getExtensionValue()); 1904 return outputStream.toByteArray(); 1905 } catch (IOException e) { 1906 throw new IllegalStateException("Unexpected IOException", e); 1907 } 1908 } 1909 if ("2.5.29.32".equals(oid) && (policies != null) 1910 && (policies.length > 0)) { 1911 try { 1912 List<PolicyInformation> policyInformations = new ArrayList(); 1913 1914 for (String p : policies) { 1915 policyInformations.add(new PolicyInformation(new CertificatePolicyId(new ObjectIdentifier(p)), Collections.EMPTY_SET)); 1916 } 1917 DerOutputStream outputStream = new DerOutputStream(); 1918 outputStream.putOctetString(new CertificatePoliciesExtension(policyInformations).getExtensionValue()); 1919 return outputStream.toByteArray(); 1920 } catch (IOException e) { 1921 throw new IllegalStateException("Unexpected IOException", e); 1922 } 1923 } 1924 1925 if ("2.5.29.30".equals(oid)) { 1926 throw new IllegalStateException("2.5.29.30"); 1927 } 1928 1929 if ("2.5.29.19".equals(oid)) { 1930 throw new IllegalStateException("2.5.29.30"); 1931 } 1932 1933 if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) { 1934 throw new IllegalStateException("2.5.29.37"); 1935 } 1936 return null; 1937 } 1938 1939 public boolean hasUnsupportedCriticalExtension() { 1940 return false; 1941 } 1942 1943 } 1944 1945 public X509Certificate rootCertificate; 1946 1947 public X509Certificate endCertificate; 1948 1949 public MyCRL crl; 1950 1951 private X509CertSelector theCertSelector; 1952 1953 private CertPathBuilder builder; 1954 1955 private void setupEnvironment() throws Exception { 1956 // create certificates and CRLs 1957 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 1958 ByteArrayInputStream bi = new ByteArrayInputStream(TestUtils.rootCert.getBytes()); 1959 rootCertificate = (X509Certificate) cf.generateCertificate(bi); 1960 bi = new ByteArrayInputStream(TestUtils.endCert.getBytes()); 1961 endCertificate = (X509Certificate) cf.generateCertificate(bi); 1962 1963 BigInteger revokedSerialNumber = BigInteger.valueOf(1); 1964 crl = new MyCRL("X.509"); 1965 // X509CRL rootCRL = X509CRL; 1966 // X509CRL interCRL = X509CRLExample.createCRL(interCert, 1967 // interPair.getPrivate(), 1968 // revokedSerialNumber); 1969 1970 // create CertStore to support path building 1971 List<Object> list = new ArrayList<Object>(); 1972 1973 list.add(rootCertificate); 1974 list.add(endCertificate); 1975 1976 // CollectionCertStoreParameters params = new CollectionCertStoreParameters(list); 1977 // CertStore store = CertStore.getInstance("Collection", params); 1978 // 1979 theCertSelector = new X509CertSelector(); 1980 theCertSelector.setCertificate(endCertificate); 1981 theCertSelector.setIssuer(endCertificate.getIssuerX500Principal().getEncoded()); 1982 1983 // build the path 1984 builder = CertPathBuilder.getInstance("PKIX"); 1985 1986 } 1987 1988 private CertPath buildCertPath() throws InvalidAlgorithmParameterException { 1989 PKIXCertPathBuilderResult result = null; 1990 PKIXBuilderParameters buildParams = new PKIXBuilderParameters( 1991 Collections.singleton(new TrustAnchor(rootCertificate, null)), 1992 theCertSelector); 1993 try { 1994 result = (PKIXCertPathBuilderResult) builder.build(buildParams); 1995 } catch(CertPathBuilderException e) { 1996 return null; 1997 } 1998 return result.getCertPath(); 1999 } 2000 2001 /** 2002 * java.security.cert.X509CertSelector#addPathToName(int, byte[]) 2003 */ 2004 public void test_addPathToNameLintLbyte_array2() throws Exception { 2005 TestUtils.initCertPathSSCertChain(); 2006 setupEnvironment(); 2007 byte[] bytes, bytesName; 2008 // GeneralName name = new GeneralName(1, "822.Name"); 2009 // bytes = name.getEncoded(); 2010 // bytesName = name.getEncodedName(); 2011 bytes = new byte[] {-127, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2012 bytesName = new byte[] {22, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2013 bytes[bytes.length-3] = (byte) 200; 2014 2015 try { 2016 theCertSelector.addPathToName(1, bytes); 2017 } catch (IOException e) { 2018 // ok 2019 } 2020 2021 theCertSelector.setPathToNames(null); 2022 2023 theCertSelector.addPathToName(1, bytesName); 2024 assertNotNull(theCertSelector.getPathToNames()); 2025 CertPath p = buildCertPath(); 2026 assertNull(p); 2027 2028 theCertSelector.setPathToNames(null); 2029 2030 // name = new GeneralName(new Name("O=Android")); 2031 // theCertSelector.addPathToName(4, endCertificate.getSubjectDN().getName()); 2032 theCertSelector.addPathToName(4, TestUtils.rootCertificateSS.getIssuerX500Principal().getEncoded()); 2033 assertNotNull(theCertSelector.getPathToNames()); 2034 p = TestUtils.buildCertPathSSCertChain(); 2035 assertNotNull(p); 2036 } 2037 2038 /** 2039 * java.security.cert.X509CertSelector#addPathToName(int, String) 2040 */ 2041 public void test_addPathToNameLintLjava_lang_String2() throws Exception { 2042 setupEnvironment(); 2043 byte[] bytes, bytesName; 2044 // GeneralName name = new GeneralName(1, "822.Name"); 2045 // bytes = name.getEncoded(); 2046 // bytesName = name.getEncodedName(); 2047 bytes = new byte[] {-127, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2048 bytesName = new byte[] {22, 8, 56, 50, 50, 46, 78, 97, 109, 101}; 2049 assertNotNull(bytes); 2050 byte[] b = new byte[bytes.length]; 2051 b = bytes; 2052 b[bytes.length-3] = (byte) 200; 2053 2054 try { 2055 theCertSelector.addPathToName(1, new String(b)); 2056 } catch (IOException e) { 2057 // ok 2058 } 2059 2060 theCertSelector.setPathToNames(null); 2061 2062 theCertSelector.addPathToName(1, new String(bytesName)); 2063 assertNotNull(theCertSelector.getPathToNames()); 2064 2065 CertPath p = buildCertPath(); 2066 assertNull(p); 2067 2068 theCertSelector.setPathToNames(null); 2069 theCertSelector.addPathToName(1, rootCertificate.getIssuerX500Principal().getName()); 2070 assertNotNull(theCertSelector.getPathToNames()); 2071 //p = buildCertPath(); 2072 //assertNotNull(p); 2073 } 2074 2075 /** 2076 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[]) 2077 */ 2078 public void test_addSubjectAlternativeNameLintLbyte_array2() 2079 throws Exception { 2080 2081 2082 GeneralName san0 = new GeneralName(new OtherName(new ObjectIdentifier("1.2.3.4.5"), 2083 new byte[] {1, 2, 0, 1})); 2084 GeneralName san1 = new GeneralName(new RFC822Name("rfc (at) 822.Name")); 2085 GeneralName san2 = new GeneralName(new DNSName("dNSName")); 2086 2087 GeneralNames sans1 = new GeneralNames(); 2088 sans1.add(san0); 2089 sans1.add(san1); 2090 sans1.add(san2); 2091 2092 X509CertSelector selector = new X509CertSelector(); 2093 2094 DerOutputStream out0 = new DerOutputStream(); 2095 san0.getName().encode(out0); 2096 selector.addSubjectAlternativeName(0, out0.toByteArray()); 2097 2098 DerOutputStream out1 = new DerOutputStream(); 2099 san1.getName().encode(out1); 2100 selector.addSubjectAlternativeName(1, out1.toByteArray()); 2101 2102 DerOutputStream out2 = new DerOutputStream(); 2103 san2.getName().encode(out2); 2104 selector.addSubjectAlternativeName(2, out2.toByteArray()); 2105 2106 GeneralNames sans2 = new GeneralNames(); 2107 sans2.add(san0); 2108 2109 TestCert cert1 = new TestCert(sans1); 2110 TestCert cert2 = new TestCert(sans2); 2111 2112 assertTrue(selector.match(cert1)); 2113 assertFalse(selector.match(cert2)); 2114 2115 selector.setSubjectAlternativeNames(null); 2116 2117 GeneralName name = new GeneralName(new X500Name("O=Android")); 2118 try (DerOutputStream outputStream = new DerOutputStream()){ 2119 name.encode(outputStream); 2120 selector.addSubjectAlternativeName(0, outputStream.toByteArray()); 2121 } catch (IOException e) { 2122 // ok 2123 } 2124 } 2125 2126 /** 2127 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String) 2128 */ 2129 public void test_addSubjectAlternativeNameLintLjava_lang_String2() throws Exception{ 2130 GeneralName san6 = new GeneralName(new URIName("http://uniform.Resource.Id")); 2131 GeneralName san2 = new GeneralName(new DNSName("dNSName")); 2132 2133 GeneralNames sans1 = new GeneralNames(); 2134 sans1.add(san6); 2135 sans1.add(san2); 2136 2137 X509CertSelector selector = new X509CertSelector(); 2138 2139 selector.addSubjectAlternativeName(6, "http://uniform.Resource.Id"); 2140 selector.addSubjectAlternativeName(2, "dNSName"); 2141 2142 GeneralNames sans2 = new GeneralNames(); 2143 sans2.add(san2); 2144 2145 TestCert cert1 = new TestCert(sans1); 2146 TestCert cert2 = new TestCert(sans2); 2147 2148 assertTrue(selector.match(cert1)); 2149 assertFalse(selector.match(cert2)); 2150 2151 selector.setSubjectAlternativeNames(null); 2152 2153 GeneralName name = new GeneralName(new X500Name("O=Android")); 2154 try { 2155 selector.addSubjectAlternativeName(0, (name.toString())); 2156 } catch (IOException e) { 2157 // ok 2158 } 2159 } 2160 2161 Collection<List<?>> getGeneralNamePairList(GeneralNames generalNames) 2162 throws IOException { 2163 Collection<List<?>> sans = new ArrayList<>(); 2164 for (GeneralName gn : generalNames.names()) { 2165 ArrayList<Object> gnList = new ArrayList<>(); 2166 gnList.add(gn.getType()); 2167 switch (gn.getType()) { 2168 case GeneralNameInterface.NAME_ANY: 2169 try (DerOutputStream outputStream = new DerOutputStream()) { 2170 gn.getName().encode(outputStream); 2171 gnList.add(outputStream.toByteArray()); 2172 } 2173 break; 2174 2175 case GeneralNameInterface.NAME_RFC822: 2176 gnList.add(((RFC822Name) gn.getName()).getName()); 2177 break; 2178 2179 case GeneralNameInterface.NAME_DNS: 2180 gnList.add(((DNSName) gn.getName()).getName()); 2181 break; 2182 2183 case GeneralNameInterface.NAME_X400: 2184 try (DerOutputStream outputStream = new DerOutputStream()) { 2185 gn.getName().encode(outputStream); 2186 gnList.add(outputStream.toByteArray()); 2187 } 2188 break; 2189 2190 case GeneralNameInterface.NAME_URI: 2191 gnList.add(((URIName) gn.getName()).getName()); 2192 break; 2193 2194 case GeneralNameInterface.NAME_IP: 2195 gnList.add(((IPAddressName) gn.getName()).getName()); 2196 break; 2197 2198 case GeneralNameInterface.NAME_OID: 2199 gnList.add(((OIDName) gn.getName()).getOID().toString()); 2200 break; 2201 2202 case GeneralNameInterface.NAME_DIRECTORY: 2203 gnList.add(((X500Name) gn.getName()).getName()); 2204 break; 2205 2206 case GeneralNameInterface.NAME_EDI: 2207 gnList.add(((EDIPartyName) gn.getName()).getPartyName()); 2208 break; 2209 2210 default: 2211 throw new IOException("Unrecognized GeneralName tag, (" 2212 + gn.getType() + ")"); 2213 } 2214 sans.add(gnList); 2215 } 2216 return sans; 2217 } 2218 } 2219